| Zimtfisch | 26.07.2014 19:46 |
AdwCleaner: Code:
# AdwCleaner v3.216 - Bericht erstellt am 26/07/2014 um 20:08:01
# Aktualisiert 17/07/2014 von Xplode
# Betriebssystem : Windows Vista (TM) Business Service Pack 2 (32 bits)
# Benutzername : Kulgart - KULGART-PC
# Gestartet von : C:\Users\Kulgart\Desktop\adwcleaner_3.216.exe
# Option : Löschen
***** [ Dienste ] *****
[#] Dienst Gelöscht : SystemStoreService
***** [ Dateien / Ordner ] *****
Ordner Gelöscht : C:\ProgramData\Babylon
Ordner Gelöscht : C:\Program Files\SoftwareUpdater
Ordner Gelöscht : C:\Program Files\Common Files\DVDVideoSoft\TB
Ordner Gelöscht : C:\Users\Kulgart\AppData\Local\DownloadGuide
Ordner Gelöscht : C:\Users\Kulgart\AppData\Local\Software_Updater
Ordner Gelöscht : C:\Users\Kulgart\AppData\Local\SoftwareUpdater
Ordner Gelöscht : C:\Users\Kulgart\AppData\Roaming\Babylon
Ordner Gelöscht : C:\Users\Kulgart\AppData\Roaming\dvdvideosoftiehelpers
Ordner Gelöscht : C:\Users\Kulgart\AppData\Roaming\Mozilla\Firefox\Profiles\musva5j1.default\Extensions\{ACAA314B-EEBA-48E4-AD47-84E31C44796C}
Datei Gelöscht : C:\Program Files\Mozilla Firefox\searchplugins\Babylon.xml
Datei Gelöscht : C:\Users\Kulgart\AppData\Roaming\Mozilla\Firefox\Profiles\musva5j1.default\searchplugins\delta.xml
Datei Gelöscht : C:\Users\Kulgart\AppData\Roaming\Mozilla\Firefox\Profiles\musva5j1.default\user.js
Datei Gelöscht : C:\windows\System32\Tasks\Freemium1ClickMaint
Datei Gelöscht : C:\windows\System32\Tasks\Software Updater
***** [ Verknüpfungen ] *****
***** [ Registrierungsdatenbank ] *****
Schlüssel Gelöscht : HKCU\Software\Google\Chrome\Extensions\nikpibnbobmbdbheedjfogjlikpgpnhp
[#] Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{847EDB3F-7B2A-4986-99AE-EA5E7326578E}
[#] Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{847EDB3F-7B2A-4986-99AE-EA5E7326578E}
[#] Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{B9E50052-09F7-4646-B408-698E5C877F4F}
[#] Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B9E50052-09F7-4646-B408-698E5C877F4F}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\bbylntlbr.bbylntlbrHlpr
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\bbylntlbr.bbylntlbrHlpr.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Prod.cap
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\New Windows\Allow [*.crossrider.com]
Schlüssel Gelöscht : HKCU\Software\5d538bdee66aed12
Schlüssel Gelöscht : HKLM\SOFTWARE\5d538bdee66aed12
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{2EECD738-5844-4A99-B4B6-146BF802613B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{E46C8196-B634-44A1-AF6E-957C64278AB1}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{65BCD620-07DD-012F-819F-073CF1B8F7C6}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Schlüssel Gelöscht : HKCU\Software\BabylonToolbar
[#] Schlüssel Gelöscht : HKCU\Software\DataMngr_Toolbar
Schlüssel Gelöscht : HKCU\Software\InstallCore
Schlüssel Gelöscht : HKCU\Software\OCS
Schlüssel Gelöscht : HKCU\Software\Softonic
Schlüssel Gelöscht : HKLM\Software\Babylon
Schlüssel Gelöscht : HKLM\Software\Iminent
Schlüssel Gelöscht : HKLM\Software\Speedchecker Limited
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{15D2D75C-9CB2-4EFD-BAD7-B9B4CB4BC693}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
***** [ Browser ] *****
-\\ Internet Explorer v9.0.8112.16561
Einstellung Wiederhergestellt : HKCU\Software\Microsoft\Internet Explorer\Main [Start Page]
-\\ Mozilla Firefox v
[ Datei : C:\Users\Kulgart\AppData\Roaming\Mozilla\Firefox\Profiles\musva5j1.default\prefs.js ]
Zeile gelöscht : user_pref("browser.babylon.HPOnNewTab", "search.babylon.com");
Zeile gelöscht : user_pref("extensions.BabylonToolbar_i.aflt", "babsst");
Zeile gelöscht : user_pref("extensions.BabylonToolbar_i.babExt", "");
Zeile gelöscht : user_pref("extensions.BabylonToolbar_i.babTrack", "affID=109986");
Zeile gelöscht : user_pref("extensions.BabylonToolbar_i.hardId", "6ee7bf1c0000000000000024816a6c54");
Zeile gelöscht : user_pref("extensions.BabylonToolbar_i.id", "6ee7bf1c0000000000000024816a6c54");
Zeile gelöscht : user_pref("extensions.BabylonToolbar_i.instlDay", "15450");
Zeile gelöscht : user_pref("extensions.BabylonToolbar_i.instlRef", "sst");
Zeile gelöscht : user_pref("extensions.BabylonToolbar_i.newTab", true);
Zeile gelöscht : user_pref("extensions.BabylonToolbar_i.newTabUrl", "hxxp://search.babylon.com/?affID=109986&babsrc=NT_ss&mntrId=6ee7bf1c0000000000000024816a6c54");
Zeile gelöscht : user_pref("extensions.BabylonToolbar_i.prdct", "BabylonToolbar");
Zeile gelöscht : user_pref("extensions.BabylonToolbar_i.prtnrId", "babylon");
Zeile gelöscht : user_pref("extensions.BabylonToolbar_i.smplGrp", "none");
Zeile gelöscht : user_pref("extensions.BabylonToolbar_i.srcExt", "ss");
Zeile gelöscht : user_pref("extensions.BabylonToolbar_i.tlbrId", "tb9");
Zeile gelöscht : user_pref("extensions.BabylonToolbar_i.vrsn", "1.5.3.17");
Zeile gelöscht : user_pref("extensions.BabylonToolbar_i.vrsnTs", "1.5.3.1720:02:19");
Zeile gelöscht : user_pref("extensions.BabylonToolbar_i.vrsni", "1.5.3.17");
Zeile gelöscht : user_pref("extensions.wrc.SearchRules.ask.com.style", ".WRCN {display:none} #yui-main .tsrc_vnru .title + .WRCN, #yui-main #teoma-results .title + .WRCN {display:inline !important; background: url(\"I[...]
