| |
| |||||||
Log-Analyse und Auswertung: Firefox, doppelt unterstrichene, grüne Textstellen, bei Mauszeigerkontakt Pop-up WerbungWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
14.01.2014, 17:18
| #1 |
| |  Firefox, doppelt unterstrichene, grüne Textstellen, bei Mauszeigerkontakt Pop-up Werbung Hallo, ich habe mir da wohl was eingefangen. Im Firefox erscheinen im normalen Webseitentext einzelne Worte grün geschrieben und doppelt unterstrichen. Wenn ich mit der Maus über diese Worte fahre erscheinen Pop-up-Fenster mit Werbung für einen Mediaplayer. Scan mit Norton 360 konnte dies nicht beheben. =( FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 13-01-2014 02
Ran by R0ff3l (administrator) on BLUPP-PC on 14-01-2014 17:19:38
Running from C:\Users\R0ff3l\Desktop
Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 9
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
() C:\Program Files (x86)\Dokan\DokanLibrary\mounter.exe
() F:\Program Files\EslWire\service\WireHelperSvc.exe
(Symantec Corporation) C:\Program Files (x86)\Norton 360\Engine\6.4.1.14\ccsvchst.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
(Symantec Corporation) C:\Program Files (x86)\Norton 360\Engine\6.4.1.14\ccsvchst.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Logitech Inc.) C:\Program Files\Logitech Gaming Software\LCore.exe
(AMD) C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe
(AMD) C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM64.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Logitech Inc.) C:\Program Files\Logitech Gaming Software\Applets\LCDClock.exe
(Logitech Inc.) C:\Program Files\Logitech Gaming Software\Applets\LCDMedia.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(ESET) C:\Program Files (x86)\ESET\ESET Online Scanner\OnlineScannerApp.exe
() C:\Program Files (x86)\ESET\ESET Online Scanner\OnlineCmdLineScanner.exe
(Valve Corporation) F:\Program Files (x86)\Steam\Steam.exe
(Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe
(TeamSpeak Systems GmbH) F:\Users\R0ff3l\AppData\Local\TeamSpeak 3 Client\ts3client_win32.exe
(Mozilla Corporation) D:\Program Files (x86)\Mozilla Firefox\firefox.exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13374568 2011-12-13] (Realtek Semiconductor)
HKLM\...\Run: [Launch LCore] - C:\Program Files\Logitech Gaming Software\LCore.exe [6868280 2012-05-21] (Logitech Inc.)
HKLM-x32\...\Run: [GrooveMonitor] - D:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [33648 2007-08-24] (Microsoft Corporation)
HKLM-x32\...\Run: [] - [x]
HKLM-x32\...\Run: [StartCCC] - C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [642656 2013-03-28] (Advanced Micro Devices, Inc.)
HKCU\...\Run: [HydraVisionDesktopManager] - C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe [393216 2011-07-28] (AMD)
MountPoints2: {1a27416e-43a8-11e3-91d8-001966e92b52} - H:\Startme.exe
IFEO\taskmgr.exe: [Debugger] "C:\USERS\R0FF3L\DOCUMENTS\PROCEXP.EXE"
Startup: C:\Users\R0ff3l\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Logitech blank Produktregistrierung.lnk
ShortcutTarget: Logitech blank Produktregistrierung.lnk -> E:\Program Files (x86)\Logitech\G930\eReg.exe (No File)
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xB045EBE566BBCC01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
BHO: SteadyVideoBHO Class - {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} - C:\Program Files\AMD\SteadyVideo\SteadyVideo.dll (Advanced Micro Devices)
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - F:\Program Files (x86)\bin\ssv.dll (Oracle Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - F:\Program Files (x86)\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: Adobe Reader - {147FEC3F-6DE9-437C-8FC1-6B8A20AA0A72} - C:\Users\R0ff3l\AppData\Roaming\AdobeReader\IE\AdobeReader.dll (Adobe Systems, Incorporated)
BHO-x32: Norton Identity Protection - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton 360\Engine\6.4.1.14\coIEPlg.dll (Symantec Corporation)
BHO-x32: SteadyVideoBHO Class - {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} - C:\Program Files (x86)\amd\SteadyVideo\SteadyVideo.dll (Advanced Micro Devices)
BHO-x32: Norton Vulnerability Protection - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton 360\Engine\6.4.1.14\IPS\IPSBHO.DLL (Symantec Corporation)
