| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Mein yahoo email-account verschickt SPAM an meine KontakteWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
02.06.2014, 16:10
| #1 |
| |  Mein yahoo email-account verschickt SPAM an meine Kontakte Seit gestern wurde ich mehrmals darauf hingewiesen, dass Personen von meiner email-Adresse aus Spam-Nachrichten erhalten haben. In meinem Gesendet-Ordner sind keine emails zu sehen und es hat sich auch niemand anderes in meinen Account eingeloggt. Ich habe gestern mein Passwort geändert und meine Kontakte gelöscht, jedoch wurden in der Nacht um 4 Uhr wieder Mails an gelöschte Kontakte verschickt. Jetzt weiß ich nicht mehr weiter, da sich in meinen Kontakten Lehrer und weitere Personen befunden haben. Das wäre sehr unangenehm, wenn diese von ständigen Spam-Mails überhäuft werden würden. Hier sind die Logs vom FRST-Scan: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:01-06-2014 01
Ran by kebin (administrator) on KEBIN-PC on 02-06-2014 17:02:21
Running from C:\Users\kebin\Downloads
Platform: Microsoft Windows 7 Home Premium Service Pack 1 (X86) OS Language: German Standard
Internet Explorer Version 11
Boot Mode: Normal
The only official download link for FRST:
Download link for 32-Bit version: hxxp://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: hxxp://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avguard.exe
() C:\Windows\System32\PnkBstrA.exe
(Realtek) C:\Program Files\Realtek\11n USB Wireless LAN Utility\RtlService.exe
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
(Renesas Electronics Corporation) C:\Program Files\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
(SAMSUNG ELECTRONICS) C:\Program Files\Samsung\Samsung Media Studio 5\SMSTray.exe
(Advanced Micro Devices Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(ATI Technologies Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Realtek Semiconductor Corp.) C:\Program Files\Realtek\11n USB Wireless LAN Utility\RtWLan.exe
(Microsoft Corporation) C:\Windows\System32\wuauclt.exe
(Emsisoft GmbH) C:\Program Files\Emsisoft Anti-Malware\a2service.exe
(Emsisoft GmbH) C:\Program Files\Emsisoft Anti-Malware\a2guard.exe
(Emsisoft GmbH) C:\Program Files\Emsisoft Anti-Malware\a2start.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [NUSB3MON] => C:\Program Files\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe [113288 2010-04-27] (Renesas Electronics Corporation)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [9288296 2010-06-14] (Realtek Semiconductor)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [946352 2012-12-18] (Adobe Systems Incorporated)
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [253816 2013-03-12] (Oracle Corporation)
HKLM\...\Run: [avgnt] => C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [689744 2014-02-20] (Avira Operations GmbH & Co. KG)
HKLM\...\Run: [SMSTray] => C:\Program Files\Samsung\Samsung Media Studio 5\SMSTray.exe [132624 2007-12-14] (SAMSUNG ELECTRONICS)
HKLM\...\Run: [StartCCC] => C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [642656 2013-03-28] (Advanced Micro Devices, Inc.)
HKLM\...\Run: [HP Software Update] => C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe [49208 2011-03-24] (Hewlett-Packard)
HKLM\...\Run: [] => [X]
HKLM\...\Run: [emsisoft anti-malware] => c:\program files\emsisoft anti-malware\a2guard.exe [4330432 2014-02-15] (Emsisoft GmbH)
HKU\.DEFAULT\...\RunOnce: [SPReview] - C:\Windows\System32\SPReview\SPReview.exe [280576 2013-03-20] (Microsoft Corporation)
HKU\S-1-5-21-3919152501-1714073753-3578707811-1000\...\Run: [] => [X]
HKU\S-1-5-21-3919152501-1714073753-3578707811-1000\...\Run: [Spotify Web Helper] => C:\Users\kebin\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1171000 2014-04-16] (Spotify Ltd)
HKU\S-1-5-21-3919152501-1714073753-3578707811-1000\...\Run: [CPU_Control] => C:\Program Files\CPU-Control\CPU_Control.exe [1034240 2009-01-04] ()
HKU\S-1-5-21-3919152501-1714073753-3578707811-1000\...\Run: [DAEMON Tools Lite] => "C:\Program Files\DAEMON Tools Lite\DTLite.exe" -autorun
HKU\S-1-5-21-3919152501-1714073753-3578707811-1000\...\MountPoints2: I - I:\Setup.exe
HKU\S-1-5-21-3919152501-1714073753-3578707811-1000\...\MountPoints2: {7c3722b3-bc8b-11e2-ae42-c93ad4f53fab} - I:\INSTALL.EXE
HKU\S-1-5-21-3919152501-1714073753-3578707811-1000\...\MountPoints2: {b34471aa-f51d-11e2-9a3c-6c626d8af7c3} - I:\setup.exe
HKU\S-1-5-21-3919152501-1714073753-3578707811-1000\...\MountPoints2: {d20c0b20-c6a5-11e2-b23d-aad8909b5fad} - I:\INSTALL.EXE
Startup: C:\Users\kebin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk
ShortcutTarget: OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk -> C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
Startup: C:\Users\kebin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.4.1.lnk
ShortcutTarget: OpenOffice.org 3.4.1.lnk -> C:\Program Files\OpenOffice.org 3\program\quickstart.exe ()
==================== Internet (Whitelisted) ====================
ProxyServer: 95.211.129.32:3128
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://feed.snapdo.com/?publisher=VertiTechnologyYB&dpid=VertiTechnologyYB&co=DE&userid=67df9fbc-4fcc-49d5-9d21-2130fbe62346&searchtype=ds&q={searchTerms}&installDate=01/01/1970
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.golsearch.com/?babsrc=HP_ss_Btisdt6&mntrId=D2636C626D8AF7C3&affID=121564&tt=160713_9127&tsp=4946
HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://feed.snapdo.com/?publisher=VertiTechnologyYB&dpid=VertiTechnologyYB&co=DE&userid=67df9fbc-4fcc-49d5-9d21-2130fbe62346&searchtype=ds&q={searchTerms}&installDate=01/01/1970
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.qvo6.com/?utm_source=b&utm_medium=vtt&from=vtt&uid=WDCXWD15EARS-00MVWB0_WD-WMAZA083549035490&ts=1373376527
HKCU\Software\Microsoft\Internet Explorer\Main,bProtector Start Page = hxxp://www1.delta-search.com/?babsrc=HP_ss&mntrId=D2636C626D8AF7C3&affID=120517&tt=160713_9127&tsp=4945
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.qvo6.com/?utm_source=b&utm_medium=vtt&from=vtt&uid=WDCXWD15EARS-00MVWB0_WD-WMAZA083549035490&ts=1373376527
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.qvo6.com/?utm_source=b&utm_medium=vtt&from=vtt&uid=WDCXWD15EARS-00MVWB0_WD-WMAZA083549035490&ts=1373376527
StartMenuInternet: IEXPLORE.EXE - C:\Program Files\Internet Explorer\iexplore.exe hxxp://www.qvo6.com/?utm_source=b&utm_medium=vtt&from=vtt&uid=WDCXWD15EARS-00MVWB0_WD-WMAZA083549035490&ts=1373373982
SearchScopes: HKLM - DefaultScope {6EE4760F-2013-4BA5-BC1C-AC5D33C65EFA} URL =
SearchScopes: HKLM - {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = hxxp://feed.snapdo.com/?publisher=VertiTechnologyYB&dpid=VertiTechnologyYB&co=DE&userid=67df9fbc-4fcc-49d5-9d21-2130fbe62346&searchtype=ds&q={searchTerms}&installDate=01/01/1970
SearchScopes: HKCU - DefaultScope {6EE4760F-2013-4BA5-BC1C-AC5D33C65EFA} URL = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3311268&CUI=UN14762058129427503&UM=2
SearchScopes: HKCU - bProtectorDefaultScope {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
SearchScopes: HKCU - {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = hxxp://www.enhanced-search.com/?q={searchTerms}&babsrc=SP_ss_mib2&mntrId=D2636C626D8AF7C3&affID=121564&tt=160713_9127&tsp=4946
SearchScopes: HKCU - {6EE4760F-2013-4BA5-BC1C-AC5D33C65EFA} URL = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3311268&CUI=UN14762058129427503&UM=2
BHO: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO: No Name - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - No File
