Windows 8: Laptop nach "Conduit Search & Trovigo.com Startseite" sauber?

BigBizkit2 · 13.02.2014, 22:35

Hallo liebes Trojaner-Board Team,

ich hatte festgestellt, dass sich bei Firefox die Startseite auf trovigo com geändert hatte, und die Suchmaschine auf "conduit search".

Auf der Suche nach Methoden zur Deinstallation, insbesondere beim Schlagwort trovigo kam ich auf Seiten, bei denen dieser "virus" als das schlimmste überhaupt stilisiert wurde. Diese Seiten waren in schlecht übersetztem deutsch verfasst und priesen an der Seite rogueware (Spyhunter) an. Dies kam mir komisch vor.

Meine eigentliche Deinstallation:
habe mir adwcleaner von bleepingcomputer downgeloadet und mittels dessen "conduit" deinstalliert. conduit befand sich nämlich weder unter programmen, noch als addon im firefox.

danach habe ich Malwarebytes runtergeladen und erstmal einen quickscan gestartet. hier die funde (nur "pup") der entfernten dateien:

Code:

ATTFilter

Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Datenbank Version: v2014.02.13.11

Windows 8 x64 NTFS
Internet Explorer 10.0.9200.16798
Stefan :: BIZKIT [Administrator]

13.02.2014 21:56:26
MBAM-log-2014-02-13 (22-04-25).txt

Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 211899
Laufzeit: 4 Minute(n), 52 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 2
HKCR\Typelib\{F126C9FC-9299-40F2-BD42-C59023AD1E7F} (PUP.Optional.GetNow.A) -> Keine Aktion durchgeführt.
HKCR\Interface\{237FDFDB-3722-470E-8BA8-90196DABE967} (PUP.Optional.GetNow.A) -> Keine Aktion durchgeführt.

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 15
C:\Users\Stefan\Downloads\SAMSUNG SCX-3200 user guide provided through bedienungsanleitung-pdf.com(1).exe (PUP.Optional.GetNow.A) -> Keine Aktion durchgeführt.
C:\Users\Stefan\AppData\Local\Microsoft\Windows\Temporary Internet Files\Offercast2802_PCD_.exe (PUP.Optional.Spigot.A) -> Keine Aktion durchgeführt.
C:\Users\Stefan\AppData\Local\Temp\fmnZXc4i.exe.part (PUP.Optional.Softonic) -> Keine Aktion durchgeführt.
C:\Users\Stefan\AppData\Local\Temp\nsa558F.exe (PUP.Optional.SearchProtect.A) -> Keine Aktion durchgeführt.
C:\Users\Stefan\AppData\Local\Temp\nsd367B.exe (PUP.Optional.SearchProtect.A) -> Keine Aktion durchgeführt.
C:\Users\Stefan\AppData\Local\Temp\nsf538B.exe (PUP.Optional.SearchProtect.A) -> Keine Aktion durchgeführt.
C:\Users\Stefan\AppData\Local\Temp\nsj3822.exe (PUP.Optional.SearchProtect.A) -> Keine Aktion durchgeführt.
C:\Users\Stefan\AppData\Local\Temp\SPSetup.exe (PUP.Optional.Conduit.A) -> Keine Aktion durchgeführt.
C:\Users\Stefan\AppData\Local\Temp\uttB14D.tmp.exe (PUP.Optional.Conduit.A) -> Keine Aktion durchgeführt.
C:\Users\Stefan\AppData\Local\Temp\nsxCDBE\SpSetup.exe (PUP.Optional.Conduit.A) -> Keine Aktion durchgeführt.
C:\Windows\Temp\nsf9628.exe (PUP.Optional.SearchProtect.A) -> Keine Aktion durchgeführt.
C:\Windows\Temp\nssE7C3.exe (PUP.Optional.SearchProtect.A) -> Keine Aktion durchgeführt.
C:\Windows\Temp\nsw4066.exe (PUP.Optional.SearchProtect.A) -> Keine Aktion durchgeführt.
C:\Windows\Temp\nsw4067.exe (PUP.Optional.SearchProtect.A) -> Keine Aktion durchgeführt.
C:\Users\Stefan\Downloads\SAMSUNG SCX-3200 user guide provided through bedienungsanleitung-pdf.com.exe (PUP.Optional.LiveSoftAction.A) -> Keine Aktion durchgeführt.

(Ende)

Meine Frage ist nun, ob wieder alles in Ordnung ist, oder ob ich mir wegen einer Infektion sorgen machen muss.

Danke

schrauber · 13.02.2014, 22:41

schauen wir mal

Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop:

FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)

Starte jetzt FRST.
Ändere ungefragt keine der Checkboxen und klicke auf Untersuchen.
Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)

BigBizkit2 · 13.02.2014, 22:52

Wow, das ist mal eine schnelle Antwort, danke!

Vermutlich bin ich paranoid, aber ich frage lieber einmal nach: Wenn ich die FRST64.exe ausführe sagt mir Windows 8 Windows Smartscreen hätte das ausführen verhindert.

Ich nehme an Rechtsklick und als Administrator ausführen?

schrauber · 14.02.2014, 17:28

Nee das ist Win8 Smartscreen, einfach auf mehr Informationen klicken, dann auf trotzdem ausführen

BigBizkit2 · 15.02.2014, 15:36

Sorry, war gestern kaum zu Hause. Hier FRST.txt:

FRST Logfile:

Code:

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 13-02-2014 01
Ran by Stefan (administrator) on BIZKIT on 15-02-2014 15:22:42
Running from C:\Users\Stefan\Desktop
Windows 8 (X64) OS Language: German Standard
Internet Explorer Version 10
Boot Mode: Normal



==================== Processes (Whitelisted) =================

(HP) C:\Program Files (x86)\HP SimplePass\TrueSuiteService.exe
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\STacSV64.exe
(Hewlett-Packard Company) C:\Windows\system32\Hpservice.exe
(IVT Corporation) C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BlueSoleilCS.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Windows\system32\dashost.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
() C:\Windows\system32\valWBFPolicyService.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(IVT Corporation) C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BsHelpCS.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Connected Remote\HPConnectedRemoteService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Realsil Microelectronics Inc.) C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(AuthenTec Inc.) C:\Program Files (x86)\HP SimplePass\TouchControl.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.0.1119.516_x64__8wekyb3d8bbwe\LiveComm.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
() C:\Program Files (x86)\HP SimplePass\IEWebSiteLogon.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
(Synaptics Incorporated) C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\Power2Go8\Power2GoExpress8.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
(IVT Corporation) C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BtTray.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe
(cyberlink) C:\Program Files (x86)\CyberLink\Shared files\brs.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
(CyberLink) C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Connected Remote\HPConnectedRemoteUser.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(AuthenTec, Inc.) C:\Program Files\Common Files\AuthenTec\TrueService.exe
(AuthenTec, Inc.) C:\Program Files\Common Files\AuthenTec\TrueService.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_12_0_0_44.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_12_0_0_44.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Connected Remote\HPConnectedRemoteWMPMonitor.exe
(Microsoft Corporation) C:\Windows\syswow64\wwahost.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2874168 2012-09-14] (Synaptics Incorporated)
HKLM\...\Run: [Nvtmru] - "C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe"
HKLM\...\Run: [SysTrayApp] - C:\Program Files\IDT\WDM\sttray64.exe [1664000 2013-09-09] (IDT, Inc.)
HKLM\...\Run: [ShadowPlay] - C:\Windows\system32\nvspcap64.dll [1179576 2014-01-21] (NVIDIA Corporation)
HKLM\...\Run: [NvBackend] - C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2234144 2014-01-21] (NVIDIA Corporation)
HKLM-x32\...\Run: [] - [X]
HKLM-x32\...\Run: [HP Quick Launch] - C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe [581024 2012-09-07] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [BtTray] - C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BtTray.exe [379904 2013-01-10] (IVT Corporation)
HKLM-x32\...\Run: [RemoteControl10] - C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [91432 2012-03-28] (CyberLink Corp.)
HKLM-x32\...\Run: [BDRegion] - C:\Program Files (x86)\Cyberlink\Shared files\brs.exe [78352 2013-09-16] (cyberlink)
HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM\...\RunOnce: [NCPluginUpdater] - "C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe" Update [21720 2014-01-28] (Hewlett-Packard)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-3871940076-2385404808-3361384824-1002\...\Run: [icq] - C:\Users\Stefan\AppData\Roaming\ICQM\icq.exe [28698984 2013-09-07] (ICQ)
HKU\S-1-5-21-3871940076-2385404808-3361384824-1002\...\Run: [Steam] - C:\Program Files (x86)\Steam\steam.exe [1824000 2014-02-11] (Valve Corporation)
HKU\S-1-5-21-3871940076-2385404808-3361384824-1002\...\Run: [Power2GoExpress8] - C:\Program Files (x86)\CyberLink\Power2Go8\Power2GoExpress8.exe [1711680 2013-01-27] (CyberLink Corp.)
AppInit_DLLs: C:\Windows\system32\nvinitx.dll => C:\Windows\system32\nvinitx.dll [168616 2013-12-19] (NVIDIA Corporation)
AppInit_DLLs-x32: C:\Windows\SysWOW64\nvinit.dll => C:\Windows\SysWOW64\nvinit.dll [141336 2013-12-19] (NVIDIA Corporation)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/HPNOT13/4
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/HPNOT13/4
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.uk.msn.com/HPNOT13/4
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/HPNOT13/4
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.uk.msn.com/HPNOT13/4
SearchScopes: HKLM - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=HPNTDFJS
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=HPNTDFJS
SearchScopes: HKLM - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/707-154345-12128-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
SearchScopes: HKLM - {F4FB02E6-D448-4915-9B53-67D5766FFFFA} URL = hxxp://www.amazon.de/s/ref=azs_osd_ieade?ie=UTF-8&tag=hp-de2-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKLM-x32 - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/707-154345-12128-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
SearchScopes: HKLM-x32 - {F4FB02E6-D448-4915-9B53-67D5766FFFFA} URL = hxxp://www.amazon.de/s/ref=azs_osd_ieade?ie=UTF-8&tag=hp-de2-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=HPNTDFJS
SearchScopes: HKCU - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/707-154345-12128-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
SearchScopes: HKCU - {F4FB02E6-D448-4915-9B53-67D5766FFFFA} URL = hxxp://www.amazon.de/s/ref=azs_osd_ieade?ie=UTF-8&tag=hp-de2-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
BHO: HP Network Check Helper - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll (Hewlett-Packard)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: HP Network Check Helper - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard)
Toolbar: HKCU - No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Windows\SysWow64\skype4com.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

