| |
| |||||||
Log-Analyse und Auswertung: Virenfund unter DesinfectWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
11.07.2013, 11:30
| #1 |
 |  Virenfund unter Desinfect Hallo Trojanerboard, ich hatte vor kurzem mir irgendwie eine Spyware eingefangen, was ich durch die ständig doppelt erscheinenden Zirkumflexzeichen jedoch bemerkte. Ich habe dann versucht die Spyware via MB Antimalware zu entfernen (laut Programm erfolgreich). Ein Bekannter riet mir den Rechner jedoch mit Desinfect erneut zu überprüfen und meinte das oft auch der Bootloader betroffen sei. Desinfect findet auch mehrere verdächtige Dateien, jedoch kann ich nicht einschätzen ob diese zu Windows gehören oder wirklich verseucht sind. Bezüglich des Bootloaders habe ich noch nichts unternommen. Ich füge die Logs an und hoffe auf eure Tipps und Hilfe. Mit freundlichen Grüßen GuitarFreak €dit:  der Fund von Gestern hat noch mehr/anderes angezeigt Geändert von GuitarFreak (11.07.2013 um 11:56 Uhr) |
|
11.07.2013, 12:05
| #2 |
| /// the machine /// TB-Ausbilder    | Virenfund unter Desinfect hi,
__________________Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop:  FRST 32-Bit | FRST 64-Bit(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
__________________ |
|
12.07.2013, 10:38
| #3 |
| | Virenfund unter Desinfect Hi, danke schonmal für die Rückmeldung.
__________________Hier die Logs: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 12-07-2013 01
Ran by Alex (administrator) on 12-07-2013 11:30:28
Running from C:\Users\Alex\Desktop
Microsoft Windows 7 Home Premium Service Pack 1 (X86) OS Language: German Standard
Internet Explorer Version 10
Boot Mode: Normal
==================== Processes (Whitelisted) ===================
(Microsoft Corporation) c:\Program Files\Microsoft Security Client\MsMpEng.exe
(AMD) C:\Windows\system32\atiesrxx.exe
(Logitech Inc.) C:\Program Files\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
(Check Point Software Technologies LTD) C:\Program Files\CheckPoint\ZoneAlarm\vsmon.exe
(AMD) C:\Windows\system32\atieclxx.exe
(Check Point Software Technologies) C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe
(Hi-Rez Studios) C:\_Gamez\Smite\HiPatchService.exe
(Nero AG) C:\Program Files\HTC\HTC Sync Manager\HSMServiceEntry.exe
() C:\ProgramData\DatacardService\HWDeviceService.exe
(Hewlett-Packard Company) C:\Program Files\Common Files\LightScribe\LSSrvc.exe
() C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe
() C:\Windows\system32\PnkBstrA.exe
(TeamViewer GmbH) C:\Program Files\TeamViewer\Version7\TeamViewer_Service.exe
(VMware, Inc.) C:\Program Files\Common Files\VMware\USB\vmware-usbarbitrator.exe
(VMware, Inc.) C:\Windows\system32\vmnat.exe
(VMware, Inc.) C:\Program Files\VMware\VMware Player\vmware-authd.exe
(VMware, Inc.) C:\Windows\system32\vmnetdhcp.exe
(Microsoft Corporation) c:\Program Files\Microsoft Security Client\NisSrv.exe
(Nero AG) C:\Program Files\Nero\Update\NASvc.exe
(Check Point Software Technologies) C:\Program Files\CheckPoint\ZAForceField\ForceField.exe
(Microsoft Corporation) C:\Windows\system32\AUDIODG.EXE
() C:\Program Files\HTC\HTC Sync Manager\HTC Sync\adb.exe
(Huawei Technologies Co., Ltd.) C:\ProgramData\DatacardService\DCSHelper.exe
(VIA) C:\Program Files\VIA\VIAudioi\VDeck\VDeck.exe
(Check Point Software Technologies LTD) C:\Program Files\CheckPoint\ZoneAlarm\zatray.exe
(Logitech, Inc.) C:\Program Files\Logitech\SetPointP\SetPoint.exe
(Logitech, Inc.) C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE
(Logitech Inc.) C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe
() C:\Program Files\Logitech\LWS\Webcam Software\CameraHelperShell.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Advanced Micro Devices Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
() C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(ATI Technologies Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe
(Microsoft Corporation) C:\Windows\system32\msiexec.exe
(Skype Technologies S.A.) C:\Program Files\Skype\Phone\Skype.exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [HDAudDeck] - C:\Program Files\VIA\VIAudioi\VDeck\VDeck.exe -r [1681408 2009-09-21] (VIA)
HKLM\...\Run: [NPSStartup] - [x]
HKLM\...\Run: [SwitchBoard] - C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM\...\Run: [ZoneAlarm] - "C:\Program Files\CheckPoint\ZoneAlarm\zatray.exe" [73392 2012-10-09] (Check Point Software Technologies LTD)
HKLM\...\Run: [EvtMgr6] - C:\Program Files\Logitech\SetPointP\SetPoint.exe /launchGaming [1387288 2011-10-07] (Logitech, Inc.)
HKLM\...\Run: [LWS] - C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe -hide [205336 2011-11-11] (Logitech Inc.)
HKLM\...\Run: [MSC] - "C:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey [995176 2013-06-20] (Microsoft Corporation)
HKLM\...\Run: [ISW] - C:\Program Files\CheckPoint\ZAForceField\ForceField.exe /icon="hidden" [738984 2012-08-30] (Check Point Software Technologies)
HKLM\...\Run: [StartCCC] - "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun [642728 2012-09-28] (Advanced Micro Devices, Inc.)
HKLM\...\Run: [Adobe ARM] - "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM\...\Run: [SunJavaUpdateSched] - "C:\Program Files\Common Files\Java\Java Update\jusched.exe" [253816 2013-03-12] (Oracle Corporation)
Winlogon\Notify\LBTWlgn: c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll [X]
HKCU\...\Run: [AdobeBridge] - [x]
HKCU\...\Run: [Akamai NetSession Interface] - C:\Users\Alex\AppData\Local\Akamai\netsession_win.exe [x]
HKCU\...\Run: [Skype] - "C:\Program Files\Skype\Phone\Skype.exe" /minimized /regrun [19875432 2013-06-21] (Skype Technologies S.A.)
MountPoints2: {3779716a-3e6c-11df-b451-001966faf8ac} - N:\LaunchU3.exe -a
MountPoints2: {45af7055-ee73-11de-b819-806e6f6e6963} - E:\autorun.exe
MountPoints2: {51739358-f34a-11df-b3ef-001966faf8ac} - M:\LaunchU3.exe -a
MountPoints2: {9236b17e-f2cd-11de-a01d-001966faf8ac} - J:\Launcher.exe
MountPoints2: {cdbf4c0c-0fec-11df-a585-001966faf8ac} - L:\SETUP.EXE
MountPoints2: {d3abda43-8a12-11e1-95b1-005056c00008} - M:\AutoRun.exe
MountPoints2: {d3abda53-8a12-11e1-95b1-005056c00008} - M:\AutoRun.exe
MountPoints2: {e8f8191d-f07e-11de-bb04-001966faf8ac} - J:\CoJBiBLauncher.exe
HKU\Default\...\RunOnce: [mctadmin] - C:\Windows\System32\mctadmin.exe [ 2009-07-14] (Microsoft Corporation)
HKU\Default User\...\RunOnce: [mctadmin] - C:\Windows\System32\mctadmin.exe [ 2009-07-14] (Microsoft Corporation)
==================== Internet (Whitelisted) ====================
ProxyServer: 212.227.80.22:3128
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://start.icq.com/
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
SearchScopes: HKCU - {6552C7DD-90A4-4387-B795-F8F96747DE19} URL = hxxp://search.icq.com/search/results.php?q={searchTerms}&ch_id=osd
SearchScopes: HKCU - {E21DDF5B-1FF9-4E6C-AAD9-925E3CE0876D} URL = hxxp://de.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&type=302398&p={searchTerms}
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: ZoneAlarm Security Engine Registrar - {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO: DVDVideoSoft WebPageAdjuster Class - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - C:\Program Files\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns.dll (DVDVideoSoft Ltd.)
BHO: SMTTB2009 Class - {FCBCCB87-9224-4B8D-B117-F56D924BEB18} - C:\Program Files\RAR Password Cracker DB Toolbar Toolbar\tbcore3.dll No File
Toolbar: HKLM - RAR Password Cracker DB Toolbar Toolbar - {338B4DFE-2E2C-4338-9E41-E176D497299E} - C:\Program Files\RAR Password Cracker DB Toolbar Toolbar\tbcore3.dll No File
Toolbar: HKLM - ZoneAlarm Security Engine - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
Toolbar: HKCU -ZoneAlarm Security Engine - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
Toolbar: HKCU -RAR Password Cracker DB Toolbar Toolbar - {338B4DFE-2E2C-4338-9E41-E176D497299E} - C:\Program Files\RAR Password Cracker DB Toolbar Toolbar\tbcore3.dll No File
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
Winsock: Catalog9 11 %SystemRoot%\system32\vsocklib.dll [63088] (VMware, Inc.)
Winsock: Catalog9 12 %SystemRoot%\system32\vsocklib.dll [63088] (VMware, Inc.)
Tcpip\..\Interfaces\{633454F3-C13E-4013-8629-79DB16C0ADA2}: [NameServer]83.169.186.33,83.169.186.97
FireFox:
========
FF ProfilePath: C:\Users\Alex\AppData\Roaming\Mozilla\Firefox\Profiles\811wv9ly.default
FF user.js: detected! => C:\Users\Alex\AppData\Roaming\Mozilla\Firefox\Profiles\811wv9ly.default\user.js
FF Homepage: youtube.de
FF Keyword.URL: hxxp://www.google.com/search?ie=UTF-8&oe=UTF-8&sourceid=navclient&gfns=1&q=
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_11_7_700_224.dll ()
FF Plugin: @checkpoint.com/FFApi - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\npFFApi.dll ()
FF Plugin: @divx.com/DivX Browser Plugin,version=1.0.0 - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll No File
FF Plugin: @gamersfirst.com/LiveLauncher - C:\Program Files\GamersFirst\LIVE!\nplivelauncher.dll No File
FF Plugin: @java.com/DTPlugin,version=10.25.2 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.25.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @ngm.nexoneu.com/NxGame - C:\ProgramData\NexonEU\NGM\npNxGameeu.dll (Nexon)
FF Plugin: @pandonetworks.com/PandoWebPlugin - C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.21.149\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.21.149\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @videolan.org/vlc,version=2.0.5 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @unity3d.com/UnityPlayer,version=1.0 - C:\Users\Alex\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF Plugin HKCU: pandonetworks.com/PandoWebPlugin - C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF SearchPlugin: C:\Users\Alex\AppData\Roaming\Mozilla\Firefox\Profiles\811wv9ly.default\searchplugins\conduit.xml
FF SearchPlugin: C:\Users\Alex\AppData\Roaming\Mozilla\Firefox\Profiles\811wv9ly.default\searchplugins\dictcc.xml
FF SearchPlugin: C:\Users\Alex\AppData\Roaming\Mozilla\Firefox\Profiles\811wv9ly.default\searchplugins\ixquick-http---deutsch.xml
FF SearchPlugin: C:\Users\Alex\AppData\Roaming\Mozilla\Firefox\Profiles\811wv9ly.default\searchplugins\wolframalpha.xml
FF Extension: No Name - C:\Users\Alex\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
FF Extension: GFACE Experience Plugin - C:\Users\Alex\AppData\Roaming\Mozilla\Firefox\Profiles\811wv9ly.default\Extensions\cryenginebrowserplugin@crytek.com
FF Extension: ProxTube - Gesperrte YouTube Videos entsperren - C:\Users\Alex\AppData\Roaming\Mozilla\Firefox\Profiles\811wv9ly.default\Extensions\ich@maltegoetz.de
FF Extension: LastPass - C:\Users\Alex\AppData\Roaming\Mozilla\Firefox\Profiles\811wv9ly.default\Extensions\support@lastpass.com
FF Extension: faviconizetab - C:\Users\Alex\AppData\Roaming\Mozilla\Firefox\Profiles\811wv9ly.default\Extensions\faviconizetab@espion.just-size.jp.xpi
FF Extension: firebug - C:\Users\Alex\AppData\Roaming\Mozilla\Firefox\Profiles\811wv9ly.default\Extensions\firebug@software.joehewitt.com.xpi
FF Extension: tab-width - C:\Users\Alex\AppData\Roaming\Mozilla\Firefox\Profiles\811wv9ly.default\Extensions\tab-width@design-noir.de.xpi
FF Extension: youtubeunblocker - C:\Users\Alex\AppData\Roaming\Mozilla\Firefox\Profiles\811wv9ly.default\Extensions\youtubeunblocker@unblocker.yt.xpi
FF Extension: No Name - C:\Users\Alex\AppData\Roaming\Mozilla\Firefox\Profiles\811wv9ly.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
FF Extension: No Name - C:\Users\Alex\AppData\Roaming\Mozilla\Firefox\Profiles\811wv9ly.default\Extensions\{fe272bd1-5f76-4ea4-8501-a05d35d823fc}.xpi
FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}
FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}
FF Extension: Default - C:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF HKLM\...\Firefox\Extensions: [{FFB96CC1-7EB3-449D-B827-DB661701C6BB}] C:\Program Files\CheckPoint\ZAForceField\TrustChecker
FF Extension: ZoneAlarm Security Engine - C:\Program Files\CheckPoint\ZAForceField\TrustChecker
FF HKLM\...\Firefox\Extensions: [{ACAA314B-EEBA-48e4-AD47-84E31C44796C}] C:\Program Files\Common Files\DVDVideoSoft\plugins\ff\
FF Extension: No Name - C:\Program Files\Common Files\DVDVideoSoft\plugins\ff\
Chrome:
=======
CHR RestoreOnStartup: "hxxp://beta.gface.com/"
CHR DefaultSearchURL: (Google) - {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}
CHR DefaultSuggestURL: (Google) - {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParameter}
CHR Plugin: (Shockwave Flash) - C:\Program Files\Google\Chrome\Application\27.0.1453.110\PepperFlash\pepflashplayer.dll No File
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files\Google\Chrome\Application\27.0.1453.110\ppGoogleNaClPluginChrome.dll No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files\Google\Chrome\Application\27.0.1453.110\pdf.dll No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Reader 11.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (2007 Microsoft Office system) - C:\Program Files\Mozilla Firefox\plugins\NPOFF12.DLL (Microsoft Corporation)
CHR Plugin: (Winamp Application Detector) - C:\Program Files\Mozilla Firefox\plugins\npwachk.dll (Nullsoft, Inc.)
CHR Plugin: (getPlusPlus for Adobe 16260) - C:\Program Files\Mozilla Firefox\plugins\np_gp.dll (NOS Microsystems Ltd.)
CHR Plugin: (npFFApi) - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\npFFApi.dll ()
CHR Plugin: (Google Update) - C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll No File
CHR Plugin: (Java(TM) Platform SE 7 U13) - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
CHR Plugin: (Pando Web Plugin) - C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
CHR Plugin: (Nexon Game Controller) - C:\ProgramData\NexonEU\NGM\npNxGameeu.dll (Nexon)
CHR Plugin: (Unity Player) - C:\Users\Alex\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
CHR Plugin: (Shockwave Flash) - C:\Windows\system32\Macromed\Flash\NPSWF32_11_5_502_149.dll No File
CHR Plugin: (Java Deployment Toolkit 7.0.130.20) - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
========================== Services (Whitelisted) =================
S3 getPlusHelper; C:\Program Files\NOS\bin\getPlus_Helper.dll [67360 2009-12-17] (NOS Microsystems Ltd.)
R2 HiPatchService; C:\_Gamez\Smite\HiPatchService.exe [9216 2013-04-23] (Hi-Rez Studios)
R2 HTCMonitorService; C:\Program Files\HTC\HTC Sync Manager\HSMServiceEntry.exe [87368 2013-01-29] (Nero AG)
R2 HWDeviceService.exe; C:\ProgramData\DatacardService\HWDeviceService.exe [271712 2011-03-14] ()
R2 IswSvc; C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe [497320 2012-08-30] (Check Point Software Technologies)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [22208 2013-06-20] (Microsoft Corporation)
R2 NAUpdate; C:\Program Files\Nero\Update\NASvc.exe [769432 2012-07-13] (Nero AG)
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [295376 2013-06-20] (Microsoft Corporation)
R2 PassThru Service; C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe [167424 2012-12-07] ()
R2 PnkBstrA; C:\Windows\system32\PnkBstrA.exe [75136 2011-06-01] ()
S3 TunngleService; C:\Program Files\Tunngle\TnglCtrl.exe [745368 2012-11-26] (Tunngle.net GmbH)
R2 UMVPFSrv; C:\Program Files\Common Files\logishrd\LVMVFM\UMVPFSrv.exe [450848 2012-01-18] (Logitech Inc.)
R2 VMAuthdService; C:\Program Files\VMware\VMware Player\vmware-authd.exe [79872 2011-11-13] (VMware, Inc.)
R2 VMnetDHCP; C:\Windows\system32\vmnetdhcp.exe [354416 2011-11-14] (VMware, Inc.)
R2 VMUSBArbService; C:\Program Files\Common Files\VMware\USB\vmware-usbarbitrator.exe [665200 2011-08-29] (VMware, Inc.)
R2 VMware NAT Service; C:\Windows\system32\vmnat.exe [433264 2011-11-14] (VMware, Inc.)
R2 vsmon; C:\Program Files\CheckPoint\ZoneAlarm\vsmon.exe [2447440 2012-10-09] (Check Point Software Technologies LTD)
S3 Hamachi2Svc; "C:\Program Files\LogMeIn Hamachi\hamachi-2.exe" -s [x]
==================== Drivers (Whitelisted) ====================
R2 atksgt; C:\Windows\System32\DRIVERS\atksgt.sys [281760 2013-06-30] ()
R3 CompFilter; C:\Windows\System32\DRIVERS\lvbusflt.sys [22176 2012-01-18] (Logitech Inc.)
R1 ElbyCDIO; C:\Windows\System32\Drivers\ElbyCDIO.sys [26024 2009-12-18] (Elaborate Bytes AG)
S3 ENTECH; C:\Windows\system32\DRIVERS\ENTECH.sys [27672 2008-09-17] (EnTech Taiwan)
S3 FsUsbExDisk; C:\Windows\system32\FsUsbExDisk.SYS [36640 2010-03-26] ()
S3 hamachi; C:\Windows\System32\DRIVERS\hamachi.sys [26176 2009-03-18] (LogMeIn, Inc.)
R2 hcmon; C:\Windows\system32\drivers\hcmon.sys [32496 2011-08-29] (VMware, Inc.)
S3 htcnprot; C:\Windows\System32\DRIVERS\htcnprot.sys [23040 2012-09-25] (Windows (R) Win 7 DDK provider)
S3 huawei_cdcacm; C:\Windows\System32\DRIVERS\ew_jucdcacm.sys [90368 2012-04-19] (Huawei Technologies Co., Ltd.)
S3 huawei_ext_ctrl; C:\Windows\System32\DRIVERS\ew_juextctrl.sys [26624 2012-04-19] (Huawei Technologies Co., Ltd.)
S3 huawei_wwanecm; C:\Windows\System32\DRIVERS\ew_juwwanecm.sys [181760 2012-04-19] (Huawei Technologies Co., Ltd.)
R2 ISWKL; C:\Program Files\CheckPoint\ZAForceField\ISWKL.sys [27056 2012-08-30] (Check Point Software Technologies)
S3 KoneFltr; C:\Windows\System32\drivers\Kone.sys [13056 2008-12-11] (ROCCAT Ltd)
R3 LEqdUsb; C:\Windows\System32\Drivers\LEqdUsb.Sys [42648 2011-09-02] (Logitech, Inc.)
R3 LHidEqd; C:\Windows\System32\Drivers\LHidEqd.Sys [12184 2011-09-02] (Logitech, Inc.)
R2 lirsgt; C:\Windows\System32\DRIVERS\lirsgt.sys [25888 2013-06-30] ()
R3 LMouFilt; C:\Windows\System32\DRIVERS\LMouFilt.Sys [39192 2011-09-02] (Logitech, Inc.)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [211560 2013-06-18] (Microsoft Corporation)
R3 SCREAMINGBDRIVER; C:\Windows\System32\drivers\ScreamingBAudio.sys [34384 2009-11-26] (Screaming Bee LLC)
R0 sptd; C:\Windows\System32\Drivers\sptd.sys [691696 2010-02-02] ()
S3 tap0901t; C:\Windows\System32\DRIVERS\tap0901t.sys [27136 2009-09-16] (Tunngle.net)
R3 VIAHdAudAddService; C:\Windows\System32\drivers\viahduaa.sys [1086976 2009-09-17] (VIA Technologies, Inc.)
R3 vmkbd; C:\Windows\system32\drivers\VMkbd.sys [25584 2011-11-14] (VMware, Inc.)
S3 VMnetAdapter; C:\Windows\System32\DRIVERS\vmnetadapter.sys [16624 2011-11-13] (VMware, Inc.)
R2 VMnetBridge; C:\Windows\System32\DRIVERS\vmnetbridge.sys [36464 2011-11-13] (VMware, Inc.)
R2 VMnetuserif; C:\Windows\system32\drivers\vmnetuserif.sys [25712 2011-11-14] (VMware, Inc.)
R2 VMparport; C:\Windows\system32\Drivers\VMparport.sys [23792 2011-11-14] (VMware, Inc.)
R2 vmx86; C:\Windows\system32\Drivers\vmx86.sys [55664 2011-11-14] (VMware, Inc.)