Toolbar: HKLM - No Name - {ae07101b-46d4-4a98-af68-0333ea26e113} - No File
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
ShellExecuteHooks: ShellHook Class - {88485281-8b4b-4f8d-9ede-82e29a064277} - C:\Program Files\MarkAny\ContentSafer\MACSMANAGER.dll [192512 2004-11-23] (MarkAny Cooperation.)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1
Tcpip\..\Interfaces\{26A623EB-0DB5-4189-B290-E65C1726041A}: [NameServer]192.169.137.1
FireFox:
========
FF ProfilePath: C:\Users\kebin\AppData\Roaming\Mozilla\Firefox\Profiles\olbrdq18.default
FF DefaultSearchEngine: Conduit Search
FF SelectedSearchEngine: Conduit Search
FF Homepage: hxxp://www.golsearch.com/?babsrc=HP_ss_Btisdt6&mntrId=D2636C626D8AF7C3&affID=121564&tt=160713_9127&tsp=4946
FF Keyword.URL: hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3311268&SearchSource=2&CUI=UN38072101937782320&UM=2&q=
FF NewTab: about:newtab
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_11_9_900_117.dll ()
FF Plugin: @esn.me/esnsonar,version=0.70.4 - C:\Program Files\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll (ESN Social Software AB)
FF Plugin: @esn/esnlaunch,version=2.3.0 - C:\Program Files\Battlelog Web Plugins\2.3.0\npesnlaunch.dll (ESN Social Software AB)
FF Plugin: @esn/npbattlelog,version=2.3.2 - C:\Program Files\Battlelog Web Plugins\2.3.2\npbattlelog.dll (EA Digital Illusions CE AB)
FF Plugin: @java.com/DTPlugin,version=10.21.2 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.21.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/WLPG,version=16.4.3508.0205 - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @nokia.com/EnablerPlugin - C:\Program Files\Nokia\Nokia Suite\npNokiaSuiteEnabler.dll ( )
FF Plugin: @pandonetworks.com/PandoWebPlugin - C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: electronicarts.com/GameFacePlugin - C:\Users\kebin\AppData\Roaming\Electronic Arts\Game Face\npGameFacePlugin.dll (Electronic Arts)
FF Plugin HKCU: pandonetworks.com/PandoWebPlugin - C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF Plugin HKCU: ubisoft.com/uplaypc - C:\Program Files\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll ()
FF user.js: detected! => C:\Users\kebin\AppData\Roaming\Mozilla\Firefox\Profiles\olbrdq18.default\user.js
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: No Name - C:\Users\kebin\AppData\Roaming\Mozilla\Firefox\profiles\extensions\extensions [2013-07-09]
FF Extension: FTdownloader V3.0 - C:\Users\kebin\AppData\Roaming\Mozilla\Firefox\profiles\extensions\ftdownloader3@ftdownloader.com.xpi [2013-04-11]
FF Extension: Plus-HD-4.5 - C:\Users\kebin\AppData\Roaming\Mozilla\Firefox\Profiles\olbrdq18.default\Extensions\a892fa08-2d07-49e8-adce-f650222629ca@82592752-c212-4885-b999-cb2a1d2f9d09.com [2014-04-23]
FF Extension: WhiteSmoke New V6 - C:\Users\kebin\AppData\Roaming\Mozilla\Firefox\Profiles\olbrdq18.default\Extensions\{da7f5ae1-3be3-43c0-8098-c1d183616e97} [2014-04-16]
FF HKLM\...\Firefox\Extensions: [{21EAF666-26B3-4a3c-ABD0-CA2F5A326744}] - C:\Program Files\V-bates\Firefox
FF HKCU\...\Firefox\Extensions: [{5a95a9e0-59dd-4314-bd84-4d18ca83a0e2}] - C:\Program Files\Wajam\Firefox\{5a95a9e0-59dd-4314-bd84-4d18ca83a0e2}.xpi
Chrome:
=======
CHR HomePage: hxxp://search.conduit.com/?ctid=CT3311268&SearchSource=48&CUI=UN29504919652995354&UM=2&UP=SP227CA280-2830-4C9A-BC80-F19CEDB88F74&SSPV=
CHR Plugin: (Shockwave Flash) - C:\Program Files\Google\Chrome\Application\35.0.1916.114\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files\Google\Chrome\Application\35.0.1916.114\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files\Google\Chrome\Application\35.0.1916.114\pdf.dll ()
CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Reader 11.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (ESN Launch Mozilla Plugin) - C:\Program Files\Battlelog Web Plugins\2.1.7\npesnlaunch.dll No File
CHR Plugin: (ESN Sonar API) - C:\Program Files\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll (ESN Social Software AB)
CHR Plugin: (Google Update) - C:\Program Files\Google\Update\1.3.21.149\npGoogleUpdate3.dll No File
CHR Plugin: (Java(TM) Platform SE 7 U21) - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
CHR Plugin: (Nokia Suite Enabler Plugin) - C:\Program Files\Nokia\Nokia Suite\npNokiaSuiteEnabler.dll ( )
CHR Plugin: (Shockwave Flash) - C:\Windows\system32\Macromed\Flash\NPSWF32_11_6_602_171.dll No File
CHR Plugin: (Java Deployment Toolkit 7.0.210.11) - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
CHR Extension: (ProxFlow) - C:\Users\kebin\AppData\Local\Google\Chrome\User Data\Default\Extensions\aakchaleigkohafkfjfjbblobjifikek [2013-11-10]
CHR Extension: (Google Drive) - C:\Users\kebin\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-07-09]
CHR Extension: (YouTube) - C:\Users\kebin\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-07-09]
CHR Extension: (Google-Suche) - C:\Users\kebin\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-07-09]
CHR Extension: (AdBlock) - C:\Users\kebin\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2013-08-09]
CHR Extension: (Google Wallet) - C:\Users\kebin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-22]
CHR Extension: (Google Mail) - C:\Users\kebin\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-07-09]
CHR HKLM\...\Chrome\Extension: [ibcgjcbeckcdemelifnledhihpaighfk] - C:\Users\kebin\AppData\Local\CRE\ibcgjcbeckcdemelifnledhihpaighfk.crx [2013-07-09]
CHR HKCU\...\Chrome\Extension: [ibcgjcbeckcdemelifnledhihpaighfk] - C:\Users\kebin\AppData\Local\CRE\ibcgjcbeckcdemelifnledhihpaighfk.crx [2013-07-09]
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
========================== Services (Whitelisted) =================
R2 a2AntiMalware; C:\Program Files\Emsisoft Anti-Malware\a2service.exe [4163584 2014-02-15] (Emsisoft GmbH)
R2 AntiVirSchedulerService; C:\Program Files\Avira\AntiVir Desktop\sched.exe [440400 2014-02-20] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [440400 2014-02-20] (Avira Operations GmbH & Co. KG)
R2 PnkBstrA; C:\Windows\system32\PnkBstrA.exe [76888 2014-05-09] ()
R2 Realtek11nSU; C:\Program Files\Realtek\11n USB Wireless LAN Utility\RtlService.exe [36864 2010-04-16] (Realtek)
==================== Drivers (Whitelisted) ====================
R3 a2acc; C:\PROGRAM FILES\EMSISOFT ANTI-MALWARE\a2accx86.sys [58200 2014-05-12] (Emsisoft GmbH)
R1 A2DDA; C:\Program Files\Emsisoft Anti-Malware\a2ddax86.sys [22056 2013-03-28] (Emsisoft GmbH)
R1 a2injectiondriver; C:\Program Files\Emsisoft Anti-Malware\a2dix86.sys [38248 2013-09-30] (Emsisoft GmbH)
R1 a2util; C:\Program Files\Emsisoft Anti-Malware\a2util32.sys [18552 2014-05-12] (Emsisoft GmbH)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [90400 2013-12-18] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [135648 2013-12-18] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [37352 2013-12-01] (Avira Operations GmbH & Co. KG)
R3 cleanhlp; C:\Program Files\Emsisoft Anti-Malware\cleanhlp32.sys [50200 2013-12-04] (Emsisoft GmbH)
R3 nusb3hub; C:\Windows\System32\DRIVERS\nusb3hub.sys [64904 2010-04-27] (Renesas Electronics Corporation)
R3 nusb3xhc; C:\Windows\System32\DRIVERS\nusb3xhc.sys [146568 2010-04-27] (Renesas Electronics Corporation)
R1 RrNetCapFilterDriver; C:\Windows\System32\DRIVERS\RrNetCapFilterDriver.sys [22184 2013-10-29] (Audials AG)
R1 ssmdrv; C:\Windows\System32\DRIVERS\ssmdrv.sys [28520 2013-07-09] (Avira GmbH)
R3 tbhsd; C:\Windows\System32\drivers\tbhsd.sys [39048 2013-03-07] (RapidSolution Software AG)
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2014-06-02 17:02 - 2014-06-02 17:02 - 00018551 _____ () C:\Users\kebin\Downloads\FRST.txt