Zeile gelöscht : user_pref("extensions.wrc.SearchRules.ask.com.url", "^hxxp(s)?\\:\\/\\/(.+\\.)?ask\\.com\\/.*");
Zeile gelöscht : user_pref("extensions.wrc.SearchRules.rambler.ru.style", ".WRCN {display:none} .search-results .title + .WRCN {display:inline !important; background: url(\"IMAGE\") right no-repeat}");
-\\ Google Chrome v
[ Datei : C:\Users\Kulgart\AppData\Local\Google\Chrome\User Data\Default\preferences ]
Gelöscht [Search Provider] : hxxp://search.babylon.com/?mntrId=6ee7bf1c0000000000000024816a6c54&babsrc=SP_ss&affID=109986&q={searchTerms}
Gelöscht [Search Provider] : hxxp://www.softonic.de/s/{searchTerms}
Gelöscht [Homepage] : hxxp://www.delta-search.com/?affID=119828&tt=190313_wo2&babsrc=HP_ss&mntrId=6EE7002100D048B2
Gelöscht [Extension] : nikpibnbobmbdbheedjfogjlikpgpnhp
*************************
AdwCleaner[R0].txt - [6818 octets] - [26/07/2014 20:00:39]
AdwCleaner[S0].txt - [6796 octets] - [26/07/2014 20:08:01]
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [6856 octets] ##########
MBAM: Code:
Malwarebytes Anti-Malware
www.malwarebytes.org
Suchlauf Datum: 26.07.2014
Suchlauf-Zeit: 20:14:06
Logdatei: mbam.txt
Administrator: Ja
Version: 2.00.2.1012
Malware Datenbank: v2014.07.26.08
Rootkit Datenbank: v2014.07.17.01
Lizenz: Testversion
Malware Schutz: Aktiviert
Bösartiger Webseiten Schutz: Aktiviert
Self-protection: Deaktiviert
Betriebssystem: Windows Vista Service Pack 2
CPU: x86
Dateisystem: NTFS
Benutzer: Kulgart
Suchlauf-Art: Bedrohungs-Suchlauf
Ergebnis: Abgeschlossen
Durchsuchte Objekte: 275742
Verstrichene Zeit: 16 Min, 9 Sek
Speicher: Aktiviert
Autostart: Aktiviert
Dateisystem: Aktiviert
Archive: Aktiviert
Rootkits: Deaktiviert
Heuristics: Aktiviert
PUP: Aktiviert
PUM: Aktiviert
Prozesse: 0
(No malicious items detected)
Module: 0
(No malicious items detected)
Registrierungsschlüssel: 1
Adware.GamePlayLab, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\PREAPPROVED\{11111111-1111-1111-1111-110011221158}, In Quarantäne, [bb65495bd2a938fe6e78531d1ae81be5],
Registrierungswerte: 0
(No malicious items detected)
Registrierungsdaten: 0
(No malicious items detected)
Ordner: 0
(No malicious items detected)
Dateien: 0
(No malicious items detected)
Physische Sektoren: 0
(No malicious items detected)
(end)
Zoek: Code:
Zoek.exe v5.0.0.0 Updated 26-07-2014
Tool run by Kulgart on 26.07.2014 at 20:32:29,30.
Microsoft® Windows Vista™ Business 6.0.6002 Service Pack 2 x86
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\Kulgart\Desktop\zoek.exe [Scan all users] [Script inserted]
==== System Restore Info ======================
26.07.2014 20:34:51 Zoek.exe System Restore Point Created Succesfully.
