ThorsZeh | 05.06.2014 20:43 | Tut mir leid, dass ich mich erst jetzt melde, ich hatte beruflich viel um die Ohren (inkl. Wochenend-& Feiertagsdienst)
erstmal, nach dem ich alles im AdwCleaner gelöscht hatte erhalte ich bei jedem Systemstart folgende Meldung auf den Desktop: http://s14.directupload.net/images/140605/6ulmhi2u.png
mbam.txt: Zitat:
Malwarebytes Anti-Malware
Malwarebytes | Free Anti-Malware & Internet Security Software
Suchlauf Datum: 05.06.2014
Suchlauf-Zeit: 20:02:57
Logdatei: mbam.txt
Administrator: Ja
Version: 2.00.2.1012
Malware Datenbank: v2014.06.05.11
Rootkit Datenbank: v2014.06.02.01
Lizenz: Kostenlos
Malware Schutz: Deaktiviert
Bösartiger Webseiten Schutz: Deaktiviert
Self-protection: Deaktiviert
Betriebssystem: Windows 7
CPU: x64
Dateisystem: NTFS
Benutzer: Computer
Suchlauf-Art: Bedrohungs-Suchlauf
Ergebnis: Abgeschlossen
Durchsuchte Objekte: 277166
Verstrichene Zeit: 19 Min, 15 Sek
Speicher: Aktiviert
Autostart: Aktiviert
Dateisystem: Aktiviert
Archive: Aktiviert
Rootkits: Deaktiviert
Heuristics: Aktiviert
PUP: Aktiviert
PUM: Aktiviert
Prozesse: 0
(No malicious items detected)
Module: 0
(No malicious items detected)
Registrierungsschlüssel: 0
(No malicious items detected)
Registrierungswerte: 0
(No malicious items detected)
Registrierungsdaten: 1
PUP.Optional.Qone8, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES|DefaultScope, {33BB0A4E-99AF-4226-BDF6-49120163DE86}, Gut: ({0633EE93-D776-472f-A0FF-E1416B8B2E3A}), Schlecht: ({33BB0A4E-99AF-4226-BDF6-49120163DE86}),Ersetzt,[4897cfa537447eb81e2fbbb018ec45bb]
Ordner: 0
(No malicious items detected)
Dateien: 6
Trojan.FakeMS.ED, C:\Users\Computer\AppData\Local\Temp\0390.dll, In Quarantäne, [7768324222593006d496354dd32ed12f],
PUP.Optional.DomaIQ, C:\Users\Computer\AppData\Local\Temp\dfsFA94.tmp, In Quarantäne, [c51a3b39f58678be94ed4de4cd35f50b],
PUP.Optional.ScramblePacker.A, C:\Users\Computer\AppData\Local\Temp\7dc2692b-7c13-4e7c-8719-b346fe6fe0c4\software\mplus.exe, In Quarantäne, [c11ef67ed8a337ff44313b45a75a8e72],
PUP.Optional.NewPlayer.A, C:\Users\Computer\AppData\Local\Temp\7dc2692b-7c13-4e7c-8719-b346fe6fe0c4\software\New_Player.exe, In Quarantäne, [974893e18eed7bbb68fd2c5459a8ab55],
PUP.Optional.OpenCandy, C:\Users\Computer\Downloads\DTLite4491-0356.exe, In Quarantäne, [449b720228533105f0683758d13308f8],
PUP.Optional.DomaIQ, C:\Users\Computer\Downloads\Player_Setup.exe, In Quarantäne, [c7186f05e09b92a479400a77d72a2bd5],
Physische Sektoren: 0
(No malicious items detected)
(end)
| JRT.txt Zitat:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.4 (04.06.2014:1)
OS: Windows 7 Home Premium x64
Ran by Computer on 05.06.2014 at 21:19:04,82
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~ Services
~~~ Registry Values
~~~ Registry Keys
~~~ Files
~~~ Folders
~~~ FireFox
Emptied folder: C:\Users\Computer\AppData\Roaming\mozilla\firefox\profiles\6hvqdrtx.default-1401045432870\minidumps [17 files]
~~~ Event Viewer Logs were cleared
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 05.06.2014 at 21:31:15,02
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
|
FRST Logfile: Code:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 02-06-2014
Ran by Computer (administrator) on COMPUTER-TOSH on 05-06-2014 21:32:34
Running from C:\Users\Computer\Downloads
Platform: Windows 7 Home Premium (X64) OS Language: German Standard
Internet Explorer Version 9
Boot Mode: Normal
The only official download link for FRST:
Download link for 32-Bit version: Downloading Farbar Recovery Scan Tool
Download link for 64-Bit Version: Downloading Farbar Recovery Scan Tool
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: FRST Tutorial - How to use Farbar Recovery Scan Tool - Malware Removal Guides and Tutorials
==================== Processes (Whitelisted) =================
(AMD) C:\Windows\System32\atiesrxx.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(BlueStack Systems, Inc.) C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe
(BlueStack Systems, Inc.) C:\Program Files (x86)\BlueStacks\HD-UpdaterService.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
(TOSHIBA Corporation) C:\Windows\System32\TODDSrv.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TECO\TecoService.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(TOSHIBA CORPORATION) C:\Program Files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe
(TOSHIBA CORPORATION) C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe
(Nero AG) C:\Program Files (x86)\Nero\Update\NASvc.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TECO\Teco.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Toshiba Europe GmbH) C:\Program Files (x86)\Toshiba TEMPRO\TemproTray.exe
() C:\Users\Computer\AppData\Local\Amazon Cloud Player\Amazon Music Helper.exe
(TOSHIBA) C:\Program Files (x86)\TOSHIBA\TOSHIBA Online Product Information\TOPI.exe
(Nero AG) C:\Program Files (x86)\Nero\Nero 10\Nero BackItUp\NBAgent.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(TOSHIBA Corporation) C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(BlueStack Systems, Inc.) C:\Program Files (x86)\BlueStacks\HD-Agent.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(TOSHIBA Corporation) C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TPHM\TPCHWMsg.exe