2014-06-02 17:01 - 2014-06-02 17:02 - 00000000 ____D () C:\FRST
2014-06-02 17:01 - 2014-06-02 17:01 - 01058304 _____ (Farbar) C:\Users\kebin\Downloads\FRST.exe
2014-06-02 16:30 - 2014-06-02 16:30 - 00429673 _____ () C:\Users\kebin\Downloads\Anhänge_201462.zip
2014-06-02 16:30 - 2014-06-02 16:30 - 00429673 _____ () C:\Users\kebin\Downloads\Anhänge_201462 (1).zip
2014-06-02 15:38 - 2014-06-02 15:38 - 00001053 _____ () C:\Users\Public\Desktop\Emsisoft Anti-Malware.lnk
2014-06-02 15:38 - 2014-06-02 15:38 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Emsisoft Anti-Malware
2014-06-02 15:36 - 2014-06-02 16:51 - 00000000 ____D () C:\Program Files\Emsisoft Anti-Malware
2014-06-02 15:36 - 2014-06-02 15:36 - 00000000 ____D () C:\Users\kebin\Documents\Anti-Malware
2014-06-02 15:31 - 2014-06-02 15:35 - 232891856 _____ (Emsisoft GmbH ) C:\Users\kebin\Downloads\EmsisoftAntiMalwareSetup.exe
2014-06-02 15:31 - 2014-06-02 15:31 - 00602112 _____ (OldTimer Tools) C:\Users\kebin\Downloads\OTL.exe
2014-05-14 22:03 - 2014-05-14 22:03 - 00000000 ____D () C:\Program Files\Common Files\DESIGNER
2014-05-14 22:00 - 2014-05-06 05:25 - 17382912 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-05-14 22:00 - 2014-05-06 05:07 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-05-14 22:00 - 2014-05-06 04:10 - 00069632 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-05-14 17:33 - 2014-05-09 09:06 - 00369664 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-05-14 17:33 - 2014-05-09 09:04 - 00302592 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-05-14 17:32 - 2014-04-12 04:15 - 00136640 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2014-05-14 17:32 - 2014-04-12 04:15 - 00067520 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2014-05-14 17:32 - 2014-04-12 04:12 - 00100352 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2014-05-14 17:32 - 2014-04-12 04:12 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2014-05-14 17:32 - 2014-04-12 04:12 - 00015872 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2014-05-14 17:32 - 2014-04-12 04:11 - 01059840 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-05-14 17:32 - 2014-04-12 04:11 - 00022528 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2014-05-14 17:32 - 2014-03-25 04:09 - 12874240 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2014-05-14 17:32 - 2014-03-04 11:20 - 03969984 _____ (Microsoft Corporation) C:\Windows\system32\ntkrnlpa.exe
2014-05-14 17:32 - 2014-03-04 11:20 - 03914176 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2014-05-14 17:32 - 2014-03-04 11:17 - 00550912 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-05-14 17:32 - 2014-03-04 11:17 - 00538112 _____ (Microsoft Corporation) C:\Windows\system32\objsel.dll
2014-05-14 17:32 - 2014-03-04 11:17 - 00304128 _____ (Microsoft Corporation) C:\Windows\system32\winlogon.exe
2014-05-14 17:32 - 2014-03-04 11:17 - 00293376 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2014-05-14 17:32 - 2014-03-04 11:17 - 00259584 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2014-05-14 17:32 - 2014-03-04 11:17 - 00247808 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2014-05-14 17:32 - 2014-03-04 11:17 - 00172032 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2014-05-14 17:32 - 2014-03-04 11:17 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2014-05-14 17:32 - 2014-03-04 11:17 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\cngprovider.dll
2014-05-14 17:32 - 2014-03-04 11:17 - 00049664 _____ (Microsoft Corporation) C:\Windows\system32\adprovider.dll
2014-05-14 17:32 - 2014-03-04 11:17 - 00048128 _____ (Microsoft Corporation) C:\Windows\system32\capiprovider.dll
2014-05-14 17:32 - 2014-03-04 11:17 - 00047616 _____ (Microsoft Corporation) C:\Windows\system32\dpapiprovider.dll
2014-05-14 17:32 - 2014-03-04 11:17 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\dimsroam.dll
2014-05-14 17:32 - 2014-03-04 11:17 - 00035328 _____ (Microsoft Corporation) C:\Windows\system32\wincredprovider.dll
2014-05-14 17:32 - 2014-03-04 11:17 - 00017408 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2014-05-12 17:39 - 2014-05-12 17:39 - 00000213 _____ () C:\Users\kebin\Desktop\Counter-Strike Global Offensive.url
2014-05-11 18:33 - 2014-05-11 18:33 - 00000000 ____D () C:\Users\kebin\Documents\7 Days To Die
2014-05-11 12:59 - 2014-05-11 12:59 - 00208780 _____ () C:\Users\kebin\Downloads\USAIP (1).pbk
2014-05-11 11:04 - 2014-05-11 11:06 - 42001384 _____ () C:\Users\kebin\Downloads\1.5+MeineKraft+Honeyball.zip
2014-05-11 11:00 - 2014-05-11 11:00 - 00675988 _____ () C:\Users\kebin\Downloads\Minecraft (2).exe
2014-05-09 21:01 - 2014-05-09 21:01 - 03822544 _____ () C:\Users\kebin\Downloads\battlelog-web-plugins_2.3.2_134.exe
2014-05-06 21:48 - 2014-05-15 13:08 - 00000000 ___SD () C:\Windows\system32\CompatTel
==================== One Month Modified Files and Folders =======
2014-06-02 17:02 - 2014-06-02 17:02 - 00018551 _____ () C:\Users\kebin\Downloads\FRST.txt
2014-06-02 17:02 - 2014-06-02 17:01 - 00000000 ____D () C:\FRST
2014-06-02 17:02 - 2013-03-08 21:06 - 00000000 ____D () C:\Users\kebin\AppData\Local\Temp
2014-06-02 17:01 - 2014-06-02 17:01 - 01058304 _____ (Farbar) C:\Users\kebin\Downloads\FRST.exe
2014-06-02 16:54 - 2013-07-07 16:59 - 00000000 ____D () C:\Users\kebin\Desktop\SPIELE
2014-06-02 16:51 - 2014-06-02 15:36 - 00000000 ____D () C:\Program Files\Emsisoft Anti-Malware
2014-06-02 16:42 - 2013-05-14 18:04 - 00000000 ____D () C:\Users\kebin\Documents\My Games
2014-06-02 16:41 - 2013-07-25 14:27 - 00000000 ____D () C:\Program Files\R.G. Mechanics
2014-06-02 16:40 - 2013-07-09 15:55 - 00001096 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-06-02 16:39 - 2014-04-27 16:09 - 00000282 _____ () C:\Windows\Tasks\FF Watcher {4ABDC18F-3611-40F6-9256-60C9A1E18F9B}.job
2014-06-02 16:39 - 2013-07-16 16:40 - 00000000 ____D () C:\Program Files\Common Files\DVDVideoSoft
2014-06-02 16:39 - 2013-05-14 17:50 - 00000000 ____D () C:\Users\kebin\AppData\Roaming\DVDVideoSoft
2014-06-02 16:30 - 2014-06-02 16:30 - 00429673 _____ () C:\Users\kebin\Downloads\Anhänge_201462.zip
2014-06-02 16:30 - 2014-06-02 16:30 - 00429673 _____ () C:\Users\kebin\Downloads\Anhänge_201462 (1).zip
2014-06-02 16:29 - 2013-11-13 18:56 - 00000000 ____D () C:\Users\kebin\Documents\W-Seminar
2014-06-02 16:01 - 2013-03-08 21:11 - 01618320 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-06-02 15:38 - 2014-06-02 15:38 - 00001053 _____ () C:\Users\Public\Desktop\Emsisoft Anti-Malware.lnk
2014-06-02 15:38 - 2014-06-02 15:38 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Emsisoft Anti-Malware
2014-06-02 15:36 - 2014-06-02 15:36 - 00000000 ____D () C:\Users\kebin\Documents\Anti-Malware
2014-06-02 15:35 - 2014-06-02 15:31 - 232891856 _____ (Emsisoft GmbH ) C:\Users\kebin\Downloads\EmsisoftAntiMalwareSetup.exe
2014-06-02 15:31 - 2014-06-02 15:31 - 00602112 _____ (OldTimer Tools) C:\Users\kebin\Downloads\OTL.exe
2014-06-02 14:40 - 2013-03-08 21:01 - 01345542 _____ () C:\Windows\WindowsUpdate.log
2014-06-02 14:04 - 2014-01-13 18:33 - 00000000 ____D () C:\Users\kebin\AppData\Local\PMB Files
2014-06-02 14:04 - 2014-01-13 18:33 - 00000000 ____D () C:\ProgramData\PMB Files
2014-06-02 13:40 - 2013-07-09 15:55 - 00001092 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-06-02 13:12 - 2009-07-14 06:34 - 00009696 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-06-02 13:12 - 2009-07-14 06:34 - 00009696 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-06-02 13:05 - 2013-07-07 09:34 - 00000436 _____ () C:\Windows\system32\Drivers\etc\hosts.ics