FireFox:
========
FF ProfilePath: C:\Users\Stefan\AppData\Roaming\Mozilla\Firefox\Profiles\buu8axsu.default
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_12_0_0_44.dll ()
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_44.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer - C:\windows\SysWOW64\Adobe\Director\np32dsw_1166636.dll (Adobe Systems, Inc.)
FF Plugin-x32: @authentec.com/ffwloplugin - C:\Program Files (x86)\HP SimplePass\npffwloplugin.dll ( HP)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3503.0728 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npBitCometAgent.dll (BitComet)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: ProxTube - Unblock YouTube - C:\Users\Stefan\AppData\Roaming\Mozilla\Firefox\Profiles\buu8axsu.default\Extensions\ich@maltegoetz.de [2014-02-11]
FF Extension: DownloadHelper - C:\Users\Stefan\AppData\Roaming\Mozilla\Firefox\Profiles\buu8axsu.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2013-09-08]
FF Extension: Adblock Plus - C:\Users\Stefan\AppData\Roaming\Mozilla\Firefox\Profiles\buu8axsu.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2013-09-08]
FF Extension: Greasemonkey - C:\Users\Stefan\AppData\Roaming\Mozilla\Firefox\Profiles\buu8axsu.default\Extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}.xpi [2014-02-11]

==================== Services (Whitelisted) =================

R2 BlueSoleilCS; C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BlueSoleilCS.exe [1619704 2013-03-26] (IVT Corporation)
R3 BsHelpCS; C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BsHelpCS.exe [138752 2013-01-10] (IVT Corporation)
S2 CLKMSVC10_38F51D56; C:\Program Files (x86)\CyberLink\PowerDVD10\NavFilter\kmsvc.exe [244752 2012-07-16] (CyberLink)
R2 FPLService; C:\Program Files (x86)\HP SimplePass\TrueSuiteService.exe [1641768 2013-02-07] (HP)
R2 HPConnectedRemote; C:\Program Files (x86)\Hewlett-Packard\HP Connected Remote\HPConnectedRemoteService.exe [35744 2012-10-12] (Hewlett-Packard)
R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [128896 2012-07-18] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [165760 2012-07-18] (Intel Corporation)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1593632 2014-01-21] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [16939296 2014-01-21] (NVIDIA Corporation)
R3 TrueService; C:\Program Files\Common Files\AuthenTec\TrueService.exe [401856 2013-01-07] (AuthenTec, Inc.)
R2 valWBFPolicyService; C:\Windows\system32\valWBFPolicyService.exe [28160 2012-09-06] ()
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [16048 2013-07-02] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

R3 BtAudioBusSrv; C:\Windows\System32\Drivers\BtAudioBus.sys [23136 2012-06-15] (IVT Corporation)
U4 BthAvrcpTg; 
U4 BthHFEnum; 
U4 bthhfhid; 
R3 BthL2caScoIfSrv; C:\Windows\System32\Drivers\BtL2caScoIf.sys [56904 2012-07-19] (Ralink Corporation)
R3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [202752 2012-07-26] (Microsoft Corporation)
R3 btUrbFilterDrv; C:\Windows\System32\Drivers\IvtUrbBtFlt.sys [49584 2013-03-25] (Ralink Corporation)
R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [92536 2012-06-25] (CyberLink)
R3 nvvad_WaveExtensible; C:\Windows\system32\drivers\nvvad64v.sys [39200 2013-12-27] (NVIDIA Corporation)
S3 RSP2STOR; C:\Windows\system32\DRIVERS\RtsP2Stor.sys [273040 2012-08-09] (Realtek Semiconductor Corp.)
R3 rtbth; C:\Windows\System32\drivers\rtbth.sys [1204424 2013-12-02] (Ralink Technology, Corp.)
S3 SmbDrv; C:\Windows\System32\drivers\Smb_driver_AMDASF.sys [41272 2012-09-14] (Synaptics Incorporated)
R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [43832 2012-09-14] (Synaptics Incorporated)
R3 WirelessButtonDriver; C:\Windows\System32\drivers\WirelessButtonDriver64.sys [20800 2012-08-31] (Hewlett-Packard Development Company, L.P.)
U5 BlueletAudio; C:\Windows\System32\Drivers\BlueletAudio.sys [33968 2012-12-19] (IVT Corporation)
U5 BlueletAudio; C:\Windows\SysWOW64\Drivers\BlueletAudio.sys [33968 2012-12-19] (IVT Corporation)

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-02-15 15:22 - 2014-02-15 15:22 - 00016700 _____ () C:\Users\Stefan\Desktop\FRST.txt
2014-02-15 15:11 - 2014-02-15 15:11 - 00024860 _____ () C:\Users\Stefan\Downloads\Addition.txt
2014-02-15 15:10 - 2014-02-15 15:11 - 00000000 ____D () C:\FRST
2014-02-14 15:16 - 2014-02-14 15:18 - 00008887 _____ () C:\myplugins.txt
2014-02-14 15:12 - 2014-02-14 17:36 - 00000000 ____D () C:\plugins
2014-02-13 22:50 - 2014-02-13 22:50 - 02152960 _____ (Farbar) C:\Users\Stefan\Desktop\FRST64.exe
2014-02-13 21:52 - 2014-02-13 21:52 - 00001113 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-02-13 21:52 - 2014-02-13 21:52 - 00000000 ____D () C:\Users\Stefan\AppData\Roaming\Malwarebytes
2014-02-13 21:52 - 2014-02-13 21:52 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-02-13 21:52 - 2014-02-13 21:52 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-02-13 21:52 - 2013-04-04 14:50 - 00025928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-02-13 21:28 - 2014-02-13 21:30 - 00000000 ____D () C:\AdwCleaner
2014-02-13 21:26 - 2014-02-13 21:26 - 01166132 _____ () C:\Users\Stefan\Downloads\AdwCleaner(1).exe
2014-02-13 21:25 - 2014-02-13 21:25 - 01166132 _____ () C:\Users\Stefan\Downloads\adwcleaner.exe
2014-02-13 21:21 - 2014-02-13 21:22 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\Stefan\Downloads\mbam-setup-1.75.0.1300.exe
2014-02-13 13:17 - 2013-12-05 00:43 - 01845248 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2014-02-13 13:17 - 2013-12-05 00:37 - 01419264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2014-02-13 13:16 - 2014-02-01 10:20 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-02-13 13:16 - 2014-02-01 10:19 - 02241536 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-02-13 13:16 - 2014-02-01 10:19 - 01365504 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-02-13 13:16 - 2014-02-01 10:19 - 00915968 _____ (Microsoft Corporation) C:\Windows\system32\uxtheme.dll
2014-02-13 13:16 - 2014-02-01 10:19 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\UXInit.dll
2014-02-13 13:16 - 2014-02-01 10:18 - 19274240 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-02-13 13:16 - 2014-02-01 10:18 - 15403520 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-02-13 13:16 - 2014-02-01 10:18 - 03960320 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-02-13 13:16 - 2014-02-01 10:18 - 02648576 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-02-13 13:16 - 2014-02-01 10:18 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2014-02-13 13:16 - 2014-02-01 10:18 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-02-13 13:16 - 2014-02-01 10:18 - 00197120 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-02-13 13:16 - 2014-02-01 10:18 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2014-02-13 13:16 - 2014-02-01 10:18 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-02-13 13:16 - 2014-02-01 10:18 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-02-13 13:16 - 2014-02-01 10:18 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-02-13 13:16 - 2014-02-01 08:58 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-02-13 13:16 - 2014-02-01 08:58 - 01140736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-02-13 13:16 - 2014-02-01 08:58 - 00044032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\UXInit.dll
2014-02-13 13:16 - 2014-02-01 08:57 - 14359040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-02-13 13:16 - 2014-02-01 08:57 - 13760512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-02-13 13:16 - 2014-02-01 08:57 - 02877952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-02-13 13:16 - 2014-02-01 08:57 - 02049024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-02-13 13:16 - 2014-02-01 08:57 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2014-02-13 13:16 - 2014-02-01 08:57 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-02-13 13:16 - 2014-02-01 08:57 - 00163840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-02-13 13:16 - 2014-02-01 08:57 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2014-02-13 13:16 - 2014-02-01 08:57 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-02-13 13:16 - 2014-02-01 08:57 - 00039936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-02-13 13:16 - 2014-02-01 08:57 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-02-13 13:16 - 2014-02-01 08:40 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-02-13 13:16 - 2014-02-01 08:34 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-02-13 13:16 - 2014-02-01 06:08 - 00534528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\uxtheme.dll
2014-02-13 13:16 - 2013-12-09 01:45 - 00523776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-02-13 13:16 - 2013-12-09 00:59 - 00600064 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-02-13 13:16 - 2013-12-05 00:43 - 00583680 _____ (Microsoft Corporation) C:\Windows\system32\msdrm.dll
2014-02-13 13:16 - 2013-12-05 00:37 - 00451072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msdrm.dll