(Microsoft Corporation) C:\Windows\System32\mspaint.exe
() C:\Program Files (x86)\Youtube Downloader HD\YouTubeDownloaderHD.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
(Thisisu) C:\Users\Computer\Downloads\JRT.exe
(Microsoft Corporation) C:\Windows\SysWOW64\cmd.exe
(VideoLAN) C:\Program Files\VideoLAN\VLC\vlc.exe
(Microsoft Corporation) C:\Windows\SysWOW64\notepad.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [TPwrMain] => C:\Program Files\TOSHIBA\Power Saver\TPwrMain.EXE [566184 2010-09-28] (TOSHIBA Corporation)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2052392 2010-03-10] (Synaptics Incorporated)
HKLM\...\Run: [SmartFaceVWatcher] => C:\Program Files\Toshiba\SmartFaceV\SmartFaceVWatcher.exe [238080 2009-10-19] (TOSHIBA Corporation)
HKLM\...\Run: [Teco] => C:\Program Files\TOSHIBA\TECO\Teco.exe [1489760 2010-03-17] (TOSHIBA Corporation)
HKLM\...\Run: [TosSENotify] => C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe [709976 2010-02-05] (TOSHIBA Corporation)
HKLM\...\Run: [TosWaitSrv] => C:\Program Files\TOSHIBA\TPHM\TosWaitSrv.exe [705368 2010-02-23] (TOSHIBA Corporation)
HKLM\...\Run: [TosVolRegulator] => C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe [24376 2009-11-11] (TOSHIBA Corporation)
HKLM\...\Run: [Toshiba TEMPRO] => C:\Program Files (x86)\Toshiba TEMPRO\TemproTray.exe [1050072 2010-05-11] (Toshiba Europe GmbH)
HKLM\...\Run: [SmoothView] => C:\Program Files\Toshiba\SmoothView\SmoothView.exe [570680 2009-08-13] (TOSHIBA Corporation)
HKLM\...\Run: [HSON] => C:\Program Files\TOSHIBA\TBS\HSON.exe [52600 2009-03-09] (TOSHIBA Corporation)
HKLM\...\Run: [00TCrdMain] => C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe [915320 2010-05-10] (TOSHIBA Corporation)
HKLM\...\Run: [TosReelTimeMonitor] => C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe [35672 2010-03-03] (TOSHIBA Corporation)
HKLM-x32\...\Run: [Microsoft Default Manager] => C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe [288088 2009-11-11] (Microsoft Corporation)
HKLM-x32\...\Run: [NBAgent] => c:\Program Files (x86)\Nero\Nero 10\Nero BackItUp\NBAgent.exe [1234216 2010-09-02] (Nero AG)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [98304 2010-03-15] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [3890208 2014-06-05] (AVAST Software)
HKLM-x32\...\Run: [ToshibaServiceStation] => C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe [1294136 2009-10-06] (TOSHIBA Corporation)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-12-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-02-21] (Apple Inc.)
HKLM-x32\...\Run: [BlueStacks Agent] => C:\Program Files (x86)\BlueStacks\HD-Agent.exe [832272 2014-05-01] (BlueStack Systems, Inc.)
HKU\.DEFAULT\...\Run: [TOSHIBA Online Product Information] => C:\Program Files (x86)\TOSHIBA\TOSHIBA Online Product Information\topi.exe [4581280 2010-03-03] (TOSHIBA)
HKU\S-1-5-21-2560161592-3816387559-2359114276-1000\...\Run: [Amazon Cloud Player] => C:\Users\Computer\AppData\Local\Amazon Cloud Player\Amazon Music Helper.exe [3168576 2014-03-07] ()
HKU\S-1-5-21-2560161592-3816387559-2359114276-1000\...\Run: [TOSHIBA Online Product Information] => C:\Program Files (x86)\TOSHIBA\TOSHIBA Online Product Information\topi.exe [4581280 2010-03-03] (TOSHIBA)
HKU\S-1-5-21-2560161592-3816387559-2359114276-1000\...\Run: [UsowoLqera] => regsvr32.exe "C:\ProgramData\UsowoLqera.dat"
Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk
ShortcutTarget: TRDCReminder.lnk -> C:\Program Files (x86)\TOSHIBA\TRDCReminder\TRDCReminder.exe (TOSHIBA Europe)
Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk
ShortcutTarget: TRDCReminder.lnk -> C:\Program Files (x86)\TOSHIBA\TRDCReminder\TRDCReminder.exe (TOSHIBA Europe)
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = MSN Deutschland: Aktuelle Nachrichten, Outlook.com Email und Skype Login.
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN Deutschland: Aktuelle Nachrichten, Outlook.com Email und Skype Login.
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKCU - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKCU - {06E96EFE-8043-459D-925B-B4D5B82A2743} URL = hxxp://rover.ebay.com/rover/1/707-44556-9400-9/4?satitle={searchTerms}
SearchScopes: HKCU - {4DCB657A-6192-491C-B068-4554A7124208} URL = hxxp://www.amazon.de/gp/search?ie=UTF8&keywords={searchTerms}&tag=tochibade-win7-ie-search-21&index=blended&linkCode=ur2
BHO: Canon Easy-WebPrint EX BHO - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\addon64\ewpexbho.dll (CANON INC.)
BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Canon Easy-WebPrint EX BHO - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.)
BHO-x32: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO-x32: Windows Live ID-Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll (Microsoft Corporation)
BHO-x32: Skype add-on for Internet Explorer - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: TOSHIBA Media Controller Plug-in - {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll (<TOSHIBA>)
Toolbar: HKLM - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\addon64\ewpexhlp.dll (CANON INC.)
Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - No File
Toolbar: HKLM-x32 - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - No File
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
FireFox:
========
FF ProfilePath: C:\Users\Computer\AppData\Roaming\Mozilla\Firefox\Profiles\6hvqdrtx.default-1401045432870
FF NetworkProxy: "autoconfig_url", "data:text/javascript,function%20FindProxyForURL(url%2C%20host)%20%7Bif%20(shExpMatch(url%2C%20'http%3A%2F%2Fwww.last.fm*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fext.last.fm*')%20%7C%7C%20(url.indexOf('proxmate%3Dactive')%20!%3D%20-1%20%26%26%20url.indexOf('amazonaws.com')%20%3D%3D%20-1)%20%7C%7C%20(url.indexOf('proxmate%3Dus')%20!%3D%20-1)%20%7C%7C%20url.indexOf('discoverymedia.com')%20!%3D%20-1%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fdsc.discovery.com%2F*')%20%7C%7C%20url.indexOf('southparkstudios.com')%20!%3D%20-1%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fwww.iheart.com*')%20%7C%7C%20host%20%3D%3D%20's.hulu.com'%20%7C%7C%20url.indexOf('vevo.com')%20!%3D%20-1%20%7C%7C%20host%20%3D%3D%20'www.pandora.com'%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fplay.spotify.com*')%20%7C%7C%20shExpMatch(url%2C%20'https%3A%2F%2Fplay.spotify.com*')%20%7C%7C%20shExpMatch(url%2C%20'https%3A%2F%2Fwww.spotify.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fwww.spotify.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fwww.mtv.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fmedia.mtvnservices.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fwww.crunchyroll.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fgrooveshark.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fretro.grooveshark.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fhtml5.grooveshark.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Flisten.grooveshark.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fwww.grooveshark.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fpreview.grooveshark.com*')%20%7C%7C%20shExpMatch(url%2C%20'https%3A%2F%2Fwww.daisuki.net*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fwww.funimation.com*')%20%7C%7C%20shExpMatch(url%2C%20'https%3A%2F%2Fsecure.funimation.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fwww.rdio.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fsongza.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fnew.songza.com*')%20%7C%7C%20url.indexOf('play.google.com')%20!%3D%20-1%20%7C%7C%20(url.indexOf('youtube.com%2Fvideoplayback')%20!%3D%20-1%20%26%26%20url.indexOf('%26gcr%3Dus')%20!%3D%20-1%20%26%26%20url.indexOf('%26ptchn')%20!%3D%20-1)%20%7C%7C%20shExpMatch(url%2C%20'https%3A%2F%2Faccount.beatsmusic.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fwww.beatsmusic.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fpiki.fm*')%20%7C%7C%20shExpMatch(url%2C%20'https%3A%2F%2Fpiki.fm*'))%20%7B%20return%20'PROXY%20nq-us08.personalitycores.com%3A8000%3B%20PROXY%20nq-us07.personalitycores.com%3A8000%3B%20PROXY%20nq-us11.personalitycores.com%3A8000%3B%20PROXY%20nq-us04.personalitycores.com%3A8000%3B%20PROXY%20nq-us05.personalitycores.com%3A8000%3B%20PROXY%20nq-us06.personalitycores.com%3A8000%3B%20PROXY%20nq-us09.personalitycores.com%3A8000%3B%20PROXY%20nq-us10.personalitycores.com%3A8000%3B%20PROXY%20nq-us12.personalitycores.com%3A8000'%3B%7D%20%20else%20%7B%20return%20'DIRECT'%3B%20%7D%7D"
FF NetworkProxy: "type", 2
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_13_0_0_214.dll ()
FF Plugin: @videolan.org/vlc,version=2.1.3 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_214.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @canon.com/EPPEX - C:\Program Files (x86)\Canon\My Image Garden\AddOn\CIG\npmigfpi.dll (CANON INC.)
FF Plugin-x32: @java.com/DTPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\4.0.50401.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Users\Computer\AppData\Roaming\Mozilla\Firefox\Profiles\6hvqdrtx.default-1401045432870\searchplugins\youtube-videosuche.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: YouTube Unblocker - C:\Users\Computer\AppData\Roaming\Mozilla\Firefox\Profiles\6hvqdrtx.default-1401045432870\Extensions\youtubeunblocker@unblocker.yt [2014-06-02]
FF Extension: ProxMate - Proxy on steroids! - C:\Users\Computer\AppData\Roaming\Mozilla\Firefox\Profiles\6hvqdrtx.default-1401045432870\Extensions\jid1-QpHD8URtZWJC2A@jetpack.xpi [2014-05-26]
FF HKLM-x32\...\Firefox\Extensions: [{27182e60-b5f3-411c-b545-b44205977502}] - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\firefoxextension\SearchHelperExtension\
FF Extension: Search Helper Extension - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\firefoxextension\SearchHelperExtension\ []
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2014-01-10]
==================== Services (Whitelisted) =================
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-05-05] (AVAST Software)
S2 BstHdAndroidSvc; C:\Program Files (x86)\BlueStacks\HD-Service.exe [402192 2014-05-01] (BlueStack Systems, Inc.)
R2 BstHdLogRotatorSvc; C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe [385808 2014-05-01] (BlueStack Systems, Inc.)
R2 BstHdUpdaterSvc; C:\Program Files (x86)\BlueStacks\HD-UpdaterService.exe [774928 2014-05-01] (BlueStack Systems, Inc.)
