| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Maus Klick 2x statt 1x/ Google Chrome öffnet Ads trotz Adblock proWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
26.05.2014, 13:08
| #46 |
 |  Maus Klick 2x statt 1x/ Google Chrome öffnet Ads trotz Adblock proCode:
ATTFilter Malwarebytes Anti-Rootkit BETA 1.07.0.1009
www.malwarebytes.org
Database version: v2014.05.26.01
Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 11.0.9600.17107
Margit :: JUSTIN-PC [administrator]
26.05.2014 13:16:41
mbar-log-2014-05-26 (13-16-41).txt
Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled:
Objects scanned: 326162
Time elapsed: 26 minute(s), 43 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 0
(No malicious items detected)
Physical Sectors Detected: 0
(No malicious items detected)
(end)
|
|
26.05.2014, 13:12
| #47 |
| /// Malwareteam   | Maus Klick 2x statt 1x/ Google Chrome öffnet Ads trotz Adblock pro Hi
__________________das ist schonmal positiv. dann haben wir es "nur" mit Adware zu tun. Es sind nur Einträge von Malware im Logfile die neu sind. Also entweder installiert sich die Adware nach.... z.B. Movietoolbar führe bitte folgenden Schritt aus. Mir ist bewust, dass wir Adwcleaner schon einmal genutzt haben. Downloade Dir bitte  AdwCleaner auf deinen Desktop.
__________________ Geändert von Aneri (26.05.2014 um 13:33 Uhr) |
|
26.05.2014, 14:40
| #48 |
| | Maus Klick 2x statt 1x/ Google Chrome öffnet Ads trotz Adblock proCode:
ATTFilter # AdwCleaner v3.211 - Bericht erstellt am 26/05/2014 um 14:18:57
# Aktualisiert 26/05/2014 von Xplode
# Betriebssystem : Windows 7 Professional Service Pack 1 (64 bits)
# Benutzername : Margit - JUSTIN-PC
# Gestartet von : C:\Users\Margit\Downloads\adwcleaner_3.211.exe
# Option : Löschen
***** [ Dienste ] *****
***** [ Dateien / Ordner ] *****
Ordner Gelöscht : C:\ProgramData\SafetyNut
Ordner Gelöscht : C:\Program Files (x86)\MSR
Ordner Gelöscht : C:\Users\Margit\AppData\Local\Pokki
***** [ Verknüpfungen ] *****
***** [ Registrierungsdatenbank ] *****
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\BabMaint_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\BabMaint_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\MyDeltaTB_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\MyDeltaTB_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\updatequalitink_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\updatequalitink_RASMANCS
Wert Gelöscht : HKLM\SYSTEM\ControlSet001\Control\Session Manager\AppCertDlls [x64]
Wert Gelöscht : HKLM\SYSTEM\ControlSet001\Control\Session Manager\AppCertDlls [x86]
Wert Gelöscht : HKLM\SYSTEM\ControlSet002\Control\Session Manager\AppCertDlls [x64]
Wert Gelöscht : HKLM\SYSTEM\ControlSet002\Control\Session Manager\AppCertDlls [x86]
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Schlüssel Gelöscht : HKCU\Software\Ciuvo
Schlüssel Gelöscht : HKCU\Software\Pokki
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software
***** [ Browser ] *****
-\\ Internet Explorer v11.0.9600.17041
-\\ Mozilla Firefox v
[ Datei : C:\Users\Margit\AppData\Roaming\Mozilla\Firefox\Profiles\qmvnd1sk.default\prefs.js ]
-\\ Google Chrome v35.0.1916.114
[ Datei : C:\Users\Margit\AppData\Local\Google\Chrome\User Data\Default\preferences ]
*************************
AdwCleaner[R4].txt - [2371 octets] - [26/05/2014 14:15:24]
AdwCleaner[S1].txt - [2018 octets] - [26/05/2014 14:18:57]
########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [2078 octets] ##########
|
|
26.05.2014, 14:48
| #49 |
| /// Malwareteam | Maus Klick 2x statt 1x/ Google Chrome öffnet Ads trotz Adblock pro gut dann noch eine FRST Logfile hinterher. Die fixen wir dann manuell zusammen mit den Funden von ESET. erstelle ein Logfile mit FRST und poste es hier. Die Adittion.txt benötige ich nicht |
|
26.05.2014, 14:52
| #50 |
| | Maus Klick 2x statt 1x/ Google Chrome öffnet Ads trotz Adblock proFRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 25-05-2014 02 Ran by Margit (administrator) on JUSTIN-PC on 26-05-2014 15:51:00 Running from C:\Users\Margit\Desktop Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: German Standard Internet Explorer Version 11 Boot Mode: Normal ==================== Processes (Whitelisted) ================= (AMD) C:\Windows\System32\atiesrxx.exe (SurfRight B.V.) C:\Program Files\HitmanPro\hmpsched.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (AMD) C:\Windows\System32\atieclxx.exe (Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe (AVM Berlin) C:\Program Files (x86)\avmwlanstick\WLanNetService.exe (Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe (Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe (Nero AG) C:\Program Files (x86)\HTC\HTC Sync Manager\HSMServiceEntry.exe (LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe (Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe (Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe () C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe () C:\Windows\SysWOW64\PnkBstrA.exe (LogMeIn Inc.) C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe (Nero AG) C:\Program Files (x86)\Nero\Update\NASvc.exe (Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe (Spotify Ltd) C:\Users\Margit\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe (Akamai Technologies, Inc.) C:\Users\Margit\AppData\Local\Akamai\netsession_win.exe (Akamai Technologies, Inc.) C:\Users\Margit\AppData\Local\Akamai\netsession_win.exe (Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe (AVM Berlin) C:\Program Files (x86)\avmwlanstick\WLanGUI.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe () C:\Program Files (x86)\HTC\HTC Sync Manager\HTC Sync\adb.exe (ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe (SlimWare Utilities, Inc.) C:\Program Files (x86)\SlimDrivers\SlimDrivers.exe (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe ==================== Registry (Whitelisted) ================== HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated) HKLM-x32\...\Run: [AVMWlanClient] => C:\Program Files (x86)\avmwlanstick\wlangui.exe [1904640 2009-03-20] (AVM Berlin) HKLM-x32\...\Run: [tmp92DF] => wscript.exe //B "C:\Users\Margit\AppData\Roaming\tmp92DF.tmp.vbs" HKLM-x32\...\Run: [tmp7F5F] => wscript.exe //B "C:\Users\Margit\AppData\Roaming\tmp7F5F.tmp.vbs" HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [689744 2014-02-14] (Avira Operations GmbH & Co. KG) HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [642304 2013-04-30] (Advanced Micro Devices, Inc.) HKLM-x32\...\Run: [AMD AVT] => C:\Program Files (x86)\AMD AVT\bin\kdbsync.exe [20992 2012-03-19] () HKU\S-1-5-21-3413827966-1155256820-1680526860-1000\...\Run: [tmp710D] => wscript.exe //B "C:\Users\Margit\AppData\Roaming\tmp710D.tmp.vbs" HKU\S-1-5-21-3413827966-1155256820-1680526860-1000\...\Run: [tmp92DF] => wscript.exe //B "C:\Users\Margit\AppData\Roaming\tmp92DF.tmp.vbs" HKU\S-1-5-21-3413827966-1155256820-1680526860-1000\...\Run: [tmp7F5F] => wscript.exe //B "C:\Users\Margit\AppData\Roaming\tmp7F5F.tmp.vbs" HKU\S-1-5-21-3413827966-1155256820-1680526860-1000\...\Run: [Steam] => "C:\Program Files (x86)\Steam\steam.exe" -silent HKU\S-1-5-21-3413827966-1155256820-1680526860-1000\...\Run: [Spotify Web Helper] => C:\Users\Margit\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1176632 2014-05-13] (Spotify Ltd) HKU\S-1-5-21-3413827966-1155256820-1680526860-1000\...\Run: [Akamai NetSession Interface] => C:\Users\Margit\AppData\Local\Akamai\netsession_win.exe [4672920 2014-04-17] (Akamai Technologies, Inc.) HKU\S-1-5-21-3413827966-1155256820-1680526860-1000\...\RunOnce: [Application Restart #1] - C:\Users\Margit\AppData\Local\Pokki\Engine\pokki.exe --disable-internal-flash --noerrdialogs --no-message-box --disable-extensions --disable-web-security --disable-web-resources --disable-client-side-phishing-detection --enable-file-cookies --disable-sync --disable-breakpad --disable-bundled-ppapi-flash --disable-sync-tabs --disable-speech-input --disable-custom-jumplist --process-per-tab --debug-devtools-frontend="C:\Users\Margit\AppData\Local\Pokki\Engine\inspector" --no-first-run --lang=en-US --disable-component-update --disable-prompt-on-repost --no-startup-window --disable-translate --disable-logging --disable-desktop-notifications --disable-gpu-process-prelaunch --flag-switches-begin --flag-switches-end --restore-last-session HKU\S-1-5-21-3413827966-1155256820-1680526860-1000\...\Policies\Explorer: [NoDriveTypeAutoRun] 0x91000000 HKU\S-1-5-21-3413827966-1155256820-1680526860-1000\...\Policies\Explorer: [DisallowRun] 1 HKU\S-1-5-21-3413827966-1155256820-1680526860-1000\...\MountPoints2: {2bbf67ef-4872-11e2-abca-806e6f6e6963} - G:\pushinst.exe HKU\S-1-5-21-3413827966-1155256820-1680526860-1000\...\MountPoints2: {56d2ac12-482c-11e2-b9a4-806e6f6e6963} - E:\Setup\Setup.exe HKU\S-1-5-21-3413827966-1155256820-1680526860-1000\...\MountPoints2: {79c16e3d-9319-11e3-9d8b-001f3f0b7467} - G:\HTC_Sync_Manager_PC.exe HKU\S-1-5-21-3413827966-1155256820-1680526860-1000\...\MountPoints2: {90bbfc16-9f7a-11e3-a1e1-001f3f0b7467} - G:\HTC_Sync_Manager_PC.exe HKU\S-1-5-21-3413827966-1155256820-1680526860-1000\...\MountPoints2: {ba1eb395-7797-11e3-bf2e-001f3f0b7467} - G:\Startme.exe GroupPolicy: Group Policy on Chrome detected <======= ATTENTION ==================== Internet (Whitelisted) ==================== ProxyServer: http=127.0.0.1:8118;https=127.0.0.1:8118 HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com/ie HKCU\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.giga.de/ hxxp://www.giga.de/software/ StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe SearchScopes: HKLM - {52db1893-8a90-4192-aede-08e00b8f8473} URL = hxxp://dts.search.ask.com/sr?src=ieb&gct=ds&appid=103&systemid=473&v=a12627-231&apn_uid=1409679344264255&apn_dtid=BND101&o=APN10640&apn_ptnrs=AG1&q={searchTerms} SearchScopes: HKCU - 22EA1A12B3E24133B4CA4C7B0B813C8D URL = hxxp://search.conduit.com/Results.aspx?ctid=CT3314958&octid=EB_ORIGINAL_CTID&SearchSource=58&CUI=&UM=2&UP=SP263FBD7A-DDBA-474A-BBD4-F66725079B11&q={searchTerms} SearchScopes: HKCU - D69E9EE4B4C84532AC514227F15EED0C URL = hxxp://feed.snapdo.com/?publisher=VertiTechnologyYB&dpid=VertiTechnologyYB&co=DE&userid=44264814-f76a-4edf-a8dd-c26e4f5313e9&searchtype=ds&q={searchTerms}&installDate=01/01/1970 SearchScopes: HKCU - {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = SearchScopes: HKCU - {856F3102-7FB0-4CD9-A33C-C59566A25268} URL = hxxp://search.ividi.org/?q={searchTerms}&src=tbsp&id=ea1b6174000000000000001f3f0b7467&affilt=3&r=360 BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO: Skype add-on for Internet Explorer - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation) BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO-x32: Skype Browser Helper - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation) BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) Toolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation) Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation) Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies) Tcpip\Parameters: [DhcpNameServer] 192.168.0.1 FireFox: ======== FF ProfilePath: C:\Users\Margit\AppData\Roaming\Mozilla\Firefox\Profiles\qmvnd1sk.default FF NetworkProxy: "("network.proxy.http", "127.0.0.1");user_pref("network.proxy.http_port", 8118);user_pref("network.proxy.ssl", "127.0.0.1");user_pref("network.proxy.ssl_port", 8118 FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_13_0_0_214.dll () FF Plugin: @java.com/DTPlugin,version=10.25.2 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=10.25.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation) FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_214.dll () FF Plugin-x32: @adobe.com/ShockwavePlayer - C:\Windows\system32\Adobe\Director\np32dsw_1210150.dll No File FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 - C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.) FF Plugin-x32: @java.com/DTPlugin,version=10.25.2 - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=10.25.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation) FF Plugin-x32: @pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll No File FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF Plugin HKCU: @lightspark.github.com/Lightspark;version=1 - C:\Program Files (x86)\Lightspark 0.5.3-git\nplightsparkplugin.dll No File FF Plugin HKCU: @unity3d.com/UnityPlayer,version=1.0 - C:\Users\Margit\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS) FF Plugin HKCU: ubisoft.com/uplaypc - C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll No File FF Extension: Amazon-Icon - C:\Users\Margit\AppData\Roaming\Mozilla\Firefox\Profiles\qmvnd1sk.default\Extensions\amazon-icon@giga.de [2014-02-02] FF Extension: Firefox Update Hotfix - C:\Users\Margit\AppData\Roaming\Mozilla\Firefox\Profiles\qmvnd1sk.default\Extensions\firefox-hotfix@mozilla.org [2013-10-20] FF Extension: qualitink - C:\Users\Margit\AppData\Roaming\Mozilla\Firefox\Profiles\qmvnd1sk.default\Extensions\firefox@qualitink.net [2013-11-16] FF Extension: No Name - C:\Users\Margit\AppData\Roaming\Mozilla\Firefox\Profiles\qmvnd1sk.default\Extensions\staged [2014-02-02] FF Extension: Firefox Update Hotfix - C:\Users\Margit\AppData\Roaming\Mozilla\Firefox\Profiles\qmvnd1sk.default\Extensions\firefox-hotfix@mozilla.org.xpi [2013-10-20] FF HKCU\...\Firefox\Extensions: [addlyrics@addlyrics.net] - C:\Program Files (x86)\AddLyrics\FF\ FF HKCU\...