==== Set IE to Default ======================
Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="hxxp://www.google.com"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Start Page"="hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_de&c=83&bd=all&pf=cmnb"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"="{F9CBE920-1058-4FB5-B5E5-C6EE0D4D88AC}"
New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="hxxp://go.microsoft.com/fwlink/?LinkId=69157"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Start Page"="hxxp://go.microsoft.com/fwlink/?LinkId=69157"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"
==== All HKCU SearchScopes ======================
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC"
{F9CBE920-1058-4FB5-B5E5-C6EE0D4D88AC} AOL Suche Url="hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=1145&query={searchTerms}&invocationType=tb50hpcmnbie7-de-de"
==== C:\zoek_backup content ======================
C:\zoek_backup (files=0 folders=0 0 bytes)
==== EOF on 26.07.2014 at 20:35:55,40 ======================
FRST: Code:
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:25-07-2014
Ran by Kulgart (administrator) on KULGART-PC on 26-07-2014 20:42:07
Running from C:\Users\Kulgart\Desktop
Platform: Microsoft® Windows Vista™ Business Service Pack 2 (X86) OS Language: Deutsch (Deutschland)
Internet Explorer Version 9
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Hewlett-Packard) C:\Program Files\Hewlett-Packard\File Sanitizer\HPFSService.exe
(SafeBoot International) C:\Program Files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe
(ATI Technologies Inc.) C:\Windows\System32\Ati2evxx.exe
(Microsoft Corporation) C:\Windows\System32\SLsvc.exe
(ATI Technologies Inc.) C:\Windows\System32\Ati2evxx.exe
(Hewlett-Packard Corporation) C:\Windows\System32\hpservice.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(ActivIdentity) C:\Program Files\ActivIdentity\ActivClient\accoca.exe
(Andrea Electronics Corporation) C:\Windows\System32\AEADISRV.EXE
(Agere Systems) C:\Windows\System32\agrsmsvc.exe
(Hewlett-Packard Development Company, L.P) C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\PTChangeFilterService.exe
(ActivIdentity) C:\Program Files\ActivIdentity\ActivClient\acevents.exe
(InterVideo) C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
(Hewlett-Packard Company) C:\Program Files\Common Files\LightScribe\LSSrvc.exe
(PDF Complete Inc) C:\Program Files\PDF Complete\pdfsvc.exe
(Tablet Driver) C:\Windows\System32\drivers\WTSrv.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files\Hewlett-Packard\Shared\hpqWmiEx.exe
(Tablet Driver) C:\Windows\System32\WTClient.exe
(Bioscrypt Inc.) C:\Program Files\Hewlett-Packard\IAM\Bin\asghost.exe
(ActivIdentity) C:\Program Files\ActivIdentity\ActivClient\accrdsub.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\pthosttr.exe
(Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
( Hewlett-Packard Development Company, L.P.) C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
(Analog Devices, Inc.) C:\Program Files\Analog Devices\Core\smax4pnp.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Hewlett-Packard Company) C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
(Skype Technologies S.A.) C:\Program Files\Skype\Phone\Skype.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
(Microsoft Corporation) C:\Program Files\Windows Media Player\wmpnscfg.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
(OpenOffice.org) C:\Program Files\OpenOffice.org 3\program\soffice.exe
(OpenOffice.org) C:\Program Files\OpenOffice.org 3\program\soffice.bin
(ActivIdentity) C:\Program Files\ActivIdentity\ActivClient\acevents.exe
(Google Inc.) C:\Users\Kulgart\AppData\Local\Google\Chrome\Application\chrome.exe
() C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
( Hewlett-Packard Development Company, L.P.) C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\VolCtrl.exe
(Advanced Micro Devices Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Google Inc.) C:\Users\Kulgart\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Kulgart\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Kulgart\AppData\Local\Google\Chrome\Application\chrome.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
(Google Inc.) C:\Users\Kulgart\AppData\Local\Google\Chrome\Application\chrome.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTStackServer.exe
(Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(ATI Technologies Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbam.exe
(Google Inc.) C:\Users\Kulgart\AppData\Local\Google\Chrome\Application\chrome.exe
() C:\Users\Kulgart\Desktop\zoek.exe
(Microsoft Corporation) C:\Windows\System32\cmd.exe
(Microsoft Corporation) C:\Windows\System32\cmd.exe
(Google Inc.) C:\Users\Kulgart\AppData\Local\Google\Chrome\Application\chrome.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKU\S-1-5-21-3594060093-3555260226-2349647178-1004\...\Run: [LightScribe Control Panel] => C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe [2289664 2008-03-18] (Hewlett-Packard Company)
HKU\S-1-5-21-3594060093-3555260226-2349647178-1004\...\Run: [Skype] => C:\Program Files\Skype\Phone\Skype.exe [17418928 2012-07-13] (Skype Technologies S.A.)
HKU\S-1-5-21-3594060093-3555260226-2349647178-1004\...\Run: [WMPNSCFG] => C:\Program Files\Windows Media Player\WMPNSCFG.exe [202240 2008-01-21] (Microsoft Corporation)
AppInit_DLLs: C:\Windows\System32\APSHook.dll => C:\Windows\System32\APSHook.dll [76048 2008-03-25] (Bioscrypt Inc.)
AppInit_DLLs: C:\Windows\System32\APSHook.dll => C:\Windows\System32\APSHook.dll [76048 2008-03-25] (Bioscrypt Inc.)
AppInit_DLLs: C:\Windows\System32\APSHook.dll => C:\Windows\System32\APSHook.dll [76048 2008-03-25] (Bioscrypt Inc.)
AppInit_DLLs: C:\Windows\System32\APSHook.dll => C:\Windows\System32\APSHook.dll [76048 2008-03-25] (Bioscrypt Inc.)
