So. Ich hoffe, ich habe alles richtig gemacht. Mit jedem Alarm der Programme bin ich paranoider geworden und bin jetzt erfolgreich zum Nervenbündel mutiert. >_< Bei MBAM war ich mir nicht sicher, welche der beiden Dateien die richtige ist, daher also erst mal der Suchlauf: Code:
Malwarebytes Anti-Malware
www.malwarebytes.org
Suchlauf Datum: 08.09.2014
Suchlauf-Zeit: 20:42:47
Logdatei: mbam-suchlauf.txt
Administrator: Ja
Version: 2.00.2.1012
Malware Datenbank: v2014.09.08.06
Rootkit Datenbank: v2014.08.21.01
Lizenz: Kostenlos
Malware Schutz: Deaktiviert
Bösartiger Webseiten Schutz: Deaktiviert
Self-protection: Deaktiviert
Betriebssystem: Windows 7 Service Pack 1
CPU: x64
Dateisystem: NTFS
Benutzer: Pet
Suchlauf-Art: Bedrohungs-Suchlauf
Ergebnis: Abgeschlossen
Durchsuchte Objekte: 366857
Verstrichene Zeit: 6 Min, 41 Sek
Speicher: Aktiviert
Autostart: Aktiviert
Dateisystem: Aktiviert
Archive: Aktiviert
Rootkits: Deaktiviert
Heuristics: Aktiviert
PUP: Aktiviert
PUM: Aktiviert
Prozesse: 0
(No malicious items detected)
Module: 0
(No malicious items detected)
Registrierungsschlüssel: 2
PUP.Optional.Conduit.A, HKU\S-1-5-21-548620592-360744849-4095091825-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\CONDUIT\FF, In Quarantäne, [c3739c4f12698da9d30d1f25c34148b8],
PUP.Optional.Softonic.A, HKU\S-1-5-21-548620592-360744849-4095091825-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\SOFTONIC\Universal Downloader, In Quarantäne, [58de08e35922bd793305e13706fd30d0],
Registrierungswerte: 2
Backdoor.Papras, HKU\S-1-5-21-548620592-360744849-4095091825-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|ArowOkigi, regsvr32.exe "C:\ProgramData\ArowOkigi\ArowOkigi.dat", In Quarantäne, [ca6cf6f594e7ab8b99ac4a9e4aba6799]
Trojan.FakeMS.ED, HKU\S-1-5-21-548620592-360744849-4095091825-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|IlitVavfe, regsvr32.exe "C:\ProgramData\IlitVavfe\IlitVavfe.dat", In Quarantäne, [42f4905b99e250e65e09c9f043befd03]
Registrierungsdaten: 1
PUM.Hijack.StartMenu, HKU\S-1-5-21-548620592-360744849-4095091825-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\ADVANCED|Start_ShowMyComputer, 0, Gut: (1), Schlecht: (0),Ersetzt,[50e6e902e596043293782dc3f60ef30d]
Ordner: 2
PUP.Optional.PrivitizeTB.A, C:\Users\Pet\AppData\Local\Google\Chrome\User Data\default\extensions\dhfcbmlocifngpbjdpgnkbjmgkadkjpp, In Quarantäne, [3df938b37209162095dbe4ef1ae816ea],
PUP.Optional.PrivitizeTB.A, C:\Users\Pet\AppData\Local\Google\Chrome\User Data\default\extensions\dhfcbmlocifngpbjdpgnkbjmgkadkjpp\1.0_0, In Quarantäne, [3df938b37209162095dbe4ef1ae816ea],
Dateien: 18
Backdoor.Papras, C:\ProgramData\ArowOkigi\ArowOkigi.dat, In Quarantäne, [ca6cf6f594e7ab8b99ac4a9e4aba6799],
Trojan.FakeMS.ED, C:\ProgramData\IlitVavfe\IlitVavfe.dat, In Quarantäne, [42f4905b99e250e65e09c9f043befd03],
Trojan.MSIL.Injector, C:\ProgramData\InstallMate\{391E1A78-B69A-45E1-A70A-FEB8E2FD388E}\Custom.dll, In Quarantäne, [3afcc52692e9fc3a30e2d40f3fc229d7],
Trojan.MSIL.Injector, C:\ProgramData\InstallMate\{CFD24A5A-ED09-4AF7-A81C-A52B143168AC}\Custom.dll, In Quarantäne, [092dd7145724f2444ac8f2f1f40d6997],
PUP.Optional.PrivitizeTB.A, C:\Users\Pet\AppData\Roaming\Mozilla\Firefox\Profiles\4t6vfdza.default\searchplugins\privitize.xml, In Quarantäne, [01356982cdae0e286c32fc1d18eb8e72],
PUP.Optional.PrivitizeTB.A, C:\Users\Pet\AppData\Local\Google\Chrome\User Data\default\extensions\dhfcbmlocifngpbjdpgnkbjmgkadkjpp\1.0_0\appCntrl.js, In Quarantäne, [3df938b37209162095dbe4ef1ae816ea],
PUP.Optional.PrivitizeTB.A, C:\Users\Pet\AppData\Local\Google\Chrome\User Data\default\extensions\dhfcbmlocifngpbjdpgnkbjmgkadkjpp\1.0_0\bg.html, In Quarantäne, [3df938b37209162095dbe4ef1ae816ea],
PUP.Optional.PrivitizeTB.A, C:\Users\Pet\AppData\Local\Google\Chrome\User Data\default\extensions\dhfcbmlocifngpbjdpgnkbjmgkadkjpp\1.0_0\bg.js, In Quarantäne, [3df938b37209162095dbe4ef1ae816ea],
PUP.Optional.PrivitizeTB.A, C:\Users\Pet\AppData\Local\Google\Chrome\User Data\default\extensions\dhfcbmlocifngpbjdpgnkbjmgkadkjpp\1.0_0\CrmAdpt.dll, In Quarantäne, [3df938b37209162095dbe4ef1ae816ea],
PUP.Optional.PrivitizeTB.A, C:\Users\Pet\AppData\Local\Google\Chrome\User Data\default\extensions\dhfcbmlocifngpbjdpgnkbjmgkadkjpp\1.0_0\ct.js, In Quarantäne, [3df938b37209162095dbe4ef1ae816ea],
PUP.Optional.PrivitizeTB.A, C:\Users\Pet\AppData\Local\Google\Chrome\User Data\default\extensions\dhfcbmlocifngpbjdpgnkbjmgkadkjpp\1.0_0\CTB.dll, In Quarantäne, [3df938b37209162095dbe4ef1ae816ea],
PUP.Optional.PrivitizeTB.A, C:\Users\Pet\AppData\Local\Google\Chrome\User Data\default\extensions\dhfcbmlocifngpbjdpgnkbjmgkadkjpp\1.0_0\dpk.js, In Quarantäne, [3df938b37209162095dbe4ef1ae816ea],