2014-06-02 13:04 - 2013-11-02 13:15 - 00028475 _____ () C:\Windows\setupact.log
2014-06-02 13:04 - 2009-07-14 06:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-05-31 20:11 - 2013-12-08 15:31 - 00000000 ____D () C:\Users\kebin\Documents\Deutsch
2014-05-30 19:38 - 2014-01-16 21:45 - 00000000 ____D () C:\Users\kebin\AppData\Roaming\TS3Client
2014-05-29 18:45 - 2013-10-22 18:12 - 00000000 ____D () C:\Users\kebin\Downloads\n01_019
2014-05-23 20:53 - 2013-03-09 13:44 - 00000000 ____D () C:\Users\kebin\AppData\Roaming\Spotify
2014-05-23 19:08 - 2013-04-09 14:08 - 00000000 ____D () C:\Users\kebin\AppData\Roaming\Skype
2014-05-21 16:55 - 2013-07-09 15:55 - 00002121 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-05-16 22:31 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\rescache
2014-05-15 18:46 - 2013-04-07 18:37 - 00000000 ____D () C:\Program Files\Steam
2014-05-15 13:48 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\Microsoft.NET
2014-05-15 13:08 - 2014-05-06 21:48 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-05-15 13:08 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\system32\de-DE
2014-05-14 22:10 - 2013-08-14 19:23 - 00000000 ____D () C:\Windows\system32\MRT
2014-05-14 22:03 - 2014-05-14 22:03 - 00000000 ____D () C:\Program Files\Common Files\DESIGNER
2014-05-14 22:03 - 2013-07-17 15:37 - 90547776 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-05-14 22:03 - 2013-04-11 20:34 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-05-12 17:39 - 2014-05-12 17:39 - 00000213 _____ () C:\Users\kebin\Desktop\Counter-Strike Global Offensive.url
2014-05-11 18:33 - 2014-05-11 18:33 - 00000000 ____D () C:\Users\kebin\Documents\7 Days To Die
2014-05-11 12:59 - 2014-05-11 12:59 - 00208780 _____ () C:\Users\kebin\Downloads\USAIP (1).pbk
2014-05-11 12:18 - 2013-04-24 19:41 - 00000000 ____D () C:\Users\kebin\AppData\Roaming\.minecraft
2014-05-11 11:06 - 2014-05-11 11:04 - 42001384 _____ () C:\Users\kebin\Downloads\1.5+MeineKraft+Honeyball.zip
2014-05-11 11:00 - 2014-05-11 11:00 - 00675988 _____ () C:\Users\kebin\Downloads\Minecraft (2).exe
2014-05-10 13:44 - 2013-03-09 13:44 - 00000000 ____D () C:\Users\kebin\AppData\Local\Spotify
2014-05-09 21:03 - 2013-06-30 15:00 - 00290184 _____ () C:\Windows\system32\PnkBstrB.xtr
2014-05-09 21:03 - 2013-06-29 12:59 - 00290184 _____ () C:\Windows\system32\PnkBstrB.exe
2014-05-09 21:03 - 2013-06-29 12:59 - 00139032 _____ () C:\Windows\system32\Drivers\PnkBstrK.sys
2014-05-09 21:02 - 2013-06-29 12:59 - 00280904 _____ () C:\Windows\system32\PnkBstrB.ex0
2014-05-09 21:01 - 2014-05-09 21:01 - 03822544 _____ () C:\Users\kebin\Downloads\battlelog-web-plugins_2.3.2_134.exe
2014-05-09 21:01 - 2013-06-30 14:59 - 00000000 ____D () C:\Program Files\Battlelog Web Plugins
2014-05-09 19:40 - 2013-06-29 12:59 - 00076888 _____ () C:\Windows\system32\PnkBstrA.exe
2014-05-09 19:36 - 2013-06-29 12:09 - 00000000 ____D () C:\ProgramData\Origin
2014-05-09 19:36 - 2013-06-29 12:09 - 00000000 ____D () C:\Program Files\Origin
2014-05-09 09:06 - 2014-05-14 17:33 - 00369664 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-05-09 09:04 - 2014-05-14 17:33 - 00302592 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-05-08 16:38 - 2014-05-02 12:51 - 00000000 ____D () C:\Users\kebin\Documents\Sozialkunde
2014-05-08 13:36 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\system32\NDF
2014-05-06 17:35 - 2013-10-17 19:57 - 00000000 ____D () C:\Users\kebin\AppData\Local\Windows Live
2014-05-06 05:25 - 2014-05-14 22:00 - 17382912 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-05-06 05:07 - 2014-05-14 22:00 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-05-06 04:10 - 2014-05-14 22:00 - 00069632 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
Files to move or delete:
====================
C:\Users\kebin\AppData\Roaming\Camdata.ini
C:\Users\kebin\AppData\Roaming\CamLayout.ini
C:\Users\kebin\AppData\Roaming\CamShapes.ini
Some content of TEMP:
====================
C:\Users\Gast.kebin-PC\AppData\Local\Temp\avgnt.exe
C:\Users\kebin\AppData\Local\Temp\avgnt.exe
C:\Users\kebin\AppData\Local\Temp\i4jdel0.exe
C:\Users\kebin\AppData\Local\Temp\javagiac0.5293851001103334.dll
C:\Users\kebin\AppData\Local\Temp\nsk196A.exe
C:\Users\kebin\AppData\Local\Temp\nsk1F36.exe
C:\Users\kebin\AppData\Local\Temp\nskE4B0.exe
C:\Users\kebin\AppData\Local\Temp\nspE210.exe
C:\Users\kebin\AppData\Local\Temp\nstBEE7.exe
C:\Users\kebin\AppData\Local\Temp\nsu1C67.exe
C:\Users\kebin\AppData\Local\Temp\nszDF41.exe
C:\Users\kebin\AppData\Local\Temp\SIInvoker.exe
C:\Users\kebin\AppData\Local\Temp\SkypeSetup.exe
C:\Users\kebin\AppData\Local\Temp\sonarinst.exe
C:\Users\kebin\AppData\Local\Temp\swt-win32-3349.dll
C:\Users\kebin\AppData\Local\Temp\v-bates.exe
==================== Bamital & volsnap Check =================
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\system32\winlogon.exe => MD5 is legit
C:\Windows\system32\wininit.exe => MD5 is legit
C:\Windows\system32\svchost.exe => MD5 is legit
C:\Windows\system32\services.exe => MD5 is legit
C:\Windows\system32\User32.dll => MD5 is legit
C:\Windows\system32\userinit.exe => MD5 is legit
C:\Windows\system32\rpcss.dll => MD5 is legit
C:\Windows\system32\Drivers\volsnap.sys => MD5 is legit
LastRegBack: 2014-06-01 22:11
==================== End Of Log ============================
-------------- Addition.txt Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:01-06-2014 01
Ran by kebin (administrator) on KEBIN-PC on 02-06-2014 17:02:21
Running from C:\Users\kebin\Downloads
Platform: Microsoft Windows 7 Home Premium Service Pack 1 (X86) OS Language: German Standard
Internet Explorer Version 11
Boot Mode: Normal
The only official download link for FRST:
Download link for 32-Bit version: hxxp://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: hxxp://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avguard.exe
() C:\Windows\System32\PnkBstrA.exe
(Realtek) C:\Program Files\Realtek\11n USB Wireless LAN Utility\RtlService.exe
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
(Renesas Electronics Corporation) C:\Program Files\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
(SAMSUNG ELECTRONICS) C:\Program Files\Samsung\Samsung Media Studio 5\SMSTray.exe
(Advanced Micro Devices Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(ATI Technologies Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Realtek Semiconductor Corp.) C:\Program Files\Realtek\11n USB Wireless LAN Utility\RtWLan.exe
(Microsoft Corporation) C:\Windows\System32\wuauclt.exe
(Emsisoft GmbH) C:\Program Files\Emsisoft Anti-Malware\a2service.exe
(Emsisoft GmbH) C:\Program Files\Emsisoft Anti-Malware\a2guard.exe
(Emsisoft GmbH) C:\Program Files\Emsisoft Anti-Malware\a2start.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [NUSB3MON] => C:\Program Files\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe [113288 2010-04-27] (Renesas Electronics Corporation)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [9288296 2010-06-14] (Realtek Semiconductor)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [946352 2012-12-18] (Adobe Systems Incorporated)
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [253816 2013-03-12] (Oracle Corporation)
HKLM\...\Run: [avgnt] => C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [689744 2014-02-20] (Avira Operations GmbH & Co. KG)
HKLM\...\Run: [SMSTray] => C:\Program Files\Samsung\Samsung Media Studio 5\SMSTray.exe [132624 2007-12-14] (SAMSUNG ELECTRONICS)
HKLM\...\Run: [StartCCC] => C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [642656 2013-03-28] (Advanced Micro Devices, Inc.)