2014-02-13 13:16 - 2013-11-27 01:19 - 00385614 _____ () C:\Windows\system32\ApnDatabase.xml
2014-02-13 13:16 - 2013-11-26 00:17 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hidclass.sys
2014-02-13 13:16 - 2013-11-01 06:53 - 02232664 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2014-02-13 13:13 - 2014-01-13 00:30 - 02238976 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll
2014-02-13 13:13 - 2014-01-13 00:30 - 02032640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll
2014-02-13 13:13 - 2013-11-20 01:15 - 03842560 _____ (Microsoft Corporation) C:\Windows\system32\d2d1.dll
2014-02-13 13:13 - 2013-11-20 00:57 - 03288576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d2d1.dll
2014-02-11 01:57 - 2014-02-11 01:57 - 00000621 _____ () C:\Users\Stefan\Desktop\Neues Textdokument (2).txt
2014-02-10 21:49 - 2014-02-10 21:49 - 00264616 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2014-02-10 21:49 - 2014-02-10 21:49 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2014-02-10 21:49 - 2014-02-10 21:49 - 00174504 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2014-02-10 21:49 - 2014-02-10 21:49 - 00096168 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2014-02-10 21:49 - 2014-02-10 21:49 - 00000000 ____D () C:\Program Files (x86)\Java
2014-02-10 21:45 - 2014-02-10 21:45 - 00921000 _____ (Oracle Corporation) C:\Users\Stefan\Downloads\jxpiinstall.exe
2014-02-10 00:29 - 2014-02-10 00:29 - 00001507 _____ () C:\Users\Stefan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Bash Installers.lnk
2014-02-10 00:10 - 2014-02-10 00:10 - 00000000 ____D () C:\Windows\SysWOW64\NV
2014-02-10 00:10 - 2014-02-10 00:10 - 00000000 ____D () C:\Windows\system32\NV
2014-02-10 00:01 - 2013-12-19 21:33 - 30372640 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglv64.dll
2014-02-10 00:01 - 2013-12-19 21:33 - 25257248 _____ (NVIDIA Corporation) C:\Windows\system32\nvcompiler.dll
2014-02-10 00:01 - 2013-12-19 21:33 - 22960416 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglv32.dll
2014-02-10 00:01 - 2013-12-19 21:33 - 18310112 _____ (NVIDIA Corporation) C:\Windows\system32\nvwgf2umx.dll
2014-02-10 00:01 - 2013-12-19 21:33 - 18222008 _____ (NVIDIA Corporation) C:\Windows\system32\nvd3dumx.dll
2014-02-10 00:01 - 2013-12-19 21:33 - 17560352 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcompiler.dll
2014-02-10 00:01 - 2013-12-19 21:33 - 15877216 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvwgf2um.dll
2014-02-10 00:01 - 2013-12-19 21:33 - 15230352 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvd3dum.dll
2014-02-10 00:01 - 2013-12-19 21:33 - 12645664 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvlddmkm.sys
2014-02-10 00:01 - 2013-12-19 21:33 - 11605752 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuda.dll
2014-02-10 00:01 - 2013-12-19 21:33 - 11554264 _____ (NVIDIA Corporation) C:\Windows\system32\nvopencl.dll
2014-02-10 00:01 - 2013-12-19 21:33 - 09700224 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll
2014-02-10 00:01 - 2013-12-19 21:33 - 09657464 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvopencl.dll
2014-02-10 00:01 - 2013-12-19 21:33 - 03132704 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvid.dll
2014-02-10 00:01 - 2013-12-19 21:33 - 03125024 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvenc.dll
2014-02-10 00:01 - 2013-12-19 21:33 - 02947872 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll
2014-02-10 00:01 - 2013-12-19 21:33 - 02747680 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvenc.dll
2014-02-10 00:01 - 2013-12-19 21:33 - 01884448 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco6433221.dll
2014-02-10 00:01 - 2013-12-19 21:33 - 01511712 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6433221.dll
2014-02-10 00:01 - 2013-12-19 21:33 - 00882464 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFR64.dll
2014-02-10 00:01 - 2013-12-19 21:33 - 00879392 _____ (NVIDIA Corporation) C:\Windows\system32\NvFBC64.dll
2014-02-10 00:01 - 2013-12-19 21:33 - 00852768 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFR.dll
2014-02-10 00:01 - 2013-12-19 21:33 - 00847648 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvFBC.dll
2014-02-10 00:01 - 2013-12-19 21:33 - 00479520 _____ (NVIDIA Corporation) C:\Windows\system32\nvEncodeAPI64.dll
2014-02-10 00:01 - 2013-12-19 21:33 - 00405280 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvEncodeAPI.dll
2014-02-10 00:01 - 2013-12-19 21:33 - 00357152 _____ () C:\Windows\system32\NvIFROpenGL.dll
2014-02-10 00:01 - 2013-12-19 21:33 - 00317472 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglshim64.dll
2014-02-10 00:01 - 2013-12-19 21:33 - 00314656 _____ () C:\Windows\SysWOW64\NvIFROpenGL.dll
2014-02-10 00:01 - 2013-12-19 21:33 - 00266984 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglshim32.dll
2014-02-10 00:01 - 2013-12-19 21:33 - 00032544 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvpciflt.sys
2014-02-09 23:59 - 2010-05-26 11:41 - 00276832 _____ (Microsoft Corporation) C:\Windows\system32\d3dx11_43.dll
2014-02-09 23:59 - 2010-05-26 11:41 - 00248672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx11_43.dll
2014-02-09 23:57 - 2013-12-27 19:42 - 00039200 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvvad64v.sys
2014-02-09 23:57 - 2013-12-27 19:42 - 00033056 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvaudcap32v.dll
2014-02-07 21:51 - 2014-02-07 21:51 - 00000000 ____D () C:\Users\Stefan\Documents\Fax
2014-02-07 21:40 - 2014-02-07 21:40 - 00000000 ____D () C:\Users\Stefan\AppData\Roaming\Samsung
2014-02-07 21:39 - 2014-02-07 21:39 - 00000000 ____D () C:\Windows\Samsung
2014-02-07 21:39 - 2014-02-07 21:39 - 00000000 ____D () C:\Program Files (x86)\SamsungPrinterLiveUpdate
2014-02-07 21:39 - 2009-10-28 16:20 - 01233920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml4.dll
2014-02-07 21:39 - 2009-10-28 16:20 - 00701440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml2.dll
2014-02-07 21:39 - 2009-10-28 16:20 - 00082432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml4r.dll
2014-02-07 21:39 - 2009-10-28 16:20 - 00081920 _____ (Samsung Electronics) C:\Windows\SysWOW64\ssdevm.dll
2014-02-07 21:39 - 2009-10-28 16:20 - 00044544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml4a.dll
2014-02-07 21:39 - 2009-10-28 16:20 - 00038160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml2r.dll
2014-02-07 21:39 - 2009-10-28 16:20 - 00021776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml2a.dll
2014-02-07 21:38 - 2014-02-07 21:39 - 08278920 _____ () C:\Users\Stefan\Downloads\Samsung_SCX-3200_Series_SP.exe
2014-02-07 21:20 - 2014-02-07 21:21 - 23054752 _____ (Samsung Electronics Co., Ltd.) C:\Users\Stefan\Downloads\OCR_V1.00.14.exe
2014-02-05 01:55 - 2010-06-02 04:55 - 00239960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_7.dll
2014-02-05 01:55 - 2010-06-02 04:55 - 00176984 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_7.dll
2014-02-05 01:55 - 2010-05-26 11:41 - 02401112 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_43.dll
2014-02-05 01:55 - 2010-05-26 11:41 - 01998168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_43.dll
2014-02-05 01:55 - 2010-05-26 11:41 - 01907552 _____ (Microsoft Corporation) C:\Windows\system32\d3dcsx_43.dll
2014-02-05 01:55 - 2010-05-26 11:41 - 01868128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dcsx_43.dll
2014-02-05 01:55 - 2010-05-26 11:41 - 00511328 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_43.dll
2014-02-05 01:55 - 2010-05-26 11:41 - 00470880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_43.dll
2014-02-05 01:54 - 2014-02-05 01:55 - 00000000 ____D () C:\Windows\SysWOW64\directx
2014-02-05 01:54 - 2014-02-05 01:54 - 00292184 _____ (Microsoft Corporation) C:\Users\Stefan\Downloads\dxwebsetup.exe
2014-02-05 01:54 - 2014-02-05 01:54 - 00000000 ___HD () C:\Windows\msdownld.tmp
2014-02-05 01:33 - 2014-02-05 01:33 - 02379419 _____ () C:\Users\Stefan\Downloads\enbseries_skyrim_v0250.zip
2014-02-05 00:17 - 2014-02-05 00:17 - 00001312 _____ () C:\Users\Stefan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Skyrim.lnk
2014-02-05 00:09 - 2014-02-05 00:09 - 00326483 _____ () C:\Users\Stefan\Downloads\ENB Customizer v2_1 FIXED-17400-2-1.rar
2014-02-04 22:28 - 2014-02-04 22:28 - 00000471 _____ () C:\Users\Stefan\Downloads\TEXTURE MISSING FROM MAIN ARCHIVE -- MUST DOWNLOAD THIS AS WELL-33017-1-0.zip
2014-02-04 22:26 - 2014-02-04 23:19 - 918846876 _____ () C:\Users\Stefan\Downloads\Tropical Skyrim v1_0-33017-1-0.zip
2014-02-02 21:11 - 2014-02-02 21:12 - 00005327 _____ () C:\Windows\SysWOW64\jupdate-1.7.0_51-b13.log
2014-01-16 14:05 - 2013-12-07 07:37 - 00688640 _____ (Microsoft Corporation) C:\Windows\system32\WSShared.dll
2014-01-16 14:05 - 2013-12-07 07:37 - 00163840 _____ (Microsoft Corporation) C:\Windows\system32\Windows.ApplicationModel.Store.TestingFramework.dll
2014-01-16 14:05 - 2013-12-07 06:15 - 00562688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSShared.dll
2014-01-16 14:05 - 2013-12-07 06:15 - 00124928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll

==================== One Month Modified Files and Folders =======

2014-02-15 15:22 - 2014-02-15 15:22 - 00016700 _____ () C:\Users\Stefan\Desktop\FRST.txt
2014-02-15 15:22 - 2014-02-15 15:10 - 00000000 ____D () C:\FRST
2014-02-15 15:22 - 2013-11-06 18:21 - 00000000 ____D () C:\Users\Stefan\video
2014-02-15 15:22 - 2013-09-10 16:02 - 00000000 ____D () C:\Users\Stefan\Uni
2014-02-15 15:21 - 2013-10-08 23:38 - 03793920 ___SH () C:\Users\Stefan\Downloads\Thumbs.db
2014-02-15 15:11 - 2014-02-15 15:11 - 00024860 _____ () C:\Users\Stefan\Downloads\Addition.txt
2014-02-15 15:00 - 2012-07-26 09:12 - 00000000 ____D () C:\Windows\system32\sru
2014-02-15 14:46 - 2013-12-20 19:53 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-02-15 14:41 - 2013-03-22 10:00 - 00000983 _____ () C:\Windows\SysWOW64\bscs.ini
2014-02-15 14:39 - 2013-09-16 20:16 - 00003620 _____ () C:\Windows\SysWOW64\LOCALSERVICE.INI
2014-02-15 14:38 - 2013-09-16 20:16 - 00000043 _____ () C:\Windows\SysWOW64\LOCALDEVICE.INI
2014-02-15 11:58 - 2012-10-25 20:21 - 00831158 _____ () C:\Windows\system32\perfh007.dat
2014-02-15 11:58 - 2012-10-25 20:21 - 00188760 _____ () C:\Windows\system32\perfc007.dat
2014-02-15 11:58 - 2012-07-26 08:28 - 01952854 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-02-15 11:54 - 2014-01-03 01:24 - 00000350 _____ () C:\Windows\Tasks\HPCeeScheduleForStefan.job
2014-02-15 11:54 - 2012-07-26 08:22 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-02-15 04:02 - 2012-07-26 06:26 - 00524288 ___SH () C:\Windows\system32\config\BBI
2014-02-15 03:10 - 2013-09-07 20:47 - 01438779 _____ () C:\Windows\WindowsUpdate.log
2014-02-15 00:23 - 2013-09-11 00:08 - 00000000 ____D () C:\Program Files (x86)\Steam
2014-02-14 22:53 - 2013-09-11 10:46 - 00000000 ____D () C:\Users\Stefan\AppData\Local\Skyrim
2014-02-14 17:36 - 2014-02-14 15:12 - 00000000 ____D () C:\plugins
2014-02-14 17:34 - 2014-01-03 01:24 - 00003166 _____ () C:\Windows\System32\Tasks\HPCeeScheduleForStefan
2014-02-14 17:34 - 2013-09-07 20:47 - 00000000 ____D () C:\Users\Stefan
2014-02-14 15:18 - 2014-02-14 15:16 - 00008887 _____ () C:\myplugins.txt
2014-02-14 07:13 - 2013-09-09 22:31 - 06382080 ___SH () C:\Users\Stefan\Desktop\Thumbs.db
2014-02-13 23:11 - 2013-09-07 20:59 - 00003600 _____ () C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3871940076-2385404808-3361384824-1002
2014-02-13 22:50 - 2014-02-13 22:50 - 02152960 _____ (Farbar) C:\Users\Stefan\Desktop\FRST64.exe
2014-02-13 22:06 - 2012-08-03 23:23 - 00670738 _____ () C:\Windows\PFRO.log
2014-02-13 21:52 - 2014-02-13 21:52 - 00001113 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-02-13 21:52 - 2014-02-13 21:52 - 00000000 ____D () C:\Users\Stefan\AppData\Roaming\Malwarebytes
2014-02-13 21:52 - 2014-02-13 21:52 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-02-13 21:52 - 2014-02-13 21:52 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-02-13 21:30 - 2014-02-13 21:28 - 00000000 ____D () C:\AdwCleaner
2014-02-13 21:26 - 2014-02-13 21:26 - 01166132 _____ () C:\Users\Stefan\Downloads\AdwCleaner(1).exe
2014-02-13 21:25 - 2014-02-13 21:25 - 01166132 _____ () C:\Users\Stefan\Downloads\adwcleaner.exe
2014-02-13 21:22 - 2014-02-13 21:21 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\Stefan\Downloads\mbam-setup-1.75.0.1300.exe
2014-02-13 16:35 - 2012-07-26 09:12 - 00000000 ____D () C:\Windows\rescache
2014-02-12 07:03 - 2012-07-26 09:12 - 00000000 ____D () C:\Windows\AUInstallAgent
2014-02-10 21:49 - 2014-02-10 21:49 - 00264616 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2014-02-10 21:49 - 2014-02-10 21:49 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2014-02-10 21:49 - 2014-02-10 21:49 - 00174504 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2014-02-10 21:49 - 2014-02-10 21:49 - 00096168 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2014-02-10 21:49 - 2014-02-10 21:49 - 00000000 ____D () C:\Program Files (x86)\Java
2014-02-10 21:49 - 2013-10-21 19:30 - 00000000 ____D () C:\ProgramData\Oracle
2014-02-10 21:45 - 2014-02-10 21:45 - 00921000 _____ (Oracle Corporation) C:\Users\Stefan\Downloads\jxpiinstall.exe
2014-02-10 17:34 - 2013-09-09 16:37 - 00000052 _____ () C:\Windows\SysWOW64\DOErrors.log
2014-02-10 17:33 - 2012-10-25 11:01 - 00000000 ____D () C:\Program Files (x86)\CyberLink
2014-02-10 17:33 - 2012-08-04 01:02 - 00000000 ____D () C:\SWSetup
2014-02-10 17:24 - 2013-03-04 16:49 - 00000000 ____D () C:\Windows\Hewlett-Packard
2014-02-10 17:07 - 2013-09-09 16:37 - 00000000 _____ () C:\Windows\system32\HP_ActiveX_Patch_NOT_DETECTED.txt
2014-02-10 00:29 - 2014-02-10 00:29 - 00001507 _____ () C:\Users\Stefan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Bash Installers.lnk
2014-02-10 00:10 - 2014-02-10 00:10 - 00000000 ____D () C:\Windows\SysWOW64\NV
2014-02-10 00:10 - 2014-02-10 00:10 - 00000000 ____D () C:\Windows\system32\NV
2014-02-10 00:10 - 2013-03-04 16:39 - 00000000 ____D () C:\ProgramData\NVIDIA
2014-02-09 23:58 - 2013-03-04 16:39 - 00000000 ____D () C:\Program Files (x86)\NVIDIA Corporation
2014-02-09 23:57 - 2012-07-26 08:21 - 00040981 _____ () C:\Windows\setupact.log
2014-02-07 22:13 - 2013-09-16 21:13 - 00000000 ____D () C:\Users\Stefan\AppData\Local\Black_Tree_Gaming
2014-02-07 21:51 - 2014-02-07 21:51 - 00000000 ____D () C:\Users\Stefan\Documents\Fax
2014-02-07 21:40 - 2014-02-07 21:40 - 00000000 ____D () C:\Users\Stefan\AppData\Roaming\Samsung
2014-02-07 21:40 - 2013-09-08 16:00 - 00000040 _____ () C:\Autoconfig.ini
2014-02-07 21:39 - 2014-02-07 21:39 - 00000000 ____D () C:\Windows\Samsung
2014-02-07 21:39 - 2014-02-07 21:39 - 00000000 ____D () C:\Program Files (x86)\SamsungPrinterLiveUpdate
2014-02-07 21:39 - 2014-02-07 21:38 - 08278920 _____ () C:\Users\Stefan\Downloads\Samsung_SCX-3200_Series_SP.exe
2014-02-07 21:39 - 2013-09-08 16:00 - 00000000 ____D () C:\Program Files (x86)\Samsung
2014-02-07 21:21 - 2014-02-07 21:20 - 23054752 _____ (Samsung Electronics Co., Ltd.) C:\Users\Stefan\Downloads\OCR_V1.00.14.exe
2014-02-07 21:04 - 2013-09-09 19:36 - 00000099 _____ () C:\Users\Public\LMDebug.log
2014-02-07 15:58 - 2013-09-08 03:37 - 00000000 ____D () C:\Users\Stefan\AppData\Roaming\IrfanView
2014-02-06 20:12 - 2014-02-06 20:12 - 03418771 _____ (BOSS Development Team) C:\Users\Stefan\Downloads\BOSS v2.1.1 Installer.exe
2014-02-05 13:30 - 2012-07-26 09:12 - 00000000 ____D () C:\Windows\system32\NDF
2014-02-05 01:55 - 2014-02-05 01:54 - 00000000 ____D () C:\Windows\SysWOW64\directx
2014-02-05 01:54 - 2014-02-05 01:54 - 00292184 _____ (Microsoft Corporation) C:\Users\Stefan\Downloads\dxwebsetup.exe
2014-02-05 01:54 - 2014-02-05 01:54 - 00000000 ___HD () C:\Windows\msdownld.tmp
2014-02-05 01:33 - 2014-02-05 01:33 - 02379419 _____ () C:\Users\Stefan\Downloads\enbseries_skyrim_v0250.zip
2014-02-05 00:17 - 2014-02-05 00:17 - 00001312 _____ () C:\Users\Stefan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Skyrim.lnk
2014-02-05 00:09 - 2014-02-05 00:09 - 00326483 _____ () C:\Users\Stefan\Downloads\ENB Customizer v2_1 FIXED-17400-2-1.rar
2014-02-04 23:19 - 2014-02-04 22:26 - 918846876 _____ () C:\Users\Stefan\Downloads\Tropical Skyrim v1_0-33017-1-0.zip
2014-02-04 22:28 - 2014-02-04 22:28 - 00000471 _____ () C:\Users\Stefan\Downloads\TEXTURE MISSING FROM MAIN ARCHIVE -- MUST DOWNLOAD THIS AS WELL-33017-1-0.zip
2014-02-02 21:12 - 2014-02-02 21:11 - 00005327 _____ () C:\Windows\SysWOW64\jupdate-1.7.0_51-b13.log
2014-02-01 10:20 - 2014-02-13 13:16 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-02-01 10:19 - 2014-02-13 13:16 - 02241536 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-02-01 10:19 - 2014-02-13 13:16 - 01365504 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-02-01 10:19 - 2014-02-13 13:16 - 00915968 _____ (Microsoft Corporation) C:\Windows\system32\uxtheme.dll
2014-02-01 10:19 - 2014-02-13 13:16 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\UXInit.dll
2014-02-01 10:18 - 2014-02-13 13:16 - 19274240 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-02-01 10:18 - 2014-02-13 13:16 - 15403520 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-02-01 10:18 - 2014-02-13 13:16 - 03960320 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-02-01 10:18 - 2014-02-13 13:16 - 02648576 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-02-01 10:18 - 2014-02-13 13:16 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2014-02-01 10:18 - 2014-02-13 13:16 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-02-01 10:18 - 2014-02-13 13:16 - 00197120 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-02-01 10:18 - 2014-02-13 13:16 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2014-02-01 10:18 - 2014-02-13 13:16 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-02-01 10:18 - 2014-02-13 13:16 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-02-01 10:18 - 2014-02-13 13:16 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-02-01 08:58 - 2014-02-13 13:16 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-02-01 08:58 - 2014-02-13 13:16 - 01140736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-02-01 08:58 - 2014-02-13 13:16 - 00044032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\UXInit.dll
2014-02-01 08:57 - 2014-02-13 13:16 - 14359040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-02-01 08:57 - 2014-02-13 13:16 - 13760512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-02-01 08:57 - 2014-02-13 13:16 - 02877952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-02-01 08:57 - 2014-02-13 13:16 - 02049024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-02-01 08:57 - 2014-02-13 13:16 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2014-02-01 08:57 - 2014-02-13 13:16 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-02-01 08:57 - 2014-02-13 13:16 - 00163840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-02-01 08:57 - 2014-02-13 13:16 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2014-02-01 08:57 - 2014-02-13 13:16 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-02-01 08:57 - 2014-02-13 13:16 - 00039936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-02-01 08:57 - 2014-02-13 13:16 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-02-01 08:40 - 2014-02-13 13:16 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-02-01 08:34 - 2014-02-13 13:16 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-02-01 06:08 - 2014-02-13 13:16 - 00534528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\uxtheme.dll
2014-01-31 19:53 - 2013-12-25 19:40 - 00000000 ____D () C:\Users\Stefan\Documents\Youcam
2014-01-30 22:10 - 2013-09-07 23:00 - 00694240 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-01-30 22:10 - 2013-09-07 23:00 - 00078296 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-01-28 21:34 - 2013-11-28 17:17 - 00008890 _____ () C:\graph.log
2014-01-21 03:53 - 2013-10-29 00:22 - 01179576 _____ (NVIDIA Corporation) C:\Windows\system32\nvspcap64.dll
2014-01-21 03:53 - 2013-10-29 00:22 - 01048152 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvspcap.dll
2014-01-19 08:33 - 2013-11-07 19:39 - 00270496 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2014-01-18 05:24 - 2013-11-11 04:14 - 00004608 _____ () C:\Users\Stefan\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-01-17 20:02 - 2013-09-11 22:45 - 00001528 _____ () C:\Users\Stefan\Desktop\Neues Textdokument.txt
2014-01-17 17:55 - 2013-09-07 22:00 - 00000000 ____D () C:\Windows\system32\MRT
2014-01-17 17:54 - 2013-09-07 22:00 - 86054176 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-01-17 17:53 - 2012-07-26 09:12 - 00000000 ____D () C:\Windows\WinStore

Some content of TEMP:
====================
C:\Users\Stefan\AppData\Local\Temp\Extract.exe
C:\Users\Stefan\AppData\Local\Temp\fp_pl_pfs_installer.exe
C:\Users\Stefan\AppData\Local\Temp\jre-7u45-windows-i586-iftw.exe
C:\Users\Stefan\AppData\Local\Temp\jre-7u51-windows-i586-iftw.exe
C:\Users\Stefan\AppData\Local\Temp\Quarantine.exe
C:\Users\Stefan\AppData\Local\Temp\SP58764.exe
C:\Users\Stefan\AppData\Local\Temp\SP59213.exe
C:\Users\Stefan\AppData\Local\Temp\SP59654.exe
C:\Users\Stefan\AppData\Local\Temp\SP60051.exe
C:\Users\Stefan\AppData\Local\Temp\SP61037.exe
C:\Users\Stefan\AppData\Local\Temp\SP61277.exe
C:\Users\Stefan\AppData\Local\Temp\SP61280.exe
C:\Users\Stefan\AppData\Local\Temp\SP61399.exe
C:\Users\Stefan\AppData\Local\Temp\SP61413.exe
C:\Users\Stefan\AppData\Local\Temp\SP61795.exe
C:\Users\Stefan\AppData\Local\Temp\SP62364.exe
C:\Users\Stefan\AppData\Local\Temp\SP62405.exe
C:\Users\Stefan\AppData\Local\Temp\SP62765.exe
C:\Users\Stefan\AppData\Local\Temp\SP62991.exe
C:\Users\Stefan\AppData\Local\Temp\SP63065.exe
C:\Users\Stefan\AppData\Local\Temp\SP63286.exe
C:\Users\Stefan\AppData\Local\Temp\SP63599.exe
C:\Users\Stefan\AppData\Local\Temp\SP63752.exe
C:\Users\Stefan\AppData\Local\Temp\SP63801.exe
C:\Users\Stefan\AppData\Local\Temp\SP64082.exe
C:\Users\Stefan\AppData\Local\Temp\SP64854.exe
C:\Users\Stefan\AppData\Local\Temp\_is80B4.exe
C:\Users\Stefan\AppData\Local\Temp\__pythonRunner.dll


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2014-02-07 05:16

==================== End Of Log ============================

--- --- ---

schrauber · 16.02.2014, 07:28

Funde von MBAM löschen lassen.