\Firefox\Extensions: [{4444b3b9-67e2-4ab0-b4b6-2ed87c311594}] - C:\Program Files (x86)\Re-Markable\150.xpi Chrome: ======= CHR HomePage: CHR DefaultSearchKeyword: ask.com CHR DefaultSearchProvider: Ask.com CHR DefaultSearchURL: hxxp://dts.search.ask.com/sr?src=crb&gct=ds&appid=103&systemid=473&v=a12627-231&apn_uid=1409679344264255&apn_dtid=BND101&o=APN10640&apn_ptnrs=AG1&q={searchTerms} CHR DefaultNewTabURL: CHR Extension: (Google Drive) - C:\Users\Margit\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-03-27] CHR Extension: (YouTube) - C:\Users\Margit\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-03-27] CHR Extension: (Google-Suche) - C:\Users\Margit\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-03-27] CHR Extension: (AdBlock Premium) - C:\Users\Margit\AppData\Local\Google\Chrome\User Data\Default\Extensions\fndlhnanhedoklpdaacidomdnplcjcpj [2014-05-25] CHR Extension: (Google Wallet) - C:\Users\Margit\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-21] CHR Extension: (Google Mail) - C:\Users\Margit\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-03-27] CHR HKCU\...\Chrome\Extension: [dapejillpcnbpfidhfkpidklcombbmel] - C:\Users\Margit\AppData\Local\CRE\dapejillpcnbpfidhfkpidklcombbmel.crx [2014-03-27] CHR HKLM-x32\...\Chrome\Extension: [dapejillpcnbpfidhfkpidklcombbmel] - C:\Users\Margit\AppData\Local\CRE\dapejillpcnbpfidhfkpidklcombbmel.crx [2014-03-27] CHR HKLM-x32\...\Chrome\Extension: [hfimjncgpflkpkhbnnblhblobjjjhjhd] - C:\Program Files (x86)\qualitink\hfimjncgpflkpkhbnnblhblobjjjhjhd.crx [2014-03-27] CHR HKLM-x32\...\Chrome\Extension: [jpfpfhlafnadialopcnmpnnonkoncnej] - C:\Program Files (x86)\MediaBuzzV1\MediaBuzzV1mode3625\ch\MediaBuzzV1mode3625.crx [2014-03-27] CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2014-04-11] CHR HKLM-x32\...\Chrome\Extension: [ljkcijnbckdflhifmbnfnkjacokloacf] - C:\Program Files (x86)\qualitink\ljkcijnbckdflhifmbnfnkjacokloacf.crx [2014-04-11] CHR HKLM-x32\...\Chrome\Extension: [oeajfgfbfkoagohfgaimemkippdnedli] - C:\Program Files (x86)\RichMediaViewV1\RichMediaViewV1release393\ch\RichMediaViewV1release393.crx [2014-04-11] CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION ==================== Services (Whitelisted) ================= R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [361984 2013-04-29] (Advanced Micro Devices, Inc.) R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [440400 2014-02-14] (Avira Operations GmbH & Co. KG) R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [440400 2014-02-14] (Avira Operations GmbH & Co. KG) R2 AsSysCtrlService; C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe [96896 2009-12-29] (ASUSTeK Computer Inc.) R2 AVM WLAN Connection Service; C:\Program Files (x86)\avmwlanstick\WlanNetService.exe [368640 2009-03-20] (AVM Berlin) R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390720 2014-04-11] (Microsoft Corporation) R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1764992 2014-04-11] (Microsoft Corporation) R2 HitmanProScheduler; C:\Program Files\HitmanPro\hmpsched.exe [127752 2014-03-28] (SurfRight B.V.) R2 HTCMonitorService; C:\Program Files (x86)\HTC\HTC Sync Manager\HSMServiceEntry.exe [87368 2013-11-18] (Nero AG) R2 LMIGuardianSvc; C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe [377616 2014-02-26] (LogMeIn, Inc.) R2 MBAMScheduler; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe [1809720 2014-05-12] (Malwarebytes Corporation) R2 MBAMService; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [860472 2014-05-12] (Malwarebytes Corporation) R2 PassThru Service; C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [166912 2013-10-17] () R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76888 2013-09-15] () S2 System Update kb77600; C:\Windows\Microsoft\System Update kb77600\WindowsUpdater.exe [17920 2014-03-19] () S2 TuneUp.UtilitiesSvc; "C:\Program Files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesService64.exe" [X] ==================== Drivers (Whitelisted) ==================== R2 AODDriver4.1; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [53888 2012-03-05] (Advanced Micro Devices) R1 AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [13440 2010-08-25] () R1 AsUpIO; C:\Windows\SysWow64\drivers\AsUpIO.sys [13368 2009-07-07] () R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [108440 2014-02-14] (Avira Operations GmbH & Co. KG) R1 avgtp; C:\Windows\system32\drivers\avgtpx64.sys [45856 2013-06-08] (AVG Technologies) R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [131576 2014-02-14] (Avira Operations GmbH & Co. KG) R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2014-02-14] (Avira Operations GmbH & Co. KG) S3 avmeject; C:\Windows\System32\drivers\avmeject.sys [14120 2009-03-20] (AVM Berlin) S3 drvr; C:\Windows\SysWOW64\drivers\drvr.sys [8704 2010-03-09] () R3 FWLANUSB; C:\Windows\System32\DRIVERS\fwlanusb.sys [460800 2009-03-20] (AVM GmbH) S3 HtcVCom32; C:\Windows\System32\DRIVERS\HtcVComV64.sys [121800 2010-03-09] (QUALCOMM Incorporated) R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-05-12] (Malwarebytes Corporation) R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [122584 2014-05-26] (Malwarebytes Corporation) R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-05-12] (Malwarebytes Corporation) R3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [15416 2009-07-18] () R1 netfilter64; C:\Windows\System32\drivers\netfilter64.sys [61592 2013-12-17] (NetFilterSDK.com) R2 npf; C:\Windows\System32\drivers\npf.sys [35344 2011-02-11] (CACE Technologies, Inc.) R1 Serial; C:\Windows\System32\DRIVERS\serial.sys [94208 2009-07-14] (Brother Industries Ltd.) S3 SWDUMon; C:\Windows\System32\DRIVERS\SWDUMon.sys [16152 2014-05-26] () S3 taphss6; C:\Windows\System32\DRIVERS\taphss6.sys [42184 2013-10-16] (Anchorfree Inc.) R1 {50c078f1-4117-4aad-852a-0b3bbfb46b18}Gw64; C:\Windows\System32\drivers\{50c078f1-4117-4aad-852a-0b3bbfb46b18}Gw64.sys [61112 2014-04-24] (StdLib) S3 ALSysIO; \??\C:\Users\Margit\AppData\Local\Temp\ALSysIO64.sys [X] S3 Andbus; system32\DRIVERS\lgandbus64.sys [X] S3 AndDiag; system32\DRIVERS\lganddiag64.sys [X] S3 AndGps; system32\DRIVERS\lgandgps64.sys [X] S3 ANDModem; system32\DRIVERS\lgandmodem64.sys [X] S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [X] S3 TuneUpUtilitiesDrv; \??\C:\Program Files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesDriver64.sys [X] S3 X6va011; \??\C:\Windows\SysWOW64\Drivers\X6va011 [X] S3 X6va012; \??\C:\Windows\SysWOW64\Drivers\X6va012 [X] S3 X6va013; \??\C:\Windows\SysWOW64\Drivers\X6va013 [X] S3 X6va015; \??\C:\Windows\SysWOW64\Drivers\X6va015 [X] S3 X6va016; \??\C:\Windows\SysWOW64\Drivers\X6va016 [X] S3 xhunter1; \??\C:\Windows\xhunter1.sys [X] ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2014-05-26 14:15 - 2014-05-26 14:15 - 01327971 _____ () C:\Users\Margit\Downloads\adwcleaner_3.211.exe 2014-05-26 13:54 - 2014-05-26 13:59 - 00176005 _____ () C:\Users\Margit\Desktop\Neues Textdokument (3).txt 2014-05-26 13:16 - 2014-05-26 14:08 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable) 2014-05-26 13:15 - 2014-05-26 14:08 - 00000000 ____D () C:\Users\Margit\Desktop\mbar 2014-05-26 13:14 - 2014-05-26 13:15 - 12589848 _____ (Malwarebytes Corp.) C:\Users\Margit\Downloads\mbar-1.07.0.1009.exe 2014-05-26 11:05 - 2014-05-26 11:05 - 00000822 _____ () C:\Users\Public\Desktop\CCleaner.lnk 2014-05-26 11:04 - 2014-05-26 11:05 - 04748896 _____ (Piriform Ltd) C:\Users\Margit\Downloads\ccsetup414.exe 2014-05-26 10:24 - 2014-05-26 10:24 - 00001268 _____ () C:\Users\Margit\Desktop\Revo Uninstaller.lnk 2014-05-26 10:24 - 2014-05-26 10:24 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group 2014-05-26 10:23 - 2014-05-26 10:24 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\Margit\Downloads\revosetup95.exe 2014-05-26 10:00 - 2014-05-26 11:37 - 00042054 _____ () C:\Users\Margit\Desktop\Addition.txt 2014-05-26 09:59 - 2014-05-26 15:51 - 02509712 _____ () C:\Users\Margit\Desktop\FRST.txt 2014-05-26 09:59 - 2014-05-26 09:59 - 00000000 ____D () C:\Users\Margit\Desktop\FRST-OlderVersion 2014-05-25 18:35 - 2014-05-25 18:35 - 00000000 _____ () C:\Users\Margit\Desktop\Neues Textdokument (2).txt 2014-05-25 17:54 - 2014-05-25 18:02 - 948329604 _____ () C:\Users\Margit\Downloads\Gates-of-Heaven DE.exe 2014-05-25 10:05 - 2014-05-25 10:05 - 05770445 _____ () C:\Users\Margit\Downloads\18pic10.rar 2014-05-23 17:20 - 2014-05-23 17:20 - 00000000 ____D () C:\Users\Margit\AppData\Local\fabi.me 2014-05-23 17:18 - 2013-09-24 11:14 - 00179200 _____ (fabi.me) C:\Users\Margit\Desktop\SpeedAutoClicker.exe 2014-05-23 17:17 - 2014-05-23 17:18 - 00094899 _____ () C:\Users\Margit\Downloads\SpeedAutoClicker.zip 2014-05-23 16:38 - 2014-05-23 16:38 - 02347384 _____ (ESET) C:\Users\Margit\Downloads\esetsmartinstaller_deu.exe 2014-05-23 16:38 - 2014-05-23 16:38 - 00000000 ____D () C:\Program Files (x86)\ESET 2014-05-23 16:34 - 2014-05-23 16:35 - 00022255 _____ () C:\Users\Margit\Downloads\mbam-log-2014-05-23 (16-25-17).xml 2014-05-23 16:24 - 2014-05-26 14:14 - 00000000 ____D () C:\Users\Margit\Desktop\Neuer Ordner (2) 2014-05-23 15:45 - 2014-05-26 15:35 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2014-05-23 15:44 - 2014-05-26 13:15 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys 2014-05-23 15:44 - 2014-05-23 15:44 - 00001106 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk 2014-05-23 15:44 - 2014-05-23 15:44 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 2014-05-23 15:44 - 2014-05-23 15:44 - 00000000 ____D () C:\ProgramData\Malwarebytes 2014-05-23 15:44 - 2014-05-23 15:44 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 2014-05-23 15:44 - 2014-05-12 07:26 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys 2014-05-23 15:44 - 2014-05-12 07:25 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys 2014-05-23 14:15 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\Windows\SysWOW64\sqlite3.dll 2014-05-21 16:19 - 2014-05-21 16:19 - 00000000 ____D () C:\Windows\ERUNT 2014-05-21 13:59 - 2014-05-26 14:19 - 00000000 ____D () C:\AdwCleaner 2014-05-16 19:10 - 2014-05-26 15:51 - 00000000 ____D () C:\FRST 2014-05-16 19:09 - 2014-05-26 09:59 - 02066944 _____ (Farbar) C:\Users\Margit\Desktop\FRST64.exe 2014-05-14 22:58 - 2014-05-06 06:40 - 23544320 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2014-05-14 22:58 - 2014-05-06 06:17 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2014-05-14 22:58 - 2014-05-06 05:25 - 17382912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2014-05-14 22:58 - 2014-05-06 05:07 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb 2014-05-14 22:58 - 2014-05-06 05:00 - 00084992 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll 2014-05-14 22:58 - 2014-05-06 04:10 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll 2014-05-14 09:51 - 2014-05-09 08:14 - 00477184 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll 2014-05-14 09:51 - 2014-05-09 08:11 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll 2014-05-14 09:51 - 2014-03-25 04:43 - 14175744 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll 2014-05-14 09:51 - 2014-03-25 04:09 - 12874240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll 2014-05-14 09:50 - 2014-04-12 04:22 - 00155072 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys 2014-05-14 09:50 - 2014-04-12 04:22 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys 2014-05-14 09:50 - 2014-04-12 04:19 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll 2014-05-14 09:50 - 2014-04-12 04:19 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll 2014-05-14 09:50 - 2014-04-12 04:19 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe 2014-05-14 09:50 - 2014-04-12 04:19 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll 2014-05-14 09:50 - 2014-04-12 04:19 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll 2014-05-14 09:50 - 2014-04-12 04:12 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll 2014-05-14 09:50 - 2014-04-12 04:10 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll 2014-05-14 09:50 - 2014-03-04 11:47 - 05550016 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe 2014-05-14 09:50 - 2014-03-04 11:44 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll 2014-05-14 09:50 - 2014-03-04 11:44 - 00722944 _____ (Microsoft Corporation) C:\Windows\system32\objsel.dll 2014-05-14 09:50 - 2014-03-04 11:44 - 00424960 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll 2014-05-14 09:50 - 2014-03-04 11:44 - 00340992 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll 2014-05-14 09:50 - 2014-03-04 11:44 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll 2014-05-14 09:50 - 2014-03-04 11:44 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll 2014-05-14 09:50 - 2014-03-04 11:44 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll 2014-05-14 09:50 - 2014-03-04 11:44 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\wincredprovider.dll 2014-05-14 09:50 - 2014-03-04 11:43 - 00455168 _____ (Microsoft Corporation) C:\Windows\system32\winlogon.exe 2014-05-14 09:50 - 2014-03-04 11:43 - 00057344 _____ (Microsoft Corporation) C:\Windows\system32\cngprovider.dll 2014-05-14 09:50 - 2014-03-04 11:43 - 00056832 _____ (Microsoft Corporation) C:\Windows\system32\adprovider.dll 2014-05-14 09:50 - 2014-03-04 11:43 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\capiprovider.dll 2014-05-14 09:50 - 2014-03-04 11:43 - 00052736 _____ (Microsoft Corporation) C:\Windows\system32\dpapiprovider.dll 2014-05-14 09:50 - 2014-03-04 11:43 - 00044544 _____ (Microsoft Corporation) C:\Windows\system32\dimsroam.dll 2014-05-14 09:50 - 2014-03-04 11:43 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll 2014-05-14 09:50 - 2014-03-04 11:20 - 03969984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe 2014-05-14 09:50 - 2014-03-04 11:20 - 