| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: V9.com enfernenWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
04.07.2014, 12:14
| #5 |
| |  FRST-Editor FRST Logfile: FRST Logfile: FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 03-07-2014 Ran by Witali (administrator) on FAMILIEN-PC on 06-07-2014 12:22:08 Running from C:\Users\Witali\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\HKKNIXYH Platform: Windows 8 (X64) OS Language: Deutsch (Deutschland) Internet Explorer Version 10 Boot Mode: Normal ==================== Processes (Whitelisted) ================= (ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe (ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe (Cherished Technololgy LIMITED) C:\ProgramData\IePluginService\PluginService.exe (Cherished Technololgy LIMITED) C:\ProgramData\WPM\wprotectmanager.exe (ASUS) C:\Program Files (x86)\ASUS\ASUS InstantOn\InsOnSrv.exe (IVT Corporation) C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BlueSoleilCS.exe (Microsoft Corporation) C:\Windows\System32\dasHost.exe (Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe () C:\Program Files (x86)\LPT\srpts.exe (Tlapia) C:\Program Files (x86)\sysTPL\sysTPLMonitor.exe (VIA Technologies, Inc.) C:\Windows\System32\ViakaraokeSrv.exe (IVT Corporation) C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BsHelpCS.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe (ASUS) C:\Program Files\ASUS\P4G\BatteryLife.exe (ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe (ASUS) C:\Program Files (x86)\ASUS\ASUS InstantOn\InsOnWMI.exe (ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe (ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe (Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16.4.4206.722_x64__8wekyb3d8bbwe\LiveComm.exe (ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe (ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe (AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPLoader.exe (ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\QuickGesture\x64\QuickGesture64.exe (ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\QuickGesture\x86\QuickGesture.exe (AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPCenter.exe (AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPHelper.exe (Intel Corporation) C:\Windows\System32\igfxtray.exe (Intel Corporation) C:\Windows\System32\hkcmd.exe (VIA) C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe (ASUS) C:\Program Files (x86)\ASUS\Splendid\ACMON.exe (ASUSTeK) C:\Windows\SysWOW64\ACEngSvr.exe (Intel Corporation) C:\Windows\System32\igfxpers.exe (IVT Corporation) C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BtTray.exe (CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Tlapia) C:\Program Files (x86)\sysTPL\sysTPL.exe (Tlapia) C:\Program Files (x86)\sysTPL\sysTPLService.exe (ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\ASUS Live Update\LiveUpdate.exe (Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe (Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil_ActiveX.exe (Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe (Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe (Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe ==================== Registry (Whitelisted) ================== HKLM\...\Run: [HDAudDeck] => C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe [5299320 2012-10-25] (VIA) HKLM\...\Run: [ACMON] => C:\Program Files (x86)\ASUS\Splendid\ACMON.exe [107192 2012-09-11] (ASUS) HKLM-x32\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe [40312 2014-05-08] (Adobe Systems Incorporated) HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated) HKLM-x32\...\Run: [BtTray] => C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BtTray.exe [364032 2012-08-15] (IVT Corporation) HKLM-x32\...\Run: [RemoteControl10] => C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [91432 2012-03-28] (CyberLink Corp.) HKLM-x32\...\Run: [ASUSWebStorage] => C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.9.120\AsusWSPanel.exe [3417984 2012-08-28] (ASUS Cloud Corporation) HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [750160 2014-07-06] (Avira Operations GmbH & Co. KG) HKLM-x32\...\Run: [mobilegeni daemon] => C:\Program Files (x86)\Mobogenie\DaemonProcess.exe HKLM-x32\...\Run: [sysTPL] => C:\Program Files (x86)\sysTPL\sysTPL.exe [1244440 2014-01-24] (Tlapia) Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation) HKU\S-1-5-21-215413311-585589717-95820281-1001\...\Run: [NextLive] => C:\Windows\SysWOW64\rundll32.exe "C:\Users\Witali\AppData\Roaming\newnext.me\nengine.dll",EntryPoint -m l ShellIconOverlayIdentifiers: AsusWSShellExt_B -> {6D4133E5-0742-4ADC-8A8C-9303440F7190} => C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.9.120\ASUSWSShellExt64.dll (ASUS Cloud Corporation.) ShellIconOverlayIdentifiers: AsusWSShellExt_O -> {64174815-8D98-4CE6-8646-4C039977D808} => C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.9.120\ASUSWSShellExt64.dll (ASUS Cloud Corporation.) ShellIconOverlayIdentifiers: AsusWSShellExt_U -> {1C5AB7B1-0B38-4EC4-9093-7FD277E2AF4D} => C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.9.120\ASUSWSShellExt64.dll (ASUS Cloud Corporation.) ==================== Internet (Whitelisted) ==================== ProxyEnable: Internet Explorer proxy is enabled. ProxyServer: http=127.0.0.1:8877 HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://feed.snapdo.com/?p=mKO_AwFzXIpYRbPGr6JN_C9Okvk3V9BHMT-IkVs3eDgJlBATeRnAqXYyYJDXLfK6eZDr--M9JXGUna04c8v3nrz1Jk2OMIEkAFi8neL2xxaMM0fcHoNm5vmWbLPW5CN0AYPk2M35zz1PFR2aDe5RpLaMZ9H6JXSicvSp283fnUxXXUyOc4lrcEbJwOmB3P0V3j4bPsbZVwOs4xGFHw,,&q={searchTerms} HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.de/ HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.nationzoom.com/?type=hp&ts=1387395746&from=tugs&uid=HitachiXHTS545050A7E380_TE854749D71VYMD71VYMX HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://feed.snapdo.com/?p=mKO_AwFzXIpYRbPGr6JN_C9Okvk3V9BHMT-IkVs3eDgJlBATeRnAqXYyYJDXLfK6eZDr--M9JXGUna04c8v3nrz1Jk2OMIEkAFi8neL2xxaMM0fcHoNm5vmWbLPW5CN0AYPk2M35zz1PFR2aDe5RpLaMZ9H6JXSicvSp283fnUxXXUyOc4lrcEbJwOmB3P0V3j4bPsbZVwOs4xGFHw,,&q={searchTerms} HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.nationzoom.com/web/?type=ds&ts=1387395746&from=tugs&uid=HitachiXHTS545050A7E380_TE854749D71VYMD71VYMX&q={searchTerms} HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.nationzoom.com/?type=hp&ts=1387395746&from=tugs&uid=HitachiXHTS545050A7E380_TE854749D71VYMD71VYMX HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.nationzoom.com/?type=hp&ts=1387395746&from=tugs&uid=HitachiXHTS545050A7E380_TE854749D71VYMD71VYMX HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.nationzoom.com/web/?type=ds&ts=1387395746&from=tugs&uid=HitachiXHTS545050A7E380_TE854749D71VYMD71VYMX&q={searchTerms} HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.nationzoom.com/web/?type=ds&ts=1387395746&from=tugs&uid=HitachiXHTS545050A7E380_TE854749D71VYMD71VYMX&q={searchTerms} HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.nationzoom.com/?type=hp&ts=1387395746&from=tugs&uid=HitachiXHTS545050A7E380_TE854749D71VYMD71VYMX HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.nationzoom.com/?type=hp&ts=1387395746&from=tugs&uid=HitachiXHTS545050A7E380_TE854749D71VYMD71VYMX HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.nationzoom.com/web/?type=ds&ts=1387395746&from=tugs&uid=HitachiXHTS545050A7E380_TE854749D71VYMD71VYMX&q={searchTerms} StartMenuInternet: IEXPLORE.EXE - C:\Program Files\Internet Explorer\iexplore.exe hxxp://www.nationzoom.com/?type=sc&ts=1387395746&from=tugs&uid=HitachiXHTS545050A7E380_TE854749D71VYMD71VYMX SearchScopes: HKLM - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.nationzoom.com/web/?type=ds&ts=1387395746&from=tugs&uid=HitachiXHTS545050A7E380_TE854749D71VYMD71VYMX&q={searchTerms} SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://start.mysearchdial.com/results.php?f=4&q={searchTerms}&a=irmsd1103&cd=2XzuyEtN2Y1L1Qzuzy0CtB0AyBtDyEzztD0Dzy0ByCtAtA0BtN0D0Tzu0SyBtCtDtN1L2XzutBtFtBtFtCyEtFtCtAyBzytN1L1CzutCyD1B1P1R&cr=501081809&ir= SearchScopes: HKLM - {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.nationzoom.com/web/?type=ds&ts=1387395746&from=tugs&uid=HitachiXHTS545050A7E380_TE854749D71VYMD71VYMX&q={searchTerms} SearchScopes: HKLM - {77AA745B-F4F8-45DA-9B14-61D2D95054C8} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=ASU2JS SearchScopes: HKLM-x32 - DefaultScope {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = hxxp://feed.snapdo.com/?p=mKO_AwFzXIpYRbPGr6JN_C9Okvk3V9BHMT-IkVs3eDgJlBATeRnAqXYyYJDXLfK6eZDr--M9JXGUna04c8v3nrz1Jk2OMIEkAFi8neL2xxaMM0fcHoNm5vmWbLPW5CN0AYPk2M35zz1PFR2aDe5RpLaMZ9H6JXSicvSp283fnUxXXUyOc4lrcEbJwOmB3P0V3j4bPsbZVwOs4xGFHw,,&q={searchTerms} SearchScopes: HKLM-x32 - {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = hxxp://feed.snapdo.com/?p=mKO_AwFzXIpYRbPGr6JN_C9Okvk3V9BHMT-IkVs3eDgJlBATeRnAqXYyYJDXLfK6eZDr--M9JXGUna04c8v3nrz1Jk2OMIEkAFi8neL2xxaMM0fcHoNm5vmWbLPW5CN0AYPk2M35zz1PFR2aDe5RpLaMZ9H6JXSicvSp283fnUxXXUyOc4lrcEbJwOmB3P0V3j4bPsbZVwOs4xGFHw,,&q={searchTerms} SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=ASU2JS SearchScopes: HKCU - DefaultScope {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = hxxp://feed.snapdo.com/?p=mKO_AwFzXIpYRbPGr6JN_C9Okvk3V9BHMT-IkVs3eDgJlBATeRnAqXYyYJDXLfK6eZDr--M9JXGUna04c8v3nrz1Jk2OMIEkAFi8neL2xxaMM0fcHoNm5vmWbLPW5CN0AYPk2M35zz1PFR2aDe5RpLaMZ9H6JXSicvSp283fnUxXXUyOc4lrcEbJwOmB3P0V3j4bPsbZVwOs4xGFHw,,&q={searchTerms} SearchScopes: HKCU - {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = hxxp://feed.snapdo.com/?p=mKO_AwFzXIpYRbPGr6JN_C9Okvk3V9BHMT-IkVs3eDgJlBATeRnAqXYyYJDXLfK6eZDr--M9JXGUna04c8v3nrz1Jk2OMIEkAFi8neL2xxaMM0fcHoNm5vmWbLPW5CN0AYPk2M35zz1PFR2aDe5RpLaMZ9H6JXSicvSp283fnUxXXUyOc4lrcEbJwOmB3P0V3j4bPsbZVwOs4xGFHw,,&q={searchTerms} SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKCU - {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = BHO: Plus-HD-2.2 - {11111111-1111-1111-1111-110311301136} - C:\Program Files (x86)\Plus-HD-2.2\Plus-HD-2.2-bho64.dll No File BHO-x32: IETabPage Class - {3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C} - C:\Program Files (x86)\SupTab\SupTab.dll No File BHO-x32: No Name - {84FF7BD6-B47F-46F8-9130-01B2696B36CB} - No File Toolbar: HKLM - No Name - {ae07101b-46d4-4a98-af68-0333ea26e113} - No File Toolbar: HKLM-x32 - No Name - {ae07101b-46d4-4a98-af68-0333ea26e113} - No File Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Windows\SysWow64\skype4com.dll (Skype Technologies) Tcpip\Parameters: [DhcpNameServer] 192.168.2.1 FireFox: ======== FF ProfilePath: C:\Users\Witali\AppData\Roaming\Mozilla\Firefox\Profiles\r5bdjt1m.default-1402150023995 FF Homepage: hxxp://rts.dsrlte.com FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_14_0_0_125.dll () FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_125.dll () FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation) FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation) FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF SearchPlugin: C:\Users\Witali\AppData\Roaming\Mozilla\Firefox\Profiles\r5bdjt1m.default-1402150023995\searchplugins\keepmysearch.