AppInit_DLLs: APSHook.dll => C:\windows\system32\APSHook.dll [76048 2008-03-25] (Bioscrypt Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\BTTray.lnk
ShortcutTarget: BTTray.lnk -> C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
Startup: C:\Users\Kulgart\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk
ShortcutTarget: OpenOffice.org 3.3.lnk -> C:\Program Files\OpenOffice.org 3\program\quickstart.exe ()
ShellIconOverlayIdentifiers: GDriveBlacklistedOverlay -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files\Google\Drive\googledrivesync32.dll (Google)
ShellIconOverlayIdentifiers: GDriveSharedEditOverlay -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44} => C:\Program Files\Google\Drive\googledrivesync32.dll (Google)
ShellIconOverlayIdentifiers: GDriveSharedOverlay -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44} => C:\Program Files\Google\Drive\googledrivesync32.dll (Google)
ShellIconOverlayIdentifiers: GDriveSharedViewOverlay -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43} => C:\Program Files\Google\Drive\googledrivesync32.dll (Google)
ShellIconOverlayIdentifiers: GDriveSyncedOverlay -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files\Google\Drive\googledrivesync32.dll (Google)
ShellIconOverlayIdentifiers: GDriveSyncingOverlay -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files\Google\Drive\googledrivesync32.dll (Google)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKLM - {F9CBE920-1058-4FB5-B5E5-C6EE0D4D88AC} URL = hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=1145&query={searchTerms}&invocationType=tb50hpcmnbie7-de-de
SearchScopes: HKCU - {F9CBE920-1058-4FB5-B5E5-C6EE0D4D88AC} URL = hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=1145&query={searchTerms}&invocationType=tb50hpcmnbie7-de-de
BHO: BHO_Startup Class -> {3134413B-49B4-425C-98A5-893C1F195601} -> C:\Program Files\Hewlett-Packard\File Sanitizer\IEBHO.dll (Hewlett-Packard)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
BHO: Credential Manager for HP ProtectTools -> {DF21F1DB-80C6-11D3-9483-B03D0EC10000} -> c:\Program Files\Hewlett-Packard\IAM\Bin\ItIEAddIn.dll (Bioscrypt Inc.)
Toolbar: HKLM - No Name - {0BF43445-2F28-4351-9252-17FE6E806AA0} - No File
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {C345E174-3E87-4F41-A01C-B066A90A49B4} hxxp://trial.trymicrosoftoffice.com/trialoaa/buymsoffice_assets/framework//microsoft/wrc32.ocx
DPF: {CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_06-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
FireFox:
========
FF ProfilePath: C:\Users\Kulgart\AppData\Roaming\Mozilla\Firefox\Profiles\musva5j1.default
FF NetworkProxy: "http", "72.64.146.135"
FF NetworkProxy: "http_port", 3128
FF NetworkProxy: "type", 1
FF Plugin: @adobe.com/FlashPlayer - C:\windows\system32\Macromed\Flash\NPSWF32_14_0_0_145.dll ()
FF Plugin: @java.com/JavaPlugin - C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF Plugin: @microsoft.com/WPF,version=3.5 - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=3 - C:\Users\Kulgart\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=9 - C:\Users\Kulgart\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Extension: ProxTube - Unblock YouTube - C:\Users\Kulgart\AppData\Roaming\Mozilla\Firefox\Profiles\musva5j1.default\Extensions\ich@maltegoetz.de [2012-05-17]
FF Extension: Greasemonkey - C:\Users\Kulgart\AppData\Roaming\Mozilla\Firefox\Profiles\musva5j1.default\Extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781} [2012-05-20]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - C:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2011-03-25]
Chrome:
=======
CHR HomePage: hxxp://www.google.com/
CHR StartupUrls: "hxxp://www.google.com/"
CHR Plugin: (Remoting Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Users\Kulgart\AppData\Local\Google\Chrome\Application\36.0.1985.125\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Users\Kulgart\AppData\Local\Google\Chrome\Application\36.0.1985.125\pdf.dll ()
CHR Plugin: (Shockwave Flash) - C:\Users\Kulgart\AppData\Local\Google\Chrome\Application\36.0.1985.125\gcswf32.dll No File
CHR Plugin: (Shockwave Flash) - C:\windows\system32\Macromed\Flash\NPSWF32_11_2_202_235.dll No File
CHR Plugin: (Java Deployment Toolkit 6.0.260.3) - C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll (Sun Microsystems, Inc.)
CHR Plugin: (Java(TM) Platform SE 6 U26) - C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
CHR Plugin: (Windows Presentation Foundation) - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
CHR Extension: (Google Drive) - C:\Users\Kulgart\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-07-14]
CHR Extension: (YouTube) - C:\Users\Kulgart\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2012-05-28]
CHR Extension: (Google-Suche) - C:\Users\Kulgart\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2012-05-28]
CHR Extension: (XKit) - C:\Users\Kulgart\AppData\Local\Google\Chrome\User Data\Default\Extensions\fpfgeeomkfdefkckijiabdbogjkdaecd [2013-12-09]
CHR Extension: (AdBlock) - C:\Users\Kulgart\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2013-09-11]
CHR Extension: (Google Wallet) - C:\Users\Kulgart\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-09-02]
CHR Extension: (Google Mail) - C:\Users\Kulgart\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2012-05-28]
========================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 accoca; c:\Program Files\ActivIdentity\ActivClient\accoca.exe [182576 2007-05-16] (ActivIdentity)
R2 ASBroker; c:\Program Files\Hewlett-Packard\IAM\Bin\ASWLNPkg.dll [111888 2008-05-21] (Bioscrypt Inc.)
