Trojaner-Board

Trojaner-Board (https://www.trojaner-board.de/)
-   Log-Analyse und Auswertung (https://www.trojaner-board.de/log-analyse-auswertung/)
-   -   Windows8: TubeSaver und ein ganzes Paket anderer Mist (https://www.trojaner-board.de/145070-windows8-tubesaver-ganzes-paket-anderer-mist.html)

c-t-v 23.11.2013 19:58
Windows8: TubeSaver und ein ganzes Paket anderer Mist
 
Liste der Anhänge anzeigen (Anzahl: 3)
Hallo,
meine Tochter hat sich ein Programm zum besseren Handling von YouTube-Videos downloaden wollen und dabei ein ganzes Paket von Schadsoftware heruntergeladen und installiert. Leider hab ich nicht herausbekommen, welches Programm von welcher Seite sie heruntergeladen hat. Sie konnte (oder wollte) es mir im Nachhinein auch nicht sagen. Passiert ist es am 12.11.2013 nachmittags.

Dabei erschienen so Programme wie RegCleanerPro, TubeSaver, Metacrawler, DealPlyLive, MyPCBackup, BabSolution, Babylon, etc.
Evtl. auch BitGuard, aber das Programm ist schon länger drauf.

ADDs, die auf andere Seiten lenkten wie stt.streamjs.net, f6ozz.watchforfree.aircleaners.com, cts.lipixeltrack.com, supersavings.crerditcard.com, ec2-54-242-41-25.compute-1.amazonaws.com etc.
Wenn man dann versucht hat, auf diesem Rechner einen Virenscanner herunterzuladen, ging immer ein Fenster auf und wollte einem was verkaufen.

Während des Kampfes gegen die Infektionen habe ich auch schon diverse LOG-Dateien erzeugt gehabt, die dokumentierten, welche Namen die sich installierten Programme alles so hatten. Leider sind einige Dateien verloren gegangen.

Ich habe jetzt ein Verzeichnis mit bisher 12 Logs , 1 Verzeichnis mit Logs von SSD und 2 Screenshots.

Ich habe zuerst versucht, mit den mir bekannten Methoden und Programmen eine Bereinigung zu bewirken, bin aber gescheitert.

Zuerst habe ich Computerbild-Abzockschutz installiert, damit in Zukunft bekannte gefährliche Seiten gesperrt werden.
Dann habe ich mit Spybot Seatch&Destroy (SSD) einen Suchlauf durchgeführt, Kaspersky installiert und machen lassen, AntiMalwarebytes drüberlaufen lassen und offenbar auch AVG (daran kann ich mich schon nicht mehr erinnern, aber es gibt ein Log-File).

Nach mehreren Durchläufen wurde dann zwar irgendwann nichts mehr gefunden, aber es gibt noch Starteinträge, die ich nicht beseitigen kann. In der Registry ist bestimmt auch noch nen Haufen Zeugs.
Abschliessend habe ich alle 4 Virenscanner von der c´t Seurity 2013 drüberlaufen lassen, die hat aber auch nichts dramatisches gefunden, nur die schon erkannten Dateien in der Quarantäne von Kaspersky.

Nun meine Frage: welche Logs soll ich wie posten?
Gmer hab ich nun doch zum Laufen gebracht, aber diverse Fehlermeldungen. Ein LOG-File wurde erzeugt.. In den abgesicherten Modus bin ich nicht reingekommen.

schrauber 24.11.2013 07:42
Hi,

Logs bitte immer in den Thread posten. Zur Not aufteilen und mehrere Posts nutzen.

Poste vorerst nur mal ein FRST Log.

So funktioniert es:
Posten in CODE-Tags
Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert mir massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu gross für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
  • Markiere das gesamte Logfile (geht meist mit STRG+A) und kopiere es in die Zwischenablage mit STRG+C.
  • Klicke im Editor auf das #-Symbol. Es erscheinen zwei Klammerausdrücke [CODE] [/CODE].
  • Setze den Curser zwischen die CODE-Tags und drücke STRG+V.
  • Klicke auf Erweitert/Vorschau, um so prüfen, ob du es richtig gemacht hast. Wenn alles stimmt ... auf Antworten.
http://www.trojaner-board.de/picture...&pictureid=307

c-t-v 24.11.2013 08:39
Hallo Schrauber,
danke für den Hinweis. Hier das Log:
FRST Logfile:
Code:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 23-11-2013 02
Ran by Dominika (ATTENTION: The logged in user is not administrator) on PINKY on 23-11-2013 16:32:06
Running from C:\Users\Dominika\Desktop
Windows 8 (X64) OS Language: German Standard
Internet Explorer Version 10
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(ASUS) C:\Program Files (x86)\ASUS\ASUS InstantOn\InsOnCfg.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
(AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPLoader.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version8\TeamViewer.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\QuickGesture\x64\QuickGesture64.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.0.1119.516_x64__8wekyb3d8bbwe\LiveComm.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\QuickGesture\x86\QuickGesture.exe
(AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPCenter.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(ASUS) C:\Program Files (x86)\ASUS\Splendid\ACMON.exe
(ASUSTeK) C:\Windows\SysWOW64\ACEngSvr.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\avp.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\x64\klwtblfs.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [HotKeysCmds] - C:\Windows\system32\hkcmd.exe [ ] ()
HKLM\...\Run: [RTHDVCPL] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12936848 2012-07-13] (Realtek Semiconductor)
HKLM\...\Run: [ACMON] - C:\Program Files (x86)\ASUS\Splendid\ACMON.exe [107192 2012-09-11] (ASUS)
HKLM-x32\...\Runonce: [Del506750031] - cmd.exe /Q /D /c del "C:\Users\CHRIST~1\AppData\Local\Temp\0.del" [x]
HKLM-x32\...\Runonce: [Del507652593] - cmd.exe /Q /D /c del "C:\Users\CHRIST~1\AppData\Local\Temp\0.del" [x]
HKLM-x32\...\RunOnce: [Malwarebytes Anti-Malware] - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent [532040 2013-04-04] (Malwarebytes Corporation)
HKLM-x32\...\RunOnce: [Malwarebytes Anti-Malware (cleanup)] - rundll32.exe "C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware\cleanup.dll",ProcessCleanupScript [1127496 2013-04-04] (Malwarebytes Corporation)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
Winlogon\Notify\klogon: C:\Windows\System32\klogon.dll (Kaspersky Lab ZAO)
HKCU\...\Run: [Facebook Update] - C:\Users\Dominika\AppData\Local\Facebook\Update\FacebookUpdate.exe [138096 2013-08-31] (Facebook Inc.)
HKCU\...\Run: [EPSON BX320FW Series] - C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIGIE.EXE /FU "C:\Windows\TEMP\E_S2CA3.tmp" /EF "HKCU"
MountPoints2: {173ecd98-5114-11e2-be6a-806e6f6e6963} - "E:\tools\shelexec.exe" html\index.htm
MountPoints2: {65663023-2cdc-11e3-be89-08606e150c71} - "F:\AutoRun.exe"
MountPoints2: {65663063-2cdc-11e3-be89-08606e150c71} - "F:\AutoRun.exe"
MountPoints2: {656630c0-2cdc-11e3-be89-08606e150c71} - "F:\AutoRun.exe"
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\reader_sl.exe [35736 2010-11-15] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [932288 2010-11-15] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [RemoteControl10] - C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [91432 2012-03-28] (CyberLink Corp.)
HKLM-x32\...\Run: [ASUSWebStorage] - C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.9.120\AsusWSPanel.exe [3417984 2012-08-28] (ASUS Cloud Corporation)
HKLM-x32\...\Run: [CLMLServer] - C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe [107816 2011-03-09] (CyberLink)
HKLM-x32\...\Run: [AVP] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\avp.exe [202328 2012-08-30] (Kaspersky Lab ZAO)
AppInit_DLLs: C:\Windows\System32\nvinitx.dll [247144 2012-10-08] (NVIDIA Corporation)
AppInit_DLLs-x32: c:\windows\syswow64\nvinit.dll [202600 2012-10-08] (NVIDIA Corporation)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://asus13.msn.com
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://asus13.msn.com
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://i.search.metacrawler.com/?f=1&a=ironmc2&cd=2XzuyEtN2Y1L1QzutBtDtCyC0DzzzztCyEzzyDyE0C0Ezz0EtN0D0Tzu0CyCzztBtN1L2XzutBtFtBtFzztFtCtByEyBtN1L1Czu&cr=1892327773&ir=
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://i.search.metacrawler.com/?f=1&a=ironmc2&cd=2XzuyEtN2Y1L1QzutBtDtCyC0DzzzztCyEzzyDyE0C0Ezz0EtN0D0Tzu0CyCzztBtN1L2XzutBtFtBtFzztFtCtByEyBtN1L1Czu&cr=1892327773&ir=
SearchScopes: HKLM - DefaultScope {C55EEF2C-0084-4630-BEA3-11867E1B974F} URL = hxxp://i.search.metacrawler.com/results.php?f=4&q={searchTerms}&a=ironmc2&cd=2XzuyEtN2Y1L1QzutBtDtCyC0DzzzztCyEzzyDyE0C0Ezz0EtN0D0Tzu0CyCzztBtN1L2XzutBtFtBtFzztFtCtByEyBtN1L1Czu&cr=1892327773&ir=
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=ASU2JS
SearchScopes: HKLM - {748E7576-3E23-1876-F1A7-3CA2A3D4A49D} URL = hxxp://www.sm.de/?q={searchTerms}
SearchScopes: HKLM - {C55EEF2C-0084-4630-BEA3-11867E1B974F} URL = hxxp://i.search.metacrawler.com/results.php?f=4&q={searchTerms}&a=ironmc2&cd=2XzuyEtN2Y1L1QzutBtDtCyC0DzzzztCyEzzyDyE0C0Ezz0EtN0D0Tzu0CyCzztBtN1L2XzutBtFtBtFzztFtCtByEyBtN1L1Czu&cr=1892327773&ir=
SearchScopes: HKLM-x32 - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://i.search.metacrawler.com/results.php?f=4&q={searchTerms}&a=ironmc2&cd=2XzuyEtN2Y1L1QzutBtDtCyC0DzzzztCyEzzyDyE0C0Ezz0EtN0D0Tzu0CyCzztBtN1L2XzutBtFtBtFzztFtCtByEyBtN1L1Czu&cr=1892327773&ir=
SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://i.search.metacrawler.com/results.php?f=4&q={searchTerms}&a=ironmc2&cd=2XzuyEtN2Y1L1QzutBtDtCyC0DzzzztCyEzzyDyE0C0Ezz0EtN0D0Tzu0CyCzztBtN1L2XzutBtFtBtFzztFtCtByEyBtN1L1Czu&cr=1892327773&ir=
SearchScopes: HKLM-x32 - {608889CF-3073-CBE3-69B3-610FA11DDAA2} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=ASU2JS
SearchScopes: HKCU - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: TubeSaver-15 - {11111111-1111-1111-1111-110411391166} - C:\Program Files (x86)\TubeSaver-15\TubeSaver-15-bho64.dll No File
BHO: IEVkbdBHO Class - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\x64\ievkbd.dll (Kaspersky Lab ZAO)
BHO: FilterBHO Class - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\x64\klwtbbho.dll (Kaspersky Lab ZAO)
BHO: DVDVideoSoft WebPageAdjuster Class - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns64.dll (DVDVideoSoft Ltd.)
BHO-x32: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: IEVkbdBHO Class - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\ievkbd.dll (Kaspersky Lab ZAO)
BHO-x32: metacrawler  Helper Object - {D4EF7D75-52C9-4BCE-B6DC-0976EFAB4B0B} - C:\Program Files (x86)\metaCrawler\1.8.19.0\bh\metacrawler.dll No File
BHO-x32: FilterBHO Class - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\klwtbbho.dll (Kaspersky Lab ZAO)
BHO-x32: DVDVideoSoft WebPageAdjuster Class - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns.dll (DVDVideoSoft Ltd.)
Toolbar: HKLM-x32 - metacrawler  Toolbar - {7EACAC38-B7F6-4514-9DC1-3428A7964ABD} - C:\Program Files (x86)\metaCrawler\1.8.19.0\metacrawlerTlbr.dll No File
Tcpip\Parameters: [DhcpNameServer] 192.168.13.1

Chrome:
=======
CHR RestoreOnStartup: "hxxp://www.google.de/"
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.57\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.57\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.57\pdf.dll ()
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.149\npGoogleUpdate3.dll No File
CHR Plugin: (Intel\u00AE Identity Protection Technology) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
CHR Plugin: (Intel\u00AE Identity Protection Technology) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
CHR Plugin: (McAfee SecurityCenter) - c:\PROGRA~2\mcafee\msc\NPMCSN~1.DLL No File
CHR Extension: (Google Docs) - C:\Users\Dominika\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0
CHR Extension: (Google Drive) - C:\Users\Dominika\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0
CHR Extension: (YouTube) - C:\Users\Dominika\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0
CHR Extension: (Google Search) - C:\Users\Dominika\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0
CHR Extension: (Kaspersky URL Advisor) - C:\Users\Dominika\AppData\Local\Google\Chrome\User Data\Default\Extensions\dchlnpcodkpfdpacogkljefecpegganj\12.0.2.733_0
CHR Extension: (VTchromizer) - C:\Users\Dominika\AppData\Local\Google\Chrome\User Data\Default\Extensions\efbjojhplkelaegfbieplglfidafgoka\1.2_0
CHR Extension: (Virtual Keyboard) - C:\Users\Dominika\AppData\Local\Google\Chrome\User Data\Default\Extensions\jagncdcchgajhfhijbbhecadmaiegcmh\12.0.2.733_0
CHR Extension: (WEB.DE MailCheck) - C:\Users\Dominika\AppData\Local\Google\Chrome\User Data\Default\Extensions\jaogepninmlbinccpbiakcgiolijlllo\1.2_0
CHR Extension: (Google Wallet) - C:\Users\Dominika\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.5.0_0
CHR Extension: (Gmail) - C:\Users\Dominika\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0
CHR Extension: (Anti-Banner) - C:\Users\Dominika\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjldcfjmnllhmgjclecdnfampinooman\12.0.2.733_0
CHR HKLM-x32\...\Chrome\Extension: [dchlnpcodkpfdpacogkljefecpegganj] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\ChromeExt\urladvisor.crx
CHR HKLM-x32\...\Chrome\Extension: [jagncdcchgajhfhijbbhecadmaiegcmh] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\ChromeExt\virtkbd.crx
CHR HKLM-x32\...\Chrome\Extension: [pjldcfjmnllhmgjclecdnfampinooman] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\ChromeExt\ab.crx

==================== Services (Whitelisted) =================

R2 ASUS InstantOn; C:\Program Files (x86)\ASUS\ASUS InstantOn\InsOnSrv.exe [277120 2012-04-13] (ASUS)
R2 AVP; C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\avp.exe [202328 2012-08-30] (Kaspersky Lab ZAO)
R2 CSObjectsSrv; C:\Program Files (x86)\Common Files\InfoWatch\CryptoStorage\ProtectedObjectsSrv.exe [743992 2009-12-21] (Infowatch)
R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [129856 2012-06-27] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [166720 2012-06-25] (Intel Corporation)
R2 lmhosts; C:\Windows\system32\svchost.exe [29696 2012-09-20] (Microsoft Corporation)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
R2 NlaSvc; C:\Windows\System32\svchost.exe [29696 2012-09-20] (Microsoft Corporation)
R2 nsi; C:\Windows\system32\svchost.exe [29696 2012-09-20] (Microsoft Corporation)
R2 TGCM_ImportWiFiSvc; C:\Program Files (x86)\o2\Mobile Connection Manager\ImpWiFiSvc.exe [200624 2010-09-29] (Telefónica I+D)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [16048 2013-07-02] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

R3 ATP; C:\Windows\System32\drivers\AsusTP.sys [61824 2012-10-31] (ASUS Corporation)
R0 CSCrySec; C:\Windows\System32\DRIVERS\CSCrySec.sys [85048 2009-12-14] (Infowatch)
R1 CSVirtualDiskDrv; C:\Windows\system32\DRIVERS\CSVirtualDiskDrv.sys [66104 2009-12-14] (Infowatch)
S3 ewusbnet; C:\Windows\system32\DRIVERS\ewusbnet.sys [256000 2010-08-31] (Huawei Technologies Co., Ltd.)
R3 kbfiltr; C:\Windows\System32\drivers\kbfiltr.sys [14992 2012-08-02] ( )
R0 KL1; C:\Windows\system32\DRIVERS\kl1.sys [458032 2011-10-20] (Kaspersky Lab ZAO)
R1 kl2; C:\Windows\system32\DRIVERS\kl2.sys [13616 2011-10-20] (Kaspersky Lab ZAO)
R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [636760 2013-11-12] (Kaspersky Lab)
R1 KLIM6; C:\Windows\system32\DRIVERS\klim6.sys [29488 2011-03-10] (Kaspersky Lab ZAO)
R3 klmouflt; C:\Windows\system32\DRIVERS\klmouflt.sys [22544 2009-11-02] (Kaspersky Lab)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
U0 msahci;
U5 TMUSB; C:\Windows\System32\DRIVERS\TMUSB64.SYS [63096 2013-06-06] (Seiko Epson Corporation)