PUP.Optional.PrivitizeTB.A, C:\Users\Pet\AppData\Local\Google\Chrome\User Data\default\extensions\dhfcbmlocifngpbjdpgnkbjmgkadkjpp\1.0_0\hprtkMsg.htm, In Quarantäne, [3df938b37209162095dbe4ef1ae816ea],
PUP.Optional.PrivitizeTB.A, C:\Users\Pet\AppData\Local\Google\Chrome\User Data\default\extensions\dhfcbmlocifngpbjdpgnkbjmgkadkjpp\1.0_0\hprtkMsg.js, In Quarantäne, [3df938b37209162095dbe4ef1ae816ea],
PUP.Optional.PrivitizeTB.A, C:\Users\Pet\AppData\Local\Google\Chrome\User Data\default\extensions\dhfcbmlocifngpbjdpgnkbjmgkadkjpp\1.0_0\json2.min.js, In Quarantäne, [3df938b37209162095dbe4ef1ae816ea],
PUP.Optional.PrivitizeTB.A, C:\Users\Pet\AppData\Local\Google\Chrome\User Data\default\extensions\dhfcbmlocifngpbjdpgnkbjmgkadkjpp\1.0_0\logo.png, In Quarantäne, [3df938b37209162095dbe4ef1ae816ea],
PUP.Optional.PrivitizeTB.A, C:\Users\Pet\AppData\Local\Google\Chrome\User Data\default\extensions\dhfcbmlocifngpbjdpgnkbjmgkadkjpp\1.0_0\manifest.json, In Quarantäne, [3df938b37209162095dbe4ef1ae816ea],
PUP.Optional.PrivitizeTB.A, C:\Users\Pet\AppData\Local\Google\Chrome\User Data\default\extensions\dhfcbmlocifngpbjdpgnkbjmgkadkjpp\1.0_0\pref.json, In Quarantäne, [3df938b37209162095dbe4ef1ae816ea],
Physische Sektoren: 0
(No malicious items detected)
(end) Nun zu AdwCleaner: Code:
# AdwCleaner v3.309 - Bericht erstellt am 08/09/2014 um 21:13:36
# Aktualisiert 02/09/2014 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits)
# Benutzername : Pet - KAAJI
# Gestartet von : C:\Users\Pet\Desktop\adwcleaner_3.309.exe
# Option : Löschen
***** [ Dienste ] *****
***** [ Dateien / Ordner ] *****
Ordner Gelöscht : C:\Program Files (x86)\DownLite
[/!\] Nicht Gelöscht ( Junction ) : C:\Program Files\Gemeinsame Dateien
Ordner Gelöscht : C:\Users\Pet\AppData\Roaming\DownLite
Ordner Gelöscht : C:\Users\Pet\AppData\Roaming\dvdvideosoftiehelpers
Ordner Gelöscht : C:\Users\Pet\AppData\Roaming\goforfiles
Ordner Gelöscht : C:\Users\Pet\AppData\Roaming\Mozilla\Firefox\Profiles\4t6vfdza.default\Smartbar
Ordner Gelöscht : C:\Users\Pet\AppData\Roaming\Mozilla\Firefox\Profiles\4t6vfdza.default\CT65619
Ordner Gelöscht : C:\Users\Pet\AppData\Roaming\Mozilla\Firefox\Profiles\4t6vfdza.default\Extensions\{3160baf9-cf68-48ec-9076-faed7ce49467}
Datei Gelöscht : C:\Users\Pet\AppData\Roaming\Mozilla\Firefox\Profiles\4t6vfdza.default\user.js
***** [ Tasks ] *****
***** [ Verknüpfungen ] *****
***** [ Registrierungsdatenbank ] *****
Wert Gelöscht : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [{ACAA314B-EEBA-48E4-AD47-84E31C44796C}]
Schlüssel Gelöscht : HKCU\Software\Classes\pokki
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\AskPIP_FF__RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\AskPIP_FF__RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\au__rasapi32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\au__rasmancs
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\GoforFiles_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\GoforFiles_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\iLividSetup_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\iLividSetup_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_fuer_izarc_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_fuer_izarc_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{C007DADD-132A-624C-088E-59EE6CF0711F}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\CLSID\{A75BE48D-BF58-4A8B-B96C-F9A09DFB9844}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\CLSID\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Schlüssel Gelöscht : HKCU\Software\Conduit
Schlüssel Gelöscht : HKCU\Software\GoforFiles
Schlüssel Gelöscht : HKCU\Software\ilivid
Schlüssel Gelöscht : HKCU\Software\Softonic
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\SmartBar
Schlüssel Gelöscht : HKLM\SOFTWARE\GoforFiles
***** [ Browser ] *****
-\\ Internet Explorer v0.0.0.0
-\\ Mozilla Firefox v31.0 (x86 de)
[ Datei : C:\Users\Pet\AppData\Roaming\Mozilla\Firefox\Profiles\4t6vfdza.default\prefs.js ]
Zeile gelöscht : user_pref("CT65619.ENABALE_HISTORY", "{\"dataType\":\"string\",\"data\":\"true\"}");
Zeile gelöscht : user_pref("CT65619.ENABLE_RETURN_WEB_SEARCH_ON_THE_PAGE", "{\"dataType\":\"string\",\"data\":\"true\"}");
Zeile gelöscht : user_pref("CT65619.FirstTime", "true");
Zeile gelöscht : user_pref("CT65619.FirstTimeFF3", "true");
Zeile gelöscht : user_pref("CT65619.LoginRevertSettingsEnabled", true);
Zeile gelöscht : user_pref("CT65619.RevertSettingsEnabled", true);
Zeile gelöscht : user_pref("CT65619.UserID", "UN24472415435882722");
Zeile gelöscht : user_pref("CT65619.addressBarTakeOverEnabledInHidden", "true");
Zeile gelöscht : user_pref("CT65619.embeddedsData", "[{\"appId\":\"127759438892500272\",\"apiPermissions\":{\"crossDomainAjax\":true,\"getMainFrameTitle\":true,\"getMainFrameUrl\":true,\"getSearchTerm\":true,\"instant[...]