HKLM\...\Run: [HP Software Update] => C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe [49208 2011-03-24] (Hewlett-Packard)
HKLM\...\Run: [] => [X]
HKLM\...\Run: [emsisoft anti-malware] => c:\program files\emsisoft anti-malware\a2guard.exe [4330432 2014-02-15] (Emsisoft GmbH)
HKU\.DEFAULT\...\RunOnce: [SPReview] - C:\Windows\System32\SPReview\SPReview.exe [280576 2013-03-20] (Microsoft Corporation)
HKU\S-1-5-21-3919152501-1714073753-3578707811-1000\...\Run: [] => [X]
HKU\S-1-5-21-3919152501-1714073753-3578707811-1000\...\Run: [Spotify Web Helper] => C:\Users\kebin\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1171000 2014-04-16] (Spotify Ltd)
HKU\S-1-5-21-3919152501-1714073753-3578707811-1000\...\Run: [CPU_Control] => C:\Program Files\CPU-Control\CPU_Control.exe [1034240 2009-01-04] ()
HKU\S-1-5-21-3919152501-1714073753-3578707811-1000\...\Run: [DAEMON Tools Lite] => "C:\Program Files\DAEMON Tools Lite\DTLite.exe" -autorun
HKU\S-1-5-21-3919152501-1714073753-3578707811-1000\...\MountPoints2: I - I:\Setup.exe
HKU\S-1-5-21-3919152501-1714073753-3578707811-1000\...\MountPoints2: {7c3722b3-bc8b-11e2-ae42-c93ad4f53fab} - I:\INSTALL.EXE
HKU\S-1-5-21-3919152501-1714073753-3578707811-1000\...\MountPoints2: {b34471aa-f51d-11e2-9a3c-6c626d8af7c3} - I:\setup.exe
HKU\S-1-5-21-3919152501-1714073753-3578707811-1000\...\MountPoints2: {d20c0b20-c6a5-11e2-b23d-aad8909b5fad} - I:\INSTALL.EXE
Startup: C:\Users\kebin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk
ShortcutTarget: OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk -> C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
Startup: C:\Users\kebin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.4.1.lnk
ShortcutTarget: OpenOffice.org 3.4.1.lnk -> C:\Program Files\OpenOffice.org 3\program\quickstart.exe ()
==================== Internet (Whitelisted) ====================
ProxyServer: 95.211.129.32:3128
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://feed.snapdo.com/?publisher=VertiTechnologyYB&dpid=VertiTechnologyYB&co=DE&userid=67df9fbc-4fcc-49d5-9d21-2130fbe62346&searchtype=ds&q={searchTerms}&installDate=01/01/1970
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.golsearch.com/?babsrc=HP_ss_Btisdt6&mntrId=D2636C626D8AF7C3&affID=121564&tt=160713_9127&tsp=4946
HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://feed.snapdo.com/?publisher=VertiTechnologyYB&dpid=VertiTechnologyYB&co=DE&userid=67df9fbc-4fcc-49d5-9d21-2130fbe62346&searchtype=ds&q={searchTerms}&installDate=01/01/1970
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.qvo6.com/?utm_source=b&utm_medium=vtt&from=vtt&uid=WDCXWD15EARS-00MVWB0_WD-WMAZA083549035490&ts=1373376527
HKCU\Software\Microsoft\Internet Explorer\Main,bProtector Start Page = hxxp://www1.delta-search.com/?babsrc=HP_ss&mntrId=D2636C626D8AF7C3&affID=120517&tt=160713_9127&tsp=4945
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.qvo6.com/?utm_source=b&utm_medium=vtt&from=vtt&uid=WDCXWD15EARS-00MVWB0_WD-WMAZA083549035490&ts=1373376527
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.qvo6.com/?utm_source=b&utm_medium=vtt&from=vtt&uid=WDCXWD15EARS-00MVWB0_WD-WMAZA083549035490&ts=1373376527
StartMenuInternet: IEXPLORE.EXE - C:\Program Files\Internet Explorer\iexplore.exe hxxp://www.qvo6.com/?utm_source=b&utm_medium=vtt&from=vtt&uid=WDCXWD15EARS-00MVWB0_WD-WMAZA083549035490&ts=1373373982
SearchScopes: HKLM - DefaultScope {6EE4760F-2013-4BA5-BC1C-AC5D33C65EFA} URL =
SearchScopes: HKLM - {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = hxxp://feed.snapdo.com/?publisher=VertiTechnologyYB&dpid=VertiTechnologyYB&co=DE&userid=67df9fbc-4fcc-49d5-9d21-2130fbe62346&searchtype=ds&q={searchTerms}&installDate=01/01/1970
SearchScopes: HKCU - DefaultScope {6EE4760F-2013-4BA5-BC1C-AC5D33C65EFA} URL = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3311268&CUI=UN14762058129427503&UM=2
SearchScopes: HKCU - bProtectorDefaultScope {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
SearchScopes: HKCU - {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = hxxp://www.enhanced-search.com/?q={searchTerms}&babsrc=SP_ss_mib2&mntrId=D2636C626D8AF7C3&affID=121564&tt=160713_9127&tsp=4946
SearchScopes: HKCU - {6EE4760F-2013-4BA5-BC1C-AC5D33C65EFA} URL = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3311268&CUI=UN14762058129427503&UM=2
BHO: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO: No Name - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - No File
Toolbar: HKLM - No Name - {ae07101b-46d4-4a98-af68-0333ea26e113} - No File
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
ShellExecuteHooks: ShellHook Class - {88485281-8b4b-4f8d-9ede-82e29a064277} - C:\Program Files\MarkAny\ContentSafer\MACSMANAGER.dll [192512 2004-11-23] (MarkAny Cooperation.)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1
Tcpip\..\Interfaces\{26A623EB-0DB5-4189-B290-E65C1726041A}: [NameServer]192.169.137.1
FireFox:
========
FF ProfilePath: C:\Users\kebin\AppData\Roaming\Mozilla\Firefox\Profiles\olbrdq18.default
FF DefaultSearchEngine: Conduit Search
FF SelectedSearchEngine: Conduit Search
FF Homepage: hxxp://www.golsearch.com/?babsrc=HP_ss_Btisdt6&mntrId=D2636C626D8AF7C3&affID=121564&tt=160713_9127&tsp=4946
FF Keyword.URL: hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3311268&SearchSource=2&CUI=UN38072101937782320&UM=2&q=
FF NewTab: about:newtab
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_11_9_900_117.dll ()
FF Plugin: @esn.me/esnsonar,version=0.70.4 - C:\Program Files\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll (ESN Social Software AB)
FF Plugin: @esn/esnlaunch,version=2.3.0 - C:\Program Files\Battlelog Web Plugins\2.3.0\npesnlaunch.dll (ESN Social Software AB)
FF Plugin: @esn/npbattlelog,version=2.3.2 - C:\Program Files\Battlelog Web Plugins\2.3.2\npbattlelog.dll (EA Digital Illusions CE AB)
FF Plugin: @java.com/DTPlugin,version=10.21.2 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.21.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/WLPG,version=16.4.3508.0205 - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @nokia.com/EnablerPlugin - C:\Program Files\Nokia\Nokia Suite\npNokiaSuiteEnabler.dll ( )
FF Plugin: @pandonetworks.com/PandoWebPlugin - C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: electronicarts.com/GameFacePlugin - C:\Users\kebin\AppData\Roaming\Electronic Arts\Game Face\npGameFacePlugin.dll (Electronic Arts)
FF Plugin HKCU: pandonetworks.com/PandoWebPlugin - C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF Plugin HKCU: ubisoft.com/uplaypc - C:\Program Files\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll ()
FF user.js: detected! => C:\Users\kebin\AppData\Roaming\Mozilla\Firefox\Profiles\olbrdq18.default\user.js
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: No Name - C:\Users\kebin\AppData\Roaming\Mozilla\Firefox\profiles\extensions\extensions [2013-07-09]
FF Extension: FTdownloader V3.0 - C:\Users\kebin\AppData\Roaming\Mozilla\Firefox\profiles\extensions\ftdownloader3@ftdownloader.com.xpi [2013-04-11]
FF Extension: Plus-HD-4.5 - C:\Users\kebin\AppData\Roaming\Mozilla\Firefox\Profiles\olbrdq18.default\Extensions\a892fa08-2d07-49e8-adce-f650222629ca@82592752-c212-4885-b999-cb2a1d2f9d09.com [2014-04-23]
FF Extension: WhiteSmoke New V6 - C:\Users\kebin\AppData\Roaming\Mozilla\Firefox\Profiles\olbrdq18.default\Extensions\{da7f5ae1-3be3-43c0-8098-c1d183616e97} [2014-04-16]
FF HKLM\...\Firefox\Extensions: [{21EAF666-26B3-4a3c-ABD0-CA2F5A326744}] - C:\Program Files\V-bates\Firefox
FF HKCU\...\Firefox\Extensions: [{5a95a9e0-59dd-4314-bd84-4d18ca83a0e2}] - C:\Program Files\Wajam\Firefox\{5a95a9e0-59dd-4314-bd84-4d18ca83a0e2}.xpi
Chrome:
=======
CHR HomePage: hxxp://search.conduit.com/?ctid=CT3311268&SearchSource=48&CUI=UN29504919652995354&UM=2&UP=SP227CA280-2830-4C9A-BC80-F19CEDB88F74&SSPV=
CHR Plugin: (Shockwave Flash) - C:\Program Files\Google\Chrome\Application\35.0.1916.114\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files\Google\Chrome\Application\35.0.1916.114\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files\Google\Chrome\Application\35.0.1916.114\pdf.dll ()
CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Reader 11.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (ESN Launch Mozilla Plugin) - C:\Program Files\Battlelog Web Plugins\2.1.7\npesnlaunch.dll No File
CHR Plugin: (ESN Sonar API) - C:\Program Files\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll (ESN Social Software AB)
