| |
| |||||||
Log-Analyse und Auswertung: nach Scan mit Malewarebytes folgender LogWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
24.02.2014, 18:42
| #1 |
| |  nach Scan mit Malewarebytes folgender Log Hallo! Ich habe meine PC gerade mit Malewarebytes gescannt und habe folgende Log (siehe Foto.... leider ist die Logdatei zu groß) Wenn ich jetzt aber die ersten 4 auf der Liste entferne, dann startet mein Windows 7 nicht mehr und ich muss über den Wiederherstellungspunkt hochfahren... Vielen Dank! |
|
24.02.2014, 19:33
| #2 |
| /// the machine /// TB-Ausbilder    | nach Scan mit Malewarebytes folgender Log hi,
__________________Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop:  FRST 32-Bit | FRST 64-Bit(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
__________________ |
|
24.02.2014, 19:51
| #3 |
| | nach Scan mit Malewarebytes folgender Log FRST Logfile:
__________________FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 23-02-2014 02 Ran by champ (administrator) on CHAMP-PC on 24-02-2014 19:39:14 Running from C:\Users\champ\Downloads Microsoft Windows 7 Ultimate Service Pack 1 (X86) OS Language: German Standard Internet Explorer Version 11 Boot Mode: Normal ==================== Processes (Whitelisted) ================= (NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe (NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe (Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\sched.exe (SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCORE.EXE (ArcSoft, Inc.) C:\Program Files\Common Files\ArcSoft\esinter\Bin\eservutil.exe (Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avguard.exe () C:\Windows\system32\srvany.exe () C:\Windows\KMService.exe (Motorola Mobility LLC) C:\Program Files\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NetService\NvNetworkService.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe (Motorola) C:\Program Files\Motorola\MotForwardDaemon\ForwardDaemon.exe (Secunia) C:\Program Files\Secunia\PSI\PSIA.exe (StarWind Software) C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe (Microsoft Corporation) c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Update Core\NvBackend.exe (Microsoft Corporation) c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe (Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe (Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe (Skype Technologies S.A.) C:\Program Files\Skype\Phone\Skype.exe (Logitech, Inc.) C:\Program Files\Logitech\SetPoint\SetPoint.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe (Logitech, Inc.) C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE (Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avshadow.exe (CyberGhost S.R.L) C:\Program Files\CyberGhost VPN\Service.exe (Secunia) C:\Program Files\Secunia\PSI\sua.exe (Intel Corporation) C:\Program Files\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation) C:\Program Files\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Microsoft Corporation) C:\Windows\system32\UI0Detect.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe (NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe (Motorola Mobility LLC) C:\Program Files\Motorola Mobility\Motorola Device Manager\MotoHelperAgent.exe (Microsoft Corporation) c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe (Microsoft Corporation) c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe (Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Update Core\NvBackend.exe (Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe (SUPERAntiSpyware) C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE (Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe (Logitech, Inc.) C:\Program Files\Logitech\SetPoint\SetPoint.exe (Logitech, Inc.) C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE (Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) C:\Program Files\Mozilla Firefox\plugin-container.exe (Adobe Systems, Inc.) C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_70.exe (Adobe Systems, Inc.) C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_70.exe ==================== Registry (Whitelisted) ================== HKLM\...\Run: [] - [X] HKLM\...\Run: [C:\Windows\system32\V0520Ext.ax] - C:\Windows\system32\RegSvr32.exe /s C:\Windows\system32\V0520Ext.ax HKLM\...\Run: [avgnt] - C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [689744 2014-02-20] (Avira Operations GmbH & Co. KG) HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [9874024 2010-11-19] (Realtek Semiconductor) HKLM\...\Run: [NvBackend] - C:\Program Files\NVIDIA Corporation\Update Core\NvBackend.exe [2279712 2013-12-10] (NVIDIA Corporation) HKLM\...\Run: [BCSSync] - C:\Program Files\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation) HKLM\...\Run: [SunJavaUpdateSched] - C:\Program Files\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation) HKLM\...\RunOnce: [ Malwarebytes Anti-Malware ] - C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent [532040 2013-04-04] (Malwarebytes Corporation) Winlogon\Notify\LBTWlgn: c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll (Logitech, Inc.) HKU\S-1-5-21-3405618477-4029139554-1616172553-1000\...\Run: [SUPERAntiSpyware] - C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [5625624 2014-01-17] (SUPERAntiSpyware) HKU\S-1-5-21-3405618477-4029139554-1616172553-1000\...\Run: [MMAgent] - C:\Program Files\Mobile Master\MMAgent.exe [1412080 2013-11-07] (Jumping Bytes) HKU\S-1-5-21-3405618477-4029139554-1616172553-1000\...\Policies\system: [LogonHoursAction] 2 HKU\S-1-5-21-3405618477-4029139554-1616172553-1000\...\Policies\system: [DontDisplayLogonHoursWarnings] 1 HKU\S-1-5-21-3405618477-4029139554-1616172553-1000\...\MountPoints2: D - D:\DVDMenu.exe HKU\S-1-5-21-3405618477-4029139554-1616172553-1000\...\MountPoints2: {2ce476a2-e218-11e1-ae32-5404a6b6fd35} - N:\LaunchU3.exe -a HKU\S-1-5-21-3405618477-4029139554-1616172553-1000\...\MountPoints2: {31b354c0-e6b9-11e1-9cda-806e6f6e6963} - E:\Autorun.exe HKU\S-1-5-21-3405618477-4029139554-1616172553-1000\...\MountPoints2: {5e6e3f0a-3931-11e2-836f-5404a6b6fd35} - "G:\WD SmartWare.exe" autoplay=true HKU\S-1-5-21-3405618477-4029139554-1616172553-1000\...\MountPoints2: {ca1e7bc0-ec5b-11e1-9226-806e6f6e6963} - E:\Autorun.exe HKU\S-1-5-21-3405618477-4029139554-1616172553-1000\...\MountPoints2: {e12f158d-9700-11e3-be50-5404a6b6fd35} - N:\MotorolaDeviceManagerSetup.exe -a HKU\S-1-5-21-3405618477-4029139554-1616172553-1000\...\MountPoints2: {e63c88cc-b968-11e2-9a6c-5404a6b6fd35} - G:\auvisio.exe HKU\S-1-5-21-3405618477-4029139554-1616172553-1003\...\Run: [Skype] - C:\Program Files\Skype\Phone\Skype.exe [20584608 2013-11-14] (Skype Technologies S.A.) HKU\S-1-5-21-3405618477-4029139554-1616172553-1003\...\Policies\system: [LogonHoursAction] 2 HKU\S-1-5-21-3405618477-4029139554-1616172553-1003\...\Policies\system: [DontDisplayLogonHoursWarnings] 1 HKU\S-1-5-21-3405618477-4029139554-1616172553-1003\...\MountPoints2: {31b354c0-e6b9-11e1-9cda-806e6f6e6963} - E:\Autorun.exe HKU\S-1-5-21-3405618477-4029139554-1616172553-1003\...\MountPoints2: {ca1e7bc0-ec5b-11e1-9226-806e6f6e6963} - E:\Autorun.exe AppInit_DLLs: c:\progra~3\networ~1\networ~1.dll => C:\ProgramData\Network Acceleration\NetworkAcceleration.dll [4417536 2013-12-29] () GroupPolicy: Group Policy on Chrome detected <======= ATTENTION GroupPolicyUsers\S-1-5-21-3405618477-4029139554-1616172553-1003\User: Group Policy restriction detected <======= ATTENTION GroupPolicyUsers\S-1-5-21-3405618477-4029139554-1616172553-1002\User: Group Policy restriction detected <======= ATTENTION ==================== Internet (Whitelisted) ==================== HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xB79261F7FA76CD01 HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.bing.com HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank URLSearchHook: HKLM - (No Name) - {5786d022-540e-4699-b350-b4be0ae94b79} - No File URLSearchHook: HKLM - WhiteSmoke New Toolbar - {739df940-c5ee-4bab-9d7e-270894ae687a} - C:\Program Files\WhiteSmoke_New\prxtbWhit.dll (Conduit Ltd.) URLSearchHook: HKCU - (No Name) - {5786d022-540e-4699-b350-b4be0ae94b79} - No File URLSearchHook: HKCU - UsProvider Class - {539F76FD-084E-4858-86D5-62F02F54AE86} - C:\Program Files\Minibar\Minibar.dll (KangoExtensions) URLSearchHook: HKCU - WhiteSmoke New Toolbar - {739df940-c5ee-4bab-9d7e-270894ae687a} - C:\Program Files\WhiteSmoke_New\prxtbWhit.dll (Conduit Ltd.) StartMenuInternet: IEXPLORE.EXE - C:\Program Files\Internet Explorer\iexplore.exe hxxp://start.qone8.com/?type=sc&ts=1383823104&from=cor&uid=HitachiXHCS5C1010CLA382_JC0950HX06PR8H06PR8HX SearchScopes: HKLM - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://start.qone8.com/web/?type=ds&ts=1383823104&from=cor&uid=HitachiXHCS5C1010CLA382_JC0950HX06PR8H06PR8HX&q={searchTerms} SearchScopes: HKLM - {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = hxxp://feed.snap.do/?publisher=Download&dpid=Download&co=DE&userid=04218859-915e-4fc0-99b8-fe282763f94f&searchtype=ds&q={searchTerms} SearchScopes: HKLM - {01bd49d7-c76b-4310-8beb-14d7e5f322c6} URL = hxxp://searchy.easylifeapp.com/?q={searchTerms}&pid=1348&src=ie2&r=2013/08/19&hid=1011549658&lg=EN&cc=GB SearchScopes: HKLM - {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://start.qone8.com/web/?type=ds&ts=1383823104&from=cor&uid=HitachiXHCS5C1010CLA382_JC0950HX06PR8H06PR8HX&q={searchTerms} SearchScopes: HKCU - {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = hxxp://feed.snap.do/?publisher=Download&dpid=Download&co=DE&userid=04218859-915e-4fc0-99b8-fe282763f94f&searchtype=ds&q={searchTerms} SearchScopes: HKCU - {01bd49d7-c76b-4310-8beb-14d7e5f322c6} URL = hxxp://searchy.easylifeapp.com/?q={searchTerms}&pid=1348&src=ie2&r=2013/08/19&hid=1011549658&lg=EN&cc=GB SearchScopes: HKCU - {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = hxxp://www.searchgol.com/?q={searchTerms}&affID=121845&tt=120613_adn&babsrc=SP_ss_Btisdt7&mntrId=BACD00FF832929A7 SearchScopes: HKCU - {261E15EC-8138-4062-A058-8431943524A1} URL = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3289847&CUI=UN32709176385343268&UM=2 SearchScopes: HKCU - {5B0A37B8-0CCA-452C-AD36-59F084CDAF70} URL = hxxp://websearch.ask.com/redirect?client=ie&tb=AVR-3&o=APN10395&src=kw&q={searchTerms}&locale=en_US&apn_ptnrs=^ABT&apn_dtid=^YYYYYY^YY^DE&apn_uid=DAEBCB6E-E36C-4A63-9331-50C9A5550AB0&apn_sauid=9C49258F-B2B6-4861-B146-34C3D7AFE089 SearchScopes: HKCU - {AFDBDDAA-5D3F-42EE-B79C-185A7020515B} URL = BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation) BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) Toolbar: HKCU - No Name - {D4027C7F-154A-4066-A1AD-4243D8127440} - No File Toolbar: HKCU - No Name - {5786D022-540E-4699-B350-B4BE0AE94B79} - No File Toolbar: HKCU - WhiteSmoke New Toolbar - {739DF940-C5EE-4BAB-9D7E-270894AE687A} - C:\Program Files\WhiteSmoke_New\prxtbWhit.dll (Conduit Ltd.) DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_07-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab DPF: {CAFEEFAC-0017-0000-0007-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_07-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies) ShellExecuteHooks: SABShellExecuteHook Class - {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [113024 2011-07-19] (SuperAdBlocker.com) Winsock: Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.) Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 Tcpip\..