Trojaner-Board

Trojaner-Board (https://www.trojaner-board.de/)
-   Plagegeister aller Art und deren Bekämpfung (https://www.trojaner-board.de/plagegeister-aller-art-deren-bekaempfung/)
-   -   Extended Protection 2.1 lässt sich nicht entfernen (https://www.trojaner-board.de/150039-extended-protection-2-1-laesst-entfernen.html)

knüttel 20.02.2014 16:50
Extended Protection 2.1 lässt sich nicht entfernen
 
Liebe Comunity,
irgendwie ist leider die Chrome-erweiterung Extended Protection 2.1 auf meinem Laptop "gelandet" und lässt sich nichtmehr entfernen.:confused:

Ich habe bereits 2 Themen dazu hier im Forum gefunden, jedoch war ich mir unsicher ob ich einfach gleich verfahren kann oder nicht.

Über Hilfe würde ich mich sehr freuen !
Im Anschluss poste ich die nach der "Schritt für Schritt"-Anleitung geforderten Log-Dateien
:heilig:

1. Dedefogger

Code:
defogger_disable by jpshortstuff (23.02.10.1)
Log created at 16:27 on 20/02/2014 (PC)

Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.

Checking for services/drivers...


-=E.O.F=-

2. Farbar's Recovery Scan Tool


FRST Logfile:

FRST Logfile:

FRST Logfile:
Code:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 18-02-2014
Ran by PC (administrator) on PC-PC on 20-02-2014 16:30:57
Running from C:\Users\PC\Desktop
Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 11
Boot Mode: Normal


==================== Processes (Whitelisted) =================

(AMD) C:\Windows\system32\atiesrxx.exe
(AMD) C:\Windows\system32\atieclxx.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
() C:\Users\PC\AppData\Roaming\okitspace\protect\PluginProtect.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Policies\Explorer: [NoControlPanel] 0
HKU\.DEFAULT\...\RunOnce: [IsMyWinLockerReboot] - msiexec.exe /qn /x{voidguid}
HKU\S-1-5-19\...\RunOnce: [IsMyWinLockerReboot] - msiexec.exe /qn /x{voidguid}
HKU\S-1-5-20\...\RunOnce: [IsMyWinLockerReboot] - msiexec.exe /qn /x{voidguid}

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://feed.snapdo.com/?publisher=QuickOB&dpid=QuickOB&co=DE&userid=9238ecb4-3739-4695-a9f7-4eefae91bb00&searchtype=ds&q={searchTerms}&installDate=01/01/1970
HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://feed.snapdo.com/?publisher=QuickOB&dpid=QuickOB&co=DE&userid=9238ecb4-3739-4695-a9f7-4eefae91bb00&searchtype=ds&q={searchTerms}&installDate=01/01/1970
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.sweet-page.com/?type=hp&ts=1389888834&from=vit&uid=WDCXWD5000BPVT-22HXZT3_WD-WX41E81DJJ58DJJ58
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.sweet-page.com/web/?type=ds&ts=1389888834&from=vit&uid=WDCXWD5000BPVT-22HXZT3_WD-WX41E81DJJ58DJJ58&q={searchTerms}
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.sweet-page.com/?type=hp&ts=1389888834&from=vit&uid=WDCXWD5000BPVT-22HXZT3_WD-WX41E81DJJ58DJJ58
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.sweet-page.com/?type=hp&ts=1389888834&from=vit&uid=WDCXWD5000BPVT-22HXZT3_WD-WX41E81DJJ58DJJ58
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.sweet-page.com/web/?type=ds&ts=1389888834&from=vit&uid=WDCXWD5000BPVT-22HXZT3_WD-WX41E81DJJ58DJJ58&q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.sweet-page.com/web/?type=ds&ts=1389888834&from=vit&uid=WDCXWD5000BPVT-22HXZT3_WD-WX41E81DJJ58DJJ58&q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.sweet-page.com/?type=hp&ts=1389888834&from=vit&uid=WDCXWD5000BPVT-22HXZT3_WD-WX41E81DJJ58DJJ58
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.sweet-page.com/?type=hp&ts=1389888834&from=vit&uid=WDCXWD5000BPVT-22HXZT3_WD-WX41E81DJJ58DJJ58
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.sweet-page.com/web/?type=ds&ts=1389888834&from=vit&uid=WDCXWD5000BPVT-22HXZT3_WD-WX41E81DJJ58DJJ58&q={searchTerms}
StartMenuInternet: IEXPLORE.EXE - C:\Program Files\Internet Explorer\iexplore.exe hxxp://www.sweet-page.com/?type=sc&ts=1389888834&from=vit&uid=WDCXWD5000BPVT-22HXZT3_WD-WX41E81DJJ58DJJ58
SearchScopes: HKLM - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.sweet-page.com/web/?type=ds&ts=1389888834&from=vit&uid=WDCXWD5000BPVT-22HXZT3_WD-WX41E81DJJ58DJJ58&q={searchTerms}
SearchScopes: HKLM - {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.sweet-page.com/web/?type=ds&ts=1389888834&from=vit&uid=WDCXWD5000BPVT-22HXZT3_WD-WX41E81DJJ58DJJ58&q={searchTerms}
SearchScopes: HKLM-x32 - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.sweet-page.com/web/?type=ds&ts=1389888834&from=vit&uid=WDCXWD5000BPVT-22HXZT3_WD-WX41E81DJJ58DJJ58&q={searchTerms}
SearchScopes: HKLM-x32 - {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.sweet-page.com/web/?type=ds&ts=1389888834&from=vit&uid=WDCXWD5000BPVT-22HXZT3_WD-WX41E81DJJ58DJJ58&q={searchTerms}
SearchScopes: HKCU - DefaultScope {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = hxxp://feed.snapdo.com/?publisher=QuickOB&dpid=QuickOB&co=DE&userid=9238ecb4-3739-4695-a9f7-4eefae91bb00&searchtype=ds&q={searchTerms}&installDate=01/01/1970
SearchScopes: HKCU - {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = hxxp://feed.snapdo.com/?publisher=QuickOB&dpid=QuickOB&co=DE&userid=9238ecb4-3739-4695-a9f7-4eefae91bb00&searchtype=ds&q={searchTerms}&installDate=01/01/1970
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKCU - {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL =
BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\McAfee\SystemCore\ScriptSn.20120922151619.dll No File
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: OKitSpace Object - {3543619C-D563-43f7-95EA-4DA7E1CC396A} - C:\Users\PC\AppData\Roaming\okitSpace\IE\OkitSpace.dll ()
BHO-x32: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20120922151619.dll No File
BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
Toolbar: HKLM - No Name - {ae07101b-46d4-4a98-af68-0333ea26e113} -  No File
Toolbar: HKLM-x32 - No Name - {ae07101b-46d4-4a98-af68-0333ea26e113} -  No File
Toolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

FireFox:
========
FF ProfilePath: C:\Users\PC\AppData\Roaming\Mozilla\Firefox\Profiles\ma2pxaws.default
FF NewTab: about:blank
FF DefaultSearchEngine: Web Search
FF SelectedSearchEngine: Web Search
FF Homepage: hxxp://feed.snapdo.com/?publisher=QuickOB&dpid=QuickOB&co=DE&userid=9238ecb4-3739-4695-a9f7-4eefae91bb00&searchtype=hp&installDate=01/01/1970
FF Keyword.URL: hxxp://feed.snapdo.com/?publisher=QuickOB&dpid=QuickOB&co=DE&userid=9238ecb4-3739-4695-a9f7-4eefae91bb00&searchtype=ds&installDate=01/01/1970&q=
FF Plugin-x32: @java.com/DTPlugin,version=10.7.2 - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 - C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll ()
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Users\PC\AppData\Roaming\Mozilla\Firefox\Profiles\ma2pxaws.default\searchplugins\Web Search.xml
FF HKLM-x32\...\Firefox\Extensions: [{D19CA586-DD6C-4a0a-96F8-14644F340D60}] - C:\Program Files (x86)\Common Files\McAfee\SystemCore
FF HKLM-x32\...\Firefox\Extensions: [OKitSpace@OKitSpace.es] - C:\Users\PC\AppData\Roaming\okitSpace\Firefox
FF Extension: OKitSpace - C:\Users\PC\AppData\Roaming\okitSpace\Firefox [2014-01-28]
FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK

Chrome:
=======
CHR HomePage: hxxp://feed.snapdo.com/?publisher=QuickOB&dpid=QuickOB&co=DE&userid=9238ecb4-3739-4695-a9f7-4eefae91bb00&searchtype=hp&installDate=01/01/1970
CHR Plugin: (Shockwave Flash) - C:\Users\PC\AppData\Local\Google\Chrome\Application\21.0.1180.89\PepperFlash\pepflashplayer.dll No File
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.107\gcswf32.dll No File
CHR Plugin: (Remoting Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.107\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.107\pdf.dll ()
CHR Plugin: (McAfee SiteAdvisor) - C:\Users\PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho\3.50.146.2_0\McChPlg.dll No File
CHR Plugin: (McAfee SiteAdvisor) - C:\Program Files (x86)\McAfee\SiteAdvisor\npmcffplg32.dll No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL (Microsoft Corporation)
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll No File
CHR Plugin: (Windows Live™ Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\4.0.50401.0\npctrl.dll No File
CHR Plugin: (McAfee SecurityCenter) - c:\progra~2\mcafee\msc\npmcsn~1.dll No File
CHR Extension: (Extended Protection) - C:\Users\PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\cekcjpgehmohobmdiikfnopibipmgnml [2014-01-16]
CHR Extension: (Adblock Plus) - C:\Users\PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2014-01-08]
CHR Extension: (Willkommen bei Facebook - anmelden, registrieren oder mehr erfahren) - C:\Users\PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\jceeimicgggnaonnagkijclkpimhhind [2012-09-25]
CHR Extension: (Google Wallet) - C:\Users\PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-27]
CHR HKLM-x32\...\Chrome\Extension: [ifohbjbgfchkkfhphahclmkpgejiplfo] - C:\Users\PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\newtab.crx [2014-01-16]
CHR HKLM-x32\...\Chrome\Extension: [lbidgdoiglndbjlcnnifemecdhnpeabo] - C:\Users\PC\AppData\Roaming\okitSpace\Chrome\OKitSpace.crx [2014-02-02]

==================== Services (Whitelisted) =================

R2 srvPlgProtect; C:\Users\PC\AppData\Roaming\okitspace\protect\PluginProtect.exe [106496 2014-02-13] ()