CHR Plugin: (Google Update) - C:\Program Files\Google\Update\1.3.21.149\npGoogleUpdate3.dll No File
CHR Plugin: (Java(TM) Platform SE 7 U21) - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
CHR Plugin: (Nokia Suite Enabler Plugin) - C:\Program Files\Nokia\Nokia Suite\npNokiaSuiteEnabler.dll ( )
CHR Plugin: (Shockwave Flash) - C:\Windows\system32\Macromed\Flash\NPSWF32_11_6_602_171.dll No File
CHR Plugin: (Java Deployment Toolkit 7.0.210.11) - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
CHR Extension: (ProxFlow) - C:\Users\kebin\AppData\Local\Google\Chrome\User Data\Default\Extensions\aakchaleigkohafkfjfjbblobjifikek [2013-11-10]
CHR Extension: (Google Drive) - C:\Users\kebin\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-07-09]
CHR Extension: (YouTube) - C:\Users\kebin\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-07-09]
CHR Extension: (Google-Suche) - C:\Users\kebin\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-07-09]
CHR Extension: (AdBlock) - C:\Users\kebin\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2013-08-09]
CHR Extension: (Google Wallet) - C:\Users\kebin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-22]
CHR Extension: (Google Mail) - C:\Users\kebin\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-07-09]
CHR HKLM\...\Chrome\Extension: [ibcgjcbeckcdemelifnledhihpaighfk] - C:\Users\kebin\AppData\Local\CRE\ibcgjcbeckcdemelifnledhihpaighfk.crx [2013-07-09]
CHR HKCU\...\Chrome\Extension: [ibcgjcbeckcdemelifnledhihpaighfk] - C:\Users\kebin\AppData\Local\CRE\ibcgjcbeckcdemelifnledhihpaighfk.crx [2013-07-09]
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
========================== Services (Whitelisted) =================
R2 a2AntiMalware; C:\Program Files\Emsisoft Anti-Malware\a2service.exe [4163584 2014-02-15] (Emsisoft GmbH)
R2 AntiVirSchedulerService; C:\Program Files\Avira\AntiVir Desktop\sched.exe [440400 2014-02-20] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [440400 2014-02-20] (Avira Operations GmbH & Co. KG)
R2 PnkBstrA; C:\Windows\system32\PnkBstrA.exe [76888 2014-05-09] ()
R2 Realtek11nSU; C:\Program Files\Realtek\11n USB Wireless LAN Utility\RtlService.exe [36864 2010-04-16] (Realtek)
==================== Drivers (Whitelisted) ====================
R3 a2acc; C:\PROGRAM FILES\EMSISOFT ANTI-MALWARE\a2accx86.sys [58200 2014-05-12] (Emsisoft GmbH)
R1 A2DDA; C:\Program Files\Emsisoft Anti-Malware\a2ddax86.sys [22056 2013-03-28] (Emsisoft GmbH)
R1 a2injectiondriver; C:\Program Files\Emsisoft Anti-Malware\a2dix86.sys [38248 2013-09-30] (Emsisoft GmbH)
R1 a2util; C:\Program Files\Emsisoft Anti-Malware\a2util32.sys [18552 2014-05-12] (Emsisoft GmbH)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [90400 2013-12-18] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [135648 2013-12-18] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [37352 2013-12-01] (Avira Operations GmbH & Co. KG)
R3 cleanhlp; C:\Program Files\Emsisoft Anti-Malware\cleanhlp32.sys [50200 2013-12-04] (Emsisoft GmbH)
R3 nusb3hub; C:\Windows\System32\DRIVERS\nusb3hub.sys [64904 2010-04-27] (Renesas Electronics Corporation)
R3 nusb3xhc; C:\Windows\System32\DRIVERS\nusb3xhc.sys [146568 2010-04-27] (Renesas Electronics Corporation)
R1 RrNetCapFilterDriver; C:\Windows\System32\DRIVERS\RrNetCapFilterDriver.sys [22184 2013-10-29] (Audials AG)
R1 ssmdrv; C:\Windows\System32\DRIVERS\ssmdrv.sys [28520 2013-07-09] (Avira GmbH)
R3 tbhsd; C:\Windows\System32\drivers\tbhsd.sys [39048 2013-03-07] (RapidSolution Software AG)
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2014-06-02 17:02 - 2014-06-02 17:02 - 00018551 _____ () C:\Users\kebin\Downloads\FRST.txt
2014-06-02 17:01 - 2014-06-02 17:02 - 00000000 ____D () C:\FRST
2014-06-02 17:01 - 2014-06-02 17:01 - 01058304 _____ (Farbar) C:\Users\kebin\Downloads\FRST.exe
2014-06-02 16:30 - 2014-06-02 16:30 - 00429673 _____ () C:\Users\kebin\Downloads\Anhänge_201462.zip
2014-06-02 16:30 - 2014-06-02 16:30 - 00429673 _____ () C:\Users\kebin\Downloads\Anhänge_201462 (1).zip
2014-06-02 15:38 - 2014-06-02 15:38 - 00001053 _____ () C:\Users\Public\Desktop\Emsisoft Anti-Malware.lnk
2014-06-02 15:38 - 2014-06-02 15:38 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Emsisoft Anti-Malware
2014-06-02 15:36 - 2014-06-02 16:51 - 00000000 ____D () C:\Program Files\Emsisoft Anti-Malware
2014-06-02 15:36 - 2014-06-02 15:36 - 00000000 ____D () C:\Users\kebin\Documents\Anti-Malware
2014-06-02 15:31 - 2014-06-02 15:35 - 232891856 _____ (Emsisoft GmbH ) C:\Users\kebin\Downloads\EmsisoftAntiMalwareSetup.exe
2014-06-02 15:31 - 2014-06-02 15:31 - 00602112 _____ (OldTimer Tools) C:\Users\kebin\Downloads\OTL.exe
2014-05-14 22:03 - 2014-05-14 22:03 - 00000000 ____D () C:\Program Files\Common Files\DESIGNER
2014-05-14 22:00 - 2014-05-06 05:25 - 17382912 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-05-14 22:00 - 2014-05-06 05:07 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-05-14 22:00 - 2014-05-06 04:10 - 00069632 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-05-14 17:33 - 2014-05-09 09:06 - 00369664 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-05-14 17:33 - 2014-05-09 09:04 - 00302592 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-05-14 17:32 - 2014-04-12 04:15 - 00136640 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2014-05-14 17:32 - 2014-04-12 04:15 - 00067520 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2014-05-14 17:32 - 2014-04-12 04:12 - 00100352 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2014-05-14 17:32 - 2014-04-12 04:12 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2014-05-14 17:32 - 2014-04-12 04:12 - 00015872 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2014-05-14 17:32 - 2014-04-12 04:11 - 01059840 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-05-14 17:32 - 2014-04-12 04:11 - 00022528 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2014-05-14 17:32 - 2014-03-25 04:09 - 12874240 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2014-05-14 17:32 - 2014-03-04 11:20 - 03969984 _____ (Microsoft Corporation) C:\Windows\system32\ntkrnlpa.exe
2014-05-14 17:32 - 2014-03-04 11:20 - 03914176 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2014-05-14 17:32 - 2014-03-04 11:17 - 00550912 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-05-14 17:32 - 2014-03-04 11:17 - 00538112 _____ (Microsoft Corporation) C:\Windows\system32\objsel.dll
2014-05-14 17:32 - 2014-03-04 11:17 - 00304128 _____ (Microsoft Corporation) C:\Windows\system32\winlogon.exe
2014-05-14 17:32 - 2014-03-04 11:17 - 00293376 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2014-05-14 17:32 - 2014-03-04 11:17 - 00259584 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2014-05-14 17:32 - 2014-03-04 11:17 - 00247808 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2014-05-14 17:32 - 2014-03-04 11:17 - 00172032 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2014-05-14 17:32 - 2014-03-04 11:17 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2014-05-14 17:32 - 2014-03-04 11:17 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\cngprovider.dll
2014-05-14 17:32 - 2014-03-04 11:17 - 00049664 _____ (Microsoft Corporation) C:\Windows\system32\adprovider.dll
2014-05-14 17:32 - 2014-03-04 11:17 - 00048128 _____ (Microsoft Corporation) C:\Windows\system32\capiprovider.dll
2014-05-14 17:32 - 2014-03-04 11:17 - 00047616 _____ (Microsoft Corporation) C:\Windows\system32\dpapiprovider.dll
2014-05-14 17:32 - 2014-03-04 11:17 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\dimsroam.dll
2014-05-14 17:32 - 2014-03-04 11:17 - 00035328 _____ (Microsoft Corporation) C:\Windows\system32\wincredprovider.dll
2014-05-14 17:32 - 2014-03-04 11:17 - 00017408 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2014-05-12 17:39 - 2014-05-12 17:39 - 00000213 _____ () C:\Users\kebin\Desktop\Counter-Strike Global Offensive.url
2014-05-11 18:33 - 2014-05-11 18:33 - 00000000 ____D () C:\Users\kebin\Documents\7 Days To Die
2014-05-11 12:59 - 2014-05-11 12:59 - 00208780 _____ () C:\Users\kebin\Downloads\USAIP (1).pbk
2014-05-11 11:04 - 2014-05-11 11:06 - 42001384 _____ () C:\Users\kebin\Downloads\1.5+MeineKraft+Honeyball.zip
2014-05-11 11:00 - 2014-05-11 11:00 - 00675988 _____ () C:\Users\kebin\Downloads\Minecraft (2).exe
2014-05-09 21:01 - 2014-05-09 21:01 - 03822544 _____ () C:\Users\kebin\Downloads\battlelog-web-plugins_2.3.2_134.exe