\Interfaces\{0DE14902-7548-44E9-BC59-FA3539C2369E}: [NameServer]79.141.167.14,79.141.160.23 Tcpip\..\Interfaces\{7CE9DE5E-0F4B-422A-B0D8-40EA3BA96378}: [NameServer]79.141.167.14,79.141.160.23 FireFox: ======== FF ProfilePath: C:\Users\champ\AppData\Roaming\Mozilla\Firefox\Profiles\h11x55ps.default FF user.js: detected! => C:\Users\champ\AppData\Roaming\Mozilla\Firefox\Profiles\h11x55ps.default\user.js FF SearchEngineOrder.user_pref("browser.search.order.1", "");: user_pref("browser.search.order.1", ""); FF SearchEngineOrder.user_pref("browser.search.order.1,S", "");: user_pref("browser.search.order.1,S", ""); FF Homepage: hxxp://www.handelsblatt.com/ FF Keyword.URL: hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3289847&SearchSource=2&CUI=UN13912262031534828&UM=2&q= FF NetworkProxy: "backup.ftp", "" FF NetworkProxy: "backup.ftp_port", 0 FF NetworkProxy: "backup.socks", "" FF NetworkProxy: "backup.socks_port", 0 FF NetworkProxy: "backup.ssl", "" FF NetworkProxy: "backup.ssl_port", 0 FF NetworkProxy: "ftp", "203.172.134.222" FF NetworkProxy: "ftp_port", 8080 FF NetworkProxy: "http", "203.172.134.222" FF NetworkProxy: "http_port", 8080 FF NetworkProxy: "share_proxy_settings", true FF NetworkProxy: "socks", "203.172.134.222" FF NetworkProxy: "socks_port", 8080 FF NetworkProxy: "ssl", "203.172.134.222" FF NetworkProxy: "ssl_port", 8080 FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_12_0_0_70.dll () FF Plugin: @Apple.com/iTunes,version=1.0 - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll () FF Plugin: @canon.com/EPPEX - C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.) FF Plugin: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf - C:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation) FF Plugin: @java.com/DTPlugin,version=10.51.2 - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=10.51.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation) FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF Plugin: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF Plugin: @microsoft.com/WLPG,version=16.4.3508.0205 - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin: @nvidia.com/3DVision - C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation) FF Plugin: @nvidia.com/3DVisionStreaming - C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation) FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.) FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.) FF Plugin: @videolan.org/vlc,version=2.0.8 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN) FF Plugin: @videolan.org/vlc,version=2.1.2 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN) FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF Plugin HKCU: amazon.com/AmazonMP3DownloaderPlugin - C:\Users\champ\AppData\Local\Program Files\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin10181.dll (Amazon.com, Inc.) FF SearchPlugin: C:\Users\champ\AppData\Roaming\Mozilla\Firefox\Profiles\h11x55ps.default\searchplugins\babylon.xml FF SearchPlugin: C:\Users\champ\AppData\Roaming\Mozilla\Firefox\Profiles\h11x55ps.default\searchplugins\conduit.xml FF SearchPlugin: C:\Users\champ\AppData\Roaming\Mozilla\Firefox\Profiles\h11x55ps.default\searchplugins\delta.xml FF SearchPlugin: C:\Users\champ\AppData\Roaming\Mozilla\Firefox\Profiles\h11x55ps.default\searchplugins\englische-ergebnisse.xml FF SearchPlugin: C:\Users\champ\AppData\Roaming\Mozilla\Firefox\Profiles\h11x55ps.default\searchplugins\gmx-suche.xml FF SearchPlugin: C:\Users\champ\AppData\Roaming\Mozilla\Firefox\Profiles\h11x55ps.default\searchplugins\googlede-pws.xml FF SearchPlugin: C:\Users\champ\AppData\Roaming\Mozilla\Firefox\Profiles\h11x55ps.default\searchplugins\lastminute.xml FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\amazondotcom-de.xml FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\eBay-de.xml FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\leo_ende_de.xml FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\yahoo-de.xml FF Extension: UTUbeNoAAds - C:\Users\champ\AppData\Roaming\Mozilla\Firefox\Profiles\h11x55ps.default\Extensions\dkwjoaom@uyuidjao.edu [2014-02-01] FF Extension: RoaboSaver - C:\Users\champ\AppData\Roaming\Mozilla\Firefox\Profiles\h11x55ps.default\Extensions\oynnwj@vrjtb.net [2013-12-29] FF Extension: EnJoyCoupon - C:\Users\champ\AppData\Roaming\Mozilla\Firefox\Profiles\h11x55ps.default\Extensions\zeiea2va@hjlw-zld.co.uk [2013-12-29] FF Extension: WOT - C:\Users\champ\AppData\Roaming\Mozilla\Firefox\Profiles\h11x55ps.default\Extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} [2014-02-23] FF Extension: DownloadHelper - C:\Users\champ\AppData\Roaming\Mozilla\Firefox\Profiles\h11x55ps.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2014-01-14] FF Extension: Adblock Plus Pop-up Addon - C:\Users\champ\AppData\Roaming\Mozilla\Firefox\Profiles\h11x55ps.default\Extensions\adblockpopups@jessehakanen.net.xpi [2013-12-30] FF Extension: anonymoX - C:\Users\champ\AppData\Roaming\Mozilla\Firefox\Profiles\h11x55ps.default\Extensions\client@anonymox.net.xpi [2013-12-31] FF Extension: FireGloves - C:\Users\champ\AppData\Roaming\Mozilla\Firefox\Profiles\h11x55ps.default\Extensions\firegloves@fingerprint.pet-portal.eu.xpi [2014-02-12] FF Extension: Webmail Ad Blocker - C:\Users\champ\AppData\Roaming\Mozilla\Firefox\Profiles\h11x55ps.default\Extensions\gmailnoads@mywebber.com.xpi [2013-12-29] FF Extension: Bluhell Firewall - C:\Users\champ\AppData\Roaming\Mozilla\Firefox\Profiles\h11x55ps.default\Extensions\{6BB5760D-F97E-421B-AF5B-8457A90C3CED}.xpi [2013-12-31] FF Extension: Google Analytics Opt-out Browser Add-on - C:\Users\champ\AppData\Roaming\Mozilla\Firefox\Profiles\h11x55ps.default\Extensions\{6d96bb5e-1175-4ebf-8ab5-5f56f1c79f65}.xpi [2014-01-23] FF Extension: Adblock Plus - C:\Users\champ\AppData\Roaming\Mozilla\Firefox\Profiles\h11x55ps.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2013-12-30] FF Extension: BetterPrivacy - C:\Users\champ\AppData\Roaming\Mozilla\Firefox\Profiles\h11x55ps.default\Extensions\{d40f5e7b-d2cf-4856-b441-cc613eeffbe3}.xpi [2013-12-31] FF Extension: No Name - C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2014-02-14] FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} [2014-02-14] FF Extension: No Name - C:\Program Files\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2014-01-03] FF HKLM\...\Thunderbird\Extensions: [{857610fe-b36c-47f2-b4fa-6b7affe0cf5a}] - C:\Program Files\Mobile Master\ext\1\ FF Extension: Mobile Master Add-In - C:\Program Files\Mobile Master\ext\1\ [] FF HKCU\...\Firefox\Extensions: [CaptureSaver@goldgingko.com] - C:\Program Files\CaptureSaver\Firefox FF Extension: No Name - C:\Program Files\CaptureSaver\Firefox [2013-03-19] FF HKCU\...\Firefox\Extensions: [SoundFrost@helper.com] - C:\Program Files\SoundFrost\SoundFrost.xpi FF Extension: No Name - C:\Program Files\SoundFrost\SoundFrost.xpi [2013-05-20] FF HKCU\...\Firefox\Extensions: [{cc0c97a8-6006-48ad-9052-d2c6bef85ca3}] - C:\Program Files\bLyrics\130.xpi Chrome: ======= CHR Extension: (EnJoyCoupon) - C:\Users\champ\AppData\Local\Google\Chrome\User Data\Default\Extensions\ahancjhngfcjfbkepnclnpohpghpceci [2013-12-29] CHR Extension: (Delta Toolbar) - C:\Users\champ\AppData\Local\Google\Chrome\User Data\Default\Extensions\eooncjejnppfjjklapaamhcdmjbilmde [2013-07-16] CHR Extension: (WhiteSmoke New) - C:\Users\champ\AppData\Local\Google\Chrome\User Data\Default\Extensions\klibnahbojhkanfgaglnlalfkgpcppfi [2013-08-20] CHR Extension: (Google Wallet) - C:\Users\champ\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-01-20] CHR Extension: (RoaboSaver) - C:\ProgramData\cdedlkjmogkfbhbnglhgnailmpanodem [2013-12-29] CHR HKLM\...\Chrome\Extension: [cekcjpgehmohobmdiikfnopibipmgnml] - C:\Users\champ\AppData\Local\Google\Chrome\User Data\Default\Extensions\ [2013-12-29] CHR HKLM\...\Chrome\Extension: [eooncjejnppfjjklapaamhcdmjbilmde] - C:\Users\champ\AppData\Roaming\BabSolution\CR\Delta.crx [2013-06-12] CHR HKLM\...\Chrome\Extension: [klibnahbojhkanfgaglnlalfkgpcppfi] - C:\Users\champ\AppData\Local\CRE\klibnahbojhkanfgaglnlalfkgpcppfi.crx [2013-08-20] CHR HKLM\...\Chrome\Extension: [okaclkhnjaebofijaabgiahinbajiekd] - C:\Program Files\bLyrics\130.crx [2013-08-20] CHR HKCU\...\Chrome\Extension: [klibnahbojhkanfgaglnlalfkgpcppfi] - C:\Users\champ\AppData\Local\CRE\klibnahbojhkanfgaglnlalfkgpcppfi.crx [2013-08-20] CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION ========================== Services (Whitelisted) ================= R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE.EXE [116608 2012-07-11] (SUPERAntiSpyware.com) S4 ACT2_Service; C:\Program Files\Ashampoo\Ashampoo Core Tuner 2\ACT2Service.exe [1421216 2011-08-22] () R2 ADExchange; C:\Program Files\Common Files\ArcSoft\esinter\Bin\eservutil.exe [43072 2012-03-19] (ArcSoft, Inc.) R2 AntiVirSchedulerService; C:\Program Files\Avira\AntiVir Desktop\sched.exe [440400 2014-02-20] (Avira Operations GmbH & Co. KG) R2 AntiVirService; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [440400 2014-02-20] (Avira Operations GmbH & Co. KG) R2 CGVPNCliService; C:\Program Files\CyberGhost VPN\Service.exe [64112 2014-01-16] (CyberGhost S.R.L) S4 FirebirdServerMAGIXInstance; C:\Program Files\MAGIX\Common\Database\bin\fbserver.exe [1527900 2005-11-17] (MAGIX®) R2 KMService; C:\Windows\system32\srvany.exe [8192 2003-04-18] () R2 Motorola Device Manager; C:\Program Files\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe [137528 2013-11-15] (Motorola Mobility LLC) R2 NvNetworkService; C:\Program Files\NVIDIA Corporation\NetService\NvNetworkService.exe [1494304 2013-12-10] (NVIDIA Corporation) R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [14658848 2013-12-10] (NVIDIA Corporation) R2 PST Service; C:\Program Files\Motorola\MotForwardDaemon\ForwardDaemon.exe [65657 2011-09-02] (Motorola) R2 Secunia PSI Agent; C:\Program Files\Secunia\PSI\PSIA.exe [1326176 2012-07-25] (Secunia) R2 Secunia Update Agent; C:\Program Files\Secunia\PSI\sua.exe [681056 2012-07-25] (Secunia) S4 Skype C2C Service; C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe [3064000 2012-10-02] (Skype Technologies S.A.) S4 SProtection; C:\Program Files\Common Files\Umbrella\umbrella.exe [2905408 2013-11-21] (Iminent) R2 StarWindServiceAE; C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe [370688 2009-12-23] (StarWind Software) S4 rpcapd; "%ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini" [X] ==================== Drivers (Whitelisted) ==================== R2 ACEDRV07; C:\Windows\system32\drivers\ACEDRV07.sys [101376 2012-09-26] (Protect Software GmbH) R2 ACT2PM; C:\Program Files\Ashampoo\Ashampoo Core Tuner 2\ACT2ProcessMonitor32.sys [14648 2011-06-10] () R0 AiCharger; C:\Windows\System32\DRIVERS\AiCharger.sys [13440 2010-10-20] (ASUSTek Computer Inc.) R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [90400 2013-12-18] (Avira Operations GmbH & Co. KG) R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [135648 2013-12-18] (Avira Operations GmbH & Co. KG) R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [37352 2013-10-01] (Avira Operations GmbH & Co. KG) S3 CH341SER; C:\Windows\System32\Drivers\CH341SER.SYS [39696 2011-11-04] (www.winchiphead.com) S3 DigiartyVirtualCDBus; C:\Windows\System32\drivers\DigiartyVirtualCDBus.sys [163616 2012-09-06] (Digiarty Software, Inc.) R1 ElbyCDIO; C:\Windows\System32\Drivers\ElbyCDIO.sys [31088 2010-12-16] (Elaborate Bytes AG) R1 