Downloade Dir bitte

AdwCleaner auf deinen Desktop.

Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
Starte die AdwCleaner.exe mit einem Doppelklick.
Stimme den Nutzungsbedingungen zu.
Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
- "Tracing" Schlüssel löschen
- Winsock Einstellungen zurücksetzen
- Proxy Einstellungen zurücksetzen
- Internet Explorer Richtlinien zurücksetzen
- Chrome Richtlinien zurücksetzen
- Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
Drücke eine beliebige Taste, um das Tool zu starten.
Je nach System kann der Scan eine Weile dauern.
Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.

und ein frisches FRST log bitte.

BigBizkit2 · 16.02.2014, 19:21

AdwCleaner

Code:

ATTFilter

# AdwCleaner v3.018 - Bericht erstellt am 16/02/2014 um 19:03:50
# Updated 28/01/2014 von Xplode
# Betriebssystem : Windows 8  (64 bits)
# Benutzername : Stefan - BIZKIT
# Gestartet von : C:\Users\Stefan\Desktop\adwcleaner.exe
# Option : Löschen

***** [ Dienste ] *****


***** [ Dateien / Ordner ] *****

Datei Gelöscht : C:\Users\Stefan\AppData\Roaming\Mozilla\Firefox\Profiles\buu8axsu.default\foxydeal.sqlite

***** [ Verknüpfungen ] *****


***** [ Registrierungsdatenbank ] *****


***** [ Browser ] *****

-\\ Internet Explorer v10.0.9200.16798


-\\ Mozilla Firefox v27.0.1 (de)

[ Datei : C:\Users\Stefan\AppData\Roaming\Mozilla\Firefox\Profiles\buu8axsu.default\prefs.js ]


*************************

AdwCleaner[R0].txt - [3083 octets] - [13/02/2014 21:29:10]
AdwCleaner[R1].txt - [1002 octets] - [16/02/2014 19:02:38]
AdwCleaner[S0].txt - [2850 octets] - [13/02/2014 21:29:59]
AdwCleaner[S1].txt - [925 octets] - [16/02/2014 19:03:50]

########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [984 octets] ##########

JunkRemovalTool

Code:

ATTFilter

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.1 (02.04.2014:1)
OS: Windows 8 x64
Ran by Stefan on 16.02.2014 at 19:07:02,69
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{F4FB02E6-D448-4915-9B53-67D5766FFFFA}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{F4FB02E6-D448-4915-9B53-67D5766FFFFA}



~~~ Files