03914176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe 2014-05-14 09:50 - 2014-03-04 11:17 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll 2014-05-14 09:50 - 2014-03-04 11:17 - 00538112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\objsel.dll 2014-05-14 09:50 - 2014-03-04 11:17 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll 2014-05-14 09:50 - 2014-03-04 11:17 - 00247808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll 2014-05-14 09:50 - 2014-03-04 11:17 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll 2014-05-14 09:50 - 2014-03-04 11:17 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll 2014-05-14 09:50 - 2014-03-04 11:17 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cngprovider.dll 2014-05-14 09:50 - 2014-03-04 11:17 - 00049664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adprovider.dll 2014-05-14 09:50 - 2014-03-04 11:17 - 00048128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\capiprovider.dll 2014-05-14 09:50 - 2014-03-04 11:17 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dpapiprovider.dll 2014-05-14 09:50 - 2014-03-04 11:17 - 00036864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dimsroam.dll 2014-05-14 09:50 - 2014-03-04 11:17 - 00035328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wincredprovider.dll 2014-05-14 09:50 - 2014-03-04 11:17 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll 2014-05-14 09:50 - 2014-03-04 11:16 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll 2014-05-13 16:38 - 2014-05-23 15:58 - 00000000 ____D () C:\Program Files (x86)\RichMediaViewV1 2014-05-11 13:50 - 2014-05-26 15:29 - 00027212 _____ () C:\Windows\PFRO.log 2014-05-10 20:42 - 2014-05-10 20:42 - 00000000 ____D () C:\Users\Margit\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Lost Saga EU 2014-05-10 20:42 - 2014-05-10 20:42 - 00000000 ____D () C:\Program Files (x86)\NexonEU 2014-05-09 21:27 - 2014-05-09 21:27 - 00000000 __SHD () C:\Users\Margit\AppData\Local\EmieUserList 2014-05-09 21:27 - 2014-05-09 21:27 - 00000000 __SHD () C:\Users\Margit\AppData\Local\EmieSiteList 2014-05-09 19:58 - 2014-05-26 11:36 - 00000000 ____D () C:\Users\Margit\Desktop\Fusion FlyFF v19 2014-05-07 01:30 - 2014-05-15 09:05 - 00000000 ___SD () C:\Windows\system32\CompatTel 2014-05-04 18:33 - 2014-05-04 18:33 - 00003048 _____ () C:\Windows\System32\Tasks\{F42E840F-C5C0-4AE3-B967-3B87823AF4F0} 2014-05-03 22:36 - 2014-05-03 22:45 - 834385776 _____ () C:\Users\Margit\Documents\LostSagaEU_Full.exe 2014-05-03 22:34 - 2014-05-03 22:35 - 00000000 ____D () C:\Users\Margit\AppData\Local\Akamai 2014-05-01 22:03 - 2014-05-01 22:03 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\osu! 2014-05-01 17:42 - 2014-05-26 15:29 - 00002296 _____ () C:\Windows\setupact.log 2014-05-01 17:42 - 2014-05-01 17:42 - 00000000 _____ () C:\Windows\setuperr.log 2014-04-30 03:01 - 2014-03-06 10:32 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll 2014-04-30 03:00 - 2014-03-06 11:31 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll 2014-04-30 03:00 - 2014-03-06 10:59 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll 2014-04-30 03:00 - 2014-03-06 10:57 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll 2014-04-30 03:00 - 2014-03-06 10:57 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll 2014-04-30 03:00 - 2014-03-06 10:53 - 02767360 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2014-04-30 03:00 - 2014-03-06 10:40 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll 2014-04-30 03:00 - 2014-03-06 10:39 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll 2014-04-30 03:00 - 2014-03-06 10:29 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe 2014-04-30 03:00 - 2014-03-06 10:29 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe 2014-04-30 03:00 - 2014-03-06 10:28 - 00752640 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll 2014-04-30 03:00 - 2014-03-06 10:15 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe 2014-04-30 03:00 - 2014-03-06 10:11 - 05784064 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2014-04-30 03:00 - 2014-03-06 10:09 - 00453120 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll 2014-04-30 03:00 - 2014-03-06 10:03 - 00586240 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe 2014-04-30 03:00 - 2014-03-06 10:02 - 00455168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll 2014-04-30 03:00 - 2014-03-06 10:02 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll 2014-04-30 03:00 - 2014-03-06 10:01 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll 2014-04-30 03:00 - 2014-03-06 09:56 - 00038400 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll 2014-04-30 03:00 - 2014-03-06 09:48 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll 2014-04-30 03:00 - 2014-03-06 09:47 - 02178048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2014-04-30 03:00 - 2014-03-06 09:46 - 04254720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll 2014-04-30 03:00 - 2014-03-06 09:46 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll 2014-04-30 03:00 - 2014-03-06 09:45 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll 2014-04-30 03:00 - 2014-03-06 09:42 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll 2014-04-30 03:00 - 2014-03-06 09:40 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll 2014-04-30 03:00 - 2014-03-06 09:38 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe 2014-04-30 03:00 - 2014-03-06 09:36 - 00592896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll 2014-04-30 03:00 - 2014-03-06 09:22 - 00367616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll 2014-04-30 03:00 - 2014-03-06 09:21 - 00628736 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2014-04-30 03:00 - 2014-03-06 09:13 - 00032256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll 2014-04-30 03:00 - 2014-03-06 09:11 - 02043904 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl 2014-04-30 03:00 - 2014-03-06 09:07 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll 2014-04-30 03:00 - 2014-03-06 09:01 - 00244224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll 2014-04-30 03:00 - 2014-03-06 08:53 - 13551104 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2014-04-30 03:00 - 2014-03-06 08:46 - 00524288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll 2014-04-30 03:00 - 2014-03-06 08:40 - 01967104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl 2014-04-30 03:00 - 2014-03-06 08:36 - 11745792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2014-04-30 03:00 - 2014-03-06 08:22 - 02260480 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2014-04-30 03:00 - 2014-03-06 07:58 - 01400832 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2014-04-30 03:00 - 2014-03-06 07:50 - 00846336 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll 2014-04-30 03:00 - 2014-03-06 07:43 - 00704512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll 2014-04-30 03:00 - 2014-03-06 07:41 - 01789440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2014-04-30 03:00 - 2014-03-06 07:36 - 01143808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll ==================== One Month Modified Files and Folders ======= 2014-05-26 15:51 - 2014-05-26 09:59 - 02509712 _____ () C:\Users\Margit\Desktop\FRST.txt 2014-05-26 15:51 - 2014-05-16 19:10 - 00000000 ____D () C:\FRST 2014-05-26 15:44 - 2014-03-26 13:44 - 00000284 _____ () C:\Windows\Tasks\FF Watcher {9C240B47-73DD-4A6F-B0FE-B3D2076627A3}.job 2014-05-26 15:37 - 2009-07-14 06:45 - 00033344 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2014-05-26 15:37 - 2009-07-14 06:45 - 00033344 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2014-05-26 15:35 - 2014-05-23 15:45 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2014-05-26 15:35 - 2014-04-17 21:18 - 00016152 _____ () C:\Windows\system32\Drivers\SWDUMon.sys 2014-05-26 15:35 - 2014-04-17 21:18 - 00002840 _____ () C:\Windows\System32\Tasks\SlimDrivers Startup 2014-05-26 15:35 - 2014-04-17 21:18 - 00000412 _____ () C:\Windows\Tasks\SlimDrivers Startup.job 2014-05-26 15:35 - 2014-04-14 15:13 - 00000000 ____D () C:\Users\Margit\AppData\Local\HTC MediaHub 2014-05-26 15:35 - 2014-02-14 15:10 - 00001106 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore1cf29862a32b79d.job 2014-05-26 15:33 - 2012-12-17 11:33 - 01623074 _____ () C:\Windows\WindowsUpdate.log 2014-05-26 15:29 - 2014-05-11 13:50 - 00027212 _____ () C:\Windows\PFRO.log 2014-05-26 15:29 - 2014-05-01 17:42 - 00002296 _____ () C:\Windows\setupact.log 2014-05-26 15:29 - 2013-06-13 13:10 - 00065536 _____ () C:\Windows\system32\Ikeext.etl 2014-05-26 15:29 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2014-05-26 15:18 - 2012-12-17 14:21 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job 2014-05-26 14:19 - 2014-05-21 13:59 - 00000000 ____D () C:\AdwCleaner 2014-05-26 14:15 - 2014-05-26 14:15 - 01327971 _____ () C:\Users\Margit\Downloads\adwcleaner_3.211.exe 2014-05-26 14:14 - 2014-05-23 16:24 - 00000000 ____D () C:\Users\Margit\Desktop\Neuer Ordner (2) 2014-05-26 14:08 - 2014-05-26 13:16 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable) 2014-05-26 14:08 - 2014-05-26 13:15 - 00000000 ____D () C:\Users\Margit\Desktop\mbar 2014-05-26 13:59 - 2014-05-26 13:54 - 00176005 _____ () C:\Users\Margit\Desktop\Neues Textdokument (3).txt 2014-05-26 13:15 - 2014-05-26 13:14 - 12589848 _____ (Malwarebytes Corp.) C:\Users\Margit\Downloads\mbar-1.07.0.1009.exe 2014-05-26 13:15 - 2014-05-23 15:44 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys 2014-05-26 12:32 - 2013-06-23 16:46 - 00000000 ____D () C:\Program Files (x86)\Chromer 2014-05-26 11:39 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\tracing 2014-05-26 11:38 - 2013-02-16 19:14 - 00000000 ____D () C:\Users\Margit\AppData\Local\LogMeIn Hamachi 2014-05-26 11:37 - 2014-05-26 10:00 - 00042054 _____ () C:\Users\Margit\Desktop\Addition.txt 2014-05-26 11:36 - 2014-05-09 19:58 - 00000000 ____D () C:\Users\Margit\Desktop\Fusion FlyFF v19 2014-05-26 11:06 - 2012-12-17 11:54 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information 2014-05-26 11:05 - 2014-05-26 11:05 - 00000822 _____ () C:\Users\Public\Desktop\CCleaner.lnk 2014-05-26 11:05 - 2014-05-26 11:04 - 04748896 _____ (Piriform Ltd) C:\Users\Margit\Downloads\ccsetup414.exe 2014-05-26 11:05 - 2013-04-28 20:23 - 00002774 _____ () C:\Windows\System32\Tasks\CCleanerSkipUAC 2014-05-26 11:05 - 2013-04-28 20:23 - 00000000 ____D () C:\Program Files\CCleaner 2014-05-26 10:45 - 2014-04-17 20:56 - 00000000 ____D () C:\Program Files (x86)\Steam 2014-05-26 10:26 - 2014-02-20 17:07 - 00000000 ____D () C:\Program Files (x86)\Avira 2014-05-26 10:24 - 2014-05-26 10:24 - 00001268 _____ () C:\Users\Margit\Desktop\Revo Uninstaller.lnk 2014-05-26 10:24 - 2014-05-26 10:24 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group 2014-05-26 10:24 - 2014-05-26 10:23 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\Margit\Downloads\revosetup95.exe 2014-05-26 09:59 - 2014-05-26 09:59 - 00000000 ____D () C:\Users\Margit\Desktop\FRST-OlderVersion 2014-05-26 09:59 - 2014-05-16 19:09 - 02066944 _____ (Farbar) C:\Users\Margit\Desktop\FRST64.exe 2014-05-25 18:35 - 2014-05-25 18:35 - 00000000 _____ () C:\Users\Margit\Desktop\Neues Textdokument (2).txt 2014-05-25 18:02 - 2014-05-25 17:54 - 948329604 _____ () C:\Users\Margit\Downloads\Gates-of-Heaven DE.exe 2014-05-25 10:05 - 2014-05-25 10:05 - 05770445 _____ () C:\Users\Margit\Downloads\18pic10.rar 2014-05-25 03:22 - 2013-06-23 20:58 - 00000000 ____D () C:\Program Files\Microsoft Silverlight 2014-05-25 03:22 - 2013-06-23 20:58 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight 2014-05-25 03:05 - 2013-06-23 20:59 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight 2014-05-23 17:20 - 2014-05-23 17:20 - 00000000 ____D () C:\Users\Margit\AppData\Local\fabi.me 2014-05-23 17:18 - 2014-05-23 17:17 - 00094899 _____ () C:\Users\Margit\Downloads\SpeedAutoClicker.zip 2014-05-23 16:38 - 2014-05-23 16:38 - 02347384 _____ (ESET) C:\Users\Margit\Downloads\esetsmartinstaller_deu.exe 2014-05-23 16:38 - 2014-05-23 16:38 - 00000000 ____D () C:\Program Files (x86)\ESET 2014-05-23 16:35 - 2014-05-23 16:34 - 00022255 _____ () C:\Users\Margit\Downloads\mbam-log-2014-05-23 (16-25-17).xml 2014-05-23 16:06 - 2013-11-16 00:26 - 00000000 ____D () C:\Program Files (x86)\qualitink 2014-05-23 16:06 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\security 2014-05-23 15:58 - 2014-05-13 16:38 - 00000000 ____D () C:\Program Files (x86)\RichMediaViewV1 2014-05-23 15:58 - 2014-04-25 21:38 - 00000000 ____D () C:\Program Files (x86)\MediaBuzzV1 2014-05-23 15:44 - 2014-05-23 15:44 - 00001106 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk 2014-05-23 15:44 - 2014-05-23 15:44 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 2014-05-23 15:44 - 2014-05-23 15:44 - 00000000 ____D () C:\ProgramData\Malwarebytes 2014-05-23 15:44 - 2014-05-23 15:44 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 2014-05-23 14:20 - 2014-01-10 19:34 - 00000000 ____D () C:\Users\Margit\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome 2014-05-23 14:20 - 2013-05-01 12:11 - 00000997 _____ () C:\Users\Margit\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk 2014-05-23 14:20 - 2012-12-17 11:40 - 00000000 ___RD () C:\Users\Margit\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup 2014-05-23 14:20 - 2012-12-17 11:39 - 00000000 ____D () C:\Users\Margit 2014-05-23 07:08 - 2014-04-23 17:06 - 00167936 ___SH () C:\Users\Margit\Desktop\Thumbs.db 2014-05-22 19:18 - 2014-02-06 17:57 - 00002175 _____ () C:\Users\Public\Desktop\Google Chrome.lnk 2014-05-22 10:01 - 2014-03-09 21:49 - 00000000 ____D () C:\Users\Margit\AppData\Roaming\Spotify 2014-05-21 16:24 - 2009-07-14 04:34 - 00000568 _____ () C:\Windows\win.ini 2014-05-21 16:19 - 2014-05-21 16:19 - 00000000 ____D () C:\Windows\ERUNT 2014-05-21 13:59 - 2014-04-22 18:58 - 00000000 ____D () C:\Users\Margit\Desktop\benny bewerbung 2014-05-20 13:14 - 2012-12-17 20:27 - 00699432 _____ () C:\Windows\system32\perfh007.dat 2014-05-20 13:14 - 2012-12-17 20:27 - 00149572 _____ () C:\Windows\system32\perfc007.dat 2014-05-20 13:14 - 2009-07-14 07:13 - 01620684 _____ () C:\Windows\system32\PerfStringBackup.INI 2014-05-20 07:49 - 2009-07-14 07:08 - 00032632 _____ () C:\Windows\Tasks\SCHEDLGU.TXT 2014-05-15 12:54 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\rescache 2014-05-15 09:10 - 2012-12-17 11:40 - 00000000 ___RD () C:\Users\Margit\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools 2014-05-15 09:05 - 2014-05-07 01:30 - 00000000 ___SD () C:\Windows\system32\CompatTel 2014-05-15 09:05 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\PolicyDefinitions 2014-05-14 22:58 - 2013-07-13 03:09 - 00000000 ____D () C:\Windows\system32\MRT 2014-05-14 22:56 - 2012-12-17 13:29 - 93223848 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe 2014-05-13 21:18 - 2012-12-17 14:21 - 00692400 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2014-05-13 21:18 - 2012-12-17 14:21 - 00070832 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2014-05-13 21:18 - 2012-12-17 14:21 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater 2014-05-13 16:38 - 2014-03-22 22:38 - 00000718 __RSH () C:\ProgramData\ntuser.pol 2014-05-12 07:26 - 2014-05-23 15:44 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys 2014-05-12 07:25 - 2014-05-23 15:44 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys 2014-05-11 01:39 - 2012-12-21 12:53 - 00000000 ____D () C:\Users\Margit\AppData\Roaming\Skype 2014-05-10 20:42 - 2014-05-10 20:42 - 00000000 ____D () C:\Users\Margit\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Lost Saga EU 2014-05-10 20:42 - 2014-05-10 20:42 - 00000000 ____D () C:\Program Files (x86)\NexonEU 2014-05-10 14:37 - 2013-04-15 21:52 - 00000000 ____D () C:\Users\Margit\AppData\Local\Spotify 2014-05-10 12:31 - 2012-12-17 11:51 - 00001110 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2014-05-09 21:27 - 2014-05-09 21:27 - 00000000 __SHD () C:\Users\Margit\AppData\Local\EmieUserList 2014-05-09 21:27 - 2014-05-09 21:27 - 00000000 __SHD () C:\Users\Margit\AppData\Local\EmieSiteList 2014-05-09 20:20 - 2014-04-05 16:47 - 00003854 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore1cf29862a32b79d 2014-05-09 20:20 - 2012-12-17 11:51 - 00004108 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA 2014-05-09 08:14 - 2014-05-14 09:51 - 00477184 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll 2014-05-09 08:11 - 2014-05-14 09:51 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll 2014-05-06 06:40 - 2014-05-14 22:58 - 23544320 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2014-05-06 06:17 - 2014-05-14 22:58 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2014-05-06 05:25 - 2014-05-14 22:58 - 17382912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2014-05-06 05:07 - 2014-05-14 22:58 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb 2014-05-06 05:00 - 2014-05-14 22:58 - 00084992 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll 2014-05-06 04:10 - 2014-05-14 22:58 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll 2014-05-04 18:33 - 2014-05-04 18:33 - 00003048 _____ () C:\Windows\System32\Tasks\{F42E840F-C5C0-4AE3-B967-3B87823AF4F0} 2014-05-03 22:45 - 2014-05-03 22:36 - 834385776 _____ () C:\Users\Margit\Documents\LostSagaEU_Full.exe 2014-05-03 22:35 - 2014-05-03 22:34 - 00000000 ____D () C:\Users\Margit\AppData\Local\Akamai 2014-05-03 20:11 - 2014-04-20 02:54 - 00000637 _____ () C:\attach.ini 2014-05-03 19:46 - 2014-04-20 02:54 - 00000417 _____ () C:\mapui.ini 2014-05-02 14:47 - 2012-12-21 18:45 - 00000000 ____D () C:\Users\Margit\Desktop\NosTale 2014-05-01 22:03 - 2014-05-01 22:03 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\osu! 2014-05-01 17:42 - 2014-05-01 17:42 - 00000000 _____ () C:\Windows\setuperr.log 2014-04-30 17:32 - 2014-04-25 17:33 - 00000000 ____D () C:\Users\Margit\AppData\Roaming\.minecraft 2014-04-29 18:44 - 2012-12-21 12:53 - 00000000 ___RD () C:\Program Files (x86)\Skype Files to move or delete: ==================== C:\Users\Margit\Desktopasdasd.exe C:\Users\Margit\S4_League.exe Some content of TEMP: ==================== C:\Users\Margit\AppData\Local\Temp\avgnt.exe C:\Users\Margit\AppData\Local\Temp\Quarantine.exe ==================== Bamital & volsnap Check ================= C:\Windows\System32\winlogon.exe => MD5 is legit C:\Windows\System32\wininit.exe => MD5 is legit C:\Windows\SysWOW64\wininit.exe => MD5 is legit C:\Windows\explorer.exe => MD5 is legit C:\Windows\SysWOW64\explorer.exe => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\SysWOW64\svchost.exe => MD5 is legit C:\Windows\System32\services.exe => MD5 is legit C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\SysWOW64\User32.dll => MD5 is legit C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\SysWOW64\userinit.exe => MD5 is legit C:\Windows\System32\rpcss.dll => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit LastRegBack: 2014-05-26 12:29 ==================== End Of Log ============================ |
|
26.05.2014, 14:58
| #51 |
| /// Malwareteam | Maus Klick 2x statt 1x/ Google Chrome öffnet Ads trotz Adblock pro du hast da einiges im Logfile was ich genauer Recherchieren möchte und muss. Daher würde ich mich später bei dir mit weiteren Anweisung melden.
__________________ --> Maus Klick 2x statt 1x/ Google Chrome öffnet Ads trotz Adblock pro |
|
26.05.2014, 15:17
| #52 |
| /// Malwareteam | Maus Klick 2x statt 1x/ Google Chrome öffnet Ads trotz Adblock pro Arbeitest du mit dem Annonymisierungsprogramm TOR? |
|
26.05.2014, 15:48
| #53 |
| | Maus Klick 2x statt 1x/ Google Chrome öffnet Ads trotz Adblock pro Nein ich arbeite nicht mit diesem Programm Beziehungsweise was ist das? Mein Bruder ist auch sehr oft an meinem Pc wie ich ihnen ja gesagt habe also könnte es sein das er damit Arbeitet.  |
|
27.05.2014, 08:29
| #54 |
| /// Malwareteam | Maus Klick 2x statt 1x/ Google Chrome öffnet Ads trotz Adblock pro hi guten Morgen. Gut danke für die Information... Hier ein Link zu TOR: Tor (Netzwerk) ? Wikipedia Schritt 1: Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster. Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument Code:
ATTFilter SearchScopes: HKLM - {52db1893-8a90-4192-aede-08e00b8f8473} URL = hxxp://dts.search.ask.com/sr?src=ieb&gct=ds&appid=103&systemid=473&v=a12627-231&apn_uid=1409679344264255&apn_dtid=BND101&o=APN10640&apn_ptnrs=AG1&q={searchTerms}
SearchScopes: HKCU - 22EA1A12B3E24133B4CA4C7B0B813C8D URL = hxxp://search.conduit.com/Results.aspx?ctid=CT3314958&octid=EB_ORIGINAL_CTID&SearchSource=58&CUI=&UM=2&UP=SP263FBD7A-DDBA-474A-BBD4-F66725079B11&q={searchTerms}
SearchScopes: HKCU - D69E9EE4B4C84532AC514227F15EED0C URL = hxxp://feed.snapdo.com/?publisher=VertiTechnologyYB&dpid=VertiTechnologyYB&co=DE&userid=44264814-f76a-4edf-a8dd-c26e4f5313e9&searchtype=ds&q={searchTerms}&installDate=01/01/1970
SearchScopes: HKCU - {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL =
SearchScopes: HKCU - {856F3102-7FB0-4CD9-A33C-C59566A25268} URL = hxxp://search.ividi.org/?q={searchTerms}&src=tbsp&id=ea1b6174000000000000001f3f0b7467&affilt=3&r=360
HKU\S-1-5-21-3413827966-1155256820-1680526860-1000\...\Run: [tmp710D] => wscript.exe //B "C:\Users\Margit\AppData\Roaming\tmp710D.tmp.vbs"
HKU\S-1-5-21-3413827966-1155256820-1680526860-1000\...\Run: [tmp92DF] => wscript.exe //B "C:\Users\Margit\AppData\Roaming\tmp92DF.tmp.vbs"
HKU\S-1-5-21-3413827966-1155256820-1680526860-1000\...\Run: [tmp7F5F] => wscript.exe //B "C:\Users\Margit\AppData\Roaming\tmp7F5F.tmp.vbs"
HKU\S-1-5-21-3413827966-1155256820-1680526860-1000\...\RunOnce: [Application Restart #1] - C:\Users\Margit\AppData\Local\Pokki\Engine\pokki.exe --disable-internal-flash --noerrdialogs --no-message-box --disable-extensions --disable-web-security --disable-web-resources --disable-client-side-phishing-detection --enable-file-cookies --disable-sync --disable-breakpad --disable-bundled-ppapi-flash --disable-sync-tabs --disable-speech-input --disable-custom-jumplist --process-per-tab --debug-devtools-frontend="C:\Users\Margit\AppData\Local\Pokki\Engine\inspector" --no-first-run --lang=en-US --disable-component-update --disable-prompt-on-repost --no-startup-window --disable-translate --disable-logging --disable-desktop-notifications --disable-gpu-process-prelaunch --flag-switches-begin --flag-switches-end --restore-last-session
C:\Users\Margit\AppData\Local\Pokki\Engine\pokki.exe
C:\Users\Margit\AppData\Roaming\tmp710D.tmp.vbs
C:\Users\Margit\AppData\Roaming\tmp92DF.tmp.vbs
C:\Users\Margit\AppData\Roaming\tmp7F5F.tmp.vbs
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
S3 X6va011; \??\C:\Windows\SysWOW64\Drivers\X6va011 [X]
S3 X6va012; \??\C:\Windows\SysWOW64\Drivers\X6va012 [X]
S3 X6va013; \??\C:\Windows\SysWOW64\Drivers\X6va013 [X]
S3 X6va015; \??\C:\Windows\SysWOW64\Drivers\X6va015 [X]
S3 X6va016; \??\C:\Windows\SysWOW64\Drivers\X6va016 [X]
C:\Windows\SysWOW64\Drivers\X6va011
C:\Windows\SysWOW64\Drivers\X6va012
C:\Windows\SysWOW64\Drivers\X6va013
C:\Windows\SysWOW64\Drivers\X6va015
C:\Windows\SysWOW64\Drivers\X6va016
CHR DefaultSearchKeyword: ask.com
CHR DefaultSearchProvider: Ask.com
CHR DefaultSearchURL: hxxp://dts.search.ask.com/sr?src=crb&gct=ds&appid=103&systemid=473&v=a12627-231&apn_uid=1409679344264255&apn_dtid=BND101&o=APN10640&apn_ptnrs=AG1&q={searchTerms}
Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
Schritt 2: erstelle ein neues FRST Logfile und poste es hier. Schritt 3: Teile mir mit, ob sich das verhalten deines Rechners verändert... wird er schneller? Kläre bitte mit deinem Bruder ob er Tor kennt und auf dem REchner genutzt hat. Wenn nein entfernen wir die Proxy-Einstellungen. |
|
27.05.2014, 12:12
| #55 |
| | Maus Klick 2x statt 1x/ Google Chrome öffnet Ads trotz Adblock proCode:
ATTFilter Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 25-05-2014 02
Ran by Margit at 2014-05-27 13:02:08 Run:2
Running from C:\Users\Margit\Desktop
Boot Mode: Normal
==============================================
Content of fixlist:
*****************
SearchScopes: HKLM - {52db1893-8a90-4192-aede-08e00b8f8473} URL = hxxp://dts.search.ask.com/sr?src=ieb&gct=ds&appid=103&systemid=473&v=a12627-231&apn_uid=1409679344264255&apn_dtid=BND101&o=APN10640&apn_ptnrs=AG1&q={searchTerms}
SearchScopes: HKCU - 22EA1A12B3E24133B4CA4C7B0B813C8D URL = hxxp://search.conduit.com/Results.aspx?ctid=CT3314958&octid=EB_ORIGINAL_CTID&SearchSource=58&CUI=&UM=2&UP=SP263FBD7A-DDBA-474A-BBD4-F66725079B11&q={searchTerms}
SearchScopes: HKCU - D69E9EE4B4C84532AC514227F15EED0C URL = hxxp://feed.snapdo.com/?publisher=VertiTechnologyYB&dpid=VertiTechnologyYB&co=DE&userid=44264814-f76a-4edf-a8dd-c26e4f5313e9&searchtype=ds&q={searchTerms}&installDate=01/01/1970
SearchScopes: HKCU - {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL =
SearchScopes: HKCU - {856F3102-7FB0-4CD9-A33C-C59566A25268} URL = hxxp://search.ividi.org/?q={searchTerms}&src=tbsp&id=ea1b6174000000000000001f3f0b7467&affilt=3&r=360
HKU\S-1-5-21-3413827966-1155256820-1680526860-1000\...\Run: [tmp710D] => wscript.exe //B "C:\Users\Margit\AppData\Roaming\tmp710D.tmp.vbs"
HKU\S-1-5-21-3413827966-1155256820-1680526860-1000\...\Run: [tmp92DF] => wscript.exe //B "C:\Users\Margit\AppData\Roaming\tmp92DF.tmp.vbs"
HKU\S-1-5-21-3413827966-1155256820-1680526860-1000\...\Run: [tmp7F5F] => wscript.exe //B "C:\Users\Margit\AppData\Roaming\tmp7F5F.tmp.vbs"
HKU\S-1-5-21-3413827966-1155256820-1680526860-1000\...\RunOnce: [Application Restart #1] - C:\Users\Margit\AppData\Local\Pokki\Engine\pokki.exe --disable-internal-flash --noerrdialogs --no-message-box --disable-extensions --disable-web-security --disable-web-resources --disable-client-side-phishing-detection --enable-file-cookies --disable-sync --disable-breakpad --disable-bundled-ppapi-flash --disable-sync-tabs --disable-speech-input --disable-custom-jumplist --process-per-tab --debug-devtools-frontend="C:\Users\Margit\AppData\Local\Pokki\Engine\inspector" --no-first-run --lang=en-US --disable-component-update --disable-prompt-on-repost --no-startup-window --disable-translate --disable-logging --disable-desktop-notifications --disable-gpu-process-prelaunch --flag-switches-begin --flag-switches-end --restore-last-session
C:\Users\Margit\AppData\Local\Pokki\Engine\pokki.exe
C:\Users\Margit\AppData\Roaming\tmp710D.tmp.vbs
C:\Users\Margit\AppData\Roaming\tmp92DF.tmp.vbs
C:\Users\Margit\AppData\Roaming\tmp7F5F.tmp.vbs
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
S3 X6va011; \??\C:\Windows\SysWOW64\Drivers\X6va011 [X]
S3 X6va012; \??\C:\Windows\SysWOW64\Drivers\X6va012 [X]
S3 X6va013; \??\C:\Windows\SysWOW64\Drivers\X6va013 [X]
S3 X6va015; \??\C:\Windows\SysWOW64\Drivers\X6va015 [X]
S3 X6va016; \??\C:\Windows\SysWOW64\Drivers\X6va016 [X]
C:\Windows\SysWOW64\Drivers\X6va011
C:\Windows\SysWOW64\Drivers\X6va012
C:\Windows\SysWOW64\Drivers\X6va013
C:\Windows\SysWOW64\Drivers\X6va015
C:\Windows\SysWOW64\Drivers\X6va016
CHR DefaultSearchKeyword: ask.com
CHR DefaultSearchProvider: Ask.com
CHR DefaultSearchURL: hxxp://dts.search.ask.com/sr?src=crb&gct=ds&appid=103&systemid=473&v=a12627-231&apn_uid=1409679344264255&apn_dtid=BND101&o=APN10640&apn_ptnrs=AG1&q={searchTerms}
*****************
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{52db1893-8a90-4192-aede-08e00b8f8473} => Key deleted successfully.
HKCR\CLSID\{52db1893-8a90-4192-aede-08e00b8f8473} => Key not found.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\22EA1A12B3E24133B4CA4C7B0B813C8D => Key deleted successfully.
HKCR\CLSID\22EA1A12B3E24133B4CA4C7B0B813C8D => Key not found.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\D69E9EE4B4C84532AC514227F15EED0C => Key deleted successfully.
HKCR\CLSID\D69E9EE4B4C84532AC514227F15EED0C => Key not found.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990} => Key deleted successfully.
HKCR\CLSID\{6A1806CD-94D4-4689-BA73-E35EA1EA9990} => Key not found.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{856F3102-7FB0-4CD9-A33C-C59566A25268} => Key deleted successfully.
HKCR\CLSID\{856F3102-7FB0-4CD9-A33C-C59566A25268} => Key not found.
HKU\S-1-5-21-3413827966-1155256820-1680526860-1000\Software\Microsoft\Windows\CurrentVersion\Run\\tmp710D => Value deleted successfully.
HKU\S-1-5-21-3413827966-1155256820-1680526860-1000\Software\Microsoft\Windows\CurrentVersion\Run\\tmp92DF => Value deleted successfully.
HKU\S-1-5-21-3413827966-1155256820-1680526860-1000\Software\Microsoft\Windows\CurrentVersion\Run\\tmp7F5F => Value deleted successfully.
HKU\S-1-5-21-3413827966-1155256820-1680526860-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce\\Application Restart #1 => Value deleted successfully.
"C:\Users\Margit\AppData\Local\Pokki\Engine\pokki.exe" => File/Directory not found.
"C:\Users\Margit\AppData\Roaming\tmp710D.tmp.vbs" => File/Directory not found.
"C:\Users\Margit\AppData\Roaming\tmp92DF.tmp.vbs" => File/Directory not found.
"C:\Users\Margit\AppData\Roaming\tmp7F5F.tmp.vbs" => File/Directory not found.
C:\Windows\system32\GroupPolicy\Machine => Moved successfully.
C:\Windows\system32\GroupPolicy\GPT.ini => Moved successfully.
X6va011 => Service deleted successfully.
X6va012 => Service deleted successfully.
X6va013 => Service deleted successfully.
X6va015 => Service deleted successfully.
X6va016 => Service deleted successfully.
"C:\Windows\SysWOW64\Drivers\X6va011" => File/Directory not found.
"C:\Windows\SysWOW64\Drivers\X6va012" => File/Directory not found.
"C:\Windows\SysWOW64\Drivers\X6va013" => File/Directory not found.
"C:\Windows\SysWOW64\Drivers\X6va015" => File/Directory not found.
"C:\Windows\SysWOW64\Drivers\X6va016" => File/Directory not found.
CHR DefaultSearchKeyword: ask.com ==> The Chrome "Settings" can be used to fix the entry.
CHR DefaultSearchProvider: Ask.com ==> The Chrome "Settings" can be used to fix the entry.
CHR DefaultSearchURL: hxxp://dts.search.ask.com/sr?src=crb&gct=ds&appid=103&systemid=473&v=a12627-231&apn_uid=1409679344264255&apn_dtid=BND101&o=APN10640&apn_ptnrs=AG1&q={searchTerms} ==> The Chrome "Settings" can be used to fix the entry.
The system needed a reboot.
==== End of Fixlog ====
FRST Logfile: FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 25-05-2014 02 Ran by Margit (administrator) on JUSTIN-PC on 27-05-2014 13:07:09 Running from C:\Users\Margit\Desktop Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: German Standard Internet Explorer Version 11 Boot Mode: Normal ==================== Processes (Whitelisted) ================= (AMD) C:\Windows\System32\atiesrxx.exe (AMD) C:\Windows\System32\atieclxx.exe (SurfRight B.V.) C:\Program Files\HitmanPro\hmpsched.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe (AVM Berlin) C:\Program Files (x86)\avmwlanstick\WLanNetService.exe (Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe (Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe (Nero AG) C:\Program Files (x86)\HTC\HTC Sync Manager\HSMServiceEntry.exe (LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe (Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe (SlimWare Utilities, Inc.) C:\Program Files (x86)\SlimDrivers\SlimDrivers.exe () C:\Program Files (x86)\HTC\HTC Sync Manager\HTC Sync\adb.exe (Spotify Ltd) C:\Users\Margit\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe (Akamai Technologies, Inc.) C:\Users\Margit\AppData\Local\Akamai\netsession_win.exe (Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe (AVM Berlin) C:\Program Files (x86)\avmwlanstick\WLanGUI.exe (Akamai Technologies, Inc.) C:\Users\Margit\AppData\Local\Akamai\netsession_win.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe (Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe () C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe () C:\Windows\SysWOW64\PnkBstrA.exe (Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe (LogMeIn Inc.) C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe (LogMeIn Inc.) C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe (ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe (Nero AG) C:\Program Files (x86)\Nero\Update\NASvc.exe ==================== Registry (Whitelisted) ================== HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated) HKLM-x32\...\Run: [AVMWlanClient] => C:\Program Files (x86)\avmwlanstick\wlangui.exe [1904640 2009-03-20] (AVM Berlin) HKLM-x32\...\Run: [tmp92DF] => wscript.exe //B "C:\Users\Margit\AppData\Roaming\tmp92DF.tmp.vbs" HKLM-x32\...\Run: [tmp7F5F] => wscript.exe //B "C:\Users\Margit\AppData\Roaming\tmp7F5F.tmp.vbs" HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [689744 2014-02-14] (Avira Operations GmbH & Co. KG) HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [642304 2013-04-30] (Advanced Micro Devices, Inc.) HKLM-x32\...\Run: [AMD AVT] => C:\Program Files (x86)\AMD AVT\bin\kdbsync.exe [20992 2012-03-19] () HKU\S-1-5-21-3413827966-1155256820-1680526860-1000\...\Run: [Steam] => "C:\Program Files (x86)\Steam\steam.exe" -silent HKU\S-1-5-21-3413827966-1155256820-1680526860-1000\...\Run: [Spotify Web Helper] => C:\Users\Margit\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1176632 2014-05-13] (Spotify Ltd) HKU\S-1-5-21-3413827966-1155256820-1680526860-1000\...\Run: [Akamai NetSession Interface] => C:\Users\Margit\AppData\Local\Akamai\netsession_win.exe [4672920 2014-04-17] (Akamai Technologies, Inc.) HKU\S-1-5-21-3413827966-1155256820-1680526860-1000\...\Policies\Explorer: [NoDriveTypeAutoRun] 0x91000000 HKU\S-1-5-21-3413827966-1155256820-1680526860-1000\...\Policies\Explorer: [DisallowRun] 1 HKU\S-1-5-21-3413827966-1155256820-1680526860-1000\...\MountPoints2: {2bbf67ef-4872-11e2-abca-806e6f6e6963} - G:\pushinst.exe HKU\S-1-5-21-3413827966-1155256820-1680526860-1000\...\MountPoints2: {56d2ac12-482c-11e2-b9a4-806e6f6e6963} - E:\Setup\Setup.exe HKU\S-1-5-21-3413827966-1155256820-1680526860-1000\...\MountPoints2: {79c16e3d-9319-11e3-9d8b-001f3f0b7467} - G:\HTC_Sync_Manager_PC.exe HKU\S-1-5-21-3413827966-1155256820-1680526860-1000\...\MountPoints2: {90bbfc16-9f7a-11e3-a1e1-001f3f0b7467} - G:\HTC_Sync_Manager_PC.exe HKU\S-1-5-21-3413827966-1155256820-1680526860-1000\...\MountPoints2: {ba1eb395-7797-11e3-bf2e-001f3f0b7467} - G:\Startme.exe ==================== Internet (Whitelisted) ==================== ProxyServer: http=127.0.0.1:8118;https=127.0.0.1:8118 HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com/ie HKCU\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.giga.de/ hxxp://www.giga.de/software/ StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO: Skype add-on for Internet Explorer - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation) BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO-x32: Skype Browser Helper - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation) BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) Toolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation) Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation) Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies) Tcpip\Parameters: [DhcpNameServer] 192.168.0.1 FireFox: ======== FF ProfilePath: C:\Users\Margit\AppData\Roaming\Mozilla\Firefox\Profiles\qmvnd1sk.default FF NetworkProxy: " type", 1);user_pref("network.proxy.http", "127.0.0.1");user_pref("network.proxy.http_port", 8118);user_pref("network.proxy.ssl", "127.0.0.1");user_pref("network.proxy.ssl_port", 8118 FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_13_0_0_214.dll () FF Plugin: @java.com/DTPlugin,version=10.25.2 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=10.25.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation) FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_214.dll () FF Plugin-x32: @adobe.com/ShockwavePlayer - C:\Windows\system32\Adobe\Director\np32dsw_1210150.dll No File FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 - C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.) FF Plugin-x32: @java.com/DTPlugin,version=10.25.2 - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=10.25.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation) FF Plugin-x32: @pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll No File FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF Plugin HKCU: @lightspark.github.com/Lightspark;version=1 - C:\Program Files (x86)\Lightspark 0.5.3-git\nplightsparkplugin.dll No File FF Plugin HKCU: @unity3d.com/UnityPlayer,version=1.0 - C:\Users\Margit\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS) FF Plugin HKCU: ubisoft.com/uplaypc - C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll No File FF Extension: Amazon-Icon - C:\Users\Margit\AppData\Roaming\Mozilla\Firefox\Profiles\qmvnd1sk.default\Extensions\amazon-icon@giga.de [2014-02-02] FF Extension: Firefox Update Hotfix - C:\Users\Margit\AppData\Roaming\Mozilla\Firefox\Profiles\qmvnd1sk.default\Extensions\firefox-hotfix@mozilla.org [2013-10-20] FF Extension: qualitink - C:\Users\Margit\AppData\Roaming\Mozilla\Firefox\Profiles\qmvnd1sk.default\Extensions\firefox@qualitink.net [2013-11-16] FF Extension: No Name - C:\Users\Margit\AppData\Roaming\Mozilla\Firefox\Profiles\qmvnd1sk.default\Extensions\staged [2014-02-02] FF Extension: Firefox Update Hotfix - C:\Users\Margit\AppData\Roaming\Mozilla\Firefox\Profiles\qmvnd1sk.default\Extensions\firefox-hotfix@mozilla.org.xpi [2013-10-20] FF HKCU\...\Firefox\Extensions: [addlyrics@addlyrics.net] - C:\Program Files (x86)\AddLyrics\FF\ FF HKCU\...\Firefox\Extensions: [{4444b3b9-67e2-4ab0-b4b6-2ed87c311594}] - C:\Program Files (x86)\Re-Markable\150.xpi Chrome: ======= CHR HomePage: CHR DefaultSearchKeyword: ask.com CHR DefaultSearchProvider: Ask.com CHR DefaultSearchURL: hxxp://dts.search.ask.com/sr?src=crb&gct=ds&appid=103&systemid=473&v=a12627-231&apn_uid=1409679344264255&apn_dtid=BND101&o=APN10640&apn_ptnrs=AG1&q={searchTerms} CHR DefaultNewTabURL: CHR Extension: (Google Drive) - C:\Users\Margit\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-03-27] CHR Extension: (YouTube) - C:\Users\Margit\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-03-27] CHR Extension: (Google-Suche) - C:\Users\Margit\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-03-27] CHR Extension: (AdBlock Premium) - C:\Users\Margit\AppData\Local\Google\Chrome\User Data\Default\Extensions\fndlhnanhedoklpdaacidomdnplcjcpj [2014-05-25] CHR Extension: (Google Wallet) - C:\Users\Margit\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-21] CHR Extension: (Google Mail) - C:\Users\Margit\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-03-27] CHR HKCU\...\Chrome\Extension: [dapejillpcnbpfidhfkpidklcombbmel] - C:\Users\Margit\AppData\Local\CRE\dapejillpcnbpfidhfkpidklcombbmel.crx [2014-03-27] CHR HKLM-x32\...\Chrome\Extension: [dapejillpcnbpfidhfkpidklcombbmel] - C:\Users\Margit\AppData\Local\CRE\dapejillpcnbpfidhfkpidklcombbmel.crx [2014-03-27] CHR HKLM-x32\...\Chrome\Extension: [hfimjncgpflkpkhbnnblhblobjjjhjhd] - C:\Program Files (x86)\qualitink\hfimjncgpflkpkhbnnblhblobjjjhjhd.crx [2014-03-27] CHR HKLM-x32\...\Chrome\Extension: [jpfpfhlafnadialopcnmpnnonkoncnej] - C:\Program Files (x86)\MediaBuzzV1\MediaBuzzV1mode3625\ch\MediaBuzzV1mode3625.crx [2014-03-27] CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2014-04-11] CHR HKLM-x32\...\Chrome\Extension: [ljkcijnbckdflhifmbnfnkjacokloacf] - C:\Program Files (x86)\qualitink\ljkcijnbckdflhifmbnfnkjacokloacf.crx [2014-04-11] CHR HKLM-x32\...\Chrome\Extension: [oeajfgfbfkoagohfgaimemkippdnedli] - C:\Program Files (x86)\RichMediaViewV1\RichMediaViewV1release393\ch\RichMediaViewV1release393.crx [2014-04-11] ==================== Services (Whitelisted) ================= R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [361984 2013-04-29] (Advanced Micro Devices, Inc.) R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [440400 2014-02-14] (Avira Operations GmbH & Co. KG) R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [440400 2014-02-14] (Avira Operations GmbH & Co. KG) R2 AsSysCtrlService; C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe [96896 2009-12-29] (ASUSTeK Computer Inc.) R2 AVM WLAN Connection Service; C:\Program Files (x86)\avmwlanstick\WlanNetService.exe [368640 2009-03-20] (AVM Berlin) R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390720 2014-04-11] (Microsoft Corporation) R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1764992 2014-04-11] (Microsoft Corporation) R2 HitmanProScheduler; C:\Program Files\HitmanPro\hmpsched.exe [127752 2014-03-28] (SurfRight B.V.) R2 HTCMonitorService; C:\Program Files (x86)\HTC\HTC Sync Manager\HSMServiceEntry.exe [87368 2013-11-18] (Nero AG) R2 LMIGuardianSvc; C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe [377616 2014-02-26] (LogMeIn, Inc.) R2 MBAMScheduler; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe [1809720 2014-05-12] (Malwarebytes Corporation) R2 MBAMService; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [860472 2014-05-12] (Malwarebytes Corporation) R2 PassThru Service; C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [166912 2013-10-17] () R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76888 2013-09-15] () S2 System Update kb77600; C:\Windows\Microsoft\System Update kb77600\WindowsUpdater.exe [17920 2014-03-19] () S2 TuneUp.UtilitiesSvc; "C:\Program Files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesService64.exe" [X] ==================== Drivers (Whitelisted) ==================== R2 AODDriver4.1; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [53888 2012-03-05] (Advanced Micro Devices) R1 AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [13440 2010-08-25] () R1 AsUpIO; C:\Windows\SysWow64\drivers\AsUpIO.sys [13368 2009-07-07] () R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [108440 2014-02-14] (Avira Operations GmbH & Co. KG) R1 avgtp; C:\Windows\system32\drivers\avgtpx64.sys [45856 2013-06-08] (AVG Technologies) R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [131576 2014-02-14] (Avira Operations GmbH & Co. KG) R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2014-02-14] (Avira Operations GmbH & Co. KG) S3 avmeject; C:\Windows\System32\drivers\avmeject.sys [14120 2009-03-20] (AVM Berlin) S3 drvr; C:\Windows\SysWOW64\drivers\drvr.sys [8704 2010-03-09] () R3 FWLANUSB; C:\Windows\System32\DRIVERS\fwlanusb.sys [460800 2009-03-20] (AVM GmbH) S3 HtcVCom32; C:\Windows\System32\DRIVERS\HtcVComV64.sys [121800 2010-03-09] (QUALCOMM Incorporated) R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-05-12] (Malwarebytes Corporation) R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [122584 2014-05-27] (Malwarebytes Corporation) R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-05-12] (Malwarebytes Corporation) R3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [15416 2009-07-18] () R1 netfilter64; C:\Windows\System32\drivers\netfilter64.sys [61592 2013-12-17] (NetFilterSDK.com) R2 npf; C:\Windows\System32\drivers\npf.sys [35344 2011-02-11] (CACE Technologies, Inc.) R1 Serial; C:\Windows\System32\DRIVERS\serial.sys [94208 2009-07-14] (Brother Industries Ltd.) S3 SWDUMon; C:\Windows\System32\DRIVERS\SWDUMon.sys [16152 2014-05-27] () S3 taphss6; C:\Windows\System32\DRIVERS\taphss6.sys [42184 2013-10-16] (Anchorfree Inc.) R1 {50c078f1-4117-4aad-852a-0b3bbfb46b18}Gw64; C:\Windows\System32\drivers\{50c078f1-4117-4aad-852a-0b3bbfb46b18}Gw64.sys [61112 2014-04-24] (StdLib) S3 ALSysIO; \??\C:\Users\Margit\AppData\Local\Temp\ALSysIO64.sys [X] S3 Andbus; system32\DRIVERS\lgandbus64.sys [X] S3 AndDiag; system32\DRIVERS\lganddiag64.sys [X] S3 AndGps; system32\DRIVERS\lgandgps64.sys [X] S3 ANDModem; system32\DRIVERS\lgandmodem64.sys [X] S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [X] S3 TuneUpUtilitiesDrv; \??\C:\Program Files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesDriver64.sys [X] S3 xhunter1; \??\C:\Windows\xhunter1.sys [X] ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2014-05-26 14:15 - 2014-05-26 14:15 - 01327971 _____ () C:\Users\Margit\Downloads\adwcleaner_3.211.exe 2014-05-26 13:54 - 2014-05-26 13:59 - 00176005 _____ () C:\Users\Margit\Desktop\Neues Textdokument (3).txt 2014-05-26 13:16 - 2014-05-26 14:08 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable) 2014-05-26 13:15 - 2014-05-26 14:08 - 00000000 ____D () C:\Users\Margit\Desktop\mbar 2014-05-26 13:14 - 2014-05-26 13:15 - 12589848 _____ (Malwarebytes Corp.) C:\Users\Margit\Downloads\mbar-1.07.0.1009.exe 2014-05-26 11:05 - 2014-05-26 11:05 - 00000822 _____ () C:\Users\Public\Desktop\CCleaner.lnk 2014-05-26 11:04 - 2014-05-26 11:05 - 04748896 _____ (Piriform Ltd) C:\Users\Margit\Downloads\ccsetup414.exe 2014-05-26 10:24 - 2014-05-26 10:24 - 00001268 _____ () C:\Users\Margit\Desktop\Revo Uninstaller.lnk 2014-05-26 10:24 - 2014-05-26 10:24 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group 2014-05-26 10:23 - 2014-05-26 10:24 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\Margit\Downloads\revosetup95.exe 2014-05-26 10:00 - 2014-05-26 11:37 - 00042054 _____ () C:\Users\Margit\Desktop\Addition.txt 2014-05-26 09:59 - 2014-05-27 13:07 - 02507179 _____ () C:\Users\Margit\Desktop\FRST.txt 2014-05-26 09:59 - 2014-05-26 09:59 - 00000000 ____D () C:\Users\Margit\Desktop\FRST-OlderVersion 2014-05-25 18:35 - 2014-05-26 21:55 - 00000350 _____ () C:\Users\Margit\Desktop\Neues Textdokument (2).txt 2014-05-25 17:54 - 2014-05-25 18:02 - 948329604 _____ () C:\Users\Margit\Downloads\Gates-of-Heaven DE.exe 2014-05-25 10:05 - 2014-05-25 10:05 - 05770445 _____ () C:\Users\Margit\Downloads\18pic10.rar 2014-05-23 17:20 - 2014-05-23 17:20 - 00000000 ____D () C:\Users\Margit\AppData\Local\fabi.me 2014-05-23 17:18 - 2013-09-24 11:14 - 00179200 _____ (fabi.me) C:\Users\Margit\Desktop\SpeedAutoClicker.exe 2014-05-23 17:17 - 2014-05-23 17:18 - 00094899 _____ () C:\Users\Margit\Downloads\SpeedAutoClicker.zip 2014-05-23 16:38 - 2014-05-23 16:38 - 02347384 _____ (ESET) C:\Users\Margit\Downloads\esetsmartinstaller_deu.exe 2014-05-23 16:38 - 2014-05-23 16:38 - 00000000 ____D () C:\Program Files (x86)\ESET 2014-05-23 16:34 - 2014-05-23 16:35 - 00022255 _____ () C:\Users\Margit\Downloads\mbam-log-2014-05-23 (16-25-17).xml 2014-05-23 16:24 - 2014-05-26 14:14 - 00000000 ____D () C:\Users\Margit\Desktop\Neuer Ordner (2) 2014-05-23 15:45 - 2014-05-27 13:04 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2014-05-23 15:44 - 2014-05-26 13:15 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys 2014-05-23 15:44 - 2014-05-23 15:44 - 00001106 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk 2014-05-23 15:44 - 2014-05-23 15:44 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 2014-05-23 15:44 - 2014-05-23 15:44 - 00000000 ____D () C:\ProgramData\Malwarebytes 2014-05-23 15:44 - 2014-05-23 15:44 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 2014-05-23 15:44 - 2014-05-12 07:26 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys 2014-05-23 15:44 - 2014-05-12 07:25 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys 2014-05-23 14:15 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\Windows\SysWOW64\sqlite3.dll 2014-05-21 16:19 - 2014-05-21 16:19 - 00000000 ____D () C:\Windows\ERUNT 2014-05-21 13:59 - 2014-05-26 14:19 - 00000000 ____D () C:\AdwCleaner 2014-05-16 19:10 - 2014-05-27 13:07 - 00000000 ____D () C:\FRST 2014-05-16 19:09 - 2014-05-26 09:59 - 02066944 _____ (Farbar) C:\Users\Margit\Desktop\FRST64.exe 2014-05-14 22:58 - 2014-05-06 06:40 - 23544320 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2014-05-14 22:58 - 2014-05-06 06:17 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2014-05-14 22:58 - 2014-05-06 05:25 - 17382912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2014-05-14 22:58 - 2014-05-06 05:07 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb 2014-05-14 22:58 - 2014-05-06 05:00 - 00084992 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll 2014-05-14 22:58 - 2014-05-06 04:10 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll 2014-05-14 09:51 - 2014-05-09 08:14 - 00477184 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll 2014-05-14 09:51 - 2014-05-09 08:11 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll 2014-05-14 09:51 - 2014-03-25 04:43 - 14175744 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll 2014-05-14 09:51 - 2014-03-25 04:09 - 12874240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll 2014-05-14 09:50 - 2014-04-12 04:22 - 00155072 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys 2014-05-14 09:50 - 2014-04-12 04:22 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys 2014-05-14 09:50 - 2014-04-12 04:19 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll 2014-05-14 09:50 - 2014-04-12 04:19 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll 2014-05-14 09:50 - 2014-04-12 04:19 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe 2014-05-14 09:50 - 2014-04-12 04:19 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll 2014-05-14 09:50 - 2014-04-12 04:19 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll 2014-05-14 09:50 - 2014-04-12 04:12 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll 2014-05-14 09:50 - 2014-04-12 04:10 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll 2014-05-14 09:50 - 2014-03-04 11:47 - 05550016 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe 2014-05-14 09:50 - 2014-03-04 11:44 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll 2014-05-14 09:50 - 2014-03-04 11:44 - 00722944 _____ (Microsoft Corporation) C:\Windows\system32\objsel.dll 2014-05-14 09:50 - 2014-03-04 11:44 - 00424960 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll 2014-05-14 09:50 - 2014-03-04 11:44 - 00340992 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll 2014-05-14 09:50 - 2014-03-04 11:44 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll 2014-05-14 09:50 - 2014-03-04 11:44 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll 2014-05-14 09:50 - 2014-03-04 11:44 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll 2014-05-14 09:50 - 2014-03-04 11:44 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\wincredprovider.dll 2014-05-14 09:50 - 2014-03-04 11:43 - 00455168 _____ (Microsoft Corporation) C:\Windows\system32\winlogon.exe 2014-05-14 09:50 - 2014-03-04 11:43 - 00057344 _____ (Microsoft Corporation) C:\Windows\system32\cngprovider.dll 2014-05-14 09:50 - 2014-03-04 11:43 - 00056832 _____ (Microsoft Corporation) C:\Windows\system32\adprovider.dll 2014-05-14 09:50 - 2014-03-04 11:43 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\capiprovider.dll 2014-05-14 09:50 - 2014-03-04 11:43 - 00052736 _____ (Microsoft Corporation) C:\Windows\system32\dpapiprovider.dll 2014-05-14 09:50 - 2014-03-04 11:43 - 00044544 _____ (Microsoft Corporation) C:\Windows\system32\dimsroam.dll 2014-05-14 09:50 - 2014-03-04 11:43 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll 2014-05-14 09:50 - 2014-03-04 11:20 - 03969984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe 2014-05-14 09:50 - 2014-03-04 11:20 - 03914176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe 2014-05-14 09:50 - 2014-03-04 11:17 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll 2014-05-14 09:50 - 2014-03-04 11:17 - 00538112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\objsel.dll 2014-05-14 09:50 - 2014-03-04 11:17 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll 2014-05-14 09:50 - 2014-03-04 11:17 - 00247808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll 2014-05-14 09:50 - 2014-03-04 11:17 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll 2014-05-14 09:50 - 2014-03-04 11:17 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll 2014-05-14 09:50 - 2014-03-04 11:17 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cngprovider.dll 2014-05-14 09:50 - 2014-03-04 11:17 - 00049664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adprovider.dll 2014-05-14 09:50 - 2014-03-04 11:17 - 00048128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\capiprovider.dll 2014-05-14 09:50 - 2014-03-04 11:17 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dpapiprovider.dll 2014-05-14 09:50 - 2014-03-04 11:17 - 00036864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dimsroam.dll 2014-05-14 09:50 - 2014-03-04 11:17 - 00035328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wincredprovider.dll 2014-05-14 09:50 - 2014-03-04 11:17 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll 2014-05-14 09:50 - 2014-03-04 11:16 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll 2014-05-13 16:38 - 2014-05-23 15:58 - 00000000 ____D () C:\Program Files (x86)\RichMediaViewV1 2014-05-11 13:50 - 2014-05-26 15:29 - 00027212 _____ () C:\Windows\PFRO.log 2014-05-10 20:42 - 2014-05-10 20:42 - 00000000 ____D () C:\Users\Margit\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Lost Saga EU 2014-05-10 20:42 - 2014-05-10 20:42 - 00000000 ____D () C:\Program Files (x86)\NexonEU 2014-05-09 21:27 - 2014-05-09 21:27 - 00000000 __SHD () C:\Users\Margit\AppData\Local\EmieUserList 2014-05-09 21:27 - 2014-05-09 21:27 - 00000000 __SHD () C:\Users\Margit\AppData\Local\EmieSiteList 2014-05-09 19:58 - 2014-05-27 10:54 - 00000000 ____D () C:\Users\Margit\Desktop\Fusion FlyFF v19 2014-05-07 01:30 - 2014-05-15 09:05 - 00000000 ___SD () C:\Windows\system32\CompatTel 2014-05-04 18:33 - 2014-05-04 18:33 - 00003048 _____ () C:\Windows\System32\Tasks\{F42E840F-C5C0-4AE3-B967-3B87823AF4F0} 2014-05-03 22:36 - 2014-05-03 22:45 - 834385776 _____ () C:\Users\Margit\Documents\LostSagaEU_Full.exe 2014-05-03 22:34 - 2014-05-03 22:35 - 00000000 ____D () C:\Users\Margit\AppData\Local\Akamai 2014-05-01 22:03 - 2014-05-01 22:03 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\osu! 2014-05-01 17:42 - 2014-05-27 13:03 - 00002408 _____ () C:\Windows\setupact.log 2014-05-01 17:42 - 2014-05-01 17:42 - 00000000 _____ () C:\Windows\setuperr.log 2014-04-30 03:01 - 2014-03-06 10:32 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll 2014-04-30 03:00 - 2014-03-06 11:31 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll 2014-04-30 03:00 - 2014-03-06 10:59 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll 2014-04-30 03:00 - 2014-03-06 10:57 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll 2014-04-30 03:00 - 2014-03-06 10:57 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll 2014-04-30 03:00 - 2014-03-06 10:53 - 02767360 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2014-04-30 03:00 - 2014-03-06 10:40 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll 2014-04-30 03:00 - 2014-03-06 10:39 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll 2014-04-30 03:00 - 2014-03-06 10:29 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe 2014-04-30 03:00 - 2014-03-06 10:29 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe 2014-04-30 03:00 - 2014-03-06 10:28 - 00752640 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll 2014-04-30 03:00 - 2014-03-06 10:15 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe 2014-04-30 03:00 - 2014-03-06 10:11 - 05784064 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2014-04-30 03:00 - 2014-03-06 10:09 - 00453120 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll 2014-04-30 03:00 - 2014-03-06 10:03 - 00586240 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe 2014-04-30 03:00 - 2014-03-06 10:02 - 00455168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll 2014-04-30 03:00 - 2014-03-06 10:02 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll 2014-04-30 03:00 - 2014-03-06 10:01 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll 2014-04-30 03:00 - 2014-03-06 09:56 - 00038400 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll 2014-04-30 03:00 - 2014-03-06 09:48 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll 2014-04-30 03:00 - 2014-03-06 09:47 - 02178048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2014-04-30 03:00 - 2014-03-06 09:46 - 04254720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll 2014-04-30 03:00 - 2014-03-06 09:46 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll 2014-04-30 03:00 - 2014-03-06 09:45 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll 2014-04-30 03:00 - 2014-03-06 09:42 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll 2014-04-30 03:00 - 2014-03-06 09:40 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll 2014-04-30 03:00 - 2014-03-06 09:38 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe 2014-04-30 03:00 - 2014-03-06 09:36 - 00592896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll 2014-04-30 03:00 - 2014-03-06 09:22 - 00367616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll 2014-04-30 03:00 - 2014-03-06 09:21 - 00628736 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2014-04-30 03:00 - 2014-03-06 09:13 - 00032256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll 2014-04-30 03:00 - 2014-03-06 09:11 - 02043904 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl 2014-04-30 03:00 - 2014-03-06 09:07 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll 2014-04-30 03:00 - 2014-03-06 09:01 - 00244224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll 2014-04-30 03:00 - 2014-03-06 08:53 - 13551104 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2014-04-30 03:00 - 2014-03-06 08:46 - 00524288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll 2014-04-30 03:00 - 2014-03-06 08:40 - 01967104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl 2014-04-30 03:00 - 2014-03-06 08:36 - 11745792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2014-04-30 03:00 - 2014-03-06 08:22 - 02260480 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2014-04-30 03:00 - 2014-03-06 07:58 - 01400832 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2014-04-30 03:00 - 2014-03-06 07:50 - 00846336 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll 2014-04-30 03:00 - 2014-03-06 07:43 - 00704512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll 2014-04-30 03:00 - 2014-03-06 07:41 - 01789440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2014-04-30 03:00 - 2014-03-06 07:36 - 01143808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll ==================== One Month Modified Files and Folders ======= 2014-05-27 13:07 - 2014-05-26 09:59 - 02507179 _____ () C:\Users\Margit\Desktop\FRST.txt 2014-05-27 13:07 - 2014-05-16 19:10 - 00000000 ____D () C:\FRST 2014-05-27 13:04 - 2014-05-23 15:45 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2014-05-27 13:04 - 2014-04-17 21:18 - 00002840 _____ () C:\Windows\System32\Tasks\SlimDrivers Startup 2014-05-27 13:04 - 2014-04-17 21:18 - 00000412 _____ () C:\Windows\Tasks\SlimDrivers Startup.job 2014-05-27 13:03 - 2014-05-01 17:42 - 00002408 _____ () C:\Windows\setupact.log 2014-05-27 13:03 - 2014-04-17 21:18 - 00016152 _____ () C:\Windows\system32\Drivers\SWDUMon.sys 2014-05-27 13:03 - 2014-04-14 15:13 - 00000000 ____D () C:\Users\Margit\AppData\Local\HTC MediaHub 2014-05-27 13:03 - 2014-03-26 13:44 - 00000284 _____ () C:\Windows\Tasks\FF Watcher {9C240B47-73DD-4A6F-B0FE-B3D2076627A3}.job 2014-05-27 13:03 - 2014-03-22 22:38 - 00000008 __RSH () C:\ProgramData\ntuser.pol 2014-05-27 13:03 - 2014-02-14 15:10 - 00001106 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore1cf29862a32b79d.job 2014-05-27 13:03 - 2013-06-13 13:10 - 00065536 _____ () C:\Windows\system32\Ikeext.etl 2014-05-27 13:03 - 2013-02-16 19:14 - 00000000 ____D () C:\Users\Margit\AppData\Local\LogMeIn Hamachi 2014-05-27 13:03 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2014-05-27 13:02 - 2012-12-17 11:33 - 01658791 _____ () C:\Windows\WindowsUpdate.log 2014-05-27 13:02 - 2009-07-14 05:20 - 00000000 ___HD () C:\Windows\system32\GroupPolicy 2014-05-27 12:18 - 2012-12-17 14:21 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job 2014-05-27 10:56 - 2009-07-14 06:45 - 00033344 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2014-05-27 10:56 - 2009-07-14 06:45 - 00033344 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2014-05-27 10:54 - 2014-05-09 19:58 - 00000000 ____D () C:\Users\Margit\Desktop\Fusion FlyFF v19 2014-05-26 21:55 - 2014-05-25 18:35 - 00000350 _____ () C:\Users\Margit\Desktop\Neues Textdokument (2).txt 2014-05-26 15:29 - 2014-05-11 13:50 - 00027212 _____ () C:\Windows\PFRO.log 2014-05-26 14:19 - 2014-05-21 13:59 - 00000000 ____D () C:\AdwCleaner 2014-05-26 14:15 - 2014-05-26 14:15 - 01327971 _____ () C:\Users\Margit\Downloads\adwcleaner_3.211.exe 2014-05-26 14:14 - 2014-05-23 16:24 - 00000000 ____D () C:\Users\Margit\Desktop\Neuer Ordner (2) 2014-05-26 14:08 - 2014-05-26 13:16 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable) 2014-05-26 14:08 - 2014-05-26 13:15 - 00000000 ____D () C:\Users\Margit\Desktop\mbar 2014-05-26 13:59 - 2014-05-26 13:54 - 00176005 _____ () C:\Users\Margit\Desktop\Neues Textdokument (3).txt 2014-05-26 13:15 - 2014-05-26 13:14 - 12589848 _____ (Malwarebytes Corp.) C:\Users\Margit\Downloads\mbar-1.07.0.1009.exe 2014-05-26 13:15 - 2014-05-23 15:44 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys 2014-05-26 12:32 - 2013-06-23 16:46 - 00000000 ____D () C:\Program Files (x86)\Chromer 2014-05-26 11:39 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\tracing 2014-05-26 11:37 - 2014-05-26 10:00 - 00042054 _____ () C:\Users\Margit\Desktop\Addition.txt 2014-05-26 11:06 - 2012-12-17 11:54 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information 2014-05-26 11:05 - 2014-05-26 11:05 - 00000822 _____ () C:\Users\Public\Desktop\CCleaner.lnk 2014-05-26 11:05 - 2014-05-26 11:04 - 04748896 _____ (Piriform Ltd) C:\Users\Margit\Downloads\ccsetup414.exe 2014-05-26 11:05 - 2013-04-28 20:23 - 00002774 _____ () C:\Windows\System32\Tasks\CCleanerSkipUAC 2014-05-26 11:05 - 2013-04-28 20:23 - 00000000 ____D () C:\Program Files\CCleaner 2014-05-26 10:45 - 2014-04-17 20:56 - 00000000 ____D () C:\Program Files (x86)\Steam 2014-05-26 10:26 - 2014-02-20 17:07 - 00000000 ____D () C:\Program Files (x86)\Avira 2014-05-26 10:24 - 2014-05-26 10:24 - 00001268 _____ () C:\Users\Margit\Desktop\Revo Uninstaller.lnk 2014-05-26 10:24 - 2014-05-26 10:24 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group 2014-05-26 10:24 - 2014-05-26 10:23 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\Margit\Downloads\revosetup95.exe 2014-05-26 09:59 - 2014-05-26 09:59 - 00000000 ____D () C:\Users\Margit\Desktop\FRST-OlderVersion 2014-05-26 09:59 - 2014-05-16 19:09 - 02066944 _____ (Farbar) C:\Users\Margit\Desktop\FRST64.exe 2014-05-25 18:02 - 2014-05-25 17:54 - 948329604 _____ () C:\Users\Margit\Downloads\Gates-of-Heaven DE.exe 2014-05-25 10:05 - 2014-05-25 10:05 - 05770445 _____ () C:\Users\Margit\Downloads\18pic10.rar 2014-05-25 03:22 - 2013-06-23 20:58 - 00000000 ____D () C:\Program Files\Microsoft Silverlight 2014-05-25 03:22 - 2013-06-23 20:58 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight 2014-05-25 03:05 - 2013-06-23 20:59 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight 2014-05-23 17:20 - 2014-05-23 17:20 - 00000000 ____D () C:\Users\Margit\AppData\Local\fabi.me 2014-05-23 17:18 - 2014-05-23 17:17 - 00094899 _____ () C:\Users\Margit\Downloads\SpeedAutoClicker.zip 2014-05-23 16:38 - 2014-05-23 16:38 - 02347384 _____ (ESET) C:\Users\Margit\Downloads\esetsmartinstaller_deu.exe 2014-05-23 16:38 - 2014-05-23 16:38 - 00000000 ____D () C:\Program Files (x86)\ESET 2014-05-23 16:35 - 2014-05-23 16:34 - 00022255 _____ () C:\Users\Margit\Downloads\mbam-log-2014-05-23 (16-25-17).xml 2014-05-23 16:06 - 2013-11-16 00:26 - 00000000 ____D () C:\Program Files (x86)\qualitink 2014-05-23 16:06 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\security 2014-05-23 15:58 - 2014-05-13 16:38 - 00000000 ____D () C:\Program Files (x86)\RichMediaViewV1 2014-05-23 15:58 - 2014-04-25 21:38 - 00000000 ____D () C:\Program Files (x86)\MediaBuzzV1 2014-05-23 15:44 - 2014-05-23 15:44 - 00001106 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk 2014-05-23 15:44 - 2014-05-23 15:44 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 2014-05-23 15:44 - 2014-05-23 15:44 - 00000000 ____D () C:\ProgramData\Malwarebytes 2014-05-23 15:44 - 2014-05-23 15:44 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 2014-05-23 14:20 - 2014-01-10 19:34 - 00000000 ____D () C:\Users\Margit\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome 2014-05-23 14:20 - 2013-05-01 12:11 - 00000997 _____ () C:\Users\Margit\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk 2014-05-23 14:20 - 2012-12-17 11:40 - 00000000 ___RD () C:\Users\Margit\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup 2014-05-23 14:20 - 2012-12-17 11:39 - 00000000 ____D () C:\Users\Margit 2014-05-23 07:08 - 2014-04-23 17:06 - 00167936 ___SH () C:\Users\Margit\Desktop\Thumbs.db 2014-05-22 19:18 - 2014-02-06 17:57 - 00002175 _____ () C:\Users\Public\Desktop\Google Chrome.lnk 2014-05-22 10:01 - 2014-03-09 21:49 - 00000000 ____D () C:\Users\Margit\AppData\Roaming\Spotify 2014-05-21 16:24 - 2009-07-14 04:34 - 00000568 _____ () C:\Windows\win.ini 2014-05-21 16:19 - 2014-05-21 16:19 - 00000000 ____D () C:\Windows\ERUNT 2014-05-21 13:59 - 2014-04-22 18:58 - 00000000 ____D () C:\Users\Margit\Desktop\benny bewerbung 2014-05-20 13:14 - 2012-12-17 20:27 - 00699432 _____ () C:\Windows\system32\perfh007.dat 2014-05-20 13:14 - 2012-12-17 20:27 - 00149572 _____ () C:\Windows\system32\perfc007.dat 2014-05-20 13:14 - 2009-07-14 07:13 - 01620684 _____ () C:\Windows\system32\PerfStringBackup.INI 2014-05-20 07:49 - 2009-07-14 07:08 - 00032632 _____ () C:\Windows\Tasks\SCHEDLGU.TXT 2014-05-15 12:54 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\rescache 2014-05-15 09:10 - 2012-12-17 11:40 - 00000000 ___RD () C:\Users\Margit\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools 2014-05-15 09:05 - 2014-05-07 01:30 - 00000000 ___SD () C:\Windows\system32\CompatTel 2014-05-15 09:05 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\PolicyDefinitions 2014-05-14 22:58 - 2013-07-13 03:09 - 00000000 ____D () C:\Windows\system32\MRT 2014-05-14 22:56 - 2012-12-17 13:29 - 93223848 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe 2014-05-13 21:18 - 2012-12-17 14:21 - 00692400 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2014-05-13 21:18 - 2012-12-17 14:21 - 00070832 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2014-05-13 21:18 - 2012-12-17 14:21 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater 2014-05-12 07:26 - 2014-05-23 15:44 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys 2014-05-12 07:25 - 2014-05-23 15:44 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys 2014-05-11 01:39 - 2012-12-21 12:53 - 00000000 ____D () C:\Users\Margit\AppData\Roaming\Skype 2014-05-10 20:42 - 2014-05-10 20:42 - 00000000 ____D () C:\Users\Margit\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Lost Saga EU 2014-05-10 20:42 - 2014-05-10 20:42 - 00000000 ____D () C:\Program Files (x86)\NexonEU 2014-05-10 14:37 - 2013-04-15 21:52 - 00000000 ____D () C:\Users\Margit\AppData\Local\Spotify 2014-05-10 12:31 - 2012-12-17 11:51 - 00001110 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2014-05-09 21:27 - 2014-05-09 21:27 - 00000000 __SHD () C:\Users\Margit\AppData\Local\EmieUserList 2014-05-09 21:27 - 2014-05-09 21:27 - 00000000 __SHD () C:\Users\Margit\AppData\Local\EmieSiteList 2014-05-09 20:20 - 2014-04-05 16:47 - 00003854 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore1cf29862a32b79d 2014-05-09 20:20 - 2012-12-17 11:51 - 00004108 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA 2014-05-09 08:14 - 2014-05-14 09:51 - 00477184 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll 2014-05-09 08:11 - 2014-05-14 09:51 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll 2014-05-06 06:40 - 2014-05-14 22:58 - 23544320 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2014-05-06 06:17 - 2014-05-14 22:58 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2014-05-06 05:25 - 2014-05-14 22:58 - 17382912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2014-05-06 05:07 - 2014-05-14 22:58 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb 2014-05-06 05:00 - 2014-05-14 22:58 - 00084992 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll 2014-05-06 04:10 - 2014-05-14 22:58 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll 2014-05-04 18:33 - 2014-05-04 18:33 - 00003048 _____ () C:\Windows\System32\Tasks\{F42E840F-C5C0-4AE3-B967-3B87823AF4F0} 2014-05-03 22:45 - 2014-05-03 22:36 - 834385776 _____ () C:\Users\Margit\Documents\LostSagaEU_Full.exe 2014-05-03 22:35 - 2014-05-03 22:34 - 00000000 ____D () C:\Users\Margit\AppData\Local\Akamai 2014-05-03 20:11 - 2014-04-20 02:54 - 00000637 _____ () C:\attach.ini 2014-05-03 19:46 - 2014-04-20 02:54 - 00000417 _____ () C:\mapui.ini 2014-05-02 14:47 - 2012-12-21 18:45 - 00000000 ____D () C:\Users\Margit\Desktop\NosTale 2014-05-01 22:03 - 2014-05-01 22:03 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\osu! 2014-05-01 17:42 - 2014-05-01 17:42 - 00000000 _____ () C:\Windows\setuperr.log 2014-04-30 17:32 - 2014-04-25 17:33 - 00000000 ____D () C:\Users\Margit\AppData\Roaming\.minecraft 2014-04-29 18:44 - 2012-12-21 12:53 - 00000000 ___RD () C:\Program Files (x86)\Skype Files to move or delete: ==================== C:\Users\Margit\Desktopasdasd.exe C:\Users\Margit\S4_League.exe Some content of TEMP: ==================== C:\Users\Margit\AppData\Local\Temp\avgnt.exe C:\Users\Margit\AppData\Local\Temp\Quarantine.exe ==================== Bamital & volsnap Check ================= C:\Windows\System32\winlogon.exe => MD5 is legit C:\Windows\System32\wininit.exe => MD5 is legit C:\Windows\SysWOW64\wininit.exe => MD5 is legit C:\Windows\explorer.exe => MD5 is legit C:\Windows\SysWOW64\explorer.exe => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\SysWOW64\svchost.exe => MD5 is legit C:\Windows\System32\services.exe => MD5 is legit C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\SysWOW64\User32.dll => MD5 is legit C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\SysWOW64\userinit.exe => MD5 is legit C:\Windows\System32\rpcss.dll => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit LastRegBack: 2014-05-26 12:29 ==================== End Of Log ============================ --- --- --- --- --- --- Mein Bruder kennt Tor nicht und mir ist noch nicht so aufgefallen da mein Rechner schneller wird. Mir wurde nun auch erzählt dass ich mich auf so etwas wie CCleaner nicht verlassen soll sobald ich die Registry scanne und lösche da CCleaner nicht weiß was wichtig sein könnte oder nicht. Ich habe durch diese Adware die mir einfach Sachen heruntergeladen hat auch noch ganz viele andere Tools auf meinem pc |
|
27.05.2014, 12:16
| #56 | |||
| /// Malwareteam | Maus Klick 2x statt 1x/ Google Chrome öffnet Ads trotz Adblock proZitat:
Zitat:
Zitat:
Ich lese gerade deine Logfiles und warte auf die Antwort auf meine Fragen aus diesem Post. |
|
27.05.2014, 12:25
| #57 |
| /// Malwareteam | Maus Klick 2x statt 1x/ Google Chrome öffnet Ads trotz Adblock pro so... die ESET Funde löschen wir erstmal. Deine Archive löschen wir nicht, aber denk daran das sie Viren enthalten (Tools die du in den backups gepackt hast). Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster. Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument Code:
ATTFilter C:\Program Files (x86)\Chromer\
C:\Program Files (x86)\HDPlayer\
C:\Program Files (x86)\qualitink\
C:\Users\Margit\AppData\Local\Google\Chrome\User Data\Default\File System\019\t\00\00000000
C:\Users\Margit\AppData\Local\Google\Chrome\User Data\Default\File System\020\t\00\00000000
C:\Users\Margit\AppData\Local\Google\Chrome\User Data\Default\File System\021\t\00\00000000
C:\Users\Margit\AppData\Local\Google\Chrome\User Data\Default\File System\023\t\00\00000000
C:\Users\Margit\AppData\Local\Google\Chrome\User Data\Default\File System\024\t\00\00000001
C:\Users\Margit\AppData\Local\Google\Chrome\User Data\Default\File System\026\t\00\00000000
C:\Users\Margit\AppData\Roaming\Mozilla\Firefox\Profiles\qmvnd1sk.default\extensions\firefox@qualitink.net\chrome\content\overlay.js
C:\Users\Margit\Documents\LostSagaEU_Full.exe
HKLM-x32\...\Run: [tmp92DF] => wscript.exe //B "C:\Users\Margit\AppData\Roaming\tmp92DF.tmp.vbs"
HKLM-x32\...\Run: [tmp7F5F] => wscript.exe //B "C:\Users\Margit\AppData\Roaming\tmp7F5F.tmp.vbs"
C:\Users\Margit\AppData\Roaming\*.tmp.vbs
ProxyServer: http=127.0.0.1:8118;https=127.0.0.1:8118
FF NetworkProxy: " type", 1);user_pref("network.proxy.http", "127.0.0.1");user_pref("network.proxy.http_port", 8118);user_pref("network.proxy.ssl", "127.0.0.1");user_pref("network.proxy.ssl_port", 8118
Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
Schritt 2: nutze bitte CCleaner und lösche deine Temp Files. Schritt 3: erstelle ein neues FRST Logfile und poste es hier |
|
27.05.2014, 12:34
| #58 |
| | Maus Klick 2x statt 1x/ Google Chrome öffnet Ads trotz Adblock proCode:
ATTFilter Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 25-05-2014 02
Ran by Margit at 2014-05-27 13:31:57 Run:3
Running from C:\Users\Margit\Desktop
Boot Mode: Normal
==============================================
Content of fixlist:
*****************
C:\Program Files (x86)\Chromer\
C:\Program Files (x86)\HDPlayer\
C:\Program Files (x86)\qualitink\
C:\Users\Margit\AppData\Local\Google\Chrome\User Data\Default\File System\019\t\00\00000000
C:\Users\Margit\AppData\Local\Google\Chrome\User Data\Default\File System\020\t\00\00000000
C:\Users\Margit\AppData\Local\Google\Chrome\User Data\Default\File System\021\t\00\00000000
C:\Users\Margit\AppData\Local\Google\Chrome\User Data\Default\File System\023\t\00\00000000
C:\Users\Margit\AppData\Local\Google\Chrome\User Data\Default\File System\024\t\00\00000001
C:\Users\Margit\AppData\Local\Google\Chrome\User Data\Default\File System\026\t\00\00000000
C:\Users\Margit\AppData\Roaming\Mozilla\Firefox\Profiles\qmvnd1sk.default\extensions\firefox@qualitink.net\chrome\content\overlay.js
C:\Users\Margit\Documents\LostSagaEU_Full.exe
HKLM-x32\...\Run: [tmp92DF] => wscript.exe //B "C:\Users\Margit\AppData\Roaming\tmp92DF.tmp.vbs"
HKLM-x32\...\Run: [tmp7F5F] => wscript.exe //B "C:\Users\Margit\AppData\Roaming\tmp7F5F.tmp.vbs"
C:\Users\Margit\AppData\Roaming\*.tmp.vbs
ProxyServer: http=127.0.0.1:8118;https=127.0.0.1:8118
*****************
C:\Program Files (x86)\Chromer => Moved successfully.
C:\Program Files (x86)\HDPlayer => Moved successfully.
C:\Program Files (x86)\qualitink => Moved successfully.
"C:\Users\Margit\AppData\Local\Google\Chrome\User Data\Default\File System\019\t\00\00000000" => File/Directory not found.
"C:\Users\Margit\AppData\Local\Google\Chrome\User Data\Default\File System\020\t\00\00000000" => File/Directory not found.
"C:\Users\Margit\AppData\Local\Google\Chrome\User Data\Default\File System\021\t\00\00000000" => File/Directory not found.
"C:\Users\Margit\AppData\Local\Google\Chrome\User Data\Default\File System\023\t\00\00000000" => File/Directory not found.
"C:\Users\Margit\AppData\Local\Google\Chrome\User Data\Default\File System\024\t\00\00000001" => File/Directory not found.
"C:\Users\Margit\AppData\Local\Google\Chrome\User Data\Default\File System\026\t\00\00000000" => File/Directory not found.
C:\Users\Margit\AppData\Roaming\Mozilla\Firefox\Profiles\qmvnd1sk.default\extensions\firefox@qualitink.net\chrome\content\overlay.js => Moved successfully.
C:\Users\Margit\Documents\LostSagaEU_Full.exe => Moved successfully.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\tmp92DF => Value deleted successfully.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\tmp7F5F => Value deleted successfully.
"C:\Users\Margit\AppData\Roaming\*.tmp.vbs" => File/Directory not found.
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer => Value deleted successfully.
==== End of Fixlog ====
|
|
27.05.2014, 12:38
| #59 | |
| /// Malwareteam | Maus Klick 2x statt 1x/ Google Chrome öffnet Ads trotz Adblock proZitat:
|
|
27.05.2014, 12:49
| #60 |
| | Maus Klick 2x statt 1x/ Google Chrome öffnet Ads trotz Adblock pro Wie meinst du das mit hi ich habe den Post im Logfile Editiert nutze bite den Letzden |
|
| Themen zu Maus Klick 2x statt 1x/ Google Chrome öffnet Ads trotz Adblock pro |
| adblock, antivirus, avira, dateien, falsch, festplatte, free, google, hängen, java, java download, klicke, langsam, maus, neue, neue seite, pc langsam, pc probleme, problem, probleme, probleme mit maus, seite, seiten, software, system, trojaner, update, viren, virus, werbung, öffnet |
Gruß Aneri 
Linear-Darstellung
