|
Log-Analyse und Auswertung: Windows 7: Daily Deal Werbung im Browser (FireFox)Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
01.12.2013, 00:51 | #1 |
| Windows 7: Daily Deal Werbung im Browser (FireFox) EDIT: An alles habe ich gedacht und dann kann ich mir nichtmal den Namen der Werbung merken. Ich meinte natürlich den Deal Finder, nicht Daily Deal! Liebe Leute, gleich vorweg, ich kann zwar Anweisungen befolgen, habe aber keineswegs gute PC-Kenntnisse - mit anderen Worten: seid bitte nachsichtig, wenn ich nicht gleich sofort verstehe, was ihr meint :/ Ich nutzte den PC gemeinsam mit meinem ehemaligen Mitbewohner, der sich ein wenig mehr auskannte als ich, dieser hat den PC auch einmal neu aufgesetzt, meine damalige Original-Windows Version ist nun futsch. So viel dazu... Nun zu meinem Problem: Das einzige Symptom, das sich bemerkbar gemacht hat, ist eine lästige Deal Finder Werbung, die sich zeigt, wenn ich mit der Maus über diverse Produkte im Internet fahre und somit die eigentlichen Links verdeckt. Ansonsten läuft der PC eigentlich einwandfrei, evt. erkannte ich als Laie keine sonstigen Anzeichen. Meine Schritte bevor ich auf dieses Forum gestoßen bin: 1. AdwCleaner laufen lassen. Logfile: Code:
ATTFilter # AdwCleaner v3.013 - Bericht erstellt am 30/11/2013 um 21:59:52 # Updated 24/11/2013 von Xplode # Betriebssystem : Windows 7 Ultimate Service Pack 1 (64 bits) # Benutzername : dr-jane - BOBBY # Gestartet von : C:\Users\dr-jane\Downloads\adwcleaner313.exe # Option : Suchen ***** [ Dienste ] ***** ***** [ Dateien / Ordner ] ***** Datei Gefunden : C:\END Datei Gefunden : C:\Windows\System32\Tasks\Object Browser-chromeinstaller Datei Gefunden : C:\Windows\System32\Tasks\Object Browser-codedownloader Datei Gefunden : C:\Windows\System32\Tasks\Object Browser-enabler Datei Gefunden : C:\Windows\System32\Tasks\Object Browser-firefoxinstaller Datei Gefunden : C:\Windows\System32\Tasks\Object Browser-updater Datei Gefunden : C:\Windows\Tasks\Object Browser-chromeinstaller.job Datei Gefunden : C:\Windows\Tasks\Object Browser-codedownloader.job Datei Gefunden : C:\Windows\Tasks\Object Browser-enabler.job Datei Gefunden : C:\Windows\Tasks\Object Browser-firefoxinstaller.job Datei Gefunden : C:\Windows\Tasks\Object Browser-updater.job Ordner Gefunden : C:\Users\dr-jane\AppData\Local\Google\Chrome\User Data\Default\Extensions\kfgaibfbmkjgmimhbbaikfnpkkjkpoan Ordner Gefunden : C:\Users\dr-jane\AppData\Roaming\Mozilla\Firefox\Profiles\1d91dsu2.default\Extensions\9321b276-2c2e-4c5f-bd04-b8118e512707@c0c8a2d6-3275-4cac-a0b2-52e936311db9.com Ordner Gefunden C:\Program Files (x86)\Object Browser Ordner Gefunden C:\Program Files (x86)\RegClean Pro Ordner Gefunden C:\Users\dr-jane\AppData\Roaming\Systweak ***** [ Verknüpfungen ] ***** ***** [ Registrierungsdatenbank ] ***** Schlüssel Gefunden : HKCU\Software\AppDataLow\Software\Crossrider Schlüssel Gefunden : HKCU\Software\AppDataLow\Software\Object Browser Schlüssel Gefunden : HKCU\Software\Conduit Schlüssel Gefunden : HKCU\Software\installedbrowserextensions Schlüssel Gefunden : HKCU\Software\Softonic Schlüssel Gefunden : [x64] HKCU\Software\Conduit Schlüssel Gefunden : [x64] HKCU\Software\installedbrowserextensions Schlüssel Gefunden : [x64] HKCU\Software\Softonic Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{11111111-1111-1111-1111-110311281150} Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{22222222-2222-2222-2222-220322282250} Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CrossriderApp0032850.BHO Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CrossriderApp0032850.BHO.1 Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CrossriderApp0032850.Sandbox Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CrossriderApp0032850.Sandbox.1 Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{55555555-5555-5555-5555-550355285550} Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660366286650} Schlüssel Gefunden : HKLM\SOFTWARE\Classes\TypeLib\{44444444-4444-4444-4444-440344284450} Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{0b37312a-5c5b-479a-813e-fe8e021e5672} Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{0b37312a-5c5b-479a-813e-fe8e021e5672} Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{0b37312a-5c5b-479a-813e-fe8e021e5672} Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{0b902e66-07ad-422c-a0c9-a612f80267db} Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{0b902e66-07ad-422c-a0c9-a612f80267db} Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{0b902e66-07ad-422c-a0c9-a612f80267db} Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{77ce4a60-403c-4bc6-a495-a85b39fa7749} Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{77ce4a60-403c-4bc6-a495-a85b39fa7749} Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{77ce4a60-403c-4bc6-a495-a85b39fa7749} Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{bf9470cd-7a0f-48b8-8da4-65b9b01c0141} Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{bf9470cd-7a0f-48b8-8da4-65b9b01c0141} Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{bf9470cd-7a0f-48b8-8da4-65b9b01c0141} Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{eea26d9e-4fdb-4042-94b9-b2bde641de6f} Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{eea26d9e-4fdb-4042-94b9-b2bde641de6f} Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{eea26d9e-4fdb-4042-94b9-b2bde641de6f} Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASAPI32 Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASMANCS Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11111111-1111-1111-1111-110311281150} Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{11111111-1111-1111-1111-110311281150} Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Object Browser Schlüssel Gefunden : HKLM\Software\Object Browser Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Classes\CLSID\{11111111-1111-1111-1111-110311281150} Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Classes\CLSID\{22222222-2222-2222-2222-220322282250} Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Classes\Interface\{55555555-5555-5555-5555-550355285550} Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660366286650} Schlüssel Gefunden : [x64] HKLM\SOFTWARE\DivX\Install\Setup\WizardLayout\ConduitToolbar Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{0b37312a-5c5b-479a-813e-fe8e021e5672} Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{0b37312a-5c5b-479a-813e-fe8e021e5672} Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{0b37312a-5c5b-479a-813e-fe8e021e5672} Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{0b902e66-07ad-422c-a0c9-a612f80267db} Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{0b902e66-07ad-422c-a0c9-a612f80267db} Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{0b902e66-07ad-422c-a0c9-a612f80267db} Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{77ce4a60-403c-4bc6-a495-a85b39fa7749} Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{77ce4a60-403c-4bc6-a495-a85b39fa7749} Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{77ce4a60-403c-4bc6-a495-a85b39fa7749} Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{bf9470cd-7a0f-48b8-8da4-65b9b01c0141} Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{bf9470cd-7a0f-48b8-8da4-65b9b01c0141} Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{bf9470cd-7a0f-48b8-8da4-65b9b01c0141} Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{eea26d9e-4fdb-4042-94b9-b2bde641de6f} Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{eea26d9e-4fdb-4042-94b9-b2bde641de6f} Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{eea26d9e-4fdb-4042-94b9-b2bde641de6f} Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11111111-1111-1111-1111-110311281150} ***** [ Browser ] ***** -\\ Internet Explorer v10.0.9200.16736 -\\ Mozilla Firefox v25.0.1 (de) [ Datei : C:\Users\dr-jane\AppData\Roaming\Mozilla\Firefox\Profiles\1d91dsu2.default\prefs.js ] Zeile gefunden : user_pref("extensions.a9321b2762c2e4c5fbd04b8118e512707c0c8a2d632754caca0b252e936311db9com32850.32850.InstallationThankYouPage", false); Zeile gefunden : user_pref("extensions.a9321b2762c2e4c5fbd04b8118e512707c0c8a2d632754caca0b252e936311db9com32850.32850.InstallationTime", 1382888819); Zeile gefunden : user_pref("extensions.a9321b2762c2e4c5fbd04b8118e512707c0c8a2d632754caca0b252e936311db9com32850.32850.active", true); Zeile gefunden : user_pref("extensions.a9321b2762c2e4c5fbd04b8118e512707c0c8a2d632754caca0b252e936311db9com32850.32850.addressbar", "NA"); Zeile gefunden : user_pref("extensions.a9321b2762c2e4c5fbd04b8118e512707c0c8a2d632754caca0b252e936311db9com32850.32850.addressbarenhanced", ""); Zeile gefunden : user_pref("extensions.a9321b2762c2e4c5fbd04b8118e512707c0c8a2d632754caca0b252e936311db9com32850.32850.asyncdb_dbWasSet", true); Zeile gefunden : user_pref("extensions.a9321b2762c2e4c5fbd04b8118e512707c0c8a2d632754caca0b252e936311db9com32850.32850.asyncdb_dbWasSet_FF25_FIX", true); Zeile gefunden : user_pref("extensions.a9321b2762c2e4c5fbd04b8118e512707c0c8a2d632754caca0b252e936311db9com32850.32850.asyncinternaldb_dbWasSet", true); Zeile gefunden : user_pref("extensions.a9321b2762c2e4c5fbd04b8118e512707c0c8a2d632754caca0b252e936311db9com32850.32850.asyncinternaldb_dbWasSet_FF25_FIX", true); Zeile gefunden : user_pref("extensions.a9321b2762c2e4c5fbd04b8118e512707c0c8a2d632754caca0b252e936311db9com32850.32850.backgroundver", 1); Zeile gefunden : user_pref("extensions.a9321b2762c2e4c5fbd04b8118e512707c0c8a2d632754caca0b252e936311db9com32850.32850.certdomaininstaller", ""); Zeile gefunden : user_pref("extensions.a9321b2762c2e4c5fbd04b8118e512707c0c8a2d632754caca0b252e936311db9com32850.32850.changeprevious", false); Zeile gefunden : user_pref("extensions.a9321b2762c2e4c5fbd04b8118e512707c0c8a2d632754caca0b252e936311db9com32850.32850.cookie.Affiliate_settings.expiration", "Fri Feb 01 2030 00:00:00 GMT+0100"); Zeile gefunden : user_pref("extensions.a9321b2762c2e4c5fbd04b8118e512707c0c8a2d632754caca0b252e936311db9com32850.32850.cookie.Affiliate_settings.value", "%22%7B%5C%22initUrl%5C%22%3A%5C%22hxxp%3A//api.jollywallet.com/[...] Zeile gefunden : user_pref("extensions.a9321b2762c2e4c5fbd04b8118e512707c0c8a2d632754caca0b252e936311db9com32850.32850.cookie.InstallationTime.expiration", "Fri Feb 01 2030 00:00:00 GMT+0100"); Zeile gefunden : user_pref("extensions.a9321b2762c2e4c5fbd04b8118e512707c0c8a2d632754caca0b252e936311db9com32850.32850.cookie.InstallationTime.value", "1382888819"); Zeile gefunden : user_pref("extensions.a9321b2762c2e4c5fbd04b8118e512707c0c8a2d632754caca0b252e936311db9com32850.32850.cookie.geo.expiration", "Tue Dec 03 2013 19:07:40 GMT+0100"); Zeile gefunden : user_pref("extensions.a9321b2762c2e4c5fbd04b8118e512707c0c8a2d632754caca0b252e936311db9com32850.32850.cookie.geo.value", "%22AT%22"); Zeile gefunden : user_pref("extensions.a9321b2762c2e4c5fbd04b8118e512707c0c8a2d632754caca0b252e936311db9com32850.32850.cookie.jw_token.expiration", "Fri Feb 01 2030 00:00:00 GMT+0100"); Zeile gefunden : user_pref("extensions.a9321b2762c2e4c5fbd04b8118e512707c0c8a2d632754caca0b252e936311db9com32850.32850.cookie.jw_token.value", "%229f4387e8-7894-8e5b-4d6e-621811d209f5%22"); Zeile gefunden : user_pref("extensions.a9321b2762c2e4c5fbd04b8118e512707c0c8a2d632754caca0b252e936311db9com32850.32850.cookie.key_list_id.expiration", "Fri Feb 01 2030 00:00:00 GMT+0100"); Zeile gefunden : user_pref("extensions.a9321b2762c2e4c5fbd04b8118e512707c0c8a2d632754caca0b252e936311db9com32850.32850.cookie.key_list_id.value", "%2220120802-000%22"); Zeile gefunden : user_pref("extensions.a9321b2762c2e4c5fbd04b8118e512707c0c8a2d632754caca0b252e936311db9com32850.32850.cookie.uc.expiration", "Wed Dec 11 2013 20:59:59 GMT+0100"); Zeile gefunden : user_pref("extensions.a9321b2762c2e4c5fbd04b8118e512707c0c8a2d632754caca0b252e936311db9com32850.32850.cookie.uc.value", "%22%5C%22AT%5C%22%22"); Zeile gefunden : user_pref("extensions.a9321b2762c2e4c5fbd04b8118e512707c0c8a2d632754caca0b252e936311db9com32850.32850.description", "Browser enhancer"); Zeile gefunden : user_pref("extensions.a9321b2762c2e4c5fbd04b8118e512707c0c8a2d632754caca0b252e936311db9com32850.32850.domain", ""); Zeile gefunden : user_pref("extensions.a9321b2762c2e4c5fbd04b8118e512707c0c8a2d632754caca0b252e936311db9com32850.32850.enablesearch", false); Zeile gefunden : user_pref("extensions.a9321b2762c2e4c5fbd04b8118e512707c0c8a2d632754caca0b252e936311db9com32850.32850.homepage", ""); Zeile gefunden : user_pref("extensions.a9321b2762c2e4c5fbd04b8118e512707c0c8a2d632754caca0b252e936311db9com32850.32850.iframe", false); Zeile gefunden : user_pref("extensions.a9321b2762c2e4c5fbd04b8118e512707c0c8a2d632754caca0b252e936311db9com32850.32850.internaldb.InstallerIdentifiers.expiration", "Fri Feb 01 2030 00:00:00 GMT+0100"); Zeile gefunden : user_pref("extensions.a9321b2762c2e4c5fbd04b8118e512707c0c8a2d632754caca0b252e936311db9com32850.32850.internaldb.InstallerIdentifiers.value", "%7B%22installer_bic%22%3A%22F6BE02BB683B4828ABDCA710D2463[...] Zeile gefunden : user_pref("extensions.a9321b2762c2e4c5fbd04b8118e512707c0c8a2d632754caca0b252e936311db9com32850.32850.internaldb.InstallerParamsCache.expiration", "Fri Feb 01 2030 00:00:00 GMT+0100"); Zeile gefunden : user_pref("extensions.a9321b2762c2e4c5fbd04b8118e512707c0c8a2d632754caca0b252e936311db9com32850.32850.internaldb.InstallerParamsCache.value", "%7B%22source_id%22%3A%22000046%22%2C%22sub_id%22%3A%220%2[...] Zeile gefunden : user_pref("extensions.a9321b2762c2e4c5fbd04b8118e512707c0c8a2d632754caca0b252e936311db9com32850.32850.internaldb.InstallerUserIdentifiersCache.expiration", "Fri Feb 01 2030 00:00:00 GMT+0100"); Zeile gefunden : user_pref("extensions.a9321b2762c2e4c5fbd04b8118e512707c0c8a2d632754caca0b252e936311db9com32850.32850.internaldb.InstallerUserIdentifiersCache.value", "%7B%22installer_bic%22%3A%22F6BE02BB683B4828ABDC[...] Zeile gefunden : user_pref("extensions.a9321b2762c2e4c5fbd04b8118e512707c0c8a2d632754caca0b252e936311db9com32850.32850.internaldb.Resources_appVer.expiration", "Fri Feb 01 2030 00:00:00 GMT+0100"); Zeile gefunden : user_pref("extensions.a9321b2762c2e4c5fbd04b8118e512707c0c8a2d632754caca0b252e936311db9com32850.32850.internaldb.Resources_appVer.value", "114"); Zeile gefunden : user_pref("extensions.a9321b2762c2e4c5fbd04b8118e512707c0c8a2d632754caca0b252e936311db9com32850.32850.internaldb.Resources_lastVersion.expiration", "Fri Feb 01 2030 00:00:00 GMT+0100"); Zeile gefunden : user_pref("extensions.a9321b2762c2e4c5fbd04b8118e512707c0c8a2d632754caca0b252e936311db9com32850.32850.internaldb.Resources_lastVersion.value", "1"); Zeile gefunden : user_pref("extensions.a9321b2762c2e4c5fbd04b8118e512707c0c8a2d632754caca0b252e936311db9com32850.32850.internaldb.Resources_meta.expiration", "Fri Feb 01 2030 00:00:00 GMT+0100"); Zeile gefunden : user_pref("extensions.a9321b2762c2e4c5fbd04b8118e512707c0c8a2d632754caca0b252e936311db9com32850.32850.internaldb.Resources_meta.value", "%7B%7D"); Zeile gefunden : user_pref("extensions.a9321b2762c2e4c5fbd04b8118e512707c0c8a2d632754caca0b252e936311db9com32850.32850.internaldb.Resources_nextCheck.expiration", "Sun Dec 01 2013 01:35:43 GMT+0100"); Zeile gefunden : user_pref("extensions.a9321b2762c2e4c5fbd04b8118e512707c0c8a2d632754caca0b252e936311db9com32850.32850.internaldb.Resources_nextCheck.value", "true"); Zeile gefunden : user_pref("extensions.a9321b2762c2e4c5fbd04b8118e512707c0c8a2d632754caca0b252e936311db9com32850.32850.internaldb.Resources_queue.expiration", "Fri Feb 01 2030 00:00:00 GMT+0100"); Zeile gefunden : user_pref("extensions.a9321b2762c2e4c5fbd04b8118e512707c0c8a2d632754caca0b252e936311db9com32850.32850.internaldb.Resources_queue.value", "%7B%7D"); Zeile gefunden : user_pref("extensions.a9321b2762c2e4c5fbd04b8118e512707c0c8a2d632754caca0b252e936311db9com32850.32850.internaldb.Resources_remote_resources.expiration", "Fri Feb 01 2030 00:00:00 GMT+0100"); Zeile gefunden : user_pref("extensions.a9321b2762c2e4c5fbd04b8118e512707c0c8a2d632754caca0b252e936311db9com32850.32850.internaldb.Resources_remote_resources.value", "%7B%22remoteId%22%3A0%7D"); Zeile gefunden : user_pref("extensions.a9321b2762c2e4c5fbd04b8118e512707c0c8a2d632754caca0b252e936311db9com32850.32850.internaldb._country_code_.expiration", "Fri Feb 01 2030 00:00:00 GMT+0100"); Zeile gefunden : user_pref("extensions.a9321b2762c2e4c5fbd04b8118e512707c0c8a2d632754caca0b252e936311db9com32850.32850.internaldb._country_code_.value", "%22AT%22"); Zeile gefunden : user_pref("extensions.a9321b2762c2e4c5fbd04b8118e512707c0c8a2d632754caca0b252e936311db9com32850.32850.internaldb.installer.expiration", "Fri Feb 01 2030 00:00:00 GMT+0100"); Zeile gefunden : user_pref("extensions.a9321b2762c2e4c5fbd04b8118e512707c0c8a2d632754caca0b252e936311db9com32850.32850.internaldb.installer.value", "%7B%22InstallerIdentifiers%22%3A%7B%22installer_bic%22%3A%22F6BE02BB[...] Zeile gefunden : user_pref("extensions.a9321b2762c2e4c5fbd04b8118e512707c0c8a2d632754caca0b252e936311db9com32850.32850.lastDailyReport", "1385836543025"); Zeile gefunden : user_pref("extensions.a9321b2762c2e4c5fbd04b8118e512707c0c8a2d632754caca0b252e936311db9com32850.32850.lastUpdate", "1385836542499"); Zeile gefunden : user_pref("extensions.a9321b2762c2e4c5fbd04b8118e512707c0c8a2d632754caca0b252e936311db9com32850.32850.manifesturl", ""); Zeile gefunden : user_pref("extensions.a9321b2762c2e4c5fbd04b8118e512707c0c8a2d632754caca0b252e936311db9com32850.32850.name", "Object Browser"); Zeile gefunden : user_pref("extensions.a9321b2762c2e4c5fbd04b8118e512707c0c8a2d632754caca0b252e936311db9com32850.32850.newtab", ""); Zeile gefunden : user_pref("extensions.a9321b2762c2e4c5fbd04b8118e512707c0c8a2d632754caca0b252e936311db9com32850.32850.opensearch", ""); Zeile gefunden : user_pref("extensions.a9321b2762c2e4c5fbd04b8118e512707c0c8a2d632754caca0b252e936311db9com32850.32850.pluginsurl", "hxxps://w9u6a2p6.ssl.hwcdn.net/plugin/apps/32850/plugins/093/ff/plugins.json"); Zeile gefunden : user_pref("extensions.a9321b2762c2e4c5fbd04b8118e512707c0c8a2d632754caca0b252e936311db9com32850.32850.pluginsversion", 81); Zeile gefunden : user_pref("extensions.a9321b2762c2e4c5fbd04b8118e512707c0c8a2d632754caca0b252e936311db9com32850.32850.publisher", "Object Browser"); Zeile gefunden : user_pref("extensions.a9321b2762c2e4c5fbd04b8118e512707c0c8a2d632754caca0b252e936311db9com32850.32850.searchstatus", 0); Zeile gefunden : user_pref("extensions.a9321b2762c2e4c5fbd04b8118e512707c0c8a2d632754caca0b252e936311db9com32850.32850.setnewtab", false); Zeile gefunden : user_pref("extensions.a9321b2762c2e4c5fbd04b8118e512707c0c8a2d632754caca0b252e936311db9com32850.32850.thankyou", ""); Zeile gefunden : user_pref("extensions.a9321b2762c2e4c5fbd04b8118e512707c0c8a2d632754caca0b252e936311db9com32850.32850.updateinterval", 360); Zeile gefunden : user_pref("extensions.a9321b2762c2e4c5fbd04b8118e512707c0c8a2d632754caca0b252e936311db9com32850.32850.ver", 114); Zeile gefunden : user_pref("extensions.a9321b2762c2e4c5fbd04b8118e512707c0c8a2d632754caca0b252e936311db9com32850.apps", "32850"); Zeile gefunden : user_pref("extensions.a9321b2762c2e4c5fbd04b8118e512707c0c8a2d632754caca0b252e936311db9com32850.bic", "141fa98ca9d416bcef0d7be89663e31a"); Zeile gefunden : user_pref("extensions.a9321b2762c2e4c5fbd04b8118e512707c0c8a2d632754caca0b252e936311db9com32850.cid", 32850); Zeile gefunden : user_pref("extensions.a9321b2762c2e4c5fbd04b8118e512707c0c8a2d632754caca0b252e936311db9com32850.firstrun", false); Zeile gefunden : user_pref("extensions.a9321b2762c2e4c5fbd04b8118e512707c0c8a2d632754caca0b252e936311db9com32850.hadappinstalled", true); Zeile gefunden : user_pref("extensions.a9321b2762c2e4c5fbd04b8118e512707c0c8a2d632754caca0b252e936311db9com32850.installationdate", 1382888819); Zeile gefunden : user_pref("extensions.a9321b2762c2e4c5fbd04b8118e512707c0c8a2d632754caca0b252e936311db9com32850.modetype", "production"); Zeile gefunden : user_pref("extensions.a9321b2762c2e4c5fbd04b8118e512707c0c8a2d632754caca0b252e936311db9com32850.reportInstall", true); Zeile gefunden : user_pref("extensions.a9321b2762c2e4c5fbd04b8118e512707c0c8a2d632754caca0b252e936311db9com32850.statsDailyCounter", 23); Zeile gefunden : user_pref("extensions.crossrider.bic", "141fa98ca9d416bcef0d7be89663e31a"); -\\ Google Chrome v31.0.1650.57 [ Datei : C:\Users\dr-jane\AppData\Local\Google\Chrome\User Data\Default\preferences ] ************************* AdwCleaner[R0].txt - [20643 octets] - [30/11/2013 21:59:52] ########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [20704 octets] ########## Sieben Infektionen im Systembereich "Dateisystem/Ordner. 1, Restricted Settings - Security Disabler (Details: Internet Explorer gesperrt) 2, autorun - Worm (Details: c:\users\dr-jane\downloads\treiber\windows loader.exe 3, optional - Potential Unwanted Application (Details: c:\program files (x86)\object browser\object browser-buttonutil.exe c:\program files (x86)\object browser\object browser-buttonutil64.exe c:\program files (x86)\object browser\object browser-codedownloader.exe c:\program files (x86)\object browser\object browser-updater.exe) 4, wpakill - Hacker Tool (Details: c:\users\dr-jane\downloads\treiber\remove wat v.2.2.6\removewat.exe) Die restlichen 3 werden mir nicht angezeigt Was soll ich denn damit nun machen? Das Fenster habe ich offen gelassen, weil ich mich nicht traue auf "Bereinigen" zu klicken, falls das etwas wichtiges ist! Ich warte mal auf eure Anweisungen. Im schlimmsten Fall muss ich es eben zu machen und in ein paar Tagen nochmal laufen lassen, wenn ich dann schon eine Antwort habe. Die ersten Schritte hier im Forum: Bei GMER hatte ich Probleme den Avira auszuschalten, ich hoffe, dass dies kein allzu großes Problem darstellt, ansonsten waren alle Programme geschlossen und die Internetverbindung getrennt. Defrogger Logfile: Code:
ATTFilter defogger_disable by jpshortstuff (23.02.10.1) Log created at 22:27 on 30/11/2013 (dr-jane) Checking for autostart values... HKCU\~\Run values retrieved. HKLM\~\Run values retrieved. HKCU:DAEMON Tools Lite -> Removed Checking for services/drivers... -=E.O.F=- FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 30-11-2013 Ran by dr-jane (administrator) on BOBBY on 30-11-2013 22:30:56 Running from C:\Users\dr-jane\Desktop Windows 7 Ultimate Service Pack 1 (X64) OS Language: German Standard Internet Explorer Version 10 Boot Mode: Normal ==================== Processes (Whitelisted) ================= (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe (Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\ccsvchst.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (Sony Corporation) C:\Program Files (x86)\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe (Western Digital Technologies, Inc.) C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe (Western Digital Technologies, Inc.) C:\Program Files (x86)\Western Digital\WD SmartWare\WDBackupEngine.exe (Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\ccsvchst.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe (DT Soft Ltd) C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Sony Corporation) C:\Program Files (x86)\Sony\PlayMemories Home\PMBVolumeWatcher.exe (Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe () C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe (Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe (Western Digital Technologies, Inc.) C:\Program Files (x86)\Western Digital\WD Security\WDDriveAutoUnlock.exe (Western Digital Technologies, Inc.) C:\Program Files (x86)\Western Digital\WD Quick View\WDDMStatus.exe (Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\ComUpdatus.exe (Microsoft Corporation) C:\Program Files (x86)\Internet Explorer\ielowutil.exe (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_9_900_152.exe (Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_9_900_152.exe () C:\Users\dr-jane\Downloads\adwcleaner313.exe (Nico Mak Computing) C:\Program Files (x86)\WinZip Malware Protector\WinZipMalwareProtector.exe () C:\Users\dr-jane\Desktop\Defogger.exe ==================== Registry (Whitelisted) ================== HKLM\...\Run: [Nvtmru] - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe [1028384 2013-10-18] (NVIDIA Corporation) HKLM\...\Run: [ShadowPlay] - C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart HKLM\...\Run: [Onboard] - C:\Program Files\Western Digital\WD SmartWare\BackupTask.exe /Onboard "C:\Program Files\Western Digital\WD SmartWare\WDSmartWare.exe" HKLM-x32\...\Winlogon: [Userinit] C:\Windows\sysWOW64\userinit.exe [26624 2010-11-20] (Microsoft Corporation) HKCU\...\Run: [EA Core] - "C:\Program Files (x86)\Electronic Arts\EADM\Core.exe" -silent HKCU\...\Run: [iCloudServices] - C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [59720 2013-09-14] (Apple Inc.) MountPoints2: {13003731-132d-11e3-a50f-6cf049062de4} - E:\RunGame.exe MountPoints2: {2d35021d-787f-11e2-bb47-6cf049062de4} - F:\Autorun.exe MountPoints2: {e0669d39-5296-11e3-9540-6cf049062de4} - "G:\WD Drive Unlock.exe" autoplay=true HKLM-x32\...\Run: [avgnt] - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [347192 2013-09-04] (Avira Operations GmbH & Co. KG) HKLM-x32\...\Run: [DivXMediaServer] - C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe [450560 2013-08-21] (DivX, LLC) HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.) HKLM-x32\...\Run: [PMBVolumeWatcher] - C:\Program Files (x86)\Sony\PlayMemories Home\PMBVolumeWatcher.exe [740888 2013-04-24] (Sony Corporation) HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation) HKLM-x32\...\Run: [DivXUpdate] - C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe [1861968 2013-08-29] () HKLM-x32\...\Run: [iTunesHelper] - C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2013-11-02] (Apple Inc.) HKLM-x32\...\Run: [QuickTime Task] - C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2013-05-01] (Apple Inc.) HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-09-05] (Adobe Systems Incorporated) HKLM-x32\...\Run: [WD Drive Unlocker] - C:\Program Files (x86)\Western Digital\WD Security\WDDriveAutoUnlock.exe [1694080 2013-07-10] (Western Digital Technologies, Inc.) HKLM-x32\...\Run: [WD Quick View] - C:\Program Files (x86)\Western Digital\WD Quick View\WDDMStatus.exe [5537136 2013-08-14] (Western Digital Technologies, Inc.) ==================== Internet (Whitelisted) ==================== HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://at.msn.com/?ocid=iehp HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x85D625C0880CCE01 HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-at BHO: Object Browser - {11111111-1111-1111-1111-110311281150} - C:\Program Files (x86)\Object Browser\Object Browser-bho64.dll (Object Browser) BHO-x32: Object Browser - {11111111-1111-1111-1111-110311281150} - C:\Program Files (x86)\Object Browser\Object Browser-bho.dll (Object Browser) BHO-x32: Norton Identity Protection - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\coieplg.dll (Symantec Corporation) BHO-x32: Norton Vulnerability Protection - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\ips\ipsbho.dll (Symantec Corporation) BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\coieplg.dll (Symantec Corporation) Tcpip\Parameters: [DhcpNameServer] 195.34.133.21 212.186.211.21 FireFox: ======== FF ProfilePath: C:\Users\dr-jane\AppData\Roaming\Mozilla\Firefox\Profiles\1d91dsu2.default FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_9_900_152.dll () FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 - C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.) FF Plugin: @microsoft.com/GENUINE - disabled No File FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_152.dll () FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () FF Plugin-x32: @divx.com/DivX VOD Helper,version=1.0.0 - C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.) FF Plugin-x32: @divx.com/DivX Web Player Plug-In,version=1.0.0 - C:\Program Files (x86)\DivX\DivX Web Player\npdivx32.dll (DivX, LLC) FF Plugin-x32: @java.com/DTPlugin,version=10.45.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=10.45.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin-x32: @microsoft.com/GENUINE - disabled No File FF Plugin-x32: @nvidia.com/3DVision - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation) FF Plugin-x32: @nvidia.com/3DVisionStreaming - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation) FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml FF Extension: Object Browser - C:\Users\dr-jane\AppData\Roaming\Mozilla\Firefox\Profiles\1d91dsu2.default\Extensions\9321b276-2c2e-4c5f-bd04-b8118e512707@c0c8a2d6-3275-4cac-a0b2-52e936311db9.com FF Extension: adblockpopups - C:\Users\dr-jane\AppData\Roaming\Mozilla\Firefox\Profiles\1d91dsu2.default\Extensions\adblockpopups@jessehakanen.net.xpi FF HKLM-x32\...\Firefox\Extensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.2.1.22\coFFPlgn\ FF Extension: Norton Toolbar - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.2.1.22\coFFPlgn\ FF HKLM-x32\...\Firefox\Extensions: [{BBDA0591-3099-440a-AA10-41764D9DB4DB}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.2.1.22\IPSFFPlgn\ FF Extension: Norton Vulnerability Protection - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.2.1.22\IPSFFPlgn\ Chrome: ======= CHR HomePage: hxxp://www.google.com/ig/redirectdomain?brand=TEUB&bmod=TEUB CHR RestoreOnStartup: "hxxp://www.google.com/ig/redirectdomain?brand=TEUB&bmod=TEUB" CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.57\PepperFlash\pepflashplayer.dll () CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.57\ppGoogleNaClPluginChrome.dll () CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.57\pdf.dll () CHR Plugin: (DivX VOD Helper Plug-in) - C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.) CHR Plugin: (DivX Plus Web Player) - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll No File CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll No File CHR Plugin: (Java(TM) Platform SE 7 U13) - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) CHR Plugin: (NVIDIA 3D Vision) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation) CHR Plugin: (NVIDIA 3D VISION) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation) CHR Plugin: (iTunes Application Detector) - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_168.dll No File CHR Plugin: (Java Deployment Toolkit 7.0.130.20) - C:\Windows\SysWOW64\npDeployJava1.dll No File CHR Extension: (Google Docs) - C:\Users\dr-jane\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0 CHR Extension: (Google Drive) - C:\Users\dr-jane\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0 CHR Extension: (YouTube) - C:\Users\dr-jane\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0 CHR Extension: (Google Search) - C:\Users\dr-jane\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0 CHR Extension: (Object Browser) - C:\Users\dr-jane\AppData\Local\Google\Chrome\User Data\Default\Extensions\kfgaibfbmkjgmimhbbaikfnpkkjkpoan\1.25.84_0 CHR Extension: (Norton Identity Protection) - C:\Users\dr-jane\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk\2013.4.3.4_0 CHR Extension: (Google Wallet) - C:\Users\dr-jane\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.5.0_0 CHR Extension: (Gmail) - C:\Users\dr-jane\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0 CHR HKLM-x32\...\Chrome\Extension: [mkfokfffehpeedafpekjeddnmnjhmcmk] - C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\Exts\Chrome.crx ==================== Services (Whitelisted) ================= R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [84024 2013-09-04] (Avira Operations GmbH & Co. KG) R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [108088 2013-09-04] (Avira Operations GmbH & Co. KG) R2 NIS; C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\ccSvcHst.exe [144368 2013-05-21] (Symantec Corporation) S2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [15122208 2013-10-18] (NVIDIA Corporation) R2 PMBDeviceInfoProvider; C:\Program Files (x86)\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe [483864 2013-04-24] (Sony Corporation) R2 WDBackup; C:\Program Files (x86)\Western Digital\WD SmartWare\WDBackupEngine.exe [1042808 2013-08-14] (Western Digital Technologies, Inc.) R2 WDDriveService; C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe [270704 2013-07-10] (Western Digital Technologies, Inc.) ==================== Drivers (Whitelisted) ==================== R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [105344 2013-09-04] (Avira Operations GmbH & Co. KG) R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [132088 2013-09-04] (Avira Operations GmbH & Co. KG) R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-06-24] (Avira Operations GmbH & Co. KG) R1 BHDrvx64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.2.1.22\Definitions\BASHDefs\20130903.002\BHDrvx64.sys [1525336 2013-09-03] (Symantec Corporation) R1 ccSet_NIS; C:\Windows\system32\drivers\NISx64\1404000.028\ccSetx64.sys [169048 2013-04-16] (Symantec Corporation) R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [254528 2013-02-16] (DT Soft Ltd) R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [484952 2013-08-27] (Symantec Corporation) R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [140376 2013-08-27] (Symantec Corporation) R1 IDSVia64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.2.1.22\Definitions\IPSDefs\20130919.001\IDSvia64.sys [520280 2013-08-16] (Symantec Corporation) S3 NAVENG; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.2.1.22\Definitions\VirusDefs\20130920.002\ENG64.SYS [126040 2013-08-29] (Symantec Corporation) S3 NAVEX15; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.2.1.22\Definitions\VirusDefs\20130920.002\EX64.SYS [2099288 2013-08-29] (Symantec Corporation) R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [39200 2013-09-28] (NVIDIA Corporation) S3 SRTSP; C:\Windows\System32\Drivers\NISx64\1404000.028\SRTSP64.SYS [796760 2013-05-16] (Symantec Corporation) R1 SRTSPX; C:\Windows\system32\drivers\NISx64\1404000.028\SRTSPX64.SYS [36952 2013-03-05] (Symantec Corporation) R0 SymDS; C:\Windows\System32\drivers\NISx64\1404000.028\SYMDS64.SYS [493656 2013-05-21] (Symantec Corporation) R0 SymEFA; C:\Windows\System32\drivers\NISx64\1404000.028\SYMEFA64.SYS [1139800 2013-05-23] (Symantec Corporation) R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [177312 2013-06-23] (Symantec Corporation) R1 SymIRON; C:\Windows\system32\drivers\NISx64\1404000.028\Ironx64.SYS [224416 2013-03-05] (Symantec Corporation) R1 SymNetS; C:\Windows\System32\Drivers\NISx64\1404000.028\SYMNETS.SYS [433752 2013-04-25] (Symantec Corporation) S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [x] S3 tsusbhub; system32\drivers\tsusbhub.sys [x] S3 VGPU; System32\drivers\rdvgkmd.sys [x] ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2013-11-30 22:30 - 2013-11-30 22:31 - 00017472 _____ C:\Users\dr-jane\Desktop\FRST.txt 2013-11-30 22:30 - 2013-11-30 22:30 - 00000000 ____D C:\FRST 2013-11-30 22:28 - 2013-11-30 22:28 - 01959070 _____ (Farbar) C:\Users\dr-jane\Desktop\FRST64.exe 2013-11-30 22:27 - 2013-11-30 22:27 - 00000544 _____ C:\Users\dr-jane\Desktop\defogger_disable.log 2013-11-30 22:27 - 2013-11-30 22:27 - 00000168 _____ C:\Users\dr-jane\defogger_reenable 2013-11-30 22:26 - 2013-11-30 22:26 - 00050477 _____ C:\Users\dr-jane\Desktop\Defogger.exe 2013-11-30 22:23 - 2013-11-30 22:23 - 00003385 _____ C:\Users\dr-jane\Documents\log.xml 2013-11-30 22:12 - 2013-11-30 22:13 - 87227720 _____ (AVAST Software) C:\Users\dr-jane\Downloads\avast_free_antivirus_setup.exe 2013-11-30 22:04 - 2013-11-30 22:04 - 04892480 _____ (WinZip International LLC ) C:\Users\dr-jane\Downloads\wzmp_8.exe 2013-11-30 22:04 - 2013-11-30 22:04 - 00003116 _____ C:\Windows\System32\Tasks\WinZip Malware Protector_startup 2013-11-30 22:04 - 2013-11-30 22:04 - 00001189 _____ C:\Users\Public\Desktop\WinZip Malware Protector.lnk 2013-11-30 22:04 - 2013-11-30 22:04 - 00000000 ____D C:\Users\dr-jane\AppData\Roaming\Nico Mak Computing 2013-11-30 22:04 - 2013-11-30 22:04 - 00000000 ____D C:\ProgramData\Nico Mak Computing 2013-11-30 22:04 - 2013-11-30 22:04 - 00000000 ____D C:\Program Files (x86)\WinZip Malware Protector 2013-11-30 22:04 - 2013-03-15 17:10 - 00020480 _____ C:\Windows\system32\wsusnative64.exe 2013-11-30 22:03 - 2013-11-30 22:03 - 00020881 _____ C:\Users\dr-jane\Documents\AdwCleaner[R0].txt 2013-11-30 21:59 - 2013-11-30 22:00 - 00000000 ____D C:\AdwCleaner 2013-11-30 21:59 - 2013-11-30 21:59 - 01091882 _____ C:\Users\dr-jane\Downloads\adwcleaner313.exe 2013-11-30 19:32 - 2013-11-30 19:32 - 105152277 _____ C:\Windows\SysWOW64\챆G 2013-11-21 20:28 - 2013-11-21 20:28 - 00000020 ___SH C:\Users\Mcx1-BOBBY\ntuser.ini 2013-11-21 20:28 - 2013-11-21 20:28 - 00000000 _SHDL C:\Users\Mcx1-BOBBY\Vorlagen 2013-11-21 20:28 - 2013-11-21 20:28 - 00000000 _SHDL C:\Users\Mcx1-BOBBY\Startmenü 2013-11-21 20:28 - 2013-11-21 20:28 - 00000000 _SHDL C:\Users\Mcx1-BOBBY\Netzwerkumgebung 2013-11-21 20:28 - 2013-11-21 20:28 - 00000000 _SHDL C:\Users\Mcx1-BOBBY\Lokale Einstellungen 2013-11-21 20:28 - 2013-11-21 20:28 - 00000000 _SHDL C:\Users\Mcx1-BOBBY\Eigene Dateien 2013-11-21 20:28 - 2013-11-21 20:28 - 00000000 _SHDL C:\Users\Mcx1-BOBBY\Druckumgebung 2013-11-21 20:28 - 2013-11-21 20:28 - 00000000 _SHDL C:\Users\Mcx1-BOBBY\Documents\Eigene Musik 2013-11-21 20:28 - 2013-11-21 20:28 - 00000000 _SHDL C:\Users\Mcx1-BOBBY\Documents\Eigene Bilder 2013-11-21 20:28 - 2013-11-21 20:28 - 00000000 _SHDL C:\Users\Mcx1-BOBBY\AppData\Roaming\Microsoft\Windows\Start Menu\Programme 2013-11-21 20:28 - 2013-11-21 20:28 - 00000000 _SHDL C:\Users\Mcx1-BOBBY\AppData\Local\Verlauf 2013-11-21 20:28 - 2013-11-21 20:28 - 00000000 _SHDL C:\Users\Mcx1-BOBBY\AppData\Local\Anwendungsdaten 2013-11-21 20:28 - 2013-11-21 20:28 - 00000000 _SHDL C:\Users\Mcx1-BOBBY\Anwendungsdaten 2013-11-21 20:28 - 2013-11-21 20:28 - 00000000 ____D C:\Users\Mcx1-BOBBY 2013-11-21 20:28 - 2009-07-14 05:54 - 00000000 ___RD C:\Users\Mcx1-BOBBY\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories 2013-11-21 20:28 - 2009-07-14 05:49 - 00000000 ___RD C:\Users\Mcx1-BOBBY\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance 2013-11-21 19:20 - 2013-11-21 20:28 - 00000410 __RSH C:\ProgramData\ntuser.pol 2013-11-21 16:18 - 2013-11-21 16:18 - 00000000 ____D C:\Users\dr-jane\Documents\Freemake 2013-11-21 16:16 - 2013-11-21 16:16 - 00000000 ____D C:\Users\dr-jane\Documents\Kindle 2013-11-21 15:11 - 2013-11-21 15:11 - 00000000 ____D C:\Windows\System32\Tasks\Western Digital 2013-11-21 15:10 - 2013-11-21 15:10 - 00000000 ____D C:\Users\dr-jane\AppData\Local\Western_Digital_Technolog 2013-11-21 15:10 - 2013-11-21 15:10 - 00000000 ____D C:\Users\dr-jane\AppData\Local\Western Digital 2013-11-21 15:09 - 2013-11-30 19:28 - 00008192 _____ C:\Windows\SysWOW64\WDPABKP.dat 2013-11-21 15:09 - 2013-11-21 15:12 - 00000000 ___RD C:\Users\dr-jane\Desktop\Security 2013-11-21 15:09 - 2013-11-21 15:12 - 00000000 ____D C:\Users\dr-jane\Desktop\Media 2013-11-21 15:09 - 2013-11-21 15:09 - 00000000 ____D C:\Users\dr-jane\Desktop\Games 2013-11-21 15:08 - 2013-11-21 15:09 - 00015868 _____ C:\Windows\DPINST.LOG 2013-11-21 15:08 - 2013-11-21 15:08 - 00000000 ____D C:\Program Files\Western Digital 2013-11-21 15:08 - 2013-11-21 15:08 - 00000000 ____D C:\Program Files\Common Files\Western Digital 2013-11-21 15:08 - 2013-11-21 15:08 - 00000000 ____D C:\Program Files (x86)\Western Digital 2013-11-21 15:07 - 2013-11-21 15:10 - 00000000 ____D C:\ProgramData\Western Digital 2013-11-21 00:58 - 2013-09-04 13:12 - 00343040 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbhub.sys 2013-11-21 00:58 - 2013-09-04 13:11 - 00325120 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbport.sys 2013-11-21 00:58 - 2013-09-04 13:11 - 00099840 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbccgp.sys 2013-11-21 00:58 - 2013-09-04 13:11 - 00052736 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbehci.sys 2013-11-21 00:58 - 2013-09-04 13:11 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbuhci.sys 2013-11-21 00:58 - 2013-09-04 13:11 - 00025600 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbohci.sys 2013-11-21 00:58 - 2013-09-04 13:11 - 00007808 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbd.sys 2013-11-18 22:55 - 2013-11-18 22:55 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox 2013-11-13 16:21 - 2013-10-12 09:45 - 02241536 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2013-11-13 16:21 - 2013-10-12 09:45 - 01364992 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2013-11-13 16:21 - 2013-10-12 09:45 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe 2013-11-13 16:21 - 2013-10-12 09:43 - 19269632 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2013-11-13 16:21 - 2013-10-12 09:43 - 15404544 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2013-11-13 16:21 - 2013-10-12 09:43 - 03959808 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2013-11-13 16:21 - 2013-10-12 09:43 - 02648576 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2013-11-13 16:21 - 2013-10-12 09:43 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll 2013-11-13 16:21 - 2013-10-12 09:43 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2013-11-13 16:21 - 2013-10-12 09:43 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll 2013-11-13 16:21 - 2013-10-12 09:43 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll 2013-11-13 16:21 - 2013-10-12 09:43 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll 2013-11-13 16:21 - 2013-10-12 09:43 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll 2013-11-13 16:21 - 2013-10-12 09:43 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll 2013-11-13 16:21 - 2013-10-12 08:03 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2013-11-13 16:21 - 2013-10-12 08:03 - 01138176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2013-11-13 16:21 - 2013-10-12 08:02 - 14355968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2013-11-13 16:21 - 2013-10-12 08:02 - 13761024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2013-11-13 16:21 - 2013-10-12 08:02 - 02877952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll 2013-11-13 16:21 - 2013-10-12 08:02 - 02049024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2013-11-13 16:21 - 2013-10-12 08:02 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll 2013-11-13 16:21 - 2013-10-12 08:02 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll 2013-11-13 16:21 - 2013-10-12 08:02 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll 2013-11-13 16:21 - 2013-10-12 08:02 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll 2013-11-13 16:21 - 2013-10-12 08:02 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll 2013-11-13 16:21 - 2013-10-12 08:02 - 00039424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll 2013-11-13 16:21 - 2013-10-12 08:02 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll 2013-11-13 16:21 - 2013-10-12 07:35 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2013-11-13 16:21 - 2013-10-12 07:08 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb 2013-11-13 16:21 - 2013-10-12 06:44 - 00089600 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe 2013-11-13 16:21 - 2013-10-12 06:15 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe 2013-11-13 16:15 - 2013-11-13 16:17 - 00000302 _____ C:\Windows\SIERRA.INI 2013-11-13 16:15 - 2013-11-13 