S3 TemproMonitoringService; C:\Program Files (x86)\Toshiba TEMPRO\TemproSvc.exe [124368 2010-05-11] (Toshiba Europe GmbH)
==================== Drivers (Whitelisted) ====================
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2014-05-05] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [79184 2014-05-05] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2014-05-05] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-05-05] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1039096 2014-05-15] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [423240 2014-05-15] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [85328 2014-05-15] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [208416 2014-05-05] ()
R2 BstHdDrv; C:\Program Files (x86)\BlueStacks\HD-Hypervisor-amd64.sys [123152 2014-05-01] (BlueStack Systems)
S3 RSUSBSTOR; System32\Drivers\RtsUStor.sys [X]
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2014-06-05 21:32 - 2014-06-05 21:32 - 00000000 ____D () C:\Users\Computer\Downloads\FRST-OlderVersion
2014-06-05 21:31 - 2014-06-05 21:31 - 00000777 _____ () C:\Users\Computer\Desktop\JRT.txt
2014-06-05 21:26 - 2014-06-05 21:26 - 02972033 _____ () C:\Users\Computer\Documents\JBG2 Tour DVD [8_8]_(360p).mp4
2014-06-05 21:22 - 2014-06-05 21:25 - 62399917 _____ () C:\Users\Computer\Documents\JBG2 Tour DVD [7_8]_(360p).mp4
2014-06-05 21:19 - 2014-06-05 21:19 - 00000000 ____D () C:\Windows\ERUNT
2014-06-05 21:18 - 2014-06-05 21:21 - 66858058 _____ () C:\Users\Computer\Documents\JBG2 Tour DVD [6_8]_(360p).mp4
2014-06-05 21:11 - 2014-06-05 21:18 - 65750430 _____ () C:\Users\Computer\Documents\JBG2 Tour DVD [5_8]_(360p).mp4
2014-06-05 20:59 - 2014-06-05 20:59 - 01016261 _____ (Thisisu) C:\Users\Computer\Downloads\JRT.exe
2014-06-05 20:55 - 2014-06-05 20:59 - 62012422 _____ () C:\Users\Computer\Documents\JBG2 Tour DVD [4_8]_(360p).mp4
2014-06-05 20:46 - 2014-06-05 20:54 - 71286219 _____ () C:\Users\Computer\Documents\JBG2 Tour DVD [3_8]_(360p).mp4
2014-06-05 20:41 - 2014-06-05 20:44 - 42394797 _____ () C:\Users\Computer\Documents\NWA - Deleted Scenes_(480p).mp4
2014-06-05 20:29 - 2014-06-05 20:40 - 115568286 _____ () C:\Users\Computer\Documents\Shindy - NWA DVD pt. 2_(480p).mp4
2014-06-05 20:24 - 2014-06-05 20:24 - 00002200 _____ () C:\Users\Computer\Desktop\mbam.txt
2014-06-05 20:15 - 2014-06-05 20:28 - 116095089 _____ () C:\Users\Computer\Documents\Shindy - NWA DVD pt. 1_(480p).mp4
2014-06-05 20:00 - 2014-06-05 20:07 - 61035378 _____ () C:\Users\Computer\Documents\JBG2 Tour DVD [1_8]_(360p).mp4
2014-06-05 19:58 - 2014-06-05 19:59 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-06-05 19:58 - 2014-06-05 19:58 - 00001113 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-06-05 19:58 - 2014-06-05 19:58 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-06-05 19:58 - 2014-06-05 19:58 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-06-05 19:58 - 2014-06-05 19:58 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-06-05 19:58 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-06-05 19:58 - 2014-05-12 07:26 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-06-05 19:58 - 2014-05-12 07:25 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-06-05 19:55 - 2014-06-05 19:56 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Computer\Downloads\mbam-setup-2.0.2.1012.exe
2014-06-05 18:19 - 2014-06-05 18:19 - 00000000 ____D () C:\Windows\system32\SPReview
2014-06-02 22:37 - 2014-06-02 22:54 - 18475736 _____ () C:\Users\Computer\Documents\Kollegah King DVD [5_5] - Anekdoten zu Regen 2, Openair Frauenfeld 2, Abschluss_(360p).mp4
2014-06-02 22:34 - 2014-06-02 22:37 - 43375205 _____ () C:\Users\Computer\Documents\Kollegah King DVD [4_5] - Budva, Vojvoda Vuk, Drogenkonsum, Anekdoten zu Regen_(360p).mp4
2014-06-02 22:19 - 2014-06-02 22:27 - 56244361 _____ () C:\Users\Computer\Documents\Kollegah King DVD [3_5] - Doubletime, Urlaub, Kollegha, Beine beanspruchen_(360p).mp4
2014-06-02 22:13 - 2014-06-02 22:18 - 53775617 _____ () C:\Users\Computer\Documents\Kollegah King DVD [2_5] - Openair Frauenfeld, Montenegro, Studio-Session, Foto-Shooting_(360p).mp4
2014-06-02 21:41 - 2014-06-02 22:12 - 363564030 _____ () C:\Users\Computer\Documents\Disco MMA DVD_(480p).mp4
2014-06-02 21:30 - 2014-06-02 21:38 - 56948003 _____ () C:\Users\Computer\Documents\Kollegah King DVD [1_5] - Fragen, Barcelona, Schloss, Studio, Farid Bang_(360p).mp4
2014-05-29 23:13 - 2014-05-29 23:21 - 173525581 _____ () C:\Users\Computer\Documents\Die Getriebenen - Politik bis zur Schmerzgrenze - ZDF Dokumentation - 20.09.2013_(480p).mp4
2014-05-29 22:56 - 2014-05-29 23:12 - 324496940 _____ () C:\Users\Computer\Documents\Pussy Riot - Ein russischer Skandal_(480p).mp4
2014-05-28 18:24 - 2014-05-29 22:55 - 228077703 _____ () C:\Users\Computer\Documents\Die Story im Ersten_ Sex - Made in Germany_ Prostitution und ihre Profiteure_(480p).mp4
