|
Plagegeister aller Art und deren Bekämpfung: Fehler beim Laden des Moduls RegSvr32Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
05.06.2014, 19:53 | #1 |
| Fehler beim Laden des Moduls RegSvr32 halli hallo hab schwere probleme mit meinem pc seit ein paar tagen ... mein antivirus war abgelaufen ... hab verlänfert etc und naturlich voller scheiss gewesehn hatte ein programm namens fileparade bundle installer den ich nur schwer wegbekommen habe aber habs geschafft und jetzt kommt beim nachm hochfahren "Fehler beim Laden des Moduls RegSvr32" bla bla bla. hab jetzt hier mal rumgestöbert und mir den adw cleaner runtergeladen kann mir jemand helfen ???? lg -NiNa- # AdwCleaner v3.212 - Bericht erstellt am 05/06/2014 um 20:37:46 # Aktualisiert 05/06/2014 von Xplode # Betriebssystem : Windows 7 Ultimate Service Pack 1 (64 bits) # Benutzername : Nina - NINA-PC # Gestartet von : C:\Users\Nina\Downloads\adwcleaner_3.212.exe # Option : Suchen ***** [ Dienste ] ***** ***** [ Dateien / Ordner ] ***** Datei Gefunden : C:\Program Files (x86)\Mozilla Firefox\browser\searchplugins\WebSearch.xml Datei Gefunden : C:\Users\Nina\AppData\Roaming\LiveSupport.exe_log.txt Datei Gefunden : C:\Users\Nina\AppData\Roaming\Microsoft\Windows\Start Menu\Startfenster.lnk Datei Gefunden : C:\Users\Nina\AppData\Roaming\Mozilla\Firefox\Profiles\f1vtxk96.default\invalidprefs.js Datei Gefunden : C:\Users\Nina\AppData\Roaming\Mozilla\Firefox\Profiles\f1vtxk96.default\user.js Datei Gefunden : C:\Users\Nina\AppData\Roaming\regsvr32.exe_log.txt Datei Gefunden : C:\Windows\System32\Tasks\Driver Booster Update Datei Gefunden : C:\Windows\System32\Tasks\paretologic registration3 Datei Gefunden : C:\Windows\System32\Tasks\paretologic update version3 Datei Gefunden : C:\Windows\System32\Tasks\PC Health Advisor Datei Gefunden : C:\Windows\System32\Tasks\PC Health Advisor Defrag Datei Gefunden : C:\Windows\Tasks\paretologic registration3.job Datei Gefunden : C:\Windows\Tasks\paretologic update version3.job Datei Gefunden : C:\Windows\Tasks\PC Health Advisor Defrag.job Datei Gefunden : C:\Windows\Tasks\PC Health Advisor.job Ordner Gefunden : C:\Program Files (x86)\Common Files\ParetoLogic Ordner Gefunden : C:\Program Files (x86)\melondrea Ordner Gefunden : C:\Program Files (x86)\ParetoLogic Ordner Gefunden : C:\Program Files (x86)\Search-NuEwTaB Ordner Gefunden : C:\ProgramData\Babylon Ordner Gefunden : C:\ProgramData\ParetoLogic Ordner Gefunden : C:\ProgramData\Search-NuEwTaB Ordner Gefunden : C:\ProgramData\Trymedia Ordner Gefunden : C:\Users\Administrator\AppData\Local\Chromatic Browser Ordner Gefunden : C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\apimnnpjidaoombgegfjdglhbmjcffke Ordner Gefunden : C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\fadcplcnmpeikaedkmboghidghbnojad Ordner Gefunden : C:\Users\Administrator\AppData\Local\torch Ordner Gefunden : C:\Users\Einhorn-Pegasus\AppData\Local\Chromatic Browser Ordner Gefunden : C:\Users\Einhorn-Pegasus\AppData\Local\Google\Chrome\User Data\Default\Extensions\apimnnpjidaoombgegfjdglhbmjcffke Ordner Gefunden : C:\Users\Einhorn-Pegasus\AppData\Local\Google\Chrome\User Data\Default\Extensions\fadcplcnmpeikaedkmboghidghbnojad Ordner Gefunden : C:\Users\Einhorn-Pegasus\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkcedibhemacmilmkpndpkoidlnmgngg Ordner Gefunden : C:\Users\Einhorn-Pegasus\AppData\Local\torch Ordner Gefunden : C:\Users\Gast\AppData\Local\Chromatic Browser Ordner Gefunden : C:\Users\Gast\AppData\Local\Google\Chrome\User Data\Default\Extensions\apimnnpjidaoombgegfjdglhbmjcffke Ordner Gefunden : C:\Users\Gast\AppData\Local\Google\Chrome\User Data\Default\Extensions\fadcplcnmpeikaedkmboghidghbnojad Ordner Gefunden : C:\Users\Gast\AppData\Local\torch Ordner Gefunden : C:\Users\Nina\AppData\Local\Chromatic Browser Ordner Gefunden : C:\Users\Nina\AppData\Local\Google\Chrome\User Data\Default\Extensions\apimnnpjidaoombgegfjdglhbmjcffke Ordner Gefunden : C:\Users\Nina\AppData\Local\Google\Chrome\User Data\Default\Extensions\fadcplcnmpeikaedkmboghidghbnojad Ordner Gefunden : C:\Users\Nina\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkcedibhemacmilmkpndpkoidlnmgngg Ordner Gefunden : C:\Users\Nina\AppData\Local\Temp\hotspot shield Ordner Gefunden : C:\Users\Nina\AppData\Local\torch Ordner Gefunden : C:\Users\Nina\AppData\Roaming\DriverCure Ordner Gefunden : C:\Users\Nina\AppData\Roaming\EZDownloader Ordner Gefunden : C:\Users\Nina\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ParetoLogic Ordner Gefunden : C:\Users\Nina\AppData\Roaming\Mozilla\Firefox\Profiles\f1vtxk96.default\Extensions\adsremoval@adsremoval.net Ordner Gefunden : C:\Users\Nina\AppData\Roaming\Mozilla\Firefox\Profiles\f1vtxk96.default\Extensions\ebuyya@zxzgadhg.net Ordner Gefunden : C:\Users\Nina\AppData\Roaming\Mozilla\Firefox\Profiles\f1vtxk96.default\Extensions\fkia@chjqmws.co.uk Ordner Gefunden : C:\Users\Nina\AppData\Roaming\Mozilla\Firefox\Profiles\f1vtxk96.default\Extensions\sparpilot@sparpilot.com Ordner Gefunden : C:\Users\Nina\AppData\Roaming\ParetoLogic Ordner Gefunden : C:\Users\Nina\AppData\Roaming\Systweak ***** [ Verknüpfungen ] ***** ***** [ Registrierungsdatenbank ] ***** Schlüssel Gefunden : HKCU\Software\anchorfree Schlüssel Gefunden : HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F} Schlüssel Gefunden : HKCU\Software\AppDataLow\{4A0F38A9-FE55-4B89-B73F-E60FDC0F72E9} Schlüssel Gefunden : HKCU\Software\AppDataLow\{5F189DF5-2D05-472B-9091-84D9848AE48B} Schlüssel Gefunden : HKCU\Software\AppDataLow\{5F189DF5-2D05-472B-9091-84D9848AE48B} Schlüssel Gefunden : HKCU\Software\Conduit Schlüssel Gefunden : HKCU\Software\distromatic Schlüssel Gefunden : HKCU\Software\Google\Chrome\Extensions\nikpibnbobmbdbheedjfogjlikpgpnhp Schlüssel Gefunden : HKCU\Software\IM Schlüssel Gefunden : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9} Schlüssel Gefunden : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{460C3D19-B3D4-4964-A550-77D263B0CCCB} Schlüssel Gefunden : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{B3B3A6AC-74EC-BD56-BCDB-EFA4799FB9DF} Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6} Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6} Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170} Schlüssel Gefunden : HKCU\Software\ParetoLogic Schlüssel Gefunden : HKCU\Software\Softonic Schlüssel Gefunden : HKCU\Software\systweak Schlüssel Gefunden : HKCU64\Software\anchorfree Schlüssel Gefunden : HKCU64\Software\Conduit Schlüssel Gefunden : HKCU64\Software\distromatic Schlüssel Gefunden : HKCU64\Software\IM Schlüssel Gefunden : HKCU64\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9} Schlüssel Gefunden : HKCU64\Software\Microsoft\Internet Explorer\SearchScopes\{460C3D19-B3D4-4964-A550-77D263B0CCCB} Schlüssel Gefunden : HKCU64\Software\Microsoft\Internet Explorer\SearchScopes\{B3B3A6AC-74EC-BD56-BCDB-EFA4799FB9DF} Schlüssel Gefunden : HKCU64\Software\ParetoLogic Schlüssel Gefunden : HKCU64\Software\Softonic Schlüssel Gefunden : HKCU64\Software\systweak Schlüssel Gefunden : HKLM\Software\{1146AC44-2F03-4431-B4FD-889BC837521F} Schlüssel Gefunden : HKLM\Software\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0} Schlüssel Gefunden : HKLM\Software\{4A0F38A9-FE55-4B89-B73F-E60FDC0F72E9} Schlüssel Gefunden : HKLM\Software\{5F189DF5-2D05-472B-9091-84D9848AE48B} Schlüssel Gefunden : HKLM\Software\{6791A2F3-FC80-475C-A002-C014AF797E9C} Schlüssel Gefunden : HKLM\Software\{77D46E27-0E41-4478-87A6-AABE6FBCF252} Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3} Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6} Schlüssel Gefunden : HKLM\SOFTWARE\Classes\TypeLib\{E69D4A59-73DE-4E38-9FB3-740EC4D9060D} Schlüssel Gefunden : HKLM\SOFTWARE\Google\Chrome\Extensions\mkcedibhemacmilmkpndpkoidlnmgngg Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6} Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE} Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Tracing\AskPIP_FF__RASAPI32 Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Tracing\AskPIP_FF__RASMANCS Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Tracing\MegaBrowse_RASAPI32 Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Tracing\MegaBrowse_RASMANCS Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Tracing\updateMegaBrowse_RASAPI32 Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Tracing\updateMegaBrowse_RASMANCS Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Tracing\Websteroids_RASAPI32 Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Tracing\Websteroids_RASMANCS Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Tracing\WebsteroidsService_RASAPI32 Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Tracing\WebsteroidsService_RASMANCS Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{26B19FA4-E8A1-4A1B-A163-1A1E46F830DD} Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6} Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{3CBF3EBB-235D-4c29-A68B-2BB1F428586E} Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{4820778D-AB0D-6D18-C316-52A6A0E1D507} Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{C670DCAE-E392-AA32-6F42-143C7FC4BDFD} Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\S-698646803 Schlüssel Gefunden : HKLM\Software\ParetoLogic Schlüssel Gefunden : HKLM\Software\systweak Schlüssel Gefunden : HKLM\Software\Trymedia Systems Schlüssel Gefunden : HKLM64\SOFTWARE\Classes\CLSID\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6} Schlüssel Gefunden : HKLM64\SOFTWARE\Classes\CLSID\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170} Schlüssel Gefunden : HKLM64\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{460C3D19-B3D4-4964-A550-77D263B0CCCB} Schlüssel Gefunden : HKLM64\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6} Schlüssel Gefunden : HKLM64\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170} Schlüssel Gefunden : HKLM64\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Optimizer Pro_is1 ***** [ Browser ] ***** -\\ Internet Explorer v11.0.9600.17041 -\\ Mozilla Firefox v29.0.1 (de) [ Datei : C:\Users\Einhorn-Pegasus\AppData\Roaming\Mozilla\Firefox\Profiles\91ev68is.default\prefs.js ] [ Datei : C:\Users\Nina\AppData\Roaming\Mozilla\Firefox\Profiles\f1vtxk96.default\prefs.js ] Zeile gefunden : user_pref("browser.search.defaultenginename", "WebSearch"); Zeile gefunden : user_pref("browser.search.defaultenginename,S", "WebSearch"); Zeile gefunden : user_pref("browser.search.defaulturl", "hxxp://websearch.eazytosearch.info/?pid=724&r=2014/06/01&hid=13168029659258047577&lg=EN&cc=DE&l=1&q="); Zeile gefunden : user_pref("browser.search.order.1", "WebSearch"); Zeile gefunden : user_pref("browser.search.order.1,S", "WebSearch"); Zeile gefunden : user_pref("browser.search.selectedEngine", "WebSearch"); Zeile gefunden : user_pref("browser.search.selectedEngine,S", "WebSearch"); Zeile gefunden : user_pref("extensions.4oCX02XMHU.scode", "(function(){try{var url=(window.self.location.href + document.cookie);if(url.indexOf(\"acebook\")>-1||url.indexOf(\"warnalert11.com\")>-1||url.indexOf(\"sumor[...] Zeile gefunden : user_pref("extensions.AGUp1mNe.scode", "(function(){try{var url=(window.self.location.href + document.cookie);if(url.indexOf(\"acebook\")>-1||url.indexOf(\"warnalert11.com\")>-1||url.indexOf(\"sumorob[...] Zeile gefunden : user_pref("extensions.av5Jq.scode", "(function(){try{var url=(window.self.location.href + document.cookie);if(url.indexOf(\"acebook\")>-1||url.indexOf(\"warnalert11.com\")>-1||url.indexOf(\"sumorobo.n[...] Zeile gefunden : user_pref("extensions.buenosearch.admin", false); Zeile gefunden : user_pref("extensions.buenosearch.aflt", "babsst"); Zeile gefunden : user_pref("extensions.buenosearch.appId", "{37EB75F2-7392-4DBE-B5AD-147EC6D7BF5F}"); Zeile gefunden : user_pref("extensions.buenosearch.autoRvrt", "false"); Zeile gefunden : user_pref("extensions.buenosearch.bbDpng", "12"); Zeile gefunden : user_pref("extensions.buenosearch.cntry", "DE"); Zeile gefunden : user_pref("extensions.buenosearch.dfltLng", "en"); Zeile gefunden : user_pref("extensions.buenosearch.excTlbr", false); Zeile gefunden : user_pref("extensions.buenosearch.ffxUnstlRst", true); Zeile gefunden : user_pref("extensions.buenosearch.hdrMd5", "A41CDBE30F583C45BA374C3DF5C7CA58"); Zeile gefunden : user_pref("extensions.buenosearch.id", "142775060000000000003085a9acd151"); Zeile gefunden : user_pref("extensions.buenosearch.instlDay", "16174"); Zeile gefunden : user_pref("extensions.buenosearch.instlRef", "sst"); Zeile gefunden : user_pref("extensions.buenosearch.lastB", "hxxp://www.buenosearch.com/?babsrc=HP_ss&mntrId=14273085A9ACD151&affID=127690&tsp=5184"); Zeile gefunden : user_pref("extensions.buenosearch.lastVrsnTs", "1.8.28.716:50:14"); Zeile gefunden : user_pref("extensions.buenosearch.newTab", false); Zeile gefunden : user_pref("extensions.buenosearch.prdct", "buenosearch"); Zeile gefunden : user_pref("extensions.buenosearch.prtnrId", "buenosearch"); Zeile gefunden : user_pref("extensions.buenosearch.rvrt", "false"); Zeile gefunden : user_pref("extensions.buenosearch.sg", "azb"); Zeile gefunden : user_pref("extensions.buenosearch.smplGrp", "none"); Zeile gefunden : user_pref("extensions.buenosearch.tb_url", "hxxp://www.buenosearch.com/?q={searchTerms}&babsrc=TB_ss&mntrId=14273085A9ACD151&affID=128492&tsp=5217"); Zeile gefunden : user_pref("extensions.buenosearch.tlbrId", "base"); Zeile gefunden : user_pref("extensions.buenosearch.tlbrSrchUrl", "hxxp://www.buenosearch.com/?q={searchTerms}&babsrc=TB_ss&mntrId=14273085A9ACD151&affID=128492&tsp=5217"); Zeile gefunden : user_pref("extensions.buenosearch.vrsn", "1.8.28.7"); Zeile gefunden : user_pref("extensions.buenosearch.vrsnTs", "1.8.28.717:05:11"); Zeile gefunden : user_pref("extensions.buenosearch.vrsni", "1.8.28.7"); Zeile gefunden : user_pref("extensions.crossrider.bic", "144d129de192be5fa1be2b4f2a441b6c"); Zeile gefunden : user_pref("extensions.iminent.admin", false); Zeile gefunden : user_pref("extensions.iminent.aflt", "orgnl"); Zeile gefunden : user_pref("extensions.iminent.appId", "{0E4B2CAB-B859-4C57-B96E-63DDEC692BC4}"); Zeile gefunden : user_pref("extensions.iminent.autoRvrt", "false"); Zeile gefunden : user_pref("extensions.iminent.dfltLng", ""); Zeile gefunden : user_pref("extensions.iminent.excTlbr", false); Zeile gefunden : user_pref("extensions.iminent.ffxUnstlRst", false); Zeile gefunden : user_pref("extensions.iminent.id", "142775060000000000003085a9acd151"); Zeile gefunden : user_pref("extensions.iminent.instlDay", "16146"); Zeile gefunden : user_pref("extensions.iminent.instlRef", ""); Zeile gefunden : user_pref("extensions.iminent.newTab", false); Zeile gefunden : user_pref("extensions.iminent.prdct", "iminent"); Zeile gefunden : user_pref("extensions.iminent.prtnrId", "iminent"); Zeile gefunden : user_pref("extensions.iminent.rvrt", "false"); Zeile gefunden : user_pref("extensions.iminent.smplGrp", "none"); Zeile gefunden : user_pref("extensions.iminent.tlbrId", "YBCPCSTIPO"); Zeile gefunden : user_pref("extensions.iminent.tlbrSrchUrl", "hxxp://start.iminent.com/?ref=toolbarm#q="); Zeile gefunden : user_pref("extensions.iminent.vrsn", "1.8.28.3"); Zeile gefunden : user_pref("extensions.iminent.vrsnTs", "1.8.28.318:48:27"); Zeile gefunden : user_pref("extensions.iminent.vrsni", "1.8.28.3"); Zeile gefunden : user_pref("keyword.URL", "hxxp://websearch.eazytosearch.info/?pid=724&r=2014/06/01&hid=13168029659258047577&lg=EN&cc=DE&l=1&q="); -\\ Google Chrome v35.0.1916.114 ((Hoffe das ist so richtig)) |
05.06.2014, 20:04 | #2 |
/// Winkelfunktion /// TB-Süch-Tiger™ | Fehler beim Laden des Moduls RegSvr32 Hallo und
__________________Hast du noch weitere Logs (mit Funden)? Malwarebytes und/oder andere Virenscanner, sind die mal fündig geworden? Ich frage deswegen nach => http://www.trojaner-board.de/125889-...tml#post941520 Bitte keine neuen Virenscans machen sondern erst nur schon vorhandene Logs in CODE-Tags posten! Relevant sind nur Logs der letzten 7 Tage bzw. seitdem das Problem besteht! Zudem bitte auch ein Log mit Farbars Tool machen: Scan mit Farbar's Recovery Scan Tool (FRST) Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop: FRST 32-Bit | FRST 64-Bit (Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
Lesestoff: Posten in CODE-Tags Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR oder 7Z-Archiv zu packen erschwert mir massiv die Arbeit. Auch wenn die Logs für einen Beitrag zu groß sein sollten, bitte ich dich die Logs direkt und notfalls über mehrere Beiträge verteilt zu posten. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
__________________ |
05.06.2014, 20:27 | #3 |
| Fehler beim Laden des Moduls RegSvr32Code:
ATTFilter <?xml version="1.0" encoding="UTF-16" ?> <mbam-log> <header> <date>2014/06/05 20:15:04 +0200</date> <logfile>mbam-log-2014-06-05 (20-15-04).xml</logfile> <isadmin>yes</isadmin> </header> <engine> <version>2.00.2.1012</version> <malware-database>v2014.06.05.11</malware-database> <rootkit-database>v2014.06.02.01</rootkit-database> <license>trial</license> <file-protection>enabled</file-protection> <web-protection>enabled</web-protection> <self-protection>disabled</self-protection> </engine> <system> <osversion>Windows 7 Service Pack 1</osversion> <arch>x64</arch> <username>Nina</username> <filesys>NTFS</filesys> </system> <summary> <type>threat</type> <result>completed</result> <objects>311026</objects> <time>392</time> <processes>0</processes> <modules>0</modules> <keys>40</keys> <values>6</values> <datas>1</datas> <folders>19</folders> <files>105</files> <sectors>0</sectors> </summary> <options> <memory>enabled</memory> <startup>enabled</startup> <filesystem>enabled</filesystem> <archives>enabled</archives> <rootkits>disabled</rootkits> <deeprootkit>disabled</deeprootkit> <heuristics>enabled</heuristics> <pup>enabled</pup> <pum>enabled</pum> </options> <items> <key><path>HKLM\SOFTWARE\CLASSES\APPID\{38A066B0-DD5F-4226-AC4F-6A27C1BFB892}</path><vendor>PUP.Optional.PricePeep.A</vendor><action>success</action><hash>9649cca8aecd95a1ba2c89e66a9816ea</hash></key> <key><path>HKLM\SOFTWARE\WOW6432NODE\CLASSES\APPID\{38A066B0-DD5F-4226-AC4F-6A27C1BFB892}</path><vendor>PUP.Optional.PricePeep.A</vendor><action>success</action><hash>9649cca8aecd95a1ba2c89e66a9816ea</hash></key> <key><path>HKLM\SOFTWARE\CLASSES\CLSID\{051E9166-B275-4683-907B-372FAE22BC7C}</path><vendor>PUP.Optional.WebSteroids.A</vendor><action>success</action><hash>9f40155f1e5d2e08ee5f63d8b34f8779</hash></key> <key><path>HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{051E9166-B275-4683-907B-372FAE22BC7C}</path><vendor>PUP.Optional.WebSteroids.A</vendor><action>success</action><hash>9f40155f1e5d2e08ee5f63d8b34f8779</hash></key> <key><path>HKLM\SOFTWARE\CLASSES\CLSID\{E5A7A645-8318-4895-B85C-EDC606B80DB6}</path><vendor>PUP.Optional.DynConIE.A</vendor><action>success</action><hash>d6097df79be0ab8b0e0dee4dfa08ff01</hash></key> <key><path>HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{E5A7A645-8318-4895-B85C-EDC606B80DB6}</path><vendor>PUP.Optional.DynConIE.A</vendor><action>success</action><hash>d6097df79be0ab8b0e0dee4dfa08ff01</hash></key> <key><path>HKLM\SOFTWARE\CLASSES\TYPELIB\{3BF3DED5-0FC8-4207-AC09-AA7B5AF4E408}</path><vendor>Adware.Agent</vendor><action>success</action><hash>548b324295e6ff377ee6003ebc468878</hash></key> <key><path>HKLM\SOFTWARE\CLASSES\INTERFACE\{1B97A696-5576-43AC-A73B-E1D2C78F21E8}</path><vendor>Adware.Agent</vendor><action>success</action><hash>548b324295e6ff377ee6003ebc468878</hash></key> <key><path>HKLM\SOFTWARE\CLASSES\INTERFACE\{75BF416E-4326-45B5-8A2D-AE32D05B930B}</path><vendor>Adware.Agent</vendor><action>success</action><hash>548b324295e6ff377ee6003ebc468878</hash></key> <key><path>HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{1B97A696-5576-43AC-A73B-E1D2C78F21E8}</path><vendor>Adware.Agent</vendor><action>success</action><hash>548b324295e6ff377ee6003ebc468878</hash></key> <key><path>HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{75BF416E-4326-45B5-8A2D-AE32D05B930B}</path><vendor>Adware.Agent</vendor><action>success</action><hash>548b324295e6ff377ee6003ebc468878</hash></key> <key><path>HKLM\SOFTWARE\WOW6432NODE\CLASSES\TYPELIB\{3BF3DED5-0FC8-4207-AC09-AA7B5AF4E408}</path><vendor>Adware.Agent</vendor><action>success</action><hash>548b324295e6ff377ee6003ebc468878</hash></key> <key><path>HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{68B81CCD-A80C-4060-8947-5AE69ED01199}</path><vendor>PUP.Optional.Iminent.A</vendor><action>success</action><hash>38a7d0a42d4e191db702f877748edd23</hash></key> <key><path>HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{E6B969FB-6D33-48d2-9061-8BBD4899EB08}</path><vendor>PUP.Optional.Iminent.A</vendor><action>success</action><hash>c718cca8ee8d2313ceec046b02003fc1</hash></key> <key><path>HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{84FF7BD6-B47F-46F8-9130-01B2696B36CB}</path><vendor>PUP.Optional.Iminent.A</vendor><action>success</action><hash>825db3c18fec1e182e202d42f60c619f</hash></key> <key><path>HKLM\SOFTWARE\CLASSES\PricePeep.PricePeepBho</path><vendor>PUP.Optional.PricePeep.A</vendor><action>success</action><hash>716ef08474079e98665cb8b6af537b85</hash></key> <key><path>HKLM\SOFTWARE\CLASSES\PricePeep.PricePeepBho.1</path><vendor>PUP.Optional.PricePeep.A</vendor><action>success</action><hash>9f4072021e5dcd69ebd71856a55d1ae6</hash></key> <key><path>HKLM\SOFTWARE\WOW6432NODE\CLASSES\PricePeep.PricePeepBho</path><vendor>PUP.Optional.PricePeep.A</vendor><action>success</action><hash>9f4072021e5dcd69ebd71856a55d1ae6</hash></key> <key><path>HKLM\SOFTWARE\WOW6432NODE\CLASSES\PricePeep.PricePeepBho.1</path><vendor>PUP.Optional.PricePeep.A</vendor><action>success</action><hash>9f4072021e5dcd69ebd71856a55d1ae6</hash></key> <key><path>HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\Websteroids</path><vendor>PUP.Optional.Websteroids.A</vendor><action>success</action><hash>df009dd77dfe171f15fee4d516ece11f</hash></key> <key><path>HKLM\SOFTWARE\Iminent</path><vendor>PUP.Optional.Iminent.A</vendor><action>success</action><hash>4996f67e5625d85edf6d774157ab2bd5</hash></key> <key><path>HKLM\SOFTWARE\CLASSES\Iminent</path><vendor>PUP.Optional.Iminent.A</vendor><action>success</action><hash>b12e82f2f8835ed8424e09d934cf9f61</hash></key> <key><path>HKLM\SOFTWARE\CLASSES\APPID\PricePeep.DLL</path><vendor>PUP.Optional.PricePeep.A</vendor><action>success</action><hash>06d9f57fb5c60a2cde174f7f3ac942be</hash></key> <key><path>HKLM\SOFTWARE\WOW6432NODE\Iminent</path><vendor>PUP.Optional.Iminent.A</vendor><action>success</action><hash>78674d27bac16fc7a3a93d7bd42e4db3</hash></key> <key><path>HKLM\SOFTWARE\WOW6432NODE\CLASSES\Iminent</path><vendor>PUP.Optional.Iminent.A</vendor><action>success</action><hash>a23deb892a5163d3b0e00bd742c13cc4</hash></key> <key><path>HKLM\SOFTWARE\WOW6432NODE\CLASSES\APPID\PricePeep.DLL</path><vendor>PUP.Optional.PricePeep.A</vendor><action>success</action><hash>e4fbde964e2d49ed1ed78846a55e05fb</hash></key> <key><path>HKLM\SOFTWARE\WOW6432NODE\SWEETIM</path><vendor>PUP.Optional.SweetIM.A</vendor><action>success</action><hash>9748cfa54f2c4de9450c5e7054afa957</hash></key> <key><path>HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\Update melondrea</path><vendor>PUP.Optional.Melondrea.A</vendor><action>success</action><hash>5f804f251467fe38a01a5f52e121d729</hash></key> <key><path>HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\Websteroids</path><vendor>PUP.OPtional.Websteroids</vendor><action>success</action><hash>e2fd13611d5eff373512584f7b8705fb</hash></key> <key><path>HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\hdtotal1.2</path><vendor>PUP.Optional.HDTotal.A</vendor><action>success</action><hash>edf2afc58eedd5611f6c5c8bec17ac54</hash></key> <key><path>HKU\S-1-5-21-1228840033-2895351102-1459622301-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\Crossrider</path><vendor>PUP.Optional.CrossRider.A</vendor><action>success</action><hash>f0efcaaabfbca78f2ab33ba6be45c838</hash></key> <key><path>HKU\S-1-5-21-1228840033-2895351102-1459622301-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\DynConIE</path><vendor>PUP.Optional.MultiIE.A</vendor><action>success</action><hash>be214e2617643bfb27049a5126ddf20e</hash></key> <key><path>HKU\S-1-5-21-1228840033-2895351102-1459622301-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\DISTROMATIC\Toolbars</path><vendor>PUP.Optional.AlexaTB.A</vendor><action>success</action><hash>06d9e78d0477ab8bab497e55a1624fb1</hash></key> <key><path>HKU\S-1-5-21-1228840033-2895351102-1459622301-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\INSTALLCORE\1I1T1Q1S</path><vendor>PUP.Optional.InstallCore.A</vendor><action>success</action><hash>a03fbeb6f68505310c49f0c7f111ac54</hash></key> <key><path>HKU\S-1-5-21-1228840033-2895351102-1459622301-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\INSTALLCORE</path><vendor>PUP.Optional.InstallCore.A</vendor><action>success</action><hash>cb14056f9edd0432b1b222abb54e38c8</hash></key> <key><path>HKU\S-1-5-21-1228840033-2895351102-1459622301-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE}</path><vendor>PUP.Optional.WebSearchInfo</vendor><action>success</action><hash>677890e4a0db2412862f419a669d4cb4</hash></key> <key><path>HKU\S-1-5-21-1228840033-2895351102-1459622301-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\SOFTONIC\Universal Downloader</path><vendor>PUP.Optional.Softonic.A</vendor><action>success</action><hash>37a875ff8fec66d06e8b4a5b1ee411ef</hash></key> <key><path>HKU\S-1-5-21-1228840033-2895351102-1459622301-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\SWEETIM</path><vendor>PUP.Optional.SweetIM.A</vendor><action>success</action><hash>3fa0d69ede9db97d94bcb31b05feb749</hash></key> <key><path>HKU\S-1-5-21-1228840033-2895351102-1459622301-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\VB AND VBA PROGRAM SETTINGS\SrvID</path><vendor>Malware.Trace</vendor><action>success</action><hash>5a85f4802a513df9162ce54c976cb24e</hash></key> <key><path>HKU\S-1-5-21-1228840033-2895351102-1459622301-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\SOFTONIC\Universal Downloader</path><vendor>PUP.Optional.Softonic.A</vendor><action>success</action><hash>eaf5afc55d1ef73fa554ffa69270dc24</hash></key> <value><path>HKLM\SOFTWARE\WOW6432NODE\SWEETIM</path><valuename>simapp_id</valuename><vendor>PUP.Optional.SweetIM.A</vendor><action>success</action><valuedata>1605756196006826384</valuedata><hash>9748cfa54f2c4de9450c5e7054afa957</hash></value> <value><path>HKU\S-1-5-21-1228840033-2895351102-1459622301-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\INSTALLCORE</path><valuename>tb</valuename><vendor>PUP.Optional.InstallCore.A</vendor><action>success</action><valuedata>0J1B1O1M1N0U1O1N2T</valuedata><hash>cb14056f9edd0432b1b222abb54e38c8</hash></value> <value><path>HKU\S-1-5-21-1228840033-2895351102-1459622301-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN</path><valuename>Firewall Windows</valuename><vendor>Trojan.Agent</vendor><action>success</action><valuedata>C:\Users\Nina\AppData\Roaming\Windows Firewall\csrss.exe</valuedata><hash>637c0f655f1c8da968cd2da53ec46997</hash></value> <value><path>HKU\S-1-5-21-1228840033-2895351102-1459622301-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN</path><valuename>LiveSupport</valuename><vendor>PUP.Optional.LiveSupport</vendor><action>success</action><valuedata>"C:\Program Files (x86)\LiveSupport\LiveSupport.exe" /noshow /log</valuedata><hash>c718ef852d4e46f0b9479416788aa858</hash></value> <value><path>HKU\S-1-5-21-1228840033-2895351102-1459622301-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN</path><valuename>{86D4318C-5447-5CE6-632A-7FF902854152}</valuename><vendor>Trojan.ZbotR.Gen</vendor><action>success</action><valuedata>C:\Users\Nina\AppData\Roaming\Vaowav\qarot.exe</valuedata><hash>3ba4f77d85f6ac8a7ae4b7d040c3ba46</hash></value> <value><path>HKU\S-1-5-21-1228840033-2895351102-1459622301-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\SWEETIM</path><valuename>simapp_id</valuename><vendor>PUP.Optional.SweetIM.A</vendor><action>success</action><valuedata>1605756196006826384</valuedata><hash>3fa0d69ede9db97d94bcb31b05feb749</hash></value> <data><path>HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\MAIN</path><valuename>Start Page</valuename><vendor>PUP.Optional.WebSearchInfo</vendor><action>replaced</action><valuedata>hxxp://websearch.eazytosearch.info/?pid=724&r=2014/06/01&hid=13168029659258047577&lg=EN&cc=DE</valuedata><baddata>hxxp://websearch.eazytosearch.info/?pid=724&r=2014/06/01&hid=13168029659258047577&lg=EN&cc=DE</baddata><gooddata>hxxp://www.google.com</gooddata><hash>06d9195b08732b0b07a51b463acac43c</hash></data> <folder><path>C:\Users\Einhorn-Pegasus\AppData\Local\Websteroids</path><vendor>PUP.Optional.Websteroids.A</vendor><action>success</action><hash>3da280f46318cf6755f67f2044be4cb4</hash></folder> <folder><path>C:\Users\Nina\AppData\Local\Websteroids</path><vendor>PUP.Optional.Websteroids.A</vendor><action>success</action><hash>a03fcaaa29526dc90a41b8e77191659b</hash></folder> <folder><path>C:\ProgramData\Websteroids</path><vendor>PUP.Optional.Websteroids.A</vendor><action>success</action><hash>df009dd77dfe171f15fee4d516ece11f</hash></folder> <folder><path>C:\ProgramData\Websteroids\up</path><vendor>PUP.Optional.Websteroids.A</vendor><action>success</action><hash>df009dd77dfe171f15fee4d516ece11f</hash></folder> <folder><path>C:\ProgramData\Websteroids\up\2.6.80</path><vendor>PUP.Optional.Websteroids.A</vendor><action>success</action><hash>df009dd77dfe171f15fee4d516ece11f</hash></folder> <folder><path>C:\Users\Nina\AppData\Roaming\14277506</path><vendor>Rogue.Multiple</vendor><action>success</action><hash>8a5596de0b7037ff2ba295dde31f1ae6</hash></folder> <folder><path>C:\Users\Nina\AppData\Local\Temp\Iminent</path><vendor>PUP.Optional.Iminent.A</vendor><action>success</action><hash>607fc4b0dba08fa735594240e71ba45c</hash></folder> <folder><path>C:\Users\Nina\AppData\Local\Temp\CT3325809</path><vendor>PUP.Optional.Conduit.A</vendor><action>success</action><hash>3ea10c68b0cbfb3b6785a7db659dc040</hash></folder> <folder><path>C:\Users\Nina\AppData\Roaming\IminentToolbar</path><vendor>PUP.Optional.Iminent.A</vendor><action>success</action><hash>3aa5066e314aab8b0a339de7659d6b95</hash></folder> <folder><path>C:\ProgramData\YoutubeAdblocker</path><vendor>PUP.Optional.YoutubeAdblocker.A</vendor><action>success</action><hash>3da2f67ee299fb3b53476f17986a8e72</hash></folder> <folder><path>C:\Users\Nina\AppData\Roaming\SimilarSites</path><vendor>PUP.Optional.SimilarSites.A</vendor><action>success</action><hash>984770041a6173c31a57880214eee11f</hash></folder> <folder><path>C:\Users\Nina\AppData\Roaming\Mozilla\Firefox\Profiles\f1vtxk96.default\extensions\sitefinder@sitefinder.com</path><vendor>PUP.Optional.SiteFinder.A</vendor><action>success</action><hash>d50a551f1b609e9820548ffb1be71ae6</hash></folder> <folder><path>C:\Users\Nina\AppData\Roaming\Mozilla\Firefox\Profiles\f1vtxk96.default\extensions\sitefinder@sitefinder.com\chrome</path><vendor>PUP.Optional.SiteFinder.A</vendor><action>success</action><hash>d50a551f1b609e9820548ffb1be71ae6</hash></folder> <folder><path>C:\Users\Nina\AppData\Roaming\Mozilla\Firefox\Profiles\f1vtxk96.default\extensions\sitefinder@sitefinder.com\chrome\content</path><vendor>PUP.Optional.SiteFinder.A</vendor><action>success</action><hash>d50a551f1b609e9820548ffb1be71ae6</hash></folder> <folder><path>C:\Users\Nina\AppData\Roaming\Mozilla\Firefox\Profiles\f1vtxk96.default\extensions\sitefinder@sitefinder.com\chrome\locale</path><vendor>PUP.Optional.SiteFinder.A</vendor><action>success</action><hash>d50a551f1b609e9820548ffb1be71ae6</hash></folder> <folder><path>C:\Users\Nina\AppData\Roaming\Mozilla\Firefox\Profiles\f1vtxk96.default\extensions\sitefinder@sitefinder.com\chrome\locale\en-US</path><vendor>PUP.Optional.SiteFinder.A</vendor><action>success</action><hash>d50a551f1b609e9820548ffb1be71ae6</hash></folder> <folder><path>C:\Users\Nina\AppData\Roaming\Mozilla\Firefox\Profiles\f1vtxk96.default\extensions\sitefinder@sitefinder.com\chrome\skin</path><vendor>PUP.Optional.SiteFinder.A</vendor><action>success</action><hash>d50a551f1b609e9820548ffb1be71ae6</hash></folder> <folder><path>C:\Users\Nina\AppData\Roaming\Mozilla\Firefox\Profiles\f1vtxk96.default\extensions\sitefinder@sitefinder.com\chrome\skin\classic</path><vendor>PUP.Optional.SiteFinder.A</vendor><action>success</action><hash>d50a551f1b609e9820548ffb1be71ae6</hash></folder> <folder><path>C:\ProgramData\savE on</path><vendor>PUP.Optional.SaveOn.A</vendor><action>success</action><hash>eff0caaa9be0270f5b8e7f1521e158a8</hash></folder> <file><path>C:\Users\Nina\AppData\Local\Temp\nsd1D0A.exe</path><vendor>PUP.Optional.SearchProtect.A</vendor><action>success</action><hash>39a6e88c0e6d61d5d9955ecde51c9b65</hash></file> <file><path>C:\Users\Nina\AppData\Local\Temp\nsdC018.exe</path><vendor>PUP.Optional.SearchProtect.A</vendor><action>success</action><hash>c619621288f3ec4afe70919a02ff1de3</hash></file> <file><path>C:\Users\Nina\AppData\Local\Temp\nsi1B54.exe</path><vendor>PUP.Optional.SearchProtect.A</vendor><action>success</action><hash>eef1254f8fec0234640a2dfe3fc2619f</hash></file> <file><path>C:\Users\Nina\AppData\Local\Temp\Umbrella.exeb35d6e</path><vendor>PUP.Optional.Iminent</vendor><action>success</action><hash>14cb24506f0ccf675e77000945bc48b8</hash></file> <file><path>C:\Users\Nina\AppData\Local\Temp\nsnBE33.exe</path><vendor>PUP.Optional.SearchProtect.A</vendor><action>success</action><hash>1ac55e162b50b086531bf3382fd245bb</hash></file> <file><path>C:\Users\Nina\AppData\Local\Temp\nsjA547.exe</path><vendor>PUP.Optional.SearchProtect.A</vendor><action>success</action><hash>e4fb7103f9823501393588a32dd46b95</hash></file> <file><path>C:\Users\Nina\AppData\Local\Temp\n4095\melondrea_0702-81cfb2ef.exe</path><vendor>PUP.Optional.Melondrea.A</vendor><action>success</action><hash>825d2b49a7d4cd695bd28bb761a3669a</hash></file> <file><path>C:\Users\Nina\AppData\Local\Temp\n4095\s4095.exe</path><vendor>PUP.Optional.Rapiddown</vendor><action>success</action><hash>47987df75e1d79bd722575eead54619f</hash></file> <file><path>C:\Users\Nina\AppData\Local\Temp\is1242154493\2424856_stp\MegaBrowseSetup.exe</path><vendor>PUP.Optional.MegaBrowse.A</vendor><action>success</action><hash>fde22054b2c9db5b7dafbb8746be6898</hash></file> <file><path>C:\Users\Nina\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.superfish.com_0.localstorage</path><vendor>PUP.Optional.Superfish.A</vendor><action>success</action><hash>706f284c6b1089adb5c9148a7989d22e</hash></file> <file><path>C:\Users\Nina\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.superfish.com_0.localstorage-journal</path><vendor>PUP.Optional.Superfish.A</vendor><action>success</action><hash>4f901c5890eb8da9a9d5099544be9769</hash></file> <file><path>C:\Users\Einhorn-Pegasus\AppData\Local\Websteroids\data2.dat</path><vendor>PUP.Optional.Websteroids.A</vendor><action>success</action><hash>3da280f46318cf6755f67f2044be4cb4</hash></file> <file><path>C:\Users\Nina\AppData\Local\Websteroids\data2.dat</path><vendor>PUP.Optional.Websteroids.A</vendor><action>success</action><hash>a03fcaaa29526dc90a41b8e77191659b</hash></file> <file><path>C:\Users\Nina\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_igdhbblpcellaljokkpfhcjlagemhgjl_0.localstorage</path><vendor>PUP.Optional.Iminent.A</vendor><action>success</action><hash>5b847df7c5b658de5bf01090ed150cf4</hash></file> <file><path>C:\Users\Nina\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_d.websteroidsapp.com_0.localstorage</path><vendor>PUP.Optional.Websteroids.A</vendor><action>success</action><hash>14cbf57faad12610484c91180bf7f60a</hash></file> <file><path>C:\Users\Nina\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_d.websteroidsapp.com_0.localstorage-journal</path><vendor>PUP.Optional.Websteroids.A</vendor><action>success</action><hash>e9f6d1a3e398e155454f5158f909f60a</hash></file> <file><path>C:\Users\Nina\AppData\Roaming\Mozilla\Firefox\Profiles\f1vtxk96.default\searchplugins\buenosearch.xml</path><vendor>PUP.Optional.BuenoSearch.A</vendor><action>success</action><hash>8c5373018fec3df97aef1d8fa85a6b95</hash></file> <file><path>C:\Users\Nina\AppData\Roaming\Mozilla\Firefox\Profiles\f1vtxk96.default\searchplugins\conduit-search.xml</path><vendor>PUP.Optional.Conduit.A</vendor><action>success</action><hash>9e4187ed661565d120568428837f54ac</hash></file> <file><path>C:\Users\Nina\AppData\Roaming\Mozilla\Firefox\Profiles\f1vtxk96.default\searchplugins\iminent.xml</path><vendor>PUP.Optional.Iminent.A</vendor><action>success</action><hash>904fd4a0d5a64ee8595d4765828052ae</hash></file> <file><path>C:\Users\Nina\AppData\Roaming\Mozilla\Firefox\Profiles\f1vtxk96.default\searchplugins\WebSearch.xml</path><vendor>PUP.Optional.WebSearch.A</vendor><action>success</action><hash>21be34400e6d55e162014d60f012a759</hash></file> <file><path>C:\Windows\System32\roboot64.exe</path><vendor>PUP.Optional.PCPerformer.A</vendor><action>success</action><hash>1bc4bbb9027951e50739e3cec73b5da3</hash></file> <file><path>C:\ProgramData\Websteroids\app.dat</path><vendor>PUP.Optional.Websteroids.A</vendor><action>success</action><hash>df009dd77dfe171f15fee4d516ece11f</hash></file> <file><path>C:\ProgramData\Websteroids\data.dat</path><vendor>PUP.Optional.Websteroids.A</vendor><action>success</action><hash>df009dd77dfe171f15fee4d516ece11f</hash></file> <file><path>C:\ProgramData\Websteroids\Uninstall.exe</path><vendor>PUP.Optional.Websteroids.A</vendor><action>success</action><hash>df009dd77dfe171f15fee4d516ece11f</hash></file> <file><path>C:\ProgramData\Websteroids\Websteroids.exe.config</path><vendor>PUP.Optional.Websteroids.A</vendor><action>success</action><hash>df009dd77dfe171f15fee4d516ece11f</hash></file> <file><path>C:\ProgramData\Websteroids\Websteroids.ico</path><vendor>PUP.Optional.Websteroids.A</vendor><action>success</action><hash>df009dd77dfe171f15fee4d516ece11f</hash></file> <file><path>C:\ProgramData\Websteroids\Websteroids64.exe.config</path><vendor>PUP.Optional.Websteroids.A</vendor><action>success</action><hash>df009dd77dfe171f15fee4d516ece11f</hash></file> <file><path>C:\ProgramData\Websteroids\WebsteroidsService.exe.config</path><vendor>PUP.Optional.Websteroids.A</vendor><action>success</action><hash>df009dd77dfe171f15fee4d516ece11f</hash></file> <file><path>C:\ProgramData\Websteroids\up\2.6.80\Websteroids.exe.config</path><vendor>PUP.Optional.Websteroids.A</vendor><action>success</action><hash>df009dd77dfe171f15fee4d516ece11f</hash></file> <file><path>C:\ProgramData\Websteroids\up\2.6.80\Websteroids64.exe.config</path><vendor>PUP.Optional.Websteroids.A</vendor><action>success</action><hash>df009dd77dfe171f15fee4d516ece11f</hash></file> <file><path>C:\ProgramData\Websteroids\up\2.6.80\WebsteroidsService.exe.config</path><vendor>PUP.Optional.Websteroids.A</vendor><action>success</action><hash>df009dd77dfe171f15fee4d516ece11f</hash></file> <file><path>C:\ProgramData\Websteroids\up\2.6.80\WebsteroidsUpdate.exe</path><vendor>PUP.Optional.Websteroids.A</vendor><action>success</action><hash>df009dd77dfe171f15fee4d516ece11f</hash></file> <file><path>C:\ProgramData\Websteroids\up\2.6.80\WebsteroidsUpdate.exe.config</path><vendor>PUP.Optional.Websteroids.A</vendor><action>success</action><hash>df009dd77dfe171f15fee4d516ece11f</hash></file> <file><path>C:\Users\Nina\AppData\Roaming\Nina-wchelper.dll</path><vendor>Trojan.Agent.Gen</vendor><action>success</action><hash>38a773013e3db2848a0a85269e65ad53</hash></file> <file><path>C:\Users\Nina\AppData\Roaming\Windows Firewall\csrss.exe</path><vendor>Trojan.Agent</vendor><action>success</action><hash>637c0f655f1c8da968cd2da53ec46997</hash></file> <file><path>C:\Users\Nina\AppData\Roaming\14277506\16-02-2014</path><vendor>Rogue.Multiple</vendor><action>success</action><hash>8a5596de0b7037ff2ba295dde31f1ae6</hash></file> <file><path>C:\Users\Nina\AppData\Roaming\14277506\ak.tmp</path><vendor>Rogue.Multiple</vendor><action>success</action><hash>8a5596de0b7037ff2ba295dde31f1ae6</hash></file> <file><path>C:\Users\Nina\AppData\Local\Temp\CT3325809\ddt.csf</path><vendor>PUP.Optional.Conduit.A</vendor><action>success</action><hash>3ea10c68b0cbfb3b6785a7db659dc040</hash></file> <file><path>C:\Users\Nina\AppData\Roaming\IminentToolbar\sqlite3.dll</path><vendor>PUP.Optional.Iminent.A</vendor><action>success</action><hash>3aa5066e314aab8b0a339de7659d6b95</hash></file> <file><path>C:\Users\Nina\AppData\Roaming\Mozilla\Firefox\Profiles\f1vtxk96.default\extensions\sitefinder@sitefinder.com\chrome.manifest</path><vendor>PUP.Optional.SiteFinder.A</vendor><action>success</action><hash>d50a551f1b609e9820548ffb1be71ae6</hash></file> <file><path>C:\Users\Nina\AppData\Roaming\Mozilla\Firefox\Profiles\f1vtxk96.default\extensions\sitefinder@sitefinder.com\install.rdf</path><vendor>PUP.Optional.SiteFinder.A</vendor><action>success</action><hash>d50a551f1b609e9820548ffb1be71ae6</hash></file> <file><path>C:\Users\Nina\AppData\Roaming\Mozilla\Firefox\Profiles\f1vtxk96.default\extensions\sitefinder@sitefinder.com\chrome\content\aff.js</path><vendor>PUP.Optional.SiteFinder.A</vendor><action>success</action><hash>d50a551f1b609e9820548ffb1be71ae6</hash></file> <file><path>C:\Users\Nina\AppData\Roaming\Mozilla\Firefox\Profiles\f1vtxk96.default\extensions\sitefinder@sitefinder.com\chrome\content\jquery-1.8.3.min.js</path><vendor>PUP.Optional.SiteFinder.A</vendor><action>success</action><hash>d50a551f1b609e9820548ffb1be71ae6</hash></file> <file><path>C:\Users\Nina\AppData\Roaming\Mozilla\Firefox\Profiles\f1vtxk96.default\extensions\sitefinder@sitefinder.com\chrome\content\options.js</path><vendor>PUP.Optional.SiteFinder.A</vendor><action>success</action><hash>d50a551f1b609e9820548ffb1be71ae6</hash></file> <file><path>C:\Users\Nina\AppData\Roaming\Mozilla\Firefox\Profiles\f1vtxk96.default\extensions\sitefinder@sitefinder.com\chrome\content\options.xul</path><vendor>PUP.Optional.SiteFinder.A</vendor><action>success</action><hash>d50a551f1b609e9820548ffb1be71ae6</hash></file> <file><path>C:\Users\Nina\AppData\Roaming\Mozilla\Firefox\Profiles\f1vtxk96.default\extensions\sitefinder@sitefinder.com\chrome\content\overlay.js</path><vendor>PUP.Optional.SiteFinder.A</vendor><action>success</action><hash>d50a551f1b609e9820548ffb1be71ae6</hash></file> <file><path>C:\Users\Nina\AppData\Roaming\Mozilla\Firefox\Profiles\f1vtxk96.default\extensions\sitefinder@sitefinder.com\chrome\content\overlay.xul</path><vendor>PUP.Optional.SiteFinder.A</vendor><action>success</action><hash>d50a551f1b609e9820548ffb1be71ae6</hash></file> <file><path>C:\Users\Nina\AppData\Roaming\Mozilla\Firefox\Profiles\f1vtxk96.default\extensions\sitefinder@sitefinder.com\chrome\content\popup.html</path><vendor>PUP.Optional.SiteFinder.A</vendor><action>success</action><hash>d50a551f1b609e9820548ffb1be71ae6</hash></file> <file><path>C:\Users\Nina\AppData\Roaming\Mozilla\Firefox\Profiles\f1vtxk96.default\extensions\sitefinder@sitefinder.com\chrome\content\popup.js</path><vendor>PUP.Optional.SiteFinder.A</vendor><action>success</action><hash>d50a551f1b609e9820548ffb1be71ae6</hash></file> <file><path>C:\Users\Nina\AppData\Roaming\Mozilla\Firefox\Profiles\f1vtxk96.default\extensions\sitefinder@sitefinder.com\chrome\content\tabs_listener.js</path><vendor>PUP.Optional.SiteFinder.A</vendor><action>success</action><hash>d50a551f1b609e9820548ffb1be71ae6</hash></file> <file><path>C:\Users\Nina\AppData\Roaming\Mozilla\Firefox\Profiles\f1vtxk96.default\extensions\sitefinder@sitefinder.com\chrome\locale\en-US\settings.dtd</path><vendor>PUP.Optional.SiteFinder.A</vendor><action>success</action><hash>d50a551f1b609e9820548ffb1be71ae6</hash></file> <file><path>C:\Users\Nina\AppData\Roaming\Mozilla\Firefox\Profiles\f1vtxk96.default\extensions\sitefinder@sitefinder.com\chrome\skin\classic\button.png</path><vendor>PUP.Optional.SiteFinder.A</vendor><action>success</action><hash>d50a551f1b609e9820548ffb1be71ae6</hash></file> <file><path>C:\Users\Nina\AppData\Roaming\Mozilla\Firefox\Profiles\f1vtxk96.default\extensions\sitefinder@sitefinder.com\chrome\skin\classic\icon.png</path><vendor>PUP.Optional.SiteFinder.A</vendor><action>success</action><hash>d50a551f1b609e9820548ffb1be71ae6</hash></file> <file><path>C:\Users\Nina\AppData\Roaming\Mozilla\Firefox\Profiles\f1vtxk96.default\extensions\sitefinder@sitefinder.com\chrome\skin\classic\main.css</path><vendor>PUP.Optional.SiteFinder.A</vendor><action>success</action><hash>d50a551f1b609e9820548ffb1be71ae6</hash></file> <file><path>C:\Users\Nina\AppData\Roaming\Mozilla\Firefox\Profiles\f1vtxk96.default\extensions\sitefinder@sitefinder.com\chrome\skin\classic\overlay.css</path><vendor>PUP.Optional.SiteFinder.A</vendor><action>success</action><hash>d50a551f1b609e9820548ffb1be71ae6</hash></file> <file><path>C:\Users\Nina\AppData\Roaming\Mozilla\Firefox\Profiles\f1vtxk96.default\extensions\sitefinder@sitefinder.com\chrome\skin\classic\sitefinder.css</path><vendor>PUP.Optional.SiteFinder.A</vendor><action>success</action><hash>d50a551f1b609e9820548ffb1be71ae6</hash></file> <file><path>C:\Users\Nina\AppData\Roaming\Mozilla\Firefox\Profiles\f1vtxk96.default\prefs.js</path><vendor>PUP.Optional.CrossRider.A</vendor><action>replaced</action><baddata>user_pref("extensions.crossrider.bic", "144d129de192be5fa1be2b4f2a441b6c");</baddata><gooddata></gooddata><hash>39a64a2afc7f0630b5beb4e4fc08619f</hash></file> <file><path>C:\Users\Nina\AppData\Roaming\Mozilla\Firefox\Profiles\f1vtxk96.default\prefs.js</path><vendor>PUP.Optional.BuenoSearch</vendor><action>replaced</action><baddata>user_pref("extensions.buenosearch.admin", false);</baddata><gooddata></gooddata><hash>657a452f5b2053e305801a7f887cdb25</hash></file> <file><path>C:\Users\Nina\AppData\Roaming\Mozilla\Firefox\Profiles\f1vtxk96.default\prefs.js</path><vendor>PUP.Optional.BuenoSearch</vendor><action>replaced</action><baddata>user_pref("extensions.buenosearch.aflt", "babsst");</baddata><gooddata></gooddata><hash>439c0470d7a40036661f267320e48f71</hash></file> <file><path>C:\Users\Nina\AppData\Roaming\Mozilla\Firefox\Profiles\f1vtxk96.default\prefs.js</path><vendor>PUP.Optional.BuenoSearch</vendor><action>replaced</action><baddata>user_pref("extensions.buenosearch.appId", "{37EB75F2-7392-4DBE-B5AD-147EC6D7BF5F}");</baddata><gooddata></gooddata><hash>c619acc8afcc0234cbba8514659f748c</hash></file> <file><path>C:\Users\Nina\AppData\Roaming\Mozilla\Firefox\Profiles\f1vtxk96.default\prefs.js</path><vendor>PUP.Optional.BuenoSearch</vendor><action>replaced</action><baddata>user_pref("extensions.buenosearch.autoRvrt", "false");</baddata><gooddata></gooddata><hash>d30ce4904338cd69572e9405af557987</hash></file> <file><path>C:\Users\Nina\AppData\Roaming\Mozilla\Firefox\Profiles\f1vtxk96.default\prefs.js</path><vendor>PUP.Optional.BuenoSearch</vendor><action>replaced</action><baddata>user_pref("extensions.buenosearch.bbDpng", "12");</baddata><gooddata></gooddata><hash>8659e39190eb181ed0b574255fa59e62</hash></file> <file><path>C:\Users\Nina\AppData\Roaming\Mozilla\Firefox\Profiles\f1vtxk96.default\prefs.js</path><vendor>PUP.Optional.BuenoSearch</vendor><action>replaced</action><baddata>user_pref("extensions.buenosearch.cntry", "DE");</baddata><gooddata></gooddata><hash>845bf87caecdc472aed71d7c13f11ae6</hash></file> <file><path>C:\Users\Nina\AppData\Roaming\Mozilla\Firefox\Profiles\f1vtxk96.default\prefs.js</path><vendor>PUP.Optional.BuenoSearch</vendor><action>replaced</action><baddata>user_pref("extensions.buenosearch.dfltLng", "en");</baddata><gooddata></gooddata><hash>ce111361d5a605315d28475210f4fd03</hash></file> <file><path>C:\Users\Nina\AppData\Roaming\Mozilla\Firefox\Profiles\f1vtxk96.default\prefs.js</path><vendor>PUP.Optional.BuenoSearch</vendor><action>replaced</action><baddata>user_pref("extensions.buenosearch.excTlbr", false);</baddata><gooddata></gooddata><hash>79665e1603785cda15702673f0144fb1</hash></file> <file><path>C:\Users\Nina\AppData\Roaming\Mozilla\Firefox\Profiles\f1vtxk96.default\prefs.js</path><vendor>PUP.Optional.BuenoSearch</vendor><action>replaced</action><baddata>user_pref("extensions.buenosearch.ffxUnstlRst", true);</baddata><gooddata></gooddata><hash>bd22d4a0552686b0f98caeebe61e57a9</hash></file> <file><path>C:\Users\Nina\AppData\Roaming\Mozilla\Firefox\Profiles\f1vtxk96.default\prefs.js</path><vendor>PUP.Optional.BuenoSearch</vendor><action>replaced</action><baddata>user_pref("extensions.buenosearch.hdrMd5", "A41CDBE30F583C45BA374C3DF5C7CA58");</baddata><gooddata></gooddata><hash>4699106435465cda265fd5c4fb09639d</hash></file> <file><path>C:\Users\Nina\AppData\Roaming\Mozilla\Firefox\Profiles\f1vtxk96.default\prefs.js</path><vendor>PUP.Optional.BuenoSearch</vendor><action>replaced</action><baddata>user_pref("extensions.buenosearch.id", "142775060000000000003085a9acd151");</baddata><gooddata></gooddata><hash>db047ef62358a492671ed4c56f958080</hash></file> <file><path>C:\Users\Nina\AppData\Roaming\Mozilla\Firefox\Profiles\f1vtxk96.default\prefs.js</path><vendor>PUP.Optional.BuenoSearch</vendor><action>replaced</action><baddata>user_pref("extensions.buenosearch.instlDay", "16174");</baddata><gooddata></gooddata><hash>e6f98be93744a294fe87a8f12ada857b</hash></file> <file><path>C:\Users\Nina\AppData\Roaming\Mozilla\Firefox\Profiles\f1vtxk96.default\prefs.js</path><vendor>PUP.Optional.BuenoSearch</vendor><action>replaced</action><baddata>user_pref("extensions.buenosearch.instlRef", "sst");</baddata><gooddata></gooddata><hash>5f801262780351e595f06b2ef90b2ad6</hash></file> <file><path>C:\Users\Nina\AppData\Roaming\Mozilla\Firefox\Profiles\f1vtxk96.default\prefs.js</path><vendor>PUP.Optional.BuenoSearch</vendor><action>replaced</action><baddata>user_pref("extensions.buenosearch.lastB", "hxxp://www.buenosearch.com/?babsrc=HP_ss&mntrId=14273085A9ACD151&affID=127690&tsp=5184");</baddata><gooddata></gooddata><hash>7c6376fe0f6c44f2fa8bd7c215efd62a</hash></file> <file><path>C:\Users\Nina\AppData\Roaming\Mozilla\Firefox\Profiles\f1vtxk96.default\prefs.js</path><vendor>PUP.Optional.BuenoSearch</vendor><action>replaced</action><baddata>user_pref("extensions.buenosearch.lastVrsnTs", "1.8.28.716:50:14");</baddata><gooddata></gooddata><hash>00dfea8ae39884b23550b4e51de7ce32</hash></file> <file><path>C:\Users\Nina\AppData\Roaming\Mozilla\Firefox\Profiles\f1vtxk96.default\prefs.js</path><vendor>PUP.Optional.BuenoSearch</vendor><action>replaced</action><baddata>user_pref("extensions.buenosearch.newTab", false);</baddata><gooddata></gooddata><hash>a23d274d0279bb7b88fde5b48d7741bf</hash></file> <file><path>C:\Users\Nina\AppData\Roaming\Mozilla\Firefox\Profiles\f1vtxk96.default\prefs.js</path><vendor>PUP.Optional.BuenoSearch</vendor><action>replaced</action><baddata>user_pref("extensions.buenosearch.prdct", "buenosearch");</baddata><gooddata></gooddata><hash>944bef8598e30135add88d0c25df7e82</hash></file> <file><path>C:\Users\Nina\AppData\Roaming\Mozilla\Firefox\Profiles\f1vtxk96.default\prefs.js</path><vendor>PUP.Optional.BuenoSearch</vendor><action>replaced</action><baddata>user_pref("extensions.buenosearch.prtnrId", "buenosearch");</baddata><gooddata></gooddata><hash>637cd89c92e9fb3bc0c51782a4603cc4</hash></file> <file><path>C:\Users\Nina\AppData\Roaming\Mozilla\Firefox\Profiles\f1vtxk96.default\prefs.js</path><vendor>PUP.Optional.BuenoSearch</vendor><action>replaced</action><baddata>user_pref("extensions.buenosearch.rvrt", "false");</baddata><gooddata></gooddata><hash>726d393b81fa31051e677e1b30d422de</hash></file> <file><path>C:\Users\Nina\AppData\Roaming\Mozilla\Firefox\Profiles\f1vtxk96.default\prefs.js</path><vendor>PUP.Optional.BuenoSearch</vendor><action>replaced</action><baddata>user_pref("extensions.buenosearch.sg", "azb");</baddata><gooddata></gooddata><hash>538c64106f0c171ff49101984eb6a35d</hash></file> <file><path>C:\Users\Nina\AppData\Roaming\Mozilla\Firefox\Profiles\f1vtxk96.default\prefs.js</path><vendor>PUP.Optional.BuenoSearch</vendor><action>replaced</action><baddata>user_pref("extensions.buenosearch.smplGrp", "none");</baddata><gooddata></gooddata><hash>6976b5bfd3a887af2d58a4f58e76ce32</hash></file> <file><path>C:\Users\Nina\AppData\Roaming\Mozilla\Firefox\Profiles\f1vtxk96.default\prefs.js</path><vendor>PUP.Optional.BuenoSearch</vendor><action>replaced</action><baddata>user_pref("extensions.buenosearch.tb_url", "hxxp://www.buenosearch.com/?q={searchTerms}&babsrc=TB_ss&mntrId=14273085A9ACD151&affID=128492&tsp=5217");</baddata><gooddata></gooddata><hash>47989ed6502b52e4592c83166c987e82</hash></file> <file><path>C:\Users\Nina\AppData\Roaming\Mozilla\Firefox\Profiles\f1vtxk96.default\prefs.js</path><vendor>PUP.Optional.BuenoSearch</vendor><action>replaced</action><baddata>user_pref("extensions.buenosearch.tlbrId", "base");</baddata><gooddata></gooddata><hash>7e610074601b171f5c294c4d778d14ec</hash></file> <file><path>C:\Users\Nina\AppData\Roaming\Mozilla\Firefox\Profiles\f1vtxk96.default\prefs.js</path><vendor>PUP.Optional.BuenoSearch</vendor><action>replaced</action><baddata>user_pref("extensions.buenosearch.tlbrSrchUrl", "hxxp://www.buenosearch.com/?q={searchTerms}&babsrc=TB_ss&mntrId=14273085A9ACD151&affID=128492&tsp=5217");</baddata><gooddata></gooddata><hash>01de88ecc8b3bc7a6c190d8c3fc5e020</hash></file> <file><path>C:\Users\Nina\AppData\Roaming\Mozilla\Firefox\Profiles\f1vtxk96.default\prefs.js</path><vendor>PUP.Optional.BuenoSearch</vendor><action>replaced</action><baddata>user_pref("extensions.buenosearch.vrsn", "1.8.28.7");</baddata><gooddata></gooddata><hash>6d72b8bc98e37abc592c0990f2129868</hash></file> <file><path>C:\Users\Nina\AppData\Roaming\Mozilla\Firefox\Profiles\f1vtxk96.default\prefs.js</path><vendor>PUP.Optional.BuenoSearch</vendor><action>replaced</action><baddata>user_pref("extensions.buenosearch.vrsnTs", "1.8.28.717:05:11");</baddata><gooddata></gooddata><hash>6976294b4c2f38fe1c697425b0544fb1</hash></file> <file><path>C:\Users\Nina\AppData\Roaming\Mozilla\Firefox\Profiles\f1vtxk96.default\prefs.js</path><vendor>PUP.Optional.BuenoSearch</vendor><action>replaced</action><baddata>user_pref("extensions.buenosearch.vrsni", "1.8.28.7");</baddata><gooddata></gooddata><hash>29b6c0b4671474c2ef965445ce36fd03</hash></file> <file><path>C:\Users\Nina\AppData\Roaming\Mozilla\Firefox\Profiles\f1vtxk96.default\user.js</path><vendor>PUP.Optional.BuenoSearch.A</vendor><action>replaced</action><baddata>user_pref("extensions.buenosearch.tlbrSrchUrl", "hxxp://www.buenosearch.com/?q={searchTerms}&babsrc=TB_ss&mntrId=14273085A9ACD151&affID=128492&tsp=5217");</baddata><gooddata></gooddata><hash>9748a0d4b5c61f1798eeb7e16b993dc3</hash></file> <file><path>C:\Users\Nina\AppData\Roaming\Mozilla\Firefox\Profiles\f1vtxk96.default\user.js</path><vendor>PUP.Optional.BuenoSearch.A</vendor><action>replaced</action><baddata>user_pref("extensions.buenosearch.tb_url", "hxxp://www.buenosearch.com/?q={searchTerms}&babsrc=TB_ss&mntrId=14273085A9ACD151&affID=128492&tsp=5217");</baddata><gooddata></gooddata><hash>9e41205497e41422fb8b3266cc38a45c</hash></file> <file><path>C:\Users\Nina\AppData\Roaming\Mozilla\Firefox\Profiles\f1vtxk96.default\user.js</path><vendor>PUP.Optional.BuenoSearch</vendor><action>replaced</action><baddata>user_pref("extensions.buenosearch.id", "142775060000000000003085a9acd151");</baddata><gooddata></gooddata><hash>bd22561e1b60db5b473d1485699b29d7</hash></file> <file><path>C:\Users\Nina\AppData\Roaming\Mozilla\Firefox\Profiles\f1vtxk96.default\user.js</path><vendor>PUP.Optional.BuenoSearch</vendor><action>replaced</action><baddata>user_pref("extensions.buenosearch.appId", "{37EB75F2-7392-4DBE-B5AD-147EC6D7BF5F}");</baddata><gooddata></gooddata><hash>9847db9983f82c0aacd87b1ec341ec14</hash></file> <file><path>C:\Users\Nina\AppData\Roaming\Mozilla\Firefox\Profiles\f1vtxk96.default\user.js</path><vendor>PUP.Optional.BuenoSearch</vendor><action>replaced</action><baddata>user_pref("extensions.buenosearch.instlDay", "16174");</baddata><gooddata></gooddata><hash>d40bf38194e7b0868103fa9fdc28ce32</hash></file> <file><path>C:\Users\Nina\AppData\Roaming\Mozilla\Firefox\Profiles\f1vtxk96.default\user.js</path><vendor>PUP.Optional.BuenoSearch</vendor><action>replaced</action><baddata>user_pref("extensions.buenosearch.vrsn", "1.8.28.7");</baddata><gooddata></gooddata><hash>617e88ec5c1f0d291e66e2b7976d946c</hash></file> <file><path>C:\Users\Nina\AppData\Roaming\Mozilla\Firefox\Profiles\f1vtxk96.default\user.js</path><vendor>PUP.Optional.BuenoSearch</vendor><action>replaced</action><baddata>user_pref("extensions.buenosearch.vrsni", "1.8.28.7");</baddata><gooddata></gooddata><hash>6c73551f5b203ef8057f89108e7602fe</hash></file> <file><path>C:\Users\Nina\AppData\Roaming\Mozilla\Firefox\Profiles\f1vtxk96.default\user.js</path><vendor>PUP.Optional.BuenoSearch</vendor><action>replaced</action><baddata>user_pref("extensions.buenosearch.vrsnTs", "1.8.28.717:05:11");</baddata><gooddata></gooddata><hash>746b0f650a71c96d9fe5d0c95ea6b947</hash></file> <file><path>C:\Users\Nina\AppData\Roaming\Mozilla\Firefox\Profiles\f1vtxk96.default\user.js</path><vendor>PUP.Optional.BuenoSearch</vendor><action>replaced</action><baddata>user_pref("extensions.buenosearch.prtnrId", "buenosearch");</baddata><gooddata></gooddata><hash>08d7056f601b9e98e3a14158df25639d</hash></file> <file><path>C:\Users\Nina\AppData\Roaming\Mozilla\Firefox\Profiles\f1vtxk96.default\user.js</path><vendor>PUP.Optional.BuenoSearch</vendor><action>replaced</action><baddata>user_pref("extensions.buenosearch.prdct", "buenosearch");</baddata><gooddata></gooddata><hash>459a413335463df9fa8adebb788ccc34</hash></file> <file><path>C:\Users\Nina\AppData\Roaming\Mozilla\Firefox\Profiles\f1vtxk96.default\user.js</path><vendor>PUP.Optional.BuenoSearch</vendor><action>replaced</action><baddata>user_pref("extensions.buenosearch.aflt", "babsst");</baddata><gooddata></gooddata><hash>f1ee3b395c1f6dc98202bfdaee16b64a</hash></file> <file><path>C:\Users\Nina\AppData\Roaming\Mozilla\Firefox\Profiles\f1vtxk96.default\user.js</path><vendor>PUP.Optional.BuenoSearch</vendor><action>replaced</action><baddata>user_pref("extensions.buenosearch.smplGrp", "none");</baddata><gooddata></gooddata><hash>2fb04133c9b2d95d2e56e8b1c53fcd33</hash></file> <file><path>C:\Users\Nina\AppData\Roaming\Mozilla\Firefox\Profiles\f1vtxk96.default\user.js</path><vendor>PUP.Optional.BuenoSearch</vendor><action>replaced</action><baddata>user_pref("extensions.buenosearch.tlbrId", "base");</baddata><gooddata></gooddata><hash>6f7080f47902c670c1c3ff9aa95bb64a</hash></file> <file><path>C:\Users\Nina\AppData\Roaming\Mozilla\Firefox\Profiles\f1vtxk96.default\user.js</path><vendor>PUP.Optional.BuenoSearch</vendor><action>replaced</action><baddata>user_pref("extensions.buenosearch.instlRef", "sst");</baddata><gooddata></gooddata><hash>2cb36e06b9c2092d24600b8e6b99dd23</hash></file> <file><path>C:\Users\Nina\AppData\Roaming\Mozilla\Firefox\Profiles\f1vtxk96.default\user.js</path><vendor>PUP.Optional.BuenoSearch</vendor><action>replaced</action><baddata>user_pref("extensions.buenosearch.dfltLng", "en");</baddata><gooddata></gooddata><hash>f8e72c4854275adced97e0b9bf453fc1</hash></file> <file><path>C:\Users\Nina\AppData\Roaming\Mozilla\Firefox\Profiles\f1vtxk96.default\user.js</path><vendor>PUP.Optional.BuenoSearch</vendor><action>replaced</action><baddata>user_pref("extensions.buenosearch.excTlbr", false);</baddata><gooddata></gooddata><hash>19c6ed87bebd74c2097badec0bf935cb</hash></file> <file><path>C:\Users\Nina\AppData\Roaming\Mozilla\Firefox\Profiles\f1vtxk96.default\user.js</path><vendor>PUP.Optional.BuenoSearch</vendor><action>replaced</action><baddata>user_pref("extensions.buenosearch.ffxUnstlRst", true);</baddata><gooddata></gooddata><hash>1fc0d69e0378d95d097b9108bb49c53b</hash></file> <file><path>C:\Users\Nina\AppData\Roaming\Mozilla\Firefox\Profiles\f1vtxk96.default\user.js</path><vendor>PUP.Optional.BuenoSearch</vendor><action>replaced</action><baddata>user_pref("extensions.buenosearch.admin", false);</baddata><gooddata></gooddata><hash>8857f282502b4ee8374da7f2966e7f81</hash></file> <file><path>C:\Users\Nina\AppData\Roaming\Mozilla\Firefox\Profiles\f1vtxk96.default\user.js</path><vendor>PUP.Optional.BuenoSearch</vendor><action>replaced</action><baddata>user_pref("extensions.buenosearch.autoRvrt", "false");</baddata><gooddata></gooddata><hash>35aa2153e9923cfaff859207bd470df3</hash></file> <file><path>C:\Users\Nina\AppData\Roaming\Mozilla\Firefox\Profiles\f1vtxk96.default\user.js</path><vendor>PUP.Optional.BuenoSearch</vendor><action>replaced</action><baddata>user_pref("extensions.buenosearch.rvrt", "false");</baddata><gooddata></gooddata><hash>8659d69e9ae177bfe3a19504fb090000</hash></file> <file><path>C:\Users\Nina\AppData\Roaming\Mozilla\Firefox\Profiles\f1vtxk96.default\user.js</path><vendor>PUP.Optional.BuenoSearch</vendor><action>replaced</action><baddata>user_pref("extensions.buenosearch.newTab", false);</baddata><gooddata></gooddata><hash>6d72ec889be03ef8f78df3a6d430fb05</hash></file> </items> </mbam-log> Code:
ATTFilter <?xml version="1.0" encoding="UTF-8" ?> <logs> <record severity="debug" LoggingEventType="2" datetime="2014-06-05T20:12:25.969547+02:00" source="Protection" type="Protection" username="SYSTEM" systemname="NINA-PC" last_modified_tag="1e9b4cd7-2e4e-4416-959d-f6f75cb2df29" result="Starting" subtype="Malware Protection"></record> <record severity="debug" LoggingEventType="2" datetime="2014-06-05T20:12:25.972547+02:00" source="Protection" type="Protection" username="SYSTEM" systemname="NINA-PC" last_modified_tag="7499c952-8eee-499b-bb62-51943d30a52c" result="Started" subtype="Malware Protection"></record> <record severity="debug" LoggingEventType="2" datetime="2014-06-05T20:12:25.986548+02:00" source="Protection" type="Protection" username="SYSTEM" systemname="NINA-PC" last_modified_tag="b7fa10c1-cfc8-4d6f-89ff-f50a8fa38f6f" result="Starting" subtype="Malicious Website Protection"></record> <record severity="debug" LoggingEventType="2" datetime="2014-06-05T20:13:04.367743+02:00" source="Protection" type="Protection" username="SYSTEM" systemname="NINA-PC" last_modified_tag="b3fef30e-65ea-4a15-8675-c0a9f03c602c" result="Started" subtype="Malicious Website Protection"></record> <record severity="debug" LoggingEventType="1" datetime="2014-06-05T20:14:30.866690+02:00" source="Manual" type="Update" username="SYSTEM" systemname="NINA-PC" fromVersion="2014.2.20.1" last_modified_tag="561c526d-87fc-42d9-9bbe-964cc7ae019d" name="Rootkit Database" toVersion="2014.6.2.1"></record> <record severity="debug" LoggingEventType="1" datetime="2014-06-05T20:14:35.562959+02:00" source="Manual" type="Update" username="SYSTEM" systemname="NINA-PC" fromVersion="2014.3.4.9" last_modified_tag="38f743d2-d1b1-4386-8686-e68331e9ba4b" name="Malware Database" toVersion="2014.6.5.11"></record> <record severity="debug" LoggingEventType="2" datetime="2014-06-05T20:14:39.286172+02:00" source="Protection" type="Protection" username="SYSTEM" systemname="NINA-PC" last_modified_tag="c0fea3a6-2884-417a-9937-d455b9063cec" result="Starting" subtype="Refresh"></record> <record severity="debug" LoggingEventType="2" datetime="2014-06-05T20:14:39.288172+02:00" source="Protection" type="Protection" username="SYSTEM" systemname="NINA-PC" last_modified_tag="8a2a97bd-7cdd-4494-8e0c-0de986b02789" result="Stopping" subtype="Malicious Website Protection"></record> <record severity="debug" LoggingEventType="2" datetime="2014-06-05T20:14:39.299173+02:00" source="Protection" type="Protection" username="SYSTEM" systemname="NINA-PC" last_modified_tag="d7333ef2-990c-471c-ab94-9db3df71bf51" result="Stopped" subtype="Malicious Website Protection"></record> <record severity="debug" LoggingEventType="2" datetime="2014-06-05T20:14:41.695310+02:00" source="Protection" type="Protection" username="SYSTEM" systemname="NINA-PC" last_modified_tag="646fb251-011d-4522-94a5-f7a4f4de1009" result="Success" subtype="Refresh"></record> <record severity="debug" LoggingEventType="2" datetime="2014-06-05T20:14:41.703310+02:00" source="Protection" type="Protection" username="SYSTEM" systemname="NINA-PC" last_modified_tag="cc17db88-81d7-435b-9c98-5869285404f2" result="Starting" subtype="Malicious Website Protection"></record> <record severity="debug" LoggingEventType="2" datetime="2014-06-05T20:14:41.846318+02:00" source="Protection" type="Protection" username="SYSTEM" systemname="NINA-PC" last_modified_tag="105c6c4f-ebf1-455e-832d-46dab894fbea" result="Started" subtype="Malicious Website Protection"></record> <record severity="debug" LoggingEventType="2" datetime="2014-06-05T20:25:17.234663+02:00" source="Protection" type="Protection" username="SYSTEM" systemname="NINA-PC" last_modified_tag="65aef941-3109-4b5f-9feb-d48ae5c735e0" result="Starting" subtype="Malware Protection"></record> <record severity="debug" LoggingEventType="2" datetime="2014-06-05T20:25:17.281463+02:00" source="Protection" type="Protection" username="SYSTEM" systemname="NINA-PC" last_modified_tag="65f05152-b488-4193-b25c-924b96bcc79f" result="Started" subtype="Malware Protection"></record> <record severity="debug" LoggingEventType="2" datetime="2014-06-05T20:25:17.281463+02:00" source="Protection" type="Protection" username="SYSTEM" systemname="NINA-PC" last_modified_tag="23ed683d-7f9c-4c15-bb19-654227f64af4" result="Starting" subtype="Malicious Website Protection"></record> <record severity="debug" LoggingEventType="2" datetime="2014-06-05T20:26:47.340421+02:00" source="Protection" type="Protection" username="SYSTEM" systemname="NINA-PC" last_modified_tag="77908a56-3daa-47f6-97f4-134b7ef73f01" result="Started" subtype="Malicious Website Protection"></record> <record severity="debug" process="C:\Program Files (x86)\Mozilla Firefox\firefox.exe" LoggingEventType="0" datetime="2014-06-05T21:15:49.643425+02:00" source="Protection" type="Detection" username="SYSTEM" systemname="NINA-PC" last_modified_tag="09ad03d7-1405-484f-b161-f92551b79ea9" subtype="Malicious Website Protection" direction="Outbound" domain="32d1d3b9c.se" ip="5.150.195.167" malwaretype="IP" port="54937"></record> <record severity="debug" process="C:\Program Files (x86)\Mozilla Firefox\firefox.exe" LoggingEventType="0" datetime="2014-06-05T21:15:49.677427+02:00" source="Protection" type="Detection" username="SYSTEM" systemname="NINA-PC" last_modified_tag="ab7e443d-e7fc-4619-adad-08d323a52e2c" subtype="Malicious Website Protection" direction="Outbound" domain="32d1d3b9c.se" ip="5.150.195.167" malwaretype="IP" port="54937"></record> <record severity="debug" process="C:\Program Files (x86)\Mozilla Firefox\firefox.exe" LoggingEventType="0" datetime="2014-06-05T21:15:49.691428+02:00" source="Protection" type="Detection" username="SYSTEM" systemname="NINA-PC" last_modified_tag="79d275ea-586a-4530-9451-44e05809273d" subtype="Malicious Website Protection" direction="Outbound" domain="32d1d3b9c.se" ip="5.150.195.167" malwaretype="IP" port="54938"></record> <record severity="debug" process="C:\Program Files (x86)\Mozilla Firefox\firefox.exe" LoggingEventType="0" datetime="2014-06-05T21:15:49.891439+02:00" source="Protection" type="Detection" username="SYSTEM" systemname="NINA-PC" last_modified_tag="98f57b7c-612a-439e-8325-23ce420acc00" subtype="Malicious Website Protection" direction="Outbound" domain="32d1d3b9c.se" ip="5.150.195.167" malwaretype="IP" port="54939"></record> <record severity="debug" process="C:\Program Files (x86)\Mozilla Firefox\firefox.exe" LoggingEventType="0" datetime="2014-06-05T21:15:49.906440+02:00" source="Protection" type="Detection" username="SYSTEM" systemname="NINA-PC" last_modified_tag="d16e80df-6e44-4b50-af8d-717eeae932b6" subtype="Malicious Website Protection" direction="Outbound" domain="32d1d3b9c.se" ip="5.150.195.167" malwaretype="IP" port="54940"></record> <record severity="debug" LoggingEventType="1" datetime="2014-06-05T21:20:10.781847+02:00" source="Scheduler" type="Update" username="SYSTEM" systemname="NINA-PC" fromVersion="2014.6.5.11" last_modified_tag="01653665-9a24-436c-a0bf-2d6f2234c92b" name="Malware Database" toVersion="2014.6.5.12"></record> <record severity="debug" LoggingEventType="2" datetime="2014-06-05T21:20:39.491889+02:00" source="Protection" type="Protection" username="SYSTEM" systemname="NINA-PC" last_modified_tag="6e35b863-226f-479f-86ce-d68bdb75701c" result="Starting" subtype="Refresh"></record> <record severity="debug" LoggingEventType="2" datetime="2014-06-05T21:20:39.501889+02:00" source="Protection" type="Protection" username="SYSTEM" systemname="NINA-PC" last_modified_tag="e13b2ceb-3ad1-4c22-8666-724bc2f4c093" result="Stopping" subtype="Malicious Website Protection"></record> <record severity="debug" LoggingEventType="2" datetime="2014-06-05T21:20:39.511889+02:00" source="Protection" type="Protection" username="SYSTEM" systemname="NINA-PC" last_modified_tag="fc717549-5f62-4712-81da-6eefd74c9c3a" result="Stopped" subtype="Malicious Website Protection"></record> <record severity="debug" LoggingEventType="2" datetime="2014-06-05T21:20:41.911892+02:00" source="Protection" type="Protection" username="SYSTEM" systemname="NINA-PC" last_modified_tag="18be61f6-970e-4002-86fe-0f6dc080148b" result="Success" subtype="Refresh"></record> <record severity="debug" LoggingEventType="2" datetime="2014-06-05T21:20:41.921892+02:00" source="Protection" type="Protection" username="SYSTEM" systemname="NINA-PC" last_modified_tag="a0847727-a693-4bde-9e4c-078c5657da02" result="Starting" subtype="Malicious Website Protection"></record> <record severity="debug" LoggingEventType="2" datetime="2014-06-05T21:20:42.061892+02:00" source="Protection" type="Protection" username="SYSTEM" systemname="NINA-PC" last_modified_tag="5db6d53f-ff88-4ad7-9904-374205ad365e" result="Started" subtype="Malicious Website Protection"></record> </logs> Code:
ATTFilter <?xml version="1.0" encoding="UTF-8" ?> <logs> <record severity="debug" LoggingEventType="2" datetime="2014-06-05T20:12:25.969547+02:00" source="Protection" type="Protection" username="SYSTEM" systemname="NINA-PC" last_modified_tag="1e9b4cd7-2e4e-4416-959d-f6f75cb2df29" result="Starting" subtype="Malware Protection"></record> <record severity="debug" LoggingEventType="2" datetime="2014-06-05T20:12:25.972547+02:00" source="Protection" type="Protection" username="SYSTEM" systemname="NINA-PC" last_modified_tag="7499c952-8eee-499b-bb62-51943d30a52c" result="Started" subtype="Malware Protection"></record> <record severity="debug" LoggingEventType="2" datetime="2014-06-05T20:12:25.986548+02:00" source="Protection" type="Protection" username="SYSTEM" systemname="NINA-PC" last_modified_tag="b7fa10c1-cfc8-4d6f-89ff-f50a8fa38f6f" result="Starting" subtype="Malicious Website Protection"></record> <record severity="debug" LoggingEventType="2" datetime="2014-06-05T20:13:04.367743+02:00" source="Protection" type="Protection" username="SYSTEM" systemname="NINA-PC" last_modified_tag="b3fef30e-65ea-4a15-8675-c0a9f03c602c" result="Started" subtype="Malicious Website Protection"></record> <record severity="debug" LoggingEventType="1" datetime="2014-06-05T20:14:30.866690+02:00" source="Manual" type="Update" username="SYSTEM" systemname="NINA-PC" fromVersion="2014.2.20.1" last_modified_tag="561c526d-87fc-42d9-9bbe-964cc7ae019d" name="Rootkit Database" toVersion="2014.6.2.1"></record> <record severity="debug" LoggingEventType="1" datetime="2014-06-05T20:14:35.562959+02:00" source="Manual" type="Update" username="SYSTEM" systemname="NINA-PC" fromVersion="2014.3.4.9" last_modified_tag="38f743d2-d1b1-4386-8686-e68331e9ba4b" name="Malware Database" toVersion="2014.6.5.11"></record> <record severity="debug" LoggingEventType="2" datetime="2014-06-05T20:14:39.286172+02:00" source="Protection" type="Protection" username="SYSTEM" systemname="NINA-PC" last_modified_tag="c0fea3a6-2884-417a-9937-d455b9063cec" result="Starting" subtype="Refresh"></record> <record severity="debug" LoggingEventType="2" datetime="2014-06-05T20:14:39.288172+02:00" source="Protection" type="Protection" username="SYSTEM" systemname="NINA-PC" last_modified_tag="8a2a97bd-7cdd-4494-8e0c-0de986b02789" result="Stopping" subtype="Malicious Website Protection"></record> <record severity="debug" LoggingEventType="2" datetime="2014-06-05T20:14:39.299173+02:00" source="Protection" type="Protection" username="SYSTEM" systemname="NINA-PC" last_modified_tag="d7333ef2-990c-471c-ab94-9db3df71bf51" result="Stopped" subtype="Malicious Website Protection"></record> <record severity="debug" LoggingEventType="2" datetime="2014-06-05T20:14:41.695310+02:00" source="Protection" type="Protection" username="SYSTEM" systemname="NINA-PC" last_modified_tag="646fb251-011d-4522-94a5-f7a4f4de1009" result="Success" subtype="Refresh"></record> <record severity="debug" LoggingEventType="2" datetime="2014-06-05T20:14:41.703310+02:00" source="Protection" type="Protection" username="SYSTEM" systemname="NINA-PC" last_modified_tag="cc17db88-81d7-435b-9c98-5869285404f2" result="Starting" subtype="Malicious Website Protection"></record> <record severity="debug" LoggingEventType="2" datetime="2014-06-05T20:14:41.846318+02:00" source="Protection" type="Protection" username="SYSTEM" systemname="NINA-PC" last_modified_tag="105c6c4f-ebf1-455e-832d-46dab894fbea" result="Started" subtype="Malicious Website Protection"></record> <record severity="debug" LoggingEventType="2" datetime="2014-06-05T20:25:17.234663+02:00" source="Protection" type="Protection" username="SYSTEM" systemname="NINA-PC" last_modified_tag="65aef941-3109-4b5f-9feb-d48ae5c735e0" result="Starting" subtype="Malware Protection"></record> <record severity="debug" LoggingEventType="2" datetime="2014-06-05T20:25:17.281463+02:00" source="Protection" type="Protection" username="SYSTEM" systemname="NINA-PC" last_modified_tag="65f05152-b488-4193-b25c-924b96bcc79f" result="Started" subtype="Malware Protection"></record> <record severity="debug" LoggingEventType="2" datetime="2014-06-05T20:25:17.281463+02:00" source="Protection" type="Protection" username="SYSTEM" systemname="NINA-PC" last_modified_tag="23ed683d-7f9c-4c15-bb19-654227f64af4" result="Starting" subtype="Malicious Website Protection"></record> <record severity="debug" LoggingEventType="2" datetime="2014-06-05T20:26:47.340421+02:00" source="Protection" type="Protection" username="SYSTEM" systemname="NINA-PC" last_modified_tag="77908a56-3daa-47f6-97f4-134b7ef73f01" result="Started" subtype="Malicious Website Protection"></record> <record severity="debug" process="C:\Program Files (x86)\Mozilla Firefox\firefox.exe" LoggingEventType="0" datetime="2014-06-05T21:15:49.643425+02:00" source="Protection" type="Detection" username="SYSTEM" systemname="NINA-PC" last_modified_tag="09ad03d7-1405-484f-b161-f92551b79ea9" subtype="Malicious Website Protection" direction="Outbound" domain="32d1d3b9c.se" ip="5.150.195.167" malwaretype="IP" port="54937"></record> <record severity="debug" process="C:\Program Files (x86)\Mozilla Firefox\firefox.exe" LoggingEventType="0" datetime="2014-06-05T21:15:49.677427+02:00" source="Protection" type="Detection" username="SYSTEM" systemname="NINA-PC" last_modified_tag="ab7e443d-e7fc-4619-adad-08d323a52e2c" subtype="Malicious Website Protection" direction="Outbound" domain="32d1d3b9c.se" ip="5.150.195.167" malwaretype="IP" port="54937"></record> <record severity="debug" process="C:\Program Files (x86)\Mozilla Firefox\firefox.exe" LoggingEventType="0" datetime="2014-06-05T21:15:49.691428+02:00" source="Protection" type="Detection" username="SYSTEM" systemname="NINA-PC" last_modified_tag="79d275ea-586a-4530-9451-44e05809273d" subtype="Malicious Website Protection" direction="Outbound" domain="32d1d3b9c.se" ip="5.150.195.167" malwaretype="IP" port="54938"></record> <record severity="debug" process="C:\Program Files (x86)\Mozilla Firefox\firefox.exe" LoggingEventType="0" datetime="2014-06-05T21:15:49.891439+02:00" source="Protection" type="Detection" username="SYSTEM" systemname="NINA-PC" last_modified_tag="98f57b7c-612a-439e-8325-23ce420acc00" subtype="Malicious Website Protection" direction="Outbound" domain="32d1d3b9c.se" ip="5.150.195.167" malwaretype="IP" port="54939"></record> <record severity="debug" process="C:\Program Files (x86)\Mozilla Firefox\firefox.exe" LoggingEventType="0" datetime="2014-06-05T21:15:49.906440+02:00" source="Protection" type="Detection" username="SYSTEM" systemname="NINA-PC" last_modified_tag="d16e80df-6e44-4b50-af8d-717eeae932b6" subtype="Malicious Website Protection" direction="Outbound" domain="32d1d3b9c.se" ip="5.150.195.167" malwaretype="IP" port="54940"></record> <record severity="debug" LoggingEventType="1" datetime="2014-06-05T21:20:10.781847+02:00" source="Scheduler" type="Update" username="SYSTEM" systemname="NINA-PC" fromVersion="2014.6.5.11" last_modified_tag="01653665-9a24-436c-a0bf-2d6f2234c92b" name="Malware Database" toVersion="2014.6.5.12"></record> <record severity="debug" LoggingEventType="2" datetime="2014-06-05T21:20:39.491889+02:00" source="Protection" type="Protection" username="SYSTEM" systemname="NINA-PC" last_modified_tag="6e35b863-226f-479f-86ce-d68bdb75701c" result="Starting" subtype="Refresh"></record> <record severity="debug" LoggingEventType="2" datetime="2014-06-05T21:20:39.501889+02:00" source="Protection" type="Protection" username="SYSTEM" systemname="NINA-PC" last_modified_tag="e13b2ceb-3ad1-4c22-8666-724bc2f4c093" result="Stopping" subtype="Malicious Website Protection"></record> <record severity="debug" LoggingEventType="2" datetime="2014-06-05T21:20:39.511889+02:00" source="Protection" type="Protection" username="SYSTEM" systemname="NINA-PC" last_modified_tag="fc717549-5f62-4712-81da-6eefd74c9c3a" result="Stopped" subtype="Malicious Website Protection"></record> <record severity="debug" LoggingEventType="2" datetime="2014-06-05T21:20:41.911892+02:00" source="Protection" type="Protection" username="SYSTEM" systemname="NINA-PC" last_modified_tag="18be61f6-970e-4002-86fe-0f6dc080148b" result="Success" subtype="Refresh"></record> <record severity="debug" LoggingEventType="2" datetime="2014-06-05T21:20:41.921892+02:00" source="Protection" type="Protection" username="SYSTEM" systemname="NINA-PC" last_modified_tag="a0847727-a693-4bde-9e4c-078c5657da02" result="Starting" subtype="Malicious Website Protection"></record> <record severity="debug" LoggingEventType="2" datetime="2014-06-05T21:20:42.061892+02:00" source="Protection" type="Protection" username="SYSTEM" systemname="NINA-PC" last_modified_tag="5db6d53f-ff88-4ad7-9904-374205ad365e" result="Started" subtype="Malicious Website Protection"></record> </logs> Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x64) Version: 02-06-2014 Ran by Nina at 2014-06-05 21:25:14 Running from C:\Users\Nina\Downloads Boot Mode: Normal ========================================================== ==================== Security Center ======================== AV: Norton Internet Security (Enabled - Up to date) {63DF5164-9100-186D-2187-8DC619EFD8BF} AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: Norton Internet Security (Enabled - Up to date) {D8BEB080-B73A-17E3-1B37-B6B462689202} FW: Norton Internet Security (Enabled) {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4} ==================== Installed Programs ====================== Activision(R) (x32 Version: 1.00.0000 - Activision) Hidden Adobe Flash Player 13 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 13.0.0.214 - Adobe Systems Incorporated) Adobe Flash Player 13 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 13.0.0.214 - Adobe Systems Incorporated) Adobe Reader XI (11.0.07) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.07 - Adobe Systems Incorporated) Adobe Shockwave Player 12.1 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.1.0.150 - Adobe Systems, Inc.) Advanced SystemCare 7 (HKLM-x32\...\Advanced SystemCare 7_is1) (Version: 7.3.1 - IObit) Alamandi (HKLM-x32\...\Alamandi) (Version: 1.0.0.0 - INTENIUM GmbH) Alice im Wunderland (HKLM-x32\...\{C6D7ABF3-3BE5-4A75-9638-7A770CB57B38}) (Version: 1.00.0000 - PurpleHills) ASUS Product Register Program (HKLM-x32\...\{49BE9B8A-E858-4533-A74A-64306C13DB59}) (Version: 1.0.014 - ASUS) BEWERBUNGSMASTER (C:\Program Files (x86)\BEWERBUNGSMASTER\) (HKLM-x32\...\ST6UNST #2) (Version: - ) BEWERBUNGSMASTER (HKLM-x32\...\ST6UNST #1) (Version: - ) Club Cooee (HKCU\...\ClubCooee) (Version: 1.6.15.0 - cooee GmbH) DAEMON Tools Lite (HKLM-x32\...\DAEMON Tools Lite) (Version: 4.48.1.0347 - Disc Soft Ltd) Deutschland Spielt - Spiele Post (HKLM-x32\...\Deutschland Spielt - Spiele Post) (Version: 1.0.4.38 - INTENIUM GmbH) DEUTSCHLAND SPIELT GAME CENTER (HKLM-x32\...\DSGPlayer) (Version: 2.2.1.51 - INTENIUM GmbH) Die Sims™ 3 (HKLM-x32\...\{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}) (Version: 1.67.2 - Electronic Arts) Die Sims™ 3 70er, 80er & 90er Accessoires (HKLM-x32\...\{E1868CAE-E3B9-4099-8C18-AA8944D336FD}) (Version: 17.0.77 - Electronic Arts) Die Sims™ 3 Einfach tierisch (HKLM-x32\...\{C12631C6-804D-4B32-B0DD-8A496462F106}) (Version: 10.0.96 - Electronic Arts) Die Sims™ 3 Into the Future (HKLM-x32\...\{A0BBD6C7-B546-4048-B33A-F21F5C9F5B09}) (Version: 21.0.150 - Electronic Arts) Die Sims™ 3 Jahreszeiten (HKLM-x32\...\{3DE92282-CB49-434F-81BF-94E5B380E889}) (Version: 16.0.136 - Electronic Arts) Die Sims™ 3 Katy Perry Süße Welt (HKLM-x32\...\{9B2506E3-9A3F-45B5-96BF-509CAD584650}) (Version: 13.0.62 - Electronic Arts) Die Sims™ 3 Late Night (HKLM-x32\...\{45057FCE-5784-48BE-8176-D9D00AF56C3C}) (Version: 6.0.81 - Electronic Arts) Die Sims™ 3 Lebensfreude (HKLM-x32\...\{E6B88BD6-E4B2-4701-A648-B6DAC6E491CC}) (Version: 8.0.152 - Electronic Arts) Die Sims™ 3 Reiseabenteuer (HKLM-x32\...\{BA26FFA5-6D47-47DB-BE56-34C357B5F8CC}) (Version: 2.0.86 - Electronic Arts) Die Sims™ 3 Showtime (HKLM-x32\...\{3BBFD444-5FAB-49F6-98B1-A1954E831399}) (Version: 12.0.273 - Electronic Arts) Die Sims™ 3 Supernatural (HKLM-x32\...\{B37DAFA5-717D-41F8-BDFB-3A4B68C0B3A1}) (Version: 15.0.135 - Electronic Arts) Die Sims™ 3 Traumkarrieren (HKLM-x32\...\{910F4A29-1134-49E0-AD8B-56E4A3152BD1}) (Version: 4.0.87 - Electronic Arts) Die Sims™ 3 Wildes Studentenleben (HKLM-x32\...\{F26DE8EF-F2CF-40DC-8CDA-CC0D82D11B36}) (Version: 18.0.126 - Electronic Arts) Disney Prinzessin - Mein märchenhaftes Abenteuer (HKLM-x32\...\{34647679-5D7E-455C-9DC6-618FA3B7FE1A}) (Version: 1.00.0000 - Disney Interactive Studios) Disney Rapunzel (HKLM-x32\...\{AEAEA61F-ECE0-4528-AD7A-8A916F5F576E}) (Version: 1.00.0000 - Disney Interactive Studios) Dragon Keeper 2 (HKLM-x32\...\Dragon Keeper 2) (Version: 1.0.0.0 - INTENIUM GmbH) Driver Booster (HKLM-x32\...\Driver Booster_is1) (Version: 1.4 - IObit) Ein Yankee unter Rittern (HKLM-x32\...\Ein Yankee unter Rittern) (Version: 1.0.0.0 - INTENIUM GmbH) ESET Online Scanner v3 (HKLM-x32\...\ESET Online Scanner) (Version: - ) FormatFactory 3.3.1.0 (HKLM-x32\...\FormatFactory) (Version: 3.3.1.0 - Format Factory) Free YouTube to MP3 Converter version 3.12.29.304 (HKLM-x32\...\Free YouTube to MP3 Converter_is1) (Version: 3.12.29.304 - DVDVideoSoft Ltd.) Google Chrome (HKLM-x32\...\Google Chrome) (Version: 35.0.1916.114 - Google Inc.) Google Update Helper (x32 Version: 1.3.24.7 - Google Inc.) Hidden Hidden Object Crosswords (HKLM-x32\...\Hidden Object Crosswords) (Version: 1.0.0.0 - INTENIUM GmbH) Infestation: Survivor Stories (HKLM-x32\...\Steam App 226700) (Version: - Hammerpoint Interactive) Intel(R) Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation) Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.0.2.1410 - Intel Corporation) Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 11.1.0.1006 - Intel Corporation) Intel(R) USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 1.0.4.225 - Intel Corporation) Intel® Trusted Connect Service Client (HKLM\...\{09536BA1-E498-4CC3-B834-D884A67D7E34}) (Version: 1.23.605.1 - Intel Corporation) IObit Uninstaller (HKLM-x32\...\IObitUninstall) (Version: 3.2.10.2466 - IObit) Java 7 Update 51 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86417051FF}) (Version: 7.0.510 - Oracle) Java 7 Update 60 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F03217060FF}) (Version: 7.0.600 - Oracle) Java Auto Updater (x32 Version: 2.1.60.19 - Oracle, Inc.) Hidden Jewel Legends – Tree of Life (HKLM-x32\...\Jewel Legends – Tree of Life) (Version: 1.0.0.0 - INTENIUM GmbH) Kao - 2nd round (HKLM-x32\...\Kao - 2nd round) (Version: 1.0 - ) Madagascar 2(TM) (HKLM-x32\...\InstallShield_{F8C02517-4AC3-4026-8292-ACF23E98A7D7}) (Version: 1.00.0000 - Activision) Malwarebytes Anti-Malware Version 2.0.2.1012 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation) Microsoft .NET Framework 4.5.1 (DEU) (Version: 4.5.50938 - Microsoft Corporation) Hidden Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation) Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation) Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{A49F249F-0C91-497F-86DF-B2585E8E76B7}) (Version: 8.0.50727.42 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 (HKLM-x32\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation) Mozilla Firefox 29.0.1 (x86 de) (HKLM-x32\...\Mozilla Firefox 29.0.1 (x86 de)) (Version: 29.0.1 - Mozilla) Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0 - Mozilla) MySims™ (HKLM-x32\...\{68DC42FA-962C-4973-A306-D595D861FA1E}) (Version: 1.00.0000 - Electronic Arts) Norton Internet Security (HKLM-x32\...\NIS) (Version: 19.9.1.14 - Symantec Corporation) NVIDIA 3D Vision Controller-Treiber 332.21 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 332.21 - NVIDIA Corporation) NVIDIA 3D Vision Treiber 332.21 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 332.21 - NVIDIA Corporation) NVIDIA GeForce Experience 2.0.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.0.1 - NVIDIA Corporation) NVIDIA Grafiktreiber 332.21 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 332.21 - NVIDIA Corporation) NVIDIA HD-Audiotreiber 1.3.30.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.30.1 - NVIDIA Corporation) NVIDIA Install Application (Version: 2.1002.151.1095 - NVIDIA Corporation) Hidden NVIDIA LED Visualizer 1.0 (Version: 1.0 - NVIDIA Corporation) Hidden NVIDIA Network Service (Version: 1.0 - NVIDIA Corporation) Hidden NVIDIA PhysX (x32 Version: 9.13.0725 - NVIDIA Corporation) Hidden NVIDIA PhysX-Systemsoftware 9.13.0725 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.13.0725 - NVIDIA Corporation) NVIDIA ShadowPlay 12.4.67 (Version: 12.4.67 - NVIDIA Corporation) Hidden NVIDIA Stereoscopic 3D Driver (x32 Version: 7.17.13.3221 - NVIDIA Corporation) Hidden NVIDIA Systemsteuerung 332.21 (Version: 332.21 - NVIDIA Corporation) Hidden NVIDIA Update 12.4.67 (Version: 12.4.67 - NVIDIA Corporation) Hidden NVIDIA Update Core (Version: 12.4.67 - NVIDIA Corporation) Hidden NVIDIA Virtual Audio 1.2.23 (Version: 1.2.23 - NVIDIA Corporation) Hidden Origin (HKLM-x32\...\Origin) (Version: 9.4.5.195 - Electronic Arts, Inc.) Pflanzen gegen Zombies™ (HKLM-x32\...\{5E6536C2-E79A-49CF-83EA-817AD81F9FC8}) (Version: 1.2.0.1093 - Electronic Arts, Inc.) Pharao (HKLM-x32\...\Pharao) (Version: - ) Ponywelt 2 (HKLM-x32\...\Ponywelt 2) (Version: - ) PunkBuster Services (HKLM-x32\...\PunkBusterSvc) (Version: 0.993 - Even Balance, Inc.) QuickPar 0.9 (HKLM-x32\...\QuickPar) (Version: 0.9 - Peter B. Clements) Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.52.203.2012 - Realtek) Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6570 - Realtek Semiconductor Corp.) SecondLifeViewer (remove only) (HKLM-x32\...\SecondLifeViewer) (Version: - ) SHIELD Streaming (Version: 2.1.108 - NVIDIA Corporation) Hidden Surfing Protection (HKLM-x32\...\IObit Surfing Protection_is1) (Version: 1.0 - IObit) swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden Unity Web Player (HKCU\...\UnityWebPlayer) (Version: - Unity Technologies ApS) UseNeXT by Tangysoft (HKLM-x32\...\UseNeXT by Tangysoft_is1) (Version: - Tangysoft Ltd.) VLC media player 2.1.3 (HKLM-x32\...\VLC media player) (Version: 2.1.3 - VideoLAN) WinRAR 5.01 (64-Bit) (HKLM\...\WinRAR archiver) (Version: 5.01.0 - win.rar GmbH) Wizard101(DE) (HKCU\...\Wizard101(DE)_is1) (Version: - Gameforge 4D GmbH) ==================== Restore Points ========================= 05-06-2014 14:55:08 Installiert TheSims3EP6 05-06-2014 14:59:19 Installiert TheSims3EP8 05-06-2014 15:04:05 Installiert TheSims3EP7 05-06-2014 15:09:15 Installiert The Sims 3 World Adventures 05-06-2014 15:12:56 Installiert TheSims3EP9 05-06-2014 15:21:44 Installiert TheSims3SP8 05-06-2014 15:23:33 Installiert TheSims3SP6 05-06-2014 15:26:29 Installiert The Sims 3 Ambitions 05-06-2014 15:44:41 Installed Java 7 Update 60 ==================== Hosts content: ========================== 2009-07-14 04:34 - 2009-06-10 23:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts ==================== Scheduled Tasks (whitelisted) ============= Task: {34BB3A78-F9A1-4A89-8542-08DC0BF6F037} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-03-27] (Google Inc.) Task: {3D2E82C4-86F1-4F87-911C-2D9BB0E0288E} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-03-27] (Google Inc.) Task: {6DDE4660-0328-4077-9228-42D7753F8409} - System32\Tasks\Driver Booster SkipUAC (Nina) => C:\Program Files (x86)\IObit\Driver Booster\DriverBooster.exe [2014-05-09] (IObit) Task: {7EF03E8B-18CC-48EE-9944-A5F983B7BFAB} - System32\Tasks\Driver Booster Update => C:\Program Files (x86)\IObit\Driver Booster\AutoUpdate.exe [2014-05-09] (IObit) Task: {7EF37D31-605A-490C-8443-51821A0D6040} - System32\Tasks\Norton Internet Security\Norton Error Processor => C:\Program Files (x86)\Norton Internet Security\Engine\19.9.1.14\SymErr.exe [2012-02-04] (Symantec Corporation) Task: {8926940A-CCFC-494E-B0A2-988094BFC9E1} - System32\Tasks\Norton WSC Integration => C:\Program Files (x86)\Norton Internet Security\Engine\19.9.1.14\WSCStub.exe [2013-02-02] (Symantec Corporation) Task: {92D70E35-AE65-4153-8322-796F674D5C14} - System32\Tasks\ASC7_SkipUac_Nina => C:\Program Files (x86)\IObit\Advanced SystemCare 7\ASC.exe [2014-05-29] (IObit) Task: {B8A373A3-A94C-4498-8FC2-03E06DBDF40B} - System32\Tasks\Driver Booster Scan => C:\Program Files (x86)\IObit\Driver Booster\Scheduler.exe [2014-03-07] (IObit) Task: {C04C8B46-4154-440A-A725-0707C77FFB4C} - System32\Tasks\Norton Internet Security\Norton Error Analyzer => C:\Program Files (x86)\Norton Internet Security\Engine\19.9.1.14\SymErr.exe [2012-02-04] (Symantec Corporation) Task: {C0B3ED5C-33BA-4CA7-BC33-D53F8AA37FED} - System32\Tasks\Driver Booster SkipUAC (SYSTEM) => C:\Program Files (x86)\IObit\Driver Booster\DriverBooster.exe [2014-05-09] (IObit) Task: {C4041084-D91C-4253-ABCB-FAFB73252337} - System32\Tasks\Uninstaller_SkipUac_Administrator => C:\Program Files (x86)\IObit\IObit Uninstaller\IObitUninstaler.exe [2014-05-06] (IObit) Task: {C51D95D0-C36C-4609-9497-56BB1AE146E5} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-05-14] (Adobe Systems Incorporated) Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe ==================== Loaded Modules (whitelisted) ============= 2014-02-16 13:55 - 2013-12-19 20:53 - 00117536 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll 2014-02-16 22:43 - 2014-02-16 22:43 - 00076888 _____ () C:\Windows\SysWOW64\PnkBstrA.exe 2014-06-05 13:09 - 2013-10-25 12:08 - 00517408 _____ () C:\Program Files (x86)\IObit\Advanced SystemCare 7\sqlite3.dll 2014-02-19 12:02 - 2014-02-19 12:02 - 00172032 _____ () C:\Windows\assembly\NativeImages_v2.0.50727_32\IsdiInterop\00a0b4a9df6e4abf30ae2af3624a77ce\IsdiInterop.ni.dll 2014-02-16 13:26 - 2012-02-01 17:25 - 00059904 _____ () C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IsdiInterop.dll 2014-02-16 13:24 - 2012-02-07 18:39 - 01198872 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\ACE.dll 2014-05-10 11:44 - 2014-05-10 11:44 - 03839088 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll 2014-05-14 20:32 - 2014-05-14 20:32 - 16361136 _____ () C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_214.dll ==================== Alternate Data Streams (whitelisted) ========= AlternateDataStreams: C:\ProgramData\TEMP:373E1720 ==================== Safe Mode (whitelisted) =================== ==================== EXE Association (whitelisted) ============= ==================== Disabled items from MSCONFIG ============== ==================== Faulty Device Manager Devices ============= ==================== Event log errors: ========================= Application errors: ================== Error: (06/05/2014 11:23:51 AM) (Source: SideBySide) (EventID: 80) (User: ) Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3. Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion. In Konflikt stehende Komponenten:. Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest. Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest. Error: (06/05/2014 11:23:46 AM) (Source: SideBySide) (EventID: 80) (User: ) Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3. Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion. In Konflikt stehende Komponenten:. Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest. Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest. Error: (06/05/2014 11:20:53 AM) (Source: SideBySide) (EventID: 80) (User: ) Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3. Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion. In Konflikt stehende Komponenten:. Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest. Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest. Error: (06/05/2014 11:20:49 AM) (Source: SideBySide) (EventID: 80) (User: ) Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3. Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion. In Konflikt stehende Komponenten:. Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest. Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest. Error: (06/05/2014 11:00:30 AM) (Source: Application Hang) (EventID: 1002) (User: ) Description: Programm PatchProgress.exe, Version 8.1.0.1556 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: 16c8 Startzeit: 01cf809c7ed8218e Endzeit: 1 Anwendungspfad: C:\PROGRA~2\ORIGIN\LEGACYPM\PatchProgress.exe Berichts-ID: d2fd0452-ec8f-11e3-917b-3085a9acd151 Error: (06/04/2014 11:26:00 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: Name der fehlerhaften Anwendung: crashreporter.exe, Version: 29.0.1.5239, Zeitstempel: 0x536975cd Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel: 0x00000000 Ausnahmecode: 0xc0000005 Fehleroffset: 0x6d284520 ID des fehlerhaften Prozesses: 0x1700 Startzeit der fehlerhaften Anwendung: 0xcrashreporter.exe0 Pfad der fehlerhaften Anwendung: crashreporter.exe1 Pfad des fehlerhaften Moduls: crashreporter.exe2 Berichtskennung: crashreporter.exe3 Error: (06/03/2014 00:32:04 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Name der fehlerhaften Anwendung: IEXPLORE.EXE, Version: 11.0.9600.17041, Zeitstempel: 0x531807e4 Name des fehlerhaften Moduls: Flash32_13_0_0_214.ocx, Version: 13.0.0.214, Zeitstempel: 0x5359c422 Ausnahmecode: 0xc0000005 Fehleroffset: 0x0020ca1d ID des fehlerhaften Prozesses: 0x24a0 Startzeit der fehlerhaften Anwendung: 0xIEXPLORE.EXE0 Pfad der fehlerhaften Anwendung: IEXPLORE.EXE1 Pfad des fehlerhaften Moduls: IEXPLORE.EXE2 Berichtskennung: IEXPLORE.EXE3 Error: (06/02/2014 03:25:29 PM) (Source: NvStreamSvc) (EventID: 1) (User: ) Description: NvStreamSvcNvVAD initialization failed [6] Error: (06/02/2014 03:25:29 PM) (Source: NvStreamSvc) (EventID: 1) (User: ) Description: NvStreamSvcFailed to set NvVAD endpoint as default Audio endpoint [0] Error: (06/02/2014 03:25:29 PM) (Source: NvStreamSvc) (EventID: 1) (User: ) Description: NvStreamSvcNvVAD endpoint registration failed [0] System errors: ============= Error: (06/05/2014 05:50:35 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: Der Dienst "Websteroids" wurde aufgrund folgenden Fehlers nicht gestartet: %%2 Error: (06/05/2014 05:50:35 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: Der Dienst "Update melondrea" wurde aufgrund folgenden Fehlers nicht gestartet: %%2 Error: (06/05/2014 05:41:27 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: Der Dienst "Websteroids" wurde aufgrund folgenden Fehlers nicht gestartet: %%2 Error: (06/05/2014 05:41:27 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: Der Dienst "Update melondrea" wurde aufgrund folgenden Fehlers nicht gestartet: %%2 Error: (06/05/2014 05:32:01 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: Der Dienst "Websteroids" wurde aufgrund folgenden Fehlers nicht gestartet: %%2 Error: (06/05/2014 05:32:01 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: Der Dienst "Update melondrea" wurde aufgrund folgenden Fehlers nicht gestartet: %%2 Error: (06/05/2014 05:02:43 PM) (Source: Disk) (EventID: 11) (User: ) Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk2\DR2 gefunden. Error: (06/05/2014 03:01:11 PM) (Source: volsnap) (EventID: 36) (User: ) Description: Die Schattenkopien von Volume "C:" wurden abgebrochen, weil der Schattenkopiespeicher nicht auf ein benutzerdefiniertes Limit vergrößert werden konnte. Error: (06/05/2014 02:40:46 PM) (Source: Disk) (EventID: 11) (User: ) Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk2\DR2 gefunden. Error: (06/05/2014 01:41:24 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: Der Dienst "Websteroids" wurde aufgrund folgenden Fehlers nicht gestartet: %%2 Microsoft Office Sessions: ========================= Error: (06/05/2014 11:23:51 AM) (Source: SideBySide) (EventID: 80) (User: ) Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Users\Nina\Downloads\esetsmartinstaller_deu.exe Error: (06/05/2014 11:23:46 AM) (Source: SideBySide) (EventID: 80) (User: ) Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Users\Nina\Downloads\esetsmartinstaller_deu.exe Error: (06/05/2014 11:20:53 AM) (Source: SideBySide) (EventID: 80) (User: ) Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Users\Nina\Downloads\esetsmartinstaller_deu.exe Error: (06/05/2014 11:20:49 AM) (Source: SideBySide) (EventID: 80) (User: ) Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Users\Nina\Downloads\esetsmartinstaller_deu.exe Error: (06/05/2014 11:00:30 AM) (Source: Application Hang) (EventID: 1002) (User: ) Description: PatchProgress.exe8.1.0.155616c801cf809c7ed8218e1C:\PROGRA~2\ORIGIN\LEGACYPM\PatchProgress.exed2fd0452-ec8f-11e3-917b-3085a9acd151 Error: (06/04/2014 11:26:00 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: crashreporter.exe29.0.1.5239536975cdunknown0.0.0.000000000c00000056d284520170001cf7fd6fbab86efC:\Program Files (x86)\Mozilla Firefox\crashreporter.exeunknown3d2f2a21-ebca-11e3-8cdf-3085a9acd151 Error: (06/03/2014 00:32:04 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: IEXPLORE.EXE11.0.9600.17041531807e4Flash32_13_0_0_214.ocx13.0.0.2145359c422c00000050020ca1d24a001cf7f0ff1549c16C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXEC:\Windows\SysWOW64\Macromed\Flash\Flash32_13_0_0_214.ocx4d925366-eb0a-11e3-bd9a-3085a9acd151 Error: (06/02/2014 03:25:29 PM) (Source: NvStreamSvc) (EventID: 1) (User: ) Description: NvStreamSvcNvVAD initialization failed [6] Error: (06/02/2014 03:25:29 PM) (Source: NvStreamSvc) (EventID: 1) (User: ) Description: NvStreamSvcFailed to set NvVAD endpoint as default Audio endpoint [0] Error: (06/02/2014 03:25:29 PM) (Source: NvStreamSvc) (EventID: 1) (User: ) Description: NvStreamSvcNvVAD endpoint registration failed [0] ==================== Memory info =========================== Percentage of memory in use: 16% Total physical RAM: 16326.67 MB Available physical RAM: 13594.91 MB Total Pagefile: 32651.52 MB Available Pagefile: 29836.53 MB Total Virtual: 8192 MB Available Virtual: 8191.82 MB ==================== Drives ================================ Drive c: () (Fixed) (Total:149.05 GB) (Free:30.71 GB) NTFS Drive d: () (Fixed) (Total:74.43 GB) (Free:73.11 GB) NTFS Drive e: () (Fixed) (Total:74.52 GB) (Free:51.42 GB) NTFS Drive f: (Sims3EP11) (CDROM) (Total:6.15 GB) (Free:0 GB) UDF Drive g: (Tangled) (CDROM) (Total:2.64 GB) (Free:0 GB) UDF Drive h: (Volume) (Fixed) (Total:931.51 GB) (Free:488.46 GB) NTFS ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or 8) (Size: 149 GB) (Disk ID: F1BFF7A1) Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS) Partition 2: (Not Active) - (Size=74 GB) - (Type=07 NTFS) Partition 3: (Not Active) - (Size=75 GB) - (Type=07 NTFS) ======================================================== Disk: 1 (Size: 149 GB) (Disk ID: 1CD81CD7) Partition 1: (Not Active) - (Size=149 GB) - (Type=07 NTFS) ======================================================== Disk: 2 (Size: 932 GB) (Disk ID: 66205247) No partition Table on disk 2. ==================== End Of Log ============================ sowas? |