16:15 - 00000000 ____D C:\SIERRA 2013-11-13 16:15 - 2013-11-13 16:15 - 00000000 ____D C:\Program Files (x86)\Sierra On-Line 2013-11-13 16:15 - 1998-01-23 12:20 - 00305664 _____ (InstallShield Software Corporation ) C:\Windows\IsUn0407.exe 2013-11-13 13:17 - 2013-11-13 13:17 - 00000000 ____D C:\ProgramData\McAfee 2013-11-13 13:15 - 2013-11-13 13:20 - 00000000 ____D C:\ProgramData\Adobe 2013-11-13 13:15 - 2013-11-13 13:15 - 00000000 ____D C:\Program Files (x86)\Adobe 2013-11-13 13:13 - 2013-10-12 03:30 - 00830464 _____ (Microsoft Corporation) C:\Windows\system32\nshwfp.dll 2013-11-13 13:13 - 2013-10-12 03:29 - 00859648 _____ (Microsoft Corporation) C:\Windows\system32\IKEEXT.DLL 2013-11-13 13:13 - 2013-10-12 03:29 - 00324096 _____ (Microsoft Corporation) C:\Windows\system32\FWPUCLNT.DLL 2013-11-13 13:13 - 2013-10-12 03:03 - 00656896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nshwfp.dll 2013-11-13 13:13 - 2013-10-12 03:01 - 00216576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\FWPUCLNT.DLL 2013-11-13 13:13 - 2013-10-05 21:25 - 01474048 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll 2013-11-13 13:13 - 2013-10-05 20:57 - 01168384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll 2013-11-13 13:13 - 2013-10-03 03:23 - 00404480 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll 2013-11-13 13:13 - 2013-10-03 03:00 - 00311808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll 2013-11-13 13:13 - 2013-09-28 02:09 - 00497152 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys 2013-11-13 13:13 - 2013-09-25 03:26 - 00154560 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys 2013-11-13 13:13 - 2013-09-25 03:26 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys 2013-11-13 13:13 - 2013-09-25 03:23 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll 2013-11-13 13:13 - 2013-09-25 03:23 - 00028672 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll 2013-11-13 13:13 - 2013-09-25 03:23 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll 2013-11-13 13:13 - 2013-09-25 03:22 - 00340992 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll 2013-11-13 13:13 - 2013-09-25 03:21 - 01447936 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll 2013-11-13 13:13 - 2013-09-25 03:21 - 00307200 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll 2013-11-13 13:13 - 2013-09-25 02:58 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll 2013-11-13 13:13 - 2013-09-25 02:57 - 00247808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll 2013-11-13 13:13 - 2013-09-25 02:57 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll 2013-11-13 13:13 - 2013-09-25 02:56 - 00220160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll 2013-11-13 13:13 - 2013-09-25 02:03 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe 2013-11-13 13:13 - 2013-07-04 13:18 - 00458712 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys 2013-11-11 19:23 - 2010-07-22 17:13 - 00054848 _____ (FSPro Labs) C:\Windows\system32\Drivers\FSPFltd.sys 2013-11-09 15:39 - 2013-11-09 15:39 - 00000000 _____ C:\Windows\PowerReg.dat 2013-11-09 15:38 - 2013-11-09 15:38 - 00000000 ____D C:\Program Files (x86)\Infogrames Interactive 2013-11-07 20:31 - 2013-11-07 20:31 - 00000000 ____D C:\Program Files (x86)\QuickTime 2013-11-07 20:29 - 2013-11-07 20:30 - 00000000 ____D C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69 2013-11-07 20:29 - 2013-11-07 20:30 - 00000000 ____D C:\Program Files\iTunes 2013-11-07 20:29 - 2013-11-07 20:30 - 00000000 ____D C:\Program Files (x86)\iTunes 2013-11-07 20:29 - 2013-11-07 20:29 - 00000000 ____D C:\Program Files\iPod ==================== One Month Modified Files and Folders ======= 2013-11-30 22:31 - 2013-11-30 22:30 - 00017472 _____ C:\Users\dr-jane\Desktop\FRST.txt 2013-11-30 22:30 - 2013-11-30 22:30 - 00000000 ____D C:\FRST 2013-11-30 22:28 - 2013-11-30 22:28 - 01959070 _____ (Farbar) C:\Users\dr-jane\Desktop\FRST64.exe 2013-11-30 22:28 - 2013-06-18 16:10 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job 2013-11-30 22:28 - 2009-07-14 05:45 - 00023312 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2013-11-30 22:28 - 2009-07-14 05:45 - 00023312 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2013-11-30 22:27 - 2013-11-30 22:27 - 00000544 _____ C:\Users\dr-jane\Desktop\defogger_disable.log 2013-11-30 22:27 - 2013-11-30 22:27 - 00000168 _____ C:\Users\dr-jane\defogger_reenable 2013-11-30 22:27 - 2013-02-16 21:52 - 00000000 ____D C:\Users\dr-jane 2013-11-30 22:26 - 2013-11-30 22:26 - 00050477 _____ C:\Users\dr-jane\Desktop\Defogger.exe 2013-11-30 22:23 - 2013-11-30 22:23 - 00003385 _____ C:\Users\dr-jane\Documents\log.xml 2013-11-30 22:13 - 2013-11-30 22:12 - 87227720 _____ (AVAST Software) C:\Users\dr-jane\Downloads\avast_free_antivirus_setup.exe 2013-11-30 22:04 - 2013-11-30 22:04 - 04892480 _____ (WinZip International LLC ) C:\Users\dr-jane\Downloads\wzmp_8.exe 2013-11-30 22:04 - 2013-11-30 22:04 - 00003116 _____ C:\Windows\System32\Tasks\WinZip Malware Protector_startup 2013-11-30 22:04 - 2013-11-30 22:04 - 00001189 _____ C:\Users\Public\Desktop\WinZip Malware Protector.lnk 2013-11-30 22:04 - 2013-11-30 22:04 - 00000000 ____D C:\Users\dr-jane\AppData\Roaming\Nico Mak Computing 2013-11-30 22:04 - 2013-11-30 22:04 - 00000000 ____D C:\ProgramData\Nico Mak Computing 2013-11-30 22:04 - 2013-11-30 22:04 - 00000000 ____D C:\Program Files (x86)\WinZip Malware Protector 2013-11-30 22:03 - 2013-11-30 22:03 - 00020881 _____ C:\Users\dr-jane\Documents\AdwCleaner[R0].txt 2013-11-30 22:00 - 2013-11-30 21:59 - 00000000 ____D C:\AdwCleaner 2013-11-30 22:00 - 2013-02-16 23:34 - 00001110 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2013-11-30 21:59 - 2013-11-30 21:59 - 01091882 _____ C:\Users\dr-jane\Downloads\adwcleaner313.exe 2013-11-30 20:56 - 2013-02-16 21:50 - 02003469 _____ C:\Windows\WindowsUpdate.log 2013-11-30 19:36 - 2013-09-16 14:23 - 00003922 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{B1309304-91E3-4870-B2E5-39AFB00E9104} 2013-11-30 19:32 - 2013-11-30 19:32 - 105152277 _____ C:\Windows\SysWOW64\챆G 2013-11-30 19:28 - 2013-11-21 15:09 - 00008192 _____ C:\Windows\SysWOW64\WDPABKP.dat 2013-11-30 19:28 - 2013-10-27 16:45 - 00001932 _____ C:\Windows\Tasks\Object Browser-chromeinstaller.job 2013-11-30 19:28 - 2013-10-27 16:45 - 00001856 _____ C:\Windows\Tasks\Object Browser-firefoxinstaller.job 2013-11-30 19:28 - 2013-10-27 16:45 - 00001316 _____ C:\Windows\Tasks\Object Browser-updater.job 2013-11-30 19:28 - 2013-10-27 16:45 - 00001218 _____ C:\Windows\Tasks\Object Browser-codedownloader.job 2013-11-30 19:28 - 2013-10-27 16:45 - 00001118 _____ C:\Windows\Tasks\Object Browser-enabler.job 2013-11-30 19:28 - 2013-02-16 23:34 - 00001106 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2013-11-30 19:27 - 2013-02-17 16:11 - 00025414 _____ C:\Windows\setupact.log 2013-11-30 19:27 - 2013-02-16 22:21 - 00000000 ____D C:\ProgramData\NVIDIA 2013-11-30 19:27 - 2009-07-14 06:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT 2013-11-27 20:59 - 2013-10-27 15:46 - 00000000 ____D C:\Users\dr-jane\AppData\Roaming\vlc 2013-11-25 19:48 - 2013-02-16 22:32 - 00000000 ____D C:\Users\dr-jane\Downloads\Treiber 2013-11-24 14:36 - 2013-02-17 16:10 - 00027008 _____ C:\Windows\PFRO.log 2013-11-21 20:28 - 2013-11-21 20:28 - 00000020 ___SH C:\Users\Mcx1-BOBBY\ntuser.ini 2013-11-21 20:28 - 2013-11-21 20:28 - 00000000 _SHDL C:\Users\Mcx1-BOBBY\Vorlagen 2013-11-21 20:28 - 2013-11-21 20:28 - 00000000 _SHDL C:\Users\Mcx1-BOBBY\Startmenü 2013-11-21 20:28 - 2013-11-21 20:28 - 00000000 _SHDL C:\Users\Mcx1-BOBBY\Netzwerkumgebung 2013-11-21 20:28 - 2013-11-21 20:28 - 00000000 _SHDL C:\Users\Mcx1-BOBBY\Lokale Einstellungen 2013-11-21 20:28 - 2013-11-21 20:28 - 00000000 _SHDL C:\Users\Mcx1-BOBBY\Eigene Dateien 2013-11-21 20:28 - 2013-11-21 20:28 - 00000000 _SHDL C:\Users\Mcx1-BOBBY\Druckumgebung 2013-11-21 20:28 - 2013-11-21 20:28 - 00000000 _SHDL C:\Users\Mcx1-BOBBY\Documents\Eigene Musik 2013-11-21 20:28 - 2013-11-21 20:28 - 00000000 _SHDL C:\Users\Mcx1-BOBBY\Documents\Eigene Bilder 2013-11-21 20:28 - 2013-11-21 20:28 - 00000000 _SHDL C:\Users\Mcx1-BOBBY\AppData\Roaming\Microsoft\Windows\Start Menu\Programme 2013-11-21 20:28 - 2013-11-21 20:28 - 00000000 _SHDL C:\Users\Mcx1-BOBBY\AppData\Local\Verlauf 2013-11-21 20:28 - 2013-11-21 20:28 - 00000000 _SHDL C:\Users\Mcx1-BOBBY\AppData\Local\Anwendungsdaten 2013-11-21 20:28 - 2013-11-21 20:28 - 00000000 _SHDL C:\Users\Mcx1-BOBBY\Anwendungsdaten 2013-11-21 20:28 - 2013-11-21 20:28 - 00000000 ____D C:\Users\Mcx1-BOBBY 2013-11-21 20:28 - 2013-11-21 19:20 - 00000410 __RSH C:\ProgramData\ntuser.pol 2013-11-21 19:54 - 2009-07-14 04:20 - 00000000 __RHD C:\Users\Public\Libraries 2013-11-21 19:36 - 2009-07-14 18:58 - 00696832 _____ C:\Windows\system32\perfh007.dat 2013-11-21 19:36 - 2009-07-14 18:58 - 00148128 _____ C:\Windows\system32\perfc007.dat 2013-11-21 19:36 - 2009-07-14 06:13 - 01613340 _____ C:\Windows\system32\PerfStringBackup.INI 2013-11-21 19:20 - 2009-07-14 04:20 - 00000000 ___HD C:\Windows\system32\GroupPolicy 2013-11-21 19:17 - 2009-07-14 19:18 - 00000000 ___RD C:\Users\Public\Recorded TV 2013-11-21 16:18 - 2013-11-21 16:18 - 00000000 ____D C:\Users\dr-jane\Documents\Freemake 2013-11-21 16:16 - 2013-11-21 16:16 - 00000000 ____D C:\Users\dr-jane\Documents\Kindle 2013-11-21 15:12 - 2013-11-21 15:09 - 00000000 ___RD C:\Users\dr-jane\Desktop\Security 2013-11-21 15:12 - 2013-11-21 15:09 - 00000000 ____D C:\Users\dr-jane\Desktop\Media 2013-11-21 15:11 - 2013-11-21 15:11 - 00000000 ____D C:\Windows\System32\Tasks\Western Digital 2013-11-21 15:10 - 2013-11-21 15:10 - 00000000 ____D C:\Users\dr-jane\AppData\Local\Western_Digital_Technolog 2013-11-21 15:10 - 2013-11-21 15:10 - 00000000 ____D C:\Users\dr-jane\AppData\Local\Western Digital 2013-11-21 15:10 - 2013-11-21 15:07 - 00000000 ____D C:\ProgramData\Western Digital 2013-11-21 15:09 - 2013-11-21 15:09 - 00000000 ____D C:\Users\dr-jane\Desktop\Games 2013-11-21 15:09 - 2013-11-21 15:08 - 00015868 _____ C:\Windows\DPINST.LOG 2013-11-21 15:08 - 2013-11-21 15:08 - 00000000 ____D C:\Program Files\Western Digital 2013-11-21 15:08 - 2013-11-21 15:08 - 00000000 ____D C:\Program Files\Common Files\Western Digital 2013-11-21 15:08 - 2013-11-21 15:08 - 00000000 ____D C:\Program Files (x86)\Western Digital 2013-11-21 11:21 - 2013-02-16 23:26 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service 2013-11-18 22:55 - 2013-11-18 22:55 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox 2013-11-16 01:07 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\rescache 2013-11-15 16:47 - 2013-07-24 15:49 - 00000000 ____D C:\Users\dr-jane\AppData\Local\Adobe 2013-11-15 16:30 - 2013-06-18 16:10 - 00003822 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater 2013-11-15 16:30 - 2013-02-17 16:41 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2013-11-15 16:30 - 2013-02-17 16:41 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2013-11-13 16:27 - 2013-06-24 16:21 - 00000000 ____D C:\Users\dr-jane\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games 2013-11-13 16:20 - 2013-08-15 19:59 - 00000000 ____D C:\Windows\system32\MRT 2013-11-13 16:19 - 2013-02-21 17:12 - 82896128 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe 2013-11-13 16:17 - 2013-11-13 16:15 - 00000302 _____ C:\Windows\SIERRA.INI 2013-11-13 16:15 - 2013-11-13 16:15 - 00000000 ____D C:\SIERRA 2013-11-13 16:15 - 2013-11-13 16:15 - 00000000 ____D C:\Program Files (x86)\Sierra On-Line 2013-11-13 13:20 - 2013-11-13 13:15 - 00000000 ____D C:\ProgramData\Adobe 2013-11-13 13:18 - 2013-02-17 01:19 - 00000000 ____D C:\Users\dr-jane\AppData\Roaming\Adobe 2013-11-13 13:17 - 2013-11-13 13:17 - 00000000 ____D C:\ProgramData\McAfee 2013-11-13 13:15 - 2013-11-13 13:15 - 00000000 ____D C:\Program Files (x86)\Adobe 2013-11-09 15:44 - 2013-02-16 21:52 - 00000000 ____D C:\Users\dr-jane\AppData\Local\VirtualStore 2013-11-09 15:39 - 2013-11-09 15:39 - 00000000 _____ C:\Windows\PowerReg.dat 2013-11-09 15:38 - 2013-11-09 15:38 - 00000000 ____D C:\Program Files (x86)\Infogrames Interactive 2013-11-09 15:38 - 2013-02-16 21:56 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information 2013-11-08 21:51 - 2013-02-16 23:26 - 00000000 ____D C:\Users\dr-jane\AppData\Local\Mozilla 2013-11-08 17:04 - 2013-02-16 23:54 - 00000000 ____D C:\Users\dr-jane\AppData\Roaming\Apple Computer 2013-11-08 17:02 - 2013-02-16 23:54 - 00000000 ____D C:\Users\dr-jane\AppData\Local\Apple Computer 2013-11-07 20:31 - 2013-11-07 20:31 - 00000000 ____D C:\Program Files (x86)\QuickTime 2013-11-07 20:31 - 2013-02-16 23:53 - 00000000 ____D C:\Program Files\Common Files\Apple 2013-11-07 20:30 - 2013-11-07 20:29 - 00000000 ____D C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69 2013-11-07 20:30 - 2013-11-07 20:29 - 00000000 ____D C:\Program Files\iTunes 2013-11-07 20:30 - 2013-11-07 20:29 - 00000000 ____D C:\Program Files (x86)\iTunes 2013-11-07 20:29 - 2013-11-07 20:29 - 00000000 ____D C:\Program Files\iPod Some content of TEMP: ==================== C:\Users\dr-jane\AppData\Local\Temp\AutoRun.exe C:\Users\dr-jane\AppData\Local\Temp\AutoRunGUI.dll C:\Users\dr-jane\AppData\Local\Temp\cabex.dll C:\Users\dr-jane\AppData\Local\Temp\DivXSetup.exe C:\Users\dr-jane\AppData\Local\Temp\eauninstall.exe C:\Users\dr-jane\AppData\Local\Temp\fp_pl_pfs_installer.exe C:\Users\dr-jane\AppData\Local\Temp\FreemakeVideoConverter_4.1.0.0.exe C:\Users\dr-jane\AppData\Local\Temp\jre-7u13-windows-i586-iftw.exe C:\Users\dr-jane\AppData\Local\Temp\jre-7u17-windows-i586-iftw.exe C:\Users\dr-jane\AppData\Local\Temp\jre-7u21-windows-i586-iftw.exe C:\Users\dr-jane\AppData\Local\Temp\jre-7u25-windows-i586-iftw.exe C:\Users\dr-jane\AppData\Local\Temp\jre-7u45-windows-i586-iftw.exe C:\Users\dr-jane\AppData\Local\Temp\msvcr71.dll C:\Users\dr-jane\AppData\Local\Temp\NoUAC.exe C:\Users\dr-jane\AppData\Local\Temp\nv3DVStreaming.dll C:\Users\dr-jane\AppData\Local\Temp\nvSCPAPI.dll C:\Users\dr-jane\AppData\Local\Temp\nvStereoApiI.dll C:\Users\dr-jane\AppData\Local\Temp\nvStInst.exe C:\Users\dr-jane\AppData\Local\Temp\Quarantine.exe C:\Users\dr-jane\AppData\Local\Temp\Setup.exe C:\Users\dr-jane\AppData\Local\Temp\SIntf16.dll C:\Users\dr-jane\AppData\Local\Temp\SIntf32.dll C:\Users\dr-jane\AppData\Local\Temp\SIntfNT.dll C:\Users\dr-jane\AppData\Local\Temp\Total Club Manager 2004_uninst.exe C:\Users\dr-jane\AppData\Local\Temp\unelevate.exe C:\Users\dr-jane\AppData\Local\Temp\unicows.dll C:\Users\dr-jane\AppData\Local\Temp\UninstallEADM.dll C:\Users\dr-jane\AppData\Local\Temp\VARemove.exe C:\Users\dr-jane\AppData\Local\Temp\yta_bu12_setup.exe ==================== Bamital & volsnap Check ================= C:\Windows\System32\winlogon.exe => MD5 is legit C:\Windows\System32\wininit.exe => MD5 is legit C:\Windows\SysWOW64\wininit.exe => MD5 is legit C:\Windows\explorer.exe => MD5 is legit C:\Windows\SysWOW64\explorer.exe => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\SysWOW64\svchost.exe => MD5 is legit C:\Windows\System32\services.exe => MD5 is legit C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\SysWOW64\User32.dll => MD5 is legit C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\SysWOW64\userinit.exe => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit LastRegBack: 2013-11-30 20:10 ==================== End Of Log ============================ FRST Addition Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x64) Version: 30-11-2013 Ran by dr-jane at 2013-11-30 22:31:52 Running from C:\Users\dr-jane\Desktop Boot Mode: Normal ========================================================== ==================== Security Center ======================== AV: Norton Internet Security (Disabled - Out of date) {63DF5164-9100-186D-2187-8DC619EFD8BF} AV: Avira Desktop (Disabled - Up to date) {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C} AS: Avira Desktop (Disabled - Up to date) {4D1AAC01-E68E-63B1-344F-57F1C6DA4691} AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: Norton Internet Security (Disabled - Out of date) {D8BEB080-B73A-17E3-1B37-B6B462689202} FW: Norton Internet Security (Disabled) {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4} ==================== Installed Programs ====================== Adobe Flash Player 11 Plugin (x32 Version: 11.9.900.152) Adobe Flash Player ActiveX (x32 Version: 9.0.124.0) Adobe Reader XI (11.0.05) - Deutsch (x32 Version: 11.0.05) Age of Mythology (x32) Apple Application Support (x32 Version: 2.3.6) Apple Mobile Device Support (Version: 7.0.0.117) Apple Software Update (x32 Version: 2.1.3.127) Avira Free Antivirus (x32 Version: 13.0.0.4052) Belkin USB Wireless Adaptor (x32 Version: 1.0.0.10) Bonjour (Version: 3.0.0.10) CCleaner (Version: 3.27) DAEMON Tools Lite (x32 Version: 4.40.2.0131) Diablo III (x32) Die Sims™ 3 (x32 Version: 1.55.4) Die Sims™ 3 Einfach tierisch (x32 Version: 10.0.96) Die Sims™ 3 Jahreszeiten (x32 Version: 16.0.136) Die Sims™ 3 Late Night (x32 Version: 6.0.81) Die Sims™ 3 Lebensfreude (x32 Version: 8.0.152) Die Sims™ 3 Supernatural (x32 Version: 15.0.135) Die Sims™ 3 Wildes Studentenleben (x32 Version: 18.0.126) DivX-Setup (x32 Version: 2.6.1.84) Freemake Video Converter Version 4.1.0 (x32 Version: 4.1.0) GeForce Experience NvStream Client Components (Version: 1.6.28) GIMP 2.8.4 (Version: 2.8.4) Google Chrome (x32 Version: 31.0.1650.57) Google Update Helper (x32 Version: 1.3.21.165) iCloud (Version: 3.0.2.163) iTunes (Version: 11.1.3.8) Java 7 Update 45 (x32 Version: 7.0.450) Java Auto Updater (x32 Version: 2.1.9.8) Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319) Microsoft .NET Framework 4 Client Profile DEU Language Pack (Version: 4.0.30319) Microsoft .NET Framework 4 Extended (Version: 4.0.30319) Microsoft .NET Framework 4 Extended DEU Language Pack (Version: 4.0.30319) Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.56336) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (x32 Version: 9.0.30729) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (Version: 10.0.40219) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (x32 Version: 10.0.40219) Microsoft WSE 3.0 Runtime (x32 Version: 3.0.5305.0) Mozilla Firefox 25.0.1 (x86 de) (x32 Version: 25.0.1) Mozilla Maintenance Service (x32 Version: 25.0.1) MSXML 4.0 SP2 (KB954430) (x32 Version: 4.20.9870.0) MSXML 4.0 SP2 (KB973688) (x32 Version: 4.20.9876.0) MSXML4 Parser (x32 Version: 1.0.0) Norton Internet Security (x32 Version: 20.4.0.40) Norton Security Scan (x32 Version: 3.7.2.10) NVIDIA 3D Vision Controller-Treiber 320.49 (Version: 320.49) NVIDIA 3D Vision Treiber 320.49 (Version: 320.49) NVIDIA GeForce Experience 1.7 (Version: 1.7) NVIDIA Grafiktreiber 320.49 (Version: 320.49) NVIDIA HD-Audiotreiber 1.3.24.2 (Version: 1.3.24.2) NVIDIA Install Application (Version: 2.1002.140.952) NVIDIA LED Visualizer 1.0 (Version: 1.0) NVIDIA PhysX (x32 Version: 9.13.0604) NVIDIA PhysX-Systemsoftware 9.13.0604 (Version: 9.13.0604) NVIDIA ShadowPlay 9.3.16 (Version: 9.3.16) NVIDIA Stereoscopic 3D Driver (x32 Version: 7.17.13.2049) NVIDIA Systemsteuerung 320.49 (Version: 320.49) NVIDIA Update 9.3.16 (Version: 9.3.16) NVIDIA Update Components (Version: 9.3.16) NVIDIA Virtual Audio 1.2.9 (Version: 1.2.9) Object Browser (x32 Version: 1.29.153.2) Origin (x32 Version: 9.1.13.85) Pharao (x32) PlayMemories Home (x32 Version: 7.0.03.04240) QuickTime (x32 Version: 7.74.80.86) Realtek Ethernet Controller Driver (x32 Version: 7.49.927.2011) RollerCoaster Tycoon 2 (x32) SHIELD Streaming (Version: 1.6.34) Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (x32 Version: 1) Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (x32 Version: 1) Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (x32 Version: 1) Update for Microsoft .NET Framework 4 Client Profile (KB2836939v3) (x32 Version: 3) Update for Microsoft .NET Framework 4 Extended (KB2468871) (x32 Version: 1) Update for Microsoft .NET Framework 4 Extended (KB2533523) (x32 Version: 1) Update for Microsoft .NET Framework 4 Extended (KB2600217) (x32 Version: 1) Update for Microsoft .NET Framework 4 Extended (KB2836939v3) (x32 Version: 3) VC80CRTRedist - 8.0.50727.6195 (x32 Version: 1.2.0) VLC media player 2.1.0 (x32 Version: 2.1.0) WD Drive Utilities (x32 Version: 1.0.6.3) WD Security (x32 Version: 1.0.6.3) WD SmartWare (Version: 2.2.0.8) WinRAR WinZip Malware Protector (x32 Version: 2.1.1000.10798) ==================== Restore Points ========================= 21-11-2013 22:14:28 Geplanter Prüfpunkt 30-11-2013 19:17:04 Geplanter Prüfpunkt ==================== Hosts content: ========================== 2009-07-14 03:34 - 2009-06-10 22:00 - 00000824 ____N C:\Windows\system32\Drivers\etc\hosts ==================== Scheduled Tasks (whitelisted) ============= Task: {010EA60D-E159-429C-BF22-320936EF8AA2} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-02-16] (Google Inc.) Task: {24A06C5D-0046-42C1-9FAF-3F81E879F390} - System32\Tasks\Norton Internet Security\Norton Error Processor => C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\symerr.exe [2013-06-04] (Symantec Corporation) Task: {2A6D9220-9995-48EC-8613-ABE2D5EA7621} - System32\Tasks\Norton Security Scan for dr-jane => C:\Program Files (x86)\Norton Security Scan\Engine\3.7.2.10\Nss.exe [2012-11-02] (Symantec Corporation) Task: {31AEA872-6AB2-469B-B4EC-C49ABC816FF9} - System32\Tasks\{AA074299-058B-4DCF-87BE-B7562C55ED1C} => C:\Users\dr-jane\Downloads\Total Club Manager 2004\tcm2004.exe Task: {3719F324-E2B1-44F9-8141-634DCF3EBDD2} - System32\Tasks\Microsoft\Windows\Media Center\Extender\Update media permissions for Mcx1-BOBBY => C:\Windows\ehome\McxTask.exe [2009-07-14] (Microsoft Corporation) Task: {6019A6D8-0EE8-4175-B06E-B8DA2DD9FE25} - System32\Tasks\Object Browser-chromeinstaller => C:\Program Files (x86)\Object Browser\Object Browser-chromeinstaller.exe [2013-10-27] (Object Browser) Task: {7EEE794C-701B-4D97-8EF6-4F1CD1CA6C7C} - System32\Tasks\Object Browser-codedownloader => C:\Program Files (x86)\Object Browser\Object Browser-codedownloader.exe [2013-10-27] (Object Browser) Task: {8CACCE6C-1FA8-4E64-A64B-BFF703758349} - System32\Tasks\Object Browser-firefoxinstaller => C:\Program Files (x86)\Object Browser\Object Browser-firefoxinstaller.exe [2013-10-27] (Object Browser) Task: {A8548233-738C-4CE8-848D-E999C330808A} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.) Task: {A9A530DE-D03A-423C-BC00-53527C1B0637} - System32\Tasks\Object Browser-enabler => C:\Program Files (x86)\Object Browser\Object Browser-enabler.exe [2013-10-27] (Object Browser) Task: {AAF4CA17-EA18-4F3E-A7EC-6F1B67517B83} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2013-01-23] (Piriform Ltd) Task: {B11CF94B-8C65-476B-8903-F25A301BD3B1} - System32\Tasks\Norton Internet Security\Norton Error Analyzer => C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\symerr.exe [2013-06-04] (Symantec Corporation) Task: {B4F3FFB8-9D2A-467B-9DBD-125A203E692B} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-02-16] (Google Inc.) Task: {CAA0EBAF-EB43-4639-9884-D2AE82EFF67C} - System32\Tasks\Object Browser-updater => C:\Program Files (x86)\Object Browser\Object Browser-updater.exe [2013-10-27] (Object Browser) Task: {CD29BC8B-49F4-468D-9FF3-FFA0B3305627} - System32\Tasks\WinZip Malware Protector_startup => C:\Program Files (x86)\WinZip Malware Protector\WinZipMalwareProtector.exe [2013-07-15] (Nico Mak Computing) Task: {D1D10854-E68B-4979-9D41-E17888AC3567} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-11-15] (Adobe Systems Incorporated) Task: {F49C4EF5-2E13-42C0-92AA-03C498C937FF} - System32\Tasks\Norton WSC Integration => C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\wscstub.exe [2013-06-04] (Symantec Corporation) Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\Norton Security Scan for dr-jane.job => C:\PROGRA~2\NORTON~3\Engine\372~1.10\Nss.exe Task: C:\Windows\Tasks\Object Browser-chromeinstaller.job => C:\Program Files (x86)\Object Browser\Object Browser-chromeinstaller.exe Task: C:\Windows\Tasks\Object Browser-codedownloader.job => C:\Program Files (x86)\Object Browser\Object Browser-codedownloader.exe Task: C:\Windows\Tasks\Object Browser-enabler.job => C:\Program Files (x86)\Object Browser\Object Browser-enabler.exe Task: C:\Windows\Tasks\Object Browser-firefoxinstaller.job => C:\Program Files (x86)\Object Browser\Object Browser-firefoxinstaller.exe Task: C:\Windows\Tasks\Object Browser-updater.job => C:\Program Files (x86)\Object Browser\Object Browser-updater.exe ==================== Loaded Modules (whitelisted) ============= 2013-02-16 23:15 - 2010-03-15 11:28 - 00166400 _____ () C:\Program Files\WinRAR\rarext.dll 2013-02-16 23:28 - 2013-02-16 23:27 - 00397704 _____ () C:\Program Files (x86)\Avira\AntiVir Desktop\sqlite3.dll 2012-11-28 14:13 - 2012-11-28 14:13 - 00087952 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll 2012-11-28 14:13 - 2012-11-28 14:13 - 01242512 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll 2013-06-18 19:02 - 2012-05-30 07:51 - 00699280 ____R () C:\PROGRAM FILES (X86)\NORTON INTERNET SECURITY\ENGINE\20.4.0.40\wincfi39.dll 2013-09-14 01:51 - 2013-09-14 01:51 - 00087952 _____ () C:\Program Files (x86)\Common Files\Apple\Internet Services\zlib1.dll 2013-09-14 01:50 - 2013-09-14 01:50 - 01242952 _____ () C:\Program Files (x86)\Common Files\Apple\Internet Services\libxml2.dll 2013-08-29 01:25 - 2013-08-29 01:25 - 00100688 _____ () C:\Program Files (x86)\DivX\DivX Update\DivXUpdateCheck.dll 2013-11-18 22:55 - 2013-11-18 22:55 - 03363952 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll 2013-11-15 16:30 - 2013-11-15 16:30 - 16237448 _____ () C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_152.dll 2013-11-30 22:04 - 2013-02-28 16:53 - 00886272 _____ () C:\Program Files (x86)\WinZip Malware Protector\System.Data.SQLite.dll 2013-11-30 22:04 - 2013-07-15 16:53 - 01717936 _____ () C:\Program Files (x86)\WinZip Malware Protector\aspsys.dll 2013-11-30 22:04 - 2013-02-28 16:53 - 00168448 _____ () C:\Program Files (x86)\WinZip Malware Protector\UNRAR.DLL ==================== Alternate Data Streams (whitelisted) ========= AlternateDataStreams: C:\ProgramData\TEMP:56E2E879 AlternateDataStreams: C:\ProgramData\TEMP:7D2C66B1 ==================== Safe Mode (whitelisted) =================== ==================== Faulty Device Manager Devices ============= ==================== Event log errors: ========================= Application errors: ================== Error: (11/30/2013 07:40:17 PM) (Source: Application Hang) (User: ) Description: Programm FreemakeVC.exe, Version 4.1.0.0 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: 798 Startzeit: 01ceedfa4606e614 Endzeit: 62 Anwendungspfad: C:\Program Files (x86)\Freemake\Freemake Video Converter\FreemakeVC.exe Berichts-ID: Error: (11/30/2013 07:28:02 PM) (Source: NvStreamSvc) (User: ) Description: NvStreamSvcStartServiceCtrlDispatcher failed [1063] Error: (11/24/2013 07:00:06 PM) (Source: Windows Backup) (User: ) Description: Die Sicherung wurde aufgrund eines Fehlers beim Schreiben am Sicherungsspeicherort "G:\" nicht abgeschlossen. Fehler: "Der Sicherungsort wurde nicht gefunden oder ist ungültig. Überprüfen Sie die Sicherungseinstellungen und den Sicherungsort. (0x81000006)" Error: (11/18/2013 10:41:48 PM) (Source: Windows Backup) (User: ) Description: Die Sicherung wurde aufgrund eines Fehlers beim Schreiben am Sicherungsspeicherort "G:\" nicht abgeschlossen. Fehler: "Der Sicherungsort wurde nicht gefunden oder ist ungültig. Überprüfen Sie die Sicherungseinstellungen und den Sicherungsort. (0x81000006)" Error: (11/13/2013 11:34:44 PM) (Source: Application Error) (User: ) Description: Name der fehlerhaften Anwendung: firefox.exe, Version: 25.0.0.5046, Zeitstempel: 0x526b1e27 Name des fehlerhaften Moduls: xul.dll, Version: 25.0.0.5046, Zeitstempel: 0x526b1d27 Ausnahmecode: 0xc0000005 Fehleroffset: 0x001157e7 ID des fehlerhaften Prozesses: 0xf40 Startzeit der fehlerhaften Anwendung: 0xfirefox.exe0 Pfad der fehlerhaften Anwendung: firefox.exe1 Pfad des fehlerhaften Moduls: firefox.exe2 Berichtskennung: firefox.exe3 Error: (11/13/2013 04:35:35 PM) (Source: Application Hang) (User: ) Description: Programm Pharaoh.exe, Version 1.2.0.0 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: 11ac Startzeit: 01cee084f5dcebcc Endzeit: 25732 Anwendungspfad: C:\SIERRA\Pharao\Pharaoh.exe Berichts-ID: Error: (11/13/2013 04:18:36 PM) (Source: Microsoft-Windows-CAPI2) (User: ) Description: Fehler beim Kryptografiedienst während der Verarbeitung des "OnIdentity()"-Aufrufobjekts "System Writer". Details: AddCoreCsiFiles : BeginFileEnumeration() failed. System Error: Falscher Parameter. . Error: (11/13/2013 04:18:35 PM) (Source: Microsoft-Windows-CAPI2) (User: ) Description: Fehler beim Kryptografiedienst während der Verarbeitung des "OnIdentity()"-Aufrufobjekts "System Writer". Details: AddCoreCsiFiles : BeginFileEnumeration() failed. System Error: Falscher Parameter. . Error: (11/11/2013 08:57:26 PM) (Source: Application Hang) (User: ) Description: Programm explorer.exe, Version 6.1.7601.17567 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: e04 Startzeit: 01cedf17c718c3f4 Endzeit: 60000 Anwendungspfad: C:\Windows\explorer.exe Berichts-ID: 50099770-4b0b-11e3-89fe-6cf049062de4 Error: (11/11/2013 08:54:40 PM) (Source: Application Hang) (User: ) Description: Programm Explorer.EXE, Version 6.1.7601.17567 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: de0 Startzeit: 01cedeea810eec3f Endzeit: 25188 Anwendungspfad: C:\Windows\Explorer.EXE Berichts-ID: f323b6b7-4b0a-11e3-89fe-6cf049062de4 System errors: ============= Error: (11/25/2013 05:54:57 PM) (Source: DCOM) (User: ) Description: 1053sdrsvc{687E55CA-6621-4C41-B9F1-C0EDDC94BB05} Error: (11/25/2013 05:54:57 PM) (Source: Service Control Manager) (User: ) Description: Der Dienst "Windows-Sicherung" wurde aufgrund folgenden Fehlers nicht gestartet: %%1053 Error: (11/25/2013 05:54:57 PM) (Source: Service Control Manager) (User: ) Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Windows-Sicherung erreicht. Error: (11/21/2013 07:20:19 PM) (Source: Disk) (User: ) Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk2\DR9 gefunden. Error: (11/21/2013 07:20:18 PM) (Source: Disk) (User: ) Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk2\DR9 gefunden. Error: (11/21/2013 07:20:17 PM) (Source: Disk) (User: ) Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk2\DR9 gefunden. Error: (11/21/2013 07:13:24 PM) (Source: Disk) (User: ) Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk2\DR9 gefunden. Error: (11/21/2013 07:13:24 PM) (Source: Disk) (User: ) Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk2\DR9 gefunden. Error: (11/21/2013 07:13:23 PM) (Source: Disk) (User: ) Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk2\DR9 gefunden. Error: (11/21/2013 07:13:23 PM) (Source: Disk) (User: ) Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk2\DR9 gefunden. Microsoft Office Sessions: ========================= Error: (11/30/2013 07:40:17 PM) (Source: Application Hang)(User: ) Description: FreemakeVC.exe4.1.0.079801ceedfa4606e61462C:\Program Files (x86)\Freemake\Freemake Video Converter\FreemakeVC.exe Error: (11/30/2013 07:28:02 PM) (Source: NvStreamSvc)(User: ) Description: NvStreamSvcStartServiceCtrlDispatcher failed [1063] Error: (11/24/2013 07:00:06 PM) (Source: Windows Backup)(User: ) Description: G:\Der Sicherungsort wurde nicht gefunden oder ist ungültig. Überprüfen Sie die Sicherungseinstellungen und den Sicherungsort. (0x81000006) Error: (11/18/2013 10:41:48 PM) (Source: Windows Backup)(User: ) Description: G:\Der Sicherungsort wurde nicht gefunden oder ist ungültig. Überprüfen Sie die Sicherungseinstellungen und den Sicherungsort. (0x81000006) Error: (11/13/2013 11:34:44 PM) (Source: Application Error)(User: ) Description: firefox.exe25.0.0.5046526b1e27xul.dll25.0.0.5046526b1d27c0000005001157e7f4001cee0b87974c98cC:\Program Files (x86)\Mozilla Firefox\firefox.exeC:\Program Files (x86)\Mozilla Firefox\xul.dllca8276f1-4cb3-11e3-8215-6cf049062de4 Error: (11/13/2013 04:35:35 PM) (Source: Application Hang)(User: ) Description: Pharaoh.exe1.2.0.011ac01cee084f5dcebcc25732C:\SIERRA\Pharao\Pharaoh.exe Error: (11/13/2013 04:18:36 PM) (Source: Microsoft-Windows-CAPI2)(User: ) Description: Details: AddCoreCsiFiles : BeginFileEnumeration() failed. System Error: Falscher Parameter. Error: (11/13/2013 04:18:35 PM) (Source: Microsoft-Windows-CAPI2)(User: ) Description: Details: AddCoreCsiFiles : BeginFileEnumeration() failed. System Error: Falscher Parameter. Error: (11/11/2013 08:57:26 PM) (Source: Application Hang)(User: ) Description: explorer.exe6.1.7601.17567e0401cedf17c718c3f460000C:\Windows\explorer.exe50099770-4b0b-11e3-89fe-6cf049062de4 Error: (11/11/2013 08:54:40 PM) (Source: Application Hang)(User: ) Description: Explorer.EXE6.1.7601.17567de001cedeea810eec3f25188C:\Windows\Explorer.EXEf323b6b7-4b0a-11e3-89fe-6cf049062de4 ==================== Memory info =========================== Percentage of memory in use: 34% Total physical RAM: 8123.49 MB Available physical RAM: 5347.01 MB Total Pagefile: 16245.16 MB Available Pagefile: 13282.96 MB Total Virtual: 8192 MB Available Virtual: 8191.79 MB ==================== Drives ================================ Drive c: () (Fixed) (Total:465.66 GB) (Free:60.93 GB) NTFS ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or 8) (Size: 466 GB) (Disk ID: 241C6624) Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS) Partition 2: (Not Active) - (Size=466 GB) - (Type=07 NTFS) ==================== End Of Log ============================ Code:
ATTFilter GMER 2.1.19163 - hxxp://www.gmer.net Rootkit scan 2013-11-30 23:05:13 Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP3T0L0-3 Hitachi_HDT721050SLA360 rev.ST3OA3AA 465,76GB Running: gmer_2.1.19163.exe; Driver: C:\Users\dr-jane\AppData\Local\Temp\fxldqpog.sys ---- Kernel code sections - GMER 2.1 ---- INITKDBG C:\Windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 528 fffff80002dbb000 46 bytes [00, 00, 15, 02, 46, 69, 6C, ...] INITKDBG C:\Windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 575 fffff80002dbb02f 18 bytes [00, 00, 00, 00, 00, 00, 00, ...] ---- EOF - GMER 2.1 ---- Geändert von dr-jane (01.12.2013 um 01:51 Uhr) |
01.12.2013, 09:16 | #2 |
/// the machine /// TB-Ausbilder | Windows 7: Daily Deal Werbung im Browser (FireFox) hi,
__________________Downloade Dir bitte Malwarebytes Anti-Malware
Downloade Dir bitte AdwCleaner auf deinen Desktop.
Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
und ein frisches FRST log bitte.
__________________ |
01.12.2013, 12:36 | #3 |
| Windows 7: Daily Deal Werbung im Browser (FireFox) Hallo,
__________________schon mal danke für die schnelle Antwort! Hier die Logfiles, um die du mich gebeten hast: Malwarebytes Anti-Malware Code:
ATTFilter Malwarebytes Anti-Malware (Test) 1.75.0.1300 www.malwarebytes.org Datenbank Version: v2013.12.01.02 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 10.0.9200.16736 dr-jane :: BOBBY [Administrator] Schutz: Aktiviert 01.12.2013 11:44:51 mbam-log-2013-12-01 (11-44-51).txt Art des Suchlaufs: Quick-Scan Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 253058 Laufzeit: 3 Minute(n), 23 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 12 HKCR\CLSID\{11111111-1111-1111-1111-110311281150} (PUP.Optional.ObjectBrowser.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCR\TypeLib\{44444444-4444-4444-4444-440344284450} (PUP.Optional.ObjectBrowser.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCR\Interface\{55555555-5555-5555-5555-550355285550} (PUP.Optional.ObjectBrowser.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCR\CrossriderApp0032850.BHO.1 (PUP.Optional.ObjectBrowser.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11111111-1111-1111-1111-110311281150} (PUP.Optional.ObjectBrowser.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{11111111-1111-1111-1111-110311281150} (PUP.Optional.ObjectBrowser.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{11111111-1111-1111-1111-110311281150} (PUP.Optional.ObjectBrowser.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Object Browser (PUP.Optional.ObjectBrowser.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCR\CrossriderApp0032850.BHO (PUP.Optional.CrossRider.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCR\CrossriderApp0032850.Sandbox (PUP.Optional.CrossRider.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCR\CrossriderApp0032850.Sandbox.1 (PUP.Optional.CrossRider.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKLM\SOFTWARE\Object Browser (PUP.Optional.ObjectBrowser.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 4 C:\Program Files (x86)\Object Browser (PUP.Optional.ObjectBrowser.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\dr-jane\AppData\Local\Temp\ct3288691 (PUP.Optional.Conduit.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\dr-jane\AppData\Local\Temp\ct3297265 (PUP.Optional.Conduit.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\dr-jane\AppData\Local\Temp\ct3297861 (PUP.Optional.Conduit.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. Infizierte Dateien: 32 C:\Program Files (x86)\Object Browser\Object Browser-bho.dll (PUP.Optional.ObjectBrowser.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\dr-jane\AppData\Local\Temp\FreemakeVideoConverter_4.1.0.0.exe (PUP.Optional.OpenCandy) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\dr-jane\AppData\Local\Temp\Stub\1684304427\cr.exe (PUP.Optional.CrossRider) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files (x86)\Object Browser\background.html (PUP.Optional.ObjectBrowser.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files (x86)\Object Browser\32850.crx (PUP.Optional.ObjectBrowser.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files (x86)\Object Browser\32850.xpi (PUP.Optional.ObjectBrowser.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files (x86)\Object Browser\Installer.log (PUP.Optional.ObjectBrowser.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files (x86)\Object Browser\Object Browser-bg.exe (PUP.Optional.ObjectBrowser.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files (x86)\Object Browser\Object Browser-bho64.dll (PUP.Optional.ObjectBrowser.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files (x86)\Object Browser\Object Browser-buttonutil.dll (PUP.Optional.ObjectBrowser.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files (x86)\Object Browser\Object Browser-buttonutil.exe (PUP.Optional.ObjectBrowser.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files (x86)\Object Browser\Object Browser-buttonutil64.dll (PUP.Optional.ObjectBrowser.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files (x86)\Object Browser\Object Browser-buttonutil64.exe (PUP.Optional.ObjectBrowser.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files (x86)\Object Browser\Object Browser-chromeinstaller.exe (PUP.Optional.ObjectBrowser.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files (x86)\Object Browser\Object Browser-codedownloader.exe (PUP.Optional.ObjectBrowser.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files (x86)\Object Browser\Object Browser-enabler.exe (PUP.Optional.ObjectBrowser.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files (x86)\Object Browser\Object Browser-firefoxinstaller.exe (PUP.Optional.ObjectBrowser.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files (x86)\Object Browser\Object Browser-helper.exe (PUP.Optional.ObjectBrowser.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files (x86)\Object Browser\Object Browser-updater.exe (PUP.Optional.ObjectBrowser.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files (x86)\Object Browser\Object Browser.ico (PUP.Optional.ObjectBrowser.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files (x86)\Object Browser\Uninstall.exe (PUP.Optional.ObjectBrowser.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files (x86)\Object Browser\utils.exe (PUP.Optional.ObjectBrowser.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Windows\Tasks\Object Browser-chromeinstaller.job (PUP.Optional.ObjectBrowser.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Windows\Tasks\Object Browser-codedownloader.job (PUP.Optional.ObjectBrowser.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Windows\Tasks\Object Browser-enabler.job (PUP.Optional.ObjectBrowser.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Windows\Tasks\Object Browser-firefoxinstaller.job (PUP.Optional.ObjectBrowser.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Windows\Tasks\Object Browser-updater.job (PUP.Optional.ObjectBrowser.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\dr-jane\AppData\Local\Temp\ct3288691\chromeid.txt (PUP.Optional.Conduit.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\dr-jane\AppData\Local\Temp\ct3288691\setup.ini.txt (PUP.Optional.Conduit.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\dr-jane\AppData\Local\Temp\ct3297265\ism.exe (PUP.Optional.Conduit.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\dr-jane\AppData\Local\Temp\ct3297861\chromeid.txt (PUP.Optional.Conduit.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\dr-jane\AppData\Local\Temp\ct3297861\setup.ini.txt (PUP.Optional.Conduit.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. (Ende) AdwCleaner Code:
ATTFilter # AdwCleaner v3.013 - Bericht erstellt am 01/12/2013 um 11:58:17 # Updated 24/11/2013 von Xplode # Betriebssystem : Windows 7 Ultimate Service Pack 1 (64 bits) # Benutzername : dr-jane - BOBBY # Gestartet von : C:\Users\dr-jane\Desktop\adwcleaner313.exe # Option : Löschen ***** [ Dienste ] ***** ***** [ Dateien / Ordner ] ***** Ordner Gelöscht : C:\Program Files (x86)\RegClean Pro Ordner Gelöscht : C:\Users\dr-jane\AppData\Roaming\Systweak Datei Gelöscht : C:\END ***** [ Verknüpfungen ] ***** ***** [ Registrierungsdatenbank ] ***** Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASAPI32 Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASMANCS Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{22222222-2222-2222-2222-220322282250} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660366286650} Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\CLSID\{22222222-2222-2222-2222-220322282250} Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660366286650} Schlüssel Gelöscht : HKCU\Software\Conduit Schlüssel Gelöscht : HKCU\Software\installedbrowserextensions Schlüssel Gelöscht : HKCU\Software\Softonic Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\Crossrider Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\DivX\Install\Setup\WizardLayout\ConduitToolbar ***** [ Browser ] ***** -\\ Internet Explorer v10.0.9200.16736 -\\ Mozilla Firefox v25.0.1 (de) [ Datei : C:\Users\dr-jane\AppData\Roaming\Mozilla\Firefox\Profiles\1d91dsu2.default\prefs.js ] Zeile gelöscht : user_pref("extensions.crossrider.bic", "141fa98ca9d416bcef0d7be89663e31a"); -\\ Google Chrome v31.0.1650.57 [ Datei : C:\Users\dr-jane\AppData\Local\Google\Chrome\User Data\Default\preferences ] ************************* AdwCleaner[R0].txt - [20881 octets] - [30/11/2013 21:59:52] AdwCleaner[R1].txt - [2214 octets] - [01/12/2013 11:57:12] AdwCleaner[S0].txt - [1957 octets] - [01/12/2013 11:58:17] ########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [2017 octets] ########## JRT Code:
ATTFilter ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Junkware Removal Tool (JRT) by Thisisu Version: 6.0.8 (11.05.2013:1) OS: Windows 7 Ultimate x64 Ran by Saskia on 01.12.2013 at 12:07:38,69 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~ Services ~~~ Registry Values ~~~ Registry Keys ~~~ Files ~~~ Folders ~~~ FireFox Successfully deleted: [Folder] C:\Users\Saskia\AppData\Roaming\mozilla\firefox\profiles\1d91dsu2.default\extensions\9321b276-2c2e-4c5f-bd04-b8118e512707@c0c8a2d6-3275-4cac-a0b2-52e936311db9.com Emptied folder: C:\Users\Saskia\AppData\Roaming\mozilla\firefox\profiles\1d91dsu2.default\minidumps [25 files] ~~~ Event Viewer Logs were cleared ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Scan was completed on 01.12.2013 at 12:16:01,63 End of JRT log ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ FRST FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 30-11-2013 Ran by dr-jane (administrator) on BOBBY on 01-12-2013 12:18:29 Running from C:\Users\dr-jane\Desktop Windows 7 Ultimate Service Pack 1 (X64) OS Language: German Standard Internet Explorer Version 10 Boot Mode: Normal ==================== Processes (Whitelisted) ================= (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe (Nico Mak Computing) C:\Program Files (x86)\WinZip Malware Protector\WinZipMalwareProtector.exe (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\ccsvchst.exe (Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\ccsvchst.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (Sony Corporation) C:\Program Files (x86)\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe (Western Digital Technologies, Inc.) C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe (Western Digital Technologies, Inc.) C:\Program Files (x86)\Western Digital\WD SmartWare\WDBackupEngine.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe (Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe (Sony Corporation) C:\Program Files (x86)\Sony\PlayMemories Home\PMBVolumeWatcher.exe (Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe () C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe (Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe (Western Digital Technologies, Inc.) C:\Program Files (x86)\Western Digital\WD Security\WDDriveAutoUnlock.exe (Western Digital Technologies, Inc.) C:\Program Files (x86)\Western Digital\WD Quick View\WDDMStatus.exe (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe (Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe ==================== Registry (Whitelisted) ================== HKLM\...\Run: [Nvtmru] - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe [1028384 2013-10-18] (NVIDIA Corporation) HKLM\...\Run: [ShadowPlay] - C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart HKLM\...\Run: [Onboard] - C:\Program Files\Western Digital\WD SmartWare\BackupTask.exe /Onboard "C:\Program Files\Western Digital\WD SmartWare\WDSmartWare.exe" HKLM-x32\...\Winlogon: [Userinit] C:\Windows\sysWOW64\userinit.exe [26624 2010-11-20] (Microsoft Corporation) HKCU\...\Run: [EA Core] - "C:\Program Files (x86)\Electronic Arts\EADM\Core.exe" -silent HKCU\...\Run: [iCloudServices] - C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [59720 2013-09-14] (Apple Inc.) MountPoints2: {13003731-132d-11e3-a50f-6cf049062de4} - E:\RunGame.exe MountPoints2: {2d35021d-787f-11e2-bb47-6cf049062de4} - F:\Autorun.exe MountPoints2: {e0669d39-5296-11e3-9540-6cf049062de4} - "G:\WD Drive Unlock.exe" autoplay=true HKLM-x32\...\Run: [DivXMediaServer] - C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe [450560 2013-08-21] (DivX, LLC) HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.) HKLM-x32\...\Run: [PMBVolumeWatcher] - C:\Program Files (x86)\Sony\PlayMemories Home\PMBVolumeWatcher.exe [740888 2013-04-24] (Sony Corporation) HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation) HKLM-x32\...\Run: [DivXUpdate] - C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe [1861968 2013-08-29] () HKLM-x32\...\Run: [iTunesHelper] - C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2013-11-02] (Apple Inc.) HKLM-x32\...\Run: [QuickTime Task] - C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2013-05-01] (Apple Inc.) HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-09-05] (Adobe Systems Incorporated) HKLM-x32\...\Run: [WD Drive Unlocker] - C:\Program Files (x86)\Western Digital\WD Security\WDDriveAutoUnlock.exe [1694080 2013-07-10] (Western Digital Technologies, Inc.) HKLM-x32\...\Run: [WD Quick View] - C:\Program Files (x86)\Western Digital\WD Quick View\WDDMStatus.exe [5537136 2013-08-14] (Western Digital Technologies, Inc.) HKLM-x32\...\Run: [AvastUI.exe] - C:\Program Files\AVAST Software\Avast\AvastUI.exe [3568312 2013-11-30] (AVAST Software) ==================== Internet (Whitelisted) ==================== HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://at.msn.com/?ocid=iehp HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x85D625C0880CCE01 HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-at BHO: Object Browser - {11111111-1111-1111-1111-110311281150} - C:\Program Files (x86)\Object Browser\Object Browser-bho64.dll No File BHO: avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software) BHO-x32: Norton Identity Protection - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\coieplg.dll (Symantec Corporation) BHO-x32: Norton Vulnerability Protection - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\ips\ipsbho.dll (Symantec Corporation) BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO-x32: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software) BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) Toolbar: HKLM - avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software) Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\coieplg.dll (Symantec Corporation) Toolbar: HKLM-x32 - avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software) Tcpip\Parameters: [DhcpNameServer] 195.34.133.21 212.186.211.21 FireFox: ======== FF ProfilePath: C:\Users\dr-jane\AppData\Roaming\Mozilla\Firefox\Profiles\1d91dsu2.default FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_9_900_152.dll () FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 - C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.) FF Plugin: @microsoft.com/GENUINE - disabled No File FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_152.dll () FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () FF Plugin-x32: @divx.com/DivX VOD Helper,version=1.0.0 - C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.) FF Plugin-x32: @divx.com/DivX Web Player Plug-In,version=1.0.0 - C:\Program Files (x86)\DivX\DivX Web Player\npdivx32.dll (DivX, LLC) FF Plugin-x32: @java.com/DTPlugin,version=10.45.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=10.45.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin-x32: @microsoft.com/GENUINE - disabled No File FF Plugin-x32: @nvidia.com/3DVision - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation) FF Plugin-x32: @nvidia.com/3DVisionStreaming - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation) FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml FF Extension: No Name - C:\Users\dr-jane\AppData\Roaming\Mozilla\Firefox\Profiles\1d91dsu2.default\Extensions\9321b276-2c2e-4c5f-bd04-b8118e512707@c0c8a2d6-3275-4cac-a0b2-52e936311db9.com FF Extension: adblockpopups - C:\Users\dr-jane\AppData\Roaming\Mozilla\Firefox\Profiles\1d91dsu2.default\Extensions\adblockpopups@jessehakanen.net.xpi FF HKLM-x32\...\Firefox\Extensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.2.1.22\coFFPlgn\ FF Extension: Norton Toolbar - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.2.1.22\coFFPlgn\ FF HKLM-x32\...\Firefox\Extensions: [{BBDA0591-3099-440a-AA10-41764D9DB4DB}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.2.1.22\IPSFFPlgn\ FF Extension: Norton Vulnerability Protection - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.2.1.22\IPSFFPlgn\ FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF Chrome: ======= CHR HomePage: hxxp://www.google.com/ig/redirectdomain?brand=TEUB&bmod=TEUB CHR RestoreOnStartup: "hxxp://www.google.com/ig/redirectdomain?brand=TEUB&bmod=TEUB" CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.57\PepperFlash\pepflashplayer.dll () CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.57\ppGoogleNaClPluginChrome.dll () CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.57\pdf.dll () CHR Plugin: (DivX VOD Helper Plug-in) - C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.) CHR Plugin: (DivX Plus Web Player) - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll No File CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll No File CHR Plugin: (Java(TM) Platform SE 7 U13) - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) CHR Plugin: (NVIDIA 3D Vision) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation) CHR Plugin: (NVIDIA 3D VISION) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation) CHR Plugin: (iTunes Application Detector) - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_168.dll No File CHR Plugin: (Java Deployment Toolkit 7.0.130.20) - C:\Windows\SysWOW64\npDeployJava1.dll No File CHR Extension: (Google Docs) - C:\Users\dr-jane\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0 CHR Extension: (Google Drive) - C:\Users\dr-jane\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0 CHR Extension: (YouTube) - C:\Users\dr-jane\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0 CHR Extension: (Google Search) - C:\Users\dr-jane\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0 CHR Extension: (Object Browser) - C:\Users\dr-jane\AppData\Local\Google\Chrome\User Data\Default\Extensions\kfgaibfbmkjgmimhbbaikfnpkkjkpoan\1.25.84_0 CHR Extension: (Norton Identity Protection) - C:\Users\dr-jane\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk\2013.4.3.4_0 CHR Extension: (Google Wallet) - C:\Users\dr-jane\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.5.0_0 CHR Extension: (Gmail) - C:\Users\dr-jane\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0 CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx CHR HKLM-x32\...\Chrome\Extension: [mkfokfffehpeedafpekjeddnmnjhmcmk] - C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\Exts\Chrome.crx ==================== Services (Whitelisted) ================= R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2013-11-30] (AVAST Software) R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation) R2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation) R2 NIS; C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\ccSvcHst.exe [144368 2013-05-21] (Symantec Corporation) R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [15122208 2013-10-18] (NVIDIA Corporation) R2 PMBDeviceInfoProvider; C:\Program Files (x86)\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe [483864 2013-04-24] (Sony Corporation) R2 WDBackup; C:\Program Files (x86)\Western Digital\WD SmartWare\WDBackupEngine.exe [1042808 2013-08-14] (Western Digital Technologies, Inc.) R2 WDDriveService; C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe [270704 2013-07-10] (Western Digital Technologies, Inc.) ==================== Drivers (Whitelisted) ==================== R2 aswFsBlk; C:\Windows\system32\drivers\aswFsBlk.sys [38984 2013-11-30] (AVAST Software) R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [84328 2013-11-30] (AVAST Software) R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [92544 2013-11-30] (AVAST Software) R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2013-11-30] () R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1032416 2013-11-30] (AVAST Software) R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [409832 2013-11-30] (AVAST Software) R1 aswTdi; C:\Windows\system32\drivers\aswTdi.sys [65264 2013-11-30] (AVAST Software) R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [205320 2013-11-30] () R1 BHDrvx64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.2.1.22\Definitions\BASHDefs\20130903.002\BHDrvx64.sys [1525336 2013-09-03] (Symantec Corporation) R1 ccSet_NIS; C:\Windows\system32\drivers\NISx64\1404000.028\ccSetx64.sys [169048 2013-04-16] (Symantec Corporation) R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [254528 2013-02-16] (DT Soft Ltd) R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [484952 2013-08-27] (Symantec Corporation) R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [140376 2013-08-27] (Symantec Corporation) R1 IDSVia64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.2.1.22\Definitions\IPSDefs\20130919.001\IDSvia64.sys [520280 2013-08-16] (Symantec Corporation) R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation) S3 NAVENG; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.2.1.22\Definitions\VirusDefs\20130920.002\ENG64.SYS [126040 2013-08-29] (Symantec Corporation) S3 NAVEX15; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.2.1.22\Definitions\VirusDefs\20130920.002\EX64.SYS [2099288 2013-08-29] (Symantec Corporation) R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [39200 2013-09-28] (NVIDIA Corporation) S3 SRTSP; C:\Windows\System32\Drivers\NISx64\1404000.028\SRTSP64.SYS [796760 2013-05-16] (Symantec Corporation) R1 SRTSPX; C:\Windows\system32\drivers\NISx64\1404000.028\SRTSPX64.SYS [36952 2013-03-05] (Symantec Corporation) R0 SymDS; C:\Windows\System32\drivers\NISx64\1404000.028\SYMDS64.SYS [493656 2013-05-21] (Symantec Corporation) R0 SymEFA; C:\Windows\System32\drivers\NISx64\1404000.028\SYMEFA64.SYS [1139800 2013-05-23] (Symantec Corporation) R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [177312 2013-06-23] (Symantec Corporation) R1 SymIRON; C:\Windows\system32\drivers\NISx64\1404000.028\Ironx64.SYS [224416 2013-03-05] (Symantec Corporation) R1 SymNetS; C:\Windows\System32\Drivers\NISx64\1404000.028\SYMNETS.SYS [433752 2013-04-25] (Symantec Corporation) S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [x] S3 tsusbhub; system32\drivers\tsusbhub.sys [x] S3 VGPU; System32\drivers\rdvgkmd.sys [x] ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2013-12-01 12:18 - 2013-12-01 12:18 - 00018376 _____ C:\Users\dr-jane\Desktop\FRST.txt 2013-12-01 12:16 - 2013-12-01 12:16 - 00000950 _____ C:\Users\dr-jane\Desktop\JRT.txt 2013-12-01 12:07 - 2013-12-01 12:07 - 00000000 ____D C:\Windows\ERUNT 2013-12-01 12:05 - 2013-12-01 12:05 - 01034531 _____ (Thisisu) C:\Users\dr-jane\Desktop\JRT.exe 2013-12-01 12:02 - 2013-12-01 12:02 - 00002114 _____ C:\Users\dr-jane\Desktop\AdwCleaner[S0].txt 2013-12-01 11:41 - 2013-12-01 11:41 - 00001109 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk 2013-12-01 11:41 - 2013-12-01 11:41 - 00000000 ____D C:\Users\dr-jane\AppData\Roaming\Malwarebytes 2013-12-01 11:41 - 2013-12-01 11:41 - 00000000 ____D C:\ProgramData\Malwarebytes 2013-12-01 11:41 - 2013-12-01 11:41 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware 2013-12-01 11:41 - 2013-04-04 14:50 - 00025928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys 2013-12-01 11:40 - 2013-12-01 11:40 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\dr-jane\Downloads\mbam-setup-1.75.0.1300.exe 2013-11-30 23:59 - 2013-11-30 23:59 - 00016546 _____ C:\Users\dr-jane\Desktop\Logs.rar 2013-11-30 23:23 - 2013-11-30 23:23 - 00000212 _____ C:\Users\dr-jane\Documents\avast.txt 2013-11-30 23:09 - 2013-12-01 11:32 - 00004182 _____ C:\Windows\System32\Tasks\avast! Emergency Update 2013-11-30 23:09 - 2013-11-30 23:18 - 00409832 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsp.sys 2013-11-30 23:09 - 2013-11-30 23:09 - 00001966 _____ C:\Users\Public\Desktop\avast! Free Antivirus.lnk 2013-11-30 23:09 - 2013-11-30 23:09 - 00000000 ____D C:\Users\dr-jane\AppData\Roaming\AVAST Software 2013-11-30 23:09 - 2013-11-30 23:08 - 01032416 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys 2013-11-30 23:09 - 2013-11-30 23:08 - 00205320 _____ C:\Windows\system32\Drivers\aswVmm.sys 2013-11-30 23:09 - 2013-11-30 23:08 - 00084328 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys 2013-11-30 23:09 - 2013-11-30 23:08 - 00065776 _____ C:\Windows\system32\Drivers\aswRvrt.sys 2013-11-30 23:09 - 2013-11-30 23:08 - 00065264 _____ (AVAST Software) C:\Windows\system32\Drivers\aswTdi.sys 2013-11-30 23:08 - 2013-11-30 23:08 - 00334648 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe 2013-11-30 23:08 - 2013-11-30 23:08 - 00092544 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys 2013-11-30 23:08 - 2013-11-30 23:08 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr 2013-11-30 23:08 - 2013-11-30 23:08 - 00038984 _____ (AVAST Software) C:\Windows\system32\Drivers\aswFsBlk.sys 2013-11-30 23:08 - 2013-11-30 23:08 - 00000000 ____D C:\Program Files\AVAST Software 2013-11-30 23:07 - 2013-11-30 23:07 - 00000000 ____D C:\ProgramData\AVAST Software 2013-11-30 22:54 - 2013-11-30 22:54 - 00377856 _____ C:\Users\dr-jane\Desktop\gmer_2.1.19163.exe 2013-11-30 22:33 - 2013-11-30 22:33 - 00020388 _____ C:\Users\dr-jane\Documents\Addition.txt 2013-11-30 22:32 - 2013-11-30 22:48 - 00042732 _____ C:\Users\dr-jane\Documents\FRST.txt 2013-11-30 22:30 - 2013-11-30 22:30 - 00000000 ____D C:\FRST 2013-11-30 22:28 - 2013-11-30 22:28 - 01959070 _____ (Farbar) C:\Users\dr-jane\Desktop\FRST64.exe 2013-11-30 22:27 - 2013-11-30 22:27 - 00000168 _____ C:\Users\dr-jane\defogger_reenable 2013-11-30 22:26 - 2013-11-30 22:26 - 00050477 _____ C:\Users\dr-jane\Desktop\Defogger.exe 2013-11-30 22:23 - 2013-12-01 00:29 - 00005709 _____ C:\Users\dr-jane\Documents\log.xml 2013-11-30 22:12 - 2013-11-30 22:13 - 87227720 _____ (AVAST Software) C:\Users\dr-jane\Downloads\avast_free_antivirus_setup.exe 2013-11-30 22:04 - 2013-12-01 12:01 - 00003116 _____ C:\Windows\System32\Tasks\WinZip Malware Protector_startup 2013-11-30 22:04 - 2013-11-30 22:04 - 04892480 _____ (WinZip International LLC ) C:\Users\dr-jane\Downloads\wzmp_8.exe 2013-11-30 22:04 - 2013-11-30 22:04 - 00001189 _____ C:\Users\Public\Desktop\WinZip Malware Protector.lnk 2013-11-30 22:04 - 2013-11-30 22:04 - 00000000 ____D C:\Users\dr-jane\AppData\Roaming\Nico Mak Computing 2013-11-30 22:04 - 2013-11-30 22:04 - 00000000 ____D C:\ProgramData\Nico Mak Computing 2013-11-30 22:04 - 2013-11-30 22:04 - 00000000 ____D C:\Program Files (x86)\WinZip Malware Protector 2013-11-30 22:04 - 2013-03-15 17:10 - 00020480 _____ C:\Windows\system32\wsusnative64.exe 2013-11-30 22:03 - 2013-11-30 22:03 - 00020881 _____ C:\Users\dr-jane\Documents\AdwCleaner[R0].txt 2013-11-30 21:59 - 2013-12-01 11:58 - 00000000 ____D C:\AdwCleaner 2013-11-30 21:59 - 2013-11-30 21:59 - 01091882 _____ C:\Users\dr-jane\Desktop\adwcleaner313.exe 2013-11-21 20:28 - 2013-11-21 20:28 - 00000020 ___SH C:\Users\Mcx1-BOBBY\ntuser.ini 2013-11-21 20:28 - 2013-11-21 20:28 - 00000000 _SHDL C:\Users\Mcx1-BOBBY\Vorlagen 2013-11-21 20:28 - 2013-11-21 20:28 - 00000000 _SHDL C:\Users\Mcx1-BOBBY\Startmenü 2013-11-21 20:28 - 2013-11-21 20:28 - 00000000 _SHDL C:\Users\Mcx1-BOBBY\Netzwerkumgebung 2013-11-21 20:28 - 2013-11-21 20:28 - 00000000 _SHDL C:\Users\Mcx1-BOBBY\Lokale Einstellungen 2013-11-21 20:28 - 2013-11-21 20:28 - 00000000 _SHDL C:\Users\Mcx1-BOBBY\Eigene Dateien 2013-11-21 20:28 - 2013-11-21 20:28 - 00000000 _SHDL C:\Users\Mcx1-BOBBY\Druckumgebung 2013-11-21 20:28 - 2013-11-21 20:28 - 00000000 _SHDL C:\Users\Mcx1-BOBBY\Documents\Eigene Musik 2013-11-21 20:28 - 2013-11-21 20:28 - 00000000 _SHDL C:\Users\Mcx1-BOBBY\Documents\Eigene Bilder 2013-11-21 20:28 - 2013-11-21 20:28 - 00000000 _SHDL C:\Users\Mcx1-BOBBY\AppData\Roaming\Microsoft\Windows\Start Menu\Programme 2013-11-21 20:28 - 2013-11-21 20:28 - 00000000 _SHDL C:\Users\Mcx1-BOBBY\AppData\Local\Verlauf 2013-11-21 20:28 - 2013-11-21 20:28 - 00000000 _SHDL C:\Users\Mcx1-BOBBY\AppData\Local\Anwendungsdaten 2013-11-21 20:28 - 2013-11-21 20:28 - 00000000 _SHDL C:\Users\Mcx1-BOBBY\Anwendungsdaten 2013-11-21 20:28 - 2013-11-21 20:28 - 00000000 ____D C:\Users\Mcx1-BOBBY 2013-11-21 20:28 - 2009-07-14 05:54 - 00000000 ___RD C:\Users\Mcx1-BOBBY\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories 2013-11-21 20:28 - 2009-07-14 05:49 - 00000000 ___RD C:\Users\Mcx1-BOBBY\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance 2013-11-21 19:20 - 2013-11-21 20:28 - 00000410 __RSH C:\ProgramData\ntuser.pol 2013-11-21 16:18 - 2013-11-21 16:18 - 00000000 ____D C:\Users\dr-jane\Documents\Freemake 2013-11-21 16:16 - 2013-11-21 16:16 - 00000000 ____D C:\Users\dr-jane\Documents\Kindle 2013-11-21 15:11 - 2013-11-21 15:11 - 00000000 ____D C:\Windows\System32\Tasks\Western Digital 2013-11-21 15:10 - 2013-11-21 15:10 - 00000000 ____D C:\Users\dr-jane\AppData\Local\Western_Digital_Technolog 2013-11-21 15:10 - 2013-11-21 15:10 - 00000000 ____D C:\Users\dr-jane\AppData\Local\Western Digital 2013-11-21 15:09 - 2013-12-01 12:00 - 00008192 _____ C:\Windows\SysWOW64\WDPABKP.dat 2013-11-21 15:09 - 2013-11-21 15:12 - 00000000 ___RD C:\Users\dr-jane\Desktop\Security 2013-11-21 15:09 - 2013-11-21 15:12 - 00000000 ____D C:\Users\dr-jane\Desktop\Media 2013-11-21 15:09 - 2013-11-21 15:09 - 00000000 ____D C:\Users\dr-jane\Desktop\Games 2013-11-21 15:08 - 2013-11-21 15:09 - 00015868 _____ C:\Windows\DPINST.LOG 2013-11-21 15:08 - 2013-11-21 15:08 - 00000000 ____D C:\Program Files\Western Digital 2013-11-21 15:08 - 2013-11-21 15:08 - 00000000 ____D C:\Program Files\Common Files\Western Digital 2013-11-21 15:08 - 2013-11-21 15:08 - 00000000 ____D C:\Program Files (x86)\Western Digital 2013-11-21 15:07 - 2013-11-21 15:10 - 00000000 ____D C:\ProgramData\Western Digital 2013-11-21 00:58 - 2013-09-04 13:12 - 00343040 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbhub.sys 2013-11-21 00:58 - 2013-09-04 13:11 - 00325120 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbport.sys 2013-11-21 00:58 - 2013-09-04 13:11 - 00099840 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbccgp.sys 2013-11-21 00:58 - 2013-09-04 13:11 - 00052736 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbehci.sys 2013-11-21 00:58 - 2013-09-04 13:11 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbuhci.sys 2013-11-21 00:58 - 2013-09-04 13:11 - 00025600 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbohci.sys 2013-11-21 00:58 - 2013-09-04 13:11 - 00007808 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbd.sys 2013-11-18 22:55 - 2013-11-18 22:55 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox 2013-11-13 16:21 - 2013-10-12 09:45 - 02241536 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2013-11-13 16:21 - 2013-10-12 09:45 - 01364992 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2013-11-13 16:21 - 2013-10-12 09:45 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe 2013-11-13 16:21 - 2013-10-12 09:43 - 19269632 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2013-11-13 16:21 - 2013-10-12 09:43 - 15404544 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2013-11-13 16:21 - 2013-10-12 09:43 - 03959808 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2013-11-13 16:21 - 2013-10-12 09:43 - 02648576 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2013-11-13 16:21 - 2013-10-12 09:43 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll 2013-11-13 16:21 - 2013-10-12 09:43 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2013-11-13 16:21 - 2013-10-12 09:43 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll 2013-11-13 16:21 - 2013-10-12 09:43 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll 2013-11-13 16:21 - 2013-10-12 09:43 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll 2013-11-13 16:21 - 2013-10-12 09:43 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll 2013-11-13 16:21 - 2013-10-12 09:43 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll 2013-11-13 16:21 - 2013-10-12 08:03 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2013-11-13 16:21 - 2013-10-12 08:03 - 01138176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2013-11-13 16:21 - 2013-10-12 08:02 - 14355968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2013-11-13 16:21 - 2013-10-12 08:02 - 13761024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2013-11-13 16:21 - 2013-10-12 08:02 - 02877952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll 2013-11-13 16:21 - 2013-10-12 08:02 - 02049024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2013-11-13 16:21 - 2013-10-12 08:02 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll 2013-11-13 16:21 - 2013-10-12 08:02 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll 2013-11-13 16:21 - 2013-10-12 08:02 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll 2013-11-13 16:21 - 2013-10-12 08:02 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll 2013-11-13 16:21 - 2013-10-12 08:02 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll 2013-11-13 16:21 - 2013-10-12 08:02 - 00039424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll 2013-11-13 16:21 - 2013-10-12 08:02 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll 2013-11-13 16:21 - 2013-10-12 07:35 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2013-11-13 16:21 - 2013-10-12 07:08 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb 2013-11-13 16:21 - 2013-10-12 06:44 - 00089600 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe 2013-11-13 16:21 - 2013-10-12 06:15 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe 2013-11-13 16:15 - 2013-11-13 16:17 - 00000302 _____ C:\Windows\SIERRA.INI 2013-11-13 16:15 - 2013-11-13 16:15 - 00000000 ____D C:\SIERRA 2013-11-13 16:15 - 2013-11-13 16:15 - 00000000 ____D C:\Program Files (x86)\Sierra On-Line 2013-11-13 16:15 - 1998-01-23 12:20 - 00305664 _____ (InstallShield Software Corporation ) C:\Windows\IsUn0407.exe 2013-11-13 13:17 - 2013-11-13 13:17 - 00000000 ____D C:\ProgramData\McAfee 2013-11-13 13:15 - 2013-11-13 13:20 - 00000000 ____D C:\ProgramData\Adobe 2013-11-13 13:15 - 2013-11-13 13:15 - 00000000 ____D C:\Program Files (x86)\Adobe 2013-11-13 13:13 - 2013-10-12 03:30 - 00830464 _____ (Microsoft Corporation) C:\Windows\system32\nshwfp.dll 2013-11-13 13:13 - 2013-10-12 03:29 - 00859648 _____ (Microsoft Corporation) C:\Windows\system32\IKEEXT.DLL 2013-11-13 13:13 - 2013-10-12 03:29 - 00324096 _____ (Microsoft Corporation) C:\Windows\system32\FWPUCLNT.DLL 2013-11-13 13:13 - 2013-10-12 03:03 - 00656896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nshwfp.dll 2013-11-13 13:13 - 2013-10-12 03:01 - 00216576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\FWPUCLNT.DLL 2013-11-13 13:13 - 2013-10-05 21:25 - 01474048 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll 2013-11-13 13:13 - 2013-10-05 20:57 - 01168384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll 2013-11-13 13:13 - 2013-10-03 03:23 - 00404480 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll 2013-11-13 13:13 - 2013-10-03 03:00 - 00311808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll 2013-11-13 13:13 - 2013-09-28 02:09 - 00497152 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys 2013-11-13 13:13 - 2013-09-25 03:26 - 00154560 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys 2013-11-13 13:13 - 2013-09-25 03:26 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys 2013-11-13 13:13 - 2013-09-25 03:23 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll 2013-11-13 13:13 - 2013-09-25 03:23 - 00028672 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll 2013-11-13 13:13 - 2013-09-25 03:23 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll 2013-11-13 13:13 - 2013-09-25 03:22 - 00340992 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll 2013-11-13 13:13 - 2013-09-25 03:21 - 01447936 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll 2013-11-13 13:13 - 2013-09-25 03:21 - 00307200 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll 2013-11-13 13:13 - 2013-09-25 02:58 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll 2013-11-13 13:13 - 2013-09-25 02:57 - 00247808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll 2013-11-13 13:13 - 2013-09-25 02:57 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll 2013-11-13 13:13 - 2013-09-25 02:56 - 00220160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll 2013-11-13 13:13 - 2013-09-25 02:03 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe 2013-11-13 13:13 - 2013-07-04 13:18 - 00458712 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys 2013-11-11 19:23 - 2010-07-22 17:13 - 00054848 _____ (FSPro Labs) C:\Windows\system32\Drivers\FSPFltd.sys 2013-11-09 15:39 - 2013-11-09 15:39 - 00000000 _____ C:\Windows\PowerReg.dat 2013-11-09 15:38 - 2013-11-09 15:38 - 00000000 ____D C:\Program Files (x86)\Infogrames Interactive 2013-11-07 20:31 - 2013-11-07 20:31 - 00000000 ____D C:\Program Files (x86)\QuickTime 2013-11-07 20:29 - 2013-11-07 20:30 - 00000000 ____D C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69 2013-11-07 20:29 - 2013-11-07 20:30 - 00000000 ____D C:\Program Files\iTunes 2013-11-07 20:29 - 2013-11-07 20:30 - 00000000 ____D C:\Program Files (x86)\iTunes 2013-11-07 20:29 - 2013-11-07 20:29 - 00000000 ____D C:\Program Files\iPod ==================== One Month Modified Files and Folders ======= 2013-12-01 12:18 - 2013-12-01 12:18 - 00018376 _____ C:\Users\dr-jane\Desktop\FRST.txt 2013-12-01 12:16 - 2013-12-01 12:16 - 00000950 _____ C:\Users\dr-jane\Desktop\JRT.txt 2013-12-01 12:07 - 2013-12-01 12:07 - 00000000 ____D C:\Windows\ERUNT 2013-12-01 12:05 - 2013-12-01 12:05 - 01034531 _____ (Thisisu) C:\Users\dr-jane\Desktop\JRT.exe 2013-12-01 12:02 - 2013-12-01 12:02 - 00002114 _____ C:\Users\dr-jane\Desktop\AdwCleaner[S0].txt 2013-12-01 12:01 - 2013-11-30 22:04 - 00003116 _____ C:\Windows\System32\Tasks\WinZip Malware Protector_startup 2013-12-01 12:00 - 2013-11-21 15:09 - 00008192 _____ C:\Windows\SysWOW64\WDPABKP.dat 2013-12-01 12:00 - 2013-02-17 16:11 - 00026086 _____ C:\Windows\setupact.log 2013-12-01 12:00 - 2013-02-16 23:34 - 00001110 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2013-12-01 12:00 - 2013-02-16 23:34 - 00001106 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2013-12-01 11:59 - 2013-02-16 22:21 - 00000000 ____D C:\ProgramData\NVIDIA 2013-12-01 11:59 - 2009-07-14 06:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT 2013-12-01 11:58 - 2013-11-30 21:59 - 00000000 ____D C:\AdwCleaner 2013-12-01 11:58 - 2013-02-16 21:50 - 02082279 _____ C:\Windows\WindowsUpdate.log 2013-12-01 11:58 - 2009-07-14 05:45 - 00023312 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2013-12-01 11:58 - 2009-07-14 05:45 - 00023312 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2013-12-01 11:53 - 2013-02-17 16:10 - 00037374 _____ C:\Windows\PFRO.log 2013-12-01 11:41 - 2013-12-01 11:41 - 00001109 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk 2013-12-01 11:41 - 2013-12-01 11:41 - 00000000 ____D C:\Users\dr-jane\AppData\Roaming\Malwarebytes 2013-12-01 11:41 - 2013-12-01 11:41 - 00000000 ____D C:\ProgramData\Malwarebytes 2013-12-01 11:41 - 2013-12-01 11:41 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware 2013-12-01 11:40 - 2013-12-01 11:40 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\dr-jane\Downloads\mbam-setup-1.75.0.1300.exe 2013-12-01 11:32 - 2013-11-30 23:09 - 00004182 _____ C:\Windows\System32\Tasks\avast! Emergency Update 2013-12-01 03:28 - 2013-06-18 16:10 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job 2013-12-01 00:29 - 2013-11-30 22:23 - 00005709 _____ C:\Users\dr-jane\Documents\log.xml 2013-11-30 23:59 - 2013-11-30 23:59 - 00016546 _____ C:\Users\dr-jane\Desktop\Logs.rar 2013-11-30 23:23 - 2013-11-30 23:23 - 00000212 _____ C:\Users\dr-jane\Documents\avast.txt 2013-11-30 23:18 - 2013-11-30 23:09 - 00409832 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsp.sys 2013-11-30 23:09 - 2013-11-30 23:09 - 00001966 _____ C:\Users\Public\Desktop\avast! Free Antivirus.lnk 2013-11-30 23:09 - 2013-11-30 23:09 - 00000000 ____D C:\Users\dr-jane\AppData\Roaming\AVAST Software 2013-11-30 23:08 - 2013-11-30 23:09 - 01032416 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys 2013-11-30 23:08 - 2013-11-30 23:09 - 00205320 _____ C:\Windows\system32\Drivers\aswVmm.sys 2013-11-30 23:08 - 2013-11-30 23:09 - 00084328 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys 2013-11-30 23:08 - 2013-11-30 23:09 - 00065776 _____ C:\Windows\system32\Drivers\aswRvrt.sys 2013-11-30 23:08 - 2013-11-30 23:09 - 00065264 _____ (AVAST Software) C:\Windows\system32\Drivers\aswTdi.sys 2013-11-30 23:08 - 2013-11-30 23:08 - 00334648 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe 2013-11-30 23:08 - 2013-11-30 23:08 - 00092544 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys 2013-11-30 23:08 - 2013-11-30 23:08 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr 2013-11-30 23:08 - 2013-11-30 23:08 - 00038984 _____ (AVAST Software) C:\Windows\system32\Drivers\aswFsBlk.sys 2013-11-30 23:08 - 2013-11-30 23:08 - 00000000 ____D C:\Program Files\AVAST Software 2013-11-30 23:07 - 2013-11-30 23:07 - 00000000 ____D C:\ProgramData\AVAST Software 2013-11-30 22:54 - 2013-11-30 22:54 - 00377856 _____ C:\Users\dr-jane\Desktop\gmer_2.1.19163.exe 2013-11-30 22:48 - 2013-11-30 22:32 - 00042732 _____ C:\Users\dr-jane\Documents\FRST.txt 2013-11-30 22:33 - 2013-11-30 22:33 - 00020388 _____ C:\Users\dr-jane\Documents\Addition.txt 2013-11-30 22:30 - 2013-11-30 22:30 - 00000000 ____D C:\FRST 2013-11-30 22:28 - 2013-11-30 22:28 - 01959070 _____ (Farbar) C:\Users\dr-jane\Desktop\FRST64.exe 2013-11-30 22:27 - 2013-11-30 22:27 - 00000168 _____ C:\Users\dr-jane\defogger_reenable 2013-11-30 22:27 - 2013-02-16 21:52 - 00000000 ____D C:\Users\dr-jane 2013-11-30 22:26 - 2013-11-30 22:26 - 00050477 _____ C:\Users\dr-jane\Desktop\Defogger.exe 2013-11-30 22:04 - 2013-11-30 22:04 - 04892480 _____ (WinZip International LLC ) C:\Users\dr-jane\Downloads\wzmp_8.exe 2013-11-30 22:04 - 2013-11-30 22:04 - 00001189 _____ C:\Users\Public\Desktop\WinZip Malware Protector.lnk 2013-11-30 22:04 - 2013-11-30 22:04 - 00000000 ____D C:\Users\dr-jane\AppData\Roaming\Nico Mak Computing 2013-11-30 22:04 - 2013-11-30 22:04 - 00000000 ____D C:\ProgramData\Nico Mak Computing 2013-11-30 22:04 - 2013-11-30 22:04 - 00000000 ____D C:\Program Files (x86)\WinZip Malware Protector 2013-11-30 22:03 - 2013-11-30 22:03 - 00020881 _____ C:\Users\dr-jane\Documents\AdwCleaner[R0].txt 2013-11-30 21:59 - 2013-11-30 21:59 - 01091882 _____ C:\Users\dr-jane\Desktop\adwcleaner313.exe 2013-11-30 19:36 - 2013-09-16 14:23 - 00003922 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{B1309304-91E3-4870-B2E5-39AFB00E9104} 2013-11-27 20:59 - 2013-10-27 15:46 - 00000000 ____D C:\Users\dr-jane\AppData\Roaming\vlc 2013-11-25 19:48 - 2013-02-16 22:32 - 00000000 ____D C:\Users\dr-jane\Downloads\Treiber 2013-11-21 20:28 - 2013-11-21 20:28 - 00000020 ___SH C:\Users\Mcx1-BOBBY\ntuser.ini 2013-11-21 20:28 - 2013-11-21 20:28 - 00000000 _SHDL C:\Users\Mcx1-BOBBY\Vorlagen 2013-11-21 20:28 - 2013-11-21 20:28 - 00000000 _SHDL C:\Users\Mcx1-BOBBY\Startmenü 2013-11-21 20:28 - 2013-11-21 20:28 - 00000000 _SHDL C:\Users\Mcx1-BOBBY\Netzwerkumgebung 2013-11-21 20:28 - 2013-11-21 20:28 - 00000000 _SHDL C:\Users\Mcx1-BOBBY\Lokale Einstellungen 2013-11-21 20:28 - 2013-11-21 20:28 - 00000000 _SHDL C:\Users\Mcx1-BOBBY\Eigene Dateien 2013-11-21 20:28 - 2013-11-21 20:28 - 00000000 _SHDL C:\Users\Mcx1-BOBBY\Druckumgebung 2013-11-21 20:28 - 2013-11-21 20:28 - 00000000 _SHDL C:\Users\Mcx1-BOBBY\Documents\Eigene Musik 2013-11-21 20:28 - 2013-11-21 20:28 - 00000000 _SHDL C:\Users\Mcx1-BOBBY\Documents\Eigene Bilder 2013-11-21 20:28 - 2013-11-21 20:28 - 00000000 _SHDL C:\Users\Mcx1-BOBBY\AppData\Roaming\Microsoft\Windows\Start Menu\Programme 2013-11-21 20:28 - 2013-11-21 20:28 - 00000000 _SHDL C:\Users\Mcx1-BOBBY\AppData\Local\Verlauf 2013-11-21 20:28 - 2013-11-21 20:28 - 00000000 _SHDL C:\Users\Mcx1-BOBBY\AppData\Local\Anwendungsdaten 2013-11-21 20:28 - 2013-11-21 20:28 - 00000000 _SHDL C:\Users\Mcx1-BOBBY\Anwendungsdaten 2013-11-21 20:28 - 2013-11-21 20:28 - 00000000 ____D C:\Users\Mcx1-BOBBY 2013-11-21 20:28 - 2013-11-21 19:20 - 00000410 __RSH C:\ProgramData\ntuser.pol 2013-11-21 19:54 - 2009-07-14 04:20 - 00000000 __RHD C:\Users\Public\Libraries 2013-11-21 19:36 - 2009-07-14 18:58 - 00696832 _____ C:\Windows\system32\perfh007.dat 2013-11-21 19:36 - 2009-07-14 18:58 - 00148128 _____ C:\Windows\system32\perfc007.dat 2013-11-21 19:36 - 2009-07-14 06:13 - 01613340 _____ C:\Windows\system32\PerfStringBackup.INI 2013-11-21 19:20 - 2009-07-14 04:20 - 00000000 ___HD C:\Windows\system32\GroupPolicy 2013-11-21 19:17 - 2009-07-14 19:18 - 00000000 ___RD C:\Users\Public\Recorded TV 2013-11-21 16:18 - 2013-11-21 16:18 - 00000000 ____D C:\Users\dr-jane\Documents\Freemake 2013-11-21 16:16 - 2013-11-21 16:16 - 00000000 ____D C:\Users\dr-jane\Documents\Kindle 2013-11-21 15:12 - 2013-11-21 15:09 - 00000000 ___RD C:\Users\dr-jane\Desktop\Security 2013-11-21 15:12 - 2013-11-21 15:09 - 00000000 ____D C:\Users\dr-jane\Desktop\Media 2013-11-21 15:11 - 2013-11-21 15:11 - 00000000 ____D C:\Windows\System32\Tasks\Western Digital 2013-11-21 15:10 - 2013-11-21 15:10 - 00000000 ____D C:\Users\dr-jane\AppData\Local\Western_Digital_Technolog 2013-11-21 15:10 - 2013-11-21 15:10 - 00000000 ____D C:\Users\dr-jane\AppData\Local\Western Digital 2013-11-21 15:10 - 2013-11-21 15:07 - 00000000 ____D C:\ProgramData\Western Digital 2013-11-21 15:09 - 2013-11-21 15:09 - 00000000 ____D C:\Users\dr-jane\Desktop\Games 2013-11-21 15:09 - 2013-11-21 15:08 - 00015868 _____ C:\Windows\DPINST.LOG 2013-11-21 15:08 - 2013-11-21 15:08 - 00000000 ____D C:\Program Files\Western Digital 2013-11-21 15:08 - 2013-11-21 15:08 - 00000000 ____D C:\Program Files\Common Files\Western Digital 2013-11-21 15:08 - 2013-11-21 15:08 - 00000000 ____D C:\Program Files (x86)\Western Digital 2013-11-21 11:21 - 2013-02-16 23:26 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service 2013-11-18 22:55 - 2013-11-18 22:55 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox 2013-11-16 01:07 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\rescache 2013-11-15 16:47 - 2013-07-24 15:49 - 00000000 ____D C:\Users\dr-jane\AppData\Local\Adobe 2013-11-15 16:30 - 2013-06-18 16:10 - 00003822 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater 2013-11-15 16:30 - 2013-02-17 16:41 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2013-11-15 16:30 - 2013-02-17 16:41 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2013-11-13 16:27 - 2013-06-24 16:21 - 00000000 ____D C:\Users\dr-jane\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games 2013-11-13 16:20 - 2013-08-15 19:59 - 00000000 ____D C:\Windows\system32\MRT 2013-11-13 16:19 - 2013-02-21 17:12 - 82896128 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe 2013-11-13 16:17 - 2013-11-13 16:15 - 00000302 _____ C:\Windows\SIERRA.INI 2013-11-13 16:15 - 2013-11-13 16:15 - 00000000 ____D C:\SIERRA 2013-11-13 16:15 - 2013-11-13 16:15 - 00000000 ____D C:\Program Files (x86)\Sierra On-Line 2013-11-13 13:20 - 2013-11-13 13:15 - 00000000 ____D C:\ProgramData\Adobe 2013-11-13 13:18 - 2013-02-17 01:19 - 00000000 ____D C:\Users\dr-jane\AppData\Roaming\Adobe 2013-11-13 13:17 - 2013-11-13 13:17 - 00000000 ____D C:\ProgramData\McAfee 2013-11-13 13:15 - 2013-11-13 13:15 - 00000000 ____D C:\Program Files (x86)\Adobe 2013-11-09 15:44 - 2013-02-16 21:52 - 00000000 ____D C:\Users\dr-jane\AppData\Local\VirtualStore 2013-11-09 15:39 - 2013-11-09 15:39 - 00000000 _____ C:\Windows\PowerReg.dat 2013-11-09 15:38 - 2013-11-09 15:38 - 00000000 ____D C:\Program Files (x86)\Infogrames Interactive 2013-11-09 15:38 - 2013-02-16 21:56 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information 2013-11-08 21:51 - 2013-02-16 23:26 - 00000000 ____D C:\Users\dr-jane\AppData\Local\Mozilla 2013-11-08 17:04 - 2013-02-16 23:54 - 00000000 ____D C:\Users\dr-jane\AppData\Roaming\Apple Computer 2013-11-08 17:02 - 2013-02-16 23:54 - 00000000 ____D C:\Users\dr-jane\AppData\Local\Apple Computer 2013-11-07 20:31 - 2013-11-07 20:31 - 00000000 ____D C:\Program Files (x86)\QuickTime 2013-11-07 20:31 - 2013-02-16 23:53 - 00000000 ____D C:\Program Files\Common Files\Apple 2013-11-07 20:30 - 2013-11-07 20:29 - 00000000 ____D C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69 2013-11-07 20:30 - 2013-11-07 20:29 - 00000000 ____D C:\Program Files\iTunes 2013-11-07 20:30 - 2013-11-07 20:29 - 00000000 ____D C:\Program Files (x86)\iTunes 2013-11-07 20:29 - 2013-11-07 20:29 - 00000000 ____D C:\Program Files\iPod Some content of TEMP: ==================== C:\Users\dr-jane\AppData\Local\Temp\AutoRun.exe C:\Users\dr-jane\AppData\Local\Temp\AutoRunGUI.dll C:\Users\dr-jane\AppData\Local\Temp\cabex.dll C:\Users\dr-jane\AppData\Local\Temp\DivXSetup.exe C:\Users\dr-jane\AppData\Local\Temp\eauninstall.exe C:\Users\dr-jane\AppData\Local\Temp\fp_pl_pfs_installer.exe C:\Users\dr-jane\AppData\Local\Temp\jre-7u13-windows-i586-iftw.exe C:\Users\dr-jane\AppData\Local\Temp\jre-7u17-windows-i586-iftw.exe C:\Users\dr-jane\AppData\Local\Temp\jre-7u21-windows-i586-iftw.exe C:\Users\dr-jane\AppData\Local\Temp\jre-7u25-windows-i586-iftw.exe C:\Users\dr-jane\AppData\Local\Temp\jre-7u45-windows-i586-iftw.exe C:\Users\dr-jane\AppData\Local\Temp\msvcr71.dll C:\Users\dr-jane\AppData\Local\Temp\NoUAC.exe C:\Users\dr-jane\AppData\Local\Temp\nv3DVStreaming.dll C:\Users\dr-jane\AppData\Local\Temp\nvSCPAPI.dll C:\Users\dr-jane\AppData\Local\Temp\nvStereoApiI.dll C:\Users\dr-jane\AppData\Local\Temp\nvStInst.exe C:\Users\dr-jane\AppData\Local\Temp\Quarantine.exe C:\Users\dr-jane\AppData\Local\Temp\Setup.exe C:\Users\dr-jane\AppData\Local\Temp\SIntf16.dll C:\Users\dr-jane\AppData\Local\Temp\SIntf32.dll C:\Users\dr-jane\AppData\Local\Temp\SIntfNT.dll C:\Users\dr-jane\AppData\Local\Temp\Total Club Manager 2004_uninst.exe C:\Users\dr-jane\AppData\Local\Temp\unelevate.exe C:\Users\dr-jane\AppData\Local\Temp\unicows.dll C:\Users\dr-jane\AppData\Local\Temp\UninstallEADM.dll C:\Users\dr-jane\AppData\Local\Temp\VARemove.exe C:\Users\dr-jane\AppData\Local\Temp\yta_bu12_setup.exe ==================== Bamital & volsnap Check ================= C:\Windows\System32\winlogon.exe => MD5 is legit C:\Windows\System32\wininit.exe => MD5 is legit C:\Windows\SysWOW64\wininit.exe => MD5 is legit C:\Windows\explorer.exe => MD5 is legit C:\Windows\SysWOW64\explorer.exe => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\SysWOW64\svchost.exe => MD5 is legit C:\Windows\System32\services.exe => MD5 is legit C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\SysWOW64\User32.dll => MD5 is legit C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\SysWOW64\userinit.exe => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit LastRegBack: 2013-11-30 20:10 ==================== End Of Log ========================== --- --- --- Ich habe gerade eben Amazon.de besucht und exakt die gleiche Suche eingegeben, als ich diese Deal Finder Werbung gesehen habe. Diesmal wurde mir nichts angezeigt. Kann es sein, dass das bereits vom PC geputzt wurde? Wenn ja, dann seid ihr hier meine absoluten Helden! Dann würde mich aber sehr interessieren, woran das denn nun lag und ob ich etwas falsch gemacht habe, das ich nächstes Mal vermeiden kann? Wo im System lag/liegt die Infektion? Wäre sehr nett, wenn du mir das vielleicht ganz kurz erklären könntest. Liebe Grüße! |
02.12.2013, 10:19 | #4 |
/// the machine /// TB-Ausbilder | Windows 7: Daily Deal Werbung im Browser (FireFox) Die gröbste Adware ist schon runter ESET Online Scanner
Downloade Dir bitte SecurityCheck und:
und ein frisches FRST log bitte. Noch Probleme?
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
02.12.2013, 22:18 | #5 |
| Windows 7: Daily Deal Werbung im Browser (FireFox) Hi, hier die Logs: ESET Code:
ATTFilter ESETSmartInstaller@High as downloader log: all ok # version=8 # OnlineScannerApp.exe=1.0.0.1 # OnlineScanner.ocx=1.0.0.6920 # api_version=3.0.2 # EOSSerial=01e49f3c1568b247a81b2e2af18182d3 # engine=16105 # end=finished # remove_checked=false # archives_checked=true # unwanted_checked=false # unsafe_checked=false # antistealth_checked=true # utc_time=2013-12-02 08:59:26 # local_time=2013-12-02 09:59:26 (+0100, Mitteleuropäische Zeit) # country="Austria" # lang=1033 # osver=6.1.7601 NT Service Pack 1 # compatibility_mode=3592 16777213 100 88 9350 136680462 0 0 # compatibility_mode=5893 16776574 100 94 167450 137647816 0 0 # scanned=200028 # found=0 # cleaned=0 # scan_time=8367 Code:
ATTFilter Results of screen317's Security Check version 0.99.76 Windows 7 Service Pack 1 x64 (UAC is enabled) Internet Explorer 10 ``````````````Antivirus/Firewall Check:`````````````` Norton 360 WMI entry may not exist for antivirus; attempting automatic update. `````````Anti-malware/Other Utilities Check:````````` Java 7 Update 45 Adobe Flash Player 11.9.900.152 Adobe Reader XI Mozilla Firefox (25.0.1) Google Chrome 30.0.1599.101 Google Chrome 31.0.1650.57 ````````Process Check: objlist.exe by Laurent```````` `````````````````System Health check````````````````` Total Fragmentation on Drive C: ````````````````````End of Log`````````````````````` FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 30-11-2013 Ran by dr-jane (administrator) on BOBBY on 02-12-2013 22:09:53 Running from C:\Users\dr-jane\Desktop Windows 7 Ultimate Service Pack 1 (X64) OS Language: German Standard Internet Explorer Version 10 Boot Mode: Normal ==================== Processes (Whitelisted) ================= (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe (Symantec Corporation) C:\Program Files (x86)\Norton 360\Engine\21.1.0.18\N360.exe (Sony Corporation) C:\Program Files (x86)\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe (Western Digital Technologies, Inc.) C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe (Western Digital Technologies, Inc.) C:\Program Files (x86)\Western Digital\WD SmartWare\WDBackupEngine.exe (Symantec Corporation) C:\Program Files (x86)\Norton 360\Engine\21.1.0.18\N360.exe (Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe (Sony Corporation) C:\Program Files (x86)\Sony\PlayMemories Home\PMBVolumeWatcher.exe (Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe () C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe (Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe (Western Digital Technologies, Inc.) C:\Program Files (x86)\Western Digital\WD Security\WDDriveAutoUnlock.exe (Western Digital Technologies, Inc.) C:\Program Files (x86)\Western Digital\WD Quick View\WDDMStatus.exe (Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe ==================== Registry (Whitelisted) ================== HKLM\...\Run: [Nvtmru] - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe [1028384 2013-11-08] (NVIDIA Corporation) HKLM\...\Run: [ShadowPlay] - C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart HKLM\...\Run: [NvBackend] - C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2273056 2013-11-29] (NVIDIA Corporation) HKLM\...\RunOnce: [122_1633511484122] - "C:\Users\dr-jane\AppData\Local\LOGMEI~1\LMIR0001.tmp_r.bat" [279 2013-12-02] () HKLM-x32\...\Winlogon: [Userinit] C:\Windows\sysWOW64\userinit.exe [26624 2010-11-20] (Microsoft Corporation) HKCU\...\Run: [iCloudServices] - C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [59720 2013-09-14] (Apple Inc.) MountPoints2: {13003731-132d-11e3-a50f-6cf049062de4} - E:\RunGame.exe MountPoints2: {2d35021d-787f-11e2-bb47-6cf049062de4} - F:\Autorun.exe MountPoints2: {e0669d39-5296-11e3-9540-6cf049062de4} - "G:\WD Drive Unlock.exe" autoplay=true HKLM-x32\...\Run: [DivXMediaServer] - C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe [450560 2013-08-21] (DivX, LLC) HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.) HKLM-x32\...\Run: [PMBVolumeWatcher] - C:\Program Files (x86)\Sony\PlayMemories Home\PMBVolumeWatcher.exe [740888 2013-04-24] (Sony Corporation) HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation) HKLM-x32\...\Run: [DivXUpdate] - C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe [1861968 2013-08-29] () HKLM-x32\...\Run: [iTunesHelper] - C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2013-11-02] (Apple Inc.) HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-09-05] (Adobe Systems Incorporated) HKLM-x32\...\Run: [WD Drive Unlocker] - C:\Program Files (x86)\Western Digital\WD Security\WDDriveAutoUnlock.exe [1694080 2013-07-10] (Western Digital Technologies, Inc.) HKLM-x32\...\Run: [WD Quick View] - C:\Program Files (x86)\Western Digital\WD Quick View\WDDMStatus.exe [5537136 2013-11-02] (Western Digital Technologies, Inc.) ==================== Internet (Whitelisted) ==================== HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.at/ HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://at.msn.com/?ocid=iehp HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x85D625C0880CCE01 HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-at BHO: Norton Identity Protection - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton 360\Engine64\21.1.0.18\CoIEPlg.dll (Symantec Corporation) BHO-x32: Norton Identity Protection - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton 360\Engine\21.1.0.18\CoIEPlg.dll (Symantec Corporation) BHO-x32: Norton Vulnerability Protection - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton 360\Engine\21.1.0.18\IPS\IPSBHO.dll (Symantec Corporation) BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) Toolbar: HKLM - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine64\21.1.0.18\CoIEPlg.dll (Symantec Corporation) Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine\21.1.0.18\CoIEPlg.dll (Symantec Corporation) DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab Tcpip\Parameters: [DhcpNameServer] 195.34.133.21 212.186.211.21 FireFox: ======== FF ProfilePath: C:\Users\dr-jane\AppData\Roaming\Mozilla\Firefox\Profiles\1d91dsu2.default FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_9_900_152.dll () FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 - C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.) FF Plugin: @microsoft.com/GENUINE - disabled No File FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_152.dll () FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () FF Plugin-x32: @divx.com/DivX VOD Helper,version=1.0.0 - C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.) FF Plugin-x32: @divx.com/DivX Web Player Plug-In,version=1.0.0 - C:\Program Files (x86)\DivX\DivX Web Player\npdivx32.dll (DivX, LLC) FF Plugin-x32: @java.com/DTPlugin,version=10.45.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=10.45.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin-x32: @microsoft.com/GENUINE - disabled No File FF Plugin-x32: @nvidia.com/3DVision - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation) FF Plugin-x32: @nvidia.com/3DVisionStreaming - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation) FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: @videolan.org/vlc,version=2.1.1 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN) FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml FF Extension: adblockpopups - C:\Users\dr-jane\AppData\Roaming\Mozilla\Firefox\Profiles\1d91dsu2.default\Extensions\adblockpopups@jessehakanen.net.xpi FF HKLM-x32\...\Firefox\Extensions: [{BBDA0591-3099-440a-AA10-41764D9DB4DB}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.1.0.18\IPSFF FF Extension: Norton Vulnerability Protection - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.1.0.18\IPSFF FF HKLM-x32\...\Firefox\Extensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.1.0.18\coFFPlgn\ FF Extension: Norton Toolbar - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.1.0.18\coFFPlgn\ Chrome: ======= CHR HomePage: hxxp://www.google.com/ig/redirectdomain?brand=TEUB&bmod=TEUB CHR RestoreOnStartup: "hxxp://www.google.com/ig/redirectdomain?brand=TEUB&bmod=TEUB" CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.57\PepperFlash\pepflashplayer.dll () CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.57\ppGoogleNaClPluginChrome.dll () CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.57\pdf.dll () CHR Plugin: (DivX VOD Helper Plug-in) - C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.) CHR Plugin: (DivX Plus Web Player) - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll No File CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll No File CHR Plugin: (Java(TM) Platform SE 7 U13) - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) CHR Plugin: (NVIDIA 3D Vision) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation) CHR Plugin: (NVIDIA 3D VISION) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation) CHR Plugin: (iTunes Application Detector) - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_168.dll No File CHR Plugin: (Java Deployment Toolkit 7.0.130.20) - C:\Windows\SysWOW64\npDeployJava1.dll No File CHR Extension: (Google Docs) - C:\Users\dr-jane\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0 CHR Extension: (Google Drive) - C:\Users\dr-jane\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0 CHR Extension: (YouTube) - C:\Users\dr-jane\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0 CHR Extension: (Google Search) - C:\Users\dr-jane\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0 CHR Extension: (avast! Online Security) - C:\Users\dr-jane\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki\9.0.2005.45_0 CHR Extension: (Object Browser) - C:\Users\dr-jane\AppData\Local\Google\Chrome\User Data\Default\Extensions\kfgaibfbmkjgmimhbbaikfnpkkjkpoan\1.25.84_0 CHR Extension: (Google Wallet) - C:\Users\dr-jane\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.5.0_0 CHR Extension: (Gmail) - C:\Users\dr-jane\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0 CHR HKLM-x32\...\Chrome\Extension: [mkfokfffehpeedafpekjeddnmnjhmcmk] - C:\Program Files (x86)\Norton 360\Engine\21.1.0.18\Exts\Chrome.crx ==================== Services (Whitelisted) ================= R2 N360; C:\Program Files (x86)\Norton 360\Engine\21.1.0.18\N360.exe [264360 2013-10-08] (Symantec Corporation) R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1370912 2013-11-29] (NVIDIA Corporation) R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [15128352 2013-11-29] (NVIDIA Corporation) R2 PMBDeviceInfoProvider; C:\Program Files (x86)\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe [483864 2013-04-24] (Sony Corporation) R2 WDBackup; C:\Program Files (x86)\Western Digital\WD SmartWare\WDBackupEngine.exe [1042808 2013-11-02] (Western Digital Technologies, Inc.) R2 WDDriveService; C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe [270704 2013-11-02] (Western Digital Technologies, Inc.) ==================== Drivers (Whitelisted) ==================== R1 BHDrvx64; C:\Program Files (x86)\Norton 360\NortonData\21.1.0.18\Definitions\BASHDefs\20131114.001\BHDrvx64.sys [1524824 2013-11-02] (Symantec Corporation) R1 ccSet_N360; C:\Windows\system32\drivers\N360x64\1501000.012\ccSetx64.sys [162392 2013-09-26] (Symantec Corporation) R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [254528 2013-02-16] (DT Soft Ltd) R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [484952 2013-11-30] (Symantec Corporation) U3 EraserUtilDrv11312; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilDrv11312.sys [137648 2013-11-30] (Symantec Corporation) R1 IDSVia64; C:\Program Files (x86)\Norton 360\NortonData\21.1.0.18\Definitions\IPSDefs\20131128.001\IDSvia64.sys [521816 2013-11-28] (Symantec Corporation) R3 NAVENG; C:\Program Files (x86)\Norton 360\NortonData\21.1.0.18\Definitions\VirusDefs\20131202.002\ENG64.SYS [126040 2013-11-30] (Symantec Corporation) R3 NAVEX15; C:\Program Files (x86)\Norton 360\NortonData\21.1.0.18\Definitions\VirusDefs\20131202.002\EX64.SYS [2099288 2013-11-30] (Symantec Corporation) R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [39200 2013-10-30] (NVIDIA Corporation) R3 SRTSP; C:\Windows\system32\drivers\N360x64\1501000.012\SRTSP64.SYS [858200 2013-09-27] (Symantec Corporation) R1 SRTSPX; C:\Windows\system32\drivers\N360x64\1501000.012\SRTSPX64.SYS [36952 2013-09-10] (Symantec Corporation) R0 SymDS; C:\Windows\System32\drivers\N360x64\1501000.012\SYMDS64.SYS [493656 2013-09-10] (Symantec Corporation) R0 SymEFA; C:\Windows\System32\drivers\N360x64\1501000.012\SYMEFA64.SYS [1147480 2013-09-27] (Symantec Corporation) R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [177752 2013-12-02] (Symantec Corporation) R1 SymIRON; C:\Windows\system32\drivers\N360x64\1501000.012\Ironx64.SYS [264280 2013-09-27] (Symantec Corporation) R1 SymNetS; C:\Windows\system32\drivers\N360x64\1501000.012\SYMNETS.SYS [590936 2013-09-26] (Symantec Corporation) S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [x] S3 tsusbhub; system32\drivers\tsusbhub.sys [x] S3 VGPU; System32\drivers\rdvgkmd.sys [x] ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2013-12-02 22:07 - 2013-12-02 22:07 - 00000789 _____ C:\Users\dr-jane\Desktop\checkup.txt 2013-12-02 22:01 - 2013-12-02 22:01 - 00000709 _____ C:\Users\dr-jane\Desktop\eset.txt 2013-12-02 17:51 - 2013-12-02 17:51 - 00000000 ____D C:\Windows\LastGood 2013-12-02 17:50 - 2013-10-30 18:03 - 00039200 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvvad64v.sys 2013-12-02 17:50 - 2013-10-30 18:02 - 00032544 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvaudcap32v.dll 2013-12-02 16:45 - 2013-12-02 16:45 - 00001482 _____ C:\Users\dr-jane\AppData\Local\recently-used.xbel 2013-12-02 16:40 - 2013-12-02 16:40 - 01959070 _____ (Farbar) C:\Users\dr-jane\Desktop\frst64.exe 2013-12-02 16:29 - 2013-12-02 16:42 - 00000000 ____D C:\Users\dr-jane\AppData\Local\LogMeIn Rescue Applet 2013-12-02 16:12 - 2013-12-02 16:12 - 00000000 ____D C:\Windows\System32\Tasks\Norton 360 2013-12-02 16:09 - 2013-12-02 16:09 - 00177752 _____ (Symantec Corporation) C:\Windows\system32\Drivers\SYMEVENT64x86.SYS 2013-12-02 16:09 - 2013-12-02 16:09 - 00008222 _____ C:\Windows\system32\Drivers\SYMEVENT64x86.CAT 2013-12-02 16:09 - 2013-12-02 16:09 - 00003206 _____ C:\Windows\System32\Tasks\Norton WSC Integration 2013-12-02 16:09 - 2013-12-02 16:09 - 00002391 _____ C:\Users\Public\Desktop\Norton 360.lnk 2013-12-02 16:09 - 2013-12-02 16:09 - 00000000 ____D C:\Windows\system32\Drivers\N360x64 2013-12-02 16:09 - 2013-12-02 16:09 - 00000000 ____D C:\Program Files\Common Files\Symantec Shared 2013-12-02 16:09 - 2013-12-02 16:09 - 00000000 ____D C:\Program Files (x86)\Norton 360 2013-12-01 18:00 - 2013-12-02 16:08 - 00000000 ____D C:\ProgramData\AVAST Software 2013-12-01 17:45 - 2013-12-02 17:52 - 00000000 ____D C:\Users\dr-jane\AppData\Local\NVIDIA Corporation 2013-12-01 17:12 - 2013-12-02 17:51 - 00001606 _____ C:\Windows\setupact.log 2013-12-01 17:12 - 2013-12-02 16:08 - 02184284 _____ C:\Windows\PFRO.log 2013-12-01 17:12 - 2013-12-01 17:12 - 00000000 _____ C:\Windows\setuperr.log 2013-12-01 17:00 - 2013-12-02 16:09 - 00000000 ____D C:\ProgramData\Norton 2013-12-01 16:58 - 2013-12-01 16:58 - 00003608 _____ C:\Users\dr-jane\Documents\cc_20131201_165827.reg 2013-12-01 16:53 - 2013-12-01 16:53 - 00000000 ____D C:\Windows\system32\appmgmt 2013-12-01 16:20 - 2013-12-01 16:20 - 00005584 _____ C:\Users\dr-jane\Documents\cc_20131201_162049.reg 2013-12-01 16:19 - 2013-12-01 16:19 - 00055218 _____ C:\Users\dr-jane\Documents\cc_20131201_161915.reg 2013-12-01 13:59 - 2013-12-01 13:59 - 00000000 ____D C:\ProgramData\PCSettings 2013-12-01 12:59 - 2013-12-01 15:36 - 00000000 ____D C:\avast! sandbox 2013-12-01 12:52 - 2013-12-01 12:52 - 00447888 _____ (AVAST Software) C:\Windows\system32\Drivers\aswNdisFlt.sys 2013-12-01 12:31 - 2013-12-01 12:31 - 00000000 ____D C:\Program Files\Western Digital 2013-12-01 12:29 - 2013-12-01 12:29 - 00000000 ____D C:\ProgramData\Package Cache 2013-12-01 12:18 - 2013-12-02 22:09 - 00015966 _____ C:\Users\dr-jane\Desktop\FRST.txt 2013-12-01 12:16 - 2013-12-01 12:16 - 00000950 _____ C:\Users\dr-jane\Desktop\JRT.txt 2013-12-01 12:07 - 2013-12-01 12:07 - 00000000 ____D C:\Windows\ERUNT 2013-12-01 12:05 - 2013-12-01 12:05 - 01034531 _____ (Thisisu) C:\Users\dr-jane\Desktop\JRT.exe 2013-12-01 12:02 - 2013-12-01 12:02 - 00002114 _____ C:\Users\dr-jane\Desktop\AdwCleaner[S0].txt 2013-12-01 11:41 - 2013-12-01 11:41 - 00000000 ____D C:\Users\dr-jane\AppData\Roaming\Malwarebytes 2013-12-01 11:41 - 2013-12-01 11:41 - 00000000 ____D C:\ProgramData\Malwarebytes 2013-12-01 11:40 - 2013-12-01 11:40 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\dr-jane\Downloads\mbam-setup-1.75.0.1300.exe 2013-11-30 23:59 - 2013-11-30 23:59 - 00016546 _____ C:\Users\dr-jane\Desktop\Logs.rar 2013-11-30 23:23 - 2013-11-30 23:23 - 00000212 _____ C:\Users\dr-jane\Documents\avast.txt 2013-11-30 23:09 - 2013-11-30 23:09 - 00000000 ____D C:\Users\dr-jane\AppData\Roaming\AVAST Software 2013-11-30 23:08 - 2013-12-01 18:01 - 00334648 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe 2013-11-30 22:54 - 2013-11-30 22:54 - 00377856 _____ C:\Users\dr-jane\Desktop\gmer_2.1.19163.exe 2013-11-30 22:33 - 2013-11-30 22:33 - 00020388 _____ C:\Users\dr-jane\Documents\Addition.txt 2013-11-30 22:32 - 2013-11-30 22:48 - 00042732 _____ C:\Users\dr-jane\Documents\FRST.txt 2013-11-30 22:30 - 2013-11-30 22:30 - 00000000 ____D C:\FRST 2013-11-30 22:27 - 2013-11-30 22:27 - 00000168 _____ C:\Users\dr-jane\defogger_reenable 2013-11-30 22:26 - 2013-11-30 22:26 - 00050477 _____ C:\Users\dr-jane\Desktop\Defogger.exe 2013-11-30 22:23 - 2013-12-01 00:29 - 00005709 _____ C:\Users\dr-jane\Documents\log.xml 2013-11-30 22:04 - 2013-12-01 16:53 - 00000000 ____D C:\Users\dr-jane\AppData\Roaming\Nico Mak Computing 2013-11-30 22:03 - 2013-11-30 22:03 - 00020881 _____ C:\Users\dr-jane\Documents\AdwCleaner[R0].txt 2013-11-30 21:59 - 2013-12-01 11:58 - 00000000 ____D C:\AdwCleaner 2013-11-21 20:28 - 2013-11-21 20:28 - 00000020 ___SH C:\Users\Mcx1-BOBBY\ntuser.ini 2013-11-21 20:28 - 2013-11-21 20:28 - 00000000 _SHDL C:\Users\Mcx1-BOBBY\Vorlagen 2013-11-21 20:28 - 2013-11-21 20:28 - 00000000 _SHDL C:\Users\Mcx1-BOBBY\Startmenü 2013-11-21 20:28 - 2013-11-21 20:28 - 00000000 _SHDL C:\Users\Mcx1-BOBBY\Netzwerkumgebung 2013-11-21 20:28 - 2013-11-21 20:28 - 00000000 _SHDL C:\Users\Mcx1-BOBBY\Lokale Einstellungen 2013-11-21 20:28 - 2013-11-21 20:28 - 00000000 _SHDL C:\Users\Mcx1-BOBBY\Eigene Dateien 2013-11-21 20:28 - 2013-11-21 20:28 - 00000000 _SHDL C:\Users\Mcx1-BOBBY\Druckumgebung 2013-11-21 20:28 - 2013-11-21 20:28 - 00000000 _SHDL C:\Users\Mcx1-BOBBY\Documents\Eigene Musik 2013-11-21 20:28 - 2013-11-21 20:28 - 00000000 _SHDL C:\Users\Mcx1-BOBBY\Documents\Eigene Bilder 2013-11-21 20:28 - 2013-11-21 20:28 - 00000000 _SHDL C:\Users\Mcx1-BOBBY\AppData\Roaming\Microsoft\Windows\Start Menu\Programme 2013-11-21 20:28 - 2013-11-21 20:28 - 00000000 _SHDL C:\Users\Mcx1-BOBBY\AppData\Local\Verlauf 2013-11-21 20:28 - 2013-11-21 20:28 - 00000000 _SHDL C:\Users\Mcx1-BOBBY\AppData\Local\Anwendungsdaten 2013-11-21 20:28 - 2013-11-21 20:28 - 00000000 _SHDL C:\Users\Mcx1-BOBBY\Anwendungsdaten 2013-11-21 20:28 - 2013-11-21 20:28 - 00000000 ____D C:\Users\Mcx1-BOBBY 2013-11-21 20:28 - 2009-07-14 05:54 - 00000000 ___RD C:\Users\Mcx1-BOBBY\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories 2013-11-21 20:28 - 2009-07-14 05:49 - 00000000 ___RD C:\Users\Mcx1-BOBBY\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance 2013-11-21 19:20 - 2013-11-21 20:28 - 00000410 __RSH C:\ProgramData\ntuser.pol 2013-11-21 16:18 - 2013-11-21 16:18 - 00000000 ____D C:\Users\dr-jane\Documents\Freemake 2013-11-21 16:16 - 2013-11-21 16:16 - 00000000 ____D C:\Users\dr-jane\Documents\Kindle 2013-11-21 15:11 - 2013-11-21 15:11 - 00000000 ____D C:\Windows\System32\Tasks\Western Digital 2013-11-21 15:10 - 2013-11-21 15:10 - 00000000 ____D C:\Users\dr-jane\AppData\Local\Western_Digital_Technolog 2013-11-21 15:10 - 2013-11-21 15:10 - 00000000 ____D C:\Users\dr-jane\AppData\Local\Western Digital 2013-11-21 15:09 - 2013-12-02 16:42 - 00000000 ___RD C:\Users\dr-jane\Desktop\Security 2013-11-21 15:09 - 2013-12-02 16:33 - 00008192 _____ C:\Windows\SysWOW64\WDPABKP.dat 2013-11-21 15:09 - 2013-12-01 18:22 - 00000000 ____D C:\Users\dr-jane\Desktop\Media 2013-11-21 15:09 - 2013-11-21 15:09 - 00000000 ____D C:\Users\dr-jane\Desktop\Games 2013-11-21 15:08 - 2013-12-01 12:31 - 00000000 ____D C:\Program Files\Common Files\Western Digital 2013-11-21 15:08 - 2013-12-01 12:31 - 00000000 ____D C:\Program Files (x86)\Western Digital 2013-11-21 15:07 - 2013-12-01 12:31 - 00000000 ____D C:\ProgramData\Western Digital 2013-11-21 00:58 - 2013-09-04 13:12 - 00343040 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbhub.sys 2013-11-21 00:58 - 2013-09-04 13:11 - 00325120 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbport.sys 2013-11-21 00:58 - 2013-09-04 13:11 - 00099840 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbccgp.sys 2013-11-21 00:58 - 2013-09-04 13:11 - 00052736 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbehci.sys 2013-11-21 00:58 - 2013-09-04 13:11 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbuhci.sys 2013-11-21 00:58 - 2013-09-04 13:11 - 00025600 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbohci.sys 2013-11-21 00:58 - 2013-09-04 13:11 - 00007808 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbd.sys 2013-11-18 22:55 - 2013-11-18 22:55 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox 2013-11-13 16:21 - 2013-10-12 09:45 - 02241536 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2013-11-13 16:21 - 2013-10-12 09:45 - 01364992 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2013-11-13 16:21 - 2013-10-12 09:45 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe 2013-11-13 16:21 - 2013-10-12 09:43 - 19269632 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2013-11-13 16:21 - 2013-10-12 09:43 - 15404544 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2013-11-13 16:21 - 2013-10-12 09:43 - 03959808 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2013-11-13 16:21 - 2013-10-12 09:43 - 02648576 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2013-11-13 16:21 - 2013-10-12 09:43 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll 2013-11-13 16:21 - 2013-10-12 09:43 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2013-11-13 16:21 - 2013-10-12 09:43 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll 2013-11-13 16:21 - 2013-10-12 09:43 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll 2013-11-13 16:21 - 2013-10-12 09:43 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll 2013-11-13 16:21 - 2013-10-12 09:43 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll 2013-11-13 16:21 - 2013-10-12 09:43 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll 2013-11-13 16:21 - 2013-10-12 08:03 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2013-11-13 16:21 - 2013-10-12 08:03 - 01138176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2013-11-13 16:21 - 2013-10-12 08:02 - 14355968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2013-11-13 16:21 - 2013-10-12 08:02 - 13761024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2013-11-13 16:21 - 2013-10-12 08:02 - 02877952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll 2013-11-13 16:21 - 2013-10-12 08:02 - 02049024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2013-11-13 16:21 - 2013-10-12 08:02 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll 2013-11-13 16:21 - 2013-10-12 08:02 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll 2013-11-13 16:21 - 2013-10-12 08:02 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll 2013-11-13 16:21 - 2013-10-12 08:02 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll 2013-11-13 16:21 - 2013-10-12 08:02 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll 2013-11-13 16:21 - 2013-10-12 08:02 - 00039424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll 2013-11-13 16:21 - 2013-10-12 08:02 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll 2013-11-13 16:21 - 2013-10-12 07:35 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2013-11-13 16:21 - 2013-10-12 07:08 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb 2013-11-13 16:21 - 2013-10-12 06:44 - 00089600 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe 2013-11-13 16:21 - 2013-10-12 06:15 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe 2013-11-13 16:15 - 2013-11-13 16:17 - 00000302 _____ C:\Windows\SIERRA.INI 2013-11-13 16:15 - 2013-11-13 16:15 - 00000000 ____D C:\SIERRA 2013-11-13 16:15 - 2013-11-13 16:15 - 00000000 ____D C:\Program Files (x86)\Sierra On-Line 2013-11-13 16:15 - 1998-01-23 12:20 - 00305664 _____ (InstallShield Software Corporation ) C:\Windows\IsUn0407.exe 2013-11-13 13:15 - 2013-11-13 13:20 - 00000000 ____D C:\ProgramData\Adobe 2013-11-13 13:15 - 2013-11-13 13:15 - 00000000 ____D C:\Program Files (x86)\Adobe 2013-11-13 13:13 - 2013-10-12 03:30 - 00830464 _____ (Microsoft Corporation) C:\Windows\system32\nshwfp.dll 2013-11-13 13:13 - 2013-10-12 03:29 - 00859648 _____ (Microsoft Corporation) C:\Windows\system32\IKEEXT.DLL 2013-11-13 13:13 - 2013-10-12 03:29 - 00324096 _____ (Microsoft Corporation) C:\Windows\system32\FWPUCLNT.DLL 2013-11-13 13:13 - 2013-10-12 03:03 - 00656896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nshwfp.dll 2013-11-13 13:13 - 2013-10-12 03:01 - 00216576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\FWPUCLNT.DLL 2013-11-13 13:13 - 2013-10-05 21:25 - 01474048 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll 2013-11-13 13:13 - 2013-10-05 20:57 - 01168384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll 2013-11-13 13:13 - 2013-10-03 03:23 - 00404480 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll 2013-11-13 13:13 - 2013-10-03 03:00 - 00311808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll 2013-11-13 13:13 - 2013-09-28 02:09 - 00497152 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys 2013-11-13 13:13 - 2013-09-25 03:26 - 00154560 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys 2013-11-13 13:13 - 2013-09-25 03:26 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys 2013-11-13 13:13 - 2013-09-25 03:23 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll 2013-11-13 13:13 - 2013-09-25 03:23 - 00028672 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll 2013-11-13 13:13 - 2013-09-25 03:23 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll 2013-11-13 13:13 - 2013-09-25 03:22 - 00340992 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll 2013-11-13 13:13 - 2013-09-25 03:21 - 01447936 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll 2013-11-13 13:13 - 2013-09-25 03:21 - 00307200 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll 2013-11-13 13:13 - 2013-09-25 02:58 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll 2013-11-13 13:13 - 2013-09-25 02:57 - 00247808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll 2013-11-13 13:13 - 2013-09-25 02:57 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll 2013-11-13 13:13 - 2013-09-25 02:56 - 00220160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll 2013-11-13 13:13 - 2013-09-25 02:03 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe 2013-11-13 13:13 - 2013-07-04 13:18 - 00458712 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys 2013-11-11 19:23 - 2010-07-22 17:13 - 00054848 _____ (FSPro Labs) C:\Windows\system32\Drivers\FSPFltd.sys 2013-11-09 15:39 - 2013-11-09 15:39 - 00000000 _____ C:\Windows\PowerReg.dat 2013-11-09 15:38 - 2013-11-09 15:38 - 00000000 ____D C:\Program Files (x86)\Infogrames Interactive 2013-11-07 20:29 - 2013-11-07 20:30 - 00000000 ____D C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69 2013-11-07 20:29 - 2013-11-07 20:30 - 00000000 ____D C:\Program Files\iTunes 2013-11-07 20:29 - 2013-11-07 20:30 - 00000000 ____D C:\Program Files (x86)\iTunes 2013-11-07 20:29 - 2013-11-07 20:29 - 00000000 ____D C:\Program Files\iPod ==================== One Month Modified Files and Folders ======= 2013-12-02 22:10 - 2013-12-01 12:18 - 00015966 _____ C:\Users\dr-jane\Desktop\FRST.txt 2013-12-02 22:07 - 2013-12-02 22:07 - 00000789 _____ C:\Users\dr-jane\Desktop\checkup.txt 2013-12-02 22:03 - 2009-07-14 05:45 - 00023312 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2013-12-02 22:03 - 2009-07-14 05:45 - 00023312 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2013-12-02 22:01 - 2013-12-02 22:01 - 00000709 _____ C:\Users\dr-jane\Desktop\eset.txt 2013-12-02 22:00 - 2013-02-16 23:34 - 00001110 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2013-12-02 21:28 - 2013-06-18 16:10 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job 2013-12-02 21:13 - 2013-02-16 21:50 - 01292172 _____ C:\Windows\WindowsUpdate.log 2013-12-02 19:11 - 2009-07-14 18:58 - 00696832 _____ C:\Windows\system32\perfh007.dat 2013-12-02 19:11 - 2009-07-14 18:58 - 00148128 _____ C:\Windows\system32\perfc007.dat 2013-12-02 19:11 - 2009-07-14 06:13 - 01613340 _____ C:\Windows\system32\PerfStringBackup.INI 2013-12-02 17:54 - 2013-07-01 20:32 - 00000000 ____D C:\Users\dr-jane\AppData\Local\NVIDIA 2013-12-02 17:52 - 2013-12-01 17:45 - 00000000 ____D C:\Users\dr-jane\AppData\Local\NVIDIA Corporation 2013-12-02 17:52 - 2013-02-16 22:21 - 00000000 ____D C:\ProgramData\NVIDIA Corporation 2013-12-02 17:52 - 2013-02-16 22:21 - 00000000 ____D C:\ProgramData\NVIDIA 2013-12-02 17:51 - 2013-12-02 17:51 - 00000000 ____D C:\Windows\LastGood 2013-12-02 17:51 - 2013-12-01 17:12 - 00001606 _____ C:\Windows\setupact.log 2013-12-02 17:51 - 2013-02-16 22:21 - 00000000 ____D C:\Program Files (x86)\NVIDIA Corporation 2013-12-02 17:51 - 2013-02-16 22:20 - 00000000 ____D C:\Program Files\NVIDIA Corporation 2013-12-02 16:45 - 2013-12-02 16:45 - 00001482 _____ C:\Users\dr-jane\AppData\Local\recently-used.xbel 2013-12-02 16:45 - 2013-06-18 17:04 - 00000000 ____D C:\Users\dr-jane\.gimp-2.8 2013-12-02 16:42 - 2013-12-02 16:29 - 00000000 ____D C:\Users\dr-jane\AppData\Local\LogMeIn Rescue Applet 2013-12-02 16:42 - 2013-11-21 15:09 - 00000000 ___RD C:\Users\dr-jane\Desktop\Security 2013-12-02 16:40 - 2013-12-02 16:40 - 01959070 _____ (Farbar) C:\Users\dr-jane\Desktop\frst64.exe 2013-12-02 16:36 - 2013-02-17 00:04 - 00000000 ____D C:\Users\dr-jane\Documents\Symantec 2013-12-02 16:33 - 2013-11-21 15:09 - 00008192 _____ C:\Windows\SysWOW64\WDPABKP.dat 2013-12-02 16:33 - 2013-02-16 23:34 - 00001106 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2013-12-02 16:33 - 2009-07-14 06:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT 2013-12-02 16:12 - 2013-12-02 16:12 - 00000000 ____D C:\Windows\System32\Tasks\Norton 360 2013-12-02 16:09 - 2013-12-02 16:09 - 00177752 _____ (Symantec Corporation) C:\Windows\system32\Drivers\SYMEVENT64x86.SYS 2013-12-02 16:09 - 2013-12-02 16:09 - 00008222 _____ C:\Windows\system32\Drivers\SYMEVENT64x86.CAT 2013-12-02 16:09 - 2013-12-02 16:09 - 00003206 _____ C:\Windows\System32\Tasks\Norton WSC Integration 2013-12-02 16:09 - 2013-12-02 16:09 - 00002391 _____ C:\Users\Public\Desktop\Norton 360.lnk 2013-12-02 16:09 - 2013-12-02 16:09 - 00000000 ____D C:\Windows\system32\Drivers\N360x64 2013-12-02 16:09 - 2013-12-02 16:09 - 00000000 ____D C:\Program Files\Common Files\Symantec Shared 2013-12-02 16:09 - 2013-12-02 16:09 - 00000000 ____D C:\Program Files (x86)\Norton 360 2013-12-02 16:09 - 2013-12-01 17:00 - 00000000 ____D C:\ProgramData\Norton 2013-12-02 16:08 - 2013-12-01 18:00 - 00000000 ____D C:\ProgramData\AVAST Software 2013-12-02 16:08 - 2013-12-01 17:12 - 02184284 _____ C:\Windows\PFRO.log 2013-12-02 16:02 - 2013-09-16 14:23 - 00003922 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{B1309304-91E3-4870-B2E5-39AFB00E9104} 2013-12-01 19:06 - 2013-10-27 15:46 - 00000000 ____D C:\Users\dr-jane\AppData\Roaming\vlc 2013-12-01 18:22 - 2013-11-21 15:09 - 00000000 ____D C:\Users\dr-jane\Desktop\Media 2013-12-01 18:01 - 2013-11-30 23:08 - 00334648 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe 2013-12-01 17:43 - 2013-02-17 00:00 - 00000000 ____D C:\Users\dr-jane\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Norton 2013-12-01 17:30 - 2013-02-17 00:00 - 00000000 ____D C:\Users\Public\Downloads\Norton 2013-12-01 17:12 - 2013-12-01 17:12 - 00000000 _____ C:\Windows\setuperr.log 2013-12-01 17:03 - 2013-02-16 22:32 - 00000000 ____D C:\Users\dr-jane\Downloads\Treiber 2013-12-01 16:58 - 2013-12-01 16:58 - 00003608 _____ C:\Users\dr-jane\Documents\cc_20131201_165827.reg 2013-12-01 16:53 - 2013-12-01 16:53 - 00000000 ____D C:\Windows\system32\appmgmt 2013-12-01 16:53 - 2013-11-30 22:04 - 00000000 ____D C:\Users\dr-jane\AppData\Roaming\Nico Mak Computing 2013-12-01 16:21 - 2013-02-28 22:23 - 00000000 ____D C:\Users\dr-jane\AppData\Local\CrashDumps 2013-12-01 16:21 - 2013-02-16 23:11 - 00000000 ____D C:\Users\dr-jane\AppData\Roaming\DAEMON Tools Lite 2013-12-01 16:21 - 2013-02-16 21:42 - 00000000 ____D C:\Windows\Panther 2013-12-01 16:20 - 2013-12-01 16:20 - 00005584 _____ C:\Users\dr-jane\Documents\cc_20131201_162049.reg 2013-12-01 16:19 - 2013-12-01 16:19 - 00055218 _____ C:\Users\dr-jane\Documents\cc_20131201_161915.reg 2013-12-01 15:36 - 2013-12-01 12:59 - 00000000 ____D C:\avast! sandbox 2013-12-01 13:59 - 2013-12-01 13:59 - 00000000 ____D C:\ProgramData\PCSettings 2013-12-01 12:52 - 2013-12-01 12:52 - 00447888 _____ (AVAST Software) C:\Windows\system32\Drivers\aswNdisFlt.sys 2013-12-01 12:51 - 2013-06-18 16:10 - 00003822 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater 2013-12-01 12:51 - 2013-02-17 16:41 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2013-12-01 12:51 - 2013-02-17 16:41 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2013-12-01 12:31 - 2013-12-01 12:31 - 00000000 ____D C:\Program Files\Western Digital 2013-12-01 12:31 - 2013-11-21 15:08 - 00000000 ____D C:\Program Files\Common Files\Western Digital 2013-12-01 12:31 - 2013-11-21 15:08 - 00000000 ____D C:\Program Files (x86)\Western Digital 2013-12-01 12:31 - 2013-11-21 15:07 - 00000000 ____D C:\ProgramData\Western Digital 2013-12-01 12:29 - 2013-12-01 12:29 - 00000000 ____D C:\ProgramData\Package Cache 2013-12-01 12:16 - 2013-12-01 12:16 - 00000950 _____ C:\Users\dr-jane\Desktop\JRT.txt 2013-12-01 12:07 - 2013-12-01 12:07 - 00000000 ____D C:\Windows\ERUNT 2013-12-01 12:05 - 2013-12-01 12:05 - 01034531 _____ (Thisisu) C:\Users\dr-jane\Desktop\JRT.exe 2013-12-01 12:02 - 2013-12-01 12:02 - 00002114 _____ C:\Users\dr-jane\Desktop\AdwCleaner[S0].txt 2013-12-01 11:58 - 2013-11-30 21:59 - 00000000 ____D C:\AdwCleaner 2013-12-01 11:41 - 2013-12-01 11:41 - 00000000 ____D C:\Users\dr-jane\AppData\Roaming\Malwarebytes 2013-12-01 11:41 - 2013-12-01 11:41 - 00000000 ____D C:\ProgramData\Malwarebytes 2013-12-01 11:40 - 2013-12-01 11:40 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\dr-jane\Downloads\mbam-setup-1.75.0.1300.exe 2013-12-01 00:29 - 2013-11-30 22:23 - 00005709 _____ C:\Users\dr-jane\Documents\log.xml 2013-11-30 23:59 - 2013-11-30 23:59 - 00016546 _____ C:\Users\dr-jane\Desktop\Logs.rar 2013-11-30 23:23 - 2013-11-30 23:23 - 00000212 _____ C:\Users\dr-jane\Documents\avast.txt 2013-11-30 23:09 - 2013-11-30 23:09 - 00000000 ____D C:\Users\dr-jane\AppData\Roaming\AVAST Software 2013-11-30 22:54 - 2013-11-30 22:54 - 00377856 _____ C:\Users\dr-jane\Desktop\gmer_2.1.19163.exe 2013-11-30 22:48 - 2013-11-30 22:32 - 00042732 _____ C:\Users\dr-jane\Documents\FRST.txt 2013-11-30 22:33 - 2013-11-30 22:33 - 00020388 _____ C:\Users\dr-jane\Documents\Addition.txt 2013-11-30 22:30 - 2013-11-30 22:30 - 00000000 ____D C:\FRST 2013-11-30 22:27 - 2013-11-30 22:27 - 00000168 _____ C:\Users\dr-jane\defogger_reenable 2013-11-30 22:27 - 2013-02-16 21:52 - 00000000 ____D C:\Users\dr-jane 2013-11-30 22:26 - 2013-11-30 22:26 - 00050477 _____ C:\Users\dr-jane\Desktop\Defogger.exe 2013-11-30 22:03 - 2013-11-30 22:03 - 00020881 _____ C:\Users\dr-jane\Documents\AdwCleaner[R0].txt 2013-11-29 17:56 - 2013-10-29 20:25 - 01096480 _____ (NVIDIA Corporation) C:\Windows\system32\nvspcap64.dll 2013-11-29 17:56 - 2013-10-29 20:25 - 00979744 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvspcap.dll 2013-11-21 20:28 - 2013-11-21 20:28 - 00000020 ___SH C:\Users\Mcx1-BOBBY\ntuser.ini 2013-11-21 20:28 - 2013-11-21 20:28 - 00000000 _SHDL C:\Users\Mcx1-BOBBY\Vorlagen 2013-11-21 20:28 - 2013-11-21 20:28 - 00000000 _SHDL C:\Users\Mcx1-BOBBY\Startmenü 2013-11-21 20:28 - 2013-11-21 20:28 - 00000000 _SHDL C:\Users\Mcx1-BOBBY\Netzwerkumgebung 2013-11-21 20:28 - 2013-11-21 20:28 - 00000000 _SHDL C:\Users\Mcx1-BOBBY\Lokale Einstellungen 2013-11-21 20:28 - 2013-11-21 20:28 - 00000000 _SHDL C:\Users\Mcx1-BOBBY\Eigene Dateien 2013-11-21 20:28 - 2013-11-21 20:28 - 00000000 _SHDL C:\Users\Mcx1-BOBBY\Druckumgebung 2013-11-21 20:28 - 2013-11-21 20:28 - 00000000 _SHDL C:\Users\Mcx1-BOBBY\Documents\Eigene Musik 2013-11-21 20:28 - 2013-11-21 20:28 - 00000000 _SHDL C:\Users\Mcx1-BOBBY\Documents\Eigene Bilder 2013-11-21 20:28 - 2013-11-21 20:28 - 00000000 _SHDL C:\Users\Mcx1-BOBBY\AppData\Roaming\Microsoft\Windows\Start Menu\Programme 2013-11-21 20:28 - 2013-11-21 20:28 - 00000000 _SHDL C:\Users\Mcx1-BOBBY\AppData\Local\Verlauf 2013-11-21 20:28 - 2013-11-21 20:28 - 00000000 _SHDL C:\Users\Mcx1-BOBBY\AppData\Local\Anwendungsdaten 2013-11-21 20:28 - 2013-11-21 20:28 - 00000000 _SHDL C:\Users\Mcx1-BOBBY\Anwendungsdaten 2013-11-21 20:28 - 2013-11-21 20:28 - 00000000 ____D C:\Users\Mcx1-BOBBY 2013-11-21 20:28 - 2013-11-21 19:20 - 00000410 __RSH C:\ProgramData\ntuser.pol 2013-11-21 19:54 - 2009-07-14 04:20 - 00000000 __RHD C:\Users\Public\Libraries 2013-11-21 19:20 - 2009-07-14 04:20 - 00000000 ___HD C:\Windows\system32\GroupPolicy 2013-11-21 19:17 - 2009-07-14 19:18 - 00000000 ___RD C:\Users\Public\Recorded TV 2013-11-21 16:18 - 2013-11-21 16:18 - 00000000 ____D C:\Users\dr-jane\Documents\Freemake 2013-11-21 16:16 - 2013-11-21 16:16 - 00000000 ____D C:\Users\dr-jane\Documents\Kindle 2013-11-21 15:11 - 2013-11-21 15:11 - 00000000 ____D C:\Windows\System32\Tasks\Western Digital 2013-11-21 15:10 - 2013-11-21 15:10 - 00000000 ____D C:\Users\dr-jane\AppData\Local\Western_Digital_Technolog 2013-11-21 15:10 - 2013-11-21 15:10 - 00000000 ____D C:\Users\dr-jane\AppData\Local\Western Digital 2013-11-21 15:09 - 2013-11-21 15:09 - 00000000 ____D C:\Users\dr-jane\Desktop\Games 2013-11-21 11:21 - 2013-02-16 23:26 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service 2013-11-18 22:55 - 2013-11-18 22:55 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox 2013-11-16 01:07 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\rescache 2013-11-15 16:47 - 2013-07-24 15:49 - 00000000 ____D C:\Users\dr-jane\AppData\Local\Adobe 2013-11-13 16:27 - 2013-06-24 16:21 - 00000000 ____D C:\Users\dr-jane\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games 2013-11-13 16:20 - 2013-08-15 19:59 - 00000000 ____D C:\Windows\system32\MRT 2013-11-13 16:19 - 2013-02-21 17:12 - 82896128 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe 2013-11-13 16:17 - 2013-11-13 16:15 - 00000302 _____ C:\Windows\SIERRA.INI 2013-11-13 16:15 - 2013-11-13 16:15 - 00000000 ____D C:\SIERRA 2013-11-13 16:15 - 2013-11-13 16:15 - 00000000 ____D C:\Program Files (x86)\Sierra On-Line 2013-11-13 13:20 - 2013-11-13 13:15 - 00000000 ____D C:\ProgramData\Adobe 2013-11-13 13:18 - 2013-02-17 01:19 - 00000000 ____D C:\Users\dr-jane\AppData\Roaming\Adobe 2013-11-13 13:15 - 2013-11-13 13:15 - 00000000 ____D C:\Program Files (x86)\Adobe 2013-11-09 15:44 - 2013-02-16 21:52 - 00000000 ____D C:\Users\dr-jane\AppData\Local\VirtualStore 2013-11-09 15:39 - 2013-11-09 15:39 - 00000000 _____ C:\Windows\PowerReg.dat 2013-11-09 15:38 - 2013-11-09 15:38 - 00000000 ____D C:\Program Files (x86)\Infogrames Interactive 2013-11-09 15:38 - 2013-02-16 21:56 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information 2013-11-08 21:51 - 2013-02-16 23:26 - 00000000 ____D C:\Users\dr-jane\AppData\Local\Mozilla 2013-11-08 17:04 - 2013-02-16 23:54 - 00000000 ____D C:\Users\dr-jane\AppData\Roaming\Apple Computer 2013-11-08 17:02 - 2013-02-16 23:54 - 00000000 ____D C:\Users\dr-jane\AppData\Local\Apple Computer 2013-11-07 20:31 - 2013-02-16 23:53 - 00000000 ____D C:\Program Files\Common Files\Apple 2013-11-07 20:30 - 2013-11-07 20:29 - 00000000 ____D C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69 2013-11-07 20:30 - 2013-11-07 20:29 - 00000000 ____D C:\Program Files\iTunes 2013-11-07 20:30 - 2013-11-07 20:29 - 00000000 ____D C:\Program Files (x86)\iTunes 2013-11-07 20:29 - 2013-11-07 20:29 - 00000000 ____D C:\Program Files\iPod Some content of TEMP: ==================== C:\Users\dr-jane\AppData\Local\Temp\Quarantine.exe C:\Users\dr-jane\AppData\Local\Temp\vlc-2.1.1-win32.exe ==================== Bamital & volsnap Check ================= C:\Windows\System32\winlogon.exe => MD5 is legit C:\Windows\System32\wininit.exe => MD5 is legit C:\Windows\SysWOW64\wininit.exe => MD5 is legit C:\Windows\explorer.exe => MD5 is legit C:\Windows\SysWOW64\explorer.exe => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\SysWOW64\svchost.exe => MD5 is legit C:\Windows\System32\services.exe => MD5 is legit C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\SysWOW64\User32.dll => MD5 is legit C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\SysWOW64\userinit.exe => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit LastRegBack: 2013-11-30 20:10 ==================== End Of Log ============================ --- --- --- So, es gibt eigentlich kein Problem mehr Dafür herzlichsten Dank!!! Kann ich beim Defrogger jetzt eigentlich wieder auf Enable klicken? Kann man anhand der Logfiles irgendetwas über den restlichen Sicherheitszustandes meines PCs sagen, gibt es etwas das ich verbessern kann? Ansonsten bin ich wunschlos glücklich! Danke! Ich hoffe es passt auch von Seiten der Logfiles alles! |
03.12.2013, 12:29 | #6 |
/// the machine /// TB-Ausbilder | Windows 7: Daily Deal Werbung im Browser (FireFox) Fertig Die Reihenfolge ist hier entscheidend.
Hier noch ein paar Tipps zur Absicherung deines Systems. Ich kann garnicht zu oft erwähnen, wie wichtig es ist, dass dein System Up to Date ist.
Anti- Viren Software
Zusätzlicher Schutz
Sicheres Browsen
Alternative Browser Andere Browser tendieren zu etwas mehr Sicherheit als der IE, da diese keine Active X Elemente verwenden. Diese können von Spyware zur Infektion deines Systems missbraucht werden.
Performance Bereinige regelmäßig deine Temp Files. Ich empfehle hierzu TFC Halte dich fern von jedlichen Registry Cleanern. Diese Schaden deinem System mehr als sie helfen. Hier ein paar ( englishe ) Links Miekemoes Blogspot ( MVP ) Bill Castner ( MVP ) Don'ts
Hinweis: Bitte gib mir eine kurze Rückmeldung wenn alles erledigt ist und keine Fragen mehr vorhanden sind, so das ich diesen Thread aus meinen Abos löschen kann.
__________________ --> Windows 7: Daily Deal Werbung im Browser (FireFox) |
04.12.2013, 14:22 | #7 |
| Windows 7: Daily Deal Werbung im Browser (FireFox) Vielen herzlichen Dank! Ich werde deine Ratschläge berücksichtigen und hoffe, dass ich auch in Zukunft von gefährlicher Software verschont bleibe Du kannst den Thread aus den Abos löschen. Mein einziges Problem ist dzt. nur, dass Secunia ewig im Ladebildschirm verweilt und nicht weiter macht. Ansonsten ist alles erledigt. Danke, danke, danke! |
05.12.2013, 09:36 | #8 |
/// the machine /// TB-Ausbilder | Windows 7: Daily Deal Werbung im Browser (FireFox) Gern Geschehen
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
Themen zu Windows 7: Daily Deal Werbung im Browser (FireFox) |
antivir, appdatalow, avira, bonjour, error, failed, flash player, logfile, mozilla, plug-in, preferences, pup.optional.conduit.a, pup.optional.crossrider, pup.optional.crossrider.a, pup.optional.objectbrowser.a, pup.optional.opencandy, regclean, registrierungsdatenbank, registry, software, super, svchost.exe, werbung, windows, winzip malware protector |