2014-05-28 18:14 - 2014-05-28 18:23 - 00210540 _____ () C:\Users\Computer\Documents\Klartext spezial_ Streit um Asylbewerber_(360p).mp4
2014-05-28 18:01 - 2014-05-28 18:13 - 247472284 _____ () C:\Users\Computer\Documents\Schlachtfeld Politik - Die finstere Seite der Macht (Doku)_(480p).mp4
2014-05-28 17:51 - 2014-05-28 18:01 - 00950892 _____ () C:\Users\Computer\Documents\Wie billig kann Bio sein_ ARD Reportage Exklusiv im Ersten (2012)_(360p).mp4
2014-05-28 17:38 - 2014-05-28 17:50 - 225443263 _____ () C:\Users\Computer\Documents\Facebook - Milliardengeschäft Freundschaft _ Die Story im Ersten _ DAS ERSTE _ NDR _ ARD_(480p).mp4
2014-05-28 17:25 - 2014-05-28 17:38 - 179701788 _____ () C:\Users\Computer\Documents\Deutschlands neue Slums - Das Geschäft mit den Armutseinwanderern _ EXCLUSIV IM ERSTEN _ ARD_(480p).mp4
2014-05-28 17:12 - 2014-05-28 17:23 - 114524040 _____ () C:\Users\Computer\Documents\Lobbyisten.in.der.Politik.ARD.Exclusiv.Die_Einfluesterer_12.09_(360p).mp4
2014-05-28 16:49 - 2014-05-28 17:11 - 156076220 _____ () C:\Users\Computer\Documents\Die story - Wir sind drin! - Die neuen Tricks der Lobbyisten_(360p).mp4
2014-05-28 16:35 - 2014-05-28 16:48 - 175141740 _____ () C:\Users\Computer\Documents\Über Merkel - Politik als Kompromiss_(360p).mp4
2014-05-28 16:27 - 2014-05-28 16:32 - 108406679 _____ () C:\Users\Computer\Documents\Die Einflüsterer - Wie Geld Politik macht (Doku)_(360p).mp4
2014-05-28 16:14 - 2014-05-28 16:27 - 129870401 _____ () C:\Users\Computer\Documents\Die Story im Ersten_ Du schaffst das!_(360p).mp4
2014-05-28 15:39 - 2014-05-28 16:12 - 243450891 _____ () C:\Users\Computer\Documents\Gysi und die Stasi - Ein Politiker im Zwielicht (Doku)_(480p).mp4
2014-05-26 22:13 - 2013-09-18 17:03 - 00377153 _____ () C:\Users\Computer\Downloads\proxmate_unblock_the_internet-2.3.3-fx.xpi
2014-05-26 22:12 - 2014-05-26 22:12 - 00359040 _____ () C:\Users\Computer\Downloads\proxmate_unblock_the_internet-2.3.3-fx.xpi.zip
2014-05-26 22:11 - 2014-05-26 22:21 - 149601442 _____ () C:\Users\Computer\Documents\Al-Gear WMA DVD [4_5]_(720p).mp4
2014-05-26 22:07 - 2014-05-26 22:11 - 63563803 _____ () C:\Users\Computer\Documents\Al-Gear WMA DVD [3_5]_(720p).mp4
2014-05-26 21:57 - 2014-05-26 22:06 - 101403368 _____ () C:\Users\Computer\Documents\Al-Gear WMA DVD [2_5]_(720p).mp4
2014-05-26 21:47 - 2014-05-26 21:56 - 109448303 _____ () C:\Users\Computer\Documents\Al-Gear WMA DVD [1_5]_(720p).mp4
2014-05-26 06:02 - 2014-05-26 06:09 - 120517619 _____ () C:\Users\Computer\Documents\- Die Akte Gysi -_(360p).mp4
2014-05-26 05:49 - 2014-05-26 06:01 - 165155406 _____ () C:\Users\Computer\Documents\Wie weit links_ 150 Jahre SPD - Dokumentation_Doku über die SPD_(360p).mp4
2014-05-25 21:32 - 2014-05-25 21:33 - 00036526 _____ () C:\Users\Computer\Downloads\Addition.txt
2014-05-25 21:31 - 2014-06-05 21:32 - 00019660 _____ () C:\Users\Computer\Downloads\FRST.txt
2014-05-25 21:31 - 2014-06-05 21:32 - 00000000 ____D () C:\FRST
2014-05-25 21:30 - 2014-06-05 21:32 - 02068992 _____ (Farbar) C:\Users\Computer\Downloads\FRST64.exe
2014-05-25 14:35 - 2014-05-25 21:21 - 00000000 ____D () C:\AdwCleaner
2014-05-25 14:35 - 2014-05-25 14:35 - 01326389 _____ () C:\Users\Computer\Downloads\adwcleaner_3.210.exe
2014-05-24 16:34 - 2014-05-25 19:26 - 00004982 _____ () C:\Users\Computer\Documents\24.05.2014.m3u8
2014-05-24 15:50 - 2014-05-25 21:17 - 00000000 ____D () C:\Users\Computer\Desktop\Alte Firefox-Daten
2014-05-24 12:27 - 2014-05-24 12:27 - 00003194 _____ () C:\Windows\System32\Tasks\{EEC10F91-11D8-4131-908C-FC47C488B291}
2014-05-23 19:47 - 2014-05-23 19:47 - 00000000 ____D () C:\Users\Computer\AppData\Local\com
2014-05-23 19:31 - 2014-05-24 15:47 - 00000000 ____D () C:\ProgramData\WindowsProtectManger
2014-05-23 19:25 - 2014-05-23 19:25 - 00001814 _____ () C:\Users\Public\Desktop\Start BlueStacks.lnk
2014-05-23 19:25 - 2014-05-23 19:25 - 00001787 _____ () C:\Users\Public\Desktop\Apps.lnk
2014-05-23 19:25 - 2014-05-23 19:25 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BlueStacks
2014-05-23 19:25 - 2014-05-23 19:25 - 00000000 ____D () C:\ProgramData\BlueStacks
2014-05-23 19:25 - 2014-05-23 19:25 - 00000000 ____D () C:\Program Files (x86)\BlueStacks
2014-05-23 19:24 - 2014-05-23 19:39 - 00000000 ____D () C:\ProgramData\BlueStacksSetup
2014-05-23 19:24 - 2014-05-23 19:24 - 00000000 ____D () C:\Users\Computer\AppData\Local\Bluestacks
2014-05-23 18:59 - 2014-05-23 18:59 - 00000000 ____D () C:\Users\Computer\Downloads\gramblr
2014-05-23 18:53 - 2014-05-23 18:55 - 28516777 _____ () C:\Users\Computer\Downloads\gramblr.zip
2014-05-22 19:41 - 2014-05-22 19:46 - 00012881 _____ () C:\Users\Computer\Documents\Zusage der Kostenübernahme von Eltern.odt
2014-05-22 16:15 - 2014-05-22 16:15 - 10485760 _____ () C:\Users\Computer\Desktop\für Syavash.part2.rar
2014-05-22 16:15 - 2014-05-22 16:15 - 10485760 _____ () C:\Users\Computer\Desktop\für Syavash.part1.rar
2014-05-22 16:15 - 2014-05-22 16:15 - 07918941 _____ () C:\Users\Computer\Desktop\für Syavash.part3.rar