R1 Vsdatant; C:\Windows\System32\DRIVERS\vsdatant.sys [455256 2011-05-07] (Check Point Software Technologies LTD)
S3 wod0205; C:\Windows\System32\DRIVERS\wod0205.sys [28936 2011-04-23] (WeOnlyDo Software)
S3 xnacc; C:\Windows\System32\DRIVERS\xnacc.sys [465408 2009-07-14] (Microsoft Corporation)
U3 a2jra32j; C:\Windows\System32\Drivers\a2jra32j.sys [0 ] (Microsoft Corporation)
S3 cpuz130; \??\C:\Users\Alex\AppData\Local\Temp\cpuz130\cpuz_x32.sys [x]
S3 EagleNT; \??\C:\Windows\system32\drivers\EagleNT.sys [x]
S3 EagleXNt; \??\C:\Windows\system32\drivers\EagleXNt.sys [x]
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2013-07-12 11:30 - 2013-07-12 11:30 - 00000000 ____D C:\FRST
2013-07-12 11:29 - 2013-07-12 11:29 - 01218598 _____ (Farbar) C:\Users\Alex\Desktop\FRST.exe
2013-07-11 15:14 - 2013-07-11 15:14 - 00000000 ____D C:\Windows\system32\MRT
2013-07-10 16:48 - 2013-07-10 16:49 - 05192704 _____ (Geza Kovacs) C:\Users\Alex\Desktop\unetbootin-windows-585.exe
2013-07-10 10:17 - 2013-06-12 01:43 - 14329856 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-07-10 10:17 - 2013-06-12 01:43 - 02877440 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-07-10 10:17 - 2013-06-12 01:43 - 01767936 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-07-10 10:17 - 2013-06-12 01:43 - 01141248 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-07-10 10:17 - 2013-06-12 01:43 - 00690688 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-07-10 10:17 - 2013-06-12 01:43 - 00493056 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-07-10 10:17 - 2013-06-12 01:43 - 00042496 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-07-10 10:17 - 2013-06-12 01:43 - 00039424 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-07-10 10:17 - 2013-06-12 01:42 - 13760512 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-07-10 10:17 - 2013-06-12 01:42 - 02046976 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-07-10 10:17 - 2013-06-12 01:42 - 00391168 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-07-10 10:17 - 2013-06-12 01:42 - 00109056 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2013-07-10 10:17 - 2013-06-12 01:42 - 00061440 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-07-10 10:17 - 2013-06-12 01:42 - 00033280 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-07-10 10:17 - 2013-06-12 00:51 - 00071680 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2013-07-10 10:17 - 2013-06-07 04:37 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-07-10 10:15 - 2013-07-10 10:15 - 00001144 _____ C:\Users\Alex\Desktop\HotlineMiami.lnk
2013-07-10 10:10 - 2013-06-05 05:05 - 02347520 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2013-07-10 10:10 - 2013-06-04 06:53 - 00509440 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2013-07-10 10:10 - 2013-05-06 06:56 - 01620480 _____ (Microsoft Corporation) C:\Windows\system32\WMVDECOD.DLL
2013-07-10 10:10 - 2013-04-10 01:34 - 01247744 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2013-07-05 13:51 - 2013-07-05 13:52 - 00001971 _____ C:\Users\Alex\Desktop\MediathekView.lnk
2013-07-03 21:21 - 2013-07-03 21:21 - 00000000 ____D C:\Program Files\Mozilla Firefox
2013-07-03 19:13 - 2013-07-04 16:24 - 00000000 ____D C:\Users\Alex\MediathekView
2013-07-03 19:08 - 2013-07-03 19:08 - 00000000 ____D C:\Users\Alex\.mediathek3
2013-07-03 19:08 - 2013-07-03 19:08 - 00000000 ____D C:\Program Files\MediathekView_3.2.1
2013-06-30 20:38 - 2013-06-30 20:38 - 00000000 ____D C:\Users\Alex\Documents\naild
2013-06-30 20:23 - 2013-06-30 20:23 - 00001551 _____ C:\Users\Public\Desktop\Nail'd.lnk
2013-06-30 20:05 - 2013-06-30 20:05 - 00281760 _____ C:\Windows\system32\Drivers\atksgt.sys
2013-06-30 20:05 - 2013-06-30 20:05 - 00025888 _____ C:\Windows\system32\Drivers\lirsgt.sys
2013-06-26 15:00 - 2013-06-26 15:00 - 00000930 _____ C:\Users\Public\Desktop\calibre - E-book management.lnk
2013-06-21 21:05 - 2013-06-21 21:05 - 00004932 _____ C:\Windows\system32\jupdate-1.7.0_25-b16.log
2013-06-21 21:05 - 2013-06-12 21:48 - 00094632 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge.dll
2013-06-21 21:05 - 2013-06-12 21:43 - 00263592 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
2013-06-21 21:05 - 2013-06-12 21:43 - 00175016 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe
2013-06-21 21:05 - 2013-06-12 21:43 - 00175016 _____ (Oracle Corporation) C:\Windows\system32\java.exe
2013-06-18 21:50 - 2013-06-18 21:50 - 00211560 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\MpFilter.sys
2013-06-12 14:52 - 2013-05-13 06:45 - 01160192 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2013-06-12 14:52 - 2013-05-13 05:08 - 00903168 _____ (Microsoft Corporation) C:\Windows\system32\certutil.exe
2013-06-12 14:51 - 2013-05-13 06:45 - 00140288 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
2013-06-12 14:51 - 2013-05-13 06:45 - 00103936 _____ (Microsoft Corporation) C:\Windows\system32\cryptnet.dll
2013-06-12 14:51 - 2013-05-13 05:08 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\certenc.dll
2013-06-12 14:51 - 2013-05-08 07:38 - 01293672 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2013-06-12 14:51 - 2013-05-06 07:06 - 03968872 _____ (Microsoft Corporation) C:\Windows\system32\ntkrnlpa.exe
2013-06-12 14:51 - 2013-05-06 07:06 - 03913576 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2013-06-12 14:51 - 2013-04-26 06:55 - 00492544 _____ (Microsoft Corporation) C:\Windows\system32\win32spl.dll
==================== One Month Modified Files and Folders =======
2013-07-12 11:30 - 2013-07-12 11:30 - 00000000 ____D C:\FRST
2013-07-12 11:29 - 2013-07-12 11:29 - 01218598 _____ (Farbar) C:\Users\Alex\Desktop\FRST.exe
2013-07-12 11:26 - 2012-10-18 19:43 - 00000000 ____D C:\Users\Alex\AppData\Roaming\Skype
2013-07-12 11:25 - 2012-10-18 20:12 - 00000000 ___RD C:\Program Files\Skype
2013-07-12 11:25 - 2009-12-26 12:38 - 00000000 ____D C:\ProgramData\Skype
2013-07-12 11:23 - 2009-07-14 06:34 - 00014800 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-07-12 11:23 - 2009-07-14 06:34 - 00014800 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-07-12 11:22 - 2013-02-23 15:41 - 00001090 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-07-12 11:22 - 2012-12-08 14:23 - 00000000 ____D C:\Users\Alex\AppData\Local\HTC MediaHub
2013-07-12 11:22 - 2009-12-22 12:52 - 00372785 _____ C:\Windows\setupact.log
2013-07-12 11:20 - 2009-12-21 22:59 - 01255420 _____ C:\Windows\WindowsUpdate.log
2013-07-12 11:16 - 2011-12-31 18:13 - 00000000 ____D C:\ProgramData\VMware
2013-07-12 11:16 - 2009-07-14 06:53 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-07-11 19:58 - 2013-05-21 11:07 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-07-11 19:56 - 2013-02-23 15:41 - 00001094 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-07-11 19:38 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\Microsoft.NET
2013-07-11 19:24 - 2010-10-09 12:26 - 00000000 ____D C:\Users\Alex\AppData\Local\PMB Files
2013-07-11 19:24 - 2010-10-09 12:26 - 00000000 ____D C:\ProgramData\PMB Files
2013-07-11 15:17 - 2013-07-11 15:14 - 00000000 ____D C:\Windows\system32\MRT
2013-07-11 12:39 - 2009-12-21 23:10 - 01620094 _____ C:\Windows\system32\PerfStringBackup.INI
2013-07-10 16:49 - 2013-07-10 16:48 - 05192704 _____ (Geza Kovacs) C:\Users\Alex\Desktop\unetbootin-windows-585.exe
2013-07-10 15:18 - 2012-12-29 18:06 - 00000000 ____D C:\ProgramData\LightScribe
2013-07-10 14:56 - 2012-10-30 19:57 - 00001912 _____ C:\Windows\epplauncher.mif
2013-07-10 14:49 - 2012-10-30 19:56 - 00000000 ____D C:\Program Files\Microsoft Security Client
2013-07-10 13:17 - 2009-07-14 06:33 - 03803248 _____ C:\Windows\system32\FNTCACHE.DAT
2013-07-10 10:43 - 2009-07-14 10:56 - 00000000 ____D C:\Program Files\Windows Journal
2013-07-10 10:43 - 2009-07-14 06:52 - 00000000 ____D C:\Program Files\Windows Defender
2013-07-10 10:17 - 2009-12-26 12:50 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-07-10 10:15 - 2013-07-10 10:15 - 00001144 _____ C:\Users\Alex\Desktop\HotlineMiami.lnk
2013-07-10 10:15 - 2009-12-23 21:26 - 00000000 ____D C:\_Gamez
2013-07-09 13:12 - 2010-05-15 17:23 - 00000000 ____D C:\Program Files\Steam
2013-07-09 12:31 - 2010-05-15 17:23 - 00000000 ____D C:\Program Files\Common Files\Steam
2013-07-08 13:37 - 2010-05-20 18:22 - 00000000 ____D C:\Users\Alex\AppData\Roaming\TS3Client
2013-07-05 20:23 - 2009-12-22 12:42 - 00000000 ____D C:\Users\Alex\AppData\Roaming\vlc
2013-07-05 13:52 - 2013-07-05 13:51 - 00001971 _____ C:\Users\Alex\Desktop\MediathekView.lnk
2013-07-04 16:24 - 2013-07-03 19:13 - 00000000 ____D C:\Users\Alex\MediathekView
2013-07-04 16:20 - 2012-04-25 16:50 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service
2013-07-03 21:21 - 2013-07-03 21:21 - 00000000 ____D C:\Program Files\Mozilla Firefox
2013-07-03 19:13 - 2009-12-21 23:11 - 00000000 ____D C:\Users\Alex
2013-07-03 19:08 - 2013-07-03 19:08 - 00000000 ____D C:\Users\Alex\.mediathek3
2013-07-03 19:08 - 2013-07-03 19:08 - 00000000 ____D C:\Program Files\MediathekView_3.2.1
2013-06-30 20:38 - 2013-06-30 20:38 - 00000000 ____D C:\Users\Alex\Documents\naild
2013-06-30 20:23 - 2013-06-30 20:23 - 00001551 _____ C:\Users\Public\Desktop\Nail'd.lnk
2013-06-30 20:05 - 2013-06-30 20:05 - 00281760 _____ C:\Windows\system32\Drivers\atksgt.sys
2013-06-30 20:05 - 2013-06-30 20:05 - 00025888 _____ C:\Windows\system32\Drivers\lirsgt.sys
2013-06-30 19:57 - 2009-12-22 13:52 - 00000000 ___HD C:\Program Files\InstallShield Installation Information
2013-06-30 19:54 - 2010-01-08 16:19 - 00000000 ____D C:\Users\Alex\AppData\Roaming\dvdcss
2013-06-26 15:01 - 2012-05-02 19:26 - 00000000 ____D C:\Program Files\Calibre2
2013-06-26 15:00 - 2013-06-26 15:00 - 00000930 _____ C:\Users\Public\Desktop\calibre - E-book management.lnk
2013-06-24 00:37 - 2009-12-24 13:31 - 75733144 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2013-06-23 17:57 - 2010-06-14 15:31 - 00000000 ____D C:\Program Files\JDownloader
2013-06-22 13:25 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\rescache
2013-06-21 21:05 - 2013-06-21 21:05 - 00004932 _____ C:\Windows\system32\jupdate-1.7.0_25-b16.log
2013-06-21 21:05 - 2013-05-04 20:24 - 00000000 ____D C:\Program Files\Java
2013-06-19 19:29 - 2013-06-06 16:16 - 00000000 ____D C:\Users\Alex\AppData\Roaming\RIFT
2013-06-18 21:50 - 2013-06-18 21:50 - 00211560 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\MpFilter.sys
2013-06-18 21:50 - 2012-08-30 23:03 - 00107392 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\NisDrvWFP.sys
2013-06-16 17:45 - 2009-12-26 14:01 - 00000000 ____D C:\Users\Alex\Documents\My Games
2013-06-12 21:48 - 2013-06-21 21:05 - 00094632 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge.dll
2013-06-12 21:48 - 2012-07-19 19:50 - 00867240 _____ (Oracle Corporation) C:\Windows\system32\npdeployJava1.dll
2013-06-12 21:48 - 2010-12-20 19:11 - 00789416 _____ (Oracle Corporation) C:\Windows\system32\deployJava1.dll
2013-06-12 21:43 - 2013-06-21 21:05 - 00263592 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
2013-06-12 21:43 - 2013-06-21 21:05 - 00175016 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe
2013-06-12 21:43 - 2013-06-21 21:05 - 00175016 _____ (Oracle Corporation) C:\Windows\system32\java.exe
2013-06-12 16:58 - 2012-04-04 19:34 - 00692104 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2013-06-12 16:58 - 2011-05-15 09:45 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2013-06-12 15:12 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\system32\de-DE
2013-06-12 01:43 - 2013-07-10 10:17 - 14329856 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-06-12 01:43 - 2013-07-10 10:17 - 02877440 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-06-12 01:43 - 2013-07-10 10:17 - 01767936 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-06-12 01:43 - 2013-07-10 10:17 - 01141248 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-06-12 01:43 - 2013-07-10 10:17 - 00690688 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-06-12 01:43 - 2013-07-10 10:17 - 00493056 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-06-12 01:43 - 2013-07-10 10:17 - 00042496 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-06-12 01:43 - 2013-07-10 10:17 - 00039424 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-06-12 01:42 - 2013-07-10 10:17 - 13760512 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-06-12 01:42 - 2013-07-10 10:17 - 02046976 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-06-12 01:42 - 2013-07-10 10:17 - 00391168 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-06-12 01:42 - 2013-07-10 10:17 - 00109056 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2013-06-12 01:42 - 2013-07-10 10:17 - 00061440 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-06-12 01:42 - 2013-07-10 10:17 - 00033280 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-06-12 00:51 - 2013-07-10 10:17 - 00071680 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
==================== Bamital & volsnap Check =================
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
LastRegBack: 2013-07-04 20:20
==================== End Of Log ============================
Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x86) Version: 12-07-2013 01 Ran by Alex at 2013-07-12 11:31:28 Running from C:\Users\Alex\Desktop Boot Mode: Normal ========================================================== 32 Bit HP CIO Components Installer (Version: 6.1.1) 7-Zip 4.65 Adobe After Effects CS4 Third Party Content (Version: 9) Adobe AIR (Version: 2.5.1.17730) Adobe Anchor Service CS4 (Version: 2.0) Adobe Bridge CS4 (Version: 3) Adobe CMaps CS4 (Version: 2.0) Adobe Color - Photoshop Specific CS4 (Version: 2.0) Adobe Color EU Recommended Settings CS4 (Version: 2.0) Adobe Color JA Extra Settings CS4 (Version: 2.0) Adobe Color NA Extra Settings CS4 (Version: 2.0) Adobe Color Video Profiles CS CS4 (Version: 2.0) Adobe Community Help (Version: 3.4.980) Adobe Creative Suite 4 Master Collection (Version: 4.0) Adobe Creative Suite 5.5 Master Collection (Version: 5.5) Adobe CSI CS4 (Version: 1) Adobe Default Language CS4 (Version: 2.0) Adobe Download Manager (Version: 1.6.2.60) Adobe Dynamiclink Support (Version: 1) Adobe Encore CS4 Codecs (Version: 4) Adobe ExtendScript Toolkit CS4 (Version: 3.0.0) Adobe Flash Player 11 ActiveX (Version: 11.7.700.224) Adobe Flash Player 11 Plugin (Version: 11.7.700.224) Adobe Fonts All (Version: 2.0) Adobe Linguistics CS4 (Version: 4.0.0) Adobe Media Encoder CS4 Exporter (Version: 1.0) Adobe Media Encoder CS4 Importer (Version: 1.0) Adobe Media Player (Version: 1.8) Adobe Output Module (Version: 2.0) Adobe PDF Library Files CS4 (Version: 9.0) Adobe Photoshop CS4 (Version: 11.0) Adobe Photoshop CS4 Support (Version: 11.0) Adobe Photoshop CS5 (Version: 12.0) Adobe Premiere Pro CS4 Third Party Content (Version: 4) Adobe Reader XI (11.0.03) - Deutsch (Version: 11.0.03) Adobe Search for Help (Version: 1.0) Adobe Service Manager Extension (Version: 1.0) Adobe Setup (Version: 2.0) Adobe Soundbooth CS4 (Version: 2) Adobe Soundbooth CS4 Codecs (Version: 2) Adobe Type Support CS4 (Version: 9.0) Adobe Update Manager CS4 (Version: 6.0.0) Adobe WinSoft Linguistics Plugin (Version: 1.1) Adobe XMP Panels CS4 (Version: 2.0) AdobeColorCommonSetCMYK (Version: 2.0) AdobeColorCommonSetRGB (Version: 2.0) AIO_CDB_Software (Version: 130.0.365.000) AIO_Scan (Version: 130.0.421.000) AMD Accelerated Video Transcoding (Version: 12.5.100.20928) AMD APP SDK Runtime (Version: 10.0.1016.4) AMD Catalyst Install Manager (Version: 8.0.891.0) AMD Drag and Drop Transcoding (Version: 2.00.0000) AMD Media Foundation Decoders (Version: 1.0.70928.1538) Assassin's Creed II (Version: 1.01) Bloodline Champions (Version: 1.0.0) Borderlands 2 BufferChm (Version: 130.0.331.000) BulletStorm (Version: 1.0.0001.130) calibre (Version: 0.9.36) Call of Duty: Modern Warfare 3 - Dedicated Server CameraHelperMsi (Version: 13.50.854.0) Camtasia Studio 6 (Version: 6.0.3) capella 7 (Version: 7.1.1) Catalyst Control Center - Branding (Version: 1.00.0000) Catalyst Control Center (Version: 2012.0928.1532.26058) Catalyst Control Center Graphics Previews Common (Version: 2012.0928.1532.26058) Catalyst Control Center InstallProxy (Version: 2012.0928.1532.26058) Catalyst Control Center Localization All (Version: 2012.0928.1532.26058) CCC Help Chinese Standard (Version: 2012.0928.1531.26058) CCC Help Chinese Traditional (Version: 2012.0928.1531.26058) CCC Help Czech (Version: 2012.0928.1531.26058) CCC Help Danish (Version: 2012.0928.1531.26058) CCC Help Dutch (Version: 2012.0928.1531.26058) CCC Help English (Version: 2012.0928.1531.26058) CCC Help Finnish (Version: 2012.0928.1531.26058) CCC Help French (Version: 2012.0928.1531.26058) CCC Help German (Version: 2012.0928.1531.26058) CCC Help Greek (Version: 2012.0928.1531.26058) CCC Help Hungarian (Version: 2012.0928.1531.26058) CCC Help Italian (Version: 2012.0928.1531.26058) CCC Help Japanese (Version: 2012.0928.1531.26058) CCC Help Korean (Version: 2012.0928.1531.26058) CCC Help Norwegian (Version: 2012.0928.1531.26058) CCC Help Polish (Version: 2012.0928.1531.26058) CCC Help Portuguese (Version: 2012.0928.1531.26058) CCC Help Russian (Version: 2012.0928.1531.26058) CCC Help Spanish (Version: 2012.0928.1531.26058) CCC Help Swedish (Version: 2012.0928.1531.26058) CCC Help Thai (Version: 2012.0928.1531.26058) CCC Help Turkish (Version: 2012.0928.1531.26058) ccc-utility (Version: 2012.0928.1532.26058) ClassicPro© v1.15 (Version: 1.15) Company of Heroes 2 – OPEN BETA Connect (Version: 1.0.0.1) Creatures of Darkness (Version: 3.3.0) CreepSmash.com Crysis® 2 (Version: 1.0.0.0) Darksiders II Deep Space Voices (Version: 3.3.0) Dota 2 ElsterFormular (Version: 14.1.11318) erLT (Version: 1.20.138.34) Exact Audio Copy 1.0beta3 (Version: 1.0beta3) Fantasy Voice Pack (Version: 1.3.0) FL Studio 10 Fraps Free Audio CD Burner version 1.2 Free Studio version 2013 (Version: 6.0.0.128) Free YouTube to MP3 Converter version 3.3 FreeOCR v4.2 Furry Voices for Second Life (Version: 1.3.0) Galactic Voices (Version: 1.3.0) gamelauncher-ps2-psg GamersFirst LIVE! GCH Guitar academy Google Chrome (Version: 28.0.1500.71) Google Update Helper (Version: 1.3.21.149) GPBaseService2 (Version: 130.0.371.000) Graffiti Studio 2.0 GTA San Andreas (Version: 1.00.00001) Guitar Hero III (Version: 1.00.0000) Hi-Rez Studios Authenticate and Update Service (Version: 3.0.0.0) HP Photosmart Officejet and Deskjet All-In-One Driver Software 13.0 Rel. B (Version: 13.0) HP Solution Center 13.0 (Version: 13.0) HPPhotoGadget (Version: 130.0.282.000) HPProductAssistant (Version: 130.0.371.000) HTC Driver Installer (Version: 4.2.0.001) HTC Sync Manager (Version: 2.0.60.0) HydraVision (Version: 4.2.174.0) IL Download Manager IPTInstaller (Version: 4.0.8) Java 7 Update 25 (Version: 7.0.250) Java Auto Updater (Version: 2.1.9.5) JDownloader (Version: 0.89) JDownloader 0.9 (Version: 0.9) kuler (Version: 2.0) LaCie Formatter for LaCinema 1.0.0.4 League of Legends (Version: 1.3) LightScribe System Software (Version: 1.18.22.2) Live 8.0.1 Logitech SetPoint 6.32 (Version: 6.32.20) Logitech Vid HD (Version: 7.2 (7240)) Logitech Webcam Software (Version: 2.0) LogMeIn Hamachi (Version: 2.1.0.215) LOLReplay (Version: 0.7.9.44) LWS Facebook (Version: 13.50.854.0) LWS Gallery (Version: 13.50.854.0) LWS Help_main (Version: 13.50.862.0) LWS Launcher (Version: 13.50.859.0) LWS Motion Detection (Version: 13.30.1395.0) LWS Pictures And Video (Version: 13.50.861.0) LWS Twitter (Version: 13.30.1346.0) LWS Video Mask Maker (Version: 13.30.1379.0) LWS VideoEffects (Version: 13.30.1379.0) LWS Webcam Software (Version: 13.31.1038.0) LWS WLM Plugin (Version: 1.30.1201.0) LWS YouTube Plugin (Version: 13.31.1038.0) Malwarebytes Anti-Malware Version 1.75.0.1300 (Version: 1.75.0.1300) Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319) Microsoft .NET Framework 4 Extended (Version: 4.0.30319) Microsoft Games for Windows - LIVE (Version: 3.3.24.0) Microsoft Games for Windows - LIVE Redistributable (Version: 3.2.3.0) Microsoft Office 2007 Service Pack 3 (SP3) Microsoft Office Access MUI (German) 2007 (Version: 12.0.6612.1000) Microsoft Office Enterprise 2007 (Version: 12.0.6612.1000) Microsoft Office Excel MUI (German) 2007 (Version: 12.0.6612.1000) Microsoft Office Groove MUI (German) 2007 (Version: 12.0.6612.1000) Microsoft Office InfoPath MUI (German) 2007 (Version: 12.0.6612.1000) Microsoft Office OneNote MUI (German) 2007 (Version: 12.0.6612.1000) Microsoft Office Outlook MUI (German) 2007 (Version: 12.0.6612.1000) Microsoft Office PowerPoint MUI (German) 2007 (Version: 12.0.6612.1000) Microsoft Office Proof (English) 2007 (Version: 12.0.6612.1000) Microsoft Office Proof (French) 2007 (Version: 12.0.6612.1000) Microsoft Office Proof (German) 2007 (Version: 12.0.6612.1000) Microsoft Office Proof (Italian) 2007 (Version: 12.0.6612.1000) Microsoft Office Proofing (German) 2007 (Version: 12.0.4518.1014) Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) Microsoft Office Publisher MUI (German) 2007 (Version: 12.0.6612.1000) Microsoft Office Shared MUI (German) 2007 (Version: 12.0.6612.1000) Microsoft Office Word MUI (German) 2007 (Version: 12.0.6612.1000) Microsoft Security Client (Version: 4.3.0215.0) Microsoft Security Essentials (Version: 4.3.215.0) Microsoft Visual C++ 2005 Redistributable (Version: 8.0.50727.42) Microsoft Visual C++ 2005 Redistributable (Version: 8.0.59193) Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (Version: 9.0.30729) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (Version: 10.0.40219) Microsoft XNA Framework Redistributable 3.1 (Version: 3.1.10527.0) Microsoft_VC80_ATL_x86 (Version: 8.0.50727.4053) Microsoft_VC80_CRT_x86 (Version: 8.0.50727.4053) Microsoft_VC80_MFC_x86 (Version: 8.0.50727.4053) Microsoft_VC80_MFCLOC_x86 (Version: 8.0.50727.4053) Microsoft_VC90_ATL_x86 (Version: 1.00.0000) Microsoft_VC90_CRT_x86 (Version: 1.00.0000) Microsoft_VC90_MFC_x86 (Version: 1.00.0000) Microsoft_VC90_MFCLOC_x86 (Version: 1.00.0000) Mobile Partner (Version: 21.005.15.02.35) MorphVOX Junior (Version: 2.7.5) MozBackup 1.5.1 Mozilla Firefox 22.0 (x86 de) (Version: 22.0) Mozilla Maintenance Service (Version: 22.0) Mozilla Thunderbird 10.0.2 (x86 de) (Version: 10.0.2) MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0) MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0) Nail'd (Version: 1.00) Nero Burning ROM (Version: 12.0.20000) Nero Burning ROM Help (CHM) (Version: 12.0.3000) Nero BurningROM 12 (Version: 12.0.00300) Nero ControlCenter (Version: 11.0.15200) Nero ControlCenter Help (CHM) (Version: 12.0.5000) Nero Core Components (Version: 11.0.18100) Nero SharedVideoCodecs (Version: 1.0.12100.2.0) Nero Update (Version: 11.0.11800.31.0) Network (Version: 130.0.572.000) NVIDIA Photoshop Plug-ins (Version: 8.50) NVIDIA PhysX (Version: 9.10.0513) OpenAL Pando Media Booster (Version: 2.3.5.6) PC Connectivity Solution (Version: 8.15.0.0) PDF Settings CS4 (Version: 9.0) PDF Settings CS5 (Version: 10.0) PDFCreator (Version: 1.0.1) Photoshop Camera Raw (Version: 5.0) Platform (Version: 1.34) Portal 2 Prerequisite installer (Version: 12.0.0002) PunkBuster Services (Version: 0.991) Rapture3D 2.3.26 Game Reason 5.0 (Version: 5.0) RIFT Rockstar Games Social Club (Version: 1.0.9.5) Scan (Version: 13.0.0.0) Sci-Fi Voice Pack (Version: 1.3.0) Skype™ 6.6 (Version: 6.6.106) SmartSteam 1.4.1 Smite (Version: 0.1.1468.0) SolutionCenter (Version: 130.0.373.000) Spec Ops The Line SpeechRedist (Version: 1.0.0) Steam (Version: 1.0.0.0) Suite Shared Configuration CS4 (Version: 1.0) Team Fortress 2 TeamSpeak 3 Client (HKCU Version: 3.0.10.1) TeamViewer 5 (Version: 5.1.9385 ) TeamViewer 7 (Version: 7.0.14563) TmNationsForever Update 2010-03-15 Tom Clancy's Rainbow Six Vegas 2 (Version: 1.03) Toolbox (Version: 130.0.648.000) Total Commander (Remove or Repair) Translator Fun Voice Pack (Version: 1.5.0) Tribes Ascend (Version: 1.0.1268.1) Tunngle beta TuxGuitar 1.2 Ubisoft Game Launcher (Version: 1.0.0.0) Uninstall 1.0.0.1 Unity Web Player (HKCU Version: ) UnloadSupport (Version: 11.0.0) Unreal Tournament 2004 Update for 2007 Microsoft Office System (KB967642) Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition Update for Microsoft Office 2007 suites (KB2596660) 32-Bit Edition Update for Microsoft Office 2007 suites (KB2596802) 32-Bit Edition Update for Microsoft Office 2007 suites (KB2596848) 32-Bit Edition Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2817563) 32-Bit Edition Uplay (Version: 2.0) VC 9.0 Runtime (Version: 1.0.0) VIA Plattform-Geräte-Manager (Version: 1.34) VirtualCloneDrive VLC media player 2.0.5 (Version: 2.0.5) VmciSockets (Version: 9.1.54.1) VMware Player (Version: 4.0.1.27038) WebReg (Version: 130.0.132.017) Winamp (Version: 5.581 ) Winamp Detector Plug-in (HKCU Version: 1.0.0.1) Windows 7 USB/DVD Download Tool (Version: 1.0.30) Windows-Treiberpaket - Nokia pccsmcfd (10/12/2007 6.85.4.0) (Version: 10/12/2007 6.85.4.0) World of Warcraft (Version: 4.2.2.14545) XMedia Recode 2.1.8.4 (Version: 2.1.8.4) ZoneAlarm Firewall (Version: 10.2.081.000) ZoneAlarm Free Firewall (Version: 10.2.078.000) ZoneAlarm LTD Toolbar ZoneAlarm Security (Version: 10.2.081.000) ==================== Restore Points ========================= 09-07-2013 20:57:56 Windows Update 10-07-2013 08:10:37 Windows Update 10-07-2013 12:46:32 Windows Update 11-07-2013 13:13:02 Windows Update ==================== Hosts content: ========================== 2009-07-14 04:04 - 2010-01-01 14:34 - 00001345 ____A C:\Windows\system32\Drivers\etc\hosts 127.0.0.1 activate.adobe.com 127.0.0.1 practivate.adobe.com 127.0.0.1 ereg.adobe.com 127.0.0.1 activate.wip3.adobe.com 127.0.0.1 wip3.adobe.com 127.0.0.1 3dns-3.adobe.com 127.0.0.1 3dns-2.adobe.com 127.0.0.1 adobe-dns.adobe.com 127.0.0.1 adobe-dns-2.adobe.com 127.0.0.1 adobe-dns-3.adobe.com 127.0.0.1 ereg.wip3.adobe.com 127.0.0.1 activate-sea.adobe.com 127.0.0.1 wwis-dubc1-vip60.adobe.com 127.0.0.1 activate-sjc0.adobe.com 127.0.0.1 wwis-dubc1-vip60.adobe.com ==================== Scheduled Tasks (whitelisted) ============= Task: {1FDFCBDD-9220-4218-B36A-B9AEAD04C4DE} - System32\Tasks\Microsoft\Microsoft Antimalware\MpIdleTask => c:\Program Files\Microsoft Security Client\MpCmdRun.exe [2013-06-20] (Microsoft Corporation) Task: {37817F05-0F94-4713-8942-C9F67ACB627C} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2013-02-23] (Google Inc.) Task: {4DC864DA-40A9-45E1-996C-44821ABE8E4F} - System32\Tasks\{CE8DC2F3-A2D9-400F-8341-3714155D7F59} => c:\program files\mozilla firefox\firefox.exe [2013-07-03] (Mozilla Corporation) Task: {638640FD-5945-4C62-A0DE-D1A5F2BB7169} - System32\Tasks\Microsoft\Windows\TabletPC\InputPersonalization => C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe [2009-07-14] (Microsoft Corporation) Task: {770C8868-188F-494D-8514-E71FC7D1A526} - System32\Tasks\{73C5FCE4-A2A9-410E-9BDD-E62858A65758} => c:\program files\mozilla firefox\firefox.exe [2013-07-03] (Mozilla Corporation) Task: {A1AB9C9B-5B72-472B-B038-0ECF6C58B237} - System32\Tasks\{EF97411C-30F8-4190-84FC-1DD579C3FFB6} => C:\Program Files\Skype\Phone\Skype.exe [2013-06-21] (Skype Technologies S.A.) Task: {ADD2FA63-3AA6-4F63-BC4E-80C1C3E500EC} - System32\Tasks\AdobeAAMUpdater-1.0-Alex-PC-Alex => C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2011-03-30] (Adobe Systems Incorporated) Task: {BFDCB1F6-E4F7-438A-92BA-24CA7AEEF11E} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2013-02-23] (Google Inc.) Task: {C6B103FF-06CA-441F-BD73-8A986FA0877F} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2013-06-12] (Adobe Systems Incorporated) Task: {D2D1C3D1-6745-4F76-B9DC-FDFCB8C6D26C} - System32\Tasks\{E3703CA1-1E6F-489C-828E-F887AEE6BA8B} => C:\Program Files\Steam\Steam.exe [2013-07-08] (Valve Corporation) Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe ==================== Faulty Device Manager Devices ============= Name: VMware Virtual Ethernet Adapter for VMnet1 Description: VMware Virtual Ethernet Adapter for VMnet1 Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318} Manufacturer: VMware, Inc. Service: VMnetAdapter Problem: : This device is disabled. (Code 22) Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions. Name: VMware Virtual Ethernet Adapter for VMnet8 Description: VMware Virtual Ethernet Adapter for VMnet8 Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318} Manufacturer: VMware, Inc. Service: VMnetAdapter Problem: : This device is disabled. (Code 22) Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions. Name: TAP-Win32 Adapter V9 (Tunngle) Description: TAP-Win32 Adapter V9 (Tunngle) Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318} Manufacturer: TAP-Win32 Provider V9 (Tunngle) Service: tap0901t Problem: : This device is disabled. (Code 22) Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions. Name: WeOnlyDo Network Adapter 2.5 Description: WeOnlyDo Network Adapter 2.5 Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318} Manufacturer: WeOnlyDo Network Provider Service: wod0205 Problem: : This device is disabled. (Code 22) Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions. Name: Hamachi Network Interface Description: Hamachi Network Interface Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318} Manufacturer: LogMeIn, Inc. Service: hamachi Problem: : This device is disabled. (Code 22) Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions. ==================== Event log errors: ========================= Application errors: ================== Error: (07/11/2013 07:57:52 PM) (Source: SideBySide) (User: ) Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.VC90.MFC,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"1". Die abhängige Assemblierung "Microsoft.VC90.MFC,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"" konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe". Error: (07/10/2013 04:49:25 PM) (Source: Application Error) (User: ) Description: Name der fehlerhaften Anwendung: unetbootin-windows-585.exe, Version: 1.1.1.1, Zeitstempel: 0x51d3d1a9 Name des fehlerhaften Moduls: unetbootin-windows-585.exe, Version: 1.1.1.1, Zeitstempel: 0x51d3d1a9 Ausnahmecode: 0xc0000005 Fehleroffset: 0x004a8dd3 ID des fehlerhaften Prozesses: 0x1750 Startzeit der fehlerhaften Anwendung: 0xunetbootin-windows-585.exe0 Pfad der fehlerhaften Anwendung: unetbootin-windows-585.exe1 Pfad des fehlerhaften Moduls: unetbootin-windows-585.exe2 Berichtskennung: unetbootin-windows-585.exe3 Error: (07/10/2013 04:42:48 PM) (Source: Application Hang) (User: ) Description: Programm firefox.exe, Version 22.0.0.4917 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: 9a0 Startzeit: 01ce7d7b510033ca Endzeit: 41 Anwendungspfad: C:\Program Files\Mozilla Firefox\firefox.exe Berichts-ID: fb825801-e96e-11e2-b2ba-001966faf8ac Error: (07/09/2013 02:27:06 PM) (Source: SideBySide) (User: ) Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.VC90.MFC,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"1". Die abhängige Assemblierung "Microsoft.VC90.MFC,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"" konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe". Error: (07/08/2013 05:59:52 PM) (Source: SideBySide) (User: ) Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.VC90.MFC,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"1". Die abhängige Assemblierung "Microsoft.VC90.MFC,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"" konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe". Error: (07/07/2013 07:12:06 PM) (Source: SideBySide) (User: ) Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.VC90.MFC,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"1". Die abhängige Assemblierung "Microsoft.VC90.MFC,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"" konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe". Error: (07/06/2013 03:29:43 PM) (Source: SideBySide) (User: ) Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.VC90.MFC,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"1". Die abhängige Assemblierung "Microsoft.VC90.MFC,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"" konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe". Error: (07/04/2013 08:20:18 PM) (Source: SideBySide) (User: ) Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.VC90.MFC,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"1". Die abhängige Assemblierung "Microsoft.VC90.MFC,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"" konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe". Error: (07/03/2013 01:21:28 PM) (Source: Application Hang) (User: ) Description: Programm firefox.exe, Version 21.0.0.4879 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: 1604 Startzeit: 01ce77de876a33b7 Endzeit: 39 Anwendungspfad: C:\Program Files\Mozilla Firefox\firefox.exe Berichts-ID: b2137c2a-e3d2-11e2-8a63-001966faf8ac Error: (07/01/2013 03:20:09 PM) (Source: SideBySide) (User: ) Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.VC90.MFC,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"1". Die abhängige Assemblierung "Microsoft.VC90.MFC,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"" konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe". System errors: ============= Error: (07/11/2013 02:04:21 PM) (Source: Schannel) (User: NT-AUTORITÄT) Description: Es wurde eine schwerwiegende Warnung generiert: 10. Der interne Fehlerstatus lautet: 10. Error: (07/11/2013 01:50:55 PM) (Source: Schannel) (User: NT-AUTORITÄT) Description: Es wurde eine schwerwiegende Warnung generiert: 10. Der interne Fehlerstatus lautet: 10. Error: (07/10/2013 04:38:46 PM) (Source: Microsoft-Windows-Kernel-General) (User: NT-AUTORITÄT) Description: 0x8000002a52\??\C:\Windows\System32\SMI\Store\Machine\SCHEMA.DAT Error: (07/10/2013 04:25:07 PM) (Source: Microsoft Antimalware) (User: ) Description: Beim Laden der Signaturen wurde von %60 ein Fehler festgestellt. Es wird versucht, einen als gültig bekannten Signatursatz wiederherzustellen. Versuchte Signaturen: %24 Fehlercode: 0x8050800c Fehlerbeschreibung: Unerwartetes Problem. Installieren Sie bei Bedarf verfügbare Updates, und starten Sie das Programm dann erneut. Informationen zum Installieren von Updates finden Sie unter "Hilfe und Support". Signaturversion: 1.153.1623.0;1.153.1623.0 Modulversion: %600 Error: (07/10/2013 03:58:37 PM) (Source: Service Control Manager) (User: ) Description: Der Dienst "Server" wurde mit folgendem Fehler beendet: %%13 Error: (07/10/2013 03:58:37 PM) (Source: Service Control Manager) (User: ) Description: Der Dienst "Computerbrowser" wurde mit folgendem Fehler beendet: %%1115 Error: (07/09/2013 10:55:00 PM) (Source: Schannel) (User: NT-AUTORITÄT) Description: Es wurde eine schwerwiegende Warnung generiert: 10. Der interne Fehlerstatus lautet: 10. Error: (07/09/2013 05:01:30 PM) (Source: Schannel) (User: NT-AUTORITÄT) Description: Es wurde eine schwerwiegende Warnung generiert: 10. Der interne Fehlerstatus lautet: 10. Error: (07/09/2013 05:00:43 PM) (Source: Schannel) (User: NT-AUTORITÄT) Description: Es wurde eine schwerwiegende Warnung generiert: 10. Der interne Fehlerstatus lautet: 10. Error: (07/09/2013 04:56:35 PM) (Source: Schannel) (User: NT-AUTORITÄT) Description: Es wurde eine schwerwiegende Warnung generiert: 10. Der interne Fehlerstatus lautet: 10. Microsoft Office Sessions: ========================= ==================== Memory info =========================== Percentage of memory in use: 49% Total physical RAM: 3255.05 MB Available physical RAM: 1646.26 MB Total Pagefile: 6506.34 MB Available Pagefile: 4570.69 MB Total Virtual: 2047.88 MB Available Virtual: 1900.63 MB ==================== Drives ================================ Drive c: () (Fixed) (Total:492.16 GB) (Free:145.11 GB) NTFS ==>[Drive with boot components (obtained from BCD)] Drive d: () (Fixed) (Total:439.35 GB) (Free:183.58 GB) NTFS Drive e: (R6VEGAS2) (CDROM) (Total:4.79 GB) (Free:0 GB) UDF Drive g: (USB DISK) (Removable) (Total:3.73 GB) (Free:3.73 GB) FAT32 ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or 8) (Size: 932 GB) (Disk ID: B0FD90F7) Partition 1: (Active) - (Size=492 GB) - (Type=07 NTFS) Partition 2: (Not Active) - (Size=439 GB) - (Type=07 NTFS) ======================================================== Disk: 5 (MBR Code: Windows XP) (Size: 4 GB) (Disk ID: C3072E18) Partition 1: (Active) - (Size=4 GB) - (Type=0B) ==================== End Of Log ============================ Mit freundlichen Grüßen GuitarFreak |
|
12.07.2013, 11:25
| #4 | ||
| /// the machine /// TB-Ausbilder | Virenfund unter DesinfectZitat:
Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!Downloade dir bitte Combofix vom folgenden Downloadspiegel Link 1 WICHTIG - Speichere Combofix auf deinem Desktop
Wenn Combofix fertig ist, wird es eine Logfile erstellen. Bitte poste die C:\Combofix.txt in deiner nächsten Antwort. Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten Zitat:
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
13.07.2013, 09:24
| #5 |
| | Virenfund unter Desinfect Hallo, den Proxy habe ich nicht selbst gesetzt. Allerdings habe ich bei Firefox als Addon vor kurzem noch Anonymox benutzt. Eigentlich sollte der Proxy aber auch nur dann an sein wenn man es aktiviert und einen Server ausgesucht hat. Jetzt benutze ich stattdessen ProxTube und YoutubeUnblocker. Vielleicht kommt dadurch der Eintrag? Hier der Log für Combofix: Code:
ATTFilter ComboFix 13-07-12.01 - Alex 13.07.2013 10:01:41.1.4 - x86
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.49.1031.18.3255.1996 [GMT 2:00]
ausgeführt von:: c:\users\Alex\Desktop\Antivirus\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {641105E6-77ED-3F35-A304-765193BCB75F}
FW: ZoneAlarm Free Firewall Firewall *Disabled* {E6380B7E-D4B2-19F1-083E-56486607704B}
SP: Microsoft Security Essentials *Disabled/Updated* {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\system32\frapsvid.dll
.
.
((((((((((((((((((((((( Dateien erstellt von 2013-06-13 bis 2013-07-13 ))))))))))))))))))))))))))))))
.
.
2013-07-13 08:09 . 2013-07-13 08:09 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-07-12 14:07 . 2013-06-12 04:18 7068072 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{0C490289-F06A-4D7B-89FC-45C4353AD6A8}\mpengine.dll
2013-07-12 09:30 . 2013-07-12 09:30 -------- d-----w- C:\FRST
2013-07-11 13:14 . 2013-07-11 13:17 -------- d-----w- c:\windows\system32\MRT
2013-07-11 10:47 . 2013-06-12 04:18 7068072 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2013-07-10 08:10 . 2013-04-10 05:03 936448 ----a-w- c:\program files\Common Files\Microsoft Shared\ink\journal.dll
2013-07-10 08:10 . 2013-04-10 05:03 988672 ----a-w- c:\program files\Windows Journal\JNTFiltr.dll
2013-07-10 08:10 . 2013-04-10 05:03 969216 ----a-w- c:\program files\Windows Journal\JNWDRV.dll
2013-07-10 08:10 . 2013-04-10 05:04 1221632 ----a-w- c:\program files\Windows Journal\NBDoc.DLL
2013-07-10 08:10 . 2013-05-06 04:56 1620480 ----a-w- c:\windows\system32\WMVDECOD.DLL
2013-07-10 08:10 . 2013-04-09 23:34 1247744 ----a-w- c:\windows\system32\DWrite.dll
2013-07-10 08:10 . 2013-06-05 03:05 2347520 ----a-w- c:\windows\system32\win32k.sys
2013-07-10 08:10 . 2013-06-04 04:53 509440 ----a-w- c:\windows\system32\qedit.dll
2013-07-10 08:09 . 2013-05-27 04:57 680960 ----a-w- c:\program files\Windows Defender\MpSvc.dll
2013-07-10 08:09 . 2013-05-27 04:57 392704 ----a-w- c:\program files\Windows Defender\MpClient.dll
2013-07-10 08:09 . 2013-05-27 04:57 224768 ----a-w- c:\program files\Windows Defender\MpCommu.dll
2013-07-03 17:13 . 2013-07-04 14:24 -------- d-----w- c:\users\Alex\MediathekView
2013-07-03 17:08 . 2013-07-03 17:08 -------- d-----w- c:\users\Alex\.mediathek3
2013-07-03 17:08 . 2013-07-03 17:08 -------- d-----w- c:\program files\MediathekView_3.2.1
2013-06-30 18:05 . 2013-06-30 18:05 281760 ----a-w- c:\windows\system32\drivers\atksgt.sys
2013-06-30 18:05 . 2013-06-30 18:05 25888 ----a-w- c:\windows\system32\drivers\lirsgt.sys
2013-06-21 19:05 . 2013-06-12 19:48 94632 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2013-06-21 12:04 . 2013-06-21 12:04 724464 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{6BEB2930-0FEC-4836-8CCB-FD0C59A90A54}\gapaengine.dll
2013-06-18 19:50 . 2013-06-18 19:50 211560 ----a-w- c:\windows\system32\drivers\MpFilter.sys
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-06-18 19:50 . 2012-08-30 21:03 107392 ----a-w- c:\windows\system32\drivers\NisDrvWFP.sys
2013-06-12 19:48 . 2012-07-19 17:50 867240 ----a-w- c:\windows\system32\npdeployJava1.dll
2013-06-12 19:48 . 2010-12-20 17:11 789416 ----a-w- c:\windows\system32\deployJava1.dll
2013-06-12 14:58 . 2012-04-04 17:34 692104 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-06-12 14:58 . 2011-05-15 07:45 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-06-01 17:17 . 2013-06-01 17:17 151552 ----a-w- c:\windows\system32\nvRegDev.dll
2013-05-22 08:31 . 2012-11-28 15:21 724464 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll
2013-05-13 04:45 . 2013-06-12 12:52 1160192 ----a-w- c:\windows\system32\crypt32.dll
2013-05-13 04:45 . 2013-06-12 12:51 140288 ----a-w- c:\windows\system32\cryptsvc.dll
2013-05-13 04:45 . 2013-06-12 12:51 103936 ----a-w- c:\windows\system32\cryptnet.dll
2013-05-13 03:08 . 2013-06-12 12:52 903168 ----a-w- c:\windows\system32\certutil.exe
2013-05-13 03:08 . 2013-06-12 12:51 43008 ----a-w- c:\windows\system32\certenc.dll
2013-05-08 05:38 . 2013-06-12 12:51 1293672 ----a-w- c:\windows\system32\drivers\tcpip.sys
2013-05-06 05:06 . 2013-06-12 12:51 3968872 ----a-w- c:\windows\system32\ntkrnlpa.exe
2013-05-06 05:06 . 2013-06-12 12:51 3913576 ----a-w- c:\windows\system32\ntoskrnl.exe
2013-05-02 15:28 . 2009-12-22 16:22 238872 ------w- c:\windows\system32\MpSigStub.exe
2013-04-26 04:55 . 2013-06-12 12:51 492544 ----a-w- c:\windows\system32\win32spl.dll
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\~\Browser Helper Objects\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}]
2013-01-30 14:49 281760 ----a-w- c:\program files\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2013-06-21 19875432]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HDAudDeck"="c:\program files\VIA\VIAudioi\VDeck\VDeck.exe" [2009-09-21 1681408]
"SwitchBoard"="c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"ZoneAlarm"="c:\program files\CheckPoint\ZoneAlarm\zatray.exe" [2012-10-09 73392]
"EvtMgr6"="c:\program files\Logitech\SetPointP\SetPoint.exe" [2011-10-07 1387288]
"LWS"="c:\program files\Logitech\LWS\Webcam Software\LWS.exe" [2011-11-11 205336]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2013-06-20 995176]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2012-09-28 642728]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2013-03-12 253816]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
2011-09-27 19:03 66328 ----a-w- c:\program files\Common Files\LogiShrd\Bluetooth\LBTWLgn.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^GamersFirst LIVE!.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\GamersFirst LIVE!.lnk
backup=c:\windows\pss\GamersFirst LIVE!.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2013-04-04 21:06 958576 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeAAMUpdater-1.0]
2011-03-30 06:46 499608 ------w- c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeCS4ServiceManager]
2008-08-14 06:58 611712 ----a-w- c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeCS5.5ServiceManager]
2011-01-12 05:08 1523360 ----a-w- c:\program files\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeCS5ServiceManager]
2010-02-22 03:57 406992 ----a-w- c:\program files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISW]
2012-08-30 11:03 738984 ----a-w- c:\program files\CheckPoint\ZAForceField\ForceField.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Logitech Vid]
2010-10-29 20:06 5915480 ----a-w- c:\program files\Logitech\Vid HD\Vid.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VirtualCloneDrive]
2009-06-17 11:44 85160 ----a-w- c:\program files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
2010-07-12 16:32 74752 ----a-w- c:\program files\Winamp\winampa.exe
.
R2 HWDeviceService.exe;HWDeviceService.exe;c:\programdata\DatacardService\HWDeviceService.exe [2011-03-14 271712]
R2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [2013-06-21 162408]
R3 cpuz130;cpuz130;c:\users\Alex\AppData\Local\Temp\cpuz130\cpuz_x32.sys [x]
R3 EagleXNt;EagleXNt;c:\windows\system32\drivers\EagleXNt.sys [x]
R3 ew_hwusbdev;Huawei MobileBroadband USB PNP Device;c:\windows\system32\DRIVERS\ew_hwusbdev.sys [2012-04-19 102784]
R3 ew_usbenumfilter;huawei_CompositeFilter;c:\windows\system32\DRIVERS\ew_usbenumfilter.sys [2012-04-19 11136]
R3 FsUsbExDisk;FsUsbExDisk;c:\windows\system32\FsUsbExDisk.SYS [2010-03-26 36640]
R3 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;c:\program files\LogMeIn Hamachi\hamachi-2.exe [x]
R3 HTCAND32;HTC Device Driver;c:\windows\system32\Drivers\ANDROIDUSB.sys [2009-10-26 25088]
R3 htcnprot;HTC NDIS Protocol Driver;c:\windows\system32\DRIVERS\htcnprot.sys [2012-09-25 23040]
R3 huawei_cdcacm;huawei_cdcacm;c:\windows\system32\DRIVERS\ew_jucdcacm.sys [2012-04-19 90368]
R3 huawei_ext_ctrl;huawei_ext_ctrl;c:\windows\system32\DRIVERS\ew_juextctrl.sys [2012-04-19 26624]
R3 huawei_wwanecm;huawei_wwanecm;c:\windows\system32\DRIVERS\ew_juwwanecm.sys [2012-04-19 181760]
R3 KoneFltr;ROCCAT Kone;c:\windows\system32\drivers\Kone.sys [2008-12-11 13056]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2013-06-18 107392]
R3 NisSrv;Microsoft-Netzwerkinspektion;c:\program files\Microsoft Security Client\NisSrv.exe [2013-06-20 295376]
R3 tap0901t;TAP-Win32 Adapter V9 (Tunngle);c:\windows\system32\DRIVERS\tap0901t.sys [2009-09-16 27136]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
R3 TunngleService;TunngleService;c:\program files\Tunngle\TnglCtrl.exe [2012-11-26 745368]
R3 wod0205;WeOnlyDo Network Adapter 2.5;c:\windows\system32\DRIVERS\wod0205.sys [2011-04-23 28936]
R4 SwitchBoard;SwitchBoard;c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R4 TeamViewer5;TeamViewer 5;c:\program files\TeamViewer\Version5\TeamViewer_Service.exe [2010-10-19 2011944]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2010-02-02 691696]
S0 vmci;VMware VMCI Bus Driver;c:\windows\system32\DRIVERS\vmci.sys [2011-08-08 98928]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2012-09-28 217600]
S2 HTCMonitorService;HTCMonitorService;c:\program files\HTC\HTC Sync Manager\HSMServiceEntry.exe [2013-01-29 87368]
S2 ISWKL;ZoneAlarm LTD Toolbar ISWKL;c:\program files\CheckPoint\ZAForceField\ISWKL.sys [2012-08-30 27056]
S2 IswSvc;ZoneAlarm LTD Toolbar IswSvc;c:\program files\CheckPoint\ZAForceField\IswSvc.exe [2012-08-30 497320]
S2 NAUpdate;Nero Update;c:\program files\Nero\Update\NASvc.exe [2012-07-13 769432]
S2 PassThru Service;Internet Pass-Through Service;c:\program files\HTC\Internet Pass-Through\PassThruSvr.exe [2012-12-07 167424]
S2 TeamViewer7;TeamViewer 7;c:\program files\TeamViewer\Version7\TeamViewer_Service.exe [2012-08-31 2754984]
S2 UMVPFSrv;UMVPFSrv;c:\program files\Common Files\logishrd\LVMVFM\UMVPFSrv.exe [2012-01-18 450848]
S2 VMUSBArbService;VMware USB Arbitration Service;c:\program files\Common Files\VMware\USB\vmware-usbarbitrator.exe [2011-08-29 665200]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW73.sys [2012-05-14 86656]
S3 CompFilter;UVCCompositeFilter;c:\windows\system32\DRIVERS\lvbusflt.sys [2012-01-18 22176]
S3 huawei_enumerator;huawei_enumerator;c:\windows\system32\DRIVERS\ew_jubusenum.sys [2012-04-19 73216]
S3 LEqdUsb;Logitech SetPoint Unifying KMDF USB Filter;c:\windows\system32\Drivers\LEqdUsb.Sys [2011-09-02 42648]
S3 LHidEqd;Logitech SetPoint Unifying KMDF HID Filter;c:\windows\system32\Drivers\LHidEqd.Sys [2011-09-02 12184]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2009-03-01 139776]
S3 SCREAMINGBDRIVER;Screaming Bee Audio;c:\windows\system32\drivers\ScreamingBAudio.sys [2009-11-25 34384]
S3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys [2009-09-17 1086976]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
HPService REG_MULTI_SZ HPSLPSVC
getPlusHelper REG_MULTI_SZ getPlusHelper
hpdevmgmt REG_MULTI_SZ hpqcxs08
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2011-03-04 11:29 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-07-11 10:56 1173456 ----a-w- c:\program files\Google\Chrome\Application\28.0.1500.71\Installer\chrmstp.exe
.
Inhalt des "geplante Tasks" Ordners
.
2013-07-13 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-04 14:58]
.
