| |
| |||||||
Log-Analyse und Auswertung: PUP.Optional.Multiplug und andere InfektionenWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
07.09.2014, 01:05
| #1 |
 |  PUP.Optional.Multiplug und andere Infektionen Hallo, ich hoffe es kann jemand helfen. ich habe hier einen Rechner bei dem durch einen Download mehrere Schadprogramme installiert wurden. Bitdefender (installierter Antivirus) hat verschiedene Dateien gefunden und Zugriffe auf infizierte Webressourcen geblockt und die entsprechenden Daten bzw. Programme wurden entfernt bzw. deinstalliert. Leider habe ich keine separaten Log-Dateien in Bitdefender gefunden, deshalb nur eine Auflistung der gefundenen Malware: Gen:Variant.Adware.Plush.1 Gen:Variant.Adware.Zusy.104466 Application ild_webssearches.exe Adware.Eorezo.BJ Application.Generic.708030 Anschließend wurde ein Scan mit Malwarebytes durchgeführt, bei dem weitere Malware gefunden wurde: Malwarebytes Anti-Malware www.malwarebytes.org Suchlauf Datum: 05.09.2014 Suchlauf-Zeit: 17:21:51 Logdatei: MB_05.09.14.txt Administrator: Ja Version: 2.00.2.1012 Malware Datenbank: v2014.09.05.05 Rootkit Datenbank: v2014.08.21.01 Lizenz: Testversion Malware Schutz: Aktiviert Bösartiger Webseiten Schutz: Aktiviert Self-protection: Deaktiviert Betriebssystem: Windows 7 Service Pack 1 CPU: x64 Dateisystem: NTFS Benutzer: Ich Suchlauf-Art: Bedrohungs-Suchlauf Ergebnis: Abgeschlossen Durchsuchte Objekte: 335775 Verstrichene Zeit: 10 Min, 11 Sek Speicher: Aktiviert Autostart: Aktiviert Dateisystem: Aktiviert Archive: Aktiviert Rootkits: Aktiviert Heuristics: Aktiviert PUP: Aktiviert PUM: Aktiviert Prozesse: 0 (No malicious items detected) Module: 0 (No malicious items detected) Registrierungsschlüssel: 12 PUP.Optional.Multiplug, HKLM\SOFTWARE\CLASSES\TYPELIB\{157B1AA6-3E5C-404A-9118-C1D91F537040}, In Quarantäne, [396084457efdae88cd01e595c53d659b], PUP.Optional.Multiplug, HKLM\SOFTWARE\CLASSES\INTERFACE\{3B3F3AAD-FB97-49FF-BFEE-D22869AC4326}, In Quarantäne, [396084457efdae88cd01e595c53d659b], PUP.Optional.Multiplug, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{3B3F3AAD-FB97-49FF-BFEE-D22869AC4326}, In Quarantäne, [396084457efdae88cd01e595c53d659b], PUP.Optional.Multiplug, HKLM\SOFTWARE\WOW6432NODE\CLASSES\TYPELIB\{157B1AA6-3E5C-404A-9118-C1D91F537040}, In Quarantäne, [396084457efdae88cd01e595c53d659b], PUP.Optional.FastSearchings, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE}, In Quarantäne, [2d6c71585b207abc5f51d08d9074758b], PUP.Optional.TornTV.A, HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\TheTorntv V10, In Quarantäne, [1f7ae1e8ff7c3402729bfb627f8551af], PUP.Optional.HQPro.A, HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\Total-1.8, In Quarantäne, [23764d7c0f6c9d99448933d0788b4db3], PUP.Optional.1ClickDownload.A, HKU\S-1-5-21-1268206590-3093409484-1136636918-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\1ClickDownload, In Quarantäne, [afea27a255261d19e84da598c24233cd], PUP.Optional.CrossRider.A, HKU\S-1-5-21-1268206590-3093409484-1136636918-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\Crossrider, In Quarantäne, [94057c4dd8a3261087aa0e4228dc35cb], PUP.Optional.WebSearchInfo, HKU\S-1-5-21-1268206590-3093409484-1136636918-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE}, In Quarantäne, [cccd09c0314a40f6070c3f0b1de730d0], PUP.Optional.GlobalUpdate.A, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\GOOGLEUPDATE.EXE, In Quarantäne, [801921a8d4a7c86e0dd8647ea959b54b], PUP.Optional.GlobalUpdate.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\GOOGLEUPDATE.EXE, In Quarantäne, [801921a8d4a7c86e0dd8647ea959b54b], Registrierungswerte: 3 PUP.Optional.VOPackage.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\RUNONCE|VOPackage, C:\Users\Ich\AppData\Roaming\VOPackage\VOPackage.exe /runonce, In Quarantäne, [7623e2e744370d291c89ea2426ddfb05] PUP.Optional.WebSearchInfo, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES|DefaultScope, {BB74DE59-BC4C-4172-9AC4-73315F71CFFE}, In Quarantäne, [70293b8e1f5c1f176195dd82be4641bf] PUP.Optional.WebSearchInfo, HKU\S-1-5-21-1268206590-3093409484-1136636918-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES|DefaultScope, {BB74DE59-BC4C-4172-9AC4-73315F71CFFE}, In Quarantäne, [c9d0d5f49cdfbf77c2522129669eb050] Registrierungsdaten: 0 (No malicious items detected) Ordner: 6 PUP.Optional.GlobalUpdate.A, C:\Users\Ich\AppData\Local\Temp\comh.363178, In Quarantäne, [801921a8d4a7c86e0dd8647ea959b54b], PUP.Optional.GlobalUpdate.A, C:\Users\Ich\AppData\Local\Temp\comh.56723, In Quarantäne, [e8b17a4fdaa16fc7d51036ac5da5eb15], PUP.Optional.MultiPlug.A, C:\ProgramData\pricechop, In Quarantäne, [ecad27a26a1100368a60548ece341ae6], PUP.Optional.CrossRider.A, C:\Users\Ich\AppData\Local\Google\Chrome\User Data\Default\Extensions\bkjbflodeemohgdgjgkabkpgeddeoiid, In Quarantäne, [4851c900ff7cd660f63b2dc05da5ff01], PUP.Optional.CrossRider.A, C:\Users\Ich\AppData\Local\Google\Chrome\User Data\Default\Extensions\bkjbflodeemohgdgjgkabkpgeddeoiid\1.26.25_0, In Quarantäne, [4851c900ff7cd660f63b2dc05da5ff01], PUP.Optional.MultiPlug, C:\ProgramData\Adblocker, In Quarantäne, [623773568af1979ffe85648b788af709], Dateien: 44 PUP.Optional.TornTV.A, C:\Users\Ich\AppData\Roaming\MQDC.exe, In Quarantäne, [e5b491388eed67cf909cdfc347ba38c8], PUP.Optional.CrossRider.A, C:\Users\Ich\AppData\Local\Temp\~nsu.tmp\Au_.exe, In Quarantäne, [2a6f6663cdae93a3e08bb68e31cf5ea2], PUP.Optional.OneClickDownloader.A, C:\Users\Ich\Downloads\XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX.exe, In Quarantäne, [8910f4d5265584b2014e69b75da4847c], PUP.Optional.CrossRider.T, C:\Windows\System32\Tasks\f602e71e-ead0-4e29-8b65-871d6c2a73b5-1, In Quarantäne, [8e0b7257700bf5417086ab52de248878], PUP.Optional.CrossRider.T, C:\Windows\System32\Tasks\f602e71e-ead0-4e29-8b65-871d6c2a73b5-11, In Quarantäne, [3c5dad1c4f2c6acc1fd77b823cc6d62a], PUP.Optional.CrossRider.T, C:\Windows\System32\Tasks\f602e71e-ead0-4e29-8b65-871d6c2a73b5-3, In Quarantäne, [b0e9e1e8ec8f96a06c8a9e5fe81ac33d], PUP.Optional.CrossRider.T, C:\Windows\System32\Tasks\f602e71e-ead0-4e29-8b65-871d6c2a73b5-4, In Quarantäne, [73265c6dd6a5c86ec036c93422e019e7], PUP.Optional.CrossRider.T, C:\Windows\System32\Tasks\f602e71e-ead0-4e29-8b65-871d6c2a73b5-5, In Quarantäne, [4d4c5d6cd4a786b054a2a05d9e6406fa], PUP.Optional.CrossRider.T, C:\Windows\System32\Tasks\f602e71e-ead0-4e29-8b65-871d6c2a73b5-5_user, In Quarantäne, [bbde8742bfbcea4c55a148b5b84acd33], PUP.Optional.VOPackage.A, C:\Users\Ich\AppData\Roaming\VOPackage\VOPackage.exe, In Quarantäne, [7623e2e744370d291c89ea2426ddfb05], PUP.Optional.WebSearch.A, C:\Users\Ich\AppData\Roaming\Mozilla\Firefox\Profiles\quh1ckxf.default\searchplugins\WebSearch.xml, In Quarantäne, [653497327b000c2afda7cf4cb44f05fb], PUP.Optional.CrossRider.T, C:\Windows\Tasks\f602e71e-ead0-4e29-8b65-871d6c2a73b5-1.job, Löschen bei Neustart, [4b4e3891c5b6f4429607f5677f85718f], PUP.Optional.CrossRider.T, C:\Windows\Tasks\f602e71e-ead0-4e29-8b65-871d6c2a73b5-11.job, Löschen bei Neustart, [6e2b81485625b87ee2bb520a4fb59c64], PUP.Optional.CrossRider.T, C:\Windows\Tasks\f602e71e-ead0-4e29-8b65-871d6c2a73b5-3.job, Löschen bei Neustart, [d6c3d5f43645033376275dff7490f010], PUP.Optional.CrossRider.T, C:\Windows\Tasks\f602e71e-ead0-4e29-8b65-871d6c2a73b5-4.job, Löschen bei Neustart, [4e4ba920651683b3fca13c2062a2619f], PUP.Optional.CrossRider.T, C:\Windows\Tasks\f602e71e-ead0-4e29-8b65-871d6c2a73b5-5.job, Löschen bei Neustart, [c0d940891368c76f5a43b2aad232a858], PUP.Optional.CrossRider.T, C:\Windows\Tasks\f602e71e-ead0-4e29-8b65-871d6c2a73b5-5_user.job, Löschen bei Neustart, [9cfd4f7a1c5f0b2bcad316460df731cf], PUP.Optional.GlobalUpdate.A, C:\Windows\Tasks\globalUpdateUpdateTaskMachineCore.job, Löschen bei Neustart, [0a8f8742a3d866d03380d58791733fc1], PUP.Optional.GlobalUpdate.A, C:\Windows\System32\Tasks\globalUpdateUpdateTaskMachineCore, In Quarantäne, [7821b118b0cb69cd09ab0755e61e17e9], PUP.Optional.GlobalUpdate.A, C:\Windows\Tasks\globalUpdateUpdateTaskMachineUA.job, Löschen bei Neustart, [41585b6e6d0e71c58530d983c143f50b], PUP.Optional.GlobalUpdate.A, C:\Windows\System32\Tasks\globalUpdateUpdateTaskMachineUA, In Quarantäne, [30691cad5d1eea4c288e5b010afa0ef2], PUP.Optional.GlobalUpdate.A, C:\Users\Ich\AppData\Local\Temp\comh.363178\GoogleCrashHandler.exe, In Quarantäne, [801921a8d4a7c86e0dd8647ea959b54b], PUP.Optional.GlobalUpdate.A, C:\Users\Ich\AppData\Local\Temp\comh.363178\GoogleUpdate.exe, In Quarantäne, [801921a8d4a7c86e0dd8647ea959b54b], PUP.Optional.GlobalUpdate.A, C:\Users\Ich\AppData\Local\Temp\comh.363178\GoogleUpdateBroker.exe, In Quarantäne, [801921a8d4a7c86e0dd8647ea959b54b], PUP.Optional.GlobalUpdate.A, C:\Users\Ich\AppData\Local\Temp\comh.363178\GoogleUpdateHelper.msi, In Quarantäne, [801921a8d4a7c86e0dd8647ea959b54b], PUP.Optional.GlobalUpdate.A, C:\Users\Ich\AppData\Local\Temp\comh.363178\GoogleUpdateOnDemand.exe, In Quarantäne, [801921a8d4a7c86e0dd8647ea959b54b], PUP.Optional.GlobalUpdate.A, C:\Users\Ich\AppData\Local\Temp\comh.363178\goopdate.dll, In Quarantäne, [801921a8d4a7c86e0dd8647ea959b54b], PUP.Optional.GlobalUpdate.A, C:\Users\Ich\AppData\Local\Temp\comh.363178\goopdateres_en.dll, In Quarantäne, [801921a8d4a7c86e0dd8647ea959b54b], PUP.Optional.GlobalUpdate.A, C:\Users\Ich\AppData\Local\Temp\comh.363178\npGoogleUpdate4.dll, In Quarantäne, [801921a8d4a7c86e0dd8647ea959b54b], PUP.Optional.GlobalUpdate.A, C:\Users\Ich\AppData\Local\Temp\comh.363178\psmachine.dll, In Quarantäne, [801921a8d4a7c86e0dd8647ea959b54b], PUP.Optional.GlobalUpdate.A, C:\Users\Ich\AppData\Local\Temp\comh.363178\psuser.dll, In Quarantäne, [801921a8d4a7c86e0dd8647ea959b54b], PUP.Optional.GlobalUpdate.A, C:\Users\Ich\AppData\Local\Temp\comh.56723\GoogleCrashHandler.exe, In Quarantäne, [e8b17a4fdaa16fc7d51036ac5da5eb15], PUP.Optional.GlobalUpdate.A, C:\Users\Ich\AppData\Local\Temp\comh.56723\GoogleUpdate.exe, In Quarantäne, [e8b17a4fdaa16fc7d51036ac5da5eb15], PUP.Optional.GlobalUpdate.A, C:\Users\Ich\AppData\Local\Temp\comh.56723\GoogleUpdateBroker.exe, In Quarantäne, [e8b17a4fdaa16fc7d51036ac5da5eb15], PUP.Optional.GlobalUpdate.A, C:\Users\Ich\AppData\Local\Temp\comh.56723\GoogleUpdateHelper.msi, In Quarantäne, [e8b17a4fdaa16fc7d51036ac5da5eb15], PUP.Optional.GlobalUpdate.A, C:\Users\Ich\AppData\Local\Temp\comh.56723\GoogleUpdateOnDemand.exe, In Quarantäne, [e8b17a4fdaa16fc7d51036ac5da5eb15], PUP.Optional.GlobalUpdate.A, C:\Users\Ich\AppData\Local\Temp\comh.56723\goopdate.dll, In Quarantäne, [e8b17a4fdaa16fc7d51036ac5da5eb15], PUP.Optional.GlobalUpdate.A, C:\Users\Ich\AppData\Local\Temp\comh.56723\goopdateres_en.dll, In Quarantäne, [e8b17a4fdaa16fc7d51036ac5da5eb15], PUP.Optional.GlobalUpdate.A, C:\Users\Ich\AppData\Local\Temp\comh.56723\npGoogleUpdate4.dll, In Quarantäne, [e8b17a4fdaa16fc7d51036ac5da5eb15], PUP.Optional.GlobalUpdate.A, C:\Users\Ich\AppData\Local\Temp\comh.56723\psmachine.dll, In Quarantäne, [e8b17a4fdaa16fc7d51036ac5da5eb15], PUP.Optional.GlobalUpdate.A, C:\Users\Ich\AppData\Local\Temp\comh.56723\psuser.dll, In Quarantäne, [e8b17a4fdaa16fc7d51036ac5da5eb15], PUP.Optional.MultiPlug, C:\ProgramData\Adblocker\Osf.dat, In Quarantäne, [623773568af1979ffe85648b788af709], PUP.Optional.WebSearch.A, C:\Users\Ich\AppData\Roaming\Mozilla\Firefox\Profiles\quh1ckxf.default\prefs.js, Gut: (), Schlecht: (user_pref("keyword.URL", "hxxp://websearch.flyandsearch.info/?unqvl=59&idate=2014/08/21&l=1&q=")  , Ersetzt,[3f5a22a7403b01359869ad74dd2839c7]PUP.Optional.FlyAndSearch, C:\Users\Ich\AppData\Roaming\Mozilla\Firefox\Profiles\quh1ckxf.default\prefs.js, Gut: (), Schlecht: (user_pref("browser.search.defaulturl", "hxxp://websearch.flyandsearch.info/?unqvl=59&idate=2014/08/21&l=1&q=") , Ersetzt,[82179c2d0d6e90a63e4af82b4cb9966a]Physische Sektoren: 0 (No malicious items detected) (end) Dann wurde der Computer mit Spybot, Kaspersky und Housecall gescannt, wobei jeweils keine weiteren Schadprogramme gefunden wurden. Durch DDS und OTL erstellte Log-Files wurden auf Unstimmigkeiten überprüft und grobe Auffälligkeiten beseitigt. Die aktuellem Log-Dateien von DDs, OTL, FRST und GMER sind leider zu lang für diesen Post deswegen habe ich sie als zip Dateien angehängt. Schon mal vielen Dank fürs durchsehen. Viele Grüße, Jascha |
|
07.09.2014, 06:25
| #2 |
| /// the machine /// TB-Ausbilder    | PUP.Optional.Multiplug und andere Infektionen Hi,
__________________Logs bitte immer in den Thread posten. Zur Not aufteilen und mehrere Posts nutzen. Ich kann auf Arbeit keine Anhänge öffnen, danke.  So funktioniert es:Posten in CODE-Tags Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert mir massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu gross für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
Bitte nur die FRST logs posten.
__________________ |
|
07.09.2014, 10:55
| #3 |
| | PUP.Optional.Multiplug und andere Infektionen Ok, hier der FRST Log:
__________________FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 06-09-2014 Ran by Ich (administrator) on MINE on 06-09-2014 22:57:16 Running from C:\Users\Ich\Downloads Platform: Windows 7 Enterprise Service Pack 1 (X64) OS Language: Englisch (USA) Internet Explorer Version 11 Boot Mode: Normal The only official download link for FRST: Download link for 32-Bit version: Downloading Farbar Recovery Scan Tool Download link for 64-Bit Version: Downloading Farbar Recovery Scan Tool Download link from any site other than Bleeping Computer is unpermitted or outdated. See tutorial for FRST: FRST Tutorial - How to use Farbar Recovery Scan Tool - Malware Removal Guides and Tutorials ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (Bitdefender) C:\Program Files\Bitdefender\Bitdefender\vsserv.exe (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe (Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe (Bitdefender) C:\Program Files\Bitdefender\Bitdefender\updatesrv.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe (Bitdefender) C:\Program Files\Bitdefender\Bitdefender\bdagent.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe (Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe (Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch HKLM\...\Run: [Bdagent] => C:\Program Files\Bitdefender\Bitdefender\bdagent.exe [1743088 2014-08-13] (Bitdefender) HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [472984 2013-12-10] (Adobe Systems Incorporated) HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2403104 2014-07-25] (NVIDIA Corporation) HKLM-x32\...\Run: [AdobeCS5.5ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe [1523360 2011-01-12] (Adobe Systems Incorporated) HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-12-21] (Adobe Systems Incorporated) Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X] HKU\.DEFAULT\...\Run: [Bitdefender Wallet Agent] => C:\Program Files\Bitdefender\Bitdefender\pmbxag.exe [568400 2014-08-13] (Bitdefender) HKU\.DEFAULT\...\Run: [Bitdefender Wallet] => C:\Program Files\Bitdefender\Bitdefender\pwdmanui.exe [1002048 2014-08-13] (Bitdefender) HKU\.DEFAULT\...\Run: [Bitdefender Wallet Application Agent] => C:\Program Files\Bitdefender\Bitdefender\antispam32\bdapppassmgr.exe [615256 2014-08-13] (Bitdefender) HKU\.DEFAULT\...\RunOnce: [SPReview] => C:\Windows\System32\SPReview\SPReview.exe [301568 2014-01-24] (Microsoft Corporation) HKU\S-1-5-21-1268206590-3093409484-1136636918-1001\...\Run: [AdobeBridge] => [X] BootExecute: autocheck autochk * sdnclean64.exe GroupPolicy: Group Policy on Chrome detected <======= ATTENTION ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank BHO: Bitdefender Wallet -> {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} -> C:\Program Files\Bitdefender\Bitdefender\pmbxie.dll (Bitdefender) BHO: Citavi Picker -> {609D670F-B735-4da7-AC6D-F3BD358E325E} -> C:\Windows\system32\mscoree.dll (Microsoft Corporation) BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_20\bin\ssv.dll (Oracle Corporation) BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_20\bin\jp2ssv.dll (Oracle Corporation) BHO-x32: Bitdefender Wallet -> {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} -> C:\Program Files\Bitdefender\Bitdefender\Antispam32\pmbxie.dll (Bitdefender) BHO-x32: Citavi Picker -> {609D670F-B735-4da7-AC6D-F3BD358E325E} -> C:\Windows\SysWOW64\mscoree.dll (Microsoft Corporation) BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) Tcpip\Parameters: [DhcpNameServer] 192.168.2.1 FireFox: ======== FF ProfilePath: C:\Users\Ich\AppData\Roaming\Mozilla\Firefox\Profiles\quh1ckxf.default FF Homepage: about:home FF NetworkProxy: "type", 0 FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_14_0_0_179.dll () FF Plugin: @java.com/DTPlugin,version=11.20.2 -> C:\Program Files\Java\jre1.8.0_20\bin\dtplugin\npDeployJava1.dll (Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=11.20.2 -> C:\Program Files\Java\jre1.8.0_20\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll (Adobe Systems) FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_179.dll () FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation) FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation) FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml FF Extension: YouTube Unblocker - C:\Users\Ich\AppData\Roaming\Mozilla\Firefox\Profiles\quh1ckxf.default\Extensions\youtubeunblocker@unblocker.yt [2014-05-01] FF Extension: Deutsch (DE) Language Pack - C:\Users\Ich\AppData\Roaming\Mozilla\Firefox\Profiles\quh1ckxf.default\Extensions\langpack-de@firefox.mozilla.org.xpi [2014-08-24] FF Extension: English (GB) Language Pack - C:\Users\Ich\AppData\Roaming\Mozilla\Firefox\Profiles\quh1ckxf.default\Extensions\langpack-en-GB@firefox.mozilla.org.xpi [2014-08-24] FF Extension: Adblock Plus - C:\Users\Ich\AppData\Roaming\Mozilla\Firefox\Profiles\quh1ckxf.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-01-24] FF HKLM\...\Thunderbird\Extensions: [bdThunderbird@bitdefender.com] - C:\Program Files\Bitdefender\Bitdefender\bdtbext FF Extension: bdToolbar - C:\Program Files\Bitdefender\Bitdefender\bdtbext [2014-01-24] FF HKLM-x32\...\Firefox\Extensions: [ffpwdman@bitdefender.com] - C:\Program Files\Bitdefender\Bitdefender\Antispam32\ffpwdman FF Extension: Bitdefender Wallet - C:\Program Files\Bitdefender\Bitdefender\Antispam32\ffpwdman [2014-01-24] FF HKLM-x32\...\Firefox\Extensions: [{8AA36F4F-6DC7-4c06-77AF-5035170634FE}] - C:\ProgramData\Swiss Academic Software\Citavi Picker\Firefox FF Extension: Citavi Picker - C:\ProgramData\Swiss Academic Software\Citavi Picker\Firefox [2014-05-02] FF HKLM-x32\...\Thunderbird\Extensions: [bdThunderbird@bitdefender.com] - C:\Program Files\Bitdefender\Bitdefender\bdtbext Chrome: ======= CHR Profile: C:\Users\Ich\AppData\Local\Google\Chrome\User Data\Default CHR Extension: (HTML Saver) - C:\Users\Ich\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapbdbdomjkkjkaonfhkkikfgjllcleb [2014-08-21] CHR HKLM-x32\...\Chrome\Extension: [ccahoghmggldkcdjiebjkidpfongdfbl] - C:\Program Files\Bitdefender\Bitdefender\Antispam32\pmbxcr.crx [2014-03-10] CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION ==================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) S4 BdDesktopParental; C:\Program Files\Bitdefender\Bitdefender\bdparentalservice.exe [77632 2014-08-13] (Bitdefender) R2 MBAMScheduler; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe [1809720 2014-05-12] (Malwarebytes Corporation) R2 MBAMService; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [860472 2014-05-12] (Malwarebytes Corporation) R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1720608 2014-07-25] (NVIDIA Corporation) R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [18956064 2014-07-25] (NVIDIA Corporation) S3 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1738168 2014-06-24] (Safer-Networking Ltd.) R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2088408 2014-06-27] (Safer-Networking Ltd.) S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed] R2 UPDATESRV; C:\Program Files\Bitdefender\Bitdefender\updatesrv.exe [67320 2014-08-13] (Bitdefender) R2 VSSERV; C:\Program Files\Bitdefender\Bitdefender\vsserv.exe [1528896 2014-08-13] (Bitdefender) S2 WLMS; C:\Windows\system32\wlms\wlms.exe [19456 2009-07-14] (Microsoft Corporation) ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R0 avc3; C:\Windows\System32\DRIVERS\avc3.sys [1260120 2014-08-13] (BitDefender) R3 avchv; C:\Windows\System32\DRIVERS\avchv.sys [261056 2012-11-02] (BitDefender) R3 avckf; C:\Windows\System32\DRIVERS\avckf.sys [647752 2014-08-13] (BitDefender) R1 BdfNdisf; c:\program files\common files\bitdefender\bitdefender firewall\bdfndisf6.sys [93600 2014-05-22] (BitDefender LLC) R1 bdfwfpf; C:\Program Files\Common Files\Bitdefender\Bitdefender Firewall\bdfwfpf.sys [103504 2011-11-14] (BitDefender LLC) S3 bdfwfpf_pc; C:\Program Files\Common Files\Bitdefender\Bitdefender Firewall\bdfwfpf_pc.sys [121928 2013-07-02] (Bitdefender SRL) S3 BDSandBox; C:\Windows\system32\drivers\bdsandbox.sys [82824 2013-11-04] (BitDefender SRL) R3 ffusb2audio; C:\Windows\System32\DRIVERS\ffusb2audio.sys [127280 2013-09-25] (Focusrite Audio Engineering Limited.) R0 gzflt; C:\Windows\System32\DRIVERS\gzflt.sys [150256 2013-08-23] (BitDefender LLC) R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-05-12] (Malwarebytes Corporation) R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [122584 2014-09-06] (Malwarebytes Corporation) R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-05-12] (Malwarebytes Corporation) R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [20256 2014-07-25] (NVIDIA Corporation) R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [40392 2014-03-31] (NVIDIA Corporation) R0 trufos; C:\Windows\System32\DRIVERS\trufos.sys [419616 2014-08-13] (BitDefender S.R.L.) S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X] S3 tsusbhub; system32\drivers\tsusbhub.sys [X] S3 VGPU; System32\drivers\rdvgkmd.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2014-09-06 22:57 - 2014-09-06 22:57 - 00013411 _____ () C:\Users\Ich\Downloads\FRST.txt 2014-09-06 22:56 - 2014-09-06 22:57 - 00000000 ____D () C:\FRST 2014-09-06 22:47 - 2014-09-06 22:48 - 02104832 _____ (Farbar) C:\Users\Ich\Downloads\FRST64.exe 2014-09-06 22:47 - 2014-09-06 22:47 - 00380416 _____ () C:\Users\Ich\Downloads\4mr1c7mt.exe 2014-09-06 22:33 - 2014-09-06 22:33 - 00083820 _____ () C:\Users\Ich\Desktop\OTL.Txt 2014-09-06 22:05 - 2014-09-06 22:07 - 00018261 _____ () C:\Users\Ich\Desktop\dds.txt 2014-09-06 22:05 - 2014-09-06 22:07 - 00005878 _____ () C:\Users\Ich\Desktop\attach.txt 2014-09-06 22:01 - 2014-09-06 22:01 - 00000168 _____ () C:\Windows\setupact.log 2014-09-06 22:01 - 2014-09-06 22:01 - 00000000 _____ () C:\Windows\setuperr.log 2014-09-06 21:22 - 2014-09-04 13:06 - 00033435 _____ () C:\Users\Ich\bookmarks-2014-09-04_201_R0v3OVKTeXmw+-jqzFT1Sg==.jsonlz4 2014-09-06 19:45 - 2014-09-06 19:45 - 00254858 _____ () C:\Users\Ich\AppData\Local\census.cache 2014-09-06 19:45 - 2014-09-06 19:45 - 00103849 _____ () C:\Users\Ich\AppData\Local\ars.cache 2014-09-06 14:15 - 2014-09-06 14:15 - 02405664 _____ (Trend Micro Inc.) C:\Users\Ich\Downloads\HousecallLauncher64.exe 2014-09-06 14:15 - 2014-09-06 14:15 - 00416576 _____ (Kaspersky Lab) C:\Users\Ich\Downloads\de-de.setup.exe 2014-09-06 14:15 - 2014-09-06 14:15 - 00000036 _____ () C:\Users\Ich\AppData\Local\housecall.guid.cache 2014-09-06 14:03 - 2014-09-06 14:03 - 00602112 _____ (OldTimer Tools) C:\Users\Ich\Desktop\OTL.exe 2014-09-06 11:58 - 2014-09-06 12:00 - 00000000 ____D () C:\AdwCleaner 2014-09-06 11:56 - 2014-09-06 11:56 - 01370467 _____ () C:\Users\Ich\Downloads\adwcleaner_3.309.exe 2014-09-06 11:22 - 2014-09-06 11:22 - 00688992 ____R (Swearware) C:\Users\Ich\Downloads\dds.scr 2014-09-06 10:28 - 2014-09-06 10:28 - 02365840 _____ () C:\Users\Ich\Downloads\SecurityTaskManager_Setup.exe 2014-09-06 10:23 - 2014-09-06 10:23 - 00540072 _____ (Neuber Software) C:\Users\Ich\Downloads\SvchostAnalyzer.exe 2014-09-05 18:29 - 2014-09-05 18:29 - 00000000 ____D () C:\Users\Ich\Documents\ProcAlyzer Dumps 2014-09-05 17:57 - 2014-09-05 17:57 - 00000000 ____D () C:\Windows\System32\Tasks\Safer-Networking 2014-09-05 17:56 - 2014-09-05 18:29 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy 2014-09-05 17:56 - 2014-09-05 18:00 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy 2 2014-09-05 17:56 - 2014-09-05 17:56 - 00001395 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk 2014-09-05 17:56 - 2014-09-05 17:56 - 00001383 _____ () C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk 2014-09-05 17:56 - 2013-09-20 10:49 - 00021040 _____ (Safer Networking Limited) C:\Windows\system32\sdnclean64.exe 2014-09-05 17:54 - 2014-09-05 17:55 - 46525608 _____ (Safer-Networking Ltd. ) C:\Users\Ich\Downloads\spybot-2.4.exe 2014-09-05 17:18 - 2014-09-06 22:34 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2014-09-05 17:17 - 2014-09-05 17:17 - 00001106 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk 2014-09-05 17:17 - 2014-09-05 17:17 - 00000000 ____D () C:\ProgramData\Malwarebytes 2014-09-05 17:17 - 2014-09-05 17:17 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 2014-09-05 17:17 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys 2014-09-05 17:17 - 2014-05-12 07:26 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys 2014-09-05 17:17 - 2014-05-12 07:25 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys 2014-09-05 17:16 - 2014-09-05 17:17 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Ich\Downloads\mbam-setup-2.0.2.1012.exe 2014-09-05 13:43 - 2014-09-06 10:14 - 00001326 _____ () C:\Windows\Tasks\MQDC-job-furz 2014-09-05 13:43 - 2014-09-05 23:33 - 00004352 _____ () C:\Windows\System32\Tasks\MQDC 2014-09-03 19:45 - 2014-09-03 19:45 - 04870145 _____ () C:\Users\Ich\Downloads\Lemmings_en.zip 2014-09-02 21:22 - 2014-09-06 14:54 - 00002517 _____ () C:\Users\Public\Desktop\Skype.lnk 2014-09-02 21:22 - 2014-09-06 14:54 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype 2014-09-02 21:22 - 2014-09-02 23:55 - 00000000 ____D () C:\Users\Ich\AppData\Roaming\Skype 2014-09-02 21:22 - 2014-09-02 21:22 - 00000000 ___RD () C:\Program Files (x86)\Skype 2014-09-02 21:22 - 2014-09-02 21:22 - 00000000 ____D () C:\Users\Ich\AppData\Local\Skype 2014-09-02 21:21 - 2014-09-06 14:54 - 00000000 ____D () C:\ProgramData\Skype 2014-09-02 21:20 - 2014-09-02 21:20 - 01677928 _____ (Skype Technologies S.A.) C:\Users\Ich\Downloads\SkypeSetup.exe 2014-09-02 20:00 - 2014-09-02 20:00 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox 2014-09-01 10:18 - 2014-09-01 10:18 - 00002086 _____ () C:\Users\Ich\AppData\Roaming\MQDC 2014-08-30 12:42 - 2014-08-30 12:42 - 00109280 _____ () C:\Users\Ich\AppData\Local\GDIPFONTCACHEV1.DAT 2014-08-30 10:58 - 2014-08-30 11:00 - 04966568 _____ () C:\Windows\system32\FNTCACHE.DAT 2014-08-30 00:37 - 2014-08-30 00:38 - 04901352 _____ (Piriform Ltd) C:\Users\Ich\Downloads\ccsetup417.exe 2014-08-29 15:40 - 2014-08-29 15:41 - 06224233 _____ () C:\Users\Ich\Downloads\Kokusnu__pilz.zip 2014-08-29 12:49 - 2014-08-23 04:07 - 00404480 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll 2014-08-29 12:49 - 2014-08-23 03:45 - 00311808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll 2014-08-29 12:49 - 2014-08-23 02:59 - 03163648 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys 2014-08-24 21:51 - 2014-08-24 21:51 - 00000967 _____ () C:\Users\Public\Desktop\MEGA6.lnk 2014-08-24 21:51 - 2014-08-24 21:51 - 00000000 ____D () C:\Users\Ich\AppData\Roaming\MEGA6_6140226 2014-08-24 21:51 - 2014-08-24 21:51 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MEGA6 2014-08-24 21:51 - 2014-08-24 21:51 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ImageMagick 6.7.5 Q16 2014-08-24 21:51 - 2014-08-24 21:51 - 00000000 ____D () C:\Program Files (x86)\MEGA6 2014-08-23 14:23 - 2014-08-23 14:23 - 04813544 _____ (Piriform Ltd) C:\Users\Ich\Downloads\ccsetup416.exe 2014-08-21 11:19 - 2014-08-21 11:19 - 00111016 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge-64.dll 2014-08-21 11:19 - 2014-08-21 11:19 - 00000000 ____D () C:\Program Files\Java 2014-08-21 10:54 - 2014-08-21 11:09 - 00000000 ____D () C:\ProgramData\89862a08bda44ad 2014-08-21 10:54 - 2014-08-21 10:54 - 00000394 __RSH () C:\ProgramData\ntuser.pol 2014-08-21 10:54 - 2014-08-21 10:54 - 00000000 ____D () C:\Users\Ich\AppData\Local\Google 2014-08-21 10:54 - 2014-08-21 10:54 - 00000000 ____D () C:\Users\Ich\AppData\Local\Comodo 2014-08-21 10:54 - 2014-08-21 10:54 - 00000000 ____D () C:\Users\HomeGroupUser$\AppData\Local\Google 2014-08-21 10:54 - 2014-08-21 10:54 - 00000000 ____D () C:\Users\HomeGroupUser$\AppData\Local\Comodo 2014-08-21 10:54 - 2014-08-21 10:54 - 00000000 ____D () C:\Users\HomeGroupUser$ 2014-08-21 10:54 - 2014-08-21 10:54 - 00000000 ____D () C:\Users\Guest\AppData\Local\Google 2014-08-21 10:54 - 2014-08-21 10:54 - 00000000 ____D () C:\Users\Guest\AppData\Local\Comodo 2014-08-21 10:54 - 2014-08-21 10:54 - 00000000 ____D () C:\Users\Guest 2014-08-21 10:54 - 2014-08-21 10:54 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Google 2014-08-21 10:54 - 2014-08-21 10:54 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Comodo 2014-08-21 10:54 - 2014-08-21 10:54 - 00000000 ____D () C:\Users\Administrator 2014-08-18 17:52 - 2014-09-06 10:24 - 00000000 ____D () C:\Users\Ich\AppData\Local\Adobe 2014-08-13 21:37 - 2014-08-13 21:37 - 01260120 _____ (BitDefender) C:\Windows\system32\Drivers\avc3.sys 2014-08-12 20:15 - 2014-07-01 00:24 - 00008856 _____ (Microsoft Corporation) C:\Windows\system32\icardres.dll 2014-08-12 20:15 - 2014-07-01 00:14 - 00008856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardres.dll 2014-08-12 20:15 - 2014-06-06 08:16 - 00035480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TsWpfWrp.exe 2014-08-12 20:15 - 2014-06-06 08:12 - 00035480 _____ (Microsoft Corporation) C:\Windows\system32\TsWpfWrp.exe 2014-08-12 20:15 - 2014-03-09 23:48 - 01389208 _____ (Microsoft Corporation) C:\Windows\system32\icardagt.exe 2014-08-12 20:15 - 2014-03-09 23:48 - 00171160 _____ (Microsoft Corporation) C:\Windows\system32\infocardapi.dll 2014-08-12 20:15 - 2014-03-09 23:47 - 00619672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardagt.exe 2014-08-12 20:15 - 2014-03-09 23:47 - 00099480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\infocardapi.dll 2014-08-12 20:00 - 2014-08-01 01:41 - 00348856 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll 2014-08-12 20:00 - 2014-08-01 01:16 - 00307384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll 2014-08-12 20:00 - 2014-07-25 16:52 - 23645696 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2014-08-12 20:00 - 2014-07-25 16:02 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2014-08-12 20:00 - 2014-07-25 16:01 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll 2014-08-12 20:00 - 2014-07-25 15:51 - 17524224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2014-08-12 20:00 - 2014-07-25 15:30 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll 2014-08-12 20:00 - 2014-07-25 15:28 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll 2014-08-12 20:00 - 2014-07-25 15:28 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll 2014-08-12 20:00 - 2014-07-25 15:25 - 02774528 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2014-08-12 20:00 - 2014-07-25 15:25 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll 2014-08-12 20:00 - 2014-07-25 15:11 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll 2014-08-12 20:00 - 2014-07-25 15:10 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll 2014-08-12 20:00 - 2014-07-25 15:04 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb 2014-08-12 20:00 - 2014-07-25 15:03 - 00598016 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll 2014-08-12 20:00 - 2014-07-25 15:00 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe 2014-08-12 20:00 - 2014-07-25 15:00 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe 2014-08-12 20:00 - 2014-07-25 14:59 - 00758272 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll 2014-08-12 20:00 - 2014-07-25 14:47 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe 2014-08-12 20:00 - 2014-07-25 14:40 - 00452096 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll 2014-08-12 20:00 - 2014-07-25 14:34 - 00455168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll 2014-08-12 20:00 - 2014-07-25 14:34 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll 2014-08-12 20:00 - 2014-07-25 14:33 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll 2014-08-12 20:00 - 2014-07-25 14:30 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll 2014-08-12 20:00 - 2014-07-25 14:28 - 05824512 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2014-08-12 20:00 - 2014-07-25 14:28 - 00072704 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll 2014-08-12 20:00 - 2014-07-25 14:21 - 02184704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2014-08-12 20:00 - 2014-07-25 14:19 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll 2014-08-12 20:00 - 2014-07-25 14:18 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll 2014-08-12 20:00 - 2014-07-25 14:17 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll 2014-08-12 20:00 - 2014-07-25 14:17 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll 2014-08-12 20:00 - 2014-07-25 14:12 - 00438784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll 2014-08-12 20:00 - 2014-07-25 14:10 - 00292864 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll 2014-08-12 20:00 - 2014-07-25 14:10 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe 2014-08-12 20:00 - 2014-07-25 14:08 - 00597504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll 2014-08-12 20:00 - 2014-07-25 14:06 - 04204032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll 2014-08-12 20:00 - 2014-07-25 13:52 - 00367104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll 2014-08-12 20:00 - 2014-07-25 13:47 - 00631808 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2014-08-12 20:00 - 2014-07-25 13:43 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll 2014-08-12 20:00 - 2014-07-25 13:42 - 00692736 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe 2014-08-12 20:00 - 2014-07-25 13:39 - 02087936 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl 2014-08-12 20:00 - 2014-07-25 13:39 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll 2014-08-12 20:00 - 2014-07-25 13:36 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll 2014-08-12 20:00 - 2014-07-25 13:34 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll 2014-08-12 20:00 - 2014-07-25 13:29 - 00239616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll 2014-08-12 20:00 - 2014-07-25 13:23 - 13547008 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2014-08-12 20:00 - 2014-07-25 13:13 - 00526336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll 2014-08-12 20:00 - 2014-07-25 13:07 - 02001920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl 2014-08-12 20:00 - 2014-07-25 13:07 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll 2014-08-12 20:00 - 2014-07-25 13:03 - 11772928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2014-08-12 20:00 - 2014-07-25 12:52 - 02266624 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2014-08-12 20:00 - 2014-07-25 12:26 - 01431040 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2014-08-12 20:00 - 2014-07-25 12:17 - 00846336 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll 2014-08-12 20:00 - 2014-07-25 12:09 - 00704512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll 2014-08-12 20:00 - 2014-07-25 12:05 - 01792512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2014-08-12 20:00 - 2014-07-25 12:00 - 01169920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2014-08-12 20:00 - 2014-07-16 05:23 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll 2014-08-12 20:00 - 2014-07-16 04:46 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll 2014-08-12 20:00 - 2014-07-09 04:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDYAK.DLL 2014-08-12 20:00 - 2014-07-09 04:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDTAT.DLL 2014-08-12 20:00 - 2014-07-09 04:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDRU1.DLL 2014-08-12 20:00 - 2014-07-09 04:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDBASH.DLL 2014-08-12 20:00 - 2014-07-09 04:03 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\KBDRU.DLL 2014-08-12 20:00 - 2014-07-09 03:31 - 00007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDYAK.DLL 2014-08-12 20:00 - 2014-07-09 03:31 - 00007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDTAT.DLL 2014-08-12 20:00 - 2014-07-09 03:31 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDRU1.DLL 2014-08-12 20:00 - 2014-07-09 03:31 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDRU.DLL 2014-08-12 20:00 - 2014-07-09 03:31 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDBASH.DLL 2014-08-12 20:00 - 2014-07-09 00:38 - 00419992 _____ () C:\Windows\system32\locale.nls 2014-08-12 20:00 - 2014-07-09 00:30 - 00419992 _____ () C:\Windows\SysWOW64\locale.nls 2014-08-12 20:00 - 2014-06-25 04:05 - 14175744 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll 2014-08-12 20:00 - 2014-06-25 03:41 - 12874240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll 2014-08-12 20:00 - 2014-06-16 04:10 - 00985536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys 2014-08-12 20:00 - 2014-06-03 12:02 - 