BHO-x32: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - D:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine\6.4.1.14\coIEPlg.dll (Symantec Corporation)
Filter: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
Filter: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
Filter-x32: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
Filter-x32: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
FireFox:
========
FF ProfilePath: C:\Users\R0ff3l\AppData\Roaming\Mozilla\Firefox\Profiles\ajaqcp2s.default
FF SelectedSearchEngine: Google
FF NetworkProxy: "ftp", "proxyuk1.stealthy.co"
FF NetworkProxy: "ftp_port", 3128
FF NetworkProxy: "http", "proxyuk1.stealthy.co"
FF NetworkProxy: "http_port", 3128
FF NetworkProxy: "no_proxies_on", "localhost, 127.0.0.1, stealthy.co"
FF NetworkProxy: "share_proxy_settings", true
FF NetworkProxy: "socks", "proxyuk1.stealthy.co"
FF NetworkProxy: "socks_port", 3128
FF NetworkProxy: "ssl", "proxyuk1.stealthy.co"
FF NetworkProxy: "ssl_port", 3128
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_9_900_117.dll ()
FF Plugin: @java.com/DTPlugin,version=10.9.2 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.9.2 - F:\Program Files (x86)\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_117.dll ()
FF Plugin-x32: @esn.me/esnsonar,version=0.70.4 - C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll (ESN Social Software AB)
FF Plugin-x32: @esn/esnlaunch,version=1.118.0 - C:\Program Files (x86)\Battlelog Web Plugins\1.118.0\npesnlaunch.dll No File
FF Plugin-x32: @esn/esnlaunch,version=1.138.0 - C:\Program Files (x86)\Battlelog Web Plugins\1.138.0\npesnlaunch.dll No File
FF Plugin-x32: @esn/esnlaunch,version=2.3.0 - C:\Program Files (x86)\Battlelog Web Plugins\2.3.0\npesnlaunch.dll (ESN Social Software AB)
FF Plugin-x32: @graphisoft.com/GDL Web Plug-in - C:\Program Files (x86)\GRAPHISOFT\GDLWebControl\npGDLMozilla.dll (Graphisoft SE)
FF Plugin-x32: @java.com/DTPlugin,version=10.7.2 - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.7.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @live.heroesandgenerals.com/npretox - F:\Program Files (x86)\Heroes & Generals\live\npretox-1.0.6.1\npretoxlive-1.0.6.1.dll (Reto-Moto ApS)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files (x86)\Microsoft Silverlight\4.0.50401.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @unity3d.com/UnityPlayer,version=1.0 - C:\Users\R0ff3l\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF Plugin HKCU: pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF Plugin HKCU: ubisoft.com/uplaypc - C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll ()
FF Extension: Разпознаване на устройство Logitech - C:\Users\R0ff3l\AppData\Roaming\Mozilla\Firefox\Profiles\ajaqcp2s.default\Extensions\DeviceDetection@logitech.com [2011-12-16]
FF Extension: Websteroids - C:\Users\R0ff3l\AppData\Roaming\Mozilla\Firefox\Profiles\ajaqcp2s.default\Extensions\support@websteroidsapp.com [2014-01-07]
FF Extension: DivX Web Player - C:\Users\R0ff3l\AppData\Roaming\Mozilla\Firefox\Profiles\ajaqcp2s.default\Extensions\DivXWebPlayer@divx.com.xpi [2012-02-10]
FF Extension: DVDVideoSoft YouTube MP3 and Video Download - C:\Users\R0ff3l\AppData\Roaming\Mozilla\Firefox\Profiles\ajaqcp2s.default\Extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}.xpi [2012-11-30]
FF Extension: Adblock Plus - C:\Users\R0ff3l\AppData\Roaming\Mozilla\Firefox\Profiles\ajaqcp2s.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2011-12-18]
FF Extension: Greasemonkey - C:\Users\R0ff3l\AppData\Roaming\Mozilla\Firefox\Profiles\ajaqcp2s.default\Extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}.xpi [2012-10-24]
FF HKLM-x32\...\Firefox\Extensions: [{BBDA0591-3099-440a-AA10-41764D9DB4DB}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.0.145\IPSFF
FF Extension: Norton Vulnerability Protection - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.0.145\IPSFF [2013-10-09]
FF HKLM-x32\...\Firefox\Extensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.0.145\coFFPlgn\
FF Extension: Norton Toolbar - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.0.145\coFFPlgn\ []
FF StartMenuInternet: FIREFOX.EXE - d:\Program Files (x86)\Mozilla Firefox\firefox.exe
==================== Services (Whitelisted) =================
R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [361984 2013-03-28] (Advanced Micro Devices, Inc.)