2013-07-13 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2013-02-23 13:41]
.
2013-07-13 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2013-02-23 13:41]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://start.icq.com/
uInternet Settings,ProxyServer = 212.227.80.22:3128
IE: Free YouTube Download - c:\program files\Common Files\DVDVideoSoft\plugins\freeytvdownloader.htm
IE: Free YouTube to Mp3 Converter - c:\program files\Common Files\DVDVideoSoft\plugins\freeytmp3downloader.htm
IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: {{EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - c:\program files\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns.dll
LSP: %SystemRoot%\system32\vsocklib.dll
Trusted Zone: clonewarsadventures.com
Trusted Zone: freerealms.com
Trusted Zone: soe.com
Trusted Zone: sony.com
TCP: Interfaces\{633454F3-C13E-4013-8629-79DB16C0ADA2}: NameServer = 83.169.186.33,83.169.186.97
FF - ProfilePath - c:\users\Alex\AppData\Roaming\Mozilla\Firefox\Profiles\811wv9ly.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2269050&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.startup.homepage - youtube.de
FF - prefs.js: keyword.URL - hxxp://www.google.com/search?ie=UTF-8&oe=UTF-8&sourceid=navclient&gfns=1&q=
FF - prefs.js: network.proxy.type - 0
FF - ExtSQL: 2013-06-30 17:56; youtubeunblocker@unblocker.yt; c:\users\Alex\AppData\Roaming\Mozilla\Firefox\Profiles\811wv9ly.default\extensions\youtubeunblocker@unblocker.yt.xpi
FF - ExtSQL: 2013-07-04 19:01; {fe272bd1-5f76-4ea4-8501-a05d35d823fc}; c:\users\Alex\AppData\Roaming\Mozilla\Firefox\Profiles\811wv9ly.default\extensions\{fe272bd1-5f76-4ea4-8501-a05d35d823fc}.xpi
FF - ExtSQL: 2013-07-05 12:51; ich@maltegoetz.de; c:\users\Alex\AppData\Roaming\Mozilla\Firefox\Profiles\811wv9ly.default\extensions\ich@maltegoetz.de
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
HKCU-Run-AdobeBridge - (no file)
HKCU-Run-Akamai NetSession Interface - c:\users\Alex\AppData\Local\Akamai\netsession_win.exe
HKLM-Run-NPSStartup - (no file)
HKLM-Run-ISW - (no file)
MSConfigStartUp-Adobe Reader Speed Launcher - c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe
MSConfigStartUp-DAEMON Tools Lite - c:\program files\DAEMON Tools Lite\DTLite.exe
MSConfigStartUp-ICQ - c:\program files\ICQ7.2\ICQ.exe
MSConfigStartUp-Kone - c:\program files\ROCCAT\Kone Mouse\KoneHID.EXE
MSConfigStartUp-Launch LCDMon - c:\program files\Common Files\Logitech\LCD Manager\lcdmon.exe
MSConfigStartUp-Launch LGDCore - c:\program files\Common Files\Logitech\G-series Software\LGDCore.exe
MSConfigStartUp-LogMeIn Hamachi Ui - c:\program files\LogMeIn Hamachi\hamachi-2-ui.exe
AddRemove-3A5DEFA413DDE699DBA6EBE0A63534ACA524D30F - c:\progra~1\DIFX\270581355A767BF1\dpinst.exe
AddRemove-Free Audio CD Burner_is1 - c:\program files\DVDVideoSoft\Free Audio CD Burner\unins000.exe
AddRemove-Free YouTube to MP3 Converter_is1 - c:\program files\DVDVideoSoft\Free YouTube to MP3 Converter\unins000.exe
AddRemove-PunkBusterSvc - c:\_gamez\APB\APB RELOADED\Binaries\pbsvc_apb.exe
AddRemove-Planetside - c:\_gamez\Planetside\Uninstaller.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,92,41,b5,da,4d,24,c4,41,b5,dd,a0,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,92,41,b5,da,4d,24,c4,41,b5,dd,a0,\
.
[HKEY_USERS\S-1-5-21-1015253694-2270660054-4109814008-1000\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
@Allowed: (Read) (RestrictedCode)
"??"=hex:5d,42,a5,40,76,1f,5a,fb,2e,50,ba,f0,c0,96,1e,f8,72,6b,c2,56,06,68,aa,
6e,5a,c1,ad,e3,b0,55,14,46,72,78,97,c3,08,38,2f,7f,0d,5c,7b,c0,8a,d2,d0,13,\
"??"=hex:25,40,fb,db,75,a7,ff,5f,79,26,1d,70,41,20,7d,ab
.
[HKEY_USERS\S-1-5-21-1015253694-2270660054-4109814008-1000\Software\SecuROM\License information*]
"datasecu"=hex:c0,5d,50,52,ca,b0,54,87,a0,f0,23,85,36,cd,c8,1f,bc,5a,7b,2f,1d,
e8,05,e8,2d,07,0f,80,40,66,c8,57,c6,79,76,22,de,f0,9e,41,50,ef,d0,af,d9,13,\
"rkeysecu"=hex:3c,7c,10,4b,eb,85,f6,d8,c4,b9,5e,cf,8d,94,68,23
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
--------------------- Durch laufende Prozesse gestartete DLLs ---------------------
.
- - - - - - - > 'lsass.exe'(620)
c:\program files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll
.
Zeit der Fertigstellung: 2013-07-13 10:12:29
ComboFix-quarantined-files.txt 2013-07-13 08:12
.
Vor Suchlauf: 19 Verzeichnis(se), 158.318.063.616 Bytes frei
Nach Suchlauf: 24 Verzeichnis(se), 158.318.084.096 Bytes frei
.
- - End Of File - - 38362C115BA8C9164DA6490197ED2149
A36C5E4F47E84449FF07ED3517B43A31
|
|
13.07.2013, 10:27
| #6 |
| /// the machine /// TB-Ausbilder | Virenfund unter Desinfect Downloade Dir bitte  AdwCleaner auf deinen Desktop.
Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
und ein frisches FRST log bitte.
__________________ --> Virenfund unter Desinfect |
|
13.07.2013, 17:45
| #7 |
| | Virenfund unter Desinfect Hi, hier die Logs: ADWCleaner Code:
ATTFilter # AdwCleaner v2.305 - Datei am 13/07/2013 um 18:26:06 erstellt
# Aktualisiert am 11/07/2013 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (32 bits)
# Benutzer : Alex - ALEX-PC
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\Alex\Desktop\adwcleaner.exe
# Option [Löschen]
**** [Dienste] ****
***** [Dateien / Ordner] *****
Datei Gelöscht : C:\Users\Alex\AppData\Roaming\Mozilla\Firefox\Profiles\811wv9ly.default\foxydeal.sqlite
Datei Gelöscht : C:\Users\Alex\AppData\Roaming\Mozilla\Firefox\Profiles\811wv9ly.default\searchplugins\Conduit.xml
Ordner Gelöscht : C:\Program Files\Common Files\DVDVideoSoft\TB
Ordner Gelöscht : C:\Program Files\Common Files\Plasmoo
Ordner Gelöscht : C:\ProgramData\ICQ\ICQToolbar
Ordner Gelöscht : C:\Users\Alex\AppData\LocalLow\Toolbar4
Ordner Gelöscht : C:\Users\Alex\AppData\Roaming\CheckPoint\ZoneAlarm LTD Toolbar
Ordner Gelöscht : C:\Users\Alex\AppData\Roaming\dvdvideosoftiehelpers
Ordner Gelöscht : C:\Users\Alex\AppData\Roaming\Mozilla\Firefox\Profiles\811wv9ly.default\Conduit
***** [Registrierungsdatenbank] *****
Schlüssel Gelöscht : HKCU\Software\APN PIP
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{FCBCCB87-9224-4B8D-B117-F56D924BEB18}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FCBCCB87-9224-4B8D-B117-F56D924BEB18}
Schlüssel Gelöscht : HKCU\Software\PIP
Schlüssel Gelöscht : HKCU\Software\SMTTB2009
Schlüssel Gelöscht : HKCU\Software\Somoto Toolbar
Schlüssel Gelöscht : HKCU\Software\YahooPartnerToolbar
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{4CE516A7-F7AC-4628-B411-8F886DC5733E}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{628F3201-34D0-49C0-BB9A-82A26AEFB291}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\TbCommonUtils.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\TbHelper.EXE
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{1C950DE5-D31E-42FB-AFB9-91B0161633D8}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{3BDF4CE9-E81D-432B-A55E-9F0570CE811F}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{9F34B17E-FF0D-4FAB-97C4-9713FEE79052}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{A9A56B8E-2DEB-4ED3-BC92-1FA450BCE1A5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{AE338F6D-5A7C-4D1D-86E3-C618532079B5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{C339D489-FABC-41DD-B39D-276101667C70}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{D565B35E-B787-40FA-95E3-E3562F8FC1A0}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{D89031C2-10DA-4C90-9A62-FCED012BC46B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{FCBCCB87-9224-4B8D-B117-F56D924BEB18}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{01221FCC-4BFB-461C-B08C-F6D2DF309921}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{2A42D13C-D427-4787-821B-CF6973855778}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{3D8478AA-7B88-48A9-8BCB-B85D594411EC}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{452AE416-9A97-44CA-93DA-D0F15C36254F}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{45CDA4F7-594C-49A0-AAD1-8224517FE979}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{4897BBA6-48D9-468C-8EFA-846275D7701B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{4D8ED2B3-DC62-43EC-ABA3-5B74F046B1BE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{81E852CC-1FD5-4004-8761-79A48B975E29}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{95B6A271-FEB4-4160-B0FF-44394C21C8DC}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{B2CA345D-ADB8-4F5D-AC64-4AB34322F659}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{B9F43021-60D4-42A6-A065-9BA37F38AC47}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{BF921DD3-732A-4A11-933B-A5EA49F2FD2C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{D83B296A-2FA6-425B-8AE8-A1F33D99FBD6}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{E67D5BC7-7129-493E-9281-F47BDAFACE4F}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{FFB96CC1-7EB3-449D-B827-DB661701C6BB}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\SMTTB2009.IEToolbar
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\SMTTB2009.IEToolbar.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TbCommonUtils.CommonUtils
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TbCommonUtils.CommonUtils.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TbHelper.TbDownloadManager
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TbHelper.TbDownloadManager.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TbHelper.TbPropertyManager
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TbHelper.TbPropertyManager.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TbHelper.TbRequest
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TbHelper.TbRequest.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TbHelper.TbTask
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TbHelper.TbTask.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TbHelper.ToolbarHelper
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TbHelper.ToolbarHelper.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Toolbar3.ContextMenuNotifier
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Toolbar3.ContextMenuNotifier.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Toolbar3.CustomInternetSecurityImpl
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Toolbar3.CustomInternetSecurityImpl.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Toolbar3.SMTTB2009
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Toolbar3.SMTTB2009.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{0C58B7D1-D415-492B-A149-E976156BD3B8}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{B87F8B63-7274-43FD-87FA-09D3B7496148}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{C4BAE205-5E02-4E32-876E-F34B4E2D000C}
Schlüssel Gelöscht : HKLM\Software\ICQ\ICQToolbar
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{628F3201-34D0-49C0-BB9A-82A26AEFB291}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FCBCCB87-9224-4B8D-B117-F56D924BEB18}
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0FF2AEFF45EEA0A48A4B33C1973B6094
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\305B09CE8C53A214DB58887F62F25536
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\conduitEngine
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ZoneAlarm LTD Toolbar
Schlüssel Gelöscht : HKLM\SOFTWARE\MozillaPlugins\@checkpoint.com/FFApi
Schlüssel Gelöscht : HKLM\Software\PIP
Wert Gelöscht : HKLM\SOFTWARE\Mozilla\Firefox\extensions [{acaa314b-eeba-48e4-ad47-84e31c44796c}]
***** [Internet Browser] *****
-\\ Internet Explorer v10.0.9200.16635
Ersetzt : [HKCU\Software\Microsoft\Internet Explorer\Main - Start Page] = hxxp://start.icq.com/ --> hxxp://www.google.com
Ersetzt : [HKCU\Software\Microsoft\Internet Explorer\Main - ICQ Search] = hxxp://search.icq.com/search/results.php?q={searchTerms}&ch_id=osd --> hxxp://www.google.com
-\\ Mozilla Firefox v22.0 (de)
Datei : C:\Users\Alex\AppData\Roaming\Mozilla\Firefox\Profiles\811wv9ly.default\prefs.js
C:\Users\Alex\AppData\Roaming\Mozilla\Firefox\Profiles\811wv9ly.default\user.js ... Gelöscht !
Gelöscht : user_pref("CT2269050.AboutPrivacyUrl", "hxxp://www.conduit.com/privacy/Default.aspx");
Gelöscht : user_pref("CT2269050.CTID", "CT2269050");
Gelöscht : user_pref("CT2269050.CurrentServerDate", "17-8-2010");
Gelöscht : user_pref("CT2269050.DialogsAlignMode", "LTR");
Gelöscht : user_pref("CT2269050.DownloadReferralCookieData", "");
Gelöscht : user_pref("CT2269050.EMailNotifierPollDate", "Tue Aug 17 2010 18:32:49 GMT+0200");
Gelöscht : user_pref("CT2269050.FirstServerDate", "17-8-2010");
Gelöscht : user_pref("CT2269050.FirstTime", true);
Gelöscht : user_pref("CT2269050.FirstTimeFF3", true);
Gelöscht : user_pref("CT2269050.FirstTimeSettingsDone", true);
Gelöscht : user_pref("CT2269050.FixPageNotFoundErrors", true);
Gelöscht : user_pref("CT2269050.GroupingServerCheckInterval", 1440);
Gelöscht : user_pref("CT2269050.GroupingServiceUrl", "hxxp://grouping.services.conduit.com/");
Gelöscht : user_pref("CT2269050.Initialize", true);
Gelöscht : user_pref("CT2269050.InitializeCommonPrefs", true);
Gelöscht : user_pref("CT2269050.InstallationAndCookieDataSentCount", 1);
Gelöscht : user_pref("CT2269050.InstallationType", "UnknownIntegration");
Gelöscht : user_pref("CT2269050.InstalledDate", "Tue Aug 17 2010 18:32:49 GMT+0200");
Gelöscht : user_pref("CT2269050.InvalidateCache", false);
Gelöscht : user_pref("CT2269050.IsGrouping", false);
Gelöscht : user_pref("CT2269050.IsMulticommunity", false);
Gelöscht : user_pref("CT2269050.IsOpenThankYouPage", false);
Gelöscht : user_pref("CT2269050.IsOpenUninstallPage", false);
Gelöscht : user_pref("CT2269050.LanguagePackLastCheckTime", "Tue Aug 17 2010 18:32:50 GMT+0200");
Gelöscht : user_pref("CT2269050.LanguagePackReloadIntervalMM", 1440);
Gelöscht : user_pref("CT2269050.LanguagePackServiceUrl", "hxxp://translation.users.conduit.com/Translation.ashx[...]
Gelöscht : user_pref("CT2269050.LastLogin_2.7.0.14", "Tue Aug 17 2010 18:32:50 GMT+0200");
Gelöscht : user_pref("CT2269050.LatestVersion", "2.1.0.18");
Gelöscht : user_pref("CT2269050.Locale", "en");
Gelöscht : user_pref("CT2269050.LoginCache", 4);
Gelöscht : user_pref("CT2269050.MCDetectTooltipHeight", "83");
Gelöscht : user_pref("CT2269050.MCDetectTooltipUrl", "hxxp://@EB_INSTALL_LINK@/rank/tooltip/?version=1");
Gelöscht : user_pref("CT2269050.MCDetectTooltipWidth", "295");
Gelöscht : user_pref("CT2269050.RadioIsPodcast", false);
Gelöscht : user_pref("CT2269050.RadioLastCheckTime", "Tue Aug 17 2010 18:32:50 GMT+0200");
Gelöscht : user_pref("CT2269050.RadioLastUpdateIPServer", "3");
Gelöscht : user_pref("CT2269050.RadioLastUpdateServer", "129132338014870000");
Gelöscht : user_pref("CT2269050.RadioMediaID", "12473383");
Gelöscht : user_pref("CT2269050.RadioMediaType", "Media Player");
Gelöscht : user_pref("CT2269050.RadioMenuSelectedID", "EBRadioMenu_CT226905012473383");
Gelöscht : user_pref("CT2269050.RadioStationName", "Hotmix%20108");
Gelöscht : user_pref("CT2269050.RadioStationURL", "hxxp://67.202.67.18:8082");
Gelöscht : user_pref("CT2269050.SavedHomepage", "");
Gelöscht : user_pref("CT2269050.SearchEngine", "Search||hxxp://search.conduit.com/Results.aspx?q=UCM_SEARCH_TER[...]
Gelöscht : user_pref("CT2269050.SearchFromAddressBarIsInit", true);
Gelöscht : user_pref("CT2269050.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT226[...]
Gelöscht : user_pref("CT2269050.SearchInNewTabEnabled", true);
Gelöscht : user_pref("CT2269050.SearchInNewTabIntervalMM", 1440);
Gelöscht : user_pref("CT2269050.SearchInNewTabLastCheckTime", "Tue Aug 17 2010 18:32:50 GMT+0200");
Gelöscht : user_pref("CT2269050.SearchInNewTabServiceUrl", "hxxp://newtab.conduit-hosting.com/newtab/?ctid=EB_T[...]
Gelöscht : user_pref("CT2269050.SearchInNewTabUsageUrl", "hxxp://Usage.Hosting.conduit-services.com/UsageServic[...]
Gelöscht : user_pref("CT2269050.SettingsCheckIntervalMin", 120);
Gelöscht : user_pref("CT2269050.SettingsLastCheckTime", "Tue Aug 17 2010 18:32:49 GMT+0200");
Gelöscht : user_pref("CT2269050.SettingsLastUpdate", "1282047307");
Gelöscht : user_pref("CT2269050.ThirdPartyComponentsInterval", 504);
Gelöscht : user_pref("CT2269050.ThirdPartyComponentsLastCheck", "Tue Aug 17 2010 18:32:49 GMT+0200");
Gelöscht : user_pref("CT2269050.ThirdPartyComponentsLastUpdate", "1246790578");
Gelöscht : user_pref("CT2269050.TrusteLinkUrl", "hxxp://www.truste.org/pvr.php?page=validate&softwareProgramId=[...]
Gelöscht : user_pref("CT2269050.UserID", "UN27804291455511265");
Gelöscht : user_pref("CT2269050.WeatherNetwork", "");
Gelöscht : user_pref("CT2269050.WeatherPollDate", "Tue Aug 17 2010 18:32:50 GMT+0200");
Gelöscht : user_pref("CT2269050.WeatherUnit", "C");
Gelöscht : user_pref("CT2269050.alertChannelId", "666138");
Gelöscht : user_pref("CT2269050.clientLogIsEnabled", false);
Gelöscht : user_pref("CT2269050.clientLogServiceUrl", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.asm[...]
Gelöscht : user_pref("CT2269050.myStuffEnabled", true);
Gelöscht : user_pref("CT2269050.myStuffPublihserMinWidth", 400);
Gelöscht : user_pref("CT2269050.myStuffSearchUrl", "hxxp://Apps.conduit.com/search?q=SEARCH_TERM&SearchSourceOr[...]
Gelöscht : user_pref("CT2269050.myStuffServiceIntervalMM", 1440);
Gelöscht : user_pref("CT2269050.myStuffServiceUrl", "hxxp://mystuff.conduit-services.com/MyStuffService.ashx?Co[...]
Gelöscht : user_pref("CT2269050.uninstallLogServiceUrl", "hxxp://uninstall.users.conduit.com/Uninstall.asmx/Reg[...]
Gelöscht : user_pref("CommunityToolbar.SearchFromAddressBarSavedUrl", "hxxp://search.icq.com/search/afe_results[...]
Gelöscht : user_pref("CommunityToolbar.ToolbarsList", "CT2269050");
Gelöscht : user_pref("CommunityToolbar.ToolbarsList2", "CT2269050");
Gelöscht : user_pref("CommunityToolbar.alert.alertInfoInterval", 60);
Gelöscht : user_pref("CommunityToolbar.alert.alertInfoLastCheckTime", "Tue Aug 17 2010 18:32:50 GMT+0200");
Gelöscht : user_pref("CommunityToolbar.alert.clientsServerUrl", "hxxp://alert.client.conduit.com");
Gelöscht : user_pref("CommunityToolbar.alert.locale", "en");
Gelöscht : user_pref("CommunityToolbar.alert.loginIntervalMin", 1440);
Gelöscht : user_pref("CommunityToolbar.alert.loginLastCheckTime", "Tue Aug 17 2010 18:32:49 GMT+0200");
Gelöscht : user_pref("CommunityToolbar.alert.loginLastUpdateTime", "1282029937");
Gelöscht : user_pref("CommunityToolbar.alert.messageShowTimeSec", 20);
Gelöscht : user_pref("CommunityToolbar.alert.servicesServerUrl", "hxxp://alert.services.conduit.com");
Gelöscht : user_pref("CommunityToolbar.alert.showTrayIcon", false);
Gelöscht : user_pref("CommunityToolbar.alert.userCloseIntervalMin", 300);
Gelöscht : user_pref("CommunityToolbar.alert.userId", "{e0ad8050-c92a-4721-975d-8aed4714064a}");
Gelöscht : user_pref("CommunityToolbar.facebook.settingsLastCheckTime", "Tue Aug 17 2010 18:32:50 GMT+0200");
Gelöscht : user_pref("CommunityToolbar.keywordURLSelectedCTID", "CT2269050");
Gelöscht : user_pref("browser.search.defaulturl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2269050&Sea[...]
Gelöscht : user_pref("icqtoolbar.allowSendURL", false);
Gelöscht : user_pref("icqtoolbar.engineVerified", true);
Gelöscht : user_pref("icqtoolbar.hiddenElements", "itb_options");
Gelöscht : user_pref("icqtoolbar.installTime", "1277107957");
Gelöscht : user_pref("icqtoolbar.itbsitescount", 0);
Gelöscht : user_pref("icqtoolbar.newtab_state", "0");
Gelöscht : user_pref("icqtoolbar.numberOfSearches", 1);
Gelöscht : user_pref("icqtoolbar.previousFFVersion", "3.6.3");
Gelöscht : user_pref("icqtoolbar.skip_default_search", "no");
Gelöscht : user_pref("icqtoolbar.suggestions", false);
Gelöscht : user_pref("icqtoolbar.uninstStatSent", true);
Gelöscht : user_pref("icqtoolbar.uniqueID", "127696042512769603861277107957743");
Gelöscht : user_pref("icqtoolbar.usageStatstTimestamp", 1277107960);
Gelöscht : user_pref("icqtoolbar.xmlEnableSuggestions", false);
Gelöscht : user_pref("icqtoolbar.xmlLanguage", "de");
-\\ Google Chrome v28.0.1500.71
Datei : C:\Users\Alex\AppData\Local\Google\Chrome\User Data\Default\Preferences
[OK] Die Datei ist sauber.
-\\ Opera v [Version kann nicht ermittelt werden]
Datei : C:\Users\Alex\AppData\Roaming\Opera\Opera\operaprefs.ini
Gelöscht : HostName Web Lookup Address=hxxp://search.icq.com/search/afe_results.php?q=%s&ch_id=osd&icid=opera
*************************
AdwCleaner[S1].txt - [16450 octets] - [13/07/2013 18:26:06]
########## EOF - C:\AdwCleaner[S1].txt - [16511 octets] ##########
Code:
ATTFilter ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 5.0.9 (07.12.2013:2)
OS: Windows 7 Home Premium x86
Ran by Alex on 13.07.2013 at 18:33:29,12
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~ Services
~~~ Registry Values
~~~ Registry Keys
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\tracing\apnstub_rasapi32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\tracing\apnstub_rasmancs
~~~ Files
~~~ Folders
~~~ FireFox
Successfully deleted the following from C:\Users\Alex\AppData\Roaming\mozilla\firefox\profiles\811wv9ly.default\prefs.js
user_pref("extensions.bootstrappedAddons", "{\"firebug@software.joehewitt.com\":{\"version\":\"1.11.4\",\"type\":\"extension\",\"descriptor\":\"C:\\\\Users\\\\Alex\\\\AppData\
Emptied folder: C:\Users\Alex\AppData\Roaming\mozilla\firefox\profiles\811wv9ly.default\minidumps [284 files]
~~~ Event Viewer Logs were cleared
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 13.07.2013 at 18:35:46,19
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 13-07-2013 01
Ran by Alex (administrator) on 13-07-2013 18:39:45
Running from C:\Users\Alex\Desktop
Microsoft Windows 7 Home Premium Service Pack 1 (X86) OS Language: German Standard
Internet Explorer Version 10
Boot Mode: Normal
==================== Processes (Whitelisted) ===================
(Microsoft Corporation) c:\Program Files\Microsoft Security Client\MsMpEng.exe
(AMD) C:\Windows\system32\atiesrxx.exe
(Logitech Inc.) C:\Program Files\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
(AMD) C:\Windows\system32\atieclxx.exe
(Check Point Software Technologies) C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe
(VIA) C:\Program Files\VIA\VIAudioi\VDeck\VDeck.exe
(Logitech, Inc.) C:\Program Files\Logitech\SetPointP\SetPoint.exe
(Logitech Inc.) C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Advanced Micro Devices Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
() C:\Program Files\Logitech\LWS\Webcam Software\CameraHelperShell.exe
(Logitech, Inc.) C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE
(Check Point Software Technologies) C:\Program Files\CheckPoint\ZAForceField\ForceField.exe
() C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
(Skype Technologies S.A.) C:\Program Files\Skype\Phone\Skype.exe
(ATI Technologies Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Nero AG) C:\Program Files\HTC\HTC Sync Manager\HSMServiceEntry.exe
() C:\ProgramData\DatacardService\HWDeviceService.exe
(Huawei Technologies Co., Ltd.) C:\ProgramData\DatacardService\DCSHelper.exe
(Hewlett-Packard Company) C:\Program Files\Common Files\LightScribe\LSSrvc.exe
() C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe
() C:\Program Files\HTC\HTC Sync Manager\HTC Sync\adb.exe
() C:\Windows\system32\PnkBstrA.exe
(AMD) C:\Program Files\ATI Technologies\HydraVision\HydraDM.exe
(TeamViewer GmbH) C:\Program Files\TeamViewer\Version7\TeamViewer_Service.exe
(VMware, Inc.) C:\Program Files\Common Files\VMware\USB\vmware-usbarbitrator.exe
(VMware, Inc.) C:\Windows\system32\vmnat.exe
(VMware, Inc.) C:\Windows\system32\vmnetdhcp.exe
(VMware, Inc.) C:\Program Files\VMware\VMware Player\vmware-authd.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe
(Nero AG) C:\Program Files\Nero\Update\NASvc.exe
(Microsoft Corporation) c:\Program Files\Microsoft Security Client\MpCmdRun.exe
(Microsoft Corporation) C:\Windows\system32\AUDIODG.EXE
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [HDAudDeck] - C:\Program Files\VIA\VIAudioi\VDeck\VDeck.exe -r [1681408 2009-09-21] (VIA)
HKLM\...\Run: [SwitchBoard] - C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM\...\Run: [ZoneAlarm] - "C:\Program Files\CheckPoint\ZoneAlarm\zatray.exe" [73392 2012-10-09] (Check Point Software Technologies LTD)
HKLM\...\Run: [EvtMgr6] - C:\Program Files\Logitech\SetPointP\SetPoint.exe /launchGaming [1387288 2011-10-07] (Logitech, Inc.)