03241984 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll 2014-08-12 20:00 - 2014-06-03 12:02 - 01941504 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll 2014-08-12 20:00 - 2014-06-03 12:02 - 00504320 _____ (Microsoft Corporation) C:\Windows\system32\msihnd.dll 2014-08-12 20:00 - 2014-06-03 12:02 - 00112064 _____ (Microsoft Corporation) C:\Windows\system32\consent.exe 2014-08-12 20:00 - 2014-06-03 11:29 - 02363392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll 2014-08-12 20:00 - 2014-06-03 11:29 - 01805824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll 2014-08-12 20:00 - 2014-06-03 11:29 - 00337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msihnd.dll 2014-08-12 19:59 - 2014-07-14 04:02 - 01216000 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll 2014-08-12 19:59 - 2014-07-14 03:40 - 00664064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll 2014-08-12 19:52 - 2014-08-18 17:46 - 00000000 ____D () C:\Users\Ich\encyclios 2014-08-12 19:52 - 2014-08-12 20:13 - 00000000 ____D () C:\Users\Ich\fungi2014 2014-08-12 19:51 - 2014-08-12 19:51 - 00001207 _____ () C:\Users\Public\Desktop\Atlas of Clinical Fungi.lnk 2014-08-12 19:51 - 2014-08-12 19:51 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Atlas of Clinical Fungi 2014-08-12 19:50 - 2014-08-12 19:51 - 00000000 ____D () C:\Program Files (x86)\Atlas of Clinical Fungi 2014-08-12 01:05 - 2014-08-12 01:05 - 15798272 _____ () C:\Users\Ich\Documents\ereignisdat2.evtx 2014-08-12 01:04 - 2014-08-12 01:04 - 12652544 _____ () C:\Users\Ich\Documents\ereignisdat.evtx 2014-08-12 00:05 - 2014-08-12 00:12 - 00000000 ____D () C:\Windows\System32\Tasks\Aufgaben der Ereignisanzeige 2014-08-09 21:30 - 2014-08-09 21:30 - 00000000 ____D () C:\Users\Ich\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1 2014-08-09 21:30 - 2014-08-09 21:30 - 00000000 ____D () C:\Users\Ich\AppData\Roaming\chc 2014-08-09 16:10 - 2014-08-09 16:10 - 00007602 _____ () C:\Users\Ich\AppData\Local\Resmon.ResmonCfg ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2014-09-06 22:57 - 2014-09-06 22:57 - 00013411 _____ () C:\Users\Ich\Downloads\FRST.txt 2014-09-06 22:57 - 2014-09-06 22:56 - 00000000 ____D () C:\FRST 2014-09-06 22:48 - 2014-09-06 22:47 - 02104832 _____ (Farbar) C:\Users\Ich\Downloads\FRST64.exe 2014-09-06 22:47 - 2014-09-06 22:47 - 00380416 _____ () C:\Users\Ich\Downloads\4mr1c7mt.exe 2014-09-06 22:34 - 2014-09-05 17:18 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2014-09-06 22:33 - 2014-09-06 22:33 - 00083820 _____ () C:\Users\Ich\Desktop\OTL.Txt 2014-09-06 22:09 - 2014-01-23 23:27 - 01845545 _____ () C:\Windows\WindowsUpdate.log 2014-09-06 22:07 - 2014-09-06 22:05 - 00018261 _____ () C:\Users\Ich\Desktop\dds.txt 2014-09-06 22:07 - 2014-09-06 22:05 - 00005878 _____ () C:\Users\Ich\Desktop\attach.txt 2014-09-06 22:07 - 2014-01-24 14:57 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job 2014-09-06 22:06 - 2009-07-14 06:45 - 00016448 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2014-09-06 22:06 - 2009-07-14 06:45 - 00016448 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2014-09-06 22:01 - 2014-09-06 22:01 - 00000168 _____ () C:\Windows\setupact.log 2014-09-06 22:01 - 2014-09-06 22:01 - 00000000 _____ () C:\Windows\setuperr.log 2014-09-06 22:01 - 2014-01-24 01:28 - 00000000 ____D () C:\ProgramData\NVIDIA 2014-09-06 22:01 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2014-09-06 21:22 - 2014-01-23 23:35 - 00000000 ____D () C:\Users\Ich 2014-09-06 19:45 - 2014-09-06 19:45 - 00254858 _____ () C:\Users\Ich\AppData\Local\census.cache 2014-09-06 19:45 - 2014-09-06 19:45 - 00103849 _____ () C:\Users\Ich\AppData\Local\ars.cache 2014-09-06 14:54 - 2014-09-02 21:22 - 00002517 _____ () C:\Users\Public\Desktop\Skype.lnk 2014-09-06 14:54 - 2014-09-02 21:22 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype 2014-09-06 14:54 - 2014-09-02 21:21 - 00000000 ____D () C:\ProgramData\Skype 2014-09-06 14:39 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\system32\NDF 2014-09-06 14:15 - 2014-09-06 14:15 - 02405664 _____ (Trend Micro Inc.) C:\Users\Ich\Downloads\HousecallLauncher64.exe 2014-09-06 14:15 - 2014-09-06 14:15 - 00416576 _____ (Kaspersky Lab) C:\Users\Ich\Downloads\de-de.setup.exe 2014-09-06 14:15 - 2014-09-06 14:15 - 00000036 _____ () C:\Users\Ich\AppData\Local\housecall.guid.cache 2014-09-06 14:03 - 2014-09-06 14:03 - 00602112 _____ (OldTimer Tools) C:\Users\Ich\Desktop\OTL.exe 2014-09-06 12:00 - 2014-09-06 11:58 - 00000000 ____D () C:\AdwCleaner 2014-09-06 11:56 - 2014-09-06 11:56 - 01370467 _____ () C:\Users\Ich\Downloads\adwcleaner_3.309.exe 2014-09-06 11:44 - 2014-01-24 14:05 - 00000000 ____D () C:\Program Files (x86)\Adobe 2014-09-06 11:22 - 2014-09-06 11:22 - 00688992 ____R (Swearware) C:\Users\Ich\Downloads\dds.scr 2014-09-06 10:28 - 2014-09-06 10:28 - 02365840 _____ () C:\Users\Ich\Downloads\SecurityTaskManager_Setup.exe 2014-09-06 10:24 - 2014-08-18 17:52 - 00000000 ____D () C:\Users\Ich\AppData\Local\Adobe 2014-09-06 10:23 - 2014-09-06 10:23 - 00540072 _____ (Neuber Software) C:\Users\Ich\Downloads\SvchostAnalyzer.exe 2014-09-06 10:14 - 2014-09-05 13:43 - 00001326 _____ () C:\Windows\Tasks\MQDC-job-furz 2014-09-05 23:33 - 2014-09-05 13:43 - 00004352 _____ () C:\Windows\System32\Tasks\MQDC 2014-09-05 18:29 - 2014-09-05 18:29 - 00000000 ____D () C:\Users\Ich\Documents\ProcAlyzer Dumps 2014-09-05 18:29 - 2014-09-05 17:56 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy 2014-09-05 18:00 - 2014-09-05 17:56 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy 2 2014-09-05 17:57 - 2014-09-05 17:57 - 00000000 ____D () C:\Windows\System32\Tasks\Safer-Networking 2014-09-05 17:56 - 2014-09-05 17:56 - 00001395 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk 2014-09-05 17:56 - 2014-09-05 17:56 - 00001383 _____ () C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk 2014-09-05 17:55 - 2014-09-05 17:54 - 46525608 _____ (Safer-Networking Ltd. ) C:\Users\Ich\Downloads\spybot-2.4.exe 2014-09-05 17:32 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\AppCompat 2014-09-05 17:17 - 2014-09-05 17:17 - 00001106 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk 2014-09-05 17:17 - 2014-09-05 17:17 - 00000000 ____D () C:\ProgramData\Malwarebytes 2014-09-05 17:17 - 2014-09-05 17:17 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 2014-09-05 17:17 - 2014-09-05 17:16 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Ich\Downloads\mbam-setup-2.0.2.1012.exe 2014-09-05 00:00 - 2014-05-25 18:14 - 00000000 ____D () C:\Users\Ich\AppData\Local\PokerStars.EU 2014-09-04 17:28 - 2014-01-24 13:12 - 00000000 ____D () C:\Users\Ich\AppData\Roaming\Adobe 2014-09-04 16:36 - 2014-05-24 10:53 - 00000000 ____D () C:\Users\Ich\Documents\mega_cache_6140226 2014-09-04 16:07 - 2014-01-24 02:00 - 00696528 _____ () C:\Windows\system32\perfh007.dat 2014-09-04 16:07 - 2014-01-24 02:00 - 00148496 _____ () C:\Windows\system32\perfc007.dat 2014-09-04 16:07 - 2009-07-14 07:13 - 01618320 _____ () C:\Windows\system32\PerfStringBackup.INI 2014-09-04 16:02 - 2014-05-02 12:11 - 00000000 ____D () C:\Users\Ich\Documents\Citavi 4 2014-09-04 13:06 - 2014-09-06 21:22 - 00033435 _____ () C:\Users\Ich\bookmarks-2014-09-04_201_R0v3OVKTeXmw+-jqzFT1Sg==.jsonlz4 2014-09-03 19:45 - 2014-09-03 19:45 - 04870145 _____ () C:\Users\Ich\Downloads\Lemmings_en.zip 2014-09-03 08:32 - 2014-01-24 02:03 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service 2014-09-03 00:08 - 2014-07-06 17:25 - 00000000 ____D () C:\Users\Ich\Documents\psynetic-gifx 2014-09-02 23:55 - 2014-09-02 21:22 - 00000000 ____D () C:\Users\Ich\AppData\Roaming\Skype 2014-09-02 21:22 - 2014-09-02 21:22 - 00000000 ___RD () C:\Program Files (x86)\Skype 2014-09-02 21:22 - 2014-09-02 21:22 - 00000000 ____D () C:\Users\Ich\AppData\Local\Skype 2014-09-02 21:20 - 2014-09-02 21:20 - 01677928 _____ (Skype Technologies S.A.) C:\Users\Ich\Downloads\SkypeSetup.exe 2014-09-02 20:00 - 2014-09-02 20:00 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox 2014-09-01 10:18 - 2014-09-01 10:18 - 00002086 _____ () C:\Users\Ich\AppData\Roaming\MQDC 2014-08-30 12:42 - 2014-08-30 12:42 - 00109280 _____ () C:\Users\Ich\AppData\Local\GDIPFONTCACHEV1.DAT 2014-08-30 11:00 - 2014-08-30 10:58 - 04966568 _____ () C:\Windows\system32\FNTCACHE.DAT 2014-08-30 00:38 - 2014-08-30 00:37 - 04901352 _____ (Piriform Ltd) C:\Users\Ich\Downloads\ccsetup417.exe 2014-08-30 00:38 - 2014-01-24 14:55 - 00000822 _____ () C:\Users\Public\Desktop\CCleaner.lnk 2014-08-30 00:38 - 2014-01-24 14:55 - 00000000 ____D () C:\Program Files\CCleaner 2014-08-29 22:21 - 2014-05-25 18:14 - 00000000 ____D () C:\Program Files (x86)\PokerStars.EU 2014-08-29 16:13 - 2014-05-23 20:08 - 00000000 ____D () C:\Users\Ich\AppData\Roaming\MEGA_Global 2014-08-29 15:41 - 2014-08-29 15:40 - 06224233 _____ () C:\Users\Ich\Downloads\Kokusnu__pilz.zip 2014-08-24 21:51 - 2014-08-24 21:51 - 00000967 _____ () C:\Users\Public\Desktop\MEGA6.lnk 2014-08-24 21:51 - 2014-08-24 21:51 - 00000000 ____D () C:\Users\Ich\AppData\Roaming\MEGA6_6140226 2014-08-24 21:51 - 2014-08-24 21:51 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MEGA6 2014-08-24 21:51 - 2014-08-24 21:51 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ImageMagick 6.7.5 Q16 2014-08-24 21:51 - 2014-08-24 21:51 - 00000000 ____D () C:\Program Files (x86)\MEGA6 2014-08-23 14:23 - 2014-08-23 14:23 - 04813544 _____ (Piriform Ltd) C:\Users\Ich\Downloads\ccsetup416.exe 2014-08-23 04:07 - 2014-08-29 12:49 - 00404480 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll 2014-08-23 03:45 - 2014-08-29 12:49 - 00311808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll 2014-08-23 02:59 - 2014-08-29 12:49 - 03163648 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys 2014-08-21 11:19 - 2014-08-21 11:19 - 00111016 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge-64.dll 2014-08-21 11:19 - 2014-08-21 11:19 - 00000000 ____D () C:\Program Files\Java 2014-08-21 11:19 - 2014-06-26 14:33 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java 2014-08-21 11:19 - 2014-05-24 15:28 - 00000000 ____D () C:\ProgramData\Oracle 2014-08-21 11:09 - 2014-08-21 10:54 - 00000000 ____D () C:\ProgramData\89862a08bda44ad 2014-08-21 10:54 - 2014-08-21 10:54 - 00000394 __RSH () C:\ProgramData\ntuser.pol 2014-08-21 10:54 - 2014-08-21 10:54 - 00000000 ____D () C:\Users\Ich\AppData\Local\Google 2014-08-21 10:54 - 2014-08-21 10:54 - 00000000 ____D () C:\Users\Ich\AppData\Local\Comodo 2014-08-21 10:54 - 2014-08-21 10:54 - 00000000 ____D () C:\Users\HomeGroupUser$\AppData\Local\Google 2014-08-21 10:54 - 2014-08-21 10:54 - 00000000 ____D () C:\Users\HomeGroupUser$\AppData\Local\Comodo 2014-08-21 10:54 - 2014-08-21 10:54 - 00000000 ____D () C:\Users\HomeGroupUser$ 2014-08-21 10:54 - 2014-08-21 10:54 - 00000000 ____D () C:\Users\Guest\AppData\Local\Google 2014-08-21 10:54 - 2014-08-21 10:54 - 00000000 ____D () C:\Users\Guest\AppData\Local\Comodo 2014-08-21 10:54 - 2014-08-21 10:54 - 00000000 ____D () C:\Users\Guest 2014-08-21 10:54 - 2014-08-21 10:54 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Google 2014-08-21 10:54 - 2014-08-21 10:54 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Comodo 2014-08-21 10:54 - 2014-08-21 10:54 - 00000000 ____D () C:\Users\Administrator 2014-08-21 10:54 - 2009-07-14 05:20 - 00000000 ___HD () C:\Windows\system32\GroupPolicy 2014-08-21 10:54 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\SysWOW64\GroupPolicy 2014-08-18 20:17 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\rescache 2014-08-18 17:46 - 2014-08-12 19:52 - 00000000 ____D () C:\Users\Ich\encyclios 2014-08-18 17:45 - 2014-01-24 14:57 - 00699568 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2014-08-18 17:45 - 2014-01-24 14:57 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2014-08-18 17:45 - 2014-01-24 14:57 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater 2014-08-15 19:34 - 2009-07-14 09:13 - 00000000 ___RD () C:\Users\Public\Recorded TV 2014-08-14 00:05 - 2014-03-11 13:02 - 00000407 _____ () C:\Windows\system32\checkdnsid.xml 2014-08-13 21:37 - 2014-08-13 21:37 - 01260120 _____ (BitDefender) C:\Windows\system32\Drivers\avc3.sys 2014-08-13 21:37 - 2014-01-24 02:11 - 00084848 _____ (BitDefender SRL) C:\Windows\system32\bdsandboxuiskin.dll 2014-08-13 21:36 - 2014-01-24 02:52 - 00074512 _____ (BitDefender SRL) C:\Windows\system32\bdsandboxuiskin32.dll 2014-08-13 21:36 - 2014-01-24 02:21 - 00647752 _____ (BitDefender) C:\Windows\system32\Drivers\avckf.sys 2014-08-13 21:36 - 2014-01-24 02:11 - 00419616 _____ (BitDefender S.R.L.) C:\Windows\system32\Drivers\trufos.sys 2014-08-13 21:36 - 2014-01-24 02:11 - 00034384 _____ (BitDefender SRL) C:\Windows\system32\bdsandboxuh.dll 2014-08-12 20:33 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\PolicyDefinitions 2014-08-12 20:20 - 2014-01-24 00:31 - 00000000 ____D () C:\Windows\system32\MRT 2014-08-12 20:19 - 2014-01-24 00:31 - 99218768 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe 2014-08-12 20:18 - 2014-01-24 13:44 - 00000000 ____D () C:\ProgramData\Microsoft Help 2014-08-12 20:13 - 2014-08-12 19:52 - 00000000 ____D () C:\Users\Ich\fungi2014 2014-08-12 19:51 - 2014-08-12 19:51 - 00001207 _____ () C:\Users\Public\Desktop\Atlas of Clinical Fungi.lnk 2014-08-12 19:51 - 2014-08-12 19:51 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Atlas of Clinical Fungi 2014-08-12 19:51 - 2014-08-12 19:50 - 00000000 ____D () C:\Program Files (x86)\Atlas of Clinical Fungi 2014-08-12 01:05 - 2014-08-12 01:05 - 15798272 _____ () C:\Users\Ich\Documents\ereignisdat2.evtx 2014-08-12 01:04 - 2014-08-12 01:04 - 12652544 _____ () C:\Users\Ich\Documents\ereignisdat.evtx 2014-08-12 00:12 - 2014-08-12 00:05 - 00000000 ____D () C:\Windows\System32\Tasks\Aufgaben der Ereignisanzeige 2014-08-09 21:30 - 2014-08-09 21:30 - 00000000 ____D () C:\Users\Ich\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1 2014-08-09 21:30 - 2014-08-09 21:30 - 00000000 ____D () C:\Users\Ich\AppData\Roaming\chc 2014-08-09 16:10 - 2014-08-09 16:10 - 00007602 _____ () C:\Users\Ich\AppData\Local\Resmon.ResmonCfg 2014-08-07 12:18 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\LiveKernelReports ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\System32\winlogon.exe => File is digitally signed C:\Windows\System32\wininit.exe => File is digitally signed C:\Windows\SysWOW64\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\System32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\System32\services.exe => File is digitally signed C:\Windows\System32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\System32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\System32\rpcss.dll => File is digitally signed C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2014-09-06 18:40 ==================== End Of Log ============================ |
|
07.09.2014, 12:14
| #4 |
| | PUP.Optional.Multiplug und andere Infektionen Hier nochmal die Logs von FRSt und vielen Dank nochmal. FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 06-09-2014
Ran by Ich (administrator) on MINE on 07-09-2014 13:06:46
Running from C:\Users\Ich\Downloads
Platform: Windows 7 Enterprise Service Pack 1 (X64) OS Language: Englisch (USA)
Internet Explorer Version 11
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Bitdefender) C:\Program Files\Bitdefender\Bitdefender\vsserv.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
(Bitdefender) C:\Program Files\Bitdefender\Bitdefender\updatesrv.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Bitdefender) C:\Program Files\Bitdefender\Bitdefender\bdagent.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
HKLM\...\Run: [Bdagent] => C:\Program Files\Bitdefender\Bitdefender\bdagent.exe [1743088 2014-08-13] (Bitdefender)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [472984 2013-12-10] (Adobe Systems Incorporated)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2403104 2014-07-25] (NVIDIA Corporation)
HKLM-x32\...\Run: [AdobeCS5.5ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe [1523360 2011-01-12] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-12-21] (Adobe Systems Incorporated)
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKU\.DEFAULT\...\Run: [Bitdefender Wallet Agent] => C:\Program Files\Bitdefender\Bitdefender\pmbxag.exe [568400 2014-08-13] (Bitdefender)
HKU\.DEFAULT\...\Run: [Bitdefender Wallet] => C:\Program Files\Bitdefender\Bitdefender\pwdmanui.exe [1002048 2014-08-13] (Bitdefender)
HKU\.DEFAULT\...\Run: [Bitdefender Wallet Application Agent] => C:\Program Files\Bitdefender\Bitdefender\antispam32\bdapppassmgr.exe [615256 2014-08-13] (Bitdefender)
HKU\.DEFAULT\...\RunOnce: [SPReview] => C:\Windows\System32\SPReview\SPReview.exe [301568 2014-01-24] (Microsoft Corporation)
HKU\S-1-5-21-1268206590-3093409484-1136636918-1001\...\Run: [AdobeBridge] => [X]
BootExecute: autocheck autochk * sdnclean64.exe
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
BHO: Bitdefender Wallet -> {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} -> C:\Program Files\Bitdefender\Bitdefender\pmbxie.dll (Bitdefender)
BHO: Citavi Picker -> {609D670F-B735-4da7-AC6D-F3BD358E325E} -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_20\bin\ssv.dll (Oracle Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_20\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: Bitdefender Wallet -> {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} -> C:\Program Files\Bitdefender\Bitdefender\Antispam32\pmbxie.dll (Bitdefender)
BHO-x32: Citavi Picker -> {609D670F-B735-4da7-AC6D-F3BD358E325E} -> C:\Windows\SysWOW64\mscoree.dll (Microsoft Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
FireFox:
========
FF ProfilePath: C:\Users\Ich\AppData\Roaming\Mozilla\Firefox\Profiles\quh1ckxf.default
FF Homepage: about:home
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_14_0_0_179.dll ()
FF Plugin: @java.com/DTPlugin,version=11.20.2 -> C:\Program Files\Java\jre1.8.0_20\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.20.2 -> C:\Program Files\Java\jre1.8.0_20\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll (Adobe Systems)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_179.dll ()
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: YouTube Unblocker - C:\Users\Ich\AppData\Roaming\Mozilla\Firefox\Profiles\quh1ckxf.default\Extensions\youtubeunblocker@unblocker.yt [2014-05-01]
FF Extension: Deutsch (DE) Language Pack - C:\Users\Ich\AppData\Roaming\Mozilla\Firefox\Profiles\quh1ckxf.default\Extensions\langpack-de@firefox.mozilla.org.xpi [2014-08-24]
FF Extension: English (GB) Language Pack - C:\Users\Ich\AppData\Roaming\Mozilla\Firefox\Profiles\quh1ckxf.default\Extensions\langpack-en-GB@firefox.mozilla.org.xpi [2014-08-24]
FF Extension: Adblock Plus - C:\Users\Ich\AppData\Roaming\Mozilla\Firefox\Profiles\quh1ckxf.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-01-24]
FF HKLM\...\Thunderbird\Extensions: [bdThunderbird@bitdefender.com] - C:\Program Files\Bitdefender\Bitdefender\bdtbext
FF Extension: bdToolbar - C:\Program Files\Bitdefender\Bitdefender\bdtbext [2014-01-24]
FF HKLM-x32\...\Firefox\Extensions: [ffpwdman@bitdefender.com] - C:\Program Files\Bitdefender\Bitdefender\Antispam32\ffpwdman
FF Extension: Bitdefender Wallet - C:\Program Files\Bitdefender\Bitdefender\Antispam32\ffpwdman [2014-01-24]
FF HKLM-x32\...\Firefox\Extensions: [{8AA36F4F-6DC7-4c06-77AF-5035170634FE}] - C:\ProgramData\Swiss Academic Software\Citavi Picker\Firefox
FF Extension: Citavi Picker - C:\ProgramData\Swiss Academic Software\Citavi Picker\Firefox [2014-05-02]
FF HKLM-x32\...\Thunderbird\Extensions: [bdThunderbird@bitdefender.com] - C:\Program Files\Bitdefender\Bitdefender\bdtbext
Chrome:
=======
CHR Profile: C:\Users\Ich\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (HTML Saver) - C:\Users\Ich\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapbdbdomjkkjkaonfhkkikfgjllcleb [2014-08-21]
CHR HKLM-x32\...\Chrome\Extension: [ccahoghmggldkcdjiebjkidpfongdfbl] - C:\Program Files\Bitdefender\Bitdefender\Antispam32\pmbxcr.crx [2014-03-10]
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
==================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
S4 BdDesktopParental; C:\Program Files\Bitdefender\Bitdefender\bdparentalservice.exe [77632 2014-08-13] (Bitdefender)
S2 MBAMScheduler; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe [1809720 2014-05-12] (Malwarebytes Corporation)
S2 MBAMService; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [860472 2014-05-12] (Malwarebytes Corporation)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1720608 2014-07-25] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [18956064 2014-07-25] (NVIDIA Corporation)
S3 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1738168 2014-06-24] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2088408 2014-06-27] (Safer-Networking Ltd.)
S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]
R2 UPDATESRV; C:\Program Files\Bitdefender\Bitdefender\updatesrv.exe [67320 2014-08-13] (Bitdefender)
R2 VSSERV; C:\Program Files\Bitdefender\Bitdefender\vsserv.exe [1528896 2014-08-13] (Bitdefender)
S2 WLMS; C:\Windows\system32\wlms\wlms.exe [19456 2009-07-14] (Microsoft Corporation)
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R0 avc3; C:\Windows\System32\DRIVERS\avc3.sys [1260120 2014-08-13] (BitDefender)
R3 avchv; C:\Windows\System32\DRIVERS\avchv.sys [261056 2012-11-02] (BitDefender)
R3 avckf; C:\Windows\System32\DRIVERS\avckf.sys [647752 2014-08-13] (BitDefender)
R1 BdfNdisf; c:\program files\common files\bitdefender\bitdefender firewall\bdfndisf6.sys [93600 2014-05-22] (BitDefender LLC)
R1 bdfwfpf; C:\Program Files\Common Files\Bitdefender\Bitdefender Firewall\bdfwfpf.sys [103504 2011-11-14] (BitDefender LLC)
S3 bdfwfpf_pc; C:\Program Files\Common Files\Bitdefender\Bitdefender Firewall\bdfwfpf_pc.sys [121928 2013-07-02] (Bitdefender SRL)
S3 BDSandBox; C:\Windows\system32\drivers\bdsandbox.sys [82824 2013-11-04] (BitDefender SRL)
R3 ffusb2audio; C:\Windows\System32\DRIVERS\ffusb2audio.sys [127280 2013-09-25] (Focusrite Audio Engineering Limited.)
R0 gzflt; C:\Windows\System32\DRIVERS\gzflt.sys [150256 2013-08-23] (BitDefender LLC)
S3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-05-12] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-05-12] (Malwarebytes Corporation)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [20256 2014-07-25] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [40392 2014-03-31] (NVIDIA Corporation)
R0 trufos; C:\Windows\System32\DRIVERS\trufos.sys [419616 2014-08-13] (BitDefender S.R.L.)
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X]
S3 tsusbhub; system32\drivers\tsusbhub.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-09-07 12:48 - 2014-09-07 13:06 - 00013025 _____ () C:\Users\Ich\Downloads\FRST.txt
2014-09-07 01:00 - 2014-09-07 11:49 - 00000168 _____ () C:\Windows\setupact.log
2014-09-07 01:00 - 2014-09-07 01:00 - 00000000 _____ () C:\Windows\setuperr.log
2014-09-06 23:26 - 2014-09-06 23:35 - 00000000 ____D () C:\Windows\Minidump
2014-09-06 22:56 - 2014-09-07 13:06 - 00000000 ____D () C:\FRST
2014-09-06 22:47 - 2014-09-06 22:48 - 02104832 _____ (Farbar) C:\Users\Ich\Downloads\FRST64.exe
2014-09-06 22:47 - 2014-09-06 22:47 - 00380416 _____ () C:\Users\Ich\Downloads\4mr1c7mt.exe
2014-09-06 21:22 - 2014-09-04 13:06 - 00033435 _____ () C:\Users\Ich\bookmarks-2014-09-04_201_R0v3OVKTeXmw+-jqzFT1Sg==.jsonlz4
2014-09-06 19:45 - 2014-09-06 19:45 - 00254858 _____ () C:\Users\Ich\AppData\Local\census.cache
2014-09-06 19:45 - 2014-09-06 19:45 - 00103849 _____ () C:\Users\Ich\AppData\Local\ars.cache
2014-09-06 14:15 - 2014-09-06 14:15 - 02405664 _____ (Trend Micro Inc.) C:\Users\Ich\Downloads\HousecallLauncher64.exe
2014-09-06 14:15 - 2014-09-06 14:15 - 00416576 _____ (Kaspersky Lab) C:\Users\Ich\Downloads\de-de.setup.exe
2014-09-06 14:15 - 2014-09-06 14:15 - 00000036 _____ () C:\Users\Ich\AppData\Local\housecall.guid.cache
2014-09-06 14:03 - 2014-09-06 14:03 - 00602112 _____ (OldTimer Tools) C:\Users\Ich\Desktop\OTL.exe
2014-09-06 11:58 - 2014-09-06 12:00 - 00000000 ____D () C:\AdwCleaner
2014-09-06 11:56 - 2014-09-06 11:56 - 01370467 _____ () C:\Users\Ich\Downloads\adwcleaner_3.309.exe
2014-09-06 11:22 - 2014-09-06 11:22 - 00688992 ____R (Swearware) C:\Users\Ich\Downloads\dds.scr
2014-09-06 10:28 - 2014-09-06 10:28 - 02365840 _____ () C:\Users\Ich\Downloads\SecurityTaskManager_Setup.exe
2014-09-06 10:23 - 2014-09-06 10:23 - 00540072 _____ (Neuber Software) C:\Users\Ich\Downloads\SvchostAnalyzer.exe
2014-09-05 18:29 - 2014-09-05 18:29 - 00000000 ____D () C:\Users\Ich\Documents\ProcAlyzer Dumps
2014-09-05 17:57 - 2014-09-05 17:57 - 00000000 ____D () C:\Windows\System32\Tasks\Safer-Networking
2014-09-05 17:56 - 2014-09-05 18:29 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2014-09-05 17:56 - 2014-09-05 18:00 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy 2
2014-09-05 17:56 - 2014-09-05 17:56 - 00001395 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk
2014-09-05 17:56 - 2014-09-05 17:56 - 00001383 _____ () C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
2014-09-05 17:56 - 2013-09-20 10:49 - 00021040 _____ (Safer Networking Limited) C:\Windows\system32\sdnclean64.exe
2014-09-05 17:54 - 2014-09-05 17:55 - 46525608 _____ (Safer-Networking Ltd. ) C:\Users\Ich\Downloads\spybot-2.4.exe
2014-09-05 17:18 - 2014-09-07 12:27 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-09-05 17:17 - 2014-09-05 17:17 - 00001106 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-09-05 17:17 - 2014-09-05 17:17 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-09-05 17:17 - 2014-09-05 17:17 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware
2014-09-05 17:17 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-09-05 17:17 - 2014-05-12 07:26 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-09-05 17:17 - 2014-05-12 07:25 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-09-05 17:16 - 2014-09-05 17:17 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Ich\Downloads\mbam-setup-2.0.2.1012.exe
2014-09-05 13:43 - 2014-09-06 10:14 - 00001326 _____ () C:\Windows\Tasks\MQDC-job-furz
2014-09-03 19:45 - 2014-09-03 19:45 - 04870145 _____ () C:\Users\Ich\Downloads\Lemmings_en.zip
2014-09-02 21:22 - 2014-09-06 14:54 - 00002517 _____ () C:\Users\Public\Desktop\Skype.lnk
2014-09-02 21:22 - 2014-09-06 14:54 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2014-09-02 21:22 - 2014-09-02 23:55 - 00000000 ____D () C:\Users\Ich\AppData\Roaming\Skype
2014-09-02 21:22 - 2014-09-02 21:22 - 00000000 ___RD () C:\Program Files (x86)\Skype
2014-09-02 21:22 - 2014-09-02 21:22 - 00000000 ____D () C:\Users\Ich\AppData\Local\Skype
2014-09-02 21:21 - 2014-09-06 14:54 - 00000000 ____D () C:\ProgramData\Skype
2014-09-02 21:20 - 2014-09-02 21:20 - 01677928 _____ (Skype Technologies S.A.) C:\Users\Ich\Downloads\SkypeSetup.exe
2014-09-02 20:00 - 2014-09-02 20:00 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-08-30 12:42 - 2014-08-30 12:42 - 00109280 _____ () C:\Users\Ich\AppData\Local\GDIPFONTCACHEV1.DAT
2014-08-30 10:58 - 2014-08-30 11:00 - 04966568 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-08-30 00:37 - 2014-08-30 00:38 - 04901352 _____ (Piriform Ltd) C:\Users\Ich\Downloads\ccsetup417.exe
2014-08-29 15:40 - 2014-08-29 15:41 - 06224233 _____ () C:\Users\Ich\Downloads\Kokusnu__pilz.zip
2014-08-29 12:49 - 2014-08-23 04:07 - 00404480 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2014-08-29 12:49 - 2014-08-23 03:45 - 00311808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2014-08-29 12:49 - 2014-08-23 02:59 - 03163648 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-08-24 21:51 - 2014-08-24 21:51 - 00000967 _____ () C:\Users\Public\Desktop\MEGA6.lnk
2014-08-24 21:51 - 2014-08-24 21:51 - 00000000 ____D () C:\Users\Ich\AppData\Roaming\MEGA6_6140226
2014-08-24 21:51 - 2014-08-24 21:51 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MEGA6
2014-08-24 21:51 - 2014-08-24 21:51 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ImageMagick 6.7.5 Q16
2014-08-24 21:51 - 2014-08-24 21:51 - 00000000 ____D () C:\Program Files (x86)\MEGA6
2014-08-23 14:23 - 2014-08-23 14:23 - 04813544 _____ (Piriform Ltd) C:\Users\Ich\Downloads\ccsetup416.exe
2014-08-21 11:19 - 2014-08-21 11:19 - 00111016 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge-64.dll
2014-08-21 11:19 - 2014-08-21 11:19 - 00000000 ____D () C:\Program Files\Java
2014-08-21 10:54 - 2014-08-21 11:09 - 00000000 ____D () C:\ProgramData\89862a08bda44ad
2014-08-21 10:54 - 2014-08-21 10:54 - 00000394 __RSH () C:\ProgramData\ntuser.pol
2014-08-21 10:54 - 2014-08-21 10:54 - 00000000 ____D () C:\Users\Ich\AppData\Local\Google
2014-08-21 10:54 - 2014-08-21 10:54 - 00000000 ____D () C:\Users\Ich\AppData\Local\Comodo
2014-08-21 10:54 - 2014-08-21 10:54 - 00000000 ____D () C:\Users\HomeGroupUser$\AppData\Local\Google
2014-08-21 10:54 - 2014-08-21 10:54 - 00000000 ____D () C:\Users\HomeGroupUser$\AppData\Local\Comodo
2014-08-21 10:54 - 2014-08-21 10:54 - 00000000 ____D () C:\Users\HomeGroupUser$
2014-08-21 10:54 - 2014-08-21 10:54 - 00000000 ____D () C:\Users\Guest\AppData\Local\Google
2014-08-21 10:54 - 2014-08-21 10:54 - 00000000 ____D () C:\Users\Guest\AppData\Local\Comodo
2014-08-21 10:54 - 2014-08-21 10:54 - 00000000 ____D () C:\Users\Guest
2014-08-21 10:54 - 2014-08-21 10:54 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Google
2014-08-21 10:54 - 2014-08-21 10:54 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Comodo
2014-08-21 10:54 - 2014-08-21 10:54 - 00000000 ____D () C:\Users\Administrator
2014-08-18 17:52 - 2014-09-07 02:00 - 00000000 ____D () C:\Users\Ich\AppData\Local\Adobe
2014-08-13 21:37 - 2014-08-13 21:37 - 01260120 _____ (BitDefender) C:\Windows\system32\Drivers\avc3.sys
2014-08-12 20:15 - 2014-07-01 00:24 - 00008856 _____ (Microsoft Corporation) C:\Windows\system32\icardres.dll
2014-08-12 20:15 - 2014-07-01 00:14 - 00008856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardres.dll
2014-08-12 20:15 - 2014-06-06 08:16 - 00035480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TsWpfWrp.exe
2014-08-12 20:15 - 2014-06-06 08:12 - 00035480 _____ (Microsoft Corporation) C:\Windows\system32\TsWpfWrp.exe
2014-08-12 20:15 - 2014-03-09 23:48 - 01389208 _____ (Microsoft Corporation) C:\Windows\system32\icardagt.exe
2014-08-12 20:15 - 2014-03-09 23:48 - 00171160 _____ (Microsoft Corporation) C:\Windows\system32\infocardapi.dll
2014-08-12 20:15 - 2014-03-09 23:47 - 00619672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardagt.exe
2014-08-12 20:15 - 2014-03-09 23:47 - 00099480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\infocardapi.dll
2014-08-12 20:00 - 2014-08-01 01:41 - 00348856 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-08-12 20:00 - 2014-08-01 01:16 - 00307384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-08-12 20:00 - 2014-07-25 16:52 - 23645696 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-08-12 20:00 - 2014-07-25 16:02 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-08-12 20:00 - 2014-07-25 16:01 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-08-12 20:00 - 2014-07-25 15:51 - 17524224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-08-12 20:00 - 2014-07-25 15:30 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-08-12 20:00 - 2014-07-25 15:28 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-08-12 20:00 - 2014-07-25 15:28 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-08-12 20:00 - 2014-07-25 15:25 - 02774528 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-08-12 20:00 - 2014-07-25 15:25 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-08-12 20:00 - 2014-07-25 15:11 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-08-12 20:00 - 2014-07-25 15:10 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-08-12 20:00 - 2014-07-25 15:04 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-08-12 20:00 - 2014-07-25 15:03 - 00598016 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-08-12 20:00 - 2014-07-25 15:00 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-08-12 20:00 - 2014-07-25 15:00 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-08-12 20:00 - 2014-07-25 14:59 - 00758272 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-08-12 20:00 - 2014-07-25 14:47 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-08-12 20:00 - 2014-07-25 14:40 - 00452096 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-08-12 20:00 - 2014-07-25 14:34 - 00455168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-08-12 20:00 - 2014-07-25 14:34 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-08-12 20:00 - 2014-07-25 14:33 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-08-12 20:00 - 2014-07-25 14:30 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-08-12 20:00 - 2014-07-25 14:28 - 05824512 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-08-12 20:00 - 2014-07-25 14:28 - 00072704 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-08-12 20:00 - 2014-07-25 14:21 - 02184704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-08-12 20:00 - 2014-07-25 14:19 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-08-12 20:00 - 2014-07-25 14:18 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-08-12 20:00 - 2014-07-25 14:17 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-08-12 20:00 - 2014-07-25 14:17 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-08-12 20:00 - 2014-07-25 14:12 - 00438784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-08-12 20:00 - 2014-07-25 14:10 - 00292864 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-08-12 20:00 - 2014-07-25 14:10 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-08-12 20:00 - 2014-07-25 14:08 - 00597504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-08-12 20:00 - 2014-07-25 14:06 - 04204032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-08-12 20:00 - 2014-07-25 13:52 - 00367104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-08-12 20:00 - 2014-07-25 13:47 - 00631808 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-08-12 20:00 - 2014-07-25 13:43 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-08-12 20:00 - 2014-07-25 13:42 - 00692736 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-08-12 20:00 - 2014-07-25 13:39 - 02087936 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-08-12 20:00 - 2014-07-25 13:39 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-08-12 20:00 - 2014-07-25 13:36 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-08-12 20:00 - 2014-07-25 13:34 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-08-12 20:00 - 2014-07-25 13:29 - 00239616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-08-12 20:00 - 2014-07-25 13:23 - 13547008 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-08-12 20:00 - 2014-07-25 13:13 - 00526336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-08-12 20:00 - 2014-07-25 13:07 - 02001920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-08-12 20:00 - 2014-07-25 13:07 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-08-12 20:00 - 2014-07-25 13:03 - 11772928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-08-12 20:00 - 2014-07-25 12:52 - 02266624 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-08-12 20:00 - 2014-07-25 12:26 - 01431040 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-08-12 20:00 - 2014-07-25 12:17 - 00846336 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-08-12 20:00 - 2014-07-25 12:09 - 00704512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-08-12 20:00 - 2014-07-25 12:05 - 01792512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-08-12 20:00 - 2014-07-25 12:00 - 01169920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-08-12 20:00 - 2014-07-16 05:23 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2014-08-12 20:00 - 2014-07-16 04:46 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2014-08-12 20:00 - 2014-07-09 04:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDYAK.DLL
2014-08-12 20:00 - 2014-07-09 04:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDTAT.DLL
2014-08-12 20:00 - 2014-07-09 04:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDRU1.DLL
2014-08-12 20:00 - 2014-07-09 04:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDBASH.DLL
2014-08-12 20:00 - 2014-07-09 04:03 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\KBDRU.DLL
2014-08-12 20:00 - 2014-07-09 03:31 - 00007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDYAK.DLL
2014-08-12 20:00 - 2014-07-09 03:31 - 00007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDTAT.DLL
2014-08-12 20:00 - 2014-07-09 03:31 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDRU1.DLL
2014-08-12 20:00 - 2014-07-09 03:31 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDRU.DLL
2014-08-12 20:00 - 2014-07-09 03:31 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDBASH.DLL
2014-08-12 20:00 - 2014-07-09 00:38 - 00419992 _____ () C:\Windows\system32\locale.nls
2014-08-12 20:00 - 2014-07-09 00:30 - 00419992 _____ () C:\Windows\SysWOW64\locale.nls
2014-08-12 20:00 - 2014-06-25 04:05 - 14175744 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2014-08-12 20:00 - 2014-06-25 03:41 - 12874240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2014-08-12 20:00 - 2014-06-16 04:10 - 00985536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys
2014-08-12 20:00 - 2014-06-03 12:02 - 03241984 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2014-08-12 20:00 - 2014-06-03 12:02 - 01941504 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2014-08-12 20:00 - 2014-06-03 12:02 - 00504320 _____ (Microsoft Corporation) C:\Windows\system32\msihnd.dll
2014-08-12 20:00 - 2014-06-03 12:02 - 00112064 _____ (Microsoft Corporation) C:\Windows\system32\consent.exe
2014-08-12 20:00 - 2014-06-03 11:29 - 02363392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2014-08-12 20:00 - 2014-06-03 11:29 - 01805824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2014-08-12 20:00 - 2014-06-03 11:29 - 00337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msihnd.dll
2014-08-12 19:59 - 2014-07-14 04:02 - 01216000 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2014-08-12 19:59 - 2014-07-14 03:40 - 00664064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2014-08-12 19:52 - 2014-08-18 17:46 - 00000000 ____D () C:\Users\Ich\encyclios
2014-08-12 19:52 - 2014-08-12 20:13 - 00000000 ____D () C:\Users\Ich\fungi2014
2014-08-12 19:51 - 2014-08-12 19:51 - 00001207 _____ () C:\Users\Public\Desktop\Atlas of Clinical Fungi.lnk
2014-08-12 19:51 - 2014-08-12 19:51 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Atlas of Clinical Fungi
2014-08-12 19:50 - 2014-08-12 19:51 - 00000000 ____D () C:\Program Files (x86)\Atlas of Clinical Fungi
2014-08-12 01:05 - 2014-08-12 01:05 - 15798272 _____ () C:\Users\Ich\Documents\ereignisdat2.evtx
2014-08-12 01:04 - 2014-08-12 01:04 - 12652544 _____ () C:\Users\Ich\Documents\ereignisdat.evtx
2014-08-12 00:05 - 2014-08-12 00:12 - 00000000 ____D () C:\Windows\System32\Tasks\Aufgaben der Ereignisanzeige
2014-08-09 21:30 - 2014-08-09 21:30 - 00000000 ____D () C:\Users\Ich\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
2014-08-09 21:30 - 2014-08-09 21:30 - 00000000 ____D () C:\Users\Ich\AppData\Roaming\chc
2014-08-09 16:10 - 2014-08-09 16:10 - 00007602 _____ () C:\Users\Ich\AppData\Local\Resmon.ResmonCfg
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-09-07 13:07 - 2014-01-24 14:57 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-09-07 13:06 - 2014-09-07 12:48 - 00013025 _____ () C:\Users\Ich\Downloads\FRST.txt
2014-09-07 13:06 - 2014-09-06 22:56 - 00000000 ____D () C:\FRST
2014-09-07 12:27 - 2014-09-05 17:18 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-09-07 11:56 - 2014-01-23 23:27 - 01912340 _____ () C:\Windows\WindowsUpdate.log
2014-09-07 11:54 - 2009-07-14 06:45 - 00016448 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-09-07 11:54 - 2009-07-14 06:45 - 00016448 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-09-07 11:49 - 2014-09-07 01:00 - 00000168 _____ () C:\Windows\setupact.log
2014-09-07 11:48 - 2014-01-24 01:28 - 00000000 ____D () C:\ProgramData\NVIDIA
2014-09-07 11:48 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-09-07 02:00 - 2014-08-18 17:52 - 00000000 ____D () C:\Users\Ich\AppData\Local\Adobe
2014-09-07 01:00 - 2014-09-07 01:00 - 00000000 _____ () C:\Windows\setuperr.log
2014-09-06 23:35 - 2014-09-06 23:26 - 00000000 ____D () C:\Windows\Minidump
2014-09-06 22:48 - 2014-09-06 22:47 - 02104832 _____ (Farbar) C:\Users\Ich\Downloads\FRST64.exe
2014-09-06 22:47 - 2014-09-06 22:47 - 00380416 _____ () C:\Users\Ich\Downloads\4mr1c7mt.exe
2014-09-06 21:22 - 2014-01-23 23:35 - 00000000 ____D () C:\Users\Ich
2014-09-06 19:45 - 2014-09-06 19:45 - 00254858 _____ () C:\Users\Ich\AppData\Local\census.cache
2014-09-06 19:45 - 2014-09-06 19:45 - 00103849 _____ () C:\Users\Ich\AppData\Local\ars.cache
2014-09-06 14:54 - 2014-09-02 21:22 - 00002517 _____ () C:\Users\Public\Desktop\Skype.lnk
2014-09-06 14:54 - 2014-09-02 21:22 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2014-09-06 14:54 - 2014-09-02 21:21 - 00000000 ____D () C:\ProgramData\Skype
2014-09-06 14:39 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\system32\NDF
2014-09-06 14:15 - 2014-09-06 14:15 - 02405664 _____ (Trend Micro Inc.) C:\Users\Ich\Downloads\HousecallLauncher64.exe
2014-09-06 14:15 - 2014-09-06 14:15 - 00416576 _____ (Kaspersky Lab) C:\Users\Ich\Downloads\de-de.setup.exe
2014-09-06 14:15 - 2014-09-06 14:15 - 00000036 _____ () C:\Users\Ich\AppData\Local\housecall.guid.cache
2014-09-06 14:03 - 2014-09-06 14:03 - 00602112 _____ (OldTimer Tools) C:\Users\Ich\Desktop\OTL.exe
2014-09-06 12:00 - 2014-09-06 11:58 - 00000000 ____D () C:\AdwCleaner
2014-09-06 11:56 - 2014-09-06 11:56 - 01370467 _____ () C:\Users\Ich\Downloads\adwcleaner_3.309.exe
2014-09-06 11:44 - 2014-01-24 14:05 - 00000000 ____D () C:\Program Files (x86)\Adobe
2014-09-06 11:22 - 2014-09-06 11:22 - 00688992 ____R (Swearware) C:\Users\Ich\Downloads\dds.scr
2014-09-06 10:28 - 2014-09-06 10:28 - 02365840 _____ () C:\Users\Ich\Downloads\SecurityTaskManager_Setup.exe
2014-09-06 10:23 - 2014-09-06 10:23 - 00540072 _____ (Neuber Software) C:\Users\Ich\Downloads\SvchostAnalyzer.exe
2014-09-06 10:14 - 2014-09-05 13:43 - 00001326 _____ () C:\Windows\Tasks\MQDC-job-furz
2014-09-05 18:29 - 2014-09-05 18:29 - 00000000 ____D () C:\Users\Ich\Documents\ProcAlyzer Dumps
2014-09-05 18:29 - 2014-09-05 17:56 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2014-09-05 18:00 - 2014-09-05 17:56 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy 2
2014-09-05 17:57 - 2014-09-05 17:57 - 00000000 ____D () C:\Windows\System32\Tasks\Safer-Networking
2014-09-05 17:56 - 2014-09-05 17:56 - 00001395 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk
2014-09-05 17:56 - 2014-09-05 17:56 - 00001383 _____ () C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
2014-09-05 17:55 - 2014-09-05 17:54 - 46525608 _____ (Safer-Networking Ltd. ) C:\Users\Ich\Downloads\spybot-2.4.exe
2014-09-05 17:32 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\AppCompat
2014-09-05 17:17 - 2014-09-05 17:17 - 00001106 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-09-05 17:17 - 2014-09-05 17:17 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-09-05 17:17 - 2014-09-05 17:17 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware
2014-09-05 17:17 - 2014-09-05 17:16 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Ich\Downloads\mbam-setup-2.0.2.1012.exe
2014-09-05 00:00 - 2014-05-25 18:14 - 00000000 ____D () C:\Users\Ich\AppData\Local\PokerStars.EU
2014-09-04 17:28 - 2014-01-24 13:12 - 00000000 ____D () C:\Users\Ich\AppData\Roaming\Adobe
2014-09-04 16:36 - 2014-05-24 10:53 - 00000000 ____D () C:\Users\Ich\Documents\mega_cache_6140226
2014-09-04 16:07 - 2014-01-24 02:00 - 00696528 _____ () C:\Windows\system32\perfh007.dat
2014-09-04 16:07 - 2014-01-24 02:00 - 00148496 _____ () C:\Windows\system32\perfc007.dat
2014-09-04 16:07 - 2009-07-14 07:13 - 01618320 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-09-04 16:02 - 2014-05-02 12:11 - 00000000 ____D () C:\Users\Ich\Documents\Citavi 4
2014-09-04 13:06 - 2014-09-06 21:22 - 00033435 _____ () C:\Users\Ich\bookmarks-2014-09-04_201_R0v3OVKTeXmw+-jqzFT1Sg==.jsonlz4
2014-09-03 19:45 - 2014-09-03 19:45 - 04870145 _____ () C:\Users\Ich\Downloads\Lemmings_en.zip
2014-09-03 08:32 - 2014-01-24 02:03 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-09-03 00:08 - 2014-07-06 17:25 - 00000000 ____D () C:\Users\Ich\Documents\psynetic-gifx
2014-09-02 23:55 - 2014-09-02 21:22 - 00000000 ____D () C:\Users\Ich\AppData\Roaming\Skype
2014-09-02 21:22 - 2014-09-02 21:22 - 00000000 ___RD () C:\Program Files (x86)\Skype
2014-09-02 21:22 - 2014-09-02 21:22 - 00000000 ____D () C:\Users\Ich\AppData\Local\Skype
2014-09-02 21:20 - 2014-09-02 21:20 - 01677928 _____ (Skype Technologies S.A.) C:\Users\Ich\Downloads\SkypeSetup.exe
2014-09-02 20:00 - 2014-09-02 20:00 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-08-30 12:42 - 2014-08-30 12:42 - 00109280 _____ () C:\Users\Ich\AppData\Local\GDIPFONTCACHEV1.DAT
2014-08-30 11:00 - 2014-08-30 10:58 - 04966568 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-08-30 00:38 - 2014-08-30 00:37 - 04901352 _____ (Piriform Ltd) C:\Users\Ich\Downloads\ccsetup417.exe
2014-08-30 00:38 - 2014-01-24 14:55 - 00000822 _____ () C:\Users\Public\Desktop\CCleaner.lnk
2014-08-30 00:38 - 2014-01-24 14:55 - 00000000 ____D () C:\Program Files\CCleaner
2014-08-29 22:21 - 2014-05-25 18:14 - 00000000 ____D () C:\Program Files (x86)\PokerStars.EU
2014-08-29 16:13 - 2014-05-23 20:08 - 00000000 ____D () C:\Users\Ich\AppData\Roaming\MEGA_Global
2014-08-29 15:41 - 2014-08-29 15:40 - 06224233 _____ () C:\Users\Ich\Downloads\Kokusnu__pilz.zip
2014-08-24 21:51 - 2014-08-24 21:51 - 00000967 _____ () C:\Users\Public\Desktop\MEGA6.lnk
2014-08-24 21:51 - 2014-08-24 21:51 - 00000000 ____D () C:\Users\Ich\AppData\Roaming\MEGA6_6140226
2014-08-24 21:51 - 2014-08-24 21:51 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MEGA6
2014-08-24 21:51 - 2014-08-24 21:51 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ImageMagick 6.7.5 Q16
2014-08-24 21:51 - 2014-08-24 21:51 - 00000000 ____D () C:\Program Files (x86)\MEGA6
2014-08-23 14:23 - 2014-08-23 14:23 - 04813544 _____ (Piriform Ltd) C:\Users\Ich\Downloads\ccsetup416.exe
2014-08-23 04:07 - 2014-08-29 12:49 - 00404480 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2014-08-23 03:45 - 2014-08-29 12:49 - 00311808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2014-08-23 02:59 - 2014-08-29 12:49 - 03163648 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-08-21 11:19 - 2014-08-21 11:19 - 00111016 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge-64.dll
2014-08-21 11:19 - 2014-08-21 11:19 - 00000000 ____D () C:\Program Files\Java
2014-08-21 11:19 - 2014-06-26 14:33 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-08-21 11:19 - 2014-05-24 15:28 - 00000000 ____D () C:\ProgramData\Oracle
2014-08-21 11:09 - 2014-08-21 10:54 - 00000000 ____D () C:\ProgramData\89862a08bda44ad
2014-08-21 10:54 - 2014-08-21 10:54 - 00000394 __RSH () C:\ProgramData\ntuser.pol
2014-08-21 10:54 - 2014-08-21 10:54 - 00000000 ____D () C:\Users\Ich\AppData\Local\Google
2014-08-21 10:54 - 2014-08-21 10:54 - 00000000 ____D () C:\Users\Ich\AppData\Local\Comodo
2014-08-21 10:54 - 2014-08-21 10:54 - 00000000 ____D () C:\Users\HomeGroupUser$\AppData\Local\Google
2014-08-21 10:54 - 2014-08-21 10:54 - 00000000 ____D () C:\Users\HomeGroupUser$\AppData\Local\Comodo
2014-08-21 10:54 - 2014-08-21 10:54 - 00000000 ____D () C:\Users\HomeGroupUser$
2014-08-21 10:54 - 2014-08-21 10:54 - 00000000 ____D () C:\Users\Guest\AppData\Local\Google
2014-08-21 10:54 - 2014-08-21 10:54 - 00000000 ____D () C:\Users\Guest\AppData\Local\Comodo
2014-08-21 10:54 - 2014-08-21 10:54 - 00000000 ____D () C:\Users\Guest
2014-08-21 10:54 - 2014-08-21 10:54 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Google
2014-08-21 10:54 - 2014-08-21 10:54 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Comodo
2014-08-21 10:54 - 2014-08-21 10:54 - 00000000 ____D () C:\Users\Administrator
2014-08-21 10:54 - 2009-07-14 05:20 - 00000000 ___HD () C:\Windows\system32\GroupPolicy
2014-08-21 10:54 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\SysWOW64\GroupPolicy
2014-08-18 20:17 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\rescache
2014-08-18 17:46 - 2014-08-12 19:52 - 00000000 ____D () C:\Users\Ich\encyclios
2014-08-18 17:45 - 2014-01-24 14:57 - 00699568 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-08-18 17:45 - 2014-01-24 14:57 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-08-18 17:45 - 2014-01-24 14:57 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-08-15 19:34 - 2009-07-14 09:13 - 00000000 ___RD () C:\Users\Public\Recorded TV
2014-08-14 00:05 - 2014-03-11 13:02 - 00000407 _____ () C:\Windows\system32\checkdnsid.xml
2014-08-13 21:37 - 2014-08-13 21:37 - 01260120 _____ (BitDefender) C:\Windows\system32\Drivers\avc3.sys
2014-08-13 21:37 - 2014-01-24 02:11 - 00084848 _____ (BitDefender SRL) C:\Windows\system32\bdsandboxuiskin.dll
2014-08-13 21:36 - 2014-01-24 02:52 - 00074512 _____ (BitDefender SRL) C:\Windows\system32\bdsandboxuiskin32.dll
2014-08-13 21:36 - 2014-01-24 02:21 - 00647752 _____ (BitDefender) C:\Windows\system32\Drivers\avckf.sys
2014-08-13 21:36 - 2014-01-24 02:11 - 00419616 _____ (BitDefender S.R.L.) C:\Windows\system32\Drivers\trufos.sys
2014-08-13 21:36 - 2014-01-24 02:11 - 00034384 _____ (BitDefender SRL) C:\Windows\system32\bdsandboxuh.dll
2014-08-12 20:33 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
2014-08-12 20:20 - 2014-01-24 00:31 - 00000000 ____D () C:\Windows\system32\MRT
2014-08-12 20:19 - 2014-01-24 00:31 - 99218768 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-08-12 20:18 - 2014-01-24 13:44 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-08-12 20:13 - 2014-08-12 19:52 - 00000000 ____D () C:\Users\Ich\fungi2014
2014-08-12 19:51 - 2014-08-12 19:51 - 00001207 _____ () C:\Users\Public\Desktop\Atlas of Clinical Fungi.lnk
2014-08-12 19:51 - 2014-08-12 19:51 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Atlas of Clinical Fungi
2014-08-12 19:51 - 2014-08-12 19:50 - 00000000 ____D () C:\Program Files (x86)\Atlas of Clinical Fungi
2014-08-12 01:05 - 2014-08-12 01:05 - 15798272 _____ () C:\Users\Ich\Documents\ereignisdat2.evtx
2014-08-12 01:04 - 2014-08-12 01:04 - 12652544 _____ () C:\Users\Ich\Documents\ereignisdat.evtx
2014-08-12 00:12 - 2014-08-12 00:05 - 00000000 ____D () C:\Windows\System32\Tasks\Aufgaben der Ereignisanzeige
2014-08-09 21:30 - 2014-08-09 21:30 - 00000000 ____D () C:\Users\Ich\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
2014-08-09 21:30 - 2014-08-09 21:30 - 00000000 ____D () C:\Users\Ich\AppData\Roaming\chc
2014-08-09 16:10 - 2014-08-09 16:10 - 00007602 _____ () C:\Users\Ich\AppData\Local\Resmon.ResmonCfg
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2014-09-06 18:40
==================== End Of Log ============================
Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x64) Version: 06-09-2014
Ran by Ich at 2014-09-07 13:07:11
Running from C:\Users\Ich\Downloads
Boot Mode: Normal
==========================================================
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Bitdefender Antivirus (Enabled - Up to date) {9A0813D8-CED6-F86B-072E-28D2AF25A83D}
AS: Bitdefender Antispyware (Enabled - Up to date) {2169F23C-E8EC-F7E5-3D9E-13A0D4A2E280}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Bitdefender Firewall (Enabled) {A23392FD-84B9-F933-2C71-81E751F6EF46}
==================== Installed Programs ======================
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
Ableton Live 8 (HKLM\...\{9960E64F-4FFD-429C-9739-03CAEA8C30E3}) (Version: 8.0.0.0 - Ableton)
Adobe Community Help (HKLM-x32\...\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 3.4.980 - Adobe Systems Incorporated.)
Adobe Community Help (x32 Version: 3.4.980 - Adobe Systems Incorporated.) Hidden
Adobe Flash Player 14 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 14.0.0.145 - Adobe Systems Incorporated)
Adobe Flash Player 14 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 14.0.0.179 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.08) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.08 - Adobe Systems Incorporated)
Atlas of Clinical Fungi 4.0 (HKLM-x32\...\Atlas of Clinical Fungi_is1) (Version: - CBS)
BioEdit (HKLM-x32\...\{AF6D9313-E338-48F0-9B0C-7DE20EDB99CF}) (Version: 7.2.5.0 - Tom Hall)
Bitdefender Internet Security (HKLM\...\Bitdefender) (Version: 17.23.0.996 - Bitdefender)
CCleaner (HKLM\...\CCleaner) (Version: 4.17 - Piriform)
Citavi 4 (HKLM-x32\...\{CC0A85B2-734A-45B3-B678-05F6A6499AC7}) (Version: 4.4.0.28 - Swiss Academic Software)
Company of Heroes - FAKEMSI (x32 Version: 2.0.0.0 - THQ Inc.) Hidden
Company of Heroes (HKLM-x32\...\Company of Heroes) (Version: 2.0.0.1 - THQ Inc.)
Definition Update for Microsoft Office 2010 (KB982726) 64-Bit Edition (HKLM\...\{90140000-0012-0000-1000-0000000FF1CE}_Office14.STANDARD_{2A07A3D4-F6CA-4EEB-9576-3A6AC8A736CE}) (Version: - Microsoft)
ImageMagick 6.7.5-7 Q16 (2012-03-01) (HKLM-x32\...\ImageMagick 6.7.5 Q16_is1) (Version: 6.7.5 - ImageMagick Studio LLC)
Java 8 Update 20 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86418020F0}) (Version: 8.0.200 - Oracle Corporation)
Java Auto Updater (x32 Version: 2.8.20.26 - Oracle Corporation) Hidden
Live 8.2.4 (HKLM-x32\...\Live 8.2.4) (Version: - )
Malwarebytes Anti-Malware Version 2.0.2.1012 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
MEGA6 .06 (HKLM-x32\...\{EE7E4984-0208-48E7-959C-A5F5F06F0DE0}_is1) (Version: .06 - Center for Evolutionary Medicine and Informatics)
Microsoft .NET Framework 4.5.1 (DEU) (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Office 32-bit Components 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Outlook MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Italian) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Publisher MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 32-bit MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Standard 2010 (HKLM\...\Office14.STANDARD) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Office Standard 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft_VC80_ATL_x86 (x32 Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC80_ATL_x86_x64 (Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC80_CRT_x86 (x32 Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC80_CRT_x86_x64 (Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC80_MFC_x86 (x32 Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC80_MFC_x86_x64 (Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC80_MFCLOC_x86 (x32 Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC80_MFCLOC_x86_x64 (Version: 80.50727.4053 - Adobe) Hidden
Microsoft_VC90_ATL_x86 (x32 Version: 1.00.0000 - Adobe) Hidden
Microsoft_VC90_ATL_x86_x64 (Version: 1.00.0000 - Adobe) Hidden
Microsoft_VC90_CRT_x86 (x32 Version: 1.00.0000 - Adobe) Hidden
Microsoft_VC90_CRT_x86_x64 (Version: 1.00.0000 - Adobe) Hidden
Microsoft_VC90_MFC_x86 (x32 Version: 1.00.0000 - Adobe) Hidden
Microsoft_VC90_MFC_x86_x64 (Version: 1.00.0000 - Adobe) Hidden
Microsoft_VC90_MFCLOC_x86 (x32 Version: 1.00.0000 - Adobe) Hidden
Microsoft_VC90_MFCLOC_x86_x64 (Version: 1.00.0000 - Adobe) Hidden
Mozilla Firefox 32.0 (x86 de) (HKLM-x32\...\Mozilla Firefox 32.0 (x86 de)) (Version: 32.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
NVIDIA 3D Vision Controller-Treiber 340.50 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 340.50 - NVIDIA Corporation)
NVIDIA 3D Vision Treiber 340.52 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 340.52 - NVIDIA Corporation)
NVIDIA GeForce Experience 2.1.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.1.1 - NVIDIA Corporation)
NVIDIA Grafiktreiber 340.52 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 340.52 - NVIDIA Corporation)
NVIDIA HD-Audiotreiber 1.3.30.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.30.1 - NVIDIA Corporation)
NVIDIA Install Application (Version: 2.1002.157.1165 - NVIDIA Corporation) Hidden
NVIDIA LED Visualizer 1.0 (Version: 1.0 - NVIDIA Corporation) Hidden
NVIDIA Network Service (Version: 1.0 - NVIDIA Corporation) Hidden
NVIDIA PhysX (x32 Version: 9.13.1220 - NVIDIA Corporation) Hidden
NVIDIA PhysX-Systemsoftware 9.13.1220 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.13.1220 - NVIDIA Corporation)
NVIDIA ShadowPlay 15.3.33 (Version: 15.3.33 - NVIDIA Corporation) Hidden
NVIDIA Stereoscopic 3D Driver (x32 Version: 7.17.12.6514 - NVIDIA Corporation) Hidden
NVIDIA Systemsteuerung 340.52 (Version: 340.52 - NVIDIA Corporation) Hidden
NVIDIA Update 15.3.33 (Version: 15.3.33 - NVIDIA Corporation) Hidden
NVIDIA Update Core (Version: 15.3.33 - NVIDIA Corporation) Hidden
NVIDIA Virtual Audio 1.2.23 (Version: 1.2.23 - NVIDIA Corporation) Hidden
PDF Settings CS5 (x32 Version: 10.0 - Adobe Systems Incorporated) Hidden
PDFCreator (HKLM-x32\...\{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}) (Version: 1.7.3 - pdfforge)
PokerStars.eu (HKLM-x32\...\PokerStars.eu) (Version: - PokerStars.eu)
psynetic® Gif-X 3.00 (HKLM-x32\...\psynetic® Gif-X) (Version: 3.00 - Robert Mundt)
Scarlett Plug-in Suite 1.4 (HKLM-x32\...\{D7F912D4-C237-4079-966A-5044A5025CBF}}_is1) (Version: 1.4 - Focusrite)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 64-Bit Edition (HKLM\...\{90140000-0012-0000-1000-0000000FF1CE}_Office14.STANDARD_{A3364707-2F53-4C83-8F68-C9877A9080C7}) (Version: - Microsoft)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 64-Bit Edition (Version: - Microsoft) Hidden
SHIELD Streaming (Version: 3.1.100 - NVIDIA Corporation) Hidden
Skype™ 6.18 (HKLM-x32\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.18.106 - Skype Technologies S.A.)
Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.4.40 - Safer-Networking Ltd.)
Update for Microsoft Excel 2010 (KB2837600) 64-Bit Edition (HKLM\...\{90140000-0012-0000-1000-0000000FF1CE}_Office14.STANDARD_{17815BC8-062D-49BE-B40C-B54149C85CE3}) (Version: - Microsoft)
Update for Microsoft Filter Pack 2.0 (KB2878281) 64-Bit Edition (HKLM\...\{90140000-0012-0000-1000-0000000FF1CE}_Office14.STANDARD_{84B191B5-5319-463A-A305-8C4D53B1D20A}) (Version: - Microsoft)
Update for Microsoft InfoPath 2010 (KB2817369) 64-Bit Edition (HKLM\...\{90140000-0012-0000-1000-0000000FF1CE}_Office14.STANDARD_{DB0B0CDF-77EC-47B0-94E2-4738573A1E58}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2589298) 64-Bit Edition (HKLM\...\{90140000-0012-0000-1000-0000000FF1CE}_Office14.STANDARD_{79C725A1-3964-421C-A528-78C1C083C7C7}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2589352) 64-Bit Edition (HKLM\...\{90140000-0012-0000-1000-0000000FF1CE}_Office14.STANDARD_{95BE5D45-A3DD-4CB1-8C35-D75DD7B4D862}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2589352) 64-Bit Edition (HKLM\...\{90140000-0043-0000-1000-0000000FF1CE}_Office14.STANDARD_{95BE5D45-A3DD-4CB1-8C35-D75DD7B4D862}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2589375) 64-Bit Edition (HKLM\...\{90140000-0012-0000-1000-0000000FF1CE}_Office14.STANDARD_{EBD18DE5-BC84-4B57-9A30-097044871F9A}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2597087) 64-Bit Edition (HKLM\...\{90140000-0012-0000-1000-0000000FF1CE}_Office14.STANDARD_{4AD36582-256B-433D-8593-F31773A15CA4}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2597087) 64-Bit Edition (HKLM\...\{90140000-0043-0000-1000-0000000FF1CE}_Office14.STANDARD_{4AD36582-256B-433D-8593-F31773A15CA4}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2687502) 64-Bit Edition (HKLM\...\{90140000-001F-0409-1000-0000000FF1CE}_Office14.STANDARD_{B114A387-8A14-4C43-AE51-82F17EB81D49}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2760598) 64-Bit Edition (HKLM\...\{90140000-0012-0000-1000-0000000FF1CE}_Office14.STANDARD_{F216169C-2B40-429B-8370-B5BA06EC5423}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2760598) 64-Bit Edition (HKLM\...\{90140000-0043-0000-1000-0000000FF1CE}_Office14.STANDARD_{F216169C-2B40-429B-8370-B5BA06EC5423}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2760631) 64-Bit Edition (HKLM\...\{90140000-0012-0000-1000-0000000FF1CE}_Office14.STANDARD_{B6AD7E27-012A-4B63-82BA-AF62893E5435}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2794737) 64-Bit Edition (HKLM\...\{90140000-0012-0000-1000-0000000FF1CE}_Office14.STANDARD_{07DC9C6C-E916-4F42-8677-716930ED0393}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2825635) 64-Bit Edition (HKLM\...\{90140000-0012-0000-1000-0000000FF1CE}_Office14.STANDARD_{6E760BBA-B83F-4C2D-918F-5F91EF6C9861}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2837581) 64-Bit Edition (HKLM\...\{90140000-0012-0000-1000-0000000FF1CE}_Office14.STANDARD_{D1F3B526-7EB2-4701-92DB-0784988D78DE}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2837606) 64-Bit Edition (HKLM\...\{90140000-0012-0000-1000-0000000FF1CE}_Office14.STANDARD_{52BEF8AE-9324-40A1-9A92-E5A8FB63A475}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2850079) 64-Bit Edition (HKLM\...\{90140000-001F-0410-1000-0000000FF1CE}_Office14.STANDARD_{B2508D75-61CF-4CC0-84C0-CF257219201D}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2878252) 64-Bit Edition (HKLM\...\{90140000-0012-0000-1000-0000000FF1CE}_Office14.STANDARD_{56551B9F-2FE1-4705-ACF0-8FA920535E18}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2878252) 64-Bit Edition (HKLM\...\{90140000-0043-0000-1000-0000000FF1CE}_Office14.STANDARD_{56551B9F-2FE1-4705-ACF0-8FA920535E18}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2881028) 64-Bit Edition (HKLM\...\{90140000-001F-0407-1000-0000000FF1CE}_Office14.STANDARD_{8F699D53-05FB-488E-B7D3-E4E47257BE5D}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2881028) 64-Bit Edition (HKLM\...\{90140000-001F-040C-1000-0000000FF1CE}_Office14.STANDARD_{4B9B2BAF-EE1F-4B60-A4D9-17B7BEEB13A1}) (Version: - Microsoft)
Update for Microsoft OneNote 2010 (KB2837595) 64-Bit Edition (HKLM\...\{90140000-0012-0000-1000-0000000FF1CE}_Office14.STANDARD_{3029C408-1DD1-4273-8E58-87CB1B638FC8}) (Version: - Microsoft)
Update for Microsoft OneNote 2010 (KB2837595) 64-Bit Edition (HKLM\...\{90140000-0043-0000-1000-0000000FF1CE}_Office14.STANDARD_{3029C408-1DD1-4273-8E58-87CB1B638FC8}) (Version: - Microsoft)
Update for Microsoft Outlook 2010 (KB2687567) 64-Bit Edition (HKLM\...\{90140000-0012-0000-1000-0000000FF1CE}_Office14.STANDARD_{DDDC32A5-9528-4771-B91A-97A8E1D7957B}) (Version: - Microsoft)
Update for Microsoft Outlook 2010 (KB2687567) 64-Bit Edition (HKLM\...\{90140000-001A-0407-1000-0000000FF1CE}_Office14.STANDARD_{6164E0E5-C903-488C-93AF-1B7AF7EBC331}) (Version: - Microsoft)
Update for Microsoft PowerPoint 2010 (KB2837579) 64-Bit Edition (HKLM\...\{90140000-0012-0000-1000-0000000FF1CE}_Office14.STANDARD_{A20A650C-F820-4CE4-AEA5-EC140192FAFB}) (Version: - Microsoft)
Update for Microsoft PowerPoint 2010 (KB2837579) 64-Bit Edition (HKLM\...\{90140000-0018-0407-1000-0000000FF1CE}_Office14.STANDARD_{FD360122-6829-4497-97C1-1BF578EF695B}) (Version: - Microsoft)
Update for Microsoft SharePoint Workspace 2010 (KB2760601) 64-Bit Edition (HKLM\...\{90140000-0043-0000-1000-0000000FF1CE}_Office14.STANDARD_{77374F16-2DC6-4EEF-AFAD-C59FDA2E010D}) (Version: - Microsoft)
Update for Microsoft Word 2010 (KB2880529) 64-Bit Edition (HKLM\...\{90140000-0012-0000-1000-0000000FF1CE}_Office14.STANDARD_{89FDC8D9-FB84-4EFE-950D-AF4EECC3B64C}) (Version: - Microsoft)
Windows-Treiberpaket - Focusrite USB 2.0 Audio Driver (09/25/2013 2.5.128.1) (HKLM\...\CF1FC201D237269A9CD51A3A6B14ADBF67175C32) (Version: 09/25/2013 2.5.128.1 - Focusrite)
WinRAR 5.01 (64-Bit) (HKLM\...\WinRAR archiver) (Version: 5.01.0 - win.rar GmbH)
==================== Custom CLSID (selected items): ==========================
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
==================== Restore Points =========================
12-08-2014 18:14:30 Windows Update
21-08-2014 09:20:21 Removed Java 7 Update 67
29-08-2014 11:19:25 Scheduled Checkpoint
29-08-2014 11:56:09 Windows Update
05-09-2014 14:36:03 Scheduled Checkpoint
==================== Hosts content: ==========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2009-07-14 04:34 - 2009-06-10 23:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
==================== Scheduled Tasks (whitelisted) =============
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
Task: {01217464-065F-405E-B46D-84B678EBC318} - System32\Tasks\AdobeAAMUpdater-1.0-Mine-Ich => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2013-12-10] (Adobe Systems Incorporated)
Task: {3B7DF81D-35CD-4D69-9A33-9FC4F2CA8FC6} - \f602e71e-ead0-4e29-8b65-871d6c2a73b5-1 No Task File <==== ATTENTION
Task: {675A8C1E-2A03-41D7-A9EA-BA77ED8BB226} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe
Task: {8FC71452-62FA-494C-AF19-6467FB56A0F3} - \f602e71e-ead0-4e29-8b65-871d6c2a73b5-5 No Task File <==== ATTENTION
Task: {BEE6AFB1-F683-4E05-9143-F6AC0F045596} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-08-18] (Adobe Systems Incorporated)
Task: {C21E3F04-7285-4A94-8783-568F44EFB711} - \f602e71e-ead0-4e29-8b65-871d6c2a73b5-5_user No Task File <==== ATTENTION
Task: {CC100D4E-8A8E-4B42-AE0F-B0FB7244D52F} - \f602e71e-ead0-4e29-8b65-871d6c2a73b5-3 No Task File <==== ATTENTION
Task: {CD88624A-8B2A-45A4-A163-5A7F33C57192} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-08-21] (Piriform Ltd)
Task: {D6AA83B0-E998-4A7B-8953-25864BADA85A} - \f602e71e-ead0-4e29-8b65-871d6c2a73b5-11 No Task File <==== ATTENTION
Task: {E4B0D283-6B15-440D-9566-4FEDEA89D6A9} - \f602e71e-ead0-4e29-8b65-871d6c2a73b5-4 No Task File <==== ATTENTION
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
==================== Loaded Modules (whitelisted) =============
2014-01-24 02:21 - 2014-08-13 21:35 - 00265080 _____ () C:\Program Files\Bitdefender\Bitdefender\txmlutil.dll
2014-08-13 21:37 - 2014-08-13 21:37 - 00003072 _____ () C:\Program Files\Bitdefender\Bitdefender\UI\accessl.ui
2014-01-24 02:21 - 2011-11-14 20:17 - 00153680 _____ () C:\Program Files\Bitdefender\Bitdefender\bdfwcore.dll
2014-01-24 02:21 - 2014-08-13 21:36 - 00004608 _____ () C:\Program Files\Bitdefender\Bitdefender\UI\IMSecurityAL.ui
2014-07-24 23:00 - 2014-07-24 23:00 - 00780592 _____ () C:\Program Files\Bitdefender\Bitdefender\otengines_00047_012\ashttpbr.mdl
2014-07-24 23:00 - 2014-07-24 23:00 - 00568400 _____ () C:\Program Files\Bitdefender\Bitdefender\otengines_00047_012\ashttpdsp.mdl
2014-07-24 23:00 - 2014-07-24 23:00 - 02602680 _____ () C:\Program Files\Bitdefender\Bitdefender\otengines_00047_012\ashttpph.mdl
2014-07-24 23:00 - 2014-07-24 23:00 - 01323408 _____ () C:\Program Files\Bitdefender\Bitdefender\otengines_00047_012\ashttprbl.mdl
2014-01-24 01:28 - 2014-07-02 20:55 - 00116568 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2014-09-05 17:56 - 2014-05-13 12:04 - 00109400 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlThirdParty150.bpl
2014-09-05 17:56 - 2014-05-13 12:04 - 00416600 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\DEC150.bpl
2014-09-05 17:56 - 2014-05-13 12:04 - 00167768 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlFileFormats150.bpl
==================== Alternate Data Streams (whitelisted) =========
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
AlternateDataStreams: C:\Users\Ich\Desktop\OTL.exe:BDU
AlternateDataStreams: C:\Users\Ich\Downloads\332.21-desktop-win8-win7-winvista-64bit-international-whql.exe:BDU
AlternateDataStreams: C:\Users\Ich\Downloads\4mr1c7mt.exe:BDU
AlternateDataStreams: C:\Users\Ich\Downloads\adwcleaner_3.309.exe:BDU
AlternateDataStreams: C:\Users\Ich\Downloads\ccsetup416.exe:BDU
AlternateDataStreams: C:\Users\Ich\Downloads\ccsetup417.exe:BDU
AlternateDataStreams: C:\Users\Ich\Downloads\Citavi4Setup.exe:BDU
AlternateDataStreams: C:\Users\Ich\Downloads\dds.scr:BDU
AlternateDataStreams: C:\Users\Ich\Downloads\de-de.setup.exe:BDU
AlternateDataStreams: C:\Users\Ich\Downloads\focusrite-usb-2-driver-2.5.1.exe:BDU
AlternateDataStreams: C:\Users\Ich\Downloads\FRST64.exe:BDU
AlternateDataStreams: C:\Users\Ich\Downloads\gif-x_setup.exe:BDU
AlternateDataStreams: C:\Users\Ich\Downloads\HousecallLauncher64.exe:BDU
AlternateDataStreams: C:\Users\Ich\Downloads\mbam-setup-2.0.2.1012.exe:BDU
AlternateDataStreams: C:\Users\Ich\Downloads\MEGA6.06_setup.exe:BDU
AlternateDataStreams: C:\Users\Ich\Downloads\pdf2wordsetup11.exe:BDU
AlternateDataStreams: C:\Users\Ich\Downloads\PDFCreator-1_7_3_setup.exe:BDU
AlternateDataStreams: C:\Users\Ich\Downloads\PokerStarsInstallEU.exe:BDU
AlternateDataStreams: C:\Users\Ich\Downloads\scarlett-plug-in-suite-1.4.exe:BDU
AlternateDataStreams: C:\Users\Ich\Downloads\SecurityTaskManager_Setup.exe:BDU
AlternateDataStreams: C:\Users\Ich\Downloads\SkypeSetup.exe:BDU
AlternateDataStreams: C:\Users\Ich\Downloads\spybot-2.4.exe:BDU
AlternateDataStreams: C:\Users\Ich\Downloads\SvchostAnalyzer.exe:BDU
AlternateDataStreams: C:\Users\Ich\Downloads\winrar-x64-501d.exe:BDU
==================== Safe Mode (whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
==================== EXE Association (whitelisted) =============
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
==================== MSCONFIG/TASK MANAGER disabled items =========
(Currently there is no automatic fix for this section.)
MSCONFIG\startupreg: Bitdefender Wallet => "C:\Program Files\Bitdefender\Bitdefender\pwdmanui.exe" --hidden --nowizard
MSCONFIG\startupreg: Bitdefender Wallet Agent => "C:\Program Files\Bitdefender\Bitdefender\pmbxag.exe"
MSCONFIG\startupreg: Bitdefender Wallet Application Agent => "C:\Program Files\Bitdefender\Bitdefender\antispam32\bdapppassmgr.exe"
MSCONFIG\startupreg: SDTray => "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe"
MSCONFIG\startupreg: ShadowPlay => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
MSCONFIG\startupreg: SwitchBoard => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
==================== Faulty Device Manager Devices =============
==================== Event log errors: =========================
Application errors:
==================
Error: (09/06/2014 10:01:54 PM) (Source: Windows Search Service) (EventID: 7010) (User: )
Description: Der Index kann nicht initialisiert werden.
Details:
The content index catalog is corrupt. (HRESULT : 0xc0041801) (0xc0041801)
Error: (09/06/2014 10:01:54 PM) (Source: Windows Search Service) (EventID: 3058) (User: )
Description: Die Anwendung kann nicht initialisiert werden.
Context: Windows Application
Details:
The content index catalog is corrupt. (HRESULT : 0xc0041801) (0xc0041801)
Error: (09/06/2014 10:01:54 PM) (Source: Windows Search Service) (EventID: 3028) (User: )
Description: Das Gatherer-Objekt kann nicht initialisiert werden.
Context: Windows Application, SystemIndex Catalog
Details:
The content index catalog is corrupt. (HRESULT : 0xc0041801) (0xc0041801)
Error: (09/06/2014 10:01:54 PM) (Source: Windows Search Service) (EventID: 3029) (User: )
Description: Plug-In in <Search.TripoliIndexer> kann nicht initialisiert werden.
Context: Windows Application, SystemIndex Catalog
Details:
Element not found. (HRESULT : 0x80070490) (0x80070490)
Error: (09/06/2014 10:01:54 PM) (Source: Windows Search Service) (EventID: 3029) (User: )
Description: Plug-In in <Search.JetPropStore> kann nicht initialisiert werden.
Context: Windows Application, SystemIndex Catalog
Details:
The content index catalog is corrupt. (HRESULT : 0xc0041801) (0xc0041801)
Error: (09/06/2014 10:01:54 PM) (Source: Windows Search Service) (EventID: 9002) (User: )
Description: Die Eigenschaftenspeicherdaten können von Windows Search nicht geladen werden.
Context: Windows Application, SystemIndex Catalog
Details:
The content index database is corrupt. (HRESULT : 0xc0041800) (0xc0041800)
Error: (09/06/2014 10:01:54 PM) (Source: Windows Search Service) (EventID: 7042) (User: )
Description: Windows Search wird aufgrund eines Problems bei der Indizierung The catalog is corrupt beendet.
Details:
The content index catalog is corrupt. (HRESULT : 0xc0041801) (0xc0041801)
Error: (09/06/2014 10:01:54 PM) (Source: Windows Search Service) (EventID: 7040) (User: )
Description: Vom Suchdienst wurden beschädigte Datendateien im Index {id=4700} erkannt. Vom Dienst wird versucht, dieses Problem durch Neuerstellung des Indexes automatisch zu beheben.
Details:
The content index catalog is corrupt. (HRESULT : 0xc0041801) (0xc0041801)
Error: (09/06/2014 10:01:54 PM) (Source: Windows Search Service) (EventID: 9000) (User: )
Description: Der Jet-Eigenschaftenspeicher kann von Windows Search nicht geöffnet werden.
Details:
0x%08x (0xc0041800 - The content index database is corrupt. (HRESULT : 0xc0041800))
Error: (09/06/2014 10:01:54 PM) (Source: ESENT) (EventID: 455) (User: )
Description: Windows (3736) Windows: Fehler -1811 beim Öffnen von Protokolldatei C:\ProgramData\Microsoft\Search\Data\Applications\Windows\MSS00011.log.
System errors:
=============
Error: (09/06/2014 11:27:49 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: Das System wurde zuvor am 06.09.2014 um 23:24:56 unerwartet heruntergefahren.
Error: (09/06/2014 10:01:55 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Windows Search" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 30000 Millisekunden durchgeführt: Restart the service.
Error: (09/06/2014 10:01:55 PM) (Source: Service Control Manager) (EventID: 7024) (User: )
Description: Der Dienst "Windows Search" wurde mit folgendem dienstspezifischem Fehler beendet: %%-1073473535.
Error: (09/06/2014 06:15:14 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "Kaspersky Security Scan Service" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.
Error: (09/06/2014 00:43:10 PM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: Der Dienst "Bitdefender Virus Shield" wurde nicht richtig gestartet.
Error: (09/06/2014 00:03:58 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Windows Search" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 30000 Millisekunden durchgeführt: Restart the service.
Error: (09/06/2014 00:03:58 PM) (Source: Service Control Manager) (EventID: 7024) (User: )
Description: Der Dienst "Windows Search" wurde mit folgendem dienstspezifischem Fehler beendet: %%-1073473535.
Error: (09/05/2014 01:34:35 PM) (Source: Disk) (EventID: 11) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR1 gefunden.
Error: (09/05/2014 01:34:34 PM) (Source: Disk) (EventID: 11) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR1 gefunden.
Error: (09/05/2014 01:34:33 PM) (Source: Disk) (EventID: 11) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR1 gefunden.