2014-05-22 15:50 - 2014-05-22 16:00 - 00000000 ____D () C:\Users\Computer\Desktop\für Syavash
2014-05-17 17:44 - 2014-05-17 17:46 - 34419752 _____ (DVDVideoSoft Ltd. ) C:\Users\Computer\Downloads\FreeYouTubeToMP3Converter.exe
2014-05-10 00:54 - 2014-05-10 00:54 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-05-06 23:36 - 2014-05-14 19:40 - 00000000 ____D () C:\Users\Computer\Desktop\zu drucken 2
2014-05-06 23:26 - 2014-05-06 23:26 - 02752854 _____ () C:\Users\Computer\Desktop\uni lageplan.bmp
2014-05-06 23:23 - 2014-05-06 23:24 - 03072054 _____ () C:\Users\Computer\Desktop\Neue Bitmap.bmp
2014-05-06 23:23 - 2014-05-06 23:23 - 03072054 _____ () C:\Users\Computer\Desktop\Neue Bitmap (3).bmp
==================== One Month Modified Files and Folders =======
2014-06-05 21:32 - 2014-06-05 21:32 - 00000000 ____D () C:\Users\Computer\Downloads\FRST-OlderVersion
2014-06-05 21:32 - 2014-05-25 21:31 - 00019660 _____ () C:\Users\Computer\Downloads\FRST.txt
2014-06-05 21:32 - 2014-05-25 21:31 - 00000000 ____D () C:\FRST
2014-06-05 21:32 - 2014-05-25 21:30 - 02068992 _____ (Farbar) C:\Users\Computer\Downloads\FRST64.exe
2014-06-05 21:32 - 2014-01-10 19:41 - 00000000 ____D () C:\Users\Computer\AppData\Local\Temp
2014-06-05 21:31 - 2014-06-05 21:31 - 00000777 _____ () C:\Users\Computer\Desktop\JRT.txt
2014-06-05 21:26 - 2014-06-05 21:26 - 02972033 _____ () C:\Users\Computer\Documents\JBG2 Tour DVD [8_8]_(360p).mp4
2014-06-05 21:25 - 2014-06-05 21:22 - 62399917 _____ () C:\Users\Computer\Documents\JBG2 Tour DVD [7_8]_(360p).mp4
2014-06-05 21:21 - 2014-06-05 21:18 - 66858058 _____ () C:\Users\Computer\Documents\JBG2 Tour DVD [6_8]_(360p).mp4
2014-06-05 21:19 - 2014-06-05 21:19 - 00000000 ____D () C:\Windows\ERUNT
2014-06-05 21:18 - 2014-06-05 21:11 - 65750430 _____ () C:\Users\Computer\Documents\JBG2 Tour DVD [5_8]_(360p).mp4
2014-06-05 21:18 - 2014-02-05 12:45 - 00000000 ____D () C:\Users\Computer\AppData\Roaming\Youtube Downloader HD
2014-06-05 21:08 - 2009-07-14 06:45 - 00016080 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-06-05 21:08 - 2009-07-14 06:45 - 00016080 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-06-05 21:01 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-06-05 21:01 - 2009-07-14 06:51 - 00073982 _____ () C:\Windows\setupact.log
2014-06-05 21:00 - 2014-01-11 12:14 - 00131858 _____ () C:\Windows\PFRO.log
2014-06-05 21:00 - 2014-01-10 19:06 - 01770881 _____ () C:\Windows\WindowsUpdate.log
2014-06-05 21:00 - 2009-07-14 20:18 - 00000000 ____D () C:\Windows\ShellNew
2014-06-05 20:59 - 2014-06-05 20:59 - 01016261 _____ (Thisisu) C:\Users\Computer\Downloads\JRT.exe
2014-06-05 20:59 - 2014-06-05 20:55 - 62012422 _____ () C:\Users\Computer\Documents\JBG2 Tour DVD [4_8]_(360p).mp4
2014-06-05 20:54 - 2014-06-05 20:46 - 71286219 _____ () C:\Users\Computer\Documents\JBG2 Tour DVD [3_8]_(360p).mp4
2014-06-05 20:44 - 2014-06-05 20:41 - 42394797 _____ () C:\Users\Computer\Documents\NWA - Deleted Scenes_(480p).mp4
2014-06-05 20:40 - 2014-06-05 20:29 - 115568286 _____ () C:\Users\Computer\Documents\Shindy - NWA DVD pt. 2_(480p).mp4
2014-06-05 20:28 - 2014-06-05 20:15 - 116095089 _____ () C:\Users\Computer\Documents\Shindy - NWA DVD pt. 1_(480p).mp4
2014-06-05 20:24 - 2014-06-05 20:24 - 00002200 _____ () C:\Users\Computer\Desktop\mbam.txt
2014-06-05 20:07 - 2014-06-05 20:00 - 61035378 _____ () C:\Users\Computer\Documents\JBG2 Tour DVD [1_8]_(360p).mp4
2014-06-05 19:59 - 2014-06-05 19:58 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-06-05 19:58 - 2014-06-05 19:58 - 00001113 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-06-05 19:58 - 2014-06-05 19:58 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-06-05 19:58 - 2014-06-05 19:58 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-06-05 19:58 - 2014-06-05 19:58 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-06-05 19:56 - 2014-06-05 19:55 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Computer\Downloads\mbam-setup-2.0.2.1012.exe
2014-06-05 18:19 - 2014-06-05 18:19 - 00000000 ____D () C:\Windows\system32\SPReview
2014-06-05 17:24 - 2014-02-05 21:34 - 00000000 ____D () C:\Users\Computer\AppData\Roaming\vlc
2014-06-04 20:38 - 2009-07-14 19:58 - 00654166 _____ () C:\Windows\system32\perfh007.dat
2014-06-04 20:38 - 2009-07-14 19:58 - 00130006 _____ () C:\Windows\system32\perfc007.dat
2014-06-04 20:38 - 2009-07-14 07:13 - 01498506 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-06-02 23:06 - 2014-01-21 20:24 - 00000000 ____D () C:\Users\Computer\AppData\Local\Last.fm
2014-06-02 22:54 - 2014-06-02 22:37 - 18475736 _____ () C:\Users\Computer\Documents\Kollegah King DVD [5_5] - Anekdoten zu Regen 2, Openair Frauenfeld 2, Abschluss_(360p).mp4
2014-06-02 22:37 - 2014-06-02 22:34 - 43375205 _____ () C:\Users\Computer\Documents\Kollegah King DVD [4_5] - Budva, Vojvoda Vuk, Drogenkonsum, Anekdoten zu Regen_(360p).mp4
2014-06-02 22:27 - 2014-06-02 22:19 - 56244361 _____ () C:\Users\Computer\Documents\Kollegah King DVD [3_5] - Doubletime, Urlaub, Kollegha, Beine beanspruchen_(360p).mp4