~~~ Folders



~~~ FireFox

Emptied folder: C:\Users\Stefan\AppData\Roaming\mozilla\firefox\profiles\buu8axsu.default\minidumps [8 files]



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 16.02.2014 at 19:11:06,87
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

FRST

FRST Logfile:

Code:

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 13-02-2014 01
Ran by Stefan (administrator) on BIZKIT on 16-02-2014 19:11:44
Running from C:\Users\Stefan\Desktop
Windows 8 (X64) OS Language: German Standard
Internet Explorer Version 10
Boot Mode: Normal



==================== Processes (Whitelisted) =================

(HP) C:\Program Files (x86)\HP SimplePass\TrueSuiteService.exe
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\STacSV64.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(Hewlett-Packard Company) C:\Windows\system32\Hpservice.exe
(IVT Corporation) C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BlueSoleilCS.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Windows\system32\dashost.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
() C:\Windows\system32\valWBFPolicyService.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(IVT Corporation) C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BsHelpCS.exe
(AuthenTec Inc.) C:\Program Files (x86)\HP SimplePass\TouchControl.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
() C:\Program Files (x86)\HP SimplePass\IEWebSiteLogon.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.0.1119.516_x64__8wekyb3d8bbwe\LiveComm.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Synaptics Incorporated) C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\Power2Go8\Power2GoExpress8.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
(IVT Corporation) C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BtTray.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe
(cyberlink) C:\Program Files (x86)\CyberLink\Shared files\brs.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe
(CyberLink) C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Connected Remote\HPConnectedRemoteService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Realsil Microelectronics Inc.) C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Connected Remote\HPConnectedRemoteUser.exe
(Microsoft Corporation) C:\Windows\system32\wbem\WMIADAP.EXE


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2874168 2012-09-14] (Synaptics Incorporated)
HKLM\...\Run: [Nvtmru] - "C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe"
HKLM\...\Run: [SysTrayApp] - C:\Program Files\IDT\WDM\sttray64.exe [1664000 2013-09-09] (IDT, Inc.)
HKLM\...\Run: [ShadowPlay] - C:\Windows\system32\nvspcap64.dll [1179576 2014-01-21] (NVIDIA Corporation)
HKLM\...\Run: [NvBackend] - C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2234144 2014-01-21] (NVIDIA Corporation)
HKLM-x32\...\Run: [] - [X]
HKLM-x32\...\Run: [HP Quick Launch] - C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe [581024 2012-09-07] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [BtTray] - C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BtTray.exe [379904 2013-01-10] (IVT Corporation)
HKLM-x32\...\Run: [RemoteControl10] - C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [91432 2012-03-28] (CyberLink Corp.)
HKLM-x32\...\Run: [BDRegion] - C:\Program Files (x86)\Cyberlink\Shared files\brs.exe [78352 2013-09-16] (cyberlink)
HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM\...\RunOnce: [NCPluginUpdater] - "C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe" Update [21720 2014-01-28] (Hewlett-Packard)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-3871940076-2385404808-3361384824-1002\...\Run: [icq] - C:\Users\Stefan\AppData\Roaming\ICQM\icq.exe [28698984 2013-09-07] (ICQ)
HKU\S-1-5-21-3871940076-2385404808-3361384824-1002\...\Run: [Steam] - C:\Program Files (x86)\Steam\steam.exe [1824000 2014-02-11] (Valve Corporation)
HKU\S-1-5-21-3871940076-2385404808-3361384824-1002\...\Run: [Power2GoExpress8] - C:\Program Files (x86)\CyberLink\Power2Go8\Power2GoExpress8.exe [1711680 2013-01-27] (CyberLink Corp.)
AppInit_DLLs: C:\Windows\system32\nvinitx.dll => C:\Windows\system32\nvinitx.dll [168616 2013-12-19] (NVIDIA Corporation)
AppInit_DLLs-x32: C:\Windows\SysWOW64\nvinit.dll => C:\Windows\SysWOW64\nvinit.dll [141336 2013-12-19] (NVIDIA Corporation)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/HPNOT13/4
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/HPNOT13/4
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.uk.msn.com/HPNOT13/4
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/HPNOT13/4
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.uk.msn.com/HPNOT13/4
SearchScopes: HKLM - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=HPNTDFJS
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=HPNTDFJS
SearchScopes: HKLM - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/707-154345-12128-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
SearchScopes: HKLM - {F4FB02E6-D448-4915-9B53-67D5766FFFFA} URL = hxxp://www.amazon.de/s/ref=azs_osd_ieade?ie=UTF-8&tag=hp-de2-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKLM-x32 - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/707-154345-12128-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=HPNTDFJS
SearchScopes: HKCU - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/707-154345-12128-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
BHO: HP Network Check Helper - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll (Hewlett-Packard)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: HP Network Check Helper - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard)
Toolbar: HKCU - No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Windows\SysWow64\skype4com.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

FireFox:
========
FF ProfilePath: C:\Users\Stefan\AppData\Roaming\Mozilla\Firefox\Profiles\buu8axsu.default
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_12_0_0_44.dll ()
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_44.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer - C:\windows\SysWOW64\Adobe\Director\np32dsw_1166636.dll (Adobe Systems, Inc.)
FF Plugin-x32: @authentec.com/ffwloplugin - C:\Program Files (x86)\HP SimplePass\npffwloplugin.dll ( HP)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3503.0728 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npBitCometAgent.dll (BitComet)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: ProxTube - Unblock YouTube - C:\Users\Stefan\AppData\Roaming\Mozilla\Firefox\Profiles\buu8axsu.default\Extensions\ich@maltegoetz.de [2014-02-11]
FF Extension: DownloadHelper - C:\Users\Stefan\AppData\Roaming\Mozilla\Firefox\Profiles\buu8axsu.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2013-09-08]
FF Extension: Adblock Plus - C:\Users\Stefan\AppData\Roaming\Mozilla\Firefox\Profiles\buu8axsu.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2013-09-08]
FF Extension: Greasemonkey - C:\Users\Stefan\AppData\Roaming\Mozilla\Firefox\Profiles\buu8axsu.default\Extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}.xpi [2014-02-11]

==================== Services (Whitelisted) =================

R2 BlueSoleilCS; C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BlueSoleilCS.exe [1619704 2013-03-26] (IVT Corporation)
R3 BsHelpCS; C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BsHelpCS.exe [138752 2013-01-10] (IVT Corporation)
S2 CLKMSVC10_38F51D56; C:\Program Files (x86)\CyberLink\PowerDVD10\NavFilter\kmsvc.exe [244752 2012-07-16] (CyberLink)
R2 FPLService; C:\Program Files (x86)\HP SimplePass\TrueSuiteService.exe [1641768 2013-02-07] (HP)
R2 HPConnectedRemote; C:\Program Files (x86)\Hewlett-Packard\HP Connected Remote\HPConnectedRemoteService.exe [35744 2012-10-12] (Hewlett-Packard)
R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [128896 2012-07-18] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [165760 2012-07-18] (Intel Corporation)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1593632 2014-01-21] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [16939296 2014-01-21] (NVIDIA Corporation)
S3 TrueService; C:\Program Files\Common Files\AuthenTec\TrueService.exe [401856 2013-01-07] (AuthenTec, Inc.)
R2 valWBFPolicyService; C:\Windows\system32\valWBFPolicyService.exe [28160 2012-09-06] ()
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [16048 2013-07-02] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

R3 BtAudioBusSrv; C:\Windows\System32\Drivers\BtAudioBus.sys [23136 2012-06-15] (IVT Corporation)
U4 BthAvrcpTg; 
U4 BthHFEnum; 
U4 bthhfhid; 
R3 BthL2caScoIfSrv; C:\Windows\System32\Drivers\BtL2caScoIf.sys [56904 2012-07-19] (Ralink Corporation)
R3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [202752 2012-07-26] (Microsoft Corporation)
R3 btUrbFilterDrv; C:\Windows\System32\Drivers\IvtUrbBtFlt.sys [49584 2013-03-25] (Ralink Corporation)
R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [92536 2012-06-25] (CyberLink)
R3 nvvad_WaveExtensible; C:\Windows\system32\drivers\nvvad64v.sys [39200 2013-12-27] (NVIDIA Corporation)
S3 RSP2STOR; C:\Windows\system32\DRIVERS\RtsP2Stor.sys [273040 2012-08-09] (Realtek Semiconductor Corp.)
R3 rtbth; C:\Windows\System32\drivers\rtbth.sys [1204424 2013-12-02] (Ralink Technology, Corp.)
S3 SmbDrv; C:\Windows\System32\drivers\Smb_driver_AMDASF.sys [41272 2012-09-14] (Synaptics Incorporated)
R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [43832 2012-09-14] (Synaptics Incorporated)
R3 WirelessButtonDriver; C:\Windows\System32\drivers\WirelessButtonDriver64.sys [20800 2012-08-31] (Hewlett-Packard Development Company, L.P.)
U5 BlueletAudio; C:\Windows\System32\Drivers\BlueletAudio.sys [33968 2012-12-19] (IVT Corporation)
U5 BlueletAudio; C:\Windows\SysWOW64\Drivers\BlueletAudio.sys [33968 2012-12-19] (IVT Corporation)

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-02-16 19:11 - 2014-02-16 19:11 - 00001038 _____ () C:\Users\Stefan\Desktop\JRT.txt
2014-02-16 19:07 - 2014-02-16 19:07 - 00000000 ____D () C:\Windows\ERUNT
2014-02-16 19:01 - 2014-02-16 19:01 - 01037530 _____ (Thisisu) C:\Users\Stefan\Desktop\JRT.exe
2014-02-15 15:22 - 2014-02-16 19:11 - 00015809 _____ () C:\Users\Stefan\Desktop\FRST.txt
2014-02-15 15:11 - 2014-02-15 15:11 - 00024860 _____ () C:\Users\Stefan\Downloads\Addition.txt
2014-02-15 15:10 - 2014-02-16 19:11 - 00000000 ____D () C:\FRST
2014-02-15 14:46 - 2014-02-15 14:46 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-02-14 15:16 - 2014-02-14 15:18 - 00008887 _____ () C:\myplugins.txt
2014-02-14 15:12 - 2014-02-14 17:36 - 00000000 ____D () C:\plugins
2014-02-13 22:50 - 2014-02-13 22:50 - 02152960 _____ (Farbar) C:\Users\Stefan\Desktop\FRST64.exe
2014-02-13 21:52 - 2014-02-13 21:52 - 00001113 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-02-13 21:52 - 2014-02-13 21:52 - 00000000 ____D () C:\Users\Stefan\AppData\Roaming\Malwarebytes
2014-02-13 21:52 - 2014-02-13 21:52 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-02-13 21:52 - 2014-02-13 21:52 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-02-13 21:52 - 2013-04-04 14:50 - 00025928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-02-13 21:28 - 2014-02-16 19:03 - 00000000 ____D () C:\AdwCleaner
2014-02-13 21:26 - 2014-02-13 21:26 - 01166132 _____ () C:\Users\Stefan\Downloads\AdwCleaner(1).exe
2014-02-13 21:25 - 2014-02-13 21:25 - 01166132 _____ () C:\Users\Stefan\Desktop\adwcleaner.exe
2014-02-13 21:21 - 2014-02-13 21:22 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\Stefan\Downloads\mbam-setup-1.75.0.1300.exe
2014-02-13 13:17 - 2013-12-05 00:43 - 01845248 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2014-02-13 13:17 - 2013-12-05 00:37 - 01419264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2014-02-13 13:16 - 2014-02-01 10:20 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-02-13 13:16 - 2014-02-01 10:19 - 02241536 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-02-13 13:16 - 2014-02-01 10:19 - 01365504 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-02-13 13:16 - 2014-02-01 10:19 - 00915968 _____ (Microsoft Corporation) C:\Windows\system32\uxtheme.dll
2014-02-13 13:16 - 2014-02-01 10:19 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\UXInit.dll
2014-02-13 13:16 - 2014-02-01 10:18 - 19274240 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-02-13 13:16 - 2014-02-01 10:18 - 15403520 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-02-13 13:16 - 2014-02-01 10:18 - 03960320 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-02-13 13:16 - 2014-02-01 10:18 - 02648576 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-02-13 13:16 - 2014-02-01 10:18 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2014-02-13 13:16 - 2014-02-01 10:18 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-02-13 13:16 - 2014-02-01 10:18 - 00197120 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-02-13 13:16 - 2014-02-01 10:18 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2014-02-13 13:16 - 2014-02-01 10:18 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-02-13 13:16 - 2014-02-01 10:18 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-02-13 13:16 - 2014-02-01 10:18 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-02-13 13:16 - 2014-02-01 08:58 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-02-13 13:16 - 2014-02-01 08:58 - 01140736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-02-13 13:16 - 2014-02-01 08:58 - 00044032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\UXInit.dll
2014-02-13 13:16 - 2014-02-01 08:57 - 14359040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-02-13 13:16 - 2014-02-01 08:57 - 13760512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-02-13 13:16 - 2014-02-01 08:57 - 02877952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-02-13 13:16 - 2014-02-01 08:57 - 02049024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-02-13 13:16 - 2014-02-01 08:57 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2014-02-13 13:16 - 2014-02-01 08:57 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-02-13 13:16 - 2014-02-01 08:57 - 00163840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-02-13 13:16 - 2014-02-01 08:57 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2014-02-13 13:16 - 2014-02-01 08:57 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-02-13 13:16 - 2014-02-01 08:57 - 00039936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-02-13 13:16 - 2014-02-01 08:57 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-02-13 13:16 - 2014-02-01 08:40 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-02-13 13:16 - 2014-02-01 08:34 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-02-13 13:16 - 2014-02-01 06:08 - 00534528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\uxtheme.dll
2014-02-13 13:16 - 2013-12-09 01:45 - 00523776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-02-13 13:16 - 2013-12-09 00:59 - 00600064 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-02-13 13:16 - 2013-12-05 00:43 - 00583680 _____ (Microsoft Corporation) C:\Windows\system32\msdrm.dll
2014-02-13 13:16 - 2013-12-05 00:37 - 00451072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msdrm.dll
2014-02-13 13:16 - 2013-11-27 01:19 - 00385614 _____ () C:\Windows\system32\ApnDatabase.xml
2014-02-13 13:16 - 2013-11-26 00:17 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hidclass.sys
2014-02-13 13:16 - 2013-11-01 06:53 - 02232664 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2014-02-13 13:13 - 2014-01-13 00:30 - 02238976 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll
2014-02-13 13:13 - 2014-01-13 00:30 - 02032640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll
2014-02-13 13:13 - 2013-11-20 01:15 - 03842560 _____ (Microsoft Corporation) C:\Windows\system32\d2d1.dll
2014-02-13 13:13 - 2013-11-20 00:57 - 03288576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d2d1.dll
2014-02-11 01:57 - 2014-02-11 01:57 - 00000621 _____ () C:\Users\Stefan\Desktop\Neues Textdokument (2).txt
2014-02-10 21:49 - 2014-02-10 21:49 - 00264616 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2014-02-10 21:49 - 2014-02-10 21:49 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2014-02-10 21:49 - 2014-02-10 21:49 - 00174504 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2014-02-10 21:49 - 2014-02-10 21:49 - 00096168 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2014-02-10 21:49 - 2014-02-10 21:49 - 00000000 ____D () C:\Program Files (x86)\Java
2014-02-10 21:45 - 2014-02-10 21:45 - 00921000 _____ (Oracle Corporation) C:\Users\Stefan\Downloads\jxpiinstall.exe
2014-02-10 00:29 - 2014-02-10 00:29 - 00001507 _____ () C:\Users\Stefan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Bash Installers.lnk
2014-02-10 00:10 - 2014-02-10 00:10 - 00000000 ____D () C:\Windows\SysWOW64\NV
2014-02-10 00:10 - 2014-02-10 00:10 - 00000000 ____D () C:\Windows\system32\NV
2014-02-10 00:01 - 2013-12-19 21:33 - 30372640 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglv64.dll
2014-02-10 00:01 - 2013-12-19 21:33 - 25257248 _____ (NVIDIA Corporation) C:\Windows\system32\nvcompiler.dll
2014-02-10 00:01 - 2013-12-19 21:33 - 22960416 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglv32.dll
2014-02-10 00:01 - 2013-12-19 21:33 - 18310112 _____ (NVIDIA Corporation) C:\Windows\system32\nvwgf2umx.dll
2014-02-10 00:01 - 2013-12-19 21:33 - 18222008 _____ (NVIDIA Corporation) C:\Windows\system32\nvd3dumx.dll
2014-02-10 00:01 - 2013-12-19 21:33 - 17560352 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcompiler.dll
2014-02-10 00:01 - 2013-12-19 21:33 - 15877216 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvwgf2um.dll
2014-02-10 00:01 - 2013-12-19 21:33 - 15230352 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvd3dum.dll
2014-02-10 00:01 - 2013-12-19 21:33 - 12645664 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvlddmkm.sys
2014-02-10 00:01 - 2013-12-19 21:33 - 11605752 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuda.dll
2014-02-10 00:01 - 2013-12-19 21:33 - 11554264 _____ (NVIDIA Corporation) C:\Windows\system32\nvopencl.dll
2014-02-10 00:01 - 2013-12-19 21:33 - 09700224 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll
2014-02-10 00:01 - 2013-12-19 21:33 - 09657464 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvopencl.dll
2014-02-10 00:01 - 2013-12-19 21:33 - 03132704 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvid.dll
2014-02-10 00:01 - 2013-12-19 21:33 - 03125024 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvenc.dll
2014-02-10 00:01 - 2013-12-19 21:33 - 02947872 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll
2014-02-10 00:01 - 2013-12-19 21:33 - 02747680 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvenc.dll
2014-02-10 00:01 - 2013-12-19 21:33 - 01884448 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco6433221.dll
2014-02-10 00:01 - 2013-12-19 21:33 - 01511712 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6433221.dll
2014-02-10 00:01 - 2013-12-19 21:33 - 00882464 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFR64.dll
2014-02-10 00:01 - 2013-12-19 21:33 - 00879392 _____ (NVIDIA Corporation) C:\Windows\system32\NvFBC64.dll
2014-02-10 00:01 - 2013-12-19 21:33 - 00852768 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFR.dll
2014-02-10 00:01 - 2013-12-19 21:33 - 00847648 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvFBC.dll
2014-02-10 00:01 - 2013-12-19 21:33 - 00479520 _____ (NVIDIA Corporation) C:\Windows\system32\nvEncodeAPI64.dll
2014-02-10 00:01 - 2013-12-19 21:33 - 00405280 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvEncodeAPI.dll
2014-02-10 00:01 - 2013-12-19 21:33 - 00357152 _____ () C:\Windows\system32\NvIFROpenGL.dll
2014-02-10 00:01 - 2013-12-19 21:33 - 00317472 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglshim64.dll
2014-02-10 00:01 - 2013-12-19 21:33 - 00314656 _____ () C:\Windows\SysWOW64\NvIFROpenGL.dll
2014-02-10 00:01 - 2013-12-19 21:33 - 00266984 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglshim32.dll
2014-02-10 00:01 - 2013-12-19 21:33 - 00032544 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvpciflt.sys
2014-02-09 23:59 - 2010-05-26 11:41 - 00276832 _____ (Microsoft Corporation) C:\Windows\system32\d3dx11_43.dll
2014-02-09 23:59 - 2010-05-26 11:41 - 00248672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx11_43.dll
2014-02-09 23:57 - 2013-12-27 19:42 - 00039200 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvvad64v.sys
2014-02-09 23:57 - 2013-12-27 19:42 - 00033056 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvaudcap32v.dll
2014-02-07 21:51 - 2014-02-07 21:51 - 00000000 ____D () C:\Users\Stefan\Documents\Fax
2014-02-07 21:40 - 2014-02-07 21:40 - 00000000 ____D () C:\Users\Stefan\AppData\Roaming\Samsung
2014-02-07 21:39 - 2014-02-07 21:39 - 00000000 ____D () C:\Windows\Samsung
2014-02-07 21:39 - 2014-02-07 21:39 - 00000000 ____D () C:\Program Files (x86)\SamsungPrinterLiveUpdate
2014-02-07 21:39 - 2009-10-28 16:20 - 01233920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml4.dll
2014-02-07 21:39 - 2009-10-28 16:20 - 00701440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml2.dll
2014-02-07 21:39 - 2009-10-28 16:20 - 00082432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml4r.dll
2014-02-07 21:39 - 2009-10-28 16:20 - 00081920 _____ (Samsung Electronics) C:\Windows\SysWOW64\ssdevm.dll
2014-02-07 21:39 - 2009-10-28 16:20 - 00044544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml4a.dll
2014-02-07 21:39 - 2009-10-28 16:20 - 00038160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml2r.dll
2014-02-07 21:39 - 2009-10-28 16:20 - 00021776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml2a.dll
2014-02-07 21:38 - 2014-02-07 21:39 - 08278920 _____ () C:\Users\Stefan\Downloads\Samsung_SCX-3200_Series_SP.exe
2014-02-07 21:20 - 2014-02-07 21:21 - 23054752 _____ (Samsung Electronics Co., Ltd.) C:\Users\Stefan\Downloads\OCR_V1.00.14.exe
2014-02-05 01:55 - 2010-06-02 04:55 - 00239960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_7.dll
2014-02-05 01:55 - 2010-06-02 04:55 - 00176984 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_7.dll
2014-02-05 01:55 - 2010-05-26 11:41 - 02401112 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_43.dll
2014-02-05 01:55 - 2010-05-26 11:41 - 01998168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_43.dll
2014-02-05 01:55 - 2010-05-26 11:41 - 01907552 _____ (Microsoft Corporation) C:\Windows\system32\d3dcsx_43.dll
2014-02-05 01:55 - 2010-05-26 11:41 - 01868128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dcsx_43.dll
2014-02-05 01:55 - 2010-05-26 11:41 - 00511328 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_43.dll
2014-02-05 01:55 - 2010-05-26 11:41 - 00470880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_43.dll
2014-02-05 01:54 - 2014-02-05 01:55 - 00000000 ____D () C:\Windows\SysWOW64\directx
2014-02-05 01:54 - 2014-02-05 01:54 - 00292184 _____ (Microsoft Corporation) C:\Users\Stefan\Downloads\dxwebsetup.exe
2014-02-05 01:54 - 2014-02-05 01:54 - 00000000 ___HD () C:\Windows\msdownld.tmp
2014-02-05 00:17 - 2014-02-05 00:17 - 00001312 _____ () C:\Users\Stefan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Skyrim.lnk
2014-02-02 21:11 - 2014-02-02 21:12 - 00005327 _____ () C:\Windows\SysWOW64\jupdate-1.7.0_51-b13.log

==================== One Month Modified Files and Folders =======

2014-02-16 19:11 - 2014-02-16 19:11 - 00001038 _____ () C:\Users\Stefan\Desktop\JRT.txt
2014-02-16 19:11 - 2014-02-15 15:22 - 00015809 _____ () C:\Users\Stefan\Desktop\FRST.txt
2014-02-16 19:11 - 2014-02-15 15:10 - 00000000 ____D () C:\FRST
2014-02-16 19:08 - 2013-03-22 10:00 - 00000983 _____ () C:\Windows\SysWOW64\bscs.ini
2014-02-16 19:07 - 2014-02-16 19:07 - 00000000 ____D () C:\Windows\ERUNT
2014-02-16 19:05 - 2013-09-16 20:16 - 00003620 _____ () C:\Windows\SysWOW64\LOCALSERVICE.INI
2014-02-16 19:05 - 2013-09-16 20:16 - 00000043 _____ () C:\Windows\SysWOW64\LOCALDEVICE.INI
2014-02-16 19:05 - 2012-07-26 08:22 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-02-16 19:04 - 2013-09-07 23:08 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-02-16 19:04 - 2012-07-26 06:26 - 00524288 ___SH () C:\Windows\system32\config\BBI
2014-02-16 19:03 - 2014-02-13 21:28 - 00000000 ____D () C:\AdwCleaner
2014-02-16 19:02 - 2012-07-26 09:12 - 00000000 ____D () C:\Windows\system32\sru
2014-02-16 19:01 - 2014-02-16 19:01 - 01037530 _____ (Thisisu) C:\Users\Stefan\Desktop\JRT.exe
2014-02-16 19:01 - 2012-10-25 20:21 - 00831158 _____ () C:\Windows\system32\perfh007.dat
2014-02-16 19:01 - 2012-10-25 20:21 - 00188760 _____ () C:\Windows\system32\perfc007.dat
2014-02-16 19:01 - 2012-07-26 08:28 - 01952854 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-02-16 06:41 - 2013-09-11 00:08 - 00000000 ____D () C:\Program Files (x86)\Steam
2014-02-15 15:22 - 2013-11-06 18:21 - 00000000 ____D () C:\Users\Stefan\video
2014-02-15 15:22 - 2013-09-10 16:02 - 00000000 ____D () C:\Users\Stefan\Uni
2014-02-15 15:21 - 2013-10-08 23:38 - 03793920 ___SH () C:\Users\Stefan\Downloads\Thumbs.db
2014-02-15 15:11 - 2014-02-15 15:11 - 00024860 _____ () C:\Users\Stefan\Downloads\Addition.txt
2014-02-15 14:46 - 2014-02-15 14:46 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-02-15 11:54 - 2014-01-03 01:24 - 00000350 _____ () C:\Windows\Tasks\HPCeeScheduleForStefan.job
2014-02-15 03:10 - 2013-09-07 20:47 - 01438779 _____ () C:\Windows\WindowsUpdate.log
2014-02-14 17:36 - 2014-02-14 15:12 - 00000000 ____D () C:\plugins
2014-02-14 17:34 - 2014-01-03 01:24 - 00003166 _____ () C:\Windows\System32\Tasks\HPCeeScheduleForStefan
2014-02-14 17:34 - 2013-09-07 20:47 - 00000000 ____D () C:\Users\Stefan
2014-02-14 15:18 - 2014-02-14 15:16 - 00008887 _____ () C:\myplugins.txt
2014-02-14 07:13 - 2013-09-09 22:31 - 06382080 ___SH () C:\Users\Stefan\Desktop\Thumbs.db
2014-02-13 23:11 - 2013-09-07 20:59 - 00003600 _____ () C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3871940076-2385404808-3361384824-1002
2014-02-13 22:50 - 2014-02-13 22:50 - 02152960 _____ (Farbar) C:\Users\Stefan\Desktop\FRST64.exe
2014-02-13 22:06 - 2012-08-03 23:23 - 00670738 _____ () C:\Windows\PFRO.log
2014-02-13 21:52 - 2014-02-13 21:52 - 00001113 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-02-13 21:52 - 2014-02-13 21:52 - 00000000 ____D () C:\Users\Stefan\AppData\Roaming\Malwarebytes
2014-02-13 21:52 - 2014-02-13 21:52 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-02-13 21:52 - 2014-02-13 21:52 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-02-13 21:26 - 2014-02-13 21:26 - 01166132 _____ () C:\Users\Stefan\Downloads\AdwCleaner(1).exe
2014-02-13 21:25 - 2014-02-13 21:25 - 01166132 _____ () C:\Users\Stefan\Desktop\adwcleaner.exe
2014-02-13 21:22 - 2014-02-13 21:21 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\Stefan\Downloads\mbam-setup-1.75.0.1300.exe
2014-02-13 16:35 - 2012-07-26 09:12 - 00000000 ____D () C:\Windows\rescache
2014-02-12 07:03 - 2012-07-26 09:12 - 00000000 ____D () C:\Windows\AUInstallAgent
2014-02-11 02:34 - 2014-02-11 01:47 - 145015226 _____ () C:\Users\Stefan\Downloads\J43ndsf823dsf_139.rar
2014-02-11 01:57 - 2014-02-11 01:57 - 00000621 _____ () C:\Users\Stefan\Desktop\Neues Textdokument (2).txt
2014-02-10 21:49 - 2014-02-10 21:49 - 00264616 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2014-02-10 21:49 - 2014-02-10 21:49 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2014-02-10 21:49 - 2014-02-10 21:49 - 00174504 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2014-02-10 21:49 - 2014-02-10 21:49 - 00096168 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2014-02-10 21:49 - 2014-02-10 21:49 - 00000000 ____D () C:\Program Files (x86)\Java
2014-02-10 21:49 - 2013-10-21 19:30 - 00000000 ____D () C:\ProgramData\Oracle
2014-02-10 21:45 - 2014-02-10 21:45 - 00921000 _____ (Oracle Corporation) C:\Users\Stefan\Downloads\jxpiinstall.exe
2014-02-10 17:34 - 2013-09-09 16:37 - 00000052 _____ () C:\Windows\SysWOW64\DOErrors.log
2014-02-10 17:33 - 2012-10-25 11:01 - 00000000 ____D () C:\Program Files (x86)\CyberLink
2014-02-10 17:33 - 2012-08-04 01:02 - 00000000 ____D () C:\SWSetup
2014-02-10 17:24 - 2013-03-04 16:49 - 00000000 ____D () C:\Windows\Hewlett-Packard
2014-02-10 17:07 - 2013-09-09 16:37 - 00000000 _____ () C:\Windows\system32\HP_ActiveX_Patch_NOT_DETECTED.txt
2014-02-10 00:29 - 2014-02-10 00:29 - 00001507 _____ () C:\Users\Stefan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Bash Installers.lnk
2014-02-10 00:10 - 2014-02-10 00:10 - 00000000 ____D () C:\Windows\SysWOW64\NV
2014-02-10 00:10 - 2014-02-10 00:10 - 00000000 ____D () C:\Windows\system32\NV
2014-02-10 00:10 - 2013-03-04 16:39 - 00000000 ____D () C:\ProgramData\NVIDIA
2014-02-09 23:58 - 2013-03-04 16:39 - 00000000 ____D () C:\Program Files (x86)\NVIDIA Corporation
2014-02-09 23:57 - 2012-07-26 08:21 - 00040981 _____ () C:\Windows\setupact.log
2014-02-07 22:13 - 2013-09-16 21:13 - 00000000 ____D () C:\Users\Stefan\AppData\Local\Black_Tree_Gaming
2014-02-07 21:51 - 2014-02-07 21:51 - 00000000 ____D () C:\Users\Stefan\Documents\Fax
2014-02-07 21:40 - 2014-02-07 21:40 - 00000000 ____D () C:\Users\Stefan\AppData\Roaming\Samsung
2014-02-07 21:40 - 2013-09-08 16:00 - 00000040 _____ () C:\Autoconfig.ini
2014-02-07 21:39 - 2014-02-07 21:39 - 00000000 ____D () C:\Windows\Samsung
2014-02-07 21:39 - 2014-02-07 21:39 - 00000000 ____D () C:\Program Files (x86)\SamsungPrinterLiveUpdate
2014-02-07 21:39 - 2014-02-07 21:38 - 08278920 _____ () C:\Users\Stefan\Downloads\Samsung_SCX-3200_Series_SP.exe
2014-02-07 21:39 - 2013-09-08 16:00 - 00000000 ____D () C:\Program Files (x86)\Samsung
2014-02-07 21:21 - 2014-02-07 21:20 - 23054752 _____ (Samsung Electronics Co., Ltd.) C:\Users\Stefan\Downloads\OCR_V1.00.14.exe
2014-02-07 21:04 - 2013-09-09 19:36 - 00000099 _____ () C:\Users\Public\LMDebug.log
2014-02-07 15:58 - 2013-09-08 03:37 - 00000000 ____D () C:\Users\Stefan\AppData\Roaming\IrfanView
2014-02-06 20:52 - 2014-02-06 20:52 - 03012392 _____ () C:\Users\Stefan\Downloads\SUM Program-29865-1-2.zip
2014-02-06 20:38 - 2014-02-06 20:37 - 13848134 _____ () C:\Users\Stefan\Downloads\Mod Organizer v1_1_1-1334-.7z
2014-02-06 20:21 - 2014-02-06 20:21 - 00020727 _____ () C:\Users\Stefan\Downloads\Custom xml and tutorial-45113-1-04.7z
2014-02-06 20:12 - 2014-02-06 20:12 - 03418771 _____ (BOSS Development Team) C:\Users\Stefan\Downloads\BOSS v2.1.1 Installer.exe
2014-02-06 20:03 - 2014-02-06 20:03 - 00000000 _____ () C:\LLI.esp
2014-02-05 13:30 - 2012-07-26 09:12 - 00000000 ____D () C:\Windows\system32\NDF
2014-02-05 01:55 - 2014-02-05 01:54 - 00000000 ____D () C:\Windows\SysWOW64\directx
2014-02-05 01:54 - 2014-02-05 01:54 - 00292184 _____ (Microsoft Corporation) C:\Users\Stefan\Downloads\dxwebsetup.exe
2014-02-05 01:54 - 2014-02-05 01:54 - 00000000 ___HD () C:\Windows\msdownld.tmp
2014-02-05 01:33 - 2014-02-05 01:33 - 02379419 _____ () C:\Users\Stefan\Downloads\enbseries_skyrim_v0250.zip
2014-02-05 00:17 - 2014-02-05 00:17 - 00001312 _____ () C:\Users\Stefan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Skyrim.lnk
2014-02-05 00:09 - 2014-02-05 00:09 - 00326483 _____ () C:\Users\Stefan\Downloads\ENB Customizer v2_1 FIXED-17400-2-1.rar
2014-02-02 21:12 - 2014-02-02 21:11 - 00005327 _____ () C:\Windows\SysWOW64\jupdate-1.7.0_51-b13.log
2014-02-01 10:20 - 2014-02-13 13:16 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-02-01 10:19 - 2014-02-13 13:16 - 02241536 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-02-01 10:19 - 2014-02-13 13:16 - 01365504 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-02-01 10:19 - 2014-02-13 13:16 - 00915968 _____ (Microsoft Corporation) C:\Windows\system32\uxtheme.dll
2014-02-01 10:19 - 2014-02-13 13:16 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\UXInit.dll
2014-02-01 10:18 - 2014-02-13 13:16 - 19274240 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-02-01 10:18 - 2014-02-13 13:16 - 15403520 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-02-01 10:18 - 2014-02-13 13:16 - 03960320 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-02-01 10:18 - 2014-02-13 13:16 - 02648576 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-02-01 10:18 - 2014-02-13 13:16 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2014-02-01 10:18 - 2014-02-13 13:16 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-02-01 10:18 - 2014-02-13 13:16 - 00197120 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-02-01 10:18 - 2014-02-13 13:16 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2014-02-01 10:18 - 2014-02-13 13:16 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-02-01 10:18 - 2014-02-13 13:16 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-02-01 10:18 - 2014-02-13 13:16 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-02-01 08:58 - 2014-02-13 13:16 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-02-01 08:58 - 2014-02-13 13:16 - 01140736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-02-01 08:58 - 2014-02-13 13:16 - 00044032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\UXInit.dll
2014-02-01 08:57 - 2014-02-13 13:16 - 14359040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-02-01 08:57 - 2014-02-13 13:16 - 13760512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-02-01 08:57 - 2014-02-13 13:16 - 02877952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-02-01 08:57 - 2014-02-13 13:16 - 02049024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-02-01 08:57 - 2014-02-13 13:16 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2014-02-01 08:57 - 2014-02-13 13:16 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-02-01 08:57 - 2014-02-13 13:16 - 00163840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-02-01 08:57 - 2014-02-13 13:16 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2014-02-01 08:57 - 2014-02-13 13:16 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-02-01 08:57 - 2014-02-13 13:16 - 00039936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-02-01 08:57 - 2014-02-13 13:16 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-02-01 08:40 - 2014-02-13 13:16 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-02-01 08:34 - 2014-02-13 13:16 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-02-01 06:08 - 2014-02-13 13:16 - 00534528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\uxtheme.dll
2014-01-31 19:53 - 2013-12-25 19:40 - 00000000 ____D () C:\Users\Stefan\Documents\Youcam
2014-01-30 22:10 - 2013-09-07 23:00 - 00694240 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-01-30 22:10 - 2013-09-07 23:00 - 00078296 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-01-28 21:34 - 2013-11-28 17:17 - 00008890 _____ () C:\graph.log
2014-01-21 03:53 - 2013-10-29 00:22 - 01179576 _____ (NVIDIA Corporation) C:\Windows\system32\nvspcap64.dll
2014-01-21 03:53 - 2013-10-29 00:22 - 01048152 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvspcap.dll
2014-01-19 08:33 - 2013-11-07 19:39 - 00270496 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2014-01-18 05:24 - 2013-11-11 04:14 - 00004608 _____ () C:\Users\Stefan\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-01-17 20:02 - 2013-09-11 22:45 - 00001528 _____ () C:\Users\Stefan\Desktop\Neues Textdokument.txt
2014-01-17 17:55 - 2013-09-07 22:00 - 00000000 ____D () C:\Windows\system32\MRT
2014-01-17 17:54 - 2013-09-07 22:00 - 86054176 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-01-17 17:53 - 2012-07-26 09:12 - 00000000 ____D () C:\Windows\WinStore

Some content of TEMP:
====================
C:\Users\Stefan\AppData\Local\Temp\Extract.exe
C:\Users\Stefan\AppData\Local\Temp\fp_pl_pfs_installer.exe
C:\Users\Stefan\AppData\Local\Temp\jre-7u45-windows-i586-iftw.exe
C:\Users\Stefan\AppData\Local\Temp\jre-7u51-windows-i586-iftw.exe
C:\Users\Stefan\AppData\Local\Temp\Quarantine.exe
C:\Users\Stefan\AppData\Local\Temp\SP58764.exe
C:\Users\Stefan\AppData\Local\Temp\SP59213.exe
C:\Users\Stefan\AppData\Local\Temp\SP59654.exe
C:\Users\Stefan\AppData\Local\Temp\SP60051.exe
C:\Users\Stefan\AppData\Local\Temp\SP61037.exe
C:\Users\Stefan\AppData\Local\Temp\SP61277.exe
C:\Users\Stefan\AppData\Local\Temp\SP61280.exe
C:\Users\Stefan\AppData\Local\Temp\SP61399.exe
C:\Users\Stefan\AppData\Local\Temp\SP61413.exe
C:\Users\Stefan\AppData\Local\Temp\SP61795.exe
C:\Users\Stefan\AppData\Local\Temp\SP62364.exe
C:\Users\Stefan\AppData\Local\Temp\SP62405.exe
C:\Users\Stefan\AppData\Local\Temp\SP62765.exe
C:\Users\Stefan\AppData\Local\Temp\SP62991.exe
C:\Users\Stefan\AppData\Local\Temp\SP63065.exe
C:\Users\Stefan\AppData\Local\Temp\SP63286.exe
C:\Users\Stefan\AppData\Local\Temp\SP63599.exe
C:\Users\Stefan\AppData\Local\Temp\SP63752.exe
C:\Users\Stefan\AppData\Local\Temp\SP63801.exe
C:\Users\Stefan\AppData\Local\Temp\SP64082.exe
C:\Users\Stefan\AppData\Local\Temp\SP64854.exe
C:\Users\Stefan\AppData\Local\Temp\_is80B4.exe
C:\Users\Stefan\AppData\Local\Temp\__pythonRunner.dll


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2014-02-16 07:30

==================== End Of Log ============================

--- --- ---

schrauber · 17.02.2014, 14:18

ESET Online Scanner

Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
Lade und starte Eset Online Scanner
Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
Klicke auf Starten.
Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
Klicke am Ende des Suchlaufs auf Fertig stellen.
Schließe das Fenster von ESET.
Explorer öffnen.
C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
Logfile hier posten.
Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset

Downloade Dir bitte

SecurityCheck und:

Speichere es auf dem Desktop.
Starte SecurityCheck.exe und folge den Anweisungen in der DOS-Box.
Wenn der Scan beendet wurde sollte sich ein Textdokument (checkup.txt) öffnen.

Poste den Inhalt bitte hier.

und ein frisches FRST log bitte. Noch Probleme?

14.02.2014, 17:28	#4
schrauber /// the machine /// TB-Ausbilder	Windows 8: Laptop nach "Conduit Search & Trovigo.com Startseite" sauber? Nee das ist Win8 Smartscreen, einfach auf mehr Informationen klicken, dann auf trotzdem ausführen __________________ gruß, schrauber *Proud Member of UNITE and ASAP since 2009* Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM!

Windows 8: Laptop nach "Conduit Search & Trovigo.com Startseite" sauber?

Plagegeister aller Art und deren Bekämpfung: Windows 8: Laptop nach "Conduit Search & Trovigo.com Startseite" sauber?