Win7: PUP.Optional.Conduit.A und mehr gefunden
Hallo!
Malwarebytes hat hier auf dem Laptop mehrere Schädlinge gefunden.
Folgende Scans habe ich schon gemacht: Code:
Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org
Datenbank Version: v2014.01.26.05
Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 11.0.9600.16476
MB :: ASUS [Administrator]
26.01.2014 21:37:27
MBAM-log-2014-01-26 (21-44-08).txt
Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 239703
Laufzeit: 6 Minute(n), 18 Sekunde(n)
Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)
Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)
Infizierte Registrierungsschlüssel: 2
HKCR\AppID\{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3} (PUP.Optional.Delta.A) -> Keine Aktion durchgeführt.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{FF103732-4528-4322-AA8B-F7849AB7776B} (PUP.Optional.BestToolbars) -> Keine Aktion durchgeführt.
Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)
Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)
Infizierte Verzeichnisse: 12
C:\Users\MB\AppData\Roaming\7go (PUP.Optional.7Go.A) -> Keine Aktion durchgeführt.
C:\Users\MB\AppData\Roaming\File Scout (PUP.Optional.FileScout.A) -> Keine Aktion durchgeführt.
C:\Users\MB\AppData\Local\Temp\mt_ffx\Delta (PUP.Optional.Delta.A) -> Keine Aktion durchgeführt.
C:\Users\MB\AppData\Local\Temp\mt_ffx\Delta\delta (PUP.Optional.Delta.A) -> Keine Aktion durchgeführt.
C:\Users\MB\AppData\Local\Temp\mt_ffx\Delta\delta\1.8.10.0 (PUP.Optional.Delta.A) -> Keine Aktion durchgeführt.
C:\Users\MB\AppData\Local\Temp\ct2319825 (PUP.Optional.Conduit.A) -> Keine Aktion durchgeführt.
C:\Users\MB\AppData\Local\Temp\ct2319825\chrome (PUP.Optional.Conduit.A) -> Keine Aktion durchgeführt.
C:\Users\MB\AppData\Local\Temp\ct2319825\components (PUP.Optional.Conduit.A) -> Keine Aktion durchgeführt.
C:\Users\MB\AppData\Local\Temp\ct2319825\defaults (PUP.Optional.Conduit.A) -> Keine Aktion durchgeführt.
C:\Users\MB\AppData\Local\Temp\ct2319825\META-INF (PUP.Optional.Conduit.A) -> Keine Aktion durchgeführt.
C:\Users\MB\AppData\Local\Temp\ct2319825\modules (PUP.Optional.Conduit.A) -> Keine Aktion durchgeführt.
C:\Users\MB\AppData\Local\Temp\ct2319825\searchplugin (PUP.Optional.Conduit.A) -> Keine Aktion durchgeführt.
Infizierte Dateien: 55
C:\Users\MB\AppData\Roaming\BabSolution\Shared\BUSolution.dll (PUP.Optional.BabSolution.A) -> Keine Aktion durchgeführt.
C:\Users\MB\AppData\Local\Temp\B361D739-BAB0-7891-B1A1-2E77356CCFCE\Latest\CrxInstaller.dll (PUP.Optional.Babylon.A) -> Keine Aktion durchgeführt.
C:\Users\MB\AppData\Local\Temp\B361D739-BAB0-7891-B1A1-2E77356CCFCE\Latest\MyBabylonTB.exe (PUP.Optional.Delta) -> Keine Aktion durchgeführt.
C:\Users\MB\AppData\Local\Temp\B361D739-BAB0-7891-B1A1-2E77356CCFCE\Latest\Setup.exe (PUP.Optional.Babylon.A) -> Keine Aktion durchgeführt.
C:\Users\MB\AppData\Local\Temp\busA073\BUSolution.dll (PUP.Optional.BabSolution.A) -> Keine Aktion durchgeführt.
C:\Users\MB\AppData\Local\Temp\ibtmpf990472\component_652 (PUP.Optional.BrowserDefender.A) -> Keine Aktion durchgeführt.
C:\Users\MB\AppData\Local\Temp\nslAC85.tmp\DeltaTB_2501-c733154b.exe (PUP.Optional.Delta.A) -> Keine Aktion durchgeführt.
C:\Users\MB\Downloads\FreeCDRipperSetup-r0-n-bf.exe (PUP.Optional.Koyote.A) -> Keine Aktion durchgeführt.
C:\Users\MB\Downloads\TECSUN PL-600 user guide provided through mypdfmanuals.com.exe (PUP.Optional.LiveSoftAction.A) -> Keine Aktion durchgeführt.
C:\Users\MB\AppData\Roaming\7go\7go.crx (PUP.Optional.7Go.A) -> Keine Aktion durchgeführt.
C:\Users\MB\AppData\Roaming\7go\icon.ico (PUP.Optional.7Go.A) -> Keine Aktion durchgeführt.
C:\Users\MB\AppData\Roaming\File Scout\uninst.exe (PUP.Optional.FileScout.A) -> Keine Aktion durchgeführt.
C:\Users\MB\AppData\Local\Temp\ct2319825\chrome.manifest (PUP.Optional.Conduit.A) -> Keine Aktion durchgeführt.
C:\Users\MB\AppData\Local\Temp\ct2319825\install.rdf (PUP.Optional.Conduit.A) -> Keine Aktion durchgeführt.
C:\Users\MB\AppData\Local\Temp\ct2319825\version.txt (PUP.Optional.Conduit.A) -> Keine Aktion durchgeführt.
C:\Users\MB\AppData\Local\Temp\ct2319825\chrome\winload.jar (PUP.Optional.Conduit.A) -> Keine Aktion durchgeführt.
C:\Users\MB\AppData\Local\Temp\ct2319825\components\ConduitAutoCompleteSearch.js (PUP.Optional.Conduit.A) -> Keine Aktion durchgeführt.
C:\Users\MB\AppData\Local\Temp\ct2319825\components\ConduitAutoCompleteSearch.xpt (PUP.Optional.Conduit.A) -> Keine Aktion durchgeführt.
C:\Users\MB\AppData\Local\Temp\ct2319825\components\RadioWMPCore.xpt (PUP.Optional.Conduit.A) -> Keine Aktion durchgeführt.
C:\Users\MB\AppData\Local\Temp\ct2319825\components\RadioWMPCoreGecko19.dll (PUP.Optional.Conduit.A) -> Keine Aktion durchgeführt.
C:\Users\MB\AppData\Local\Temp\ct2319825\components\RadioWMPCoreGecko5.dll (PUP.Optional.Conduit.A) -> Keine Aktion durchgeführt.
C:\Users\MB\AppData\Local\Temp\ct2319825\components\RadioWMPCoreGecko6.dll (PUP.Optional.Conduit.A) -> Keine Aktion durchgeführt.
C:\Users\MB\AppData\Local\Temp\ct2319825\components\RadioWMPCoreGecko7.dll (PUP.Optional.Conduit.A) -> Keine Aktion durchgeführt.
C:\Users\MB\AppData\Local\Temp\ct2319825\defaults\alertSettingsComponent.xml (PUP.Optional.Conduit.A) -> Keine Aktion durchgeführt.
C:\Users\MB\AppData\Local\Temp\ct2319825\defaults\appContextMenu.xml (PUP.Optional.Conduit.A) -> Keine Aktion durchgeführt.
C:\Users\MB\AppData\Local\Temp\ct2319825\defaults\fbAlert.js (PUP.Optional.Conduit.A) -> Keine Aktion durchgeführt.
C:\Users\MB\AppData\Local\Temp\ct2319825\defaults\getAppsContextMenu.xml (PUP.Optional.Conduit.A) -> Keine Aktion durchgeführt.
C:\Users\MB\AppData\Local\Temp\ct2319825\defaults\postAppsContextMenu.xml (PUP.Optional.Conduit.A) -> Keine Aktion durchgeführt.
C:\Users\MB\AppData\Local\Temp\ct2319825\defaults\toolbarContextMenu.xml (PUP.Optional.Conduit.A) -> Keine Aktion durchgeführt.
C:\Users\MB\AppData\Local\Temp\ct2319825\defaults\unsharedAppsContextMenu.xml (PUP.Optional.Conduit.A) -> Keine Aktion durchgeführt.
C:\Users\MB\AppData\Local\Temp\ct2319825\META-INF\manifest.mf (PUP.Optional.Conduit.A) -> Keine Aktion durchgeführt.
C:\Users\MB\AppData\Local\Temp\ct2319825\META-INF\zigbert.rsa (PUP.Optional.Conduit.A) -> Keine Aktion durchgeführt.
C:\Users\MB\AppData\Local\Temp\ct2319825\META-INF\zigbert.sf (PUP.Optional.Conduit.A) -> Keine Aktion durchgeführt.
C:\Users\MB\AppData\Local\Temp\ct2319825\modules\Chat.jsm (PUP.Optional.Conduit.A) -> Keine Aktion durchgeführt.