Ext2Fsd; C:\Windows\system32\Drivers\Ext2Fsd.sys [686872 2011-07-09] (www.ext2fsd.com) R0 FSProFilter; C:\Windows\System32\Drivers\FSPFltd.sys [41912 2010-07-22] (FSPro Labs) S3 KMWDFILTERx86; C:\Windows\System32\DRIVERS\KMWDFILTER.sys [25088 2009-04-29] (Windows (R) Codename Longhorn DDK provider) R3 MEI; C:\Windows\System32\DRIVERS\HECI.sys [41088 2010-10-19] (Intel Corporation) R2 NPF; C:\Windows\System32\drivers\npf.sys [50704 2009-10-20] (CACE Technologies, Inc.) R3 NuidFltr; C:\Windows\System32\DRIVERS\NuidFltr.sys [25712 2013-01-29] (Microsoft Corporation) R3 nusb3hub; C:\Windows\System32\DRIVERS\nusb3hub.sys [62336 2010-12-10] (Renesas Electronics Corporation) R3 nusb3xhc; C:\Windows\System32\DRIVERS\nusb3xhc.sys [141440 2010-12-10] (Renesas Electronics Corporation) R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad32v.sys [34080 2013-12-05] (NVIDIA Corporation) R3 PSI; C:\Windows\System32\DRIVERS\psi_mf.sys [15544 2010-09-01] (Secunia) R2 RtNdPt60; C:\Windows\System32\DRIVERS\RtNdPt60.sys [27648 2010-05-20] (Windows (R) Codename Longhorn DDK provider) S3 RTTEAMPT; C:\Windows\System32\DRIVERS\RtTeam60.sys [35328 2010-05-20] (Realtek Corporation) S3 RTVLANPT; C:\Windows\System32\DRIVERS\RtVlan60.sys [19968 2010-05-20] (Windows (R) Codename Longhorn DDK provider) R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS [12880 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com) R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS [67664 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com) R0 sptd; C:\Windows\System32\Drivers\sptd.sys [436792 2012-08-14] () R1 ssmdrv; C:\Windows\System32\DRIVERS\ssmdrv.sys [28520 2012-08-27] (Avira GmbH) R3 tap0901; C:\Windows\System32\DRIVERS\tap0901.sys [31360 2013-02-08] (The OpenVPN Project) R1 UimBus; C:\Windows\System32\DRIVERS\UimBus.sys [81232 2012-06-09] (Windows (R) 2000 DDK provider) R1 Uim_IM; C:\Windows\System32\Drivers\Uim_IM.sys [452432 2012-06-09] (Paragon) R1 Uim_Vim; C:\Windows\System32\Drivers\Uim_Vim.sys [283344 2012-06-09] (Paragon) S3 V0520Vid; C:\Windows\System32\DRIVERS\V0520Vid.sys [244448 2011-09-02] (Creative Technology Ltd.) U3 av22wbhf; C:\Windows\system32\Drivers\av22wbhf.sys [0 ] (Elaborate Bytes AG) S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X] S3 tsusbhub; system32\drivers\tsusbhub.sys [X] S3 VGPU; System32\drivers\rdvgkmd.sys [X] ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2014-02-24 19:39 - 2014-02-24 19:40 - 00029111 _____ () C:\Users\champ\Downloads\FRST.txt 2014-02-24 19:38 - 2014-02-24 19:39 - 00000000 ____D () C:\FRST 2014-02-24 19:38 - 2014-02-24 19:38 - 01144320 _____ (Farbar) C:\Users\champ\Downloads\FRST.exe 2014-02-24 17:53 - 2014-02-24 17:53 - 00001087 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk 2014-02-24 17:53 - 2013-04-04 14:50 - 00022856 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys 2014-02-24 17:52 - 2014-02-24 17:52 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\champ\Downloads\mbam-setup-1.75.0.1300.exe 2014-02-23 18:27 - 2014-02-23 18:27 - 00000000 ____D () C:\Users\champ\AppData\Roaming\Malwarebytes 2014-02-23 18:26 - 2014-02-24 17:53 - 00000000 ____D () C:\Program Files\Malwarebytes' Anti-Malware 2014-02-23 18:26 - 2014-02-23 18:26 - 00000000 ____D () C:\ProgramData\Malwarebytes 2014-02-23 14:15 - 2014-02-23 14:15 - 00294963 _____ () C:\Users\champ\Desktop\TURKvod_5.0_OE20_19_02_04_2.zip 2014-02-23 13:15 - 2014-02-23 13:15 - 00000000 ____D () C:\Users\champ\AppData\Roaming\Microsoft\Windows\Start Menu\Meine Dokumente\Documents\ArcSoft 2014-02-22 14:11 - 2014-02-22 14:11 - 00000000 ____D () C:\Users\Laura\AppData\Roaming\Wondershare 2014-02-21 23:27 - 2014-02-23 19:03 - 00000000 ____D () C:\Program Files\TuneUp Utilities 2014 2014-02-21 23:23 - 2014-02-23 21:16 - 00000000 __SHD () C:\ProgramData\{FE8D473A-6F06-4F99-B5F4-BED72B2A038C} 2014-02-21 23:23 - 2014-02-21 23:23 - 35955112 _____ (TuneUp Software) C:\Users\champ\Downloads\TuneUpUtilities2014_de-DE.exe 2014-02-21 13:18 - 2014-02-21 13:18 - 00000000 ____D () C:\Users\champ\Desktop\TURKvod 2014-02-21 12:27 - 2014-02-21 12:28 - 00000000 ____D () C:\Users\champ\AppData\Roaming\Microsoft\Windows\Start Menu\Meine Dokumente\Documents\Wondershare Video Editor 2014-02-20 22:44 - 2014-02-20 22:44 - 61134054 _____ () C:\Users\champ\Downloads\openatv-4.0-xpeedlx-20140220_usb.zip 2014-02-19 21:39 - 2014-02-19 21:39 - 00144790 _____ () C:\Users\champ\Downloads\bootloader-xpeed-lx1-751mhz-13.02.2014.zip 2014-02-16 19:40 - 2014-02-16 19:40 - 00000000 ____D () C:\Users\Laura\AppData\Roaming\Motorola Mobility 2014-02-16 18:53 - 2014-02-16 18:53 - 00000000 ____D () C:\Users\Dana\AppData\Roaming\Motorola Mobility 2014-02-16 15:00 - 2014-02-16 15:00 - 00000000 ____D () C:\Users\Larissa\AppData\Roaming\Motorola Mobility 2014-02-16 13:02 - 2014-02-16 13:02 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_Kernel_Motousbnet_01009.Wdf 2014-02-16 13:02 - 2014-02-16 13:02 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_Kernel_motfilt_01009.Wdf 2014-02-16 13:01 - 2014-02-16 13:01 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_User_WpdMtpDr_01_09_00.Wdf 2014-02-16 13:01 - 2014-02-16 13:01 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_Kernel_motusbdevice_01009.Wdf 2014-02-16 13:01 - 2014-02-16 13:01 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_Kernel_motccgp_01009.Wdf 2014-02-16 13:01 - 2014-02-16 13:01 - 00000000 ____D () C:\Users\champ\AppData\Roaming\Motorola Mobility 2014-02-16 13:01 - 2014-02-16 13:01 - 00000000 ____D () C:\ProgramData\Motorola 2014-02-16 13:00 - 2014-02-16 13:01 - 00000000 ____D () C:\Program Files\Motorola Mobility 2014-02-16 13:00 - 2014-02-16 13:00 - 00000000 ____D () C:\Program Files\Motorola 2014-02-16 13:00 - 2014-02-16 13:00 - 00000000 ____D () C:\Program Files\Common Files\MSSoap 2014-02-16 12:58 - 2014-02-16 12:58 - 00000000 ____D () C:\Program Files\Common Files\Motorola Shared 2014-02-16 12:57 - 2014-02-16 12:57 - 00000000 ____D () C:\Users\champ\AppData\Roaming\Motorola 2014-02-16 12:53 - 2014-02-16 12:53 - 00000596 _____ () C:\Windows\PFRO.log 2014-02-16 11:00 - 2014-02-16 11:00 - 00001070 _____ () C:\Users\champ\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MediaInfo.lnk 2014-02-16 11:00 - 2014-02-16 11:00 - 00000000 ____D () C:\Program Files\MediaInfo 2014-02-14 14:56 - 2014-02-14 14:58 - 00000000 ____D () C:\Users\champ\Desktop\Stimmung 2014-02-14 11:40 - 2014-02-14 11:40 - 00000000 ____D () C:\Program Files\Mozilla Firefox 2014-02-13 12:05 - 2014-02-06 11:38 - 17103872 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2014-02-13 12:05 - 2014-02-06 11:20 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2014-02-13 12:05 - 2014-02-06 11:19 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll 2014-02-13 12:05 - 2014-02-06 11:01 - 00061952 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll 2014-02-13 12:05 - 2014-02-06 11:00 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll 2014-02-13 12:05 - 2014-02-06 10:57 - 02168320 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2014-02-13 12:05 - 2014-02-06 10:52 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll 2014-02-13 12:05 - 2014-02-06 10:52 - 00032768 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll 2014-02-13 12:05 - 2014-02-06 10:49 - 00440832 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll 2014-02-13 12:05 - 2014-02-06 10:47 - 00112128 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe 2014-02-13 12:05 - 2014-02-06 10:47 - 00108032 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe 2014-02-13 12:05 - 2014-02-06 10:46 - 00553472 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll 2014-02-13 12:05 - 2014-02-06 10:34 - 00208896 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe 2014-02-13 12:05 - 2014-02-06 10:25 - 04244480 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2014-02-13 12:05 - 2014-02-06 10:25 - 00164864 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll 2014-02-13 12:05 - 2014-02-06 10:13 - 00524288 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2014-02-13 12:05 - 2014-02-06 10:09 - 01964032 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl 2014-02-13 12:05 - 2014-02-06 10:03 - 11266048 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2014-02-13 12:05 - 2014-02-06 09:41 - 01820160 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2014-02-13 12:05 - 2014-02-06 09:36 - 01156096 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2014-02-13 12:05 - 2014-02-06 09:34 - 00703488 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll 2014-02-13 11:54 - 2013-12-21 09:56 - 00454656 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll 2014-02-13 11:15 - 2014-02-24 19:16 - 00000292 _____ () C:\Windows\Tasks\Update Bonanza.job 2014-02-13 11:15 - 2014-02-13 11:15 - 00000000 ____D () C:\Users\champ\AppData\Roaming\UpdateBonanza 2014-02-13 10:43 - 2014-01-01 00:05 - 00420008 _____ () C:\Windows\system32\locale.nls 2014-02-13 10:43 - 2013-12-25 00:09 - 01987584 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll 2014-02-13 10:43 - 2013-12-06 03:02 - 01237504 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll 2014-02-13 10:43 - 2013-12-06 03:02 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll 2014-02-13 10:43 - 2013-12-04 03:03 - 00428032 _____ (Microsoft Corporation) C:\Windows\system32\secproc.dll 2014-02-13 10:43 - 2013-12-04 03:03 - 00423936 _____ (Microsoft Corporation) C:\Windows\system32\secproc_isv.dll 2014-02-13 10:43 - 2013-12-04 03:03 - 00087040 _____ (Microsoft Corporation) C:\Windows\system32\secproc_ssp_isv.dll 2014-02-13 10:43 - 2013-12-04 03:03 - 00087040 _____ (Microsoft Corporation) C:\Windows\system32\secproc_ssp.dll 2014-02-13 10:43 - 2013-12-04 03:02 - 00390144 _____ (Microsoft Corporation) C:\Windows\system32\msdrm.dll 2014-02-13 10:43 - 2013-12-04 02:54 - 00594944 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate_isv.exe 2014-02-13 10:43 - 2013-12-04 02:54 - 00572416 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate.exe 2014-02-13 10:43 - 2013-12-04 02:54 - 00510976 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate_ssp.exe 2014-02-13 10:43 - 2013-12-04 02:54 - 00508928 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate_ssp_isv.exe 2014-02-13 10:43 - 2013-11-26 09:16 - 03419136 _____ (Microsoft Corporation) C:\Windows\system32\d2d1.dll 2014-02-11 09:41 - 2014-02-23 21:16 - 00000000 ____D () C:\Users\champ\Desktop\keys1 2014-02-10 16:09 - 2014-02-10 16:09 - 00000892 _____ () C:\Users\champ\Desktop\Hits 2014 - Verknüpfung.lnk 2014-02-05 15:14 - 2014-02-05 15:15 - 00000000 ____D () C:\Users\Dana\AppData\Roaming\TeraCopy 2014-02-03 14:50 - 2014-02-03 15:18 - 00000000 ____D () C:\Users\Laura\Desktop\Konfi -Bilder 2014-02-03 10:07 - 2013-12-18 21:10 - 00094632 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge.dll 2014-02-03 10:07 - 2013-12-18 21:04 - 00264616 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe 2014-02-03 10:07 - 2013-12-18 21:04 - 00175016 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe 2014-02-03 10:07 - 2013-12-18 21:03 - 00174504 _____ (Oracle Corporation) C:\Windows\system32\java.exe 2014-02-03 10:06 - 2014-02-03 10:07 - 00005315 _____ () C:\Windows\system32\jupdate-1.7.0_51-b13.log 2014-02-01 16:33 - 2014-02-01 16:33 - 00002494 __RSH () C:\ProgramData\ntuser.pol 2014-02-01 16:33 - 2014-02-01 16:33 - 00000000 ____D () C:\ProgramData\UTUbeNoAAds 