R2 ASChannel; c:\Program Files\Hewlett-Packard\IAM\Bin\AsChnl.dll [137488 2008-05-21] (Bioscrypt Inc.)
R2 HP ProtectTools Service; c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\PTChangeFilterService.exe [18944 2008-06-02] (Hewlett-Packard Development Company, L.P) [File not signed]
R2 HpFkCryptService; c:\Program Files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe [256512 2008-05-30] (SafeBoot International)
R2 HPFSService; C:\Program Files\Hewlett-Packard\File Sanitizer\HPFSService.exe [77824 2008-05-14] (Hewlett-Packard) [File not signed]
S3 hpqcxs08; C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll [217088 2008-03-07] (Hewlett-Packard Co.) [File not signed]
S3 IDriverT; C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [73728 2004-10-22] (Macrovision Corporation) [File not signed]
R2 LightScribeService; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [73728 2008-03-18] (Hewlett-Packard Company) [File not signed]
R2 MBAMScheduler; C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe [1809720 2014-05-12] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [860472 2014-05-12] (Malwarebytes Corporation)
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [43520 2008-02-28] (Hewlett-Packard) [File not signed]
R2 pdfcDispatcher; C:\Program Files\PDF Complete\pdfsvc.exe [576024 2008-05-12] (PDF Complete Inc)
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [53248 2008-02-28] (Hewlett-Packard) [File not signed]
R2 WinTabService; C:\windows\System32\Drivers\WTSRV.EXE [73728 2009-09-23] (Tablet Driver) [File not signed]
S2 0300231301054363mcinstcleanup; C:\Users\Kulgart\AppData\Local\Temp\030023~1.EXE C:\PROGRA~1\COMMON~1\McAfee\INSTAL~1\cleanup.ini -cleanup -nolog -service
S4 HP Health Check Service; "c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe" [X]
S3 MozillaMaintenance; C:\Program Files\Mozilla Maintenance Service\maintenanceservice_tmp.exe [X]
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R3 MBAMProtector; C:\windows\system32\drivers\mbam.sys [23256 2014-05-12] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\windows\system32\drivers\MBAMSwissArmy.sys [110296 2014-07-26] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\windows\system32\drivers\mwac.sys [51928 2014-05-12] (Malwarebytes Corporation)
R3 PTSimBus; C:\windows\System32\DRIVERS\PTSimBus.sys [18944 2007-06-07] (PenTablet Driver)
S3 PTSimHid; C:\windows\System32\DRIVERS\PTSimHid.sys [10752 2007-04-23] (PenTablet Driver)
R1 RsvLock; C:\windows\system32\Drivers\RsvLock.sys [12496 2008-05-30] (SafeBoot International)
R0 SafeBoot; C:\windows\system32\Drivers\SafeBoot.sys [108752 2008-05-30] () [File not signed]
R0 SbAlg; C:\windows\system32\Drivers\SbAlg.sys [51376 2008-05-30] (SafeBoot N.V.)
R0 SbFsLock; C:\windows\system32\Drivers\SbFsLock.sys [12928 2008-05-30] (SafeBoot International)
R3 SNP2UVC; C:\windows\System32\DRIVERS\snp2uvc.sys [1804160 2008-04-10] ()
S3 TClass2k; C:\windows\System32\DRIVERS\TClass2k.sys [18432 2007-04-23] (Tablet Driver)
S3 UCTblHid; C:\windows\System32\DRIVERS\UCTblHid.sys [14848 2008-09-08] (Tablet Driver)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]
S3 Tablet2k; "%SystemRoot%\System32\Drivers\Tablet2k.sys" [X]
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-07-26 20:39 - 2014-07-26 20:39 - 00001850 _____ () C:\Users\Kulgart\Desktop\zoek-results.txt
2014-07-26 20:38 - 2014-07-26 20:38 - 00000000 ____D () C:\Users\Kulgart\Desktop\FRST-OlderVersion
2014-07-26 20:34 - 2014-07-26 20:35 - 00001850 _____ () C:\zoek-results.log
2014-07-26 20:33 - 2014-07-26 20:33 - 00006936 _____ () C:\Users\Kulgart\Desktop\AdwCleaner[S0].txt
2014-07-26 20:32 - 2014-07-26 20:32 - 00000000 ____D () C:\zoek_backup
2014-07-26 20:31 - 2014-07-26 20:32 - 01287168 _____ () C:\Users\Kulgart\Desktop\zoek.exe
2014-07-26 20:31 - 2014-07-26 20:31 - 00001319 _____ () C:\Users\Kulgart\Desktop\mbam.txt
2014-07-26 20:13 - 2014-07-26 20:13 - 00110296 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\MBAMSwissArmy.sys
2014-07-26 20:12 - 2014-07-26 20:12 - 00000859 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-07-26 20:12 - 2014-07-26 20:12 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-07-26 20:12 - 2014-07-26 20:12 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-07-26 20:12 - 2014-07-26 20:12 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware
2014-07-26 20:12 - 2014-05-12 07:26 - 00051928 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mwac.sys
2014-07-26 20:12 - 2014-05-12 07:25 - 00074456 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbamchameleon.sys
2014-07-26 20:12 - 2014-05-12 07:25 - 00023256 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbam.sys
2014-07-26 20:11 - 2014-07-26 20:11 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Kulgart\Desktop\mbam-setup-2.0.2.1012.exe
2014-07-26 20:01 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\windows\system32\sqlite3.dll
2014-07-26 20:00 - 2014-07-26 20:08 - 00000000 ____D () C:\AdwCleaner
2014-07-26 19:59 - 2014-07-26 19:59 - 01354223 _____ () C:\Users\Kulgart\Desktop\adwcleaner_3.216.exe
2014-07-25 23:26 - 2014-07-25 23:26 - 00011628 _____ () C:\ComboFix.txt
2014-07-25 22:55 - 2014-07-25 22:55 - 00148760 _____ () C:\windows\Minidump\Mini072514-02.dmp
2014-07-25 22:42 - 2014-07-25 22:42 - 00148760 _____ () C:\windows\Minidump\Mini072514-01.dmp
2014-07-25 22:36 - 2011-06-26 08:45 - 00256000 _____ () C:\windows\PEV.exe
2014-07-25 22:36 - 2010-11-07 19:20 - 00208896 _____ () C:\windows\MBR.exe
2014-07-25 22:36 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\windows\NIRCMD.exe
2014-07-25 22:36 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\windows\SWREG.exe
2014-07-25 22:36 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\windows\SWSC.exe
2014-07-25 22:36 - 2000-08-31 02:00 - 00098816 _____ () C:\windows\sed.exe
2014-07-25 22:36 - 2000-08-31 02:00 - 00080412 _____ () C:\windows\grep.exe
2014-07-25 22:36 - 2000-08-31 02:00 - 00068096 _____ () C:\windows\zip.exe
2014-07-25 22:24 - 2014-07-25 23:26 - 00000000 ____D () C:\Qoobox
2014-07-25 22:16 - 2014-07-25 22:18 - 00000000 ____D () C:\Users\Kulgart\AppData\Roaming\DropboxMaster
2014-07-25 22:16 - 2014-07-25 22:16 - 00000000 ____D () C:\Users\Kulgart\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2014-07-25 22:10 - 2014-07-25 23:25 - 00000000 ____D () C:\windows\erdnt
2014-07-25 22:03 - 2014-07-25 22:18 - 00000000 ____D () C:\Users\Kulgart\AppData\Roaming\Dropbox
2014-07-25 22:02 - 2014-07-25 22:06 - 05563277 ____R (Swearware) C:\Users\Kulgart\Desktop\ComboFix.exe
2014-07-23 20:28 - 2014-07-26 20:42 - 00000000 ____D () C:\FRST
2014-07-23 20:27 - 2014-07-26 20:38 - 01084416 _____ (Farbar) C:\Users\Kulgart\Desktop\FRST.exe
2014-07-23 19:44 - 2014-07-23 19:44 - 00043152 _____ (AVAST Software) C:\windows\avastSS.scr
2014-07-21 21:51 - 2014-07-22 19:29 - 00008040 _____ () C:\Users\Kulgart\Documents\Shiral.odt
2014-07-10 19:45 - 2014-06-07 02:19 - 02051072 _____ (Microsoft Corporation) C:\windows\system32\win32k.sys
2014-07-10 19:45 - 2014-06-07 02:05 - 12353024 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2014-07-10 19:45 - 2014-06-07 01:12 - 01810432 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
2014-07-10 19:45 - 2014-06-07 01:02 - 01129472 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
2014-07-10 19:45 - 2014-06-07 00:56 - 00717824 _____ (Microsoft Corporation) C:\windows\system32\jscript.dll
2014-07-10 19:45 - 2014-06-07 00:56 - 00421376 _____ (Microsoft Corporation) C:\windows\system32\vbscript.dll
2014-07-10 19:45 - 2014-06-07 00:54 - 00353792 _____ (Microsoft Corporation) C:\windows\system32\dxtmsft.dll
2014-07-10 19:45 - 2014-06-07 00:54 - 00223232 _____ (Microsoft Corporation) C:\windows\system32\dxtrans.dll
2014-07-10 19:45 - 2014-06-07 00:53 - 00073728 _____ (Microsoft Corporation) C:\windows\system32\mshtmled.dll
2014-07-10 19:45 - 2014-06-07 00:47 - 00176640 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll
2014-07-10 19:45 - 2014-06-06 10:59 - 00506880 _____ (Microsoft Corporation) C:\windows\system32\qedit.dll
2014-07-10 19:45 - 2014-05-30 08:53 - 00273408 _____ (Microsoft Corporation) C:\windows\system32\Drivers\afd.sys
2014-07-10 19:44 - 2014-06-07 01:25 - 09711616 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
2014-07-10 19:44 - 2014-06-07 01:04 - 01106432 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
2014-07-10 19:44 - 2014-06-07 01:03 - 01427968 _____ (Microsoft Corporation) C:\windows\system32\inetcpl.cpl