HKLM\...\Run: [LWS] - C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe -hide [205336 2011-11-11] (Logitech Inc.)
HKLM\...\Run: [MSC] - "C:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey [995176 2013-06-20] (Microsoft Corporation)
HKLM\...\Run: [StartCCC] - "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun [642728 2012-09-28] (Advanced Micro Devices, Inc.)
HKLM\...\Run: [Adobe ARM] - "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM\...\Run: [SunJavaUpdateSched] - "C:\Program Files\Common Files\Java\Java Update\jusched.exe" [253816 2013-03-12] (Oracle Corporation)
HKLM\...\Run: [ISW] - C:\Program Files\CheckPoint\ZAForceField\ForceField.exe /icon="hidden" [738984 2012-08-30] (Check Point Software Technologies)
Winlogon\Notify\LBTWlgn: c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll [X]
HKCU\...\Run: [Skype] - "C:\Program Files\Skype\Phone\Skype.exe" /minimized /regrun [19875432 2013-06-21] (Skype Technologies S.A.)
HKCU\...\Run: [HydraVisionDesktopManager] - "C:\Program Files\ATI Technologies\HydraVision\HydraDM.exe" [393216 2010-07-06] (AMD)
HKU\Default\...\RunOnce: [mctadmin] - C:\Windows\System32\mctadmin.exe [ 2009-07-14] (Microsoft Corporation)
HKU\Default User\...\RunOnce: [mctadmin] - C:\Windows\System32\mctadmin.exe [ 2009-07-14] (Microsoft Corporation)
==================== Internet (Whitelisted) ====================
ProxyServer: 212.227.80.22:3128
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
StartMenuInternet: IEXPLORE.EXE - "C:\Program Files\Internet Explorer\iexplore.exe"
SearchScopes: HKCU - {E21DDF5B-1FF9-4E6C-AAD9-925E3CE0876D} URL = hxxp://de.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&type=302398&p={searchTerms}
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: ZoneAlarm Security Engine Registrar - {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - ZoneAlarm Security Engine - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
Toolbar: HKCU -ZoneAlarm Security Engine - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
Winsock: Catalog9 11 %SystemRoot%\system32\vsocklib.dll [63088] (VMware, Inc.)
Winsock: Catalog9 12 %SystemRoot%\system32\vsocklib.dll [63088] (VMware, Inc.)
Tcpip\..\Interfaces\{633454F3-C13E-4013-8629-79DB16C0ADA2}: [NameServer]83.169.186.33,83.169.186.97
FireFox:
========
FF ProfilePath: C:\Users\Alex\AppData\Roaming\Mozilla\Firefox\Profiles\811wv9ly.default
FF Homepage: youtube.de
FF Keyword.URL: hxxp://www.google.com/search?ie=UTF-8&oe=UTF-8&sourceid=navclient&gfns=1&q=
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_11_7_700_224.dll ()
FF Plugin: @divx.com/DivX Browser Plugin,version=1.0.0 - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll No File
FF Plugin: @gamersfirst.com/LiveLauncher - C:\Program Files\GamersFirst\LIVE!\nplivelauncher.dll No File
FF Plugin: @java.com/DTPlugin,version=10.25.2 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.25.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @ngm.nexoneu.com/NxGame - C:\ProgramData\NexonEU\NGM\npNxGameeu.dll (Nexon)
FF Plugin: @pandonetworks.com/PandoWebPlugin - C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @videolan.org/vlc,version=2.0.5 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @unity3d.com/UnityPlayer,version=1.0 - C:\Users\Alex\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF Plugin HKCU: pandonetworks.com/PandoWebPlugin - C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF SearchPlugin: C:\Users\Alex\AppData\Roaming\Mozilla\Firefox\Profiles\811wv9ly.default\searchplugins\dictcc.xml
FF SearchPlugin: C:\Users\Alex\AppData\Roaming\Mozilla\Firefox\Profiles\811wv9ly.default\searchplugins\ixquick-http---deutsch.xml
FF SearchPlugin: C:\Users\Alex\AppData\Roaming\Mozilla\Firefox\Profiles\811wv9ly.default\searchplugins\wolframalpha.xml
FF Extension: No Name - C:\Users\Alex\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
FF Extension: GFACE Experience Plugin - C:\Users\Alex\AppData\Roaming\Mozilla\Firefox\Profiles\811wv9ly.default\Extensions\cryenginebrowserplugin@crytek.com
FF Extension: ProxTube - Gesperrte YouTube Videos entsperren - C:\Users\Alex\AppData\Roaming\Mozilla\Firefox\Profiles\811wv9ly.default\Extensions\ich@maltegoetz.de
FF Extension: LastPass - C:\Users\Alex\AppData\Roaming\Mozilla\Firefox\Profiles\811wv9ly.default\Extensions\support@lastpass.com
FF Extension: faviconizetab - C:\Users\Alex\AppData\Roaming\Mozilla\Firefox\Profiles\811wv9ly.default\Extensions\faviconizetab@espion.just-size.jp.xpi
FF Extension: firebug - C:\Users\Alex\AppData\Roaming\Mozilla\Firefox\Profiles\811wv9ly.default\Extensions\firebug@software.joehewitt.com.xpi
FF Extension: tab-width - C:\Users\Alex\AppData\Roaming\Mozilla\Firefox\Profiles\811wv9ly.default\Extensions\tab-width@design-noir.de.xpi
FF Extension: youtubeunblocker - C:\Users\Alex\AppData\Roaming\Mozilla\Firefox\Profiles\811wv9ly.default\Extensions\youtubeunblocker@unblocker.yt.xpi
FF Extension: No Name - C:\Users\Alex\AppData\Roaming\Mozilla\Firefox\Profiles\811wv9ly.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
FF Extension: No Name - C:\Users\Alex\AppData\Roaming\Mozilla\Firefox\Profiles\811wv9ly.default\Extensions\{fe272bd1-5f76-4ea4-8501-a05d35d823fc}.xpi
FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}
FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}
FF Extension: Default - C:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF HKLM\...\Firefox\Extensions: [{FFB96CC1-7EB3-449D-B827-DB661701C6BB}] C:\Program Files\CheckPoint\ZAForceField\TrustChecker
FF Extension: ZoneAlarm Security Engine - C:\Program Files\CheckPoint\ZAForceField\TrustChecker
Chrome:
=======
CHR RestoreOnStartup: "hxxp://beta.gface.com/"
CHR DefaultSearchURL: (Google) - {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}
CHR DefaultSuggestURL: (Google) - {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParameter}
CHR Plugin: (Shockwave Flash) - C:\Program Files\Google\Chrome\Application\27.0.1453.110\PepperFlash\pepflashplayer.dll No File
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files\Google\Chrome\Application\27.0.1453.110\ppGoogleNaClPluginChrome.dll No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files\Google\Chrome\Application\27.0.1453.110\pdf.dll No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Reader 11.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (2007 Microsoft Office system) - C:\Program Files\Mozilla Firefox\plugins\NPOFF12.DLL (Microsoft Corporation)
CHR Plugin: (Winamp Application Detector) - C:\Program Files\Mozilla Firefox\plugins\npwachk.dll (Nullsoft, Inc.)
CHR Plugin: (getPlusPlus for Adobe 16260) - C:\Program Files\Mozilla Firefox\plugins\np_gp.dll (NOS Microsystems Ltd.)
CHR Plugin: (npFFApi) - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\npFFApi.dll ()
CHR Plugin: (Google Update) - C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll No File
CHR Plugin: (Java(TM) Platform SE 7 U13) - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
CHR Plugin: (Pando Web Plugin) - C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
CHR Plugin: (Nexon Game Controller) - C:\ProgramData\NexonEU\NGM\npNxGameeu.dll (Nexon)
CHR Plugin: (Unity Player) - C:\Users\Alex\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
CHR Plugin: (Shockwave Flash) - C:\Windows\system32\Macromed\Flash\NPSWF32_11_5_502_149.dll No File
CHR Plugin: (Java Deployment Toolkit 7.0.130.20) - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
CHR Extension: (Google Docs) - C:\Users\Alex\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0
CHR Extension: (Google Drive) - C:\Users\Alex\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0
CHR Extension: (YouTube) - C:\Users\Alex\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0
CHR Extension: (Google Search) - C:\Users\Alex\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0
CHR Extension: (GFACE Experience Plugin) - C:\Users\Alex\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejdlfmdbdibkbfdpjocdaolcheehmpol\0.29.0_0
CHR Extension: (Gmail) - C:\Users\Alex\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0
========================== Services (Whitelisted) =================
S3 getPlusHelper; C:\Program Files\NOS\bin\getPlus_Helper.dll [67360 2009-12-17] (NOS Microsystems Ltd.)
S2 HiPatchService; C:\_Gamez\Smite\HiPatchService.exe [9216 2013-04-23] (Hi-Rez Studios)
R2 HTCMonitorService; C:\Program Files\HTC\HTC Sync Manager\HSMServiceEntry.exe [87368 2013-01-29] (Nero AG)
R2 HWDeviceService.exe; C:\ProgramData\DatacardService\HWDeviceService.exe [271712 2011-03-14] ()
R2 IswSvc; C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe [497320 2012-08-30] (Check Point Software Technologies)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [22208 2013-06-20] (Microsoft Corporation)
R2 NAUpdate; C:\Program Files\Nero\Update\NASvc.exe [769432 2012-07-13] (Nero AG)
S3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [295376 2013-06-20] (Microsoft Corporation)
R2 PassThru Service; C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe [167424 2012-12-07] ()
R2 PnkBstrA; C:\Windows\system32\PnkBstrA.exe [75136 2011-06-01] ()
S3 TunngleService; C:\Program Files\Tunngle\TnglCtrl.exe [745368 2012-11-26] (Tunngle.net GmbH)
R2 UMVPFSrv; C:\Program Files\Common Files\logishrd\LVMVFM\UMVPFSrv.exe [450848 2012-01-18] (Logitech Inc.)
R2 VMAuthdService; C:\Program Files\VMware\VMware Player\vmware-authd.exe [79872 2011-11-13] (VMware, Inc.)
R2 VMnetDHCP; C:\Windows\system32\vmnetdhcp.exe [354416 2011-11-14] (VMware, Inc.)
R2 VMUSBArbService; C:\Program Files\Common Files\VMware\USB\vmware-usbarbitrator.exe [665200 2011-08-29] (VMware, Inc.)
R2 VMware NAT Service; C:\Windows\system32\vmnat.exe [433264 2011-11-14] (VMware, Inc.)
S2 vsmon; C:\Program Files\CheckPoint\ZoneAlarm\vsmon.exe [2447440 2012-10-09] (Check Point Software Technologies LTD)
S3 Hamachi2Svc; "C:\Program Files\LogMeIn Hamachi\hamachi-2.exe" -s [x]
==================== Drivers (Whitelisted) ====================
R2 atksgt; C:\Windows\System32\DRIVERS\atksgt.sys [281760 2013-06-30] ()
R3 CompFilter; C:\Windows\System32\DRIVERS\lvbusflt.sys [22176 2012-01-18] (Logitech Inc.)
R1 ElbyCDIO; C:\Windows\System32\Drivers\ElbyCDIO.sys [26024 2009-12-18] (Elaborate Bytes AG)
S3 ENTECH; C:\Windows\system32\DRIVERS\ENTECH.sys [27672 2008-09-17] (EnTech Taiwan)
S3 FsUsbExDisk; C:\Windows\system32\FsUsbExDisk.SYS [36640 2010-03-26] ()
S3 hamachi; C:\Windows\System32\DRIVERS\hamachi.sys [26176 2009-03-18] (LogMeIn, Inc.)
R2 hcmon; C:\Windows\system32\drivers\hcmon.sys [32496 2011-08-29] (VMware, Inc.)
S3 htcnprot; C:\Windows\System32\DRIVERS\htcnprot.sys [23040 2012-09-25] (Windows (R) Win 7 DDK provider)
S3 huawei_cdcacm; C:\Windows\System32\DRIVERS\ew_jucdcacm.sys [90368 2012-04-19] (Huawei Technologies Co., Ltd.)
S3 huawei_ext_ctrl; C:\Windows\System32\DRIVERS\ew_juextctrl.sys [26624 2012-04-19] (Huawei Technologies Co., Ltd.)
S3 huawei_wwanecm; C:\Windows\System32\DRIVERS\ew_juwwanecm.sys [181760 2012-04-19] (Huawei Technologies Co., Ltd.)
R2 ISWKL; C:\Program Files\CheckPoint\ZAForceField\ISWKL.sys [27056 2012-08-30] (Check Point Software Technologies)
S3 KoneFltr; C:\Windows\System32\drivers\Kone.sys [13056 2008-12-11] (ROCCAT Ltd)
R3 LEqdUsb; C:\Windows\System32\Drivers\LEqdUsb.Sys [42648 2011-09-02] (Logitech, Inc.)
R3 LHidEqd; C:\Windows\System32\Drivers\LHidEqd.Sys [12184 2011-09-02] (Logitech, Inc.)
R2 lirsgt; C:\Windows\System32\DRIVERS\lirsgt.sys [25888 2013-06-30] ()
R3 LMouFilt; C:\Windows\System32\DRIVERS\LMouFilt.Sys [39192 2011-09-02] (Logitech, Inc.)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [211560 2013-06-18] (Microsoft Corporation)
R3 SCREAMINGBDRIVER; C:\Windows\System32\drivers\ScreamingBAudio.sys [34384 2009-11-26] (Screaming Bee LLC)
R0 sptd; C:\Windows\System32\Drivers\sptd.sys [691696 2010-02-02] ()
S3 tap0901t; C:\Windows\System32\DRIVERS\tap0901t.sys [27136 2009-09-16] (Tunngle.net)
R3 VIAHdAudAddService; C:\Windows\System32\drivers\viahduaa.sys [1086976 2009-09-17] (VIA Technologies, Inc.)
R3 vmkbd; C:\Windows\system32\drivers\VMkbd.sys [25584 2011-11-14] (VMware, Inc.)
S3 VMnetAdapter; C:\Windows\System32\DRIVERS\vmnetadapter.sys [16624 2011-11-13] (VMware, Inc.)
R2 VMnetBridge; C:\Windows\System32\DRIVERS\vmnetbridge.sys [36464 2011-11-13] (VMware, Inc.)
R2 VMnetuserif; C:\Windows\system32\drivers\vmnetuserif.sys [25712 2011-11-14] (VMware, Inc.)
R2 VMparport; C:\Windows\system32\Drivers\VMparport.sys [23792 2011-11-14] (VMware, Inc.)
R2 vmx86; C:\Windows\system32\Drivers\vmx86.sys [55664 2011-11-14] (VMware, Inc.)
R1 Vsdatant; C:\Windows\System32\DRIVERS\vsdatant.sys [455256 2011-05-07] (Check Point Software Technologies LTD)
S3 wod0205; C:\Windows\System32\DRIVERS\wod0205.sys [28936 2011-04-23] (WeOnlyDo Software)
S3 xnacc; C:\Windows\System32\DRIVERS\xnacc.sys [465408 2009-07-14] (Microsoft Corporation)
U3 a0ynbs6m; C:\Windows\System32\Drivers\a0ynbs6m.sys [0 ] (Microsoft Corporation)
S3 catchme; \??\C:\Users\Alex\AppData\Local\Temp\catchme.sys [x]
S3 cpuz130; \??\C:\Users\Alex\AppData\Local\Temp\cpuz130\cpuz_x32.sys [x]
S3 EagleNT; \??\C:\Windows\system32\drivers\EagleNT.sys [x]
S3 EagleXNt; \??\C:\Windows\system32\drivers\EagleXNt.sys [x]
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2013-07-13 18:38 - 2013-07-13 18:39 - 01218190 _____ (Farbar) C:\Users\Alex\Desktop\FRST.exe
2013-07-13 18:33 - 2013-07-13 18:33 - 00000000 ____D C:\Windows\ERUNT
2013-07-13 18:25 - 2013-07-13 18:25 - 00662345 _____ C:\Users\Alex\Desktop\adwcleaner.exe
2013-07-13 12:11 - 2013-07-13 18:37 - 00000000 ____D C:\Users\Alex\Desktop\hotkeys_2.11
2013-07-13 12:10 - 2013-07-13 12:31 - 00000744 _____ C:\Users\Alex\Desktop\zoidberg.txt
2013-07-13 09:58 - 2013-07-13 10:12 - 00000000 ____D C:\Qoobox
2013-07-13 09:58 - 2011-06-26 08:45 - 00256000 _____ C:\Windows\PEV.exe
2013-07-13 09:58 - 2010-11-07 19:20 - 00208896 _____ C:\Windows\MBR.exe
2013-07-13 09:58 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2013-07-13 09:58 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2013-07-13 09:58 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2013-07-13 09:58 - 2000-08-31 02:00 - 00098816 _____ C:\Windows\sed.exe
2013-07-13 09:58 - 2000-08-31 02:00 - 00080412 _____ C:\Windows\grep.exe
2013-07-13 09:58 - 2000-08-31 02:00 - 00068096 _____ C:\Windows\zip.exe
2013-07-13 09:57 - 2013-07-13 10:11 - 00000000 ____D C:\Windows\erdnt
2013-07-13 09:56 - 2013-07-13 18:38 - 00000000 ____D C:\Users\Alex\Desktop\Antivirus
2013-07-12 11:30 - 2013-07-12 11:30 - 00000000 ____D C:\FRST
2013-07-11 15:14 - 2013-07-11 15:17 - 00000000 ____D C:\Windows\system32\MRT
2013-07-10 10:17 - 2013-06-12 01:43 - 14329856 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-07-10 10:17 - 2013-06-12 01:43 - 02877440 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-07-10 10:17 - 2013-06-12 01:43 - 01767936 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-07-10 10:17 - 2013-06-12 01:43 - 01141248 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-07-10 10:17 - 2013-06-12 01:43 - 00690688 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-07-10 10:17 - 2013-06-12 01:43 - 00493056 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-07-10 10:17 - 2013-06-12 01:43 - 00042496 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-07-10 10:17 - 2013-06-12 01:43 - 00039424 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-07-10 10:17 - 2013-06-12 01:42 - 13760512 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-07-10 10:17 - 2013-06-12 01:42 - 02046976 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-07-10 10:17 - 2013-06-12 01:42 - 00391168 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-07-10 10:17 - 2013-06-12 01:42 - 00109056 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2013-07-10 10:17 - 2013-06-12 01:42 - 00061440 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-07-10 10:17 - 2013-06-12 01:42 - 00033280 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-07-10 10:17 - 2013-06-12 00:51 - 00071680 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2013-07-10 10:17 - 2013-06-07 04:37 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-07-10 10:15 - 2013-07-10 10:15 - 00001144 _____ C:\Users\Alex\Desktop\HotlineMiami.lnk
2013-07-10 10:10 - 2013-06-05 05:05 - 02347520 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2013-07-10 10:10 - 2013-06-04 06:53 - 00509440 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2013-07-10 10:10 - 2013-05-06 06:56 - 01620480 _____ (Microsoft Corporation) C:\Windows\system32\WMVDECOD.DLL
2013-07-10 10:10 - 2013-04-10 01:34 - 01247744 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2013-07-05 13:51 - 2013-07-05 13:52 - 00001971 _____ C:\Users\Alex\Desktop\MediathekView.lnk
2013-07-03 21:21 - 2013-07-03 21:21 - 00000000 ____D C:\Program Files\Mozilla Firefox
2013-07-03 19:13 - 2013-07-04 16:24 - 00000000 ____D C:\Users\Alex\MediathekView
2013-07-03 19:08 - 2013-07-03 19:08 - 00000000 ____D C:\Users\Alex\.mediathek3
2013-07-03 19:08 - 2013-07-03 19:08 - 00000000 ____D C:\Program Files\MediathekView_3.2.1
2013-06-30 20:38 - 2013-06-30 20:38 - 00000000 ____D C:\Users\Alex\Documents\naild
2013-06-30 20:23 - 2013-06-30 20:23 - 00001551 _____ C:\Users\Public\Desktop\Nail'd.lnk
2013-06-30 20:05 - 2013-06-30 20:05 - 00281760 _____ C:\Windows\system32\Drivers\atksgt.sys
2013-06-30 20:05 - 2013-06-30 20:05 - 00025888 _____ C:\Windows\system32\Drivers\lirsgt.sys
2013-06-26 15:00 - 2013-06-26 15:00 - 00000930 _____ C:\Users\Public\Desktop\calibre - E-book management.lnk
2013-06-21 21:05 - 2013-06-21 21:05 - 00004932 _____ C:\Windows\system32\jupdate-1.7.0_25-b16.log
2013-06-21 21:05 - 2013-06-12 21:48 - 00094632 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge.dll
2013-06-21 21:05 - 2013-06-12 21:43 - 00263592 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
2013-06-21 21:05 - 2013-06-12 21:43 - 00175016 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe
2013-06-21 21:05 - 2013-06-12 21:43 - 00175016 _____ (Oracle Corporation) C:\Windows\system32\java.exe
2013-06-18 21:50 - 2013-06-18 21:50 - 00211560 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\MpFilter.sys
==================== One Month Modified Files and Folders =======
2013-07-13 18:39 - 2013-07-13 18:38 - 01218190 _____ (Farbar) C:\Users\Alex\Desktop\FRST.exe
2013-07-13 18:39 - 2009-12-21 23:11 - 00000000 ___RD C:\Users\Alex\Desktop
2013-07-13 18:38 - 2013-07-13 09:56 - 00000000 ____D C:\Users\Alex\Desktop\Antivirus
2013-07-13 18:38 - 2009-12-22 12:52 - 00373737 _____ C:\Windows\setupact.log
2013-07-13 18:37 - 2013-07-13 12:11 - 00000000 ____D C:\Users\Alex\Desktop\hotkeys_2.11
2013-07-13 18:36 - 2009-07-14 06:34 - 00014800 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-07-13 18:36 - 2009-07-14 06:34 - 00014800 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-07-13 18:33 - 2013-07-13 18:33 - 00000000 ____D C:\Windows\ERUNT
2013-07-13 18:32 - 2009-12-21 22:59 - 01385061 _____ C:\Windows\WindowsUpdate.log
2013-07-13 18:29 - 2012-10-18 19:43 - 00000000 ____D C:\Users\Alex\AppData\Roaming\Skype
2013-07-13 18:28 - 2013-02-23 15:41 - 00001090 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-07-13 18:28 - 2012-12-08 14:23 - 00000000 ____D C:\Users\Alex\AppData\Local\HTC MediaHub
2013-07-13 18:28 - 2011-12-31 18:13 - 00000000 ____D C:\ProgramData\VMware
2013-07-13 18:28 - 2009-12-22 12:51 - 00000000 ____D C:\Users\Alex\AppData\Roaming\CheckPoint
2013-07-13 18:28 - 2009-07-14 06:53 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-07-13 18:26 - 2010-03-24 14:45 - 00000000 ____D C:\Program Files\Common Files\DVDVideoSoft
2013-07-13 18:25 - 2013-07-13 18:25 - 00662345 _____ C:\Users\Alex\Desktop\adwcleaner.exe
2013-07-13 15:41 - 2010-10-09 12:26 - 00000000 ____D C:\Users\Alex\AppData\Local\PMB Files
2013-07-13 15:41 - 2010-10-09 12:26 - 00000000 ____D C:\ProgramData\PMB Files
2013-07-13 15:41 - 2010-05-20 18:22 - 00000000 ____D C:\Users\Alex\AppData\Roaming\TS3Client
2013-07-13 15:01 - 2013-02-23 15:41 - 00001094 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-07-13 14:58 - 2013-05-21 11:07 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-07-13 13:04 - 2010-05-15 17:23 - 00000000 ____D C:\Program Files\Steam
2013-07-13 12:41 - 2010-05-15 17:23 - 00000000 ____D C:\Program Files\Common Files\Steam
2013-07-13 12:31 - 2013-07-13 12:10 - 00000744 _____ C:\Users\Alex\Desktop\zoidberg.txt
2013-07-13 10:32 - 2009-12-22 13:53 - 00170650 _____ C:\Windows\PFRO.log
2013-07-13 10:12 - 2013-07-13 09:58 - 00000000 ____D C:\Qoobox
2013-07-13 10:12 - 2009-07-14 04:37 - 00000000 __RHD C:\Users\Default
2013-07-13 10:12 - 2009-07-14 04:37 - 00000000 ___RD C:\Users\Public
2013-07-13 10:11 - 2013-07-13 09:57 - 00000000 ____D C:\Windows\erdnt
2013-07-13 10:11 - 2009-07-14 04:04 - 00000215 _____ C:\Windows\system.ini
2013-07-12 11:30 - 2013-07-12 11:30 - 00000000 ____D C:\FRST
2013-07-12 11:25 - 2012-10-18 20:12 - 00000000 ___RD C:\Program Files\Skype
2013-07-12 11:25 - 2009-12-26 12:38 - 00000000 ____D C:\ProgramData\Skype
2013-07-11 19:38 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\Microsoft.NET
2013-07-11 15:17 - 2013-07-11 15:14 - 00000000 ____D C:\Windows\system32\MRT
2013-07-11 12:39 - 2009-12-21 23:10 - 01620094 _____ C:\Windows\system32\PerfStringBackup.INI
2013-07-10 15:18 - 2012-12-29 18:06 - 00000000 ____D C:\ProgramData\LightScribe
2013-07-10 14:56 - 2012-10-30 19:57 - 00001912 _____ C:\Windows\epplauncher.mif
2013-07-10 14:49 - 2012-10-30 19:56 - 00000000 ____D C:\Program Files\Microsoft Security Client
2013-07-10 13:17 - 2009-07-14 06:33 - 03803248 _____ C:\Windows\system32\FNTCACHE.DAT
2013-07-10 10:43 - 2009-07-14 10:56 - 00000000 ____D C:\Program Files\Windows Journal
2013-07-10 10:43 - 2009-07-14 06:52 - 00000000 ____D C:\Program Files\Windows Defender
2013-07-10 10:17 - 2009-12-26 12:50 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-07-10 10:15 - 2013-07-10 10:15 - 00001144 _____ C:\Users\Alex\Desktop\HotlineMiami.lnk
2013-07-10 10:15 - 2009-12-23 21:26 - 00000000 ____D C:\_Gamez
2013-07-05 20:23 - 2009-12-22 12:42 - 00000000 ____D C:\Users\Alex\AppData\Roaming\vlc
2013-07-05 13:52 - 2013-07-05 13:51 - 00001971 _____ C:\Users\Alex\Desktop\MediathekView.lnk
2013-07-04 16:24 - 2013-07-03 19:13 - 00000000 ____D C:\Users\Alex\MediathekView
2013-07-04 16:20 - 2012-04-25 16:50 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service
2013-07-03 21:21 - 2013-07-03 21:21 - 00000000 ____D C:\Program Files\Mozilla Firefox
2013-07-03 19:13 - 2009-12-21 23:11 - 00000000 ____D C:\Users\Alex
2013-07-03 19:08 - 2013-07-03 19:08 - 00000000 ____D C:\Users\Alex\.mediathek3
2013-07-03 19:08 - 2013-07-03 19:08 - 00000000 ____D C:\Program Files\MediathekView_3.2.1
2013-06-30 20:38 - 2013-06-30 20:38 - 00000000 ____D C:\Users\Alex\Documents\naild
2013-06-30 20:23 - 2013-06-30 20:23 - 00001551 _____ C:\Users\Public\Desktop\Nail'd.lnk
2013-06-30 20:23 - 2009-07-14 04:37 - 00000000 __RHD C:\Users\Public\Desktop
2013-06-30 20:05 - 2013-06-30 20:05 - 00281760 _____ C:\Windows\system32\Drivers\atksgt.sys
2013-06-30 20:05 - 2013-06-30 20:05 - 00025888 _____ C:\Windows\system32\Drivers\lirsgt.sys
2013-06-30 19:57 - 2009-12-22 13:52 - 00000000 ___HD C:\Program Files\InstallShield Installation Information
2013-06-30 19:54 - 2010-01-08 16:19 - 00000000 ____D C:\Users\Alex\AppData\Roaming\dvdcss
2013-06-26 15:01 - 2012-05-02 19:26 - 00000000 ____D C:\Program Files\Calibre2
2013-06-26 15:00 - 2013-06-26 15:00 - 00000930 _____ C:\Users\Public\Desktop\calibre - E-book management.lnk
2013-06-24 00:37 - 2009-12-24 13:31 - 75733144 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2013-06-23 17:57 - 2010-06-14 15:31 - 00000000 ____D C:\Program Files\JDownloader
2013-06-22 13:25 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\rescache
2013-06-21 21:05 - 2013-06-21 21:05 - 00004932 _____ C:\Windows\system32\jupdate-1.7.0_25-b16.log
2013-06-21 21:05 - 2013-05-04 20:24 - 00000000 ____D C:\Program Files\Java
2013-06-19 19:29 - 2013-06-06 16:16 - 00000000 ____D C:\Users\Alex\AppData\Roaming\RIFT
2013-06-18 21:50 - 2013-06-18 21:50 - 00211560 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\MpFilter.sys
2013-06-18 21:50 - 2012-08-30 23:03 - 00107392 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\NisDrvWFP.sys
2013-06-16 17:45 - 2009-12-26 14:01 - 00000000 ____D C:\Users\Alex\Documents\My Games
==================== Bamital & volsnap Check =================
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
LastRegBack: 2013-07-13 14:19
==================== End Of Log ============================
--- --- --- Mit freundllichen Grüßen GuitarFreak |
|
13.07.2013, 19:08
| #8 |
| /// the machine /// TB-Ausbilder | Virenfund unter DesinfectESET Online Scanner
Downloade Dir bitte  SecurityCheck und:
und ein frisches FRST log bitte. Noch Probleme? 