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-11-23 16:32 - 2013-11-23 16:32 - 00015691 _____ C:\Users\Dominika\Desktop\FRST.txt
2013-11-23 16:30 - 2013-11-23 16:30 - 00020446 _____ C:\Users\Dominika\Downloads\Addition.txt
2013-11-23 16:29 - 2013-11-23 16:30 - 00034377 _____ C:\Users\Dominika\Downloads\FRST.txt
2013-11-23 16:29 - 2013-11-23 16:29 - 00000000 ____D C:\FRST
2013-11-23 16:28 - 2013-11-23 16:28 - 01958234 _____ (Farbar) C:\Users\Dominika\Desktop\FRST64.exe
2013-11-23 16:27 - 2013-11-23 16:27 - 00050477 _____ C:\Users\Dominika\Downloads\Defogger.exe
2013-11-23 16:27 - 2013-11-23 16:27 - 00000480 _____ C:\Users\Dominika\Downloads\defogger_disable.log
2013-11-23 16:27 - 2013-11-23 16:27 - 00000000 _____ C:\Users\Christian\defogger_reenable
2013-11-23 16:23 - 2013-11-23 16:24 - 00000000 ____D C:\Users\Dominika\Documents\ViRus
2013-11-23 16:04 - 2013-11-23 16:04 - 00142981 _____ C:\Users\Dominika\Downloads\vtuploader2.0setup.exe
2013-11-23 16:04 - 2013-11-23 16:04 - 00000000 ____D C:\Users\Dominika\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VirusTotal Uploader 2.0
2013-11-23 08:19 - 2013-10-02 00:37 - 02035712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2013-11-23 08:19 - 2013-10-02 00:26 - 02304512 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2013-11-23 08:19 - 2013-08-23 08:22 - 02062848 _____ (Microsoft Corporation) C:\Windows\system32\d3d11.dll
2013-11-23 08:19 - 2013-08-23 02:44 - 01711616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d11.dll
2013-11-22 23:32 - 2013-11-22 23:32 - 00000000 ___HD C:\$SysReset
2013-11-22 23:28 - 2013-11-22 23:28 - 00000000 _____ C:\Recovery.txt
2013-11-13 19:59 - 2013-11-13 19:59 - 00001111 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2013-11-13 19:59 - 2013-04-04 14:50 - 00025928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2013-11-13 19:57 - 2013-11-13 19:58 - 10285040 _____ (Malwarebytes Corporation                                    ) C:\Users\Dominika\Downloads\mbam-setup-1.75.0.1300.exe
2013-11-13 00:50 - 2013-11-13 00:50 - 00000000 ____D C:\Users\Christian\AppData\Local\Avg2014
2013-11-13 00:10 - 2013-11-13 00:10 - 00017408 _____ C:\Users\Dominika\AppData\Local\WebpageIcons.db
2013-11-13 00:10 - 2013-11-13 00:10 - 00001257 _____ C:\Users\Dominika\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Kaspersky PURE 2.0.lnk
2013-11-13 00:10 - 2013-11-13 00:10 - 00000000 ___RD C:\Backup
2013-11-12 23:58 - 2013-11-12 23:58 - 00153053 _____ C:\Windows\system32\Drivers\klin.dat
2013-11-12 23:58 - 2013-11-12 23:58 - 00107384 _____ C:\Windows\system32\Drivers\klick.dat
2013-11-12 23:58 - 2009-12-14 12:44 - 00085048 _____ (Infowatch) C:\Windows\system32\Drivers\CSCrySec.sys
2013-11-12 23:58 - 2009-12-14 12:44 - 00066104 _____ (Infowatch) C:\Windows\system32\Drivers\CSVirtualDiskDrv.sys
2013-11-12 23:57 - 2013-11-23 15:54 - 00000000 ____D C:\ProgramData\Kaspersky Lab
2013-11-12 23:57 - 2013-11-12 23:57 - 00636760 _____ (Kaspersky Lab) C:\Windows\system32\Drivers\klif.sys
2013-11-12 23:57 - 2013-11-12 23:57 - 00000000 ____D C:\Program Files (x86)\Kaspersky Lab
2013-11-12 23:55 - 2013-11-12 23:56 - 228105872 _____ (Kaspersky Lab) C:\Users\Dominika\Downloads\KasperskyPURE12.0.2.733de-DE-xchip.exe
2013-11-12 23:38 - 2013-11-12 23:38 - 00308880 _____ C:\Windows\system32\FNTCACHE.DAT
2013-11-12 21:28 - 2013-11-13 00:35 - 00000000 ____D C:\ProgramData\Spybot - Search & Destroy
2013-11-12 21:28 - 2013-11-13 00:35 - 00000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy 2
2013-11-12 20:38 - 2013-11-12 20:38 - 00000000 ____D C:\Users\Dominika\AppData\Roaming\Malwarebytes
2013-11-12 20:30 - 2013-11-12 20:30 - 00000000 ____D C:\Users\Christian\AppData\Roaming\Malwarebytes
2013-11-12 20:29 - 2013-11-13 19:59 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-11-12 20:29 - 2013-11-12 20:29 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-11-12 20:27 - 2013-11-13 00:35 - 00000000 ____D C:\Program Files (x86)\COMPUTERBILD-Abzockschutz
2013-11-12 20:14 - 2013-11-23 08:24 - 00436623 _____ C:\Windows\WindowsUpdate.log
2013-11-12 20:05 - 2013-11-13 20:44 - 00067842 _____ C:\Windows\PFRO.log
2013-11-12 19:56 - 2013-11-12 19:56 - 00040896 _____ C:\Users\Christian\Documents\cc_20131112_195628.reg
2013-11-12 19:56 - 2013-11-12 19:56 - 00001614 _____ C:\Users\Christian\Documents\cc_20131112_195643.reg
2013-11-12 19:55 - 2013-11-12 19:55 - 00000824 _____ C:\Users\Public\Desktop\CCleaner.lnk
2013-11-12 19:55 - 2013-11-12 19:55 - 00000000 ____D C:\Program Files\CCleaner
2013-11-12 19:54 - 2013-11-12 19:54 - 04379048 _____ (Piriform Ltd) C:\Users\Dominika\Downloads\ccsetup407.exe
2013-11-12 17:35 - 2013-11-13 20:35 - 00000316 _____ C:\Windows\Tasks\Dealply.job
2013-11-12 17:24 - 2013-11-13 20:43 - 00000000 ____D C:\Users\Dominika\AppData\Roaming\Systweak
2013-11-12 17:23 - 2013-11-22 22:18 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2013-11-12 17:20 - 2013-11-23 16:20 - 00000318 _____ C:\Windows\Tasks\MetaCrawler.job
2013-11-12 17:20 - 2013-11-13 20:43 - 00000000 ____D C:\Users\Christian\AppData\Roaming\Systweak
2013-11-12 17:20 - 2013-11-13 00:33 - 00000000 ____D C:\Users\Christian\AppData\Roaming\MetaCrawler
2013-11-12 17:20 - 2013-09-17 11:25 - 00020312 _____ (Systweak Inc., (www.systweak.com)) C:\Windows\system32\roboot64.exe
2013-10-31 20:57 - 2013-08-03 07:40 - 01374208 _____ (Microsoft Corporation) C:\Windows\system32\wdc.dll
2013-10-31 20:57 - 2013-08-03 07:40 - 00566784 _____ (Microsoft Corporation) C:\Windows\system32\wvc.dll
2013-10-31 20:57 - 2013-08-03 07:40 - 00462336 _____ (Microsoft Corporation) C:\Windows\system32\sysmon.ocx
2013-10-31 20:57 - 2013-08-03 06:14 - 00399360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sysmon.ocx
2013-10-31 20:57 - 2013-08-03 06:13 - 01245696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdc.dll
2013-10-31 20:57 - 2013-08-03 06:13 - 00437248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wvc.dll
2013-10-31 20:56 - 2013-08-10 06:21 - 00448512 _____ (Microsoft Corporation) C:\Windows\system32\SettingSync.dll
2013-10-31 20:56 - 2013-08-10 06:21 - 00128512 _____ (Microsoft Corporation) C:\Windows\system32\SettingSyncInfo.dll
2013-10-31 20:56 - 2013-08-10 04:58 - 00356352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SettingSync.dll
2013-10-31 20:56 - 2013-08-02 07:28 - 19758080 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2013-10-31 20:56 - 2013-08-02 07:28 - 10116608 _____ (Microsoft Corporation) C:\Windows\system32\twinui.dll
2013-10-31 20:56 - 2013-08-02 07:28 - 00222208 _____ (Microsoft Corporation) C:\Windows\system32\shdocvw.dll
2013-10-31 20:56 - 2013-08-02 06:08 - 17561088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2013-10-31 20:56 - 2013-08-02 06:08 - 08858112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\twinui.dll
2013-10-31 20:56 - 2013-08-02 06:08 - 00199168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shdocvw.dll
2013-10-31 20:56 - 2013-08-01 11:41 - 02233688 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2013-10-31 20:56 - 2013-07-31 00:30 - 00386923 _____ C:\Windows\system32\ApnDatabase.xml
2013-10-31 20:56 - 2013-07-25 00:10 - 00158208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mbsmsapi.dll
2013-10-31 20:56 - 2013-07-25 00:06 - 00225280 _____ (Microsoft Corporation) C:\Windows\system32\mbsmsapi.dll
2013-10-31 20:56 - 2013-04-10 00:17 - 01125888 _____ (Microsoft Corporation) C:\Windows\system32\msctf.dll
2013-10-31 20:56 - 2013-04-09 23:29 - 00893952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msctf.dll

==================== One Month Modified Files and Folders =======

2013-11-23 16:33 - 2013-11-23 16:32 - 00015691 _____ C:\Users\Dominika\Desktop\FRST.txt
2013-11-23 16:30 - 2013-11-23 16:30 - 00020446 _____ C:\Users\Dominika\Downloads\Addition.txt
2013-11-23 16:30 - 2013-11-23 16:29 - 00034377 _____ C:\Users\Dominika\Downloads\FRST.txt
2013-11-23 16:29 - 2013-11-23 16:29 - 00000000 ____D C:\FRST
2013-11-23 16:28 - 2013-11-23 16:28 - 01958234 _____ (Farbar) C:\Users\Dominika\Desktop\FRST64.exe
2013-11-23 16:27 - 2013-11-23 16:27 - 00050477 _____ C:\Users\Dominika\Downloads\Defogger.exe
2013-11-23 16:27 - 2013-11-23 16:27 - 00000480 _____ C:\Users\Dominika\Downloads\defogger_disable.log
2013-11-23 16:27 - 2013-11-23 16:27 - 00000000 _____ C:\Users\Christian\defogger_reenable
2013-11-23 16:27 - 2013-06-28 18:51 - 00000000 ____D C:\Users\Christian
2013-11-23 16:24 - 2013-11-23 16:23 - 00000000 ____D C:\Users\Dominika\Documents\ViRus
2013-11-23 16:20 - 2013-11-12 17:20 - 00000318 _____ C:\Windows\Tasks\MetaCrawler.job
2013-11-23 16:04 - 2013-11-23 16:04 - 00142981 _____ C:\Users\Dominika\Downloads\vtuploader2.0setup.exe
2013-11-23 16:04 - 2013-11-23 16:04 - 00000000 ____D C:\Users\Dominika\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VirusTotal Uploader 2.0
2013-11-23 16:03 - 2013-06-28 21:25 - 00002249 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2013-11-23 16:03 - 2012-07-26 09:12 - 00000000 ____D C:\Windows\system32\sru
2013-11-23 15:54 - 2013-11-12 23:57 - 00000000 ____D C:\ProgramData\Kaspersky Lab
2013-11-23 15:51 - 2013-06-28 19:49 - 00000408 _____ C:\Users\Dominika\AppData\Roaming\sp_data.sys
2013-11-23 15:50 - 2013-06-28 21:24 - 00001124 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-11-23 15:48 - 2012-07-26 08:22 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-11-23 15:47 - 2012-07-26 09:12 - 00000000 ___RD C:\Windows\ToastData
2013-11-23 08:24 - 2013-11-12 20:14 - 00436623 _____ C:\Windows\WindowsUpdate.log
2013-11-23 08:22 - 2013-07-15 11:10 - 00000000 ____D C:\Windows\system32\MRT
2013-11-23 08:21 - 2013-06-29 11:15 - 82896128 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2013-11-23 08:19 - 2012-07-26 09:12 - 00000000 ____D C:\Windows\AUInstallAgent
2013-11-23 08:13 - 2012-08-03 00:02 - 00753134 _____ C:\Windows\system32\perfh007.dat
2013-11-23 08:13 - 2012-08-03 00:02 - 00155826 _____ C:\Windows\system32\perfc007.dat
2013-11-23 08:13 - 2012-07-26 08:28 - 01745416 _____ C:\Windows\system32\PerfStringBackup.INI
2013-11-23 08:10 - 2013-06-28 19:45 - 00000000 ____D C:\Users\Dominika
2013-11-23 08:06 - 2012-12-28 18:41 - 00000000 ____D C:\Windows\SysWOW64\NV
2013-11-23 08:06 - 2012-12-28 18:41 - 00000000 ____D C:\Windows\system32\NV
2013-11-22 23:32 - 2013-11-22 23:32 - 00000000 ___HD C:\$SysReset
2013-11-22 23:28 - 2013-11-22 23:28 - 00000000 _____ C:\Recovery.txt
2013-11-22 22:36 - 2012-07-26 09:12 - 00000000 ____D C:\Windows\SysWOW64\en-GB
2013-11-22 22:19 - 2012-07-26 09:12 - 00000000 ____D C:\Windows\WinStore
2013-11-22 22:18 - 2013-11-12 17:23 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2013-11-22 22:17 - 2012-07-26 09:12 - 00000000 ____D C:\Windows\registration
2013-11-22 22:16 - 2013-06-28 21:24 - 00000000 ____D C:\Users\Christian\AppData\Local\Google
2013-11-22 22:16 - 2013-06-28 21:24 - 00000000 ____D C:\Program Files (x86)\Google
2013-11-13 20:44 - 2013-11-12 20:05 - 00067842 _____ C:\Windows\PFRO.log
2013-11-13 20:43 - 2013-11-12 17:24 - 00000000 ____D C:\Users\Dominika\AppData\Roaming\Systweak
2013-11-13 20:43 - 2013-11-12 17:20 - 00000000 ____D C:\Users\Christian\AppData\Roaming\Systweak
2013-11-13 20:39 - 2013-06-28 21:24 - 00001128 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-11-13 20:35 - 2013-11-12 17:35 - 00000316 _____ C:\Windows\Tasks\Dealply.job
2013-11-13 20:02 - 2013-08-31 15:57 - 00000952 _____ C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-765202011-3612337005-3621334673-1005UA.job
2013-11-13 19:59 - 2013-11-13 19:59 - 00001111 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2013-11-13 19:59 - 2013-11-12 20:29 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-11-13 19:58 - 2013-11-13 19:57 - 10285040 _____ (Malwarebytes Corporation                                    ) C:\Users\Dominika\Downloads\mbam-setup-1.75.0.1300.exe
2013-11-13 19:58 - 2013-09-07 06:10 - 02365440 ___SH C:\Users\Dominika\Downloads\Thumbs.db
2013-11-13 00:50 - 2013-11-13 00:50 - 00000000 ____D C:\Users\Christian\AppData\Local\Avg2014
2013-11-13 00:37 - 2012-07-26 09:12 - 00000000 __RHD C:\Users\Public\Libraries
2013-11-13 00:35 - 2013-11-12 21:28 - 00000000 ____D C:\ProgramData\Spybot - Search & Destroy
2013-11-13 00:35 - 2013-11-12 21:28 - 00000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy 2
2013-11-13 00:35 - 2013-11-12 20:27 - 00000000 ____D C:\Program Files (x86)\COMPUTERBILD-Abzockschutz
2013-11-13 00:33 - 2013-11-12 17:20 - 00000000 ____D C:\Users\Christian\AppData\Roaming\MetaCrawler
2013-11-13 00:32 - 2013-06-28 18:51 - 00000000 ____D C:\Users\Christian\AppData\Local\Packages
2013-11-13 00:32 - 2013-06-28 18:51 - 00000000 ____D C:\Users\Christian\AppData\Local\ASUS
2013-11-13 00:10 - 2013-11-13 00:10 - 00017408 _____ C:\Users\Dominika\AppData\Local\WebpageIcons.db
2013-11-13 00:10 - 2013-11-13 00:10 - 00001257 _____ C:\Users\Dominika\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Kaspersky PURE 2.0.lnk
2013-11-13 00:10 - 2013-11-13 00:10 - 00000000 ___RD C:\Backup
2013-11-12 23:58 - 2013-11-12 23:58 - 00153053 _____ C:\Windows\system32\Drivers\klin.dat
2013-11-12 23:58 - 2013-11-12 23:58 - 00107384 _____ C:\Windows\system32\Drivers\klick.dat
2013-11-12 23:57 - 2013-11-12 23:57 - 00636760 _____ (Kaspersky Lab) C:\Windows\system32\Drivers\klif.sys
2013-11-12 23:57 - 2013-11-12 23:57 - 00000000 ____D C:\Program Files (x86)\Kaspersky Lab
2013-11-12 23:56 - 2013-11-12 23:55 - 228105872 _____ (Kaspersky Lab) C:\Users\Dominika\Downloads\KasperskyPURE12.0.2.733de-DE-xchip.exe
2013-11-12 23:51 - 2013-08-31 15:57 - 00000000 ____D C:\Users\Dominika\AppData\Local\Facebook
2013-11-12 23:38 - 2013-11-12 23:38 - 00308880 _____ C:\Windows\system32\FNTCACHE.DAT
2013-11-12 20:38 - 2013-11-12 20:38 - 00000000 ____D C:\Users\Dominika\AppData\Roaming\Malwarebytes
2013-11-12 20:30 - 2013-11-12 20:30 - 00000000 ____D C:\Users\Christian\AppData\Roaming\Malwarebytes
2013-11-12 20:29 - 2013-11-12 20:29 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-11-12 19:56 - 2013-11-12 19:56 - 00040896 _____ C:\Users\Christian\Documents\cc_20131112_195628.reg
2013-11-12 19:56 - 2013-11-12 19:56 - 00001614 _____ C:\Users\Christian\Documents\cc_20131112_195643.reg
2013-11-12 19:56 - 2013-07-08 03:11 - 00000000 ____D C:\Windows\Minidump
2013-11-12 19:56 - 2012-08-02 23:24 - 00000000 ____D C:\Windows\Panther
2013-11-12 19:55 - 2013-11-12 19:55 - 00000824 _____ C:\Users\Public\Desktop\CCleaner.lnk
2013-11-12 19:55 - 2013-11-12 19:55 - 00000000 ____D C:\Program Files\CCleaner
2013-11-12 19:54 - 2013-11-12 19:54 - 04379048 _____ (Piriform Ltd) C:\Users\Dominika\Downloads\ccsetup407.exe
2013-11-12 17:02 - 2013-08-31 15:57 - 00000930 _____ C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-765202011-3612337005-3621334673-1005Core.job
2013-11-05 23:58 - 2013-07-02 13:23 - 00694232 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-11-05 23:58 - 2013-07-02 13:23 - 00078296 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-11-03 21:42 - 2013-07-09 12:49 - 00005632 _____ C:\Users\Dominika\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2013-11-03 18:05 - 2012-07-26 09:12 - 00000000 ____D C:\Windows\rescache
2013-11-02 11:20 - 2012-07-26 09:12 - 00000000 ____D C:\Windows\system32\NDF
2013-11-02 11:10 - 2013-06-28 19:48 - 00000000 ___RD C:\Users\Dominika\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2013-11-02 11:10 - 2013-06-28 19:48 - 00000000 ___RD C:\Users\Dominika\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2013-10-26 14:29 - 2013-07-19 08:48 - 00000000 ___RD C:\Users\Dominika\Downloads\Microsoft.SkypeApp_kzf8qxf38zg5c!App

Files to move or delete:
====================
C:\ProgramData\SetStretch.exe


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== End Of Log ============================
--- --- ---

schrauber 24.11.2013 09:01
Hi,

MBAM updaten, suchen und löschen lassen.

Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

  • Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
  • Drücke eine beliebige Taste, um das Tool zu starten.
  • Je nach System kann der Scan eine Weile dauern.
  • Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
  • Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.


und ein frisches FRST log bitte.

c-t-v 24.11.2013 14:22
hier die Logs:

AdwCleaner:AdwCleaner Logfile:
Code:
# AdwCleaner v3.013 - Bericht erstellt am 24/11/2013 um 13:12:40
# Updated 24/11/2013 von Xplode
# Betriebssystem : Windows 8  (64 bits)
# Benutzername : Christian - PINKY
# Gestartet von : C:\Users\Dominika\Desktop\adwcleaner.exe
# Option : Löschen

***** [ Dienste ] *****


***** [ Dateien / Ordner ] *****

Ordner Gelöscht : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RegClean Pro
Ordner Gelöscht : C:\Users\Christian\AppData\Roaming\dvdvideosoftiehelpers
Ordner Gelöscht : C:\Users\Christian\AppData\Roaming\Systweak
Ordner Gelöscht : C:\Users\Christian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BitGuard
Ordner Gelöscht : C:\Users\Dominika\AppData\Roaming\Systweak
Ordner Gelöscht : C:\Users\Christian\AppData\Local\Google\Chrome\User Data\Default\Extensions\eooncjejnppfjjklapaamhcdmjbilmde
Datei Gelöscht : C:\Windows\System32\roboot64.exe
Datei Gelöscht : C:\Users\Christian\AppData\Roaming\Microsoft\Windows\Start Menu\Startfenster.lnk
Datei Gelöscht : C:\Users\Christian\Desktop\Startfenster.lnk
Datei Gelöscht : C:\Windows\Tasks\Dealply.job
Datei Gelöscht : C:\Windows\System32\Tasks\Dealply
Datei Gelöscht : C:\Windows\Tasks\MetaCrawler.job
Datei Gelöscht : C:\Windows\System32\Tasks\MetaCrawler
Datei Gelöscht : C:\Windows\System32\Tasks\RegClean Pro

***** [ Verknüpfungen ] *****

Verknüpfung Desinfiziert : C:\Users\Christian\Desktop\Search.lnk

***** [ Registrierungsdatenbank ] *****

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Prod.cap
Schlüssel Gelöscht : HKCU\Software\848c8be769e414
Schlüssel Gelöscht : HKLM\SOFTWARE\848c8be769e414
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{D4EF7D75-52C9-4BCE-B6DC-0976EFAB4B0B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{22222222-2222-2222-2222-220422392266}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660466396666}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4EF7D75-52C9-4BCE-B6DC-0976EFAB4B0B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4EF7D75-52C9-4BCE-B6DC-0976EFAB4B0B}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D4EF7D75-52C9-4BCE-B6DC-0976EFAB4B0B}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\CLSID\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\CLSID\{22222222-2222-2222-2222-220422392266}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660466396666}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Schlüssel Gelöscht : HKCU\Software\BabSolution
Schlüssel Gelöscht : HKCU\Software\powerpack
Schlüssel Gelöscht : HKCU\Software\Softonic
Schlüssel Gelöscht : HKCU\Software\systweak
Schlüssel Gelöscht : HKLM\Software\DataMngr
Schlüssel Gelöscht : HKLM\Software\InstallCore
Schlüssel Gelöscht : HKLM\Software\systweak
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{15D2D75C-9CB2-4EFD-BAD7-B9B4CB4BC693}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\InstalledThirdPartyPrograms

***** [ Browser ] *****

-\\ Internet Explorer v10.0.9200.16537

Einstellung Wiederhergestellt : HKCU\Software\Microsoft\Internet Explorer\Main [Start Page]
Einstellung Wiederhergestellt : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Start Page]
Einstellung Wiederhergestellt : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Start Page]

*************************

AdwCleaner[R0].txt - [5334 octets] - [24/11/2013 12:25:35]
AdwCleaner[S0].txt - [4330 octets] - [24/11/2013 13:12:40]

########## EOF - \AdwCleaner\AdwCleaner[S0].txt - [4390 octets] ##########
--- --- ---