2014-05-06 21:48 - 2014-05-15 13:08 - 00000000 ___SD () C:\Windows\system32\CompatTel
==================== One Month Modified Files and Folders =======
2014-06-02 17:02 - 2014-06-02 17:02 - 00018551 _____ () C:\Users\kebin\Downloads\FRST.txt
2014-06-02 17:02 - 2014-06-02 17:01 - 00000000 ____D () C:\FRST
2014-06-02 17:02 - 2013-03-08 21:06 - 00000000 ____D () C:\Users\kebin\AppData\Local\Temp
2014-06-02 17:01 - 2014-06-02 17:01 - 01058304 _____ (Farbar) C:\Users\kebin\Downloads\FRST.exe
2014-06-02 16:54 - 2013-07-07 16:59 - 00000000 ____D () C:\Users\kebin\Desktop\SPIELE
2014-06-02 16:51 - 2014-06-02 15:36 - 00000000 ____D () C:\Program Files\Emsisoft Anti-Malware
2014-06-02 16:42 - 2013-05-14 18:04 - 00000000 ____D () C:\Users\kebin\Documents\My Games
2014-06-02 16:41 - 2013-07-25 14:27 - 00000000 ____D () C:\Program Files\R.G. Mechanics
2014-06-02 16:40 - 2013-07-09 15:55 - 00001096 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-06-02 16:39 - 2014-04-27 16:09 - 00000282 _____ () C:\Windows\Tasks\FF Watcher {4ABDC18F-3611-40F6-9256-60C9A1E18F9B}.job
2014-06-02 16:39 - 2013-07-16 16:40 - 00000000 ____D () C:\Program Files\Common Files\DVDVideoSoft
2014-06-02 16:39 - 2013-05-14 17:50 - 00000000 ____D () C:\Users\kebin\AppData\Roaming\DVDVideoSoft
2014-06-02 16:30 - 2014-06-02 16:30 - 00429673 _____ () C:\Users\kebin\Downloads\Anhänge_201462.zip
2014-06-02 16:30 - 2014-06-02 16:30 - 00429673 _____ () C:\Users\kebin\Downloads\Anhänge_201462 (1).zip
2014-06-02 16:29 - 2013-11-13 18:56 - 00000000 ____D () C:\Users\kebin\Documents\W-Seminar
2014-06-02 16:01 - 2013-03-08 21:11 - 01618320 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-06-02 15:38 - 2014-06-02 15:38 - 00001053 _____ () C:\Users\Public\Desktop\Emsisoft Anti-Malware.lnk
2014-06-02 15:38 - 2014-06-02 15:38 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Emsisoft Anti-Malware
2014-06-02 15:36 - 2014-06-02 15:36 - 00000000 ____D () C:\Users\kebin\Documents\Anti-Malware
2014-06-02 15:35 - 2014-06-02 15:31 - 232891856 _____ (Emsisoft GmbH ) C:\Users\kebin\Downloads\EmsisoftAntiMalwareSetup.exe
2014-06-02 15:31 - 2014-06-02 15:31 - 00602112 _____ (OldTimer Tools) C:\Users\kebin\Downloads\OTL.exe
2014-06-02 14:40 - 2013-03-08 21:01 - 01345542 _____ () C:\Windows\WindowsUpdate.log
2014-06-02 14:04 - 2014-01-13 18:33 - 00000000 ____D () C:\Users\kebin\AppData\Local\PMB Files
2014-06-02 14:04 - 2014-01-13 18:33 - 00000000 ____D () C:\ProgramData\PMB Files
2014-06-02 13:40 - 2013-07-09 15:55 - 00001092 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-06-02 13:12 - 2009-07-14 06:34 - 00009696 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-06-02 13:12 - 2009-07-14 06:34 - 00009696 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-06-02 13:05 - 2013-07-07 09:34 - 00000436 _____ () C:\Windows\system32\Drivers\etc\hosts.ics
2014-06-02 13:04 - 2013-11-02 13:15 - 00028475 _____ () C:\Windows\setupact.log
2014-06-02 13:04 - 2009-07-14 06:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-05-31 20:11 - 2013-12-08 15:31 - 00000000 ____D () C:\Users\kebin\Documents\Deutsch
2014-05-30 19:38 - 2014-01-16 21:45 - 00000000 ____D () C:\Users\kebin\AppData\Roaming\TS3Client
2014-05-29 18:45 - 2013-10-22 18:12 - 00000000 ____D () C:\Users\kebin\Downloads\n01_019
2014-05-23 20:53 - 2013-03-09 13:44 - 00000000 ____D () C:\Users\kebin\AppData\Roaming\Spotify
2014-05-23 19:08 - 2013-04-09 14:08 - 00000000 ____D () C:\Users\kebin\AppData\Roaming\Skype
2014-05-21 16:55 - 2013-07-09 15:55 - 00002121 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-05-16 22:31 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\rescache
2014-05-15 18:46 - 2013-04-07 18:37 - 00000000 ____D () C:\Program Files\Steam
2014-05-15 13:48 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\Microsoft.NET
2014-05-15 13:08 - 2014-05-06 21:48 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-05-15 13:08 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\system32\de-DE
2014-05-14 22:10 - 2013-08-14 19:23 - 00000000 ____D () C:\Windows\system32\MRT
2014-05-14 22:03 - 2014-05-14 22:03 - 00000000 ____D () C:\Program Files\Common Files\DESIGNER
2014-05-14 22:03 - 2013-07-17 15:37 - 90547776 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-05-14 22:03 - 2013-04-11 20:34 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-05-12 17:39 - 2014-05-12 17:39 - 00000213 _____ () C:\Users\kebin\Desktop\Counter-Strike Global Offensive.url
2014-05-11 18:33 - 2014-05-11 18:33 - 00000000 ____D () C:\Users\kebin\Documents\7 Days To Die
2014-05-11 12:59 - 2014-05-11 12:59 - 00208780 _____ () C:\Users\kebin\Downloads\USAIP (1).pbk
2014-05-11 12:18 - 2013-04-24 19:41 - 00000000 ____D () C:\Users\kebin\AppData\Roaming\.minecraft
2014-05-11 11:06 - 2014-05-11 11:04 - 42001384 _____ () C:\Users\kebin\Downloads\1.5+MeineKraft+Honeyball.zip
2014-05-11 11:00 - 2014-05-11 11:00 - 00675988 _____ () C:\Users\kebin\Downloads\Minecraft (2).exe
2014-05-10 13:44 - 2013-03-09 13:44 - 00000000 ____D () C:\Users\kebin\AppData\Local\Spotify
2014-05-09 21:03 - 2013-06-30 15:00 - 00290184 _____ () C:\Windows\system32\PnkBstrB.xtr
2014-05-09 21:03 - 2013-06-29 12:59 - 00290184 _____ () C:\Windows\system32\PnkBstrB.exe
2014-05-09 21:03 - 2013-06-29 12:59 - 00139032 _____ () C:\Windows\system32\Drivers\PnkBstrK.sys
2014-05-09 21:02 - 2013-06-29 12:59 - 00280904 _____ () C:\Windows\system32\PnkBstrB.ex0
2014-05-09 21:01 - 2014-05-09 21:01 - 03822544 _____ () C:\Users\kebin\Downloads\battlelog-web-plugins_2.3.2_134.exe
2014-05-09 21:01 - 2013-06-30 14:59 - 00000000 ____D () C:\Program Files\Battlelog Web Plugins
2014-05-09 19:40 - 2013-06-29 12:59 - 00076888 _____ () C:\Windows\system32\PnkBstrA.exe
2014-05-09 19:36 - 2013-06-29 12:09 - 00000000 ____D () C:\ProgramData\Origin
2014-05-09 19:36 - 2013-06-29 12:09 - 00000000 ____D () C:\Program Files\Origin
2014-05-09 09:06 - 2014-05-14 17:33 - 00369664 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-05-09 09:04 - 2014-05-14 17:33 - 00302592 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-05-08 16:38 - 2014-05-02 12:51 - 00000000 ____D () C:\Users\kebin\Documents\Sozialkunde
2014-05-08 13:36 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\system32\NDF
2014-05-06 17:35 - 2013-10-17 19:57 - 00000000 ____D () C:\Users\kebin\AppData\Local\Windows Live
2014-05-06 05:25 - 2014-05-14 22:00 - 17382912 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-05-06 05:07 - 2014-05-14 22:00 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-05-06 04:10 - 2014-05-14 22:00 - 00069632 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
Files to move or delete:
====================
C:\Users\kebin\AppData\Roaming\Camdata.ini
C:\Users\kebin\AppData\Roaming\CamLayout.ini
C:\Users\kebin\AppData\Roaming\CamShapes.ini
Some content of TEMP:
====================
C:\Users\Gast.kebin-PC\AppData\Local\Temp\avgnt.exe
C:\Users\kebin\AppData\Local\Temp\avgnt.exe
C:\Users\kebin\AppData\Local\Temp\i4jdel0.exe
C:\Users\kebin\AppData\Local\Temp\javagiac0.5293851001103334.dll
C:\Users\kebin\AppData\Local\Temp\nsk196A.exe
C:\Users\kebin\AppData\Local\Temp\nsk1F36.exe
C:\Users\kebin\AppData\Local\Temp\nskE4B0.exe
C:\Users\kebin\AppData\Local\Temp\nspE210.exe
C:\Users\kebin\AppData\Local\Temp\nstBEE7.exe
C:\Users\kebin\AppData\Local\Temp\nsu1C67.exe
C:\Users\kebin\AppData\Local\Temp\nszDF41.exe
C:\Users\kebin\AppData\Local\Temp\SIInvoker.exe
C:\Users\kebin\AppData\Local\Temp\SkypeSetup.exe
C:\Users\kebin\AppData\Local\Temp\sonarinst.exe
C:\Users\kebin\AppData\Local\Temp\swt-win32-3349.dll
C:\Users\kebin\AppData\Local\Temp\v-bates.exe
==================== Bamital & volsnap Check =================
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\system32\winlogon.exe => MD5 is legit
C:\Windows\system32\wininit.exe => MD5 is legit
C:\Windows\system32\svchost.exe => MD5 is legit
C:\Windows\system32\services.exe => MD5 is legit
C:\Windows\system32\User32.dll => MD5 is legit
C:\Windows\system32\userinit.exe => MD5 is legit
C:\Windows\system32\rpcss.dll => MD5 is legit
C:\Windows\system32\Drivers\volsnap.sys => MD5 is legit
LastRegBack: 2014-06-01 22:11
==================== End Of Log ============================
|
|
02.06.2014, 18:17
| #2 | |
| /// the machine /// TB-Ausbilder    | Mein yahoo email-account verschickt SPAM an meine Kontakte hi,
__________________Zitat:
Additio.txt fehlt noch.