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\nationzoom.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml FF Extension: HDvid Codec V6.0 - C:\Users\Witali\AppData\Roaming\Mozilla\Firefox\Profiles\r5bdjt1m.default-1402150023995\Extensions\34f57b0c-8cdb-4914-818c-928df47c6c4f@3a243122-a6fc-40c9-a1e6-ba11e930da09.com [2014-07-06] FF Extension: Plus-HD-2.2 - C:\Users\Witali\AppData\Roaming\Mozilla\Firefox\Profiles\r5bdjt1m.default-1402150023995\Extensions\4fdacf00-e9c4-4ad5-b4cf-bf9800f184f6@36857116-74e0-4973-936f-860cd2a102a9.com [2014-07-06] FF HKLM-x32\...\Firefox\Extensions: [quick_start@gmail.com] - C:\Users\Witali\AppData\Roaming\Mozilla\Firefox\Profiles\2sfzx2xn.default-1387402583828\extensions\quick_start@gmail.com FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK Chrome: ======= CHR Extension: (Plus-HD-2.2) - C:\Users\Witali\AppData\Local\Google\Chrome\User Data\Default\Extensions\kfakeonomonapccoamcmdgpoaicnpnoo [2013-12-18] CHR HKLM-x32\...\Chrome\Extension: [dnllcmllkjofnojidnaknldfehfhehoo] - C:\Program Files (x86)\HDvidCodec.com\HDvidCodec10.crx [2013-06-30] ==================== Services (Whitelisted) ================= R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [430160 2014-07-06] (Avira Operations GmbH & Co. KG) R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [430160 2014-07-06] (Avira Operations GmbH & Co. KG) R2 ASUS InstantOn; C:\Program Files (x86)\ASUS\ASUS InstantOn\InsOnSrv.exe [277120 2012-04-13] (ASUS) R2 BlueSoleilCS; C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BlueSoleilCS.exe [1578496 2012-08-14] (IVT Corporation) [File not signed] R3 BsHelpCS; C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BsHelpCS.exe [138752 2012-08-14] (IVT Corporation) [File not signed] R2 IePluginService; C:\ProgramData\IePluginService\PluginService.exe [705136 2014-04-11] (Cherished Technololgy LIMITED) R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [129856 2012-06-27] (Intel Corporation) R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [166720 2012-06-25] (Intel Corporation) R2 LPTSystemUpdater; C:\Program Files (x86)\LPT\srpts.exe [32288 2014-02-09] () R2 MBAMScheduler; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe [1809720 2014-05-12] (Malwarebytes Corporation) R2 MBAMService; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [860472 2014-05-12] (Malwarebytes Corporation) R2 sysTPLMonitor.exe; C:\Program Files (x86)\sysTPL\sysTPLMonitor.exe [399640 2014-01-24] (Tlapia) R2 sysTPLService.exe; C:\Program Files (x86)\sysTPL\sysTPLService.exe [400664 2014-01-24] (Tlapia) R2 VIAKaraokeService; C:\Windows\system32\viakaraokesrv.exe [27768 2012-10-22] (VIA Technologies, Inc.) S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [16048 2013-07-02] (Microsoft Corporation) R2 Wpm; C:\ProgramData\WPM\wprotectmanager.exe [510608 2014-03-05] (Cherished Technololgy LIMITED) ==================== Drivers (Whitelisted) ==================== R3 ATP; C:\Windows\System32\drivers\AsusTP.sys [62848 2012-11-20] (ASUS Corporation) R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [117712 2014-07-06] (Avira Operations GmbH & Co. KG) R1 avipbb; C:\Windows\system32\DRIVERS\avipbb.sys [130584 2014-06-07] (Avira Operations GmbH & Co. KG) R1 avkmgr; C:\Windows\system32\DRIVERS\avkmgr.sys [28600 2013-12-10] (Avira Operations GmbH & Co. KG) U5 BlueletAudio; C:\Windows\System32\Drivers\BlueletAudio.sys [34912 2012-06-15] (Ralink Corporation.) R3 BtAudioBusSrv; C:\Windows\System32\Drivers\BtAudioBus.sys [23136 2012-06-15] (IVT Corporation) U4 BthHFEnum; S3 BthL2caScoIfSrv; C:\Windows\System32\Drivers\BtL2caScoIf.sys [56904 2012-07-19] (Ralink Corporation) S3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [202752 2012-07-26] (Microsoft Corporation) S3 btUrbFilterDrv; C:\Windows\System32\Drivers\IvtUrbBtFlt.sys [48736 2012-08-14] (Ralink Corporation) R3 kbfiltr; C:\Windows\System32\drivers\kbfiltr.sys [14992 2012-08-02] ( ) R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-05-12] (Malwarebytes Corporation) R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [122584 2014-07-06] (Malwarebytes Corporation) R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [64216 2014-05-12] (Malwarebytes Corporation) R3 rtbth; C:\Windows\System32\drivers\rtbth.sys [695392 2012-08-14] (Ralink Technology, Corp.) R1 {b8a90375-3b37-4954-86de-f96c458c4ce2}w64; C:\Windows\System32\drivers\{b8a90375-3b37-4954-86de-f96c458c4ce2}w64.sys [61120 2014-04-24] (StdLib) U5 BlueletAudio; C:\Windows\SysWOW64\Drivers\BlueletAudio.sys [34912 2012-06-15] (Ralink Corporation.) U0 msahci; ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2014-07-06 12:16 - 2014-07-06 12:22 - 00000000 ____D () C:\FRST 2014-07-06 11:21 - 2014-07-06 11:21 - 00626510 _____ () C:\LOG1.Xml 2014-07-06 10:27 - 2014-07-06 10:27 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2014-07-06 10:26 - 2014-07-06 10:26 - 00001100 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk 2014-07-06 10:26 - 2014-07-06 10:26 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 2014-07-06 10:26 - 2014-07-06 10:26 - 00000000 ____D () C:\ProgramData\Malwarebytes 2014-07-06 10:26 - 2014-07-06 10:26 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 2014-07-06 10:26 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys 2014-07-06 10:26 - 2014-05-12 07:26 - 00064216 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys 2014-07-06 10:26 - 2014-05-12 07:25 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys 2014-07-06 09:53 - 2014-07-06 10:39 - 00000468 _____ () C:\Users\Witali\AppData\Roaming\Microsoft\Windows\Start Menu\Google.website 2014-06-23 22:16 - 2014-06-23 22:16 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox 2014-06-07 15:45 - 2014-06-07 15:45 - 00728960 _____ (Enigma Software Group USA, LLC.) C:\Users\Witali\Downloads\SpyHunter-installer.exe ==================== One Month Modified Files and Folders ======= 2014-07-06 12:22 - 2014-07-06 12:16 - 00000000 ____D () C:\FRST 2014-07-06 12:14 - 2013-06-02 22:11 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job 2014-07-06 12:03 - 2013-12-18 21:21 - 00000000 ____D () C:\Program Files (x86)\Plus-HD-2.2 2014-07-06 12:03 - 2013-05-16 18:36 - 00003592 _____ () C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-215413311-585589717-95820281-1001 2014-07-06 12:00 - 2012-07-26 10:12 - 00000000 ____D () C:\Windows\system32\sru 2014-07-06 11:48 - 2014-02-18 14:14 - 00000000 ____D () C:\Program Files (x86)\sysTPL 2014-07-06 11:45 - 2014-04-01 17:39 - 00000000 ____D () C:\Program Files (x86)\SupTab 2014-07-06 11:21 - 2014-07-06 11:21 - 00626510 _____ () C:\LOG1.Xml 2014-07-06 11:14 - 2013-12-18 21:14 - 00000000 ____D () C:\Program Files (x86)\HDvid Codec V6.0 2014-07-06 11:14 - 2013-10-26 20:58 - 00000000 ____D () C:\Program Files (x86)\HDvid Codec V1 2014-07-06 10:39 - 2014-07-06 09:53 - 00000468 _____ () C:\Users\Witali\AppData\Roaming\Microsoft\Windows\Start Menu\Google.website 2014-07-06 10:27 - 2014-07-06 10:27 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2014-07-06 10:26 - 2014-07-06 10:26 - 00001100 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk 2014-07-06 10:26 - 2014-07-06 10:26 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 2014-07-06 10:26 - 2014-07-06 10:26 - 00000000 ____D () C:\ProgramData\Malwarebytes 2014-07-06 10:26 - 2014-07-06 10:26 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 2014-07-06 09:51 - 2013-12-18 21:22 - 00001354 _____ () C:\Windows\Tasks\Plus-HD-2.2-updater.job 2014-07-06 09:51 - 2013-12-18 21:22 - 00001256 _____ () C:\Windows\Tasks\Plus-HD-2.2-codedownloader.job 2014-07-06 09:51 - 2013-12-18 21:22 - 00001156 _____ () C:\Windows\Tasks\Plus-HD-2.2-enabler.job 2014-07-06 09:51 - 2013-12-18 21:21 - 00002130 _____ () C:\Windows\Tasks\Plus-HD-2.2-firefoxinstaller.job 2014-07-06 09:51 - 2013-12-18 21:21 - 00002002 _____ () C:\Windows\Tasks\Plus-HD-2.2-chromeinstaller.job 2014-07-06 09:51 - 2013-12-18 21:14 - 00002198 _____ () C:\Windows\Tasks\HDvid Codec V6.0-firefoxinstaller.job 2014-07-06 09:51 - 2013-12-18 21:14 - 00001352 _____ () C:\Windows\Tasks\HDvid Codec V6.0-updater.job 2014-07-06 09:51 - 2013-10-26 20:58 - 00001222 _____ () C:\Windows\Tasks\HDvid Codec V1-codedownloader.job 2014-07-06 09:51 - 2013-05-16 18:29 - 00000401 _____ () C:\Users\Witali\AppData\Roaming\sp_data.sys 2014-07-06 09:13 - 2013-01-22 21:19 - 01556059 _____ () C:\Windows\WindowsUpdate.log 2014-07-06 09:01 - 2012-07-26 07:26 - 00000226 _____ () C:\Windows\win.ini 2014-07-06 08:59 - 2013-06-02 22:11 - 00003772 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater 2014-07-06 08:56 - 2013-06-01 11:22 - 00117712 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys 2014-07-06 08:54 - 2013-12-18 21:21 - 00000000 ____D () C:\Users\Witali\AppData\Roaming\newnext.me 2014-07-06 08:54 - 2013-12-11 00:10 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service 2014-07-01 20:12 - 2012-07-26 10:12 - 00000000 ____D () C:\Windows\AUInstallAgent 2014-06-23 22:16 - 2014-06-23 22:16 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox 2014-06-14 21:36 - 2012-07-26 09:59 - 00000000 ____D () C:\Windows\CbsTemp 2014-06-08 22:00 - 2013-12-09 22:40 - 00000000 ____D () C:\Program Files (x86)\Plus-HD-2.5 2014-06-07 16:08 - 2012-08-15 19:46 - 00000739 _____ () C:\Windows\SysWOW64\bscs.ini 2014-06-07 16:08 - 2012-08-02 15:24 - 00023334 _____ () C:\Windows\PFRO.log 2014-06-07 16:08 - 2012-07-26 09:22 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2014-06-07 16:07 - 2013-12-18 23:36 - 00000000 ____D () C:\Users\Witali\Desktop\Alte Firefox-Daten 2014-06-07 16:07 - 2012-07-26 07:26 - 00262144 ___SH () C:\Windows\system32\config\BBI 2014-06-07 15:45 - 2014-06-07 15:45 - 00728960 _____ (Enigma Software Group USA, LLC.) C:\Users\Witali\Downloads\SpyHunter-installer.exe 2014-06-07 15:26 - 2013-06-01 11:22 - 00130584 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys Files to move or delete: ==================== C:\ProgramData\SetStretch.exe Some content of TEMP: ==================== C:\Users\Witali\AppData\Local\Temp\96984uninstall.exe C:\Users\Witali\AppData\Local\Temp\avgnt.exe C:\Users\Witali\AppData\Local\Temp\BackupSetup.exe C:\Users\Witali\AppData\Local\Temp\dsrlte.exe C:\Users\Witali\AppData\Local\Temp\FortunitasUntemp.exe C:\Users\Witali\AppData\Local\Temp\mgsqlite3.dll C:\Users\Witali\AppData\Local\Temp\setupA9_.exe C:\Users\Witali\AppData\Local\Temp\ShoppinHelper2new2.exe C:\Users\Witali\AppData\Local\Temp\Sqlite3.dll C:\Users\Witali\AppData\Local\Temp\vcredist_x64.exe ==================== Bamital & volsnap Check ================= C:\Windows\System32\winlogon.exe => File is digitally signed C:\Windows\System32\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\System32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\System32\services.exe => File is digitally signed C:\Windows\System32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\System32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\System32\rpcss.dll => File is digitally signed C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2014-07-06 