| |
| |||||||
Log-Analyse und Auswertung: Windows7: NationZoom.com öffnet sich beim Öffnen eines BrowsersWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
| |
20.01.2014, 17:25
| #1 |
| |  Windows7: NationZoom.com öffnet sich beim Öffnen eines Browsers ADWcleaner log, JRT und FRST folgt in Kürze. Code:
ATTFilter # AdwCleaner v3.017 - Bericht erstellt am 20/01/2014 um 16:41:25
# Aktualisiert 12/01/2014 von Xplode
# Betriebssystem : Windows 7 Home Premium (64 bits)
# Benutzername : Jens - JENS-PC
# Gestartet von : C:\Users\Jens\Desktop\adwcleaner.exe
# Option : Löschen
***** [ Dienste ] *****
Dienst Gelöscht : ICQ Service
***** [ Dateien / Ordner ] *****
Ordner Gelöscht : C:\SoftwareUpdater
Ordner Gelöscht : C:\ProgramData\ICQ\ICQToolbar
Ordner Gelöscht : C:\ProgramData\NCH Software
Ordner Gelöscht : C:\ProgramData\WPM
Ordner Gelöscht : C:\Program Files (x86)\ICQ6Toolbar
Ordner Gelöscht : C:\Program Files (x86)\NCH Software
Ordner Gelöscht : C:\Program Files (x86)\Re-markit
Ordner Gelöscht : C:\Program Files (x86)\vShare.tv plugin
Ordner Gelöscht : C:\Program Files (x86)\Common Files\DVDVideoSoft\TB
Ordner Gelöscht : C:\Users\Jens\AppData\Local\DownloadGuide
Ordner Gelöscht : C:\Users\Jens\AppData\Roaming\dvdvideosoftiehelpers
Ordner Gelöscht : C:\Users\Jens\AppData\Roaming\NCH Software
Ordner Gelöscht : C:\Users\Jens\AppData\Roaming\Windows Net Data
Ordner Gelöscht : C:\Users\Jens\AppData\Local\Google\Chrome\User Data\Default\Extensions\cekcjpgehmohobmdiikfnopibipmgnml
Ordner Gelöscht : C:\Users\Jens\AppData\Local\Google\Chrome\User Data\Default\Extensions\fmlgoencnlndpglbocajlimaikjohmab
Datei Gelöscht : C:\Users\Jens\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\net.lnk
Datei Gelöscht : C:\Program Files (x86)\Mozilla Firefox\Plugins\npvsharetvplg.dll
Datei Gelöscht : C:\Program Files (x86)\Mozilla Firefox\searchplugins\nationzoom.xml
Datei Gelöscht : C:\Program Files (x86)\Mozilla Firefox\searchplugins\Web Search.xml
Datei Gelöscht : C:\Users\Jens\AppData\Roaming\Mozilla\Firefox\Profiles\mi94ectk.default-1383129948364\user.js
Datei Gelöscht : C:\Users\Jens\AppData\Local\Google\Chrome\User Data\Default\Extensions\newtab.crx
Datei Gelöscht : C:\Users\Jens\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_ifohbjbgfchkkfhphahclmkpgejiplfo_0.localstorage
Datei Gelöscht : C:\Windows\System32\Tasks\NCH Software
***** [ Verknüpfungen ] *****
Verknüpfung Desinfiziert : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
Verknüpfung Desinfiziert : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome\Google Chrome.lnk
Verknüpfung Desinfiziert : C:\Users\Jens\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk
Verknüpfung Desinfiziert : C:\Users\Jens\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
Verknüpfung Desinfiziert : C:\Users\Jens\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Internet Explorer (No Add-ons).lnk
Verknüpfung Desinfiziert : C:\Users\Jens\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
Verknüpfung Desinfiziert : C:\Users\Jens\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
Verknüpfung Desinfiziert : C:\Users\Jens\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Mozilla Firefox.lnk
***** [ Registrierungsdatenbank ] *****
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\ICQ\ICQToolBar
Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\Main [ICQ Search]
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\ICQ Service.exe
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\ICQToolBar.IEHook
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\ICQToolBar.IEHook.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\askpartnercobrandingtool_rasapi32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\askpartnercobrandingtool_rasmancs
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\AskSLib_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\AskSLib_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\au__rasapi32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\au__rasmancs