MBAM:
2013/11/24 09:47:32 +0100 PINKY Dominika MESSAGE Starting database refresh
2013/11/24 09:47:32 +0100 PINKY Dominika MESSAGE Stopping IP protection
2013/11/24 09:47:32 +0100 PINKY Dominika MESSAGE IP Protection stopped successfully
2013/11/24 09:47:35 +0100 PINKY Dominika MESSAGE Database refreshed successfully
2013/11/24 09:47:35 +0100 PINKY Dominika MESSAGE Starting IP protection
2013/11/24 09:47:36 +0100 PINKY Dominika MESSAGE IP Protection started successfully
2013/11/24 12:14:01 +0100 PINKY (null) MESSAGE Starting protection
2013/11/24 12:14:01 +0100 PINKY (null) MESSAGE Protection started successfully
2013/11/24 12:14:01 +0100 PINKY (null) MESSAGE Starting IP protection
2013/11/24 12:14:03 +0100 PINKY (null) MESSAGE IP Protection started successfully
2013/11/24 13:14:10 +0100 PINKY (null) MESSAGE Starting protection
2013/11/24 13:14:11 +0100 PINKY (null) MESSAGE Protection started successfully
2013/11/24 13:14:11 +0100 PINKY (null) MESSAGE Starting IP protection
2013/11/24 13:14:14 +0100 PINKY (null) MESSAGE IP Protection started successfully
2013/11/24 13:21:12 +0100 PINKY Dominika MESSAGE Stopping protection
2013/11/24 13:21:12 +0100 PINKY Dominika MESSAGE Protection stopped successfully
2013/11/24 13:21:12 +0100 PINKY Dominika MESSAGE Stopping IP protection
2013/11/24 13:21:12 +0100 PINKY Dominika MESSAGE IP Protection stopped successfully
2013/11/24 13:21:12 +0100 PINKY Dominika MESSAGE Protection stopped
2013/11/24 14:09:48 +0100 PINKY (null) MESSAGE Starting protection
2013/11/24 14:09:48 +0100 PINKY (null) MESSAGE Protection started successfully
2013/11/24 14:09:48 +0100 PINKY (null) MESSAGE Starting IP protection
2013/11/24 14:09:51 +0100 PINKY (null) MESSAGE IP Protection started successfully
2013/11/24 14:11:44 +0100 PINKY Dominika MESSAGE Stopping protection
2013/11/24 14:11:44 +0100 PINKY Dominika MESSAGE Protection stopped successfully
2013/11/24 14:11:44 +0100 PINKY Dominika MESSAGE Stopping IP protection
2013/11/24 14:11:44 +0100 PINKY Dominika MESSAGE IP Protection stopped successfully
2013/11/24 14:11:44 +0100 PINKY Dominika MESSAGE Protection stopped

FRST:
FRST Logfile:

FRST Logfile:
Code:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 23-11-2013 03
Ran by Christian (administrator) on PINKY on 24-11-2013 14:12:30
Running from C:\Users\Dominika\Desktop
Windows 8 (X64) OS Language: German Standard
Internet Explorer Version 10
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
(ASUS) C:\Program Files (x86)\ASUS\ASUS InstantOn\InsOnSrv.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\avp.exe
(Infowatch) C:\Program Files (x86)\Common Files\InfoWatch\CryptoStorage\ProtectedObjectsSrv.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe
(Telefónica I+D) C:\Program Files (x86)\o2\Mobile Connection Manager\ImpWiFiSvc.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\x64\wmi64.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
(ASUS) C:\Program Files (x86)\ASUS\ASUS InstantOn\InsOnCfg.exe
(ASUS) C:\Program Files (x86)\ASUS\ASUS InstantOn\InsOnWMI.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe
(AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPLoader.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.0.1119.516_x64__8wekyb3d8bbwe\LiveComm.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\QuickGesture\x64\QuickGesture64.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version8\TeamViewer.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.21.165\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.21.165\GoogleCrashHandler64.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\QuickGesture\x86\QuickGesture.exe
(AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPCenter.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version8\tv_w32.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version8\tv_x64.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(ASUS) C:\Program Files (x86)\ASUS\Splendid\ACMON.exe
(ASUSTeK) C:\Windows\SysWOW64\ACEngSvr.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
(Microsoft Corporation) C:\Windows\System32\WpcMon.exe
(AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPHelper.exe
(Microsoft Corporation) C:\Windows\System32\msiexec.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\avp.exe
(Realsil Microelectronics Inc.) C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
(Farbar) C:\Users\Dominika\Desktop\FRST64 (1).exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [HotKeysCmds] - C:\Windows\system32\hkcmd.exe [ ] ()
HKLM\...\Run: [RTHDVCPL] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12936848 2012-07-13] (Realtek Semiconductor)
HKLM\...\Run: [ACMON] - C:\Program Files (x86)\ASUS\Splendid\ACMON.exe [107192 2012-09-11] (ASUS)
HKLM\...\RunOnce: [*WerKernelReporting] - %SYSTEMROOT%\SYSTEM32\WerFault.exe -k -rq [439488 2013-07-09] (Microsoft Corporation)
HKLM-x32\...\Runonce: [Del506750031] - cmd.exe /Q /D /c del "C:\Users\CHRIST~1\AppData\Local\Temp\0.del" [x]
HKLM-x32\...\Runonce: [Del507652593] - cmd.exe /Q /D /c del "C:\Users\CHRIST~1\AppData\Local\Temp\0.del" [x]
HKLM-x32\...\RunOnce: [Malwarebytes Anti-Malware] - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent [532040 2013-04-04] (Malwarebytes Corporation)
HKLM-x32\...\RunOnce: [Malwarebytes Anti-Malware (cleanup)] - rundll32.exe "C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware\cleanup.dll",ProcessCleanupScript [1127496 2013-04-04] (Malwarebytes Corporation)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
Winlogon\Notify\klogon: C:\Windows\System32\klogon.dll (Kaspersky Lab ZAO)
HKCU\...\Run: [Power2GoExpress] - C:\Program Files (x86)\CyberLink\Power2Go\Power2GoExpress.exe [2646504 2012-05-14] (CyberLink Corp.)
HKCU\...\RunOnce: [Report] - \AdwCleaner\AdwCleaner[S0].txt [4492 2013-11-24] ()
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\reader_sl.exe [35736 2010-11-15] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [932288 2010-11-15] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [RemoteControl10] - C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [91432 2012-03-28] (CyberLink Corp.)
HKLM-x32\...\Run: [ASUSWebStorage] - C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.9.120\AsusWSPanel.exe [3417984 2012-08-28] (ASUS Cloud Corporation)
HKLM-x32\...\Run: [CLMLServer] - C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe [107816 2011-03-09] (CyberLink)
HKLM-x32\...\Run: [AVP] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\avp.exe [202328 2012-08-30] (Kaspersky Lab ZAO)
AppInit_DLLs: C:\Windows\System32\nvinitx.dll [247144 2012-10-08] (NVIDIA Corporation)
AppInit_DLLs-x32: c:\windows\syswow64\nvinit.dll [202600 2012-10-08] (NVIDIA Corporation)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://asus13.msn.com
SearchScopes: HKLM - DefaultScope {C55EEF2C-0084-4630-BEA3-11867E1B974F} URL = hxxp://i.search.metacrawler.com/results.php?f=4&q={searchTerms}&a=ironmc2&cd=2XzuyEtN2Y1L1QzutBtDtCyC0DzzzztCyEzzyDyE0C0Ezz0EtN0D0Tzu0CyCzztBtN1L2XzutBtFtBtFzztFtCtByEyBtN1L1Czu&cr=1892327773&ir=
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=ASU2JS
SearchScopes: HKLM - {748E7576-3E23-1876-F1A7-3CA2A3D4A49D} URL = hxxp://www.sm.de/?q={searchTerms}
SearchScopes: HKLM - {C55EEF2C-0084-4630-BEA3-11867E1B974F} URL = hxxp://i.search.metacrawler.com/results.php?f=4&q={searchTerms}&a=ironmc2&cd=2XzuyEtN2Y1L1QzutBtDtCyC0DzzzztCyEzzyDyE0C0Ezz0EtN0D0Tzu0CyCzztBtN1L2XzutBtFtBtFzztFtCtByEyBtN1L1Czu&cr=1892327773&ir=
SearchScopes: HKLM-x32 - {608889CF-3073-CBE3-69B3-610FA11DDAA2} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=ASU2JS
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKCU - {748E7576-3E23-1876-F1A7-3CA2A3D4A49D} URL = hxxp://www.sm.de/?q={searchTerms}
SearchScopes: HKCU - {C55EEF2C-0084-4630-BEA3-11867E1B974F} URL = hxxp://i.search.metacrawler.com/results.php?f=4&q={searchTerms}&a=ironmc2&cd=2XzuyEtN2Y1L1QzutBtDtCyC0DzzzztCyEzzyDyE0C0Ezz0EtN0D0Tzu0CyCzztBtN1L2XzutBtFtBtFzztFtCtByEyBtN1L1Czu&cr=1892327773&ir=
BHO: TubeSaver-15 - {11111111-1111-1111-1111-110411391166} - C:\Program Files (x86)\TubeSaver-15\TubeSaver-15-bho64.dll No File
BHO: IEVkbdBHO Class - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\x64\ievkbd.dll (Kaspersky Lab ZAO)
BHO: FilterBHO Class - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\x64\klwtbbho.dll (Kaspersky Lab ZAO)
BHO-x32: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: IEVkbdBHO Class - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\ievkbd.dll (Kaspersky Lab ZAO)
BHO-x32: FilterBHO Class - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\klwtbbho.dll (Kaspersky Lab ZAO)
Toolbar: HKLM-x32 - metacrawler  Toolbar - {7EACAC38-B7F6-4514-9DC1-3428A7964ABD} - C:\Program Files (x86)\metaCrawler\1.8.19.0\metacrawlerTlbr.dll No File

Chrome:
=======
Error reading preferences. Please check "preferences" file for possible corruption. <======= ATTENTION
CHR Extension: () - C:\Users\CHRIST~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.0.0.6_0
CHR Extension: () - C:\Users\CHRIST~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\jhjjdgbhohaallcimgcmakfiobacimkm\1.0.0_0
CHR Extension: () - C:\Users\CHRIST~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\nikpibnbobmbdbheedjfogjlikpgpnhp\1.3.0.0_0
CHR Extension: () - C:\Users\CHRIST~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.5.0_0
CHR HKLM-x32\...\Chrome\Extension: [dchlnpcodkpfdpacogkljefecpegganj] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\ChromeExt\urladvisor.crx
CHR HKLM-x32\...\Chrome\Extension: [jagncdcchgajhfhijbbhecadmaiegcmh] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\ChromeExt\virtkbd.crx
CHR HKLM-x32\...\Chrome\Extension: [pjldcfjmnllhmgjclecdnfampinooman] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\ChromeExt\ab.crx

==================== Services (Whitelisted) =================

R2 ASUS InstantOn; C:\Program Files (x86)\ASUS\ASUS InstantOn\InsOnSrv.exe [277120 2012-04-13] (ASUS)
R2 AVP; C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\avp.exe [202328 2012-08-30] (Kaspersky Lab ZAO)
R2 CSObjectsSrv; C:\Program Files (x86)\Common Files\InfoWatch\CryptoStorage\ProtectedObjectsSrv.exe [743992 2009-12-21] (Infowatch)
R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [129856 2012-06-27] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [166720 2012-06-25] (Intel Corporation)
S2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
R2 TGCM_ImportWiFiSvc; C:\Program Files (x86)\o2\Mobile Connection Manager\ImpWiFiSvc.exe [200624 2010-09-29] (Telefónica I+D)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [16048 2013-07-02] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

R3 ATP; C:\Windows\System32\drivers\AsusTP.sys [61824 2012-10-31] (ASUS Corporation)
R0 CSCrySec; C:\Windows\System32\DRIVERS\CSCrySec.sys [85048 2009-12-14] (Infowatch)
R1 CSVirtualDiskDrv; C:\Windows\system32\DRIVERS\CSVirtualDiskDrv.sys [66104 2009-12-14] (Infowatch)
S3 ewusbnet; C:\Windows\system32\DRIVERS\ewusbnet.sys [256000 2010-08-31] (Huawei Technologies Co., Ltd.)
R3 kbfiltr; C:\Windows\System32\drivers\kbfiltr.sys [14992 2012-08-02] ( )
R0 KL1; C:\Windows\system32\DRIVERS\kl1.sys [458032 2011-10-20] (Kaspersky Lab ZAO)
R1 kl2; C:\Windows\system32\DRIVERS\kl2.sys [13616 2011-10-20] (Kaspersky Lab ZAO)
R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [636760 2013-11-12] (Kaspersky Lab)
R1 KLIM6; C:\Windows\system32\DRIVERS\klim6.sys [29488 2011-03-10] (Kaspersky Lab ZAO)
R3 klmouflt; C:\Windows\system32\DRIVERS\klmouflt.sys [22544 2009-11-02] (Kaspersky Lab)
S3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
U0 msahci;
U5 TMUSB; C:\Windows\System32\DRIVERS\TMUSB64.SYS [63096 2013-06-06] (Seiko Epson Corporation)

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-11-24 13:26 - 2013-11-24 13:26 - 00000952 _____ C:\Users\Christian\Desktop\JRT.txt
2013-11-24 13:21 - 2013-11-24 13:21 - 00000000 ____D C:\Windows\ERUNT
2013-11-24 13:20 - 2013-11-24 13:20 - 01034531 _____ (Thisisu) C:\Users\Dominika\Desktop\JRT.exe
2013-11-24 13:19 - 2013-11-24 13:20 - 01034531 _____ (Thisisu) C:\Users\Dominika\Downloads\JRT.exe
2013-11-24 12:24 - 2013-11-24 13:12 - 00000000 ____D C:\AdwCleaner
2013-11-24 12:22 - 2013-11-24 12:23 - 01091882 _____ C:\Users\Dominika\Desktop\adwcleaner.exe
2013-11-24 12:18 - 2013-11-24 14:12 - 00013049 _____ C:\Users\Dominika\Desktop\FRST.txt
2013-11-24 09:46 - 2013-11-24 09:46 - 01958396 _____ (Farbar) C:\Users\Dominika\Desktop\FRST64 (1).exe
2013-11-24 09:44 - 2013-11-24 09:44 - 01958396 _____ (Farbar) C:\Users\Dominika\Downloads\FRST64.exe
2013-11-23 20:26 - 2013-11-23 20:26 - 00377856 _____ C:\Users\Dominika\Desktop\gmer_2.1.19163 (1).exe
2013-11-23 20:04 - 2013-11-23 20:04 - 00000000 ____D C:\Users\Dominika\Downloads\backups
2013-11-23 20:02 - 2013-11-23 20:02 - 00011518 _____ C:\Users\Dominika\Downloads\hijackthis.log
2013-11-23 20:01 - 2013-11-23 20:01 - 00388608 _____ (Trend Micro Inc.) C:\Users\Dominika\Downloads\HijackThis.exe
2013-11-23 16:54 - 2013-11-23 16:54 - 00303096 _____ C:\Windows\Minidump\112313-19281-01.dmp
2013-11-23 16:38 - 2013-11-23 16:54 - 507388873 _____ C:\Windows\MEMORY.DMP
2013-11-23 16:38 - 2013-11-23 16:39 - 00270416 _____ C:\Windows\Minidump\112313-44937-01.dmp
2013-11-23 16:34 - 2013-11-23 16:34 - 00377856 _____ C:\Users\Dominika\Downloads\gmer_2.1.19163.exe
2013-11-23 16:29 - 2013-11-23 16:30 - 00034377 _____ C:\Users\Dominika\Downloads\FRST.txt
2013-11-23 16:29 - 2013-11-23 16:29 - 00000000 ____D C:\FRST
2013-11-23 16:27 - 2013-11-23 16:27 - 00050477 _____ C:\Users\Dominika\Downloads\Defogger.exe
2013-11-23 16:27 - 2013-11-23 16:27 - 00000480 _____ C:\Users\Dominika\Downloads\defogger_disable.log
2013-11-23 16:27 - 2013-11-23 16:27 - 00000000 _____ C:\Users\Christian\defogger_reenable
2013-11-23 16:23 - 2013-11-23 20:41 - 00000000 ____D C:\Users\Dominika\Documents\ViRus
2013-11-23 16:04 - 2013-11-23 16:04 - 00142981 _____ C:\Users\Dominika\Downloads\vtuploader2.0setup.exe
2013-11-23 16:04 - 2013-11-23 16:04 - 00000000 ____D C:\Users\Dominika\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VirusTotal Uploader 2.0
2013-11-23 08:19 - 2013-10-02 00:37 - 02035712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2013-11-23 08:19 - 2013-10-02 00:26 - 02304512 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2013-11-23 08:19 - 2013-08-23 08:22 - 02062848 _____ (Microsoft Corporation) C:\Windows\system32\d3d11.dll
2013-11-23 08:19 - 2013-08-23 02:44 - 01711616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d11.dll
2013-11-22 23:32 - 2013-11-22 23:32 - 00000000 ___HD C:\$SysReset
2013-11-22 23:28 - 2013-11-22 23:28 - 00000000 _____ C:\Recovery.txt
2013-11-22 22:54 - 2013-11-22 22:54 - 00262144 _____ C:\Windows\system32\config\userdiff
2013-11-13 19:59 - 2013-11-13 19:59 - 00001111 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2013-11-13 19:59 - 2013-04-04 14:50 - 00025928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2013-11-13 19:57 - 2013-11-13 19:58 - 10285040 _____ (Malwarebytes Corporation                                    ) C:\Users\Dominika\Downloads\mbam-setup-1.75.0.1300.exe
2013-11-13 00:50 - 2013-11-13 00:50 - 00000000 ____D C:\Users\Christian\AppData\Local\Avg2014
2013-11-13 00:10 - 2013-11-13 00:10 - 00017408 _____ C:\Users\Dominika\AppData\Local\WebpageIcons.db
2013-11-13 00:10 - 2013-11-13 00:10 - 00001257 _____ C:\Users\Dominika\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Kaspersky PURE 2.0.lnk
2013-11-13 00:10 - 2013-11-13 00:10 - 00000000 ___RD C:\Backup
2013-11-12 23:58 - 2013-11-12 23:58 - 00153053 _____ C:\Windows\system32\Drivers\klin.dat
2013-11-12 23:58 - 2013-11-12 23:58 - 00107384 _____ C:\Windows\system32\Drivers\klick.dat
2013-11-12 23:58 - 2009-12-14 12:44 - 00085048 _____ (Infowatch) C:\Windows\system32\Drivers\CSCrySec.sys
2013-11-12 23:58 - 2009-12-14 12:44 - 00066104 _____ (Infowatch) C:\Windows\system32\Drivers\CSVirtualDiskDrv.sys
2013-11-12 23:57 - 2013-11-24 14:12 - 00000000 ____D C:\ProgramData\Kaspersky Lab
2013-11-12 23:57 - 2013-11-12 23:57 - 00636760 _____ (Kaspersky Lab) C:\Windows\system32\Drivers\klif.sys
2013-11-12 23:57 - 2013-11-12 23:57 - 00000000 ____D C:\Program Files (x86)\Kaspersky Lab
2013-11-12 23:55 - 2013-11-12 23:56 - 228105872 _____ (Kaspersky Lab) C:\Users\Dominika\Downloads\KasperskyPURE12.0.2.733de-DE-xchip.exe
2013-11-12 23:38 - 2013-11-12 23:38 - 00308880 _____ C:\Windows\system32\FNTCACHE.DAT
2013-11-12 21:28 - 2013-11-13 00:35 - 00000000 ____D C:\ProgramData\Spybot - Search & Destroy
2013-11-12 21:28 - 2013-11-13 00:35 - 00000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy 2
2013-11-12 21:28 - 2013-11-12 21:28 - 00000000 ____D C:\Windows\System32\Tasks\Safer-Networking
2013-11-12 20:38 - 2013-11-12 20:38 - 00000000 ____D C:\Users\Dominika\AppData\Roaming\Malwarebytes
2013-11-12 20:30 - 2013-11-12 20:30 - 00000000 ____D C:\Users\Christian\AppData\Roaming\Malwarebytes
2013-11-12 20:29 - 2013-11-13 19:59 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-11-12 20:29 - 2013-11-12 20:29 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-11-12 20:27 - 2013-11-13 00:35 - 00000000 ____D C:\Program Files (x86)\COMPUTERBILD-Abzockschutz
2013-11-12 20:14 - 2013-11-23 08:24 - 00436623 _____ C:\Windows\WindowsUpdate.log
2013-11-12 20:05 - 2013-11-24 12:13 - 00091862 _____ C:\Windows\PFRO.log
2013-11-12 19:56 - 2013-11-12 19:56 - 00040896 _____ C:\Users\Christian\Documents\cc_20131112_195628.reg
2013-11-12 19:56 - 2013-11-12 19:56 - 00001614 _____ C:\Users\Christian\Documents\cc_20131112_195643.reg
2013-11-12 19:55 - 2013-11-12 19:55 - 00002780 _____ C:\Windows\System32\Tasks\CCleanerSkipUAC
2013-11-12 19:55 - 2013-11-12 19:55 - 00000824 _____ C:\Users\Public\Desktop\CCleaner.lnk
2013-11-12 19:55 - 2013-11-12 19:55 - 00000000 ____D C:\Program Files\CCleaner
2013-11-12 19:54 - 2013-11-12 19:54 - 04379048 _____ (Piriform Ltd) C:\Users\Dominika\Downloads\ccsetup407.exe
2013-11-12 17:23 - 2013-11-22 22:18 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2013-10-31 20:57 - 2013-08-03 07:40 - 01374208 _____ (Microsoft Corporation) C:\Windows\system32\wdc.dll
2013-10-31 20:57 - 2013-08-03 07:40 - 00566784 _____ (Microsoft Corporation) C:\Windows\system32\wvc.dll
2013-10-31 20:57 - 2013-08-03 07:40 - 00462336 _____ (Microsoft Corporation) C:\Windows\system32\sysmon.ocx
2013-10-31 20:57 - 2013-08-03 06:14 - 00399360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sysmon.ocx
2013-10-31 20:57 - 2013-08-03 06:13 - 01245696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdc.dll
2013-10-31 20:57 - 2013-08-03 06:13 - 00437248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wvc.dll
2013-10-31 20:56 - 2013-08-10 06:21 - 00448512 _____ (Microsoft Corporation) C:\Windows\system32\SettingSync.dll
2013-10-31 20:56 - 2013-08-10 06:21 - 00128512 _____ (Microsoft Corporation) C:\Windows\system32\SettingSyncInfo.dll
2013-10-31 20:56 - 2013-08-10 04:58 - 00356352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SettingSync.dll
2013-10-31 20:56 - 2013-08-02 07:28 - 19758080 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2013-10-31 20:56 - 2013-08-02 07:28 - 10116608 _____ (Microsoft Corporation) C:\Windows\system32\twinui.dll
2013-10-31 20:56 - 2013-08-02 07:28 - 00222208 _____ (Microsoft Corporation) C:\Windows\system32\shdocvw.dll
2013-10-31 20:56 - 2013-08-02 06:08 - 17561088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2013-10-31 20:56 - 2013-08-02 06:08 - 08858112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\twinui.dll
2013-10-31 20:56 - 2013-08-02 06:08 - 00199168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shdocvw.dll
2013-10-31 20:56 - 2013-08-01 11:41 - 02233688 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2013-10-31 20:56 - 2013-07-31 00:30 - 00386923 _____ C:\Windows\system32\ApnDatabase.xml
2013-10-31 20:56 - 2013-07-25 00:10 - 00158208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mbsmsapi.dll
2013-10-31 20:56 - 2013-07-25 00:06 - 00225280 _____ (Microsoft Corporation) C:\Windows\system32\mbsmsapi.dll
2013-10-31 20:56 - 2013-04-10 00:17 - 01125888 _____ (Microsoft Corporation) C:\Windows\system32\msctf.dll
2013-10-31 20:56 - 2013-04-09 23:29 - 00893952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msctf.dll

