|
Log-Analyse und Auswertung: Umleitung zu ww94.btosjs.infoWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
29.08.2013, 14:47 | #1 |
| Umleitung zu ww94.btosjs.info Hi, Nachdem ich mir auf meinem Laptop gestern nen Virus eingefangen habe, hatte ich eh schon überlegt mal meinen anderen Rechner zu überprüfen, da habe ich auf einmal ne komische Umleitung zuhxxp://ww94.btosjs.info/ automatisch in mehreren Tabs meines Browsers(Chrome). Hier die Logs: MBAM Code:
ATTFilter Malwarebytes Anti-Malware 1.75.0.1300 www.malwarebytes.org Datenbank Version: v2013.08.29.05 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 10.0.9200.16660 Daniel :: DANIEL-PC [Administrator] 29.08.2013 15:15:59 mbam-log-2013-08-29 (15-15-59).txt Art des Suchlaufs: Quick-Scan Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 273896 Laufzeit: 14 Minute(n), Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 10 HKCR\CLSID\{1756ECE6-D070-1474-4B6D-4B26D0425F41} (PUP.Optional.MultiPlug.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1756ECE6-D070-1474-4B6D-4B26D0425F41} (PUP.Optional.MultiPlug.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{1756ECE6-D070-1474-4B6D-4B26D0425F41} (PUP.Optional.MultiPlug.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{1756ECE6-D070-1474-4B6D-4B26D0425F41} (PUP.Optional.MultiPlug.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCR\CLSID\{7DF243A0-01A4-263C-621D-A61A3C1C7DDB} (PUP.Optional.MultiPlug.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7DF243A0-01A4-263C-621D-A61A3C1C7DDB} (PUP.Optional.MultiPlug.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{7DF243A0-01A4-263C-621D-A61A3C1C7DDB} (PUP.Optional.MultiPlug.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{7DF243A0-01A4-263C-621D-A61A3C1C7DDB} (PUP.Optional.MultiPlug.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{C3F3165C-74D3-6FDB-3274-14FDA8698CFA} (PUP.Optional.SilentInstall.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{655308F2-A559-BE38-E4CA-4D547FB44370} (PUP.Optional.Tarma.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 1 HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows|AppInit_DLLs (PUP.Optional.SProtect.A) -> Bösartig: (c:\progra~2\browse~1\sprote~1.dll) Gut: () -> Erfolgreich ersetzt und in Quarantäne gestellt. Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 12 C:\Program Files (x86)\BrowseToSave\sprotector.dll (PUP.Optional.SProtect.A) -> Löschen bei Neustart. C:\ProgramData\Browwsse2saVee\5130744f5ebac.dll (PUP.Optional.MultiPlug.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\ProgramData\Breowsse2isavee\51497b2e732d7.dll (PUP.Optional.MultiPlug.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\ProgramData\Breowsse2isavee\uninstall.exe (PUP.Optional.SilentInstall.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\ProgramData\Browwsse2saVee\uninstall.exe (PUP.Optional.SilentInstall.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\ProgramData\InstallMate\{30EAE41E-94D5-4E3D-ACD6-DCF7EB09C6E8}\Setup.exe (PUP.Optional.Tarma.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\ProgramData\InstallMate\{30EAE41E-94D5-4E3D-ACD6-DCF7EB09C6E8}\TsuDll.dll (PUP.Optional.Tarma.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Daniel\AppData\Local\Temp\is-ANH4U.tmp\dealio.exe (PUP.Dealio.TB) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Windows\Temp\DealioToolbar.exe (PUP.Dealio.TB) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Daniel\Downloads\SoftonicDownloader_fuer_power-mp3-recorder(2).exe (PUP.OfferBundler.ST) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Daniel\Downloads\SoftonicDownloader_fuer_power-mp3-recorder.exe (PUP.OfferBundler.ST) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Daniel\Downloads\SoftonicDownloader_fuer_power-sound-editor.exe (PUP.OfferBundler.ST) -> Erfolgreich gelöscht und in Quarantäne gestellt. (Ende) Code:
ATTFilter ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Junkware Removal Tool (JRT) by Thisisu Version: 5.5.5 (08.28.2013:1) OS: Windows 7 Ultimate x64 Ran by Daniel on 29.08.2013 at 15:32:31,63 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~ Services Successfully stopped: [Service] application updater Successfully deleted: [Service] application updater ~~~ Registry Values Successfully deleted: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\searchsettings ~~~ Registry Keys Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\AppID\nctaudiocdgrabber2.dll Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{2CE4D4CF-B278-4126-AD1E-B622DA2E8339} Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F} Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755} Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\conduit Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\softonic Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\yahoopartnertoolbar Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\software\dealio Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\software\search settings Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\sprotector Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\application updater Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\conduit Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\systweak Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\systweakasp_rasapi32 Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\systweakasp_rasmancs Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\sp global Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\sprotector Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\AskInstallChecker-1_RASAPI32 Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\AskInstallChecker-1_RASMANCS Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\dealio_RASAPI32 Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\dealio_RASMANCS Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\SoftonicDownloader_fuer_audio-recorder-for-free_RASAPI32 Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\SoftonicDownloader_fuer_audio-recorder-for-free_RASMANCS Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\SoftonicDownloader_fuer_power-mp3-recorder(2)_RASAPI32 Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\SoftonicDownloader_fuer_power-mp3-recorder(2)_RASMANCS Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\SoftonicDownloader_fuer_power-sound-editor_RASAPI32 Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\SoftonicDownloader_fuer_power-sound-editor_RASMANCS Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\AskInstallChecker-1_RASAPI32 Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\AskInstallChecker-1_RASMANCS Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\dealio_RASAPI32 Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\dealio_RASMANCS Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\SoftonicDownloader_fuer_audio-recorder-for-free_RASAPI32 Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\SoftonicDownloader_fuer_audio-recorder-for-free_RASMANCS Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\SoftonicDownloader_fuer_power-mp3-recorder(2)_RASAPI32 Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\SoftonicDownloader_fuer_power-mp3-recorder(2)_RASMANCS Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\SoftonicDownloader_fuer_power-sound-editor_RASAPI32 Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\SoftonicDownloader_fuer_power-sound-editor_RASMANCS Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C} ~~~ Files Successfully deleted: [File] "C:\end" ~~~ Folders Successfully deleted: [Folder] "C:\ProgramData\softsafe" Successfully deleted: [Folder] "C:\Users\Daniel\AppData\Roaming\dvdvideosoftiehelpers" Successfully deleted: [Folder] "C:\Users\Daniel\AppData\Roaming\systweak" Successfully deleted: [Folder] "C:\Users\Daniel\appdata\local\downtango" Successfully deleted: [Folder] "C:\Users\Daniel\appdata\locallow\boost_interprocess" Successfully deleted: [Folder] "C:\Users\Daniel\appdata\locallow\dealio" Successfully deleted: [Folder] "C:\Users\Daniel\appdata\locallow\search settings" Successfully deleted: [Folder] "C:\Program Files (x86)\application updater" Successfully deleted: [Folder] "C:\Program Files (x86)\dealio toolbar" Failed to delete: [Folder] "C:\Program Files (x86)\Common Files\spigot" ~~~ FireFox Successfully deleted: [File] C:\Users\Daniel\AppData\Roaming\mozilla\firefox\profiles\lq1ok6po.default\searchplugins\conduit.xml Failed to delete: [Folder] C:\Users\Daniel\AppData\Roaming\mozilla\firefox\profiles\lq1ok6po.default\extensions\dealio@mybrowserbar.com Successfully deleted: [Folder] C:\Users\Daniel\AppData\Roaming\mozilla\firefox\profiles\lq1ok6po.default\extensions\{ACAA314B-EEBA-48E4-AD47-84E31C44796C} Successfully deleted the following from C:\Users\Daniel\AppData\Roaming\mozilla\firefox\profiles\lq1ok6po.default\prefs.js user_pref("CommunityToolbar.CantToolbarBeEngineOwner", "CT2269050"); user_pref("CommunityToolbar.ETag.hxxp://Settings.toolbar.search.conduit.com/root/CT2269050/CT2269050", "\"1324548390\""); user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/666138/661999/DE", "\"0\""); user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/909619/905414/DE", "\"0\""); user_pref("CommunityToolbar.ETag.hxxp://appsmetadata.toolbar.conduit-services.com/?ctid=CT2269050", "\"1323704474\""); user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=GottenApps&locale=en", "wVmmvqqOMqrv5xct1cJIHg=="); user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=OtherApps&locale=en", "0uSPYx+Kl2jpu8sJZMeHjw=="); user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=SharedApps&locale=en", "Dclc8oo4TTv7+mAkSlUSWg=="); user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=Toolbar&locale=en", "K4Vqu91uAzWURlxJRdXJOg=="); user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.alert.conduit-services.com/alert/dlg.pkg", "\"07879643d3acc1:0\""); user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.engine.conduit-services.com/DLG.pkg?ver=3.3.3.2", "\"0652eeacc6cb1:0\""); user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.3.3.2", "\"0652eeacc6cb1:0\""); user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.8.1.0", "\"80ee9485875dcc1:0\""); user_pref("CommunityToolbar.ETag.hxxp://servicemap.conduit-services.com/Toolbar/?ownerId=CT2269050", "\"3e5a4f275840b518b14c5ff3d7391b70\""); user_pref("CommunityToolbar.ETag.hxxp://settings.engine.conduit-services.com/?browser=FF&lut=0", "634356118310000000"); user_pref("CommunityToolbar.ETag.hxxp://settings.engine.conduit-services.com/?browser=FF&lut=3/13/2011 11:17:11 AM", "634356118310000000"); user_pref("CommunityToolbar.ETag.hxxp://settings.toolbar.search.conduit.com/root/CT2269050/CT2269050", "\"1301832746\""); user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/Bluenote/equalizer_dead.gif", "\"0a8c48d3330c81:0\""); user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/Bluenote/minimize.gif", "\"0e2106f3030c81:0\""); user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/Bluenote/play.gif", "\"0f475394430c81:0\""); user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/Bluenote/stop.gif", "\"08d9ef44430c81:0\""); user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/Bluenote/vol.gif", "\"066e8863030c81:0\""); user_pref("CommunityToolbar.ETag.hxxp://translation.toolbar.conduit-services.com/?locale=en", "\"1d81252562c31be757300e4205a85371\""); user_pref("CommunityToolbar.EngineOwner", "ConduitEngine"); user_pref("CommunityToolbar.EngineOwnerGuid", "engine@conduit.com"); user_pref("CommunityToolbar.EngineOwnerToolbarId", "conduitengine"); user_pref("CommunityToolbar.IsEngineShown", true); user_pref("CommunityToolbar.IsMyStuffImportedToEngine", true); user_pref("CommunityToolbar.LatestLibsPath", "file:///C:\\Users\\Daniel\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\lq1ok6po.default\\conduitCommon\\modules\\3.8.1.0"); user_pref("CommunityToolbar.LatestToolbarVersionInstalled", "3.8.1.0"); user_pref("CommunityToolbar.OriginalEngineOwner", "ConduitEngine"); user_pref("CommunityToolbar.OriginalEngineOwnerGuid", "engine@conduit.com"); user_pref("CommunityToolbar.OriginalEngineOwnerToolbarId", "conduitengine"); user_pref("CommunityToolbar.SearchFromAddressBarSavedUrl", "hxxp://de.search.yahoo.com/search?fr=mcafee&p="); user_pref("CommunityToolbar.ToolbarsList", "ConduitEngine"); user_pref("CommunityToolbar.ToolbarsList2", ""); user_pref("CommunityToolbar.alert.alertDialogsGetterLastCheckTime", "Sat Apr 02 2011 18:24:06 GMT+0200"); user_pref("CommunityToolbar.alert.alertInfoInterval", 1440); user_pref("CommunityToolbar.alert.alertInfoLastCheckTime", "Sun Apr 03 2011 19:43:57 GMT+0200"); user_pref("CommunityToolbar.alert.clientsServerUrl", "hxxp://alert.client.conduit.com"); user_pref("CommunityToolbar.alert.locale", "en"); user_pref("CommunityToolbar.alert.loginIntervalMin", 1440); user_pref("CommunityToolbar.alert.loginLastCheckTime", "Sun Apr 03 2011 18:24:04 GMT+0200"); user_pref("CommunityToolbar.alert.loginLastUpdateTime", "1291048634"); user_pref("CommunityToolbar.alert.messageShowTimeSec", 20); user_pref("CommunityToolbar.alert.servicesServerUrl", "hxxp://alert.services.conduit.com"); user_pref("CommunityToolbar.alert.showTrayIcon", false); user_pref("CommunityToolbar.alert.userCloseIntervalMin", 300); user_pref("CommunityToolbar.alert.userId", "{98bdf956-ee8f-4dba-8245-6c48e9152c87}"); user_pref("CommunityToolbar.globalUserId", "c0193d71-16f3-43db-a352-78912b02d475"); user_pref("CommunityToolbar.isAlertUrlAddedToFeedItemTable", true); user_pref("CommunityToolbar.isClickActionAddedToFeedItemTable", true); user_pref("CommunityToolbar.keywordURLSelectedCTID", "CT2269050"); user_pref("CommunityToolbar.notifications.alertDialogsGetterLastCheckTime", "Thu Dec 22 2011 18:15:54 GMT+0100"); user_pref("CommunityToolbar.notifications.alertInfoInterval", 60); user_pref("CommunityToolbar.notifications.alertInfoLastCheckTime", "Thu Dec 22 2011 18:16:02 GMT+0100"); user_pref("CommunityToolbar.notifications.clientsServerUrl", "hxxp://alert.client.conduit.com"); user_pref("CommunityToolbar.notifications.locale", "en"); user_pref("CommunityToolbar.notifications.loginIntervalMin", 1440); user_pref("CommunityToolbar.notifications.loginLastCheckTime", "Thu Dec 22 2011 18:15:50 GMT+0100"); user_pref("CommunityToolbar.notifications.loginLastUpdateTime", "1313487611"); user_pref("CommunityToolbar.notifications.messageShowTimeSec", 20); user_pref("CommunityToolbar.notifications.servicesServerUrl", "hxxp://alert.services.conduit.com"); user_pref("CommunityToolbar.notifications.showTrayIcon", false); user_pref("CommunityToolbar.notifications.userCloseIntervalMin", 300); user_pref("CommunityToolbar.notifications.userId", "0cfeca78-eae3-403d-884b-5123e2aad726"); user_pref("ConduitEngine.AppTrackingLastCheckTime", "Sat Apr 02 2011 18:24:17 GMT+0200"); user_pref("ConduitEngine.CTID", "ConduitEngine"); user_pref("ConduitEngine.DialogsGetterLastCheckTime", "Sat Apr 02 2011 18:24:08 GMT+0200"); user_pref("ConduitEngine.FirstServerDate", "04/02/2011 19"); user_pref("ConduitEngine.FirstTime", true); user_pref("ConduitEngine.FirstTimeFF3", true); user_pref("ConduitEngine.HasUserGlobalKeys", true); user_pref("ConduitEngine.Initialize", true); user_pref("ConduitEngine.InitializeCommonPrefs", true); user_pref("ConduitEngine.InstalledDate", "Sat Apr 02 2011 18:24:24 GMT+0200"); user_pref("ConduitEngine.IsMulticommunity", false); user_pref("ConduitEngine.IsOpenThankYouPage", false); user_pref("ConduitEngine.IsOpenUninstallPage", true); user_pref("ConduitEngine.LanguagePackLastCheckTime", "Sun Apr 03 2011 18:24:09 GMT+0200"); user_pref("ConduitEngine.LastLogin_3.3.3.2", "Sun Apr 03 2011 18:43:07 GMT+0200"); user_pref("ConduitEngine.SearchFromAddressBarIsInit", true); user_pref("ConduitEngine.SettingsLastCheckTime", "Sun Apr 03 2011 18:43:07 GMT+0200"); user_pref("ConduitEngine.UserID", "UN56710006099256773"); user_pref("ConduitEngine.componentAlertEnabled", false); user_pref("ConduitEngine.engineLocale", "de"); user_pref("ConduitEngine.enngineContextMenuLastCheckTime", "Sun Apr 03 2011 18:24:09 GMT+0200"); user_pref("ConduitEngine.globalFirstTimeInfoLastCheckTime", "Sun Apr 03 2011 15:43:07 GMT+0200"); user_pref("ConduitEngine.initDone", true); user_pref("ConduitEngine.isAppTrackingManagerOn", true); user_pref("aol_toolbar.default.homepage.check", false); user_pref("aol_toolbar.default.search.check", false); user_pref("browser.search.defaulturl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2269050&SearchSource=3&q={searchTerms}"); user_pref("extensions.BabylonToolbar.prtkDS", 0); user_pref("extensions.BabylonToolbar.prtkHmpg", 0); user_pref("sweetim.toolbar.previous.browser.search.defaultenginename", ""); user_pref("sweetim.toolbar.previous.browser.search.selectedEngine", ""); user_pref("sweetim.toolbar.previous.browser.startup.homepage", ""); user_pref("sweetim.toolbar.previous.keyword.URL", ""); user_pref("sweetim.toolbar.scripts.1.domain-blacklist", ""); user_pref("sweetim.toolbar.searchguard.UserRejectedGuard_DS", ""); user_pref("sweetim.toolbar.searchguard.UserRejectedGuard_HP", ""); user_pref("sweetim.toolbar.searchguard.enable", ""); Emptied folder: C:\Users\Daniel\AppData\Roaming\mozilla\firefox\profiles\lq1ok6po.default\minidumps [24 files] ~~~ Event Viewer Logs were cleared ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Scan was completed on 29.08.2013 at 15:41:31,89 End of JRT log ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 28-08-2013 Ran by Daniel (administrator) on 29-08-2013 15:43:45 Running from C:\Users\Daniel\Desktop Windows 7 Ultimate Service Pack 1 (X64) OS Language: German Standard Internet Explorer Version 10 Boot Mode: Normal ==================== Processes (Whitelisted) ================= (NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation) C:\PROGRAM FILES\NVIDIA CORPORATION\DISPLAY\NVXDSYNC.EXE (NVIDIA Corporation) C:\WINDOWS\SYSTEM32\NVVSVC.EXE (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe (Intel