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\HomeTab_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\HomeTab_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\TaskScheduler_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\TaskScheduler_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{0A18A436-2A7A-49F3-A488-30538A2F6323}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{5D723752-5899-47E8-99B4-62C824EF9E13}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{007EFBDF-8A5D-4930-97CC-A4B437CBA777}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{855F3B16-6D32-4FE6-8A56-BBB695989046}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{A1B48071-416D-474E-A13B-BE5456E7FC31}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{99C22A61-21BA-4F81-85FF-CDC9EB5DB10B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{00000000-6E41-4FD3-8538-502F5495E5FC}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{855F3B16-6D32-4FE6-8A56-BBB695989046}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{00000000-6E41-4FD3-8538-502F5495E5FC}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{855F3B16-6D32-4FE6-8A56-BBB695989046}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{A1B48071-416D-474E-A13B-BE5456E7FC31}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{855F3B16-6D32-4FE6-8A56-BBB695989046}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{CFD485F0-96BD-47CD-BB6D-CD7DDA95F102}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{855F3B16-6D32-4FE6-8A56-BBB695989046}]
Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{855F3B16-6D32-4FE6-8A56-BBB695989046}]
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}
Schlüssel Gelöscht : HKCU\Software\Conduit
Schlüssel Gelöscht : HKCU\Software\ICQ\ICQToolbar
Schlüssel Gelöscht : HKCU\Software\NCH Software
Schlüssel Gelöscht : HKCU\Software\simplytech
Schlüssel Gelöscht : HKCU\Software\StartSearch
Schlüssel Gelöscht : HKCU\Software\vShare.tv
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\simplytech
Schlüssel Gelöscht : HKLM\Software\Conduit
Schlüssel Gelöscht : HKLM\Software\ICQ\ICQToolbar
Schlüssel Gelöscht : HKLM\Software\NCH Software
Schlüssel Gelöscht : HKLM\Software\supWPM
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ICQToolbar
***** [ Browser ] *****
-\\ Internet Explorer v8.0.7600.16766
Einstellung Wiederhergestellt : HKCU\Software\Microsoft\Internet Explorer\Main [ICQ Search]
Einstellung Wiederhergestellt : HKCU\Software\Microsoft\Internet Explorer\Main [Start Default_Page_URL]
Einstellung Wiederhergestellt : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Start Default_Page_URL]
Einstellung Wiederhergestellt : HKCU\Software\Microsoft\Internet Explorer\Search [Start Page]
Einstellung Wiederhergestellt : HKCU\Software\Microsoft\Internet Explorer\Search [Start Default_Page_URL]
Einstellung Wiederhergestellt : HKCU\Software\Microsoft\Internet Explorer\Search [Search Bar]
Einstellung Wiederhergestellt : HKCU\Software\Microsoft\Internet Explorer\Search [Search Page]
Einstellung Wiederhergestellt : HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURls [Tabs]
Einstellung Wiederhergestellt : HKLM\SOFTWARE\Microsoft\Internet Explorer\Search [Start Page]
Einstellung Wiederhergestellt : HKLM\SOFTWARE\Microsoft\Internet Explorer\Search [Start Default_Page_URL]
Einstellung Wiederhergestellt : HKLM\SOFTWARE\Microsoft\Internet Explorer\Search [Search Bar]
Einstellung Wiederhergestellt : HKLM\SOFTWARE\Microsoft\Internet Explorer\Search [Search Page]
Einstellung Wiederhergestellt : HKCU\Software\Microsoft\Internet Explorer\SearchUrl [(Default)]
Einstellung Wiederhergestellt : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchUrl [(Default)]
Einstellung Wiederhergestellt : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Start Page]