R2 DokanMounter; C:\Program Files (x86)\Dokan\DokanLibrary\mounter.exe [14848 2011-01-10] ()
R2 EslWireHelper; F:\Program Files\EslWire\service\WireHelperSvc.exe [663056 2013-06-11] ()
S3 Microsoft Office Groove Audit Service; D:\Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe [68464 2007-08-24] (Microsoft Corporation)
R2 N360; C:\Program Files (x86)\Norton 360\Engine\6.4.1.14\ccSvcHst.exe [138272 2012-06-16] (Symantec Corporation)
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76888 2013-11-28] ()
S3 Survarium Update Service; E:\Program Files (x86)\Survarium\game\binaries\x86\survarium_service.exe [77432 2013-12-30] ()
==================== Drivers (Whitelisted) ====================
R1 BHDrvx64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.0.145\Definitions\BASHDefs\20140110.001\BHDrvx64.sys [1526488 2013-12-18] (Symantec Corporation)
R1 ccSet_N360; C:\Windows\system32\drivers\N360x64\0604010.00E\ccSetx64.sys [167072 2012-06-07] (Symantec Corporation)
R2 Dokan; C:\Windows\system32\drivers\dokan.sys [120408 2011-01-10] (Windows (R) Win 7 DDK provider)
R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [484952 2013-12-05] (Symantec Corporation)
R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [137648 2013-11-21] (Symantec Corporation)
R0 ESLWireAC; C:\Windows\System32\drivers\ESLWireACD.sys [170512 2013-07-09] (<Turtle Entertainment>)
R1 IDSVia64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.0.145\Definitions\IPSDefs\20140113.001\IDSvia64.sys [521944 2013-12-12] (Symantec Corporation)
S3 LADF_BakerCOnly; C:\Windows\System32\DRIVERS\ladfBakerCamd64.sys [410184 2011-03-18] (Logitech)
S3 LADF_BakerROnly; C:\Windows\System32\DRIVERS\ladfBakerRamd64.sys [335688 2011-03-18] (Logitech)
R3 NAVENG; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.0.145\Definitions\VirusDefs\20140113.022\ENG64.SYS [126040 2013-12-05] (Symantec Corporation)
R3 NAVEX15; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.0.145\Definitions\VirusDefs\20140113.022\EX64.SYS [2099288 2013-12-05] (Symantec Corporation)
R3 SRTSP; C:\Windows\System32\Drivers\N360x64\0604010.00E\SRTSP64.SYS [737952 2012-07-06] (Symantec Corporation)
R1 SRTSPX; C:\Windows\system32\drivers\N360x64\0604010.00E\SRTSPX64.SYS [37536 2012-07-06] (Symantec Corporation)
R0 SymDS; C:\Windows\System32\drivers\N360x64\0604010.00E\SYMDS64.SYS [451192 2011-08-15] (Symantec Corporation)
R0 SymEFA; C:\Windows\System32\drivers\N360x64\0604010.00E\SYMEFA64.SYS [1129120 2012-05-22] (Symantec Corporation)
R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [175736 2013-02-15] (Symantec Corporation)
R1 SymIM; C:\Windows\System32\DRIVERS\SymIMv.sys [43640 2011-11-23] (Symantec Corporation)
R1 SymIRON; C:\Windows\system32\drivers\N360x64\0604010.00E\Ironx64.SYS [190072 2011-11-16] (Symantec Corporation)
R1 SymNetS; C:\Windows\System32\Drivers\N360x64\0604010.00E\SYMNETS.SYS [405624 2011-11-16] (Symantec Corporation)
S3 ALSysIO; \??\C:\Users\R0ff3l\AppData\Local\Temp\ALSysIO64.sys [x]
S3 cpuz135; \??\C:\Windows\TEMP\cpuz135\cpuz135_x64.sys [x]