12:05 ==================== End Of Log ============================ --- --- --- FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 03-07-2014 Ran by Witali (administrator) on FAMILIEN-PC on 06-07-2014 12:22:08 Running from C:\Users\Witali\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\HKKNIXYH Platform: Windows 8 (X64) OS Language: Deutsch (Deutschland) Internet Explorer Version 10 Boot Mode: Normal ==================== Processes (Whitelisted) ================= (ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe (ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe (Cherished Technololgy LIMITED) C:\ProgramData\IePluginService\PluginService.exe (Cherished Technololgy LIMITED) C:\ProgramData\WPM\wprotectmanager.exe (ASUS) C:\Program Files (x86)\ASUS\ASUS InstantOn\InsOnSrv.exe (IVT Corporation) C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BlueSoleilCS.exe (Microsoft Corporation) C:\Windows\System32\dasHost.exe (Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe () C:\Program Files (x86)\LPT\srpts.exe (Tlapia) C:\Program Files (x86)\sysTPL\sysTPLMonitor.exe (VIA Technologies, Inc.) C:\Windows\System32\ViakaraokeSrv.exe (IVT Corporation) C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BsHelpCS.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe (ASUS) C:\Program Files\ASUS\P4G\BatteryLife.exe (ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe (ASUS) C:\Program Files (x86)\ASUS\ASUS InstantOn\InsOnWMI.exe (ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe (ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe (Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16.4.4206.722_x64__8wekyb3d8bbwe\LiveComm.exe (ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe (ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe (AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPLoader.exe (ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\QuickGesture\x64\QuickGesture64.exe (ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\QuickGesture\x86\QuickGesture.exe (AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPCenter.exe (AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPHelper.exe (Intel Corporation) C:\Windows\System32\igfxtray.exe (Intel Corporation) C:\Windows\System32\hkcmd.exe (VIA) C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe (ASUS) C:\Program Files (x86)\ASUS\Splendid\ACMON.exe (ASUSTeK) C:\Windows\SysWOW64\ACEngSvr.exe (Intel Corporation) C:\Windows\System32\igfxpers.exe (IVT Corporation) C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BtTray.exe (CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Tlapia) C:\Program Files (x86)\sysTPL\sysTPL.exe (Tlapia) C:\Program Files (x86)\sysTPL\sysTPLService.exe (ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\ASUS Live Update\LiveUpdate.exe (Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe (Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil_ActiveX.exe (Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe (Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe (Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe ==================== Registry (Whitelisted) ================== HKLM\...\Run: [HDAudDeck] => C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe [5299320 2012-10-25] (VIA) HKLM\...\Run: [ACMON] => C:\Program Files (x86)\ASUS\Splendid\ACMON.exe [107192 2012-09-11] (ASUS) HKLM-x32\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe [40312 2014-05-08] (Adobe Systems Incorporated) HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated) HKLM-x32\...\Run: [BtTray] => C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BtTray.exe [364032 2012-08-15] (IVT Corporation) HKLM-x32\...\Run: [RemoteControl10] => C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [91432 2012-03-28] (CyberLink Corp.) HKLM-x32\...\Run: [ASUSWebStorage] => C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.9.120\AsusWSPanel.exe [3417984 2012-08-28] (ASUS Cloud Corporation) HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [750160 2014-07-06] (Avira Operations GmbH & Co. KG) HKLM-x32\...\Run: [mobilegeni daemon] => C:\Program Files (x86)\Mobogenie\DaemonProcess.exe HKLM-x32\...\Run: [sysTPL] => C:\Program Files (x86)\sysTPL\sysTPL.exe [1244440 2014-01-24] (Tlapia) Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation) HKU\S-1-5-21-215413311-585589717-95820281-1001\...\Run: [NextLive] => C:\Windows\SysWOW64\rundll32.exe "C:\Users\Witali\AppData\Roaming\newnext.me\nengine.dll",EntryPoint -m l ShellIconOverlayIdentifiers: AsusWSShellExt_B -> {6D4133E5-0742-4ADC-8A8C-9303440F7190} => C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.9.120\ASUSWSShellExt64.dll (ASUS Cloud Corporation.) ShellIconOverlayIdentifiers: AsusWSShellExt_O -> {64174815-8D98-4CE6-8646-4C039977D808} => C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.9.120\ASUSWSShellExt64.dll (ASUS Cloud Corporation.) ShellIconOverlayIdentifiers: AsusWSShellExt_U -> {1C5AB7B1-0B38-4EC4-9093-7FD277E2AF4D} => C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.9.120\ASUSWSShellExt64.dll (ASUS Cloud Corporation.) ==================== Internet (Whitelisted) ==================== ProxyEnable: Internet Explorer proxy is enabled. ProxyServer: http=127.0.0.1:8877 HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://feed.snapdo.com/?p=mKO_AwFzXIpYRbPGr6JN_C9Okvk3V9BHMT-IkVs3eDgJlBATeRnAqXYyYJDXLfK6eZDr--M9JXGUna04c8v3nrz1Jk2OMIEkAFi8neL2xxaMM0fcHoNm5vmWbLPW5CN0AYPk2M35zz1PFR2aDe5RpLaMZ9H6JXSicvSp283fnUxXXUyOc4lrcEbJwOmB3P0V3j4bPsbZVwOs4xGFHw,,&q={searchTerms} HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.de/ HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.nationzoom.com/?type=hp&ts=1387395746&from=tugs&uid=HitachiXHTS545050A7E380_TE854749D71VYMD71VYMX HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://feed.snapdo.com/?p=mKO_AwFzXIpYRbPGr6JN_C9Okvk3V9BHMT-IkVs3eDgJlBATeRnAqXYyYJDXLfK6eZDr--M9JXGUna04c8v3nrz1Jk2OMIEkAFi8neL2xxaMM0fcHoNm5vmWbLPW5CN0AYPk2M35zz1PFR2aDe5RpLaMZ9H6JXSicvSp283fnUxXXUyOc4lrcEbJwOmB3P0V3j4bPsbZVwOs4xGFHw,,&q={searchTerms} HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.nationzoom.com/web/?type=ds&ts=1387395746&from=tugs&uid=HitachiXHTS545050A7E380_TE854749D71VYMD71VYMX&q={searchTerms} HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.nationzoom.com/?type=hp&ts=1387395746&from=tugs&uid=HitachiXHTS545050A7E380_TE854749D71VYMD71VYMX HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.nationzoom.com/?type=hp&ts=1387395746&from=tugs&uid=HitachiXHTS545050A7E380_TE854749D71VYMD71VYMX HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.nationzoom.com/web/?type=ds&ts=1387395746&from=tugs&uid=HitachiXHTS545050A7E380_TE854749D71VYMD71VYMX&q={searchTerms} HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.nationzoom.com/web/?type=ds&ts=1387395746&from=tugs&uid=HitachiXHTS545050A7E380_TE854749D71VYMD71VYMX&q={searchTerms} HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.nationzoom.com/?type=hp&ts=1387395746&from=tugs&uid=HitachiXHTS545050A7E380_TE854749D71VYMD71VYMX HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.nationzoom.com/?type=hp&ts=1387395746&from=tugs&uid=HitachiXHTS545050A7E380_TE854749D71VYMD71VYMX HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.nationzoom.com/web/?type=ds&ts=1387395746&from=tugs&uid=HitachiXHTS545050A7E380_TE854749D71VYMD71VYMX&q={searchTerms} StartMenuInternet: IEXPLORE.EXE - C:\Program Files\Internet Explorer\iexplore.exe hxxp://www.nationzoom.com/?type=sc&ts=1387395746&from=tugs&uid=HitachiXHTS545050A7E380_TE854749D71VYMD71VYMX SearchScopes: HKLM - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.nationzoom.com/web/?type=ds&ts=1387395746&from=tugs&uid=HitachiXHTS545050A7E380_TE854749D71VYMD71VYMX&q={searchTerms} SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://start.mysearchdial.com/results.php?f=4&q={searchTerms}&a=irmsd1103&cd=2XzuyEtN2Y1L1Qzuzy0CtB0AyBtDyEzztD0Dzy0ByCtAtA0BtN0D0Tzu0SyBtCtDtN1L2XzutBtFtBtFtCyEtFtCtAyBzytN1L1CzutCyD1B1P1R&cr=501081809&ir= SearchScopes: HKLM - {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.nationzoom.com/web/?type=ds&ts=1387395746&from=tugs&uid=HitachiXHTS545050A7E380_TE854749D71VYMD71VYMX&q={searchTerms} SearchScopes: HKLM - {77AA745B-F4F8-45DA-9B14-61D2D95054C8} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=ASU2JS SearchScopes: HKLM-x32 - DefaultScope {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = hxxp://feed.snapdo.com/?p=mKO_AwFzXIpYRbPGr6JN_C9Okvk3V9BHMT-IkVs3eDgJlBATeRnAqXYyYJDXLfK6eZDr--M9JXGUna04c8v3nrz1Jk2OMIEkAFi8neL2xxaMM0fcHoNm5vmWbLPW5CN0AYPk2M35zz1PFR2aDe5RpLaMZ9H6JXSicvSp283fnUxXXUyOc4lrcEbJwOmB3P0V3j4bPsbZVwOs4xGFHw,,&q={searchTerms} SearchScopes: HKLM-x32 - {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = hxxp://feed.snapdo.com/?p=mKO_AwFzXIpYRbPGr6JN_C9Okvk3V9BHMT-IkVs3eDgJlBATeRnAqXYyYJDXLfK6eZDr--M9JXGUna04c8v3nrz1Jk2OMIEkAFi8neL2xxaMM0fcHoNm5vmWbLPW5CN0AYPk2M35zz1PFR2aDe5RpLaMZ9H6JXSicvSp283fnUxXXUyOc4lrcEbJwOmB3P0V3j4bPsbZVwOs4xGFHw,,&q={searchTerms} SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=ASU2JS SearchScopes: HKCU - DefaultScope {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = hxxp://feed.snapdo.com/?p=mKO_AwFzXIpYRbPGr6JN_C9Okvk3V9BHMT-IkVs3eDgJlBATeRnAqXYyYJDXLfK6eZDr--M9JXGUna04c8v3nrz1Jk2OMIEkAFi8neL2xxaMM0fcHoNm5vmWbLPW5CN0AYPk2M35zz1PFR2aDe5RpLaMZ9H6JXSicvSp283fnUxXXUyOc4lrcEbJwOmB3P0V3j4bPsbZVwOs4xGFHw,,&q={searchTerms} SearchScopes: HKCU - {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = hxxp://feed.snapdo.com/?p=mKO_AwFzXIpYRbPGr6JN_C9Okvk3V9BHMT-IkVs3eDgJlBATeRnAqXYyYJDXLfK6eZDr--M9JXGUna04c8v3nrz1Jk2OMIEkAFi8neL2xxaMM0fcHoNm5vmWbLPW5CN0AYPk2M35zz1PFR2aDe5RpLaMZ9H6JXSicvSp283fnUxXXUyOc4lrcEbJwOmB3P0V3j4bPsbZVwOs4xGFHw,,&q={searchTerms} SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKCU - {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = BHO: Plus-HD-2.2 - {11111111-1111-1111-1111-110311301136} - C:\Program Files (x86)\Plus-HD-2.2\Plus-HD-2.2-bho64.dll No File BHO-x32: IETabPage Class - {3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C} - C:\Program Files (x86)\SupTab\SupTab.dll No File BHO-x32: No Name - {84FF7BD6-B47F-46F8-9130-01B2696B36CB} - No File Toolbar: HKLM - No Name - {ae07101b-46d4-4a98-af68-0333ea26e113} - No File Toolbar: HKLM-x32 - No Name - {ae07101b-46d4-4a98-af68-0333ea26e113} - No File Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Windows\SysWow64\skype4com.dll (Skype Technologies) Tcpip\Parameters: [DhcpNameServer] 192.168.2.1 FireFox: ======== FF ProfilePath: C:\Users\Witali\AppData\Roaming\Mozilla\Firefox\Profiles\r5bdjt1m.default-1402150023995 FF Homepage: hxxp://rts.dsrlte.com FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_14_0_0_125.dll () FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_125.dll () FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation) FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation) FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF SearchPlugin: C:\Users\Witali\AppData\Roaming\Mozilla\Firefox\Profiles\r5bdjt1m.default-1402150023995\searchplugins\keepmysearch.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\nationzoom.