-\\ Mozilla Firefox v26.0 (de)
[ Datei : C:\Users\Jens\AppData\Roaming\Mozilla\Firefox\Profiles\mi94ectk.default-1383129948364\prefs.js ]
Zeile gelöscht : user_pref("browser.newtab.url", "hxxp://www.nationzoom.com/newtab/?type=nt&ts=1389782542&from=tugs&uid=TOSHIBAXMK5065GSX_Y0HBC2ITTXXY0HBC2ITT");
Zeile gelöscht : user_pref("extensions.crossrider.bic", "1439582e0ce139b7a9418c647618c4be");
-\\ Google Chrome v32.0.1700.76
[ Datei : C:\Users\Jens\AppData\Local\Google\Chrome\User Data\Default\preferences ]
Gelöscht : homepage
Gelöscht : search_url
Gelöscht : keyword
Gelöscht : urls_to_restore_on_startup
*************************
AdwCleaner[R0].txt - [13476 octets] - [20/01/2014 16:39:45]
AdwCleaner[S0].txt - [9887 octets] - [20/01/2014 16:41:25]
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [9947 octets] ##########
Code:
ATTFilter ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.0 (01.07.2014:1)
OS: Windows 7 Home Premium x64
Ran by Jens on 20.01.2014 at 16:48:05,04
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~ Services
~~~ Registry Values
~~~ Registry Keys
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{295D49D2-81AB-45A9-87C2-99AE5F06CFA6}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{6ACD2B63-05C0-4F26-9E39-433391E3915D}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{6ACD2B63-05C0-4F26-9E39-433391E3915D}
~~~ Files
~~~ Folders
Successfully deleted: [Empty Folder] C:\Users\Jens\appdata\local\{0C9AF5E5-C89F-4052-B664-E44D42C50BC5}
Successfully deleted: [Empty Folder] C:\Users\Jens\appdata\local\{0F54E4D0-5503-4DB8-85F9-34A89339CA87}
Successfully deleted: [Empty Folder] C:\Users\Jens\appdata\local\{11AFF08C-6267-464B-A98C-172F0805109E}
Successfully deleted: [Empty Folder] C:\Users\Jens\appdata\local\{23DE86BC-EEE4-47DE-B5BD-3B028B63F766}
Successfully deleted: [Empty Folder] C:\Users\Jens\appdata\local\{34223A48-C904-4459-B32D-B31DD9DD7E1B}
Successfully deleted: [Empty Folder] C:\Users\Jens\appdata\local\{34F680AF-5B83-47BB-AA60-48B9C61C4C53}
Successfully deleted: [Empty Folder] C:\Users\Jens\appdata\local\{3A5BDF73-4C39-43BA-B5FF-D3825D8F7E7F}
Successfully deleted: [Empty Folder] C:\Users\Jens\appdata\local\{469D45CC-064E-4865-A0F3-3F667CECFACE}
Successfully deleted: [Empty Folder] C:\Users\Jens\appdata\local\{4F729837-3ABB-4CA7-A7F1-AE0683D0FFEF}
Successfully deleted: [Empty Folder] C:\Users\Jens\appdata\local\{55DA57D4-1F9B-4D51-8E33-50C0BAF37B0C}
Successfully deleted: [Empty Folder] C:\Users\Jens\appdata\local\{57F810DE-D978-4602-B11A-E9923BFD6DA0}
Successfully deleted: [Empty Folder] C:\Users\Jens\appdata\local\{61F9AE78-62C3-41C1-96C4-FE7F0BC6625B}
Successfully deleted: [Empty Folder] C:\Users\Jens\appdata\local\{65733494-F6B9-4856-BFDF-11E8A28BD2AE}
Successfully deleted: [Empty Folder] C:\Users\Jens\appdata\local\{7F4625A3-6297-4576-9F09-EAA08DC6F63D}
Successfully deleted: [Empty Folder] C:\Users\Jens\appdata\local\{8D887DF3-46E8-44AE-AD4E-64EAE88219B5}
Successfully deleted: [Empty Folder] C:\Users\Jens\appdata\local\{8EC0AB53-EA02-4DD1-80DD-07B148718566}
Successfully deleted: [Empty Folder] C:\Users\Jens\appdata\local\{9548BEA6-50CB-4015-83F3-1C251CF48DD3}
Successfully deleted: [Empty Folder] C:\Users\Jens\appdata\local\{A545001D-A5D9-44D2-B8C8-C8DD72D001F2}
Successfully deleted: [Empty Folder] C:\Users\Jens\appdata\local\{A97E2132-490D-47F4-826A-4731297D6B14}
Successfully deleted: [Empty Folder] C:\Users\Jens\appdata\local\{AEF6A900-1B5C-4D15-A068-BEE99B596A48}
Successfully deleted: [Empty Folder] C:\Users\Jens\appdata\local\{BA2F85CD-8399-4CF8-8BA4-99D4E7BB9BDF}
Successfully deleted: [Empty Folder] C:\Users\Jens\appdata\local\{C3E18869-9472-4537-94E6-3636003E68C2}
Successfully deleted: [Empty Folder] C:\Users\Jens\appdata\local\{C425BB70-2ACA-4C89-ADA6-C76912719C15}
Successfully deleted: [Empty Folder] C:\Users\Jens\appdata\local\{C446FCB8-5DE8-4F24-AC19-829203FC6EA2}