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2014-01-14 17:19 - 2014-01-14 17:19 - 00014259 _____ C:\Users\R0ff3l\Desktop\FRST.txt
2014-01-14 15:53 - 2014-01-14 15:53 - 00000000 ____D C:\Program Files (x86)\ESET
2014-01-14 15:44 - 2014-01-14 15:44 - 00000000 ____D C:\AdwCleaner
2014-01-14 15:43 - 2014-01-14 15:43 - 01236282 _____ C:\Users\R0ff3l\Desktop\adwcleaner.exe
2014-01-14 15:33 - 2014-01-14 15:33 - 02075648 _____ (Farbar) C:\Users\R0ff3l\Desktop\FRST64.exe
2014-01-14 15:33 - 2014-01-14 15:33 - 00000000 ____D C:\FRST
2014-01-12 20:28 - 2014-01-12 20:28 - 00000000 ____D C:\ProgramData\Firefly Studios
2014-01-12 20:27 - 2014-01-12 20:27 - 00000945 _____ C:\Users\Public\Desktop\Stronghold Kingdoms.lnk
2014-01-07 10:59 - 2014-01-07 10:59 - 00000000 ____D C:\Users\R0ff3l\AppData\Local\cache
2014-01-07 10:59 - 2014-01-07 10:59 - 00000000 ____D C:\Users\R0ff3l\.android
2014-01-07 10:58 - 2014-01-07 10:58 - 00000000 ____D C:\ProgramData\Websteroids
2014-01-07 10:58 - 2014-01-07 10:58 - 00000000 ____D C:\ProgramData\Updater
2014-01-07 10:58 - 2014-01-07 10:58 - 00000000 _____ C:\Users\R0ff3l\daemonprocess.txt
2014-01-06 12:18 - 2014-01-14 16:26 - 00000000 ____D C:\Users\R0ff3l\Desktop\Mathe Brücken
2013-12-31 13:23 - 2013-12-31 13:24 - 00000000 ____D C:\Users\R0ff3l\Documents\survarium
2013-12-31 12:07 - 2013-12-31 12:07 - 00000929 _____ C:\Users\Public\Desktop\Survarium.lnk
2013-12-19 19:27 - 2014-01-14 13:21 - 00000000 ____D C:\Users\R0ff3l\AppData\Local\DayZ
2013-12-19 19:27 - 2013-12-19 19:27 - 00000000 ____D C:\Users\R0ff3l\Documents\DayZ
2013-12-19 15:10 - 2013-12-19 15:10 - 00000000 ____D C:\Users\R0ff3l\AppData\Roaming\Firefly Studios
2013-12-19 15:10 - 2013-12-19 15:10 - 00000000 ____D C:\Users\R0ff3l\AppData\Local\Geckofx
2013-12-19 15:09 - 2013-12-19 15:09 - 00000000 ____D C:\Users\R0ff3l\Documents\Stronghold Kingdoms
==================== One Month Modified Files and Folders =======
2014-01-14 17:20 - 2014-01-14 17:19 - 00014259 _____ C:\Users\R0ff3l\Desktop\FRST.txt
2014-01-14 16:26 - 2014-01-06 12:18 - 00000000 ____D C:\Users\R0ff3l\Desktop\Mathe Brücken
2014-01-14 15:53 - 2014-01-14 15:53 - 00000000 ____D C:\Program Files (x86)\ESET
2014-01-14 15:52 - 2009-07-14 05:45 - 00022592 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-01-14 15:52 - 2009-07-14 05:45 - 00022592 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-01-14 15:49 - 2009-07-14 18:58 - 00700278 _____ C:\Windows\system32\perfh007.dat
2014-01-14 15:49 - 2009-07-14 18:58 - 00149074 _____ C:\Windows\system32\perfc007.dat
2014-01-14 15:49 - 2009-07-14 06:13 - 01621688 _____ C:\Windows\system32\PerfStringBackup.INI
2014-01-14 15:48 - 2011-12-15 17:06 - 01176685 _____ C:\Windows\WindowsUpdate.log
2014-01-14 15:45 - 2013-10-20 00:00 - 00014678 _____ C:\Windows\setupact.log
2014-01-14 15:45 - 2009-07-14 06:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2014-01-14 15:44 - 2014-01-14 15:44 - 00000000 ____D C:\AdwCleaner
2014-01-14 15:43 - 2014-01-14 15:43 - 01236282 _____ C:\Users\R0ff3l\Desktop\adwcleaner.exe
2014-01-14 15:33 - 2014-01-14 15:33 - 02075648 _____ (Farbar) C:\Users\R0ff3l\Desktop\FRST64.exe
2014-01-14 15:33 - 2014-01-14 15:33 - 00000000 ____D C:\FRST
