|
Log-Analyse und Auswertung: Windows 7(32Bit): CPU Auslastung hoch/möglicher VirenbefallWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
16.05.2014, 00:05 | #1 |
| Windows 7(32Bit): CPU Auslastung hoch/möglicher Virenbefall Hallo Trojaner-Board, seit einigen Tagen habe ich das Problem, das mein Laptop eine relativ hohe CPU-Auslastung hat. Möglicherweise habe ich mir durch Surfen im Internet einen oder mehrere Viren/Trojaner eingefangen. Ich hoffe Sie können mir helfen. Hier der Defogger logfile: Code:
ATTFilter defogger_disable by jpshortstuff (23.02.10.1) Log created at 00:29 on 16/05/2014 (Jan) Checking for autostart values... HKCU\~\Run values retrieved. HKLM\~\Run values retrieved. Checking for services/drivers... -=E.O.F=- FRST Logfile: FRST Logfile: FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:15-05-2014 Ran by Jan (administrator) on JAN-PC on 16-05-2014 00:30:43 Running from C:\Users\Jan\Downloads Platform: Microsoft Windows 7 Ultimate Service Pack 1 (X86) OS Language: German Standard Internet Explorer Version 11 Boot Mode: Normal ==================== Processes (Whitelisted) ================= (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Update Core\NvBackend.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NetService\NvNetworkService.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe (Microsoft Corporation) C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe () C:\Windows\Microsoft\SystemUpdatekb70007\WindowsUpdater.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe (Microsoft Corporation) C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe (The Privoxy team - www.privoxy.org) C:\Program Files\MSR\Privoxy\privoxy.exe (Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE (Microsoft Corporation) C:\Windows\System32\wuauclt.exe (Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) C:\Program Files\Mozilla Firefox\plugin-container.exe (Adobe Systems, Inc.) C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe (Adobe Systems, Inc.) C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe ==================== Registry (Whitelisted) ================== HKLM\...\Run: [Nvtmru] => C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe [1028384 2013-11-14] (NVIDIA Corporation) HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\nvspcap.dll [982232 2013-12-10] (NVIDIA Corporation) HKLM\...\Run: [NvBackend] => C:\Program Files\NVIDIA Corporation\Update Core\NvBackend.exe [2279712 2013-12-10] (NVIDIA Corporation) HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-12-21] (Adobe Systems Incorporated) HKU\.DEFAULT\...\RunOnce: [SPReview] - C:\Windows\System32\SPReview\SPReview.exe [280576 2013-12-09] (Microsoft Corporation) GroupPolicy: Group Policy on Chrome detected <======= ATTENTION ==================== Internet (Whitelisted) ==================== ProxyEnable: Internet Explorer proxy is enabled. ProxyServer: http=127.0.0.1:8118;https=127.0.0.1:8118 HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank StartMenuInternet: IEXPLORE.EXE - iexplore.exe SearchScopes: HKLM - DefaultScope value is missing. Tcpip\Parameters: [DhcpNameServer] 192.168.178.1 FireFox: ======== FF ProfilePath: C:\Users\Jan\AppData\Roaming\Mozilla\Firefox\Profiles\dcuyuvrt.default FF Homepage: google.de FF NetworkProxy: "http", "127.0.0.1" FF NetworkProxy: "http_port", 8118 FF NetworkProxy: "ssl", "127.0.0.1" FF NetworkProxy: "ssl_port", 8118 FF NetworkProxy: "type", 1 FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_13_0_0_214.dll () FF Plugin: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~1\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF Plugin: @nvidia.com/3DVision - C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation) FF Plugin: @nvidia.com/3DVisionStreaming - C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation) FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\amazondotcom-de.xml FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\eBay-de.xml FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\leo_ende_de.xml FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\yahoo-de.xml FF HKCU\...\Firefox\Extensions: [{B9CAB6E3-383E-2705-9275-E9FFFCD2C970}] - C:\Program Files\BlockAndSurf-soft\161.xpi ========================== Services (Whitelisted) ================= S3 BEService; C:\Program Files\Common Files\BattlEye\BEService.exe [49152 2013-12-06] () S2 MBAMScheduler; G:\Jans Stuff\ Malwarebytes Anti-Malware \mbamscheduler.exe [1809720 2014-04-03] (Malwarebytes Corporation) S2 MBAMService; G:\Jans Stuff\ Malwarebytes Anti-Malware \mbamservice.exe [857912 2014-04-03] (Malwarebytes Corporation) R2 NvNetworkService; C:\Program Files\NVIDIA Corporation\NetService\NvNetworkService.exe [1494304 2013-12-10] (NVIDIA Corporation) R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [14658848 2013-12-10] (NVIDIA Corporation) R2 SystemUpdatekb70007; C:\Windows\Microsoft\SystemUpdatekb70007\WindowsUpdater.exe [18944 2014-05-08] () ==================== Drivers (Whitelisted) ==================== R3 EuMusDesignVirtualAudioCableWdm; C:\Windows\System32\DRIVERS\vrtaucbl.sys [50728 2014-04-11] (Eugene V. Muzychenko) S3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [23256 2014-04-03] (Malwarebytes Corporation) R3 MTsensor; C:\Windows\System32\DRIVERS\ATKACPI.sys [7680 2007-07-31] (ATK0100) R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad32v.sys [34080 2013-12-05] (NVIDIA Corporation) R3 Sftfs; C:\Windows\System32\DRIVERS\Sftfswin7.sys [581480 2011-10-01] (Microsoft Corporation) R3 Sftplay; C:\Windows\System32\DRIVERS\Sftplaywin7.sys [194408 2011-10-01] (Microsoft Corporation) R3 Sftredir; C:\Windows\System32\DRIVERS\Sftredirwin7.sys [21864 2011-10-01] (Microsoft Corporation) R3 Sftvol; C:\Windows\System32\DRIVERS\Sftvolwin7.sys [19304 2011-10-01] (Microsoft Corporation) S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X] S3 tsusbhub; system32\drivers\tsusbhub.sys [X] S3 VGPU; System32\drivers\rdvgkmd.sys [X] U5 VWiFiFlt; C:\Windows\System32\Drivers\VWiFiFlt.sys [48128 2009-07-14] (Microsoft Corporation) ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2014-05-16 00:30 - 2014-05-16 00:30 - 00007012 _____ () C:\Users\Jan\Downloads\FRST.txt 2014-05-16 00:30 - 2014-05-16 00:30 - 00000000 ____D () C:\FRST 2014-05-16 00:29 - 2014-05-16 00:29 - 00000468 _____ () C:\Users\Jan\Downloads\defogger_disable.log 2014-05-16 00:29 - 2014-05-16 00:29 - 00000000 _____ () C:\Users\Jan\defogger_reenable 2014-05-16 00:27 - 2014-05-16 00:27 - 01056768 _____ (Farbar) C:\Users\Jan\Downloads\FRST.exe 2014-05-16 00:27 - 2014-05-16 00:27 - 00380416 _____ () C:\Users\Jan\Downloads\Gmer-19357.exe 2014-05-16 00:26 - 2014-05-16 00:26 - 00050477 _____ () C:\Users\Jan\Downloads\Defogger.exe 2014-05-15 14:21 - 2014-05-15 14:21 - 00000498 _____ () C:\DelFix.txt 2014-05-15 13:59 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\Windows\system32\sqlite3.dll 2014-05-15 13:55 - 2014-05-15 13:55 - 00000079 _____ () C:\Windows\wininit.ini 2014-05-15 13:40 - 2014-05-15 13:40 - 00000000 ____D () C:\Users\Jan\Documents\ProcAlyzer Dumps 2014-05-15 01:36 - 2014-05-06 05:25 - 17382912 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2014-05-15 01:36 - 2014-05-06 05:07 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2014-05-15 01:36 - 2014-05-06 04:10 - 00069632 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll 2014-05-14 20:04 - 2014-05-14 20:04 - 00000199 _____ () C:\Users\Jan\Desktop\Counter-Strike Global Offensive.url 2014-05-14 19:34 - 2014-05-14 19:34 - 00001117 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk 2014-05-14 19:34 - 2014-05-14 19:34 - 00001105 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk 2014-05-14 19:34 - 2014-05-14 19:34 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service 2014-05-14 12:19 - 2014-05-14 12:19 - 00000000 ____D () C:\Users\Jan\AppData\Roaming\LavasoftStatistics 2014-05-14 11:11 - 2014-05-15 14:02 - 00000000 ____D () C:\Program Files\Spybot - Search & Destroy 2 2014-05-14 11:11 - 2014-05-15 13:55 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy 2014-05-14 11:10 - 2014-05-15 17:20 - 00107736 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2014-05-14 11:08 - 2014-05-15 13:43 - 00000000 ____D () C:\Program Files\Lavasoft 2014-05-14 11:06 - 2014-05-14 11:06 - 00000744 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk 2014-05-14 11:06 - 2014-05-14 11:06 - 00000000 ____D () C:\ProgramData\Malwarebytes 2014-05-14 11:06 - 2014-04-03 09:51 - 00073432 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys 2014-05-14 11:06 - 2014-04-03 09:51 - 00051416 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys 2014-05-14 11:06 - 2014-04-03 09:50 - 00023256 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys 2014-05-14 11:04 - 2014-05-14 11:04 - 46392680 _____ (Safer-Networking Ltd. ) C:\Users\Jan\Downloads\spybot-2.3.exe 2014-05-14 11:03 - 2014-05-14 11:03 - 17305616 _____ (Malwarebytes Corporation ) C:\Users\Jan\Downloads\mbam-setup-2.0.1.1004.exe 2014-05-14 11:03 - 2014-05-14 11:03 - 01727624 _____ () C:\Users\Jan\Downloads\Adaware_Installer_11153540.exe 2014-05-14 11:03 - 2014-05-14 11:03 - 00000000 ____D () C:\ProgramData\Lavasoft 2014-05-14 09:26 - 2014-05-09 09:06 - 00369664 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll 2014-05-14 09:26 - 2014-05-09 09:04 - 00302592 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll 2014-05-14 09:26 - 2014-04-12 04:15 - 00136640 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys 2014-05-14 09:26 - 2014-04-12 04:15 - 00067520 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys 2014-05-14 09:26 - 2014-04-12 04:12 - 00100352 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll 2014-05-14 09:26 - 2014-04-12 04:12 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll 2014-05-14 09:26 - 2014-04-12 04:12 - 00015872 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll 2014-05-14 09:26 - 2014-04-12 04:11 - 01059840 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll 2014-05-14 09:26 - 2014-04-12 04:11 - 00022528 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe 2014-05-14 09:26 - 2014-03-25 04:09 - 12874240 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll 2014-05-14 09:26 - 2014-03-04 11:20 - 03969984 _____ (Microsoft Corporation) C:\Windows\system32\ntkrnlpa.exe 2014-05-14 09:26 - 2014-03-04 11:20 - 03914176 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe 2014-05-14 09:26 - 2014-03-04 11:17 - 00550912 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll 2014-05-14 09:26 - 2014-03-04 11:17 - 00538112 _____ (Microsoft Corporation) C:\Windows\system32\objsel.dll 2014-05-14 09:26 - 2014-03-04 11:17 - 00304128 _____ (Microsoft Corporation) C:\Windows\system32\winlogon.exe 2014-05-14 09:26 - 2014-03-04 11:17 - 00293376 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll 2014-05-14 09:26 - 2014-03-04 11:17 - 00259584 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll 2014-05-14 09:26 - 2014-03-04 11:17 - 00247808 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll 2014-05-14 09:26 - 2014-03-04 11:17 - 00172032 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll 2014-05-14 09:26 - 2014-03-04 11:17 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll 2014-05-14 09:26 - 2014-03-04 11:17 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\cngprovider.dll 2014-05-14 09:26 - 2014-03-04 11:17 - 00049664 _____ (Microsoft Corporation) C:\Windows\system32\adprovider.dll 2014-05-14 09:26 - 2014-03-04 11:17 - 00048128 _____ (Microsoft Corporation) C:\Windows\system32\capiprovider.dll 2014-05-14 09:26 - 2014-03-04 11:17 - 00047616 _____ (Microsoft Corporation) C:\Windows\system32\dpapiprovider.dll 2014-05-14 09:26 - 2014-03-04 11:17 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\dimsroam.dll 2014-05-14 09:26 - 2014-03-04 11:17 - 00035328 _____ (Microsoft Corporation) C:\Windows\system32\wincredprovider.dll 2014-05-14 09:26 - 2014-03-04 11:17 - 00017408 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll 2014-05-13 22:55 - 2014-05-13 22:55 - 00000000 __SHD () C:\Users\Jan\AppData\Local\EmieUserList 2014-05-13 22:55 - 2014-05-13 22:55 - 00000000 __SHD () C:\Users\Jan\AppData\Local\EmieSiteList 2014-05-13 22:53 - 2014-05-13 22:53 - 00000000 ____D () C:\Program Files\MSR 2014-05-13 22:52 - 2014-05-13 22:52 - 00000512 __RSH () C:\ProgramData\ntuser.pol 2014-05-13 22:52 - 2014-05-13 22:52 - 00000000 ____D () C:\Users\Jan\AppData\Roaming\wi_upd 2014-05-13 22:52 - 2014-05-13 22:52 - 00000000 ____D () C:\Users\Jan\AppData\Roaming\InetStat 2014-05-13 22:52 - 2014-05-13 22:52 - 00000000 ____D () C:\Users\Jan\AppData\Roaming\GetPrivate 2014-05-13 22:51 - 2014-05-13 22:51 - 02271256 _____ () C:\Users\Jan\Downloads\Garrys.Mod.v13.06.20-v13.07.05.Update.exe 2014-05-13 22:37 - 2014-05-13 22:37 - 00222184 _____ (Deposit Files) C:\Users\Jan\Downloads\dfdownloader_xMdXQR_.exe 2014-05-13 22:19 - 2014-05-13 22:39 - 1015875267 _____ () C:\Users\Jan\Downloads\CSS_2013_patch_1909615_nosTEAM.exe 2014-05-13 21:19 - 2014-05-13 21:19 - 00222184 _____ (Deposit Files) C:\Users\Jan\Downloads\dfdownloader_luc4Mu_.exe 2014-05-13 21:07 - 2014-05-14 12:24 - 00000000 ____D () C:\Users\Jan\AppData\Roaming\uTorrent 2014-05-13 21:06 - 2014-05-13 21:06 - 01670992 _____ (BitTorrent Inc.) C:\Users\Jan\Downloads\uTorrent_3.4.1_31139.exe 2014-05-13 21:00 - 2014-05-13 21:00 - 00222184 _____ (Deposit Files) C:\Users\Jan\Downloads\dfdownloader_sbRdYx_.exe 2014-05-12 22:50 - 2014-05-12 22:50 - 00000000 ____D () C:\ProgramData\ItsMyApp 2014-05-12 22:49 - 2014-05-14 12:25 - 00000000 ____D () C:\ProgramData\18be15233c43999c 2014-05-12 22:49 - 2014-05-12 22:49 - 00000000 ____D () C:\Users\Jan\AppData\Local\Google 2014-05-12 22:49 - 2014-05-12 22:49 - 00000000 ____D () C:\Users\Jan\AppData\Local\Comodo 2014-05-12 22:49 - 2014-05-12 22:49 - 00000000 ____D () C:\Users\Jan\AppData\Local\Chromatic Browser 2014-05-12 22:49 - 2014-05-12 22:49 - 00000000 ____D () C:\Users\Gast\AppData\Local\Google 2014-05-12 22:49 - 2014-05-12 22:49 - 00000000 ____D () C:\Users\Gast\AppData\Local\Comodo 2014-05-12 22:49 - 2014-05-12 22:49 - 00000000 ____D () C:\Users\Gast\AppData\Local\Chromatic Browser 2014-05-12 22:49 - 2014-05-12 22:49 - 00000000 ____D () C:\Users\Gast 2014-05-12 22:49 - 2014-05-12 22:49 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Google 2014-05-12 22:49 - 2014-05-12 22:49 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Comodo 2014-05-12 22:49 - 2014-05-12 22:49 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Chromatic Browser 2014-05-12 22:49 - 2014-05-12 22:49 - 00000000 ____D () C:\Users\Administrator 2014-05-12 22:48 - 2014-05-12 22:55 - 00000000 ____D () C:\ProgramData\InstallMate 2014-05-12 22:38 - 2014-02-12 22:26 - 00000426 _____ () C:\AVScanner.ini 2014-05-12 22:10 - 2014-05-13 22:46 - 00000000 ____D () C:\Users\Jan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games 2014-05-12 22:07 - 2014-05-12 22:07 - 00000000 ____D () C:\Users\Jan\Documents\230828-672014-dungeon-keeper-2.rar 2014-05-10 17:56 - 2014-05-14 19:34 - 00000000 ____D () C:\Program Files\Mozilla Firefox 2014-05-06 17:34 - 2014-05-15 13:10 - 00000000 ___SD () C:\Windows\system32\CompatTel 2014-05-02 21:03 - 2014-05-02 21:03 - 03441423 _____ () C:\Users\Jan\Downloads\Instalok - Pick Anyone (Jason Derulo - 2014-04-29 18:12 - 2014-03-06 10:31 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll 2014-04-29 18:12 - 2014-03-06 10:02 - 00455168 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll 2014-04-29 18:12 - 2014-03-06 10:02 - 00061952 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll 2014-04-29 18:12 - 2014-03-06 10:01 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll 2014-04-29 18:12 - 2014-03-06 09:47 - 02178048 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2014-04-29 18:12 - 2014-03-06 09:46 - 04254720 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2014-04-29 18:12 - 2014-03-06 09:46 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll 2014-04-29 18:12 - 2014-03-06 09:45 - 00032768 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll 2014-04-29 18:12 - 2014-03-06 09:40 - 00440832 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll 2014-04-29 18:12 - 2014-03-06 09:38 - 00112128 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe 2014-04-29 18:12 - 2014-03-06 09:38 - 00108032 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe 2014-04-29 18:12 - 2014-03-06 09:36 - 00592896 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll 2014-04-29 18:12 - 2014-03-06 09:28 - 00646144 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe 2014-04-29 18:12 - 2014-03-06 09:22 - 00367616 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll 2014-04-29 18:12 - 2014-03-06 09:18 - 00575488 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe 2014-04-29 18:12 - 2014-03-06 09:13 - 00032256 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll 2014-04-29 18:12 - 2014-03-06 09:07 - 00164864 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll 2014-04-29 18:12 - 2014-03-06 09:01 - 00244224 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll 2014-04-29 18:12 - 2014-03-06 08:46 - 00524288 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2014-04-29 18:12 - 2014-03-06 08:40 - 01967104 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl 2014-04-29 18:12 - 2014-03-06 08:36 - 11745792 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2014-04-29 18:12 - 2014-03-06 07:43 - 00704512 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll 2014-04-29 18:12 - 2014-03-06 07:41 - 01789440 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2014-04-29 18:12 - 2014-03-06 07:36 - 01143808 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2014-04-26 13:05 - 2014-05-14 12:24 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk 2014-04-26 13:05 - 2014-04-26 13:05 - 00001993 _____ () C:\Users\Public\Desktop\Adobe Reader XI.lnk 2014-04-26 13:04 - 2014-04-26 13:07 - 00000000 ____D () C:\ProgramData\Adobe 2014-04-26 13:04 - 2014-04-26 13:04 - 00000000 ____D () C:\Program Files\Common Files\Adobe 2014-04-26 13:04 - 2014-04-26 13:04 - 00000000 ____D () C:\Program Files\Adobe 2014-04-18 23:28 - 2014-04-18 23:28 - 04440764 _____ () C:\Users\Jan\Downloads\Pinkzebra ==================== One Month Modified Files and Folders ======= 2014-05-16 00:30 - 2014-05-16 00:30 - 00007012 _____ () C:\Users\Jan\Downloads\FRST.txt 2014-05-16 00:30 - 2014-05-16 00:30 - 00000000 ____D () C:\FRST 2014-05-16 00:29 - 2014-05-16 00:29 - 00000468 _____ () C:\Users\Jan\Downloads\defogger_disable.log 2014-05-16 00:29 - 2014-05-16 00:29 - 00000000 _____ () C:\Users\Jan\defogger_reenable 2014-05-16 00:29 - 2013-12-06 19:26 - 00000000 ____D () C:\Users\Jan 2014-05-16 00:27 - 2014-05-16 00:27 - 01056768 _____ (Farbar) C:\Users\Jan\Downloads\FRST.exe 2014-05-16 00:27 - 2014-05-16 00:27 - 00380416 _____ () C:\Users\Jan\Downloads\Gmer-19357.exe 2014-05-16 00:26 - 2014-05-16 00:26 - 00050477 _____ () C:\Users\Jan\Downloads\Defogger.exe 2014-05-16 00:11 - 2013-12-13 16:17 - 00000000 ____D () C:\Users\Jan\AppData\Roaming\TS3Client 2014-05-16 00:08 - 2013-12-06 22:22 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job 2014-05-15 21:54 - 2013-12-06 18:47 - 01226295 _____ () C:\Windows\WindowsUpdate.log 2014-05-15 17:20 - 2014-05-14 11:10 - 00107736 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2014-05-15 14:25 - 2009-07-14 06:34 - 00014016 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2014-05-15 14:25 - 2009-07-14 06:34 - 00014016 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2014-05-15 14:23 - 2013-12-06 19:08 - 01622164 _____ () C:\Windows\system32\PerfStringBackup.INI 2014-05-15 14:21 - 2014-05-15 14:21 - 00000498 _____ () C:\DelFix.txt 2014-05-15 14:17 - 2013-12-09 17:20 - 00151656 _____ () C:\Windows\PFRO.log 2014-05-15 14:17 - 2013-12-06 20:15 - 00000000 ____D () C:\ProgramData\NVIDIA 2014-05-15 14:17 - 2009-07-14 06:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2014-05-15 14:17 - 2009-07-14 06:39 - 00058974 _____ () C:\Windows\setupact.log 2014-05-15 14:02 - 2014-05-14 11:11 - 00000000 ____D () C:\Program Files\Spybot - Search & Destroy 2 2014-05-15 14:00 - 2013-12-06 19:27 - 00001144 _____ () C:\Users\Jan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk 2014-05-15 13:55 - 2014-05-15 13:55 - 00000079 _____ () C:\Windows\wininit.ini 2014-05-15 13:55 - 2014-05-14 11:11 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy 2014-05-15 13:43 - 2014-05-14 11:08 - 00000000 ____D () C:\Program Files\Lavasoft 2014-05-15 13:40 - 2014-05-15 13:40 - 00000000 ____D () C:\Users\Jan\Documents\ProcAlyzer Dumps 2014-05-15 13:25 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\Microsoft.NET 2014-05-15 13:10 - 2014-05-06 17:34 - 00000000 ___SD () C:\Windows\system32\CompatTel 2014-05-15 13:10 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\system32\de-DE 2014-05-14 20:04 - 2014-05-14 20:04 - 00000199 _____ () C:\Users\Jan\Desktop\Counter-Strike Global Offensive.url 2014-05-14 19:35 - 2013-12-06 19:36 - 00000000 ____D () C:\Users\Jan\AppData\Roaming\Mozilla 2014-05-14 19:34 - 2014-05-14 19:34 - 00001117 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk 2014-05-14 19:34 - 2014-05-14 19:34 - 00001105 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk 2014-05-14 19:34 - 2014-05-14 19:34 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service 2014-05-14 19:34 - 2014-05-10 17:56 - 00000000 ____D () C:\Program Files\Mozilla Firefox 2014-05-14 12:25 - 2014-05-12 22:49 - 00000000 ____D () C:\ProgramData\18be15233c43999c 2014-05-14 12:24 - 2014-05-13 21:07 - 00000000 ____D () C:\Users\Jan\AppData\Roaming\uTorrent 2014-05-14 12:24 - 2014-04-26 13:05 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk 2014-05-14 12:19 - 2014-05-14 12:19 - 00000000 ____D () C:\Users\Jan\AppData\Roaming\LavasoftStatistics 2014-05-14 11:06 - 2014-05-14 11:06 - 00000744 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk 2014-05-14 11:06 - 2014-05-14 11:06 - 00000000 ____D () C:\ProgramData\Malwarebytes 2014-05-14 11:04 - 2014-05-14 11:04 - 46392680 _____ (Safer-Networking Ltd. ) C:\Users\Jan\Downloads\spybot-2.3.exe 2014-05-14 11:03 - 2014-05-14 11:03 - 17305616 _____ (Malwarebytes Corporation ) C:\Users\Jan\Downloads\mbam-setup-2.0.1.1004.exe 2014-05-14 11:03 - 2014-05-14 11:03 - 01727624 _____ () C:\Users\Jan\Downloads\Adaware_Installer_11153540.exe 2014-05-14 11:03 - 2014-05-14 11:03 - 00000000 ____D () C:\ProgramData\Lavasoft 2014-05-13 22:55 - 2014-05-13 22:55 - 00000000 __SHD () C:\Users\Jan\AppData\Local\EmieUserList 2014-05-13 22:55 - 2014-05-13 22:55 - 00000000 __SHD () C:\Users\Jan\AppData\Local\EmieSiteList 2014-05-13 22:53 - 2014-05-13 22:53 - 00000000 ____D () C:\Program Files\MSR 2014-05-13 22:52 - 2014-05-13 22:52 - 00000512 __RSH () C:\ProgramData\ntuser.pol 2014-05-13 22:52 - 2014-05-13 22:52 - 00000000 ____D () C:\Users\Jan\AppData\Roaming\wi_upd 2014-05-13 22:52 - 2014-05-13 22:52 - 00000000 ____D () C:\Users\Jan\AppData\Roaming\InetStat 2014-05-13 22:52 - 2014-05-13 22:52 - 00000000 ____D () C:\Users\Jan\AppData\Roaming\GetPrivate 2014-05-13 22:52 - 2009-07-14 04:37 - 00000000 ___HD () C:\Windows\system32\GroupPolicy 2014-05-13 22:51 - 2014-05-13 22:51 - 02271256 _____ () C:\Users\Jan\Downloads\Garrys.Mod.v13.06.20-v13.07.05.Update.exe 2014-05-13 22:46 - 2014-05-12 22:10 - 00000000 ____D () C:\Users\Jan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games 2014-05-13 22:39 - 2014-05-13 22:19 - 1015875267 _____ () C:\Users\Jan\Downloads\CSS_2013_patch_1909615_nosTEAM.exe 2014-05-13 22:37 - 2014-05-13 22:37 - 00222184 _____ (Deposit Files) C:\Users\Jan\Downloads\dfdownloader_xMdXQR_.exe 2014-05-13 21:19 - 2014-05-13 21:19 - 00222184 _____ (Deposit Files) C:\Users\Jan\Downloads\dfdownloader_luc4Mu_.exe 2014-05-13 21:08 - 2013-12-06 22:22 - 00692400 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe 2014-05-13 21:08 - 2013-12-06 22:22 - 00070832 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl 2014-05-13 21:06 - 2014-05-13 21:06 - 01670992 _____ (BitTorrent Inc.) C:\Users\Jan\Downloads\uTorrent_3.4.1_31139.exe 2014-05-13 21:00 - 2014-05-13 21:00 - 00222184 _____ (Deposit Files) C:\Users\Jan\Downloads\dfdownloader_sbRdYx_.exe 2014-05-12 23:14 - 2013-12-06 19:31 - 00000000 ____D () C:\Program Files\Common Files\Steam 2014-05-12 22:55 - 2014-05-12 22:48 - 00000000 ____D () C:\ProgramData\InstallMate 2014-05-12 22:50 - 2014-05-12 22:50 - 00000000 ____D () C:\ProgramData\ItsMyApp 2014-05-12 22:49 - 2014-05-12 22:49 - 00000000 ____D () C:\Users\Jan\AppData\Local\Google 2014-05-12 22:49 - 2014-05-12 22:49 - 00000000 ____D () C:\Users\Jan\AppData\Local\Comodo 2014-05-12 22:49 - 2014-05-12 22:49 - 00000000 ____D () C:\Users\Jan\AppData\Local\Chromatic Browser 2014-05-12 22:49 - 2014-05-12 22:49 - 00000000 ____D () C:\Users\Gast\AppData\Local\Google 2014-05-12 22:49 - 2014-05-12 22:49 - 00000000 ____D () C:\Users\Gast\AppData\Local\Comodo 2014-05-12 22:49 - 2014-05-12 22:49 - 00000000 ____D () C:\Users\Gast\AppData\Local\Chromatic Browser 2014-05-12 22:49 - 2014-05-12 22:49 - 00000000 ____D () C:\Users\Gast 2014-05-12 22:49 - 2014-05-12 22:49 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Google 2014-05-12 22:49 - 2014-05-12 22:49 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Comodo 2014-05-12 22:49 - 2014-05-12 22:49 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Chromatic Browser 2014-05-12 22:49 - 2014-05-12 22:49 - 00000000 ____D () C:\Users\Administrator 2014-05-12 22:20 - 2013-12-06 19:27 - 00000000 ____D () C:\Users\Jan\AppData\Local\VirtualStore 2014-05-12 22:07 - 2014-05-12 22:07 - 00000000 ____D () C:\Users\Jan\Documents\230828-672014-dungeon-keeper-2.rar 2014-05-09 09:06 - 2014-05-14 09:26 - 00369664 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll 2014-05-09 09:04 - 2014-05-14 09:26 - 00302592 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll 2014-05-08 16:12 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\rescache 2014-05-06 05:25 - 2014-05-15 01:36 - 17382912 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2014-05-06 05:07 - 2014-05-15 01:36 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2014-05-06 04:10 - 2014-05-15 01:36 - 00069632 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll 2014-05-02 21:03 - 2014-05-02 21:03 - 03441423 _____ () C:\Users\Jan\Downloads\Instalok - Pick Anyone (Jason Derulo - 2014-04-26 13:07 - 2014-04-26 13:04 - 00000000 ____D () C:\ProgramData\Adobe 2014-04-26 13:06 - 2013-12-06 22:21 - 00000000 ____D () C:\Users\Jan\AppData\Local\Adobe 2014-04-26 13:06 - 2013-12-06 20:53 - 00000000 ____D () C:\Users\Jan\AppData\Roaming\Adobe 2014-04-26 13:05 - 2014-04-26 13:05 - 00001993 _____ () C:\Users\Public\Desktop\Adobe Reader XI.lnk 2014-04-26 13:04 - 2014-04-26 13:04 - 00000000 ____D () C:\Program Files\Common Files\Adobe 2014-04-26 13:04 - 2014-04-26 13:04 - 00000000 ____D () C:\Program Files\Adobe 2014-04-18 23:28 - 2014-04-18 23:28 - 04440764 _____ () C:\Users\Jan\Downloads\Pinkzebra Some content of TEMP: ==================== C:\Users\Jan\AppData\Local\Temp\Quarantine.exe ==================== Bamital & volsnap Check ================= C:\Windows\explorer.exe => MD5 is legit C:\Windows\system32\winlogon.exe [2014-05-14 09:26] - [2014-03-04 11:17] - 0304128 ____A (Microsoft Corporation) 998507B046BA314CE8245364C686FA67 C:\Windows\system32\wininit.exe => MD5 is legit C:\Windows\system32\svchost.exe => MD5 is legit C:\Windows\system32\services.exe => MD5 is legit C:\Windows\system32\User32.dll => MD5 is legit C:\Windows\system32\userinit.exe => MD5 is legit C:\Windows\system32\rpcss.dll => MD5 is legit C:\Windows\system32\Drivers\volsnap.sys => MD5 is legit LastRegBack: 2014-05-09 11:39 ==================== End Of Log ============================ --- --- --- --- --- --- --- --- --- Hier der Addition logfile: Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x86) Version:15-05-2014 Ran by Jan at 2014-05-16 00:31:15 Running from C:\Users\Jan\Downloads Boot Mode: Normal ========================================================== ==================== Security Center ======================== AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} ==================== Installed Programs ====================== Adobe Flash Player 13 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 13.0.0.214 - Adobe Systems Incorporated) Adobe Reader XI (11.0.07) - Deutsch (HKLM\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.07 - Adobe Systems Incorporated) Age of Empires II: HD Edition (HKLM\...\Steam App 221380) (Version: - Hidden Path Entertainment, Ensemble Studios) Battle.net (HKLM\...\Battle.net) (Version: - Blizzard Entertainment) BattlEye for OA Uninstall (HKLM\...\BattlEye for OA) (Version: - ) Counter-Strike: Global Offensive (HKLM\...\Steam App 730) (Version: - Valve) Dawngate (HKLM\...\{25FAB7E0-526C-437F-8D55-7F00436B873D}) (Version: 180.16.77.0 - Electronic Arts, Inc.) DayZ Commander (HKLM\...\{B3653588-3AC0-4A1D-950F-D96531E84374}) (Version: 0.92.91 - Dotjosh Studios) Dota 2 (HKLM\...\Steam App 570) (Version: - Valve) GeForce Experience NvStream Client Components (Version: 1.6.28 - NVIDIA Corporation) Hidden Hearthstone (HKLM\...\Hearthstone) (Version: - Blizzard Entertainment) Malwarebytes Anti-Malware Version 2.0.1.1004 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.1.1004 - Malwarebytes Corporation) Microsoft .NET Framework 4.5.1 (DEU) (Version: 4.5.50938 - Microsoft Corporation) Hidden Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation) Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation) Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden Microsoft Office Home and Business 2010 - Deutsch (HKLM\...\{90140011-0062-0407-0000-0000000FF1CE}) (Version: 14.0.6137.5006 - Microsoft Corporation) Microsoft Office Klick-und-Los 2010 (HKLM\...\Office14.Click2Run) (Version: 14.0.6122.5000 - Microsoft Corporation) Microsoft Office Klick-und-Los 2010 (Version: 14.0.6122.5000 - Microsoft Corporation) Hidden Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation) Mozilla Firefox 29.0.1 (x86 de) (HKLM\...\Mozilla Firefox 29.0.1 (x86 de)) (Version: 29.0.1 - Mozilla) Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla) NVIDIA 3D Vision Treiber 332.21 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 332.21 - NVIDIA Corporation) NVIDIA Drivers (HKLM\...\NVIDIA Drivers) (Version: 1.3 - ) NVIDIA GeForce Experience 1.8.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 1.8.1 - NVIDIA Corporation) NVIDIA Grafiktreiber 332.21 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 332.21 - NVIDIA Corporation) NVIDIA Install Application (Version: 2.1002.142.992 - NVIDIA Corporation) Hidden NVIDIA LED Visualizer 1.0 (Version: 1.0 - NVIDIA Corporation) Hidden NVIDIA Network Service (Version: 1.0 - NVIDIA Corporation) Hidden NVIDIA PhysX (Version: 9.13.0725 - NVIDIA Corporation) Hidden NVIDIA PhysX-Systemsoftware 9.13.0725 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.13.0725 - NVIDIA Corporation) NVIDIA ShadowPlay 10.11.15 (Version: 10.11.15 - NVIDIA Corporation) Hidden NVIDIA Stereoscopic 3D Driver (Version: 7.17.13.3221 - NVIDIA Corporation) Hidden NVIDIA Systemsteuerung 332.21 (Version: 332.21 - NVIDIA Corporation) Hidden NVIDIA Update 10.11.15 (Version: 10.11.15 - NVIDIA Corporation) Hidden NVIDIA Update Core (Version: 10.11.15 - NVIDIA Corporation) Hidden NVIDIA Virtual Audio 1.2.19 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_VirtualAudio.Driver) (Version: 1.2.19 - NVIDIA Corporation) RICOH R5U8xx Media Driver ver.3.62.02 (HKLM\...\{59F6A514-9813-47A3-948C-8A155460CC2A}) (Version: 3.62.02 - RICOH) SHIELD Streaming (Version: 1.6.85 - NVIDIA Corporation) Hidden System Update kb70007 (Version: 1.0.0 - MSR) Hidden TeamSpeak 3 Client (HKLM\...\TeamSpeak 3 Client) (Version: 3.0.14 - TeamSpeak Systems GmbH) Virtual Audio Cable 4.10 (HKLM\...\Virtual Audio Cable 4.10) (Version: - ) Winamp (HKLM\...\Winamp) (Version: 5.666 - Nullsoft, Inc) WinRAR 5.01 (32-Bit) (HKLM\...\WinRAR archiver) (Version: 5.01.0 - win.rar GmbH) ==================== Restore Points ========================= 13-05-2014 09:05:50 Windows Update 14-05-2014 09:03:45 AA11 14-05-2014 19:00:40 DirectX wurde installiert 14-05-2014 21:17:52 DirectX wurde installiert 14-05-2014 23:35:37 Windows Update 15-05-2014 11:42:14 AA11 ==================== Hosts content: ========================== 2009-07-14 04:04 - 2009-06-10 23:39 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts ==================== Scheduled Tasks (whitelisted) ============= Task: {1BB89AD4-3C3A-42D0-9CF6-A0A5A8DF2A39} - System32\Tasks\GPUpdate => C:\Users\Jan\AppData\Roaming\GetPrivate\gp_upd.exe [2014-05-13] () Task: {215F6E25-FBDC-4792-80CE-113F63F866E1} - System32\Tasks\SW-Booster-S-702149676 => c:\programdata\itsmyapp\sw-booster\SW-Booster.exe Task: {C466B0A0-A28D-4B57-882F-293F688E84EB} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2014-05-13] (Adobe Systems Incorporated) Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe ==================== Loaded Modules (whitelisted) ============= 2013-12-06 20:14 - 2013-12-19 20:37 - 00107296 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax.dll 2014-05-13 22:53 - 2014-05-08 15:23 - 00018944 _____ () C:\Windows\Microsoft\SystemUpdatekb70007\WindowsUpdater.exe 2014-05-13 22:53 - 2014-05-08 15:23 - 00064000 _____ () C:\Windows\Microsoft\SystemUpdatekb70007\InstallerLibrary.dll 2014-05-13 22:53 - 2014-05-08 15:23 - 00016896 _____ () C:\Windows\Microsoft\SystemUpdatekb70007\Installer.dll 2014-05-13 22:53 - 2014-05-15 14:17 - 00086528 _____ () C:\Program Files\MSR\Privoxy\mgwz.dll 2014-05-14 19:34 - 2014-05-07 04:27 - 03839088 _____ () C:\Program Files\Mozilla Firefox\mozjs.dll 2014-05-13 21:08 - 2014-05-13 21:08 - 16361136 _____ () C:\Windows\system32\Macromed\Flash\NPSWF32_13_0_0_214.dll ==================== Alternate Data Streams (whitelisted) ========= ==================== Safe Mode (whitelisted) =================== ==================== EXE Association (whitelisted) ============= ==================== Disabled items from MSCONFIG ============== ==================== Faulty Device Manager Devices ============= ==================== Event log errors: ========================= Application errors: ================== Error: (05/14/2014 11:53:06 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Name der fehlerhaften Anwendung: csgo.exe, Version: 0.0.0.0, Zeitstempel: 0x53628ca7 Name des fehlerhaften Moduls: tier0.dll, Version: 0.0.0.0, Zeitstempel: 0x5362c098 Ausnahmecode: 0x40000015 Fehleroffset: 0x0002181e ID des fehlerhaften Prozesses: 0x1184 Startzeit der fehlerhaften Anwendung: 0xcsgo.exe0 Pfad der fehlerhaften Anwendung: csgo.exe1 Pfad des fehlerhaften Moduls: csgo.exe2 Berichtskennung: csgo.exe3 Error: (05/14/2014 11:17:50 PM) (Source: VSS) (EventID: 8194) (User: ) Description: Volumeschattenkopie-Dienstfehler: Beim Abfragen nach der Schnittstelle "IVssWriterCallback" ist ein unerwarteter Fehler aufgetreten. hr = 0x80070005, Zugriff verweigert . Die Ursache hierfür ist oft eine falsche Sicherheitseinstellung im Schreib- oder Anfrageprozess. Vorgang: Generatordaten werden gesammelt Kontext: Generatorklassen-ID: {e8132975-6f93-4464-a53e-1050253ae220} Generatorname: System Writer Generatorinstanz-ID: {915dad4b-985f-485f-8f3d-afceda119803} Error: (05/14/2014 11:08:33 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Name der fehlerhaften Anwendung: csgo.exe, Version: 0.0.0.0, Zeitstempel: 0x53628ca7 Name des fehlerhaften Moduls: tier0.dll, Version: 0.0.0.0, Zeitstempel: 0x5362c098 Ausnahmecode: 0x40000015 Fehleroffset: 0x0002181e ID des fehlerhaften Prozesses: 0xffc Startzeit der fehlerhaften Anwendung: 0xcsgo.exe0 Pfad der fehlerhaften Anwendung: csgo.exe1 Pfad des fehlerhaften Moduls: csgo.exe2 Berichtskennung: csgo.exe3 Error: (05/14/2014 10:34:45 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Name der fehlerhaften Anwendung: csgo.exe, Version: 0.0.0.0, Zeitstempel: 0x53628ca7 Name des fehlerhaften Moduls: tier0.dll, Version: 0.0.0.0, Zeitstempel: 0x5362c098 Ausnahmecode: 0x40000015 Fehleroffset: 0x0002181e ID des fehlerhaften Prozesses: 0xb0c Startzeit der fehlerhaften Anwendung: 0xcsgo.exe0 Pfad der fehlerhaften Anwendung: csgo.exe1 Pfad des fehlerhaften Moduls: csgo.exe2 Berichtskennung: csgo.exe3 Error: (05/14/2014 10:17:15 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Name der fehlerhaften Anwendung: csgo.exe, Version: 0.0.0.0, Zeitstempel: 0x53628ca7 Name des fehlerhaften Moduls: tier0.dll, Version: 0.0.0.0, Zeitstempel: 0x5362c098 Ausnahmecode: 0x40000015 Fehleroffset: 0x0002181e ID des fehlerhaften Prozesses: 0x7f4 Startzeit der fehlerhaften Anwendung: 0xcsgo.exe0 Pfad der fehlerhaften Anwendung: csgo.exe1 Pfad des fehlerhaften Moduls: csgo.exe2 Berichtskennung: csgo.exe3 Error: (05/14/2014 09:55:41 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Name der fehlerhaften Anwendung: csgo.exe, Version: 0.0.0.0, Zeitstempel: 0x53628ca7 Name des fehlerhaften Moduls: tier0.dll, Version: 0.0.0.0, Zeitstempel: 0x5362c098 Ausnahmecode: 0x40000015 Fehleroffset: 0x0002181e ID des fehlerhaften Prozesses: 0xda4 Startzeit der fehlerhaften Anwendung: 0xcsgo.exe0 Pfad der fehlerhaften Anwendung: csgo.exe1 Pfad des fehlerhaften Moduls: csgo.exe2 Berichtskennung: csgo.exe3 Error: (05/14/2014 09:47:53 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Name der fehlerhaften Anwendung: csgo.exe, Version: 0.0.0.0, Zeitstempel: 0x53628ca7 Name des fehlerhaften Moduls: tier0.dll, Version: 0.0.0.0, Zeitstempel: 0x5362c098 Ausnahmecode: 0x40000015 Fehleroffset: 0x0002181e ID des fehlerhaften Prozesses: 0x840 Startzeit der fehlerhaften Anwendung: 0xcsgo.exe0 Pfad der fehlerhaften Anwendung: csgo.exe1 Pfad des fehlerhaften Moduls: csgo.exe2 Berichtskennung: csgo.exe3 Error: (05/14/2014 09:36:17 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Name der fehlerhaften Anwendung: csgo.exe, Version: 0.0.0.0, Zeitstempel: 0x53628ca7 Name des fehlerhaften Moduls: tier0.dll, Version: 0.0.0.0, Zeitstempel: 0x5362c098 Ausnahmecode: 0x40000015 Fehleroffset: 0x0002181e ID des fehlerhaften Prozesses: 0x1184 Startzeit der fehlerhaften Anwendung: 0xcsgo.exe0 Pfad der fehlerhaften Anwendung: csgo.exe1 Pfad des fehlerhaften Moduls: csgo.exe2 Berichtskennung: csgo.exe3 Error: (05/14/2014 09:00:35 PM) (Source: VSS) (EventID: 8194) (User: ) Description: Volumeschattenkopie-Dienstfehler: Beim Abfragen nach der Schnittstelle "IVssWriterCallback" ist ein unerwarteter Fehler aufgetreten. hr = 0x80070005, Zugriff verweigert . Die Ursache hierfür ist oft eine falsche Sicherheitseinstellung im Schreib- oder Anfrageprozess. Vorgang: Generatordaten werden gesammelt Kontext: Generatorklassen-ID: {e8132975-6f93-4464-a53e-1050253ae220} Generatorname: System Writer Generatorinstanz-ID: {915dad4b-985f-485f-8f3d-afceda119803} Error: (05/14/2014 00:23:19 PM) (Source: MsiInstaller) (EventID: 1024) (User: Jan-PC) Description: Produkt: Adobe Reader XI - Deutsch - Update "{AC76BA86-7AD7-0000-2550-7A8C40011007}" konnte nicht installiert werden. Fehlercode 1625. Windows Installer kann Protokolle erstellen, um bei der Problembehandlung betreffend der Installation von Softwarepaketen behilflich zu sein. Verwenden Sie folgenden Link, um Anweisungen zur Aktivierung der Protokollierungsunterstützung zu erhalten: hxxp://go.microsoft.com/fwlink/?LinkId=23127 System errors: ============= Error: (05/14/2014 11:46:35 AM) (Source: Service Control Manager) (EventID: 7031) (User: ) Description: Der Dienst "Spybot-S&D 2 Updating Service" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 60000 Millisekunden durchgeführt: Neustart des Diensts. Error: (05/14/2014 11:46:35 AM) (Source: Service Control Manager) (EventID: 7031) (User: ) Description: Der Dienst "Spybot-S&D 2 Security Center Service" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 60000 Millisekunden durchgeführt: Neustart des Diensts. Error: (05/14/2014 11:46:35 AM) (Source: Service Control Manager) (EventID: 7031) (User: ) Description: Der Dienst "Spybot-S&D 2 Scanner Service" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 60000 Millisekunden durchgeführt: Neustart des Diensts. Error: (05/14/2014 11:42:49 AM) (Source: Service Control Manager) (EventID: 7034) (User: ) Description: Dienst "SW-Sustainer" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert. Error: (05/14/2014 11:41:01 AM) (Source: Service Control Manager) (EventID: 7034) (User: ) Description: Dienst "Supporter" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert. Error: (05/14/2014 11:18:41 AM) (Source: Service Control Manager) (EventID: 7009) (User: ) Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst BlockAndSurf erreicht. Error: (05/13/2014 10:54:34 PM) (Source: Service Control Manager) (EventID: 7034) (User: ) Description: Dienst "Search Protect Service" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert. Error: (05/12/2014 10:44:45 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: Der Dienst "Steam Client Service" wurde aufgrund folgenden Fehlers nicht gestartet: %%1053 Error: (05/12/2014 10:44:45 PM) (Source: Service Control Manager) (EventID: 7009) (User: ) Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Steam Client Service erreicht. Error: (04/27/2014 11:33:57 AM) (Source: ACPI) (EventID: 13) (User: ) Description: : Der eingebettete Controller (EC) hat nicht innerhalb des angegebenen Zeitlimits reagiert. Dies deutet auf einen Fehler in der EC-Hardware oder -Firmware hin bzw. darauf, dass das BIOS auf falsche Art auf den EC zugreift. Fragen Sie den Computerhersteller nach einem aktualisierten BIOS. Dieser Fehler kann in einigen Situationen zur Folge haben, dass der Computer fehlerhaft läuft. Microsoft Office Sessions: ========================= Error: (05/14/2014 11:53:06 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: csgo.exe0.0.0.053628ca7tier0.dll0.0.0.05362c098400000150002181e118401cf6fba271f2c5eG:\Steam\steamapps\common\Counter-Strike Global Offensive\csgo.exeG:\Steam\steamapps\common\Counter-Strike Global Offensive\bin\tier0.dll20c04a4a-dbb2-11e3-9838-001d606b6967 Error: (05/14/2014 11:17:50 PM) (Source: VSS) (EventID: 8194) (User: ) Description: 0x80070005, Zugriff verweigert Vorgang: Generatordaten werden gesammelt Kontext: Generatorklassen-ID: {e8132975-6f93-4464-a53e-1050253ae220} Generatorname: System Writer Generatorinstanz-ID: {915dad4b-985f-485f-8f3d-afceda119803} Error: (05/14/2014 11:08:33 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: csgo.exe0.0.0.053628ca7tier0.dll0.0.0.05362c098400000150002181effc01cf6fb3f947451aG:\Steam\steamapps\common\Counter-Strike Global Offensive\csgo.exeG:\Steam\steamapps\common\Counter-Strike Global Offensive\bin\tier0.dlle7f1ad5d-dbab-11e3-9838-001d606b6967 Error: (05/14/2014 10:34:45 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: csgo.exe0.0.0.053628ca7tier0.dll0.0.0.05362c098400000150002181eb0c01cf6fb34836bfe3G:\Steam\steamapps\common\Counter-Strike Global Offensive\csgo.exeG:\Steam\steamapps\common\Counter-Strike Global Offensive\bin\tier0.dll2f3d1ee9-dba7-11e3-9838-001d606b6967 Error: (05/14/2014 10:17:15 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: csgo.exe0.0.0.053628ca7tier0.dll0.0.0.05362c098400000150002181e7f401cf6fae8514f91aG:\Steam\steamapps\common\Counter-Strike Global Offensive\csgo.exeG:\Steam\steamapps\common\Counter-Strike Global Offensive\bin\tier0.dllbd04743e-dba4-11e3-9838-001d606b6967 Error: (05/14/2014 09:55:41 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: csgo.exe0.0.0.053628ca7tier0.dll0.0.0.05362c098400000150002181eda401cf6fad7195de2bG:\Steam\steamapps\common\Counter-Strike Global Offensive\csgo.exeG:\Steam\steamapps\common\Counter-Strike Global Offensive\bin\tier0.dllb9d69425-dba1-11e3-9838-001d606b6967 Error: (05/14/2014 09:47:53 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: csgo.exe0.0.0.053628ca7tier0.dll0.0.0.05362c098400000150002181e84001cf6fabf1291a9cG:\Steam\steamapps\common\Counter-Strike Global Offensive\csgo.exeG:\Steam\steamapps\common\Counter-Strike Global Offensive\bin\tier0.dlla2d54a2f-dba0-11e3-9838-001d606b6967 Error: (05/14/2014 09:36:17 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: csgo.exe0.0.0.053628ca7tier0.dll0.0.0.05362c098400000150002181e118401cf6fa96471365eG:\Steam\steamapps\common\Counter-Strike Global Offensive\csgo.exeG:\Steam\steamapps\common\Counter-Strike Global Offensive\bin\tier0.dll042706d7-db9f-11e3-9838-001d606b6967 Error: (05/14/2014 09:00:35 PM) (Source: VSS) (EventID: 8194) (User: ) Description: 0x80070005, Zugriff verweigert Vorgang: Generatordaten werden gesammelt Kontext: Generatorklassen-ID: {e8132975-6f93-4464-a53e-1050253ae220} Generatorname: System Writer Generatorinstanz-ID: {915dad4b-985f-485f-8f3d-afceda119803} Error: (05/14/2014 00:23:19 PM) (Source: MsiInstaller) (EventID: 1024) (User: Jan-PC) Description: Adobe Reader XI - Deutsch{AC76BA86-7AD7-0000-2550-7A8C40011007}1625(NULL)(NULL)(NULL) ==================== Memory info =========================== Percentage of memory in use: 34% Total physical RAM: 3071.3 MB Available physical RAM: 2002.75 MB Total Pagefile: 6140.9 MB Available Pagefile: 4919.7 MB Total Virtual: 2047.88 MB Available Virtual: 1918.57 MB ==================== Drives ================================ Drive c: (Main) (Fixed) (Total:67.07 GB) (Free:24.38 GB) NTFS ==>[Drive with boot components (obtained from BCD)] Drive d: (DATA) (Fixed) (Total:44.71 GB) (Free:39.35 GB) NTFS Drive f: (INTENSO) (Removable) (Total:3.73 GB) (Free:1.28 GB) FAT32 Drive g: (Elements) (Fixed) (Total:931.51 GB) (Free:716.72 GB) NTFS ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or 8) (Size: 112 GB) (Disk ID: 15807A61) Partition 1: (Active) - (Size=67 GB) - (Type=07 NTFS) Partition 2: (Not Active) - (Size=45 GB) - (Type=OF Extended) ======================================================== Disk: 1 (Size: 4 GB) (Disk ID: 00000000) Partition: GPT Partition Type. ======================================================== Disk: 2 (MBR Code: Windows XP) (Size: 932 GB) (Disk ID: 00261DDD) Partition 1: (Not Active) - (Size=932 GB) - (Type=07 NTFS) ==================== End Of Log ============================ Code:
ATTFilter GMER 2.1.19357 - hxxp://www.gmer.net Rootkit scan 2014-05-16 00:42:49 Windows 6.1.7601 Service Pack 1 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-3 FUJITSU_MHW2120BH rev.00930013 111,79GB Running: Gmer-19357.exe; Driver: C:\Users\Jan\AppData\Local\Temp\pxldypow.sys ---- Kernel code sections - GMER 2.1 ---- .text ntkrnlpa.exe!ZwRollbackEnlistment + 142D 82A56A15 1 Byte [06] .text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 82A90212 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3} ---- User code sections - GMER 2.1 ---- .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe[2068] ntdll.dll!NtCreateFile + 6 77BF560E 4 Bytes [28, 20, 07, 00] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe[2068] ntdll.dll!NtCreateFile + B 77BF5613 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe[2068] ntdll.dll!NtCreateKey + 6 77BF564E 4 Bytes [68, 21, 07, 00] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe[2068] ntdll.dll!NtCreateKey + B 77BF5653 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe[2068] ntdll.dll!NtCreateMutant + 6 77BF568E 4 Bytes [68, 22, 07, 00] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe[2068] ntdll.dll!NtCreateMutant + B 77BF5693 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe[2068] ntdll.dll!NtCreateSection + 6 77BF572E 4 Bytes [A8, 22, 07, 00] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe[2068] ntdll.dll!NtCreateSection + B 77BF5733 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe[2068] ntdll.dll!NtMapViewOfSection + B 77BF5C73 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe[2068] ntdll.dll!NtOpenFile + 6 77BF5D1E 4 Bytes [68, 20, 07, 00] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe[2068] ntdll.dll!NtOpenFile + B 77BF5D23 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe[2068] ntdll.dll!NtOpenKey + 6 77BF5D4E 4 Bytes [A8, 21, 07, 00] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe[2068] ntdll.dll!NtOpenKey + B 77BF5D53 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe[2068] ntdll.dll!NtOpenKeyEx + B 77BF5D63 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe[2068] ntdll.dll!NtOpenMutant + 6 77BF5D9E 4 Bytes [28, 22, 07, 00] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe[2068] ntdll.dll!NtOpenMutant + B 77BF5DA3 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe[2068] ntdll.dll!NtOpenProcess + 6 77BF5DCE 4 Bytes [68, 23, 07, 00] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe[2068] ntdll.dll!NtOpenProcess + B 77BF5DD3 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe[2068] ntdll.dll!NtOpenProcessToken + 6 77BF5DDE 4 Bytes [A8, 23, 07, 00] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe[2068] ntdll.dll!NtOpenProcessToken + B 77BF5DE3 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe[2068] ntdll.dll!NtOpenProcessTokenEx + 6 77BF5DEE 4 Bytes [68, 24, 07, 00] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe[2068] ntdll.dll!NtOpenProcessTokenEx + B 77BF5DF3 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe[2068] ntdll.dll!NtOpenSection + B 77BF5E13 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe[2068] ntdll.dll!NtOpenThread + 6 77BF5E4E 4 Bytes [28, 23, 07, 00] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe[2068] ntdll.dll!NtOpenThread + B 77BF5E53 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe[2068] ntdll.dll!NtOpenThreadToken + 6 77BF5E5E 4 Bytes [28, 24, 07, 00] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe[2068] ntdll.dll!NtOpenThreadToken + B 77BF5E63 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe[2068] ntdll.dll!NtOpenThreadTokenEx + 6 77BF5E6E 4 Bytes [A8, 24, 07, 00] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe[2068] ntdll.dll!NtOpenThreadTokenEx + B 77BF5E73 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe[2068] ntdll.dll!NtQueryAttributesFile + 6 77BF5F7E 4 Bytes [A8, 20, 07, 00] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe[2068] ntdll.dll!NtQueryAttributesFile + B 77BF5F83 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe[2068] ntdll.dll!NtQueryFullAttributesFile + B 77BF6033 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe[2068] ntdll.dll!NtSetInformationFile + 6 77BF667E 4 Bytes [28, 21, 07, 00] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe[2068] ntdll.dll!NtSetInformationFile + B 77BF6683 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe[2068] ntdll.dll!NtSetInformationThread + B 77BF66E3 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe[2068] ntdll.dll!NtUnmapViewOfSection + 6 77BF69FE 4 Bytes [28, 25, 07, 00] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe[2068] ntdll.dll!NtUnmapViewOfSection + B 77BF6A03 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe[2068] kernel32.dll!CreateProcessW 763F204D 5 Bytes JMP 00080030 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe[2068] kernel32.dll!CreateProcessA 763F2082 5 Bytes JMP 00080070 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe[2068] user32.DLL!ActivateKeyboardLayout 765D8203 5 Bytes JMP 000C04F0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe[2068] user32.DLL!ScreenToClient 765DA506 7 Bytes JMP 000C0670 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe[2068] user32.DLL!RegisterClipboardFormatA 765DC091 5 Bytes JMP 000C02F0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe[2068] user32.DLL!RegisterClipboardFormatW 765DDF8D 5 Bytes JMP 000C02B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe[2068] user32.DLL!SetCursor 765E3075 5 Bytes JMP 000C0530 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe[2068] user32.DLL!MonitorFromWindow 765E3622 7 Bytes JMP 000C0630 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe[2068] user32.DLL!PostMessageW 765E447B 5 Bytes JMP 000C05F0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe[2068] user32.DLL!IsWindowVisible 765E4D69 7 Bytes JMP 000C06B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe[2068] user32.DLL!GetClientRect 765E54DD 7 Bytes JMP 000C05B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe[2068] user32.DLL!MapWindowPoints 765E5CAA 5 Bytes JMP 000C0570 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe[2068] user32.DLL!GetParent 765E6029 7 Bytes JMP 000C06F0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe[2068] user32.DLL!EmptyClipboard 765F290C 5 Bytes JMP 000C0130 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe[2068] user32.DLL!SetClipboardData 765F2962 5 Bytes JMP 000C0170 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe[2068] user32.DLL!GetClipboardData 765F2BA7 5 Bytes JMP 000C0030 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe[2068] user32.DLL!GetClipboardFormatNameW 765F5FD2 5 Bytes JMP 000C0230 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe[2068] user32.DLL!SetClipboardViewer 765F6FF6 5 Bytes JMP 000C04B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe[2068] user32.DLL!GetClipboardFormatNameA 765F700A 5 Bytes JMP 000C0270 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe[2068] user32.DLL!ChangeClipboardChain 7660147C 5 Bytes JMP 000C0430 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe[2068] user32.DLL!GetTopWindow 766024D9 7 Bytes JMP 000C0730 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe[2068] user32.DLL!CloseClipboard 7660446C 5 Bytes JMP 000C00B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe[2068] user32.DLL!OpenClipboard 7660447E 5 Bytes JMP 000C0070 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe[2068] user32.DLL!IsClipboardFormatAvailable 766044FF 5 Bytes JMP 000C00F0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe[2068] user32.DLL!GetClipboardSequenceNumber 76604513 5 Bytes JMP 000C0330 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe[2068] user32.DLL!GetClipboardOwner 76604525 5 Bytes JMP 000C0370 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe[2068] user32.DLL!CountClipboardFormats 7660470A 5 Bytes JMP 000C01F0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe[2068] user32.DLL!EnumClipboardFormats 766047EC 5 Bytes JMP 000C01B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe[2068] user32.DLL!GetOpenClipboardWindow 7660480B 5 Bytes JMP 000C03F0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe[2068] user32.DLL!SetCursorPos 7661C1B0 5 Bytes JMP 000C0770 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe[2068] user32.DLL!GetClipboardViewer 76634AF7 5 Bytes JMP 000C0470 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe[2068] user32.DLL!GetPriorityClipboardFormat 76634BF9 5 Bytes JMP 000C03B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe[2068] GDI32.dll!DeleteObject 77885F14 5 Bytes JMP 000D01B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe[2068] GDI32.dll!SelectObject 77886640 5 Bytes JMP 000D05F0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe[2068] GDI32.dll!SetTextColor 77886906 5 Bytes JMP 000D0A30 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe[2068] GDI32.dll!SetBkMode 778869B1 5 Bytes JMP 000D08F0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe[2068] GDI32.dll!DeleteDC 77886EAA 5 Bytes JMP 000D0170 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe[2068] GDI32.dll!GetDeviceCaps 77886F7F 5 Bytes JMP 000D03B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe[2068] GDI32.dll!ExtSelectClipRgn 77887114 5 Bytes JMP 000D02F0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe[2068] GDI32.dll!SelectClipRgn 77887242 5 Bytes JMP 000D05B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe[2068] GDI32.dll!SetStretchBltMode 77887705 5 Bytes JMP 000D06B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe[2068] GDI32.dll!GetCurrentObject 77887917 5 Bytes JMP 000D0370 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe[2068] GDI32.dll!GetTextMetricsW 77887B8F 5 Bytes JMP 000D0E30 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe[2068] GDI32.dll!GetTextAlign 77887DAF 5 Bytes JMP 000D0D70 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe[2068] GDI32.dll!IntersectClipRect 77887DFE 5 Bytes JMP 000D03F0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe[2068] GDI32.dll!ExtTextOutW 77888192 5 Bytes JMP 000D0970 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe[2068] GDI32.dll!SetTextAlign 7788828E 5 Bytes JMP 000D09F0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe[2068] GDI32.dll!GetClipBox 77888525 5 Bytes JMP 000D0330 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe[2068] GDI32.dll!MoveToEx 77888C21 5 Bytes JMP 000D0470 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe[2068] GDI32.dll!StretchDIBits 7788A53E 5 Bytes JMP 000D0770 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe[2068] GDI32.dll!RestoreDC 7788A67B 5 Bytes JMP 000D0530 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe[2068] GDI32.dll!SaveDC 7788A74B 5 Bytes JMP 000D0570 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe[2068] GDI32.dll!GetTextExtentPoint32W 7788B4B5 5 Bytes JMP 000D0670 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe[2068] GDI32.dll!GetTextFaceW 7788B73A 2 Bytes JMP 000D0D30 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe[2068] GDI32.dll!GetTextFaceW + 3 7788B73D 2 Bytes [84, 88] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe[2068] GDI32.dll!GetFontData 7788BCC4 5 Bytes JMP 000D0C70 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe[2068] GDI32.dll!SetWorldTransform 7788C90A 5 Bytes JMP 000D06F0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe[2068] GDI32.dll!CreateDCA 7788CCA9 5 Bytes JMP 000D00B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe[2068] GDI32.dll!CreateDCW 7788CF79 5 Bytes JMP 000D00F0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe[2068] GDI32.dll!CreateICW 7788CFD0 5 Bytes JMP 000D0130 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe[2068] GDI32.dll!GetTextMetricsA 7788D0F2 5 Bytes JMP 000D0DF0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe[2068] GDI32.dll!Rectangle 7788F1FF 5 Bytes JMP 000D09B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe[2068] GDI32.dll!LineTo 7788F59B 5 Bytes JMP 000D0430 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe[2068] GDI32.dll!SetICMMode 7788FAA4 5 Bytes JMP 000D0DB0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe[2068] GDI32.dll!ExtTextOutA 77890D20 5 Bytes JMP 000D0930 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe[2068] GDI32.dll!GetTextExtentPoint32A 7789117F 5 Bytes JMP 000D0630 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe[2068] GDI32.dll!ExtEscape 77892D49 5 Bytes JMP 000D02B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe[2068] GDI32.dll!Escape 77893400 5 Bytes JMP 000D0270 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe[2068] GDI32.dll!ResetDCW 77893A9B 5 Bytes JMP 000D0AB0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe[2068] GDI32.dll!EndPage 778940DA 5 Bytes JMP 000D0230 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe[2068] GDI32.dll!SetPolyFillMode 778967E1 5 Bytes JMP 000D0B30 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe[2068] GDI32.dll!SetMiterLimit 7789699D 5 Bytes JMP 000D0B70 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe[2068] GDI32.dll!GetTextFaceA 778A0D22 5 Bytes JMP 000D0CF0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe[2068] GDI32.dll!GetGlyphOutlineW 778AC2DA 5 Bytes JMP 000D0CB0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe[2068] GDI32.dll!CreateScalableFontResourceW 778AE937 5 Bytes JMP 000D0BB0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe[2068] GDI32.dll!AddFontResourceW 778AED33 5 Bytes JMP 000D0BF0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe[2068] GDI32.dll!RemoveFontResourceW 778AF229 5 Bytes JMP 000D0C30 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe[2068] GDI32.dll!AbortDoc 778B4E29 5 Bytes JMP 000D0030 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe[2068] GDI32.dll!EndDoc 778B5270 5 Bytes JMP 000D01F0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe[2068] GDI32.dll!StartPage 778B535B 5 Bytes JMP 000D0730 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe[2068] GDI32.dll!StartDocW 778B5D76 5 Bytes JMP 000D07F0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe[2068] GDI32.dll!BeginPath 778B651D 5 Bytes JMP 000D0830 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe[2068] GDI32.dll!SelectClipPath 778B6574 5 Bytes JMP 000D0AF0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe[2068] GDI32.dll!CloseFigure 778B65CF 5 Bytes JMP 000D0070 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe[2068] GDI32.dll!EndPath 778B6626 5 Bytes JMP 000D0A70 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe[2068] GDI32.dll!StrokePath 778B6859 5 Bytes JMP 000D07B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe[2068] GDI32.dll!FillPath 778B68E6 5 Bytes JMP 000D0870 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe[2068] GDI32.dll!PolylineTo 778B6D54 5 Bytes JMP 000D04F0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe[2068] GDI32.dll!PolyBezierTo 778B6DE5 5 Bytes JMP 000D04B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe[2068] GDI32.dll!PolyDraw 778B6E97 5 Bytes JMP 000D08B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe[2068] ole32.dll!OleSetClipboard 77AB0045 5 Bytes JMP 000F0030 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe[2068] ole32.dll!OleIsCurrentClipboard 77AB36B2 5 Bytes JMP 000F0070 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe[2068] ole32.dll!OleGetClipboard 77ADFDCD 5 Bytes JMP 000F00B0 .text C:\Program Files\Mozilla Firefox\firefox.exe[3984] ntdll.dll!LdrLoadDll 77C122AE 5 Bytes JMP 71671EB1 C:\Program Files\Mozilla Firefox\mozglue.dll .text C:\Program Files\Mozilla Firefox\firefox.exe[3984] kernel32.dll!K32GetDeviceDriverBaseNameW + 5D 764394E6 7 Bytes JMP 5DC084D6 C:\Program Files\Mozilla Firefox\xul.dll .text C:\Program Files\Mozilla Firefox\firefox.exe[3984] kernel32.dll!QueryPerformanceCounter + 13 7643C4E5 7 Bytes JMP 5DC084F9 C:\Program Files\Mozilla Firefox\xul.dll .text C:\Program Files\Mozilla Firefox\firefox.exe[3984] kernel32.dll!LoadAppInitDlls + 355 7643F5A6 7 Bytes JMP 5D283A32 C:\Program Files\Mozilla Firefox\xul.dll .text C:\Program Files\Mozilla Firefox\firefox.exe[3984] GDI32.dll!GetViewportOrgEx + 26C 7788884B 7 Bytes JMP 5DC08457 C:\Program Files\Mozilla Firefox\xul.dll .text C:\Program Files\Mozilla Firefox\plugin-container.exe[5112] USER32.dll!GetWindowInfo 765E4B5E 5 Bytes JMP 5D4BD777 C:\Program Files\Mozilla Firefox\xul.dll .text C:\Program Files\Mozilla Firefox\plugin-container.exe[5112] USER32.dll!ToUnicodeEx + 71 765F2223 7 Bytes JMP 5D4B70E4 C:\Program Files\Mozilla Firefox\xul.dll ---- Devices - GMER 2.1 ---- AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys ---- Registry - GMER 2.1 ---- Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Superfetch@VirtualStoreSize 1492 ---- EOF - GMER 2.1 ---- Code:
ATTFilter Malwarebytes Anti-Malware www.malwarebytes.org Scan Date: 14.05.2014 Scan Time: 12:18:35 Logfile: mbam.txt Administrator: Yes Version: 2.00.1.1004 Malware Database: v2014.05.14.02 Rootkit Database: v2014.03.27.01 License: Trial Malware Protection: Enabled Malicious Website Protection: Enabled Chameleon: Disabled OS: Windows 7 Service Pack 1 CPU: x86 File System: NTFS User: Jan Scan Type: Threat Scan Result: Completed Objects Scanned: 240744 Time Elapsed: 1 hr, 3 min, 10 sec Memory: Enabled Startup: Enabled Filesystem: Enabled Archives: Enabled Rootkits: Disabled Shuriken: Enabled PUP: Enabled PUM: Enabled Processes: 0 (No malicious items detected) Modules: 0 (No malicious items detected) Registry Keys: 0 (No malicious items detected) Registry Values: 0 (No malicious items detected) Registry Data: 0 (No malicious items detected) Folders: 0 (No malicious items detected) Files: 0 (No malicious items detected) Physical Sectors: 0 (No malicious items detected) (end) Code:
ATTFilter Malwarebytes Anti-Malware www.malwarebytes.org Scan Date: 15.05.2014 Scan Time: 14:13:48 Logfile: mbam2.txt Administrator: Yes Version: 2.00.1.1004 Malware Database: v2014.05.15.04 Rootkit Database: v2014.03.27.01 License: Trial Malware Protection: Enabled Malicious Website Protection: Enabled Chameleon: Disabled OS: Windows 7 Service Pack 1 CPU: x86 File System: NTFS User: Jan Scan Type: Hyper Scan Result: Completed Objects Scanned: 209344 Time Elapsed: 4 min, 39 sec Memory: Enabled Startup: Enabled Filesystem: Disabled Archives: Enabled Rootkits: Disabled Shuriken: Enabled PUP: Enabled PUM: Enabled Processes: 0 (No malicious items detected) Modules: 0 (No malicious items detected) Registry Keys: 0 (No malicious items detected) Registry Values: 0 (No malicious items detected) Registry Data: 0 (No malicious items detected) Folders: 0 (No malicious items detected) Files: 0 (No malicious items detected) Physical Sectors: 0 (No malicious items detected) (end) Vielen Dank schonmal für Ihre Hilfe. MfG JanR91 Geändert von JanR91 (16.05.2014 um 00:15 Uhr) |
16.05.2014, 06:11 | #2 |
/// the machine /// TB-Ausbilder | Windows 7(32Bit): CPU Auslastung hoch/möglicher Virenbefall hi,
__________________Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster. Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument Code:
ATTFilter ProxyEnable: Internet Explorer proxy is enabled. ProxyServer: http=127.0.0.1:8118;https=127.0.0.1:8118 Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
Scan mit Combofix
__________________ |
16.05.2014, 09:06 | #3 |
| Windows 7(32Bit): CPU Auslastung hoch/möglicher Virenbefall Hey,
__________________danke für die schnelle Antwort! Hier der Fixlog.txt: Code:
ATTFilter Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version:15-05-2014 Ran by Jan at 2014-05-16 09:39:25 Run:1 Running from C:\Users\Jan\Downloads Boot Mode: Normal ============================================== Content of fixlist: ***************** ProxyEnable: Internet Explorer proxy is enabled. ProxyServer: http=127.0.0.1:8118;https=127.0.0.1:8118 ***************** HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable => Value deleted successfully. HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer => Value deleted successfully. ==== End of Fixlog ==== Code:
ATTFilter ComboFix 14-05-16.01 - Jan 16.05.2014 9:45.1.2 - x86 Microsoft Windows 7 Ultimate 6.1.7601.1.1252.49.1031.18.3071.2295 [GMT 2:00] ausgeführt von:: c:\users\Jan\Downloads\ComboFix.exe SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . (((((((((((((((((((((((((((((((((((( Weitere Löschungen )))))))))))))))))))))))))))))))))))))))))))))))) . . c:\users\Jan\AppData\Local\Microsoft\Windows\Temporary Internet Files\{38CEA7EC-5215-4B52-B49A-376550BE024D}.xps c:\windows\MICROSOFT c:\windows\MICROSOFT\SystemUpdatekb70007\Installer.dll c:\windows\MICROSOFT\SystemUpdatekb70007\InstallerLibrary.dll c:\windows\MICROSOFT\SystemUpdatekb70007\Newtonsoft.Json.dll c:\windows\MICROSOFT\SystemUpdatekb70007\SQLite.Interop.dll c:\windows\MICROSOFT\SystemUpdatekb70007\System.Data.SQLite.dll c:\windows\MICROSOFT\SystemUpdatekb70007\win32.reg c:\windows\MICROSOFT\SystemUpdatekb70007\WindowsUpdater.exe c:\windows\wininit.ini G:\autorun.inf . . ((((((((((((((((((((((((((((((((((((((( Treiber/Dienste ))))))))))))))))))))))))))))))))))))))))))))))))) . . -------\Service_SystemUpdatekb70007 -------\Service_SystemUpdatekb70007 . . ((((((((((((((((((((((( Dateien erstellt von 2014-04-16 bis 2014-05-16 )))))))))))))))))))))))))))))) . . 2014-05-16 07:51 . 2014-05-16 07:54 -------- d-----w- c:\users\Jan\AppData\Local\temp 2014-05-16 07:51 . 2014-05-16 07:51 -------- d-----w- c:\users\Default\AppData\Local\temp 2014-05-15 22:30 . 2014-05-16 07:39 -------- d-----w- C:\FRST 2014-05-15 11:59 . 2010-08-30 06:34 536576 ----a-w- c:\windows\system32\sqlite3.dll 2014-05-14 23:36 . 2014-05-06 03:07 2724864 ----a-w- c:\windows\system32\mshtml.tlb 2014-05-14 17:34 . 2014-05-14 17:34 -------- d-----w- c:\program files\Mozilla Maintenance Service 2014-05-14 10:47 . 2014-05-16 07:40 62576 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{BBDC1412-B8F2-4141-8731-3A3837D359D2}\offreg.dll 2014-05-14 10:19 . 2014-05-14 10:19 -------- d-----w- c:\users\Jan\AppData\Roaming\LavasoftStatistics 2014-05-14 09:11 . 2014-05-15 11:55 -------- d-----w- c:\programdata\Spybot - Search & Destroy 2014-05-14 09:11 . 2014-05-15 12:02 -------- d-----w- c:\program files\Spybot - Search & Destroy 2 2014-05-14 09:10 . 2014-05-15 23:15 107736 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys 2014-05-14 09:08 . 2014-05-15 11:43 -------- d-----w- c:\program files\Lavasoft 2014-05-14 09:06 . 2014-05-14 09:06 -------- d-----w- c:\programdata\Malwarebytes 2014-05-14 09:06 . 2014-04-03 07:51 51416 ----a-w- c:\windows\system32\drivers\mwac.sys 2014-05-14 09:06 . 2014-04-03 07:51 73432 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys 2014-05-14 09:06 . 2014-04-03 07:50 23256 ----a-w- c:\windows\system32\drivers\mbam.sys 2014-05-14 09:03 . 2014-05-14 09:03 -------- d-----w- c:\programdata\Lavasoft 2014-05-13 20:55 . 2014-05-13 20:55 -------- d-sh--w- c:\users\Jan\AppData\Local\EmieUserList 2014-05-13 20:55 . 2014-05-13 20:55 -------- d-sh--w- c:\users\Jan\AppData\Local\EmieSiteList 2014-05-13 20:53 . 2014-05-13 20:53 -------- d-----w- c:\program files\MSR 2014-05-13 20:52 . 2014-05-13 20:52 -------- d-----w- c:\users\Jan\AppData\Roaming\InetStat 2014-05-13 20:52 . 2014-05-13 20:52 -------- d-----w- c:\users\Jan\AppData\Roaming\GetPrivate 2014-05-13 20:52 . 2014-05-13 20:52 -------- d-----w- c:\users\Jan\AppData\Roaming\wi_upd 2014-05-13 19:07 . 2014-05-14 10:24 -------- d-----w- c:\users\Jan\AppData\Roaming\uTorrent 2014-05-13 09:06 . 2014-04-17 03:32 8050496 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{BBDC1412-B8F2-4141-8731-3A3837D359D2}\mpengine.dll 2014-05-12 20:50 . 2014-05-12 20:50 -------- d-----w- c:\programdata\ItsMyApp 2014-05-12 20:49 . 2014-05-14 10:25 -------- d-----w- c:\programdata\18be15233c43999c 2014-05-12 20:49 . 2014-05-12 20:49 -------- d-----w- c:\users\Jan\AppData\Local\Google 2014-05-12 20:49 . 2014-05-12 20:49 -------- d-----w- c:\users\Jan\AppData\Local\Comodo 2014-05-12 20:49 . 2014-05-12 20:49 -------- d-----w- c:\users\Jan\AppData\Local\Chromatic Browser 2014-05-12 20:49 . 2014-05-12 20:49 -------- d-----w- c:\users\Gast 2014-05-12 20:49 . 2014-05-12 20:49 -------- d-----w- c:\users\Administrator 2014-05-12 20:49 . 2014-05-12 20:49 -------- d-----w- c:\users\Jan\AppData\Local\Programs 2014-05-12 20:48 . 2014-05-12 20:55 -------- d-----w- c:\programdata\InstallMate 2014-05-06 15:34 . 2014-05-15 11:10 -------- d-s---w- c:\windows\system32\CompatTel 2014-04-26 11:04 . 2014-04-26 11:04 -------- d-----w- c:\program files\Common Files\Adobe . . . (((((((((((((((((((((((((((((((((((( Find3M Bericht )))))))))))))))))))))))))))))))))))))))))))))))))))))) . 2014-05-13 19:08 . 2013-12-06 20:22 70832 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2014-05-13 19:08 . 2013-12-06 20:22 692400 ----a-w- c:\windows\system32\FlashPlayerApp.exe 2014-04-11 19:02 . 2014-04-11 19:02 50728 ----a-w- c:\windows\system32\drivers\vrtaucbl.sys 2014-03-31 07:35 . 2013-12-06 17:22 231584 ------w- c:\windows\system32\MpSigStub.exe . . (((((((((((((((((((((((((((( Autostartpunkte der Registrierung )))))))))))))))))))))))))))))))))))))))) . . *Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. REGEDIT4 . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Nvtmru"="c:\program files\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe" [2013-11-14 1028384] "ShadowPlay"="c:\windows\system32\nvspcap.dll" [2013-12-10 982232] "NvBackend"="c:\program files\NVIDIA Corporation\Update Core\NvBackend.exe" [2013-12-10 2279712] "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-12-21 959904] . [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce] "SPReview"="c:\windows\System32\SPReview\SPReview.exe" [2013-12-08 280576] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) "EnableSecureUIAPath"= 1 (0x1) . R2 MBAMService;MBAMService;g:\jans stuff\ Malwarebytes Anti-Malware \mbamservice.exe [2014-04-03 857912] R3 BEService;BattlEye Service;c:\program files\Common Files\BattlEye\BEService.exe [2013-12-06 49152] R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe [2014-03-06 108032] R3 MBAMWebAccessControl;MBAMWebAccessControl;c:\windows\system32\drivers\mwac.sys [2014-04-03 51416] R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2010-11-20 15872] R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224] R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x] R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x] S2 cvhsvc;Client Virtualization Handler;c:\program files\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2012-02-07 822624] S2 MBAMScheduler;MBAMScheduler;g:\jans stuff\ Malwarebytes Anti-Malware \mbamscheduler.exe [2014-04-03 1809720] S2 NvNetworkService;NVIDIA Network Service;c:\program files\NVIDIA Corporation\NetService\NvNetworkService.exe [2013-12-10 1494304] S2 NvStreamSvc;NVIDIA Streamer Service;c:\program files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [2013-12-10 14658848] S2 sftlist;Application Virtualization Client;c:\program files\Microsoft Application Virtualization Client\sftlist.exe [2011-10-01 508776] S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2013-12-19 411936] S3 EuMusDesignVirtualAudioCableWdm;Virtual Audio Cable (WDM);c:\windows\system32\DRIVERS\vrtaucbl.sys [2014-04-11 50728] S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2014-04-03 23256] S3 netw5v32;Intel(R) Wireless WiFi Link 5000-Serie - Adaptertreiber für Windows Vista 32 Bit;c:\windows\system32\DRIVERS\netw5v32.sys [2009-07-13 4231168] S3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM);c:\windows\system32\drivers\nvvad32v.sys [2013-12-05 34080] S3 RTL8167;Realtek 8167 NT-Treiber;c:\windows\system32\DRIVERS\Rt86win7.sys [2009-07-13 139776] S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfswin7.sys [2011-10-01 581480] S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaywin7.sys [2011-10-01 194408] S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirwin7.sys [2011-10-01 21864] S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvolwin7.sys [2011-10-01 19304] S3 sftvsa;Application Virtualization Service Agent;c:\program files\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-01 219496] . . --- Andere Dienste/Treiber im Speicher --- . *NewlyCreated* - WS2IFSL . Inhalt des "geplante Tasks" Ordners . 2014-05-15 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2013-12-06 19:08] . . ------- Zusätzlicher Suchlauf ------- . uStart Page = about:blank mStart Page = about:blank uInternet Settings,ProxyServer = http=127.0.0.1:8118;https=127.0.0.1:8118 TCP: DhcpNameServer = 192.168.178.1 FF - ProfilePath - c:\users\Jan\AppData\Roaming\Mozilla\Firefox\Profiles\dcuyuvrt.default\ FF - prefs.js: browser.startup.homepage - google.de FF - prefs.js: network.proxy.http - 127.0.0.1 FF - prefs.js: network.proxy.http_port - 8118 FF - prefs.js: network.proxy.ssl - 127.0.0.1 FF - prefs.js: network.proxy.ssl_port - 8118 FF - prefs.js: network.proxy.type - 1 . . --------------------- Gesperrte Registrierungsschluessel --------------------- . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 "MSCurrentCountry"=dword:000000b5 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . ------------------------ Weitere laufende Prozesse ------------------------ . c:\windows\system32\nvvsvc.exe c:\program files\NVIDIA Corporation\Display\nvxdsync.exe c:\windows\system32\nvvsvc.exe c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe c:\windows\system32\conhost.exe c:\windows\system32\taskhost.exe c:\users\Jan\AppData\Roaming\InetStat\inetstat.exe c:\windows\System32\rundll32.exe c:\windows\System32\WUDFHost.exe c:\windows\system32\conhost.exe c:\program files\NVIDIA Corporation\Display\nvtray.exe c:\program files\Windows Media Player\wmpnetwk.exe c:\windows\system32\sppsvc.exe . ************************************************************************** . Zeit der Fertigstellung: 2014-05-16 09:57:31 - PC wurde neu gestartet ComboFix-quarantined-files.txt 2014-05-16 07:57 . Vor Suchlauf: 9 Verzeichnis(se), 26.221.416.448 Bytes frei Nach Suchlauf: 14 Verzeichnis(se), 26.011.750.400 Bytes frei . - - End Of File - - 0253FFA8CABAFF294B2627DE2B1393C1 A36C5E4F47E84449FF07ED3517B43A31 dass ich meinen Firefox Mozilla Browser nicht benutzen kann. Folgende Meldung: Fehler: "Proxy-Server verweigert die Verbindung Firefox wurde konfiguriert, einen Proxy-Server zu nutzen, der die Verbindung zurückweist." Gruß JanR91 |
17.05.2014, 13:01 | #4 |
/// the machine /// TB-Ausbilder | Windows 7(32Bit): CPU Auslastung hoch/möglicher Virenbefall Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster. Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument Code:
ATTFilter FF NetworkProxy: "http", "127.0.0.1" FF NetworkProxy: "http_port", 8118 FF NetworkProxy: "ssl", "127.0.0.1" FF NetworkProxy: "ssl_port", 8118 FF NetworkProxy: "type", 1 Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
Downloade Dir bitte Malwarebytes Anti-Malware
Downloade Dir bitte AdwCleaner auf deinen Desktop.
Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
und ein frisches FRST log bitte.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
17.05.2014, 13:38 | #5 |
| Windows 7(32Bit): CPU Auslastung hoch/möglicher Virenbefall Hallo, Fixlog.txt: Code:
ATTFilter Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version:15-05-2014 Ran by Jan at 2014-05-17 14:04:49 Run:2 Running from C:\Users\Jan\Desktop Boot Mode: Normal ============================================== Content of fixlist: ***************** FF NetworkProxy: "http", "127.0.0.1" FF NetworkProxy: "http_port", 8118 FF NetworkProxy: "ssl", "127.0.0.1" FF NetworkProxy: "ssl_port", 8118 FF NetworkProxy: "type", 1 ***************** Firefox Proxy settings were reset. Firefox Proxy settings were reset. Firefox Proxy settings were reset. Firefox Proxy settings were reset. Firefox Proxy settings were reset. ==== End of Fixlog ==== Code:
ATTFilter Malwarebytes Anti-Malware www.malwarebytes.org Suchlauf Datum: 17.05.2014 Suchlauf-Zeit: 14:16:42 Logdatei: mbam.txt Administrator: Ja Version: 2.00.1.1004 Malware Datenbank: v2014.05.17.05 Rootkit Datenbank: v2014.03.27.01 Lizenz: Testversion Malware Schutz: Aktiviert Bösartiger Webseiten Schutz: Aktiviert Chameleon: Deaktiviert Betriebssystem: Windows 7 Service Pack 1 CPU: x86 Dateisystem: NTFS Benutzer: Jan Suchlauf-Art: Bedrohungs-Suchlauf Ergebnis: Abgeschlossen Durchsuchte Objekte: 259158 Verstrichene Zeit: 10 Min, 39 Sek Speicher: Aktiviert Autostart: Aktiviert Dateisystem: Aktiviert Archive: Aktiviert Rootkits: Deaktiviert Shuriken: Aktiviert PUP: Aktiviert PUM: Aktiviert Prozesse: 0 (No malicious items detected) Module: 0 (No malicious items detected) Registrierungsschlüssel: 0 (No malicious items detected) Registrierungswerte: 0 (No malicious items detected) Registrierungsdaten: 0 (No malicious items detected) Ordner: 0 (No malicious items detected) Dateien: 0 (No malicious items detected) Physische Sektoren: 0 (No malicious items detected) (end) Code:
ATTFilter # AdwCleaner v3.208 - Bericht erstellt am 17/05/2014 um 14:20:34 # Aktualisiert 11/05/2014 von Xplode # Betriebssystem : Windows 7 Ultimate Service Pack 1 (32 bits) # Benutzername : Jan - JAN-PC # Gestartet von : C:\Users\Jan\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\KT92EIP2\adwcleaner_3.208.exe # Option : Löschen ***** [ Dienste ] ***** ***** [ Dateien / Ordner ] ***** ***** [ Verknüpfungen ] ***** ***** [ Registrierungsdatenbank ] ***** ***** [ Browser ] ***** -\\ Internet Explorer v11.0.9600.17041 -\\ Mozilla Firefox v29.0.1 (de) [ Datei : C:\Users\Jan\AppData\Roaming\Mozilla\Firefox\Profiles\dcuyuvrt.default\prefs.js ] -\\ Google Chrome v ************************* AdwCleaner[R0].txt - [892 octets] - [17/05/2014 14:21:03] AdwCleaner[S0].txt - [814 octets] - [17/05/2014 14:21:34] ########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [873 octets] ########## Code:
ATTFilter ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Junkware Removal Tool (JRT) by Thisisu Version: 6.1.3 (03.23.2014:1) OS: Windows 7 Ultimate x86 Ran by Jan on 17.05.2014 at 14:28:45,70 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~ Services ~~~ Registry Values ~~~ Registry Keys ~~~ Files ~~~ Folders ~~~ Event Viewer Logs were cleared ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Scan was completed on 17.05.2014 at 14:30:47,98 Computer was rebooted End of JRT log ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:15-05-2014 Ran by Jan (administrator) on JAN-PC on 17-05-2014 14:37:04 Running from C:\Users\Jan\Desktop Platform: Microsoft Windows 7 Ultimate Service Pack 1 (X86) OS Language: German Standard Internet Explorer Version 11 Boot Mode: Normal ==================== Processes (Whitelisted) ================= (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (Malwarebytes Corporation) C:\Program Files\ Malwarebytes Anti-Malware \mbamscheduler.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Update Core\NvBackend.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NetService\NvNetworkService.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe () C:\Users\Jan\AppData\Roaming\InetStat\inetstat.exe (Microsoft Corporation) C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation) C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe (Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE (Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) C:\Windows\System32\MsSpellCheckingFacility.exe (Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe ==================== Registry (Whitelisted) ================== HKLM\...\Run: [Nvtmru] => C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe [1028384 2013-11-14] (NVIDIA Corporation) HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\nvspcap.dll [982232 2013-12-10] (NVIDIA Corporation) HKLM\...\Run: [NvBackend] => C:\Program Files\NVIDIA Corporation\Update Core\NvBackend.exe [2279712 2013-12-10] (NVIDIA Corporation) HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-12-21] (Adobe Systems Incorporated) HKU\.DEFAULT\...\RunOnce: [SPReview] - C:\Windows\System32\SPReview\SPReview.exe [280576 2013-12-09] (Microsoft Corporation) GroupPolicy: Group Policy on Chrome detected <======= ATTENTION ==================== Internet (Whitelisted) ==================== ProxyServer: http=127.0.0.1:8118;https=127.0.0.1:8118 HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank SearchScopes: HKLM - DefaultScope value is missing. Tcpip\Parameters: [DhcpNameServer] 192.168.178.1 FireFox: ======== FF ProfilePath: C:\Users\Jan\AppData\Roaming\Mozilla\Firefox\Profiles\dcuyuvrt.default FF Homepage: google.de FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_13_0_0_214.dll () FF Plugin: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~1\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF Plugin: @nvidia.com/3DVision - C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation) FF Plugin: @nvidia.com/3DVisionStreaming - C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation) FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\amazondotcom-de.xml FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\eBay-de.xml FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\leo_ende_de.xml FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\yahoo-de.xml FF HKCU\...\Firefox\Extensions: [{B9CAB6E3-383E-2705-9275-E9FFFCD2C970}] - C:\Program Files\BlockAndSurf-soft\161.xpi ========================== Services (Whitelisted) ================= S3 BEService; C:\Program Files\Common Files\BattlEye\BEService.exe [49152 2013-12-06] () R2 MBAMScheduler; C:\Program Files\ Malwarebytes Anti-Malware \mbamscheduler.exe [1809720 2014-04-03] (Malwarebytes Corporation) S2 MBAMService; C:\Program Files\ Malwarebytes Anti-Malware \mbamservice.exe [857912 2014-04-03] (Malwarebytes Corporation) R2 NvNetworkService; C:\Program Files\NVIDIA Corporation\NetService\NvNetworkService.exe [1494304 2013-12-10] (NVIDIA Corporation) R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [14658848 2013-12-10] (NVIDIA Corporation) ==================== Drivers (Whitelisted) ==================== R3 EuMusDesignVirtualAudioCableWdm; C:\Windows\System32\DRIVERS\vrtaucbl.sys [50728 2014-04-11] (Eugene V. Muzychenko) R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [23256 2014-04-03] (Malwarebytes Corporation) S3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [107736 2014-05-17] (Malwarebytes Corporation) S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [51416 2014-04-03] (Malwarebytes Corporation) R3 MTsensor; C:\Windows\System32\DRIVERS\ATKACPI.sys [7680 2007-07-31] (ATK0100) R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad32v.sys [34080 2013-12-05] (NVIDIA Corporation) R3 Sftfs; C:\Windows\System32\DRIVERS\Sftfswin7.sys [581480 2011-10-01] (Microsoft Corporation) R3 Sftplay; C:\Windows\System32\DRIVERS\Sftplaywin7.sys [194408 2011-10-01] (Microsoft Corporation) R3 Sftredir; C:\Windows\System32\DRIVERS\Sftredirwin7.sys [21864 2011-10-01] (Microsoft Corporation) R3 Sftvol; C:\Windows\System32\DRIVERS\Sftvolwin7.sys [19304 2011-10-01] (Microsoft Corporation) S3 catchme; \??\C:\Users\Jan\AppData\Local\Temp\catchme.sys [X] S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X] S3 tsusbhub; system32\drivers\tsusbhub.sys [X] S3 VGPU; System32\drivers\rdvgkmd.sys [X] U5 VWiFiFlt; C:\Windows\System32\Drivers\VWiFiFlt.sys [48128 2009-07-14] (Microsoft Corporation) ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2014-05-17 14:30 - 2014-05-17 14:30 - 00000642 _____ () C:\Users\Jan\Desktop\JRT.txt 2014-05-17 14:19 - 2014-05-17 14:19 - 00000000 ____D () C:\Program Files\Common Files\Lavasoft 2014-05-16 20:08 - 2014-05-16 20:21 - 00000000 ____D () C:\Program Files\Google 2014-05-16 17:11 - 2014-05-17 14:37 - 00006881 _____ () C:\Users\Jan\Desktop\FRST.txt 2014-05-16 17:00 - 2014-05-16 17:00 - 00000000 ____D () C:\Windows\ERUNT 2014-05-16 16:57 - 2014-05-16 16:57 - 01016261 _____ (Thisisu) C:\Users\Jan\Desktop\JRT.exe 2014-05-16 16:46 - 2014-05-16 16:46 - 00000952 _____ () C:\Users\Jan\Desktop\AdwCleaner[S0].txt 2014-05-16 16:42 - 2014-05-17 14:21 - 00000000 ____D () C:\AdwCleaner 2014-05-16 16:41 - 2014-05-17 14:17 - 00001147 _____ () C:\Users\Jan\Desktop\mbam.txt 2014-05-16 16:28 - 2014-05-16 16:28 - 00001060 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk 2014-05-16 16:28 - 2014-05-16 16:28 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 2014-05-16 16:28 - 2014-05-16 16:28 - 00000000 ____D () C:\Program Files\ Malwarebytes Anti-Malware 2014-05-16 16:28 - 2014-04-03 09:51 - 00073432 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys 2014-05-16 16:28 - 2014-04-03 09:51 - 00051416 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys 2014-05-16 16:28 - 2014-04-03 09:50 - 00023256 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys 2014-05-16 09:57 - 2014-05-16 09:57 - 00011190 _____ () C:\ComboFix.txt 2014-05-16 09:44 - 2014-05-16 09:57 - 00000000 ____D () C:\Qoobox 2014-05-16 09:44 - 2014-05-16 09:57 - 00000000 ____D () C:\ComboFix 2014-05-16 09:44 - 2014-05-16 09:56 - 00000000 ____D () C:\Windows\erdnt 2014-05-16 09:44 - 2011-06-26 08:45 - 00256000 _____ () C:\Windows\PEV.exe 2014-05-16 09:44 - 2010-11-07 19:20 - 00208896 _____ () C:\Windows\MBR.exe 2014-05-16 09:44 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe 2014-05-16 09:44 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe 2014-05-16 09:44 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe 2014-05-16 09:44 - 2000-08-31 02:00 - 00098816 _____ () C:\Windows\sed.exe 2014-05-16 09:44 - 2000-08-31 02:00 - 00080412 _____ () C:\Windows\grep.exe 2014-05-16 09:44 - 2000-08-31 02:00 - 00068096 _____ () C:\Windows\zip.exe 2014-05-16 09:40 - 2014-05-16 09:41 - 05200990 ____R (Swearware) C:\Users\Jan\Downloads\ComboFix.exe 2014-05-16 00:42 - 2014-05-16 00:42 - 00023769 _____ () C:\Users\Jan\Desktop\Gmer.log 2014-05-16 00:31 - 2014-05-16 00:32 - 00020084 _____ () C:\Users\Jan\Downloads\Addition.txt 2014-05-16 00:30 - 2014-05-17 14:37 - 00000000 ____D () C:\FRST 2014-05-16 00:30 - 2014-05-16 00:32 - 00030016 _____ () C:\Users\Jan\Downloads\FRST.txt 2014-05-16 00:29 - 2014-05-16 00:29 - 00000468 _____ () C:\Users\Jan\Downloads\defogger_disable.log 2014-05-16 00:29 - 2014-05-16 00:29 - 00000000 _____ () C:\Users\Jan\defogger_reenable 2014-05-16 00:27 - 2014-05-16 00:27 - 01056768 _____ (Farbar) C:\Users\Jan\Desktop\FRST.exe 2014-05-16 00:27 - 2014-05-16 00:27 - 00380416 _____ () C:\Users\Jan\Downloads\Gmer-19357.exe 2014-05-16 00:26 - 2014-05-16 00:26 - 00050477 _____ () C:\Users\Jan\Downloads\Defogger.exe 2014-05-15 14:21 - 2014-05-15 14:21 - 00000498 _____ () C:\DelFix.txt 2014-05-15 13:59 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\Windows\system32\sqlite3.dll 2014-05-15 13:40 - 2014-05-15 13:40 - 00000000 ____D () C:\Users\Jan\Documents\ProcAlyzer Dumps 2014-05-15 01:36 - 2014-05-06 05:25 - 17382912 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2014-05-15 01:36 - 2014-05-06 05:07 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2014-05-15 01:36 - 2014-05-06 04:10 - 00069632 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll 2014-05-14 20:04 - 2014-05-14 20:04 - 00000199 _____ () C:\Users\Jan\Desktop\Counter-Strike Global Offensive.url 2014-05-14 19:34 - 2014-05-14 19:34 - 00001117 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk 2014-05-14 19:34 - 2014-05-14 19:34 - 00001105 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk 2014-05-14 19:34 - 2014-05-14 19:34 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service 2014-05-14 12:19 - 2014-05-14 12:19 - 00000000 ____D () C:\Users\Jan\AppData\Roaming\LavasoftStatistics 2014-05-14 11:11 - 2014-05-15 14:02 - 00000000 ____D () C:\Program Files\Spybot - Search & Destroy 2 2014-05-14 11:11 - 2014-05-15 13:55 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy 2014-05-14 11:10 - 2014-05-17 12:54 - 00107736 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2014-05-14 11:08 - 2014-05-15 13:43 - 00000000 ____D () C:\Program Files\Lavasoft 2014-05-14 11:06 - 2014-05-14 11:06 - 00000000 ____D () C:\ProgramData\Malwarebytes 2014-05-14 11:04 - 2014-05-14 11:04 - 46392680 _____ (Safer-Networking Ltd. ) C:\Users\Jan\Downloads\spybot-2.3.exe 2014-05-14 11:03 - 2014-05-14 11:03 - 17305616 _____ (Malwarebytes Corporation ) C:\Users\Jan\Downloads\mbam-setup-2.0.1.1004.exe 2014-05-14 11:03 - 2014-05-14 11:03 - 00000000 ____D () C:\ProgramData\Lavasoft 2014-05-14 09:26 - 2014-05-09 09:06 - 00369664 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll 2014-05-14 09:26 - 2014-05-09 09:04 - 00302592 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll 2014-05-14 09:26 - 2014-04-12 04:15 - 00136640 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys 2014-05-14 09:26 - 2014-04-12 04:15 - 00067520 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys 2014-05-14 09:26 - 2014-04-12 04:12 - 00100352 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll 2014-05-14 09:26 - 2014-04-12 04:12 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll 2014-05-14 09:26 - 2014-04-12 04:12 - 00015872 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll 2014-05-14 09:26 - 2014-04-12 04:11 - 01059840 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll 2014-05-14 09:26 - 2014-04-12 04:11 - 00022528 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe 2014-05-14 09:26 - 2014-03-25 04:09 - 12874240 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll 2014-05-14 09:26 - 2014-03-04 11:20 - 03969984 _____ (Microsoft Corporation) C:\Windows\system32\ntkrnlpa.exe 2014-05-14 09:26 - 2014-03-04 11:20 - 03914176 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe 2014-05-14 09:26 - 2014-03-04 11:17 - 00550912 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll 2014-05-14 09:26 - 2014-03-04 11:17 - 00538112 _____ (Microsoft Corporation) C:\Windows\system32\objsel.dll 2014-05-14 09:26 - 2014-03-04 11:17 - 00304128 _____ (Microsoft Corporation) C:\Windows\system32\winlogon.exe 2014-05-14 09:26 - 2014-03-04 11:17 - 00293376 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll 2014-05-14 09:26 - 2014-03-04 11:17 - 00259584 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll 2014-05-14 09:26 - 2014-03-04 11:17 - 00247808 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll 2014-05-14 09:26 - 2014-03-04 11:17 - 00172032 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll 2014-05-14 09:26 - 2014-03-04 11:17 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll 2014-05-14 09:26 - 2014-03-04 11:17 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\cngprovider.dll 2014-05-14 09:26 - 2014-03-04 11:17 - 00049664 _____ (Microsoft Corporation) C:\Windows\system32\adprovider.dll 2014-05-14 09:26 - 2014-03-04 11:17 - 00048128 _____ (Microsoft Corporation) C:\Windows\system32\capiprovider.dll 2014-05-14 09:26 - 2014-03-04 11:17 - 00047616 _____ (Microsoft Corporation) C:\Windows\system32\dpapiprovider.dll 2014-05-14 09:26 - 2014-03-04 11:17 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\dimsroam.dll 2014-05-14 09:26 - 2014-03-04 11:17 - 00035328 _____ (Microsoft Corporation) C:\Windows\system32\wincredprovider.dll 2014-05-14 09:26 - 2014-03-04 11:17 - 00017408 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll 2014-05-13 22:55 - 2014-05-13 22:55 - 00000000 __SHD () C:\Users\Jan\AppData\Local\EmieUserList 2014-05-13 22:55 - 2014-05-13 22:55 - 00000000 __SHD () C:\Users\Jan\AppData\Local\EmieSiteList 2014-05-13 22:53 - 2014-05-13 22:53 - 00000000 ____D () C:\Program Files\MSR 2014-05-13 22:52 - 2014-05-13 22:52 - 00000512 __RSH () C:\ProgramData\ntuser.pol 2014-05-13 22:52 - 2014-05-13 22:52 - 00000000 ____D () C:\Users\Jan\AppData\Roaming\wi_upd 2014-05-13 22:52 - 2014-05-13 22:52 - 00000000 ____D () C:\Users\Jan\AppData\Roaming\InetStat 2014-05-13 22:52 - 2014-05-13 22:52 - 00000000 ____D () C:\Users\Jan\AppData\Roaming\GetPrivate 2014-05-13 22:51 - 2014-05-13 22:51 - 02271256 _____ () C:\Users\Jan\Downloads\Garrys.Mod.v13.06.20-v13.07.05.Update.exe 2014-05-13 22:37 - 2014-05-13 22:37 - 00222184 _____ (Deposit Files) C:\Users\Jan\Downloads\dfdownloader_xMdXQR_.exe 2014-05-13 22:19 - 2014-05-13 22:39 - 1015875267 _____ () C:\Users\Jan\Downloads\CSS_2013_patch_1909615_nosTEAM.exe 2014-05-13 21:19 - 2014-05-13 21:19 - 00222184 _____ (Deposit Files) C:\Users\Jan\Downloads\dfdownloader_luc4Mu_.exe 2014-05-13 21:07 - 2014-05-14 12:24 - 00000000 ____D () C:\Users\Jan\AppData\Roaming\uTorrent 2014-05-13 21:06 - 2014-05-13 21:06 - 01670992 _____ (BitTorrent Inc.) C:\Users\Jan\Downloads\uTorrent_3.4.1_31139.exe 2014-05-13 21:00 - 2014-05-13 21:00 - 00222184 _____ (Deposit Files) C:\Users\Jan\Downloads\dfdownloader_sbRdYx_.exe 2014-05-12 22:50 - 2014-05-12 22:50 - 00000000 ____D () C:\ProgramData\ItsMyApp 2014-05-12 22:49 - 2014-05-16 20:21 - 00000000 ____D () C:\Users\Jan\AppData\Local\Google 2014-05-12 22:49 - 2014-05-14 12:25 - 00000000 ____D () C:\ProgramData\18be15233c43999c 2014-05-12 22:49 - 2014-05-12 22:49 - 00000000 ____D () C:\Users\Jan\AppData\Local\Comodo 2014-05-12 22:49 - 2014-05-12 22:49 - 00000000 ____D () C:\Users\Jan\AppData\Local\Chromatic Browser 2014-05-12 22:49 - 2014-05-12 22:49 - 00000000 ____D () C:\Users\Gast\AppData\Local\Google 2014-05-12 22:49 - 2014-05-12 22:49 - 00000000 ____D () C:\Users\Gast\AppData\Local\Comodo 2014-05-12 22:49 - 2014-05-12 22:49 - 00000000 ____D () C:\Users\Gast\AppData\Local\Chromatic Browser 2014-05-12 22:49 - 2014-05-12 22:49 - 00000000 ____D () C:\Users\Gast 2014-05-12 22:49 - 2014-05-12 22:49 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Google 2014-05-12 22:49 - 2014-05-12 22:49 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Comodo 2014-05-12 22:49 - 2014-05-12 22:49 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Chromatic Browser 2014-05-12 22:49 - 2014-05-12 22:49 - 00000000 ____D () C:\Users\Administrator 2014-05-12 22:48 - 2014-05-12 22:55 - 00000000 ____D () C:\ProgramData\InstallMate 2014-05-12 22:38 - 2014-02-12 22:26 - 00000426 _____ () C:\AVScanner.ini 2014-05-12 22:10 - 2014-05-13 22:46 - 00000000 ____D () C:\Users\Jan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games 2014-05-12 22:07 - 2014-05-12 22:07 - 00000000 ____D () C:\Users\Jan\Documents\230828-672014-dungeon-keeper-2.rar 2014-05-10 17:56 - 2014-05-14 19:34 - 00000000 ____D () C:\Program Files\Mozilla Firefox 2014-05-06 17:34 - 2014-05-15 13:10 - 00000000 ___SD () C:\Windows\system32\CompatTel 2014-05-02 21:03 - 2014-05-02 21:03 - 03441423 _____ () C:\Users\Jan\Downloads\Instalok - Pick Anyone (Jason Derulo - 2014-04-29 18:12 - 2014-03-06 10:31 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll 2014-04-29 18:12 - 2014-03-06 10:02 - 00455168 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll 2014-04-29 18:12 - 2014-03-06 10:02 - 00061952 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll 2014-04-29 18:12 - 2014-03-06 10:01 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll 2014-04-29 18:12 - 2014-03-06 09:47 - 02178048 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2014-04-29 18:12 - 2014-03-06 09:46 - 04254720 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2014-04-29 18:12 - 2014-03-06 09:46 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll 2014-04-29 18:12 - 2014-03-06 09:45 - 00032768 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll 2014-04-29 18:12 - 2014-03-06 09:40 - 00440832 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll 2014-04-29 18:12 - 2014-03-06 09:38 - 00112128 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe 2014-04-29 18:12 - 2014-03-06 09:38 - 00108032 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe 2014-04-29 18:12 - 2014-03-06 09:36 - 00592896 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll 2014-04-29 18:12 - 2014-03-06 09:28 - 00646144 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe 2014-04-29 18:12 - 2014-03-06 09:22 - 00367616 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll 2014-04-29 18:12 - 2014-03-06 09:18 - 00575488 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe 2014-04-29 18:12 - 2014-03-06 09:13 - 00032256 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll 2014-04-29 18:12 - 2014-03-06 09:07 - 00164864 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll 2014-04-29 18:12 - 2014-03-06 09:01 - 00244224 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll 2014-04-29 18:12 - 2014-03-06 08:46 - 00524288 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2014-04-29 18:12 - 2014-03-06 08:40 - 01967104 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl 2014-04-29 18:12 - 2014-03-06 08:36 - 11745792 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2014-04-29 18:12 - 2014-03-06 07:43 - 00704512 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll 2014-04-29 18:12 - 2014-03-06 07:41 - 01789440 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2014-04-29 18:12 - 2014-03-06 07:36 - 01143808 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2014-04-26 13:05 - 2014-05-14 12:24 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk 2014-04-26 13:05 - 2014-04-26 13:05 - 00001993 _____ () C:\Users\Public\Desktop\Adobe Reader XI.lnk 2014-04-26 13:04 - 2014-04-26 13:07 - 00000000 ____D () C:\ProgramData\Adobe 2014-04-26 13:04 - 2014-04-26 13:04 - 00000000 ____D () C:\Program Files\Common Files\Adobe 2014-04-26 13:04 - 2014-04-26 13:04 - 00000000 ____D () C:\Program Files\Adobe 2014-04-18 23:28 - 2014-04-18 23:28 - 04440764 _____ () C:\Users\Jan\Downloads\Pinkzebra ==================== One Month Modified Files and Folders ======= 2014-05-17 14:37 - 2014-05-16 17:11 - 00006881 _____ () C:\Users\Jan\Desktop\FRST.txt 2014-05-17 14:37 - 2014-05-16 00:30 - 00000000 ____D () C:\FRST 2014-05-17 14:35 - 2009-07-14 06:34 - 00014016 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2014-05-17 14:35 - 2009-07-14 06:34 - 00014016 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2014-05-17 14:32 - 2013-12-06 19:08 - 01622164 _____ () C:\Windows\system32\PerfStringBackup.INI 2014-05-17 14:30 - 2014-05-17 14:30 - 00000642 _____ () C:\Users\Jan\Desktop\JRT.txt 2014-05-17 14:28 - 2013-12-06 20:15 - 00000000 ____D () C:\ProgramData\NVIDIA 2014-05-17 14:28 - 2009-07-14 06:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2014-05-17 14:28 - 2009-07-14 06:39 - 00060150 _____ () C:\Windows\setupact.log 2014-05-17 14:26 - 2013-12-06 18:47 - 01335680 _____ () C:\Windows\WindowsUpdate.log 2014-05-17 14:23 - 2013-12-09 17:20 - 00153128 _____ () C:\Windows\PFRO.log 2014-05-17 14:21 - 2014-05-16 16:42 - 00000000 ____D () C:\AdwCleaner 2014-05-17 14:19 - 2014-05-17 14:19 - 00000000 ____D () C:\Program Files\Common Files\Lavasoft 2014-05-17 14:17 - 2014-05-16 16:41 - 00001147 _____ () C:\Users\Jan\Desktop\mbam.txt 2014-05-17 14:08 - 2013-12-06 22:22 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job 2014-05-17 12:59 - 2013-12-13 16:17 - 00000000 ____D () C:\Users\Jan\AppData\Roaming\TS3Client 2014-05-17 12:54 - 2014-05-14 11:10 - 00107736 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2014-05-16 20:22 - 2013-12-06 22:21 - 00000000 ____D () C:\Users\Jan\AppData\Local\Adobe 2014-05-16 20:21 - 2014-05-16 20:08 - 00000000 ____D () C:\Program Files\Google 2014-05-16 20:21 - 2014-05-12 22:49 - 00000000 ____D () C:\Users\Jan\AppData\Local\Google 2014-05-16 20:08 - 2013-12-06 22:22 - 00692400 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe 2014-05-16 20:08 - 2013-12-06 22:22 - 00070832 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl 2014-05-16 17:00 - 2014-05-16 17:00 - 00000000 ____D () C:\Windows\ERUNT 2014-05-16 16:57 - 2014-05-16 16:57 - 01016261 _____ (Thisisu) C:\Users\Jan\Desktop\JRT.exe 2014-05-16 16:46 - 2014-05-16 16:46 - 00000952 _____ () C:\Users\Jan\Desktop\AdwCleaner[S0].txt 2014-05-16 16:46 - 2009-07-14 06:53 - 00032630 _____ () C:\Windows\Tasks\SCHEDLGU.TXT 2014-05-16 16:28 - 2014-05-16 16:28 - 00001060 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk 2014-05-16 16:28 - 2014-05-16 16:28 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 2014-05-16 16:28 - 2014-05-16 16:28 - 00000000 ____D () C:\Program Files\ Malwarebytes Anti-Malware 2014-05-16 09:57 - 2014-05-16 09:57 - 00011190 _____ () C:\ComboFix.txt 2014-05-16 09:57 - 2014-05-16 09:44 - 00000000 ____D () C:\Qoobox 2014-05-16 09:57 - 2014-05-16 09:44 - 00000000 ____D () C:\ComboFix 2014-05-16 09:57 - 2009-07-14 04:37 - 00000000 __RHD () C:\Users\Default 2014-05-16 09:57 - 2009-07-14 04:37 - 00000000 ___RD () C:\Users\Public 2014-05-16 09:56 - 2014-05-16 09:44 - 00000000 ____D () C:\Windows\erdnt 2014-05-16 09:54 - 2009-07-14 04:04 - 00000215 _____ () C:\Windows\system.ini 2014-05-16 09:52 - 2009-07-14 04:03 - 36700160 _____ () C:\Windows\system32\config\SOFTWARE.bak 2014-05-16 09:52 - 2009-07-14 04:03 - 13107200 _____ () C:\Windows\system32\config\SYSTEM.bak 2014-05-16 09:52 - 2009-07-14 04:03 - 00524288 _____ () C:\Windows\system32\config\DEFAULT.bak 2014-05-16 09:52 - 2009-07-14 04:03 - 00262144 _____ () C:\Windows\system32\config\SECURITY.bak 2014-05-16 09:52 - 2009-07-14 04:03 - 00262144 _____ () C:\Windows\system32\config\SAM.bak 2014-05-16 09:41 - 2014-05-16 09:40 - 05200990 ____R (Swearware) C:\Users\Jan\Downloads\ComboFix.exe 2014-05-16 00:42 - 2014-05-16 00:42 - 00023769 _____ () C:\Users\Jan\Desktop\Gmer.log 2014-05-16 00:32 - 2014-05-16 00:31 - 00020084 _____ () C:\Users\Jan\Downloads\Addition.txt 2014-05-16 00:32 - 2014-05-16 00:30 - 00030016 _____ () C:\Users\Jan\Downloads\FRST.txt 2014-05-16 00:29 - 2014-05-16 00:29 - 00000468 _____ () C:\Users\Jan\Downloads\defogger_disable.log 2014-05-16 00:29 - 2014-05-16 00:29 - 00000000 _____ () C:\Users\Jan\defogger_reenable 2014-05-16 00:29 - 2013-12-06 19:26 - 00000000 ____D () C:\Users\Jan 2014-05-16 00:27 - 2014-05-16 00:27 - 01056768 _____ (Farbar) C:\Users\Jan\Desktop\FRST.exe 2014-05-16 00:27 - 2014-05-16 00:27 - 00380416 _____ () C:\Users\Jan\Downloads\Gmer-19357.exe 2014-05-16 00:26 - 2014-05-16 00:26 - 00050477 _____ () C:\Users\Jan\Downloads\Defogger.exe 2014-05-15 14:21 - 2014-05-15 14:21 - 00000498 _____ () C:\DelFix.txt 2014-05-15 14:02 - 2014-05-14 11:11 - 00000000 ____D () C:\Program Files\Spybot - Search & Destroy 2 2014-05-15 14:00 - 2013-12-06 19:27 - 00001144 _____ () C:\Users\Jan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk 2014-05-15 13:55 - 2014-05-14 11:11 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy 2014-05-15 13:43 - 2014-05-14 11:08 - 00000000 ____D () C:\Program Files\Lavasoft 2014-05-15 13:40 - 2014-05-15 13:40 - 00000000 ____D () C:\Users\Jan\Documents\ProcAlyzer Dumps 2014-05-15 13:25 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\Microsoft.NET 2014-05-15 13:10 - 2014-05-06 17:34 - 00000000 ___SD () C:\Windows\system32\CompatTel 2014-05-15 13:10 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\system32\de-DE 2014-05-14 20:04 - 2014-05-14 20:04 - 00000199 _____ () C:\Users\Jan\Desktop\Counter-Strike Global Offensive.url 2014-05-14 19:35 - 2013-12-06 19:36 - 00000000 ____D () C:\Users\Jan\AppData\Roaming\Mozilla 2014-05-14 19:34 - 2014-05-14 19:34 - 00001117 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk 2014-05-14 19:34 - 2014-05-14 19:34 - 00001105 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk 2014-05-14 19:34 - 2014-05-14 19:34 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service 2014-05-14 19:34 - 2014-05-10 17:56 - 00000000 ____D () C:\Program Files\Mozilla Firefox 2014-05-14 12:25 - 2014-05-12 22:49 - 00000000 ____D () C:\ProgramData\18be15233c43999c 2014-05-14 12:24 - 2014-05-13 21:07 - 00000000 ____D () C:\Users\Jan\AppData\Roaming\uTorrent 2014-05-14 12:24 - 2014-04-26 13:05 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk 2014-05-14 12:19 - 2014-05-14 12:19 - 00000000 ____D () C:\Users\Jan\AppData\Roaming\LavasoftStatistics 2014-05-14 11:06 - 2014-05-14 11:06 - 00000000 ____D () C:\ProgramData\Malwarebytes 2014-05-14 11:04 - 2014-05-14 11:04 - 46392680 _____ (Safer-Networking Ltd. ) C:\Users\Jan\Downloads\spybot-2.3.exe 2014-05-14 11:03 - 2014-05-14 11:03 - 17305616 _____ (Malwarebytes Corporation ) C:\Users\Jan\Downloads\mbam-setup-2.0.1.1004.exe 2014-05-14 11:03 - 2014-05-14 11:03 - 00000000 ____D () C:\ProgramData\Lavasoft 2014-05-13 22:55 - 2014-05-13 22:55 - 00000000 __SHD () C:\Users\Jan\AppData\Local\EmieUserList 2014-05-13 22:55 - 2014-05-13 22:55 - 00000000 __SHD () C:\Users\Jan\AppData\Local\EmieSiteList 2014-05-13 22:53 - 2014-05-13 22:53 - 00000000 ____D () C:\Program Files\MSR 2014-05-13 22:52 - 2014-05-13 22:52 - 00000512 __RSH () C:\ProgramData\ntuser.pol 2014-05-13 22:52 - 2014-05-13 22:52 - 00000000 ____D () C:\Users\Jan\AppData\Roaming\wi_upd 2014-05-13 22:52 - 2014-05-13 22:52 - 00000000 ____D () C:\Users\Jan\AppData\Roaming\InetStat 2014-05-13 22:52 - 2014-05-13 22:52 - 00000000 ____D () C:\Users\Jan\AppData\Roaming\GetPrivate 2014-05-13 22:52 - 2009-07-14 04:37 - 00000000 ___HD () C:\Windows\system32\GroupPolicy 2014-05-13 22:51 - 2014-05-13 22:51 - 02271256 _____ () C:\Users\Jan\Downloads\Garrys.Mod.v13.06.20-v13.07.05.Update.exe 2014-05-13 22:46 - 2014-05-12 22:10 - 00000000 ____D () C:\Users\Jan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games 2014-05-13 22:39 - 2014-05-13 22:19 - 1015875267 _____ () C:\Users\Jan\Downloads\CSS_2013_patch_1909615_nosTEAM.exe 2014-05-13 22:37 - 2014-05-13 22:37 - 00222184 _____ (Deposit Files) C:\Users\Jan\Downloads\dfdownloader_xMdXQR_.exe 2014-05-13 21:19 - 2014-05-13 21:19 - 00222184 _____ (Deposit Files) C:\Users\Jan\Downloads\dfdownloader_luc4Mu_.exe 2014-05-13 21:06 - 2014-05-13 21:06 - 01670992 _____ (BitTorrent Inc.) C:\Users\Jan\Downloads\uTorrent_3.4.1_31139.exe 2014-05-13 21:00 - 2014-05-13 21:00 - 00222184 _____ (Deposit Files) C:\Users\Jan\Downloads\dfdownloader_sbRdYx_.exe 2014-05-12 23:14 - 2013-12-06 19:31 - 00000000 ____D () C:\Program Files\Common Files\Steam 2014-05-12 22:55 - 2014-05-12 22:48 - 00000000 ____D () C:\ProgramData\InstallMate 2014-05-12 22:50 - 2014-05-12 22:50 - 00000000 ____D () C:\ProgramData\ItsMyApp 2014-05-12 22:49 - 2014-05-12 22:49 - 00000000 ____D () C:\Users\Jan\AppData\Local\Comodo 2014-05-12 22:49 - 2014-05-12 22:49 - 00000000 ____D () C:\Users\Jan\AppData\Local\Chromatic Browser 2014-05-12 22:49 - 2014-05-12 22:49 - 00000000 ____D () C:\Users\Gast\AppData\Local\Google 2014-05-12 22:49 - 2014-05-12 22:49 - 00000000 ____D () C:\Users\Gast\AppData\Local\Comodo 2014-05-12 22:49 - 2014-05-12 22:49 - 00000000 ____D () C:\Users\Gast\AppData\Local\Chromatic Browser 2014-05-12 22:49 - 2014-05-12 22:49 - 00000000 ____D () C:\Users\Gast 2014-05-12 22:49 - 2014-05-12 22:49 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Google 2014-05-12 22:49 - 2014-05-12 22:49 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Comodo 2014-05-12 22:49 - 2014-05-12 22:49 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Chromatic Browser 2014-05-12 22:49 - 2014-05-12 22:49 - 00000000 ____D () C:\Users\Administrator 2014-05-12 22:20 - 2013-12-06 19:27 - 00000000 ____D () C:\Users\Jan\AppData\Local\VirtualStore 2014-05-12 22:07 - 2014-05-12 22:07 - 00000000 ____D () C:\Users\Jan\Documents\230828-672014-dungeon-keeper-2.rar 2014-05-09 09:06 - 2014-05-14 09:26 - 00369664 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll 2014-05-09 09:04 - 2014-05-14 09:26 - 00302592 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll 2014-05-08 16:12 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\rescache 2014-05-06 05:25 - 2014-05-15 01:36 - 17382912 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2014-05-06 05:07 - 2014-05-15 01:36 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2014-05-06 04:10 - 2014-05-15 01:36 - 00069632 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll 2014-05-02 21:03 - 2014-05-02 21:03 - 03441423 _____ () C:\Users\Jan\Downloads\Instalok - Pick Anyone (Jason Derulo - 2014-04-26 13:07 - 2014-04-26 13:04 - 00000000 ____D () C:\ProgramData\Adobe 2014-04-26 13:06 - 2013-12-06 20:53 - 00000000 ____D () C:\Users\Jan\AppData\Roaming\Adobe 2014-04-26 13:05 - 2014-04-26 13:05 - 00001993 _____ () C:\Users\Public\Desktop\Adobe Reader XI.lnk 2014-04-26 13:04 - 2014-04-26 13:04 - 00000000 ____D () C:\Program Files\Common Files\Adobe 2014-04-26 13:04 - 2014-04-26 13:04 - 00000000 ____D () C:\Program Files\Adobe 2014-04-18 23:28 - 2014-04-18 23:28 - 04440764 _____ () C:\Users\Jan\Downloads\Pinkzebra Some content of TEMP: ==================== C:\Users\Jan\AppData\Local\temp\Quarantine.exe ==================== Bamital & volsnap Check ================= C:\Windows\explorer.exe => MD5 is legit C:\Windows\system32\winlogon.exe [2014-05-14 09:26] - [2014-03-04 11:17] - 0304128 ____A (Microsoft Corporation) 998507B046BA314CE8245364C686FA67 C:\Windows\system32\wininit.exe => MD5 is legit C:\Windows\system32\svchost.exe => MD5 is legit C:\Windows\system32\services.exe => MD5 is legit C:\Windows\system32\User32.dll => MD5 is legit C:\Windows\system32\userinit.exe => MD5 is legit C:\Windows\system32\rpcss.dll => MD5 is legit C:\Windows\system32\Drivers\volsnap.sys => MD5 is legit LastRegBack: 2014-05-09 11:39 ==================== End Of Log ============================ --- --- --- Edit: Firefox funktioniert wieder |
18.05.2014, 12:19 | #6 |
/// the machine /// TB-Ausbilder | Windows 7(32Bit): CPU Auslastung hoch/möglicher VirenbefallESET Online Scanner
Downloade Dir bitte SecurityCheck und:
und ein frisches FRST log bitte. Noch Probleme?
__________________ --> Windows 7(32Bit): CPU Auslastung hoch/möglicher Virenbefall |
18.05.2014, 16:49 | #7 |
| Windows 7(32Bit): CPU Auslastung hoch/möglicher Virenbefall Hey! Toll das du auch am Wochenende deine freie Zeit für mich opferst Hier der ESET LOG: Code:
ATTFilter ESETSmartInstaller@High as downloader log: all ok # version=8 # OnlineScannerApp.exe=1.0.0.1 # OnlineScanner.ocx=1.0.0.6920 # api_version=3.0.2 # EOSSerial=ed0f339d01b1ab439f245210173e4ddd # engine=18312 # end=finished # remove_checked=true # archives_checked=true # unwanted_checked=true # unsafe_checked=false # antistealth_checked=true # utc_time=2014-05-18 03:38:08 # local_time=2014-05-18 05:38:08 (+0100, Mitteleuropäische Sommerzeit) # country="Germany" # lang=1031 # osver=6.1.7601 NT Service Pack 1 # compatibility_mode=5893 16776573 100 94 9704 152058679 0 0 # scanned=284283 # found=129 # cleaned=16 # scan_time=7654 sh=845D7CF435FF3AD33D4115C9B07812057F4E85A4 ft=1 fh=c71c001198f425ea vn="Win32/InstalleRex.M evtl. unerwünschte Anwendung" ac=I fn="C:\Users\All Users\InstallMate\{91CE17C6-0BBC-45B9-A752-439E4A2D3530}\Custom.dll" sh=845D7CF435FF3AD33D4115C9B07812057F4E85A4 ft=1 fh=c71c001198f425ea vn="Win32/InstalleRex.M evtl. unerwünschte Anwendung" ac=I fn="C:\Users\All Users\InstallMate\{991BEE4F-AC45-4282-A069-E46742F8CCB9}\Custom.dll" sh=B0D85EDF582218EBB796FB32312373D5E6DE1544 ft=1 fh=a34b592311cfac50 vn="Variante von Win32/OutBrowse.D evtl. unerwünschte Anwendung" ac=I fn="C:\Windows.old\Documents and Settings\Jan\AppData\Local\Anwendungsdaten\Temporary Internet Files\Content.IE5\3URR0SX9\Firefox[1].exe" sh=4694D99C352228A6DA9ACA394DDD481341DDF958 ft=1 fh=fe9c9d8c9ed8715f vn="Variante von Win32/AdWare.PricePeep.B Anwendung" ac=I fn="C:\Windows.old\Documents and Settings\Jan\AppData\Local\Anwendungsdaten\Temporary Internet Files\Content.IE5\3URR0SX9\pricepeep_190001_0102[1].exe" sh=D7147C4872853E85ACFAAE76E4659FDB028558C3 ft=1 fh=567f598fe98638e2 vn="Variante von Win32/Conduit.SearchProtect.H evtl. unerwünschte Anwendung" ac=I fn="C:\Windows.old\Documents and Settings\Jan\AppData\Local\Anwendungsdaten\Temporary Internet Files\Content.IE5\JD8J1GAT\SPSetup[1].exe" sh=8EA6C0FFF54649544B8515FCA1F99B6A79DBAC7C ft=1 fh=ba65856fec32e646 vn="Win32/Wajam.F evtl. unerwünschte Anwendung" ac=I fn="C:\Windows.old\Documents and Settings\Jan\AppData\Local\Anwendungsdaten\Temporary Internet Files\Content.IE5\JD8J1GAT\WajamPreExe[1].exe" sh=DF621B8D09847FEE3632C9271625014F1008D364 ft=1 fh=d2962d1960eca1f8 vn="Win32/OutBrowse.C evtl. unerwünschte Anwendung" ac=I fn="C:\Windows.old\Documents and Settings\Jan\AppData\Local\Anwendungsdaten\Temporary Internet Files\Content.IE5\P1C45P0B\RegCleanSetup10[1].exe" sh=B15DFB2C9F2B951B0E8645A0245BDEA18FFCAF70 ft=1 fh=a81e235c1d12b2fe vn="Variante von Win32/Skintrim.LQ Trojaner" ac=I fn="C:\Windows.old\Documents and Settings\Jan\AppData\Local\Anwendungsdaten\Temporary Internet Files\Content.IE5\T8ADAM1L\download[1].php" sh=25966E80BCA21553D85C688AF739814FBE53C189 ft=1 fh=71d6f87cb60ba875 vn="Variante von Win32/AdWare.Lollipop.T Anwendung" ac=I fn="C:\Windows.old\Documents and Settings\Jan\AppData\Local\Anwendungsdaten\Temporary Internet Files\Content.IE5\T8ADAM1L\LollipopInstaller_14762[1].exe" sh=56111939425FD13EF6450B47F63A508218AE814D ft=1 fh=f3d44f47bb63ae0d vn="Win32/Toolbar.Conduit.R evtl. unerwünschte Anwendung" ac=I fn="C:\Windows.old\Documents and Settings\Jan\AppData\Local\Anwendungsdaten\Temporary Internet Files\Content.IE5\T8ADAM1L\SearchProtectINTSmartInstall[1].exe" sh=1B6E1D103A63DA0FAF484F912897CEDD1A6C17E5 ft=1 fh=3db16538a669c801 vn="Win32/Wajam.B evtl. unerwünschte Anwendung" ac=I fn="C:\Windows.old\Documents and Settings\Jan\AppData\Local\Anwendungsdaten\Temporary Internet Files\Content.IE5\T8ADAM1L\wajam_download[1].exe" sh=47D5D3B815057AD8165B7673F996FEA43D77223C ft=1 fh=a2c89f461ec45c30 vn="Win32/Wajam.D evtl. unerwünschte Anwendung" ac=I fn="C:\Windows.old\Documents and Settings\Jan\AppData\Local\Anwendungsdaten\Temporary Internet Files\Content.IE5\T8ADAM1L\wajam_install[1].exe" sh=B0D85EDF582218EBB796FB32312373D5E6DE1544 ft=1 fh=a34b592311cfac50 vn="Variante von Win32/OutBrowse.D evtl. unerwünschte Anwendung" ac=I fn="C:\Windows.old\Documents and Settings\Jan\AppData\Local\Anwendungsdaten\Temporary Internet Files\Low\Content.IE5\KY6H4LQF\Firefox[1].exe" sh=B0D85EDF582218EBB796FB32312373D5E6DE1544 ft=1 fh=a34b592311cfac50 vn="Variante von Win32/OutBrowse.D evtl. unerwünschte Anwendung" ac=I fn="C:\Windows.old\Documents and Settings\Jan\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3URR0SX9\Firefox[1].exe" sh=4694D99C352228A6DA9ACA394DDD481341DDF958 ft=1 fh=fe9c9d8c9ed8715f vn="Variante von Win32/AdWare.PricePeep.B Anwendung" ac=I fn="C:\Windows.old\Documents and Settings\Jan\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3URR0SX9\pricepeep_190001_0102[1].exe" sh=D7147C4872853E85ACFAAE76E4659FDB028558C3 ft=1 fh=567f598fe98638e2 vn="Variante von Win32/Conduit.SearchProtect.H evtl. unerwünschte Anwendung" ac=I fn="C:\Windows.old\Documents and Settings\Jan\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JD8J1GAT\SPSetup[1].exe" sh=8EA6C0FFF54649544B8515FCA1F99B6A79DBAC7C ft=1 fh=ba65856fec32e646 vn="Win32/Wajam.F evtl. unerwünschte Anwendung" ac=I fn="C:\Windows.old\Documents and Settings\Jan\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JD8J1GAT\WajamPreExe[1].exe" sh=DF621B8D09847FEE3632C9271625014F1008D364 ft=1 fh=d2962d1960eca1f8 vn="Win32/OutBrowse.C evtl. unerwünschte Anwendung" ac=I fn="C:\Windows.old\Documents and Settings\Jan\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\P1C45P0B\RegCleanSetup10[1].exe" sh=B15DFB2C9F2B951B0E8645A0245BDEA18FFCAF70 ft=1 fh=a81e235c1d12b2fe vn="Variante von Win32/Skintrim.LQ Trojaner" ac=I fn="C:\Windows.old\Documents and Settings\Jan\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\T8ADAM1L\download[1].php" sh=25966E80BCA21553D85C688AF739814FBE53C189 ft=1 fh=71d6f87cb60ba875 vn="Variante von Win32/AdWare.Lollipop.T Anwendung" ac=I fn="C:\Windows.old\Documents and Settings\Jan\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\T8ADAM1L\LollipopInstaller_14762[1].exe" sh=56111939425FD13EF6450B47F63A508218AE814D ft=1 fh=f3d44f47bb63ae0d vn="Win32/Toolbar.Conduit.R evtl. unerwünschte Anwendung" ac=I fn="C:\Windows.old\Documents and Settings\Jan\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\T8ADAM1L\SearchProtectINTSmartInstall[1].exe" sh=1B6E1D103A63DA0FAF484F912897CEDD1A6C17E5 ft=1 fh=3db16538a669c801 vn="Win32/Wajam.B evtl. unerwünschte Anwendung" ac=I fn="C:\Windows.old\Documents and Settings\Jan\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\T8ADAM1L\wajam_download[1].exe" sh=47D5D3B815057AD8165B7673F996FEA43D77223C ft=1 fh=a2c89f461ec45c30 vn="Win32/Wajam.D evtl. unerwünschte Anwendung" ac=I fn="C:\Windows.old\Documents and Settings\Jan\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\T8ADAM1L\wajam_install[1].exe" sh=B0D85EDF582218EBB796FB32312373D5E6DE1544 ft=1 fh=a34b592311cfac50 vn="Variante von Win32/OutBrowse.D evtl. unerwünschte Anwendung" ac=I fn="C:\Windows.old\Documents and Settings\Jan\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\KY6H4LQF\Firefox[1].exe" sh=0B43CB23E4C3F9EDBD5BB88DA3ADCFB8160F7F35 ft=1 fh=b9146e162819d8ab vn="Variante von Win32/OutBrowse.D evtl. unerwünschte Anwendung" ac=I fn="C:\Windows.old\Documents and Settings\Jan\AppData\Local\Temp\DownloadManager.exe" sh=80F6AE1B640B1DFDD7DAB06027E1DEDCDE60FB56 ft=1 fh=9ac637058aa7bd87 vn="Win32/MyPCBackup.A evtl. unerwünschte Anwendung" ac=I fn="C:\Windows.old\Documents and Settings\Jan\AppData\Local\Temp\RegClean10.exe" sh=C4420C6E94B8CAACCB3811384280D8A93CB0A37D ft=1 fh=25f111c507a31a21 vn="Win32/Toolbar.Conduit.R evtl. unerwünschte Anwendung" ac=I fn="C:\Windows.old\Documents and Settings\Jan\AppData\Local\Temp\SearchProtectINT.exe" sh=B0D85EDF582218EBB796FB32312373D5E6DE1544 ft=1 fh=a34b592311cfac50 vn="Variante von Win32/OutBrowse.D evtl. unerwünschte Anwendung" ac=I fn="C:\Windows.old\Documents and Settings\Jan\AppData\Local\Temporary Internet Files\Content.IE5\3URR0SX9\Firefox[1].exe" sh=4694D99C352228A6DA9ACA394DDD481341DDF958 ft=1 fh=fe9c9d8c9ed8715f vn="Variante von Win32/AdWare.PricePeep.B Anwendung" ac=I fn="C:\Windows.old\Documents and Settings\Jan\AppData\Local\Temporary Internet Files\Content.IE5\3URR0SX9\pricepeep_190001_0102[1].exe" sh=D7147C4872853E85ACFAAE76E4659FDB028558C3 ft=1 fh=567f598fe98638e2 vn="Variante von Win32/Conduit.SearchProtect.H evtl. unerwünschte Anwendung" ac=I fn="C:\Windows.old\Documents and Settings\Jan\AppData\Local\Temporary Internet Files\Content.IE5\JD8J1GAT\SPSetup[1].exe" sh=8EA6C0FFF54649544B8515FCA1F99B6A79DBAC7C ft=1 fh=ba65856fec32e646 vn="Win32/Wajam.F evtl. unerwünschte Anwendung" ac=I fn="C:\Windows.old\Documents and Settings\Jan\AppData\Local\Temporary Internet Files\Content.IE5\JD8J1GAT\WajamPreExe[1].exe" sh=DF621B8D09847FEE3632C9271625014F1008D364 ft=1 fh=d2962d1960eca1f8 vn="Win32/OutBrowse.C evtl. unerwünschte Anwendung" ac=I fn="C:\Windows.old\Documents and Settings\Jan\AppData\Local\Temporary Internet Files\Content.IE5\P1C45P0B\RegCleanSetup10[1].exe" sh=B15DFB2C9F2B951B0E8645A0245BDEA18FFCAF70 ft=1 fh=a81e235c1d12b2fe vn="Variante von Win32/Skintrim.LQ Trojaner" ac=I fn="C:\Windows.old\Documents and Settings\Jan\AppData\Local\Temporary Internet Files\Content.IE5\T8ADAM1L\download[1].php" sh=25966E80BCA21553D85C688AF739814FBE53C189 ft=1 fh=71d6f87cb60ba875 vn="Variante von Win32/AdWare.Lollipop.T Anwendung" ac=I fn="C:\Windows.old\Documents and Settings\Jan\AppData\Local\Temporary Internet Files\Content.IE5\T8ADAM1L\LollipopInstaller_14762[1].exe" sh=56111939425FD13EF6450B47F63A508218AE814D ft=1 fh=f3d44f47bb63ae0d vn="Win32/Toolbar.Conduit.R evtl. unerwünschte Anwendung" ac=I fn="C:\Windows.old\Documents and Settings\Jan\AppData\Local\Temporary Internet Files\Content.IE5\T8ADAM1L\SearchProtectINTSmartInstall[1].exe" sh=1B6E1D103A63DA0FAF484F912897CEDD1A6C17E5 ft=1 fh=3db16538a669c801 vn="Win32/Wajam.B evtl. unerwünschte Anwendung" ac=I fn="C:\Windows.old\Documents and Settings\Jan\AppData\Local\Temporary Internet Files\Content.IE5\T8ADAM1L\wajam_download[1].exe" sh=47D5D3B815057AD8165B7673F996FEA43D77223C ft=1 fh=a2c89f461ec45c30 vn="Win32/Wajam.D evtl. unerwünschte Anwendung" ac=I fn="C:\Windows.old\Documents and Settings\Jan\AppData\Local\Temporary Internet Files\Content.IE5\T8ADAM1L\wajam_install[1].exe" sh=B0D85EDF582218EBB796FB32312373D5E6DE1544 ft=1 fh=a34b592311cfac50 vn="Variante von Win32/OutBrowse.D evtl. unerwünschte Anwendung" ac=I fn="C:\Windows.old\Documents and Settings\Jan\AppData\Local\Temporary Internet Files\Low\Content.IE5\KY6H4LQF\Firefox[1].exe" sh=B0D85EDF582218EBB796FB32312373D5E6DE1544 ft=1 fh=a34b592311cfac50 vn="Variante von Win32/OutBrowse.D evtl. unerwünschte Anwendung" ac=I fn="C:\Windows.old\Documents and Settings\Jan\Lokale Einstellungen\Microsoft\Windows\Temporary Internet Files\Content.IE5\3URR0SX9\Firefox[1].exe" sh=4694D99C352228A6DA9ACA394DDD481341DDF958 ft=1 fh=fe9c9d8c9ed8715f vn="Variante von Win32/AdWare.PricePeep.B Anwendung" ac=I fn="C:\Windows.old\Documents and Settings\Jan\Lokale Einstellungen\Microsoft\Windows\Temporary Internet Files\Content.IE5\3URR0SX9\pricepeep_190001_0102[1].exe" sh=D7147C4872853E85ACFAAE76E4659FDB028558C3 ft=1 fh=567f598fe98638e2 vn="Variante von Win32/Conduit.SearchProtect.H evtl. unerwünschte Anwendung" ac=I fn="C:\Windows.old\Documents and Settings\Jan\Lokale Einstellungen\Microsoft\Windows\Temporary Internet Files\Content.IE5\JD8J1GAT\SPSetup[1].exe" sh=8EA6C0FFF54649544B8515FCA1F99B6A79DBAC7C ft=1 fh=ba65856fec32e646 vn="Win32/Wajam.F evtl. unerwünschte Anwendung" ac=I fn="C:\Windows.old\Documents and Settings\Jan\Lokale Einstellungen\Microsoft\Windows\Temporary Internet Files\Content.IE5\JD8J1GAT\WajamPreExe[1].exe" sh=DF621B8D09847FEE3632C9271625014F1008D364 ft=1 fh=d2962d1960eca1f8 vn="Win32/OutBrowse.C evtl. unerwünschte Anwendung" ac=I fn="C:\Windows.old\Documents and Settings\Jan\Lokale Einstellungen\Microsoft\Windows\Temporary Internet Files\Content.IE5\P1C45P0B\RegCleanSetup10[1].exe" sh=B15DFB2C9F2B951B0E8645A0245BDEA18FFCAF70 ft=1 fh=a81e235c1d12b2fe vn="Variante von Win32/Skintrim.LQ Trojaner" ac=I fn="C:\Windows.old\Documents and Settings\Jan\Lokale Einstellungen\Microsoft\Windows\Temporary Internet Files\Content.IE5\T8ADAM1L\download[1].php" sh=25966E80BCA21553D85C688AF739814FBE53C189 ft=1 fh=71d6f87cb60ba875 vn="Variante von Win32/AdWare.Lollipop.T Anwendung" ac=I fn="C:\Windows.old\Documents and Settings\Jan\Lokale Einstellungen\Microsoft\Windows\Temporary Internet Files\Content.IE5\T8ADAM1L\LollipopInstaller_14762[1].exe" sh=56111939425FD13EF6450B47F63A508218AE814D ft=1 fh=f3d44f47bb63ae0d vn="Win32/Toolbar.Conduit.R evtl. unerwünschte Anwendung" ac=I fn="C:\Windows.old\Documents and Settings\Jan\Lokale Einstellungen\Microsoft\Windows\Temporary Internet Files\Content.IE5\T8ADAM1L\SearchProtectINTSmartInstall[1].exe" sh=1B6E1D103A63DA0FAF484F912897CEDD1A6C17E5 ft=1 fh=3db16538a669c801 vn="Win32/Wajam.B evtl. unerwünschte Anwendung" ac=I fn="C:\Windows.old\Documents and Settings\Jan\Lokale Einstellungen\Microsoft\Windows\Temporary Internet Files\Content.IE5\T8ADAM1L\wajam_download[1].exe" sh=47D5D3B815057AD8165B7673F996FEA43D77223C ft=1 fh=a2c89f461ec45c30 vn="Win32/Wajam.D evtl. unerwünschte Anwendung" ac=I fn="C:\Windows.old\Documents and Settings\Jan\Lokale Einstellungen\Microsoft\Windows\Temporary Internet Files\Content.IE5\T8ADAM1L\wajam_install[1].exe" sh=B0D85EDF582218EBB796FB32312373D5E6DE1544 ft=1 fh=a34b592311cfac50 vn="Variante von Win32/OutBrowse.D evtl. unerwünschte Anwendung" ac=I fn="C:\Windows.old\Documents and Settings\Jan\Lokale Einstellungen\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\KY6H4LQF\Firefox[1].exe" sh=0B43CB23E4C3F9EDBD5BB88DA3ADCFB8160F7F35 ft=1 fh=b9146e162819d8ab vn="Variante von Win32/OutBrowse.D evtl. unerwünschte Anwendung" ac=I fn="C:\Windows.old\Documents and Settings\Jan\Lokale Einstellungen\Temp\DownloadManager.exe" sh=80F6AE1B640B1DFDD7DAB06027E1DEDCDE60FB56 ft=1 fh=9ac637058aa7bd87 vn="Win32/MyPCBackup.A evtl. unerwünschte Anwendung" ac=I fn="C:\Windows.old\Documents and Settings\Jan\Lokale Einstellungen\Temp\RegClean10.exe" sh=C4420C6E94B8CAACCB3811384280D8A93CB0A37D ft=1 fh=25f111c507a31a21 vn="Win32/Toolbar.Conduit.R evtl. unerwünschte Anwendung" ac=I fn="C:\Windows.old\Documents and Settings\Jan\Lokale Einstellungen\Temp\SearchProtectINT.exe" sh=B0D85EDF582218EBB796FB32312373D5E6DE1544 ft=1 fh=a34b592311cfac50 vn="Variante von Win32/OutBrowse.D evtl. unerwünschte Anwendung" ac=I fn="C:\Windows.old\Documents and Settings\Jan\Lokale Einstellungen\Temporary Internet Files\Content.IE5\3URR0SX9\Firefox[1].exe" sh=4694D99C352228A6DA9ACA394DDD481341DDF958 ft=1 fh=fe9c9d8c9ed8715f vn="Variante von Win32/AdWare.PricePeep.B Anwendung" ac=I fn="C:\Windows.old\Documents and Settings\Jan\Lokale Einstellungen\Temporary Internet Files\Content.IE5\3URR0SX9\pricepeep_190001_0102[1].exe" sh=D7147C4872853E85ACFAAE76E4659FDB028558C3 ft=1 fh=567f598fe98638e2 vn="Variante von Win32/Conduit.SearchProtect.H evtl. unerwünschte Anwendung" ac=I fn="C:\Windows.old\Documents and Settings\Jan\Lokale Einstellungen\Temporary Internet Files\Content.IE5\JD8J1GAT\SPSetup[1].exe" sh=8EA6C0FFF54649544B8515FCA1F99B6A79DBAC7C ft=1 fh=ba65856fec32e646 vn="Win32/Wajam.F evtl. unerwünschte Anwendung" ac=I fn="C:\Windows.old\Documents and Settings\Jan\Lokale Einstellungen\Temporary Internet Files\Content.IE5\JD8J1GAT\WajamPreExe[1].exe" sh=DF621B8D09847FEE3632C9271625014F1008D364 ft=1 fh=d2962d1960eca1f8 vn="Win32/OutBrowse.C evtl. unerwünschte Anwendung" ac=I fn="C:\Windows.old\Documents and Settings\Jan\Lokale Einstellungen\Temporary Internet Files\Content.IE5\P1C45P0B\RegCleanSetup10[1].exe" sh=B15DFB2C9F2B951B0E8645A0245BDEA18FFCAF70 ft=1 fh=a81e235c1d12b2fe vn="Variante von Win32/Skintrim.LQ Trojaner" ac=I fn="C:\Windows.old\Documents and Settings\Jan\Lokale Einstellungen\Temporary Internet Files\Content.IE5\T8ADAM1L\download[1].php" sh=25966E80BCA21553D85C688AF739814FBE53C189 ft=1 fh=71d6f87cb60ba875 vn="Variante von Win32/AdWare.Lollipop.T Anwendung" ac=I fn="C:\Windows.old\Documents and Settings\Jan\Lokale Einstellungen\Temporary Internet Files\Content.IE5\T8ADAM1L\LollipopInstaller_14762[1].exe" sh=56111939425FD13EF6450B47F63A508218AE814D ft=1 fh=f3d44f47bb63ae0d vn="Win32/Toolbar.Conduit.R evtl. unerwünschte Anwendung" ac=I fn="C:\Windows.old\Documents and Settings\Jan\Lokale Einstellungen\Temporary Internet Files\Content.IE5\T8ADAM1L\SearchProtectINTSmartInstall[1].exe" sh=1B6E1D103A63DA0FAF484F912897CEDD1A6C17E5 ft=1 fh=3db16538a669c801 vn="Win32/Wajam.B evtl. unerwünschte Anwendung" ac=I fn="C:\Windows.old\Documents and Settings\Jan\Lokale Einstellungen\Temporary Internet Files\Content.IE5\T8ADAM1L\wajam_download[1].exe" sh=47D5D3B815057AD8165B7673F996FEA43D77223C ft=1 fh=a2c89f461ec45c30 vn="Win32/Wajam.D evtl. unerwünschte Anwendung" ac=I fn="C:\Windows.old\Documents and Settings\Jan\Lokale Einstellungen\Temporary Internet Files\Content.IE5\T8ADAM1L\wajam_install[1].exe" sh=B0D85EDF582218EBB796FB32312373D5E6DE1544 ft=1 fh=a34b592311cfac50 vn="Variante von Win32/OutBrowse.D evtl. unerwünschte Anwendung" ac=I fn="C:\Windows.old\Documents and Settings\Jan\Lokale Einstellungen\Temporary Internet Files\Low\Content.IE5\KY6H4LQF\Firefox[1].exe" sh=B0D85EDF582218EBB796FB32312373D5E6DE1544 ft=1 fh=a34b592311cfac50 vn="Variante von Win32/OutBrowse.D evtl. unerwünschte Anwendung" ac=I fn="C:\Windows.old\Users\Jan\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3URR0SX9\Firefox[1].exe" sh=4694D99C352228A6DA9ACA394DDD481341DDF958 ft=1 fh=fe9c9d8c9ed8715f vn="Variante von Win32/AdWare.PricePeep.B Anwendung" ac=I fn="C:\Windows.old\Users\Jan\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3URR0SX9\pricepeep_190001_0102[1].exe" sh=D7147C4872853E85ACFAAE76E4659FDB028558C3 ft=1 fh=567f598fe98638e2 vn="Variante von Win32/Conduit.SearchProtect.H evtl. unerwünschte Anwendung" ac=I fn="C:\Windows.old\Users\Jan\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JD8J1GAT\SPSetup[1].exe" sh=8EA6C0FFF54649544B8515FCA1F99B6A79DBAC7C ft=1 fh=ba65856fec32e646 vn="Win32/Wajam.F evtl. unerwünschte Anwendung" ac=I fn="C:\Windows.old\Users\Jan\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JD8J1GAT\WajamPreExe[1].exe" sh=DF621B8D09847FEE3632C9271625014F1008D364 ft=1 fh=d2962d1960eca1f8 vn="Win32/OutBrowse.C evtl. unerwünschte Anwendung" ac=I fn="C:\Windows.old\Users\Jan\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\P1C45P0B\RegCleanSetup10[1].exe" sh=B15DFB2C9F2B951B0E8645A0245BDEA18FFCAF70 ft=1 fh=a81e235c1d12b2fe vn="Variante von Win32/Skintrim.LQ Trojaner" ac=I fn="C:\Windows.old\Users\Jan\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\T8ADAM1L\download[1].php" sh=25966E80BCA21553D85C688AF739814FBE53C189 ft=1 fh=71d6f87cb60ba875 vn="Variante von Win32/AdWare.Lollipop.T Anwendung" ac=I fn="C:\Windows.old\Users\Jan\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\T8ADAM1L\LollipopInstaller_14762[1].exe" sh=56111939425FD13EF6450B47F63A508218AE814D ft=1 fh=f3d44f47bb63ae0d vn="Win32/Toolbar.Conduit.R evtl. unerwünschte Anwendung" ac=I fn="C:\Windows.old\Users\Jan\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\T8ADAM1L\SearchProtectINTSmartInstall[1].exe" sh=1B6E1D103A63DA0FAF484F912897CEDD1A6C17E5 ft=1 fh=3db16538a669c801 vn="Win32/Wajam.B evtl. unerwünschte Anwendung" ac=I fn="C:\Windows.old\Users\Jan\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\T8ADAM1L\wajam_download[1].exe" sh=47D5D3B815057AD8165B7673F996FEA43D77223C ft=1 fh=a2c89f461ec45c30 vn="Win32/Wajam.D evtl. unerwünschte Anwendung" ac=I fn="C:\Windows.old\Users\Jan\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\T8ADAM1L\wajam_install[1].exe" sh=B0D85EDF582218EBB796FB32312373D5E6DE1544 ft=1 fh=a34b592311cfac50 vn="Variante von Win32/OutBrowse.D evtl. unerwünschte Anwendung" ac=I fn="C:\Windows.old\Users\Jan\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\KY6H4LQF\Firefox[1].exe" sh=0B43CB23E4C3F9EDBD5BB88DA3ADCFB8160F7F35 ft=1 fh=b9146e162819d8ab vn="Variante von Win32/OutBrowse.D evtl. unerwünschte Anwendung" ac=I fn="C:\Windows.old\Users\Jan\AppData\Local\Temp\DownloadManager.exe" sh=80F6AE1B640B1DFDD7DAB06027E1DEDCDE60FB56 ft=1 fh=9ac637058aa7bd87 vn="Win32/MyPCBackup.A evtl. unerwünschte Anwendung" ac=I fn="C:\Windows.old\Users\Jan\AppData\Local\Temp\RegClean10.exe" sh=C4420C6E94B8CAACCB3811384280D8A93CB0A37D ft=1 fh=25f111c507a31a21 vn="Win32/Toolbar.Conduit.R evtl. unerwünschte Anwendung" ac=I fn="C:\Windows.old\Users\Jan\AppData\Local\Temp\SearchProtectINT.exe" sh=B0D85EDF582218EBB796FB32312373D5E6DE1544 ft=1 fh=a34b592311cfac50 vn="Variante von Win32/OutBrowse.D evtl. unerwünschte Anwendung" ac=I fn="C:\Windows.old\Users\Jan\AppData\Local\Temporary Internet Files\Content.IE5\3URR0SX9\Firefox[1].exe" sh=4694D99C352228A6DA9ACA394DDD481341DDF958 ft=1 fh=fe9c9d8c9ed8715f vn="Variante von Win32/AdWare.PricePeep.B Anwendung" ac=I fn="C:\Windows.old\Users\Jan\AppData\Local\Temporary Internet Files\Content.IE5\3URR0SX9\pricepeep_190001_0102[1].exe" sh=D7147C4872853E85ACFAAE76E4659FDB028558C3 ft=1 fh=567f598fe98638e2 vn="Variante von Win32/Conduit.SearchProtect.H evtl. unerwünschte Anwendung" ac=I fn="C:\Windows.old\Users\Jan\AppData\Local\Temporary Internet Files\Content.IE5\JD8J1GAT\SPSetup[1].exe" sh=8EA6C0FFF54649544B8515FCA1F99B6A79DBAC7C ft=1 fh=ba65856fec32e646 vn="Win32/Wajam.F evtl. unerwünschte Anwendung" ac=I fn="C:\Windows.old\Users\Jan\AppData\Local\Temporary Internet Files\Content.IE5\JD8J1GAT\WajamPreExe[1].exe" sh=DF621B8D09847FEE3632C9271625014F1008D364 ft=1 fh=d2962d1960eca1f8 vn="Win32/OutBrowse.C evtl. unerwünschte Anwendung" ac=I fn="C:\Windows.old\Users\Jan\AppData\Local\Temporary Internet Files\Content.IE5\P1C45P0B\RegCleanSetup10[1].exe" sh=B15DFB2C9F2B951B0E8645A0245BDEA18FFCAF70 ft=1 fh=a81e235c1d12b2fe vn="Variante von Win32/Skintrim.LQ Trojaner" ac=I fn="C:\Windows.old\Users\Jan\AppData\Local\Temporary Internet Files\Content.IE5\T8ADAM1L\download[1].php" sh=25966E80BCA21553D85C688AF739814FBE53C189 ft=1 fh=71d6f87cb60ba875 vn="Variante von Win32/AdWare.Lollipop.T Anwendung" ac=I fn="C:\Windows.old\Users\Jan\AppData\Local\Temporary Internet Files\Content.IE5\T8ADAM1L\LollipopInstaller_14762[1].exe" sh=56111939425FD13EF6450B47F63A508218AE814D ft=1 fh=f3d44f47bb63ae0d vn="Win32/Toolbar.Conduit.R evtl. unerwünschte Anwendung" ac=I fn="C:\Windows.old\Users\Jan\AppData\Local\Temporary Internet Files\Content.IE5\T8ADAM1L\SearchProtectINTSmartInstall[1].exe" sh=1B6E1D103A63DA0FAF484F912897CEDD1A6C17E5 ft=1 fh=3db16538a669c801 vn="Win32/Wajam.B evtl. unerwünschte Anwendung" ac=I fn="C:\Windows.old\Users\Jan\AppData\Local\Temporary Internet Files\Content.IE5\T8ADAM1L\wajam_download[1].exe" sh=47D5D3B815057AD8165B7673F996FEA43D77223C ft=1 fh=a2c89f461ec45c30 vn="Win32/Wajam.D evtl. unerwünschte Anwendung" ac=I fn="C:\Windows.old\Users\Jan\AppData\Local\Temporary Internet Files\Content.IE5\T8ADAM1L\wajam_install[1].exe" sh=B0D85EDF582218EBB796FB32312373D5E6DE1544 ft=1 fh=a34b592311cfac50 vn="Variante von Win32/OutBrowse.D evtl. unerwünschte Anwendung" ac=I fn="C:\Windows.old\Users\Jan\AppData\Local\Temporary Internet Files\Low\Content.IE5\KY6H4LQF\Firefox[1].exe" sh=B0D85EDF582218EBB796FB32312373D5E6DE1544 ft=1 fh=a34b592311cfac50 vn="Variante von Win32/OutBrowse.D evtl. unerwünschte Anwendung" ac=I fn="C:\Windows.old\Users\Jan\Lokale Einstellungen\Microsoft\Windows\Temporary Internet Files\Content.IE5\3URR0SX9\Firefox[1].exe" sh=4694D99C352228A6DA9ACA394DDD481341DDF958 ft=1 fh=fe9c9d8c9ed8715f vn="Variante von Win32/AdWare.PricePeep.B Anwendung" ac=I fn="C:\Windows.old\Users\Jan\Lokale Einstellungen\Microsoft\Windows\Temporary Internet Files\Content.IE5\3URR0SX9\pricepeep_190001_0102[1].exe" sh=D7147C4872853E85ACFAAE76E4659FDB028558C3 ft=1 fh=567f598fe98638e2 vn="Variante von Win32/Conduit.SearchProtect.H evtl. unerwünschte Anwendung" ac=I fn="C:\Windows.old\Users\Jan\Lokale Einstellungen\Microsoft\Windows\Temporary Internet Files\Content.IE5\JD8J1GAT\SPSetup[1].exe" sh=8EA6C0FFF54649544B8515FCA1F99B6A79DBAC7C ft=1 fh=ba65856fec32e646 vn="Win32/Wajam.F evtl. unerwünschte Anwendung" ac=I fn="C:\Windows.old\Users\Jan\Lokale Einstellungen\Microsoft\Windows\Temporary Internet Files\Content.IE5\JD8J1GAT\WajamPreExe[1].exe" sh=DF621B8D09847FEE3632C9271625014F1008D364 ft=1 fh=d2962d1960eca1f8 vn="Win32/OutBrowse.C evtl. unerwünschte Anwendung" ac=I fn="C:\Windows.old\Users\Jan\Lokale Einstellungen\Microsoft\Windows\Temporary Internet Files\Content.IE5\P1C45P0B\RegCleanSetup10[1].exe" sh=B15DFB2C9F2B951B0E8645A0245BDEA18FFCAF70 ft=1 fh=a81e235c1d12b2fe vn="Variante von Win32/Skintrim.LQ Trojaner" ac=I fn="C:\Windows.old\Users\Jan\Lokale Einstellungen\Microsoft\Windows\Temporary Internet Files\Content.IE5\T8ADAM1L\download[1].php" sh=25966E80BCA21553D85C688AF739814FBE53C189 ft=1 fh=71d6f87cb60ba875 vn="Variante von Win32/AdWare.Lollipop.T Anwendung" ac=I fn="C:\Windows.old\Users\Jan\Lokale Einstellungen\Microsoft\Windows\Temporary Internet Files\Content.IE5\T8ADAM1L\LollipopInstaller_14762[1].exe" sh=56111939425FD13EF6450B47F63A508218AE814D ft=1 fh=f3d44f47bb63ae0d vn="Win32/Toolbar.Conduit.R evtl. unerwünschte Anwendung" ac=I fn="C:\Windows.old\Users\Jan\Lokale Einstellungen\Microsoft\Windows\Temporary Internet Files\Content.IE5\T8ADAM1L\SearchProtectINTSmartInstall[1].exe" sh=1B6E1D103A63DA0FAF484F912897CEDD1A6C17E5 ft=1 fh=3db16538a669c801 vn="Win32/Wajam.B evtl. unerwünschte Anwendung" ac=I fn="C:\Windows.old\Users\Jan\Lokale Einstellungen\Microsoft\Windows\Temporary Internet Files\Content.IE5\T8ADAM1L\wajam_download[1].exe" sh=47D5D3B815057AD8165B7673F996FEA43D77223C ft=1 fh=a2c89f461ec45c30 vn="Win32/Wajam.D evtl. unerwünschte Anwendung" ac=I fn="C:\Windows.old\Users\Jan\Lokale Einstellungen\Microsoft\Windows\Temporary Internet Files\Content.IE5\T8ADAM1L\wajam_install[1].exe" sh=B0D85EDF582218EBB796FB32312373D5E6DE1544 ft=1 fh=a34b592311cfac50 vn="Variante von Win32/OutBrowse.D evtl. unerwünschte Anwendung" ac=I fn="C:\Windows.old\Users\Jan\Lokale Einstellungen\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\KY6H4LQF\Firefox[1].exe" sh=0B43CB23E4C3F9EDBD5BB88DA3ADCFB8160F7F35 ft=1 fh=b9146e162819d8ab vn="Variante von Win32/OutBrowse.D evtl. unerwünschte Anwendung" ac=I fn="C:\Windows.old\Users\Jan\Lokale Einstellungen\Temp\DownloadManager.exe" sh=80F6AE1B640B1DFDD7DAB06027E1DEDCDE60FB56 ft=1 fh=9ac637058aa7bd87 vn="Win32/MyPCBackup.A evtl. unerwünschte Anwendung" ac=I fn="C:\Windows.old\Users\Jan\Lokale Einstellungen\Temp\RegClean10.exe" sh=C4420C6E94B8CAACCB3811384280D8A93CB0A37D ft=1 fh=25f111c507a31a21 vn="Win32/Toolbar.Conduit.R evtl. unerwünschte Anwendung" ac=I fn="C:\Windows.old\Users\Jan\Lokale Einstellungen\Temp\SearchProtectINT.exe" sh=B0D85EDF582218EBB796FB32312373D5E6DE1544 ft=1 fh=a34b592311cfac50 vn="Variante von Win32/OutBrowse.D evtl. unerwünschte Anwendung" ac=I fn="C:\Windows.old\Users\Jan\Lokale Einstellungen\Temporary Internet Files\Content.IE5\3URR0SX9\Firefox[1].exe" sh=4694D99C352228A6DA9ACA394DDD481341DDF958 ft=1 fh=fe9c9d8c9ed8715f vn="Variante von Win32/AdWare.PricePeep.B Anwendung" ac=I fn="C:\Windows.old\Users\Jan\Lokale Einstellungen\Temporary Internet Files\Content.IE5\3URR0SX9\pricepeep_190001_0102[1].exe" sh=D7147C4872853E85ACFAAE76E4659FDB028558C3 ft=1 fh=567f598fe98638e2 vn="Variante von Win32/Conduit.SearchProtect.H evtl. unerwünschte Anwendung" ac=I fn="C:\Windows.old\Users\Jan\Lokale Einstellungen\Temporary Internet Files\Content.IE5\JD8J1GAT\SPSetup[1].exe" sh=8EA6C0FFF54649544B8515FCA1F99B6A79DBAC7C ft=1 fh=ba65856fec32e646 vn="Win32/Wajam.F evtl. unerwünschte Anwendung" ac=I fn="C:\Windows.old\Users\Jan\Lokale Einstellungen\Temporary Internet Files\Content.IE5\JD8J1GAT\WajamPreExe[1].exe" sh=DF621B8D09847FEE3632C9271625014F1008D364 ft=1 fh=d2962d1960eca1f8 vn="Win32/OutBrowse.C evtl. unerwünschte Anwendung" ac=I fn="C:\Windows.old\Users\Jan\Lokale Einstellungen\Temporary Internet Files\Content.IE5\P1C45P0B\RegCleanSetup10[1].exe" sh=B15DFB2C9F2B951B0E8645A0245BDEA18FFCAF70 ft=1 fh=a81e235c1d12b2fe vn="Variante von Win32/Skintrim.LQ Trojaner" ac=I fn="C:\Windows.old\Users\Jan\Lokale Einstellungen\Temporary Internet Files\Content.IE5\T8ADAM1L\download[1].php" sh=25966E80BCA21553D85C688AF739814FBE53C189 ft=1 fh=71d6f87cb60ba875 vn="Variante von Win32/AdWare.Lollipop.T Anwendung" ac=I fn="C:\Windows.old\Users\Jan\Lokale Einstellungen\Temporary Internet Files\Content.IE5\T8ADAM1L\LollipopInstaller_14762[1].exe" sh=56111939425FD13EF6450B47F63A508218AE814D ft=1 fh=f3d44f47bb63ae0d vn="Win32/Toolbar.Conduit.R evtl. unerwünschte Anwendung" ac=I fn="C:\Windows.old\Users\Jan\Lokale Einstellungen\Temporary Internet Files\Content.IE5\T8ADAM1L\SearchProtectINTSmartInstall[1].exe" sh=1B6E1D103A63DA0FAF484F912897CEDD1A6C17E5 ft=1 fh=3db16538a669c801 vn="Win32/Wajam.B evtl. unerwünschte Anwendung" ac=I fn="C:\Windows.old\Users\Jan\Lokale Einstellungen\Temporary Internet Files\Content.IE5\T8ADAM1L\wajam_download[1].exe" sh=47D5D3B815057AD8165B7673F996FEA43D77223C ft=1 fh=a2c89f461ec45c30 vn="Win32/Wajam.D evtl. unerwünschte Anwendung" ac=I fn="C:\Windows.old\Users\Jan\Lokale Einstellungen\Temporary Internet Files\Content.IE5\T8ADAM1L\wajam_install[1].exe" sh=B0D85EDF582218EBB796FB32312373D5E6DE1544 ft=1 fh=a34b592311cfac50 vn="Variante von Win32/OutBrowse.D evtl. unerwünschte Anwendung" ac=I fn="C:\Windows.old\Users\Jan\Lokale Einstellungen\Temporary Internet Files\Low\Content.IE5\KY6H4LQF\Firefox[1].exe" sh=845D7CF435FF3AD33D4115C9B07812057F4E85A4 ft=1 fh=c71c001198f425ea vn="Win32/InstalleRex.M evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\ProgramData\InstallMate\{91CE17C6-0BBC-45B9-A752-439E4A2D3530}\Custom.dll" sh=845D7CF435FF3AD33D4115C9B07812057F4E85A4 ft=1 fh=c71c001198f425ea vn="Win32/InstalleRex.M evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\ProgramData\InstallMate\{991BEE4F-AC45-4282-A069-E46742F8CCB9}\Custom.dll" sh=B0D85EDF582218EBB796FB32312373D5E6DE1544 ft=1 fh=a34b592311cfac50 vn="Variante von Win32/OutBrowse.D evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\Windows.old\Documents and Settings\Jan\AppData\Local\Anwendungsdaten\Microsoft\Windows\Temporary Internet Files\Content.IE5\3URR0SX9\Firefox[1].exe" sh=4694D99C352228A6DA9ACA394DDD481341DDF958 ft=1 fh=fe9c9d8c9ed8715f vn="Variante von Win32/AdWare.PricePeep.B Anwendung (Gesäubert durch Löschen - in Quarantäne kopiert)" ac=C fn="C:\Windows.old\Documents and Settings\Jan\AppData\Local\Anwendungsdaten\Microsoft\Windows\Temporary Internet Files\Content.IE5\3URR0SX9\pricepeep_190001_0102[1].exe" sh=D7147C4872853E85ACFAAE76E4659FDB028558C3 ft=1 fh=567f598fe98638e2 vn="Variante von Win32/Conduit.SearchProtect.H evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\Windows.old\Documents and Settings\Jan\AppData\Local\Anwendungsdaten\Microsoft\Windows\Temporary Internet Files\Content.IE5\JD8J1GAT\SPSetup[1].exe" sh=8EA6C0FFF54649544B8515FCA1F99B6A79DBAC7C ft=1 fh=ba65856fec32e646 vn="Win32/Wajam.F evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\Windows.old\Documents and Settings\Jan\AppData\Local\Anwendungsdaten\Microsoft\Windows\Temporary Internet Files\Content.IE5\JD8J1GAT\WajamPreExe[1].exe" sh=DF621B8D09847FEE3632C9271625014F1008D364 ft=1 fh=d2962d1960eca1f8 vn="Win32/OutBrowse.C evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\Windows.old\Documents and Settings\Jan\AppData\Local\Anwendungsdaten\Microsoft\Windows\Temporary Internet Files\Content.IE5\P1C45P0B\RegCleanSetup10[1].exe" sh=B15DFB2C9F2B951B0E8645A0245BDEA18FFCAF70 ft=1 fh=a81e235c1d12b2fe vn="Variante von Win32/Skintrim.LQ Trojaner (Gesäubert durch Löschen - in Quarantäne kopiert)" ac=C fn="C:\Windows.old\Documents and Settings\Jan\AppData\Local\Anwendungsdaten\Microsoft\Windows\Temporary Internet Files\Content.IE5\T8ADAM1L\download[1].php" sh=25966E80BCA21553D85C688AF739814FBE53C189 ft=1 fh=71d6f87cb60ba875 vn="Variante von Win32/AdWare.Lollipop.T Anwendung (Gesäubert durch Löschen - in Quarantäne kopiert)" ac=C fn="C:\Windows.old\Documents and Settings\Jan\AppData\Local\Anwendungsdaten\Microsoft\Windows\Temporary Internet Files\Content.IE5\T8ADAM1L\LollipopInstaller_14762[1].exe" sh=56111939425FD13EF6450B47F63A508218AE814D ft=1 fh=f3d44f47bb63ae0d vn="Win32/Toolbar.Conduit.R evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\Windows.old\Documents and Settings\Jan\AppData\Local\Anwendungsdaten\Microsoft\Windows\Temporary Internet Files\Content.IE5\T8ADAM1L\SearchProtectINTSmartInstall[1].exe" sh=1B6E1D103A63DA0FAF484F912897CEDD1A6C17E5 ft=1 fh=3db16538a669c801 vn="Win32/Wajam.B evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\Windows.old\Documents and Settings\Jan\AppData\Local\Anwendungsdaten\Microsoft\Windows\Temporary Internet Files\Content.IE5\T8ADAM1L\wajam_download[1].exe" sh=47D5D3B815057AD8165B7673F996FEA43D77223C ft=1 fh=a2c89f461ec45c30 vn="Win32/Wajam.D evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\Windows.old\Documents and Settings\Jan\AppData\Local\Anwendungsdaten\Microsoft\Windows\Temporary Internet Files\Content.IE5\T8ADAM1L\wajam_install[1].exe" sh=B0D85EDF582218EBB796FB32312373D5E6DE1544 ft=1 fh=a34b592311cfac50 vn="Variante von Win32/OutBrowse.D evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\Windows.old\Documents and Settings\Jan\AppData\Local\Anwendungsdaten\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\KY6H4LQF\Firefox[1].exe" sh=0B43CB23E4C3F9EDBD5BB88DA3ADCFB8160F7F35 ft=1 fh=b9146e162819d8ab vn="Variante von Win32/OutBrowse.D evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\Windows.old\Documents and Settings\Jan\AppData\Local\Anwendungsdaten\Temp\DownloadManager.exe" sh=80F6AE1B640B1DFDD7DAB06027E1DEDCDE60FB56 ft=1 fh=9ac637058aa7bd87 vn="Win32/MyPCBackup.A evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\Windows.old\Documents and Settings\Jan\AppData\Local\Anwendungsdaten\Temp\RegClean10.exe" sh=C4420C6E94B8CAACCB3811384280D8A93CB0A37D ft=1 fh=25f111c507a31a21 vn="Win32/Toolbar.Conduit.R evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\Windows.old\Documents and Settings\Jan\AppData\Local\Anwendungsdaten\Temp\SearchProtectINT.exe" Code:
ATTFilter Results of screen317's Security Check version 0.99.82 Windows 7 Service Pack 1 x86 (UAC is enabled) Internet Explorer 11 ``````````````Antivirus/Firewall Check:`````````````` WMI entry may not exist for antivirus; attempting automatic update. `````````Anti-malware/Other Utilities Check:````````` Adobe Flash Player 13.0.0.214 Adobe Reader XI Mozilla Firefox (29.0.1) ````````Process Check: objlist.exe by Laurent```````` Malwarebytes Anti-Malware mbamservice.exe Malwarebytes Anti-Malware mbam.exe `````````````````System Health check````````````````` Total Fragmentation on Drive C: ````````````````````End of Log`````````````````````` FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:15-05-2014 Ran by Jan (administrator) on JAN-PC on 18-05-2014 17:47:33 Running from C:\Users\Jan\Desktop Platform: Microsoft Windows 7 Ultimate Service Pack 1 (X86) OS Language: German Standard Internet Explorer Version 11 Boot Mode: Normal ==================== Processes (Whitelisted) ================= (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (Malwarebytes Corporation) C:\Program Files\ Malwarebytes Anti-Malware \mbamscheduler.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Update Core\NvBackend.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NetService\NvNetworkService.exe (Malwarebytes Corporation) C:\Program Files\ Malwarebytes Anti-Malware \mbam.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe (Microsoft Corporation) C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation) C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe (Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE (Malwarebytes Corporation) C:\Program Files\ Malwarebytes Anti-Malware \mbamservice.exe (Microsoft Corporation) C:\Windows\System32\wuauclt.exe () G:\League of Legends\RADS\system\rads_user_kernel.exe () G:\League of Legends\RADS\projects\lol_launcher\releases\0.0.0.207\deploy\LoLLauncher.exe () G:\League of Legends\RADS\projects\lol_air_client\releases\0.0.1.88\deploy\LolClient.exe (TeamSpeak Systems GmbH) C:\Program Files\TeamSpeak 3 Client\ts3client_win32.exe (Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) C:\Program Files\Mozilla Firefox\plugin-container.exe (Adobe Systems, Inc.) C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe (Adobe Systems, Inc.) C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe ==================== Registry (Whitelisted) ================== HKLM\...\Run: [Nvtmru] => C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe [1028384 2013-11-14] (NVIDIA Corporation) HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\nvspcap.dll [982232 2013-12-10] (NVIDIA Corporation) HKLM\...\Run: [NvBackend] => C:\Program Files\NVIDIA Corporation\Update Core\NvBackend.exe [2279712 2013-12-10] (NVIDIA Corporation) HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-12-21] (Adobe Systems Incorporated) HKU\.DEFAULT\...\RunOnce: [SPReview] - C:\Windows\System32\SPReview\SPReview.exe [280576 2013-12-09] (Microsoft Corporation) GroupPolicy: Group Policy on Chrome detected <======= ATTENTION ==================== Internet (Whitelisted) ==================== ProxyServer: http=127.0.0.1:8118;https=127.0.0.1:8118 HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank SearchScopes: HKLM - DefaultScope value is missing. Tcpip\Parameters: [DhcpNameServer] 192.168.178.1 FireFox: ======== FF ProfilePath: C:\Users\Jan\AppData\Roaming\Mozilla\Firefox\Profiles\dcuyuvrt.default FF Homepage: google.de FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_13_0_0_214.dll () FF Plugin: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~1\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF Plugin: @nvidia.com/3DVision - C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation) FF Plugin: @nvidia.com/3DVisionStreaming - C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation) FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\amazondotcom-de.xml FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\eBay-de.xml FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\leo_ende_de.xml FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\yahoo-de.xml FF HKCU\...\Firefox\Extensions: [{B9CAB6E3-383E-2705-9275-E9FFFCD2C970}] - C:\Program Files\BlockAndSurf-soft\161.xpi ========================== Services (Whitelisted) ================= S3 BEService; C:\Program Files\Common Files\BattlEye\BEService.exe [49152 2013-12-06] () R2 MBAMScheduler; C:\Program Files\ Malwarebytes Anti-Malware \mbamscheduler.exe [1809720 2014-04-03] (Malwarebytes Corporation) R2 MBAMService; C:\Program Files\ Malwarebytes Anti-Malware \mbamservice.exe [857912 2014-04-03] (Malwarebytes Corporation) R2 NvNetworkService; C:\Program Files\NVIDIA Corporation\NetService\NvNetworkService.exe [1494304 2013-12-10] (NVIDIA Corporation) R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [14658848 2013-12-10] (NVIDIA Corporation) ==================== Drivers (Whitelisted) ==================== R3 EuMusDesignVirtualAudioCableWdm; C:\Windows\System32\DRIVERS\vrtaucbl.sys [50728 2014-04-11] (Eugene V. Muzychenko) R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [23256 2014-04-03] (Malwarebytes Corporation) R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [107736 2014-05-18] (Malwarebytes Corporation) R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [51416 2014-04-03] (Malwarebytes Corporation) R3 MTsensor; C:\Windows\System32\DRIVERS\ATKACPI.sys [7680 2007-07-31] (ATK0100) R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad32v.sys [34080 2013-12-05] (NVIDIA Corporation) R3 Sftfs; C:\Windows\System32\DRIVERS\Sftfswin7.sys [581480 2011-10-01] (Microsoft Corporation) R3 Sftplay; C:\Windows\System32\DRIVERS\Sftplaywin7.sys [194408 2011-10-01] (Microsoft Corporation) R3 Sftredir; C:\Windows\System32\DRIVERS\Sftredirwin7.sys [21864 2011-10-01] (Microsoft Corporation) R3 Sftvol; C:\Windows\System32\DRIVERS\Sftvolwin7.sys [19304 2011-10-01] (Microsoft Corporation) S3 catchme; \??\C:\Users\Jan\AppData\Local\Temp\catchme.sys [X] S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X] S3 tsusbhub; system32\drivers\tsusbhub.sys [X] S3 VGPU; System32\drivers\rdvgkmd.sys [X] U5 VWiFiFlt; C:\Windows\System32\Drivers\VWiFiFlt.sys [48128 2009-07-14] (Microsoft Corporation) ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2014-05-18 17:45 - 2014-05-18 17:45 - 00855379 _____ () C:\Users\Jan\Desktop\SecurityCheck.exe 2014-05-18 15:27 - 2014-05-18 15:27 - 00000000 ____D () C:\Program Files\ESET 2014-05-18 15:21 - 2014-05-18 15:22 - 02347384 _____ (ESET) C:\Users\Jan\Downloads\esetsmartinstaller_deu.exe 2014-05-17 14:30 - 2014-05-17 14:30 - 00000642 _____ () C:\Users\Jan\Desktop\JRT.txt 2014-05-17 14:19 - 2014-05-17 14:19 - 00000000 ____D () C:\Program Files\Common Files\Lavasoft 2014-05-16 20:08 - 2014-05-16 20:21 - 00000000 ____D () C:\Program Files\Google 2014-05-16 17:11 - 2014-05-18 17:47 - 00007485 _____ () C:\Users\Jan\Desktop\FRST.txt 2014-05-16 17:00 - 2014-05-16 17:00 - 00000000 ____D () C:\Windows\ERUNT 2014-05-16 16:57 - 2014-05-16 16:57 - 01016261 _____ (Thisisu) C:\Users\Jan\Desktop\JRT.exe 2014-05-16 16:46 - 2014-05-16 16:46 - 00000952 _____ () C:\Users\Jan\Desktop\AdwCleaner[S0].txt 2014-05-16 16:42 - 2014-05-17 14:21 - 00000000 ____D () C:\AdwCleaner 2014-05-16 16:41 - 2014-05-17 14:17 - 00001147 _____ () C:\Users\Jan\Desktop\mbam.txt 2014-05-16 16:28 - 2014-05-16 16:28 - 00001060 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk 2014-05-16 16:28 - 2014-05-16 16:28 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 2014-05-16 16:28 - 2014-05-16 16:28 - 00000000 ____D () C:\Program Files\ Malwarebytes Anti-Malware 2014-05-16 16:28 - 2014-04-03 09:51 - 00073432 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys 2014-05-16 16:28 - 2014-04-03 09:51 - 00051416 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys 2014-05-16 16:28 - 2014-04-03 09:50 - 00023256 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys 2014-05-16 09:57 - 2014-05-16 09:57 - 00011190 _____ () C:\ComboFix.txt 2014-05-16 09:44 - 2014-05-16 09:57 - 00000000 ____D () C:\Qoobox 2014-05-16 09:44 - 2014-05-16 09:57 - 00000000 ____D () C:\ComboFix 2014-05-16 09:44 - 2014-05-16 09:56 - 00000000 ____D () C:\Windows\erdnt 2014-05-16 09:44 - 2011-06-26 08:45 - 00256000 _____ () C:\Windows\PEV.exe 2014-05-16 09:44 - 2010-11-07 19:20 - 00208896 _____ () C:\Windows\MBR.exe 2014-05-16 09:44 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe 2014-05-16 09:44 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe 2014-05-16 09:44 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe 2014-05-16 09:44 - 2000-08-31 02:00 - 00098816 _____ () C:\Windows\sed.exe 2014-05-16 09:44 - 2000-08-31 02:00 - 00080412 _____ () C:\Windows\grep.exe 2014-05-16 09:44 - 2000-08-31 02:00 - 00068096 _____ () C:\Windows\zip.exe 2014-05-16 09:40 - 2014-05-16 09:41 - 05200990 ____R (Swearware) C:\Users\Jan\Downloads\ComboFix.exe 2014-05-16 00:42 - 2014-05-16 00:42 - 00023769 _____ () C:\Users\Jan\Desktop\Gmer.log 2014-05-16 00:31 - 2014-05-16 00:32 - 00020084 _____ () C:\Users\Jan\Downloads\Addition.txt 2014-05-16 00:30 - 2014-05-18 17:47 - 00000000 ____D () C:\FRST 2014-05-16 00:30 - 2014-05-16 00:32 - 00030016 _____ () C:\Users\Jan\Downloads\FRST.txt 2014-05-16 00:29 - 2014-05-16 00:29 - 00000468 _____ () C:\Users\Jan\Downloads\defogger_disable.log 2014-05-16 00:29 - 2014-05-16 00:29 - 00000000 _____ () C:\Users\Jan\defogger_reenable 2014-05-16 00:27 - 2014-05-16 00:27 - 01056768 _____ (Farbar) C:\Users\Jan\Desktop\FRST.exe 2014-05-16 00:27 - 2014-05-16 00:27 - 00380416 _____ () C:\Users\Jan\Downloads\Gmer-19357.exe 2014-05-16 00:26 - 2014-05-16 00:26 - 00050477 _____ () C:\Users\Jan\Downloads\Defogger.exe 2014-05-15 14:21 - 2014-05-15 14:21 - 00000498 _____ () C:\DelFix.txt 2014-05-15 13:59 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\Windows\system32\sqlite3.dll 2014-05-15 13:40 - 2014-05-15 13:40 - 00000000 ____D () C:\Users\Jan\Documents\ProcAlyzer Dumps 2014-05-15 01:36 - 2014-05-06 05:25 - 17382912 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2014-05-15 01:36 - 2014-05-06 05:07 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2014-05-15 01:36 - 2014-05-06 04:10 - 00069632 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll 2014-05-14 20:04 - 2014-05-14 20:04 - 00000199 _____ () C:\Users\Jan\Desktop\Counter-Strike Global Offensive.url 2014-05-14 19:34 - 2014-05-14 19:34 - 00001117 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk 2014-05-14 19:34 - 2014-05-14 19:34 - 00001105 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk 2014-05-14 19:34 - 2014-05-14 19:34 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service 2014-05-14 12:19 - 2014-05-14 12:19 - 00000000 ____D () C:\Users\Jan\AppData\Roaming\LavasoftStatistics 2014-05-14 11:11 - 2014-05-15 14:02 - 00000000 ____D () C:\Program Files\Spybot - Search & Destroy 2 2014-05-14 11:11 - 2014-05-15 13:55 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy 2014-05-14 11:10 - 2014-05-18 16:24 - 00107736 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2014-05-14 11:08 - 2014-05-15 13:43 - 00000000 ____D () C:\Program Files\Lavasoft 2014-05-14 11:06 - 2014-05-14 11:06 - 00000000 ____D () C:\ProgramData\Malwarebytes 2014-05-14 11:04 - 2014-05-14 11:04 - 46392680 _____ (Safer-Networking Ltd. ) C:\Users\Jan\Downloads\spybot-2.3.exe 2014-05-14 11:03 - 2014-05-14 11:03 - 17305616 _____ (Malwarebytes Corporation ) C:\Users\Jan\Downloads\mbam-setup-2.0.1.1004.exe 2014-05-14 11:03 - 2014-05-14 11:03 - 00000000 ____D () C:\ProgramData\Lavasoft 2014-05-14 09:26 - 2014-05-09 09:06 - 00369664 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll 2014-05-14 09:26 - 2014-05-09 09:04 - 00302592 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll 2014-05-14 09:26 - 2014-04-12 04:15 - 00136640 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys 2014-05-14 09:26 - 2014-04-12 04:15 - 00067520 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys 2014-05-14 09:26 - 2014-04-12 04:12 - 00100352 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll 2014-05-14 09:26 - 2014-04-12 04:12 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll 2014-05-14 09:26 - 2014-04-12 04:12 - 00015872 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll 2014-05-14 09:26 - 2014-04-12 04:11 - 01059840 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll 2014-05-14 09:26 - 2014-04-12 04:11 - 00022528 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe 2014-05-14 09:26 - 2014-03-25 04:09 - 12874240 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll 2014-05-14 09:26 - 2014-03-04 11:20 - 03969984 _____ (Microsoft Corporation) C:\Windows\system32\ntkrnlpa.exe 2014-05-14 09:26 - 2014-03-04 11:20 - 03914176 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe 2014-05-14 09:26 - 2014-03-04 11:17 - 00550912 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll 2014-05-14 09:26 - 2014-03-04 11:17 - 00538112 _____ (Microsoft Corporation) C:\Windows\system32\objsel.dll 2014-05-14 09:26 - 2014-03-04 11:17 - 00304128 _____ (Microsoft Corporation) C:\Windows\system32\winlogon.exe 2014-05-14 09:26 - 2014-03-04 11:17 - 00293376 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll 2014-05-14 09:26 - 2014-03-04 11:17 - 00259584 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll 2014-05-14 09:26 - 2014-03-04 11:17 - 00247808 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll 2014-05-14 09:26 - 2014-03-04 11:17 - 00172032 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll 2014-05-14 09:26 - 2014-03-04 11:17 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll 2014-05-14 09:26 - 2014-03-04 11:17 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\cngprovider.dll 2014-05-14 09:26 - 2014-03-04 11:17 - 00049664 _____ (Microsoft Corporation) C:\Windows\system32\adprovider.dll 2014-05-14 09:26 - 2014-03-04 11:17 - 00048128 _____ (Microsoft Corporation) C:\Windows\system32\capiprovider.dll 2014-05-14 09:26 - 2014-03-04 11:17 - 00047616 _____ (Microsoft Corporation) C:\Windows\system32\dpapiprovider.dll 2014-05-14 09:26 - 2014-03-04 11:17 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\dimsroam.dll 2014-05-14 09:26 - 2014-03-04 11:17 - 00035328 _____ (Microsoft Corporation) C:\Windows\system32\wincredprovider.dll 2014-05-14 09:26 - 2014-03-04 11:17 - 00017408 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll 2014-05-13 22:55 - 2014-05-13 22:55 - 00000000 __SHD () C:\Users\Jan\AppData\Local\EmieUserList 2014-05-13 22:55 - 2014-05-13 22:55 - 00000000 __SHD () C:\Users\Jan\AppData\Local\EmieSiteList 2014-05-13 22:53 - 2014-05-13 22:53 - 00000000 ____D () C:\Program Files\MSR 2014-05-13 22:52 - 2014-05-13 22:52 - 00000512 __RSH () C:\ProgramData\ntuser.pol 2014-05-13 22:52 - 2014-05-13 22:52 - 00000000 ____D () C:\Users\Jan\AppData\Roaming\wi_upd 2014-05-13 22:52 - 2014-05-13 22:52 - 00000000 ____D () C:\Users\Jan\AppData\Roaming\InetStat 2014-05-13 22:52 - 2014-05-13 22:52 - 00000000 ____D () C:\Users\Jan\AppData\Roaming\GetPrivate 2014-05-13 22:51 - 2014-05-13 22:51 - 02271256 _____ () C:\Users\Jan\Downloads\Garrys.Mod.v13.06.20-v13.07.05.Update.exe 2014-05-13 22:37 - 2014-05-13 22:37 - 00222184 _____ (Deposit Files) C:\Users\Jan\Downloads\dfdownloader_xMdXQR_.exe 2014-05-13 22:19 - 2014-05-13 22:39 - 1015875267 _____ () C:\Users\Jan\Downloads\CSS_2013_patch_1909615_nosTEAM.exe 2014-05-13 21:19 - 2014-05-13 21:19 - 00222184 _____ (Deposit Files) C:\Users\Jan\Downloads\dfdownloader_luc4Mu_.exe 2014-05-13 21:07 - 2014-05-14 12:24 - 00000000 ____D () C:\Users\Jan\AppData\Roaming\uTorrent 2014-05-13 21:06 - 2014-05-13 21:06 - 01670992 _____ (BitTorrent Inc.) C:\Users\Jan\Downloads\uTorrent_3.4.1_31139.exe 2014-05-13 21:00 - 2014-05-13 21:00 - 00222184 _____ (Deposit Files) C:\Users\Jan\Downloads\dfdownloader_sbRdYx_.exe 2014-05-12 22:50 - 2014-05-12 22:50 - 00000000 ____D () C:\ProgramData\ItsMyApp 2014-05-12 22:49 - 2014-05-16 20:21 - 00000000 ____D () C:\Users\Jan\AppData\Local\Google 2014-05-12 22:49 - 2014-05-14 12:25 - 00000000 ____D () C:\ProgramData\18be15233c43999c 2014-05-12 22:49 - 2014-05-12 22:49 - 00000000 ____D () C:\Users\Jan\AppData\Local\Comodo 2014-05-12 22:49 - 2014-05-12 22:49 - 00000000 ____D () C:\Users\Jan\AppData\Local\Chromatic Browser 2014-05-12 22:49 - 2014-05-12 22:49 - 00000000 ____D () C:\Users\Gast\AppData\Local\Google 2014-05-12 22:49 - 2014-05-12 22:49 - 00000000 ____D () C:\Users\Gast\AppData\Local\Comodo 2014-05-12 22:49 - 2014-05-12 22:49 - 00000000 ____D () C:\Users\Gast\AppData\Local\Chromatic Browser 2014-05-12 22:49 - 2014-05-12 22:49 - 00000000 ____D () C:\Users\Gast 2014-05-12 22:49 - 2014-05-12 22:49 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Google 2014-05-12 22:49 - 2014-05-12 22:49 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Comodo 2014-05-12 22:49 - 2014-05-12 22:49 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Chromatic Browser 2014-05-12 22:49 - 2014-05-12 22:49 - 00000000 ____D () C:\Users\Administrator 2014-05-12 22:48 - 2014-05-12 22:55 - 00000000 ____D () C:\ProgramData\InstallMate 2014-05-12 22:38 - 2014-02-12 22:26 - 00000426 _____ () C:\AVScanner.ini 2014-05-12 22:10 - 2014-05-13 22:46 - 00000000 ____D () C:\Users\Jan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games 2014-05-12 22:07 - 2014-05-12 22:07 - 00000000 ____D () C:\Users\Jan\Documents\230828-672014-dungeon-keeper-2.rar 2014-05-10 17:56 - 2014-05-14 19:34 - 00000000 ____D () C:\Program Files\Mozilla Firefox 2014-05-06 17:34 - 2014-05-15 13:10 - 00000000 ___SD () C:\Windows\system32\CompatTel 2014-05-02 21:03 - 2014-05-02 21:03 - 03441423 _____ () C:\Users\Jan\Downloads\Instalok - Pick Anyone (Jason Derulo - 2014-04-29 18:12 - 2014-03-06 10:31 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll 2014-04-29 18:12 - 2014-03-06 10:02 - 00455168 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll 2014-04-29 18:12 - 2014-03-06 10:02 - 00061952 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll 2014-04-29 18:12 - 2014-03-06 10:01 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll 2014-04-29 18:12 - 2014-03-06 09:47 - 02178048 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2014-04-29 18:12 - 2014-03-06 09:46 - 04254720 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2014-04-29 18:12 - 2014-03-06 09:46 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll 2014-04-29 18:12 - 2014-03-06 09:45 - 00032768 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll 2014-04-29 18:12 - 2014-03-06 09:40 - 00440832 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll 2014-04-29 18:12 - 2014-03-06 09:38 - 00112128 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe 2014-04-29 18:12 - 2014-03-06 09:38 - 00108032 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe 2014-04-29 18:12 - 2014-03-06 09:36 - 00592896 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll 2014-04-29 18:12 - 2014-03-06 09:28 - 00646144 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe 2014-04-29 18:12 - 2014-03-06 09:22 - 00367616 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll 2014-04-29 18:12 - 2014-03-06 09:18 - 00575488 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe 2014-04-29 18:12 - 2014-03-06 09:13 - 00032256 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll 2014-04-29 18:12 - 2014-03-06 09:07 - 00164864 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll 2014-04-29 18:12 - 2014-03-06 09:01 - 00244224 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll 2014-04-29 18:12 - 2014-03-06 08:46 - 00524288 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2014-04-29 18:12 - 2014-03-06 08:40 - 01967104 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl 2014-04-29 18:12 - 2014-03-06 08:36 - 11745792 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2014-04-29 18:12 - 2014-03-06 07:43 - 00704512 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll 2014-04-29 18:12 - 2014-03-06 07:41 - 01789440 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2014-04-29 18:12 - 2014-03-06 07:36 - 01143808 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2014-04-26 13:05 - 2014-05-14 12:24 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk 2014-04-26 13:05 - 2014-04-26 13:05 - 00001993 _____ () C:\Users\Public\Desktop\Adobe Reader XI.lnk 2014-04-26 13:04 - 2014-04-26 13:07 - 00000000 ____D () C:\ProgramData\Adobe 2014-04-26 13:04 - 2014-04-26 13:04 - 00000000 ____D () C:\Program Files\Common Files\Adobe 2014-04-26 13:04 - 2014-04-26 13:04 - 00000000 ____D () C:\Program Files\Adobe 2014-04-18 23:28 - 2014-04-18 23:28 - 04440764 _____ () C:\Users\Jan\Downloads\Pinkzebra ==================== One Month Modified Files and Folders ======= 2014-05-18 17:47 - 2014-05-16 17:11 - 00007485 _____ () C:\Users\Jan\Desktop\FRST.txt 2014-05-18 17:47 - 2014-05-16 00:30 - 00000000 ____D () C:\FRST 2014-05-18 17:45 - 2014-05-18 17:45 - 00855379 _____ () C:\Users\Jan\Desktop\SecurityCheck.exe 2014-05-18 17:35 - 2013-12-13 16:17 - 00000000 ____D () C:\Users\Jan\AppData\Roaming\TS3Client 2014-05-18 17:08 - 2013-12-06 22:22 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job 2014-05-18 16:24 - 2014-05-14 11:10 - 00107736 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2014-05-18 15:27 - 2014-05-18 15:27 - 00000000 ____D () C:\Program Files\ESET 2014-05-18 15:22 - 2014-05-18 15:21 - 02347384 _____ (ESET) C:\Users\Jan\Downloads\esetsmartinstaller_deu.exe 2014-05-18 14:51 - 2009-07-14 06:34 - 00014016 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2014-05-18 14:51 - 2009-07-14 06:34 - 00014016 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2014-05-18 14:50 - 2013-12-06 19:08 - 01622164 _____ () C:\Windows\system32\PerfStringBackup.INI 2014-05-18 14:48 - 2013-12-06 18:47 - 01642031 _____ () C:\Windows\WindowsUpdate.log 2014-05-18 14:44 - 2013-12-06 20:15 - 00000000 ____D () C:\ProgramData\NVIDIA 2014-05-18 14:44 - 2009-07-14 06:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2014-05-18 14:44 - 2009-07-14 06:39 - 00060318 _____ () C:\Windows\setupact.log 2014-05-17 14:30 - 2014-05-17 14:30 - 00000642 _____ () C:\Users\Jan\Desktop\JRT.txt 2014-05-17 14:23 - 2013-12-09 17:20 - 00153128 _____ () C:\Windows\PFRO.log 2014-05-17 14:21 - 2014-05-16 16:42 - 00000000 ____D () C:\AdwCleaner 2014-05-17 14:19 - 2014-05-17 14:19 - 00000000 ____D () C:\Program Files\Common Files\Lavasoft 2014-05-17 14:17 - 2014-05-16 16:41 - 00001147 _____ () C:\Users\Jan\Desktop\mbam.txt 2014-05-16 20:22 - 2013-12-06 22:21 - 00000000 ____D () C:\Users\Jan\AppData\Local\Adobe 2014-05-16 20:21 - 2014-05-16 20:08 - 00000000 ____D () C:\Program Files\Google 2014-05-16 20:21 - 2014-05-12 22:49 - 00000000 ____D () C:\Users\Jan\AppData\Local\Google 2014-05-16 20:08 - 2013-12-06 22:22 - 00692400 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe 2014-05-16 20:08 - 2013-12-06 22:22 - 00070832 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl 2014-05-16 17:00 - 2014-05-16 17:00 - 00000000 ____D () C:\Windows\ERUNT 2014-05-16 16:57 - 2014-05-16 16:57 - 01016261 _____ (Thisisu) C:\Users\Jan\Desktop\JRT.exe 2014-05-16 16:46 - 2014-05-16 16:46 - 00000952 _____ () C:\Users\Jan\Desktop\AdwCleaner[S0].txt 2014-05-16 16:46 - 2009-07-14 06:53 - 00032630 _____ () C:\Windows\Tasks\SCHEDLGU.TXT 2014-05-16 16:28 - 2014-05-16 16:28 - 00001060 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk 2014-05-16 16:28 - 2014-05-16 16:28 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 2014-05-16 16:28 - 2014-05-16 16:28 - 00000000 ____D () C:\Program Files\ Malwarebytes Anti-Malware 2014-05-16 09:57 - 2014-05-16 09:57 - 00011190 _____ () C:\ComboFix.txt 2014-05-16 09:57 - 2014-05-16 09:44 - 00000000 ____D () C:\Qoobox 2014-05-16 09:57 - 2014-05-16 09:44 - 00000000 ____D () C:\ComboFix 2014-05-16 09:57 - 2009-07-14 04:37 - 00000000 __RHD () C:\Users\Default 2014-05-16 09:57 - 2009-07-14 04:37 - 00000000 ___RD () C:\Users\Public 2014-05-16 09:56 - 2014-05-16 09:44 - 00000000 ____D () C:\Windows\erdnt 2014-05-16 09:54 - 2009-07-14 04:04 - 00000215 _____ () C:\Windows\system.ini 2014-05-16 09:52 - 2009-07-14 04:03 - 36700160 _____ () C:\Windows\system32\config\SOFTWARE.bak 2014-05-16 09:52 - 2009-07-14 04:03 - 13107200 _____ () C:\Windows\system32\config\SYSTEM.bak 2014-05-16 09:52 - 2009-07-14 04:03 - 00524288 _____ () C:\Windows\system32\config\DEFAULT.bak 2014-05-16 09:52 - 2009-07-14 04:03 - 00262144 _____ () C:\Windows\system32\config\SECURITY.bak 2014-05-16 09:52 - 2009-07-14 04:03 - 00262144 _____ () C:\Windows\system32\config\SAM.bak 2014-05-16 09:41 - 2014-05-16 09:40 - 05200990 ____R (Swearware) C:\Users\Jan\Downloads\ComboFix.exe 2014-05-16 00:42 - 2014-05-16 00:42 - 00023769 _____ () C:\Users\Jan\Desktop\Gmer.log 2014-05-16 00:32 - 2014-05-16 00:31 - 00020084 _____ () C:\Users\Jan\Downloads\Addition.txt 2014-05-16 00:32 - 2014-05-16 00:30 - 00030016 _____ () C:\Users\Jan\Downloads\FRST.txt 2014-05-16 00:29 - 2014-05-16 00:29 - 00000468 _____ () C:\Users\Jan\Downloads\defogger_disable.log 2014-05-16 00:29 - 2014-05-16 00:29 - 00000000 _____ () C:\Users\Jan\defogger_reenable 2014-05-16 00:29 - 2013-12-06 19:26 - 00000000 ____D () C:\Users\Jan 2014-05-16 00:27 - 2014-05-16 00:27 - 01056768 _____ (Farbar) C:\Users\Jan\Desktop\FRST.exe 2014-05-16 00:27 - 2014-05-16 00:27 - 00380416 _____ () C:\Users\Jan\Downloads\Gmer-19357.exe 2014-05-16 00:26 - 2014-05-16 00:26 - 00050477 _____ () C:\Users\Jan\Downloads\Defogger.exe 2014-05-15 14:21 - 2014-05-15 14:21 - 00000498 _____ () C:\DelFix.txt 2014-05-15 14:02 - 2014-05-14 11:11 - 00000000 ____D () C:\Program Files\Spybot - Search & Destroy 2 2014-05-15 14:00 - 2013-12-06 19:27 - 00001144 _____ () C:\Users\Jan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk 2014-05-15 13:55 - 2014-05-14 11:11 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy 2014-05-15 13:43 - 2014-05-14 11:08 - 00000000 ____D () C:\Program Files\Lavasoft 2014-05-15 13:40 - 2014-05-15 13:40 - 00000000 ____D () C:\Users\Jan\Documents\ProcAlyzer Dumps 2014-05-15 13:25 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\Microsoft.NET 2014-05-15 13:10 - 2014-05-06 17:34 - 00000000 ___SD () C:\Windows\system32\CompatTel 2014-05-15 13:10 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\system32\de-DE 2014-05-14 20:04 - 2014-05-14 20:04 - 00000199 _____ () C:\Users\Jan\Desktop\Counter-Strike Global Offensive.url 2014-05-14 19:35 - 2013-12-06 19:36 - 00000000 ____D () C:\Users\Jan\AppData\Roaming\Mozilla 2014-05-14 19:34 - 2014-05-14 19:34 - 00001117 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk 2014-05-14 19:34 - 2014-05-14 19:34 - 00001105 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk 2014-05-14 19:34 - 2014-05-14 19:34 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service 2014-05-14 19:34 - 2014-05-10 17:56 - 00000000 ____D () C:\Program Files\Mozilla Firefox 2014-05-14 12:25 - 2014-05-12 22:49 - 00000000 ____D () C:\ProgramData\18be15233c43999c 2014-05-14 12:24 - 2014-05-13 21:07 - 00000000 ____D () C:\Users\Jan\AppData\Roaming\uTorrent 2014-05-14 12:24 - 2014-04-26 13:05 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk 2014-05-14 12:19 - 2014-05-14 12:19 - 00000000 ____D () C:\Users\Jan\AppData\Roaming\LavasoftStatistics 2014-05-14 11:06 - 2014-05-14 11:06 - 00000000 ____D () C:\ProgramData\Malwarebytes 2014-05-14 11:04 - 2014-05-14 11:04 - 46392680 _____ (Safer-Networking Ltd. ) C:\Users\Jan\Downloads\spybot-2.3.exe 2014-05-14 11:03 - 2014-05-14 11:03 - 17305616 _____ (Malwarebytes Corporation ) C:\Users\Jan\Downloads\mbam-setup-2.0.1.1004.exe 2014-05-14 11:03 - 2014-05-14 11:03 - 00000000 ____D () C:\ProgramData\Lavasoft 2014-05-13 22:55 - 2014-05-13 22:55 - 00000000 __SHD () C:\Users\Jan\AppData\Local\EmieUserList 2014-05-13 22:55 - 2014-05-13 22:55 - 00000000 __SHD () C:\Users\Jan\AppData\Local\EmieSiteList 2014-05-13 22:53 - 2014-05-13 22:53 - 00000000 ____D () C:\Program Files\MSR 2014-05-13 22:52 - 2014-05-13 22:52 - 00000512 __RSH () C:\ProgramData\ntuser.pol 2014-05-13 22:52 - 2014-05-13 22:52 - 00000000 ____D () C:\Users\Jan\AppData\Roaming\wi_upd 2014-05-13 22:52 - 2014-05-13 22:52 - 00000000 ____D () C:\Users\Jan\AppData\Roaming\InetStat 2014-05-13 22:52 - 2014-05-13 22:52 - 00000000 ____D () C:\Users\Jan\AppData\Roaming\GetPrivate 2014-05-13 22:52 - 2009-07-14 04:37 - 00000000 ___HD () C:\Windows\system32\GroupPolicy 2014-05-13 22:51 - 2014-05-13 22:51 - 02271256 _____ () C:\Users\Jan\Downloads\Garrys.Mod.v13.06.20-v13.07.05.Update.exe 2014-05-13 22:46 - 2014-05-12 22:10 - 00000000 ____D () C:\Users\Jan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games 2014-05-13 22:39 - 2014-05-13 22:19 - 1015875267 _____ () C:\Users\Jan\Downloads\CSS_2013_patch_1909615_nosTEAM.exe 2014-05-13 22:37 - 2014-05-13 22:37 - 00222184 _____ (Deposit Files) C:\Users\Jan\Downloads\dfdownloader_xMdXQR_.exe 2014-05-13 21:19 - 2014-05-13 21:19 - 00222184 _____ (Deposit Files) C:\Users\Jan\Downloads\dfdownloader_luc4Mu_.exe 2014-05-13 21:06 - 2014-05-13 21:06 - 01670992 _____ (BitTorrent Inc.) C:\Users\Jan\Downloads\uTorrent_3.4.1_31139.exe 2014-05-13 21:00 - 2014-05-13 21:00 - 00222184 _____ (Deposit Files) C:\Users\Jan\Downloads\dfdownloader_sbRdYx_.exe 2014-05-12 23:14 - 2013-12-06 19:31 - 00000000 ____D () C:\Program Files\Common Files\Steam 2014-05-12 22:55 - 2014-05-12 22:48 - 00000000 ____D () C:\ProgramData\InstallMate 2014-05-12 22:50 - 2014-05-12 22:50 - 00000000 ____D () C:\ProgramData\ItsMyApp 2014-05-12 22:49 - 2014-05-12 22:49 - 00000000 ____D () C:\Users\Jan\AppData\Local\Comodo 2014-05-12 22:49 - 2014-05-12 22:49 - 00000000 ____D () C:\Users\Jan\AppData\Local\Chromatic Browser 2014-05-12 22:49 - 2014-05-12 22:49 - 00000000 ____D () C:\Users\Gast\AppData\Local\Google 2014-05-12 22:49 - 2014-05-12 22:49 - 00000000 ____D () C:\Users\Gast\AppData\Local\Comodo 2014-05-12 22:49 - 2014-05-12 22:49 - 00000000 ____D () C:\Users\Gast\AppData\Local\Chromatic Browser 2014-05-12 22:49 - 2014-05-12 22:49 - 00000000 ____D () C:\Users\Gast 2014-05-12 22:49 - 2014-05-12 22:49 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Google 2014-05-12 22:49 - 2014-05-12 22:49 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Comodo 2014-05-12 22:49 - 2014-05-12 22:49 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Chromatic Browser 2014-05-12 22:49 - 2014-05-12 22:49 - 00000000 ____D () C:\Users\Administrator 2014-05-12 22:20 - 2013-12-06 19:27 - 00000000 ____D () C:\Users\Jan\AppData\Local\VirtualStore 2014-05-12 22:07 - 2014-05-12 22:07 - 00000000 ____D () C:\Users\Jan\Documents\230828-672014-dungeon-keeper-2.rar 2014-05-09 09:06 - 2014-05-14 09:26 - 00369664 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll 2014-05-09 09:04 - 2014-05-14 09:26 - 00302592 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll 2014-05-08 16:12 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\rescache 2014-05-06 05:25 - 2014-05-15 01:36 - 17382912 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2014-05-06 05:07 - 2014-05-15 01:36 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2014-05-06 04:10 - 2014-05-15 01:36 - 00069632 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll 2014-05-02 21:03 - 2014-05-02 21:03 - 03441423 _____ () C:\Users\Jan\Downloads\Instalok - Pick Anyone (Jason Derulo - 2014-04-26 13:07 - 2014-04-26 13:04 - 00000000 ____D () C:\ProgramData\Adobe 2014-04-26 13:06 - 2013-12-06 20:53 - 00000000 ____D () C:\Users\Jan\AppData\Roaming\Adobe 2014-04-26 13:05 - 2014-04-26 13:05 - 00001993 _____ () C:\Users\Public\Desktop\Adobe Reader XI.lnk 2014-04-26 13:04 - 2014-04-26 13:04 - 00000000 ____D () C:\Program Files\Common Files\Adobe 2014-04-26 13:04 - 2014-04-26 13:04 - 00000000 ____D () C:\Program Files\Adobe 2014-04-18 23:28 - 2014-04-18 23:28 - 04440764 _____ () C:\Users\Jan\Downloads\Pinkzebra Some content of TEMP: ==================== C:\Users\Jan\AppData\Local\temp\GPUpd.exe C:\Users\Jan\AppData\Local\temp\Quarantine.exe ==================== Bamital & volsnap Check ================= C:\Windows\explorer.exe => MD5 is legit C:\Windows\system32\winlogon.exe [2014-05-14 09:26] - [2014-03-04 11:17] - 0304128 ____A (Microsoft Corporation) 998507B046BA314CE8245364C686FA67 C:\Windows\system32\wininit.exe => MD5 is legit C:\Windows\system32\svchost.exe => MD5 is legit C:\Windows\system32\services.exe => MD5 is legit C:\Windows\system32\User32.dll => MD5 is legit C:\Windows\system32\userinit.exe => MD5 is legit C:\Windows\system32\rpcss.dll => MD5 is legit C:\Windows\system32\Drivers\volsnap.sys => MD5 is legit LastRegBack: 2014-05-09 11:39 ==================== End Of Log ============================ --- --- --- ESET hat 129 infizierte Dateien gefunden. Läuft leider noch nicht alles glatt. |
19.05.2014, 10:50 | #8 |
/// the machine /// TB-Ausbilder | Windows 7(32Bit): CPU Auslastung hoch/möglicher Virenbefall Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster. Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument Code:
ATTFilter GroupPolicy: Group Policy on Chrome detected <======= ATTENTION ProxyServer: http=127.0.0.1:8118;https=127.0.0.1:8118 C:\Users\Jan\AppData\Roaming\InetStat C:\Users\Jan\AppData\Roaming\GetPrivate Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
Frisches FRST log bitte.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
19.05.2014, 11:29 | #9 |
| Windows 7(32Bit): CPU Auslastung hoch/möglicher Virenbefall Fixlog: Code:
ATTFilter Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version:15-05-2014 Ran by Jan at 2014-05-19 12:20:15 Run:3 Running from C:\Users\Jan\Desktop Boot Mode: Normal ============================================== Content of fixlist: ***************** GroupPolicy: Group Policy on Chrome detected <======= ATTENTION ProxyServer: http=127.0.0.1:8118;https=127.0.0.1:8118 C:\Users\Jan\AppData\Roaming\InetStat C:\Users\Jan\AppData\Roaming\GetPrivateGroupPolicy: Group Policy on Chrome detected <======= ATTENTION ProxyServer: http=127.0.0.1:8118;https=127.0.0.1:8118 C:\Users\Jan\AppData\Roaming\InetStat C:\Users\Jan\AppData\Roaming\GetPrivate ***************** C:\Windows\system32\GroupPolicy\Machine => Moved successfully. C:\Windows\system32\GroupPolicy\GPT.ini => Moved successfully. HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer => Value deleted successfully. C:\Users\Jan\AppData\Roaming\InetStat => Moved successfully. "C:\Users\Jan\AppData\Roaming\GetPrivateGroupPolicy: Group Policy on Chrome detected <======= ATTENTION" => File/Directory not found. HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer => Value not found. "C:\Users\Jan\AppData\Roaming\InetStat" => File/Directory not found. C:\Users\Jan\AppData\Roaming\GetPrivate => Moved successfully. The system needed a reboot. ==== End of Fixlog ==== FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:15-05-2014 Ran by Jan (administrator) on JAN-PC on 19-05-2014 12:26:44 Running from C:\Users\Jan\Desktop Platform: Microsoft Windows 7 Ultimate Service Pack 1 (X86) OS Language: German Standard Internet Explorer Version 11 Boot Mode: Normal ==================== Processes (Whitelisted) ================= (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (Malwarebytes Corporation) C:\Program Files\ Malwarebytes Anti-Malware \mbamscheduler.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NetService\NvNetworkService.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe (Microsoft Corporation) C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Update Core\NvBackend.exe (Microsoft Corporation) C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe (Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe (Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) C:\Program Files\Mozilla Firefox\plugin-container.exe (Adobe Systems, Inc.) C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe (Adobe Systems, Inc.) C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe (Microsoft Corporation) C:\Windows\System32\wuauclt.exe ==================== Registry (Whitelisted) ================== HKLM\...\Run: [Nvtmru] => "C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe" HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\nvspcap.dll [1081112 2014-04-30] (NVIDIA Corporation) HKLM\...\Run: [NvBackend] => C:\Program Files\NVIDIA Corporation\Update Core\NvBackend.exe [2199840 2014-04-30] (NVIDIA Corporation) HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-12-21] (Adobe Systems Incorporated) HKU\.DEFAULT\...\RunOnce: [SPReview] - C:\Windows\System32\SPReview\SPReview.exe [280576 2013-12-09] (Microsoft Corporation) ==================== Internet (Whitelisted) ==================== HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank SearchScopes: HKLM - DefaultScope value is missing. Tcpip\Parameters: [DhcpNameServer] 192.168.178.1 FireFox: ======== FF ProfilePath: C:\Users\Jan\AppData\Roaming\Mozilla\Firefox\Profiles\dcuyuvrt.default FF Homepage: google.de FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_13_0_0_214.dll () FF Plugin: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~1\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF Plugin: @nvidia.com/3DVision - C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation) FF Plugin: @nvidia.com/3DVisionStreaming - C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation) FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\amazondotcom-de.xml FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\eBay-de.xml FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\leo_ende_de.xml FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\yahoo-de.xml FF HKCU\...\Firefox\Extensions: [{B9CAB6E3-383E-2705-9275-E9FFFCD2C970}] - C:\Program Files\BlockAndSurf-soft\161.xpi ========================== Services (Whitelisted) ================= S3 BEService; C:\Program Files\Common Files\BattlEye\BEService.exe [49152 2013-12-06] () R2 MBAMScheduler; C:\Program Files\ Malwarebytes Anti-Malware \mbamscheduler.exe [1809720 2014-04-03] (Malwarebytes Corporation) S2 MBAMService; C:\Program Files\ Malwarebytes Anti-Malware \mbamservice.exe [857912 2014-04-03] (Malwarebytes Corporation) R2 NvNetworkService; C:\Program Files\NVIDIA Corporation\NetService\NvNetworkService.exe [1618888 2014-04-30] (NVIDIA Corporation) R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [19701080 2014-04-30] (NVIDIA Corporation) ==================== Drivers (Whitelisted) ==================== R3 EuMusDesignVirtualAudioCableWdm; C:\Windows\System32\DRIVERS\vrtaucbl.sys [50728 2014-04-11] (Eugene V. Muzychenko) R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [23256 2014-04-03] (Malwarebytes Corporation) S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [51416 2014-04-03] (Malwarebytes Corporation) R3 MTsensor; C:\Windows\System32\DRIVERS\ATKACPI.sys [7680 2007-07-31] (ATK0100) R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [19400 2014-04-30] (NVIDIA Corporation) R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad32v.sys [34080 2014-03-31] (NVIDIA Corporation) R3 Sftfs; C:\Windows\System32\DRIVERS\Sftfswin7.sys [581480 2011-10-01] (Microsoft Corporation) R3 Sftplay; C:\Windows\System32\DRIVERS\Sftplaywin7.sys [194408 2011-10-01] (Microsoft Corporation) R3 Sftredir; C:\Windows\System32\DRIVERS\Sftredirwin7.sys [21864 2011-10-01] (Microsoft Corporation) R3 Sftvol; C:\Windows\System32\DRIVERS\Sftvolwin7.sys [19304 2011-10-01] (Microsoft Corporation) S3 catchme; \??\C:\Users\Jan\AppData\Local\Temp\catchme.sys [X] S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X] S3 tsusbhub; system32\drivers\tsusbhub.sys [X] S3 VGPU; System32\drivers\rdvgkmd.sys [X] U5 VWiFiFlt; C:\Windows\System32\Drivers\VWiFiFlt.sys [48128 2009-07-14] (Microsoft Corporation) ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2014-05-18 19:25 - 2014-05-18 19:25 - 00000000 ____D () C:\Program Files\AGEIA Technologies 2014-05-18 19:24 - 2014-03-04 13:32 - 00599840 _____ (NVIDIA Corporation) C:\Windows\system32\nvStreaming.exe 2014-05-18 19:19 - 2014-03-04 16:29 - 23716640 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglv32.dll 2014-05-18 19:19 - 2014-03-04 16:29 - 17559384 _____ (NVIDIA Corporation) C:\Windows\system32\nvcompiler.dll 2014-05-18 19:19 - 2014-03-04 16:29 - 10523480 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvlddmkm.sys 2014-05-18 19:19 - 2014-03-04 16:29 - 09728064 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuda.dll 2014-05-18 19:19 - 2014-03-04 16:29 - 09690424 _____ (NVIDIA Corporation) C:\Windows\system32\nvopencl.dll 2014-05-18 19:19 - 2014-03-04 16:29 - 02956632 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvid.dll 2014-05-18 19:19 - 2014-03-04 16:29 - 02411976 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvenc.dll 2014-05-18 19:19 - 2014-03-04 16:29 - 01049888 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco3233523.dll 2014-05-18 19:19 - 2014-03-04 16:29 - 00894296 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco3233523.dll 2014-05-18 19:19 - 2014-03-04 16:29 - 00865224 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFR.dll 2014-05-18 19:19 - 2014-03-04 16:29 - 00847136 _____ (NVIDIA Corporation) C:\Windows\system32\NvFBC.dll 2014-05-18 18:37 - 2014-03-31 18:42 - 00034080 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvvad32v.sys 2014-05-18 17:45 - 2014-05-18 17:45 - 00855379 _____ () C:\Users\Jan\Desktop\SecurityCheck.exe 2014-05-18 15:21 - 2014-05-18 15:22 - 02347384 _____ (ESET) C:\Users\Jan\Downloads\esetsmartinstaller_deu.exe 2014-05-17 14:30 - 2014-05-17 14:30 - 00000642 _____ () C:\Users\Jan\Desktop\JRT.txt 2014-05-17 14:19 - 2014-05-17 14:19 - 00000000 ____D () C:\Program Files\Common Files\Lavasoft 2014-05-16 20:08 - 2014-05-16 20:21 - 00000000 ____D () C:\Program Files\Google 2014-05-16 17:11 - 2014-05-19 12:26 - 00006839 _____ () C:\Users\Jan\Desktop\FRST.txt 2014-05-16 17:00 - 2014-05-16 17:00 - 00000000 ____D () C:\Windows\ERUNT 2014-05-16 16:57 - 2014-05-16 16:57 - 01016261 _____ (Thisisu) C:\Users\Jan\Desktop\JRT.exe 2014-05-16 16:46 - 2014-05-16 16:46 - 00000952 _____ () C:\Users\Jan\Desktop\AdwCleaner[S0].txt 2014-05-16 16:42 - 2014-05-17 14:21 - 00000000 ____D () C:\AdwCleaner 2014-05-16 16:41 - 2014-05-17 14:17 - 00001147 _____ () C:\Users\Jan\Desktop\mbam.txt 2014-05-16 16:28 - 2014-05-16 16:28 - 00001060 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk 2014-05-16 16:28 - 2014-05-16 16:28 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 2014-05-16 16:28 - 2014-05-16 16:28 - 00000000 ____D () C:\Program Files\ Malwarebytes Anti-Malware 2014-05-16 16:28 - 2014-04-03 09:51 - 00073432 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys 2014-05-16 16:28 - 2014-04-03 09:51 - 00051416 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys 2014-05-16 16:28 - 2014-04-03 09:50 - 00023256 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys 2014-05-16 09:57 - 2014-05-16 09:57 - 00011190 _____ () C:\ComboFix.txt 2014-05-16 09:44 - 2014-05-16 09:57 - 00000000 ____D () C:\Qoobox 2014-05-16 09:44 - 2014-05-16 09:57 - 00000000 ____D () C:\ComboFix 2014-05-16 09:44 - 2014-05-16 09:56 - 00000000 ____D () C:\Windows\erdnt 2014-05-16 09:44 - 2011-06-26 08:45 - 00256000 _____ () C:\Windows\PEV.exe 2014-05-16 09:44 - 2010-11-07 19:20 - 00208896 _____ () C:\Windows\MBR.exe 2014-05-16 09:44 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe 2014-05-16 09:44 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe 2014-05-16 09:44 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe 2014-05-16 09:44 - 2000-08-31 02:00 - 00098816 _____ () C:\Windows\sed.exe 2014-05-16 09:44 - 2000-08-31 02:00 - 00080412 _____ () C:\Windows\grep.exe 2014-05-16 09:44 - 2000-08-31 02:00 - 00068096 _____ () C:\Windows\zip.exe 2014-05-16 09:40 - 2014-05-16 09:41 - 05200990 ____R (Swearware) C:\Users\Jan\Downloads\ComboFix.exe 2014-05-16 00:42 - 2014-05-16 00:42 - 00023769 _____ () C:\Users\Jan\Desktop\Gmer.log 2014-05-16 00:31 - 2014-05-16 00:32 - 00020084 _____ () C:\Users\Jan\Downloads\Addition.txt 2014-05-16 00:30 - 2014-05-19 12:26 - 00000000 ____D () C:\FRST 2014-05-16 00:30 - 2014-05-16 00:32 - 00030016 _____ () C:\Users\Jan\Downloads\FRST.txt 2014-05-16 00:29 - 2014-05-16 00:29 - 00000468 _____ () C:\Users\Jan\Downloads\defogger_disable.log 2014-05-16 00:29 - 2014-05-16 00:29 - 00000000 _____ () C:\Users\Jan\defogger_reenable 2014-05-16 00:27 - 2014-05-16 00:27 - 01056768 _____ (Farbar) C:\Users\Jan\Desktop\FRST.exe 2014-05-16 00:27 - 2014-05-16 00:27 - 00380416 _____ () C:\Users\Jan\Downloads\Gmer-19357.exe 2014-05-16 00:26 - 2014-05-16 00:26 - 00050477 _____ () C:\Users\Jan\Downloads\Defogger.exe 2014-05-15 14:21 - 2014-05-15 14:21 - 00000498 _____ () C:\DelFix.txt 2014-05-15 13:59 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\Windows\system32\sqlite3.dll 2014-05-15 13:40 - 2014-05-15 13:40 - 00000000 ____D () C:\Users\Jan\Documents\ProcAlyzer Dumps 2014-05-15 01:36 - 2014-05-06 05:25 - 17382912 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2014-05-15 01:36 - 2014-05-06 05:07 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2014-05-15 01:36 - 2014-05-06 04:10 - 00069632 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll 2014-05-14 20:04 - 2014-05-14 20:04 - 00000199 _____ () C:\Users\Jan\Desktop\Counter-Strike Global Offensive.url 2014-05-14 19:34 - 2014-05-14 19:34 - 00001117 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk 2014-05-14 19:34 - 2014-05-14 19:34 - 00001105 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk 2014-05-14 19:34 - 2014-05-14 19:34 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service 2014-05-14 12:19 - 2014-05-14 12:19 - 00000000 ____D () C:\Users\Jan\AppData\Roaming\LavasoftStatistics 2014-05-14 11:11 - 2014-05-15 14:02 - 00000000 ____D () C:\Program Files\Spybot - Search & Destroy 2 2014-05-14 11:11 - 2014-05-15 13:55 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy 2014-05-14 11:10 - 2014-05-19 09:38 - 00107736 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2014-05-14 11:08 - 2014-05-15 13:43 - 00000000 ____D () C:\Program Files\Lavasoft 2014-05-14 11:06 - 2014-05-14 11:06 - 00000000 ____D () C:\ProgramData\Malwarebytes 2014-05-14 11:04 - 2014-05-14 11:04 - 46392680 _____ (Safer-Networking Ltd. ) C:\Users\Jan\Downloads\spybot-2.3.exe 2014-05-14 11:03 - 2014-05-14 11:03 - 17305616 _____ (Malwarebytes Corporation ) C:\Users\Jan\Downloads\mbam-setup-2.0.1.1004.exe 2014-05-14 11:03 - 2014-05-14 11:03 - 00000000 ____D () C:\ProgramData\Lavasoft 2014-05-14 09:26 - 2014-05-09 09:06 - 00369664 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll 2014-05-14 09:26 - 2014-05-09 09:04 - 00302592 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll 2014-05-14 09:26 - 2014-04-12 04:15 - 00136640 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys 2014-05-14 09:26 - 2014-04-12 04:15 - 00067520 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys 2014-05-14 09:26 - 2014-04-12 04:12 - 00100352 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll 2014-05-14 09:26 - 2014-04-12 04:12 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll 2014-05-14 09:26 - 2014-04-12 04:12 - 00015872 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll 2014-05-14 09:26 - 2014-04-12 04:11 - 01059840 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll 2014-05-14 09:26 - 2014-04-12 04:11 - 00022528 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe 2014-05-14 09:26 - 2014-03-25 04:09 - 12874240 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll 2014-05-14 09:26 - 2014-03-04 11:20 - 03969984 _____ (Microsoft Corporation) C:\Windows\system32\ntkrnlpa.exe 2014-05-14 09:26 - 2014-03-04 11:20 - 03914176 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe 2014-05-14 09:26 - 2014-03-04 11:17 - 00550912 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll 2014-05-14 09:26 - 2014-03-04 11:17 - 00538112 _____ (Microsoft Corporation) C:\Windows\system32\objsel.dll 2014-05-14 09:26 - 2014-03-04 11:17 - 00304128 _____ (Microsoft Corporation) C:\Windows\system32\winlogon.exe 2014-05-14 09:26 - 2014-03-04 11:17 - 00293376 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll 2014-05-14 09:26 - 2014-03-04 11:17 - 00259584 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll 2014-05-14 09:26 - 2014-03-04 11:17 - 00247808 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll 2014-05-14 09:26 - 2014-03-04 11:17 - 00172032 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll 2014-05-14 09:26 - 2014-03-04 11:17 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll 2014-05-14 09:26 - 2014-03-04 11:17 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\cngprovider.dll 2014-05-14 09:26 - 2014-03-04 11:17 - 00049664 _____ (Microsoft Corporation) C:\Windows\system32\adprovider.dll 2014-05-14 09:26 - 2014-03-04 11:17 - 00048128 _____ (Microsoft Corporation) C:\Windows\system32\capiprovider.dll 2014-05-14 09:26 - 2014-03-04 11:17 - 00047616 _____ (Microsoft Corporation) C:\Windows\system32\dpapiprovider.dll 2014-05-14 09:26 - 2014-03-04 11:17 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\dimsroam.dll 2014-05-14 09:26 - 2014-03-04 11:17 - 00035328 _____ (Microsoft Corporation) C:\Windows\system32\wincredprovider.dll 2014-05-14 09:26 - 2014-03-04 11:17 - 00017408 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll 2014-05-13 22:55 - 2014-05-13 22:55 - 00000000 __SHD () C:\Users\Jan\AppData\Local\EmieUserList 2014-05-13 22:55 - 2014-05-13 22:55 - 00000000 __SHD () C:\Users\Jan\AppData\Local\EmieSiteList 2014-05-13 22:53 - 2014-05-13 22:53 - 00000000 ____D () C:\Program Files\MSR 2014-05-13 22:52 - 2014-05-19 12:22 - 00000008 __RSH () C:\ProgramData\ntuser.pol 2014-05-13 22:52 - 2014-05-13 22:52 - 00000000 ____D () C:\Users\Jan\AppData\Roaming\wi_upd 2014-05-13 22:51 - 2014-05-13 22:51 - 02271256 _____ () C:\Users\Jan\Downloads\Garrys.Mod.v13.06.20-v13.07.05.Update.exe 2014-05-13 22:37 - 2014-05-13 22:37 - 00222184 _____ (Deposit Files) C:\Users\Jan\Downloads\dfdownloader_xMdXQR_.exe 2014-05-13 22:19 - 2014-05-13 22:39 - 1015875267 _____ () C:\Users\Jan\Downloads\CSS_2013_patch_1909615_nosTEAM.exe 2014-05-13 21:19 - 2014-05-13 21:19 - 00222184 _____ (Deposit Files) C:\Users\Jan\Downloads\dfdownloader_luc4Mu_.exe 2014-05-13 21:07 - 2014-05-14 12:24 - 00000000 ____D () C:\Users\Jan\AppData\Roaming\uTorrent 2014-05-13 21:06 - 2014-05-13 21:06 - 01670992 _____ (BitTorrent Inc.) C:\Users\Jan\Downloads\uTorrent_3.4.1_31139.exe 2014-05-13 21:00 - 2014-05-13 21:00 - 00222184 _____ (Deposit Files) C:\Users\Jan\Downloads\dfdownloader_sbRdYx_.exe 2014-05-12 22:50 - 2014-05-12 22:50 - 00000000 ____D () C:\ProgramData\ItsMyApp 2014-05-12 22:49 - 2014-05-16 20:21 - 00000000 ____D () C:\Users\Jan\AppData\Local\Google 2014-05-12 22:49 - 2014-05-14 12:25 - 00000000 ____D () C:\ProgramData\18be15233c43999c 2014-05-12 22:49 - 2014-05-12 22:49 - 00000000 ____D () C:\Users\Jan\AppData\Local\Comodo 2014-05-12 22:49 - 2014-05-12 22:49 - 00000000 ____D () C:\Users\Jan\AppData\Local\Chromatic Browser 2014-05-12 22:49 - 2014-05-12 22:49 - 00000000 ____D () C:\Users\Gast\AppData\Local\Google 2014-05-12 22:49 - 2014-05-12 22:49 - 00000000 ____D () C:\Users\Gast\AppData\Local\Comodo 2014-05-12 22:49 - 2014-05-12 22:49 - 00000000 ____D () C:\Users\Gast\AppData\Local\Chromatic Browser 2014-05-12 22:49 - 2014-05-12 22:49 - 00000000 ____D () C:\Users\Gast 2014-05-12 22:49 - 2014-05-12 22:49 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Google 2014-05-12 22:49 - 2014-05-12 22:49 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Comodo 2014-05-12 22:49 - 2014-05-12 22:49 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Chromatic Browser 2014-05-12 22:49 - 2014-05-12 22:49 - 00000000 ____D () C:\Users\Administrator 2014-05-12 22:48 - 2014-05-12 22:55 - 00000000 ____D () C:\ProgramData\InstallMate 2014-05-12 22:38 - 2014-02-12 22:26 - 00000426 _____ () C:\AVScanner.ini 2014-05-12 22:10 - 2014-05-13 22:46 - 00000000 ____D () C:\Users\Jan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games 2014-05-12 22:07 - 2014-05-12 22:07 - 00000000 ____D () C:\Users\Jan\Documents\230828-672014-dungeon-keeper-2.rar 2014-05-10 17:56 - 2014-05-14 19:34 - 00000000 ____D () C:\Program Files\Mozilla Firefox 2014-05-06 17:34 - 2014-05-15 13:10 - 00000000 ___SD () C:\Windows\system32\CompatTel 2014-05-02 21:03 - 2014-05-02 21:03 - 03441423 _____ () C:\Users\Jan\Downloads\Instalok - Pick Anyone (Jason Derulo - 2014-04-29 18:12 - 2014-03-06 10:31 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll 2014-04-29 18:12 - 2014-03-06 10:02 - 00455168 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll 2014-04-29 18:12 - 2014-03-06 10:02 - 00061952 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll 2014-04-29 18:12 - 2014-03-06 10:01 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll 2014-04-29 18:12 - 2014-03-06 09:47 - 02178048 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2014-04-29 18:12 - 2014-03-06 09:46 - 04254720 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2014-04-29 18:12 - 2014-03-06 09:46 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll 2014-04-29 18:12 - 2014-03-06 09:45 - 00032768 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll 2014-04-29 18:12 - 2014-03-06 09:40 - 00440832 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll 2014-04-29 18:12 - 2014-03-06 09:38 - 00112128 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe 2014-04-29 18:12 - 2014-03-06 09:38 - 00108032 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe 2014-04-29 18:12 - 2014-03-06 09:36 - 00592896 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll 2014-04-29 18:12 - 2014-03-06 09:28 - 00646144 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe 2014-04-29 18:12 - 2014-03-06 09:22 - 00367616 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll 2014-04-29 18:12 - 2014-03-06 09:18 - 00575488 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe 2014-04-29 18:12 - 2014-03-06 09:13 - 00032256 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll 2014-04-29 18:12 - 2014-03-06 09:07 - 00164864 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll 2014-04-29 18:12 - 2014-03-06 09:01 - 00244224 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll 2014-04-29 18:12 - 2014-03-06 08:46 - 00524288 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2014-04-29 18:12 - 2014-03-06 08:40 - 01967104 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl 2014-04-29 18:12 - 2014-03-06 08:36 - 11745792 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2014-04-29 18:12 - 2014-03-06 07:43 - 00704512 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll 2014-04-29 18:12 - 2014-03-06 07:41 - 01789440 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2014-04-29 18:12 - 2014-03-06 07:36 - 01143808 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2014-04-26 13:05 - 2014-05-14 12:24 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk 2014-04-26 13:05 - 2014-04-26 13:05 - 00001993 _____ () C:\Users\Public\Desktop\Adobe Reader XI.lnk 2014-04-26 13:04 - 2014-04-26 13:07 - 00000000 ____D () C:\ProgramData\Adobe 2014-04-26 13:04 - 2014-04-26 13:04 - 00000000 ____D () C:\Program Files\Common Files\Adobe 2014-04-26 13:04 - 2014-04-26 13:04 - 00000000 ____D () C:\Program Files\Adobe ==================== One Month Modified Files and Folders ======= 2014-05-19 12:27 - 2014-05-16 17:11 - 00006839 _____ () C:\Users\Jan\Desktop\FRST.txt 2014-05-19 12:27 - 2013-12-13 16:17 - 00000000 ____D () C:\Users\Jan\AppData\Roaming\TS3Client 2014-05-19 12:26 - 2014-05-16 00:30 - 00000000 ____D () C:\FRST 2014-05-19 12:22 - 2014-05-13 22:52 - 00000008 __RSH () C:\ProgramData\ntuser.pol 2014-05-19 12:22 - 2013-12-06 20:15 - 00000000 ____D () C:\ProgramData\NVIDIA 2014-05-19 12:22 - 2009-07-14 06:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2014-05-19 12:22 - 2009-07-14 06:39 - 00061261 _____ () C:\Windows\setupact.log 2014-05-19 12:21 - 2013-12-06 18:47 - 01681610 _____ () C:\Windows\WindowsUpdate.log 2014-05-19 12:20 - 2009-07-14 04:37 - 00000000 ___HD () C:\Windows\system32\GroupPolicy 2014-05-19 12:08 - 2013-12-06 22:22 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job 2014-05-19 09:38 - 2014-05-14 11:10 - 00107736 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2014-05-19 09:00 - 2013-12-06 19:08 - 01622164 _____ () C:\Windows\system32\PerfStringBackup.INI 2014-05-19 09:00 - 2009-07-14 06:34 - 00014016 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2014-05-19 09:00 - 2009-07-14 06:34 - 00014016 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2014-05-18 19:33 - 2013-12-09 17:20 - 00153920 _____ () C:\Windows\PFRO.log 2014-05-18 19:25 - 2014-05-18 19:25 - 00000000 ____D () C:\Program Files\AGEIA Technologies 2014-05-18 19:25 - 2013-12-06 20:15 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation 2014-05-18 19:25 - 2013-12-06 20:12 - 00000000 ____D () C:\Program Files\NVIDIA Corporation 2014-05-18 18:39 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\Microsoft.NET 2014-05-18 18:38 - 2014-02-12 16:46 - 00000000 ____D () C:\Users\Jan\AppData\Local\NVIDIA Corporation 2014-05-18 18:38 - 2013-12-06 20:13 - 00000000 ____D () C:\ProgramData\NVIDIA Corporation 2014-05-18 17:45 - 2014-05-18 17:45 - 00855379 _____ () C:\Users\Jan\Desktop\SecurityCheck.exe 2014-05-18 15:22 - 2014-05-18 15:21 - 02347384 _____ (ESET) C:\Users\Jan\Downloads\esetsmartinstaller_deu.exe 2014-05-17 14:30 - 2014-05-17 14:30 - 00000642 _____ () C:\Users\Jan\Desktop\JRT.txt 2014-05-17 14:21 - 2014-05-16 16:42 - 00000000 ____D () C:\AdwCleaner 2014-05-17 14:19 - 2014-05-17 14:19 - 00000000 ____D () C:\Program Files\Common Files\Lavasoft 2014-05-17 14:17 - 2014-05-16 16:41 - 00001147 _____ () C:\Users\Jan\Desktop\mbam.txt 2014-05-16 20:22 - 2013-12-06 22:21 - 00000000 ____D () C:\Users\Jan\AppData\Local\Adobe 2014-05-16 20:21 - 2014-05-16 20:08 - 00000000 ____D () C:\Program Files\Google 2014-05-16 20:21 - 2014-05-12 22:49 - 00000000 ____D () C:\Users\Jan\AppData\Local\Google 2014-05-16 20:08 - 2013-12-06 22:22 - 00692400 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe 2014-05-16 20:08 - 2013-12-06 22:22 - 00070832 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl 2014-05-16 17:00 - 2014-05-16 17:00 - 00000000 ____D () C:\Windows\ERUNT 2014-05-16 16:57 - 2014-05-16 16:57 - 01016261 _____ (Thisisu) C:\Users\Jan\Desktop\JRT.exe 2014-05-16 16:46 - 2014-05-16 16:46 - 00000952 _____ () C:\Users\Jan\Desktop\AdwCleaner[S0].txt 2014-05-16 16:46 - 2009-07-14 06:53 - 00032630 _____ () C:\Windows\Tasks\SCHEDLGU.TXT 2014-05-16 16:28 - 2014-05-16 16:28 - 00001060 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk 2014-05-16 16:28 - 2014-05-16 16:28 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 2014-05-16 16:28 - 2014-05-16 16:28 - 00000000 ____D () C:\Program Files\ Malwarebytes Anti-Malware 2014-05-16 09:57 - 2014-05-16 09:57 - 00011190 _____ () C:\ComboFix.txt 2014-05-16 09:57 - 2014-05-16 09:44 - 00000000 ____D () C:\Qoobox 2014-05-16 09:57 - 2014-05-16 09:44 - 00000000 ____D () C:\ComboFix 2014-05-16 09:57 - 2009-07-14 04:37 - 00000000 __RHD () C:\Users\Default 2014-05-16 09:57 - 2009-07-14 04:37 - 00000000 ___RD () C:\Users\Public 2014-05-16 09:56 - 2014-05-16 09:44 - 00000000 ____D () C:\Windows\erdnt 2014-05-16 09:54 - 2009-07-14 04:04 - 00000215 _____ () C:\Windows\system.ini 2014-05-16 09:52 - 2009-07-14 04:03 - 36700160 _____ () C:\Windows\system32\config\SOFTWARE.bak 2014-05-16 09:52 - 2009-07-14 04:03 - 13107200 _____ () C:\Windows\system32\config\SYSTEM.bak 2014-05-16 09:52 - 2009-07-14 04:03 - 00524288 _____ () C:\Windows\system32\config\DEFAULT.bak 2014-05-16 09:52 - 2009-07-14 04:03 - 00262144 _____ () C:\Windows\system32\config\SECURITY.bak 2014-05-16 09:52 - 2009-07-14 04:03 - 00262144 _____ () C:\Windows\system32\config\SAM.bak 2014-05-16 09:41 - 2014-05-16 09:40 - 05200990 ____R (Swearware) C:\Users\Jan\Downloads\ComboFix.exe 2014-05-16 00:42 - 2014-05-16 00:42 - 00023769 _____ () C:\Users\Jan\Desktop\Gmer.log 2014-05-16 00:32 - 2014-05-16 00:31 - 00020084 _____ () C:\Users\Jan\Downloads\Addition.txt 2014-05-16 00:32 - 2014-05-16 00:30 - 00030016 _____ () C:\Users\Jan\Downloads\FRST.txt 2014-05-16 00:29 - 2014-05-16 00:29 - 00000468 _____ () C:\Users\Jan\Downloads\defogger_disable.log 2014-05-16 00:29 - 2014-05-16 00:29 - 00000000 _____ () C:\Users\Jan\defogger_reenable 2014-05-16 00:29 - 2013-12-06 19:26 - 00000000 ____D () C:\Users\Jan 2014-05-16 00:27 - 2014-05-16 00:27 - 01056768 _____ (Farbar) C:\Users\Jan\Desktop\FRST.exe 2014-05-16 00:27 - 2014-05-16 00:27 - 00380416 _____ () C:\Users\Jan\Downloads\Gmer-19357.exe 2014-05-16 00:26 - 2014-05-16 00:26 - 00050477 _____ () C:\Users\Jan\Downloads\Defogger.exe 2014-05-15 14:21 - 2014-05-15 14:21 - 00000498 _____ () C:\DelFix.txt 2014-05-15 14:02 - 2014-05-14 11:11 - 00000000 ____D () C:\Program Files\Spybot - Search & Destroy 2 2014-05-15 14:00 - 2013-12-06 19:27 - 00001144 _____ () C:\Users\Jan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk 2014-05-15 13:55 - 2014-05-14 11:11 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy 2014-05-15 13:43 - 2014-05-14 11:08 - 00000000 ____D () C:\Program Files\Lavasoft 2014-05-15 13:40 - 2014-05-15 13:40 - 00000000 ____D () C:\Users\Jan\Documents\ProcAlyzer Dumps 2014-05-15 13:10 - 2014-05-06 17:34 - 00000000 ___SD () C:\Windows\system32\CompatTel 2014-05-15 13:10 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\system32\de-DE 2014-05-14 20:04 - 2014-05-14 20:04 - 00000199 _____ () C:\Users\Jan\Desktop\Counter-Strike Global Offensive.url 2014-05-14 19:35 - 2013-12-06 19:36 - 00000000 ____D () C:\Users\Jan\AppData\Roaming\Mozilla 2014-05-14 19:34 - 2014-05-14 19:34 - 00001117 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk 2014-05-14 19:34 - 2014-05-14 19:34 - 00001105 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk 2014-05-14 19:34 - 2014-05-14 19:34 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service 2014-05-14 19:34 - 2014-05-10 17:56 - 00000000 ____D () C:\Program Files\Mozilla Firefox 2014-05-14 12:25 - 2014-05-12 22:49 - 00000000 ____D () C:\ProgramData\18be15233c43999c 2014-05-14 12:24 - 2014-05-13 21:07 - 00000000 ____D () C:\Users\Jan\AppData\Roaming\uTorrent 2014-05-14 12:24 - 2014-04-26 13:05 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk 2014-05-14 12:19 - 2014-05-14 12:19 - 00000000 ____D () C:\Users\Jan\AppData\Roaming\LavasoftStatistics 2014-05-14 11:06 - 2014-05-14 11:06 - 00000000 ____D () C:\ProgramData\Malwarebytes 2014-05-14 11:04 - 2014-05-14 11:04 - 46392680 _____ (Safer-Networking Ltd. ) C:\Users\Jan\Downloads\spybot-2.3.exe 2014-05-14 11:03 - 2014-05-14 11:03 - 17305616 _____ (Malwarebytes Corporation ) C:\Users\Jan\Downloads\mbam-setup-2.0.1.1004.exe 2014-05-14 11:03 - 2014-05-14 11:03 - 00000000 ____D () C:\ProgramData\Lavasoft 2014-05-13 22:55 - 2014-05-13 22:55 - 00000000 __SHD () C:\Users\Jan\AppData\Local\EmieUserList 2014-05-13 22:55 - 2014-05-13 22:55 - 00000000 __SHD () C:\Users\Jan\AppData\Local\EmieSiteList 2014-05-13 22:53 - 2014-05-13 22:53 - 00000000 ____D () C:\Program Files\MSR 2014-05-13 22:52 - 2014-05-13 22:52 - 00000000 ____D () C:\Users\Jan\AppData\Roaming\wi_upd 2014-05-13 22:51 - 2014-05-13 22:51 - 02271256 _____ () C:\Users\Jan\Downloads\Garrys.Mod.v13.06.20-v13.07.05.Update.exe 2014-05-13 22:46 - 2014-05-12 22:10 - 00000000 ____D () C:\Users\Jan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games 2014-05-13 22:39 - 2014-05-13 22:19 - 1015875267 _____ () C:\Users\Jan\Downloads\CSS_2013_patch_1909615_nosTEAM.exe 2014-05-13 22:37 - 2014-05-13 22:37 - 00222184 _____ (Deposit Files) C:\Users\Jan\Downloads\dfdownloader_xMdXQR_.exe 2014-05-13 21:19 - 2014-05-13 21:19 - 00222184 _____ (Deposit Files) C:\Users\Jan\Downloads\dfdownloader_luc4Mu_.exe 2014-05-13 21:06 - 2014-05-13 21:06 - 01670992 _____ (BitTorrent Inc.) C:\Users\Jan\Downloads\uTorrent_3.4.1_31139.exe 2014-05-13 21:00 - 2014-05-13 21:00 - 00222184 _____ (Deposit Files) C:\Users\Jan\Downloads\dfdownloader_sbRdYx_.exe 2014-05-12 23:14 - 2013-12-06 19:31 - 00000000 ____D () C:\Program Files\Common Files\Steam 2014-05-12 22:55 - 2014-05-12 22:48 - 00000000 ____D () C:\ProgramData\InstallMate 2014-05-12 22:50 - 2014-05-12 22:50 - 00000000 ____D () C:\ProgramData\ItsMyApp 2014-05-12 22:49 - 2014-05-12 22:49 - 00000000 ____D () C:\Users\Jan\AppData\Local\Comodo 2014-05-12 22:49 - 2014-05-12 22:49 - 00000000 ____D () C:\Users\Jan\AppData\Local\Chromatic Browser 2014-05-12 22:49 - 2014-05-12 22:49 - 00000000 ____D () C:\Users\Gast\AppData\Local\Google 2014-05-12 22:49 - 2014-05-12 22:49 - 00000000 ____D () C:\Users\Gast\AppData\Local\Comodo 2014-05-12 22:49 - 2014-05-12 22:49 - 00000000 ____D () C:\Users\Gast\AppData\Local\Chromatic Browser 2014-05-12 22:49 - 2014-05-12 22:49 - 00000000 ____D () C:\Users\Gast 2014-05-12 22:49 - 2014-05-12 22:49 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Google 2014-05-12 22:49 - 2014-05-12 22:49 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Comodo 2014-05-12 22:49 - 2014-05-12 22:49 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Chromatic Browser 2014-05-12 22:49 - 2014-05-12 22:49 - 00000000 ____D () C:\Users\Administrator 2014-05-12 22:20 - 2013-12-06 19:27 - 00000000 ____D () C:\Users\Jan\AppData\Local\VirtualStore 2014-05-12 22:07 - 2014-05-12 22:07 - 00000000 ____D () C:\Users\Jan\Documents\230828-672014-dungeon-keeper-2.rar 2014-05-09 09:06 - 2014-05-14 09:26 - 00369664 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll 2014-05-09 09:04 - 2014-05-14 09:26 - 00302592 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll 2014-05-08 16:12 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\rescache 2014-05-06 05:25 - 2014-05-15 01:36 - 17382912 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2014-05-06 05:07 - 2014-05-15 01:36 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2014-05-06 04:10 - 2014-05-15 01:36 - 00069632 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll 2014-05-02 21:03 - 2014-05-02 21:03 - 03441423 _____ () C:\Users\Jan\Downloads\Instalok - Pick Anyone (Jason Derulo - 2014-04-30 20:29 - 2013-12-06 20:16 - 01081112 _____ (NVIDIA Corporation) C:\Windows\system32\nvspcap.dll 2014-04-26 13:07 - 2014-04-26 13:04 - 00000000 ____D () C:\ProgramData\Adobe 2014-04-26 13:06 - 2013-12-06 20:53 - 00000000 ____D () C:\Users\Jan\AppData\Roaming\Adobe 2014-04-26 13:05 - 2014-04-26 13:05 - 00001993 _____ () C:\Users\Public\Desktop\Adobe Reader XI.lnk 2014-04-26 13:04 - 2014-04-26 13:04 - 00000000 ____D () C:\Program Files\Common Files\Adobe 2014-04-26 13:04 - 2014-04-26 13:04 - 00000000 ____D () C:\Program Files\Adobe Some content of TEMP: ==================== C:\Users\Jan\AppData\Local\temp\GPUpd.exe C:\Users\Jan\AppData\Local\temp\nv3DVStreaming.dll C:\Users\Jan\AppData\Local\temp\nvSCPAPI.dll C:\Users\Jan\AppData\Local\temp\nvStereoApiI.dll C:\Users\Jan\AppData\Local\temp\nvStInst.exe C:\Users\Jan\AppData\Local\temp\Quarantine.exe ==================== Bamital & volsnap Check ================= C:\Windows\explorer.exe => MD5 is legit C:\Windows\system32\winlogon.exe [2014-05-14 09:26] - [2014-03-04 11:17] - 0304128 ____A (Microsoft Corporation) 998507B046BA314CE8245364C686FA67 C:\Windows\system32\wininit.exe => MD5 is legit C:\Windows\system32\svchost.exe => MD5 is legit C:\Windows\system32\services.exe => MD5 is legit C:\Windows\system32\User32.dll => MD5 is legit C:\Windows\system32\userinit.exe => MD5 is legit C:\Windows\system32\rpcss.dll => MD5 is legit C:\Windows\system32\Drivers\volsnap.sys => MD5 is legit LastRegBack: 2014-05-09 11:39 ==================== End Of Log ============================ --- --- --- |
20.05.2014, 09:11 | #10 |
/// the machine /// TB-Ausbilder | Windows 7(32Bit): CPU Auslastung hoch/möglicher Virenbefall Noch Probleme?
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
20.05.2014, 11:29 | #11 |
| Windows 7(32Bit): CPU Auslastung hoch/möglicher Virenbefall Hey, nein momentan läuft alles gut Vielen vielen Dank für deine Hilfe! Gruß JanR91 |
21.05.2014, 07:43 | #12 |
/// the machine /// TB-Ausbilder | Windows 7(32Bit): CPU Auslastung hoch/möglicher Virenbefall Fertig Die Reihenfolge ist hier entscheidend.
Falls Du Lob oder Kritik abgeben möchtest kannst Du das hier tun Hier noch ein paar Tipps zur Absicherung deines Systems. Ich kann garnicht zu oft erwähnen, wie wichtig es ist, dass dein System Up to Date ist.
Anti- Viren Software
Zusätzlicher Schutz
Sicheres Browsen
Alternative Browser Andere Browser tendieren zu etwas mehr Sicherheit als der IE, da diese keine Active X Elemente verwenden. Diese können von Spyware zur Infektion deines Systems missbraucht werden.
Performance Bereinige regelmäßig deine Temp Files. Ich empfehle hierzu TFC Halte dich fern von jedlichen Registry Cleanern. Diese Schaden deinem System mehr als sie helfen. Hier ein paar ( englishe ) Links Miekemoes Blogspot ( MVP ) Bill Castner ( MVP ) Don'ts
Hinweis: Bitte gib mir eine kurze Rückmeldung wenn alles erledigt ist und keine Fragen mehr vorhanden sind, so das ich diesen Thread aus meinen Abos löschen kann.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
24.05.2014, 14:16 | #13 |
| Windows 7(32Bit): CPU Auslastung hoch/möglicher Virenbefall Alles erledigt! Vielen Dank |
25.05.2014, 07:01 | #14 |
/// the machine /// TB-Ausbilder | Windows 7(32Bit): CPU Auslastung hoch/möglicher Virenbefall Gern Geschehen
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
Themen zu Windows 7(32Bit): CPU Auslastung hoch/möglicher Virenbefall |
association, auslastung, fehlercode 1, flash player, homepage, iexplore.exe, installation, services.exe, software, svchost.exe, virenbefal, win32/adware.lollipop.t, win32/adware.pricepeep.b, win32/conduit.searchprotect.h, win32/installerex.m, win32/mypcbackup.a, win32/outbrowse.c, win32/outbrowse.d, win32/skintrim.lq, win32/toolbar.conduit.r, win32/wajam.b, win32/wajam.d, win32/wajam.f, windows, windows xp |