==================== One Month Modified Files and Folders =======

2013-11-24 14:12 - 2013-11-24 12:18 - 00013049 _____ C:\Users\Dominika\Desktop\FRST.txt
2013-11-24 14:12 - 2013-11-12 23:57 - 00000000 ____D C:\ProgramData\Kaspersky Lab
2013-11-24 14:10 - 2013-06-28 21:24 - 00001124 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-11-24 14:10 - 2013-06-28 19:49 - 00000408 _____ C:\Users\Dominika\AppData\Roaming\sp_data.sys
2013-11-24 14:09 - 2012-07-26 08:22 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-11-24 14:02 - 2013-08-31 15:57 - 00000952 _____ C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-765202011-3612337005-3621334673-1005UA.job
2013-11-24 14:00 - 2012-07-26 09:12 - 00000000 ____D C:\Windows\system32\sru
2013-11-24 13:39 - 2013-06-28 21:24 - 00001128 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-11-24 13:26 - 2013-11-24 13:26 - 00000952 _____ C:\Users\Christian\Desktop\JRT.txt
2013-11-24 13:23 - 2013-06-28 18:54 - 00000000 ___RD C:\Users\Christian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2013-11-24 13:23 - 2013-06-28 18:54 - 00000000 ___RD C:\Users\Christian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2013-11-24 13:21 - 2013-11-24 13:21 - 00000000 ____D C:\Windows\ERUNT
2013-11-24 13:20 - 2013-11-24 13:20 - 01034531 _____ (Thisisu) C:\Users\Dominika\Desktop\JRT.exe
2013-11-24 13:20 - 2013-11-24 13:19 - 01034531 _____ (Thisisu) C:\Users\Dominika\Downloads\JRT.exe
2013-11-24 13:20 - 2013-09-07 06:10 - 02365440 ___SH C:\Users\Dominika\Downloads\Thumbs.db
2013-11-24 13:13 - 2012-07-26 06:26 - 00524288 ___SH C:\Windows\system32\config\BBI
2013-11-24 13:12 - 2013-11-24 12:24 - 00000000 ____D C:\AdwCleaner
2013-11-24 13:12 - 2013-09-30 08:33 - 00000601 _____ C:\Users\Christian\Desktop\Search.lnk
2013-11-24 12:23 - 2013-11-24 12:22 - 01091882 _____ C:\Users\Dominika\Desktop\adwcleaner.exe
2013-11-24 12:13 - 2013-11-12 20:05 - 00091862 _____ C:\Windows\PFRO.log
2013-11-24 09:46 - 2013-11-24 09:46 - 01958396 _____ (Farbar) C:\Users\Dominika\Desktop\FRST64 (1).exe
2013-11-24 09:44 - 2013-11-24 09:44 - 01958396 _____ (Farbar) C:\Users\Dominika\Downloads\FRST64.exe
2013-11-23 20:41 - 2013-11-23 16:23 - 00000000 ____D C:\Users\Dominika\Documents\ViRus
2013-11-23 20:26 - 2013-11-23 20:26 - 00377856 _____ C:\Users\Dominika\Desktop\gmer_2.1.19163 (1).exe
2013-11-23 20:04 - 2013-11-23 20:04 - 00000000 ____D C:\Users\Dominika\Downloads\backups
2013-11-23 20:02 - 2013-11-23 20:02 - 00011518 _____ C:\Users\Dominika\Downloads\hijackthis.log
2013-11-23 20:01 - 2013-11-23 20:01 - 00388608 _____ (Trend Micro Inc.) C:\Users\Dominika\Downloads\HijackThis.exe
2013-11-23 20:01 - 2013-06-28 19:48 - 00000000 ____D C:\Users\Dominika\AppData\Local\VirtualStore
2013-11-23 18:38 - 2012-07-26 09:12 - 00000000 ____D C:\Windows\rescache
2013-11-23 17:36 - 2013-06-28 19:56 - 00003598 _____ C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-765202011-3612337005-3621334673-1005
2013-11-23 17:02 - 2013-08-31 15:57 - 00000930 _____ C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-765202011-3612337005-3621334673-1005Core.job
2013-11-23 16:54 - 2013-11-23 16:54 - 00303096 _____ C:\Windows\Minidump\112313-19281-01.dmp
2013-11-23 16:54 - 2013-11-23 16:38 - 507388873 _____ C:\Windows\MEMORY.DMP
2013-11-23 16:54 - 2013-07-08 03:11 - 00000000 ____D C:\Windows\Minidump
2013-11-23 16:39 - 2013-11-23 16:38 - 00270416 _____ C:\Windows\Minidump\112313-44937-01.dmp
2013-11-23 16:34 - 2013-11-23 16:34 - 00377856 _____ C:\Users\Dominika\Downloads\gmer_2.1.19163.exe
2013-11-23 16:30 - 2013-11-23 16:29 - 00034377 _____ C:\Users\Dominika\Downloads\FRST.txt
2013-11-23 16:29 - 2013-11-23 16:29 - 00000000 ____D C:\FRST
2013-11-23 16:27 - 2013-11-23 16:27 - 00050477 _____ C:\Users\Dominika\Downloads\Defogger.exe
2013-11-23 16:27 - 2013-11-23 16:27 - 00000480 _____ C:\Users\Dominika\Downloads\defogger_disable.log
2013-11-23 16:27 - 2013-11-23 16:27 - 00000000 _____ C:\Users\Christian\defogger_reenable
2013-11-23 16:27 - 2013-06-28 18:51 - 00000000 ____D C:\Users\Christian
2013-11-23 16:04 - 2013-11-23 16:04 - 00142981 _____ C:\Users\Dominika\Downloads\vtuploader2.0setup.exe
2013-11-23 16:04 - 2013-11-23 16:04 - 00000000 ____D C:\Users\Dominika\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VirusTotal Uploader 2.0
2013-11-23 16:03 - 2013-06-28 21:25 - 00002249 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2013-11-23 15:47 - 2012-07-26 09:12 - 00000000 ___RD C:\Windows\ToastData
2013-11-23 08:24 - 2013-11-12 20:14 - 00436623 _____ C:\Windows\WindowsUpdate.log
2013-11-23 08:22 - 2013-07-15 11:10 - 00000000 ____D C:\Windows\system32\MRT
2013-11-23 08:21 - 2013-06-29 11:15 - 82896128 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2013-11-23 08:19 - 2012-07-26 09:12 - 00000000 ____D C:\Windows\AUInstallAgent
2013-11-23 08:13 - 2012-08-03 00:02 - 00753134 _____ C:\Windows\system32\perfh007.dat
2013-11-23 08:13 - 2012-08-03 00:02 - 00155826 _____ C:\Windows\system32\perfc007.dat
2013-11-23 08:13 - 2012-07-26 08:28 - 01745416 _____ C:\Windows\system32\PerfStringBackup.INI
2013-11-23 08:10 - 2013-06-28 19:45 - 00000000 ____D C:\Users\Dominika
2013-11-23 08:06 - 2012-12-28 18:41 - 00000000 ____D C:\Windows\SysWOW64\NV
2013-11-23 08:06 - 2012-12-28 18:41 - 00000000 ____D C:\Windows\system32\NV
2013-11-22 23:32 - 2013-11-22 23:32 - 00000000 ___HD C:\$SysReset
2013-11-22 23:28 - 2013-11-22 23:28 - 00000000 _____ C:\Recovery.txt
2013-11-22 22:54 - 2013-11-22 22:54 - 00262144 _____ C:\Windows\system32\config\userdiff
2013-11-22 22:36 - 2012-07-26 09:12 - 00000000 ____D C:\Windows\SysWOW64\en-GB
2013-11-22 22:19 - 2012-07-26 09:12 - 00000000 ____D C:\Windows\WinStore
2013-11-22 22:18 - 2013-11-12 17:23 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2013-11-22 22:17 - 2012-07-26 09:12 - 00000000 ____D C:\Windows\registration
2013-11-22 22:16 - 2013-06-28 21:24 - 00000000 ____D C:\Users\Christian\AppData\Local\Google
2013-11-22 22:16 - 2013-06-28 21:24 - 00000000 ____D C:\Program Files (x86)\Google
2013-11-13 19:59 - 2013-11-13 19:59 - 00001111 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2013-11-13 19:59 - 2013-11-12 20:29 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-11-13 19:58 - 2013-11-13 19:57 - 10285040 _____ (Malwarebytes Corporation                                    ) C:\Users\Dominika\Downloads\mbam-setup-1.75.0.1300.exe
2013-11-13 00:50 - 2013-11-13 00:50 - 00000000 ____D C:\Users\Christian\AppData\Local\Avg2014
2013-11-13 00:37 - 2012-07-26 09:12 - 00000000 __RHD C:\Users\Public\Libraries
2013-11-13 00:35 - 2013-11-12 21:28 - 00000000 ____D C:\ProgramData\Spybot - Search & Destroy
2013-11-13 00:35 - 2013-11-12 21:28 - 00000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy 2
2013-11-13 00:35 - 2013-11-12 20:27 - 00000000 ____D C:\Program Files (x86)\COMPUTERBILD-Abzockschutz
2013-11-13 00:32 - 2013-06-28 18:51 - 00000000 ____D C:\Users\Christian\AppData\Local\Packages
2013-11-13 00:32 - 2013-06-28 18:51 - 00000000 ____D C:\Users\Christian\AppData\Local\ASUS
2013-11-13 00:10 - 2013-11-13 00:10 - 00017408 _____ C:\Users\Dominika\AppData\Local\WebpageIcons.db
2013-11-13 00:10 - 2013-11-13 00:10 - 00001257 _____ C:\Users\Dominika\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Kaspersky PURE 2.0.lnk
2013-11-13 00:10 - 2013-11-13 00:10 - 00000000 ___RD C:\Backup
2013-11-12 23:58 - 2013-11-12 23:58 - 00153053 _____ C:\Windows\system32\Drivers\klin.dat
2013-11-12 23:58 - 2013-11-12 23:58 - 00107384 _____ C:\Windows\system32\Drivers\klick.dat
2013-11-12 23:57 - 2013-11-12 23:57 - 00636760 _____ (Kaspersky Lab) C:\Windows\system32\Drivers\klif.sys
2013-11-12 23:57 - 2013-11-12 23:57 - 00000000 ____D C:\Program Files (x86)\Kaspersky Lab
2013-11-12 23:56 - 2013-11-12 23:55 - 228105872 _____ (Kaspersky Lab) C:\Users\Dominika\Downloads\KasperskyPURE12.0.2.733de-DE-xchip.exe
2013-11-12 23:51 - 2013-08-31 15:57 - 00000000 ____D C:\Users\Dominika\AppData\Local\Facebook
2013-11-12 23:38 - 2013-11-12 23:38 - 00308880 _____ C:\Windows\system32\FNTCACHE.DAT
2013-11-12 21:28 - 2013-11-12 21:28 - 00000000 ____D C:\Windows\System32\Tasks\Safer-Networking
2013-11-12 20:38 - 2013-11-12 20:38 - 00000000 ____D C:\Users\Dominika\AppData\Roaming\Malwarebytes
2013-11-12 20:30 - 2013-11-12 20:30 - 00000000 ____D C:\Users\Christian\AppData\Roaming\Malwarebytes
2013-11-12 20:29 - 2013-11-12 20:29 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-11-12 19:56 - 2013-11-12 19:56 - 00040896 _____ C:\Users\Christian\Documents\cc_20131112_195628.reg
2013-11-12 19:56 - 2013-11-12 19:56 - 00001614 _____ C:\Users\Christian\Documents\cc_20131112_195643.reg
2013-11-12 19:56 - 2012-08-02 23:24 - 00000000 ____D C:\Windows\Panther
2013-11-12 19:55 - 2013-11-12 19:55 - 00002780 _____ C:\Windows\System32\Tasks\CCleanerSkipUAC
2013-11-12 19:55 - 2013-11-12 19:55 - 00000824 _____ C:\Users\Public\Desktop\CCleaner.lnk
2013-11-12 19:55 - 2013-11-12 19:55 - 00000000 ____D C:\Program Files\CCleaner
2013-11-12 19:54 - 2013-11-12 19:54 - 04379048 _____ (Piriform Ltd) C:\Users\Dominika\Downloads\ccsetup407.exe
2013-11-05 23:58 - 2013-07-02 13:23 - 00694232 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-11-05 23:58 - 2013-07-02 13:23 - 00078296 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-11-03 21:42 - 2013-07-09 12:49 - 00005632 _____ C:\Users\Dominika\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2013-11-02 11:20 - 2012-07-26 09:12 - 00000000 ____D C:\Windows\system32\NDF
2013-11-02 11:10 - 2013-06-28 19:48 - 00000000 ___RD C:\Users\Dominika\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2013-11-02 11:10 - 2013-06-28 19:48 - 00000000 ___RD C:\Users\Dominika\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2013-10-26 14:29 - 2013-07-19 08:48 - 00000000 ___RD C:\Users\Dominika\Downloads\Microsoft.SkypeApp_kzf8qxf38zg5c!App

Files to move or delete:
====================
C:\ProgramData\SetStretch.exe


Some content of TEMP:
====================
C:\Users\Christian\AppData\Local\Temp\Quarantine.exe


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2013-11-10 19:53

==================== End Of Log ============================
--- --- ---

--- --- ---

Und hier noch JRT:JRT Logfile:
Code:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.0.8 (11.05.2013:1)
OS: Windows 8 x64
Ran by Dominika on 24.11.2013 at 14:21:15,24
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\bonanzadealslive
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\dealplylive
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\powerpack
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\softonic
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\systweak
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\software\crossrider
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{11111111-1111-1111-1111-110411391166}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{11111111-1111-1111-1111-110411391166}



~~~ Files



~~~ Folders



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 24.11.2013 at 14:25:25,43
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
--- --- ---

schrauber 25.11.2013 08:06

ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset


Downloade Dir bitte SecurityCheck und:

  • Speichere es auf dem Desktop.
  • Starte SecurityCheck.exe und folge den Anweisungen in der DOS-Box.
  • Wenn der Scan beendet wurde sollte sich ein Textdokument (checkup.txt) öffnen.
Poste den Inhalt bitte hier.

und ein frisches FRST log bitte. Noch Probleme? :)

c-t-v 25.11.2013 20:31
Eset-Log:

ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=6606add7a144684ba4ef5dedfd61c4b9
# engine=16018
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2013-11-25 07:07:24
# local_time=2013-11-25 08:07:24 (+0100, Mitteleuropäische Zeit)
# country="United Kingdom"
# lang=1033
# osver=6.2.9200 NT
# compatibility_mode=1535 16777215 0 0 0 0 0 0
# compatibility_mode=5893 16776574 100 94 8745171 44912555 0 0
# scanned=226245
# found=0
# cleaned=0
# scan_time=4383

SecurityCheck-Log:

Results of screen317's Security Check version 0.99.76
x64 (UAC is enabled)
Internet Explorer 10
``````````````Antivirus/Firewall Check:``````````````
Kaspersky PURE 2.0
Windows Defender
Antivirus up to date! (On Access scanning disabled!)
`````````Anti-malware/Other Utilities Check:`````````
Malwarebytes Anti-Malware Version 1.75.0.1300
Google Chrome 30.0.1599.101
Google Chrome 31.0.1650.57
````````Process Check: objlist.exe by Laurent````````
Kaspersky Lab Kaspersky PURE 2.0 x64 klwtblfs.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: %
````````````````````End of Log``````````````````````

FRST-Log:
FRST Logfile:
Code:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 25-11-2013 01
Ran by Dominika (ATTENTION: The logged in user is not administrator) on PINKY on 25-11-2013 20:23:12
Running from C:\Users\Dominika\Downloads
Windows 8 (X64) OS Language: German Standard
Internet Explorer Version 10
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version8\TeamViewer.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.0.1119.516_x64__8wekyb3d8bbwe\LiveComm.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPLoader.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\QuickGesture\x64\QuickGesture64.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\QuickGesture\x86\QuickGesture.exe
(AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPCenter.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(ASUS) C:\Program Files (x86)\ASUS\Splendid\ACMON.exe
(ASUSTeK) C:\Windows\SysWOW64\ACEngSvr.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
(Microsoft Corporation) C:\Windows\SysWOW64\WWAHost.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\x64\klwtblfs.exe
(Farbar) C:\Users\Dominika\Downloads\FRST64 (1).exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [HotKeysCmds] - C:\Windows\system32\hkcmd.exe [ ] ()
HKLM\...\Run: [RTHDVCPL] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12936848 2012-07-13] (Realtek Semiconductor)
HKLM\...\Run: [ACMON] - C:\Program Files (x86)\ASUS\Splendid\ACMON.exe [107192 2012-09-11] (ASUS)
HKLM\...\RunOnce: [*WerKernelReporting] - %SYSTEMROOT%\SYSTEM32\WerFault.exe -k -rq [439488 2013-07-09] (Microsoft Corporation)
HKLM-x32\...\Runonce: [Del506750031] - cmd.exe /Q /D /c del "C:\Users\CHRIST~1\AppData\Local\Temp\0.del" [x]
HKLM-x32\...\Runonce: [Del507652593] - cmd.exe /Q /D /c del "C:\Users\CHRIST~1\AppData\Local\Temp\0.del" [x]
HKLM-x32\...\RunOnce: [Malwarebytes Anti-Malware] - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent [532040 2013-04-04] (Malwarebytes Corporation)
HKLM-x32\...\RunOnce: [Malwarebytes Anti-Malware (cleanup)] - rundll32.exe "C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware\cleanup.dll",ProcessCleanupScript [1127496 2013-04-04] (Malwarebytes Corporation)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
Winlogon\Notify\klogon: C:\Windows\System32\klogon.dll (Kaspersky Lab ZAO)
HKCU\...\Run: [Facebook Update] - C:\Users\Dominika\AppData\Local\Facebook\Update\FacebookUpdate.exe [138096 2013-08-31] (Facebook Inc.)
HKCU\...\Run: [EPSON BX320FW Series] - C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIGIE.EXE /FU "C:\Windows\TEMP\E_S2CA3.tmp" /EF "HKCU"
MountPoints2: {173ecd98-5114-11e2-be6a-806e6f6e6963} - "E:\tools\shelexec.exe" html\index.htm
MountPoints2: {65663023-2cdc-11e3-be89-08606e150c71} - "F:\AutoRun.exe"
MountPoints2: {65663063-2cdc-11e3-be89-08606e150c71} - "F:\AutoRun.exe"
MountPoints2: {656630c0-2cdc-11e3-be89-08606e150c71} - "F:\AutoRun.exe"
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\reader_sl.exe [35736 2010-11-15] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [932288 2010-11-15] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [RemoteControl10] - C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [91432 2012-03-28] (CyberLink Corp.)
HKLM-x32\...\Run: [ASUSWebStorage] - C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.9.120\AsusWSPanel.exe [3417984 2012-08-28] (ASUS Cloud Corporation)
HKLM-x32\...\Run: [CLMLServer] - C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe [107816 2011-03-09] (CyberLink)
HKLM-x32\...\Run: [AVP] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\avp.exe [202328 2012-08-30] (Kaspersky Lab ZAO)
AppInit_DLLs: C:\Windows\System32\nvinitx.dll [247144 2012-10-08] (NVIDIA Corporation)
AppInit_DLLs-x32: c:\windows\syswow64\nvinit.dll [202600 2012-10-08] (NVIDIA Corporation)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = MSN Deutschland: Aktuelle Nachrichten, Outlook.com Email und Skype Login.
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN Deutschland: Aktuelle Nachrichten, Outlook.com Email und Skype Login.
SearchScopes: HKLM - DefaultScope {C55EEF2C-0084-4630-BEA3-11867E1B974F} URL = hxxp://i.search.metacrawler.com/results.php?f=4&q={searchTerms}&a=ironmc2&cd=2XzuyEtN2Y1L1QzutBtDtCyC0DzzzztCyEzzyDyE0C0Ezz0EtN0D0Tzu0CyCzztBtN1L2XzutBtFtBtFzztFtCtByEyBtN1L1Czu&cr=1892327773&ir=
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&amp;form=IE10TR&amp;src=IE10TR&amp;pc=ASU2JS
SearchScopes: HKLM - {748E7576-3E23-1876-F1A7-3CA2A3D4A49D} URL = hxxp://www.sm.de/?q={searchTerms}
SearchScopes: HKLM - {C55EEF2C-0084-4630-BEA3-11867E1B974F} URL = hxxp://i.search.metacrawler.com/results.php?f=4&q={searchTerms}&a=ironmc2&cd=2XzuyEtN2Y1L1QzutBtDtCyC0DzzzztCyEzzyDyE0C0Ezz0EtN0D0Tzu0CyCzztBtN1L2XzutBtFtBtFzztFtCtByEyBtN1L1Czu&cr=1892327773&ir=
SearchScopes: HKLM-x32 - {608889CF-3073-CBE3-69B3-610FA11DDAA2} URL = hxxp://www.bing.com/search?q={searchTerms}&amp;form=IE10TR&amp;src=IE10TR&amp;pc=ASU2JS
SearchScopes: HKCU - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: TubeSaver-15 - {11111111-1111-1111-1111-110411391166} - C:\Program Files (x86)\TubeSaver-15\TubeSaver-15-bho64.dll No File
BHO: IEVkbdBHO Class - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\x64\ievkbd.dll (Kaspersky Lab ZAO)
BHO: FilterBHO Class - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\x64\klwtbbho.dll (Kaspersky Lab ZAO)
BHO-x32: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: IEVkbdBHO Class - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\ievkbd.dll (Kaspersky Lab ZAO)
BHO-x32: FilterBHO Class - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\klwtbbho.dll (Kaspersky Lab ZAO)
Toolbar: HKLM-x32 - metacrawler  Toolbar - {7EACAC38-B7F6-4514-9DC1-3428A7964ABD} - C:\Program Files (x86)\metaCrawler\1.8.19.0\metacrawlerTlbr.dll No File
Tcpip\Parameters: [DhcpNameServer] 192.168.13.1

Chrome:
=======
CHR RestoreOnStartup: "hxxp://www.google.de/"
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.57\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.57\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.57\pdf.dll ()
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.149\npGoogleUpdate3.dll No File
CHR Plugin: (Intel\u00AE Identity Protection Technology) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
CHR Plugin: (Intel\u00AE Identity Protection Technology) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
CHR Plugin: (McAfee SecurityCenter) - c:\PROGRA~2\mcafee\msc\NPMCSN~1.DLL No File
CHR Extension: (Google Docs) - C:\Users\Dominika\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0
CHR Extension: (Google Drive) - C:\Users\Dominika\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0
CHR Extension: (YouTube) - C:\Users\Dominika\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0
CHR Extension: (Google Search) - C:\Users\Dominika\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0
CHR Extension: (Kaspersky URL Advisor) - C:\Users\Dominika\AppData\Local\Google\Chrome\User Data\Default\Extensions\dchlnpcodkpfdpacogkljefecpegganj\12.0.2.733_0
CHR Extension: (VTchromizer) - C:\Users\Dominika\AppData\Local\Google\Chrome\User Data\Default\Extensions\efbjojhplkelaegfbieplglfidafgoka\1.2_0
CHR Extension: (Virtual Keyboard) - C:\Users\Dominika\AppData\Local\Google\Chrome\User Data\Default\Extensions\jagncdcchgajhfhijbbhecadmaiegcmh\12.0.2.733_0
CHR Extension: (WEB.DE MailCheck) - C:\Users\Dominika\AppData\Local\Google\Chrome\User Data\Default\Extensions\jaogepninmlbinccpbiakcgiolijlllo\1.3_0
CHR Extension: (Google Wallet) - C:\Users\Dominika\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.5.0_0
CHR Extension: (Gmail) - C:\Users\Dominika\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0
CHR Extension: (Anti-Banner) - C:\Users\Dominika\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjldcfjmnllhmgjclecdnfampinooman\12.0.2.733_0
CHR HKLM-x32\...\Chrome\Extension: [dchlnpcodkpfdpacogkljefecpegganj] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\ChromeExt\urladvisor.crx
CHR HKLM-x32\...\Chrome\Extension: [jagncdcchgajhfhijbbhecadmaiegcmh] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\ChromeExt\virtkbd.crx
CHR HKLM-x32\...\Chrome\Extension: [pjldcfjmnllhmgjclecdnfampinooman] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\ChromeExt\ab.crx

==================== Services (Whitelisted) =================

R2 ASUS InstantOn; C:\Program Files (x86)\ASUS\ASUS InstantOn\InsOnSrv.exe [277120 2012-04-13] (ASUS)
S2 AVP; C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\avp.exe [202328 2012-08-30] (Kaspersky Lab ZAO)
R2 CSObjectsSrv; C:\Program Files (x86)\Common Files\InfoWatch\CryptoStorage\ProtectedObjectsSrv.exe [743992 2009-12-21] (Infowatch)
R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [129856 2012-06-27] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [166720 2012-06-25] (Intel Corporation)
R2 lmhosts; C:\Windows\system32\svchost.exe [29696 2012-09-20] (Microsoft Corporation)
S2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
R2 NlaSvc; C:\Windows\System32\svchost.exe [29696 2012-09-20] (Microsoft Corporation)
R2 nsi; C:\Windows\system32\svchost.exe [29696 2012-09-20] (Microsoft Corporation)
R2 TGCM_ImportWiFiSvc; C:\Program Files (x86)\o2\Mobile Connection Manager\ImpWiFiSvc.exe [200624 2010-09-29] (Telefónica I+D)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [16048 2013-07-02] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

R3 ATP; C:\Windows\System32\drivers\AsusTP.sys [61824 2012-10-31] (ASUS Corporation)
R0 CSCrySec; C:\Windows\System32\DRIVERS\CSCrySec.sys [85048 2009-12-14] (Infowatch)
R1 CSVirtualDiskDrv; C:\Windows\system32\DRIVERS\CSVirtualDiskDrv.sys [66104 2009-12-14] (Infowatch)
S3 ewusbnet; C:\Windows\system32\DRIVERS\ewusbnet.sys [256000 2010-08-31] (Huawei Technologies Co., Ltd.)
R3 kbfiltr; C:\Windows\System32\drivers\kbfiltr.sys [14992 2012-08-02] ( )
R0 KL1; C:\Windows\system32\DRIVERS\kl1.sys [458032 2011-10-20] (Kaspersky Lab ZAO)
R1 kl2; C:\Windows\system32\DRIVERS\kl2.sys [13616 2011-10-20] (Kaspersky Lab ZAO)
R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [636760 2013-11-12] (Kaspersky Lab)
R1 KLIM6; C:\Windows\system32\DRIVERS\klim6.sys [29488 2011-03-10] (Kaspersky Lab ZAO)
R3 klmouflt; C:\Windows\system32\DRIVERS\klmouflt.sys [22544 2009-11-02] (Kaspersky Lab)
S3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
U0 msahci;
U5 TMUSB; C:\Windows\System32\DRIVERS\TMUSB64.SYS [63096 2013-06-06] (Seiko Epson Corporation)

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-11-25 20:22 - 2013-11-25 20:22 - 01958474 _____ (Farbar) C:\Users\Dominika\Downloads\FRST64 (1).exe
2013-11-25 20:21 - 2013-11-25 20:21 - 00000721 _____ C:\Users\Christian\Desktop\checkup.txt
2013-11-25 20:17 - 2013-11-25 20:16 - 00891184 _____ C:\Users\Dominika\Desktop\SecurityCheck.exe
2013-11-25 20:16 - 2013-11-25 20:16 - 00891184 _____ C:\Users\Dominika\Downloads\SecurityCheck.exe
2013-11-25 18:46 - 2013-11-25 18:46 - 02347384 _____ (ESET) C:\Users\Dominika\Downloads\esetsmartinstaller_enu.exe
2013-11-24 14:26 - 2013-11-24 14:26 - 00001392 _____ C:\Users\Dominika\Desktop\JRT2.txt
2013-11-24 14:25 - 2013-11-24 14:25 - 00001392 _____ C:\Users\Dominika\Desktop\JRT.txt
2013-11-24 13:26 - 2013-11-24 13:26 - 00000952 _____ C:\Users\Christian\Desktop\JRT.txt
2013-11-24 13:21 - 2013-11-24 13:21 - 00000000 ____D C:\Windows\ERUNT
2013-11-24 13:20 - 2013-11-24 13:20 - 01034531 _____ (Thisisu) C:\Users\Dominika\Desktop\JRT.exe
2013-11-24 13:19 - 2013-11-24 13:20 - 01034531 _____ (Thisisu) C:\Users\Dominika\Downloads\JRT.exe
2013-11-24 12:24 - 2013-11-24 13:12 - 00000000 ____D C:\AdwCleaner
2013-11-24 12:22 - 2013-11-24 12:23 - 01091882 _____ C:\Users\Dominika\Desktop\adwcleaner.exe
2013-11-24 12:18 - 2013-11-24 14:13 - 00032837 _____ C:\Users\Dominika\Desktop\FRST.txt
2013-11-24 09:44 - 2013-11-24 09:44 - 01958396 _____ (Farbar) C:\Users\Dominika\Downloads\FRST64.exe
2013-11-23 20:26 - 2013-11-23 20:26 - 00377856 _____ C:\Users\Dominika\Desktop\gmer_2.1.19163 (1).exe
2013-11-23 20:04 - 2013-11-23 20:04 - 00000000 ____D C:\Users\Dominika\Downloads\backups
2013-11-23 20:02 - 2013-11-23 20:02 - 00011518 _____ C:\Users\Dominika\Downloads\hijackthis.log
2013-11-23 20:01 - 2013-11-23 20:01 - 00388608 _____ (Trend Micro Inc.) C:\Users\Dominika\Downloads\HijackThis.exe
2013-11-23 16:38 - 2013-11-23 16:54 - 507388873 _____ C:\Windows\MEMORY.DMP
2013-11-23 16:34 - 2013-11-23 16:34 - 00377856 _____ C:\Users\Dominika\Downloads\gmer_2.1.19163.exe
2013-11-23 16:29 - 2013-11-25 20:23 - 00013101 _____ C:\Users\Dominika\Downloads\FRST.txt
2013-11-23 16:29 - 2013-11-23 16:29 - 00000000 ____D C:\FRST
2013-11-23 16:27 - 2013-11-23 16:27 - 00050477 _____ C:\Users\Dominika\Downloads\Defogger.exe
2013-11-23 16:27 - 2013-11-23 16:27 - 00000480 _____ C:\Users\Dominika\Downloads\defogger_disable.log
2013-11-23 16:27 - 2013-11-23 16:27 - 00000000 _____ C:\Users\Christian\defogger_reenable
2013-11-23 16:23 - 2013-11-23 20:41 - 00000000 ____D C:\Users\Dominika\Documents\ViRus
2013-11-23 16:04 - 2013-11-23 16:04 - 00142981 _____ C:\Users\Dominika\Downloads\vtuploader2.0setup.exe
2013-11-23 16:04 - 2013-11-23 16:04 - 00000000 ____D C:\Users\Dominika\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VirusTotal Uploader 2.0
2013-11-23 08:19 - 2013-10-02 00:37 - 02035712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2013-11-23 08:19 - 2013-10-02 00:26 - 02304512 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2013-11-23 08:19 - 2013-08-23 08:22 - 02062848 _____ (Microsoft Corporation) C:\Windows\system32\d3d11.dll
2013-11-23 08:19 - 2013-08-23 02:44 - 01711616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d11.dll
2013-11-22 23:32 - 2013-11-22 23:32 - 00000000 ___HD C:\$SysReset
2013-11-22 23:28 - 2013-11-22 23:28 - 00000000 _____ C:\Recovery.txt
2013-11-13 19:59 - 2013-11-13 19:59 - 00001111 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2013-11-13 19:59 - 2013-04-04 14:50 - 00025928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2013-11-13 19:57 - 2013-11-13 19:58 - 10285040 _____ (Malwarebytes Corporation                                    ) C:\Users\Dominika\Downloads\mbam-setup-1.75.0.1300.exe
2013-11-13 00:50 - 2013-11-13 00:50 - 00000000 ____D C:\Users\Christian\AppData\Local\Avg2014
2013-11-13 00:10 - 2013-11-13 00:10 - 00017408 _____ C:\Users\Dominika\AppData\Local\WebpageIcons.db
2013-11-13 00:10 - 2013-11-13 00:10 - 00001257 _____ C:\Users\Dominika\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Kaspersky PURE 2.0.lnk
2013-11-13 00:10 - 2013-11-13 00:10 - 00000000 ___RD C:\Backup
2013-11-12 23:58 - 2013-11-12 23:58 - 00153053 _____ C:\Windows\system32\Drivers\klin.dat
2013-11-12 23:58 - 2013-11-12 23:58 - 00107384 _____ C:\Windows\system32\Drivers\klick.dat
2013-11-12 23:58 - 2009-12-14 12:44 - 00085048 _____ (Infowatch) C:\Windows\system32\Drivers\CSCrySec.sys
2013-11-12 23:58 - 2009-12-14 12:44 - 00066104 _____ (Infowatch) C:\Windows\system32\Drivers\CSVirtualDiskDrv.sys
2013-11-12 23:57 - 2013-11-25 18:44 - 00000000 ____D C:\ProgramData\Kaspersky Lab
2013-11-12 23:57 - 2013-11-12 23:57 - 00636760 _____ (Kaspersky Lab) C:\Windows\system32\Drivers\klif.sys
2013-11-12 23:57 - 2013-11-12 23:57 - 00000000 ____D C:\Program Files (x86)\Kaspersky Lab
2013-11-12 23:55 - 2013-11-12 23:56 - 228105872 _____ (Kaspersky Lab) C:\Users\Dominika\Downloads\KasperskyPURE12.0.2.733de-DE-xchip.exe
2013-11-12 23:38 - 2013-11-12 23:38 - 00308880 _____ C:\Windows\system32\FNTCACHE.DAT
2013-11-12 21:28 - 2013-11-13 00:35 - 00000000 ____D C:\ProgramData\Spybot - Search & Destroy
2013-11-12 21:28 - 2013-11-13 00:35 - 00000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy 2
2013-11-12 20:38 - 2013-11-12 20:38 - 00000000 ____D C:\Users\Dominika\AppData\Roaming\Malwarebytes
2013-11-12 20:30 - 2013-11-12 20:30 - 00000000 ____D C:\Users\Christian\AppData\Roaming\Malwarebytes
2013-11-12 20:29 - 2013-11-13 19:59 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-11-12 20:29 - 2013-11-12 20:29 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-11-12 20:27 - 2013-11-13 00:35 - 00000000 ____D C:\Program Files (x86)\COMPUTERBILD-Abzockschutz
2013-11-12 20:14 - 2013-11-23 08:24 - 00436623 _____ C:\Windows\WindowsUpdate.log
2013-11-12 20:05 - 2013-11-24 12:13 - 00091862 _____ C:\Windows\PFRO.log
2013-11-12 19:56 - 2013-11-12 19:56 - 00040896 _____ C:\Users\Christian\Documents\cc_20131112_195628.reg
2013-11-12 19:56 - 2013-11-12 19:56 - 00001614 _____ C:\Users\Christian\Documents\cc_20131112_195643.reg
2013-11-12 19:55 - 2013-11-12 19:55 - 00000824 _____ C:\Users\Public\Desktop\CCleaner.lnk
2013-11-12 19:55 - 2013-11-12 19:55 - 00000000 ____D C:\Program Files\CCleaner
2013-11-12 19:54 - 2013-11-12 19:54 - 04379048 _____ (Piriform Ltd) C:\Users\Dominika\Downloads\ccsetup407.exe
2013-11-12 17:23 - 2013-11-22 22:18 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2013-10-31 20:57 - 2013-08-03 07:40 - 01374208 _____ (Microsoft Corporation) C:\Windows\system32\wdc.dll
2013-10-31 20:57 - 2013-08-03 07:40 - 00566784 _____ (Microsoft Corporation) C:\Windows\system32\wvc.dll
2013-10-31 20:57 - 2013-08-03 07:40 - 00462336 _____ (Microsoft Corporation) C:\Windows\system32\sysmon.ocx
2013-10-31 20:57 - 2013-08-03 06:14 - 00399360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sysmon.ocx
2013-10-31 20:57 - 2013-08-03 06:13 - 01245696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdc.dll
2013-10-31 20:57 - 2013-08-03 06:13 - 00437248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wvc.dll
2013-10-31 20:56 - 2013-08-10 06:21 - 00448512 _____ (Microsoft Corporation) C:\Windows\system32\SettingSync.dll
2013-10-31 20:56 - 2013-08-10 06:21 - 00128512 _____ (Microsoft Corporation) C:\Windows\system32\SettingSyncInfo.dll
2013-10-31 20:56 - 2013-08-10 04:58 - 00356352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SettingSync.dll
2013-10-31 20:56 - 2013-08-02 07:28 - 19758080 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2013-10-31 20:56 - 2013-08-02 07:28 - 10116608 _____ (Microsoft Corporation) C:\Windows\system32\twinui.dll
2013-10-31 20:56 - 2013-08-02 07:28 - 00222208 _____ (Microsoft Corporation) C:\Windows\system32\shdocvw.dll
2013-10-31 20:56 - 2013-08-02 06:08 - 17561088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2013-10-31 20:56 - 2013-08-02 06:08 - 08858112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\twinui.dll
2013-10-31 20:56 - 2013-08-02 06:08 - 00199168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shdocvw.dll
2013-10-31 20:56 - 2013-08-01 11:41 - 02233688 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2013-10-31 20:56 - 2013-07-31 00:30 - 00386923 _____ C:\Windows\system32\ApnDatabase.xml
2013-10-31 20:56 - 2013-07-25 00:10 - 00158208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mbsmsapi.dll
2013-10-31 20:56 - 2013-07-25 00:06 - 00225280 _____ (Microsoft Corporation) C:\Windows\system32\mbsmsapi.dll
2013-10-31 20:56 - 2013-04-10 00:17 - 01125888 _____ (Microsoft Corporation) C:\Windows\system32\msctf.dll
2013-10-31 20:56 - 2013-04-09 23:29 - 00893952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msctf.dll