Corporation) C:\Windows\system32\IProsetMonitor.exe (McAfee, Inc.) C:\PROGRAM FILES\COMMON FILES\MCAFEE\MCSVCHOST\MCSVHOST.EXE (McAfee, Inc.) C:\WINDOWS\SYSTEM32\MFEVTPS.EXE (PostgreSQL Global Development Group) C:\Program Files (x86)\PostgreSQL\8.4\bin\pg_ctl.exe (Crawler.com) C:\Program Files (x86)\Spyware Terminator\st_rsser64.exe (McAfee, Inc.) C:\PROGRAM FILES\COMMON FILES\MCAFEE\SYSTEMCORE\MCSHIELD.EXE (McAfee, Inc.) C:\PROGRAM FILES\COMMON FILES\MCAFEE\SYSTEMCORE\MFEFIRE.EXE (PostgreSQL Global Development Group) C:\PROGRAM FILES (X86)\POSTGRESQL\8.4\BIN\POSTGRES.EXE (PostgreSQL Global Development Group) C:\PROGRAM FILES (X86)\POSTGRESQL\8.4\BIN\POSTGRES.EXE (PostgreSQL Global Development Group) C:\PROGRAM FILES (X86)\POSTGRESQL\8.4\BIN\POSTGRES.EXE (PostgreSQL Global Development Group) C:\Program Files (x86)\PostgreSQL\8.4\bin\postgres.exe (PostgreSQL Global Development Group) C:\PROGRAM FILES (X86)\POSTGRESQL\8.4\BIN\POSTGRES.EXE (Crawler.com) C:\PROGRAM FILES (X86)\SPYWARE TERMINATOR\SPYWARETERMINATORSHIELD.EXE () C:\USERS\DANIEL\LOCAL SETTINGS\APPS\F.LUX\FLUX.EXE (TrueCrypt Foundation) C:\PROGRAM FILES\TRUECRYPT\TRUECRYPT.EXE (Crawler.com) C:\PROGRAM FILES (X86)\SPYWARE TERMINATOR\SPYWARETERMINATORUPDATE.EXE (NVIDIA Corporation) C:\PROGRAM FILES\NVIDIA CORPORATION\DISPLAY\NVTRAY.EXE (Space Sciences Laboratory) C:\PROGRAM FILES (X86)\BOINC\BOINCMGR.EXE (Space Sciences Laboratory) C:\PROGRAM FILES (X86)\BOINC\BOINCMGR.EXE (Space Sciences Laboratory) C:\PROGRAM FILES (X86)\BOINC\BOINCTRAY.EXE (McAfee, Inc.) C:\PROGRAM FILES\MCAFEE.COM\AGENT\MCAGENT.EXE (shbox.de) C:\PROGRAM FILES (X86)\FREEPDF_XP\FPASSIST.EXE () C:\PROGRAM FILES (X86)\DIVX\DIVX UPDATE\DIVXUPDATE.EXE (Oracle Corporation) C:\PROGRAM FILES (X86)\COMMON FILES\JAVA\JAVA UPDATE\JUSCHED.EXE (Dropbox, Inc.) C:\USERS\DANIEL\APPDATA\ROAMING\DROPBOX\BIN\DROPBOX.EXE (Apple Inc.) C:\PROGRAM FILES (X86)\ITUNES\ITUNESHELPER.EXE (Spigot Inc) C:\PROGRAM FILES (X86)\COMMON FILES\SPIGOT\SEARCH SETTINGS\SEARCHSETTINGS64.EXE (Space Sciences Laboratory) C:\PROGRAM FILES (X86)\BOINC\BOINC.EXE (Apple Inc.) C:\PROGRAM FILES\IPOD\BIN\IPODSERVICE.EXE () C:\PROGRAMDATA\BOINC\PROJECTS\EINSTEIN.PHYS.UWM.EDU\EINSTEIN_S6CASA_1.05_WINDOWS_INTELX86__SSE2.EXE () C:\PROGRAMDATA\BOINC\PROJECTS\EINSTEIN.PHYS.UWM.EDU\EINSTEIN_S6CASA_1.05_WINDOWS_INTELX86__SSE2.EXE () C:\PROGRAMDATA\BOINC\PROJECTS\EINSTEIN.PHYS.UWM.EDU\EINSTEIN_S6CASA_1.05_WINDOWS_INTELX86__SSE2.EXE () C:\PROGRAMDATA\BOINC\PROJECTS\EINSTEIN.PHYS.UWM.EDU\EINSTEIN_S6CASA_1.05_WINDOWS_INTELX86__SSE2.EXE (McAfee, Inc.) C:\PROGRAM FILES (X86)\MCAFEE ONLINE BACKUP\MOBKBACKUP.EXE (McAfee, Inc.) C:\PROGRAM FILES (X86)\MCAFEE ONLINE BACKUP\MOBKBACKUP.EXE (McAfee, Inc.) C:\PROGRAM FILES\MCAFEE\MAT\MCPVTRAY.EXE (OpenOffice.org) C:\PROGRAM FILES (X86)\OPENOFFICE.ORG 3\PROGRAM\SCALC.EXE (OpenOffice.org) C:\PROGRAM FILES (X86)\OPENOFFICE.ORG 3\PROGRAM\SOFFICE.EXE (OpenOffice.org) C:\PROGRAM FILES (X86)\OPENOFFICE.ORG 3\PROGRAM\SOFFICE.BIN (Microsoft Corporation) C:\WINDOWS\SPLWOW64.EXE () C:\PROGRAM FILES (X86)\POKERSTRATEGY.COM\POKERSTRATEGY.COM EQUILAB - OMAHA\OMAHAEQUILAB.EXE () C:\PROGRAM FILES\PPTODDSORACLE\PPT ODDS ORACLE.EXE () C:\PROGRAMDATA\BOINC\PROJECTS\EINSTEIN.PHYS.UWM.EDU\EINSTEIN_S6CASA_1.05_WINDOWS_INTELX86__SSE2.EXE (PokerStars) C:\PROGRAM FILES (X86)\POKERSTARS\POKERSTARS.EXE (Hold'em Manager) C:\PROGRAM FILES (X86)\RVG SOFTWARE\HOLDEM MANAGER\HOLDEMMANAGER.EXE (PostgreSQL Global Development Group) C:\PROGRAM FILES (X86)\POSTGRESQL\8.4\BIN\POSTGRES.EXE (Hold'em Manager) C:\PROGRAM FILES (X86)\RVG SOFTWARE\HOLDEM MANAGER\HMIMPORT.EXE (PostgreSQL Global Development Group) C:\PROGRAM FILES (X86)\POSTGRESQL\8.4\BIN\POSTGRES.EXE () C:\PROGRAMDATA\BOINC\PROJECTS\EINSTEIN.PHYS.UWM.EDU\EINSTEINBINARY_BRP5_1.39_WINDOWS_INTELX86__BRP5-CUDA32-NV301.EXE () C:\PROGRAMDATA\BOINC\PROJECTS\EINSTEIN.PHYS.UWM.EDU\EINSTEIN_S6CASA_1.05_WINDOWS_INTELX86__SSE2.EXE (Microsoft Corporation) C:\WINDOWS\SYSTEM32\TASKMGR.EXE (Google Inc.) C:\USERS\DANIEL\APPDATA\LOCAL\GOOGLE\CHROME\APPLICATION\CHROME.EXE (Google Inc.) C:\USERS\DANIEL\APPDATA\LOCAL\GOOGLE\CHROME\APPLICATION\CHROME.EXE (Google Inc.) C:\USERS\DANIEL\APPDATA\LOCAL\GOOGLE\CHROME\APPLICATION\CHROME.EXE (Google Inc.) C:\USERS\DANIEL\APPDATA\LOCAL\GOOGLE\CHROME\APPLICATION\CHROME.EXE (Google Inc.) C:\USERS\DANIEL\APPDATA\LOCAL\GOOGLE\CHROME\APPLICATION\CHROME.EXE (Google Inc.) C:\USERS\DANIEL\APPDATA\LOCAL\GOOGLE\CHROME\APPLICATION\CHROME.EXE (Google Inc.) C:\USERS\DANIEL\APPDATA\LOCAL\GOOGLE\CHROME\APPLICATION\CHROME.EXE (Google Inc.) C:\USERS\DANIEL\APPDATA\LOCAL\GOOGLE\CHROME\APPLICATION\CHROME.EXE (Google Inc.) C:\USERS\DANIEL\APPDATA\LOCAL\GOOGLE\CHROME\APPLICATION\CHROME.EXE (Google Inc.) C:\USERS\DANIEL\APPDATA\LOCAL\GOOGLE\CHROME\APPLICATION\CHROME.EXE (Google Inc.) C:\USERS\DANIEL\APPDATA\LOCAL\GOOGLE\CHROME\APPLICATION\CHROME.EXE (Google Inc.) C:\USERS\DANIEL\APPDATA\LOCAL\GOOGLE\CHROME\APPLICATION\CHROME.EXE (Google Inc.) C:\USERS\DANIEL\APPDATA\LOCAL\GOOGLE\CHROME\APPLICATION\CHROME.EXE (Microsoft Corporation) C:\PROGRAM FILES\WINDOWS DEFENDER\MPCMDRUN.EXE ==================== Registry (Whitelisted) ================== HKLM\...\Run: [Logitech Download Assistant] - C:\Windows\System32\LogiLDA.dll [1580368 2010-11-03] (Logitech, Inc.) HKLM\...\Run: [SpywareTerminatorShield] - C:\Program Files (x86)\Spyware Terminator\SpywareTerminatorShield.exe [2777736 2013-02-12] (Crawler.com) HKLM\...\Run: [SpywareTerminatorUpdater] - C:\Program Files (x86)\Spyware Terminator\SpywareTerminatorUpdate.exe [3684488 2013-04-03] (Crawler.com) HKLM-x32\...\RunOnce: [ Malwarebytes Anti-Malware ] - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent [532040 2013-04-04] (Malwarebytes Corporation) HKLM-x32\...\RunOnce: [ Malwarebytes Anti-Malware (cleanup)] - rundll32.exe "C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware\cleanup.dll",ProcessCleanupScript [1127496 2013-04-04] (Malwarebytes Corporation) HKCU\...\Run: [Google Update] - C:\Users\Daniel\AppData\Local\Google\Update\GoogleUpdate.exe [136176 2011-02-02] (Google Inc.) HKCU\...\Run: [F.lux] - C:\Users\Daniel\Local Settings\Apps\F.lux\flux.exe [966656 2009-08-29] () HKCU\...\Run: [TrueCrypt] - C:\Program Files\TrueCrypt\TrueCrypt.exe [1517520 2011-12-30] (TrueCrypt Foundation) HKCU\...\Run: [MobileDocuments] - C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe [x] HKCU\...\Run: [Skype] - C:\Program Files (x86)\Skype\Phone\Skype.exe [19875432 2013-06-21] (Skype Technologies S.A.) MountPoints2: {8c4fcc91-7951-11df-ae5b-806e6f6e6963} - E:\Setup.exe MountPoints2: {c1760b35-3519-11e0-ad2e-002268685223} - J:\setup.exe AUTORUN=1 HKLM-x32\...\Run: [AppleSyncNotifier] - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe [59240 2011-09-27] (Apple Inc.) HKLM-x32\...\Run: [boincmgr] - C:\Program Files (x86)\BOINC\boincmgr.exe [4862720 2010-07-01] (Space Sciences Laboratory) HKLM-x32\...\Run: [boinctray] - C:\Program Files (x86)\BOINC\boinctray.exe [58112 2010-07-01] (Space Sciences Laboratory) HKLM-x32\...\Run: [mcui_exe] - C:\Program Files\McAfee.com\Agent\mcagent.exe [1535112 2012-09-12] (McAfee, Inc.) HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.) HKLM-x32\...\Run: [FreePDF Assistant] - C:\Program Files (x86)\FreePDF_XP\fpassist.exe [371200 2011-02-23] (shbox.de) HKLM-x32\...\Run: [DivXMediaServer] - C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe [450560 2012-11-13] () HKLM-x32\...\Run: [DivXUpdate] - C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe [1263512 2012-11-01] () HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [253816 2013-03-12] (Oracle Corporation) HKLM-x32\...\Run: [QuickTime Task] - C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2013-05-01] (Apple Inc.) HKLM-x32\...\Run: [iTunesHelper] - C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2013-05-31] (Apple Inc.) HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-05-11] (Adobe Systems Incorporated) HKLM-x32\...\Run: [] - [x] Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\web'n'walk Manager.lnk ShortcutTarget: web'n'walk Manager.lnk -> C:\Program Files (x86)\T-Mobile\web'n'walk Manager\web'n'walk Manager.exe (No File) Startup: C:\Users\Daniel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\BOINC Manager.lnk ShortcutTarget: BOINC Manager.lnk -> C:\Program Files (x86)\BOINC\boincmgr.exe (Space Sciences Laboratory) Startup: C:\Users\Daniel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk ShortcutTarget: Dropbox.lnk -> C:\Users\Daniel\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) ==================== Internet (Whitelisted) ==================== HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp URLSearchHook: (No Name) - {01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C} - No File URLSearchHook: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~2\mcafee\SITEAD~1\x64\mcieplg.dll (McAfee, Inc.) SearchScopes: HKCU - DefaultScope {5127137B-B71D-479F-9AE8-BAEB052E7037} URL = hxxp://de.search.yahoo.com/search?fr=mcafee&p={SearchTerms} SearchScopes: HKCU - {355C7709-2685-407E-87C9-74E60F82A503} URL = hxxp://de.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=867034&p={searchTerms} SearchScopes: HKCU - {5127137B-B71D-479F-9AE8-BAEB052E7037} URL = hxxp://de.search.yahoo.com/search?fr=mcafee&p={SearchTerms} BHO: McAfee Phishing Filter - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\PROGRA~1\mcafee\msk\MSKAPB~1.DLL No File BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~2\mcafee\SITEAD~1\x64\mcieplg.dll (McAfee, Inc.) BHO-x32: McAfee Phishing Filter - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\progra~1\mcafee\msk\mskapbho.dll No File BHO-x32: DivX Plus Web Player HTML5 <video> - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC) BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO-x32: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll (McAfee, Inc.) BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) Toolbar: HKLM - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~2\mcafee\SITEAD~1\x64\mcieplg.dll (McAfee, Inc.) Toolbar: HKLM-x32 - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll (McAfee, Inc.) Toolbar: HKLM-x32 - Dealio Toolbar - {01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C} - C:\Program Files (x86)\Dealio Toolbar\IE\7.4\dealioToolbarIE.dll No File DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\x64\mcieplg.dll (McAfee, Inc.) Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\x64\mcieplg.dll (McAfee, Inc.) Handler-x32: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll (McAfee, Inc.) Handler-x32: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll (McAfee, Inc.) Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies) Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\PROGRA~1\mcafee\msc\MCSNIE~1.DLL (McAfee, Inc.) Filter-x32: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\progra~2\mcafee\msc\mcsniepl.dll (McAfee, Inc.) Tcpip\Parameters: [DhcpNameServer] 192.168.178.1 FireFox: ======== FF ProfilePath: C:\Users\Daniel\AppData\Roaming\Mozilla\Firefox\Profiles\lq1ok6po.default FF SelectedSearchEngine: Sichere Suche FF Homepage: hxxp://www.groupon.de/deals/dresden|hxxp://de.pokerstrategy.com FF Keyword.URL: hxxp://de.search.yahoo.com/search?fr=mcafee&p= FF NetworkProxy: "http", "174.137.150.197" FF NetworkProxy: "http_port", 8080 FF NetworkProxy: "socks_remote_dns", true FF NetworkProxy: "type", 0 FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_8_800_94.dll () FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 - C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.) FF Plugin: @mcafee.com/MSC,version=10 - c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL () FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation) FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_94.dll () FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () FF Plugin-x32: @divx.com/DivX Browser Plugin,version=1.0.0 - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC) FF Plugin-x32: @divx.com/DivX VOD Helper,version=1.0.0 - C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.) FF Plugin-x32: @garmin.com/GpsControl - C:\Program Files (x86)\Garmin GPS Plugin\npGarmin.dll (GARMIN Corp.) FF Plugin-x32: @java.com/DTPlugin,version=10.25.2 - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=10.25.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin-x32: @mcafee.com/MSC,version=10 - c:\progra~2\mcafee\msc\npmcsn~1.dll () FF Plugin-x32: @mcafee.com/SAFFPlugin - C:\Program Files (x86)\McAfee\SiteAdvisor\npmcffplg32.dll (McAfee, Inc.) FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation) FF Plugin-x32: @nvidia.com/3DVision - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation) FF Plugin-x32: @nvidia.com/3DVisionStreaming - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation) FF Plugin-x32: @videolan.org/vlc,version=2.0.1 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN) FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF Plugin HKCU: @tools.google.com/Google Update;version=3 - C:\Users\Daniel\AppData\Local\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.) FF Plugin HKCU: @tools.google.com/Google Update;version=9 - C:\Users\Daniel\AppData\Local\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.) FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\McSiteAdvisor.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml FF Extension: No Name - C:\Users\Daniel\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384} FF Extension: FoxyProxy Basic - C:\Users\Daniel\AppData\Roaming\Mozilla\Firefox\Profiles\lq1ok6po.default\Extensions\foxyproxy@eric.h.jung FF Extension: ProxTube - Gesperrte YouTube Videos entsperren - C:\Users\Daniel\AppData\Roaming\Mozilla\Firefox\Profiles\lq1ok6po.default\Extensions\ich@maltegoetz.de FF Extension: Breowsse2isavee - C:\Users\Daniel\AppData\Roaming\Mozilla\Firefox\Profiles\lq1ok6po.default\Extensions\lwqaioa@avkwzs.edu FF Extension: Browwsse2saVee - C:\Users\Daniel\AppData\Roaming\Mozilla\Firefox\Profiles\lq1ok6po.default\Extensions\mhglg2ji5l@zvvl-vr.co.uk FF Extension: Cooliris - C:\Users\Daniel\AppData\Roaming\Mozilla\Firefox\Profiles\lq1ok6po.default\Extensions\piclens@cooliris.com FF Extension: CookieSafe - C:\Users\Daniel\AppData\Roaming\Mozilla\Firefox\Profiles\lq1ok6po.default\Extensions\{9D23D0AA-D8F5-11DA-B3FC-0928ABF316DD} FF Extension: WOT - C:\Users\Daniel\AppData\Roaming\Mozilla\Firefox\Profiles\lq1ok6po.default\Extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} FF Extension: DownloadHelper - C:\Users\Daniel\AppData\Roaming\Mozilla\Firefox\Profiles\lq1ok6po.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} FF Extension: dealio - C:\Users\Daniel\AppData\Roaming\Mozilla\Firefox\Profiles\lq1ok6po.default\Extensions\dealio@mybrowserbar.com FF Extension: No Name - C:\Users\Daniel\AppData\Roaming\Mozilla\Firefox\Profiles\lq1ok6po.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi FF Extension: No Name - C:\Users\Daniel\AppData\Roaming\Mozilla\Firefox\Profiles\lq1ok6po.default\Extensions\{ef4e370e-d9f0-4e00-b93e-a4f274cfdd5a}.xpi FF Extension: Default - C:\Program Files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} FF HKLM-x32\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] C:\Program Files (x86)\McAfee\SiteAdvisor FF Extension: McAfee SiteAdvisor - C:\Program Files (x86)\McAfee\SiteAdvisor FF HKLM-x32\...\Firefox\Extensions: [{23fcfd51-4958-4f00-80a3-ae97e717ed8b}] C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 FF Extension: DivX Plus Web Player HTML5 <video> - C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] C:\Program Files\McAfee\MSK FF Extension: McAfee Anti-Spam Thunderbird Extension - C:\Program Files\McAfee\MSK Chrome: ======= CHR HomePage: hxxp://www.groupon.de/deals/dresden CHR RestoreOnStartup: "" CHR DefaultSearchURL: (Google) - {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding} CHR DefaultSuggestURL: (Google) - {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}sugkey={google:suggestAPIKeyParameter} CHR Plugin: (Remoting Viewer) - internal-remoting-viewer CHR Plugin: (Native Client) - C:\Users\Daniel\AppData\Local\Google\Chrome\Application\29.0.1547.62\ppGoogleNaClPluginChrome.dll () CHR Plugin: (Chrome PDF Viewer) - C:\Users\Daniel\AppData\Local\Google\Chrome\Application\29.0.1547.62\pdf.dll () CHR Plugin: (Shockwave Flash) - C:\Users\Daniel\AppData\Local\Google\Chrome\Application\29.0.1547.62\gcswf32.dll No File CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll No File CHR Plugin: (McAfee SiteAdvisor) - C:\Users\Daniel\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho\3.41.123.2_0\McChPlg.dll No File CHR Plugin: (McAfee SiteAdvisor) - C:\Program Files (x86)\McAfee\SiteAdvisor\npmcffplg32.dll (McAfee, Inc.) CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll No File CHR Plugin: (Microsoft\u00AE Windows Media Player Firefox Plugin) - C:\Program Files (x86)\Mozilla Firefox\plugins\np-mswmp.dll (Microsoft Corporation) CHR Plugin: (Java Deployment Toolkit 6.0.310.5) - C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll No File CHR Plugin: (Java(TM) Platform SE 6 U31) - C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll No File CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin.dll (Apple Inc.) CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll (Apple Inc.) CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll (Apple Inc.) CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll (Apple Inc.) CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll (Apple Inc.) CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin6.dll No File CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin7.dll No File CHR Plugin: (DivX VOD Helper Plug-in) - C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.) CHR Plugin: (DivX Web Player) - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC) CHR Plugin: (Silverlight Plug-In) - C:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll No File CHR Plugin: (NVIDIA 3D Vision) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation) CHR Plugin: (NVIDIA 3D VISION) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation) CHR Plugin: (VLC Web Plugin) - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN) CHR Plugin: (iTunes Application Detector) - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () CHR Plugin: (Google Update) - C:\Users\Daniel\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll No File CHR Plugin: (McAfee SecurityCenter) - c:\progra~2\mcafee\msc\npmcsn~1.dll () CHR Extension: (ProxTube) - C:\Users\Daniel\AppData\Local\Google\Chrome\User Data\Default\Extensions\aakchaleigkohafkfjfjbblobjifikek\1.2.4_0 CHR Extension: (Adblock Plus) - C:\Users\Daniel\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.5.4_0 CHR Extension: (Grooveshark Germany unlocker) - C:\Users\Daniel\AppData\Local\Google\Chrome\User Data\Default\Extensions\docdgimmdejoiemdafcgeodchlbllgac\2.3.4_0 CHR Extension: (ICE Quick Stream) - C:\Users\Daniel\AppData\Local\Google\Chrome\User Data\Default\Extensions\dpioikmjnfipgphjldakcaocbbpnfabl\6.1_0 CHR Extension: (SiteAdvisor) - C:\Users\Daniel\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho\3.6.3.1241_0 CHR Extension: (AT_ChuckAnderson) - C:\Users\Daniel\AppData\Local\Google\Chrome\User Data\Default\Extensions\gegkoiakifeoejnjkbnnojkkdoegeofp\3_0 CHR Extension: (Chrome In-App Payments service) - C:\Users\Daniel\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.4.10_0 CHR Extension: (DivX Plus Web Player HTML5 \u003Cvideo\u003E) - C:\Users\Daniel\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.2.145_0 CHR Extension: (NotScripts) - C:\Users\Daniel\AppData\Local\Google\Chrome\User Data\Default\Extensions\odjhifogjcknibkahlpidmdajjpkkcfn\0.9.6_0 CHR HKLM-x32\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files (x86)\McAfee\SiteAdvisor\McChPlg.crx CHR HKLM-x32\...