2014-06-02 22:18 - 2014-06-02 22:13 - 53775617 _____ () C:\Users\Computer\Documents\Kollegah King DVD [2_5] - Openair Frauenfeld, Montenegro, Studio-Session, Foto-Shooting_(360p).mp4
2014-06-02 22:12 - 2014-06-02 21:41 - 363564030 _____ () C:\Users\Computer\Documents\Disco MMA DVD_(480p).mp4
2014-06-02 21:38 - 2014-06-02 21:30 - 56948003 _____ () C:\Users\Computer\Documents\Kollegah King DVD [1_5] - Fragen, Barcelona, Schloss, Studio, Farid Bang_(360p).mp4
2014-06-02 20:47 - 2014-01-10 20:00 - 00000000 ____D () C:\Users\Computer\AppData\Roaming\Audacity
2014-06-02 18:09 - 2014-02-09 16:11 - 00000000 ____D () C:\Users\Computer\Desktop\M
2014-05-29 23:28 - 2014-02-04 20:33 - 00068088 _____ () C:\Users\Computer\Desktop\noch zu lesen2.odt
2014-05-29 23:21 - 2014-05-29 23:13 - 173525581 _____ () C:\Users\Computer\Documents\Die Getriebenen - Politik bis zur Schmerzgrenze - ZDF Dokumentation - 20.09.2013_(480p).mp4
2014-05-29 23:12 - 2014-05-29 22:56 - 324496940 _____ () C:\Users\Computer\Documents\Pussy Riot - Ein russischer Skandal_(480p).mp4
2014-05-29 22:55 - 2014-05-28 18:24 - 228077703 _____ () C:\Users\Computer\Documents\Die Story im Ersten_ Sex - Made in Germany_ Prostitution und ihre Profiteure_(480p).mp4
2014-05-28 18:23 - 2014-05-28 18:14 - 00210540 _____ () C:\Users\Computer\Documents\Klartext spezial_ Streit um Asylbewerber_(360p).mp4
2014-05-28 18:13 - 2014-05-28 18:01 - 247472284 _____ () C:\Users\Computer\Documents\Schlachtfeld Politik - Die finstere Seite der Macht (Doku)_(480p).mp4
2014-05-28 18:01 - 2014-05-28 17:51 - 00950892 _____ () C:\Users\Computer\Documents\Wie billig kann Bio sein_ ARD Reportage Exklusiv im Ersten (2012)_(360p).mp4
2014-05-28 17:50 - 2014-05-28 17:38 - 225443263 _____ () C:\Users\Computer\Documents\Facebook - Milliardengeschäft Freundschaft _ Die Story im Ersten _ DAS ERSTE _ NDR _ ARD_(480p).mp4
2014-05-28 17:38 - 2014-05-28 17:25 - 179701788 _____ () C:\Users\Computer\Documents\Deutschlands neue Slums - Das Geschäft mit den Armutseinwanderern _ EXCLUSIV IM ERSTEN _ ARD_(480p).mp4
2014-05-28 17:23 - 2014-05-28 17:12 - 114524040 _____ () C:\Users\Computer\Documents\Lobbyisten.in.der.Politik.ARD.Exclusiv.Die_Einfluesterer_12.09_(360p).mp4
2014-05-28 17:11 - 2014-05-28 16:49 - 156076220 _____ () C:\Users\Computer\Documents\Die story - Wir sind drin! - Die neuen Tricks der Lobbyisten_(360p).mp4
2014-05-28 17:00 - 2014-01-21 14:38 - 00000000 ____D () C:\Users\Computer\Documents\Planung
2014-05-28 16:48 - 2014-05-28 16:35 - 175141740 _____ () C:\Users\Computer\Documents\Über Merkel - Politik als Kompromiss_(360p).mp4
2014-05-28 16:32 - 2014-05-28 16:27 - 108406679 _____ () C:\Users\Computer\Documents\Die Einflüsterer - Wie Geld Politik macht (Doku)_(360p).mp4
2014-05-28 16:27 - 2014-05-28 16:14 - 129870401 _____ () C:\Users\Computer\Documents\Die Story im Ersten_ Du schaffst das!_(360p).mp4
2014-05-28 16:12 - 2014-05-28 15:39 - 243450891 _____ () C:\Users\Computer\Documents\Gysi und die Stasi - Ein Politiker im Zwielicht (Doku)_(480p).mp4
2014-05-27 06:10 - 2014-01-16 21:37 - 00692400 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-05-27 06:10 - 2014-01-16 21:37 - 00070832 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-05-26 22:21 - 2014-05-26 22:11 - 149601442 _____ () C:\Users\Computer\Documents\Al-Gear WMA DVD [4_5]_(720p).mp4
2014-05-26 22:12 - 2014-05-26 22:12 - 00359040 _____ () C:\Users\Computer\Downloads\proxmate_unblock_the_internet-2.3.3-fx.xpi.zip
2014-05-26 22:11 - 2014-05-26 22:07 - 63563803 _____ () C:\Users\Computer\Documents\Al-Gear WMA DVD [3_5]_(720p).mp4
2014-05-26 22:06 - 2014-05-26 21:57 - 101403368 _____ () C:\Users\Computer\Documents\Al-Gear WMA DVD [2_5]_(720p).mp4
2014-05-26 21:56 - 2014-05-26 21:47 - 109448303 _____ () C:\Users\Computer\Documents\Al-Gear WMA DVD [1_5]_(720p).mp4
2014-05-26 06:09 - 2014-05-26 06:02 - 120517619 _____ () C:\Users\Computer\Documents\- Die Akte Gysi -_(360p).mp4
2014-05-26 06:01 - 2014-05-26 05:49 - 165155406 _____ () C:\Users\Computer\Documents\Wie weit links_ 150 Jahre SPD - Dokumentation_Doku über die SPD_(360p).mp4
2014-05-25 21:33 - 2014-05-25 21:32 - 00036526 _____ () C:\Users\Computer\Downloads\Addition.txt
2014-05-25 21:21 - 2014-05-25 14:35 - 00000000 ____D () C:\AdwCleaner
2014-05-25 21:17 - 2014-05-24 15:50 - 00000000 ____D () C:\Users\Computer\Desktop\Alte Firefox-Daten
2014-05-25 19:26 - 2014-05-24 16:34 - 00004982 _____ () C:\Users\Computer\Documents\24.05.2014.m3u8
2014-05-25 14:35 - 2014-05-25 14:35 - 01326389 _____ () C:\Users\Computer\Downloads\adwcleaner_3.210.exe
2014-05-24 15:47 - 2014-05-23 19:31 - 00000000 ____D () C:\ProgramData\WindowsProtectManger
2014-05-24 15:46 - 2014-01-18 14:16 - 00001416 _____ () C:\Users\Computer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk
2014-05-24 15:46 - 2014-01-10 19:56 - 00001170 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2014-05-24 15:46 - 2014-01-10 19:56 - 00001158 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2014-05-24 15:46 - 2014-01-10 19:46 - 00001450 _____ () C:\Users\Computer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-05-24 13:23 - 2014-01-26 16:31 - 00000000 ____D () C:\Users\Computer\Desktop\wiki artikel für Kindle
2014-05-24 12:27 - 2014-05-24 12:27 - 00003194 _____ () C:\Windows\System32\Tasks\{EEC10F91-11D8-4131-908C-FC47C488B291}
2014-05-23 21:59 - 2014-02-21 14:14 - 00030304 _____ () C:\Users\Computer\Desktop\schon gelesen zu sortieren.odt
2014-05-23 19:47 - 2014-05-23 19:47 - 00000000 ____D () C:\Users\Computer\AppData\Local\com
2014-05-23 19:39 - 2014-05-23 19:24 - 00000000 ____D () C:\ProgramData\BlueStacksSetup
2014-05-23 19:25 - 2014-05-23 19:25 - 00001814 _____ () C:\Users\Public\Desktop\Start BlueStacks.lnk
2014-05-23 19:25 - 2014-05-23 19:25 - 00001787 _____ () C:\Users\Public\Desktop\Apps.lnk
2014-05-23 19:25 - 2014-05-23 19:25 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BlueStacks
2014-05-23 19:25 - 2014-05-23 19:25 - 00000000 ____D () C:\ProgramData\BlueStacks
2014-05-23 19:25 - 2014-05-23 19:25 - 00000000 ____D () C:\Program Files (x86)\BlueStacks
2014-05-23 19:25 - 2009-07-14 05:20 - 00000000 __RHD () C:\Users\Public\Libraries
2014-05-23 19:24 - 2014-05-23 19:24 - 00000000 ____D () C:\Users\Computer\AppData\Local\Bluestacks
2014-05-23 18:59 - 2014-05-23 18:59 - 00000000 ____D () C:\Users\Computer\Downloads\gramblr
2014-05-23 18:55 - 2014-05-23 18:53 - 28516777 _____ () C:\Users\Computer\Downloads\gramblr.zip
2014-05-22 19:46 - 2014-05-22 19:41 - 00012881 _____ () C:\Users\Computer\Documents\Zusage der Kostenübernahme von Eltern.odt
2014-05-22 16:15 - 2014-05-22 16:15 - 10485760 _____ () C:\Users\Computer\Desktop\für Syavash.part2.rar
2014-05-22 16:15 - 2014-05-22 16:15 - 10485760 _____ () C:\Users\Computer\Desktop\für Syavash.part1.rar
2014-05-22 16:15 - 2014-05-22 16:15 - 07918941 _____ () C:\Users\Computer\Desktop\für Syavash.part3.rar
2014-05-22 16:00 - 2014-05-22 15:50 - 00000000 ____D () C:\Users\Computer\Desktop\für Syavash
2014-05-17 17:51 - 2014-01-21 17:49 - 00001543 _____ () C:\Users\Public\Desktop\Free YouTube to MP3 Converter.lnk
2014-05-17 17:51 - 2014-01-21 17:49 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DVDVideoSoft
2014-05-17 17:51 - 2014-01-21 17:48 - 00000000 ____D () C:\Users\Computer\AppData\Roaming\DVDVideoSoft
2014-05-17 17:51 - 2014-01-21 17:48 - 00000000 ____D () C:\Program Files (x86)\DVDVideoSoft
2014-05-17 17:46 - 2014-05-17 17:44 - 34419752 _____ (DVDVideoSoft Ltd. ) C:\Users\Computer\Downloads\FreeYouTubeToMP3Converter.exe
2014-05-15 20:12 - 2014-01-17 03:06 - 00000000 ____D () C:\Windows\system32\MRT
2014-05-15 20:09 - 2014-01-17 03:06 - 93223848 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-05-15 18:10 - 2014-01-10 20:49 - 01039096 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsnx.sys
2014-05-15 18:10 - 2014-01-10 20:49 - 00423240 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsp.sys
2014-05-15 18:10 - 2014-01-10 20:49 - 00085328 _____ (AVAST Software) C:\Windows\system32\Drivers\aswstm.sys
2014-05-14 19:40 - 2014-05-06 23:36 - 00000000 ____D () C:\Users\Computer\Desktop\zu drucken 2
2014-05-14 19:05 - 2014-05-02 17:35 - 00006874 _____ () C:\Users\Computer\Documents\02.05.2014.m3u8
2014-05-13 19:16 - 2014-03-07 23:55 - 00000000 ____D () C:\Users\Computer\AppData\Roaming\dvdcss
2014-05-13 10:19 - 2014-01-10 20:49 - 00004182 _____ () C:\Windows\System32\Tasks\avast! Emergency Update
2014-05-12 07:26 - 2014-06-05 19:58 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-05-12 07:26 - 2014-06-05 19:58 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-05-12 07:25 - 2014-06-05 19:58 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-05-10 15:30 - 2014-01-10 19:56 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-05-10 00:54 - 2014-05-10 00:54 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-05-07 08:32 - 2009-07-14 07:08 - 00032632 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-05-06 23:26 - 2014-05-06 23:26 - 02752854 _____ () C:\Users\Computer\Desktop\uni lageplan.bmp
2014-05-06 23:24 - 2014-05-06 23:23 - 03072054 _____ () C:\Users\Computer\Desktop\Neue Bitmap.bmp
2014-05-06 23:23 - 2014-05-06 23:23 - 03072054 _____ () C:\Users\Computer\Desktop\Neue Bitmap (3).bmp
Some content of TEMP:
====================
C:\Users\Computer\AppData\Local\Temp\BlueStacks089-SplitInstaller_native.exe
C:\Users\Computer\AppData\Local\Temp\KUIU.EXE
C:\Users\Computer\AppData\Local\Temp\MSETUP4.EXE
C:\Users\Computer\AppData\Local\Temp\Quarantine.exe
C:\Users\Computer\AppData\Local\Temp\sdanircmdc.exe
C:\Users\Computer\AppData\Local\Temp\sdapskill.exe
C:\Users\Computer\AppData\Local\Temp\sdaspwn.exe
==================== Bamital & volsnap Check =================
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
LastRegBack: 2010-12-08 12:36
==================== End Of Log ============================ --- --- --- |