==================== One Month Modified Files and Folders =======

2013-11-25 20:24 - 2013-11-23 16:29 - 00013101 _____ C:\Users\Dominika\Downloads\FRST.txt
2013-11-25 20:22 - 2013-11-25 20:22 - 01958474 _____ (Farbar) C:\Users\Dominika\Downloads\FRST64 (1).exe
2013-11-25 20:21 - 2013-11-25 20:21 - 00000721 _____ C:\Users\Christian\Desktop\checkup.txt
2013-11-25 20:16 - 2013-11-25 20:17 - 00891184 _____ C:\Users\Dominika\Desktop\SecurityCheck.exe
2013-11-25 20:16 - 2013-11-25 20:16 - 00891184 _____ C:\Users\Dominika\Downloads\SecurityCheck.exe
2013-11-25 20:16 - 2013-09-07 06:10 - 02364928 ___SH C:\Users\Dominika\Downloads\Thumbs.db
2013-11-25 20:02 - 2013-08-31 15:57 - 00000952 _____ C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-765202011-3612337005-3621334673-1005UA.job
2013-11-25 20:00 - 2012-07-26 09:12 - 00000000 ____D C:\Windows\system32\sru
2013-11-25 19:39 - 2013-06-28 21:24 - 00001128 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-11-25 18:46 - 2013-11-25 18:46 - 02347384 _____ (ESET) C:\Users\Dominika\Downloads\esetsmartinstaller_enu.exe
2013-11-25 18:44 - 2013-11-12 23:57 - 00000000 ____D C:\ProgramData\Kaspersky Lab
2013-11-25 18:44 - 2013-06-28 21:24 - 00001124 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-11-25 18:44 - 2013-06-28 19:49 - 00000408 _____ C:\Users\Dominika\AppData\Roaming\sp_data.sys
2013-11-25 18:44 - 2013-06-28 19:45 - 00000000 ____D C:\Users\Dominika
2013-11-24 14:26 - 2013-11-24 14:26 - 00001392 _____ C:\Users\Dominika\Desktop\JRT2.txt
2013-11-24 14:25 - 2013-11-24 14:25 - 00001392 _____ C:\Users\Dominika\Desktop\JRT.txt
2013-11-24 14:13 - 2013-11-24 12:18 - 00032837 _____ C:\Users\Dominika\Desktop\FRST.txt
2013-11-24 14:09 - 2012-07-26 08:22 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-11-24 13:26 - 2013-11-24 13:26 - 00000952 _____ C:\Users\Christian\Desktop\JRT.txt
2013-11-24 13:21 - 2013-11-24 13:21 - 00000000 ____D C:\Windows\ERUNT
2013-11-24 13:20 - 2013-11-24 13:20 - 01034531 _____ (Thisisu) C:\Users\Dominika\Desktop\JRT.exe
2013-11-24 13:20 - 2013-11-24 13:19 - 01034531 _____ (Thisisu) C:\Users\Dominika\Downloads\JRT.exe
2013-11-24 13:12 - 2013-11-24 12:24 - 00000000 ____D C:\AdwCleaner
2013-11-24 13:12 - 2013-09-30 08:33 - 00000601 _____ C:\Users\Christian\Desktop\Search.lnk
2013-11-24 12:23 - 2013-11-24 12:22 - 01091882 _____ C:\Users\Dominika\Desktop\adwcleaner.exe
2013-11-24 12:13 - 2013-11-12 20:05 - 00091862 _____ C:\Windows\PFRO.log
2013-11-24 09:44 - 2013-11-24 09:44 - 01958396 _____ (Farbar) C:\Users\Dominika\Downloads\FRST64.exe
2013-11-23 20:41 - 2013-11-23 16:23 - 00000000 ____D C:\Users\Dominika\Documents\ViRus
2013-11-23 20:26 - 2013-11-23 20:26 - 00377856 _____ C:\Users\Dominika\Desktop\gmer_2.1.19163 (1).exe
2013-11-23 20:04 - 2013-11-23 20:04 - 00000000 ____D C:\Users\Dominika\Downloads\backups
2013-11-23 20:02 - 2013-11-23 20:02 - 00011518 _____ C:\Users\Dominika\Downloads\hijackthis.log
2013-11-23 20:01 - 2013-11-23 20:01 - 00388608 _____ (Trend Micro Inc.) C:\Users\Dominika\Downloads\HijackThis.exe
2013-11-23 20:01 - 2013-06-28 19:48 - 00000000 ____D C:\Users\Dominika\AppData\Local\VirtualStore
2013-11-23 18:38 - 2012-07-26 09:12 - 00000000 ____D C:\Windows\rescache
2013-11-23 17:02 - 2013-08-31 15:57 - 00000930 _____ C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-765202011-3612337005-3621334673-1005Core.job
2013-11-23 16:54 - 2013-11-23 16:38 - 507388873 _____ C:\Windows\MEMORY.DMP
2013-11-23 16:54 - 2013-07-08 03:11 - 00000000 ____D C:\Windows\Minidump
2013-11-23 16:34 - 2013-11-23 16:34 - 00377856 _____ C:\Users\Dominika\Downloads\gmer_2.1.19163.exe
2013-11-23 16:29 - 2013-11-23 16:29 - 00000000 ____D C:\FRST
2013-11-23 16:27 - 2013-11-23 16:27 - 00050477 _____ C:\Users\Dominika\Downloads\Defogger.exe
2013-11-23 16:27 - 2013-11-23 16:27 - 00000480 _____ C:\Users\Dominika\Downloads\defogger_disable.log
2013-11-23 16:27 - 2013-11-23 16:27 - 00000000 _____ C:\Users\Christian\defogger_reenable
2013-11-23 16:27 - 2013-06-28 18:51 - 00000000 ____D C:\Users\Christian
2013-11-23 16:04 - 2013-11-23 16:04 - 00142981 _____ C:\Users\Dominika\Downloads\vtuploader2.0setup.exe
2013-11-23 16:04 - 2013-11-23 16:04 - 00000000 ____D C:\Users\Dominika\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VirusTotal Uploader 2.0
2013-11-23 16:03 - 2013-06-28 21:25 - 00002249 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2013-11-23 15:47 - 2012-07-26 09:12 - 00000000 ___RD C:\Windows\ToastData
2013-11-23 08:24 - 2013-11-12 20:14 - 00436623 _____ C:\Windows\WindowsUpdate.log
2013-11-23 08:22 - 2013-07-15 11:10 - 00000000 ____D C:\Windows\system32\MRT
2013-11-23 08:21 - 2013-06-29 11:15 - 82896128 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2013-11-23 08:19 - 2012-07-26 09:12 - 00000000 ____D C:\Windows\AUInstallAgent
2013-11-23 08:13 - 2012-08-03 00:02 - 00753134 _____ C:\Windows\system32\perfh007.dat
2013-11-23 08:13 - 2012-08-03 00:02 - 00155826 _____ C:\Windows\system32\perfc007.dat
2013-11-23 08:13 - 2012-07-26 08:28 - 01745416 _____ C:\Windows\system32\PerfStringBackup.INI
2013-11-23 08:06 - 2012-12-28 18:41 - 00000000 ____D C:\Windows\SysWOW64\NV
2013-11-23 08:06 - 2012-12-28 18:41 - 00000000 ____D C:\Windows\system32\NV
2013-11-22 23:32 - 2013-11-22 23:32 - 00000000 ___HD C:\$SysReset
2013-11-22 23:28 - 2013-11-22 23:28 - 00000000 _____ C:\Recovery.txt
2013-11-22 22:36 - 2012-07-26 09:12 - 00000000 ____D C:\Windows\SysWOW64\en-GB
2013-11-22 22:19 - 2012-07-26 09:12 - 00000000 ____D C:\Windows\WinStore
2013-11-22 22:18 - 2013-11-12 17:23 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2013-11-22 22:17 - 2012-07-26 09:12 - 00000000 ____D C:\Windows\registration
2013-11-22 22:16 - 2013-06-28 21:24 - 00000000 ____D C:\Users\Christian\AppData\Local\Google
2013-11-22 22:16 - 2013-06-28 21:24 - 00000000 ____D C:\Program Files (x86)\Google
2013-11-13 19:59 - 2013-11-13 19:59 - 00001111 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2013-11-13 19:59 - 2013-11-12 20:29 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-11-13 19:58 - 2013-11-13 19:57 - 10285040 _____ (Malwarebytes Corporation                                    ) C:\Users\Dominika\Downloads\mbam-setup-1.75.0.1300.exe
2013-11-13 00:50 - 2013-11-13 00:50 - 00000000 ____D C:\Users\Christian\AppData\Local\Avg2014
2013-11-13 00:37 - 2012-07-26 09:12 - 00000000 __RHD C:\Users\Public\Libraries
2013-11-13 00:35 - 2013-11-12 21:28 - 00000000 ____D C:\ProgramData\Spybot - Search & Destroy
2013-11-13 00:35 - 2013-11-12 21:28 - 00000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy 2
2013-11-13 00:35 - 2013-11-12 20:27 - 00000000 ____D C:\Program Files (x86)\COMPUTERBILD-Abzockschutz
2013-11-13 00:32 - 2013-06-28 18:51 - 00000000 ____D C:\Users\Christian\AppData\Local\Packages
2013-11-13 00:32 - 2013-06-28 18:51 - 00000000 ____D C:\Users\Christian\AppData\Local\ASUS
2013-11-13 00:10 - 2013-11-13 00:10 - 00017408 _____ C:\Users\Dominika\AppData\Local\WebpageIcons.db
2013-11-13 00:10 - 2013-11-13 00:10 - 00001257 _____ C:\Users\Dominika\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Kaspersky PURE 2.0.lnk
2013-11-13 00:10 - 2013-11-13 00:10 - 00000000 ___RD C:\Backup
2013-11-12 23:58 - 2013-11-12 23:58 - 00153053 _____ C:\Windows\system32\Drivers\klin.dat
2013-11-12 23:58 - 2013-11-12 23:58 - 00107384 _____ C:\Windows\system32\Drivers\klick.dat
2013-11-12 23:57 - 2013-11-12 23:57 - 00636760 _____ (Kaspersky Lab) C:\Windows\system32\Drivers\klif.sys
2013-11-12 23:57 - 2013-11-12 23:57 - 00000000 ____D C:\Program Files (x86)\Kaspersky Lab
2013-11-12 23:56 - 2013-11-12 23:55 - 228105872 _____ (Kaspersky Lab) C:\Users\Dominika\Downloads\KasperskyPURE12.0.2.733de-DE-xchip.exe
2013-11-12 23:51 - 2013-08-31 15:57 - 00000000 ____D C:\Users\Dominika\AppData\Local\Facebook
2013-11-12 23:38 - 2013-11-12 23:38 - 00308880 _____ C:\Windows\system32\FNTCACHE.DAT
2013-11-12 20:38 - 2013-11-12 20:38 - 00000000 ____D C:\Users\Dominika\AppData\Roaming\Malwarebytes
2013-11-12 20:30 - 2013-11-12 20:30 - 00000000 ____D C:\Users\Christian\AppData\Roaming\Malwarebytes
2013-11-12 20:29 - 2013-11-12 20:29 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-11-12 19:56 - 2013-11-12 19:56 - 00040896 _____ C:\Users\Christian\Documents\cc_20131112_195628.reg
2013-11-12 19:56 - 2013-11-12 19:56 - 00001614 _____ C:\Users\Christian\Documents\cc_20131112_195643.reg
2013-11-12 19:56 - 2012-08-02 23:24 - 00000000 ____D C:\Windows\Panther
2013-11-12 19:55 - 2013-11-12 19:55 - 00000824 _____ C:\Users\Public\Desktop\CCleaner.lnk
2013-11-12 19:55 - 2013-11-12 19:55 - 00000000 ____D C:\Program Files\CCleaner
2013-11-12 19:54 - 2013-11-12 19:54 - 04379048 _____ (Piriform Ltd) C:\Users\Dominika\Downloads\ccsetup407.exe
2013-11-05 23:58 - 2013-07-02 13:23 - 00694232 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-11-05 23:58 - 2013-07-02 13:23 - 00078296 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-11-03 21:42 - 2013-07-09 12:49 - 00005632 _____ C:\Users\Dominika\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2013-11-02 11:20 - 2012-07-26 09:12 - 00000000 ____D C:\Windows\system32\NDF
2013-11-02 11:10 - 2013-06-28 19:48 - 00000000 ___RD C:\Users\Dominika\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2013-11-02 11:10 - 2013-06-28 19:48 - 00000000 ___RD C:\Users\Dominika\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2013-10-26 14:29 - 2013-07-19 08:48 - 00000000 ___RD C:\Users\Dominika\Downloads\Microsoft.SkypeApp_kzf8qxf38zg5c!App

Files to move or delete:
====================
C:\ProgramData\SetStretch.exe


Some content of TEMP:
====================
C:\Users\Christian\AppData\Local\Temp\Quarantine.exe


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== End Of Log ============================
--- --- ---
Ehrlich gesagt: ich sehe noch ne Menge Einträge, die da nicht hingehören. Mein Vorschlag: wenn es mit der nächsten Bereinigung nicht klappt, versuche ich eine Neuinstallation. Aber wie kann ich sicher sein, dass die Platte nicht noch irgendwo einen versteckten Virus hat, der sich gleich wieder mitinstalliert. Auf dem Laptop ist das Plattenhandling eh schon schwierig, zumal eine versteckte Partition existiert für Boot, Recovery oder sowas.

schrauber 26.11.2013 11:59
Reste entfernen wir jetzt.

Dazu aber bitte FRST als Admin ausführen und scannen, und bitte vom Desktop aus, sonst können wir nix fixen.

c-t-v 26.11.2013 20:13
hier das Log (sieht schon besser aus):
FRST Logfile:

FRST Logfile:
Code:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 25-11-2013 01
Ran by Christian (administrator) on PINKY on 26-11-2013 20:06:11
Running from C:\Users\Dominika\Desktop
Windows 8 (X64) OS Language: German Standard
Internet Explorer Version 10
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
(ASUS) C:\Program Files (x86)\ASUS\ASUS InstantOn\InsOnSrv.exe
(Infowatch) C:\Program Files (x86)\Common Files\InfoWatch\CryptoStorage\ProtectedObjectsSrv.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe
(Telefónica I+D) C:\Program Files (x86)\o2\Mobile Connection Manager\ImpWiFiSvc.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe
(ASUS) C:\Program Files (x86)\ASUS\ASUS InstantOn\InsOnWMI.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
(AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPLoader.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\QuickGesture\x64\QuickGesture64.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.0.1119.516_x64__8wekyb3d8bbwe\LiveComm.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\QuickGesture\x86\QuickGesture.exe
(AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPCenter.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version8\TeamViewer.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.21.165\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.21.165\GoogleCrashHandler64.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version8\tv_w32.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version8\tv_x64.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPHelper.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(ASUS) C:\Program Files (x86)\ASUS\Splendid\ACMON.exe
(ASUSTeK) C:\Windows\SysWOW64\ACEngSvr.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
(Microsoft Corporation) C:\Windows\System32\WpcMon.exe
(Microsoft Corporation) C:\Windows\System32\msiexec.exe
(Realsil Microelectronics Inc.) C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Farbar) C:\Users\Dominika\Desktop\FRST64 (1).exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [HotKeysCmds] - C:\Windows\system32\hkcmd.exe [ ] ()
HKLM\...\Run: [RTHDVCPL] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12936848 2012-07-13] (Realtek Semiconductor)
HKLM\...\Run: [ACMON] - C:\Program Files (x86)\ASUS\Splendid\ACMON.exe [107192 2012-09-11] (ASUS)
HKLM\...\RunOnce: [*WerKernelReporting] - %SYSTEMROOT%\SYSTEM32\WerFault.exe -k -rq [439488 2013-07-09] (Microsoft Corporation)
HKLM-x32\...\Runonce: [Del506750031] - cmd.exe /Q /D /c del "C:\Users\CHRIST~1\AppData\Local\Temp\0.del" [x]
HKLM-x32\...\Runonce: [Del507652593] - cmd.exe /Q /D /c del "C:\Users\CHRIST~1\AppData\Local\Temp\0.del" [x]
HKLM-x32\...\RunOnce: [Malwarebytes Anti-Malware] - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent [532040 2013-04-04] (Malwarebytes Corporation)
HKLM-x32\...\RunOnce: [Malwarebytes Anti-Malware (cleanup)] - rundll32.exe "C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware\cleanup.dll",ProcessCleanupScript [1127496 2013-04-04] (Malwarebytes Corporation)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
Winlogon\Notify\klogon: C:\Windows\System32\klogon.dll (Kaspersky Lab ZAO)
HKCU\...\Run: [Power2GoExpress] - C:\Program Files (x86)\CyberLink\Power2Go\Power2GoExpress.exe [2646504 2012-05-14] (CyberLink Corp.)
HKCU\...\RunOnce: [Report] - \AdwCleaner\AdwCleaner[S0].txt [4492 2013-11-24] ()
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\reader_sl.exe [35736 2010-11-15] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [932288 2010-11-15] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [RemoteControl10] - C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [91432 2012-03-28] (CyberLink Corp.)
HKLM-x32\...\Run: [ASUSWebStorage] - C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.9.120\AsusWSPanel.exe [3417984 2012-08-28] (ASUS Cloud Corporation)
HKLM-x32\...\Run: [CLMLServer] - C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe [107816 2011-03-09] (CyberLink)
HKLM-x32\...\Run: [AVP] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\avp.exe [202328 2012-08-30] (Kaspersky Lab ZAO)
AppInit_DLLs: C:\Windows\System32\nvinitx.dll [247144 2012-10-08] (NVIDIA Corporation)
AppInit_DLLs-x32: c:\windows\syswow64\nvinit.dll [202600 2012-10-08] (NVIDIA Corporation)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN Deutschland: Aktuelle Nachrichten, Outlook.com Email und Skype Login.
SearchScopes: HKLM - DefaultScope {C55EEF2C-0084-4630-BEA3-11867E1B974F} URL = hxxp://i.search.metacrawler.com/results.php?f=4&q={searchTerms}&a=ironmc2&cd=2XzuyEtN2Y1L1QzutBtDtCyC0DzzzztCyEzzyDyE0C0Ezz0EtN0D0Tzu0CyCzztBtN1L2XzutBtFtBtFzztFtCtByEyBtN1L1Czu&cr=1892327773&ir=
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&amp;form=IE10TR&amp;src=IE10TR&amp;pc=ASU2JS
SearchScopes: HKLM - {748E7576-3E23-1876-F1A7-3CA2A3D4A49D} URL = hxxp://www.sm.de/?q={searchTerms}
SearchScopes: HKLM - {C55EEF2C-0084-4630-BEA3-11867E1B974F} URL = hxxp://i.search.metacrawler.com/results.php?f=4&q={searchTerms}&a=ironmc2&cd=2XzuyEtN2Y1L1QzutBtDtCyC0DzzzztCyEzzyDyE0C0Ezz0EtN0D0Tzu0CyCzztBtN1L2XzutBtFtBtFzztFtCtByEyBtN1L1Czu&cr=1892327773&ir=
SearchScopes: HKLM-x32 - {608889CF-3073-CBE3-69B3-610FA11DDAA2} URL = hxxp://www.bing.com/search?q={searchTerms}&amp;form=IE10TR&amp;src=IE10TR&amp;pc=ASU2JS
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKCU - {748E7576-3E23-1876-F1A7-3CA2A3D4A49D} URL = hxxp://www.sm.de/?q={searchTerms}
SearchScopes: HKCU - {C55EEF2C-0084-4630-BEA3-11867E1B974F} URL = hxxp://i.search.metacrawler.com/results.php?f=4&q={searchTerms}&a=ironmc2&cd=2XzuyEtN2Y1L1QzutBtDtCyC0DzzzztCyEzzyDyE0C0Ezz0EtN0D0Tzu0CyCzztBtN1L2XzutBtFtBtFzztFtCtByEyBtN1L1Czu&cr=1892327773&ir=
BHO: TubeSaver-15 - {11111111-1111-1111-1111-110411391166} - C:\Program Files (x86)\TubeSaver-15\TubeSaver-15-bho64.dll No File
BHO: IEVkbdBHO Class - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\x64\ievkbd.dll (Kaspersky Lab ZAO)
BHO: FilterBHO Class - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\x64\klwtbbho.dll (Kaspersky Lab ZAO)
BHO-x32: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: IEVkbdBHO Class - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\ievkbd.dll (Kaspersky Lab ZAO)
BHO-x32: FilterBHO Class - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\klwtbbho.dll (Kaspersky Lab ZAO)
Toolbar: HKLM-x32 - metacrawler  Toolbar - {7EACAC38-B7F6-4514-9DC1-3428A7964ABD} - C:\Program Files (x86)\metaCrawler\1.8.19.0\metacrawlerTlbr.dll No File

Chrome:
=======
Error reading preferences. Please check "preferences" file for possible corruption. <======= ATTENTION
CHR Extension: () - C:\Users\CHRIST~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.0.0.6_0
CHR Extension: () - C:\Users\CHRIST~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\jhjjdgbhohaallcimgcmakfiobacimkm\1.0.0_0
CHR Extension: () - C:\Users\CHRIST~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\nikpibnbobmbdbheedjfogjlikpgpnhp\1.3.0.0_0
CHR Extension: () - C:\Users\CHRIST~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.5.0_0
CHR HKLM-x32\...\Chrome\Extension: [dchlnpcodkpfdpacogkljefecpegganj] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\ChromeExt\urladvisor.crx
CHR HKLM-x32\...\Chrome\Extension: [jagncdcchgajhfhijbbhecadmaiegcmh] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\ChromeExt\virtkbd.crx
CHR HKLM-x32\...\Chrome\Extension: [pjldcfjmnllhmgjclecdnfampinooman] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\ChromeExt\ab.crx

==================== Services (Whitelisted) =================

R2 ASUS InstantOn; C:\Program Files (x86)\ASUS\ASUS InstantOn\InsOnSrv.exe [277120 2012-04-13] (ASUS)
S2 AVP; C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\avp.exe [202328 2012-08-30] (Kaspersky Lab ZAO)
R2 CSObjectsSrv; C:\Program Files (x86)\Common Files\InfoWatch\CryptoStorage\ProtectedObjectsSrv.exe [743992 2009-12-21] (Infowatch)
R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [129856 2012-06-27] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [166720 2012-06-25] (Intel Corporation)
S2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
R2 TGCM_ImportWiFiSvc; C:\Program Files (x86)\o2\Mobile Connection Manager\ImpWiFiSvc.exe [200624 2010-09-29] (Telefónica I+D)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [16048 2013-07-02] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