2014-02-01 16:33 - 2014-02-01 16:33 - 00000000 ____D () C:\ProgramData\knglimfpcechcemlpckgopldlobbmnoc 2014-01-30 09:06 - 2014-01-30 09:08 - 00002268 _____ () C:\Windows\logboot_30.01.2014.tureg.log 2014-01-29 19:00 - 1999-01-18 11:28 - 00008880 _____ (Macromedia, Inc.) C:\Users\Laura\Desktop\LILLI.EXE ==================== One Month Modified Files and Folders ======= 2014-02-24 19:40 - 2014-02-24 19:39 - 00029111 _____ () C:\Users\champ\Downloads\FRST.txt 2014-02-24 19:39 - 2014-02-24 19:38 - 00000000 ____D () C:\FRST 2014-02-24 19:38 - 2014-02-24 19:38 - 01144320 _____ (Farbar) C:\Users\champ\Downloads\FRST.exe 2014-02-24 19:31 - 2012-09-24 14:32 - 00000000 ____D () C:\Users\Dana\AppData\Roaming\Skype 2014-02-24 19:16 - 2014-02-13 11:15 - 00000292 _____ () C:\Windows\Tasks\Update Bonanza.job 2014-02-24 19:15 - 2013-12-29 14:15 - 00000290 _____ () C:\Windows\Tasks\Bonanza.job 2014-02-24 19:06 - 2012-08-09 13:46 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job 2014-02-24 18:21 - 2013-09-20 11:25 - 00000000 ____D () C:\Users\champ\Desktop\Neuer Ordner 2014-02-24 17:55 - 2012-08-09 11:07 - 01339579 _____ () C:\Windows\WindowsUpdate.log 2014-02-24 17:53 - 2014-02-24 17:53 - 00001087 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk 2014-02-24 17:53 - 2014-02-23 18:26 - 00000000 ____D () C:\Program Files\Malwarebytes' Anti-Malware 2014-02-24 17:52 - 2014-02-24 17:52 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\champ\Downloads\mbam-setup-1.75.0.1300.exe 2014-02-24 16:55 - 2009-07-14 05:34 - 00041488 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2014-02-24 16:55 - 2009-07-14 05:34 - 00041488 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2014-02-24 16:50 - 2014-01-12 15:50 - 00033870 _____ () C:\Windows\setupact.log 2014-02-24 16:50 - 2009-07-14 05:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2014-02-24 10:15 - 2014-01-08 11:15 - 00000142 _____ () C:\Users\champ\AppData\Roaming\WB.CFG 2014-02-23 23:19 - 2012-12-25 12:54 - 00000000 ___RD () C:\Users\champ\Desktop\Dreambox 2014-02-23 23:06 - 2012-08-09 13:46 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe 2014-02-23 23:06 - 2012-08-09 13:46 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl 2014-02-23 22:55 - 2013-02-05 19:14 - 00000000 ____D () C:\Users\champ\AppData\Local\CrashDumps 2014-02-23 21:24 - 2013-12-29 11:40 - 00000000 ____D () C:\ProgramData\Network Acceleration 2014-02-23 21:19 - 2012-08-09 11:15 - 00000000 ____D () C:\Users\champ 2014-02-23 21:16 - 2014-02-21 23:23 - 00000000 __SHD () C:\ProgramData\{FE8D473A-6F06-4F99-B5F4-BED72B2A038C} 2014-02-23 21:16 - 2014-02-11 09:41 - 00000000 ____D () C:\Users\champ\Desktop\keys1 2014-02-23 21:16 - 2013-12-05 17:36 - 00000000 ____D () C:\Users\champ\Desktop\ChanSort_2013-11-24 2014-02-23 21:16 - 2013-08-02 15:30 - 00000000 ____D () C:\Program Files\Iminent 2014-02-23 21:16 - 2013-01-22 11:56 - 00000000 ____D () C:\Users\champ\AppData\Local\Downloaded Installations 2014-02-23 21:16 - 2012-09-11 14:14 - 00000000 ____D () C:\Users\Laura\AppData\Roaming\Skype 2014-02-23 21:16 - 2012-09-11 12:03 - 00000000 ___RD () C:\Users\champ\Desktop\System 2014-02-23 21:16 - 2012-08-25 08:58 - 00000000 ____D () C:\Users\champ\AppData\Roaming\Mp3tag 2014-02-23 21:16 - 2012-08-19 20:00 - 00000000 ____D () C:\ProgramData\Apple Computer 2014-02-23 21:16 - 2012-08-17 15:35 - 00000000 ____D () C:\ProgramData\Skype 2014-02-23 21:16 - 2012-08-16 11:14 - 00000000 ____D () C:\Users\Dana 2014-02-23 21:16 - 2012-08-13 12:34 - 00000000 ____D () C:\Users\Laura 2014-02-23 21:16 - 2012-08-13 12:31 - 00000000 ____D () C:\ProgramData\NVIDIA 2014-02-23 21:16 - 2012-08-11 19:59 - 00000000 ____D () C:\Users\Larissa 2014-02-23 21:16 - 2012-08-11 18:56 - 00000000 __SHD () C:\ProgramData\{32364CEA-7855-4A3C-B674-53D8E9B97936} 2014-02-23 21:16 - 2012-08-11 18:39 - 00000000 ____D () C:\Users\champ\AppData\Roaming\BOM 2014-02-23 21:16 - 2012-08-09 11:30 - 00000000 ____D () C:\Users\champ\AppData\Local\Microsoft Help 2014-02-23 21:16 - 2009-07-14 05:52 - 00000000 ____D () C:\Windows\Performance 2014-02-23 21:16 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\system32\wfp 2014-02-23 21:16 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\registration 2014-02-23 21:15 - 2012-08-14 22:36 - 00000000 ____D () C:\ProgramData\TuneUp Software 2014-02-23 21:14 - 2012-08-19 19:59 - 00000000 ____D () C:\ProgramData\Apple 2014-02-23 21:14 - 2012-08-17 15:35 - 00000000 ___RD () C:\Program Files\Skype 2014-02-23 21:13 - 2012-09-12 18:08 - 00000000 ___HD () C:\BJPrinter 2014-02-23 21:13 - 2012-08-13 12:29 - 00000000 ____D () C:\NVIDIA 2014-02-23 19:03 - 2014-02-21 23:27 - 00000000 ____D () C:\Program Files\TuneUp Utilities 2014 2014-02-23 19:03 - 2009-07-14 09:56 - 00000000 ___RD () C:\Users\Public\Recorded TV 2014-02-23 18:27 - 2014-02-23 18:27 - 00000000 ____D () C:\Users\champ\AppData\Roaming\Malwarebytes 2014-02-23 18:26 - 2014-02-23 18:26 - 00000000 ____D () C:\ProgramData\Malwarebytes 2014-02-23 16:54 - 2014-01-23 10:37 - 00000600 _____ () C:\Users\champ\AppData\Roaming\winscp.rnd 2014-02-23 14:45 - 2014-01-12 16:02 - 00636928 ___SH () C:\Users\Larissa\Thumbs.db 2014-02-23 14:15 - 2014-02-23 14:15 - 00294963 _____ () C:\Users\champ\Desktop\TURKvod_5.0_OE20_19_02_04_2.zip 2014-02-23 13:15 - 2014-02-23 13:15 - 00000000 ____D () C:\Users\champ\AppData\Roaming\Microsoft\Windows\Start Menu\Meine Dokumente\Documents\ArcSoft 2014-02-22 14:19 - 2012-12-04 17:02 - 00000000 ____D () C:\Users\Laura\AppData\Roaming\TuneUp Software 2014-02-22 14:11 - 2014-02-22 14:11 - 00000000 ____D () C:\Users\Laura\AppData\Roaming\Wondershare 2014-02-22 11:34 - 2009-07-14 05:52 - 00000000 ____D () C:\Windows\system32\FxsTmp 2014-02-21 23:39 - 2012-08-19 20:00 - 00000000 ____D () C:\ProgramData\{429CAD59-35B1-4DBC-BB6D-1DB246563521} 2014-02-21 23:23 - 2014-02-21 23:23 - 35955112 _____ (TuneUp Software) C:\Users\champ\Downloads\TuneUpUtilities2014_de-DE.exe 2014-02-21 23:13 - 2012-08-13 16:12 - 00000000 ____D () C:\Users\champ\AppData\Roaming\vlc 2014-02-21 23:12 - 2012-08-09 13:18 - 00000000 ____D () C:\Users\champ\AppData\Local\Windows Live 2014-02-21 13:18 - 2014-02-21 13:18 - 00000000 ____D () C:\Users\champ\Desktop\TURKvod 2014-02-21 12:28 - 2014-02-21 12:27 - 00000000 ____D () C:\Users\champ\AppData\Roaming\Microsoft\Windows\Start Menu\Meine Dokumente\Documents\Wondershare Video Editor 2014-02-20 22:47 - 2009-11-10 19:44 - 01621244 _____ () C:\Windows\system32\PerfStringBackup.INI 2014-02-20 22:44 - 2014-02-20 22:44 - 61134054 _____ () C:\Users\champ\Downloads\openatv-4.0-xpeedlx-20140220_usb.zip 2014-02-20 21:38 - 2013-06-10 17:30 - 00000000 ____D () C:\openat 2014-02-20 15:56 - 2013-09-04 17:04 - 00000000 ____D () C:\Users\Dana\AppData\Local\CrashDumps 2014-02-19 21:39 - 2014-02-19 21:39 - 00144790 _____ () C:\Users\champ\Downloads\bootloader-xpeed-lx1-751mhz-13.02.2014.zip 2014-02-16 19:40 - 2014-02-16 19:40 - 00000000 ____D () C:\Users\Laura\AppData\Roaming\Motorola Mobility 2014-02-16 19:40 - 2012-08-13 12:34 - 00000000 ____D () C:\Users\Laura\AppData\Local\VirtualStore 2014-02-16 18:53 - 2014-02-16 18:53 - 00000000 ____D () C:\Users\Dana\AppData\Roaming\Motorola Mobility 2014-02-16 18:53 - 2012-08-16 11:14 - 00000000 ____D () C:\Users\Dana\AppData\Local\VirtualStore 2014-02-16 18:03 - 2012-08-19 15:51 - 00000000 ____D () C:\Users\Larissa\AppData\Roaming\Skype 2014-02-16 15:00 - 2014-02-16 15:00 - 00000000 ____D () C:\Users\Larissa\AppData\Roaming\Motorola Mobility 2014-02-16 13:02 - 2014-02-16 13:02 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_Kernel_Motousbnet_01009.Wdf 2014-02-16 13:02 - 2014-02-16 13:02 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_Kernel_motfilt_01009.Wdf 2014-02-16 13:01 - 2014-02-16 13:01 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_User_WpdMtpDr_01_09_00.Wdf 2014-02-16 13:01 - 2014-02-16 13:01 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_Kernel_motusbdevice_01009.Wdf 2014-02-16 13:01 - 2014-02-16 13:01 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_Kernel_motccgp_01009.Wdf 2014-02-16 13:01 - 2014-02-16 13:01 - 00000000 ____D () C:\Users\champ\AppData\Roaming\Motorola Mobility 2014-02-16 13:01 - 2014-02-16 13:01 - 00000000 ____D () C:\ProgramData\Motorola 2014-02-16 13:01 - 2014-02-16 13:00 - 00000000 ____D () C:\Program Files\Motorola Mobility 2014-02-16 13:00 - 2014-02-16 13:00 - 00000000 ____D () C:\Program Files\Motorola 2014-02-16 13:00 - 2014-02-16 13:00 - 00000000 ____D () C:\Program Files\Common Files\MSSoap 2014-02-16 12:58 - 2014-02-16 12:58 - 00000000 ____D () C:\Program Files\Common Files\Motorola Shared 2014-02-16 12:58 - 2012-08-19 16:59 - 00000000 ___HD () C:\Program Files\InstallShield Installation Information 2014-02-16 12:57 - 2014-02-16 12:57 - 00000000 ____D () C:\Users\champ\AppData\Roaming\Motorola 2014-02-16 12:53 - 2014-02-16 12:53 - 00000596 _____ () C:\Windows\PFRO.log 2014-02-16 11:00 - 2014-02-16 11:00 - 00001070 _____ () C:\Users\champ\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MediaInfo.lnk 2014-02-16 11:00 - 2014-02-16 11:00 - 00000000 ____D () C:\Program Files\MediaInfo 2014-02-15 13:06 - 2012-08-09 13:01 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service 2014-02-14 14:58 - 2014-02-14 14:56 - 00000000 ____D () C:\Users\champ\Desktop\Stimmung 2014-02-14 11:40 - 2014-02-14 11:40 - 00000000 ____D () C:\Program Files\Mozilla Firefox 2014-02-14 08:44 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\rescache 2014-02-13 14:03 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\Microsoft.NET 2014-02-13 12:07 - 2012-08-09 11:30 - 00000000 ____D () C:\ProgramData\Microsoft Help 2014-02-13 12:02 - 2013-08-20 00:18 - 00000000 ____D () C:\Windows\system32\MRT 2014-02-13 11:59 - 2009-10-14 03:21 - 85946576 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe 2014-02-13 11:54 - 2009-07-14 03:04 - 00000639 _____ () C:\Windows\win.ini 2014-02-13 11:53 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\system32\de-DE 2014-02-13 11:15 - 2014-02-13 11:15 - 00000000 ____D () C:\Users\champ\AppData\Roaming\UpdateBonanza 2014-02-11 09:25 - 2009-07-14 05:53 - 00032632 _____ () C:\Windows\Tasks\SCHEDLGU.TXT 2014-02-10 16:09 - 2014-02-10 16:09 - 00000892 _____ () C:\Users\champ\Desktop\Hits 2014 - Verknüpfung.lnk 2014-02-09 20:41 - 2012-10-17 22:05 - 00000000 ____D () C:\Users\champ\AppData\Local\Canon Easy-PhotoPrint EX 2014-02-06 11:38 - 2014-02-13 12:05 - 17103872 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2014-02-06 11:20 - 2014-02-13 12:05 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2014-02-06 11:19 - 2014-02-13 12:05 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll 2014-02-06 11:01 - 2014-02-13 12:05 - 00061952 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll 2014-02-06 11:00 - 2014-02-13 12:05 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll 2014-02-06 10:57 - 2014-02-13 12:05 - 02168320 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2014-02-06 10:52 - 2014-02-13 12:05 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll 2014-02-06 10:52 - 2014-02-13 12:05 - 00032768 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll 2014-02-06 10:49 - 2014-02-13 12:05 - 00440832 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll 2014-02-06 10:47 - 2014-02-13 12:05 - 00112128 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe 2014-02-06 10:47 - 2014-02-13 12:05 - 00108032 