Microsoft Office Sessions:
=========================
Error: (09/06/2014 10:01:54 PM) (Source: Windows Search Service) (EventID: 7010) (User: )
Description:
Details:
The content index catalog is corrupt. (HRESULT : 0xc0041801) (0xc0041801)
Error: (09/06/2014 10:01:54 PM) (Source: Windows Search Service) (EventID: 3058) (User: )
Description: Context: Windows Application
Details:
The content index catalog is corrupt. (HRESULT : 0xc0041801) (0xc0041801)
Error: (09/06/2014 10:01:54 PM) (Source: Windows Search Service) (EventID: 3028) (User: )
Description: Context: Windows Application, SystemIndex Catalog
Details:
The content index catalog is corrupt. (HRESULT : 0xc0041801) (0xc0041801)
Error: (09/06/2014 10:01:54 PM) (Source: Windows Search Service) (EventID: 3029) (User: )
Description: Context: Windows Application, SystemIndex Catalog
Details:
Element not found. (HRESULT : 0x80070490) (0x80070490)
Search.TripoliIndexer
Error: (09/06/2014 10:01:54 PM) (Source: Windows Search Service) (EventID: 3029) (User: )
Description: Context: Windows Application, SystemIndex Catalog
Details:
The content index catalog is corrupt. (HRESULT : 0xc0041801) (0xc0041801)
Search.JetPropStore
Error: (09/06/2014 10:01:54 PM) (Source: Windows Search Service) (EventID: 9002) (User: )
Description: Context: Windows Application, SystemIndex Catalog
Details:
The content index database is corrupt. (HRESULT : 0xc0041800) (0xc0041800)
Error: (09/06/2014 10:01:54 PM) (Source: Windows Search Service) (EventID: 7042) (User: )
Description:
Details:
The content index catalog is corrupt. (HRESULT : 0xc0041801) (0xc0041801)
The catalog is corrupt
Error: (09/06/2014 10:01:54 PM) (Source: Windows Search Service) (EventID: 7040) (User: )
Description:
Details:
The content index catalog is corrupt. (HRESULT : 0xc0041801) (0xc0041801)
4700
Error: (09/06/2014 10:01:54 PM) (Source: Windows Search Service) (EventID: 9000) (User: )
Description:
Details:
0x%08x (0xc0041800 - The content index database is corrupt. (HRESULT : 0xc0041800))
Error: (09/06/2014 10:01:54 PM) (Source: ESENT) (EventID: 455) (User: )
Description: Windows3736Windows: C:\ProgramData\Microsoft\Search\Data\Applications\Windows\MSS00011.log-1811
==================== Memory info ===========================
Processor: Intel(R) Core(TM)2 Duo CPU E7500 @ 2.93GHz
Percentage of memory in use: 20%
Total physical RAM: 8191.27 MB
Available physical RAM: 6507.8 MB
Total Pagefile: 16380.73 MB
Available Pagefile: 14595.74 MB
Total Virtual: 8192 MB
Available Virtual: 8191.82 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:390.53 GB) (Free:313.59 GB) NTFS
Drive d: () (Fixed) (Total:540.89 GB) (Free:269.94 GB) NTFS
Drive e: (Disk1) (CDROM) (Total:6.82 GB) (Free:0 GB) UDF
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: 24C924C8)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=390.5 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=540.9 GB) - (Type=07 NTFS)
==================== End Of Log ============================
|
|
07.09.2014, 17:51
| #5 |
| /// the machine /// TB-Ausbilder | PUP.Optional.Multiplug und andere Infektionen hi, Scan mit Combofix
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
07.09.2014, 19:40
| #6 |
| | PUP.Optional.Multiplug und andere Infektionen Hallo, Combofix hat gemeldet Bitdefender wäre nicht ausgeschaltet, lief aber alles reibungslos. Hier der Scan von Combofix: Combofix Logfile: Code:
ATTFilter ComboFix 14-09-05.01 - Ich 07.09.2014 20:14:47.1.2 - x64
Microsoft Windows 7 Enterprise 6.1.7601.1.1252.49.1033.18.8191.6460 [GMT 2:00]
ausgeführt von:: c:\users\Ich\Desktop\ComboFix.exe
AV: Bitdefender Antivirus *Enabled/Updated* {9A0813D8-CED6-F86B-072E-28D2AF25A83D}
FW: Bitdefender Firewall *Disabled* {A23392FD-84B9-F933-2C71-81E751F6EF46}
SP: Bitdefender Antispyware *Enabled/Updated* {2169F23C-E8EC-F7E5-3D9E-13A0D4A2E280}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Neuer Wiederherstellungspunkt wurde erstellt
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\1390522237.bdinstall.bin
c:\users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\aapbdbdomjkkjkaonfhkkikfgjllcleb
c:\users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\aapbdbdomjkkjkaonfhkkikfgjllcleb\137\background.html
c:\users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\aapbdbdomjkkjkaonfhkkikfgjllcleb\137\content.js
c:\users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\aapbdbdomjkkjkaonfhkkikfgjllcleb\137\irV0cX.js
c:\users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\aapbdbdomjkkjkaonfhkkikfgjllcleb\137\LLL6.js
c:\users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\aapbdbdomjkkjkaonfhkkikfgjllcleb\137\lsdb.js
c:\users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\aapbdbdomjkkjkaonfhkkikfgjllcleb\137\manifest.json
c:\users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\aapbdbdomjkkjkaonfhkkikfgjllcleb\137\SGJ.js
c:\users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\adamnmgbmigalcmgpghjdgbfbjahiagi
c:\users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\adamnmgbmigalcmgpghjdgbfbjahiagi\3.9\background.html
c:\users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\adamnmgbmigalcmgpghjdgbfbjahiagi\3.9\content.js
c:\users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\adamnmgbmigalcmgpghjdgbfbjahiagi\3.9\G7ELsO.js
c:\users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\adamnmgbmigalcmgpghjdgbfbjahiagi\3.9\lsdb.js
c:\users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\adamnmgbmigalcmgpghjdgbfbjahiagi\3.9\manifest.json
c:\users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\adamnmgbmigalcmgpghjdgbfbjahiagi\3.9\rhy.js
c:\users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\adamnmgbmigalcmgpghjdgbfbjahiagi\3.9\X2I3zl1Dgb.js
c:\users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\aapbdbdomjkkjkaonfhkkikfgjllcleb
c:\users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\aapbdbdomjkkjkaonfhkkikfgjllcleb\137\background.html
c:\users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\aapbdbdomjkkjkaonfhkkikfgjllcleb\137\content.js
c:\users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\aapbdbdomjkkjkaonfhkkikfgjllcleb\137\irV0cX.js
c:\users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\aapbdbdomjkkjkaonfhkkikfgjllcleb\137\LLL6.js
c:\users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\aapbdbdomjkkjkaonfhkkikfgjllcleb\137\lsdb.js
c:\users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\aapbdbdomjkkjkaonfhkkikfgjllcleb\137\manifest.json
c:\users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\aapbdbdomjkkjkaonfhkkikfgjllcleb\137\SGJ.js
c:\users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\adamnmgbmigalcmgpghjdgbfbjahiagi
c:\users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\adamnmgbmigalcmgpghjdgbfbjahiagi\3.9\background.html
c:\users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\adamnmgbmigalcmgpghjdgbfbjahiagi\3.9\content.js
c:\users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\adamnmgbmigalcmgpghjdgbfbjahiagi\3.9\G7ELsO.js
c:\users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\adamnmgbmigalcmgpghjdgbfbjahiagi\3.9\lsdb.js
c:\users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\adamnmgbmigalcmgpghjdgbfbjahiagi\3.9\manifest.json
c:\users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\adamnmgbmigalcmgpghjdgbfbjahiagi\3.9\rhy.js
c:\users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\adamnmgbmigalcmgpghjdgbfbjahiagi\3.9\X2I3zl1Dgb.js
c:\users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapbdbdomjkkjkaonfhkkikfgjllcleb
c:\users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapbdbdomjkkjkaonfhkkikfgjllcleb\137\background.html
c:\users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapbdbdomjkkjkaonfhkkikfgjllcleb\137\content.js
c:\users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapbdbdomjkkjkaonfhkkikfgjllcleb\137\irV0cX.js
c:\users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapbdbdomjkkjkaonfhkkikfgjllcleb\137\LLL6.js
c:\users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapbdbdomjkkjkaonfhkkikfgjllcleb\137\lsdb.js
c:\users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapbdbdomjkkjkaonfhkkikfgjllcleb\137\manifest.json
c:\users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapbdbdomjkkjkaonfhkkikfgjllcleb\137\SGJ.js
c:\users\Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\aapbdbdomjkkjkaonfhkkikfgjllcleb
c:\users\Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\aapbdbdomjkkjkaonfhkkikfgjllcleb\137\background.html
c:\users\Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\aapbdbdomjkkjkaonfhkkikfgjllcleb\137\content.js
c:\users\Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\aapbdbdomjkkjkaonfhkkikfgjllcleb\137\irV0cX.js
c:\users\Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\aapbdbdomjkkjkaonfhkkikfgjllcleb\137\LLL6.js
c:\users\Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\aapbdbdomjkkjkaonfhkkikfgjllcleb\137\lsdb.js
c:\users\Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\aapbdbdomjkkjkaonfhkkikfgjllcleb\137\manifest.json
c:\users\Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\aapbdbdomjkkjkaonfhkkikfgjllcleb\137\SGJ.js
c:\users\Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\adamnmgbmigalcmgpghjdgbfbjahiagi
c:\users\Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\adamnmgbmigalcmgpghjdgbfbjahiagi\3.9\background.html
c:\users\Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\adamnmgbmigalcmgpghjdgbfbjahiagi\3.9\content.js
c:\users\Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\adamnmgbmigalcmgpghjdgbfbjahiagi\3.9\G7ELsO.js
c:\users\Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\adamnmgbmigalcmgpghjdgbfbjahiagi\3.9\lsdb.js
c:\users\Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\adamnmgbmigalcmgpghjdgbfbjahiagi\3.9\manifest.json
c:\users\Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\adamnmgbmigalcmgpghjdgbfbjahiagi\3.9\rhy.js
c:\users\Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\adamnmgbmigalcmgpghjdgbfbjahiagi\3.9\X2I3zl1Dgb.js
c:\users\Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\aapbdbdomjkkjkaonfhkkikfgjllcleb
c:\users\Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\aapbdbdomjkkjkaonfhkkikfgjllcleb\137\background.html
c:\users\Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\aapbdbdomjkkjkaonfhkkikfgjllcleb\137\content.js
c:\users\Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\aapbdbdomjkkjkaonfhkkikfgjllcleb\137\irV0cX.js
c:\users\Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\aapbdbdomjkkjkaonfhkkikfgjllcleb\137\LLL6.js
c:\users\Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\aapbdbdomjkkjkaonfhkkikfgjllcleb\137\lsdb.js
c:\users\Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\aapbdbdomjkkjkaonfhkkikfgjllcleb\137\manifest.json
c:\users\Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\aapbdbdomjkkjkaonfhkkikfgjllcleb\137\SGJ.js
c:\users\Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\adamnmgbmigalcmgpghjdgbfbjahiagi
c:\users\Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\adamnmgbmigalcmgpghjdgbfbjahiagi\3.9\background.html
c:\users\Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\adamnmgbmigalcmgpghjdgbfbjahiagi\3.9\content.js
c:\users\Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\adamnmgbmigalcmgpghjdgbfbjahiagi\3.9\G7ELsO.js
c:\users\Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\adamnmgbmigalcmgpghjdgbfbjahiagi\3.9\lsdb.js
c:\users\Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\adamnmgbmigalcmgpghjdgbfbjahiagi\3.9\manifest.json
c:\users\Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\adamnmgbmigalcmgpghjdgbfbjahiagi\3.9\rhy.js
c:\users\Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\adamnmgbmigalcmgpghjdgbfbjahiagi\3.9\X2I3zl1Dgb.js
c:\users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapbdbdomjkkjkaonfhkkikfgjllcleb
c:\users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapbdbdomjkkjkaonfhkkikfgjllcleb\137\background.html
c:\users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapbdbdomjkkjkaonfhkkikfgjllcleb\137\content.js
c:\users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapbdbdomjkkjkaonfhkkikfgjllcleb\137\irV0cX.js
c:\users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapbdbdomjkkjkaonfhkkikfgjllcleb\137\LLL6.js
c:\users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapbdbdomjkkjkaonfhkkikfgjllcleb\137\lsdb.js
c:\users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapbdbdomjkkjkaonfhkkikfgjllcleb\137\manifest.json
c:\users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapbdbdomjkkjkaonfhkkikfgjllcleb\137\SGJ.js
c:\users\HomeGroupUser$\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\aapbdbdomjkkjkaonfhkkikfgjllcleb
c:\users\HomeGroupUser$\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\aapbdbdomjkkjkaonfhkkikfgjllcleb\137\background.html
c:\users\HomeGroupUser$\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\aapbdbdomjkkjkaonfhkkikfgjllcleb\137\content.js
c:\users\HomeGroupUser$\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\aapbdbdomjkkjkaonfhkkikfgjllcleb\137\irV0cX.js
c:\users\HomeGroupUser$\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\aapbdbdomjkkjkaonfhkkikfgjllcleb\137\LLL6.js
c:\users\HomeGroupUser$\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\aapbdbdomjkkjkaonfhkkikfgjllcleb\137\lsdb.js
c:\users\HomeGroupUser$\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\aapbdbdomjkkjkaonfhkkikfgjllcleb\137\manifest.json
c:\users\HomeGroupUser$\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\aapbdbdomjkkjkaonfhkkikfgjllcleb\137\SGJ.js
c:\users\HomeGroupUser$\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\adamnmgbmigalcmgpghjdgbfbjahiagi
c:\users\HomeGroupUser$\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\adamnmgbmigalcmgpghjdgbfbjahiagi\3.9\background.html
c:\users\HomeGroupUser$\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\adamnmgbmigalcmgpghjdgbfbjahiagi\3.9\content.js
c:\users\HomeGroupUser$\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\adamnmgbmigalcmgpghjdgbfbjahiagi\3.9\G7ELsO.js
c:\users\HomeGroupUser$\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\adamnmgbmigalcmgpghjdgbfbjahiagi\3.9\lsdb.js
c:\users\HomeGroupUser$\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\adamnmgbmigalcmgpghjdgbfbjahiagi\3.9\manifest.json
c:\users\HomeGroupUser$\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\adamnmgbmigalcmgpghjdgbfbjahiagi\3.9\rhy.js
c:\users\HomeGroupUser$\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\adamnmgbmigalcmgpghjdgbfbjahiagi\3.9\X2I3zl1Dgb.js
c:\users\HomeGroupUser$\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\aapbdbdomjkkjkaonfhkkikfgjllcleb
c:\users\HomeGroupUser$\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\aapbdbdomjkkjkaonfhkkikfgjllcleb\137\background.html
c:\users\HomeGroupUser$\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\aapbdbdomjkkjkaonfhkkikfgjllcleb\137\content.js
c:\users\HomeGroupUser$\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\aapbdbdomjkkjkaonfhkkikfgjllcleb\137\irV0cX.js
c:\users\HomeGroupUser$\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\aapbdbdomjkkjkaonfhkkikfgjllcleb\137\LLL6.js
c:\users\HomeGroupUser$\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\aapbdbdomjkkjkaonfhkkikfgjllcleb\137\lsdb.js
c:\users\HomeGroupUser$\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\aapbdbdomjkkjkaonfhkkikfgjllcleb\137\manifest.json
c:\users\HomeGroupUser$\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\aapbdbdomjkkjkaonfhkkikfgjllcleb\137\SGJ.js
c:\users\HomeGroupUser$\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\adamnmgbmigalcmgpghjdgbfbjahiagi
c:\users\HomeGroupUser$\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\adamnmgbmigalcmgpghjdgbfbjahiagi\3.9\background.html
c:\users\HomeGroupUser$\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\adamnmgbmigalcmgpghjdgbfbjahiagi\3.9\content.js
c:\users\HomeGroupUser$\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\adamnmgbmigalcmgpghjdgbfbjahiagi\3.9\G7ELsO.js
c:\users\HomeGroupUser$\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\adamnmgbmigalcmgpghjdgbfbjahiagi\3.9\lsdb.js
c:\users\HomeGroupUser$\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\adamnmgbmigalcmgpghjdgbfbjahiagi\3.9\manifest.json
c:\users\HomeGroupUser$\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\adamnmgbmigalcmgpghjdgbfbjahiagi\3.9\rhy.js
c:\users\HomeGroupUser$\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\adamnmgbmigalcmgpghjdgbfbjahiagi\3.9\X2I3zl1Dgb.js
c:\users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapbdbdomjkkjkaonfhkkikfgjllcleb
c:\users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapbdbdomjkkjkaonfhkkikfgjllcleb\137\background.html
c:\users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapbdbdomjkkjkaonfhkkikfgjllcleb\137\content.js
c:\users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapbdbdomjkkjkaonfhkkikfgjllcleb\137\irV0cX.js
c:\users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapbdbdomjkkjkaonfhkkikfgjllcleb\137\LLL6.js
c:\users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapbdbdomjkkjkaonfhkkikfgjllcleb\137\lsdb.js
c:\users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapbdbdomjkkjkaonfhkkikfgjllcleb\137\manifest.json
c:\users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapbdbdomjkkjkaonfhkkikfgjllcleb\137\SGJ.js
c:\users\Ich\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\aapbdbdomjkkjkaonfhkkikfgjllcleb
c:\users\Ich\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\aapbdbdomjkkjkaonfhkkikfgjllcleb\137\background.html
c:\users\Ich\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\aapbdbdomjkkjkaonfhkkikfgjllcleb\137\content.js
c:\users\Ich\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\aapbdbdomjkkjkaonfhkkikfgjllcleb\137\irV0cX.js
c:\users\Ich\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\aapbdbdomjkkjkaonfhkkikfgjllcleb\137\LLL6.js
c:\users\Ich\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\aapbdbdomjkkjkaonfhkkikfgjllcleb\137\lsdb.js
c:\users\Ich\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\aapbdbdomjkkjkaonfhkkikfgjllcleb\137\manifest.json
c:\users\Ich\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\aapbdbdomjkkjkaonfhkkikfgjllcleb\137\SGJ.js
c:\users\Ich\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\adamnmgbmigalcmgpghjdgbfbjahiagi
c:\users\Ich\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\adamnmgbmigalcmgpghjdgbfbjahiagi\3.9\background.html
c:\users\Ich\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\adamnmgbmigalcmgpghjdgbfbjahiagi\3.9\content.js
c:\users\Ich\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\adamnmgbmigalcmgpghjdgbfbjahiagi\3.9\G7ELsO.js
c:\users\Ich\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\adamnmgbmigalcmgpghjdgbfbjahiagi\3.9\lsdb.js
c:\users\Ich\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\adamnmgbmigalcmgpghjdgbfbjahiagi\3.9\manifest.json
c:\users\Ich\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\adamnmgbmigalcmgpghjdgbfbjahiagi\3.9\rhy.js
c:\users\Ich\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\adamnmgbmigalcmgpghjdgbfbjahiagi\3.9\X2I3zl1Dgb.js
c:\users\Ich\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\aapbdbdomjkkjkaonfhkkikfgjllcleb
c:\users\Ich\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\aapbdbdomjkkjkaonfhkkikfgjllcleb\137\background.html
c:\users\Ich\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\aapbdbdomjkkjkaonfhkkikfgjllcleb\137\content.js
c:\users\Ich\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\aapbdbdomjkkjkaonfhkkikfgjllcleb\137\irV0cX.js
c:\users\Ich\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\aapbdbdomjkkjkaonfhkkikfgjllcleb\137\LLL6.js
c:\users\Ich\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\aapbdbdomjkkjkaonfhkkikfgjllcleb\137\lsdb.js
c:\users\Ich\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\aapbdbdomjkkjkaonfhkkikfgjllcleb\137\manifest.json
c:\users\Ich\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\aapbdbdomjkkjkaonfhkkikfgjllcleb\137\SGJ.js
c:\users\Ich\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\adamnmgbmigalcmgpghjdgbfbjahiagi
c:\users\Ich\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\adamnmgbmigalcmgpghjdgbfbjahiagi\3.9\background.html
c:\users\Ich\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\adamnmgbmigalcmgpghjdgbfbjahiagi\3.9\content.js
c:\users\Ich\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\adamnmgbmigalcmgpghjdgbfbjahiagi\3.9\G7ELsO.js
c:\users\Ich\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\adamnmgbmigalcmgpghjdgbfbjahiagi\3.9\lsdb.js
c:\users\Ich\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\adamnmgbmigalcmgpghjdgbfbjahiagi\3.9\manifest.json
c:\users\Ich\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\adamnmgbmigalcmgpghjdgbfbjahiagi\3.9\rhy.js
c:\users\Ich\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\adamnmgbmigalcmgpghjdgbfbjahiagi\3.9\X2I3zl1Dgb.js
c:\users\Ich\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapbdbdomjkkjkaonfhkkikfgjllcleb
c:\users\Ich\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapbdbdomjkkjkaonfhkkikfgjllcleb\137\background.html
c:\users\Ich\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapbdbdomjkkjkaonfhkkikfgjllcleb\137\content.js
c:\users\Ich\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapbdbdomjkkjkaonfhkkikfgjllcleb\137\irV0cX.js
c:\users\Ich\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapbdbdomjkkjkaonfhkkikfgjllcleb\137\LLL6.js
c:\users\Ich\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapbdbdomjkkjkaonfhkkikfgjllcleb\137\lsdb.js
c:\users\Ich\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapbdbdomjkkjkaonfhkkikfgjllcleb\137\manifest.json
c:\users\Ich\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapbdbdomjkkjkaonfhkkikfgjllcleb\137\SGJ.js
.
.
((((((((((((((((((((((( Dateien erstellt von 2014-08-07 bis 2014-09-07 ))))))))))))))))))))))))))))))
.
.
2014-09-07 18:21 . 2014-09-07 18:21 -------- d-----w- c:\users\Default\AppData\Local\temp
2014-09-07 00:34 . 2014-09-07 00:34 -------- d-----w- c:\users\Ich\AppData\Local\ElevatedDiagnostics
2014-09-06 20:56 . 2014-09-07 11:07 -------- d-----w- C:\FRST
2014-09-06 09:58 . 2014-09-06 10:00 -------- d-----w- C:\AdwCleaner
2014-09-05 15:56 . 2013-09-20 08:49 21040 ----a-w- c:\windows\system32\sdnclean64.exe
2014-09-05 15:56 . 2014-09-05 16:29 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2014-09-05 15:56 . 2014-09-05 16:00 -------- d-----w- c:\program files (x86)\Spybot - Search & Destroy 2
2014-09-05 15:18 . 2014-09-07 10:27 122584 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2014-09-05 15:17 . 2014-09-05 15:17 -------- d-----w- c:\program files (x86)\ Malwarebytes Anti-Malware
2014-09-05 15:17 . 2014-09-05 15:17 -------- d-----w- c:\programdata\Malwarebytes
2014-09-05 15:17 . 2014-05-12 05:26 63704 ----a-w- c:\windows\system32\drivers\mwac.sys
2014-09-05 15:17 . 2014-05-12 05:26 91352 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2014-09-05 15:17 . 2014-05-12 05:25 25816 ----a-w- c:\windows\system32\drivers\mbam.sys
2014-09-02 19:22 . 2014-09-02 19:22 -------- d-----w- c:\users\Ich\AppData\Local\Skype
2014-09-02 19:22 . 2014-09-02 21:55 -------- d-----w- c:\users\Ich\AppData\Roaming\Skype
2014-09-02 19:22 . 2014-09-02 19:22 -------- d-----w- c:\program files (x86)\Common Files\Skype
2014-09-02 19:22 . 2014-09-02 19:22 -------- d-----r- c:\program files (x86)\Skype
2014-09-02 19:21 . 2014-09-06 12:54 -------- d-----w- c:\programdata\Skype
2014-08-29 10:49 . 2014-08-23 02:07 404480 ----a-w- c:\windows\system32\gdi32.dll
2014-08-29 10:49 . 2014-08-23 01:45 311808 ----a-w- c:\windows\SysWow64\gdi32.dll
2014-08-29 10:49 . 2014-08-23 00:59 3163648 ----a-w- c:\windows\system32\win32k.sys
2014-08-24 19:51 . 2014-08-24 19:51 -------- d-----w- c:\users\Ich\AppData\Roaming\MEGA6_6140226
2014-08-24 19:51 . 2014-08-24 19:51 -------- d-----w- c:\program files (x86)\MEGA6
2014-08-21 09:20 . 2014-08-21 09:20 -------- d-----w- c:\program files (x86)\Common Files\Java
2014-08-21 09:19 . 2014-08-21 09:19 111016 ----a-w- c:\windows\system32\WindowsAccessBridge-64.dll
2014-08-21 09:19 . 2014-08-21 09:19 -------- d-----w- c:\program files\Java
2014-08-21 08:54 . 2014-08-21 09:09 -------- d-----w- c:\programdata\89862a08bda44ad
2014-08-21 08:54 . 2014-08-21 08:54 -------- d-----w- c:\users\Ich\AppData\Local\Google
2014-08-21 08:54 . 2014-08-21 08:54 -------- d-----w- c:\users\Ich\AppData\Local\Comodo
2014-08-21 08:54 . 2014-08-21 08:54 -------- d-----w- c:\users\HomeGroupUser$
2014-08-21 08:54 . 2014-08-21 08:54 -------- d-----w- c:\users\Guest
2014-08-21 08:54 . 2014-08-21 08:54 -------- d-----w- c:\users\Administrator
2014-08-18 15:52 . 2014-09-07 16:43 -------- d-----w- c:\users\Ich\AppData\Local\Adobe
2014-08-13 19:37 . 2014-08-13 19:37 1260120 ----a-w- c:\windows\system32\drivers\avc3.sys
2014-08-12 18:15 . 2014-03-09 21:48 171160 ----a-w- c:\windows\system32\infocardapi.dll
2014-08-12 18:15 . 2014-03-09 21:48 1389208 ----a-w- c:\windows\system32\icardagt.exe
2014-08-12 18:15 . 2014-03-09 21:47 99480 ----a-w- c:\windows\SysWow64\infocardapi.dll
2014-08-12 18:15 . 2014-03-09 21:47 619672 ----a-w- c:\windows\SysWow64\icardagt.exe
2014-08-12 18:15 . 2014-06-30 22:24 8856 ----a-w- c:\windows\system32\icardres.dll
2014-08-12 18:15 . 2014-06-30 22:14 8856 ----a-w- c:\windows\SysWow64\icardres.dll
2014-08-12 18:15 . 2014-06-06 06:16 35480 ----a-w- c:\windows\SysWow64\TsWpfWrp.exe
2014-08-12 18:15 . 2014-06-06 06:12 35480 ----a-w- c:\windows\system32\TsWpfWrp.exe
2014-08-12 17:59 . 2014-07-14 02:02 1216000 ----a-w- c:\windows\system32\rpcrt4.dll
2014-08-12 17:59 . 2014-07-14 01:40 664064 ----a-w- c:\windows\SysWow64\rpcrt4.dll
2014-08-12 17:52 . 2014-08-18 15:46 -------- d-----w- c:\users\Ich\encyclios
2014-08-12 17:52 . 2014-08-12 18:13 -------- d-----w- c:\users\Ich\fungi2014
2014-08-12 17:50 . 2014-08-12 17:51 -------- d-----w- c:\program files (x86)\Atlas of Clinical Fungi
2014-08-09 19:30 . 2014-08-09 19:30 -------- d-----w- c:\users\Ich\AppData\Roaming\chc
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-08-18 15:45 . 2014-01-24 12:57 71344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2014-08-18 15:45 . 2014-01-24 12:57 699568 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2014-08-13 19:37 . 2014-01-24 00:11 84848 ----a-w- c:\windows\system32\bdsandboxuiskin.dll
2014-08-13 19:36 . 2014-01-24 00:21 647752 ----a-w- c:\windows\system32\drivers\avckf.sys
2014-08-13 19:36 . 2014-01-24 00:11 34384 ----a-w- c:\windows\system32\bdsandboxuh.dll
2014-08-13 19:36 . 2014-01-24 00:11 419616 ----a-w- c:\windows\system32\drivers\trufos.sys
2014-08-13 19:36 . 2014-01-24 00:52 74512 ----a-w- c:\windows\system32\bdsandboxuiskin32.dll
2014-08-12 18:19 . 2014-01-23 22:31 99218768 ----a-w- c:\windows\system32\MRT.exe
2014-07-25 13:50 . 2014-07-29 21:25 1291280 ----a-w- c:\windows\SysWow64\nvspbridge.dll
2014-07-25 13:50 . 2014-01-24 13:28 1126480 ----a-w- c:\windows\SysWow64\nvspcap.dll
2014-07-25 13:50 . 2014-07-29 21:25 1715224 ----a-w- c:\windows\system32\nvspbridge64.dll
2014-07-25 13:50 . 2014-01-24 13:28 1283136 ----a-w- c:\windows\system32\nvspcap64.dll
2014-07-02 20:48 . 2014-07-29 21:51 944928 ----a-w- c:\windows\system32\NvIFR64.dll
2014-07-02 20:48 . 2014-07-29 21:51 907096 ----a-w- c:\windows\SysWow64\NvIFR.dll
2014-07-02 20:48 . 2014-07-29 21:51 31512520 ----a-w- c:\windows\system32\nvoglv64.dll
2014-07-02 20:48 . 2014-07-29 21:51 24196896 ----a-w- c:\windows\SysWow64\nvoglv32.dll
2014-07-02 20:48 . 2014-07-29 21:51 16122344 ----a-w- c:\windows\SysWow64\nvwgf2um.dll
2014-07-02 20:48 . 2014-07-29 21:51 13922752 ----a-w- c:\windows\system32\nvopencl.dll
2014-07-02 20:48 . 2014-07-29 21:51 12866008 ----a-w- c:\windows\system32\drivers\nvlddmkm.sys
2014-07-02 20:48 . 2014-07-29 21:51 11283344 ----a-w- c:\windows\SysWow64\nvopencl.dll
2014-07-02 20:48 . 2014-07-29 21:51 903624 ----a-w- c:\windows\system32\NvFBC64.dll
2014-07-02 20:48 . 2014-07-29 21:51 869152 ----a-w- c:\windows\SysWow64\NvFBC.dll
2014-07-02 20:48 . 2014-07-29 21:51 4247000 ----a-w- c:\windows\system32\nvcuvid.dll
2014-07-02 20:48 . 2014-07-29 21:51 3989960 ----a-w- c:\windows\SysWow64\nvcuvid.dll
2014-07-02 20:48 . 2014-07-29 21:51 22994208 ----a-w- c:\windows\system32\nvcompiler.dll
2014-07-02 20:48 . 2014-07-29 21:51 1890080 ----a-w- c:\windows\system32\nvdispco6434052.dll
2014-07-02 20:48 . 2014-07-29 21:51 17555104 ----a-w- c:\windows\system32\nvd3dumx.dll
2014-07-02 20:48 . 2014-07-29 21:51 1539928 ----a-w- c:\windows\system32\nvdispgenco6434052.dll
2014-07-02 20:48 . 2014-07-29 21:51 15294296 ----a-w- c:\windows\SysWow64\nvcompiler.dll
2014-07-02 20:48 . 2014-07-29 21:51 13835208 ----a-w- c:\windows\system32\nvcuda.dll
2014-07-02 20:48 . 2014-07-29 21:51 11222048 ----a-w- c:\windows\SysWow64\nvcuda.dll
2014-07-02 20:48 . 2014-01-24 13:24 18626304 ----a-w- c:\windows\system32\nvwgf2umx.dll
2014-07-02 20:48 . 2014-01-24 13:24 2814656 ----a-w- c:\windows\SysWow64\nvapi.dll
2014-07-02 20:48 . 2014-01-23 23:28 75040 ----a-w- c:\windows\system32\OpenCL.dll
2014-07-02 20:48 . 2014-01-23 23:28 61912 ----a-w- c:\windows\SysWow64\OpenCL.dll
2014-07-02 20:48 . 2013-10-27 08:12 14498552 ----a-w- c:\windows\SysWow64\nvd3dum.dll
2014-07-02 20:48 . 2013-10-27 08:12 3196816 ----a-w- c:\windows\system32\nvapi64.dll
2014-07-02 18:55 . 2014-01-23 23:28 6783776 ----a-w- c:\windows\system32\nvcpl.dll
2014-07-02 18:55 . 2014-01-23 23:28 3522392 ----a-w- c:\windows\system32\nvsvc64.dll
2014-07-02 18:55 . 2014-01-23 23:28 935368 ----a-w- c:\windows\system32\nvvsvc.exe
2014-07-02 18:55 . 2014-01-23 23:28 62808 ----a-w- c:\windows\system32\nvshext.dll
2014-07-02 18:55 . 2014-01-23 23:28 386520 ----a-w- c:\windows\system32\nvmctray.dll
2014-07-02 18:55 . 2014-01-23 23:28 2559960 ----a-w- c:\windows\system32\nvsvcr.dll
2014-07-02 17:44 . 2014-07-29 21:54 609240 ----a-w- c:\windows\SysWow64\nvStreaming.exe
2014-07-02 10:14 . 2014-05-27 17:00 3826628 ----a-w- c:\windows\system32\nvcoproc.bin
2014-06-18 02:18 . 2014-07-09 20:42 692736 ----a-w- c:\windows\system32\osk.exe
2014-06-18 01:51 . 2014-07-09 20:42 646144 ----a-w- c:\windows\SysWow64\osk.exe
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"AdobeCS5.5ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" [2011-01-12 1523360]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-12-21 959904]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Bitdefender Wallet Agent"="c:\program files\Bitdefender\Bitdefender\pmbxag.exe" [2014-08-13 568400]
"Bitdefender Wallet"="c:\program files\Bitdefender\Bitdefender\pwdmanui.exe" [2014-08-13 1002048]
"Bitdefender Wallet Application Agent"="c:\program files\Bitdefender\Bitdefender\antispam32\bdapppassmgr.exe" [2014-08-13 615256]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0\0sdnclean64.exe
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe;c:\program files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe [x]
R2 MBAMService;MBAMService;c:\program files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe;c:\program files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 bdfwfpf_pc;bdfwfpf_pc;c:\program files\Common Files\Bitdefender\Bitdefender Firewall\bdfwfpf_pc.sys;c:\program files\Common Files\Bitdefender\Bitdefender Firewall\bdfwfpf_pc.sys [x]
R3 BDSandBox;BDSandBox;c:\windows\system32\drivers\bdsandbox.sys;c:\windows\SYSNATIVE\drivers\bdsandbox.sys [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]
R3 MBAMWebAccessControl;MBAMWebAccessControl;c:\windows\system32\drivers\mwac.sys;c:\windows\SYSNATIVE\drivers\mwac.sys [x]
R3 ose64;Office 64 Source Engine;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 SDScannerService;Spybot-S&D 2 Scanner Service;c:\program files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe;c:\program files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [x]
R3 SwitchBoard;SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [x]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys;c:\windows\SYSNATIVE\drivers\synth3dvsc.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 tsusbhub;tsusbhub;tsusbhub [x]
R4 BdDesktopParental;Bitdefender Desktop Parental Control;c:\program files\Bitdefender\Bitdefender\bdparentalservice.exe;c:\program files\Bitdefender\Bitdefender\bdparentalservice.exe [x]
S0 avc3;avc3;c:\windows\system32\DRIVERS\avc3.sys;c:\windows\SYSNATIVE\DRIVERS\avc3.sys [x]
S0 gzflt;gzflt;c:\windows\system32\DRIVERS\gzflt.sys;c:\windows\SYSNATIVE\DRIVERS\gzflt.sys [x]
S1 BdfNdisf;BitDefender Firewall NDIS 6 Filter Driver;c:\program files\common files\bitdefender\bitdefender firewall\bdfndisf6.sys;c:\program files\common files\bitdefender\bitdefender firewall\bdfndisf6.sys [x]
S1 bdfwfpf;bdfwfpf;c:\program files\Common Files\Bitdefender\Bitdefender Firewall\bdfwfpf.sys;c:\program files\Common Files\Bitdefender\Bitdefender Firewall\bdfwfpf.sys [x]
S2 NvNetworkService;NVIDIA Network Service;c:\program files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe;c:\program files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [x]
S2 NvStreamSvc;NVIDIA Streamer Service;c:\program files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe;c:\program files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [x]
S2 SDUpdateService;Spybot-S&D 2 Updating Service;c:\program files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe;c:\program files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [x]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [x]
S3 avchv;avchv Function Driver;c:\windows\system32\DRIVERS\avchv.sys;c:\windows\SYSNATIVE\DRIVERS\avchv.sys [x]
S3 avckf;avckf;c:\windows\system32\DRIVERS\avckf.sys;c:\windows\SYSNATIVE\DRIVERS\avckf.sys [x]
S3 ffusb2audio;Focusrite USB 2.0 Audio Driver;c:\windows\system32\DRIVERS\ffusb2audio.sys;c:\windows\SYSNATIVE\DRIVERS\ffusb2audio.sys [x]
S3 NvStreamKms;NvStreamKms;c:\program files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys;c:\program files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [x]
S3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM);c:\windows\system32\drivers\nvvad64v.sys;c:\windows\SYSNATIVE\drivers\nvvad64v.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
.
.
Inhalt des "geplante Tasks" Ordners
.
2014-09-07 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-01-24 15:45]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Logitech Download Assistant"="c:\windows\System32\LogiLDA.dll" [2012-09-20 1832760]
"Bdagent"="c:\program files\Bitdefender\Bitdefender\bdagent.exe" [2014-08-13 1743088]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2013-12-10 472984]
"NvBackend"="c:\program files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe" [2014-07-25 2403104]
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = about:blank
mStart Page = about:blank
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: &Citavi Picker... - file://c:\program files (x86)\Internet Explorer\Citavi Picker\ShowContextMenu.html
IE: An OneNote s&enden - c:\progra~1\MICROS~1\Office14\ONBttnIE.dll/105
IE: Nach Microsoft E&xcel exportieren - c:\progra~1\MICROS~1\Office14\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.2.1
FF - ProfilePath - c:\users\Ich\AppData\Roaming\Mozilla\Firefox\Profiles\quh1ckxf.default\
FF - prefs.js: browser.startup.homepage - about:home
FF - prefs.js: network.proxy.type - 0
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Wow6432Node-HKCU-Run-AdobeBridge - (no file)
Wow6432Node-HKU-Default-RunOnce-SPReview - c:\windows\System32\SPReview\SPReview.exe
Notify-SDWinLogon - SDWinLogon.dll
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_14_0_0_145_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_14_0_0_145_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_14_0_0_145_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_14_0_0_145_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_14_0_0_145.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.14"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_14_0_0_145.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_14_0_0_145.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_14_0_0_145.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2014-09-07 20:24:29
ComboFix-quarantined-files.txt 2014-09-07 18:24
.
Vor Suchlauf: 10 Verzeichnis(se), 340.372.934.656 Bytes frei
Nach Suchlauf: 14 Verzeichnis(se), 340.183.261.184 Bytes frei
.
- - End Of File - - 5AC64B2BE9137EC841235ECC69702872
--- --- ---
A36C5E4F47E84449FF07ED3517B43A31
Jascha Geändert von Don_Jascha (07.09.2014 um 19:42 Uhr) Grund: copy-paste-Fehler |
|
08.09.2014, 13:40
| #7 |
| /// the machine /// TB-Ausbilder | PUP.Optional.Multiplug und andere Infektionen Downloade Dir bitte  Malwarebytes Anti-Malware
Downloade Dir bitte  AdwCleaner auf deinen Desktop.
Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
und ein frisches FRST log bitte.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
08.09.2014, 21:05
| #8 |
| | PUP.Optional.Multiplug und andere Infektionen Servus, hier die gewünschten Logs: Malwarebytes: Code:
ATTFilter Malwarebytes Anti-Malware www.malwarebytes.org Suchlauf Datum: 08.09.2014 Suchlauf-Zeit: 21:11:06 Logdatei: MB_log.txt Administrator: Ja Version: 2.00.2.1012 Malware Datenbank: v2014.09.08.06 Rootkit Datenbank: v2014.08.21.01 Lizenz: Testversion Malware Schutz: Aktiviert Bösartiger Webseiten Schutz: Aktiviert Self-protection: Deaktiviert Betriebssystem: Windows 7 Service Pack 1 CPU: x64 Dateisystem: NTFS Benutzer: Ich Suchlauf-Art: Bedrohungs-Suchlauf Ergebnis: Abgeschlossen Durchsuchte Objekte: 368771 Verstrichene Zeit: 9 Min, 23 Sek Speicher: Aktiviert Autostart: Aktiviert Dateisystem: Aktiviert Archive: Aktiviert Rootkits: Aktiviert Heuristics: Aktiviert PUP: Aktiviert PUM: Aktiviert Prozesse: 0 (No malicious items detected) Module: 0 (No malicious items detected) Registrierungsschlüssel: 0 (No malicious items detected) Registrierungswerte: 0 (No malicious items detected) Registrierungsdaten: 0 (No malicious items detected) Ordner: 0 (No malicious items detected) Dateien: 0 (No malicious items detected) Physische Sektoren: 0 (No malicious items detected) (end) Code:
ATTFilter # AdwCleaner v3.309 - Report created 08/09/2014 at 21:32:21
# Updated 02/09/2014 by Xplode
# Operating System : Windows 7 Enterprise Service Pack 1 (64 bits)
# Username : Ich - MINE
# Running from : C:\Users\Ich\Desktop\adwcleaner_3.309(1).exe
# Option : Clean
***** [ Services ] *****
***** [ Files / Folders ] *****
***** [ Scheduled Tasks ] *****
***** [ Shortcuts ] *****
***** [ Registry ] *****
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
***** [ Browsers ] *****
-\\ Internet Explorer v11.0.9600.17239
-\\ Mozilla Firefox v32.0 (x86 de)
[ File : C:\Users\Ich\AppData\Roaming\Mozilla\Firefox\Profiles\904y1060.default\prefs.js ]
[ File : C:\Users\Ich\AppData\Roaming\Mozilla\Firefox\Profiles\quh1ckxf.default\prefs.js ]
*************************
AdwCleaner[R0].txt - [5693 octets] - [06/09/2014 11:58:05]
AdwCleaner[R1].txt - [1135 octets] - [08/09/2014 21:30:50]
AdwCleaner[S0].txt - [5800 octets] - [06/09/2014 12:00:39]
AdwCleaner[S1].txt - [1059 octets] - [08/09/2014 21:32:21]
########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [1119 octets] ##########
Code:
ATTFilter ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.4 (04.06.2014:1)
OS: Windows 7 Enterprise x64
Ran by Ich on 08.09.2014 at 21:37:48,18
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~ Services
~~~ Registry Values
Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Default_Page_URL
~~~ Registry Keys
~~~ Files
~~~ Folders
~~~ FireFox
Successfully deleted the following from C:\Users\Ich\AppData\Roaming\mozilla\firefox\profiles\quh1ckxf.default\prefs.js
user_pref("extensions.aDcG.url", "hxxp://webdriiver.in/sync2/?q=hfZ9ofV9CShEAen0rTr8qShTB6lKDzt4okmxtNtVh7n0rjnEpdsFrdY8qdk4tMFHhd9Fqda4rdkEpjk7rTCMDMlGojUMAe4Uojs4qTC6pdU9rTr
Emptied folder: C:\Users\Ich\AppData\Roaming\mozilla\firefox\profiles\quh1ckxf.default\minidumps [17 files]
~~~ Event Viewer Logs were cleared
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 08.09.2014 at 21:42:52,69
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 06-09-2014 Ran by Ich (administrator) on MINE on 08-09-2014 21:53:55 Running from C:\Users\Ich\Downloads Platform: Windows 7 Enterprise Service Pack 1 (X64) OS Language: Englisch (USA) Internet Explorer Version 11 Boot Mode: Normal ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (Bitdefender) C:\Program Files\Bitdefender\Bitdefender\vsserv.exe (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe (Microsoft Corporation) C:\Windows\System32\msiexec.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe (Bitdefender) C:\Program Files\Bitdefender\Bitdefender\updatesrv.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe (Bitdefender) C:\Program Files\Bitdefender\Bitdefender\bdagent.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch HKLM\...\Run: [Bdagent] => C:\Program Files\Bitdefender\Bitdefender\bdagent.exe [1743088 2014-08-13] (Bitdefender) HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [472984 2013-12-10] (Adobe Systems Incorporated) HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2403104 2014-07-25] (NVIDIA Corporation) HKLM-x32\...\Run: [AdobeCS5.5ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe [1523360 2011-01-12] (Adobe Systems Incorporated) HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-12-21] (Adobe Systems Incorporated) Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X] HKU\.DEFAULT\...\Run: [Bitdefender Wallet Agent] => C:\Program Files\Bitdefender\Bitdefender\pmbxag.exe [568400 2014-08-13] (Bitdefender) HKU\.DEFAULT\...\Run: [Bitdefender Wallet] => C:\Program Files\Bitdefender\Bitdefender\pwdmanui.exe [1002048 2014-08-13] (Bitdefender) HKU\.DEFAULT\...\Run: [Bitdefender Wallet Application Agent] => C:\Program Files\Bitdefender\Bitdefender\antispam32\bdapppassmgr.exe [615256 2014-08-13] (Bitdefender) BootExecute: autocheck autochk * sdnclean64.exe GroupPolicy: Group Policy on Chrome detected <======= ATTENTION ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe BHO: Bitdefender Wallet -> {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} -> C:\Program Files\Bitdefender\Bitdefender\pmbxie.dll (Bitdefender) BHO: Citavi Picker -> {609D670F-B735-4da7-AC6D-F3BD358E325E} -> C:\Windows\system32\mscoree.dll (Microsoft Corporation) BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_20\bin\ssv.dll (Oracle Corporation) BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_20\bin\jp2ssv.dll (Oracle Corporation) BHO-x32: Bitdefender Wallet -> {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} -> C:\Program Files\Bitdefender\Bitdefender\Antispam32\pmbxie.dll (Bitdefender) BHO-x32: Citavi Picker -> {609D670F-B735-4da7-AC6D-F3BD358E325E} -> C:\Windows\SysWOW64\mscoree.dll (Microsoft Corporation) BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) Tcpip\Parameters: [DhcpNameServer] 192.168.2.1 FireFox: ======== FF ProfilePath: C:\Users\Ich\AppData\Roaming\Mozilla\Firefox\Profiles\quh1ckxf.default FF Homepage: about:home FF NetworkProxy: "type", 0 FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_14_0_0_179.dll () FF Plugin: @java.com/DTPlugin,version=11.20.2 -> C:\Program Files\Java\jre1.8.0_20\bin\dtplugin\npDeployJava1.dll (Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=11.20.2 -> C:\Program Files\Java\jre1.8.0_20\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll (Adobe Systems) FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_179.dll () FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation) FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation) FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml FF Extension: YouTube Unblocker - C:\Users\Ich\AppData\Roaming\Mozilla\Firefox\Profiles\quh1ckxf.default\Extensions\youtubeunblocker@unblocker.yt [2014-05-01] FF Extension: Deutsch (DE) Language Pack - C:\Users\Ich\AppData\Roaming\Mozilla\Firefox\Profiles\quh1ckxf.default\Extensions\langpack-de@firefox.mozilla.org.xpi [2014-08-24] FF Extension: English (GB) Language Pack - C:\Users\Ich\AppData\Roaming\Mozilla\Firefox\Profiles\quh1ckxf.default\Extensions\langpack-en-GB@firefox.mozilla.org.xpi [2014-08-24] FF Extension: Adblock Plus - C:\Users\Ich\AppData\Roaming\Mozilla\Firefox\Profiles\quh1ckxf.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-01-24] FF HKLM\...\Thunderbird\Extensions: [bdThunderbird@bitdefender.com] - C:\Program Files\Bitdefender\Bitdefender\bdtbext FF Extension: bdToolbar - C:\Program Files\Bitdefender\Bitdefender\bdtbext [2014-01-24] FF HKLM-x32\...\Firefox\Extensions: [ffpwdman@bitdefender.com] - C:\Program Files\Bitdefender\Bitdefender\Antispam32\ffpwdman FF Extension: Bitdefender Wallet - C:\Program Files\Bitdefender\Bitdefender\Antispam32\ffpwdman [2014-01-24] FF HKLM-x32\...\Firefox\Extensions: [{8AA36F4F-6DC7-4c06-77AF-5035170634FE}] - C:\ProgramData\Swiss Academic Software\Citavi Picker\Firefox FF Extension: Citavi Picker - C:\ProgramData\Swiss Academic Software\Citavi Picker\Firefox [2014-05-02] FF HKLM-x32\...\Thunderbird\Extensions: [bdThunderbird@bitdefender.com] - C:\Program Files\Bitdefender\Bitdefender\bdtbext Chrome: ======= CHR HKLM-x32\...\Chrome\Extension: [ccahoghmggldkcdjiebjkidpfongdfbl] - C:\Program Files\Bitdefender\Bitdefender\Antispam32\pmbxcr.crx [2014-03-10] CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION ==================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) S4 BdDesktopParental; C:\Program Files\Bitdefender\Bitdefender\bdparentalservice.exe [77632 2014-08-13] (Bitdefender) R2 MBAMScheduler; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe [1809720 2014-05-12] (Malwarebytes Corporation) S2 MBAMService; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [860472 2014-05-12] (Malwarebytes Corporation) R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1720608 2014-07-25] (NVIDIA Corporation) R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [18956064 2014-07-25] (NVIDIA Corporation) S3 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1738168 2014-06-24] (Safer-Networking Ltd.) R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2088408 2014-06-27] (Safer-Networking Ltd.) S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed] R2 UPDATESRV; C:\Program Files\Bitdefender\Bitdefender\updatesrv.exe [67320 2014-08-13] (Bitdefender) R2 VSSERV; C:\Program Files\Bitdefender\Bitdefender\vsserv.exe [1528896 2014-08-13] (Bitdefender) S2 WLMS; C:\Windows\system32\wlms\wlms.exe [19456 2009-07-14] (Microsoft Corporation) ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R0 avc3; C:\Windows\System32\DRIVERS\avc3.sys [1260120 2014-08-13] (BitDefender) R3 avchv; C:\Windows\System32\DRIVERS\avchv.sys [261056 2012-11-02] (BitDefender) S3 avckf; C:\Windows\System32\DRIVERS\avckf.sys [647752 2014-08-13] (BitDefender) R1 BdfNdisf; c:\program files\common files\bitdefender\bitdefender firewall\bdfndisf6.sys [93600 2014-05-22] (BitDefender LLC) R1 bdfwfpf; C:\Program Files\Common Files\Bitdefender\Bitdefender Firewall\bdfwfpf.sys [103504 2011-11-14] (BitDefender LLC) S3 bdfwfpf_pc; C:\Program Files\Common Files\Bitdefender\Bitdefender Firewall\bdfwfpf_pc.sys [121928 2013-07-02] (Bitdefender SRL) S3 BDSandBox; C:\Windows\system32\drivers\bdsandbox.sys [82824 2013-11-04] (BitDefender SRL) R3 ffusb2audio; C:\Windows\System32\DRIVERS\ffusb2audio.sys [127280 2013-09-25] (Focusrite Audio Engineering Limited.) R0 gzflt; C:\Windows\System32\DRIVERS\gzflt.sys [150256 2013-08-23] (BitDefender LLC) R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-05-12] (Malwarebytes Corporation) S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-05-12] (Malwarebytes Corporation) R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [20256 2014-07-25] (NVIDIA Corporation) R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [40392 2014-03-31] (NVIDIA Corporation) R0 trufos; C:\Windows\System32\DRIVERS\trufos.sys [419616 2014-08-13] (BitDefender S.R.L.) S3 catchme; \??\C:\ComboFix\catchme.sys [X] S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X] S3 tsusbhub; system32\drivers\tsusbhub.sys [X] S3 VGPU; System32\drivers\rdvgkmd.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2014-09-08 21:42 - 2014-09-08 21:42 - 00001185 _____ () C:\Users\Ich\Desktop\JRT.txt 2014-09-08 21:37 - 2014-09-08 21:37 - 00000000 ____D () C:\Windows\ERUNT 2014-09-08 21:36 - 2014-09-08 21:36 - 00001199 _____ () C:\Users\Ich\Desktop\AdwCleaner[S1].txt 2014-09-08 21:33 - 2014-09-08 21:33 - 00000310 _____ () C:\Windows\PFRO.log 2014-09-08 21:09 - 2014-09-08 21:09 - 01016261 _____ (Thisisu) C:\Users\Ich\Desktop\JRT.exe 2014-09-08 21:08 - 2014-09-08 21:08 - 01370483 _____ () C:\Users\Ich\Desktop\adwcleaner_3.309(1).exe 2014-09-08 00:51 - 2014-09-08 21:46 - 00000672 _____ () C:\Windows\setupact.log 2014-09-08 00:51 - 2014-09-08 00:51 - 00000000 _____ () C:\Windows\setuperr.log 2014-09-07 20:12 - 2011-06-26 08:45 - 00256000 _____ () C:\Windows\PEV.exe 2014-09-07 20:12 - 2010-11-07 19:20 - 00208896 _____ () C:\Windows\MBR.exe 2014-09-07 20:12 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe 2014-09-07 20:12 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe 2014-09-07 20:12 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe 2014-09-07 20:12 - 2000-08-31 02:00 - 00098816 _____ () C:\Windows\sed.exe 2014-09-07 20:12 - 2000-08-31 02:00 - 00080412 _____ () C:\Windows\grep.exe 2014-09-07 20:12 - 2000-08-31 02:00 - 00068096 _____ () C:\Windows\zip.exe 2014-09-07 20:10 - 2014-09-07 20:24 - 00000000 ____D () C:\Qoobox 2014-09-07 20:09 - 2014-09-07 20:22 - 00000000 ____D () C:\Windows\erdnt 2014-09-07 20:07 - 2014-09-07 20:07 - 05576440 ____R (Swearware) C:\Users\Ich\Desktop\ComboFix.exe 2014-09-07 13:07 - 2014-09-07 13:07 - 00031771 _____ () C:\Users\Ich\Downloads\Addition.txt 2014-09-07 12:48 - 2014-09-08 21:53 - 00013061 _____ () C:\Users\Ich\Downloads\FRST.txt 2014-09-06 23:26 - 2014-09-06 23:35 - 00000000 ____D () C:\Windows\Minidump 2014-09-06 22:56 - 2014-09-08 21:53 - 00000000 ____D () C:\FRST 2014-09-06 22:47 - 2014-09-06 22:48 - 02104832 _____ (Farbar) C:\Users\Ich\Downloads\FRST64.exe 2014-09-06 22:47 - 2014-09-06 22:47 - 00380416 _____ () C:\Users\Ich\Downloads\4mr1c7mt.exe 2014-09-06 19:45 - 2014-09-06 19:45 - 00254858 _____ () C:\Users\Ich\AppData\Local\census.cache 2014-09-06 19:45 - 2014-09-06 19:45 - 00103849 _____ () C:\Users\Ich\AppData\Local\ars.cache 2014-09-06 14:15 - 2014-09-06 14:15 - 02405664 _____ (Trend Micro Inc.) C:\Users\Ich\Downloads\HousecallLauncher64.exe 2014-09-06 14:15 - 2014-09-06 14:15 - 00416576 _____ (Kaspersky Lab) C:\Users\Ich\Downloads\de-de.setup.exe 2014-09-06 14:15 - 2014-09-06 14:15 - 00000036 _____ () C:\Users\Ich\AppData\Local\housecall.guid.cache 2014-09-06 14:03 - 2014-09-06 14:03 - 00602112 _____ (OldTimer Tools) C:\Users\Ich\Desktop\OTL.exe 2014-09-06 11:58 - 2014-09-08 21:32 - 00000000 ____D () C:\AdwCleaner 2014-09-06 11:22 - 2014-09-06 11:22 - 00688992 ____R (Swearware) C:\Users\Ich\Downloads\dds.scr 2014-09-06 10:28 - 2014-09-06 10:28 - 02365840 _____ () C:\Users\Ich\Downloads\SecurityTaskManager_Setup.exe 2014-09-06 10:23 - 2014-09-06 10:23 - 00540072 _____ (Neuber Software) C:\Users\Ich\Downloads\SvchostAnalyzer.exe 2014-09-05 18:29 - 2014-09-05 18:29 - 00000000 ____D () C:\Users\Ich\Documents\ProcAlyzer Dumps 2014-09-05 17:57 - 2014-09-05 17:57 - 00000000 ____D () C:\Windows\System32\Tasks\Safer-Networking 2014-09-05 17:56 - 2014-09-05 18:29 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy 2014-09-05 17:56 - 2014-09-05 18:00 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy 2 2014-09-05 17:56 - 2014-09-05 17:56 - 00001395 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk 2014-09-05 17:56 - 2014-09-05 17:56 - 00001383 _____ () C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk 2014-09-05 17:56 - 2013-09-20 10:49 - 00021040 _____ (Safer Networking Limited) C:\Windows\system32\sdnclean64.exe 2014-09-05 17:54 - 2014-09-05 17:55 - 46525608 _____ (Safer-Networking Ltd. ) C:\Users\Ich\Downloads\spybot-2.4.exe 2014-09-05 17:18 - 2014-09-08 21:10 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2014-09-05 17:17 - 2014-09-05 17:17 - 00001106 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk 2014-09-05 17:17 - 2014-09-05 17:17 - 00000000 ____D () C:\ProgramData\Malwarebytes 2014-09-05 17:17 - 2014-09-05 17:17 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 2014-09-05 17:17 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys 2014-09-05 17:17 - 2014-05-12 07:26 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys 2014-09-05 17:17 - 2014-05-12 07:25 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys 2014-09-05 17:16 - 2014-09-05 17:17 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Ich\Downloads\mbam-setup-2.0.2.1012.exe 2014-09-05 13:43 - 2014-09-06 10:14 - 00001326 _____ () C:\Windows\Tasks\MQDC-job-furz 2014-09-03 19:45 - 2014-09-03 19:45 - 04870145 _____ () C:\Users\Ich\Downloads\Lemmings_en.zip 2014-09-02 21:22 - 2014-09-06 14:54 - 00002517 _____ () C:\Users\Public\Desktop\Skype.lnk 2014-09-02 21:22 - 2014-09-06 14:54 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype 2014-09-02 21:22 - 2014-09-02 23:55 - 00000000 ____D () C:\Users\Ich\AppData\Roaming\Skype 2014-09-02 21:22 - 2014-09-02 21:22 - 00000000 ___RD () C:\Program Files (x86)\Skype 2014-09-02 21:22 - 2014-09-02 21:22 - 00000000 ____D () C:\Users\Ich\AppData\Local\Skype 2014-09-02 21:21 - 2014-09-06 14:54 - 00000000 ____D () C:\ProgramData\Skype 2014-09-02 21:20 - 2014-09-02 21:20 - 01677928 _____ (Skype Technologies S.A.) C:\Users\Ich\Downloads\SkypeSetup.exe 2014-09-02 20:00 - 2014-09-02 20:00 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox 2014-08-30 12:42 - 2014-08-30 12:42 - 00109280 _____ () C:\Users\Ich\AppData\Local\GDIPFONTCACHEV1.DAT 2014-08-30 10:58 - 2014-08-30 11:00 - 04966568 _____ () C:\Windows\system32\FNTCACHE.DAT 2014-08-30 00:37 - 2014-08-30 00:38 - 04901352 _____ (Piriform Ltd) C:\Users\Ich\Downloads\ccsetup417.exe 2014-08-29 15:40 - 2014-08-29 15:41 - 06224233 _____ () C:\Users\Ich\Downloads\Kokusnu__pilz.zip 2014-08-29 12:49 - 2014-08-23 04:07 - 00404480 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll 2014-08-29 12:49 - 2014-08-23 03:45 - 00311808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll 2014-08-29 12:49 - 2014-08-23 02:59 - 03163648 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys 2014-08-24 21:51 - 2014-08-24 21:51 - 00000967 _____ () C:\Users\Public\Desktop\MEGA6.lnk 2014-08-24 21:51 - 2014-08-24 21:51 - 00000000 ____D () C:\Users\Ich\AppData\Roaming\MEGA6_6140226 2014-08-24 21:51 - 2014-08-24 21:51 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MEGA6 2014-08-24 21:51 - 2014-08-24 21:51 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ImageMagick 6.7.5 Q16 2014-08-24 21:51 - 2014-08-24 21:51 - 00000000 ____D () C:\Program Files (x86)\MEGA6 2014-08-23 14:23 - 2014-08-23 14:23 - 04813544 _____ (Piriform Ltd) C:\Users\Ich\Downloads\ccsetup416.exe 2014-08-21 11:19 - 2014-08-21 11:19 - 00111016 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge-64.dll 2014-08-21 11:19 - 2014-08-21 11:19 - 00000000 ____D () C:\Program Files\Java 2014-08-21 10:54 - 2014-08-21 11:09 - 00000000 ____D () C:\ProgramData\89862a08bda44ad 2014-08-21 10:54 - 2014-08-21 10:54 - 00000394 __RSH () C:\ProgramData\ntuser.pol 2014-08-21 10:54 - 2014-08-21 10:54 - 00000000 ____D () C:\Users\HomeGroupUser$\AppData\Local\Google 2014-08-21 10:54 - 2014-08-21 10:54 - 00000000 ____D () C:\Users\HomeGroupUser$\AppData\Local\Comodo 2014-08-21 10:54 - 2014-08-21 10:54 - 00000000 ____D () C:\Users\HomeGroupUser$ 2014-08-21 10:54 - 2014-08-21 10:54 - 00000000 ____D () C:\Users\Guest\AppData\Local\Google 2014-08-21 10:54 - 2014-08-21 10:54 - 00000000 ____D () C:\Users\Guest\AppData\Local\Comodo 2014-08-21 10:54 - 2014-08-21 10:54 - 00000000 ____D () C:\Users\Guest 2014-08-21 10:54 - 2014-08-21 10:54 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Google 2014-08-21 10:54 - 2014-08-21 10:54 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Comodo 2014-08-21 10:54 - 2014-08-21 10:54 - 00000000 ____D () C:\Users\Administrator 2014-08-18 17:52 - 2014-09-08 20:39 - 00000000 ____D () C:\Users\Ich\AppData\Local\Adobe 2014-08-13 21:37 - 2014-08-13 21:37 - 01260120 _____ (BitDefender) C:\Windows\system32\Drivers\avc3.sys 2014-08-12 20:15 - 2014-07-01 00:24 - 00008856 _____ (Microsoft Corporation) C:\Windows\system32\icardres.dll 2014-08-12 20:15 - 2014-07-01 00:14 - 00008856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardres.dll 2014-08-12 20:15 - 2014-06-06 08:16 - 00035480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TsWpfWrp.exe 2014-08-12 20:15 - 2014-06-06 08:12 - 00035480 _____ (Microsoft Corporation) C:\Windows\system32\TsWpfWrp.exe 2014-08-12 20:15 - 2014-03-09 23:48 - 01389208 _____ (Microsoft Corporation) C:\Windows\system32\icardagt.exe 2014-08-12 20:15 - 2014-03-09 23:48 - 00171160 _____ (Microsoft Corporation) C:\Windows\system32\infocardapi.dll 2014-08-12 20:15 - 2014-03-09 23:47 - 00619672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardagt.exe 2014-08-12 20:15 - 2014-03-09 23:47 - 00099480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\infocardapi.dll 2014-08-12 20:00 - 2014-08-01 01:41 - 00348856 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll 2014-08-12 20:00 - 2014-08-01 01:16 - 00307384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll 2014-08-12 20:00 - 2014-07-25 16:52 - 23645696 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2014-08-12 20:00 - 2014-07-25 16:02 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2014-08-12 20:00 - 2014-07-25 16:01 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll 2014-08-12 20:00 - 2014-07-25 15:51 - 17524224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2014-08-12 20:00 - 2014-07-25 15:30 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll 2014-08-12 20:00 - 2014-07-25 15:28 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll 2014-08-12 20:00 - 2014-07-25 15:28 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll 2014-08-12 20:00 - 2014-07-25 15:25 - 02774528 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2014-08-12 20:00 - 2014-07-25 15:25 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll 2014-08-12 20:00 - 2014-07-25 15:11 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll 2014-08-12 20:00 - 2014-07-25 15:10 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll 2014-08-12 20:00 - 2014-07-25 15:04 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb 2014-08-12 20:00 - 2014-07-25 15:03 - 00598016 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll 2014-08-12 20:00 - 2014-07-25 15:00 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe 2014-08-12 20:00 - 2014-07-25 15:00 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe 2014-08-12 20:00 - 2014-07-25 14:59 - 00758272 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll 2014-08-12 20:00 - 2014-07-25 14:47 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe 2014-08-12 20:00 - 2014-07-25 14:40 - 00452096 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll 2014-08-12 20:00 - 2014-07-25 14:34 - 00455168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll 2014-08-12 20:00 - 2014-07-25 14:34 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll 2014-08-12 20:00 - 2014-07-25 14:33 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll 2014-08-12 20:00 - 2014-07-25 14:30 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll 2014-08-12 20:00 - 2014-07-25 14:28 - 05824512 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2014-08-12 20:00 - 2014-07-25 14:28 - 00072704 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll 2014-08-12 20:00 - 2014-07-25 14:21 - 02184704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2014-08-12 20:00 - 2014-07-25 14:19 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll 2014-08-12 20:00 - 2014-07-25 14:18 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll 2014-08-12 20:00 - 2014-07-25 14:17 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll 2014-08-12 20:00 - 2014-07-25 14:17 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll 2014-08-12 20:00 - 2014-07-25 14:12 - 00438784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll 2014-08-12 20:00 - 2014-07-25 14:10 - 00292864 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll 2014-08-12 20:00 - 2014-07-25 14:10 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe 2014-08-12 20:00 - 2014-07-25 14:08 - 00597504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll 2014-08-12 20:00 - 2014-07-25 14:06 - 04204032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll 2014-08-12 20:00 - 2014-07-25 13:52 - 00367104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll 2014-08-12 20:00 - 2014-07-25 13:47 - 00631808 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2014-08-12 20:00 - 2014-07-25 13:43 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll 2014-08-12 20:00 - 2014-07-25 13:42 - 00692736 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe 2014-08-12 20:00 - 2014-07-25 13:39 - 02087936 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl 2014-08-12 20:00 - 2014-07-25 13:39 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll 2014-08-12 20:00 - 2014-07-25 13:36 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll 2014-08-12 20:00 - 2014-07-25 13:34 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll 2014-08-12 20:00 - 2014-07-25 13:29 - 00239616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll 2014-08-12 20:00 - 2014-07-25 13:23 - 13547008 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2014-08-12 20:00 - 2014-07-25 13:13 - 00526336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll 2014-08-12 20:00 - 2014-07-25 13:07 - 02001920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl 2014-08-12 20:00 - 2014-07-25 13:07 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll 2014-08-12 20:00 - 2014-07-25 13:03 - 11772928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2014-08-12 20:00 - 2014-07-25 12:52 - 02266624 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2014-08-12 20:00 - 2014-07-25 12:26 - 01431040 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2014-08-12 20:00 - 2014-07-25 12:17 - 00846336 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll 2014-08-12 20:00 - 2014-07-25 12:09 - 00704512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll 2014-08-12 20:00 - 2014-07-25 12:05 - 01792512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2014-08-12 20:00 - 2014-07-25 12:00 - 01169920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2014-08-12 20:00 - 2014-07-16 05:23 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll 2014-08-12 20:00 - 2014-07-16 04:46 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll 2014-08-12 20:00 - 2014-07-09 04:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDYAK.DLL 2014-08-12 20:00 - 2014-07-09 04:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDTAT.DLL 2014-08-12 20:00 - 2014-07-09 04:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDRU1.DLL 2014-08-12 20:00 - 2014-07-09 04:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDBASH.DLL 2014-08-12 20:00 - 2014-07-09 04:03 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\KBDRU.DLL 2014-08-12 20:00 - 2014-07-09 03:31 - 00007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDYAK.DLL 2014-08-12 20:00 - 2014-07-09 03:31 - 00007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDTAT.DLL 2014-08-12 20:00 - 2014-07-09 03:31 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDRU1.DLL 2014-08-12 20:00 - 2014-07-09 03:31 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDRU.DLL 2014-08-12 20:00 - 2014-07-09 03:31 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDBASH.DLL 2014-08-12 20:00 - 2014-07-09 00:38 - 00419992 _____ () C:\Windows\system32\locale.nls 2014-08-12 20:00 - 2014-07-09 00:30 - 00419992 _____ () C:\Windows\SysWOW64\locale.nls 2014-08-12 20:00 - 2014-06-25 04:05 - 14175744 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll 2014-08-12 20:00 - 2014-06-25 03:41 - 12874240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll 2014-08-12 20:00 - 2014-06-16 04:10 - 00985536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys 2014-08-12 20:00 - 2014-06-03 12:02 - 03241984 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll 2014-08-12 20:00 - 2014-06-03 12:02 - 01941504 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll 2014-08-12 20:00 - 2014-06-03 12:02 - 00504320 _____ (Microsoft Corporation) C:\Windows\system32\msihnd.dll 2014-08-12 20:00 - 2014-06-03 12:02 - 00112064 _____ (Microsoft Corporation) C:\Windows\system32\consent.exe 2014-08-12 20:00 - 2014-06-03 11:29 - 02363392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll 2014-08-12 20:00 - 2014-06-03 11:29 - 01805824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll 2014-08-12 20:00 - 2014-06-03 11:29 - 00337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msihnd.dll 2014-08-12 19:59 - 2014-07-14 04:02 - 01216000 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll 2014-08-12 19:59 - 2014-07-14 03:40 - 00664064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll 2014-08-12 19:52 - 2014-08-18 17:46 - 00000000 ____D () C:\Users\Ich\encyclios 2014-08-12 19:52 - 2014-08-12 20:13 - 00000000 ____D () C:\Users\Ich\fungi2014 2014-08-12 19:51 - 2014-08-12 19:51 - 00001207 _____ () C:\Users\Public\Desktop\Atlas of Clinical Fungi.lnk 2014-08-12 19:51 - 2014-08-12 19:51 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Atlas of Clinical Fungi 2014-08-12 19:50 - 2014-08-12 19:51 - 00000000 ____D () C:\Program Files (x86)\Atlas of Clinical Fungi 2014-08-12 01:05 - 2014-08-12 01:05 - 15798272 _____ () C:\Users\Ich\Documents\ereignisdat2.evtx 2014-08-12 01:04 - 2014-08-12 01:04 - 12652544 _____ () C:\Users\Ich\Documents\ereignisdat.evtx 2014-08-12 00:05 - 2014-08-12 00:12 - 00000000 ____D () C:\Windows\System32\Tasks\Aufgaben der Ereignisanzeige 2014-08-09 21:30 - 2014-08-09 21:30 - 00000000 ____D () C:\Users\Ich\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1 2014-08-09 21:30 - 2014-08-09 21:30 - 00000000 ____D () C:\Users\Ich\AppData\Roaming\chc 2014-08-09 16:10 - 2014-08-09 16:10 - 00007602 _____ () C:\Users\Ich\AppData\Local\Resmon.ResmonCfg ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2014-09-08 21:54 - 2014-09-07 12:48 - 00013061 _____ () C:\Users\Ich\Downloads\FRST.txt 2014-09-08 21:53 - 2014-09-06 22:56 - 00000000 ____D () C:\FRST 2014-09-08 21:51 - 2009-07-14 06:45 - 00016448 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2014-09-08 21:51 - 2009-07-14 06:45 - 00016448 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2014-09-08 21:49 - 2014-01-23 23:27 - 02053345 _____ () C:\Windows\WindowsUpdate.log 2014-09-08 21:46 - 2014-09-08 00:51 - 00000672 _____ () C:\Windows\setupact.log 2014-09-08 21:46 - 2014-01-24 01:28 - 00000000 ____D () C:\ProgramData\NVIDIA 2014-09-08 21:46 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2014-09-08 21:42 - 2014-09-08 21:42 - 00001185 _____ () C:\Users\Ich\Desktop\JRT.txt 2014-09-08 21:37 - 2014-09-08 21:37 - 00000000 ____D () C:\Windows\ERUNT 2014-09-08 21:36 - 2014-09-08 21:36 - 00001199 _____ () C:\Users\Ich\Desktop\AdwCleaner[S1].txt 2014-09-08 21:33 - 2014-09-08 21:33 - 00000310 _____ () C:\Windows\PFRO.log 2014-09-08 21:32 - 2014-09-06 11:58 - 00000000 ____D () C:\AdwCleaner 2014-09-08 21:10 - 2014-09-05 17:18 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2014-09-08 21:09 - 2014-09-08 21:09 - 01016261 _____ (Thisisu) C:\Users\Ich\Desktop\JRT.exe 2014-09-08 21:08 - 2014-09-08 21:08 - 01370483 _____ () C:\Users\Ich\Desktop\adwcleaner_3.309(1).exe 2014-09-08 21:07 - 2014-01-24 14:57 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job 2014-09-08 20:39 - 2014-08-18 17:52 - 00000000 ____D () C:\Users\Ich\AppData\Local\Adobe 2014-09-08 00:51 - 2014-09-08 00:51 - 00000000 _____ () C:\Windows\setuperr.log 2014-09-08 00:51 - 2009-07-14 07:08 - 00032620 _____ () C:\Windows\Tasks\SCHEDLGU.TXT 2014-09-08 00:00 - 2014-05-25 18:14 - 00000000 ____D () C:\Users\Ich\AppData\Local\PokerStars.EU 2014-09-07 21:44 - 2014-01-23 23:35 - 00000000 ____D () C:\Users\Ich 2014-09-07 20:57 - 2014-05-02 12:11 - 00000000 ____D () C:\Users\Ich\Documents\Citavi 4 2014-09-07 20:24 - 2014-09-07 20:10 - 00000000 ____D () C:\Qoobox 2014-09-07 20:22 - 2014-09-07 20:09 - 00000000 ____D () C:\Windows\erdnt 2014-09-07 20:22 - 2009-07-14 04:34 - 00000215 _____ () C:\Windows\system.ini 2014-09-07 20:07 - 2014-09-07 20:07 - 05576440 ____R (Swearware) C:\Users\Ich\Desktop\ComboFix.exe 2014-09-07 13:07 - 2014-09-07 13:07 - 00031771 _____ () C:\Users\Ich\Downloads\Addition.txt 2014-09-06 23:35 - 2014-09-06 23:26 - 00000000 ____D () C:\Windows\Minidump 2014-09-06 22:48 - 2014-09-06 22:47 - 02104832 _____ (Farbar) C:\Users\Ich\Downloads\FRST64.exe 2014-09-06 22:47 - 2014-09-06 22:47 - 00380416 _____ () C:\Users\Ich\Downloads\4mr1c7mt.exe 2014-09-06 19:45 - 2014-09-06 19:45 - 00254858 _____ () C:\Users\Ich\AppData\Local\census.cache 2014-09-06 19:45 - 2014-09-06 19:45 - 00103849 _____ () C:\Users\Ich\AppData\Local\ars.cache 2014-09-06 14:54 - 2014-09-02 21:22 - 00002517 _____ () C:\Users\Public\Desktop\Skype.lnk 2014-09-06 14:54 - 2014-09-02 21:22 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype 2014-09-06 14:54 - 2014-09-02 21:21 - 00000000 ____D () C:\ProgramData\Skype 2014-09-06 14:39 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\system32\NDF 2014-09-06 14:15 - 2014-09-06 14:15 - 02405664 _____ (Trend Micro Inc.) C:\Users\Ich\Downloads\HousecallLauncher64.exe 2014-09-06 14:15 - 2014-09-06 14:15 - 00416576 _____ (Kaspersky Lab) C:\Users\Ich\Downloads\de-de.setup.exe 2014-09-06 14:15 - 2014-09-06 14:15 - 00000036 _____ () C:\Users\Ich\AppData\Local\housecall.guid.cache 2014-09-06 14:03 - 2014-09-06 14:03 - 00602112 _____ (OldTimer Tools) C:\Users\Ich\Desktop\OTL.exe 2014-09-06 11:44 - 2014-01-24 14:05 - 00000000 ____D () C:\Program Files (x86)\Adobe 2014-09-06 11:22 - 2014-09-06 11:22 - 00688992 ____R (Swearware) C:\Users\Ich\Downloads\dds.scr 2014-09-06 10:28 - 2014-09-06 10:28 - 02365840 _____ () C:\Users\Ich\Downloads\SecurityTaskManager_Setup.exe 2014-09-06 10:23 - 2014-09-06 10:23 - 00540072 _____ (Neuber Software) C:\Users\Ich\Downloads\SvchostAnalyzer.exe 2014-09-06 10:14 - 2014-09-05 13:43 - 00001326 _____ () C:\Windows\Tasks\MQDC-job-furz 2014-09-05 18:29 - 2014-09-05 18:29 - 00000000 ____D () C:\Users\Ich\Documents\ProcAlyzer Dumps 2014-09-05 18:29 - 2014-09-05 17:56 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy 2014-09-05 18:00 - 2014-09-05 17:56 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy 2 2014-09-05 17:57 - 2014-09-05 17:57 - 00000000 ____D () C:\Windows\System32\Tasks\Safer-Networking 2014-09-05 17:56 - 2014-09-05 17:56 - 00001395 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk 2014-09-05 17:56 - 2014-09-05 17:56 - 00001383 _____ () C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk 2014-09-05 17:55 - 2014-09-05 17:54 - 46525608 _____ (Safer-Networking Ltd. ) C:\Users\Ich\Downloads\spybot-2.4.exe 2014-09-05 17:32 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\AppCompat 2014-09-05 17:17 - 2014-09-05 17:17 - 00001106 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk 2014-09-05 17:17 - 2014-09-05 17:17 - 00000000 ____D () C:\ProgramData\Malwarebytes 2014-09-05 17:17 - 2014-09-05 17:17 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 2014-09-05 17:17 - 2014-09-05 17:16 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Ich\Downloads\mbam-setup-2.0.2.1012.exe 2014-09-04 17:28 - 2014-01-24 13:12 - 00000000 ____D () C:\Users\Ich\AppData\Roaming\Adobe 2014-09-04 16:36 - 2014-05-24 10:53 - 00000000 ____D () C:\Users\Ich\Documents\mega_cache_6140226 2014-09-04 16:07 - 2014-01-24 02:00 - 00696528 _____ () C:\Windows\system32\perfh007.dat 2014-09-04 16:07 - 2014-01-24 02:00 - 00148496 _____ () C:\Windows\system32\perfc007.dat 2014-09-04 16:07 - 2009-07-14 07:13 - 01618320 _____ () C:\Windows\system32\PerfStringBackup.INI 2014-09-03 19:45 - 2014-09-03 19:45 - 04870145 _____ () C:\Users\Ich\Downloads\Lemmings_en.zip 2014-09-03 08:32 - 2014-01-24 02:03 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service 2014-09-03 00:08 - 2014-07-06 17:25 - 00000000 ____D () C:\Users\Ich\Documents\psynetic-gifx 2014-09-02 23:55 - 2014-09-02 21:22 - 00000000 ____D () C:\Users\Ich\AppData\Roaming\Skype 2014-09-02 21:22 - 2014-09-02 21:22 - 00000000 ___RD () C:\Program Files (x86)\Skype 2014-09-02 21:22 - 2014-09-02 21:22 - 00000000 ____D () C:\Users\Ich\AppData\Local\Skype 2014-09-02 21:20 - 2014-09-02 21:20 - 01677928 _____ (Skype Technologies S.A.) C:\Users\Ich\Downloads\SkypeSetup.exe 2014-09-02 20:00 - 2014-09-02 20:00 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox 2014-08-30 12:42 - 2014-08-30 12:42 - 00109280 _____ () C:\Users\Ich\AppData\Local\GDIPFONTCACHEV1.DAT 2014-08-30 11:00 - 2014-08-30 10:58 - 04966568 _____ () C:\Windows\system32\FNTCACHE.DAT 2014-08-30 00:38 - 2014-08-30 00:37 - 04901352 _____ (Piriform Ltd) C:\Users\Ich\Downloads\ccsetup417.exe 2014-08-30 00:38 - 2014-01-24 14:55 - 00000822 _____ () C:\Users\Public\Desktop\CCleaner.lnk 2014-08-30 00:38 - 2014-01-24 14:55 - 00000000 ____D () C:\Program Files\CCleaner 2014-08-29 22:21 - 2014-05-25 18:14 - 00000000 ____D () C:\Program Files (x86)\PokerStars.EU 2014-08-29 16:13 - 2014-05-23 20:08 - 00000000 ____D () C:\Users\Ich\AppData\Roaming\MEGA_Global 2014-08-29 15:41 - 2014-08-29 15:40 - 06224233 _____ () C:\Users\Ich\Downloads\Kokusnu__pilz.zip 2014-08-24 21:51 - 2014-08-24 21:51 - 00000967 _____ () C:\Users\Public\Desktop\MEGA6.lnk 2014-08-24 21:51 - 2014-08-24 21:51 - 00000000 ____D () C:\Users\Ich\AppData\Roaming\MEGA6_6140226 2014-08-24 21:51 - 2014-08-24 21:51 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MEGA6 2014-08-24 21:51 - 2014-08-24 21:51 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ImageMagick 6.7.5 Q16 2014-08-24 21:51 - 2014-08-24 21:51 - 00000000 ____D () C:\Program Files (x86)\MEGA6 2014-08-23 14:23 - 2014-08-23 14:23 - 04813544 _____ (Piriform Ltd) C:\Users\Ich\Downloads\ccsetup416.exe 2014-08-23 04:07 - 2014-08-29 12:49 - 00404480 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll 2014-08-23 03:45 - 2014-08-29 12:49 - 00311808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll 2014-08-23 02:59 - 2014-08-29 12:49 - 03163648 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys 2014-08-21 11:19 - 2014-08-21 11:19 - 00111016 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge-64.dll 2014-08-21 11:19 - 2014-08-21 11:19 - 00000000 ____D () C:\Program Files\Java 2014-08-21 11:19 - 2014-06-26 14:33 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java 2014-08-21 11:19 - 2014-05-24 15:28 - 00000000 ____D () C:\ProgramData\Oracle 2014-08-21 11:09 - 2014-08-21 10:54 - 00000000 ____D () C:\ProgramData\89862a08bda44ad 2014-08-21 10:54 - 2014-08-21 10:54 - 00000394 __RSH () C:\ProgramData\ntuser.pol 2014-08-21 10:54 - 2014-08-21 10:54 - 00000000 ____D () C:\Users\HomeGroupUser$\AppData\Local\Google 2014-08-21 10:54 - 2014-08-21 10:54 - 00000000 ____D () C:\Users\HomeGroupUser$\AppData\Local\Comodo 2014-08-21 10:54 - 2014-08-21 10:54 - 00000000 ____D () C:\Users\HomeGroupUser$ 2014-08-21 10:54 - 2014-08-21 10:54 - 00000000 ____D () C:\Users\Guest\AppData\Local\Google 2014-08-21 10:54 - 2014-08-21 10:54 - 00000000 ____D () C:\Users\Guest\AppData\Local\Comodo 2014-08-21 10:54 - 2014-08-21 10:54 - 00000000 ____D () C:\Users\Guest 2014-08-21 10:54 - 2014-08-21 10:54 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Google 2014-08-21 10:54 - 2014-08-21 10:54 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Comodo 2014-08-21 10:54 - 2014-08-21 10:54 - 00000000 ____D () C:\Users\Administrator 2014-08-21 10:54 - 2009-07-14 05:20 - 00000000 ___HD () C:\Windows\system32\GroupPolicy 2014-08-21 10:54 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\SysWOW64\GroupPolicy 2014-08-18 20:17 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\rescache 2014-08-18 17:46 - 2014-08-12 19:52 - 00000000 ____D () C:\Users\Ich\encyclios 2014-08-18 17:45 - 2014-01-24 14:57 - 00699568 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2014-08-18 17:45 - 2014-01-24 14:57 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2014-08-18 17:45 - 2014-01-24 14:57 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater 2014-08-15 19:34 - 2009-07-14 09:13 - 00000000 ___RD () C:\Users\Public\Recorded TV 2014-08-14 00:05 - 2014-03-11 13:02 - 00000407 _____ () C:\Windows\system32\checkdnsid.xml 2014-08-13 21:37 - 2014-08-13 21:37 - 01260120 _____ (BitDefender) C:\Windows\system32\Drivers\avc3.sys 2014-08-13 21:37 - 2014-01-24 02:11 - 00084848 _____ (BitDefender SRL) C:\Windows\system32\bdsandboxuiskin.dll 2014-08-13 21:36 - 2014-01-24 02:52 - 00074512 _____ (BitDefender SRL) C:\Windows\system32\bdsandboxuiskin32.dll 2014-08-13 21:36 - 2014-01-24 02:21 - 00647752 _____ (BitDefender) C:\Windows\system32\Drivers\avckf.sys 2014-08-13 21:36 - 2014-01-24 02:11 - 00419616 _____ (BitDefender S.R.L.) C:\Windows\system32\Drivers\trufos.sys 2014-08-13 21:36 - 2014-01-24 02:11 - 00034384 _____ (BitDefender SRL) C:\Windows\system32\bdsandboxuh.dll 2014-08-12 20:33 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\PolicyDefinitions 2014-08-12 20:20 - 2014-01-24 00:31 - 00000000 ____D () C:\Windows\system32\MRT 2014-08-12 20:19 - 2014-01-24 00:31 - 99218768 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe 2014-08-12 20:18 - 2014-01-24 13:44 - 00000000 ____D () C:\ProgramData\Microsoft Help 2014-08-12 20:13 - 2014-08-12 19:52 - 00000000 ____D () C:\Users\Ich\fungi2014 2014-08-12 19:51 - 2014-08-12 19:51 - 00001207 _____ () C:\Users\Public\Desktop\Atlas of Clinical Fungi.lnk 2014-08-12 19:51 - 2014-08-12 19:51 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Atlas of Clinical Fungi 2014-08-12 19:51 - 2014-08-12 19:50 - 00000000 ____D () C:\Program Files (x86)\Atlas of Clinical Fungi 2014-08-12 01:05 - 2014-08-12 01:05 - 15798272 _____ () C:\Users\Ich\Documents\ereignisdat2.evtx 2014-08-12 01:04 - 2014-08-12 01:04 - 12652544 _____ () C:\Users\Ich\Documents\ereignisdat.evtx 2014-08-12 00:12 - 2014-08-12 00:05 - 00000000 ____D () C:\Windows\System32\Tasks\Aufgaben der Ereignisanzeige 2014-08-09 21:30 - 2014-08-09 21:30 - 00000000 ____D () C:\Users\Ich\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1 2014-08-09 21:30 - 2014-08-09 21:30 - 00000000 ____D () C:\Users\Ich\AppData\Roaming\chc 2014-08-09 16:10 - 2014-08-09 16:10 - 00007602 _____ () C:\Users\Ich\AppData\Local\Resmon.ResmonCfg Some content of TEMP: ==================== C:\Users\Ich\AppData\Local\Temp\Quarantine.exe ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\System32\winlogon.exe => File is digitally signed C:\Windows\System32\wininit.exe => File is digitally signed C:\Windows\SysWOW64\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\System32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\System32\services.exe => File is digitally signed C:\Windows\System32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\System32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\System32\rpcss.dll => File is digitally signed C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2014-09-06 18:40 ==================== End Of Log ============================ Grüße, Jascha |
|
09.09.2014, 20:35
| #9 |
| /// the machine /// TB-Ausbilder | PUP.Optional.Multiplug und andere InfektionenESET Online Scanner
Downloade Dir bitte  SecurityCheck und:
und ein frisches FRST log bitte. Noch Probleme? 
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
10.09.2014, 07:50
| #10 |
| | PUP.Optional.Multiplug und andere Infektionen Hallo, irgendwie hat ESET kein Log-File generiert, allerdings hat der Scanner nur die Google-Toolbar, integriert in ein cCleaner-Update und ein Downloader für Paup, der noch auf der externen Platte war (aber nie gestartet wurde), gefunden, ansonsten wurde nix angezeigt. Dann hier der Log von SecurityCheck: Code:
ATTFilter Results of screen317's Security Check version 0.99.87
Windows 7 Service Pack 1 x64 (UAC is enabled)
Internet Explorer 11
``````````````Antivirus/Firewall Check:``````````````
Bitdefender Antivirus
Antivirus up to date!
`````````Anti-malware/Other Utilities Check:`````````
Java version out of Date!
Adobe Flash Player 15.0.0.152
Adobe Reader XI
Mozilla Firefox (32.0)
````````Process Check: objlist.exe by Laurent````````
Bitdefender Bitdefender vsserv.exe
Bitdefender Bitdefender updatesrv.exe
Bitdefender Bitdefender bdagent.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C:
````````````````````End of Log``````````````````````
FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 07-09-2014 01
Ran by Ich (administrator) on MINE on 10-09-2014 08:37:42
Running from C:\Users\Ich\Downloads
Platform: Windows 7 Enterprise Service Pack 1 (X64) OS Language: Englisch (USA)
Internet Explorer Version 11
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Bitdefender) C:\Program Files\Bitdefender\Bitdefender\vsserv.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Bitdefender) C:\Program Files\Bitdefender\Bitdefender\updatesrv.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Bitdefender) C:\Program Files\Bitdefender\Bitdefender\bdagent.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
HKLM\...\Run: [Bdagent] => C:\Program Files\Bitdefender\Bitdefender\bdagent.exe [1743088 2014-08-13] (Bitdefender)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [472984 2013-12-10] (Adobe Systems Incorporated)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2403104 2014-07-25] (NVIDIA Corporation)
HKLM-x32\...\Run: [AdobeCS5.5ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe [1523360 2011-01-12] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-12-21] (Adobe Systems Incorporated)
HKU\.DEFAULT\...\Run: [Bitdefender Wallet Agent] => C:\Program Files\Bitdefender\Bitdefender\pmbxag.exe [568400 2014-08-13] (Bitdefender)
HKU\.DEFAULT\...\Run: [Bitdefender Wallet] => C:\Program Files\Bitdefender\Bitdefender\pwdmanui.exe [1002048 2014-08-13] (Bitdefender)
HKU\.DEFAULT\...\Run: [Bitdefender Wallet Application Agent] => C:\Program Files\Bitdefender\Bitdefender\antispam32\bdapppassmgr.exe [615256 2014-08-13] (Bitdefender)
BootExecute: autocheck autochk * sdnclean64.exe
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
ProxyServer: localhost:8080
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
BHO: Bitdefender Wallet -> {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} -> C:\Program Files\Bitdefender\Bitdefender\pmbxie.dll (Bitdefender)
BHO: Citavi Picker -> {609D670F-B735-4da7-AC6D-F3BD358E325E} -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_20\bin\ssv.dll (Oracle Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_20\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: Bitdefender Wallet -> {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} -> C:\Program Files\Bitdefender\Bitdefender\Antispam32\pmbxie.dll (Bitdefender)
BHO-x32: Citavi Picker -> {609D670F-B735-4da7-AC6D-F3BD358E325E} -> C:\Windows\SysWOW64\mscoree.dll (Microsoft Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
FireFox:
========
FF ProfilePath: C:\Users\Ich\AppData\Roaming\Mozilla\Firefox\Profiles\quh1ckxf.default
FF Homepage: about:home
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_152.dll ()
FF Plugin: @java.com/DTPlugin,version=11.20.2 -> C:\Program Files\Java\jre1.8.0_20\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.20.2 -> C:\Program Files\Java\jre1.8.0_20\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll (Adobe Systems)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_152.dll ()
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: YouTube Unblocker - C:\Users\Ich\AppData\Roaming\Mozilla\Firefox\Profiles\quh1ckxf.default\Extensions\youtubeunblocker@unblocker.yt [2014-05-01]
FF Extension: Deutsch (DE) Language Pack - C:\Users\Ich\AppData\Roaming\Mozilla\Firefox\Profiles\quh1ckxf.default\Extensions\langpack-de@firefox.mozilla.org.xpi [2014-08-24]
FF Extension: English (GB) Language Pack - C:\Users\Ich\AppData\Roaming\Mozilla\Firefox\Profiles\quh1ckxf.default\Extensions\langpack-en-GB@firefox.mozilla.org.xpi [2014-08-24]
FF Extension: Adblock Plus - C:\Users\Ich\AppData\Roaming\Mozilla\Firefox\Profiles\quh1ckxf.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-01-24]
FF HKLM\...\Thunderbird\Extensions: [bdThunderbird@bitdefender.com] - C:\Program Files\Bitdefender\Bitdefender\bdtbext
FF Extension: bdToolbar - C:\Program Files\Bitdefender\Bitdefender\bdtbext [2014-01-24]
FF HKLM-x32\...\Firefox\Extensions: [ffpwdman@bitdefender.com] - C:\Program Files\Bitdefender\Bitdefender\Antispam32\ffpwdman
FF Extension: Bitdefender Wallet - C:\Program Files\Bitdefender\Bitdefender\Antispam32\ffpwdman [2014-01-24]
FF HKLM-x32\...\Firefox\Extensions: [{8AA36F4F-6DC7-4c06-77AF-5035170634FE}] - C:\ProgramData\Swiss Academic Software\Citavi Picker\Firefox
FF Extension: Citavi Picker - C:\ProgramData\Swiss Academic Software\Citavi Picker\Firefox [2014-05-02]
FF HKLM-x32\...\Thunderbird\Extensions: [bdThunderbird@bitdefender.com] - C:\Program Files\Bitdefender\Bitdefender\bdtbext
Chrome:
=======
CHR HKLM-x32\...\Chrome\Extension: [ccahoghmggldkcdjiebjkidpfongdfbl] - C:\Program Files\Bitdefender\Bitdefender\Antispam32\pmbxcr.crx [2014-03-10]
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
==================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
S4 BdDesktopParental; C:\Program Files\Bitdefender\Bitdefender\bdparentalservice.exe [77632 2014-08-13] (Bitdefender)
S2 MBAMScheduler; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe [1809720 2014-05-12] (Malwarebytes Corporation)
S2 MBAMService; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [860472 2014-05-12] (Malwarebytes Corporation)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1720608 2014-07-25] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [18956064 2014-07-25] (NVIDIA Corporation)
S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]
R2 UPDATESRV; C:\Program Files\Bitdefender\Bitdefender\updatesrv.exe [67320 2014-08-13] (Bitdefender)
R2 VSSERV; C:\Program Files\Bitdefender\Bitdefender\vsserv.exe [1528896 2014-08-13] (Bitdefender)
S2 WLMS; C:\Windows\system32\wlms\wlms.exe [19456 2009-07-14] (Microsoft Corporation)
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R0 avc3; C:\Windows\System32\DRIVERS\avc3.sys [1260120 2014-08-13] (BitDefender)
R3 avchv; C:\Windows\System32\DRIVERS\avchv.sys [261056 2012-11-02] (BitDefender)
R3 avckf; C:\Windows\System32\DRIVERS\avckf.sys [647752 2014-08-13] (BitDefender)
R1 BdfNdisf; c:\program files\common files\bitdefender\bitdefender firewall\bdfndisf6.sys [93600 2014-05-22] (BitDefender LLC)
R1 bdfwfpf; C:\Program Files\Common Files\Bitdefender\Bitdefender Firewall\bdfwfpf.sys [103504 2011-11-14] (BitDefender LLC)
S3 bdfwfpf_pc; C:\Program Files\Common Files\Bitdefender\Bitdefender Firewall\bdfwfpf_pc.sys [121928 2013-07-02] (Bitdefender SRL)
S3 BDSandBox; C:\Windows\system32\drivers\bdsandbox.sys [82824 2013-11-04] (BitDefender SRL)
R3 ffusb2audio; C:\Windows\System32\DRIVERS\ffusb2audio.sys [127280 2013-09-25] (Focusrite Audio Engineering Limited.)
R0 gzflt; C:\Windows\System32\DRIVERS\gzflt.sys [150256 2013-08-23] (BitDefender LLC)
S3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-05-12] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-05-12] (Malwarebytes Corporation)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [20256 2014-07-25] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [40392 2014-03-31] (NVIDIA Corporation)
R0 trufos; C:\Windows\System32\DRIVERS\trufos.sys [419616 2014-08-13] (BitDefender S.R.L.)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X]
S3 tsusbhub; system32\drivers\tsusbhub.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-09-10 08:36 - 2014-09-10 08:36 - 00000828 _____ () C:\Users\Ich\Desktop\checkup.txt
2014-09-09 22:15 - 2014-09-09 22:15 - 02347384 _____ (ESET) C:\Users\Ich\Downloads\esetsmartinstaller_deu.exe
2014-09-09 22:15 - 2014-09-09 22:15 - 00854417 _____ () C:\Users\Ich\Desktop\SecurityCheck.exe
2014-09-09 20:38 - 2014-09-10 08:37 - 00012483 _____ () C:\Users\Ich\Downloads\FRST.txt
2014-09-09 20:38 - 2014-09-09 20:38 - 00000000 ____D () C:\Users\Ich\Downloads\FRST-OlderVersion
2014-09-09 17:52 - 2014-09-09 21:46 - 00000504 _____ () C:\Windows\setupact.log
2014-09-09 17:52 - 2014-09-09 17:52 - 00000000 _____ () C:\Windows\setuperr.log
2014-09-09 00:05 - 2014-09-09 00:05 - 00000000 ____D () C:\Users\Ich\AppData\Roaming\QuickScan
2014-09-08 22:26 - 2014-09-08 22:27 - 00000085 _____ () C:\Windows\wininit.ini
2014-09-08 22:16 - 2014-09-08 22:17 - 00000000 ____D () C:\Users\Ich\Desktop\Log2
2014-09-08 21:37 - 2014-09-08 21:37 - 00000000 ____D () C:\Windows\ERUNT
2014-09-08 21:09 - 2014-09-08 21:09 - 01016261 _____ (Thisisu) C:\Users\Ich\Desktop\JRT.exe
2014-09-08 21:08 - 2014-09-08 21:08 - 01370483 _____ () C:\Users\Ich\Desktop\adwcleaner_3.309(1).exe
2014-09-07 20:12 - 2011-06-26 08:45 - 00256000 _____ () C:\Windows\PEV.exe
2014-09-07 20:12 - 2010-11-07 19:20 - 00208896 _____ () C:\Windows\MBR.exe
2014-09-07 20:12 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2014-09-07 20:12 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2014-09-07 20:12 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2014-09-07 20:12 - 2000-08-31 02:00 - 00098816 _____ () C:\Windows\sed.exe
2014-09-07 20:12 - 2000-08-31 02:00 - 00080412 _____ () C:\Windows\grep.exe
2014-09-07 20:12 - 2000-08-31 02:00 - 00068096 _____ () C:\Windows\zip.exe
2014-09-07 20:10 - 2014-09-07 20:24 - 00000000 ____D () C:\Qoobox
2014-09-07 20:09 - 2014-09-07 20:22 - 00000000 ____D () C:\Windows\erdnt
2014-09-07 20:07 - 2014-09-07 20:07 - 05576440 ____R (Swearware) C:\Users\Ich\Desktop\ComboFix.exe
2014-09-07 13:07 - 2014-09-07 13:07 - 00031771 _____ () C:\Users\Ich\Downloads\Addition.txt
2014-09-06 23:26 - 2014-09-06 23:35 - 00000000 ____D () C:\Windows\Minidump
2014-09-06 22:56 - 2014-09-10 08:37 - 00000000 ____D () C:\FRST
2014-09-06 22:47 - 2014-09-09 20:38 - 02105344 _____ (Farbar) C:\Users\Ich\Downloads\FRST64.exe
2014-09-06 22:47 - 2014-09-06 22:47 - 00380416 _____ () C:\Users\Ich\Downloads\4mr1c7mt.exe
2014-09-06 19:45 - 2014-09-06 19:45 - 00254858 _____ () C:\Users\Ich\AppData\Local\census.cache
2014-09-06 19:45 - 2014-09-06 19:45 - 00103849 _____ () C:\Users\Ich\AppData\Local\ars.cache
2014-09-06 14:15 - 2014-09-06 14:15 - 02405664 _____ (Trend Micro Inc.) C:\Users\Ich\Downloads\HousecallLauncher64.exe
2014-09-06 14:15 - 2014-09-06 14:15 - 00416576 _____ (Kaspersky Lab) C:\Users\Ich\Downloads\de-de.setup.exe
2014-09-06 14:15 - 2014-09-06 14:15 - 00000036 _____ () C:\Users\Ich\AppData\Local\housecall.guid.cache
2014-09-06 14:03 - 2014-09-06 14:03 - 00602112 _____ (OldTimer Tools) C:\Users\Ich\Desktop\OTL.exe
2014-09-06 11:58 - 2014-09-08 21:32 - 00000000 ____D () C:\AdwCleaner
2014-09-06 11:22 - 2014-09-06 11:22 - 00688992 ____R (Swearware) C:\Users\Ich\Downloads\dds.scr
2014-09-06 10:28 - 2014-09-06 10:28 - 02365840 _____ () C:\Users\Ich\Downloads\SecurityTaskManager_Setup.exe
2014-09-06 10:23 - 2014-09-06 10:23 - 00540072 _____ (Neuber Software) C:\Users\Ich\Downloads\SvchostAnalyzer.exe
2014-09-05 18:29 - 2014-09-05 18:29 - 00000000 ____D () C:\Users\Ich\Documents\ProcAlyzer Dumps
2014-09-05 17:57 - 2014-09-05 17:57 - 00000000 ____D () C:\Windows\System32\Tasks\Safer-Networking
2014-09-05 17:56 - 2014-09-08 22:27 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2014-09-05 17:56 - 2014-09-08 22:27 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy 2
2014-09-05 17:54 - 2014-09-05 17:55 - 46525608 _____ (Safer-Networking Ltd. ) C:\Users\Ich\Downloads\spybot-2.4.exe
2014-09-05 17:18 - 2014-09-09 22:27 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-09-05 17:17 - 2014-09-05 17:17 - 00001106 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-09-05 17:17 - 2014-09-05 17:17 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-09-05 17:17 - 2014-09-05 17:17 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware
2014-09-05 17:17 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-09-05 17:17 - 2014-05-12 07:26 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-09-05 17:17 - 2014-05-12 07:25 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-09-05 17:16 - 2014-09-05 17:17 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Ich\Downloads\mbam-setup-2.0.2.1012.exe
2014-09-05 13:43 - 2014-09-06 10:14 - 00001326 _____ () C:\Windows\Tasks\MQDC-job-furz
2014-09-03 19:45 - 2014-09-03 19:45 - 04870145 _____ () C:\Users\Ich\Downloads\Lemmings_en.zip
2014-09-02 21:22 - 2014-09-06 14:54 - 00002517 _____ () C:\Users\Public\Desktop\Skype.lnk
2014-09-02 21:22 - 2014-09-06 14:54 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2014-09-02 21:22 - 2014-09-02 23:55 - 00000000 ____D () C:\Users\Ich\AppData\Roaming\Skype
2014-09-02 21:22 - 2014-09-02 21:22 - 00000000 ___RD () C:\Program Files (x86)\Skype
2014-09-02 21:22 - 2014-09-02 21:22 - 00000000 ____D () C:\Users\Ich\AppData\Local\Skype
2014-09-02 21:21 - 2014-09-06 14:54 - 00000000 ____D () C:\ProgramData\Skype
2014-09-02 21:20 - 2014-09-02 21:20 - 01677928 _____ (Skype Technologies S.A.) C:\Users\Ich\Downloads\SkypeSetup.exe
2014-09-02 20:00 - 2014-09-02 20:00 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-08-30 12:42 - 2014-08-30 12:42 - 00109280 _____ () C:\Users\Ich\AppData\Local\GDIPFONTCACHEV1.DAT
2014-08-30 10:58 - 2014-08-30 11:00 - 04966568 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-08-29 15:40 - 2014-08-29 15:41 - 06224233 _____ () C:\Users\Ich\Downloads\Kokusnu__pilz.zip
2014-08-29 12:49 - 2014-08-23 04:07 - 00404480 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2014-08-29 12:49 - 2014-08-23 03:45 - 00311808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2014-08-29 12:49 - 2014-08-23 02:59 - 03163648 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-08-24 21:51 - 2014-08-24 21:51 - 00000967 _____ () C:\Users\Public\Desktop\MEGA6.lnk
2014-08-24 21:51 - 2014-08-24 21:51 - 00000000 ____D () C:\Users\Ich\AppData\Roaming\MEGA6_6140226
2014-08-24 21:51 - 2014-08-24 21:51 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MEGA6
2014-08-24 21:51 - 2014-08-24 21:51 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ImageMagick 6.7.5 Q16
2014-08-24 21:51 - 2014-08-24 21:51 - 00000000 ____D () C:\Program Files (x86)\MEGA6
2014-08-21 11:19 - 2014-08-21 11:19 - 00111016 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge-64.dll
2014-08-21 11:19 - 2014-08-21 11:19 - 00000000 ____D () C:\Program Files\Java
2014-08-21 10:54 - 2014-08-21 11:09 - 00000000 ____D () C:\ProgramData\89862a08bda44ad
2014-08-21 10:54 - 2014-08-21 10:54 - 00000394 __RSH () C:\ProgramData\ntuser.pol
2014-08-21 10:54 - 2014-08-21 10:54 - 00000000 ____D () C:\Users\Administrator
2014-08-18 17:52 - 2014-09-10 02:00 - 00000000 ____D () C:\Users\Ich\AppData\Local\Adobe
2014-08-13 21:37 - 2014-08-13 21:37 - 01260120 _____ (BitDefender) C:\Windows\system32\Drivers\avc3.sys
2014-08-12 20:15 - 2014-07-01 00:24 - 00008856 _____ (Microsoft Corporation) C:\Windows\system32\icardres.dll
2014-08-12 20:15 - 2014-07-01 00:14 - 00008856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardres.dll
2014-08-12 20:15 - 2014-06-06 08:16 - 00035480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TsWpfWrp.exe
2014-08-12 20:15 - 2014-06-06 08:12 - 00035480 _____ (Microsoft Corporation) C:\Windows\system32\TsWpfWrp.exe
2014-08-12 20:15 - 2014-03-09 23:48 - 01389208 _____ (Microsoft Corporation) C:\Windows\system32\icardagt.exe
2014-08-12 20:15 - 2014-03-09 23:48 - 00171160 _____ (Microsoft Corporation) C:\Windows\system32\infocardapi.dll
2014-08-12 20:15 - 2014-03-09 23:47 - 00619672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardagt.exe
2014-08-12 20:15 - 2014-03-09 23:47 - 00099480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\infocardapi.dll
2014-08-12 20:00 - 2014-08-01 01:41 - 00348856 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-08-12 20:00 - 2014-08-01 01:16 - 00307384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-08-12 20:00 - 2014-07-25 16:52 - 23645696 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-08-12 20:00 - 2014-07-25 16:02 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-08-12 20:00 - 2014-07-25 16:01 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-08-12 20:00 - 2014-07-25 15:51 - 17524224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-08-12 20:00 - 2014-07-25 15:30 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-08-12 20:00 - 2014-07-25 15:28 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-08-12 20:00 - 2014-07-25 15:28 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-08-12 20:00 - 2014-07-25 15:25 - 02774528 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-08-12 20:00 - 2014-07-25 15:25 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-08-12 20:00 - 2014-07-25 15:11 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-08-12 20:00 - 2014-07-25 15:10 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-08-12 20:00 - 2014-07-25 15:04 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-08-12 20:00 - 2014-07-25 15:03 - 00598016 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-08-12 20:00 - 2014-07-25 15:00 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-08-12 20:00 - 2014-07-25 15:00 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-08-12 20:00 - 2014-07-25 14:59 - 00758272 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-08-12 20:00 - 2014-07-25 14:47 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-08-12 20:00 - 2014-07-25 14:40 - 00452096 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-08-12 20:00 - 2014-07-25 14:34 - 00455168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-08-12 20:00 - 2014-07-25 14:34 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-08-12 20:00 - 2014-07-25 14:33 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-08-12 20:00 - 2014-07-25 14:30 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-08-12 20:00 - 2014-07-25 14:28 - 05824512 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-08-12 20:00 - 2014-07-25 14:28 - 00072704 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-08-12 20:00 - 2014-07-25 14:21 - 02184704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-08-12 20:00 - 2014-07-25 14:19 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-08-12 20:00 - 2014-07-25 14:18 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-08-12 20:00 - 2014-07-25 14:17 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-08-12 20:00 - 2014-07-25 14:17 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-08-12 20:00 - 2014-07-25 14:12 - 00438784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-08-12 20:00 - 2014-07-25 14:10 - 00292864 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-08-12 20:00 - 2014-07-25 14:10 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-08-12 20:00 - 2014-07-25 14:08 - 00597504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-08-12 20:00 - 2014-07-25 14:06 - 04204032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-08-12 20:00 - 2014-07-25 13:52 - 00367104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-08-12 20:00 - 2014-07-25 13:47 - 00631808 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-08-12 20:00 - 2014-07-25 13:43 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-08-12 20:00 - 2014-07-25 13:42 - 00692736 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-08-12 20:00 - 2014-07-25 13:39 - 02087936 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-08-12 20:00 - 2014-07-25 13:39 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-08-12 20:00 - 2014-07-25 13:36 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-08-12 20:00 - 2014-07-25 13:34 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-08-12 20:00 - 2014-07-25 13:29 - 00239616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-08-12 20:00 - 2014-07-25 13:23 - 13547008 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-08-12 20:00 - 2014-07-25 13:13 - 00526336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-08-12 20:00 - 2014-07-25 13:07 - 02001920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-08-12 20:00 - 2014-07-25 13:07 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-08-12 20:00 - 2014-07-25 13:03 - 11772928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-08-12 20:00 - 2014-07-25 12:52 - 02266624 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-08-12 20:00 - 2014-07-25 12:26 - 01431040 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-08-12 20:00 - 2014-07-25 12:17 - 00846336 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-08-12 20:00 - 2014-07-25 12:09 - 00704512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-08-12 20:00 - 2014-07-25 12:05 - 01792512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-08-12 20:00 - 2014-07-25 12:00 - 01169920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-08-12 20:00 - 2014-07-16 05:23 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2014-08-12 20:00 - 2014-07-16 04:46 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2014-08-12 20:00 - 2014-07-09 04:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDYAK.DLL
2014-08-12 20:00 - 2014-07-09 04:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDTAT.DLL
2014-08-12 20:00 - 2014-07-09 04:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDRU1.DLL
2014-08-12 20:00 - 2014-07-09 04:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDBASH.DLL
2014-08-12 20:00 - 2014-07-09 04:03 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\KBDRU.DLL
2014-08-12 20:00 - 2014-07-09 03:31 - 00007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDYAK.DLL
2014-08-12 20:00 - 2014-07-09 03:31 - 00007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDTAT.DLL
2014-08-12 20:00 - 2014-07-09 03:31 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDRU1.DLL
2014-08-12 20:00 - 2014-07-09 03:31 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDRU.DLL
2014-08-12 20:00 - 2014-07-09 03:31 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDBASH.DLL
2014-08-12 20:00 - 2014-07-09 00:38 - 00419992 _____ () C:\Windows\system32\locale.nls
2014-08-12 20:00 - 2014-07-09 00:30 - 00419992 _____ () C:\Windows\SysWOW64\locale.nls
2014-08-12 20:00 - 2014-06-25 04:05 - 14175744 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2014-08-12 20:00 - 2014-06-25 03:41 - 12874240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2014-08-12 20:00 - 2014-06-16 04:10 - 00985536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys
2014-08-12 20:00 - 2014-06-03 12:02 - 03241984 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2014-08-12 20:00 - 2014-06-03 12:02 - 01941504 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2014-08-12 20:00 - 2014-06-03 12:02 - 00504320 _____ (Microsoft Corporation) C:\Windows\system32\msihnd.dll
2014-08-12 20:00 - 2014-06-03 12:02 - 00112064 _____ (Microsoft Corporation) C:\Windows\system32\consent.exe
2014-08-12 20:00 - 2014-06-03 11:29 - 02363392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2014-08-12 20:00 - 2014-06-03 11:29 - 01805824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2014-08-12 20:00 - 2014-06-03 11:29 - 00337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msihnd.dll
2014-08-12 19:59 - 2014-07-14 04:02 - 01216000 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2014-08-12 19:59 - 2014-07-14 03:40 - 00664064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2014-08-12 19:52 - 2014-08-18 17:46 - 00000000 ____D () C:\Users\Ich\encyclios
2014-08-12 19:52 - 2014-08-12 20:13 - 00000000 ____D () C:\Users\Ich\fungi2014
2014-08-12 19:51 - 2014-08-12 19:51 - 00001207 _____ () C:\Users\Public\Desktop\Atlas of Clinical Fungi.lnk
2014-08-12 19:51 - 2014-08-12 19:51 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Atlas of Clinical Fungi
2014-08-12 19:50 - 2014-08-12 19:51 - 00000000 ____D () C:\Program Files (x86)\Atlas of Clinical Fungi
2014-08-12 01:05 - 2014-08-12 01:05 - 15798272 _____ () C:\Users\Ich\Documents\ereignisdat2.evtx
2014-08-12 01:04 - 2014-08-12 01:04 - 12652544 _____ () C:\Users\Ich\Documents\ereignisdat.evtx
2014-08-12 00:05 - 2014-08-12 00:12 - 00000000 ____D () C:\Windows\System32\Tasks\Aufgaben der Ereignisanzeige
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-09-10 08:38 - 2014-09-09 20:38 - 00012483 _____ () C:\Users\Ich\Downloads\FRST.txt
2014-09-10 08:37 - 2014-09-06 22:56 - 00000000 ____D () C:\FRST
2014-09-10 08:36 - 2014-09-10 08:36 - 00000828 _____ () C:\Users\Ich\Desktop\checkup.txt
2014-09-10 08:34 - 2014-01-23 23:27 - 01156807 _____ () C:\Windows\WindowsUpdate.log
2014-09-10 08:07 - 2014-01-24 14:57 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-09-10 02:00 - 2014-08-18 17:52 - 00000000 ____D () C:\Users\Ich\AppData\Local\Adobe
2014-09-09 22:27 - 2014-09-05 17:18 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-09-09 22:20 - 2014-01-24 02:00 - 00696528 _____ () C:\Windows\system32\perfh007.dat
2014-09-09 22:20 - 2014-01-24 02:00 - 00148496 _____ () C:\Windows\system32\perfc007.dat
2014-09-09 22:20 - 2009-07-14 07:13 - 01618320 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-09-09 22:15 - 2014-09-09 22:15 - 02347384 _____ (ESET) C:\Users\Ich\Downloads\esetsmartinstaller_deu.exe
2014-09-09 22:15 - 2014-09-09 22:15 - 00854417 _____ () C:\Users\Ich\Desktop\SecurityCheck.exe
2014-09-09 22:07 - 2014-01-24 14:57 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-09-09 22:07 - 2014-01-24 14:57 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-09-09 22:07 - 2014-01-24 14:57 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-09-09 21:51 - 2009-07-14 06:45 - 00016448 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-09-09 21:51 - 2009-07-14 06:45 - 00016448 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-09-09 21:46 - 2014-09-09 17:52 - 00000504 _____ () C:\Windows\setupact.log
2014-09-09 21:45 - 2014-01-24 01:28 - 00000000 ____D () C:\ProgramData\NVIDIA
2014-09-09 21:45 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-09-09 20:38 - 2014-09-09 20:38 - 00000000 ____D () C:\Users\Ich\Downloads\FRST-OlderVersion
2014-09-09 20:38 - 2014-09-06 22:47 - 02105344 _____ (Farbar) C:\Users\Ich\Downloads\FRST64.exe
2014-09-09 17:52 - 2014-09-09 17:52 - 00000000 _____ () C:\Windows\setuperr.log
2014-09-09 00:05 - 2014-09-09 00:05 - 00000000 ____D () C:\Users\Ich\AppData\Roaming\QuickScan
2014-09-08 23:46 - 2014-05-25 18:14 - 00000000 ____D () C:\Users\Ich\AppData\Local\PokerStars.EU
2014-09-08 22:27 - 2014-09-08 22:26 - 00000085 _____ () C:\Windows\wininit.ini
2014-09-08 22:27 - 2014-09-05 17:56 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2014-09-08 22:27 - 2014-09-05 17:56 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy 2
2014-09-08 22:23 - 2014-08-09 16:10 - 00007602 _____ () C:\Users\Ich\AppData\Local\Resmon.ResmonCfg
2014-09-08 22:17 - 2014-09-08 22:16 - 00000000 ____D () C:\Users\Ich\Desktop\Log2
2014-09-08 21:37 - 2014-09-08 21:37 - 00000000 ____D () C:\Windows\ERUNT
2014-09-08 21:32 - 2014-09-06 11:58 - 00000000 ____D () C:\AdwCleaner
2014-09-08 21:09 - 2014-09-08 21:09 - 01016261 _____ (Thisisu) C:\Users\Ich\Desktop\JRT.exe
2014-09-08 21:08 - 2014-09-08 21:08 - 01370483 _____ () C:\Users\Ich\Desktop\adwcleaner_3.309(1).exe
2014-09-08 00:51 - 2009-07-14 07:08 - 00032620 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-09-07 21:44 - 2014-01-23 23:35 - 00000000 ____D () C:\Users\Ich
2014-09-07 20:57 - 2014-05-02 12:11 - 00000000 ____D () C:\Users\Ich\Documents\Citavi 4
2014-09-07 20:24 - 2014-09-07 20:10 - 00000000 ____D () C:\Qoobox
2014-09-07 20:22 - 2014-09-07 20:09 - 00000000 ____D () C:\Windows\erdnt
2014-09-07 20:22 - 2009-07-14 04:34 - 00000215 _____ () C:\Windows\system.ini
2014-09-07 20:07 - 2014-09-07 20:07 - 05576440 ____R (Swearware) C:\Users\Ich\Desktop\ComboFix.exe
2014-09-07 13:07 - 2014-09-07 13:07 - 00031771 _____ () C:\Users\Ich\Downloads\Addition.txt
2014-09-06 23:35 - 2014-09-06 23:26 - 00000000 ____D () C:\Windows\Minidump
2014-09-06 22:47 - 2014-09-06 22:47 - 00380416 _____ () C:\Users\Ich\Downloads\4mr1c7mt.exe
2014-09-06 19:45 - 2014-09-06 19:45 - 00254858 _____ () C:\Users\Ich\AppData\Local\census.cache
2014-09-06 19:45 - 2014-09-06 19:45 - 00103849 _____ () C:\Users\Ich\AppData\Local\ars.cache
2014-09-06 14:54 - 2014-09-02 21:22 - 00002517 _____ () C:\Users\Public\Desktop\Skype.lnk
2014-09-06 14:54 - 2014-09-02 21:22 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2014-09-06 14:54 - 2014-09-02 21:21 - 00000000 ____D () C:\ProgramData\Skype
2014-09-06 14:39 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\system32\NDF
2014-09-06 14:15 - 2014-09-06 14:15 - 02405664 _____ (Trend Micro Inc.) C:\Users\Ich\Downloads\HousecallLauncher64.exe
2014-09-06 14:15 - 2014-09-06 14:15 - 00416576 _____ (Kaspersky Lab) C:\Users\Ich\Downloads\de-de.setup.exe
2014-09-06 14:15 - 2014-09-06 14:15 - 00000036 _____ () C:\Users\Ich\AppData\Local\housecall.guid.cache
2014-09-06 14:03 - 2014-09-06 14:03 - 00602112 _____ (OldTimer Tools) C:\Users\Ich\Desktop\OTL.exe
2014-09-06 11:44 - 2014-01-24 14:05 - 00000000 ____D () C:\Program Files (x86)\Adobe
2014-09-06 11:22 - 2014-09-06 11:22 - 00688992 ____R (Swearware) C:\Users\Ich\Downloads\dds.scr
2014-09-06 10:28 - 2014-09-06 10:28 - 02365840 _____ () C:\Users\Ich\Downloads\SecurityTaskManager_Setup.exe
2014-09-06 10:23 - 2014-09-06 10:23 - 00540072 _____ (Neuber Software) C:\Users\Ich\Downloads\SvchostAnalyzer.exe
2014-09-06 10:14 - 2014-09-05 13:43 - 00001326 _____ () C:\Windows\Tasks\MQDC-job-furz
2014-09-05 18:29 - 2014-09-05 18:29 - 00000000 ____D () C:\Users\Ich\Documents\ProcAlyzer Dumps
2014-09-05 17:57 - 2014-09-05 17:57 - 00000000 ____D () C:\Windows\System32\Tasks\Safer-Networking
2014-09-05 17:55 - 2014-09-05 17:54 - 46525608 _____ (Safer-Networking Ltd. ) C:\Users\Ich\Downloads\spybot-2.4.exe
2014-09-05 17:33 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\AppCompat
2014-09-05 17:17 - 2014-09-05 17:17 - 00001106 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-09-05 17:17 - 2014-09-05 17:17 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-09-05 17:17 - 2014-09-05 17:17 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware
2014-09-05 17:17 - 2014-09-05 17:16 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Ich\Downloads\mbam-setup-2.0.2.1012.exe
2014-09-04 17:28 - 2014-01-24 13:12 - 00000000 ____D () C:\Users\Ich\AppData\Roaming\Adobe
2014-09-04 16:36 - 2014-05-24 10:53 - 00000000 ____D () C:\Users\Ich\Documents\mega_cache_6140226
2014-09-03 19:45 - 2014-09-03 19:45 - 04870145 _____ () C:\Users\Ich\Downloads\Lemmings_en.zip
2014-09-03 08:32 - 2014-01-24 02:03 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-09-03 00:08 - 2014-07-06 17:25 - 00000000 ____D () C:\Users\Ich\Documents\psynetic-gifx
2014-09-02 23:55 - 2014-09-02 21:22 - 00000000 ____D () C:\Users\Ich\AppData\Roaming\Skype
2014-09-02 21:22 - 2014-09-02 21:22 - 00000000 ___RD () C:\Program Files (x86)\Skype
2014-09-02 21:22 - 2014-09-02 21:22 - 00000000 ____D () C:\Users\Ich\AppData\Local\Skype
2014-09-02 21:20 - 2014-09-02 21:20 - 01677928 _____ (Skype Technologies S.A.) C:\Users\Ich\Downloads\SkypeSetup.exe
2014-09-02 20:00 - 2014-09-02 20:00 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-08-30 12:42 - 2014-08-30 12:42 - 00109280 _____ () C:\Users\Ich\AppData\Local\GDIPFONTCACHEV1.DAT
2014-08-30 11:00 - 2014-08-30 10:58 - 04966568 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-08-30 00:38 - 2014-01-24 14:55 - 00000822 _____ () C:\Users\Public\Desktop\CCleaner.lnk
2014-08-30 00:38 - 2014-01-24 14:55 - 00000000 ____D () C:\Program Files\CCleaner
2014-08-29 22:21 - 2014-05-25 18:14 - 00000000 ____D () C:\Program Files (x86)\PokerStars.EU
2014-08-29 16:13 - 2014-05-23 20:08 - 00000000 ____D () C:\Users\Ich\AppData\Roaming\MEGA_Global
2014-08-29 15:41 - 2014-08-29 15:40 - 06224233 _____ () C:\Users\Ich\Downloads\Kokusnu__pilz.zip
2014-08-24 21:51 - 2014-08-24 21:51 - 00000967 _____ () C:\Users\Public\Desktop\MEGA6.lnk
2014-08-24 21:51 - 2014-08-24 21:51 - 00000000 ____D () C:\Users\Ich\AppData\Roaming\MEGA6_6140226
2014-08-24 21:51 - 2014-08-24 21:51 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MEGA6
2014-08-24 21:51 - 2014-08-24 21:51 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ImageMagick 6.7.5 Q16
2014-08-24 21:51 - 2014-08-24 21:51 - 00000000 ____D () C:\Program Files (x86)\MEGA6
2014-08-23 04:07 - 2014-08-29 12:49 - 00404480 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2014-08-23 03:45 - 2014-08-29 12:49 - 00311808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2014-08-23 02:59 - 2014-08-29 12:49 - 03163648 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-08-21 11:19 - 2014-08-21 11:19 - 00111016 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge-64.dll
2014-08-21 11:19 - 2014-08-21 11:19 - 00000000 ____D () C:\Program Files\Java
2014-08-21 11:19 - 2014-06-26 14:33 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-08-21 11:19 - 2014-05-24 15:28 - 00000000 ____D () C:\ProgramData\Oracle
2014-08-21 11:09 - 2014-08-21 10:54 - 00000000 ____D () C:\ProgramData\89862a08bda44ad
2014-08-21 10:54 - 2014-08-21 10:54 - 00000394 __RSH () C:\ProgramData\ntuser.pol
2014-08-21 10:54 - 2014-08-21 10:54 - 00000000 ____D () C:\Users\Administrator
2014-08-21 10:54 - 2009-07-14 05:20 - 00000000 ___HD () C:\Windows\system32\GroupPolicy
2014-08-21 10:54 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\SysWOW64\GroupPolicy
2014-08-18 20:17 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\rescache
2014-08-18 17:46 - 2014-08-12 19:52 - 00000000 ____D () C:\Users\Ich\encyclios
2014-08-15 19:34 - 2009-07-14 09:13 - 00000000 ___RD () C:\Users\Public\Recorded TV
2014-08-14 00:05 - 2014-03-11 13:02 - 00000407 _____ () C:\Windows\system32\checkdnsid.xml
2014-08-13 21:37 - 2014-08-13 21:37 - 01260120 _____ (BitDefender) C:\Windows\system32\Drivers\avc3.sys
2014-08-13 21:37 - 2014-01-24 02:11 - 00084848 _____ (BitDefender SRL) C:\Windows\system32\bdsandboxuiskin.dll
2014-08-13 21:36 - 2014-01-24 02:52 - 00074512 _____ (BitDefender SRL) C:\Windows\system32\bdsandboxuiskin32.dll
2014-08-13 21:36 - 2014-01-24 02:21 - 00647752 _____ (BitDefender) C:\Windows\system32\Drivers\avckf.sys
2014-08-13 21:36 - 2014-01-24 02:11 - 00419616 _____ (BitDefender S.R.L.) C:\Windows\system32\Drivers\trufos.sys
2014-08-13 21:36 - 2014-01-24 02:11 - 00034384 _____ (BitDefender SRL) C:\Windows\system32\bdsandboxuh.dll
2014-08-12 20:33 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
2014-08-12 20:20 - 2014-01-24 00:31 - 00000000 ____D () C:\Windows\system32\MRT
2014-08-12 20:19 - 2014-01-24 00:31 - 99218768 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-08-12 20:18 - 2014-01-24 13:44 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-08-12 20:13 - 2014-08-12 19:52 - 00000000 ____D () C:\Users\Ich\fungi2014
2014-08-12 19:51 - 2014-08-12 19:51 - 00001207 _____ () C:\Users\Public\Desktop\Atlas of Clinical Fungi.lnk
2014-08-12 19:51 - 2014-08-12 19:51 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Atlas of Clinical Fungi
2014-08-12 19:51 - 2014-08-12 19:50 - 00000000 ____D () C:\Program Files (x86)\Atlas of Clinical Fungi
2014-08-12 01:05 - 2014-08-12 01:05 - 15798272 _____ () C:\Users\Ich\Documents\ereignisdat2.evtx
2014-08-12 01:04 - 2014-08-12 01:04 - 12652544 _____ () C:\Users\Ich\Documents\ereignisdat.evtx
2014-08-12 00:12 - 2014-08-12 00:05 - 00000000 ____D () C:\Windows\System32\Tasks\Aufgaben der Ereignisanzeige
Some content of TEMP:
====================
C:\Users\Ich\AppData\Local\Temp\Quarantine.exe
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2014-09-06 18:40
==================== End Of Log ============================
Ansonsten ist mir aufgefallen, dass sich gpresult /r nicht starten lässt. Viele Grüße und einen angenehmen Tag, Jascha |
|
10.09.2014, 20:09
| #11 | |
| /// the machine /// TB-Ausbilder | PUP.Optional.Multiplug und andere Infektionen Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster. Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument Code:
ATTFilter GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
Zitat:
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
10.09.2014, 22:37
| #12 |
| | PUP.Optional.Multiplug und andere Infektionen Hey, hab noch mal ESET laufen lassen, um zu sehen was evtl. der Grund für das fehlen des Logs war und ich war letztlich einfach zu voreilig mit der Deinstallation von dem Scanner und hatte den Hacken bei Instalation nach Scan entfernen gesetzt.. .Naja, jedenfalls hier nochmal die Logs: ESET: Code:
ATTFilter ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7623
# api_version=3.0.2
# EOSSerial=ed5226eb6d97eb45a9ef9ff1e4ce944c
# engine=20091
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2014-09-10 06:38:23
# local_time=2014-09-10 08:38:23 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1031
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode_1='Bitdefender Antivirus'
# compatibility_mode=2063 16777213 66 100 5477 89083263 0 0
# compatibility_mode_1=''
# compatibility_mode=5893 16776574 100 94 19847978 162004153 0 0
# scanned=256097
# found=3
# cleaned=0
# scan_time=5246
sh=E2C028A886AA7352539DEE32CBB38770C529A76E ft=1 fh=d2aeb2930bcba9f7 vn="Win32/InstallMonetizer.AQ evtl. unerwünschte Anwendung" ac=I fn="C:\$RECYCLE.BIN\S-1-5-21-1268206590-3093409484-1136636918-1001\$R1WGMA1.exe"
sh=9AA5E59F80A95BDFC48FBB4DC9F4B7212749E67D ft=1 fh=2fe225811afcde6b vn="Win32/Bundled.Toolbar.Google.D potenziell unsichere Anwendung" ac=I fn="C:\$RECYCLE.BIN\S-1-5-21-1268206590-3093409484-1136636918-1001\$RKD4IWR.exe"
sh=1DE5D70A411EBBF4441FD569E7427CC28A4D6B13 ft=1 fh=b572351b8a033ea9 vn="Win32/Bundled.Toolbar.Google.D potenziell unsichere Anwendung" ac=I fn="C:\$RECYCLE.BIN\S-1-5-21-1268206590-3093409484-1136636918-1001\$RR18TY2.exe"
Code:
ATTFilter Results of screen317's Security Check version 0.99.87 Windows 7 Service Pack 1 x64 (UAC is enabled) Internet Explorer 11 ``````````````Antivirus/Firewall Check:`````````````` Bitdefender Antivirus Antivirus up to date! `````````Anti-malware/Other Utilities Check:````````` Java 7 Update 67 Adobe Flash Player 15.0.0.152 Adobe Reader XI Mozilla Firefox (32.0) ````````Process Check: objlist.exe by Laurent```````` Malwarebytes Anti-Malware mbamscheduler.exe Bitdefender Bitdefender vsserv.exe Bitdefender Bitdefender updatesrv.exe Bitdefender Bitdefender bdagent.exe `````````````````System Health check````````````````` Total Fragmentation on Drive C: ````````````````````End of Log`````````````````````` FRST Logfile: FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 10-09-2014 Ran by Ich (administrator) on MINE on 10-09-2014 21:00:09 Running from C:\Users\Ich\Downloads Platform: Windows 7 Enterprise Service Pack 1 (X64) OS Language: Englisch (USA) Internet Explorer Version 11 Boot Mode: Normal ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (Bitdefender) C:\Program Files\Bitdefender\Bitdefender\vsserv.exe (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe (Microsoft Corporation) C:\Windows\System32\msiexec.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe (Bitdefender) C:\Program Files\Bitdefender\Bitdefender\updatesrv.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe (Bitdefender) C:\Program Files\Bitdefender\Bitdefender\bdagent.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch HKLM\...\Run: [Bdagent] => C:\Program Files\Bitdefender\Bitdefender\bdagent.exe [1743088 2014-08-13] (Bitdefender) HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [472984 2013-12-10] (Adobe Systems Incorporated) HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2403104 2014-07-25] (NVIDIA Corporation) HKLM-x32\...\Run: [AdobeCS5.5ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe [1523360 2011-01-12] (Adobe Systems Incorporated) HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-12-21] (Adobe Systems Incorporated) HKU\.DEFAULT\...\Run: [Bitdefender Wallet Agent] => C:\Program Files\Bitdefender\Bitdefender\pmbxag.exe [568400 2014-08-13] (Bitdefender) HKU\.DEFAULT\...\Run: [Bitdefender Wallet] => C:\Program Files\Bitdefender\Bitdefender\pwdmanui.exe [1002048 2014-08-13] (Bitdefender) HKU\.DEFAULT\...\Run: [Bitdefender Wallet Application Agent] => C:\Program Files\Bitdefender\Bitdefender\antispam32\bdapppassmgr.exe [615256 2014-08-13] (Bitdefender) BootExecute: autocheck autochk * sdnclean64.exe GroupPolicy: Group Policy on Chrome detected <======= ATTENTION ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) ProxyServer: localhost:8080 HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe BHO: Bitdefender Wallet -> {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} -> C:\Program Files\Bitdefender\Bitdefender\pmbxie.dll (Bitdefender) BHO: Citavi Picker -> {609D670F-B735-4da7-AC6D-F3BD358E325E} -> C:\Windows\system32\mscoree.dll (Microsoft Corporation) BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) BHO-x32: Bitdefender Wallet -> {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} -> C:\Program Files\Bitdefender\Bitdefender\Antispam32\pmbxie.dll (Bitdefender) BHO-x32: Citavi Picker -> {609D670F-B735-4da7-AC6D-F3BD358E325E} -> C:\Windows\SysWOW64\mscoree.dll (Microsoft Corporation) BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) Tcpip\Parameters: [DhcpNameServer] 192.168.2.1 FireFox: ======== FF ProfilePath: C:\Users\Ich\AppData\Roaming\Mozilla\Firefox\Profiles\quh1ckxf.default FF Homepage: about:home FF NetworkProxy: "type", 0 FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_152.dll () FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll (Adobe Systems) FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_152.dll () FF Plugin-x32: @java.com/DTPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation) FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation) FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml FF Extension: YouTube Unblocker - C:\Users\Ich\AppData\Roaming\Mozilla\Firefox\Profiles\quh1ckxf.default\Extensions\youtubeunblocker@unblocker.yt [2014-05-01] FF Extension: Deutsch (DE) Language Pack - C:\Users\Ich\AppData\Roaming\Mozilla\Firefox\Profiles\quh1ckxf.default\Extensions\langpack-de@firefox.mozilla.org.xpi [2014-08-24] FF Extension: English (GB) Language Pack - C:\Users\Ich\AppData\Roaming\Mozilla\Firefox\Profiles\quh1ckxf.default\Extensions\langpack-en-GB@firefox.mozilla.org.xpi [2014-08-24] FF Extension: Adblock Plus - C:\Users\Ich\AppData\Roaming\Mozilla\Firefox\Profiles\quh1ckxf.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-01-24] FF HKLM\...\Thunderbird\Extensions: [bdThunderbird@bitdefender.com] - C:\Program Files\Bitdefender\Bitdefender\bdtbext FF Extension: bdToolbar - C:\Program Files\Bitdefender\Bitdefender\bdtbext [2014-01-24] FF HKLM-x32\...\Firefox\Extensions: [ffpwdman@bitdefender.com] - C:\Program Files\Bitdefender\Bitdefender\Antispam32\ffpwdman FF Extension: Bitdefender Wallet - C:\Program Files\Bitdefender\Bitdefender\Antispam32\ffpwdman [2014-01-24] FF HKLM-x32\...\Firefox\Extensions: [{8AA36F4F-6DC7-4c06-77AF-5035170634FE}] - C:\ProgramData\Swiss Academic Software\Citavi Picker\Firefox FF Extension: Citavi Picker - C:\ProgramData\Swiss Academic Software\Citavi Picker\Firefox [2014-05-02] FF HKLM-x32\...\Thunderbird\Extensions: [bdThunderbird@bitdefender.com] - C:\Program Files\Bitdefender\Bitdefender\bdtbext Chrome: ======= CHR HKLM-x32\...\Chrome\Extension: [ccahoghmggldkcdjiebjkidpfongdfbl] - C:\Program Files\Bitdefender\Bitdefender\Antispam32\pmbxcr.crx [2014-03-10] CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION ==================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) S4 BdDesktopParental; C:\Program Files\Bitdefender\Bitdefender\bdparentalservice.exe [77632 2014-08-13] (Bitdefender) R2 MBAMScheduler; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe [1809720 2014-05-12] (Malwarebytes Corporation) S2 MBAMService; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [860472 2014-05-12] (Malwarebytes Corporation) R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1720608 2014-07-25] (NVIDIA Corporation) R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [18956064 2014-07-25] (NVIDIA Corporation) S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed] R2 UPDATESRV; C:\Program Files\Bitdefender\Bitdefender\updatesrv.exe [67320 2014-08-13] (Bitdefender) R2 VSSERV; C:\Program Files\Bitdefender\Bitdefender\vsserv.exe [1528896 2014-08-13] (Bitdefender) S2 WLMS; C:\Windows\system32\wlms\wlms.exe [19456 2009-07-14] (Microsoft Corporation) ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R0 avc3; C:\Windows\System32\DRIVERS\avc3.sys [1260120 2014-08-13] (BitDefender) R3 avchv; C:\Windows\System32\DRIVERS\avchv.sys [261056 2012-11-02] (BitDefender) R3 avckf; C:\Windows\System32\DRIVERS\avckf.sys [647752 2014-08-13] (BitDefender) R1 BdfNdisf; c:\program files\common files\bitdefender\bitdefender firewall\bdfndisf6.sys [93600 2014-05-22] (BitDefender LLC) R1 bdfwfpf; C:\Program Files\Common Files\Bitdefender\Bitdefender Firewall\bdfwfpf.sys [103504 2011-11-14] (BitDefender LLC) S3 bdfwfpf_pc; C:\Program Files\Common Files\Bitdefender\Bitdefender Firewall\bdfwfpf_pc.sys [121928 2013-07-02] (Bitdefender SRL) S3 BDSandBox; C:\Windows\system32\drivers\bdsandbox.sys [82824 2013-11-04] (BitDefender SRL) R3 ffusb2audio; C:\Windows\System32\DRIVERS\ffusb2audio.sys [127280 2013-09-25] (Focusrite Audio Engineering Limited.) R0 gzflt; C:\Windows\System32\DRIVERS\gzflt.sys [150256 2013-08-23] (BitDefender LLC) R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-05-12] (Malwarebytes Corporation) S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-05-12] (Malwarebytes Corporation) R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [20256 2014-07-25] (NVIDIA Corporation) R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [40392 2014-03-31] (NVIDIA Corporation) R0 trufos; C:\Windows\System32\DRIVERS\trufos.sys [419616 2014-08-13] (BitDefender S.R.L.) S3 catchme; \??\C:\ComboFix\catchme.sys [X] S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X] S3 tsusbhub; system32\drivers\tsusbhub.sys [X] S3 VGPU; System32\drivers\rdvgkmd.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2014-09-10 21:00 - 2014-09-10 21:00 - 00012758 _____ () C:\Users\Ich\Downloads\FRST.txt 2014-09-10 19:07 - 2014-09-10 19:07 - 00000000 ____D () C:\Program Files (x86)\ESET 2014-09-10 18:27 - 2014-08-19 20:05 - 00374968 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll 2014-09-10 18:27 - 2014-08-19 19:39 - 00327872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll 2014-09-10 18:27 - 2014-08-19 01:01 - 23591424 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2014-09-10 18:27 - 2014-08-19 00:29 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2014-09-10 18:27 - 2014-08-19 00:29 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll 2014-09-10 18:27 - 2014-08-19 00:26 - 17455104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2014-09-10 18:27 - 2014-08-19 00:20 - 02793984 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2014-09-10 18:27 - 2014-08-19 00:19 - 05833728 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2014-09-10 18:27 - 2014-08-19 00:15 - 00547328 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll 2014-09-10 18:27 - 2014-08-19 00:15 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll 2014-09-10 18:27 - 2014-08-19 00:14 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll 2014-09-10 18:27 - 2014-08-19 00:14 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll 2014-09-10 18:27 - 2014-08-19 00:08 - 04232704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll 2014-09-10 18:27 - 2014-08-19 00:08 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll 2014-09-10 18:27 - 2014-08-19 00:08 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll 2014-09-10 18:27 - 2014-08-19 00:05 - 00596480 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll 2014-09-10 18:27 - 2014-08-19 00:03 - 00758272 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll 2014-09-10 18:27 - 2014-08-19 00:03 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe 2014-09-10 18:27 - 2014-08-19 00:03 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe 2014-09-10 18:27 - 2014-08-18 23:57 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb 2014-09-10 18:27 - 2014-08-18 23:56 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe 2014-09-10 18:27 - 2014-08-18 23:51 - 00446464 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll 2014-09-10 18:27 - 2014-08-18 23:46 - 00454656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll 2014-09-10 18:27 - 2014-08-18 23:45 - 00072704 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll 2014-09-10 18:27 - 2014-08-18 23:45 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll 2014-09-10 18:27 - 2014-08-18 23:44 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll 2014-09-10 18:27 - 2014-08-18 23:44 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll 2014-09-10 18:27 - 2014-08-18 23:42 - 02185728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2014-09-10 18:27 - 2014-08-18 23:40 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll 2014-09-10 18:27 - 2014-08-18 23:39 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll 2014-09-10 18:27 - 2014-08-18 23:39 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll 2014-09-10 18:27 - 2014-08-18 23:39 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll 2014-09-10 18:27 - 2014-08-18 23:38 - 00289280 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll 2014-09-10 18:27 - 2014-08-18 23:37 - 00440320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll 2014-09-10 18:27 - 2014-08-18 23:36 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe 2014-09-10 18:27 - 2014-08-18 23:35 - 00597504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll 2014-09-10 18:27 - 2014-08-18 23:27 - 00365056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll 2014-09-10 18:27 - 2014-08-18 23:25 - 00727040 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2014-09-10 18:27 - 2014-08-18 23:25 - 00707072 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe 2014-09-10 18:27 - 2014-08-18 23:23 - 02104832 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl 2014-09-10 18:27 - 2014-08-18 23:23 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll 2014-09-10 18:27 - 2014-08-18 23:22 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll 2014-09-10 18:27 - 2014-08-18 23:19 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll 2014-09-10 18:27 - 2014-08-18 23:17 - 00243200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll 2014-09-10 18:27 - 2014-08-18 23:17 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll 2014-09-10 18:27 - 2014-08-18 23:16 - 13588480 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2014-09-10 18:27 - 2014-08-18 23:15 - 11769856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2014-09-10 18:27 - 2014-08-18 23:15 - 02310656 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2014-09-10 18:27 - 2014-08-18 23:09 - 00603136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll 2014-09-10 18:27 - 2014-08-18 23:08 - 02014208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl 2014-09-10 18:27 - 2014-08-18 23:07 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll 2014-09-10 18:27 - 2014-08-18 22:55 - 01447424 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2014-09-10 18:27 - 2014-08-18 22:46 - 01812992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2014-09-10 18:27 - 2014-08-18 22:38 - 01190400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2014-09-10 18:27 - 2014-08-18 22:38 - 00775168 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll 2014-09-10 18:27 - 2014-08-18 22:36 - 00678400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll 2014-09-10 18:21 - 2014-08-01 13:53 - 01031168 _____ (Microsoft Corporation) C:\Windows\system32\TSWorkspace.dll 2014-09-10 18:21 - 2014-08-01 13:35 - 00793600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSWorkspace.dll 2014-09-10 18:20 - 2014-07-07 04:06 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll 2014-09-10 18:20 - 2014-07-07 04:06 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll 2014-09-10 18:20 - 2014-07-07 03:40 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll 2014-09-10 18:20 - 2014-07-07 03:40 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll 2014-09-10 18:20 - 2014-07-07 03:39 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll 2014-09-10 18:20 - 2014-06-27 04:08 - 02777088 _____ (Microsoft Corporation) C:\Windows\system32\msmpeg2vdec.dll 2014-09-10 18:20 - 2014-06-27 03:45 - 02285056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msmpeg2vdec.dll 2014-09-10 18:20 - 2014-06-24 05:29 - 02565120 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll 2014-09-10 18:20 - 2014-06-24 04:59 - 01987584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll 2014-09-10 18:14 - 2014-09-10 18:14 - 00272808 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe 2014-09-10 18:14 - 2014-09-10 18:14 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe 2014-09-10 18:14 - 2014-09-10 18:14 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe 2014-09-10 18:14 - 2014-09-10 18:14 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll 2014-09-10 18:14 - 2014-09-10 18:14 - 00000000 ____D () C:\Program Files (x86)\Java 2014-09-10 18:10 - 2014-09-10 18:10 - 00918952 _____ (Oracle Corporation) C:\Users\Ich\Downloads\jxpiinstall.exe 2014-09-10 18:05 - 2014-09-10 18:05 - 00002094 _____ () C:\Windows\PFRO.log 2014-09-10 08:36 - 2014-09-10 20:59 - 00000843 _____ () C:\Users\Ich\Desktop\checkup.txt 2014-09-09 22:15 - 2014-09-09 22:15 - 02347384 _____ (ESET) C:\Users\Ich\Downloads\esetsmartinstaller_deu.exe 2014-09-09 22:15 - 2014-09-09 22:15 - 00854417 _____ () C:\Users\Ich\Desktop\SecurityCheck.exe 2014-09-09 20:38 - 2014-09-10 21:00 - 00000000 ____D () C:\Users\Ich\Downloads\FRST-OlderVersion 2014-09-09 20:38 - 2014-09-10 08:44 - 00044282 _____ () C:\Users\Ich\Desktop\FRST.txt 2014-09-09 17:52 - 2014-09-10 20:53 - 00001176 _____ () C:\Windows\setupact.log 2014-09-09 17:52 - 2014-09-09 17:52 - 00000000 _____ () C:\Windows\setuperr.log 2014-09-09 00:05 - 2014-09-09 00:05 - 00000000 ____D () C:\Users\Ich\AppData\Roaming\QuickScan 2014-09-08 22:26 - 2014-09-08 22:27 - 00000085 _____ () C:\Windows\wininit.ini 2014-09-08 22:16 - 2014-09-08 22:17 - 00000000 ____D () C:\Users\Ich\Desktop\Log2 2014-09-08 21:37 - 2014-09-08 21:37 - 00000000 ____D () C:\Windows\ERUNT 2014-09-08 21:09 - 2014-09-08 21:09 - 01016261 _____ (Thisisu) C:\Users\Ich\Desktop\JRT.exe 2014-09-08 21:08 - 2014-09-08 21:08 - 01370483 _____ () C:\Users\Ich\Desktop\adwcleaner_3.309(1).exe 2014-09-07 20:12 - 2011-06-26 08:45 - 00256000 _____ () C:\Windows\PEV.exe 2014-09-07 20:12 - 2010-11-07 19:20 - 00208896 _____ () C:\Windows\MBR.exe 2014-09-07 20:12 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe 2014-09-07 20:12 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe 2014-09-07 20:12 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe 2014-09-07 20:12 - 2000-08-31 02:00 - 00098816 _____ () C:\Windows\sed.exe 2014-09-07 20:12 - 2000-08-31 02:00 - 00080412 _____ () C:\Windows\grep.exe 2014-09-07 20:12 - 2000-08-31 02:00 - 00068096 _____ () C:\Windows\zip.exe 2014-09-07 20:10 - 2014-09-07 20:24 - 00000000 ____D () C:\Qoobox 2014-09-07 20:09 - 2014-09-07 20:22 - 00000000 ____D () C:\Windows\erdnt 2014-09-07 20:07 - 2014-09-07 20:07 - 05576440 ____R (Swearware) C:\Users\Ich\Desktop\ComboFix.exe 2014-09-07 13:07 - 2014-09-07 13:07 - 00031771 _____ () C:\Users\Ich\Downloads\Addition.txt 2014-09-06 23:26 - 2014-09-06 23:35 - 00000000 ____D () C:\Windows\Minidump 2014-09-06 22:56 - 2014-09-10 21:00 - 00000000 ____D () C:\FRST 2014-09-06 22:47 - 2014-09-10 21:00 - 02105856 _____ (Farbar) C:\Users\Ich\Downloads\FRST64.exe 2014-09-06 22:47 - 2014-09-06 22:47 - 00380416 _____ () C:\Users\Ich\Downloads\4mr1c7mt.exe 2014-09-06 19:45 - 2014-09-06 19:45 - 00254858 _____ () C:\Users\Ich\AppData\Local\census.cache 2014-09-06 19:45 - 2014-09-06 19:45 - 00103849 _____ () C:\Users\Ich\AppData\Local\ars.cache 2014-09-06 14:15 - 2014-09-06 14:15 - 02405664 _____ (Trend Micro Inc.) C:\Users\Ich\Downloads\HousecallLauncher64.exe 2014-09-06 14:15 - 2014-09-06 14:15 - 00416576 _____ (Kaspersky Lab) C:\Users\Ich\Downloads\de-de.setup.exe 2014-09-06 14:15 - 2014-09-06 14:15 - 00000036 _____ () C:\Users\Ich\AppData\Local\housecall.guid.cache 2014-09-06 14:03 - 2014-09-06 14:03 - 00602112 _____ (OldTimer Tools) C:\Users\Ich\Desktop\OTL.exe 2014-09-06 11:58 - 2014-09-08 21:32 - 00000000 ____D () C:\AdwCleaner 2014-09-06 11:22 - 2014-09-06 11:22 - 00688992 ____R (Swearware) C:\Users\Ich\Downloads\dds.scr 2014-09-06 10:28 - 2014-09-06 10:28 - 02365840 _____ () C:\Users\Ich\Downloads\SecurityTaskManager_Setup.exe 2014-09-06 10:23 - 2014-09-06 10:23 - 00540072 _____ (Neuber Software) C:\Users\Ich\Downloads\SvchostAnalyzer.exe 2014-09-05 18:29 - 2014-09-05 18:29 - 00000000 ____D () C:\Users\Ich\Documents\ProcAlyzer Dumps 2014-09-05 17:57 - 2014-09-05 17:57 - 00000000 ____D () C:\Windows\System32\Tasks\Safer-Networking 2014-09-05 17:56 - 2014-09-08 22:27 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy 2014-09-05 17:56 - 2014-09-08 22:27 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy 2 2014-09-05 17:54 - 2014-09-05 17:55 - 46525608 _____ (Safer-Networking Ltd. ) C:\Users\Ich\Downloads\spybot-2.4.exe 2014-09-05 17:18 - 2014-09-10 18:52 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2014-09-05 17:17 - 2014-09-05 17:17 - 00001106 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk 2014-09-05 17:17 - 2014-09-05 17:17 - 00000000 ____D () C:\ProgramData\Malwarebytes 2014-09-05 17:17 - 2014-09-05 17:17 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 2014-09-05 17:17 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys 2014-09-05 17:17 - 2014-05-12 07:26 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys 2014-09-05 17:17 - 2014-05-12 07:25 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys 2014-09-05 17:16 - 2014-09-05 17:17 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Ich\Downloads\mbam-setup-2.0.2.1012.exe 2014-09-05 13:43 - 2014-09-06 10:14 - 00001326 _____ () C:\Windows\Tasks\MQDC-job-furz 2014-09-03 19:45 - 2014-09-03 19:45 - 04870145 _____ () C:\Users\Ich\Downloads\Lemmings_en.zip 2014-09-02 21:22 - 2014-09-06 14:54 - 00002517 _____ () C:\Users\Public\Desktop\Skype.lnk 2014-09-02 21:22 - 2014-09-06 14:54 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype 2014-09-02 21:22 - 2014-09-02 23:55 - 00000000 ____D () C:\Users\Ich\AppData\Roaming\Skype 2014-09-02 21:22 - 2014-09-02 21:22 - 00000000 ___RD () C:\Program Files (x86)\Skype 2014-09-02 21:22 - 2014-09-02 21:22 - 00000000 ____D () C:\Users\Ich\AppData\Local\Skype 2014-09-02 21:21 - 2014-09-06 14:54 - 00000000 ____D () C:\ProgramData\Skype 2014-09-02 21:20 - 2014-09-02 21:20 - 01677928 _____ (Skype Technologies S.A.) C:\Users\Ich\Downloads\SkypeSetup.exe 2014-09-02 20:00 - 2014-09-02 20:00 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox 2014-08-30 12:42 - 2014-08-30 12:42 - 00109280 _____ () C:\Users\Ich\AppData\Local\GDIPFONTCACHEV1.DAT 2014-08-30 10:58 - 2014-08-30 11:00 - 04966568 _____ () C:\Windows\system32\FNTCACHE.DAT 2014-08-29 15:40 - 2014-08-29 15:41 - 06224233 _____ () C:\Users\Ich\Downloads\Kokusnu__pilz.zip 2014-08-29 12:49 - 2014-08-23 04:07 - 00404480 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll 2014-08-29 12:49 - 2014-08-23 03:45 - 00311808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll 2014-08-29 12:49 - 2014-08-23 02:59 - 03163648 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys 2014-08-24 21:51 - 2014-08-24 21:51 - 00000967 _____ () C:\Users\Public\Desktop\MEGA6.lnk 2014-08-24 21:51 - 2014-08-24 21:51 - 00000000 ____D () C:\Users\Ich\AppData\Roaming\MEGA6_6140226 2014-08-24 21:51 - 2014-08-24 21:51 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MEGA6 2014-08-24 21:51 - 2014-08-24 21:51 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ImageMagick 6.7.5 Q16 2014-08-24 21:51 - 2014-08-24 21:51 - 00000000 ____D () C:\Program Files (x86)\MEGA6 2014-08-21 10:54 - 2014-08-21 11:09 - 00000000 ____D () C:\ProgramData\89862a08bda44ad 2014-08-21 10:54 - 2014-08-21 10:54 - 00000394 __RSH () C:\ProgramData\ntuser.pol 2014-08-21 10:54 - 2014-08-21 10:54 - 00000000 ____D () C:\Users\Administrator 2014-08-18 17:52 - 2014-09-10 02:00 - 00000000 ____D () C:\Users\Ich\AppData\Local\Adobe 2014-08-13 21:37 - 2014-08-13 21:37 - 01260120 _____ (BitDefender) C:\Windows\system32\Drivers\avc3.sys 2014-08-12 20:15 - 2014-07-01 00:24 - 00008856 _____ (Microsoft Corporation) C:\Windows\system32\icardres.dll 2014-08-12 20:15 - 2014-07-01 00:14 - 00008856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardres.dll 2014-08-12 20:15 - 2014-06-06 08:16 - 00035480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TsWpfWrp.exe 2014-08-12 20:15 - 2014-06-06 08:12 - 00035480 _____ (Microsoft Corporation) C:\Windows\system32\TsWpfWrp.exe 2014-08-12 20:15 - 2014-03-09 23:48 - 01389208 _____ (Microsoft Corporation) C:\Windows\system32\icardagt.exe 2014-08-12 20:15 - 2014-03-09 23:48 - 00171160 _____ (Microsoft Corporation) C:\Windows\system32\infocardapi.dll 2014-08-12 20:15 - 2014-03-09 23:47 - 00619672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardagt.exe 2014-08-12 20:15 - 2014-03-09 23:47 - 00099480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\infocardapi.dll 2014-08-12 20:00 - 2014-07-16 05:23 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll 2014-08-12 20:00 - 2014-07-16 04:46 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll 2014-08-12 20:00 - 2014-07-09 04:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDYAK.DLL 2014-08-12 20:00 - 2014-07-09 04:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDTAT.DLL 2014-08-12 20:00 - 2014-07-09 04:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDRU1.DLL 2014-08-12 20:00 - 2014-07-09 04:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDBASH.DLL 2014-08-12 20:00 - 2014-07-09 04:03 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\KBDRU.DLL 2014-08-12 20:00 - 2014-07-09 03:31 - 00007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDYAK.DLL 2014-08-12 20:00 - 2014-07-09 03:31 - 00007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDTAT.DLL 2014-08-12 20:00 - 2014-07-09 03:31 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDRU1.DLL 2014-08-12 20:00 - 2014-07-09 03:31 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDRU.DLL 2014-08-12 20:00 - 2014-07-09 03:31 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDBASH.DLL 2014-08-12 20:00 - 2014-07-09 00:38 - 00419992 _____ () C:\Windows\system32\locale.nls 2014-08-12 20:00 - 2014-07-09 00:30 - 00419992 _____ () C:\Windows\SysWOW64\locale.nls 2014-08-12 20:00 - 2014-06-25 04:05 - 14175744 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll 2014-08-12 20:00 - 2014-06-25 03:41 - 12874240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll 2014-08-12 20:00 - 2014-06-16 04:10 - 00985536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys 2014-08-12 20:00 - 2014-06-03 12:02 - 03241984 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll 2014-08-12 20:00 - 2014-06-03 12:02 - 01941504 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll 2014-08-12 20:00 - 2014-06-03 12:02 - 00504320 _____ (Microsoft Corporation) C:\Windows\system32\msihnd.dll 2014-08-12 20:00 - 2014-06-03 12:02 - 00112064 _____ (Microsoft Corporation) C:\Windows\system32\consent.exe 2014-08-12 20:00 - 2014-06-03 11:29 - 02363392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll 2014-08-12 20:00 - 2014-06-03 11:29 - 01805824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll 2014-08-12 20:00 - 2014-06-03 11:29 - 00337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msihnd.dll 2014-08-12 19:59 - 2014-07-14 04:02 - 01216000 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll 2014-08-12 19:59 - 2014-07-14 03:40 - 00664064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll 2014-08-12 19:52 - 2014-08-18 17:46 - 00000000 ____D () C:\Users\Ich\encyclios 2014-08-12 19:52 - 2014-08-12 20:13 - 00000000 ____D () C:\Users\Ich\fungi2014 2014-08-12 19:51 - 2014-08-12 19:51 - 00001207 _____ () C:\Users\Public\Desktop\Atlas of Clinical Fungi.lnk 2014-08-12 19:51 - 2014-08-12 19:51 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Atlas of Clinical Fungi 2014-08-12 19:50 - 2014-08-12 19:51 - 00000000 ____D () C:\Program Files (x86)\Atlas of Clinical Fungi 2014-08-12 01:05 - 2014-08-12 01:05 - 15798272 _____ () C:\Users\Ich\Documents\ereignisdat2.evtx 2014-08-12 01:04 - 2014-08-12 01:04 - 12652544 _____ () C:\Users\Ich\Documents\ereignisdat.evtx 2014-08-12 00:05 - 2014-08-12 00:12 - 00000000 ____D () C:\Windows\System32\Tasks\Aufgaben der Ereignisanzeige ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2014-09-10 21:01 - 2014-09-10 21:00 - 00012758 _____ () C:\Users\Ich\Downloads\FRST.txt 2014-09-10 21:00 - 2014-09-09 20:38 - 00000000 ____D () C:\Users\Ich\Downloads\FRST-OlderVersion 2014-09-10 21:00 - 2014-09-06 22:56 - 00000000 ____D () C:\FRST 2014-09-10 21:00 - 2014-09-06 22:47 - 02105856 _____ (Farbar) C:\Users\Ich\Downloads\FRST64.exe 2014-09-10 20:59 - 2014-09-10 08:36 - 00000843 _____ () C:\Users\Ich\Desktop\checkup.txt 2014-09-10 20:58 - 2009-07-14 06:45 - 00016448 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2014-09-10 20:58 - 2009-07-14 06:45 - 00016448 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2014-09-10 20:56 - 2014-01-23 23:27 - 01129847 _____ () C:\Windows\WindowsUpdate.log 2014-09-10 20:53 - 2014-09-09 17:52 - 00001176 _____ () C:\Windows\setupact.log 2014-09-10 20:53 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2014-09-10 20:52 - 2014-01-24 01:28 - 00000000 ____D () C:\ProgramData\NVIDIA 2014-09-10 20:07 - 2014-01-24 14:57 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job 2014-09-10 19:07 - 2014-09-10 19:07 - 00000000 ____D () C:\Program Files (x86)\ESET 2014-09-10 18:52 - 2014-09-05 17:18 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2014-09-10 18:27 - 2014-01-24 13:44 - 00000000 ____D () C:\ProgramData\Microsoft Help 2014-09-10 18:26 - 2014-01-24 04:10 - 01589404 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI 2014-09-10 18:26 - 2014-01-24 02:00 - 00696528 _____ () C:\Windows\system32\perfh007.dat 2014-09-10 18:26 - 2014-01-24 02:00 - 00148496 _____ () C:\Windows\system32\perfc007.dat 2014-09-10 18:26 - 2009-07-14 07:13 - 01589404 _____ () C:\Windows\system32\PerfStringBackup.INI 2014-09-10 18:20 - 2014-01-24 00:31 - 101694776 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe 2014-09-10 18:20 - 2014-01-24 00:31 - 00000000 ____D () C:\Windows\system32\MRT 2014-09-10 18:17 - 2014-05-24 15:28 - 00000000 ____D () C:\ProgramData\Oracle 2014-09-10 18:14 - 2014-09-10 18:14 - 00272808 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe 2014-09-10 18:14 - 2014-09-10 18:14 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe 2014-09-10 18:14 - 2014-09-10 18:14 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe 2014-09-10 18:14 - 2014-09-10 18:14 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll 2014-09-10 18:14 - 2014-09-10 18:14 - 00000000 ____D () C:\Program Files (x86)\Java 2014-09-10 18:10 - 2014-09-10 18:10 - 00918952 _____ (Oracle Corporation) C:\Users\Ich\Downloads\jxpiinstall.exe 2014-09-10 18:05 - 2014-09-10 18:05 - 00002094 _____ () C:\Windows\PFRO.log 2014-09-10 08:44 - 2014-09-09 20:38 - 00044282 _____ () C:\Users\Ich\Desktop\FRST.txt 2014-09-10 02:00 - 2014-08-18 17:52 - 00000000 ____D () C:\Users\Ich\AppData\Local\Adobe 2014-09-09 22:15 - 2014-09-09 22:15 - 02347384 _____ (ESET) C:\Users\Ich\Downloads\esetsmartinstaller_deu.exe 2014-09-09 22:15 - 2014-09-09 22:15 - 00854417 _____ () C:\Users\Ich\Desktop\SecurityCheck.exe 2014-09-09 22:07 - 2014-01-24 14:57 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2014-09-09 22:07 - 2014-01-24 14:57 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2014-09-09 22:07 - 2014-01-24 14:57 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater 2014-09-09 17:52 - 2014-09-09 17:52 - 00000000 _____ () C:\Windows\setuperr.log 2014-09-09 00:05 - 2014-09-09 00:05 - 00000000 ____D () C:\Users\Ich\AppData\Roaming\QuickScan 2014-09-08 23:46 - 2014-05-25 18:14 - 00000000 ____D () C:\Users\Ich\AppData\Local\PokerStars.EU 2014-09-08 22:27 - 2014-09-08 22:26 - 00000085 _____ () C:\Windows\wininit.ini 2014-09-08 22:27 - 2014-09-05 17:56 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy 2014-09-08 22:27 - 2014-09-05 17:56 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy 2 2014-09-08 22:23 - 2014-08-09 16:10 - 00007602 _____ () C:\Users\Ich\AppData\Local\Resmon.ResmonCfg 2014-09-08 22:17 - 2014-09-08 22:16 - 00000000 ____D () C:\Users\Ich\Desktop\Log2 2014-09-08 21:37 - 2014-09-08 21:37 - 00000000 ____D () C:\Windows\ERUNT 2014-09-08 21:32 - 2014-09-06 11:58 - 00000000 ____D () C:\AdwCleaner 2014-09-08 21:09 - 2014-09-08 21:09 - 01016261 _____ (Thisisu) C:\Users\Ich\Desktop\JRT.exe 2014-09-08 21:08 - 2014-09-08 21:08 - 01370483 _____ () C:\Users\Ich\Desktop\adwcleaner_3.309(1).exe 2014-09-08 00:51 - 2009-07-14 07:08 - 00032620 _____ () C:\Windows\Tasks\SCHEDLGU.TXT 2014-09-07 21:44 - 2014-01-23 23:35 - 00000000 ____D () C:\Users\Ich 2014-09-07 20:57 - 2014-05-02 12:11 - 00000000 ____D () C:\Users\Ich\Documents\Citavi 4 2014-09-07 20:24 - 2014-09-07 20:10 - 00000000 ____D () C:\Qoobox 2014-09-07 20:22 - 2014-09-07 20:09 - 00000000 ____D () C:\Windows\erdnt 2014-09-07 20:22 - 2009-07-14 04:34 - 00000215 _____ () C:\Windows\system.ini 2014-09-07 20:07 - 2014-09-07 20:07 - 05576440 ____R (Swearware) C:\Users\Ich\Desktop\ComboFix.exe 2014-09-07 13:07 - 2014-09-07 13:07 - 00031771 _____ () C:\Users\Ich\Downloads\Addition.txt 2014-09-06 23:35 - 2014-09-06 23:26 - 00000000 ____D () C:\Windows\Minidump 2014-09-06 22:47 - 2014-09-06 22:47 - 00380416 _____ () C:\Users\Ich\Downloads\4mr1c7mt.exe 2014-09-06 19:45 - 2014-09-06 19:45 - 00254858 _____ () C:\Users\Ich\AppData\Local\census.cache 2014-09-06 19:45 - 2014-09-06 19:45 - 00103849 _____ () C:\Users\Ich\AppData\Local\ars.cache 2014-09-06 14:54 - 2014-09-02 21:22 - 00002517 _____ () C:\Users\Public\Desktop\Skype.lnk 2014-09-06 14:54 - 2014-09-02 21:22 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype 2014-09-06 14:54 - 2014-09-02 21:21 - 00000000 ____D () C:\ProgramData\Skype 2014-09-06 14:39 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\system32\NDF 2014-09-06 14:15 - 2014-09-06 14:15 - 02405664 _____ (Trend Micro Inc.) C:\Users\Ich\Downloads\HousecallLauncher64.exe 2014-09-06 14:15 - 2014-09-06 14:15 - 00416576 _____ (Kaspersky Lab) C:\Users\Ich\Downloads\de-de.setup.exe 2014-09-06 14:15 - 2014-09-06 14:15 - 00000036 _____ () C:\Users\Ich\AppData\Local\housecall.guid.cache 2014-09-06 14:03 - 2014-09-06 14:03 - 00602112 _____ (OldTimer Tools) C:\Users\Ich\Desktop\OTL.exe 2014-09-06 11:44 - 2014-01-24 14:05 - 00000000 ____D () C:\Program Files (x86)\Adobe 2014-09-06 11:22 - 2014-09-06 11:22 - 00688992 ____R (Swearware) C:\Users\Ich\Downloads\dds.scr 2014-09-06 10:28 - 2014-09-06 10:28 - 02365840 _____ () C:\Users\Ich\Downloads\SecurityTaskManager_Setup.exe 2014-09-06 10:23 - 2014-09-06 10:23 - 00540072 _____ (Neuber Software) C:\Users\Ich\Downloads\SvchostAnalyzer.exe 2014-09-06 10:14 - 2014-09-05 13:43 - 00001326 _____ () C:\Windows\Tasks\MQDC-job-furz 2014-09-05 18:29 - 2014-09-05 18:29 - 00000000 ____D () C:\Users\Ich\Documents\ProcAlyzer Dumps 2014-09-05 17:57 - 2014-09-05 17:57 - 00000000 ____D () C:\Windows\System32\Tasks\Safer-Networking 2014-09-05 17:55 - 2014-09-05 17:54 - 46525608 _____ (Safer-Networking Ltd. ) C:\Users\Ich\Downloads\spybot-2.4.exe 2014-09-05 17:33 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\AppCompat 2014-09-05 17:17 - 2014-09-05 17:17 - 00001106 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk 2014-09-05 17:17 - 2014-09-05 17:17 - 00000000 ____D () C:\ProgramData\Malwarebytes 2014-09-05 17:17 - 2014-09-05 17:17 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 2014-09-05 17:17 - 2014-09-05 17:16 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Ich\Downloads\mbam-setup-2.0.2.1012.exe 2014-09-04 17:28 - 2014-01-24 13:12 - 00000000 ____D () C:\Users\Ich\AppData\Roaming\Adobe 2014-09-04 16:36 - 2014-05-24 10:53 - 00000000 ____D () C:\Users\Ich\Documents\mega_cache_6140226 2014-09-03 19:45 - 2014-09-03 19:45 - 04870145 _____ () C:\Users\Ich\Downloads\Lemmings_en.zip 2014-09-03 08:32 - 2014-01-24 02:03 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service 2014-09-03 00:08 - 2014-07-06 17:25 - 00000000 ____D () C:\Users\Ich\Documents\psynetic-gifx 2014-09-02 23:55 - 2014-09-02 21:22 - 00000000 ____D () C:\Users\Ich\AppData\Roaming\Skype 2014-09-02 21:22 - 2014-09-02 21:22 - 00000000 ___RD () C:\Program Files (x86)\Skype 2014-09-02 21:22 - 2014-09-02 21:22 - 00000000 ____D () C:\Users\Ich\AppData\Local\Skype 2014-09-02 21:20 - 2014-09-02 21:20 - 01677928 _____ (Skype Technologies S.A.) C:\Users\Ich\Downloads\SkypeSetup.exe 2014-09-02 20:00 - 2014-09-02 20:00 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox 2014-08-30 12:42 - 2014-08-30 12:42 - 00109280 _____ () C:\Users\Ich\AppData\Local\GDIPFONTCACHEV1.DAT 2014-08-30 11:00 - 2014-08-30 10:58 - 04966568 _____ () C:\Windows\system32\FNTCACHE.DAT 2014-08-30 00:38 - 2014-01-24 14:55 - 00000822 _____ () C:\Users\Public\Desktop\CCleaner.lnk 2014-08-30 00:38 - 2014-01-24 14:55 - 00000000 ____D () C:\Program Files\CCleaner 2014-08-29 22:21 - 2014-05-25 18:14 - 00000000 ____D () C:\Program Files (x86)\PokerStars.EU 2014-08-29 16:13 - 2014-05-23 20:08 - 00000000 ____D () C:\Users\Ich\AppData\Roaming\MEGA_Global 2014-08-29 15:41 - 2014-08-29 15:40 - 06224233 _____ () C:\Users\Ich\Downloads\Kokusnu__pilz.zip 2014-08-24 21:51 - 2014-08-24 21:51 - 00000967 _____ () C:\Users\Public\Desktop\MEGA6.lnk 2014-08-24 21:51 - 2014-08-24 21:51 - 00000000 ____D () C:\Users\Ich\AppData\Roaming\MEGA6_6140226 2014-08-24 21:51 - 2014-08-24 21:51 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MEGA6 2014-08-24 21:51 - 2014-08-24 21:51 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ImageMagick 6.7.5 Q16 2014-08-24 21:51 - 2014-08-24 21:51 - 00000000 ____D () C:\Program Files (x86)\MEGA6 2014-08-23 04:07 - 2014-08-29 12:49 - 00404480 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll 2014-08-23 03:45 - 2014-08-29 12:49 - 00311808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll 2014-08-23 02:59 - 2014-08-29 12:49 - 03163648 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys 2014-08-21 11:19 - 2014-06-26 14:33 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java 2014-08-21 11:09 - 2014-08-21 10:54 - 00000000 ____D () C:\ProgramData\89862a08bda44ad 2014-08-21 10:54 - 2014-08-21 10:54 - 00000394 __RSH () C:\ProgramData\ntuser.pol 2014-08-21 10:54 - 2014-08-21 10:54 - 00000000 ____D () C:\Users\Administrator 2014-08-21 10:54 - 2009-07-14 05:20 - 00000000 ___HD () C:\Windows\system32\GroupPolicy 2014-08-21 10:54 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\SysWOW64\GroupPolicy 2014-08-19 20:05 - 2014-09-10 18:27 - 00374968 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll 2014-08-19 19:39 - 2014-09-10 18:27 - 00327872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll 2014-08-19 01:01 - 2014-09-10 18:27 - 23591424 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2014-08-19 00:29 - 2014-09-10 18:27 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2014-08-19 00:29 - 2014-09-10 18:27 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll 2014-08-19 00:26 - 2014-09-10 18:27 - 17455104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2014-08-19 00:20 - 2014-09-10 18:27 - 02793984 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2014-08-19 00:19 - 2014-09-10 18:27 - 05833728 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2014-08-19 00:15 - 2014-09-10 18:27 - 00547328 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll 2014-08-19 00:15 - 2014-09-10 18:27 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll 2014-08-19 00:14 - 2014-09-10 18:27 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll 2014-08-19 00:14 - 2014-09-10 18:27 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll 2014-08-19 00:08 - 2014-09-10 18:27 - 04232704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll 2014-08-19 00:08 - 2014-09-10 18:27 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll 2014-08-19 00:08 - 2014-09-10 18:27 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll 2014-08-19 00:05 - 2014-09-10 18:27 - 00596480 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll 2014-08-19 00:03 - 2014-09-10 18:27 - 00758272 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll 2014-08-19 00:03 - 2014-09-10 18:27 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe 2014-08-19 00:03 - 2014-09-10 18:27 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe 2014-08-18 23:57 - 2014-09-10 18:27 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb 2014-08-18 23:56 - 2014-09-10 18:27 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe 2014-08-18 23:51 - 2014-09-10 18:27 - 00446464 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll 2014-08-18 23:46 - 2014-09-10 18:27 - 00454656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll 2014-08-18 23:45 - 2014-09-10 18:27 - 00072704 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll 2014-08-18 23:45 - 2014-09-10 18:27 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll 2014-08-18 23:44 - 2014-09-10 18:27 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll 2014-08-18 23:44 - 2014-09-10 18:27 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll 2014-08-18 23:42 - 2014-09-10 18:27 - 02185728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2014-08-18 23:40 - 2014-09-10 18:27 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll 2014-08-18 23:39 - 2014-09-10 18:27 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll 2014-08-18 23:39 - 2014-09-10 18:27 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll 2014-08-18 23:39 - 2014-09-10 18:27 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll 2014-08-18 23:38 - 2014-09-10 18:27 - 00289280 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll 2014-08-18 23:37 - 2014-09-10 18:27 - 00440320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll 2014-08-18 23:36 - 2014-09-10 18:27 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe 2014-08-18 23:35 - 2014-09-10 18:27 - 00597504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll 2014-08-18 23:27 - 2014-09-10 18:27 - 00365056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll 2014-08-18 23:25 - 2014-09-10 18:27 - 00727040 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2014-08-18 23:25 - 2014-09-10 18:27 - 00707072 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe 2014-08-18 23:23 - 2014-09-10 18:27 - 02104832 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl 2014-08-18 23:23 - 2014-09-10 18:27 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll 2014-08-18 23:22 - 2014-09-10 18:27 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll 2014-08-18 23:19 - 2014-09-10 18:27 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll 2014-08-18 23:17 - 2014-09-10 18:27 - 00243200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll 2014-08-18 23:17 - 2014-09-10 18:27 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll 2014-08-18 23:16 - 2014-09-10 18:27 - 13588480 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2014-08-18 23:15 - 2014-09-10 18:27 - 11769856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2014-08-18 23:15 - 2014-09-10 18:27 - 02310656 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2014-08-18 23:09 - 2014-09-10 18:27 - 00603136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll 2014-08-18 23:08 - 2014-09-10 18:27 - 02014208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl 2014-08-18 23:07 - 2014-09-10 18:27 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll 2014-08-18 22:55 - 2014-09-10 18:27 - 01447424 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2014-08-18 22:46 - 2014-09-10 18:27 - 01812992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2014-08-18 22:38 - 2014-09-10 18:27 - 01190400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2014-08-18 22:38 - 2014-09-10 18:27 - 00775168 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll 2014-08-18 22:36 - 2014-09-10 18:27 - 00678400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll 2014-08-18 20:17 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\rescache 2014-08-18 17:46 - 2014-08-12 19:52 - 00000000 ____D () C:\Users\Ich\encyclios 2014-08-15 19:34 - 2009-07-14 09:13 - 00000000 ___RD () C:\Users\Public\Recorded TV 2014-08-14 00:05 - 2014-03-11 13:02 - 00000407 _____ () C:\Windows\system32\checkdnsid.xml 2014-08-13 21:37 - 2014-08-13 21:37 - 01260120 _____ (BitDefender) C:\Windows\system32\Drivers\avc3.sys 2014-08-13 21:37 - 2014-01-24 02:11 - 00084848 _____ (BitDefender SRL) C:\Windows\system32\bdsandboxuiskin.dll 2014-08-13 21:36 - 2014-01-24 02:52 - 00074512 _____ (BitDefender SRL) C:\Windows\system32\bdsandboxuiskin32.dll 2014-08-13 21:36 - 2014-01-24 02:21 - 00647752 _____ (BitDefender) C:\Windows\system32\Drivers\avckf.sys 2014-08-13 21:36 - 2014-01-24 02:11 - 00419616 _____ (BitDefender S.R.L.) C:\Windows\system32\Drivers\trufos.sys 2014-08-13 21:36 - 2014-01-24 02:11 - 00034384 _____ (BitDefender SRL) C:\Windows\system32\bdsandboxuh.dll 2014-08-12 20:33 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\PolicyDefinitions 2014-08-12 20:13 - 2014-08-12 19:52 - 00000000 ____D () C:\Users\Ich\fungi2014 2014-08-12 19:51 - 2014-08-12 19:51 - 00001207 _____ () C:\Users\Public\Desktop\Atlas of Clinical Fungi.lnk 2014-08-12 19:51 - 2014-08-12 19:51 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Atlas of Clinical Fungi 2014-08-12 19:51 - 2014-08-12 19:50 - 00000000 ____D () C:\Program Files (x86)\Atlas of Clinical Fungi 2014-08-12 01:05 - 2014-08-12 01:05 - 15798272 _____ () C:\Users\Ich\Documents\ereignisdat2.evtx 2014-08-12 01:04 - 2014-08-12 01:04 - 12652544 _____ () C:\Users\Ich\Documents\ereignisdat.evtx 2014-08-12 00:12 - 2014-08-12 00:05 - 00000000 ____D () C:\Windows\System32\Tasks\Aufgaben der Ereignisanzeige Some content of TEMP: ==================== C:\Users\Ich\AppData\Local\Temp\Quarantine.exe ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\System32\winlogon.exe => File is digitally signed C:\Windows\System32\wininit.exe => File is digitally signed C:\Windows\SysWOW64\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\System32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\System32\services.exe => File is digitally signed C:\Windows\System32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\System32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\System32\rpcss.dll => File is digitally signed C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2014-09-06 18:40 ==================== End Of Log ============================ --- --- --- --- --- --- Viele Grüße Hey, hier der Log vom FRST Fix: Code:
ATTFilter Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 10-09-2014
Ran by Ich at 2014-09-10 21:21:16 Run:1
Running from C:\Users\Ich\Desktop
Boot Mode: Normal
==============================================
Content of fixlist:
*****************
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
*****************
C:\Windows\system32\GroupPolicy\Machine => Moved successfully.
C:\Windows\system32\GroupPolicy\GPT.ini => Moved successfully.
The system needed a reboot.
==== End of Fixlog ====
Grüße |
|
11.09.2014, 19:21
| #13 |
| /// the machine /// TB-Ausbilder | PUP.Optional.Multiplug und andere Infektionen Kommt immer drauf an wie du es gestartet hast.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
11.09.2014, 21:10
| #14 |
| | PUP.Optional.Multiplug und andere Infektionen Was meinst Du damit? Ob es als Administrator gestartet wird oder nicht? Hatte ich jedenfalls beides ausprobiert und jedesmal ist das gleiche passiert. Ich hab nochmal ein FRST Scan angefertigt und es gibt immer noch einen Chrome Eintrag in Relation mit Bitdefender. Könnte es sein, dass Bitdefender diesen Eintrag anlegt, auch wenn Chrome nicht installiert ist? Hier der Log von FRST: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 10-09-2014
Ran by Ich (administrator) on MINE on 11-09-2014 22:04:46
Running from C:\Users\Ich\Desktop
Platform: Windows 7 Enterprise Service Pack 1 (X64) OS Language: Englisch (USA)
Internet Explorer Version 11
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Bitdefender) C:\Program Files\Bitdefender\Bitdefender\vsserv.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Bitdefender) C:\Program Files\Bitdefender\Bitdefender\updatesrv.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Bitdefender) C:\Program Files\Bitdefender\Bitdefender\bdagent.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
HKLM\...\Run: [Bdagent] => C:\Program Files\Bitdefender\Bitdefender\bdagent.exe [1743088 2014-08-13] (Bitdefender)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [472984 2013-12-10] (Adobe Systems Incorporated)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2403104 2014-07-25] (NVIDIA Corporation)
HKLM-x32\...\Run: [AdobeCS5.5ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe [1523360 2011-01-12] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-12-21] (Adobe Systems Incorporated)
HKU\.DEFAULT\...\Run: [Bitdefender Wallet Agent] => C:\Program Files\Bitdefender\Bitdefender\pmbxag.exe [568400 2014-08-13] (Bitdefender)
HKU\.DEFAULT\...\Run: [Bitdefender Wallet] => C:\Program Files\Bitdefender\Bitdefender\pwdmanui.exe [1002048 2014-08-13] (Bitdefender)
HKU\.DEFAULT\...\Run: [Bitdefender Wallet Application Agent] => C:\Program Files\Bitdefender\Bitdefender\antispam32\bdapppassmgr.exe [615256 2014-08-13] (Bitdefender)
BootExecute: autocheck autochk * sdnclean64.exe
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
ProxyServer: localhost:8080
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
BHO: Bitdefender Wallet -> {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} -> C:\Program Files\Bitdefender\Bitdefender\pmbxie.dll (Bitdefender)
BHO: Citavi Picker -> {609D670F-B735-4da7-AC6D-F3BD358E325E} -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Bitdefender Wallet -> {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} -> C:\Program Files\Bitdefender\Bitdefender\Antispam32\pmbxie.dll (Bitdefender)
BHO-x32: Citavi Picker -> {609D670F-B735-4da7-AC6D-F3BD358E325E} -> C:\Windows\SysWOW64\mscoree.dll (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
FireFox:
========
FF ProfilePath: C:\Users\Ich\AppData\Roaming\Mozilla\Firefox\Profiles\quh1ckxf.default
FF Homepage: about:home
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_152.dll ()
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll (Adobe Systems)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_152.dll ()
FF Plugin-x32: @java.com/DTPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: YouTube Unblocker - C:\Users\Ich\AppData\Roaming\Mozilla\Firefox\Profiles\quh1ckxf.default\Extensions\youtubeunblocker@unblocker.yt [2014-05-01]
FF Extension: Deutsch (DE) Language Pack - C:\Users\Ich\AppData\Roaming\Mozilla\Firefox\Profiles\quh1ckxf.default\Extensions\langpack-de@firefox.mozilla.org.xpi [2014-08-24]
FF Extension: English (GB) Language Pack - C:\Users\Ich\AppData\Roaming\Mozilla\Firefox\Profiles\quh1ckxf.default\Extensions\langpack-en-GB@firefox.mozilla.org.xpi [2014-08-24]
FF Extension: Adblock Plus - C:\Users\Ich\AppData\Roaming\Mozilla\Firefox\Profiles\quh1ckxf.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-01-24]
FF HKLM\...\Thunderbird\Extensions: [bdThunderbird@bitdefender.com] - C:\Program Files\Bitdefender\Bitdefender\bdtbext
FF Extension: bdToolbar - C:\Program Files\Bitdefender\Bitdefender\bdtbext [2014-01-24]
FF HKLM-x32\...\Firefox\Extensions: [ffpwdman@bitdefender.com] - C:\Program Files\Bitdefender\Bitdefender\Antispam32\ffpwdman
FF Extension: Bitdefender Wallet - C:\Program Files\Bitdefender\Bitdefender\Antispam32\ffpwdman [2014-01-24]
FF HKLM-x32\...\Firefox\Extensions: [{8AA36F4F-6DC7-4c06-77AF-5035170634FE}] - C:\ProgramData\Swiss Academic Software\Citavi Picker\Firefox
FF Extension: Citavi Picker - C:\ProgramData\Swiss Academic Software\Citavi Picker\Firefox [2014-05-02]
FF HKLM-x32\...\Thunderbird\Extensions: [bdThunderbird@bitdefender.com] - C:\Program Files\Bitdefender\Bitdefender\bdtbext
Chrome:
=======
CHR HKLM-x32\...\Chrome\Extension: [ccahoghmggldkcdjiebjkidpfongdfbl] - C:\Program Files\Bitdefender\Bitdefender\Antispam32\pmbxcr.crx [2014-03-10]
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
==================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
S4 BdDesktopParental; C:\Program Files\Bitdefender\Bitdefender\bdparentalservice.exe [77632 2014-08-13] (Bitdefender)
S2 MBAMScheduler; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe [1809720 2014-05-12] (Malwarebytes Corporation)
S2 MBAMService; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [860472 2014-05-12] (Malwarebytes Corporation)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1720608 2014-07-25] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [18956064 2014-07-25] (NVIDIA Corporation)
S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]
R2 UPDATESRV; C:\Program Files\Bitdefender\Bitdefender\updatesrv.exe [67320 2014-08-13] (Bitdefender)
R2 VSSERV; C:\Program Files\Bitdefender\Bitdefender\vsserv.exe [1528896 2014-08-13] (Bitdefender)
S2 WLMS; C:\Windows\system32\wlms\wlms.exe [19456 2009-07-14] (Microsoft Corporation)
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R0 avc3; C:\Windows\System32\DRIVERS\avc3.sys [1260120 2014-08-13] (BitDefender)
R3 avchv; C:\Windows\System32\DRIVERS\avchv.sys [261056 2012-11-02] (BitDefender)
R3 avckf; C:\Windows\System32\DRIVERS\avckf.sys [647752 2014-08-13] (BitDefender)
R1 BdfNdisf; c:\program files\common files\bitdefender\bitdefender firewall\bdfndisf6.sys [93600 2014-05-22] (BitDefender LLC)
R1 bdfwfpf; C:\Program Files\Common Files\Bitdefender\Bitdefender Firewall\bdfwfpf.sys [103504 2011-11-14] (BitDefender LLC)
S3 bdfwfpf_pc; C:\Program Files\Common Files\Bitdefender\Bitdefender Firewall\bdfwfpf_pc.sys [121928 2013-07-02] (Bitdefender SRL)
S3 BDSandBox; C:\Windows\system32\drivers\bdsandbox.sys [82824 2013-11-04] (BitDefender SRL)
R3 ffusb2audio; C:\Windows\System32\DRIVERS\ffusb2audio.sys [127280 2013-09-25] (Focusrite Audio Engineering Limited.)
R0 gzflt; C:\Windows\System32\DRIVERS\gzflt.sys [150256 2013-08-23] (BitDefender LLC)
S3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-05-12] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-05-12] (Malwarebytes Corporation)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [20256 2014-07-25] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [40392 2014-03-31] (NVIDIA Corporation)
R1 Serial; C:\Windows\System32\DRIVERS\serial.sys [94208 2009-07-14] (Brother Industries Ltd.)
R0 trufos; C:\Windows\System32\DRIVERS\trufos.sys [419616 2014-08-13] (BitDefender S.R.L.)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X]
S3 tsusbhub; system32\drivers\tsusbhub.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-09-11 22:04 - 2014-09-11 22:04 - 00000386 _____ () C:\Users\Ich\Desktop\txt.txt
2014-09-11 16:50 - 2014-09-11 16:50 - 00000000 ____D () C:\Users\Ich\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
2014-09-11 16:50 - 2014-09-11 16:50 - 00000000 ____D () C:\Users\Ich\AppData\Roaming\Adobe Mini Bridge CS5.1
2014-09-11 09:59 - 2014-09-11 09:59 - 00000168 _____ () C:\Windows\setupact.log
2014-09-11 09:59 - 2014-09-11 09:59 - 00000000 _____ () C:\Windows\setuperr.log
2014-09-10 21:00 - 2014-09-11 22:04 - 00012638 _____ () C:\Users\Ich\Desktop\FRST.txt
2014-09-10 18:27 - 2014-08-19 20:05 - 00374968 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-09-10 18:27 - 2014-08-19 19:39 - 00327872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-09-10 18:27 - 2014-08-19 01:01 - 23591424 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-09-10 18:27 - 2014-08-19 00:29 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-09-10 18:27 - 2014-08-19 00:29 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-09-10 18:27 - 2014-08-19 00:26 - 17455104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-09-10 18:27 - 2014-08-19 00:20 - 02793984 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-09-10 18:27 - 2014-08-19 00:19 - 05833728 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-09-10 18:27 - 2014-08-19 00:15 - 00547328 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-09-10 18:27 - 2014-08-19 00:15 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-09-10 18:27 - 2014-08-19 00:14 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-09-10 18:27 - 2014-08-19 00:14 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-09-10 18:27 - 2014-08-19 00:08 - 04232704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-09-10 18:27 - 2014-08-19 00:08 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-09-10 18:27 - 2014-08-19 00:08 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-09-10 18:27 - 2014-08-19 00:05 - 00596480 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-09-10 18:27 - 2014-08-19 00:03 - 00758272 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-09-10 18:27 - 2014-08-19 00:03 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-09-10 18:27 - 2014-08-19 00:03 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-09-10 18:27 - 2014-08-18 23:57 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-09-10 18:27 - 2014-08-18 23:56 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-09-10 18:27 - 2014-08-18 23:51 - 00446464 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-09-10 18:27 - 2014-08-18 23:46 - 00454656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-09-10 18:27 - 2014-08-18 23:45 - 00072704 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-09-10 18:27 - 2014-08-18 23:45 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-09-10 18:27 - 2014-08-18 23:44 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-09-10 18:27 - 2014-08-18 23:44 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-09-10 18:27 - 2014-08-18 23:42 - 02185728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-09-10 18:27 - 2014-08-18 23:40 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-09-10 18:27 - 2014-08-18 23:39 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-09-10 18:27 - 2014-08-18 23:39 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-09-10 18:27 - 2014-08-18 23:39 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-09-10 18:27 - 2014-08-18 23:38 - 00289280 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-09-10 18:27 - 2014-08-18 23:37 - 00440320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-09-10 18:27 - 2014-08-18 23:36 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-09-10 18:27 - 2014-08-18 23:35 - 00597504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-09-10 18:27 - 2014-08-18 23:27 - 00365056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-09-10 18:27 - 2014-08-18 23:25 - 00727040 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-09-10 18:27 - 2014-08-18 23:25 - 00707072 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-09-10 18:27 - 2014-08-18 23:23 - 02104832 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-09-10 18:27 - 2014-08-18 23:23 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-09-10 18:27 - 2014-08-18 23:22 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-09-10 18:27 - 2014-08-18 23:19 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-09-10 18:27 - 2014-08-18 23:17 - 00243200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-09-10 18:27 - 2014-08-18 23:17 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-09-10 18:27 - 2014-08-18 23:16 - 13588480 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-09-10 18:27 - 2014-08-18 23:15 - 11769856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-09-10 18:27 - 2014-08-18 23:15 - 02310656 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-09-10 18:27 - 2014-08-18 23:09 - 00603136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-09-10 18:27 - 2014-08-18 23:08 - 02014208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-09-10 18:27 - 2014-08-18 23:07 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-09-10 18:27 - 2014-08-18 22:55 - 01447424 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-09-10 18:27 - 2014-08-18 22:46 - 01812992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-09-10 18:27 - 2014-08-18 22:38 - 01190400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-09-10 18:27 - 2014-08-18 22:38 - 00775168 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-09-10 18:27 - 2014-08-18 22:36 - 00678400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-09-10 18:21 - 2014-08-01 13:53 - 01031168 _____ (Microsoft Corporation) C:\Windows\system32\TSWorkspace.dll
2014-09-10 18:21 - 2014-08-01 13:35 - 00793600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSWorkspace.dll
2014-09-10 18:20 - 2014-07-07 04:06 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-09-10 18:20 - 2014-07-07 04:06 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-09-10 18:20 - 2014-07-07 03:40 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2014-09-10 18:20 - 2014-07-07 03:40 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2014-09-10 18:20 - 2014-07-07 03:39 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2014-09-10 18:20 - 2014-06-27 04:08 - 02777088 _____ (Microsoft Corporation) C:\Windows\system32\msmpeg2vdec.dll
2014-09-10 18:20 - 2014-06-27 03:45 - 02285056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msmpeg2vdec.dll
2014-09-10 18:20 - 2014-06-24 05:29 - 02565120 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll
2014-09-10 18:20 - 2014-06-24 04:59 - 01987584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll
2014-09-10 18:14 - 2014-09-10 18:14 - 00272808 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2014-09-10 18:14 - 2014-09-10 18:14 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2014-09-10 18:14 - 2014-09-10 18:14 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2014-09-10 18:14 - 2014-09-10 18:14 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2014-09-10 18:14 - 2014-09-10 18:14 - 00000000 ____D () C:\Program Files (x86)\Java
2014-09-10 18:10 - 2014-09-10 18:10 - 00918952 _____ (Oracle Corporation) C:\Users\Ich\Downloads\jxpiinstall.exe
2014-09-09 22:15 - 2014-09-09 22:15 - 02347384 _____ (ESET) C:\Users\Ich\Downloads\esetsmartinstaller_deu.exe
2014-09-09 22:15 - 2014-09-09 22:15 - 00854417 _____ () C:\Users\Ich\Desktop\SecurityCheck.exe
2014-09-09 00:05 - 2014-09-09 00:05 - 00000000 ____D () C:\Users\Ich\AppData\Roaming\QuickScan
2014-09-08 22:26 - 2014-09-08 22:27 - 00000085 _____ () C:\Windows\wininit.ini
2014-09-08 22:16 - 2014-09-10 23:13 - 00000000 ____D () C:\Users\Ich\Desktop\Log2
2014-09-08 21:37 - 2014-09-08 21:37 - 00000000 ____D () C:\Windows\ERUNT
2014-09-08 21:09 - 2014-09-08 21:09 - 01016261 _____ (Thisisu) C:\Users\Ich\Desktop\JRT.exe
2014-09-08 21:08 - 2014-09-08 21:08 - 01370483 _____ () C:\Users\Ich\Desktop\adwcleaner_3.309(1).exe
2014-09-07 20:12 - 2011-06-26 08:45 - 00256000 _____ () C:\Windows\PEV.exe
2014-09-07 20:12 - 2010-11-07 19:20 - 00208896 _____ () C:\Windows\MBR.exe
2014-09-07 20:12 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2014-09-07 20:12 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2014-09-07 20:12 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2014-09-07 20:12 - 2000-08-31 02:00 - 00098816 _____ () C:\Windows\sed.exe
2014-09-07 20:12 - 2000-08-31 02:00 - 00080412 _____ () C:\Windows\grep.exe
2014-09-07 20:12 - 2000-08-31 02:00 - 00068096 _____ () C:\Windows\zip.exe
2014-09-07 20:10 - 2014-09-07 20:24 - 00000000 ____D () C:\Qoobox
2014-09-07 20:09 - 2014-09-07 20:22 - 00000000 ____D () C:\Windows\erdnt
2014-09-07 20:07 - 2014-09-07 20:07 - 05576440 ____R (Swearware) C:\Users\Ich\Desktop\ComboFix.exe
2014-09-07 13:07 - 2014-09-07 13:07 - 00031771 _____ () C:\Users\Ich\Downloads\Addition.txt
2014-09-06 23:26 - 2014-09-06 23:35 - 00000000 ____D () C:\Windows\Minidump
2014-09-06 22:56 - 2014-09-11 22:04 - 00000000 ____D () C:\FRST
2014-09-06 22:47 - 2014-09-10 21:00 - 02105856 _____ (Farbar) C:\Users\Ich\Desktop\FRST64.exe
2014-09-06 22:47 - 2014-09-06 22:47 - 00380416 _____ () C:\Users\Ich\Downloads\4mr1c7mt.exe
2014-09-06 19:45 - 2014-09-06 19:45 - 00254858 _____ () C:\Users\Ich\AppData\Local\census.cache
2014-09-06 19:45 - 2014-09-06 19:45 - 00103849 _____ () C:\Users\Ich\AppData\Local\ars.cache
2014-09-06 14:15 - 2014-09-06 14:15 - 02405664 _____ (Trend Micro Inc.) C:\Users\Ich\Downloads\HousecallLauncher64.exe
2014-09-06 14:15 - 2014-09-06 14:15 - 00416576 _____ (Kaspersky Lab) C:\Users\Ich\Downloads\de-de.setup.exe
2014-09-06 14:15 - 2014-09-06 14:15 - 00000036 _____ () C:\Users\Ich\AppData\Local\housecall.guid.cache
2014-09-06 14:03 - 2014-09-06 14:03 - 00602112 _____ (OldTimer Tools) C:\Users\Ich\Desktop\OTL.exe
2014-09-06 11:58 - 2014-09-08 21:32 - 00000000 ____D () C:\AdwCleaner
2014-09-06 11:22 - 2014-09-06 11:22 - 00688992 ____R (Swearware) C:\Users\Ich\Downloads\dds.scr
2014-09-06 10:28 - 2014-09-06 10:28 - 02365840 _____ () C:\Users\Ich\Downloads\SecurityTaskManager_Setup.exe
2014-09-06 10:23 - 2014-09-06 10:23 - 00540072 _____ (Neuber Software) C:\Users\Ich\Downloads\SvchostAnalyzer.exe
2014-09-05 18:29 - 2014-09-05 18:29 - 00000000 ____D () C:\Users\Ich\Documents\ProcAlyzer Dumps
2014-09-05 17:57 - 2014-09-05 17:57 - 00000000 ____D () C:\Windows\System32\Tasks\Safer-Networking
2014-09-05 17:56 - 2014-09-08 22:27 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2014-09-05 17:56 - 2014-09-08 22:27 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy 2
2014-09-05 17:54 - 2014-09-05 17:55 - 46525608 _____ (Safer-Networking Ltd. ) C:\Users\Ich\Downloads\spybot-2.4.exe
2014-09-05 17:18 - 2014-09-11 13:02 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-09-05 17:17 - 2014-09-05 17:17 - 00001106 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-09-05 17:17 - 2014-09-05 17:17 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-09-05 17:17 - 2014-09-05 17:17 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware
2014-09-05 17:17 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-09-05 17:17 - 2014-05-12 07:26 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-09-05 17:17 - 2014-05-12 07:25 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-09-05 17:16 - 2014-09-05 17:17 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Ich\Downloads\mbam-setup-2.0.2.1012.exe
2014-09-05 13:43 - 2014-09-06 10:14 - 00001326 _____ () C:\Windows\Tasks\MQDC-job-furz
2014-09-03 19:45 - 2014-09-03 19:45 - 04870145 _____ () C:\Users\Ich\Downloads\Lemmings_en.zip
2014-09-02 21:22 - 2014-09-06 14:54 - 00002517 _____ () C:\Users\Public\Desktop\Skype.lnk
2014-09-02 21:22 - 2014-09-06 14:54 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2014-09-02 21:22 - 2014-09-02 23:55 - 00000000 ____D () C:\Users\Ich\AppData\Roaming\Skype
2014-09-02 21:22 - 2014-09-02 21:22 - 00000000 ___RD () C:\Program Files (x86)\Skype
2014-09-02 21:22 - 2014-09-02 21:22 - 00000000 ____D () C:\Users\Ich\AppData\Local\Skype
2014-09-02 21:21 - 2014-09-06 14:54 - 00000000 ____D () C:\ProgramData\Skype
2014-09-02 21:20 - 2014-09-02 21:20 - 01677928 _____ (Skype Technologies S.A.) C:\Users\Ich\Downloads\SkypeSetup.exe
2014-09-02 20:00 - 2014-09-02 20:00 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-08-30 12:42 - 2014-08-30 12:42 - 00109280 _____ () C:\Users\Ich\AppData\Local\GDIPFONTCACHEV1.DAT
2014-08-30 10:58 - 2014-08-30 11:00 - 04966568 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-08-29 15:40 - 2014-08-29 15:41 - 06224233 _____ () C:\Users\Ich\Downloads\Kokusnu__pilz.zip
2014-08-29 12:49 - 2014-08-23 04:07 - 00404480 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2014-08-29 12:49 - 2014-08-23 03:45 - 00311808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2014-08-29 12:49 - 2014-08-23 02:59 - 03163648 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-08-24 21:51 - 2014-08-24 21:51 - 00000967 _____ () C:\Users\Public\Desktop\MEGA6.lnk
2014-08-24 21:51 - 2014-08-24 21:51 - 00000000 ____D () C:\Users\Ich\AppData\Roaming\MEGA6_6140226
2014-08-24 21:51 - 2014-08-24 21:51 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MEGA6
2014-08-24 21:51 - 2014-08-24 21:51 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ImageMagick 6.7.5 Q16
2014-08-24 21:51 - 2014-08-24 21:51 - 00000000 ____D () C:\Program Files (x86)\MEGA6
2014-08-21 10:54 - 2014-09-10 21:22 - 00000008 __RSH () C:\ProgramData\ntuser.pol
2014-08-21 10:54 - 2014-08-21 11:09 - 00000000 ____D () C:\ProgramData\89862a08bda44ad
2014-08-21 10:54 - 2014-08-21 10:54 - 00000000 ____D () C:\Users\Administrator
2014-08-18 17:52 - 2014-09-11 20:43 - 00000000 ____D () C:\Users\Ich\AppData\Local\Adobe
2014-08-13 21:37 - 2014-08-13 21:37 - 01260120 _____ (BitDefender) C:\Windows\system32\Drivers\avc3.sys
2014-08-12 20:15 - 2014-07-01 00:24 - 00008856 _____ (Microsoft Corporation) C:\Windows\system32\icardres.dll
2014-08-12 20:15 - 2014-07-01 00:14 - 00008856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardres.dll
2014-08-12 20:15 - 2014-06-06 08:16 - 00035480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TsWpfWrp.exe
2014-08-12 20:15 - 2014-06-06 08:12 - 00035480 _____ (Microsoft Corporation) C:\Windows\system32\TsWpfWrp.exe
2014-08-12 20:15 - 2014-03-09 23:48 - 01389208 _____ (Microsoft Corporation) C:\Windows\system32\icardagt.exe
2014-08-12 20:15 - 2014-03-09 23:48 - 00171160 _____ (Microsoft Corporation) C:\Windows\system32\infocardapi.dll
2014-08-12 20:15 - 2014-03-09 23:47 - 00619672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardagt.exe
2014-08-12 20:15 - 2014-03-09 23:47 - 00099480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\infocardapi.dll
2014-08-12 20:00 - 2014-07-16 05:23 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2014-08-12 20:00 - 2014-07-16 04:46 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2014-08-12 20:00 - 2014-07-09 04:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDYAK.DLL
2014-08-12 20:00 - 2014-07-09 04:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDTAT.DLL
2014-08-12 20:00 - 2014-07-09 04:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDRU1.DLL
2014-08-12 20:00 - 2014-07-09 04:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDBASH.DLL
2014-08-12 20:00 - 2014-07-09 04:03 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\KBDRU.DLL
2014-08-12 20:00 - 2014-07-09 03:31 - 00007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDYAK.DLL
2014-08-12 20:00 - 2014-07-09 03:31 - 00007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDTAT.DLL
2014-08-12 20:00 - 2014-07-09 03:31 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDRU1.DLL
2014-08-12 20:00 - 2014-07-09 03:31 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDRU.DLL
2014-08-12 20:00 - 2014-07-09 03:31 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDBASH.DLL
2014-08-12 20:00 - 2014-07-09 00:38 - 00419992 _____ () C:\Windows\system32\locale.nls
2014-08-12 20:00 - 2014-07-09 00:30 - 00419992 _____ () C:\Windows\SysWOW64\locale.nls
2014-08-12 20:00 - 2014-06-25 04:05 - 14175744 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2014-08-12 20:00 - 2014-06-25 03:41 - 12874240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2014-08-12 20:00 - 2014-06-16 04:10 - 00985536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys
2014-08-12 20:00 - 2014-06-03 12:02 - 03241984 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2014-08-12 20:00 - 2014-06-03 12:02 - 01941504 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2014-08-12 20:00 - 2014-06-03 12:02 - 00504320 _____ (Microsoft Corporation) C:\Windows\system32\msihnd.dll
2014-08-12 20:00 - 2014-06-03 12:02 - 00112064 _____ (Microsoft Corporation) C:\Windows\system32\consent.exe
2014-08-12 20:00 - 2014-06-03 11:29 - 02363392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2014-08-12 20:00 - 2014-06-03 11:29 - 01805824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2014-08-12 20:00 - 2014-06-03 11:29 - 00337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msihnd.dll
2014-08-12 19:59 - 2014-07-14 04:02 - 01216000 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2014-08-12 19:59 - 2014-07-14 03:40 - 00664064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2014-08-12 19:52 - 2014-08-18 17:46 - 00000000 ____D () C:\Users\Ich\encyclios
2014-08-12 19:52 - 2014-08-12 20:13 - 00000000 ____D () C:\Users\Ich\fungi2014
2014-08-12 19:51 - 2014-08-12 19:51 - 00001207 _____ () C:\Users\Public\Desktop\Atlas of Clinical Fungi.lnk
2014-08-12 19:51 - 2014-08-12 19:51 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Atlas of Clinical Fungi
2014-08-12 19:50 - 2014-08-12 19:51 - 00000000 ____D () C:\Program Files (x86)\Atlas of Clinical Fungi
2014-08-12 01:05 - 2014-08-12 01:05 - 15798272 _____ () C:\Users\Ich\Documents\ereignisdat2.evtx
2014-08-12 01:04 - 2014-08-12 01:04 - 12652544 _____ () C:\Users\Ich\Documents\ereignisdat.evtx
2014-08-12 00:05 - 2014-08-12 00:12 - 00000000 ____D () C:\Windows\System32\Tasks\Aufgaben der Ereignisanzeige
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-09-11 22:05 - 2014-09-10 21:00 - 00012638 _____ () C:\Users\Ich\Desktop\FRST.txt
2014-09-11 22:04 - 2014-09-11 22:04 - 00000386 _____ () C:\Users\Ich\Desktop\txt.txt
2014-09-11 22:04 - 2014-09-06 22:56 - 00000000 ____D () C:\FRST
2014-09-11 21:07 - 2014-01-24 14:57 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-09-11 20:43 - 2014-08-18 17:52 - 00000000 ____D () C:\Users\Ich\AppData\Local\Adobe
2014-09-11 16:50 - 2014-09-11 16:50 - 00000000 ____D () C:\Users\Ich\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
2014-09-11 16:50 - 2014-09-11 16:50 - 00000000 ____D () C:\Users\Ich\AppData\Roaming\Adobe Mini Bridge CS5.1
2014-09-11 15:19 - 2014-01-23 23:27 - 01200098 _____ () C:\Windows\WindowsUpdate.log
2014-09-11 13:02 - 2014-09-05 17:18 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-09-11 11:19 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\rescache
2014-09-11 10:04 - 2009-07-14 06:45 - 00016448 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-09-11 10:04 - 2009-07-14 06:45 - 00016448 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-09-11 09:59 - 2014-09-11 09:59 - 00000168 _____ () C:\Windows\setupact.log
2014-09-11 09:59 - 2014-09-11 09:59 - 00000000 _____ () C:\Windows\setuperr.log
2014-09-11 09:59 - 2014-01-24 01:28 - 00000000 ____D () C:\ProgramData\NVIDIA
2014-09-11 09:59 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-09-11 00:28 - 2014-08-09 16:10 - 00007602 _____ () C:\Users\Ich\AppData\Local\Resmon.ResmonCfg
2014-09-10 23:13 - 2014-09-08 22:16 - 00000000 ____D () C:\Users\Ich\Desktop\Log2
2014-09-10 21:29 - 2014-05-25 18:14 - 00000000 ____D () C:\Users\Ich\AppData\Local\PokerStars.EU
2014-09-10 21:22 - 2014-08-21 10:54 - 00000008 __RSH () C:\ProgramData\ntuser.pol
2014-09-10 21:21 - 2009-07-14 05:20 - 00000000 ___HD () C:\Windows\system32\GroupPolicy
2014-09-10 21:00 - 2014-09-06 22:47 - 02105856 _____ (Farbar) C:\Users\Ich\Desktop\FRST64.exe
2014-09-10 18:27 - 2014-01-24 13:44 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-09-10 18:26 - 2014-01-24 04:10 - 01589404 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
2014-09-10 18:26 - 2014-01-24 02:00 - 00696528 _____ () C:\Windows\system32\perfh007.dat
2014-09-10 18:26 - 2014-01-24 02:00 - 00148496 _____ () C:\Windows\system32\perfc007.dat
2014-09-10 18:26 - 2009-07-14 07:13 - 01589404 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-09-10 18:25 - 2014-01-24 00:31 - 00000000 ____D () C:\Windows\system32\MRT
2014-09-10 18:20 - 2014-01-24 00:31 - 101694776 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-09-10 18:17 - 2014-05-24 15:28 - 00000000 ____D () C:\ProgramData\Oracle
2014-09-10 18:14 - 2014-09-10 18:14 - 00272808 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2014-09-10 18:14 - 2014-09-10 18:14 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2014-09-10 18:14 - 2014-09-10 18:14 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2014-09-10 18:14 - 2014-09-10 18:14 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2014-09-10 18:14 - 2014-09-10 18:14 - 00000000 ____D () C:\Program Files (x86)\Java
2014-09-10 18:10 - 2014-09-10 18:10 - 00918952 _____ (Oracle Corporation) C:\Users\Ich\Downloads\jxpiinstall.exe
2014-09-09 22:15 - 2014-09-09 22:15 - 02347384 _____ (ESET) C:\Users\Ich\Downloads\esetsmartinstaller_deu.exe
2014-09-09 22:15 - 2014-09-09 22:15 - 00854417 _____ () C:\Users\Ich\Desktop\SecurityCheck.exe
2014-09-09 22:07 - 2014-01-24 14:57 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-09-09 22:07 - 2014-01-24 14:57 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-09-09 22:07 - 2014-01-24 14:57 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-09-09 00:05 - 2014-09-09 00:05 - 00000000 ____D () C:\Users\Ich\AppData\Roaming\QuickScan
2014-09-08 22:27 - 2014-09-08 22:26 - 00000085 _____ () C:\Windows\wininit.ini
2014-09-08 22:27 - 2014-09-05 17:56 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2014-09-08 22:27 - 2014-09-05 17:56 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy 2
2014-09-08 21:37 - 2014-09-08 21:37 - 00000000 ____D () C:\Windows\ERUNT
2014-09-08 21:32 - 2014-09-06 11:58 - 00000000 ____D () C:\AdwCleaner
2014-09-08 21:09 - 2014-09-08 21:09 - 01016261 _____ (Thisisu) C:\Users\Ich\Desktop\JRT.exe
2014-09-08 21:08 - 2014-09-08 21:08 - 01370483 _____ () C:\Users\Ich\Desktop\adwcleaner_3.309(1).exe
2014-09-08 00:51 - 2009-07-14 07:08 - 00032620 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-09-07 21:44 - 2014-01-23 23:35 - 00000000 ____D () C:\Users\Ich
2014-09-07 20:57 - 2014-05-02 12:11 - 00000000 ____D () C:\Users\Ich\Documents\Citavi 4
2014-09-07 20:24 - 2014-09-07 20:10 - 00000000 ____D () C:\Qoobox
2014-09-07 20:22 - 2014-09-07 20:09 - 00000000 ____D () C:\Windows\erdnt
2014-09-07 20:22 - 2009-07-14 04:34 - 00000215 _____ () C:\Windows\system.ini
2014-09-07 20:07 - 2014-09-07 20:07 - 05576440 ____R (Swearware) C:\Users\Ich\Desktop\ComboFix.exe
2014-09-07 13:07 - 2014-09-07 13:07 - 00031771 _____ () C:\Users\Ich\Downloads\Addition.txt
2014-09-06 23:35 - 2014-09-06 23:26 - 00000000 ____D () C:\Windows\Minidump
2014-09-06 22:47 - 2014-09-06 22:47 - 00380416 _____ () C:\Users\Ich\Downloads\4mr1c7mt.exe
2014-09-06 19:45 - 2014-09-06 19:45 - 00254858 _____ () C:\Users\Ich\AppData\Local\census.cache
2014-09-06 19:45 - 2014-09-06 19:45 - 00103849 _____ () C:\Users\Ich\AppData\Local\ars.cache
2014-09-06 14:54 - 2014-09-02 21:22 - 00002517 _____ () C:\Users\Public\Desktop\Skype.lnk
2014-09-06 14:54 - 2014-09-02 21:22 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2014-09-06 14:54 - 2014-09-02 21:21 - 00000000 ____D () C:\ProgramData\Skype
2014-09-06 14:39 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\system32\NDF
2014-09-06 14:15 - 2014-09-06 14:15 - 02405664 _____ (Trend Micro Inc.) C:\Users\Ich\Downloads\HousecallLauncher64.exe
2014-09-06 14:15 - 2014-09-06 14:15 - 00416576 _____ (Kaspersky Lab) C:\Users\Ich\Downloads\de-de.setup.exe
2014-09-06 14:15 - 2014-09-06 14:15 - 00000036 _____ () C:\Users\Ich\AppData\Local\housecall.guid.cache
2014-09-06 14:03 - 2014-09-06 14:03 - 00602112 _____ (OldTimer Tools) C:\Users\Ich\Desktop\OTL.exe
2014-09-06 11:44 - 2014-01-24 14:05 - 00000000 ____D () C:\Program Files (x86)\Adobe
2014-09-06 11:22 - 2014-09-06 11:22 - 00688992 ____R (Swearware) C:\Users\Ich\Downloads\dds.scr
2014-09-06 10:28 - 2014-09-06 10:28 - 02365840 _____ () C:\Users\Ich\Downloads\SecurityTaskManager_Setup.exe
2014-09-06 10:23 - 2014-09-06 10:23 - 00540072 _____ (Neuber Software) C:\Users\Ich\Downloads\SvchostAnalyzer.exe
2014-09-06 10:14 - 2014-09-05 13:43 - 00001326 _____ () C:\Windows\Tasks\MQDC-job-furz
2014-09-05 18:29 - 2014-09-05 18:29 - 00000000 ____D () C:\Users\Ich\Documents\ProcAlyzer Dumps
2014-09-05 17:57 - 2014-09-05 17:57 - 00000000 ____D () C:\Windows\System32\Tasks\Safer-Networking
2014-09-05 17:55 - 2014-09-05 17:54 - 46525608 _____ (Safer-Networking Ltd. ) C:\Users\Ich\Downloads\spybot-2.4.exe
2014-09-05 17:33 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\AppCompat
2014-09-05 17:17 - 2014-09-05 17:17 - 00001106 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-09-05 17:17 - 2014-09-05 17:17 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-09-05 17:17 - 2014-09-05 17:17 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware
2014-09-05 17:17 - 2014-09-05 17:16 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Ich\Downloads\mbam-setup-2.0.2.1012.exe
2014-09-04 17:28 - 2014-01-24 13:12 - 00000000 ____D () C:\Users\Ich\AppData\Roaming\Adobe
2014-09-04 16:36 - 2014-05-24 10:53 - 00000000 ____D () C:\Users\Ich\Documents\mega_cache_6140226
2014-09-03 19:45 - 2014-09-03 19:45 - 04870145 _____ () C:\Users\Ich\Downloads\Lemmings_en.zip
2014-09-03 08:32 - 2014-01-24 02:03 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-09-03 00:08 - 2014-07-06 17:25 - 00000000 ____D () C:\Users\Ich\Documents\psynetic-gifx
2014-09-02 23:55 - 2014-09-02 21:22 - 00000000 ____D () C:\Users\Ich\AppData\Roaming\Skype
2014-09-02 21:22 - 2014-09-02 21:22 - 00000000 ___RD () C:\Program Files (x86)\Skype
2014-09-02 21:22 - 2014-09-02 21:22 - 00000000 ____D () C:\Users\Ich\AppData\Local\Skype
2014-09-02 21:20 - 2014-09-02 21:20 - 01677928 _____ (Skype Technologies S.A.) C:\Users\Ich\Downloads\SkypeSetup.exe
2014-09-02 20:00 - 2014-09-02 20:00 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-08-30 12:42 - 2014-08-30 12:42 - 00109280 _____ () C:\Users\Ich\AppData\Local\GDIPFONTCACHEV1.DAT
2014-08-30 11:00 - 2014-08-30 10:58 - 04966568 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-08-30 00:38 - 2014-01-24 14:55 - 00000822 _____ () C:\Users\Public\Desktop\CCleaner.lnk
2014-08-30 00:38 - 2014-01-24 14:55 - 00000000 ____D () C:\Program Files\CCleaner
2014-08-29 22:21 - 2014-05-25 18:14 - 00000000 ____D () C:\Program Files (x86)\PokerStars.EU
2014-08-29 16:13 - 2014-05-23 20:08 - 00000000 ____D () C:\Users\Ich\AppData\Roaming\MEGA_Global
2014-08-29 15:41 - 2014-08-29 15:40 - 06224233 _____ () C:\Users\Ich\Downloads\Kokusnu__pilz.zip
2014-08-24 21:51 - 2014-08-24 21:51 - 00000967 _____ () C:\Users\Public\Desktop\MEGA6.lnk
2014-08-24 21:51 - 2014-08-24 21:51 - 00000000 ____D () C:\Users\Ich\AppData\Roaming\MEGA6_6140226
2014-08-24 21:51 - 2014-08-24 21:51 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MEGA6
2014-08-24 21:51 - 2014-08-24 21:51 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ImageMagick 6.7.5 Q16
2014-08-24 21:51 - 2014-08-24 21:51 - 00000000 ____D () C:\Program Files (x86)\MEGA6
2014-08-23 04:07 - 2014-08-29 12:49 - 00404480 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2014-08-23 03:45 - 2014-08-29 12:49 - 00311808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2014-08-23 02:59 - 2014-08-29 12:49 - 03163648 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-08-21 11:19 - 2014-06-26 14:33 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-08-21 11:09 - 2014-08-21 10:54 - 00000000 ____D () C:\ProgramData\89862a08bda44ad
2014-08-21 10:54 - 2014-08-21 10:54 - 00000000 ____D () C:\Users\Administrator
2014-08-21 10:54 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\SysWOW64\GroupPolicy
2014-08-19 20:05 - 2014-09-10 18:27 - 00374968 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-08-19 19:39 - 2014-09-10 18:27 - 00327872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-08-19 01:01 - 2014-09-10 18:27 - 23591424 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-08-19 00:29 - 2014-09-10 18:27 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-08-19 00:29 - 2014-09-10 18:27 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-08-19 00:26 - 2014-09-10 18:27 - 17455104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-08-19 00:20 - 2014-09-10 18:27 - 02793984 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-08-19 00:19 - 2014-09-10 18:27 - 05833728 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-08-19 00:15 - 2014-09-10 18:27 - 00547328 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-08-19 00:15 - 2014-09-10 18:27 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-08-19 00:14 - 2014-09-10 18:27 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-08-19 00:14 - 2014-09-10 18:27 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-08-19 00:08 - 2014-09-10 18:27 - 04232704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-08-19 00:08 - 2014-09-10 18:27 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-08-19 00:08 - 2014-09-10 18:27 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-08-19 00:05 - 2014-09-10 18:27 - 00596480 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-08-19 00:03 - 2014-09-10 18:27 - 00758272 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-08-19 00:03 - 2014-09-10 18:27 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-08-19 00:03 - 2014-09-10 18:27 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-08-18 23:57 - 2014-09-10 18:27 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-08-18 23:56 - 2014-09-10 18:27 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-08-18 23:51 - 2014-09-10 18:27 - 00446464 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-08-18 23:46 - 2014-09-10 18:27 - 00454656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-08-18 23:45 - 2014-09-10 18:27 - 00072704 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-08-18 23:45 - 2014-09-10 18:27 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-08-18 23:44 - 2014-09-10 18:27 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-08-18 23:44 - 2014-09-10 18:27 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-08-18 23:42 - 2014-09-10 18:27 - 02185728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-08-18 23:40 - 2014-09-10 18:27 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-08-18 23:39 - 2014-09-10 18:27 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-08-18 23:39 - 2014-09-10 18:27 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-08-18 23:39 - 2014-09-10 18:27 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-08-18 23:38 - 2014-09-10 18:27 - 00289280 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-08-18 23:37 - 2014-09-10 18:27 - 00440320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-08-18 23:36 - 2014-09-10 18:27 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-08-18 23:35 - 2014-09-10 18:27 - 00597504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-08-18 23:27 - 2014-09-10 18:27 - 00365056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-08-18 23:25 - 2014-09-10 18:27 - 00727040 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-08-18 23:25 - 2014-09-10 18:27 - 00707072 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-08-18 23:23 - 2014-09-10 18:27 - 02104832 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-08-18 23:23 - 2014-09-10 18:27 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-08-18 23:22 - 2014-09-10 18:27 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-08-18 23:19 - 2014-09-10 18:27 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-08-18 23:17 - 2014-09-10 18:27 - 00243200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-08-18 23:17 - 2014-09-10 18:27 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-08-18 23:16 - 2014-09-10 18:27 - 13588480 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-08-18 23:15 - 2014-09-10 18:27 - 11769856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-08-18 23:15 - 2014-09-10 18:27 - 02310656 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-08-18 23:09 - 2014-09-10 18:27 - 00603136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-08-18 23:08 - 2014-09-10 18:27 - 02014208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-08-18 23:07 - 2014-09-10 18:27 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-08-18 22:55 - 2014-09-10 18:27 - 01447424 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-08-18 22:46 - 2014-09-10 18:27 - 01812992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-08-18 22:38 - 2014-09-10 18:27 - 01190400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-08-18 22:38 - 2014-09-10 18:27 - 00775168 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-08-18 22:36 - 2014-09-10 18:27 - 00678400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-08-18 17:46 - 2014-08-12 19:52 - 00000000 ____D () C:\Users\Ich\encyclios
2014-08-15 19:34 - 2009-07-14 09:13 - 00000000 ___RD () C:\Users\Public\Recorded TV
2014-08-14 00:05 - 2014-03-11 13:02 - 00000407 _____ () C:\Windows\system32\checkdnsid.xml
2014-08-13 21:37 - 2014-08-13 21:37 - 01260120 _____ (BitDefender) C:\Windows\system32\Drivers\avc3.sys
2014-08-13 21:37 - 2014-01-24 02:11 - 00084848 _____ (BitDefender SRL) C:\Windows\system32\bdsandboxuiskin.dll
2014-08-13 21:36 - 2014-01-24 02:52 - 00074512 _____ (BitDefender SRL) C:\Windows\system32\bdsandboxuiskin32.dll
2014-08-13 21:36 - 2014-01-24 02:21 - 00647752 _____ (BitDefender) C:\Windows\system32\Drivers\avckf.sys
2014-08-13 21:36 - 2014-01-24 02:11 - 00419616 _____ (BitDefender S.R.L.) C:\Windows\system32\Drivers\trufos.sys
2014-08-13 21:36 - 2014-01-24 02:11 - 00034384 _____ (BitDefender SRL) C:\Windows\system32\bdsandboxuh.dll
2014-08-12 20:33 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
2014-08-12 20:13 - 2014-08-12 19:52 - 00000000 ____D () C:\Users\Ich\fungi2014
2014-08-12 19:51 - 2014-08-12 19:51 - 00001207 _____ () C:\Users\Public\Desktop\Atlas of Clinical Fungi.lnk
2014-08-12 19:51 - 2014-08-12 19:51 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Atlas of Clinical Fungi
2014-08-12 19:51 - 2014-08-12 19:50 - 00000000 ____D () C:\Program Files (x86)\Atlas of Clinical Fungi
2014-08-12 01:05 - 2014-08-12 01:05 - 15798272 _____ () C:\Users\Ich\Documents\ereignisdat2.evtx
2014-08-12 01:04 - 2014-08-12 01:04 - 12652544 _____ () C:\Users\Ich\Documents\ereignisdat.evtx
2014-08-12 00:12 - 2014-08-12 00:05 - 00000000 ____D () C:\Windows\System32\Tasks\Aufgaben der Ereignisanzeige
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2014-09-06 18:40
==================== End Of Log ============================
Grüße |
|
12.09.2014, 20:03
| #15 |
| /// the machine /// TB-Ausbilder | PUP.Optional.Multiplug und andere Infektionen Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster. Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument Code:
ATTFilter ProxyServer: localhost:8080
Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
Das hat nix mit Bitdefender zu tun. 
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
Linear-Darstellung