==================== Drivers (Whitelisted) ====================

S3 HabuFltr; C:\Windows\System32\drivers\habu.sys [13696 2006-10-26] (Razer (Asia-Pacific) Pte Ltd)
S3 L1C; system32\DRIVERS\L1C62x64.sys [X]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-02-20 16:30 - 2014-02-20 16:31 - 00012357 _____ () C:\Users\PC\Desktop\FRST.txt
2014-02-20 16:30 - 2014-02-20 16:30 - 02153472 _____ (Farbar) C:\Users\PC\Desktop\FRST64.exe
2014-02-20 16:30 - 2014-02-20 16:30 - 00000000 ____D () C:\FRST
2014-02-20 16:29 - 2014-02-20 16:29 - 01141248 _____ (Farbar) C:\Users\PC\Desktop\FRST.exe
2014-02-20 16:27 - 2014-02-20 16:27 - 00000000 _____ () C:\Users\PC\defogger_reenable
2014-02-20 16:26 - 2014-02-20 16:27 - 00000466 _____ () C:\Users\PC\Desktop\defogger_disable.log
2014-02-20 16:26 - 2014-02-20 16:26 - 00050477 _____ () C:\Users\PC\Desktop\Defogger.exe
2014-02-18 20:44 - 2014-02-18 20:48 - 00000000 ____D () C:\Windows\system32\MRT
2014-02-18 20:44 - 2014-02-04 19:09 - 88567024 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-02-15 14:34 - 2014-02-15 14:35 - 00000000 ____D () C:\Users\PC\Desktop\mukke
2014-02-13 17:08 - 2014-02-13 17:08 - 30538085 _____ () C:\Users\PC\Desktop\BVB_Dortmund_-_Wallpaper_Set_2013 (2).zip
2014-02-13 16:49 - 2014-02-13 16:49 - 30538085 _____ () C:\Users\PC\Desktop\BVB_Dortmund_-_Wallpaper_Set_2013 (1).zip
2014-02-13 16:33 - 2014-02-13 16:34 - 30538085 _____ () C:\Users\PC\Desktop\BVB_Dortmund_-_Wallpaper_Set_2013.zip
2014-02-13 16:20 - 2014-02-13 16:20 - 00002247 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-02-13 16:15 - 2014-02-13 16:15 - 30091776 _____ (Microsoft Corporation) C:\Users\PC\Downloads\IE10-Windows6.1-x86-de-de_b16521.exe
2014-02-13 15:42 - 2011-04-05 12:26 - 00252712 _____ (ELAN Microelectronics Corp.) C:\Windows\ETDUninst.dll
2014-02-13 14:43 - 2014-02-13 14:43 - 00000032 _____ () C:\ProgramData\PS.log
2014-02-13 03:03 - 2013-12-21 10:53 - 00548864 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-02-13 03:03 - 2013-12-21 09:56 - 00454656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-02-13 03:01 - 2014-02-06 13:16 - 23170048 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-02-13 03:01 - 2014-02-06 12:30 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-02-13 03:01 - 2014-02-06 12:30 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-02-13 03:01 - 2014-02-06 12:12 - 02765824 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-02-13 03:01 - 2014-02-06 12:07 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-02-13 03:01 - 2014-02-06 12:06 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-02-13 03:01 - 2014-02-06 11:57 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-02-13 03:01 - 2014-02-06 11:56 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-02-13 03:01 - 2014-02-06 11:52 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-02-13 03:01 - 2014-02-06 11:49 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-02-13 03:01 - 2014-02-06 11:48 - 00708608 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-02-13 03:01 - 2014-02-06 11:48 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-02-13 03:01 - 2014-02-06 11:38 - 17103872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-02-13 03:01 - 2014-02-06 11:32 - 00218624 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-02-13 03:01 - 2014-02-06 11:20 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-02-13 03:01 - 2014-02-06 11:17 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-02-13 03:01 - 2014-02-06 11:11 - 05768704 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-02-13 03:01 - 2014-02-06 11:01 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-02-13 03:01 - 2014-02-06 11:00 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-02-13 03:01 - 2014-02-06 10:57 - 02168320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-02-13 03:01 - 2014-02-06 10:57 - 00627200 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-02-13 03:01 - 2014-02-06 10:52 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-02-13 03:01 - 2014-02-06 10:52 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-02-13 03:01 - 2014-02-06 10:50 - 02041856 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-02-13 03:01 - 2014-02-06 10:49 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-02-13 03:01 - 2014-02-06 10:47 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-02-13 03:01 - 2014-02-06 10:46 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-02-13 03:01 - 2014-02-06 10:25 - 04244480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-02-13 03:01 - 2014-02-06 10:25 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-02-13 03:01 - 2014-02-06 10:24 - 02334208 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-02-13 03:01 - 2014-02-06 10:22 - 13051392 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-02-13 03:01 - 2014-02-06 10:13 - 00524288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-02-13 03:01 - 2014-02-06 10:09 - 01964032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-02-13 03:01 - 2014-02-06 10:03 - 11266048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-02-13 03:01 - 2014-02-06 09:55 - 01393664 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-02-13 03:01 - 2014-02-06 09:41 - 01820160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-02-13 03:01 - 2014-02-06 09:40 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-02-13 03:01 - 2014-02-06 09:36 - 01156096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-02-13 03:01 - 2014-02-06 09:34 - 00703488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-02-13 01:21 - 2014-01-01 00:05 - 00420008 _____ () C:\Windows\SysWOW64\locale.nls
2014-02-13 01:21 - 2014-01-01 00:04 - 00420008 _____ () C:\Windows\system32\locale.nls
2014-02-13 01:21 - 2013-12-06 03:30 - 01882112 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2014-02-13 01:21 - 2013-12-06 03:30 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2014-02-13 01:21 - 2013-12-06 03:02 - 01237504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2014-02-13 01:21 - 2013-12-06 03:02 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
2014-02-13 01:20 - 2013-12-25 00:09 - 01987584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll
2014-02-13 01:20 - 2013-12-24 23:48 - 02565120 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll
2014-02-13 01:20 - 2013-12-04 03:27 - 00488448 _____ (Microsoft Corporation) C:\Windows\system32\secproc.dll
2014-02-13 01:20 - 2013-12-04 03:27 - 00485888 _____ (Microsoft Corporation) C:\Windows\system32\secproc_isv.dll
2014-02-13 01:20 - 2013-12-04 03:27 - 00123392 _____ (Microsoft Corporation) C:\Windows\system32\secproc_ssp_isv.dll
2014-02-13 01:20 - 2013-12-04 03:27 - 00123392 _____ (Microsoft Corporation) C:\Windows\system32\secproc_ssp.dll
2014-02-13 01:20 - 2013-12-04 03:26 - 00528384 _____ (Microsoft Corporation) C:\Windows\system32\msdrm.dll
2014-02-13 01:20 - 2013-12-04 03:16 - 00658432 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate_isv.exe
2014-02-13 01:20 - 2013-12-04 03:16 - 00626176 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate.exe
2014-02-13 01:20 - 2013-12-04 03:16 - 00553984 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate_ssp.exe
2014-02-13 01:20 - 2013-12-04 03:16 - 00552960 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate_ssp_isv.exe
2014-02-13 01:20 - 2013-12-04 03:03 - 00428032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secproc.dll
2014-02-13 01:20 - 2013-12-04 03:03 - 00423936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secproc_isv.dll
2014-02-13 01:20 - 2013-12-04 03:03 - 00087040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secproc_ssp_isv.dll
2014-02-13 01:20 - 2013-12-04 03:03 - 00087040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secproc_ssp.dll
2014-02-13 01:20 - 2013-12-04 03:02 - 00390144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msdrm.dll
2014-02-13 01:20 - 2013-12-04 02:54 - 00594944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RMActivate_isv.exe
2014-02-13 01:20 - 2013-12-04 02:54 - 00572416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RMActivate.exe
2014-02-13 01:20 - 2013-12-04 02:54 - 00510976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RMActivate_ssp.exe
2014-02-13 01:20 - 2013-12-04 02:54 - 00508928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RMActivate_ssp_isv.exe
2014-02-13 01:20 - 2013-11-26 09:16 - 03419136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d2d1.dll
2014-02-13 01:20 - 2013-11-22 23:48 - 03928064 _____ (Microsoft Corporation) C:\Windows\system32\d2d1.dll
2014-02-12 01:11 - 2014-02-12 01:11 - 00167528 _____ () C:\Users\PC\Desktop\FLVPlayerSetup-1vId4Bh.exe
2014-02-06 00:19 - 2014-02-06 00:19 - 00003112 _____ () C:\Windows\System32\Tasks\{FD8DD808-A388-4503-88A8-B1A35521EEC4}
2014-02-06 00:08 - 2014-02-06 00:09 - 01071000 _____ (Solid State Networks) C:\Users\PC\Downloads\install_flashplayer12x32_mssd_aaa_aih.exe
2014-02-06 00:06 - 2014-02-06 00:06 - 01071000 _____ (Solid State Networks) C:\Users\PC\Downloads\install_flashplayer12x32_mssa_aaa_aih.exe
2014-02-06 00:03 - 2014-02-06 00:04 - 00000000 ____D () C:\Users\PC\AppData\Roaming\Mozilla
2014-02-06 00:03 - 2014-02-06 00:04 - 00000000 ____D () C:\Users\PC\AppData\Local\Mozilla
2014-02-06 00:03 - 2014-02-06 00:03 - 24489184 _____ (Mozilla) C:\Users\PC\Downloads\Firefox Setup 27.0.exe
2014-02-06 00:03 - 2014-02-06 00:03 - 00000000 ____D () C:\ProgramData\Mozilla
2014-01-27 20:48 - 2014-01-27 20:48 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_User_WpdMtpDr_01_09_00.Wdf

==================== One Month Modified Files and Folders =======

2014-02-20 16:31 - 2014-02-20 16:30 - 00012357 _____ () C:\Users\PC\Desktop\FRST.txt
2014-02-20 16:30 - 2014-02-20 16:30 - 02153472 _____ (Farbar) C:\Users\PC\Desktop\FRST64.exe
2014-02-20 16:30 - 2014-02-20 16:30 - 00000000 ____D () C:\FRST
2014-02-20 16:29 - 2014-02-20 16:29 - 01141248 _____ (Farbar) C:\Users\PC\Desktop\FRST.exe
2014-02-20 16:27 - 2014-02-20 16:27 - 00000000 _____ () C:\Users\PC\defogger_reenable
2014-02-20 16:27 - 2014-02-20 16:26 - 00000466 _____ () C:\Users\PC\Desktop\defogger_disable.log
2014-02-20 16:27 - 2012-09-20 11:12 - 00000000 ____D () C:\Users\PC
2014-02-20 16:26 - 2014-02-20 16:26 - 00050477 _____ () C:\Users\PC\Desktop\Defogger.exe
2014-02-20 16:02 - 2012-09-13 12:49 - 01869257 _____ () C:\Windows\WindowsUpdate.log
2014-02-20 15:59 - 2012-09-21 19:41 - 00001098 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-02-20 15:57 - 2014-01-05 21:23 - 00000000 ____D () C:\ProgramData\Origin
2014-02-20 15:56 - 2009-07-14 04:20 - 00000000 __RHD () C:\Users\Public\Libraries
2014-02-20 15:54 - 2012-09-13 22:32 - 00700134 _____ () C:\Windows\system32\perfh007.dat
2014-02-20 15:54 - 2012-09-13 22:32 - 00149984 _____ () C:\Windows\system32\perfc007.dat
2014-02-20 15:54 - 2009-07-14 06:13 - 01622236 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-02-20 15:51 - 2012-09-21 19:41 - 00001102 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-02-19 23:08 - 2009-07-14 05:45 - 00016752 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-02-19 23:08 - 2009-07-14 05:45 - 00016752 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-02-19 23:00 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-02-19 23:00 - 2009-07-14 05:51 - 00064555 _____ () C:\Windows\setupact.log
2014-02-18 20:48 - 2014-02-18 20:44 - 00000000 ____D () C:\Windows\system32\MRT
2014-02-18 20:22 - 2012-09-21 13:41 - 00000000 ____D () C:\Users\PC\AppData\Roaming\SoftGrid Client
2014-02-17 23:46 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\rescache
2014-02-15 14:35 - 2014-02-15 14:34 - 00000000 ____D () C:\Users\PC\Desktop\mukke
2014-02-14 00:31 - 2012-09-21 19:41 - 00004098 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-02-14 00:31 - 2012-09-21 19:41 - 00003846 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-02-13 17:08 - 2014-02-13 17:08 - 30538085 _____ () C:\Users\PC\Desktop\BVB_Dortmund_-_Wallpaper_Set_2013 (2).zip
2014-02-13 16:49 - 2014-02-13 16:49 - 30538085 _____ () C:\Users\PC\Desktop\BVB_Dortmund_-_Wallpaper_Set_2013 (1).zip
2014-02-13 16:34 - 2014-02-13 16:33 - 30538085 _____ () C:\Users\PC\Desktop\BVB_Dortmund_-_Wallpaper_Set_2013.zip
2014-02-13 16:27 - 2010-11-21 04:47 - 00145846 _____ () C:\Windows\PFRO.log
2014-02-13 16:20 - 2014-02-13 16:20 - 00002247 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-02-13 16:20 - 2012-09-21 19:41 - 00000000 ____D () C:\Program Files (x86)\Google
2014-02-13 16:15 - 2014-02-13 16:15 - 30091776 _____ (Microsoft Corporation) C:\Users\PC\Downloads\IE10-Windows6.1-x86-de-de_b16521.exe
2014-02-13 15:45 - 2012-10-05 17:31 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-02-13 15:42 - 2013-02-09 11:27 - 00000000 ____D () C:\Users\PC\AppData\Roaming\Electronic Arts
2014-02-13 15:39 - 2011-10-19 04:22 - 00000000 ____D () C:\Program Files (x86)\Acer
2014-02-13 15:36 - 2011-10-19 05:04 - 00000000 ____D () C:\Program Files (x86)\Adobe
2014-02-13 15:35 - 2012-09-22 14:20 - 00000000 ____D () C:\Users\PC\AppData\Local\Adobe
2014-02-13 15:34 - 2012-12-20 23:11 - 00000000 ____D () C:\Users\PC\AppData\Roaming\DivX
2014-02-13 15:34 - 2012-12-20 23:10 - 00000000 ____D () C:\Program Files\DivX
2014-02-13 15:34 - 2012-12-20 23:05 - 00000000 ____D () C:\Program Files (x86)\DivX
2014-02-13 15:34 - 2012-12-20 23:04 - 00000000 ____D () C:\ProgramData\DivX
2014-02-13 15:29 - 2014-01-16 17:15 - 00000000 ____D () C:\ProgramData\WPM
2014-02-13 15:26 - 2013-11-12 20:11 - 00019378 _____ () C:\Windows\IE11_main.log
2014-02-13 15:10 - 2009-07-14 05:45 - 00302824 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-02-13 15:02 - 2011-10-19 04:23 - 00000000 ____D () C:\Program Files\Acer
2014-02-13 15:02 - 2011-10-19 03:37 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2014-02-13 14:46 - 2014-01-05 21:23 - 00000263 _____ () C:\Windows\wininit.ini
2014-02-13 14:44 - 2012-09-13 13:08 - 00000000 ____D () C:\ProgramData\CyberLink
2014-02-13 14:43 - 2014-02-13 14:43 - 00000032 _____ () C:\ProgramData\PS.log
2014-02-13 14:32 - 2012-09-20 11:13 - 00070952 _____ () C:\Users\PC\AppData\Local\GDIPFONTCACHEV1.DAT
2014-02-13 14:31 - 2011-10-19 04:15 - 00000000 ____D () C:\ProgramData\Skype
2014-02-13 14:23 - 2011-10-19 05:08 - 00000000 ____D () C:\ProgramData\BackupManager
2014-02-13 14:21 - 2012-09-13 13:02 - 00001024 ___RH () C:\Users\Public\Documents\NTIMMV9Acer.dll
2014-02-13 14:20 - 2012-10-10 13:17 - 00000000 ___HD () C:\Users\PC\Desktop\.picasaoriginals
2014-02-13 03:09 - 2012-09-21 13:40 - 01596516 ____N () C:\Windows\SysWOW64\PerfStringBackup.INI
2014-02-12 01:11 - 2014-02-12 01:11 - 00167528 _____ () C:\Users\PC\Desktop\FLVPlayerSetup-1vId4Bh.exe
2014-02-06 13:16 - 2014-02-13 03:01 - 23170048 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-02-06 12:30 - 2014-02-13 03:01 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-02-06 12:30 - 2014-02-13 03:01 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-02-06 12:12 - 2014-02-13 03:01 - 02765824 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-02-06 12:07 - 2014-02-13 03:01 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-02-06 12:06 - 2014-02-13 03:01 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-02-06 11:57 - 2014-02-13 03:01 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-02-06 11:56 - 2014-02-13 03:01 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-02-06 11:52 - 2014-02-13 03:01 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-02-06 11:49 - 2014-02-13 03:01 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-02-06 11:48 - 2014-02-13 03:01 - 00708608 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-02-06 11:48 - 2014-02-13 03:01 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-02-06 11:38 - 2014-02-13 03:01 - 17103872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-02-06 11:32 - 2014-02-13 03:01 - 00218624 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-02-06 11:20 - 2014-02-13 03:01 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-02-06 11:17 - 2014-02-13 03:01 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-02-06 11:11 - 2014-02-13 03:01 - 05768704 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-02-06 11:07 - 2012-09-21 13:41 - 00000000 ____D () C:\Users\PC\AppData\Roaming\Skype
2014-02-06 11:01 - 2014-02-13 03:01 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-02-06 11:00 - 2014-02-13 03:01 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-02-06 10:57 - 2014-02-13 03:01 - 02168320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-02-06 10:57 - 2014-02-13 03:01 - 00627200 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-02-06 10:52 - 2014-02-13 03:01 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-02-06 10:52 - 2014-02-13 03:01 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-02-06 10:50 - 2014-02-13 03:01 - 02041856 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-02-06 10:49 - 2014-02-13 03:01 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-02-06 10:47 - 2014-02-13 03:01 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-02-06 10:46 - 2014-02-13 03:01 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-02-06 10:25 - 2014-02-13 03:01 - 04244480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-02-06 10:25 - 2014-02-13 03:01 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-02-06 10:24 - 2014-02-13 03:01 - 02334208 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-02-06 10:22 - 2014-02-13 03:01 - 13051392 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-02-06 10:13 - 2014-02-13 03:01 - 00524288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-02-06 10:09 - 2014-02-13 03:01 - 01964032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-02-06 10:03 - 2014-02-13 03:01 - 11266048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-02-06 09:55 - 2014-02-13 03:01 - 01393664 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-02-06 09:41 - 2014-02-13 03:01 - 01820160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-02-06 09:40 - 2014-02-13 03:01 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-02-06 09:36 - 2014-02-13 03:01 - 01156096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-02-06 09:34 - 2014-02-13 03:01 - 00703488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-02-06 00:19 - 2014-02-06 00:19 - 00003112 _____ () C:\Windows\System32\Tasks\{FD8DD808-A388-4503-88A8-B1A35521EEC4}
2014-02-06 00:09 - 2014-02-06 00:08 - 01071000 _____ (Solid State Networks) C:\Users\PC\Downloads\install_flashplayer12x32_mssd_aaa_aih.exe
2014-02-06 00:06 - 2014-02-06 00:06 - 01071000 _____ (Solid State Networks) C:\Users\PC\Downloads\install_flashplayer12x32_mssa_aaa_aih.exe
2014-02-06 00:04 - 2014-02-06 00:03 - 00000000 ____D () C:\Users\PC\AppData\Roaming\Mozilla
2014-02-06 00:04 - 2014-02-06 00:03 - 00000000 ____D () C:\Users\PC\AppData\Local\Mozilla
2014-02-06 00:03 - 2014-02-06 00:03 - 24489184 _____ (Mozilla) C:\Users\PC\Downloads\Firefox Setup 27.0.exe
2014-02-06 00:03 - 2014-02-06 00:03 - 00000000 ____D () C:\ProgramData\Mozilla
2014-02-04 19:09 - 2014-02-18 20:44 - 88567024 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-01-28 00:41 - 2014-01-16 17:14 - 00000000 ____D () C:\Users\PC\AppData\Roaming\okitspace
2014-01-27 20:48 - 2014-01-27 20:48 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_User_WpdMtpDr_01_09_00.Wdf