C:\Users\MB\AppData\Local\Temp\ct2319825\modules\DataStructures.jsm (PUP.Optional.Conduit.A) -> Keine Aktion durchgeführt.
C:\Users\MB\AppData\Local\Temp\ct2319825\modules\EBEncryption.jsm (PUP.Optional.Conduit.A) -> Keine Aktion durchgeführt.
C:\Users\MB\AppData\Local\Temp\ct2319825\modules\ExternalLibraryLoader.jsm (PUP.Optional.Conduit.A) -> Keine Aktion durchgeführt.
C:\Users\MB\AppData\Local\Temp\ct2319825\modules\HTTP.jsm (PUP.Optional.Conduit.A) -> Keine Aktion durchgeführt.
C:\Users\MB\AppData\Local\Temp\ct2319825\modules\IO.jsm (PUP.Optional.Conduit.A) -> Keine Aktion durchgeführt.
C:\Users\MB\AppData\Local\Temp\ct2319825\modules\Log.jsm (PUP.Optional.Conduit.A) -> Keine Aktion durchgeführt.
C:\Users\MB\AppData\Local\Temp\ct2319825\modules\MainSingleton.jsm (PUP.Optional.Conduit.A) -> Keine Aktion durchgeführt.
C:\Users\MB\AppData\Local\Temp\ct2319825\modules\MD5.jsm (PUP.Optional.Conduit.A) -> Keine Aktion durchgeführt.
C:\Users\MB\AppData\Local\Temp\ct2319825\modules\Notifications.jsm (PUP.Optional.Conduit.A) -> Keine Aktion durchgeführt.
C:\Users\MB\AppData\Local\Temp\ct2319825\modules\ObserversAndEvents.jsm (PUP.Optional.Conduit.A) -> Keine Aktion durchgeführt.
C:\Users\MB\AppData\Local\Temp\ct2319825\modules\Prefs.jsm (PUP.Optional.Conduit.A) -> Keine Aktion durchgeführt.
C:\Users\MB\AppData\Local\Temp\ct2319825\modules\SearchProtector.jsm (PUP.Optional.Conduit.A) -> Keine Aktion durchgeführt.
C:\Users\MB\AppData\Local\Temp\ct2319825\modules\SearchSuggestIO.jsm (PUP.Optional.Conduit.A) -> Keine Aktion durchgeführt.
C:\Users\MB\AppData\Local\Temp\ct2319825\modules\String.jsm (PUP.Optional.Conduit.A) -> Keine Aktion durchgeführt.
C:\Users\MB\AppData\Local\Temp\ct2319825\modules\TEAEncryption.jsm (PUP.Optional.Conduit.A) -> Keine Aktion durchgeführt.
C:\Users\MB\AppData\Local\Temp\ct2319825\modules\Timer.jsm (PUP.Optional.Conduit.A) -> Keine Aktion durchgeführt.
C:\Users\MB\AppData\Local\Temp\ct2319825\modules\Twitter.jsm (PUP.Optional.Conduit.A) -> Keine Aktion durchgeführt.
C:\Users\MB\AppData\Local\Temp\ct2319825\modules\URL.jsm (PUP.Optional.Conduit.A) -> Keine Aktion durchgeführt.
C:\Users\MB\AppData\Local\Temp\ct2319825\modules\Windows.jsm (PUP.Optional.Conduit.A) -> Keine Aktion durchgeführt.
C:\Users\MB\AppData\Local\Temp\ct2319825\modules\XML.jsm (PUP.Optional.Conduit.A) -> Keine Aktion durchgeführt.
C:\Users\MB\AppData\Local\Temp\ct2319825\searchplugin\conduit.xml (PUP.Optional.Conduit.A) -> Keine Aktion durchgeführt.
(Ende)
Code:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 26-01-2014 02
Ran by MB (administrator) on ASUS on 26-01-2014 21:03:08
Running from C:\Users\MB\Desktop
Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 11
Boot Mode: Normal
The only official download link for FRST:
Download link for 32-Bit version: hxxp://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: hxxp://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(ASUSTeK Computer Inc.) C:\Windows\System32\FBAgent.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe
(ASUS) C:\Program Files (x86)\ASUS\SmartLogon\smartlogon.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
(Microsoft Corporation.) C:\Program Files (x86)\Microsoft\BingBar\7.3.124.0\BBSvc.EXE
(BlueStack Systems, Inc.) C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(ASUS) C:\Windows\AsScrPro.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
() C:\Program Files (x86)\ASUS\ASUS WebStorage\SERVICE\AsusWSService.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe
() C:\Program Files (x86)\OraStream\OraStreamPlayer\OraStreamService.exe
(Sonix Technology Co., Ltd.) C:\Windows\vsnp2uvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(syncables, LLC) C:\Program Files (x86)\syncables\syncables desktop\syncables.exe
() C:\Program Files (x86)\OraStream\OraStreamPlayer\OraStreamPlayer.exe
(Sun Microsystems, Inc.) C:\Program Files (x86)\syncables\syncables desktop\jre\bin\javaw.exe
() C:\Program Files (x86)\Canon\ImageBrowser EX\MFManager.exe
(McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.8.130\SSScheduler.exe
(Virage Logic Corporation / Sonic Focus) C:\Program Files (x86)\ASUS\Sonic Focus\SonicFocusTray.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe
() C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe
(BlueStack Systems, Inc.) C:\Program Files (x86)\BlueStacks\HD-Agent.exe
(ASUS) C:\Program Files (x86)\ASUS\Splendid\ACMON.exe
(ASUS) C:\Program Files\P4G\BatteryLife.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\ASUS Live Update\LiveUpdate.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe
(Trend Micro Inc.) C:\Program Files\Trend Micro\Titanium\TiMiniService.exe
() C:\Program Files (x86)\Tor\tor.exe
(Trend Micro Inc.) C:\Program Files\Trend Micro\Titanium\TiResumeSrv.exe
(Intel(R) Corporation) C:\Program Files\Intel\TurboBoost\TurboBoost.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version7\TeamViewer.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version7\tv_w32.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version7\tv_x64.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(ASUSTeK) C:\Windows\SysWOW64\ACEngSvr.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Microsoft Corporation.) C:\Program Files (x86)\Microsoft\BingBar\7.3.124.0\SeaPort.EXE
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [ASUS WebStorage] - C:\Program Files (x86)\ASUS\ASUS WebStorage\SERVICE\AsusWSService.exe [1754448 2010-03-16] ()
HKLM\...\Run: [VizorHtmlDialog.exe] - C:\Program Files\Trend Micro\Titanium\UIFramework\VizorHtmlDialog.exe [1123664 2010-10-08] (Trend Micro Inc.)
HKLM\...\Run: [Trend Micro Client Framework] - C:\Program Files\Trend Micro\UniClient\UiFrmWrk\UIWatchDog.exe [192520 2010-10-12] (Trend Micro Inc.)
HKLM\...\Run: [Trend Micro Titanium] - C:\Program Files\Trend Micro\Titanium\VizorShortCut.exe [322384 2010-09-17] (Trend Micro Inc.)
HKLM\...\Run: [RtHDVBg] - C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2188904 2011-01-18] (Realtek Semiconductor)
HKLM\...\Run: [ETDCtrl] - C:\Program Files\Elantech\ETDCtrl.exe [2587944 2010-12-13] (ELAN Microelectronics Corp.)
HKLM\...\Run: [snp2uvc] - C:\Windows\vsnp2uvc.exe [909824 2010-01-21] (Sonix Technology Co., Ltd.)
HKLM\...\Run: [IntelTBRunOnce] - C:\Program Files\Intel\TurboBoost\RunTBGadgetOnce.vbs [4156 2010-04-16] ()
HKLM\...\Run: [Setwallpaper] - c:\programdata\SetWallpaper.cmd
HKLM\...\Run: [MSC] - C:\Program Files\Microsoft Security Client\msseces.exe [1266912 2013-10-23] (Microsoft Corporation)
HKLM-x32\...\Run: [Nuance PDF Reader-reminder] - C:\Program Files (x86)\Nuance\PDF Reader\Ereg\Ereg.exe [328992 2008-11-03] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [SonicMasterTray] - C:\Program Files (x86)\ASUS\Sonic Focus\SonicFocusTray.exe [984400 2010-07-10] (Virage Logic Corporation / Sonic Focus)
HKLM-x32\...\Run: [ATKOSD2] - C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe [5732992 2010-08-17] (ASUS)
HKLM-x32\...\Run: [ATKMEDIA] - C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe [170624 2010-10-07] (ASUS)
HKLM-x32\...\Run: [HControlUser] - C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe [105016 2009-06-19] (ASUS)
HKLM-x32\...\Run: [Wireless Console 3] - C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe [1601536 2010-09-24] ()
HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [253816 2013-03-12] (Oracle Corporation)
HKLM-x32\...\Run: [BlueStacks Agent] - C:\Program Files (x86)\BlueStacks\HD-Agent.exe [606024 2013-09-19] (BlueStack Systems, Inc.)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKCU\...\Run: [Syncables] - C:\Program Files (x86)\syncables\syncables desktop\Syncables.exe [370480 2010-07-19] (syncables, LLC)
AppInit_DLLs: C:\Windows\system32\nvinitx.dll => C:\Windows\system32\nvinitx.dll [226920 2011-02-21] (NVIDIA Corporation)
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xB94519FBE5BCCE01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
URLSearchHook: HKLM-x32 - Winload Toolbar - {40c3cc16-7269-4b32-9531-17f2950fb06f} - C:\Program Files (x86)\Winload\prxtbWinl.dll (Conduit Ltd.)
