|
Log-Analyse und Auswertung: Windows 7 JS/Kryptik.I TrojanerWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
11.05.2014, 02:16 | #1 |
| Windows 7 JS/Kryptik.I Trojaner Hey, Ich habe seit Heute morgen ein Problem . Ich habe nicht verändert oder sonst etwas . Mein kleiner Bruder war zwar morgens am Rechner aber spielte nur Minecraft . Doch plötzlich wird mir eine JS/Kryptik.I Trojana Meldung von ESET angezeigt immer wenn ich im Internet ihrgent was suche . hxxp://puu.sh/8Hq5j.png . Ich weis nicht so recht was ich machen soll ich mich probiert im Internet schlau zu machen aber leider ohne Erfolg . Jetzt hoffe ich auf ihre Hilfe . mfg LikeaBOSS |
11.05.2014, 05:55 | #2 |
/// the machine /// TB-Ausbilder | Windows 7 JS/Kryptik.I Trojaner hi,
__________________Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop: FRST 32-Bit | FRST 64-Bit (Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
__________________ |
11.05.2014, 21:59 | #3 |
| Windows 7 JS/Kryptik.I Trojaner Danke für die schnelle Antwort
__________________FRST Logfile: FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:11-05-2014 Ran by Flo (administrator) on FLO-PC on 11-05-2014 11:21:54 Running from C:\Users\Flo\downloads Platform: Microsoft Windows 7 Ultimate Service Pack 1 (X86) OS Language: German Standard Internet Explorer Version 11 Boot Mode: Normal ==================== Processes (Whitelisted) ================= (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (DeviceVM, Inc.) C:\Program Files\DeviceVM\Browser Configuration Utility\BCUService.exe (BUP) C:\Users\Flo\AppData\Roaming\BupSystem\bup.exe () C:\Program Files\Dokan\DokanLibrary\mounter.exe (ESET) C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe (Hi-Rez Studios) C:\Program Files\Hi-Rez Studios\HiPatchService.exe (LogMeIn, Inc.) C:\Program Files\LogMeIn Hamachi\LMIGuardianSvc.exe () C:\Windows\System32\PnkBstrA.exe () C:\Users\Flo\AppData\Roaming\OCS\SM\SearchAnonymizerHelper.exe (ASUSTeK Computer Inc.) C:\Program Files\ASUS\EPU-4 Engine\FourEngine.exe (Skype Technologies S.A.) C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe (DeviceVM, Inc.) C:\Program Files\DeviceVM\Browser Configuration Utility\BCU.exe (ESET) C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe (Razer Inc.) C:\Program Files\Razer\Synapse\RzSynapse.exe (TeamViewer GmbH) C:\Program Files\TeamViewer\Version8\TeamViewer_Service.exe (TuneUp Software) C:\Program Files\TuneUp Utilities 2014\TuneUpUtilitiesService32.exe (Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE (LogMeIn Inc.) C:\Program Files\LogMeIn Hamachi\hamachi-2.exe (Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE (LogMeIn Inc.) C:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe () C:\Program Files\puush\puush.exe (Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe (Akamai Technologies, Inc.) C:\Users\Flo\AppData\Local\Akamai\netsession_win.exe (Skype Technologies S.A.) C:\Program Files\Skype\Phone\Skype.exe (Realtime Soft Ltd) C:\Program Files\UltraMon\UltraMon.exe (Akamai Technologies, Inc.) C:\Users\Flo\AppData\Local\Akamai\netsession_win.exe (Realtime Soft Ltd) C:\Program Files\UltraMon\UltraMonTaskbar.exe (TuneUp Software) C:\Program Files\TuneUp Utilities 2014\TuneUpUtilitiesApp32.exe (Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe (Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe (Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ink\InputPersonalization.exe (Realtime Soft Ltd) C:\Program Files\UltraMon\UltraMonUiAcc.exe ==================== Registry (Whitelisted) ================== HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [9874024 2010-11-19] (Realtek Semiconductor) HKLM\...\Run: [BCU] => C:\Program Files\DeviceVM\Browser Configuration Utility\BCU.exe [411864 2010-03-05] (DeviceVM, Inc.) HKLM\...\Run: [egui] => C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe [2219184 2011-01-12] (ESET) HKLM\...\Run: [Ocs_SM] => C:\Users\Flo\AppData\Roaming\OCS\SM\SearchAnonymizer.exe [106496 2013-04-17] (OCS) HKLM\...\Run: [] => [X] HKLM\...\Run: [Razer Synapse] => C:\Program Files\Razer\Synapse\RzSynapse.exe [585048 2014-04-17] (Razer Inc.) HKLM\...\Run: [4StoryPrePatch] => C:\Program Files\GameforgeLive\Games\DEU_deu\4Story\PrePatch.exe HKLM\...\Run: [LogMeIn Hamachi Ui] => C:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe [3814736 2014-04-15] (LogMeIn Inc.) HKU\S-1-5-21-487487431-3654296458-3124388536-1000\...\Run: [puush] => C:\Program Files\puush\puush.exe [567880 2013-07-14] () HKU\S-1-5-21-487487431-3654296458-3124388536-1000\...\Run: [Akamai NetSession Interface] => C:\Users\Flo\AppData\Local\Akamai\netsession_win.exe [4672920 2014-04-17] (Akamai Technologies, Inc.) HKU\S-1-5-21-487487431-3654296458-3124388536-1000\...\Run: [Skype] => C:\Program Files\Skype\Phone\Skype.exe [20922016 2014-02-10] (Skype Technologies S.A.) HKU\S-1-5-21-487487431-3654296458-3124388536-1000\...\MountPoints2: {5ade5301-2023-11e2-b131-b9180fdef40e} - E:\Startme.exe Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\UltraMon.lnk ShortcutTarget: UltraMon.lnk -> C:\Windows\Installer\{9069EE0A-7615-4D86-AD80-CA263E936DA6}\IcoUltraMon.ico () ==================== Internet (Whitelisted) ==================== HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/ HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xC47FC954C219CF01 URLSearchHook: HKLM - Default Value = {CCC7B159-1D8C-11E3-B2AD-F3EF3D58318D} URLSearchHook: HKLM - SiteFinder - {CCC7B159-1D8C-11E3-B2AD-F3EF3D58318D} - C:\Program Files\SiteFinder\SiteFinder.dll () URLSearchHook: HKCU - SearchHook Class - {BC86E1AB-EDA5-4059-938F-CE307B0C6F0A} - C:\Program Files\DeviceVM\Browser Configuration Utility\AddressBarSearch.dll (DeviceVM, Inc.) SearchScopes: HKLM - DefaultScope {EEE6C360-6118-11DC-9C72-001320C79847} URL = hxxp://search.sweetim.com/search.asp?src=6&crg=3.1010000&st=18&q={searchTerms}&barid={C57B1502-964E-4590-8F7E-1D85286F8DB2} SearchScopes: HKLM - {EEE6C360-6118-11DC-9C72-001320C79847} URL = hxxp://search.sweetim.com/search.asp?src=6&crg=3.1010000&st=18&q={searchTerms}&barid={C57B1502-964E-4590-8F7E-1D85286F8DB2} SearchScopes: HKCU - DefaultScope {40993C37-915F-4f55-B1DD-DE01F5059A7F} URL = hxxp://www.google.com.anonymize-me.de/?anonymto=687474703A2F2F7777772E676F6F676C652E636F6D2F637573746F6D3F636C69656E743D7075622D3337393432383839343737363237383826666F7269643D31266368616E6E656C3D353336393937303930352669653D5554462D38266F653D5554462D3826736166653D61637469766526636F663D47414C54253341253233303038303030253342474C25334131253342444956253341253233333336363939253342564C43253341363633333939253342414825334163656E7465722533424247432533414646464646462533424C424743253341333336363939253342414C432533413030303046462533424C432533413030303046462533425425334130303030303025334247464E5425334130303030464625334247494D50253341303030304646253342464F5249442533413126686C3D646526713D7B7365617263685465726D737D&st={searchTerms}&clid=60b152dd-3a4a-4e18-9a29-3956ca14e831&pid=freewarede&k=0 SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com.anonymize-me.de/?anonymto=687474703A2F2F7777772E62696E672E636F6D2F7365617263683F713D7B7365617263685465726D737D267372633D49452D536561726368426F7826464F524D3D494538535243&st={searchTerms}&clid=60b152dd-3a4a-4e18-9a29-3956ca14e831&pid=freewarede&k=0 SearchScopes: HKCU - {28A88DA5-02AA-4BB1-9E80-AAC3E5022D0F} URL = hxxp://www.amazon.de.anonymize-me.de/?to=616D617A6F6E2E6465&st={searchTerms}&clid=60b152dd-3a4a-4e18-9a29-3956ca14e831&pid=freewarede&mode=bounce&k=0 SearchScopes: HKCU - {2E759618-6D37-4951-BA80-F362534C4CA4} URL = hxxp://www.myvideo.de.anonymize-me.de/?to=6D79766964656F2E6465&st={searchTerms}&clid=60b152dd-3a4a-4e18-9a29-3956ca14e831&pid=freewarede&mode=bounce&k=0 SearchScopes: HKCU - {40993C37-915F-4f55-B1DD-DE01F5059A7F} URL = hxxp://www.google.com.anonymize-me.de/?anonymto=687474703A2F2F7777772E676F6F676C652E636F6D2F637573746F6D3F636C69656E743D7075622D3337393432383839343737363237383826666F7269643D31266368616E6E656C3D353336393937303930352669653D5554462D38266F653D5554462D3826736166653D61637469766526636F663D47414C54253341253233303038303030253342474C25334131253342444956253341253233333336363939253342564C43253341363633333939253342414825334163656E7465722533424247432533414646464646462533424C424743253341333336363939253342414C432533413030303046462533424C432533413030303046462533425425334130303030303025334247464E5425334130303030464625334247494D50253341303030304646253342464F5249442533413126686C3D646526713D7B7365617263685465726D737D&st={searchTerms}&clid=60b152dd-3a4a-4e18-9a29-3956ca14e831&pid=freewarede&k=0 SearchScopes: HKCU - {534D23B2-6818-431D-BF91-74A9FE9148A4} URL = hxxp://www.pricerunner.de.anonymize-me.de/?to=707269636572756E6E65722E6465&st={searchTerms}&clid=60b152dd-3a4a-4e18-9a29-3956ca14e831&pid=freewarede&mode=bounce&k=0 SearchScopes: HKCU - {5F502FF9-0E39-4ed3-88AC-3D2B96838EEC} URL = hxxp://de.search.yahoo.com.anonymize-me.de/?anonymto=687474703A2F2F64652E7365617263682E7961686F6F2E636F6D2F7365617263683F703D7B7365617263685465726D737D2666723D6368722D646576696365766D26747970653D45474D42&st={searchTerms}&clid=60b152dd-3a4a-4e18-9a29-3956ca14e831&pid=freewarede&k=0 SearchScopes: HKCU - {953E39CE-5202-402B-A2D4-D6352794D4CF} URL = hxxp://search.ebay.de.anonymize-me.de/?to=656261792E6465&st={searchTerms}&clid=60b152dd-3a4a-4e18-9a29-3956ca14e831&pid=freewarede&mode=bounce&k=0 SearchScopes: HKCU - {A6484BEF-A292-4291-8D75-7BA691D37B11} URL = hxxp://de.wikipedia.org.anonymize-me.de/?to=64652E77696B6970656469612E6F7267&st={searchTerms}&clid=60b152dd-3a4a-4e18-9a29-3956ca14e831&pid=freewarede&mode=bounce&k=0 SearchScopes: HKCU - {AA2F6EFB-10ED-4746-93F4-AFC27CD0DF1A} URL = hxxp://www.otto.de.anonymize-me.de/?to=6F74746F2E6465&st={searchTerms}&clid=60b152dd-3a4a-4e18-9a29-3956ca14e831&pid=freewarede&mode=bounce&k=0 SearchScopes: HKCU - {EEE6C360-6118-11DC-9C72-001320C79847} URL = hxxp://search.sweetim.com.anonymize-me.de/?anonymto=687474703A2F2F7365617263682E7377656574696D2E636F6D2F7365617263682E6173703F7372633D36266372673D332E313031303030302673743D313826713D7B7365617263685465726D737D2662617269643D7B43353742313530322D393634452D343539302D384637452D3144383532383646384442327D&st={searchTerms}&clid=60b152dd-3a4a-4e18-9a29-3956ca14e831&pid=freewarede&k=0 BHO: Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) BHO: Web Assistant - {336D0C35-8A85-403a-B9D2-65C292C39087} - No File BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) BHO: Skype Browser Helper - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) Toolbar: HKLM - SiteFinder - {CCC7B159-1D8C-11E3-B2AD-F3EF3D58318D} - C:\Program Files\SiteFinder\SiteFinder.dll () Toolbar: HKCU - No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File Toolbar: HKCU - No Name - {EEE6C35B-6118-11DC-9C72-001320C79847} - No File DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab DPF: {C8BC46C7-921C-4102-B67D-F1F7E65FB0BE} https://battlefield.play4free.com/static/updater/BP4FUpdater_1.0.96.0.cab DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies) Tcpip\Parameters: [DhcpNameServer] 192.168.178.1 FireFox: ======== FF ProfilePath: C:\Users\Flo\AppData\Roaming\Mozilla\Firefox\Profiles\lkky777v.default FF user.js: detected! => C:\Users\Flo\AppData\Roaming\Mozilla\Firefox\Profiles\lkky777v.default\user.js FF NewTab: hxxp://mystart.incredibar.com/mb155?a=6OyGrNTJ4g&loc=FF_NT FF DefaultSearchEngine: Yahoo FF SearchEngineOrder.1: Yahoo FF SearchEngineOrder.2: Google FF SelectedSearchEngine: Yahoo FF Homepage: www.Google.de FF Keyword.URL: hxxp://de.search.yahoo.com/search?fr=ytff-devicevm&type=EGMB&p= FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_13_0_0_206.dll () FF Plugin: @gamersfirst.com/LiveLauncher - C:\Program Files\GamersFirst\LIVE!\nplivelauncher.dll No File FF Plugin: @java.com/DTPlugin,version=10.25.2 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=10.25.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin: @microsoft.com/WLPG,version=15.4.3538.0513 - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin: @microsoft.com/WLPG,version=15.4.3555.0308 - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin: @ngm.nexoneu.com/NxGame - C:\ProgramData\NexonEU\NGM\npNxGameEU.dll (Nexon) FF Plugin: @nvidia.com/3DVision - C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation) FF Plugin: @nvidia.com/3DVisionStreaming - C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation) FF Plugin: @pandonetworks.com/PandoWebPlugin - C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks) FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.) FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.) FF Plugin: @videolan.org/vlc,version=2.1.0 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN) FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF Plugin HKCU: pandonetworks.com/PandoWebPlugin - C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.) FF SearchPlugin: C:\Users\Flo\AppData\Roaming\Mozilla\Firefox\Profiles\lkky777v.default\searchplugins\{754345EE-769C-4465-8A0B-5626932B65D2}.xml FF SearchPlugin: C:\Users\Flo\AppData\Roaming\Mozilla\Firefox\Profiles\lkky777v.default\searchplugins\{959E0D04-C29C-458A-8997-F4AB2E049CE9}.xml FF SearchPlugin: C:\Users\Flo\AppData\Roaming\Mozilla\Firefox\Profiles\lkky777v.default\searchplugins\{9E1855AC-5028-4809-BEF0-57D25B3920B2}.xml FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\amazondotcom-de.xml FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\eBay-de.xml FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\leo_ende_de.xml FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\yahoo-de.xml FF Extension: FireJump - C:\Users\Flo\AppData\Roaming\Mozilla\Firefox\Profiles\lkky777v.default\Extensions\firejump@firejump.net [2013-04-17] FF Extension: Site Matcher - C:\Users\Flo\AppData\Roaming\Mozilla\Firefox\Profiles\lkky777v.default\Extensions\sitematcher@sitematcher.com [2014-05-07] FF Extension: Foxy Security - C:\Users\Flo\AppData\Roaming\Mozilla\Firefox\Profiles\lkky777v.default\Extensions\sys@foxysecurity.com [2014-05-07] FF Extension: Adblock Plus - C:\Users\Flo\AppData\Roaming\Mozilla\Firefox\Profiles\lkky777v.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-05-01] FF Extension: Skype Click to Call - C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2014-05-10] FF HKLM\...\Firefox\Extensions: [{336D0C35-8A85-403a-B9D2-65C292C39087}] - C:\Program Files\Web Assistant\Firefox FF HKLM\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird FF Extension: ESET Smart Security Extension - C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird [2011-08-25] FF HKCU\...\Firefox\Extensions: [sparpilot@sparpilot.com] - C:\Users\Flo\AppData\Roaming\Mozilla\Firefox\Profiles\lkky777v.default\extensions\sparpilot@sparpilot.com FF HKCU\...\Firefox\Extensions: [firejump@firejump.net] - C:\Users\Flo\AppData\Roaming\Mozilla\Firefox\Profiles\lkky777v.default\extensions\firejump@firejump.net FF Extension: FireJump - C:\Users\Flo\AppData\Roaming\Mozilla\Firefox\Profiles\lkky777v.default\extensions\firejump@firejump.net [2013-04-17] Chrome: ======= CHR Extension: (Docs) - C:\Users\Flo\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-04-28] CHR HKLM\...\Chrome\Extension: [dlnembnfbcpjnepmfjmngjenhhajpdfd] - C:\Program Files\Web Assistant\source.crx [2014-04-28] ========================== Services (Whitelisted) ================= R2 BCUService; C:\Program Files\DeviceVM\Browser Configuration Utility\BCUService.exe [235752 2010-03-05] (DeviceVM, Inc.) S3 BEService; C:\Program Files\Common Files\BattlEye\BEService.exe [49152 2013-08-18] () R2 bupService; C:\Users\Flo\AppData\Roaming\BupSystem\bup.exe [642048 2014-04-14] (BUP) R2 DokanMounter; C:\Program Files\Dokan\DokanLibrary\mounter.exe [14848 2011-01-10] () S3 EhttpSrv; C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe [33584 2011-01-12] (ESET) R2 ekrn; C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe [810144 2011-01-12] (ESET) R2 Hamachi2Svc; C:\Program Files\LogMeIn Hamachi\hamachi-2.exe [1682256 2014-04-15] (LogMeIn Inc.) U2 HiPatchService; C:\Program Files\Hi-Rez Studios\HiPatchService.exe [8704 2012-07-12] (Hi-Rez Studios) R2 LMIGuardianSvc; C:\Program Files\LogMeIn Hamachi\LMIGuardianSvc.exe [375056 2014-04-08] (LogMeIn, Inc.) S3 OverwolfUpdaterService; C:\Program Files\Overwolf\\OverwolfUpdater.exe [16616 2011-11-20] (Overwolf Ltd) R2 PnkBstrA; C:\Windows\system32\PnkBstrA.exe [76888 2012-07-25] () R2 SearchAnonymizer; C:\Users\Flo\AppData\Roaming\OCS\SM\SearchAnonymizerHelper.exe [40960 2013-04-17] () R2 Skype C2C Service; C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe [3048136 2012-07-05] (Skype Technologies S.A.) R2 TuneUp.UtilitiesSvc; C:\Program Files\TuneUp Utilities 2014\TuneUpUtilitiesService32.exe [1742136 2013-12-18] (TuneUp Software) ==================== Drivers (Whitelisted) ==================== R1 AsIO; C:\Windows\System32\drivers\AsIO.sys [11296 2009-08-04] () R2 atksgt; C:\Windows\System32\DRIVERS\atksgt.sys [281760 2013-03-03] () R2 Dokan; C:\Windows\system32\drivers\dokan.sys [95744 2011-01-10] (Windows (R) Win 7 DDK provider) R2 eamonm; C:\Windows\System32\DRIVERS\eamonm.sys [137144 2010-12-21] (ESET) R1 ehdrv; C:\Windows\System32\DRIVERS\ehdrv.sys [115008 2010-12-21] (ESET) R2 epfwwfpr; C:\Windows\System32\DRIVERS\epfwwfpr.sys [95384 2010-12-21] (ESET) R3 hamachi; C:\Windows\System32\DRIVERS\hamachi.sys [26176 2009-03-18] (LogMeIn, Inc.) R2 lirsgt; C:\Windows\System32\DRIVERS\lirsgt.sys [25888 2013-03-03] () R3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [13216 2009-07-17] () R3 rzudd; C:\Windows\System32\DRIVERS\rzudd.sys [130088 2014-04-09] (Razer Inc) S3 s1018obex; C:\Windows\System32\DRIVERS\s1018obex.sys [104744 2009-03-25] (MCCI Corporation) S3 SMARTMouseFilterx86; C:\Windows\System32\DRIVERS\SMARTMouseFilterx86.sys [11632 2011-07-13] (SMART Technologies ULC) S3 SMARTVHidMini2000x86; C:\Windows\System32\DRIVERS\SMARTVHidMini2000x86.sys [14704 2011-07-13] (SMART Technologies ULC) S3 SMARTVTabletPCx86; C:\Windows\System32\DRIVERS\SMARTVTabletPCx86.sys [21872 2011-07-13] (SMART Technologies ULC) R3 TuneUpUtilitiesDrv; C:\Program Files\TuneUp Utilities 2014\TuneUpUtilitiesDriver32.sys [12320 2013-12-16] (TuneUp Software) R2 UltraMonUtility; C:\Program Files\Common Files\Realtime Soft\UltraMonMirrorDrv\x32\UltraMonUtility.sys [17184 2012-08-24] (Realtime Soft Ltd) S3 CEDRIVER60; \??\C:\Program Files\Cheat Engine 6.2\dbk32.sys [X] S3 EagleXNt; \??\C:\Windows\system32\drivers\EagleXNt.sys [X] S3 esgiguard; \??\C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [X] S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X] S3 tsusbhub; system32\drivers\tsusbhub.sys [X] S3 VGPU; System32\drivers\rdvgkmd.sys [X] ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2014-05-11 11:21 - 2014-05-11 11:22 - 00021198 _____ () C:\Users\Flo\Downloads\FRST.txt 2014-05-11 11:21 - 2014-05-11 11:21 - 01055232 _____ (Farbar) C:\Users\Flo\Downloads\FRST.exe 2014-05-11 11:21 - 2014-05-11 11:21 - 00000000 ____D () C:\FRST 2014-05-10 23:47 - 2014-05-11 02:11 - 00000000 ____D () C:\Windows\455F074C814E4520B69B5584BD90400C.TMP 2014-05-10 23:47 - 2014-05-10 23:47 - 00000000 ____D () C:\Program Files\Enigma Software Group 2014-05-10 22:46 - 2014-05-10 22:46 - 00000000 ____D () C:\ProgramData\Licenses 2014-05-10 22:41 - 2014-05-10 22:41 - 00000000 ____D () C:\ProgramData\Simply Super Software 2014-05-10 20:15 - 2014-05-10 20:15 - 00000000 ____D () C:\Program Files\Mozilla Firefox 2014-05-10 17:49 - 2014-05-10 19:06 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner 2014-05-10 17:49 - 2014-05-10 19:06 - 00000000 ____D () C:\Program Files\CCleaner 2014-05-10 16:11 - 2014-05-10 19:06 - 00000000 ____D () C:\Program Files\ Malwarebytes Anti-Malware 2014-05-10 16:11 - 2014-05-10 16:11 - 00000000 ____D () C:\ProgramData\Malwarebytes 2014-05-07 15:07 - 2014-05-07 15:07 - 00000000 ____H () C:\Users\Flo\Documents\Default.rdp 2014-05-07 14:02 - 2014-05-10 19:07 - 00000000 ____D () C:\Program Files\SiteFinder 2014-05-07 14:02 - 2014-05-07 14:02 - 00000000 __SHD () C:\Users\Flo\AppData\Local\EmieUserList 2014-05-07 14:02 - 2014-05-07 14:02 - 00000000 __SHD () C:\Users\Flo\AppData\Local\EmieSiteList 2014-05-07 14:02 - 2014-05-07 14:02 - 00000000 ____D () C:\Users\Flo\AppData\Roaming\SimilarSites 2014-05-07 14:02 - 2014-05-07 14:02 - 00000000 ____D () C:\Users\Flo\AppData\Roaming\Security Systems 2014-05-07 14:02 - 2014-05-07 14:02 - 00000000 ____D () C:\Users\Flo\AppData\Roaming\BupSystem 2014-05-07 14:02 - 2014-05-07 14:02 - 00000000 ____D () C:\Program Files\SiteLookup 2014-05-07 13:59 - 2014-05-07 13:59 - 00386888 _____ () C:\Users\Flo\Downloads\SoftonicDownloader_for_visual-c.exe 2014-05-07 13:36 - 2014-05-07 13:47 - 00000000 ____D () C:\Users\Flo\Desktop\Schule 2014-05-07 13:32 - 2014-05-07 14:21 - 00000000 ____D () C:\Users\Flo\AppData\Roaming\Dev-Cpp 2014-05-07 13:32 - 2014-05-07 13:32 - 00000944 _____ () C:\Users\UpdatusUser\Desktop\Dev-C++.lnk 2014-05-07 13:32 - 2014-05-07 13:32 - 00000944 _____ () C:\Users\Flo\Desktop\Dev-C++.lnk 2014-05-07 13:32 - 2014-05-07 13:32 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Bloodshed Dev-C++ 2014-05-07 13:30 - 2014-05-07 13:30 - 00000000 ____D () C:\Program Files\Dev-Cpp 2014-05-07 13:26 - 2014-05-07 13:26 - 00629584 _____ (Chip Digital GmbH) C:\Users\Flo\Downloads\Orwell Dev C - CHIP-Downloader.exe 2014-05-06 12:00 - 2014-05-06 12:00 - 00000000 ___SD () C:\Windows\system32\CompatTel 2014-05-06 11:26 - 2014-04-14 04:11 - 00361984 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll 2014-05-06 11:26 - 2014-04-14 04:07 - 00302592 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll 2014-05-02 12:29 - 2014-05-02 12:31 - 00000000 ____D () C:\Users\Flo\Downloads\world 2014-05-02 12:29 - 2014-05-02 12:30 - 00000665 _____ () C:\Users\Flo\Downloads\server.properties 2014-05-02 12:29 - 2014-05-02 12:29 - 00000002 _____ () C:\Users\Flo\Downloads\whitelist.json 2014-05-02 12:29 - 2014-05-02 12:29 - 00000002 _____ () C:\Users\Flo\Downloads\usercache.json 2014-05-02 12:29 - 2014-05-02 12:29 - 00000002 _____ () C:\Users\Flo\Downloads\ops.json 2014-05-02 12:29 - 2014-05-02 12:29 - 00000002 _____ () C:\Users\Flo\Downloads\banned-players.json 2014-05-02 12:29 - 2014-05-02 12:29 - 00000002 _____ () C:\Users\Flo\Downloads\banned-ips.json 2014-05-02 10:15 - 2014-04-29 14:48 - 17384448 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2014-05-02 10:15 - 2014-04-29 14:34 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2014-04-28 22:20 - 2014-04-28 22:20 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Hamachi 2014-04-28 22:20 - 2014-04-28 22:20 - 00000000 ____D () C:\Program Files\LogMeIn Hamachi 2014-04-28 12:12 - 2014-05-11 11:15 - 00000000 ____D () C:\Users\Flo\AppData\Local\LogMeIn Hamachi 2014-04-28 12:10 - 2014-05-11 11:14 - 00001094 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2014-04-28 12:10 - 2014-05-11 02:29 - 00001098 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2014-04-28 12:07 - 2014-04-28 12:07 - 00613200 _____ (Chip Digital GmbH) C:\Users\Flo\Downloads\LogMeIn Hamachi - CHIP-Downloader.exe 2014-04-28 00:03 - 2014-04-28 00:03 - 00019968 ___SH () C:\Users\Flo\Downloads\Thumbs.db 2014-04-27 23:55 - 2014-04-27 23:55 - 00000000 ____D () C:\Users\Flo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\EA Games 2014-04-20 22:02 - 2014-04-20 22:03 - 00000000 ____D () C:\Users\Flo\AppData\Roaming\AbiSuite 2014-04-20 22:00 - 2014-05-07 14:29 - 00000000 ____D () C:\Program Files\AbiWord 2014-04-16 22:53 - 2014-04-16 23:53 - 00000000 ____D () C:\Users\Flo\AppData\Roaming\Teeworlds ==================== One Month Modified Files and Folders ======= 2014-05-11 11:22 - 2014-05-11 11:21 - 00021198 _____ () C:\Users\Flo\Downloads\FRST.txt 2014-05-11 11:21 - 2014-05-11 11:21 - 01055232 _____ (Farbar) C:\Users\Flo\Downloads\FRST.exe 2014-05-11 11:21 - 2014-05-11 11:21 - 00000000 ____D () C:\FRST 2014-05-11 11:18 - 2011-08-25 23:45 - 01606385 _____ () C:\Windows\WindowsUpdate.log 2014-05-11 11:16 - 2012-01-15 21:50 - 00000000 ____D () C:\Users\Flo\AppData\Roaming\Skype 2014-05-11 11:15 - 2014-04-28 12:12 - 00000000 ____D () C:\Users\Flo\AppData\Local\LogMeIn Hamachi 2014-05-11 11:14 - 2014-04-28 12:10 - 00001094 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2014-05-11 11:14 - 2011-08-25 18:23 - 00000000 ____D () C:\ProgramData\NVIDIA 2014-05-11 11:14 - 2009-07-14 06:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2014-05-11 11:14 - 2009-07-14 06:39 - 00292305 _____ () C:\Windows\setupact.log 2014-05-11 03:20 - 2011-08-25 21:53 - 00000000 ____D () C:\Users\Flo\AppData\Roaming\TS3Client 2014-05-11 03:01 - 2012-11-21 15:47 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job 2014-05-11 03:01 - 2009-07-14 06:34 - 00017136 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2014-05-11 03:01 - 2009-07-14 06:34 - 00017136 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2014-05-11 02:50 - 2013-12-13 16:35 - 00000000 ____D () C:\Users\Flo\AppData\Local\Battle.net 2014-05-11 02:29 - 2014-04-28 12:10 - 00001098 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2014-05-11 02:11 - 2014-05-10 23:47 - 00000000 ____D () C:\Windows\455F074C814E4520B69B5584BD90400C.TMP 2014-05-11 01:03 - 2012-04-17 13:47 - 00000000 ____D () C:\Users\Flo\AppData\Local\PMB Files 2014-05-10 23:47 - 2014-05-10 23:47 - 00000000 ____D () C:\Program Files\Enigma Software Group 2014-05-10 23:47 - 2012-07-25 14:12 - 00000000 ____D () C:\Program Files\Common Files\Wise Installation Wizard 2014-05-10 23:34 - 2012-05-03 13:32 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service 2014-05-10 23:34 - 2011-08-25 18:12 - 04377964 _____ () C:\Windows\PFRO.log 2014-05-10 22:46 - 2014-05-10 22:46 - 00000000 ____D () C:\ProgramData\Licenses 2014-05-10 22:41 - 2014-05-10 22:41 - 00000000 ____D () C:\ProgramData\Simply Super Software 2014-05-10 20:15 - 2014-05-10 20:15 - 00000000 ____D () C:\Program Files\Mozilla Firefox 2014-05-10 19:08 - 2011-08-25 17:46 - 00000000 ____D () C:\Users\Flo 2014-05-10 19:07 - 2014-05-07 14:02 - 00000000 ____D () C:\Program Files\SiteFinder 2014-05-10 19:07 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\system32\wfp 2014-05-10 19:06 - 2014-05-10 17:49 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner 2014-05-10 19:06 - 2014-05-10 17:49 - 00000000 ____D () C:\Program Files\CCleaner 2014-05-10 19:06 - 2014-05-10 16:11 - 00000000 ____D () C:\Program Files\ Malwarebytes Anti-Malware 2014-05-10 19:06 - 2014-02-24 08:23 - 00000000 ____D () C:\Users\Flo\AppData\Local\Akamai 2014-05-10 19:06 - 2014-02-18 20:32 - 00000000 ____D () C:\Users\Flo\kk 2014-05-10 19:06 - 2013-12-13 16:35 - 00000000 ____D () C:\Users\Flo\AppData\Roaming\Battle.net 2014-05-10 19:06 - 2013-08-06 20:46 - 00000000 ____D () C:\Users\Flo\AppData\Roaming\uTorrent 2014-05-10 19:06 - 2013-02-07 14:48 - 00000000 ____D () C:\Users\Flo\AppData\Roaming\DealPly 2014-05-10 19:06 - 2012-12-20 23:51 - 00000000 ____D () C:\Users\Flo\AppData\Roaming\puush 2014-05-10 19:06 - 2012-08-31 15:30 - 00000000 ____D () C:\Windows\system32\WNLT 2014-05-10 19:06 - 2012-08-31 15:30 - 00000000 ____D () C:\Windows\system32\ARFC 2014-05-10 19:06 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\registration 2014-05-10 19:05 - 2011-08-25 17:58 - 00000000 ____D () C:\ProgramData\DeviceVm 2014-05-10 18:02 - 2011-08-26 11:35 - 00000000 ____D () C:\Users\Flo\AppData\Local\CrashDumps 2014-05-10 18:02 - 2011-08-26 00:42 - 00000000 ____D () C:\Windows\Panther 2014-05-10 17:35 - 2013-08-06 20:53 - 00000000 ____D () C:\Users\Flo\AppData\Roaming\Iminent 2014-05-10 16:11 - 2014-05-10 16:11 - 00000000 ____D () C:\ProgramData\Malwarebytes 2014-05-08 21:33 - 2014-01-26 01:19 - 00000000 ____D () C:\Program Files\Hearthstone 2014-05-08 17:55 - 2012-04-17 13:47 - 00000000 ____D () C:\ProgramData\PMB Files 2014-05-08 13:06 - 2011-08-25 17:53 - 01651094 _____ () C:\Windows\system32\PerfStringBackup.INI 2014-05-08 00:41 - 2012-12-20 23:57 - 00000000 ____D () C:\Users\Flo\AppData\Roaming\.minecraft 2014-05-07 15:07 - 2014-05-07 15:07 - 00000000 ____H () C:\Users\Flo\Documents\Default.rdp 2014-05-07 14:33 - 2011-08-25 20:09 - 00000000 ____D () C:\Users\Flo\AppData\Roaming\DVDVideoSoft 2014-05-07 14:32 - 2012-12-04 16:23 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Gameforge Live 2014-05-07 14:31 - 2011-08-25 17:55 - 00000000 ___HD () C:\Program Files\InstallShield Installation Information 2014-05-07 14:30 - 2012-03-14 21:45 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nexon 2014-05-07 14:30 - 2012-03-14 21:43 - 00000000 ____D () C:\Nexon 2014-05-07 14:29 - 2014-04-20 22:00 - 00000000 ____D () C:\Program Files\AbiWord 2014-05-07 14:29 - 2012-12-04 16:23 - 00000000 ____D () C:\Program Files\GameforgeLive 2014-05-07 14:21 - 2014-05-07 13:32 - 00000000 ____D () C:\Users\Flo\AppData\Roaming\Dev-Cpp 2014-05-07 14:02 - 2014-05-07 14:02 - 00000000 __SHD () C:\Users\Flo\AppData\Local\EmieUserList 2014-05-07 14:02 - 2014-05-07 14:02 - 00000000 __SHD () C:\Users\Flo\AppData\Local\EmieSiteList 2014-05-07 14:02 - 2014-05-07 14:02 - 00000000 ____D () C:\Users\Flo\AppData\Roaming\SimilarSites 2014-05-07 14:02 - 2014-05-07 14:02 - 00000000 ____D () C:\Users\Flo\AppData\Roaming\Security Systems 2014-05-07 14:02 - 2014-05-07 14:02 - 00000000 ____D () C:\Users\Flo\AppData\Roaming\BupSystem 2014-05-07 14:02 - 2014-05-07 14:02 - 00000000 ____D () C:\Program Files\SiteLookup 2014-05-07 13:59 - 2014-05-07 13:59 - 00386888 _____ () C:\Users\Flo\Downloads\SoftonicDownloader_for_visual-c.exe 2014-05-07 13:59 - 2009-07-14 04:37 - 00000000 ___RD () C:\Users\Public 2014-05-07 13:47 - 2014-05-07 13:36 - 00000000 ____D () C:\Users\Flo\Desktop\Schule 2014-05-07 13:32 - 2014-05-07 13:32 - 00000944 _____ () C:\Users\UpdatusUser\Desktop\Dev-C++.lnk 2014-05-07 13:32 - 2014-05-07 13:32 - 00000944 _____ () C:\Users\Flo\Desktop\Dev-C++.lnk 2014-05-07 13:32 - 2014-05-07 13:32 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Bloodshed Dev-C++ 2014-05-07 13:30 - 2014-05-07 13:30 - 00000000 ____D () C:\Program Files\Dev-Cpp 2014-05-07 13:26 - 2014-05-07 13:26 - 00629584 _____ (Chip Digital GmbH) C:\Users\Flo\Downloads\Orwell Dev C - CHIP-Downloader.exe 2014-05-06 12:00 - 2014-05-06 12:00 - 00000000 ___SD () C:\Windows\system32\CompatTel 2014-05-02 23:08 - 2013-12-13 16:35 - 00000000 ____D () C:\Program Files\Battle.net 2014-05-02 22:54 - 2011-09-13 17:43 - 00212642 _____ () C:\Windows\DPINST.LOG 2014-05-02 12:31 - 2014-05-02 12:29 - 00000000 ____D () C:\Users\Flo\Downloads\world 2014-05-02 12:30 - 2014-05-02 12:29 - 00000665 _____ () C:\Users\Flo\Downloads\server.properties 2014-05-02 12:29 - 2014-05-02 12:29 - 00000002 _____ () C:\Users\Flo\Downloads\whitelist.json 2014-05-02 12:29 - 2014-05-02 12:29 - 00000002 _____ () C:\Users\Flo\Downloads\usercache.json 2014-05-02 12:29 - 2014-05-02 12:29 - 00000002 _____ () C:\Users\Flo\Downloads\ops.json 2014-05-02 12:29 - 2014-05-02 12:29 - 00000002 _____ () C:\Users\Flo\Downloads\banned-players.json 2014-05-02 12:29 - 2014-05-02 12:29 - 00000002 _____ () C:\Users\Flo\Downloads\banned-ips.json 2014-04-29 18:02 - 2012-11-21 15:47 - 00692400 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe 2014-04-29 18:02 - 2011-08-25 20:04 - 00070832 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl 2014-04-29 14:48 - 2014-05-02 10:15 - 17384448 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2014-04-29 14:34 - 2014-05-02 10:15 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2014-04-28 22:20 - 2014-04-28 22:20 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Hamachi 2014-04-28 22:20 - 2014-04-28 22:20 - 00000000 ____D () C:\Program Files\LogMeIn Hamachi 2014-04-28 12:12 - 2014-01-20 01:54 - 00000000 ____D () C:\Users\Flo\AppData\Local\Google 2014-04-28 12:12 - 2014-01-20 01:54 - 00000000 ____D () C:\Program Files\Google 2014-04-28 12:07 - 2014-04-28 12:07 - 00613200 _____ (Chip Digital GmbH) C:\Users\Flo\Downloads\LogMeIn Hamachi - CHIP-Downloader.exe 2014-04-28 00:03 - 2014-04-28 00:03 - 00019968 ___SH () C:\Users\Flo\Downloads\Thumbs.db 2014-04-27 23:55 - 2014-04-27 23:55 - 00000000 ____D () C:\Users\Flo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\EA Games 2014-04-27 23:55 - 2014-02-18 20:22 - 00000000 ____D () C:\robin 2014-04-27 23:55 - 2014-02-18 20:15 - 00000000 ____D () C:\Neuer Ordner 2014-04-26 13:53 - 2012-08-27 19:59 - 00000000 ____D () C:\Users\Flo\AppData\Local\ArmA 2 OA 2014-04-20 22:03 - 2014-04-20 22:02 - 00000000 ____D () C:\Users\Flo\AppData\Roaming\AbiSuite 2014-04-18 13:47 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\rescache 2014-04-16 23:53 - 2014-04-16 22:53 - 00000000 ____D () C:\Users\Flo\AppData\Roaming\Teeworlds 2014-04-14 04:11 - 2014-05-06 11:26 - 00361984 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll 2014-04-14 04:07 - 2014-05-06 11:26 - 00302592 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll Files to move or delete: ==================== C:\Users\Flo\APB_Reloaded_Installer.exe Some content of TEMP: ==================== C:\Users\Flo\AppData\Local\Temp\AskSLib.dll C:\Users\Flo\AppData\Local\Temp\AutoRunGUI.dll C:\Users\Flo\AppData\Local\Temp\cabex.dll C:\Users\Flo\AppData\Local\Temp\dxwebsetup.exe C:\Users\Flo\AppData\Local\Temp\EAInstall.dll C:\Users\Flo\AppData\Local\Temp\firefoxjre_exe-1.exe C:\Users\Flo\AppData\Local\Temp\firefoxjre_exe-2.exe C:\Users\Flo\AppData\Local\Temp\firefoxjre_exe-3.exe C:\Users\Flo\AppData\Local\Temp\firefoxjre_exe-4.exe C:\Users\Flo\AppData\Local\Temp\firefoxjre_exe-5.exe C:\Users\Flo\AppData\Local\Temp\firefoxjre_exe.exe C:\Users\Flo\AppData\Local\Temp\FoxySecuritySetup.exe C:\Users\Flo\AppData\Local\Temp\Gw2.exe C:\Users\Flo\AppData\Local\Temp\InstallAX.exe C:\Users\Flo\AppData\Local\Temp\installhelper.dll C:\Users\Flo\AppData\Local\Temp\install_flash_player_ax.exe C:\Users\Flo\AppData\Local\Temp\install_reader10_de_mssd_aih.exe C:\Users\Flo\AppData\Local\Temp\jre-6u30-windows-i586-iftw-rv.exe C:\Users\Flo\AppData\Local\Temp\jre-7u15-windows-i586-iftw.exe C:\Users\Flo\AppData\Local\Temp\jre-7u17-windows-i586-iftw.exe C:\Users\Flo\AppData\Local\Temp\jre-7u21-windows-i586-iftw.exe C:\Users\Flo\AppData\Local\Temp\jre-7u25-windows-i586-iftw.exe C:\Users\Flo\AppData\Local\Temp\jre-7u9-windows-i586-iftw.exe C:\Users\Flo\AppData\Local\Temp\mpsetup.exe C:\Users\Flo\AppData\Local\Temp\NGM.exe C:\Users\Flo\AppData\Local\Temp\NGMDll.dll C:\Users\Flo\AppData\Local\Temp\NGMResource.dll C:\Users\Flo\AppData\Local\Temp\NGMSetup.exe C:\Users\Flo\AppData\Local\Temp\nvStInst.exe C:\Users\Flo\AppData\Local\Temp\prismsetup.exe C:\Users\Flo\AppData\Local\Temp\SHSetup.exe C:\Users\Flo\AppData\Local\Temp\SimBundD.exe C:\Users\Flo\AppData\Local\Temp\SkypeSetup.exe C:\Users\Flo\AppData\Local\Temp\SponsOne.exe C:\Users\Flo\AppData\Local\Temp\su-setup.exe C:\Users\Flo\AppData\Local\Temp\swt-win32-3349.dll C:\Users\Flo\AppData\Local\Temp\unelevate.exe C:\Users\Flo\AppData\Local\Temp\unicows.dll C:\Users\Flo\AppData\Local\Temp\uninst.exe C:\Users\Flo\AppData\Local\Temp\Uninstaller-2036.exe C:\Users\Flo\AppData\Local\Temp\utt5845.tmp.exe C:\Users\Flo\AppData\Local\Temp\VARemove.exe C:\Users\Flo\AppData\Local\Temp\vcredist_x86.exe C:\Users\Flo\AppData\Local\Temp\vlc-2.1.1-win32.exe C:\Users\Flo\AppData\Local\Temp\wpsetup.exe C:\Users\Flo\AppData\Local\Temp\yta_bu12_setup.exe ==================== Bamital & volsnap Check ================= C:\Windows\explorer.exe => MD5 is legit C:\Windows\system32\winlogon.exe => MD5 is legit C:\Windows\system32\wininit.exe => MD5 is legit C:\Windows\system32\svchost.exe => MD5 is legit C:\Windows\system32\services.exe => MD5 is legit C:\Windows\system32\User32.dll => MD5 is legit C:\Windows\system32\userinit.exe => MD5 is legit C:\Windows\system32\rpcss.dll => MD5 is legit C:\Windows\system32\Drivers\volsnap.sys => MD5 is legit LastRegBack: 2014-05-10 19:37 ==================== End Of Log ============================ --- --- --- --- --- --- Addition Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x86) Version:11-05-2014 Ran by Flo at 2014-05-11 11:22:21 Running from C:\Users\Flo\downloads Boot Mode: Normal ========================================================== ==================== Security Center ======================== AV: ESET NOD32 Antivirus 4.2 (Enabled - Up to date) {77DEAFED-8149-104B-25A1-21771CA47CD1} AS: ESET NOD32 Antivirus 4.2 (Enabled - Up to date) {CCBF4E09-A773-1FC5-1F11-1A056723366C} AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} ==================== Installed Programs ====================== µTorrent (HKCU\...\uTorrent) (Version: 3.3.2.30303 - BitTorrent Inc.) Adobe Acrobat 5.0 (HKLM\...\Adobe Acrobat 5.0) (Version: 5.0 - Adobe Systems, Inc.) Adobe Flash Player 13 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 13.0.0.206 - Adobe Systems Incorporated) Adobe Flash Player 13 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 13.0.0.206 - Adobe Systems Incorporated) Adobe Reader X (10.1.9) - Deutsch (HKLM\...\{AC76BA86-7AD7-1031-7B44-AA1000000001}) (Version: 10.1.9 - Adobe Systems Incorporated) AION Free-to-Play (HKLM\...\{82E73E8D-E1E7-45A4-A311-6D31492AA913}_is1) (Version: - Gameforge) Akamai NetSession Interface (HKCU\...\Akamai) (Version: - Akamai Technologies, Inc) Altitude (HKLM\...\4578-0181-0549-1546) (Version: - Nimbly Games) ARMA 2 Operation Arrowhead Uninstall (HKLM\...\ARMA 2 Operation Arrowhead) (Version: - ) ArmA 2 Uninstall (HKLM\...\ArmA 2) (Version: - ) ATI Catalyst Install Manager (HKLM\...\{DD864DB0-6A37-49B6-B23D-3B0270571234}) (Version: 3.0.762.0 - ATI Technologies, Inc.) Battle.net (HKLM\...\Battle.net) (Version: - Blizzard Entertainment) BattlEye for OA Uninstall (HKLM\...\BattlEye for OA) (Version: - ) BattlEye Uninstall (HKLM\...\BattlEye) (Version: - ) Blue Byte Game Channel (HKLM\...\Blue Byte Game Channel) (Version: - UbiSoft) Browser Configuration Utility (HKLM\...\{BA88EE67-8974-459D-A1DB-C8281D9AC6F6}) (Version: 1.0.12.1 - DeviceVM, Inc.) D3DX10 (Version: 15.4.2368.0902 - Microsoft) Hidden DayZ Commander (HKLM\...\{ADF66435-7A7D-445E-8AF7-7904DD6ED1A7}) (Version: 1.09.75 - Dotjosh Studios) Dev-C++ (HKLM\...\Dev-C++) (Version: 5.4.0 - ) Diablo III (HKLM\...\Diablo III) (Version: - Blizzard Entertainment) Diablo III Beta (HKLM\...\Diablo III Beta) (Version: - Blizzard Entertainment) Dokan Library 0.6.0 (HKLM\...\DokanLibrary) (Version: - ) Dota 2 (HKLM\...\Steam App 570) (Version: - ) EPU-4 Engine (HKLM\...\{8F66047B-1AF3-40D9-80D7-106E2EDC2C2A}) (Version: 1.02.01 - ) ESET NOD32 Antivirus (HKLM\...\{36DCC61E-53B6-41D4-9590-9894BCE17068}) (Version: 4.2.71.2 - ESET, spol. s r.o.) FileViewPro (HKLM\...\{29938C06-6962-4C27-A94C-25E4F424A665}_is1) (Version: 1.5 - Solvusoft Corporation) FireJump (HKLM\...\{D85FFE92-BF14-4E9B-BCCD-E5C16069E65F}_is1) (Version: 1.0.2.5 - FireJump.net) FoxTab PDF Creator (HKCU\...\FoxTab PDF Creator) (Version: - ) <==== ATTENTION Foxy Security (HKLM\...\Foxy Security) (Version: - ) Fraps (remove only) (HKLM\...\Fraps) (Version: - ) GamersFirst LIVE! (HKLM\...\GamersFirst LIVE!) (Version: - GamersFirst) GIMP 2.8.2 (HKLM\...\GIMP-2_is1) (Version: 2.8.2 - The GIMP Team) Google Chrome (HKLM\...\Google Chrome) (Version: 34.0.1847.131 - Google Inc.) Google Update Helper (Version: 1.3.24.7 - Google Inc.) Hidden Guild Wars 2 (HKLM\...\Guild Wars 2) (Version: - NCsoft Corporation, Ltd.) Hearthstone (HKLM\...\Hearthstone) (Version: - Blizzard Entertainment) Hi-Rez Studios Authenticate and Update Service (HKLM\...\{3C87E0FF-BC0A-4F5E-951B-68DC3F8DF1FC}) (Version: 3.0.0.0 - Hi-Rez Studios) IB Updater Service (HKLM\...\WNLT) (Version: 4.0.7.4 - ) <==== ATTENTION Java 7 Update 25 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83217025FF}) (Version: 7.0.250 - Oracle) Java Auto Updater (Version: 2.1.9.5 - Sun Microsystems, Inc.) Hidden Java(TM) 6 Update 30 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83216030FF}) (Version: 6.0.300 - Oracle) JavaFX 2.1.1 (HKLM\...\{1111706F-666A-4037-7777-211328764D10}) (Version: 2.1.1 - Oracle Corporation) League of Legends (HKLM\...\{92606477-9366-4D3B-8AE3-6BE4B29727AB}) (Version: 1.3 - Riot Games) LogMeIn Hamachi (HKLM\...\LogMeIn Hamachi) (Version: 2.2.0.188 - LogMeIn, Inc.) LogMeIn Hamachi (Version: 2.2.0.188 - LogMeIn, Inc.) Hidden LOLReplay (HKLM\...\LOLReplay) (Version: 0.8.1.4 - www.leaguereplays.com) Microsoft .NET Framework 1.1 (HKLM\...\Microsoft .NET Framework 1.1 (1033)) (Version: - ) Microsoft .NET Framework 1.1 (Version: 1.1.4322 - Microsoft) Hidden Microsoft .NET Framework 4.5.1 (DEU) (Version: 4.5.50938 - Microsoft Corporation) Hidden Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation) Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation) Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden Microsoft Application Error Reporting (Version: 12.0.6012.5000 - Microsoft Corporation) Hidden Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM\...\{A49F249F-0C91-497F-86DF-B2585E8E76B7}) (Version: 8.0.50727.42 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Mozilla Firefox 29.0.1 (x86 de) (HKLM\...\Mozilla Firefox 29.0.1 (x86 de)) (Version: 29.0.1 - Mozilla) Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla) MSVCRT (Version: 15.4.2862.0708 - Microsoft) Hidden NC Launcher (GameForge) (HKLM\...\NCLauncher_GameForge) (Version: - NCsoft) Nexon Game Manager (HKLM\...\{289AC7E0-0AEE-4a7b-913C-709D9803D23E}) (Version: - ) Norton Internet Security (Version: 18.1.0.37 - Symantec Corporation) Hidden NVIDIA 3D Vision Controller Driver (Version: 270.61 - NVIDIA Corporation) Hidden NVIDIA 3D Vision Controller-Treiber 306.97 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 306.97 - NVIDIA Corporation) NVIDIA 3D Vision Treiber 311.06 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 311.06 - NVIDIA Corporation) NVIDIA Grafiktreiber 311.06 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 311.06 - NVIDIA Corporation) NVIDIA HD-Audiotreiber 1.3.18.0 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.18.0 - NVIDIA Corporation) NVIDIA Install Application (Version: 2.1002.108.688 - NVIDIA Corporation) Hidden NVIDIA PhysX (Version: 9.12.0604 - NVIDIA Corporation) Hidden NVIDIA PhysX-Systemsoftware 9.12.0604 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.12.0604 - NVIDIA Corporation) NVIDIA Stereoscopic 3D Driver (Version: 7.17.13.1106 - NVIDIA Corporation) Hidden NVIDIA Systemsteuerung 311.06 (Version: 311.06 - NVIDIA Corporation) Hidden NVIDIA Update 1.11.3 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 1.11.3 - NVIDIA Corporation) NVIDIA Update Components (Version: 1.11.3 - NVIDIA Corporation) Hidden Open Broadcaster Software (HKLM\...\Open Broadcaster Software) (Version: - ) osu! (HKLM\...\{C3592426-531E-4110-911D-BFECE2CE284C}) (Version: 0.0.0.0 - peppy) Overwolf (HKLM\...\{F1944392-5F0A-495D-94E1-CCB09BD1D650}) (Version: 0.26.157 - Overwolf) Pando Media Booster (HKLM\...\{980A182F-E0A2-4A40-94C1-AE0C1235902E}) (Version: 2.6.0.7 - Pando Networks Inc.) PunkBuster Services (HKLM\...\PunkBusterSvc) (Version: 0.992 - Even Balance, Inc.) puush (HKLM\...\{C3592426-531E-4110-911D-BFECE2CE284B}) (Version: 1.0.0.0 - Dean Herbert) Razer Synapse 2.0 (HKLM\...\{0D78BEE2-F8FF-4498-AF1A-3FF81CED8AC6}) (Version: 1.18.02 - Razer Inc.) Realtek Ethernet Controller Driver (HKLM\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.43.321.2011 - Realtek) Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6251 - Realtek Semiconductor Corp.) Roll (HKLM\...\RollerCoaster Tycoon Setup) (Version: - ) SearchAnonymizer (HKLM\...\SearchAnonymizer) (Version: 1.0.1 (de) - ) SiteFinder (HKLM\...\SiteFinder) (Version: 1.0.0.0 - SiteFinder) <==== ATTENTION Six Updater (HKLM\...\{2D8CED57-CCDB-4D86-9087-3BBCAE8F8F22}) (Version: 2.09.7016 - Six Projects) Skype Click to Call (HKLM\...\{B6CF2967-C81E-40C0-9815-C05774FEF120}) (Version: 6.1.10441 - Skype Technologies S.A.) Skype™ 6.14 (HKLM\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.14.104 - Skype Technologies S.A.) Sony Ericsson PC Companion 1.50.52 (HKLM\...\{F09EF8F2-0976-42C1-8D9D-8DF78337C6E3}) (Version: 1.50.52 - Sony Ericsson) Steam (HKLM\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve Corporation) System Requirements Lab Detection (HKLM\...\{A407FC22-36BF-4C82-A516-59D94BC505A9}) (Version: 1.0.5.0 - Husdawg, LLC) TeamSpeak 3 Client (HKCU\...\TeamSpeak 3 Client) (Version: 3.0.14 - TeamSpeak Systems GmbH) TeamViewer 8 (HKLM\...\TeamViewer 8) (Version: 8.0.16642 - TeamViewer) Tribes Ascend (HKLM\...\{3C87E0FF-BC0A-4F5E-951B-68DC3F8DF010}) (Version: 1.0.1055.0 - Hi-Rez Studios) TuneUp Utilities 2014 (de-DE) (Version: 14.0.1000.221 - TuneUp Software) Hidden TuneUp Utilities 2014 (HKLM\...\TuneUp Utilities) (Version: 14.0.1000.221 - TuneUp Software) TuneUp Utilities 2014 (Version: 14.0.1000.221 - TuneUp Software) Hidden UltraMon (HKLM\...\{9069EE0A-7615-4D86-AD80-CA263E936DA6}) (Version: 3.2.2 - Realtime Soft Ltd) Update_DealPly (HKCU\...\DealPly) (Version: - ) <==== ATTENTION VLC media player 2.1.0 (HKLM\...\VLC media player) (Version: 2.1.0 - VideoLAN) Windows Live Communications Platform (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live Essentials (HKLM\...\WinLiveSuite) (Version: 15.4.3555.0308 - Microsoft Corporation) Windows Live Essentials (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live Fotogalerie (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live ID Sign-in Assistant (Version: 7.250.4232.0 - Microsoft Corporation) Hidden Windows Live Installer (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live Movie Maker (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live Photo Common (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live Photo Gallery (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live PIMT Platform (Version: 15.4.3508.1109 - Microsoft Corporation) Hidden Windows Live SOXE (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live SOXE Definitions (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live UX Platform (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live UX Platform Language Pack (Version: 15.4.3508.1109 - Microsoft Corporation) Hidden Windows Movie Maker 2.6 (HKLM\...\{B3DAF54F-DB25-4586-9EF1-96D24BB14088}) (Version: 2.6.4037.0 - Microsoft Corporation) ==================== Restore Points ========================= 02-05-2014 08:14:42 Windows Update 06-05-2014 10:00:16 Windows Update 07-05-2014 12:31:24 Entfernt Nail'd 09-05-2014 12:48:36 Windows Update 10-05-2014 17:01:04 Wiederherstellungsvorgang 10-05-2014 17:15:08 Windows Update 10-05-2014 21:47:21 Installed SpyHunter 11-05-2014 00:08:53 Removed SpyHunter ==================== Hosts content: ========================== 2009-07-14 04:04 - 2009-06-10 23:39 - 00000824 ____N C:\Windows\system32\Drivers\etc\hosts ==================== Scheduled Tasks (whitelisted) ============= Task: {1C6A93BA-9B13-4065-BD58-1D4B9DDDCF6C} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2014-04-28] (Google Inc.) Task: {373FA0D8-AE6F-43EC-BB06-F002CEE96692} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2014-04-29] (Adobe Systems Incorporated) Task: {3DB22511-A8D0-4354-844E-EA78C9F7AE34} - System32\Tasks\Microsoft\Windows\TabletPC\InputPersonalization => C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe [2009-07-14] (Microsoft Corporation) Task: {819493CC-233C-4593-8831-88C8C45C0906} - System32\Tasks\Java Update Scheduler => C:\Program Files\Common Files\Java\Java Update\jusched.exe [2013-03-12] (Oracle Corporation) Task: {83413AF4-7EC6-48C4-B7C6-4A2D6CEA9B5C} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2014-04-28] (Google Inc.) Task: {AEB6D200-828B-4F64-ABF9-53728D6B8172} - System32\Tasks\Microsoft\Windows\Media Center\StartRecording => C:\Windows\ehome\ehrec.exe Task: {D37496D7-2010-4B57-8AC5-C71DF414F68A} - System32\Tasks\Adobe-Online-Aktualisierungsprogramm => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2013-11-21] (Adobe Systems Incorporated) Task: {DACBCBE2-E89F-4903-B38A-B75950BEB224} - System32\Tasks\TuneUpUtilities_Task_BkGndMaintenance2013 => C:\Program Files\TuneUp Utilities 2014\OneClick.exe [2013-12-18] (TuneUp Software) Task: {E1D855F6-E048-4100-B86F-4E7C6CD64628} - System32\Tasks\ASUS\ASUS SIX Engine => C:\Program Files\ASUS\EPU-4 Engine\FourEngine.exe [2010-02-03] (ASUSTeK Computer Inc.) Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe ==================== Loaded Modules (whitelisted) ============= 2011-04-07 22:43 - 2013-01-18 16:20 - 00079648 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax.dll 2012-02-14 21:48 - 2007-08-21 14:32 - 00098304 _____ () C:\Windows\System32\redmonnt.dll 2014-05-07 14:02 - 2014-05-07 14:02 - 00374272 _____ () C:\Users\Flo\AppData\Roaming\BupSystem\sub\default.dll 2011-01-10 14:49 - 2011-01-10 14:49 - 00014848 _____ () C:\Program Files\Dokan\DokanLibrary\mounter.exe 2011-08-25 22:33 - 2012-07-25 15:54 - 00076888 _____ () C:\Windows\system32\PnkBstrA.exe 2013-04-17 20:35 - 2013-04-17 20:35 - 00040960 _____ () C:\Users\Flo\AppData\Roaming\OCS\SM\SearchAnonymizerHelper.exe 2011-08-25 17:58 - 2009-03-19 22:35 - 00208896 _____ () C:\Program Files\ASUS\EPU-4 Engine\AiNap.dll 2011-08-25 17:58 - 2009-03-19 22:35 - 00008704 _____ () C:\Program Files\ASUS\EPU-4 Engine\vvc.dll 2011-08-25 17:58 - 2009-01-15 14:55 - 00565248 _____ () C:\Program Files\ASUS\EPU-4 Engine\pngio.dll 2011-08-25 17:58 - 2009-09-30 05:33 - 00024576 ____R () C:\Windows\system32\AsIo.dll 2011-08-25 17:58 - 2009-03-25 16:53 - 00053248 _____ () C:\Program Files\ASUS\EPU-4 Engine\AsSpindownTimeout.dll 2009-07-31 21:39 - 2009-07-31 21:39 - 00503202 _____ () C:\Program Files\DeviceVM\Browser Configuration Utility\sqlite3.dll 2013-12-18 11:01 - 2013-12-18 11:01 - 00608056 _____ () C:\Program Files\TuneUp Utilities 2014\avgreplibx.dll 2012-01-10 15:41 - 2013-07-14 18:43 - 00567880 _____ () C:\Program Files\puush\puush.exe 2014-05-10 20:15 - 2014-05-10 20:15 - 03839088 _____ () C:\Program Files\Mozilla Firefox\mozjs.dll ==================== Alternate Data Streams (whitelisted) ========= AlternateDataStreams: C:\ProgramData\TEMP:56E2E879 AlternateDataStreams: C:\ProgramData\TEMP:CB0AACC9 ==================== Safe Mode (whitelisted) =================== HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Hamachi2Svc => ""="Service" ==================== EXE Association (whitelisted) ============= ==================== Disabled items from MSCONFIG ============== ==================== Faulty Device Manager Devices ============= ==================== Event log errors: ========================= Application errors: ================== Error: (05/10/2014 07:39:27 PM) (Source: SideBySide) (User: ) (EventID: 33) Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"1". Die abhängige Assemblierung "Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"" konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe". Error: (05/10/2014 07:38:28 PM) (Source: SideBySide) (User: ) (EventID: 33) Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"1". Die abhängige Assemblierung "Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"" konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe". Error: (05/10/2014 07:38:26 PM) (Source: SideBySide) (User: ) (EventID: 33) Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"1". Die abhängige Assemblierung "Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"" konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe". Error: (05/10/2014 05:36:23 PM) (Source: Application Hang) (User: ) (EventID: 1002) Description: Programm mbam.exe, Version 1.0.0.500 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: 1788 Startzeit: 01cf6c59e409515b Endzeit: 262 Anwendungspfad: C:\Program Files\ Malwarebytes Anti-Malware \mbam.exe Berichts-ID: cf53b35f-d858-11e3-bbaf-f46d04dbdb34 Error: (05/10/2014 04:09:26 PM) (Source: Application Error) (User: ) (EventID: 1000) Description: Name der fehlerhaften Anwendung: Explorer.EXE, Version: 6.1.7601.17567, Zeitstempel: 0x4d6727a7 Name des fehlerhaften Moduls: bho.dll_unloaded, Version: 0.0.0.0, Zeitstempel: 0x534e91e7 Ausnahmecode: 0xc0000005 Fehleroffset: 0x0906cd94 ID des fehlerhaften Prozesses: 0x150 Startzeit der fehlerhaften Anwendung: 0xExplorer.EXE0 Pfad der fehlerhaften Anwendung: Explorer.EXE1 Pfad des fehlerhaften Moduls: Explorer.EXE2 Berichtskennung: Explorer.EXE3 Error: (05/08/2014 05:56:20 PM) (Source: Application Error) (User: ) (EventID: 1000) Description: Name der fehlerhaften Anwendung: Explorer.EXE, Version: 6.1.7601.17567, Zeitstempel: 0x4d6727a7 Name des fehlerhaften Moduls: bho.dll_unloaded, Version: 0.0.0.0, Zeitstempel: 0x534e91e7 Ausnahmecode: 0xc0000005 Fehleroffset: 0x0a16cd94 ID des fehlerhaften Prozesses: 0x774 Startzeit der fehlerhaften Anwendung: 0xExplorer.EXE0 Pfad der fehlerhaften Anwendung: Explorer.EXE1 Pfad des fehlerhaften Moduls: Explorer.EXE2 Berichtskennung: Explorer.EXE3 Error: (05/08/2014 05:56:07 PM) (Source: Application Error) (User: ) (EventID: 1000) Description: Name der fehlerhaften Anwendung: Explorer.EXE, Version: 6.1.7601.17567, Zeitstempel: 0x4d6727a7 Name des fehlerhaften Moduls: bho.dll_unloaded, Version: 0.0.0.0, Zeitstempel: 0x534e91e7 Ausnahmecode: 0xc0000005 Fehleroffset: 0x0a16cd94 ID des fehlerhaften Prozesses: 0x774 Startzeit der fehlerhaften Anwendung: 0xExplorer.EXE0 Pfad der fehlerhaften Anwendung: Explorer.EXE1 Pfad des fehlerhaften Moduls: Explorer.EXE2 Berichtskennung: Explorer.EXE3 Error: (05/06/2014 11:24:52 AM) (Source: Application Hang) (User: ) (EventID: 1002) Description: Programm javaw.exe, Version 7.0.250.17 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: 1418 Startzeit: 01cf690cec08d721 Endzeit: 15 Anwendungspfad: C:\Program Files\Java\jre7\bin\javaw.exe Berichts-ID: 419b0adf-d500-11e3-a0ae-f46d04dbdb34 Error: (04/29/2014 04:41:24 PM) (Source: SideBySide) (User: ) (EventID: 33) Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"1". Die abhängige Assemblierung "Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"" konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe". Error: (04/29/2014 04:40:13 PM) (Source: SideBySide) (User: ) (EventID: 33) Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"1". Die abhängige Assemblierung "Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"" konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe". System errors: ============= Error: (05/11/2014 11:17:19 AM) (Source: Service Control Manager) (User: ) (EventID: 7000) Description: Der Dienst "NVIDIA Update Service Daemon" wurde aufgrund folgenden Fehlers nicht gestartet: %%1069 Error: (05/11/2014 11:17:19 AM) (Source: Service Control Manager) (User: ) (EventID: 7038) Description: Der Dienst "nvUpdatusService" konnte sich nicht als ".\UpdatusUser" mit dem aktuellen Kennwort aufgrund des folgenden Fehlers anmelden: %%1330 Vergewissern Sie sich, dass der Dienst richtig konfiguriert ist im Dienste-Snap-In in der Microsoft Management Console (MMC). Error: (05/11/2014 00:34:26 AM) (Source: Service Control Manager) (User: ) (EventID: 7000) Description: Der Dienst "NVIDIA Update Service Daemon" wurde aufgrund folgenden Fehlers nicht gestartet: %%1069 Error: (05/11/2014 00:34:26 AM) (Source: Service Control Manager) (User: ) (EventID: 7038) Description: Der Dienst "nvUpdatusService" konnte sich nicht als ".\UpdatusUser" mit dem aktuellen Kennwort aufgrund des folgenden Fehlers anmelden: %%1330 Vergewissern Sie sich, dass der Dienst richtig konfiguriert ist im Dienste-Snap-In in der Microsoft Management Console (MMC). Error: (05/11/2014 00:32:09 AM) (Source: Service Control Manager) (User: ) (EventID: 7000) Description: Der Dienst "LogMeIn Hamachi Tunneling Engine" wurde aufgrund folgenden Fehlers nicht gestartet: %%1053 Error: (05/11/2014 00:32:09 AM) (Source: Service Control Manager) (User: ) (EventID: 7009) Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst LogMeIn Hamachi Tunneling Engine erreicht. Error: (05/11/2014 00:30:57 AM) (Source: EventLog) (User: ) (EventID: 6008) Description: Das System wurde zuvor am 11.05.2014 um 00:29:52 unerwartet heruntergefahren. Error: (05/10/2014 11:37:12 PM) (Source: Service Control Manager) (User: ) (EventID: 7000) Description: Der Dienst "NVIDIA Update Service Daemon" wurde aufgrund folgenden Fehlers nicht gestartet: %%1069 Error: (05/10/2014 11:37:12 PM) (Source: Service Control Manager) (User: ) (EventID: 7038) Description: Der Dienst "nvUpdatusService" konnte sich nicht als ".\UpdatusUser" mit dem aktuellen Kennwort aufgrund des folgenden Fehlers anmelden: %%1330 Vergewissern Sie sich, dass der Dienst richtig konfiguriert ist im Dienste-Snap-In in der Microsoft Management Console (MMC). Error: (05/10/2014 07:10:44 PM) (Source: Service Control Manager) (User: ) (EventID: 7000) Description: Der Dienst "NVIDIA Update Service Daemon" wurde aufgrund folgenden Fehlers nicht gestartet: %%1069 Microsoft Office Sessions: ========================= Error: (05/10/2014 07:39:27 PM) (Source: SideBySide) (User: ) (EventID: 33) Description: Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"c:\program files\sony ericsson\sony ericsson pc companion\Drivers\DPInst64.exe Error: (05/10/2014 07:38:28 PM) (Source: SideBySide) (User: ) (EventID: 33) Description: Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"c:\program files\Razer\razer_common_driver\Vista_XP\DPInst_amd64.exe Error: (05/10/2014 07:38:26 PM) (Source: SideBySide) (User: ) (EventID: 33) Description: Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"c:\program files\Razer\razer_common_driver\Drivers\DPInst_amd64.exe Error: (05/10/2014 05:36:23 PM) (Source: Application Hang) (User: ) (EventID: 1002) Description: mbam.exe1.0.0.500178801cf6c59e409515b262C:\Program Files\ Malwarebytes Anti-Malware \mbam.execf53b35f-d858-11e3-bbaf-f46d04dbdb34 Error: (05/10/2014 04:09:26 PM) (Source: Application Error) (User: ) (EventID: 1000) Description: Explorer.EXE6.1.7601.175674d6727a7bho.dll_unloaded0.0.0.0534e91e7c00000050906cd9415001cf6c2e95f4c820C:\Windows\Explorer.EXEbho.dllb14502ca-d84c-11e3-bbaf-f46d04dbdb34 Error: (05/08/2014 05:56:20 PM) (Source: Application Error) (User: ) (EventID: 1000) Description: Explorer.EXE6.1.7601.175674d6727a7bho.dll_unloaded0.0.0.0534e91e7c00000050a16cd9477401cf6aacec3e81f2C:\Windows\Explorer.EXEbho.dll4b96a1ce-d6c9-11e3-b7fa-f46d04dbdb34 Error: (05/08/2014 05:56:07 PM) (Source: Application Error) (User: ) (EventID: 1000) Description: Explorer.EXE6.1.7601.175674d6727a7bho.dll_unloaded0.0.0.0534e91e7c00000050a16cd9477401cf6aacec3e81f2C:\Windows\Explorer.EXEbho.dll4380819e-d6c9-11e3-b7fa-f46d04dbdb34 Error: (05/06/2014 11:24:52 AM) (Source: Application Hang) (User: ) (EventID: 1002) Description: javaw.exe7.0.250.17141801cf690cec08d72115C:\Program Files\Java\jre7\bin\javaw.exe419b0adf-d500-11e3-a0ae-f46d04dbdb34 Error: (04/29/2014 04:41:24 PM) (Source: SideBySide) (User: ) (EventID: 33) Description: Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"c:\program files\sony ericsson\sony ericsson pc companion\Drivers\DPInst64.exe Error: (04/29/2014 04:40:13 PM) (Source: SideBySide) (User: ) (EventID: 33) Description: Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"c:\program files\Razer\razer_common_driver\Vista_XP\DPInst_amd64.exe ==================== Memory info =========================== Percentage of memory in use: 52% Total physical RAM: 3326.18 MB Available physical RAM: 1586.84 MB Total Pagefile: 6650.65 MB Available Pagefile: 4664.28 MB Total Virtual: 2047.88 MB Available Virtual: 1882.39 MB ==================== Drives ================================ Drive c: () (Fixed) (Total:465.66 GB) (Free:183.32 GB) NTFS ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or 8) (Size: 466 GB) (Disk ID: 2FC30ABD) Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS) Partition 2: (Not Active) - (Size=466 GB) - (Type=07 NTFS) ==================== End Of Log ============================ |
12.05.2014, 16:25 | #4 |
/// the machine /// TB-Ausbilder | Windows 7 JS/Kryptik.I Trojaner Ja bitte auf den Desktop ziehen. Revo Uninstaller - Download - Filepony Damit alles deinstallieren was Du in der Additional.txt findest mit dem Zusatz <== ATTENTION Mit Revo auch Moderat die Reste entfernen lassen. Scan mit Combofix
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
14.05.2014, 14:34 | #5 |
| Windows 7 JS/Kryptik.I TrojanerCode:
ATTFilter ComboFix 14-05-13.01 - Flo 14.05.2014 15:12:32.1.4 - x86 Microsoft Windows 7 Ultimate 6.1.7601.1.1252.49.1031.18.3326.1462 [GMT 2:00] ausgeführt von:: c:\users\Flo\downloads\ComboFix.exe AV: ESET NOD32 Antivirus 4.2 *Disabled/Updated* {77DEAFED-8149-104B-25A1-21771CA47CD1} SP: ESET NOD32 Antivirus 4.2 *Disabled/Updated* {CCBF4E09-A773-1FC5-1F11-1A056723366C} SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . (((((((((((((((((((((((((((((((((((( Weitere Löschungen )))))))))))))))))))))))))))))))))))))))))))))))) . . C:\install.exe c:\windows\IsUn0407.exe . . ((((((((((((((((((((((( Dateien erstellt von 2014-04-14 bis 2014-05-14 )))))))))))))))))))))))))))))) . . 2014-05-14 13:23 . 2014-05-14 13:23 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp 2014-05-14 13:23 . 2014-05-14 13:23 -------- d-----w- c:\users\Default\AppData\Local\temp 2014-05-14 13:06 . 2014-05-14 13:06 -------- d-----w- c:\program files\LogMeIn Hamachi 2014-05-13 09:54 . 2014-05-14 13:20 62576 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{298CE013-FCC9-4504-AFC3-0424E07E4F82}\offreg.dll 2014-05-13 09:52 . 2014-05-13 09:52 -------- d-----w- c:\program files\VS Revo Group 2014-05-13 09:46 . 2014-04-17 03:32 8050496 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{298CE013-FCC9-4504-AFC3-0424E07E4F82}\mpengine.dll 2014-05-12 16:19 . 2014-05-12 16:19 -------- d-----w- c:\program files\TERA 2014-05-11 14:51 . 2014-05-11 14:51 -------- d-----w- c:\users\Flo\AppData\Roaming\TERA 2014-05-11 09:21 . 2014-05-11 09:22 -------- d-----w- C:\FRST 2014-05-10 21:47 . 2014-05-10 21:47 -------- d-----w- c:\program files\Enigma Software Group 2014-05-10 21:47 . 2014-05-11 00:11 -------- d-----w- c:\windows\455F074C814E4520B69B5584BD90400C.TMP 2014-05-10 20:46 . 2014-05-10 20:46 -------- d-----w- c:\programdata\Licenses 2014-05-10 20:41 . 2014-05-10 20:41 -------- d-----w- c:\programdata\Simply Super Software 2014-05-10 15:49 . 2014-05-10 17:06 -------- d-----w- c:\program files\CCleaner 2014-05-10 14:11 . 2014-05-10 14:11 -------- d-----w- c:\programdata\Malwarebytes 2014-05-10 14:11 . 2014-05-10 17:06 -------- d-----w- c:\program files\ Malwarebytes Anti-Malware 2014-05-07 12:02 . 2014-05-07 12:02 -------- d-----w- c:\program files\SiteLookup 2014-05-07 12:02 . 2014-05-07 12:02 -------- d-----w- c:\users\Flo\AppData\Roaming\SimilarSites 2014-05-07 12:02 . 2014-05-07 12:02 -------- d-----w- c:\users\Flo\AppData\Roaming\BupSystem 2014-05-07 12:02 . 2014-05-07 12:02 -------- d-sh--w- c:\users\Flo\AppData\Local\EmieUserList 2014-05-07 12:02 . 2014-05-07 12:02 -------- d-sh--w- c:\users\Flo\AppData\Local\EmieSiteList 2014-05-07 12:02 . 2014-05-07 12:02 -------- d-----w- c:\users\Flo\AppData\Roaming\Security Systems 2014-05-07 11:32 . 2014-05-07 12:21 -------- d-----w- c:\users\Flo\AppData\Roaming\Dev-Cpp 2014-05-07 11:30 . 2014-05-07 11:30 -------- d-----w- c:\program files\Dev-Cpp 2014-05-06 10:00 . 2014-05-06 10:00 -------- d-s---w- c:\windows\system32\CompatTel 2014-05-06 09:26 . 2014-04-14 02:11 361984 ----a-w- c:\windows\system32\aepdu.dll 2014-05-06 09:26 . 2014-04-14 02:07 302592 ----a-w- c:\windows\system32\aeinv.dll 2014-05-02 08:15 . 2014-04-29 12:34 2724864 ----a-w- c:\windows\system32\mshtml.tlb 2014-04-28 10:12 . 2014-05-14 13:06 -------- d-----w- c:\users\Flo\AppData\Local\LogMeIn Hamachi 2014-04-20 20:02 . 2014-04-20 20:03 -------- d-----w- c:\users\Flo\AppData\Roaming\AbiSuite 2014-04-20 20:00 . 2014-05-07 12:29 -------- d-----w- c:\program files\AbiWord 2014-04-16 20:53 . 2014-04-16 21:53 -------- d-----w- c:\users\Flo\AppData\Roaming\Teeworlds . . . (((((((((((((((((((((((((((((((((((( Find3M Bericht )))))))))))))))))))))))))))))))))))))))))))))))))))))) . 2014-05-13 20:01 . 2012-11-21 13:47 692400 ----a-w- c:\windows\system32\FlashPlayerApp.exe 2014-05-13 20:01 . 2011-08-25 18:04 70832 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2014-04-09 02:52 . 2014-04-09 02:52 130088 ----a-w- c:\windows\system32\drivers\rzudd.sys 2014-04-09 02:24 . 2014-04-09 02:24 88576 ----a-w- c:\windows\system32\rzdevinfo.dll 2014-04-09 02:24 . 2014-04-09 02:24 154624 ----a-w- c:\windows\system32\rztouchdll.dll 2014-04-09 02:24 . 2014-04-09 02:24 117248 ----a-w- c:\windows\system32\rzdisplaydll.dll 2014-04-09 02:24 . 2014-04-09 02:24 856576 ----a-w- c:\windows\system32\rzdevicedll.dll 2014-04-09 02:24 . 2014-04-09 02:24 306688 ----a-w- c:\windows\system32\rzaudiodll.dll 2014-03-31 07:35 . 2011-10-26 15:23 231584 ------w- c:\windows\system32\MpSigStub.exe 2014-03-06 08:31 . 2014-04-09 13:43 4096 ----a-w- c:\windows\system32\ieetwcollectorres.dll 2014-03-06 08:02 . 2014-04-09 13:43 61952 ----a-w- c:\windows\system32\iesetup.dll 2014-03-06 08:02 . 2014-04-09 13:43 455168 ----a-w- c:\windows\system32\vbscript.dll 2014-03-06 08:01 . 2014-04-09 13:43 51200 ----a-w- c:\windows\system32\ieetwproxystub.dll 2014-03-06 07:46 . 2014-04-09 13:43 4254720 ----a-w- c:\windows\system32\jscript9.dll 2014-03-06 07:38 . 2014-04-09 13:43 112128 ----a-w- c:\windows\system32\ieUnatt.exe 2014-03-06 07:38 . 2014-04-09 13:43 108032 ----a-w- c:\windows\system32\ieetwcollector.exe 2014-03-06 07:36 . 2014-04-09 13:43 592896 ----a-w- c:\windows\system32\jscript9diag.dll 2014-03-06 07:28 . 2014-04-09 13:43 646144 ----a-w- c:\windows\system32\MsSpellCheckingFacility.exe 2014-03-06 07:13 . 2014-04-09 13:43 32256 ----a-w- c:\windows\system32\JavaScriptCollectionAgent.dll 2014-03-06 06:40 . 2014-04-09 13:43 1967104 ----a-w- c:\windows\system32\inetcpl.cpl 2014-03-06 05:41 . 2014-04-09 13:43 1789440 ----a-w- c:\windows\system32\wininet.dll . . (((((((((((((((((((((((((((( Autostartpunkte der Registrierung )))))))))))))))))))))))))))))))))))))))) . . *Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "puush"="c:\program files\puush\puush.exe" [2013-07-14 567880] "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1174016] "Akamai NetSession Interface"="c:\users\Flo\AppData\Local\Akamai\netsession_win.exe" [2014-04-17 4672920] "Skype"="c:\program files\Skype\Phone\Skype.exe" [2014-02-10 20922016] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2010-11-19 9874024] "BCU"="c:\program files\DeviceVM\Browser Configuration Utility\BCU.exe" [2010-03-05 411864] "egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2011-01-12 2219184] "Ocs_SM"="c:\users\Flo\AppData\Roaming\OCS\SM\SearchAnonymizer.exe" [2013-04-17 106496] "Razer Synapse"="c:\program files\Razer\Synapse\RzSynapse.exe" [2014-04-17 585048] "4StoryPrePatch"="c:\program files\Gameforge4D\4Story_DE\PrePatch.exe" [2012-04-30 327680] "LogMeIn Hamachi Ui"="c:\program files\LogMeIn Hamachi\hamachi-2-ui.exe" [2014-05-13 3814736] . c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ UltraMon.lnk - c:\windows\Installer\{9069EE0A-7615-4D86-AD80-CA263E936DA6}\IcoUltraMon.ico /auto [2014-1-23 29310] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-] "Steam"="c:\program files\Steam\steam.exe" -silent "Sony Ericsson PC Companion"="c:\program files\Sony Ericsson\Sony Ericsson PC Companion\PCCompanion.exe" /systray /nologon "KPeerNexonEU"=c:\nexon\NEXON_EU_Downloader\nxEULauncher.exe . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-] "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" . R2 bupService;BUP Service;c:\users\Flo\AppData\Roaming\BupSystem\bup.exe [2014-04-14 642048] R2 DokanMounter;DokanMounter;c:\program files\Dokan\DokanLibrary\mounter.exe [2011-01-10 14848] R2 SearchAnonymizer;SearchAnonymizer;c:\users\Flo\AppData\Roaming\OCS\SM\SearchAnonymizerHelper.exe [2013-04-17 40960] R2 Skype C2C Service;Skype C2C Service;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2012-07-05 3048136] R2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [2013-10-23 172192] R3 androidusb;SAMSUNG Android Composite ADB Interface Driver;c:\windows\system32\Drivers\ssadadb.sys [2011-05-13 30312] R3 BEService;BattlEye Service;c:\program files\Common Files\BattlEye\BEService.exe [2013-08-18 49152] R3 CEDRIVER60;CEDRIVER60;c:\program files\Cheat Engine 6.2\dbk32.sys [x] R3 EagleXNt;EagleXNt;c:\windows\system32\drivers\EagleXNt.sys [x] R3 esgiguard;esgiguard;c:\program files\Enigma Software Group\SpyHunter\esgiguard.sys [x] R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe [2014-03-06 108032] R3 OverwolfUpdaterService;Overwolf Updater Service;c:\program files\Overwolf\\OverwolfUpdater.exe [2011-11-20 16616] R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2010-11-20 15872] R3 s1018bus;Sony Ericsson Device 1018 driver (WDM);c:\windows\system32\DRIVERS\s1018bus.sys [2009-03-25 86824] R3 s1018mdfl;Sony Ericsson Device 1018 USB WMC Modem Filter;c:\windows\system32\DRIVERS\s1018mdfl.sys [2009-03-25 15016] R3 s1018mdm;Sony Ericsson Device 1018 USB WMC Modem Driver;c:\windows\system32\DRIVERS\s1018mdm.sys [2009-03-25 114728] R3 s1018mgmt;Sony Ericsson Device 1018 USB WMC Device Management Drivers (WDM);c:\windows\system32\DRIVERS\s1018mgmt.sys [2009-03-25 106208] R3 s1018nd5;Sony Ericsson Device 1018 USB Ethernet Emulation (NDIS);c:\windows\system32\DRIVERS\s1018nd5.sys [2009-03-25 26024] R3 s1018obex;Sony Ericsson Device 1018 USB WMC OBEX Interface;c:\windows\system32\DRIVERS\s1018obex.sys [2009-03-25 104744] R3 s1018unic;Sony Ericsson Device 1018 USB Ethernet Emulation (WDM);c:\windows\system32\DRIVERS\s1018unic.sys [2009-03-25 109864] R3 SMARTMouseFilterx86;HID-compliant mouse;c:\windows\system32\DRIVERS\SMARTMouseFilterx86.sys [2011-07-13 11632] R3 SMARTVHidMini2000x86;SMART HID Device;c:\windows\system32\DRIVERS\SMARTVHidMini2000x86.sys [2011-07-13 14704] R3 SMARTVTabletPCx86;SMART Virtual TabletPC;c:\windows\system32\DRIVERS\SMARTVTabletPCx86.sys [2011-07-13 21872] R3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32\DRIVERS\ssadbus.sys [2011-05-13 121064] R3 ssadmdfl;SAMSUNG Android USB Modem (Filter);c:\windows\system32\DRIVERS\ssadmdfl.sys [2011-05-13 12776] R3 ssadmdm;SAMSUNG Android USB Modem Drivers;c:\windows\system32\DRIVERS\ssadmdm.sys [2011-05-13 136808] R3 ssadserd;SAMSUNG Android USB Diagnostic Serial Port (WDM);c:\windows\system32\DRIVERS\ssadserd.sys [2011-05-13 114280] R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224] R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x] R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x] S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys [2010-12-21 115008] S2 BCUService;Browser Configuration Utility Service;c:\program files\DeviceVM\Browser Configuration Utility\BCUService.exe [2010-03-05 235752] S2 Dokan;Dokan;c:\windows\system32\drivers\dokan.sys [2011-01-10 95744] S2 eamonm;eamonm;c:\windows\system32\DRIVERS\eamonm.sys [2010-12-21 137144] S2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [2011-01-12 810144] S2 epfwwfpr;epfwwfpr;c:\windows\system32\DRIVERS\epfwwfpr.sys [2010-12-21 95384] S2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;c:\program files\LogMeIn Hamachi\hamachi-2.exe [2014-05-13 1682768] S2 LMIGuardianSvc;LMIGuardianSvc;c:\program files\LogMeIn Hamachi\LMIGuardianSvc.exe [2014-04-15 375056] S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2013-01-18 383264] S2 TeamViewer8;TeamViewer 8;c:\program files\TeamViewer\Version8\TeamViewer_Service.exe [2012-12-14 3467768] S2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files\TuneUp Utilities 2014\TuneUpUtilitiesService32.exe [2013-12-18 1742136] S2 UltraMonUtility;UltraMon Utility Driver;c:\program files\Common Files\Realtime Soft\UltraMonMirrorDrv\x32\UltraMonUtility.sys [2012-08-24 17184] S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2011-03-21 362600] S3 rzudd;Razer Mouse Driver;c:\windows\system32\DRIVERS\rzudd.sys [2014-04-09 130088] S3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files\TuneUp Utilities 2014\TuneUpUtilitiesDriver32.sys [2013-12-16 12320] . . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] LocalServiceAndNoImpersonation REG_MULTI_SZ SSDPSRV upnphost SCardSvr TBS fdrespub AppIDSvc QWAVE wcncsvc SensrSvc . [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}] 2014-05-12 14:29 1078088 ----a-w- c:\program files\Google\Chrome\Application\34.0.1847.131\Installer\chrmstp.exe . Inhalt des "geplante Tasks" Ordners . 2014-05-14 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-11-21 20:01] . 2014-05-14 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2014-04-28 10:10] . 2014-05-13 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2014-04-28 10:10] . . ------- Zusätzlicher Suchlauf ------- . uStart Page = about:blank uInternet Settings,ProxyOverride = <local> IE: Web-Suche - c:\program files\SweetIM\Toolbars\Internet Explorer\resources\menuext.html IE: {{CCC7B152-1D8C-11E3-B2AD-F3EF3D58318D} - {CCC7B159-1D8C-11E3-B2AD-F3EF3D58318D} - Trusted Zone: clonewarsadventures.com Trusted Zone: freerealms.com Trusted Zone: soe.com Trusted Zone: sony.com TCP: DhcpNameServer = 192.168.178.1 . - - - - Entfernte verwaiste Registrierungseinträge - - - - . AddRemove-Adobe Acrobat 5.0 - c:\windows\ISUN0407.EXE . . . --------------------- Gesperrte Registrierungsschluessel --------------------- . [HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.htm\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ChromeHTML" . [HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.html\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ChromeHTML" . [HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.shtml\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ChromeHTML" . [HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xht\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ChromeHTML" . [HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xhtml\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ChromeHTML" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . Zeit der Fertigstellung: 2014-05-14 15:24:54 ComboFix-quarantined-files.txt 2014-05-14 13:24 . Vor Suchlauf: 17 Verzeichnis(se), 194.017.374.208 Bytes frei Nach Suchlauf: 20 Verzeichnis(se), 194.197.348.352 Bytes frei . - - End Of File - - 72B6777C4C21FD254C8A9AB700EDF0F0 A36C5E4F47E84449FF07ED3517B43A31 |
15.05.2014, 09:46 | #6 |
/// the machine /// TB-Ausbilder | Windows 7 JS/Kryptik.I Trojaner Downloade Dir bitte Malwarebytes Anti-Malware
Downloade Dir bitte AdwCleaner auf deinen Desktop.
Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
und ein frisches FRST log bitte.
__________________ --> Windows 7 JS/Kryptik.I Trojaner |
Themen zu Windows 7 JS/Kryptik.I Trojaner |
angezeigt, bruder, erfolg, eset, heute, hoffe, interne, internet, js/kryptik.i, kleiner, kryptik, meldung, morgen, plötzlich, probiert, problem, rechner, recht, schlau, spiel, suche, troja, trojana, trojaner, verändert, windows, windows 7, windows7 |