2014-07-10 19:44 - 2014-06-07 01:00 - 00231936 _____ (Microsoft Corporation) C:\windows\system32\url.dll
2014-07-10 19:44 - 2014-06-07 00:58 - 00065024 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll
2014-07-10 19:44 - 2014-06-07 00:57 - 00142848 _____ (Microsoft Corporation) C:\windows\system32\ieUnatt.exe
2014-07-10 19:44 - 2014-06-07 00:54 - 00607744 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll
2014-07-10 19:44 - 2014-06-07 00:54 - 00041472 _____ (Microsoft Corporation) C:\windows\system32\msfeedsbs.dll
2014-07-10 19:44 - 2014-06-07 00:53 - 01796096 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
2014-07-10 19:44 - 2014-06-07 00:53 - 00010752 _____ (Microsoft Corporation) C:\windows\system32\msfeedssync.exe
2014-07-10 19:44 - 2014-06-07 00:52 - 02382848 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb
2014-07-10 19:44 - 2014-06-07 00:51 - 00011776 _____ (Microsoft Corporation) C:\windows\system32\mshta.exe
2014-07-07 19:45 - 2014-07-13 21:06 - 00010099 _____ () C:\Users\Kulgart\Documents\Megamind link.odt
2014-07-02 19:58 - 2014-07-02 19:58 - 00017351 _____ () C:\Users\Kulgart\AppData\Local\recently-used.xbel
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-07-26 20:42 - 2014-07-23 20:28 - 00000000 ____D () C:\FRST
2014-07-26 20:39 - 2014-07-26 20:39 - 00001850 _____ () C:\Users\Kulgart\Desktop\zoek-results.txt
2014-07-26 20:38 - 2014-07-26 20:38 - 00000000 ____D () C:\Users\Kulgart\Desktop\FRST-OlderVersion
2014-07-26 20:38 - 2014-07-23 20:27 - 01084416 _____ (Farbar) C:\Users\Kulgart\Desktop\FRST.exe
2014-07-26 20:35 - 2014-07-26 20:34 - 00001850 _____ () C:\zoek-results.log
2014-07-26 20:35 - 2012-01-10 21:43 - 00000000 ____D () C:\Users\Kulgart\AppData\Roaming\Skype
2014-07-26 20:33 - 2014-07-26 20:33 - 00006936 _____ () C:\Users\Kulgart\Desktop\AdwCleaner[S0].txt
2014-07-26 20:33 - 2012-04-09 19:35 - 00000884 _____ () C:\windows\Tasks\Adobe Flash Player Updater.job
2014-07-26 20:32 - 2014-07-26 20:32 - 00000000 ____D () C:\zoek_backup
2014-07-26 20:32 - 2014-07-26 20:31 - 01287168 _____ () C:\Users\Kulgart\Desktop\zoek.exe
2014-07-26 20:31 - 2014-07-26 20:31 - 00001319 _____ () C:\Users\Kulgart\Desktop\mbam.txt
2014-07-26 20:18 - 2011-03-24 18:57 - 01366579 _____ () C:\windows\WindowsUpdate.log
2014-07-26 20:13 - 2014-07-26 20:13 - 00110296 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\MBAMSwissArmy.sys
2014-07-26 20:12 - 2014-07-26 20:12 - 00000859 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-07-26 20:12 - 2014-07-26 20:12 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-07-26 20:12 - 2014-07-26 20:12 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-07-26 20:12 - 2014-07-26 20:12 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware
2014-07-26 20:11 - 2014-07-26 20:11 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Kulgart\Desktop\mbam-setup-2.0.2.1012.exe
2014-07-26 20:10 - 2008-06-23 12:15 - 00000000 ____D () C:\ProgramData\hpqLog
2014-07-26 20:10 - 2006-11-02 15:01 - 00000006 ____H () C:\windows\Tasks\SA.DAT
2014-07-26 20:10 - 2006-11-02 14:47 - 00003216 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2014-07-26 20:10 - 2006-11-02 14:47 - 00003216 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2014-07-26 20:09 - 2006-11-02 15:00 - 00113620 _____ () C:\windows\PFRO.log
2014-07-26 20:08 - 2014-07-26 20:00 - 00000000 ____D () C:\AdwCleaner
2014-07-26 20:08 - 2012-10-28 22:17 - 00000000 ____D () C:\Program Files\Common Files\DVDVideoSoft
2014-07-26 20:08 - 2011-03-24 18:57 - 00001076 _____ () C:\windows\bthservsdp.dat
2014-07-26 20:08 - 2006-11-02 15:01 - 00032530 _____ () C:\windows\Tasks\SCHEDLGU.TXT
2014-07-26 19:59 - 2014-07-26 19:59 - 01354223 _____ () C:\Users\Kulgart\Desktop\adwcleaner_3.216.exe
2014-07-25 23:56 - 2012-11-29 12:45 - 00001128 _____ () C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3594060093-3555260226-2349647178-1004UA.job
2014-07-25 23:44 - 2013-06-03 18:43 - 00001100 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-07-25 23:26 - 2014-07-25 23:26 - 00011628 _____ () C:\ComboFix.txt
2014-07-25 23:26 - 2014-07-25 22:24 - 00000000 ____D () C:\Qoobox
2014-07-25 23:26 - 2006-11-02 13:18 - 00000000 ___RD () C:\Users\Public