Zeile gelöscht : user_pref("CT65619.enableAlerts", "never");
Zeile gelöscht : user_pref("CT65619.enableFix404ByUser", "TRUE");
Zeile gelöscht : user_pref("CT65619.firstTimeDialogOpened", "true");
Zeile gelöscht : user_pref("CT65619.fixPageNotFoundErrorByUser", "TRUE");
Zeile gelöscht : user_pref("CT65619.fixPageNotFoundErrorInHidden", "true");
Zeile gelöscht : user_pref("CT65619.fixUrls", true);
Zeile gelöscht : user_pref("CT65619.installType", "Unknown");
Zeile gelöscht : user_pref("CT65619.isCheckedStartAsHidden", true);
Zeile gelöscht : user_pref("CT65619.isEnableAllDialogs", "{\"dataType\":\"string\",\"data\":\"true\"}");
Zeile gelöscht : user_pref("CT65619.isFirstTimeToolbarLoading", "false");
Zeile gelöscht : user_pref("CT65619.isPerformedSmartBarTransition", "true");
Zeile gelöscht : user_pref("CT65619.isToolbarShrinked", "{\"dataType\":\"string\",\"data\":\"false\"}");
Zeile gelöscht : user_pref("CT65619.isWelcomPage", "{\"dataType\":\"boolean\",\"data\":\"true\"}");
Zeile gelöscht : user_pref("CT65619.lastVersion", "10.14.350.531");
Zeile gelöscht : user_pref("CT65619.migrateAppsAndComponents", true);
Zeile gelöscht : user_pref("CT65619.navigationAliasesJson", "{\"EB_MAIN_FRAME_URL\":\"about%3Aaddons\",\"EB_MAIN_FRAME_TITLE\":\"\",\"EB_SEARCH_TERM\":\"\",\"EB_TOOLBAR_SUB_DOMAIN\":\"hxxp://CT65619.ourtoolbar.com/\",[...]
Zeile gelöscht : user_pref("CT65619.search.searchAppId", "127759438892500272");
Zeile gelöscht : user_pref("CT65619.search.searchCount", "2");
Zeile gelöscht : user_pref("CT65619.searchInNewTabEnabled", "false");
Zeile gelöscht : user_pref("CT65619.searchInNewTabEnabledByUser", "false");
Zeile gelöscht : user_pref("CT65619.searchInNewTabEnabledInHidden", "true");
Zeile gelöscht : user_pref("CT65619.searchProtector.notifyChanges", "{\"dataType\":\"string\",\"data\":\"true\"}");
Zeile gelöscht : user_pref("CT65619.selectToSearchBoxEnabled", "{\"dataType\":\"string\",\"data\":\"true\"}");
Zeile gelöscht : user_pref("CT65619.sendUsageEnabled", "false");
Zeile gelöscht : user_pref("CT65619.serviceLayer_service_login_isFirstLoginInvoked", "{\"dataType\":\"boolean\",\"data\":\"true\"}");
Zeile gelöscht : user_pref("CT65619.serviceLayer_service_login_loginCount", "{\"dataType\":\"number\",\"data\":\"4\"}");
Zeile gelöscht : user_pref("CT65619.serviceLayer_service_toolbarGrouping_activeCTID", "{\"dataType\":\"string\",\"data\":\"CT65619\"}");
Zeile gelöscht : user_pref("CT65619.serviceLayer_service_toolbarGrouping_activeDownloadUrl", "{\"dataType\":\"string\",\"data\":\"hxxp://CT65619.ourtoolbar.com//xpi\"}");
Zeile gelöscht : user_pref("CT65619.serviceLayer_service_toolbarGrouping_activeToolbarName", "{\"dataType\":\"string\",\"data\":\"dict.cc\"}");
Zeile gelöscht : user_pref("CT65619.serviceLayer_service_toolbarGrouping_invoked", "{\"dataType\":\"string\",\"data\":\"true\"}");
Zeile gelöscht : user_pref("CT65619.serviceLayer_services_appTrackingFirstTime_lastUpdate", "1361735707534");
Zeile gelöscht : user_pref("CT65619.serviceLayer_services_appsMetadata_lastUpdate", "1362256975252");
Zeile gelöscht : user_pref("CT65619.serviceLayer_services_gottenAppsContextMenu_lastUpdate", "1361390372942");
Zeile gelöscht : user_pref("CT65619.serviceLayer_services_location_lastUpdate", "1362256975607");
Zeile gelöscht : user_pref("CT65619.serviceLayer_services_login_10.13.511.2_lastUpdate", "1358498356074");
Zeile gelöscht : user_pref("CT65619.serviceLayer_services_login_10.14.350.531_lastUpdate", "1362336729151");
Zeile gelöscht : user_pref("CT65619.serviceLayer_services_login_10.14.40.128_lastUpdate", "1360603379840");
Zeile gelöscht : user_pref("CT65619.serviceLayer_services_login_10.14.65.43_lastUpdate", "1361997255059");
Zeile gelöscht : user_pref("CT65619.serviceLayer_services_otherAppsContextMenu_lastUpdate", "1361390372993");
Zeile gelöscht : user_pref("CT65619.serviceLayer_services_searchAPI_lastUpdate", "1362256975613");
Zeile gelöscht : user_pref("CT65619.serviceLayer_services_serviceMap_lastUpdate", "1362256975546");
Zeile gelöscht : user_pref("CT65619.serviceLayer_services_setupAPI_lastUpdate", "1362256975801");
Zeile gelöscht : user_pref("CT65619.serviceLayer_services_toolbarContextMenu_lastUpdate", "1361390372909");
Zeile gelöscht : user_pref("CT65619.serviceLayer_services_toolbarSettings_lastUpdate", "1362336729111");
Zeile gelöscht : user_pref("CT65619.serviceLayer_services_translation_lastUpdate", "1362256975337");
Zeile gelöscht : user_pref("CT65619.settingsINI", true);
Zeile gelöscht : user_pref("CT65619.smartbar.CTID", "CT65619");
Zeile gelöscht : user_pref("CT65619.smartbar.Uninstall", "0");
Zeile gelöscht : user_pref("CT65619.smartbar.toolbarName", "dict.cc ");
Zeile gelöscht : user_pref("CT65619.toolbarBornServerTime", "26-12-2012");
Zeile gelöscht : user_pref("CT65619.toolbarCurrentServerTime", "3-3-2013");
Zeile gelöscht : user_pref("CT65619.toolbarDisabled", "true");
Zeile gelöscht : user_pref("CT65619_Firefox.csv", "[{\"from\":\"Abs Layer\",\"action\":\"loading toolbar\",\"time\":1362358001934,\"isWithState\":\"\",\"timeFromStart\":0,\"timeFromPrev\":0}]");
Zeile gelöscht : user_pref("extensions.fvd_single.surfcanyon.ramp.start_time", "1394639906198");
Zeile gelöscht : user_pref("smartbar.machineId", "71WFD7QPPYPNVJL672CHU6NJA5HWRAR4T6V5YB8HYZPXJX/2PXMKEHEY3UQF5ZT7AOZLPZNVI53JJFCRWDW2EW");
-\\ Google Chrome v
*************************
AdwCleaner[R0].txt - [10473 octets] - [08/09/2014 21:12:08]
AdwCleaner[S0].txt - [10097 octets] - [08/09/2014 21:13:36]
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [10158 octets] ########## Nun zu JRT: Code:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.4 (04.06.2014:1)
OS: Windows 7 Home Premium x64
Ran by Pet on 08.09.2014 at 21:20:21,84
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~ Services
~~~ Registry Values
Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Default_Page_URL
~~~ Registry Keys
~~~ Files
~~~ Folders
~~~ FireFox