\Chrome\Extension: [nneajnkjbffgblleaoojgaacokifdkhm] - C:\Program Files (x86)\DivX\DivX Plus Web Player\chrome\DivXHTML5\DivXHTML5.crx ==================== Services (Whitelisted) ================= R2 McAfee SiteAdvisor Service; C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [201304 2012-08-31] (McAfee, Inc.) R2 McMPFSvc; C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [201304 2012-08-31] (McAfee, Inc.) R2 mcmscsvc; C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [201304 2012-08-31] (McAfee, Inc.) R2 McNaiAnn; C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [201304 2012-08-31] (McAfee, Inc.) R2 McNASvc; C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [201304 2012-08-31] (McAfee, Inc.) S3 McODS; C:\Program Files\McAfee\VirusScan\mcods.exe [383608 2012-09-10] (McAfee, Inc.) R2 McProxy; C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [201304 2012-08-31] (McAfee, Inc.) R2 McShield; C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe [237920 2012-06-22] (McAfee, Inc.) R2 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [218320 2012-06-22] (McAfee, Inc.) R2 mfevtp; C:\Windows\system32\mfevtps.exe [177144 2012-06-22] (McAfee, Inc.) R2 MOBKbackup; C:\Program Files (x86)\McAfee Online Backup\MOBKbackup.exe [231224 2010-04-13] (McAfee, Inc.) R2 MSK80Service; C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [201304 2012-08-31] (McAfee, Inc.) R2 ST2012_Svc; C:\Program Files (x86)\Spyware Terminator\st_rsser64.exe [1149104 2013-02-12] (Crawler.com) S3 aspnet_state; %SystemRoot%\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [x] R2 postgresql-8.4; C:/Program Files (x86)/PostgreSQL/8.4/bin/pg_ctl.exe runservice -N "postgresql-8.4" -D "C:/Program Files (x86)/PostgreSQL/8.4/data" -w [x] ==================== Drivers (Whitelisted) ==================== R3 cfwids; C:\Windows\System32\drivers\cfwids.sys [69672 2012-06-22] (McAfee, Inc.) S3 GT72NDISIPXP; C:\Windows\System32\DRIVERS\Gt51Ip.sys [124416 2007-11-13] (Option N.V.) S3 GT72UBUS; C:\Windows\System32\DRIVERS\gt72ubus.sys [80896 2007-10-09] (Option N.V.) S3 GTPTSER; C:\Windows\System32\DRIVERS\gtptser.sys [10624 2007-03-30] (Option N.V.) S3 HipShieldK; C:\Windows\System32\drivers\HipShieldK.sys [196440 2012-04-20] (McAfee, Inc.) R0 McPvDrv; C:\Windows\System32\drivers\McPvDrv.sys [73096 2012-09-14] (McAfee, Inc.) R3 mfeapfk; C:\Windows\System32\drivers\mfeapfk.sys [169320 2012-06-22] (McAfee, Inc.) R3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [300392 2012-06-22] (McAfee, Inc.) R3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [513456 2012-06-22] (McAfee, Inc.) R0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [752672 2012-06-22] (McAfee, Inc.) S3 mferkdet; C:\Windows\System32\drivers\mferkdet.sys [106112 2012-06-22] (McAfee, Inc.) R0 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [335784 2012-06-22] (McAfee, Inc.) R1 MOBKFilter; C:\Windows\System32\DRIVERS\MOBK.sys [66040 2010-04-13] (Mozy, Inc.) R0 speedfan; C:\Windows\SysWow64\speedfan.sys [14104 2007-02-07] (Windows (R) Server 2003 DDK provider) R0 speedfan; C:\Windows\SysWow64\speedfan.sys [14104 2007-02-07] (Windows (R) Server 2003 DDK provider) R2 sp_rsdrv2; C:\Windows\System32\DRIVERS\stflt.sys [51496 2013-03-20] (Windows (R) Win 7 DDK provider) U3 mfeavfk01; No ImagePath S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [x] S3 tsusbhub; system32\drivers\tsusbhub.sys [x] S3 VGPU; System32\drivers\rdvgkmd.sys [x] ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2013-08-29 15:41 - 2013-08-29 15:41 - 00015446 _____ C:\Users\Daniel\Desktop\JRT.txt 2013-08-29 15:32 - 2013-08-29 15:32 - 00000000 ____D C:\Windows\ERUNT 2013-08-29 15:22 - 2013-08-29 15:22 - 01579080 _____ (Farbar) C:\Users\Daniel\Desktop\FRST64.exe 2013-08-29 15:22 - 2013-08-29 15:22 - 01023533 _____ (Thisisu) C:\Users\Daniel\Desktop\JRT.exe 2013-08-29 15:14 - 2013-08-29 15:14 - 00000000 ____D C:\Users\Daniel\AppData\Roaming\Malwarebytes 2013-08-29 15:13 - 2013-08-29 15:13 - 00001073 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk 2013-08-29 15:13 - 2013-08-29 15:13 - 00000000 ____D C:\ProgramData\Malwarebytes 2013-08-29 15:13 - 2013-08-29 15:13 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware 2013-08-29 15:13 - 2013-04-04 14:50 - 00025928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys 2013-08-29 15:12 - 2013-08-29 15:12 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\Daniel\Desktop\mbam-setup-1.75.0.1300.exe 2013-08-29 11:20 - 2013-08-29 12:20 - 00000119 ____H C:\Users\Daniel\Desktop\.~lock.Equity.ods# 2013-08-27 11:10 - 2013-08-27 12:12 - 00010437 _____ C:\Users\Daniel\Desktop\todoSchach.odt 2013-08-14 09:09 - 2013-07-26 07:13 - 02241024 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2013-08-14 09:09 - 2013-07-26 07:13 - 01365504 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2013-08-14 09:09 - 2013-07-26 07:13 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe 2013-08-14 09:09 - 2013-07-26 07:12 - 19239424 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2013-08-14 09:09 - 2013-07-26 07:12 - 15405056 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2013-08-14 09:09 - 2013-07-26 07:12 - 03958784 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2013-08-14 09:09 - 2013-07-26 07:12 - 02647040 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2013-08-14 09:09 - 2013-07-26 07:12 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll 2013-08-14 09:09 - 2013-07-26 07:12 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2013-08-14 09:09 - 2013-07-26 07:12 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll 2013-08-14 09:09 - 2013-07-26 07:12 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll 2013-08-14 09:09 - 2013-07-26 07:12 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll 2013-08-14 09:09 - 2013-07-26 07:12 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll 2013-08-14 09:09 - 2013-07-26 07:12 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll 2013-08-14 09:09 - 2013-07-26 05:35 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2013-08-14 09:09 - 2013-07-26 05:13 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2013-08-14 09:09 - 2013-07-26 05:13 - 01141248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2013-08-14 09:09 - 2013-07-26 05:12 - 14329344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2013-08-14 09:09 - 2013-07-26 05:12 - 02877440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll 2013-08-14 09:09 - 2013-07-26 05:12 - 02048512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2013-08-14 09:09 - 2013-07-26 05:12 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll 2013-08-14 09:09 - 2013-07-26 05:12 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll 2013-08-14 09:09 - 2013-07-26 05:12 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll 2013-08-14 09:09 - 2013-07-26 05:12 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll 2013-08-14 09:09 - 2013-07-26 05:12 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll 2013-08-14 09:09 - 2013-07-26 05:12 - 00039936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll 2013-08-14 09:09 - 2013-07-26 05:11 - 13761024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2013-08-14 09:09 - 2013-07-26 05:11 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll 2013-08-14 09:09 - 2013-07-26 04:49 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb 2013-08-14 09:09 - 2013-07-26 04:39 - 00089600 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe 2013-08-14 09:09 - 2013-07-26 03:59 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe 2013-08-14 07:52 - 2013-07-09 07:52 - 00224256 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll 2013-08-14 07:52 - 2013-07-09 07:46 - 01472512 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll 2013-08-14 07:52 - 2013-07-09 07:46 - 00184320 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll 2013-08-14 07:52 - 2013-07-09 07:46 - 00139776 _____ (Microsoft Corporation) C:\Windows\system32\cryptnet.dll 2013-08-14 07:52 - 2013-07-09 06:52 - 00175104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll 2013-08-14 07:52 - 2013-07-09 06:46 - 01166848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll 2013-08-14 07:52 - 2013-07-09 06:46 - 00140288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll 2013-08-14 07:52 - 2013-07-09 06:46 - 00103936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll 2013-08-14 07:51 - 2013-07-19 03:58 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll 2013-08-14 07:51 - 2013-07-19 03:41 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll 2013-08-14 07:50 - 2013-07-25 11:25 - 01888768 _____ (Microsoft Corporation) C:\Windows\system32\WMVDECOD.DLL 2013-08-14 07:50 - 2013-07-25 10:57 - 01620992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVDECOD.DLL 2013-08-14 07:50 - 2013-07-09 08:03 - 05550528 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe 2013-08-14 07:50 - 2013-07-09 07:54 - 01732032 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll 2013-08-14 07:50 - 2013-07-09 07:53 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll 2013-08-14 07:50 - 2013-07-09 07:51 - 01217024 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll 2013-08-14 07:50 - 2013-07-09 07:03 - 03968960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe 2013-08-14 07:50 - 2013-07-09 07:03 - 03913664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe 2013-08-14 07:50 - 2013-07-09 06:53 - 01292192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll 2013-08-14 07:50 - 2013-07-09 06:52 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll 2013-08-14 07:50 - 2013-07-09 06:52 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll 2013-08-14 07:50 - 2013-07-09 04:49 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe 2013-08-14 07:50 - 2013-07-09 04:49 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll 2013-08-14 07:50 - 2013-07-09 04:49 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe 2013-08-14 07:50 - 2013-07-09 04:49 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe 2013-08-14 07:50 - 2013-07-06 08:03 - 01910208 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys 2013-08-14 07:50 - 2013-06-15 06:35 - 01111552 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll 2013-08-14 07:50 - 2013-06-15 06:32 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tssecsrv.sys 2013-08-06 09:30 - 2013-08-06 09:30 - 00001979 _____ C:\Users\Public\Desktop\Adobe Reader XI.lnk 2013-08-06 09:30 - 2013-08-06 09:30 - 00000000 ____D C:\Program Files (x86)\Adobe ==================== One Month Modified Files and Folders ======= 2013-08-29 15:43 - 2013-08-29 15:43 - 00000000 ____D C:\FRST 2013-08-29 15:42 - 2011-02-02 19:52 - 00000000 ____D C:\ProgramData\BOINC 2013-08-29 15:41 - 2013-08-29 15:41 - 00015446 _____ C:\Users\Daniel\Desktop\JRT.txt 2013-08-29 15:37 - 2012-10-09 10:57 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job 2013-08-29 15:32 - 2013-08-29 15:32 - 00000000 ____D C:\Windows\ERUNT 2013-08-29 15:31 - 2013-03-20 10:29 - 00000000 ____D C:\ProgramData\Breowsse2isavee 2013-08-29 15:31 - 2013-03-01 11:28 - 00000000 ____D C:\ProgramData\Browwsse2saVee 2013-08-29 15:24 - 2010-07-09 15:01 - 00000000 ____D C:\Users\Daniel\AppData\Roaming\Skype 2013-08-29 15:22 - 2013-08-29 15:22 - 01579080 _____ (Farbar) C:\Users\Daniel\Desktop\FRST64.exe 2013-08-29 15:22 - 2013-08-29 15:22 - 01023533 _____ (Thisisu) C:\Users\Daniel\Desktop\JRT.exe 2013-08-29 15:14 - 2013-08-29 15:14 - 00000000 ____D C:\Users\Daniel\AppData\Roaming\Malwarebytes 2013-08-29 15:13 - 2013-08-29 15:13 - 00001073 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk 2013-08-29 15:13 - 2013-08-29 15:13 - 00000000 ____D C:\ProgramData\Malwarebytes 2013-08-29 15:13 - 2013-08-29 15:13 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware 2013-08-29 15:12 - 2013-08-29 15:12 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\Daniel\Desktop\mbam-setup-1.75.0.1300.exe 2013-08-29 14:54 - 2009-07-14 19:58 - 00664618 _____ C:\Windows\system32\perfh007.dat 2013-08-29 14:54 - 2009-07-14 19:58 - 00134786 _____ C:\Windows\system32\perfc007.dat 2013-08-29 14:54 - 2009-07-14 07:13 - 01527868 _____ C:\Windows\system32\PerfStringBackup.INI 2013-08-29 14:49 - 2010-06-16 16:19 - 01792699 _____ C:\Windows\WindowsUpdate.log 2013-08-29 14:45 - 2011-02-02 01:34 - 00001124 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3367036293-2228256684-2732229916-1001UA.job 2013-08-29 13:41 - 2010-06-16 17:40 - 00000000 ____D C:\Users\Daniel\AppData\Local\PokerStars.EU 2013-08-29 12:20 - 2013-08-29 11:20 - 00000119 ____H C:\Users\Daniel\Desktop\.~lock.Equity.ods# 2013-08-29 12:20 - 2012-07-24 13:29 - 00027883 _____ C:\Users\Daniel\Desktop\Equity.ods 2013-08-29 12:20 - 2012-01-13 16:06 - 00313856 ___SH C:\Users\Daniel\Desktop\Thumbs.db 2013-08-29 10:50 - 2013-03-20 10:45 - 00000000 ____D C:\ProgramData\Spyware Terminator 2013-08-29 09:52 - 2009-07-14 06:51 - 00144155 _____ C:\Windows\setupact.log 2013-08-29 09:52 - 2009-07-14 06:45 - 00014608 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2013-08-29 09:52 - 2009-07-14 06:45 - 00014608 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2013-08-29 09:51 - 2012-11-29 13:24 - 00000000 ___RD C:\Users\Daniel\Dropbox 2013-08-29 09:51 - 2012-11-29 13:20 - 00000000 ____D C:\Users\Daniel\AppData\Roaming\Dropbox 2013-08-29 09:45 - 2010-06-16 16:27 - 00000000 ____D C:\ProgramData\NVIDIA 2013-08-29 09:45 - 2009-07-14 07:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT 2013-08-28 22:20 - 2013-05-30 21:47 - 00017130 _____ C:\Users\Daniel\Desktop\Serien.ods 2013-08-28 10:35 - 2010-06-16 17:19 - 00000000 ____D C:\Users\postgres 2013-08-27 12:12 - 2013-08-27 11:10 - 00010437 _____ C:\Users\Daniel\Desktop\todoSchach.odt 2013-08-27 09:45 - 2011-02-02 01:34 - 00001072 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3367036293-2228256684-2732229916-1001Core.job 2013-08-26 10:43 - 2013-07-29 10:27 - 00021455 _____ C:\Users\Daniel\Desktop\PLO Secrets.odt 2013-08-23 09:19 - 2010-06-16 16:39 - 00000000 ____D C:\Program Files (x86)\McAfee 2013-08-23 09:18 - 2010-06-16 16:46 - 00087368 _____ C:\Windows\PFRO.log 2013-08-21 14:38 - 2012-10-09 10:57 - 00692104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2013-08-21 14:38 - 2012-10-09 10:57 - 00003822 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater 2013-08-21 14:38 - 2011-06-17 19:05 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2013-08-14 20:40 - 2010-06-17 23:56 - 00000000 ____D C:\ProgramData\Adobe 2013-08-14 20:39 - 2010-06-16 17:15 - 00000000 ____D C:\Users\Daniel\AppData\Roaming\Adobe 2013-08-14 16:54 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\rescache 2013-08-14 09:05 - 2013-07-26 01:33 - 00000000 ____D C:\Windows\system32\MRT 2013-08-14 09:03 - 2010-06-25 10:13 - 78161360 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe 2013-08-06 09:30 - 2013-08-06 09:30 - 00001979 _____ C:\Users\Public\Desktop\Adobe Reader XI.lnk 2013-08-06 09:30 - 2013-08-06 09:30 - 00000000 ____D C:\Program Files (x86)\Adobe 2013-08-06 09:29 - 2010-06-17 23:57 - 00000000 ____D C:\Users\Daniel\AppData\Local\Adobe Files to move or delete: ==================== C:\Users\Daniel\AppData\Local\Temp\DivXSetup.exe C:\Users\Daniel\AppData\Local\Temp\DWPUpgradeInstaller.exe C:\Users\Daniel\AppData\Local\Temp\FP_AX_MSI_INSTALLER.exe C:\Users\Daniel\AppData\Local\Temp\FP_PL_PFS_INSTALLER.exe C:\Users\Daniel\AppData\Local\Temp\GUR79EF.exe C:\Users\Daniel\AppData\Local\Temp\i4jdel0.exe C:\Users\Daniel\AppData\Local\Temp\jre-6u21-windows-i586-iftw-rv.exe C:\Users\Daniel\AppData\Local\Temp\jre-6u22-windows-i586-iftw-rv.exe C:\Users\Daniel\AppData\Local\Temp\jre-6u23-windows-i586-iftw-rv.exe C:\Users\Daniel\AppData\Local\Temp\jre-6u24-windows-i586-iftw-rv.exe C:\Users\Daniel\AppData\Local\Temp\jre-6u26-windows-i586-iftw-rv.exe C:\Users\Daniel\AppData\Local\Temp\jre-6u29-windows-i586-iftw-rv.exe C:\Users\Daniel\AppData\Local\Temp\jre-6u31-windows-i586-iftw-rv.exe C:\Users\Daniel\AppData\Local\Temp\jre-6u33-windows-i586-iftw.exe C:\Users\Daniel\AppData\Local\Temp\jre-6u35-windows-i586-iftw.exe C:\Users\Daniel\AppData\Local\Temp\jre-6u37-windows-i586-iftw.exe C:\Users\Daniel\AppData\Local\Temp\jre-6u39-windows-i586-iftw.exe C:\Users\Daniel\AppData\Local\Temp\jre-7u15-windows-i586-iftw.exe C:\Users\Daniel\AppData\Local\Temp\jre-7u17-windows-i586-iftw.exe C:\Users\Daniel\AppData\Local\Temp\jre-7u21-windows-i586-iftw.exe C:\Users\Daniel\AppData\Local\Temp\jre-7u25-windows-i586-iftw.exe C:\Users\Daniel\AppData\Local\Temp\pPokerSetup.exe C:\Users\Daniel\AppData\Local\Temp\sfamcc00001.dll C:\Users\Daniel\AppData\Local\Temp\sfextra.dll C:\Users\Daniel\AppData\Local\Temp\SkypeSetup.exe C:\Users\Daniel\AppData\Local\Temp\xmlUpdater.exe C:\Users\Daniel\AppData\Local\Temp\_is49DD.exe C:\Users\Daniel\AppData\Local\Temp\_unps.exe C:\Users\Daniel\AppData\Local\Temp\{BB1214EA-9771-4DED-BAAA-A8CBC792DDF5}\Setup.exe C:\Users\Daniel\AppData\Local\Temp\{AF98C74B-2493-4DE7-9181-00F07BD169C0}\Setup.exe C:\Users\Daniel\AppData\Local\Temp\{A89475E1-BB25-4A53-BEC0-BD9320A46058}\Setup.exe C:\Users\Daniel\AppData\Local\Temp\{852472F5-D569-42B3-9033-60C4AA5D3683}\ISSetup.dll C:\Users\Daniel\AppData\Local\Temp\{852472F5-D569-42B3-9033-60C4AA5D3683}\_Setup.dll C:\Users\Daniel\AppData\Local\Temp\{1027B3D7-2454-4773-B4A7-2825860547D9}\ISBEW64.exe C:\Users\Daniel\AppData\Local\Temp\Temp1_Houdini_15a.zip\Houdini_15a_x64.exe C:\Users\Daniel\AppData\Local\Temp\nsr8383.tmp\DropboxNSISTools.dll C:\Users\Daniel\AppData\Local\Temp\nsq2DA6.tmp\DropboxNSISTools.dll C:\Users\Daniel\AppData\Local\Temp\nso84E8.tmp\DropboxNSISTools.dll C:\Users\Daniel\AppData\Local\Temp\nso84E8.tmp\UAC.dll C:\Users\Daniel\AppData\Local\Temp\nslF039.tmp\DropboxNSISTools.dll C:\Users\Daniel\AppData\Local\Temp\nsgDE6E.tmp\DropboxNSISTools.dll C:\Users\Daniel\AppData\Local\Temp\MSS\3.0.318.3\mcbrwsr2.dll C:\Users\Daniel\AppData\Local\Temp\MSS\3.0.318.3\McInstallerRes.dll C:\Users\Daniel\AppData\Local\Temp\MSS\3.0.318.3\McInstallerRes_LD.dll C:\Users\Daniel\AppData\Local\Temp\MSS\3.0.318.3\McInstallerStartup.dll C:\Users\Daniel\AppData\Local\Temp\MSS\3.0.318.3\McUICnt.exe C:\Users\Daniel\AppData\Local\Temp\MSS\3.0.318.3\SecurityScanner.dll C:\Users\Daniel\AppData\Local\Temp\mProjector3175261488\mPlayer.3.1.1k.dll C:\Users\Daniel\AppData\Local\Temp\McTemp\23206\InstProg.dll C:\Users\Daniel\AppData\Local\Temp\McTemp\23206\Download_Files\oemmain\mcinsspt.exe C:\Users\Daniel\AppData\Local\Temp\jrt\erunt\ERUNT.EXE C:\Users\Daniel\AppData\Local\Temp\e4j1631.tmp_dir1359547273\i4jinst.dll C:\Users\Daniel\AppData\Local\Temp\e4j1631.tmp_dir1359547273\jre\bin\awt.dll C:\Users\Daniel\AppData\Local\Temp\e4j1631.tmp_dir1359547273\jre\bin\deploy.dll C:\Users\Daniel\AppData\Local\Temp\E2E0.dir\InstallFlashPlayer.exe C:\Users\Daniel\AppData\Local\Temp\DA48.dir\InstallFlashPlayer.exe C:\Users\Daniel\AppData\Local\Temp\D77A.dir\InstallFlashPlayer.exe C:\Users\Daniel\AppData\Local\Temp\C7B2.dir\InstallFlashPlayer.exe C:\Users\Daniel\AppData\Local\Temp\C091.dir\InstallFlashPlayer.exe C:\Users\Daniel\AppData\Local\Temp\be29e7f1-71ae-4703-50cb-1d52be512f51\twapi-be29e7f1-71ae-4703-50cb-1d52be512f51.dll C:\Users\Daniel\AppData\Local\Temp\BB82.dir\InstallFlashPlayer.exe C:\Users\Daniel\AppData\Local\Temp\B5D7.dir\InstallFlashPlayer.exe C:\Users\Daniel\AppData\Local\Temp\A840.dir\InstallFlashPlayer.exe C:\Users\Daniel\AppData\Local\Temp\A219.dir\InstallFlashPlayer.exe C:\Users\Daniel\AppData\Local\Temp\9DA8.dir\InstallFlashPlayer.exe C:\Users\Daniel\AppData\Local\Temp\7zS00AB\HP-DQEX5.exe C:\Users\Daniel\AppData\Local\Temp\7zS00AB\Setup.exe C:\Users\Daniel\AppData\Local\Temp\7zS00AB\utils\hpUrlLauncher.exe C:\Users\Daniel\AppData\Local\Temp\7zS00AB\i386\hpfime51.dll C:\Users\Daniel\AppData\Local\Temp\7zS00AB\i386\hpinkcoi9311.dll C:\Users\Daniel\AppData\Local\Temp\7zS00AB\i386\hpinksts9311.dll C:\Users\Daniel\AppData\Local\Temp\7zS00AB\i386\hpinksts9311LM.dll C:\Users\Daniel\AppData\Local\Temp\7zS00AB\i386\hpvpldrv04.dll C:\Users\Daniel\AppData\Local\Temp\7zS00AB\i386\hpvplres04.dll C:\Users\Daniel\AppData\Local\Temp\7zS00AB\i386\hpvplui04.dll C:\Users\Daniel\AppData\Local\Temp\7zS00AB\i386\unidrv.dll C:\Users\Daniel\AppData\Local\Temp\7zS00AB\i386\unidrvui.dll C:\Users\Daniel\AppData\Local\Temp\7zS00AB\i386\unires.dll C:\Users\Daniel\AppData\Local\Temp\7zS00AB\drivers\scanner\x64\HPScanMiniDrv_DJ3050_J610.dll C:\Users\Daniel\AppData\Local\Temp\7zS00AB\amd64\hpfime51.dll C:\Users\Daniel\AppData\Local\Temp\7zS00AB\amd64\hpinkcoi9311.dll C:\Users\Daniel\AppData\Local\Temp\7zS00AB\amd64\hpinksts9311.dll C:\Users\Daniel\AppData\Local\Temp\7zS00AB\amd64\hpinksts9311LM.dll C:\Users\Daniel\AppData\Local\Temp\7zS00AB\amd64\hpvpldrv04.dll C:\Users\Daniel\AppData\Local\Temp\7zS00AB\amd64\hpvplres04.dll C:\Users\Daniel\AppData\Local\Temp\7zS00AB\amd64\hpvplui04.dll C:\Users\Daniel\AppData\Local\Temp\7zS00AB\amd64\unidrv.dll C:\Users\Daniel\AppData\Local\Temp\7zS00AB\amd64\unidrvui.dll C:\Users\Daniel\AppData\Local\Temp\7zS00AB\amd64\unires.dll C:\Users\Daniel\AppData\Local\Temp\58E9.dir\InstallFlashPlayer.exe C:\Users\Daniel\AppData\Local\Temp\5744.dir\InstallFlashPlayer.exe C:\Users\Daniel\AppData\Local\Temp\3A23.dir\InstallFlashPlayer.exe C:\Users\Daniel\AppData\Local\Temp\20DD.dir\InstallFlashPlayer.exe ==================== Bamital & volsnap Check ================= C:\Windows\System32\winlogon.exe => MD5 is legit C:\Windows\System32\wininit.exe => MD5 is legit C:\Windows\SysWOW64\wininit.exe => MD5 is legit C:\Windows\explorer.exe => MD5 is legit C:\Windows\SysWOW64\explorer.exe => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\SysWOW64\svchost.exe => MD5 is legit C:\Windows\System32\services.exe => MD5 is legit C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\SysWOW64\User32.dll => MD5 is legit C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\SysWOW64\userinit.exe => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit LastRegBack: 2013-08-22 11:07 ==================== End Of Log ============================ Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x64) Version: 28-08-2013 Ran by Daniel at 2013-08-29 15:44:59 Running from C:\Users\Daniel\Desktop Boot Mode: Normal ========================================================== ==================== Installed Programs ======================= 7-Zip 9.20 (x64 edition) (Version: 9.20.00.0) Adobe Flash Player 11 ActiveX (x32 Version: 11.8.800.94) Adobe Flash Player 11 Plugin (x32 Version: 11.8.800.94) Adobe Reader XI (11.0.03) - Deutsch (x32 Version: 11.0.03) AMP WinOFF 5.0.1 (x32 Version: 5.0.1) Any Audio Converter 3.0.7 (x32) Apple Application Support (x32 Version: 2.3.4) Apple Mobile Device Support (Version: 6.1.0.13) Apple Software Update (x32 Version: 2.1.3.127) BOINC (x32 Version: 6.10.58) Bonjour (Version: 3.0.0.10) BrettspielWelt (x32) BrowseToSave (Version: 1.0) Camtasia Studio 7 (x32 Version: 7.0.1) ChessBase 10 (x32 Version: 10) ChessBase Reader (x32 Version: 2) CLICK & LEARN DiDi 360° 3.1 (x32) ConvertHelper 2.2 (x32) Dealio Toolbar v7.4 (x32 Version: 7.4) Deep Rybka 3 (x32 Version: 1.0) Deep Rybka 4 (x32 Version: 12.18.0.0) DivX-Setup (x32 Version: 2.6.1.22) DownTango (x32 Version: 1.0.609) Dropbox (HKCU Version: 2.0.22) EV calculator (x32 Version: 1.0.0) F.lux (HKCU) Flopzilla (x32 Version: 1.0.0) FLV Player 2.0 (build 25) (x32 Version: 2.0 (build 25)) Free Audio CD Burner version 1.4 (x32) Free FLV Converter V 6.8.0 (x32 Version: 6.8.0.0) Free Music Zilla (x32) Free Sound Recorder 2010 v9.2.1 (x32) Free YouTube to MP3 Converter version 3.10.14.1206 (x32) FreePDF (Remove only) (x32) Fritz 12 (x32 Version: 12.0.0) Full Tilt Poker (x32 Version: 4.39.7.WIN.FullTilt.COM) Full Tilt Poker.Eu (x32 Version: 4.59.8.WIN.FullTilt.EU) Garmin Communicator Plugin (x32 Version: 4.0.4) Garmin Communicator Plugin x64 (Version: 4.0.4) GIMP 2.8.4 (Version: 2.8.4) GlobeTrotter Connect (Version: 2.3.0.630) Google Chrome (HKCU Version: 29.0.1547.62) GPL Ghostscript (x32 Version: 9.05) Holdem Manager (x32) Houdini 3 Pro (x32 Version: 13.12.0.0) HP Deskjet 3050 J610 series - Grundlegende Software für das Gerät (Version: 22.50.231.0) HP Deskjet 3050 J610 series Hilfe (x32 Version: 140.0.63.63) iCloud (Version: 2.1.2.8) Intel(R) Network Connections 18.0.1.0 (Version: 18.0.1.0) iTunes (Version: 11.0.4.4) Java 7 Update 25 (x32 Version: 7.0.250) Java Auto Updater (x32 Version: 2.1.9.5) Java(TM) 6 Update 20 (x32 Version: 6.0.200) Malwarebytes Anti-Malware Version 1.75.0.1300 (x32 Version: 1.75.0.1300) McAfee Online Backup (Version: 1.16.4.0) McAfee Online Backup (x32) McAfee SecurityCenter (x32 Version: 11.6.435) Microsoft .NET Framework 1.1 (x32 Version: 1.1.4322) Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319) Microsoft .NET Framework 4 Client Profile DEU Language Pack (Version: 4.0.30319) Microsoft Silverlight (Version: 5.1.20513.0) Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (x32 Version: 8.0.50727.4053) Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.61001) Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570 (Version: 9.0.30729.5570) Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (x32 Version: 9.0.30729.5570) Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (Version: 9.0.21022) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (x32 Version: 9.0.30729) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (x32 Version: 9.0.30729.6161) MobileMe Control Panel (Version: 3.1.8.0) Mozilla Firefox 11.0 (x86 de) (x32 Version: 11.0) MP3-Tag-Editor 3.14.0 (x32 Version: 3.14.0) No23 Recorder (x32 Version: 2.1.0.3) Notepad++ (x32 Version: 6.1.2) NVIDIA 3D Vision Treiber 311.06 (Version: 311.06) NVIDIA Grafiktreiber 311.06 (Version: 311.06) NVIDIA Install Application (Version: 2.1002.108.688) NVIDIA PhysX (x32 Version: 9.10.0514) NVIDIA PhysX-Systemsoftware 9.10.0514 (Version: 9.10.0514) NVIDIA Stereoscopic 3D Driver (x32 Version: 7.17.13.1106) NVIDIA Systemsteuerung 311.06 (Version: 311.06) NVIDIA Update 1.11.3 (Version: 1.11.3) NVIDIA Update Components (Version: 1.11.3) OpenOffice.org 3.2 (x32 Version: 3.2.9502) OpenTTD 1.2.1 (x32 Version: 1.2.1) Party EzCASH Registered (x32) PartyPoker (x32 Version: 144) PlayChess (x32 Version: ) Pokerazor 1.38 (x32 Version: 1.38) PokerEV (x32 Version: 0.80.75) PokerStars (x32) PokerStrategy.com Equilab - Omaha (x32 Version: 1.1.4.0) PokerStrategy.com EquiLab (x32 Version: 1.1.0.193) PokerStrategy.com Equilab (x32 Version: 1.1.0.195) PokerStrategy.com Equilator (x32 Version: 1.8.1.0) PokerTools Odds Oracle 2.2.1 (Version: 2.2.1) PostgreSQL 8.4 (x32 Version: 8.4) Power Mp3 Recorder(Mp3 Sound Recorder) 2.9 (x32) Power Sound Editor Free (x32) PVSonyDll (Version: 1.00.0001) QuickTime (x32 Version: 7.74.80.86) RedMon - Redirection Port Monitor RuntimeLibsVC90 (x32 Version: 1.1.0) Safari (x32 Version: 5.34.57.2) Shared C Run-time for x64 (Version: 10.0.0) Sid Meier's Civilization 4 Complete (x32 Version: 1.74) Skype™ 6.6 (x32 Version: 6.6.106) SpeedFan (remove only) (x32) Spyware Terminator 2012 (x32 Version: 3.0.0.80) TableNinja (x32 Version: 1.2.93) TableNinjaFT (x32 Version: 1.1.34) Titan Poker (HKCU) TrueCrypt (x32 Version: 7.1) TubeBox (x32 Version: 3.5.3) Uninstall 1.0.0.1 (x32) Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (x32 Version: 1) Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (x32 Version: 1) Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (x32 Version: 1) Update for Microsoft .NET Framework 4 Client Profile (KB2836939) (x32 Version: 1) VC_CRT_x64 (Version: 1.02.0000) VC80CRTRedist - 8.0.50727.6195 (x32 Version: 1.2.0) VLC media player 2.0.1 (x32 Version: 2.0.1) Windows Media Player Firefox Plugin (x32 Version: 1.0.0.8) Winmail Opener 1.4 (x32 Version: 1.4) ==================== Restore Points ========================= 29-08-2013 10:45:21 Geplanter Prüfpunkt ==================== Hosts content: ========================== 2009-07-14 04:34 - 2009-06-10 23:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts ==================== Scheduled Tasks (whitelisted) ============= Task: {088482FA-65B8-4E17-9ABF-1DCD48E8D373} - System32\Tasks\Microsoft\Windows\Tcpip\IpAddressConflict1 => C:\Windows\System32\ndfapi.dll [2009-07-14] (Microsoft Corporation) Task: {09F06BFE-A3C8-40E3-846A-6E6F4000C238} - System32\Tasks\Microsoft\Windows\Tcpip\IpAddressConflict2 => C:\Windows\System32\ndfapi.dll [2009-07-14] (Microsoft Corporation) Task: {15783BDE-0CF9-445C-8E46-212CF759AF67} - System32\Tasks\Microsoft\Windows\DiskDiagnostic\Microsoft-Windows-DiskDiagnosticDataCollector => C:\Windows\System32\dfdts.dll [2009-07-14] (Microsoft Corporation) Task: {2AAF8B07-9A60-4B3E-94A7-700FE02CCBB6} - System32\Tasks\{7DD017B2-A651-4B1E-B0AC-58136ABF81F9} => C:\Users\Daniel\Downloads\flux-setup(2).exe No File Task: {527D68BE-266E-44DA-B472-4AA663FD13EC} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3367036293-2228256684-2732229916-1001Core => C:\Users\Daniel\AppData\Local\Google\Update\GoogleUpdate.exe [2011-02-02] (Google Inc.) Task: {548493F3-442E-4D93-BC27-057378BF41E3} - System32\Tasks\WPD\SqmUpload_S-1-5-21-3367036293-2228256684-2732229916-1001 => C:\Windows\System32\portabledeviceapi.dll [2010-11-20] (Microsoft Corporation) Task: {68836440-F993-416C-9C8F-807E0A5573C9} - System32\Tasks\{DAA914B1-40E0-41D1-88F7-6062F1111C4D} => c:\program files (x86)\mozilla firefox\firefox.exe [2012-03-13] (Mozilla Corporation) Task: {85F07AB0-F908-4458-B8EA-CBBFC90BA625} - System32\Tasks\{599E2690-C1A0-4179-B2DA-F81619ADB65D} => C:\Program Files (x86)\Skype\Phone\Skype.exe [2013-06-21] (Skype Technologies S.A.) Task: {994C86AD-A929-4B2C-88A0-4E25A107A029} - System32\Tasks\Microsoft\Windows\SystemRestore\SR => C:\Windows\System32\srrstr.dll [2010-11-20] (Microsoft Corporation) Task: {A7C73732-9F11-4281-8D19-764D4EC9D94D} - System32\Tasks\Microsoft\Windows\Application Experience\ProgramDataUpdater => C:\Windows\System32\aepdu.dll [2010-11-20] (Microsoft Corporation) Task: {B480937C-0D57-40AE-9839-6FDCA51C4D4A} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-08-21] (Adobe Systems Incorporated) Task: {D7B6E81D-3CF4-432C-84D2-24213F4316E6} - System32\Tasks\Microsoft\Windows\Autochk\Proxy => C:\Windows\System32\acproxy.dll [2009-07-14] (Microsoft Corporation) Task: {E22A8667-F75B-4BA9-BA46-067ED4429DE8} - System32\Tasks\Microsoft\Windows\Windows Filtering Platform\BfeOnServiceStartTypeChange => C:\Windows\System32\bfe.dll [2010-11-20] (Microsoft Corporation) Task: {E4F9EB4A-8456-4DD5-9793-0C0EED7A8426} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3367036293-2228256684-2732229916-1001UA => C:\Users\Daniel\AppData\Local\Google\Update\GoogleUpdate.exe [2011-02-02] (Google Inc.) Task: {EF770798-4C20-466B-B8B1-77C14F204DFD} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.) Task: {FCF04B3D-2E3E-4FD8-9B11-1D0A7FE4C33E} - System32\Tasks\Microsoft\Windows Defender\MP Scheduled Scan => c:\program files\windows defender\MpCmdRun.exe [2009-07-14] (Microsoft Corporation) Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3367036293-2228256684-2732229916-1001Core.job => C:\Users\Daniel\AppData\Local\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3367036293-2228256684-2732229916-1001UA.job => C:\Users\Daniel\AppData\Local\Google\Update\GoogleUpdate.exe ==================== Alternate Data Streams (whitelisted) ========== AlternateDataStreams: C:\Users\Daniel\Thumbs.db:encryptable AlternateDataStreams: C:\Users\Daniel\Desktop\Thumbs.db:encryptable ==================== Faulty Device Manager Devices ============= Name: Microsoft PS/2-Maus Description: Microsoft PS/2-Maus Class Guid: {4d36e96f-e325-11ce-bfc1-08002be10318} Manufacturer: Microsoft Service: i8042prt Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24) Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed. Devices stay in this state if they have been prepared for removal. After you remove the device, this error disappears.Remove the device, and this error should be resolved. ==================== Event log errors: ========================= Application errors: ================== System errors: ============= Microsoft Office Sessions: ========================= CodeIntegrity Errors: =================================== Date: 2012-06-13 18:58:43.519 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\PROGRA~2\McAfee\SITEAD~1\x64\saHook.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. Date: 2012-06-13 17:45:14.482 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\PROGRA~2\McAfee\SITEAD~1\x64\saHook.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. Date: 2012-06-06 18:51:05.341 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\PROGRA~2\McAfee\SITEAD~1\x64\saHook.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. Date: 2012-06-06 18:37:57.173 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\PROGRA~2\McAfee\SITEAD~1\x64\saHook.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. ==================== Memory info =========================== Percentage of memory in use: 32% Total physical RAM: 12279.14 MB Available physical RAM: 8337.52 MB Total Pagefile: 24556.47 MB Available Pagefile: 18076.5 MB Total Virtual: 8192 MB Available Virtual: 8191.81 MB ==================== Drives ================================ Drive c: () (Fixed) (Total:342.02 GB) (Free:16.39 GB) NTFS ==>[Drive with boot components (obtained from BCD)] Drive d: (DATA) (Fixed) (Total:341.97 GB) (Free:6.61 GB) NTFS Drive e: (Fritztrainer) (CDROM) (Total:1.07 GB) (Free:0 GB) UDF Drive j: () (Fixed) (Total:931.51 GB) (Free:730.95 GB) NTFS ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (Size: 699 GB) (Disk ID: DD7D2BC8) Partition 1: (Not Active) - (Size=15 GB) - (Type=27) Partition 2: (Active) - (Size=342 GB) - (Type=07 NTFS) Partition 3: (Not Active) - (Size=342 GB) - (Type=07 NTFS) ======================================================== Disk: 5 (Size: 932 GB) (Disk ID: 007EFC3B) Partition 1: (Not Active) - (Size=932 GB) - (Type=07 NTFS) ==================== End Of Log ============================ |
29.08.2013, 16:42 | #2 |
/// Winkelfunktion /// TB-Süch-Tiger™ | Umleitung zu ww94.btosjs.info Adware/Junkware/Toolbars entfernen
__________________1. Schritt: adwCleaner Downloade Dir bitte AdwCleaner auf deinen Desktop.
2. Schritt: Frisches Log mit FRST Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop: FRST 32-Bit | FRST 64-Bit (Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
__________________ |
29.08.2013, 17:20 | #3 |
| Umleitung zu ww94.btosjs.info Hallo cosinus, danke für deine Hilfe. Hier die Logs:
__________________AdwCleaner Code:
ATTFilter # AdwCleaner v3.001 - Report created 29/08/2013 at 17:52:16 # Updated 24/08/2013 by Xplode # Operating System : Windows 7 Ultimate Service Pack 1 (64 bits) # Username : Daniel - DANIEL-PC # Running from : C:\Users\Daniel\Desktop\adwcleaner.exe # Option : Clean ***** [ Services ] ***** ***** [ Files / Folders ] ***** Folder Deleted : C:\ProgramData\InstallMate Folder Deleted : C:\ProgramData\Breowsse2isavee Folder Deleted : C:\ProgramData\Browwsse2saVee Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DownTango Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Breowsse2isavee Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Browwsse2saVee Folder Deleted : C:\Program Files (x86)\Freemium Folder Deleted : C:\Program Files (x86)\Red Sky Folder Deleted : C:\Program Files (x86)\Common Files\DVDVideoSoft\TB Folder Deleted : C:\Program Files (x86)\Common Files\spigot Folder Deleted : C:\Users\Daniel\AppData\Local\Temp\boost_interprocess Folder Deleted : C:\Users\Daniel\AppData\LocalLow\Breowsse2isavee Folder Deleted : C:\Users\Daniel\AppData\LocalLow\Browwsse2saVee Folder Deleted : C:\Users\Daniel\AppData\Roaming\Freemium Folder Deleted : C:\Users\Daniel\AppData\Roaming\Mozilla\Firefox\Profiles\lq1ok6po.default\Conduit Folder Deleted : C:\Users\Daniel\AppData\Roaming\Mozilla\Firefox\Profiles\lq1ok6po.default\ConduitEngine Folder Deleted : C:\Users\Daniel\AppData\Roaming\Mozilla\Firefox\Profiles\lq1ok6po.default\Extensions\lwqaioa@avkwzs.edu Folder Deleted : C:\Users\Daniel\AppData\Roaming\Mozilla\Firefox\Profiles\lq1ok6po.default\Extensions\mhglg2ji5l@zvvl-vr.co.uk File Deleted : C:\Users\Daniel\AppData\Roaming\Mozilla\Firefox\Profiles\lq1ok6po.default\Extensions\dealio@mybrowserbar.com File Deleted : C:\Users\Public\Desktop\DownTango.lnk File Deleted : C:\Windows\System32\roboot64.exe ***** [ Shortcuts ] ***** ***** [ Registry ] ***** Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SP_f2a323db Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{35B8892D-C3FB-4D88-990D-31DB2EBD72BD} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{5EB0259D-AB79-4AE6-A6E6-24FFE21C3DA4} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{CADAF6BE-BF50-4669-8BFD-C27BD4E6181B} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2BEF239C-752E-4001-8048-F256E0D8CD93} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3F607E46-0D3C-4442-B1DE-DE7FA4768F5C} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{49C00A51-6E59-41FE-B3FA-2D2157FAD67B} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{6DFF5DBA-AE3A-46DB-B301-ECFFC6DB2982} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{DE34CD67-F1C8-4001-9A23-B8A68F63F377} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{FE0273D1-99DF-4AC0-87D5-1371C6271785} Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{93E3D79C-0786-48FF-9329-93BC9F6DC2B3} Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{CD082CCA-086F-4FD8-8FD7-247A0DBBD1CC} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{898EA8C8-E7FF-479B-8935-AEC46303B9E5} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{E312764E-7706-43F1-8DAB-FCDD2B1E416D} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{E312764E-7706-43F1-8DAB-FCDD2B1E416D} Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C}] Value Deleted : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C}] Key Deleted : HKCU\Software\Dealio Key Deleted : HKCU\Software\DownTango Key Deleted : HKCU\Software\Search Settings Key Deleted : HKLM\Software\Dealio Key Deleted : HKLM\Software\DownTango Key Deleted : HKLM\Software\Search Settings Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DownTango ***** [ Browsers ] ***** -\\ Internet Explorer v10.0.9200.16660 -\\ Mozilla Firefox v11.0 (de) [ File : C:\Users\Daniel\AppData\Roaming\Mozilla\Firefox\Profiles\lq1ok6po.default\prefs.js ] Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://Settings.toolbar.search.conduit.com/root/CT2269050/CT2269050", "\"1324548390\""); Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/666138/661999/DE", "\"0\""); Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/909619/905414/DE", "\"0\""); Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://appsmetadata.toolbar.conduit-services.com/?ctid=CT2269050", "\"1323704474\""); Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.alert.conduit-services.com/alert/dlg.pkg", "\"07879643d3acc1:0\""); Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.engine.conduit-services.com/DLG.pkg?ver=3.3.3.2", "\"0652eeacc6cb1:0\""); Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.3.3.2", "\"0652eeacc6cb1:0\""); Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.8.1.0", "\"80ee9485875dcc1:0\""); Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://servicemap.conduit-services.com/Toolbar/?ownerId=CT2269050", "\"3e5a4f275840b518b14c5ff3d7391b70\""); Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://settings.toolbar.search.conduit.com/root/CT2269050/CT2269050", "\"1301832746\""); Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/Bluenote/equalizer_dead.gif", "\"0a8c48d3330c81:0\""); Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/Bluenote/minimize.gif", "\"0e2106f3030c81:0\""); Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/Bluenote/play.gif", "\"0f475394430c81:0\""); Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/Bluenote/stop.gif", "\"08d9ef44430c81:0\""); Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/Bluenote/vol.gif", "\"066e8863030c81:0\""); Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://translation.toolbar.conduit-services.com/?locale=en", "\"1d81252562c31be757300e4205a85371\""); Line Deleted : user_pref("CommunityToolbar.LatestLibsPath", "file:///C:\\Users\\Daniel\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\lq1ok6po.default\\conduitCommon\\modules\\3.8.1.0"); -\\ Google Chrome v [ File : C:\Users\Daniel\AppData\Local\Google\Chrome\User Data\Default\preferences ] ************************* AdwCleaner[R0].txt - [7188 octets] - [29/08/2013 17:50:22] AdwCleaner[S0].txt - [7141 octets] - [29/08/2013 17:52:16] ########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [7201 octets] ########## FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 28-08-2013 Ran by Daniel (administrator) on 29-08-2013 18:16:24 Running from C:\Users\Daniel\Desktop Windows 7 Ultimate Service Pack 1 (X64) OS Language: German Standard Internet Explorer Version 10 Boot Mode: Normal ==================== Processes (Whitelisted) ================= (NVIDIA Corporation) C:\WINDOWS\SYSTEM32\NVVSVC.EXE (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe (Intel Corporation) C:\Windows\system32\IProsetMonitor.exe (NVIDIA Corporation) C:\PROGRAM FILES\NVIDIA CORPORATION\DISPLAY\NVXDSYNC.EXE (NVIDIA Corporation) C:\WINDOWS\SYSTEM32\NVVSVC.EXE (McAfee, Inc.) C:\PROGRAM FILES\COMMON FILES\MCAFEE\MCSVCHOST\MCSVHOST.EXE (McAfee, Inc.) C:\WINDOWS\SYSTEM32\MFEVTPS.EXE (PostgreSQL Global Development Group) C:\Program Files (x86)\PostgreSQL\8.4\bin\pg_ctl.exe (Crawler.com) C:\Program Files (x86)\Spyware Terminator\st_rsser64.exe (McAfee, Inc.) C:\PROGRAM FILES\COMMON FILES\MCAFEE\SYSTEMCORE\MCSHIELD.EXE (McAfee, Inc.) C:\PROGRAM FILES\COMMON FILES\MCAFEE\SYSTEMCORE\MFEFIRE.EXE (PostgreSQL Global Development Group) C:\PROGRAM FILES (X86)\POSTGRESQL\8.4\BIN\POSTGRES.EXE (PostgreSQL Global Development Group) C:\Program Files (x86)\PostgreSQL\8.4\bin\postgres.exe (PostgreSQL Global Development Group) C:\Program Files (x86)\PostgreSQL\8.4\bin\postgres.exe (PostgreSQL Global Development Group) C:\Program Files (x86)\PostgreSQL\8.4\bin\postgres.exe (PostgreSQL Global Development Group) C:\PROGRAM FILES (X86)\POSTGRESQL\8.4\BIN\POSTGRES.EXE (Crawler.com) C:\PROGRAM FILES (X86)\SPYWARE TERMINATOR\SPYWARETERMINATORSHIELD.EXE () C:\USERS\DANIEL\LOCAL SETTINGS\APPS\F.LUX\FLUX.EXE (TrueCrypt Foundation) C:\Program Files\TrueCrypt\TrueCrypt.exe (Skype Technologies S.A.) C:\PROGRAM FILES (X86)\SKYPE\PHONE\SKYPE.EXE (Space Sciences Laboratory) C:\PROGRAM FILES (X86)\BOINC\BOINCMGR.EXE (Dropbox, Inc.) C:\USERS\DANIEL\APPDATA\ROAMING\DROPBOX\BIN\DROPBOX.EXE (NVIDIA Corporation) C:\PROGRAM FILES\NVIDIA CORPORATION\DISPLAY\NVTRAY.EXE (Space Sciences Laboratory) C:\PROGRAM FILES (X86)\BOINC\BOINCMGR.EXE (Space Sciences Laboratory) C:\PROGRAM FILES (X86)\BOINC\BOINCTRAY.EXE (McAfee, Inc.) C:\PROGRAM FILES\MCAFEE.COM\AGENT\MCAGENT.EXE (shbox.de) C:\PROGRAM FILES (X86)\FREEPDF_XP\FPASSIST.EXE () C:\PROGRAM FILES (X86)\DIVX\DIVX UPDATE\DIVXUPDATE.EXE (Oracle Corporation) C:\PROGRAM FILES (X86)\COMMON FILES\JAVA\JAVA UPDATE\JUSCHED.EXE (Apple Inc.) C:\PROGRAM FILES (X86)\ITUNES\ITUNESHELPER.EXE (Space Sciences Laboratory) C:\PROGRAM FILES (X86)\BOINC\BOINC.EXE (Apple Inc.) C:\PROGRAM FILES\IPOD\BIN\IPODSERVICE.EXE () C:\PROGRAMDATA\BOINC\PROJECTS\EINSTEIN.PHYS.UWM.EDU\EINSTEIN_S6CASA_1.05_WINDOWS_INTELX86__SSE2.EXE () C:\PROGRAMDATA\BOINC\PROJECTS\EINSTEIN.PHYS.UWM.EDU\EINSTEIN_S6CASA_1.05_WINDOWS_INTELX86__SSE2.EXE () C:\PROGRAMDATA\BOINC\PROJECTS\EINSTEIN.PHYS.UWM.EDU\EINSTEIN_S6CASA_1.05_WINDOWS_INTELX86__SSE2.EXE () C:\PROGRAMDATA\BOINC\PROJECTS\EINSTEIN.PHYS.UWM.EDU\EINSTEIN_S6CASA_1.05_WINDOWS_INTELX86__SSE2.EXE () C:\PROGRAMDATA\BOINC\PROJECTS\EINSTEIN.PHYS.UWM.EDU\EINSTEIN_S6CASA_1.05_WINDOWS_INTELX86__SSE2.EXE () C:\PROGRAMDATA\BOINC\PROJECTS\EINSTEIN.PHYS.UWM.EDU\EINSTEIN_S6CASA_1.05_WINDOWS_INTELX86__SSE2.EXE () C:\PROGRAMDATA\BOINC\PROJECTS\EINSTEIN.PHYS.UWM.EDU\EINSTEINBINARY_BRP5_1.39_WINDOWS_INTELX86__BRP5-CUDA32-NV301.EXE (Google Inc.) C:\USERS\DANIEL\APPDATA\LOCAL\GOOGLE\CHROME\APPLICATION\CHROME.EXE (Google Inc.) C:\USERS\DANIEL\APPDATA\LOCAL\GOOGLE\CHROME\APPLICATION\CHROME.EXE (McAfee, Inc.) C:\PROGRAM FILES (X86)\MCAFEE ONLINE BACKUP\MOBKBACKUP.EXE (Google Inc.) C:\USERS\DANIEL\APPDATA\LOCAL\GOOGLE\CHROME\APPLICATION\CHROME.EXE (McAfee, Inc.) C:\PROGRAM FILES (X86)\MCAFEE ONLINE BACKUP\MOBKBACKUP.EXE (Google Inc.) C:\USERS\DANIEL\APPDATA\LOCAL\GOOGLE\CHROME\APPLICATION\CHROME.EXE (Google Inc.) C:\USERS\DANIEL\APPDATA\LOCAL\GOOGLE\CHROME\APPLICATION\CHROME.EXE (Google Inc.) C:\USERS\DANIEL\APPDATA\LOCAL\GOOGLE\CHROME\APPLICATION\CHROME.EXE (Google Inc.) C:\USERS\DANIEL\APPDATA\LOCAL\GOOGLE\CHROME\APPLICATION\CHROME.EXE (Google Inc.) C:\USERS\DANIEL\APPDATA\LOCAL\GOOGLE\CHROME\APPLICATION\CHROME.EXE (McAfee, Inc.) C:\PROGRAM FILES\MCAFEE\MAT\MCPVTRAY.EXE (McAfee, Inc.) C:\PROGRA~2\MCAFEE\SITEAD~1\SAUI.EXE ==================== Registry (Whitelisted) ================== HKLM\...\Run: [Logitech Download Assistant] - C:\Windows\System32\LogiLDA.dll [1580368 2010-11-03] (Logitech, Inc.) HKLM\...\Run: [SpywareTerminatorShield] - C:\Program Files (x86)\Spyware Terminator\SpywareTerminatorShield.exe [2777736 2013-02-12] (Crawler.com) HKLM\...\Run: [SpywareTerminatorUpdater] - C:\Program Files (x86)\Spyware Terminator\SpywareTerminatorUpdate.exe [3684488 2013-04-03] (Crawler.com) HKCU\...\Run: [Google Update] - C:\Users\Daniel\AppData\Local\Google\Update\GoogleUpdate.exe [136176 2011-02-02] (Google Inc.) HKCU\...\Run: [F.lux] - C:\Users\Daniel\Local Settings\Apps\F.lux\flux.exe [966656 2009-08-29] () HKCU\...\Run: [TrueCrypt] - C:\Program Files\TrueCrypt\TrueCrypt.exe [1517520 2011-12-30] (TrueCrypt Foundation) HKCU\...\Run: [MobileDocuments] - C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe [x] HKCU\...\Run: [Skype] - C:\Program Files (x86)\Skype\Phone\Skype.exe [19875432 2013-06-21] (Skype Technologies S.A.) MountPoints2: {8c4fcc91-7951-11df-ae5b-806e6f6e6963} - E:\Setup.exe MountPoints2: {c1760b35-3519-11e0-ad2e-002268685223} - J:\setup.exe AUTORUN=1 HKLM-x32\...\Run: [AppleSyncNotifier] - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe [59240 2011-09-27] (Apple Inc.) HKLM-x32\...\Run: [boincmgr] - C:\Program Files (x86)\BOINC\boincmgr.exe [4862720 2010-07-01] (Space Sciences Laboratory) HKLM-x32\...\Run: [boinctray] - C:\Program Files (x86)\BOINC\boinctray.exe [58112 2010-07-01] (Space Sciences Laboratory) HKLM-x32\...\Run: [mcui_exe] - C:\Program Files\McAfee.com\Agent\mcagent.exe [1535112 2012-09-12] (McAfee, Inc.) HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.) HKLM-x32\...\Run: [FreePDF Assistant] - C:\Program Files (x86)\FreePDF_XP\fpassist.exe [371200 2011-02-23] (shbox.de) HKLM-x32\...\Run: [DivXMediaServer] - C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe [450560 2012-11-13] () HKLM-x32\...\Run: [DivXUpdate] - C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe [1263512 2012-11-01] () HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [253816 2013-03-12] (Oracle Corporation) HKLM-x32\...\Run: [QuickTime Task] - C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2013-05-01] (Apple Inc.) HKLM-x32\...\Run: [iTunesHelper] - C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2013-05-31] (Apple Inc.) HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-05-11] (Adobe Systems Incorporated) HKLM-x32\...\Run: [] - [x] Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\web'n'walk Manager.lnk ShortcutTarget: web'n'walk Manager.lnk -> C:\Program Files (x86)\T-Mobile\web'n'walk Manager\web'n'walk Manager.exe (No File) Startup: C:\Users\Daniel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\BOINC Manager.lnk ShortcutTarget: BOINC Manager.lnk -> C:\Program Files (x86)\BOINC\boincmgr.exe (Space Sciences Laboratory) Startup: C:\Users\Daniel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk ShortcutTarget: Dropbox.lnk -> C:\Users\Daniel\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) ==================== Internet (Whitelisted) ==================== HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp URLSearchHook: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~2\mcafee\SITEAD~1\x64\mcieplg.dll (McAfee, Inc.) SearchScopes: HKCU - {355C7709-2685-407E-87C9-74E60F82A503} URL = hxxp://de.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=867034&p={searchTerms} SearchScopes: HKCU - {5127137B-B71D-479F-9AE8-BAEB052E7037} URL = hxxp://de.search.yahoo.com/search?fr=mcafee&p={SearchTerms} BHO: McAfee Phishing Filter - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\PROGRA~1\mcafee\msk\MSKAPB~1.DLL No File BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~2\mcafee\SITEAD~1\x64\mcieplg.dll (McAfee, Inc.) BHO-x32: McAfee Phishing Filter - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\progra~1\mcafee\msk\mskapbho.dll No File BHO-x32: DivX Plus Web Player HTML5 <video> - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC) BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO-x32: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll (McAfee, Inc.) BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) Toolbar: HKLM - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~2\mcafee\SITEAD~1\x64\mcieplg.dll (McAfee, Inc.) Toolbar: HKLM-x32 - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll (McAfee, Inc.) DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\x64\mcieplg.dll (McAfee, Inc.) Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\x64\mcieplg.dll (McAfee, Inc.) Handler-x32: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll (McAfee, Inc.) Handler-x32: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll (McAfee, Inc.) Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies) Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\PROGRA~1\mcafee\msc\MCSNIE~1.DLL (McAfee, Inc.) Filter-x32: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\progra~2\mcafee\msc\mcsniepl.dll (McAfee, Inc.) Tcpip\Parameters: [DhcpNameServer] 192.168.178.1 FireFox: ======== FF ProfilePath: C:\Users\Daniel\AppData\Roaming\Mozilla\Firefox\Profiles\lq1ok6po.default FF SelectedSearchEngine: Sichere Suche FF Homepage: hxxp://www.groupon.de/deals/dresden|hxxp://de.pokerstrategy.com FF Keyword.URL: hxxp://de.search.yahoo.com/search?fr=mcafee&p= FF NetworkProxy: "http", "174.137.150.197" FF NetworkProxy: "http_port", 8080 FF NetworkProxy: "socks_remote_dns", true FF NetworkProxy: "type", 0 FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_8_800_94.dll () FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 - C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.) FF Plugin: @mcafee.com/MSC,version=10 - c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL () FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation) FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_94.dll () FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () FF Plugin-x32: @divx.com/DivX Browser Plugin,version=1.0.0 - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC) FF Plugin-x32: @divx.com/DivX VOD Helper,version=1.0.0 - C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.) FF Plugin-x32: @garmin.com/GpsControl - C:\Program Files (x86)\Garmin GPS Plugin\npGarmin.dll (GARMIN Corp.) FF Plugin-x32: @java.com/DTPlugin,version=10.25.2 - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=10.25.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin-x32: @mcafee.com/MSC,version=10 - c:\progra~2\mcafee\msc\npmcsn~1.dll () FF Plugin-x32: @mcafee.com/SAFFPlugin - C:\Program Files (x86)\McAfee\SiteAdvisor\npmcffplg32.dll (McAfee, Inc.) FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation) FF Plugin-x32: @nvidia.com/3DVision - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation) FF Plugin-x32: @nvidia.com/3DVisionStreaming - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation) FF Plugin-x32: @videolan.org/vlc,version=2.0.1 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN) FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF Plugin HKCU: @tools.google.com/Google Update;version=3 - C:\Users\Daniel\AppData\Local\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.) FF Plugin HKCU: @tools.google.com/Google Update;version=9 - C:\Users\Daniel\AppData\Local\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.) FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\McSiteAdvisor.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml FF Extension: No Name - C:\Users\Daniel\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384} FF Extension: FoxyProxy Basic - C:\Users\Daniel\AppData\Roaming\Mozilla\Firefox\Profiles\lq1ok6po.default\Extensions\foxyproxy@eric.h.jung FF Extension: ProxTube - Gesperrte YouTube Videos entsperren - C:\Users\Daniel\AppData\Roaming\Mozilla\Firefox\Profiles\lq1ok6po.default\Extensions\ich@maltegoetz.de FF Extension: Cooliris - C:\Users\Daniel\AppData\Roaming\Mozilla\Firefox\Profiles\lq1ok6po.default\Extensions\piclens@cooliris.com FF Extension: CookieSafe - C:\Users\Daniel\AppData\Roaming\Mozilla\Firefox\Profiles\lq1ok6po.default\Extensions\{9D23D0AA-D8F5-11DA-B3FC-0928ABF316DD} FF Extension: WOT - C:\Users\Daniel\AppData\Roaming\Mozilla\Firefox\Profiles\lq1ok6po.default\Extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} FF Extension: DownloadHelper - C:\Users\Daniel\AppData\Roaming\Mozilla\Firefox\Profiles\lq1ok6po.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} FF Extension: No Name - C:\Users\Daniel\AppData\Roaming\Mozilla\Firefox\Profiles\lq1ok6po.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi FF Extension: No Name - C:\Users\Daniel\AppData\Roaming\Mozilla\Firefox\Profiles\lq1ok6po.default\Extensions\{ef4e370e-d9f0-4e00-b93e-a4f274cfdd5a}.xpi FF Extension: Default - C:\Program Files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} FF HKLM-x32\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] C:\Program Files (x86)\McAfee\SiteAdvisor FF Extension: McAfee SiteAdvisor - C:\Program Files (x86)\McAfee\SiteAdvisor FF HKLM-x32\...\Firefox\Extensions: [{23fcfd51-4958-4f00-80a3-ae97e717ed8b}] C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 FF Extension: DivX Plus Web Player HTML5 <video> - C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] C:\Program Files\McAfee\MSK FF Extension: McAfee Anti-Spam Thunderbird Extension - C:\Program Files\McAfee\MSK Chrome: ======= CHR HomePage: hxxp://www.groupon.de/deals/dresden CHR RestoreOnStartup: "" CHR DefaultSearchURL: (Google) - {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding} CHR DefaultSuggestURL: (Google) - {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}sugkey={google:suggestAPIKeyParameter} CHR Plugin: (Remoting Viewer) - internal-remoting-viewer CHR Plugin: (Native Client) - C:\Users\Daniel\AppData\Local\Google\Chrome\Application\29.0.1547.62\ppGoogleNaClPluginChrome.dll () CHR Plugin: (Chrome PDF Viewer) - C:\Users\Daniel\AppData\Local\Google\Chrome\Application\29.0.1547.62\pdf.dll () CHR Plugin: (Shockwave Flash) - C:\Users\Daniel\AppData\Local\Google\Chrome\Application\29.0.1547.62\gcswf32.dll No File CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll No File CHR Plugin: (McAfee SiteAdvisor) - C:\Users\Daniel\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho\3.41.123.2_0\McChPlg.dll No File CHR Plugin: (McAfee SiteAdvisor) - C:\Program Files (x86)\McAfee\SiteAdvisor\npmcffplg32.dll (McAfee, Inc.) CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll No File CHR Plugin: (Microsoft\u00AE Windows Media Player Firefox Plugin) - C:\Program Files (x86)\Mozilla Firefox\plugins\np-mswmp.dll (Microsoft Corporation) CHR Plugin: (Java Deployment Toolkit 6.0.310.5) - C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll No File CHR Plugin: (Java(TM) Platform SE 6 U31) - C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll No File CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin.dll (Apple Inc.) CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll (Apple Inc.) CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll (Apple Inc.) CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll (Apple Inc.) CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll (Apple Inc.) CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin6.dll No File CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin7.dll No File CHR Plugin: (DivX VOD Helper Plug-in) - C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.) CHR Plugin: (DivX Web Player) - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC) CHR Plugin: (Silverlight Plug-In) - C:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll No File CHR Plugin: (NVIDIA 3D Vision) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation) CHR Plugin: (NVIDIA 3D VISION) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation) CHR Plugin: (VLC Web Plugin) - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN) CHR Plugin: (iTunes Application Detector) - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () CHR Plugin: (Google Update) - C:\Users\Daniel\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll No File CHR Plugin: (McAfee SecurityCenter) - c:\progra~2\mcafee\msc\npmcsn~1.dll () CHR Extension: (ProxTube) - C:\Users\Daniel\AppData\Local\Google\Chrome\User Data\Default\Extensions\aakchaleigkohafkfjfjbblobjifikek\1.2.4_0 CHR Extension: (Adblock Plus) - C:\Users\Daniel\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.5.4_0 CHR Extension: (Grooveshark Germany unlocker) - C:\Users\Daniel\AppData\Local\Google\Chrome\User Data\Default\Extensions\docdgimmdejoiemdafcgeodchlbllgac\2.3.4_0 CHR Extension: (ICE Quick Stream) - C:\Users\Daniel\AppData\Local\Google\Chrome\User Data\Default\Extensions\dpioikmjnfipgphjldakcaocbbpnfabl\6.1_0 CHR Extension: (SiteAdvisor) - C:\Users\Daniel\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho\3.6.3.1241_0 CHR Extension: (AT_ChuckAnderson) - C:\Users\Daniel\AppData\Local\Google\Chrome\User Data\Default\Extensions\gegkoiakifeoejnjkbnnojkkdoegeofp\3_0 CHR Extension: (Chrome In-App Payments service) - C:\Users\Daniel\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.4.10_0 CHR Extension: (DivX Plus Web Player HTML5 \u003Cvideo\u003E) - C:\Users\Daniel\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.2.145_0 CHR Extension: (NotScripts) - C:\Users\Daniel\AppData\Local\Google\Chrome\User Data\Default\Extensions\odjhifogjcknibkahlpidmdajjpkkcfn\0.9.6_0 CHR HKLM-x32\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files (x86)\McAfee\SiteAdvisor\McChPlg.crx CHR HKLM-x32\...\Chrome\Extension: [nneajnkjbffgblleaoojgaacokifdkhm] - C:\Program Files (x86)\DivX\DivX Plus Web Player\chrome\DivXHTML5\DivXHTML5.crx ==================== Services (Whitelisted) ================= R2 McAfee SiteAdvisor Service; C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [201304 2012-08-31] (McAfee, Inc.) R2 McMPFSvc; C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [201304 2012-08-31] (McAfee, Inc.) R2 mcmscsvc; C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [201304 2012-08-31] (McAfee, Inc.) R2 McNaiAnn; C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [201304 2012-08-31] (McAfee, Inc.) R2 McNASvc; C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [201304 2012-08-31] (McAfee, Inc.) S3 McODS; C:\Program Files\McAfee\VirusScan\mcods.exe [383608 2012-09-10] (McAfee, Inc.) R2 McProxy; C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [201304 2012-08-31] (McAfee, Inc.) R2 McShield; C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe [237920 2012-06-22] (McAfee, Inc.) R2 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [218320 2012-06-22] (McAfee, Inc.) R2 mfevtp; C:\Windows\system32\mfevtps.exe [177144 2012-06-22] (McAfee, Inc.) R2 MOBKbackup; C:\Program Files (x86)\McAfee Online Backup\MOBKbackup.exe [231224 2010-04-13] (McAfee, Inc.) R2 MSK80Service; C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [201304 2012-08-31] (McAfee, Inc.) R2 ST2012_Svc; C:\Program Files (x86)\Spyware Terminator\st_rsser64.exe [1149104 2013-02-12] (Crawler.com) S3 aspnet_state; %SystemRoot%\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [x] R2 postgresql-8.4; C:/Program Files (x86)/PostgreSQL/8.4/bin/pg_ctl.exe runservice -N "postgresql-8.4" -D "C:/Program Files (x86)/PostgreSQL/8.4/data" -w [x] ==================== Drivers (Whitelisted) ==================== R3 cfwids; C:\Windows\System32\drivers\cfwids.sys [69672 2012-06-22] (McAfee, Inc.) S3 GT72NDISIPXP; C:\Windows\System32\DRIVERS\Gt51Ip.sys [124416 2007-11-13] (Option N.V.) S3 GT72UBUS; C:\Windows\System32\DRIVERS\gt72ubus.sys [80896 2007-10-09] (Option N.V.) S3 GTPTSER; C:\Windows\System32\DRIVERS\gtptser.sys [10624 2007-03-30] (Option N.V.) S3 HipShieldK; C:\Windows\System32\drivers\HipShieldK.sys [196440 2012-04-20] (McAfee, Inc.) R0 McPvDrv; C:\Windows\System32\drivers\McPvDrv.sys [73096 2012-09-14] (McAfee, Inc.) R3 mfeapfk; C:\Windows\System32\drivers\mfeapfk.sys [169320 2012-06-22] (McAfee, Inc.) R3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [300392 2012-06-22] (McAfee, Inc.) R3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [513456 2012-06-22] (McAfee, Inc.) R0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [752672 2012-06-22] (McAfee, Inc.) S3 mferkdet; C:\Windows\System32\drivers\mferkdet.sys [106112 2012-06-22] (McAfee, Inc.) R0 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [335784 2012-06-22] (McAfee, Inc.) R1 MOBKFilter; C:\Windows\System32\DRIVERS\MOBK.sys [66040 2010-04-13] (Mozy, Inc.) R0 speedfan; C:\Windows\SysWow64\speedfan.sys [14104 2007-02-07] (Windows (R) Server 2003 DDK provider) R0 speedfan; C:\Windows\SysWow64\speedfan.sys [14104 2007-02-07] (Windows (R) Server 2003 DDK provider) R2 sp_rsdrv2; C:\Windows\System32\DRIVERS\stflt.sys [51496 2013-03-20] (Windows (R) Win 7 DDK provider) U3 mfeavfk01; No ImagePath S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [x] S3 tsusbhub; system32\drivers\tsusbhub.sys [x] S3 VGPU; System32\drivers\rdvgkmd.sys [x] ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2013-08-29 18:12 - 2013-08-29 18:12 - 00007281 _____ C:\Users\Daniel\Desktop\AdwCleaner[S0].txt 2013-08-29 17:49 - 2013-08-29 17:53 - 00000000 ____D C:\AdwCleaner 2013-08-29 17:45 - 2013-08-29 17:46 - 00994642 _____ C:\Users\Daniel\Desktop\adwcleaner.exe 2013-08-29 15:43 - 2013-08-29 15:43 - 00000000 ____D C:\FRST 2013-08-29 15:41 - 2013-08-29 15:41 - 00015446 _____ C:\Users\Daniel\Desktop\JRT.txt 2013-08-29 15:32 - 2013-08-29 15:32 - 00000000 ____D C:\Windows\ERUNT 2013-08-29 15:22 - 2013-08-29 15:22 - 01579080 _____ (Farbar) C:\Users\Daniel\Desktop\FRST64.exe 2013-08-29 15:22 - 2013-08-29 15:22 - 01023533 _____ (Thisisu) C:\Users\Daniel\Desktop\JRT.exe 2013-08-29 15:14 - 2013-08-29 15:14 - 00000000 ____D C:\Users\Daniel\AppData\Roaming\Malwarebytes 2013-08-29 15:13 - 2013-08-29 15:13 - 00001073 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk 2013-08-29 15:13 - 2013-08-29 15:13 - 00000000 ____D C:\ProgramData\Malwarebytes 2013-08-29 15:13 - 2013-08-29 15:13 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware 2013-08-29 15:13 - 2013-04-04 14:50 - 00025928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys 2013-08-29 15:12 - 2013-08-29 15:12 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\Daniel\Desktop\mbam-setup-1.75.0.1300.exe 2013-08-27 11:10 - 2013-08-27 12:12 - 00010437 _____ C:\Users\Daniel\Desktop\todoSchach.odt 2013-08-14 09:09 - 2013-07-26 07:13 - 02241024 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2013-08-14 09:09 - 2013-07-26 07:13 - 01365504 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2013-08-14 09:09 - 2013-07-26 07:13 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe 2013-08-14 09:09 - 2013-07-26 07:12 - 19239424 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2013-08-14 09:09 - 2013-07-26 07:12 - 15405056 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2013-08-14 09:09 - 2013-07-26 07:12 - 03958784 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2013-08-14 09:09 - 2013-07-26 07:12 - 02647040 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2013-08-14 09:09 - 2013-07-26 07:12 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll 2013-08-14 09:09 - 2013-07-26 07:12 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2013-08-14 09:09 - 2013-07-26 07:12 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll 2013-08-14 09:09 - 2013-07-26 07:12 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll 2013-08-14 09:09 - 2013-07-26 07:12 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll 2013-08-14 09:09 - 2013-07-26 07:12 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll 2013-08-14 09:09 - 2013-07-26 07:12 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll 2013-08-14 09:09 - 2013-07-26 05:35 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2013-08-14 09:09 - 2013-07-26 05:13 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2013-08-14 09:09 - 2013-07-26 05:13 - 01141248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2013-08-14 09:09 - 2013-07-26 05:12 - 14329344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2013-08-14 09:09 - 2013-07-26 05:12 - 02877440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll 2013-08-14 09:09 - 2013-07-26 05:12 - 02048512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2013-08-14 09:09 - 2013-07-26 05:12 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll 2013-08-14 09:09 - 2013-07-26 05:12 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll 2013-08-14 09:09 - 2013-07-26 05:12 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll 2013-08-14 09:09 - 2013-07-26 05:12 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll 2013-08-14 09:09 - 2013-07-26 05:12 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll 2013-08-14 09:09 - 2013-07-26 05:12 - 00039936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll 2013-08-14 09:09 - 2013-07-26 05:11 - 13761024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2013-08-14 09:09 - 2013-07-26 05:11 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll 2013-08-14 09:09 - 2013-07-26 04:49 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb 2013-08-14 09:09 - 2013-07-26 04:39 - 00089600 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe 2013-08-14 09:09 - 2013-07-26 03:59 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe 2013-08-14 07:52 - 2013-07-09 07:52 - 00224256 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll 2013-08-14 07:52 - 2013-07-09 07:46 - 01472512 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll 2013-08-14 07:52 - 2013-07-09 07:46 - 00184320 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll 2013-08-14 07:52 - 2013-07-09 07:46 - 00139776 _____ (Microsoft Corporation) C:\Windows\system32\cryptnet.dll 2013-08-14 07:52 - 2013-07-09 06:52 - 00175104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll 2013-08-14 07:52 - 2013-07-09 06:46 - 01166848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll 2013-08-14 07:52 - 2013-07-09 06:46 - 00140288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll 2013-08-14 07:52 - 2013-07-09 06:46 - 00103936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll 2013-08-14 07:51 - 2013-07-19 03:58 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll 2013-08-14 07:51 - 2013-07-19 03:41 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll 2013-08-14 07:50 - 2013-07-25 11:25 - 01888768 _____ (Microsoft Corporation) C:\Windows\system32\WMVDECOD.DLL 2013-08-14 07:50 - 2013-07-25 10:57 - 01620992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVDECOD.DLL 2013-08-14 07:50 - 2013-07-09 08:03 - 05550528 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe 2013-08-14 07:50 - 2013-07-09 07:54 - 01732032 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll 2013-08-14 07:50 - 2013-07-09 07:53 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll 2013-08-14 07:50 - 2013-07-09 07:51 - 01217024 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll 2013-08-14 07:50 - 2013-07-09 07:03 - 03968960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe 2013-08-14 07:50 - 2013-07-09 07:03 - 03913664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe 2013-08-14 07:50 - 2013-07-09 06:53 - 01292192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll 2013-08-14 07:50 - 2013-07-09 06:52 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll 2013-08-14 07:50 - 2013-07-09 06:52 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll 2013-08-14 07:50 - 2013-07-09 04:49 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe 2013-08-14 07:50 - 2013-07-09 04:49 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll 2013-08-14 07:50 - 2013-07-09 04:49 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe 2013-08-14 07:50 - 2013-07-09 04:49 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe 2013-08-14 07:50 - 2013-07-06 08:03 - 01910208 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys 2013-08-14 07:50 - 2013-06-15 06:35 - 01111552 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll 2013-08-14 07:50 - 2013-06-15 06:32 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tssecsrv.sys 2013-08-06 09:30 - 2013-08-06 09:30 - 00001979 _____ C:\Users\Public\Desktop\Adobe Reader XI.lnk 2013-08-06 09:30 - 2013-08-06 09:30 - 00000000 ____D C:\Program Files (x86)\Adobe ==================== One Month Modified Files and Folders ======= 2013-08-29 18:16 - 2009-07-14 06:45 - 00014608 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2013-08-29 18:16 - 2009-07-14 06:45 - 00014608 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2013-08-29 18:13 - 2010-06-16 16:19 - 01804461 _____ C:\Windows\WindowsUpdate.log 2013-08-29 18:12 - 2013-08-29 18:12 - 00007281 _____ C:\Users\Daniel\Desktop\AdwCleaner[S0].txt 2013-08-29 18:10 - 2012-11-29 13:20 - 00000000 ____D C:\Users\Daniel\AppData\Roaming\Dropbox 2013-08-29 18:10 - 2011-02-02 19:52 - 00000000 ____D C:\ProgramData\BOINC 2013-08-29 18:10 - 2010-07-09 15:01 - 00000000 ____D C:\Users\Daniel\AppData\Roaming\Skype 2013-08-29 18:09 - 2012-11-29 13:24 - 00000000 ___RD C:\Users\Daniel\Dropbox 2013-08-29 18:09 - 2010-06-16 16:27 - 00000000 ____D C:\ProgramData\NVIDIA 2013-08-29 18:09 - 2009-07-14 07:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT 2013-08-29 18:09 - 2009-07-14 06:51 - 00144211 _____ C:\Windows\setupact.log 2013-08-29 18:08 - 2013-03-01 11:28 - 00000000 ____D C:\Program Files (x86)\BrowseToSave 2013-08-29 18:08 - 2010-06-16 16:46 - 00090298 _____ C:\Windows\PFRO.log 2013-08-29 17:53 - 2013-08-29 17:49 - 00000000 ____D C:\AdwCleaner 2013-08-29 17:49 - 2013-04-23 16:05 - 01808367 _____ C:\blitzerr.txt 2013-08-29 17:46 - 2013-08-29 17:45 - 00994642 _____ C:\Users\Daniel\Desktop\adwcleaner.exe 2013-08-29 17:45 - 2011-02-02 01:34 - 00001124 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3367036293-2228256684-2732229916-1001UA.job 2013-08-29 17:37 - 2012-10-09 10:57 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job 2013-08-29 15:43 - 2013-08-29 15:43 - 00000000 ____D C:\FRST 2013-08-29 15:41 - 2013-08-29 15:41 - 00015446 _____ C:\Users\Daniel\Desktop\JRT.txt 2013-08-29 15:32 - 2013-08-29 15:32 - 00000000 ____D C:\Windows\ERUNT 2013-08-29 15:22 - 2013-08-29 15:22 - 01579080 _____ (Farbar) C:\Users\Daniel\Desktop\FRST64.exe 2013-08-29 15:22 - 2013-08-29 15:22 - 01023533 _____ (Thisisu) C:\Users\Daniel\Desktop\JRT.exe 2013-08-29 15:14 - 2013-08-29 15:14 - 00000000 ____D C:\Users\Daniel\AppData\Roaming\Malwarebytes 2013-08-29 15:13 - 2013-08-29 15:13 - 00001073 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk 2013-08-29 15:13 - 2013-08-29 15:13 - 00000000 ____D C:\ProgramData\Malwarebytes 2013-08-29 15:13 - 2013-08-29 15:13 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware 2013-08-29 15:12 - 2013-08-29 15:12 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\Daniel\Desktop\mbam-setup-1.75.0.1300.exe 2013-08-29 14:54 - 2009-07-14 19:58 - 00664618 _____ C:\Windows\system32\perfh007.dat 2013-08-29 14:54 - 2009-07-14 19:58 - 00134786 _____ C:\Windows\system32\perfc007.dat 2013-08-29 14:54 - 2009-07-14 07:13 - 01527868 _____ C:\Windows\system32\PerfStringBackup.INI 2013-08-29 13:41 - 2010-06-16 17:40 - 00000000 ____D C:\Users\Daniel\AppData\Local\PokerStars.EU 2013-08-29 12:20 - 2012-07-24 13:29 - 00027883 _____ C:\Users\Daniel\Desktop\Equity.ods 2013-08-29 12:20 - 2012-01-13 16:06 - 00313856 ___SH C:\Users\Daniel\Desktop\Thumbs.db 2013-08-29 10:50 - 2013-03-20 10:45 - 00000000 ____D C:\ProgramData\Spyware Terminator 2013-08-28 22:20 - 2013-05-30 21:47 - 00017130 _____ C:\Users\Daniel\Desktop\Serien.ods 2013-08-28 10:35 - 2010-06-16 17:19 - 00000000 ____D C:\Users\postgres 2013-08-27 12:12 - 2013-08-27 11:10 - 00010437 _____ C:\Users\Daniel\Desktop\todoSchach.odt 2013-08-27 09:45 - 2011-02-02 01:34 - 00001072 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3367036293-2228256684-2732229916-1001Core.job 2013-08-26 10:43 - 2013-07-29 10:27 - 00021455 _____ C:\Users\Daniel\Desktop\PLO Secrets.odt 2013-08-23 09:19 - 2010-06-16 16:39 - 00000000 ____D C:\Program Files (x86)\McAfee 2013-08-21 14:38 - 2012-10-09 10:57 - 00692104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2013-08-21 14:38 - 2012-10-09 10:57 - 00003822 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater 2013-08-21 14:38 - 2011-06-17 19:05 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2013-08-14 20:40 - 2010-06-17 23:56 - 00000000 ____D C:\ProgramData\Adobe 2013-08-14 20:39 - 2010-06-16 17:15 - 00000000 ____D C:\Users\Daniel\AppData\Roaming\Adobe 2013-08-14 16:54 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\rescache 2013-08-14 09:05 - 2013-07-26 01:33 - 00000000 ____D C:\Windows\system32\MRT 2013-08-14 09:03 - 2010-06-25 10:13 - 78161360 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe 2013-08-06 09:30 - 2013-08-06 09:30 - 00001979 _____ C:\Users\Public\Desktop\Adobe Reader XI.lnk 2013-08-06 09:30 - 2013-08-06 09:30 - 00000000 ____D C:\Program Files (x86)\Adobe 2013-08-06 09:29 - 2010-06-17 23:57 - 00000000 ____D C:\Users\Daniel\AppData\Local\Adobe Files to move or delete: ==================== C:\Users\Daniel\AppData\Local\Temp\DivXSetup.exe C:\Users\Daniel\AppData\Local\Temp\DWPUpgradeInstaller.exe C:\Users\Daniel\AppData\Local\Temp\FP_AX_MSI_INSTALLER.exe C:\Users\Daniel\AppData\Local\Temp\FP_PL_PFS_INSTALLER.exe C:\Users\Daniel\AppData\Local\Temp\GUR79EF.exe C:\Users\Daniel\AppData\Local\Temp\i4jdel0.exe C:\Users\Daniel\AppData\Local\Temp\jre-6u21-windows-i586-iftw-rv.exe C:\Users\Daniel\AppData\Local\Temp\jre-6u22-windows-i586-iftw-rv.exe C:\Users\Daniel\AppData\Local\Temp\jre-6u23-windows-i586-iftw-rv.exe C:\Users\Daniel\AppData\Local\Temp\jre-6u24-windows-i586-iftw-rv.exe C:\Users\Daniel\AppData\Local\Temp\jre-6u26-windows-i586-iftw-rv.exe C:\Users\Daniel\AppData\Local\Temp\jre-6u29-windows-i586-iftw-rv.exe C:\Users\Daniel\AppData\Local\Temp\jre-6u31-windows-i586-iftw-rv.exe C:\Users\Daniel\AppData\Local\Temp\jre-6u33-windows-i586-iftw.exe C:\Users\Daniel\AppData\Local\Temp\jre-6u35-windows-i586-iftw.exe C:\Users\Daniel\AppData\Local\Temp\jre-6u37-windows-i586-iftw.exe C:\Users\Daniel\AppData\Local\Temp\jre-6u39-windows-i586-iftw.exe C:\Users\Daniel\AppData\Local\Temp\jre-7u15-windows-i586-iftw.exe C:\Users\Daniel\AppData\Local\Temp\jre-7u17-windows-i586-iftw.exe C:\Users\Daniel\AppData\Local\Temp\jre-7u21-windows-i586-iftw.exe C:\Users\Daniel\AppData\Local\Temp\jre-7u25-windows-i586-iftw.exe C:\Users\Daniel\AppData\Local\Temp\pPokerSetup.exe C:\Users\Daniel\AppData\Local\Temp\Quarantine.exe C:\Users\Daniel\AppData\Local\Temp\sfamcc00001.dll C:\Users\Daniel\AppData\Local\Temp\sfextra.dll C:\Users\Daniel\AppData\Local\Temp\SkypeSetup.exe C:\Users\Daniel\AppData\Local\Temp\xmlUpdater.exe C:\Users\Daniel\AppData\Local\Temp\_is49DD.exe C:\Users\Daniel\AppData\Local\Temp\_unps.exe C:\Users\Daniel\AppData\Local\Temp\{BB1214EA-9771-4DED-BAAA-A8CBC792DDF5}\Setup.exe C:\Users\Daniel\AppData\Local\Temp\{AF98C74B-2493-4DE7-9181-00F07BD169C0}\Setup.exe C:\Users\Daniel\AppData\Local\Temp\{A89475E1-BB25-4A53-BEC0-BD9320A46058}\Setup.exe C:\Users\Daniel\AppData\Local\Temp\{852472F5-D569-42B3-9033-60C4AA5D3683}\ISSetup.dll C:\Users\Daniel\AppData\Local\Temp\{852472F5-D569-42B3-9033-60C4AA5D3683}\_Setup.dll C:\Users\Daniel\AppData\Local\Temp\{1027B3D7-2454-4773-B4A7-2825860547D9}\ISBEW64.exe C:\Users\Daniel\AppData\Local\Temp\Temp1_Houdini_15a.zip\Houdini_15a_x64.exe C:\Users\Daniel\AppData\Local\Temp\nsr8383.tmp\DropboxNSISTools.dll C:\Users\Daniel\AppData\Local\Temp\nsq2DA6.tmp\DropboxNSISTools.dll C:\Users\Daniel\AppData\Local\Temp\nso84E8.tmp\DropboxNSISTools.dll C:\Users\Daniel\AppData\Local\Temp\nso84E8.tmp\UAC.dll C:\Users\Daniel\AppData\Local\Temp\nslF039.tmp\DropboxNSISTools.dll C:\Users\Daniel\AppData\Local\Temp\nsgDE6E.tmp\DropboxNSISTools.dll C:\Users\Daniel\AppData\Local\Temp\MSS\3.0.318.3\mcbrwsr2.dll C:\Users\Daniel\AppData\Local\Temp\MSS\3.0.318.3\McInstallerRes.dll C:\Users\Daniel\AppData\Local\Temp\MSS\3.0.318.3\McInstallerRes_LD.dll C:\Users\Daniel\AppData\Local\Temp\MSS\3.0.318.3\McInstallerStartup.dll C:\Users\Daniel\AppData\Local\Temp\MSS\3.0.318.3\McUICnt.exe C:\Users\Daniel\AppData\Local\Temp\MSS\3.0.318.3\SecurityScanner.dll C:\Users\Daniel\AppData\Local\Temp\mProjector3175261488\mPlayer.3.1.1k.dll C:\Users\Daniel\AppData\Local\Temp\McTemp\23206\InstProg.dll C:\Users\Daniel\AppData\Local\Temp\McTemp\23206\Download_Files\oemmain\mcinsspt.exe C:\Users\Daniel\AppData\Local\Temp\jrt\erunt\ERUNT.EXE C:\Users\Daniel\AppData\Local\Temp\e4j1631.tmp_dir1359547273\i4jinst.dll C:\Users\Daniel\AppData\Local\Temp\e4j1631.tmp_dir1359547273\jre\bin\awt.dll C:\Users\Daniel\AppData\Local\Temp\e4j1631.tmp_dir1359547273\jre\bin\deploy.dll C:\Users\Daniel\AppData\Local\Temp\E2E0.dir\InstallFlashPlayer.exe C:\Users\Daniel\AppData\Local\Temp\DA48.dir\InstallFlashPlayer.exe C:\Users\Daniel\AppData\Local\Temp\D77A.dir\InstallFlashPlayer.exe C:\Users\Daniel\AppData\Local\Temp\C7B2.dir\InstallFlashPlayer.exe C:\Users\Daniel\AppData\Local\Temp\C091.dir\InstallFlashPlayer.exe C:\Users\Daniel\AppData\Local\Temp\be29e7f1-71ae-4703-50cb-1d52be512f51\twapi-be29e7f1-71ae-4703-50cb-1d52be512f51.dll C:\Users\Daniel\AppData\Local\Temp\BB82.dir\InstallFlashPlayer.exe C:\Users\Daniel\AppData\Local\Temp\B5D7.dir\InstallFlashPlayer.exe C:\Users\Daniel\AppData\Local\Temp\A840.dir\InstallFlashPlayer.exe C:\Users\Daniel\AppData\Local\Temp\A219.dir\InstallFlashPlayer.exe C:\Users\Daniel\AppData\Local\Temp\9DA8.dir\InstallFlashPlayer.exe C:\Users\Daniel\AppData\Local\Temp\7zS00AB\HP-DQEX5.exe C:\Users\Daniel\AppData\Local\Temp\7zS00AB\Setup.exe C:\Users\Daniel\AppData\Local\Temp\7zS00AB\utils\hpUrlLauncher.exe C:\Users\Daniel\AppData\Local\Temp\7zS00AB\i386\hpfime51.dll C:\Users\Daniel\AppData\Local\Temp\7zS00AB\i386\hpinkcoi9311.dll C:\Users\Daniel\AppData\Local\Temp\7zS00AB\i386\hpinksts9311.dll C:\Users\Daniel\AppData\Local\Temp\7zS00AB\i386\hpinksts9311LM.dll C:\Users\Daniel\AppData\Local\Temp\7zS00AB\i386\hpvpldrv04.dll C:\Users\Daniel\AppData\Local\Temp\7zS00AB\i386\hpvplres04.dll C:\Users\Daniel\AppData\Local\Temp\7zS00AB\i386\hpvplui04.dll C:\Users\Daniel\AppData\Local\Temp\7zS00AB\i386\unidrv.dll C:\Users\Daniel\AppData\Local\Temp\7zS00AB\i386\unidrvui.dll C:\Users\Daniel\AppData\Local\Temp\7zS00AB\i386\unires.dll C:\Users\Daniel\AppData\Local\Temp\7zS00AB\drivers\scanner\x64\HPScanMiniDrv_DJ3050_J610.dll C:\Users\Daniel\AppData\Local\Temp\7zS00AB\amd64\hpfime51.dll C:\Users\Daniel\AppData\Local\Temp\7zS00AB\amd64\hpinkcoi9311.dll C:\Users\Daniel\AppData\Local\Temp\7zS00AB\amd64\hpinksts9311.dll C:\Users\Daniel\AppData\Local\Temp\7zS00AB\amd64\hpinksts9311LM.dll C:\Users\Daniel\AppData\Local\Temp\7zS00AB\amd64\hpvpldrv04.dll C:\Users\Daniel\AppData\Local\Temp\7zS00AB\amd64\hpvplres04.dll C:\Users\Daniel\AppData\Local\Temp\7zS00AB\amd64\hpvplui04.dll C:\Users\Daniel\AppData\Local\Temp\7zS00AB\amd64\unidrv.dll C:\Users\Daniel\AppData\Local\Temp\7zS00AB\amd64\unidrvui.dll C:\Users\Daniel\AppData\Local\Temp\7zS00AB\amd64\unires.dll C:\Users\Daniel\AppData\Local\Temp\58E9.dir\InstallFlashPlayer.exe C:\Users\Daniel\AppData\Local\Temp\5744.dir\InstallFlashPlayer.exe C:\Users\Daniel\AppData\Local\Temp\3A23.dir\InstallFlashPlayer.exe C:\Users\Daniel\AppData\Local\Temp\20DD.dir\InstallFlashPlayer.exe ==================== Bamital & volsnap Check ================= C:\Windows\System32\winlogon.exe => MD5 is legit C:\Windows\System32\wininit.exe => MD5 is legit C:\Windows\SysWOW64\wininit.exe => MD5 is legit C:\Windows\explorer.exe => MD5 is legit C:\Windows\SysWOW64\explorer.exe => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\SysWOW64\svchost.exe => MD5 is legit C:\Windows\System32\services.exe => MD5 is legit C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\SysWOW64\User32.dll => MD5 is legit C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\SysWOW64\userinit.exe => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit LastRegBack: 2013-08-22 11:07 ==================== End Of Log ============================ Addition Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x64) Version: 28-08-2013 Ran by Daniel at 2013-08-29 18:17:25 Running from C:\Users\Daniel\Desktop Boot Mode: Normal ========================================================== ==================== Installed Programs ======================= 7-Zip 9.20 (x64 edition) (Version: 9.20.00.0) Adobe Flash Player 11 ActiveX (x32 Version: 11.8.800.94) Adobe Flash Player 11 Plugin (x32 Version: 11.8.800.94) Adobe Reader XI (11.0.03) - Deutsch (x32 Version: 11.0.03) AMP WinOFF 5.0.1 (x32 Version: 5.0.1) Any Audio Converter 3.0.7 (x32) Apple Application Support (x32 Version: 2.3.4) Apple Mobile Device Support (Version: 6.1.0.13) Apple Software Update (x32 Version: 2.1.3.127) BOINC (x32 Version: 6.10.58) Bonjour (Version: 3.0.0.10) BrettspielWelt (x32) BrowseToSave (Version: 1.0) Camtasia Studio 7 (x32 Version: 7.0.1) ChessBase 10 (x32 Version: 10) ChessBase Reader (x32 Version: 2) CLICK & LEARN DiDi 360° 3.1 (x32) ConvertHelper 2.2 (x32) Dealio Toolbar v7.4 (x32 Version: 7.4) Deep Rybka 3 (x32 Version: 1.0) Deep Rybka 4 (x32 Version: 12.18.0.0) DivX-Setup (x32 Version: 2.6.1.22) Dropbox (HKCU Version: 2.0.22) EV calculator (x32 Version: 1.0.0) F.lux (HKCU) Flopzilla (x32 Version: 1.0.0) FLV Player 2.0 (build 25) (x32 Version: 2.0 (build 25)) Free Audio CD Burner version 1.4 (x32) Free FLV Converter V 6.8.0 (x32 Version: 6.8.0.0) Free Music Zilla (x32) Free Sound Recorder 2010 v9.2.1 (x32) Free YouTube to MP3 Converter version 3.10.14.1206 (x32) FreePDF (Remove only) (x32) Fritz 12 (x32 Version: 12.0.0) Full Tilt Poker (x32 Version: 4.39.7.WIN.FullTilt.COM) Full Tilt Poker.Eu (x32 Version: 4.59.8.WIN.FullTilt.EU) Garmin Communicator Plugin (x32 Version: 4.0.4) Garmin Communicator Plugin x64 (Version: 4.0.4) GIMP 2.8.4 (Version: 2.8.4) GlobeTrotter Connect (Version: 2.3.0.630) Google Chrome (HKCU Version: 29.0.1547.62) GPL Ghostscript (x32 Version: 9.05) Holdem Manager (x32) Houdini 3 Pro (x32 Version: 13.12.0.0) HP Deskjet 3050 J610 series - Grundlegende Software für das Gerät (Version: 22.50.231.0) HP Deskjet 3050 J610 series Hilfe (x32 Version: 140.0.63.63) iCloud (Version: 