Some content of TEMP:
====================
C:\Users\PC\AppData\Local\Temp\27127-673614-internet-explorer.exe
C:\Users\PC\AppData\Local\Temp\install_flashplayer12x32_mssa_aaa_aih(1).exe
C:\Users\PC\AppData\Local\Temp\instloffer.exe
C:\Users\PC\AppData\Local\Temp\KUIU.EXE


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2014-02-18 21:11

==================== End Of Log ============================
--- --- ---

--- --- ---

--- --- ---



Code:
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 18-02-2014
Ran by PC at 2014-02-20 16:32:39
Running from C:\Users\PC\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

Acer Crystal Eye Webcam (x32 Version: 1.0.1904 - CyberLink Corp.)
Acer Crystal Eye Webcam (x32 Version: 1.0.1904 - CyberLink Corp.) Hidden
Acer Games (x32 Version: 1.0.2.5 - WildTangent)
Adobe Flash Player 11 ActiveX 64-bit (Version: 11.0.1.152 - Adobe Systems Incorporated)
Adobe Reader X (10.1.9) MUI (x32 Version: 10.1.9 - Adobe Systems Incorporated)
Agatha Christie - Death on the Nile (x32 Version: 2.2.0.98 - WildTangent) Hidden
AMD APP SDK Runtime (Version: 2.4.650.9 - Advanced Micro Devices Inc.) Hidden
AMD Media Foundation Decoders (Version: 1.0.60524.2309 - ATI Technologies Inc.) Hidden
AMD VISION Engine Control Center (x32 Version: 2011.0524.2352.41027 - Ihr Firmenname) Hidden
ATI Catalyst Install Manager (Version: 3.0.829.0 - ATI Technologies, Inc.)
Bejeweled 2 Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
Catalyst Control Center - Branding (x32 Version: 1.00.0000 - ATI) Hidden
Catalyst Control Center Graphics Previews Common (x32 Version: 2011.0524.2352.41027 - ATI) Hidden
Catalyst Control Center InstallProxy (x32 Version: 2011.0524.2352.41027 - ATI Technologies, Inc.) Hidden
Catalyst Control Center Localization All (x32 Version: 2011.0524.2352.41027 - ATI) Hidden
CCC Help Chinese Standard (x32 Version: 2011.0524.2351.41027 - ATI) Hidden
CCC Help Chinese Traditional (x32 Version: 2011.0524.2351.41027 - ATI) Hidden
CCC Help Czech (x32 Version: 2011.0524.2351.41027 - ATI) Hidden
CCC Help Danish (x32 Version: 2011.0524.2351.41027 - ATI) Hidden
CCC Help Dutch (x32 Version: 2011.0524.2351.41027 - ATI) Hidden
CCC Help English (x32 Version: 2011.0524.2351.41027 - ATI) Hidden
CCC Help Finnish (x32 Version: 2011.0524.2351.41027 - ATI) Hidden
CCC Help French (x32 Version: 2011.0524.2351.41027 - ATI) Hidden
CCC Help German (x32 Version: 2011.0524.2351.41027 - ATI) Hidden
CCC Help Greek (x32 Version: 2011.0524.2351.41027 - ATI) Hidden
CCC Help Hungarian (x32 Version: 2011.0524.2351.41027 - ATI) Hidden
CCC Help Italian (x32 Version: 2011.0524.2351.41027 - ATI) Hidden
CCC Help Japanese (x32 Version: 2011.0524.2351.41027 - ATI) Hidden
CCC Help Korean (x32 Version: 2011.0524.2351.41027 - ATI) Hidden
CCC Help Norwegian (x32 Version: 2011.0524.2351.41027 - ATI) Hidden
CCC Help Polish (x32 Version: 2011.0524.2351.41027 - ATI) Hidden
CCC Help Portuguese (x32 Version: 2011.0524.2351.41027 - ATI) Hidden
CCC Help Russian (x32 Version: 2011.0524.2351.41027 - ATI) Hidden
CCC Help Spanish (x32 Version: 2011.0524.2351.41027 - ATI) Hidden
CCC Help Swedish (x32 Version: 2011.0524.2351.41027 - ATI) Hidden
CCC Help Thai (x32 Version: 2011.0524.2351.41027 - ATI) Hidden
CCC Help Turkish (x32 Version: 2011.0524.2351.41027 - ATI) Hidden
ccc-utility64 (Version: 2011.0524.2352.41027 - ATI) Hidden
Chuzzle Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
Crazy Chicken Kart 2 (x32 Version: 2.2.0.97 - WildTangent) Hidden
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
FATE (x32 Version: 2.2.0.97 - WildTangent) Hidden
Final Drive: Nitro (x32 Version: 2.2.0.95 - WildTangent) Hidden
Fotogalerija Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Galeria de Fotografias do Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Galería fotográfica de Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Galeria fotogràfica del Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Galeria fotografii usługi Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Galerie de photos Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Galerie foto Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Google Chrome (x32 Version: 32.0.1700.107 - Google Inc.)
Google Update Helper (x32 Version: 1.3.22.5 - Google Inc.) Hidden
Insaniquarium Deluxe (x32 Version: 2.2.0.97 - WildTangent) Hidden
Jewel Match 3 (x32 Version: 2.2.0.97 - WildTangent) Hidden
Jewel Quest Solitaire (x32 Version: 2.2.0.95 - WildTangent) Hidden
John Deere Drive Green (x32 Version: 2.2.0.95 - WildTangent) Hidden
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Client Profile DEU Language Pack (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile DEU Language Pack (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Office 2010 (x32 Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Klick-und-Los 2010 (Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
Microsoft Office Klick-und-Los 2010 (x32 Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Starter 2010 - Deutsch (x32 Version: 14.0.5128.5002 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (x32 Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (x32 Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (x32 Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (x32 Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (x32 Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319 (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (x32 Version: 10.0.40219 - Microsoft Corporation)
MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT_amd64 (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
Mystery of Mortlake Mansion (x32 Version: 2.2.0.98 - WildTangent) Hidden
Penguins! (x32 Version: 2.2.0.95 - WildTangent) Hidden
Plants vs. Zombies - Game of the Year (x32 Version: 2.2.0.95 - WildTangent) Hidden
Poczta usługi Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Podstawowe programy Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Polar Bowler (x32 Version: 2.2.0.97 - WildTangent) Hidden
Pošta Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Raccolta foto di Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Realtek USB 2.0 Card Reader (x32 Version: 6.1.7600.30122 - Realtek Semiconductor Corp.)
Shared C Run-time for x64 (Version: 10.0.0 - McAfee)
Slingo Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
SopCast 3.5.0 (x32 Version: 3.5.0 - www.sopcast.com)
Torchlight (x32 Version: 2.2.0.97 - WildTangent) Hidden
Ulead Drop Spot 1.0 (x32 Version:  - )
Ulead PhotoImpact 6 (x32 Version:  - )
Update Installer for WildTangent Games App (x32 Version:  - WildTangent) Hidden
VC80CRTRedist - 8.0.50727.6195 (x32 Version: 1.2.0 - DivX, Inc) Hidden
Virtual Villagers 4 - The Tree of Life (x32 Version: 2.2.0.97 - WildTangent) Hidden
Wedding Dash (x32 Version: 2.2.0.95 - WildTangent) Hidden
WildTangent Games App (Acer Games) (x32 Version: 4.0.5.14 - WildTangent) Hidden
Windows Live Communications Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Essentials (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Essentials (x32 Version: 15.4.3538.0513 - Microsoft Corporation)
Windows Live Fotogaléria (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Fotogalerie (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Fotogalleri (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Fotoğraf Galerisi (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Fotótár (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Galeria de Fotos (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Galerija fotografija (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live ID Sign-in Assistant (Version: 7.250.4232.0 - Microsoft Corporation) Hidden
Windows Live Installer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Language Selector (Version: 15.4.3538.0513 - Microsoft Corporation) Hidden
Windows Live Mail (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mesh (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Messenger (x32 Version: 15.4.3538.0513 - Microsoft Corporation) Hidden
Windows Live Messenger (x32 Version: 15.4.3538.0513 - Корпорация Майкрософт) Hidden
Windows Live MIME IFilter (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Movie Maker (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Common (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Gallery (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Remote Client (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Client Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Service (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Service Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live SOXE (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Temel Parçalar (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Writer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Writer Resources (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live 影像中心 (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live 程式集 (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Liven asennustyökalu (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Liven sähköposti (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Liven valokuvavalikoima (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Zuma Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
Συλλογή φωτογραφιών του Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Основные компоненты Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Почта Windows Live (x32 Version: 15.4.3502.0922 - Корпорация Майкрософт) Hidden
Фотоальбом Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Фотогалерия на Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
גלריית התמונות של Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
بريد Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
معرض صور Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

==================== Restore Points  =========================

13-02-2014 13:19:23 Configured NTI Media Maker 9
13-02-2014 13:23:16 Konfiguriert Backup Manager V3
13-02-2014 13:26:20 Microsoft PowerPoint Viewer wird entfernt
13-02-2014 13:29:11 Removed Microsoft Silverlight
13-02-2014 13:30:51 Removed Skype™ 6.11
13-02-2014 13:32:11 Konfiguriert clear.fi
13-02-2014 13:39:09 Konfiguriert clear.fi
13-02-2014 13:46:47 Removed newsXpresso
13-02-2014 13:48:30 Entfernt MyWinLocker Suite
13-02-2014 13:54:56 Entfernt Acer Updater
13-02-2014 13:55:46 Removed Norton Online Backup
13-02-2014 13:57:34 Removed Fooz Kids Platform
13-02-2014 13:59:17 Entfernt Acer eRecovery Management
13-02-2014 14:00:38 Entfernt clear.fi Client
13-02-2014 14:01:50 Entfernt Acer ePower Management
13-02-2014 14:02:59 Entfernt Atheros Communications Inc.(R) AR81Family Gigabit/Fast (©Y
18-02-2014 19:23:05 Windows Update
18-02-2014 19:43:11 Windows Update
20-02-2014 14:54:12 Removed BlueStacks Notification Center

==================== Hosts content: ==========================

2009-07-14 03:34 - 2009-06-10 22:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

Task: {4BB353B4-113A-4010-A88B-4058B4D7C0A2} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-09-21] (Google Inc.)
Task: {8DD42CC2-0476-4BD1-B41C-2593E5BA3D95} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-09-21] (Google Inc.)
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2014-02-13 09:38 - 2014-02-13 09:38 - 00106496 _____ () C:\Users\PC\AppData\Roaming\okitspace\protect\PluginProtect.exe
2014-02-13 09:38 - 2014-02-13 09:38 - 00088576 _____ () C:\Users\PC\AppData\Roaming\okitspace\protect\utilsDll.dll
2014-02-13 16:20 - 2014-02-02 00:41 - 00715592 _____ () C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.107\libglesv2.dll
2014-02-13 16:20 - 2014-02-02 00:41 - 00100168 _____ () C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.107\libegl.dll
2014-02-13 16:20 - 2014-02-02 00:42 - 04055368 _____ () C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.107\pdf.dll
2014-02-13 16:20 - 2014-02-02 00:42 - 00399688 _____ () C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.107\ppGoogleNaClPluginChrome.dll
2014-02-13 16:20 - 2014-02-02 00:41 - 01634632 _____ () C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.107\ffmpegsumo.dll

==================== Alternate Data Streams (whitelisted) =========

AlternateDataStreams: C:\ProgramData\Temp:373E1720
AlternateDataStreams: C:\ProgramData\Temp:A039EDF9

==================== Safe Mode (whitelisted) ===================


==================== Disabled items from MSCONFIG ==============

MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: ArcadeMovieService => "C:\Program Files (x86)\Acer\clear.fi\Movie\clear.fiMovieService.exe"
MSCONFIG\startupreg: BlueStacks Agent => C:\Program Files (x86)\BlueStacks\HD-Agent.exe
MSCONFIG\startupreg: DivXMediaServer => C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe
MSCONFIG\startupreg: StartCCC => "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun

==================== Faulty Device Manager Devices =============

Name: Ethernet-Controller
Description: Ethernet-Controller
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.