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml FF Extension: HDvid Codec V6.0 - C:\Users\Witali\AppData\Roaming\Mozilla\Firefox\Profiles\r5bdjt1m.default-1402150023995\Extensions\34f57b0c-8cdb-4914-818c-928df47c6c4f@3a243122-a6fc-40c9-a1e6-ba11e930da09.com [2014-07-06] FF Extension: Plus-HD-2.2 - C:\Users\Witali\AppData\Roaming\Mozilla\Firefox\Profiles\r5bdjt1m.default-1402150023995\Extensions\4fdacf00-e9c4-4ad5-b4cf-bf9800f184f6@36857116-74e0-4973-936f-860cd2a102a9.com [2014-07-06] FF HKLM-x32\...\Firefox\Extensions: [quick_start@gmail.com] - C:\Users\Witali\AppData\Roaming\Mozilla\Firefox\Profiles\2sfzx2xn.default-1387402583828\extensions\quick_start@gmail.com FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK Chrome: ======= CHR Extension: (Plus-HD-2.2) - C:\Users\Witali\AppData\Local\Google\Chrome\User Data\Default\Extensions\kfakeonomonapccoamcmdgpoaicnpnoo [2013-12-18] CHR HKLM-x32\...\Chrome\Extension: [dnllcmllkjofnojidnaknldfehfhehoo] - C:\Program Files (x86)\HDvidCodec.com\HDvidCodec10.crx [2013-06-30] ==================== Services (Whitelisted) ================= R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [430160 2014-07-06] (Avira Operations GmbH & Co. KG) R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [430160 2014-07-06] (Avira Operations GmbH & Co. KG) R2 ASUS InstantOn; C:\Program Files (x86)\ASUS\ASUS InstantOn\InsOnSrv.exe [277120 2012-04-13] (ASUS) R2 BlueSoleilCS; C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BlueSoleilCS.exe [1578496 2012-08-14] (IVT Corporation) [File not signed] R3 BsHelpCS; C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BsHelpCS.exe [138752 2012-08-14] (IVT Corporation) [File not signed] R2 IePluginService; C:\ProgramData\IePluginService\PluginService.exe [705136 2014-04-11] (Cherished Technololgy LIMITED) R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [129856 2012-06-27] (Intel Corporation) R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [166720 2012-06-25] (Intel Corporation) R2 LPTSystemUpdater; C:\Program Files (x86)\LPT\srpts.exe [32288 2014-02-09] () R2 MBAMScheduler; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe [1809720 2014-05-12] (Malwarebytes Corporation) R2 MBAMService; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [860472 2014-05-12] (Malwarebytes Corporation) R2 sysTPLMonitor.exe; C:\Program Files (x86)\sysTPL\sysTPLMonitor.exe [399640 2014-01-24] (Tlapia) R2 sysTPLService.exe; C:\Program Files (x86)\sysTPL\sysTPLService.exe [400664 2014-01-24] (Tlapia) R2 VIAKaraokeService; C:\Windows\system32\viakaraokesrv.exe [27768 2012-10-22] (VIA Technologies, Inc.) S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [16048 2013-07-02] (Microsoft Corporation) R2 Wpm; C:\ProgramData\WPM\wprotectmanager.exe [510608 2014-03-05] (Cherished Technololgy LIMITED) ==================== Drivers (Whitelisted) ==================== R3 ATP; C:\Windows\System32\drivers\AsusTP.sys [62848 2012-11-20] (ASUS Corporation) R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [117712 2014-07-06] (Avira Operations GmbH & Co. KG) R1 avipbb; C:\Windows\system32\DRIVERS\avipbb.sys [130584 2014-06-07] (Avira Operations GmbH & Co. KG) R1 avkmgr; C:\Windows\system32\DRIVERS\avkmgr.sys [28600 2013-12-10] (Avira Operations GmbH & Co. KG) U5 BlueletAudio; C:\Windows\System32\Drivers\BlueletAudio.sys [34912 2012-06-15] (Ralink Corporation.) R3 BtAudioBusSrv; C:\Windows\System32\Drivers\BtAudioBus.sys [23136 2012-06-15] (IVT Corporation) U4 BthHFEnum; S3 BthL2caScoIfSrv; C:\Windows\System32\Drivers\BtL2caScoIf.sys [56904 2012-07-19] (Ralink Corporation) S3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [202752 2012-07-26] (Microsoft Corporation) S3 btUrbFilterDrv; C:\Windows\System32\Drivers\IvtUrbBtFlt.sys [48736 2012-08-14] (Ralink Corporation) R3 kbfiltr; C:\Windows\System32\drivers\kbfiltr.sys [14992 2012-08-02] ( ) R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-05-12] (Malwarebytes Corporation) R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [122584 2014-07-06] (Malwarebytes Corporation) R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [64216 2014-05-12] (Malwarebytes Corporation) R3 rtbth; C:\Windows\System32\drivers\rtbth.sys [695392 2012-08-14] (Ralink Technology, Corp.) R1 {b8a90375-3b37-4954-86de-f96c458c4ce2}w64; C:\Windows\System32\drivers\{b8a90375-3b37-4954-86de-f96c458c4ce2}w64.sys [61120 2014-04-24] (StdLib) U5 BlueletAudio; C:\Windows\SysWOW64\Drivers\BlueletAudio.sys [34912 2012-06-15] (Ralink Corporation.) U0 msahci; ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2014-07-06 12:16 - 2014-07-06 12:22 - 00000000 ____D () C:\FRST 2014-07-06 11:21 - 2014-07-06 11:21 - 00626510 _____ () C:\LOG1.Xml 2014-07-06 10:27 - 2014-07-06 10:27 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2014-07-06 10:26 - 2014-07-06 10:26 - 00001100 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk 2014-07-06 10:26 - 2014-07-06 10:26 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 2014-07-06 10:26 - 2014-07-06 10:26 - 00000000 ____D () C:\ProgramData\Malwarebytes 2014-07-06 10:26 - 2014-07-06 10:26 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 2014-07-06 10:26 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys 2014-07-06 10:26 - 2014-05-12 07:26 - 00064216 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys 2014-07-06 10:26 - 2014-05-12 07:25 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys 2014-07-06 09:53 - 2014-07-06 10:39 - 00000468 _____ () C:\Users\Witali\AppData\Roaming\Microsoft\Windows\Start