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe 2014-02-06 10:46 - 2014-02-13 12:05 - 00553472 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll 2014-02-06 10:34 - 2014-02-13 12:05 - 00208896 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe 2014-02-06 10:25 - 2014-02-13 12:05 - 04244480 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2014-02-06 10:25 - 2014-02-13 12:05 - 00164864 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll 2014-02-06 10:13 - 2014-02-13 12:05 - 00524288 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2014-02-06 10:09 - 2014-02-13 12:05 - 01964032 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl 2014-02-06 10:03 - 2014-02-13 12:05 - 11266048 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2014-02-06 09:41 - 2014-02-13 12:05 - 01820160 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2014-02-06 09:36 - 2014-02-13 12:05 - 01156096 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2014-02-06 09:34 - 2014-02-13 12:05 - 00703488 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll 2014-02-05 15:15 - 2014-02-05 15:14 - 00000000 ____D () C:\Users\Dana\AppData\Roaming\TeraCopy 2014-02-03 15:18 - 2014-02-03 14:50 - 00000000 ____D () C:\Users\Laura\Desktop\Konfi -Bilder 2014-02-03 14:50 - 2013-11-15 13:35 - 00000000 ____D () C:\Users\Laura\Desktop\Frankreich 2014-02-03 14:21 - 2014-01-02 19:24 - 00000000 ____D () C:\Users\champ\Desktop\Fotos 2014-02-03 10:07 - 2014-02-03 10:06 - 00005315 _____ () C:\Windows\system32\jupdate-1.7.0_51-b13.log 2014-02-03 10:07 - 2013-10-28 15:12 - 00000000 ____D () C:\ProgramData\Oracle 2014-02-03 10:07 - 2012-09-07 21:59 - 00000000 ____D () C:\Program Files\Java 2014-02-01 16:33 - 2014-02-01 16:33 - 00002494 __RSH () C:\ProgramData\ntuser.pol 2014-02-01 16:33 - 2014-02-01 16:33 - 00000000 ____D () C:\ProgramData\UTUbeNoAAds 2014-02-01 16:33 - 2014-02-01 16:33 - 00000000 ____D () C:\ProgramData\knglimfpcechcemlpckgopldlobbmnoc 2014-02-01 16:33 - 2013-12-29 23:19 - 00000000 ____D () C:\ProgramData\2aec3377e51bfc14 2014-01-30 09:08 - 2014-01-30 09:06 - 00002268 _____ () C:\Windows\logboot_30.01.2014.tureg.log 2014-01-30 09:08 - 2009-07-14 03:03 - 62914560 _____ () C:\Windows\system32\config\SOFTWARE_tureg_old 2014-01-30 09:08 - 2009-07-14 03:03 - 27787264 _____ () C:\Windows\system32\config\SYSTEM_tureg_old 2014-01-30 09:08 - 2009-07-14 03:03 - 00262144 _____ () C:\Windows\system32\config\SECURITY_tureg_old 2014-01-29 22:16 - 2009-07-14 03:03 - 00524288 _____ () C:\Windows\system32\config\DEFAULT_tureg_old 2014-01-29 22:16 - 2009-07-14 03:03 - 00262144 _____ () C:\Windows\system32\config\SAM_tureg_old Some content of TEMP: ==================== C:\Users\champ\AppData\Local\Temp\avgnt.exe C:\Users\champ\AppData\Local\Temp\jre-7u51-windows-i586-iftw.exe C:\Users\champ\AppData\Local\Temp\MotoCast_Installer_2.0405.exe C:\Users\champ\AppData\Local\Temp\Uni000.exe C:\Users\champ\AppData\Local\Temp\vlc-2.1.3-win32.exe C:\Users\Dana\AppData\Local\Temp\AskSLib.dll C:\Users\Dana\AppData\Local\Temp\avgnt.exe C:\Users\Dana\AppData\Local\Temp\MediaSync.exe C:\Users\Dana\AppData\Local\Temp\SkypeSetup.exe C:\Users\Larissa\AppData\Local\Temp\AskSLib.dll C:\Users\Larissa\AppData\Local\Temp\avgnt.exe C:\Users\Larissa\AppData\Local\Temp\SkypeSetup.exe C:\Users\Laura\AppData\Local\Temp\AskSLib.dll C:\Users\Laura\AppData\Local\Temp\avgnt.exe C:\Users\Laura\AppData\Local\Temp\i4jdel0.exe C:\Users\Laura\AppData\Local\Temp\MediaSync.exe C:\Users\Laura\AppData\Local\Temp\SkypeSetup.exe ==================== Bamital & volsnap Check ================= C:\Windows\explorer.exe => MD5 is legit C:\Windows\system32\winlogon.exe => MD5 is legit C:\Windows\system32\wininit.exe => MD5 is legit C:\Windows\system32\svchost.exe => MD5 is legit C:\Windows\system32\services.exe => MD5 is legit C:\Windows\system32\User32.dll => MD5 is legit C:\Windows\system32\userinit.exe => MD5 is legit C:\Windows\system32\rpcss.dll => MD5 is legit C:\Windows\system32\Drivers\volsnap.sys => MD5 is legit LastRegBack: 2014-02-19 22:28 ==================== End Of Log ============================ --- --- --- Hoffentlich stimmt es so ?! |
|
25.02.2014, 17:28
| #4 |
| /// the machine /// TB-Ausbilder | nach Scan mit Malewarebytes folgender Log hi, Scan mit Combofix
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
26.02.2014, 10:53
| #5 |
| | nach Scan mit Malewarebytes folgender Log Hallo! Vielen Dank! Combofix Logfile: Code:
ATTFilter ComboFix 14-02-24.02 - champ 25.02.2014 21:34:08.1.4 - x86
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.49.1031.18.3573.2460 [GMT 1:00]
ausgeführt von:: c:\users\champ\Desktop\ComboFix.exe
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\install.exe
c:\progra~1\SOUNDF~1\SOUNdf~1.dll
c:\program files\SaveShare
c:\users\champ\4.0
c:\users\champ\AppData\Local\Google\Chrome\User Data\Default\Extensions\ahancjhngfcjfbkepnclnpohpghpceci
c:\users\champ\AppData\Local\Google\Chrome\User Data\Default\Extensions\ahancjhngfcjfbkepnclnpohpghpceci\3.4\background.html
c:\users\champ\AppData\Local\Google\Chrome\User Data\Default\Extensions\ahancjhngfcjfbkepnclnpohpghpceci\3.4\content.js
c:\users\champ\AppData\Local\Google\Chrome\User Data\Default\Extensions\ahancjhngfcjfbkepnclnpohpghpceci\3.4\e8L.js
c:\users\champ\AppData\Local\Google\Chrome\User Data\Default\Extensions\ahancjhngfcjfbkepnclnpohpghpceci\3.4\lsdb.js
c:\users\champ\AppData\Local\Google\Chrome\User Data\Default\Extensions\ahancjhngfcjfbkepnclnpohpghpceci\3.4\manifest.json
c:\users\champ\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_ahancjhngfcjfbkepnclnpohpghpceci_0.localstorage-journal
c:\users\champ\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_ahancjhngfcjfbkepnclnpohpghpceci_0.localstorage
c:\users\champ\AppData\Local\Google\Chrome\User Data\Default\Preferences
c:\users\champ\AppData\Local\Microsoft\AddIns\MMOutlookAddIn.dll
c:\users\champ\AppData\Local\Minibar
c:\users\champ\AppData\Local\Minibar\chrome.pem
c:\users\champ\AppData\Local\Minibar\chrome\background.html
c:\users\champ\AppData\Local\Minibar\chrome\cached_http_request.js
c:\users\champ\AppData\Local\Minibar\chrome\extension_info.json
c:\users\champ\AppData\Local\Minibar\chrome\icons\icon128.png
c:\users\champ\AppData\Local\Minibar\chrome\icons\icon19.png
c:\users\champ\AppData\Local\Minibar\chrome\icons\icon32.png
c:\users\champ\AppData\Local\Minibar\chrome\icons\icon48.png
c:\users\champ\AppData\Local\Minibar\chrome\includes\content.js
c:\users\champ\AppData\Local\Minibar\chrome\includes\content_kango.js
c:\users\champ\AppData\Local\Minibar\chrome\includes\content_menu.js
c:\users\champ\AppData\Local\Minibar\chrome\includes\content_messaging.js
c:\users\champ\AppData\Local\Minibar\chrome\includes\content_pageutils.js
c:\users\champ\AppData\Local\Minibar\chrome\includes\content_popup.js
c:\users\champ\AppData\Local\Minibar\chrome\includes\content_toolbar.js
c:\users\champ\AppData\Local\Minibar\chrome\includes\content_toolbar_customfixes.js
c:\users\champ\AppData\Local\Minibar\chrome\includes\content_userscript.js
c:\users\champ\AppData\Local\Minibar\chrome\initial_config.json
c:\users\champ\AppData\Local\Minibar\chrome\kango-ui\button.js
c:\users\champ\AppData\Local\Minibar\chrome\kango-ui\toolbar.js
c:\users\champ\AppData\Local\Minibar\chrome\kango-ui\ui.js
c:\users\champ\AppData\Local\Minibar\chrome\kango\browser.js
c:\users\champ\AppData\Local\Minibar\chrome\kango\console.js
c:\users\champ\AppData\Local\Minibar\chrome\kango\event_listener.js
c:\users\champ\AppData\Local\Minibar\chrome\kango\initialize.js
c:\users\champ\AppData\Local\Minibar\chrome\kango\io.js
c:\users\champ\AppData\Local\Minibar\chrome\kango\jsonstorage.js
c:\users\champ\AppData\Local\Minibar\chrome\kango\kango.js
c:\users\champ\AppData\Local\Minibar\chrome\kango\lang.js
c:\users\champ\AppData\Local\Minibar\chrome\kango\messaging.js
c:\users\champ\AppData\Local\Minibar\chrome\kango\userscript_engine.js
c:\users\champ\AppData\Local\Minibar\chrome\kango\xhr.js
c:\users\champ\AppData\Local\Minibar\chrome\main.js
c:\users\champ\AppData\Local\Minibar\chrome\manifest.json
c:\users\champ\AppData\Local\Minibar\chrome\minibar\actions.js
c:\users\champ\AppData\Local\Minibar\chrome\minibar\cachedxhr.js
c:\users\champ\AppData\Local\Minibar\chrome\minibar\config.js
c:\users\champ\AppData\Local\Minibar\chrome\minibar\macros.js
c:\users\champ\AppData\Local\Minibar\chrome\minibar\minibar.js
c:\users\champ\AppData\Local\Minibar\chrome\MinibarPlugin.dll
c:\users\champ\AppData\Local\Minibar\chrome\popup.html
c:\users\champ\AppData\Local\Minibar\chrome\popup.js
c:\users\champ\AppData\Local\Minibar\chrome\tab.html
c:\users\champ\AppData\Local\Minibar\chrome\tab.js
c:\users\champ\AppData\Local\Minibar\chrome_installer.js
c:\users\champ\AppData\Local\Minibar\common.js
c:\users\champ\AppData\Local\Minibar\firefox\chrome.manifest
c:\users\champ\AppData\Local\Minibar\firefox\chrome\content\content.xul
c:\users\champ\AppData\Local\Minibar\firefox\chrome\content\extension_info.json
c:\users\champ\AppData\Local\Minibar\firefox\chrome\content\icons\icon128.png
c:\users\champ\AppData\Local\Minibar\firefox\chrome\content\icons\icon19.png
c:\users\champ\AppData\Local\Minibar\firefox\chrome\content\icons\icon32.png
c:\users\champ\AppData\Local\Minibar\firefox\chrome\content\icons\icon48.png
c:\users\champ\AppData\Local\Minibar\firefox\chrome\content\initial_config.json
c:\users\champ\AppData\Local\Minibar\firefox\chrome\content\kango-ui\button.js
c:\users\champ\AppData\Local\Minibar\firefox\chrome\content\kango-ui\popup.js
c:\users\champ\AppData\Local\Minibar\firefox\chrome\content\kango-ui\popup_window.js
c:\users\champ\AppData\Local\Minibar\firefox\chrome\content\kango-ui\popup_window.xul
c:\users\champ\AppData\Local\Minibar\firefox\chrome\content\kango-ui\theme\bubble\bottom-left.png
c:\users\champ\AppData\Local\Minibar\firefox\chrome\content\kango-ui\theme\bubble\bottom-middle.png
c:\users\champ\AppData\Local\Minibar\firefox\chrome\content\kango-ui\theme\bubble\bottom-right.png
c:\users\champ\AppData\Local\Minibar\firefox\chrome\content\kango-ui\theme\bubble\middle-left.png
c:\users\champ\AppData\Local\Minibar\firefox\chrome\content\kango-ui\theme\bubble\middle-right.png
c:\users\champ\AppData\Local\Minibar\firefox\chrome\content\kango-ui\theme\bubble\style.css
c:\users\champ\AppData\Local\Minibar\firefox\chrome\content\kango-ui\theme\bubble\tail-bottom.png
c:\users\champ\AppData\Local\Minibar\firefox\chrome\content\kango-ui\theme\bubble\tail-left.png
c:\users\champ\AppData\Local\Minibar\firefox\chrome\content\kango-ui\theme\bubble\tail-right.png
c:\users\champ\AppData\Local\Minibar\firefox\chrome\content\kango-ui\theme\bubble\tail-top.png
c:\users\champ\AppData\Local\Minibar\firefox\chrome\content\kango-ui\theme\bubble\top-left.png
c:\users\champ\AppData\Local\Minibar\firefox\chrome\content\kango-ui\theme\bubble\top-middle.png
c:\users\champ\AppData\Local\Minibar\firefox\chrome\content\kango-ui\theme\bubble\top-right.png
c:\users\champ\AppData\Local\Minibar\firefox\chrome\content\kango-ui\toolbar.js
c:\users\champ\AppData\Local\Minibar\firefox\chrome\content\kango-ui\toolbar_stub.html
c:\users\champ\AppData\Local\Minibar\firefox\chrome\content\kango-ui\ui.js
c:\users\champ\AppData\Local\Minibar\firefox\chrome\content\kango\browser.js
c:\users\champ\AppData\Local\Minibar\firefox\chrome\content\kango\console.js
c:\users\champ\AppData\Local\Minibar\firefox\chrome\content\kango\event_listener.js