==================== Event log errors: =========================

Application errors:
==================
Error: (02/19/2014 11:02:03 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (02/19/2014 02:45:02 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (02/18/2014 11:34:21 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (02/18/2014 08:31:24 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (02/18/2014 03:34:01 PM) (Source: CVHSVC) (User: )
Description: Nur zur Information.
(Patch task for {90140011-0066-0407-0000-0000000FF1CE}): DownloadLatest Failed: Zurzeit sind keine aktiven Netzwerkverbindungen verfügbar. Der Vorgang wird von BITS wiederholt, sobald der Adapter über eine Verbindung verfügt.

Error: (02/13/2014 06:40:26 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (02/13/2014 04:57:32 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (02/13/2014 04:40:17 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (02/13/2014 04:28:56 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (02/13/2014 04:22:46 PM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: chrome.exe, Version: 32.0.1700.107, Zeitstempel: 0x52ed6c62
Name des fehlerhaften Moduls: chrome.dll, Version: 32.0.1700.107, Zeitstempel: 0x52ed6648
Ausnahmecode: 0x80000003
Fehleroffset: 0x003de32b
ID des fehlerhaften Prozesses: 0xd00
Startzeit der fehlerhaften Anwendung: 0xchrome.exe0
Pfad der fehlerhaften Anwendung: chrome.exe1
Pfad des fehlerhaften Moduls: chrome.exe2
Berichtskennung: chrome.exe3


System errors:
=============
Error: (02/19/2014 02:58:17 PM) (Source: DCOM) (User: )
Description: {E10F6C3A-F1AE-4ADC-AA9D-2FE65525666E}

Error: (02/19/2014 02:30:41 PM) (Source: DCOM) (User: )
Description: {E10F6C3A-F1AE-4ADC-AA9D-2FE65525666E}

Error: (02/18/2014 11:15:22 PM) (Source: DCOM) (User: )
Description: {E10F6C3A-F1AE-4ADC-AA9D-2FE65525666E}

Error: (02/18/2014 08:28:43 PM) (Source: DCOM) (User: )
Description: {E10F6C3A-F1AE-4ADC-AA9D-2FE65525666E}

Error: (02/16/2014 02:41:00 AM) (Source: bowser) (User: )
Description: Der Hauptsuchdienst erhielt eine Serverankündigung vom Computer "HP-PC",
der der Hauptsuchdienst der Domäne für den NetBT_Tcpip_{D74C4516-6847-44D8-BAEC-4B9D31AA704C}-Transport zu sein scheint.
Der Hauptsuchdienst wurde beendet oder es wird eine Auswahl erzwungen.

Error: (02/16/2014 02:38:34 AM) (Source: WMPNetworkSvc) (User: )
Description: 0x80004004-1

Error: (02/13/2014 05:10:12 PM) (Source: DCOM) (User: )
Description: {E10F6C3A-F1AE-4ADC-AA9D-2FE65525666E}

Error: (02/13/2014 04:55:00 PM) (Source: DCOM) (User: )
Description: {E10F6C3A-F1AE-4ADC-AA9D-2FE65525666E}

Error: (02/13/2014 04:37:48 PM) (Source: DCOM) (User: )
Description: {E10F6C3A-F1AE-4ADC-AA9D-2FE65525666E}

Error: (02/13/2014 04:26:26 PM) (Source: DCOM) (User: )
Description: {E10F6C3A-F1AE-4ADC-AA9D-2FE65525666E}


Microsoft Office Sessions:
=========================
Error: (02/19/2014 11:02:03 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (02/19/2014 02:45:02 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (02/18/2014 11:34:21 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (02/18/2014 08:31:24 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (02/18/2014 03:34:01 PM) (Source: CVHSVC)(User: )
Description: (Patch task for {90140011-0066-0407-0000-0000000FF1CE}): DownloadLatest Failed: Zurzeit sind keine aktiven Netzwerkverbindungen verfügbar. Der Vorgang wird von BITS wiederholt, sobald der Adapter über eine Verbindung verfügt.

Error: (02/13/2014 06:40:26 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (02/13/2014 04:57:32 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (02/13/2014 04:40:17 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (02/13/2014 04:28:56 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (02/13/2014 04:22:46 PM) (Source: Application Error)(User: )
Description: chrome.exe32.0.1700.10752ed6c62chrome.dll32.0.1700.10752ed664880000003003de32bd0001cf28cf21c7db3dC:\Program Files (x86)\Google\Chrome\Application\chrome.exeC:\Program Files (x86)\Google\Chrome\Application\32.0.1700.107\chrome.dllb049d701-94c2-11e3-95b3-b6d0a1db020b


==================== Memory info ===========================

Percentage of memory in use: 35%
Total physical RAM: 3818.9 MB
Available physical RAM: 2454.47 MB
Total Pagefile: 7635.98 MB
Available Pagefile: 6060.29 MB
Total Virtual: 8192 MB
Available Virtual: 8191.83 MB

==================== Drives ================================

Drive c: (Acer) (Fixed) (Total:450.66 GB) (Free:401.83 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 466 GB) (Disk ID: 20CE5C1D)
Partition 1: (Not Active) - (Size=15 GB) - (Type=27)
Partition 2: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=451 GB) - (Type=07 NTFS)

==================== End Of Log ============================

3. gmer

Code:
GMER 2.1.19357 - hxxp://www.gmer.net
Rootkit scan 2014-02-20 17:38:43
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 WDC_WD5000BPVT-22HXZT3 rev.01.01A01 465,76GB
Running: Gmer-19357.exe; Driver: C:\Users\PC\AppData\Local\Temp\pgldapoc.sys


---- Kernel code sections - GMER 2.1 ----

INITKDBG  C:\Windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 528                                                                                                                                                  fffff80002ff0000 65 bytes [00, 00, 15, 02, 46, 69, 6C, ...]
INITKDBG  C:\Windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 594                                                                                                                                                  fffff80002ff0042 4 bytes [00, 00, 00, 00]

---- User code sections - GMER 2.1 ----

.text    C:\Users\PC\AppData\Roaming\okitspace\protect\PluginProtect.exe[2140] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                                                                                        0000000077461465 2 bytes [46, 77]
.text    C:\Users\PC\AppData\Roaming\okitspace\protect\PluginProtect.exe[2140] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                                                                                      00000000774614bb 2 bytes [46, 77]
.text    ...                                                                                                                                                                                                                  * 2
.text    C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe[4032] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                                                                                        0000000077461465 2 bytes [46, 77]
.text    C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe[4032] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                                                                                        00000000774614bb 2 bytes [46, 77]
.text    ...                                                                                                                                                                                                                  * 2
.text    C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe[372] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                                                                                              0000000077461465 2 bytes [46, 77]
.text    C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe[372] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                                                                                            00000000774614bb 2 bytes [46, 77]
.text    ...                                                                                                                                                                                                                  * 2

---- Threads - GMER 2.1 ----

Thread    C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [360:2356]                                                                                                                                                0000000077487587
Thread    C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [360:3976]                                                                                                                                                00000000746f7712
Thread    C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [360:3216]                                                                                                                                                0000000077912e65
Thread    C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [360:3672]                                                                                                                                                0000000077913e85
Thread    C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [360:3752]                                                                                                                                                0000000077913e85
Thread    C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [360:4152]                                                                                                                                                0000000077913e85
---- Processes - GMER 2.1 ----

Process  C:\Users\PC\AppData\Roaming\okitspace\protect\PluginProtect.exe (*** suspicious ***) @ C:\Users\PC\AppData\Roaming\okitspace\protect\PluginProtect.exe [2140](2014-02-13 08:38:04)                                  00000000013d0000
Library  C:\Users\PC\AppData\Roaming\okitspace\protect\utilsDll.dll (*** suspicious ***) @ C:\Users\PC\AppData\Roaming\okitspace\protect\PluginProtect.exe [2140](2014-02-13 08:38:04)                                        00000000744f0000
Library  C:\Users\PC\AppData\Roaming\okitspace\protect\Newtonsoft.Json.dll (*** suspicious ***) @ C:\Users\PC\AppData\Roaming\okitspace\protect\PluginProtect.exe [2140] (Json.NET .NET 2.0/Newtonsoft)(2014-01-24 11:47:00)  00000000689e0000
Library  C:\Users\PC\AppData\Roaming\okitspace\protect\Interop.Shell32.dll (*** suspicious ***) @ C:\Users\PC\AppData\Roaming\okitspace\protect\PluginProtect.exe [2140] ( / )(2014-01-16 12:38:02)                          00000000689d0000

---- Registry - GMER 2.1 ----

Reg      HKLM\SYSTEM\CurrentControlSet\Control\Session Manager@PendingFileRenameOperations                                                                                                                                    ?????????????????n?n?n?o?o?p?o?n?n?p?p?p?p?p?p?p?p?p????????????????????? ????????????????????????"??????????????????????:????????????????????????,??????s???????s???????????????????????????????????p??????????FltMgr????????H?????????????????????Avira Planer?z??????????? ???????????????????t??????????N?????????????s?????????????????????????????????????????????time.windows.com,7c552a0?????????????~???????????t??.r??? ?????????????????????0??????*?\??? ???????tu????N????????????{?i??????????? ????????????????????????"?????????????????????????system32\DRIVERS\avgntflt.sys????????????-?????e????FSFilter Anti-Virus?32???????????p???????e???????????????????e????2????????????n?????u?v@v?v?y?z?{?{???{?????o??? ???????????????????i??????????N?????????????s?????{8ECC055D-047F-11D1-A537-0000F8753ED1}??}???? ???????5?????5???????:???????????? ????????????????????f?????????????s?f??????????? ????????????????????????"?????????????????????? ???,?,?U?U?U?U?,?U?U?U?U?U?U?U?U?U?U?U?U?U?U?U?U?U?U?U?U?U?U?U?U?U?U?U?U?U?U?U?U?U?U?

---- EOF - GMER 2.1 ----

schrauber 21.02.2014 06:49
hi,

Downloade Dir bitte Malwarebytes Anti-Malware
  • Installiere das Programm in den vorgegebenen Pfad. (Bebilderte Anleitung zu MBAM)
  • Starte Malwarebytes' Anti-Malware (MBAM).
  • Klicke im Anschluss auf Scannen, wähle den Bedrohungssuchlauf aus und klicke auf Suchlauf starten.
  • Lass am Ende des Suchlaufs alle Funde (falls vorhanden) in die Quarantäne verschieben. Klicke dazu auf Auswahl entfernen.
  • Lass deinen Rechner ggf. neu starten, um die Bereinigung abzuschließen.
  • Starte MBAM, klicke auf Verlauf und dann auf Anwendungsprotokolle.
  • Wähle das neueste Scan-Protokoll aus und klicke auf Export. Wähle Textdatei (.txt) aus und speichere die Datei als mbam.txt auf dem Desktop ab. Das Logfile von MBAM findest du hier.
  • Füge den Inhalt der mbam.txt mit deiner nächsten Antwort hinzu.


Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

  • Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
  • Drücke eine beliebige Taste, um das Tool zu starten.
  • Je nach System kann der Scan eine Weile dauern.
  • Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
  • Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.


und ein frisches FRST log bitte.

knüttel 21.02.2014 14:22
Hallo Schrauber,
vielen vielen dank für deine schnelle Hilfestellung.:daumenhoc:daumenhoc
Ich habe auch erst jetzt festgestellt, dass sich "okitspace" auch nicht entfernen lässt bzw lies.

Anbei die Logdaten:

1. Mailware:

Code:
Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Datenbank Version: v2014.02.21.05

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 11.0.9600.16518
PC :: PC-PC [Administrator]

21.02.2014 12:07:00
mbam-log-2014-02-21 (12-07-00).txt

Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 210168
Laufzeit: 12 Minute(n), 29 Sekunde(n)

Infizierte Speicherprozesse: 1
C:\Users\PC\AppData\Roaming\okitspace\protect\PluginProtect.exe (PUP.Optional.Vittalia) -> 2372 -> Löschen bei Neustart.

