Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung

Log-Analyse und Auswertung: Windows 7(32Bit): CPU Auslastung hoch/möglicher Virenbefall

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML

Antwort
Alt 16.05.2014, 00:05   #1
JanR91
 
Windows 7(32Bit): CPU Auslastung hoch/möglicher Virenbefall - Standard

Windows 7(32Bit): CPU Auslastung hoch/möglicher Virenbefall



Hallo Trojaner-Board,

seit einigen Tagen habe ich das Problem, das mein Laptop eine relativ hohe CPU-Auslastung hat.
Möglicherweise habe ich mir durch Surfen im Internet einen oder mehrere Viren/Trojaner eingefangen. Ich hoffe Sie können mir helfen.

Hier der Defogger logfile:
Code:
ATTFilter
defogger_disable by jpshortstuff (23.02.10.1)
Log created at 00:29 on 16/05/2014 (Jan)

Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.

Checking for services/drivers...


-=E.O.F=-
         
Hier der FRST logfile:

FRST Logfile:

FRST Logfile:

FRST Logfile:

FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:15-05-2014
Ran by Jan (administrator) on JAN-PC on 16-05-2014 00:30:43
Running from C:\Users\Jan\Downloads
Platform: Microsoft Windows 7 Ultimate  Service Pack 1 (X86) OS Language: German Standard
Internet Explorer Version 11
Boot Mode: Normal


==================== Processes (Whitelisted) =================

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Update Core\NvBackend.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe
() C:\Windows\Microsoft\SystemUpdatekb70007\WindowsUpdater.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Microsoft Corporation) C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(The Privoxy team - www.privoxy.org) C:\Program Files\MSR\Privoxy\privoxy.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE
(Microsoft Corporation) C:\Windows\System32\wuauclt.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\plugin-container.exe
(Adobe Systems, Inc.) C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe
(Adobe Systems, Inc.) C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [Nvtmru] => C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe [1028384 2013-11-14] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\nvspcap.dll [982232 2013-12-10] (NVIDIA Corporation)
HKLM\...\Run: [NvBackend] => C:\Program Files\NVIDIA Corporation\Update Core\NvBackend.exe [2279712 2013-12-10] (NVIDIA Corporation)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-12-21] (Adobe Systems Incorporated)
HKU\.DEFAULT\...\RunOnce: [SPReview] - C:\Windows\System32\SPReview\SPReview.exe [280576 2013-12-09] (Microsoft Corporation)
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION

==================== Internet (Whitelisted) ====================

ProxyEnable: Internet Explorer proxy is enabled.
ProxyServer: http=127.0.0.1:8118;https=127.0.0.1:8118
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
StartMenuInternet: IEXPLORE.EXE - iexplore.exe
SearchScopes: HKLM - DefaultScope value is missing.
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1

FireFox:
========
FF ProfilePath: C:\Users\Jan\AppData\Roaming\Mozilla\Firefox\Profiles\dcuyuvrt.default
FF Homepage: google.de
FF NetworkProxy: "http", "127.0.0.1"
FF NetworkProxy: "http_port", 8118
FF NetworkProxy: "ssl", "127.0.0.1"
FF NetworkProxy: "ssl_port", 8118
FF NetworkProxy: "type", 1
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_13_0_0_214.dll ()
FF Plugin: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~1\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin: @nvidia.com/3DVision - C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin: @nvidia.com/3DVisionStreaming - C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF HKCU\...\Firefox\Extensions: [{B9CAB6E3-383E-2705-9275-E9FFFCD2C970}] - C:\Program Files\BlockAndSurf-soft\161.xpi

========================== Services (Whitelisted) =================

S3 BEService; C:\Program Files\Common Files\BattlEye\BEService.exe [49152 2013-12-06] ()
S2 MBAMScheduler; G:\Jans Stuff\ Malwarebytes Anti-Malware \mbamscheduler.exe [1809720 2014-04-03] (Malwarebytes Corporation)
S2 MBAMService; G:\Jans Stuff\ Malwarebytes Anti-Malware \mbamservice.exe [857912 2014-04-03] (Malwarebytes Corporation)
R2 NvNetworkService; C:\Program Files\NVIDIA Corporation\NetService\NvNetworkService.exe [1494304 2013-12-10] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [14658848 2013-12-10] (NVIDIA Corporation)
R2 SystemUpdatekb70007; C:\Windows\Microsoft\SystemUpdatekb70007\WindowsUpdater.exe [18944 2014-05-08] ()

==================== Drivers (Whitelisted) ====================

R3 EuMusDesignVirtualAudioCableWdm; C:\Windows\System32\DRIVERS\vrtaucbl.sys [50728 2014-04-11] (Eugene V. Muzychenko)
S3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [23256 2014-04-03] (Malwarebytes Corporation)
R3 MTsensor; C:\Windows\System32\DRIVERS\ATKACPI.sys [7680 2007-07-31] (ATK0100)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad32v.sys [34080 2013-12-05] (NVIDIA Corporation)
R3 Sftfs; C:\Windows\System32\DRIVERS\Sftfswin7.sys [581480 2011-10-01] (Microsoft Corporation)
R3 Sftplay; C:\Windows\System32\DRIVERS\Sftplaywin7.sys [194408 2011-10-01] (Microsoft Corporation)
R3 Sftredir; C:\Windows\System32\DRIVERS\Sftredirwin7.sys [21864 2011-10-01] (Microsoft Corporation)
R3 Sftvol; C:\Windows\System32\DRIVERS\Sftvolwin7.sys [19304 2011-10-01] (Microsoft Corporation)
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X]
S3 tsusbhub; system32\drivers\tsusbhub.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
U5 VWiFiFlt; C:\Windows\System32\Drivers\VWiFiFlt.sys [48128 2009-07-14] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-05-16 00:30 - 2014-05-16 00:30 - 00007012 _____ () C:\Users\Jan\Downloads\FRST.txt
2014-05-16 00:30 - 2014-05-16 00:30 - 00000000 ____D () C:\FRST
2014-05-16 00:29 - 2014-05-16 00:29 - 00000468 _____ () C:\Users\Jan\Downloads\defogger_disable.log
2014-05-16 00:29 - 2014-05-16 00:29 - 00000000 _____ () C:\Users\Jan\defogger_reenable
2014-05-16 00:27 - 2014-05-16 00:27 - 01056768 _____ (Farbar) C:\Users\Jan\Downloads\FRST.exe
2014-05-16 00:27 - 2014-05-16 00:27 - 00380416 _____ () C:\Users\Jan\Downloads\Gmer-19357.exe
2014-05-16 00:26 - 2014-05-16 00:26 - 00050477 _____ () C:\Users\Jan\Downloads\Defogger.exe
2014-05-15 14:21 - 2014-05-15 14:21 - 00000498 _____ () C:\DelFix.txt
2014-05-15 13:59 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\Windows\system32\sqlite3.dll
2014-05-15 13:55 - 2014-05-15 13:55 - 00000079 _____ () C:\Windows\wininit.ini
2014-05-15 13:40 - 2014-05-15 13:40 - 00000000 ____D () C:\Users\Jan\Documents\ProcAlyzer Dumps
2014-05-15 01:36 - 2014-05-06 05:25 - 17382912 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-05-15 01:36 - 2014-05-06 05:07 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-05-15 01:36 - 2014-05-06 04:10 - 00069632 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-05-14 20:04 - 2014-05-14 20:04 - 00000199 _____ () C:\Users\Jan\Desktop\Counter-Strike Global Offensive.url
2014-05-14 19:34 - 2014-05-14 19:34 - 00001117 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2014-05-14 19:34 - 2014-05-14 19:34 - 00001105 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2014-05-14 19:34 - 2014-05-14 19:34 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2014-05-14 12:19 - 2014-05-14 12:19 - 00000000 ____D () C:\Users\Jan\AppData\Roaming\LavasoftStatistics
2014-05-14 11:11 - 2014-05-15 14:02 - 00000000 ____D () C:\Program Files\Spybot - Search & Destroy 2
2014-05-14 11:11 - 2014-05-15 13:55 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2014-05-14 11:10 - 2014-05-15 17:20 - 00107736 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-05-14 11:08 - 2014-05-15 13:43 - 00000000 ____D () C:\Program Files\Lavasoft
2014-05-14 11:06 - 2014-05-14 11:06 - 00000744 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-05-14 11:06 - 2014-05-14 11:06 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-05-14 11:06 - 2014-04-03 09:51 - 00073432 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-05-14 11:06 - 2014-04-03 09:51 - 00051416 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-05-14 11:06 - 2014-04-03 09:50 - 00023256 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-05-14 11:04 - 2014-05-14 11:04 - 46392680 _____ (Safer-Networking Ltd. ) C:\Users\Jan\Downloads\spybot-2.3.exe
2014-05-14 11:03 - 2014-05-14 11:03 - 17305616 _____ (Malwarebytes Corporation ) C:\Users\Jan\Downloads\mbam-setup-2.0.1.1004.exe
2014-05-14 11:03 - 2014-05-14 11:03 - 01727624 _____ () C:\Users\Jan\Downloads\Adaware_Installer_11153540.exe
2014-05-14 11:03 - 2014-05-14 11:03 - 00000000 ____D () C:\ProgramData\Lavasoft
2014-05-14 09:26 - 2014-05-09 09:06 - 00369664 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-05-14 09:26 - 2014-05-09 09:04 - 00302592 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-05-14 09:26 - 2014-04-12 04:15 - 00136640 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2014-05-14 09:26 - 2014-04-12 04:15 - 00067520 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2014-05-14 09:26 - 2014-04-12 04:12 - 00100352 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2014-05-14 09:26 - 2014-04-12 04:12 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2014-05-14 09:26 - 2014-04-12 04:12 - 00015872 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2014-05-14 09:26 - 2014-04-12 04:11 - 01059840 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-05-14 09:26 - 2014-04-12 04:11 - 00022528 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2014-05-14 09:26 - 2014-03-25 04:09 - 12874240 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2014-05-14 09:26 - 2014-03-04 11:20 - 03969984 _____ (Microsoft Corporation) C:\Windows\system32\ntkrnlpa.exe
2014-05-14 09:26 - 2014-03-04 11:20 - 03914176 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2014-05-14 09:26 - 2014-03-04 11:17 - 00550912 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-05-14 09:26 - 2014-03-04 11:17 - 00538112 _____ (Microsoft Corporation) C:\Windows\system32\objsel.dll
2014-05-14 09:26 - 2014-03-04 11:17 - 00304128 _____ (Microsoft Corporation) C:\Windows\system32\winlogon.exe
2014-05-14 09:26 - 2014-03-04 11:17 - 00293376 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2014-05-14 09:26 - 2014-03-04 11:17 - 00259584 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2014-05-14 09:26 - 2014-03-04 11:17 - 00247808 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2014-05-14 09:26 - 2014-03-04 11:17 - 00172032 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2014-05-14 09:26 - 2014-03-04 11:17 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2014-05-14 09:26 - 2014-03-04 11:17 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\cngprovider.dll
2014-05-14 09:26 - 2014-03-04 11:17 - 00049664 _____ (Microsoft Corporation) C:\Windows\system32\adprovider.dll
2014-05-14 09:26 - 2014-03-04 11:17 - 00048128 _____ (Microsoft Corporation) C:\Windows\system32\capiprovider.dll
2014-05-14 09:26 - 2014-03-04 11:17 - 00047616 _____ (Microsoft Corporation) C:\Windows\system32\dpapiprovider.dll
2014-05-14 09:26 - 2014-03-04 11:17 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\dimsroam.dll
2014-05-14 09:26 - 2014-03-04 11:17 - 00035328 _____ (Microsoft Corporation) C:\Windows\system32\wincredprovider.dll
2014-05-14 09:26 - 2014-03-04 11:17 - 00017408 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2014-05-13 22:55 - 2014-05-13 22:55 - 00000000 __SHD () C:\Users\Jan\AppData\Local\EmieUserList
2014-05-13 22:55 - 2014-05-13 22:55 - 00000000 __SHD () C:\Users\Jan\AppData\Local\EmieSiteList
2014-05-13 22:53 - 2014-05-13 22:53 - 00000000 ____D () C:\Program Files\MSR
2014-05-13 22:52 - 2014-05-13 22:52 - 00000512 __RSH () C:\ProgramData\ntuser.pol
2014-05-13 22:52 - 2014-05-13 22:52 - 00000000 ____D () C:\Users\Jan\AppData\Roaming\wi_upd
2014-05-13 22:52 - 2014-05-13 22:52 - 00000000 ____D () C:\Users\Jan\AppData\Roaming\InetStat
2014-05-13 22:52 - 2014-05-13 22:52 - 00000000 ____D () C:\Users\Jan\AppData\Roaming\GetPrivate
2014-05-13 22:51 - 2014-05-13 22:51 - 02271256 _____ () C:\Users\Jan\Downloads\Garrys.Mod.v13.06.20-v13.07.05.Update.exe
2014-05-13 22:37 - 2014-05-13 22:37 - 00222184 _____ (Deposit Files) C:\Users\Jan\Downloads\dfdownloader_xMdXQR_.exe
2014-05-13 22:19 - 2014-05-13 22:39 - 1015875267 _____ () C:\Users\Jan\Downloads\CSS_2013_patch_1909615_nosTEAM.exe
2014-05-13 21:19 - 2014-05-13 21:19 - 00222184 _____ (Deposit Files) C:\Users\Jan\Downloads\dfdownloader_luc4Mu_.exe
2014-05-13 21:07 - 2014-05-14 12:24 - 00000000 ____D () C:\Users\Jan\AppData\Roaming\uTorrent
2014-05-13 21:06 - 2014-05-13 21:06 - 01670992 _____ (BitTorrent Inc.) C:\Users\Jan\Downloads\uTorrent_3.4.1_31139.exe
2014-05-13 21:00 - 2014-05-13 21:00 - 00222184 _____ (Deposit Files) C:\Users\Jan\Downloads\dfdownloader_sbRdYx_.exe
2014-05-12 22:50 - 2014-05-12 22:50 - 00000000 ____D () C:\ProgramData\ItsMyApp
2014-05-12 22:49 - 2014-05-14 12:25 - 00000000 ____D () C:\ProgramData\18be15233c43999c
2014-05-12 22:49 - 2014-05-12 22:49 - 00000000 ____D () C:\Users\Jan\AppData\Local\Google
2014-05-12 22:49 - 2014-05-12 22:49 - 00000000 ____D () C:\Users\Jan\AppData\Local\Comodo
2014-05-12 22:49 - 2014-05-12 22:49 - 00000000 ____D () C:\Users\Jan\AppData\Local\Chromatic Browser
2014-05-12 22:49 - 2014-05-12 22:49 - 00000000 ____D () C:\Users\Gast\AppData\Local\Google
2014-05-12 22:49 - 2014-05-12 22:49 - 00000000 ____D () C:\Users\Gast\AppData\Local\Comodo
2014-05-12 22:49 - 2014-05-12 22:49 - 00000000 ____D () C:\Users\Gast\AppData\Local\Chromatic Browser
2014-05-12 22:49 - 2014-05-12 22:49 - 00000000 ____D () C:\Users\Gast
2014-05-12 22:49 - 2014-05-12 22:49 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Google
2014-05-12 22:49 - 2014-05-12 22:49 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Comodo
2014-05-12 22:49 - 2014-05-12 22:49 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Chromatic Browser
2014-05-12 22:49 - 2014-05-12 22:49 - 00000000 ____D () C:\Users\Administrator
2014-05-12 22:48 - 2014-05-12 22:55 - 00000000 ____D () C:\ProgramData\InstallMate
2014-05-12 22:38 - 2014-02-12 22:26 - 00000426 _____ () C:\AVScanner.ini
2014-05-12 22:10 - 2014-05-13 22:46 - 00000000 ____D () C:\Users\Jan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games
2014-05-12 22:07 - 2014-05-12 22:07 - 00000000 ____D () C:\Users\Jan\Documents\230828-672014-dungeon-keeper-2.rar
2014-05-10 17:56 - 2014-05-14 19:34 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-05-06 17:34 - 2014-05-15 13:10 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-05-02 21:03 - 2014-05-02 21:03 - 03441423 _____ () C:\Users\Jan\Downloads\Instalok - Pick Anyone (Jason Derulo -
2014-04-29 18:12 - 2014-03-06 10:31 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-04-29 18:12 - 2014-03-06 10:02 - 00455168 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-04-29 18:12 - 2014-03-06 10:02 - 00061952 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-04-29 18:12 - 2014-03-06 10:01 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-04-29 18:12 - 2014-03-06 09:47 - 02178048 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-04-29 18:12 - 2014-03-06 09:46 - 04254720 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-04-29 18:12 - 2014-03-06 09:46 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-04-29 18:12 - 2014-03-06 09:45 - 00032768 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-04-29 18:12 - 2014-03-06 09:40 - 00440832 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-04-29 18:12 - 2014-03-06 09:38 - 00112128 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-04-29 18:12 - 2014-03-06 09:38 - 00108032 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-04-29 18:12 - 2014-03-06 09:36 - 00592896 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-04-29 18:12 - 2014-03-06 09:28 - 00646144 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-04-29 18:12 - 2014-03-06 09:22 - 00367616 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-04-29 18:12 - 2014-03-06 09:18 - 00575488 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-04-29 18:12 - 2014-03-06 09:13 - 00032256 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-04-29 18:12 - 2014-03-06 09:07 - 00164864 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-04-29 18:12 - 2014-03-06 09:01 - 00244224 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-04-29 18:12 - 2014-03-06 08:46 - 00524288 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-04-29 18:12 - 2014-03-06 08:40 - 01967104 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-04-29 18:12 - 2014-03-06 08:36 - 11745792 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-04-29 18:12 - 2014-03-06 07:43 - 00704512 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-04-29 18:12 - 2014-03-06 07:41 - 01789440 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-04-29 18:12 - 2014-03-06 07:36 - 01143808 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-04-26 13:05 - 2014-05-14 12:24 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2014-04-26 13:05 - 2014-04-26 13:05 - 00001993 _____ () C:\Users\Public\Desktop\Adobe Reader XI.lnk
2014-04-26 13:04 - 2014-04-26 13:07 - 00000000 ____D () C:\ProgramData\Adobe
2014-04-26 13:04 - 2014-04-26 13:04 - 00000000 ____D () C:\Program Files\Common Files\Adobe
2014-04-26 13:04 - 2014-04-26 13:04 - 00000000 ____D () C:\Program Files\Adobe
2014-04-18 23:28 - 2014-04-18 23:28 - 04440764 _____ () C:\Users\Jan\Downloads\Pinkzebra

==================== One Month Modified Files and Folders =======

2014-05-16 00:30 - 2014-05-16 00:30 - 00007012 _____ () C:\Users\Jan\Downloads\FRST.txt
2014-05-16 00:30 - 2014-05-16 00:30 - 00000000 ____D () C:\FRST
2014-05-16 00:29 - 2014-05-16 00:29 - 00000468 _____ () C:\Users\Jan\Downloads\defogger_disable.log
2014-05-16 00:29 - 2014-05-16 00:29 - 00000000 _____ () C:\Users\Jan\defogger_reenable
2014-05-16 00:29 - 2013-12-06 19:26 - 00000000 ____D () C:\Users\Jan
2014-05-16 00:27 - 2014-05-16 00:27 - 01056768 _____ (Farbar) C:\Users\Jan\Downloads\FRST.exe
2014-05-16 00:27 - 2014-05-16 00:27 - 00380416 _____ () C:\Users\Jan\Downloads\Gmer-19357.exe
2014-05-16 00:26 - 2014-05-16 00:26 - 00050477 _____ () C:\Users\Jan\Downloads\Defogger.exe
2014-05-16 00:11 - 2013-12-13 16:17 - 00000000 ____D () C:\Users\Jan\AppData\Roaming\TS3Client
2014-05-16 00:08 - 2013-12-06 22:22 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-05-15 21:54 - 2013-12-06 18:47 - 01226295 _____ () C:\Windows\WindowsUpdate.log
2014-05-15 17:20 - 2014-05-14 11:10 - 00107736 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-05-15 14:25 - 2009-07-14 06:34 - 00014016 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-05-15 14:25 - 2009-07-14 06:34 - 00014016 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-05-15 14:23 - 2013-12-06 19:08 - 01622164 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-05-15 14:21 - 2014-05-15 14:21 - 00000498 _____ () C:\DelFix.txt
2014-05-15 14:17 - 2013-12-09 17:20 - 00151656 _____ () C:\Windows\PFRO.log
2014-05-15 14:17 - 2013-12-06 20:15 - 00000000 ____D () C:\ProgramData\NVIDIA
2014-05-15 14:17 - 2009-07-14 06:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-05-15 14:17 - 2009-07-14 06:39 - 00058974 _____ () C:\Windows\setupact.log
2014-05-15 14:02 - 2014-05-14 11:11 - 00000000 ____D () C:\Program Files\Spybot - Search & Destroy 2
2014-05-15 14:00 - 2013-12-06 19:27 - 00001144 _____ () C:\Users\Jan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-05-15 13:55 - 2014-05-15 13:55 - 00000079 _____ () C:\Windows\wininit.ini
2014-05-15 13:55 - 2014-05-14 11:11 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2014-05-15 13:43 - 2014-05-14 11:08 - 00000000 ____D () C:\Program Files\Lavasoft
2014-05-15 13:40 - 2014-05-15 13:40 - 00000000 ____D () C:\Users\Jan\Documents\ProcAlyzer Dumps
2014-05-15 13:25 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\Microsoft.NET
2014-05-15 13:10 - 2014-05-06 17:34 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-05-15 13:10 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\system32\de-DE
2014-05-14 20:04 - 2014-05-14 20:04 - 00000199 _____ () C:\Users\Jan\Desktop\Counter-Strike Global Offensive.url
2014-05-14 19:35 - 2013-12-06 19:36 - 00000000 ____D () C:\Users\Jan\AppData\Roaming\Mozilla
2014-05-14 19:34 - 2014-05-14 19:34 - 00001117 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2014-05-14 19:34 - 2014-05-14 19:34 - 00001105 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2014-05-14 19:34 - 2014-05-14 19:34 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2014-05-14 19:34 - 2014-05-10 17:56 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-05-14 12:25 - 2014-05-12 22:49 - 00000000 ____D () C:\ProgramData\18be15233c43999c
2014-05-14 12:24 - 2014-05-13 21:07 - 00000000 ____D () C:\Users\Jan\AppData\Roaming\uTorrent
2014-05-14 12:24 - 2014-04-26 13:05 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2014-05-14 12:19 - 2014-05-14 12:19 - 00000000 ____D () C:\Users\Jan\AppData\Roaming\LavasoftStatistics
2014-05-14 11:06 - 2014-05-14 11:06 - 00000744 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-05-14 11:06 - 2014-05-14 11:06 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-05-14 11:04 - 2014-05-14 11:04 - 46392680 _____ (Safer-Networking Ltd. ) C:\Users\Jan\Downloads\spybot-2.3.exe
2014-05-14 11:03 - 2014-05-14 11:03 - 17305616 _____ (Malwarebytes Corporation ) C:\Users\Jan\Downloads\mbam-setup-2.0.1.1004.exe
2014-05-14 11:03 - 2014-05-14 11:03 - 01727624 _____ () C:\Users\Jan\Downloads\Adaware_Installer_11153540.exe
2014-05-14 11:03 - 2014-05-14 11:03 - 00000000 ____D () C:\ProgramData\Lavasoft
2014-05-13 22:55 - 2014-05-13 22:55 - 00000000 __SHD () C:\Users\Jan\AppData\Local\EmieUserList
2014-05-13 22:55 - 2014-05-13 22:55 - 00000000 __SHD () C:\Users\Jan\AppData\Local\EmieSiteList
2014-05-13 22:53 - 2014-05-13 22:53 - 00000000 ____D () C:\Program Files\MSR
2014-05-13 22:52 - 2014-05-13 22:52 - 00000512 __RSH () C:\ProgramData\ntuser.pol
2014-05-13 22:52 - 2014-05-13 22:52 - 00000000 ____D () C:\Users\Jan\AppData\Roaming\wi_upd
2014-05-13 22:52 - 2014-05-13 22:52 - 00000000 ____D () C:\Users\Jan\AppData\Roaming\InetStat
2014-05-13 22:52 - 2014-05-13 22:52 - 00000000 ____D () C:\Users\Jan\AppData\Roaming\GetPrivate
2014-05-13 22:52 - 2009-07-14 04:37 - 00000000 ___HD () C:\Windows\system32\GroupPolicy
2014-05-13 22:51 - 2014-05-13 22:51 - 02271256 _____ () C:\Users\Jan\Downloads\Garrys.Mod.v13.06.20-v13.07.05.Update.exe
2014-05-13 22:46 - 2014-05-12 22:10 - 00000000 ____D () C:\Users\Jan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games
2014-05-13 22:39 - 2014-05-13 22:19 - 1015875267 _____ () C:\Users\Jan\Downloads\CSS_2013_patch_1909615_nosTEAM.exe
2014-05-13 22:37 - 2014-05-13 22:37 - 00222184 _____ (Deposit Files) C:\Users\Jan\Downloads\dfdownloader_xMdXQR_.exe
2014-05-13 21:19 - 2014-05-13 21:19 - 00222184 _____ (Deposit Files) C:\Users\Jan\Downloads\dfdownloader_luc4Mu_.exe
2014-05-13 21:08 - 2013-12-06 22:22 - 00692400 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2014-05-13 21:08 - 2013-12-06 22:22 - 00070832 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2014-05-13 21:06 - 2014-05-13 21:06 - 01670992 _____ (BitTorrent Inc.) C:\Users\Jan\Downloads\uTorrent_3.4.1_31139.exe
2014-05-13 21:00 - 2014-05-13 21:00 - 00222184 _____ (Deposit Files) C:\Users\Jan\Downloads\dfdownloader_sbRdYx_.exe
2014-05-12 23:14 - 2013-12-06 19:31 - 00000000 ____D () C:\Program Files\Common Files\Steam
2014-05-12 22:55 - 2014-05-12 22:48 - 00000000 ____D () C:\ProgramData\InstallMate
2014-05-12 22:50 - 2014-05-12 22:50 - 00000000 ____D () C:\ProgramData\ItsMyApp
2014-05-12 22:49 - 2014-05-12 22:49 - 00000000 ____D () C:\Users\Jan\AppData\Local\Google
2014-05-12 22:49 - 2014-05-12 22:49 - 00000000 ____D () C:\Users\Jan\AppData\Local\Comodo
2014-05-12 22:49 - 2014-05-12 22:49 - 00000000 ____D () C:\Users\Jan\AppData\Local\Chromatic Browser
2014-05-12 22:49 - 2014-05-12 22:49 - 00000000 ____D () C:\Users\Gast\AppData\Local\Google
2014-05-12 22:49 - 2014-05-12 22:49 - 00000000 ____D () C:\Users\Gast\AppData\Local\Comodo
2014-05-12 22:49 - 2014-05-12 22:49 - 00000000 ____D () C:\Users\Gast\AppData\Local\Chromatic Browser
2014-05-12 22:49 - 2014-05-12 22:49 - 00000000 ____D () C:\Users\Gast
2014-05-12 22:49 - 2014-05-12 22:49 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Google
2014-05-12 22:49 - 2014-05-12 22:49 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Comodo
2014-05-12 22:49 - 2014-05-12 22:49 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Chromatic Browser
2014-05-12 22:49 - 2014-05-12 22:49 - 00000000 ____D () C:\Users\Administrator
2014-05-12 22:20 - 2013-12-06 19:27 - 00000000 ____D () C:\Users\Jan\AppData\Local\VirtualStore
2014-05-12 22:07 - 2014-05-12 22:07 - 00000000 ____D () C:\Users\Jan\Documents\230828-672014-dungeon-keeper-2.rar
2014-05-09 09:06 - 2014-05-14 09:26 - 00369664 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-05-09 09:04 - 2014-05-14 09:26 - 00302592 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-05-08 16:12 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\rescache
2014-05-06 05:25 - 2014-05-15 01:36 - 17382912 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-05-06 05:07 - 2014-05-15 01:36 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-05-06 04:10 - 2014-05-15 01:36 - 00069632 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-05-02 21:03 - 2014-05-02 21:03 - 03441423 _____ () C:\Users\Jan\Downloads\Instalok - Pick Anyone (Jason Derulo -
2014-04-26 13:07 - 2014-04-26 13:04 - 00000000 ____D () C:\ProgramData\Adobe
2014-04-26 13:06 - 2013-12-06 22:21 - 00000000 ____D () C:\Users\Jan\AppData\Local\Adobe
2014-04-26 13:06 - 2013-12-06 20:53 - 00000000 ____D () C:\Users\Jan\AppData\Roaming\Adobe
2014-04-26 13:05 - 2014-04-26 13:05 - 00001993 _____ () C:\Users\Public\Desktop\Adobe Reader XI.lnk
2014-04-26 13:04 - 2014-04-26 13:04 - 00000000 ____D () C:\Program Files\Common Files\Adobe
2014-04-26 13:04 - 2014-04-26 13:04 - 00000000 ____D () C:\Program Files\Adobe
2014-04-18 23:28 - 2014-04-18 23:28 - 04440764 _____ () C:\Users\Jan\Downloads\Pinkzebra

Some content of TEMP:
====================
C:\Users\Jan\AppData\Local\Temp\Quarantine.exe


==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\system32\winlogon.exe
[2014-05-14 09:26] - [2014-03-04 11:17] - 0304128 ____A (Microsoft Corporation) 998507B046BA314CE8245364C686FA67

C:\Windows\system32\wininit.exe => MD5 is legit
C:\Windows\system32\svchost.exe => MD5 is legit
C:\Windows\system32\services.exe => MD5 is legit
C:\Windows\system32\User32.dll => MD5 is legit
C:\Windows\system32\userinit.exe => MD5 is legit
C:\Windows\system32\rpcss.dll => MD5 is legit
C:\Windows\system32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2014-05-09 11:39

==================== End Of Log ============================
         
--- --- ---

--- --- ---

--- --- ---

--- --- ---
Hier der Addition logfile:
Code:
ATTFilter
Additional scan result of Farbar Recovery Scan Tool (x86) Version:15-05-2014
Ran by Jan at 2014-05-16 00:31:15
Running from C:\Users\Jan\Downloads
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

Adobe Flash Player 13 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 13.0.0.214 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.07) - Deutsch (HKLM\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.07 - Adobe Systems Incorporated)
Age of Empires II: HD Edition (HKLM\...\Steam App 221380) (Version:  - Hidden Path Entertainment, Ensemble Studios)
Battle.net (HKLM\...\Battle.net) (Version:  - Blizzard Entertainment)
BattlEye for OA Uninstall (HKLM\...\BattlEye for OA) (Version:  - )
Counter-Strike: Global Offensive (HKLM\...\Steam App 730) (Version:  - Valve)
Dawngate (HKLM\...\{25FAB7E0-526C-437F-8D55-7F00436B873D}) (Version: 180.16.77.0 - Electronic Arts, Inc.)
DayZ Commander (HKLM\...\{B3653588-3AC0-4A1D-950F-D96531E84374}) (Version: 0.92.91 - Dotjosh Studios)
Dota 2 (HKLM\...\Steam App 570) (Version:  - Valve)
GeForce Experience NvStream Client Components (Version: 1.6.28 - NVIDIA Corporation) Hidden
Hearthstone (HKLM\...\Hearthstone) (Version:  - Blizzard Entertainment)
Malwarebytes Anti-Malware Version 2.0.1.1004 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.1.1004 - Malwarebytes Corporation)
Microsoft .NET Framework 4.5.1 (DEU) (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Office Home and Business 2010 - Deutsch (HKLM\...\{90140011-0062-0407-0000-0000000FF1CE}) (Version: 14.0.6137.5006 - Microsoft Corporation)
Microsoft Office Klick-und-Los 2010 (HKLM\...\Office14.Click2Run) (Version: 14.0.6122.5000 - Microsoft Corporation)
Microsoft Office Klick-und-Los 2010 (Version: 14.0.6122.5000 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Mozilla Firefox 29.0.1 (x86 de) (HKLM\...\Mozilla Firefox 29.0.1 (x86 de)) (Version: 29.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
NVIDIA 3D Vision Treiber 332.21 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 332.21 - NVIDIA Corporation)
NVIDIA Drivers (HKLM\...\NVIDIA Drivers) (Version: 1.3 - )
NVIDIA GeForce Experience 1.8.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 1.8.1 - NVIDIA Corporation)
NVIDIA Grafiktreiber 332.21 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 332.21 - NVIDIA Corporation)
NVIDIA Install Application (Version: 2.1002.142.992 - NVIDIA Corporation) Hidden
NVIDIA LED Visualizer 1.0 (Version: 1.0 - NVIDIA Corporation) Hidden
NVIDIA Network Service (Version: 1.0 - NVIDIA Corporation) Hidden
NVIDIA PhysX (Version: 9.13.0725 - NVIDIA Corporation) Hidden
NVIDIA PhysX-Systemsoftware 9.13.0725 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.13.0725 - NVIDIA Corporation)
NVIDIA ShadowPlay 10.11.15 (Version: 10.11.15 - NVIDIA Corporation) Hidden
NVIDIA Stereoscopic 3D Driver (Version: 7.17.13.3221 - NVIDIA Corporation) Hidden
NVIDIA Systemsteuerung 332.21 (Version: 332.21 - NVIDIA Corporation) Hidden
NVIDIA Update 10.11.15 (Version: 10.11.15 - NVIDIA Corporation) Hidden
NVIDIA Update Core (Version: 10.11.15 - NVIDIA Corporation) Hidden
NVIDIA Virtual Audio 1.2.19 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_VirtualAudio.Driver) (Version: 1.2.19 - NVIDIA Corporation)
RICOH R5U8xx Media Driver ver.3.62.02 (HKLM\...\{59F6A514-9813-47A3-948C-8A155460CC2A}) (Version: 3.62.02 - RICOH)
SHIELD Streaming (Version: 1.6.85 - NVIDIA Corporation) Hidden
System Update kb70007 (Version: 1.0.0 - MSR) Hidden
TeamSpeak 3 Client (HKLM\...\TeamSpeak 3 Client) (Version: 3.0.14 - TeamSpeak Systems GmbH)
Virtual Audio Cable 4.10 (HKLM\...\Virtual Audio Cable 4.10) (Version:  - )
Winamp (HKLM\...\Winamp) (Version: 5.666  - Nullsoft, Inc)
WinRAR 5.01 (32-Bit) (HKLM\...\WinRAR archiver) (Version: 5.01.0 - win.rar GmbH)

==================== Restore Points  =========================

13-05-2014 09:05:50 Windows Update
14-05-2014 09:03:45 AA11
14-05-2014 19:00:40 DirectX wurde installiert
14-05-2014 21:17:52 DirectX wurde installiert
14-05-2014 23:35:37 Windows Update
15-05-2014 11:42:14 AA11

==================== Hosts content: ==========================

2009-07-14 04:04 - 2009-06-10 23:39 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

Task: {1BB89AD4-3C3A-42D0-9CF6-A0A5A8DF2A39} - System32\Tasks\GPUpdate => C:\Users\Jan\AppData\Roaming\GetPrivate\gp_upd.exe [2014-05-13] ()
Task: {215F6E25-FBDC-4792-80CE-113F63F866E1} - System32\Tasks\SW-Booster-S-702149676 => c:\programdata\itsmyapp\sw-booster\SW-Booster.exe
Task: {C466B0A0-A28D-4B57-882F-293F688E84EB} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2014-05-13] (Adobe Systems Incorporated)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe

==================== Loaded Modules (whitelisted) =============

2013-12-06 20:14 - 2013-12-19 20:37 - 00107296 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax.dll
2014-05-13 22:53 - 2014-05-08 15:23 - 00018944 _____ () C:\Windows\Microsoft\SystemUpdatekb70007\WindowsUpdater.exe
2014-05-13 22:53 - 2014-05-08 15:23 - 00064000 _____ () C:\Windows\Microsoft\SystemUpdatekb70007\InstallerLibrary.dll
2014-05-13 22:53 - 2014-05-08 15:23 - 00016896 _____ () C:\Windows\Microsoft\SystemUpdatekb70007\Installer.dll
2014-05-13 22:53 - 2014-05-15 14:17 - 00086528 _____ () C:\Program Files\MSR\Privoxy\mgwz.dll
2014-05-14 19:34 - 2014-05-07 04:27 - 03839088 _____ () C:\Program Files\Mozilla Firefox\mozjs.dll
2014-05-13 21:08 - 2014-05-13 21:08 - 16361136 _____ () C:\Windows\system32\Macromed\Flash\NPSWF32_13_0_0_214.dll

==================== Alternate Data Streams (whitelisted) =========


==================== Safe Mode (whitelisted) ===================


==================== EXE Association (whitelisted) =============


==================== Disabled items from MSCONFIG ==============


==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (05/14/2014 11:53:06 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: csgo.exe, Version: 0.0.0.0, Zeitstempel: 0x53628ca7
Name des fehlerhaften Moduls: tier0.dll, Version: 0.0.0.0, Zeitstempel: 0x5362c098
Ausnahmecode: 0x40000015
Fehleroffset: 0x0002181e
ID des fehlerhaften Prozesses: 0x1184
Startzeit der fehlerhaften Anwendung: 0xcsgo.exe0
Pfad der fehlerhaften Anwendung: csgo.exe1
Pfad des fehlerhaften Moduls: csgo.exe2
Berichtskennung: csgo.exe3

Error: (05/14/2014 11:17:50 PM) (Source: VSS) (EventID: 8194) (User: )
Description: Volumeschattenkopie-Dienstfehler: Beim Abfragen nach der Schnittstelle "IVssWriterCallback" ist ein unerwarteter Fehler aufgetreten. hr = 0x80070005, Zugriff verweigert
.
Die Ursache hierfür ist oft eine falsche Sicherheitseinstellung im Schreib- oder Anfrageprozess.


Vorgang:
   Generatordaten werden gesammelt

Kontext:
   Generatorklassen-ID: {e8132975-6f93-4464-a53e-1050253ae220}
   Generatorname: System Writer
   Generatorinstanz-ID: {915dad4b-985f-485f-8f3d-afceda119803}

Error: (05/14/2014 11:08:33 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: csgo.exe, Version: 0.0.0.0, Zeitstempel: 0x53628ca7
Name des fehlerhaften Moduls: tier0.dll, Version: 0.0.0.0, Zeitstempel: 0x5362c098
Ausnahmecode: 0x40000015
Fehleroffset: 0x0002181e
ID des fehlerhaften Prozesses: 0xffc
Startzeit der fehlerhaften Anwendung: 0xcsgo.exe0
Pfad der fehlerhaften Anwendung: csgo.exe1
Pfad des fehlerhaften Moduls: csgo.exe2
Berichtskennung: csgo.exe3

Error: (05/14/2014 10:34:45 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: csgo.exe, Version: 0.0.0.0, Zeitstempel: 0x53628ca7
Name des fehlerhaften Moduls: tier0.dll, Version: 0.0.0.0, Zeitstempel: 0x5362c098
Ausnahmecode: 0x40000015
Fehleroffset: 0x0002181e
ID des fehlerhaften Prozesses: 0xb0c
Startzeit der fehlerhaften Anwendung: 0xcsgo.exe0
Pfad der fehlerhaften Anwendung: csgo.exe1
Pfad des fehlerhaften Moduls: csgo.exe2
Berichtskennung: csgo.exe3

Error: (05/14/2014 10:17:15 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: csgo.exe, Version: 0.0.0.0, Zeitstempel: 0x53628ca7
Name des fehlerhaften Moduls: tier0.dll, Version: 0.0.0.0, Zeitstempel: 0x5362c098
Ausnahmecode: 0x40000015
Fehleroffset: 0x0002181e
ID des fehlerhaften Prozesses: 0x7f4
Startzeit der fehlerhaften Anwendung: 0xcsgo.exe0
Pfad der fehlerhaften Anwendung: csgo.exe1
Pfad des fehlerhaften Moduls: csgo.exe2
Berichtskennung: csgo.exe3

Error: (05/14/2014 09:55:41 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: csgo.exe, Version: 0.0.0.0, Zeitstempel: 0x53628ca7
Name des fehlerhaften Moduls: tier0.dll, Version: 0.0.0.0, Zeitstempel: 0x5362c098
Ausnahmecode: 0x40000015
Fehleroffset: 0x0002181e
ID des fehlerhaften Prozesses: 0xda4
Startzeit der fehlerhaften Anwendung: 0xcsgo.exe0
Pfad der fehlerhaften Anwendung: csgo.exe1
Pfad des fehlerhaften Moduls: csgo.exe2
Berichtskennung: csgo.exe3

Error: (05/14/2014 09:47:53 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: csgo.exe, Version: 0.0.0.0, Zeitstempel: 0x53628ca7
Name des fehlerhaften Moduls: tier0.dll, Version: 0.0.0.0, Zeitstempel: 0x5362c098
Ausnahmecode: 0x40000015
Fehleroffset: 0x0002181e
ID des fehlerhaften Prozesses: 0x840
Startzeit der fehlerhaften Anwendung: 0xcsgo.exe0
Pfad der fehlerhaften Anwendung: csgo.exe1
Pfad des fehlerhaften Moduls: csgo.exe2
Berichtskennung: csgo.exe3

Error: (05/14/2014 09:36:17 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: csgo.exe, Version: 0.0.0.0, Zeitstempel: 0x53628ca7
Name des fehlerhaften Moduls: tier0.dll, Version: 0.0.0.0, Zeitstempel: 0x5362c098
Ausnahmecode: 0x40000015
Fehleroffset: 0x0002181e
ID des fehlerhaften Prozesses: 0x1184
Startzeit der fehlerhaften Anwendung: 0xcsgo.exe0
Pfad der fehlerhaften Anwendung: csgo.exe1
Pfad des fehlerhaften Moduls: csgo.exe2
Berichtskennung: csgo.exe3

Error: (05/14/2014 09:00:35 PM) (Source: VSS) (EventID: 8194) (User: )
Description: Volumeschattenkopie-Dienstfehler: Beim Abfragen nach der Schnittstelle "IVssWriterCallback" ist ein unerwarteter Fehler aufgetreten. hr = 0x80070005, Zugriff verweigert
.
Die Ursache hierfür ist oft eine falsche Sicherheitseinstellung im Schreib- oder Anfrageprozess.


Vorgang:
   Generatordaten werden gesammelt

Kontext:
   Generatorklassen-ID: {e8132975-6f93-4464-a53e-1050253ae220}
   Generatorname: System Writer
   Generatorinstanz-ID: {915dad4b-985f-485f-8f3d-afceda119803}

Error: (05/14/2014 00:23:19 PM) (Source: MsiInstaller) (EventID: 1024) (User: Jan-PC)
Description: Produkt: Adobe Reader XI - Deutsch - Update "{AC76BA86-7AD7-0000-2550-7A8C40011007}" konnte nicht installiert werden. Fehlercode 1625. Windows Installer kann Protokolle erstellen, um bei der Problembehandlung betreffend der Installation von Softwarepaketen behilflich zu sein. Verwenden Sie folgenden Link, um Anweisungen zur Aktivierung der Protokollierungsunterstützung zu erhalten: hxxp://go.microsoft.com/fwlink/?LinkId=23127


System errors:
=============
Error: (05/14/2014 11:46:35 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Spybot-S&D 2 Updating Service" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 60000 Millisekunden durchgeführt: Neustart des Diensts.

Error: (05/14/2014 11:46:35 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Spybot-S&D 2 Security Center Service" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 60000 Millisekunden durchgeführt: Neustart des Diensts.

Error: (05/14/2014 11:46:35 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Spybot-S&D 2 Scanner Service" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 60000 Millisekunden durchgeführt: Neustart des Diensts.

Error: (05/14/2014 11:42:49 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "SW-Sustainer" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.

Error: (05/14/2014 11:41:01 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "Supporter" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.

Error: (05/14/2014 11:18:41 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst BlockAndSurf erreicht.

Error: (05/13/2014 10:54:34 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "Search Protect Service" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.

Error: (05/12/2014 10:44:45 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Steam Client Service" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%1053

Error: (05/12/2014 10:44:45 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Steam Client Service erreicht.

Error: (04/27/2014 11:33:57 AM) (Source: ACPI) (EventID: 13) (User: )
Description: : Der eingebettete Controller (EC) hat nicht innerhalb des angegebenen Zeitlimits reagiert. Dies deutet auf einen Fehler in der EC-Hardware oder -Firmware hin bzw. darauf, dass das BIOS auf falsche Art auf den EC zugreift. Fragen Sie den Computerhersteller nach einem aktualisierten BIOS. Dieser Fehler kann in einigen Situationen zur Folge haben, dass der Computer fehlerhaft läuft.


Microsoft Office Sessions:
=========================
Error: (05/14/2014 11:53:06 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: csgo.exe0.0.0.053628ca7tier0.dll0.0.0.05362c098400000150002181e118401cf6fba271f2c5eG:\Steam\steamapps\common\Counter-Strike Global Offensive\csgo.exeG:\Steam\steamapps\common\Counter-Strike Global Offensive\bin\tier0.dll20c04a4a-dbb2-11e3-9838-001d606b6967

Error: (05/14/2014 11:17:50 PM) (Source: VSS) (EventID: 8194) (User: )
Description: 0x80070005, Zugriff verweigert


Vorgang:
   Generatordaten werden gesammelt

Kontext:
   Generatorklassen-ID: {e8132975-6f93-4464-a53e-1050253ae220}
   Generatorname: System Writer
   Generatorinstanz-ID: {915dad4b-985f-485f-8f3d-afceda119803}

Error: (05/14/2014 11:08:33 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: csgo.exe0.0.0.053628ca7tier0.dll0.0.0.05362c098400000150002181effc01cf6fb3f947451aG:\Steam\steamapps\common\Counter-Strike Global Offensive\csgo.exeG:\Steam\steamapps\common\Counter-Strike Global Offensive\bin\tier0.dlle7f1ad5d-dbab-11e3-9838-001d606b6967

Error: (05/14/2014 10:34:45 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: csgo.exe0.0.0.053628ca7tier0.dll0.0.0.05362c098400000150002181eb0c01cf6fb34836bfe3G:\Steam\steamapps\common\Counter-Strike Global Offensive\csgo.exeG:\Steam\steamapps\common\Counter-Strike Global Offensive\bin\tier0.dll2f3d1ee9-dba7-11e3-9838-001d606b6967

Error: (05/14/2014 10:17:15 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: csgo.exe0.0.0.053628ca7tier0.dll0.0.0.05362c098400000150002181e7f401cf6fae8514f91aG:\Steam\steamapps\common\Counter-Strike Global Offensive\csgo.exeG:\Steam\steamapps\common\Counter-Strike Global Offensive\bin\tier0.dllbd04743e-dba4-11e3-9838-001d606b6967

Error: (05/14/2014 09:55:41 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: csgo.exe0.0.0.053628ca7tier0.dll0.0.0.05362c098400000150002181eda401cf6fad7195de2bG:\Steam\steamapps\common\Counter-Strike Global Offensive\csgo.exeG:\Steam\steamapps\common\Counter-Strike Global Offensive\bin\tier0.dllb9d69425-dba1-11e3-9838-001d606b6967

Error: (05/14/2014 09:47:53 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: csgo.exe0.0.0.053628ca7tier0.dll0.0.0.05362c098400000150002181e84001cf6fabf1291a9cG:\Steam\steamapps\common\Counter-Strike Global Offensive\csgo.exeG:\Steam\steamapps\common\Counter-Strike Global Offensive\bin\tier0.dlla2d54a2f-dba0-11e3-9838-001d606b6967

Error: (05/14/2014 09:36:17 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: csgo.exe0.0.0.053628ca7tier0.dll0.0.0.05362c098400000150002181e118401cf6fa96471365eG:\Steam\steamapps\common\Counter-Strike Global Offensive\csgo.exeG:\Steam\steamapps\common\Counter-Strike Global Offensive\bin\tier0.dll042706d7-db9f-11e3-9838-001d606b6967

Error: (05/14/2014 09:00:35 PM) (Source: VSS) (EventID: 8194) (User: )
Description: 0x80070005, Zugriff verweigert


Vorgang:
   Generatordaten werden gesammelt

Kontext:
   Generatorklassen-ID: {e8132975-6f93-4464-a53e-1050253ae220}
   Generatorname: System Writer
   Generatorinstanz-ID: {915dad4b-985f-485f-8f3d-afceda119803}

Error: (05/14/2014 00:23:19 PM) (Source: MsiInstaller) (EventID: 1024) (User: Jan-PC)
Description: Adobe Reader XI - Deutsch{AC76BA86-7AD7-0000-2550-7A8C40011007}1625(NULL)(NULL)(NULL)


==================== Memory info =========================== 

Percentage of memory in use: 34%
Total physical RAM: 3071.3 MB
Available physical RAM: 2002.75 MB
Total Pagefile: 6140.9 MB
Available Pagefile: 4919.7 MB
Total Virtual: 2047.88 MB
Available Virtual: 1918.57 MB

==================== Drives ================================

Drive c: (Main) (Fixed) (Total:67.07 GB) (Free:24.38 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: (DATA) (Fixed) (Total:44.71 GB) (Free:39.35 GB) NTFS
Drive f: (INTENSO) (Removable) (Total:3.73 GB) (Free:1.28 GB) FAT32
Drive g: (Elements) (Fixed) (Total:931.51 GB) (Free:716.72 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 112 GB) (Disk ID: 15807A61)
Partition 1: (Active) - (Size=67 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=45 GB) - (Type=OF Extended)

========================================================
Disk: 1 (Size: 4 GB) (Disk ID: 00000000)

Partition: GPT Partition Type.

========================================================
Disk: 2 (MBR Code: Windows XP) (Size: 932 GB) (Disk ID: 00261DDD)
Partition 1: (Not Active) - (Size=932 GB) - (Type=07 NTFS)

==================== End Of Log ============================
         
Hier der GMER logfile:
Code:
ATTFilter
GMER 2.1.19357 - hxxp://www.gmer.net
Rootkit scan 2014-05-16 00:42:49
Windows 6.1.7601 Service Pack 1 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-3 FUJITSU_MHW2120BH rev.00930013 111,79GB
Running: Gmer-19357.exe; Driver: C:\Users\Jan\AppData\Local\Temp\pxldypow.sys


---- Kernel code sections - GMER 2.1 ----

.text           ntkrnlpa.exe!ZwRollbackEnlistment + 142D                                                                           82A56A15 1 Byte  [06]
.text           ntkrnlpa.exe!KiDispatchInterrupt + 5A2                                                                             82A90212 19 Bytes  [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}

---- User code sections - GMER 2.1 ----

.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe[2068] ntdll.dll!NtCreateFile + 6               77BF560E 4 Bytes  [28, 20, 07, 00]
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe[2068] ntdll.dll!NtCreateFile + B               77BF5613 1 Byte  [E2]
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe[2068] ntdll.dll!NtCreateKey + 6                77BF564E 4 Bytes  [68, 21, 07, 00]
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe[2068] ntdll.dll!NtCreateKey + B                77BF5653 1 Byte  [E2]
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe[2068] ntdll.dll!NtCreateMutant + 6             77BF568E 4 Bytes  [68, 22, 07, 00]
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe[2068] ntdll.dll!NtCreateMutant + B             77BF5693 1 Byte  [E2]
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe[2068] ntdll.dll!NtCreateSection + 6            77BF572E 4 Bytes  [A8, 22, 07, 00]
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe[2068] ntdll.dll!NtCreateSection + B            77BF5733 1 Byte  [E2]
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe[2068] ntdll.dll!NtMapViewOfSection + B         77BF5C73 1 Byte  [E2]
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe[2068] ntdll.dll!NtOpenFile + 6                 77BF5D1E 4 Bytes  [68, 20, 07, 00]
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe[2068] ntdll.dll!NtOpenFile + B                 77BF5D23 1 Byte  [E2]
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe[2068] ntdll.dll!NtOpenKey + 6                  77BF5D4E 4 Bytes  [A8, 21, 07, 00]
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe[2068] ntdll.dll!NtOpenKey + B                  77BF5D53 1 Byte  [E2]
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe[2068] ntdll.dll!NtOpenKeyEx + B                77BF5D63 1 Byte  [E2]
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe[2068] ntdll.dll!NtOpenMutant + 6               77BF5D9E 4 Bytes  [28, 22, 07, 00]
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe[2068] ntdll.dll!NtOpenMutant + B               77BF5DA3 1 Byte  [E2]
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe[2068] ntdll.dll!NtOpenProcess + 6              77BF5DCE 4 Bytes  [68, 23, 07, 00]
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe[2068] ntdll.dll!NtOpenProcess + B              77BF5DD3 1 Byte  [E2]
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe[2068] ntdll.dll!NtOpenProcessToken + 6         77BF5DDE 4 Bytes  [A8, 23, 07, 00]
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe[2068] ntdll.dll!NtOpenProcessToken + B         77BF5DE3 1 Byte  [E2]
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe[2068] ntdll.dll!NtOpenProcessTokenEx + 6       77BF5DEE 4 Bytes  [68, 24, 07, 00]
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe[2068] ntdll.dll!NtOpenProcessTokenEx + B       77BF5DF3 1 Byte  [E2]
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe[2068] ntdll.dll!NtOpenSection + B              77BF5E13 1 Byte  [E2]
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe[2068] ntdll.dll!NtOpenThread + 6               77BF5E4E 4 Bytes  [28, 23, 07, 00]
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe[2068] ntdll.dll!NtOpenThread + B               77BF5E53 1 Byte  [E2]
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe[2068] ntdll.dll!NtOpenThreadToken + 6          77BF5E5E 4 Bytes  [28, 24, 07, 00]
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe[2068] ntdll.dll!NtOpenThreadToken + B          77BF5E63 1 Byte  [E2]
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe[2068] ntdll.dll!NtOpenThreadTokenEx + 6        77BF5E6E 4 Bytes  [A8, 24, 07, 00]
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe[2068] ntdll.dll!NtOpenThreadTokenEx + B        77BF5E73 1 Byte  [E2]
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe[2068] ntdll.dll!NtQueryAttributesFile + 6      77BF5F7E 4 Bytes  [A8, 20, 07, 00]
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe[2068] ntdll.dll!NtQueryAttributesFile + B      77BF5F83 1 Byte  [E2]
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe[2068] ntdll.dll!NtQueryFullAttributesFile + B  77BF6033 1 Byte  [E2]
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe[2068] ntdll.dll!NtSetInformationFile + 6       77BF667E 4 Bytes  [28, 21, 07, 00]
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe[2068] ntdll.dll!NtSetInformationFile + B       77BF6683 1 Byte  [E2]
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe[2068] ntdll.dll!NtSetInformationThread + B     77BF66E3 1 Byte  [E2]
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe[2068] ntdll.dll!NtUnmapViewOfSection + 6       77BF69FE 4 Bytes  [28, 25, 07, 00]
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe[2068] ntdll.dll!NtUnmapViewOfSection + B       77BF6A03 1 Byte  [E2]
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe[2068] kernel32.dll!CreateProcessW              763F204D 5 Bytes  JMP 00080030 
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe[2068] kernel32.dll!CreateProcessA              763F2082 5 Bytes  JMP 00080070 
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe[2068] user32.DLL!ActivateKeyboardLayout        765D8203 5 Bytes  JMP 000C04F0 
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe[2068] user32.DLL!ScreenToClient                765DA506 7 Bytes  JMP 000C0670 
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe[2068] user32.DLL!RegisterClipboardFormatA      765DC091 5 Bytes  JMP 000C02F0 
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe[2068] user32.DLL!RegisterClipboardFormatW      765DDF8D 5 Bytes  JMP 000C02B0 
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe[2068] user32.DLL!SetCursor                     765E3075 5 Bytes  JMP 000C0530 
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe[2068] user32.DLL!MonitorFromWindow             765E3622 7 Bytes  JMP 000C0630 
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe[2068] user32.DLL!PostMessageW                  765E447B 5 Bytes  JMP 000C05F0 
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe[2068] user32.DLL!IsWindowVisible               765E4D69 7 Bytes  JMP 000C06B0 
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe[2068] user32.DLL!GetClientRect                 765E54DD 7 Bytes  JMP 000C05B0 
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe[2068] user32.DLL!MapWindowPoints               765E5CAA 5 Bytes  JMP 000C0570 
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe[2068] user32.DLL!GetParent                     765E6029 7 Bytes  JMP 000C06F0 
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe[2068] user32.DLL!EmptyClipboard                765F290C 5 Bytes  JMP 000C0130 
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe[2068] user32.DLL!SetClipboardData              765F2962 5 Bytes  JMP 000C0170 
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe[2068] user32.DLL!GetClipboardData              765F2BA7 5 Bytes  JMP 000C0030 
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe[2068] user32.DLL!GetClipboardFormatNameW       765F5FD2 5 Bytes  JMP 000C0230 
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe[2068] user32.DLL!SetClipboardViewer            765F6FF6 5 Bytes  JMP 000C04B0 
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe[2068] user32.DLL!GetClipboardFormatNameA       765F700A 5 Bytes  JMP 000C0270 
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe[2068] user32.DLL!ChangeClipboardChain          7660147C 5 Bytes  JMP 000C0430 
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe[2068] user32.DLL!GetTopWindow                  766024D9 7 Bytes  JMP 000C0730 
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe[2068] user32.DLL!CloseClipboard                7660446C 5 Bytes  JMP 000C00B0 
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe[2068] user32.DLL!OpenClipboard                 7660447E 5 Bytes  JMP 000C0070 
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe[2068] user32.DLL!IsClipboardFormatAvailable    766044FF 5 Bytes  JMP 000C00F0 
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe[2068] user32.DLL!GetClipboardSequenceNumber    76604513 5 Bytes  JMP 000C0330 
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe[2068] user32.DLL!GetClipboardOwner             76604525 5 Bytes  JMP 000C0370 
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe[2068] user32.DLL!CountClipboardFormats         7660470A 5 Bytes  JMP 000C01F0 
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe[2068] user32.DLL!EnumClipboardFormats          766047EC 5 Bytes  JMP 000C01B0 
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe[2068] user32.DLL!GetOpenClipboardWindow        7660480B 5 Bytes  JMP 000C03F0 
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe[2068] user32.DLL!SetCursorPos                  7661C1B0 5 Bytes  JMP 000C0770 
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe[2068] user32.DLL!GetClipboardViewer            76634AF7 5 Bytes  JMP 000C0470 
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe[2068] user32.DLL!GetPriorityClipboardFormat    76634BF9 5 Bytes  JMP 000C03B0 
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe[2068] GDI32.dll!DeleteObject                   77885F14 5 Bytes  JMP 000D01B0 
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe[2068] GDI32.dll!SelectObject                   77886640 5 Bytes  JMP 000D05F0 
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe[2068] GDI32.dll!SetTextColor                   77886906 5 Bytes  JMP 000D0A30 
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe[2068] GDI32.dll!SetBkMode                      778869B1 5 Bytes  JMP 000D08F0 
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe[2068] GDI32.dll!DeleteDC                       77886EAA 5 Bytes  JMP 000D0170 
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe[2068] GDI32.dll!GetDeviceCaps                  77886F7F 5 Bytes  JMP 000D03B0 
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe[2068] GDI32.dll!ExtSelectClipRgn               77887114 5 Bytes  JMP 000D02F0 
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe[2068] GDI32.dll!SelectClipRgn                  77887242 5 Bytes  JMP 000D05B0 
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe[2068] GDI32.dll!SetStretchBltMode              77887705 5 Bytes  JMP 000D06B0 
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe[2068] GDI32.dll!GetCurrentObject               77887917 5 Bytes  JMP 000D0370 
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe[2068] GDI32.dll!GetTextMetricsW                77887B8F 5 Bytes  JMP 000D0E30 
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe[2068] GDI32.dll!GetTextAlign                   77887DAF 5 Bytes  JMP 000D0D70 
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe[2068] GDI32.dll!IntersectClipRect              77887DFE 5 Bytes  JMP 000D03F0 
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe[2068] GDI32.dll!ExtTextOutW                    77888192 5 Bytes  JMP 000D0970 
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe[2068] GDI32.dll!SetTextAlign                   7788828E 5 Bytes  JMP 000D09F0 
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe[2068] GDI32.dll!GetClipBox                     77888525 5 Bytes  JMP 000D0330 
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe[2068] GDI32.dll!MoveToEx                       77888C21 5 Bytes  JMP 000D0470 
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe[2068] GDI32.dll!StretchDIBits                  7788A53E 5 Bytes  JMP 000D0770 
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe[2068] GDI32.dll!RestoreDC                      7788A67B 5 Bytes  JMP 000D0530 
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe[2068] GDI32.dll!SaveDC                         7788A74B 5 Bytes  JMP 000D0570 
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe[2068] GDI32.dll!GetTextExtentPoint32W          7788B4B5 5 Bytes  JMP 000D0670 
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe[2068] GDI32.dll!GetTextFaceW                   7788B73A 2 Bytes  JMP 000D0D30 
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe[2068] GDI32.dll!GetTextFaceW + 3               7788B73D 2 Bytes  [84, 88]
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe[2068] GDI32.dll!GetFontData                    7788BCC4 5 Bytes  JMP 000D0C70 
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe[2068] GDI32.dll!SetWorldTransform              7788C90A 5 Bytes  JMP 000D06F0 
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe[2068] GDI32.dll!CreateDCA                      7788CCA9 5 Bytes  JMP 000D00B0 
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe[2068] GDI32.dll!CreateDCW                      7788CF79 5 Bytes  JMP 000D00F0 
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe[2068] GDI32.dll!CreateICW                      7788CFD0 5 Bytes  JMP 000D0130 
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe[2068] GDI32.dll!GetTextMetricsA                7788D0F2 5 Bytes  JMP 000D0DF0 
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe[2068] GDI32.dll!Rectangle                      7788F1FF 5 Bytes  JMP 000D09B0 
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe[2068] GDI32.dll!LineTo                         7788F59B 5 Bytes  JMP 000D0430 
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe[2068] GDI32.dll!SetICMMode                     7788FAA4 5 Bytes  JMP 000D0DB0 
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe[2068] GDI32.dll!ExtTextOutA                    77890D20 5 Bytes  JMP 000D0930 
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe[2068] GDI32.dll!GetTextExtentPoint32A          7789117F 5 Bytes  JMP 000D0630 
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe[2068] GDI32.dll!ExtEscape                      77892D49 5 Bytes  JMP 000D02B0 
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe[2068] GDI32.dll!Escape                         77893400 5 Bytes  JMP 000D0270 
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe[2068] GDI32.dll!ResetDCW                       77893A9B 5 Bytes  JMP 000D0AB0 
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe[2068] GDI32.dll!EndPage                        778940DA 5 Bytes  JMP 000D0230 
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe[2068] GDI32.dll!SetPolyFillMode                778967E1 5 Bytes  JMP 000D0B30 
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe[2068] GDI32.dll!SetMiterLimit                  7789699D 5 Bytes  JMP 000D0B70 
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe[2068] GDI32.dll!GetTextFaceA                   778A0D22 5 Bytes  JMP 000D0CF0 
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe[2068] GDI32.dll!GetGlyphOutlineW               778AC2DA 5 Bytes  JMP 000D0CB0 
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe[2068] GDI32.dll!CreateScalableFontResourceW    778AE937 5 Bytes  JMP 000D0BB0 
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe[2068] GDI32.dll!AddFontResourceW               778AED33 5 Bytes  JMP 000D0BF0 
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe[2068] GDI32.dll!RemoveFontResourceW            778AF229 5 Bytes  JMP 000D0C30 
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe[2068] GDI32.dll!AbortDoc                       778B4E29 5 Bytes  JMP 000D0030 
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe[2068] GDI32.dll!EndDoc                         778B5270 5 Bytes  JMP 000D01F0 
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe[2068] GDI32.dll!StartPage                      778B535B 5 Bytes  JMP 000D0730 
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe[2068] GDI32.dll!StartDocW                      778B5D76 5 Bytes  JMP 000D07F0 
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe[2068] GDI32.dll!BeginPath                      778B651D 5 Bytes  JMP 000D0830 
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe[2068] GDI32.dll!SelectClipPath                 778B6574 5 Bytes  JMP 000D0AF0 
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe[2068] GDI32.dll!CloseFigure                    778B65CF 5 Bytes  JMP 000D0070 
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe[2068] GDI32.dll!EndPath                        778B6626 5 Bytes  JMP 000D0A70 
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe[2068] GDI32.dll!StrokePath                     778B6859 5 Bytes  JMP 000D07B0 
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe[2068] GDI32.dll!FillPath                       778B68E6 5 Bytes  JMP 000D0870 
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe[2068] GDI32.dll!PolylineTo                     778B6D54 5 Bytes  JMP 000D04F0 
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe[2068] GDI32.dll!PolyBezierTo                   778B6DE5 5 Bytes  JMP 000D04B0 
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe[2068] GDI32.dll!PolyDraw                       778B6E97 5 Bytes  JMP 000D08B0 
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe[2068] ole32.dll!OleSetClipboard                77AB0045 5 Bytes  JMP 000F0030 
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe[2068] ole32.dll!OleIsCurrentClipboard          77AB36B2 5 Bytes  JMP 000F0070 
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe[2068] ole32.dll!OleGetClipboard                77ADFDCD 5 Bytes  JMP 000F00B0 
.text           C:\Program Files\Mozilla Firefox\firefox.exe[3984] ntdll.dll!LdrLoadDll                                            77C122AE 5 Bytes  JMP 71671EB1 C:\Program Files\Mozilla Firefox\mozglue.dll
.text           C:\Program Files\Mozilla Firefox\firefox.exe[3984] kernel32.dll!K32GetDeviceDriverBaseNameW + 5D                   764394E6 7 Bytes  JMP 5DC084D6 C:\Program Files\Mozilla Firefox\xul.dll
.text           C:\Program Files\Mozilla Firefox\firefox.exe[3984] kernel32.dll!QueryPerformanceCounter + 13                       7643C4E5 7 Bytes  JMP 5DC084F9 C:\Program Files\Mozilla Firefox\xul.dll
.text           C:\Program Files\Mozilla Firefox\firefox.exe[3984] kernel32.dll!LoadAppInitDlls + 355                              7643F5A6 7 Bytes  JMP 5D283A32 C:\Program Files\Mozilla Firefox\xul.dll
.text           C:\Program Files\Mozilla Firefox\firefox.exe[3984] GDI32.dll!GetViewportOrgEx + 26C                                7788884B 7 Bytes  JMP 5DC08457 C:\Program Files\Mozilla Firefox\xul.dll
.text           C:\Program Files\Mozilla Firefox\plugin-container.exe[5112] USER32.dll!GetWindowInfo                               765E4B5E 5 Bytes  JMP 5D4BD777 C:\Program Files\Mozilla Firefox\xul.dll
.text           C:\Program Files\Mozilla Firefox\plugin-container.exe[5112] USER32.dll!ToUnicodeEx + 71                            765F2223 7 Bytes  JMP 5D4B70E4 C:\Program Files\Mozilla Firefox\xul.dll

---- Devices - GMER 2.1 ----

AttachedDevice  \FileSystem\fastfat \Fat                                                                                           fltmgr.sys

---- Registry - GMER 2.1 ----

Reg             HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Superfetch@VirtualStoreSize                                      1492

---- EOF - GMER 2.1 ----
         
Und hier noch 2 Malwarebyte logs, die ich im Vorfeld schon einmal durchgeführt hatte.
Code:
ATTFilter
 Malwarebytes Anti-Malware 
www.malwarebytes.org

Scan Date: 14.05.2014
Scan Time: 12:18:35
Logfile: mbam.txt
Administrator: Yes

Version: 2.00.1.1004
Malware Database: v2014.05.14.02
Rootkit Database: v2014.03.27.01
License: Trial
Malware Protection: Enabled
Malicious Website Protection: Enabled
Chameleon: Disabled

OS: Windows 7 Service Pack 1
CPU: x86
File System: NTFS
User: Jan

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 240744
Time Elapsed: 1 hr, 3 min, 10 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Shuriken: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 0
(No malicious items detected)

Physical Sectors: 0
(No malicious items detected)


(end)
         
Code:
ATTFilter
 Malwarebytes Anti-Malware 
www.malwarebytes.org

Scan Date: 15.05.2014
Scan Time: 14:13:48
Logfile: mbam2.txt
Administrator: Yes

Version: 2.00.1.1004
Malware Database: v2014.05.15.04
Rootkit Database: v2014.03.27.01
License: Trial
Malware Protection: Enabled
Malicious Website Protection: Enabled
Chameleon: Disabled

OS: Windows 7 Service Pack 1
CPU: x86
File System: NTFS
User: Jan

Scan Type: Hyper Scan
Result: Completed
Objects Scanned: 209344
Time Elapsed: 4 min, 39 sec

Memory: Enabled
Startup: Enabled
Filesystem: Disabled
Archives: Enabled
Rootkits: Disabled
Shuriken: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 0
(No malicious items detected)

Physical Sectors: 0
(No malicious items detected)


(end)
         

Vielen Dank schonmal für Ihre Hilfe.

MfG JanR91

Geändert von JanR91 (16.05.2014 um 00:15 Uhr)

Alt 16.05.2014, 06:11   #2
schrauber
/// the machine
/// TB-Ausbilder
 

Windows 7(32Bit): CPU Auslastung hoch/möglicher Virenbefall - Standard

Windows 7(32Bit): CPU Auslastung hoch/möglicher Virenbefall



hi,

Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument

Code:
ATTFilter
ProxyEnable: Internet Explorer proxy is enabled.
ProxyServer: http=127.0.0.1:8118;https=127.0.0.1:8118
         

Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
  • Starte nun FRST erneut und klicke den Entfernen Button.
  • Das Tool erstellt eine Fixlog.txt.
  • Poste mir deren Inhalt.





Scan mit Combofix
WARNUNG an die MITLESER:
Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!

Downloade dir bitte Combofix vom folgenden Downloadspiegel: Link
  • WICHTIG: Speichere Combofix auf deinem Desktop.
  • Deaktiviere bitte alle deine Antivirensoftware sowie Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören. Combofix meckert auch manchmal trotzdem noch, das kannst du dann ignorieren, mir aber bitte mitteilen.
  • Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.
  • Während Combofix läuft bitte nicht am Computer arbeiten, die Maus bewegen oder ins Combofixfenster klicken!
  • Wenn Combofix fertig ist, wird es ein Logfile erstellen.
  • Bitte poste die C:\Combofix.txt in deiner nächsten Antwort (möglichst in CODE-Tags).
Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.

__________________

__________________

Alt 16.05.2014, 09:06   #3
JanR91
 
Windows 7(32Bit): CPU Auslastung hoch/möglicher Virenbefall - Standard

Windows 7(32Bit): CPU Auslastung hoch/möglicher Virenbefall



Hey,

danke für die schnelle Antwort!

Hier der Fixlog.txt:
Code:
ATTFilter
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version:15-05-2014
Ran by Jan at 2014-05-16 09:39:25 Run:1
Running from C:\Users\Jan\Downloads
Boot Mode: Normal

==============================================

Content of fixlist:
*****************
ProxyEnable: Internet Explorer proxy is enabled.
ProxyServer: http=127.0.0.1:8118;https=127.0.0.1:8118
*****************

HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable => Value deleted successfully.
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer => Value deleted successfully.

==== End of Fixlog ====
         
Und hier der Combofixlog:
Code:
ATTFilter
ComboFix 14-05-16.01 - Jan 16.05.2014   9:45.1.2 - x86
Microsoft Windows 7 Ultimate   6.1.7601.1.1252.49.1031.18.3071.2295 [GMT 2:00]
ausgeführt von:: c:\users\Jan\Downloads\ComboFix.exe
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Jan\AppData\Local\Microsoft\Windows\Temporary Internet Files\{38CEA7EC-5215-4B52-B49A-376550BE024D}.xps
c:\windows\MICROSOFT
c:\windows\MICROSOFT\SystemUpdatekb70007\Installer.dll
c:\windows\MICROSOFT\SystemUpdatekb70007\InstallerLibrary.dll
c:\windows\MICROSOFT\SystemUpdatekb70007\Newtonsoft.Json.dll
c:\windows\MICROSOFT\SystemUpdatekb70007\SQLite.Interop.dll
c:\windows\MICROSOFT\SystemUpdatekb70007\System.Data.SQLite.dll
c:\windows\MICROSOFT\SystemUpdatekb70007\win32.reg
c:\windows\MICROSOFT\SystemUpdatekb70007\WindowsUpdater.exe
c:\windows\wininit.ini
G:\autorun.inf
.
.
(((((((((((((((((((((((((((((((((((((((   Treiber/Dienste   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_SystemUpdatekb70007
-------\Service_SystemUpdatekb70007
.
.
(((((((((((((((((((((((   Dateien erstellt von 2014-04-16 bis 2014-05-16  ))))))))))))))))))))))))))))))
.
.
2014-05-16 07:51 . 2014-05-16 07:54	--------	d-----w-	c:\users\Jan\AppData\Local\temp
2014-05-16 07:51 . 2014-05-16 07:51	--------	d-----w-	c:\users\Default\AppData\Local\temp
2014-05-15 22:30 . 2014-05-16 07:39	--------	d-----w-	C:\FRST
2014-05-15 11:59 . 2010-08-30 06:34	536576	----a-w-	c:\windows\system32\sqlite3.dll
2014-05-14 23:36 . 2014-05-06 03:07	2724864	----a-w-	c:\windows\system32\mshtml.tlb
2014-05-14 17:34 . 2014-05-14 17:34	--------	d-----w-	c:\program files\Mozilla Maintenance Service
2014-05-14 10:47 . 2014-05-16 07:40	62576	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{BBDC1412-B8F2-4141-8731-3A3837D359D2}\offreg.dll
2014-05-14 10:19 . 2014-05-14 10:19	--------	d-----w-	c:\users\Jan\AppData\Roaming\LavasoftStatistics
2014-05-14 09:11 . 2014-05-15 11:55	--------	d-----w-	c:\programdata\Spybot - Search & Destroy
2014-05-14 09:11 . 2014-05-15 12:02	--------	d-----w-	c:\program files\Spybot - Search & Destroy 2
2014-05-14 09:10 . 2014-05-15 23:15	107736	----a-w-	c:\windows\system32\drivers\MBAMSwissArmy.sys
2014-05-14 09:08 . 2014-05-15 11:43	--------	d-----w-	c:\program files\Lavasoft
2014-05-14 09:06 . 2014-05-14 09:06	--------	d-----w-	c:\programdata\Malwarebytes
2014-05-14 09:06 . 2014-04-03 07:51	51416	----a-w-	c:\windows\system32\drivers\mwac.sys
2014-05-14 09:06 . 2014-04-03 07:51	73432	----a-w-	c:\windows\system32\drivers\mbamchameleon.sys
2014-05-14 09:06 . 2014-04-03 07:50	23256	----a-w-	c:\windows\system32\drivers\mbam.sys
2014-05-14 09:03 . 2014-05-14 09:03	--------	d-----w-	c:\programdata\Lavasoft
2014-05-13 20:55 . 2014-05-13 20:55	--------	d-sh--w-	c:\users\Jan\AppData\Local\EmieUserList
2014-05-13 20:55 . 2014-05-13 20:55	--------	d-sh--w-	c:\users\Jan\AppData\Local\EmieSiteList
2014-05-13 20:53 . 2014-05-13 20:53	--------	d-----w-	c:\program files\MSR
2014-05-13 20:52 . 2014-05-13 20:52	--------	d-----w-	c:\users\Jan\AppData\Roaming\InetStat
2014-05-13 20:52 . 2014-05-13 20:52	--------	d-----w-	c:\users\Jan\AppData\Roaming\GetPrivate
2014-05-13 20:52 . 2014-05-13 20:52	--------	d-----w-	c:\users\Jan\AppData\Roaming\wi_upd
2014-05-13 19:07 . 2014-05-14 10:24	--------	d-----w-	c:\users\Jan\AppData\Roaming\uTorrent
2014-05-13 09:06 . 2014-04-17 03:32	8050496	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{BBDC1412-B8F2-4141-8731-3A3837D359D2}\mpengine.dll
2014-05-12 20:50 . 2014-05-12 20:50	--------	d-----w-	c:\programdata\ItsMyApp
2014-05-12 20:49 . 2014-05-14 10:25	--------	d-----w-	c:\programdata\18be15233c43999c
2014-05-12 20:49 . 2014-05-12 20:49	--------	d-----w-	c:\users\Jan\AppData\Local\Google
2014-05-12 20:49 . 2014-05-12 20:49	--------	d-----w-	c:\users\Jan\AppData\Local\Comodo
2014-05-12 20:49 . 2014-05-12 20:49	--------	d-----w-	c:\users\Jan\AppData\Local\Chromatic Browser
2014-05-12 20:49 . 2014-05-12 20:49	--------	d-----w-	c:\users\Gast
2014-05-12 20:49 . 2014-05-12 20:49	--------	d-----w-	c:\users\Administrator
2014-05-12 20:49 . 2014-05-12 20:49	--------	d-----w-	c:\users\Jan\AppData\Local\Programs
2014-05-12 20:48 . 2014-05-12 20:55	--------	d-----w-	c:\programdata\InstallMate
2014-05-06 15:34 . 2014-05-15 11:10	--------	d-s---w-	c:\windows\system32\CompatTel
2014-04-26 11:04 . 2014-04-26 11:04	--------	d-----w-	c:\program files\Common Files\Adobe
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-05-13 19:08 . 2013-12-06 20:22	70832	----a-w-	c:\windows\system32\FlashPlayerCPLApp.cpl
2014-05-13 19:08 . 2013-12-06 20:22	692400	----a-w-	c:\windows\system32\FlashPlayerApp.exe
2014-04-11 19:02 . 2014-04-11 19:02	50728	----a-w-	c:\windows\system32\drivers\vrtaucbl.sys
2014-03-31 07:35 . 2013-12-06 17:22	231584	------w-	c:\windows\system32\MpSigStub.exe
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Nvtmru"="c:\program files\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe" [2013-11-14 1028384]
"ShadowPlay"="c:\windows\system32\nvspcap.dll" [2013-12-10 982232]
"NvBackend"="c:\program files\NVIDIA Corporation\Update Core\NvBackend.exe" [2013-12-10 2279712]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-12-21 959904]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"SPReview"="c:\windows\System32\SPReview\SPReview.exe" [2013-12-08 280576]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"EnableSecureUIAPath"= 1 (0x1)
.
R2 MBAMService;MBAMService;g:\jans stuff\ Malwarebytes Anti-Malware \mbamservice.exe [2014-04-03 857912]
R3 BEService;BattlEye Service;c:\program files\Common Files\BattlEye\BEService.exe [2013-12-06 49152]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe [2014-03-06 108032]
R3 MBAMWebAccessControl;MBAMWebAccessControl;c:\windows\system32\drivers\mwac.sys [2014-04-03 51416]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2010-11-20 15872]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
S2 cvhsvc;Client Virtualization Handler;c:\program files\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2012-02-07 822624]
S2 MBAMScheduler;MBAMScheduler;g:\jans stuff\ Malwarebytes Anti-Malware \mbamscheduler.exe [2014-04-03 1809720]
S2 NvNetworkService;NVIDIA Network Service;c:\program files\NVIDIA Corporation\NetService\NvNetworkService.exe [2013-12-10 1494304]
S2 NvStreamSvc;NVIDIA Streamer Service;c:\program files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [2013-12-10 14658848]
S2 sftlist;Application Virtualization Client;c:\program files\Microsoft Application Virtualization Client\sftlist.exe [2011-10-01 508776]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2013-12-19 411936]
S3 EuMusDesignVirtualAudioCableWdm;Virtual Audio Cable (WDM);c:\windows\system32\DRIVERS\vrtaucbl.sys [2014-04-11 50728]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2014-04-03 23256]
S3 netw5v32;Intel(R) Wireless WiFi Link 5000-Serie - Adaptertreiber für Windows Vista 32 Bit;c:\windows\system32\DRIVERS\netw5v32.sys [2009-07-13 4231168]
S3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM);c:\windows\system32\drivers\nvvad32v.sys [2013-12-05 34080]
S3 RTL8167;Realtek 8167 NT-Treiber;c:\windows\system32\DRIVERS\Rt86win7.sys [2009-07-13 139776]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfswin7.sys [2011-10-01 581480]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaywin7.sys [2011-10-01 194408]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirwin7.sys [2011-10-01 21864]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvolwin7.sys [2011-10-01 19304]
S3 sftvsa;Application Virtualization Service Agent;c:\program files\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-01 219496]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - WS2IFSL
.
Inhalt des "geplante Tasks" Ordners
.
2014-05-15 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2013-12-06 19:08]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = about:blank
mStart Page = about:blank
uInternet Settings,ProxyServer = http=127.0.0.1:8118;https=127.0.0.1:8118
TCP: DhcpNameServer = 192.168.178.1
FF - ProfilePath - c:\users\Jan\AppData\Roaming\Mozilla\Firefox\Profiles\dcuyuvrt.default\
FF - prefs.js: browser.startup.homepage - google.de
FF - prefs.js: network.proxy.http - 127.0.0.1
FF - prefs.js: network.proxy.http_port - 8118
FF - prefs.js: network.proxy.ssl - 127.0.0.1
FF - prefs.js: network.proxy.ssl_port - 8118
FF - prefs.js: network.proxy.type - 1
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\windows\system32\nvvsvc.exe
c:\program files\NVIDIA Corporation\Display\nvxdsync.exe
c:\windows\system32\nvvsvc.exe
c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\windows\system32\conhost.exe
c:\windows\system32\taskhost.exe
c:\users\Jan\AppData\Roaming\InetStat\inetstat.exe
c:\windows\System32\rundll32.exe
c:\windows\System32\WUDFHost.exe
c:\windows\system32\conhost.exe
c:\program files\NVIDIA Corporation\Display\nvtray.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\windows\system32\sppsvc.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2014-05-16  09:57:31 - PC wurde neu gestartet
ComboFix-quarantined-files.txt  2014-05-16 07:57
.
Vor Suchlauf: 9 Verzeichnis(se), 26.221.416.448 Bytes frei
Nach Suchlauf: 14 Verzeichnis(se), 26.011.750.400 Bytes frei
.
- - End Of File - - 0253FFA8CABAFF294B2627DE2B1393C1
A36C5E4F47E84449FF07ED3517B43A31
         
Mir ist nachdem Combofix Scan aufgefallen,
dass ich meinen Firefox Mozilla Browser nicht benutzen kann.
Folgende Meldung:
Fehler: "Proxy-Server verweigert die Verbindung
Firefox wurde konfiguriert, einen Proxy-Server zu nutzen, der die Verbindung zurückweist."


Gruß JanR91
__________________

Alt 17.05.2014, 13:01   #4
schrauber
/// the machine
/// TB-Ausbilder
 

Windows 7(32Bit): CPU Auslastung hoch/möglicher Virenbefall - Standard

Windows 7(32Bit): CPU Auslastung hoch/möglicher Virenbefall



Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument

Code:
ATTFilter
FF NetworkProxy: "http", "127.0.0.1"
FF NetworkProxy: "http_port", 8118
FF NetworkProxy: "ssl", "127.0.0.1"
FF NetworkProxy: "ssl_port", 8118
FF NetworkProxy: "type", 1
         

Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
  • Starte nun FRST erneut und klicke den Entfernen Button.
  • Das Tool erstellt eine Fixlog.txt.
  • Poste mir deren Inhalt.





Downloade Dir bitte Malwarebytes Anti-Malware
  • Installiere das Programm in den vorgegebenen Pfad. (Bebilderte Anleitung zu MBAM)
  • Starte Malwarebytes' Anti-Malware (MBAM).
  • Klicke im Anschluss auf Scannen, wähle den Bedrohungssuchlauf aus und klicke auf Suchlauf starten.
  • Lass am Ende des Suchlaufs alle Funde (falls vorhanden) in die Quarantäne verschieben. Klicke dazu auf Auswahl entfernen.
  • Lass deinen Rechner ggf. neu starten, um die Bereinigung abzuschließen.
  • Starte MBAM, klicke auf Verlauf und dann auf Anwendungsprotokolle.
  • Wähle das neueste Scan-Protokoll aus und klicke auf Export. Wähle Textdatei (.txt) aus und speichere die Datei als mbam.txt auf dem Desktop ab. Das Logfile von MBAM findest du hier.
  • Füge den Inhalt der mbam.txt mit deiner nächsten Antwort hinzu.


Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

  • Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
  • Drücke eine beliebige Taste, um das Tool zu starten.
  • Je nach System kann der Scan eine Weile dauern.
  • Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
  • Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.


und ein frisches FRST log bitte.
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 17.05.2014, 13:38   #5
JanR91
 
Windows 7(32Bit): CPU Auslastung hoch/möglicher Virenbefall - Standard

Windows 7(32Bit): CPU Auslastung hoch/möglicher Virenbefall



Hallo,

Fixlog.txt:
Code:
ATTFilter
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version:15-05-2014
Ran by Jan at 2014-05-17 14:04:49 Run:2
Running from C:\Users\Jan\Desktop
Boot Mode: Normal

==============================================

Content of fixlist:
*****************
FF NetworkProxy: "http", "127.0.0.1"
FF NetworkProxy: "http_port", 8118
FF NetworkProxy: "ssl", "127.0.0.1"
FF NetworkProxy: "ssl_port", 8118
FF NetworkProxy: "type", 1
*****************

Firefox Proxy settings were reset.
Firefox Proxy settings were reset.
Firefox Proxy settings were reset.
Firefox Proxy settings were reset.
Firefox Proxy settings were reset.

==== End of Fixlog ====
         
mbamlog:
Code:
ATTFilter
 Malwarebytes Anti-Malware 
www.malwarebytes.org

Suchlauf Datum: 17.05.2014
Suchlauf-Zeit: 14:16:42
Logdatei: mbam.txt
Administrator: Ja

Version: 2.00.1.1004
Malware Datenbank: v2014.05.17.05
Rootkit Datenbank: v2014.03.27.01
Lizenz: Testversion
Malware Schutz: Aktiviert
Bösartiger Webseiten Schutz: Aktiviert
Chameleon: Deaktiviert

Betriebssystem: Windows 7 Service Pack 1
CPU: x86
Dateisystem: NTFS
Benutzer: Jan

Suchlauf-Art: Bedrohungs-Suchlauf
Ergebnis: Abgeschlossen
Durchsuchte Objekte: 259158
Verstrichene Zeit: 10 Min, 39 Sek

Speicher: Aktiviert
Autostart: Aktiviert
Dateisystem: Aktiviert
Archive: Aktiviert
Rootkits: Deaktiviert
Shuriken: Aktiviert
PUP: Aktiviert
PUM: Aktiviert

Prozesse: 0
(No malicious items detected)

Module: 0
(No malicious items detected)

Registrierungsschlüssel: 0
(No malicious items detected)

Registrierungswerte: 0
(No malicious items detected)

Registrierungsdaten: 0
(No malicious items detected)

Ordner: 0
(No malicious items detected)

Dateien: 0
(No malicious items detected)

Physische Sektoren: 0
(No malicious items detected)


(end)
         
adwcleanerlog:
Code:
ATTFilter
# AdwCleaner v3.208 - Bericht erstellt am 17/05/2014 um 14:20:34
# Aktualisiert 11/05/2014 von Xplode
# Betriebssystem : Windows 7 Ultimate Service Pack 1 (32 bits)
# Benutzername : Jan - JAN-PC
# Gestartet von : C:\Users\Jan\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\KT92EIP2\adwcleaner_3.208.exe
# Option : Löschen

***** [ Dienste ] *****


***** [ Dateien / Ordner ] *****


***** [ Verknüpfungen ] *****


***** [ Registrierungsdatenbank ] *****


***** [ Browser ] *****

-\\ Internet Explorer v11.0.9600.17041


-\\ Mozilla Firefox v29.0.1 (de)

[ Datei : C:\Users\Jan\AppData\Roaming\Mozilla\Firefox\Profiles\dcuyuvrt.default\prefs.js ]


-\\ Google Chrome v

*************************

AdwCleaner[R0].txt - [892 octets] - [17/05/2014 14:21:03]
AdwCleaner[S0].txt - [814 octets] - [17/05/2014 14:21:34]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [873 octets] ##########
         
JRT.txt:
Code:
ATTFilter
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.3 (03.23.2014:1)
OS: Windows 7 Ultimate x86
Ran by Jan on 17.05.2014 at 14:28:45,70
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys



~~~ Files



~~~ Folders



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 17.05.2014 at 14:30:47,98
Computer was rebooted
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
         
Neues FRST.txt:

FRST Logfile:

FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:15-05-2014
Ran by Jan (administrator) on JAN-PC on 17-05-2014 14:37:04
Running from C:\Users\Jan\Desktop
Platform: Microsoft Windows 7 Ultimate  Service Pack 1 (X86) OS Language: German Standard
Internet Explorer Version 11
Boot Mode: Normal



==================== Processes (Whitelisted) =================

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Malwarebytes Corporation) C:\Program Files\ Malwarebytes Anti-Malware \mbamscheduler.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Update Core\NvBackend.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
() C:\Users\Jan\AppData\Roaming\InetStat\inetstat.exe
(Microsoft Corporation) C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe
(Microsoft Corporation) C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Windows\System32\MsSpellCheckingFacility.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [Nvtmru] => C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe [1028384 2013-11-14] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\nvspcap.dll [982232 2013-12-10] (NVIDIA Corporation)
HKLM\...\Run: [NvBackend] => C:\Program Files\NVIDIA Corporation\Update Core\NvBackend.exe [2279712 2013-12-10] (NVIDIA Corporation)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-12-21] (Adobe Systems Incorporated)
HKU\.DEFAULT\...\RunOnce: [SPReview] - C:\Windows\System32\SPReview\SPReview.exe [280576 2013-12-09] (Microsoft Corporation)
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION

==================== Internet (Whitelisted) ====================

ProxyServer: http=127.0.0.1:8118;https=127.0.0.1:8118
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
SearchScopes: HKLM - DefaultScope value is missing.
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1

FireFox:
========
FF ProfilePath: C:\Users\Jan\AppData\Roaming\Mozilla\Firefox\Profiles\dcuyuvrt.default
FF Homepage: google.de
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_13_0_0_214.dll ()
FF Plugin: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~1\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin: @nvidia.com/3DVision - C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin: @nvidia.com/3DVisionStreaming - C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF HKCU\...\Firefox\Extensions: [{B9CAB6E3-383E-2705-9275-E9FFFCD2C970}] - C:\Program Files\BlockAndSurf-soft\161.xpi

========================== Services (Whitelisted) =================

S3 BEService; C:\Program Files\Common Files\BattlEye\BEService.exe [49152 2013-12-06] ()
R2 MBAMScheduler; C:\Program Files\ Malwarebytes Anti-Malware \mbamscheduler.exe [1809720 2014-04-03] (Malwarebytes Corporation)
S2 MBAMService; C:\Program Files\ Malwarebytes Anti-Malware \mbamservice.exe [857912 2014-04-03] (Malwarebytes Corporation)
R2 NvNetworkService; C:\Program Files\NVIDIA Corporation\NetService\NvNetworkService.exe [1494304 2013-12-10] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [14658848 2013-12-10] (NVIDIA Corporation)

==================== Drivers (Whitelisted) ====================

R3 EuMusDesignVirtualAudioCableWdm; C:\Windows\System32\DRIVERS\vrtaucbl.sys [50728 2014-04-11] (Eugene V. Muzychenko)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [23256 2014-04-03] (Malwarebytes Corporation)
S3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [107736 2014-05-17] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [51416 2014-04-03] (Malwarebytes Corporation)
R3 MTsensor; C:\Windows\System32\DRIVERS\ATKACPI.sys [7680 2007-07-31] (ATK0100)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad32v.sys [34080 2013-12-05] (NVIDIA Corporation)
R3 Sftfs; C:\Windows\System32\DRIVERS\Sftfswin7.sys [581480 2011-10-01] (Microsoft Corporation)
R3 Sftplay; C:\Windows\System32\DRIVERS\Sftplaywin7.sys [194408 2011-10-01] (Microsoft Corporation)
R3 Sftredir; C:\Windows\System32\DRIVERS\Sftredirwin7.sys [21864 2011-10-01] (Microsoft Corporation)
R3 Sftvol; C:\Windows\System32\DRIVERS\Sftvolwin7.sys [19304 2011-10-01] (Microsoft Corporation)
S3 catchme; \??\C:\Users\Jan\AppData\Local\Temp\catchme.sys [X]
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X]
S3 tsusbhub; system32\drivers\tsusbhub.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
U5 VWiFiFlt; C:\Windows\System32\Drivers\VWiFiFlt.sys [48128 2009-07-14] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-05-17 14:30 - 2014-05-17 14:30 - 00000642 _____ () C:\Users\Jan\Desktop\JRT.txt
2014-05-17 14:19 - 2014-05-17 14:19 - 00000000 ____D () C:\Program Files\Common Files\Lavasoft
2014-05-16 20:08 - 2014-05-16 20:21 - 00000000 ____D () C:\Program Files\Google
2014-05-16 17:11 - 2014-05-17 14:37 - 00006881 _____ () C:\Users\Jan\Desktop\FRST.txt
2014-05-16 17:00 - 2014-05-16 17:00 - 00000000 ____D () C:\Windows\ERUNT
2014-05-16 16:57 - 2014-05-16 16:57 - 01016261 _____ (Thisisu) C:\Users\Jan\Desktop\JRT.exe
2014-05-16 16:46 - 2014-05-16 16:46 - 00000952 _____ () C:\Users\Jan\Desktop\AdwCleaner[S0].txt
2014-05-16 16:42 - 2014-05-17 14:21 - 00000000 ____D () C:\AdwCleaner
2014-05-16 16:41 - 2014-05-17 14:17 - 00001147 _____ () C:\Users\Jan\Desktop\mbam.txt
2014-05-16 16:28 - 2014-05-16 16:28 - 00001060 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-05-16 16:28 - 2014-05-16 16:28 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2014-05-16 16:28 - 2014-05-16 16:28 - 00000000 ____D () C:\Program Files\ Malwarebytes Anti-Malware 
2014-05-16 16:28 - 2014-04-03 09:51 - 00073432 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-05-16 16:28 - 2014-04-03 09:51 - 00051416 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-05-16 16:28 - 2014-04-03 09:50 - 00023256 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-05-16 09:57 - 2014-05-16 09:57 - 00011190 _____ () C:\ComboFix.txt
2014-05-16 09:44 - 2014-05-16 09:57 - 00000000 ____D () C:\Qoobox
2014-05-16 09:44 - 2014-05-16 09:57 - 00000000 ____D () C:\ComboFix
2014-05-16 09:44 - 2014-05-16 09:56 - 00000000 ____D () C:\Windows\erdnt
2014-05-16 09:44 - 2011-06-26 08:45 - 00256000 _____ () C:\Windows\PEV.exe
2014-05-16 09:44 - 2010-11-07 19:20 - 00208896 _____ () C:\Windows\MBR.exe
2014-05-16 09:44 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2014-05-16 09:44 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2014-05-16 09:44 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2014-05-16 09:44 - 2000-08-31 02:00 - 00098816 _____ () C:\Windows\sed.exe
2014-05-16 09:44 - 2000-08-31 02:00 - 00080412 _____ () C:\Windows\grep.exe
2014-05-16 09:44 - 2000-08-31 02:00 - 00068096 _____ () C:\Windows\zip.exe
2014-05-16 09:40 - 2014-05-16 09:41 - 05200990 ____R (Swearware) C:\Users\Jan\Downloads\ComboFix.exe
2014-05-16 00:42 - 2014-05-16 00:42 - 00023769 _____ () C:\Users\Jan\Desktop\Gmer.log
2014-05-16 00:31 - 2014-05-16 00:32 - 00020084 _____ () C:\Users\Jan\Downloads\Addition.txt
2014-05-16 00:30 - 2014-05-17 14:37 - 00000000 ____D () C:\FRST
2014-05-16 00:30 - 2014-05-16 00:32 - 00030016 _____ () C:\Users\Jan\Downloads\FRST.txt
2014-05-16 00:29 - 2014-05-16 00:29 - 00000468 _____ () C:\Users\Jan\Downloads\defogger_disable.log
2014-05-16 00:29 - 2014-05-16 00:29 - 00000000 _____ () C:\Users\Jan\defogger_reenable
2014-05-16 00:27 - 2014-05-16 00:27 - 01056768 _____ (Farbar) C:\Users\Jan\Desktop\FRST.exe
2014-05-16 00:27 - 2014-05-16 00:27 - 00380416 _____ () C:\Users\Jan\Downloads\Gmer-19357.exe
2014-05-16 00:26 - 2014-05-16 00:26 - 00050477 _____ () C:\Users\Jan\Downloads\Defogger.exe
2014-05-15 14:21 - 2014-05-15 14:21 - 00000498 _____ () C:\DelFix.txt
2014-05-15 13:59 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\Windows\system32\sqlite3.dll
2014-05-15 13:40 - 2014-05-15 13:40 - 00000000 ____D () C:\Users\Jan\Documents\ProcAlyzer Dumps
2014-05-15 01:36 - 2014-05-06 05:25 - 17382912 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-05-15 01:36 - 2014-05-06 05:07 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-05-15 01:36 - 2014-05-06 04:10 - 00069632 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-05-14 20:04 - 2014-05-14 20:04 - 00000199 _____ () C:\Users\Jan\Desktop\Counter-Strike Global Offensive.url
2014-05-14 19:34 - 2014-05-14 19:34 - 00001117 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2014-05-14 19:34 - 2014-05-14 19:34 - 00001105 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2014-05-14 19:34 - 2014-05-14 19:34 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2014-05-14 12:19 - 2014-05-14 12:19 - 00000000 ____D () C:\Users\Jan\AppData\Roaming\LavasoftStatistics
2014-05-14 11:11 - 2014-05-15 14:02 - 00000000 ____D () C:\Program Files\Spybot - Search & Destroy 2
2014-05-14 11:11 - 2014-05-15 13:55 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2014-05-14 11:10 - 2014-05-17 12:54 - 00107736 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-05-14 11:08 - 2014-05-15 13:43 - 00000000 ____D () C:\Program Files\Lavasoft
2014-05-14 11:06 - 2014-05-14 11:06 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-05-14 11:04 - 2014-05-14 11:04 - 46392680 _____ (Safer-Networking Ltd. ) C:\Users\Jan\Downloads\spybot-2.3.exe
2014-05-14 11:03 - 2014-05-14 11:03 - 17305616 _____ (Malwarebytes Corporation ) C:\Users\Jan\Downloads\mbam-setup-2.0.1.1004.exe
2014-05-14 11:03 - 2014-05-14 11:03 - 00000000 ____D () C:\ProgramData\Lavasoft
2014-05-14 09:26 - 2014-05-09 09:06 - 00369664 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-05-14 09:26 - 2014-05-09 09:04 - 00302592 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-05-14 09:26 - 2014-04-12 04:15 - 00136640 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2014-05-14 09:26 - 2014-04-12 04:15 - 00067520 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2014-05-14 09:26 - 2014-04-12 04:12 - 00100352 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2014-05-14 09:26 - 2014-04-12 04:12 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2014-05-14 09:26 - 2014-04-12 04:12 - 00015872 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2014-05-14 09:26 - 2014-04-12 04:11 - 01059840 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-05-14 09:26 - 2014-04-12 04:11 - 00022528 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2014-05-14 09:26 - 2014-03-25 04:09 - 12874240 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2014-05-14 09:26 - 2014-03-04 11:20 - 03969984 _____ (Microsoft Corporation) C:\Windows\system32\ntkrnlpa.exe
2014-05-14 09:26 - 2014-03-04 11:20 - 03914176 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2014-05-14 09:26 - 2014-03-04 11:17 - 00550912 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-05-14 09:26 - 2014-03-04 11:17 - 00538112 _____ (Microsoft Corporation) C:\Windows\system32\objsel.dll
2014-05-14 09:26 - 2014-03-04 11:17 - 00304128 _____ (Microsoft Corporation) C:\Windows\system32\winlogon.exe
2014-05-14 09:26 - 2014-03-04 11:17 - 00293376 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2014-05-14 09:26 - 2014-03-04 11:17 - 00259584 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2014-05-14 09:26 - 2014-03-04 11:17 - 00247808 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2014-05-14 09:26 - 2014-03-04 11:17 - 00172032 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2014-05-14 09:26 - 2014-03-04 11:17 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2014-05-14 09:26 - 2014-03-04 11:17 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\cngprovider.dll
2014-05-14 09:26 - 2014-03-04 11:17 - 00049664 _____ (Microsoft Corporation) C:\Windows\system32\adprovider.dll
2014-05-14 09:26 - 2014-03-04 11:17 - 00048128 _____ (Microsoft Corporation) C:\Windows\system32\capiprovider.dll
2014-05-14 09:26 - 2014-03-04 11:17 - 00047616 _____ (Microsoft Corporation) C:\Windows\system32\dpapiprovider.dll
2014-05-14 09:26 - 2014-03-04 11:17 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\dimsroam.dll
2014-05-14 09:26 - 2014-03-04 11:17 - 00035328 _____ (Microsoft Corporation) C:\Windows\system32\wincredprovider.dll
2014-05-14 09:26 - 2014-03-04 11:17 - 00017408 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2014-05-13 22:55 - 2014-05-13 22:55 - 00000000 __SHD () C:\Users\Jan\AppData\Local\EmieUserList
2014-05-13 22:55 - 2014-05-13 22:55 - 00000000 __SHD () C:\Users\Jan\AppData\Local\EmieSiteList
2014-05-13 22:53 - 2014-05-13 22:53 - 00000000 ____D () C:\Program Files\MSR
2014-05-13 22:52 - 2014-05-13 22:52 - 00000512 __RSH () C:\ProgramData\ntuser.pol
2014-05-13 22:52 - 2014-05-13 22:52 - 00000000 ____D () C:\Users\Jan\AppData\Roaming\wi_upd
2014-05-13 22:52 - 2014-05-13 22:52 - 00000000 ____D () C:\Users\Jan\AppData\Roaming\InetStat
2014-05-13 22:52 - 2014-05-13 22:52 - 00000000 ____D () C:\Users\Jan\AppData\Roaming\GetPrivate
2014-05-13 22:51 - 2014-05-13 22:51 - 02271256 _____ () C:\Users\Jan\Downloads\Garrys.Mod.v13.06.20-v13.07.05.Update.exe
2014-05-13 22:37 - 2014-05-13 22:37 - 00222184 _____ (Deposit Files) C:\Users\Jan\Downloads\dfdownloader_xMdXQR_.exe
2014-05-13 22:19 - 2014-05-13 22:39 - 1015875267 _____ () C:\Users\Jan\Downloads\CSS_2013_patch_1909615_nosTEAM.exe
2014-05-13 21:19 - 2014-05-13 21:19 - 00222184 _____ (Deposit Files) C:\Users\Jan\Downloads\dfdownloader_luc4Mu_.exe
2014-05-13 21:07 - 2014-05-14 12:24 - 00000000 ____D () C:\Users\Jan\AppData\Roaming\uTorrent
2014-05-13 21:06 - 2014-05-13 21:06 - 01670992 _____ (BitTorrent Inc.) C:\Users\Jan\Downloads\uTorrent_3.4.1_31139.exe
2014-05-13 21:00 - 2014-05-13 21:00 - 00222184 _____ (Deposit Files) C:\Users\Jan\Downloads\dfdownloader_sbRdYx_.exe
2014-05-12 22:50 - 2014-05-12 22:50 - 00000000 ____D () C:\ProgramData\ItsMyApp
2014-05-12 22:49 - 2014-05-16 20:21 - 00000000 ____D () C:\Users\Jan\AppData\Local\Google
2014-05-12 22:49 - 2014-05-14 12:25 - 00000000 ____D () C:\ProgramData\18be15233c43999c
2014-05-12 22:49 - 2014-05-12 22:49 - 00000000 ____D () C:\Users\Jan\AppData\Local\Comodo
2014-05-12 22:49 - 2014-05-12 22:49 - 00000000 ____D () C:\Users\Jan\AppData\Local\Chromatic Browser
2014-05-12 22:49 - 2014-05-12 22:49 - 00000000 ____D () C:\Users\Gast\AppData\Local\Google
2014-05-12 22:49 - 2014-05-12 22:49 - 00000000 ____D () C:\Users\Gast\AppData\Local\Comodo
2014-05-12 22:49 - 2014-05-12 22:49 - 00000000 ____D () C:\Users\Gast\AppData\Local\Chromatic Browser
2014-05-12 22:49 - 2014-05-12 22:49 - 00000000 ____D () C:\Users\Gast
2014-05-12 22:49 - 2014-05-12 22:49 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Google
2014-05-12 22:49 - 2014-05-12 22:49 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Comodo
2014-05-12 22:49 - 2014-05-12 22:49 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Chromatic Browser
2014-05-12 22:49 - 2014-05-12 22:49 - 00000000 ____D () C:\Users\Administrator
2014-05-12 22:48 - 2014-05-12 22:55 - 00000000 ____D () C:\ProgramData\InstallMate
2014-05-12 22:38 - 2014-02-12 22:26 - 00000426 _____ () C:\AVScanner.ini
2014-05-12 22:10 - 2014-05-13 22:46 - 00000000 ____D () C:\Users\Jan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games
2014-05-12 22:07 - 2014-05-12 22:07 - 00000000 ____D () C:\Users\Jan\Documents\230828-672014-dungeon-keeper-2.rar
2014-05-10 17:56 - 2014-05-14 19:34 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-05-06 17:34 - 2014-05-15 13:10 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-05-02 21:03 - 2014-05-02 21:03 - 03441423 _____ () C:\Users\Jan\Downloads\Instalok - Pick Anyone (Jason Derulo -
2014-04-29 18:12 - 2014-03-06 10:31 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-04-29 18:12 - 2014-03-06 10:02 - 00455168 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-04-29 18:12 - 2014-03-06 10:02 - 00061952 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-04-29 18:12 - 2014-03-06 10:01 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-04-29 18:12 - 2014-03-06 09:47 - 02178048 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-04-29 18:12 - 2014-03-06 09:46 - 04254720 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-04-29 18:12 - 2014-03-06 09:46 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-04-29 18:12 - 2014-03-06 09:45 - 00032768 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-04-29 18:12 - 2014-03-06 09:40 - 00440832 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-04-29 18:12 - 2014-03-06 09:38 - 00112128 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-04-29 18:12 - 2014-03-06 09:38 - 00108032 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-04-29 18:12 - 2014-03-06 09:36 - 00592896 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-04-29 18:12 - 2014-03-06 09:28 - 00646144 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-04-29 18:12 - 2014-03-06 09:22 - 00367616 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-04-29 18:12 - 2014-03-06 09:18 - 00575488 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-04-29 18:12 - 2014-03-06 09:13 - 00032256 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-04-29 18:12 - 2014-03-06 09:07 - 00164864 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-04-29 18:12 - 2014-03-06 09:01 - 00244224 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-04-29 18:12 - 2014-03-06 08:46 - 00524288 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-04-29 18:12 - 2014-03-06 08:40 - 01967104 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-04-29 18:12 - 2014-03-06 08:36 - 11745792 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-04-29 18:12 - 2014-03-06 07:43 - 00704512 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-04-29 18:12 - 2014-03-06 07:41 - 01789440 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-04-29 18:12 - 2014-03-06 07:36 - 01143808 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-04-26 13:05 - 2014-05-14 12:24 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2014-04-26 13:05 - 2014-04-26 13:05 - 00001993 _____ () C:\Users\Public\Desktop\Adobe Reader XI.lnk
2014-04-26 13:04 - 2014-04-26 13:07 - 00000000 ____D () C:\ProgramData\Adobe
2014-04-26 13:04 - 2014-04-26 13:04 - 00000000 ____D () C:\Program Files\Common Files\Adobe
2014-04-26 13:04 - 2014-04-26 13:04 - 00000000 ____D () C:\Program Files\Adobe
2014-04-18 23:28 - 2014-04-18 23:28 - 04440764 _____ () C:\Users\Jan\Downloads\Pinkzebra

==================== One Month Modified Files and Folders =======

2014-05-17 14:37 - 2014-05-16 17:11 - 00006881 _____ () C:\Users\Jan\Desktop\FRST.txt
2014-05-17 14:37 - 2014-05-16 00:30 - 00000000 ____D () C:\FRST
2014-05-17 14:35 - 2009-07-14 06:34 - 00014016 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-05-17 14:35 - 2009-07-14 06:34 - 00014016 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-05-17 14:32 - 2013-12-06 19:08 - 01622164 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-05-17 14:30 - 2014-05-17 14:30 - 00000642 _____ () C:\Users\Jan\Desktop\JRT.txt
2014-05-17 14:28 - 2013-12-06 20:15 - 00000000 ____D () C:\ProgramData\NVIDIA
2014-05-17 14:28 - 2009-07-14 06:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-05-17 14:28 - 2009-07-14 06:39 - 00060150 _____ () C:\Windows\setupact.log
2014-05-17 14:26 - 2013-12-06 18:47 - 01335680 _____ () C:\Windows\WindowsUpdate.log
2014-05-17 14:23 - 2013-12-09 17:20 - 00153128 _____ () C:\Windows\PFRO.log
2014-05-17 14:21 - 2014-05-16 16:42 - 00000000 ____D () C:\AdwCleaner
2014-05-17 14:19 - 2014-05-17 14:19 - 00000000 ____D () C:\Program Files\Common Files\Lavasoft
2014-05-17 14:17 - 2014-05-16 16:41 - 00001147 _____ () C:\Users\Jan\Desktop\mbam.txt
2014-05-17 14:08 - 2013-12-06 22:22 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-05-17 12:59 - 2013-12-13 16:17 - 00000000 ____D () C:\Users\Jan\AppData\Roaming\TS3Client
2014-05-17 12:54 - 2014-05-14 11:10 - 00107736 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-05-16 20:22 - 2013-12-06 22:21 - 00000000 ____D () C:\Users\Jan\AppData\Local\Adobe
2014-05-16 20:21 - 2014-05-16 20:08 - 00000000 ____D () C:\Program Files\Google
2014-05-16 20:21 - 2014-05-12 22:49 - 00000000 ____D () C:\Users\Jan\AppData\Local\Google
2014-05-16 20:08 - 2013-12-06 22:22 - 00692400 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2014-05-16 20:08 - 2013-12-06 22:22 - 00070832 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2014-05-16 17:00 - 2014-05-16 17:00 - 00000000 ____D () C:\Windows\ERUNT
2014-05-16 16:57 - 2014-05-16 16:57 - 01016261 _____ (Thisisu) C:\Users\Jan\Desktop\JRT.exe
2014-05-16 16:46 - 2014-05-16 16:46 - 00000952 _____ () C:\Users\Jan\Desktop\AdwCleaner[S0].txt
2014-05-16 16:46 - 2009-07-14 06:53 - 00032630 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-05-16 16:28 - 2014-05-16 16:28 - 00001060 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-05-16 16:28 - 2014-05-16 16:28 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2014-05-16 16:28 - 2014-05-16 16:28 - 00000000 ____D () C:\Program Files\ Malwarebytes Anti-Malware 
2014-05-16 09:57 - 2014-05-16 09:57 - 00011190 _____ () C:\ComboFix.txt
2014-05-16 09:57 - 2014-05-16 09:44 - 00000000 ____D () C:\Qoobox
2014-05-16 09:57 - 2014-05-16 09:44 - 00000000 ____D () C:\ComboFix
2014-05-16 09:57 - 2009-07-14 04:37 - 00000000 __RHD () C:\Users\Default
2014-05-16 09:57 - 2009-07-14 04:37 - 00000000 ___RD () C:\Users\Public
2014-05-16 09:56 - 2014-05-16 09:44 - 00000000 ____D () C:\Windows\erdnt
2014-05-16 09:54 - 2009-07-14 04:04 - 00000215 _____ () C:\Windows\system.ini
2014-05-16 09:52 - 2009-07-14 04:03 - 36700160 _____ () C:\Windows\system32\config\SOFTWARE.bak
2014-05-16 09:52 - 2009-07-14 04:03 - 13107200 _____ () C:\Windows\system32\config\SYSTEM.bak
2014-05-16 09:52 - 2009-07-14 04:03 - 00524288 _____ () C:\Windows\system32\config\DEFAULT.bak
2014-05-16 09:52 - 2009-07-14 04:03 - 00262144 _____ () C:\Windows\system32\config\SECURITY.bak
2014-05-16 09:52 - 2009-07-14 04:03 - 00262144 _____ () C:\Windows\system32\config\SAM.bak
2014-05-16 09:41 - 2014-05-16 09:40 - 05200990 ____R (Swearware) C:\Users\Jan\Downloads\ComboFix.exe
2014-05-16 00:42 - 2014-05-16 00:42 - 00023769 _____ () C:\Users\Jan\Desktop\Gmer.log
2014-05-16 00:32 - 2014-05-16 00:31 - 00020084 _____ () C:\Users\Jan\Downloads\Addition.txt
2014-05-16 00:32 - 2014-05-16 00:30 - 00030016 _____ () C:\Users\Jan\Downloads\FRST.txt
2014-05-16 00:29 - 2014-05-16 00:29 - 00000468 _____ () C:\Users\Jan\Downloads\defogger_disable.log
2014-05-16 00:29 - 2014-05-16 00:29 - 00000000 _____ () C:\Users\Jan\defogger_reenable
2014-05-16 00:29 - 2013-12-06 19:26 - 00000000 ____D () C:\Users\Jan
2014-05-16 00:27 - 2014-05-16 00:27 - 01056768 _____ (Farbar) C:\Users\Jan\Desktop\FRST.exe
2014-05-16 00:27 - 2014-05-16 00:27 - 00380416 _____ () C:\Users\Jan\Downloads\Gmer-19357.exe
2014-05-16 00:26 - 2014-05-16 00:26 - 00050477 _____ () C:\Users\Jan\Downloads\Defogger.exe
2014-05-15 14:21 - 2014-05-15 14:21 - 00000498 _____ () C:\DelFix.txt
2014-05-15 14:02 - 2014-05-14 11:11 - 00000000 ____D () C:\Program Files\Spybot - Search & Destroy 2
2014-05-15 14:00 - 2013-12-06 19:27 - 00001144 _____ () C:\Users\Jan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-05-15 13:55 - 2014-05-14 11:11 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2014-05-15 13:43 - 2014-05-14 11:08 - 00000000 ____D () C:\Program Files\Lavasoft
2014-05-15 13:40 - 2014-05-15 13:40 - 00000000 ____D () C:\Users\Jan\Documents\ProcAlyzer Dumps
2014-05-15 13:25 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\Microsoft.NET
2014-05-15 13:10 - 2014-05-06 17:34 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-05-15 13:10 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\system32\de-DE
2014-05-14 20:04 - 2014-05-14 20:04 - 00000199 _____ () C:\Users\Jan\Desktop\Counter-Strike Global Offensive.url
2014-05-14 19:35 - 2013-12-06 19:36 - 00000000 ____D () C:\Users\Jan\AppData\Roaming\Mozilla
2014-05-14 19:34 - 2014-05-14 19:34 - 00001117 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2014-05-14 19:34 - 2014-05-14 19:34 - 00001105 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2014-05-14 19:34 - 2014-05-14 19:34 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2014-05-14 19:34 - 2014-05-10 17:56 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-05-14 12:25 - 2014-05-12 22:49 - 00000000 ____D () C:\ProgramData\18be15233c43999c
2014-05-14 12:24 - 2014-05-13 21:07 - 00000000 ____D () C:\Users\Jan\AppData\Roaming\uTorrent
2014-05-14 12:24 - 2014-04-26 13:05 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2014-05-14 12:19 - 2014-05-14 12:19 - 00000000 ____D () C:\Users\Jan\AppData\Roaming\LavasoftStatistics
2014-05-14 11:06 - 2014-05-14 11:06 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-05-14 11:04 - 2014-05-14 11:04 - 46392680 _____ (Safer-Networking Ltd. ) C:\Users\Jan\Downloads\spybot-2.3.exe
2014-05-14 11:03 - 2014-05-14 11:03 - 17305616 _____ (Malwarebytes Corporation ) C:\Users\Jan\Downloads\mbam-setup-2.0.1.1004.exe
2014-05-14 11:03 - 2014-05-14 11:03 - 00000000 ____D () C:\ProgramData\Lavasoft
2014-05-13 22:55 - 2014-05-13 22:55 - 00000000 __SHD () C:\Users\Jan\AppData\Local\EmieUserList
2014-05-13 22:55 - 2014-05-13 22:55 - 00000000 __SHD () C:\Users\Jan\AppData\Local\EmieSiteList
2014-05-13 22:53 - 2014-05-13 22:53 - 00000000 ____D () C:\Program Files\MSR
2014-05-13 22:52 - 2014-05-13 22:52 - 00000512 __RSH () C:\ProgramData\ntuser.pol
2014-05-13 22:52 - 2014-05-13 22:52 - 00000000 ____D () C:\Users\Jan\AppData\Roaming\wi_upd
2014-05-13 22:52 - 2014-05-13 22:52 - 00000000 ____D () C:\Users\Jan\AppData\Roaming\InetStat
2014-05-13 22:52 - 2014-05-13 22:52 - 00000000 ____D () C:\Users\Jan\AppData\Roaming\GetPrivate
2014-05-13 22:52 - 2009-07-14 04:37 - 00000000 ___HD () C:\Windows\system32\GroupPolicy
2014-05-13 22:51 - 2014-05-13 22:51 - 02271256 _____ () C:\Users\Jan\Downloads\Garrys.Mod.v13.06.20-v13.07.05.Update.exe
2014-05-13 22:46 - 2014-05-12 22:10 - 00000000 ____D () C:\Users\Jan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games
2014-05-13 22:39 - 2014-05-13 22:19 - 1015875267 _____ () C:\Users\Jan\Downloads\CSS_2013_patch_1909615_nosTEAM.exe
2014-05-13 22:37 - 2014-05-13 22:37 - 00222184 _____ (Deposit Files) C:\Users\Jan\Downloads\dfdownloader_xMdXQR_.exe
2014-05-13 21:19 - 2014-05-13 21:19 - 00222184 _____ (Deposit Files) C:\Users\Jan\Downloads\dfdownloader_luc4Mu_.exe
2014-05-13 21:06 - 2014-05-13 21:06 - 01670992 _____ (BitTorrent Inc.) C:\Users\Jan\Downloads\uTorrent_3.4.1_31139.exe
2014-05-13 21:00 - 2014-05-13 21:00 - 00222184 _____ (Deposit Files) C:\Users\Jan\Downloads\dfdownloader_sbRdYx_.exe
2014-05-12 23:14 - 2013-12-06 19:31 - 00000000 ____D () C:\Program Files\Common Files\Steam
2014-05-12 22:55 - 2014-05-12 22:48 - 00000000 ____D () C:\ProgramData\InstallMate
2014-05-12 22:50 - 2014-05-12 22:50 - 00000000 ____D () C:\ProgramData\ItsMyApp
2014-05-12 22:49 - 2014-05-12 22:49 - 00000000 ____D () C:\Users\Jan\AppData\Local\Comodo
2014-05-12 22:49 - 2014-05-12 22:49 - 00000000 ____D () C:\Users\Jan\AppData\Local\Chromatic Browser
2014-05-12 22:49 - 2014-05-12 22:49 - 00000000 ____D () C:\Users\Gast\AppData\Local\Google
2014-05-12 22:49 - 2014-05-12 22:49 - 00000000 ____D () C:\Users\Gast\AppData\Local\Comodo
2014-05-12 22:49 - 2014-05-12 22:49 - 00000000 ____D () C:\Users\Gast\AppData\Local\Chromatic Browser
2014-05-12 22:49 - 2014-05-12 22:49 - 00000000 ____D () C:\Users\Gast
2014-05-12 22:49 - 2014-05-12 22:49 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Google
2014-05-12 22:49 - 2014-05-12 22:49 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Comodo
2014-05-12 22:49 - 2014-05-12 22:49 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Chromatic Browser
2014-05-12 22:49 - 2014-05-12 22:49 - 00000000 ____D () C:\Users\Administrator
2014-05-12 22:20 - 2013-12-06 19:27 - 00000000 ____D () C:\Users\Jan\AppData\Local\VirtualStore
2014-05-12 22:07 - 2014-05-12 22:07 - 00000000 ____D () C:\Users\Jan\Documents\230828-672014-dungeon-keeper-2.rar
2014-05-09 09:06 - 2014-05-14 09:26 - 00369664 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-05-09 09:04 - 2014-05-14 09:26 - 00302592 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-05-08 16:12 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\rescache
2014-05-06 05:25 - 2014-05-15 01:36 - 17382912 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-05-06 05:07 - 2014-05-15 01:36 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-05-06 04:10 - 2014-05-15 01:36 - 00069632 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-05-02 21:03 - 2014-05-02 21:03 - 03441423 _____ () C:\Users\Jan\Downloads\Instalok - Pick Anyone (Jason Derulo -
2014-04-26 13:07 - 2014-04-26 13:04 - 00000000 ____D () C:\ProgramData\Adobe
2014-04-26 13:06 - 2013-12-06 20:53 - 00000000 ____D () C:\Users\Jan\AppData\Roaming\Adobe
2014-04-26 13:05 - 2014-04-26 13:05 - 00001993 _____ () C:\Users\Public\Desktop\Adobe Reader XI.lnk
2014-04-26 13:04 - 2014-04-26 13:04 - 00000000 ____D () C:\Program Files\Common Files\Adobe
2014-04-26 13:04 - 2014-04-26 13:04 - 00000000 ____D () C:\Program Files\Adobe
2014-04-18 23:28 - 2014-04-18 23:28 - 04440764 _____ () C:\Users\Jan\Downloads\Pinkzebra

Some content of TEMP:
====================
C:\Users\Jan\AppData\Local\temp\Quarantine.exe


==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\system32\winlogon.exe
[2014-05-14 09:26] - [2014-03-04 11:17] - 0304128 ____A (Microsoft Corporation) 998507B046BA314CE8245364C686FA67

C:\Windows\system32\wininit.exe => MD5 is legit
C:\Windows\system32\svchost.exe => MD5 is legit
C:\Windows\system32\services.exe => MD5 is legit
C:\Windows\system32\User32.dll => MD5 is legit
C:\Windows\system32\userinit.exe => MD5 is legit
C:\Windows\system32\rpcss.dll => MD5 is legit
C:\Windows\system32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2014-05-09 11:39

==================== End Of Log ============================
         
--- --- ---

--- --- ---

Edit: Firefox funktioniert wieder


Alt 18.05.2014, 12:19   #6
schrauber
/// the machine
/// TB-Ausbilder
 

Windows 7(32Bit): CPU Auslastung hoch/möglicher Virenbefall - Standard

Windows 7(32Bit): CPU Auslastung hoch/möglicher Virenbefall




ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset


Downloade Dir bitte SecurityCheck und:

  • Speichere es auf dem Desktop.
  • Starte SecurityCheck.exe und folge den Anweisungen in der DOS-Box.
  • Wenn der Scan beendet wurde sollte sich ein Textdokument (checkup.txt) öffnen.
Poste den Inhalt bitte hier.

und ein frisches FRST log bitte. Noch Probleme?
__________________
--> Windows 7(32Bit): CPU Auslastung hoch/möglicher Virenbefall

Alt 18.05.2014, 16:49   #7
JanR91
 
Windows 7(32Bit): CPU Auslastung hoch/möglicher Virenbefall - Standard

Windows 7(32Bit): CPU Auslastung hoch/möglicher Virenbefall



Hey! Toll das du auch am Wochenende deine freie Zeit für mich opferst

Hier der ESET LOG:
Code:
ATTFilter
ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=ed0f339d01b1ab439f245210173e4ddd
# engine=18312
# end=finished
# remove_checked=true
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2014-05-18 03:38:08
# local_time=2014-05-18 05:38:08 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1031
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=5893 16776573 100 94 9704 152058679 0 0
# scanned=284283
# found=129
# cleaned=16
# scan_time=7654
sh=845D7CF435FF3AD33D4115C9B07812057F4E85A4 ft=1 fh=c71c001198f425ea vn="Win32/InstalleRex.M evtl. unerwünschte Anwendung" ac=I fn="C:\Users\All Users\InstallMate\{91CE17C6-0BBC-45B9-A752-439E4A2D3530}\Custom.dll"
sh=845D7CF435FF3AD33D4115C9B07812057F4E85A4 ft=1 fh=c71c001198f425ea vn="Win32/InstalleRex.M evtl. unerwünschte Anwendung" ac=I fn="C:\Users\All Users\InstallMate\{991BEE4F-AC45-4282-A069-E46742F8CCB9}\Custom.dll"
sh=B0D85EDF582218EBB796FB32312373D5E6DE1544 ft=1 fh=a34b592311cfac50 vn="Variante von Win32/OutBrowse.D evtl. unerwünschte Anwendung" ac=I fn="C:\Windows.old\Documents and Settings\Jan\AppData\Local\Anwendungsdaten\Temporary Internet Files\Content.IE5\3URR0SX9\Firefox[1].exe"
sh=4694D99C352228A6DA9ACA394DDD481341DDF958 ft=1 fh=fe9c9d8c9ed8715f vn="Variante von Win32/AdWare.PricePeep.B Anwendung" ac=I fn="C:\Windows.old\Documents and Settings\Jan\AppData\Local\Anwendungsdaten\Temporary Internet Files\Content.IE5\3URR0SX9\pricepeep_190001_0102[1].exe"
sh=D7147C4872853E85ACFAAE76E4659FDB028558C3 ft=1 fh=567f598fe98638e2 vn="Variante von Win32/Conduit.SearchProtect.H evtl. unerwünschte Anwendung" ac=I fn="C:\Windows.old\Documents and Settings\Jan\AppData\Local\Anwendungsdaten\Temporary Internet Files\Content.IE5\JD8J1GAT\SPSetup[1].exe"
sh=8EA6C0FFF54649544B8515FCA1F99B6A79DBAC7C ft=1 fh=ba65856fec32e646 vn="Win32/Wajam.F evtl. unerwünschte Anwendung" ac=I fn="C:\Windows.old\Documents and Settings\Jan\AppData\Local\Anwendungsdaten\Temporary Internet Files\Content.IE5\JD8J1GAT\WajamPreExe[1].exe"
sh=DF621B8D09847FEE3632C9271625014F1008D364 ft=1 fh=d2962d1960eca1f8 vn="Win32/OutBrowse.C evtl. unerwünschte Anwendung" ac=I fn="C:\Windows.old\Documents and Settings\Jan\AppData\Local\Anwendungsdaten\Temporary Internet Files\Content.IE5\P1C45P0B\RegCleanSetup10[1].exe"
sh=B15DFB2C9F2B951B0E8645A0245BDEA18FFCAF70 ft=1 fh=a81e235c1d12b2fe vn="Variante von Win32/Skintrim.LQ Trojaner" ac=I fn="C:\Windows.old\Documents and Settings\Jan\AppData\Local\Anwendungsdaten\Temporary Internet Files\Content.IE5\T8ADAM1L\download[1].php"
sh=25966E80BCA21553D85C688AF739814FBE53C189 ft=1 fh=71d6f87cb60ba875 vn="Variante von Win32/AdWare.Lollipop.T Anwendung" ac=I fn="C:\Windows.old\Documents and Settings\Jan\AppData\Local\Anwendungsdaten\Temporary Internet Files\Content.IE5\T8ADAM1L\LollipopInstaller_14762[1].exe"
sh=56111939425FD13EF6450B47F63A508218AE814D ft=1 fh=f3d44f47bb63ae0d vn="Win32/Toolbar.Conduit.R evtl. unerwünschte Anwendung" ac=I fn="C:\Windows.old\Documents and Settings\Jan\AppData\Local\Anwendungsdaten\Temporary Internet Files\Content.IE5\T8ADAM1L\SearchProtectINTSmartInstall[1].exe"
sh=1B6E1D103A63DA0FAF484F912897CEDD1A6C17E5 ft=1 fh=3db16538a669c801 vn="Win32/Wajam.B evtl. unerwünschte Anwendung" ac=I fn="C:\Windows.old\Documents and Settings\Jan\AppData\Local\Anwendungsdaten\Temporary Internet Files\Content.IE5\T8ADAM1L\wajam_download[1].exe"
sh=47D5D3B815057AD8165B7673F996FEA43D77223C ft=1 fh=a2c89f461ec45c30 vn="Win32/Wajam.D evtl. unerwünschte Anwendung" ac=I fn="C:\Windows.old\Documents and Settings\Jan\AppData\Local\Anwendungsdaten\Temporary Internet Files\Content.IE5\T8ADAM1L\wajam_install[1].exe"
sh=B0D85EDF582218EBB796FB32312373D5E6DE1544 ft=1 fh=a34b592311cfac50 vn="Variante von Win32/OutBrowse.D evtl. unerwünschte Anwendung" ac=I fn="C:\Windows.old\Documents and Settings\Jan\AppData\Local\Anwendungsdaten\Temporary Internet Files\Low\Content.IE5\KY6H4LQF\Firefox[1].exe"
sh=B0D85EDF582218EBB796FB32312373D5E6DE1544 ft=1 fh=a34b592311cfac50 vn="Variante von Win32/OutBrowse.D evtl. unerwünschte Anwendung" ac=I fn="C:\Windows.old\Documents and Settings\Jan\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3URR0SX9\Firefox[1].exe"
sh=4694D99C352228A6DA9ACA394DDD481341DDF958 ft=1 fh=fe9c9d8c9ed8715f vn="Variante von Win32/AdWare.PricePeep.B Anwendung" ac=I fn="C:\Windows.old\Documents and Settings\Jan\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3URR0SX9\pricepeep_190001_0102[1].exe"
sh=D7147C4872853E85ACFAAE76E4659FDB028558C3 ft=1 fh=567f598fe98638e2 vn="Variante von Win32/Conduit.SearchProtect.H evtl. unerwünschte Anwendung" ac=I fn="C:\Windows.old\Documents and Settings\Jan\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JD8J1GAT\SPSetup[1].exe"
sh=8EA6C0FFF54649544B8515FCA1F99B6A79DBAC7C ft=1 fh=ba65856fec32e646 vn="Win32/Wajam.F evtl. unerwünschte Anwendung" ac=I fn="C:\Windows.old\Documents and Settings\Jan\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JD8J1GAT\WajamPreExe[1].exe"
sh=DF621B8D09847FEE3632C9271625014F1008D364 ft=1 fh=d2962d1960eca1f8 vn="Win32/OutBrowse.C evtl. unerwünschte Anwendung" ac=I fn="C:\Windows.old\Documents and Settings\Jan\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\P1C45P0B\RegCleanSetup10[1].exe"
sh=B15DFB2C9F2B951B0E8645A0245BDEA18FFCAF70 ft=1 fh=a81e235c1d12b2fe vn="Variante von Win32/Skintrim.LQ Trojaner" ac=I fn="C:\Windows.old\Documents and Settings\Jan\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\T8ADAM1L\download[1].php"
sh=25966E80BCA21553D85C688AF739814FBE53C189 ft=1 fh=71d6f87cb60ba875 vn="Variante von Win32/AdWare.Lollipop.T Anwendung" ac=I fn="C:\Windows.old\Documents and Settings\Jan\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\T8ADAM1L\LollipopInstaller_14762[1].exe"
sh=56111939425FD13EF6450B47F63A508218AE814D ft=1 fh=f3d44f47bb63ae0d vn="Win32/Toolbar.Conduit.R evtl. unerwünschte Anwendung" ac=I fn="C:\Windows.old\Documents and Settings\Jan\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\T8ADAM1L\SearchProtectINTSmartInstall[1].exe"
sh=1B6E1D103A63DA0FAF484F912897CEDD1A6C17E5 ft=1 fh=3db16538a669c801 vn="Win32/Wajam.B evtl. unerwünschte Anwendung" ac=I fn="C:\Windows.old\Documents and Settings\Jan\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\T8ADAM1L\wajam_download[1].exe"
sh=47D5D3B815057AD8165B7673F996FEA43D77223C ft=1 fh=a2c89f461ec45c30 vn="Win32/Wajam.D evtl. unerwünschte Anwendung" ac=I fn="C:\Windows.old\Documents and Settings\Jan\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\T8ADAM1L\wajam_install[1].exe"
sh=B0D85EDF582218EBB796FB32312373D5E6DE1544 ft=1 fh=a34b592311cfac50 vn="Variante von Win32/OutBrowse.D evtl. unerwünschte Anwendung" ac=I fn="C:\Windows.old\Documents and Settings\Jan\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\KY6H4LQF\Firefox[1].exe"
sh=0B43CB23E4C3F9EDBD5BB88DA3ADCFB8160F7F35 ft=1 fh=b9146e162819d8ab vn="Variante von Win32/OutBrowse.D evtl. unerwünschte Anwendung" ac=I fn="C:\Windows.old\Documents and Settings\Jan\AppData\Local\Temp\DownloadManager.exe"
sh=80F6AE1B640B1DFDD7DAB06027E1DEDCDE60FB56 ft=1 fh=9ac637058aa7bd87 vn="Win32/MyPCBackup.A evtl. unerwünschte Anwendung" ac=I fn="C:\Windows.old\Documents and Settings\Jan\AppData\Local\Temp\RegClean10.exe"
sh=C4420C6E94B8CAACCB3811384280D8A93CB0A37D ft=1 fh=25f111c507a31a21 vn="Win32/Toolbar.Conduit.R evtl. unerwünschte Anwendung" ac=I fn="C:\Windows.old\Documents and Settings\Jan\AppData\Local\Temp\SearchProtectINT.exe"
sh=B0D85EDF582218EBB796FB32312373D5E6DE1544 ft=1 fh=a34b592311cfac50 vn="Variante von Win32/OutBrowse.D evtl. unerwünschte Anwendung" ac=I fn="C:\Windows.old\Documents and Settings\Jan\AppData\Local\Temporary Internet Files\Content.IE5\3URR0SX9\Firefox[1].exe"
sh=4694D99C352228A6DA9ACA394DDD481341DDF958 ft=1 fh=fe9c9d8c9ed8715f vn="Variante von Win32/AdWare.PricePeep.B Anwendung" ac=I fn="C:\Windows.old\Documents and Settings\Jan\AppData\Local\Temporary Internet Files\Content.IE5\3URR0SX9\pricepeep_190001_0102[1].exe"
sh=D7147C4872853E85ACFAAE76E4659FDB028558C3 ft=1 fh=567f598fe98638e2 vn="Variante von Win32/Conduit.SearchProtect.H evtl. unerwünschte Anwendung" ac=I fn="C:\Windows.old\Documents and Settings\Jan\AppData\Local\Temporary Internet Files\Content.IE5\JD8J1GAT\SPSetup[1].exe"
sh=8EA6C0FFF54649544B8515FCA1F99B6A79DBAC7C ft=1 fh=ba65856fec32e646 vn="Win32/Wajam.F evtl. unerwünschte Anwendung" ac=I fn="C:\Windows.old\Documents and Settings\Jan\AppData\Local\Temporary Internet Files\Content.IE5\JD8J1GAT\WajamPreExe[1].exe"
sh=DF621B8D09847FEE3632C9271625014F1008D364 ft=1 fh=d2962d1960eca1f8 vn="Win32/OutBrowse.C evtl. unerwünschte Anwendung" ac=I fn="C:\Windows.old\Documents and Settings\Jan\AppData\Local\Temporary Internet Files\Content.IE5\P1C45P0B\RegCleanSetup10[1].exe"
sh=B15DFB2C9F2B951B0E8645A0245BDEA18FFCAF70 ft=1 fh=a81e235c1d12b2fe vn="Variante von Win32/Skintrim.LQ Trojaner" ac=I fn="C:\Windows.old\Documents and Settings\Jan\AppData\Local\Temporary Internet Files\Content.IE5\T8ADAM1L\download[1].php"
sh=25966E80BCA21553D85C688AF739814FBE53C189 ft=1 fh=71d6f87cb60ba875 vn="Variante von Win32/AdWare.Lollipop.T Anwendung" ac=I fn="C:\Windows.old\Documents and Settings\Jan\AppData\Local\Temporary Internet Files\Content.IE5\T8ADAM1L\LollipopInstaller_14762[1].exe"
sh=56111939425FD13EF6450B47F63A508218AE814D ft=1 fh=f3d44f47bb63ae0d vn="Win32/Toolbar.Conduit.R evtl. unerwünschte Anwendung" ac=I fn="C:\Windows.old\Documents and Settings\Jan\AppData\Local\Temporary Internet Files\Content.IE5\T8ADAM1L\SearchProtectINTSmartInstall[1].exe"
sh=1B6E1D103A63DA0FAF484F912897CEDD1A6C17E5 ft=1 fh=3db16538a669c801 vn="Win32/Wajam.B evtl. unerwünschte Anwendung" ac=I fn="C:\Windows.old\Documents and Settings\Jan\AppData\Local\Temporary Internet Files\Content.IE5\T8ADAM1L\wajam_download[1].exe"
sh=47D5D3B815057AD8165B7673F996FEA43D77223C ft=1 fh=a2c89f461ec45c30 vn="Win32/Wajam.D evtl. unerwünschte Anwendung" ac=I fn="C:\Windows.old\Documents and Settings\Jan\AppData\Local\Temporary Internet Files\Content.IE5\T8ADAM1L\wajam_install[1].exe"
sh=B0D85EDF582218EBB796FB32312373D5E6DE1544 ft=1 fh=a34b592311cfac50 vn="Variante von Win32/OutBrowse.D evtl. unerwünschte Anwendung" ac=I fn="C:\Windows.old\Documents and Settings\Jan\AppData\Local\Temporary Internet Files\Low\Content.IE5\KY6H4LQF\Firefox[1].exe"
sh=B0D85EDF582218EBB796FB32312373D5E6DE1544 ft=1 fh=a34b592311cfac50 vn="Variante von Win32/OutBrowse.D evtl. unerwünschte Anwendung" ac=I fn="C:\Windows.old\Documents and Settings\Jan\Lokale Einstellungen\Microsoft\Windows\Temporary Internet Files\Content.IE5\3URR0SX9\Firefox[1].exe"
sh=4694D99C352228A6DA9ACA394DDD481341DDF958 ft=1 fh=fe9c9d8c9ed8715f vn="Variante von Win32/AdWare.PricePeep.B Anwendung" ac=I fn="C:\Windows.old\Documents and Settings\Jan\Lokale Einstellungen\Microsoft\Windows\Temporary Internet Files\Content.IE5\3URR0SX9\pricepeep_190001_0102[1].exe"
sh=D7147C4872853E85ACFAAE76E4659FDB028558C3 ft=1 fh=567f598fe98638e2 vn="Variante von Win32/Conduit.SearchProtect.H evtl. unerwünschte Anwendung" ac=I fn="C:\Windows.old\Documents and Settings\Jan\Lokale Einstellungen\Microsoft\Windows\Temporary Internet Files\Content.IE5\JD8J1GAT\SPSetup[1].exe"
sh=8EA6C0FFF54649544B8515FCA1F99B6A79DBAC7C ft=1 fh=ba65856fec32e646 vn="Win32/Wajam.F evtl. unerwünschte Anwendung" ac=I fn="C:\Windows.old\Documents and Settings\Jan\Lokale Einstellungen\Microsoft\Windows\Temporary Internet Files\Content.IE5\JD8J1GAT\WajamPreExe[1].exe"
sh=DF621B8D09847FEE3632C9271625014F1008D364 ft=1 fh=d2962d1960eca1f8 vn="Win32/OutBrowse.C evtl. unerwünschte Anwendung" ac=I fn="C:\Windows.old\Documents and Settings\Jan\Lokale Einstellungen\Microsoft\Windows\Temporary Internet Files\Content.IE5\P1C45P0B\RegCleanSetup10[1].exe"
sh=B15DFB2C9F2B951B0E8645A0245BDEA18FFCAF70 ft=1 fh=a81e235c1d12b2fe vn="Variante von Win32/Skintrim.LQ Trojaner" ac=I fn="C:\Windows.old\Documents and Settings\Jan\Lokale Einstellungen\Microsoft\Windows\Temporary Internet Files\Content.IE5\T8ADAM1L\download[1].php"
sh=25966E80BCA21553D85C688AF739814FBE53C189 ft=1 fh=71d6f87cb60ba875 vn="Variante von Win32/AdWare.Lollipop.T Anwendung" ac=I fn="C:\Windows.old\Documents and Settings\Jan\Lokale Einstellungen\Microsoft\Windows\Temporary Internet Files\Content.IE5\T8ADAM1L\LollipopInstaller_14762[1].exe"
sh=56111939425FD13EF6450B47F63A508218AE814D ft=1 fh=f3d44f47bb63ae0d vn="Win32/Toolbar.Conduit.R evtl. unerwünschte Anwendung" ac=I fn="C:\Windows.old\Documents and Settings\Jan\Lokale Einstellungen\Microsoft\Windows\Temporary Internet Files\Content.IE5\T8ADAM1L\SearchProtectINTSmartInstall[1].exe"
sh=1B6E1D103A63DA0FAF484F912897CEDD1A6C17E5 ft=1 fh=3db16538a669c801 vn="Win32/Wajam.B evtl. unerwünschte Anwendung" ac=I fn="C:\Windows.old\Documents and Settings\Jan\Lokale Einstellungen\Microsoft\Windows\Temporary Internet Files\Content.IE5\T8ADAM1L\wajam_download[1].exe"
sh=47D5D3B815057AD8165B7673F996FEA43D77223C ft=1 fh=a2c89f461ec45c30 vn="Win32/Wajam.D evtl. unerwünschte Anwendung" ac=I fn="C:\Windows.old\Documents and Settings\Jan\Lokale Einstellungen\Microsoft\Windows\Temporary Internet Files\Content.IE5\T8ADAM1L\wajam_install[1].exe"
sh=B0D85EDF582218EBB796FB32312373D5E6DE1544 ft=1 fh=a34b592311cfac50 vn="Variante von Win32/OutBrowse.D evtl. unerwünschte Anwendung" ac=I fn="C:\Windows.old\Documents and Settings\Jan\Lokale Einstellungen\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\KY6H4LQF\Firefox[1].exe"
sh=0B43CB23E4C3F9EDBD5BB88DA3ADCFB8160F7F35 ft=1 fh=b9146e162819d8ab vn="Variante von Win32/OutBrowse.D evtl. unerwünschte Anwendung" ac=I fn="C:\Windows.old\Documents and Settings\Jan\Lokale Einstellungen\Temp\DownloadManager.exe"
sh=80F6AE1B640B1DFDD7DAB06027E1DEDCDE60FB56 ft=1 fh=9ac637058aa7bd87 vn="Win32/MyPCBackup.A evtl. unerwünschte Anwendung" ac=I fn="C:\Windows.old\Documents and Settings\Jan\Lokale Einstellungen\Temp\RegClean10.exe"
sh=C4420C6E94B8CAACCB3811384280D8A93CB0A37D ft=1 fh=25f111c507a31a21 vn="Win32/Toolbar.Conduit.R evtl. unerwünschte Anwendung" ac=I fn="C:\Windows.old\Documents and Settings\Jan\Lokale Einstellungen\Temp\SearchProtectINT.exe"
sh=B0D85EDF582218EBB796FB32312373D5E6DE1544 ft=1 fh=a34b592311cfac50 vn="Variante von Win32/OutBrowse.D evtl. unerwünschte Anwendung" ac=I fn="C:\Windows.old\Documents and Settings\Jan\Lokale Einstellungen\Temporary Internet Files\Content.IE5\3URR0SX9\Firefox[1].exe"
sh=4694D99C352228A6DA9ACA394DDD481341DDF958 ft=1 fh=fe9c9d8c9ed8715f vn="Variante von Win32/AdWare.PricePeep.B Anwendung" ac=I fn="C:\Windows.old\Documents and Settings\Jan\Lokale Einstellungen\Temporary Internet Files\Content.IE5\3URR0SX9\pricepeep_190001_0102[1].exe"
sh=D7147C4872853E85ACFAAE76E4659FDB028558C3 ft=1 fh=567f598fe98638e2 vn="Variante von Win32/Conduit.SearchProtect.H evtl. unerwünschte Anwendung" ac=I fn="C:\Windows.old\Documents and Settings\Jan\Lokale Einstellungen\Temporary Internet Files\Content.IE5\JD8J1GAT\SPSetup[1].exe"
sh=8EA6C0FFF54649544B8515FCA1F99B6A79DBAC7C ft=1 fh=ba65856fec32e646 vn="Win32/Wajam.F evtl. unerwünschte Anwendung" ac=I fn="C:\Windows.old\Documents and Settings\Jan\Lokale Einstellungen\Temporary Internet Files\Content.IE5\JD8J1GAT\WajamPreExe[1].exe"
sh=DF621B8D09847FEE3632C9271625014F1008D364 ft=1 fh=d2962d1960eca1f8 vn="Win32/OutBrowse.C evtl. unerwünschte Anwendung" ac=I fn="C:\Windows.old\Documents and Settings\Jan\Lokale Einstellungen\Temporary Internet Files\Content.IE5\P1C45P0B\RegCleanSetup10[1].exe"
sh=B15DFB2C9F2B951B0E8645A0245BDEA18FFCAF70 ft=1 fh=a81e235c1d12b2fe vn="Variante von Win32/Skintrim.LQ Trojaner" ac=I fn="C:\Windows.old\Documents and Settings\Jan\Lokale Einstellungen\Temporary Internet Files\Content.IE5\T8ADAM1L\download[1].php"
sh=25966E80BCA21553D85C688AF739814FBE53C189 ft=1 fh=71d6f87cb60ba875 vn="Variante von Win32/AdWare.Lollipop.T Anwendung" ac=I fn="C:\Windows.old\Documents and Settings\Jan\Lokale Einstellungen\Temporary Internet Files\Content.IE5\T8ADAM1L\LollipopInstaller_14762[1].exe"
sh=56111939425FD13EF6450B47F63A508218AE814D ft=1 fh=f3d44f47bb63ae0d vn="Win32/Toolbar.Conduit.R evtl. unerwünschte Anwendung" ac=I fn="C:\Windows.old\Documents and Settings\Jan\Lokale Einstellungen\Temporary Internet Files\Content.IE5\T8ADAM1L\SearchProtectINTSmartInstall[1].exe"
sh=1B6E1D103A63DA0FAF484F912897CEDD1A6C17E5 ft=1 fh=3db16538a669c801 vn="Win32/Wajam.B evtl. unerwünschte Anwendung" ac=I fn="C:\Windows.old\Documents and Settings\Jan\Lokale Einstellungen\Temporary Internet Files\Content.IE5\T8ADAM1L\wajam_download[1].exe"
sh=47D5D3B815057AD8165B7673F996FEA43D77223C ft=1 fh=a2c89f461ec45c30 vn="Win32/Wajam.D evtl. unerwünschte Anwendung" ac=I fn="C:\Windows.old\Documents and Settings\Jan\Lokale Einstellungen\Temporary Internet Files\Content.IE5\T8ADAM1L\wajam_install[1].exe"
sh=B0D85EDF582218EBB796FB32312373D5E6DE1544 ft=1 fh=a34b592311cfac50 vn="Variante von Win32/OutBrowse.D evtl. unerwünschte Anwendung" ac=I fn="C:\Windows.old\Documents and Settings\Jan\Lokale Einstellungen\Temporary Internet Files\Low\Content.IE5\KY6H4LQF\Firefox[1].exe"
sh=B0D85EDF582218EBB796FB32312373D5E6DE1544 ft=1 fh=a34b592311cfac50 vn="Variante von Win32/OutBrowse.D evtl. unerwünschte Anwendung" ac=I fn="C:\Windows.old\Users\Jan\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3URR0SX9\Firefox[1].exe"
sh=4694D99C352228A6DA9ACA394DDD481341DDF958 ft=1 fh=fe9c9d8c9ed8715f vn="Variante von Win32/AdWare.PricePeep.B Anwendung" ac=I fn="C:\Windows.old\Users\Jan\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3URR0SX9\pricepeep_190001_0102[1].exe"
sh=D7147C4872853E85ACFAAE76E4659FDB028558C3 ft=1 fh=567f598fe98638e2 vn="Variante von Win32/Conduit.SearchProtect.H evtl. unerwünschte Anwendung" ac=I fn="C:\Windows.old\Users\Jan\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JD8J1GAT\SPSetup[1].exe"
sh=8EA6C0FFF54649544B8515FCA1F99B6A79DBAC7C ft=1 fh=ba65856fec32e646 vn="Win32/Wajam.F evtl. unerwünschte Anwendung" ac=I fn="C:\Windows.old\Users\Jan\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JD8J1GAT\WajamPreExe[1].exe"
sh=DF621B8D09847FEE3632C9271625014F1008D364 ft=1 fh=d2962d1960eca1f8 vn="Win32/OutBrowse.C evtl. unerwünschte Anwendung" ac=I fn="C:\Windows.old\Users\Jan\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\P1C45P0B\RegCleanSetup10[1].exe"
sh=B15DFB2C9F2B951B0E8645A0245BDEA18FFCAF70 ft=1 fh=a81e235c1d12b2fe vn="Variante von Win32/Skintrim.LQ Trojaner" ac=I fn="C:\Windows.old\Users\Jan\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\T8ADAM1L\download[1].php"
sh=25966E80BCA21553D85C688AF739814FBE53C189 ft=1 fh=71d6f87cb60ba875 vn="Variante von Win32/AdWare.Lollipop.T Anwendung" ac=I fn="C:\Windows.old\Users\Jan\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\T8ADAM1L\LollipopInstaller_14762[1].exe"
sh=56111939425FD13EF6450B47F63A508218AE814D ft=1 fh=f3d44f47bb63ae0d vn="Win32/Toolbar.Conduit.R evtl. unerwünschte Anwendung" ac=I fn="C:\Windows.old\Users\Jan\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\T8ADAM1L\SearchProtectINTSmartInstall[1].exe"
sh=1B6E1D103A63DA0FAF484F912897CEDD1A6C17E5 ft=1 fh=3db16538a669c801 vn="Win32/Wajam.B evtl. unerwünschte Anwendung" ac=I fn="C:\Windows.old\Users\Jan\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\T8ADAM1L\wajam_download[1].exe"
sh=47D5D3B815057AD8165B7673F996FEA43D77223C ft=1 fh=a2c89f461ec45c30 vn="Win32/Wajam.D evtl. unerwünschte Anwendung" ac=I fn="C:\Windows.old\Users\Jan\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\T8ADAM1L\wajam_install[1].exe"
sh=B0D85EDF582218EBB796FB32312373D5E6DE1544 ft=1 fh=a34b592311cfac50 vn="Variante von Win32/OutBrowse.D evtl. unerwünschte Anwendung" ac=I fn="C:\Windows.old\Users\Jan\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\KY6H4LQF\Firefox[1].exe"
sh=0B43CB23E4C3F9EDBD5BB88DA3ADCFB8160F7F35 ft=1 fh=b9146e162819d8ab vn="Variante von Win32/OutBrowse.D evtl. unerwünschte Anwendung" ac=I fn="C:\Windows.old\Users\Jan\AppData\Local\Temp\DownloadManager.exe"
sh=80F6AE1B640B1DFDD7DAB06027E1DEDCDE60FB56 ft=1 fh=9ac637058aa7bd87 vn="Win32/MyPCBackup.A evtl. unerwünschte Anwendung" ac=I fn="C:\Windows.old\Users\Jan\AppData\Local\Temp\RegClean10.exe"
sh=C4420C6E94B8CAACCB3811384280D8A93CB0A37D ft=1 fh=25f111c507a31a21 vn="Win32/Toolbar.Conduit.R evtl. unerwünschte Anwendung" ac=I fn="C:\Windows.old\Users\Jan\AppData\Local\Temp\SearchProtectINT.exe"
sh=B0D85EDF582218EBB796FB32312373D5E6DE1544 ft=1 fh=a34b592311cfac50 vn="Variante von Win32/OutBrowse.D evtl. unerwünschte Anwendung" ac=I fn="C:\Windows.old\Users\Jan\AppData\Local\Temporary Internet Files\Content.IE5\3URR0SX9\Firefox[1].exe"
sh=4694D99C352228A6DA9ACA394DDD481341DDF958 ft=1 fh=fe9c9d8c9ed8715f vn="Variante von Win32/AdWare.PricePeep.B Anwendung" ac=I fn="C:\Windows.old\Users\Jan\AppData\Local\Temporary Internet Files\Content.IE5\3URR0SX9\pricepeep_190001_0102[1].exe"
sh=D7147C4872853E85ACFAAE76E4659FDB028558C3 ft=1 fh=567f598fe98638e2 vn="Variante von Win32/Conduit.SearchProtect.H evtl. unerwünschte Anwendung" ac=I fn="C:\Windows.old\Users\Jan\AppData\Local\Temporary Internet Files\Content.IE5\JD8J1GAT\SPSetup[1].exe"
sh=8EA6C0FFF54649544B8515FCA1F99B6A79DBAC7C ft=1 fh=ba65856fec32e646 vn="Win32/Wajam.F evtl. unerwünschte Anwendung" ac=I fn="C:\Windows.old\Users\Jan\AppData\Local\Temporary Internet Files\Content.IE5\JD8J1GAT\WajamPreExe[1].exe"
sh=DF621B8D09847FEE3632C9271625014F1008D364 ft=1 fh=d2962d1960eca1f8 vn="Win32/OutBrowse.C evtl. unerwünschte Anwendung" ac=I fn="C:\Windows.old\Users\Jan\AppData\Local\Temporary Internet Files\Content.IE5\P1C45P0B\RegCleanSetup10[1].exe"
sh=B15DFB2C9F2B951B0E8645A0245BDEA18FFCAF70 ft=1 fh=a81e235c1d12b2fe vn="Variante von Win32/Skintrim.LQ Trojaner" ac=I fn="C:\Windows.old\Users\Jan\AppData\Local\Temporary Internet Files\Content.IE5\T8ADAM1L\download[1].php"
sh=25966E80BCA21553D85C688AF739814FBE53C189 ft=1 fh=71d6f87cb60ba875 vn="Variante von Win32/AdWare.Lollipop.T Anwendung" ac=I fn="C:\Windows.old\Users\Jan\AppData\Local\Temporary Internet Files\Content.IE5\T8ADAM1L\LollipopInstaller_14762[1].exe"
sh=56111939425FD13EF6450B47F63A508218AE814D ft=1 fh=f3d44f47bb63ae0d vn="Win32/Toolbar.Conduit.R evtl. unerwünschte Anwendung" ac=I fn="C:\Windows.old\Users\Jan\AppData\Local\Temporary Internet Files\Content.IE5\T8ADAM1L\SearchProtectINTSmartInstall[1].exe"
sh=1B6E1D103A63DA0FAF484F912897CEDD1A6C17E5 ft=1 fh=3db16538a669c801 vn="Win32/Wajam.B evtl. unerwünschte Anwendung" ac=I fn="C:\Windows.old\Users\Jan\AppData\Local\Temporary Internet Files\Content.IE5\T8ADAM1L\wajam_download[1].exe"
sh=47D5D3B815057AD8165B7673F996FEA43D77223C ft=1 fh=a2c89f461ec45c30 vn="Win32/Wajam.D evtl. unerwünschte Anwendung" ac=I fn="C:\Windows.old\Users\Jan\AppData\Local\Temporary Internet Files\Content.IE5\T8ADAM1L\wajam_install[1].exe"
sh=B0D85EDF582218EBB796FB32312373D5E6DE1544 ft=1 fh=a34b592311cfac50 vn="Variante von Win32/OutBrowse.D evtl. unerwünschte Anwendung" ac=I fn="C:\Windows.old\Users\Jan\AppData\Local\Temporary Internet Files\Low\Content.IE5\KY6H4LQF\Firefox[1].exe"
sh=B0D85EDF582218EBB796FB32312373D5E6DE1544 ft=1 fh=a34b592311cfac50 vn="Variante von Win32/OutBrowse.D evtl. unerwünschte Anwendung" ac=I fn="C:\Windows.old\Users\Jan\Lokale Einstellungen\Microsoft\Windows\Temporary Internet Files\Content.IE5\3URR0SX9\Firefox[1].exe"
sh=4694D99C352228A6DA9ACA394DDD481341DDF958 ft=1 fh=fe9c9d8c9ed8715f vn="Variante von Win32/AdWare.PricePeep.B Anwendung" ac=I fn="C:\Windows.old\Users\Jan\Lokale Einstellungen\Microsoft\Windows\Temporary Internet Files\Content.IE5\3URR0SX9\pricepeep_190001_0102[1].exe"
sh=D7147C4872853E85ACFAAE76E4659FDB028558C3 ft=1 fh=567f598fe98638e2 vn="Variante von Win32/Conduit.SearchProtect.H evtl. unerwünschte Anwendung" ac=I fn="C:\Windows.old\Users\Jan\Lokale Einstellungen\Microsoft\Windows\Temporary Internet Files\Content.IE5\JD8J1GAT\SPSetup[1].exe"
sh=8EA6C0FFF54649544B8515FCA1F99B6A79DBAC7C ft=1 fh=ba65856fec32e646 vn="Win32/Wajam.F evtl. unerwünschte Anwendung" ac=I fn="C:\Windows.old\Users\Jan\Lokale Einstellungen\Microsoft\Windows\Temporary Internet Files\Content.IE5\JD8J1GAT\WajamPreExe[1].exe"
sh=DF621B8D09847FEE3632C9271625014F1008D364 ft=1 fh=d2962d1960eca1f8 vn="Win32/OutBrowse.C evtl. unerwünschte Anwendung" ac=I fn="C:\Windows.old\Users\Jan\Lokale Einstellungen\Microsoft\Windows\Temporary Internet Files\Content.IE5\P1C45P0B\RegCleanSetup10[1].exe"
sh=B15DFB2C9F2B951B0E8645A0245BDEA18FFCAF70 ft=1 fh=a81e235c1d12b2fe vn="Variante von Win32/Skintrim.LQ Trojaner" ac=I fn="C:\Windows.old\Users\Jan\Lokale Einstellungen\Microsoft\Windows\Temporary Internet Files\Content.IE5\T8ADAM1L\download[1].php"
sh=25966E80BCA21553D85C688AF739814FBE53C189 ft=1 fh=71d6f87cb60ba875 vn="Variante von Win32/AdWare.Lollipop.T Anwendung" ac=I fn="C:\Windows.old\Users\Jan\Lokale Einstellungen\Microsoft\Windows\Temporary Internet Files\Content.IE5\T8ADAM1L\LollipopInstaller_14762[1].exe"
sh=56111939425FD13EF6450B47F63A508218AE814D ft=1 fh=f3d44f47bb63ae0d vn="Win32/Toolbar.Conduit.R evtl. unerwünschte Anwendung" ac=I fn="C:\Windows.old\Users\Jan\Lokale Einstellungen\Microsoft\Windows\Temporary Internet Files\Content.IE5\T8ADAM1L\SearchProtectINTSmartInstall[1].exe"
sh=1B6E1D103A63DA0FAF484F912897CEDD1A6C17E5 ft=1 fh=3db16538a669c801 vn="Win32/Wajam.B evtl. unerwünschte Anwendung" ac=I fn="C:\Windows.old\Users\Jan\Lokale Einstellungen\Microsoft\Windows\Temporary Internet Files\Content.IE5\T8ADAM1L\wajam_download[1].exe"
sh=47D5D3B815057AD8165B7673F996FEA43D77223C ft=1 fh=a2c89f461ec45c30 vn="Win32/Wajam.D evtl. unerwünschte Anwendung" ac=I fn="C:\Windows.old\Users\Jan\Lokale Einstellungen\Microsoft\Windows\Temporary Internet Files\Content.IE5\T8ADAM1L\wajam_install[1].exe"
sh=B0D85EDF582218EBB796FB32312373D5E6DE1544 ft=1 fh=a34b592311cfac50 vn="Variante von Win32/OutBrowse.D evtl. unerwünschte Anwendung" ac=I fn="C:\Windows.old\Users\Jan\Lokale Einstellungen\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\KY6H4LQF\Firefox[1].exe"
sh=0B43CB23E4C3F9EDBD5BB88DA3ADCFB8160F7F35 ft=1 fh=b9146e162819d8ab vn="Variante von Win32/OutBrowse.D evtl. unerwünschte Anwendung" ac=I fn="C:\Windows.old\Users\Jan\Lokale Einstellungen\Temp\DownloadManager.exe"
sh=80F6AE1B640B1DFDD7DAB06027E1DEDCDE60FB56 ft=1 fh=9ac637058aa7bd87 vn="Win32/MyPCBackup.A evtl. unerwünschte Anwendung" ac=I fn="C:\Windows.old\Users\Jan\Lokale Einstellungen\Temp\RegClean10.exe"
sh=C4420C6E94B8CAACCB3811384280D8A93CB0A37D ft=1 fh=25f111c507a31a21 vn="Win32/Toolbar.Conduit.R evtl. unerwünschte Anwendung" ac=I fn="C:\Windows.old\Users\Jan\Lokale Einstellungen\Temp\SearchProtectINT.exe"
sh=B0D85EDF582218EBB796FB32312373D5E6DE1544 ft=1 fh=a34b592311cfac50 vn="Variante von Win32/OutBrowse.D evtl. unerwünschte Anwendung" ac=I fn="C:\Windows.old\Users\Jan\Lokale Einstellungen\Temporary Internet Files\Content.IE5\3URR0SX9\Firefox[1].exe"
sh=4694D99C352228A6DA9ACA394DDD481341DDF958 ft=1 fh=fe9c9d8c9ed8715f vn="Variante von Win32/AdWare.PricePeep.B Anwendung" ac=I fn="C:\Windows.old\Users\Jan\Lokale Einstellungen\Temporary Internet Files\Content.IE5\3URR0SX9\pricepeep_190001_0102[1].exe"
sh=D7147C4872853E85ACFAAE76E4659FDB028558C3 ft=1 fh=567f598fe98638e2 vn="Variante von Win32/Conduit.SearchProtect.H evtl. unerwünschte Anwendung" ac=I fn="C:\Windows.old\Users\Jan\Lokale Einstellungen\Temporary Internet Files\Content.IE5\JD8J1GAT\SPSetup[1].exe"
sh=8EA6C0FFF54649544B8515FCA1F99B6A79DBAC7C ft=1 fh=ba65856fec32e646 vn="Win32/Wajam.F evtl. unerwünschte Anwendung" ac=I fn="C:\Windows.old\Users\Jan\Lokale Einstellungen\Temporary Internet Files\Content.IE5\JD8J1GAT\WajamPreExe[1].exe"
sh=DF621B8D09847FEE3632C9271625014F1008D364 ft=1 fh=d2962d1960eca1f8 vn="Win32/OutBrowse.C evtl. unerwünschte Anwendung" ac=I fn="C:\Windows.old\Users\Jan\Lokale Einstellungen\Temporary Internet Files\Content.IE5\P1C45P0B\RegCleanSetup10[1].exe"
sh=B15DFB2C9F2B951B0E8645A0245BDEA18FFCAF70 ft=1 fh=a81e235c1d12b2fe vn="Variante von Win32/Skintrim.LQ Trojaner" ac=I fn="C:\Windows.old\Users\Jan\Lokale Einstellungen\Temporary Internet Files\Content.IE5\T8ADAM1L\download[1].php"
sh=25966E80BCA21553D85C688AF739814FBE53C189 ft=1 fh=71d6f87cb60ba875 vn="Variante von Win32/AdWare.Lollipop.T Anwendung" ac=I fn="C:\Windows.old\Users\Jan\Lokale Einstellungen\Temporary Internet Files\Content.IE5\T8ADAM1L\LollipopInstaller_14762[1].exe"
sh=56111939425FD13EF6450B47F63A508218AE814D ft=1 fh=f3d44f47bb63ae0d vn="Win32/Toolbar.Conduit.R evtl. unerwünschte Anwendung" ac=I fn="C:\Windows.old\Users\Jan\Lokale Einstellungen\Temporary Internet Files\Content.IE5\T8ADAM1L\SearchProtectINTSmartInstall[1].exe"
sh=1B6E1D103A63DA0FAF484F912897CEDD1A6C17E5 ft=1 fh=3db16538a669c801 vn="Win32/Wajam.B evtl. unerwünschte Anwendung" ac=I fn="C:\Windows.old\Users\Jan\Lokale Einstellungen\Temporary Internet Files\Content.IE5\T8ADAM1L\wajam_download[1].exe"
sh=47D5D3B815057AD8165B7673F996FEA43D77223C ft=1 fh=a2c89f461ec45c30 vn="Win32/Wajam.D evtl. unerwünschte Anwendung" ac=I fn="C:\Windows.old\Users\Jan\Lokale Einstellungen\Temporary Internet Files\Content.IE5\T8ADAM1L\wajam_install[1].exe"
sh=B0D85EDF582218EBB796FB32312373D5E6DE1544 ft=1 fh=a34b592311cfac50 vn="Variante von Win32/OutBrowse.D evtl. unerwünschte Anwendung" ac=I fn="C:\Windows.old\Users\Jan\Lokale Einstellungen\Temporary Internet Files\Low\Content.IE5\KY6H4LQF\Firefox[1].exe"
sh=845D7CF435FF3AD33D4115C9B07812057F4E85A4 ft=1 fh=c71c001198f425ea vn="Win32/InstalleRex.M evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\ProgramData\InstallMate\{91CE17C6-0BBC-45B9-A752-439E4A2D3530}\Custom.dll"
sh=845D7CF435FF3AD33D4115C9B07812057F4E85A4 ft=1 fh=c71c001198f425ea vn="Win32/InstalleRex.M evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\ProgramData\InstallMate\{991BEE4F-AC45-4282-A069-E46742F8CCB9}\Custom.dll"
sh=B0D85EDF582218EBB796FB32312373D5E6DE1544 ft=1 fh=a34b592311cfac50 vn="Variante von Win32/OutBrowse.D evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\Windows.old\Documents and Settings\Jan\AppData\Local\Anwendungsdaten\Microsoft\Windows\Temporary Internet Files\Content.IE5\3URR0SX9\Firefox[1].exe"
sh=4694D99C352228A6DA9ACA394DDD481341DDF958 ft=1 fh=fe9c9d8c9ed8715f vn="Variante von Win32/AdWare.PricePeep.B Anwendung (Gesäubert durch Löschen - in Quarantäne kopiert)" ac=C fn="C:\Windows.old\Documents and Settings\Jan\AppData\Local\Anwendungsdaten\Microsoft\Windows\Temporary Internet Files\Content.IE5\3URR0SX9\pricepeep_190001_0102[1].exe"
sh=D7147C4872853E85ACFAAE76E4659FDB028558C3 ft=1 fh=567f598fe98638e2 vn="Variante von Win32/Conduit.SearchProtect.H evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\Windows.old\Documents and Settings\Jan\AppData\Local\Anwendungsdaten\Microsoft\Windows\Temporary Internet Files\Content.IE5\JD8J1GAT\SPSetup[1].exe"
sh=8EA6C0FFF54649544B8515FCA1F99B6A79DBAC7C ft=1 fh=ba65856fec32e646 vn="Win32/Wajam.F evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\Windows.old\Documents and Settings\Jan\AppData\Local\Anwendungsdaten\Microsoft\Windows\Temporary Internet Files\Content.IE5\JD8J1GAT\WajamPreExe[1].exe"
sh=DF621B8D09847FEE3632C9271625014F1008D364 ft=1 fh=d2962d1960eca1f8 vn="Win32/OutBrowse.C evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\Windows.old\Documents and Settings\Jan\AppData\Local\Anwendungsdaten\Microsoft\Windows\Temporary Internet Files\Content.IE5\P1C45P0B\RegCleanSetup10[1].exe"
sh=B15DFB2C9F2B951B0E8645A0245BDEA18FFCAF70 ft=1 fh=a81e235c1d12b2fe vn="Variante von Win32/Skintrim.LQ Trojaner (Gesäubert durch Löschen - in Quarantäne kopiert)" ac=C fn="C:\Windows.old\Documents and Settings\Jan\AppData\Local\Anwendungsdaten\Microsoft\Windows\Temporary Internet Files\Content.IE5\T8ADAM1L\download[1].php"
sh=25966E80BCA21553D85C688AF739814FBE53C189 ft=1 fh=71d6f87cb60ba875 vn="Variante von Win32/AdWare.Lollipop.T Anwendung (Gesäubert durch Löschen - in Quarantäne kopiert)" ac=C fn="C:\Windows.old\Documents and Settings\Jan\AppData\Local\Anwendungsdaten\Microsoft\Windows\Temporary Internet Files\Content.IE5\T8ADAM1L\LollipopInstaller_14762[1].exe"
sh=56111939425FD13EF6450B47F63A508218AE814D ft=1 fh=f3d44f47bb63ae0d vn="Win32/Toolbar.Conduit.R evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\Windows.old\Documents and Settings\Jan\AppData\Local\Anwendungsdaten\Microsoft\Windows\Temporary Internet Files\Content.IE5\T8ADAM1L\SearchProtectINTSmartInstall[1].exe"
sh=1B6E1D103A63DA0FAF484F912897CEDD1A6C17E5 ft=1 fh=3db16538a669c801 vn="Win32/Wajam.B evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\Windows.old\Documents and Settings\Jan\AppData\Local\Anwendungsdaten\Microsoft\Windows\Temporary Internet Files\Content.IE5\T8ADAM1L\wajam_download[1].exe"
sh=47D5D3B815057AD8165B7673F996FEA43D77223C ft=1 fh=a2c89f461ec45c30 vn="Win32/Wajam.D evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\Windows.old\Documents and Settings\Jan\AppData\Local\Anwendungsdaten\Microsoft\Windows\Temporary Internet Files\Content.IE5\T8ADAM1L\wajam_install[1].exe"
sh=B0D85EDF582218EBB796FB32312373D5E6DE1544 ft=1 fh=a34b592311cfac50 vn="Variante von Win32/OutBrowse.D evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\Windows.old\Documents and Settings\Jan\AppData\Local\Anwendungsdaten\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\KY6H4LQF\Firefox[1].exe"
sh=0B43CB23E4C3F9EDBD5BB88DA3ADCFB8160F7F35 ft=1 fh=b9146e162819d8ab vn="Variante von Win32/OutBrowse.D evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\Windows.old\Documents and Settings\Jan\AppData\Local\Anwendungsdaten\Temp\DownloadManager.exe"
sh=80F6AE1B640B1DFDD7DAB06027E1DEDCDE60FB56 ft=1 fh=9ac637058aa7bd87 vn="Win32/MyPCBackup.A evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\Windows.old\Documents and Settings\Jan\AppData\Local\Anwendungsdaten\Temp\RegClean10.exe"
sh=C4420C6E94B8CAACCB3811384280D8A93CB0A37D ft=1 fh=25f111c507a31a21 vn="Win32/Toolbar.Conduit.R evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\Windows.old\Documents and Settings\Jan\AppData\Local\Anwendungsdaten\Temp\SearchProtectINT.exe"
         
checkup.txt
Code:
ATTFilter
 Results of screen317's Security Check version 0.99.82  
 Windows 7 Service Pack 1 x86 (UAC is enabled)  
 Internet Explorer 11  
``````````````Antivirus/Firewall Check:`````````````` 
 WMI entry may not exist for antivirus; attempting automatic update. 
`````````Anti-malware/Other Utilities Check:````````` 
 Adobe Flash Player 	13.0.0.214  
 Adobe Reader XI  
 Mozilla Firefox (29.0.1) 
````````Process Check: objlist.exe by Laurent````````  
 Malwarebytes Anti-Malware mbamservice.exe  
 Malwarebytes Anti-Malware mbam.exe  
`````````````````System Health check````````````````` 
 Total Fragmentation on Drive C:  
````````````````````End of Log``````````````````````
         
Neues FRST:

FRST Logfile:

FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:15-05-2014
Ran by Jan (administrator) on JAN-PC on 18-05-2014 17:47:33
Running from C:\Users\Jan\Desktop
Platform: Microsoft Windows 7 Ultimate  Service Pack 1 (X86) OS Language: German Standard
Internet Explorer Version 11
Boot Mode: Normal



==================== Processes (Whitelisted) =================

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Malwarebytes Corporation) C:\Program Files\ Malwarebytes Anti-Malware \mbamscheduler.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Update Core\NvBackend.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NetService\NvNetworkService.exe
(Malwarebytes Corporation) C:\Program Files\ Malwarebytes Anti-Malware \mbam.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe
(Microsoft Corporation) C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE
(Malwarebytes Corporation) C:\Program Files\ Malwarebytes Anti-Malware \mbamservice.exe
(Microsoft Corporation) C:\Windows\System32\wuauclt.exe
() G:\League of Legends\RADS\system\rads_user_kernel.exe
() G:\League of Legends\RADS\projects\lol_launcher\releases\0.0.0.207\deploy\LoLLauncher.exe
() G:\League of Legends\RADS\projects\lol_air_client\releases\0.0.1.88\deploy\LolClient.exe
(TeamSpeak Systems GmbH) C:\Program Files\TeamSpeak 3 Client\ts3client_win32.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\plugin-container.exe
(Adobe Systems, Inc.) C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe
(Adobe Systems, Inc.) C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [Nvtmru] => C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe [1028384 2013-11-14] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\nvspcap.dll [982232 2013-12-10] (NVIDIA Corporation)
HKLM\...\Run: [NvBackend] => C:\Program Files\NVIDIA Corporation\Update Core\NvBackend.exe [2279712 2013-12-10] (NVIDIA Corporation)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-12-21] (Adobe Systems Incorporated)
HKU\.DEFAULT\...\RunOnce: [SPReview] - C:\Windows\System32\SPReview\SPReview.exe [280576 2013-12-09] (Microsoft Corporation)
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION

==================== Internet (Whitelisted) ====================

ProxyServer: http=127.0.0.1:8118;https=127.0.0.1:8118
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
SearchScopes: HKLM - DefaultScope value is missing.
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1

FireFox:
========
FF ProfilePath: C:\Users\Jan\AppData\Roaming\Mozilla\Firefox\Profiles\dcuyuvrt.default
FF Homepage: google.de
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_13_0_0_214.dll ()
FF Plugin: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~1\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin: @nvidia.com/3DVision - C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin: @nvidia.com/3DVisionStreaming - C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF HKCU\...\Firefox\Extensions: [{B9CAB6E3-383E-2705-9275-E9FFFCD2C970}] - C:\Program Files\BlockAndSurf-soft\161.xpi

========================== Services (Whitelisted) =================

S3 BEService; C:\Program Files\Common Files\BattlEye\BEService.exe [49152 2013-12-06] ()
R2 MBAMScheduler; C:\Program Files\ Malwarebytes Anti-Malware \mbamscheduler.exe [1809720 2014-04-03] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files\ Malwarebytes Anti-Malware \mbamservice.exe [857912 2014-04-03] (Malwarebytes Corporation)
R2 NvNetworkService; C:\Program Files\NVIDIA Corporation\NetService\NvNetworkService.exe [1494304 2013-12-10] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [14658848 2013-12-10] (NVIDIA Corporation)

==================== Drivers (Whitelisted) ====================

R3 EuMusDesignVirtualAudioCableWdm; C:\Windows\System32\DRIVERS\vrtaucbl.sys [50728 2014-04-11] (Eugene V. Muzychenko)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [23256 2014-04-03] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [107736 2014-05-18] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [51416 2014-04-03] (Malwarebytes Corporation)
R3 MTsensor; C:\Windows\System32\DRIVERS\ATKACPI.sys [7680 2007-07-31] (ATK0100)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad32v.sys [34080 2013-12-05] (NVIDIA Corporation)
R3 Sftfs; C:\Windows\System32\DRIVERS\Sftfswin7.sys [581480 2011-10-01] (Microsoft Corporation)
R3 Sftplay; C:\Windows\System32\DRIVERS\Sftplaywin7.sys [194408 2011-10-01] (Microsoft Corporation)
R3 Sftredir; C:\Windows\System32\DRIVERS\Sftredirwin7.sys [21864 2011-10-01] (Microsoft Corporation)
R3 Sftvol; C:\Windows\System32\DRIVERS\Sftvolwin7.sys [19304 2011-10-01] (Microsoft Corporation)
S3 catchme; \??\C:\Users\Jan\AppData\Local\Temp\catchme.sys [X]
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X]
S3 tsusbhub; system32\drivers\tsusbhub.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
U5 VWiFiFlt; C:\Windows\System32\Drivers\VWiFiFlt.sys [48128 2009-07-14] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-05-18 17:45 - 2014-05-18 17:45 - 00855379 _____ () C:\Users\Jan\Desktop\SecurityCheck.exe
2014-05-18 15:27 - 2014-05-18 15:27 - 00000000 ____D () C:\Program Files\ESET
2014-05-18 15:21 - 2014-05-18 15:22 - 02347384 _____ (ESET) C:\Users\Jan\Downloads\esetsmartinstaller_deu.exe
2014-05-17 14:30 - 2014-05-17 14:30 - 00000642 _____ () C:\Users\Jan\Desktop\JRT.txt
2014-05-17 14:19 - 2014-05-17 14:19 - 00000000 ____D () C:\Program Files\Common Files\Lavasoft
2014-05-16 20:08 - 2014-05-16 20:21 - 00000000 ____D () C:\Program Files\Google
2014-05-16 17:11 - 2014-05-18 17:47 - 00007485 _____ () C:\Users\Jan\Desktop\FRST.txt
2014-05-16 17:00 - 2014-05-16 17:00 - 00000000 ____D () C:\Windows\ERUNT
2014-05-16 16:57 - 2014-05-16 16:57 - 01016261 _____ (Thisisu) C:\Users\Jan\Desktop\JRT.exe
2014-05-16 16:46 - 2014-05-16 16:46 - 00000952 _____ () C:\Users\Jan\Desktop\AdwCleaner[S0].txt
2014-05-16 16:42 - 2014-05-17 14:21 - 00000000 ____D () C:\AdwCleaner
2014-05-16 16:41 - 2014-05-17 14:17 - 00001147 _____ () C:\Users\Jan\Desktop\mbam.txt
2014-05-16 16:28 - 2014-05-16 16:28 - 00001060 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-05-16 16:28 - 2014-05-16 16:28 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2014-05-16 16:28 - 2014-05-16 16:28 - 00000000 ____D () C:\Program Files\ Malwarebytes Anti-Malware 
2014-05-16 16:28 - 2014-04-03 09:51 - 00073432 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-05-16 16:28 - 2014-04-03 09:51 - 00051416 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-05-16 16:28 - 2014-04-03 09:50 - 00023256 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-05-16 09:57 - 2014-05-16 09:57 - 00011190 _____ () C:\ComboFix.txt
2014-05-16 09:44 - 2014-05-16 09:57 - 00000000 ____D () C:\Qoobox
2014-05-16 09:44 - 2014-05-16 09:57 - 00000000 ____D () C:\ComboFix
2014-05-16 09:44 - 2014-05-16 09:56 - 00000000 ____D () C:\Windows\erdnt
2014-05-16 09:44 - 2011-06-26 08:45 - 00256000 _____ () C:\Windows\PEV.exe
2014-05-16 09:44 - 2010-11-07 19:20 - 00208896 _____ () C:\Windows\MBR.exe
2014-05-16 09:44 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2014-05-16 09:44 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2014-05-16 09:44 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2014-05-16 09:44 - 2000-08-31 02:00 - 00098816 _____ () C:\Windows\sed.exe
2014-05-16 09:44 - 2000-08-31 02:00 - 00080412 _____ () C:\Windows\grep.exe
2014-05-16 09:44 - 2000-08-31 02:00 - 00068096 _____ () C:\Windows\zip.exe
2014-05-16 09:40 - 2014-05-16 09:41 - 05200990 ____R (Swearware) C:\Users\Jan\Downloads\ComboFix.exe
2014-05-16 00:42 - 2014-05-16 00:42 - 00023769 _____ () C:\Users\Jan\Desktop\Gmer.log
2014-05-16 00:31 - 2014-05-16 00:32 - 00020084 _____ () C:\Users\Jan\Downloads\Addition.txt
2014-05-16 00:30 - 2014-05-18 17:47 - 00000000 ____D () C:\FRST
2014-05-16 00:30 - 2014-05-16 00:32 - 00030016 _____ () C:\Users\Jan\Downloads\FRST.txt
2014-05-16 00:29 - 2014-05-16 00:29 - 00000468 _____ () C:\Users\Jan\Downloads\defogger_disable.log
2014-05-16 00:29 - 2014-05-16 00:29 - 00000000 _____ () C:\Users\Jan\defogger_reenable
2014-05-16 00:27 - 2014-05-16 00:27 - 01056768 _____ (Farbar) C:\Users\Jan\Desktop\FRST.exe
2014-05-16 00:27 - 2014-05-16 00:27 - 00380416 _____ () C:\Users\Jan\Downloads\Gmer-19357.exe
2014-05-16 00:26 - 2014-05-16 00:26 - 00050477 _____ () C:\Users\Jan\Downloads\Defogger.exe
2014-05-15 14:21 - 2014-05-15 14:21 - 00000498 _____ () C:\DelFix.txt
2014-05-15 13:59 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\Windows\system32\sqlite3.dll
2014-05-15 13:40 - 2014-05-15 13:40 - 00000000 ____D () C:\Users\Jan\Documents\ProcAlyzer Dumps
2014-05-15 01:36 - 2014-05-06 05:25 - 17382912 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-05-15 01:36 - 2014-05-06 05:07 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-05-15 01:36 - 2014-05-06 04:10 - 00069632 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-05-14 20:04 - 2014-05-14 20:04 - 00000199 _____ () C:\Users\Jan\Desktop\Counter-Strike Global Offensive.url
2014-05-14 19:34 - 2014-05-14 19:34 - 00001117 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2014-05-14 19:34 - 2014-05-14 19:34 - 00001105 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2014-05-14 19:34 - 2014-05-14 19:34 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2014-05-14 12:19 - 2014-05-14 12:19 - 00000000 ____D () C:\Users\Jan\AppData\Roaming\LavasoftStatistics
2014-05-14 11:11 - 2014-05-15 14:02 - 00000000 ____D () C:\Program Files\Spybot - Search & Destroy 2
2014-05-14 11:11 - 2014-05-15 13:55 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2014-05-14 11:10 - 2014-05-18 16:24 - 00107736 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-05-14 11:08 - 2014-05-15 13:43 - 00000000 ____D () C:\Program Files\Lavasoft
2014-05-14 11:06 - 2014-05-14 11:06 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-05-14 11:04 - 2014-05-14 11:04 - 46392680 _____ (Safer-Networking Ltd. ) C:\Users\Jan\Downloads\spybot-2.3.exe
2014-05-14 11:03 - 2014-05-14 11:03 - 17305616 _____ (Malwarebytes Corporation ) C:\Users\Jan\Downloads\mbam-setup-2.0.1.1004.exe
2014-05-14 11:03 - 2014-05-14 11:03 - 00000000 ____D () C:\ProgramData\Lavasoft
2014-05-14 09:26 - 2014-05-09 09:06 - 00369664 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-05-14 09:26 - 2014-05-09 09:04 - 00302592 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-05-14 09:26 - 2014-04-12 04:15 - 00136640 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2014-05-14 09:26 - 2014-04-12 04:15 - 00067520 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2014-05-14 09:26 - 2014-04-12 04:12 - 00100352 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2014-05-14 09:26 - 2014-04-12 04:12 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2014-05-14 09:26 - 2014-04-12 04:12 - 00015872 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2014-05-14 09:26 - 2014-04-12 04:11 - 01059840 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-05-14 09:26 - 2014-04-12 04:11 - 00022528 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2014-05-14 09:26 - 2014-03-25 04:09 - 12874240 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2014-05-14 09:26 - 2014-03-04 11:20 - 03969984 _____ (Microsoft Corporation) C:\Windows\system32\ntkrnlpa.exe
2014-05-14 09:26 - 2014-03-04 11:20 - 03914176 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2014-05-14 09:26 - 2014-03-04 11:17 - 00550912 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-05-14 09:26 - 2014-03-04 11:17 - 00538112 _____ (Microsoft Corporation) C:\Windows\system32\objsel.dll
2014-05-14 09:26 - 2014-03-04 11:17 - 00304128 _____ (Microsoft Corporation) C:\Windows\system32\winlogon.exe
2014-05-14 09:26 - 2014-03-04 11:17 - 00293376 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2014-05-14 09:26 - 2014-03-04 11:17 - 00259584 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2014-05-14 09:26 - 2014-03-04 11:17 - 00247808 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2014-05-14 09:26 - 2014-03-04 11:17 - 00172032 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2014-05-14 09:26 - 2014-03-04 11:17 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2014-05-14 09:26 - 2014-03-04 11:17 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\cngprovider.dll
2014-05-14 09:26 - 2014-03-04 11:17 - 00049664 _____ (Microsoft Corporation) C:\Windows\system32\adprovider.dll
2014-05-14 09:26 - 2014-03-04 11:17 - 00048128 _____ (Microsoft Corporation) C:\Windows\system32\capiprovider.dll
2014-05-14 09:26 - 2014-03-04 11:17 - 00047616 _____ (Microsoft Corporation) C:\Windows\system32\dpapiprovider.dll
2014-05-14 09:26 - 2014-03-04 11:17 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\dimsroam.dll
2014-05-14 09:26 - 2014-03-04 11:17 - 00035328 _____ (Microsoft Corporation) C:\Windows\system32\wincredprovider.dll
2014-05-14 09:26 - 2014-03-04 11:17 - 00017408 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2014-05-13 22:55 - 2014-05-13 22:55 - 00000000 __SHD () C:\Users\Jan\AppData\Local\EmieUserList
2014-05-13 22:55 - 2014-05-13 22:55 - 00000000 __SHD () C:\Users\Jan\AppData\Local\EmieSiteList
2014-05-13 22:53 - 2014-05-13 22:53 - 00000000 ____D () C:\Program Files\MSR
2014-05-13 22:52 - 2014-05-13 22:52 - 00000512 __RSH () C:\ProgramData\ntuser.pol
2014-05-13 22:52 - 2014-05-13 22:52 - 00000000 ____D () C:\Users\Jan\AppData\Roaming\wi_upd
2014-05-13 22:52 - 2014-05-13 22:52 - 00000000 ____D () C:\Users\Jan\AppData\Roaming\InetStat
2014-05-13 22:52 - 2014-05-13 22:52 - 00000000 ____D () C:\Users\Jan\AppData\Roaming\GetPrivate
2014-05-13 22:51 - 2014-05-13 22:51 - 02271256 _____ () C:\Users\Jan\Downloads\Garrys.Mod.v13.06.20-v13.07.05.Update.exe
2014-05-13 22:37 - 2014-05-13 22:37 - 00222184 _____ (Deposit Files) C:\Users\Jan\Downloads\dfdownloader_xMdXQR_.exe
2014-05-13 22:19 - 2014-05-13 22:39 - 1015875267 _____ () C:\Users\Jan\Downloads\CSS_2013_patch_1909615_nosTEAM.exe
2014-05-13 21:19 - 2014-05-13 21:19 - 00222184 _____ (Deposit Files) C:\Users\Jan\Downloads\dfdownloader_luc4Mu_.exe
2014-05-13 21:07 - 2014-05-14 12:24 - 00000000 ____D () C:\Users\Jan\AppData\Roaming\uTorrent
2014-05-13 21:06 - 2014-05-13 21:06 - 01670992 _____ (BitTorrent Inc.) C:\Users\Jan\Downloads\uTorrent_3.4.1_31139.exe
2014-05-13 21:00 - 2014-05-13 21:00 - 00222184 _____ (Deposit Files) C:\Users\Jan\Downloads\dfdownloader_sbRdYx_.exe
2014-05-12 22:50 - 2014-05-12 22:50 - 00000000 ____D () C:\ProgramData\ItsMyApp
2014-05-12 22:49 - 2014-05-16 20:21 - 00000000 ____D () C:\Users\Jan\AppData\Local\Google
2014-05-12 22:49 - 2014-05-14 12:25 - 00000000 ____D () C:\ProgramData\18be15233c43999c
2014-05-12 22:49 - 2014-05-12 22:49 - 00000000 ____D () C:\Users\Jan\AppData\Local\Comodo
2014-05-12 22:49 - 2014-05-12 22:49 - 00000000 ____D () C:\Users\Jan\AppData\Local\Chromatic Browser
2014-05-12 22:49 - 2014-05-12 22:49 - 00000000 ____D () C:\Users\Gast\AppData\Local\Google
2014-05-12 22:49 - 2014-05-12 22:49 - 00000000 ____D () C:\Users\Gast\AppData\Local\Comodo
2014-05-12 22:49 - 2014-05-12 22:49 - 00000000 ____D () C:\Users\Gast\AppData\Local\Chromatic Browser
2014-05-12 22:49 - 2014-05-12 22:49 - 00000000 ____D () C:\Users\Gast
2014-05-12 22:49 - 2014-05-12 22:49 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Google
2014-05-12 22:49 - 2014-05-12 22:49 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Comodo
2014-05-12 22:49 - 2014-05-12 22:49 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Chromatic Browser
2014-05-12 22:49 - 2014-05-12 22:49 - 00000000 ____D () C:\Users\Administrator
2014-05-12 22:48 - 2014-05-12 22:55 - 00000000 ____D () C:\ProgramData\InstallMate
2014-05-12 22:38 - 2014-02-12 22:26 - 00000426 _____ () C:\AVScanner.ini
2014-05-12 22:10 - 2014-05-13 22:46 - 00000000 ____D () C:\Users\Jan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games
2014-05-12 22:07 - 2014-05-12 22:07 - 00000000 ____D () C:\Users\Jan\Documents\230828-672014-dungeon-keeper-2.rar
2014-05-10 17:56 - 2014-05-14 19:34 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-05-06 17:34 - 2014-05-15 13:10 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-05-02 21:03 - 2014-05-02 21:03 - 03441423 _____ () C:\Users\Jan\Downloads\Instalok - Pick Anyone (Jason Derulo -
2014-04-29 18:12 - 2014-03-06 10:31 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-04-29 18:12 - 2014-03-06 10:02 - 00455168 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-04-29 18:12 - 2014-03-06 10:02 - 00061952 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-04-29 18:12 - 2014-03-06 10:01 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-04-29 18:12 - 2014-03-06 09:47 - 02178048 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-04-29 18:12 - 2014-03-06 09:46 - 04254720 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-04-29 18:12 - 2014-03-06 09:46 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-04-29 18:12 - 2014-03-06 09:45 - 00032768 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-04-29 18:12 - 2014-03-06 09:40 - 00440832 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-04-29 18:12 - 2014-03-06 09:38 - 00112128 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-04-29 18:12 - 2014-03-06 09:38 - 00108032 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-04-29 18:12 - 2014-03-06 09:36 - 00592896 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-04-29 18:12 - 2014-03-06 09:28 - 00646144 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-04-29 18:12 - 2014-03-06 09:22 - 00367616 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-04-29 18:12 - 2014-03-06 09:18 - 00575488 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-04-29 18:12 - 2014-03-06 09:13 - 00032256 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-04-29 18:12 - 2014-03-06 09:07 - 00164864 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-04-29 18:12 - 2014-03-06 09:01 - 00244224 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-04-29 18:12 - 2014-03-06 08:46 - 00524288 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-04-29 18:12 - 2014-03-06 08:40 - 01967104 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-04-29 18:12 - 2014-03-06 08:36 - 11745792 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-04-29 18:12 - 2014-03-06 07:43 - 00704512 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-04-29 18:12 - 2014-03-06 07:41 - 01789440 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-04-29 18:12 - 2014-03-06 07:36 - 01143808 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-04-26 13:05 - 2014-05-14 12:24 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2014-04-26 13:05 - 2014-04-26 13:05 - 00001993 _____ () C:\Users\Public\Desktop\Adobe Reader XI.lnk
2014-04-26 13:04 - 2014-04-26 13:07 - 00000000 ____D () C:\ProgramData\Adobe
2014-04-26 13:04 - 2014-04-26 13:04 - 00000000 ____D () C:\Program Files\Common Files\Adobe
2014-04-26 13:04 - 2014-04-26 13:04 - 00000000 ____D () C:\Program Files\Adobe
2014-04-18 23:28 - 2014-04-18 23:28 - 04440764 _____ () C:\Users\Jan\Downloads\Pinkzebra

==================== One Month Modified Files and Folders =======

2014-05-18 17:47 - 2014-05-16 17:11 - 00007485 _____ () C:\Users\Jan\Desktop\FRST.txt
2014-05-18 17:47 - 2014-05-16 00:30 - 00000000 ____D () C:\FRST
2014-05-18 17:45 - 2014-05-18 17:45 - 00855379 _____ () C:\Users\Jan\Desktop\SecurityCheck.exe
2014-05-18 17:35 - 2013-12-13 16:17 - 00000000 ____D () C:\Users\Jan\AppData\Roaming\TS3Client
2014-05-18 17:08 - 2013-12-06 22:22 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-05-18 16:24 - 2014-05-14 11:10 - 00107736 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-05-18 15:27 - 2014-05-18 15:27 - 00000000 ____D () C:\Program Files\ESET
2014-05-18 15:22 - 2014-05-18 15:21 - 02347384 _____ (ESET) C:\Users\Jan\Downloads\esetsmartinstaller_deu.exe
2014-05-18 14:51 - 2009-07-14 06:34 - 00014016 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-05-18 14:51 - 2009-07-14 06:34 - 00014016 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-05-18 14:50 - 2013-12-06 19:08 - 01622164 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-05-18 14:48 - 2013-12-06 18:47 - 01642031 _____ () C:\Windows\WindowsUpdate.log
2014-05-18 14:44 - 2013-12-06 20:15 - 00000000 ____D () C:\ProgramData\NVIDIA
2014-05-18 14:44 - 2009-07-14 06:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-05-18 14:44 - 2009-07-14 06:39 - 00060318 _____ () C:\Windows\setupact.log
2014-05-17 14:30 - 2014-05-17 14:30 - 00000642 _____ () C:\Users\Jan\Desktop\JRT.txt
2014-05-17 14:23 - 2013-12-09 17:20 - 00153128 _____ () C:\Windows\PFRO.log
2014-05-17 14:21 - 2014-05-16 16:42 - 00000000 ____D () C:\AdwCleaner
2014-05-17 14:19 - 2014-05-17 14:19 - 00000000 ____D () C:\Program Files\Common Files\Lavasoft
2014-05-17 14:17 - 2014-05-16 16:41 - 00001147 _____ () C:\Users\Jan\Desktop\mbam.txt
2014-05-16 20:22 - 2013-12-06 22:21 - 00000000 ____D () C:\Users\Jan\AppData\Local\Adobe
2014-05-16 20:21 - 2014-05-16 20:08 - 00000000 ____D () C:\Program Files\Google
2014-05-16 20:21 - 2014-05-12 22:49 - 00000000 ____D () C:\Users\Jan\AppData\Local\Google
2014-05-16 20:08 - 2013-12-06 22:22 - 00692400 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2014-05-16 20:08 - 2013-12-06 22:22 - 00070832 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2014-05-16 17:00 - 2014-05-16 17:00 - 00000000 ____D () C:\Windows\ERUNT
2014-05-16 16:57 - 2014-05-16 16:57 - 01016261 _____ (Thisisu) C:\Users\Jan\Desktop\JRT.exe
2014-05-16 16:46 - 2014-05-16 16:46 - 00000952 _____ () C:\Users\Jan\Desktop\AdwCleaner[S0].txt
2014-05-16 16:46 - 2009-07-14 06:53 - 00032630 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-05-16 16:28 - 2014-05-16 16:28 - 00001060 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-05-16 16:28 - 2014-05-16 16:28 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2014-05-16 16:28 - 2014-05-16 16:28 - 00000000 ____D () C:\Program Files\ Malwarebytes Anti-Malware 
2014-05-16 09:57 - 2014-05-16 09:57 - 00011190 _____ () C:\ComboFix.txt
2014-05-16 09:57 - 2014-05-16 09:44 - 00000000 ____D () C:\Qoobox
2014-05-16 09:57 - 2014-05-16 09:44 - 00000000 ____D () C:\ComboFix
2014-05-16 09:57 - 2009-07-14 04:37 - 00000000 __RHD () C:\Users\Default
2014-05-16 09:57 - 2009-07-14 04:37 - 00000000 ___RD () C:\Users\Public
2014-05-16 09:56 - 2014-05-16 09:44 - 00000000 ____D () C:\Windows\erdnt
2014-05-16 09:54 - 2009-07-14 04:04 - 00000215 _____ () C:\Windows\system.ini
2014-05-16 09:52 - 2009-07-14 04:03 - 36700160 _____ () C:\Windows\system32\config\SOFTWARE.bak
2014-05-16 09:52 - 2009-07-14 04:03 - 13107200 _____ () C:\Windows\system32\config\SYSTEM.bak
2014-05-16 09:52 - 2009-07-14 04:03 - 00524288 _____ () C:\Windows\system32\config\DEFAULT.bak
2014-05-16 09:52 - 2009-07-14 04:03 - 00262144 _____ () C:\Windows\system32\config\SECURITY.bak
2014-05-16 09:52 - 2009-07-14 04:03 - 00262144 _____ () C:\Windows\system32\config\SAM.bak
2014-05-16 09:41 - 2014-05-16 09:40 - 05200990 ____R (Swearware) C:\Users\Jan\Downloads\ComboFix.exe
2014-05-16 00:42 - 2014-05-16 00:42 - 00023769 _____ () C:\Users\Jan\Desktop\Gmer.log
2014-05-16 00:32 - 2014-05-16 00:31 - 00020084 _____ () C:\Users\Jan\Downloads\Addition.txt
2014-05-16 00:32 - 2014-05-16 00:30 - 00030016 _____ () C:\Users\Jan\Downloads\FRST.txt
2014-05-16 00:29 - 2014-05-16 00:29 - 00000468 _____ () C:\Users\Jan\Downloads\defogger_disable.log
2014-05-16 00:29 - 2014-05-16 00:29 - 00000000 _____ () C:\Users\Jan\defogger_reenable
2014-05-16 00:29 - 2013-12-06 19:26 - 00000000 ____D () C:\Users\Jan
2014-05-16 00:27 - 2014-05-16 00:27 - 01056768 _____ (Farbar) C:\Users\Jan\Desktop\FRST.exe
2014-05-16 00:27 - 2014-05-16 00:27 - 00380416 _____ () C:\Users\Jan\Downloads\Gmer-19357.exe
2014-05-16 00:26 - 2014-05-16 00:26 - 00050477 _____ () C:\Users\Jan\Downloads\Defogger.exe
2014-05-15 14:21 - 2014-05-15 14:21 - 00000498 _____ () C:\DelFix.txt
2014-05-15 14:02 - 2014-05-14 11:11 - 00000000 ____D () C:\Program Files\Spybot - Search & Destroy 2
2014-05-15 14:00 - 2013-12-06 19:27 - 00001144 _____ () C:\Users\Jan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-05-15 13:55 - 2014-05-14 11:11 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2014-05-15 13:43 - 2014-05-14 11:08 - 00000000 ____D () C:\Program Files\Lavasoft
2014-05-15 13:40 - 2014-05-15 13:40 - 00000000 ____D () C:\Users\Jan\Documents\ProcAlyzer Dumps
2014-05-15 13:25 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\Microsoft.NET
2014-05-15 13:10 - 2014-05-06 17:34 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-05-15 13:10 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\system32\de-DE
2014-05-14 20:04 - 2014-05-14 20:04 - 00000199 _____ () C:\Users\Jan\Desktop\Counter-Strike Global Offensive.url
2014-05-14 19:35 - 2013-12-06 19:36 - 00000000 ____D () C:\Users\Jan\AppData\Roaming\Mozilla
2014-05-14 19:34 - 2014-05-14 19:34 - 00001117 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2014-05-14 19:34 - 2014-05-14 19:34 - 00001105 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2014-05-14 19:34 - 2014-05-14 19:34 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2014-05-14 19:34 - 2014-05-10 17:56 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-05-14 12:25 - 2014-05-12 22:49 - 00000000 ____D () C:\ProgramData\18be15233c43999c
2014-05-14 12:24 - 2014-05-13 21:07 - 00000000 ____D () C:\Users\Jan\AppData\Roaming\uTorrent
2014-05-14 12:24 - 2014-04-26 13:05 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2014-05-14 12:19 - 2014-05-14 12:19 - 00000000 ____D () C:\Users\Jan\AppData\Roaming\LavasoftStatistics
2014-05-14 11:06 - 2014-05-14 11:06 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-05-14 11:04 - 2014-05-14 11:04 - 46392680 _____ (Safer-Networking Ltd. ) C:\Users\Jan\Downloads\spybot-2.3.exe
2014-05-14 11:03 - 2014-05-14 11:03 - 17305616 _____ (Malwarebytes Corporation ) C:\Users\Jan\Downloads\mbam-setup-2.0.1.1004.exe
2014-05-14 11:03 - 2014-05-14 11:03 - 00000000 ____D () C:\ProgramData\Lavasoft
2014-05-13 22:55 - 2014-05-13 22:55 - 00000000 __SHD () C:\Users\Jan\AppData\Local\EmieUserList
2014-05-13 22:55 - 2014-05-13 22:55 - 00000000 __SHD () C:\Users\Jan\AppData\Local\EmieSiteList
2014-05-13 22:53 - 2014-05-13 22:53 - 00000000 ____D () C:\Program Files\MSR
2014-05-13 22:52 - 2014-05-13 22:52 - 00000512 __RSH () C:\ProgramData\ntuser.pol
2014-05-13 22:52 - 2014-05-13 22:52 - 00000000 ____D () C:\Users\Jan\AppData\Roaming\wi_upd
2014-05-13 22:52 - 2014-05-13 22:52 - 00000000 ____D () C:\Users\Jan\AppData\Roaming\InetStat
2014-05-13 22:52 - 2014-05-13 22:52 - 00000000 ____D () C:\Users\Jan\AppData\Roaming\GetPrivate
2014-05-13 22:52 - 2009-07-14 04:37 - 00000000 ___HD () C:\Windows\system32\GroupPolicy
2014-05-13 22:51 - 2014-05-13 22:51 - 02271256 _____ () C:\Users\Jan\Downloads\Garrys.Mod.v13.06.20-v13.07.05.Update.exe
2014-05-13 22:46 - 2014-05-12 22:10 - 00000000 ____D () C:\Users\Jan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games
2014-05-13 22:39 - 2014-05-13 22:19 - 1015875267 _____ () C:\Users\Jan\Downloads\CSS_2013_patch_1909615_nosTEAM.exe
2014-05-13 22:37 - 2014-05-13 22:37 - 00222184 _____ (Deposit Files) C:\Users\Jan\Downloads\dfdownloader_xMdXQR_.exe
2014-05-13 21:19 - 2014-05-13 21:19 - 00222184 _____ (Deposit Files) C:\Users\Jan\Downloads\dfdownloader_luc4Mu_.exe
2014-05-13 21:06 - 2014-05-13 21:06 - 01670992 _____ (BitTorrent Inc.) C:\Users\Jan\Downloads\uTorrent_3.4.1_31139.exe
2014-05-13 21:00 - 2014-05-13 21:00 - 00222184 _____ (Deposit Files) C:\Users\Jan\Downloads\dfdownloader_sbRdYx_.exe
2014-05-12 23:14 - 2013-12-06 19:31 - 00000000 ____D () C:\Program Files\Common Files\Steam
2014-05-12 22:55 - 2014-05-12 22:48 - 00000000 ____D () C:\ProgramData\InstallMate
2014-05-12 22:50 - 2014-05-12 22:50 - 00000000 ____D () C:\ProgramData\ItsMyApp
2014-05-12 22:49 - 2014-05-12 22:49 - 00000000 ____D () C:\Users\Jan\AppData\Local\Comodo
2014-05-12 22:49 - 2014-05-12 22:49 - 00000000 ____D () C:\Users\Jan\AppData\Local\Chromatic Browser
2014-05-12 22:49 - 2014-05-12 22:49 - 00000000 ____D () C:\Users\Gast\AppData\Local\Google
2014-05-12 22:49 - 2014-05-12 22:49 - 00000000 ____D () C:\Users\Gast\AppData\Local\Comodo
2014-05-12 22:49 - 2014-05-12 22:49 - 00000000 ____D () C:\Users\Gast\AppData\Local\Chromatic Browser
2014-05-12 22:49 - 2014-05-12 22:49 - 00000000 ____D () C:\Users\Gast
2014-05-12 22:49 - 2014-05-12 22:49 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Google
2014-05-12 22:49 - 2014-05-12 22:49 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Comodo
2014-05-12 22:49 - 2014-05-12 22:49 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Chromatic Browser
2014-05-12 22:49 - 2014-05-12 22:49 - 00000000 ____D () C:\Users\Administrator
2014-05-12 22:20 - 2013-12-06 19:27 - 00000000 ____D () C:\Users\Jan\AppData\Local\VirtualStore
2014-05-12 22:07 - 2014-05-12 22:07 - 00000000 ____D () C:\Users\Jan\Documents\230828-672014-dungeon-keeper-2.rar
2014-05-09 09:06 - 2014-05-14 09:26 - 00369664 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-05-09 09:04 - 2014-05-14 09:26 - 00302592 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-05-08 16:12 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\rescache
2014-05-06 05:25 - 2014-05-15 01:36 - 17382912 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-05-06 05:07 - 2014-05-15 01:36 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-05-06 04:10 - 2014-05-15 01:36 - 00069632 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-05-02 21:03 - 2014-05-02 21:03 - 03441423 _____ () C:\Users\Jan\Downloads\Instalok - Pick Anyone (Jason Derulo -
2014-04-26 13:07 - 2014-04-26 13:04 - 00000000 ____D () C:\ProgramData\Adobe
2014-04-26 13:06 - 2013-12-06 20:53 - 00000000 ____D () C:\Users\Jan\AppData\Roaming\Adobe
2014-04-26 13:05 - 2014-04-26 13:05 - 00001993 _____ () C:\Users\Public\Desktop\Adobe Reader XI.lnk
2014-04-26 13:04 - 2014-04-26 13:04 - 00000000 ____D () C:\Program Files\Common Files\Adobe
2014-04-26 13:04 - 2014-04-26 13:04 - 00000000 ____D () C:\Program Files\Adobe
2014-04-18 23:28 - 2014-04-18 23:28 - 04440764 _____ () C:\Users\Jan\Downloads\Pinkzebra

Some content of TEMP:
====================
C:\Users\Jan\AppData\Local\temp\GPUpd.exe
C:\Users\Jan\AppData\Local\temp\Quarantine.exe


==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\system32\winlogon.exe
[2014-05-14 09:26] - [2014-03-04 11:17] - 0304128 ____A (Microsoft Corporation) 998507B046BA314CE8245364C686FA67

C:\Windows\system32\wininit.exe => MD5 is legit
C:\Windows\system32\svchost.exe => MD5 is legit
C:\Windows\system32\services.exe => MD5 is legit
C:\Windows\system32\User32.dll => MD5 is legit
C:\Windows\system32\userinit.exe => MD5 is legit
C:\Windows\system32\rpcss.dll => MD5 is legit
C:\Windows\system32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2014-05-09 11:39

==================== End Of Log ============================
         
--- --- ---

--- --- ---


ESET hat 129 infizierte Dateien gefunden. Läuft leider noch nicht alles glatt.

Alt 19.05.2014, 10:50   #8
schrauber
/// the machine
/// TB-Ausbilder
 

Windows 7(32Bit): CPU Auslastung hoch/möglicher Virenbefall - Standard

Windows 7(32Bit): CPU Auslastung hoch/möglicher Virenbefall



Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument

Code:
ATTFilter
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
ProxyServer: http=127.0.0.1:8118;https=127.0.0.1:8118
C:\Users\Jan\AppData\Roaming\InetStat
C:\Users\Jan\AppData\Roaming\GetPrivate
         

Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
  • Starte nun FRST erneut und klicke den Entfernen Button.
  • Das Tool erstellt eine Fixlog.txt.
  • Poste mir deren Inhalt.



Frisches FRST log bitte.
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 19.05.2014, 11:29   #9
JanR91
 
Windows 7(32Bit): CPU Auslastung hoch/möglicher Virenbefall - Standard

Windows 7(32Bit): CPU Auslastung hoch/möglicher Virenbefall



Fixlog:

Code:
ATTFilter
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version:15-05-2014
Ran by Jan at 2014-05-19 12:20:15 Run:3
Running from C:\Users\Jan\Desktop
Boot Mode: Normal

==============================================

Content of fixlist:
*****************
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
ProxyServer: http=127.0.0.1:8118;https=127.0.0.1:8118
C:\Users\Jan\AppData\Roaming\InetStat
C:\Users\Jan\AppData\Roaming\GetPrivateGroupPolicy: Group Policy on Chrome detected <======= ATTENTION
ProxyServer: http=127.0.0.1:8118;https=127.0.0.1:8118
C:\Users\Jan\AppData\Roaming\InetStat
C:\Users\Jan\AppData\Roaming\GetPrivate
*****************

C:\Windows\system32\GroupPolicy\Machine => Moved successfully.
C:\Windows\system32\GroupPolicy\GPT.ini => Moved successfully.
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer => Value deleted successfully.
C:\Users\Jan\AppData\Roaming\InetStat => Moved successfully.
"C:\Users\Jan\AppData\Roaming\GetPrivateGroupPolicy: Group Policy on Chrome detected <======= ATTENTION" => File/Directory not found.
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer => Value not found.
"C:\Users\Jan\AppData\Roaming\InetStat" => File/Directory not found.
C:\Users\Jan\AppData\Roaming\GetPrivate => Moved successfully.


The system needed a reboot. 

==== End of Fixlog ====
         
Neues FRST:

FRST Logfile:

FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:15-05-2014
Ran by Jan (administrator) on JAN-PC on 19-05-2014 12:26:44
Running from C:\Users\Jan\Desktop
Platform: Microsoft Windows 7 Ultimate  Service Pack 1 (X86) OS Language: German Standard
Internet Explorer Version 11
Boot Mode: Normal



==================== Processes (Whitelisted) =================

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Malwarebytes Corporation) C:\Program Files\ Malwarebytes Anti-Malware \mbamscheduler.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Update Core\NvBackend.exe
(Microsoft Corporation) C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\plugin-container.exe
(Adobe Systems, Inc.) C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe
(Adobe Systems, Inc.) C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe
(Microsoft Corporation) C:\Windows\System32\wuauclt.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [Nvtmru] => "C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe"
HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\nvspcap.dll [1081112 2014-04-30] (NVIDIA Corporation)
HKLM\...\Run: [NvBackend] => C:\Program Files\NVIDIA Corporation\Update Core\NvBackend.exe [2199840 2014-04-30] (NVIDIA Corporation)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-12-21] (Adobe Systems Incorporated)
HKU\.DEFAULT\...\RunOnce: [SPReview] - C:\Windows\System32\SPReview\SPReview.exe [280576 2013-12-09] (Microsoft Corporation)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
SearchScopes: HKLM - DefaultScope value is missing.
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1

FireFox:
========
FF ProfilePath: C:\Users\Jan\AppData\Roaming\Mozilla\Firefox\Profiles\dcuyuvrt.default
FF Homepage: google.de
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_13_0_0_214.dll ()
FF Plugin: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~1\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin: @nvidia.com/3DVision - C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin: @nvidia.com/3DVisionStreaming - C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF HKCU\...\Firefox\Extensions: [{B9CAB6E3-383E-2705-9275-E9FFFCD2C970}] - C:\Program Files\BlockAndSurf-soft\161.xpi

========================== Services (Whitelisted) =================

S3 BEService; C:\Program Files\Common Files\BattlEye\BEService.exe [49152 2013-12-06] ()
R2 MBAMScheduler; C:\Program Files\ Malwarebytes Anti-Malware \mbamscheduler.exe [1809720 2014-04-03] (Malwarebytes Corporation)
S2 MBAMService; C:\Program Files\ Malwarebytes Anti-Malware \mbamservice.exe [857912 2014-04-03] (Malwarebytes Corporation)
R2 NvNetworkService; C:\Program Files\NVIDIA Corporation\NetService\NvNetworkService.exe [1618888 2014-04-30] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [19701080 2014-04-30] (NVIDIA Corporation)

==================== Drivers (Whitelisted) ====================

R3 EuMusDesignVirtualAudioCableWdm; C:\Windows\System32\DRIVERS\vrtaucbl.sys [50728 2014-04-11] (Eugene V. Muzychenko)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [23256 2014-04-03] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [51416 2014-04-03] (Malwarebytes Corporation)
R3 MTsensor; C:\Windows\System32\DRIVERS\ATKACPI.sys [7680 2007-07-31] (ATK0100)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [19400 2014-04-30] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad32v.sys [34080 2014-03-31] (NVIDIA Corporation)
R3 Sftfs; C:\Windows\System32\DRIVERS\Sftfswin7.sys [581480 2011-10-01] (Microsoft Corporation)
R3 Sftplay; C:\Windows\System32\DRIVERS\Sftplaywin7.sys [194408 2011-10-01] (Microsoft Corporation)
R3 Sftredir; C:\Windows\System32\DRIVERS\Sftredirwin7.sys [21864 2011-10-01] (Microsoft Corporation)
R3 Sftvol; C:\Windows\System32\DRIVERS\Sftvolwin7.sys [19304 2011-10-01] (Microsoft Corporation)
S3 catchme; \??\C:\Users\Jan\AppData\Local\Temp\catchme.sys [X]
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X]
S3 tsusbhub; system32\drivers\tsusbhub.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
U5 VWiFiFlt; C:\Windows\System32\Drivers\VWiFiFlt.sys [48128 2009-07-14] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-05-18 19:25 - 2014-05-18 19:25 - 00000000 ____D () C:\Program Files\AGEIA Technologies
2014-05-18 19:24 - 2014-03-04 13:32 - 00599840 _____ (NVIDIA Corporation) C:\Windows\system32\nvStreaming.exe
2014-05-18 19:19 - 2014-03-04 16:29 - 23716640 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglv32.dll
2014-05-18 19:19 - 2014-03-04 16:29 - 17559384 _____ (NVIDIA Corporation) C:\Windows\system32\nvcompiler.dll
2014-05-18 19:19 - 2014-03-04 16:29 - 10523480 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvlddmkm.sys
2014-05-18 19:19 - 2014-03-04 16:29 - 09728064 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuda.dll
2014-05-18 19:19 - 2014-03-04 16:29 - 09690424 _____ (NVIDIA Corporation) C:\Windows\system32\nvopencl.dll
2014-05-18 19:19 - 2014-03-04 16:29 - 02956632 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvid.dll
2014-05-18 19:19 - 2014-03-04 16:29 - 02411976 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvenc.dll
2014-05-18 19:19 - 2014-03-04 16:29 - 01049888 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco3233523.dll
2014-05-18 19:19 - 2014-03-04 16:29 - 00894296 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco3233523.dll
2014-05-18 19:19 - 2014-03-04 16:29 - 00865224 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFR.dll
2014-05-18 19:19 - 2014-03-04 16:29 - 00847136 _____ (NVIDIA Corporation) C:\Windows\system32\NvFBC.dll
2014-05-18 18:37 - 2014-03-31 18:42 - 00034080 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvvad32v.sys
2014-05-18 17:45 - 2014-05-18 17:45 - 00855379 _____ () C:\Users\Jan\Desktop\SecurityCheck.exe
2014-05-18 15:21 - 2014-05-18 15:22 - 02347384 _____ (ESET) C:\Users\Jan\Downloads\esetsmartinstaller_deu.exe
2014-05-17 14:30 - 2014-05-17 14:30 - 00000642 _____ () C:\Users\Jan\Desktop\JRT.txt
2014-05-17 14:19 - 2014-05-17 14:19 - 00000000 ____D () C:\Program Files\Common Files\Lavasoft
2014-05-16 20:08 - 2014-05-16 20:21 - 00000000 ____D () C:\Program Files\Google
2014-05-16 17:11 - 2014-05-19 12:26 - 00006839 _____ () C:\Users\Jan\Desktop\FRST.txt
2014-05-16 17:00 - 2014-05-16 17:00 - 00000000 ____D () C:\Windows\ERUNT
2014-05-16 16:57 - 2014-05-16 16:57 - 01016261 _____ (Thisisu) C:\Users\Jan\Desktop\JRT.exe
2014-05-16 16:46 - 2014-05-16 16:46 - 00000952 _____ () C:\Users\Jan\Desktop\AdwCleaner[S0].txt
2014-05-16 16:42 - 2014-05-17 14:21 - 00000000 ____D () C:\AdwCleaner
2014-05-16 16:41 - 2014-05-17 14:17 - 00001147 _____ () C:\Users\Jan\Desktop\mbam.txt
2014-05-16 16:28 - 2014-05-16 16:28 - 00001060 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-05-16 16:28 - 2014-05-16 16:28 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2014-05-16 16:28 - 2014-05-16 16:28 - 00000000 ____D () C:\Program Files\ Malwarebytes Anti-Malware 
2014-05-16 16:28 - 2014-04-03 09:51 - 00073432 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-05-16 16:28 - 2014-04-03 09:51 - 00051416 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-05-16 16:28 - 2014-04-03 09:50 - 00023256 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-05-16 09:57 - 2014-05-16 09:57 - 00011190 _____ () C:\ComboFix.txt
2014-05-16 09:44 - 2014-05-16 09:57 - 00000000 ____D () C:\Qoobox
2014-05-16 09:44 - 2014-05-16 09:57 - 00000000 ____D () C:\ComboFix
2014-05-16 09:44 - 2014-05-16 09:56 - 00000000 ____D () C:\Windows\erdnt
2014-05-16 09:44 - 2011-06-26 08:45 - 00256000 _____ () C:\Windows\PEV.exe
2014-05-16 09:44 - 2010-11-07 19:20 - 00208896 _____ () C:\Windows\MBR.exe
2014-05-16 09:44 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2014-05-16 09:44 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2014-05-16 09:44 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2014-05-16 09:44 - 2000-08-31 02:00 - 00098816 _____ () C:\Windows\sed.exe
2014-05-16 09:44 - 2000-08-31 02:00 - 00080412 _____ () C:\Windows\grep.exe
2014-05-16 09:44 - 2000-08-31 02:00 - 00068096 _____ () C:\Windows\zip.exe
2014-05-16 09:40 - 2014-05-16 09:41 - 05200990 ____R (Swearware) C:\Users\Jan\Downloads\ComboFix.exe
2014-05-16 00:42 - 2014-05-16 00:42 - 00023769 _____ () C:\Users\Jan\Desktop\Gmer.log
2014-05-16 00:31 - 2014-05-16 00:32 - 00020084 _____ () C:\Users\Jan\Downloads\Addition.txt
2014-05-16 00:30 - 2014-05-19 12:26 - 00000000 ____D () C:\FRST
2014-05-16 00:30 - 2014-05-16 00:32 - 00030016 _____ () C:\Users\Jan\Downloads\FRST.txt
2014-05-16 00:29 - 2014-05-16 00:29 - 00000468 _____ () C:\Users\Jan\Downloads\defogger_disable.log
2014-05-16 00:29 - 2014-05-16 00:29 - 00000000 _____ () C:\Users\Jan\defogger_reenable
2014-05-16 00:27 - 2014-05-16 00:27 - 01056768 _____ (Farbar) C:\Users\Jan\Desktop\FRST.exe
2014-05-16 00:27 - 2014-05-16 00:27 - 00380416 _____ () C:\Users\Jan\Downloads\Gmer-19357.exe
2014-05-16 00:26 - 2014-05-16 00:26 - 00050477 _____ () C:\Users\Jan\Downloads\Defogger.exe
2014-05-15 14:21 - 2014-05-15 14:21 - 00000498 _____ () C:\DelFix.txt
2014-05-15 13:59 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\Windows\system32\sqlite3.dll
2014-05-15 13:40 - 2014-05-15 13:40 - 00000000 ____D () C:\Users\Jan\Documents\ProcAlyzer Dumps
2014-05-15 01:36 - 2014-05-06 05:25 - 17382912 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-05-15 01:36 - 2014-05-06 05:07 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-05-15 01:36 - 2014-05-06 04:10 - 00069632 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-05-14 20:04 - 2014-05-14 20:04 - 00000199 _____ () C:\Users\Jan\Desktop\Counter-Strike Global Offensive.url
2014-05-14 19:34 - 2014-05-14 19:34 - 00001117 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2014-05-14 19:34 - 2014-05-14 19:34 - 00001105 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2014-05-14 19:34 - 2014-05-14 19:34 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2014-05-14 12:19 - 2014-05-14 12:19 - 00000000 ____D () C:\Users\Jan\AppData\Roaming\LavasoftStatistics
2014-05-14 11:11 - 2014-05-15 14:02 - 00000000 ____D () C:\Program Files\Spybot - Search & Destroy 2
2014-05-14 11:11 - 2014-05-15 13:55 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2014-05-14 11:10 - 2014-05-19 09:38 - 00107736 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-05-14 11:08 - 2014-05-15 13:43 - 00000000 ____D () C:\Program Files\Lavasoft
2014-05-14 11:06 - 2014-05-14 11:06 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-05-14 11:04 - 2014-05-14 11:04 - 46392680 _____ (Safer-Networking Ltd. ) C:\Users\Jan\Downloads\spybot-2.3.exe
2014-05-14 11:03 - 2014-05-14 11:03 - 17305616 _____ (Malwarebytes Corporation ) C:\Users\Jan\Downloads\mbam-setup-2.0.1.1004.exe
2014-05-14 11:03 - 2014-05-14 11:03 - 00000000 ____D () C:\ProgramData\Lavasoft
2014-05-14 09:26 - 2014-05-09 09:06 - 00369664 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-05-14 09:26 - 2014-05-09 09:04 - 00302592 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-05-14 09:26 - 2014-04-12 04:15 - 00136640 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2014-05-14 09:26 - 2014-04-12 04:15 - 00067520 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2014-05-14 09:26 - 2014-04-12 04:12 - 00100352 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2014-05-14 09:26 - 2014-04-12 04:12 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2014-05-14 09:26 - 2014-04-12 04:12 - 00015872 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2014-05-14 09:26 - 2014-04-12 04:11 - 01059840 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-05-14 09:26 - 2014-04-12 04:11 - 00022528 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2014-05-14 09:26 - 2014-03-25 04:09 - 12874240 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2014-05-14 09:26 - 2014-03-04 11:20 - 03969984 _____ (Microsoft Corporation) C:\Windows\system32\ntkrnlpa.exe
2014-05-14 09:26 - 2014-03-04 11:20 - 03914176 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2014-05-14 09:26 - 2014-03-04 11:17 - 00550912 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-05-14 09:26 - 2014-03-04 11:17 - 00538112 _____ (Microsoft Corporation) C:\Windows\system32\objsel.dll
2014-05-14 09:26 - 2014-03-04 11:17 - 00304128 _____ (Microsoft Corporation) C:\Windows\system32\winlogon.exe
2014-05-14 09:26 - 2014-03-04 11:17 - 00293376 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2014-05-14 09:26 - 2014-03-04 11:17 - 00259584 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2014-05-14 09:26 - 2014-03-04 11:17 - 00247808 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2014-05-14 09:26 - 2014-03-04 11:17 - 00172032 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2014-05-14 09:26 - 2014-03-04 11:17 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2014-05-14 09:26 - 2014-03-04 11:17 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\cngprovider.dll
2014-05-14 09:26 - 2014-03-04 11:17 - 00049664 _____ (Microsoft Corporation) C:\Windows\system32\adprovider.dll
2014-05-14 09:26 - 2014-03-04 11:17 - 00048128 _____ (Microsoft Corporation) C:\Windows\system32\capiprovider.dll
2014-05-14 09:26 - 2014-03-04 11:17 - 00047616 _____ (Microsoft Corporation) C:\Windows\system32\dpapiprovider.dll
2014-05-14 09:26 - 2014-03-04 11:17 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\dimsroam.dll
2014-05-14 09:26 - 2014-03-04 11:17 - 00035328 _____ (Microsoft Corporation) C:\Windows\system32\wincredprovider.dll
2014-05-14 09:26 - 2014-03-04 11:17 - 00017408 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2014-05-13 22:55 - 2014-05-13 22:55 - 00000000 __SHD () C:\Users\Jan\AppData\Local\EmieUserList
2014-05-13 22:55 - 2014-05-13 22:55 - 00000000 __SHD () C:\Users\Jan\AppData\Local\EmieSiteList
2014-05-13 22:53 - 2014-05-13 22:53 - 00000000 ____D () C:\Program Files\MSR
2014-05-13 22:52 - 2014-05-19 12:22 - 00000008 __RSH () C:\ProgramData\ntuser.pol
2014-05-13 22:52 - 2014-05-13 22:52 - 00000000 ____D () C:\Users\Jan\AppData\Roaming\wi_upd
2014-05-13 22:51 - 2014-05-13 22:51 - 02271256 _____ () C:\Users\Jan\Downloads\Garrys.Mod.v13.06.20-v13.07.05.Update.exe
2014-05-13 22:37 - 2014-05-13 22:37 - 00222184 _____ (Deposit Files) C:\Users\Jan\Downloads\dfdownloader_xMdXQR_.exe
2014-05-13 22:19 - 2014-05-13 22:39 - 1015875267 _____ () C:\Users\Jan\Downloads\CSS_2013_patch_1909615_nosTEAM.exe
2014-05-13 21:19 - 2014-05-13 21:19 - 00222184 _____ (Deposit Files) C:\Users\Jan\Downloads\dfdownloader_luc4Mu_.exe
2014-05-13 21:07 - 2014-05-14 12:24 - 00000000 ____D () C:\Users\Jan\AppData\Roaming\uTorrent
2014-05-13 21:06 - 2014-05-13 21:06 - 01670992 _____ (BitTorrent Inc.) C:\Users\Jan\Downloads\uTorrent_3.4.1_31139.exe
2014-05-13 21:00 - 2014-05-13 21:00 - 00222184 _____ (Deposit Files) C:\Users\Jan\Downloads\dfdownloader_sbRdYx_.exe
2014-05-12 22:50 - 2014-05-12 22:50 - 00000000 ____D () C:\ProgramData\ItsMyApp
2014-05-12 22:49 - 2014-05-16 20:21 - 00000000 ____D () C:\Users\Jan\AppData\Local\Google
2014-05-12 22:49 - 2014-05-14 12:25 - 00000000 ____D () C:\ProgramData\18be15233c43999c
2014-05-12 22:49 - 2014-05-12 22:49 - 00000000 ____D () C:\Users\Jan\AppData\Local\Comodo
2014-05-12 22:49 - 2014-05-12 22:49 - 00000000 ____D () C:\Users\Jan\AppData\Local\Chromatic Browser
2014-05-12 22:49 - 2014-05-12 22:49 - 00000000 ____D () C:\Users\Gast\AppData\Local\Google
2014-05-12 22:49 - 2014-05-12 22:49 - 00000000 ____D () C:\Users\Gast\AppData\Local\Comodo
2014-05-12 22:49 - 2014-05-12 22:49 - 00000000 ____D () C:\Users\Gast\AppData\Local\Chromatic Browser
2014-05-12 22:49 - 2014-05-12 22:49 - 00000000 ____D () C:\Users\Gast
2014-05-12 22:49 - 2014-05-12 22:49 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Google
2014-05-12 22:49 - 2014-05-12 22:49 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Comodo
2014-05-12 22:49 - 2014-05-12 22:49 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Chromatic Browser
2014-05-12 22:49 - 2014-05-12 22:49 - 00000000 ____D () C:\Users\Administrator
2014-05-12 22:48 - 2014-05-12 22:55 - 00000000 ____D () C:\ProgramData\InstallMate
2014-05-12 22:38 - 2014-02-12 22:26 - 00000426 _____ () C:\AVScanner.ini
2014-05-12 22:10 - 2014-05-13 22:46 - 00000000 ____D () C:\Users\Jan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games
2014-05-12 22:07 - 2014-05-12 22:07 - 00000000 ____D () C:\Users\Jan\Documents\230828-672014-dungeon-keeper-2.rar
2014-05-10 17:56 - 2014-05-14 19:34 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-05-06 17:34 - 2014-05-15 13:10 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-05-02 21:03 - 2014-05-02 21:03 - 03441423 _____ () C:\Users\Jan\Downloads\Instalok - Pick Anyone (Jason Derulo -
2014-04-29 18:12 - 2014-03-06 10:31 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-04-29 18:12 - 2014-03-06 10:02 - 00455168 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-04-29 18:12 - 2014-03-06 10:02 - 00061952 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-04-29 18:12 - 2014-03-06 10:01 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-04-29 18:12 - 2014-03-06 09:47 - 02178048 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-04-29 18:12 - 2014-03-06 09:46 - 04254720 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-04-29 18:12 - 2014-03-06 09:46 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-04-29 18:12 - 2014-03-06 09:45 - 00032768 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-04-29 18:12 - 2014-03-06 09:40 - 00440832 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-04-29 18:12 - 2014-03-06 09:38 - 00112128 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-04-29 18:12 - 2014-03-06 09:38 - 00108032 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-04-29 18:12 - 2014-03-06 09:36 - 00592896 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-04-29 18:12 - 2014-03-06 09:28 - 00646144 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-04-29 18:12 - 2014-03-06 09:22 - 00367616 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-04-29 18:12 - 2014-03-06 09:18 - 00575488 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-04-29 18:12 - 2014-03-06 09:13 - 00032256 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-04-29 18:12 - 2014-03-06 09:07 - 00164864 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-04-29 18:12 - 2014-03-06 09:01 - 00244224 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-04-29 18:12 - 2014-03-06 08:46 - 00524288 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-04-29 18:12 - 2014-03-06 08:40 - 01967104 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-04-29 18:12 - 2014-03-06 08:36 - 11745792 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-04-29 18:12 - 2014-03-06 07:43 - 00704512 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-04-29 18:12 - 2014-03-06 07:41 - 01789440 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-04-29 18:12 - 2014-03-06 07:36 - 01143808 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-04-26 13:05 - 2014-05-14 12:24 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2014-04-26 13:05 - 2014-04-26 13:05 - 00001993 _____ () C:\Users\Public\Desktop\Adobe Reader XI.lnk
2014-04-26 13:04 - 2014-04-26 13:07 - 00000000 ____D () C:\ProgramData\Adobe
2014-04-26 13:04 - 2014-04-26 13:04 - 00000000 ____D () C:\Program Files\Common Files\Adobe
2014-04-26 13:04 - 2014-04-26 13:04 - 00000000 ____D () C:\Program Files\Adobe

==================== One Month Modified Files and Folders =======

2014-05-19 12:27 - 2014-05-16 17:11 - 00006839 _____ () C:\Users\Jan\Desktop\FRST.txt
2014-05-19 12:27 - 2013-12-13 16:17 - 00000000 ____D () C:\Users\Jan\AppData\Roaming\TS3Client
2014-05-19 12:26 - 2014-05-16 00:30 - 00000000 ____D () C:\FRST
2014-05-19 12:22 - 2014-05-13 22:52 - 00000008 __RSH () C:\ProgramData\ntuser.pol
2014-05-19 12:22 - 2013-12-06 20:15 - 00000000 ____D () C:\ProgramData\NVIDIA
2014-05-19 12:22 - 2009-07-14 06:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-05-19 12:22 - 2009-07-14 06:39 - 00061261 _____ () C:\Windows\setupact.log
2014-05-19 12:21 - 2013-12-06 18:47 - 01681610 _____ () C:\Windows\WindowsUpdate.log
2014-05-19 12:20 - 2009-07-14 04:37 - 00000000 ___HD () C:\Windows\system32\GroupPolicy
2014-05-19 12:08 - 2013-12-06 22:22 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-05-19 09:38 - 2014-05-14 11:10 - 00107736 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-05-19 09:00 - 2013-12-06 19:08 - 01622164 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-05-19 09:00 - 2009-07-14 06:34 - 00014016 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-05-19 09:00 - 2009-07-14 06:34 - 00014016 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-05-18 19:33 - 2013-12-09 17:20 - 00153920 _____ () C:\Windows\PFRO.log
2014-05-18 19:25 - 2014-05-18 19:25 - 00000000 ____D () C:\Program Files\AGEIA Technologies
2014-05-18 19:25 - 2013-12-06 20:15 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
2014-05-18 19:25 - 2013-12-06 20:12 - 00000000 ____D () C:\Program Files\NVIDIA Corporation
2014-05-18 18:39 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\Microsoft.NET
2014-05-18 18:38 - 2014-02-12 16:46 - 00000000 ____D () C:\Users\Jan\AppData\Local\NVIDIA Corporation
2014-05-18 18:38 - 2013-12-06 20:13 - 00000000 ____D () C:\ProgramData\NVIDIA Corporation
2014-05-18 17:45 - 2014-05-18 17:45 - 00855379 _____ () C:\Users\Jan\Desktop\SecurityCheck.exe
2014-05-18 15:22 - 2014-05-18 15:21 - 02347384 _____ (ESET) C:\Users\Jan\Downloads\esetsmartinstaller_deu.exe
2014-05-17 14:30 - 2014-05-17 14:30 - 00000642 _____ () C:\Users\Jan\Desktop\JRT.txt
2014-05-17 14:21 - 2014-05-16 16:42 - 00000000 ____D () C:\AdwCleaner
2014-05-17 14:19 - 2014-05-17 14:19 - 00000000 ____D () C:\Program Files\Common Files\Lavasoft
2014-05-17 14:17 - 2014-05-16 16:41 - 00001147 _____ () C:\Users\Jan\Desktop\mbam.txt
2014-05-16 20:22 - 2013-12-06 22:21 - 00000000 ____D () C:\Users\Jan\AppData\Local\Adobe
2014-05-16 20:21 - 2014-05-16 20:08 - 00000000 ____D () C:\Program Files\Google
2014-05-16 20:21 - 2014-05-12 22:49 - 00000000 ____D () C:\Users\Jan\AppData\Local\Google
2014-05-16 20:08 - 2013-12-06 22:22 - 00692400 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2014-05-16 20:08 - 2013-12-06 22:22 - 00070832 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2014-05-16 17:00 - 2014-05-16 17:00 - 00000000 ____D () C:\Windows\ERUNT
2014-05-16 16:57 - 2014-05-16 16:57 - 01016261 _____ (Thisisu) C:\Users\Jan\Desktop\JRT.exe
2014-05-16 16:46 - 2014-05-16 16:46 - 00000952 _____ () C:\Users\Jan\Desktop\AdwCleaner[S0].txt
2014-05-16 16:46 - 2009-07-14 06:53 - 00032630 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-05-16 16:28 - 2014-05-16 16:28 - 00001060 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-05-16 16:28 - 2014-05-16 16:28 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2014-05-16 16:28 - 2014-05-16 16:28 - 00000000 ____D () C:\Program Files\ Malwarebytes Anti-Malware 
2014-05-16 09:57 - 2014-05-16 09:57 - 00011190 _____ () C:\ComboFix.txt
2014-05-16 09:57 - 2014-05-16 09:44 - 00000000 ____D () C:\Qoobox
2014-05-16 09:57 - 2014-05-16 09:44 - 00000000 ____D () C:\ComboFix
2014-05-16 09:57 - 2009-07-14 04:37 - 00000000 __RHD () C:\Users\Default
2014-05-16 09:57 - 2009-07-14 04:37 - 00000000 ___RD () C:\Users\Public
2014-05-16 09:56 - 2014-05-16 09:44 - 00000000 ____D () C:\Windows\erdnt
2014-05-16 09:54 - 2009-07-14 04:04 - 00000215 _____ () C:\Windows\system.ini
2014-05-16 09:52 - 2009-07-14 04:03 - 36700160 _____ () C:\Windows\system32\config\SOFTWARE.bak
2014-05-16 09:52 - 2009-07-14 04:03 - 13107200 _____ () C:\Windows\system32\config\SYSTEM.bak
2014-05-16 09:52 - 2009-07-14 04:03 - 00524288 _____ () C:\Windows\system32\config\DEFAULT.bak
2014-05-16 09:52 - 2009-07-14 04:03 - 00262144 _____ () C:\Windows\system32\config\SECURITY.bak
2014-05-16 09:52 - 2009-07-14 04:03 - 00262144 _____ () C:\Windows\system32\config\SAM.bak
2014-05-16 09:41 - 2014-05-16 09:40 - 05200990 ____R (Swearware) C:\Users\Jan\Downloads\ComboFix.exe
2014-05-16 00:42 - 2014-05-16 00:42 - 00023769 _____ () C:\Users\Jan\Desktop\Gmer.log
2014-05-16 00:32 - 2014-05-16 00:31 - 00020084 _____ () C:\Users\Jan\Downloads\Addition.txt
2014-05-16 00:32 - 2014-05-16 00:30 - 00030016 _____ () C:\Users\Jan\Downloads\FRST.txt
2014-05-16 00:29 - 2014-05-16 00:29 - 00000468 _____ () C:\Users\Jan\Downloads\defogger_disable.log
2014-05-16 00:29 - 2014-05-16 00:29 - 00000000 _____ () C:\Users\Jan\defogger_reenable
2014-05-16 00:29 - 2013-12-06 19:26 - 00000000 ____D () C:\Users\Jan
2014-05-16 00:27 - 2014-05-16 00:27 - 01056768 _____ (Farbar) C:\Users\Jan\Desktop\FRST.exe
2014-05-16 00:27 - 2014-05-16 00:27 - 00380416 _____ () C:\Users\Jan\Downloads\Gmer-19357.exe
2014-05-16 00:26 - 2014-05-16 00:26 - 00050477 _____ () C:\Users\Jan\Downloads\Defogger.exe
2014-05-15 14:21 - 2014-05-15 14:21 - 00000498 _____ () C:\DelFix.txt
2014-05-15 14:02 - 2014-05-14 11:11 - 00000000 ____D () C:\Program Files\Spybot - Search & Destroy 2
2014-05-15 14:00 - 2013-12-06 19:27 - 00001144 _____ () C:\Users\Jan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-05-15 13:55 - 2014-05-14 11:11 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2014-05-15 13:43 - 2014-05-14 11:08 - 00000000 ____D () C:\Program Files\Lavasoft
2014-05-15 13:40 - 2014-05-15 13:40 - 00000000 ____D () C:\Users\Jan\Documents\ProcAlyzer Dumps
2014-05-15 13:10 - 2014-05-06 17:34 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-05-15 13:10 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\system32\de-DE
2014-05-14 20:04 - 2014-05-14 20:04 - 00000199 _____ () C:\Users\Jan\Desktop\Counter-Strike Global Offensive.url
2014-05-14 19:35 - 2013-12-06 19:36 - 00000000 ____D () C:\Users\Jan\AppData\Roaming\Mozilla
2014-05-14 19:34 - 2014-05-14 19:34 - 00001117 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2014-05-14 19:34 - 2014-05-14 19:34 - 00001105 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2014-05-14 19:34 - 2014-05-14 19:34 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2014-05-14 19:34 - 2014-05-10 17:56 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-05-14 12:25 - 2014-05-12 22:49 - 00000000 ____D () C:\ProgramData\18be15233c43999c
2014-05-14 12:24 - 2014-05-13 21:07 - 00000000 ____D () C:\Users\Jan\AppData\Roaming\uTorrent
2014-05-14 12:24 - 2014-04-26 13:05 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2014-05-14 12:19 - 2014-05-14 12:19 - 00000000 ____D () C:\Users\Jan\AppData\Roaming\LavasoftStatistics
2014-05-14 11:06 - 2014-05-14 11:06 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-05-14 11:04 - 2014-05-14 11:04 - 46392680 _____ (Safer-Networking Ltd. ) C:\Users\Jan\Downloads\spybot-2.3.exe
2014-05-14 11:03 - 2014-05-14 11:03 - 17305616 _____ (Malwarebytes Corporation ) C:\Users\Jan\Downloads\mbam-setup-2.0.1.1004.exe
2014-05-14 11:03 - 2014-05-14 11:03 - 00000000 ____D () C:\ProgramData\Lavasoft
2014-05-13 22:55 - 2014-05-13 22:55 - 00000000 __SHD () C:\Users\Jan\AppData\Local\EmieUserList
2014-05-13 22:55 - 2014-05-13 22:55 - 00000000 __SHD () C:\Users\Jan\AppData\Local\EmieSiteList
2014-05-13 22:53 - 2014-05-13 22:53 - 00000000 ____D () C:\Program Files\MSR
2014-05-13 22:52 - 2014-05-13 22:52 - 00000000 ____D () C:\Users\Jan\AppData\Roaming\wi_upd
2014-05-13 22:51 - 2014-05-13 22:51 - 02271256 _____ () C:\Users\Jan\Downloads\Garrys.Mod.v13.06.20-v13.07.05.Update.exe
2014-05-13 22:46 - 2014-05-12 22:10 - 00000000 ____D () C:\Users\Jan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games
2014-05-13 22:39 - 2014-05-13 22:19 - 1015875267 _____ () C:\Users\Jan\Downloads\CSS_2013_patch_1909615_nosTEAM.exe
2014-05-13 22:37 - 2014-05-13 22:37 - 00222184 _____ (Deposit Files) C:\Users\Jan\Downloads\dfdownloader_xMdXQR_.exe
2014-05-13 21:19 - 2014-05-13 21:19 - 00222184 _____ (Deposit Files) C:\Users\Jan\Downloads\dfdownloader_luc4Mu_.exe
2014-05-13 21:06 - 2014-05-13 21:06 - 01670992 _____ (BitTorrent Inc.) C:\Users\Jan\Downloads\uTorrent_3.4.1_31139.exe
2014-05-13 21:00 - 2014-05-13 21:00 - 00222184 _____ (Deposit Files) C:\Users\Jan\Downloads\dfdownloader_sbRdYx_.exe
2014-05-12 23:14 - 2013-12-06 19:31 - 00000000 ____D () C:\Program Files\Common Files\Steam
2014-05-12 22:55 - 2014-05-12 22:48 - 00000000 ____D () C:\ProgramData\InstallMate
2014-05-12 22:50 - 2014-05-12 22:50 - 00000000 ____D () C:\ProgramData\ItsMyApp
2014-05-12 22:49 - 2014-05-12 22:49 - 00000000 ____D () C:\Users\Jan\AppData\Local\Comodo
2014-05-12 22:49 - 2014-05-12 22:49 - 00000000 ____D () C:\Users\Jan\AppData\Local\Chromatic Browser
2014-05-12 22:49 - 2014-05-12 22:49 - 00000000 ____D () C:\Users\Gast\AppData\Local\Google
2014-05-12 22:49 - 2014-05-12 22:49 - 00000000 ____D () C:\Users\Gast\AppData\Local\Comodo
2014-05-12 22:49 - 2014-05-12 22:49 - 00000000 ____D () C:\Users\Gast\AppData\Local\Chromatic Browser
2014-05-12 22:49 - 2014-05-12 22:49 - 00000000 ____D () C:\Users\Gast
2014-05-12 22:49 - 2014-05-12 22:49 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Google
2014-05-12 22:49 - 2014-05-12 22:49 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Comodo
2014-05-12 22:49 - 2014-05-12 22:49 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Chromatic Browser
2014-05-12 22:49 - 2014-05-12 22:49 - 00000000 ____D () C:\Users\Administrator
2014-05-12 22:20 - 2013-12-06 19:27 - 00000000 ____D () C:\Users\Jan\AppData\Local\VirtualStore
2014-05-12 22:07 - 2014-05-12 22:07 - 00000000 ____D () C:\Users\Jan\Documents\230828-672014-dungeon-keeper-2.rar
2014-05-09 09:06 - 2014-05-14 09:26 - 00369664 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-05-09 09:04 - 2014-05-14 09:26 - 00302592 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-05-08 16:12 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\rescache
2014-05-06 05:25 - 2014-05-15 01:36 - 17382912 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-05-06 05:07 - 2014-05-15 01:36 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-05-06 04:10 - 2014-05-15 01:36 - 00069632 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-05-02 21:03 - 2014-05-02 21:03 - 03441423 _____ () C:\Users\Jan\Downloads\Instalok - Pick Anyone (Jason Derulo -
2014-04-30 20:29 - 2013-12-06 20:16 - 01081112 _____ (NVIDIA Corporation) C:\Windows\system32\nvspcap.dll
2014-04-26 13:07 - 2014-04-26 13:04 - 00000000 ____D () C:\ProgramData\Adobe
2014-04-26 13:06 - 2013-12-06 20:53 - 00000000 ____D () C:\Users\Jan\AppData\Roaming\Adobe
2014-04-26 13:05 - 2014-04-26 13:05 - 00001993 _____ () C:\Users\Public\Desktop\Adobe Reader XI.lnk
2014-04-26 13:04 - 2014-04-26 13:04 - 00000000 ____D () C:\Program Files\Common Files\Adobe
2014-04-26 13:04 - 2014-04-26 13:04 - 00000000 ____D () C:\Program Files\Adobe

Some content of TEMP:
====================
C:\Users\Jan\AppData\Local\temp\GPUpd.exe
C:\Users\Jan\AppData\Local\temp\nv3DVStreaming.dll
C:\Users\Jan\AppData\Local\temp\nvSCPAPI.dll
C:\Users\Jan\AppData\Local\temp\nvStereoApiI.dll
C:\Users\Jan\AppData\Local\temp\nvStInst.exe
C:\Users\Jan\AppData\Local\temp\Quarantine.exe


==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\system32\winlogon.exe
[2014-05-14 09:26] - [2014-03-04 11:17] - 0304128 ____A (Microsoft Corporation) 998507B046BA314CE8245364C686FA67

C:\Windows\system32\wininit.exe => MD5 is legit
C:\Windows\system32\svchost.exe => MD5 is legit
C:\Windows\system32\services.exe => MD5 is legit
C:\Windows\system32\User32.dll => MD5 is legit
C:\Windows\system32\userinit.exe => MD5 is legit
C:\Windows\system32\rpcss.dll => MD5 is legit
C:\Windows\system32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2014-05-09 11:39

==================== End Of Log ============================
         
--- --- ---

--- --- ---

Alt 20.05.2014, 09:11   #10
schrauber
/// the machine
/// TB-Ausbilder
 

Windows 7(32Bit): CPU Auslastung hoch/möglicher Virenbefall - Standard

Windows 7(32Bit): CPU Auslastung hoch/möglicher Virenbefall



Noch Probleme?
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 20.05.2014, 11:29   #11
JanR91
 
Windows 7(32Bit): CPU Auslastung hoch/möglicher Virenbefall - Standard

Windows 7(32Bit): CPU Auslastung hoch/möglicher Virenbefall



Hey,

nein momentan läuft alles gut

Vielen vielen Dank für deine Hilfe!

Gruß JanR91

Alt 21.05.2014, 07:43   #12
schrauber
/// the machine
/// TB-Ausbilder
 

Windows 7(32Bit): CPU Auslastung hoch/möglicher Virenbefall - Standard

Windows 7(32Bit): CPU Auslastung hoch/möglicher Virenbefall



Fertig

Die Reihenfolge ist hier entscheidend.
  1. Falls Defogger benutzt wurde: Defogger nochmal starten und auf re-enable klicken.
  2. Falls Combofix benutzt wurde: (Alternativ in uninstall.exe umbenennen und starten)
    • Windowstaste + R > Combofix /Uninstall (eingeben) > OK
    • Alternative: Combofix.exe in uninstall.exe umbenennen und starten
    • Combofix wird jetzt starten, sich evtl updaten und dann alle Reste von sich selbst entfernen.
  3. Downloade Dir bitte auf jeden Fall DelFix Download DelFix auf deinen Desktop:
    • Schließe alle offenen Programme.
    • Starte die delfix.exe mit einem Doppelklick.
    • Setze vor jede Funktion ein Häkchen.
    • Klicke auf Start.
    • Hinweis: DelFix entfernt u. a. alle verwendeten Programme, die Quarantäne unserer Scanner, den Java-Cache und löscht sich abschließend selbst.
    • Starte deinen Rechner abschließend neu.
  4. Sollten jetzt noch Programme aus unserer Bereinigung übrig sein kannst du sie bedenkenlos löschen.



Falls Du Lob oder Kritik abgeben möchtest kannst Du das hier tun

Hier noch ein paar Tipps zur Absicherung deines Systems.


Ich kann garnicht zu oft erwähnen, wie wichtig es ist, dass dein System Up to Date ist.
  • Bitte überprüfe ob dein System Windows Updates automatisch herunter lädt
  • Windows Updates
    • Windows XP: Start --> Systemsteuerung --> Doppelklick auf Automatische Updates
    • Windows Vista / 7: Start --> Systemsteuerung --> System und Sicherheit --> Automatische Updates aktivieren oder deaktivieren
  • Gehe sicher das die automatischen Updates aktiviert sind.
  • Software Updates
    Installierte Software kann ebenfalls Sicherheitslücken haben, welche Malware nutzen kann, um dein System zu infizieren.
    Um deine Installierte Software up to date zu halten, empfehle ich dir Secunia Online Software.


Anti- Viren Software
  • Gehe sicher immer eine Anti Viren Software installiert zu haben und das diese auch up to date ist. Es ist nämlich nutzlos wenn diese out of date sind.


Zusätzlicher Schutz
  • MalwareBytes Anti Malware
    Dies ist eines der besten Anti-Malware Tools auf dem Markt. Es ist ein On- Demond Scan Tool welches viele aktuelle Malware erkennt und auch entfernt.
    Update das Tool und lass es einmal in der Woche laufen. Die Kaufversion biete zudem noch einen Hintergrundwächter.
    Ein Tutorial zur Verwendung findest Du hier.
  • WinPatrol
    Diese Software macht einen Snapshot deines Systems und warnt dich vor eventuellen Änderungen. Downloade dir die Freeware Version von hier.


Sicheres Browsen
  • SpywareBlaster
    Eine kurze Einführung findest du Hier
  • MVPs hosts file
    Ein Tutorial findest Du hier. Leider habe ich bis jetzt kein deutschsprachiges gefunden.
  • WOT (Web of trust)
    Dieses AddOn warnt Dich bevor Du eine als schädlich gemeldete Seite besuchst.


Alternative Browser

Andere Browser tendieren zu etwas mehr Sicherheit als der IE, da diese keine Active X Elemente verwenden. Diese können von Spyware zur Infektion deines Systems missbraucht werden.
  • Opera
  • Mozilla Firefox.
    • Hinweis: Für diesen Browser habe ich hier ein paar nützliche Add Ons
    • NoScript
      Dieses AddOn blockt JavaScript, Java and Flash und andere Plugins. Sie werden nur dann ausgeführt wenn Du es bestätigst.
    • AdblockPlus
      Dieses AddOn blockt die meisten Werbung von selbst. Ein Rechtsklick auf den Banner um diesen zu AdBlockPlus hinzu zu fügen reicht und dieser wird nicht mehr geladen.
      Es spart ausserdem Downloadkapazität.

Performance
Bereinige regelmäßig deine Temp Files. Ich empfehle hierzu TFC
Halte dich fern von jedlichen Registry Cleanern.
Diese Schaden deinem System mehr als sie helfen. Hier ein paar ( englishe ) Links
Miekemoes Blogspot ( MVP )
Bill Castner ( MVP )



Don'ts
  • Klicke nicht auf alles nur weil es Dich dazu auffordert und schön bunt ist.
  • verwende keine peer to peer oder Filesharing Software (Emule, uTorrent,..)
  • Lass die Finger von Cracks, Keygens, Serials oder anderer illegaler Software.
  • Öffne keine Anhänge von Dir nicht bekannten Emails. Achte vor allem auf die Dateiendung wie zb deinFoto.jpg.exe
Nun bleibt mir nur noch dir viel Spass beim sicheren Surfen zu wünschen.

Hinweis: Bitte gib mir eine kurze Rückmeldung wenn alles erledigt ist und keine Fragen mehr vorhanden sind, so das ich diesen Thread aus meinen Abos löschen kann.
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 24.05.2014, 14:16   #13
JanR91
 
Windows 7(32Bit): CPU Auslastung hoch/möglicher Virenbefall - Standard

Windows 7(32Bit): CPU Auslastung hoch/möglicher Virenbefall



Alles erledigt!

Vielen Dank

Alt 25.05.2014, 07:01   #14
schrauber
/// the machine
/// TB-Ausbilder
 

Windows 7(32Bit): CPU Auslastung hoch/möglicher Virenbefall - Standard

Windows 7(32Bit): CPU Auslastung hoch/möglicher Virenbefall



Gern Geschehen
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Antwort

Themen zu Windows 7(32Bit): CPU Auslastung hoch/möglicher Virenbefall
association, auslastung, fehlercode 1, flash player, homepage, iexplore.exe, installation, services.exe, software, svchost.exe, virenbefal, win32/adware.lollipop.t, win32/adware.pricepeep.b, win32/conduit.searchprotect.h, win32/installerex.m, win32/mypcbackup.a, win32/outbrowse.c, win32/outbrowse.d, win32/skintrim.lq, win32/toolbar.conduit.r, win32/wajam.b, win32/wajam.d, win32/wajam.f, windows, windows xp



Ähnliche Themen: Windows 7(32Bit): CPU Auslastung hoch/möglicher Virenbefall


  1. Möglicher Virenbefall im kompletten Netzwerk
    Antiviren-, Firewall- und andere Schutzprogramme - 27.07.2015 (4)
  2. Windows 7: Virusmeldungen + CPU und RAM Auslastung sehr hoch
    Log-Analyse und Auswertung - 01.04.2015 (15)
  3. System fährt extrem langsam hoch- Virenbefall??
    Plagegeister aller Art und deren Bekämpfung - 19.02.2015 (84)
  4. Windows 7 Lüfter durchgehend laut CPU Auslastung gering - PC neu aufgesetzt nach Virenbefall
    Log-Analyse und Auswertung - 19.02.2015 (18)
  5. Windows 7: Möglicher Virenbefall, Rechner lange Zeit ohne Antivirussoftware benutzt
    Plagegeister aller Art und deren Bekämpfung - 07.02.2015 (9)
  6. windows 7 cpu Auslastung sehr hoch vermute Virus
    Plagegeister aller Art und deren Bekämpfung - 09.01.2015 (23)
  7. Windows 8.1 neuer Laptop CPu auslastung bei allem zu hoch Tastatur reagiert sehr spät
    Plagegeister aller Art und deren Bekämpfung - 23.12.2014 (4)
  8. Möglicher Trojaner-/Virenbefall von Webseite
    Plagegeister aller Art und deren Bekämpfung - 20.02.2014 (3)
  9. hohe cpu-auslastung durch systemunterbrechungen sowie virenbefall
    Plagegeister aller Art und deren Bekämpfung - 22.10.2013 (9)
  10. PC fährt nicht hoch, mit Fehlermeldung - WinXP, 32bit, BIOS Version V1.3 110405
    Netzwerk und Hardware - 26.02.2013 (2)
  11. CPU Auslastung zu hoch, was tun?
    Log-Analyse und Auswertung - 30.11.2012 (5)
  12. Cpu & ram auslastung zu hoch!
    Netzwerk und Hardware - 24.11.2012 (0)
  13. CPU Auslastung zu hoch
    Log-Analyse und Auswertung - 19.02.2011 (7)
  14. CPU Auslastung als auch RAM ständig zu hoch (Windows 7)
    Alles rund um Windows - 21.01.2011 (18)
  15. CPU Auslastung zu hoch
    Log-Analyse und Auswertung - 14.02.2010 (1)
  16. CPU-Auslastung hoch
    Mülltonne - 20.12.2008 (0)
  17. Hoch CPU-Auslastung
    Alles rund um Windows - 17.11.2007 (0)

Zum Thema Windows 7(32Bit): CPU Auslastung hoch/möglicher Virenbefall - Hallo Trojaner-Board, seit einigen Tagen habe ich das Problem, das mein Laptop eine relativ hohe CPU-Auslastung hat. Möglicherweise habe ich mir durch Surfen im Internet einen oder mehrere Viren/Trojaner eingefangen. - Windows 7(32Bit): CPU Auslastung hoch/möglicher Virenbefall...
Archiv
Du betrachtest: Windows 7(32Bit): CPU Auslastung hoch/möglicher Virenbefall auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.