Successfully deleted the following from C:\Users\Pet\AppData\Roaming\mozilla\firefox\profiles\4t6vfdza.default\prefs.js
user_pref("extensions.privitize.admin", false);
user_pref("extensions.privitize.aflt", "5");
user_pref("extensions.privitize.appId", "{301966DF-A84B-4255-AAB9-574B5CE237E4}");
user_pref("extensions.privitize.autoRvrt", "false");
user_pref("extensions.privitize.dfltLng", "");
user_pref("extensions.privitize.excTlbr", true);
user_pref("extensions.privitize.ffxUnstlRst", false);
user_pref("extensions.privitize.id", "18419fd70000000000000022cf72353f");
user_pref("extensions.privitize.instlDay", "15877");
user_pref("extensions.privitize.instlRef", "");
user_pref("extensions.privitize.newTab", false);
user_pref("extensions.privitize.prdct", "privitize");
user_pref("extensions.privitize.prtnrId", "privitize");
user_pref("extensions.privitize.rvrt", "false");
user_pref("extensions.privitize.smplGrp", "none");
user_pref("extensions.privitize.tlbrId", "base");
user_pref("extensions.privitize.tlbrSrchUrl", "hxxp://searchou.com/?id=18419fd70000000000000022cf72353f&affilt=5&q=");
user_pref("extensions.privitize.vrsn", "1.8.21.6");
user_pref("extensions.privitize.vrsnTs", "1.8.21.610:16:48");
user_pref("extensions.privitize.vrsni", "1.8.21.6");
Emptied folder: C:\Users\Pet\AppData\Roaming\mozilla\firefox\profiles\4t6vfdza.default\minidumps [142 files]
~~~ Event Viewer Logs were cleared
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 08.09.2014 at 21:24:15,51
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Und zu guter Letzt eine danach erstelltes FRST-Log:
FRST Logfile: Code:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 07-09-2014 01
Ran by Pet (administrator) on KAAJI on 08-09-2014 21:25:56
Running from C:\Users\Pet\Desktop
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 8
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
() C:\Program Files (x86)\ASUS\AXSP\1.00.18\atkexComSvc.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AAHM\1.00.20\aaHMSvc.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.13\AsSysCtrlService.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AsusFanControlService\1.00.21\AsusFanControlService.exe
(Microsoft Corporation) C:\Program Files\Microsoft LifeCam\MSCamS64.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Safer Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Microsoft Corporation) C:\Windows\System32\alg.exe
() C:\Program Files (x86)\VTech\DownloadManager\System\AgentMonitor.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [11613288 2010-11-19] (Realtek Semiconductor)
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1271072 2014-03-11] (Microsoft Corporation)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [1797064 2014-03-21] (NVIDIA Corporation)
HKLM-x32\...\Run: [LifeCam] => C:\Program Files (x86)\Microsoft LifeCam\LifeExp.exe [135536 2010-12-13] (Microsoft Corporation)
HKLM-x32\...\Run: [AgentMonitor] => C:\Program Files (x86)\VTech\DownloadManager\System\AgentMonitor.exe [391040 2014-04-17] ()
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [256896 2014-07-25] (Oracle Corporation)
HKLM-x32\...\Run: [SDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [4101576 2014-06-24] (Safer-Networking Ltd.)
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKU\S-1-5-21-548620592-360744849-4095091825-1000\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [21652064 2014-07-24] (Skype Technologies S.A.)
ShellIconOverlayIdentifiers: DropboxExt1 -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Pet\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: DropboxExt2 -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Pet\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: DropboxExt3 -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Pet\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: DropboxExt4 -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Pet\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: DropboxExt1 -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Pet\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: DropboxExt2 -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Pet\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: DropboxExt3 -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Pet\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll (Dropbox, Inc.)
BootExecute: autocheck autochk * sdnclean64.exe
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
ProxyEnable: Internet Explorer proxy is enabled.
ProxyServer: localhost:21320
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
BHO-x32: Spybot-S&D IE Protection -> {53707962-6F74-2D53-2644-206D7942484F} -> C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} https://fpdownload.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
FireFox:
========
FF ProfilePath: C:\Users\Pet\AppData\Roaming\Mozilla\Firefox\Profiles\4t6vfdza.default
FF Homepage: about:newtab
FF NetworkProxy: "ftp", "46.105.42.92"
FF NetworkProxy: "ftp_port", 3128
FF NetworkProxy: "http", "46.105.42.92"
FF NetworkProxy: "http_port", 3128
FF NetworkProxy: "no_proxies_on", "localhost, 127.0.0.1, stealthy.co"
FF NetworkProxy: "share_proxy_settings", true
FF NetworkProxy: "socks", "46.105.42.92"
FF NetworkProxy: "socks_port", 3128
FF NetworkProxy: "ssl", "46.105.42.92"
FF NetworkProxy: "ssl_port", 3128
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_14_0_0_145.dll ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_145.dll ()
FF Plugin-x32: @java.com/DTPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll No File
FF Plugin-x32: @videolan.org/vlc,version=2.0.8 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.2 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: Flash Video Downloader - YouTube Full HD Download - C:\Users\Pet\AppData\Roaming\Mozilla\Firefox\Profiles\4t6vfdza.default\Extensions\artur.dubovoy@gmail.com [2014-08-03]
FF Extension: DoNotTrackMe - C:\Users\Pet\AppData\Roaming\Mozilla\Firefox\Profiles\4t6vfdza.default\Extensions\donottrackplus@abine.com [2013-08-18]
FF Extension: ChatZilla - C:\Users\Pet\AppData\Roaming\Mozilla\Firefox\Profiles\4t6vfdza.default\Extensions\{59c81df5-4b7a-477b-912d-4e0fdf64e5f2} [2014-06-25]
FF Extension: Adblock Plus Pop-up Addon - C:\Users\Pet\AppData\Roaming\Mozilla\Firefox\Profiles\4t6vfdza.default\Extensions\adblockpopups@jessehakanen.net.xpi [2012-07-23]
FF Extension: Element Hiding Helper for Adblock Plus - C:\Users\Pet\AppData\Roaming\Mozilla\Firefox\Profiles\4t6vfdza.default\Extensions\elemhidehelper@adblockplus.org.xpi [2012-07-23]
FF Extension: Facebook Disconnect - C:\Users\Pet\AppData\Roaming\Mozilla\Firefox\Profiles\4t6vfdza.default\Extensions\facebook@disconnect.me.xpi [2013-07-23]
FF Extension: Ghostery - C:\Users\Pet\AppData\Roaming\Mozilla\Firefox\Profiles\4t6vfdza.default\Extensions\firefox@ghostery.com.xpi [2013-08-03]
FF Extension: Facebook Privacy Analyzer - C:\Users\Pet\AppData\Roaming\Mozilla\Firefox\Profiles\4t6vfdza.default\Extensions\fpa@informatik.tu-darmstadt.de.xpi [2014-01-17]
FF Extension: Facebook Privacy Watcher - C:\Users\Pet\AppData\Roaming\Mozilla\Firefox\Profiles\4t6vfdza.default\Extensions\fpw@informatik.tu-darmstadt.de.xpi [2013-07-23]
FF Extension: Facebook Blocker - C:\Users\Pet\AppData\Roaming\Mozilla\Firefox\Profiles\4t6vfdza.default\Extensions\info@skymeissner.com.xpi [2013-07-23]
FF Extension: Facebook Ticker Removal - C:\Users\Pet\AppData\Roaming\Mozilla\Firefox\Profiles\4t6vfdza.default\Extensions\info@technologymob.com.xpi [2013-07-23]
FF Extension: Stealthy - C:\Users\Pet\AppData\Roaming\Mozilla\Firefox\Profiles\4t6vfdza.default\Extensions\stealthyextension@gmail.com.xpi [2012-07-22]
FF Extension: Adblock Plus - C:\Users\Pet\AppData\Roaming\Mozilla\Firefox\Profiles\4t6vfdza.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2012-07-23]
Chrome:
=======
CHR Profile: C:\Users\Pet\AppData\Local\Google\Chrome\User Data\default
==================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 asComSvc; C:\Program Files (x86)\ASUS\AXSP\1.00.18\atkexComSvc.exe [918448 2011-10-29] () [File not signed]
R2 asHmComSvc; C:\Program Files (x86)\ASUS\AAHM\1.00.20\aaHMSvc.exe [951936 2012-02-02] (ASUSTeK Computer Inc.)
R2 AsSysCtrlService; C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.13\AsSysCtrlService.exe [149120 2012-02-17] (ASUSTeK Computer Inc.)
R2 AsusFanControlService; C:\Program Files (x86)\ASUS\AsusFanControlService\1.00.21\AsusFanControlService.exe [1478272 2012-01-13] (ASUSTeK Computer Inc.)
S3 ICCS; C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe [160768 2011-05-27] (Intel Corporation) [File not signed]
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23808 2014-03-11] (Microsoft Corporation)
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [347872 2014-03-11] (Microsoft Corporation)
S3 OverwolfUpdaterService; C:\Program Files (x86)\Overwolf\OverwolfUpdater.exe [18360 2013-10-23] (Overwolf Ltd)
R2 SBSDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [1153368 2009-01-26] (Safer Networking Ltd.)
R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1738168 2014-06-24] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2088408 2014-06-27] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2014-04-25] (Safer-Networking Ltd.)
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
R1 AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [13440 2010-08-24] ()
R1 AsUpIO; C:\Windows\SysWow64\drivers\AsUpIO.sys [14464 2010-08-03] ()
S3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [122584 2014-09-08] (Malwarebytes Corporation)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [268512 2014-01-25] (Microsoft Corporation)
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [133928 2014-03-11] (Microsoft Corporation)
R3 RTL85n64; C:\Windows\System32\DRIVERS\RTL85n64.sys [378368 2009-06-10] (Realtek)
S3 ALSysIO; \??\C:\Users\Pet\AppData\Local\Temp\ALSysIO64.sys [X]
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-09-08 21:25 - 2014-09-08 21:25 - 00000000 ____D () C:\Users\Pet\Desktop\FRST-OlderVersion
2014-09-08 21:24 - 2014-09-08 21:24 - 00002180 _____ () C:\Users\Pet\Desktop\JRT.txt
2014-09-08 21:20 - 2014-09-08 21:20 - 00000000 ____D () C:\Windows\ERUNT
2014-09-08 21:18 - 2014-09-08 21:18 - 00010251 _____ () C:\Users\Pet\Desktop\AdwCleaner[S0].txt
2014-09-08 21:12 - 2014-09-08 21:13 - 00000000 ____D () C:\AdwCleaner
2014-09-08 21:11 - 2014-09-08 21:11 - 00005901 _____ () C:\Users\Pet\Desktop\mbam.txt
2014-09-08 21:10 - 2014-09-08 21:10 - 00005910 _____ () C:\Users\Pet\Desktop\mbam-suchlauf.txt
2014-09-08 20:42 - 2014-09-08 21:08 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-09-08 20:42 - 2014-09-08 20:42 - 00001102 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-09-08 20:42 - 2014-09-08 20:42 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-09-08 20:41 - 2014-09-08 20:42 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-09-08 20:41 - 2014-09-08 20:41 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-09-08 20:41 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-09-08 20:41 - 2014-05-12 07:26 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-09-08 20:41 - 2014-05-12 07:25 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-09-08 20:37 - 2014-09-08 20:37 - 01370483 _____ () C:\Users\Pet\Desktop\adwcleaner_3.309.exe
2014-09-08 20:37 - 2014-09-08 20:37 - 01016261 _____ (Thisisu) C:\Users\Pet\Desktop\JRT.exe
2014-09-08 20:36 - 2014-09-08 20:36 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Pet\Desktop\mbam-setup-2.0.2.1012.exe
2014-09-08 18:38 - 2014-09-08 18:38 - 00011025 _____ () C:\Users\Pet\AppData\Local\recently-used.xbel
2014-09-08 01:42 - 2014-09-08 01:42 - 00000862 _____ () C:\Users\Pet\Desktop\ComboFix - Verknüpfung.lnk
2014-09-08 01:32 - 2014-09-08 01:32 - 00023456 _____ () C:\ComboFix.txt
2014-09-08 01:28 - 2011-06-26 08:45 - 00256000 _____ () C:\Windows\PEV.exe
2014-09-08 01:28 - 2010-11-07 19:20 - 00208896 _____ () C:\Windows\MBR.exe
2014-09-08 01:28 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2014-09-08 01:28 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2014-09-08 01:28 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2014-09-08 01:28 - 2000-08-31 02:00 - 00098816 _____ () C:\Windows\sed.exe
2014-09-08 01:28 - 2000-08-31 02:00 - 00080412 _____ () C:\Windows\grep.exe
2014-09-08 01:28 - 2000-08-31 02:00 - 00068096 _____ () C:\Windows\zip.exe
2014-09-08 01:24 - 2014-09-08 01:24 - 00000000 ____D () C:\Users\Pet\Documents\ProcAlyzer Dumps
2014-09-08 01:09 - 2014-09-08 01:32 - 00000000 ____D () C:\Qoobox
2014-09-08 01:09 - 2014-09-08 01:31 - 00000000 ____D () C:\Windows\erdnt
2014-09-08 01:02 - 2014-09-08 01:02 - 00001264 _____ () C:\Users\Pet\Desktop\Revo Uninstaller.lnk
2014-09-08 01:02 - 2014-09-08 01:02 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group
2014-09-08 00:59 - 2014-09-08 00:59 - 05576440 ____R (Swearware) C:\Users\Pet\Desktop\ComboFix.exe
2014-09-08 00:54 - 2014-09-08 00:54 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\Pet\Desktop\revosetup95.exe
2014-09-07 20:46 - 2014-09-08 21:06 - 00000000 ____D () C:\ProgramData\IlitVavfe
2014-09-07 17:56 - 2014-09-08 20:39 - 00000000 ____D () C:\Users\Pet\Desktop\Trojaner-Board
2014-09-07 17:35 - 2014-09-07 17:35 - 00292704 _____ () C:\Windows\Minidump\090714-16114-01.dmp
2014-09-07 17:32 - 2014-09-07 17:32 - 00005054 _____ () C:\Users\Pet\Desktop\Gmer.txt
2014-09-07 17:15 - 2014-09-07 17:15 - 00035437 _____ () C:\Users\Pet\Desktop\Addition.txt
2014-09-07 17:13 - 2014-09-08 21:25 - 00014821 _____ () C:\Users\Pet\Desktop\FRST.txt
2014-09-07 17:13 - 2014-09-08 21:25 - 00000000 ____D () C:\FRST
2014-09-07 17:13 - 2014-09-07 17:15 - 00031634 _____ () C:\Users\Pet\Desktop\FRST-old.txt
2014-09-07 17:12 - 2014-09-08 21:25 - 02105344 _____ (Farbar) C:\Users\Pet\Desktop\FRST64.exe
2014-09-07 17:09 - 2014-09-07 17:09 - 00380416 _____ () C:\Users\Pet\Desktop\Gmer-19357.exe
2014-09-07 00:50 - 2009-06-10 23:00 - 00000824 _____ () C:\Windows\system32\Drivers\etc\hosts.20140907-005056.backup
2014-09-06 23:56 - 2014-09-06 23:59 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy 2
2014-09-06 23:56 - 2014-09-06 23:56 - 00001391 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk
2014-09-06 23:56 - 2014-09-06 23:56 - 00001379 _____ () C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
2014-09-06 23:56 - 2014-09-06 23:56 - 00000656 _____ () C:\Windows\Tasks\Check for updates (Spybot - Search & Destroy).job
2014-09-06 23:56 - 2014-09-06 23:56 - 00000628 _____ () C:\Windows\Tasks\Refresh immunization (Spybot - Search & Destroy).job
2014-09-06 23:56 - 2014-09-06 23:56 - 00000458 _____ () C:\Windows\Tasks\Scan the system (Spybot - Search & Destroy).job
2014-09-06 23:56 - 2014-09-06 23:56 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2
2014-09-06 23:56 - 2013-09-20 10:49 - 00021040 _____ (Safer Networking Limited) C:\Windows\system32\sdnclean64.exe
2014-09-06 22:58 - 2014-09-08 20:49 - 00000000 ____D () C:\ProgramData\ArowOkigi
2014-08-30 18:07 - 2014-08-23 04:07 - 00404480 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2014-08-30 18:07 - 2014-08-23 03:45 - 00311808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2014-08-30 18:07 - 2014-08-23 02:59 - 03163648 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-08-24 01:00 - 2014-08-24 01:00 - 00001061 _____ () C:\Users\Public\Desktop\No23 Recorder.lnk
2014-08-24 01:00 - 2014-08-24 01:00 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\No23 Recorder
2014-08-24 01:00 - 2014-08-24 01:00 - 00000000 ____D () C:\ProgramData\Caphyon
2014-08-24 01:00 - 2014-08-24 01:00 - 00000000 ____D () C:\Program Files (x86)\No23 Recorder
2014-08-19 07:58 - 2014-05-14 18:23 - 02477536 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2014-08-19 07:58 - 2014-05-14 18:23 - 00058336 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2014-08-19 07:58 - 2014-05-14 18:23 - 00044512 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2014-08-19 07:58 - 2014-05-14 18:21 - 02620928 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2014-08-19 07:57 - 2014-05-14 18:23 - 00700384 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2014-08-19 07:57 - 2014-05-14 18:23 - 00581600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2014-08-19 07:57 - 2014-05-14 18:23 - 00038880 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2014-08-19 07:57 - 2014-05-14 18:23 - 00036320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
2014-08-19 07:57 - 2014-05-14 18:20 - 00097792 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2014-08-19 07:57 - 2014-05-14 18:17 - 00092672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2014-08-19 07:57 - 2014-05-14 09:23 - 00198600 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2014-08-19 07:57 - 2014-05-14 09:23 - 00179656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2014-08-19 07:57 - 2014-05-14 09:20 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2014-08-19 07:57 - 2014-05-14 09:17 - 00033792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2014-08-13 12:10 - 2014-07-01 00:24 - 00008856 _____ (Microsoft Corporation) C:\Windows\system32\icardres.dll
2014-08-13 12:10 - 2014-07-01 00:14 - 00008856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardres.dll
2014-08-13 12:10 - 2014-03-09 23:48 - 01389208 _____ (Microsoft Corporation) C:\Windows\system32\icardagt.exe
2014-08-13 12:10 - 2014-03-09 23:48 - 00171160 _____ (Microsoft Corporation) C:\Windows\system32\infocardapi.dll
2014-08-13 12:10 - 2014-03-09 23:47 - 00619672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardagt.exe
2014-08-13 12:10 - 2014-03-09 23:47 - 00099480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\infocardapi.dll
2014-08-13 12:09 - 2014-07-09 04:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDYAK.DLL
2014-08-13 12:09 - 2014-07-09 04:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDTAT.DLL
2014-08-13 12:09 - 2014-07-09 04:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDRU1.DLL
2014-08-13 12:09 - 2014-07-09 04:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDBASH.DLL
2014-08-13 12:09 - 2014-07-09 04:03 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\KBDRU.DLL
2014-08-13 12:09 - 2014-07-09 03:31 - 00007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDYAK.DLL
2014-08-13 12:09 - 2014-07-09 03:31 - 00007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDTAT.DLL
2014-08-13 12:09 - 2014-07-09 03:31 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDRU1.DLL
2014-08-13 12:09 - 2014-07-09 03:31 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDRU.DLL
2014-08-13 12:09 - 2014-07-09 03:31 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDBASH.DLL
2014-08-13 12:09 - 2014-07-09 00:38 - 00419992 _____ () C:\Windows\system32\locale.nls
2014-08-13 12:09 - 2014-07-09 00:30 - 00419992 _____ () C:\Windows\SysWOW64\locale.nls
2014-08-13 12:09 - 2014-06-06 08:16 - 00035480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TsWpfWrp.exe
2014-08-13 12:09 - 2014-06-06 08:12 - 00035480 _____ (Microsoft Corporation) C:\Windows\system32\TsWpfWrp.exe
2014-08-13 12:08 - 2014-07-16 05:23 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2014-08-13 12:08 - 2014-07-16 04:46 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2014-08-13 12:08 - 2014-07-14 04:02 - 01216000 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2014-08-13 12:08 - 2014-07-14 03:40 - 00664064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2014-08-13 12:08 - 2014-06-25 04:05 - 14175744 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2014-08-13 12:08 - 2014-06-25 03:41 - 12874240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2014-08-13 12:08 - 2014-06-16 04:10 - 00985536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys
2014-08-13 12:08 - 2014-06-03 12:02 - 03241984 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2014-08-13 12:08 - 2014-06-03 12:02 - 01941504 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2014-08-13 12:08 - 2014-06-03 12:02 - 00504320 _____ (Microsoft Corporation) C:\Windows\system32\msihnd.dll
2014-08-13 12:08 - 2014-06-03 12:02 - 00112064 _____ (Microsoft Corporation) C:\Windows\system32\consent.exe
2014-08-13 12:08 - 2014-06-03 11:29 - 02363392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2014-08-13 12:08 - 2014-06-03 11:29 - 01805824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2014-08-13 12:08 - 2014-06-03 11:29 - 00337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msihnd.dll
2014-08-11 12:39 - 2014-08-11 12:39 - 00272808 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2014-08-11 12:39 - 2014-08-11 12:39 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2014-08-11 12:39 - 2014-08-11 12:39 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2014-08-11 12:39 - 2014-08-11 12:39 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2014-08-11 12:39 - 2014-08-11 12:39 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-08-11 12:39 - 2014-08-11 12:39 - 00000000 ____D () C:\Program Files (x86)\Java
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-09-08 21:26 - 2014-09-07 17:13 - 00014821 _____ () C:\Users\Pet\Desktop\FRST.txt
2014-09-08 21:25 - 2014-09-08 21:25 - 00000000 ____D () C:\Users\Pet\Desktop\FRST-OlderVersion
2014-09-08 21:25 - 2014-09-07 17:13 - 00000000 ____D () C:\FRST
2014-09-08 21:25 - 2014-09-07 17:12 - 02105344 _____ (Farbar) C:\Users\Pet\Desktop\FRST64.exe
2014-09-08 21:24 - 2014-09-08 21:24 - 00002180 _____ () C:\Users\Pet\Desktop\JRT.txt
2014-09-08 21:23 - 2009-07-14 06:45 - 00021856 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-09-08 21:23 - 2009-07-14 06:45 - 00021856 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-09-08 21:20 - 2014-09-08 21:20 - 00000000 ____D () C:\Windows\ERUNT
2014-09-08 21:19 - 2012-07-22 19:53 - 00000000 ____D () C:\Users\Pet\AppData\Roaming\Skype
2014-09-08 21:18 - 2014-09-08 21:18 - 00010251 _____ () C:\Users\Pet\Desktop\AdwCleaner[S0].txt
2014-09-08 21:16 - 2013-05-17 13:01 - 00000000 ____D () C:\ProgramData\NVIDIA
2014-09-08 21:16 - 2012-09-30 09:44 - 00000433 _____ () C:\Windows\system32\Drivers\etc\hosts.ics
2014-09-08 21:16 - 2010-11-21 05:47 - 00144742 _____ () C:\Windows\PFRO.log
2014-09-08 21:16 - 2009-07-14 06:51 - 00077165 _____ () C:\Windows\setupact.log
2014-09-08 21:13 - 2014-09-08 21:12 - 00000000 ____D () C:\AdwCleaner
2014-09-08 21:13 - 2005-01-01 01:44 - 01747568 _____ () C:\Windows\WindowsUpdate.log
2014-09-08 21:11 - 2014-09-08 21:11 - 00005901 _____ () C:\Users\Pet\Desktop\mbam.txt
2014-09-08 21:10 - 2014-09-08 21:10 - 00005910 _____ () C:\Users\Pet\Desktop\mbam-suchlauf.txt
2014-09-08 21:08 - 2014-09-08 20:42 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-09-08 21:07 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\tracing
2014-09-08 21:06 - 2014-09-07 20:46 - 00000000 ____D () C:\ProgramData\IlitVavfe
2014-09-08 21:04 - 2012-07-22 18:38 - 00000000 ____D () C:\Users\Pet\AppData\Roaming\Mumble
2014-09-08 20:49 - 2014-09-06 22:58 - 00000000 ____D () C:\ProgramData\ArowOkigi
2014-09-08 20:49 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\PLA
2014-09-08 20:42 - 2014-09-08 20:42 - 00001102 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-09-08 20:42 - 2014-09-08 20:42 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-09-08 20:42 - 2014-09-08 20:41 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-09-08 20:41 - 2014-09-08 20:41 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-09-08 20:39 - 2014-09-07 17:56 - 00000000 ____D () C:\Users\Pet\Desktop\Trojaner-Board
2014-09-08 20:37 - 2014-09-08 20:37 - 01370483 _____ () C:\Users\Pet\Desktop\adwcleaner_3.309.exe
2014-09-08 20:37 - 2014-09-08 20:37 - 01016261 _____ (Thisisu) C:\Users\Pet\Desktop\JRT.exe