c:\users\champ\AppData\Local\Minibar\firefox\chrome\content\kango\initialize.js
c:\users\champ\AppData\Local\Minibar\firefox\chrome\content\kango\io.js
c:\users\champ\AppData\Local\Minibar\firefox\chrome\content\kango\jsonstorage.js
c:\users\champ\AppData\Local\Minibar\firefox\chrome\content\kango\kango.js
c:\users\champ\AppData\Local\Minibar\firefox\chrome\content\kango\lang.js
c:\users\champ\AppData\Local\Minibar\firefox\chrome\content\kango\messaging.js
c:\users\champ\AppData\Local\Minibar\firefox\chrome\content\kango\storage.js
c:\users\champ\AppData\Local\Minibar\firefox\chrome\content\kango\uninstall_observer.js
c:\users\champ\AppData\Local\Minibar\firefox\chrome\content\kango\userscript_engine.js
c:\users\champ\AppData\Local\Minibar\firefox\chrome\content\kango\xhr.js
c:\users\champ\AppData\Local\Minibar\firefox\chrome\content\main.js
c:\users\champ\AppData\Local\Minibar\firefox\chrome\content\minibar\actions.js
c:\users\champ\AppData\Local\Minibar\firefox\chrome\content\minibar\cachedxhr.js
c:\users\champ\AppData\Local\Minibar\firefox\chrome\content\minibar\config.js
c:\users\champ\AppData\Local\Minibar\firefox\chrome\content\minibar\homepage_helper.js
c:\users\champ\AppData\Local\Minibar\firefox\chrome\content\minibar\macros.js
c:\users\champ\AppData\Local\Minibar\firefox\chrome\content\minibar\minibar.js
c:\users\champ\AppData\Local\Minibar\firefox\chrome\content\minibar\search_helper.js
c:\users\champ\AppData\Local\Minibar\firefox\chrome\content\minibar\search_hook.js
c:\users\champ\AppData\Local\Minibar\firefox\chrome\content\minibar\tabpage_helper.js
c:\users\champ\AppData\Local\Minibar\firefox\install.rdf
c:\users\champ\AppData\Local\Minibar\firefox\plugins\npMinibarPlugin.dll
c:\users\champ\AppData\Local\Minibar\firefox_installer.js
c:\users\champ\AppData\Local\Minibar\ie_installer.js
c:\users\champ\AppData\Local\Minibar\minibar.crx
c:\users\champ\AppData\Local\Minibar\minibar.xpi
c:\users\champ\AppData\Local\Minibar\SettingsHelper.exe
c:\users\champ\AppData\Local\Minibar\Uninstall.exe
c:\users\champ\AppData\Roaming\Mozilla\Firefox\Profiles\h11x55ps.default\extensions\dkwjoaom@uyuidjao.edu
c:\users\champ\AppData\Roaming\Mozilla\Firefox\Profiles\h11x55ps.default\extensions\dkwjoaom@uyuidjao.edu\bootstrap.js
c:\users\champ\AppData\Roaming\Mozilla\Firefox\Profiles\h11x55ps.default\extensions\dkwjoaom@uyuidjao.edu\chrome.manifest
c:\users\champ\AppData\Roaming\Mozilla\Firefox\Profiles\h11x55ps.default\extensions\dkwjoaom@uyuidjao.edu\content\bg.js
c:\users\champ\AppData\Roaming\Mozilla\Firefox\Profiles\h11x55ps.default\extensions\dkwjoaom@uyuidjao.edu\install.rdf
c:\users\champ\AppData\Roaming\Mozilla\Firefox\Profiles\h11x55ps.default\extensions\oynnwj@vrjtb.net
c:\users\champ\AppData\Roaming\Mozilla\Firefox\Profiles\h11x55ps.default\extensions\oynnwj@vrjtb.net\bootstrap.js
c:\users\champ\AppData\Roaming\Mozilla\Firefox\Profiles\h11x55ps.default\extensions\oynnwj@vrjtb.net\chrome.manifest
c:\users\champ\AppData\Roaming\Mozilla\Firefox\Profiles\h11x55ps.default\extensions\oynnwj@vrjtb.net\content\bg.js
c:\users\champ\AppData\Roaming\Mozilla\Firefox\Profiles\h11x55ps.default\extensions\oynnwj@vrjtb.net\install.rdf
c:\users\champ\AppData\Roaming\Mozilla\Firefox\Profiles\h11x55ps.default\extensions\zeiea2va@hjlw-zld.co.uk
c:\users\champ\AppData\Roaming\Mozilla\Firefox\Profiles\h11x55ps.default\extensions\zeiea2va@hjlw-zld.co.uk\bootstrap.js
c:\users\champ\AppData\Roaming\Mozilla\Firefox\Profiles\h11x55ps.default\extensions\zeiea2va@hjlw-zld.co.uk\chrome.manifest
c:\users\champ\AppData\Roaming\Mozilla\Firefox\Profiles\h11x55ps.default\extensions\zeiea2va@hjlw-zld.co.uk\content\bg.js
c:\users\champ\AppData\Roaming\Mozilla\Firefox\Profiles\h11x55ps.default\extensions\zeiea2va@hjlw-zld.co.uk\install.rdf
c:\users\champ\Favorites\MovieStreamer.exe
c:\users\Dana\AppData\Roaming\Mozilla\Firefox\Profiles\k5uyb8u6.default\extensions\dkwjoaom@uyuidjao.edu
c:\users\Dana\AppData\Roaming\Mozilla\Firefox\Profiles\k5uyb8u6.default\extensions\dkwjoaom@uyuidjao.edu\bootstrap.js
c:\users\Dana\AppData\Roaming\Mozilla\Firefox\Profiles\k5uyb8u6.default\extensions\dkwjoaom@uyuidjao.edu\chrome.manifest
c:\users\Dana\AppData\Roaming\Mozilla\Firefox\Profiles\k5uyb8u6.default\extensions\dkwjoaom@uyuidjao.edu\content\bg.js
c:\users\Dana\AppData\Roaming\Mozilla\Firefox\Profiles\k5uyb8u6.default\extensions\dkwjoaom@uyuidjao.edu\install.rdf
c:\users\Dana\AppData\Roaming\Mozilla\Firefox\Profiles\k5uyb8u6.default\extensions\oynnwj@vrjtb.net
c:\users\Dana\AppData\Roaming\Mozilla\Firefox\Profiles\k5uyb8u6.default\extensions\oynnwj@vrjtb.net\bootstrap.js
c:\users\Dana\AppData\Roaming\Mozilla\Firefox\Profiles\k5uyb8u6.default\extensions\oynnwj@vrjtb.net\chrome.manifest
c:\users\Dana\AppData\Roaming\Mozilla\Firefox\Profiles\k5uyb8u6.default\extensions\oynnwj@vrjtb.net\content\bg.js
c:\users\Dana\AppData\Roaming\Mozilla\Firefox\Profiles\k5uyb8u6.default\extensions\oynnwj@vrjtb.net\install.rdf
c:\users\Dana\AppData\Roaming\Mozilla\Firefox\Profiles\k5uyb8u6.default\extensions\zeiea2va@hjlw-zld.co.uk
c:\users\Dana\AppData\Roaming\Mozilla\Firefox\Profiles\k5uyb8u6.default\extensions\zeiea2va@hjlw-zld.co.uk\bootstrap.js
c:\users\Dana\AppData\Roaming\Mozilla\Firefox\Profiles\k5uyb8u6.default\extensions\zeiea2va@hjlw-zld.co.uk\chrome.manifest
c:\users\Dana\AppData\Roaming\Mozilla\Firefox\Profiles\k5uyb8u6.default\extensions\zeiea2va@hjlw-zld.co.uk\content\bg.js
c:\users\Dana\AppData\Roaming\Mozilla\Firefox\Profiles\k5uyb8u6.default\extensions\zeiea2va@hjlw-zld.co.uk\install.rdf
c:\users\Larissa\10.jpg
c:\users\Larissa\12552912424008418.jpg
c:\users\Larissa\3edb46c44d854f4d4fa2eefe71057287.jpg
c:\users\Larissa\5debb5b94289db3ed330441ccce6f25b_b.jpg
c:\users\Larissa\AppData\Local\Google\Chrome\User Data\Default\Extensions\ahancjhngfcjfbkepnclnpohpghpceci
c:\users\Larissa\AppData\Local\Google\Chrome\User Data\Default\Extensions\ahancjhngfcjfbkepnclnpohpghpceci\3.4\background.html
c:\users\Larissa\AppData\Local\Google\Chrome\User Data\Default\Extensions\ahancjhngfcjfbkepnclnpohpghpceci\3.4\content.js
c:\users\Larissa\AppData\Local\Google\Chrome\User Data\Default\Extensions\ahancjhngfcjfbkepnclnpohpghpceci\3.4\e8L.js
c:\users\Larissa\AppData\Local\Google\Chrome\User Data\Default\Extensions\ahancjhngfcjfbkepnclnpohpghpceci\3.4\lsdb.js
c:\users\Larissa\AppData\Local\Google\Chrome\User Data\Default\Extensions\ahancjhngfcjfbkepnclnpohpghpceci\3.4\manifest.json
c:\users\Larissa\AppData\Local\Google\Chrome\User Data\Default\Preferences
c:\users\Larissa\AppData\Roaming\Mozilla\Firefox\Profiles\d7sh950d.default\extensions\dkwjoaom@uyuidjao.edu
c:\users\Larissa\AppData\Roaming\Mozilla\Firefox\Profiles\d7sh950d.default\extensions\dkwjoaom@uyuidjao.edu\bootstrap.js
c:\users\Larissa\AppData\Roaming\Mozilla\Firefox\Profiles\d7sh950d.default\extensions\dkwjoaom@uyuidjao.edu\chrome.manifest
c:\users\Larissa\AppData\Roaming\Mozilla\Firefox\Profiles\d7sh950d.default\extensions\dkwjoaom@uyuidjao.edu\content\bg.js
c:\users\Larissa\AppData\Roaming\Mozilla\Firefox\Profiles\d7sh950d.default\extensions\dkwjoaom@uyuidjao.edu\install.rdf
c:\users\Larissa\AppData\Roaming\Mozilla\Firefox\Profiles\d7sh950d.default\extensions\oynnwj@vrjtb.net
c:\users\Larissa\AppData\Roaming\Mozilla\Firefox\Profiles\d7sh950d.default\extensions\oynnwj@vrjtb.net\bootstrap.js
c:\users\Larissa\AppData\Roaming\Mozilla\Firefox\Profiles\d7sh950d.default\extensions\oynnwj@vrjtb.net\chrome.manifest
c:\users\Larissa\AppData\Roaming\Mozilla\Firefox\Profiles\d7sh950d.default\extensions\oynnwj@vrjtb.net\content\bg.js
c:\users\Larissa\AppData\Roaming\Mozilla\Firefox\Profiles\d7sh950d.default\extensions\oynnwj@vrjtb.net\install.rdf
c:\users\Larissa\AppData\Roaming\Mozilla\Firefox\Profiles\d7sh950d.default\extensions\zeiea2va@hjlw-zld.co.uk
c:\users\Larissa\AppData\Roaming\Mozilla\Firefox\Profiles\d7sh950d.default\extensions\zeiea2va@hjlw-zld.co.uk\bootstrap.js
c:\users\Larissa\AppData\Roaming\Mozilla\Firefox\Profiles\d7sh950d.default\extensions\zeiea2va@hjlw-zld.co.uk\chrome.manifest
c:\users\Larissa\AppData\Roaming\Mozilla\Firefox\Profiles\d7sh950d.default\extensions\zeiea2va@hjlw-zld.co.uk\content\bg.js
c:\users\Larissa\AppData\Roaming\Mozilla\Firefox\Profiles\d7sh950d.default\extensions\zeiea2va@hjlw-zld.co.uk\install.rdf
c:\users\Larissa\ce446c41d236632de87d47c1a0f0f719_b.jpg
c:\users\Larissa\dc2fdff7e63f62a5bbe2bf1e2c91a022_b.jpg
c:\users\Larissa\Documents\~WRL0003.tmp
c:\users\Laura\AppData\Local\Google\Chrome\User Data\Default\Extensions\ahancjhngfcjfbkepnclnpohpghpceci
c:\users\Laura\AppData\Local\Google\Chrome\User Data\Default\Extensions\ahancjhngfcjfbkepnclnpohpghpceci\3.4\background.html
c:\users\Laura\AppData\Local\Google\Chrome\User Data\Default\Extensions\ahancjhngfcjfbkepnclnpohpghpceci\3.4\content.js
c:\users\Laura\AppData\Local\Google\Chrome\User Data\Default\Extensions\ahancjhngfcjfbkepnclnpohpghpceci\3.4\e8L.js
c:\users\Laura\AppData\Local\Google\Chrome\User Data\Default\Extensions\ahancjhngfcjfbkepnclnpohpghpceci\3.4\lsdb.js
c:\users\Laura\AppData\Local\Google\Chrome\User Data\Default\Extensions\ahancjhngfcjfbkepnclnpohpghpceci\3.4\manifest.json
c:\users\Laura\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_ahancjhngfcjfbkepnclnpohpghpceci_0.localstorage-journal
c:\users\Laura\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_ahancjhngfcjfbkepnclnpohpghpceci_0.localstorage
c:\users\Laura\AppData\Local\Google\Chrome\User Data\Default\Preferences
c:\users\Laura\AppData\Roaming\Mozilla\Firefox\Profiles\xm0239tt.default\extensions\dkwjoaom@uyuidjao.edu
c:\users\Laura\AppData\Roaming\Mozilla\Firefox\Profiles\xm0239tt.default\extensions\dkwjoaom@uyuidjao.edu\bootstrap.js
c:\users\Laura\AppData\Roaming\Mozilla\Firefox\Profiles\xm0239tt.default\extensions\dkwjoaom@uyuidjao.edu\chrome.manifest
c:\users\Laura\AppData\Roaming\Mozilla\Firefox\Profiles\xm0239tt.default\extensions\dkwjoaom@uyuidjao.edu\content\bg.js
c:\users\Laura\AppData\Roaming\Mozilla\Firefox\Profiles\xm0239tt.default\extensions\dkwjoaom@uyuidjao.edu\install.rdf
c:\users\Laura\AppData\Roaming\Mozilla\Firefox\Profiles\xm0239tt.default\extensions\oynnwj@vrjtb.net
c:\users\Laura\AppData\Roaming\Mozilla\Firefox\Profiles\xm0239tt.default\extensions\oynnwj@vrjtb.net\bootstrap.js
c:\users\Laura\AppData\Roaming\Mozilla\Firefox\Profiles\xm0239tt.default\extensions\oynnwj@vrjtb.net\chrome.manifest
c:\users\Laura\AppData\Roaming\Mozilla\Firefox\Profiles\xm0239tt.default\extensions\oynnwj@vrjtb.net\content\bg.js
c:\users\Laura\AppData\Roaming\Mozilla\Firefox\Profiles\xm0239tt.default\extensions\oynnwj@vrjtb.net\install.rdf
c:\users\Laura\AppData\Roaming\Mozilla\Firefox\Profiles\xm0239tt.default\extensions\zeiea2va@hjlw-zld.co.uk
c:\users\Laura\AppData\Roaming\Mozilla\Firefox\Profiles\xm0239tt.default\extensions\zeiea2va@hjlw-zld.co.uk\bootstrap.js
c:\users\Laura\AppData\Roaming\Mozilla\Firefox\Profiles\xm0239tt.default\extensions\zeiea2va@hjlw-zld.co.uk\chrome.manifest
c:\users\Laura\AppData\Roaming\Mozilla\Firefox\Profiles\xm0239tt.default\extensions\zeiea2va@hjlw-zld.co.uk\content\bg.js
c:\users\Laura\AppData\Roaming\Mozilla\Firefox\Profiles\xm0239tt.default\extensions\zeiea2va@hjlw-zld.co.uk\install.rdf
c:\windows\logboot_30.01.2014.tureg.log
c:\windows\security\Database\tmp.edb
c:\windows\system\QtCore4.dll
c:\windows\system32\sysdir
c:\windows\system32\uxtA583.tmp
.
.
((((((((((((((((((((((( Dateien erstellt von 2014-01-25 bis 2014-02-25 ))))))))))))))))))))))))))))))
.
.