2014-07-25 23:25 - 2014-07-25 22:10 - 00000000 ____D () C:\windows\erdnt
2014-07-25 23:20 - 2006-11-02 12:23 - 00000215 _____ () C:\windows\system.ini
2014-07-25 23:19 - 2006-11-02 12:22 - 69468160 _____ () C:\windows\system32\config\COMPON~3.bak
2014-07-25 23:19 - 2006-11-02 12:22 - 41418752 _____ () C:\windows\system32\config\software.bak
2014-07-25 23:19 - 2006-11-02 12:22 - 29360128 _____ () C:\windows\system32\config\system.bak
2014-07-25 23:19 - 2006-11-02 12:22 - 00524288 _____ () C:\windows\system32\config\default.bak
2014-07-25 23:19 - 2006-11-02 12:22 - 00262144 _____ () C:\windows\system32\config\security.bak
2014-07-25 23:19 - 2006-11-02 12:22 - 00262144 _____ () C:\windows\system32\config\sam.bak
2014-07-25 23:16 - 2011-03-24 19:08 - 00000000 ____D () C:\Users\Kulgart
2014-07-25 22:55 - 2014-07-25 22:55 - 00148760 _____ () C:\windows\Minidump\Mini072514-02.dmp
2014-07-25 22:55 - 2011-05-10 20:09 - 314782162 _____ () C:\windows\MEMORY.DMP
2014-07-25 22:55 - 2011-05-10 20:09 - 00000000 ____D () C:\windows\Minidump
2014-07-25 22:42 - 2014-07-25 22:42 - 00148760 _____ () C:\windows\Minidump\Mini072514-01.dmp
2014-07-25 22:18 - 2014-07-25 22:16 - 00000000 ____D () C:\Users\Kulgart\AppData\Roaming\DropboxMaster
2014-07-25 22:18 - 2014-07-25 22:03 - 00000000 ____D () C:\Users\Kulgart\AppData\Roaming\Dropbox
2014-07-25 22:16 - 2014-07-25 22:16 - 00000000 ____D () C:\Users\Kulgart\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2014-07-25 22:06 - 2014-07-25 22:02 - 05563277 ____R (Swearware) C:\Users\Kulgart\Desktop\ComboFix.exe
2014-07-23 19:44 - 2014-07-23 19:44 - 00043152 _____ (AVAST Software) C:\windows\avastSS.scr
2014-07-22 21:34 - 2011-10-13 20:37 - 00000000 ____D () C:\Users\Kulgart\Bilder
2014-07-22 19:29 - 2014-07-21 21:51 - 00008040 _____ () C:\Users\Kulgart\Documents\Shiral.odt
2014-07-22 18:21 - 2012-05-28 12:22 - 00002084 _____ () C:\Users\Kulgart\Desktop\Google Chrome.lnk
2014-07-22 17:59 - 2012-11-29 12:45 - 00001076 _____ () C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3594060093-3555260226-2349647178-1004Core.job
2014-07-14 20:26 - 2014-06-04 20:03 - 00030089 _____ () C:\Users\Kulgart\Documents\Überarbeitung Erik Dwight.odt
2014-07-13 21:06 - 2014-07-07 19:45 - 00010099 _____ () C:\Users\Kulgart\Documents\Megamind link.odt
2014-07-13 11:37 - 2006-11-02 14:47 - 00394280 _____ () C:\windows\system32\FNTCACHE.DAT
2014-07-13 11:35 - 2006-11-02 14:37 - 00000000 ____D () C:\Program Files\Windows Journal
2014-07-10 22:09 - 2013-08-14 22:17 - 00000000 ____D () C:\windows\system32\MRT
2014-07-10 22:06 - 2006-11-02 12:24 - 93585272 _____ (Microsoft Corporation) C:\windows\system32\mrt.exe
2014-07-09 19:33 - 2012-04-09 19:35 - 00699056 _____ (Adobe Systems Incorporated) C:\windows\system32\FlashPlayerApp.exe
2014-07-09 19:33 - 2011-05-29 11:43 - 00071344 _____ (Adobe Systems Incorporated) C:\windows\system32\FlashPlayerCPLApp.cpl
2014-07-08 18:46 - 2013-06-03 18:45 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive
2014-07-02 21:51 - 2008-04-16 06:19 - 01541724 _____ () C:\windows\system32\PerfStringBackup.INI
2014-07-02 20:13 - 2013-02-25 21:27 - 00000000 ____D () C:\Users\Kulgart\.gimp-2.8
2014-07-02 19:58 - 2014-07-02 19:58 - 00017351 _____ () C:\Users\Kulgart\AppData\Local\recently-used.xbel
2014-06-27 09:44 - 2013-06-03 18:43 - 00001096 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineCore.job
Some content of TEMP:
====================
C:\Users\Kulgart\AppData\Local\Temp\Quarantine.exe
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\windows\explorer.exe => File is digitally signed
C:\windows\system32\winlogon.exe => File is digitally signed
C:\windows\system32\wininit.exe => File is digitally signed
C:\windows\system32\svchost.exe => File is digitally signed
C:\windows\system32\services.exe => File is digitally signed
C:\windows\system32\User32.dll => File is digitally signed
C:\windows\system32\userinit.exe => File is digitally signed
C:\windows\system32\rpcss.dll => File is digitally signed
C:\windows\system32\Drivers\volsnap.sys => File is digitally signed
|
So funktioniert es:
FRST 32-Bit | FRST 64-Bit
AdwCleaner auf deinen Desktop.
Malwarebytes Anti-Malware 
SecurityCheck und:
