| |
| |||||||
Log-Analyse und Auswertung: bitte hilfe bluescrenn und gvo6 und mehr !Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
02.10.2013, 14:25
| #1 |
 |  bitte hilfe bluescrenn und gvo6 und mehr ! Hallo ich brauch hilfe habe beim herunterfahren ein bluescrenn und gvo6 und noch andre toolbars die ich nicht löschen kann ! habe versucht alles zu löschen mit adwcleaner aber es geht nicht der pc geht dann aus und es kommt ein bluescrenn  |
|
02.10.2013, 15:08
| #2 |
| /// the machine /// TB-Ausbilder    | bitte hilfe bluescrenn und gvo6 und mehr ! hi,
__________________Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop:  FRST 32-Bit | FRST 64-Bit(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
__________________ |
|
02.10.2013, 21:30
| #3 | |
| | bitte hilfe bluescrenn und gvo6 und mehr !Zitat:
|
|
03.10.2013, 07:52
| #4 |
| /// the machine /// TB-Ausbilder | bitte hilfe bluescrenn und gvo6 und mehr ! Per Post? Warum? 
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
04.10.2013, 23:09
| #5 |
| | bitte hilfe bluescrenn und gvo6 und mehr ! FRST Logfile: FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 03-10-2013
Ran by ejub (administrator) on EJUB-PC on 04-10-2013 23:56:08
Running from C:\Users\ejub\Downloads
Microsoft® Windows Vista™ Home Premium Service Pack 2 (X86) OS Language: German Standard
Internet Explorer Version 8
Boot Mode: Normal
==================== Processes (Whitelisted) ===================
(AMD) C:\Windows\system32\atiesrxx.exe
(Microsoft Corporation) C:\Windows\system32\SLsvc.exe
(AMD) C:\Windows\system32\atieclxx.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCui.exe
(Intel Corporation) C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
(Ask) C:\Program Files\Ask.com\Updater\Updater.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(SweetIM Technologies Ltd.) C:\Program Files\SweetIM\Messenger\SweetIM.exe
(ROCCAT GmbH) C:\Program Files\ROCCAT\Isku Keyboard\IskuMonitor.exe
(Advanced Micro Devices Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(ROCCAT GmbH) C:\Program Files\ROCCAT\Savu Mouse\Savu Monitor.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Windows\system32\inetsrv\inetinfo.exe
(LogMeIn, Inc.) C:\Program Files\LogMeIn Hamachi\LMIGuardianSvc.exe
(Microsoft Corporation) C:\Windows\system32\mqsvc.exe
() C:\Windows\system32\PnkBstrA.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(LogMeIn Inc.) C:\Program Files\LogMeIn Hamachi\hamachi-2.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Microsoft Corporation) C:\Windows\ehome\ehtray.exe
(3f5cdddb19ffb8355b) C:\Users\ejub\AppData\Roaming\Microsoft\taskmsg.exe
(Microsoft Corporation) C:\Windows\ehome\ehmsas.exe
(Microsoft Corporation) C:\Windows\System32\mobsync.exe
(Intel Corporation) C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
(Microsoft Corporation) C:\Windows\system32\mqtgsvc.exe
(Microsoft Corporation) C:\Program Files\Windows Media Player\wmpnscfg.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Microsoft Corporation) C:\Windows\system32\wbem\unsecapp.exe
(me) C:\Users\ejub\AppData\Roaming\bs_stealth.exe
(ATI Technologies Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Microsoft Corporation) c:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\plugin-container.exe
(Adobe Systems, Inc.) C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_8_800_168.exe
(Adobe Systems, Inc.) C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_8_800_168.exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [Windows Defender] - C:\Program Files\Windows Defender\MSASCui.exe [1008184 2008-01-21] (Microsoft Corporation)
HKLM\...\Run: [IAAnotif] - C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe [182808 2008-09-12] (Intel Corporation)
HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [9808488 2010-11-02] (Realtek Semiconductor)
HKLM\...\Run: [ApnUpdater] - C:\Program Files\Ask.com\Updater\Updater.exe [1646216 2013-01-24] (Ask)
HKLM\...\Run: [Adobe Reader Speed Launcher] - C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [41056 2013-05-08] (Adobe Systems Incorporated)
HKLM\...\Run: [Adobe ARM] - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM\...\Run: [APSDaemon] - C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [59280 2012-11-28] (Apple Inc.)
HKLM\...\Run: [iTunesHelper] - C:\Program Files\iTunes\iTunesHelper.exe [152544 2012-12-12] (Apple Inc.)
HKLM\...\Run: [4StoryPrePatch] - C:\Program Files\GameforgeLive\Games\DEU_deu\4Story\PrePatch.exe [327680 2012-11-29] (Zemi Interactive Inc.)
HKLM\...\Run: [SweetIM] - C:\Program Files\SweetIM\Messenger\SweetIM.exe [115032 2012-10-04] (SweetIM Technologies Ltd.)
HKLM\...\Run: [StartCCC] - C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [642656 2013-03-28] (Advanced Micro Devices, Inc.)
HKLM\...\Run: [RoccatIsku] - C:\Program Files\ROCCAT\Isku Keyboard\IskuMonitor.EXE [542560 2012-11-09] (ROCCAT GmbH)
HKLM\...\Run: [ROCCAT Savu Gaming Mouse] - C:\Program Files\ROCCAT\Savu Mouse\Savu Monitor.exe [872048 2012-09-10] (ROCCAT GmbH)
HKLM\...\Run: [SunJavaUpdateSched] - C:\Program Files\Common Files\Java\Java Update\jusched.exe [253816 2013-03-12] (Oracle Corporation)
HKLM\...\Run: [LogMeIn Hamachi Ui] - C:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe [2345296 2013-10-01] (LogMeIn Inc.)
HKLM\...\Policies\Explorer\Run: [bs_stealth] - C:\Users\ejub\AppData\Roaming\bs_stealth.exe [79360 2013-09-16] ( (me))
HKLM\...\Policies\Explorer: [ShowDriveLettersFirst] 4
HKCU\...\Run: [ehTray.exe] - C:\Windows\ehome\ehTray.exe [125952 2008-01-21] (Microsoft Corporation)
HKCU\...\Run: [msnmsgr] - C:\Program Files\Windows Live\Messenger\msnmsgr.exe [4280184 2012-03-08] (Microsoft Corporation)
HKCU\...\Run: [bs_stealth] - C:\Users\ejub\AppData\Roaming\bs_stealth.exe [79360 2013-09-16] (me)
HKCU\...\Run: [windows updater] - C:\Users\ejub\AppData\Roaming\Microsoft\taskmsg.exe [260096 2013-09-21] (3f5cdddb19ffb8355b)
HKCU\...\Winlogon: [Shell] explorer.exe;C:\Users\ejub\AppData\Local\Temp\bs_stealth.exe [79360 2013-09-16] (me) <==== ATTENTION
HKCU\...\Policies\Explorer\Run: [bs_stealth] - C:\Users\ejub\AppData\Roaming\bs_stealth.exe [79360 2013-09-16] ( (me))
HKCU\...\Policies\system: [EnableLUA] 0
HKCU\...\Policies\system: [LogonHoursAction] 2
HKCU\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
MountPoints2: {6e371ca0-6321-11e2-a3f8-00261849d0f6} - J:\MediaManager.exe
MountPoints2: {7cef639b-f8b0-11df-aa34-806e6f6e6963} - E:\NokiaInstaller.exe
MountPoints2: {afa6981a-248e-11e1-a84a-00261849d0f6} - F:\Setup.exe
MountPoints2: {afa69836-248e-11e1-a84a-00261849d0f6} - J:\AUTOSTARTER.EXE
MountPoints2: {bebf50c3-b31a-11e1-a551-00261849d0f6} - K:\Setup.exe
HKU\Default\...\Run: [WindowsWelcomeCenter] - rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\Default User\...\Run: [WindowsWelcomeCenter] - rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\Gast\...\Run: [WindowsWelcomeCenter] - rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\Gast.ejub-PC\...\Run: [WindowsWelcomeCenter] - rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\Gast.ejub-PC\...\Run: [QuickTime Task] - "C:\Program Files\QuickTime\QTTask.exe" -atboottime
HKU\Gast.ejub-PC\...\Run: [swg] - "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
HKU\Gast.ejub-PC\...\Run: [ehTray.exe] - C:\Windows\ehome\ehTray.exe [ 2008-01-21] (Microsoft Corporation)
HKU\Gast.ejub-PC\...\Run: [{92DF5512-F4E9-2934-45D4-5057384EB3F5}] - C:\Users\Gast.ejub-PC\AppData\Roaming\Odaw\usid.exe
HKU\Gast.ejub-PC\...\Run: [msnmsgr] - C:\Program Files\Windows Live\Messenger\msnmsgr.exe [ 2012-03-08] (Microsoft Corporation)
HKU\Gast.ejub-PC\...\Run: [uTorrent] - "C:\Program Files\uTorrent\uTorrent.exe" /MINIMIZED
HKU\Gast.ejub-PC\...\Run: [Exetender] - "C:\Program Files\Free Ride Games\GPlayer.exe" /runonstartup
HKU\Gast.ejub-PC\...\Run: [Skype] - "C:\Program Files\Skype\Phone\Skype.exe" /minimized /regrun
HKU\Gast.ejub-PC\...\Run: [winupdater] - C:\Windows\system32\Windupdt\winupdate.exe
HKU\Gast.ejub-PC\...\Policies\system: [DisableTaskMgr] 1
HKU\Gast.ejub-PC\...\Policies\system: [DisableRegistryTools] 1
HKU\Gast.ejub-PC\...\Policies\system: [EnableLUA] 0
HKU\gast2\...\Run: [WindowsWelcomeCenter] - rundll32.exe oobefldr.dll,ShowWelcomeCenter
BootExecute: autocheck autochk *
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = (1) Search
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = MSN Deutschland: Aktuelle Nachrichten, Outlook.com Email und Skype Login.
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x3C15CDED7290CB01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = Upgrade to Google Chrome
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Upgrade to Google Chrome
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
URLSearchHook: ATTENTION ==> Default URLSearchHook is missing.
URLSearchHook: UrlSearchHook Class - {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
URLSearchHook: DVDVideoSoftTB Toolbar - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files\DVDVideoSoftTB\prxtbDVD0.dll (Conduit Ltd.)
URLSearchHook: uTorrentBar_DE Toolbar - {c840e246-6b95-475e-9bd7-caa1c7eca9f2} - C:\Program Files\uTorrentBar_DE\prxtbuTo2.dll (Conduit Ltd.)
URLSearchHook: (No Name) - {5e5ab302-7f65-44cd-8211-c1d4caaccea3} - No File
URLSearchHook: SweetIM ToolbarURLSearchHook Class - {EEE6C35D-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgHelper.dll (SweetIM Technologies Ltd.)
SearchScopes: HKLM - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://search.qvo6.com/web/?utm_source=b&utm_medium=vtt&utm_campaign=eXQ&utm_content=ds&from=vtt&uid=HitachiXHDT721010SLA360_STF607MH30W80K30W80KX&ts=1379589615&type=default&q={searchTerms}
SearchScopes: HKLM - {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://search.qvo6.com/web/?utm_source=b&utm_medium=vtt&utm_campaign=eXQ&utm_content=ds&from=vtt&uid=HitachiXHDT721010SLA360_STF607MH30W80K30W80KX&ts=1379589615&type=default&q={searchTerms}
SearchScopes: HKLM - {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2304157
SearchScopes: HKLM - {EEE6C360-6118-11DC-9C72-001320C79847} URL = hxxp://search.sweetim.com/search.asp?src=6&q={searchTerms}&crg=3.5000006.10042&barid={0E53BC31-8A8E-11E2-ADFC-00261849D0F6}
SearchScopes: HKCU - DefaultScope {CFF4DB9B-135F-47c0-9269-B4C6572FD61A} URL = hxxp://mystart.incredibar.com/?a=6PQV6YABCM&loc=skw&search={searchTerms}
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?FORM=IEFM1&q={searchTerms}&src={referrer:source?}
SearchScopes: HKCU - {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = hxxp://www1.delta-search.com/?q={searchTerms}&affID=121240&babsrc=SP_ss&mntrId=F66B00FF33624CCD
SearchScopes: HKCU - {171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E} URL = hxxp://websearch.ask.com/redirect?client=ie&tb=PTF&o=15503&src=crm&q={searchTerms}&locale=en_DE&apn_ptnrs=LH&apn_dtid=YYYYYYYYDE&apn_uid=F43E7263-190D-4BEF-9873-271AC904FD2C&apn_sauid=E4DA584D-29C1-4A3C-8FF0-EA644B09A872
SearchScopes: HKCU - {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL =
SearchScopes: HKCU - {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2304157
SearchScopes: HKCU - {CFF4DB9B-135F-47c0-9269-B4C6572FD61A} URL = hxxp://mystart.incredibar.com/?a=6PQV6YABCM&loc=skw&search={searchTerms}
SearchScopes: HKCU - {EEE6C360-6118-11DC-9C72-001320C79847} URL = hxxp://search.sweetim.com/search.asp?src=6&q={searchTerms}&crg=3.5000006.10042&barid={0E53BC31-8A8E-11E2-ADFC-00261849D0F6}
SearchScopes: HKCU - {FB291D82-6B3F-4A51-9A75-1B9E9C4E1ED9} URL = hxxp://de.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=198484&p={searchTerms}
BHO: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO: Conduit Engine - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.)
BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll (Safer Networking Limited)
BHO: No Name - {57DF9426-D4DB-C7B6-EB6B-E22672A782B8} - No File
BHO: TBSB01620 Class - {58124A0B-DC32-4180-9BFF-E0E21AE34026} - C:\Program Files\IMinent Toolbar\tbcore3.dll ()
BHO: No Name - {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: No Name - {5e5ab302-7f65-44cd-8211-c1d4caaccea3} - No File
BHO: No Name - {64182481-4F71-486b-A045-B233BD0DA8FC} - No File
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: DVDVideoSoftTB Toolbar - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files\DVDVideoSoftTB\prxtbDVD0.dll (Conduit Ltd.)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Skype Browser Helper - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
BHO: uTorrentBar_DE Toolbar - {c840e246-6b95-475e-9bd7-caa1c7eca9f2} - C:\Program Files\uTorrentBar_DE\prxtbuTo2.dll (Conduit Ltd.)
BHO: Ask Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO: No Name - {E0D8909E-2C72-D88A-27C5-F2986334A64B} - No File
BHO: SweetPacks Browser Helper - {EEE6C35C-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.)
Toolbar: HKLM - DVDVideoSoftTB Toolbar - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files\DVDVideoSoftTB\prxtbDVD0.dll (Conduit Ltd.)
Toolbar: HKLM - Ask Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
Toolbar: HKLM - IMinent Toolbar - {977AE9CC-AF83-45E8-9E03-E2798216E2D5} - C:\Program Files\IMinent Toolbar\tbcore3.dll ()
Toolbar: HKLM - uTorrentBar_DE Toolbar - {c840e246-6b95-475e-9bd7-caa1c7eca9f2} - C:\Program Files\uTorrentBar_DE\prxtbuTo2.dll (Conduit Ltd.)
Toolbar: HKLM - No Name - {98889811-442D-49dd-99D7-DC866BE87DBC} - No File
Toolbar: HKLM - SweetPacks Toolbar for Internet Explorer - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.)
Toolbar: HKLM - No Name - {ae07101b-46d4-4a98-af68-0333ea26e113} - No File
Toolbar: HKCU -DVDVideoSoftTB Toolbar - {872B5B88-9DB5-4310-BDD0-AC189557E5F5} - C:\Program Files\DVDVideoSoftTB\prxtbDVD0.dll (Conduit Ltd.)
Toolbar: HKCU -Ask Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
Toolbar: HKCU -IMinent Toolbar - {977AE9CC-AF83-45E8-9E03-E2798216E2D5} - C:\Program Files\IMinent Toolbar\tbcore3.dll ()
Toolbar: HKCU -uTorrentBar_DE Toolbar - {C840E246-6B95-475E-9BD7-CAA1C7ECA9F2} - C:\Program Files\uTorrentBar_DE\prxtbuTo2.dll (Conduit Ltd.)
Toolbar: HKCU -SweetPacks Toolbar for Internet Explorer - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.)
DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455}
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Winsock: Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1
FireFox:
========
FF ProfilePath: C:\Users\ejub\AppData\Roaming\Mozilla\Firefox\Profiles\z069vy7q.default
FF user.js: detected! => C:\Users\ejub\AppData\Roaming\Mozilla\Firefox\Profiles\z069vy7q.default\user.js
FF NewTab: hxxp://mystart.incredibar.com/?a=6PQV6YABCM&loc=skw
FF Homepage: https://www.google.de/
FF NetworkProxy: "ftp", "127.0.0.1"
FF NetworkProxy: "ftp_port", 8555
FF NetworkProxy: "gopher", "127.0.0.1"
FF NetworkProxy: "gopher_port", 8555
FF NetworkProxy: "http", "127.0.0.1"
FF NetworkProxy: "http_port", 8555
FF NetworkProxy: "socks", "127.0.0.1"
FF NetworkProxy: "socks_port", 8555
FF NetworkProxy: "ssl", "127.0.0.1"
FF NetworkProxy: "ssl_port", 8555
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_11_8_800_168.dll ()
FF Plugin: @Apple.com/iTunes,version=1.0 - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin: @java.com/DTPlugin,version=10.25.2 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.25.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @pandonetworks.com/PandoWebPlugin - C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @eximion.com/KalydoPlayer - C:\Users\ejub\AppData\Roaming\Kalydo\KalydoPlayer\bin1\npkalydo.dll (Eximion B.V.)
FF Plugin HKCU: pandonetworks.com/PandoWebPlugin - C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF SearchPlugin: C:\Users\ejub\AppData\Roaming\Mozilla\Firefox\Profiles\z069vy7q.default\searchplugins\aol-search.xml
FF SearchPlugin: C:\Users\ejub\AppData\Roaming\Mozilla\Firefox\Profiles\z069vy7q.default\searchplugins\Ask.xml
FF SearchPlugin: C:\Users\ejub\AppData\Roaming\Mozilla\Firefox\Profiles\z069vy7q.default\searchplugins\askcomsearch.xml
FF SearchPlugin: C:\Users\ejub\AppData\Roaming\Mozilla\Firefox\Profiles\z069vy7q.default\searchplugins\BrowserProtect.xml
FF SearchPlugin: C:\Users\ejub\AppData\Roaming\Mozilla\Firefox\Profiles\z069vy7q.default\searchplugins\claro.xml
FF SearchPlugin: C:\Users\ejub\AppData\Roaming\Mozilla\Firefox\Profiles\z069vy7q.default\searchplugins\delta.xml
FF SearchPlugin: C:\Users\ejub\AppData\Roaming\Mozilla\Firefox\Profiles\z069vy7q.default\searchplugins\entrusted-customized-web-search.xml
FF SearchPlugin: C:\Users\ejub\AppData\Roaming\Mozilla\Firefox\Profiles\z069vy7q.default\searchplugins\firefox-add-ons.xml
FF SearchPlugin: C:\Users\ejub\AppData\Roaming\Mozilla\Firefox\Profiles\z069vy7q.default\searchplugins\holasearch.xml
FF SearchPlugin: C:\Users\ejub\AppData\Roaming\Mozilla\Firefox\Profiles\z069vy7q.default\searchplugins\MyStart Search.xml
FF SearchPlugin: C:\Users\ejub\AppData\Roaming\Mozilla\Firefox\Profiles\z069vy7q.default\searchplugins\SweetIM Search.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\Ask.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\babylon.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\fcmdSrchstonicde.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\qvo6.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\Ask.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: ProxTube - Gesperrte YouTube Videos entsperren - C:\Users\ejub\AppData\Roaming\Mozilla\Firefox\Profiles\z069vy7q.default\Extensions\{2541D29A-DB9E-4c1e-949A-31EFB4AEF4E7}
FF Extension: No Name - C:\Users\ejub\AppData\Roaming\Mozilla\Firefox\Profiles\z069vy7q.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
FF Extension: No Name - C:\Program Files\Mozilla Firefox\extensions\ffxtlbr@babylon.com
FF Extension: Skype Click to Call - C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF Extension: Microsoft .NET Framework Assistant - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
Chrome:
=======
CHR DefaultSearchURL: (MyStart) - hxxp://mystart.incredibar.com/?a=6PQV6YABCM&loc=skw&search={searchTerms}
CHR DefaultSuggestURL: (MyStart) - "suggest_url": "",
CHR Extension: (WiseConvert 1.3) - C:\Users\ejub\AppData\Local\Google\Chrome\User Data\Default\Extensions\anpiogajjmckmlehhpjnojhebaidkeod\10.13.20.29_0
CHR Extension: (Skype Click to Call) - C:\Users\ejub\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.6.0.8442_1
CHR Extension: (Chrome In-App Payments service) - C:\Users\ejub\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.4.11_0
CHR Extension: () - C:\Users\ejub\AppData\Local\Google\Chrome\User Data\Default\Extensions\ogccgbmabaphcakpiclgcnmcnimhokcj\1.3.0.3_0
CHR Extension: (Gmail) - C:\Users\ejub\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0
CHR HKLM\...\Chrome\Extension: [anpiogajjmckmlehhpjnojhebaidkeod] - C:\Users\ejub\AppData\Local\CRE\anpiogajjmckmlehhpjnojhebaidkeod.crx
CHR HKLM\...\Chrome\Extension: [dhkplhfnhceodhffomolpfigojocbpcb] - C:\Users\ejub\AppData\Roaming\BabylonToolbar\CR\BabylonChrome1.crx
CHR HKLM\...\Chrome\Extension: [dlnembnfbcpjnepmfjmngjenhhajpdfd] - C:\Program Files\IB Updater\source.crx
CHR HKLM\...\Chrome\Extension: [hbcennhacfaagdopikcegfcobcadeocj] - C:\Program Files\Common Files\Spigot\GC\saebay_1.0.crx
CHR HKLM\...\Chrome\Extension: [icdlfehblmklkikfigmjhbmmpmkmpooj] - C:\Program Files\Common Files\Spigot\GC\errorassistant_1.1.crx
CHR HKLM\...\Chrome\Extension: [ifohbjbgfchkkfhphahclmkpgejiplfo] - C:\Users\ejub\AppData\Local\Google\Chrome\User Data\Default\Extensions\newtab.crx
CHR HKLM\...\Chrome\Extension: [leocdeigfnkaojcapikdjcdbedcjmffc] - C:\Users\ejub\AppData\Local\Temp\ccex.crx
CHR HKLM\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx
CHR HKLM\...\Chrome\Extension: [mhkaekfpcppmmioggniknbnbdbcigpkk] - C:\Program Files\Common Files\Spigot\GC\coupons_2.3.crx
CHR HKLM\...\Chrome\Extension: [pfndaklgolladniicklehhancnlgocpp] - C:\Program Files\Common Files\Spigot\GC\saamazon_1.0.crx
========================== Services (Whitelisted) =================
R2 Hamachi2Svc; C:\Program Files\LogMeIn Hamachi\hamachi-2.exe [1612112 2013-10-01] (LogMeIn Inc.)
R2 IISADMIN; C:\Windows\system32\inetsrv\inetinfo.exe [13824 2008-01-21] (Microsoft Corporation)
R2 LMIGuardianSvc; C:\Program Files\LogMeIn Hamachi\LMIGuardianSvc.exe [375056 2013-08-26] (LogMeIn, Inc.)
R2 MSMQ; C:\Windows\system32\mqsvc.exe [8704 2006-11-02] (Microsoft Corporation)
R2 MSMQTriggers; C:\Windows\system32\mqtgsvc.exe [125952 2009-04-11] (Microsoft Corporation)
S3 npggsvc; C:\Windows\system32\GameMon.des [4670000 2012-08-06] (INCA Internet Co., Ltd.)
R2 PnkBstrA; C:\Windows\system32\PnkBstrA.exe [75136 2012-03-04] ()
S2 SBSDWSCService; C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe [1153368 2009-01-26] (Safer Networking Ltd.)
S2 BasicServe Service; "C:\Program Files\BasicServe\basicserve.exe" "C:\Program Files\BasicServe\basicserve.dll" dedujegug guvorabeq
==================== Drivers (Whitelisted) ====================
R3 AtiHDAudioService; C:\Windows\System32\drivers\AtihdLH3.sys [75776 2013-01-15] (Advanced Micro Devices)
R2 atksgt; C:\Windows\System32\DRIVERS\atksgt.sys [281760 2011-12-12] ()
R0 CLFS; C:\Windows\System32\CLFS.sys [245736 2009-04-11] (Microsoft Corporation)
R3 EuMusDesignVirtualAudioCableWdm; C:\Windows\System32\DRIVERS\vrtaucbl.sys [50728 2013-02-01] (Eugene V. Muzychenko)
R3 hamachi; C:\Windows\System32\DRIVERS\hamachi.sys [26176 2009-03-18] (LogMeIn, Inc.)
R2 lirsgt; C:\Windows\System32\DRIVERS\lirsgt.sys [25888 2011-12-10] ()
R3 MQAC; C:\Windows\System32\drivers\mqac.sys [126976 2008-01-21] (Microsoft Corporation)
S3 tap0901; C:\Windows\System32\DRIVERS\tap0901.sys [26624 2011-12-15] (The OpenVPN Project)
S3 taphss; C:\Windows\System32\DRIVERS\taphss.sys [32768 2012-01-05] (AnchorFree Inc)
S3 taphss6; C:\Windows\System32\DRIVERS\taphss6.sys [37064 2013-02-22] (Anchorfree Inc.)
