Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung
Umleitung zu ww94.btosjs.info

Umleitung zu ww94.btosjs.info


Log-Analyse und Auswertung: Umleitung zu ww94.btosjs.info

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML.

 
Vorheriger Beitrag Vorheriger Beitrag   Nächster Beitrag Nächster Beitrag
Alt 29.08.2013, 14:47   #1
Wolke33
 
Umleitung zu ww94.btosjs.info - Standard

Umleitung zu ww94.btosjs.info


Hi,

Nachdem ich mir auf meinem Laptop gestern nen Virus eingefangen habe, hatte ich eh schon überlegt mal meinen anderen Rechner zu überprüfen, da habe ich auf einmal ne komische Umleitung zuhxxp://ww94.btosjs.info/ automatisch in mehreren Tabs meines Browsers(Chrome).

Hier die Logs:

MBAM

Code:
ATTFilter
Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Datenbank Version: v2013.08.29.05

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 10.0.9200.16660
Daniel :: DANIEL-PC [Administrator]

29.08.2013 15:15:59
mbam-log-2013-08-29 (15-15-59).txt

Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 273896
Laufzeit: 14 Minute(n), 

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 10
HKCR\CLSID\{1756ECE6-D070-1474-4B6D-4B26D0425F41} (PUP.Optional.MultiPlug.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1756ECE6-D070-1474-4B6D-4B26D0425F41} (PUP.Optional.MultiPlug.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{1756ECE6-D070-1474-4B6D-4B26D0425F41} (PUP.Optional.MultiPlug.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{1756ECE6-D070-1474-4B6D-4B26D0425F41} (PUP.Optional.MultiPlug.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCR\CLSID\{7DF243A0-01A4-263C-621D-A61A3C1C7DDB} (PUP.Optional.MultiPlug.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7DF243A0-01A4-263C-621D-A61A3C1C7DDB} (PUP.Optional.MultiPlug.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{7DF243A0-01A4-263C-621D-A61A3C1C7DDB} (PUP.Optional.MultiPlug.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{7DF243A0-01A4-263C-621D-A61A3C1C7DDB} (PUP.Optional.MultiPlug.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{C3F3165C-74D3-6FDB-3274-14FDA8698CFA} (PUP.Optional.SilentInstall.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{655308F2-A559-BE38-E4CA-4D547FB44370} (PUP.Optional.Tarma.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 1
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows|AppInit_DLLs (PUP.Optional.SProtect.A) -> Bösartig: (c:\progra~2\browse~1\sprote~1.dll) Gut: () -> Erfolgreich ersetzt und in Quarantäne gestellt.

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 12
C:\Program Files (x86)\BrowseToSave\sprotector.dll (PUP.Optional.SProtect.A) -> Löschen bei Neustart.
C:\ProgramData\Browwsse2saVee\5130744f5ebac.dll (PUP.Optional.MultiPlug.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\ProgramData\Breowsse2isavee\51497b2e732d7.dll (PUP.Optional.MultiPlug.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\ProgramData\Breowsse2isavee\uninstall.exe (PUP.Optional.SilentInstall.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\ProgramData\Browwsse2saVee\uninstall.exe (PUP.Optional.SilentInstall.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\ProgramData\InstallMate\{30EAE41E-94D5-4E3D-ACD6-DCF7EB09C6E8}\Setup.exe (PUP.Optional.Tarma.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\ProgramData\InstallMate\{30EAE41E-94D5-4E3D-ACD6-DCF7EB09C6E8}\TsuDll.dll (PUP.Optional.Tarma.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Daniel\AppData\Local\Temp\is-ANH4U.tmp\dealio.exe (PUP.Dealio.TB) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Windows\Temp\DealioToolbar.exe (PUP.Dealio.TB) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Daniel\Downloads\SoftonicDownloader_fuer_power-mp3-recorder(2).exe (PUP.OfferBundler.ST) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Daniel\Downloads\SoftonicDownloader_fuer_power-mp3-recorder.exe (PUP.OfferBundler.ST) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Daniel\Downloads\SoftonicDownloader_fuer_power-sound-editor.exe (PUP.OfferBundler.ST) -> Erfolgreich gelöscht und in Quarantäne gestellt.

(Ende)
JRT

Code:
ATTFilter
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 5.5.5 (08.28.2013:1)
OS: Windows 7 Ultimate x64
Ran by Daniel on 29.08.2013 at 15:32:31,63
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services

Successfully stopped: [Service] application updater 
Successfully deleted: [Service] application updater 



~~~ Registry Values

Successfully deleted: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\searchsettings



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\AppID\nctaudiocdgrabber2.dll
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{2CE4D4CF-B278-4126-AD1E-B622DA2E8339}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\conduit
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\softonic
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\yahoopartnertoolbar
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\software\dealio
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\software\search settings
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\sprotector
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\application updater
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\conduit
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\systweak
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\systweakasp_rasapi32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\systweakasp_rasmancs
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\sp global
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\sprotector
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\AskInstallChecker-1_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\AskInstallChecker-1_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\dealio_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\dealio_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\SoftonicDownloader_fuer_audio-recorder-for-free_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\SoftonicDownloader_fuer_audio-recorder-for-free_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\SoftonicDownloader_fuer_power-mp3-recorder(2)_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\SoftonicDownloader_fuer_power-mp3-recorder(2)_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\SoftonicDownloader_fuer_power-sound-editor_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\SoftonicDownloader_fuer_power-sound-editor_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\AskInstallChecker-1_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\AskInstallChecker-1_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\dealio_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\dealio_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\SoftonicDownloader_fuer_audio-recorder-for-free_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\SoftonicDownloader_fuer_audio-recorder-for-free_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\SoftonicDownloader_fuer_power-mp3-recorder(2)_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\SoftonicDownloader_fuer_power-mp3-recorder(2)_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\SoftonicDownloader_fuer_power-sound-editor_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\SoftonicDownloader_fuer_power-sound-editor_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C}



~~~ Files

Successfully deleted: [File] "C:\end"



~~~ Folders

Successfully deleted: [Folder] "C:\ProgramData\softsafe"
Successfully deleted: [Folder] "C:\Users\Daniel\AppData\Roaming\dvdvideosoftiehelpers"
Successfully deleted: [Folder] "C:\Users\Daniel\AppData\Roaming\systweak"
Successfully deleted: [Folder] "C:\Users\Daniel\appdata\local\downtango"
Successfully deleted: [Folder] "C:\Users\Daniel\appdata\locallow\boost_interprocess"
Successfully deleted: [Folder] "C:\Users\Daniel\appdata\locallow\dealio"
Successfully deleted: [Folder] "C:\Users\Daniel\appdata\locallow\search settings"
Successfully deleted: [Folder] "C:\Program Files (x86)\application updater"
Successfully deleted: [Folder] "C:\Program Files (x86)\dealio toolbar"
Failed to delete: [Folder] "C:\Program Files (x86)\Common Files\spigot"



~~~ FireFox

Successfully deleted: [File] C:\Users\Daniel\AppData\Roaming\mozilla\firefox\profiles\lq1ok6po.default\searchplugins\conduit.xml
Failed to delete: [Folder] C:\Users\Daniel\AppData\Roaming\mozilla\firefox\profiles\lq1ok6po.default\extensions\dealio@mybrowserbar.com
Successfully deleted: [Folder] C:\Users\Daniel\AppData\Roaming\mozilla\firefox\profiles\lq1ok6po.default\extensions\{ACAA314B-EEBA-48E4-AD47-84E31C44796C}
Successfully deleted the following from C:\Users\Daniel\AppData\Roaming\mozilla\firefox\profiles\lq1ok6po.default\prefs.js

user_pref("CommunityToolbar.CantToolbarBeEngineOwner", "CT2269050");
user_pref("CommunityToolbar.ETag.hxxp://Settings.toolbar.search.conduit.com/root/CT2269050/CT2269050", "\"1324548390\"");
user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/666138/661999/DE", "\"0\"");
user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/909619/905414/DE", "\"0\"");
user_pref("CommunityToolbar.ETag.hxxp://appsmetadata.toolbar.conduit-services.com/?ctid=CT2269050", "\"1323704474\"");
user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=GottenApps&locale=en", "wVmmvqqOMqrv5xct1cJIHg==");
user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=OtherApps&locale=en", "0uSPYx+Kl2jpu8sJZMeHjw==");
user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=SharedApps&locale=en", "Dclc8oo4TTv7+mAkSlUSWg==");
user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=Toolbar&locale=en", "K4Vqu91uAzWURlxJRdXJOg==");
user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.alert.conduit-services.com/alert/dlg.pkg", "\"07879643d3acc1:0\"");
user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.engine.conduit-services.com/DLG.pkg?ver=3.3.3.2", "\"0652eeacc6cb1:0\"");
user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.3.3.2", "\"0652eeacc6cb1:0\"");
user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.8.1.0", "\"80ee9485875dcc1:0\"");
user_pref("CommunityToolbar.ETag.hxxp://servicemap.conduit-services.com/Toolbar/?ownerId=CT2269050", "\"3e5a4f275840b518b14c5ff3d7391b70\"");
user_pref("CommunityToolbar.ETag.hxxp://settings.engine.conduit-services.com/?browser=FF&lut=0", "634356118310000000");
user_pref("CommunityToolbar.ETag.hxxp://settings.engine.conduit-services.com/?browser=FF&lut=3/13/2011 11:17:11 AM", "634356118310000000");
user_pref("CommunityToolbar.ETag.hxxp://settings.toolbar.search.conduit.com/root/CT2269050/CT2269050", "\"1301832746\"");
user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/Bluenote/equalizer_dead.gif", "\"0a8c48d3330c81:0\"");
user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/Bluenote/minimize.gif", "\"0e2106f3030c81:0\"");
user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/Bluenote/play.gif", "\"0f475394430c81:0\"");
user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/Bluenote/stop.gif", "\"08d9ef44430c81:0\"");
user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/Bluenote/vol.gif", "\"066e8863030c81:0\"");
user_pref("CommunityToolbar.ETag.hxxp://translation.toolbar.conduit-services.com/?locale=en", "\"1d81252562c31be757300e4205a85371\"");
user_pref("CommunityToolbar.EngineOwner", "ConduitEngine");
user_pref("CommunityToolbar.EngineOwnerGuid", "engine@conduit.com");
user_pref("CommunityToolbar.EngineOwnerToolbarId", "conduitengine");
user_pref("CommunityToolbar.IsEngineShown", true);
user_pref("CommunityToolbar.IsMyStuffImportedToEngine", true);
user_pref("CommunityToolbar.LatestLibsPath", "file:///C:\\Users\\Daniel\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\lq1ok6po.default\\conduitCommon\\modules\\3.8.1.0");
user_pref("CommunityToolbar.LatestToolbarVersionInstalled", "3.8.1.0");
user_pref("CommunityToolbar.OriginalEngineOwner", "ConduitEngine");
user_pref("CommunityToolbar.OriginalEngineOwnerGuid", "engine@conduit.com");
user_pref("CommunityToolbar.OriginalEngineOwnerToolbarId", "conduitengine");
user_pref("CommunityToolbar.SearchFromAddressBarSavedUrl", "hxxp://de.search.yahoo.com/search?fr=mcafee&p=");
user_pref("CommunityToolbar.ToolbarsList", "ConduitEngine");
user_pref("CommunityToolbar.ToolbarsList2", "");
user_pref("CommunityToolbar.alert.alertDialogsGetterLastCheckTime", "Sat Apr 02 2011 18:24:06 GMT+0200");
user_pref("CommunityToolbar.alert.alertInfoInterval", 1440);
user_pref("CommunityToolbar.alert.alertInfoLastCheckTime", "Sun Apr 03 2011 19:43:57 GMT+0200");
user_pref("CommunityToolbar.alert.clientsServerUrl", "hxxp://alert.client.conduit.com");
user_pref("CommunityToolbar.alert.locale", "en");
user_pref("CommunityToolbar.alert.loginIntervalMin", 1440);
user_pref("CommunityToolbar.alert.loginLastCheckTime", "Sun Apr 03 2011 18:24:04 GMT+0200");
user_pref("CommunityToolbar.alert.loginLastUpdateTime", "1291048634");
user_pref("CommunityToolbar.alert.messageShowTimeSec", 20);
user_pref("CommunityToolbar.alert.servicesServerUrl", "hxxp://alert.services.conduit.com");
user_pref("CommunityToolbar.alert.showTrayIcon", false);
user_pref("CommunityToolbar.alert.userCloseIntervalMin", 300);
user_pref("CommunityToolbar.alert.userId", "{98bdf956-ee8f-4dba-8245-6c48e9152c87}");
user_pref("CommunityToolbar.globalUserId", "c0193d71-16f3-43db-a352-78912b02d475");
user_pref("CommunityToolbar.isAlertUrlAddedToFeedItemTable", true);
user_pref("CommunityToolbar.isClickActionAddedToFeedItemTable", true);
user_pref("CommunityToolbar.keywordURLSelectedCTID", "CT2269050");
user_pref("CommunityToolbar.notifications.alertDialogsGetterLastCheckTime", "Thu Dec 22 2011 18:15:54 GMT+0100");
user_pref("CommunityToolbar.notifications.alertInfoInterval", 60);
user_pref("CommunityToolbar.notifications.alertInfoLastCheckTime", "Thu Dec 22 2011 18:16:02 GMT+0100");
user_pref("CommunityToolbar.notifications.clientsServerUrl", "hxxp://alert.client.conduit.com");
user_pref("CommunityToolbar.notifications.locale", "en");
user_pref("CommunityToolbar.notifications.loginIntervalMin", 1440);
user_pref("CommunityToolbar.notifications.loginLastCheckTime", "Thu Dec 22 2011 18:15:50 GMT+0100");
user_pref("CommunityToolbar.notifications.loginLastUpdateTime", "1313487611");
user_pref("CommunityToolbar.notifications.messageShowTimeSec", 20);
user_pref("CommunityToolbar.notifications.servicesServerUrl", "hxxp://alert.services.conduit.com");
user_pref("CommunityToolbar.notifications.showTrayIcon", false);
user_pref("CommunityToolbar.notifications.userCloseIntervalMin", 300);
user_pref("CommunityToolbar.notifications.userId", "0cfeca78-eae3-403d-884b-5123e2aad726");
user_pref("ConduitEngine.AppTrackingLastCheckTime", "Sat Apr 02 2011 18:24:17 GMT+0200");
user_pref("ConduitEngine.CTID", "ConduitEngine");
user_pref("ConduitEngine.DialogsGetterLastCheckTime", "Sat Apr 02 2011 18:24:08 GMT+0200");
user_pref("ConduitEngine.FirstServerDate", "04/02/2011 19");
user_pref("ConduitEngine.FirstTime", true);
user_pref("ConduitEngine.FirstTimeFF3", true);
user_pref("ConduitEngine.HasUserGlobalKeys", true);
user_pref("ConduitEngine.Initialize", true);
user_pref("ConduitEngine.InitializeCommonPrefs", true);
user_pref("ConduitEngine.InstalledDate", "Sat Apr 02 2011 18:24:24 GMT+0200");
user_pref("ConduitEngine.IsMulticommunity", false);
user_pref("ConduitEngine.IsOpenThankYouPage", false);
user_pref("ConduitEngine.IsOpenUninstallPage", true);
user_pref("ConduitEngine.LanguagePackLastCheckTime", "Sun Apr 03 2011 18:24:09 GMT+0200");
user_pref("ConduitEngine.LastLogin_3.3.3.2", "Sun Apr 03 2011 18:43:07 GMT+0200");
user_pref("ConduitEngine.SearchFromAddressBarIsInit", true);
user_pref("ConduitEngine.SettingsLastCheckTime", "Sun Apr 03 2011 18:43:07 GMT+0200");
user_pref("ConduitEngine.UserID", "UN56710006099256773");
user_pref("ConduitEngine.componentAlertEnabled", false);
user_pref("ConduitEngine.engineLocale", "de");
user_pref("ConduitEngine.enngineContextMenuLastCheckTime", "Sun Apr 03 2011 18:24:09 GMT+0200");
user_pref("ConduitEngine.globalFirstTimeInfoLastCheckTime", "Sun Apr 03 2011 15:43:07 GMT+0200");
user_pref("ConduitEngine.initDone", true);
user_pref("ConduitEngine.isAppTrackingManagerOn", true);
user_pref("aol_toolbar.default.homepage.check", false);
user_pref("aol_toolbar.default.search.check", false);
user_pref("browser.search.defaulturl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2269050&SearchSource=3&q={searchTerms}");
user_pref("extensions.BabylonToolbar.prtkDS", 0);
user_pref("extensions.BabylonToolbar.prtkHmpg", 0);
user_pref("sweetim.toolbar.previous.browser.search.defaultenginename", "");
user_pref("sweetim.toolbar.previous.browser.search.selectedEngine", "");
user_pref("sweetim.toolbar.previous.browser.startup.homepage", "");
user_pref("sweetim.toolbar.previous.keyword.URL", "");
user_pref("sweetim.toolbar.scripts.1.domain-blacklist", "");
user_pref("sweetim.toolbar.searchguard.UserRejectedGuard_DS", "");
user_pref("sweetim.toolbar.searchguard.UserRejectedGuard_HP", "");
user_pref("sweetim.toolbar.searchguard.enable", "");
Emptied folder: C:\Users\Daniel\AppData\Roaming\mozilla\firefox\profiles\lq1ok6po.default\minidumps [24 files]



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 29.08.2013 at 15:41:31,89
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
FRST

Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 28-08-2013
Ran by Daniel (administrator) on 29-08-2013 15:43:45
Running from C:\Users\Daniel\Desktop
Windows 7 Ultimate Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 10
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(NVIDIA Corporation) C:\PROGRAM FILES\NVIDIA CORPORATION\DISPLAY\NVXDSYNC.EXE
(NVIDIA Corporation) C:\WINDOWS\SYSTEM32\NVVSVC.EXE
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Intel Corporation) C:\Windows\system32\IProsetMonitor.exe
(McAfee, Inc.) C:\PROGRAM FILES\COMMON FILES\MCAFEE\MCSVCHOST\MCSVHOST.EXE
(McAfee, Inc.) C:\WINDOWS\SYSTEM32\MFEVTPS.EXE
(PostgreSQL Global Development Group) C:\Program Files (x86)\PostgreSQL\8.4\bin\pg_ctl.exe
(Crawler.com) C:\Program Files (x86)\Spyware Terminator\st_rsser64.exe
(McAfee, Inc.) C:\PROGRAM FILES\COMMON FILES\MCAFEE\SYSTEMCORE\MCSHIELD.EXE
(McAfee, Inc.) C:\PROGRAM FILES\COMMON FILES\MCAFEE\SYSTEMCORE\MFEFIRE.EXE
(PostgreSQL Global Development Group) C:\PROGRAM FILES (X86)\POSTGRESQL\8.4\BIN\POSTGRES.EXE
(PostgreSQL Global Development Group) C:\PROGRAM FILES (X86)\POSTGRESQL\8.4\BIN\POSTGRES.EXE
(PostgreSQL Global Development Group) C:\PROGRAM FILES (X86)\POSTGRESQL\8.4\BIN\POSTGRES.EXE
(PostgreSQL Global Development Group) C:\Program Files (x86)\PostgreSQL\8.4\bin\postgres.exe
(PostgreSQL Global Development Group) C:\PROGRAM FILES (X86)\POSTGRESQL\8.4\BIN\POSTGRES.EXE
(Crawler.com) C:\PROGRAM FILES (X86)\SPYWARE TERMINATOR\SPYWARETERMINATORSHIELD.EXE
() C:\USERS\DANIEL\LOCAL SETTINGS\APPS\F.LUX\FLUX.EXE
(TrueCrypt Foundation) C:\PROGRAM FILES\TRUECRYPT\TRUECRYPT.EXE
(Crawler.com) C:\PROGRAM FILES (X86)\SPYWARE TERMINATOR\SPYWARETERMINATORUPDATE.EXE
(NVIDIA Corporation) C:\PROGRAM FILES\NVIDIA CORPORATION\DISPLAY\NVTRAY.EXE
(Space Sciences Laboratory) C:\PROGRAM FILES (X86)\BOINC\BOINCMGR.EXE
(Space Sciences Laboratory) C:\PROGRAM FILES (X86)\BOINC\BOINCMGR.EXE
(Space Sciences Laboratory) C:\PROGRAM FILES (X86)\BOINC\BOINCTRAY.EXE
(McAfee, Inc.) C:\PROGRAM FILES\MCAFEE.COM\AGENT\MCAGENT.EXE
(shbox.de) C:\PROGRAM FILES (X86)\FREEPDF_XP\FPASSIST.EXE
() C:\PROGRAM FILES (X86)\DIVX\DIVX UPDATE\DIVXUPDATE.EXE
(Oracle Corporation) C:\PROGRAM FILES (X86)\COMMON FILES\JAVA\JAVA UPDATE\JUSCHED.EXE
(Dropbox, Inc.) C:\USERS\DANIEL\APPDATA\ROAMING\DROPBOX\BIN\DROPBOX.EXE
(Apple Inc.) C:\PROGRAM FILES (X86)\ITUNES\ITUNESHELPER.EXE
(Spigot Inc) C:\PROGRAM FILES (X86)\COMMON FILES\SPIGOT\SEARCH SETTINGS\SEARCHSETTINGS64.EXE
(Space Sciences Laboratory) C:\PROGRAM FILES (X86)\BOINC\BOINC.EXE
(Apple Inc.) C:\PROGRAM FILES\IPOD\BIN\IPODSERVICE.EXE
() C:\PROGRAMDATA\BOINC\PROJECTS\EINSTEIN.PHYS.UWM.EDU\EINSTEIN_S6CASA_1.05_WINDOWS_INTELX86__SSE2.EXE
() C:\PROGRAMDATA\BOINC\PROJECTS\EINSTEIN.PHYS.UWM.EDU\EINSTEIN_S6CASA_1.05_WINDOWS_INTELX86__SSE2.EXE
() C:\PROGRAMDATA\BOINC\PROJECTS\EINSTEIN.PHYS.UWM.EDU\EINSTEIN_S6CASA_1.05_WINDOWS_INTELX86__SSE2.EXE
() C:\PROGRAMDATA\BOINC\PROJECTS\EINSTEIN.PHYS.UWM.EDU\EINSTEIN_S6CASA_1.05_WINDOWS_INTELX86__SSE2.EXE
(McAfee, Inc.) C:\PROGRAM FILES (X86)\MCAFEE ONLINE BACKUP\MOBKBACKUP.EXE
(McAfee, Inc.) C:\PROGRAM FILES (X86)\MCAFEE ONLINE BACKUP\MOBKBACKUP.EXE
(McAfee, Inc.) C:\PROGRAM FILES\MCAFEE\MAT\MCPVTRAY.EXE
(OpenOffice.org) C:\PROGRAM FILES (X86)\OPENOFFICE.ORG 3\PROGRAM\SCALC.EXE
(OpenOffice.org) C:\PROGRAM FILES (X86)\OPENOFFICE.ORG 3\PROGRAM\SOFFICE.EXE
(OpenOffice.org) C:\PROGRAM FILES (X86)\OPENOFFICE.ORG 3\PROGRAM\SOFFICE.BIN
(Microsoft Corporation) C:\WINDOWS\SPLWOW64.EXE
() C:\PROGRAM FILES (X86)\POKERSTRATEGY.COM\POKERSTRATEGY.COM EQUILAB - OMAHA\OMAHAEQUILAB.EXE
() C:\PROGRAM FILES\PPTODDSORACLE\PPT ODDS ORACLE.EXE
() C:\PROGRAMDATA\BOINC\PROJECTS\EINSTEIN.PHYS.UWM.EDU\EINSTEIN_S6CASA_1.05_WINDOWS_INTELX86__SSE2.EXE
(PokerStars) C:\PROGRAM FILES (X86)\POKERSTARS\POKERSTARS.EXE
(Hold'em Manager) C:\PROGRAM FILES (X86)\RVG SOFTWARE\HOLDEM MANAGER\HOLDEMMANAGER.EXE
(PostgreSQL Global Development Group) C:\PROGRAM FILES (X86)\POSTGRESQL\8.4\BIN\POSTGRES.EXE
(Hold'em Manager) C:\PROGRAM FILES (X86)\RVG SOFTWARE\HOLDEM MANAGER\HMIMPORT.EXE
(PostgreSQL Global Development Group) C:\PROGRAM FILES (X86)\POSTGRESQL\8.4\BIN\POSTGRES.EXE
() C:\PROGRAMDATA\BOINC\PROJECTS\EINSTEIN.PHYS.UWM.EDU\EINSTEINBINARY_BRP5_1.39_WINDOWS_INTELX86__BRP5-CUDA32-NV301.EXE
() C:\PROGRAMDATA\BOINC\PROJECTS\EINSTEIN.PHYS.UWM.EDU\EINSTEIN_S6CASA_1.05_WINDOWS_INTELX86__SSE2.EXE
(Microsoft Corporation) C:\WINDOWS\SYSTEM32\TASKMGR.EXE
(Google Inc.) C:\USERS\DANIEL\APPDATA\LOCAL\GOOGLE\CHROME\APPLICATION\CHROME.EXE
(Google Inc.) C:\USERS\DANIEL\APPDATA\LOCAL\GOOGLE\CHROME\APPLICATION\CHROME.EXE
(Google Inc.) C:\USERS\DANIEL\APPDATA\LOCAL\GOOGLE\CHROME\APPLICATION\CHROME.EXE
(Google Inc.) C:\USERS\DANIEL\APPDATA\LOCAL\GOOGLE\CHROME\APPLICATION\CHROME.EXE
(Google Inc.) C:\USERS\DANIEL\APPDATA\LOCAL\GOOGLE\CHROME\APPLICATION\CHROME.EXE
(Google Inc.) C:\USERS\DANIEL\APPDATA\LOCAL\GOOGLE\CHROME\APPLICATION\CHROME.EXE
(Google Inc.) C:\USERS\DANIEL\APPDATA\LOCAL\GOOGLE\CHROME\APPLICATION\CHROME.EXE
(Google Inc.) C:\USERS\DANIEL\APPDATA\LOCAL\GOOGLE\CHROME\APPLICATION\CHROME.EXE
(Google Inc.) C:\USERS\DANIEL\APPDATA\LOCAL\GOOGLE\CHROME\APPLICATION\CHROME.EXE
(Google Inc.) C:\USERS\DANIEL\APPDATA\LOCAL\GOOGLE\CHROME\APPLICATION\CHROME.EXE
(Google Inc.) C:\USERS\DANIEL\APPDATA\LOCAL\GOOGLE\CHROME\APPLICATION\CHROME.EXE
(Google Inc.) C:\USERS\DANIEL\APPDATA\LOCAL\GOOGLE\CHROME\APPLICATION\CHROME.EXE
(Google Inc.) C:\USERS\DANIEL\APPDATA\LOCAL\GOOGLE\CHROME\APPLICATION\CHROME.EXE
(Microsoft Corporation) C:\PROGRAM FILES\WINDOWS DEFENDER\MPCMDRUN.EXE

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [Logitech Download Assistant] - C:\Windows\System32\LogiLDA.dll [1580368 2010-11-03] (Logitech, Inc.)
HKLM\...\Run: [SpywareTerminatorShield] - C:\Program Files (x86)\Spyware Terminator\SpywareTerminatorShield.exe [2777736 2013-02-12] (Crawler.com)
HKLM\...\Run: [SpywareTerminatorUpdater] - C:\Program Files (x86)\Spyware Terminator\SpywareTerminatorUpdate.exe [3684488 2013-04-03] (Crawler.com)
HKLM-x32\...\RunOnce: [ Malwarebytes Anti-Malware ] - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent [532040 2013-04-04] (Malwarebytes Corporation)
HKLM-x32\...\RunOnce: [ Malwarebytes Anti-Malware  (cleanup)] - rundll32.exe "C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware\cleanup.dll",ProcessCleanupScript [1127496 2013-04-04] (Malwarebytes Corporation)
HKCU\...\Run: [Google Update] - C:\Users\Daniel\AppData\Local\Google\Update\GoogleUpdate.exe [136176 2011-02-02] (Google Inc.)
HKCU\...\Run: [F.lux] - C:\Users\Daniel\Local Settings\Apps\F.lux\flux.exe [966656 2009-08-29] ()
HKCU\...\Run: [TrueCrypt] - C:\Program Files\TrueCrypt\TrueCrypt.exe [1517520 2011-12-30] (TrueCrypt Foundation)
HKCU\...\Run: [MobileDocuments] - C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe [x]
HKCU\...\Run: [Skype] - C:\Program Files (x86)\Skype\Phone\Skype.exe [19875432 2013-06-21] (Skype Technologies S.A.)
MountPoints2: {8c4fcc91-7951-11df-ae5b-806e6f6e6963} - E:\Setup.exe
MountPoints2: {c1760b35-3519-11e0-ad2e-002268685223} - J:\setup.exe AUTORUN=1
HKLM-x32\...\Run: [AppleSyncNotifier] - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe [59240 2011-09-27] (Apple Inc.)
HKLM-x32\...\Run: [boincmgr] - C:\Program Files (x86)\BOINC\boincmgr.exe [4862720 2010-07-01] (Space Sciences Laboratory)
HKLM-x32\...\Run: [boinctray] - C:\Program Files (x86)\BOINC\boinctray.exe [58112 2010-07-01] (Space Sciences Laboratory)
HKLM-x32\...\Run: [mcui_exe] - C:\Program Files\McAfee.com\Agent\mcagent.exe [1535112 2012-09-12] (McAfee, Inc.)
HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
HKLM-x32\...\Run: [FreePDF Assistant] - C:\Program Files (x86)\FreePDF_XP\fpassist.exe [371200 2011-02-23] (shbox.de)
HKLM-x32\...\Run: [DivXMediaServer] - C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe [450560 2012-11-13] ()
HKLM-x32\...\Run: [DivXUpdate] - C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe [1263512 2012-11-01] ()
HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [253816 2013-03-12] (Oracle Corporation)
HKLM-x32\...\Run: [QuickTime Task] - C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2013-05-01] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] - C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2013-05-31] (Apple Inc.)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-05-11] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [] -  [x]
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\web'n'walk Manager.lnk
ShortcutTarget: web'n'walk Manager.lnk -> C:\Program Files (x86)\T-Mobile\web'n'walk Manager\web'n'walk Manager.exe (No File)
Startup: C:\Users\Daniel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\BOINC Manager.lnk
ShortcutTarget: BOINC Manager.lnk -> C:\Program Files (x86)\BOINC\boincmgr.exe (Space Sciences Laboratory)
Startup: C:\Users\Daniel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Daniel\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
URLSearchHook: (No Name) - {01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C} -  No File
URLSearchHook: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~2\mcafee\SITEAD~1\x64\mcieplg.dll (McAfee, Inc.)
SearchScopes: HKCU - DefaultScope {5127137B-B71D-479F-9AE8-BAEB052E7037} URL = hxxp://de.search.yahoo.com/search?fr=mcafee&p={SearchTerms}
SearchScopes: HKCU - {355C7709-2685-407E-87C9-74E60F82A503} URL = hxxp://de.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=867034&p={searchTerms}
SearchScopes: HKCU - {5127137B-B71D-479F-9AE8-BAEB052E7037} URL = hxxp://de.search.yahoo.com/search?fr=mcafee&p={SearchTerms}
BHO: McAfee Phishing Filter - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\PROGRA~1\mcafee\msk\MSKAPB~1.DLL No File
BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~2\mcafee\SITEAD~1\x64\mcieplg.dll (McAfee, Inc.)
BHO-x32: McAfee Phishing Filter - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\progra~1\mcafee\msk\mskapbho.dll No File
BHO-x32: DivX Plus Web Player HTML5 <video> - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll (McAfee, Inc.)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~2\mcafee\SITEAD~1\x64\mcieplg.dll (McAfee, Inc.)
Toolbar: HKLM-x32 - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll (McAfee, Inc.)
Toolbar: HKLM-x32 - Dealio Toolbar - {01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C} - C:\Program Files (x86)\Dealio Toolbar\IE\7.4\dealioToolbarIE.dll No File
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\x64\mcieplg.dll (McAfee, Inc.)
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\x64\mcieplg.dll (McAfee, Inc.)
Handler-x32: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll (McAfee, Inc.)
Handler-x32: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll (McAfee, Inc.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\PROGRA~1\mcafee\msc\MCSNIE~1.DLL (McAfee, Inc.)
Filter-x32: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\progra~2\mcafee\msc\mcsniepl.dll (McAfee, Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1

FireFox:
========
FF ProfilePath: C:\Users\Daniel\AppData\Roaming\Mozilla\Firefox\Profiles\lq1ok6po.default
FF SelectedSearchEngine: Sichere Suche
FF Homepage: hxxp://www.groupon.de/deals/dresden|hxxp://de.pokerstrategy.com
FF Keyword.URL: hxxp://de.search.yahoo.com/search?fr=mcafee&p=
FF NetworkProxy: "http", "174.137.150.197"
FF NetworkProxy: "http_port", 8080
FF NetworkProxy: "socks_remote_dns", true
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_8_800_94.dll ()
FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 - C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin: @mcafee.com/MSC,version=10 - c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_94.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @divx.com/DivX Browser Plugin,version=1.0.0 - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF Plugin-x32: @divx.com/DivX VOD Helper,version=1.0.0 - C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin-x32: @garmin.com/GpsControl - C:\Program Files (x86)\Garmin GPS Plugin\npGarmin.dll (GARMIN Corp.)
FF Plugin-x32: @java.com/DTPlugin,version=10.25.2 - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.25.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @mcafee.com/MSC,version=10 - c:\progra~2\mcafee\msc\npmcsn~1.dll ()
FF Plugin-x32: @mcafee.com/SAFFPlugin - C:\Program Files (x86)\McAfee\SiteAdvisor\npmcffplg32.dll (McAfee, Inc.)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @videolan.org/vlc,version=2.0.1 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=3 - C:\Users\Daniel\AppData\Local\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=9 - C:\Users\Daniel\AppData\Local\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\McSiteAdvisor.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
FF Extension: No Name - C:\Users\Daniel\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
FF Extension: FoxyProxy Basic - C:\Users\Daniel\AppData\Roaming\Mozilla\Firefox\Profiles\lq1ok6po.default\Extensions\foxyproxy@eric.h.jung
FF Extension: ProxTube - Gesperrte YouTube Videos entsperren - C:\Users\Daniel\AppData\Roaming\Mozilla\Firefox\Profiles\lq1ok6po.default\Extensions\ich@maltegoetz.de
FF Extension: Breowsse2isavee - C:\Users\Daniel\AppData\Roaming\Mozilla\Firefox\Profiles\lq1ok6po.default\Extensions\lwqaioa@avkwzs.edu
FF Extension: Browwsse2saVee - C:\Users\Daniel\AppData\Roaming\Mozilla\Firefox\Profiles\lq1ok6po.default\Extensions\mhglg2ji5l@zvvl-vr.co.uk
FF Extension: Cooliris - C:\Users\Daniel\AppData\Roaming\Mozilla\Firefox\Profiles\lq1ok6po.default\Extensions\piclens@cooliris.com
FF Extension: CookieSafe - C:\Users\Daniel\AppData\Roaming\Mozilla\Firefox\Profiles\lq1ok6po.default\Extensions\{9D23D0AA-D8F5-11DA-B3FC-0928ABF316DD}
FF Extension: WOT - C:\Users\Daniel\AppData\Roaming\Mozilla\Firefox\Profiles\lq1ok6po.default\Extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
FF Extension: DownloadHelper - C:\Users\Daniel\AppData\Roaming\Mozilla\Firefox\Profiles\lq1ok6po.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
FF Extension: dealio - C:\Users\Daniel\AppData\Roaming\Mozilla\Firefox\Profiles\lq1ok6po.default\Extensions\dealio@mybrowserbar.com
FF Extension: No Name - C:\Users\Daniel\AppData\Roaming\Mozilla\Firefox\Profiles\lq1ok6po.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
FF Extension: No Name - C:\Users\Daniel\AppData\Roaming\Mozilla\Firefox\Profiles\lq1ok6po.default\Extensions\{ef4e370e-d9f0-4e00-b93e-a4f274cfdd5a}.xpi
FF Extension: Default - C:\Program Files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}
FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}
FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}
FF HKLM-x32\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] C:\Program Files (x86)\McAfee\SiteAdvisor
FF Extension: McAfee SiteAdvisor - C:\Program Files (x86)\McAfee\SiteAdvisor
FF HKLM-x32\...\Firefox\Extensions: [{23fcfd51-4958-4f00-80a3-ae97e717ed8b}] C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5
FF Extension: DivX Plus Web Player HTML5 &lt;video&gt; - C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5
FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] C:\Program Files\McAfee\MSK
FF Extension: McAfee Anti-Spam Thunderbird Extension - C:\Program Files\McAfee\MSK

Chrome: 
=======
CHR HomePage: hxxp://www.groupon.de/deals/dresden
CHR RestoreOnStartup: ""
CHR DefaultSearchURL: (Google) - {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding}
CHR DefaultSuggestURL: (Google) - {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}sugkey={google:suggestAPIKeyParameter}
CHR Plugin: (Remoting Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Users\Daniel\AppData\Local\Google\Chrome\Application\29.0.1547.62\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Users\Daniel\AppData\Local\Google\Chrome\Application\29.0.1547.62\pdf.dll ()
CHR Plugin: (Shockwave Flash) - C:\Users\Daniel\AppData\Local\Google\Chrome\Application\29.0.1547.62\gcswf32.dll No File
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll No File
CHR Plugin: (McAfee SiteAdvisor) - C:\Users\Daniel\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho\3.41.123.2_0\McChPlg.dll No File
CHR Plugin: (McAfee SiteAdvisor) - C:\Program Files (x86)\McAfee\SiteAdvisor\npmcffplg32.dll (McAfee, Inc.)
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll No File
CHR Plugin: (Microsoft\u00AE Windows Media Player Firefox Plugin) - C:\Program Files (x86)\Mozilla Firefox\plugins\np-mswmp.dll (Microsoft Corporation)
CHR Plugin: (Java Deployment Toolkit 6.0.310.5) - C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll No File
CHR Plugin: (Java(TM) Platform SE 6 U31) - C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll No File
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin6.dll No File
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin7.dll No File
CHR Plugin: (DivX VOD Helper Plug-in) - C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
CHR Plugin: (DivX Web Player) - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
CHR Plugin: (Silverlight Plug-In) - C:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll No File
CHR Plugin: (NVIDIA 3D Vision) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
CHR Plugin: (NVIDIA 3D VISION) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
CHR Plugin: (VLC Web Plugin) - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
CHR Plugin: (iTunes Application Detector) - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
CHR Plugin: (Google Update) - C:\Users\Daniel\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll No File
CHR Plugin: (McAfee SecurityCenter) - c:\progra~2\mcafee\msc\npmcsn~1.dll ()
CHR Extension: (ProxTube) - C:\Users\Daniel\AppData\Local\Google\Chrome\User Data\Default\Extensions\aakchaleigkohafkfjfjbblobjifikek\1.2.4_0
CHR Extension: (Adblock Plus) - C:\Users\Daniel\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.5.4_0
CHR Extension: (Grooveshark Germany unlocker) - C:\Users\Daniel\AppData\Local\Google\Chrome\User Data\Default\Extensions\docdgimmdejoiemdafcgeodchlbllgac\2.3.4_0
CHR Extension: (ICE Quick Stream) - C:\Users\Daniel\AppData\Local\Google\Chrome\User Data\Default\Extensions\dpioikmjnfipgphjldakcaocbbpnfabl\6.1_0
CHR Extension: (SiteAdvisor) - C:\Users\Daniel\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho\3.6.3.1241_0
CHR Extension: (AT_ChuckAnderson) - C:\Users\Daniel\AppData\Local\Google\Chrome\User Data\Default\Extensions\gegkoiakifeoejnjkbnnojkkdoegeofp\3_0
CHR Extension: (Chrome In-App Payments service) - C:\Users\Daniel\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.4.10_0
CHR Extension: (DivX Plus Web Player HTML5 \u003Cvideo\u003E) - C:\Users\Daniel\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.2.145_0
CHR Extension: (NotScripts) - C:\Users\Daniel\AppData\Local\Google\Chrome\User Data\Default\Extensions\odjhifogjcknibkahlpidmdajjpkkcfn\0.9.6_0
CHR HKLM-x32\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files (x86)\McAfee\SiteAdvisor\McChPlg.crx
CHR HKLM-x32\...\Chrome\Extension: [nneajnkjbffgblleaoojgaacokifdkhm] - C:\Program Files (x86)\DivX\DivX Plus Web Player\chrome\DivXHTML5\DivXHTML5.crx

==================== Services (Whitelisted) =================

R2 McAfee SiteAdvisor Service; C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [201304 2012-08-31] (McAfee, Inc.)
R2 McMPFSvc; C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [201304 2012-08-31] (McAfee, Inc.)
R2 mcmscsvc; C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [201304 2012-08-31] (McAfee, Inc.)
R2 McNaiAnn; C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [201304 2012-08-31] (McAfee, Inc.)
R2 McNASvc; C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [201304 2012-08-31] (McAfee, Inc.)
S3 McODS; C:\Program Files\McAfee\VirusScan\mcods.exe [383608 2012-09-10] (McAfee, Inc.)
R2 McProxy; C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [201304 2012-08-31] (McAfee, Inc.)
R2 McShield; C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe [237920 2012-06-22] (McAfee, Inc.)
R2 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [218320 2012-06-22] (McAfee, Inc.)
R2 mfevtp; C:\Windows\system32\mfevtps.exe [177144 2012-06-22] (McAfee, Inc.)
R2 MOBKbackup; C:\Program Files (x86)\McAfee Online Backup\MOBKbackup.exe [231224 2010-04-13] (McAfee, Inc.)
R2 MSK80Service; C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [201304 2012-08-31] (McAfee, Inc.)
R2 ST2012_Svc; C:\Program Files (x86)\Spyware Terminator\st_rsser64.exe [1149104 2013-02-12] (Crawler.com)
S3 aspnet_state; %SystemRoot%\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [x]
R2 postgresql-8.4; C:/Program Files (x86)/PostgreSQL/8.4/bin/pg_ctl.exe runservice -N "postgresql-8.4" -D "C:/Program Files (x86)/PostgreSQL/8.4/data" -w [x]

==================== Drivers (Whitelisted) ====================

R3 cfwids; C:\Windows\System32\drivers\cfwids.sys [69672 2012-06-22] (McAfee, Inc.)
S3 GT72NDISIPXP; C:\Windows\System32\DRIVERS\Gt51Ip.sys [124416 2007-11-13] (Option N.V.)
S3 GT72UBUS; C:\Windows\System32\DRIVERS\gt72ubus.sys [80896 2007-10-09] (Option N.V.)
S3 GTPTSER; C:\Windows\System32\DRIVERS\gtptser.sys [10624 2007-03-30] (Option N.V.)
S3 HipShieldK; C:\Windows\System32\drivers\HipShieldK.sys [196440 2012-04-20] (McAfee, Inc.)
R0 McPvDrv; C:\Windows\System32\drivers\McPvDrv.sys [73096 2012-09-14] (McAfee, Inc.)
R3 mfeapfk; C:\Windows\System32\drivers\mfeapfk.sys [169320 2012-06-22] (McAfee, Inc.)
R3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [300392 2012-06-22] (McAfee, Inc.)
R3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [513456 2012-06-22] (McAfee, Inc.)
R0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [752672 2012-06-22] (McAfee, Inc.)
S3 mferkdet; C:\Windows\System32\drivers\mferkdet.sys [106112 2012-06-22] (McAfee, Inc.)
R0 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [335784 2012-06-22] (McAfee, Inc.)
R1 MOBKFilter; C:\Windows\System32\DRIVERS\MOBK.sys [66040 2010-04-13] (Mozy, Inc.)
R0 speedfan; C:\Windows\SysWow64\speedfan.sys [14104 2007-02-07] (Windows (R) Server 2003 DDK provider)
R0 speedfan; C:\Windows\SysWow64\speedfan.sys [14104 2007-02-07] (Windows (R) Server 2003 DDK provider)
R2 sp_rsdrv2; C:\Windows\System32\DRIVERS\stflt.sys [51496 2013-03-20] (Windows (R) Win 7 DDK provider)
U3 mfeavfk01; No ImagePath
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [x]
S3 tsusbhub; system32\drivers\tsusbhub.sys [x]
S3 VGPU; System32\drivers\rdvgkmd.sys [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-08-29 15:41 - 2013-08-29 15:41 - 00015446 _____ C:\Users\Daniel\Desktop\JRT.txt
2013-08-29 15:32 - 2013-08-29 15:32 - 00000000 ____D C:\Windows\ERUNT
2013-08-29 15:22 - 2013-08-29 15:22 - 01579080 _____ (Farbar) C:\Users\Daniel\Desktop\FRST64.exe
2013-08-29 15:22 - 2013-08-29 15:22 - 01023533 _____ (Thisisu) C:\Users\Daniel\Desktop\JRT.exe
2013-08-29 15:14 - 2013-08-29 15:14 - 00000000 ____D C:\Users\Daniel\AppData\Roaming\Malwarebytes
2013-08-29 15:13 - 2013-08-29 15:13 - 00001073 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2013-08-29 15:13 - 2013-08-29 15:13 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-08-29 15:13 - 2013-08-29 15:13 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-08-29 15:13 - 2013-04-04 14:50 - 00025928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2013-08-29 15:12 - 2013-08-29 15:12 - 10285040 _____ (Malwarebytes Corporation                                    ) C:\Users\Daniel\Desktop\mbam-setup-1.75.0.1300.exe
2013-08-29 11:20 - 2013-08-29 12:20 - 00000119 ____H C:\Users\Daniel\Desktop\.~lock.Equity.ods#
2013-08-27 11:10 - 2013-08-27 12:12 - 00010437 _____ C:\Users\Daniel\Desktop\todoSchach.odt
2013-08-14 09:09 - 2013-07-26 07:13 - 02241024 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-08-14 09:09 - 2013-07-26 07:13 - 01365504 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-08-14 09:09 - 2013-07-26 07:13 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-08-14 09:09 - 2013-07-26 07:12 - 19239424 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-08-14 09:09 - 2013-07-26 07:12 - 15405056 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-08-14 09:09 - 2013-07-26 07:12 - 03958784 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-08-14 09:09 - 2013-07-26 07:12 - 02647040 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-08-14 09:09 - 2013-07-26 07:12 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-08-14 09:09 - 2013-07-26 07:12 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-08-14 09:09 - 2013-07-26 07:12 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-08-14 09:09 - 2013-07-26 07:12 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2013-08-14 09:09 - 2013-07-26 07:12 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-08-14 09:09 - 2013-07-26 07:12 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-08-14 09:09 - 2013-07-26 07:12 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-08-14 09:09 - 2013-07-26 05:35 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-08-14 09:09 - 2013-07-26 05:13 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-08-14 09:09 - 2013-07-26 05:13 - 01141248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-08-14 09:09 - 2013-07-26 05:12 - 14329344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-08-14 09:09 - 2013-07-26 05:12 - 02877440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-08-14 09:09 - 2013-07-26 05:12 - 02048512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-08-14 09:09 - 2013-07-26 05:12 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-08-14 09:09 - 2013-07-26 05:12 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-08-14 09:09 - 2013-07-26 05:12 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-08-14 09:09 - 2013-07-26 05:12 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-08-14 09:09 - 2013-07-26 05:12 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-08-14 09:09 - 2013-07-26 05:12 - 00039936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-08-14 09:09 - 2013-07-26 05:11 - 13761024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-08-14 09:09 - 2013-07-26 05:11 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-08-14 09:09 - 2013-07-26 04:49 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-08-14 09:09 - 2013-07-26 04:39 - 00089600 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2013-08-14 09:09 - 2013-07-26 03:59 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-08-14 07:52 - 2013-07-09 07:52 - 00224256 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
2013-08-14 07:52 - 2013-07-09 07:46 - 01472512 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2013-08-14 07:52 - 2013-07-09 07:46 - 00184320 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
2013-08-14 07:52 - 2013-07-09 07:46 - 00139776 _____ (Microsoft Corporation) C:\Windows\system32\cryptnet.dll
2013-08-14 07:52 - 2013-07-09 06:52 - 00175104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
2013-08-14 07:52 - 2013-07-09 06:46 - 01166848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2013-08-14 07:52 - 2013-07-09 06:46 - 00140288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2013-08-14 07:52 - 2013-07-09 06:46 - 00103936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
2013-08-14 07:51 - 2013-07-19 03:58 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2013-08-14 07:51 - 2013-07-19 03:41 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2013-08-14 07:50 - 2013-07-25 11:25 - 01888768 _____ (Microsoft Corporation) C:\Windows\system32\WMVDECOD.DLL
2013-08-14 07:50 - 2013-07-25 10:57 - 01620992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVDECOD.DLL
2013-08-14 07:50 - 2013-07-09 08:03 - 05550528 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2013-08-14 07:50 - 2013-07-09 07:54 - 01732032 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2013-08-14 07:50 - 2013-07-09 07:53 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2013-08-14 07:50 - 2013-07-09 07:51 - 01217024 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2013-08-14 07:50 - 2013-07-09 07:03 - 03968960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2013-08-14 07:50 - 2013-07-09 07:03 - 03913664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2013-08-14 07:50 - 2013-07-09 06:53 - 01292192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2013-08-14 07:50 - 2013-07-09 06:52 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2013-08-14 07:50 - 2013-07-09 06:52 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2013-08-14 07:50 - 2013-07-09 04:49 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2013-08-14 07:50 - 2013-07-09 04:49 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2013-08-14 07:50 - 2013-07-09 04:49 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2013-08-14 07:50 - 2013-07-09 04:49 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2013-08-14 07:50 - 2013-07-06 08:03 - 01910208 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2013-08-14 07:50 - 2013-06-15 06:35 - 01111552 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll
2013-08-14 07:50 - 2013-06-15 06:32 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tssecsrv.sys
2013-08-06 09:30 - 2013-08-06 09:30 - 00001979 _____ C:\Users\Public\Desktop\Adobe Reader XI.lnk
2013-08-06 09:30 - 2013-08-06 09:30 - 00000000 ____D C:\Program Files (x86)\Adobe

==================== One Month Modified Files and Folders =======

2013-08-29 15:43 - 2013-08-29 15:43 - 00000000 ____D C:\FRST
2013-08-29 15:42 - 2011-02-02 19:52 - 00000000 ____D C:\ProgramData\BOINC
2013-08-29 15:41 - 2013-08-29 15:41 - 00015446 _____ C:\Users\Daniel\Desktop\JRT.txt
2013-08-29 15:37 - 2012-10-09 10:57 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-08-29 15:32 - 2013-08-29 15:32 - 00000000 ____D C:\Windows\ERUNT
2013-08-29 15:31 - 2013-03-20 10:29 - 00000000 ____D C:\ProgramData\Breowsse2isavee
2013-08-29 15:31 - 2013-03-01 11:28 - 00000000 ____D C:\ProgramData\Browwsse2saVee
2013-08-29 15:24 - 2010-07-09 15:01 - 00000000 ____D C:\Users\Daniel\AppData\Roaming\Skype
2013-08-29 15:22 - 2013-08-29 15:22 - 01579080 _____ (Farbar) C:\Users\Daniel\Desktop\FRST64.exe
2013-08-29 15:22 - 2013-08-29 15:22 - 01023533 _____ (Thisisu) C:\Users\Daniel\Desktop\JRT.exe
2013-08-29 15:14 - 2013-08-29 15:14 - 00000000 ____D C:\Users\Daniel\AppData\Roaming\Malwarebytes
2013-08-29 15:13 - 2013-08-29 15:13 - 00001073 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2013-08-29 15:13 - 2013-08-29 15:13 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-08-29 15:13 - 2013-08-29 15:13 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-08-29 15:12 - 2013-08-29 15:12 - 10285040 _____ (Malwarebytes Corporation                                    ) C:\Users\Daniel\Desktop\mbam-setup-1.75.0.1300.exe
2013-08-29 14:54 - 2009-07-14 19:58 - 00664618 _____ C:\Windows\system32\perfh007.dat
2013-08-29 14:54 - 2009-07-14 19:58 - 00134786 _____ C:\Windows\system32\perfc007.dat
2013-08-29 14:54 - 2009-07-14 07:13 - 01527868 _____ C:\Windows\system32\PerfStringBackup.INI
2013-08-29 14:49 - 2010-06-16 16:19 - 01792699 _____ C:\Windows\WindowsUpdate.log
2013-08-29 14:45 - 2011-02-02 01:34 - 00001124 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3367036293-2228256684-2732229916-1001UA.job
2013-08-29 13:41 - 2010-06-16 17:40 - 00000000 ____D C:\Users\Daniel\AppData\Local\PokerStars.EU
2013-08-29 12:20 - 2013-08-29 11:20 - 00000119 ____H C:\Users\Daniel\Desktop\.~lock.Equity.ods#
2013-08-29 12:20 - 2012-07-24 13:29 - 00027883 _____ C:\Users\Daniel\Desktop\Equity.ods
2013-08-29 12:20 - 2012-01-13 16:06 - 00313856 ___SH C:\Users\Daniel\Desktop\Thumbs.db
2013-08-29 10:50 - 2013-03-20 10:45 - 00000000 ____D C:\ProgramData\Spyware Terminator
2013-08-29 09:52 - 2009-07-14 06:51 - 00144155 _____ C:\Windows\setupact.log
2013-08-29 09:52 - 2009-07-14 06:45 - 00014608 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-08-29 09:52 - 2009-07-14 06:45 - 00014608 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-08-29 09:51 - 2012-11-29 13:24 - 00000000 ___RD C:\Users\Daniel\Dropbox
2013-08-29 09:51 - 2012-11-29 13:20 - 00000000 ____D C:\Users\Daniel\AppData\Roaming\Dropbox
2013-08-29 09:45 - 2010-06-16 16:27 - 00000000 ____D C:\ProgramData\NVIDIA
2013-08-29 09:45 - 2009-07-14 07:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-08-28 22:20 - 2013-05-30 21:47 - 00017130 _____ C:\Users\Daniel\Desktop\Serien.ods
2013-08-28 10:35 - 2010-06-16 17:19 - 00000000 ____D C:\Users\postgres
2013-08-27 12:12 - 2013-08-27 11:10 - 00010437 _____ C:\Users\Daniel\Desktop\todoSchach.odt
2013-08-27 09:45 - 2011-02-02 01:34 - 00001072 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3367036293-2228256684-2732229916-1001Core.job
2013-08-26 10:43 - 2013-07-29 10:27 - 00021455 _____ C:\Users\Daniel\Desktop\PLO Secrets.odt
2013-08-23 09:19 - 2010-06-16 16:39 - 00000000 ____D C:\Program Files (x86)\McAfee
2013-08-23 09:18 - 2010-06-16 16:46 - 00087368 _____ C:\Windows\PFRO.log
2013-08-21 14:38 - 2012-10-09 10:57 - 00692104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-08-21 14:38 - 2012-10-09 10:57 - 00003822 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2013-08-21 14:38 - 2011-06-17 19:05 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-08-14 20:40 - 2010-06-17 23:56 - 00000000 ____D C:\ProgramData\Adobe
2013-08-14 20:39 - 2010-06-16 17:15 - 00000000 ____D C:\Users\Daniel\AppData\Roaming\Adobe
2013-08-14 16:54 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\rescache
2013-08-14 09:05 - 2013-07-26 01:33 - 00000000 ____D C:\Windows\system32\MRT
2013-08-14 09:03 - 2010-06-25 10:13 - 78161360 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2013-08-06 09:30 - 2013-08-06 09:30 - 00001979 _____ C:\Users\Public\Desktop\Adobe Reader XI.lnk
2013-08-06 09:30 - 2013-08-06 09:30 - 00000000 ____D C:\Program Files (x86)\Adobe
2013-08-06 09:29 - 2010-06-17 23:57 - 00000000 ____D C:\Users\Daniel\AppData\Local\Adobe

Files to move or delete:
====================
C:\Users\Daniel\AppData\Local\Temp\DivXSetup.exe
C:\Users\Daniel\AppData\Local\Temp\DWPUpgradeInstaller.exe
C:\Users\Daniel\AppData\Local\Temp\FP_AX_MSI_INSTALLER.exe
C:\Users\Daniel\AppData\Local\Temp\FP_PL_PFS_INSTALLER.exe
C:\Users\Daniel\AppData\Local\Temp\GUR79EF.exe
C:\Users\Daniel\AppData\Local\Temp\i4jdel0.exe
C:\Users\Daniel\AppData\Local\Temp\jre-6u21-windows-i586-iftw-rv.exe
C:\Users\Daniel\AppData\Local\Temp\jre-6u22-windows-i586-iftw-rv.exe
C:\Users\Daniel\AppData\Local\Temp\jre-6u23-windows-i586-iftw-rv.exe
C:\Users\Daniel\AppData\Local\Temp\jre-6u24-windows-i586-iftw-rv.exe
C:\Users\Daniel\AppData\Local\Temp\jre-6u26-windows-i586-iftw-rv.exe
C:\Users\Daniel\AppData\Local\Temp\jre-6u29-windows-i586-iftw-rv.exe
C:\Users\Daniel\AppData\Local\Temp\jre-6u31-windows-i586-iftw-rv.exe
C:\Users\Daniel\AppData\Local\Temp\jre-6u33-windows-i586-iftw.exe
C:\Users\Daniel\AppData\Local\Temp\jre-6u35-windows-i586-iftw.exe
C:\Users\Daniel\AppData\Local\Temp\jre-6u37-windows-i586-iftw.exe
C:\Users\Daniel\AppData\Local\Temp\jre-6u39-windows-i586-iftw.exe
C:\Users\Daniel\AppData\Local\Temp\jre-7u15-windows-i586-iftw.exe
C:\Users\Daniel\AppData\Local\Temp\jre-7u17-windows-i586-iftw.exe
C:\Users\Daniel\AppData\Local\Temp\jre-7u21-windows-i586-iftw.exe
C:\Users\Daniel\AppData\Local\Temp\jre-7u25-windows-i586-iftw.exe
C:\Users\Daniel\AppData\Local\Temp\pPokerSetup.exe
C:\Users\Daniel\AppData\Local\Temp\sfamcc00001.dll
C:\Users\Daniel\AppData\Local\Temp\sfextra.dll
C:\Users\Daniel\AppData\Local\Temp\SkypeSetup.exe
C:\Users\Daniel\AppData\Local\Temp\xmlUpdater.exe
C:\Users\Daniel\AppData\Local\Temp\_is49DD.exe
C:\Users\Daniel\AppData\Local\Temp\_unps.exe
C:\Users\Daniel\AppData\Local\Temp\{BB1214EA-9771-4DED-BAAA-A8CBC792DDF5}\Setup.exe
C:\Users\Daniel\AppData\Local\Temp\{AF98C74B-2493-4DE7-9181-00F07BD169C0}\Setup.exe
C:\Users\Daniel\AppData\Local\Temp\{A89475E1-BB25-4A53-BEC0-BD9320A46058}\Setup.exe
C:\Users\Daniel\AppData\Local\Temp\{852472F5-D569-42B3-9033-60C4AA5D3683}\ISSetup.dll
C:\Users\Daniel\AppData\Local\Temp\{852472F5-D569-42B3-9033-60C4AA5D3683}\_Setup.dll
C:\Users\Daniel\AppData\Local\Temp\{1027B3D7-2454-4773-B4A7-2825860547D9}\ISBEW64.exe
C:\Users\Daniel\AppData\Local\Temp\Temp1_Houdini_15a.zip\Houdini_15a_x64.exe
C:\Users\Daniel\AppData\Local\Temp\nsr8383.tmp\DropboxNSISTools.dll
C:\Users\Daniel\AppData\Local\Temp\nsq2DA6.tmp\DropboxNSISTools.dll
C:\Users\Daniel\AppData\Local\Temp\nso84E8.tmp\DropboxNSISTools.dll
C:\Users\Daniel\AppData\Local\Temp\nso84E8.tmp\UAC.dll
C:\Users\Daniel\AppData\Local\Temp\nslF039.tmp\DropboxNSISTools.dll
C:\Users\Daniel\AppData\Local\Temp\nsgDE6E.tmp\DropboxNSISTools.dll
C:\Users\Daniel\AppData\Local\Temp\MSS\3.0.318.3\mcbrwsr2.dll
C:\Users\Daniel\AppData\Local\Temp\MSS\3.0.318.3\McInstallerRes.dll
C:\Users\Daniel\AppData\Local\Temp\MSS\3.0.318.3\McInstallerRes_LD.dll
C:\Users\Daniel\AppData\Local\Temp\MSS\3.0.318.3\McInstallerStartup.dll
C:\Users\Daniel\AppData\Local\Temp\MSS\3.0.318.3\McUICnt.exe
C:\Users\Daniel\AppData\Local\Temp\MSS\3.0.318.3\SecurityScanner.dll
C:\Users\Daniel\AppData\Local\Temp\mProjector3175261488\mPlayer.3.1.1k.dll
C:\Users\Daniel\AppData\Local\Temp\McTemp\23206\InstProg.dll
C:\Users\Daniel\AppData\Local\Temp\McTemp\23206\Download_Files\oemmain\mcinsspt.exe
C:\Users\Daniel\AppData\Local\Temp\jrt\erunt\ERUNT.EXE
C:\Users\Daniel\AppData\Local\Temp\e4j1631.tmp_dir1359547273\i4jinst.dll
C:\Users\Daniel\AppData\Local\Temp\e4j1631.tmp_dir1359547273\jre\bin\awt.dll
C:\Users\Daniel\AppData\Local\Temp\e4j1631.tmp_dir1359547273\jre\bin\deploy.dll
C:\Users\Daniel\AppData\Local\Temp\E2E0.dir\InstallFlashPlayer.exe
C:\Users\Daniel\AppData\Local\Temp\DA48.dir\InstallFlashPlayer.exe
C:\Users\Daniel\AppData\Local\Temp\D77A.dir\InstallFlashPlayer.exe
C:\Users\Daniel\AppData\Local\Temp\C7B2.dir\InstallFlashPlayer.exe
C:\Users\Daniel\AppData\Local\Temp\C091.dir\InstallFlashPlayer.exe
C:\Users\Daniel\AppData\Local\Temp\be29e7f1-71ae-4703-50cb-1d52be512f51\twapi-be29e7f1-71ae-4703-50cb-1d52be512f51.dll
C:\Users\Daniel\AppData\Local\Temp\BB82.dir\InstallFlashPlayer.exe
C:\Users\Daniel\AppData\Local\Temp\B5D7.dir\InstallFlashPlayer.exe
C:\Users\Daniel\AppData\Local\Temp\A840.dir\InstallFlashPlayer.exe
C:\Users\Daniel\AppData\Local\Temp\A219.dir\InstallFlashPlayer.exe
C:\Users\Daniel\AppData\Local\Temp\9DA8.dir\InstallFlashPlayer.exe
C:\Users\Daniel\AppData\Local\Temp\7zS00AB\HP-DQEX5.exe
C:\Users\Daniel\AppData\Local\Temp\7zS00AB\Setup.exe
C:\Users\Daniel\AppData\Local\Temp\7zS00AB\utils\hpUrlLauncher.exe
C:\Users\Daniel\AppData\Local\Temp\7zS00AB\i386\hpfime51.dll
C:\Users\Daniel\AppData\Local\Temp\7zS00AB\i386\hpinkcoi9311.dll
C:\Users\Daniel\AppData\Local\Temp\7zS00AB\i386\hpinksts9311.dll
C:\Users\Daniel\AppData\Local\Temp\7zS00AB\i386\hpinksts9311LM.dll
C:\Users\Daniel\AppData\Local\Temp\7zS00AB\i386\hpvpldrv04.dll
C:\Users\Daniel\AppData\Local\Temp\7zS00AB\i386\hpvplres04.dll
C:\Users\Daniel\AppData\Local\Temp\7zS00AB\i386\hpvplui04.dll
C:\Users\Daniel\AppData\Local\Temp\7zS00AB\i386\unidrv.dll
C:\Users\Daniel\AppData\Local\Temp\7zS00AB\i386\unidrvui.dll
C:\Users\Daniel\AppData\Local\Temp\7zS00AB\i386\unires.dll
C:\Users\Daniel\AppData\Local\Temp\7zS00AB\drivers\scanner\x64\HPScanMiniDrv_DJ3050_J610.dll
C:\Users\Daniel\AppData\Local\Temp\7zS00AB\amd64\hpfime51.dll
C:\Users\Daniel\AppData\Local\Temp\7zS00AB\amd64\hpinkcoi9311.dll
C:\Users\Daniel\AppData\Local\Temp\7zS00AB\amd64\hpinksts9311.dll
C:\Users\Daniel\AppData\Local\Temp\7zS00AB\amd64\hpinksts9311LM.dll
C:\Users\Daniel\AppData\Local\Temp\7zS00AB\amd64\hpvpldrv04.dll
C:\Users\Daniel\AppData\Local\Temp\7zS00AB\amd64\hpvplres04.dll
C:\Users\Daniel\AppData\Local\Temp\7zS00AB\amd64\hpvplui04.dll
C:\Users\Daniel\AppData\Local\Temp\7zS00AB\amd64\unidrv.dll
C:\Users\Daniel\AppData\Local\Temp\7zS00AB\amd64\unidrvui.dll
C:\Users\Daniel\AppData\Local\Temp\7zS00AB\amd64\unires.dll
C:\Users\Daniel\AppData\Local\Temp\58E9.dir\InstallFlashPlayer.exe
C:\Users\Daniel\AppData\Local\Temp\5744.dir\InstallFlashPlayer.exe
C:\Users\Daniel\AppData\Local\Temp\3A23.dir\InstallFlashPlayer.exe
C:\Users\Daniel\AppData\Local\Temp\20DD.dir\InstallFlashPlayer.exe

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2013-08-22 11:07

==================== End Of Log ============================
Addition

Code:
ATTFilter
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 28-08-2013
Ran by Daniel at 2013-08-29 15:44:59
Running from C:\Users\Daniel\Desktop
Boot Mode: Normal
==========================================================


==================== Installed Programs =======================

   
7-Zip 9.20 (x64 edition) (Version: 9.20.00.0)
Adobe Flash Player 11 ActiveX (x32 Version: 11.8.800.94)
Adobe Flash Player 11 Plugin (x32 Version: 11.8.800.94)
Adobe Reader XI (11.0.03) - Deutsch (x32 Version: 11.0.03)
AMP WinOFF 5.0.1 (x32 Version: 5.0.1)
Any Audio Converter 3.0.7 (x32)
Apple Application Support (x32 Version: 2.3.4)
Apple Mobile Device Support (Version: 6.1.0.13)
Apple Software Update (x32 Version: 2.1.3.127)
BOINC (x32 Version: 6.10.58)
Bonjour (Version: 3.0.0.10)
BrettspielWelt (x32)
BrowseToSave (Version: 1.0)
Camtasia Studio 7 (x32 Version: 7.0.1)
ChessBase 10 (x32 Version: 10)
ChessBase Reader (x32 Version: 2)
CLICK & LEARN DiDi 360° 3.1 (x32)
ConvertHelper 2.2 (x32)
Dealio Toolbar v7.4 (x32 Version: 7.4)
Deep Rybka 3 (x32 Version: 1.0)
Deep Rybka 4 (x32 Version: 12.18.0.0)
DivX-Setup (x32 Version: 2.6.1.22)
DownTango (x32 Version: 1.0.609)
Dropbox (HKCU Version: 2.0.22)
EV calculator (x32 Version: 1.0.0)
F.lux (HKCU)
Flopzilla (x32 Version: 1.0.0)
FLV Player 2.0 (build 25) (x32 Version: 2.0 (build 25))
Free Audio CD Burner version 1.4 (x32)
Free FLV Converter V 6.8.0 (x32 Version: 6.8.0.0)
Free Music Zilla (x32)
Free Sound Recorder 2010 v9.2.1 (x32)
Free YouTube to MP3 Converter version 3.10.14.1206 (x32)
FreePDF (Remove only) (x32)
Fritz 12 (x32 Version: 12.0.0)
Full Tilt Poker (x32 Version: 4.39.7.WIN.FullTilt.COM)
Full Tilt Poker.Eu (x32 Version: 4.59.8.WIN.FullTilt.EU)
Garmin Communicator Plugin (x32 Version: 4.0.4)
Garmin Communicator Plugin x64 (Version: 4.0.4)
GIMP 2.8.4 (Version: 2.8.4)
GlobeTrotter Connect (Version: 2.3.0.630)
Google Chrome (HKCU Version: 29.0.1547.62)
GPL Ghostscript (x32 Version: 9.05)
Holdem Manager (x32)
Houdini 3 Pro (x32 Version: 13.12.0.0)
HP Deskjet 3050 J610 series - Grundlegende Software für das Gerät (Version: 22.50.231.0)
HP Deskjet 3050 J610 series Hilfe (x32 Version: 140.0.63.63)
iCloud (Version: 2.1.2.8)
Intel(R) Network Connections 18.0.1.0 (Version: 18.0.1.0)
iTunes (Version: 11.0.4.4)
Java 7 Update 25 (x32 Version: 7.0.250)
Java Auto Updater (x32 Version: 2.1.9.5)
Java(TM) 6 Update 20 (x32 Version: 6.0.200)
Malwarebytes Anti-Malware Version 1.75.0.1300 (x32 Version: 1.75.0.1300)
McAfee Online Backup (Version: 1.16.4.0)
McAfee Online Backup (x32)
McAfee SecurityCenter (x32 Version: 11.6.435)
Microsoft .NET Framework 1.1 (x32 Version: 1.1.4322)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft .NET Framework 4 Client Profile DEU Language Pack (Version: 4.0.30319)
Microsoft Silverlight (Version: 5.1.20513.0)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (x32 Version: 8.0.50727.4053)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.61001)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570 (Version: 9.0.30729.5570)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (x32 Version: 9.0.30729.5570)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (Version: 9.0.21022)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (x32 Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (x32 Version: 9.0.30729.6161)
MobileMe Control Panel (Version: 3.1.8.0)
Mozilla Firefox 11.0 (x86 de) (x32 Version: 11.0)
MP3-Tag-Editor 3.14.0 (x32 Version: 3.14.0)
No23 Recorder (x32 Version: 2.1.0.3)
Notepad++ (x32 Version: 6.1.2)
NVIDIA 3D Vision Treiber 311.06 (Version: 311.06)
NVIDIA Grafiktreiber 311.06 (Version: 311.06)
NVIDIA Install Application (Version: 2.1002.108.688)
NVIDIA PhysX (x32 Version: 9.10.0514)
NVIDIA PhysX-Systemsoftware 9.10.0514 (Version: 9.10.0514)
NVIDIA Stereoscopic 3D Driver (x32 Version: 7.17.13.1106)
NVIDIA Systemsteuerung 311.06 (Version: 311.06)
NVIDIA Update 1.11.3 (Version: 1.11.3)
NVIDIA Update Components (Version: 1.11.3)
OpenOffice.org 3.2 (x32 Version: 3.2.9502)
OpenTTD 1.2.1 (x32 Version: 1.2.1)
Party EzCASH Registered (x32)
PartyPoker (x32 Version: 144)
PlayChess  (x32 Version: )
Pokerazor 1.38 (x32 Version: 1.38)
PokerEV (x32 Version: 0.80.75)
PokerStars (x32)
PokerStrategy.com Equilab - Omaha (x32 Version: 1.1.4.0)
PokerStrategy.com EquiLab (x32 Version: 1.1.0.193)
PokerStrategy.com Equilab (x32 Version: 1.1.0.195)
PokerStrategy.com Equilator (x32 Version: 1.8.1.0)
PokerTools Odds Oracle 2.2.1 (Version: 2.2.1)
PostgreSQL 8.4 (x32 Version: 8.4)
Power Mp3 Recorder(Mp3 Sound Recorder) 2.9 (x32)
Power Sound Editor Free (x32)
PVSonyDll (Version: 1.00.0001)
QuickTime (x32 Version: 7.74.80.86)
RedMon - Redirection Port Monitor
RuntimeLibsVC90 (x32 Version: 1.1.0)
Safari (x32 Version: 5.34.57.2)
Shared C Run-time for x64 (Version: 10.0.0)
Sid Meier's Civilization 4 Complete (x32 Version: 1.74)
Skype™ 6.6 (x32 Version: 6.6.106)
SpeedFan (remove only) (x32)
Spyware Terminator 2012 (x32 Version: 3.0.0.80)
TableNinja (x32 Version: 1.2.93)
TableNinjaFT (x32 Version: 1.1.34)
Titan Poker (HKCU)
TrueCrypt (x32 Version: 7.1)
TubeBox (x32 Version: 3.5.3)
Uninstall 1.0.0.1 (x32)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939) (x32 Version: 1)
VC_CRT_x64 (Version: 1.02.0000)
VC80CRTRedist - 8.0.50727.6195 (x32 Version: 1.2.0)
VLC media player 2.0.1 (x32 Version: 2.0.1)
Windows Media Player Firefox Plugin (x32 Version: 1.0.0.8)
Winmail Opener 1.4 (x32 Version: 1.4)

==================== Restore Points  =========================

29-08-2013 10:45:21 Geplanter Prüfpunkt

==================== Hosts content: ==========================

2009-07-14 04:34 - 2009-06-10 23:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

Task: {088482FA-65B8-4E17-9ABF-1DCD48E8D373} - System32\Tasks\Microsoft\Windows\Tcpip\IpAddressConflict1 => C:\Windows\System32\ndfapi.dll [2009-07-14] (Microsoft Corporation)
Task: {09F06BFE-A3C8-40E3-846A-6E6F4000C238} - System32\Tasks\Microsoft\Windows\Tcpip\IpAddressConflict2 => C:\Windows\System32\ndfapi.dll [2009-07-14] (Microsoft Corporation)
Task: {15783BDE-0CF9-445C-8E46-212CF759AF67} - System32\Tasks\Microsoft\Windows\DiskDiagnostic\Microsoft-Windows-DiskDiagnosticDataCollector => C:\Windows\System32\dfdts.dll [2009-07-14] (Microsoft Corporation)
Task: {2AAF8B07-9A60-4B3E-94A7-700FE02CCBB6} - System32\Tasks\{7DD017B2-A651-4B1E-B0AC-58136ABF81F9} => C:\Users\Daniel\Downloads\flux-setup(2).exe No File
Task: {527D68BE-266E-44DA-B472-4AA663FD13EC} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3367036293-2228256684-2732229916-1001Core => C:\Users\Daniel\AppData\Local\Google\Update\GoogleUpdate.exe [2011-02-02] (Google Inc.)
Task: {548493F3-442E-4D93-BC27-057378BF41E3} - System32\Tasks\WPD\SqmUpload_S-1-5-21-3367036293-2228256684-2732229916-1001 => C:\Windows\System32\portabledeviceapi.dll [2010-11-20] (Microsoft Corporation)
Task: {68836440-F993-416C-9C8F-807E0A5573C9} - System32\Tasks\{DAA914B1-40E0-41D1-88F7-6062F1111C4D} => c:\program files (x86)\mozilla firefox\firefox.exe [2012-03-13] (Mozilla Corporation)
Task: {85F07AB0-F908-4458-B8EA-CBBFC90BA625} - System32\Tasks\{599E2690-C1A0-4179-B2DA-F81619ADB65D} => C:\Program Files (x86)\Skype\Phone\Skype.exe [2013-06-21] (Skype Technologies S.A.)
Task: {994C86AD-A929-4B2C-88A0-4E25A107A029} - System32\Tasks\Microsoft\Windows\SystemRestore\SR => C:\Windows\System32\srrstr.dll [2010-11-20] (Microsoft Corporation)
Task: {A7C73732-9F11-4281-8D19-764D4EC9D94D} - System32\Tasks\Microsoft\Windows\Application Experience\ProgramDataUpdater => C:\Windows\System32\aepdu.dll [2010-11-20] (Microsoft Corporation)
Task: {B480937C-0D57-40AE-9839-6FDCA51C4D4A} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-08-21] (Adobe Systems Incorporated)
Task: {D7B6E81D-3CF4-432C-84D2-24213F4316E6} - System32\Tasks\Microsoft\Windows\Autochk\Proxy => C:\Windows\System32\acproxy.dll [2009-07-14] (Microsoft Corporation)
Task: {E22A8667-F75B-4BA9-BA46-067ED4429DE8} - System32\Tasks\Microsoft\Windows\Windows Filtering Platform\BfeOnServiceStartTypeChange => C:\Windows\System32\bfe.dll [2010-11-20] (Microsoft Corporation)
Task: {E4F9EB4A-8456-4DD5-9793-0C0EED7A8426} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3367036293-2228256684-2732229916-1001UA => C:\Users\Daniel\AppData\Local\Google\Update\GoogleUpdate.exe [2011-02-02] (Google Inc.)
Task: {EF770798-4C20-466B-B8B1-77C14F204DFD} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {FCF04B3D-2E3E-4FD8-9B11-1D0A7FE4C33E} - System32\Tasks\Microsoft\Windows Defender\MP Scheduled Scan => c:\program files\windows defender\MpCmdRun.exe [2009-07-14] (Microsoft Corporation)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3367036293-2228256684-2732229916-1001Core.job => C:\Users\Daniel\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3367036293-2228256684-2732229916-1001UA.job => C:\Users\Daniel\AppData\Local\Google\Update\GoogleUpdate.exe

==================== Alternate Data Streams (whitelisted) ==========

AlternateDataStreams: C:\Users\Daniel\Thumbs.db:encryptable
AlternateDataStreams: C:\Users\Daniel\Desktop\Thumbs.db:encryptable


==================== Faulty Device Manager Devices =============

Name: Microsoft PS/2-Maus
Description: Microsoft PS/2-Maus
Class Guid: {4d36e96f-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: i8042prt
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.


==================== Event log errors: =========================

Application errors:
==================

System errors:
=============

Microsoft Office Sessions:
=========================

CodeIntegrity Errors:
===================================
  Date: 2012-06-13 18:58:43.519
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\PROGRA~2\McAfee\SITEAD~1\x64\saHook.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2012-06-13 17:45:14.482
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\PROGRA~2\McAfee\SITEAD~1\x64\saHook.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2012-06-06 18:51:05.341
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\PROGRA~2\McAfee\SITEAD~1\x64\saHook.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2012-06-06 18:37:57.173
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\PROGRA~2\McAfee\SITEAD~1\x64\saHook.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.


==================== Memory info =========================== 

Percentage of memory in use: 32%
Total physical RAM: 12279.14 MB
Available physical RAM: 8337.52 MB
Total Pagefile: 24556.47 MB
Available Pagefile: 18076.5 MB
Total Virtual: 8192 MB
Available Virtual: 8191.81 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:342.02 GB) (Free:16.39 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: (DATA) (Fixed) (Total:341.97 GB) (Free:6.61 GB) NTFS
Drive e: (Fritztrainer) (CDROM) (Total:1.07 GB) (Free:0 GB) UDF
Drive j: () (Fixed) (Total:931.51 GB) (Free:730.95 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 699 GB) (Disk ID: DD7D2BC8)
Partition 1: (Not Active) - (Size=15 GB) - (Type=27)
Partition 2: (Active) - (Size=342 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=342 GB) - (Type=07 NTFS)

========================================================
Disk: 5 (Size: 932 GB) (Disk ID: 007EFC3B)
Partition 1: (Not Active) - (Size=932 GB) - (Type=07 NTFS)

==================== End Of Log ============================

 

Themen zu Umleitung zu ww94.btosjs.info
adblock, adobe, appdatalow, calculator, converter, explorer, farbar, farbar recovery scan tool, flash player, helper, install.exe, phishing, plug-in, pup.dealio.tb, pup.offerbundler.st, pup.optional.multiplug.a, pup.optional.silentinstall.a, pup.optional.sprotect.a, pup.optional.tarma.a, registry, rundll, services.exe, siteadvisor, svchost.exe, win32/adware.multiplug.h, winlogon.exe


« GVU Tronjaner hat auch mich erwischt | TR/Click.Age.245760 in C:\Windows\SysWOW64\SUSB.exe »


Ähnliche Themen: Umleitung zu ww94.btosjs.info


  1. WIN 7: Werbepopups in Internetbrowsern, Umleitung auf bzw. Aufploppen von anderen Seiten "ADS by Info/realdeal"
    Log-Analyse und Auswertung - 01.05.2015 (17)
  2. hxxp://ww94.btosjs.info wird immer nach irgend einer aufgerufenen website geöffnet
    Plagegeister aller Art und deren Bekämpfung - 29.08.2013 (1)
  3. Umleitung auf URL123.info
    Alles rund um Mac OSX & Linux - 26.02.2012 (12)
  4. Google-Umleitung zu Url123.info
    Plagegeister aller Art und deren Bekämpfung - 12.02.2012 (1)
  5. Umleitung 85.255...
    Plagegeister aller Art und deren Bekämpfung - 20.02.2009 (6)
  6. Umleitung
    Log-Analyse und Auswertung - 05.02.2009 (1)
  7. SRYS.INFO - Wtf??
    Mülltonne - 16.03.2008 (0)
  8. URL Umleitung
    Plagegeister aller Art und deren Bekämpfung - 22.01.2007 (1)
  9. Umleitung im IE
    Log-Analyse und Auswertung - 30.09.2006 (27)
  10. Umleitung
    Plagegeister aller Art und deren Bekämpfung - 26.06.2006 (30)
  11. info
    Mülltonne - 06.03.2005 (1)
  12. Re: Thank you! - Info
    Plagegeister aller Art und deren Bekämpfung - 06.11.2004 (1)
  13. info: mandrake 9.1 rc1
    Alles rund um Mac OSX & Linux - 25.02.2003 (19)
  14. info: red hat / mdk
    Alles rund um Mac OSX & Linux - 26.08.2002 (1)
  15. info: KDE 3.03
    Alles rund um Mac OSX & Linux - 22.08.2002 (4)
Anleitungen und Tipps

- Für alle Hilfesuchenden! Was beachten?

- Anleitung: MyStartSearch.com entfernen

- Anleitung: WebSearches löschen

- Hilfe: iStartSurf entfernen – so gehts!

- Anleitung: Omiga Plus richtig entfernen

- Browser Viren entfernen


Zum Thema Umleitung zu ww94.btosjs.info - Hi, Nachdem ich mir auf meinem Laptop gestern nen Virus eingefangen habe, hatte ich eh schon überlegt mal meinen anderen Rechner zu überprüfen, da habe ich auf einmal ne komische - Umleitung zu ww94.btosjs.info...
Archiv
Du betrachtest: Umleitung zu ww94.btosjs.info auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131