R3 ATP; C:\Windows\System32\drivers\AsusTP.sys [61824 2012-10-31] (ASUS Corporation)
R0 CSCrySec; C:\Windows\System32\DRIVERS\CSCrySec.sys [85048 2009-12-14] (Infowatch)
R1 CSVirtualDiskDrv; C:\Windows\system32\DRIVERS\CSVirtualDiskDrv.sys [66104 2009-12-14] (Infowatch)
S3 ewusbnet; C:\Windows\system32\DRIVERS\ewusbnet.sys [256000 2010-08-31] (Huawei Technologies Co., Ltd.)
R3 kbfiltr; C:\Windows\System32\drivers\kbfiltr.sys [14992 2012-08-02] ( )
R0 KL1; C:\Windows\system32\DRIVERS\kl1.sys [458032 2011-10-20] (Kaspersky Lab ZAO)
R1 kl2; C:\Windows\system32\DRIVERS\kl2.sys [13616 2011-10-20] (Kaspersky Lab ZAO)
R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [636760 2013-11-12] (Kaspersky Lab)
R1 KLIM6; C:\Windows\system32\DRIVERS\klim6.sys [29488 2011-03-10] (Kaspersky Lab ZAO)
R3 klmouflt; C:\Windows\system32\DRIVERS\klmouflt.sys [22544 2009-11-02] (Kaspersky Lab)
S3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
U0 msahci;
U5 TMUSB; C:\Windows\System32\DRIVERS\TMUSB64.SYS [63096 2013-06-06] (Seiko Epson Corporation)

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-11-25 20:22 - 2013-11-25 20:22 - 01958474 _____ (Farbar) C:\Users\Dominika\Desktop\FRST64 (1).exe
2013-11-25 20:21 - 2013-11-25 20:21 - 00000721 _____ C:\Users\Christian\Desktop\checkup.txt
2013-11-25 20:17 - 2013-11-25 20:16 - 00891184 _____ C:\Users\Dominika\Desktop\SecurityCheck.exe
2013-11-25 20:16 - 2013-11-25 20:16 - 00891184 _____ C:\Users\Dominika\Downloads\SecurityCheck.exe
2013-11-25 18:46 - 2013-11-25 18:46 - 02347384 _____ (ESET) C:\Users\Dominika\Downloads\esetsmartinstaller_enu.exe
2013-11-24 14:26 - 2013-11-24 14:26 - 00001392 _____ C:\Users\Dominika\Desktop\JRT2.txt
2013-11-24 14:25 - 2013-11-24 14:25 - 00001392 _____ C:\Users\Dominika\Desktop\JRT.txt
2013-11-24 13:26 - 2013-11-24 13:26 - 00000952 _____ C:\Users\Christian\Desktop\JRT.txt
2013-11-24 13:21 - 2013-11-24 13:21 - 00000000 ____D C:\Windows\ERUNT
2013-11-24 13:20 - 2013-11-24 13:20 - 01034531 _____ (Thisisu) C:\Users\Dominika\Desktop\JRT.exe
2013-11-24 13:19 - 2013-11-24 13:20 - 01034531 _____ (Thisisu) C:\Users\Dominika\Downloads\JRT.exe
2013-11-24 12:24 - 2013-11-24 13:12 - 00000000 ____D C:\AdwCleaner
2013-11-24 12:22 - 2013-11-24 12:23 - 01091882 _____ C:\Users\Dominika\Desktop\adwcleaner.exe
2013-11-24 12:18 - 2013-11-26 20:06 - 00012661 _____ C:\Users\Dominika\Desktop\FRST.txt
2013-11-24 09:44 - 2013-11-24 09:44 - 01958396 _____ (Farbar) C:\Users\Dominika\Downloads\FRST64.exe
2013-11-23 20:26 - 2013-11-23 20:26 - 00377856 _____ C:\Users\Dominika\Desktop\gmer_2.1.19163 (1).exe
2013-11-23 20:04 - 2013-11-23 20:04 - 00000000 ____D C:\Users\Dominika\Downloads\backups
2013-11-23 20:02 - 2013-11-23 20:02 - 00011518 _____ C:\Users\Dominika\Downloads\hijackthis.log
2013-11-23 20:01 - 2013-11-23 20:01 - 00388608 _____ (Trend Micro Inc.) C:\Users\Dominika\Downloads\HijackThis.exe
2013-11-23 16:54 - 2013-11-23 16:54 - 00303096 _____ C:\Windows\Minidump\112313-19281-01.dmp
2013-11-23 16:38 - 2013-11-23 16:54 - 507388873 _____ C:\Windows\MEMORY.DMP
2013-11-23 16:38 - 2013-11-23 16:39 - 00270416 _____ C:\Windows\Minidump\112313-44937-01.dmp
2013-11-23 16:34 - 2013-11-23 16:34 - 00377856 _____ C:\Users\Dominika\Downloads\gmer_2.1.19163.exe
2013-11-23 16:29 - 2013-11-25 20:24 - 00032558 _____ C:\Users\Dominika\Downloads\FRST.txt
2013-11-23 16:29 - 2013-11-23 16:29 - 00000000 ____D C:\FRST
2013-11-23 16:27 - 2013-11-23 16:27 - 00050477 _____ C:\Users\Dominika\Downloads\Defogger.exe
2013-11-23 16:27 - 2013-11-23 16:27 - 00000480 _____ C:\Users\Dominika\Downloads\defogger_disable.log
2013-11-23 16:27 - 2013-11-23 16:27 - 00000000 _____ C:\Users\Christian\defogger_reenable
2013-11-23 16:23 - 2013-11-23 20:41 - 00000000 ____D C:\Users\Dominika\Documents\ViRus
2013-11-23 16:04 - 2013-11-23 16:04 - 00142981 _____ C:\Users\Dominika\Downloads\vtuploader2.0setup.exe
2013-11-23 16:04 - 2013-11-23 16:04 - 00000000 ____D C:\Users\Dominika\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VirusTotal Uploader 2.0
2013-11-23 08:19 - 2013-10-02 00:37 - 02035712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2013-11-23 08:19 - 2013-10-02 00:26 - 02304512 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2013-11-23 08:19 - 2013-08-23 08:22 - 02062848 _____ (Microsoft Corporation) C:\Windows\system32\d3d11.dll
2013-11-23 08:19 - 2013-08-23 02:44 - 01711616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d11.dll
2013-11-22 23:32 - 2013-11-22 23:32 - 00000000 ___HD C:\$SysReset
2013-11-22 23:28 - 2013-11-22 23:28 - 00000000 _____ C:\Recovery.txt
2013-11-22 22:54 - 2013-11-22 22:54 - 00262144 _____ C:\Windows\system32\config\userdiff
2013-11-13 19:59 - 2013-11-13 19:59 - 00001111 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2013-11-13 19:59 - 2013-04-04 14:50 - 00025928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2013-11-13 19:57 - 2013-11-13 19:58 - 10285040 _____ (Malwarebytes Corporation                                    ) C:\Users\Dominika\Downloads\mbam-setup-1.75.0.1300.exe
2013-11-13 00:50 - 2013-11-13 00:50 - 00000000 ____D C:\Users\Christian\AppData\Local\Avg2014
2013-11-13 00:10 - 2013-11-13 00:10 - 00017408 _____ C:\Users\Dominika\AppData\Local\WebpageIcons.db
2013-11-13 00:10 - 2013-11-13 00:10 - 00001257 _____ C:\Users\Dominika\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Kaspersky PURE 2.0.lnk
2013-11-13 00:10 - 2013-11-13 00:10 - 00000000 ___RD C:\Backup
2013-11-12 23:58 - 2013-11-12 23:58 - 00153053 _____ C:\Windows\system32\Drivers\klin.dat
2013-11-12 23:58 - 2013-11-12 23:58 - 00107384 _____ C:\Windows\system32\Drivers\klick.dat
2013-11-12 23:58 - 2009-12-14 12:44 - 00085048 _____ (Infowatch) C:\Windows\system32\Drivers\CSCrySec.sys
2013-11-12 23:58 - 2009-12-14 12:44 - 00066104 _____ (Infowatch) C:\Windows\system32\Drivers\CSVirtualDiskDrv.sys
2013-11-12 23:57 - 2013-11-26 20:04 - 00000000 ____D C:\ProgramData\Kaspersky Lab
2013-11-12 23:57 - 2013-11-12 23:57 - 00636760 _____ (Kaspersky Lab) C:\Windows\system32\Drivers\klif.sys
2013-11-12 23:57 - 2013-11-12 23:57 - 00000000 ____D C:\Program Files (x86)\Kaspersky Lab
2013-11-12 23:55 - 2013-11-12 23:56 - 228105872 _____ (Kaspersky Lab) C:\Users\Dominika\Downloads\KasperskyPURE12.0.2.733de-DE-xchip.exe
2013-11-12 23:38 - 2013-11-12 23:38 - 00308880 _____ C:\Windows\system32\FNTCACHE.DAT
2013-11-12 21:28 - 2013-11-13 00:35 - 00000000 ____D C:\ProgramData\Spybot - Search & Destroy
2013-11-12 21:28 - 2013-11-13 00:35 - 00000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy 2
2013-11-12 21:28 - 2013-11-12 21:28 - 00000000 ____D C:\Windows\System32\Tasks\Safer-Networking
2013-11-12 20:38 - 2013-11-12 20:38 - 00000000 ____D C:\Users\Dominika\AppData\Roaming\Malwarebytes
2013-11-12 20:30 - 2013-11-12 20:30 - 00000000 ____D C:\Users\Christian\AppData\Roaming\Malwarebytes
2013-11-12 20:29 - 2013-11-13 19:59 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-11-12 20:29 - 2013-11-12 20:29 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-11-12 20:27 - 2013-11-13 00:35 - 00000000 ____D C:\Program Files (x86)\COMPUTERBILD-Abzockschutz
2013-11-12 20:14 - 2013-11-23 08:24 - 00436623 _____ C:\Windows\WindowsUpdate.log
2013-11-12 20:05 - 2013-11-26 20:02 - 00093246 _____ C:\Windows\PFRO.log
2013-11-12 19:56 - 2013-11-12 19:56 - 00040896 _____ C:\Users\Christian\Documents\cc_20131112_195628.reg
2013-11-12 19:56 - 2013-11-12 19:56 - 00001614 _____ C:\Users\Christian\Documents\cc_20131112_195643.reg
2013-11-12 19:55 - 2013-11-12 19:55 - 00002780 _____ C:\Windows\System32\Tasks\CCleanerSkipUAC
2013-11-12 19:55 - 2013-11-12 19:55 - 00000824 _____ C:\Users\Public\Desktop\CCleaner.lnk
2013-11-12 19:55 - 2013-11-12 19:55 - 00000000 ____D C:\Program Files\CCleaner
2013-11-12 19:54 - 2013-11-12 19:54 - 04379048 _____ (Piriform Ltd) C:\Users\Dominika\Downloads\ccsetup407.exe
2013-11-12 17:23 - 2013-11-22 22:18 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2013-10-31 20:57 - 2013-08-03 07:40 - 01374208 _____ (Microsoft Corporation) C:\Windows\system32\wdc.dll
2013-10-31 20:57 - 2013-08-03 07:40 - 00566784 _____ (Microsoft Corporation) C:\Windows\system32\wvc.dll
2013-10-31 20:57 - 2013-08-03 07:40 - 00462336 _____ (Microsoft Corporation) C:\Windows\system32\sysmon.ocx
2013-10-31 20:57 - 2013-08-03 06:14 - 00399360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sysmon.ocx
2013-10-31 20:57 - 2013-08-03 06:13 - 01245696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdc.dll
2013-10-31 20:57 - 2013-08-03 06:13 - 00437248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wvc.dll
2013-10-31 20:56 - 2013-08-10 06:21 - 00448512 _____ (Microsoft Corporation) C:\Windows\system32\SettingSync.dll
2013-10-31 20:56 - 2013-08-10 06:21 - 00128512 _____ (Microsoft Corporation) C:\Windows\system32\SettingSyncInfo.dll
2013-10-31 20:56 - 2013-08-10 04:58 - 00356352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SettingSync.dll
2013-10-31 20:56 - 2013-08-02 07:28 - 19758080 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2013-10-31 20:56 - 2013-08-02 07:28 - 10116608 _____ (Microsoft Corporation) C:\Windows\system32\twinui.dll
2013-10-31 20:56 - 2013-08-02 07:28 - 00222208 _____ (Microsoft Corporation) C:\Windows\system32\shdocvw.dll
2013-10-31 20:56 - 2013-08-02 06:08 - 17561088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2013-10-31 20:56 - 2013-08-02 06:08 - 08858112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\twinui.dll
2013-10-31 20:56 - 2013-08-02 06:08 - 00199168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shdocvw.dll
2013-10-31 20:56 - 2013-08-01 11:41 - 02233688 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2013-10-31 20:56 - 2013-07-31 00:30 - 00386923 _____ C:\Windows\system32\ApnDatabase.xml
2013-10-31 20:56 - 2013-07-25 00:10 - 00158208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mbsmsapi.dll
2013-10-31 20:56 - 2013-07-25 00:06 - 00225280 _____ (Microsoft Corporation) C:\Windows\system32\mbsmsapi.dll
2013-10-31 20:56 - 2013-04-10 00:17 - 01125888 _____ (Microsoft Corporation) C:\Windows\system32\msctf.dll
2013-10-31 20:56 - 2013-04-09 23:29 - 00893952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msctf.dll

==================== One Month Modified Files and Folders =======

2013-11-26 20:06 - 2013-11-24 12:18 - 00012661 _____ C:\Users\Dominika\Desktop\FRST.txt
2013-11-26 20:05 - 2013-09-07 06:10 - 02364928 ___SH C:\Users\Dominika\Downloads\Thumbs.db
2013-11-26 20:04 - 2013-11-12 23:57 - 00000000 ____D C:\ProgramData\Kaspersky Lab
2013-11-26 20:03 - 2013-06-28 21:24 - 00001124 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-11-26 20:03 - 2013-06-28 19:49 - 00000408 _____ C:\Users\Dominika\AppData\Roaming\sp_data.sys
2013-11-26 20:03 - 2013-06-28 19:45 - 00000000 ____D C:\Users\Dominika
2013-11-26 20:02 - 2013-11-12 20:05 - 00093246 _____ C:\Windows\PFRO.log
2013-11-26 20:02 - 2013-08-31 15:57 - 00000952 _____ C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-765202011-3612337005-3621334673-1005UA.job
2013-11-26 20:02 - 2012-07-26 08:22 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-11-26 20:02 - 2012-07-26 06:26 - 00524288 ___SH C:\Windows\system32\config\BBI
2013-11-26 20:00 - 2012-07-26 09:12 - 00000000 ____D C:\Windows\system32\sru
2013-11-26 19:39 - 2013-06-28 21:24 - 00001128 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-11-26 17:02 - 2013-08-31 15:57 - 00000930 _____ C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-765202011-3612337005-3621334673-1005Core.job
2013-11-25 20:24 - 2013-11-23 16:29 - 00032558 _____ C:\Users\Dominika\Downloads\FRST.txt
2013-11-25 20:22 - 2013-11-25 20:22 - 01958474 _____ (Farbar) C:\Users\Dominika\Desktop\FRST64 (1).exe
2013-11-25 20:21 - 2013-11-25 20:21 - 00000721 _____ C:\Users\Christian\Desktop\checkup.txt
2013-11-25 20:16 - 2013-11-25 20:17 - 00891184 _____ C:\Users\Dominika\Desktop\SecurityCheck.exe
2013-11-25 20:16 - 2013-11-25 20:16 - 00891184 _____ C:\Users\Dominika\Downloads\SecurityCheck.exe
2013-11-25 20:07 - 2013-06-28 19:56 - 00003598 _____ C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-765202011-3612337005-3621334673-1005
2013-11-25 18:46 - 2013-11-25 18:46 - 02347384 _____ (ESET) C:\Users\Dominika\Downloads\esetsmartinstaller_enu.exe
2013-11-24 14:26 - 2013-11-24 14:26 - 00001392 _____ C:\Users\Dominika\Desktop\JRT2.txt
2013-11-24 14:25 - 2013-11-24 14:25 - 00001392 _____ C:\Users\Dominika\Desktop\JRT.txt
2013-11-24 13:26 - 2013-11-24 13:26 - 00000952 _____ C:\Users\Christian\Desktop\JRT.txt
2013-11-24 13:23 - 2013-06-28 18:54 - 00000000 ___RD C:\Users\Christian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2013-11-24 13:23 - 2013-06-28 18:54 - 00000000 ___RD C:\Users\Christian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2013-11-24 13:21 - 2013-11-24 13:21 - 00000000 ____D C:\Windows\ERUNT
2013-11-24 13:20 - 2013-11-24 13:20 - 01034531 _____ (Thisisu) C:\Users\Dominika\Desktop\JRT.exe
2013-11-24 13:20 - 2013-11-24 13:19 - 01034531 _____ (Thisisu) C:\Users\Dominika\Downloads\JRT.exe
2013-11-24 13:12 - 2013-11-24 12:24 - 00000000 ____D C:\AdwCleaner
2013-11-24 13:12 - 2013-09-30 08:33 - 00000601 _____ C:\Users\Christian\Desktop\Search.lnk
2013-11-24 12:23 - 2013-11-24 12:22 - 01091882 _____ C:\Users\Dominika\Desktop\adwcleaner.exe
2013-11-24 09:44 - 2013-11-24 09:44 - 01958396 _____ (Farbar) C:\Users\Dominika\Downloads\FRST64.exe
2013-11-23 20:41 - 2013-11-23 16:23 - 00000000 ____D C:\Users\Dominika\Documents\ViRus
2013-11-23 20:26 - 2013-11-23 20:26 - 00377856 _____ C:\Users\Dominika\Desktop\gmer_2.1.19163 (1).exe
2013-11-23 20:04 - 2013-11-23 20:04 - 00000000 ____D C:\Users\Dominika\Downloads\backups
2013-11-23 20:02 - 2013-11-23 20:02 - 00011518 _____ C:\Users\Dominika\Downloads\hijackthis.log
2013-11-23 20:01 - 2013-11-23 20:01 - 00388608 _____ (Trend Micro Inc.) C:\Users\Dominika\Downloads\HijackThis.exe
2013-11-23 20:01 - 2013-06-28 19:48 - 00000000 ____D C:\Users\Dominika\AppData\Local\VirtualStore
2013-11-23 18:38 - 2012-07-26 09:12 - 00000000 ____D C:\Windows\rescache
2013-11-23 16:54 - 2013-11-23 16:54 - 00303096 _____ C:\Windows\Minidump\112313-19281-01.dmp
2013-11-23 16:54 - 2013-11-23 16:38 - 507388873 _____ C:\Windows\MEMORY.DMP
2013-11-23 16:54 - 2013-07-08 03:11 - 00000000 ____D C:\Windows\Minidump
2013-11-23 16:39 - 2013-11-23 16:38 - 00270416 _____ C:\Windows\Minidump\112313-44937-01.dmp
2013-11-23 16:34 - 2013-11-23 16:34 - 00377856 _____ C:\Users\Dominika\Downloads\gmer_2.1.19163.exe
2013-11-23 16:29 - 2013-11-23 16:29 - 00000000 ____D C:\FRST
2013-11-23 16:27 - 2013-11-23 16:27 - 00050477 _____ C:\Users\Dominika\Downloads\Defogger.exe
2013-11-23 16:27 - 2013-11-23 16:27 - 00000480 _____ C:\Users\Dominika\Downloads\defogger_disable.log
2013-11-23 16:27 - 2013-11-23 16:27 - 00000000 _____ C:\Users\Christian\defogger_reenable
2013-11-23 16:27 - 2013-06-28 18:51 - 00000000 ____D C:\Users\Christian
2013-11-23 16:04 - 2013-11-23 16:04 - 00142981 _____ C:\Users\Dominika\Downloads\vtuploader2.0setup.exe
2013-11-23 16:04 - 2013-11-23 16:04 - 00000000 ____D C:\Users\Dominika\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VirusTotal Uploader 2.0
2013-11-23 16:03 - 2013-06-28 21:25 - 00002249 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2013-11-23 15:47 - 2012-07-26 09:12 - 00000000 ___RD C:\Windows\ToastData
2013-11-23 08:24 - 2013-11-12 20:14 - 00436623 _____ C:\Windows\WindowsUpdate.log
2013-11-23 08:22 - 2013-07-15 11:10 - 00000000 ____D C:\Windows\system32\MRT
2013-11-23 08:21 - 2013-06-29 11:15 - 82896128 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2013-11-23 08:19 - 2012-07-26 09:12 - 00000000 ____D C:\Windows\AUInstallAgent
2013-11-23 08:13 - 2012-08-03 00:02 - 00753134 _____ C:\Windows\system32\perfh007.dat
2013-11-23 08:13 - 2012-08-03 00:02 - 00155826 _____ C:\Windows\system32\perfc007.dat
2013-11-23 08:13 - 2012-07-26 08:28 - 01745416 _____ C:\Windows\system32\PerfStringBackup.INI
2013-11-23 08:06 - 2012-12-28 18:41 - 00000000 ____D C:\Windows\SysWOW64\NV
2013-11-23 08:06 - 2012-12-28 18:41 - 00000000 ____D C:\Windows\system32\NV
2013-11-22 23:32 - 2013-11-22 23:32 - 00000000 ___HD C:\$SysReset
2013-11-22 23:28 - 2013-11-22 23:28 - 00000000 _____ C:\Recovery.txt
2013-11-22 22:54 - 2013-11-22 22:54 - 00262144 _____ C:\Windows\system32\config\userdiff
2013-11-22 22:36 - 2012-07-26 09:12 - 00000000 ____D C:\Windows\SysWOW64\en-GB
2013-11-22 22:19 - 2012-07-26 09:12 - 00000000 ____D C:\Windows\WinStore
2013-11-22 22:18 - 2013-11-12 17:23 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2013-11-22 22:17 - 2012-07-26 09:12 - 00000000 ____D C:\Windows\registration
2013-11-22 22:16 - 2013-06-28 21:24 - 00000000 ____D C:\Users\Christian\AppData\Local\Google
2013-11-22 22:16 - 2013-06-28 21:24 - 00000000 ____D C:\Program Files (x86)\Google
2013-11-13 19:59 - 2013-11-13 19:59 - 00001111 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2013-11-13 19:59 - 2013-11-12 20:29 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-11-13 19:58 - 2013-11-13 19:57 - 10285040 _____ (Malwarebytes Corporation                                    ) C:\Users\Dominika\Downloads\mbam-setup-1.75.0.1300.exe
2013-11-13 00:50 - 2013-11-13 00:50 - 00000000 ____D C:\Users\Christian\AppData\Local\Avg2014
2013-11-13 00:37 - 2012-07-26 09:12 - 00000000 __RHD C:\Users\Public\Libraries
2013-11-13 00:35 - 2013-11-12 21:28 - 00000000 ____D C:\ProgramData\Spybot - Search & Destroy
2013-11-13 00:35 - 2013-11-12 21:28 - 00000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy 2
2013-11-13 00:35 - 2013-11-12 20:27 - 00000000 ____D C:\Program Files (x86)\COMPUTERBILD-Abzockschutz
2013-11-13 00:32 - 2013-06-28 18:51 - 00000000 ____D C:\Users\Christian\AppData\Local\Packages
2013-11-13 00:32 - 2013-06-28 18:51 - 00000000 ____D C:\Users\Christian\AppData\Local\ASUS
2013-11-13 00:10 - 2013-11-13 00:10 - 00017408 _____ C:\Users\Dominika\AppData\Local\WebpageIcons.db
2013-11-13 00:10 - 2013-11-13 00:10 - 00001257 _____ C:\Users\Dominika\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Kaspersky PURE 2.0.lnk
2013-11-13 00:10 - 2013-11-13 00:10 - 00000000 ___RD C:\Backup
2013-11-12 23:58 - 2013-11-12 23:58 - 00153053 _____ C:\Windows\system32\Drivers\klin.dat
2013-11-12 23:58 - 2013-11-12 23:58 - 00107384 _____ C:\Windows\system32\Drivers\klick.dat
2013-11-12 23:57 - 2013-11-12 23:57 - 00636760 _____ (Kaspersky Lab) C:\Windows\system32\Drivers\klif.sys
2013-11-12 23:57 - 2013-11-12 23:57 - 00000000 ____D C:\Program Files (x86)\Kaspersky Lab
2013-11-12 23:56 - 2013-11-12 23:55 - 228105872 _____ (Kaspersky Lab) C:\Users\Dominika\Downloads\KasperskyPURE12.0.2.733de-DE-xchip.exe
2013-11-12 23:51 - 2013-08-31 15:57 - 00000000 ____D C:\Users\Dominika\AppData\Local\Facebook
2013-11-12 23:38 - 2013-11-12 23:38 - 00308880 _____ C:\Windows\system32\FNTCACHE.DAT
2013-11-12 21:28 - 2013-11-12 21:28 - 00000000 ____D C:\Windows\System32\Tasks\Safer-Networking
2013-11-12 20:38 - 2013-11-12 20:38 - 00000000 ____D C:\Users\Dominika\AppData\Roaming\Malwarebytes
2013-11-12 20:30 - 2013-11-12 20:30 - 00000000 ____D C:\Users\Christian\AppData\Roaming\Malwarebytes
2013-11-12 20:29 - 2013-11-12 20:29 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-11-12 19:56 - 2013-11-12 19:56 - 00040896 _____ C:\Users\Christian\Documents\cc_20131112_195628.reg
2013-11-12 19:56 - 2013-11-12 19:56 - 00001614 _____ C:\Users\Christian\Documents\cc_20131112_195643.reg
2013-11-12 19:56 - 2012-08-02 23:24 - 00000000 ____D C:\Windows\Panther
2013-11-12 19:55 - 2013-11-12 19:55 - 00002780 _____ C:\Windows\System32\Tasks\CCleanerSkipUAC
2013-11-12 19:55 - 2013-11-12 19:55 - 00000824 _____ C:\Users\Public\Desktop\CCleaner.lnk
2013-11-12 19:55 - 2013-11-12 19:55 - 00000000 ____D C:\Program Files\CCleaner
2013-11-12 19:54 - 2013-11-12 19:54 - 04379048 _____ (Piriform Ltd) C:\Users\Dominika\Downloads\ccsetup407.exe
2013-11-05 23:58 - 2013-07-02 13:23 - 00694232 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-11-05 23:58 - 2013-07-02 13:23 - 00078296 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-11-03 21:42 - 2013-07-09 12:49 - 00005632 _____ C:\Users\Dominika\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2013-11-02 11:20 - 2012-07-26 09:12 - 00000000 ____D C:\Windows\system32\NDF
2013-11-02 11:10 - 2013-06-28 19:48 - 00000000 ___RD C:\Users\Dominika\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2013-11-02 11:10 - 2013-06-28 19:48 - 00000000 ___RD C:\Users\Dominika\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools

Files to move or delete:
====================
C:\ProgramData\SetStretch.exe


Some content of TEMP:
====================
C:\Users\Christian\AppData\Local\Temp\Quarantine.exe


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2013-11-25 20:07

==================== End Of Log ============================
--- --- ---

--- --- ---

Und MBAM hat nichts mehr gefunden gehabt!!

schrauber 27.11.2013 11:57
Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument

Code:
HKLM-x32\...\Runonce: [Del506750031] - cmd.exe /Q /D /c del "C:\Users\CHRIST~1\AppData\Local\Temp\0.del" [x]
HKLM-x32\...\Runonce: [Del507652593] - cmd.exe /Q /D /c del "C:\Users\CHRIST~1\AppData\Local\Temp\0.del" [x]
SearchScopes: HKLM - DefaultScope {C55EEF2C-0084-4630-BEA3-11867E1B974F} URL = hxxp://i.search.metacrawler.com/results.php?f=4&q={searchTerms}&a=ironmc2&cd=2XzuyEtN2Y1L1QzutBtDtCyC0DzzzztCyEzzyDyE0C0Ezz0EtN0D0Tzu0CyCzztBtN1L2XzutBtFtBtFzztFtCtByEyBtN1L1Czu&cr=1892327773&ir=
SearchScopes: HKLM - {748E7576-3E23-1876-F1A7-3CA2A3D4A49D} URL = hxxp://www.sm.de/?q={searchTerms}
SearchScopes: HKLM - {C55EEF2C-0084-4630-BEA3-11867E1B974F} URL = hxxp://i.search.metacrawler.com/results.php?f=4&q={searchTerms}&a=ironmc2&cd=2XzuyEtN2Y1L1QzutBtDtCyC0DzzzztCyEzzyDyE0C0Ezz0EtN0D0Tzu0CyCzztBtN1L2XzutBtFtBtFzztFtCtByEyBtN1L1Czu&cr=1892327773&ir=
SearchScopes: HKCU - {748E7576-3E23-1876-F1A7-3CA2A3D4A49D} URL = hxxp://www.sm.de/?q={searchTerms}
SearchScopes: HKCU - {C55EEF2C-0084-4630-BEA3-11867E1B974F} URL = hxxp://i.search.metacrawler.com/results.php?f=4&q={searchTerms}&a=ironmc2&cd=2XzuyEtN2Y1L1QzutBtDtCyC0DzzzztCyEzzyDyE0C0Ezz0EtN0D0Tzu0CyCzztBtN1L2XzutBtFtBtFzztFtCtByEyBtN1L1Czu&cr=1892327773&ir=
BHO: TubeSaver-15 - {11111111-1111-1111-1111-110411391166} - C:\Program Files (x86)\TubeSaver-15\TubeSaver-15-bho64.dll No File
Toolbar: HKLM-x32 - metacrawler  Toolbar - {7EACAC38-B7F6-4514-9DC1-3428A7964ABD} - C:\Program Files (x86)\metaCrawler\1.8.19.0\metacrawlerTlbr.dll No File
CHR Extension: () - C:\Users\CHRIST~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.0.0.6_0
CHR Extension: () - C:\Users\CHRIST~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\jhjjdgbhohaallcimgcmakfiobacimkm\1.0.0_0
CHR Extension: () - C:\Users\CHRIST~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\nikpibnbobmbdbheedjfogjlikpgpnhp\1.3.0.0_0
CHR Extension: () - C:\Users\CHRIST~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.5.0_0
2013-11-26 20:02 - 2013-08-31 15:57 - 00000952 _____ C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-765202011-3612337005-3621334673-1005UA.job
2013-11-26 17:02 - 2013-08-31 15:57 - 00000930 _____ C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-765202011-3612337005-3621334673-1005Core.job

Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
  • Starte nun FRST erneut und klicke den Entfernen Button.
  • Das Tool erstellt eine Fixlog.txt.
  • Poste mir deren Inhalt.





Fertig :)

Die Reihenfolge ist hier entscheidend.
  1. Falls Defogger benutzt wurde: Defogger nochmal starten und auf re-enable klicken.
  2. Falls Combofix benutzt wurde: (Alternativ in uninstall.exe umbenennen und starten)
    • Windowstaste + R > Combofix /Uninstall (eingeben) > OK
    • Alternative: Combofix.exe in uninstall.exe umbenennen und starten
    • Combofix wird jetzt starten, sich evtl updaten und dann alle Reste von sich selbst entfernen.
  3. Downloade Dir bitte auf jeden Fall DelFix Download DelFix auf deinen Desktop:
    • Schließe alle offenen Programme.
    • Starte die delfix.exe mit einem Doppelklick.
    • Setze vor jede Funktion ein Häkchen.
    • Klicke auf Start.
    • Hinweis: DelFix entfernt u. a. alle verwendeten Programme, die Quarantäne unserer Scanner, den Java-Cache und löscht sich abschließend selbst.
    • Starte deinen Rechner abschließend neu.
  4. Sollten jetzt noch Programme aus unserer Bereinigung übrig sein kannst du sie bedenkenlos löschen.



Hier noch ein paar Tipps zur Absicherung deines Systems.


Ich kann garnicht zu oft erwähnen, wie wichtig es ist, dass dein System Up to Date ist.
  • Bitte überprüfe ob dein System Windows Updates automatisch herunter lädt
  • Windows Updates
    • Windows XP: Start --> Systemsteuerung --> Doppelklick auf Automatische Updates
    • Windows Vista / 7: Start --> Systemsteuerung --> System und Sicherheit --> Automatische Updates aktivieren oder deaktivieren
  • Gehe sicher das die automatischen Updates aktiviert sind.
  • Software Updates
    Installierte Software kann ebenfalls Sicherheitslücken haben, welche Malware nutzen kann, um dein System zu infizieren.
    Um deine Installierte Software up to date zu halten, empfehle ich dir Secunia Online Software.


Anti- Viren Software
  • Gehe sicher immer eine Anti Viren Software installiert zu haben und das diese auch up to date ist. Es ist nämlich nutzlos wenn diese out of date sind.


Zusätzlicher Schutz
  • MalwareBytes Anti Malware
    Dies ist eines der besten Anti-Malware Tools auf dem Markt. Es ist ein On- Demond Scan Tool welches viele aktuelle Malware erkennt und auch entfernt.
    Update das Tool und lass es einmal in der Woche laufen. Die Kaufversion biete zudem noch einen Hintergrundwächter.
    Ein Tutorial zur Verwendung findest Du hier.
  • WinPatrol
    Diese Software macht einen Snapshot deines Systems und warnt dich vor eventuellen Änderungen. Downloade dir die Freeware Version von hier.


Sicheres Browsen
  • SpywareBlaster
    Eine kurze Einführung findest du Hier
  • MVPs hosts file
    Ein Tutorial findest Du hier. Leider habe ich bis jetzt kein deutschsprachiges gefunden.
  • WOT (Web of trust)
    Dieses AddOn warnt Dich bevor Du eine als schädlich gemeldete Seite besuchst.


Alternative Browser

Andere Browser tendieren zu etwas mehr Sicherheit als der IE, da diese keine Active X Elemente verwenden. Diese können von Spyware zur Infektion deines Systems missbraucht werden.
  • Opera
  • Mozilla Firefox.
    • Hinweis: Für diesen Browser habe ich hier ein paar nützliche Add Ons
    • NoScript
      Dieses AddOn blockt JavaScript, Java and Flash und andere Plugins. Sie werden nur dann ausgeführt wenn Du es bestätigst.
    • AdblockPlus
      Dieses AddOn blockt die meisten Werbung von selbst. Ein Rechtsklick auf den Banner um diesen zu AdBlockPlus hinzu zu fügen reicht und dieser wird nicht mehr geladen.
      Es spart ausserdem Downloadkapazität.

Performance
Bereinige regelmäßig deine Temp Files. Ich empfehle hierzu TFC
Halte dich fern von jedlichen Registry Cleanern.
Diese Schaden deinem System mehr als sie helfen. Hier ein paar ( englishe ) Links
Miekemoes Blogspot ( MVP )
Bill Castner ( MVP )



Don'ts
  • Klicke nicht auf alles nur weil es Dich dazu auffordert und schön bunt ist.
  • verwende keine peer to peer oder Filesharing Software (Emule, uTorrent,..)
  • Lass die Finger von Cracks, Keygens, Serials oder anderer illegaler Software.
  • Öffne keine Anhänge von Dir nicht bekannten Emails. Achte vor allem auf die Dateiendung wie zb deinFoto.jpg.exe
Nun bleibt mir nur noch dir viel Spass beim sicheren Surfen zu wünschen.

Hinweis: Bitte gib mir eine kurze Rückmeldung wenn alles erledigt ist und keine Fragen mehr vorhanden sind, so das ich diesen Thread aus meinen Abos löschen kann.

c-t-v 27.11.2013 20:52
Hier das Fix-Log:

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 27-11-2013 01
Ran by Christian at 2013-11-27 20:34:04 Run:1
Running from C:\Users\Dominika\Desktop
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
HKLM-x32\...\Runonce: [Del506750031] - cmd.exe /Q /D /c del "C:\Users\CHRIST~1\AppData\Local\Temp\0.del" [x]
HKLM-x32\...\Runonce: [Del507652593] - cmd.exe /Q /D /c del "C:\Users\CHRIST~1\AppData\Local\Temp\0.del" [x]
SearchScopes: HKLM - DefaultScope {C55EEF2C-0084-4630-BEA3-11867E1B974F} URL = hxxp://i.search.metacrawler.com/results.php?f=4&q={searchTerms}&a=ironmc2&cd=2XzuyEtN2Y1L1QzutBtDtCyC0DzzzztCyEzzyDyE0C0Ezz0EtN0D0Tzu0CyCzztBtN1L2XzutBtFtBtFzztFtCtByEyBtN1L1Czu&cr=1 892327773&ir=
SearchScopes: HKLM - {748E7576-3E23-1876-F1A7-3CA2A3D4A49D} URL = hxxp://www.sm.de/?q={searchTerms}
SearchScopes: HKLM - {C55EEF2C-0084-4630-BEA3-11867E1B974F} URL = hxxp://i.search.metacrawler.com/results.php?f=4&q={searchTerms}&a=ironmc2&cd=2XzuyEtN2Y1L1QzutBtDtCyC0DzzzztCyEzzyDyE0C0Ezz0EtN0D0Tzu0CyCzztBtN1L2XzutBtFtBtFzztFtCtByEyBtN1L1Czu&cr=1 892327773&ir=
SearchScopes: HKCU - {748E7576-3E23-1876-F1A7-3CA2A3D4A49D} URL = hxxp://www.sm.de/?q={searchTerms}
SearchScopes: HKCU - {C55EEF2C-0084-4630-BEA3-11867E1B974F} URL = hxxp://i.search.metacrawler.com/results.php?f=4&q={searchTerms}&a=ironmc2&cd=2XzuyEtN2Y1L1QzutBtDtCyC0DzzzztCyEzzyDyE0C0Ezz0EtN0D0Tzu0CyCzztBtN1L2XzutBtFtBtFzztFtCtByEyBtN1L1Czu&cr=1 892327773&ir=
BHO: TubeSaver-15 - {11111111-1111-1111-1111-110411391166} - C:\Program Files (x86)\TubeSaver-15\TubeSaver-15-bho64.dll No File
Toolbar: HKLM-x32 - metacrawler Toolbar - {7EACAC38-B7F6-4514-9DC1-3428A7964ABD} - C:\Program Files (x86)\metaCrawler\1.8.19.0\metacrawlerTlbr.dll No File
CHR Extension: () - C:\Users\CHRIST~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.0.0.6_0
CHR Extension: () - C:\Users\CHRIST~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\jhjjdgbhohaallcimgcmakfiobacimkm\1.0.0_0
CHR Extension: () - C:\Users\CHRIST~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\nikpibnbobmbdbheedjfogjlikpgpnhp\1.3.0.0_0
CHR Extension: () - C:\Users\CHRIST~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.5.0_0
2013-11-26 20:02 - 2013-08-31 15:57 - 00000952 _____ C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-765202011-3612337005-3621334673-1005UA.job
2013-11-26 17:02 - 2013-08-31 15:57 - 00000930 _____ C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-765202011-3612337005-3621334673-1005Core.job

*****************

HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\\Del506750031 => Value deleted successfully.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\\Del507652593 => Value deleted successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value was restored successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{748E7576-3E23-1876-F1A7-3CA2A3D4A49D} => Key deleted successfully.
HKCR\CLSID\{748E7576-3E23-1876-F1A7-3CA2A3D4A49D} => Key not found.
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{C55EEF2C-0084-4630-BEA3-11867E1B974F} => Key deleted successfully.
HKCR\CLSID\{C55EEF2C-0084-4630-BEA3-11867E1B974F} => Key not found.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{748E7576-3E23-1876-F1A7-3CA2A3D4A49D} => Key deleted successfully.
HKCR\CLSID\{748E7576-3E23-1876-F1A7-3CA2A3D4A49D} => Key not found.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{C55EEF2C-0084-4630-BEA3-11867E1B974F} => Key deleted successfully.
HKCR\CLSID\{C55EEF2C-0084-4630-BEA3-11867E1B974F} => Key not found.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11111111-1111-1111-1111-110411391166} => Key deleted successfully.
HKCR\CLSID\{11111111-1111-1111-1111-110411391166} => Key deleted successfully.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\\{7EACAC38-B7F6-4514-9DC1-3428A7964ABD} => Value deleted successfully.
HKCR\Wow6432Node\CLSID\{7EACAC38-B7F6-4514-9DC1-3428A7964ABD} => Key deleted successfully.
C:\Users\CHRIST~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake => Moved successfully.
C:\Users\CHRIST~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\jhjjdgbhohaallcimgcmakfiobacimkm => Moved successfully.
C:\Users\CHRIST~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\nikpibnbobmbdbheedjfogjlikpgpnhp => Moved successfully.
C:\Users\CHRIST~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda => Moved successfully.
C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-765202011-3612337005-3621334673-1005UA.job => Moved successfully.
C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-765202011-3612337005-3621334673-1005Core.job => Moved successfully.

==== End of Fixlog ====

- delfix ausgeführt (hab allerdings das dazugehörige LOG-File verloren)
- combofix hatte ich wohl nicht in Benutzung
- defogger re-enabled
- Rechner neu gestartet

Ich hoffe, das war nun alles. War ja ein Riesenaufwand. Und wie kann ich den Rechner im Netz wieder unsichtbar machen? Schliesslich hab ich ihn ja ziemlich entblösst auf eurer Seite?

schrauber 28.11.2013 13:20
Zitat:
Und wie kann ich den Rechner im Netz wieder unsichtbar machen? Schliesslich hab ich ihn ja ziemlich entblösst auf eurer Seite?
Ich kann dir nicht folgen :). Entblöst ist gar nix, mit den Infos in den Logs kann kein Mensch was anfangen :)

c-t-v 28.11.2013 20:32
Hallo Schrauber

sind wir fertig?

schrauber 29.11.2013 15:39
Klar, steht doch oben :)

c-t-v 29.11.2013 19:30
Danke, kann zu!

schrauber 30.11.2013 16:57
Gern Geschehen :)


Alle Zeitangaben in WEZ +1. Es ist jetzt 23:08 Uhr.

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131