2014-01-14 13:21 - 2013-12-19 19:27 - 00000000 ____D C:\Users\R0ff3l\AppData\Local\DayZ
2014-01-14 06:40 - 2011-12-16 16:32 - 00166090 _____ C:\Windows\PFRO.log
2014-01-13 19:09 - 2011-12-15 21:30 - 00000000 ____D C:\Users\R0ff3l\AppData\Roaming\vlc
2014-01-13 16:24 - 2011-12-15 21:30 - 00000000 ____D C:\Users\R0ff3l\AppData\Local\CrashDumps
2014-01-12 20:28 - 2014-01-12 20:28 - 00000000 ____D C:\ProgramData\Firefly Studios
2014-01-12 20:27 - 2014-01-12 20:27 - 00000945 _____ C:\Users\Public\Desktop\Stronghold Kingdoms.lnk
2014-01-09 08:18 - 2009-07-14 06:08 - 00032640 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2014-01-07 17:59 - 2012-01-09 09:19 - 00000000 ____D C:\ProgramData\AAV
2014-01-07 10:59 - 2014-01-07 10:59 - 00000000 ____D C:\Users\R0ff3l\AppData\Local\cache
2014-01-07 10:59 - 2014-01-07 10:59 - 00000000 ____D C:\Users\R0ff3l\.android
2014-01-07 10:59 - 2011-12-15 17:06 - 00000000 ____D C:\Users\R0ff3l
2014-01-07 10:58 - 2014-01-07 10:58 - 00000000 ____D C:\ProgramData\Websteroids
2014-01-07 10:58 - 2014-01-07 10:58 - 00000000 ____D C:\ProgramData\Updater
2014-01-07 10:58 - 2014-01-07 10:58 - 00000000 _____ C:\Users\R0ff3l\daemonprocess.txt
2014-01-02 21:46 - 2013-06-03 07:21 - 00280792 _____ C:\Windows\SysWOW64\PnkBstrB.exe
2014-01-02 21:46 - 2011-12-17 17:54 - 00280792 _____ C:\Windows\SysWOW64\PnkBstrB.xtr
2014-01-02 20:43 - 2011-12-16 18:48 - 00280792 _____ C:\Windows\SysWOW64\PnkBstrB.ex0
2013-12-31 13:24 - 2013-12-31 13:23 - 00000000 ____D C:\Users\R0ff3l\Documents\survarium
2013-12-31 12:07 - 2013-12-31 12:07 - 00000929 _____ C:\Users\Public\Desktop\Survarium.lnk
2013-12-31 12:07 - 2012-08-29 11:21 - 00000000 ____D C:\Windows\SysWOW64\directx
2013-12-30 14:54 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\rescache
2013-12-28 10:43 - 2012-02-29 14:45 - 00000000 ____D C:\Users\R0ff3l\Documents\My Games
2013-12-19 19:27 - 2013-12-19 19:27 - 00000000 ____D C:\Users\R0ff3l\Documents\DayZ
2013-12-19 15:10 - 2013-12-19 15:10 - 00000000 ____D C:\Users\R0ff3l\AppData\Roaming\Firefly Studios
2013-12-19 15:10 - 2013-12-19 15:10 - 00000000 ____D C:\Users\R0ff3l\AppData\Local\Geckofx
2013-12-19 15:09 - 2013-12-19 15:09 - 00000000 ____D C:\Users\R0ff3l\Documents\Stronghold Kingdoms
Some content of TEMP:
====================
C:\Users\R0ff3l\AppData\Local\Temp\MSN11E4.exe
C:\Users\R0ff3l\AppData\Local\Temp\Quarantine.exe
C:\Users\R0ff3l\AppData\Local\Temp\rootsupd.exe
==================== Bamital & volsnap Check =================
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
LastRegBack: 2013-12-30 14:47
==================== End Of Log ============================
Geändert von r0ff3l (14.01.2014 um 17:24 Uhr) |
| Themen zu Firefox, doppelt unterstrichene, grüne Textstellen, bei Mauszeigerkontakt Pop-up Werbung |
| adblock, doppel, doppelt, einzelne, erscheine, erscheinen, firefox, grüne, konnte, launch, maus, normale, normalen, norton, norton 360, pop-up, pop-up-fenster, pup.optional.dynconie.a, pup.optional.searchdonkey.a, pup.optional.websteroids.a, stelle, webseite, webseiten, werbun, werbung, worte |
Baum-Darstellung