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
14.07.2013, 15:19
| #9 |
| | Virenfund unter Desinfect Hi, nochmal ne Frage; ist der Proxy jetzt von einem der Programme entfernt worden oder muss man das noch irgendwo manuell machen? Hier die Logs Eset Code:
ATTFilter ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=6f2a29277a2ccf479d44ac71d33e812a
# engine=14385
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2013-07-14 01:47:57
# local_time=2013-07-14 03:47:57 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=5893 16776574 100 94 363896 125440868 0 0
# compatibility_mode=9217 16777214 75 4 21679511 21679511 0 0
# scanned=486868
# found=2
# cleaned=0
# scan_time=21719
sh=480FA2E02978E8173DE15B98EC3C8FEC9A4A424C ft=1 fh=1e3ce5e42604fd71 vn="a variant of Win32/Packed.VMProtect.AAD trojan" ac=I fn="C:\_Gamez\Bulletstorm\Binaries\Win32\xlive.dll"
sh=A547973298426166F6C495C902844CBCA863269F ft=1 fh=de620cd3cd0dd399 vn="a variant of Win32/Packed.VMProtect.AAD trojan" ac=I fn="D:\games\Assassins.Creed.III.Multi2.Rip-HMH\Assassins.Creed.III.Multi2.Rip.Crack.Fix-HMH\hmh-aciiicrackfix.exe"
Code:
ATTFilter Results of screen317's Security Check version 0.99.69 Windows 7 Service Pack 1 x86 Internet Explorer 10 ``````````````Antivirus/Firewall Check:`````````````` Microsoft Security Essentials Antivirus up to date! `````````Anti-malware/Other Utilities Check:````````` Malwarebytes Anti-Malware Version 1.75.0.1300 Java 7 Update 25 Adobe Flash Player 11.7.700.224 Adobe Reader XI Mozilla Firefox (22.0) Mozilla Thunderbird 10.0.2 Thunderbird out of Date! Google Chrome 28.0.1500.71 Google Chrome 28.0.1500.72 ````````Process Check: objlist.exe by Laurent```````` Microsoft Security Essentials MSMpEng.exe Microsoft Security Essentials msseces.exe CheckPoint ZoneAlarm zatray.exe CheckPoint ZoneAlarm vsmon.exe `````````````````System Health check````````````````` Total Fragmentation on Drive C: ````````````````````End of Log`````````````````````` FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 14-07-2013
Ran by Alex (administrator) on 14-07-2013 16:13:53
Running from C:\Users\Alex\Desktop
Microsoft Windows 7 Home Premium Service Pack 1 (X86) OS Language: German Standard
Internet Explorer Version 10
Boot Mode: Normal
==================== Processes (Whitelisted) ===================
(Microsoft Corporation) c:\Program Files\Microsoft Security Client\MsMpEng.exe
(AMD) C:\Windows\system32\atiesrxx.exe
(Logitech Inc.) C:\Program Files\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
(AMD) C:\Windows\system32\atieclxx.exe
(Hi-Rez Studios) C:\_Gamez\Smite\HiPatchService.exe
(Nero AG) C:\Program Files\HTC\HTC Sync Manager\HSMServiceEntry.exe
() C:\ProgramData\DatacardService\HWDeviceService.exe
() C:\Program Files\HTC\HTC Sync Manager\HTC Sync\adb.exe
(Huawei Technologies Co., Ltd.) C:\ProgramData\DatacardService\DCSHelper.exe
(Hewlett-Packard Company) C:\Program Files\Common Files\LightScribe\LSSrvc.exe
(VIA) C:\Program Files\VIA\VIAudioi\VDeck\VDeck.exe
() C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe
() C:\Windows\system32\PnkBstrA.exe
(TeamViewer GmbH) C:\Program Files\TeamViewer\Version7\TeamViewer_Service.exe
(VMware, Inc.) C:\Program Files\Common Files\VMware\USB\vmware-usbarbitrator.exe
(Logitech, Inc.) C:\Program Files\Logitech\SetPointP\SetPoint.exe
(VMware, Inc.) C:\Windows\system32\vmnat.exe
(VMware, Inc.) C:\Windows\system32\vmnetdhcp.exe
(Logitech Inc.) C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe
(VMware, Inc.) C:\Program Files\VMware\VMware Player\vmware-authd.exe
() C:\Program Files\Logitech\LWS\Webcam Software\CameraHelperShell.exe
(Logitech, Inc.) C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE
(Advanced Micro Devices Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Microsoft Corporation) c:\Program Files\Microsoft Security Client\NisSrv.exe
(Skype Technologies S.A.) C:\Program Files\Skype\Phone\Skype.exe
() C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
(ATI Technologies Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Nero AG) C:\Program Files\Nero\Update\NASvc.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe
(Check Point Software Technologies) C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe
(Microsoft Corporation) C:\Windows\system32\AUDIODG.EXE
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Check Point Software Technologies LTD) C:\Program Files\CheckPoint\ZoneAlarm\zatray.exe
(Check Point Software Technologies LTD) C:\Program Files\CheckPoint\ZoneAlarm\vsmon.exe
(Check Point Software Technologies) C:\Program Files\CheckPoint\ZAForceField\ForceField.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Nullsoft, Inc.) C:\Program Files\Winamp\winamp.exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [HDAudDeck] - C:\Program Files\VIA\VIAudioi\VDeck\VDeck.exe -r [1681408 2009-09-21] (VIA)
HKLM\...\Run: [SwitchBoard] - C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM\...\Run: [ZoneAlarm] - "C:\Program Files\CheckPoint\ZoneAlarm\zatray.exe" [73392 2012-10-09] (Check Point Software Technologies LTD)
HKLM\...\Run: [EvtMgr6] - C:\Program Files\Logitech\SetPointP\SetPoint.exe /launchGaming [1387288 2011-10-07] (Logitech, Inc.)
HKLM\...\Run: [LWS] - C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe -hide [205336 2011-11-11] (Logitech Inc.)
HKLM\...\Run: [MSC] - "C:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey [995176 2013-06-20] (Microsoft Corporation)
HKLM\...\Run: [StartCCC] - "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun [642728 2012-09-28] (Advanced Micro Devices, Inc.)
HKLM\...\Run: [Adobe ARM] - "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM\...\Run: [SunJavaUpdateSched] - "C:\Program Files\Common Files\Java\Java Update\jusched.exe" [253816 2013-03-12] (Oracle Corporation)
HKLM\...\Run: [ISW] - C:\Program Files\CheckPoint\ZAForceField\ForceField.exe /icon="hidden" [738984 2012-08-30] (Check Point Software Technologies)
Winlogon\Notify\LBTWlgn: c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll [X]
HKCU\...\Run: [Skype] - "C:\Program Files\Skype\Phone\Skype.exe" /minimized /regrun [19875432 2013-06-21] (Skype Technologies S.A.)
HKU\Default\...\RunOnce: [mctadmin] - C:\Windows\System32\mctadmin.exe [ 2009-07-14] (Microsoft Corporation)
HKU\Default User\...\RunOnce: [mctadmin] - C:\Windows\System32\mctadmin.exe [ 2009-07-14] (Microsoft Corporation)
==================== Internet (Whitelisted) ====================
ProxyServer: 212.227.80.22:3128
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
StartMenuInternet: IEXPLORE.EXE - "C:\Program Files\Internet Explorer\iexplore.exe"
SearchScopes: HKCU - {E21DDF5B-1FF9-4E6C-AAD9-925E3CE0876D} URL = hxxp://de.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&type=302398&p={searchTerms}
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: ZoneAlarm Security Engine Registrar - {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - ZoneAlarm Security Engine - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
Toolbar: HKCU -ZoneAlarm Security Engine - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
Winsock: Catalog9 11 %SystemRoot%\system32\vsocklib.dll [63088] (VMware, Inc.)
Winsock: Catalog9 12 %SystemRoot%\system32\vsocklib.dll [63088] (VMware, Inc.)
Tcpip\..\Interfaces\{633454F3-C13E-4013-8629-79DB16C0ADA2}: [NameServer]83.169.186.33,83.169.186.97
FireFox:
========
FF ProfilePath: C:\Users\Alex\AppData\Roaming\Mozilla\Firefox\Profiles\811wv9ly.default
FF Homepage: youtube.de
FF Keyword.URL: hxxp://www.google.com/search?ie=UTF-8&oe=UTF-8&sourceid=navclient&gfns=1&q=
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_11_7_700_224.dll ()
FF Plugin: @divx.com/DivX Browser Plugin,version=1.0.0 - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll No File
FF Plugin: @gamersfirst.com/LiveLauncher - C:\Program Files\GamersFirst\LIVE!\nplivelauncher.dll No File
FF Plugin: @java.com/DTPlugin,version=10.25.2 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.25.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @ngm.nexoneu.com/NxGame - C:\ProgramData\NexonEU\NGM\npNxGameeu.dll (Nexon)
FF Plugin: @pandonetworks.com/PandoWebPlugin - C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @videolan.org/vlc,version=2.0.5 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @unity3d.com/UnityPlayer,version=1.0 - C:\Users\Alex\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF Plugin HKCU: pandonetworks.com/PandoWebPlugin - C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF SearchPlugin: C:\Users\Alex\AppData\Roaming\Mozilla\Firefox\Profiles\811wv9ly.default\searchplugins\dictcc.xml
FF SearchPlugin: C:\Users\Alex\AppData\Roaming\Mozilla\Firefox\Profiles\811wv9ly.default\searchplugins\ixquick-http---deutsch.xml
FF SearchPlugin: C:\Users\Alex\AppData\Roaming\Mozilla\Firefox\Profiles\811wv9ly.default\searchplugins\wolframalpha.xml
FF Extension: No Name - C:\Users\Alex\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
FF Extension: GFACE Experience Plugin - C:\Users\Alex\AppData\Roaming\Mozilla\Firefox\Profiles\811wv9ly.default\Extensions\cryenginebrowserplugin@crytek.com
FF Extension: ProxTube - Gesperrte YouTube Videos entsperren - C:\Users\Alex\AppData\Roaming\Mozilla\Firefox\Profiles\811wv9ly.default\Extensions\ich@maltegoetz.de
FF Extension: LastPass - C:\Users\Alex\AppData\Roaming\Mozilla\Firefox\Profiles\811wv9ly.default\Extensions\support@lastpass.com
FF Extension: faviconizetab - C:\Users\Alex\AppData\Roaming\Mozilla\Firefox\Profiles\811wv9ly.default\Extensions\faviconizetab@espion.just-size.jp.xpi
FF Extension: firebug - C:\Users\Alex\AppData\Roaming\Mozilla\Firefox\Profiles\811wv9ly.default\Extensions\firebug@software.joehewitt.com.xpi
FF Extension: tab-width - C:\Users\Alex\AppData\Roaming\Mozilla\Firefox\Profiles\811wv9ly.default\Extensions\tab-width@design-noir.de.xpi
FF Extension: youtubeunblocker - C:\Users\Alex\AppData\Roaming\Mozilla\Firefox\Profiles\811wv9ly.default\Extensions\youtubeunblocker@unblocker.yt.xpi
FF Extension: No Name - C:\Users\Alex\AppData\Roaming\Mozilla\Firefox\Profiles\811wv9ly.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
FF Extension: No Name - C:\Users\Alex\AppData\Roaming\Mozilla\Firefox\Profiles\811wv9ly.default\Extensions\{fe272bd1-5f76-4ea4-8501-a05d35d823fc}.xpi
FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}
FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}
FF Extension: Default - C:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF HKLM\...\Firefox\Extensions: [{FFB96CC1-7EB3-449D-B827-DB661701C6BB}] C:\Program Files\CheckPoint\ZAForceField\TrustChecker
FF Extension: ZoneAlarm Security Engine - C:\Program Files\CheckPoint\ZAForceField\TrustChecker
Chrome:
=======
CHR RestoreOnStartup: "hxxp://beta.gface.com/"
CHR DefaultSearchURL: (Google) - {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}
CHR DefaultSuggestURL: (Google) - {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParameter}
CHR Plugin: (Shockwave Flash) - C:\Program Files\Google\Chrome\Application\27.0.1453.110\PepperFlash\pepflashplayer.dll No File
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files\Google\Chrome\Application\27.0.1453.110\ppGoogleNaClPluginChrome.dll No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files\Google\Chrome\Application\27.0.1453.110\pdf.dll No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Reader 11.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (2007 Microsoft Office system) - C:\Program Files\Mozilla Firefox\plugins\NPOFF12.DLL (Microsoft Corporation)
CHR Plugin: (Winamp Application Detector) - C:\Program Files\Mozilla Firefox\plugins\npwachk.dll (Nullsoft, Inc.)
CHR Plugin: (getPlusPlus for Adobe 16260) - C:\Program Files\Mozilla Firefox\plugins\np_gp.dll (NOS Microsystems Ltd.)
CHR Plugin: (npFFApi) - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\npFFApi.dll ()
CHR Plugin: (Google Update) - C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll No File
CHR Plugin: (Java(TM) Platform SE 7 U13) - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
CHR Plugin: (Pando Web Plugin) - C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
CHR Plugin: (Nexon Game Controller) - C:\ProgramData\NexonEU\NGM\npNxGameeu.dll (Nexon)
CHR Plugin: (Unity Player) - C:\Users\Alex\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
CHR Plugin: (Shockwave Flash) - C:\Windows\system32\Macromed\Flash\NPSWF32_11_5_502_149.dll No File
CHR Plugin: (Java Deployment Toolkit 7.0.130.20) - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
CHR Extension: (Google Docs) - C:\Users\Alex\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0
CHR Extension: (Google Drive) - C:\Users\Alex\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0
CHR Extension: (YouTube) - C:\Users\Alex\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0
CHR Extension: (Google Search) - C:\Users\Alex\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0
CHR Extension: (GFACE Experience Plugin) - C:\Users\Alex\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejdlfmdbdibkbfdpjocdaolcheehmpol\0.29.0_0
CHR Extension: (Gmail) - C:\Users\Alex\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0
========================== Services (Whitelisted) =================
S3 getPlusHelper; C:\Program Files\NOS\bin\getPlus_Helper.dll [67360 2009-12-17] (NOS Microsystems Ltd.)
R2 HiPatchService; C:\_Gamez\Smite\HiPatchService.exe [9216 2013-04-23] (Hi-Rez Studios)
R2 HTCMonitorService; C:\Program Files\HTC\HTC Sync Manager\HSMServiceEntry.exe [87368 2013-01-29] (Nero AG)
R2 HWDeviceService.exe; C:\ProgramData\DatacardService\HWDeviceService.exe [271712 2011-03-14] ()
R2 IswSvc; C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe [497320 2012-08-30] (Check Point Software Technologies)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [22208 2013-06-20] (Microsoft Corporation)
R2 NAUpdate; C:\Program Files\Nero\Update\NASvc.exe [769432 2012-07-13] (Nero AG)
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [295376 2013-06-20] (Microsoft Corporation)
R2 PassThru Service; C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe [167424 2012-12-07] ()
R2 PnkBstrA; C:\Windows\system32\PnkBstrA.exe [75136 2011-06-01] ()
S3 TunngleService; C:\Program Files\Tunngle\TnglCtrl.exe [745368 2012-11-26] (Tunngle.net GmbH)
R2 UMVPFSrv; C:\Program Files\Common Files\logishrd\LVMVFM\UMVPFSrv.exe [450848 2012-01-18] (Logitech Inc.)
R2 VMAuthdService; C:\Program Files\VMware\VMware Player\vmware-authd.exe [79872 2011-11-13] (VMware, Inc.)
R2 VMnetDHCP; C:\Windows\system32\vmnetdhcp.exe [354416 2011-11-14] (VMware, Inc.)
R2 VMUSBArbService; C:\Program Files\Common Files\VMware\USB\vmware-usbarbitrator.exe [665200 2011-08-29] (VMware, Inc.)
R2 VMware NAT Service; C:\Windows\system32\vmnat.exe [433264 2011-11-14] (VMware, Inc.)
R2 vsmon; C:\Program Files\CheckPoint\ZoneAlarm\vsmon.exe [2447440 2012-10-09] (Check Point Software Technologies LTD)
S3 Hamachi2Svc; "C:\Program Files\LogMeIn Hamachi\hamachi-2.exe" -s [x]
==================== Drivers (Whitelisted) ====================
R2 atksgt; C:\Windows\System32\DRIVERS\atksgt.sys [281760 2013-06-30] ()
R3 CompFilter; C:\Windows\System32\DRIVERS\lvbusflt.sys [22176 2012-01-18] (Logitech Inc.)
R1 ElbyCDIO; C:\Windows\System32\Drivers\ElbyCDIO.sys [26024 2009-12-18] (Elaborate Bytes AG)
S3 ENTECH; C:\Windows\system32\DRIVERS\ENTECH.sys [27672 2008-09-17] (EnTech Taiwan)
S3 FsUsbExDisk; C:\Windows\system32\FsUsbExDisk.SYS [36640 2010-03-26] ()
S3 hamachi; C:\Windows\System32\DRIVERS\hamachi.sys [26176 2009-03-18] (LogMeIn, Inc.)
R2 hcmon; C:\Windows\system32\drivers\hcmon.sys [32496 2011-08-29] (VMware, Inc.)
S3 htcnprot; C:\Windows\System32\DRIVERS\htcnprot.sys [23040 2012-09-25] (Windows (R) Win 7 DDK provider)
S3 huawei_cdcacm; C:\Windows\System32\DRIVERS\ew_jucdcacm.sys [90368 2012-04-19] (Huawei Technologies Co., Ltd.)
S3 huawei_ext_ctrl; C:\Windows\System32\DRIVERS\ew_juextctrl.sys [26624 2012-04-19] (Huawei Technologies Co., Ltd.)
S3 huawei_wwanecm; C:\Windows\System32\DRIVERS\ew_juwwanecm.sys [181760 2012-04-19] (Huawei Technologies Co., Ltd.)
R2 ISWKL; C:\Program Files\CheckPoint\ZAForceField\ISWKL.sys [27056 2012-08-30] (Check Point Software Technologies)
S3 KoneFltr; C:\Windows\System32\drivers\Kone.sys [13056 2008-12-11] (ROCCAT Ltd)
R3 LEqdUsb; C:\Windows\System32\Drivers\LEqdUsb.Sys [42648 2011-09-02] (Logitech, Inc.)
R3 LHidEqd; C:\Windows\System32\Drivers\LHidEqd.Sys [12184 2011-09-02] (Logitech, Inc.)
R2 lirsgt; C:\Windows\System32\DRIVERS\lirsgt.sys [25888 2013-06-30] ()
R3 LMouFilt; C:\Windows\System32\DRIVERS\LMouFilt.Sys [39192 2011-09-02] (Logitech, Inc.)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [211560 2013-06-18] (Microsoft Corporation)
R3 SCREAMINGBDRIVER; C:\Windows\System32\drivers\ScreamingBAudio.sys [34384 2009-11-26] (Screaming Bee LLC)
R0 sptd; C:\Windows\System32\Drivers\sptd.sys [691696 2010-02-02] ()
S3 tap0901t; C:\Windows\System32\DRIVERS\tap0901t.sys [27136 2009-09-16] (Tunngle.net)
R3 VIAHdAudAddService; C:\Windows\System32\drivers\viahduaa.sys [1086976 2009-09-17] (VIA Technologies, Inc.)
R3 vmkbd; C:\Windows\system32\drivers\VMkbd.sys [25584 2011-11-14] (VMware, Inc.)
S3 VMnetAdapter; C:\Windows\System32\DRIVERS\vmnetadapter.sys [16624 2011-11-13] (VMware, Inc.)
R2 VMnetBridge; C:\Windows\System32\DRIVERS\vmnetbridge.sys [36464 2011-11-13] (VMware, Inc.)
R2 VMnetuserif; C:\Windows\system32\drivers\vmnetuserif.sys [25712 2011-11-14] (VMware, Inc.)