Infizierte Speichermodule: 3
C:\Users\PC\AppData\Roaming\okitspace\protect\Interop.Shell32.dll (PUP.Optional.OKitSpace.A) -> Löschen bei Neustart.
C:\Users\PC\AppData\Roaming\okitspace\protect\Newtonsoft.Json.dll (PUP.Optional.OKitSpace.A) -> Löschen bei Neustart.
C:\Users\PC\AppData\Roaming\okitspace\protect\utilsDll.dll (PUP.Optional.OKitSpace.A) -> Löschen bei Neustart.

Infizierte Registrierungsschlüssel: 25
HKLM\SYSTEM\CurrentControlSet\Services\srvPlgProtect (PUP.Optional.Vittalia) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCR\AppID\{90A52F08-64AC-4DC6-9D7D-4516670275D3} (Trojan.Downloader) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCR\CLSID\{3543619C-D563-43f7-95EA-4DA7E1CC396A} (Trojan.Downloader) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCR\TypeLib\{90A52F08-64AC-4DC6-9D7D-4516670275D3} (Trojan.Downloader) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCR\Interface\{6C51F7E9-8542-4F25-A30F-2060157752E1} (Trojan.Downloader) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCR\OKitSpace.1 (Trojan.Downloader) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCR\OKitSpace (Trojan.Downloader) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3543619C-D563-43F7-95EA-4DA7E1CC396A} (Trojan.Downloader) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{3543619C-D563-43F7-95EA-4DA7E1CC396A} (Trojan.Downloader) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{3543619C-D563-43F7-95EA-4DA7E1CC396A} (Trojan.Downloader) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCR\CLSID\{3543619C-D563-43f7-95EA-4DA7E1CC396A} (PUP.Optional.OfferBox.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCR\TypeLib\{90A52F08-64AC-4DC6-9D7D-4516670275D3} (PUP.Optional.OfferBox.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCR\Interface\{6C51F7E9-8542-4F25-A30F-2060157752E1} (PUP.Optional.OfferBox.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCR\OKitSpace.1 (PUP.Optional.OfferBox.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCR\OKitSpace (PUP.Optional.OfferBox.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3543619C-D563-43F7-95EA-4DA7E1CC396A} (PUP.Optional.OfferBox.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{3543619C-D563-43F7-95EA-4DA7E1CC396A} (PUP.Optional.OfferBox.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{3543619C-D563-43F7-95EA-4DA7E1CC396A} (PUP.Optional.OfferBox.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCR\AppID\OKitSpace.DLL (PUP.Optional.OKitSpace.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86} (PUP.Optional.Qone8) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKLM\SOFTWARE\OKitSpace (PUP.Optional.OKitSpace.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKLM\SOFTWARE\sweet-pageSoftware (PUP.Optional.SweetPage.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKLM\SOFTWARE\Google\Chrome\Extensions\ifohbjbgfchkkfhphahclmkpgejiplfo (PUP.Optional.Elex.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86} (PUP.Optional.Qone8) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKLM\SOFTWARE\Vittalia\AxtanInstaller (PUP.Optional.BundleInstaller.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.

Infizierte Registrierungswerte: 1
HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\srvPlgProtect|ImagePath (PUP.Optional.Vittalia) -> Daten: C:\Users\PC\AppData\Roaming\okitspace\protect\PluginProtect.exe -> Erfolgreich gelöscht und in Quarantäne gestellt.

Infizierte Dateiobjekte der Registrierung: 10
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main|Search Page (PUP.Optional.Snapdo) -> Bösartig: (hxxp://feed.snapdo.com/?publisher=QuickOB&dpid=QuickOB&co=DE&userid=9238ecb4-3739-4695-a9f7-4eefae91bb00&searchtype=ds&q={searchTerms}&installDate=01/01/1970) Gut: (hxxp://www.google.com) -> Erfolgreich ersetzt und in Quarantäne gestellt.
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main|Search Bar (PUP.Optional.Snapdo) -> Bösartig: (hxxp://feed.snapdo.com/?publisher=QuickOB&dpid=QuickOB&co=DE&userid=9238ecb4-3739-4695-a9f7-4eefae91bb00&searchtype=ds&q={searchTerms}&installDate=01/01/1970) Gut: (hxxp://www.google.com) -> Erfolgreich ersetzt und in Quarantäne gestellt.
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main|Default_Page_URL (PUP.Optional.SweetPage.A) -> Bösartig: (hxxp://www.sweet-page.com/?type=hp&ts=1389888834&from=vit&uid=WDCXWD5000BPVT-22HXZT3_WD-WX41E81DJJ58DJJ58) Gut: (hxxp://www.google.com) -> Erfolgreich ersetzt und in Quarantäne gestellt.
HKCU\SOFTWARE\Microsoft\Internet Explorer\Search|SearchAssistant (PUP.Optional.Snapdo) -> Bösartig: (hxxp://feed.snapdo.com/?publisher=QuickOB&dpid=QuickOB&co=DE&userid=9238ecb4-3739-4695-a9f7-4eefae91bb00&searchtype=ds&q={searchTerms}&installDate=01/01/1970) Gut: (hxxp://www.google.com) -> Erfolgreich ersetzt und in Quarantäne gestellt.
HKCU\SOFTWARE\Microsoft\Internet Explorer\Search|Default_Search_URL (PUP.Optional.Snapdo) -> Bösartig: (hxxp://feed.snapdo.com/?publisher=QuickOB&dpid=QuickOB&co=DE&userid=9238ecb4-3739-4695-a9f7-4eefae91bb00&searchtype=ds&q={searchTerms}&installDate=01/01/1970) Gut: (hxxp://www.google.com) -> Erfolgreich ersetzt und in Quarantäne gestellt.
HKLM\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command| (PUP.Optional.SweetPage.A) -> Bösartig: (C:\Program Files\Internet Explorer\iexplore.exe hxxp://www.sweet-page.com/?type=sc&ts=1389888834&from=vit&uid=WDCXWD5000BPVT-22HXZT3_WD-WX41E81DJJ58DJJ58) Gut: (iexplore.exe) -> Erfolgreich ersetzt und in Quarantäne gestellt.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main|Default_Search_URL (PUP.Optional.SweetPage.A) -> Bösartig: (hxxp://www.sweet-page.com/web/?type=ds&ts=1389888834&from=vit&uid=WDCXWD5000BPVT-22HXZT3_WD-WX41E81DJJ58DJJ58&q={searchTerms}) Gut: (hxxp://www.google.com) -> Erfolgreich ersetzt und in Quarantäne gestellt.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main|Start Page (PUP.Optional.SweetPage.A) -> Bösartig: (hxxp://www.sweet-page.com/?type=hp&ts=1389888834&from=vit&uid=WDCXWD5000BPVT-22HXZT3_WD-WX41E81DJJ58DJJ58) Gut: (hxxp://www.google.com) -> Erfolgreich ersetzt und in Quarantäne gestellt.
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes|DefaultScope (PUP.Optional.Qone8) -> Bösartig: ({33BB0A4E-99AF-4226-BDF6-49120163DE86}) Gut: ({0633EE93-D776-472f-A0FF-E1416B8B2E3A}) -> Erfolgreich ersetzt und in Quarantäne gestellt.
HKLM\Software\Microsoft\Internet Explorer\Main|Default_Page_URL (PUP.Optional.SweetPage.A) -> Bösartig: (hxxp://www.sweet-page.com/?type=hp&ts=1389888834&from=vit&uid=WDCXWD5000BPVT-22HXZT3_WD-WX41E81DJJ58DJJ58) Gut: (hxxp://www.google.com) -> Erfolgreich ersetzt und in Quarantäne gestellt.

Infizierte Verzeichnisse: 15
C:\Users\PC\AppData\Roaming\okitspace (PUP.Optional.OKitSpace.A) -> Löschen bei Neustart.
C:\Users\PC\AppData\Roaming\okitspace\Chrome (PUP.Optional.OKitSpace.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\PC\AppData\Roaming\okitspace\Chrome\tempCRX (PUP.Optional.OKitSpace.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\PC\AppData\Roaming\okitspace\Chrome\tempCRX\images (PUP.Optional.OKitSpace.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\PC\AppData\Roaming\okitspace\Firefox (PUP.Optional.OKitSpace.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\PC\AppData\Roaming\okitspace\Firefox\chrome (PUP.Optional.OKitSpace.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\PC\AppData\Roaming\okitspace\Firefox\chrome\content (PUP.Optional.OKitSpace.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\PC\AppData\Roaming\okitspace\Firefox\chrome\content\icons (PUP.Optional.OKitSpace.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\PC\AppData\Roaming\okitspace\Firefox\chrome\skin (PUP.Optional.OKitSpace.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\PC\AppData\Roaming\okitspace\IE (PUP.Optional.OKitSpace.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\PC\AppData\Roaming\okitspace\protect (PUP.Optional.OKitSpace.A) -> Löschen bei Neustart.
C:\Users\PC\AppData\Roaming\okitspace\protect\files (PUP.Optional.OKitSpace.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\PC\AppData\Roaming\okitspace\protect\updateSrv (PUP.Optional.OKitSpace.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\cekcjpgehmohobmdiikfnopibipmgnml (PUP.Optional.Lightning.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\cekcjpgehmohobmdiikfnopibipmgnml\1.4_0 (PUP.Optional.Lightning.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.

Infizierte Dateien: 46
C:\Users\PC\AppData\Roaming\okitspace\protect\PluginProtect.exe (PUP.Optional.Vittalia) -> Löschen bei Neustart.
C:\Users\PC\AppData\Roaming\okitspace\IE\OkitSpace.dll (Trojan.Downloader) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\PC\AppData\Roaming\okitspace\IE\OkitSpace.dll (PUP.Optional.OfferBox.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\PC\Desktop\FLVPlayerSetup-1vId4Bh.exe (PUP.Optional.Somoto) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\PC\Documents\iLividSetup.exe (PUP.Optional.Bandoo) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Windows\Installer\8de1bb8.msi (PUP.Optional.SweetIM) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\newtab.crx (PUP.Optional.NewTab.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\PC\AppData\Roaming\okitspace\uninstallkit.exe (PUP.Optional.OKitSpace.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\PC\AppData\Roaming\okitspace\Chrome\OKitSpace.crx (PUP.Optional.OKitSpace.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\PC\AppData\Roaming\okitspace\Chrome\OKitSpace.pem (PUP.Optional.OKitSpace.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\PC\AppData\Roaming\okitspace\Chrome\tempCRX\background.js (PUP.Optional.OKitSpace.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\PC\AppData\Roaming\okitspace\Chrome\tempCRX\manifest.json (PUP.Optional.OKitSpace.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\PC\AppData\Roaming\okitspace\Chrome\tempCRX\images\okitspace-19x19.png (PUP.Optional.OKitSpace.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\PC\AppData\Roaming\okitspace\Chrome\tempCRX\images\okitspace-48x48.png (PUP.Optional.OKitSpace.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\PC\AppData\Roaming\okitspace\Firefox\chrome.manifest (PUP.Optional.OKitSpace.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\PC\AppData\Roaming\okitspace\Firefox\install.rdf (PUP.Optional.OKitSpace.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\PC\AppData\Roaming\okitspace\Firefox\chrome\content\background.html (PUP.Optional.OKitSpace.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\PC\AppData\Roaming\okitspace\Firefox\chrome\content\content.xul (PUP.Optional.OKitSpace.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\PC\AppData\Roaming\okitspace\Firefox\chrome\content\main.js (PUP.Optional.OKitSpace.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\PC\AppData\Roaming\okitspace\Firefox\chrome\content\icons\okitspace-19x19.png (PUP.Optional.OKitSpace.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\PC\AppData\Roaming\okitspace\Firefox\chrome\content\icons\okitspace-48x48.png (PUP.Optional.OKitSpace.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\PC\AppData\Roaming\okitspace\Firefox\chrome\skin\overlay.css (PUP.Optional.OKitSpace.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\PC\AppData\Roaming\okitspace\IE\config (PUP.Optional.OKitSpace.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\PC\AppData\Roaming\okitspace\protect\config.xml (PUP.Optional.OKitSpace.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\PC\AppData\Roaming\okitspace\protect\Interop.Shell32.dll (PUP.Optional.OKitSpace.A) -> Löschen bei Neustart.
C:\Users\PC\AppData\Roaming\okitspace\protect\Newtonsoft.Json.dll (PUP.Optional.OKitSpace.A) -> Löschen bei Neustart.
C:\Users\PC\AppData\Roaming\okitspace\protect\sqlite3.exe (PUP.Optional.OKitSpace.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\PC\AppData\Roaming\okitspace\protect\utilsDll.dll (PUP.Optional.OKitSpace.A) -> Löschen bei Neustart.
C:\Users\PC\AppData\Roaming\okitspace\protect\files\crxID (PUP.Optional.OKitSpace.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\PC\AppData\Roaming\okitspace\protect\files\OKitSpace.crx (PUP.Optional.OKitSpace.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\PC\AppData\Roaming\okitspace\protect\files\OKitSpace.crx.zip (PUP.Optional.OKitSpace.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\PC\AppData\Roaming\okitspace\protect\files\OKitSpace.dll (PUP.Optional.OKitSpace.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\PC\AppData\Roaming\okitspace\protect\files\OKitSpace.pem (PUP.Optional.OKitSpace.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\PC\AppData\Roaming\okitspace\protect\files\OKitSpace.xpi (PUP.Optional.OKitSpace.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\PC\AppData\Roaming\okitspace\protect\files\version (PUP.Optional.OKitSpace.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\PC\AppData\Roaming\okitspace\protect\updateSrv\Newtonsoft.Json.dll (PUP.Optional.OKitSpace.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\PC\AppData\Roaming\okitspace\protect\updateSrv\PluginProtect.exe (PUP.Optional.OKitSpace.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\cekcjpgehmohobmdiikfnopibipmgnml\1.4_0\background.html (PUP.Optional.Lightning.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\cekcjpgehmohobmdiikfnopibipmgnml\1.4_0\background.js (PUP.Optional.Lightning.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\cekcjpgehmohobmdiikfnopibipmgnml\1.4_0\data.json (PUP.Optional.Lightning.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\cekcjpgehmohobmdiikfnopibipmgnml\1.4_0\icon128.png (PUP.Optional.Lightning.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\cekcjpgehmohobmdiikfnopibipmgnml\1.4_0\inject.js (PUP.Optional.Lightning.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\cekcjpgehmohobmdiikfnopibipmgnml\1.4_0\jquery.js (PUP.Optional.Lightning.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\cekcjpgehmohobmdiikfnopibipmgnml\1.4_0\manifest.json (PUP.Optional.Lightning.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\cekcjpgehmohobmdiikfnopibipmgnml\1.4_0\xa.js (PUP.Optional.Lightning.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\cekcjpgehmohobmdiikfnopibipmgnml\1.4_0\xagainit.js (PUP.Optional.Lightning.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.

(Ende)
2. adwcleaner

Code:
# AdwCleaner v3.019 - Bericht erstellt am 21/02/2014 um 13:51:57
# Aktualisiert 17/02/2014 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits)
# Benutzername : PC - PC-PC
# Gestartet von : C:\Users\PC\Desktop\adwcleaner.exe
# Option : Löschen

***** [ Dienste ] *****


***** [ Dateien / Ordner ] *****

Ordner Gelöscht : C:\ProgramData\Tarma Installer
Ordner Gelöscht : C:\ProgramData\WPM
Ordner Gelöscht : C:\Users\PC\AppData\Local\Temp\OCS
Ordner Gelöscht : C:\Users\PC\AppData\LocalLow\Softonic
Datei Gelöscht : C:\Users\PC\AppData\Roaming\Mozilla\Firefox\Profiles\ma2pxaws.default\searchplugins\Web Search.xml

***** [ Verknüpfungen ] *****

Verknüpfung Desinfiziert : C:\Users\PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
Verknüpfung Desinfiziert : C:\Users\PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Internet Explorer (No Add-ons).lnk
Verknüpfung Desinfiziert : C:\Users\PC\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
Verknüpfung Desinfiziert : C:\Users\PC\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Internet Explorer.lnk

***** [ Registrierungsdatenbank ] *****

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Applications\ilividsetup.exe
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\au__rasapi32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\au__rasmancs
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\BingBar_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\iLividSetup_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\iLividSetup_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\QuickShare_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\QuickShare_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\softonic_ggl_1_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\softonic_ggl_1_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\sweetim_2_rasapi32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\sweetim_2_rasmancs
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_fuer_teechart-office_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_fuer_teechart-office_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{0A18A436-2A7A-49F3-A488-30538A2F6323}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{7ABBFE1C-E485-44AA-8F36-353751B4124D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{007EFBDF-8A5D-4930-97CC-A4B437CBA777}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{1AD27395-1659-4DFF-A319-2CFA243861A5}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{006EE092-9658-4FD6-BD8E-A21A348E59F5}
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{AE07101B-46D4-4A98-AF68-0333EA26E113}]
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Wert Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{AE07101B-46D4-4A98-AF68-0333EA26E113}]
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}
Schlüssel Gelöscht : HKCU\Software\ilivid
Schlüssel Gelöscht : HKCU\Software\OCS
Schlüssel Gelöscht : HKCU\Software\SmartBar
Schlüssel Gelöscht : HKLM\Software\SoftwareUpdater
Schlüssel Gelöscht : HKLM\Software\supWPM
Schlüssel Gelöscht : HKLM\Software\Vittalia
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Tarma Installer

***** [ Browser ] *****

-\\ Internet Explorer v11.0.9600.16518

Einstellung Wiederhergestellt : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Search Page]
Einstellung Wiederhergestellt : HKCU\Software\Microsoft\Internet Explorer\SearchUrl [Default]
Einstellung Wiederhergestellt : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Search_URL]
Einstellung Wiederhergestellt : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Page_URL]
Einstellung Wiederhergestellt : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Start Page]
Einstellung Wiederhergestellt : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Search Page]

-\\ Mozilla Firefox v

[ Datei : C:\Users\PC\AppData\Roaming\Mozilla\Firefox\Profiles\ma2pxaws.default\prefs.js ]

Zeile gelöscht : user_pref("browser.search.defaultenginename", "Web Search");
Zeile gelöscht : user_pref("browser.search.selectedEngine", "Web Search");
Zeile gelöscht : user_pref("browser.startup.homepage", "hxxp://feed.snapdo.com/?publisher=QuickOB&dpid=QuickOB&co=DE&userid=9238ecb4-3739-4695-a9f7-4eefae91bb00&searchtype=hp&installDate=01/01/1970");
Zeile gelöscht : user_pref("keyword.URL", "hxxp://feed.snapdo.com/?publisher=QuickOB&dpid=QuickOB&co=DE&userid=9238ecb4-3739-4695-a9f7-4eefae91bb00&searchtype=ds&installDate=01/01/1970&q=");

-\\ Google Chrome v32.0.1700.107

[ Datei : C:\Users\PC\AppData\Local\Google\Chrome\User Data\Default\preferences ]

Gelöscht : homepage

*************************

AdwCleaner[R0].txt - [7064 octets] - [21/02/2014 12:29:18]
AdwCleaner[S0].txt - [5563 octets] - [21/02/2014 13:51:57]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [5623 octets] ##########
3. jrt

Code:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.2 (02.20.2014:1)
OS: Windows 7 Home Premium x64
Ran by PC on 21.02.2014 at 13:57:32,20
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys



~~~ Files



~~~ Folders

Successfully deleted: [Folder] "C:\ProgramData\big fish games"
Successfully deleted: [Folder] "C:\Users\PC\AppData\Roaming\big fish games"
Successfully deleted: [Empty Folder] C:\Users\PC\appdata\local\{4EACB0F2-DE44-4AF1-A56B-D1429959436D}
Successfully deleted: [Empty Folder] C:\Users\PC\appdata\local\{6039535E-C294-43E2-B291-9E0D29210A25}



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 21.02.2014 at 14:14:10,26
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
4. frisches frst


FRST Logfile:

FRST Logfile:

FRST Logfile:
Code:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 20-02-2014
Ran by PC (administrator) on PC-PC on 21-02-2014 14:19:49
Running from C:\Users\PC\Desktop
Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 11
Boot Mode: Normal



==================== Processes (Whitelisted) =================

(AMD) C:\Windows\system32\atiesrxx.exe
(AMD) C:\Windows\system32\atieclxx.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe


==================== Registry (Whitelisted) ==================

HKLM-x32\...\Run: [Avira Systray] - C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe [172600 2014-01-29] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [avgnt] - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [689744 2014-02-14] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [SDTray] - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [5624784 2013-07-25] (Safer-Networking Ltd.)
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKLM\...\Policies\Explorer: [NoControlPanel] 0
HKU\.DEFAULT\...\RunOnce: [IsMyWinLockerReboot] - msiexec.exe /qn /x{voidguid}
HKU\S-1-5-19\...\RunOnce: [IsMyWinLockerReboot] - msiexec.exe /qn /x{voidguid}
HKU\S-1-5-20\...\RunOnce: [IsMyWinLockerReboot] - msiexec.exe /qn /x{voidguid}

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
StartMenuInternet: IEXPLORE.EXE - iexplore.exe
SearchScopes: HKLM - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL =
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\McAfee\SystemCore\ScriptSn.20120922151619.dll No File
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20120922151619.dll No File
BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
Toolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

FireFox:
========
FF ProfilePath: C:\Users\PC\AppData\Roaming\Mozilla\Firefox\Profiles\ma2pxaws.default
FF NewTab: about:blank
FF Plugin-x32: @java.com/DTPlugin,version=10.7.2 - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 - C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll ()
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF HKLM-x32\...\Firefox\Extensions: [{D19CA586-DD6C-4a0a-96F8-14644F340D60}] - C:\Program Files (x86)\Common Files\McAfee\SystemCore
FF HKLM-x32\...\Firefox\Extensions: [OKitSpace@OKitSpace.es] - C:\Users\PC\AppData\Roaming\okitSpace\Firefox
FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK

Chrome:
=======
CHR HomePage: hxxp://www.google.com
CHR Plugin: (Shockwave Flash) - C:\Users\PC\AppData\Local\Google\Chrome\Application\21.0.1180.89\PepperFlash\pepflashplayer.dll No File
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.107\gcswf32.dll No File
CHR Plugin: (Remoting Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.107\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.107\pdf.dll ()
CHR Plugin: (McAfee SiteAdvisor) - C:\Users\PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho\3.50.146.2_0\McChPlg.dll No File
CHR Plugin: (McAfee SiteAdvisor) - C:\Program Files (x86)\McAfee\SiteAdvisor\npmcffplg32.dll No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL (Microsoft Corporation)
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll No File
CHR Plugin: (Windows Live™ Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\4.0.50401.0\npctrl.dll No File
CHR Plugin: (McAfee SecurityCenter) - c:\progra~2\mcafee\msc\npmcsn~1.dll No File
CHR Extension: (Adblock Plus) - C:\Users\PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2014-01-08]
CHR Extension: (Willkommen bei Facebook - anmelden, registrieren oder mehr erfahren) - C:\Users\PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\jceeimicgggnaonnagkijclkpimhhind [2012-09-25]
CHR Extension: (Google Wallet) - C:\Users\PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-27]
CHR HKLM-x32\...\Chrome\Extension: [lbidgdoiglndbjlcnnifemecdhnpeabo] - C:\Users\PC\AppData\Roaming\okitSpace\Chrome\OKitSpace.crx [2013-08-27]

==================== Services (Whitelisted) =================

R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [440400 2014-02-14] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [440400 2014-02-14] (Avira Operations GmbH & Co. KG)
R2 Avira.OE.ServiceHost; C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe [109112 2014-01-29] (Avira Operations GmbH & Co. KG)
R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [3921880 2013-10-15] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [1042272 2013-09-20] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171416 2013-09-13] (Safer-Networking Ltd.)

==================== Drivers (Whitelisted) ====================

R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [108440 2014-02-14] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [131576 2014-02-14] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2014-02-14] (Avira Operations GmbH & Co. KG)
S3 HabuFltr; C:\Windows\System32\drivers\habu.sys [13696 2006-10-26] (Razer (Asia-Pacific) Pte Ltd)
S3 L1C; system32\DRIVERS\L1C62x64.sys [X]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-02-21 14:19 - 2014-02-21 14:19 - 00000000 ____D () C:\Users\PC\Desktop\FRST-OlderVersion
2014-02-21 14:14 - 2014-02-21 14:14 - 00000971 _____ () C:\Users\PC\Desktop\JRT.txt
2014-02-21 13:57 - 2014-02-21 13:57 - 00000000 ____D () C:\Windows\ERUNT
2014-02-21 13:55 - 2014-02-21 13:55 - 01037734 _____ (Thisisu) C:\Users\PC\Desktop\JRT.exe
2014-02-21 13:55 - 2014-02-21 13:55 - 01037734 _____ (Thisisu) C:\Users\PC\Desktop\JRT (1).exe
2014-02-21 13:54 - 2014-02-21 13:54 - 00005735 _____ () C:\Users\PC\Desktop\AdwCleaner[S0].txt
2014-02-21 12:05 - 2014-02-21 13:52 - 00000000 ____D () C:\AdwCleaner
2014-02-21 12:05 - 2014-02-21 12:05 - 01241834 _____ () C:\Users\PC\Desktop\adwcleaner.exe
2014-02-21 12:05 - 2014-02-21 12:05 - 00001109 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-02-21 12:05 - 2014-02-21 12:05 - 00000000 ____D () C:\Users\PC\AppData\Roaming\Malwarebytes
2014-02-21 12:05 - 2014-02-21 12:05 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-02-21 12:05 - 2014-02-21 12:05 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-02-21 12:05 - 2013-04-04 14:50 - 00025928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-02-21 12:04 - 2014-02-21 12:04 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\PC\Desktop\mbam-setup-1.75.0.1300.exe
2014-02-21 11:56 - 2014-02-21 11:56 - 00084720 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avnetflt.sys
2014-02-20 20:34 - 2014-02-21 13:53 - 00000168 _____ () C:\Windows\setupact.log
2014-02-20 20:34 - 2014-02-20 20:34 - 00000000 _____ () C:\Windows\setuperr.log
2014-02-20 20:33 - 2014-02-21 12:25 - 00101388 _____ () C:\Windows\PFRO.log
2014-02-20 18:21 - 2014-02-20 18:21 - 00002766 _____ () C:\Windows\System32\Tasks\CCleanerSkipUAC
2014-02-20 18:21 - 2014-02-20 18:21 - 00000786 _____ () C:\Users\Public\Desktop\CCleaner.lnk
2014-02-20 18:21 - 2014-02-20 18:21 - 00000000 ____D () C:\Program Files\CCleaner
2014-02-20 18:20 - 2014-02-20 18:20 - 00614816 _____ (Chip Digital GmbH) C:\Users\PC\Desktop\CCleaner - CHIP-Downloader.exe
2014-02-20 18:11 - 2014-02-20 18:11 - 00001379 _____ () C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
2014-02-20 18:11 - 2014-02-20 18:11 - 00000000 ____D () C:\Windows\System32\Tasks\Safer-Networking
2014-02-20 18:10 - 2014-02-20 19:39 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2014-02-20 18:10 - 2014-02-20 18:11 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy 2
2014-02-20 18:10 - 2014-02-20 18:10 - 00001079 _____ () C:\Users\Public\Desktop\AntiBrowserSpy.lnk
2014-02-20 18:10 - 2014-02-20 18:10 - 00000000 ____D () C:\Program Files (x86)\AntiBrowserSpy
2014-02-20 18:10 - 2013-09-20 10:49 - 00021040 _____ (Safer Networking Limited) C:\Windows\system32\sdnclean64.exe
2014-02-20 18:08 - 2014-02-20 18:08 - 00614816 _____ (Chip Digital GmbH) C:\Users\PC\Desktop\SpyBot Search Destroy - CHIP-Downloader.exe
2014-02-20 16:58 - 2014-02-20 16:58 - 00000000 ____D () C:\Users\PC\AppData\Roaming\Avira
2014-02-20 16:50 - 2014-02-14 11:00 - 00131576 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys
2014-02-20 16:50 - 2014-02-14 11:00 - 00108440 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
2014-02-20 16:50 - 2014-02-14 11:00 - 00028600 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avkmgr.sys
2014-02-20 16:49 - 2014-02-20 17:51 - 00001141 _____ () C:\Users\Public\Desktop\Avira.lnk
2014-02-20 16:49 - 2014-02-20 16:50 - 00000000 ____D () C:\ProgramData\Avira
2014-02-20 16:49 - 2014-02-20 16:50 - 00000000 ____D () C:\Program Files (x86)\Avira
2014-02-20 16:49 - 2014-02-20 16:49 - 00000000 ____D () C:\ProgramData\Package Cache
2014-02-20 16:45 - 2014-02-20 16:45 - 04011472 _____ (Avira Operations GmbH & Co. KG) C:\Users\PC\Desktop\avira_oe_client_antivirus_de (1).exe
2014-02-20 16:44 - 2014-02-20 16:44 - 04011472 _____ (Avira Operations GmbH & Co. KG) C:\Users\PC\Desktop\avira_oe_client_antivirus_de.exe
2014-02-20 16:42 - 2014-02-20 17:38 - 00006952 _____ () C:\Users\PC\Desktop\gmer.txt
2014-02-20 16:37 - 2014-02-20 16:37 - 00380416 _____ () C:\Users\PC\Desktop\Gmer-19357.exe
2014-02-20 16:32 - 2014-02-20 16:33 - 00023755 _____ () C:\Users\PC\Desktop\Addition.txt
2014-02-20 16:30 - 2014-02-21 14:19 - 02153984 _____ (Farbar) C:\Users\PC\Desktop\FRST64.exe
2014-02-20 16:30 - 2014-02-21 14:19 - 00009689 _____ () C:\Users\PC\Desktop\FRST.txt
2014-02-20 16:30 - 2014-02-21 14:19 - 00000000 ____D () C:\FRST
2014-02-20 16:27 - 2014-02-20 16:27 - 00000000 _____ () C:\Users\PC\defogger_reenable
2014-02-20 16:26 - 2014-02-20 16:27 - 00000466 _____ () C:\Users\PC\Desktop\defogger_disable.log
2014-02-20 16:26 - 2014-02-20 16:26 - 00050477 _____ () C:\Users\PC\Desktop\Defogger.exe
2014-02-18 20:44 - 2014-02-18 20:48 - 00000000 ____D () C:\Windows\system32\MRT
2014-02-18 20:44 - 2014-02-04 19:09 - 88567024 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-02-15 14:34 - 2014-02-15 14:35 - 00000000 ____D () C:\Users\PC\Desktop\mukke
2014-02-13 16:33 - 2014-02-13 16:34 - 30538085 _____ () C:\Users\PC\Desktop\BVB_Dortmund_-_Wallpaper_Set_2013.zip
2014-02-13 16:20 - 2014-02-13 16:20 - 00002247 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-02-13 16:15 - 2014-02-13 16:15 - 30091776 _____ (Microsoft Corporation) C:\Users\PC\Downloads\IE10-Windows6.1-x86-de-de_b16521.exe
2014-02-13 15:42 - 2011-04-05 12:26 - 00252712 _____ (ELAN Microelectronics Corp.) C:\Windows\ETDUninst.dll
2014-02-13 14:43 - 2014-02-13 14:43 - 00000032 _____ () C:\ProgramData\PS.log
2014-02-13 03:03 - 2013-12-21 10:53 - 00548864 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-02-13 03:03 - 2013-12-21 09:56 - 00454656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-02-13 03:01 - 2014-02-06 13:16 - 23170048 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-02-13 03:01 - 2014-02-06 12:30 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-02-13 03:01 - 2014-02-06 12:30 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-02-13 03:01 - 2014-02-06 12:12 - 02765824 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-02-13 03:01 - 2014-02-06 12:07 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-02-13 03:01 - 2014-02-06 12:06 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-02-13 03:01 - 2014-02-06 11:57 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-02-13 03:01 - 2014-02-06 11:56 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-02-13 03:01 - 2014-02-06 11:52 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-02-13 03:01 - 2014-02-06 11:49 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-02-13 03:01 - 2014-02-06 11:48 - 00708608 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-02-13 03:01 - 2014-02-06 11:48 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-02-13 03:01 - 2014-02-06 11:38 - 17103872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-02-13 03:01 - 2014-02-06 11:32 - 00218624 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-02-13 03:01 - 2014-02-06 11:20 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-02-13 03:01 - 2014-02-06 11:17 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-02-13 03:01 - 2014-02-06 11:11 - 05768704 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-02-13 03:01 - 2014-02-06 11:01 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-02-13 03:01 - 2014-02-06 11:00 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-02-13 03:01 - 2014-02-06 10:57 - 02168320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-02-13 03:01 - 2014-02-06 10:57 - 00627200 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-02-13 03:01 - 2014-02-06 10:52 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-02-13 03:01 - 2014-02-06 10:52 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-02-13 03:01 - 2014-02-06 10:50 - 02041856 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-02-13 03:01 - 2014-02-06 10:49 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-02-13 03:01 - 2014-02-06 10:47 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-02-13 03:01 - 2014-02-06 10:46 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-02-13 03:01 - 2014-02-06 10:25 - 04244480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-02-13 03:01 - 2014-02-06 10:25 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-02-13 03:01 - 2014-02-06 10:24 - 02334208 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-02-13 03:01 - 2014-02-06 10:22 - 13051392 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-02-13 03:01 - 2014-02-06 10:13 - 00524288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-02-13 03:01 - 2014-02-06 10:09 - 01964032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-02-13 03:01 - 2014-02-06 10:03 - 11266048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-02-13 03:01 - 2014-02-06 09:55 - 01393664 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-02-13 03:01 - 2014-02-06 09:41 - 01820160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-02-13 03:01 - 2014-02-06 09:40 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-02-13 03:01 - 2014-02-06 09:36 - 01156096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-02-13 03:01 - 2014-02-06 09:34 - 00703488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-02-13 01:21 - 2014-01-01 00:05 - 00420008 _____ () C:\Windows\SysWOW64\locale.nls
2014-02-13 01:21 - 2014-01-01 00:04 - 00420008 _____ () C:\Windows\system32\locale.nls
2014-02-13 01:21 - 2013-12-06 03:30 - 01882112 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2014-02-13 01:21 - 2013-12-06 03:30 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2014-02-13 01:21 - 2013-12-06 03:02 - 01237504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2014-02-13 01:21 - 2013-12-06 03:02 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
2014-02-13 01:20 - 2013-12-25 00:09 - 01987584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll
2014-02-13 01:20 - 2013-12-24 23:48 - 02565120 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll
2014-02-13 01:20 - 2013-12-04 03:27 - 00488448 _____ (Microsoft Corporation) C:\Windows\system32\secproc.dll
2014-02-13 01:20 - 2013-12-04 03:27 - 00485888 _____ (Microsoft Corporation) C:\Windows\system32\secproc_isv.dll
2014-02-13 01:20 - 2013-12-04 03:27 - 00123392 _____ (Microsoft Corporation) C:\Windows\system32\secproc_ssp_isv.dll
2014-02-13 01:20 - 2013-12-04 03:27 - 00123392 _____ (Microsoft Corporation) C:\Windows\system32\secproc_ssp.dll
2014-02-13 01:20 - 2013-12-04 03:26 - 00528384 _____ (Microsoft Corporation) C:\Windows\system32\msdrm.dll
2014-02-13 01:20 - 2013-12-04 03:16 - 00658432 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate_isv.exe
2014-02-13 01:20 - 2013-12-04 03:16 - 00626176 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate.exe
2014-02-13 01:20 - 2013-12-04 03:16 - 00553984 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate_ssp.exe
2014-02-13 01:20 - 2013-12-04 03:16 - 00552960 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate_ssp_isv.exe
2014-02-13 01:20 - 2013-12-04 03:03 - 00428032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secproc.dll
2014-02-13 01:20 - 2013-12-04 03:03 - 00423936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secproc_isv.dll
2014-02-13 01:20 - 2013-12-04 03:03 - 00087040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secproc_ssp_isv.dll
2014-02-13 01:20 - 2013-12-04 03:03 - 00087040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secproc_ssp.dll
2014-02-13 01:20 - 2013-12-04 03:02 - 00390144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msdrm.dll
2014-02-13 01:20 - 2013-12-04 02:54 - 00594944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RMActivate_isv.exe
2014-02-13 01:20 - 2013-12-04 02:54 - 00572416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RMActivate.exe
2014-02-13 01:20 - 2013-12-04 02:54 - 00510976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RMActivate_ssp.exe
2014-02-13 01:20 - 2013-12-04 02:54 - 00508928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RMActivate_ssp_isv.exe
2014-02-13 01:20 - 2013-11-26 09:16 - 03419136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d2d1.dll
2014-02-13 01:20 - 2013-11-22 23:48 - 03928064 _____ (Microsoft Corporation) C:\Windows\system32\d2d1.dll
2014-02-06 00:19 - 2014-02-06 00:19 - 00003112 _____ () C:\Windows\System32\Tasks\{FD8DD808-A388-4503-88A8-B1A35521EEC4}
2014-02-06 00:08 - 2014-02-06 00:09 - 01071000 _____ (Solid State Networks) C:\Users\PC\Downloads\install_flashplayer12x32_mssd_aaa_aih.exe
2014-02-06 00:06 - 2014-02-06 00:06 - 01071000 _____ (Solid State Networks) C:\Users\PC\Downloads\install_flashplayer12x32_mssa_aaa_aih.exe
2014-02-06 00:03 - 2014-02-06 00:04 - 00000000 ____D () C:\Users\PC\AppData\Roaming\Mozilla
2014-02-06 00:03 - 2014-02-06 00:04 - 00000000 ____D () C:\Users\PC\AppData\Local\Mozilla
2014-02-06 00:03 - 2014-02-06 00:03 - 24489184 _____ (Mozilla) C:\Users\PC\Downloads\Firefox Setup 27.0.exe
2014-02-06 00:03 - 2014-02-06 00:03 - 00000000 ____D () C:\ProgramData\Mozilla
2014-01-27 20:48 - 2014-01-27 20:48 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_User_WpdMtpDr_01_09_00.Wdf

==================== One Month Modified Files and Folders =======

2014-02-21 14:20 - 2014-02-20 16:30 - 00009689 _____ () C:\Users\PC\Desktop\FRST.txt
2014-02-21 14:19 - 2014-02-21 14:19 - 00000000 ____D () C:\Users\PC\Desktop\FRST-OlderVersion
2014-02-21 14:19 - 2014-02-20 16:30 - 02153984 _____ (Farbar) C:\Users\PC\Desktop\FRST64.exe
2014-02-21 14:19 - 2014-02-20 16:30 - 00000000 ____D () C:\FRST
2014-02-21 14:14 - 2014-02-21 14:14 - 00000971 _____ () C:\Users\PC\Desktop\JRT.txt
2014-02-21 14:02 - 2009-07-14 05:45 - 00016752 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-02-21 14:02 - 2009-07-14 05:45 - 00016752 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-02-21 14:00 - 2012-09-13 22:32 - 00700134 _____ () C:\Windows\system32\perfh007.dat
2014-02-21 14:00 - 2012-09-13 22:32 - 00149984 _____ () C:\Windows\system32\perfc007.dat
2014-02-21 14:00 - 2009-07-14 06:13 - 01622236 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-02-21 13:57 - 2014-02-21 13:57 - 00000000 ____D () C:\Windows\ERUNT
2014-02-21 13:55 - 2014-02-21 13:55 - 01037734 _____ (Thisisu) C:\Users\PC\Desktop\JRT.exe
2014-02-21 13:55 - 2014-02-21 13:55 - 01037734 _____ (Thisisu) C:\Users\PC\Desktop\JRT (1).exe
2014-02-21 13:54 - 2014-02-21 13:54 - 00005735 _____ () C:\Users\PC\Desktop\AdwCleaner[S0].txt
2014-02-21 13:53 - 2014-02-20 20:34 - 00000168 _____ () C:\Windows\setupact.log
2014-02-21 13:53 - 2012-09-21 19:41 - 00001098 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-02-21 13:53 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-02-21 13:52 - 2014-02-21 12:05 - 00000000 ____D () C:\AdwCleaner
2014-02-21 13:52 - 2012-09-13 12:49 - 01929131 _____ () C:\Windows\WindowsUpdate.log
2014-02-21 13:51 - 2012-09-21 19:41 - 00001102 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-02-21 13:51 - 2012-09-20 11:17 - 00000953 _____ () C:\Users\PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-02-21 12:25 - 2014-02-20 20:33 - 00101388 _____ () C:\Windows\PFRO.log
2014-02-21 12:05 - 2014-02-21 12:05 - 01241834 _____ () C:\Users\PC\Desktop\adwcleaner.exe
2014-02-21 12:05 - 2014-02-21 12:05 - 00001109 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-02-21 12:05 - 2014-02-21 12:05 - 00000000 ____D () C:\Users\PC\AppData\Roaming\Malwarebytes
2014-02-21 12:05 - 2014-02-21 12:05 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-02-21 12:05 - 2014-02-21 12:05 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-02-21 12:04 - 2014-02-21 12:04 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\PC\Desktop\mbam-setup-1.75.0.1300.exe
2014-02-21 11:56 - 2014-02-21 11:56 - 00084720 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avnetflt.sys
2014-02-20 20:34 - 2014-02-20 20:34 - 00000000 _____ () C:\Windows\setuperr.log
2014-02-20 20:33 - 2009-07-14 05:45 - 00306808 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-02-20 19:39 - 2014-02-20 18:10 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2014-02-20 19:36 - 2007-07-12 02:49 - 00000000 ____D () C:\Windows\Panther
2014-02-20 18:21 - 2014-02-20 18:21 - 00002766 _____ () C:\Windows\System32\Tasks\CCleanerSkipUAC
2014-02-20 18:21 - 2014-02-20 18:21 - 00000786 _____ () C:\Users\Public\Desktop\CCleaner.lnk
2014-02-20 18:21 - 2014-02-20 18:21 - 00000000 ____D () C:\Program Files\CCleaner
2014-02-20 18:20 - 2014-02-20 18:20 - 00614816 _____ (Chip Digital GmbH) C:\Users\PC\Desktop\CCleaner - CHIP-Downloader.exe
2014-02-20 18:20 - 2012-09-20 11:13 - 00072992 _____ () C:\Users\PC\AppData\Local\GDIPFONTCACHEV1.DAT
2014-02-20 18:11 - 2014-02-20 18:11 - 00001379 _____ () C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
2014-02-20 18:11 - 2014-02-20 18:11 - 00000000 ____D () C:\Windows\System32\Tasks\Safer-Networking
2014-02-20 18:11 - 2014-02-20 18:10 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy 2
2014-02-20 18:10 - 2014-02-20 18:10 - 00001079 _____ () C:\Users\Public\Desktop\AntiBrowserSpy.lnk
2014-02-20 18:10 - 2014-02-20 18:10 - 00000000 ____D () C:\Program Files (x86)\AntiBrowserSpy
2014-02-20 18:08 - 2014-02-20 18:08 - 00614816 _____ (Chip Digital GmbH) C:\Users\PC\Desktop\SpyBot Search Destroy - CHIP-Downloader.exe
2014-02-20 17:51 - 2014-02-20 16:49 - 00001141 _____ () C:\Users\Public\Desktop\Avira.lnk
2014-02-20 17:38 - 2014-02-20 16:42 - 00006952 _____ () C:\Users\PC\Desktop\gmer.txt
2014-02-20 16:58 - 2014-02-20 16:58 - 00000000 ____D () C:\Users\PC\AppData\Roaming\Avira
2014-02-20 16:50 - 2014-02-20 16:49 - 00000000 ____D () C:\ProgramData\Avira
2014-02-20 16:50 - 2014-02-20 16:49 - 00000000 ____D () C:\Program Files (x86)\Avira
2014-02-20 16:49 - 2014-02-20 16:49 - 00000000 ____D () C:\ProgramData\Package Cache
2014-02-20 16:45 - 2014-02-20 16:45 - 04011472 _____ (Avira Operations GmbH & Co. KG) C:\Users\PC\Desktop\avira_oe_client_antivirus_de (1).exe
2014-02-20 16:44 - 2014-02-20 16:44 - 04011472 _____ (Avira Operations GmbH & Co. KG) C:\Users\PC\Desktop\avira_oe_client_antivirus_de.exe
2014-02-20 16:37 - 2014-02-20 16:37 - 00380416 _____ () C:\Users\PC\Desktop\Gmer-19357.exe
2014-02-20 16:33 - 2014-02-20 16:32 - 00023755 _____ () C:\Users\PC\Desktop\Addition.txt
2014-02-20 16:27 - 2014-02-20 16:27 - 00000000 _____ () C:\Users\PC\defogger_reenable
2014-02-20 16:27 - 2014-02-20 16:26 - 00000466 _____ () C:\Users\PC\Desktop\defogger_disable.log
2014-02-20 16:27 - 2012-09-20 11:12 - 00000000 ____D () C:\Users\PC
2014-02-20 16:26 - 2014-02-20 16:26 - 00050477 _____ () C:\Users\PC\Desktop\Defogger.exe
2014-02-20 15:57 - 2014-01-05 21:23 - 00000000 ____D () C:\ProgramData\Origin
2014-02-20 15:56 - 2009-07-14 04:20 - 00000000 __RHD () C:\Users\Public\Libraries
2014-02-18 20:48 - 2014-02-18 20:44 - 00000000 ____D () C:\Windows\system32\MRT
2014-02-18 20:22 - 2012-09-21 13:41 - 00000000 ____D () C:\Users\PC\AppData\Roaming\SoftGrid Client
2014-02-17 23:46 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\rescache
2014-02-15 14:35 - 2014-02-15 14:34 - 00000000 ____D () C:\Users\PC\Desktop\mukke
2014-02-14 11:00 - 2014-02-20 16:50 - 00131576 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys
2014-02-14 11:00 - 2014-02-20 16:50 - 00108440 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
2014-02-14 11:00 - 2014-02-20 16:50 - 00028600 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avkmgr.sys
2014-02-14 00:31 - 2012-09-21 19:41 - 00004098 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-02-14 00:31 - 2012-09-21 19:41 - 00003846 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-02-13 16:34 - 2014-02-13 16:33 - 30538085 _____ () C:\Users\PC\Desktop\BVB_Dortmund_-_Wallpaper_Set_2013.zip
2014-02-13 16:20 - 2014-02-13 16:20 - 00002247 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-02-13 16:20 - 2012-09-21 19:41 - 00000000 ____D () C:\Program Files (x86)\Google
2014-02-13 16:15 - 2014-02-13 16:15 - 30091776 _____ (Microsoft Corporation) C:\Users\PC\Downloads\IE10-Windows6.1-x86-de-de_b16521.exe
2014-02-13 15:45 - 2012-10-05 17:31 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-02-13 15:42 - 2013-02-09 11:27 - 00000000 ____D () C:\Users\PC\AppData\Roaming\Electronic Arts
2014-02-13 15:39 - 2011-10-19 04:22 - 00000000 ____D () C:\Program Files (x86)\Acer
2014-02-13 15:36 - 2011-10-19 05:04 - 00000000 ____D () C:\Program Files (x86)\Adobe
2014-02-13 15:35 - 2012-09-22 14:20 - 00000000 ____D () C:\Users\PC\AppData\Local\Adobe
2014-02-13 15:34 - 2012-12-20 23:11 - 00000000 ____D () C:\Users\PC\AppData\Roaming\DivX
2014-02-13 15:34 - 2012-12-20 23:10 - 00000000 ____D () C:\Program Files\DivX
2014-02-13 15:34 - 2012-12-20 23:05 - 00000000 ____D () C:\Program Files (x86)\DivX
2014-02-13 15:34 - 2012-12-20 23:04 - 00000000 ____D () C:\ProgramData\DivX
2014-02-13 15:02 - 2011-10-19 04:23 - 00000000 ____D () C:\Program Files\Acer
2014-02-13 15:02 - 2011-10-19 03:37 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2014-02-13 14:46 - 2014-01-05 21:23 - 00000263 _____ () C:\Windows\wininit.ini
2014-02-13 14:44 - 2012-09-13 13:08 - 00000000 ____D () C:\ProgramData\CyberLink
2014-02-13 14:43 - 2014-02-13 14:43 - 00000032 _____ () C:\ProgramData\PS.log
2014-02-13 14:31 - 2011-10-19 04:15 - 00000000 ____D () C:\ProgramData\Skype
2014-02-13 14:23 - 2011-10-19 05:08 - 00000000 ____D () C:\ProgramData\BackupManager
2014-02-13 14:21 - 2012-09-13 13:02 - 00001024 ___RH () C:\Users\Public\Documents\NTIMMV9Acer.dll
2014-02-13 14:20 - 2012-10-10 13:17 - 00000000 ___HD () C:\Users\PC\Desktop\.picasaoriginals
2014-02-13 03:09 - 2012-09-21 13:40 - 01596516 ____N () C:\Windows\SysWOW64\PerfStringBackup.INI
2014-02-06 13:16 - 2014-02-13 03:01 - 23170048 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-02-06 12:30 - 2014-02-13 03:01 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-02-06 12:30 - 2014-02-13 03:01 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-02-06 12:12 - 2014-02-13 03:01 - 02765824 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-02-06 12:07 - 2014-02-13 03:01 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-02-06 12:06 - 2014-02-13 03:01 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-02-06 11:57 - 2014-02-13 03:01 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-02-06 11:56 - 2014-02-13 03:01 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-02-06 11:52 - 2014-02-13 03:01 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-02-06 11:49 - 2014-02-13 03:01 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-02-06 11:48 - 2014-02-13 03:01 - 00708608 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-02-06 11:48 - 2014-02-13 03:01 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-02-06 11:38 - 2014-02-13 03:01 - 17103872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-02-06 11:32 - 2014-02-13 03:01 - 00218624 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-02-06 11:20 - 2014-02-13 03:01 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-02-06 11:17 - 2014-02-13 03:01 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-02-06 11:11 - 2014-02-13 03:01 - 05768704 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-02-06 11:07 - 2012-09-21 13:41 - 00000000 ____D () C:\Users\PC\AppData\Roaming\Skype
2014-02-06 11:01 - 2014-02-13 03:01 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-02-06 11:00 - 2014-02-13 03:01 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-02-06 10:57 - 2014-02-13 03:01 - 02168320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-02-06 10:57 - 2014-02-13 03:01 - 00627200 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-02-06 10:52 - 2014-02-13 03:01 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-02-06 10:52 - 2014-02-13 03:01 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-02-06 10:50 - 2014-02-13 03:01 - 02041856 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-02-06 10:49 - 2014-02-13 03:01 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-02-06 10:47 - 2014-02-13 03:01 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-02-06 10:46 - 2014-02-13 03:01 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-02-06 10:25 - 2014-02-13 03:01 - 04244480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-02-06 10:25 - 2014-02-13 03:01 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-02-06 10:24 - 2014-02-13 03:01 - 02334208 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-02-06 10:22 - 2014-02-13 03:01 - 13051392 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-02-06 10:13 - 2014-02-13 03:01 - 00524288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-02-06 10:09 - 2014-02-13 03:01 - 01964032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-02-06 10:03 - 2014-02-13 03:01 - 11266048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-02-06 09:55 - 2014-02-13 03:01 - 01393664 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-02-06 09:41 - 2014-02-13 03:01 - 01820160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-02-06 09:40 - 2014-02-13 03:01 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-02-06 09:36 - 2014-02-13 03:01 - 01156096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-02-06 09:34 - 2014-02-13 03:01 - 00703488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-02-06 00:19 - 2014-02-06 00:19 - 00003112 _____ () C:\Windows\System32\Tasks\{FD8DD808-A388-4503-88A8-B1A35521EEC4}
2014-02-06 00:09 - 2014-02-06 00:08 - 01071000 _____ (Solid State Networks) C:\Users\PC\Downloads\install_flashplayer12x32_mssd_aaa_aih.exe
2014-02-06 00:06 - 2014-02-06 00:06 - 01071000 _____ (Solid State Networks) C:\Users\PC\Downloads\install_flashplayer12x32_mssa_aaa_aih.exe
2014-02-06 00:04 - 2014-02-06 00:03 - 00000000 ____D () C:\Users\PC\AppData\Roaming\Mozilla
2014-02-06 00:04 - 2014-02-06 00:03 - 00000000 ____D () C:\Users\PC\AppData\Local\Mozilla
2014-02-06 00:03 - 2014-02-06 00:03 - 24489184 _____ (Mozilla) C:\Users\PC\Downloads\Firefox Setup 27.0.exe
2014-02-06 00:03 - 2014-02-06 00:03 - 00000000 ____D () C:\ProgramData\Mozilla
2014-02-04 19:09 - 2014-02-18 20:44 - 88567024 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-01-27 20:48 - 2014-01-27 20:48 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_User_WpdMtpDr_01_09_00.Wdf

Some content of TEMP:
====================
C:\Users\PC\AppData\Local\Temp\avgnt.exe
C:\Users\PC\AppData\Local\Temp\Quarantine.exe


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2014-02-18 21:11

==================== End Of Log ============================
--- --- ---

--- --- ---

--- --- ---

schrauber 22.02.2014 13:28

ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset


Downloade Dir bitte SecurityCheck und:

  • Speichere es auf dem Desktop.
  • Starte SecurityCheck.exe und folge den Anweisungen in der DOS-Box.
  • Wenn der Scan beendet wurde sollte sich ein Textdokument (checkup.txt) öffnen.
Poste den Inhalt bitte hier.

und ein frisches FRST log bitte. Noch Probleme? :)

knüttel 27.02.2014 00:01
alles bestens. Vielen vielen dank !

schrauber 27.02.2014 18:34
Obiges trotzdem noch machen, Kontrolle is besser :)


Alle Zeitangaben in WEZ +1. Es ist jetzt 00:10 Uhr.

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19