URLSearchHook: HKLM-x32 - (No Name) - {32b29df0-2237-4370-9a29-37cebb730e9b} - No File
SearchScopes: HKLM-x32 - {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ASUT
SearchScopes: HKLM-x32 - {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2704262
SearchScopes: HKCU - DefaultScope {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL =
SearchScopes: HKCU - {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL =
BHO: TmIEPlugInBHO Class - {1CA1377B-DC1D-4A52-9585-6E06050FAC53} - C:\Program Files\Trend Micro\AMSP\Module\20004\1.5.1381\6.5.1234\TmIEPlg.dll (Trend Micro Inc.)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
BHO: TmBpIeBHO Class - {BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC} - C:\Program Files\Trend Micro\AMSP\Module\20002\6.5.1234\6.5.1234\TmBpIe64.dll (Trend Micro Inc.)
BHO: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\7.3.124.0\amd64\BingExt.dll (Microsoft Corporation.)
BHO-x32: MSS+ Identifier - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files\McAfee Security Scan\3.8.130\McAfeeMSS_IE.dll (McAfee, Inc.)
BHO-x32: TmIEPlugInBHO Class - {1CA1377B-DC1D-4A52-9585-6E06050FAC53} - C:\Program Files\Trend Micro\AMSP\Module\20004\1.5.1381\6.5.1234\TmIEPlg32.dll (Trend Micro Inc.)
BHO-x32: No Name - {30F9B915-B755-4826-820B-08FBA6BD249D} - No File
BHO-x32: No Name - {32b29df0-2237-4370-9a29-37cebb730e9b} - No File
BHO-x32: Winload Toolbar - {40c3cc16-7269-4b32-9531-17f2950fb06f} - C:\Program Files (x86)\Winload\prxtbWinl.dll (Conduit Ltd.)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll (Microsoft Corporation)
BHO-x32: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO-x32: TmBpIeBHO Class - {BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC} - C:\Program Files\Trend Micro\AMSP\Module\20002\6.5.1234\6.5.1234\TmBpIe32.dll (Trend Micro Inc.)
BHO-x32: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\7.3.124.0\BingExt.dll (Microsoft Corporation.)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKLM - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\7.3.124.0\amd64\BingExt.dll (Microsoft Corporation.)
Toolbar: HKLM-x32 - Winload Toolbar - {40c3cc16-7269-4b32-9531-17f2950fb06f} - C:\Program Files (x86)\Winload\prxtbWinl.dll (Conduit Ltd.)
Toolbar: HKLM-x32 - No Name - {30F9B915-B755-4826-820B-08FBA6BD249D} - No File
Toolbar: HKLM-x32 - No Name - {32b29df0-2237-4370-9a29-37cebb730e9b} - No File
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKLM-x32 - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\7.3.124.0\BingExt.dll (Microsoft Corporation.)
DPF: HKLM-x32 {E55FD215-A32E-43FE-A777-A7E8F165F560} hxxp://92.51.137.94/objects/NpFv522.dll
Handler: tmbp - {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - C:\Program Files\Trend Micro\AMSP\Module\20002\6.5.1234\6.5.1234\TmBpIe64.dll (Trend Micro Inc.)
Handler: tmpx - {0E526CB5-7446-41D1-A403-19BFE95E8C23} - C:\Program Files\Trend Micro\AMSP\Module\20004\1.5.1381\6.5.1234\TmIEPlg.dll (Trend Micro Inc.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Handler-x32: tmbp - {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - C:\Program Files\Trend Micro\AMSP\Module\20002\6.5.1234\6.5.1234\TmBpIe32.dll (Trend Micro Inc.)
Handler-x32: tmpx - {0E526CB5-7446-41D1-A403-19BFE95E8C23} - C:\Program Files\Trend Micro\AMSP\Module\20004\1.5.1381\6.5.1234\TmIEPlg32.dll (Trend Micro Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1
FireFox:
========
FF ProfilePath: C:\Users\MB\AppData\Roaming\Mozilla\Firefox\Profiles\5yam5xrn.default
FF user.js: detected! => C:\Users\MB\AppData\Roaming\Mozilla\Firefox\Profiles\5yam5xrn.default\user.js
FF NewTab: hxxp://www.google.com/firefox
FF SearchEngineOrder.1: Google
FF SelectedSearchEngine: Google
FF Homepage: hxxp://www.google.com/firefox
FF Keyword.URL: hxxp://www.google.com/search?ie=UTF-8&oe=utf-8&q=
FF NetworkProxy: "ftp", "95.172.68.150"
FF NetworkProxy: "ftp_port", 443
FF NetworkProxy: "http", "95.172.68.150"
FF NetworkProxy: "http_port", 443
FF NetworkProxy: "no_proxies_on", "localhost, 127.0.0.1, stealthy.co"
FF NetworkProxy: "share_proxy_settings", true
FF NetworkProxy: "socks", "95.172.68.150"
FF NetworkProxy: "socks_port", 443
FF NetworkProxy: "ssl", "95.172.68.150"
FF NetworkProxy: "ssl_port", 443
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_7_700_224.dll ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll ()
FF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 - C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF Plugin-x32: @java.com/DTPlugin,version=10.25.2 - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.25.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @mcafee.com/McAfeeMssPlugin - C:\Program Files\McAfee Security Scan\3.8.130\npMcAfeeMss.dll (McAfee, Inc.)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: ZEON/PDF,version=2.0 - C:\Program Files (x86)\Nuance\PDF Reader\bin\nppdf.dll (Zeon Corporation)
FF Plugin HKCU: @www.flatcast.com/FlatViewer 5.2 - C:\Users\MB\AppData\Roaming\Mozilla\Plugins\NpFv530.dll (1 mal 1 Software GmbH)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\NpFv530.dll (1 mal 1 Software GmbH)
FF Plugin ProgramFiles/Appdata: C:\Users\MB\AppData\Roaming\mozilla\plugins\NpFv530.dll (1 mal 1 Software GmbH)
FF SearchPlugin: C:\Users\MB\AppData\Roaming\Mozilla\Firefox\Profiles\5yam5xrn.default\searchplugins\askcom.xml
FF SearchPlugin: C:\Users\MB\AppData\Roaming\Mozilla\Firefox\Profiles\5yam5xrn.default\searchplugins\babylon.xml
FF SearchPlugin: C:\Users\MB\AppData\Roaming\Mozilla\Firefox\Profiles\5yam5xrn.default\searchplugins\BrowserProtect.xml
FF SearchPlugin: C:\Users\MB\AppData\Roaming\Mozilla\Firefox\Profiles\5yam5xrn.default\searchplugins\delta.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\babylon.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: Stealthy - C:\Users\MB\AppData\Roaming\Mozilla\Firefox\Profiles\5yam5xrn.default\Extensions\stealthyextension@gmail.com.xpi [2012-09-02]
FF Extension: ReloadEvery - C:\Users\MB\AppData\Roaming\Mozilla\Firefox\Profiles\5yam5xrn.default\Extensions\{888d99e7-e8b5-46a3-851e-1ec45da1e644}.xpi [2012-09-01]
FF Extension: Adblock Plus - C:\Users\MB\AppData\Roaming\Mozilla\Firefox\Profiles\5yam5xrn.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2011-12-24]
FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} [2013-12-21]
FF HKLM-x32\...\Firefox\Extensions: [{22C7F6C6-8D67-4534-92B5-529A0EC09405}] - C:\Program Files\Trend Micro\AMSP\Module\20004\1.5.1381\6.5.1234\firefoxextension\
FF Extension: Trend Micro NSC Firefox Extension - C:\Program Files\Trend Micro\AMSP\Module\20004\1.5.1381\6.5.1234\firefoxextension\ []
Chrome:
=======
CHR HomePage: hxxp://www.delta-search.com/?affID=119556&babsrc=HP_ss&mntrId=3E1F6A5D60BE83B7
CHR RestoreOnStartup: "hxxp://www.google.com/"
CHR Plugin: (Shockwave Flash) - C:\Users\MB\AppData\Local\Google\Chrome\Application\21.0.1180.89\PepperFlash\pepflashplayer.dll No File
CHR Plugin: (Shockwave Flash) - C:\Users\MB\AppData\Local\Google\Chrome\Application\28.0.1500.95\gcswf32.dll No File
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll No File
CHR Plugin: (Remoting Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Users\MB\AppData\Local\Google\Chrome\Application\28.0.1500.95\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Users\MB\AppData\Local\Google\Chrome\Application\28.0.1500.95\pdf.dll ()
CHR Plugin: (Java Deployment Toolkit 6.0.290.11) - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll No File
CHR Plugin: (Java(TM) Platform SE 6 U29) - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll No File
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
CHR Plugin: (Google Earth Plugin) - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll No File
CHR Plugin: (Silverlight Plug-In) - C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll No File
CHR Plugin: (Zeon Plus) - C:\Program Files (x86)\Nuance\PDF Reader\bin\nppdf.dll (Zeon Corporation)
CHR Plugin: (Windows Live™ Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (Flatcast Viewer Plugin 5.2.2.454) - C:\Windows\DOWNLO~1\NpFv522.dll (1 mal 1 Software GmbH)
CHR Extension: (Adblock Plus) - C:\Users\MB\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2012-09-02]
CHR Extension: (Space Station Finder) - C:\Users\MB\AppData\Local\Google\Chrome\User Data\Default\Extensions\dcalalddojoejbjlfjgenljkkmjfmije [2013-01-13]
CHR Extension: (Planetarium) - C:\Users\MB\AppData\Local\Google\Chrome\User Data\Default\Extensions\gheikhdfflhlbemfmhcfpeblehemeklp [2013-01-13]
CHR Extension: (QRCode Monkey) - C:\Users\MB\AppData\Local\Google\Chrome\User Data\Default\Extensions\gidoepdbdhacpopcmepkflghaalfapmk [2013-01-13]
CHR Extension: (Refresh for Twitter) - C:\Users\MB\AppData\Local\Google\Chrome\User Data\Default\Extensions\hdpiilkeoldobfomlhipnnfanmgfllmp [2012-09-08]
CHR Extension: (Google Maps) - C:\Users\MB\AppData\Local\Google\Chrome\User Data\Default\Extensions\lneaknkopdijkpnocmklfnjbeapigfbh [2013-01-17]
CHR HKCU\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
==================== Services (Whitelisted) =================
S2 BstHdAndroidSvc; C:\Program Files (x86)\BlueStacks\HD-Service.exe [393032 2013-09-19] (BlueStack Systems, Inc.)