2014-02-25 20:43 . 2014-02-25 20:43 -------- d-----w- c:\users\Laura\AppData\Local\temp
2014-02-25 20:43 . 2014-02-25 20:44 -------- d-----w- c:\users\champ\AppData\Local\temp
2014-02-25 20:43 . 2014-02-25 20:43 -------- d-----w- c:\users\Larissa\AppData\Local\temp
2014-02-25 20:43 . 2014-02-25 20:43 -------- d-----w- c:\users\Default\AppData\Local\temp
2014-02-25 20:43 . 2014-02-25 20:43 -------- d-----w- c:\users\Dana\AppData\Local\temp
2014-02-25 20:32 . 2014-02-25 20:32 62576 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{A55CE962-7F07-447A-AD8A-6DAFC3D05E4F}\offreg.dll
2014-02-25 10:33 . 2014-02-25 10:33 -------- d-----w- c:\windows\Migration
2014-02-25 10:06 . 2014-02-25 10:06 17858952 ----a-w- c:\windows\system32\FlashPlayerInstaller.exe
2014-02-25 09:27 . 2014-02-06 07:08 7947048 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{A55CE962-7F07-447A-AD8A-6DAFC3D05E4F}\mpengine.dll
2014-02-24 18:38 . 2014-02-24 18:40 -------- d-----w- C:\FRST
2014-02-23 17:27 . 2014-02-23 17:27 -------- d-----w- c:\users\champ\AppData\Roaming\Malwarebytes
2014-02-23 17:26 . 2014-02-23 17:26 -------- d-----w- c:\programdata\Malwarebytes
2014-02-23 17:26 . 2014-02-25 09:18 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2014-02-22 13:11 . 2014-02-22 13:11 -------- d-----w- c:\users\Laura\AppData\Roaming\Wondershare
2014-02-21 22:27 . 2014-02-23 18:03 -------- d-----w- c:\program files\TuneUp Utilities 2014
2014-02-21 22:23 . 2014-02-25 09:18 -------- d-sh--w- c:\programdata\{FE8D473A-6F06-4F99-B5F4-BED72B2A038C}
2014-02-16 18:40 . 2014-02-16 18:40 -------- d-----w- c:\users\Laura\AppData\Roaming\Motorola Mobility
2014-02-16 17:53 . 2014-02-16 17:53 -------- d-----w- c:\users\Dana\AppData\Roaming\Motorola Mobility
2014-02-16 14:00 . 2014-02-16 14:00 -------- d-----w- c:\users\Larissa\AppData\Roaming\Motorola Mobility
2014-02-16 12:01 . 2014-02-16 12:01 -------- d-----w- c:\programdata\Motorola
2014-02-16 12:01 . 2014-02-16 12:01 -------- d-----w- c:\users\champ\AppData\Roaming\Motorola Mobility
2014-02-16 12:00 . 2014-02-16 12:01 -------- d-----w- c:\program files\Motorola Mobility
2014-02-16 12:00 . 2014-02-16 12:00 -------- d-----w- c:\program files\Motorola
2014-02-16 11:58 . 2014-02-16 11:58 -------- d-----w- c:\program files\Common Files\Motorola Shared
2014-02-16 11:57 . 2014-02-16 11:57 -------- d-----w- c:\users\champ\AppData\Roaming\Motorola
2014-02-16 10:00 . 2014-02-16 10:00 -------- d-----w- c:\program files\MediaInfo
2014-02-13 10:54 . 2013-12-21 08:56 454656 ----a-w- c:\windows\system32\vbscript.dll
2014-02-13 10:15 . 2014-02-13 10:15 -------- d-----w- c:\users\champ\AppData\Roaming\UpdateBonanza
2014-02-05 14:14 . 2014-02-05 14:15 -------- d-----w- c:\users\Dana\AppData\Roaming\TeraCopy
2014-02-03 09:07 . 2013-12-18 20:10 94632 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2014-02-01 15:33 . 2014-02-01 15:33 -------- d-----w- c:\programdata\UTUbeNoAAds
2014-02-01 15:33 . 2014-02-01 15:33 -------- d-----w- c:\programdata\knglimfpcechcemlpckgopldlobbmnoc
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-02-25 10:06 . 2012-08-09 12:46 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2014-02-25 10:06 . 2012-08-09 12:46 692616 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2014-01-22 09:21 . 2011-03-28 17:36 22240 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2013-12-18 08:25 . 2013-05-02 08:53 69240 ----a-w- c:\windows\system32\drivers\avnetflt.sys
2013-12-18 08:25 . 2012-09-28 13:00 90400 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2013-12-18 08:25 . 2012-09-28 13:00 135648 ----a-w- c:\windows\system32\drivers\avipbb.sys
2013-12-18 05:13 . 2009-10-14 02:21 231584 ------w- c:\windows\system32\MpSigStub.exe
2013-12-14 10:59 . 2012-08-31 11:04 893552 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup-2\markup.dll
2013-12-14 10:59 . 2012-08-31 11:04 42168 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM-2\StartResources.dll
2013-12-10 11:14 . 2013-12-10 11:14 71680 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
2013-12-10 11:14 . 2013-12-10 11:14 646144 ----a-w- c:\windows\system32\MsSpellCheckingFacility.exe
2013-12-10 11:14 . 2013-12-10 11:14 645120 ----a-w- c:\windows\system32\jsIntl.dll
2013-12-10 11:14 . 2013-12-10 11:14 62464 ----a-w- c:\windows\system32\tdc.ocx
2013-12-10 11:14 . 2013-12-10 11:14 34816 ----a-w- c:\windows\system32\JavaScriptCollectionAgent.dll
2013-12-10 11:14 . 2013-12-10 11:14 337408 ----a-w- c:\windows\system32\html.iec
2013-12-10 11:14 . 2013-12-10 11:14 24576 ----a-w- c:\windows\system32\licmgr10.dll
2013-12-10 11:14 . 2013-12-10 11:14 194048 ----a-w- c:\windows\system32\elshyph.dll
2013-12-10 11:14 . 2013-12-10 11:14 182272 ----a-w- c:\windows\system32\msls31.dll
2013-12-10 11:14 . 2013-12-10 11:14 151552 ----a-w- c:\windows\system32\iexpress.exe
2013-12-10 11:14 . 2013-12-10 11:14 139264 ----a-w- c:\windows\system32\wextract.exe
2013-12-10 11:14 . 2013-12-10 11:14 1051136 ----a-w- c:\windows\system32\mshtmlmedia.dll
2013-12-10 11:14 . 2013-12-10 11:14 61952 ----a-w- c:\windows\system32\MshtmlDac.dll
2013-12-10 11:14 . 2013-12-10 11:14 36352 ----a-w- c:\windows\system32\imgutil.dll
2013-12-10 11:14 . 2013-12-10 11:14 13312 ----a-w- c:\windows\system32\mshta.exe
2013-12-10 11:14 . 2013-12-10 11:14 111616 ----a-w- c:\windows\system32\IEAdvpack.dll
2013-12-10 11:14 . 2013-12-10 11:14 86016 ----a-w- c:\windows\system32\iesysprep.dll
2013-12-10 11:14 . 2013-12-10 11:14 74240 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2013-12-10 11:14 . 2013-12-10 11:14 48640 ----a-w- c:\windows\system32\mshtmler.dll
2013-12-10 02:13 . 2013-10-30 15:01 982232 ----a-w- c:\windows\system32\nvspcap.dll
2013-12-05 08:42 . 2013-12-20 12:42 34080 ----a-w- c:\windows\system32\drivers\nvvad32v.sys
2013-12-05 08:42 . 2013-08-31 11:51 32544 ----a-w- c:\windows\system32\nvaudcap32v.dll
2012-05-11 13:16 . 2012-05-11 13:16 171520 ----a-w- c:\program files\Common Files\dsfOggDemux2.dll
2011-04-18 21:51 . 2011-04-18 21:51 653136 ----a-w- c:\program files\Common Files\MSVCR90.dll
2011-04-18 21:51 . 2011-04-18 21:51 569680 ----a-w- c:\program files\Common Files\MSVCP90.dll
2011-01-12 01:00 . 2011-01-12 01:00 30208 ----a-w- c:\program files\Common Files\wmpinfo.dll
2011-01-12 01:00 . 2011-01-12 01:00 240128 ----a-w- c:\program files\Common Files\dsfVorbisDecoder.dll
2011-01-12 01:00 . 2011-01-12 01:00 146944 ----a-w- c:\program files\Common Files\dsfFLACDecoder.dll
2011-01-12 01:00 . 2011-01-12 01:00 221184 ----a-w- c:\program files\Common Files\dsfFLACEncoder.dll
2011-01-12 01:00 . 2011-01-12 01:00 204800 ----a-w- c:\program files\Common Files\dsfNativeFLACSource.dll
2010-12-16 20:39 . 2010-12-16 20:39 302592 ----a-w- c:\program files\Common Files\webmmux.dll
2010-12-16 20:39 . 2010-12-16 20:39 701440 ----a-w- c:\program files\Common Files\vp8encoder.dll
2010-12-16 20:39 . 2010-12-16 20:39 412672 ----a-w- c:\program files\Common Files\vp8decoder.dll
2010-12-16 20:39 . 2010-12-16 20:39 292352 ----a-w- c:\program files\Common Files\webmsplit.dll
2006-05-03 10:06 163328 --sha-r- c:\windows\System32\flvDX.dll
2007-02-21 11:47 31232 --sha-r- c:\windows\System32\msfDX.dll
2008-03-16 13:30 216064 --sha-r- c:\windows\System32\nbDX.dll
2010-01-06 22:00 107520 --sha-r- c:\windows\System32\TAKDSDecoder.dll
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{739df940-c5ee-4bab-9d7e-270894ae687a}"= "c:\program files\WhiteSmoke_New\prxtbWhit.dll" [2013-07-17 226592]
.
[HKEY_CLASSES_ROOT\clsid\{739df940-c5ee-4bab-9d7e-270894ae687a}]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{739DF940-C5EE-4BAB-9D7E-270894AE687A}"= "c:\program files\WhiteSmoke_New\prxtbWhit.dll" [2013-07-17 226592]
.
[HKEY_CLASSES_ROOT\clsid\{739df940-c5ee-4bab-9d7e-270894ae687a}]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1]
@="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"
[HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]
2014-01-22 09:18 220632 ----a-w- c:\users\champ\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2]
@="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"
[HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]
2014-01-22 09:18 220632 ----a-w- c:\users\champ\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3]
@="{BBACC218-34EA-4666-9D7A-C78F2274A524}"
[HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]
2014-01-22 09:18 220632 ----a-w- c:\users\champ\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\SkyDriveShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2014-01-17 5625624]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1174016]
"MMAgent"="c:\program files\Mobile Master\MMAgent.exe" [2013-11-07 1412080]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"c:\windows\system32\V0520Ext.ax"="c:\windows\system32\V0520Ext.ax" [X]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2014-02-20 689744]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2010-11-19 9874024]
"NvBackend"="c:\program files\NVIDIA Corporation\Update Core\NvBackend.exe" [2013-12-10 2279712]
"BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2012-11-05 89184]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2013-07-02 254336]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2013-3-7 813584]
MobileGo Service.lnk - c:\program files\Wondershare\MobileGo for Android\MobileGoService.exe [2013-12-25 103312]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-07-19 113024]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
2009-07-20 11:28 72208 ----a-w- c:\program files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Audible Download Manager.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Audible Download Manager.lnk
backup=c:\windows\pss\Audible Download Manager.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Biet-O-Matic.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Biet-O-Matic.lnk
backup=c:\windows\pss\Biet-O-Matic.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2013-11-21 16:57 959904 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AlcoholAutomount]
2010-08-20 11:03 33120 ----a-w- c:\program files\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\APSDaemon]
2013-04-21 19:43 59720 ----a-w- c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2013-08-16 07:07 152392 ----a-w- c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"KiesPDLR"=c:\program files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
"PDFImpressWatcher"=c:\program files\BinaryNow\PDFImpress 2013\PDFImpressWatcher.exe
"Software Informer"="c:\program files\Software Informer\softinfo.exe" -autorun
"KiesPreload"=c:\program files\Samsung\Kies\Kies.exe /preload
"SoundFrost"=c:\program files\SoundFrost\SoundFrost.exe
"SoundFrost Service"=c:\program files\SoundFrost\SoundFrostService.exe
"SDP"=c:\users\champ\AppData\Local\FilesFrog Update Checker\update_checker.exe /auto
"Skype"="c:\program files\Skype\Phone\Skype.exe" /minimized /regrun
"Amazon Cloud Player"="c:\users\champ\AppData\Local\Amazon Cloud Player\Amazon Music Helper.exe"
"AmazonMP3DownloaderHelper"=c:\users\champ\AppData\Local\Program Files\Amazon\MP3 Downloader\AmazonMP3DownloaderHelper.exe
"Wondershare Helper Compact"="c:\program files\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe"
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe"
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"Easy-PrintToolBox"=c:\program files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE /logon
"KiesTrayAgent"=c:\program files\Samsung\Kies\KiesTrayAgent.exe
"TrayServer"=c:\progra~1\MAGIX\VIDEO_~1\TrayServer.exe
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
"ApnUpdater"="c:\program files\Ask.com\Updater\Updater.exe"
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe"
"NUSB3MON"="c:\program files\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"
"Nvtmru"="c:\program files\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe"
"ASUS Ai Charger"=c:\program files\ASUS\ASUS Ai Charger\AiChargerAP.exe
"BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" /DelayServices
"mylbx"=c:\program files\My Lockbox\mylbx.exe /a
"Live! Central 3"="c:\program files\Creative\Creative Live! Cam\Live! Central 3\CTLVCentral3.exe" /mode2
"VirtualCloneDrive"="c:\program files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s
"Ashampoo Core Tuner 2"="c:\program files\Ashampoo\Ashampoo Core Tuner 2\ACT2.exe" -TRAY
"Iminent"=c:\program files\Iminent\Iminent.exe /warmup "F77F87E5-A6BD-4922-A530-EDF63D7E9F8C"
"IminentMessenger"=c:\program files\Iminent\Iminent.Messengers.exe
"Wondershare Helper Compact.exe"=c:\program files\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe
"ShadowPlay"=c:\windows\system32\rundll32.exe c:\windows\system32\nvspcap.dll,ShadowPlayOnSystemStart
"Wondershare Helper Compact"="c:\program files\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe"
.
R2 2384af53;Network Acceleration;c:\windows\system32\rundll32.exe [2009-07-14 44544]
R2 CGVPNCliService;CyberGhost VPN 5 Client Service;c:\program files\CyberGhost VPN\Service.exe [2014-01-16 64112]
R2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [2013-09-05 171680]
R3 BTCFilterService;USB Networking Driver Filter Service;c:\windows\system32\DRIVERS\motfilt.sys [2013-03-20 6272]
R3 CH341SER;CH341SER;c:\windows\system32\Drivers\CH341SER.SYS [2011-11-04 39696]
R3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\DRIVERS\CtClsFlt.sys [2010-08-31 147040]
R3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudbus.sys [2012-09-19 83168]
R3 DigiartyVirtualCDBus;Digiarty Virtual Driver;c:\windows\system32\drivers\DigiartyVirtualCDBus.sys [2012-09-06 163616]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe [2014-02-06 108032]
R3 KMWDFILTERx86;HIDServiceDesc;c:\windows\system32\DRIVERS\KMWDFILTER.sys [2009-04-29 25088]
R3 motccgp;Motorola USB Composite Device Driver;c:\windows\system32\DRIVERS\motccgp.sys [2013-03-19 21376]
R3 Motousbnet;Motorola USB Networking Driver Service;c:\windows\system32\DRIVERS\Motousbnet.sys [2013-03-19 23936]
R3 motusbdevice;Motorola USB Dev Driver;c:\windows\system32\DRIVERS\motusbdevice.sys [2013-03-20 11264]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2010-11-20 15872]
R3 RTTEAMPT;Realtek Teaming Protocol Driver (NDIS 6.0);c:\windows\system32\DRIVERS\RtTeam60.sys [2010-05-20 35328]
R3 RTVLANPT;Realtek Vlan Protocol Driver (NDIS 6.0);c:\windows\system32\DRIVERS\RtVlan60.sys [2010-05-20 19968]
R3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudmdm.sys [2012-09-19 181344]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]
R3 V0520Vid;Creative Camera VF0520 Driver;c:\windows\system32\DRIVERS\V0520Vid.sys [2011-09-02 244448]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
R4 ACT2_Service;Ashampoo Core Tuner 2 Service;c:\program files\Ashampoo\Ashampoo Core Tuner 2\ACT2Service.exe [2011-08-22 1421216]
R4 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;c:\program files\MAGIX\Common\Database\bin\fbserver.exe [2005-11-17 1527900]
R4 Skype C2C Service;Skype C2C Service;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2012-10-02 3064000]
R4 SProtection;SProtection;c:\program files\Common Files\Umbrella\umbrella.exe [2013-11-21 2905408]
R4 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2013-10-23 414496]
R4 TeamViewer7;TeamViewer 7;c:\program files\TeamViewer\Version7\TeamViewer_Service.exe [2013-02-22 2849120]
S0 AiCharger;ASUS Charger Driver;c:\windows\system32\DRIVERS\AiCharger.sys [2010-10-20 13440]
S0 FSProFilter;FSPro File Filter;c:\windows\System32\Drivers\FSPFltd.sys [2010-07-22 41912]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2012-08-14 436792]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [2013-10-01 37352]
S1 Ext2Fsd;Linux ext2 file system driver; [x]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2011-07-22 12880]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2011-07-12 67664]
S1 Uim_Vim;UIM Virtual Image Plugin;c:\windows\system32\Drivers\Uim_Vim.sys [2012-06-09 283344]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE.EXE [2012-07-11 116608]
S2 ACT2PM;Ashampoo CoreTuner 2 ProcessMonitor Driver;c:\program files\Ashampoo\Ashampoo Core Tuner 2\ACT2ProcessMonitor32.sys [2011-06-10 14648]
S2 ADExchange;ArcSoft Exchange Service;c:\program files\Common Files\ArcSoft\esinter\Bin\eservutil.exe [2012-03-19 43072]
S2 AntiVirSchedulerService;Avira Planer;c:\program files\Avira\AntiVir Desktop\sched.exe [2014-02-20 440400]
S2 KMService;KMService;c:\windows\system32\srvany.exe [2003-04-18 8192]
S2 Motorola Device Manager;Motorola Device Manager Service;c:\program files\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe [2013-11-15 137528]
S2 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2009-10-20 50704]
S2 NvNetworkService;NVIDIA Network Service;c:\program files\NVIDIA Corporation\NetService\NvNetworkService.exe [2013-12-10 1494304]
S2 NvStreamSvc;NVIDIA Streamer Service;c:\program files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [2013-12-10 14658848]
S2 PST Service;PST Service;c:\program files\Motorola\MotForwardDaemon\ForwardDaemon.exe [2011-09-02 65657]
S2 RtNdPt60;Realtek NDIS Protocol Driver;c:\windows\system32\DRIVERS\RtNdPt60.sys [2010-05-20 27648]
S2 Secunia PSI Agent;Secunia PSI Agent;c:\program files\Secunia\PSI\PSIA.exe [2012-07-25 1326176]
S2 Secunia Update Agent;Secunia Update Agent;c:\program files\Secunia\PSI\sua.exe [2012-07-25 681056]
S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2010-12-20 2656280]
S3 dc3d;Microsoft-Hardware – Geräteerkennungstreiber;c:\windows\system32\DRIVERS\dc3d.sys [2013-05-06 65200]
S3 MEI;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECI.sys [2010-10-19 41088]
S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [2010-12-10 62336]
S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [2010-12-10 141440]
S3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM);c:\windows\system32\drivers\nvvad32v.sys [2013-12-05 34080]
S3 PSI;PSI;c:\windows\system32\DRIVERS\psi_mf.sys [2010-09-01 15544]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2010-05-20 189440]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-12-05 13:36 1210320 ----a-w- c:\program files\Google\Chrome\Application\31.0.1650.63\Installer\chrmstp.exe
.
Inhalt des "geplante Tasks" Ordners
.
2014-02-25 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-08-09 10:06]
.
2014-01-20 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2013-07-16 16:13]
.
2014-01-20 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2013-07-16 16:13]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = about:blank
mStart Page = about:blank
uInternet Settings,ProxyOverride = <-loopback>;192.168.*.*
uSearchAssistant = hxxp://feed.snap.do/?publisher=Download&dpid=Download&co=DE&userid=04218859-915e-4fc0-99b8-fe282763f94f&searchtype=ds&q={searchTerms}
IE: Add to CaptureSaver - c:\program files\CaptureSaver\\AddFromIE.htm
IE: An OneNote s&enden - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105
IE: Free YouTube Download - c:\users\champ\AppData\Roaming\DVDVideoSoftIEHelpers\freeytvdownloader.htm
IE: Free YouTube to MP3 Converter - c:\users\champ\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
IE: Nach Microsoft E&xcel exportieren - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{0DE14902-7548-44E9-BC59-FA3539C2369E}: NameServer = 79.141.167.14,79.141.160.23
TCP: Interfaces\{7CE9DE5E-0F4B-422A-B0D8-40EA3BA96378}: NameServer = 79.141.167.14,79.141.160.23
FF - ProfilePath - c:\users\champ\AppData\Roaming\Mozilla\Firefox\Profiles\h11x55ps.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3289847&CUI=UN13912262031534828&UM=2&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.startup.homepage - hxxp://www.handelsblatt.com/
FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3289847&SearchSource=2&CUI=UN13912262031534828&UM=2&q=
FF - user.js: extensions.delta.tlbrSrchUrl -
FF - user.js: extensions.delta.id - bacdaa3100000000000000ff832929a7
FF - user.js: extensions.delta.appId - {C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}
FF - user.js: extensions.delta.instlDay - 15868
FF - user.js: extensions.delta.vrsn - 1.8.21.5
FF - user.js: extensions.delta.vrsni - 1.8.21.5
FF - user.js: extensions.delta.vrsnTs - 1.8.21.518:48
FF - user.js: extensions.delta.prtnrId - delta
FF - user.js: extensions.delta.prdct - delta
FF - user.js: extensions.delta.aflt - babsst
FF - user.js: extensions.delta.smplGrp - none
FF - user.js: extensions.delta.tlbrId - base
FF - user.js: extensions.delta.instlRef - sst
FF - user.js: extensions.delta.dfltLng - de
FF - user.js: extensions.delta.excTlbr - false
FF - user.js: extensions.delta.ffxUnstlRst - true
FF - user.js: extensions.delta.admin - false
FF - user.js: extensions.delta_i.babTrack - affID=121845&tt=120613_adn
FF - user.js: extensions.delta_i.babExt -
FF - user.js: extensions.delta_i.srcExt - ss
FF - user.js: extensions.delta.autoRvrt - false
FF - user.js: extensions.delta.rvrt - false
FF - user.js: extensions.delta.newTab - false
FF - user.js: extensions.autoDisableScopes - 0
FF - user.js: extensions.shownSelectionUI - true
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: nglayout.initialpaint.delay - 600
FF - user.js: content.notify.interval - 600000
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.switch.threshold - 600000
FF - user.js: extensions.irspeeddial.aflt - fxtb103
FF - user.js: extensions.irspeeddial.instlRef -
FF - user.js: extensions.irspeeddial.cr - 588686246
FF - user.js: extensions.irspeeddial.cd - 2XzuyEtN2Y1L1QzuyDyEtDyE0AyC0ByC0F0DtAyD0A0AtAtCtN0D0Tzu0CyCyByCtN1L2XzutBtFtBtFyBtFtCtBtDtCtN1L1Czu1G2Z1S
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
URLSearchHooks-{5786d022-540e-4699-b350-b4be0ae94b79} - (no file)
WebBrowser-{5786D022-540E-4699-B350-B4BE0AE94B79} - (no file)
AddRemove-01_Simmental - c:\program files\Samsung\USB Drivers\01_Simmental\Uninstall.exe
AddRemove-02_Siberian - c:\program files\Samsung\USB Drivers\02_Siberian\Uninstall.exe
AddRemove-03_Swallowtail - c:\program files\Samsung\USB Drivers\03_Swallowtail\Uninstall.exe
AddRemove-04_semseyite - c:\program files\Samsung\USB Drivers\04_semseyite\Uninstall.exe
AddRemove-05_Sloan - c:\program files\Samsung\USB Drivers\05_Sloan\Uninstall.exe
AddRemove-06_Spencer - c:\program files\Samsung\USB Drivers\06_Spencer\Uninstall.exe
AddRemove-07_Schorl - c:\program files\Samsung\USB Drivers\07_Schorl\Uninstall.exe
AddRemove-08_EMPChipset - c:\program files\Samsung\USB Drivers\08_EMPChipset\Uninstall.exe
AddRemove-09_Hsp - c:\program files\Samsung\USB Drivers\09_Hsp\Uninstall.exe
AddRemove-11_HSP_Plus_Default - c:\program files\Samsung\USB Drivers\11_HSP_Plus_Default\Uninstall.exe
AddRemove-16_Shrewsbury - c:\program files\Samsung\USB Drivers\16_Shrewsbury\Uninstall.exe
AddRemove-17_EMP_Chipset2 - c:\program files\Samsung\USB Drivers\17_EMP_Chipset2\Uninstall.exe
AddRemove-18_Zinia_Serial_Driver - c:\program files\Samsung\USB Drivers\18_Zinia_Serial_Driver\Uninstall.exe
AddRemove-19_VIA_driver - c:\program files\Samsung\USB Drivers\19_VIA_driver\Uninstall.exe
AddRemove-20_NXP_Driver - c:\program files\Samsung\USB Drivers\20_NXP_Driver\Uninstall.exe
AddRemove-21_Searsburg - c:\program files\Samsung\USB Drivers\21_Searsburg\Uninstall.exe
AddRemove-22_WiBro_WiMAX - c:\program files\Samsung\USB Drivers\22_WiBro_WiMAX\Uninstall.exe
AddRemove-24_flashusbdriver - c:\program files\Samsung\USB Drivers\24_flashusbdriver\Uninstall.exe
AddRemove-25_escape - c:\program files\Samsung\USB Drivers\25_escape\Uninstall.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_12_0_0_70_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_12_0_0_70_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2014-02-25 21:46:44
ComboFix-quarantined-files.txt 2014-02-25 20:46
.
Vor Suchlauf: 19 Verzeichnis(se), 493.260.128.256 Bytes frei
Nach Suchlauf: 25 Verzeichnis(se), 493.890.932.736 Bytes frei
.
- - End Of File - - 1B57107F8DC10444324A34757E6CAB05
72B8CE41AF0DE751C946802B3ED844B4 Alles ist wunderbar gelaufen! Firefox blitzschnell ohne lästige Werbung! .. konnte aber leider heute morgen nur im abgesicherten Modus mit Systemwiederherstellung von gestern starten. Vielleich liegts auch daran, dass ich gestern Malwarebytes Anti-Malware als Vollversion installiert habe... Danke nochmal ! |
|
27.02.2014, 09:25
| #6 |
| /// the machine /// TB-Ausbilder | nach Scan mit Malewarebytes folgender Log Downloade Dir bitte  Malwarebytes Anti-Malware
Downloade Dir bitte  AdwCleaner auf deinen Desktop.
Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
und ein frisches FRST log bitte.
__________________ --> nach Scan mit Malewarebytes folgender Log |
|
28.02.2014, 10:08
| #7 |
| | nach Scan mit Malewarebytes folgender Log nach dem Einsatz von malewarebytes musste ich den PC immer wieder wiederherstellen... die anderen 3 Programme arbeiten ohne Probleme Der Scan von Malewarebytes erfolgte jetzt aber noch einmal zum Schluss und es waren nur noch 6 Störenfriede drauf.... Schade jetzt habe ich mir Malewarebytes gerade als Vollversion gekauft und jetzt diese Probleme... Ich versuche jetzt noch einmal einen Neustart danach ! Danke! Ein kleine Spende folgt |
|
28.02.2014, 11:11
| #8 |
| | nach Scan mit Malewarebytes folgender Log ...alles wie gehabt mit malewarebytes Nach dem Runterfahren bleibt der PC stecken, der Desktop oeffnet sich zwar, aber es kommen keine Programmicons.... gut das es die Systemwiederherstellung gibt! |
|
01.03.2014, 10:41
| #9 |
| /// the machine /// TB-Ausbilder | nach Scan mit Malewarebytes folgender Log Hi, Logs bitte immer in den Thread posten. Zur Not aufteilen und mehrere Posts nutzen.  So funktioniert es:Posten in CODE-Tags Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert mir massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu gross für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
Das frische FRST log fehlt. MBAM schonmal neu installiert?
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
| Themen zu nach Scan mit Malewarebytes folgender Log |
| entferne, folge, folgende, folgender, gescannt, liste, log, logdatei, malewarebytes, nicht mehr, scan, starte, startet, windows, windows 7 |
Linear-Darstellung