Successfully deleted: [Empty Folder] C:\Users\Jens\appdata\local\{E1E151B5-A3AF-4F70-A635-F9DEB7AD44BB}
Successfully deleted: [Empty Folder] C:\Users\Jens\appdata\local\{E4566F6F-5664-4DF7-9B3D-B3BAAFDF2360}
Successfully deleted: [Empty Folder] C:\Users\Jens\appdata\local\{E8E77CA1-E772-4BC0-8EE0-ADFF4BD2F0F7}
~~~ FireFox
Emptied folder: C:\Users\Jens\AppData\Roaming\mozilla\firefox\profiles\mi94ectk.default-1383129948364\minidumps [52 files]
~~~ Event Viewer Logs were cleared
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 20.01.2014 at 17:09:13,10
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 19-01-2014 04
Ran by Jens (administrator) on JENS-PC on 20-01-2014 17:15:32
Running from C:\Users\Jens\Desktop
Windows 7 Home Premium (X64) OS Language: German Standard
Internet Explorer Version 8
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
() C:\Program Files (x86)\Hotkey\PowerBiosServer.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(mychat) C:\Program Files (x86)\BisonCam\BisonHK.exe
(Microsoft Corporation) C:\Program Files\Microsoft IntelliPoint\ipoint.exe
(Spotify Ltd) C:\Users\Jens\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
() C:\Program Files (x86)\Hotkey\Hotkey.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE
(VIA) C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
() C:\Program Files (x86)\Hilfe Assistent\Hilfe_Assistent.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Farbar) C:\Users\Jens\Desktop\FRST64(1).exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2052392 2010-02-11] (Synaptics Incorporated)
HKLM\...\Run: [BisonHK] - C:\Program Files (x86)\BisonCam\BisonHK.exe [86016 2009-11-26] (mychat)
HKLM\...\Run: [IntelliPoint] - c:\Program Files\Microsoft IntelliPoint\ipoint.exe [2328944 2011-01-07] (Microsoft Corporation)
HKLM\...\Run: [AdobeAAMUpdater-1.0] - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [444904 2012-09-20] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [StartCCC] - c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [98304 2009-10-19] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [HDAudDeck] - C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe [2472560 2010-08-12] (VIA)
HKLM-x32\...\Run: [Microsoft Default Manager] - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe [439568 2010-05-10] (Microsoft Corporation)
HKLM-x32\...\Run: [QuickTime Task] - C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2010-11-29] (Apple Inc.)
HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-01-28] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] - C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2013-02-20] (Apple Inc.)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AVP] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe [356128 2013-10-10] (Kaspersky Lab ZAO)
HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM-x32\...\Run: [Hilfe Assistent] - C:\Program Files (x86)\Hilfe Assistent\Hilfe_Assistent.exe [18586432 2013-08-30] ()
HKCU\...\Run: [Spotify Web Helper] - C:\Users\Jens\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1171968 2014-01-09] (Spotify Ltd)
Startup: C:\Users\Jens\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk
ShortcutTarget: OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk -> C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation)
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL =
BHO: Content Blocker Plugin - {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO)
BHO: Virtual Keyboard Plugin - {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Safe Money Plugin - {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: URL Advisor Plugin - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
BHO-x32: Content Blocker Plugin - {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO)
BHO-x32: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)
BHO-x32: Virtual Keyboard Plugin - {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID-Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Safe Money Plugin - {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO)
BHO-x32: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll (Microsoft Corporation)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Bing Bar BHO - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\npwinext.dll (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: URL Advisor Plugin - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
Toolbar: HKLM-x32 - @C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\npwinext.dll,-100 - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\npwinext.dll (Microsoft Corporation)
Toolbar: HKCU - No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No File
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - No File
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
FireFox:
========
FF ProfilePath: C:\Users\Jens\AppData\Roaming\Mozilla\Firefox\Profiles\mi94ectk.default-1383129948364
FF Homepage: https://www.google.de/
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_9_900_170.dll ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin: adobe.com/AdobeAAMDetect - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll (Adobe Systems)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_170.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @java.com/DTPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpWinExt,version=5.0 - C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\npwinext.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @veetle.com/veetleCorePlugin,version=0.9.18 - C:\Program Files (x86)\Veetle\plugins\npVeetle.dll (Veetle Inc)
FF Plugin-x32: @veetle.com/veetlePlayerPlugin,version=0.9.18 - C:\Program Files (x86)\Veetle\Player\npvlc.dll (Veetle Inc)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: Anti-Banner - C:\Program Files (x86)\Mozilla Firefox\extensions\KavAntiBanner@kaspersky.ru_bak [2014-01-03]
FF Extension: Modul zur Link-Untersuchung - C:\Program Files (x86)\Mozilla Firefox\extensions\linkfilter@kaspersky.ru_bak [2014-01-03]
FF Extension: Skype extension - C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2014-01-03]
FF HKLM-x32\...\Firefox\Extensions: [msntoolbar@msn.com] - C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\Firefox
FF Extension: Bing Bar - C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\Firefox [2011-01-12]
FF HKLM-x32\...\Firefox\Extensions: [{27182e60-b5f3-411c-b545-b44205977502}] - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\firefoxextension\SearchHelperExtension\
FF Extension: Search Helper Extension - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\firefoxextension\SearchHelperExtension\ []
FF HKLM-x32\...\Firefox\Extensions: [{3252b9ae-c69a-4eaf-9502-dc9c1f6c009e}] - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DMExtension\
FF Extension: Default Manager - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DMExtension\ []
FF HKLM-x32\...\Firefox\Extensions: [virtualKeyboard@kaspersky.ru] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\FFExt\virtualKeyboard@kaspersky.ru
FF HKLM-x32\...\Firefox\Extensions: [KavAntiBanner@Kaspersky.ru] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\FFExt\KavAntiBanner@kaspersky.ru
FF HKLM-x32\...\Firefox\Extensions: [linkfilter@kaspersky.ru] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\FFExt\linkfilter@kaspersky.ru
FF HKLM-x32\...\Firefox\Extensions: - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\url_advisor@kaspersky.com
FF Extension: Kaspersky URL Advisor - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\url_advisor@kaspersky.com [2013-09-13]
FF HKLM-x32\...\Firefox\Extensions: [virtual_keyboard@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\virtual_keyboard@kaspersky.com
FF Extension: Virtual Keyboard - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\virtual_keyboard@kaspersky.com [2013-09-13]
FF HKLM-x32\...\Firefox\Extensions: [content_blocker@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\content_blocker@kaspersky.com
FF Extension: Content Blocker - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\content_blocker@kaspersky.com [2013-09-13]
FF HKLM-x32\...\Firefox\Extensions: [anti_banner@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\anti_banner@kaspersky.com
FF Extension: Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\anti_banner@kaspersky.com [2013-09-13]
FF HKLM-x32\...\Firefox\Extensions: [online_banking@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\online_banking@kaspersky.com
FF Extension: Safe Money - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\online_banking@kaspersky.com [2013-09-13]
FF StartMenuInternet: FIREFOX.EXE - firefox.exe
Chrome:
=======
CHR HomePage: hxxp://www.google.com
CHR RestoreOnStartup: "hxxp://www.google.com"
CHR DefaultSearchProvider: nationzoom
CHR DefaultSearchURL: hxxp://www.google.com
CHR Extension: (0) - C:\Users\Jens\AppData\Local\Google\Chrome\User Data\Default\Extensions\cekcjpgehmohobmdiikfnopibipmgnml [2014-01-15]
CHR HKCU\...\Chrome\Extension: [nikpibnbobmbdbheedjfogjlikpgpnhp] - C:\Users\Jens\AppData\Roaming\DVDVideoSoft\DVDVideoSoftBrowserExtension.crx [2012-11-06]
CHR HKLM-x32\...\Chrome\Extension: [dchlnpcodkpfdpacogkljefecpegganj] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\ChromeExt\urladvisor.crx [2012-10-25]
CHR HKLM-x32\...\Chrome\Extension: [hakdifolhalapjijoafobooafbilfakh] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\ChromeExt\online_banking_chrome.crx [2012-10-25]
CHR HKLM-x32\...\Chrome\Extension: [hghkgaeecgjhjkannahfamoehjmkjail] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\ChromeExt\content_blocker_chrome.crx [2012-10-25]
CHR HKLM-x32\...\Chrome\Extension: [jagncdcchgajhfhijbbhecadmaiegcmh] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\ChromeExt\virtkbd.crx [2012-10-25]
CHR HKLM-x32\...\Chrome\Extension: [pjldcfjmnllhmgjclecdnfampinooman] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\ChromeExt\ab.crx [2012-10-25]
==================== Services (Whitelisted) =================
R2 AVP; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe [356128 2013-10-10] (Kaspersky Lab ZAO)
R2 PowerBiosServer; c:\Program Files (x86)\Hotkey\PowerBiosServer.exe [32256 2010-03-03] ()
S3 SXDS10; C:\Program Files (x86)\Common Files\soft Xpansion\sxds10.exe [234096 2013-09-30] (soft Xpansion)
==================== Drivers (Whitelisted) ====================
R0 KL1; C:\Windows\System32\DRIVERS\kl1.sys [458336 2013-12-11] (Kaspersky Lab ZAO)
R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [626272 2013-10-10] (Kaspersky Lab ZAO)
R1 KLIM6; C:\Windows\System32\DRIVERS\klim6.sys [29792 2013-12-11] (Kaspersky Lab ZAO)
R3 klkbdflt; C:\Windows\System32\DRIVERS\klkbdflt.sys [29280 2013-10-10] (Kaspersky Lab ZAO)
R3 klmouflt; C:\Windows\System32\DRIVERS\klmouflt.sys [29280 2013-10-10] (Kaspersky Lab ZAO)
R1 kltdi; C:\Windows\System32\DRIVERS\kltdi.sys [54368 2013-09-13] (Kaspersky Lab ZAO)
R1 kneps; C:\Windows\System32\DRIVERS\kneps.sys [178448 2013-09-13] (Kaspersky Lab ZAO)
U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
U5 klflt; C:\Windows\System32\Drivers\klflt.sys [90208 2013-09-13] (Kaspersky Lab ZAO)
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2014-01-20 17:14 - 2014-01-20 17:14 - 02076672 _____ (Farbar) C:\Users\Jens\Desktop\FRST64(1).exe
2014-01-20 17:09 - 2014-01-20 17:09 - 00004044 _____ C:\Users\Jens\Desktop\JRT.txt
2014-01-20 16:47 - 2014-01-20 16:47 - 01037068 _____ (Thisisu) C:\Users\Jens\Desktop\JRT.exe
2014-01-20 16:47 - 2014-01-20 16:47 - 00000000 ____D C:\Windows\ERUNT
2014-01-20 16:39 - 2014-01-20 16:41 - 00000000 ____D C:\AdwCleaner
2014-01-20 16:38 - 2014-01-20 16:38 - 01236282 _____ C:\Users\Jens\Desktop\adwcleaner.exe
2014-01-20 16:12 - 2014-01-20 16:12 - 00018607 _____ C:\ComboFix.txt
2014-01-20 15:44 - 2011-06-26 07:45 - 00256000 _____ C:\Windows\PEV.exe
2014-01-20 15:44 - 2010-11-07 18:20 - 00208896 _____ C:\Windows\MBR.exe
2014-01-20 15:44 - 2009-04-20 05:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2014-01-20 15:44 - 2000-08-31 01:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2014-01-20 15:44 - 2000-08-31 01:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2014-01-20 15:44 - 2000-08-31 01:00 - 00098816 _____ C:\Windows\sed.exe
2014-01-20 15:44 - 2000-08-31 01:00 - 00080412 _____ C:\Windows\grep.exe
2014-01-20 15:44 - 2000-08-31 01:00 - 00068096 _____ C:\Windows\zip.exe
2014-01-20 15:43 - 2014-01-20 16:12 - 00000000 ____D C:\ComboFix
2014-01-20 15:42 - 2014-01-20 16:12 - 00000000 ____D C:\Qoobox
2014-01-20 15:42 - 2014-01-20 16:08 - 00000000 ____D C:\Windows\erdnt
2014-01-20 15:39 - 2014-01-20 15:40 - 05167985 ____R (Swearware) C:\Users\Jens\Desktop\ComboFix.exe
2014-01-19 20:04 - 2014-01-19 20:04 - 00370610 _____ C:\Users\Jens\Desktop\gmer_2.1.19323.zip
2014-01-19 19:56 - 2014-01-19 19:59 - 00026214 _____ C:\Users\Jens\Desktop\Addition.txt
2014-01-19 19:53 - 2014-01-20 17:15 - 00018846 _____ C:\Users\Jens\Desktop\FRST.txt
2014-01-19 19:53 - 2014-01-19 19:53 - 00000000 ____D C:\FRST
2014-01-19 19:52 - 2014-01-19 19:52 - 02076672 _____ (Farbar) C:\Users\Jens\Desktop\FRST64.exe
2014-01-19 19:50 - 2014-01-19 19:50 - 00000470 _____ C:\Users\Jens\Desktop\defogger_disable.log
2014-01-19 19:50 - 2014-01-19 19:50 - 00000000 _____ C:\Users\Jens\defogger_reenable
2014-01-19 19:49 - 2014-01-19 19:49 - 00050477 _____ C:\Users\Jens\Desktop\Defogger.exe
2014-01-18 11:49 - 2013-12-18 21:09 - 00096168 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2014-01-18 11:49 - 2013-12-18 21:04 - 00264616 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2014-01-18 11:49 - 2013-12-18 21:04 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2014-01-18 11:49 - 2013-12-18 21:03 - 00174504 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2014-01-18 11:48 - 2014-01-18 11:49 - 00005327 _____ C:\Windows\SysWOW64\jupdate-1.7.0_51-b13.log
2014-01-15 18:13 - 2014-01-15 21:26 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-01-15 18:13 - 2014-01-15 18:13 - 00000000 ____D C:\Users\Jens\AppData\Roaming\Malwarebytes
2014-01-15 18:13 - 2014-01-15 18:13 - 00000000 ____D C:\ProgramData\Malwarebytes
2014-01-15 18:13 - 2013-04-04 14:50 - 00025928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-01-08 12:40 - 2014-01-08 12:40 - 00000000 ____D C:\Users\Jens\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\NCH Software Suite
2014-01-08 12:39 - 2014-01-08 12:42 - 00000000 ____D C:\Windows\System32\Tasks\NCH Software
2014-01-03 11:04 - 2014-01-03 11:04 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
==================== One Month Modified Files and Folders =======
2014-01-20 17:15 - 2014-01-19 19:53 - 00018846 _____ C:\Users\Jens\Desktop\FRST.txt
2014-01-20 17:14 - 2014-01-20 17:14 - 02076672 _____ (Farbar) C:\Users\Jens\Desktop\FRST64(1).exe
2014-01-20 17:09 - 2014-01-20 17:09 - 00004044 _____ C:\Users\Jens\Desktop\JRT.txt
2014-01-20 16:50 - 2009-07-14 05:45 - 00009696 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-01-20 16:50 - 2009-07-14 05:45 - 00009696 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-01-20 16:47 - 2014-01-20 16:47 - 01037068 _____ (Thisisu) C:\Users\Jens\Desktop\JRT.exe
2014-01-20 16:47 - 2014-01-20 16:47 - 00000000 ____D C:\Windows\ERUNT
2014-01-20 16:47 - 2011-03-25 09:18 - 01743748 _____ C:\Windows\WindowsUpdate.log
2014-01-20 16:45 - 2011-03-25 12:00 - 00000000 ____D C:\ProgramData\Kaspersky Lab
2014-01-20 16:43 - 2011-05-07 04:48 - 00001102 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-01-20 16:43 - 2009-07-14 06:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2014-01-20 16:43 - 2009-07-14 05:51 - 00079623 _____ C:\Windows\setupact.log
2014-01-20 16:42 - 2011-03-25 17:22 - 00099386 _____ C:\Windows\PFRO.log
2014-01-20 16:41 - 2014-01-20 16:39 - 00000000 ____D C:\AdwCleaner
2014-01-20 16:41 - 2011-03-25 09:26 - 00001168 _____ C:\Users\Jens\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-01-20 16:41 - 2011-03-25 09:26 - 00000981 _____ C:\Users\Jens\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk
2014-01-20 16:41 - 2011-03-25 09:26 - 00000000 ___RD C:\Users\Jens\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-01-20 16:38 - 2014-01-20 16:38 - 01236282 _____ C:\Users\Jens\Desktop\adwcleaner.exe
2014-01-20 16:18 - 2011-05-07 04:48 - 00001106 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-01-20 16:12 - 2014-01-20 16:12 - 00018607 _____ C:\ComboFix.txt
2014-01-20 16:12 - 2014-01-20 15:43 - 00000000 ____D C:\ComboFix
2014-01-20 16:12 - 2014-01-20 15:42 - 00000000 ____D C:\Qoobox
2014-01-20 16:08 - 2014-01-20 15:42 - 00000000 ____D C:\Windows\erdnt
2014-01-20 16:07 - 2009-07-14 03:34 - 00000215 _____ C:\Windows\system.ini
2014-01-20 16:06 - 2011-03-25 09:25 - 00000000 ____D C:\Users\Jens
2014-01-20 15:40 - 2014-01-20 15:39 - 05167985 ____R (Swearware) C:\Users\Jens\Desktop\ComboFix.exe
2014-01-19 20:05 - 2012-09-22 11:16 - 00000000 ____D C:\Users\Jens\AppData\Roaming\Spotify
2014-01-19 20:04 - 2014-01-19 20:04 - 00370610 _____ C:\Users\Jens\Desktop\gmer_2.1.19323.zip
2014-01-19 19:59 - 2014-01-19 19:56 - 00026214 _____ C:\Users\Jens\Desktop\Addition.txt
2014-01-19 19:53 - 2014-01-19 19:53 - 00000000 ____D C:\FRST
2014-01-19 19:52 - 2014-01-19 19:52 - 02076672 _____ (Farbar) C:\Users\Jens\Desktop\FRST64.exe
2014-01-19 19:50 - 2014-01-19 19:50 - 00000470 _____ C:\Users\Jens\Desktop\defogger_disable.log
2014-01-19 19:50 - 2014-01-19 19:50 - 00000000 _____ C:\Users\Jens\defogger_reenable
2014-01-19 19:49 - 2014-01-19 19:49 - 00050477 _____ C:\Users\Jens\Desktop\Defogger.exe
2014-01-18 11:49 - 2014-01-18 11:48 - 00005327 _____ C:\Windows\SysWOW64\jupdate-1.7.0_51-b13.log
2014-01-18 11:49 - 2013-10-17 10:22 - 00000000 ____D C:\ProgramData\Oracle
2014-01-18 11:49 - 2013-07-01 09:40 - 00000000 ____D C:\Program Files (x86)\Java
2014-01-15 21:26 - 2014-01-15 18:13 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-01-15 18:13 - 2014-01-15 18:13 - 00000000 ____D C:\Users\Jens\AppData\Roaming\Malwarebytes
2014-01-15 18:13 - 2014-01-15 18:13 - 00000000 ____D C:\ProgramData\Malwarebytes
2014-01-13 13:39 - 2012-09-22 11:17 - 00000000 ____D C:\Users\Jens\AppData\Local\Spotify
2014-01-08 12:42 - 2014-01-08 12:39 - 00000000 ____D C:\Windows\System32\Tasks\NCH Software
2014-01-08 12:40 - 2014-01-08 12:40 - 00000000 ____D C:\Users\Jens\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\NCH Software Suite
2014-01-04 09:59 - 2012-05-13 14:02 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2014-01-03 19:20 - 2011-03-25 16:08 - 00000000 ____D C:\Users\Jens\Desktop\Comdirect
2014-01-03 11:04 - 2014-01-03 11:04 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
Files to move or delete:
====================
C:\Users\Jens\btreg.exe
Some content of TEMP:
====================
C:\Users\Jens\AppData\Local\Temp\handle64.exe
C:\Users\Jens\AppData\Local\Temp\Quarantine.exe
==================== Bamital & volsnap Check =================
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
LastRegBack: 2014-01-20 09:04
==================== End Of Log ============================
--- --- --- |
|
| Themen zu Windows7: NationZoom.com öffnet sich beim Öffnen eines Browsers |
| adobe, branding, browser, device driver, dvdvideosoft ltd., ebanking, error, fehlermeldung, firefox, flash player, funktioniert nicht mehr, homepage, iexplore.exe, kaspersky, klelam.sys, launch, mozilla, nationzoom, nationzoom entfernen, newtab, präzise, pup.optional.opencandy, registry, services.exe, spotify web helper, svchost.exe, usb, windows |
Hybrid-Darstellung