R2 BstHdLogRotatorSvc; C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe [384840 2013-09-19] (BlueStack Systems, Inc.)
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.130\McCHSvc.exe [288776 2013-09-06] (McAfee, Inc.)
R2 MsMpSvc; C:\Program Files\Microsoft Security Client\MsMpEng.exe [23808 2013-10-23] (Microsoft Corporation)
R3 NisSrv; C:\Program Files\Microsoft Security Client\NisSrv.exe [348376 2013-10-23] (Microsoft Corporation)
R2 OraStream Service; C:\Program Files (x86)\OraStream\OraStreamPlayer\OraStreamService.exe [66048 2012-10-19] ()
S2 SkypeUpdate; D:\Program Files (x86)\Skype\Updater\Updater.exe [161384 2013-02-28] (Skype Technologies)
R2 TiMiniService; C:\Program Files\Trend Micro\Titanium\TiMiniService.exe [241488 2010-09-17] (Trend Micro Inc.)
R2 tor; C:\Program Files (x86)\Tor\tor.exe [3233806 2013-09-05] ()
S3 Amsp; "C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe" coreFrameworkHost.exe -m=rb -dt=60000 [x]
==================== Drivers (Whitelisted) ====================
R2 BstHdDrv; C:\Program Files (x86)\BlueStacks\HD-Hypervisor-amd64.sys [70984 2013-09-19] (BlueStack Systems)
R3 kbfiltr; C:\Windows\System32\DRIVERS\kbfiltr.sys [15416 2009-07-20] ( )
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [248240 2013-09-27] (Microsoft Corporation)
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [134944 2013-09-27] (Microsoft Corporation)
R3 SNP2UVC; C:\Windows\System32\DRIVERS\snp2uvc.sys [1800832 2010-09-07] (Sonix Technology Co., Ltd.)
R2 tmactmon; C:\Windows\System32\DRIVERS\tmactmon.sys [90704 2010-09-17] (Trend Micro Inc.)
R2 tmcomm; C:\Windows\System32\DRIVERS\tmcomm.sys [144464 2010-09-17] (Trend Micro Inc.)
R2 tmevtmgr; C:\Windows\System32\DRIVERS\tmevtmgr.sys [67664 2010-09-17] (Trend Micro Inc.)
R1 tmtdi; C:\Windows\System32\DRIVERS\tmtdi.sys [105552 2010-09-17] (Trend Micro Inc.)
R2 TurboB; C:\Windows\System32\DRIVERS\TurboB.sys [13832 2010-04-17] ()
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2014-01-26 21:03 - 2014-01-26 21:03 - 00022901 _____ C:\Users\MB\Desktop\FRST.txt
2014-01-26 21:02 - 2014-01-26 21:02 - 00000000 ____D C:\FRST
2014-01-26 21:01 - 2014-01-26 21:01 - 02078208 _____ (Farbar) C:\Users\MB\Desktop\FRST64.exe
2014-01-26 21:00 - 2014-01-26 21:00 - 00000466 _____ C:\Users\MB\Desktop\defogger_disable.log
2014-01-26 21:00 - 2014-01-26 21:00 - 00000000 _____ C:\Users\MB\defogger_reenable
2014-01-26 20:54 - 2014-01-26 20:54 - 00050477 _____ C:\Users\MB\Desktop\Defogger.exe
2014-01-19 22:04 - 2014-01-19 22:04 - 00001955 _____ C:\Users\Public\Desktop\CDBurnerXP.lnk
2014-01-19 22:04 - 2014-01-19 22:04 - 00000000 ____D C:\Users\MB\AppData\Roaming\Canneverbe Limited
2014-01-19 22:04 - 2014-01-19 22:04 - 00000000 ____D C:\ProgramData\Canneverbe Limited
2014-01-19 22:04 - 2014-01-19 22:04 - 00000000 ____D C:\Program Files (x86)\CDBurnerXP
2014-01-19 22:03 - 2014-01-19 22:03 - 04986624 _____ (Canneverbe Limited ) C:\Users\MB\Downloads\cdbxp_setup_4.5.2.4478_minimal.exe
2014-01-15 21:51 - 2013-11-27 02:41 - 00343040 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbhub.sys
2014-01-15 21:51 - 2013-11-27 02:41 - 00325120 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbport.sys
2014-01-15 21:51 - 2013-11-27 02:41 - 00099840 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbccgp.sys
2014-01-15 21:51 - 2013-11-27 02:41 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbehci.sys
2014-01-15 21:51 - 2013-11-27 02:41 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbuhci.sys
2014-01-15 21:51 - 2013-11-27 02:41 - 00025600 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbohci.sys
2014-01-15 21:51 - 2013-11-27 02:41 - 00007808 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbd.sys
2014-01-15 21:51 - 2013-11-26 12:40 - 00376768 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netio.sys
2014-01-15 21:51 - 2013-11-26 11:32 - 03156480 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-01-14 19:06 - 2014-01-14 19:06 - 00000981 _____ C:\Users\MB\Desktop\SurfMusik 3.1a.lnk
2014-01-14 19:06 - 2014-01-14 19:06 - 00000000 ____D C:\Program Files (x86)\SurfMusik 3.1
2014-01-14 19:06 - 2007-10-04 22:05 - 00006114 _____ C:\Windows\SysWOW64\SHELLLNK.TLB
2014-01-14 19:05 - 2014-01-14 19:06 - 01001160 _____ (Marcus Schmitt ) C:\Users\MB\Downloads\SurfMusikSetup.exe
2014-01-12 15:01 - 2014-01-12 15:01 - 00000000 ____D C:\Users\MB\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google+ Auto Backup
2014-01-11 16:15 - 2014-01-11 16:15 - 07071976 _____ C:\Users\MB\Downloads\distVideo.wmv
2014-01-06 20:23 - 2014-01-06 20:23 - 04558848 _____ (Google Inc.) C:\Windows\SysWOW64\GPhotos.scr
==================== One Month Modified Files and Folders =======
2014-01-26 21:03 - 2014-01-26 21:03 - 00022901 _____ C:\Users\MB\Desktop\FRST.txt
2014-01-26 21:02 - 2014-01-26 21:02 - 00000000 ____D C:\FRST
2014-01-26 21:01 - 2014-01-26 21:01 - 02078208 _____ (Farbar) C:\Users\MB\Desktop\FRST64.exe
2014-01-26 21:00 - 2014-01-26 21:00 - 00000466 _____ C:\Users\MB\Desktop\defogger_disable.log
2014-01-26 21:00 - 2014-01-26 21:00 - 00000000 _____ C:\Users\MB\defogger_reenable
2014-01-26 21:00 - 2011-08-18 20:19 - 00000000 ____D C:\Users\MB
2014-01-26 20:54 - 2014-01-26 20:54 - 00050477 _____ C:\Users\MB\Desktop\Defogger.exe
2014-01-26 20:50 - 2009-07-14 05:45 - 00009696 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-01-26 20:50 - 2009-07-14 05:45 - 00009696 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-01-26 20:47 - 2011-03-31 11:24 - 01844552 _____ C:\Windows\WindowsUpdate.log
2014-01-26 20:42 - 2009-07-14 06:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2014-01-26 20:41 - 2009-07-14 05:51 - 00100845 _____ C:\Windows\setupact.log
2014-01-21 14:11 - 2011-03-31 11:55 - 00045056 _____ C:\Windows\system32\acovcnt.exe
2014-01-19 22:04 - 2014-01-19 22:04 - 00001955 _____ C:\Users\Public\Desktop\CDBurnerXP.lnk
2014-01-19 22:04 - 2014-01-19 22:04 - 00000000 ____D C:\Users\MB\AppData\Roaming\Canneverbe Limited
2014-01-19 22:04 - 2014-01-19 22:04 - 00000000 ____D C:\ProgramData\Canneverbe Limited
2014-01-19 22:04 - 2014-01-19 22:04 - 00000000 ____D C:\Program Files (x86)\CDBurnerXP
2014-01-19 22:03 - 2014-01-19 22:03 - 04986624 _____ (Canneverbe Limited ) C:\Users\MB\Downloads\cdbxp_setup_4.5.2.4478_minimal.exe
2014-01-19 08:33 - 2012-05-13 12:51 - 00270496 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2014-01-17 09:32 - 2009-07-14 05:45 - 00276600 _____ C:\Windows\system32\FNTCACHE.DAT
2014-01-17 06:44 - 2013-08-01 07:54 - 00000000 ____D C:\Windows\system32\MRT
2014-01-17 06:40 - 2011-08-29 12:19 - 86054176 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-01-14 19:06 - 2014-01-14 19:06 - 00000981 _____ C:\Users\MB\Desktop\SurfMusik 3.1a.lnk
2014-01-14 19:06 - 2014-01-14 19:06 - 00000000 ____D C:\Program Files (x86)\SurfMusik 3.1
2014-01-14 19:06 - 2014-01-14 19:05 - 01001160 _____ (Marcus Schmitt ) C:\Users\MB\Downloads\SurfMusikSetup.exe
2014-01-14 09:39 - 2009-08-04 10:51 - 00666264 _____ C:\Windows\system32\perfh007.dat
2014-01-14 09:39 - 2009-08-04 10:51 - 00134186 _____ C:\Windows\system32\perfc007.dat
2014-01-14 09:39 - 2009-07-14 06:13 - 01531258 _____ C:\Windows\system32\PerfStringBackup.INI
2014-01-12 15:01 - 2014-01-12 15:01 - 00000000 ____D C:\Users\MB\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google+ Auto Backup
2014-01-11 16:15 - 2014-01-11 16:15 - 07071976 _____ C:\Users\MB\Downloads\distVideo.wmv
2014-01-06 20:23 - 2014-01-06 20:23 - 04558848 _____ (Google Inc.) C:\Windows\SysWOW64\GPhotos.scr
2013-12-29 13:03 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\rescache
Some content of TEMP:
====================
C:\Users\MB\AppData\Local\Temp\ApnStub.exe
C:\Users\MB\AppData\Local\Temp\burnsetup.exe
C:\Users\MB\AppData\Local\Temp\cci.exe
C:\Users\MB\AppData\Local\Temp\contentDATs.exe
C:\Users\MB\AppData\Local\Temp\ffunzip.exe
C:\Users\MB\AppData\Local\Temp\FlashPlayerUpdate.exe
C:\Users\MB\AppData\Local\Temp\GLF3F85.tmp.tbFree.dll
C:\Users\MB\AppData\Local\Temp\GLF4C03.tmp.ConduitEngineSetup.exe
C:\Users\MB\AppData\Local\Temp\GLF4C03.tmp.tbWinl.dll
C:\Users\MB\AppData\Local\Temp\GLF6B17.tmp.ConduitEngineSetup.exe
C:\Users\MB\AppData\Local\Temp\GLFCB3.tmp.ConduitEngineSetup.exe
C:\Users\MB\AppData\Local\Temp\jre-6u37-windows-i586-iftw.exe
C:\Users\MB\AppData\Local\Temp\jre-7u25-windows-i586-iftw.exe
C:\Users\MB\AppData\Local\Temp\prxGLF4C03.tmp.tbWinl.dll
C:\Users\MB\AppData\Local\Temp\prxGLF6B17.tmp.tbWinl.dll
C:\Users\MB\AppData\Local\Temp\prxGLFCB3.tmp.tbFree.dll
C:\Users\MB\AppData\Local\Temp\SecurityScan_Release.exe
C:\Users\MB\AppData\Local\Temp\tbFre0.dll
C:\Users\MB\AppData\Local\Temp\uninst.exe
C:\Users\MB\AppData\Local\Temp\uninst1.exe
C:\Users\MB\AppData\Local\Temp\winload_community_tb.exe
C:\Users\MB\AppData\Local\Temp\wpsetup.exe
==================== Bamital & volsnap Check =================
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
LastRegBack: 2014-01-26 13:50
==================== End Of Log ============================
Code:
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 26-01-2014 02
Ran by MB at 2014-01-26 21:04:34
Running from C:\Users\MB\Desktop
Boot Mode: Normal
==========================================================
==================== Security Center ========================
AV: Microsoft Security Essentials (Enabled - Up to date) {641105E6-77ED-3F35-A304-765193BCB75F}
AV: Trend Micro Titanium Internet Security (Disabled - Up to date) {68F968AC-2AA0-091D-848C-803E83E35902}
AS: Trend Micro Titanium Internet Security (Disabled - Up to date) {D3988948-0C9A-0693-BE3C-BB4CF86413BF}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Microsoft Security Essentials (Enabled - Up to date) {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}
==================== Installed Programs ======================
Adobe Flash Player 11 ActiveX (x32 Version: 11.7.700.224 - Adobe Systems Incorporated)
Adobe Flash Player 11 Plugin (x32 Version: 11.7.700.224 - Adobe Systems Incorporated)
Ask Toolbar Updater (HKCU Version: 1.2.0.20007 - Ask.com) <==== ATTENTION
ASUS AI Recovery (x32 Version: 1.0.13 - ASUS)
ASUS FancyStart (x32 Version: 1.0.8 - ASUSTeK Computer Inc.)
ASUS K3 Series ScreenSaver (x32 Version: 1.0.0002 - ASUS)
ASUS LifeFrame3 (x32 Version: 3.0.20 - ASUS)
ASUS Live Update (x32 Version: 3.0.6 - ASUS)
ASUS Power4Gear Hybrid (Version: 1.1.43 - ASUS)
ASUS SmartLogon (x32 Version: 1.0.0011 - ASUS)
ASUS Splendid Video Enhancement Technology (x32 Version: 1.02.0030 - ASUS)
ASUS Virtual Camera (x32 Version: 1.0.21 - asus)
ASUS WebStorage (x32 Version: 2.0.46.1429 - eCareme Technologies, Inc.)
AsusVibe2.0 (x32 Version: 2.0.3.585 - ASUSTEK)
ATK Package (x32 Version: 1.0.0008 - ASUS)
Audio Recorder for Free 2010 v12.8.2 (x32 Version: - Copyright(C) 2005-2010 AudioToolMedia Software.)
Bing Bar (x32 Version: 7.3.124.0 - Microsoft Corporation)
Bing Rewards Client Installer (x32 Version: 16.0.345.0 - Microsoft Corporation) Hidden
BlueStacks App Player (x32 Version: 0.7.18.921 - BlueStack Systems, Inc.)
BlueStacks Notification Center (x32 Version: 0.7.18.921 - BlueStack Systems, Inc.)
Bookworm Deluxe (x32 Version: - Oberon Media Inc.)
Canon Utilities Digital Photo Professional (x32 Version: 3.13.10.0 - Canon Inc.)
Canon Utilities EOS Sample Music (x32 Version: 1.0.1.1 - Canon Inc.)
Canon Utilities EOS Utility (x32 Version: 2.13.10.0 - Canon Inc.)
Canon Utilities ImageBrowser EX (x32 Version: 1.2.1.13 - Canon Inc.)
Canon Utilities PhotoStitch (x32 Version: 3.1.23.47 - Canon Inc.)
Canon Utilities Picture Style Editor (x32 Version: 1.13.10.0 - Canon Inc.)
CDBurnerXP (x32 Version: 4.5.2.4478 - CDBurnerXP)
Complément Messenger (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Complemento Messenger (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Conduit Engine (x32 Version: 6.3.3.3 - Conduit Ltd.) <==== ATTENTION
Control ActiveX de Windows Live Mesh para conexiones remotas (x32 Version: 15.4.5722.2 - Microsoft Corporation)
Contrôle ActiveX Windows Live Mesh pour connexions à distance (x32 Version: 15.4.5722.2 - Microsoft Corporation)
Controlo ActiveX do Windows Live Mesh para Ligações Remotas (x32 Version: 15.4.5722.2 - Microsoft Corporation)
Cooking Dash (x32 Version: - Oberon Media Inc.)
CyberLink LabelPrint (x32 Version: 2.5.1908 - CyberLink Corp.)
CyberLink LabelPrint (x32 Version: 2.5.1908 - CyberLink Corp.) Hidden
CyberLink Power2Go (x32 Version: 6.1.3602c - CyberLink Corp.)
CyberLink Power2Go (x32 Version: 6.1.3602c - CyberLink Corp.) Hidden
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
ETDWare PS/2-X64 8.0.5.0_WHQL (Version: 8.0.5.0 - ELAN Microelectronic Corp.)
Express Burn CD-/DVD-/Blu-Ray-Brenner (x32 Version: - NCH Software)
Fast Boot (Version: 1.0.9 - ASUS)
Flatcast Viewer Plugin 5.3.0.784 (x32 Version: - 1 mal 1 Software GmbH)
Free CD Ripper V2.0 (x32 Version: 2.0.0.0 - Koyote Soft)
Free Mp3 Wma Converter V 2.0 (x32 Version: 2.0.0.0 - Koyote Soft)
FreeSoundRecorder Toolbar (x32 Version: 6.8.2.0 - FreeSoundRecorder) <==== ATTENTION
Galeria de Fotografias do Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Galería fotográfica de Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Galerie de photos Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Google Chrome (HKCU Version: 28.0.1500.95 - Google Inc.)
Google Earth Plug-in (x32 Version: 7.1.1.1888 - Google)
Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden
Google Toolbar for Internet Explorer (x32 Version: 7.5.4413.1752 - Google Inc.)
Google+ Auto Backup (x32 Version: 1.0.21.81 - Google)
Hotel Dash Suite Success (x32 Version: - Oberon Media Inc.)
Intel(R) Control Center (x32 Version: 1.2.1.1007 - Intel Corporation)
Intel(R) Processor Graphics (x32 Version: 8.15.10.2291 - Intel Corporation)
Intel(R) Turbo Boost Technology Monitor (Version: 1.0.400.4 - Intel)
Java 7 Update 25 (x32 Version: 7.0.250 - Oracle)
Java Auto Updater (x32 Version: 2.1.9.5 - Sun Microsystems, Inc.) Hidden
Java(TM) 6 Update 37 (x32 Version: 6.0.370 - Oracle)
Jet (HKCU Version: 24.0.1293.0 - Performersoft)
Jewel Quest 3 (x32 Version: - Oberon Media Inc.)
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Luxor 3 (x32 Version: - Oberon Media Inc.)
Mahjongg dimensions (x32 Version: - Oberon Media Inc.)
Malwarebytes Anti-Malware Version 1.75.0.1300 (x32 Version: 1.75.0.1300 - Malwarebytes Corporation)
McAfee Security Scan Plus (Version: 3.8.130.10 - McAfee, Inc.)
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Messenger Companion (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Messenger 分享元件 (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Client Profile DEU Language Pack (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile DEU Language Pack (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Camera Codec Pack (Version: 16.4.1970.0624 - Microsoft Corporation)
Microsoft Office 2010 (x32 Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Klick-und-Los 2010 (Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
Microsoft Office Klick-und-Los 2010 (x32 Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Starter 2010 - Deutsch (x32 Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Security Client (Version: 4.4.0304.0 - Microsoft Corporation) Hidden
Microsoft Security Essentials (Version: 4.4.304.0 - Microsoft Corporation)
Microsoft Silverlight (Version: 5.1.20913.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (x32 Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.59192 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.61000 - Microsoft Corporation)
Mozilla Firefox 26.0 (x86 de) (x32 Version: 26.0 - Mozilla)
Mozilla Maintenance Service (x32 Version: 26.0 - Mozilla)
Mozilla Thunderbird 12.0.1 (x86 de) (x32 Version: 12.0.1 - Mozilla)
MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT_amd64 (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSXML 4.0 SP3 Parser (KB2721691) (x32 Version: 4.30.2114.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (x32 Version: 4.30.2117.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB973685) (x32 Version: 4.30.2107.0 - Microsoft Corporation)
Nuance PDF Reader (x32 Version: 6.00.0041 - Nuance Communications, Inc.)
NVIDIA Control Panel 267.21 (Version: 267.21 - NVIDIA Corporation) Hidden
NVIDIA Graphics Driver 267.21 (Version: 267.21 - NVIDIA Corporation)
NVIDIA Install Application (Version: 2.265.39.0 - NVIDIA Corporation) Hidden
NVIDIA Optimus 1.0.21 (Version: 1.0.21 - NVIDIA Corporation) Hidden
NVIDIA Update Components (Version: 1.0.21 - NVIDIA Corporation) Hidden
Olympus Sonority (x32 Version: 1.2.0 - OLYMPUS IMAGING CORP.)
OraStreamPlayer (x32 Version: 1.0.7 - OraStream)
Picasa 3 (x32 Version: 3.9 - Google, Inc.)
Plants vs Zombies (x32 Version: - Oberon Media Inc.)
Raccolta foto di Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Realtek Ethernet Controller Driver (x32 Version: 7.38.113.2011 - Realtek)
Realtek High Definition Audio Driver (x32 Version: 6.0.1.6294 - Realtek Semiconductor Corp.)
Realtek USB 2.0 Reader Driver (x32 Version: 6.1.7600.10001 - Realtek Semiconductor Corp.)
Skype™ 6.3 (x32 Version: 6.3.105 - Skype Technologies S.A.)
Sonic Focus (x32 Version: 1.00.0000 - Virage Logic, Corp.)
SurfMusik 3.1a (x32 Version: 3.1a - Marcus Schmitt)
syncables desktop SE (x32 Version: 5.5.746.11492 - syncables)
TeamViewer 7 (x32 Version: 7.0.12541 - TeamViewer)
Trend Micro Titanium Internet Security (Version: 3.0 - Trend Micro Inc.)
Trend Micro Titanium Internet Security (Version: 3.00 - Trend Micro Inc.) Hidden
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (x32 Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (x32 Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (x32 Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939) (x32 Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939v3) (x32 Version: 3 - Microsoft Corporation)
USB2.0 UVC VGA WebCam (Version: 5.8.55133.208 - Sonix)
Windows Live Communications Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Essentials (x32 Version: 15.4.3502.0922 - Microsoft Corporation)
Windows Live Essentials (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Family Safety (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Fotogalerie (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live ID Sign-in Assistant (Version: 7.250.4225.0 - Microsoft Corporation) Hidden
Windows Live Installer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Language Selector (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mail (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mesh - ActiveX-besturingselement voor externe verbindingen (x32 Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Mesh (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mesh ActiveX control for remote connections (x32 Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Mesh ActiveX Control for Remote Connections (x32 Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Messenger (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Messenger Companion Core (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live MIME IFilter (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Movie Maker (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Common (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Gallery (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Remote Client (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Client Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Service (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Service Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live SOXE (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Writer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Writer Resources (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live 影像中心 (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live 程式集 (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Mobile Device Updater Component (Version: 04.08.2345.00 - Microsoft Corporation) Hidden
WinFlash (x32 Version: 2.31.0 - ASUS)
Winload Toolbar (x32 Version: 6.3.3.3 - Winload)
WinRAR 4.20 (64-Bit) (Version: 4.20.0 - win.rar GmbH)
Wireless Console 3 (x32 Version: 3.0.19 - ASUS)
World of Goo (x32 Version: - Oberon Media Inc.)
Zattoo4 4.0.5 (x32 Version: 4.0.5 - Zattoo Inc.)
Zune (Version: 04.08.2345.00 - Microsoft Corporation)
Zune (Version: 04.08.2345.00 - Microsoft Corporation) Hidden
Zune Language Pack (CHS) (Version: 04.08.2345.00 - Microsoft Corporation) Hidden
Zune Language Pack (CHT) (Version: 04.08.2345.00 - Microsoft Corporation) Hidden
Zune Language Pack (CSY) (Version: 04.08.2345.00 - Microsoft Corporation) Hidden
Zune Language Pack (DAN) (Version: 04.08.2345.00 - Microsoft Corporation) Hidden
Zune Language Pack (DEU) (Version: 04.08.2345.00 - Microsoft Corporation) Hidden
Zune Language Pack (ELL) (Version: 04.08.2345.00 - Microsoft Corporation) Hidden
Zune Language Pack (ESP) (Version: 04.08.2345.00 - Microsoft Corporation) Hidden
Zune Language Pack (FIN) (Version: 04.08.2345.00 - Microsoft Corporation) Hidden
Zune Language Pack (FRA) (Version: 04.08.2345.00 - Microsoft Corporation) Hidden
Zune Language Pack (HUN) (Version: 04.08.2345.00 - Microsoft Corporation) Hidden
Zune Language Pack (IND) (Version: 04.08.2345.00 - Microsoft Corporation) Hidden
Zune Language Pack (ITA) (Version: 04.08.2345.00 - Microsoft Corporation) Hidden
Zune Language Pack (JPN) (Version: 04.08.2345.00 - Microsoft Corporation) Hidden
Zune Language Pack (KOR) (Version: 04.08.2345.00 - Microsoft Corporation) Hidden
Zune Language Pack (MSL) (Version: 04.08.2345.00 - Microsoft Corporation) Hidden
Zune Language Pack (NLD) (Version: 04.08.2345.00 - Microsoft Corporation) Hidden
Zune Language Pack (NOR) (Version: 04.08.2345.00 - Microsoft Corporation) Hidden
Zune Language Pack (PLK) (Version: 04.08.2345.00 - Microsoft Corporation) Hidden
Zune Language Pack (PTB) (Version: 04.08.2345.00 - Microsoft Corporation) Hidden
Zune Language Pack (PTG) (Version: 04.08.2345.00 - Microsoft Corporation) Hidden
Zune Language Pack (RUS) (Version: 04.08.2345.00 - Microsoft Corporation) Hidden
Zune Language Pack (SVE) (Version: 04.08.2345.00 - Microsoft Corporation) Hidden
Στοιχείο ελέγχου ActiveX του Windows Live Mesh για απομακρυσμένες συνδέσεις (x32 Version: 15.4.5722.2 - Microsoft Corporation)
Συλλογή φωτογραφιών του Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
גלריית התמונות של Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
מסייע Messenger (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
פקד ActiveX של Windows Live Mesh עבור חיבורים מרוחקים (x32 Version: 15.4.5722.2 - Microsoft Corporation)
適用遠端連線的 Windows Live Mesh ActiveX 控制項 (x32 Version: 15.4.5722.2 - Microsoft Corporation)
==================== Restore Points =========================
03-01-2014 21:40:31 Windows Update
07-01-2014 21:44:31 Windows Update
10-01-2014 22:22:25 Windows Update
14-01-2014 18:07:13 Windows Update
17-01-2014 05:44:09 Windows Modules Installer
18-01-2014 09:08:50 Windows Update
21-01-2014 13:23:02 Windows Update
24-01-2014 20:15:25 Windows Update
==================== Hosts content: ==========================
2009-07-14 03:34 - 2009-06-10 22:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
==================== Scheduled Tasks (whitelisted) =============
Task: {1A86C66B-9D59-4809-9070-B9B0E281A87D} - System32\Tasks\ACMON => C:\Program Files (x86)\ASUS\Splendid\ACMON.exe [2010-08-02] (ASUS)
Task: {5D46A3FD-DB82-44DB-B1B6-6F46A32A645B} - System32\Tasks\ASUS P4G => C:\Program Files\P4G\BatteryLife.exe [2010-12-02] (ASUS)
Task: {62E4CDEF-2EA7-4C49-836A-07F989015BDF} - System32\Tasks\{B72E19B6-4822-438E-937A-81EBAEAA4C4A} => Firefox.exe hxxp://ui.skype.com/ui/0/6.2.0.106/de/abandoninstall?source=lightinstaller&page=tsMain
Task: {6E59716D-1E02-4C21-9221-C13CADCB9604} - System32\Tasks\ASUS Live Update => C:\Program Files (x86)\ASUS\ASUS Live Update\LiveUpdate.exe [2011-08-31] (ASUSTeK Computer Inc.)
Task: {A3F725BF-1DB2-4370-89EC-271780186266} - System32\Tasks\ATKOSD2 => C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe [2010-08-17] (ASUS)
Task: {BC1DB5EE-4CCF-4B4B-8E81-8C954B79954D} - System32\Tasks\ASUS SmartLogon Console Sensor => C:\Program Files (x86)\ASUS\SmartLogon\sensorsrv.exe [2010-11-15] (ASUS)
Task: {DF9A5620-4C1B-4A3D-AC16-D1BF1F167DEC} - \AdobeFlashPlayerUpdate No Task File
Task: {F33BEAC3-0B6C-46D3-A66F-44FE21044EE5} - System32\Tasks\{644AABDF-C28E-4B62-8840-709248BD09E3} => Firefox.exe hxxp://ui.skype.com/ui/0/6.2.0.106/de/abandoninstall?source=lightinstaller&page=tsBing
Task: {F6ABCC11-8945-49E7-A230-DB42F3630547} - \AdobeFlashPlayerUpdate 2 No Task File
==================== Loaded Modules (whitelisted) =============
2010-03-16 02:48 - 2010-03-16 02:48 - 00148816 _____ () C:\Program Files (x86)\ASUS\ASUS WebStorage\EcaremeDLL.dll
2011-01-12 17:01 - 2011-01-12 17:01 - 00030032 _____ () C:\Windows\assembly\GAC_MSIL\SqliteShared\1.0.3726.20828__0d0f4b69e50e559b\SqliteShared.dll
2011-01-12 17:01 - 2011-01-12 17:01 - 00931840 _____ () C:\Windows\assembly\GAC_64\System.Data.SQLite\1.0.60.0__db937bc2d44ff139\System.Data.SQLite.dll
2011-03-08 04:39 - 2011-01-27 01:11 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2010-04-03 03:21 - 2008-10-01 07:08 - 00011264 _____ () C:\Program Files (x86)\ASUS\Splendid\GLCDdll.dll
2010-07-15 00:11 - 2010-07-15 00:11 - 00031360 _____ () C:\Program Files\P4G\DevMng.dll
2009-11-02 23:20 - 2009-11-02 23:20 - 00619816 _____ () C:\Program Files (x86)\CyberLink\Power2Go\CLMediaLibrary.dll
2009-11-02 23:23 - 2009-11-02 23:23 - 00013096 _____ () C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvcPS.dll
2012-08-30 12:39 - 2013-01-29 18:45 - 00112128 _____ () C:\Program Files (x86)\Canon\ImageBrowser EX\MFMFileSystemWatcher.dll
2011-08-31 14:33 - 2011-08-31 14:33 - 00208384 _____ () C:\Program Files (x86)\ASUS\ASUS Live Update\alvupdt.dll
2013-12-21 10:03 - 2013-12-21 10:04 - 03559024 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
==================== Alternate Data Streams (whitelisted) =========
AlternateDataStreams: C:\ProgramData\Temp:3E7393FC
==================== Safe Mode (whitelisted) ===================
==================== Faulty Device Manager Devices =============
==================== Event log errors: =========================
Application errors:
==================
Error: (01/26/2014 08:43:12 PM) (Source: BstHdAndroidSvc) (User: )
Description: Der Dienst kann nicht gestartet werden. System.ApplicationException: Cannot start service. Service did not stop gracefully the last time it was run.
bei BlueStacks.hyperDroid.Service.Service.OnStart(String[] args)
bei System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object state)
Error: (01/26/2014 08:33:05 PM) (Source: CVHSVC) (User: )
Description: Nur zur Information.
(Patch task for {90140011-0066-0407-0000-0000000FF1CE}): DownloadLatest Failed:
Error: (01/26/2014 08:22:46 PM) (Source: BstHdAndroidSvc) (User: )
Description: Der Dienst kann nicht gestartet werden. System.ApplicationException: Cannot start service. Service did not stop gracefully the last time it was run.
bei BlueStacks.hyperDroid.Service.Service.OnStart(String[] args)
bei System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object state)
Error: (01/25/2014 07:07:27 AM) (Source: BstHdAndroidSvc) (User: )
Description: Der Dienst kann nicht gestartet werden. System.ApplicationException: Cannot start service. Service did not stop gracefully the last time it was run.
bei BlueStacks.hyperDroid.Service.Service.OnStart(String[] args)
bei System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object state)
Error: (01/24/2014 08:56:20 PM) (Source: BstHdAndroidSvc) (User: )
Description: Der Dienst kann nicht gestartet werden. System.ApplicationException: Cannot start service. Service did not stop gracefully the last time it was run.
bei BlueStacks.hyperDroid.Service.Service.OnStart(String[] args)
bei System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object state)
Error: (01/21/2014 02:12:08 PM) (Source: BstHdAndroidSvc) (User: )
Description: Der Dienst kann nicht gestartet werden. System.ApplicationException: Cannot start service. Service did not stop gracefully the last time it was run.
bei BlueStacks.hyperDroid.Service.Service.OnStart(String[] args)
bei System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object state)
Error: (01/19/2014 01:16:32 PM) (Source: CVHSVC) (User: )
Description: Nur zur Information.
(Patch task for {90140011-0066-0407-0000-0000000FF1CE}): DownloadLatest Failed:
Error: (01/18/2014 01:38:11 PM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: syncables.exe, Version: 5.5.746.11492, Zeitstempel: 0x4c4538b1
Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel: 0x00000000
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00000000
ID des fehlerhaften Prozesses: 0x878
Startzeit der fehlerhaften Anwendung: 0xsyncables.exe0
Pfad der fehlerhaften Anwendung: syncables.exe1
Pfad des fehlerhaften Moduls: syncables.exe2
Berichtskennung: syncables.exe3
Error: (01/17/2014 09:43:02 AM) (Source: CVHSVC) (User: )
Description: Nur zur Information.
(Patch task for {90140011-0066-0407-0000-0000000FF1CE}): DownloadLatest Failed:
Error: (01/17/2014 09:32:38 AM) (Source: BstHdAndroidSvc) (User: )
Description: Der Dienst kann nicht gestartet werden. System.ApplicationException: Cannot start service. Service did not stop gracefully the last time it was run.
bei BlueStacks.hyperDroid.Service.Service.OnStart(String[] args)
bei System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object state)
System errors:
=============
Error: (01/26/2014 08:43:12 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "BlueStacks Android Service" wurde mit folgendem Fehler beendet:
%%1064
Error: (01/26/2014 08:41:53 PM) (Source: EventLog) (User: )
Description: Das System wurde zuvor am 26.01.2014 um 20:37:11 unerwartet heruntergefahren.
Error: (01/26/2014 08:24:25 PM) (Source: cdrom) (User: )
Description: Das Gerät \Device\CdRom0 ist für den Zugriff noch nicht bereit.
Error: (01/26/2014 08:24:24 PM) (Source: cdrom) (User: )
Description: Das Gerät \Device\CdRom0 ist für den Zugriff noch nicht bereit.
Error: (01/26/2014 08:24:23 PM) (Source: cdrom) (User: )
Description: Das Gerät \Device\CdRom0 ist für den Zugriff noch nicht bereit.
Error: (01/26/2014 08:24:22 PM) (Source: cdrom) (User: )
Description: Das Gerät \Device\CdRom0 ist für den Zugriff noch nicht bereit.
Error: (01/26/2014 08:24:21 PM) (Source: cdrom) (User: )
Description: Das Gerät \Device\CdRom0 ist für den Zugriff noch nicht bereit.
Error: (01/26/2014 08:24:20 PM) (Source: cdrom) (User: )
Description: Das Gerät \Device\CdRom0 ist für den Zugriff noch nicht bereit.
Error: (01/26/2014 08:24:19 PM) (Source: cdrom) (User: )
Description: Das Gerät \Device\CdRom0 ist für den Zugriff noch nicht bereit.
Error: (01/26/2014 08:24:18 PM) (Source: cdrom) (User: )
Description: Das Gerät \Device\CdRom0 ist für den Zugriff noch nicht bereit.
Microsoft Office Sessions:
=========================
Error: (01/26/2014 08:43:12 PM) (Source: BstHdAndroidSvc)(User: )
Description: Der Dienst kann nicht gestartet werden. System.ApplicationException: Cannot start service. Service did not stop gracefully the last time it was run.
bei BlueStacks.hyperDroid.Service.Service.OnStart(String[] args)
bei System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object state)
Error: (01/26/2014 08:33:05 PM) (Source: CVHSVC)(User: )
Description: (Patch task for {90140011-0066-0407-0000-0000000FF1CE}): DownloadLatest Failed:
Error: (01/26/2014 08:22:46 PM) (Source: BstHdAndroidSvc)(User: )
Description: Der Dienst kann nicht gestartet werden. System.ApplicationException: Cannot start service. Service did not stop gracefully the last time it was run.
bei BlueStacks.hyperDroid.Service.Service.OnStart(String[] args)
bei System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object state)
Error: (01/25/2014 07:07:27 AM) (Source: BstHdAndroidSvc)(User: )
Description: Der Dienst kann nicht gestartet werden. System.ApplicationException: Cannot start service. Service did not stop gracefully the last time it was run.
bei BlueStacks.hyperDroid.Service.Service.OnStart(String[] args)
bei System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object state)
Error: (01/24/2014 08:56:20 PM) (Source: BstHdAndroidSvc)(User: )
Description: Der Dienst kann nicht gestartet werden. System.ApplicationException: Cannot start service. Service did not stop gracefully the last time it was run.
bei BlueStacks.hyperDroid.Service.Service.OnStart(String[] args)
bei System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object state)
Error: (01/21/2014 02:12:08 PM) (Source: BstHdAndroidSvc)(User: )
Description: Der Dienst kann nicht gestartet werden. System.ApplicationException: Cannot start service. Service did not stop gracefully the last time it was run.
bei BlueStacks.hyperDroid.Service.Service.OnStart(String[] args)
bei System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object state)
Error: (01/19/2014 01:16:32 PM) (Source: CVHSVC)(User: )
Description: (Patch task for {90140011-0066-0407-0000-0000000FF1CE}): DownloadLatest Failed:
Error: (01/18/2014 01:38:11 PM) (Source: Application Error)(User: )
Description: syncables.exe5.5.746.114924c4538b1unknown0.0.0.000000000c00000050000000087801cf135ebd8c662fC:\Program Files (x86)\syncables\syncables desktop\syncables.exeunknown6390b023-803d-11e3-828c-f46d0419ae00
Error: (01/17/2014 09:43:02 AM) (Source: CVHSVC)(User: )
Description: (Patch task for {90140011-0066-0407-0000-0000000FF1CE}): DownloadLatest Failed:
Error: (01/17/2014 09:32:38 AM) (Source: BstHdAndroidSvc)(User: )
Description: Der Dienst kann nicht gestartet werden. System.ApplicationException: Cannot start service. Service did not stop gracefully the last time it was run.
bei BlueStacks.hyperDroid.Service.Service.OnStart(String[] args)
bei System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object state)
==================== Memory info ===========================
Percentage of memory in use: 39%
Total physical RAM: 6055.77 MB
Available physical RAM: 3665.53 MB
Total Pagefile: 12109.72 MB
Available Pagefile: 9577.55 MB
Total Virtual: 8192 MB
Available Virtual: 8191.8 MB
==================== Drives ================================
Drive c: (OS) (Fixed) (Total:238.47 GB) (Free:152.6 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive d: (DATA) (Fixed) (Total:332.7 GB) (Free:191.93 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 596 GB) (Disk ID: FD65E542)
Partition 1: (Not Active) - (Size=25 GB) - (Type=1C)
Partition 2: (Active) - (Size=238 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=333 GB) - (Type=OF Extended)
==================== End Of Log ============================
Code:
GMER 2.1.19355 - hxxp://www.gmer.net
Rootkit scan 2014-01-26 21:30:24
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 Hitachi_ rev.JEDO 596,17GB
Running: u027p0y3.exe; Driver: C:\Users\MB\AppData\Local\Temp\fxldrpoc.sys
---- User code sections - GMER 2.1 ----
.text C:\Windows\AsScrPro.exe[1980] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 00000000771e1465 2 bytes [1E, 77]
.text C:\Windows\AsScrPro.exe[1980] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000771e14bb 2 bytes [1E, 77]
.text ... * 2
.text C:\Program Files (x86)\syncables\syncables desktop\syncables.exe[2504] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 00000000771e1465 2 bytes [1E, 77]
.text C:\Program Files (x86)\syncables\syncables desktop\syncables.exe[2504] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000771e14bb 2 bytes [1E, 77]
.text ... * 2
.text C:\Program Files (x86)\syncables\syncables desktop\jre\bin\javaw.exe[3008] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 00000000771e1465 2 bytes [1E, 77]
.text C:\Program Files (x86)\syncables\syncables desktop\jre\bin\javaw.exe[3008] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000771e14bb 2 bytes [1E, 77]
.text ... * 2
.text C:\Program Files (x86)\BlueStacks\HD-Agent.exe[3308] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 00000000771e1465 2 bytes [1E, 77]
.text C:\Program Files (x86)\BlueStacks\HD-Agent.exe[3308] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000771e14bb 2 bytes [1E, 77]
.text ... * 2
.text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[4456] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 00000000771e1465 2 bytes [1E, 77]
.text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[4456] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000771e14bb 2 bytes [1E, 77]
.text ... * 2
.text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe[5124] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 00000000771e1465 2 bytes [1E, 77]
.text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe[5124] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000771e14bb 2 bytes [1E, 77]
.text ... * 2
---- Processes - GMER 2.1 ----
Library C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{29C8BB66-CA3F-433F-8210-25F47046BEF4}\mpengine.dll (*** suspicious ***) @ C:\Program Files\Microsoft Security Client\MsMpEng.exe [144] (Microsoft Malware Protection Engine/Microsoft Corporation(2014-01-26 12:42:50) 000007fef8430000
Library \\?\C:\ProgramData\Microsoft\Windows\DRM\Cache\Indiv_SID_S-1-5-20\Indiv01_64.key (*** suspicious ***) @ C:\Program Files\Windows Media Player\wmpnetwk.exe [5596] (Individualized Black Box DLL/Microsoft Corporation SIGNED)(2011-08-30 17:55:36) 000000000ac00000
---- Registry - GMER 2.1 ----
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\0015007a2bc2
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\0015007a2bc2 (not active ControlSet)
---- EOF - GMER 2.1 ----
Code:
defogger_disable by jpshortstuff (23.02.10.1)
Log created at 21:00 on 26/01/2014 (MB)
Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.
Checking for services/drivers...
-=E.O.F=-
Wie werde ich die wieder los? Danke schon mal im Voraus! |
AdwCleaner auf deinen Desktop.
SecurityCheck und:
