| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: getwindowinfo Internet Explorer VirusWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
11.06.2014, 16:46
| #1 |
| |  getwindowinfo Internet Explorer Virus Hallo, seit kurzem plagt mich der Virus, bei dem sich ständig der Internet Explorer öffnet und in der Adressleiste steht http//getwindowinfo/ mit dem Hinweis, dass die Seite nicht angezeigt werden kann. Ich habe auch schon das Farbar's Recovery Scan Tool durchlaufen lassen und poste hoffentlich die richtigen Informationen. Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 11-06-2014 01 Ran by Michi (administrator) on MICHAEL-PC on 11-06-2014 17:35:27 Running from C:\Users\Michi\Downloads Platform: Windows 7 Ultimate Service Pack 1 (X64) OS Language: German Standard Internet Explorer Version 11 Boot Mode: Normal The only official download link for FRST: Download link for 32-Bit version: hxxp://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/ Download link for 64-Bit Version: hxxp://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/ Download link from any site other than Bleeping Computer is unpermitted or outdated. See tutorial for FRST: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe () C:\Program Files (x86)\Guard-ICQ\GuardICQ.exe (Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe (Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe (Microsoft Corporation) C:\Program Files\Microsoft LifeCam\MSCamS64.exe (Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe (Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe (Google Inc.) C:\Users\Michi\AppData\Local\Google\Update\GoogleUpdate.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe (Spotify Ltd) C:\Users\Michi\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe () C:\Users\Michi\AppData\Local\pgcchelper\pgcchelper.exe (McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.8.141\SSScheduler.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe () C:\Program Files (x86)\Guard-ICQ\GuardICQ.exe () C:\Windows\SysWOW64\PnkBstrA.exe (Razer Inc.) C:\Program Files (x86)\Razer\Razer Game Booster\RzKLService.exe (Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe () C:\Program Files (x86)\Flash Component Manager\srvhelper32.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe (Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe (Google Inc.) C:\Users\Michi\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Users\Michi\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Users\Michi\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Users\Michi\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Users\Michi\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Users\Michi\AppData\Local\Google\Chrome\Application\chrome.exe (Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe (Google Inc.) C:\Users\Michi\AppData\Local\Google\Chrome\Application\chrome.exe ==================== Registry (Whitelisted) ================== HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [8067616 2009-08-18] (Realtek Semiconductor) HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2234144 2014-02-05] (NVIDIA Corporation) HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\nvspcap64.dll [1179576 2014-02-05] (NVIDIA Corporation) HKLM-x32\...\Run: [GrooveMonitor] => C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation) HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [43848 2014-02-06] (Apple Inc.) HKLM-x32\...\Run: [Guard.Mail.ru.gui] => C:\Program Files (x86)\Guard-ICQ\GuardICQ.exe [1564368 2012-10-02] () HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-05-11] (Adobe Systems Incorporated) HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation) HKLM-x32\...\Run: [LifeCam] => C:\Program Files (x86)\Microsoft LifeCam\LifeExp.exe [135536 2010-12-13] (Microsoft Corporation) HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-02-21] (Apple Inc.) HKLM-x32\...\Run: [Windows Servelet System Component] => C:\Program Files (x86)\Flash Component Manager\srvhelper32.exe [640512 2014-05-23] () HKU\.DEFAULT\...\RunOnce: [SpUninstallDeleteDir] - rmdir /s /q "\SearchProtect" HKU\S-1-5-21-1310588184-673581607-1649281803-1002\...\Run: [Google Update] => C:\Users\Michi\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2012-10-09] (Google Inc.) HKU\S-1-5-21-1310588184-673581607-1649281803-1002\...\Run: [UninstallHelper] => "C:\Program Files (x86)\W3i\UninstallHelper\UninstallHelper.exe" /silent /autorun HKU\S-1-5-21-1310588184-673581607-1649281803-1002\...\Run: [Spotify Web Helper] => C:\Users\Michi\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1176632 2014-05-18] (Spotify Ltd) HKU\S-1-5-21-1310588184-673581607-1649281803-1002\...\Run: [AdobeBridge] => [X] HKU\S-1-5-21-1310588184-673581607-1649281803-1002\...\Run: [zASRockInstantBoot] => [X] HKU\S-1-5-21-1310588184-673581607-1649281803-1002\...\Run: [ASRockOCTuner] => [X] HKU\S-1-5-21-1310588184-673581607-1649281803-1002\...\Run: [pgcchelper] => C:\Users\Michi\AppData\Local\pgcchelper\pgcchelper.exe [465920 2013-08-21] () HKU\S-1-5-21-1310588184-673581607-1649281803-1002\...\MountPoints2: {d75bf13e-a365-11e2-a41b-000cf64dfaec} - E:\HTC_Sync_Manager_PC.exe Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.8.141\SSScheduler.exe (McAfee, Inc.) ==================== Internet (Whitelisted) ==================== SearchScopes: HKLM - {31090377-0740-419E-BEFC-A56E50500D5B} URL = hxxp://speedial.com/results.php?f=4&q={searchTerms}&a=spd_cmi_14_23_ch&cd=2XzuyEtN2Y1L1QzutDtDtCzyyCyCzyzztA0FyC0DzzyDtCyCtN0D0Tzu0SzzzzzztN1L2XzutBtFtBtDtFtCzytFtDtN1L1CzutCyEtBzytDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2SyCyC0E0DyByC0EyBtG0DyCyCyDtGyC0A0AtCtGyDyByB0BtGtC0BtAtC0Fzz0ByDzztA0C0E2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyDtBzz0F0F0B0CzztGtDtC0DyBtG0B0ByC0FtG0FyCtC0AtGyEyD0DtDtAtBtDyC0F0EtBzz2Q&cr=122917124&ir= SearchScopes: HKCU - DefaultScope {5A20FE89-F12A-4624-B95D-0739F11FD4D7} URL = hxxp://search.findwide.com/serp?guid={40D7FC8E-3194-493C-A6DD-93C7037B5C59}&action=default_search&k={searchTerms} SearchScopes: HKCU - {31090377-0740-419E-BEFC-A56E50500D5B} URL = hxxp://speedial.com/results.php?f=4&q={searchTerms}&a=spd_cmi_14_23_ch&cd=2XzuyEtN2Y1L1QzutDtDtCzyyCyCzyzztA0FyC0DzzyDtCyCtN0D0Tzu0SzzzzzztN1L2XzutBtFtBtDtFtCzytFtDtN1L1CzutCyEtBzytDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2SyCyC0E0DyByC0EyBtG0DyCyCyDtGyC0A0AtCtGyDyByB0BtGtC0BtAtC0Fzz0ByDzztA0C0E2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyDtBzz0F0F0B0CzztGtDtC0DyBtG0B0ByC0FtG0FyCtC0AtGyEyD0DtDtAtBtDyC0F0EtBzz2Q&cr=122917124&ir= SearchScopes: HKCU - {3A59A48F-947F-48B2-A030-ACA974521D2A} URL = hxxp://search.yahoo.com/search?p={searchTerms}&fr=tightropetb&type=10863 SearchScopes: HKCU - {5A20FE89-F12A-4624-B95D-0739F11FD4D7} URL = hxxp://search.findwide.com/serp?guid={40D7FC8E-3194-493C-A6DD-93C7037B5C59}&action=default_search&k={searchTerms} BHO-x32: ICQ Sparberater - {0766C1B9-B2DC-46E5-8934-4F3D6B42B1BD} - C:\Program Files (x86)\icq\Internet Explorer\icq.dll (solute gmbh) BHO-x32: MSS+ Identifier - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files\McAfee Security Scan\3.8.141\McAfeeMSS_IE.dll (McAfee, Inc.) BHO-x32: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation) BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) Toolbar: HKCU - No Name - {DA8D74EE-A3D7-4D2C-BC7A-E10D6D862257} - No File DPF: HKLM-x32 {74DBCB52-F298-4110-951D-AD2FF67BC8AB} hxxp://www.nvidia.com/content/DriverDownload/nforce/NvidiaSmartScan.cab DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies) Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 192.168.1.1 FireFox: ======== FF ProfilePath: C:\Users\Michi\AppData\Roaming\Mozilla\Firefox\Profiles\4c7lz8yl.default FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_13_0_0_214.dll () FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_214.dll () FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () FF Plugin-x32: @java.com/DTPlugin,version=10.55.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=10.55.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin-x32: @mcafee.com/McAfeeMssPlugin - C:\Program Files\McAfee Security Scan\3.8.141\npMcAfeeMss.dll (McAfee, Inc.) FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\4.0.60310.0\npctrl.dll ( Microsoft Corporation) FF Plugin-x32: @microsoft.com/OfficeLive,version=1.5 - C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.) FF Plugin-x32: @nvidia.com/3DVision - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation) FF Plugin-x32: @nvidia.com/3DVisionStreaming - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation) FF Plugin-x32: @pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks) FF Plugin-x32: @videolan.org/vlc,version=2.0.5 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN) FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF Plugin HKCU: @tools.google.com/Google Update;version=3 - C:\Users\Michi\AppData\Local\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.) FF Plugin HKCU: @tools.google.com/Google Update;version=9 - C:\Users\Michi\AppData\Local\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.) FF Plugin HKCU: pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks) FF SearchPlugin: C:\Users\Michi\AppData\Roaming\Mozilla\Firefox\Profiles\4c7lz8yl.default\searchplugins\searchplugins-backup FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml FF Extension: FoxyDeal - C:\Users\Michi\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\{F58A62EB-38DC-43C4-A539-DC52E135208D} [2013-06-14] FF Extension: No Name - C:\Users\Michi\AppData\Roaming\Mozilla\Firefox\Profiles\4c7lz8yl.default\Extensions\staged [2014-02-08] Chrome: ======= CHR HomePage: hxxp://www.google.com/ CHR DefaultSearchURL: hxxp://www.google.com/search?q={searchTerms}&ie=utf-8&oe=utf-8&aq=t&q={searchTerms}&ie=utf-8&oe=utf-8&aq=t&channel=fflb&q={searchTerms}&ie=utf-8&oe=utf-8&aq=t&channel=rcs CHR DefaultNewTabURL: CHR Extension: (Google Drive) - C:\Users\Michi\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-07-11] CHR Extension: (YouTube) - C:\Users\Michi\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-07-11] CHR Extension: (Google-Suche) - C:\Users\Michi\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-07-11] CHR Extension: (AdBlock) - C:\Users\Michi\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2013-07-11] CHR Extension: (Google Wallet) - C:\Users\Michi\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-23] CHR Extension: (Google Mail) - C:\Users\Michi\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-07-11] CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION ==================== Services (Whitelisted) ================= S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [49152 2013-07-05] () [File not signed] R2 Guard.Mail.ru; C:\Program Files (x86)\Guard-ICQ\GuardICQ.exe [1564368 2012-10-02] () R2 MBAMScheduler; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe [1809720 2014-05-12] (Malwarebytes Corporation) R2 MBAMService; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [860472 2014-05-12] (Malwarebytes Corporation) S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.141\McCHSvc.exe [289256 2014-01-16] (McAfee, Inc.) R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1593632 2014-02-05] (NVIDIA Corporation) R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [16941856 2014-02-05] (NVIDIA Corporation) S3 OverwolfUpdaterService; C:\Program Files (x86)\Overwolf\OverwolfUpdater.exe [98560 2014-02-16] (Overwolf LTD) R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76888 2014-03-19] () R2 RzKLService; C:\Program Files (x86)\Razer\Razer Game Booster\RzKLService.exe [105448 2014-02-25] (Razer Inc.) ==================== Drivers (Whitelisted) ==================== R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-05-12] (Malwarebytes Corporation) R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [122584 2014-06-11] (Malwarebytes Corporation) R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-05-12] (Malwarebytes Corporation) R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [39200 2013-12-27] (NVIDIA Corporation) R3 RTL8023x64; C:\Windows\System32\DRIVERS\Rtnic64.sys [51712 2009-06-10] (Realtek Semiconductor Corporation ) S3 USBAAPL64; C:\Windows\System32\Drivers\usbaapl64.sys [52736 2012-07-09] (Apple, Inc.) [File not signed] S3 FairplayKD; \??\C:\ProgramData\MTA San Andreas All\Common\temp\FairplayKD.sys [X] S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X] S3 tsusbhub; system32\drivers\tsusbhub.sys [X] S3 VGPU; System32\drivers\rdvgkmd.sys [X] ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2014-06-11 17:35 - 2014-06-11 17:35 - 02081792 _____ (Farbar) C:\Users\Michi\Downloads\FRST64.exe 2014-06-11 17:35 - 2014-06-11 17:35 - 00015780 _____ () C:\Users\Michi\Downloads\FRST.txt 2014-06-11 17:35 - 2014-06-11 17:35 - 00000000 ____D () C:\FRST 2014-06-09 13:51 - 2014-06-09 13:51 - 00000636 _____ () C:\Users\Michi\Downloads\err_code_33.txt 2014-06-09 12:33 - 2014-06-09 12:33 - 00000000 ____D () C:\Users\Michi\AppData\Roaming\NVIDIA 2014-06-07 20:34 - 2014-06-07 20:34 - 00000222 _____ () C:\Users\Michi\Desktop\The Forest.url 2014-06-07 09:33 - 2014-06-11 17:31 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2014-06-07 09:33 - 2014-06-07 09:33 - 00001102 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk 2014-06-07 09:33 - 2014-06-07 09:33 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 2014-06-07 09:33 - 2014-06-07 09:33 - 00000000 ____D () C:\ProgramData\Malwarebytes 2014-06-07 09:33 - 2014-06-07 09:33 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 2014-06-07 09:33 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys 2014-06-07 09:33 - 2014-05-12 07:26 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys 2014-06-07 09:33 - 2014-05-12 07:25 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys 2014-06-07 09:30 - 2014-06-07 09:31 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Michi\Downloads\mbam-setup-2.0.2.1012.exe 2014-06-07 09:20 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\Windows\SysWOW64\sqlite3.dll 2014-06-07 09:19 - 2014-06-11 17:29 - 00000000 ____D () C:\AdwCleaner 2014-06-07 09:19 - 2014-06-07 09:19 - 01333465 _____ () C:\Users\Michi\Downloads\adwcleaner_3.212.exe 2014-06-06 23:57 - 2014-06-11 17:36 - 06455296 _____ () C:\Users\Michi\AppData\Local\ChromeHitoryDB 2014-06-06 23:57 - 2014-06-06 23:57 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Flash Component Manager 2014-06-06 23:57 - 2014-06-06 23:57 - 00000000 ____D () C:\Program Files (x86)\Flash Component Manager 2014-06-06 23:56 - 2014-06-06 23:56 - 01350991 _____ (Openersoft ) C:\Users\Michi\Downloads\Flash-3-Update5232014.exe 2014-06-06 23:55 - 2014-06-06 23:55 - 00821728 _____ () C:\Users\Michi\Downloads\flashplayerpro-setup.exe 2014-06-06 23:54 - 2014-06-06 23:54 - 00000000 ____D () C:\Users\Michi\AppData\Roaming\QuickScan 2014-06-06 23:51 - 2014-06-06 23:51 - 00001677 _____ () C:\Users\Michi\Desktop\Continue FLV Player.lnk 2014-06-06 23:51 - 2014-06-06 23:51 - 00001066 _____ () C:\Users\Public\Desktop\VLC media player.lnk 2014-06-06 23:51 - 2014-06-06 23:51 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN 2014-06-06 23:51 - 2014-06-06 23:51 - 00000000 ____D () C:\Program Files (x86)\VideoLAN 2014-06-06 23:50 - 2014-06-06 23:50 - 00000000 ____D () C:\Users\Michi\AppData\Local\pgcchelper 2014-06-06 23:49 - 2014-06-06 23:49 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight 2014-06-06 23:49 - 2014-06-06 23:49 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight 2014-06-06 23:47 - 2014-06-06 23:47 - 00998424 _____ () C:\Users\Michi\Downloads\setup (1).exe 2014-05-26 20:00 - 2014-05-20 01:10 - 00601432 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvStreaming.exe 2014-05-26 19:53 - 2014-05-20 04:44 - 31387936 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglv64.dll 2014-05-26 19:53 - 2014-05-20 04:44 - 25256224 _____ (NVIDIA Corporation) C:\Windows\system32\nvcompiler.dll 2014-05-26 19:53 - 2014-05-20 04:44 - 24025376 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglv32.dll 2014-05-26 19:53 - 2014-05-20 04:44 - 17561544 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcompiler.dll 2014-05-26 19:53 - 2014-05-20 04:44 - 17480432 _____ (NVIDIA Corporation) C:\Windows\system32\nvd3dumx.dll 2014-05-26 19:53 - 2014-05-20 04:44 - 16003912 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvwgf2um.dll 2014-05-26 19:53 - 2014-05-20 04:44 - 12688328 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvlddmkm.sys 2014-05-26 19:53 - 2014-05-20 04:44 - 11644928 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuda.dll 2014-05-26 19:53 - 2014-05-20 04:44 - 11599072 _____ (NVIDIA Corporation) C:\Windows\system32\nvopencl.dll 2014-05-26 19:53 - 2014-05-20 04:44 - 09735256 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll 2014-05-26 19:53 - 2014-05-20 04:44 - 09697640 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvopencl.dll 2014-05-26 19:53 - 2014-05-20 04:44 - 03141976 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvid.dll 2014-05-26 19:53 - 2014-05-20 04:44 - 02953672 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll 2014-05-26 19:53 - 2014-05-20 04:44 - 02785568 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvenc.dll 2014-05-26 19:53 - 2014-05-20 04:44 - 02412376 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvenc.dll 2014-05-26 19:53 - 2014-05-20 04:44 - 01889112 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco6433788.dll 2014-05-26 19:53 - 2014-05-20 04:44 - 01541576 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6433788.dll 2014-05-26 19:53 - 2014-05-20 04:44 - 00895776 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFR64.dll 2014-05-26 19:53 - 2014-05-20 04:44 - 00892704 _____ (NVIDIA Corporation) C:\Windows\system32\NvFBC64.dll 2014-05-26 19:53 - 2014-05-20 04:44 - 00867784 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFR.dll 2014-05-26 19:53 - 2014-05-20 04:44 - 00861128 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvFBC.dll 2014-05-26 19:53 - 2014-05-20 04:44 - 00837056 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvumdshim.dll 2014-05-26 19:53 - 2014-05-20 04:44 - 00492376 _____ (NVIDIA Corporation) C:\Windows\system32\nvEncodeAPI64.dll 2014-05-26 19:53 - 2014-05-20 04:44 - 00416712 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvEncodeAPI.dll 2014-05-26 19:53 - 2014-05-20 04:44 - 00382240 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFROpenGL.dll 2014-05-26 19:53 - 2014-05-20 04:44 - 00354016 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglshim64.dll 2014-05-26 19:53 - 2014-05-20 04:44 - 00335704 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFROpenGL.dll 2014-05-26 19:53 - 2014-05-20 04:44 - 00305600 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglshim32.dll 2014-05-26 19:53 - 2014-05-20 04:44 - 00166568 _____ (NVIDIA Corporation) C:\Windows\system32\nvinitx.dll 2014-05-26 19:53 - 2014-05-20 04:44 - 00146480 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvinit.dll 2014-05-13 17:51 - 2014-05-13 17:51 - 00001536 _____ () C:\Users\Michi\AppData\Local\recently-used.xbel 2014-05-13 17:47 - 2014-05-13 17:48 - 00001116 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GIMP 2.lnk 2014-05-13 17:47 - 2014-05-13 17:47 - 00000000 ____D () C:\Program Files\GIMP 2 ==================== One Month Modified Files and Folders ======= 2014-06-11 17:36 - 2014-06-06 23:57 - 06455296 _____ () C:\Users\Michi\AppData\Local\ChromeHitoryDB 2014-06-11 17:36 - 2012-06-23 10:48 - 00000000 ____D () C:\Users\Michi\AppData\Local\Temp 2014-06-11 17:35 - 2014-06-11 17:35 - 02081792 _____ (Farbar) C:\Users\Michi\Downloads\FRST64.exe 2014-06-11 17:35 - 2014-06-11 17:35 - 00015780 _____ () C:\Users\Michi\Downloads\FRST.txt 2014-06-11 17:35 - 2014-06-11 17:35 - 00000000 ____D () C:\FRST 2014-06-11 17:33 - 2008-09-03 21:40 - 01433740 _____ () C:\Windows\WindowsUpdate.log 2014-06-11 17:31 - 2014-06-07 09:33 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2014-06-11 17:31 - 2013-01-08 18:53 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job 2014-06-11 17:31 - 2012-10-09 19:38 - 00001120 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1310588184-673581607-1649281803-1002UA.job 2014-06-11 17:30 - 2012-06-26 21:37 - 00000000 ____D () C:\ProgramData\NVIDIA 2014-06-11 17:30 - 2012-06-26 16:38 - 00142980 _____ () C:\Windows\PFRO.log 2014-06-11 17:30 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2014-06-11 17:30 - 2009-07-14 06:51 - 00118602 _____ () C:\Windows\setupact.log 2014-06-11 17:29 - 2014-06-07 09:19 - 00000000 ____D () C:\AdwCleaner 2014-06-11 17:11 - 2009-07-14 06:45 - 00014192 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2014-06-11 17:11 - 2009-07-14 06:45 - 00014192 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2014-06-11 17:04 - 2012-12-10 21:56 - 00000000 ____D () C:\Users\Michi\AppData\Roaming\Spotify 2014-06-10 23:03 - 2014-04-11 15:15 - 00000000 ____D () C:\Program Files (x86)\Steam 2014-06-10 21:24 - 2012-08-01 21:36 - 00000000 ____D () C:\Users\Michi\AppData\Roaming\Skype 2014-06-09 14:01 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\system32\NDF 2014-06-09 13:51 - 2014-06-09 13:51 - 00000636 _____ () C:\Users\Michi\Downloads\err_code_33.txt 2014-06-09 12:33 - 2014-06-09 12:33 - 00000000 ____D () C:\Users\Michi\AppData\Roaming\NVIDIA 2014-06-09 12:33 - 2012-06-26 20:02 - 00000000 ____D () C:\Users\Michi\AppData\Roaming\.minecraft 2014-06-09 10:31 - 2012-10-09 19:38 - 00001068 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1310588184-673581607-1649281803-1002Core.job 2014-06-07 21:24 - 2012-12-10 21:57 - 00000000 ____D () C:\Users\Michi\AppData\Local\Spotify 2014-06-07 20:34 - 2014-06-07 20:34 - 00000222 _____ () C:\Users\Michi\Desktop\The Forest.url 2014-06-07 20:34 - 2012-11-24 00:00 - 00000000 ____D () C:\Users\Michi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam 2014-06-07 10:20 - 2012-10-29 00:53 - 00000000 ___HD () C:\Windows\msdownld.tmp 2014-06-07 09:33 - 2014-06-07 09:33 - 00001102 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk 2014-06-07 09:33 - 2014-06-07 09:33 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 2014-06-07 09:33 - 2014-06-07 09:33 - 00000000 ____D () C:\ProgramData\Malwarebytes 2014-06-07 09:33 - 2014-06-07 09:33 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 2014-06-07 09:31 - 2014-06-07 09:30 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Michi\Downloads\mbam-setup-2.0.2.1012.exe 2014-06-07 09:20 - 2012-10-02 20:34 - 00000000 ____D () C:\ProgramData\ICQ 2014-06-07 09:19 - 2014-06-07 09:19 - 01333465 _____ () C:\Users\Michi\Downloads\adwcleaner_3.212.exe 2014-06-06 23:57 - 2014-06-06 23:57 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Flash Component Manager 2014-06-06 23:57 - 2014-06-06 23:57 - 00000000 ____D () C:\Program Files (x86)\Flash Component Manager 2014-06-06 23:56 - 2014-06-06 23:56 - 01350991 _____ (Openersoft ) C:\Users\Michi\Downloads\Flash-3-Update5232014.exe 2014-06-06 23:56 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\Resources 2014-06-06 23:55 - 2014-06-06 23:55 - 00821728 _____ () C:\Users\Michi\Downloads\flashplayerpro-setup.exe 2014-06-06 23:54 - 2014-06-06 23:54 - 00000000 ____D () C:\Users\Michi\AppData\Roaming\QuickScan 2014-06-06 23:51 - 2014-06-06 23:51 - 00001677 _____ () C:\Users\Michi\Desktop\Continue FLV Player.lnk 2014-06-06 23:51 - 2014-06-06 23:51 - 00001066 _____ () C:\Users\Public\Desktop\VLC media player.lnk 2014-06-06 23:51 - 2014-06-06 23:51 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN 2014-06-06 23:51 - 2014-06-06 23:51 - 00000000 ____D () C:\Program Files (x86)\VideoLAN 2014-06-06 23:50 - 2014-06-06 23:50 - 00000000 ____D () C:\Users\Michi\AppData\Local\pgcchelper 2014-06-06 23:49 - 2014-06-06 23:49 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight 2014-06-06 23:49 - 2014-06-06 23:49 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight 2014-06-06 23:47 - 2014-06-06 23:47 - 00998424 _____ () C:\Users\Michi\Downloads\setup (1).exe 2014-06-05 21:11 - 2014-04-17 22:59 - 00000000 ____D () C:\ProgramData\4b80708b12c485e1 2014-06-01 15:12 - 2014-03-19 19:26 - 00000004 _____ () C:\Users\Michi\Desktop\survey.info 2014-05-31 15:43 - 2014-03-19 20:08 - 822199384 _____ () C:\Users\Michi\Desktop\WZ_04.bin 2014-05-31 15:43 - 2014-03-19 19:28 - 09692544 _____ () C:\Users\Michi\Desktop\Infestation.exe 2014-05-31 15:43 - 2014-03-19 19:27 - 00544842 _____ () C:\Users\Michi\Desktop\WZ_00.bin 2014-05-31 15:43 - 2012-10-29 00:53 - 05352832 _____ (Arktos Entertainment Group) C:\Users\Michi\Desktop\WarZlauncher.exe 2014-05-27 21:36 - 2012-06-28 08:43 - 00000000 ____D () C:\Users\Michi\AppData\Local\Last.fm 2014-05-26 20:00 - 2014-04-09 18:00 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation 2014-05-26 20:00 - 2012-06-26 21:37 - 00000000 ____D () C:\Program Files (x86)\NVIDIA Corporation 2014-05-21 16:43 - 2009-07-14 07:08 - 00032632 _____ () C:\Windows\Tasks\SCHEDLGU.TXT 2014-05-20 04:44 - 2014-05-26 19:53 - 31387936 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglv64.dll 2014-05-20 04:44 - 2014-05-26 19:53 - 25256224 _____ (NVIDIA Corporation) C:\Windows\system32\nvcompiler.dll 2014-05-20 04:44 - 2014-05-26 19:53 - 24025376 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglv32.dll 2014-05-20 04:44 - 2014-05-26 19:53 - 17561544 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcompiler.dll 2014-05-20 04:44 - 2014-05-26 19:53 - 17480432 _____ (NVIDIA Corporation) C:\Windows\system32\nvd3dumx.dll 2014-05-20 04:44 - 2014-05-26 19:53 - 16003912 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvwgf2um.dll 2014-05-20 04:44 - 2014-05-26 19:53 - 12688328 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvlddmkm.sys 2014-05-20 04:44 - 2014-05-26 19:53 - 11644928 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuda.dll 2014-05-20 04:44 - 2014-05-26 19:53 - 11599072 _____ (NVIDIA Corporation) C:\Windows\system32\nvopencl.dll 2014-05-20 04:44 - 2014-05-26 19:53 - 09735256 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll 2014-05-20 04:44 - 2014-05-26 19:53 - 09697640 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvopencl.dll 2014-05-20 04:44 - 2014-05-26 19:53 - 03141976 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvid.dll 2014-05-20 04:44 - 2014-05-26 19:53 - 02953672 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll 2014-05-20 04:44 - 2014-05-26 19:53 - 02785568 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvenc.dll 2014-05-20 04:44 - 2014-05-26 19:53 - 02412376 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvenc.dll 2014-05-20 04:44 - 2014-05-26 19:53 - 01889112 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco6433788.dll 2014-05-20 04:44 - 2014-05-26 19:53 - 01541576 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6433788.dll 2014-05-20 04:44 - 2014-05-26 19:53 - 00895776 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFR64.dll 2014-05-20 04:44 - 2014-05-26 19:53 - 00892704 _____ (NVIDIA Corporation) C:\Windows\system32\NvFBC64.dll 2014-05-20 04:44 - 2014-05-26 19:53 - 00867784 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFR.dll 2014-05-20 04:44 - 2014-05-26 19:53 - 00861128 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvFBC.dll 2014-05-20 04:44 - 2014-05-26 19:53 - 00837056 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvumdshim.dll 2014-05-20 04:44 - 2014-05-26 19:53 - 00492376 _____ (NVIDIA Corporation) C:\Windows\system32\nvEncodeAPI64.dll 2014-05-20 04:44 - 2014-05-26 19:53 - 00416712 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvEncodeAPI.dll 2014-05-20 04:44 - 2014-05-26 19:53 - 00382240 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFROpenGL.dll 2014-05-20 04:44 - 2014-05-26 19:53 - 00354016 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglshim64.dll 2014-05-20 04:44 - 2014-05-26 19:53 - 00335704 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFROpenGL.dll 2014-05-20 04:44 - 2014-05-26 19:53 - 00305600 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglshim32.dll 2014-05-20 04:44 - 2014-05-26 19:53 - 00166568 _____ (NVIDIA Corporation) C:\Windows\system32\nvinitx.dll 2014-05-20 04:44 - 2014-05-26 19:53 - 00146480 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvinit.dll 2014-05-20 04:44 - 2014-04-09 20:01 - 02730208 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvapi.dll 2014-05-20 04:44 - 2014-04-09 17:56 - 18531568 _____ (NVIDIA Corporation) C:\Windows\system32\nvwgf2umx.dll 2014-05-20 04:44 - 2014-04-09 17:56 - 14434704 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvd3dum.dll 2014-05-20 04:44 - 2014-04-09 17:56 - 03109248 _____ (NVIDIA Corporation) C:\Windows\system32\nvapi64.dll 2014-05-20 04:44 - 2014-04-09 17:56 - 00952952 _____ (NVIDIA Corporation) C:\Windows\system32\nvumdshimx.dll 2014-05-20 04:44 - 2013-02-26 00:32 - 00026069 _____ () C:\Windows\system32\nvinfo.pb 2014-05-20 04:44 - 2012-06-26 21:37 - 00061216 _____ (Khronos Group) C:\Windows\system32\OpenCL.dll 2014-05-20 04:44 - 2012-06-26 21:37 - 00052056 _____ (Khronos Group) C:\Windows\SysWOW64\OpenCL.dll 2014-05-20 03:25 - 2014-04-09 17:53 - 06769096 _____ (NVIDIA Corporation) C:\Windows\system32\nvcpl.dll 2014-05-20 03:25 - 2014-04-09 17:53 - 03514144 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvc64.dll 2014-05-20 03:25 - 2014-04-09 17:53 - 02560968 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvcr.dll 2014-05-20 03:25 - 2014-04-09 17:53 - 00927520 _____ (NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe 2014-05-20 03:25 - 2014-04-09 17:53 - 00387528 _____ (NVIDIA Corporation) C:\Windows\system32\nvmctray.dll 2014-05-20 03:25 - 2014-04-09 17:53 - 00062808 _____ (NVIDIA Corporation) C:\Windows\system32\nvshext.dll 2014-05-20 01:10 - 2014-05-26 20:00 - 00601432 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvStreaming.exe 2014-05-15 01:49 - 2014-04-09 17:53 - 03774821 _____ () C:\Windows\system32\nvcoproc.bin 2014-05-13 22:33 - 2013-01-08 18:53 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater 2014-05-13 22:33 - 2012-03-31 13:07 - 00692400 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2014-05-13 22:33 - 2012-03-31 13:07 - 00070832 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2014-05-13 17:51 - 2014-05-13 17:51 - 00001536 _____ () C:\Users\Michi\AppData\Local\recently-used.xbel 2014-05-13 17:51 - 2014-01-26 12:29 - 00000000 ____D () C:\Users\Michi\AppData\Local\gtk-2.0 2014-05-13 17:51 - 2014-01-26 12:18 - 00000000 ____D () C:\Users\Michi\.gimp-2.8 2014-05-13 17:48 - 2014-05-13 17:47 - 00001116 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GIMP 2.lnk 2014-05-13 17:47 - 2014-05-13 17:47 - 00000000 ____D () C:\Program Files\GIMP 2 2014-05-12 07:26 - 2014-06-07 09:33 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys 2014-05-12 07:26 - 2014-06-07 09:33 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys 2014-05-12 07:25 - 2014-06-07 09:33 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys Some content of TEMP: ==================== C:\Users\Michi\AppData\Local\Temp\6_Offer_15.exe C:\Users\Michi\AppData\Local\Temp\6_Offer_9.exe C:\Users\Michi\AppData\Local\Temp\BackupSetup.exe C:\Users\Michi\AppData\Local\Temp\Execute2App.exe C:\Users\Michi\AppData\Local\Temp\f.exe C:\Users\Michi\AppData\Local\Temp\gkc.exe C:\Users\Michi\AppData\Local\Temp\incredibar_installer.exe C:\Users\Michi\AppData\Local\Temp\iTunesPluginWinSetup_3.0.4.0.exe C:\Users\Michi\AppData\Local\Temp\jre-7u11-windows-i586-iftw.exe C:\Users\Michi\AppData\Local\Temp\jre-7u13-windows-i586-iftw.exe C:\Users\Michi\AppData\Local\Temp\jre-7u17-windows-i586-iftw.exe C:\Users\Michi\AppData\Local\Temp\jre-7u21-windows-i586-iftw.exe C:\Users\Michi\AppData\Local\Temp\jre-7u25-windows-i586-iftw.exe C:\Users\Michi\AppData\Local\Temp\jre-7u45-windows-i586-iftw.exe C:\Users\Michi\AppData\Local\Temp\jre-7u51-windows-i586-iftw.exe C:\Users\Michi\AppData\Local\Temp\jre-7u55-windows-i586-iftw.exe C:\Users\Michi\AppData\Local\Temp\jre-7u7-windows-i586-iftw.exe C:\Users\Michi\AppData\Local\Temp\jre-7u9-windows-i586-iftw.exe C:\Users\Michi\AppData\Local\Temp\Last.fm-2.1.30.exe C:\Users\Michi\AppData\Local\Temp\Last.fm-2.1.33.exe C:\Users\Michi\AppData\Local\Temp\msvcp90.dll C:\Users\Michi\AppData\Local\Temp\msvcr90.dll C:\Users\Michi\AppData\Local\Temp\nvSCPAPI.dll C:\Users\Michi\AppData\Local\Temp\nvSCPAPI64.dll C:\Users\Michi\AppData\Local\Temp\nvStInst.exe C:\Users\Michi\AppData\Local\Temp\Quarantine.exe C:\Users\Michi\AppData\Local\Temp\SHSetup.exe C:\Users\Michi\AppData\Local\Temp\SkypeSetup.exe C:\Users\Michi\AppData\Local\Temp\SpotifyUpgrader.exe C:\Users\Michi\AppData\Local\Temp\su-setup.exe C:\Users\Michi\AppData\Local\Temp\swt-win32-3349.dll C:\Users\Michi\AppData\Local\Temp\uninst1.exe C:\Users\Michi\AppData\Local\Temp\UpdateCheckerSetup.exe C:\Users\Michi\AppData\Local\Temp\vcredist_x64.exe C:\Users\Michi\AppData\Local\Temp\VSUSetup.exe C:\Users\Michi\AppData\Local\Temp\WebHelper_InstallDownload_1145.exe ==================== Bamital & volsnap Check ================= C:\Windows\System32\winlogon.exe => File is digitally signed C:\Windows\System32\wininit.exe => File is digitally signed C:\Windows\SysWOW64\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\System32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\System32\services.exe => File is digitally signed C:\Windows\System32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\System32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\System32\rpcss.dll => File is digitally signed C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2014-06-08 10:23 ==================== End Of Log ============================ Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x64) Version: 11-06-2014 01
Ran by Michi at 2014-06-11 17:36:34
Running from C:\Users\Michi\Downloads
Boot Mode: Normal
==========================================================
==================== Security Center ========================
AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installed Programs ======================
Adobe Flash Player 13 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 13.0.0.214 - Adobe Systems Incorporated)
Adobe Flash Player 13 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 13.0.0.214 - Adobe Systems Incorporated)
Adobe Reader Free Download Packages (HKCU\...\Adobe Reader Free Download Packages) (Version: - ) <==== ATTENTION
Adobe Reader XI (11.0.03) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.03 - Adobe Systems Incorporated)
Apple Application Support (HKLM-x32\...\{AAC5D43E-816D-4C2D-8E51-55FFF35BE301}) (Version: 3.0.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{787136D2-F0F8-4625-AA3F-72D7795AC842}) (Version: 7.1.1.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
ASRock InstantBoot v1.23 (HKLM-x32\...\ASRock InstantBoot_is1) (Version: - )
ASRock OC Tuner v2.2.98 (HKLM-x32\...\ASRock OC Tuner_is1) (Version: - )
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Counter-Strike: Source (HKLM-x32\...\{9580813D-94B1-4C28-9426-A441E2BB29A5}) (Version: 1.0.0.0 - Valve)
DayZ (HKLM-x32\...\Steam App 221100) (Version: - Bohemia Interactive)
ExstraSavaingas (HKLM-x32\...\{C637A71C-A4B2-4B47-1B2A-1042A8D525A3}) (Version: - ExstraSavings) <==== ATTENTION
File Type Assistant (HKLM-x32\...\Trusted Software Assistant_is1) (Version: 2012.10.26.0 - ) <==== ATTENTION
GeForce Experience NvStream Client Components (Version: 1.6.28 - NVIDIA Corporation) Hidden
GIMP 2.8.10 (HKLM\...\GIMP-2_is1) (Version: 2.8.10 - The GIMP Team)
Google Chrome (HKCU\...\Google Chrome) (Version: 34.0.1847.116 - Google Inc.)
Guard.ICQ (HKLM-x32\...\Guard.Mail.ru) (Version: - Mail.ru) <==== ATTENTION
ICQ Sparberater (HKLM-x32\...\{0766C1B9-B2DC-46E5-8934-4F3D6B42B1BD}) (Version: 1.3.671 - solute gmbh)
ICQ7M (HKLM-x32\...\{781B39EC-2E18-41FC-9B00-B84E4FFCA85F}) (Version: 7.8 - ICQ)
iTunes (HKLM\...\{B8BA155B-1E75-405F-9CB4-8A99615D09DC}) (Version: 11.1.5.5 - Apple Inc.)
Java 7 Update 55 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217025FF}) (Version: 7.0.550 - Oracle)
Java Auto Updater (x32 Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden
JavaFX 2.1.1 (HKLM-x32\...\{1111706F-666A-4037-7777-211328764D10}) (Version: 2.1.1 - Oracle Corporation)
Last.fm Scrobbler 2.1.33 (HKLM-x32\...\LastFM_is1) (Version: - Last.fm)
Malwarebytes Anti-Malware Version 2.0.2.1012 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
McAfee Security Scan Plus (HKLM\...\McAfee Security Scan) (Version: 3.8.141.11 - McAfee, Inc.)
Microsoft .NET Framework 4.5.1 (DEU) (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Corporation (Version: 9.1.0.0 - Microsoft Corporation) Hidden
Microsoft Corporation (x32 Version: 9.1.0.0 - Microsoft Corporation) Hidden
Microsoft LifeCam (HKLM\...\{5CE7E3F5-9803-4F32-AA89-2D8848A80109}) (Version: 3.60.253.0 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft)
Microsoft Office 2007 Service Pack 3 (SP3) (x32 Version: - Microsoft) Hidden
Microsoft Office Access MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISE) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Enterprise 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Groove MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office InfoPath MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Live Add-in 1.5 (HKLM-x32\...\{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}) (Version: 2.0.4024.1 - Microsoft Corporation)
Microsoft Office Office 64-bit Components 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Outlook MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Italian) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (German) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) (x32 Version: - Microsoft) Hidden
Microsoft Office Publisher MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit MUI (German) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Silverlight (HKLM-x32\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 4.0.60310.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{6AFCA4E1-9B78-3640-8F72-A7BF33448200}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft_VC80_CRT_x86 (x32 Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC90_CRT_x86 (x32 Version: 1.00.0000 - Adobe) Hidden
Mozilla Firefox 17.0.1 (x86 de) (HKLM-x32\...\Mozilla Firefox 17.0.1 (x86 de)) (Version: 17.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 17.0.1 - Mozilla)
MTA:SA v1.3.1 (HKLM-x32\...\MTA:SA 1.3) (Version: v1.3.1 - Multi Theft Auto)
MyDriveConnect 3.3.0.1318 (HKLM-x32\...\MyDriveConnect) (Version: 3.3.0.1318 - TomTom)
NVIDIA 3D Vision Controller-Treiber 337.88 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 337.88 - NVIDIA Corporation)
NVIDIA 3D Vision Treiber 337.88 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 337.88 - NVIDIA Corporation)
NVIDIA GeForce Experience 1.8.2.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 1.8.2.1 - NVIDIA Corporation)
NVIDIA Grafiktreiber 337.88 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 337.88 - NVIDIA Corporation)
NVIDIA HD-Audiotreiber 1.3.30.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.30.1 - NVIDIA Corporation)
NVIDIA Install Application (Version: 2.1002.154.1168 - NVIDIA Corporation) Hidden
NVIDIA LED Visualizer 1.0 (Version: 1.0 - NVIDIA Corporation) Hidden
NVIDIA Network Service (Version: 1.0 - NVIDIA Corporation) Hidden
NVIDIA PhysX (x32 Version: 9.13.1220 - NVIDIA Corporation) Hidden
NVIDIA PhysX-Systemsoftware 9.13.1220 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.13.1220 - NVIDIA Corporation)
NVIDIA ShadowPlay 11.10.13 (Version: 11.10.13 - NVIDIA Corporation) Hidden
NVIDIA Stereoscopic 3D Driver (x32 Version: 7.17.12.6514 - NVIDIA Corporation) Hidden
NVIDIA Systemsteuerung 337.88 (Version: 337.88 - NVIDIA Corporation) Hidden
NVIDIA Update 11.10.13 (Version: 11.10.13 - NVIDIA Corporation) Hidden
NVIDIA Update Core (Version: 11.10.13 - NVIDIA Corporation) Hidden
NVIDIA Virtual Audio 1.2.20 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_VirtualAudio.Driver) (Version: 1.2.20 - NVIDIA Corporation)
Pando Media Booster (HKLM-x32\...\{980A182F-E0A2-4A40-94C1-AE0C1235902E}) (Version: 2.6.0.7 - Pando Networks Inc.)
pgcchelper (HKCU\...\pgcchelper) (Version: - )
Project64 1.6 (HKLM-x32\...\{9559F7CA-5E34-4237-A2D9-D856464AD727}) (Version: 1.6 - Project64)
PunkBuster Services (HKLM-x32\...\PunkBusterSvc) (Version: 0.993 - Even Balance, Inc.)
RandooemPrice (HKLM-x32\...\{8E8C2E2D-7F21-2CF5-0ADB-64935121ECF0}) (Version: - RandomPPrIce) <==== ATTENTION
Razer Game Booster (HKLM-x32\...\Razer Game Booster_is1) (Version: 4.2.42.0 - Razer Inc.)
Realtek Ethernet Controller Driver For Windows Vista and Later (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 1.00.0009 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.5919 - Realtek Semiconductor Corp.)
Revo Uninstaller 1.95 (HKLM-x32\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group)
SAMP-Keybinder (HKCU\...\SAMP-Keybinder) (Version: - )
Samsung Kies3 (HKLM-x32\...\InstallShield_{88547073-C566-4895-9005-EBE98EA3F7C7}) (Version: 3.2.14034.17 - Samsung Electronics Co., Ltd.)
Samsung Kies3 (x32 Version: 3.2.14034.17 - Samsung Electronics Co., Ltd.) Hidden
SHIELD Streaming (Version: 1.7.321 - NVIDIA Corporation) Hidden
Skype™ 6.14 (HKLM-x32\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.14.104 - Skype Technologies S.A.)
Spotify (HKCU\...\Spotify) (Version: 0.9.10.14.g578d350b - Spotify AB)
Steam (HKLM-x32\...\Steam) (Version: - Valve Corporation)
TeamSpeak 3 Client (HKLM-x32\...\TeamSpeak 3 Client) (Version: 3.0.13 - TeamSpeak Systems GmbH)
The Forest (HKLM-x32\...\Steam App 242760) (Version: - Endnight Games Ltd)
The War Z version alpha (HKLM-x32\...\{BC3051A7-1021-4B57-A3DA-AAC24566FAE7}_is1) (Version: alpha - Arktos Entertainment Group LLC)
Uninstall Helper (HKLM-x32\...\Uninstall Helper 2.0.0.0) (Version: 2.0.0.0 - W3i, LLC)
Uninstall Helper (x32 Version: 2.0.0.0 - W3i, LLC) Hidden
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{A024FC7B-77DE-45DE-A058-1C049A17BFB3}) (Version: - Microsoft)
Update for Microsoft Office 2007 suites (KB2687493) 32-Bit Edition (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6FAA03BD-2B51-4029-9AD9-64A3B8E3C84C}) (Version: - Microsoft)
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (HKLM-x32\...\{90120000-002A-0000-1000-0000000FF1CE}_ENTERPRISE_{CB68A5B0-3508-4193-AEB9-AF636DAECE0F}) (Version: - Microsoft)
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{CB68A5B0-3508-4193-AEB9-AF636DAECE0F}) (Version: - Microsoft)
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{E9A82945-BA29-4EE8-8F2A-2F49545E9CF2}) (Version: - Microsoft)
Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition (HKLM-x32\...\{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISE_{EA54F104-79D2-48CC-9ABC-91A63C43D353}) (Version: - Microsoft)
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2878234) 32-Bit Edition (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{EC1934B0-AE0F-4BBD-8955-54BB3247ED9E}) (Version: - Microsoft)
Update für Microsoft Office Excel 2007 Help (KB963678) (HKLM-x32\...\{90120000-0016-0407-0000-0000000FF1CE}_ENTERPRISE_{BEC163EC-7A83-48A1-BFB6-3BF47CC2F8CF}) (Version: - Microsoft)
Update für Microsoft Office Outlook 2007 Help (KB963677) (HKLM-x32\...\{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISE_{F6828576-6F79-470D-AB50-69D1BBADBD30}) (Version: - Microsoft)
Update für Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM-x32\...\{90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISE_{EA160DA3-E9B5-4D03-A518-21D306665B96}) (Version: - Microsoft)
Update für Microsoft Office Word 2007 Help (KB963665) (HKLM-x32\...\{90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISE_{38472199-D7B6-4833-A949-10E4EE6365A1}) (Version: - Microsoft)
Visual Studio C++ 10.0 Runtime (HKLM-x32\...\{4412F224-3849-4461-A3E9-DEEF8D252790}) (Version: 10.0.0 - TomTom International B.V.)
VLC media player 2.0.5 (HKLM-x32\...\VLC media player) (Version: 2.0.5 - VideoLAN)
WinRAR 4.11 (32-Bit) (HKLM-x32\...\WinRAR archiver) (Version: 4.11.0 - win.rar GmbH)
==================== Restore Points =========================
04-05-2014 21:02:59 Installed Samsung Kies3
04-05-2014 21:07:07 Installed Samsung Kies3
12-05-2014 16:07:49 Geplanter Prüfpunkt
17-05-2014 01:49:32 Windows Update
24-05-2014 09:39:25 Geplanter Prüfpunkt
25-05-2014 00:47:38 Windows Update
01-06-2014 11:24:02 Geplanter Prüfpunkt
07-06-2014 06:57:22 Revo Uninstaller's restore point - Buzz-it
07-06-2014 07:03:10 Revo Uninstaller's restore point - FindWide.com
07-06-2014 07:05:50 Revo Uninstaller's restore point - VO Package
==================== Hosts content: ==========================
2009-07-14 04:34 - 2009-06-10 23:00 - 00000824 ____N C:\Windows\system32\Drivers\etc\hosts
==================== Scheduled Tasks (whitelisted) =============
Task: {0410474A-F2BF-4BEC-A66B-1E09E7986B8A} - \Plus-HD-2.3-updater No Task File <==== ATTENTION
Task: {1F2DFF32-5ADD-4138-A63D-FF4FD390C8EA} - \Plus-HD-2.3-enabler No Task File <==== ATTENTION
Task: {266B57A1-FDFF-474A-AC86-62A34953F3F8} - \Plus-HD-2.3-codedownloader No Task File <==== ATTENTION
Task: {5AA76A6E-A2DB-4393-A312-DE9C5254A0B0} - \FF Watcher {5C9B005F-A4BA-4DBE-9D8C-4F8147879D27} No Task File <==== ATTENTION
Task: {63970BCD-C66D-4E81-87BA-16A3D57E2320} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-05-13] (Adobe Systems Incorporated)
Task: {687F129B-9953-4B95-8E87-D76F13F35B47} - \Mext Guard FBE8818C-5B13-48C2-A93E-AD731167DBF2 No Task File <==== ATTENTION
Task: {8EF02FA1-D124-40BD-9C80-5392306894BE} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1310588184-673581607-1649281803-1002Core => C:\Users\Michi\AppData\Local\Google\Update\GoogleUpdate.exe [2012-10-09] (Google Inc.)
Task: {BF94441A-AD62-4537-8771-4BA275B868C0} - \Advanced System Protector_startup No Task File <==== ATTENTION
Task: {C594804B-09A3-4FEB-8EF7-AFACC132AFCA} - \SW-Booster-S-1095609242 No Task File <==== ATTENTION
Task: {D8E48507-AB29-4671-9858-1B7834106CBF} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1310588184-673581607-1649281803-1002UA => C:\Users\Michi\AppData\Local\Google\Update\GoogleUpdate.exe [2012-10-09] (Google Inc.)
Task: {E2F36029-12AB-415F-A328-852C9E9ECDF4} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {E8FDFFCC-C6F3-4CEF-96AD-F7B809FFC743} - \ProgramUpdateCheck No Task File <==== ATTENTION
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1310588184-673581607-1649281803-1002Core.job => C:\Users\Michi\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1310588184-673581607-1649281803-1002UA.job => C:\Users\Michi\AppData\Local\Google\Update\GoogleUpdate.exe
==================== Loaded Modules (whitelisted) =============
2014-04-09 17:53 - 2014-05-20 03:25 - 00116568 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2012-10-02 20:34 - 2012-10-02 20:34 - 01564368 _____ () C:\Program Files (x86)\Guard-ICQ\GuardICQ.exe
2013-08-21 08:37 - 2013-08-21 08:37 - 00465920 _____ () C:\Users\Michi\AppData\Local\pgcchelper\pgcchelper.exe
2013-06-16 18:57 - 2014-03-19 20:16 - 00076888 _____ () C:\Windows\SysWOW64\PnkBstrA.exe
2014-06-06 23:57 - 2014-05-23 13:11 - 00640512 _____ () C:\Program Files (x86)\Flash Component Manager\srvhelper32.exe
2014-02-06 01:52 - 2014-02-06 01:52 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-02-06 01:52 - 2014-02-06 01:52 - 01044808 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2014-06-06 23:57 - 2014-03-14 22:25 - 00236544 _____ () C:\Program Files (x86)\Flash Component Manager\sqlite3.dll
2014-04-10 17:34 - 2014-04-02 03:57 - 00065352 _____ () C:\Users\Michi\AppData\Local\Google\Chrome\Application\34.0.1847.116\chrome_elf.dll
2014-04-10 17:34 - 2014-04-02 03:57 - 00674632 _____ () C:\Users\Michi\AppData\Local\Google\Chrome\Application\34.0.1847.116\libglesv2.dll
2014-04-10 17:34 - 2014-04-02 03:57 - 00093000 _____ () C:\Users\Michi\AppData\Local\Google\Chrome\Application\34.0.1847.116\libegl.dll
2014-04-10 17:34 - 2014-04-02 03:57 - 04081480 _____ () C:\Users\Michi\AppData\Local\Google\Chrome\Application\34.0.1847.116\pdf.dll
2014-04-10 17:34 - 2014-04-02 03:58 - 00390472 _____ () C:\Users\Michi\AppData\Local\Google\Chrome\Application\34.0.1847.116\ppGoogleNaClPluginChrome.dll
2014-04-10 17:34 - 2014-04-02 03:57 - 01647432 _____ () C:\Users\Michi\AppData\Local\Google\Chrome\Application\34.0.1847.116\ffmpegsumo.dll
2014-04-10 17:34 - 2014-04-02 03:58 - 13691720 _____ () C:\Users\Michi\AppData\Local\Google\Chrome\Application\34.0.1847.116\PepperFlash\pepflashplayer.dll
==================== Alternate Data Streams (whitelisted) =========
AlternateDataStreams: C:\ProgramData\TEMP:AD022376
AlternateDataStreams: C:\Users\Michi\Anwendungsdaten:NT
AlternateDataStreams: C:\Users\Michi\AppData\Roaming:NT
==================== Safe Mode (whitelisted) ===================
==================== EXE Association (whitelisted) =============
==================== MSCONFIG/TASK MANAGER disabled items =========
==================== Faulty Device Manager Devices =============
Name: Diskettenlaufwerk
Description: Diskettenlaufwerk
Class Guid: {4d36e980-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standarddiskettenlaufwerke)
Service: flpydisk
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
==================== Event log errors: =========================
Application errors:
==================
Error: (06/10/2014 07:04:47 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.VC80.CRT,processorArchitecture="x86",type="win32",version="8.0.50727.762"1".
Die abhängige Assemblierung "Microsoft.VC80.CRT,processorArchitecture="x86",type="win32",version="8.0.50727.762"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".
Error: (06/10/2014 07:04:47 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.VC80.CRT,processorArchitecture="x86",type="win32",version="8.0.50727.762"1".
Die abhängige Assemblierung "Microsoft.VC80.CRT,processorArchitecture="x86",type="win32",version="8.0.50727.762"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".
Error: (06/09/2014 00:29:06 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.VC80.CRT,processorArchitecture="x86",type="win32",version="8.0.50727.762"1".
Die abhängige Assemblierung "Microsoft.VC80.CRT,processorArchitecture="x86",type="win32",version="8.0.50727.762"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".
Error: (06/09/2014 00:29:06 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.VC80.CRT,processorArchitecture="x86",type="win32",version="8.0.50727.762"1".
Die abhängige Assemblierung "Microsoft.VC80.CRT,processorArchitecture="x86",type="win32",version="8.0.50727.762"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".
Error: (06/08/2014 10:25:42 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.VC80.CRT,processorArchitecture="x86",type="win32",version="8.0.50727.762"1".
Die abhängige Assemblierung "Microsoft.VC80.CRT,processorArchitecture="x86",type="win32",version="8.0.50727.762"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".
Error: (06/08/2014 10:25:42 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.VC80.CRT,processorArchitecture="x86",type="win32",version="8.0.50727.762"1".
Die abhängige Assemblierung "Microsoft.VC80.CRT,processorArchitecture="x86",type="win32",version="8.0.50727.762"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".
Error: (06/07/2014 10:18:25 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.VC80.CRT,processorArchitecture="x86",type="win32",version="8.0.50727.762"1".
Die abhängige Assemblierung "Microsoft.VC80.CRT,processorArchitecture="x86",type="win32",version="8.0.50727.762"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".
Error: (06/07/2014 10:18:25 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.VC80.CRT,processorArchitecture="x86",type="win32",version="8.0.50727.762"1".
Die abhängige Assemblierung "Microsoft.VC80.CRT,processorArchitecture="x86",type="win32",version="8.0.50727.762"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".
Error: (06/07/2014 09:12:35 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: IEXPLORE.EXE, Version: 11.0.9600.16521, Zeitstempel: 0x53114399
Name des fehlerhaften Moduls: 7ZnaO.dll, Version: 1.8.0.0, Zeitstempel: 0x534b9bbc
Ausnahmecode: 0xc0000005
Fehleroffset: 0x0001cfcc
ID des fehlerhaften Prozesses: 0x1310
Startzeit der fehlerhaften Anwendung: 0xIEXPLORE.EXE0
Pfad der fehlerhaften Anwendung: IEXPLORE.EXE1
Pfad des fehlerhaften Moduls: IEXPLORE.EXE2
Berichtskennung: IEXPLORE.EXE3
Error: (06/07/2014 08:57:52 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm IEXPLORE.EXE, Version 11.0.9600.16521 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.
Prozess-ID: 1048
Startzeit: 01cf821db577d8c2
Endzeit: 15
Anwendungspfad: C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
Berichts-ID:
System errors:
=============
Error: (06/11/2014 05:30:33 PM) (Source: Microsoft-Windows-Kernel-Processor-Power) (EventID: 6) (User: NT-AUTORITÄT)
Description: Einige Funktionen zur Energieverwaltung im Leistungsstatus wurden im Prozessor aufgrund eines bekannten Firmwareproblems deaktiviert. Wenden Sie sich an den Computerhersteller, um aktualisierte Firmware zu erhalten.
Error: (06/11/2014 05:03:48 PM) (Source: WMPNetworkSvc) (EventID: 14332) (User: )
Description: WMPNetworkSvc0x80004005
Error: (06/11/2014 05:02:12 PM) (Source: Microsoft-Windows-Kernel-Processor-Power) (EventID: 6) (User: NT-AUTORITÄT)
Description: Einige Funktionen zur Energieverwaltung im Leistungsstatus wurden im Prozessor aufgrund eines bekannten Firmwareproblems deaktiviert. Wenden Sie sich an den Computerhersteller, um aktualisierte Firmware zu erhalten.
Error: (06/10/2014 04:53:37 PM) (Source: Microsoft-Windows-Kernel-Processor-Power) (EventID: 6) (User: NT-AUTORITÄT)
Description: Einige Funktionen zur Energieverwaltung im Leistungsstatus wurden im Prozessor aufgrund eines bekannten Firmwareproblems deaktiviert. Wenden Sie sich an den Computerhersteller, um aktualisierte Firmware zu erhalten.
Error: (06/09/2014 10:01:13 AM) (Source: Microsoft-Windows-Kernel-Processor-Power) (EventID: 6) (User: NT-AUTORITÄT)
Description: Einige Funktionen zur Energieverwaltung im Leistungsstatus wurden im Prozessor aufgrund eines bekannten Firmwareproblems deaktiviert. Wenden Sie sich an den Computerhersteller, um aktualisierte Firmware zu erhalten.
Error: (06/09/2014 00:53:46 AM) (Source: Microsoft-Windows-Kernel-Processor-Power) (EventID: 6) (User: NT-AUTORITÄT)
Description: Einige Funktionen zur Energieverwaltung im Leistungsstatus wurden im Prozessor aufgrund eines bekannten Firmwareproblems deaktiviert. Wenden Sie sich an den Computerhersteller, um aktualisierte Firmware zu erhalten.
Error: (06/08/2014 09:26:45 AM) (Source: Microsoft-Windows-Kernel-Processor-Power) (EventID: 6) (User: NT-AUTORITÄT)
Description: Einige Funktionen zur Energieverwaltung im Leistungsstatus wurden im Prozessor aufgrund eines bekannten Firmwareproblems deaktiviert. Wenden Sie sich an den Computerhersteller, um aktualisierte Firmware zu erhalten.
Error: (06/07/2014 08:58:23 PM) (Source: Microsoft-Windows-Kernel-Processor-Power) (EventID: 6) (User: NT-AUTORITÄT)
Description: Einige Funktionen zur Energieverwaltung im Leistungsstatus wurden im Prozessor aufgrund eines bekannten Firmwareproblems deaktiviert. Wenden Sie sich an den Computerhersteller, um aktualisierte Firmware zu erhalten.
Error: (06/07/2014 08:52:08 PM) (Source: Microsoft-Windows-Kernel-Processor-Power) (EventID: 6) (User: NT-AUTORITÄT)
Description: Einige Funktionen zur Energieverwaltung im Leistungsstatus wurden im Prozessor aufgrund eines bekannten Firmwareproblems deaktiviert. Wenden Sie sich an den Computerhersteller, um aktualisierte Firmware zu erhalten.
Error: (06/07/2014 08:52:17 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: Das System wurde zuvor am 07.06.2014 um 20:50:02 unerwartet heruntergefahren.
Microsoft Office Sessions:
=========================
CodeIntegrity Errors:
===================================
Date: 2014-03-15 11:21:39.208
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Users\Michi\AppData\Local\Temp\EverestDriver.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
Date: 2014-03-15 11:21:39.071
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Users\Michi\AppData\Local\Temp\EverestDriver.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
Date: 2014-03-15 11:21:38.376
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files (x86)\Lavalys\EVEREST Home Edition\kerneld.amd64" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
Date: 2014-03-15 11:21:38.241
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files (x86)\Lavalys\EVEREST Home Edition\kerneld.amd64" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
==================== Memory info ===========================
Percentage of memory in use: 33%
Total physical RAM: 6143.29 MB
Available physical RAM: 4056.2 MB
Total Pagefile: 12284.75 MB
Available Pagefile: 9886.55 MB
Total Virtual: 8192 MB
Available Virtual: 8191.83 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:465.66 GB) (Free:253.91 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 466 GB) (Disk ID: 9BE4D79E)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=466 GB) - (Type=07 NTFS)
==================== End Of Log ============================
|
|
11.06.2014, 18:54
| #2 | |
| /// Winkelfunktion /// TB-Süch-Tiger™   | getwindowinfo Internet Explorer Virus Hi und
__________________ Zitat:
__________________ |
|
11.06.2014, 19:03
| #3 |
| | getwindowinfo Internet Explorer Virus Nein, ist mein Privat PC.
__________________Hab den so damals von einem Freund abgekauft, und da war das schon so. |
|
11.06.2014, 19:10
| #4 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | getwindowinfo Internet Explorer Virus Hast du noch weitere Logs (mit Funden)? Malwarebytes und/oder andere Virenscanner, sind die mal fündig geworden? Ich frage deswegen nach => http://www.trojaner-board.de/125889-...tml#post941520 Bitte keine neuen Virenscans machen sondern erst nur schon vorhandene Logs in CODE-Tags posten! Relevant sind nur Logs der letzten 7 Tage bzw. seitdem das Problem besteht! Zudem bitte auch ein Log mit Farbars Tool machen: Scan mit Farbar's Recovery Scan Tool (FRST) Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop:  FRST 32-Bit | FRST 64-Bit(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
 Lesestoff:Posten in CODE-Tags Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR oder 7Z-Archiv zu packen erschwert mir massiv die Arbeit. Auch wenn die Logs für einen Beitrag zu groß sein sollten, bitte ich dich die Logs direkt und notfalls über mehrere Beiträge verteilt zu posten. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
__________________ Logfiles bitte immer in CODE-Tags posten  |
|
12.06.2014, 16:06
| #5 |
| | getwindowinfo Internet Explorer Virus Nein, war meine erste Virensuche. Habe das Problem sofort auf Google gesucht und bin auf das Forum hier gestoßen.. |
|
13.06.2014, 10:24
| #6 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | getwindowinfo Internet Explorer Virus Adware/Junkware/Toolbars entfernen 1. Schritt: adwCleaner Downloade Dir bitte  AdwCleaner auf deinen Desktop.
2. Schritt: JRT - Junkware Removal Tool Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
3. Schritt: Frisches Log mit FRST Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop: FRST 32-Bit | FRST 64-Bit(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
__________________ --> getwindowinfo Internet Explorer Virus |
|
13.06.2014, 12:07
| #7 |
| | getwindowinfo Internet Explorer VirusCode:
ATTFilter # AdwCleaner v3.212 - Bericht erstellt am 13/06/2014 um 13:02:26
# Aktualisiert 05/06/2014 von Xplode
# Betriebssystem : Windows 7 Ultimate Service Pack 1 (64 bits)
# Benutzername : Michi - MICHAEL-PC
# Gestartet von : C:\Users\Michi\Downloads\adwcleaner_3.212 (1).exe
# Option : Löschen
***** [ Dienste ] *****
***** [ Dateien / Ordner ] *****
***** [ Verknüpfungen ] *****
***** [ Registrierungsdatenbank ] *****
***** [ Browser ] *****
-\\ Internet Explorer v11.0.9600.16521
-\\ Mozilla Firefox v17.0.1 (de)
[ Datei : C:\Users\Michi\AppData\Roaming\Mozilla\Firefox\Profiles\4c7lz8yl.default\prefs.js ]
-\\ Google Chrome v
[ Datei : C:\Users\Michi\AppData\Local\Google\Chrome\User Data\Default\preferences ]
*************************
AdwCleaner[R0].txt - [45143 octets] - [07/06/2014 09:19:35]
AdwCleaner[R1].txt - [1124 octets] - [07/06/2014 09:24:40]
AdwCleaner[R2].txt - [1167 octets] - [11/06/2014 17:13:58]
AdwCleaner[R3].txt - [1291 octets] - [13/06/2014 13:00:30]
AdwCleaner[S0].txt - [41687 octets] - [07/06/2014 09:20:29]
AdwCleaner[S1].txt - [1186 octets] - [07/06/2014 09:25:44]
AdwCleaner[S2].txt - [1229 octets] - [11/06/2014 17:29:20]
AdwCleaner[S3].txt - [1213 octets] - [13/06/2014 13:02:26]
########## EOF - C:\AdwCleaner\AdwCleaner[S3].txt - [1273 octets] ##########
Code:
ATTFilter ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.4 (04.06.2014:1)
OS: Windows 7 Ultimate x64
Ran by Michi on 13.06.2014 at 13:09:26,00
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~ Services
~~~ Registry Values
~~~ Registry Keys
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-1310588184-673581607-1649281803-1002\Software\ib updater
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-1310588184-673581607-1649281803-1002\Software\sweetim
~~~ Files
~~~ Folders
Successfully deleted: [Folder] "C:\Windows\syswow64\ai_recyclebin"
~~~ FireFox
Successfully deleted: [File] C:\user.js
Successfully deleted: [Folder] C:\Users\Michi\AppData\Roaming\mozilla\firefox\profiles\4c7lz8yl.default\extensions\staged
Successfully deleted the following from C:\Users\Michi\AppData\Roaming\mozilla\firefox\profiles\4c7lz8yl.default\prefs.js
user_pref("extensions.a7125a2857e6847aa9d72e81874f4d47ed3fcdb92135d4a8a8cf611e3b57c5fdacom33426.33426.internaldb.cache/530e52021dc20843b1aa62957edeb9f8.value", "%22var%20adsDe
Emptied folder: C:\Users\Michi\AppData\Roaming\mozilla\firefox\profiles\4c7lz8yl.default\minidumps [77 files]
~~~ Event Viewer Logs were cleared
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 13.06.2014 at 13:19:11,45
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 11-06-2014 01
Ran by Michi (administrator) on MICHAEL-PC on 13-06-2014 13:25:22
Running from C:\Users\Michi\Downloads
Platform: Windows 7 Ultimate Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 11
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
() C:\Program Files (x86)\Guard-ICQ\GuardICQ.exe
(Microsoft Corporation) C:\Program Files\Microsoft LifeCam\MSCamS64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Google Inc.) C:\Users\Michi\AppData\Local\Google\Update\GoogleUpdate.exe
(Spotify Ltd) C:\Users\Michi\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
() C:\Users\Michi\AppData\Local\pgcchelper\pgcchelper.exe
(McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.8.141\SSScheduler.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
() C:\Program Files (x86)\Guard-ICQ\GuardICQ.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
(Razer Inc.) C:\Program Files (x86)\Razer\Razer Game Booster\RzKLService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
() C:\Program Files (x86)\Flash Component Manager\srvhelper32.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Google Inc.) C:\Users\Michi\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Michi\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Michi\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Michi\AppData\Local\Google\Chrome\Application\chrome.exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [8067616 2009-08-18] (Realtek Semiconductor)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2234144 2014-02-05] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\nvspcap64.dll [1179576 2014-02-05] (NVIDIA Corporation)
HKLM-x32\...\Run: [GrooveMonitor] => C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [43848 2014-02-06] (Apple Inc.)
HKLM-x32\...\Run: [Guard.Mail.ru.gui] => C:\Program Files (x86)\Guard-ICQ\GuardICQ.exe [1564368 2012-10-02] ()
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-05-11] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM-x32\...\Run: [LifeCam] => C:\Program Files (x86)\Microsoft LifeCam\LifeExp.exe [135536 2010-12-13] (Microsoft Corporation)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-02-21] (Apple Inc.)
HKLM-x32\...\Run: [Windows Servelet System Component] => C:\Program Files (x86)\Flash Component Manager\srvhelper32.exe [640512 2014-05-23] ()
HKU\.DEFAULT\...\RunOnce: [SpUninstallDeleteDir] - rmdir /s /q "\SearchProtect"
HKU\S-1-5-21-1310588184-673581607-1649281803-1002\...\Run: [Google Update] => C:\Users\Michi\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2012-10-09] (Google Inc.)
HKU\S-1-5-21-1310588184-673581607-1649281803-1002\...\Run: [UninstallHelper] => "C:\Program Files (x86)\W3i\UninstallHelper\UninstallHelper.exe" /silent /autorun
HKU\S-1-5-21-1310588184-673581607-1649281803-1002\...\Run: [Spotify Web Helper] => C:\Users\Michi\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1176632 2014-05-18] (Spotify Ltd)
HKU\S-1-5-21-1310588184-673581607-1649281803-1002\...\Run: [AdobeBridge] => [X]
HKU\S-1-5-21-1310588184-673581607-1649281803-1002\...\Run: [zASRockInstantBoot] => [X]
HKU\S-1-5-21-1310588184-673581607-1649281803-1002\...\Run: [ASRockOCTuner] => [X]
HKU\S-1-5-21-1310588184-673581607-1649281803-1002\...\Run: [pgcchelper] => C:\Users\Michi\AppData\Local\pgcchelper\pgcchelper.exe [465920 2013-08-21] ()
HKU\S-1-5-21-1310588184-673581607-1649281803-1002\...\MountPoints2: {d75bf13e-a365-11e2-a41b-000cf64dfaec} - E:\HTC_Sync_Manager_PC.exe
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.8.141\SSScheduler.exe (McAfee, Inc.)
==================== Internet (Whitelisted) ====================
SearchScopes: HKLM - {31090377-0740-419E-BEFC-A56E50500D5B} URL = hxxp://speedial.com/results.php?f=4&q={searchTerms}&a=spd_cmi_14_23_ch&cd=2XzuyEtN2Y1L1QzutDtDtCzyyCyCzyzztA0FyC0DzzyDtCyCtN0D0Tzu0SzzzzzztN1L2XzutBtFtBtDtFtCzytFtDtN1L1CzutCyEtBzytDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2SyCyC0E0DyByC0EyBtG0DyCyCyDtGyC0A0AtCtGyDyByB0BtGtC0BtAtC0Fzz0ByDzztA0C0E2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyDtBzz0F0F0B0CzztGtDtC0DyBtG0B0ByC0FtG0FyCtC0AtGyEyD0DtDtAtBtDyC0F0EtBzz2Q&cr=122917124&ir=
SearchScopes: HKCU - DefaultScope {5A20FE89-F12A-4624-B95D-0739F11FD4D7} URL = hxxp://search.findwide.com/serp?guid={40D7FC8E-3194-493C-A6DD-93C7037B5C59}&action=default_search&k={searchTerms}
SearchScopes: HKCU - {31090377-0740-419E-BEFC-A56E50500D5B} URL = hxxp://speedial.com/results.php?f=4&q={searchTerms}&a=spd_cmi_14_23_ch&cd=2XzuyEtN2Y1L1QzutDtDtCzyyCyCzyzztA0FyC0DzzyDtCyCtN0D0Tzu0SzzzzzztN1L2XzutBtFtBtDtFtCzytFtDtN1L1CzutCyEtBzytDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2SyCyC0E0DyByC0EyBtG0DyCyCyDtGyC0A0AtCtGyDyByB0BtGtC0BtAtC0Fzz0ByDzztA0C0E2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyDtBzz0F0F0B0CzztGtDtC0DyBtG0B0ByC0FtG0FyCtC0AtGyEyD0DtDtAtBtDyC0F0EtBzz2Q&cr=122917124&ir=
SearchScopes: HKCU - {3A59A48F-947F-48B2-A030-ACA974521D2A} URL = hxxp://search.yahoo.com/search?p={searchTerms}&fr=tightropetb&type=10863
SearchScopes: HKCU - {5A20FE89-F12A-4624-B95D-0739F11FD4D7} URL = hxxp://search.findwide.com/serp?guid={40D7FC8E-3194-493C-A6DD-93C7037B5C59}&action=default_search&k={searchTerms}
BHO-x32: ICQ Sparberater - {0766C1B9-B2DC-46E5-8934-4F3D6B42B1BD} - C:\Program Files (x86)\icq\Internet Explorer\icq.dll (solute gmbh)
BHO-x32: MSS+ Identifier - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files\McAfee Security Scan\3.8.141\McAfeeMSS_IE.dll (McAfee, Inc.)
BHO-x32: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKCU - No Name - {DA8D74EE-A3D7-4D2C-BC7A-E10D6D862257} - No File
DPF: HKLM-x32 {74DBCB52-F298-4110-951D-AD2FF67BC8AB} hxxp://www.nvidia.com/content/DriverDownload/nforce/NvidiaSmartScan.cab
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 192.168.1.1
FireFox:
========
FF ProfilePath: C:\Users\Michi\AppData\Roaming\Mozilla\Firefox\Profiles\4c7lz8yl.default
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_13_0_0_214.dll ()
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_214.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @java.com/DTPlugin,version=10.55.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.55.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @mcafee.com/McAfeeMssPlugin - C:\Program Files\McAfee Security Scan\3.8.141\npMcAfeeMss.dll (McAfee, Inc.)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\4.0.60310.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeLive,version=1.5 - C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin-x32: @nvidia.com/3DVision - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF Plugin-x32: @videolan.org/vlc,version=2.0.5 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=3 - C:\Users\Michi\AppData\Local\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=9 - C:\Users\Michi\AppData\Local\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF SearchPlugin: C:\Users\Michi\AppData\Roaming\Mozilla\Firefox\Profiles\4c7lz8yl.default\searchplugins\searchplugins-backup
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
FF Extension: FoxyDeal - C:\Users\Michi\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\{F58A62EB-38DC-43C4-A539-DC52E135208D} [2013-06-14]
Chrome:
=======
CHR HomePage: hxxp://www.google.com/
CHR DefaultSearchURL: hxxp://www.google.com/search?q={searchTerms}&ie=utf-8&oe=utf-8&aq=t&q={searchTerms}&ie=utf-8&oe=utf-8&aq=t&channel=fflb&q={searchTerms}&ie=utf-8&oe=utf-8&aq=t&channel=rcs
CHR DefaultNewTabURL:
CHR Extension: (Google Drive) - C:\Users\Michi\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-07-11]
CHR Extension: (YouTube) - C:\Users\Michi\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-07-11]
CHR Extension: (Google-Suche) - C:\Users\Michi\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-07-11]
CHR Extension: (AdBlock) - C:\Users\Michi\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2013-07-11]
CHR Extension: (Google Wallet) - C:\Users\Michi\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-23]
CHR Extension: (Google Mail) - C:\Users\Michi\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-07-11]
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
==================== Services (Whitelisted) =================
S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [49152 2013-07-05] () [File not signed]
R2 Guard.Mail.ru; C:\Program Files (x86)\Guard-ICQ\GuardICQ.exe [1564368 2012-10-02] ()
S2 MBAMScheduler; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe [1809720 2014-05-12] (Malwarebytes Corporation)
S2 MBAMService; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [860472 2014-05-12] (Malwarebytes Corporation)
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.141\McCHSvc.exe [289256 2014-01-16] (McAfee, Inc.)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1593632 2014-02-05] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [16941856 2014-02-05] (NVIDIA Corporation)
S3 OverwolfUpdaterService; C:\Program Files (x86)\Overwolf\OverwolfUpdater.exe [98560 2014-02-16] (Overwolf LTD)
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76888 2014-03-19] ()
R2 RzKLService; C:\Program Files (x86)\Razer\Razer Game Booster\RzKLService.exe [105448 2014-02-25] (Razer Inc.)
==================== Drivers (Whitelisted) ====================
S3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-05-12] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-05-12] (Malwarebytes Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [39200 2013-12-27] (NVIDIA Corporation)
R3 RTL8023x64; C:\Windows\System32\DRIVERS\Rtnic64.sys [51712 2009-06-10] (Realtek Semiconductor Corporation )
S3 USBAAPL64; C:\Windows\System32\Drivers\usbaapl64.sys [52736 2012-07-09] (Apple, Inc.) [File not signed]
S3 FairplayKD; \??\C:\ProgramData\MTA San Andreas All\Common\temp\FairplayKD.sys [X]
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X]
S3 tsusbhub; system32\drivers\tsusbhub.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2014-06-13 13:19 - 2014-06-13 13:19 - 00001668 _____ () C:\Users\Michi\Desktop\JRT.txt
2014-06-13 13:09 - 2014-06-13 13:09 - 00000000 ____D () C:\Windows\ERUNT
2014-06-13 13:09 - 2014-06-13 13:08 - 01016261 _____ (Thisisu) C:\Users\Michi\Desktop\JRT.exe
2014-06-13 13:07 - 2014-06-13 13:08 - 01016261 _____ (Thisisu) C:\Users\Michi\Downloads\JRT.exe
2014-06-13 13:00 - 2014-06-13 13:00 - 01333465 _____ () C:\Users\Michi\Downloads\adwcleaner_3.212 (1).exe
2014-06-11 17:36 - 2014-06-11 17:37 - 00031223 _____ () C:\Users\Michi\Downloads\Addition.txt
2014-06-11 17:35 - 2014-06-13 13:25 - 00015022 _____ () C:\Users\Michi\Downloads\FRST.txt
2014-06-11 17:35 - 2014-06-13 13:25 - 00000000 ____D () C:\FRST
2014-06-11 17:35 - 2014-06-11 17:35 - 02081792 _____ (Farbar) C:\Users\Michi\Downloads\FRST64.exe
2014-06-09 13:51 - 2014-06-09 13:51 - 00000636 _____ () C:\Users\Michi\Downloads\err_code_33.txt
2014-06-09 12:33 - 2014-06-09 12:33 - 00000000 ____D () C:\Users\Michi\AppData\Roaming\NVIDIA
2014-06-07 20:34 - 2014-06-07 20:34 - 00000222 _____ () C:\Users\Michi\Desktop\The Forest.url
2014-06-07 09:33 - 2014-06-13 13:04 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-06-07 09:33 - 2014-06-07 09:33 - 00001102 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-06-07 09:33 - 2014-06-07 09:33 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware
2014-06-07 09:33 - 2014-06-07 09:33 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-06-07 09:33 - 2014-06-07 09:33 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware
2014-06-07 09:33 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-06-07 09:33 - 2014-05-12 07:26 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-06-07 09:33 - 2014-05-12 07:25 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-06-07 09:30 - 2014-06-07 09:31 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Michi\Downloads\mbam-setup-2.0.2.1012.exe
2014-06-07 09:20 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\Windows\SysWOW64\sqlite3.dll
2014-06-07 09:19 - 2014-06-13 13:24 - 00000000 ____D () C:\AdwCleaner
2014-06-07 09:19 - 2014-06-07 09:19 - 01333465 _____ () C:\Users\Michi\Downloads\adwcleaner_3.212.exe
2014-06-06 23:57 - 2014-06-13 13:24 - 06635520 _____ () C:\Users\Michi\AppData\Local\ChromeHitoryDB
2014-06-06 23:57 - 2014-06-06 23:57 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Flash Component Manager
2014-06-06 23:57 - 2014-06-06 23:57 - 00000000 ____D () C:\Program Files (x86)\Flash Component Manager
2014-06-06 23:56 - 2014-06-06 23:56 - 01350991 _____ (Openersoft ) C:\Users\Michi\Downloads\Flash-3-Update5232014.exe
2014-06-06 23:55 - 2014-06-06 23:55 - 00821728 _____ () C:\Users\Michi\Downloads\flashplayerpro-setup.exe
2014-06-06 23:54 - 2014-06-06 23:54 - 00000000 ____D () C:\Users\Michi\AppData\Roaming\QuickScan
2014-06-06 23:51 - 2014-06-06 23:51 - 00001677 _____ () C:\Users\Michi\Desktop\Continue FLV Player.lnk
2014-06-06 23:51 - 2014-06-06 23:51 - 00001066 _____ () C:\Users\Public\Desktop\VLC media player.lnk
2014-06-06 23:51 - 2014-06-06 23:51 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
2014-06-06 23:51 - 2014-06-06 23:51 - 00000000 ____D () C:\Program Files (x86)\VideoLAN
2014-06-06 23:50 - 2014-06-06 23:50 - 00000000 ____D () C:\Users\Michi\AppData\Local\pgcchelper
2014-06-06 23:49 - 2014-06-06 23:49 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2014-06-06 23:49 - 2014-06-06 23:49 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2014-06-06 23:47 - 2014-06-06 23:47 - 00998424 _____ () C:\Users\Michi\Downloads\setup (1).exe
2014-05-26 20:00 - 2014-05-20 01:10 - 00601432 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvStreaming.exe
2014-05-26 19:53 - 2014-05-20 04:44 - 31387936 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglv64.dll
2014-05-26 19:53 - 2014-05-20 04:44 - 25256224 _____ (NVIDIA Corporation) C:\Windows\system32\nvcompiler.dll
2014-05-26 19:53 - 2014-05-20 04:44 - 24025376 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglv32.dll
2014-05-26 19:53 - 2014-05-20 04:44 - 17561544 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcompiler.dll
2014-05-26 19:53 - 2014-05-20 04:44 - 17480432 _____ (NVIDIA Corporation) C:\Windows\system32\nvd3dumx.dll
2014-05-26 19:53 - 2014-05-20 04:44 - 16003912 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvwgf2um.dll
2014-05-26 19:53 - 2014-05-20 04:44 - 12688328 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvlddmkm.sys
2014-05-26 19:53 - 2014-05-20 04:44 - 11644928 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuda.dll
2014-05-26 19:53 - 2014-05-20 04:44 - 11599072 _____ (NVIDIA Corporation) C:\Windows\system32\nvopencl.dll
2014-05-26 19:53 - 2014-05-20 04:44 - 09735256 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll
2014-05-26 19:53 - 2014-05-20 04:44 - 09697640 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvopencl.dll
2014-05-26 19:53 - 2014-05-20 04:44 - 03141976 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvid.dll
2014-05-26 19:53 - 2014-05-20 04:44 - 02953672 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll
2014-05-26 19:53 - 2014-05-20 04:44 - 02785568 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvenc.dll
2014-05-26 19:53 - 2014-05-20 04:44 - 02412376 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvenc.dll
2014-05-26 19:53 - 2014-05-20 04:44 - 01889112 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco6433788.dll
2014-05-26 19:53 - 2014-05-20 04:44 - 01541576 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6433788.dll
2014-05-26 19:53 - 2014-05-20 04:44 - 00895776 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFR64.dll
2014-05-26 19:53 - 2014-05-20 04:44 - 00892704 _____ (NVIDIA Corporation) C:\Windows\system32\NvFBC64.dll
2014-05-26 19:53 - 2014-05-20 04:44 - 00867784 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFR.dll
2014-05-26 19:53 - 2014-05-20 04:44 - 00861128 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvFBC.dll
2014-05-26 19:53 - 2014-05-20 04:44 - 00837056 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvumdshim.dll
2014-05-26 19:53 - 2014-05-20 04:44 - 00492376 _____ (NVIDIA Corporation) C:\Windows\system32\nvEncodeAPI64.dll
2014-05-26 19:53 - 2014-05-20 04:44 - 00416712 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvEncodeAPI.dll
2014-05-26 19:53 - 2014-05-20 04:44 - 00382240 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFROpenGL.dll
2014-05-26 19:53 - 2014-05-20 04:44 - 00354016 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglshim64.dll
2014-05-26 19:53 - 2014-05-20 04:44 - 00335704 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFROpenGL.dll
2014-05-26 19:53 - 2014-05-20 04:44 - 00305600 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglshim32.dll
2014-05-26 19:53 - 2014-05-20 04:44 - 00166568 _____ (NVIDIA Corporation) C:\Windows\system32\nvinitx.dll
2014-05-26 19:53 - 2014-05-20 04:44 - 00146480 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvinit.dll
==================== One Month Modified Files and Folders =======
2014-06-13 13:25 - 2014-06-11 17:35 - 00015022 _____ () C:\Users\Michi\Downloads\FRST.txt
2014-06-13 13:25 - 2014-06-11 17:35 - 00000000 ____D () C:\FRST
2014-06-13 13:25 - 2012-06-23 10:48 - 00000000 ____D () C:\Users\Michi\AppData\Local\Temp
2014-06-13 13:24 - 2014-06-07 09:19 - 00000000 ____D () C:\AdwCleaner
2014-06-13 13:24 - 2014-06-06 23:57 - 06635520 _____ () C:\Users\Michi\AppData\Local\ChromeHitoryDB
2014-06-13 13:19 - 2014-06-13 13:19 - 00001668 _____ () C:\Users\Michi\Desktop\JRT.txt
2014-06-13 13:11 - 2009-07-14 06:45 - 00014192 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-06-13 13:11 - 2009-07-14 06:45 - 00014192 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-06-13 13:09 - 2014-06-13 13:09 - 00000000 ____D () C:\Windows\ERUNT
2014-06-13 13:08 - 2014-06-13 13:09 - 01016261 _____ (Thisisu) C:\Users\Michi\Desktop\JRT.exe
2014-06-13 13:08 - 2014-06-13 13:07 - 01016261 _____ (Thisisu) C:\Users\Michi\Downloads\JRT.exe
2014-06-13 13:04 - 2014-06-07 09:33 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-06-13 13:03 - 2012-06-26 21:37 - 00000000 ____D () C:\ProgramData\NVIDIA
2014-06-13 13:03 - 2012-06-26 16:38 - 00143290 _____ () C:\Windows\PFRO.log
2014-06-13 13:03 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-06-13 13:03 - 2009-07-14 06:51 - 00119106 _____ () C:\Windows\setupact.log
2014-06-13 13:02 - 2008-09-03 21:40 - 01446671 _____ () C:\Windows\WindowsUpdate.log
2014-06-13 13:00 - 2014-06-13 13:00 - 01333465 _____ () C:\Users\Michi\Downloads\adwcleaner_3.212 (1).exe
2014-06-12 22:31 - 2013-01-08 18:53 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-06-12 22:31 - 2012-10-09 19:38 - 00001120 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1310588184-673581607-1649281803-1002UA.job
2014-06-12 21:43 - 2012-12-10 21:56 - 00000000 ____D () C:\Users\Michi\AppData\Roaming\Spotify
2014-06-11 22:17 - 2014-04-11 15:15 - 00000000 ____D () C:\Program Files (x86)\Steam
2014-06-11 17:37 - 2014-06-11 17:36 - 00031223 _____ () C:\Users\Michi\Downloads\Addition.txt
2014-06-11 17:35 - 2014-06-11 17:35 - 02081792 _____ (Farbar) C:\Users\Michi\Downloads\FRST64.exe
2014-06-10 21:24 - 2012-08-01 21:36 - 00000000 ____D () C:\Users\Michi\AppData\Roaming\Skype
2014-06-09 14:01 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\system32\NDF
2014-06-09 13:51 - 2014-06-09 13:51 - 00000636 _____ () C:\Users\Michi\Downloads\err_code_33.txt
2014-06-09 12:33 - 2014-06-09 12:33 - 00000000 ____D () C:\Users\Michi\AppData\Roaming\NVIDIA
2014-06-09 12:33 - 2012-06-26 20:02 - 00000000 ____D () C:\Users\Michi\AppData\Roaming\.minecraft
2014-06-09 10:31 - 2012-10-09 19:38 - 00001068 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1310588184-673581607-1649281803-1002Core.job
2014-06-07 21:24 - 2012-12-10 21:57 - 00000000 ____D () C:\Users\Michi\AppData\Local\Spotify
2014-06-07 20:34 - 2014-06-07 20:34 - 00000222 _____ () C:\Users\Michi\Desktop\The Forest.url
2014-06-07 20:34 - 2012-11-24 00:00 - 00000000 ____D () C:\Users\Michi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
2014-06-07 10:20 - 2012-10-29 00:53 - 00000000 ___HD () C:\Windows\msdownld.tmp
2014-06-07 09:33 - 2014-06-07 09:33 - 00001102 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-06-07 09:33 - 2014-06-07 09:33 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware
2014-06-07 09:33 - 2014-06-07 09:33 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-06-07 09:33 - 2014-06-07 09:33 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware
2014-06-07 09:31 - 2014-06-07 09:30 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Michi\Downloads\mbam-setup-2.0.2.1012.exe
2014-06-07 09:20 - 2012-10-02 20:34 - 00000000 ____D () C:\ProgramData\ICQ
2014-06-07 09:19 - 2014-06-07 09:19 - 01333465 _____ () C:\Users\Michi\Downloads\adwcleaner_3.212.exe
2014-06-06 23:57 - 2014-06-06 23:57 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Flash Component Manager
2014-06-06 23:57 - 2014-06-06 23:57 - 00000000 ____D () C:\Program Files (x86)\Flash Component Manager
2014-06-06 23:56 - 2014-06-06 23:56 - 01350991 _____ (Openersoft ) C:\Users\Michi\Downloads\Flash-3-Update5232014.exe
2014-06-06 23:56 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\Resources
2014-06-06 23:55 - 2014-06-06 23:55 - 00821728 _____ () C:\Users\Michi\Downloads\flashplayerpro-setup.exe
2014-06-06 23:54 - 2014-06-06 23:54 - 00000000 ____D () C:\Users\Michi\AppData\Roaming\QuickScan
2014-06-06 23:51 - 2014-06-06 23:51 - 00001677 _____ () C:\Users\Michi\Desktop\Continue FLV Player.lnk
2014-06-06 23:51 - 2014-06-06 23:51 - 00001066 _____ () C:\Users\Public\Desktop\VLC media player.lnk
2014-06-06 23:51 - 2014-06-06 23:51 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