05.06.2014, 20:31 | #4 |
/// Winkelfunktion /// TB-Süch-Tiger™ | Fehler beim Laden des Moduls RegSvr32 Das andere FRST Log fehlt
__________________ Logfiles bitte immer in CODE-Tags posten |
05.06.2014, 20:38 | #5 |
| Fehler beim Laden des Moduls RegSvr32 FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 02-06-2014 Ran by Nina (administrator) on NINA-PC on 05-06-2014 21:24:58 Running from C:\Users\Nina\Downloads Platform: Windows 7 Ultimate Service Pack 1 (X64) OS Language: German Standard Internet Explorer Version 11 Boot Mode: Normal ==================== Processes (Whitelisted) ================= (IObit) C:\Program Files (x86)\IObit\Advanced SystemCare 7\ASCService.exe (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe (Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe (Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe (Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\19.9.1.14\ccsvchst.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe () C:\Windows\SysWOW64\PnkBstrA.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe (Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe (Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\19.9.1.14\ccsvchst.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe (Intenium) C:\Program Files (x86)\OXXOGames\GPlayer\GameCenterNotifier.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe (Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe (Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe ==================== Registry (Whitelisted) ================== HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [6463592 2012-02-10] (Realtek Semiconductor) HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2199840 2014-04-30] (NVIDIA Corporation) HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\nvspcap64.dll [1225920 2014-04-30] (NVIDIA Corporation) HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [291608 2012-03-26] (Intel Corporation) HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [284440 2012-02-01] (Intel Corporation) HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-12-21] (Adobe Systems Incorporated) HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [256896 2014-05-07] (Oracle Corporation) HKU\.DEFAULT\...\Run: [Advanced SystemCare 7] => C:\Program Files (x86)\IObit\Advanced SystemCare 7\ASCTray.exe [2295584 2014-04-21] (IObit) HKU\.DEFAULT\...\RunOnce: [SPReview] - C:\Windows\System32\SPReview\SPReview.exe [301568 2014-02-18] (Microsoft Corporation) HKU\S-1-5-21-1228840033-2895351102-1459622301-1000\...\Run: [DAEMON Tools Lite] => C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [3675352 2013-10-28] (Disc Soft Ltd) HKU\S-1-5-21-1228840033-2895351102-1459622301-1000\...\Run: [Spiele Post] => C:\Program Files (x86)\OXXOGames\GPlayer\GameCenterNotifier.exe [483400 2013-12-06] (Intenium) HKU\S-1-5-21-1228840033-2895351102-1459622301-1000\...\Run: [IQsoft] => regsvr32.exe C:\Users\Nina\AppData\Local\IQsoft\ASMdefm216A.dll <===== ATTENTION HKU\S-1-5-21-1228840033-2895351102-1459622301-1000\...\Run: [IQsoft Update] => regsvr32.exe C:\Users\Nina\AppData\Local\IQsoft\kyw7sr03.dll HKU\S-1-5-21-1228840033-2895351102-1459622301-1000\...\Policies\system: [LogonHoursAction] 2 HKU\S-1-5-21-1228840033-2895351102-1459622301-1000\...\Policies\system: [DontDisplayLogonHoursWarnings] 1 HKU\S-1-5-21-1228840033-2895351102-1459622301-1000\...\Policies\Explorer: [DisallowRun] 1 HKU\S-1-5-21-1228840033-2895351102-1459622301-1000\...\MountPoints2: G - G:\DisneySplash.exe HKU\S-1-5-21-1228840033-2895351102-1459622301-1000\...\MountPoints2: {07a0806c-9700-11e3-9fab-3085a9acd151} - G:\DisneySplash.exe HKU\S-1-5-21-1228840033-2895351102-1459622301-1000\...\MountPoints2: {e3dc3a48-96fd-11e3-a1d5-806e6f6e6963} - F:\Autorun.exe HKU\S-1-5-21-1228840033-2895351102-1459622301-1000\...\MountPoints2: {f48ab14c-96f9-11e3-9b39-806e6f6e6963} - F:\.\Bin\ASSETUP.exe HKU\S-1-5-21-1228840033-2895351102-1459622301-1000\...\Winlogon: [Shell] C:\Windows\explorer.exe [2871808 2011-02-25] (Microsoft Corporation) <==== ATTENTION AppInit_DLLs-x32: c:\progra~2\amazon\amazon~1\\amazon~3.dll => "c:\progra~2\amazon\amazon~1\\amazon~3.dll" File Not Found GroupPolicyUsers\S-1-5-21-1228840033-2895351102-1459622301-1002\User: Group Policy restriction detected <======= ATTENTION ==================== Internet (Whitelisted) ==================== HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x352833F60A2BCF01 HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/ URLSearchHook: HKLM-x32 - Default Value = {CCC7B159-1D8C-11E3-B2AD-F3EF3D58318D} SearchScopes: HKLM - DefaultScope {1CE79CC2-73FA-442F-A916-7B62D1A98476} URL = SearchScopes: HKLM - {460C3D19-B3D4-4964-A550-77D263B0CCCB} URL = hxxp://www.sm.de/?q={searchTerms} SearchScopes: HKLM-x32 - DefaultScope {BB74DE59-BC4C-4172-9AC4-73315F71CFFE} URL = hxxp://websearch.eazytosearch.info/?l=1&q={searchTerms}&pid=724&r=2014/06/01&hid=13168029659258047577&lg=EN&cc=DE SearchScopes: HKLM-x32 - {BB74DE59-BC4C-4172-9AC4-73315F71CFFE} URL = hxxp://websearch.eazytosearch.info/?l=1&q={searchTerms}&pid=724&r=2014/06/01&hid=13168029659258047577&lg=EN&cc=DE SearchScopes: HKCU - DefaultScope {B3B3A6AC-74EC-BD56-BCDB-EFA4799FB9DF} URL = hxxp://de.search.yahoo.com/search?p={searchTerms}&fr=vc_trans_8140&type=securitascout SearchScopes: HKCU - URL hxxp://search.conduit.com/Results.aspx?ctid=CT3323737&octid=EB_ORIGINAL_CTID&SearchSource=58&CUI=&UM=5&UP=SP244E6CBF-8349-4F3A-8DFC-52A4E5111EB7&q={searchTerms}&SSPV= SearchScopes: HKCU - SuggestionsURL_JSON hxxp://suggest.search.conduit.com/CSuggestJson.ashx?prefix={searchTerms} SearchScopes: HKCU - {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = hxxp://www.buenosearch.com/?q={searchTerms}&babsrc=SP_ss&mntrId=14273085A9ACD151&affID=128492&tsp=5217 SearchScopes: HKCU - {460C3D19-B3D4-4964-A550-77D263B0CCCB} URL = hxxp://www.sm.de/?q={searchTerms} SearchScopes: HKCU - {B3B3A6AC-74EC-BD56-BCDB-EFA4799FB9DF} URL = hxxp://de.search.yahoo.com/search?p={searchTerms}&fr=vc_trans_8140&type=securitascout BHO: ExplorerWnd Helper - {10921475-03CE-4E04-90CE-E2E7EF20C814} - C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallExplorer64.dll (IObit) BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) BHO: DVDVideoSoft IE Extension - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns64.dll (DVDVideoSoft Ltd.) BHO: Hotspot Shield Class - {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - C:\Program Files (x86)\Hotspot Shield\HssIE\HssIE_64.dll No File BHO-x32: No Name - {26B19FA4-E8A1-4A1B-A163-1A1E46F830DD} - No File BHO-x32: Norton Identity Protection - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\19.9.1.14\coIEPlg.dll (Symantec Corporation) BHO-x32: Norton Vulnerability Protection - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\19.9.1.14\IPS\IPSBHO.DLL (Symantec Corporation) BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO-x32: Advanced SystemCare Browser Protection - {BA0C978D-D909-49B6-AFE2-8BDE245DC7E6} - C:\Program Files (x86)\IObit\Surfing Protection\BrowerProtect\ASCPlugin_Protection.dll (IObit) BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) BHO-x32: DVDVideoSoft IE Extension - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns.dll (DVDVideoSoft Ltd.) Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\19.9.1.14\coIEPlg.dll (Symantec Corporation) Toolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File Toolbar: HKCU - No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 FireFox: ======== FF ProfilePath: C:\Users\Nina\AppData\Roaming\Mozilla\Firefox\Profiles\f1vtxk96.default FF DefaultSearchEngine: WebSearch FF SearchEngineOrder.1: WebSearch FF SearchEngineOrder.user_pref("browser.search.order.1,S", "WebSearch");: user_pref("browser.search.order.1,S", "WebSearch"); FF SelectedSearchEngine: WebSearch FF Homepage: https://www.google.de/ FF Keyword.URL: hxxp://websearch.eazytosearch.info/?pid=724&r=2014/06/01&hid=13168029659258047577&lg=EN&cc=DE&l=1&q= FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_13_0_0_214.dll () FF Plugin: @java.com/DTPlugin,version=10.51.2 - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=10.51.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_214.dll () FF Plugin-x32: @adobe.com/ShockwavePlayer - C:\Windows\SysWOW64\Adobe\Director\np32dsw_1210150.dll (Adobe Systems, Inc.) FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.0.59 - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation) FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation) FF Plugin-x32: @java.com/DTPlugin,version=10.60.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=10.60.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin-x32: @nvidia.com/3DVision - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation) FF Plugin-x32: @nvidia.com/3DVisionStreaming - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation) FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: @videolan.org/vlc,version=2.1.3 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN) FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF Plugin HKCU: @unity3d.com/UnityPlayer,version=1.0 - C:\Users\Nina\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS) FF user.js: detected! => C:\Users\Nina\AppData\Roaming\Mozilla\Firefox\Profiles\f1vtxk96.default\user.js FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\WebSearch.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml FF Extension: Ads Removal - C:\Users\Nina\AppData\Roaming\Mozilla\Firefox\Profiles\f1vtxk96.default\Extensions\adsremoval@adsremoval.net [2014-06-05] FF Extension: Amazon-Icon - C:\Users\Nina\AppData\Roaming\Mozilla\Firefox\Profiles\f1vtxk96.default\Extensions\amazon-icon@giga.de [2014-04-01] FF Extension: Advanced SystemCare Surfing Protection - C:\Users\Nina\AppData\Roaming\Mozilla\Firefox\Profiles\f1vtxk96.default\Extensions\ascsurfingprotection@iobit.com [2014-06-05] FF Extension: save on - C:\Users\Nina\AppData\Roaming\Mozilla\Firefox\Profiles\f1vtxk96.default\Extensions\auieoaa@y-.co.uk [2014-06-01] FF Extension: Search-NuEwTaB - C:\Users\Nina\AppData\Roaming\Mozilla\Firefox\Profiles\f1vtxk96.default\Extensions\ebuyya@zxzgadhg.net [2014-06-01] FF Extension: YoutubeAdblocker - C:\Users\Nina\AppData\Roaming\Mozilla\Firefox\Profiles\f1vtxk96.default\Extensions\fkia@chjqmws.co.uk [2014-06-01] FF Extension: Star Stable Online - C:\Users\Nina\AppData\Roaming\Mozilla\Firefox\Profiles\f1vtxk96.default\Extensions\plugin@starstable.com [2014-02-18] FF Extension: SparPilot - Gutscheine & mehr... - C:\Users\Nina\AppData\Roaming\Mozilla\Firefox\Profiles\f1vtxk96.default\Extensions\sparpilot@sparpilot.com [2014-04-15] FF Extension: System.Collections.CaseInsensitiveComparer - C:\Users\Nina\AppData\Roaming\Mozilla\Firefox\Profiles\f1vtxk96.default\Extensions\{35CFE46B-1C5F-1AC2-DA02-9AA30B4F6DEE} [2014-05-10] FF Extension: Popular Website Buddy - C:\Users\Nina\AppData\Roaming\Mozilla\Firefox\Profiles\f1vtxk96.default\Extensions\jid1-l6V8exwLVv1lBw@jetpack.xpi [2014-05-15] FF Extension: FlashExtension - C:\Users\Nina\AppData\Roaming\Mozilla\Firefox\Profiles\f1vtxk96.default\Extensions\{22916f38-7247-49e7-934c-c5bc815b8ea3}.xpi [2014-04-20] FF Extension: {8f2053ad-6527-424f-9e64-1eca25d13d01} - C:\Users\Nina\AppData\Roaming\Mozilla\Firefox\Profiles\f1vtxk96.default\Extensions\{8f2053ad-6527-424f-9e64-1eca25d13d01}.xpi [2014-04-20] FF HKLM-x32\...\Firefox\Extensions: [{BBDA0591-3099-440a-AA10-41764D9DB4DB}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.0.0.128\IPSFF FF Extension: Norton Vulnerability Protection - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.0.0.128\IPSFF [2014-02-16] FF HKLM-x32\...\Firefox\Extensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.0.0.128\coFFPlgn\ FF Extension: Norton Toolbar - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.0.0.128\coFFPlgn\ [] FF HKCU\...\Firefox\Extensions: [{B64D9B05-48E1-4CEB-BF58-E0643994E900}] - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\ff\ FF Extension: Download videos and MP3s from YouTube - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\ff\ [] Chrome: ======= CHR HomePage: hxxp://websearch.eazytosearch.info/?pid=724&r=2014/06/01&hid=13168029659258047577&lg=EN&cc=DE CHR RestoreOnStartup: "hxxp://websearch.eazytosearch.info/?pid=724&r=2014/06/01&hid=13168029659258047577&lg=EN&cc=DE" CHR StartupUrls: "hxxp://websearch.eazytosearch.info/?pid=724&r=2014/06/01&hid=13168029659258047577&lg=EN&cc=DE" CHR Extension: (YoutubeAdblocker) - C:\Users\Nina\AppData\Local\Google\Chrome\User Data\Default\Extensions\apimnnpjidaoombgegfjdglhbmjcffke [2014-06-01] CHR Extension: (YouTube) - C:\Users\Nina\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-03-08] CHR Extension: (Google Search) - C:\Users\Nina\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-03-08] CHR Extension: (Enhance Browser) - C:\Users\Nina\AppData\Local\Google\Chrome\User Data\Default\Extensions\encaiiljifbdbjlphpgpiimidegddhic [2014-06-01] CHR Extension: (Search-NuEwTaB) - C:\Users\Nina\AppData\Local\Google\Chrome\User Data\Default\Extensions\fadcplcnmpeikaedkmboghidghbnojad [2014-06-01] CHR Extension: (save on) - C:\Users\Nina\AppData\Local\Google\Chrome\User Data\Default\Extensions\fjdbclcpegianmeojpmoddpgggpnploc [2014-06-01] CHR Extension: (Amazon-Icon) - C:\Users\Nina\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkcedibhemacmilmkpndpkoidlnmgngg [2014-05-27] CHR Extension: (Norton Identity Protection) - C:\Users\Nina\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk [2014-03-09] CHR Extension: (Google Wallet) - C:\Users\Nina\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-03-09] CHR Extension: (Gmail) - C:\Users\Nina\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-03-08] CHR HKCU\...\Chrome\Extension: [nikpibnbobmbdbheedjfogjlikpgpnhp] - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\DVDVideoSoftBrowserExtension.crx [2014-03-10] CHR HKLM-x32\...\Chrome\Extension: [mkcedibhemacmilmkpndpkoidlnmgngg] - C:\Users\Nina\ChromeExtensions\mkcedibhemacmilmkpndpkoidlnmgngg\amazon.crx [2014-04-01] CHR HKLM-x32\...\Chrome\Extension: [mkfokfffehpeedafpekjeddnmnjhmcmk] - C:\Program Files (x86)\Norton Internet Security\Engine\19.9.1.14\Exts\Chrome.crx [2014-02-22] CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION ==================== Services (Whitelisted) ================= R2 AdvancedSystemCareService7; C:\Program Files (x86)\IObit\Advanced SystemCare 7\ASCService.exe [881952 2014-01-14] (IObit) R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [161560 2012-02-07] (Intel Corporation) S2 LiveUpdateSvc; C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe [2152736 2014-05-04] (IObit) R2 MBAMScheduler; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe [1809720 2014-05-12] (Malwarebytes Corporation) R2 MBAMService; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [860472 2014-05-12] (Malwarebytes Corporation) R2 NIS; C:\Program Files (x86)\Norton Internet Security\Engine\19.9.1.14\ccSvcHst.exe [138272 2012-06-16] (Symantec Corporation) R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1618888 2014-04-30] (NVIDIA Corporation) R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [21009352 2014-04-30] (NVIDIA Corporation) R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76888 2014-02-16] () ==================== Drivers (Whitelisted) ==================== R1 BHDrvx64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.0.0.128\Definitions\BASHDefs\20140510.001\BHDrvx64.sys [1530160 2014-05-10] (Symantec Corporation) R1 ccSet_NIS; C:\Windows\system32\drivers\NISx64\1309010.00E\ccSetx64.sys [167072 2012-06-07] (Symantec Corporation) R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283064 2014-02-16] (Disc Soft Ltd) R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [484952 2014-02-16] (Symantec Corporation) R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [137648 2014-02-16] (Symantec Corporation) R1 IDSVia64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.0.0.128\Definitions\IPSDefs\20140604.001\IDSvia64.sys [525016 2014-06-04] (Symantec Corporation) R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-05-12] (Malwarebytes Corporation) R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [122584 2014-06-05] (Malwarebytes Corporation) R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-05-12] (Malwarebytes Corporation) R3 NAVENG; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.0.0.128\Definitions\VirusDefs\20140604.039\ENG64.SYS [126040 2014-06-05] (Symantec Corporation) R3 NAVEX15; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.0.0.128\Definitions\VirusDefs\20140604.039\EX64.SYS [2099288 2014-06-05] (Symantec Corporation) R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [19744 2014-04-30] (NVIDIA Corporation) R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [40392 2014-03-31] (NVIDIA Corporation) R1 Serial; C:\Windows\System32\DRIVERS\serial.sys [94208 2009-07-14] (Brother Industries Ltd.) R1 SRTSP; C:\Windows\System32\Drivers\NISx64\1309010.00E\SRTSP64.SYS [737952 2012-07-06] (Symantec Corporation) R1 SRTSPX; C:\Windows\system32\drivers\NISx64\1309010.00E\SRTSPX64.SYS [37536 2012-07-06] (Symantec Corporation) R0 SymDS; C:\Windows\System32\drivers\NISx64\1309010.00E\SYMDS64.SYS [451192 2011-05-16] (Symantec Corporation) R0 SymEFA; C:\Windows\System32\drivers\NISx64\1309010.00E\SYMEFA64.SYS [1129120 2012-05-22] (Symantec Corporation) R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [175736 2014-02-17] (Symantec Corporation) R1 SymIRON; C:\Windows\system32\drivers\NISx64\1309010.00E\Ironx64.SYS [190072 2012-04-18] (Symantec Corporation) R1 SymNetS; C:\Windows\System32\Drivers\NISx64\1309010.00E\SYMNETS.SYS [405624 2012-04-18] (Symantec Corporation) S3 taphss6; C:\Windows\System32\DRIVERS\taphss6.sys [42184 2013-06-21] (Anchorfree Inc.) S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X] S3 tsusbhub; system32\drivers\tsusbhub.sys [X] S3 VGPU; System32\drivers\rdvgkmd.sys [X] ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2014-06-05 21:24 - 2014-06-05 21:25 - 00023458 _____ () C:\Users\Nina\Downloads\FRST.txt 2014-06-05 21:16 - 2014-06-05 21:25 - 00000000 ____D () C:\FRST 2014-06-05 21:15 - 2014-06-05 21:15 - 02068992 _____ (Farbar) C:\Users\Nina\Downloads\FRST64.exe 2014-06-05 21:14 - 2014-06-05 21:15 - 01059840 _____ (Farbar) C:\Users\Nina\Downloads\FRST.exe 2014-06-05 20:39 - 2014-06-05 20:39 - 01333465 _____ () C:\Users\Nina\Downloads\adwcleaner_3.212.exe 2014-06-05 20:36 - 2014-06-05 20:37 - 00000000 ____D () C:\AdwCleaner 2014-06-05 20:12 - 2014-06-05 21:20 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2014-06-05 20:12 - 2014-06-05 20:12 - 00001106 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk 2014-06-05 20:12 - 2014-06-05 20:12 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 2014-06-05 20:12 - 2014-06-05 20:12 - 00000000 ____D () C:\ProgramData\Malwarebytes 2014-06-05 20:12 - 2014-06-05 20:12 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 2014-06-05 20:12 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys 2014-06-05 20:12 - 2014-05-12 07:26 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys 2014-06-05 20:12 - 2014-05-12 07:25 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys 2014-06-05 20:11 - 2014-06-05 20:11 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Nina\Downloads\mbam-setup-2.0.2.1012.exe 2014-06-05 18:07 - 2014-06-05 18:07 - 00828216 _____ () C:\Users\Nina\Downloads\Setup.exe 2014-06-05 17:53 - 2014-06-05 20:55 - 00000000 ____D () C:\ProgramData\ParetoLogic 2014-06-05 17:53 - 2014-06-05 17:53 - 00000000 ____D () C:\Users\Nina\AppData\Roaming\ParetoLogic 2014-06-05 17:53 - 2014-06-05 17:53 - 00000000 ____D () C:\Users\Nina\AppData\Roaming\DriverCure 2014-06-05 17:52 - 2014-06-05 17:52 - 05249448 _____ (ParetoLogic Inc.) C:\Users\Nina\Downloads\ParetoLogic PC Health Advisor_de.exe 2014-06-05 17:45 - 2014-06-05 17:45 - 00264616 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe 2014-06-05 17:45 - 2014-06-05 17:45 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe 2014-06-05 17:45 - 2014-06-05 17:45 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe 2014-06-05 17:45 - 2014-06-05 17:45 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll 2014-06-05 17:45 - 2014-06-05 17:45 - 00000000 ____D () C:\ProgramData\Sun 2014-06-05 17:45 - 2014-06-05 17:45 - 00000000 ____D () C:\ProgramData\Oracle 2014-06-05 17:45 - 2014-06-05 17:45 - 00000000 ____D () C:\Program Files (x86)\Java 2014-06-05 17:43 - 2014-06-05 17:43 - 29405096 _____ (Oracle Corporation) C:\Users\Nina\Downloads\jre-7u60-windows-i586.exe 2014-06-05 17:35 - 2014-06-05 17:35 - 00700783 ____R (Swearware) C:\Users\Nina\Downloads\dds+.exe 2014-06-05 16:27 - 2014-06-05 16:27 - 00000000 __RHD () C:\Users\Nina\AppData\Roaming\SecuROM 2014-06-05 14:08 - 2014-06-05 14:08 - 00002300 _____ () C:\Users\Public\Desktop\Die*Sims™*3.lnk 2014-06-05 13:32 - 2014-06-05 13:32 - 00001001 _____ () C:\Users\Nina\Desktop\Origin.lnk 2014-06-05 13:12 - 2014-06-05 13:12 - 00002852 _____ () C:\Windows\System32\Tasks\Driver Booster SkipUAC (Nina) 2014-06-05 13:11 - 2014-06-05 13:11 - 00002852 _____ () C:\Windows\System32\Tasks\ASC7_SkipUac_Nina 2014-06-05 13:10 - 2014-06-05 13:10 - 00002892 _____ () C:\Windows\System32\Tasks\Uninstaller_SkipUac_Administrator 2014-06-05 13:10 - 2014-06-05 13:10 - 00001156 _____ () C:\Users\Public\Desktop\IObit Uninstaller.lnk 2014-06-05 13:10 - 2014-06-05 13:10 - 00000000 ____D () C:\Users\Nina\AppData\Roaming\ProductData 2014-06-05 13:10 - 2014-06-05 13:10 - 00000000 ____D () C:\Users\Nina\AppData\Roaming\Apple Computer 2014-06-05 13:10 - 2014-06-05 13:10 - 00000000 ____D () C:\ProgramData\ProductData 2014-06-05 13:10 - 2014-06-05 13:10 - 00000000 ____D () C:\ProgramData\{3C5CBD7B-3D1D-411E-96C2-513FFCA84D2D} 2014-06-05 13:09 - 2014-06-05 13:11 - 00002133 _____ () C:\Users\Public\Desktop\Advanced SystemCare 7.lnk 2014-06-05 13:09 - 2014-06-05 13:09 - 00003220 _____ () C:\Windows\System32\Tasks\Driver Booster Scan 2014-06-05 13:09 - 2014-06-05 13:09 - 00003164 _____ () C:\Windows\System32\Tasks\Driver Booster Update 2014-06-05 13:09 - 2014-06-05 13:09 - 00002860 _____ () C:\Windows\System32\Tasks\Driver Booster SkipUAC (SYSTEM) 2014-06-05 13:09 - 2014-06-05 13:09 - 00001098 _____ () C:\Users\Public\Desktop\Driver Booster.lnk 2014-06-05 13:09 - 2014-06-05 13:09 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Driver Booster 2014-06-05 13:09 - 2014-06-05 13:09 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Advanced SystemCare 7 2014-06-05 13:08 - 2014-06-05 13:10 - 00000000 ____D () C:\ProgramData\IObit 2014-06-05 13:07 - 2014-06-05 13:10 - 00000000 ____D () C:\Users\Nina\AppData\Roaming\IObit 2014-06-05 13:07 - 2014-06-05 13:10 - 00000000 ____D () C:\Program Files (x86)\IObit 2014-06-05 13:07 - 2014-06-05 13:07 - 26248320 _____ (IObit ) C:\Users\Nina\Downloads\imf-setup-2.4.1.15.exe 2014-06-05 12:38 - 2014-06-05 12:38 - 00000000 ____D () C:\Users\Nina\Documents\Symantec 2014-06-05 11:20 - 2014-06-05 11:20 - 00000000 ____D () C:\Program Files (x86)\ESET 2014-06-05 11:19 - 2014-06-05 11:19 - 02347384 _____ (ESET) C:\Users\Nina\Downloads\esetsmartinstaller_deu.exe 2014-06-05 09:43 - 2014-06-05 09:43 - 00001348 __RSH () C:\Users\Einhorn-Pegasus\ntuser.pol 2014-06-05 09:43 - 2014-06-05 09:43 - 00000680 __RSH () C:\Users\Nina\ntuser.pol 2014-06-05 09:27 - 2014-06-05 13:14 - 00000000 ____D () C:\Users\Nina\Documents\Ein Mann hat 7 Tage lang den Himmel auf Teneriffa gefilmt. Was er sah, nimmt mir den Atem-Dateien 2014-06-04 12:58 - 2014-06-04 12:58 - 00003288 _____ () C:\Windows\System32\Tasks\{B6543D33-4196-4FF7-885A-7881AF67AB88} 2014-06-04 12:50 - 2014-06-04 12:50 - 00001861 _____ () C:\Users\Nina\Desktop\UseNeXT by Tangysoft.lnk 2014-06-01 15:35 - 2014-06-01 15:35 - 00000000 ____D () C:\Users\Nina\AppData\Roaming\EZDownloader 2014-06-01 15:34 - 2014-06-05 13:40 - 00000000 ____D () C:\ProgramData\Search-NuEwTaB 2014-06-01 15:34 - 2014-06-05 12:12 - 00000000 ____D () C:\Program Files (x86)\Search-NuEwTaB 2014-06-01 15:34 - 2014-06-05 11:13 - 00000000 ____D () C:\ProgramData\9d268cc6c5d3588d 2014-06-01 15:34 - 2014-06-01 15:34 - 00000000 ____D () C:\Users\Nina\AppData\Local\Torch 2014-06-01 15:34 - 2014-06-01 15:34 - 00000000 ____D () C:\Users\Nina\AppData\Local\Packages 2014-06-01 15:34 - 2014-06-01 15:34 - 00000000 ____D () C:\Users\Nina\AppData\Local\Comodo 2014-06-01 15:34 - 2014-06-01 15:34 - 00000000 ____D () C:\Users\Nina\AppData\Local\Chromatic Browser 2014-06-01 15:34 - 2014-06-01 15:34 - 00000000 ____D () C:\Users\Gast\AppData\Local\Torch 2014-06-01 15:34 - 2014-06-01 15:34 - 00000000 ____D () C:\Users\Gast\AppData\Local\Google 2014-06-01 15:34 - 2014-06-01 15:34 - 00000000 ____D () C:\Users\Gast\AppData\Local\Comodo 2014-06-01 15:34 - 2014-06-01 15:34 - 00000000 ____D () C:\Users\Gast\AppData\Local\Chromatic Browser 2014-06-01 15:34 - 2014-06-01 15:34 - 00000000 ____D () C:\Users\Gast 2014-06-01 15:34 - 2014-06-01 15:34 - 00000000 ____D () C:\Users\Einhorn-Pegasus\AppData\Local\Torch 2014-06-01 15:34 - 2014-06-01 15:34 - 00000000 ____D () C:\Users\Einhorn-Pegasus\AppData\Local\Comodo 2014-06-01 15:34 - 2014-06-01 15:34 - 00000000 ____D () C:\Users\Einhorn-Pegasus\AppData\Local\Chromatic Browser 2014-06-01 15:34 - 2014-06-01 15:34 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Torch 2014-06-01 15:34 - 2014-06-01 15:34 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Google 2014-06-01 15:34 - 2014-06-01 15:34 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Comodo 2014-06-01 15:34 - 2014-06-01 15:34 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Chromatic Browser 2014-06-01 15:34 - 2014-06-01 15:34 - 00000000 ____D () C:\Users\Administrator 2014-06-01 15:34 - 2014-06-01 15:34 - 00000000 ____D () C:\ProgramData\TopApp soft 2014-06-01 15:33 - 2014-06-01 15:34 - 00000000 ____D () C:\ProgramData\InstallMate 2014-05-25 17:53 - 2014-05-25 17:54 - 00000000 ____D () C:\Users\Einhorn-Pegasus\AppData\Local\NVIDIA Corporation 2014-05-25 17:45 - 2014-04-30 20:29 - 01225920 _____ (NVIDIA Corporation) C:\Windows\system32\nvspcap64.dll 2014-05-25 17:45 - 2014-04-30 20:29 - 01081112 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvspcap.dll 2014-05-25 17:44 - 2014-05-25 17:45 - 00000000 ____D () C:\Users\Nina\AppData\Local\NVIDIA Corporation 2014-05-25 17:44 - 2014-03-31 18:42 - 00040392 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvvad64v.sys 2014-05-25 17:44 - 2014-03-31 18:42 - 00034760 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvaudcap32v.dll 2014-05-25 17:41 - 2014-05-25 17:41 - 00000000 ____D () C:\Users\Nina\AppData\Roaming\Microsoft Games 2014-05-25 17:41 - 2014-05-25 17:41 - 00000000 ____D () C:\ProgramData\Microsoft Games 2014-05-23 21:34 - 2014-05-23 21:34 - 00001070 _____ () C:\Users\Nina\Documents\VLC media player.lnk 2014-05-16 18:31 - 2014-05-16 18:31 - 00000000 ____D () C:\ProgramData\PopCap Games 2014-05-16 18:30 - 2014-05-16 18:30 - 00001279 _____ () C:\Users\Public\Desktop\Pflanzen gegen Zombies.lnk 2014-05-16 18:30 - 2014-05-16 18:30 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Pflanzen gegen Zombies 2014-05-14 23:07 - 2014-05-06 06:40 - 23544320 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2014-05-14 23:07 - 2014-05-06 06:17 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2014-05-14 23:07 - 2014-05-06 05:25 - 17382912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2014-05-14 23:07 - 2014-05-06 05:07 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb 2014-05-14 23:07 - 2014-05-06 05:00 - 00084992 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll 2014-05-14 23:07 - 2014-05-06 04:10 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll 2014-05-14 22:37 - 2014-05-09 08:14 - 00477184 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll 2014-05-14 22:37 - 2014-05-09 08:11 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll 2014-05-14 22:37 - 2014-04-12 04:22 - 00155072 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys 2014-05-14 22:37 - 2014-04-12 04:22 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys 2014-05-14 22:37 - 2014-04-12 04:19 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll 2014-05-14 22:37 - 2014-04-12 04:19 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll 2014-05-14 22:37 - 2014-04-12 04:19 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe 2014-05-14 22:37 - 2014-04-12 04:19 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll 2014-05-14 22:37 - 2014-04-12 04:19 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll 2014-05-14 22:37 - 2014-04-12 04:12 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll 2014-05-14 22:37 - 2014-04-12 04:10 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll 2014-05-14 22:37 - 2014-03-25 04:43 - 14175744 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll 2014-05-14 22:37 - 2014-03-25 04:09 - 12874240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll 2014-05-14 22:37 - 2014-03-04 11:47 - 05550016 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe 2014-05-14 22:37 - 2014-03-04 11:44 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll 2014-05-14 22:37 - 2014-03-04 11:44 - 00722944 _____ (Microsoft Corporation) C:\Windows\system32\objsel.dll 2014-05-14 22:37 - 2014-03-04 11:44 - 00424960 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll 2014-05-14 22:37 - 2014-03-04 11:44 - 00340992 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll 2014-05-14 22:37 - 2014-03-04 11:44 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll 2014-05-14 22:37 - 2014-03-04 11:44 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll 2014-05-14 22:37 - 2014-03-04 11:44 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll 2014-05-14 22:37 - 2014-03-04 11:44 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\wincredprovider.dll 2014-05-14 22:37 - 2014-03-04 11:43 - 00455168 _____ (Microsoft Corporation) C:\Windows\system32\winlogon.exe 2014-05-14 22:37 - 2014-03-04 11:43 - 00057344 _____ (Microsoft Corporation) C:\Windows\system32\cngprovider.dll 2014-05-14 22:37 - 2014-03-04 11:43 - 00056832 _____ (Microsoft Corporation) C:\Windows\system32\adprovider.dll 2014-05-14 22:37 - 2014-03-04 11:43 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\capiprovider.dll 2014-05-14 22:37 - 2014-03-04 11:43 - 00052736 _____ (Microsoft Corporation) C:\Windows\system32\dpapiprovider.dll 2014-05-14 22:37 - 2014-03-04 11:43 - 00044544 _____ (Microsoft Corporation) C:\Windows\system32\dimsroam.dll 2014-05-14 22:37 - 2014-03-04 11:43 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll 2014-05-14 22:37 - 2014-03-04 11:20 - 03969984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe 2014-05-14 22:37 - 2014-03-04 11:20 - 03914176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe 2014-05-14 22:37 - 2014-03-04 11:17 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll 2014-05-14 22:37 - 2014-03-04 11:17 - 00538112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\objsel.dll 2014-05-14 22:37 - 2014-03-04 11:17 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll 2014-05-14 22:37 - 2014-03-04 11:17 - 00247808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll 2014-05-14 22:37 - 2014-03-04 11:17 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll 2014-05-14 22:37 - 2014-03-04 11:17 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll 2014-05-14 22:37 - 2014-03-04 11:17 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cngprovider.dll 2014-05-14 22:37 - 2014-03-04 11:17 - 00049664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adprovider.dll 2014-05-14 22:37 - 2014-03-04 11:17 - 00048128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\capiprovider.dll 2014-05-14 22:37 - 2014-03-04 11:17 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dpapiprovider.dll 2014-05-14 22:37 - 2014-03-04 11:17 - 00036864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dimsroam.dll 2014-05-14 22:37 - 2014-03-04 11:17 - 00035328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wincredprovider.dll 2014-05-14 22:37 - 2014-03-04 11:17 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll 2014-05-14 22:37 - 2014-03-04 11:16 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll 2014-05-13 22:07 - 2014-06-05 13:15 - 00000000 ____D () C:\Users\Nina\AppData\Roaming\tor 2014-05-13 22:07 - 2014-06-05 12:15 - 00000000 ____D () C:\Users\Nina\AppData\Roaming\Vaowav 2014-05-13 22:07 - 2014-05-14 08:28 - 00000000 ____D () C:\Users\Nina\AppData\Roaming\Xaok 2014-05-10 17:39 - 2014-06-05 12:13 - 00000000 ____D () C:\Users\Nina\AppData\Local\IQsoft 2014-05-10 15:46 - 2014-05-10 15:46 - 04105416 _____ (Gameforge 4D GmbH ) C:\Users\Einhorn-Pegasus\Downloads\Wizard101_Installer_DE(6).exe 2014-05-10 11:44 - 2014-05-10 11:44 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox 2014-05-10 11:32 - 2014-05-10 11:32 - 04105416 _____ (Gameforge 4D GmbH ) C:\Users\Einhorn-Pegasus\Downloads\Wizard101_Installer_DE(5).exe 2014-05-10 11:31 - 2014-05-10 11:31 - 04105416 _____ (Gameforge 4D GmbH ) C:\Users\Einhorn-Pegasus\Downloads\Wizard101_Installer_DE(4).exe 2014-05-10 11:25 - 2014-05-10 11:25 - 04105416 _____ (Gameforge 4D GmbH ) C:\Users\Einhorn-Pegasus\Downloads\Wizard101_Installer_DE(3).exe 2014-05-10 11:23 - 2014-05-10 11:23 - 04105416 _____ (Gameforge 4D GmbH ) C:\Users\Einhorn-Pegasus\Downloads\Wizard101_Installer_DE(2).exe 2014-05-06 22:07 - 2014-05-15 17:50 - 00000000 ___SD () C:\Windows\system32\CompatTel ==================== One Month Modified Files and Folders ======= 2014-06-05 21:25 - 2014-06-05 21:24 - 00023458 _____ () C:\Users\Nina\Downloads\FRST.txt 2014-06-05 21:25 - 2014-06-05 21:16 - 00000000 ____D () C:\FRST 2014-06-05 21:25 - 2014-02-16 13:08 - 00000000 ____D () C:\Users\Nina\AppData\Local\Temp 2014-06-05 21:20 - 2014-06-05 20:12 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2014-06-05 21:17 - 2014-03-27 17:54 - 00001106 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2014-06-05 21:15 - 2014-06-05 21:15 - 02068992 _____ (Farbar) C:\Users\Nina\Downloads\FRST64.exe 2014-06-05 21:15 - 2014-06-05 21:14 - 01059840 _____ (Farbar) C:\Users\Nina\Downloads\FRST.exe 2014-06-05 20:55 - 2014-06-05 17:53 - 00000000 ____D () C:\ProgramData\ParetoLogic 2014-06-05 20:39 - 2014-06-05 20:39 - 01333465 _____ () C:\Users\Nina\Downloads\adwcleaner_3.212.exe 2014-06-05 20:37 - 2014-06-05 20:36 - 00000000 ____D () C:\AdwCleaner 2014-06-05 20:32 - 2014-02-16 13:42 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job 2014-06-05 20:32 - 2009-07-14 06:45 - 00016944 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2014-06-05 20:32 - 2009-07-14 06:45 - 00016944 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2014-06-05 20:29 - 2014-02-16 13:07 - 01579011 _____ () C:\Windows\WindowsUpdate.log 2014-06-05 20:25 - 2014-03-27 17:54 - 00001102 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2014-06-05 20:25 - 2014-02-16 13:56 - 00000000 ____D () C:\ProgramData\NVIDIA 2014-06-05 20:25 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2014-06-05 20:25 - 2009-07-14 06:51 - 00060341 _____ () C:\Windows\setupact.log 2014-06-05 20:24 - 2014-02-16 13:19 - 00291872 _____ () C:\Windows\PFRO.log 2014-06-05 20:24 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\tracing 2014-06-05 20:23 - 2005-06-13 21:06 - 00000000 _RSHD () C:\Users\Nina\AppData\Roaming\Windows Firewall 2014-06-05 20:12 - 2014-06-05 20:12 - 00001106 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk 2014-06-05 20:12 - 2014-06-05 20:12 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 2014-06-05 20:12 - 2014-06-05 20:12 - 00000000 ____D () C:\ProgramData\Malwarebytes 2014-06-05 20:12 - 2014-06-05 20:12 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 2014-06-05 20:11 - 2014-06-05 20:11 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Nina\Downloads\mbam-setup-2.0.2.1012.exe 2014-06-05 18:17 - 2014-02-16 20:05 - 00000000 ____D () C:\ProgramData\Origin 2014-06-05 18:16 - 2014-02-16 20:05 - 00000000 ____D () C:\Program Files (x86)\Origin 2014-06-05 18:11 - 2014-02-16 14:27 - 00000000 ____D () C:\Users\Nina\AppData\Roaming\UseNeXT 2014-06-05 18:07 - 2014-06-05 18:07 - 00828216 _____ () C:\Users\Nina\Downloads\Setup.exe 2014-06-05 17:53 - 2014-06-05 17:53 - 00000000 ____D () C:\Users\Nina\AppData\Roaming\ParetoLogic 2014-06-05 17:53 - 2014-06-05 17:53 - 00000000 ____D () C:\Users\Nina\AppData\Roaming\DriverCure 2014-06-05 17:52 - 2014-06-05 17:52 - 05249448 _____ (ParetoLogic Inc.) C:\Users\Nina\Downloads\ParetoLogic PC Health Advisor_de.exe 2014-06-05 17:45 - 2014-06-05 17:45 - 00264616 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe 2014-06-05 17:45 - 2014-06-05 17:45 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe 2014-06-05 17:45 - 2014-06-05 17:45 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe 2014-06-05 17:45 - 2014-06-05 17:45 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll 2014-06-05 17:45 - 2014-06-05 17:45 - 00000000 ____D () C:\ProgramData\Sun 2014-06-05 17:45 - 2014-06-05 17:45 - 00000000 ____D () C:\ProgramData\Oracle 2014-06-05 17:45 - 2014-06-05 17:45 - 00000000 ____D () C:\Program Files (x86)\Java 2014-06-05 17:43 - 2014-06-05 17:43 - 29405096 _____ (Oracle Corporation) C:\Users\Nina\Downloads\jre-7u60-windows-i586.exe 2014-06-05 17:35 - 2014-06-05 17:35 - 00700783 ____R (Swearware) C:\Users\Nina\Downloads\dds+.exe 2014-06-05 17:30 - 2014-02-16 14:23 - 00000000 ____D () C:\Users\Nina\AppData\Roaming\vlc 2014-06-05 17:28 - 2009-07-14 07:32 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games 2014-06-05 17:26 - 2014-02-16 13:22 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information 2014-06-05 16:27 - 2014-06-05 16:27 - 00000000 __RHD () C:\Users\Nina\AppData\Roaming\SecuROM 2014-06-05 16:14 - 2014-02-16 16:45 - 00000000 ____D () C:\Users\Nina\Documents\Electronic Arts 2014-06-05 14:08 - 2014-06-05 14:08 - 00002300 _____ () C:\Users\Public\Desktop\Die*Sims™*3.lnk 2014-06-05 14:06 - 2014-02-16 21:02 - 00447752 _____ (On2.com) C:\Windows\SysWOW64\vp6vfw.dll 2014-06-05 13:40 - 2014-06-01 15:34 - 00000000 ____D () C:\ProgramData\Search-NuEwTaB 2014-06-05 13:32 - 2014-06-05 13:32 - 00001001 _____ () C:\Users\Nina\Desktop\Origin.lnk 2014-06-05 13:16 - 2014-03-05 19:39 - 00000000 ____D () C:\Program Files (x86)\Electronic Arts 2014-06-05 13:16 - 2014-02-16 20:11 - 00000000 ____D () C:\Program Files (x86)\Origin Games 2014-06-05 13:15 - 2014-05-13 22:07 - 00000000 ____D () C:\Users\Nina\AppData\Roaming\tor 2014-06-05 13:14 - 2014-06-05 09:27 - 00000000 ____D () C:\Users\Nina\Documents\Ein Mann hat 7 Tage lang den Himmel auf Teneriffa gefilmt. Was er sah, nimmt mir den Atem-Dateien 2014-06-05 13:14 - 2014-02-16 21:23 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Electronic Arts 2014-06-05 13:12 - 2014-06-05 13:12 - 00002852 _____ () C:\Windows\System32\Tasks\Driver Booster SkipUAC (Nina) 2014-06-05 13:11 - 2014-06-05 13:11 - 00002852 _____ () C:\Windows\System32\Tasks\ASC7_SkipUac_Nina 2014-06-05 13:11 - 2014-06-05 13:09 - 00002133 _____ () C:\Users\Public\Desktop\Advanced SystemCare 7.lnk 2014-06-05 13:10 - 2014-06-05 13:10 - 00002892 _____ () C:\Windows\System32\Tasks\Uninstaller_SkipUac_Administrator 2014-06-05 13:10 - 2014-06-05 13:10 - 00001156 _____ () C:\Users\Public\Desktop\IObit Uninstaller.lnk 2014-06-05 13:10 - 2014-06-05 13:10 - 00000000 ____D () C:\Users\Nina\AppData\Roaming\ProductData 2014-06-05 13:10 - 2014-06-05 13:10 - 00000000 ____D () C:\Users\Nina\AppData\Roaming\Apple Computer 2014-06-05 13:10 - 2014-06-05 13:10 - 00000000 ____D () C:\ProgramData\ProductData 2014-06-05 13:10 - 2014-06-05 13:10 - 00000000 ____D () C:\ProgramData\{3C5CBD7B-3D1D-411E-96C2-513FFCA84D2D} 2014-06-05 13:10 - 2014-06-05 13:08 - 00000000 ____D () C:\ProgramData\IObit 2014-06-05 13:10 - 2014-06-05 13:07 - 00000000 ____D () C:\Users\Nina\AppData\Roaming\IObit 2014-06-05 13:10 - 2014-06-05 13:07 - 00000000 ____D () C:\Program Files (x86)\IObit 2014-06-05 13:09 - 2014-06-05 13:09 - 00003220 _____ () C:\Windows\System32\Tasks\Driver Booster Scan 2014-06-05 13:09 - 2014-06-05 13:09 - 00003164 _____ () C:\Windows\System32\Tasks\Driver Booster Update 2014-06-05 13:09 - 2014-06-05 13:09 - 00002860 _____ () C:\Windows\System32\Tasks\Driver Booster SkipUAC (SYSTEM) 2014-06-05 13:09 - 2014-06-05 13:09 - 00001098 _____ () C:\Users\Public\Desktop\Driver Booster.lnk 2014-06-05 13:09 - 2014-06-05 13:09 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Driver Booster 2014-06-05 13:09 - 2014-06-05 13:09 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Advanced SystemCare 7 2014-06-05 13:07 - 2014-06-05 13:07 - 26248320 _____ (IObit ) C:\Users\Nina\Downloads\imf-setup-2.4.1.15.exe 2014-06-05 12:38 - 2014-06-05 12:38 - 00000000 ____D () C:\Users\Nina\Documents\Symantec 2014-06-05 12:15 - 2014-05-13 22:07 - 00000000 ____D () C:\Users\Nina\AppData\Roaming\Vaowav 2014-06-05 12:13 - 2014-05-10 17:39 - 00000000 ____D () C:\Users\Nina\AppData\Local\IQsoft 2014-06-05 12:12 - 2014-06-01 15:34 - 00000000 ____D () C:\Program Files (x86)\Search-NuEwTaB 2014-06-05 11:20 - 2014-06-05 11:20 - 00000000 ____D () C:\Program Files (x86)\ESET 2014-06-05 11:19 - 2014-06-05 11:19 - 02347384 _____ (ESET) C:\Users\Nina\Downloads\esetsmartinstaller_deu.exe 2014-06-05 11:13 - 2014-06-01 15:34 - 00000000 ____D () C:\ProgramData\9d268cc6c5d3588d 2014-06-05 09:43 - 2014-06-05 09:43 - 00001348 __RSH () C:\Users\Einhorn-Pegasus\ntuser.pol 2014-06-05 09:43 - 2014-06-05 09:43 - 00000680 __RSH () C:\Users\Nina\ntuser.pol 2014-06-05 09:43 - 2014-03-30 17:15 - 00000000 ____D () C:\Users\Einhorn-Pegasus 2014-06-05 09:43 - 2014-02-16 13:08 - 00000000 ____D () C:\Users\Nina 2014-06-05 09:43 - 2009-07-14 05:20 - 00000000 ___HD () C:\Windows\system32\GroupPolicy 2014-06-05 09:40 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\system32\NDF 2014-06-05 09:01 - 2014-02-16 14:27 - 00000000 ____D () C:\Users\Nina\Documents\UseNeXT 2014-06-04 14:01 - 2014-03-30 17:15 - 00000000 ____D () C:\Users\Einhorn-Pegasus\AppData\Local\Temp 2014-06-04 12:58 - 2014-06-04 12:58 - 00003288 _____ () C:\Windows\System32\Tasks\{B6543D33-4196-4FF7-885A-7881AF67AB88} 2014-06-04 12:57 - 2014-03-08 19:58 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Zylom 2014-06-04 12:50 - 2014-06-04 12:50 - 00001861 _____ () C:\Users\Nina\Desktop\UseNeXT by Tangysoft.lnk 2014-06-04 12:50 - 2014-02-16 14:27 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\UseNeXT 2014-06-04 12:50 - 2014-02-16 14:27 - 00000000 ____D () C:\Program Files (x86)\UseNeXT 2014-06-04 12:45 - 2009-07-14 05:20 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories 2014-06-04 11:26 - 2014-03-01 11:29 - 00000000 ____D () C:\Users\Nina\AppData\Local\CrashDumps 2014-06-01 15:58 - 2014-03-23 12:20 - 00000000 ____D () C:\ProgramData\TEMP 2014-06-01 15:35 - 2014-06-01 15:35 - 00000000 ____D () C:\Users\Nina\AppData\Roaming\EZDownloader 2014-06-01 15:34 - 2014-06-01 15:34 - 00000000 ____D () C:\Users\Nina\AppData\Local\Torch 2014-06-01 15:34 - 2014-06-01 15:34 - 00000000 ____D () C:\Users\Nina\AppData\Local\Packages 2014-06-01 15:34 - 2014-06-01 15:34 - 00000000 ____D () C:\Users\Nina\AppData\Local\Comodo 2014-06-01 15:34 - 2014-06-01 15:34 - 00000000 ____D () C:\Users\Nina\AppData\Local\Chromatic Browser 2014-06-01 15:34 - 2014-06-01 15:34 - 00000000 ____D () C:\Users\Gast\AppData\Local\Torch 2014-06-01 15:34 - 2014-06-01 15:34 - 00000000 ____D () C:\Users\Gast\AppData\Local\Google 2014-06-01 15:34 - 2014-06-01 15:34 - 00000000 ____D () C:\Users\Gast\AppData\Local\Comodo 2014-06-01 15:34 - 2014-06-01 15:34 - 00000000 ____D () C:\Users\Gast\AppData\Local\Chromatic Browser 2014-06-01 15:34 - 2014-06-01 15:34 - 00000000 ____D () C:\Users\Gast 2014-06-01 15:34 - 2014-06-01 15:34 - 00000000 ____D () C:\Users\Einhorn-Pegasus\AppData\Local\Torch 2014-06-01 15:34 - 2014-06-01 15:34 - 00000000 ____D () C:\Users\Einhorn-Pegasus\AppData\Local\Comodo 2014-06-01 15:34 - 2014-06-01 15:34 - 00000000 ____D () C:\Users\Einhorn-Pegasus\AppData\Local\Chromatic Browser 2014-06-01 15:34 - 2014-06-01 15:34 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Torch 2014-06-01 15:34 - 2014-06-01 15:34 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Google 2014-06-01 15:34 - 2014-06-01 15:34 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Comodo 2014-06-01 15:34 - 2014-06-01 15:34 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Chromatic Browser 2014-06-01 15:34 - 2014-06-01 15:34 - 00000000 ____D () C:\Users\Administrator 2014-06-01 15:34 - 2014-06-01 15:34 - 00000000 ____D () C:\ProgramData\TopApp soft 2014-06-01 15:34 - 2014-06-01 15:33 - 00000000 ____D () C:\ProgramData\InstallMate 2014-06-01 15:34 - 2014-04-21 19:21 - 00000000 ____D () C:\Users\Einhorn-Pegasus\AppData\Local\Google 2014-06-01 15:34 - 2014-02-16 13:17 - 00000000 ____D () C:\Users\Nina\AppData\Local\Google 2014-06-01 15:32 - 2014-03-12 18:11 - 00000000 ____D () C:\Users\Nina\AppData\Roaming\.minecraft 2014-05-29 13:12 - 2014-04-15 11:15 - 00000000 ____D () C:\Users\Einhorn-Pegasus\AppData\Local\SecondLife 2014-05-29 01:12 - 2009-07-14 19:58 - 00699416 _____ () C:\Windows\system32\perfh007.dat 2014-05-29 01:12 - 2009-07-14 19:58 - 00149556 _____ () C:\Windows\system32\perfc007.dat 2014-05-29 01:12 - 2009-07-14 07:13 - 01620612 _____ () C:\Windows\system32\PerfStringBackup.INI 2014-05-29 01:09 - 2014-02-21 17:56 - 00000000 ____D () C:\Users\Nina\AppData\Local\QuickPar 2014-05-25 17:54 - 2014-05-25 17:53 - 00000000 ____D () C:\Users\Einhorn-Pegasus\AppData\Local\NVIDIA Corporation 2014-05-25 17:45 - 2014-05-25 17:44 - 00000000 ____D () C:\Users\Nina\AppData\Local\NVIDIA Corporation 2014-05-25 17:45 - 2014-02-16 13:56 - 00000000 ____D () C:\Program Files (x86)\NVIDIA Corporation 2014-05-25 17:45 - 2014-02-16 13:55 - 00000000 ____D () C:\ProgramData\NVIDIA Corporation 2014-05-25 17:45 - 2014-02-16 13:53 - 00000000 ____D () C:\Program Files\NVIDIA Corporation 2014-05-25 17:41 - 2014-05-25 17:41 - 00000000 ____D () C:\Users\Nina\AppData\Roaming\Microsoft Games 2014-05-25 17:41 - 2014-05-25 17:41 - 00000000 ____D () C:\ProgramData\Microsoft Games 2014-05-23 21:34 - 2014-05-23 21:34 - 00001070 _____ () C:\Users\Nina\Documents\VLC media player.lnk 2014-05-23 16:25 - 2014-03-27 17:54 - 00002175 _____ () C:\Users\Public\Desktop\Google Chrome.lnk 2014-05-21 12:49 - 2014-02-19 16:22 - 00000000 ____D () C:\Users\Nina\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games 2014-05-18 14:05 - 2014-02-23 18:21 - 00000000 ____D () C:\ProgramData\Wizard101(DE) 2014-05-16 18:31 - 2014-05-16 18:31 - 00000000 ____D () C:\ProgramData\PopCap Games 2014-05-16 18:31 - 2014-02-16 20:05 - 00000000 ____D () C:\Users\Nina\AppData\Local\Origin 2014-05-16 18:31 - 2014-02-16 20:05 - 00000000 ____D () C:\ProgramData\Electronic Arts 2014-05-16 18:30 - 2014-05-16 18:30 - 00001279 _____ () C:\Users\Public\Desktop\Pflanzen gegen Zombies.lnk 2014-05-16 18:30 - 2014-05-16 18:30 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Pflanzen gegen Zombies 2014-05-16 18:30 - 2014-02-16 14:11 - 00193468 _____ () C:\Windows\DirectX.log 2014-05-16 18:27 - 2014-02-16 13:46 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk 2014-05-15 21:23 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\rescache 2014-05-15 19:00 - 2014-03-30 17:16 - 00000000 ___RD () C:\Users\Einhorn-Pegasus\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup 2014-05-15 19:00 - 2014-03-30 17:16 - 00000000 ___RD () C:\Users\Einhorn-Pegasus\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools 2014-05-15 17:52 - 2014-02-16 13:08 - 00000000 ___RD () C:\Users\Nina\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup 2014-05-15 17:52 - 2014-02-16 13:08 - 00000000 ___RD () C:\Users\Nina\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools 2014-05-15 17:50 - 2014-05-06 22:07 - 00000000 ___SD () C:\Windows\system32\CompatTel 2014-05-15 17:50 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\PolicyDefinitions 2014-05-14 20:32 - 2014-02-16 13:42 - 00692400 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2014-05-14 20:32 - 2014-02-16 13:42 - 00070832 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2014-05-14 20:32 - 2014-02-16 13:42 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater 2014-05-14 08:28 - 2014-05-13 22:07 - 00000000 ____D () C:\Users\Nina\AppData\Roaming\Xaok 2014-05-12 07:26 - 2014-06-05 20:12 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys 2014-05-12 07:26 - 2014-06-05 20:12 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys 2014-05-12 07:25 - 2014-06-05 20:12 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys 2014-05-11 09:19 - 2014-02-16 16:35 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service 2014-05-10 18:25 - 2014-04-15 11:59 - 00000000 ____D () C:\Users\Einhorn-Pegasus\AppData\Roaming\vlc 2014-05-10 15:46 - 2014-05-10 15:46 - 04105416 _____ (Gameforge 4D GmbH ) C:\Users\Einhorn-Pegasus\Downloads\Wizard101_Installer_DE(6).exe 2014-05-10 11:44 - 2014-05-10 11:44 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox 2014-05-10 11:32 - 2014-05-10 11:32 - 04105416 _____ (Gameforge 4D GmbH ) C:\Users\Einhorn-Pegasus\Downloads\Wizard101_Installer_DE(5).exe 2014-05-10 11:31 - 2014-05-10 11:31 - 04105416 _____ (Gameforge 4D GmbH ) C:\Users\Einhorn-Pegasus\Downloads\Wizard101_Installer_DE(4).exe 2014-05-10 11:25 - 2014-05-10 11:25 - 04105416 _____ (Gameforge 4D GmbH ) C:\Users\Einhorn-Pegasus\Downloads\Wizard101_Installer_DE(3).exe 2014-05-10 11:23 - 2014-05-10 11:23 - 04105416 _____ (Gameforge 4D GmbH ) C:\Users\Einhorn-Pegasus\Downloads\Wizard101_Installer_DE(2).exe 2014-05-09 08:14 - 2014-05-14 22:37 - 00477184 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll 2014-05-09 08:11 - 2014-05-14 22:37 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll 2014-05-08 15:19 - 2014-03-30 18:35 - 00000000 ____D () C:\Users\Einhorn-Pegasus\Documents\Electronic Arts 2014-05-08 08:12 - 2014-03-27 17:54 - 00004102 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA 2014-05-08 08:12 - 2014-03-27 17:54 - 00003850 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore 2014-05-06 06:40 - 2014-05-14 23:07 - 23544320 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2014-05-06 06:17 - 2014-05-14 23:07 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2014-05-06 05:25 - 2014-05-14 23:07 - 17382912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2014-05-06 05:07 - 2014-05-14 23:07 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb 2014-05-06 05:00 - 2014-05-14 23:07 - 00084992 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll 2014-05-06 04:10 - 2014-05-14 23:07 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll Some content of TEMP: ==================== C:\Users\Einhorn-Pegasus\AppData\Local\Temp\DisneyPrincess.exe C:\Users\Einhorn-Pegasus\AppData\Local\Temp\Second_Life_3_7_6_289164_i686_Setup.exe C:\Users\Nina\AppData\Local\Temp\amazonicon_v4.exe C:\Users\Nina\AppData\Local\Temp\amazoninstallernircmdc.exe C:\Users\Nina\AppData\Local\Temp\AutoRun.exe C:\Users\Nina\AppData\Local\Temp\AutoRunGUI.dll C:\Users\Nina\AppData\Local\Temp\bstrapInstall.exe C:\Users\Nina\AppData\Local\Temp\BuenoSearchTB.exe C:\Users\Nina\AppData\Local\Temp\DisneyPrincess.exe C:\Users\Nina\AppData\Local\Temp\EAInstall.dll C:\Users\Nina\AppData\Local\Temp\eauninstall.exe C:\Users\Nina\AppData\Local\Temp\fp_pl_pfs_installer.exe C:\Users\Nina\AppData\Local\Temp\install_flashplayer12x32_mssa_aaa_aih.exe C:\Users\Nina\AppData\Local\Temp\install_reader11_de_mssa_awe_aih[1].exe C:\Users\Nina\AppData\Local\Temp\LiveSupport_setup.exe C:\Users\Nina\AppData\Local\Temp\PrefJsonCpp.exe C:\Users\Nina\AppData\Local\Temp\Quarantine.exe C:\Users\Nina\AppData\Local\Temp\sdanircmdc.exe C:\Users\Nina\AppData\Local\Temp\sdapskill.exe C:\Users\Nina\AppData\Local\Temp\sdaspwn.exe C:\Users\Nina\AppData\Local\Temp\securitascoutgames_3.exe C:\Users\Nina\AppData\Local\Temp\SimilarBundleGenericDl.exe C:\Users\Nina\AppData\Local\Temp\sqlite3.exe C:\Users\Nina\AppData\Local\Temp\The Sims Life Stories_uninst.exe C:\Users\Nina\AppData\Local\Temp\zoo2trial.exe C:\Users\Nina\AppData\Local\Temp\_is4F86.exe C:\Users\Nina\AppData\Local\Temp\_is88ED.exe ==================== Bamital & volsnap Check ================= C:\Windows\System32\winlogon.exe => MD5 is legit C:\Windows\System32\wininit.exe => MD5 is legit C:\Windows\SysWOW64\wininit.exe => MD5 is legit C:\Windows\explorer.exe => MD5 is legit C:\Windows\SysWOW64\explorer.exe => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\SysWOW64\svchost.exe => MD5 is legit C:\Windows\System32\services.exe => MD5 is legit C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\SysWOW64\User32.dll => MD5 is legit C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\SysWOW64\userinit.exe => MD5 is legit C:\Windows\System32\rpcss.dll => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit LastRegBack: 2014-05-29 00:19 ==================== End Of Log ============================ --- --- --- Code:
ATTFilter ESETSmartInstaller@High as downloader log: Can not open internetESETSmartInstaller@High as downloader log: Can not open internetCan not open internetESETSmartInstaller@High as downloader log: Can not open internetCan not open internetESETSmartInstaller@High as downloader log: all ok # version=8 # OnlineScannerApp.exe=1.0.0.1 # OnlineScanner.ocx=1.0.0.7587 # api_version=3.0.2 # EOSSerial=a07a5bd3dbff8c42b445f859df1de2e7 # engine=18567 # end=finished # remove_checked=true # archives_checked=false # unwanted_checked=true # unsafe_checked=true # antistealth_checked=true # utc_time=2014-06-05 10:16:03 # local_time=2014-06-05 12:16:03 (+0100, Mitteleuropäische Sommerzeit) # country="Germany" # lang=1031 # osver=6.1.7601 NT Service Pack 1 # compatibility_mode_1='Norton Internet Security' # compatibility_mode=3591 16777213 100 95 8885264 164559948 0 0 # compatibility_mode_1='' # compatibility_mode=5893 16776573 100 94 5820 153593213 0 0 # scanned=241031 # found=91 # cleaned=79 # scan_time=3028 sh=F32589AEF4F6B3C3384DF75218943F13FEB0A845 ft=1 fh=c71c001198f425ea vn="Win32/InstalleRex.M evtl. unerwünschte Anwendung" ac=I fn="C:\Users\All Users\InstallMate\{ED9232E8-473D-4DE2-AF09-0F1F3671101E}\Custom.dll" sh=458A7DCB3C85CBE3C93EB7876FA0E6CD7E07F0F6 ft=1 fh=c71c0011129d357b vn="Variante von Win32/AdWare.MultiPlug.T Anwendung" ac=I fn="C:\Users\All Users\savE on\YrXfoIG77v.exe" sh=3B2C90B0A0AF44B405D746E437ACBE2DA1E5E741 ft=1 fh=d0e8a9f046f91a20 vn="Win32/TrojanDownloader.Agent.AFD Trojaner" ac=I fn="C:\Users\All Users\TopApp soft\SW-Booster\SW-Booster.exe" sh=D720555BED9632B698A3B1E987D466AAC1706E13 ft=1 fh=977e5f000f7bd5fc vn="Variante von MSIL/Adware.PullUpdate.D Anwendung" ac=I fn="C:\Users\All Users\Websteroids\Websteroids.exe" sh=9645D8A917BFFE50ED3F525480EFE951FDE8E146 ft=1 fh=bb46ad0caaec5998 vn="Variante von MSIL/Adware.PullUpdate.D Anwendung" ac=I fn="C:\Users\All Users\Websteroids\Websteroids64.exe" sh=CE4F40C2FD2C5AC3797EC6101A517E3E1C3EBE40 ft=1 fh=573001fda26e47fa vn="Variante von MSIL/Adware.PullUpdate.A Anwendung" ac=I fn="C:\Users\All Users\Websteroids\WebsteroidsService.exe" sh=14ACB00F6620EF6B811532EEF5191B17733A27D7 ft=1 fh=5483cf7e3d987a9e vn="Variante von MSIL/Adware.PullUpdate.D Anwendung" ac=I fn="C:\Users\All Users\Websteroids\up\2.6.80\Websteroids.exe" sh=9645D8A917BFFE50ED3F525480EFE951FDE8E146 ft=1 fh=bb46ad0caaec5998 vn="Variante von MSIL/Adware.PullUpdate.D Anwendung" ac=I fn="C:\Users\All Users\Websteroids\up\2.6.80\Websteroids64.exe" sh=6313485982F4C1CB08A7AB87E8D1D14A60AB8BE9 ft=1 fh=21f1bc8d1875a69a vn="Variante von MSIL/Adware.PullUpdate.A Anwendung" ac=I fn="C:\Users\All Users\Websteroids\up\2.6.80\WebsteroidsService.exe" sh=458A7DCB3C85CBE3C93EB7876FA0E6CD7E07F0F6 ft=1 fh=c71c0011129d357b vn="Variante von Win32/AdWare.MultiPlug.T Anwendung" ac=I fn="C:\Users\All Users\YoutubeAdblocker\roA7.exe" sh=311749BDF8DC91E9D3F284A5D6EB5C995EFA8DF4 ft=1 fh=db16370fe5cbae6c vn="Variante von MSIL/Adware.PullUpdate.C Anwendung" ac=I fn="C:\Windows\SysWOW64\Websteroids.B324755F3F87.2.6.80.dll" sh=9FFB13BFEA9956D1C84E1F7EE46076B512E487E4 ft=1 fh=092e3241d4211de5 vn="MSIL/Adware.PullUpdate.C Anwendung" ac=I fn="C:\Windows\SysWOW64\Websteroids.B324755F3F87.dll" sh=7DE60A3AEAC96F7FA559D468D852FBDDA731391F ft=1 fh=3d20769bd48072ca vn="Variante von Win32/Bundled.Toolbar.Ask potenziell unsichere Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\Program Files (x86)\FreeTime\FormatFactory\FFModules\Package\Ask\ApnIC.dll" sh=DBA4D7540C69C6492D48E688A00B51387685F8A6 ft=1 fh=fb092140bceb8039 vn="Variante von Win32/Bundled.Toolbar.Ask potenziell unsichere Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\Program Files (x86)\FreeTime\FormatFactory\FFModules\Package\Ask\ApnStub.exe" sh=140308EF85F243BA4D2AAC012B1017B47E52B89E ft=1 fh=ffd7fdcd47cd63f7 vn="Variante von Win32/Bundled.Toolbar.Ask potenziell unsichere Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\Program Files (x86)\FreeTime\FormatFactory\FFModules\Package\Ask\ApnToolbarInstaller.exe" sh=44554E882D1DD6FBF71B6550B0687E3D9FD73711 ft=1 fh=b0638f029680e22d vn="Variante von Win32/Bundled.Toolbar.Ask.D potenziell unsichere Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\Program Files (x86)\FreeTime\FormatFactory\FFModules\Package\Ask\AskPIP_FF_.exe" sh=E5A3C100D2D0FD94482783AF2B2FF94CDFC9923F ft=1 fh=a0ddd0619a504a2e vn="Variante von Win32/Hao123.A evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\Program Files (x86)\FreeTime\FormatFactory\FFModules\Package\BaiDu\hao123inst.exe" sh=0DAFA42039405F8D49A6790180194076BD57C833 ft=1 fh=c71c001147036410 vn="Variante von Win32/AdWare.MultiPlug.N Anwendung (Gesäubert durch Löschen - in Quarantäne kopiert)" ac=C fn="C:\Program Files (x86)\Search-NuEwTaB\Awx3GH.dll" sh=F32589AEF4F6B3C3384DF75218943F13FEB0A845 ft=1 fh=c71c001198f425ea vn="Win32/InstalleRex.M evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\ProgramData\InstallMate\{ED9232E8-473D-4DE2-AF09-0F1F3671101E}\Custom.dll" sh=458A7DCB3C85CBE3C93EB7876FA0E6CD7E07F0F6 ft=1 fh=c71c0011129d357b vn="Variante von Win32/AdWare.MultiPlug.T Anwendung (Gesäubert durch Löschen - in Quarantäne kopiert)" ac=C fn="C:\ProgramData\savE on\YrXfoIG77v.exe" sh=3B2C90B0A0AF44B405D746E437ACBE2DA1E5E741 ft=1 fh=d0e8a9f046f91a20 vn="Win32/TrojanDownloader.Agent.AFD Trojaner (Gesäubert durch Löschen - in Quarantäne kopiert)" ac=C fn="C:\ProgramData\TopApp soft\SW-Booster\SW-Booster.exe" sh=D720555BED9632B698A3B1E987D466AAC1706E13 ft=1 fh=977e5f000f7bd5fc vn="Variante von MSIL/Adware.PullUpdate.D Anwendung (Gesäubert durch Löschen - in Quarantäne kopiert)" ac=C fn="C:\ProgramData\Websteroids\Websteroids.exe" sh=9645D8A917BFFE50ED3F525480EFE951FDE8E146 ft=1 fh=bb46ad0caaec5998 vn="Variante von MSIL/Adware.PullUpdate.D Anwendung (Gesäubert durch Löschen - in Quarantäne kopiert)" ac=C fn="C:\ProgramData\Websteroids\Websteroids64.exe" sh=CE4F40C2FD2C5AC3797EC6101A517E3E1C3EBE40 ft=1 fh=573001fda26e47fa vn="Variante von MSIL/Adware.PullUpdate.A Anwendung (Gesäubert durch Löschen - in Quarantäne kopiert)" ac=C fn="C:\ProgramData\Websteroids\WebsteroidsService.exe" sh=14ACB00F6620EF6B811532EEF5191B17733A27D7 ft=1 fh=5483cf7e3d987a9e vn="Variante von MSIL/Adware.PullUpdate.D Anwendung (Gesäubert durch Löschen - in Quarantäne kopiert)" ac=C fn="C:\ProgramData\Websteroids\up\2.6.80\Websteroids.exe" sh=9645D8A917BFFE50ED3F525480EFE951FDE8E146 ft=1 fh=bb46ad0caaec5998 vn="Variante von MSIL/Adware.PullUpdate.D Anwendung (Gesäubert durch Löschen (nach dem nächsten Neustart) - in Quarantäne kopiert)" ac=C fn="C:\ProgramData\Websteroids\up\2.6.80\Websteroids64.exe" sh=6313485982F4C1CB08A7AB87E8D1D14A60AB8BE9 ft=1 fh=21f1bc8d1875a69a vn="Variante von MSIL/Adware.PullUpdate.A Anwendung (Gesäubert durch Löschen (nach dem nächsten Neustart) - in Quarantäne kopiert)" ac=C fn="C:\ProgramData\Websteroids\up\2.6.80\WebsteroidsService.exe" sh=458A7DCB3C85CBE3C93EB7876FA0E6CD7E07F0F6 ft=1 fh=c71c0011129d357b vn="Variante von Win32/AdWare.MultiPlug.T Anwendung (Gesäubert durch Löschen - in Quarantäne kopiert)" ac=C fn="C:\ProgramData\YoutubeAdblocker\roA7.exe" sh=6CA5B4155761DE0B8972DEF7536E7221B5FC2D9E ft=1 fh=8993812913887d8e vn="Variante von Win32/WinloadSDA.D evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\Users\Einhorn-Pegasus\Downloads\Animal-Crossing_-Wild-World-lnstall.exe" sh=B0AAAD4515C572A4F4C1CB9D1A9301A4096DF454 ft=1 fh=aaf37c003a7cad0c vn="Variante von Win32/SoftonicDownloader.F evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\Users\Einhorn-Pegasus\Downloads\SoftonicDownloader_fuer_wolfquest.exe" sh=0722A569B2D88C617FC9D6A51561D3E9C9588E06 ft=1 fh=31688d330a2d4e0c vn="Win32/OpenCandy potenziell unsichere Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\Users\Nina\AppData\Local\BewerbungsMaster\Temp\PDF-Setup.exe" sh=16B59C9A971DAB1D68C0DCECADBCDAE538EEB543 ft=1 fh=5ba78607f45e4625 vn="Variante von Win32/Packed.Themida.AAJ Trojaner (Gesäubert durch Löschen (nach dem nächsten Neustart) - in Quarantäne kopiert)" ac=C fn="C:\Users\Nina\AppData\Local\IQsoft\ASMdefm216A.dll" sh=0FFE458463F63F2F83EC6F104BBF24CA7920C11D ft=1 fh=049d8628990ae89b vn="Variante von Win32/Packed.Themida.AAJ Trojaner (Gesäubert durch Löschen (nach dem nächsten Neustart) - in Quarantäne kopiert)" ac=C fn="C:\Users\Nina\AppData\Local\IQsoft\kyw7sr03.dll" sh=3B2C90B0A0AF44B405D746E437ACBE2DA1E5E741 ft=1 fh=d0e8a9f046f91a20 vn="Win32/TrojanDownloader.Agent.AFD Trojaner (Gesäubert durch Löschen - in Quarantäne kopiert)" ac=C fn="C:\Users\Nina\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\AK0XIBNI\agup[1].exe" sh=56C47E45A11013BEC34807589595C8EBE4ED7CED ft=1 fh=208c43ea9f28fde1 vn="Variante von Win32/AdWare.MultiPlug.R Anwendung (Gesäubert durch Löschen - in Quarantäne kopiert)" ac=C fn="C:\Users\Nina\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\AK0XIBNI\bPD[1].exe" sh=6417103CC82443E318B39E2DCEA8F37B74C66CD9 ft=1 fh=4a24e13d2ea3489a vn="Variante von Win32/AdWare.MultiPlug.R Anwendung (Gesäubert durch Löschen - in Quarantäne kopiert)" ac=C fn="C:\Users\Nina\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\AK0XIBNI\iYibbhjA[1].exe" sh=CD12217A350F08A8D8AC3CBA25C6C1716B6B00B8 ft=1 fh=9b4979ef2bf78278 vn="Variante von Win32/AdWare.MultiPlug.R Anwendung (Gesäubert durch Löschen - in Quarantäne kopiert)" ac=C fn="C:\Users\Nina\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\AK0XIBNI\QtXmkcV1[1].exe" sh=7003DBCCA89CDEE60520B08BFCF91312895E848F ft=1 fh=a1b0c5b35d74d831 vn="Win32/Boaxxe.BL Trojaner (Gesäubert durch Löschen - in Quarantäne kopiert)" ac=C fn="C:\Users\Nina\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\AK0XIBNI\setup[1].exe" sh=70F84A1432F6810C98C600C44D946322485040D1 ft=1 fh=c297369f5d74d831 vn="Win32/Boaxxe.BL Trojaner (Gesäubert durch Löschen - in Quarantäne kopiert)" ac=C fn="C:\Users\Nina\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\L98ZCM18\install[1].exe" sh=0722A569B2D88C617FC9D6A51561D3E9C9588E06 ft=1 fh=31688d330a2d4e0c vn="Win32/OpenCandy potenziell unsichere Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\Users\Nina\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\L98ZCM18\PDF-Setup[1].exe" sh=C765A4BA698622C549DAF865C56401A6EF3E7667 ft=1 fh=098e43724895edf5 vn="Variante von Win32/AdWare.MultiPlug.R Anwendung (Gesäubert durch Löschen - in Quarantäne kopiert)" ac=C fn="C:\Users\Nina\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VCNYC1I3\6rdYDfecb[1].exe" sh=6D04D56668E67E0D634A6914E54F503EC43CAC8D ft=1 fh=c71c001194990d1f vn="Variante von Win32/SProtector.H evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\Users\Nina\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VCNYC1I3\tpq[1].exe" sh=95440646D51368D4AA9EB9111298483D01849EF8 ft=1 fh=db7c38f117e15733 vn="Variante von Win32/AdWare.MultiPlug.R Anwendung (Gesäubert durch Löschen - in Quarantäne kopiert)" ac=C fn="C:\Users\Nina\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\Z85YUPVK\odskVF[1].exe" sh=4A243DA8679ACB764931623DCE333D20814A91B5 ft=0 fh=0000000000000000 vn="JS/Kryptik.I Trojaner (Gesäubert durch Löschen - in Quarantäne kopiert)" ac=C fn="C:\Users\Nina\AppData\Local\Mozilla\Firefox\Profiles\f1vtxk96.default\Cache\A\F7\213B2d01" sh=651C7C2A8CA4FB4AC37719EC39B2F4A5E4E9FDBD ft=1 fh=6acd10463f324d47 vn="Variante von Generik.HNWQJRC Trojaner (Gesäubert durch Löschen - in Quarantäne kopiert)" ac=C fn="C:\Users\Nina\AppData\Local\Temp\.exe" sh=CB27A6BE2FCAAF746AFA46FE3D9904165E73C801 ft=1 fh=5f95b918289c920a vn="Variante von MSIL/Injector.CVS Trojaner (Gesäubert durch Löschen - in Quarantäne kopiert)" ac=C fn="C:\Users\Nina\AppData\Local\Temp\11191324_svchost.exe" sh=DEAE9D530046C0F5BE0A2B18BAE4040E23DEA121 ft=1 fh=540d493b49211aff vn="Variante von MSIL/Injector.CVS Trojaner (Gesäubert durch Löschen - in Quarantäne kopiert)" ac=C fn="C:\Users\Nina\AppData\Local\Temp\20437456_pisser2.exe" sh=FFC423F5B73FC6544CC89863C0BDDF1E2D520DF2 ft=1 fh=652a8a0daca9a998 vn="Variante von MSIL/Injector.CVS Trojaner (Gesäubert durch Löschen - in Quarantäne kopiert)" ac=C fn="C:\Users\Nina\AppData\Local\Temp\21288738_sadsadsadsadasdsad.exe" sh=002ABCAC55AA0ED2904672FB1BE576E08C659CBF ft=1 fh=5d4fa5822d2dd375 vn="Variante von MSIL/PSW.CoinStealer.L Trojaner (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\Users\Nina\AppData\Local\Temp\24781.exe" sh=8BB0DC9FF54B169259A48AE67A8F8C33AACCAB92 ft=1 fh=15dab27495091c30 vn="Variante von MSIL/PSW.CoinStealer.L Trojaner (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\Users\Nina\AppData\Local\Temp\27378.exe" sh=002ABCAC55AA0ED2904672FB1BE576E08C659CBF ft=1 fh=5d4fa5822d2dd375 vn="Variante von MSIL/PSW.CoinStealer.L Trojaner (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\Users\Nina\AppData\Local\Temp\36694.exe" sh=002ABCAC55AA0ED2904672FB1BE576E08C659CBF ft=1 fh=5d4fa5822d2dd375 vn="Variante von MSIL/PSW.CoinStealer.L Trojaner (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\Users\Nina\AppData\Local\Temp\37126.exe" sh=BA9163DA95BC65BC74909DBFB8B9AB956B08C7AF ft=1 fh=531ee42624295285 vn="Variante von MSIL/PSW.CoinStealer.L Trojaner (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\Users\Nina\AppData\Local\Temp\41413.exe" sh=002ABCAC55AA0ED2904672FB1BE576E08C659CBF ft=1 fh=5d4fa5822d2dd375 vn="Variante von MSIL/PSW.CoinStealer.L Trojaner (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\Users\Nina\AppData\Local\Temp\44550.exe" sh=002ABCAC55AA0ED2904672FB1BE576E08C659CBF ft=1 fh=5d4fa5822d2dd375 vn="Variante von MSIL/PSW.CoinStealer.L Trojaner (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\Users\Nina\AppData\Local\Temp\47403.exe" sh=002ABCAC55AA0ED2904672FB1BE576E08C659CBF ft=1 fh=5d4fa5822d2dd375 vn="Variante von MSIL/PSW.CoinStealer.L Trojaner (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\Users\Nina\AppData\Local\Temp\57141.exe" sh=8BB0DC9FF54B169259A48AE67A8F8C33AACCAB92 ft=1 fh=15dab27495091c30 vn="Variante von MSIL/PSW.CoinStealer.L Trojaner (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\Users\Nina\AppData\Local\Temp\62734.exe" sh=BA9163DA95BC65BC74909DBFB8B9AB956B08C7AF ft=1 fh=531ee42624295285 vn="Variante von MSIL/PSW.CoinStealer.L Trojaner (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\Users\Nina\AppData\Local\Temp\68389.exe" sh=002ABCAC55AA0ED2904672FB1BE576E08C659CBF ft=1 fh=5d4fa5822d2dd375 vn="Variante von MSIL/PSW.CoinStealer.L Trojaner (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\Users\Nina\AppData\Local\Temp\69186.exe" sh=70F84A1432F6810C98C600C44D946322485040D1 ft=1 fh=c297369f5d74d831 vn="Win32/Boaxxe.BL Trojaner (Gesäubert durch Löschen - in Quarantäne kopiert)" ac=C fn="C:\Users\Nina\AppData\Local\Temp\77569.exe" sh=789370AE8C688EF000566C4603461ADC01F036DB ft=1 fh=edd859031e93cc9b vn="Variante von MSIL/Injector.DEN Trojaner (Gesäubert durch Löschen - in Quarantäne kopiert)" ac=C fn="C:\Users\Nina\AppData\Local\Temp\79040.exe" sh=7003DBCCA89CDEE60520B08BFCF91312895E848F ft=1 fh=a1b0c5b35d74d831 vn="Win32/Boaxxe.BL Trojaner (Gesäubert durch Löschen - in Quarantäne kopiert)" ac=C fn="C:\Users\Nina\AppData\Local\Temp\83883.exe" sh=7003DBCCA89CDEE60520B08BFCF91312895E848F ft=1 fh=a1b0c5b35d74d831 vn="Win32/Boaxxe.BL Trojaner (Gesäubert durch Löschen - in Quarantäne kopiert)" ac=C fn="C:\Users\Nina\AppData\Local\Temp\94958.exe" sh=CB27A6BE2FCAAF746AFA46FE3D9904165E73C801 ft=1 fh=5f95b918289c920a vn="Variante von MSIL/Injector.CVS Trojaner (Gesäubert durch Löschen - in Quarantäne kopiert)" ac=C fn="C:\Users\Nina\AppData\Local\Temp\9600800_svchost.exe" sh=7003DBCCA89CDEE60520B08BFCF91312895E848F ft=1 fh=a1b0c5b35d74d831 vn="Win32/Boaxxe.BL Trojaner (Gesäubert durch Löschen - in Quarantäne kopiert)" ac=C fn="C:\Users\Nina\AppData\Local\Temp\96035.exe" sh=CB27A6BE2FCAAF746AFA46FE3D9904165E73C801 ft=1 fh=5f95b918289c920a vn="Variante von MSIL/Injector.CVS Trojaner (Gesäubert durch Löschen - in Quarantäne kopiert)" ac=C fn="C:\Users\Nina\AppData\Local\Temp\9744742_svchost.exe" sh=70F84A1432F6810C98C600C44D946322485040D1 ft=1 fh=c297369f5d74d831 vn="Win32/Boaxxe.BL Trojaner (Gesäubert durch Löschen - in Quarantäne kopiert)" ac=C fn="C:\Users\Nina\AppData\Local\Temp\98217.exe" sh=44554E882D1DD6FBF71B6550B0687E3D9FD73711 ft=1 fh=b0638f029680e22d vn="Variante von Win32/Bundled.Toolbar.Ask.D potenziell unsichere Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\Users\Nina\AppData\Local\Temp\AskPIP_FF_.exe" sh=523F923CB4CBB06F41321F7C0A712A2B1CE5322B ft=1 fh=b6155b93a28ea35f vn="Win32/Boaxxe.BL Trojaner (Gesäubert durch Löschen - in Quarantäne kopiert)" ac=C fn="C:\Users\Nina\AppData\Local\Temp\LSangamML.exe" sh=651C7C2A8CA4FB4AC37719EC39B2F4A5E4E9FDBD ft=1 fh=6acd10463f324d47 vn="Variante von Generik.HNWQJRC Trojaner (Gesäubert durch Löschen - in Quarantäne kopiert)" ac=C fn="C:\Users\Nina\AppData\Local\Temp\nalk.exe" sh=75460D93906C1A355499A14AF3179569204E19B5 ft=1 fh=09f6e1758f811396 vn="Mehrere Bedrohungen (Gesäubert durch Löschen - in Quarantäne kopiert)" ac=C fn="C:\Users\Nina\AppData\Local\Temp\optprosetup.exe" sh=523F923CB4CBB06F41321F7C0A712A2B1CE5322B ft=1 fh=b6155b93a28ea35f vn="Win32/Boaxxe.BL Trojaner (Gesäubert durch Löschen - in Quarantäne kopiert)" ac=C fn="C:\Users\Nina\AppData\Local\Temp\PMpClient.exe" sh=8FB3D382A4ABA609543DD1F92F755DED2276EDD4 ft=1 fh=cf0091fa5dfd94d3 vn="Variante von Win32/BitCoinMiner.BF potenziell unsichere Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\Users\Nina\AppData\Local\Temp\tAXJb.exe" sh=AE4B3ECB491AEF6D1594361E820A6FCC8EF44E3E ft=1 fh=c71c0011d35ff60a vn="Variante von Win64/SProtector.B evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\Users\Nina\AppData\Local\Temp\__tmp_04649eee" sh=32F99788C6D45851A067C84FFFA1116E54CA3EF3 ft=1 fh=c71c00116263307f vn="Variante von Win32/SProtector.D evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\Users\Nina\AppData\Local\Temp\__tmp_25340bf6" sh=9F82BB5DC8D4EC6B8B2BB47CB6C329B8AF1C14CE ft=1 fh=c92ed1f3ca58c043 vn="Win32/InstallCore.AZ evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\Users\Nina\AppData\Local\Temp\102007883.Uninstall\uninstaller.exe" sh=9524C2BC17D2D35ABEE44A5FECA1376781045B3F ft=1 fh=3730fac2628f7d03 vn="Variante von Win32/Toolbar.Babylon.H evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\Users\Nina\AppData\Local\Temp\is1242154493\2424766_stp\BuenoSearchTB.exe" sh=6EFDDE3369DB3B94F9D5D00D5A7B16B53610A86E ft=1 fh=188d7e98fa6da4d1 vn="Win32/Systweak.B evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\Users\Nina\AppData\Local\Temp\is1242154493\2424834_stp\rcpsetup_adppi15_adppi15.exe" sh=9F82BB5DC8D4EC6B8B2BB47CB6C329B8AF1C14CE ft=1 fh=c92ed1f3ca58c043 vn="Win32/InstallCore.AZ evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\Users\Nina\AppData\Local\Temp\is1242154493\2424933_stp\uninstaller.exe" sh=537C8FEEEB1FDD7B5B8EA1AD36D53121B9CD54FF ft=1 fh=7477003680c2cc64 vn="Win32/Packed.ScrambleWrapper.K evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\Users\Nina\AppData\Local\Temp\n4095\HDTotal_DE_1003-bcb4eb1f.exe" sh=91C45E16A830548CC423AA01C18E456844DBB6B6 ft=1 fh=0d441bdf7e3fb258 vn="Win32/Toolbar.Iminent.C evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\Users\Nina\AppData\Local\Temp\n4095\Iminent_1712-b2fcad5e.exe" sh=022E90DB179A5F276A8F1BEECD17EA2A28C399B4 ft=1 fh=8ceacbb55952b415 vn="Win32/Conduit.SearchProtect.Q evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\Users\Nina\AppData\Local\Temp\nsiA16F\SpSetup.exe" sh=231215B7E4E2E766929FF5210305227F1B3C30B9 ft=1 fh=c658c8268e64907d vn="Variante von Win32/BitCoinMiner.BF potenziell unsichere Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\Users\Nina\AppData\Local\Temp\RarSFX0\amd.exe" sh=DB5E4E4F64BAA359255F230C658BE286E266892A ft=1 fh=cc4c339215781df4 vn="Mehrere Bedrohungen (Gesäubert durch Löschen - in Quarantäne kopiert)" ac=C fn="C:\Users\Nina\AppData\Local\Temp\{0B3B3991-9F94-4302-BDCB-2D56FF018D86}\setup.exe" sh=187EBC070D5C5AE0A44619A123F149EC61F2CE85 ft=1 fh=c71c0011b197662b vn="Variante von Win32/Injector.YYR Trojaner (Gesäubert durch Löschen - in Quarantäne kopiert)" ac=C fn="C:\Users\Nina\AppData\Roaming\Vaowav\qarot.exe" sh=4A243DA8679ACB764931623DCE333D20814A91B5 ft=0 fh=0000000000000000 vn="JS/Kryptik.I Trojaner (Gesäubert durch Löschen - in Quarantäne kopiert)" ac=C fn="C:\Users\Nina\Desktop\Ein Mann hat 7 Tage lang den Himmel auf Teneriffa gefilmt. Was er sah, nimmt mir den Atem-Dateien\mo.js" sh=5792AA1392819A4E3F310B72A9467A37FCA05C3F ft=1 fh=c71c001162032e02 vn="Variante von Win32/Injector.YYR Trojaner (Gesäubert durch Löschen - in Quarantäne kopiert)" ac=C fn="C:\Users\Nina\Documents\UseNeXT\alt.binaries.nl\The.Big.Bang.Theory.S06E09.The.Parking.Spot.Escalation.German.Custom.Subbed.WS.HDTV.XviD.i.exe" sh=AB1B34B293C2675379D2A2A53D3F46E826C6ED4C ft=1 fh=c71c001154a759ba vn="Variante von Win32/Injector.YYR Trojaner (Gesäubert durch Löschen - in Quarantäne kopiert)" ac=C fn="C:\Users\Nina\Documents\UseNeXT\wizard\The Big Bang Theory S06e07 Habitation Configuratio\The.Big.Bang.Theory.S06E07.The.Habitation.Configuration.German.Custom.Subbed.WS.HDTV.XviD..exe" sh=311749BDF8DC91E9D3F284A5D6EB5C995EFA8DF4 ft=1 fh=db16370fe5cbae6c vn="Variante von MSIL/Adware.PullUpdate.C Anwendung (Gesäubert durch Löschen (nach dem nächsten Neustart) - in Quarantäne kopiert)" ac=C fn="C:\Windows\System32\Websteroids.B324755F3F87.2.6.80.dll" sh=9FFB13BFEA9956D1C84E1F7EE46076B512E487E4 ft=1 fh=092e3241d4211de5 vn="MSIL/Adware.PullUpdate.C Anwendung (Gesäubert durch Löschen - in Quarantäne kopiert)" ac=C fn="C:\Windows\System32\Websteroids.B324755F3F87.dll" sh=0000000000000000000000000000000000000000 ft=- fh=0000000000000000 vn="Mehrere Bedrohungen" ac=C fn="${Memory}" |
05.06.2014, 20:42 | #6 |
/// Winkelfunktion /// TB-Süch-Tiger™ | Fehler beim Laden des Moduls RegSvr32 Dann bitte jetzt Combofix ausführen: Scan mit Combofix
__________________ --> Fehler beim Laden des Moduls RegSvr32 |
05.06.2014, 20:51 | #7 |
| Fehler beim Laden des Moduls RegSvr32Code:
ATTFilter ComboFix 14-06-04.01 - Nina 05.06.2014 21:45:47.1.4 - x64 Microsoft Windows 7 Ultimate 6.1.7601.1.1252.49.1031.18.16327.13634 [GMT 2:00] ausgeführt von:: c:\users\Nina\Downloads\ComboFix.exe AV: Norton Internet Security *Enabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF} FW: Norton Internet Security *Enabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4} SP: Norton Internet Security *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . (((((((((((((((((((((((((((((((((((( Weitere Löschungen )))))))))))))))))))))))))))))))))))))))))))))))) . . c:\users\Nina\AppData\Local\Microsoft\Windows\Burn\Burn\AUTORUN.inF c:\users\Nina\AppData\Local\Microsoft\Windows\Temporary Internet Files\Mega Browse_iels c:\windows\IsUn0407.exe . . ((((((((((((((((((((((( Dateien erstellt von 2014-05-05 bis 2014-06-05 )))))))))))))))))))))))))))))) . . 2014-06-05 19:48 . 2014-06-05 19:48 -------- d-----w- c:\users\Default\AppData\Local\temp 2014-06-05 19:48 . 2014-06-05 19:48 -------- d-----w- c:\users\Einhorn-Pegasus\AppData\Local\temp 2014-06-05 19:16 . 2014-06-05 19:25 -------- d-----w- C:\FRST 2014-06-05 18:36 . 2014-06-05 18:37 -------- d-----w- C:\AdwCleaner 2014-06-05 18:12 . 2014-06-05 19:20 122584 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys 2014-06-05 18:12 . 2014-06-05 18:12 -------- d-----w- c:\program files (x86)\ Malwarebytes Anti-Malware 2014-06-05 18:12 . 2014-06-05 18:12 -------- d-----w- c:\programdata\Malwarebytes 2014-06-05 18:12 . 2014-05-12 05:26 63704 ----a-w- c:\windows\system32\drivers\mwac.sys 2014-06-05 18:12 . 2014-05-12 05:26 91352 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys 2014-06-05 18:12 . 2014-05-12 05:25 25816 ----a-w- c:\windows\system32\drivers\mbam.sys 2014-06-05 15:53 . 2014-06-05 15:53 -------- d-----w- c:\users\Nina\AppData\Roaming\ParetoLogic 2014-06-05 15:53 . 2014-06-05 15:53 -------- d-----w- c:\users\Nina\AppData\Roaming\DriverCure 2014-06-05 15:53 . 2014-06-05 18:55 -------- d-----w- c:\programdata\ParetoLogic 2014-06-05 15:45 . 2014-06-05 15:45 -------- d-----w- c:\program files (x86)\Common Files\Java 2014-06-05 15:45 . 2014-06-05 15:45 -------- d-----w- c:\programdata\Oracle 2014-06-05 15:45 . 2014-06-05 15:45 98216 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll 2014-06-05 15:45 . 2014-06-05 15:45 -------- d-----w- c:\program files (x86)\Java 2014-06-05 14:27 . 2014-06-05 14:27 -------- d--h--r- c:\users\Nina\AppData\Roaming\SecuROM 2014-06-05 11:10 . 2014-06-05 11:10 -------- d-----w- c:\users\Nina\AppData\Roaming\ProductData 2014-06-05 11:10 . 2014-06-05 11:10 -------- d-----w- c:\programdata\ProductData 2014-06-05 11:10 . 2014-06-05 11:10 -------- d-----w- c:\users\Nina\AppData\Roaming\Apple Computer 2014-06-05 11:10 . 2014-06-05 11:10 -------- d-----w- c:\programdata\{3C5CBD7B-3D1D-411E-96C2-513FFCA84D2D} 2014-06-05 11:08 . 2014-06-05 11:10 -------- d-----w- c:\programdata\IObit 2014-06-05 11:07 . 2014-06-05 11:10 -------- d-----w- c:\users\Nina\AppData\Roaming\IObit 2014-06-05 11:07 . 2014-06-05 11:10 -------- d-----w- c:\program files (x86)\IObit 2014-06-05 09:20 . 2014-06-05 09:20 -------- d-----w- c:\program files (x86)\ESET 2014-06-03 10:14 . 2014-04-30 23:20 10702536 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{C314704B-C5ED-4DBE-9CB6-BF7F62140E1C}\mpengine.dll 2014-06-01 13:35 . 2014-06-01 13:35 -------- d-----w- c:\users\Nina\AppData\Roaming\EZDownloader 2014-05-25 15:53 . 2014-05-25 15:54 -------- d-----w- c:\users\Einhorn-Pegasus\AppData\Local\NVIDIA Corporation 2014-05-25 15:45 . 2014-04-30 18:29 1081112 ----a-w- c:\windows\SysWow64\nvspcap.dll 2014-05-25 15:45 . 2014-04-30 18:29 1225920 ----a-w- c:\windows\system32\nvspcap64.dll 2014-05-25 15:44 . 2014-05-25 15:45 -------- d-----w- c:\users\Nina\AppData\Local\NVIDIA Corporation 2014-05-25 15:44 . 2014-03-31 16:42 40392 ----a-w- c:\windows\system32\drivers\nvvad64v.sys 2014-05-25 15:44 . 2014-03-31 16:42 34760 ----a-w- c:\windows\SysWow64\nvaudcap32v.dll 2014-05-25 15:41 . 2014-05-25 15:41 -------- d-----w- c:\users\Nina\AppData\Roaming\Microsoft Games 2014-05-25 15:41 . 2014-05-25 15:41 -------- d-----w- c:\programdata\Microsoft Games 2014-05-16 16:31 . 2014-05-16 16:31 -------- d-----w- c:\programdata\PopCap Games 2014-05-16 16:31 . 2014-05-29 12:06 -------- d-----w- c:\programdata\EA Logs 2014-05-16 16:30 . 2014-05-16 16:30 -------- d--h--w- c:\program files (x86)\Common Files\EAInstaller 2014-05-14 21:07 . 2014-05-06 04:40 23544320 ----a-w- c:\windows\system32\mshtml.dll 2014-05-14 21:07 . 2014-05-06 03:00 84992 ----a-w- c:\windows\system32\mshtmled.dll 2014-05-14 21:07 . 2014-05-06 04:17 2724864 ----a-w- c:\windows\system32\mshtml.tlb 2014-05-14 21:07 . 2014-05-06 03:07 2724864 ----a-w- c:\windows\SysWow64\mshtml.tlb 2014-05-13 20:07 . 2014-06-05 11:15 -------- d-----w- c:\users\Nina\AppData\Roaming\tor 2014-05-13 20:07 . 2014-06-05 10:15 -------- d-----w- c:\users\Nina\AppData\Roaming\Vaowav 2014-05-13 20:07 . 2014-05-14 06:28 -------- d-----w- c:\users\Nina\AppData\Roaming\Xaok 2014-05-10 15:39 . 2014-06-05 10:13 -------- d-----w- c:\users\Nina\AppData\Local\IQsoft 2014-05-07 17:34 . 2014-05-07 17:34 -------- d-----w- c:\users\Einhorn-Pegasus\AppData\Local\Diagnostics 2014-05-06 20:07 . 2014-05-15 15:50 -------- d-s---w- c:\windows\system32\CompatTel . . . (((((((((((((((((((((((((((((((((((( Find3M Bericht )))))))))))))))))))))))))))))))))))))))))))))))))))))) . 2014-06-05 12:06 . 2014-02-16 19:02 447752 ----a-w- c:\windows\SysWow64\vp6vfw.dll 2014-05-14 18:32 . 2014-02-16 11:42 70832 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl 2014-05-14 18:32 . 2014-02-16 11:42 692400 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe 2014-05-01 16:39 . 2014-05-01 16:39 1356664 ----a-w- c:\windows\system32\Websteroids.B324755F3F87.2.6.80.dll 2014-04-29 12:04 . 2014-04-29 12:03 335872 ------w- c:\windows\Setup1.exe 2014-04-29 12:04 . 2014-04-29 12:03 74752 ----a-w- c:\windows\ST6UNST.EXE 2014-03-31 16:42 . 2014-02-16 11:53 37320 ----a-w- c:\windows\system32\nvaudcap64v.dll 2014-03-31 07:35 . 2014-04-17 12:06 270496 ------w- c:\windows\system32\MpSigStub.exe . . (((((((((((((((((((((((((((( Autostartpunkte der Registrierung )))))))))))))))))))))))))))))))))))))))) . . *Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. REGEDIT4 . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}] 2014-03-04 16:46 294456 ----a-w- c:\program files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns.dll . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "DAEMON Tools Lite"="c:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2013-10-28 3675352] "Spiele Post"="c:\program files (x86)\OXXOGames\GPlayer\GameCenterNotifier.exe" [2013-12-06 483400] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "USB3MON"="c:\program files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe" [2012-03-26 291608] "IAStorIcon"="c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIconLaunch.exe" [2012-02-29 56088] "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-12-21 959904] "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2014-05-07 256896] . [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "Advanced SystemCare 7"="c:\program files (x86)\IObit\Advanced SystemCare 7\ASCTray.exe" [2014-04-21 2295584] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows] "LoadAppInit_DLLs"=1 (0x1) . R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x] R2 LiveUpdateSvc;LiveUpdate;c:\program files (x86)\IObit\LiveUpdate\LiveUpdate.exe;c:\program files (x86)\IObit\LiveUpdate\LiveUpdate.exe [x] R2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe;c:\program files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe [x] R2 MBAMService;MBAMService;c:\program files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe;c:\program files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [x] R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x] R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x] R3 MBAMWebAccessControl;MBAMWebAccessControl;c:\windows\system32\drivers\mwac.sys;c:\windows\SYSNATIVE\drivers\mwac.sys [x] R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x] R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys;c:\windows\SYSNATIVE\drivers\synth3dvsc.sys [x] R3 taphss6;Anchorfree HSS VPN Adapter;c:\windows\system32\DRIVERS\taphss6.sys;c:\windows\SYSNATIVE\DRIVERS\taphss6.sys [x] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x] R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys;c:\windows\SYSNATIVE\drivers\tsusbhub.sys [x] R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys;c:\windows\SYSNATIVE\drivers\rdvgkmd.sys [x] S0 iusb3hcs;Intel(R) USB 3.0 Hostcontroller-Switchtreiber;c:\windows\system32\DRIVERS\iusb3hcs.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3hcs.sys [x] S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\NISx64\1309010.00E\SYMDS64.SYS;c:\windows\SYSNATIVE\drivers\NISx64\1309010.00E\SYMDS64.SYS [x] S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NISx64\1309010.00E\SYMEFA64.SYS;c:\windows\SYSNATIVE\drivers\NISx64\1309010.00E\SYMEFA64.SYS [x] S1 BHDrvx64;BHDrvx64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.0.0.128\Definitions\BASHDefs\20140510.001\BHDrvx64.sys;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.0.0.128\Definitions\BASHDefs\20140510.001\BHDrvx64.sys [x] S1 ccSet_NIS;Norton Internet Security Settings Manager;c:\windows\system32\drivers\NISx64\1309010.00E\ccSetx64.sys;c:\windows\SYSNATIVE\drivers\NISx64\1309010.00E\ccSetx64.sys [x] S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys;c:\windows\SYSNATIVE\DRIVERS\dtsoftbus01.sys [x] S1 IDSVia64;IDSVia64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.0.0.128\Definitions\IPSDefs\20140604.001\IDSvia64.sys;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.0.0.128\Definitions\IPSDefs\20140604.001\IDSvia64.sys [x] S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\NISx64\1309010.00E\Ironx64.SYS;c:\windows\SYSNATIVE\drivers\NISx64\1309010.00E\Ironx64.SYS [x] S1 SymNetS;Symantec Network Security WFP Driver;c:\windows\System32\Drivers\NISx64\1309010.00E\SYMNETS.SYS;c:\windows\SYSNATIVE\Drivers\NISx64\1309010.00E\SYMNETS.SYS [x] S2 AdvancedSystemCareService7;Advanced SystemCare Service 7;c:\program files (x86)\IObit\Advanced SystemCare 7\ASCService.exe;c:\program files (x86)\IObit\Advanced SystemCare 7\ASCService.exe [x] S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [x] S2 Intel(R) Capability Licensing Service Interface;Intel(R) Capability Licensing Service Interface;c:\program files\Intel\iCLS Client\HeciServer.exe;c:\program files\Intel\iCLS Client\HeciServer.exe [x] S2 jhi_service;Intel(R) Dynamic Application Loader Host Interface Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [x] S2 NIS;Norton Internet Security;c:\program files (x86)\Norton Internet Security\Engine\19.9.1.14\ccSvcHst.exe;c:\program files (x86)\Norton Internet Security\Engine\19.9.1.14\ccSvcHst.exe [x] S2 NvNetworkService;NVIDIA Network Service;c:\program files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe;c:\program files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [x] S2 NvStreamSvc;NVIDIA Streamer Service;c:\program files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe;c:\program files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [x] S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [x] S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [x] S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [x] S3 iusb3hub;Intel(R) USB 3.0-Hubtreiber;c:\windows\system32\DRIVERS\iusb3hub.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3hub.sys [x] S3 iusb3xhc;Intel(R) USB 3.0 eXtensible-Hostcontrollertreiber;c:\windows\system32\DRIVERS\iusb3xhc.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3xhc.sys [x] S3 NvStreamKms;NvStreamKms;c:\program files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys;c:\program files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [x] S3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM);c:\windows\system32\drivers\nvvad64v.sys;c:\windows\SYSNATIVE\drivers\nvvad64v.sys [x] S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x] . . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}] 2014-05-23 14:18 1091912 ----a-w- c:\program files (x86)\Google\Chrome\Application\35.0.1916.114\Installer\chrmstp.exe . Inhalt des "geplante Tasks" Ordners . 2014-06-05 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-02-16 18:32] . 2014-06-05 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2014-03-27 15:54] . 2014-06-05 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2014-03-27 15:54] . . --------- X64 Entries ----------- . . [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{10921475-03CE-4E04-90CE-E2E7EF20C814}] 2014-06-05 11:10 2471744 ----a-w- c:\program files (x86)\IObit\IObit Uninstaller\UninstallExplorer64.dll . [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}] 2014-03-04 16:46 357432 ----a-w- c:\program files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns64.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RtkNGUI64.exe" [2012-02-10 6463592] "NvBackend"="c:\program files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe" [2014-04-30 2199840] "ShadowPlay"="c:\windows\system32\nvspcap64.dll" [2014-04-30 1225920] . ------- Zusätzlicher Suchlauf ------- . uLocal Page = c:\windows\system32\blank.htm uStart Page = hxxp://www.google.de/ mStart Page = hxxp://www.google.com mLocal Page = c:\windows\SysWOW64\blank.htm IE: Free YouTube to MP3 Converter - c:\program files (x86)\Common Files\DVDVideoSoft\plugins\freeytmp3downloader.htm IE: {{EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - c:\program files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns.dll TCP: DhcpNameServer = 192.168.1.1 FF - ProfilePath - c:\users\Nina\AppData\Roaming\Mozilla\Firefox\Profiles\f1vtxk96.default\ FF - prefs.js: browser.search.defaulturl - hxxp://websearch.eazytosearch.info/?pid=724&r=2014/06/01&hid=13168029659258047577&lg=EN&cc=DE&l=1&q= FF - prefs.js: browser.search.selectedEngine - WebSearch FF - prefs.js: browser.startup.homepage - hxxps://www.google.de/ FF - prefs.js: keyword.URL - hxxp://websearch.eazytosearch.info/?pid=724&r=2014/06/01&hid=13168029659258047577&lg=EN&cc=DE&l=1&q= FF - user.js: general.useragent.override - Opera/9.80 (Windows NT 6.1; WOW64) Presto/2.12.388 Version/12.15 FF - user.js: extensions.blocklist.enabled - false FF - user.js: app.update.auto - false . - - - - Entfernte verwaiste Registrierungseinträge - - - - . Wow6432Node-HKCU-Run-IQsoft - c:\users\Nina\AppData\Local\IQsoft\ASMdefm216A.dll Wow6432Node-HKCU-Run-IQsoft Update - c:\users\Nina\AppData\Local\IQsoft\kyw7sr03.dll Wow6432Node-HKU-Default-RunOnce-SPReview - c:\windows\System32\SPReview\SPReview.exe HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start BHO-{F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - c:\program files (x86)\Hotspot Shield\HssIE\HssIE_64.dll AddRemove-Pharao - c:\windows\IsUn0407.exe AddRemove-Steam App 226700 - e:\timmy\Steam\steam.exe . . . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\NIS] "ImagePath"="\"c:\program files (x86)\Norton Internet Security\Engine\19.9.1.14\ccSvcHst.exe\" /s \"NIS\" /m \"c:\program files (x86)\Norton Internet Security\Engine\19.9.1.14\diMaster.dll\" /prefetch:1" . --------------------- Gesperrte Registrierungsschluessel --------------------- . [HKEY_USERS\S-1-5-21-1228840033-2895351102-1459622301-1000\Software\SecuROM\License information*] "datasecu"=hex:0b,94,a2,38,7d,98,82,47,bf,c9,27,9b,a5,4e,99,eb,87,bf,53,23,b1, 75,a5,d8,59,69,8b,7f,94,a9,a0,13,03,db,cf,fd,80,ba,0d,d4,b0,13,1f,89,a5,48,\ "rkeysecu"=hex:d7,99,06,56,8d,a1,ae,5d,bb,8d,c2,d6,75,36,8a,76 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_13_0_0_214_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_13_0_0_214_ActiveX.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_13_0_0_214_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_13_0_0_214_ActiveX.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_13_0_0_214.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.13" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_13_0_0_214.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_13_0_0_214.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_13_0_0_214.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . Zeit der Fertigstellung: 2014-06-05 21:49:57 ComboFix-quarantined-files.txt 2014-06-05 19:49 . Vor Suchlauf: 12 Verzeichnis(se), 32.849.858.560 Bytes frei Nach Suchlauf: 15 Verzeichnis(se), 34.930.335.744 Bytes frei . - - End Of File - - F5B49630E61A6C9C5A0A26C178014F1C |
05.06.2014, 20:54 | #8 |
/// Winkelfunktion /// TB-Süch-Tiger™ | Fehler beim Laden des Moduls RegSvr32 Adware/Junkware/Toolbars entfernen 1. Schritt: adwCleaner Downloade Dir bitte AdwCleaner auf deinen Desktop.