R2 VMparport; C:\Windows\system32\Drivers\VMparport.sys [23792 2011-11-14] (VMware, Inc.)
R2 vmx86; C:\Windows\system32\Drivers\vmx86.sys [55664 2011-11-14] (VMware, Inc.)
R1 Vsdatant; C:\Windows\System32\DRIVERS\vsdatant.sys [455256 2011-05-07] (Check Point Software Technologies LTD)
S3 wod0205; C:\Windows\System32\DRIVERS\wod0205.sys [28936 2011-04-23] (WeOnlyDo Software)
S3 xnacc; C:\Windows\System32\DRIVERS\xnacc.sys [465408 2009-07-14] (Microsoft Corporation)
U3 a68rqjyf; C:\Windows\System32\Drivers\a68rqjyf.sys [0 ] (Microsoft Corporation)
S3 catchme; \??\C:\Users\Alex\AppData\Local\Temp\catchme.sys [x]
S3 cpuz130; \??\C:\Users\Alex\AppData\Local\Temp\cpuz130\cpuz_x32.sys [x]
S3 EagleNT; \??\C:\Windows\system32\drivers\EagleNT.sys [x]
S3 EagleXNt; \??\C:\Windows\system32\drivers\EagleXNt.sys [x]
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2013-07-14 16:12 - 2013-07-14 16:12 - 01218214 _____ (Farbar) C:\Users\Alex\Desktop\FRST.exe
2013-07-14 14:28 - 2013-07-14 14:33 - 00011319 _____ C:\Users\Alex\Desktop\Abi-Rechnung.xlsx
2013-07-14 09:41 - 2013-07-14 09:41 - 00000000 ____D C:\Program Files\ESET
2013-07-13 18:33 - 2013-07-13 18:33 - 00000000 ____D C:\Windows\ERUNT
2013-07-13 12:11 - 2013-07-13 18:37 - 00000000 ____D C:\Users\Alex\Desktop\hotkeys_2.11
2013-07-13 12:10 - 2013-07-13 12:31 - 00000744 _____ C:\Users\Alex\Desktop\zoidberg.txt
2013-07-13 09:58 - 2013-07-13 10:12 - 00000000 ____D C:\Qoobox
2013-07-13 09:58 - 2011-06-26 08:45 - 00256000 _____ C:\Windows\PEV.exe
2013-07-13 09:58 - 2010-11-07 19:20 - 00208896 _____ C:\Windows\MBR.exe
2013-07-13 09:58 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2013-07-13 09:58 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2013-07-13 09:58 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2013-07-13 09:58 - 2000-08-31 02:00 - 00098816 _____ C:\Windows\sed.exe
2013-07-13 09:58 - 2000-08-31 02:00 - 00080412 _____ C:\Windows\grep.exe
2013-07-13 09:58 - 2000-08-31 02:00 - 00068096 _____ C:\Windows\zip.exe
2013-07-13 09:57 - 2013-07-13 10:11 - 00000000 ____D C:\Windows\erdnt
2013-07-13 09:56 - 2013-07-14 16:10 - 00000000 ____D C:\Users\Alex\Desktop\Antivirus
2013-07-12 11:30 - 2013-07-12 11:30 - 00000000 ____D C:\FRST
2013-07-11 15:14 - 2013-07-11 15:17 - 00000000 ____D C:\Windows\system32\MRT
2013-07-10 10:17 - 2013-06-12 01:43 - 14329856 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-07-10 10:17 - 2013-06-12 01:43 - 02877440 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-07-10 10:17 - 2013-06-12 01:43 - 01767936 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-07-10 10:17 - 2013-06-12 01:43 - 01141248 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-07-10 10:17 - 2013-06-12 01:43 - 00690688 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-07-10 10:17 - 2013-06-12 01:43 - 00493056 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-07-10 10:17 - 2013-06-12 01:43 - 00042496 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-07-10 10:17 - 2013-06-12 01:43 - 00039424 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-07-10 10:17 - 2013-06-12 01:42 - 13760512 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-07-10 10:17 - 2013-06-12 01:42 - 02046976 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-07-10 10:17 - 2013-06-12 01:42 - 00391168 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-07-10 10:17 - 2013-06-12 01:42 - 00109056 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2013-07-10 10:17 - 2013-06-12 01:42 - 00061440 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-07-10 10:17 - 2013-06-12 01:42 - 00033280 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-07-10 10:17 - 2013-06-12 00:51 - 00071680 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2013-07-10 10:17 - 2013-06-07 04:37 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-07-10 10:15 - 2013-07-10 10:15 - 00001144 _____ C:\Users\Alex\Desktop\HotlineMiami.lnk
2013-07-10 10:10 - 2013-06-05 05:05 - 02347520 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2013-07-10 10:10 - 2013-06-04 06:53 - 00509440 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2013-07-10 10:10 - 2013-05-06 06:56 - 01620480 _____ (Microsoft Corporation) C:\Windows\system32\WMVDECOD.DLL
2013-07-10 10:10 - 2013-04-10 01:34 - 01247744 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2013-07-05 13:51 - 2013-07-05 13:52 - 00001971 _____ C:\Users\Alex\Desktop\MediathekView.lnk
2013-07-03 21:21 - 2013-07-03 21:21 - 00000000 ____D C:\Program Files\Mozilla Firefox
2013-07-03 19:13 - 2013-07-04 16:24 - 00000000 ____D C:\Users\Alex\MediathekView
2013-07-03 19:08 - 2013-07-03 19:08 - 00000000 ____D C:\Users\Alex\.mediathek3
2013-07-03 19:08 - 2013-07-03 19:08 - 00000000 ____D C:\Program Files\MediathekView_3.2.1
2013-06-30 20:38 - 2013-06-30 20:38 - 00000000 ____D C:\Users\Alex\Documents\naild
2013-06-30 20:23 - 2013-06-30 20:23 - 00001551 _____ C:\Users\Public\Desktop\Nail'd.lnk
2013-06-30 20:05 - 2013-06-30 20:05 - 00281760 _____ C:\Windows\system32\Drivers\atksgt.sys
2013-06-30 20:05 - 2013-06-30 20:05 - 00025888 _____ C:\Windows\system32\Drivers\lirsgt.sys
2013-06-26 15:00 - 2013-06-26 15:00 - 00000930 _____ C:\Users\Public\Desktop\calibre - E-book management.lnk
2013-06-21 21:05 - 2013-06-21 21:05 - 00004932 _____ C:\Windows\system32\jupdate-1.7.0_25-b16.log
2013-06-21 21:05 - 2013-06-12 21:48 - 00094632 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge.dll
2013-06-21 21:05 - 2013-06-12 21:43 - 00263592 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
2013-06-21 21:05 - 2013-06-12 21:43 - 00175016 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe
2013-06-21 21:05 - 2013-06-12 21:43 - 00175016 _____ (Oracle Corporation) C:\Windows\system32\java.exe
2013-06-18 21:50 - 2013-06-18 21:50 - 00211560 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\MpFilter.sys
==================== One Month Modified Files and Folders =======
2013-07-14 16:15 - 2010-10-09 12:26 - 00000000 ____D C:\Users\Alex\AppData\Local\PMB Files
2013-07-14 16:13 - 2009-12-21 23:11 - 00000000 ___RD C:\Users\Alex\Desktop
2013-07-14 16:12 - 2013-07-14 16:12 - 01218214 _____ (Farbar) C:\Users\Alex\Desktop\FRST.exe
2013-07-14 16:10 - 2013-07-13 09:56 - 00000000 ____D C:\Users\Alex\Desktop\Antivirus
2013-07-14 16:01 - 2013-02-23 15:41 - 00001094 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-07-14 16:00 - 2012-10-18 19:43 - 00000000 ____D C:\Users\Alex\AppData\Roaming\Skype
2013-07-14 15:58 - 2013-05-21 11:07 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-07-14 15:40 - 2009-12-22 12:52 - 00374689 _____ C:\Windows\setupact.log
2013-07-14 14:33 - 2013-07-14 14:28 - 00011319 _____ C:\Users\Alex\Desktop\Abi-Rechnung.xlsx
2013-07-14 13:33 - 2010-10-09 12:26 - 00000000 ____D C:\ProgramData\PMB Files
2013-07-14 12:39 - 2009-12-21 22:59 - 01407327 _____ C:\Windows\WindowsUpdate.log
2013-07-14 10:01 - 2013-02-23 15:41 - 00001090 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-07-14 09:42 - 2009-12-21 23:10 - 01620094 _____ C:\Windows\system32\PerfStringBackup.INI
2013-07-14 09:41 - 2013-07-14 09:41 - 00000000 ____D C:\Program Files\ESET
2013-07-14 09:38 - 2009-07-14 06:34 - 00014800 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-07-14 09:38 - 2009-07-14 06:34 - 00014800 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-07-14 09:31 - 2012-12-08 14:23 - 00000000 ____D C:\Users\Alex\AppData\Local\HTC MediaHub
2013-07-14 09:31 - 2011-12-31 18:13 - 00000000 ____D C:\ProgramData\VMware
2013-07-14 09:30 - 2009-07-14 06:53 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-07-13 18:37 - 2013-07-13 12:11 - 00000000 ____D C:\Users\Alex\Desktop\hotkeys_2.11
2013-07-13 18:33 - 2013-07-13 18:33 - 00000000 ____D C:\Windows\ERUNT
2013-07-13 18:28 - 2009-12-22 12:51 - 00000000 ____D C:\Users\Alex\AppData\Roaming\CheckPoint
2013-07-13 18:26 - 2010-06-20 22:07 - 00000000 ____D C:\ProgramData\ICQ
2013-07-13 18:26 - 2010-03-24 14:45 - 00000000 ____D C:\Program Files\Common Files\DVDVideoSoft
2013-07-13 15:41 - 2010-05-20 18:22 - 00000000 ____D C:\Users\Alex\AppData\Roaming\TS3Client
2013-07-13 13:04 - 2010-05-15 17:23 - 00000000 ____D C:\Program Files\Steam
2013-07-13 12:41 - 2010-05-15 17:23 - 00000000 ____D C:\Program Files\Common Files\Steam
2013-07-13 12:31 - 2013-07-13 12:10 - 00000744 _____ C:\Users\Alex\Desktop\zoidberg.txt
2013-07-13 10:32 - 2009-12-22 13:53 - 00170650 _____ C:\Windows\PFRO.log
2013-07-13 10:12 - 2013-07-13 09:58 - 00000000 ____D C:\Qoobox
2013-07-13 10:12 - 2009-07-14 04:37 - 00000000 __RHD C:\Users\Default
2013-07-13 10:12 - 2009-07-14 04:37 - 00000000 ___RD C:\Users\Public
2013-07-13 10:11 - 2013-07-13 09:57 - 00000000 ____D C:\Windows\erdnt
2013-07-13 10:11 - 2009-07-14 04:04 - 00000215 _____ C:\Windows\system.ini
2013-07-12 11:30 - 2013-07-12 11:30 - 00000000 ____D C:\FRST
2013-07-12 11:25 - 2012-10-18 20:12 - 00000000 ___RD C:\Program Files\Skype
2013-07-12 11:25 - 2009-12-26 12:38 - 00000000 ____D C:\ProgramData\Skype
2013-07-11 19:38 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\Microsoft.NET
2013-07-11 15:17 - 2013-07-11 15:14 - 00000000 ____D C:\Windows\system32\MRT
2013-07-10 15:18 - 2012-12-29 18:06 - 00000000 ____D C:\ProgramData\LightScribe
2013-07-10 14:56 - 2012-10-30 19:57 - 00001912 _____ C:\Windows\epplauncher.mif
2013-07-10 14:49 - 2012-10-30 19:56 - 00000000 ____D C:\Program Files\Microsoft Security Client
2013-07-10 13:17 - 2009-07-14 06:33 - 03803248 _____ C:\Windows\system32\FNTCACHE.DAT
2013-07-10 10:43 - 2009-07-14 10:56 - 00000000 ____D C:\Program Files\Windows Journal
2013-07-10 10:43 - 2009-07-14 06:52 - 00000000 ____D C:\Program Files\Windows Defender
2013-07-10 10:17 - 2009-12-26 12:50 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-07-10 10:15 - 2013-07-10 10:15 - 00001144 _____ C:\Users\Alex\Desktop\HotlineMiami.lnk
2013-07-10 10:15 - 2009-12-23 21:26 - 00000000 ____D C:\_Gamez
2013-07-05 20:23 - 2009-12-22 12:42 - 00000000 ____D C:\Users\Alex\AppData\Roaming\vlc
2013-07-05 13:52 - 2013-07-05 13:51 - 00001971 _____ C:\Users\Alex\Desktop\MediathekView.lnk
2013-07-04 16:24 - 2013-07-03 19:13 - 00000000 ____D C:\Users\Alex\MediathekView
2013-07-04 16:20 - 2012-04-25 16:50 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service
2013-07-03 21:21 - 2013-07-03 21:21 - 00000000 ____D C:\Program Files\Mozilla Firefox
2013-07-03 19:13 - 2009-12-21 23:11 - 00000000 ____D C:\Users\Alex
2013-07-03 19:08 - 2013-07-03 19:08 - 00000000 ____D C:\Users\Alex\.mediathek3
2013-07-03 19:08 - 2013-07-03 19:08 - 00000000 ____D C:\Program Files\MediathekView_3.2.1
2013-06-30 20:38 - 2013-06-30 20:38 - 00000000 ____D C:\Users\Alex\Documents\naild
2013-06-30 20:23 - 2013-06-30 20:23 - 00001551 _____ C:\Users\Public\Desktop\Nail'd.lnk
2013-06-30 20:23 - 2009-07-14 04:37 - 00000000 __RHD C:\Users\Public\Desktop
2013-06-30 20:05 - 2013-06-30 20:05 - 00281760 _____ C:\Windows\system32\Drivers\atksgt.sys
2013-06-30 20:05 - 2013-06-30 20:05 - 00025888 _____ C:\Windows\system32\Drivers\lirsgt.sys
2013-06-30 19:57 - 2009-12-22 13:52 - 00000000 ___HD C:\Program Files\InstallShield Installation Information
2013-06-30 19:54 - 2010-01-08 16:19 - 00000000 ____D C:\Users\Alex\AppData\Roaming\dvdcss
2013-06-26 15:01 - 2012-05-02 19:26 - 00000000 ____D C:\Program Files\Calibre2
2013-06-26 15:00 - 2013-06-26 15:00 - 00000930 _____ C:\Users\Public\Desktop\calibre - E-book management.lnk
2013-06-24 00:37 - 2009-12-24 13:31 - 75733144 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2013-06-23 17:57 - 2010-06-14 15:31 - 00000000 ____D C:\Program Files\JDownloader
2013-06-22 13:25 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\rescache
2013-06-21 21:05 - 2013-06-21 21:05 - 00004932 _____ C:\Windows\system32\jupdate-1.7.0_25-b16.log
2013-06-21 21:05 - 2013-05-04 20:24 - 00000000 ____D C:\Program Files\Java
2013-06-19 19:29 - 2013-06-06 16:16 - 00000000 ____D C:\Users\Alex\AppData\Roaming\RIFT
2013-06-18 21:50 - 2013-06-18 21:50 - 00211560 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\MpFilter.sys
2013-06-18 21:50 - 2012-08-30 23:03 - 00107392 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\NisDrvWFP.sys
2013-06-16 17:45 - 2009-12-26 14:01 - 00000000 ____D C:\Users\Alex\Documents\My Games
==================== Bamital & volsnap Check =================
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
LastRegBack: 2013-07-13 14:19
==================== End Of Log ============================
mit freundlichen Grüßen GuitarFreak |
|
14.07.2013, 18:45
| #10 | |
| /// the machine /// TB-Ausbilder | Virenfund unter Desinfect Das mit dem Proxy mach ich jetzt. Zitat:
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
15.07.2013, 07:48
| #11 |
| | Virenfund unter Desinfect Hi, sorry, soll ich das jetzt einfach normal runterlöschen? Weil das Programm hatte das ja irgendwie als Virus erkannt? Das mit den Cracks geht in Ordnung, war von nem Kumpel das Spiel, hatte es halt auch mal antesten wollen  Mit freundlichen Grüßen GuitarFreak |
|
15.07.2013, 08:16
| #12 |
| /// the machine /// TB-Ausbilder | Virenfund unter Desinfect Einfach löschen und frisches FRST log bitte.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
15.07.2013, 09:35
| #13 |
| | Virenfund unter Desinfect Hi, Hier das Log: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 14-07-2013
Ran by Alex (administrator) on 15-07-2013 10:28:59
Running from C:\Users\Alex\Desktop
Microsoft Windows 7 Home Premium Service Pack 1 (X86) OS Language: German Standard
Internet Explorer Version 10
Boot Mode: Normal
==================== Processes (Whitelisted) ===================
(Microsoft Corporation) c:\Program Files\Microsoft Security Client\MsMpEng.exe
(AMD) C:\Windows\system32\atiesrxx.exe
(Logitech Inc.) C:\Program Files\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
(AMD) C:\Windows\system32\atieclxx.exe
(Check Point Software Technologies LTD) C:\Program Files\CheckPoint\ZoneAlarm\vsmon.exe
(Check Point Software Technologies) C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe
(Hi-Rez Studios) C:\_Gamez\Smite\HiPatchService.exe
(Nero AG) C:\Program Files\HTC\HTC Sync Manager\HSMServiceEntry.exe
() C:\ProgramData\DatacardService\HWDeviceService.exe
(Hewlett-Packard Company) C:\Program Files\Common Files\LightScribe\LSSrvc.exe
() C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe
() C:\Windows\system32\PnkBstrA.exe
(TeamViewer GmbH) C:\Program Files\TeamViewer\Version7\TeamViewer_Service.exe
(VMware, Inc.) C:\Program Files\Common Files\VMware\USB\vmware-usbarbitrator.exe
(VMware, Inc.) C:\Windows\system32\vmnat.exe
(VMware, Inc.) C:\Windows\system32\vmnetdhcp.exe
(VMware, Inc.) C:\Program Files\VMware\VMware Player\vmware-authd.exe
(Check Point Software Technologies) C:\Program Files\CheckPoint\ZAForceField\ForceField.exe
(Huawei Technologies Co., Ltd.) C:\ProgramData\DatacardService\DCSHelper.exe
(VIA) C:\Program Files\VIA\VIAudioi\VDeck\VDeck.exe
(Check Point Software Technologies LTD) C:\Program Files\CheckPoint\ZoneAlarm\zatray.exe
(Logitech, Inc.) C:\Program Files\Logitech\SetPointP\SetPoint.exe
(Logitech Inc.) C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe
() C:\Program Files\Logitech\LWS\Webcam Software\CameraHelperShell.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Logitech, Inc.) C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE
(Advanced Micro Devices Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
() C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
(Microsoft Corporation) c:\Program Files\Microsoft Security Client\NisSrv.exe
() C:\Program Files\HTC\HTC Sync Manager\HTC Sync\adb.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Skype Technologies S.A.) C:\Program Files\Skype\Phone\Skype.exe
(ATI Technologies Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(AMD) C:\Program Files\ATI Technologies\HydraVision\HydraDM.exe
(Nero AG) C:\Program Files\Nero\Update\NASvc.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe
() C:\_Gamez\League of Legends\League of Legends\RADS\system\rads_user_kernel.exe
() C:\Program Files\Pando Networks\Media Booster\PMB.exe
() C:\_Gamez\League of Legends\League of Legends\RADS\projects\lol_launcher\releases\0.0.0.173\deploy\LoLLauncher.exe
() C:\_Gamez\League of Legends\League of Legends\RADS\projects\lol_air_client\releases\0.0.1.31\deploy\LolClient.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Windows\system32\AUDIODG.EXE
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\plugin-container.exe
(Adobe Systems, Inc.) C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe
(Adobe Systems, Inc.) C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [HDAudDeck] - C:\Program Files\VIA\VIAudioi\VDeck\VDeck.exe -r [1681408 2009-09-21] (VIA)
HKLM\...\Run: [ZoneAlarm] - "C:\Program Files\CheckPoint\ZoneAlarm\zatray.exe" [73392 2012-10-09] (Check Point Software Technologies LTD)
HKLM\...\Run: [EvtMgr6] - C:\Program Files\Logitech\SetPointP\SetPoint.exe /launchGaming [1387288 2011-10-07] (Logitech, Inc.)
HKLM\...\Run: [LWS] - C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe -hide [205336 2011-11-11] (Logitech Inc.)
HKLM\...\Run: [MSC] - "C:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey [995176 2013-06-20] (Microsoft Corporation)
HKLM\...\Run: [StartCCC] - "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun [642728 2012-09-28] (Advanced Micro Devices, Inc.)
HKLM\...\Run: [Adobe ARM] - "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM\...\Run: [SunJavaUpdateSched] - "C:\Program Files\Common Files\Java\Java Update\jusched.exe" [253816 2013-03-12] (Oracle Corporation)
HKLM\...\Run: [ISW] - C:\Program Files\CheckPoint\ZAForceField\ForceField.exe /icon="hidden" [738984 2012-08-30] (Check Point Software Technologies)
Winlogon\Notify\LBTWlgn: c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll [X]
HKCU\...\Run: [Skype] - "C:\Program Files\Skype\Phone\Skype.exe" /minimized /regrun [19875432 2013-06-21] (Skype Technologies S.A.)
HKCU\...\Run: [HydraVisionDesktopManager] - "C:\Program Files\ATI Technologies\HydraVision\HydraDM.exe" [393216 2010-07-06] (AMD)
HKU\Default\...\RunOnce: [mctadmin] - C:\Windows\System32\mctadmin.exe [ 2009-07-14] (Microsoft Corporation)
HKU\Default User\...\RunOnce: [mctadmin] - C:\Windows\System32\mctadmin.exe [ 2009-07-14] (Microsoft Corporation)
==================== Internet (Whitelisted) ====================
ProxyServer: 212.227.80.22:3128
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
StartMenuInternet: IEXPLORE.EXE - "C:\Program Files\Internet Explorer\iexplore.exe"
SearchScopes: HKCU - {E21DDF5B-1FF9-4E6C-AAD9-925E3CE0876D} URL = hxxp://de.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&type=302398&p={searchTerms}
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: ZoneAlarm Security Engine Registrar - {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - ZoneAlarm Security Engine - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
Toolbar: HKCU -ZoneAlarm Security Engine - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
Winsock: Catalog9 11 %SystemRoot%\system32\vsocklib.dll [63088] (VMware, Inc.)
Winsock: Catalog9 12 %SystemRoot%\system32\vsocklib.dll [63088] (VMware, Inc.)
Tcpip\..\Interfaces\{633454F3-C13E-4013-8629-79DB16C0ADA2}: [NameServer]83.169.186.33,83.169.186.97
FireFox:
========
FF ProfilePath: C:\Users\Alex\AppData\Roaming\Mozilla\Firefox\Profiles\811wv9ly.default
FF Homepage: youtube.de
FF Keyword.URL: hxxp://www.google.com/search?ie=UTF-8&oe=UTF-8&sourceid=navclient&gfns=1&q=
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_11_7_700_224.dll ()
FF Plugin: @divx.com/DivX Browser Plugin,version=1.0.0 - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll No File
FF Plugin: @gamersfirst.com/LiveLauncher - C:\Program Files\GamersFirst\LIVE!\nplivelauncher.dll No File
FF Plugin: @java.com/DTPlugin,version=10.25.2 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.25.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @ngm.nexoneu.com/NxGame - C:\ProgramData\NexonEU\NGM\npNxGameeu.dll (Nexon)
FF Plugin: @pandonetworks.com/PandoWebPlugin - C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @videolan.org/vlc,version=2.0.5 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @unity3d.com/UnityPlayer,version=1.0 - C:\Users\Alex\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF Plugin HKCU: pandonetworks.com/PandoWebPlugin - C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF SearchPlugin: C:\Users\Alex\AppData\Roaming\Mozilla\Firefox\Profiles\811wv9ly.default\searchplugins\dictcc.xml
FF SearchPlugin: C:\Users\Alex\AppData\Roaming\Mozilla\Firefox\Profiles\811wv9ly.default\searchplugins\ixquick-http---deutsch.xml
FF SearchPlugin: C:\Users\Alex\AppData\Roaming\Mozilla\Firefox\Profiles\811wv9ly.default\searchplugins\wolframalpha.xml
FF Extension: No Name - C:\Users\Alex\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
FF Extension: GFACE Experience Plugin - C:\Users\Alex\AppData\Roaming\Mozilla\Firefox\Profiles\811wv9ly.default\Extensions\cryenginebrowserplugin@crytek.com
FF Extension: ProxTube - Gesperrte YouTube Videos entsperren - C:\Users\Alex\AppData\Roaming\Mozilla\Firefox\Profiles\811wv9ly.default\Extensions\ich@maltegoetz.de
FF Extension: LastPass - C:\Users\Alex\AppData\Roaming\Mozilla\Firefox\Profiles\811wv9ly.default\Extensions\support@lastpass.com
FF Extension: faviconizetab - C:\Users\Alex\AppData\Roaming\Mozilla\Firefox\Profiles\811wv9ly.default\Extensions\faviconizetab@espion.just-size.jp.xpi
FF Extension: firebug - C:\Users\Alex\AppData\Roaming\Mozilla\Firefox\Profiles\811wv9ly.default\Extensions\firebug@software.joehewitt.com.xpi
FF Extension: tab-width - C:\Users\Alex\AppData\Roaming\Mozilla\Firefox\Profiles\811wv9ly.default\Extensions\tab-width@design-noir.de.xpi
FF Extension: youtubeunblocker - C:\Users\Alex\AppData\Roaming\Mozilla\Firefox\Profiles\811wv9ly.default\Extensions\youtubeunblocker@unblocker.yt.xpi
FF Extension: No Name - C:\Users\Alex\AppData\Roaming\Mozilla\Firefox\Profiles\811wv9ly.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
FF Extension: No Name - C:\Users\Alex\AppData\Roaming\Mozilla\Firefox\Profiles\811wv9ly.default\Extensions\{fe272bd1-5f76-4ea4-8501-a05d35d823fc}.xpi
FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}
FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}
FF Extension: Default - C:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF HKLM\...\Firefox\Extensions: [{FFB96CC1-7EB3-449D-B827-DB661701C6BB}] C:\Program Files\CheckPoint\ZAForceField\TrustChecker
FF Extension: ZoneAlarm Security Engine - C:\Program Files\CheckPoint\ZAForceField\TrustChecker
Chrome:
=======
CHR RestoreOnStartup: "hxxp://beta.gface.com/"
CHR DefaultSearchURL: (Google) - {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}
CHR DefaultSuggestURL: (Google) - {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParameter}
CHR Plugin: (Shockwave Flash) - C:\Program Files\Google\Chrome\Application\27.0.1453.110\PepperFlash\pepflashplayer.dll No File
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files\Google\Chrome\Application\27.0.1453.110\ppGoogleNaClPluginChrome.dll No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files\Google\Chrome\Application\27.0.1453.110\pdf.dll No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Reader 11.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (2007 Microsoft Office system) - C:\Program Files\Mozilla Firefox\plugins\NPOFF12.DLL (Microsoft Corporation)
CHR Plugin: (Winamp Application Detector) - C:\Program Files\Mozilla Firefox\plugins\npwachk.dll (Nullsoft, Inc.)