2014-09-08 20:36 - 2014-09-08 20:36 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Pet\Desktop\mbam-setup-2.0.2.1012.exe
2014-09-08 18:38 - 2014-09-08 18:38 - 00011025 _____ () C:\Users\Pet\AppData\Local\recently-used.xbel
2014-09-08 18:38 - 2012-07-22 23:51 - 00000000 ____D () C:\Users\Pet\.gimp-2.8
2014-09-08 01:42 - 2014-09-08 01:42 - 00000862 _____ () C:\Users\Pet\Desktop\ComboFix - Verknüpfung.lnk
2014-09-08 01:32 - 2014-09-08 01:32 - 00023456 _____ () C:\ComboFix.txt
2014-09-08 01:32 - 2014-09-08 01:09 - 00000000 ____D () C:\Qoobox
2014-09-08 01:31 - 2014-09-08 01:09 - 00000000 ____D () C:\Windows\erdnt
2014-09-08 01:31 - 2009-07-14 04:34 - 00000215 _____ () C:\Windows\system.ini
2014-09-08 01:24 - 2014-09-08 01:24 - 00000000 ____D () C:\Users\Pet\Documents\ProcAlyzer Dumps
2014-09-08 01:02 - 2014-09-08 01:02 - 00001264 _____ () C:\Users\Pet\Desktop\Revo Uninstaller.lnk
2014-09-08 01:02 - 2014-09-08 01:02 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group
2014-09-08 00:59 - 2014-09-08 00:59 - 05576440 ____R (Swearware) C:\Users\Pet\Desktop\ComboFix.exe
2014-09-08 00:54 - 2014-09-08 00:54 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\Pet\Desktop\revosetup95.exe
2014-09-07 17:35 - 2014-09-07 17:35 - 00292704 _____ () C:\Windows\Minidump\090714-16114-01.dmp
2014-09-07 17:35 - 2012-12-09 21:22 - 732107202 _____ () C:\Windows\MEMORY.DMP
2014-09-07 17:35 - 2012-12-09 21:22 - 00000000 ____D () C:\Windows\Minidump
2014-09-07 17:32 - 2014-09-07 17:32 - 00005054 _____ () C:\Users\Pet\Desktop\Gmer.txt
2014-09-07 17:15 - 2014-09-07 17:15 - 00035437 _____ () C:\Users\Pet\Desktop\Addition.txt
2014-09-07 17:15 - 2014-09-07 17:13 - 00031634 _____ () C:\Users\Pet\Desktop\FRST-old.txt
2014-09-07 17:09 - 2014-09-07 17:09 - 00380416 _____ () C:\Users\Pet\Desktop\Gmer-19357.exe
2014-09-07 01:43 - 2012-07-23 16:51 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2014-09-06 23:59 - 2014-09-06 23:56 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy 2
2014-09-06 23:56 - 2014-09-06 23:56 - 00001391 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk
2014-09-06 23:56 - 2014-09-06 23:56 - 00001379 _____ () C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
2014-09-06 23:56 - 2014-09-06 23:56 - 00000656 _____ () C:\Windows\Tasks\Check for updates (Spybot - Search & Destroy).job
2014-09-06 23:56 - 2014-09-06 23:56 - 00000628 _____ () C:\Windows\Tasks\Refresh immunization (Spybot - Search & Destroy).job
2014-09-06 23:56 - 2014-09-06 23:56 - 00000458 _____ () C:\Windows\Tasks\Scan the system (Spybot - Search & Destroy).job
2014-09-06 23:56 - 2014-09-06 23:56 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2
2014-09-05 07:04 - 2014-01-30 09:02 - 00000000 ___RD () C:\Users\Pet\Dropbox
2014-09-05 07:04 - 2014-01-30 09:01 - 00000000 ____D () C:\Users\Pet\AppData\Roaming\DropboxMaster
2014-09-05 07:04 - 2014-01-30 08:59 - 00000000 ____D () C:\Users\Pet\AppData\Roaming\Dropbox
2014-09-05 07:03 - 2011-04-12 09:43 - 00699432 _____ () C:\Windows\system32\perfh007.dat
2014-09-05 07:03 - 2011-04-12 09:43 - 00149572 _____ () C:\Windows\system32\perfc007.dat
2014-09-05 07:03 - 2009-07-14 07:13 - 01620684 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-08-30 18:14 - 2009-07-14 06:45 - 00303336 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-08-29 08:51 - 2013-12-09 16:09 - 00000072 _____ () C:\Users\Public\LMDebug.log
2014-08-28 23:51 - 2013-11-08 22:21 - 00000000 ___RD () C:\Users\Pet\Desktop\WIIICHTIIIG
2014-08-25 10:04 - 2014-07-12 12:20 - 00000000 ___RD () C:\Users\Pet\Desktop\Unsortiert
2014-08-24 01:00 - 2014-08-24 01:00 - 00001061 _____ () C:\Users\Public\Desktop\No23 Recorder.lnk
2014-08-24 01:00 - 2014-08-24 01:00 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\No23 Recorder
2014-08-24 01:00 - 2014-08-24 01:00 - 00000000 ____D () C:\ProgramData\Caphyon
2014-08-24 01:00 - 2014-08-24 01:00 - 00000000 ____D () C:\Program Files (x86)\No23 Recorder
2014-08-23 04:07 - 2014-08-30 18:07 - 00404480 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2014-08-23 03:45 - 2014-08-30 18:07 - 00311808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2014-08-23 02:59 - 2014-08-30 18:07 - 03163648 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-08-21 14:09 - 2012-07-23 18:07 - 00000000 ____D () C:\Users\Pet\AppData\Roaming\vlc
2014-08-20 18:11 - 2012-07-22 19:52 - 00000000 ____D () C:\ProgramData\Skype
2014-08-13 12:15 - 2013-07-11 11:40 - 00000000 ____D () C:\Windows\system32\MRT
2014-08-13 12:13 - 2012-07-23 16:10 - 99218768 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-08-13 11:55 - 2012-07-22 18:18 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mumble
2014-08-13 11:55 - 2012-07-22 18:18 - 00000000 ____D () C:\Program Files (x86)\Mumble
2014-08-11 13:00 - 2013-10-28 01:31 - 00000000 ____D () C:\ProgramData\Oracle
2014-08-11 12:39 - 2014-08-11 12:39 - 00272808 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2014-08-11 12:39 - 2014-08-11 12:39 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2014-08-11 12:39 - 2014-08-11 12:39 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2014-08-11 12:39 - 2014-08-11 12:39 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2014-08-11 12:39 - 2014-08-11 12:39 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-08-11 12:39 - 2014-08-11 12:39 - 00000000 ____D () C:\Program Files (x86)\Java
Some content of TEMP:
====================
C:\Users\Pet\AppData\Local\Temp\Quarantine.exe
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2012-07-21 23:53
==================== End Of Log ============================ --- --- ---
--- --- ---
Ich hoffe, dass das Ganze etwas gebracht hat - ich bin heilfroh, dass es euch hier gibt, aber jetzt auch komplett panisch, dass ich was übersehen habe oder falsch gemacht oder reinfiziert oder, oder, oder...
Update: ich wurde darauf hingewiesen, dass ich einen veralteten IE verwende. Habe das korrigiert. Mannmann, ihr findet aber wirklich alles! :daumenhoc
DasPet |