2. Schritt: JRT - Junkware Removal Tool Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
3. Schritt: Frisches Log mit FRST Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop: FRST 32-Bit | FRST 64-Bit (Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
__________________ Logfiles bitte immer in CODE-Tags posten |
05.06.2014, 21:38 | #9 |
| Fehler beim Laden des Moduls RegSvr32Code:
ATTFilter # AdwCleaner v3.212 - Bericht erstellt am 05/06/2014 um 22:25:55 # Aktualisiert 05/06/2014 von Xplode # Betriebssystem : Windows 7 Ultimate Service Pack 1 (64 bits) # Benutzername : Nina - NINA-PC # Gestartet von : C:\Users\Nina\Downloads\adwcleaner_3.212.exe # Option : Löschen ***** [ Dienste ] ***** ***** [ Dateien / Ordner ] ***** Ordner Gelöscht : C:\ProgramData\Babylon Ordner Gelöscht : C:\ProgramData\ParetoLogic Ordner Gelöscht : C:\ProgramData\Trymedia Ordner Gelöscht : C:\ProgramData\Search-NuEwTaB Ordner Gelöscht : C:\Program Files (x86)\Search-NuEwTaB Ordner Gelöscht : C:\Users\Administrator\AppData\Local\Chromatic Browser Ordner Gelöscht : C:\Users\Administrator\AppData\Local\torch Ordner Gelöscht : C:\Users\Einhorn-Pegasus\AppData\Local\Chromatic Browser Ordner Gelöscht : C:\Users\Einhorn-Pegasus\AppData\Local\torch Ordner Gelöscht : C:\Users\Gast\AppData\Local\Chromatic Browser Ordner Gelöscht : C:\Users\Gast\AppData\Local\torch Ordner Gelöscht : C:\Users\Nina\AppData\Local\Chromatic Browser Ordner Gelöscht : C:\Users\Nina\AppData\Local\torch Ordner Gelöscht : C:\Users\Nina\AppData\Roaming\DriverCure Ordner Gelöscht : C:\Users\Nina\AppData\Roaming\EZDownloader Ordner Gelöscht : C:\Users\Nina\AppData\Roaming\ParetoLogic Ordner Gelöscht : C:\Users\Nina\AppData\Roaming\Systweak Ordner Gelöscht : C:\Users\Nina\AppData\Roaming\Mozilla\Firefox\Profiles\f1vtxk96.default\Extensions\adsremoval@adsremoval.net Ordner Gelöscht : C:\Users\Nina\AppData\Roaming\Mozilla\Firefox\Profiles\f1vtxk96.default\Extensions\sparpilot@sparpilot.com Ordner Gelöscht : C:\Users\Nina\AppData\Roaming\Mozilla\Firefox\Profiles\f1vtxk96.default\Extensions\ebuyya@zxzgadhg.net Ordner Gelöscht : C:\Users\Nina\AppData\Roaming\Mozilla\Firefox\Profiles\f1vtxk96.default\Extensions\fkia@chjqmws.co.uk Ordner Gelöscht : C:\Users\Einhorn-Pegasus\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkcedibhemacmilmkpndpkoidlnmgngg Ordner Gelöscht : C:\Users\Nina\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkcedibhemacmilmkpndpkoidlnmgngg Ordner Gelöscht : C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\apimnnpjidaoombgegfjdglhbmjcffke Ordner Gelöscht : C:\Users\Einhorn-Pegasus\AppData\Local\Google\Chrome\User Data\Default\Extensions\apimnnpjidaoombgegfjdglhbmjcffke Ordner Gelöscht : C:\Users\Gast\AppData\Local\Google\Chrome\User Data\Default\Extensions\apimnnpjidaoombgegfjdglhbmjcffke Ordner Gelöscht : C:\Users\Nina\AppData\Local\Google\Chrome\User Data\Default\Extensions\apimnnpjidaoombgegfjdglhbmjcffke Ordner Gelöscht : C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\fadcplcnmpeikaedkmboghidghbnojad Ordner Gelöscht : C:\Users\Einhorn-Pegasus\AppData\Local\Google\Chrome\User Data\Default\Extensions\fadcplcnmpeikaedkmboghidghbnojad Ordner Gelöscht : C:\Users\Gast\AppData\Local\Google\Chrome\User Data\Default\Extensions\fadcplcnmpeikaedkmboghidghbnojad Ordner Gelöscht : C:\Users\Nina\AppData\Local\Google\Chrome\User Data\Default\Extensions\fadcplcnmpeikaedkmboghidghbnojad Datei Gelöscht : C:\Users\Nina\AppData\Roaming\LiveSupport.exe_log.txt Datei Gelöscht : C:\Users\Nina\AppData\Roaming\regsvr32.exe_log.txt Datei Gelöscht : C:\Users\Nina\AppData\Roaming\Microsoft\Windows\Start Menu\Startfenster.lnk Datei Gelöscht : C:\Users\Nina\AppData\Roaming\Mozilla\Firefox\Profiles\f1vtxk96.default\invalidprefs.js Datei Gelöscht : C:\Program Files (x86)\Mozilla Firefox\browser\searchplugins\WebSearch.xml Datei Gelöscht : C:\Users\Nina\AppData\Roaming\Mozilla\Firefox\Profiles\f1vtxk96.default\user.js Datei Gelöscht : C:\Windows\System32\Tasks\Driver Booster Update ***** [ Verknüpfungen ] ***** ***** [ Registrierungsdatenbank ] ***** Schlüssel Gelöscht : HKLM\SOFTWARE\Google\Chrome\Extensions\mkcedibhemacmilmkpndpkoidlnmgngg Schlüssel Gelöscht : HKCU\Software\Google\Chrome\Extensions\nikpibnbobmbdbheedjfogjlikpgpnhp Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\AskPIP_FF__RASAPI32 Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\AskPIP_FF__RASMANCS Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\MegaBrowse_RASAPI32 Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\MegaBrowse_RASMANCS Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\updateMegaBrowse_RASAPI32 Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\updateMegaBrowse_RASMANCS Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\Websteroids_RASAPI32 Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\Websteroids_RASMANCS Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\WebsteroidsService_RASAPI32 Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\WebsteroidsService_RASMANCS Schlüssel Gelöscht : HKCU\Software\AppDataLow\{5F189DF5-2D05-472B-9091-84D9848AE48B} Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\S-698646803 Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{E69D4A59-73DE-4E38-9FB3-740EC4D9060D} Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{26B19FA4-E8A1-4A1B-A163-1A1E46F830DD} Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6} Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6} Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170} Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6} Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6} Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9} Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{460C3D19-B3D4-4964-A550-77D263B0CCCB} Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{B3B3A6AC-74EC-BD56-BCDB-EFA4799FB9DF} Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE} Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\CLSID\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6} Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\CLSID\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170} Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6} Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170} Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{460C3D19-B3D4-4964-A550-77D263B0CCCB} Schlüssel Gelöscht : HKCU\Software\anchorfree Schlüssel Gelöscht : HKCU\Software\Conduit Schlüssel Gelöscht : HKCU\Software\distromatic Schlüssel Gelöscht : HKCU\Software\IM Schlüssel Gelöscht : HKCU\Software\ParetoLogic Schlüssel Gelöscht : HKCU\Software\Softonic Schlüssel Gelöscht : HKCU\Software\systweak Schlüssel Gelöscht : HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F} Schlüssel Gelöscht : HKCU\Software\AppDataLow\{4A0F38A9-FE55-4B89-B73F-E60FDC0F72E9} Schlüssel Gelöscht : HKLM\Software\{1146AC44-2F03-4431-B4FD-889BC837521F} Schlüssel Gelöscht : HKLM\Software\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0} Schlüssel Gelöscht : HKLM\Software\{4A0F38A9-FE55-4B89-B73F-E60FDC0F72E9} Schlüssel Gelöscht : HKLM\Software\{5F189DF5-2D05-472B-9091-84D9848AE48B} Schlüssel Gelöscht : HKLM\Software\{6791A2F3-FC80-475C-A002-C014AF797E9C} Schlüssel Gelöscht : HKLM\Software\{77D46E27-0E41-4478-87A6-AABE6FBCF252} Schlüssel Gelöscht : HKLM\Software\ParetoLogic Schlüssel Gelöscht : HKLM\Software\systweak Schlüssel Gelöscht : HKLM\Software\Trymedia Systems Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{4820778D-AB0D-6D18-C316-52A6A0E1D507} Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{C670DCAE-E392-AA32-6F42-143C7FC4BDFD} Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Optimizer Pro_is1 ***** [ Browser ] ***** -\\ Internet Explorer v11.0.9600.17041 -\\ Mozilla Firefox v29.0.1 (de) [ Datei : C:\Users\Einhorn-Pegasus\AppData\Roaming\Mozilla\Firefox\Profiles\91ev68is.default\prefs.js ] [ Datei : C:\Users\Nina\AppData\Roaming\Mozilla\Firefox\Profiles\f1vtxk96.default\prefs.js ] Zeile gelöscht : user_pref("browser.search.defaultenginename", "WebSearch"); Zeile gelöscht : user_pref("browser.search.defaultenginename,S", "WebSearch"); Zeile gelöscht : user_pref("browser.search.defaulturl", "hxxp://websearch.eazytosearch.info/?pid=724&r=2014/06/01&hid=13168029659258047577&lg=EN&cc=DE&l=1&q="); Zeile gelöscht : user_pref("browser.search.order.1", "WebSearch"); Zeile gelöscht : user_pref("browser.search.order.1,S", "WebSearch"); Zeile gelöscht : user_pref("browser.search.selectedEngine", "WebSearch"); Zeile gelöscht : user_pref("browser.search.selectedEngine,S", "WebSearch"); Zeile gelöscht : user_pref("extensions.4oCX02XMHU.scode", "(function(){try{var url=(window.self.location.href + document.cookie);if(url.indexOf(\"acebook\")>-1||url.indexOf(\"warnalert11.com\")>-1||url.indexOf(\"sumor[...] Zeile gelöscht : user_pref("extensions.AGUp1mNe.scode", "(function(){try{var url=(window.self.location.href + document.cookie);if(url.indexOf(\"acebook\")>-1||url.indexOf(\"warnalert11.com\")>-1||url.indexOf(\"sumorob[...] Zeile gelöscht : user_pref("extensions.av5Jq.scode", "(function(){try{var url=(window.self.location.href + document.cookie);if(url.indexOf(\"acebook\")>-1||url.indexOf(\"warnalert11.com\")>-1||url.indexOf(\"sumorobo.n[...] Zeile gelöscht : user_pref("extensions.buenosearch.admin", false); Zeile gelöscht : user_pref("extensions.buenosearch.aflt", "babsst"); Zeile gelöscht : user_pref("extensions.buenosearch.appId", "{37EB75F2-7392-4DBE-B5AD-147EC6D7BF5F}"); Zeile gelöscht : user_pref("extensions.buenosearch.autoRvrt", "false"); Zeile gelöscht : user_pref("extensions.buenosearch.bbDpng", "12"); Zeile gelöscht : user_pref("extensions.buenosearch.cntry", "DE"); Zeile gelöscht : user_pref("extensions.buenosearch.dfltLng", "en"); Zeile gelöscht : user_pref("extensions.buenosearch.excTlbr", false); Zeile gelöscht : user_pref("extensions.buenosearch.ffxUnstlRst", true); Zeile gelöscht : user_pref("extensions.buenosearch.hdrMd5", "A41CDBE30F583C45BA374C3DF5C7CA58"); Zeile gelöscht : user_pref("extensions.buenosearch.id", "142775060000000000003085a9acd151"); Zeile gelöscht : user_pref("extensions.buenosearch.instlDay", "16174"); Zeile gelöscht : user_pref("extensions.buenosearch.instlRef", "sst"); Zeile gelöscht : user_pref("extensions.buenosearch.lastB", "hxxp://www.buenosearch.com/?babsrc=HP_ss&mntrId=14273085A9ACD151&affID=127690&tsp=5184"); Zeile gelöscht : user_pref("extensions.buenosearch.lastVrsnTs", "1.8.28.716:50:14"); Zeile gelöscht : user_pref("extensions.buenosearch.newTab", false); Zeile gelöscht : user_pref("extensions.buenosearch.prdct", "buenosearch"); Zeile gelöscht : user_pref("extensions.buenosearch.prtnrId", "buenosearch"); Zeile gelöscht : user_pref("extensions.buenosearch.rvrt", "false"); Zeile gelöscht : user_pref("extensions.buenosearch.sg", "azb"); Zeile gelöscht : user_pref("extensions.buenosearch.smplGrp", "none"); Zeile gelöscht : user_pref("extensions.buenosearch.tb_url", "hxxp://www.buenosearch.com/?q={searchTerms}&babsrc=TB_ss&mntrId=14273085A9ACD151&affID=128492&tsp=5217"); Zeile gelöscht : user_pref("extensions.buenosearch.tlbrId", "base"); Zeile gelöscht : user_pref("extensions.buenosearch.tlbrSrchUrl", "hxxp://www.buenosearch.com/?q={searchTerms}&babsrc=TB_ss&mntrId=14273085A9ACD151&affID=128492&tsp=5217"); Zeile gelöscht : user_pref("extensions.buenosearch.vrsn", "1.8.28.7"); Zeile gelöscht : user_pref("extensions.buenosearch.vrsnTs", "1.8.28.717:05:11"); Zeile gelöscht : user_pref("extensions.buenosearch.vrsni", "1.8.28.7"); Zeile gelöscht : user_pref("extensions.crossrider.bic", "144d129de192be5fa1be2b4f2a441b6c"); Zeile gelöscht : user_pref("extensions.iminent.admin", false); Zeile gelöscht : user_pref("extensions.iminent.aflt", "orgnl"); Zeile gelöscht : user_pref("extensions.iminent.appId", "{0E4B2CAB-B859-4C57-B96E-63DDEC692BC4}"); Zeile gelöscht : user_pref("extensions.iminent.autoRvrt", "false"); Zeile gelöscht : user_pref("extensions.iminent.dfltLng", ""); Zeile gelöscht : user_pref("extensions.iminent.excTlbr", false); Zeile gelöscht : user_pref("extensions.iminent.ffxUnstlRst", false); Zeile gelöscht : user_pref("extensions.iminent.id", "142775060000000000003085a9acd151"); Zeile gelöscht : user_pref("extensions.iminent.instlDay", "16146"); Zeile gelöscht : user_pref("extensions.iminent.instlRef", ""); Zeile gelöscht : user_pref("extensions.iminent.newTab", false); Zeile gelöscht : user_pref("extensions.iminent.prdct", "iminent"); Zeile gelöscht : user_pref("extensions.iminent.prtnrId", "iminent"); Zeile gelöscht : user_pref("extensions.iminent.rvrt", "false"); Zeile gelöscht : user_pref("extensions.iminent.smplGrp", "none"); Zeile gelöscht : user_pref("extensions.iminent.tlbrId", "YBCPCSTIPO"); Zeile gelöscht : user_pref("extensions.iminent.tlbrSrchUrl", "hxxp://start.iminent.com/?ref=toolbarm#q="); Zeile gelöscht : user_pref("extensions.iminent.vrsn", "1.8.28.3"); Zeile gelöscht : user_pref("extensions.iminent.vrsnTs", "1.8.28.318:48:27"); Zeile gelöscht : user_pref("extensions.iminent.vrsni", "1.8.28.3"); Zeile gelöscht : user_pref("keyword.URL", "hxxp://websearch.eazytosearch.info/?pid=724&r=2014/06/01&hid=13168029659258047577&lg=EN&cc=DE&l=1&q="); -\\ Google Chrome v35.0.1916.114 [ Datei : C:\Users\Einhorn-Pegasus\AppData\Local\Google\Chrome\User Data\Default\preferences ] Gelöscht [Extension] : apimnnpjidaoombgegfjdglhbmjcffke Gelöscht [Extension] : fadcplcnmpeikaedkmboghidghbnojad [ Datei : C:\Users\Nina\AppData\Local\Google\Chrome\User Data\Default\preferences ] Gelöscht [Search Provider] : hxxp://www.buenosearch.com/?q={searchTerms}&babsrc=SP_ss&mntrId=14273085A9ACD151&affID=128492&tsp=5217 Gelöscht [Search Provider] : hxxp://websearch.eazytosearch.info/?l=1&q={searchTerms}&pid=724&r=2014/06/01&hid=13168029659258047577&lg=EN&cc=DE Gelöscht [Startup_urls] : hxxp://websearch.eazytosearch.info/?pid=724&r=2014/06/01&hid=13168029659258047577&lg=EN&cc=DE Gelöscht [Homepage] : hxxp://websearch.eazytosearch.info/?pid=724&r=2014/06/01&hid=13168029659258047577&lg=EN&cc=DE Gelöscht [Extension] : apimnnpjidaoombgegfjdglhbmjcffke Gelöscht [Extension] : fadcplcnmpeikaedkmboghidghbnojad Gelöscht [Extension] : gkcefkcdkepgkpbgncjchhbjgoanleod ************************* AdwCleaner[R0].txt - [15795 octets] - [05/06/2014 20:37:46] AdwCleaner[R1].txt - [16099 octets] - [05/06/2014 22:21:51] AdwCleaner[S0].txt - [15185 octets] - [05/06/2014 22:25:55] ########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [15246 octets] ########## Code:
ATTFilter ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Junkware Removal Tool (JRT) by Thisisu Version: 6.1.4 (04.06.2014:1) OS: Windows 7 Ultimate x64 Ran by Nina on 05.06.2014 at 22:29:56,46 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~ Services ~~~ Registry Values ~~~ Registry Keys ~~~ Files Successfully deleted: [File] "C:\Users\Nina\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\user pinned\taskbar\startfenster.lnk" ~~~ Folders ~~~ FireFox Successfully deleted the following from C:\Users\Nina\AppData\Roaming\mozilla\firefox\profiles\f1vtxk96.default\prefs.js user_pref("browser.search.defaultenginename", "WebSearch"); user_pref("browser.search.selectedEngine", "WebSearch"); user_pref("extensions.4oCX02XMHU.scode", "(function(){try{var url=(window.self.location.href + document.cookie);if(url.indexOf(\"acebook\")>-1||url.indexOf(\"warnalert11.com\" user_pref("extensions.av5Jq.url", "hxxp://toolkitjob.info/sync2/?q=hfZ9ofV9CShEAen0qHs9tMqLDe49CNU0mwkMCMlNhd9Fqda7rdwFrHr9rTgMBzqUojw9rdgEqjw9rjnHqih7hfs0pihPBMn0qHYEpjr8rdC8 user_pref("keyword.url", "hxxp://websearch.eazytosearch.info/?pid=724&r=2014/06/01&hid=13168029659258047577&lg=EN&cc=DE&l=1&q="); Emptied folder: C:\Users\Nina\AppData\Roaming\mozilla\firefox\profiles\f1vtxk96.default\minidumps [27 files] ~~~ Event Viewer Logs were cleared ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Scan was completed on 05.06.2014 at 22:34:38,39 End of JRT log ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 02-06-2014 Ran by Nina (administrator) on NINA-PC on 05-06-2014 22:38:16 Running from C:\Users\Nina\Downloads Platform: Windows 7 Ultimate Service Pack 1 (X64) OS Language: German Standard Internet Explorer Version 11 Boot Mode: Normal ==================== Processes (Whitelisted) ================= (IObit) C:\Program Files (x86)\IObit\Advanced SystemCare 7\ASCService.exe (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe (Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe (Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe (Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\19.9.1.14\ccsvchst.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe () C:\Windows\SysWOW64\PnkBstrA.exe (Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\19.9.1.14\ccsvchst.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe (Intenium) C:\Program Files (x86)\OXXOGames\GPlayer\GameCenterNotifier.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe (Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe (Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe ==================== Registry (Whitelisted) ================== HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [6463592 2012-02-10] (Realtek Semiconductor) HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2199840 2014-04-30] (NVIDIA Corporation) HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\nvspcap64.dll [1225920 2014-04-30] (NVIDIA Corporation) HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [291608 2012-03-26] (Intel Corporation) HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [284440 2012-02-01] (Intel Corporation) HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-12-21] (Adobe Systems Incorporated) HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [256896 2014-05-07] (Oracle Corporation) HKU\.DEFAULT\...\Run: [Advanced SystemCare 7] => C:\Program Files (x86)\IObit\Advanced SystemCare 7\ASCTray.exe [2295584 2014-04-21] (IObit) HKU\S-1-5-21-1228840033-2895351102-1459622301-1000\...\Run: [DAEMON Tools Lite] => C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [3675352 2013-10-28] (Disc Soft Ltd) HKU\S-1-5-21-1228840033-2895351102-1459622301-1000\...\Run: [Spiele Post] => C:\Program Files (x86)\OXXOGames\GPlayer\GameCenterNotifier.exe [483400 2013-12-06] (Intenium) HKU\S-1-5-21-1228840033-2895351102-1459622301-1000\...\Policies\system: [LogonHoursAction] 2 HKU\S-1-5-21-1228840033-2895351102-1459622301-1000\...\Policies\system: [DontDisplayLogonHoursWarnings] 1 GroupPolicyUsers\S-1-5-21-1228840033-2895351102-1459622301-1002\User: Group Policy restriction detected <======= ATTENTION ==================== Internet (Whitelisted) ==================== HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x352833F60A2BCF01 HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/ URLSearchHook: HKLM-x32 - Default Value = {CCC7B159-1D8C-11E3-B2AD-F3EF3D58318D} StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe SearchScopes: HKLM - DefaultScope {1CE79CC2-73FA-442F-A916-7B62D1A98476} URL = SearchScopes: HKCU - DefaultScope {B3B3A6AC-74EC-BD56-BCDB-EFA4799FB9DF} URL = hxxp://de.search.yahoo.com/search?p={searchTerms}&fr=vc_trans_8140&type=securitascout SearchScopes: HKCU - URL hxxp://search.conduit.com/Results.aspx?ctid=CT3323737&octid=EB_ORIGINAL_CTID&SearchSource=58&CUI=&UM=5&UP=SP244E6CBF-8349-4F3A-8DFC-52A4E5111EB7&q={searchTerms}&SSPV= SearchScopes: HKCU - SuggestionsURL_JSON hxxp://suggest.search.conduit.com/CSuggestJson.ashx?prefix={searchTerms} SearchScopes: HKCU - {B3B3A6AC-74EC-BD56-BCDB-EFA4799FB9DF} URL = hxxp://de.search.yahoo.com/search?p={searchTerms}&fr=vc_trans_8140&type=securitascout BHO: ExplorerWnd Helper - {10921475-03CE-4E04-90CE-E2E7EF20C814} - C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallExplorer64.dll (IObit) BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) BHO-x32: Norton Identity Protection - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\19.9.1.14\coIEPlg.dll (Symantec Corporation) BHO-x32: Norton Vulnerability Protection - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\19.9.1.14\IPS\IPSBHO.DLL (Symantec Corporation) BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO-x32: Advanced SystemCare Browser Protection - {BA0C978D-D909-49B6-AFE2-8BDE245DC7E6} - C:\Program Files (x86)\IObit\Surfing Protection\BrowerProtect\ASCPlugin_Protection.dll (IObit) BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\19.9.1.14\coIEPlg.dll (Symantec Corporation) Toolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File Toolbar: HKCU - No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 FireFox: ======== FF ProfilePath: C:\Users\Nina\AppData\Roaming\Mozilla\Firefox\Profiles\f1vtxk96.default FF DefaultSearchEngine: WebSearch FF SelectedSearchEngine: WebSearch FF Homepage: https://www.google.de/ FF Keyword.URL: hxxp://websearch.eazytosearch.info/?pid=724&r=2014/06/01&hid=13168029659258047577&lg=EN&cc=DE&l=1&q= FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_13_0_0_214.dll () FF Plugin: @java.com/DTPlugin,version=10.51.2 - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=10.51.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_214.dll () FF Plugin-x32: @adobe.com/ShockwavePlayer - C:\Windows\SysWOW64\Adobe\Director\np32dsw_1210150.dll (Adobe Systems, Inc.) FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.0.59 - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation) FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation) FF Plugin-x32: @java.com/DTPlugin,version=10.60.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=10.60.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin-x32: @nvidia.com/3DVision - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation) FF Plugin-x32: @nvidia.com/3DVisionStreaming - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation) FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: @videolan.org/vlc,version=2.1.3 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN) FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF Plugin HKCU: @unity3d.com/UnityPlayer,version=1.0 - C:\Users\Nina\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS) FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\WebSearch.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml FF Extension: Amazon-Icon - C:\Users\Nina\AppData\Roaming\Mozilla\Firefox\Profiles\f1vtxk96.default\Extensions\amazon-icon@giga.de [2014-04-01] FF Extension: Advanced SystemCare Surfing Protection - C:\Users\Nina\AppData\Roaming\Mozilla\Firefox\Profiles\f1vtxk96.default\Extensions\ascsurfingprotection@iobit.com [2014-06-05] FF Extension: save on - C:\Users\Nina\AppData\Roaming\Mozilla\Firefox\Profiles\f1vtxk96.default\Extensions\auieoaa@y-.co.uk [2014-06-01] FF Extension: Star Stable Online - C:\Users\Nina\AppData\Roaming\Mozilla\Firefox\Profiles\f1vtxk96.default\Extensions\plugin@starstable.com [2014-02-18] FF Extension: System.Collections.CaseInsensitiveComparer - C:\Users\Nina\AppData\Roaming\Mozilla\Firefox\Profiles\f1vtxk96.default\Extensions\{35CFE46B-1C5F-1AC2-DA02-9AA30B4F6DEE} [2014-05-10] FF Extension: Popular Website Buddy - C:\Users\Nina\AppData\Roaming\Mozilla\Firefox\Profiles\f1vtxk96.default\Extensions\jid1-l6V8exwLVv1lBw@jetpack.xpi [2014-05-15] FF Extension: FlashExtension - C:\Users\Nina\AppData\Roaming\Mozilla\Firefox\Profiles\f1vtxk96.default\Extensions\{22916f38-7247-49e7-934c-c5bc815b8ea3}.xpi [2014-04-20] FF Extension: {8f2053ad-6527-424f-9e64-1eca25d13d01} - C:\Users\Nina\AppData\Roaming\Mozilla\Firefox\Profiles\f1vtxk96.default\Extensions\{8f2053ad-6527-424f-9e64-1eca25d13d01}.xpi [2014-04-20] FF HKLM-x32\...\Firefox\Extensions: [{BBDA0591-3099-440a-AA10-41764D9DB4DB}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.0.0.128\IPSFF FF Extension: Norton Vulnerability Protection - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.0.0.128\IPSFF [2014-02-16] FF HKLM-x32\...\Firefox\Extensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.0.0.128\coFFPlgn\ FF Extension: Norton Toolbar - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.0.0.128\coFFPlgn\ [] FF HKCU\...\Firefox\Extensions: [{B64D9B05-48E1-4CEB-BF58-E0643994E900}] - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\ff\ FF Extension: Download videos and MP3s from YouTube - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\ff\ [] Chrome: ======= CHR HomePage: hxxp://www.google.com/ CHR RestoreOnStartup: "hxxp://websearch.eazytosearch.info/?pid=724&r=2014/06/01&hid=13168029659258047577&lg=EN&cc=DE" CHR StartupUrls: "hxxp://websearch.eazytosearch.info/?pid=724&r=2014/06/01&hid=13168029659258047577&lg=EN&cc=DE" CHR Extension: (No Name) - C:\Users\Nina\AppData\Local\Google\Chrome\User Data\Default\Extensions\apimnnpjidaoombgegfjdglhbmjcffke [2014-06-01] CHR Extension: (YouTube) - C:\Users\Nina\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-03-08] CHR Extension: (Google Search) - C:\Users\Nina\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-03-08] CHR Extension: (Enhance Browser) - C:\Users\Nina\AppData\Local\Google\Chrome\User Data\Default\Extensions\encaiiljifbdbjlphpgpiimidegddhic [2014-06-01] CHR Extension: (No Name) - C:\Users\Nina\AppData\Local\Google\Chrome\User Data\Default\Extensions\fadcplcnmpeikaedkmboghidghbnojad [2014-06-01] CHR Extension: (save on) - C:\Users\Nina\AppData\Local\Google\Chrome\User Data\Default\Extensions\fjdbclcpegianmeojpmoddpgggpnploc [2014-06-01] CHR Extension: (No Name) - C:\Users\Nina\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkcedibhemacmilmkpndpkoidlnmgngg [2014-05-27] CHR Extension: (Norton Identity Protection) - C:\Users\Nina\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk [2014-03-09] CHR Extension: (Google Wallet) - C:\Users\Nina\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-03-09] CHR Extension: (Gmail) - C:\Users\Nina\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-03-08] CHR HKLM-x32\...\Chrome\Extension: [mkfokfffehpeedafpekjeddnmnjhmcmk] - C:\Program Files (x86)\Norton Internet Security\Engine\19.9.1.14\Exts\Chrome.crx [2014-02-22] CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION ==================== Services (Whitelisted) ================= R2 AdvancedSystemCareService7; C:\Program Files (x86)\IObit\Advanced SystemCare 7\ASCService.exe [881952 2014-01-14] (IObit) R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [161560 2012-02-07] (Intel Corporation) S2 LiveUpdateSvc; C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe [2152736 2014-05-04] (IObit) R2 MBAMScheduler; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe [1809720 2014-05-12] (Malwarebytes Corporation) R2 MBAMService; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [860472 2014-05-12] (Malwarebytes Corporation) R2 NIS; C:\Program Files (x86)\Norton Internet Security\Engine\19.9.1.14\ccSvcHst.exe [138272 2012-06-16] (Symantec Corporation) R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1618888 2014-04-30] (NVIDIA Corporation) R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [21009352 2014-04-30] (NVIDIA Corporation) R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76888 2014-02-16] () ==================== Drivers (Whitelisted) ==================== R1 BHDrvx64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.0.0.128\Definitions\BASHDefs\20140510.001\BHDrvx64.sys [1530160 2014-05-10] (Symantec Corporation) R1 ccSet_NIS; C:\Windows\system32\drivers\NISx64\1309010.00E\ccSetx64.sys [167072 2012-06-07] (Symantec Corporation) R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283064 2014-02-16] (Disc Soft Ltd) R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [484952 2014-02-16] (Symantec Corporation) R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [137648 2014-02-16] (Symantec Corporation) R1 IDSVia64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.0.0.128\Definitions\IPSDefs\20140604.001\IDSvia64.sys [525016 2014-06-04] (Symantec Corporation) R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-05-12] (Malwarebytes Corporation) R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [122584 2014-06-05] (Malwarebytes Corporation) R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-05-12] (Malwarebytes Corporation) S3 NAVENG; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.0.0.128\Definitions\VirusDefs\20140605.004\ENG64.SYS [126040 2014-06-05] (Symantec Corporation) S3 NAVEX15; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.0.0.128\Definitions\VirusDefs\20140605.004\EX64.SYS [2099288 2014-06-05] (Symantec Corporation) R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [19744 2014-04-30] (NVIDIA Corporation) R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [40392 2014-03-31] (NVIDIA Corporation) R1 Serial; C:\Windows\System32\DRIVERS\serial.sys [94208 2009-07-14] (Brother Industries Ltd.) S3 SRTSP; C:\Windows\System32\Drivers\NISx64\1309010.00E\SRTSP64.SYS [737952 2012-07-06] (Symantec Corporation) R1 SRTSPX; C:\Windows\system32\drivers\NISx64\1309010.00E\SRTSPX64.SYS [37536 2012-07-06] (Symantec Corporation) R0 SymDS; C:\Windows\System32\drivers\NISx64\1309010.00E\SYMDS64.SYS [451192 2011-05-16] (Symantec Corporation) R0 SymEFA; C:\Windows\System32\drivers\NISx64\1309010.00E\SYMEFA64.SYS [1129120 2012-05-22] (Symantec Corporation) R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [175736 2014-02-17] (Symantec Corporation) R1 SymIRON; C:\Windows\system32\drivers\NISx64\1309010.00E\Ironx64.SYS [190072 2012-04-18] (Symantec Corporation) R1 SymNetS; C:\Windows\System32\Drivers\NISx64\1309010.00E\SYMNETS.SYS [405624 2012-04-18] (Symantec Corporation) S3 taphss6; C:\Windows\System32\DRIVERS\taphss6.sys [42184 2013-06-21] (Anchorfree Inc.) S3 catchme; \??\C:\ComboFix\catchme.sys [X] S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X] S3 tsusbhub; system32\drivers\tsusbhub.sys [X] S3 VGPU; System32\drivers\rdvgkmd.sys [X] ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2014-06-05 22:34 - 2014-06-05 22:34 - 00001621 _____ () C:\Users\Nina\Desktop\JRT.txt 2014-06-05 22:29 - 2014-06-05 22:29 - 01016261 _____ (Thisisu) C:\Users\Nina\Downloads\JRT.exe 2014-06-05 22:29 - 2014-06-05 22:29 - 00000000 ____D () C:\Windows\ERUNT 2014-06-05 22:22 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\Windows\SysWOW64\sqlite3.dll 2014-06-05 21:49 - 2014-06-05 21:49 - 00023369 _____ () C:\ComboFix.txt 2014-06-05 21:49 - 2014-06-05 21:49 - 00000000 ____D () C:\Users\Public\AppData\Local\temp 2014-06-05 21:49 - 2014-06-05 21:49 - 00000000 ____D () C:\Users\Gast\AppData\Local\temp 2014-06-05 21:49 - 2014-06-05 21:49 - 00000000 ____D () C:\Users\Einhorn-Pegasus\AppData\Local\temp 2014-06-05 21:49 - 2014-06-05 21:49 - 00000000 ____D () C:\Users\Default\AppData\Local\temp 2014-06-05 21:49 - 2014-06-05 21:49 - 00000000 ____D () C:\Users\Default User\AppData\Local\temp 2014-06-05 21:49 - 2014-06-05 21:49 - 00000000 ____D () C:\Users\Administrator\AppData\Local\temp 2014-06-05 21:45 - 2011-06-26 08:45 - 00256000 _____ () C:\Windows\PEV.exe 2014-06-05 21:45 - 2010-11-07 19:20 - 00208896 _____ () C:\Windows\MBR.exe 2014-06-05 21:45 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe 2014-06-05 21:45 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe 2014-06-05 21:45 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe 2014-06-05 21:45 - 2000-08-31 02:00 - 00098816 _____ () C:\Windows\sed.exe 2014-06-05 21:45 - 2000-08-31 02:00 - 00080412 _____ () C:\Windows\grep.exe 2014-06-05 21:45 - 2000-08-31 02:00 - 00068096 _____ () C:\Windows\zip.exe 2014-06-05 21:43 - 2014-06-05 21:49 - 00000000 ____D () C:\Windows\erdnt 2014-06-05 21:43 - 2014-06-05 21:49 - 00000000 ____D () C:\Qoobox 2014-06-05 21:43 - 2014-06-05 21:43 - 05205146 ____R (Swearware) C:\Users\Nina\Downloads\ComboFix.exe 2014-06-05 21:25 - 2014-06-05 21:25 - 00029164 _____ () C:\Users\Nina\Downloads\Addition.txt 2014-06-05 21:24 - 2014-06-05 22:38 - 00019617 _____ () C:\Users\Nina\Downloads\FRST.txt 2014-06-05 21:16 - 2014-06-05 22:38 - 00000000 ____D () C:\FRST 2014-06-05 21:15 - 2014-06-05 21:15 - 02068992 _____ (Farbar) C:\Users\Nina\Downloads\FRST64.exe 2014-06-05 21:14 - 2014-06-05 21:15 - 01059840 _____ (Farbar) C:\Users\Nina\Downloads\FRST.exe 2014-06-05 20:39 - 2014-06-05 20:39 - 01333465 _____ () C:\Users\Nina\Downloads\adwcleaner_3.212.exe 2014-06-05 20:36 - 2014-06-05 22:25 - 00000000 ____D () C:\AdwCleaner 2014-06-05 20:12 - 2014-06-05 22:28 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2014-06-05 20:12 - 2014-06-05 20:12 - 00001106 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk 2014-06-05 20:12 - 2014-06-05 20:12 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 2014-06-05 20:12 - 2014-06-05 20:12 - 00000000 ____D () C:\ProgramData\Malwarebytes 2014-06-05 20:12 - 2014-06-05 20:12 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 2014-06-05 20:12 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys 2014-06-05 20:12 - 2014-05-12 07:26 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys 2014-06-05 20:12 - 2014-05-12 07:25 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys 2014-06-05 20:11 - 2014-06-05 20:11 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Nina\Downloads\mbam-setup-2.0.2.1012.exe 2014-06-05 18:07 - 2014-06-05 18:07 - 00828216 _____ () C:\Users\Nina\Downloads\Setup.exe 2014-06-05 17:52 - 2014-06-05 17:52 - 05249448 _____ (ParetoLogic Inc.) C:\Users\Nina\Downloads\ParetoLogic PC Health Advisor_de.exe 2014-06-05 17:45 - 2014-06-05 17:45 - 00264616 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe 2014-06-05 17:45 - 2014-06-05 17:45 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe 2014-06-05 17:45 - 2014-06-05 17:45 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe 2014-06-05 17:45 - 2014-06-05 17:45 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll 2014-06-05 17:45 - 2014-06-05 17:45 - 00000000 ____D () C:\ProgramData\Sun 2014-06-05 17:45 - 2014-06-05 17:45 - 00000000 ____D () C:\ProgramData\Oracle 2014-06-05 17:45 - 2014-06-05 17:45 - 00000000 ____D () C:\Program Files (x86)\Java 2014-06-05 17:43 - 2014-06-05 17:43 - 29405096 _____ (Oracle Corporation) C:\Users\Nina\Downloads\jre-7u60-windows-i586.exe 2014-06-05 17:35 - 2014-06-05 17:35 - 00700783 ____R (Swearware) C:\Users\Nina\Downloads\dds+.exe 2014-06-05 16:27 - 2014-06-05 16:27 - 00000000 __RHD () C:\Users\Nina\AppData\Roaming\SecuROM 2014-06-05 14:08 - 2014-06-05 14:08 - 00002300 _____ () C:\Users\Public\Desktop\Die*Sims™*3.lnk 2014-06-05 13:32 - 2014-06-05 13:32 - 00001001 _____ () C:\Users\Nina\Desktop\Origin.lnk 2014-06-05 13:12 - 2014-06-05 13:12 - 00002852 _____ () C:\Windows\System32\Tasks\Driver Booster SkipUAC (Nina) 2014-06-05 13:11 - 2014-06-05 13:11 - 00002852 _____ () C:\Windows\System32\Tasks\ASC7_SkipUac_Nina 2014-06-05 13:10 - 2014-06-05 13:10 - 00002892 _____ () C:\Windows\System32\Tasks\Uninstaller_SkipUac_Administrator 2014-06-05 13:10 - 2014-06-05 13:10 - 00001156 _____ () C:\Users\Public\Desktop\IObit Uninstaller.lnk 2014-06-05 13:10 - 2014-06-05 13:10 - 00000000 ____D () C:\Users\Nina\AppData\Roaming\ProductData 2014-06-05 13:10 - 2014-06-05 13:10 - 00000000 ____D () C:\Users\Nina\AppData\Roaming\Apple Computer 2014-06-05 13:10 - 2014-06-05 13:10 - 00000000 ____D () C:\ProgramData\ProductData 2014-06-05 13:10 - 2014-06-05 13:10 - 00000000 ____D () C:\ProgramData\{3C5CBD7B-3D1D-411E-96C2-513FFCA84D2D} 2014-06-05 13:09 - 2014-06-05 13:11 - 00002133 _____ () C:\Users\Public\Desktop\Advanced SystemCare 7.lnk 2014-06-05 13:09 - 2014-06-05 13:09 - 00003220 _____ () C:\Windows\System32\Tasks\Driver Booster Scan 2014-06-05 13:09 - 2014-06-05 13:09 - 00002860 _____ () C:\Windows\System32\Tasks\Driver Booster SkipUAC (SYSTEM) 2014-06-05 13:09 - 2014-06-05 13:09 - 00001098 _____ () C:\Users\Public\Desktop\Driver Booster.lnk 2014-06-05 13:09 - 2014-06-05 13:09 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Driver Booster 2014-06-05 13:09 - 2014-06-05 13:09 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Advanced SystemCare 7 2014-06-05 13:08 - 2014-06-05 13:10 - 00000000 ____D () C:\ProgramData\IObit 2014-06-05 13:07 - 2014-06-05 13:10 - 00000000 ____D () C:\Users\Nina\AppData\Roaming\IObit 2014-06-05 13:07 - 2014-06-05 13:10 - 00000000 ____D () C:\Program Files (x86)\IObit 2014-06-05 13:07 - 2014-06-05 13:07 - 26248320 _____ (IObit ) C:\Users\Nina\Downloads\imf-setup-2.4.1.15.exe 2014-06-05 12:38 - 2014-06-05 12:38 - 00000000 ____D () C:\Users\Nina\Documents\Symantec 2014-06-05 11:20 - 2014-06-05 11:20 - 00000000 ____D () C:\Program Files (x86)\ESET 2014-06-05 11:19 - 2014-06-05 11:19 - 02347384 _____ (ESET) C:\Users\Nina\Downloads\esetsmartinstaller_deu.exe 2014-06-05 09:43 - 2014-06-05 09:43 - 00001348 __RSH () C:\Users\Einhorn-Pegasus\ntuser.pol 2014-06-05 09:43 - 2014-06-05 09:43 - 00000680 __RSH () C:\Users\Nina\ntuser.pol 2014-06-05 09:27 - 2014-06-05 13:14 - 00000000 ____D () C:\Users\Nina\Documents\Ein Mann hat 7 Tage lang den Himmel auf Teneriffa gefilmt. Was er sah, nimmt mir den Atem-Dateien 2014-06-04 12:58 - 2014-06-04 12:58 - 00003288 _____ () C:\Windows\System32\Tasks\{B6543D33-4196-4FF7-885A-7881AF67AB88} 2014-06-04 12:50 - 2014-06-04 12:50 - 00001861 _____ () C:\Users\Nina\Desktop\UseNeXT by Tangysoft.lnk 2014-06-01 15:34 - 2014-06-05 11:13 - 00000000 ____D () C:\ProgramData\9d268cc6c5d3588d 2014-06-01 15:34 - 2014-06-01 15:34 - 00000000 ____D () C:\Users\Nina\AppData\Local\Packages 2014-06-01 15:34 - 2014-06-01 15:34 - 00000000 ____D () C:\Users\Nina\AppData\Local\Comodo 2014-06-01 15:34 - 2014-06-01 15:34 - 00000000 ____D () C:\Users\Gast\AppData\Local\Google 2014-06-01 15:34 - 2014-06-01 15:34 - 00000000 ____D () C:\Users\Gast\AppData\Local\Comodo 2014-06-01 15:34 - 2014-06-01 15:34 - 00000000 ____D () C:\Users\Gast 2014-06-01 15:34 - 2014-06-01 15:34 - 00000000 ____D () C:\Users\Einhorn-Pegasus\AppData\Local\Comodo 2014-06-01 15:34 - 2014-06-01 15:34 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Google 2014-06-01 15:34 - 2014-06-01 15:34 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Comodo 2014-06-01 15:34 - 2014-06-01 15:34 - 00000000 ____D () C:\Users\Administrator 2014-06-01 15:34 - 2014-06-01 15:34 - 00000000 ____D () C:\ProgramData\TopApp soft 2014-06-01 15:33 - 2014-06-01 15:34 - 00000000 ____D () C:\ProgramData\InstallMate 2014-05-25 17:53 - 2014-05-25 17:54 - 00000000 ____D () C:\Users\Einhorn-Pegasus\AppData\Local\NVIDIA Corporation 2014-05-25 17:45 - 2014-04-30 20:29 - 01225920 _____ (NVIDIA Corporation) C:\Windows\system32\nvspcap64.dll 2014-05-25 17:45 - 2014-04-30 20:29 - 01081112 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvspcap.dll 2014-05-25 17:44 - 2014-05-25 17:45 - 00000000 ____D () C:\Users\Nina\AppData\Local\NVIDIA Corporation 2014-05-25 17:44 - 2014-03-31 18:42 - 00040392 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvvad64v.sys 2014-05-25 17:44 - 2014-03-31 18:42 - 00034760 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvaudcap32v.dll 2014-05-25 17:41 - 2014-05-25 17:41 - 00000000 ____D () C:\Users\Nina\AppData\Roaming\Microsoft Games 2014-05-25 17:41 - 2014-05-25 17:41 - 00000000 ____D () C:\ProgramData\Microsoft Games 2014-05-23 21:34 - 2014-05-23 21:34 - 00001070 _____ () C:\Users\Nina\Documents\VLC media player.lnk 2014-05-16 18:31 - 2014-05-16 18:31 - 00000000 ____D () C:\ProgramData\PopCap Games 2014-05-16 18:30 - 2014-05-16 18:30 - 00001279 _____ () C:\Users\Public\Desktop\Pflanzen gegen Zombies.lnk 2014-05-16 18:30 - 2014-05-16 18:30 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Pflanzen gegen Zombies 2014-05-14 23:07 - 2014-05-06 06:40 - 23544320 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2014-05-14 23:07 - 2014-05-06 06:17 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2014-05-14 23:07 - 2014-05-06 05:25 - 17382912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2014-05-14 23:07 - 2014-05-06 05:07 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb 2014-05-14 23:07 - 2014-05-06 05:00 - 00084992 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll 2014-05-14 23:07 - 2014-05-06 04:10 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll 2014-05-14 22:37 - 2014-05-09 08:14 - 00477184 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll 2014-05-14 22:37 - 2014-05-09 08:11 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll 2014-05-14 22:37 - 2014-04-12 04:22 - 00155072 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys 2014-05-14 22:37 - 2014-04-12 04:22 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys 2014-05-14 22:37 - 2014-04-12 04:19 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll 2014-05-14 22:37 - 2014-04-12 04:19 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll 2014-05-14 22:37 - 2014-04-12 04:19 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe 2014-05-14 22:37 - 2014-04-12 04:19 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll 2014-05-14 22:37 - 2014-04-12 04:19 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll 2014-05-14 22:37 - 2014-04-12 04:12 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll 2014-05-14 22:37 - 2014-04-12 04:10 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll 2014-05-14 22:37 - 2014-03-25 04:43 - 14175744 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll 2014-05-14 22:37 - 2014-03-25 04:09 - 12874240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll 2014-05-14 22:37 - 2014-03-04 11:47 - 05550016 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe 2014-05-14 22:37 - 2014-03-04 11:44 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll 2014-05-14 22:37 - 2014-03-04 11:44 - 00722944 _____ (Microsoft Corporation) C:\Windows\system32\objsel.dll 2014-05-14 22:37 - 2014-03-04 11:44 - 00424960 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll 2014-05-14 22:37 - 2014-03-04 11:44 - 00340992 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll 2014-05-14 22:37 - 2014-03-04 11:44 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll 2014-05-14 22:37 - 2014-03-04 11:44 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll 2014-05-14 22:37 - 2014-03-04 11:44 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll 2014-05-14 22:37 - 2014-03-04 11:44 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\wincredprovider.dll 2014-05-14 22:37 - 2014-03-04 11:43 - 00455168 _____ (Microsoft Corporation) C:\Windows\system32\winlogon.exe 2014-05-14 22:37 - 2014-03-04 11:43 - 00057344 _____ (Microsoft Corporation) C:\Windows\system32\cngprovider.dll 2014-05-14 22:37 - 2014-03-04 11:43 - 00056832 _____ (Microsoft Corporation) C:\Windows\system32\adprovider.dll 2014-05-14 22:37 - 2014-03-04 11:43 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\capiprovider.dll 2014-05-14 22:37 - 2014-03-04 11:43 - 00052736 _____ (Microsoft Corporation) C:\Windows\system32\dpapiprovider.dll 2014-05-14 22:37 - 2014-03-04 11:43 - 00044544 _____ (Microsoft Corporation) C:\Windows\system32\dimsroam.dll 2014-05-14 22:37 - 2014-03-04 11:43 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll 2014-05-14 22:37 - 2014-03-04 11:20 - 03969984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe 2014-05-14 22:37 - 2014-03-04 11:20 - 03914176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe 2014-05-14 22:37 - 2014-03-04 11:17 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll 2014-05-14 22:37 - 2014-03-04 11:17 - 00538112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\objsel.dll 2014-05-14 22:37 - 2014-03-04 11:17 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll 2014-05-14 22:37 - 2014-03-04 11:17 - 00247808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll 2014-05-14 22:37 - 2014-03-04 11:17 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll 2014-05-14 22:37 - 2014-03-04 11:17 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll 2014-05-14 22:37 - 2014-03-04 11:17 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cngprovider.dll 2014-05-14 22:37 - 2014-03-04 11:17 - 00049664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adprovider.dll 2014-05-14 22:37 - 2014-03-04 11:17 - 00048128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\capiprovider.dll 2014-05-14 22:37 - 2014-03-04 11:17 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dpapiprovider.dll 2014-05-14 22:37 - 2014-03-04 11:17 - 00036864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dimsroam.dll 2014-05-14 22:37 - 2014-03-04 11:17 - 00035328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wincredprovider.dll 2014-05-14 22:37 - 2014-03-04 11:17 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll 2014-05-14 22:37 - 2014-03-04 11:16 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll 2014-05-13 22:07 - 2014-06-05 13:15 - 00000000 ____D () C:\Users\Nina\AppData\Roaming\tor 2014-05-13 22:07 - 2014-06-05 12:15 - 00000000 ____D () C:\Users\Nina\AppData\Roaming\Vaowav 2014-05-13 22:07 - 2014-05-14 08:28 - 00000000 ____D () C:\Users\Nina\AppData\Roaming\Xaok 2014-05-10 17:39 - 2014-06-05 12:13 - 00000000 ____D () C:\Users\Nina\AppData\Local\IQsoft 2014-05-10 15:46 - 2014-05-10 15:46 - 04105416 _____ (Gameforge 4D GmbH ) C:\Users\Einhorn-Pegasus\Downloads\Wizard101_Installer_DE(6).exe 2014-05-10 11:44 - 2014-05-10 11:44 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox 2014-05-10 11:32 - 2014-05-10 11:32 - 04105416 _____ (Gameforge 4D GmbH ) C:\Users\Einhorn-Pegasus\Downloads\Wizard101_Installer_DE(5).exe 2014-05-10 11:31 - 2014-05-10 11:31 - 04105416 _____ (Gameforge 4D GmbH ) C:\Users\Einhorn-Pegasus\Downloads\Wizard101_Installer_DE(4).exe 2014-05-10 11:25 - 2014-05-10 11:25 - 04105416 _____ (Gameforge 4D GmbH ) C:\Users\Einhorn-Pegasus\Downloads\Wizard101_Installer_DE(3).exe 2014-05-10 11:23 - 2014-05-10 11:23 - 04105416 _____ (Gameforge 4D GmbH ) C:\Users\Einhorn-Pegasus\Downloads\Wizard101_Installer_DE(2).exe 2014-05-06 22:07 - 2014-05-15 17:50 - 00000000 ___SD () C:\Windows\system32\CompatTel ==================== One Month Modified Files and Folders ======= 2014-06-05 22:38 - 2014-06-05 21:24 - 00019617 _____ () C:\Users\Nina\Downloads\FRST.txt 2014-06-05 22:38 - 2014-06-05 21:16 - 00000000 ____D () C:\FRST 2014-06-05 22:38 - 2014-02-16 13:08 - 00000000 ____D () C:\Users\Nina\AppData\Local\Temp 2014-06-05 22:34 - 2014-06-05 22:34 - 00001621 _____ () C:\Users\Nina\Desktop\JRT.txt 2014-06-05 22:34 - 2009-07-14 06:45 - 00016944 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2014-06-05 22:34 - 2009-07-14 06:45 - 00016944 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2014-06-05 22:32 - 2014-02-16 13:42 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job 2014-06-05 22:29 - 2014-06-05 22:29 - 01016261 _____ (Thisisu) C:\Users\Nina\Downloads\JRT.exe 2014-06-05 22:29 - 2014-06-05 22:29 - 00000000 ____D () C:\Windows\ERUNT 2014-06-05 22:28 - 2014-06-05 20:12 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2014-06-05 22:27 - 2014-03-27 17:54 - 00001102 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2014-06-05 22:27 - 2009-07-14 06:51 - 00060509 _____ () C:\Windows\setupact.log 2014-06-05 22:26 - 2014-02-16 13:56 - 00000000 ____D () C:\ProgramData\NVIDIA 2014-06-05 22:26 - 2014-02-16 13:19 - 00293330 _____ () C:\Windows\PFRO.log 2014-06-05 22:26 - 2014-02-16 13:07 - 01593635 _____ () C:\Windows\WindowsUpdate.log 2014-06-05 22:26 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2014-06-05 22:25 - 2014-06-05 20:36 - 00000000 ____D () C:\AdwCleaner 2014-06-05 22:17 - 2014-03-27 17:54 - 00001106 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2014-06-05 21:49 - 2014-06-05 21:49 - 00023369 _____ () C:\ComboFix.txt 2014-06-05 21:49 - 2014-06-05 21:49 - 00000000 ____D () C:\Users\Public\AppData\Local\temp 2014-06-05 21:49 - 2014-06-05 21:49 - 00000000 ____D () C:\Users\Gast\AppData\Local\temp 2014-06-05 21:49 - 2014-06-05 21:49 - 00000000 ____D () C:\Users\Einhorn-Pegasus\AppData\Local\temp 2014-06-05 21:49 - 2014-06-05 21:49 - 00000000 ____D () C:\Users\Default\AppData\Local\temp 2014-06-05 21:49 - 2014-06-05 21:49 - 00000000 ____D () C:\Users\Default User\AppData\Local\temp 2014-06-05 21:49 - 2014-06-05 21:49 - 00000000 ____D () C:\Users\Administrator\AppData\Local\temp 2014-06-05 21:49 - 2014-06-05 21:43 - 00000000 ____D () C:\Windows\erdnt 2014-06-05 21:49 - 2014-06-05 21:43 - 00000000 ____D () C:\Qoobox 2014-06-05 21:49 - 2009-07-14 05:20 - 00000000 __RHD () C:\Users\Default 2014-06-05 21:48 - 2009-07-14 04:34 - 00000215 _____ () C:\Windows\system.ini 2014-06-05 21:43 - 2014-06-05 21:43 - 05205146 ____R (Swearware) C:\Users\Nina\Downloads\ComboFix.exe 2014-06-05 21:25 - 2014-06-05 21:25 - 00029164 _____ () C:\Users\Nina\Downloads\Addition.txt 2014-06-05 21:15 - 2014-06-05 21:15 - 02068992 _____ (Farbar) C:\Users\Nina\Downloads\FRST64.exe 2014-06-05 21:15 - 2014-06-05 21:14 - 01059840 _____ (Farbar) C:\Users\Nina\Downloads\FRST.exe 2014-06-05 20:39 - 2014-06-05 20:39 - 01333465 _____ () C:\Users\Nina\Downloads\adwcleaner_3.212.exe 2014-06-05 20:24 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\tracing 2014-06-05 20:23 - 2005-06-13 21:06 - 00000000 _RSHD () C:\Users\Nina\AppData\Roaming\Windows Firewall 2014-06-05 20:12 - 2014-06-05 20:12 - 00001106 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk 2014-06-05 20:12 - 2014-06-05 20:12 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 2014-06-05 20:12 - 2014-06-05 20:12 - 00000000 ____D () C:\ProgramData\Malwarebytes 2014-06-05 20:12 - 2014-06-05 20:12 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 2014-06-05 20:11 - 2014-06-05 20:11 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Nina\Downloads\mbam-setup-2.0.2.1012.exe 2014-06-05 18:17 - 2014-02-16 20:05 - 00000000 ____D () C:\ProgramData\Origin 2014-06-05 18:16 - 2014-02-16 20:05 - 00000000 ____D () C:\Program Files (x86)\Origin 2014-06-05 18:11 - 2014-02-16 14:27 - 00000000 ____D () C:\Users\Nina\AppData\Roaming\UseNeXT 2014-06-05 18:07 - 2014-06-05 18:07 - 00828216 _____ () C:\Users\Nina\Downloads\Setup.exe 2014-06-05 17:52 - 2014-06-05 17:52 - 05249448 _____ (ParetoLogic Inc.) C:\Users\Nina\Downloads\ParetoLogic PC Health Advisor_de.exe 2014-06-05 17:45 - 2014-06-05 17:45 - 00264616 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe 2014-06-05 17:45 - 2014-06-05 17:45 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe 2014-06-05 17:45 - 2014-06-05 17:45 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe 2014-06-05 17:45 - 2014-06-05 17:45 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll 2014-06-05 17:45 - 2014-06-05 17:45 - 00000000 ____D () C:\ProgramData\Sun 2014-06-05 17:45 - 2014-06-05 17:45 - 00000000 ____D () C:\ProgramData\Oracle 2014-06-05 17:45 - 2014-06-05 17:45 - 00000000 ____D () C:\Program Files (x86)\Java 2014-06-05 17:43 - 2014-06-05 17:43 - 29405096 _____ (Oracle Corporation) C:\Users\Nina\Downloads\jre-7u60-windows-i586.exe 2014-06-05 17:35 - 2014-06-05 17:35 - 00700783 ____R (Swearware) C:\Users\Nina\Downloads\dds+.exe 2014-06-05 17:30 - 2014-02-16 14:23 - 00000000 ____D () C:\Users\Nina\AppData\Roaming\vlc 2014-06-05 17:28 - 2009-07-14 07:32 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games 2014-06-05 17:26 - 2014-02-16 13:22 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information 2014-06-05 16:27 - 2014-06-05 16:27 - 00000000 __RHD () C:\Users\Nina\AppData\Roaming\SecuROM 2014-06-05 16:14 - 2014-02-16 16:45 - 00000000 ____D () C:\Users\Nina\Documents\Electronic Arts 2014-06-05 14:08 - 2014-06-05 14:08 - 00002300 _____ () C:\Users\Public\Desktop\Die*Sims™*3.lnk 2014-06-05 14:06 - 2014-02-16 21:02 - 00447752 _____ (On2.com) C:\Windows\SysWOW64\vp6vfw.dll 2014-06-05 13:32 - 2014-06-05 13:32 - 00001001 _____ () C:\Users\Nina\Desktop\Origin.lnk 2014-06-05 13:16 - 2014-03-05 19:39 - 00000000 ____D () C:\Program Files (x86)\Electronic Arts 2014-06-05 13:16 - 2014-02-16 20:11 - 00000000 ____D () C:\Program Files (x86)\Origin Games 2014-06-05 13:15 - 2014-05-13 22:07 - 00000000 ____D () C:\Users\Nina\AppData\Roaming\tor 2014-06-05 13:14 - 2014-06-05 09:27 - 00000000 ____D () C:\Users\Nina\Documents\Ein Mann hat 7 Tage lang den Himmel auf Teneriffa gefilmt. Was er sah, nimmt mir den Atem-Dateien 2014-06-05 13:14 - 2014-02-16 21:23 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Electronic Arts 2014-06-05 13:12 - 2014-06-05 13:12 - 00002852 _____ () C:\Windows\System32\Tasks\Driver Booster SkipUAC (Nina) 2014-06-05 13:11 - 2014-06-05 13:11 - 00002852 _____ () C:\Windows\System32\Tasks\ASC7_SkipUac_Nina 2014-06-05 13:11 - 2014-06-05 13:09 - 00002133 _____ () C:\Users\Public\Desktop\Advanced SystemCare 7.lnk 2014-06-05 13:10 - 2014-06-05 13:10 - 00002892 _____ () C:\Windows\System32\Tasks\Uninstaller_SkipUac_Administrator 2014-06-05 13:10 - 2014-06-05 13:10 - 00001156 _____ () C:\Users\Public\Desktop\IObit Uninstaller.lnk 2014-06-05 13:10 - 2014-06-05 13:10 - 00000000 ____D () C:\Users\Nina\AppData\Roaming\ProductData 2014-06-05 13:10 - 2014-06-05 13:10 - 00000000 ____D () C:\Users\Nina\AppData\Roaming\Apple Computer 2014-06-05 13:10 - 2014-06-05 13:10 - 00000000 ____D () C:\ProgramData\ProductData 2014-06-05 13:10 - 2014-06-05 13:10 - 00000000 ____D () C:\ProgramData\{3C5CBD7B-3D1D-411E-96C2-513FFCA84D2D} 2014-06-05 13:10 - 2014-06-05 13:08 - 00000000 ____D () C:\ProgramData\IObit 2014-06-05 13:10 - 2014-06-05 13:07 - 00000000 ____D () C:\Users\Nina\AppData\Roaming\IObit 2014-06-05 13:10 - 2014-06-05 13:07 - 00000000 ____D () C:\Program Files (x86)\IObit 2014-06-05 13:09 - 2014-06-05 13:09 - 00003220 _____ () C:\Windows\System32\Tasks\Driver Booster Scan 2014-06-05 13:09 - 2014-06-05 13:09 - 00002860 _____ () C:\Windows\System32\Tasks\Driver Booster SkipUAC (SYSTEM) 2014-06-05 13:09 - 2014-06-05 13:09 - 00001098 _____ () C:\Users\Public\Desktop\Driver Booster.lnk 2014-06-05 13:09 - 2014-06-05 13:09 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Driver Booster 2014-06-05 13:09 - 2014-06-05 13:09 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Advanced SystemCare 7 2014-06-05 13:07 - 2014-06-05 13:07 - 26248320 _____ (IObit ) C:\Users\Nina\Downloads\imf-setup-2.4.1.15.exe 2014-06-05 12:38 - 2014-06-05 12:38 - 00000000 ____D () C:\Users\Nina\Documents\Symantec 2014-06-05 12:15 - 2014-05-13 22:07 - 00000000 ____D () C:\Users\Nina\AppData\Roaming\Vaowav 2014-06-05 12:13 - 2014-05-10 17:39 - 00000000 ____D () C:\Users\Nina\AppData\Local\IQsoft 2014-06-05 11:20 - 2014-06-05 11:20 - 00000000 ____D () C:\Program Files (x86)\ESET 2014-06-05 11:19 - 2014-06-05 11:19 - 02347384 _____ (ESET) C:\Users\Nina\Downloads\esetsmartinstaller_deu.exe 2014-06-05 11:13 - 2014-06-01 15:34 - 00000000 ____D () C:\ProgramData\9d268cc6c5d3588d 2014-06-05 09:43 - 2014-06-05 09:43 - 00001348 __RSH () C:\Users\Einhorn-Pegasus\ntuser.pol 2014-06-05 09:43 - 2014-06-05 09:43 - 00000680 __RSH () C:\Users\Nina\ntuser.pol 2014-06-05 09:43 - 2014-03-30 17:15 - 00000000 ____D () C:\Users\Einhorn-Pegasus 2014-06-05 09:43 - 2014-02-16 13:08 - 00000000 ____D () C:\Users\Nina 2014-06-05 09:43 - 2009-07-14 05:20 - 00000000 ___HD () C:\Windows\system32\GroupPolicy 2014-06-05 09:40 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\system32\NDF 2014-06-05 09:01 - 2014-02-16 14:27 - 00000000 ____D () C:\Users\Nina\Documents\UseNeXT 2014-06-04 12:58 - 2014-06-04 12:58 - 00003288 _____ () C:\Windows\System32\Tasks\{B6543D33-4196-4FF7-885A-7881AF67AB88} 2014-06-04 12:57 - 2014-03-08 19:58 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Zylom 2014-06-04 12:50 - 2014-06-04 12:50 - 00001861 _____ () C:\Users\Nina\Desktop\UseNeXT by Tangysoft.lnk 2014-06-04 12:50 - 2014-02-16 14:27 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\UseNeXT 2014-06-04 12:50 - 2014-02-16 14:27 - 00000000 ____D () C:\Program Files (x86)\UseNeXT 2014-06-04 12:45 - 2009-07-14 05:20 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories 2014-06-04 11:26 - 2014-03-01 11:29 - 00000000 ____D () C:\Users\Nina\AppData\Local\CrashDumps 2014-06-01 15:58 - 2014-03-23 12:20 - 00000000 ____D () C:\ProgramData\TEMP 2014-06-01 15:34 - 2014-06-01 15:34 - 00000000 ____D () C:\Users\Nina\AppData\Local\Packages 2014-06-01 15:34 - 2014-06-01 15:34 - 00000000 ____D () C:\Users\Nina\AppData\Local\Comodo 2014-06-01 15:34 - 2014-06-01 15:34 - 00000000 ____D () C:\Users\Gast\AppData\Local\Google 2014-06-01 15:34 - 2014-06-01 15:34 - 00000000 ____D () C:\Users\Gast\AppData\Local\Comodo 2014-06-01 15:34 - 2014-06-01 15:34 - 00000000 ____D () C:\Users\Gast 2014-06-01 15:34 - 2014-06-01 15:34 - 00000000 ____D () C:\Users\Einhorn-Pegasus\AppData\Local\Comodo 2014-06-01 15:34 - 2014-06-01 15:34 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Google 2014-06-01 15:34 - 2014-06-01 15:34 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Comodo 2014-06-01 15:34 - 2014-06-01 15:34 - 00000000 ____D () C:\Users\Administrator 2014-06-01 15:34 - 2014-06-01 15:34 - 00000000 ____D () C:\ProgramData\TopApp soft 2014-06-01 15:34 - 2014-06-01 15:33 - 00000000 ____D () C:\ProgramData\InstallMate 2014-06-01 15:34 - 2014-04-21 19:21 - 00000000 ____D () C:\Users\Einhorn-Pegasus\AppData\Local\Google 2014-06-01 15:34 - 2014-02-16 13:17 - 00000000 ____D () C:\Users\Nina\AppData\Local\Google 2014-06-01 15:32 - 2014-03-12 18:11 - 00000000 ____D () C:\Users\Nina\AppData\Roaming\.minecraft 2014-05-29 13:12 - 2014-04-15 11:15 - 00000000 ____D () C:\Users\Einhorn-Pegasus\AppData\Local\SecondLife 2014-05-29 01:12 - 2009-07-14 19:58 - 00699416 _____ () C:\Windows\system32\perfh007.dat 2014-05-29 01:12 - 2009-07-14 19:58 - 00149556 _____ () C:\Windows\system32\perfc007.dat 2014-05-29 01:12 - 2009-07-14 07:13 - 01620612 _____ () C:\Windows\system32\PerfStringBackup.INI 2014-05-29 01:09 - 2014-02-21 17:56 - 00000000 ____D () C:\Users\Nina\AppData\Local\QuickPar 2014-05-25 17:54 - 2014-05-25 17:53 - 00000000 ____D () C:\Users\Einhorn-Pegasus\AppData\Local\NVIDIA Corporation 2014-05-25 17:45 - 2014-05-25 17:44 - 00000000 ____D () C:\Users\Nina\AppData\Local\NVIDIA Corporation 2014-05-25 17:45 - 2014-02-16 13:56 - 00000000 ____D () C:\Program Files (x86)\NVIDIA Corporation 2014-05-25 17:45 - 2014-02-16 13:55 - 00000000 ____D () C:\ProgramData\NVIDIA Corporation 2014-05-25 17:45 - 2014-02-16 13:53 - 00000000 ____D () C:\Program Files\NVIDIA Corporation 2014-05-25 17:41 - 2014-05-25 17:41 - 00000000 ____D () C:\Users\Nina\AppData\Roaming\Microsoft Games 2014-05-25 17:41 - 2014-05-25 17:41 - 00000000 ____D () C:\ProgramData\Microsoft Games 2014-05-23 21:34 - 2014-05-23 21:34 - 00001070 _____ () C:\Users\Nina\Documents\VLC media player.lnk 2014-05-23 16:25 - 2014-03-27 17:54 - 00002175 _____ () C:\Users\Public\Desktop\Google Chrome.lnk 2014-05-21 12:49 - 2014-02-19 16:22 - 00000000 ____D () C:\Users\Nina\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games 2014-05-18 14:05 - 2014-02-23 18:21 - 00000000 ____D () C:\ProgramData\Wizard101(DE) 2014-05-16 18:31 - 2014-05-16 18:31 - 00000000 ____D () C:\ProgramData\PopCap Games 2014-05-16 18:31 - 2014-02-16 20:05 - 00000000 ____D () C:\Users\Nina\AppData\Local\Origin 2014-05-16 18:31 - 2014-02-16 20:05 - 00000000 ____D () C:\ProgramData\Electronic Arts 2014-05-16 18:30 - 2014-05-16 18:30 - 00001279 _____ () C:\Users\Public\Desktop\Pflanzen gegen Zombies.lnk 2014-05-16 18:30 - 2014-05-16 18:30 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Pflanzen gegen Zombies 2014-05-16 18:30 - 2014-02-16 14:11 - 00193468 _____ () C:\Windows\DirectX.log 2014-05-16 18:27 - 2014-02-16 13:46 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk 2014-05-15 21:23 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\rescache 2014-05-15 19:00 - 2014-03-30 17:16 - 00000000 ___RD () C:\Users\Einhorn-Pegasus\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup 2014-05-15 19:00 - 2014-03-30 17:16 - 00000000 ___RD () C:\Users\Einhorn-Pegasus\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools 2014-05-15 17:52 - 2014-02-16 13:08 - 00000000 ___RD () C:\Users\Nina\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup 2014-05-15 17:52 - 2014-02-16 13:08 - 00000000 ___RD () C:\Users\Nina\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools 2014-05-15 17:50 - 2014-05-06 22:07 - 00000000 ___SD () C:\Windows\system32\CompatTel 2014-05-15 17:50 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\PolicyDefinitions 2014-05-14 20:32 - 2014-02-16 13:42 - 00692400 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2014-05-14 20:32 - 2014-02-16 13:42 - 00070832 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2014-05-14 20:32 - 2014-02-16 13:42 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater 2014-05-14 08:28 - 2014-05-13 22:07 - 00000000 ____D () C:\Users\Nina\AppData\Roaming\Xaok 2014-05-12 07:26 - 2014-06-05 20:12 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys 2014-05-12 07:26 - 2014-06-05 20:12 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys 2014-05-12 07:25 - 2014-06-05 20:12 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys 2014-05-11 09:19 - 2014-02-16 16:35 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service 2014-05-10 18:25 - 2014-04-15 11:59 - 00000000 ____D () C:\Users\Einhorn-Pegasus\AppData\Roaming\vlc 2014-05-10 15:46 - 2014-05-10 15:46 - 04105416 _____ (Gameforge 4D GmbH ) C:\Users\Einhorn-Pegasus\Downloads\Wizard101_Installer_DE(6).exe 2014-05-10 11:44 - 2014-05-10 11:44 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox 2014-05-10 11:32 - 2014-05-10 11:32 - 04105416 _____ (Gameforge 4D GmbH ) C:\Users\Einhorn-Pegasus\Downloads\Wizard101_Installer_DE(5).exe 2014-05-10 11:31 - 2014-05-10 11:31 - 04105416 _____ (Gameforge 4D GmbH ) C:\Users\Einhorn-Pegasus\Downloads\Wizard101_Installer_DE(4).exe 2014-05-10 11:25 - 2014-05-10 11:25 - 04105416 _____ (Gameforge 4D GmbH ) C:\Users\Einhorn-Pegasus\Downloads\Wizard101_Installer_DE(3).exe 2014-05-10 11:23 - 2014-05-10 11:23 - 04105416 _____ (Gameforge 4D GmbH ) C:\Users\Einhorn-Pegasus\Downloads\Wizard101_Installer_DE(2).exe 2014-05-09 08:14 - 2014-05-14 22:37 - 00477184 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll 2014-05-09 08:11 - 2014-05-14 22:37 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll 2014-05-08 15:19 - 2014-03-30 18:35 - 00000000 ____D () C:\Users\Einhorn-Pegasus\Documents\Electronic Arts 2014-05-08 08:12 - 2014-03-27 17:54 - 00004102 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA 2014-05-08 08:12 - 2014-03-27 17:54 - 00003850 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore 2014-05-06 06:40 - 2014-05-14 23:07 - 23544320 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2014-05-06 06:17 - 2014-05-14 23:07 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2014-05-06 05:25 - 2014-05-14 23:07 - 17382912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2014-05-06 05:07 - 2014-05-14 23:07 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb 2014-05-06 05:00 - 2014-05-14 23:07 - 00084992 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll 2014-05-06 04:10 - 2014-05-14 23:07 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll Some content of TEMP: ==================== C:\Users\Nina\AppData\Local\Temp\Quarantine.exe ==================== Bamital & volsnap Check ================= C:\Windows\System32\winlogon.exe => MD5 is legit C:\Windows\System32\wininit.exe => MD5 is legit C:\Windows\SysWOW64\wininit.exe => MD5 is legit C:\Windows\explorer.exe => MD5 is legit C:\Windows\SysWOW64\explorer.exe => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\SysWOW64\svchost.exe => MD5 is legit C:\Windows\System32\services.exe => MD5 is legit C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\SysWOW64\User32.dll => MD5 is legit C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\SysWOW64\userinit.exe => MD5 is legit C:\Windows\System32\rpcss.dll => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit LastRegBack: 2014-05-29 00:19 ==================== End Of Log ============================ |
06.06.2014, 08:15 | #10 |
/// Winkelfunktion /// TB-Süch-Tiger™ | Fehler beim Laden des Moduls RegSvr32 Bitte auch ne neue Additions.txt erstellen. Haken setzen bei addition.txt dann auf Scan klicken
__________________ Logfiles bitte immer in CODE-Tags posten |
06.06.2014, 09:11 | #11 |
| Fehler beim Laden des Moduls RegSvr32FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 02-06-2014 Ran by Nina (administrator) on NINA-PC on 06-06-2014 10:08:50 Running from C:\Users\Nina\Downloads Platform: Windows 7 Ultimate Service Pack 1 (X64) OS Language: German Standard Internet Explorer Version 11 Boot Mode: Normal ==================== Processes (Whitelisted) ================= (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe (Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe (Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe (Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\19.9.1.14\ccsvchst.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe () C:\Windows\SysWOW64\PnkBstrA.exe (Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe (Intenium) C:\Program Files (x86)\OXXOGames\GPlayer\GameCenterNotifier.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe (Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\19.9.1.14\ccsvchst.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe (Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe ==================== Registry (Whitelisted) ================== HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [6463592 2012-02-10] (Realtek Semiconductor) HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2199840 2014-04-30] (NVIDIA Corporation) HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\nvspcap64.dll [1225920 2014-04-30] (NVIDIA Corporation) HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [291608 2012-03-26] (Intel Corporation) HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [284440 2012-02-01] (Intel Corporation) HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-12-21] (Adobe Systems Incorporated) HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [256896 2014-05-07] (Oracle Corporation) HKU\.DEFAULT\...\Run: [Advanced SystemCare 7] => "C:\Program Files (x86)\IObit\Advanced SystemCare 7\ASCTray.exe" /Auto HKU\S-1-5-21-1228840033-2895351102-1459622301-1000\...\Run: [DAEMON Tools Lite] => C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [3675352 2013-10-28] (Disc Soft Ltd) HKU\S-1-5-21-1228840033-2895351102-1459622301-1000\...\Run: [Spiele Post] => C:\Program Files (x86)\OXXOGames\GPlayer\GameCenterNotifier.exe [483400 2013-12-06] (Intenium) HKU\S-1-5-21-1228840033-2895351102-1459622301-1000\...\Policies\system: [LogonHoursAction] 2 HKU\S-1-5-21-1228840033-2895351102-1459622301-1000\...\Policies\system: [DontDisplayLogonHoursWarnings] 1 GroupPolicyUsers\S-1-5-21-1228840033-2895351102-1459622301-1002\User: Group Policy restriction detected <======= ATTENTION ==================== Internet (Whitelisted) ==================== HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x352833F60A2BCF01 HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/ URLSearchHook: HKLM-x32 - Default Value = {CCC7B159-1D8C-11E3-B2AD-F3EF3D58318D} StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe SearchScopes: HKLM - DefaultScope {1CE79CC2-73FA-442F-A916-7B62D1A98476} URL = SearchScopes: HKCU - DefaultScope {B3B3A6AC-74EC-BD56-BCDB-EFA4799FB9DF} URL = hxxp://de.search.yahoo.com/search?p={searchTerms}&fr=vc_trans_8140&type=securitascout SearchScopes: HKCU - URL hxxp://search.conduit.com/Results.aspx?ctid=CT3323737&octid=EB_ORIGINAL_CTID&SearchSource=58&CUI=&UM=5&UP=SP244E6CBF-8349-4F3A-8DFC-52A4E5111EB7&q={searchTerms}&SSPV= SearchScopes: HKCU - SuggestionsURL_JSON hxxp://suggest.search.conduit.com/CSuggestJson.ashx?prefix={searchTerms} SearchScopes: HKCU - {B3B3A6AC-74EC-BD56-BCDB-EFA4799FB9DF} URL = hxxp://de.search.yahoo.com/search?p={searchTerms}&fr=vc_trans_8140&type=securitascout BHO: ExplorerWnd Helper - {10921475-03CE-4E04-90CE-E2E7EF20C814} - C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallExplorer64.dll (IObit) BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) BHO-x32: Norton Identity Protection - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\19.9.1.14\coIEPlg.dll (Symantec Corporation) BHO-x32: Norton Vulnerability Protection - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\19.9.1.14\IPS\IPSBHO.DLL (Symantec Corporation) BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\19.9.1.14\coIEPlg.dll (Symantec Corporation) Toolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File Toolbar: HKCU - No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 FireFox: ======== FF ProfilePath: C:\Users\Nina\AppData\Roaming\Mozilla\Firefox\Profiles\f1vtxk96.default FF DefaultSearchEngine: WebSearch FF SelectedSearchEngine: WebSearch FF Homepage: https://www.google.de/ FF Keyword.URL: hxxp://websearch.eazytosearch.info/?pid=724&r=2014/06/01&hid=13168029659258047577&lg=EN&cc=DE&l=1&q= FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_13_0_0_214.dll () FF Plugin: @java.com/DTPlugin,version=10.51.2 - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=10.51.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_214.dll () FF Plugin-x32: @adobe.com/ShockwavePlayer - C:\Windows\SysWOW64\Adobe\Director\np32dsw_1210150.dll (Adobe Systems, Inc.) FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.0.59 - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation) FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation) FF Plugin-x32: @java.com/DTPlugin,version=10.60.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=10.60.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin-x32: @nvidia.com/3DVision - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation) FF Plugin-x32: @nvidia.com/3DVisionStreaming - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation) FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: @videolan.org/vlc,version=2.1.3 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN) FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF Plugin HKCU: @unity3d.com/UnityPlayer,version=1.0 - C:\Users\Nina\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS) FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\WebSearch.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml FF Extension: Amazon-Icon - C:\Users\Nina\AppData\Roaming\Mozilla\Firefox\Profiles\f1vtxk96.default\Extensions\amazon-icon@giga.de [2014-04-01] FF Extension: save on - C:\Users\Nina\AppData\Roaming\Mozilla\Firefox\Profiles\f1vtxk96.default\Extensions\auieoaa@y-.co.uk [2014-06-01] FF Extension: Star Stable Online - C:\Users\Nina\AppData\Roaming\Mozilla\Firefox\Profiles\f1vtxk96.default\Extensions\plugin@starstable.com [2014-02-18] FF Extension: System.Collections.CaseInsensitiveComparer - C:\Users\Nina\AppData\Roaming\Mozilla\Firefox\Profiles\f1vtxk96.default\Extensions\{35CFE46B-1C5F-1AC2-DA02-9AA30B4F6DEE} [2014-05-10] FF Extension: Popular Website Buddy - C:\Users\Nina\AppData\Roaming\Mozilla\Firefox\Profiles\f1vtxk96.default\Extensions\jid1-l6V8exwLVv1lBw@jetpack.xpi [2014-05-15] FF Extension: FlashExtension - C:\Users\Nina\AppData\Roaming\Mozilla\Firefox\Profiles\f1vtxk96.default\Extensions\{22916f38-7247-49e7-934c-c5bc815b8ea3}.xpi [2014-04-20] FF Extension: {8f2053ad-6527-424f-9e64-1eca25d13d01} - C:\Users\Nina\AppData\Roaming\Mozilla\Firefox\Profiles\f1vtxk96.default\Extensions\{8f2053ad-6527-424f-9e64-1eca25d13d01}.xpi [2014-04-20] FF HKLM-x32\...\Firefox\Extensions: [{BBDA0591-3099-440a-AA10-41764D9DB4DB}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.0.0.128\IPSFF FF Extension: Norton Vulnerability Protection - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.0.0.128\IPSFF [2014-02-16] FF HKLM-x32\...\Firefox\Extensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.0.0.128\coFFPlgn\ FF Extension: Norton Toolbar - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.0.0.128\coFFPlgn\ [] FF HKCU\...\Firefox\Extensions: [{B64D9B05-48E1-4CEB-BF58-E0643994E900}] - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\ff\ FF Extension: Download videos and MP3s from YouTube - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\ff\ [] Chrome: ======= CHR HomePage: hxxp://www.google.com/ CHR RestoreOnStartup: "hxxp://websearch.eazytosearch.info/?pid=724&r=2014/06/01&hid=13168029659258047577&lg=EN&cc=DE" CHR StartupUrls: "hxxp://websearch.eazytosearch.info/?pid=724&r=2014/06/01&hid=13168029659258047577&lg=EN&cc=DE" CHR Extension: (No Name) - C:\Users\Nina\AppData\Local\Google\Chrome\User Data\Default\Extensions\apimnnpjidaoombgegfjdglhbmjcffke [2014-06-01] CHR Extension: (YouTube) - C:\Users\Nina\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-03-08] CHR Extension: (Google Search) - C:\Users\Nina\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-03-08] CHR Extension: (Enhance Browser) - C:\Users\Nina\AppData\Local\Google\Chrome\User Data\Default\Extensions\encaiiljifbdbjlphpgpiimidegddhic [2014-06-01] CHR Extension: (No Name) - C:\Users\Nina\AppData\Local\Google\Chrome\User Data\Default\Extensions\fadcplcnmpeikaedkmboghidghbnojad [2014-06-01] CHR Extension: (save on) - C:\Users\Nina\AppData\Local\Google\Chrome\User Data\Default\Extensions\fjdbclcpegianmeojpmoddpgggpnploc [2014-06-01] CHR Extension: (No Name) - C:\Users\Nina\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkcedibhemacmilmkpndpkoidlnmgngg [2014-05-27] CHR Extension: (Norton Identity Protection) - C:\Users\Nina\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk [2014-03-09] CHR Extension: (Google Wallet) - C:\Users\Nina\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-03-09] CHR Extension: (Gmail) - C:\Users\Nina\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-03-08] CHR HKLM-x32\...\Chrome\Extension: [mkfokfffehpeedafpekjeddnmnjhmcmk] - C:\Program Files (x86)\Norton Internet Security\Engine\19.9.1.14\Exts\Chrome.crx [2014-02-22] CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION ==================== Services (Whitelisted) ================= R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [161560 2012-02-07] (Intel Corporation) S2 LiveUpdateSvc; C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe [2152736 2014-05-04] (IObit) R2 MBAMScheduler; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe [1809720 2014-05-12] (Malwarebytes Corporation) R2 MBAMService; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [860472 2014-05-12] (Malwarebytes Corporation) R2 NIS; C:\Program Files (x86)\Norton Internet Security\Engine\19.9.1.14\ccSvcHst.exe [138272 2012-06-16] (Symantec Corporation) R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1618888 2014-04-30] (NVIDIA Corporation) R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [21009352 2014-04-30] (NVIDIA Corporation) R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76888 2014-02-16] () ==================== Drivers (Whitelisted) ==================== R1 BHDrvx64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.0.0.128\Definitions\BASHDefs\20140510.001\BHDrvx64.sys [1530160 2014-05-10] (Symantec Corporation) R1 ccSet_NIS; C:\Windows\system32\drivers\NISx64\1309010.00E\ccSetx64.sys [167072 2012-06-07] (Symantec Corporation) R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283064 2014-02-16] (Disc Soft Ltd) R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [484952 2014-02-16] (Symantec Corporation) R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [137648 2014-02-16] (Symantec Corporation) R1 IDSVia64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.0.0.128\Definitions\IPSDefs\20140606.001\IDSvia64.sys [525016 2014-06-04] (Symantec Corporation) R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-05-12] (Malwarebytes Corporation) R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [122584 2014-06-06] (Malwarebytes Corporation) R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-05-12] (Malwarebytes Corporation) R3 NAVENG; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.0.0.128\Definitions\VirusDefs\20140605.032\ENG64.SYS [126040 2014-06-05] (Symantec Corporation) R3 NAVEX15; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.0.0.128\Definitions\VirusDefs\20140605.032\EX64.SYS [2099288 2014-06-05] (Symantec Corporation) R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [19744 2014-04-30] (NVIDIA Corporation) R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [40392 2014-03-31] (NVIDIA Corporation) R1 Serial; C:\Windows\System32\DRIVERS\serial.sys [94208 2009-07-14] (Brother Industries Ltd.) R1 SRTSP; C:\Windows\System32\Drivers\NISx64\1309010.00E\SRTSP64.SYS [737952 2012-07-06] (Symantec Corporation) R1 SRTSPX; C:\Windows\system32\drivers\NISx64\1309010.00E\SRTSPX64.SYS [37536 2012-07-06] (Symantec Corporation) R0 SymDS; C:\Windows\System32\drivers\NISx64\1309010.00E\SYMDS64.SYS [451192 2011-05-16] (Symantec Corporation) R0 SymEFA; C:\Windows\System32\drivers\NISx64\1309010.00E\SYMEFA64.SYS [1129120 2012-05-22] (Symantec Corporation) R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [175736 2014-02-17] (Symantec Corporation) R1 SymIRON; C:\Windows\system32\drivers\NISx64\1309010.00E\Ironx64.SYS [190072 2012-04-18] (Symantec Corporation) R1 SymNetS; C:\Windows\System32\Drivers\NISx64\1309010.00E\SYMNETS.SYS [405624 2012-04-18] (Symantec Corporation) S3 taphss6; C:\Windows\System32\DRIVERS\taphss6.sys [42184 2013-06-21] (Anchorfree Inc.) S3 catchme; \??\C:\ComboFix\catchme.sys [X] S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X] S3 tsusbhub; system32\drivers\tsusbhub.sys [X] S3 VGPU; System32\drivers\rdvgkmd.sys [X] ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2014-06-06 10:08 - 2014-06-06 10:08 - 00000000 ____D () C:\FRST 2014-06-05 23:22 - 2014-06-05 23:22 - 00369811 _____ () C:\Users\Nina\Desktop\photo.php 2014-06-05 22:57 - 2014-06-05 22:57 - 00000000 ____D () C:\Windows\Tasks\ImCleanDisabled 2014-06-05 22:29 - 2014-06-05 22:29 - 01016261 _____ (Thisisu) C:\Users\Nina\Downloads\JRT.exe 2014-06-05 22:29 - 2014-06-05 22:29 - 00000000 ____D () C:\Windows\ERUNT 2014-06-05 22:22 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\Windows\SysWOW64\sqlite3.dll 2014-06-05 21:49 - 2014-06-05 21:49 - 00023369 _____ () C:\ComboFix.txt 2014-06-05 21:49 - 2014-06-05 21:49 - 00000000 ____D () C:\Users\Public\AppData\Local\temp 2014-06-05 21:49 - 2014-06-05 21:49 - 00000000 ____D () C:\Users\Gast\AppData\Local\temp 2014-06-05 21:49 - 2014-06-05 21:49 - 00000000 ____D () C:\Users\Einhorn-Pegasus\AppData\Local\temp 2014-06-05 21:49 - 2014-06-05 21:49 - 00000000 ____D () C:\Users\Default\AppData\Local\temp 2014-06-05 21:49 - 2014-06-05 21:49 - 00000000 ____D () C:\Users\Default User\AppData\Local\temp 2014-06-05 21:49 - 2014-06-05 21:49 - 00000000 ____D () C:\Users\Administrator\AppData\Local\temp 2014-06-05 21:45 - 2011-06-26 08:45 - 00256000 _____ () C:\Windows\PEV.exe 2014-06-05 21:45 - 2010-11-07 19:20 - 00208896 _____ () C:\Windows\MBR.exe 2014-06-05 21:45 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe 2014-06-05 21:45 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe 2014-06-05 21:45 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe 2014-06-05 21:45 - 2000-08-31 02:00 - 00098816 _____ () C:\Windows\sed.exe 2014-06-05 21:45 - 2000-08-31 02:00 - 00080412 _____ () C:\Windows\grep.exe 2014-06-05 21:45 - 2000-08-31 02:00 - 00068096 _____ () C:\Windows\zip.exe 2014-06-05 21:43 - 2014-06-05 21:49 - 00000000 ____D () C:\Windows\erdnt 2014-06-05 21:43 - 2014-06-05 21:49 - 00000000 ____D () C:\Qoobox 2014-06-05 21:43 - 2014-06-05 21:43 - 05205146 ____R (Swearware) C:\Users\Nina\Downloads\ComboFix.exe 2014-06-05 21:25 - 2014-06-05 21:25 - 00029164 _____ () C:\Users\Nina\Downloads\Addition.txt 2014-06-05 21:24 - 2014-06-06 10:09 - 00019111 _____ () C:\Users\Nina\Downloads\FRST.txt 2014-06-05 21:15 - 2014-06-05 21:15 - 02068992 _____ (Farbar) C:\Users\Nina\Downloads\FRST64.exe 2014-06-05 21:14 - 2014-06-05 21:15 - 01059840 _____ (Farbar) C:\Users\Nina\Downloads\FRST.exe 2014-06-05 20:39 - 2014-06-05 20:39 - 01333465 _____ () C:\Users\Nina\Downloads\adwcleaner_3.212.exe 2014-06-05 20:12 - 2014-06-06 07:07 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2014-06-05 20:12 - 2014-06-05 20:12 - 00001106 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk 2014-06-05 20:12 - 2014-06-05 20:12 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 2014-06-05 20:12 - 2014-06-05 20:12 - 00000000 ____D () C:\ProgramData\Malwarebytes 2014-06-05 20:12 - 2014-06-05 20:12 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 2014-06-05 20:12 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys 2014-06-05 20:12 - 2014-05-12 07:26 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys 2014-06-05 20:12 - 2014-05-12 07:25 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys 2014-06-05 20:11 - 2014-06-05 20:11 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Nina\Downloads\mbam-setup-2.0.2.1012.exe 2014-06-05 18:07 - 2014-06-05 18:07 - 00828216 _____ () C:\Users\Nina\Downloads\Setup.exe 2014-06-05 17:52 - 2014-06-05 17:52 - 05249448 _____ (ParetoLogic Inc.) C:\Users\Nina\Downloads\ParetoLogic PC Health Advisor_de.exe 2014-06-05 17:45 - 2014-06-05 17:45 - 00264616 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe 2014-06-05 17:45 - 2014-06-05 17:45 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe 2014-06-05 17:45 - 2014-06-05 17:45 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe 2014-06-05 17:45 - 2014-06-05 17:45 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll 2014-06-05 17:45 - 2014-06-05 17:45 - 00000000 ____D () C:\ProgramData\Sun 2014-06-05 17:45 - 2014-06-05 17:45 - 00000000 ____D () C:\ProgramData\Oracle 2014-06-05 17:45 - 2014-06-05 17:45 - 00000000 ____D () C:\Program Files (x86)\Java 2014-06-05 17:43 - 2014-06-05 17:43 - 29405096 _____ (Oracle Corporation) C:\Users\Nina\Downloads\jre-7u60-windows-i586.exe 2014-06-05 17:35 - 2014-06-05 17:35 - 00700783 ____R (Swearware) C:\Users\Nina\Downloads\dds+.exe 2014-06-05 16:27 - 2014-06-05 16:27 - 00000000 __RHD () C:\Users\Nina\AppData\Roaming\SecuROM 2014-06-05 14:08 - 2014-06-05 14:08 - 00002300 _____ () C:\Users\Public\Desktop\Die*Sims™*3.lnk 2014-06-05 13:32 - 2014-06-05 13:32 - 00001001 _____ () C:\Users\Nina\Desktop\Origin.lnk 2014-06-05 13:12 - 2014-06-05 13:12 - 00002852 _____ () C:\Windows\System32\Tasks\Driver Booster SkipUAC (Nina) 2014-06-05 13:10 - 2014-06-05 13:10 - 00002892 _____ () C:\Windows\System32\Tasks\Uninstaller_SkipUac_Administrator 2014-06-05 13:10 - 2014-06-05 13:10 - 00001156 _____ () C:\Users\Public\Desktop\IObit Uninstaller.lnk 2014-06-05 13:10 - 2014-06-05 13:10 - 00000000 ____D () C:\Users\Nina\AppData\Roaming\ProductData 2014-06-05 13:10 - 2014-06-05 13:10 - 00000000 ____D () C:\Users\Nina\AppData\Roaming\Apple Computer 2014-06-05 13:10 - 2014-06-05 13:10 - 00000000 ____D () C:\ProgramData\ProductData 2014-06-05 13:10 - 2014-06-05 13:10 - 00000000 ____D () C:\ProgramData\{3C5CBD7B-3D1D-411E-96C2-513FFCA84D2D} 2014-06-05 13:09 - 2014-06-05 13:09 - 00002860 _____ () C:\Windows\System32\Tasks\Driver Booster SkipUAC (SYSTEM) 2014-06-05 13:08 - 2014-06-05 13:10 - 00000000 ____D () C:\ProgramData\IObit 2014-06-05 13:07 - 2014-06-05 23:01 - 00000000 ____D () C:\Program Files (x86)\IObit 2014-06-05 13:07 - 2014-06-05 13:10 - 00000000 ____D () C:\Users\Nina\AppData\Roaming\IObit 2014-06-05 13:07 - 2014-06-05 13:07 - 26248320 _____ (IObit ) C:\Users\Nina\Downloads\imf-setup-2.4.1.15.exe 2014-06-05 12:38 - 2014-06-05 12:38 - 00000000 ____D () C:\Users\Nina\Documents\Symantec 2014-06-05 11:19 - 2014-06-05 11:19 - 02347384 _____ (ESET) C:\Users\Nina\Downloads\esetsmartinstaller_deu.exe 2014-06-05 09:43 - 2014-06-05 09:43 - 00001348 __RSH () C:\Users\Einhorn-Pegasus\ntuser.pol 2014-06-05 09:43 - 2014-06-05 09:43 - 00000680 __RSH () C:\Users\Nina\ntuser.pol 2014-06-05 09:27 - 2014-06-05 13:14 - 00000000 ____D () C:\Users\Nina\Documents\Ein Mann hat 7 Tage lang den Himmel auf Teneriffa gefilmt. Was er sah, nimmt mir den Atem-Dateien 2014-06-04 12:58 - 2014-06-04 12:58 - 00003288 _____ () C:\Windows\System32\Tasks\{B6543D33-4196-4FF7-885A-7881AF67AB88} 2014-06-04 12:50 - 2014-06-04 12:50 - 00001861 _____ () C:\Users\Nina\Desktop\UseNeXT by Tangysoft.lnk 2014-06-01 15:34 - 2014-06-05 11:13 - 00000000 ____D () C:\ProgramData\9d268cc6c5d3588d 2014-06-01 15:34 - 2014-06-01 15:34 - 00000000 ____D () C:\Users\Nina\AppData\Local\Packages 2014-06-01 15:34 - 2014-06-01 15:34 - 00000000 ____D () C:\Users\Nina\AppData\Local\Comodo 2014-06-01 15:34 - 2014-06-01 15:34 - 00000000 ____D () C:\Users\Gast\AppData\Local\Google 2014-06-01 15:34 - 2014-06-01 15:34 - 00000000 ____D () C:\Users\Gast\AppData\Local\Comodo 2014-06-01 15:34 - 2014-06-01 15:34 - 00000000 ____D () C:\Users\Gast 2014-06-01 15:34 - 2014-06-01 15:34 - 00000000 ____D () C:\Users\Einhorn-Pegasus\AppData\Local\Comodo 2014-06-01 15:34 - 2014-06-01 15:34 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Google 2014-06-01 15:34 - 2014-06-01 15:34 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Comodo 2014-06-01 15:34 - 2014-06-01 15:34 - 00000000 ____D () C:\Users\Administrator 2014-06-01 15:34 - 2014-06-01 15:34 - 00000000 ____D () C:\ProgramData\TopApp soft 2014-06-01 15:33 - 2014-06-01 15:34 - 00000000 ____D () C:\ProgramData\InstallMate 2014-05-25 17:53 - 2014-05-25 17:54 - 00000000 ____D () C:\Users\Einhorn-Pegasus\AppData\Local\NVIDIA Corporation 2014-05-25 17:45 - 2014-04-30 20:29 - 01225920 _____ (NVIDIA Corporation) C:\Windows\system32\nvspcap64.dll 2014-05-25 17:45 - 2014-04-30 20:29 - 01081112 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvspcap.dll 2014-05-25 17:44 - 2014-05-25 17:45 - 00000000 ____D () C:\Users\Nina\AppData\Local\NVIDIA Corporation 2014-05-25 17:44 - 2014-03-31 18:42 - 00040392 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvvad64v.sys 2014-05-25 17:44 - 2014-03-31 18:42 - 00034760 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvaudcap32v.dll 2014-05-25 17:41 - 2014-05-25 17:41 - 00000000 ____D () C:\Users\Nina\AppData\Roaming\Microsoft Games 2014-05-25 17:41 - 2014-05-25 17:41 - 00000000 ____D () C:\ProgramData\Microsoft Games 2014-05-23 21:34 - 2014-05-23 21:34 - 00001070 _____ () C:\Users\Nina\Documents\VLC media player.lnk 2014-05-16 18:31 - 2014-05-16 18:31 - 00000000 ____D () C:\ProgramData\PopCap Games 2014-05-16 18:30 - 2014-05-16 18:30 - 00001279 _____ () C:\Users\Public\Desktop\Pflanzen gegen Zombies.lnk 2014-05-16 18:30 - 2014-05-16 18:30 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Pflanzen gegen Zombies 2014-05-14 23:07 - 2014-05-06 06:40 - 23544320 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2014-05-14 23:07 - 2014-05-06 06:17 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2014-05-14 23:07 - 2014-05-06 05:25 - 17382912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2014-05-14 23:07 - 2014-05-06 05:07 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb 2014-05-14 23:07 - 2014-05-06 05:00 - 00084992 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll 2014-05-14 23:07 - 2014-05-06 04:10 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll 2014-05-14 22:37 - 2014-05-09 08:14 - 00477184 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll 2014-05-14 22:37 - 2014-05-09 08:11 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll 2014-05-14 22:37 - 2014-04-12 04:22 - 00155072 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys 2014-05-14 22:37 - 2014-04-12 04:22 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys 2014-05-14 22:37 - 2014-04-12 04:19 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll 2014-05-14 22:37 - 2014-04-12 04:19 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll 2014-05-14 22:37 - 2014-04-12 04:19 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe 2014-05-14 22:37 - 2014-04-12 04:19 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll 2014-05-14 22:37 - 2014-04-12 04:19 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll 2014-05-14 22:37 - 2014-04-12 04:12 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll 2014-05-14 22:37 - 2014-04-12 04:10 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll 2014-05-14 22:37 - 2014-03-25 04:43 - 14175744 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll 2014-05-14 22:37 - 2014-03-25 04:09 - 12874240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll 2014-05-14 22:37 - 2014-03-04 11:47 - 05550016 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe 2014-05-14 22:37 - 2014-03-04 11:44 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll 2014-05-14 22:37 - 2014-03-04 11:44 - 00722944 _____ (Microsoft Corporation) C:\Windows\system32\objsel.dll 2014-05-14 22:37 - 2014-03-04 11:44 - 00424960 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll 2014-05-14 22:37 - 2014-03-04 11:44 - 00340992 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll 2014-05-14 22:37 - 2014-03-04 11:44 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll 2014-05-14 22:37 - 2014-03-04 11:44 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll 2014-05-14 22:37 - 2014-03-04 11:44 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll 2014-05-14 22:37 - 2014-03-04 11:44 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\wincredprovider.dll 2014-05-14 22:37 - 2014-03-04 11:43 - 00455168 _____ (Microsoft Corporation) C:\Windows\system32\winlogon.exe 2014-05-14 22:37 - 2014-03-04 11:43 - 00057344 _____ (Microsoft Corporation) C:\Windows\system32\cngprovider.dll 2014-05-14 22:37 - 2014-03-04 11:43 - 00056832 _____ (Microsoft Corporation) C:\Windows\system32\adprovider.dll 2014-05-14 22:37 - 2014-03-04 11:43 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\capiprovider.dll 2014-05-14 22:37 - 2014-03-04 11:43 - 00052736 _____ (Microsoft Corporation) C:\Windows\system32\dpapiprovider.dll 2014-05-14 22:37 - 2014-03-04 11:43 - 00044544 _____ (Microsoft Corporation) C:\Windows\system32\dimsroam.dll 2014-05-14 22:37 - 2014-03-04 11:43 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll 2014-05-14 22:37 - 2014-03-04 11:20 - 03969984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe 2014-05-14 22:37 - 2014-03-04 11:20 - 03914176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe 2014-05-14 22:37 - 2014-03-04 11:17 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll 2014-05-14 22:37 - 2014-03-04 11:17 - 00538112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\objsel.dll 2014-05-14 22:37 - 2014-03-04 11:17 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll 2014-05-14 22:37 - 2014-03-04 11:17 - 00247808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll 2014-05-14 22:37 - 2014-03-04 11:17 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll 2014-05-14 22:37 - 2014-03-04 11:17 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll 2014-05-14 22:37 - 2014-03-04 11:17 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cngprovider.dll 2014-05-14 22:37 - 2014-03-04 11:17 - 00049664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adprovider.dll 2014-05-14 22:37 - 2014-03-04 11:17 - 00048128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\capiprovider.dll 2014-05-14 22:37 - 2014-03-04 11:17 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dpapiprovider.dll 2014-05-14 22:37 - 2014-03-04 11:17 - 00036864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dimsroam.dll 2014-05-14 22:37 - 2014-03-04 11:17 - 00035328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wincredprovider.dll 2014-05-14 22:37 - 2014-03-04 11:17 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll 2014-05-14 22:37 - 2014-03-04 11:16 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll 2014-05-13 22:07 - 2014-06-05 13:15 - 00000000 ____D () C:\Users\Nina\AppData\Roaming\tor 2014-05-13 22:07 - 2014-06-05 12:15 - 00000000 ____D () C:\Users\Nina\AppData\Roaming\Vaowav 2014-05-13 22:07 - 2014-05-14 08:28 - 00000000 ____D () C:\Users\Nina\AppData\Roaming\Xaok 2014-05-10 17:39 - 2014-06-05 12:13 - 00000000 ____D () C:\Users\Nina\AppData\Local\IQsoft 2014-05-10 15:46 - 2014-05-10 15:46 - 04105416 _____ (Gameforge 4D GmbH ) C:\Users\Einhorn-Pegasus\Downloads\Wizard101_Installer_DE(6).exe 2014-05-10 11:44 - 2014-05-10 11:44 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox 2014-05-10 11:32 - 2014-05-10 11:32 - 04105416 _____ (Gameforge 4D GmbH ) C:\Users\Einhorn-Pegasus\Downloads\Wizard101_Installer_DE(5).exe 2014-05-10 11:31 - 2014-05-10 11:31 - 04105416 _____ (Gameforge 4D GmbH ) C:\Users\Einhorn-Pegasus\Downloads\Wizard101_Installer_DE(4).exe 2014-05-10 11:25 - 2014-05-10 11:25 - 04105416 _____ (Gameforge 4D GmbH ) C:\Users\Einhorn-Pegasus\Downloads\Wizard101_Installer_DE(3).exe 2014-05-10 11:23 - 2014-05-10 11:23 - 04105416 _____ (Gameforge 4D GmbH ) C:\Users\Einhorn-Pegasus\Downloads\Wizard101_Installer_DE(2).exe ==================== One Month Modified Files and Folders ======= 2014-06-06 10:09 - 2014-06-05 21:24 - 00019111 _____ () C:\Users\Nina\Downloads\FRST.txt 2014-06-06 10:09 - 2014-02-16 13:08 - 00000000 ____D () C:\Users\Nina\AppData\Local\Temp 2014-06-06 10:08 - 2014-06-06 10:08 - 00000000 ____D () C:\FRST 2014-06-06 09:32 - 2014-02-16 13:42 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job 2014-06-06 09:21 - 2014-02-16 14:23 - 00000000 ____D () C:\Users\Nina\AppData\Roaming\vlc 2014-06-06 09:17 - 2014-03-27 17:54 - 00001106 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2014-06-06 08:17 - 2014-03-27 17:54 - 00001102 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2014-06-06 07:07 - 2014-06-05 20:12 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2014-06-06 06:59 - 2009-07-14 06:45 - 00016944 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2014-06-06 06:59 - 2009-07-14 06:45 - 00016944 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2014-06-06 06:55 - 2014-02-16 13:07 - 01633453 _____ () C:\Windows\WindowsUpdate.log 2014-06-06 06:51 - 2014-02-16 13:56 - 00000000 ____D () C:\ProgramData\NVIDIA 2014-06-06 06:51 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2014-06-06 06:51 - 2009-07-14 06:51 - 00061013 _____ () C:\Windows\setupact.log 2014-06-05 23:22 - 2014-06-05 23:22 - 00369811 _____ () C:\Users\Nina\Desktop\photo.php 2014-06-05 23:01 - 2014-06-05 13:07 - 00000000 ____D () C:\Program Files (x86)\IObit 2014-06-05 23:01 - 2014-02-16 13:19 - 00294732 _____ () C:\Windows\PFRO.log 2014-06-05 22:57 - 2014-06-05 22:57 - 00000000 ____D () C:\Windows\Tasks\ImCleanDisabled 2014-06-05 22:45 - 2014-02-16 14:27 - 00000000 ____D () C:\Users\Nina\AppData\Roaming\UseNeXT 2014-06-05 22:44 - 2014-02-21 17:56 - 00000000 ____D () C:\Users\Nina\AppData\Local\QuickPar 2014-06-05 22:29 - 2014-06-05 22:29 - 01016261 _____ (Thisisu) C:\Users\Nina\Downloads\JRT.exe 2014-06-05 22:29 - 2014-06-05 22:29 - 00000000 ____D () C:\Windows\ERUNT 2014-06-05 21:49 - 2014-06-05 21:49 - 00023369 _____ () C:\ComboFix.txt 2014-06-05 21:49 - 2014-06-05 21:49 - 00000000 ____D () C:\Users\Public\AppData\Local\temp 2014-06-05 21:49 - 2014-06-05 21:49 - 00000000 ____D () C:\Users\Gast\AppData\Local\temp 2014-06-05 21:49 - 2014-06-05 21:49 - 00000000 ____D () C:\Users\Einhorn-Pegasus\AppData\Local\temp 2014-06-05 21:49 - 2014-06-05 21:49 - 00000000 ____D () C:\Users\Default\AppData\Local\temp 2014-06-05 21:49 - 2014-06-05 21:49 - 00000000 ____D () C:\Users\Default User\AppData\Local\temp 2014-06-05 21:49 - 2014-06-05 21:49 - 00000000 ____D () C:\Users\Administrator\AppData\Local\temp 2014-06-05 21:49 - 2014-06-05 21:43 - 00000000 ____D () C:\Windows\erdnt 2014-06-05 21:49 - 2014-06-05 21:43 - 00000000 ____D () C:\Qoobox 2014-06-05 21:49 - 2009-07-14 05:20 - 00000000 __RHD () C:\Users\Default 2014-06-05 21:48 - 2009-07-14 04:34 - 00000215 _____ () C:\Windows\system.ini 2014-06-05 21:43 - 2014-06-05 21:43 - 05205146 ____R (Swearware) C:\Users\Nina\Downloads\ComboFix.exe 2014-06-05 21:25 - 2014-06-05 21:25 - 00029164 _____ () C:\Users\Nina\Downloads\Addition.txt 2014-06-05 21:15 - 2014-06-05 21:15 - 02068992 _____ (Farbar) C:\Users\Nina\Downloads\FRST64.exe 2014-06-05 21:15 - 2014-06-05 21:14 - 01059840 _____ (Farbar) C:\Users\Nina\Downloads\FRST.exe 2014-06-05 20:39 - 2014-06-05 20:39 - 01333465 _____ () C:\Users\Nina\Downloads\adwcleaner_3.212.exe 2014-06-05 20:24 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\tracing 2014-06-05 20:23 - 2005-06-13 21:06 - 00000000 _RSHD () C:\Users\Nina\AppData\Roaming\Windows Firewall 2014-06-05 20:12 - 2014-06-05 20:12 - 00001106 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk 2014-06-05 20:12 - 2014-06-05 20:12 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 2014-06-05 20:12 - 2014-06-05 20:12 - 00000000 ____D () C:\ProgramData\Malwarebytes 2014-06-05 20:12 - 2014-06-05 20:12 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 2014-06-05 20:11 - 2014-06-05 20:11 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Nina\Downloads\mbam-setup-2.0.2.1012.exe 2014-06-05 18:17 - 2014-02-16 20:05 - 00000000 ____D () C:\ProgramData\Origin 2014-06-05 18:16 - 2014-02-16 20:05 - 00000000 ____D () C:\Program Files (x86)\Origin 2014-06-05 18:07 - 2014-06-05 18:07 - 00828216 _____ () C:\Users\Nina\Downloads\Setup.exe 2014-06-05 17:52 - 2014-06-05 17:52 - 05249448 _____ (ParetoLogic Inc.) C:\Users\Nina\Downloads\ParetoLogic PC Health Advisor_de.exe 2014-06-05 17:45 - 2014-06-05 17:45 - 00264616 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe 2014-06-05 17:45 - 2014-06-05 17:45 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe 2014-06-05 17:45 - 2014-06-05 17:45 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe 2014-06-05 17:45 - 2014-06-05 17:45 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll 2014-06-05 17:45 - 2014-06-05 17:45 - 00000000 ____D () C:\ProgramData\Sun 2014-06-05 17:45 - 2014-06-05 17:45 - 00000000 ____D () C:\ProgramData\Oracle 2014-06-05 17:45 - 2014-06-05 17:45 - 00000000 ____D () C:\Program Files (x86)\Java 2014-06-05 17:43 - 2014-06-05 17:43 - 29405096 _____ (Oracle Corporation) C:\Users\Nina\Downloads\jre-7u60-windows-i586.exe 2014-06-05 17:35 - 2014-06-05 17:35 - 00700783 ____R (Swearware) C:\Users\Nina\Downloads\dds+.exe 2014-06-05 17:28 - 2009-07-14 07:32 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games 2014-06-05 17:26 - 2014-02-16 13:22 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information 2014-06-05 16:27 - 2014-06-05 16:27 - 00000000 __RHD () C:\Users\Nina\AppData\Roaming\SecuROM 2014-06-05 16:14 - 2014-02-16 16:45 - 00000000 ____D () C:\Users\Nina\Documents\Electronic Arts 2014-06-05 14:08 - 2014-06-05 14:08 - 00002300 _____ () C:\Users\Public\Desktop\Die*Sims™*3.lnk 2014-06-05 14:06 - 2014-02-16 21:02 - 00447752 _____ (On2.com) C:\Windows\SysWOW64\vp6vfw.dll 2014-06-05 13:32 - 2014-06-05 13:32 - 00001001 _____ () C:\Users\Nina\Desktop\Origin.lnk 2014-06-05 13:16 - 2014-03-05 19:39 - 00000000 ____D () C:\Program Files (x86)\Electronic Arts 2014-06-05 13:16 - 2014-02-16 20:11 - 00000000 ____D () C:\Program Files (x86)\Origin Games 2014-06-05 13:15 - 2014-05-13 22:07 - 00000000 ____D () C:\Users\Nina\AppData\Roaming\tor 2014-06-05 13:14 - 2014-06-05 09:27 - 00000000 ____D () C:\Users\Nina\Documents\Ein Mann hat 7 Tage lang den Himmel auf Teneriffa gefilmt. Was er sah, nimmt mir den Atem-Dateien 2014-06-05 13:14 - 2014-02-16 21:23 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Electronic Arts 2014-06-05 13:12 - 2014-06-05 13:12 - 00002852 _____ () C:\Windows\System32\Tasks\Driver Booster SkipUAC (Nina) 2014-06-05 13:10 - 2014-06-05 13:10 - 00002892 _____ () C:\Windows\System32\Tasks\Uninstaller_SkipUac_Administrator 2014-06-05 13:10 - 2014-06-05 13:10 - 00001156 _____ () C:\Users\Public\Desktop\IObit Uninstaller.lnk 2014-06-05 13:10 - 2014-06-05 13:10 - 00000000 ____D () C:\Users\Nina\AppData\Roaming\ProductData 2014-06-05 13:10 - 2014-06-05 13:10 - 00000000 ____D () C:\Users\Nina\AppData\Roaming\Apple Computer 2014-06-05 13:10 - 2014-06-05 13:10 - 00000000 ____D () C:\ProgramData\ProductData 2014-06-05 13:10 - 2014-06-05 13:10 - 00000000 ____D () C:\ProgramData\{3C5CBD7B-3D1D-411E-96C2-513FFCA84D2D} 2014-06-05 13:10 - 2014-06-05 13:08 - 00000000 ____D () C:\ProgramData\IObit 2014-06-05 13:10 - 2014-06-05 13:07 - 00000000 ____D () C:\Users\Nina\AppData\Roaming\IObit 2014-06-05 13:09 - 2014-06-05 13:09 - 00002860 _____ () C:\Windows\System32\Tasks\Driver Booster SkipUAC (SYSTEM) 2014-06-05 13:07 - 2014-06-05 13:07 - 26248320 _____ (IObit ) C:\Users\Nina\Downloads\imf-setup-2.4.1.15.exe 2014-06-05 12:38 - 2014-06-05 12:38 - 00000000 ____D () C:\Users\Nina\Documents\Symantec 2014-06-05 12:15 - 2014-05-13 22:07 - 00000000 ____D () C:\Users\Nina\AppData\Roaming\Vaowav 2014-06-05 12:13 - 2014-05-10 17:39 - 00000000 ____D () C:\Users\Nina\AppData\Local\IQsoft 2014-06-05 11:19 - 2014-06-05 11:19 - 02347384 _____ (ESET) C:\Users\Nina\Downloads\esetsmartinstaller_deu.exe 2014-06-05 11:13 - 2014-06-01 15:34 - 00000000 ____D () C:\ProgramData\9d268cc6c5d3588d 2014-06-05 09:43 - 2014-06-05 09:43 - 00001348 __RSH () C:\Users\Einhorn-Pegasus\ntuser.pol 2014-06-05 09:43 - 2014-06-05 09:43 - 00000680 __RSH () C:\Users\Nina\ntuser.pol 2014-06-05 09:43 - 2014-03-30 17:15 - 00000000 ____D () C:\Users\Einhorn-Pegasus 2014-06-05 09:43 - 2014-02-16 13:08 - 00000000 ____D () C:\Users\Nina 2014-06-05 09:43 - 2009-07-14 05:20 - 00000000 ___HD () C:\Windows\system32\GroupPolicy 2014-06-05 09:40 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\system32\NDF 2014-06-05 09:01 - 2014-02-16 14:27 - 00000000 ____D () C:\Users\Nina\Documents\UseNeXT 2014-06-04 12:58 - 2014-06-04 12:58 - 00003288 _____ () C:\Windows\System32\Tasks\{B6543D33-4196-4FF7-885A-7881AF67AB88} 2014-06-04 12:57 - 2014-03-08 19:58 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Zylom 2014-06-04 12:50 - 2014-06-04 12:50 - 00001861 _____ () C:\Users\Nina\Desktop\UseNeXT by Tangysoft.lnk 2014-06-04 12:50 - 2014-02-16 14:27 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\UseNeXT 2014-06-04 12:50 - 2014-02-16 14:27 - 00000000 ____D () C:\Program Files (x86)\UseNeXT 2014-06-04 12:45 - 2009-07-14 05:20 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories 2014-06-04 11:26 - 2014-03-01 11:29 - 00000000 ____D () C:\Users\Nina\AppData\Local\CrashDumps 2014-06-01 15:58 - 2014-03-23 12:20 - 00000000 ____D () C:\ProgramData\TEMP 2014-06-01 15:34 - 2014-06-01 15:34 - 00000000 ____D () C:\Users\Nina\AppData\Local\Packages 2014-06-01 15:34 - 2014-06-01 15:34 - 00000000 ____D () C:\Users\Nina\AppData\Local\Comodo 2014-06-01 15:34 - 2014-06-01 15:34 - 00000000 ____D () C:\Users\Gast\AppData\Local\Google 2014-06-01 15:34 - 2014-06-01 15:34 - 00000000 ____D () C:\Users\Gast\AppData\Local\Comodo 2014-06-01 15:34 - 2014-06-01 15:34 - 00000000 ____D () C:\Users\Gast 2014-06-01 15:34 - 2014-06-01 15:34 - 00000000 ____D () C:\Users\Einhorn-Pegasus\AppData\Local\Comodo 2014-06-01 15:34 - 2014-06-01 15:34 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Google 2014-06-01 15:34 - 2014-06-01 15:34 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Comodo 2014-06-01 15:34 - 2014-06-01 15:34 - 00000000 ____D () C:\Users\Administrator 2014-06-01 15:34 - 2014-06-01 15:34 - 00000000 ____D () C:\ProgramData\TopApp soft 2014-06-01 15:34 - 2014-06-01 15:33 - 00000000 ____D () C:\ProgramData\InstallMate 2014-06-01 15:34 - 2014-04-21 19:21 - 00000000 ____D () C:\Users\Einhorn-Pegasus\AppData\Local\Google 2014-06-01 15:34 - 2014-02-16 13:17 - 00000000 ____D () C:\Users\Nina\AppData\Local\Google 2014-06-01 15:32 - 2014-03-12 18:11 - 00000000 ____D () C:\Users\Nina\AppData\Roaming\.minecraft 2014-05-29 13:12 - 2014-04-15 11:15 - 00000000 ____D () C:\Users\Einhorn-Pegasus\AppData\Local\SecondLife 2014-05-29 01:12 - 2009-07-14 19:58 - 00699416 _____ () C:\Windows\system32\perfh007.dat 2014-05-29 01:12 - 2009-07-14 19:58 - 00149556 _____ () C:\Windows\system32\perfc007.dat 2014-05-29 01:12 - 2009-07-14 07:13 - 01620612 _____ () C:\Windows\system32\PerfStringBackup.INI 2014-05-25 17:54 - 2014-05-25 17:53 - 00000000 ____D () C:\Users\Einhorn-Pegasus\AppData\Local\NVIDIA Corporation 2014-05-25 17:45 - 2014-05-25 17:44 - 00000000 ____D () C:\Users\Nina\AppData\Local\NVIDIA Corporation 2014-05-25 17:45 - 2014-02-16 13:56 - 00000000 ____D () C:\Program Files (x86)\NVIDIA Corporation 2014-05-25 17:45 - 2014-02-16 13:55 - 00000000 ____D () C:\ProgramData\NVIDIA Corporation 2014-05-25 17:45 - 2014-02-16 13:53 - 00000000 ____D () C:\Program Files\NVIDIA Corporation 2014-05-25 17:41 - 2014-05-25 17:41 - 00000000 ____D () C:\Users\Nina\AppData\Roaming\Microsoft Games 2014-05-25 17:41 - 2014-05-25 17:41 - 00000000 ____D () C:\ProgramData\Microsoft Games 2014-05-23 21:34 - 2014-05-23 21:34 - 00001070 _____ () C:\Users\Nina\Documents\VLC media player.lnk 2014-05-23 16:25 - 2014-03-27 17:54 - 00002175 _____ () C:\Users\Public\Desktop\Google Chrome.lnk 2014-05-21 12:49 - 2014-02-19 16:22 - 00000000 ____D () C:\Users\Nina\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games 2014-05-18 14:05 - 2014-02-23 18:21 - 00000000 ____D () C:\ProgramData\Wizard101(DE) 2014-05-16 18:31 - 2014-05-16 18:31 - 00000000 ____D () C:\ProgramData\PopCap Games 2014-05-16 18:31 - 2014-02-16 20:05 - 00000000 ____D () C:\Users\Nina\AppData\Local\Origin 2014-05-16 18:31 - 2014-02-16 20:05 - 00000000 ____D () C:\ProgramData\Electronic Arts 2014-05-16 18:30 - 2014-05-16 18:30 - 00001279 _____ () C:\Users\Public\Desktop\Pflanzen gegen Zombies.lnk 2014-05-16 18:30 - 2014-05-16 18:30 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Pflanzen gegen Zombies 2014-05-16 18:30 - 2014-02-16 14:11 - 00193468 _____ () C:\Windows\DirectX.log 2014-05-16 18:27 - 2014-02-16 13:46 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk 2014-05-15 21:23 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\rescache 2014-05-15 19:00 - 2014-03-30 17:16 - 00000000 ___RD () C:\Users\Einhorn-Pegasus\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup 2014-05-15 19:00 - 2014-03-30 17:16 - 00000000 ___RD () C:\Users\Einhorn-Pegasus\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools 2014-05-15 17:52 - 2014-02-16 13:08 - 00000000 ___RD () C:\Users\Nina\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup 2014-05-15 17:52 - 2014-02-16 13:08 - 00000000 ___RD () C:\Users\Nina\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools 2014-05-15 17:50 - 2014-05-06 22:07 - 00000000 ___SD () C:\Windows\system32\CompatTel 2014-05-15 17:50 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\PolicyDefinitions 2014-05-14 20:32 - 2014-02-16 13:42 - 00692400 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2014-05-14 20:32 - 2014-02-16 13:42 - 00070832 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2014-05-14 20:32 - 2014-02-16 13:42 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater 2014-05-14 08:28 - 2014-05-13 22:07 - 00000000 ____D () C:\Users\Nina\AppData\Roaming\Xaok 2014-05-12 07:26 - 2014-06-05 20:12 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys 2014-05-12 07:26 - 2014-06-05 20:12 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys 2014-05-12 07:25 - 2014-06-05 20:12 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys 2014-05-11 09:19 - 2014-02-16 16:35 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service 2014-05-10 18:25 - 2014-04-15 11:59 - 00000000 ____D () C:\Users\Einhorn-Pegasus\AppData\Roaming\vlc 2014-05-10 15:46 - 2014-05-10 15:46 - 04105416 _____ (Gameforge 4D GmbH ) C:\Users\Einhorn-Pegasus\Downloads\Wizard101_Installer_DE(6).exe 2014-05-10 11:44 - 2014-05-10 11:44 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox 2014-05-10 11:32 - 2014-05-10 11:32 - 04105416 _____ (Gameforge 4D GmbH ) C:\Users\Einhorn-Pegasus\Downloads\Wizard101_Installer_DE(5).exe 2014-05-10 11:31 - 2014-05-10 11:31 - 04105416 _____ (Gameforge 4D GmbH ) C:\Users\Einhorn-Pegasus\Downloads\Wizard101_Installer_DE(4).exe 2014-05-10 11:25 - 2014-05-10 11:25 - 04105416 _____ (Gameforge 4D GmbH ) C:\Users\Einhorn-Pegasus\Downloads\Wizard101_Installer_DE(3).exe 2014-05-10 11:23 - 2014-05-10 11:23 - 04105416 _____ (Gameforge 4D GmbH ) C:\Users\Einhorn-Pegasus\Downloads\Wizard101_Installer_DE(2).exe 2014-05-09 08:14 - 2014-05-14 22:37 - 00477184 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll 2014-05-09 08:11 - 2014-05-14 22:37 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll 2014-05-08 15:19 - 2014-03-30 18:35 - 00000000 ____D () C:\Users\Einhorn-Pegasus\Documents\Electronic Arts 2014-05-08 08:12 - 2014-03-27 17:54 - 00004102 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA 2014-05-08 08:12 - 2014-03-27 17:54 - 00003850 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore Some content of TEMP: ==================== C:\Users\Nina\AppData\Local\Temp\Quarantine.exe ==================== Bamital & volsnap Check ================= C:\Windows\System32\winlogon.exe => MD5 is legit C:\Windows\System32\wininit.exe => MD5 is legit C:\Windows\SysWOW64\wininit.exe => MD5 is legit C:\Windows\explorer.exe => MD5 is legit C:\Windows\SysWOW64\explorer.exe => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\SysWOW64\svchost.exe => MD5 is legit C:\Windows\System32\services.exe => MD5 is legit C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\SysWOW64\User32.dll => MD5 is legit C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\SysWOW64\userinit.exe => MD5 is legit C:\Windows\System32\rpcss.dll => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit LastRegBack: 2014-05-29 00:19 ==================== End Of Log ============================ Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x64) Version: 02-06-2014 Ran by Nina at 2014-06-06 10:09:08 Running from C:\Users\Nina\Downloads Boot Mode: Normal ========================================================== ==================== Security Center ======================== AV: Norton Internet Security (Enabled - Up to date) {63DF5164-9100-186D-2187-8DC619EFD8BF} AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: Norton Internet Security (Enabled - Up to date) {D8BEB080-B73A-17E3-1B37-B6B462689202} FW: Norton Internet Security (Enabled) {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4} ==================== Installed Programs ====================== Activision(R) (x32 Version: 1.00.0000 - Activision) Hidden Adobe Flash Player 13 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 13.0.0.214 - Adobe Systems Incorporated) Adobe Flash Player 13 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 13.0.0.214 - Adobe Systems Incorporated) Adobe Reader XI (11.0.07) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.07 - Adobe Systems Incorporated) Adobe Shockwave Player 12.1 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.1.0.150 - Adobe Systems, Inc.) Alamandi (HKLM-x32\...\Alamandi) (Version: 1.0.0.0 - INTENIUM GmbH) Alice im Wunderland (HKLM-x32\...\{C6D7ABF3-3BE5-4A75-9638-7A770CB57B38}) (Version: 1.00.0000 - PurpleHills) ASUS Product Register Program (HKLM-x32\...\{49BE9B8A-E858-4533-A74A-64306C13DB59}) (Version: 1.0.014 - ASUS) BEWERBUNGSMASTER (C:\Program Files (x86)\BEWERBUNGSMASTER\) (HKLM-x32\...\ST6UNST #2) (Version: - ) BEWERBUNGSMASTER (HKLM-x32\...\ST6UNST #1) (Version: - ) Club Cooee (HKCU\...\ClubCooee) (Version: 1.6.15.0 - cooee GmbH) DAEMON Tools Lite (HKLM-x32\...\DAEMON Tools Lite) (Version: 4.48.1.0347 - Disc Soft Ltd) Deutschland Spielt - Spiele Post (HKLM-x32\...\Deutschland Spielt - Spiele Post) (Version: 1.0.4.38 - INTENIUM GmbH) DEUTSCHLAND SPIELT GAME CENTER (HKLM-x32\...\DSGPlayer) (Version: 2.2.1.51 - INTENIUM GmbH) Die Sims™ 3 (HKLM-x32\...\{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}) (Version: 1.67.2 - Electronic Arts) Die Sims™ 3 70er, 80er & 90er Accessoires (HKLM-x32\...\{E1868CAE-E3B9-4099-8C18-AA8944D336FD}) (Version: 17.0.77 - Electronic Arts) Die Sims™ 3 Einfach tierisch (HKLM-x32\...\{C12631C6-804D-4B32-B0DD-8A496462F106}) (Version: 10.0.96 - Electronic Arts) Die Sims™ 3 Into the Future (HKLM-x32\...\{A0BBD6C7-B546-4048-B33A-F21F5C9F5B09}) (Version: 21.0.150 - Electronic Arts) Die Sims™ 3 Jahreszeiten (HKLM-x32\...\{3DE92282-CB49-434F-81BF-94E5B380E889}) (Version: 16.0.136 - Electronic Arts) Die Sims™ 3 Katy Perry Süße Welt (HKLM-x32\...\{9B2506E3-9A3F-45B5-96BF-509CAD584650}) (Version: 13.0.62 - Electronic Arts) Die Sims™ 3 Late Night (HKLM-x32\...\{45057FCE-5784-48BE-8176-D9D00AF56C3C}) (Version: 6.0.81 - Electronic Arts) Die Sims™ 3 Lebensfreude (HKLM-x32\...\{E6B88BD6-E4B2-4701-A648-B6DAC6E491CC}) (Version: 8.0.152 - Electronic Arts) Die Sims™ 3 Reiseabenteuer (HKLM-x32\...\{BA26FFA5-6D47-47DB-BE56-34C357B5F8CC}) (Version: 2.0.86 - Electronic Arts) Die Sims™ 3 Showtime (HKLM-x32\...\{3BBFD444-5FAB-49F6-98B1-A1954E831399}) (Version: 12.0.273 - Electronic Arts) Die Sims™ 3 Supernatural (HKLM-x32\...\{B37DAFA5-717D-41F8-BDFB-3A4B68C0B3A1}) (Version: 15.0.135 - Electronic Arts) Die Sims™ 3 Traumkarrieren (HKLM-x32\...\{910F4A29-1134-49E0-AD8B-56E4A3152BD1}) (Version: 4.0.87 - Electronic Arts) Die Sims™ 3 Wildes Studentenleben (HKLM-x32\...\{F26DE8EF-F2CF-40DC-8CDA-CC0D82D11B36}) (Version: 18.0.126 - Electronic Arts) Disney Prinzessin - Mein märchenhaftes Abenteuer (HKLM-x32\...\{34647679-5D7E-455C-9DC6-618FA3B7FE1A}) (Version: 1.00.0000 - Disney Interactive Studios) Disney Rapunzel (HKLM-x32\...\{AEAEA61F-ECE0-4528-AD7A-8A916F5F576E}) (Version: 1.00.0000 - Disney Interactive Studios) Dragon Keeper 2 (HKLM-x32\...\Dragon Keeper 2) (Version: 1.0.0.0 - INTENIUM GmbH) Ein Yankee unter Rittern (HKLM-x32\...\Ein Yankee unter Rittern) (Version: 1.0.0.0 - INTENIUM GmbH) FormatFactory 3.3.1.0 (HKLM-x32\...\FormatFactory) (Version: 3.3.1.0 - Format Factory) Free YouTube to MP3 Converter version 3.12.29.304 (HKLM-x32\...\Free YouTube to MP3 Converter_is1) (Version: 3.12.29.304 - DVDVideoSoft Ltd.) Google Chrome (HKLM-x32\...\Google Chrome) (Version: 35.0.1916.114 - Google Inc.) Google Update Helper (x32 Version: 1.3.24.7 - Google Inc.) Hidden Hidden Object Crosswords (HKLM-x32\...\Hidden Object Crosswords) (Version: 1.0.0.0 - INTENIUM GmbH) Infestation: Survivor Stories (HKLM-x32\...\Steam App 226700) (Version: - Hammerpoint Interactive) Intel(R) Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation) Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.0.2.1410 - Intel Corporation) Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 11.1.0.1006 - Intel Corporation) Intel(R) USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 1.0.4.225 - Intel Corporation) Intel® Trusted Connect Service Client (HKLM\...\{09536BA1-E498-4CC3-B834-D884A67D7E34}) (Version: 1.23.605.1 - Intel Corporation) IObit Uninstaller (HKLM-x32\...\IObitUninstall) (Version: 3.2.10.2466 - IObit) Java 7 Update 51 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86417051FF}) (Version: 7.0.510 - Oracle) Java 7 Update 60 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F03217060FF}) (Version: 7.0.600 - Oracle) Java Auto Updater (x32 Version: 2.1.60.19 - Oracle, Inc.) Hidden Jewel Legends – Tree of Life (HKLM-x32\...\Jewel Legends – Tree of Life) (Version: 1.0.0.0 - INTENIUM GmbH) Kao - 2nd round (HKLM-x32\...\Kao - 2nd round) (Version: 1.0 - ) Madagascar 2(TM) (HKLM-x32\...\InstallShield_{F8C02517-4AC3-4026-8292-ACF23E98A7D7}) (Version: 1.00.0000 - Activision) Malwarebytes Anti-Malware Version 2.0.2.1012 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation) Microsoft .NET Framework 4.5.1 (DEU) (Version: 4.5.50938 - Microsoft Corporation) Hidden Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation) Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation) Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{A49F249F-0C91-497F-86DF-B2585E8E76B7}) (Version: 8.0.50727.42 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 (HKLM-x32\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation) Mozilla Firefox 29.0.1 (x86 de) (HKLM-x32\...\Mozilla Firefox 29.0.1 (x86 de)) (Version: 29.0.1 - Mozilla) Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0 - Mozilla) MySims™ (HKLM-x32\...\{68DC42FA-962C-4973-A306-D595D861FA1E}) (Version: 1.00.0000 - Electronic Arts) Norton Internet Security (HKLM-x32\...\NIS) (Version: 19.9.1.14 - Symantec Corporation) NVIDIA 3D Vision Controller-Treiber 332.21 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 332.21 - NVIDIA Corporation) NVIDIA 3D Vision Treiber 332.21 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 332.21 - NVIDIA Corporation) NVIDIA GeForce Experience 2.0.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.0.1 - NVIDIA Corporation) NVIDIA Grafiktreiber 332.21 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 332.21 - NVIDIA Corporation) NVIDIA HD-Audiotreiber 1.3.30.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.30.1 - NVIDIA Corporation) NVIDIA Install Application (Version: 2.1002.151.1095 - NVIDIA Corporation) Hidden NVIDIA LED Visualizer 1.0 (Version: 1.0 - NVIDIA Corporation) Hidden NVIDIA Network Service (Version: 1.0 - NVIDIA Corporation) Hidden NVIDIA PhysX (x32 Version: 9.13.0725 - NVIDIA Corporation) Hidden NVIDIA PhysX-Systemsoftware 9.13.0725 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.13.0725 - NVIDIA Corporation) NVIDIA ShadowPlay 12.4.67 (Version: 12.4.67 - NVIDIA Corporation) Hidden NVIDIA Stereoscopic 3D Driver (x32 Version: 7.17.13.3221 - NVIDIA Corporation) Hidden NVIDIA Systemsteuerung 332.21 (Version: 332.21 - NVIDIA Corporation) Hidden NVIDIA Update 12.4.67 (Version: 12.4.67 - NVIDIA Corporation) Hidden NVIDIA Update Core (Version: 12.4.67 - NVIDIA Corporation) Hidden NVIDIA Virtual Audio 1.2.23 (Version: 1.2.23 - NVIDIA Corporation) Hidden Origin (HKLM-x32\...\Origin) (Version: 9.4.5.195 - Electronic Arts, Inc.) Pflanzen gegen Zombies™ (HKLM-x32\...\{5E6536C2-E79A-49CF-83EA-817AD81F9FC8}) (Version: 1.2.0.1093 - Electronic Arts, Inc.) Pharao (HKLM-x32\...\Pharao) (Version: - ) Ponywelt 2 (HKLM-x32\...\Ponywelt 2) (Version: - ) PunkBuster Services (HKLM-x32\...\PunkBusterSvc) (Version: 0.993 - Even Balance, Inc.) QuickPar 0.9 (HKLM-x32\...\QuickPar) (Version: 0.9 - Peter B. Clements) Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.52.203.2012 - Realtek) Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6570 - Realtek Semiconductor Corp.) SecondLifeViewer (remove only) (HKLM-x32\...\SecondLifeViewer) (Version: - ) SHIELD Streaming (Version: 2.1.108 - NVIDIA Corporation) Hidden swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden Unity Web Player (HKCU\...\UnityWebPlayer) (Version: - Unity Technologies ApS) UseNeXT by Tangysoft (HKLM-x32\...\UseNeXT by Tangysoft_is1) (Version: - Tangysoft Ltd.) VLC media player 2.1.3 (HKLM-x32\...\VLC media player) (Version: 2.1.3 - VideoLAN) WinRAR 5.01 (64-Bit) (HKLM\...\WinRAR archiver) (Version: 5.01.0 - win.rar GmbH) Wizard101(DE) (HKCU\...\Wizard101(DE)_is1) (Version: - Gameforge 4D GmbH) ==================== Restore Points ========================= 05-06-2014 15:04:05 Installiert TheSims3EP7 05-06-2014 15:09:15 Installiert The Sims 3 World Adventures 05-06-2014 15:12:56 Installiert TheSims3EP9 05-06-2014 15:21:44 Installiert TheSims3SP8 05-06-2014 15:23:33 Installiert TheSims3SP6 05-06-2014 15:26:29 Installiert The Sims 3 Ambitions 05-06-2014 15:44:41 Installed Java 7 Update 60 ==================== Hosts content: ========================== 2009-07-14 04:34 - 2014-06-05 21:48 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts 127.0.0.1 localhost ==================== Scheduled Tasks (whitelisted) ============= Task: {34BB3A78-F9A1-4A89-8542-08DC0BF6F037} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-03-27] (Google Inc.) Task: {3D2E82C4-86F1-4F87-911C-2D9BB0E0288E} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-03-27] (Google Inc.) Task: {6DDE4660-0328-4077-9228-42D7753F8409} - System32\Tasks\Driver Booster SkipUAC (Nina) => C:\Program Files (x86)\IObit\Driver Booster\DriverBooster.exe Task: {7EF37D31-605A-490C-8443-51821A0D6040} - System32\Tasks\Norton Internet Security\Norton Error Processor => C:\Program Files (x86)\Norton Internet Security\Engine\19.9.1.14\SymErr.exe [2012-02-04] (Symantec Corporation) Task: {8926940A-CCFC-494E-B0A2-988094BFC9E1} - System32\Tasks\Norton WSC Integration => C:\Program Files (x86)\Norton Internet Security\Engine\19.9.1.14\WSCStub.exe [2013-02-02] (Symantec Corporation) Task: {C04C8B46-4154-440A-A725-0707C77FFB4C} - System32\Tasks\Norton Internet Security\Norton Error Analyzer => C:\Program Files (x86)\Norton Internet Security\Engine\19.9.1.14\SymErr.exe [2012-02-04] (Symantec Corporation) Task: {C0B3ED5C-33BA-4CA7-BC33-D53F8AA37FED} - System32\Tasks\Driver Booster SkipUAC (SYSTEM) => C:\Program Files (x86)\IObit\Driver Booster\DriverBooster.exe Task: {C4041084-D91C-4253-ABCB-FAFB73252337} - System32\Tasks\Uninstaller_SkipUac_Administrator => C:\Program Files (x86)\IObit\IObit Uninstaller\IObitUninstaler.exe [2014-05-06] (IObit) Task: {C51D95D0-C36C-4609-9497-56BB1AE146E5} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-05-14] (Adobe Systems Incorporated) Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe ==================== Loaded Modules (whitelisted) ============= 2014-02-16 13:55 - 2013-12-19 20:53 - 00117536 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll 2014-02-16 22:43 - 2014-02-16 22:43 - 00076888 _____ () C:\Windows\SysWOW64\PnkBstrA.exe 2014-02-19 12:02 - 2014-02-19 12:02 - 00172032 _____ () C:\Windows\assembly\NativeImages_v2.0.50727_32\IsdiInterop\00a0b4a9df6e4abf30ae2af3624a77ce\IsdiInterop.ni.dll 2014-02-16 13:26 - 2012-02-01 17:25 - 00059904 _____ () C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IsdiInterop.dll 2014-02-16 13:24 - 2012-02-07 18:39 - 01198872 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\ACE.dll ==================== Alternate Data Streams (whitelisted) ========= AlternateDataStreams: C:\ProgramData\TEMP:373E1720 ==================== Safe Mode (whitelisted) =================== ==================== EXE Association (whitelisted) ============= ==================== Disabled items from MSCONFIG ============== ==================== Faulty Device Manager Devices ============= ==================== Event log errors: ========================= Application errors: ================== Error: (06/06/2014 10:08:35 AM) (Source: SideBySide) (EventID: 80) (User: ) Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3. Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion. In Konflikt stehende Komponenten:. Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest. Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest. Error: (06/06/2014 07:15:35 AM) (Source: SideBySide) (EventID: 80) (User: ) Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3. Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion. In Konflikt stehende Komponenten:. Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest. Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest. Error: (06/06/2014 07:15:29 AM) (Source: SideBySide) (EventID: 80) (User: ) Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3. Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion. In Konflikt stehende Komponenten:. Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest. Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest. System errors: ============= Error: (06/06/2014 08:52:52 AM) (Source: Disk) (EventID: 11) (User: ) Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk2\DR2 gefunden. Error: (06/05/2014 10:59:58 PM) (Source: Service Control Manager) (EventID: 7034) (User: ) Description: Dienst "Advanced SystemCare Service 7" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert. Microsoft Office Sessions: ========================= Error: (06/06/2014 10:08:35 AM) (Source: SideBySide) (EventID: 80) (User: ) Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Users\Nina\Downloads\esetsmartinstaller_deu.exe Error: (06/06/2014 07:15:35 AM) (Source: SideBySide) (EventID: 80) (User: ) Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestc:\Users\Nina\downloads\esetsmartinstaller_deu.exe Error: (06/06/2014 07:15:29 AM) (Source: SideBySide) (EventID: 80) (User: ) Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestc:\Users\Nina\downloads\esetsmartinstaller_deu.exe CodeIntegrity Errors: =================================== Date: 2014-06-05 21:48:28.381 Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume4\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert. Date: 2014-06-05 21:48:28.335 Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume4\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert. ==================== Memory info =========================== Percentage of memory in use: 16% Total physical RAM: 16326.67 MB Available physical RAM: 13710.63 MB Total Pagefile: 32651.52 MB Available Pagefile: 30194.21 MB Total Virtual: 8192 MB Available Virtual: 8191.82 MB ==================== Drives ================================ Drive c: () (Fixed) (Total:149.05 GB) (Free:32.9 GB) NTFS Drive d: () (Fixed) (Total:74.43 GB) (Free:72.82 GB) NTFS Drive e: () (Fixed) (Total:74.52 GB) (Free:51.42 GB) NTFS Drive f: (Sims3EP11) (CDROM) (Total:6.15 GB) (Free:0 GB) UDF Drive g: (Tangled) (CDROM) (Total:2.64 GB) (Free:0 GB) UDF Drive h: (Volume) (Fixed) (Total:931.51 GB) (Free:488.46 GB) NTFS ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or 8) (Size: 149 GB) (Disk ID: F1BFF7A1) Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS) Partition 2: (Not Active) - (Size=74 GB) - (Type=07 NTFS) Partition 3: (Not Active) - (Size=75 GB) - (Type=07 NTFS) ======================================================== Disk: 1 (Size: 149 GB) (Disk ID: 1CD81CD7) Partition 1: (Not Active) - (Size=149 GB) - (Type=07 NTFS) ======================================================== Disk: 2 (Size: 932 GB) (Disk ID: 66205247) No partition Table on disk 2. ==================== End Of Log ============================ |
06.06.2014, 10:51 | #12 |
/// Winkelfunktion /// TB-Süch-Tiger™ | Fehler beim Laden des Moduls RegSvr32 Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster. Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument Code:
ATTFilter GroupPolicyUsers\S-1-5-21-1228840033-2895351102-1459622301-1002\User: Group Policy restriction detected <======= ATTENTION SearchScopes: HKCU - URL http://search.conduit.com/Results.aspx?ctid=CT3323737&octid=EB_ORIGINAL_CTID&SearchSource=58&CUI=&UM=5&UP=SP244E6CBF-8349-4F3A-8DFC-52A4E5111EB7&q={searchTerms}&SSPV= SearchScopes: HKCU - SuggestionsURL_JSON http://suggest.search.conduit.com/CSuggestJson.ashx?prefix={searchTerms} Toolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File Toolbar: HKCU - No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File FF DefaultSearchEngine: WebSearch FF SelectedSearchEngine: WebSearch FF Keyword.URL: http://websearch.eazytosearch.info/?pid=724&r=2014/06/01&hid=13168029659258047577&lg=EN&cc=DE&l=1&q= C:\ProgramData\InstallMate C:\Users\Nina\Desktop\UseNeXT by Tangysoft.lnk C:\ProgramData\9d268cc6c5d3588d C:\Users\Nina\AppData\Roaming\tor C:\Users\Nina\AppData\Roaming\Vaowav C:\Users\Nina\AppData\Roaming\Xaok Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
__________________ Logfiles bitte immer in CODE-Tags posten |
06.06.2014, 11:17 | #13 |
| Fehler beim Laden des Moduls RegSvr32FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 02-06-2014 Ran by Nina (administrator) on NINA-PC on 06-06-2014 12:16:41 Running from C:\Users\Nina\Downloads Platform: Windows 7 Ultimate Service Pack 1 (X64) OS Language: German Standard Internet Explorer Version 11 Boot Mode: Normal ==================== Processes (Whitelisted) ================= (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe (Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe (Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe (Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\19.9.1.14\ccsvchst.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe () C:\Windows\SysWOW64\PnkBstrA.exe (Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe (Intenium) C:\Program Files (x86)\OXXOGames\GPlayer\GameCenterNotifier.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe (Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\19.9.1.14\ccsvchst.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe (Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe ==================== Registry (Whitelisted) ================== HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [6463592 2012-02-10] (Realtek Semiconductor) HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2199840 2014-04-30] (NVIDIA Corporation) HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\nvspcap64.dll [1225920 2014-04-30] (NVIDIA Corporation) HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [291608 2012-03-26] (Intel Corporation) HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [284440 2012-02-01] (Intel Corporation) HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-12-21] (Adobe Systems Incorporated) HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [256896 2014-05-07] (Oracle Corporation) HKU\.DEFAULT\...\Run: [Advanced SystemCare 7] => "C:\Program Files (x86)\IObit\Advanced SystemCare 7\ASCTray.exe" /Auto HKU\S-1-5-21-1228840033-2895351102-1459622301-1000\...\Run: [DAEMON Tools Lite] => C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [3675352 2013-10-28] (Disc Soft Ltd) HKU\S-1-5-21-1228840033-2895351102-1459622301-1000\...\Run: [Spiele Post] => C:\Program Files (x86)\OXXOGames\GPlayer\GameCenterNotifier.exe [483400 2013-12-06] (Intenium) HKU\S-1-5-21-1228840033-2895351102-1459622301-1000\...\Policies\system: [LogonHoursAction] 2 HKU\S-1-5-21-1228840033-2895351102-1459622301-1000\...\Policies\system: [DontDisplayLogonHoursWarnings] 1 GroupPolicyUsers\S-1-5-21-1228840033-2895351102-1459622301-1002\User: Group Policy restriction detected <======= ATTENTION ==================== Internet (Whitelisted) ==================== HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x352833F60A2BCF01 HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/ URLSearchHook: HKLM-x32 - Default Value = {CCC7B159-1D8C-11E3-B2AD-F3EF3D58318D} StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe SearchScopes: HKLM - DefaultScope {1CE79CC2-73FA-442F-A916-7B62D1A98476} URL = SearchScopes: HKCU - DefaultScope {B3B3A6AC-74EC-BD56-BCDB-EFA4799FB9DF} URL = hxxp://de.search.yahoo.com/search?p={searchTerms}&fr=vc_trans_8140&type=securitascout SearchScopes: HKCU - URL hxxp://search.conduit.com/Results.aspx?ctid=CT3323737&octid=EB_ORIGINAL_CTID&SearchSource=58&CUI=&UM=5&UP=SP244E6CBF-8349-4F3A-8DFC-52A4E5111EB7&q={searchTerms}&SSPV= SearchScopes: HKCU - SuggestionsURL_JSON hxxp://suggest.search.conduit.com/CSuggestJson.ashx?prefix={searchTerms} SearchScopes: HKCU - {B3B3A6AC-74EC-BD56-BCDB-EFA4799FB9DF} URL = hxxp://de.search.yahoo.com/search?p={searchTerms}&fr=vc_trans_8140&type=securitascout BHO: ExplorerWnd Helper - {10921475-03CE-4E04-90CE-E2E7EF20C814} - C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallExplorer64.dll (IObit) BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) BHO-x32: Norton Identity Protection - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\19.9.1.14\coIEPlg.dll (Symantec Corporation) BHO-x32: Norton Vulnerability Protection - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\19.9.1.14\IPS\IPSBHO.DLL (Symantec Corporation) BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\19.9.1.14\coIEPlg.dll (Symantec Corporation) Toolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File Toolbar: HKCU - No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 FireFox: ======== FF ProfilePath: C:\Users\Nina\AppData\Roaming\Mozilla\Firefox\Profiles\f1vtxk96.default FF DefaultSearchEngine: WebSearch FF SelectedSearchEngine: WebSearch FF Homepage: https://www.google.de/ FF Keyword.URL: hxxp://websearch.eazytosearch.info/?pid=724&r=2014/06/01&hid=13168029659258047577&lg=EN&cc=DE&l=1&q= FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_13_0_0_214.dll () FF Plugin: @java.com/DTPlugin,version=10.51.2 - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=10.51.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_214.dll () FF Plugin-x32: @adobe.com/ShockwavePlayer - C:\Windows\SysWOW64\Adobe\Director\np32dsw_1210150.dll (Adobe Systems, Inc.) FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.0.59 - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation) FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation) FF Plugin-x32: @java.com/DTPlugin,version=10.60.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=10.60.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin-x32: @nvidia.com/3DVision - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation) FF Plugin-x32: @nvidia.com/3DVisionStreaming - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation) FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: @videolan.org/vlc,version=2.1.3 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN) FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF Plugin HKCU: @unity3d.com/UnityPlayer,version=1.0 - C:\Users\Nina\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS) FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\WebSearch.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml FF Extension: Amazon-Icon - C:\Users\Nina\AppData\Roaming\Mozilla\Firefox\Profiles\f1vtxk96.default\Extensions\amazon-icon@giga.de [2014-04-01] FF Extension: save on - C:\Users\Nina\AppData\Roaming\Mozilla\Firefox\Profiles\f1vtxk96.default\Extensions\auieoaa@y-.co.uk [2014-06-01] FF Extension: Star Stable Online - C:\Users\Nina\AppData\Roaming\Mozilla\Firefox\Profiles\f1vtxk96.default\Extensions\plugin@starstable.com [2014-02-18] FF Extension: System.Collections.CaseInsensitiveComparer - C:\Users\Nina\AppData\Roaming\Mozilla\Firefox\Profiles\f1vtxk96.default\Extensions\{35CFE46B-1C5F-1AC2-DA02-9AA30B4F6DEE} [2014-05-10] FF Extension: Popular Website Buddy - C:\Users\Nina\AppData\Roaming\Mozilla\Firefox\Profiles\f1vtxk96.default\Extensions\jid1-l6V8exwLVv1lBw@jetpack.xpi [2014-05-15] FF Extension: FlashExtension - C:\Users\Nina\AppData\Roaming\Mozilla\Firefox\Profiles\f1vtxk96.default\Extensions\{22916f38-7247-49e7-934c-c5bc815b8ea3}.xpi [2014-04-20] FF Extension: {8f2053ad-6527-424f-9e64-1eca25d13d01} - C:\Users\Nina\AppData\Roaming\Mozilla\Firefox\Profiles\f1vtxk96.default\Extensions\{8f2053ad-6527-424f-9e64-1eca25d13d01}.xpi [2014-04-20] FF HKLM-x32\...\Firefox\Extensions: [{BBDA0591-3099-440a-AA10-41764D9DB4DB}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.0.0.128\IPSFF FF Extension: Norton Vulnerability Protection - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.0.0.128\IPSFF [2014-02-16] FF HKLM-x32\...\Firefox\Extensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.0.0.128\coFFPlgn\ FF Extension: Norton Toolbar - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.0.0.128\coFFPlgn\ [] FF HKCU\...\Firefox\Extensions: [{B64D9B05-48E1-4CEB-BF58-E0643994E900}] - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\ff\ FF Extension: Download videos and MP3s from YouTube - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\ff\ [] Chrome: ======= CHR HomePage: hxxp://www.google.com/ CHR RestoreOnStartup: "hxxp://websearch.eazytosearch.info/?pid=724&r=2014/06/01&hid=13168029659258047577&lg=EN&cc=DE" CHR StartupUrls: "hxxp://websearch.eazytosearch.info/?pid=724&r=2014/06/01&hid=13168029659258047577&lg=EN&cc=DE" CHR Extension: (No Name) - C:\Users\Nina\AppData\Local\Google\Chrome\User Data\Default\Extensions\apimnnpjidaoombgegfjdglhbmjcffke [2014-06-01] CHR Extension: (YouTube) - C:\Users\Nina\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-03-08] CHR Extension: (Google Search) - C:\Users\Nina\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-03-08] CHR Extension: (Enhance Browser) - C:\Users\Nina\AppData\Local\Google\Chrome\User Data\Default\Extensions\encaiiljifbdbjlphpgpiimidegddhic [2014-06-01] CHR Extension: (No Name) - C:\Users\Nina\AppData\Local\Google\Chrome\User Data\Default\Extensions\fadcplcnmpeikaedkmboghidghbnojad [2014-06-01] CHR Extension: (save on) - C:\Users\Nina\AppData\Local\Google\Chrome\User Data\Default\Extensions\fjdbclcpegianmeojpmoddpgggpnploc [2014-06-01] CHR Extension: (No Name) - C:\Users\Nina\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkcedibhemacmilmkpndpkoidlnmgngg [2014-05-27] CHR Extension: (Norton Identity Protection) - C:\Users\Nina\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk [2014-03-09] CHR Extension: (Google Wallet) - C:\Users\Nina\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-03-09] CHR Extension: (Gmail) - C:\Users\Nina\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-03-08] CHR HKLM-x32\...\Chrome\Extension: [mkfokfffehpeedafpekjeddnmnjhmcmk] - C:\Program Files (x86)\Norton Internet Security\Engine\19.9.1.14\Exts\Chrome.crx [2014-02-22] CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION ==================== Services (Whitelisted) ================= R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [161560 2012-02-07] (Intel Corporation) S2 LiveUpdateSvc; C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe [2152736 2014-05-04] (IObit) R2 MBAMScheduler; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe [1809720 2014-05-12] (Malwarebytes Corporation) R2 MBAMService; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [860472 2014-05-12] (Malwarebytes Corporation) R2 NIS; C:\Program Files (x86)\Norton Internet Security\Engine\19.9.1.14\ccSvcHst.exe [138272 2012-06-16] (Symantec Corporation) R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1618888 2014-04-30] (NVIDIA Corporation) R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [21009352 2014-04-30] (NVIDIA Corporation) R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76888 2014-02-16] () ==================== Drivers (Whitelisted) ==================== R1 BHDrvx64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.0.0.128\Definitions\BASHDefs\20140510.001\BHDrvx64.sys [1530160 2014-05-10] (Symantec Corporation) R1 ccSet_NIS; C:\Windows\system32\drivers\NISx64\1309010.00E\ccSetx64.sys [167072 2012-06-07] (Symantec Corporation) R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283064 2014-02-16] (Disc Soft Ltd) R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [484952 2014-02-16] (Symantec Corporation) R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [137648 2014-02-16] (Symantec Corporation) R1 IDSVia64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.0.0.128\Definitions\IPSDefs\20140606.001\IDSvia64.sys [525016 2014-06-04] (Symantec Corporation) R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-05-12] (Malwarebytes Corporation) R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [122584 2014-06-06] (Malwarebytes Corporation) R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-05-12] (Malwarebytes Corporation) R3 NAVENG; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.0.0.128\Definitions\VirusDefs\20140605.032\ENG64.SYS [126040 2014-06-05] (Symantec Corporation) R3 NAVEX15; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.0.0.128\Definitions\VirusDefs\20140605.032\EX64.SYS [2099288 2014-06-05] (Symantec Corporation) R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [19744 2014-04-30] (NVIDIA Corporation) R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [40392 2014-03-31] (NVIDIA Corporation) R1 Serial; C:\Windows\System32\DRIVERS\serial.sys [94208 2009-07-14] (Brother Industries Ltd.) R1 SRTSP; C:\Windows\System32\Drivers\NISx64\1309010.00E\SRTSP64.SYS [737952 2012-07-06] (Symantec Corporation) R1 SRTSPX; C:\Windows\system32\drivers\NISx64\1309010.00E\SRTSPX64.SYS [37536 2012-07-06] (Symantec Corporation) R0 SymDS; C:\Windows\System32\drivers\NISx64\1309010.00E\SYMDS64.SYS [451192 2011-05-16] (Symantec Corporation) R0 SymEFA; C:\Windows\System32\drivers\NISx64\1309010.00E\SYMEFA64.SYS [1129120 2012-05-22] (Symantec Corporation) R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [175736 2014-02-17] (Symantec Corporation) R1 SymIRON; C:\Windows\system32\drivers\NISx64\1309010.00E\Ironx64.SYS [190072 2012-04-18] (Symantec Corporation) R1 SymNetS; C:\Windows\System32\Drivers\NISx64\1309010.00E\SYMNETS.SYS [405624 2012-04-18] (Symantec Corporation) S3 taphss6; C:\Windows\System32\DRIVERS\taphss6.sys [42184 2013-06-21] (Anchorfree Inc.) S3 catchme; \??\C:\ComboFix\catchme.sys [X] S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X] S3 tsusbhub; system32\drivers\tsusbhub.sys [X] S3 VGPU; System32\drivers\rdvgkmd.sys [X] ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2014-06-06 12:14 - 2014-06-06 12:14 - 00001002 _____ () C:\Users\Nina\Desktop\fixlist.txt 2014-06-06 10:08 - 2014-06-06 12:16 - 00000000 ____D () C:\FRST 2014-06-05 23:22 - 2014-06-05 23:22 - 00369811 _____ () C:\Users\Nina\Desktop\photo.php 2014-06-05 22:57 - 2014-06-05 22:57 - 00000000 ____D () C:\Windows\Tasks\ImCleanDisabled 2014-06-05 22:29 - 2014-06-05 22:29 - 01016261 _____ (Thisisu) C:\Users\Nina\Downloads\JRT.exe 2014-06-05 22:29 - 2014-06-05 22:29 - 00000000 ____D () C:\Windows\ERUNT 2014-06-05 22:22 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\Windows\SysWOW64\sqlite3.dll 2014-06-05 21:49 - 2014-06-05 21:49 - 00023369 _____ () C:\ComboFix.txt 2014-06-05 21:49 - 2014-06-05 21:49 - 00000000 ____D () C:\Users\Public\AppData\Local\temp 2014-06-05 21:49 - 2014-06-05 21:49 - 00000000 ____D () C:\Users\Gast\AppData\Local\temp 2014-06-05 21:49 - 2014-06-05 21:49 - 00000000 ____D () C:\Users\Einhorn-Pegasus\AppData\Local\temp 2014-06-05 21:49 - 2014-06-05 21:49 - 00000000 ____D () C:\Users\Default\AppData\Local\temp 2014-06-05 21:49 - 2014-06-05 21:49 - 00000000 ____D () C:\Users\Default User\AppData\Local\temp 2014-06-05 21:49 - 2014-06-05 21:49 - 00000000 ____D () C:\Users\Administrator\AppData\Local\temp 2014-06-05 21:45 - 2011-06-26 08:45 - 00256000 _____ () C:\Windows\PEV.exe 2014-06-05 21:45 - 2010-11-07 19:20 - 00208896 _____ () C:\Windows\MBR.exe 2014-06-05 21:45 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe 2014-06-05 21:45 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe 2014-06-05 21:45 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe 2014-06-05 21:45 - 2000-08-31 02:00 - 00098816 _____ () C:\Windows\sed.exe 2014-06-05 21:45 - 2000-08-31 02:00 - 00080412 _____ () C:\Windows\grep.exe 2014-06-05 21:45 - 2000-08-31 02:00 - 00068096 _____ () C:\Windows\zip.exe 2014-06-05 21:43 - 2014-06-05 21:49 - 00000000 ____D () C:\Windows\erdnt 2014-06-05 21:43 - 2014-06-05 21:49 - 00000000 ____D () C:\Qoobox 2014-06-05 21:43 - 2014-06-05 21:43 - 05205146 ____R (Swearware) C:\Users\Nina\Downloads\ComboFix.exe 2014-06-05 21:25 - 2014-06-06 10:09 - 00022439 _____ () C:\Users\Nina\Downloads\Addition.txt 2014-06-05 21:24 - 2014-06-06 12:16 - 00019111 _____ () C:\Users\Nina\Downloads\FRST.txt 2014-06-05 21:15 - 2014-06-05 21:15 - 02068992 _____ (Farbar) C:\Users\Nina\Downloads\FRST64.exe 2014-06-05 21:14 - 2014-06-05 21:15 - 01059840 _____ (Farbar) C:\Users\Nina\Downloads\FRST.exe 2014-06-05 20:39 - 2014-06-05 20:39 - 01333465 _____ () C:\Users\Nina\Downloads\adwcleaner_3.212.exe 2014-06-05 20:12 - 2014-06-06 07:07 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2014-06-05 20:12 - 2014-06-05 20:12 - 00001106 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk 2014-06-05 20:12 - 2014-06-05 20:12 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 2014-06-05 20:12 - 2014-06-05 20:12 - 00000000 ____D () C:\ProgramData\Malwarebytes 2014-06-05 20:12 - 2014-06-05 20:12 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 2014-06-05 20:12 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys 2014-06-05 20:12 - 2014-05-12 07:26 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys 2014-06-05 20:12 - 2014-05-12 07:25 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys 2014-06-05 20:11 - 2014-06-05 20:11 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Nina\Downloads\mbam-setup-2.0.2.1012.exe 2014-06-05 18:07 - 2014-06-05 18:07 - 00828216 _____ () C:\Users\Nina\Downloads\Setup.exe 2014-06-05 17:52 - 2014-06-05 17:52 - 05249448 _____ (ParetoLogic Inc.) C:\Users\Nina\Downloads\ParetoLogic PC Health Advisor_de.exe 2014-06-05 17:45 - 2014-06-05 17:45 - 00264616 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe 2014-06-05 17:45 - 2014-06-05 17:45 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe 2014-06-05 17:45 - 2014-06-05 17:45 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe 2014-06-05 17:45 - 2014-06-05 17:45 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll 2014-06-05 17:45 - 2014-06-05 17:45 - 00000000 ____D () C:\ProgramData\Sun 2014-06-05 17:45 - 2014-06-05 17:45 - 00000000 ____D () C:\ProgramData\Oracle 2014-06-05 17:45 - 2014-06-05 17:45 - 00000000 ____D () C:\Program Files (x86)\Java 2014-06-05 17:43 - 2014-06-05 17:43 - 29405096 _____ (Oracle Corporation) C:\Users\Nina\Downloads\jre-7u60-windows-i586.exe 2014-06-05 17:35 - 2014-06-05 17:35 - 00700783 ____R (Swearware) C:\Users\Nina\Downloads\dds+.exe 2014-06-05 16:27 - 2014-06-05 16:27 - 00000000 __RHD () C:\Users\Nina\AppData\Roaming\SecuROM 2014-06-05 14:08 - 2014-06-05 14:08 - 00002300 _____ () C:\Users\Public\Desktop\Die*Sims™*3.lnk 2014-06-05 13:32 - 2014-06-05 13:32 - 00001001 _____ () C:\Users\Nina\Desktop\Origin.lnk 2014-06-05 13:12 - 2014-06-05 13:12 - 00002852 _____ () C:\Windows\System32\Tasks\Driver Booster SkipUAC (Nina) 2014-06-05 13:10 - 2014-06-05 13:10 - 00002892 _____ () C:\Windows\System32\Tasks\Uninstaller_SkipUac_Administrator 2014-06-05 13:10 - 2014-06-05 13:10 - 00001156 _____ () C:\Users\Public\Desktop\IObit Uninstaller.lnk 2014-06-05 13:10 - 2014-06-05 13:10 - 00000000 ____D () C:\Users\Nina\AppData\Roaming\ProductData 2014-06-05 13:10 - 2014-06-05 13:10 - 00000000 ____D () C:\Users\Nina\AppData\Roaming\Apple Computer 2014-06-05 13:10 - 2014-06-05 13:10 - 00000000 ____D () C:\ProgramData\ProductData 2014-06-05 13:10 - 2014-06-05 13:10 - 00000000 ____D () C:\ProgramData\{3C5CBD7B-3D1D-411E-96C2-513FFCA84D2D} 2014-06-05 13:09 - 2014-06-05 13:09 - 00002860 _____ () C:\Windows\System32\Tasks\Driver Booster SkipUAC (SYSTEM) 2014-06-05 13:08 - 2014-06-05 13:10 - 00000000 ____D () C:\ProgramData\IObit 2014-06-05 13:07 - 2014-06-05 23:01 - 00000000 ____D () C:\Program Files (x86)\IObit 2014-06-05 13:07 - 2014-06-05 13:10 - 00000000 ____D () C:\Users\Nina\AppData\Roaming\IObit 2014-06-05 13:07 - 2014-06-05 13:07 - 26248320 _____ (IObit ) C:\Users\Nina\Downloads\imf-setup-2.4.1.15.exe 2014-06-05 12:38 - 2014-06-05 12:38 - 00000000 ____D () C:\Users\Nina\Documents\Symantec 2014-06-05 11:19 - 2014-06-05 11:19 - 02347384 _____ (ESET) C:\Users\Nina\Downloads\esetsmartinstaller_deu.exe 2014-06-05 09:43 - 2014-06-05 09:43 - 00001348 __RSH () C:\Users\Einhorn-Pegasus\ntuser.pol 2014-06-05 09:43 - 2014-06-05 09:43 - 00000680 __RSH () C:\Users\Nina\ntuser.pol 2014-06-05 09:27 - 2014-06-05 13:14 - 00000000 ____D () C:\Users\Nina\Documents\Ein Mann hat 7 Tage lang den Himmel auf Teneriffa gefilmt. Was er sah, nimmt mir den Atem-Dateien 2014-06-04 12:58 - 2014-06-04 12:58 - 00003288 _____ () C:\Windows\System32\Tasks\{B6543D33-4196-4FF7-885A-7881AF67AB88} 2014-06-04 12:50 - 2014-06-04 12:50 - 00001861 _____ () C:\Users\Nina\Desktop\UseNeXT by Tangysoft.lnk 2014-06-01 15:34 - 2014-06-05 11:13 - 00000000 ____D () C:\ProgramData\9d268cc6c5d3588d 2014-06-01 15:34 - 2014-06-01 15:34 - 00000000 ____D () C:\Users\Nina\AppData\Local\Packages 2014-06-01 15:34 - 2014-06-01 15:34 - 00000000 ____D () C:\Users\Nina\AppData\Local\Comodo 2014-06-01 15:34 - 2014-06-01 15:34 - 00000000 ____D () C:\Users\Gast\AppData\Local\Google 2014-06-01 15:34 - 2014-06-01 15:34 - 00000000 ____D () C:\Users\Gast\AppData\Local\Comodo 2014-06-01 15:34 - 2014-06-01 15:34 - 00000000 ____D () C:\Users\Gast 2014-06-01 15:34 - 2014-06-01 15:34 - 00000000 ____D () C:\Users\Einhorn-Pegasus\AppData\Local\Comodo 2014-06-01 15:34 - 2014-06-01 15:34 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Google 2014-06-01 15:34 - 2014-06-01 15:34 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Comodo 2014-06-01 15:34 - 2014-06-01 15:34 - 00000000 ____D () C:\Users\Administrator 2014-06-01 15:34 - 2014-06-01 15:34 - 00000000 ____D () C:\ProgramData\TopApp soft 2014-06-01 15:33 - 2014-06-01 15:34 - 00000000 ____D () C:\ProgramData\InstallMate 2014-05-25 17:53 - 2014-05-25 17:54 - 00000000 ____D () C:\Users\Einhorn-Pegasus\AppData\Local\NVIDIA Corporation 2014-05-25 17:45 - 2014-04-30 20:29 - 01225920 _____ (NVIDIA Corporation) C:\Windows\system32\nvspcap64.dll 2014-05-25 17:45 - 2014-04-30 20:29 - 01081112 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvspcap.dll 2014-05-25 17:44 - 2014-05-25 17:45 - 00000000 ____D () C:\Users\Nina\AppData\Local\NVIDIA Corporation 2014-05-25 17:44 - 2014-03-31 18:42 - 00040392 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvvad64v.sys 2014-05-25 17:44 - 2014-03-31 18:42 - 00034760 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvaudcap32v.dll 2014-05-25 17:41 - 2014-05-25 17:41 - 00000000 ____D () C:\Users\Nina\AppData\Roaming\Microsoft Games 2014-05-25 17:41 - 2014-05-25 17:41 - 00000000 ____D () C:\ProgramData\Microsoft Games 2014-05-23 21:34 - 2014-05-23 21:34 - 00001070 _____ () C:\Users\Nina\Documents\VLC media player.lnk 2014-05-16 18:31 - 2014-05-16 18:31 - 00000000 ____D () C:\ProgramData\PopCap Games 2014-05-16 18:30 - 2014-05-16 18:30 - 00001279 _____ () C:\Users\Public\Desktop\Pflanzen gegen Zombies.lnk 2014-05-16 18:30 - 2014-05-16 18:30 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Pflanzen gegen Zombies 2014-05-14 23:07 - 2014-05-06 06:40 - 23544320 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2014-05-14 23:07 - 2014-05-06 06:17 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2014-05-14 23:07 - 2014-05-06 05:25 - 17382912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2014-05-14 23:07 - 2014-05-06 05:07 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb 2014-05-14 23:07 - 2014-05-06 05:00 - 00084992 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll 2014-05-14 23:07 - 2014-05-06 04:10 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll 2014-05-14 22:37 - 2014-05-09 08:14 - 00477184 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll 2014-05-14 22:37 - 2014-05-09 08:11 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll 2014-05-14 22:37 - 2014-04-12 04:22 - 00155072 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys 2014-05-14 22:37 - 2014-04-12 04:22 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys 2014-05-14 22:37 - 2014-04-12 04:19 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll 2014-05-14 22:37 - 2014-04-12 04:19 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll 2014-05-14 22:37 - 2014-04-12 04:19 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe 2014-05-14 22:37 - 2014-04-12 04:19 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll 2014-05-14 22:37 - 2014-04-12 04:19 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll 2014-05-14 22:37 - 2014-04-12 04:12 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll 2014-05-14 22:37 - 2014-04-12 04:10 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll 2014-05-14 22:37 - 2014-03-25 04:43 - 14175744 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll 2014-05-14 22:37 - 2014-03-25 04:09 - 12874240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll 2014-05-14 22:37 - 2014-03-04 11:47 - 05550016 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe 2014-05-14 22:37 - 2014-03-04 11:44 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll 2014-05-14 22:37 - 2014-03-04 11:44 - 00722944 _____ (Microsoft Corporation) C:\Windows\system32\objsel.dll 2014-05-14 22:37 - 2014-03-04 11:44 - 00424960 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll 2014-05-14 22:37 - 2014-03-04 11:44 - 00340992 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll 2014-05-14 22:37 - 2014-03-04 11:44 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll 2014-05-14 22:37 - 2014-03-04 11:44 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll 2014-05-14 22:37 - 2014-03-04 11:44 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll 2014-05-14 22:37 - 2014-03-04 11:44 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\wincredprovider.dll 2014-05-14 22:37 - 2014-03-04 11:43 - 00455168 _____ (Microsoft Corporation) C:\Windows\system32\winlogon.exe 2014-05-14 22:37 - 2014-03-04 11:43 - 00057344 _____ (Microsoft Corporation) C:\Windows\system32\cngprovider.dll 2014-05-14 22:37 - 2014-03-04 11:43 - 00056832 _____ (Microsoft Corporation) C:\Windows\system32\adprovider.dll 2014-05-14 22:37 - 2014-03-04 11:43 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\capiprovider.dll 2014-05-14 22:37 - 2014-03-04 11:43 - 00052736 _____ (Microsoft Corporation) C:\Windows\system32\dpapiprovider.dll 2014-05-14 22:37 - 2014-03-04 11:43 - 00044544 _____ (Microsoft Corporation) C:\Windows\system32\dimsroam.dll 2014-05-14 22:37 - 2014-03-04 11:43 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll 2014-05-14 22:37 - 2014-03-04 11:20 - 03969984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe 2014-05-14 22:37 - 2014-03-04 11:20 - 03914176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe 2014-05-14 22:37 - 2014-03-04 11:17 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll 2014-05-14 22:37 - 2014-03-04 11:17 - 00538112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\objsel.dll 2014-05-14 22:37 - 2014-03-04 11:17 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll 2014-05-14 22:37 - 2014-03-04 11:17 - 00247808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll 2014-05-14 22:37 - 2014-03-04 11:17 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll 2014-05-14 22:37 - 2014-03-04 11:17 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll 2014-05-14 22:37 - 2014-03-04 11:17 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cngprovider.dll 2014-05-14 22:37 - 2014-03-04 11:17 - 00049664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adprovider.dll 2014-05-14 22:37 - 2014-03-04 11:17 - 00048128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\capiprovider.dll 2014-05-14 22:37 - 2014-03-04 11:17 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dpapiprovider.dll 2014-05-14 22:37 - 2014-03-04 11:17 - 00036864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dimsroam.dll 2014-05-14 22:37 - 2014-03-04 11:17 - 00035328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wincredprovider.dll 2014-05-14 22:37 - 2014-03-04 11:17 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll 2014-05-14 22:37 - 2014-03-04 11:16 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll 2014-05-13 22:07 - 2014-06-05 13:15 - 00000000 ____D () C:\Users\Nina\AppData\Roaming\tor 2014-05-13 22:07 - 2014-06-05 12:15 - 00000000 ____D () C:\Users\Nina\AppData\Roaming\Vaowav 2014-05-13 22:07 - 2014-05-14 08:28 - 00000000 ____D () C:\Users\Nina\AppData\Roaming\Xaok 2014-05-10 17:39 - 2014-06-05 12:13 - 00000000 ____D () C:\Users\Nina\AppData\Local\IQsoft 2014-05-10 15:46 - 2014-05-10 15:46 - 04105416 _____ (Gameforge 4D GmbH ) C:\Users\Einhorn-Pegasus\Downloads\Wizard101_Installer_DE(6).exe 2014-05-10 11:44 - 2014-05-10 11:44 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox 2014-05-10 11:32 - 2014-05-10 11:32 - 04105416 _____ (Gameforge 4D GmbH ) C:\Users\Einhorn-Pegasus\Downloads\Wizard101_Installer_DE(5).exe 2014-05-10 11:31 - 2014-05-10 11:31 - 04105416 _____ (Gameforge 4D GmbH ) C:\Users\Einhorn-Pegasus\Downloads\Wizard101_Installer_DE(4).exe 2014-05-10 11:25 - 2014-05-10 11:25 - 04105416 _____ (Gameforge 4D GmbH ) C:\Users\Einhorn-Pegasus\Downloads\Wizard101_Installer_DE(3).exe 2014-05-10 11:23 - 2014-05-10 11:23 - 04105416 _____ (Gameforge 4D GmbH ) C:\Users\Einhorn-Pegasus\Downloads\Wizard101_Installer_DE(2).exe ==================== One Month Modified Files and Folders ======= 2014-06-06 12:16 - 2014-06-06 10:08 - 00000000 ____D () C:\FRST 2014-06-06 12:16 - 2014-06-05 21:24 - 00019111 _____ () C:\Users\Nina\Downloads\FRST.txt 2014-06-06 12:16 - 2014-02-16 13:08 - 00000000 ____D () C:\Users\Nina\AppData\Local\Temp 2014-06-06 12:14 - 2014-06-06 12:14 - 00001002 _____ () C:\Users\Nina\Desktop\fixlist.txt 2014-06-06 11:32 - 2014-02-16 13:42 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job 2014-06-06 11:17 - 2014-03-27 17:54 - 00001106 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2014-06-06 10:27 - 2014-03-01 11:29 - 00000000 ____D () C:\Users\Nina\AppData\Local\CrashDumps 2014-06-06 10:09 - 2014-06-05 21:25 - 00022439 _____ () C:\Users\Nina\Downloads\Addition.txt 2014-06-06 09:21 - 2014-02-16 14:23 - 00000000 ____D () C:\Users\Nina\AppData\Roaming\vlc 2014-06-06 08:17 - 2014-03-27 17:54 - 00001102 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2014-06-06 07:07 - 2014-06-05 20:12 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2014-06-06 06:59 - 2009-07-14 06:45 - 00016944 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2014-06-06 06:59 - 2009-07-14 06:45 - 00016944 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2014-06-06 06:55 - 2014-02-16 13:07 - 01633453 _____ () C:\Windows\WindowsUpdate.log 2014-06-06 06:51 - 2014-02-16 13:56 - 00000000 ____D () C:\ProgramData\NVIDIA 2014-06-06 06:51 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2014-06-06 06:51 - 2009-07-14 06:51 - 00061013 _____ () C:\Windows\setupact.log 2014-06-05 23:22 - 2014-06-05 23:22 - 00369811 _____ () C:\Users\Nina\Desktop\photo.php 2014-06-05 23:01 - 2014-06-05 13:07 - 00000000 ____D () C:\Program Files (x86)\IObit 2014-06-05 23:01 - 2014-02-16 13:19 - 00294732 _____ () C:\Windows\PFRO.log 2014-06-05 22:57 - 2014-06-05 22:57 - 00000000 ____D () C:\Windows\Tasks\ImCleanDisabled 2014-06-05 22:45 - 2014-02-16 14:27 - 00000000 ____D () C:\Users\Nina\AppData\Roaming\UseNeXT 2014-06-05 22:44 - 2014-02-21 17:56 - 00000000 ____D () C:\Users\Nina\AppData\Local\QuickPar 2014-06-05 22:29 - 2014-06-05 22:29 - 01016261 _____ (Thisisu) C:\Users\Nina\Downloads\JRT.exe 2014-06-05 22:29 - 2014-06-05 22:29 - 00000000 ____D () C:\Windows\ERUNT 2014-06-05 21:49 - 2014-06-05 21:49 - 00023369 _____ () C:\ComboFix.txt 2014-06-05 21:49 - 2014-06-05 21:49 - 00000000 ____D () C:\Users\Public\AppData\Local\temp 2014-06-05 21:49 - 2014-06-05 21:49 - 00000000 ____D () C:\Users\Gast\AppData\Local\temp 2014-06-05 21:49 - 2014-06-05 21:49 - 00000000 ____D () C:\Users\Einhorn-Pegasus\AppData\Local\temp 2014-06-05 21:49 - 2014-06-05 21:49 - 00000000 ____D () C:\Users\Default\AppData\Local\temp 2014-06-05 21:49 - 2014-06-05 21:49 - 00000000 ____D () C:\Users\Default User\AppData\Local\temp 2014-06-05 21:49 - 2014-06-05 21:49 - 00000000 ____D () C:\Users\Administrator\AppData\Local\temp 2014-06-05 21:49 - 2014-06-05 21:43 - 00000000 ____D () C:\Windows\erdnt 2014-06-05 21:49 - 2014-06-05 21:43 - 00000000 ____D () C:\Qoobox 2014-06-05 21:49 - 2009-07-14 05:20 - 00000000 __RHD () C:\Users\Default 2014-06-05 21:48 - 2009-07-14 04:34 - 00000215 _____ () C:\Windows\system.ini 2014-06-05 21:43 - 2014-06-05 21:43 - 05205146 ____R (Swearware) C:\Users\Nina\Downloads\ComboFix.exe 2014-06-05 21:15 - 2014-06-05 21:15 - 02068992 _____ (Farbar) C:\Users\Nina\Downloads\FRST64.exe 2014-06-05 21:15 - 2014-06-05 21:14 - 01059840 _____ (Farbar) C:\Users\Nina\Downloads\FRST.exe 2014-06-05 20:39 - 2014-06-05 20:39 - 01333465 _____ () C:\Users\Nina\Downloads\adwcleaner_3.212.exe 2014-06-05 20:24 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\tracing 2014-06-05 20:23 - 2005-06-13 21:06 - 00000000 _RSHD () C:\Users\Nina\AppData\Roaming\Windows Firewall 2014-06-05 20:12 - 2014-06-05 20:12 - 00001106 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk 2014-06-05 20:12 - 2014-06-05 20:12 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 2014-06-05 20:12 - 2014-06-05 20:12 - 00000000 ____D () C:\ProgramData\Malwarebytes 2014-06-05 20:12 - 2014-06-05 20:12 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 2014-06-05 20:11 - 2014-06-05 20:11 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Nina\Downloads\mbam-setup-2.0.2.1012.exe 2014-06-05 18:17 - 2014-02-16 20:05 - 00000000 ____D () C:\ProgramData\Origin 2014-06-05 18:16 - 2014-02-16 20:05 - 00000000 ____D () C:\Program Files (x86)\Origin 2014-06-05 18:07 - 2014-06-05 18:07 - 00828216 _____ () C:\Users\Nina\Downloads\Setup.exe 2014-06-05 17:52 - 2014-06-05 17:52 - 05249448 _____ (ParetoLogic Inc.) C:\Users\Nina\Downloads\ParetoLogic PC Health Advisor_de.exe 2014-06-05 17:45 - 2014-06-05 17:45 - 00264616 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe 2014-06-05 17:45 - 2014-06-05 17:45 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe 2014-06-05 17:45 - 2014-06-05 17:45 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe 2014-06-05 17:45 - 2014-06-05 17:45 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll 2014-06-05 17:45 - 2014-06-05 17:45 - 00000000 ____D () C:\ProgramData\Sun 2014-06-05 17:45 - 2014-06-05 17:45 - 00000000 ____D () C:\ProgramData\Oracle 2014-06-05 17:45 - 2014-06-05 17:45 - 00000000 ____D () C:\Program Files (x86)\Java 2014-06-05 17:43 - 2014-06-05 17:43 - 29405096 _____ (Oracle Corporation) C:\Users\Nina\Downloads\jre-7u60-windows-i586.exe 2014-06-05 17:35 - 2014-06-05 17:35 - 00700783 ____R (Swearware) C:\Users\Nina\Downloads\dds+.exe 2014-06-05 17:28 - 2009-07-14 07:32 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games 2014-06-05 17:26 - 2014-02-16 13:22 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information 2014-06-05 16:27 - 2014-06-05 16:27 - 00000000 __RHD () C:\Users\Nina\AppData\Roaming\SecuROM 2014-06-05 16:14 - 2014-02-16 16:45 - 00000000 ____D () C:\Users\Nina\Documents\Electronic Arts 2014-06-05 14:08 - 2014-06-05 14:08 - 00002300 _____ () C:\Users\Public\Desktop\Die*Sims™*3.lnk 2014-06-05 14:06 - 2014-02-16 21:02 - 00447752 _____ (On2.com) C:\Windows\SysWOW64\vp6vfw.dll 2014-06-05 13:32 - 2014-06-05 13:32 - 00001001 _____ () C:\Users\Nina\Desktop\Origin.lnk 2014-06-05 13:16 - 2014-03-05 19:39 - 00000000 ____D () C:\Program Files (x86)\Electronic Arts 2014-06-05 13:16 - 2014-02-16 20:11 - 00000000 ____D () C:\Program Files (x86)\Origin Games 2014-06-05 13:15 - 2014-05-13 22:07 - 00000000 ____D () C:\Users\Nina\AppData\Roaming\tor 2014-06-05 13:14 - 2014-06-05 09:27 - 00000000 ____D () C:\Users\Nina\Documents\Ein Mann hat 7 Tage lang den Himmel auf Teneriffa gefilmt. Was er sah, nimmt mir den Atem-Dateien 2014-06-05 13:14 - 2014-02-16 21:23 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Electronic Arts 2014-06-05 13:12 - 2014-06-05 13:12 - 00002852 _____ () C:\Windows\System32\Tasks\Driver Booster SkipUAC (Nina) 2014-06-05 13:10 - 2014-06-05 13:10 - 00002892 _____ () C:\Windows\System32\Tasks\Uninstaller_SkipUac_Administrator 2014-06-05 13:10 - 2014-06-05 13:10 - 00001156 _____ () C:\Users\Public\Desktop\IObit Uninstaller.lnk 2014-06-05 13:10 - 2014-06-05 13:10 - 00000000 ____D () C:\Users\Nina\AppData\Roaming\ProductData 2014-06-05 13:10 - 2014-06-05 13:10 - 00000000 ____D () C:\Users\Nina\AppData\Roaming\Apple Computer 2014-06-05 13:10 - 2014-06-05 13:10 - 00000000 ____D () C:\ProgramData\ProductData 2014-06-05 13:10 - 2014-06-05 13:10 - 00000000 ____D () C:\ProgramData\{3C5CBD7B-3D1D-411E-96C2-513FFCA84D2D} 2014-06-05 13:10 - 2014-06-05 13:08 - 00000000 ____D () C:\ProgramData\IObit 2014-06-05 13:10 - 2014-06-05 13:07 - 00000000 ____D () C:\Users\Nina\AppData\Roaming\IObit 2014-06-05 13:09 - 2014-06-05 13:09 - 00002860 _____ () C:\Windows\System32\Tasks\Driver Booster SkipUAC (SYSTEM) 2014-06-05 13:07 - 2014-06-05 13:07 - 26248320 _____ (IObit ) C:\Users\Nina\Downloads\imf-setup-2.4.1.15.exe 2014-06-05 12:38 - 2014-06-05 12:38 - 00000000 ____D () C:\Users\Nina\Documents\Symantec 2014-06-05 12:15 - 2014-05-13 22:07 - 00000000 ____D () C:\Users\Nina\AppData\Roaming\Vaowav 2014-06-05 12:13 - 2014-05-10 17:39 - 00000000 ____D () C:\Users\Nina\AppData\Local\IQsoft 2014-06-05 11:19 - 2014-06-05 11:19 - 02347384 _____ (ESET) C:\Users\Nina\Downloads\esetsmartinstaller_deu.exe 2014-06-05 11:13 - 2014-06-01 15:34 - 00000000 ____D () C:\ProgramData\9d268cc6c5d3588d 2014-06-05 09:43 - 2014-06-05 09:43 - 00001348 __RSH () C:\Users\Einhorn-Pegasus\ntuser.pol 2014-06-05 09:43 - 2014-06-05 09:43 - 00000680 __RSH () C:\Users\Nina\ntuser.pol 2014-06-05 09:43 - 2014-03-30 17:15 - 00000000 ____D () C:\Users\Einhorn-Pegasus 2014-06-05 09:43 - 2014-02-16 13:08 - 00000000 ____D () C:\Users\Nina 2014-06-05 09:43 - 2009-07-14 05:20 - 00000000 ___HD () C:\Windows\system32\GroupPolicy 2014-06-05 09:40 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\system32\NDF 2014-06-05 09:01 - 2014-02-16 14:27 - 00000000 ____D () C:\Users\Nina\Documents\UseNeXT 2014-06-04 12:58 - 2014-06-04 12:58 - 00003288 _____ () C:\Windows\System32\Tasks\{B6543D33-4196-4FF7-885A-7881AF67AB88} 2014-06-04 12:57 - 2014-03-08 19:58 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Zylom 2014-06-04 12:50 - 2014-06-04 12:50 - 00001861 _____ () C:\Users\Nina\Desktop\UseNeXT by Tangysoft.lnk 2014-06-04 12:50 - 2014-02-16 14:27 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\UseNeXT 2014-06-04 12:50 - 2014-02-16 14:27 - 00000000 ____D () C:\Program Files (x86)\UseNeXT 2014-06-04 12:45 - 2009-07-14 05:20 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories 2014-06-01 15:58 - 2014-03-23 12:20 - 00000000 ____D () C:\ProgramData\TEMP 2014-06-01 15:34 - 2014-06-01 15:34 - 00000000 ____D () C:\Users\Nina\AppData\Local\Packages 2014-06-01 15:34 - 2014-06-01 15:34 - 00000000 ____D () C:\Users\Nina\AppData\Local\Comodo 2014-06-01 15:34 - 2014-06-01 15:34 - 00000000 ____D () C:\Users\Gast\AppData\Local\Google 2014-06-01 15:34 - 2014-06-01 15:34 - 00000000 ____D () C:\Users\Gast\AppData\Local\Comodo 2014-06-01 15:34 - 2014-06-01 15:34 - 00000000 ____D () C:\Users\Gast 2014-06-01 15:34 - 2014-06-01 15:34 - 00000000 ____D () C:\Users\Einhorn-Pegasus\AppData\Local\Comodo 2014-06-01 15:34 - 2014-06-01 15:34 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Google 2014-06-01 15:34 - 2014-06-01 15:34 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Comodo 2014-06-01 15:34 - 2014-06-01 15:34 - 00000000 ____D () C:\Users\Administrator 2014-06-01 15:34 - 2014-06-01 15:34 - 00000000 ____D () C:\ProgramData\TopApp soft 2014-06-01 15:34 - 2014-06-01 15:33 - 00000000 ____D () C:\ProgramData\InstallMate 2014-06-01 15:34 - 2014-04-21 19:21 - 00000000 ____D () C:\Users\Einhorn-Pegasus\AppData\Local\Google 2014-06-01 15:34 - 2014-02-16 13:17 - 00000000 ____D () C:\Users\Nina\AppData\Local\Google 2014-06-01 15:32 - 2014-03-12 18:11 - 00000000 ____D () C:\Users\Nina\AppData\Roaming\.minecraft 2014-05-29 13:12 - 2014-04-15 11:15 - 00000000 ____D () C:\Users\Einhorn-Pegasus\AppData\Local\SecondLife 2014-05-29 01:12 - 2009-07-14 19:58 - 00699416 _____ () C:\Windows\system32\perfh007.dat 2014-05-29 01:12 - 2009-07-14 19:58 - 00149556 _____ () C:\Windows\system32\perfc007.dat 2014-05-29 01:12 - 2009-07-14 07:13 - 01620612 _____ () C:\Windows\system32\PerfStringBackup.INI 2014-05-25 17:54 - 2014-05-25 17:53 - 00000000 ____D () C:\Users\Einhorn-Pegasus\AppData\Local\NVIDIA Corporation 2014-05-25 17:45 - 2014-05-25 17:44 - 00000000 ____D () C:\Users\Nina\AppData\Local\NVIDIA Corporation 2014-05-25 17:45 - 2014-02-16 13:56 - 00000000 ____D () C:\Program Files (x86)\NVIDIA Corporation 2014-05-25 17:45 - 2014-02-16 13:55 - 00000000 ____D () C:\ProgramData\NVIDIA Corporation 2014-05-25 17:45 - 2014-02-16 13:53 - 00000000 ____D () C:\Program Files\NVIDIA Corporation 2014-05-25 17:41 - 2014-05-25 17:41 - 00000000 ____D () C:\Users\Nina\AppData\Roaming\Microsoft Games 2014-05-25 17:41 - 2014-05-25 17:41 - 00000000 ____D () C:\ProgramData\Microsoft Games 2014-05-23 21:34 - 2014-05-23 21:34 - 00001070 _____ () C:\Users\Nina\Documents\VLC media player.lnk 2014-05-23 16:25 - 2014-03-27 17:54 - 00002175 _____ () C:\Users\Public\Desktop\Google Chrome.lnk 2014-05-21 12:49 - 2014-02-19 16:22 - 00000000 ____D () C:\Users\Nina\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games 2014-05-18 14:05 - 2014-02-23 18:21 - 00000000 ____D () C:\ProgramData\Wizard101(DE) 2014-05-16 18:31 - 2014-05-16 18:31 - 00000000 ____D () C:\ProgramData\PopCap Games 2014-05-16 18:31 - 2014-02-16 20:05 - 00000000 ____D () C:\Users\Nina\AppData\Local\Origin 2014-05-16 18:31 - 2014-02-16 20:05 - 00000000 ____D () C:\ProgramData\Electronic Arts 2014-05-16 18:30 - 2014-05-16 18:30 - 00001279 _____ () C:\Users\Public\Desktop\Pflanzen gegen Zombies.lnk 2014-05-16 18:30 - 2014-05-16 18:30 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Pflanzen gegen Zombies 2014-05-16 18:30 - 2014-02-16 14:11 - 00193468 _____ () C:\Windows\DirectX.log 2014-05-16 18:27 - 2014-02-16 13:46 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk 2014-05-15 21:23 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\rescache 2014-05-15 19:00 - 2014-03-30 17:16 - 00000000 ___RD () C:\Users\Einhorn-Pegasus\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup 2014-05-15 19:00 - 2014-03-30 17:16 - 00000000 ___RD () C:\Users\Einhorn-Pegasus\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools 2014-05-15 17:52 - 2014-02-16 13:08 - 00000000 ___RD () C:\Users\Nina\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup 2014-05-15 17:52 - 2014-02-16 13:08 - 00000000 ___RD () C:\Users\Nina\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools 2014-05-15 17:50 - 2014-05-06 22:07 - 00000000 ___SD () C:\Windows\system32\CompatTel 2014-05-15 17:50 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\PolicyDefinitions 2014-05-14 20:32 - 2014-02-16 13:42 - 00692400 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2014-05-14 20:32 - 2014-02-16 13:42 - 00070832 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2014-05-14 20:32 - 2014-02-16 13:42 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater 2014-05-14 08:28 - 2014-05-13 22:07 - 00000000 ____D () C:\Users\Nina\AppData\Roaming\Xaok 2014-05-12 07:26 - 2014-06-05 20:12 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys 2014-05-12 07:26 - 2014-06-05 20:12 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys 2014-05-12 07:25 - 2014-06-05 20:12 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys 2014-05-11 09:19 - 2014-02-16 16:35 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service 2014-05-10 18:25 - 2014-04-15 11:59 - 00000000 ____D () C:\Users\Einhorn-Pegasus\AppData\Roaming\vlc 2014-05-10 15:46 - 2014-05-10 15:46 - 04105416 _____ (Gameforge 4D GmbH ) C:\Users\Einhorn-Pegasus\Downloads\Wizard101_Installer_DE(6).exe 2014-05-10 11:44 - 2014-05-10 11:44 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox 2014-05-10 11:32 - 2014-05-10 11:32 - 04105416 _____ (Gameforge 4D GmbH ) C:\Users\Einhorn-Pegasus\Downloads\Wizard101_Installer_DE(5).exe 2014-05-10 11:31 - 2014-05-10 11:31 - 04105416 _____ (Gameforge 4D GmbH ) C:\Users\Einhorn-Pegasus\Downloads\Wizard101_Installer_DE(4).exe 2014-05-10 11:25 - 2014-05-10 11:25 - 04105416 _____ (Gameforge 4D GmbH ) C:\Users\Einhorn-Pegasus\Downloads\Wizard101_Installer_DE(3).exe 2014-05-10 11:23 - 2014-05-10 11:23 - 04105416 _____ (Gameforge 4D GmbH ) C:\Users\Einhorn-Pegasus\Downloads\Wizard101_Installer_DE(2).exe 2014-05-09 08:14 - 2014-05-14 22:37 - 00477184 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll 2014-05-09 08:11 - 2014-05-14 22:37 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll 2014-05-08 15:19 - 2014-03-30 18:35 - 00000000 ____D () C:\Users\Einhorn-Pegasus\Documents\Electronic Arts 2014-05-08 08:12 - 2014-03-27 17:54 - 00004102 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA 2014-05-08 08:12 - 2014-03-27 17:54 - 00003850 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore Some content of TEMP: ==================== C:\Users\Nina\AppData\Local\Temp\Quarantine.exe ==================== Bamital & volsnap Check ================= C:\Windows\System32\winlogon.exe => MD5 is legit C:\Windows\System32\wininit.exe => MD5 is legit C:\Windows\SysWOW64\wininit.exe => MD5 is legit C:\Windows\explorer.exe => MD5 is legit C:\Windows\SysWOW64\explorer.exe => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\SysWOW64\svchost.exe => MD5 is legit C:\Windows\System32\services.exe => MD5 is legit C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\SysWOW64\User32.dll => MD5 is legit C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\SysWOW64\userinit.exe => MD5 is legit C:\Windows\System32\rpcss.dll => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit LastRegBack: 2014-05-29 00:19 ==================== End Of Log ============================ |
06.06.2014, 14:22 | #14 |
/// Winkelfunktion /// TB-Süch-Tiger™ | Fehler beim Laden des Moduls RegSvr32 Falsches Log. Du solltest das Fixlog posten
__________________ Logfiles bitte immer in CODE-Tags posten |
06.06.2014, 21:15 | #15 |
| Fehler beim Laden des Moduls RegSvr32 das mit der Fixlist.txt funktioniert nicht :-((((( frst sagt immer fixlist not found |