Menu\Google.website 2014-06-23 22:16 - 2014-06-23 22:16 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox 2014-06-07 15:45 - 2014-06-07 15:45 - 00728960 _____ (Enigma Software Group USA, LLC.) C:\Users\Witali\Downloads\SpyHunter-installer.exe ==================== One Month Modified Files and Folders ======= 2014-07-06 12:22 - 2014-07-06 12:16 - 00000000 ____D () C:\FRST 2014-07-06 12:14 - 2013-06-02 22:11 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job 2014-07-06 12:03 - 2013-12-18 21:21 - 00000000 ____D () C:\Program Files (x86)\Plus-HD-2.2 2014-07-06 12:03 - 2013-05-16 18:36 - 00003592 _____ () C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-215413311-585589717-95820281-1001 2014-07-06 12:00 - 2012-07-26 10:12 - 00000000 ____D () C:\Windows\system32\sru 2014-07-06 11:48 - 2014-02-18 14:14 - 00000000 ____D () C:\Program Files (x86)\sysTPL 2014-07-06 11:45 - 2014-04-01 17:39 - 00000000 ____D () C:\Program Files (x86)\SupTab 2014-07-06 11:21 - 2014-07-06 11:21 - 00626510 _____ () C:\LOG1.Xml 2014-07-06 11:14 - 2013-12-18 21:14 - 00000000 ____D () C:\Program Files (x86)\HDvid Codec V6.0 2014-07-06 11:14 - 2013-10-26 20:58 - 00000000 ____D () C:\Program Files (x86)\HDvid Codec V1 2014-07-06 10:39 - 2014-07-06 09:53 - 00000468 _____ () C:\Users\Witali\AppData\Roaming\Microsoft\Windows\Start Menu\Google.website 2014-07-06 10:27 - 2014-07-06 10:27 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2014-07-06 10:26 - 2014-07-06 10:26 - 00001100 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk 2014-07-06 10:26 - 2014-07-06 10:26 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 2014-07-06 10:26 - 2014-07-06 10:26 - 00000000 ____D () C:\ProgramData\Malwarebytes 2014-07-06 10:26 - 2014-07-06 10:26 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 2014-07-06 09:51 - 2013-12-18 21:22 - 00001354 _____ () C:\Windows\Tasks\Plus-HD-2.2-updater.job 2014-07-06 09:51 - 2013-12-18 21:22 - 00001256 _____ () C:\Windows\Tasks\Plus-HD-2.2-codedownloader.job 2014-07-06 09:51 - 2013-12-18 21:22 - 00001156 _____ () C:\Windows\Tasks\Plus-HD-2.2-enabler.job 2014-07-06 09:51 - 2013-12-18 21:21 - 00002130 _____ () C:\Windows\Tasks\Plus-HD-2.2-firefoxinstaller.job 2014-07-06 09:51 - 2013-12-18 21:21 - 00002002 _____ () C:\Windows\Tasks\Plus-HD-2.2-chromeinstaller.job 2014-07-06 09:51 - 2013-12-18 21:14 - 00002198 _____ () C:\Windows\Tasks\HDvid Codec V6.0-firefoxinstaller.job 2014-07-06 09:51 - 2013-12-18 21:14 - 00001352 _____ () C:\Windows\Tasks\HDvid Codec V6.0-updater.job 2014-07-06 09:51 - 2013-10-26 20:58 - 00001222 _____ () C:\Windows\Tasks\HDvid Codec V1-codedownloader.job 2014-07-06 09:51 - 2013-05-16 18:29 - 00000401 _____ () C:\Users\Witali\AppData\Roaming\sp_data.sys 2014-07-06 09:13 - 2013-01-22 21:19 - 01556059 _____ () C:\Windows\WindowsUpdate.log 2014-07-06 09:01 - 2012-07-26 07:26 - 00000226 _____ () C:\Windows\win.ini 2014-07-06 08:59 - 2013-06-02 22:11 - 00003772 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater 2014-07-06 08:56 - 2013-06-01 11:22 - 00117712 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys 2014-07-06 08:54 - 2013-12-18 21:21 - 00000000 ____D () C:\Users\Witali\AppData\Roaming\newnext.me 2014-07-06 08:54 - 2013-12-11 00:10 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service 2014-07-01 20:12 - 2012-07-26 10:12 - 00000000 ____D () C:\Windows\AUInstallAgent 2014-06-23 22:16 - 2014-06-23 22:16 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox 2014-06-14 21:36 - 2012-07-26 09:59 - 00000000 ____D () C:\Windows\CbsTemp 2014-06-08 22:00 - 2013-12-09 22:40 - 00000000 ____D () C:\Program Files (x86)\Plus-HD-2.5 2014-06-07 16:08 - 2012-08-15 19:46 - 00000739 _____ () C:\Windows\SysWOW64\bscs.ini 2014-06-07 16:08 - 2012-08-02 15:24 - 00023334 _____ () C:\Windows\PFRO.log 2014-06-07 16:08 - 2012-07-26 09:22 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2014-06-07 16:07 - 2013-12-18 23:36 - 00000000 ____D () C:\Users\Witali\Desktop\Alte Firefox-Daten 2014-06-07 16:07 - 2012-07-26 07:26 - 00262144 ___SH () C:\Windows\system32\config\BBI 2014-06-07 15:45 - 2014-06-07 15:45 - 00728960 _____ (Enigma Software Group USA, LLC.) C:\Users\Witali\Downloads\SpyHunter-installer.exe 2014-06-07 15:26 - 2013-06-01 11:22 - 00130584 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys Files to move or delete: ==================== C:\ProgramData\SetStretch.exe Some content of TEMP: ==================== C:\Users\Witali\AppData\Local\Temp\96984uninstall.exe C:\Users\Witali\AppData\Local\Temp\avgnt.exe C:\Users\Witali\AppData\Local\Temp\BackupSetup.exe C:\Users\Witali\AppData\Local\Temp\dsrlte.exe C:\Users\Witali\AppData\Local\Temp\FortunitasUntemp.exe C:\Users\Witali\AppData\Local\Temp\mgsqlite3.dll C:\Users\Witali\AppData\Local\Temp\setupA9_.exe C:\Users\Witali\AppData\Local\Temp\ShoppinHelper2new2.exe C:\Users\Witali\AppData\Local\Temp\Sqlite3.dll C:\Users\Witali\AppData\Local\Temp\vcredist_x64.exe ==================== Bamital & volsnap Check ================= C:\Windows\System32\winlogon.exe => File is digitally signed C:\Windows\System32\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\System32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\System32\services.exe => File is digitally signed C:\Windows\System32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\System32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\System32\rpcss.dll => File is digitally signed C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2014-07-06 12:05 ==================== End Of Log ============================ --- --- --- |
Baum-Darstellung