2014-06-06 23:51 - 2014-06-06 23:51 - 00000000 ____D () C:\Program Files (x86)\VideoLAN
2014-06-06 23:50 - 2014-06-06 23:50 - 00000000 ____D () C:\Users\Michi\AppData\Local\pgcchelper
2014-06-06 23:49 - 2014-06-06 23:49 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2014-06-06 23:49 - 2014-06-06 23:49 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2014-06-06 23:47 - 2014-06-06 23:47 - 00998424 _____ () C:\Users\Michi\Downloads\setup (1).exe
2014-06-05 21:11 - 2014-04-17 22:59 - 00000000 ____D () C:\ProgramData\4b80708b12c485e1
2014-06-01 15:12 - 2014-03-19 19:26 - 00000004 _____ () C:\Users\Michi\Desktop\survey.info
2014-05-31 15:43 - 2014-03-19 20:08 - 822199384 _____ () C:\Users\Michi\Desktop\WZ_04.bin
2014-05-31 15:43 - 2014-03-19 19:28 - 09692544 _____ () C:\Users\Michi\Desktop\Infestation.exe
2014-05-31 15:43 - 2014-03-19 19:27 - 00544842 _____ () C:\Users\Michi\Desktop\WZ_00.bin
2014-05-31 15:43 - 2012-10-29 00:53 - 05352832 _____ (Arktos Entertainment Group) C:\Users\Michi\Desktop\WarZlauncher.exe
2014-05-27 21:36 - 2012-06-28 08:43 - 00000000 ____D () C:\Users\Michi\AppData\Local\Last.fm
2014-05-26 20:00 - 2014-04-09 18:00 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
2014-05-26 20:00 - 2012-06-26 21:37 - 00000000 ____D () C:\Program Files (x86)\NVIDIA Corporation
2014-05-21 16:43 - 2009-07-14 07:08 - 00032632 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-05-20 04:44 - 2014-05-26 19:53 - 31387936 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglv64.dll
2014-05-20 04:44 - 2014-05-26 19:53 - 25256224 _____ (NVIDIA Corporation) C:\Windows\system32\nvcompiler.dll
2014-05-20 04:44 - 2014-05-26 19:53 - 24025376 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglv32.dll
2014-05-20 04:44 - 2014-05-26 19:53 - 17561544 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcompiler.dll
2014-05-20 04:44 - 2014-05-26 19:53 - 17480432 _____ (NVIDIA Corporation) C:\Windows\system32\nvd3dumx.dll
2014-05-20 04:44 - 2014-05-26 19:53 - 16003912 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvwgf2um.dll
2014-05-20 04:44 - 2014-05-26 19:53 - 12688328 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvlddmkm.sys
2014-05-20 04:44 - 2014-05-26 19:53 - 11644928 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuda.dll
2014-05-20 04:44 - 2014-05-26 19:53 - 11599072 _____ (NVIDIA Corporation) C:\Windows\system32\nvopencl.dll
2014-05-20 04:44 - 2014-05-26 19:53 - 09735256 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll
2014-05-20 04:44 - 2014-05-26 19:53 - 09697640 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvopencl.dll
2014-05-20 04:44 - 2014-05-26 19:53 - 03141976 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvid.dll
2014-05-20 04:44 - 2014-05-26 19:53 - 02953672 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll
2014-05-20 04:44 - 2014-05-26 19:53 - 02785568 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvenc.dll
2014-05-20 04:44 - 2014-05-26 19:53 - 02412376 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvenc.dll
2014-05-20 04:44 - 2014-05-26 19:53 - 01889112 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco6433788.dll
2014-05-20 04:44 - 2014-05-26 19:53 - 01541576 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6433788.dll
2014-05-20 04:44 - 2014-05-26 19:53 - 00895776 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFR64.dll
2014-05-20 04:44 - 2014-05-26 19:53 - 00892704 _____ (NVIDIA Corporation) C:\Windows\system32\NvFBC64.dll
2014-05-20 04:44 - 2014-05-26 19:53 - 00867784 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFR.dll
2014-05-20 04:44 - 2014-05-26 19:53 - 00861128 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvFBC.dll
2014-05-20 04:44 - 2014-05-26 19:53 - 00837056 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvumdshim.dll
2014-05-20 04:44 - 2014-05-26 19:53 - 00492376 _____ (NVIDIA Corporation) C:\Windows\system32\nvEncodeAPI64.dll
2014-05-20 04:44 - 2014-05-26 19:53 - 00416712 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvEncodeAPI.dll
2014-05-20 04:44 - 2014-05-26 19:53 - 00382240 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFROpenGL.dll
2014-05-20 04:44 - 2014-05-26 19:53 - 00354016 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglshim64.dll
2014-05-20 04:44 - 2014-05-26 19:53 - 00335704 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFROpenGL.dll
2014-05-20 04:44 - 2014-05-26 19:53 - 00305600 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglshim32.dll
2014-05-20 04:44 - 2014-05-26 19:53 - 00166568 _____ (NVIDIA Corporation) C:\Windows\system32\nvinitx.dll
2014-05-20 04:44 - 2014-05-26 19:53 - 00146480 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvinit.dll
2014-05-20 04:44 - 2014-04-09 20:01 - 02730208 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvapi.dll
2014-05-20 04:44 - 2014-04-09 17:56 - 18531568 _____ (NVIDIA Corporation) C:\Windows\system32\nvwgf2umx.dll
2014-05-20 04:44 - 2014-04-09 17:56 - 14434704 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvd3dum.dll
2014-05-20 04:44 - 2014-04-09 17:56 - 03109248 _____ (NVIDIA Corporation) C:\Windows\system32\nvapi64.dll
2014-05-20 04:44 - 2014-04-09 17:56 - 00952952 _____ (NVIDIA Corporation) C:\Windows\system32\nvumdshimx.dll
2014-05-20 04:44 - 2013-02-26 00:32 - 00026069 _____ () C:\Windows\system32\nvinfo.pb
2014-05-20 04:44 - 2012-06-26 21:37 - 00061216 _____ (Khronos Group) C:\Windows\system32\OpenCL.dll
2014-05-20 04:44 - 2012-06-26 21:37 - 00052056 _____ (Khronos Group) C:\Windows\SysWOW64\OpenCL.dll
2014-05-20 03:25 - 2014-04-09 17:53 - 06769096 _____ (NVIDIA Corporation) C:\Windows\system32\nvcpl.dll
2014-05-20 03:25 - 2014-04-09 17:53 - 03514144 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvc64.dll
2014-05-20 03:25 - 2014-04-09 17:53 - 02560968 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvcr.dll
2014-05-20 03:25 - 2014-04-09 17:53 - 00927520 _____ (NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
2014-05-20 03:25 - 2014-04-09 17:53 - 00387528 _____ (NVIDIA Corporation) C:\Windows\system32\nvmctray.dll
2014-05-20 03:25 - 2014-04-09 17:53 - 00062808 _____ (NVIDIA Corporation) C:\Windows\system32\nvshext.dll
2014-05-20 01:10 - 2014-05-26 20:00 - 00601432 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvStreaming.exe
2014-05-15 01:49 - 2014-04-09 17:53 - 03774821 _____ () C:\Windows\system32\nvcoproc.bin
Some content of TEMP:
====================
C:\Users\Michi\AppData\Local\Temp\6_Offer_15.exe
C:\Users\Michi\AppData\Local\Temp\6_Offer_9.exe
C:\Users\Michi\AppData\Local\Temp\BackupSetup.exe
C:\Users\Michi\AppData\Local\Temp\Execute2App.exe
C:\Users\Michi\AppData\Local\Temp\f.exe
C:\Users\Michi\AppData\Local\Temp\gkc.exe
C:\Users\Michi\AppData\Local\Temp\incredibar_installer.exe
C:\Users\Michi\AppData\Local\Temp\iTunesPluginWinSetup_3.0.4.0.exe
C:\Users\Michi\AppData\Local\Temp\jre-7u11-windows-i586-iftw.exe
C:\Users\Michi\AppData\Local\Temp\jre-7u13-windows-i586-iftw.exe
C:\Users\Michi\AppData\Local\Temp\jre-7u17-windows-i586-iftw.exe
C:\Users\Michi\AppData\Local\Temp\jre-7u21-windows-i586-iftw.exe
C:\Users\Michi\AppData\Local\Temp\jre-7u25-windows-i586-iftw.exe
C:\Users\Michi\AppData\Local\Temp\jre-7u45-windows-i586-iftw.exe
C:\Users\Michi\AppData\Local\Temp\jre-7u51-windows-i586-iftw.exe
C:\Users\Michi\AppData\Local\Temp\jre-7u55-windows-i586-iftw.exe
C:\Users\Michi\AppData\Local\Temp\jre-7u7-windows-i586-iftw.exe
C:\Users\Michi\AppData\Local\Temp\jre-7u9-windows-i586-iftw.exe
C:\Users\Michi\AppData\Local\Temp\Last.fm-2.1.30.exe
C:\Users\Michi\AppData\Local\Temp\Last.fm-2.1.33.exe
C:\Users\Michi\AppData\Local\Temp\msvcp90.dll
C:\Users\Michi\AppData\Local\Temp\msvcr90.dll
C:\Users\Michi\AppData\Local\Temp\nvSCPAPI.dll
C:\Users\Michi\AppData\Local\Temp\nvSCPAPI64.dll
C:\Users\Michi\AppData\Local\Temp\nvStInst.exe
C:\Users\Michi\AppData\Local\Temp\SHSetup.exe
C:\Users\Michi\AppData\Local\Temp\SkypeSetup.exe
C:\Users\Michi\AppData\Local\Temp\SpotifyUpgrader.exe
C:\Users\Michi\AppData\Local\Temp\su-setup.exe
C:\Users\Michi\AppData\Local\Temp\swt-win32-3349.dll
C:\Users\Michi\AppData\Local\Temp\uninst1.exe
C:\Users\Michi\AppData\Local\Temp\UpdateCheckerSetup.exe
C:\Users\Michi\AppData\Local\Temp\vcredist_x64.exe
C:\Users\Michi\AppData\Local\Temp\VSUSetup.exe
C:\Users\Michi\AppData\Local\Temp\WebHelper_InstallDownload_1145.exe
==================== Bamital & volsnap Check =================
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2014-06-08 10:23
==================== End Of Log ============================
--- --- --- Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x64) Version: 11-06-2014 01
Ran by Michi at 2014-06-13 13:29:33
Running from C:\Users\Michi\Downloads
Boot Mode: Normal
==========================================================
==================== Security Center ========================
AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installed Programs ======================
Adobe Flash Player 13 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 13.0.0.214 - Adobe Systems Incorporated)
Adobe Flash Player 13 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 13.0.0.214 - Adobe Systems Incorporated)
Adobe Reader Free Download Packages (HKCU\...\Adobe Reader Free Download Packages) (Version: - ) <==== ATTENTION
Adobe Reader XI (11.0.03) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.03 - Adobe Systems Incorporated)
Apple Application Support (HKLM-x32\...\{AAC5D43E-816D-4C2D-8E51-55FFF35BE301}) (Version: 3.0.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{787136D2-F0F8-4625-AA3F-72D7795AC842}) (Version: 7.1.1.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
ASRock InstantBoot v1.23 (HKLM-x32\...\ASRock InstantBoot_is1) (Version: - )
ASRock OC Tuner v2.2.98 (HKLM-x32\...\ASRock OC Tuner_is1) (Version: - )
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Counter-Strike: Source (HKLM-x32\...\{9580813D-94B1-4C28-9426-A441E2BB29A5}) (Version: 1.0.0.0 - Valve)
DayZ (HKLM-x32\...\Steam App 221100) (Version: - Bohemia Interactive)
ExstraSavaingas (HKLM-x32\...\{C637A71C-A4B2-4B47-1B2A-1042A8D525A3}) (Version: - ExstraSavings) <==== ATTENTION
File Type Assistant (HKLM-x32\...\Trusted Software Assistant_is1) (Version: 2012.10.26.0 - ) <==== ATTENTION
GeForce Experience NvStream Client Components (Version: 1.6.28 - NVIDIA Corporation) Hidden
GIMP 2.8.10 (HKLM\...\GIMP-2_is1) (Version: 2.8.10 - The GIMP Team)
Google Chrome (HKCU\...\Google Chrome) (Version: 34.0.1847.116 - Google Inc.)
Guard.ICQ (HKLM-x32\...\Guard.Mail.ru) (Version: - Mail.ru) <==== ATTENTION
ICQ Sparberater (HKLM-x32\...\{0766C1B9-B2DC-46E5-8934-4F3D6B42B1BD}) (Version: 1.3.671 - solute gmbh)
ICQ7M (HKLM-x32\...\{781B39EC-2E18-41FC-9B00-B84E4FFCA85F}) (Version: 7.8 - ICQ)
iTunes (HKLM\...\{B8BA155B-1E75-405F-9CB4-8A99615D09DC}) (Version: 11.1.5.5 - Apple Inc.)
Java 7 Update 55 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217025FF}) (Version: 7.0.550 - Oracle)
Java Auto Updater (x32 Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden
JavaFX 2.1.1 (HKLM-x32\...\{1111706F-666A-4037-7777-211328764D10}) (Version: 2.1.1 - Oracle Corporation)
Last.fm Scrobbler 2.1.33 (HKLM-x32\...\LastFM_is1) (Version: - Last.fm)
Malwarebytes Anti-Malware Version 2.0.2.1012 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
McAfee Security Scan Plus (HKLM\...\McAfee Security Scan) (Version: 3.8.141.11 - McAfee, Inc.)
Microsoft .NET Framework 4.5.1 (DEU) (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Corporation (Version: 9.1.0.0 - Microsoft Corporation) Hidden
Microsoft Corporation (x32 Version: 9.1.0.0 - Microsoft Corporation) Hidden
Microsoft LifeCam (HKLM\...\{5CE7E3F5-9803-4F32-AA89-2D8848A80109}) (Version: 3.60.253.0 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft)
Microsoft Office 2007 Service Pack 3 (SP3) (x32 Version: - Microsoft) Hidden
Microsoft Office Access MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISE) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Enterprise 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Groove MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office InfoPath MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Live Add-in 1.5 (HKLM-x32\...\{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}) (Version: 2.0.4024.1 - Microsoft Corporation)
Microsoft Office Office 64-bit Components 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Outlook MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Italian) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (German) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) (x32 Version: - Microsoft) Hidden
Microsoft Office Publisher MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit MUI (German) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Silverlight (HKLM-x32\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 4.0.60310.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{6AFCA4E1-9B78-3640-8F72-A7BF33448200}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft_VC80_CRT_x86 (x32 Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC90_CRT_x86 (x32 Version: 1.00.0000 - Adobe) Hidden
Mozilla Firefox 17.0.1 (x86 de) (HKLM-x32\...\Mozilla Firefox 17.0.1 (x86 de)) (Version: 17.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 17.0.1 - Mozilla)
MTA:SA v1.3.1 (HKLM-x32\...\MTA:SA 1.3) (Version: v1.3.1 - Multi Theft Auto)
MyDriveConnect 3.3.0.1318 (HKLM-x32\...\MyDriveConnect) (Version: 3.3.0.1318 - TomTom)
NVIDIA 3D Vision Controller-Treiber 337.88 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 337.88 - NVIDIA Corporation)
NVIDIA 3D Vision Treiber 337.88 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 337.88 - NVIDIA Corporation)
NVIDIA GeForce Experience 1.8.2.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 1.8.2.1 - NVIDIA Corporation)
NVIDIA Grafiktreiber 337.88 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 337.88 - NVIDIA Corporation)
NVIDIA HD-Audiotreiber 1.3.30.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.30.1 - NVIDIA Corporation)
NVIDIA Install Application (Version: 2.1002.154.1168 - NVIDIA Corporation) Hidden
NVIDIA LED Visualizer 1.0 (Version: 1.0 - NVIDIA Corporation) Hidden
NVIDIA Network Service (Version: 1.0 - NVIDIA Corporation) Hidden
NVIDIA PhysX (x32 Version: 9.13.1220 - NVIDIA Corporation) Hidden
NVIDIA PhysX-Systemsoftware 9.13.1220 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.13.1220 - NVIDIA Corporation)
NVIDIA ShadowPlay 11.10.13 (Version: 11.10.13 - NVIDIA Corporation) Hidden
NVIDIA Stereoscopic 3D Driver (x32 Version: 7.17.12.6514 - NVIDIA Corporation) Hidden
NVIDIA Systemsteuerung 337.88 (Version: 337.88 - NVIDIA Corporation) Hidden
NVIDIA Update 11.10.13 (Version: 11.10.13 - NVIDIA Corporation) Hidden
NVIDIA Update Core (Version: 11.10.13 - NVIDIA Corporation) Hidden
NVIDIA Virtual Audio 1.2.20 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_VirtualAudio.Driver) (Version: 1.2.20 - NVIDIA Corporation)
Pando Media Booster (HKLM-x32\...\{980A182F-E0A2-4A40-94C1-AE0C1235902E}) (Version: 2.6.0.7 - Pando Networks Inc.)
pgcchelper (HKCU\...\pgcchelper) (Version: - )
Project64 1.6 (HKLM-x32\...\{9559F7CA-5E34-4237-A2D9-D856464AD727}) (Version: 1.6 - Project64)
PunkBuster Services (HKLM-x32\...\PunkBusterSvc) (Version: 0.993 - Even Balance, Inc.)
RandooemPrice (HKLM-x32\...\{8E8C2E2D-7F21-2CF5-0ADB-64935121ECF0}) (Version: - RandomPPrIce) <==== ATTENTION
Razer Game Booster (HKLM-x32\...\Razer Game Booster_is1) (Version: 4.2.42.0 - Razer Inc.)
Realtek Ethernet Controller Driver For Windows Vista and Later (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 1.00.0009 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.5919 - Realtek Semiconductor Corp.)
Revo Uninstaller 1.95 (HKLM-x32\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group)
SAMP-Keybinder (HKCU\...\SAMP-Keybinder) (Version: - )
Samsung Kies3 (HKLM-x32\...\InstallShield_{88547073-C566-4895-9005-EBE98EA3F7C7}) (Version: 3.2.14034.17 - Samsung Electronics Co., Ltd.)
Samsung Kies3 (x32 Version: 3.2.14034.17 - Samsung Electronics Co., Ltd.) Hidden
SHIELD Streaming (Version: 1.7.321 - NVIDIA Corporation) Hidden
Skype™ 6.14 (HKLM-x32\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.14.104 - Skype Technologies S.A.)
Spotify (HKCU\...\Spotify) (Version: 0.9.10.14.g578d350b - Spotify AB)
Steam (HKLM-x32\...\Steam) (Version: - Valve Corporation)
TeamSpeak 3 Client (HKLM-x32\...\TeamSpeak 3 Client) (Version: 3.0.13 - TeamSpeak Systems GmbH)
The Forest (HKLM-x32\...\Steam App 242760) (Version: - Endnight Games Ltd)
The War Z version alpha (HKLM-x32\...\{BC3051A7-1021-4B57-A3DA-AAC24566FAE7}_is1) (Version: alpha - Arktos Entertainment Group LLC)
Uninstall Helper (HKLM-x32\...\Uninstall Helper 2.0.0.0) (Version: 2.0.0.0 - W3i, LLC)
Uninstall Helper (x32 Version: 2.0.0.0 - W3i, LLC) Hidden
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{A024FC7B-77DE-45DE-A058-1C049A17BFB3}) (Version: - Microsoft)
Update for Microsoft Office 2007 suites (KB2687493) 32-Bit Edition (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6FAA03BD-2B51-4029-9AD9-64A3B8E3C84C}) (Version: - Microsoft)
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (HKLM-x32\...\{90120000-002A-0000-1000-0000000FF1CE}_ENTERPRISE_{CB68A5B0-3508-4193-AEB9-AF636DAECE0F}) (Version: - Microsoft)
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{CB68A5B0-3508-4193-AEB9-AF636DAECE0F}) (Version: - Microsoft)
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{E9A82945-BA29-4EE8-8F2A-2F49545E9CF2}) (Version: - Microsoft)
Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition (HKLM-x32\...\{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISE_{EA54F104-79D2-48CC-9ABC-91A63C43D353}) (Version: - Microsoft)
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2878234) 32-Bit Edition (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{EC1934B0-AE0F-4BBD-8955-54BB3247ED9E}) (Version: - Microsoft)
Update für Microsoft Office Excel 2007 Help (KB963678) (HKLM-x32\...\{90120000-0016-0407-0000-0000000FF1CE}_ENTERPRISE_{BEC163EC-7A83-48A1-BFB6-3BF47CC2F8CF}) (Version: - Microsoft)
Update für Microsoft Office Outlook 2007 Help (KB963677) (HKLM-x32\...\{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISE_{F6828576-6F79-470D-AB50-69D1BBADBD30}) (Version: - Microsoft)
Update für Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM-x32\...\{90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISE_{EA160DA3-E9B5-4D03-A518-21D306665B96}) (Version: - Microsoft)
Update für Microsoft Office Word 2007 Help (KB963665) (HKLM-x32\...\{90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISE_{38472199-D7B6-4833-A949-10E4EE6365A1}) (Version: - Microsoft)
Visual Studio C++ 10.0 Runtime (HKLM-x32\...\{4412F224-3849-4461-A3E9-DEEF8D252790}) (Version: 10.0.0 - TomTom International B.V.)
VLC media player 2.0.5 (HKLM-x32\...\VLC media player) (Version: 2.0.5 - VideoLAN)
WinRAR 4.11 (32-Bit) (HKLM-x32\...\WinRAR archiver) (Version: 4.11.0 - win.rar GmbH)
==================== Restore Points =========================
04-05-2014 21:02:59 Installed Samsung Kies3
04-05-2014 21:07:07 Installed Samsung Kies3
12-05-2014 16:07:49 Geplanter Prüfpunkt
17-05-2014 01:49:32 Windows Update
24-05-2014 09:39:25 Geplanter Prüfpunkt
25-05-2014 00:47:38 Windows Update
01-06-2014 11:24:02 Geplanter Prüfpunkt
07-06-2014 06:57:22 Revo Uninstaller's restore point - Buzz-it
07-06-2014 07:03:10 Revo Uninstaller's restore point - FindWide.com
07-06-2014 07:05:50 Revo Uninstaller's restore point - VO Package
==================== Hosts content: ==========================
2009-07-14 04:34 - 2009-06-10 23:00 - 00000824 ____N C:\Windows\system32\Drivers\etc\hosts
==================== Scheduled Tasks (whitelisted) =============
Task: {0410474A-F2BF-4BEC-A66B-1E09E7986B8A} - \Plus-HD-2.3-updater No Task File <==== ATTENTION
Task: {1F2DFF32-5ADD-4138-A63D-FF4FD390C8EA} - \Plus-HD-2.3-enabler No Task File <==== ATTENTION
Task: {266B57A1-FDFF-474A-AC86-62A34953F3F8} - \Plus-HD-2.3-codedownloader No Task File <==== ATTENTION
Task: {5AA76A6E-A2DB-4393-A312-DE9C5254A0B0} - \FF Watcher {5C9B005F-A4BA-4DBE-9D8C-4F8147879D27} No Task File <==== ATTENTION
Task: {63970BCD-C66D-4E81-87BA-16A3D57E2320} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-05-13] (Adobe Systems Incorporated)
Task: {687F129B-9953-4B95-8E87-D76F13F35B47} - \Mext Guard FBE8818C-5B13-48C2-A93E-AD731167DBF2 No Task File <==== ATTENTION
Task: {8EF02FA1-D124-40BD-9C80-5392306894BE} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1310588184-673581607-1649281803-1002Core => C:\Users\Michi\AppData\Local\Google\Update\GoogleUpdate.exe [2012-10-09] (Google Inc.)
Task: {BF94441A-AD62-4537-8771-4BA275B868C0} - \Advanced System Protector_startup No Task File <==== ATTENTION
Task: {C594804B-09A3-4FEB-8EF7-AFACC132AFCA} - \SW-Booster-S-1095609242 No Task File <==== ATTENTION
Task: {D8E48507-AB29-4671-9858-1B7834106CBF} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1310588184-673581607-1649281803-1002UA => C:\Users\Michi\AppData\Local\Google\Update\GoogleUpdate.exe [2012-10-09] (Google Inc.)
Task: {E2F36029-12AB-415F-A328-852C9E9ECDF4} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {E8FDFFCC-C6F3-4CEF-96AD-F7B809FFC743} - \ProgramUpdateCheck No Task File <==== ATTENTION
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1310588184-673581607-1649281803-1002Core.job => C:\Users\Michi\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1310588184-673581607-1649281803-1002UA.job => C:\Users\Michi\AppData\Local\Google\Update\GoogleUpdate.exe
==================== Loaded Modules (whitelisted) =============
2014-04-09 17:53 - 2014-05-20 03:25 - 00116568 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2012-10-02 20:34 - 2012-10-02 20:34 - 01564368 _____ () C:\Program Files (x86)\Guard-ICQ\GuardICQ.exe
2013-08-21 08:37 - 2013-08-21 08:37 - 00465920 _____ () C:\Users\Michi\AppData\Local\pgcchelper\pgcchelper.exe
2013-06-16 18:57 - 2014-03-19 20:16 - 00076888 _____ () C:\Windows\SysWOW64\PnkBstrA.exe
2014-06-06 23:57 - 2014-05-23 13:11 - 00640512 _____ () C:\Program Files (x86)\Flash Component Manager\srvhelper32.exe
2014-02-06 01:52 - 2014-02-06 01:52 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-02-06 01:52 - 2014-02-06 01:52 - 01044808 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2014-06-06 23:57 - 2014-03-14 22:25 - 00236544 _____ () C:\Program Files (x86)\Flash Component Manager\sqlite3.dll
2014-04-10 17:34 - 2014-04-02 03:57 - 00065352 _____ () C:\Users\Michi\AppData\Local\Google\Chrome\Application\34.0.1847.116\chrome_elf.dll
2014-04-10 17:34 - 2014-04-02 03:57 - 00674632 _____ () C:\Users\Michi\AppData\Local\Google\Chrome\Application\34.0.1847.116\libglesv2.dll
2014-04-10 17:34 - 2014-04-02 03:57 - 00093000 _____ () C:\Users\Michi\AppData\Local\Google\Chrome\Application\34.0.1847.116\libegl.dll
2014-04-10 17:34 - 2014-04-02 03:57 - 04081480 _____ () C:\Users\Michi\AppData\Local\Google\Chrome\Application\34.0.1847.116\pdf.dll
2014-04-10 17:34 - 2014-04-02 03:58 - 00390472 _____ () C:\Users\Michi\AppData\Local\Google\Chrome\Application\34.0.1847.116\ppGoogleNaClPluginChrome.dll
2014-04-10 17:34 - 2014-04-02 03:57 - 01647432 _____ () C:\Users\Michi\AppData\Local\Google\Chrome\Application\34.0.1847.116\ffmpegsumo.dll
==================== Alternate Data Streams (whitelisted) =========
AlternateDataStreams: C:\ProgramData\TEMP:AD022376
AlternateDataStreams: C:\Users\Michi\Anwendungsdaten:NT
AlternateDataStreams: C:\Users\Michi\AppData\Roaming:NT
==================== Safe Mode (whitelisted) ===================
==================== EXE Association (whitelisted) =============
==================== MSCONFIG/TASK MANAGER disabled items =========
==================== Faulty Device Manager Devices =============
Name: Diskettenlaufwerk
Description: Diskettenlaufwerk
Class Guid: {4d36e980-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standarddiskettenlaufwerke)
Service: flpydisk
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
==================== Event log errors: =========================
Application errors:
==================
System errors:
=============
Microsoft Office Sessions:
=========================
CodeIntegrity Errors:
===================================
Date: 2014-03-15 11:21:39.208
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Users\Michi\AppData\Local\Temp\EverestDriver.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
Date: 2014-03-15 11:21:39.071
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Users\Michi\AppData\Local\Temp\EverestDriver.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
Date: 2014-03-15 11:21:38.376
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files (x86)\Lavalys\EVEREST Home Edition\kerneld.amd64" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
Date: 2014-03-15 11:21:38.241
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files (x86)\Lavalys\EVEREST Home Edition\kerneld.amd64" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
==================== Memory info ===========================
Percentage of memory in use: 26%
Total physical RAM: 6143.29 MB
Available physical RAM: 4524.66 MB
Total Pagefile: 12284.75 MB
Available Pagefile: 10457.09 MB
Total Virtual: 8192 MB
Available Virtual: 8191.84 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:465.66 GB) (Free:253.17 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 466 GB) (Disk ID: 9BE4D79E)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=466 GB) - (Type=07 NTFS)
==================== End Of Log ============================
Geändert von BigMike (13.06.2014 um 12:30 Uhr) |
|
13.06.2014, 13:25
| #8 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | getwindowinfo Internet Explorer Virus Okay, dann jetzt Kontrollscans mit MBAM und ESET bitte: Downloade Dir bitte  Malwarebytes Anti-Malware
ESET Online Scanner
__________________ Logfiles bitte immer in CODE-Tags posten |
|
14.06.2014, 19:59
| #9 |
| | getwindowinfo Internet Explorer VirusCode:
ATTFilter Malwarebytes Anti-Malware www.malwarebytes.org Suchlauf Datum: 14.06.2014 Suchlauf-Zeit: 08:09:18 Logdatei: mbam.txt Administrator: Ja Version: 2.00.2.1012 Malware Datenbank: v2014.06.14.01 Rootkit Datenbank: v2014.06.02.01 Lizenz: Testversion Malware Schutz: Aktiviert Bösartiger Webseiten Schutz: Aktiviert Self-protection: Deaktiviert Betriebssystem: Windows 7 Service Pack 1 CPU: x64 Dateisystem: NTFS Benutzer: Michi Suchlauf-Art: Bedrohungs-Suchlauf Ergebnis: Abgeschlossen Durchsuchte Objekte: 296511 Verstrichene Zeit: 15 Min, 36 Sek Speicher: Aktiviert Autostart: Aktiviert Dateisystem: Aktiviert Archive: Aktiviert Rootkits: Deaktiviert Heuristics: Aktiviert PUP: Aktiviert PUM: Aktiviert Prozesse: 0 (No malicious items detected) Module: 0 (No malicious items detected) Registrierungsschlüssel: 0 (No malicious items detected) Registrierungswerte: 0 (No malicious items detected) Registrierungsdaten: 0 (No malicious items detected) Ordner: 0 (No malicious items detected) Dateien: 2 PUP.Optional.BundleInstaller.A, C:\Users\Michi\Downloads\flashplayerpro-setup.exe, In Quarantäne, [f1689bdd9cdf71c543bdf256b7491ee2], PUP.Optional.OutBrowse, C:\Users\Michi\Downloads\setup (1).exe, In Quarantäne, [27326f094734092d439def987d84be42], Physische Sektoren: 0 (No malicious items detected) (end) Code:
ATTFilter ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7587
# api_version=3.0.2
# EOSSerial=9c79f013b34bc74ca444643c354a3ed5
# engine=18711
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2014-06-14 10:42:08
# local_time=2014-06-14 12:42:08 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1031
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode_1=''
# compatibility_mode=5893 16776573 100 94 84345 154372378 0 0
# scanned=280238
# found=97
# cleaned=0
# scan_time=14504
sh=1DF23A4A618AE7D6F32E7382C229F2CA7E251F10 ft=1 fh=3dcd7cf712a7eb3d vn="Variante von Win32/Toolbar.TNT2.C evtl. unerwünschte Anwendung" ac=I fn="C:\$Recycle.Bin\S-1-5-21-1310588184-673581607-1649281803-1002\$R26RSYQ.dll"
sh=06AE5ED1B268883295D7748C6DD72DA2CE185661 ft=1 fh=366dcfd0de594c92 vn="Variante von Win32/Toolbar.TNT2.C evtl. unerwünschte Anwendung" ac=I fn="C:\$Recycle.Bin\S-1-5-21-1310588184-673581607-1649281803-1002\$R5CF9X4.dll"
sh=FB1920830A473FFB62F4B78BC0D1C565BCCEF4B2 ft=1 fh=c71c0011cbd7a9e5 vn="Variante von Win32/Toolbar.TNT2.H evtl. unerwünschte Anwendung" ac=I fn="C:\$Recycle.Bin\S-1-5-21-1310588184-673581607-1649281803-1002\$RDP6VAE.dll"
sh=4E3A439F5538B4E32903325FBE2E85B71A3027EE ft=1 fh=2cc4b888328f3b60 vn="Variante von Win32/Toolbar.TNT2.C evtl. unerwünschte Anwendung" ac=I fn="C:\$Recycle.Bin\S-1-5-21-1310588184-673581607-1649281803-1002\$RSY2RX8.dll"
sh=00B959AC9BCB43A72F7D00A5EA7BC40496C5D569 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Backup\C\Users\Michi\AppData\Roaming\Mozilla\Firefox\Profiles\4c7lz8yl.default\prefs_07_06_2014_09_20_40.js"
sh=1BF0EAFD4D0915326B34FAF88F239FD8147D6B36 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Backup\C\Users\Michi\AppData\Roaming\Mozilla\Firefox\Profiles\4c7lz8yl.default\prefs_07_06_2014_09_25_45.js"
sh=1BF0EAFD4D0915326B34FAF88F239FD8147D6B36 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Backup\C\Users\Michi\AppData\Roaming\Mozilla\Firefox\Profiles\4c7lz8yl.default\prefs_11_06_2014_17_29_22.js"
sh=1BF0EAFD4D0915326B34FAF88F239FD8147D6B36 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Backup\C\Users\Michi\AppData\Roaming\Mozilla\Firefox\Profiles\4c7lz8yl.default\prefs_13_06_2014_13_02_28.js"
sh=0BF20C6FC11A2C5138A9582D2A0DB5DC3F0F4245 ft=1 fh=36a036a5d203211d vn="Variante von Win32/Toolbar.BitCocktail.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\V-bates\ExtensionUpdaterService.exe.vir"
sh=5C0ACF61FAB27BFBA1A1D0519280A2F7B69E4ED3 ft=1 fh=3a60bcbd0b2964b5 vn="Variante von Win32/FileTypeAssistant.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\File Type Assistant\tsassist.exe.vir"
sh=76039D5A64EF897B1AA388EED70452774019DB59 ft=1 fh=890f56b03e669e11 vn="Win32/Somoto.D evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\FilesFrog Update Checker\update_checker.exe.vir"
sh=0DAFA42039405F8D49A6790180194076BD57C833 ft=1 fh=c71c001147036410 vn="Variante von Win32/AdWare.MultiPlug.N Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\soaVe net\Iu.dll.vir"
sh=61CB4B5228E6253863391EF3346C2F9920DBC554 ft=1 fh=c71c00112b13579c vn="Variante von Win64/Adware.MultiPlug.A Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\soaVe net\Iu.x64.dll.vir"
sh=32F99788C6D45851A067C84FFFA1116E54CA3EF3 ft=1 fh=c71c00116263307f vn="Variante von Win32/SProtector.D evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\SW-Booster\Assistant.dll.vir"
sh=1B26B0B47757F786A8FEE44847BDBB959DD19A58 ft=1 fh=e26ac01139d0474f vn="Variante von Win32/SProtector.D evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\SW-Booster\AssistantSvc.dll.vir"
sh=AE4B3ECB491AEF6D1594361E820A6FCC8EF44E3E ft=1 fh=c71c0011d35ff60a vn="Variante von Win64/SProtector.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\SW-Booster\Assistant_x64.dll.vir"
sh=25B83E1B69CA8CAFCE103A9833F567672C164573 ft=1 fh=a188172b8a182019 vn="Variante von Win32/InstallIQ.C evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\w3i\UninstallHelper\UninstallHelper.exe.vir"
sh=C4ECD569EC63E6741D5A0BDA7C02AC4B3302C7B9 ft=1 fh=b3ce349f22d4038f vn="Variante von Win32/Adware.Yontoo.A Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Yontoo\YontooIEClient.dll.vir"
sh=F67F6FBC329458A537FCD6610AC87A6FDEABA91A ft=0 fh=0000000000000000 vn="Mehrere Bedrohungen" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Yontoo\YontooLayers.crx.vir"
sh=6F7DA0B999F2A216A65FC4F4740D1E37BF8D3DAD ft=1 fh=c71c0011adf2139a vn="Variante von Win32/AdWare.MultiPlug.T Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\ProgramData\ExstraSavaingas\7ZnaO.dll.vir"
sh=0BFE90FAB6F10C0104F69A06184B63F7FBDBFD93 ft=1 fh=c71c0011f25c11fd vn="Variante von Win32/AdWare.MultiPlug.T Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\ProgramData\ExstraSavaingas\7ZnaO.exe.vir"
sh=17B24E567626BE32B4ED4541A957BA3EC1E8DA41 ft=1 fh=c71c0011b9dd8ce9 vn="Variante von Win64/Adware.MultiPlug.C Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\ProgramData\ExstraSavaingas\7ZnaO.x64.dll.vir"
sh=6F7DA0B999F2A216A65FC4F4740D1E37BF8D3DAD ft=1 fh=c71c0011adf2139a vn="Variante von Win32/AdWare.MultiPlug.T Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\ProgramData\ExsTraSSavuiings\m.dll.vir"
sh=0BFE90FAB6F10C0104F69A06184B63F7FBDBFD93 ft=1 fh=c71c0011f25c11fd vn="Variante von Win32/AdWare.MultiPlug.T Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\ProgramData\ExsTraSSavuiings\m.exe.vir"
sh=17B24E567626BE32B4ED4541A957BA3EC1E8DA41 ft=1 fh=c71c0011b9dd8ce9 vn="Variante von Win64/Adware.MultiPlug.C Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\ProgramData\ExsTraSSavuiings\m.x64.dll.vir"
sh=A3CA60F5F808B66C9A8F3081E135CF845C512D53 ft=1 fh=c71c00113363d678 vn="Variante von Win32/AdWare.MultiPlug.N Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\ProgramData\RandooemPrice\VsmjmPNWP.dll.vir"
sh=70622B1220013C8A7EF9B55FA2C840B4D3CF5A8D ft=1 fh=c71c0011adaa876f vn="Variante von Win32/AdWare.MultiPlug.K.gen Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\ProgramData\RandooemPrice\VsmjmPNWP.exe.vir"
sh=99C76741040BC8A8291EF04F06BFDDD906254803 ft=1 fh=c71c00112cdc9dea vn="Variante von Win64/Adware.MultiPlug.A Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\ProgramData\RandooemPrice\VsmjmPNWP.x64.dll.vir"
sh=3CA4031563A9844FF9D10D745D5365A902F556F8 ft=1 fh=c71c001187a3523d vn="Variante von Win32/AdWare.MultiPlug.T Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\ProgramData\soaVe net\w4C.exe.vir"
sh=3B2C90B0A0AF44B405D746E437ACBE2DA1E5E741 ft=1 fh=d0e8a9f046f91a20 vn="Win32/TrojanDownloader.Agent.AFD Trojaner" ac=I fn="C:\AdwCleaner\Quarantine\C\ProgramData\SuperbApp\SW-Booster\SW-Booster.exe.vir"
sh=5CA319EBA10412E2FF4A47FD20624385C11A0C2A ft=1 fh=8ad6e907be4811df vn="Variante von Win32/Adware.Yontoo.B Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\ProgramData\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\_Setupx.dll.vir"
sh=16068B8977B4DC562AE782D91BC009472667E331 ft=1 fh=c3b5a87b7d152749 vn="Variante von Win32/DownloadSponsor.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Michi\AppData\Local\Temp\OCS\ocs_v71a.exe.vir"
sh=14065C1C971F33193A96BB085D4679E9C1818A16 ft=1 fh=c6a54c6eeef6ff53 vn="Variante von Win32/Toolbar.Conduit.B evtl. unerwünschte Anwendung" ac=I fn="C:\downloads\Elf_1.15.exe"
sh=660850048BCAEC5F4E968A82B3705EA7DBEBE6CF ft=1 fh=d04bcc2c2cbaf643 vn="Variante von Win32/Toolbar.Conduit.B evtl. unerwünschte Anwendung" ac=I fn="C:\downloads\FreeYouTubeToMp3Converter.exe"
sh=D66CF06B8760DD8094AE26B85F47BBDB442F80ED ft=1 fh=17056912def553f7 vn="Variante von Win32/Toolbar.Conduit.B evtl. unerwünschte Anwendung" ac=I fn="C:\downloads\FreeYouTubeToMp3Converter3512.exe"
sh=C5388074F31DF07BE6C1DDEF0D762EC5A8819E77 ft=1 fh=fcf810b56806cfeb vn="Variante von Win32/Toolbar.Conduit.B evtl. unerwünschte Anwendung" ac=I fn="C:\downloads\FreeYouTubeToMp3Converter39.exe"
sh=66ECEF5D18187954844CAB9910E489FC625CE9F1 ft=1 fh=7967eca643e0945b vn="Variante von Win32/YourFileDownloader evtl. unerwünschte Anwendung" ac=I fn="C:\downloads\looking_at_your_booty_by_ying_yang_twins_ft_4_ize_downloader_98850a.exe"
sh=973E497297B1BFB38EC37741ECC7EA700AF839F7 ft=1 fh=b32aad67fea6aa23 vn="Variante von Win32/RegistryBooster evtl. unerwünschte Anwendung" ac=I fn="C:\downloads\registrybooster(2).exe"
sh=4F2D36ED258831AFCDFB8FE1B1642EFD71B97C1F ft=1 fh=7eec0025bb12ca32 vn="Variante von Win32/RegistryBooster evtl. unerwünschte Anwendung" ac=I fn="C:\downloads\registrybooster.exe"
sh=337251A405FD17A4C6B60CACA8922EEEC31330DD ft=1 fh=66dd9fb2ec732841 vn="Variante von Win32/SoftonicDownloader.A evtl. unerwünschte Anwendung" ac=I fn="C:\downloads\SoftonicDownloader69496.exe"
sh=7A751BC4A55A9E0D8A70C94366189F7A53519694 ft=1 fh=eb3503b3ec732841 vn="Variante von Win32/SoftonicDownloader.A evtl. unerwünschte Anwendung" ac=I fn="C:\downloads\SoftonicDownloader94114.exe"
sh=1CA3B1AF6A5685939A2C865E477CF7BF859FACFA ft=1 fh=679aee314474db9d vn="Win32/SoftonicDownloader.A evtl. unerwünschte Anwendung" ac=I fn="C:\downloads\SoftonicDownloader_fuer_visualboyadvance.exe"
sh=85357B8FEA0CE95B5ACFF2F036AF4EF1A6397E12 ft=1 fh=b25821f7c145808a vn="Variante von Win32/SweetIM.A evtl. unerwünschte Anwendung" ac=I fn="C:\downloads\SweetImSetup.exe"
sh=A81F02B40EBAACA1AF310DDCFA18C16C234F13DA ft=1 fh=53234b49fd8c4d85 vn="Variante von Win32/Tivmonk.B Trojaner" ac=I fn="C:\Program Files (x86)\Flash Component Manager\srvhelper32.exe"
sh=19C57157C2E9B58037A7D2BCA4909CBF125E9A23 ft=1 fh=c71c001198f425ea vn="Win32/InstalleRex.M evtl. unerwünschte Anwendung" ac=I fn="C:\ProgramData\InstallMate\{CA084FD2-E69F-4EA9-AC42-AEBD11EB6D24}\Custom.dll"
sh=19C57157C2E9B58037A7D2BCA4909CBF125E9A23 ft=1 fh=c71c001198f425ea vn="Win32/InstalleRex.M evtl. unerwünschte Anwendung" ac=I fn="C:\Users\All Users\InstallMate\{CA084FD2-E69F-4EA9-AC42-AEBD11EB6D24}\Custom.dll"
sh=8BABE6BD92D6DA686154873CD5EB0B796C8FA42D ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.A evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Michi\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\AE0KL8MZ\coupons_intext_ads_5_m[1].js"
sh=4975A002E2B6A6FCFED7E6C03BBA5E61B5840B70 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.A evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Michi\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\AE0KL8MZ\dealply_m[1].js"
sh=F9C9BFDAB4C0D14484AFBFCD77B849B68F3A322C ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.A evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Michi\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\AE0KL8MZ\intext_adv_m[1].js"
sh=91A2DA51A06017D4FB10D2259CA572160B9B4CA9 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Michi\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\AE0KL8MZ\superfish_m[1].js"
sh=44ED55CB1079D34027CB77CD62248064FF5A0A09 ft=1 fh=3916453e74289c7d vn="Win32/VOPackage.B evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Michi\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\AE0KL8MZ\VuuPC-Installer[1].exe"
sh=102D955F8711A0E320F1BCFA753240DBB9C39C4B ft=1 fh=2c28ece8e36620f3 vn="Variante von Win32/Toolbar.Perion.G evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Michi\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\CVBJYQ4B\sg[1].exe"
sh=C8C8B305076C61FC91D073A54DE0EA50FC67619A ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.A evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Michi\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\N51ILUUF\ads_only_5_m[1].js"
sh=140BE41E58E7CB6E9B38B4ED892886CED78C2E58 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.A evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Michi\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\N51ILUUF\corticas_m[1].js"
sh=1ACBDE6A28470C5787F8BA42ADA7279029BA4D32 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.A evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Michi\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\N51ILUUF\cortica_m[1].js"
sh=9516EE6BB795B5ADF1449C8AB2A69CBA58C56719 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.A evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Michi\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\N51ILUUF\luck_m[1].js"
sh=FB769B3B65B545D39552BC5E5F106D62EC09B9E3 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Michi\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\N51ILUUF\monetizationLoader[1].js"
sh=0CE78CDB7AE8C457229124E383DA64FBDE7AE471 ft=1 fh=fd716b0c5f46d82e vn="Win32/OutBrowse.R evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Michi\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\N51ILUUF\SearchProtectGeneric4Setup[1].exe"
sh=1FBCCE3ECEBD5955F90E91C6B6B74EE06783CD66 ft=1 fh=cdd42cd0b2145c18 vn="Variante von Win32/Conduit.SearchProtect.N evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Michi\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\N51ILUUF\spstub[1].exe"
sh=FB9F8E113955A5FC70823563FD75780434A05700 ft=1 fh=859e5a61cf26c0f4 vn="Variante von Win32/Toolbar.BitCocktail.B evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Michi\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\N51ILUUF\v-bates[1].exe"
sh=8FCCD38B84B988EEAF53A7C938F5AC973C91AA58 ft=0 fh=0000000000000000 vn="Win32/Toolbar.Montiera.I evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Michi\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\PJ3QVNIL\IncredibarToolbar[1].7z"
sh=B32E8B7B8D9079D02EA3F8F9B0B35048B12A3F07 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.A evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Michi\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\W93VYTVY\icm_m[1].js"
sh=54C882ADC94298EEED33D4249151BE9EB810BBA3 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.A evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Michi\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\W93VYTVY\jollywallet_m[1].js"
sh=3CC6DF16D640E12B9516B29C4FB861393E5F5702 ft=1 fh=ac3e87b10a9c8343 vn="Variante von Win32/Speedchecker.A evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Michi\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\W93VYTVY\pcspeedup1-6[1].exe"
sh=064998775930A5B4DEFAC1B64A38B7FBD90334F5 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.A evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Michi\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\W93VYTVY\similar_web_m[1].js"
sh=6B4372E517F582ED30D5A7FE077C6EB3592889AE ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.A evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Michi\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZUQGH068\coupish_m[1].js"
sh=4AD40410B772BA23B08FE8EADE8AC75B46FBF70B ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.A evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Michi\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZUQGH068\intext_5_m[1].js"
sh=BDA8863493E32B37784BD74C3A238D5486F3CF64 ft=1 fh=7c218d6cc156ce81 vn="Win32/InstallCore.OH evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Michi\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZUQGH068\Setup[1].exe"
sh=4E7B680E849A1337D71405401B55648BA7072A22 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Michi\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZUQGH068\superfish_no_coupons_m[1].js"
sh=0DC0CD5999915AFF6CE7B37155A9B8AA17818039 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.A evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Michi\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZUQGH068\superfish_no_search_no_coupons_m[1].js"
sh=1D0D0004624903CF66D059CC3EFB513926B2B8BC ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.A evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Michi\AppData\Local\Mozilla\Firefox\Profiles\4c7lz8yl.default\Cache\1\20\F7C27d01"
sh=E008307C95AD4C1D040B009D307E13C03146B1BF ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.A evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Michi\AppData\Local\Mozilla\Firefox\Profiles\4c7lz8yl.default\Cache\1\25\1569Fd01"
sh=4975A002E2B6A6FCFED7E6C03BBA5E61B5840B70 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.A evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Michi\AppData\Local\Mozilla\Firefox\Profiles\4c7lz8yl.default\Cache\1\81\CF42Fd01"
sh=76383B8DE33E6BBFB98D545DEA12B018A0A8F2C8 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Michi\AppData\Local\Mozilla\Firefox\Profiles\4c7lz8yl.default\Cache\5\31\71DB0d01"
sh=1F2641FFCA5C1DACAAA217BE7C9989F7AC05C1A1 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.A evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Michi\AppData\Local\Mozilla\Firefox\Profiles\4c7lz8yl.default\Cache\B\3E\3B78Bd01"
sh=BB51F0B482DCE267913B695EBCDD1E9AF79583A7 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Michi\AppData\Local\Mozilla\Firefox\Profiles\4c7lz8yl.default\Cache\E\71\0E919d01"
sh=54C882ADC94298EEED33D4249151BE9EB810BBA3 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.A evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Michi\AppData\Local\Mozilla\Firefox\Profiles\4c7lz8yl.default\Cache\F\C5\CDC2Fd01"
sh=6C4BEA15F2A864E8C0BB467B369C1607ADED4594 ft=1 fh=9c3c3228e1e883d9 vn="Variante von Win32/OutBrowse.D evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Michi\AppData\Local\Temp\f.exe"
sh=BDA8863493E32B37784BD74C3A238D5486F3CF64 ft=1 fh=7c218d6cc156ce81 vn="Win32/InstallCore.OH evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Michi\AppData\Local\Temp\ICReinstall_nsj29AE.tmp"
sh=BDA8863493E32B37784BD74C3A238D5486F3CF64 ft=1 fh=7c218d6cc156ce81 vn="Win32/InstallCore.OH evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Michi\AppData\Local\Temp\nsj29AE.tmp"
sh=F3C848B67FD2914516F83FB65B204F61768C4EFB ft=1 fh=b7e14907d3f07c71 vn="Win32/Somoto.D evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Michi\AppData\Local\Temp\UpdateCheckerSetup.exe"
sh=E0814D0F17EE1122F6D3507DC676030F8E1CC133 ft=1 fh=0e0f46db8e6ee8c4 vn="Win32/Toolbar.Babylon.I evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Michi\AppData\Local\Temp\2BDC85AA-BAB0-7891-82E4-8EF9DFD7909E\Latest\BabMaint.exe"
sh=8E7D9F1AEB7A9F9F544CE537DA336E2FD9D8EB89 ft=1 fh=e5f85f840a14464b vn="Variante von Win32/Toolbar.Babylon.F evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Michi\AppData\Local\Temp\2BDC85AA-BAB0-7891-82E4-8EF9DFD7909E\Latest\BExternal.dll"
sh=E2BA5F8A7BD2BAF32FF31730BAD873C8E7957030 ft=1 fh=6e8622963c31f56a vn="Variante von Win32/Toolbar.Babylon.P evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Michi\AppData\Local\Temp\2BDC85AA-BAB0-7891-82E4-8EF9DFD7909E\Latest\BUSolution.dll"
sh=C48D1C278D0434F3BBAF273134265DBA5F720003 ft=1 fh=bedeb8cbd68127e1 vn="Variante von Win32/Toolbar.Babylon.E evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Michi\AppData\Local\Temp\2BDC85AA-BAB0-7891-82E4-8EF9DFD7909E\Latest\IEHelper.dll"
sh=9F82BB5DC8D4EC6B8B2BB47CB6C329B8AF1C14CE ft=1 fh=c92ed1f3ca58c043 vn="Win32/InstallCore.AZ evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Michi\AppData\Local\Temp\is1852162411\uninstaller.exe"
sh=9F82BB5DC8D4EC6B8B2BB47CB6C329B8AF1C14CE ft=1 fh=c92ed1f3ca58c043 vn="Win32/InstallCore.AZ evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Michi\AppData\Roaming\1O1L1I1PtF1F1C1N\Adobe Reader Free Download Packages\uninstaller.exe"
sh=80DCD45AC469856BA925C92D709768DFBD37B4FD ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Michi\AppData\Roaming\Mozilla\Firefox\Profiles\4c7lz8yl.default\prefs.js"
sh=0E0860BAB77606C2E3A003A0085D8FF95850D7A2 ft=1 fh=640e68aae6de25ea vn="Win32/InstallCore.BL evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Michi\Downloads\AdobeReaderSetup-8631360-tfsb.exe"
sh=0730F3D050959A72D0552A8231A803A2807CA7BB ft=1 fh=fd26318becbcfbc5 vn="Variante von Win32/Tivmonk.B Trojaner" ac=I fn="C:\Users\Michi\Downloads\Flash-3-Update5232014.exe"
sh=343108076113A954195B0D2E3196B2C4863E114A ft=1 fh=228e763145dd1d97 vn="Variante von Win32/Packed.Themida evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Michi\Downloads\grplauncher0.8.3.exe"
sh=4F921F459D934D572C15D62C5275E847E3BE33BD ft=1 fh=d7009a59671e0399 vn="Variante von Win32/DownloadSponsor.A evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Michi\Downloads\Razer Game Booster - CHIP-Downloader.exe"
sh=0DD899975A2693FE6005462F5B6C00D0B6074FA7 ft=1 fh=a2885cb25c329cad vn="Variante von Win32/DownloadSponsor.A evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Michi\Downloads\Steam - CHIP-Downloader.exe"
sh=5C2B89C2A43E773193AEBA70E9DE939C30E168CD ft=1 fh=4cc71a88a73883c4 vn="Variante von Win32/DownloadSponsor.A evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Michi\Downloads\TeamSpeak 3 32 Bit - CHIP-Downloader.exe"
sh=FA6B38AAAC213F1FBB6D46BC286C5AF66048C392 ft=1 fh=a5f88c48a94033ea vn="Variante von Win32/Toolbar.Perion.A evtl. unerwünschte Anwendung" ac=I fn="C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0PS72R2M\update[1]"
sh=FA6B38AAAC213F1FBB6D46BC286C5AF66048C392 ft=1 fh=a5f88c48a94033ea vn="Variante von Win32/Toolbar.Perion.A evtl. unerwünschte Anwendung" ac=I fn="C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0PS72R2M\update[1]"
sh=0000000000000000000000000000000000000000 ft=- fh=0000000000000000 vn="Variante von Win32/Tivmonk.B Trojaner" ac=I fn="${Memory}"
|
|
14.06.2014, 23:51
| #10 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | getwindowinfo Internet Explorer Virus Sehr viel Blödsinn als Rest  TFC - Temp File Cleaner Lade dir  TFC (TempFileCleaner von Oldtimer) herunter und speichere es auf den Desktop.
Sieht soweit ok aus  Wegen Cookies und anderer Dinge im Web: Um die Pest von vornherein zu blocken (also TrackingCookies, Werbebanner etc.) müsstest du dir mal sowas wie MVPS Hosts File anschauen => Blocking Unwanted Parasites with a Hosts File - sinnvollerweise solltest du alle 4 Wochen mal bei MVPS nachsehen, ob er eine neue Hosts Datei herausgebracht hat. Ist aber nur optional. Um Usertracking zu verhindern kann man gut die Firefox-Erweiterung Ghostery verwenden. Info: Cookies sind keine Schädlinge direkt, aber es besteht die Gefahr der missbräuchlichen Verwendung (eindeutige Wiedererkennung zB für gezielte Werbung o.ä. => HTTP-Cookie ) Ansonsten gibt es noch gute Cookiemanager, Erweiterungen für den Firefox zB wäre da CookieCuller Wenn du aber damit leben kannst, dich bei jeder Browsersession überall neu einzuloggen (zB Facebook, Ebay, GMX, oder auch Trojaner-Board) dann stell den Browser einfach so ein, dass einfach alles beim Beenden des Browser inkl. Cookies gelöscht wird. Ist dein System nun wieder in Ordnung oder gibt's noch andere Funde oder Probleme?
__________________ Logfiles bitte immer in CODE-Tags posten |
|
Linear-Darstellung