S3 EagleXNt; \??\C:\Windows\system32\drivers\EagleXNt.sys [x]
S3 IpInIp; system32\DRIVERS\ipinip.sys [x]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [x]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [x]
S3 USBAAPL; System32\Drivers\usbaapl.sys [x]
S3 vtany; \??\C:\Windows\vtany.sys [x]
S3 WinRing0_1_2_0; \??\C:\Program Files\IObit\Game Booster 3\Driver\WinRing0.sys [x]
S3 XDva397; \??\C:\Windows\system32\XDva397.sys [x]
S3 XDva398; \??\C:\Windows\system32\XDva398.sys [x]
S3 XDva399; \??\C:\Windows\system32\XDva399.sys [x]
S3 XDva400; \??\C:\Windows\system32\XDva400.sys [x]
S3 XDva401; \??\C:\Windows\system32\XDva401.sys [x]
S3 XDva403; \??\C:\Windows\system32\XDva403.sys [x]
S3 XDva404; \??\C:\Windows\system32\XDva404.sys [x]
R3 XDva405; \??\C:\Windows\system32\XDva405.sys [x]
S3 xhunter1; \??\C:\Windows\xhunter1.sys [x]
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2013-10-04 23:43 - 2013-10-04 23:43 - 00053942 _____ C:\Users\ejub\Desktop\FRST.txt
2013-10-04 11:17 - 2013-10-04 11:17 - 00000000 ____D C:\Users\ejub\AppData\Local\{4E7D4F1C-A523-402A-9080-37AF602E00A6}
2013-10-03 12:48 - 2013-10-03 12:48 - 00000000 ____D C:\Users\ejub\AppData\Local\{C045F380-0682-4AC8-93CE-5C8941B64024}
2013-10-02 22:51 - 2013-10-02 22:51 - 00000000 ____D C:\Users\ejub\AppData\Local\LogMeIn
2013-10-02 22:51 - 2013-10-02 22:51 - 00000000 ____D C:\ProgramData\LogMeIn
2013-10-02 22:19 - 2013-10-03 20:28 - 00002273 _____ C:\Users\ejub\Desktop\FRST.lnk
2013-10-02 22:09 - 2013-10-02 22:09 - 01087213 _____ (Farbar) C:\Users\ejub\Downloads\FRST.exe
2013-10-02 21:37 - 2013-10-02 21:37 - 00000000 ____D C:\Program Files\LogMeIn Hamachi
2013-10-02 15:04 - 2013-10-02 15:04 - 00281896 _____ (Mozilla) C:\Users\ejub\Downloads\Firefox Setup Stub 24.0.exe
2013-10-02 15:04 - 2013-10-02 15:04 - 00000810 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk
2013-10-02 15:04 - 2013-10-02 15:04 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service
2013-10-02 15:03 - 2013-10-02 15:03 - 00675952 _____ C:\Users\ejub\Downloads\Firefox_Setup.exe
2013-10-02 15:03 - 2013-10-02 15:03 - 00000952 _____ C:\Users\ejub\Desktop\Continue Firefox Installation.lnk
2013-10-02 13:36 - 2013-10-02 13:37 - 00000000 ____D C:\Users\ejub\AppData\Local\{73F42676-E122-4EA7-AAA0-F88C738F8701}
2013-10-02 01:35 - 2013-10-02 01:35 - 00000000 ____D C:\Users\ejub\AppData\Local\{58FD9DDF-FC70-46B3-972E-22E38129CEE5}
2013-10-02 01:18 - 2013-10-02 01:18 - 00000000 ____D C:\Users\ejub\AppData\Local\{D357B62E-EEDC-43F0-B664-D3BE4D945B8B}
2013-10-02 00:24 - 2013-10-02 00:24 - 00000000 ____D C:\FRST
2013-10-02 00:22 - 2013-10-02 00:22 - 01953880 _____ (Farbar) C:\Users\ejub\Downloads\FRST64.exe
2013-10-01 23:55 - 2013-10-02 22:48 - 00000000 ____D C:\AdwCleaner
2013-10-01 23:55 - 2013-10-01 23:55 - 01045226 _____ C:\Users\ejub\Downloads\adwcleaner_3.0.0.6.exe
2013-10-01 17:19 - 2013-10-01 17:19 - 00002052 _____ C:\Windows\epplauncher.mif
2013-10-01 17:17 - 2010-04-05 22:00 - 00221568 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netio.sys
2013-10-01 14:13 - 2013-10-02 15:04 - 00000000 ____D C:\Program Files\Mozilla Firefox
2013-10-01 12:37 - 2013-10-01 12:38 - 00000000 ____D C:\Users\ejub\AppData\Local\{32D0D448-1170-4056-AE7C-90E3B6745371}
2013-09-30 11:04 - 2013-09-30 11:05 - 00000000 ____D C:\Users\ejub\AppData\Local\{23850706-02F6-47DA-B7B4-F54624DC0AEA}
2013-09-28 18:05 - 2013-09-30 23:58 - 00000000 _____ C:\dfu.log
2013-09-28 18:05 - 2013-09-28 18:05 - 00001723 _____ C:\Users\Public\Desktop\S.K.I.L.L. - Special Force 2.lnk
2013-09-28 12:13 - 2013-09-28 12:13 - 00000000 ____D C:\Users\ejub\AppData\Local\{C8E85691-946E-4F8E-ACFD-2C43AC720E49}
2013-09-27 11:30 - 2013-09-27 11:30 - 00000000 ____D C:\Users\ejub\AppData\Local\{433D21DA-640B-4C2D-9075-C8691ADA3773}
2013-09-26 16:27 - 2013-09-26 16:28 - 00000000 ____D C:\Users\ejub\AppData\Local\{F23F186F-5E08-4D5D-9AC2-FEC6D1874B06}
2013-09-25 12:20 - 2013-09-25 12:20 - 00000000 ____D C:\Users\ejub\AppData\Local\{9321FE4A-A295-461F-ABBD-B32AC54C5519}
2013-09-24 11:46 - 2013-09-24 11:46 - 00000000 ____D C:\Users\ejub\AppData\Local\{CFFD8FCB-F95D-48D3-836D-2E3890A8977B}
2013-09-23 21:42 - 2013-09-23 21:43 - 00000000 ____D C:\Users\ejub\AppData\Local\{53B07944-3016-4118-9123-15C9B797D773}
2013-09-23 02:41 - 2013-09-23 02:41 - 00000000 ___RD C:\Users\ejub\Documents\Notes
2013-09-23 01:33 - 2013-09-23 01:33 - 00000000 ____D C:\Users\ejub\AppData\Local\{4B65813C-139E-4B0C-B5E9-9723B5F413EC}
2013-09-22 11:37 - 2013-09-22 11:38 - 00000000 ____D C:\Users\ejub\AppData\Local\{B88C107A-84E8-4170-A716-BA49E947E051}
2013-09-21 15:29 - 2013-09-22 01:16 - 00157528 _____ C:\Users\ejub\AppData\Roaming\ejub.txt
2013-09-21 15:29 - 2013-09-21 15:29 - 00205824 ____H (Microsoft) C:\Users\ejub\AppData\Roaming\832f5e4c.exe
2013-09-21 15:29 - 2013-09-21 15:29 - 00000052 _____ C:\Users\ejub\AppData\Roaming\r58Ies.tmp
2013-09-21 15:29 - 2013-09-21 15:29 - 00000000 ____D C:\Users\ejub\AppData\Roaming\832f5e4c
2013-09-21 14:08 - 2013-09-21 14:09 - 00000000 ____D C:\Users\ejub\AppData\Local\{6AF2239F-8332-46EA-A3FC-6B3D6FE81BE3}
2013-09-20 21:34 - 2013-09-20 21:34 - 00000000 ____D C:\Users\ejub\AppData\Local\{86C84826-D527-4F25-8591-9DB12890066F}
2013-09-19 15:43 - 2013-09-19 15:43 - 00000000 ____D C:\Users\ejub\AppData\Local\{10555BBA-67FE-4C86-AD2B-21B98AC8F0FD}
2013-09-19 15:28 - 2013-09-19 15:32 - 00000000 ____D C:\Program Files\Optimizer Pro
2013-09-19 14:23 - 2013-10-04 23:23 - 00000286 _____ C:\Windows\Tasks\Dealply.job
2013-09-19 14:23 - 2013-09-19 15:38 - 00000000 ____D C:\Program Files\DealPlyLive
2013-09-19 14:23 - 2013-09-19 15:33 - 00000000 ____D C:\Program Files\DealPly
2013-09-19 14:23 - 2013-09-19 14:23 - 00000000 ____D C:\Users\ejub\AppData\Roaming\Dealply
2013-09-19 14:23 - 2013-09-19 14:23 - 00000000 ____D C:\Users\ejub\AppData\Local\DealPlyLive
2013-09-19 14:23 - 2013-09-19 14:23 - 00000000 ____D C:\ProgramData\DealPlyLive
2013-09-19 13:33 - 2013-09-20 22:30 - 00000000 ____D C:\Program Files\BasicServe
2013-09-19 13:33 - 2013-09-19 13:33 - 00000000 _____ C:\ProgramData\2d23263642223a_c
2013-09-19 13:20 - 2013-09-19 15:39 - 00000000 ____D C:\ProgramData\eSafe
2013-09-19 13:20 - 2013-09-19 15:35 - 00000000 ____D C:\Users\ejub\AppData\Local\DProtect
2013-09-19 02:48 - 2013-10-02 00:12 - 00001891 _____ C:\Users\ejub\Desktop\Entfernen des Avira DE-Cleaners.lnk
2013-09-19 02:48 - 2013-10-02 00:12 - 00001820 _____ C:\Users\ejub\Desktop\Avira DE-Cleaner.lnk
2013-09-19 02:48 - 2013-09-19 02:48 - 00883840 _____ C:\Users\ejub\Desktop\Avira-DE100-Cleaner.exe
2013-09-19 02:47 - 2013-09-19 02:47 - 01254900 _____ (Sophos Limited) C:\Users\ejub\Downloads\Sophos_Virus_Removal_Tool24.exe.part
2013-09-19 02:45 - 2013-09-19 02:45 - 00000000 ____D C:\Users\ejub\AppData\Local\{43572938-282F-4D1C-9351-B3823F8DF728}
2013-09-19 02:38 - 2013-09-19 02:38 - 00000000 ____D C:\Users\ejub\AppData\Local\{8A723C37-5CE0-4A05-9E6A-5F744D5E4D66}
2013-09-19 02:36 - 2013-10-03 12:46 - 00000000 ____D C:\Windows\Minidump
2013-09-19 00:39 - 2013-10-04 23:54 - 05433442 _____ C:\Users\ejub\AppData\Roaming\bs_log.dat
2013-09-19 00:39 - 2013-09-16 20:25 - 00079360 _____ (me) C:\Users\ejub\AppData\Roaming\bs_stealth.exe
2013-09-18 12:35 - 2013-09-18 12:35 - 00000000 ____D C:\Users\ejub\AppData\Local\{C1D53018-CD52-4D9E-A565-A123DD601019}
2013-09-17 21:26 - 2013-09-17 21:26 - 00000000 ____D C:\Users\ejub\AppData\Local\{FA75BCBB-A296-4CDB-BD29-1519B2CD490D}
2013-09-16 09:32 - 2013-09-16 09:32 - 00000000 ____D C:\Users\ejub\AppData\Local\{A2755D1A-4CC4-4475-BAD8-D723D824D635}
2013-09-15 13:13 - 2013-09-15 13:13 - 00000000 ____D C:\Users\ejub\AppData\Local\{BEDE52D3-56BA-412F-860B-C6F9242431E1}
2013-09-14 16:53 - 2013-09-14 16:53 - 00000000 ____D C:\Users\ejub\AppData\Local\{D6D3525B-9EAB-436C-9625-4D7AFFCF4423}
2013-09-13 12:22 - 2013-09-13 12:23 - 00000000 ____D C:\Users\ejub\AppData\Local\{107741F7-43B8-468A-9945-003ECD91EEAE}
2013-09-12 23:44 - 2013-08-08 03:45 - 02049536 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2013-09-12 23:44 - 2013-08-01 12:21 - 00916992 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-09-12 23:44 - 2013-08-01 12:20 - 01212928 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-09-12 23:44 - 2013-08-01 12:20 - 00105984 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2013-09-12 23:44 - 2013-08-01 12:18 - 00206848 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2013-09-12 23:44 - 2013-08-01 12:16 - 06016512 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-09-12 23:44 - 2013-08-01 12:16 - 00630272 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-09-12 23:44 - 2013-08-01 12:16 - 00611840 _____ (Microsoft Corporation) C:\Windows\system32\mstime.dll
2013-09-12 23:44 - 2013-08-01 12:16 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2013-09-12 23:44 - 2013-08-01 12:16 - 00055296 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2013-09-12 23:44 - 2013-08-01 12:15 - 11111936 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-09-12 23:44 - 2013-08-01 12:15 - 02005504 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-09-12 23:44 - 2013-08-01 12:15 - 01469440 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2013-09-12 23:44 - 2013-08-01 12:15 - 00387584 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2013-09-12 23:44 - 2013-08-01 12:15 - 00184320 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll
2013-09-12 23:44 - 2013-08-01 12:15 - 00164352 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-09-12 23:44 - 2013-08-01 12:15 - 00109056 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2013-09-12 23:44 - 2013-08-01 12:15 - 00071680 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-09-12 23:44 - 2013-08-01 12:15 - 00055808 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-09-12 23:44 - 2013-08-01 12:15 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\licmgr10.dll
2013-09-12 23:44 - 2013-08-01 12:15 - 00025600 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-09-12 23:44 - 2013-08-01 12:13 - 00018944 _____ (Microsoft Corporation) C:\Windows\system32\corpol.dll
2013-09-12 23:44 - 2013-08-01 10:37 - 00385024 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2013-09-12 23:44 - 2013-08-01 08:56 - 00174080 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-09-12 23:44 - 2013-08-01 08:56 - 00133632 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2013-09-12 23:44 - 2013-08-01 08:55 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2013-09-12 23:44 - 2013-08-01 08:54 - 01638912 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-09-12 23:44 - 2013-07-16 06:35 - 00615936 _____ (Microsoft Corporation) C:\Windows\system32\themeui.dll
2013-09-12 13:28 - 2013-09-12 13:28 - 00000000 ____D C:\Users\ejub\AppData\Local\{CEC79D96-CA26-48A6-A321-B31FB2144C95}
2013-09-11 12:27 - 2013-09-11 12:27 - 00000000 ____D C:\Users\ejub\AppData\Local\{9274576A-59AD-416A-887F-6C4E58EB5F6C}
2013-09-10 10:32 - 2013-09-10 10:32 - 00000000 ____D C:\Users\ejub\AppData\Local\{59985DB7-924A-44B5-80E5-B5DA7D0A5D17}
2013-09-09 11:19 - 2013-09-09 11:19 - 00000000 ____D C:\Users\ejub\AppData\Local\{6C4009BE-D5FD-4319-A447-01C73FBA6170}
2013-09-08 13:33 - 2013-09-08 13:33 - 00000000 ____D C:\Users\ejub\AppData\Local\{77D52CF8-461F-4DD7-857E-22A535CC964F}
2013-09-07 16:42 - 2013-09-07 16:42 - 00000000 ____D C:\Users\ejub\AppData\Local\{AD1B3A3E-2437-485F-89B7-1D752900EDD0}
2013-09-06 12:29 - 2013-09-06 12:29 - 00000000 ____D C:\Users\ejub\AppData\Local\{1C4347BA-7600-48E4-9C46-16268B210983}
2013-09-05 21:39 - 2013-09-05 21:39 - 00000000 ____D C:\Users\ejub\AppData\Local\{B0ED3CFD-74A7-4BF9-8290-3FBBB9B57222}
==================== One Month Modified Files and Folders =======
2013-10-04 23:55 - 2013-09-19 00:39 - 05433442 _____ C:\Users\ejub\AppData\Roaming\bs_log.dat
2013-10-04 23:43 - 2013-10-04 23:43 - 00053942 _____ C:\Users\ejub\Desktop\FRST.txt
2013-10-04 23:43 - 2012-10-12 05:04 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-10-04 23:23 - 2013-09-19 14:23 - 00000286 _____ C:\Windows\Tasks\Dealply.job
2013-10-04 23:15 - 2006-11-02 14:47 - 00003616 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2013-10-04 23:15 - 2006-11-02 14:47 - 00003616 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2013-10-04 23:04 - 2013-07-07 21:54 - 00001094 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-10-04 22:37 - 2006-11-02 13:18 - 00000000 ____D C:\Windows\tracing
2013-10-04 21:49 - 2008-01-21 03:35 - 01808411 _____ C:\Windows\WindowsUpdate.log
2013-10-04 11:18 - 2006-11-02 13:18 - 00000000 ____D C:\Windows\system32\inetsrv
2013-10-04 11:17 - 2013-10-04 11:17 - 00000000 ____D C:\Users\ejub\AppData\Local\{4E7D4F1C-A523-402A-9080-37AF602E00A6}
2013-10-04 11:16 - 2013-08-09 20:01 - 00000000 ____D C:\Users\ejub\AppData\Local\LogMeIn Hamachi
2013-10-04 11:16 - 2013-07-07 21:54 - 00001090 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-10-04 11:16 - 2013-06-27 12:56 - 00000000 ____D C:\Users\ejub\Tracing
2013-10-04 11:16 - 2013-04-18 22:28 - 00000414 ____H C:\Windows\Tasks\schedule!3036567561.job
2013-10-04 11:16 - 2010-11-25 08:21 - 00065536 _____ C:\Windows\system32\Ikeext.etl
2013-10-04 11:16 - 2006-11-02 15:01 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-10-03 20:28 - 2013-10-02 22:19 - 00002273 _____ C:\Users\ejub\Desktop\FRST.lnk
2013-10-03 19:13 - 2012-05-21 21:22 - 00000000 ____D C:\Users\ejub\Documents\Cross Fire
2013-10-03 12:48 - 2013-10-03 12:48 - 00000000 ____D C:\Users\ejub\AppData\Local\{C045F380-0682-4AC8-93CE-5C8941B64024}
2013-10-03 12:46 - 2013-09-19 02:36 - 00000000 ____D C:\Windows\Minidump
2013-10-03 12:46 - 2010-04-29 14:14 - 00147093 _____ C:\Windows\Minidump\Mini100313-01.dmp
2013-10-02 22:51 - 2013-10-02 22:51 - 00000000 ____D C:\Users\ejub\AppData\Local\LogMeIn
2013-10-02 22:51 - 2013-10-02 22:51 - 00000000 ____D C:\ProgramData\LogMeIn
2013-10-02 22:50 - 2010-04-29 14:14 - 00147157 _____ C:\Windows\Minidump\Mini100213-07.dmp
2013-10-02 22:48 - 2013-10-01 23:55 - 00000000 ____D C:\AdwCleaner
2013-10-02 22:09 - 2013-10-02 22:09 - 01087213 _____ (Farbar) C:\Users\ejub\Downloads\FRST.exe
2013-10-02 21:37 - 2013-10-02 21:37 - 00000000 ____D C:\Program Files\LogMeIn Hamachi
2013-10-02 21:36 - 2010-04-29 14:14 - 00147093 _____ C:\Windows\Minidump\Mini100213-06.dmp
2013-10-02 15:14 - 2013-07-03 21:34 - 00597566 _____ C:\Windows\PFRO.log
2013-10-02 15:14 - 2010-04-29 14:14 - 00147093 _____ C:\Windows\Minidump\Mini100213-05.dmp
2013-10-02 15:04 - 2013-10-02 15:04 - 00281896 _____ (Mozilla) C:\Users\ejub\Downloads\Firefox Setup Stub 24.0.exe
2013-10-02 15:04 - 2013-10-02 15:04 - 00000810 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk
2013-10-02 15:04 - 2013-10-02 15:04 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service
2013-10-02 15:04 - 2013-10-01 14:13 - 00000000 ____D C:\Program Files\Mozilla Firefox
2013-10-02 15:03 - 2013-10-02 15:03 - 00675952 _____ C:\Users\ejub\Downloads\Firefox_Setup.exe
2013-10-02 15:03 - 2013-10-02 15:03 - 00000952 _____ C:\Users\ejub\Desktop\Continue Firefox Installation.lnk
2013-10-02 13:37 - 2013-10-02 13:36 - 00000000 ____D C:\Users\ejub\AppData\Local\{73F42676-E122-4EA7-AAA0-F88C738F8701}
2013-10-02 01:35 - 2013-10-02 01:35 - 00000000 ____D C:\Users\ejub\AppData\Local\{58FD9DDF-FC70-46B3-972E-22E38129CEE5}
2013-10-02 01:32 - 2010-04-29 14:14 - 00147157 _____ C:\Windows\Minidump\Mini100213-04.dmp
2013-10-02 01:18 - 2013-10-02 01:18 - 00000000 ____D C:\Users\ejub\AppData\Local\{D357B62E-EEDC-43F0-B664-D3BE4D945B8B}
2013-10-02 01:16 - 2010-04-29 14:14 - 00147157 _____ C:\Windows\Minidump\Mini100213-03.dmp
2013-10-02 00:27 - 2010-04-29 14:14 - 00147157 _____ C:\Windows\Minidump\Mini100213-02.dmp
2013-10-02 00:24 - 2013-10-02 00:24 - 00000000 ____D C:\FRST
2013-10-02 00:22 - 2013-10-02 00:22 - 01953880 _____ (Farbar) C:\Users\ejub\Downloads\FRST64.exe
2013-10-02 00:12 - 2013-09-19 02:48 - 00001891 _____ C:\Users\ejub\Desktop\Entfernen des Avira DE-Cleaners.lnk
2013-10-02 00:12 - 2013-09-19 02:48 - 00001820 _____ C:\Users\ejub\Desktop\Avira DE-Cleaner.lnk
2013-10-02 00:04 - 2010-04-29 14:14 - 00147157 _____ C:\Windows\Minidump\Mini100213-01.dmp
2013-10-01 23:55 - 2013-10-01 23:55 - 01045226 _____ C:\Users\ejub\Downloads\adwcleaner_3.0.0.6.exe
2013-10-01 23:11 - 2013-07-07 21:55 - 00002243 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2013-10-01 17:22 - 2010-04-29 14:14 - 00147093 _____ C:\Windows\DUMP4ca8.tmp
2013-10-01 17:19 - 2013-10-01 17:19 - 00002052 _____ C:\Windows\epplauncher.mif
2013-10-01 12:38 - 2013-10-01 12:37 - 00000000 ____D C:\Users\ejub\AppData\Local\{32D0D448-1170-4056-AE7C-90E3B6745371}
2013-09-30 23:58 - 2013-09-28 18:05 - 00000000 _____ C:\dfu.log
2013-09-30 11:05 - 2013-09-30 11:04 - 00000000 ____D C:\Users\ejub\AppData\Local\{23850706-02F6-47DA-B7B4-F54624DC0AEA}
2013-09-29 22:30 - 2010-11-25 19:57 - 00000000 ____D C:\Users\ejub\AppData\Roaming\TS3Client
2013-09-29 17:45 - 2010-12-05 20:50 - 00000000 ____D C:\Program Files\[Z-H-C]ScRipT V4
2013-09-29 10:46 - 2010-04-29 14:14 - 00147157 _____ C:\Windows\Minidump\Mini092913-01.dmp
2013-09-28 18:05 - 2013-09-28 18:05 - 00001723 _____ C:\Users\Public\Desktop\S.K.I.L.L. - Special Force 2.lnk
2013-09-28 18:04 - 2012-11-29 15:32 - 00000000 ____D C:\Users\ejub\Documents\Gameforge Live
2013-09-28 12:13 - 2013-09-28 12:13 - 00000000 ____D C:\Users\ejub\AppData\Local\{C8E85691-946E-4F8E-ACFD-2C43AC720E49}
2013-09-28 12:11 - 2010-04-29 14:14 - 00147157 _____ C:\Windows\Minidump\Mini092813-01.dmp
2013-09-28 00:37 - 2013-08-08 03:04 - 00000000 ____D C:\Users\ejub\Desktop\Cube World Cracked
2013-09-27 11:30 - 2013-09-27 11:30 - 00000000 ____D C:\Users\ejub\AppData\Local\{433D21DA-640B-4C2D-9075-C8691ADA3773}
2013-09-27 11:29 - 2010-04-29 14:14 - 00147157 _____ C:\Windows\Minidump\Mini092713-01.dmp
2013-09-26 22:35 - 2013-01-23 15:25 - 00000828 _____ C:\Users\Public\Desktop\Gameforge Live.lnk
2013-09-26 22:35 - 2012-11-29 15:31 - 00000000 ____D C:\Program Files\GameforgeLive
2013-09-26 22:33 - 2010-11-01 17:17 - 00000000 ____D C:\Users\ejub
2013-09-26 21:28 - 2010-04-29 14:14 - 00147157 _____ C:\Windows\Minidump\Mini092613-02.dmp
2013-09-26 16:28 - 2013-09-26 16:27 - 00000000 ____D C:\Users\ejub\AppData\Local\{F23F186F-5E08-4D5D-9AC2-FEC6D1874B06}
2013-09-26 16:26 - 2010-04-29 14:14 - 00147157 _____ C:\Windows\Minidump\Mini092613-01.dmp
2013-09-25 22:19 - 2010-04-29 14:14 - 00147093 _____ C:\Windows\Minidump\Mini092513-02.dmp
2013-09-25 18:45 - 2010-04-29 14:14 - 00147157 _____ C:\Windows\Minidump\Mini092513-01.dmp
2013-09-25 12:20 - 2013-09-25 12:20 - 00000000 ____D C:\Users\ejub\AppData\Local\{9321FE4A-A295-461F-ABBD-B32AC54C5519}
2013-09-24 17:35 - 2010-04-29 14:14 - 00147157 _____ C:\Windows\Minidump\Mini092413-01.dmp
2013-09-24 11:46 - 2013-09-24 11:46 - 00000000 ____D C:\Users\ejub\AppData\Local\{CFFD8FCB-F95D-48D3-836D-2E3890A8977B}
2013-09-23 21:43 - 2013-09-23 21:42 - 00000000 ____D C:\Users\ejub\AppData\Local\{53B07944-3016-4118-9123-15C9B797D773}
2013-09-23 21:41 - 2010-04-29 14:14 - 00147157 _____ C:\Windows\Minidump\Mini092313-03.dmp
2013-09-23 12:43 - 2010-04-29 14:14 - 00147157 _____ C:\Windows\Minidump\Mini092313-02.dmp
2013-09-23 02:41 - 2013-09-23 02:41 - 00000000 ___RD C:\Users\ejub\Documents\Notes
2013-09-23 01:33 - 2013-09-23 01:33 - 00000000 ____D C:\Users\ejub\AppData\Local\{4B65813C-139E-4B0C-B5E9-9723B5F413EC}
2013-09-23 01:31 - 2010-04-29 14:14 - 00147093 _____ C:\Windows\Minidump\Mini092313-01.dmp
2013-09-22 11:38 - 2013-09-22 11:37 - 00000000 ____D C:\Users\ejub\AppData\Local\{B88C107A-84E8-4170-A716-BA49E947E051}
2013-09-22 01:16 - 2013-09-21 15:29 - 00157528 _____ C:\Users\ejub\AppData\Roaming\ejub.txt
2013-09-21 15:29 - 2013-09-21 15:29 - 00205824 ____H (Microsoft) C:\Users\ejub\AppData\Roaming\832f5e4c.exe
2013-09-21 15:29 - 2013-09-21 15:29 - 00000052 _____ C:\Users\ejub\AppData\Roaming\r58Ies.tmp
2013-09-21 15:29 - 2013-09-21 15:29 - 00000000 ____D C:\Users\ejub\AppData\Roaming\832f5e4c
2013-09-21 14:55 - 2010-04-29 14:14 - 00147093 _____ C:\Windows\Minidump\Mini092113-03.dmp
2013-09-21 14:51 - 2010-04-29 14:14 - 00147157 _____ C:\Windows\Minidump\Mini092113-02.dmp
2013-09-21 14:09 - 2013-09-21 14:08 - 00000000 ____D C:\Users\ejub\AppData\Local\{6AF2239F-8332-46EA-A3FC-6B3D6FE81BE3}
2013-09-21 14:06 - 2010-04-29 14:14 - 00147157 _____ C:\Windows\Minidump\Mini092113-01.dmp
2013-09-20 23:57 - 2010-04-29 14:14 - 00147157 _____ C:\Windows\Minidump\Mini092013-03.dmp
2013-09-20 22:30 - 2013-09-19 13:33 - 00000000 ____D C:\Program Files\BasicServe
2013-09-20 22:30 - 2010-04-29 14:14 - 00147157 _____ C:\Windows\Minidump\Mini092013-02.dmp
2013-09-20 21:43 - 2012-10-12 05:04 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2013-09-20 21:43 - 2011-09-19 20:22 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2013-09-20 21:34 - 2013-09-20 21:34 - 00000000 ____D C:\Users\ejub\AppData\Local\{86C84826-D527-4F25-8591-9DB12890066F}
2013-09-20 21:32 - 2010-04-29 14:14 - 00147157 _____ C:\Windows\Minidump\Mini092013-01.dmp
2013-09-19 21:29 - 2010-04-29 14:14 - 00147093 _____ C:\Windows\Minidump\Mini091913-10.dmp
2013-09-19 16:37 - 2010-04-29 14:14 - 00147285 _____ C:\Windows\Minidump\Mini091913-09.dmp
2013-09-19 16:04 - 2013-08-12 00:32 - 00000000 ____D C:\Users\ejub\AppData\Roaming\.minecraft
2013-09-19 15:47 - 2010-04-29 14:14 - 00147157 _____ C:\Windows\Minidump\Mini091913-08.dmp
2013-09-19 15:43 - 2013-09-19 15:43 - 00000000 ____D C:\Users\ejub\AppData\Local\{10555BBA-67FE-4C86-AD2B-21B98AC8F0FD}
2013-09-19 15:41 - 2010-04-29 14:14 - 00147157 _____ C:\Windows\Minidump\Mini091913-07.dmp
2013-09-19 15:39 - 2013-09-19 13:20 - 00000000 ____D C:\ProgramData\eSafe
2013-09-19 15:38 - 2013-09-19 14:23 - 00000000 ____D C:\Program Files\DealPlyLive
2013-09-19 15:35 - 2013-09-19 13:20 - 00000000 ____D C:\Users\ejub\AppData\Local\DProtect
2013-09-19 15:35 - 2010-04-29 14:14 - 00147157 _____ C:\Windows\Minidump\Mini091913-06.dmp
2013-09-19 15:33 - 2013-09-19 14:23 - 00000000 ____D C:\Program Files\DealPly
2013-09-19 15:32 - 2013-09-19 15:28 - 00000000 ____D C:\Program Files\Optimizer Pro
2013-09-19 15:30 - 2010-11-01 17:17 - 00001261 _____ C:\Users\ejub\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2013-09-19 14:23 - 2013-09-19 14:23 - 00000000 ____D C:\Users\ejub\AppData\Roaming\Dealply
2013-09-19 14:23 - 2013-09-19 14:23 - 00000000 ____D C:\Users\ejub\AppData\Local\DealPlyLive
2013-09-19 14:23 - 2013-09-19 14:23 - 00000000 ____D C:\ProgramData\DealPlyLive
2013-09-19 13:33 - 2013-09-19 13:33 - 00000000 _____ C:\ProgramData\2d23263642223a_c
2013-09-19 12:48 - 2010-04-29 14:14 - 00147093 _____ C:\Windows\Minidump\Mini091913-05.dmp
2013-09-19 03:14 - 2010-04-29 14:14 - 00147221 _____ C:\Windows\Minidump\Mini091913-04.dmp
2013-09-19 03:03 - 2010-04-29 14:14 - 00147157 _____ C:\Windows\Minidump\Mini091913-03.dmp
2013-09-19 02:48 - 2013-09-19 02:48 - 00883840 _____ C:\Users\ejub\Desktop\Avira-DE100-Cleaner.exe
2013-09-19 02:47 - 2013-09-19 02:47 - 01254900 _____ (Sophos Limited) C:\Users\ejub\Downloads\Sophos_Virus_Removal_Tool24.exe.part
2013-09-19 02:45 - 2013-09-19 02:45 - 00000000 ____D C:\Users\ejub\AppData\Local\{43572938-282F-4D1C-9351-B3823F8DF728}
2013-09-19 02:43 - 2010-04-29 14:14 - 00147189 _____ C:\Windows\Minidump\Mini091913-02.dmp
2013-09-19 02:38 - 2013-09-19 02:38 - 00000000 ____D C:\Users\ejub\AppData\Local\{8A723C37-5CE0-4A05-9E6A-5F744D5E4D66}
2013-09-19 02:36 - 2010-04-29 14:14 - 00147157 _____ C:\Windows\Minidump\Mini091913-01.dmp
2013-09-18 17:25 - 2006-11-02 15:01 - 00032510 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2013-09-18 12:35 - 2013-09-18 12:35 - 00000000 ____D C:\Users\ejub\AppData\Local\{C1D53018-CD52-4D9E-A565-A123DD601019}
2013-09-17 21:26 - 2013-09-17 21:26 - 00000000 ____D C:\Users\ejub\AppData\Local\{FA75BCBB-A296-4CDB-BD29-1519B2CD490D}
2013-09-16 20:25 - 2013-09-19 00:39 - 00079360 _____ (me) C:\Users\ejub\AppData\Roaming\bs_stealth.exe
2013-09-16 17:46 - 2006-11-02 14:47 - 00231016 _____ C:\Windows\system32\FNTCACHE.DAT
2013-09-16 09:40 - 2013-08-15 20:35 - 00000000 ____D C:\Windows\system32\MRT
2013-09-16 09:37 - 2006-11-02 12:24 - 76725432 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe
2013-09-16 09:32 - 2013-09-16 09:32 - 00000000 ____D C:\Users\ejub\AppData\Local\{A2755D1A-4CC4-4475-BAD8-D723D824D635}
2013-09-15 13:13 - 2013-09-15 13:13 - 00000000 ____D C:\Users\ejub\AppData\Local\{BEDE52D3-56BA-412F-860B-C6F9242431E1}
2013-09-14 16:53 - 2013-09-14 16:53 - 00000000 ____D C:\Users\ejub\AppData\Local\{D6D3525B-9EAB-436C-9625-4D7AFFCF4423}
2013-09-13 12:23 - 2013-09-13 12:22 - 00000000 ____D C:\Users\ejub\AppData\Local\{107741F7-43B8-468A-9945-003ECD91EEAE}
2013-09-12 13:28 - 2013-09-12 13:28 - 00000000 ____D C:\Users\ejub\AppData\Local\{CEC79D96-CA26-48A6-A321-B31FB2144C95}
2013-09-11 21:56 - 2010-11-29 11:12 - 00000000 ____D C:\Program Files\TeamSpeak 3 Client
2013-09-11 12:27 - 2013-09-11 12:27 - 00000000 ____D C:\Users\ejub\AppData\Local\{9274576A-59AD-416A-887F-6C4E58EB5F6C}
2013-09-10 10:32 - 2013-09-10 10:32 - 00000000 ____D C:\Users\ejub\AppData\Local\{59985DB7-924A-44B5-80E5-B5DA7D0A5D17}
2013-09-09 11:19 - 2013-09-09 11:19 - 00000000 ____D C:\Users\ejub\AppData\Local\{6C4009BE-D5FD-4319-A447-01C73FBA6170}
2013-09-09 10:52 - 2013-01-07 20:14 - 00632656 _____ (Microsoft Corporation) C:\Windows\system32\msvcr80.dll
2013-09-09 10:52 - 2013-01-07 20:14 - 00554832 _____ (Microsoft Corporation) C:\Windows\system32\msvcp80.dll
2013-09-09 10:52 - 2013-01-07 20:14 - 00479232 _____ (Microsoft Corporation) C:\Windows\system32\msvcm80.dll
2013-09-09 10:52 - 2013-01-07 20:14 - 00001870 _____ C:\Windows\system32\Microsoft.VC80.CRT.manifest
2013-09-08 13:33 - 2013-09-08 13:33 - 00000000 ____D C:\Users\ejub\AppData\Local\{77D52CF8-461F-4DD7-857E-22A535CC964F}
2013-09-07 16:42 - 2013-09-07 16:42 - 00000000 ____D C:\Users\ejub\AppData\Local\{AD1B3A3E-2437-485F-89B7-1D752900EDD0}
2013-09-06 12:29 - 2013-09-06 12:29 - 00000000 ____D C:\Users\ejub\AppData\Local\{1C4347BA-7600-48E4-9C46-16268B210983}
2013-09-05 21:39 - 2013-09-05 21:39 - 00000000 ____D C:\Users\ejub\AppData\Local\{B0ED3CFD-74A7-4BF9-8290-3FBBB9B57222}
Files to move or delete:
====================
C:\Users\ejub\13-4_vista_win7_win8_32_dd_ccc_whql.exe
C:\Users\ejub\avg_avct_stb_all_2013_2667_cm10.exe
C:\Users\ejub\ClarioN-ScripTV3(1).exe
C:\Users\ejub\dotnetfx45_full_x86_x64.exe
C:\Users\ejub\gimp-2-8-4-setup.exe
C:\Users\ejub\SCP-087-B.exe
Some content of TEMP:
====================
C:\Users\ejub\AppData\Local\Temp\bf6af4c8663a873604efe730db334834.dll
C:\Users\ejub\AppData\Local\Temp\bi_cleaner.exe
C:\Users\ejub\AppData\Local\Temp\bs_stealth.exe
C:\Users\ejub\AppData\Local\Temp\FLVPlayerSetup.exe
C:\Users\ejub\AppData\Local\Temp\GTA V full version.exe
C:\Users\ejub\AppData\Local\Temp\ICReinstall_Firefox_Setup.exe
C:\Users\ejub\AppData\Local\Temp\MINECRAFT (2).EXE
C:\Users\ejub\AppData\Local\Temp\MoviesToolbarSetup_Somoto.exe
C:\Users\ejub\AppData\Local\Temp\OptimizerPro.exe
C:\Users\ejub\AppData\Local\Temp\Optimizer_Pro.exe
C:\Users\ejub\AppData\Local\Temp\Quarantine.exe
C:\Users\ejub\AppData\Local\Temp\tmpAF14.tmpshdam.exe
C:\Users\ejub\AppData\Local\Temp\TsuA2BF4D76.dll
C:\Users\ejub\AppData\Local\Temp\UpdateCheckerSetup.exe
==================== Bamital & volsnap Check =================
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
LastRegBack: 2013-10-04 23:29
==================== End Of Log ============================
--- --- --- --- --- --- die addition gibt es nicht wieso? ah jetzt habe ich sie FRST Additions Logfile: Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x86) Version: 03-10-2013
Ran by ejub at 2013-10-05 00:07:04
Running from C:\Users\ejub\Downloads
Boot Mode: Normal
==========================================================
==================== Security Center ========================
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installed Programs ======================
[Z-H-C]ScRipT V4
4S4Vendeta (Version: 1.0.0)
4Story 3.5
4Story DE 4.0.167
4story_cycle (HKCU Version: 4.00.05.203)
Adobe Flash Player 11 ActiveX (Version: 11.8.800.175)
Adobe Flash Player 11 Plugin (Version: 11.8.800.168)
Adobe Reader 9.5.5 - Deutsch (Version: 9.5.5)
AION Free-to-Play
AMD Catalyst Install Manager (Version: 8.0.911.0)
Apple Application Support (Version: 2.3.2)
Apple Mobile Device Support (Version: 6.0.1.3)
Apple Software Update (Version: 2.1.3.127)
Ask Toolbar (Version: 1.15.15.0)
Ask Toolbar Updater (HKCU Version: 1.2.4.35882)
BabylonObjectInstaller (Version: 1.0.0.0)
Bonjour (Version: 3.0.0.10)
BrowseToSave 1.74
Browwse2siAvee (Version: )
Catalyst Control Center - Branding (Version: 1.00.0000)
Catalyst Control Center (Version: 2013.0328.2218.38225)
Catalyst Control Center Graphics Previews Common (Version: 2013.0328.2218.38225)
Catalyst Control Center InstallProxy (Version: 2013.0328.2218.38225)
Catalyst Control Center Localization All (Version: 2013.0328.2218.38225)
CCC Help Chinese Standard (Version: 2013.0328.2217.38225)
CCC Help Chinese Traditional (Version: 2013.0328.2217.38225)
CCC Help Czech (Version: 2013.0328.2217.38225)
CCC Help Danish (Version: 2013.0328.2217.38225)
CCC Help Dutch (Version: 2013.0328.2217.38225)
CCC Help English (Version: 2013.0328.2217.38225)
CCC Help Finnish (Version: 2013.0328.2217.38225)
CCC Help French (Version: 2013.0328.2217.38225)
CCC Help German (Version: 2013.0328.2217.38225)
CCC Help Greek (Version: 2013.0328.2217.38225)
CCC Help Hungarian (Version: 2013.0328.2217.38225)
CCC Help Italian (Version: 2013.0328.2217.38225)
CCC Help Japanese (Version: 2013.0328.2217.38225)
CCC Help Korean (Version: 2013.0328.2217.38225)
CCC Help Norwegian (Version: 2013.0328.2217.38225)
CCC Help Polish (Version: 2013.0328.2217.38225)
CCC Help Portuguese (Version: 2013.0328.2217.38225)
CCC Help Russian (Version: 2013.0328.2217.38225)
CCC Help Spanish (Version: 2013.0328.2217.38225)
CCC Help Swedish (Version: 2013.0328.2217.38225)
CCC Help Thai (Version: 2013.0328.2217.38225)
CCC Help Turkish (Version: 2013.0328.2217.38225)
ccc-utility (Version: 2013.0328.2218.38225)
CCleaner (Version: 4.01)
CDBurnerXP (Version: 4.3.7.2423)
ClarioN-ScripTV3
Combined Community Codec Pack 2010-10-10 (Version: 2010.10.10.0)
Crossfire Europe (Version: 1.160)
Cube World - July 23, 2013 (Version: July 23, 2013)
D3DX10 (Version: 15.4.2368.0902)
DVDVideoSoftTB Toolbar (Version: 6.3.3.3)
Free Audio CD Burner version 1.4.8
Gameforge Live 1.8.1 "Legend" (Version: 1.8.1)
GIMP 2.8.4 (Version: 2.8.4)
Google Chrome (Version: 30.0.1599.66)
Google Update Helper (Version: 1.3.21.153)
HyperCam 2
IMinent Toolbar (Version: 3.26.0)
Intel(R) Network Connections 13.5.32.0 (Version: 13.5.32.0)
Intel® Matrix Storage Manager
Internet Explorer Toolbar 4.7 by SweetPacks (Version: 4.7.0010)
iTunes (Version: 11.0.1.12)
Java 7 Update 25 (Version: 7.0.250)
Java Auto Updater (Version: 2.1.9.5)
Java(TM) 6 Update 22 (Version: 6.0.220)
JavaFX 2.1.1 (Version: 2.1.1)
Kalydo Player 4.07.02 (HKCU Version: 4.07.02)
LogMeIn Hamachi (Version: 2.2.0.58)
Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
Microsoft .NET Framework 3.5 Language Pack SP1 - deu (Version: 3.5.30729)
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729)
Microsoft .NET Framework 4.5 (Version: 4.5.50709)
Microsoft Application Error Reporting (Version: 12.0.6012.5000)
Microsoft Silverlight (Version: 5.1.20513.0)
Microsoft VC9 runtime libraries (Version: 2.0.0)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.50727.42)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.56336)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (Version: 9.0.30729.5570)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (Version: 9.0.21022)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (Version: 10.0.40219)
mIRC
Mozilla Firefox 24.0 (x86 de) (Version: 24.0)
Mozilla Maintenance Service (Version: 24.0)
MSVCRT (Version: 15.4.2862.0708)
MSXML 4.0 SP2 (KB927978) (Version: 4.20.9841.0)
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)
NC Launcher (GameForge)
Need For Speed™ World (Version: 1.0.0.722)
NVIDIA PhysX (Version: 9.10.0513)
OptimizerPro (Version: 1.0)
Pando Media Booster (Version: 2.6.0.9)
PunkBuster Services (Version: 0.990)
Realtek High Definition Audio Driver (Version: 6.0.1.6235)
ROCCAT Isku Keyboard Driver
S.K.I.L.L. - Special Force 2
Savu Mouse (Version: 1.1.9)
Search-NeuWWTab (Version: )
Segoe UI (Version: 15.4.2271.0615)
Skype Click to Call (Version: 5.6.8442)
Spybot - Search & Destroy (Version: 1.6.2)
SweetIM Bundle by SweetPacks (Version: 1.0.0.0)
SweetIM for Messenger 3.7 (Version: 3.7.0007)
Sweetpacks Bundle Uninstaller (Version: 1.0.0.0)
TeamSpeak 3 Client (Version: 3.0.12)
Uninstall 1.0.0.1
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (Version: 1)
uTorrentBar_DE Toolbar (Version: 6.10.3.27)
Virtual Audio Cable 4.10
VLC media player 1.1.11 (Version: 1.1.11)
Windows Live Communications Platform (Version: 15.4.3502.0922)
Windows Live Essentials (Version: 15.4.3502.0922)
Windows Live Essentials (Version: 15.4.3555.0308)
Windows Live ID Sign-in Assistant (Version: 7.250.4232.0)
Windows Live Installer (Version: 15.4.3502.0922)
Windows Live Messenger (Version: 15.4.3538.0513)
Windows Live OneCare safety scanner
Windows Live OneCare safety scanner (Version: 1.0.0.0)
Windows Live Photo Common (Version: 15.4.3502.0922)
Windows Live PIMT Platform (Version: 15.4.3508.1109)
Windows Live SOXE (Version: 15.4.3502.0922)
Windows Live SOXE Definitions (Version: 15.4.3502.0922)
Windows Live UX Platform (Version: 15.4.3502.0922)
Windows Live UX Platform Language Pack (Version: 15.4.3508.1109)
Windows Media Player Firefox Plugin (Version: 1.0.0.8)
WinRAR
ZupaCafe §¢®îþT
==================== Restore Points =========================
28-08-2013 11:54:16 Geplanter Prüfpunkt
29-08-2013 13:37:37 Geplanter Prüfpunkt
30-08-2013 11:24:12 Geplanter Prüfpunkt
31-08-2013 17:09:40 Geplanter Prüfpunkt
01-09-2013 09:29:48 Geplanter Prüfpunkt
02-09-2013 09:05:08 Windows Update
03-09-2013 18:05:53 Geplanter Prüfpunkt
06-09-2013 11:47:51 Geplanter Prüfpunkt
06-09-2013 13:47:13 Windows Update
07-09-2013 15:22:40 Geplanter Prüfpunkt
08-09-2013 18:51:17 Geplanter Prüfpunkt
09-09-2013 14:51:16 Geplanter Prüfpunkt
10-09-2013 08:36:35 Windows Update
11-09-2013 12:48:40 Geplanter Prüfpunkt
12-09-2013 14:02:54 Geplanter Prüfpunkt
13-09-2013 10:27:01 Windows Update
14-09-2013 17:14:29 Geplanter Prüfpunkt
15-09-2013 13:47:00 Geplanter Prüfpunkt
16-09-2013 07:35:16 Windows Update
18-09-2013 13:45:47 Geplanter Prüfpunkt
19-09-2013 13:03:11 Geplanter Prüfpunkt
19-09-2013 14:32:57 Avira DE-Cleaner - 19.09.2013 16:32
20-09-2013 19:38:45 Windows Update
20-09-2013 21:47:51 Installed GTA V
20-09-2013 22:14:00 Removed GTA V
21-09-2013 13:59:10 Geplanter Prüfpunkt
23-09-2013 14:00:18 Geplanter Prüfpunkt
24-09-2013 09:50:30 Windows Update
25-09-2013 11:18:15 Geplanter Prüfpunkt
26-09-2013 09:42:06 Geplanter Prüfpunkt
27-09-2013 15:08:48 Geplanter Prüfpunkt
28-09-2013 12:39:46 Geplanter Prüfpunkt
29-09-2013 14:26:06 Geplanter Prüfpunkt
30-09-2013 10:30:59 Geplanter Prüfpunkt
01-10-2013 11:02:41 Windows Update
01-10-2013 15:17:32 Windows Update
02-10-2013 12:24:49 Geplanter Prüfpunkt
03-10-2013 12:54:22 Geplanter Prüfpunkt
04-10-2013 13:17:20 Geplanter Prüfpunkt
==================== Hosts content: ==========================
2006-11-02 12:23 - 2012-01-27 12:38 - 00434037 ____R C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 localhost
127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com
127.0.0.1 www.0scan.com
127.0.0.1 0scan.com
127.0.0.1 1000gratisproben.com
127.0.0.1 www.1000gratisproben.com
127.0.0.1 1001namen.com
127.0.0.1 www.1001namen.com
127.0.0.1 100888290cs.com
127.0.0.1 ²©²Êͨ,²©²ÊÍø,½ð±¦²©188,²©²ÊͨÆÀ¼¶,°Ù¼ÒÀÖ,°ÂÃî°Ù¼ÒÀÖ
127.0.0.1 www.100sexlinks.com
127.0.0.1 100sexlinks.com
127.0.0.1 10sek.com
127.0.0.1 www.10sek.com
127.0.0.1 www.1-2005-search.com
127.0.0.1 1-2005-search.com
127.0.0.1 123fporn.info
127.0.0.1 www.123fporn.info
127.0.0.1 123haustiereundmehr.com
127.0.0.1 Börse für Anfänger
There are 1000 more lines.
==================== Scheduled Tasks (whitelisted) =============
Task: {04088465-B876-495F-81BA-D495E478E6D8} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2013-09-20] (Adobe Systems Incorporated)
Task: {07763EEF-1ACA-4D73-A38A-1FC963F8CB68} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2013-04-23] (Piriform Ltd)
Task: {1CC81347-6204-4B83-900C-01E02F50F067} - System32\Tasks\Microsoft\Windows\MobilePC\TMM
Task: {30490A09-3CA3-4D54-9D78-14EB0B020C46} - System32\Tasks\Dealply => C:\Users\ejub\AppData\Roaming\Dealply\UPDATE~1\UPDATE~1.EXE [2013-09-19] ()
Task: {31F2ACC6-6E0C-4EDD-82F9-FA7B4E32AC42} - System32\Tasks\{B19ABB0E-C4A4-4313-80E0-A7067532D9A7} => Iexplore.exe Skype auf Ihren Computer herunterladen ? Mac, Windows, Linux*?*Skype
Task: {320124A7-D70F-41DE-A9D1-D5E8E19D5D91} - System32\Tasks\Microsoft\Windows\NetworkAccessProtection\NAPStatus UI
Task: {35640600-5623-4543-9A18-764CBB0ADE9F} - System32\Tasks\{FB62B77A-41A4-4F7A-BFFC-333D7F147381} => Iexplore.exe Skype auf Ihren Computer herunterladen ? Mac, Windows, Linux*?*Skype
Task: {3BCDF251-CA5C-4045-A1FC-8FCEF9FBDC93} - System32\Tasks\Microsoft\Windows\Shell\CrawlStartPages
Task: {3DD32D17-60D3-41EF-AB22-39199D1BA3B6} - System32\Tasks\{C20641BF-E89F-46FB-9115-29440DA0F060} => C:\Program Files\Skype\\Phone\Skype.exe
Task: {42C08150-5F03-45F5-9281-E0525C506893} - System32\Tasks\schedule!3036567561 => C:\ProgramData\BetterSoft\OptimizerPro\OptimizerPro.exe
Task: {44980BEE-7809-44A9-AC24-D6E578A3B7DF} - System32\Tasks\Microsoft\Windows\RAC\RACAgent => C:\Windows\system32\RacAgent.exe [2008-01-21] (Microsoft Corporation)
Task: {58A6B474-2760-40B3-8566-B75C22292377} - System32\Tasks\{9E1954E1-DFCC-4B28-9EF9-50368F7406CD} => Iexplore.exe Skype auf Ihren Computer herunterladen ? Mac, Windows, Linux*?*Skype
Task: {59C5D170-61C2-479C-91F1-C4E7EC28FCE8} - System32\Tasks\CreateChoiceProcessTask => C:\Windows\System32\browserchoice.exe [2010-02-12] (Microsoft Corporation)
Task: {5E1896EE-84B7-41C6-9E27-BA007E0C0F61} - System32\Tasks\Microsoft\Windows\WindowsCalendar\Reminders - ejub => C:\Program Files\Windows Calendar\wincal.exe [2009-04-11] (Microsoft Corporation)
Task: {8CC8CA07-8E83-40EB-B4F4-7A361EC1E0A5} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2013-07-07] (Google Inc.)
Task: {9514F47F-3CFC-466C-B6DC-9FC197860B89} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2013-07-07] (Google Inc.)
Task: {9A9ED6BF-8B16-437F-A0C0-C09CF57285EE} - System32\Tasks\Game_Booster_AutoUpdate => C:\Program Files\IObit\Game Booster 3\AutoUpdate.exe
Task: {ACE618AF-16C5-47F6-A77F-F32012598087} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {C27CA195-C969-4D13-9821-7783F7EF3DE4} - System32\Tasks\Express FilesUpdate => C:\Program Files\ExpressFiles\EFUpdater.exe
Task: {E5150B95-F9B4-4D5D-95A2-7EC1ACBA95F8} - System32\Tasks\Microsoft\Windows\Wireless\GatherWirelessInfo => C:\Windows\system32\gatherWirelessInfo.vbs [2008-01-21] ()
Task: {FA2C4F3A-BA0C-400D-8B69-8407F51FE651} - System32\Tasks\Scheduled Update for Ask Toolbar => C:\Program Files\Ask.com\UpdateTask.exe [2013-01-24] ()
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\Dealply.job => C:\Users\ejub\AppData\Roaming\Dealply\UPDATE~1\UPDATE~1.EXE
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\schedule!3036567561.job => C:\ProgramData\BetterSoft\OptimizerPro\OptimizerPro.exe
==================== Loaded Modules (whitelisted) =============
2010-11-25 18:34 - 2010-03-15 12:28 - 00141824 _____ () C:\Program Files\WinRAR\rarext.dll
2010-09-29 03:13 - 2013-03-29 03:07 - 00037376 _____ () C:\Windows\system32\atitmpxx.dll
2012-11-28 15:13 - 2012-11-28 15:13 - 00087952 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2012-11-28 15:13 - 2012-11-28 15:13 - 01242512 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2013-10-02 15:04 - 2013-09-11 04:26 - 03279768 _____ () C:\Program Files\Mozilla Firefox\mozjs.dll
2013-09-10 23:43 - 2013-09-10 23:43 - 16177544 _____ () C:\Windows\system32\Macromed\Flash\NPSWF32_11_8_800_168.dll
==================== Alternate Data Streams (whitelisted) =========
AlternateDataStreams: C:\ProgramData\TEMP:07BF512B
==================== Safe Mode (whitelisted) ===================
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Hamachi2Svc => ""="Service"
==================== Faulty Device Manager Devices =============
Name: isatap.{0562251F-949F-4459-90C2-100C7559DAC6}
Description: Microsoft-ISATAP-Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31)
Resolution: Update the driver
Name: Scanner 4800H48U #2
Description: Scanner 4800H48U
Class Guid: {6bdd1fc6-810f-11d0-bec7-08002be2092f}
Manufacturer: Microtek
Service: usbscan
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
==================== Event log errors: =========================
Application errors:
==================
Error: (10/04/2013 11:16:54 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (10/03/2013 03:37:05 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 7722
Error: (10/03/2013 03:37:05 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 7722
Error: (10/03/2013 03:37:05 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
Error: (10/03/2013 03:37:04 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 6708
Error: (10/03/2013 03:37:04 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 6708
Error: (10/03/2013 03:37:04 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
Error: (10/03/2013 03:37:03 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 5710
Error: (10/03/2013 03:37:03 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 5710
Error: (10/03/2013 03:37:03 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
System errors:
=============
Error: (10/04/2013 11:16:54 AM) (Source: Service Control Manager) (User: )
Description: SBSD Security Center ServiceSicherheitscenter%%1058
Error: (10/04/2013 11:16:00 AM) (Source: EventLog) (User: )
Description: Das System wurde zuvor am 03.10.2013 um 21:53:06 unerwartet heruntergefahren.
Error: (10/03/2013 00:47:44 PM) (Source: Service Control Manager) (User: )
Description: LogMeIn Hamachi Tunneling Engine%%1053
Error: (10/03/2013 00:47:44 PM) (Source: Service Control Manager) (User: )
Description: 30000LogMeIn Hamachi Tunneling Engine
Error: (10/03/2013 00:47:44 PM) (Source: Service Control Manager) (User: )
Description: SBSD Security Center ServiceSicherheitscenter%%1058
Error: (10/03/2013 00:46:16 PM) (Source: EventLog) (User: )
Description: Das System wurde zuvor am 02.10.2013 um 23:00:55 unerwartet heruntergefahren.
Error: (10/02/2013 10:52:32 PM) (Source: Service Control Manager) (User: )
Description: SBSD Security Center ServiceSicherheitscenter%%1058
Error: (10/02/2013 10:50:54 PM) (Source: EventLog) (User: )
Description: Das System wurde zuvor am 02.10.2013 um 22:49:14 unerwartet heruntergefahren.
Error: (10/02/2013 09:37:26 PM) (Source: Service Control Manager) (User: )
Description: LogMeIn Hamachi Tunneling Engine%%1053
Error: (10/02/2013 09:37:26 PM) (Source: Service Control Manager) (User: )
Description: 30000LogMeIn Hamachi Tunneling Engine
Microsoft Office Sessions:
=========================
Error: (10/04/2013 11:16:54 AM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (10/03/2013 03:37:05 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 7722
Error: (10/03/2013 03:37:05 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledEvent 7722
Error: (10/03/2013 03:37:05 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: Continuously busy for more than a second
Error: (10/03/2013 03:37:04 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 6708
Error: (10/03/2013 03:37:04 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledEvent 6708
Error: (10/03/2013 03:37:04 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: Continuously busy for more than a second
Error: (10/03/2013 03:37:03 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 5710
Error: (10/03/2013 03:37:03 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledEvent 5710
Error: (10/03/2013 03:37:03 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: Continuously busy for more than a second
CodeIntegrity Errors:
===================================
Date: 2013-07-03 23:38:02.170
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Program Files\AVG\AVG2013\Drivers\avgidshx.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2013-07-03 23:38:02.030
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Program Files\AVG\AVG2013\Drivers\avgidshx.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2013-07-03 23:38:01.765
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Program Files\AVG\AVG2013\Drivers\avgidshx.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2013-07-03 23:38:01.624
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Program Files\AVG\AVG2013\Drivers\avgidshx.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2013-07-03 23:37:59.752
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Program Files\AVG\AVG2013\Drivers\avgidsdriverx.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2013-07-03 23:37:59.627
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Program Files\AVG\AVG2013\Drivers\avgidsdriverx.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2013-07-03 23:37:59.440
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Program Files\AVG\AVG2013\Drivers\avgidsdriverx.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2013-07-03 23:37:59.300
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Program Files\AVG\AVG2013\Drivers\avgidsdriverx.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2013-05-23 02:29:21.516
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Program Files\AVG\AVG2013\Drivers\avgidshx.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2013-05-23 02:29:21.375
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Program Files\AVG\AVG2013\Drivers\avgidshx.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
==================== Memory info ===========================
Percentage of memory in use: 47%
Total physical RAM: 3062.45 MB
Available physical RAM: 1593.09 MB
Total Pagefile: 6343.9 MB
Available Pagefile: 4478.22 MB
Total Virtual: 2047.88 MB
Available Virtual: 1912.55 MB
==================== Drives ================================
Drive c: (BOOT) (Fixed) (Total:911.5 GB) (Free:666.93 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: (RECOVER) (Fixed) (Total:20 GB) (Free:12.04 GB) FAT32
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 932 GB) (Disk ID: F98D6E74)
Partition 1: (Active) - (Size=911 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=20 GB) - (Type=OF Extended)
==================== End Of Log ============================
|
|
05.10.2013, 11:22
| #6 | |
| /// the machine /// TB-Ausbilder | bitte hilfe bluescrenn und gvo6 und mehr !Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!Downloade dir bitte Combofix vom folgenden Downloadspiegel Link 1 WICHTIG - Speichere Combofix auf deinem Desktop
Wenn Combofix fertig ist, wird es eine Logfile erstellen. Bitte poste die C:\Combofix.txt in deiner nächsten Antwort. Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten Zitat:
__________________ --> bitte hilfe bluescrenn und gvo6 und mehr ! |
|
05.10.2013, 11:44
| #7 |
| | bitte hilfe bluescrenn und gvo6 und mehr ! Hey das geht leider nicht der fängt an zu scanne und dann geht pc aus bluescrenn !  |
|
05.10.2013, 19:19
| #8 |
| /// the machine /// TB-Ausbilder | bitte hilfe bluescrenn und gvo6 und mehr ! Combofix löschen und neu laden, nochmal versuchen. Wenn es nit geht im abgesicherten Modus versuchen.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
05.10.2013, 19:26
| #9 | |
| | bitte hilfe bluescrenn und gvo6 und mehr !Zitat:
muss ich windows defender und windows firewall aus machen ? |
|
05.10.2013, 19:54
| #10 |
| /// the machine /// TB-Ausbilder | bitte hilfe bluescrenn und gvo6 und mehr ! defender ja, Firewall kann an bleiben.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
05.10.2013, 20:50
| #11 |
| | bitte hilfe bluescrenn und gvo6 und mehr ! Combofix Logfile: Code:
ATTFilter ComboFix 13-10-04.02 - ejub 05.10.2013 21:14:29.1.8 - x86 MINIMAL
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.49.1031.18.3062.2399 [GMT 2:00]
ausgeführt von:: c:\users\ejub\Desktop\ComboFix.exe
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Neuer Wiederherstellungspunkt wurde erstellt
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\CFLog
c:\cflog\CrashLog_20121018.txt
c:\cflog\CrashLog_20130316.txt
c:\cflog\EPLog.txt
c:\cflog\Host.txt
C:\Install.exe
c:\program files\BasicServe
c:\program files\DealPly
c:\program files\DealPly\uninst.exe
c:\program files\IMinent Toolbar\tbHElper.dll
c:\programdata\BetterSoft\OptimizerPro
c:\programdata\BetterSoft\OptimizerPro\3036567561.ini
c:\programdata\svchost
c:\programdata\svchost\Betriebssystem Microsoft® Windows®\6.1.7600.16385\ms.id
c:\users\ejub\AppData\Local\DProtect
c:\users\ejub\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_eooncjejnppfjjklapaamhcdmjbilmde_0.localstorage
c:\users\ejub\AppData\Local\Google\Chrome\User Data\Default\Preferences
c:\users\ejub\AppData\Roaming\832f5e4c
c:\users\ejub\AppData\Roaming\832f5e4c.exe
c:\users\ejub\AppData\Roaming\832f5e4c\832f5e4c.exe
c:\users\ejub\AppData\Roaming\bs_log.dat
c:\users\ejub\AppData\Roaming\bs_stealth.exe
c:\users\ejub\AppData\Roaming\Microsoft\taskmsg.exe
c:\users\ejub\AppData\Roaming\r58Ies.tmp
c:\windows\iun6002.exe
c:\windows\system32\networkdlllsp.dll
c:\windows\system32\roboot.exe
c:\windows\system32\Windupdt
c:\windows\wininit.ini
D:\AUTORUN.INF
.
.
((((((((((((((((((((((((((((((((((((((( Treiber/Dienste )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_BasicServe Service
.
.
((((((((((((((((((((((( Dateien erstellt von 2013-09-05 bis 2013-10-05 ))))))))))))))))))))))))))))))
.
.
2013-10-05 19:20 . 2013-10-05 19:22 -------- d-----w- c:\users\ejub\AppData\Local\temp
2013-10-05 19:20 . 2013-10-05 19:20 -------- d-----w- c:\users\gast2\AppData\Local\temp
2013-10-02 20:51 . 2013-10-02 20:51 -------- d-----w- c:\users\ejub\AppData\Local\LogMeIn
2013-10-02 20:51 . 2013-10-02 20:51 -------- d-----w- c:\programdata\LogMeIn
2013-10-02 19:37 . 2013-10-02 19:37 -------- d-----w- c:\program files\LogMeIn Hamachi
2013-10-02 13:04 . 2013-10-02 13:04 -------- d-----w- c:\program files\Mozilla Maintenance Service
2013-10-01 22:24 . 2013-10-01 22:24 -------- d-----w- C:\FRST
2013-10-01 21:55 . 2013-10-02 20:48 -------- d-----w- C:\AdwCleaner
2013-10-01 15:17 . 2010-04-05 20:00 221568 ----a-w- c:\windows\system32\drivers\netio.sys
2013-09-21 13:58 . 2013-10-04 22:16 -------- d-----w- c:\users\ejub\AppData\Roaming\dmplogs
2013-09-19 13:28 . 2013-09-19 13:32 -------- d-----w- c:\program files\Optimizer Pro
2013-09-19 12:23 . 2013-09-19 13:38 -------- d-----w- c:\program files\DealPlyLive
2013-09-19 12:23 . 2013-09-19 12:23 -------- d-----w- c:\users\ejub\AppData\Local\DealPlyLive
2013-09-19 12:23 . 2013-09-19 12:23 -------- d-----w- c:\programdata\DealPlyLive
2013-09-19 12:23 . 2013-09-19 12:23 -------- d-----w- c:\users\ejub\AppData\Roaming\Dealply
2013-09-19 11:20 . 2013-09-19 13:39 -------- d-----w- c:\programdata\eSafe
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-10-04 09:38 . 2013-10-04 09:38 60872 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{D4F8D603-565B-47DD-B922-A5D7D8129568}\offreg.dll
2013-10-01 15:22 . 2010-04-29 12:14 147093 ----a-w- c:\windows\DUMP4ca8.tmp
2013-09-20 19:43 . 2012-10-12 03:04 692616 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-09-20 19:43 . 2011-09-19 18:22 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-09-09 08:52 . 2013-01-07 18:14 632656 ----a-w- c:\windows\system32\msvcr80.dll
2013-09-09 08:52 . 2013-01-07 18:14 554832 ----a-w- c:\windows\system32\msvcp80.dll
2013-09-09 08:52 . 2013-01-07 18:14 479232 ----a-w- c:\windows\system32\msvcm80.dll
2013-09-05 05:02 . 2013-10-04 09:22 7328304 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{D4F8D603-565B-47DD-B922-A5D7D8129568}\mpengine.dll
2013-08-07 02:22 . 2010-11-25 16:18 238872 ------w- c:\windows\system32\MpSigStub.exe
2013-08-02 04:09 . 2013-08-28 10:10 1548288 ----a-w- c:\windows\system32\WMVDECOD.DLL
2013-07-17 19:41 . 2013-08-14 12:12 2048 ----a-w- c:\windows\system32\tzres.dll
2013-07-11 23:19 . 2013-07-11 23:18 76902472 ----a-w- c:\users\ejub\gimp-2-8-4-setup.exe
2013-07-10 09:47 . 2013-08-14 12:12 783360 ----a-w- c:\windows\system32\rpcrt4.dll
2013-07-09 12:10 . 2013-08-14 12:12 1205168 ----a-w- c:\windows\system32\ntdll.dll
2013-07-08 04:55 . 2013-08-14 12:12 3603904 ----a-w- c:\windows\system32\ntkrnlpa.exe
2013-07-08 04:55 . 2013-08-14 12:12 3551680 ----a-w- c:\windows\system32\ntoskrnl.exe
2013-07-08 04:20 . 2013-08-14 12:13 172544 ----a-w- c:\windows\system32\wintrust.dll
2013-07-08 04:16 . 2013-08-14 12:13 98304 ----a-w- c:\windows\system32\cryptnet.dll
2013-07-08 04:16 . 2013-08-14 12:13 133120 ----a-w- c:\windows\system32\cryptsvc.dll
2013-07-08 04:16 . 2013-08-14 12:13 992768 ----a-w- c:\windows\system32\crypt32.dll
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{00000000-6E41-4FD3-8538-502F5495E5FC}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2013-01-24 1521800]
"{872b5b88-9db5-4310-bdd0-ac189557e5f5}"= "c:\program files\DVDVideoSoftTB\prxtbDVD0.dll" [2011-01-17 175912]
"{c840e246-6b95-475e-9bd7-caa1c7eca9f2}"= "c:\program files\uTorrentBar_DE\prxtbuTo2.dll" [2012-11-06 183112]
.
[HKEY_CLASSES_ROOT\clsid\{00000000-6e41-4fd3-8538-502f5495e5fc}]
.
[HKEY_CLASSES_ROOT\clsid\{872b5b88-9db5-4310-bdd0-ac189557e5f5}]
.
[HKEY_CLASSES_ROOT\clsid\{c840e246-6b95-475e-9bd7-caa1c7eca9f2}]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\~\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}]
2011-01-17 14:54 175912 ----a-w- c:\program files\ConduitEngine\prxConduitEngine.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\~\Browser Helper Objects\{58124A0B-DC32-4180-9BFF-E0E21AE34026}]
2010-07-02 07:54 2607872 ----a-w- c:\program files\IMinent Toolbar\tbcore3.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\~\Browser Helper Objects\{872b5b88-9db5-4310-bdd0-ac189557e5f5}]
2011-01-17 14:54 175912 ----a-w- c:\program files\DVDVideoSoftTB\prxtbDVD0.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\~\Browser Helper Objects\{c840e246-6b95-475e-9bd7-caa1c7eca9f2}]
2012-11-06 13:01 183112 ----a-w- c:\program files\uTorrentBar_DE\prxtbuTo2.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{872b5b88-9db5-4310-bdd0-ac189557e5f5}"= "c:\program files\DVDVideoSoftTB\prxtbDVD0.dll" [2011-01-17 175912]
"{977AE9CC-AF83-45E8-9E03-E2798216E2D5}"= "c:\program files\IMinent Toolbar\tbcore3.dll" [2010-07-02 2607872]
"{c840e246-6b95-475e-9bd7-caa1c7eca9f2}"= "c:\program files\uTorrentBar_DE\prxtbuTo2.dll" [2012-11-06 183112]
.
[HKEY_CLASSES_ROOT\clsid\{872b5b88-9db5-4310-bdd0-ac189557e5f5}]
.
[HKEY_CLASSES_ROOT\clsid\{977ae9cc-af83-45e8-9e03-e2798216e2d5}]
[HKEY_CLASSES_ROOT\TBSB01620.TBSB01620.3]
[HKEY_CLASSES_ROOT\TypeLib\{EC4085F2-8DB3-45a6-AD0B-CA289F3C5D7E}]
[HKEY_CLASSES_ROOT\TBSB01620.TBSB01620]
.
[HKEY_CLASSES_ROOT\clsid\{c840e246-6b95-475e-9bd7-caa1c7eca9f2}]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{872B5B88-9DB5-4310-BDD0-AC189557E5F5}"= "c:\program files\DVDVideoSoftTB\prxtbDVD0.dll" [2011-01-17 175912]
"{977AE9CC-AF83-45E8-9E03-E2798216E2D5}"= "c:\program files\IMinent Toolbar\tbcore3.dll" [2010-07-02 2607872]
"{C840E246-6B95-475E-9BD7-CAA1C7ECA9F2}"= "c:\program files\uTorrentBar_DE\prxtbuTo2.dll" [2012-11-06 183112]
.
[HKEY_CLASSES_ROOT\clsid\{872b5b88-9db5-4310-bdd0-ac189557e5f5}]
.
[HKEY_CLASSES_ROOT\clsid\{977ae9cc-af83-45e8-9e03-e2798216e2d5}]
[HKEY_CLASSES_ROOT\TBSB01620.TBSB01620.3]
[HKEY_CLASSES_ROOT\TypeLib\{EC4085F2-8DB3-45a6-AD0B-CA289F3C5D7E}]
[HKEY_CLASSES_ROOT\TBSB01620.TBSB01620]
.
[HKEY_CLASSES_ROOT\clsid\{c840e246-6b95-475e-9bd7-caa1c7eca9f2}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2008-09-12 182808]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2010-11-02 9808488]
"ApnUpdater"="c:\program files\Ask.com\Updater\Updater.exe" [2013-01-24 1646216]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2013-05-08 41056]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-11-28 59280]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-12-12 152544]
"4StoryPrePatch"="c:\program files\GameforgeLive\Games\DEU_deu\4Story\PrePatch.exe" [2012-11-29 327680]
"SweetIM"="c:\program files\SweetIM\Messenger\SweetIM.exe" [2012-10-04 115032]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2013-03-28 642656]
"RoccatIsku"="c:\program files\ROCCAT\Isku Keyboard\IskuMonitor.EXE" [2012-11-09 542560]
"ROCCAT Savu Gaming Mouse"="c:\program files\ROCCAT\Savu Mouse\Savu Monitor.exe" [2012-09-10 872048]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2013-03-12 253816]
"LogMeIn Hamachi Ui"="c:\program files\LogMeIn Hamachi\hamachi-2-ui.exe" [2013-10-01 2345296]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"ShowDriveLettersFirst"= 4 (0x4)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2013-04-04 21:06 958576 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2013-05-08 21:20 41056 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2013-03-12 05:32 253816 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-1866084852-830482982-1753589518-1000]
"EnableNotificationsRef"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-10-01 21:06 1185744 ----a-w- c:\program files\Google\Chrome\Application\30.0.1599.66\Installer\chrmstp.exe
.
Inhalt des "geplante Tasks" Ordners
.
2013-10-05 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-10-12 19:43]
.
2013-10-05 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2013-07-07 19:54]
.
2013-10-05 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2013-07-07 19:54]
.
.
------- Zusätzlicher Suchlauf -------
.
uDefault_Search_URL = hxxp://www.google.com/ie
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to Google Photos Screensa&ver
IE: Free YouTube to MP3 Converter - c:\users\ejub\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
IE: Google Sidewiki...
IE: Web-Suche - c:\program files\SweetIM\Toolbars\Internet Explorer\resources\menuext.html
Trusted Zone: clonewarsadventures.com
Trusted Zone: freerealms.com
Trusted Zone: soe.com
Trusted Zone: sony.com
FF - ProfilePath - c:\users\ejub\AppData\Roaming\Mozilla\Firefox\Profiles\z069vy7q.default\
FF - prefs.js: browser.startup.homepage - hxxps://www.google.de/
FF - prefs.js: network.proxy.ftp - 127.0.0.1
FF - prefs.js: network.proxy.ftp_port - 8555
FF - prefs.js: network.proxy.gopher - 127.0.0.1
FF - prefs.js: network.proxy.gopher_port - 8555
FF - prefs.js: network.proxy.http - 127.0.0.1
FF - prefs.js: network.proxy.http_port - 8555
FF - prefs.js: network.proxy.socks - 127.0.0.1
FF - prefs.js: network.proxy.socks_port - 8555
FF - prefs.js: network.proxy.ssl - 127.0.0.1
FF - prefs.js: network.proxy.ssl_port - 8555
FF - prefs.js: network.proxy.type - 0
FF - ExtSQL: 2013-09-11 12:52; {2541D29A-DB9E-4c1e-949A-31EFB4AEF4E7}; c:\users\ejub\AppData\Roaming\Mozilla\Firefox\Profiles\z069vy7q.default\extensions\{2541D29A-DB9E-4c1e-949A-31EFB4AEF4E7}
FF - user.js: extensions.shownSelectionUI - true
user_pref(extensions.dntp.origin,'yotam_amo');
user_pref(extensions.dntp.origin,'yotam_amo');
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
URLSearchHooks-{5e5ab302-7f65-44cd-8211-c1d4caaccea3} - (no file)
BHO-{57DF9426-D4DB-C7B6-EB6B-E22672A782B8} - (no file)
BHO-{5e5ab302-7f65-44cd-8211-c1d4caaccea3} - (no file)
BHO-{E0D8909E-2C72-D88A-27C5-F2986334A64B} - (no file)
Toolbar-10 - (no file)
HKCU-Run-bs_stealth - c:\users\ejub\AppData\Roaming\bs_stealth.exe
HKCU-Run-windows updater - c:\users\ejub\AppData\Roaming\Microsoft\taskmsg.exe
SafeBoot-WudfPf
SafeBoot-WudfRd
MSConfigStartUp-SpybotSD TeaTimer - c:\program files\Spybot - Search & Destroy\TeaTimer.exe
AddRemove-ClarioN-ScripTV3 - c:\windows\iun6002.exe
AddRemove-Cube World - July 23, 2013July 23, 2013 - c:\users\ejub\Desktop\Cube World - July 23
AddRemove-PunkBusterSvc - c:\program files\EA Games\Battlefield Play4Free\pbsvc_p4f.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover
Rootkit scan 2013-10-05 21:24
Windows 6.0.6002 Service Pack 2 NTFS
.
Scanne versteckte Prozesse...
.
Scanne versteckte Autostarteinträge...
.
Scanne versteckte Dateien...
.
Scan erfolgreich abgeschlossen
versteckte Dateien: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_11_8_800_175_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_11_8_800_175_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- Durch laufende Prozesse gestartete DLLs ---------------------
.
- - - - - - - > 'Explorer.exe'(1224)
c:\program files\SweetIM\Messenger\mgAdaptersProxy.dll
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\windows\system32\atiesrxx.exe
c:\windows\system32\atieclxx.exe
c:\windows\ehome\ehmsas.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\system32\inetsrv\inetinfo.exe
c:\program files\LogMeIn Hamachi\LMIGuardianSvc.exe
c:\windows\system32\mqsvc.exe
c:\windows\system32\PnkBstrA.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\program files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
c:\windows\System32\WUDFHost.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\program files\LogMeIn Hamachi\hamachi-2.exe
c:\program files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
c:\windows\system32\mqtgsvc.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\Windows Media Player\wmpnscfg.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
c:\windows\system32\wbem\unsecapp.exe
c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2013-10-05 21:48:47 - PC wurde neu gestartet
ComboFix-quarantined-files.txt 2013-10-05 19:48
.
Vor Suchlauf: 23 Verzeichnis(se), 718.869.434.368 Bytes frei
Nach Suchlauf: 27 Verzeichnis(se), 717.706.940.416 Bytes frei
.
- - End Of File - - 4BDED68CB80B23CA2DC9E0037B5FE2AF
5C616939100B85E558DA92B899A0FC36 |
|
06.10.2013, 16:15
| #12 |
| /// the machine /// TB-Ausbilder | bitte hilfe bluescrenn und gvo6 und mehr ! Downloade Dir bitte  Malwarebytes Anti-Malware
Downloade Dir bitte  AdwCleaner auf deinen Desktop.
Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
und ein frisches FRST log bitte.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
So funktioniert es:
Linear-Darstellung