CHR Plugin: (getPlusPlus for Adobe 16260) - C:\Program Files\Mozilla Firefox\plugins\np_gp.dll (NOS Microsystems Ltd.)
CHR Plugin: (npFFApi) - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\npFFApi.dll ()
CHR Plugin: (Google Update) - C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll No File
CHR Plugin: (Java(TM) Platform SE 7 U13) - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
CHR Plugin: (Pando Web Plugin) - C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
CHR Plugin: (Nexon Game Controller) - C:\ProgramData\NexonEU\NGM\npNxGameeu.dll (Nexon)
CHR Plugin: (Unity Player) - C:\Users\Alex\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
CHR Plugin: (Shockwave Flash) - C:\Windows\system32\Macromed\Flash\NPSWF32_11_5_502_149.dll No File
CHR Plugin: (Java Deployment Toolkit 7.0.130.20) - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
CHR Extension: (Google Docs) - C:\Users\Alex\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0
CHR Extension: (Google Drive) - C:\Users\Alex\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0
CHR Extension: (YouTube) - C:\Users\Alex\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0
CHR Extension: (Google Search) - C:\Users\Alex\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0
CHR Extension: (GFACE Experience Plugin) - C:\Users\Alex\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejdlfmdbdibkbfdpjocdaolcheehmpol\0.29.0_0
CHR Extension: (Gmail) - C:\Users\Alex\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0
========================== Services (Whitelisted) =================
S3 getPlusHelper; C:\Program Files\NOS\bin\getPlus_Helper.dll [67360 2009-12-17] (NOS Microsystems Ltd.)
R2 HiPatchService; C:\_Gamez\Smite\HiPatchService.exe [9216 2013-04-23] (Hi-Rez Studios)
R2 HTCMonitorService; C:\Program Files\HTC\HTC Sync Manager\HSMServiceEntry.exe [87368 2013-01-29] (Nero AG)
R2 HWDeviceService.exe; C:\ProgramData\DatacardService\HWDeviceService.exe [271712 2011-03-14] ()
R2 IswSvc; C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe [497320 2012-08-30] (Check Point Software Technologies)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [22208 2013-06-20] (Microsoft Corporation)
R2 NAUpdate; C:\Program Files\Nero\Update\NASvc.exe [769432 2012-07-13] (Nero AG)
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [295376 2013-06-20] (Microsoft Corporation)
R2 PassThru Service; C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe [167424 2012-12-07] ()
R2 PnkBstrA; C:\Windows\system32\PnkBstrA.exe [75136 2011-06-01] ()
S3 TunngleService; C:\Program Files\Tunngle\TnglCtrl.exe [745368 2012-11-26] (Tunngle.net GmbH)
R2 UMVPFSrv; C:\Program Files\Common Files\logishrd\LVMVFM\UMVPFSrv.exe [450848 2012-01-18] (Logitech Inc.)
R2 VMAuthdService; C:\Program Files\VMware\VMware Player\vmware-authd.exe [79872 2011-11-13] (VMware, Inc.)
R2 VMnetDHCP; C:\Windows\system32\vmnetdhcp.exe [354416 2011-11-14] (VMware, Inc.)
R2 VMUSBArbService; C:\Program Files\Common Files\VMware\USB\vmware-usbarbitrator.exe [665200 2011-08-29] (VMware, Inc.)
R2 VMware NAT Service; C:\Windows\system32\vmnat.exe [433264 2011-11-14] (VMware, Inc.)
R2 vsmon; C:\Program Files\CheckPoint\ZoneAlarm\vsmon.exe [2447440 2012-10-09] (Check Point Software Technologies LTD)
S3 Hamachi2Svc; "C:\Program Files\LogMeIn Hamachi\hamachi-2.exe" -s [x]
==================== Drivers (Whitelisted) ====================
R2 atksgt; C:\Windows\System32\DRIVERS\atksgt.sys [281760 2013-06-30] ()
R3 CompFilter; C:\Windows\System32\DRIVERS\lvbusflt.sys [22176 2012-01-18] (Logitech Inc.)
R1 ElbyCDIO; C:\Windows\System32\Drivers\ElbyCDIO.sys [26024 2009-12-18] (Elaborate Bytes AG)
S3 ENTECH; C:\Windows\system32\DRIVERS\ENTECH.sys [27672 2008-09-17] (EnTech Taiwan)
S3 FsUsbExDisk; C:\Windows\system32\FsUsbExDisk.SYS [36640 2010-03-26] ()
S3 hamachi; C:\Windows\System32\DRIVERS\hamachi.sys [26176 2009-03-18] (LogMeIn, Inc.)
R2 hcmon; C:\Windows\system32\drivers\hcmon.sys [32496 2011-08-29] (VMware, Inc.)
S3 htcnprot; C:\Windows\System32\DRIVERS\htcnprot.sys [23040 2012-09-25] (Windows (R) Win 7 DDK provider)
S3 huawei_cdcacm; C:\Windows\System32\DRIVERS\ew_jucdcacm.sys [90368 2012-04-19] (Huawei Technologies Co., Ltd.)
S3 huawei_ext_ctrl; C:\Windows\System32\DRIVERS\ew_juextctrl.sys [26624 2012-04-19] (Huawei Technologies Co., Ltd.)
S3 huawei_wwanecm; C:\Windows\System32\DRIVERS\ew_juwwanecm.sys [181760 2012-04-19] (Huawei Technologies Co., Ltd.)
R2 ISWKL; C:\Program Files\CheckPoint\ZAForceField\ISWKL.sys [27056 2012-08-30] (Check Point Software Technologies)
S3 KoneFltr; C:\Windows\System32\drivers\Kone.sys [13056 2008-12-11] (ROCCAT Ltd)
R3 LEqdUsb; C:\Windows\System32\Drivers\LEqdUsb.Sys [42648 2011-09-02] (Logitech, Inc.)
R3 LHidEqd; C:\Windows\System32\Drivers\LHidEqd.Sys [12184 2011-09-02] (Logitech, Inc.)
R2 lirsgt; C:\Windows\System32\DRIVERS\lirsgt.sys [25888 2013-06-30] ()
R3 LMouFilt; C:\Windows\System32\DRIVERS\LMouFilt.Sys [39192 2011-09-02] (Logitech, Inc.)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [211560 2013-06-18] (Microsoft Corporation)
R3 SCREAMINGBDRIVER; C:\Windows\System32\drivers\ScreamingBAudio.sys [34384 2009-11-26] (Screaming Bee LLC)
R0 sptd; C:\Windows\System32\Drivers\sptd.sys [691696 2010-02-02] ()
S3 tap0901t; C:\Windows\System32\DRIVERS\tap0901t.sys [27136 2009-09-16] (Tunngle.net)
R3 VIAHdAudAddService; C:\Windows\System32\drivers\viahduaa.sys [1086976 2009-09-17] (VIA Technologies, Inc.)
R3 vmkbd; C:\Windows\system32\drivers\VMkbd.sys [25584 2011-11-14] (VMware, Inc.)
S3 VMnetAdapter; C:\Windows\System32\DRIVERS\vmnetadapter.sys [16624 2011-11-13] (VMware, Inc.)
R2 VMnetBridge; C:\Windows\System32\DRIVERS\vmnetbridge.sys [36464 2011-11-13] (VMware, Inc.)
R2 VMnetuserif; C:\Windows\system32\drivers\vmnetuserif.sys [25712 2011-11-14] (VMware, Inc.)
R2 VMparport; C:\Windows\system32\Drivers\VMparport.sys [23792 2011-11-14] (VMware, Inc.)
R2 vmx86; C:\Windows\system32\Drivers\vmx86.sys [55664 2011-11-14] (VMware, Inc.)
R1 Vsdatant; C:\Windows\System32\DRIVERS\vsdatant.sys [455256 2011-05-07] (Check Point Software Technologies LTD)
S3 wod0205; C:\Windows\System32\DRIVERS\wod0205.sys [28936 2011-04-23] (WeOnlyDo Software)
S3 xnacc; C:\Windows\System32\DRIVERS\xnacc.sys [465408 2009-07-14] (Microsoft Corporation)
U3 a5zh9iz8; C:\Windows\System32\Drivers\a5zh9iz8.sys [0 ] (Microsoft Corporation)
S3 catchme; \??\C:\Users\Alex\AppData\Local\Temp\catchme.sys [x]
S3 cpuz130; \??\C:\Users\Alex\AppData\Local\Temp\cpuz130\cpuz_x32.sys [x]
S3 EagleNT; \??\C:\Windows\system32\drivers\EagleNT.sys [x]
S3 EagleXNt; \??\C:\Windows\system32\drivers\EagleXNt.sys [x]
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2013-07-14 16:12 - 2013-07-14 16:12 - 01218214 _____ (Farbar) C:\Users\Alex\Desktop\FRST.exe
2013-07-14 14:28 - 2013-07-14 14:33 - 00011319 _____ C:\Users\Alex\Desktop\Abi-Rechnung.xlsx
2013-07-14 09:41 - 2013-07-14 09:41 - 00000000 ____D C:\Program Files\ESET
2013-07-13 18:33 - 2013-07-13 18:33 - 00000000 ____D C:\Windows\ERUNT
2013-07-13 12:11 - 2013-07-13 18:37 - 00000000 ____D C:\Users\Alex\Desktop\hotkeys_2.11
2013-07-13 12:10 - 2013-07-13 12:31 - 00000744 _____ C:\Users\Alex\Desktop\zoidberg.txt
2013-07-13 09:58 - 2013-07-13 10:12 - 00000000 ____D C:\Qoobox
2013-07-13 09:58 - 2011-06-26 08:45 - 00256000 _____ C:\Windows\PEV.exe
2013-07-13 09:58 - 2010-11-07 19:20 - 00208896 _____ C:\Windows\MBR.exe
2013-07-13 09:58 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2013-07-13 09:58 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2013-07-13 09:58 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2013-07-13 09:58 - 2000-08-31 02:00 - 00098816 _____ C:\Windows\sed.exe
2013-07-13 09:58 - 2000-08-31 02:00 - 00080412 _____ C:\Windows\grep.exe
2013-07-13 09:58 - 2000-08-31 02:00 - 00068096 _____ C:\Windows\zip.exe
2013-07-13 09:57 - 2013-07-13 10:11 - 00000000 ____D C:\Windows\erdnt
2013-07-13 09:56 - 2013-07-15 10:28 - 00000000 ____D C:\Users\Alex\Desktop\Antivirus
2013-07-12 11:30 - 2013-07-12 11:30 - 00000000 ____D C:\FRST
2013-07-11 15:14 - 2013-07-11 15:17 - 00000000 ____D C:\Windows\system32\MRT
2013-07-10 10:17 - 2013-06-12 01:43 - 14329856 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-07-10 10:17 - 2013-06-12 01:43 - 02877440 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-07-10 10:17 - 2013-06-12 01:43 - 01767936 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-07-10 10:17 - 2013-06-12 01:43 - 01141248 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-07-10 10:17 - 2013-06-12 01:43 - 00690688 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-07-10 10:17 - 2013-06-12 01:43 - 00493056 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-07-10 10:17 - 2013-06-12 01:43 - 00042496 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-07-10 10:17 - 2013-06-12 01:43 - 00039424 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-07-10 10:17 - 2013-06-12 01:42 - 13760512 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-07-10 10:17 - 2013-06-12 01:42 - 02046976 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-07-10 10:17 - 2013-06-12 01:42 - 00391168 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-07-10 10:17 - 2013-06-12 01:42 - 00109056 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2013-07-10 10:17 - 2013-06-12 01:42 - 00061440 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-07-10 10:17 - 2013-06-12 01:42 - 00033280 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-07-10 10:17 - 2013-06-12 00:51 - 00071680 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2013-07-10 10:17 - 2013-06-07 04:37 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-07-10 10:15 - 2013-07-10 10:15 - 00001144 _____ C:\Users\Alex\Desktop\HotlineMiami.lnk
2013-07-10 10:10 - 2013-06-05 05:05 - 02347520 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2013-07-10 10:10 - 2013-06-04 06:53 - 00509440 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2013-07-10 10:10 - 2013-05-06 06:56 - 01620480 _____ (Microsoft Corporation) C:\Windows\system32\WMVDECOD.DLL
2013-07-10 10:10 - 2013-04-10 01:34 - 01247744 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2013-07-05 13:51 - 2013-07-05 13:52 - 00001971 _____ C:\Users\Alex\Desktop\MediathekView.lnk
2013-07-03 21:21 - 2013-07-03 21:21 - 00000000 ____D C:\Program Files\Mozilla Firefox
2013-07-03 19:13 - 2013-07-04 16:24 - 00000000 ____D C:\Users\Alex\MediathekView
2013-07-03 19:08 - 2013-07-03 19:08 - 00000000 ____D C:\Users\Alex\.mediathek3
2013-07-03 19:08 - 2013-07-03 19:08 - 00000000 ____D C:\Program Files\MediathekView_3.2.1
2013-06-30 20:38 - 2013-06-30 20:38 - 00000000 ____D C:\Users\Alex\Documents\naild
2013-06-30 20:23 - 2013-06-30 20:23 - 00001551 _____ C:\Users\Public\Desktop\Nail'd.lnk
2013-06-30 20:05 - 2013-06-30 20:05 - 00281760 _____ C:\Windows\system32\Drivers\atksgt.sys
2013-06-30 20:05 - 2013-06-30 20:05 - 00025888 _____ C:\Windows\system32\Drivers\lirsgt.sys
2013-06-26 15:00 - 2013-06-26 15:00 - 00000930 _____ C:\Users\Public\Desktop\calibre - E-book management.lnk
2013-06-21 21:05 - 2013-06-21 21:05 - 00004932 _____ C:\Windows\system32\jupdate-1.7.0_25-b16.log
2013-06-21 21:05 - 2013-06-12 21:48 - 00094632 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge.dll
2013-06-21 21:05 - 2013-06-12 21:43 - 00263592 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
2013-06-21 21:05 - 2013-06-12 21:43 - 00175016 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe
2013-06-21 21:05 - 2013-06-12 21:43 - 00175016 _____ (Oracle Corporation) C:\Windows\system32\java.exe
2013-06-18 21:50 - 2013-06-18 21:50 - 00211560 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\MpFilter.sys
==================== One Month Modified Files and Folders =======
2013-07-15 10:30 - 2010-10-09 12:26 - 00000000 ____D C:\Users\Alex\AppData\Local\PMB Files
2013-07-15 10:28 - 2013-07-13 09:56 - 00000000 ____D C:\Users\Alex\Desktop\Antivirus
2013-07-15 10:28 - 2009-12-21 23:11 - 00000000 ___RD C:\Users\Alex\Desktop
2013-07-15 10:23 - 2012-10-18 19:43 - 00000000 ____D C:\Users\Alex\AppData\Roaming\Skype
2013-07-15 10:08 - 2009-12-22 12:52 - 00375193 _____ C:\Windows\setupact.log
2013-07-15 10:01 - 2013-02-23 15:41 - 00001094 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-07-15 10:01 - 2013-02-23 15:41 - 00001090 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-07-15 09:58 - 2013-05-21 11:07 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-07-15 08:52 - 2009-12-21 22:59 - 01454388 _____ C:\Windows\WindowsUpdate.log
2013-07-15 08:48 - 2009-07-14 06:34 - 00014800 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-07-15 08:48 - 2009-07-14 06:34 - 00014800 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-07-15 08:41 - 2012-12-08 14:23 - 00000000 ____D C:\Users\Alex\AppData\Local\HTC MediaHub
2013-07-15 08:40 - 2011-12-31 18:13 - 00000000 ____D C:\ProgramData\VMware
2013-07-15 08:40 - 2009-07-14 06:53 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-07-14 21:13 - 2010-10-09 12:26 - 00000000 ____D C:\ProgramData\PMB Files
2013-07-14 16:12 - 2013-07-14 16:12 - 01218214 _____ (Farbar) C:\Users\Alex\Desktop\FRST.exe
2013-07-14 14:33 - 2013-07-14 14:28 - 00011319 _____ C:\Users\Alex\Desktop\Abi-Rechnung.xlsx
2013-07-14 09:42 - 2009-12-21 23:10 - 01620094 _____ C:\Windows\system32\PerfStringBackup.INI
2013-07-14 09:41 - 2013-07-14 09:41 - 00000000 ____D C:\Program Files\ESET
2013-07-13 18:37 - 2013-07-13 12:11 - 00000000 ____D C:\Users\Alex\Desktop\hotkeys_2.11
2013-07-13 18:33 - 2013-07-13 18:33 - 00000000 ____D C:\Windows\ERUNT
2013-07-13 18:28 - 2009-12-22 12:51 - 00000000 ____D C:\Users\Alex\AppData\Roaming\CheckPoint
2013-07-13 18:26 - 2010-06-20 22:07 - 00000000 ____D C:\ProgramData\ICQ
2013-07-13 18:26 - 2010-03-24 14:45 - 00000000 ____D C:\Program Files\Common Files\DVDVideoSoft
2013-07-13 15:41 - 2010-05-20 18:22 - 00000000 ____D C:\Users\Alex\AppData\Roaming\TS3Client
2013-07-13 13:04 - 2010-05-15 17:23 - 00000000 ____D C:\Program Files\Steam
2013-07-13 12:41 - 2010-05-15 17:23 - 00000000 ____D C:\Program Files\Common Files\Steam
2013-07-13 12:31 - 2013-07-13 12:10 - 00000744 _____ C:\Users\Alex\Desktop\zoidberg.txt
2013-07-13 10:32 - 2009-12-22 13:53 - 00170650 _____ C:\Windows\PFRO.log
2013-07-13 10:12 - 2013-07-13 09:58 - 00000000 ____D C:\Qoobox
2013-07-13 10:12 - 2009-07-14 04:37 - 00000000 __RHD C:\Users\Default
2013-07-13 10:12 - 2009-07-14 04:37 - 00000000 ___RD C:\Users\Public
2013-07-13 10:11 - 2013-07-13 09:57 - 00000000 ____D C:\Windows\erdnt
2013-07-13 10:11 - 2009-07-14 04:04 - 00000215 _____ C:\Windows\system.ini
2013-07-12 11:30 - 2013-07-12 11:30 - 00000000 ____D C:\FRST
2013-07-12 11:25 - 2012-10-18 20:12 - 00000000 ___RD C:\Program Files\Skype
2013-07-12 11:25 - 2009-12-26 12:38 - 00000000 ____D C:\ProgramData\Skype
2013-07-11 19:38 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\Microsoft.NET
2013-07-11 15:17 - 2013-07-11 15:14 - 00000000 ____D C:\Windows\system32\MRT
2013-07-10 15:18 - 2012-12-29 18:06 - 00000000 ____D C:\ProgramData\LightScribe
2013-07-10 14:56 - 2012-10-30 19:57 - 00001912 _____ C:\Windows\epplauncher.mif
2013-07-10 14:49 - 2012-10-30 19:56 - 00000000 ____D C:\Program Files\Microsoft Security Client
2013-07-10 13:17 - 2009-07-14 06:33 - 03803248 _____ C:\Windows\system32\FNTCACHE.DAT
2013-07-10 10:43 - 2009-07-14 10:56 - 00000000 ____D C:\Program Files\Windows Journal
2013-07-10 10:43 - 2009-07-14 06:52 - 00000000 ____D C:\Program Files\Windows Defender
2013-07-10 10:17 - 2009-12-26 12:50 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-07-10 10:15 - 2013-07-10 10:15 - 00001144 _____ C:\Users\Alex\Desktop\HotlineMiami.lnk
2013-07-10 10:15 - 2009-12-23 21:26 - 00000000 ____D C:\_Gamez
2013-07-05 20:23 - 2009-12-22 12:42 - 00000000 ____D C:\Users\Alex\AppData\Roaming\vlc
2013-07-05 13:52 - 2013-07-05 13:51 - 00001971 _____ C:\Users\Alex\Desktop\MediathekView.lnk
2013-07-04 16:24 - 2013-07-03 19:13 - 00000000 ____D C:\Users\Alex\MediathekView
2013-07-04 16:20 - 2012-04-25 16:50 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service
2013-07-03 21:21 - 2013-07-03 21:21 - 00000000 ____D C:\Program Files\Mozilla Firefox
2013-07-03 19:13 - 2009-12-21 23:11 - 00000000 ____D C:\Users\Alex
2013-07-03 19:08 - 2013-07-03 19:08 - 00000000 ____D C:\Users\Alex\.mediathek3
2013-07-03 19:08 - 2013-07-03 19:08 - 00000000 ____D C:\Program Files\MediathekView_3.2.1
2013-06-30 20:38 - 2013-06-30 20:38 - 00000000 ____D C:\Users\Alex\Documents\naild
2013-06-30 20:23 - 2013-06-30 20:23 - 00001551 _____ C:\Users\Public\Desktop\Nail'd.lnk
2013-06-30 20:23 - 2009-07-14 04:37 - 00000000 __RHD C:\Users\Public\Desktop
2013-06-30 20:05 - 2013-06-30 20:05 - 00281760 _____ C:\Windows\system32\Drivers\atksgt.sys
2013-06-30 20:05 - 2013-06-30 20:05 - 00025888 _____ C:\Windows\system32\Drivers\lirsgt.sys
2013-06-30 19:57 - 2009-12-22 13:52 - 00000000 ___HD C:\Program Files\InstallShield Installation Information
2013-06-30 19:54 - 2010-01-08 16:19 - 00000000 ____D C:\Users\Alex\AppData\Roaming\dvdcss
2013-06-26 15:01 - 2012-05-02 19:26 - 00000000 ____D C:\Program Files\Calibre2
2013-06-26 15:00 - 2013-06-26 15:00 - 00000930 _____ C:\Users\Public\Desktop\calibre - E-book management.lnk
2013-06-24 00:37 - 2009-12-24 13:31 - 75733144 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2013-06-23 17:57 - 2010-06-14 15:31 - 00000000 ____D C:\Program Files\JDownloader
2013-06-22 13:25 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\rescache
2013-06-21 21:05 - 2013-06-21 21:05 - 00004932 _____ C:\Windows\system32\jupdate-1.7.0_25-b16.log
2013-06-21 21:05 - 2013-05-04 20:24 - 00000000 ____D C:\Program Files\Java
2013-06-19 19:29 - 2013-06-06 16:16 - 00000000 ____D C:\Users\Alex\AppData\Roaming\RIFT
2013-06-18 21:50 - 2013-06-18 21:50 - 00211560 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\MpFilter.sys
2013-06-18 21:50 - 2012-08-30 23:03 - 00107392 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\NisDrvWFP.sys
2013-06-16 17:45 - 2009-12-26 14:01 - 00000000 ____D C:\Users\Alex\Documents\My Games
==================== Bamital & volsnap Check =================
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
LastRegBack: 2013-07-13 14:19
==================== End Of Log ============================
Noch ne Frage: Bei dem Log hier bei den Prozessen sind ziemlich viele drin die eigentlich nicht laufen sollten (z.B. das der TeamViewer läuft) die stehen aber trotzdem nicht bei mir im Autostart drin. Gibt es noch eine andere Möglichkeit das zu ändern? Mit freundlichen Grüßen GuitarFreak |
|
15.07.2013, 10:53
| #14 |
| /// the machine /// TB-Ausbilder | Virenfund unter Desinfect Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster. Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument Code:
ATTFilter ProxyServer: 212.227.80.22:3128
Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
TeamViewer ist zb nur der Hintergrund-Service. Das kannste über den Autostart regeln.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
15.07.2013, 12:25
| #15 |
| | Virenfund unter Desinfect Hi, ok alles klar. Hier der Log: Code:
ATTFilter Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 14-07-2013
Ran by Alex at 2013-07-15 13:24:30 Run:1
Running from C:\Users\Alex\Desktop
Boot Mode: Normal
==============================================
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer => Value deleted successfully.
==== End of Fixlog ====
|
|
| Themen zu Virenfund unter Desinfect |
| antimalware, bootloader, dateien, doppel, doppelt, eingefangen, entfernen, erfolgreich, erneut, fund, gehören, hoffe, nichts, programm, rechner, spyware, tipps, trojanerboard, verdächtige, verseucht, versucht, virenfund, windows, wirklich, überprüfen |
Linear-Darstellung