2.1.2.8) Intel(R) Network Connections 18.0.1.0 (Version: 18.0.1.0) iTunes (Version: 11.0.4.4) Java 7 Update 25 (x32 Version: 7.0.250) Java Auto Updater (x32 Version: 2.1.9.5) Java(TM) 6 Update 20 (x32 Version: 6.0.200) Malwarebytes Anti-Malware Version 1.75.0.1300 (x32 Version: 1.75.0.1300) McAfee Online Backup (Version: 1.16.4.0) McAfee Online Backup (x32) McAfee SecurityCenter (x32 Version: 11.6.435) Microsoft .NET Framework 1.1 (x32 Version: 1.1.4322) Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319) Microsoft .NET Framework 4 Client Profile DEU Language Pack (Version: 4.0.30319) Microsoft Silverlight (Version: 5.1.20513.0) Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (x32 Version: 8.0.50727.4053) Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.61001) Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570 (Version: 9.0.30729.5570) Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (x32 Version: 9.0.30729.5570) Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (Version: 9.0.21022) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (x32 Version: 9.0.30729) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (x32 Version: 9.0.30729.6161) MobileMe Control Panel (Version: 3.1.8.0) Mozilla Firefox 11.0 (x86 de) (x32 Version: 11.0) MP3-Tag-Editor 3.14.0 (x32 Version: 3.14.0) No23 Recorder (x32 Version: 2.1.0.3) Notepad++ (x32 Version: 6.1.2) NVIDIA 3D Vision Treiber 311.06 (Version: 311.06) NVIDIA Grafiktreiber 311.06 (Version: 311.06) NVIDIA Install Application (Version: 2.1002.108.688) NVIDIA PhysX (x32 Version: 9.10.0514) NVIDIA PhysX-Systemsoftware 9.10.0514 (Version: 9.10.0514) NVIDIA Stereoscopic 3D Driver (x32 Version: 7.17.13.1106) NVIDIA Systemsteuerung 311.06 (Version: 311.06) NVIDIA Update 1.11.3 (Version: 1.11.3) NVIDIA Update Components (Version: 1.11.3) OpenOffice.org 3.2 (x32 Version: 3.2.9502) OpenTTD 1.2.1 (x32 Version: 1.2.1) Party EzCASH Registered (x32) PartyPoker (x32 Version: 144) PlayChess (x32 Version: ) Pokerazor 1.38 (x32 Version: 1.38) PokerEV (x32 Version: 0.80.75) PokerStars (x32) PokerStrategy.com Equilab - Omaha (x32 Version: 1.1.4.0) PokerStrategy.com EquiLab (x32 Version: 1.1.0.193) PokerStrategy.com Equilab (x32 Version: 1.1.0.195) PokerStrategy.com Equilator (x32 Version: 1.8.1.0) PokerTools Odds Oracle 2.2.1 (Version: 2.2.1) PostgreSQL 8.4 (x32 Version: 8.4) Power Mp3 Recorder(Mp3 Sound Recorder) 2.9 (x32) Power Sound Editor Free (x32) PVSonyDll (Version: 1.00.0001) QuickTime (x32 Version: 7.74.80.86) RedMon - Redirection Port Monitor RuntimeLibsVC90 (x32 Version: 1.1.0) Safari (x32 Version: 5.34.57.2) Shared C Run-time for x64 (Version: 10.0.0) Sid Meier's Civilization 4 Complete (x32 Version: 1.74) Skype™ 6.6 (x32 Version: 6.6.106) SpeedFan (remove only) (x32) Spyware Terminator 2012 (x32 Version: 3.0.0.80) TableNinja (x32 Version: 1.2.93) TableNinjaFT (x32 Version: 1.1.34) Titan Poker (HKCU) TrueCrypt (x32 Version: 7.1) TubeBox (x32 Version: 3.5.3) Uninstall 1.0.0.1 (x32) Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (x32 Version: 1) Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (x32 Version: 1) Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (x32 Version: 1) Update for Microsoft .NET Framework 4 Client Profile (KB2836939) (x32 Version: 1) VC_CRT_x64 (Version: 1.02.0000) VC80CRTRedist - 8.0.50727.6195 (x32 Version: 1.2.0) VLC media player 2.0.1 (x32 Version: 2.0.1) Windows Media Player Firefox Plugin (x32 Version: 1.0.0.8) Winmail Opener 1.4 (x32 Version: 1.4) ==================== Restore Points ========================= 29-08-2013 10:45:21 Geplanter Prüfpunkt ==================== Hosts content: ========================== 2009-07-14 04:34 - 2009-06-10 23:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts ==================== Scheduled Tasks (whitelisted) ============= Task: {088482FA-65B8-4E17-9ABF-1DCD48E8D373} - System32\Tasks\Microsoft\Windows\Tcpip\IpAddressConflict1 => C:\Windows\System32\ndfapi.dll [2009-07-14] (Microsoft Corporation) Task: {09F06BFE-A3C8-40E3-846A-6E6F4000C238} - System32\Tasks\Microsoft\Windows\Tcpip\IpAddressConflict2 => C:\Windows\System32\ndfapi.dll [2009-07-14] (Microsoft Corporation) Task: {15783BDE-0CF9-445C-8E46-212CF759AF67} - System32\Tasks\Microsoft\Windows\DiskDiagnostic\Microsoft-Windows-DiskDiagnosticDataCollector => C:\Windows\System32\dfdts.dll [2009-07-14] (Microsoft Corporation) Task: {2AAF8B07-9A60-4B3E-94A7-700FE02CCBB6} - System32\Tasks\{7DD017B2-A651-4B1E-B0AC-58136ABF81F9} => C:\Users\Daniel\Downloads\flux-setup(2).exe No File Task: {3CA8DB52-C89F-4B2C-810E-C6AB7E34B96E} - System32\Tasks\Microsoft\Windows Defender\MP Scheduled Scan => c:\program files\windows defender\MpCmdRun.exe [2009-07-14] (Microsoft Corporation) Task: {527D68BE-266E-44DA-B472-4AA663FD13EC} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3367036293-2228256684-2732229916-1001Core => C:\Users\Daniel\AppData\Local\Google\Update\GoogleUpdate.exe [2011-02-02] (Google Inc.) Task: {548493F3-442E-4D93-BC27-057378BF41E3} - System32\Tasks\WPD\SqmUpload_S-1-5-21-3367036293-2228256684-2732229916-1001 => C:\Windows\System32\portabledeviceapi.dll [2010-11-20] (Microsoft Corporation) Task: {68836440-F993-416C-9C8F-807E0A5573C9} - System32\Tasks\{DAA914B1-40E0-41D1-88F7-6062F1111C4D} => c:\program files (x86)\mozilla firefox\firefox.exe [2012-03-13] (Mozilla Corporation) Task: {85F07AB0-F908-4458-B8EA-CBBFC90BA625} - System32\Tasks\{599E2690-C1A0-4179-B2DA-F81619ADB65D} => C:\Program Files (x86)\Skype\Phone\Skype.exe [2013-06-21] (Skype Technologies S.A.) Task: {994C86AD-A929-4B2C-88A0-4E25A107A029} - System32\Tasks\Microsoft\Windows\SystemRestore\SR => C:\Windows\System32\srrstr.dll [2010-11-20] (Microsoft Corporation) Task: {A7C73732-9F11-4281-8D19-764D4EC9D94D} - System32\Tasks\Microsoft\Windows\Application Experience\ProgramDataUpdater => C:\Windows\System32\aepdu.dll [2010-11-20] (Microsoft Corporation) Task: {B480937C-0D57-40AE-9839-6FDCA51C4D4A} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-08-21] (Adobe Systems Incorporated) Task: {D7B6E81D-3CF4-432C-84D2-24213F4316E6} - System32\Tasks\Microsoft\Windows\Autochk\Proxy => C:\Windows\System32\acproxy.dll [2009-07-14] (Microsoft Corporation) Task: {E22A8667-F75B-4BA9-BA46-067ED4429DE8} - System32\Tasks\Microsoft\Windows\Windows Filtering Platform\BfeOnServiceStartTypeChange => C:\Windows\System32\bfe.dll [2010-11-20] (Microsoft Corporation) Task: {E4F9EB4A-8456-4DD5-9793-0C0EED7A8426} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3367036293-2228256684-2732229916-1001UA => C:\Users\Daniel\AppData\Local\Google\Update\GoogleUpdate.exe [2011-02-02] (Google Inc.) Task: {EF770798-4C20-466B-B8B1-77C14F204DFD} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.) Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3367036293-2228256684-2732229916-1001Core.job => C:\Users\Daniel\AppData\Local\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3367036293-2228256684-2732229916-1001UA.job => C:\Users\Daniel\AppData\Local\Google\Update\GoogleUpdate.exe ==================== Alternate Data Streams (whitelisted) ========== AlternateDataStreams: C:\Users\Daniel\Thumbs.db:encryptable AlternateDataStreams: C:\Users\Daniel\Desktop\Thumbs.db:encryptable ==================== Faulty Device Manager Devices ============= Name: Microsoft PS/2-Maus Description: Microsoft PS/2-Maus Class Guid: {4d36e96f-e325-11ce-bfc1-08002be10318} Manufacturer: Microsoft Service: i8042prt Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24) Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed. Devices stay in this state if they have been prepared for removal. After you remove the device, this error disappears.Remove the device, and this error should be resolved. ==================== Event log errors: ========================= Application errors: ================== Error: (08/29/2013 06:11:41 PM) (Source: VSS) (User: ) Description: Volumeschattenkopie-Dienstfehler: Beim Abfragen nach der Schnittstelle "IVssWriterCallback" ist ein unerwarteter Fehler aufgetreten. hr = 0x80070005, Zugriff verweigert . Die Ursache hierfür ist oft eine falsche Sicherheitseinstellung im Schreib- oder Anfrageprozess. Vorgang: Generatordaten werden gesammelt Kontext: Generatorklassen-ID: {e8132975-6f93-4464-a53e-1050253ae220} Generatorname: System Writer Generatorinstanz-ID: {7196812f-6be7-4bdb-9b69-063a4497d79a} Error: (08/29/2013 06:09:19 PM) (Source: PostgreSQL) (User: ) Description: 2013-08-29 18:09:19 CESTFATAL: the database system is starting up System errors: ============= Error: (08/29/2013 06:11:25 PM) (Source: Service Control Manager) (User: ) Description: Der Dienst "NVIDIA Update Service Daemon" wurde aufgrund folgenden Fehlers nicht gestartet: %%1069 Error: (08/29/2013 06:11:25 PM) (Source: Service Control Manager) (User: ) Description: Der Dienst "nvUpdatusService" konnte sich nicht als ".\UpdatusUser" mit dem aktuellen Kennwort aufgrund des folgenden Fehlers anmelden: %%1330 Vergewissern Sie sich, dass der Dienst richtig konfiguriert ist im Dienste-Snap-In in der Microsoft Management Console (MMC). Microsoft Office Sessions: ========================= Error: (08/29/2013 06:11:41 PM) (Source: VSS)(User: ) Description: 0x80070005, Zugriff verweigert Vorgang: Generatordaten werden gesammelt Kontext: Generatorklassen-ID: {e8132975-6f93-4464-a53e-1050253ae220} Generatorname: System Writer Generatorinstanz-ID: {7196812f-6be7-4bdb-9b69-063a4497d79a} Error: (08/29/2013 06:09:19 PM) (Source: PostgreSQL)(User: ) Description: 2013-08-29 18:09:19 CESTFATAL: the database system is starting up CodeIntegrity Errors: =================================== Date: 2012-06-13 18:58:43.519 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\PROGRA~2\McAfee\SITEAD~1\x64\saHook.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. Date: 2012-06-13 17:45:14.482 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\PROGRA~2\McAfee\SITEAD~1\x64\saHook.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. Date: 2012-06-06 18:51:05.341 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\PROGRA~2\McAfee\SITEAD~1\x64\saHook.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. Date: 2012-06-06 18:37:57.173 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\PROGRA~2\McAfee\SITEAD~1\x64\saHook.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. ==================== Memory info =========================== Percentage of memory in use: 33% Total physical RAM: 12279.14 MB Available physical RAM: 8151.65 MB Total Pagefile: 24556.47 MB Available Pagefile: 20037.81 MB Total Virtual: 8192 MB Available Virtual: 8191.83 MB ==================== Drives ================================ Drive c: () (Fixed) (Total:342.02 GB) (Free:16.18 GB) NTFS ==>[Drive with boot components (obtained from BCD)] Drive d: (DATA) (Fixed) (Total:341.97 GB) (Free:6.61 GB) NTFS Drive e: (Fritztrainer) (CDROM) (Total:1.07 GB) (Free:0 GB) UDF Drive j: () (Fixed) (Total:931.51 GB) (Free:730.95 GB) NTFS ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (Size: 699 GB) (Disk ID: DD7D2BC8) Partition 1: (Not Active) - (Size=15 GB) - (Type=27) Partition 2: (Active) - (Size=342 GB) - (Type=07 NTFS) Partition 3: (Not Active) - (Size=342 GB) - (Type=07 NTFS) ======================================================== Disk: 5 (Size: 932 GB) (Disk ID: 007EFC3B) Partition 1: (Not Active) - (Size=932 GB) - (Type=07 NTFS) ==================== End Of Log ============================ |
29.08.2013, 19:29 | #4 |
/// Winkelfunktion /// TB-Süch-Tiger™ | Umleitung zu ww94.btosjs.info Sieht ok aus. Wir sollten fast durch sein. Mach bitte zur Kontrolle einen Quickscan mit Malwarebytes Anti-Malware (MBAM) Hinweis: Denk bitte vorher daran, Malwarebytes Anti-Malware über den Updatebutton zu aktualisieren! Anschließend über den OnlineScanner von ESET eine zusätzliche Meinung zu holen ist auch nicht verkehrt: ESET Online Scanner
__________________ Logfiles bitte immer in CODE-Tags posten |
30.08.2013, 22:28 | #5 |
| Umleitung zu ww94.btosjs.info MBAM sagt das Code:
ATTFilter Malwarebytes Anti-Malware 1.75.0.1300 www.malwarebytes.org Datenbank Version: v2013.08.30.02 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 10.0.9200.16660 Daniel :: DANIEL-PC [Administrator] 30.08.2013 10:11:02 mbam-log-2013-08-30 (10-11-02).txt Art des Suchlaufs: Quick-Scan Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 273414 Laufzeit: 4 Minute(n), 4 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 0 (Keine bösartigen Objekte gefunden) (Ende) Code:
ATTFilter C:\AdwCleaner\Quarantine\C\Users\Daniel\AppData\Roaming\Mozilla\Firefox\Profiles\lq1ok6po.default\Extensions\lwqaioa@avkwzs.edu\content\bg.js.vir Win32/Adware.MultiPlug.H application C:\AdwCleaner\Quarantine\C\Users\Daniel\AppData\Roaming\Mozilla\Firefox\Profiles\lq1ok6po.default\Extensions\mhglg2ji5l@zvvl-vr.co.uk\content\bg.js.vir Win32/Adware.MultiPlug.H application |
01.09.2013, 15:44 | #6 |
/// Winkelfunktion /// TB-Süch-Tiger™ | Umleitung zu ww94.btosjs.info Das sind nur Funde in der Q vom adwCleaner Sieht soweit ok aus Wegen Cookies und anderer Dinge im Web: Um die Pest von vornherein zu blocken (also TrackingCookies, Werbebanner etc.) müsstest du dir mal sowas wie MVPS Hosts File anschauen => Blocking Unwanted Parasites with a Hosts File - sinnvollerweise solltest du alle 4 Wochen mal bei MVPS nachsehen, ob er eine neue Hosts Datei herausgebracht hat. Info: Cookies sind keine Schädlinge direkt, aber es besteht die Gefahr der missbräuchlichen Verwendung (eindeutige Wiedererkennung zB für gezielte Werbung o.ä. => HTTP-Cookie ) Ansonsten gibt es noch gute Cookiemanager, Erweiterungen für den Firefox zB wäre da CookieCuller Wenn du aber damit leben kannst, dich bei jeder Browsersession überall neu einzuloggen (zB Facebook, Ebay, GMX, oder auch Trojaner-Board) dann stell den Browser einfach so ein, dass einfach alles beim Beenden des Browser inkl. Cookies gelöscht wird. Ist dein System nun wieder in Ordnung oder gibt's noch andere Funde oder Probleme?
__________________ --> Umleitung zu ww94.btosjs.info |
02.09.2013, 12:29 | #7 |
| Umleitung zu ww94.btosjs.info Läuft wieder ohne Probleme. Ein großes Dankeschön für deine Hilfe. |
02.09.2013, 12:40 | #8 |
/// Winkelfunktion /// TB-Süch-Tiger™ | Umleitung zu ww94.btosjs.info Dann wären wir durch! Falls du noch Lob oder Kritik loswerden möchtest => Lob, Kritik und Wünsche - Trojaner-Board Die Programme, die hier zum Einsatz kamen, können alle deinstalliert werden. Helfen kann dir dabei delfix: Die Reihenfolge ist hier entscheidend.
Bitte abschließend noch die Updates prüfen, unten mein Leitfaden dazu. Um in Zukunft die Aktualität der installierten Programme besser im Überblick zu halten, kannst du zB Secunia PSI verwenden. Für noch mehr Sicherheit solltest Du nach der beseitigten Infektion auch möglichst alle Passwörter ändern. Microsoftupdate Windows XP:Besuch mit dem IE die MS-Updateseite und lass Dir alle wichtigen Updates installieren. Windows Vista/7: Start, Systemsteuerung, Windows-Update PDF-Reader aktualisieren Ein veralteter AdobeReader stellt ein großes Sicherheitsrisiko dar. Du solltest daher besser alte Versionen vom AdobeReader über Systemsteuerung => Software bzw. Programme und Funktionen deinstallieren, indem Du dort auf "Adobe Reader x.0" klickst und das Programm entfernst. (falls du AdobeReader installiert hast) Ich empfehle einen alternativen PDF-Reader wie PDF Xchange Viewer, SumatraPDF oder Foxit PDF Reader, die sind sehr viel schlanker und flotter als der AdobeReader. Bitte überprüf bei der Gelegenheit auch die Aktualität des Flashplayers: Prüfen => Adobe - Flash Player Downloadlinks findest du hier => Browsers and Plugins - FilePony.de Alle Plugins im Firefox-Browser kannst du auch ganz einfach hier auf Aktualität prüfen => https://www.mozilla.org/de/plugincheck Natürlich auch darauf achten, dass andere installierte Browser wie zB Firefox, Opera oder Chrome aktuell sind. Java-Update Veraltete Java-Installationen sind ein großes Sicherheitsrisiko, daher solltest Du die alten Versionen deinstallieren. Beende dazu alle Programme (v.a. die Browser), klick danach auf Start, Systemsteuerung, Software (bzw. Programme und Funktionen) und deinstalliere darüber alle aufgelisteten Java-Versionen. Lad Dir danach von hier das aktuelle Java SE Runtime Environment (JRE) herunter und installiere es.
__________________ Logfiles bitte immer in CODE-Tags posten |