__________________ |
|
02.06.2014, 20:03
| #3 |
| | Mein yahoo email-account verschickt SPAM an meine Kontakte Hab gar nicht mehr gewusst, dass ich einen Proxy drin habe, habe ihn jetzt mal entfernt.
__________________Tut mir leid, anscheinend zweimal die FRST.txt kopiert. Nochmal die FRST.txt FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:02-06-2014
Ran by kebin (administrator) on KEBIN-PC on 02-06-2014 21:16:47
Running from C:\Users\kebin\Desktop
Platform: Microsoft Windows 7 Home Premium Service Pack 1 (X86) OS Language: German Standard
Internet Explorer Version 11
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avguard.exe
() C:\Windows\System32\PnkBstrA.exe
(Realtek) C:\Program Files\Realtek\11n USB Wireless LAN Utility\RtlService.exe
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
(Renesas Electronics Corporation) C:\Program Files\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
(SAMSUNG ELECTRONICS) C:\Program Files\Samsung\Samsung Media Studio 5\SMSTray.exe
(Advanced Micro Devices Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(ATI Technologies Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Realtek Semiconductor Corp.) C:\Program Files\Realtek\11n USB Wireless LAN Utility\RtWLan.exe
(Microsoft Corporation) C:\Windows\System32\wuauclt.exe
(Emsisoft GmbH) C:\Program Files\Emsisoft Anti-Malware\a2service.exe
(Emsisoft GmbH) C:\Program Files\Emsisoft Anti-Malware\a2guard.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [NUSB3MON] => C:\Program Files\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe [113288 2010-04-27] (Renesas Electronics Corporation)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [9288296 2010-06-14] (Realtek Semiconductor)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [946352 2012-12-18] (Adobe Systems Incorporated)
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [253816 2013-03-12] (Oracle Corporation)
HKLM\...\Run: [avgnt] => C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [689744 2014-02-20] (Avira Operations GmbH & Co. KG)
HKLM\...\Run: [SMSTray] => C:\Program Files\Samsung\Samsung Media Studio 5\SMSTray.exe [132624 2007-12-14] (SAMSUNG ELECTRONICS)
HKLM\...\Run: [StartCCC] => C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [642656 2013-03-28] (Advanced Micro Devices, Inc.)
HKLM\...\Run: [HP Software Update] => C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe [49208 2011-03-24] (Hewlett-Packard)
HKLM\...\Run: [] => [X]
HKLM\...\Run: [emsisoft anti-malware] => c:\program files\emsisoft anti-malware\a2guard.exe [4330432 2014-02-15] (Emsisoft GmbH)
HKU\.DEFAULT\...\RunOnce: [SPReview] - C:\Windows\System32\SPReview\SPReview.exe [280576 2013-03-20] (Microsoft Corporation)
HKU\S-1-5-21-3919152501-1714073753-3578707811-1000\...\Run: [] => [X]
HKU\S-1-5-21-3919152501-1714073753-3578707811-1000\...\Run: [Spotify Web Helper] => C:\Users\kebin\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1171000 2014-04-16] (Spotify Ltd)
HKU\S-1-5-21-3919152501-1714073753-3578707811-1000\...\Run: [CPU_Control] => C:\Program Files\CPU-Control\CPU_Control.exe [1034240 2009-01-04] ()
HKU\S-1-5-21-3919152501-1714073753-3578707811-1000\...\Run: [DAEMON Tools Lite] => "C:\Program Files\DAEMON Tools Lite\DTLite.exe" -autorun
HKU\S-1-5-21-3919152501-1714073753-3578707811-1000\...\MountPoints2: I - I:\Setup.exe
HKU\S-1-5-21-3919152501-1714073753-3578707811-1000\...\MountPoints2: {7c3722b3-bc8b-11e2-ae42-c93ad4f53fab} - I:\INSTALL.EXE
HKU\S-1-5-21-3919152501-1714073753-3578707811-1000\...\MountPoints2: {b34471aa-f51d-11e2-9a3c-6c626d8af7c3} - I:\setup.exe
HKU\S-1-5-21-3919152501-1714073753-3578707811-1000\...\MountPoints2: {d20c0b20-c6a5-11e2-b23d-aad8909b5fad} - I:\INSTALL.EXE
Startup: C:\Users\kebin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk
ShortcutTarget: OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk -> C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
Startup: C:\Users\kebin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.4.1.lnk
ShortcutTarget: OpenOffice.org 3.4.1.lnk -> C:\Program Files\OpenOffice.org 3\program\quickstart.exe ()
==================== Internet (Whitelisted) ====================
ProxyEnable: Internet Explorer proxy is enabled.
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://feed.snapdo.com/?publisher=VertiTechnologyYB&dpid=VertiTechnologyYB&co=DE&userid=67df9fbc-4fcc-49d5-9d21-2130fbe62346&searchtype=ds&q={searchTerms}&installDate=01/01/1970
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.golsearch.com/?babsrc=HP_ss_Btisdt6&mntrId=D2636C626D8AF7C3&affID=121564&tt=160713_9127&tsp=4946
HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://feed.snapdo.com/?publisher=VertiTechnologyYB&dpid=VertiTechnologyYB&co=DE&userid=67df9fbc-4fcc-49d5-9d21-2130fbe62346&searchtype=ds&q={searchTerms}&installDate=01/01/1970
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.qvo6.com/?utm_source=b&utm_medium=vtt&from=vtt&uid=WDCXWD15EARS-00MVWB0_WD-WMAZA083549035490&ts=1373376527
HKCU\Software\Microsoft\Internet Explorer\Main,bProtector Start Page = hxxp://www1.delta-search.com/?babsrc=HP_ss&mntrId=D2636C626D8AF7C3&affID=120517&tt=160713_9127&tsp=4945
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.qvo6.com/?utm_source=b&utm_medium=vtt&from=vtt&uid=WDCXWD15EARS-00MVWB0_WD-WMAZA083549035490&ts=1373376527
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.qvo6.com/?utm_source=b&utm_medium=vtt&from=vtt&uid=WDCXWD15EARS-00MVWB0_WD-WMAZA083549035490&ts=1373376527
StartMenuInternet: IEXPLORE.EXE - C:\Program Files\Internet Explorer\iexplore.exe hxxp://www.qvo6.com/?utm_source=b&utm_medium=vtt&from=vtt&uid=WDCXWD15EARS-00MVWB0_WD-WMAZA083549035490&ts=1373373982
SearchScopes: HKLM - DefaultScope {6EE4760F-2013-4BA5-BC1C-AC5D33C65EFA} URL =
SearchScopes: HKLM - {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = hxxp://feed.snapdo.com/?publisher=VertiTechnologyYB&dpid=VertiTechnologyYB&co=DE&userid=67df9fbc-4fcc-49d5-9d21-2130fbe62346&searchtype=ds&q={searchTerms}&installDate=01/01/1970
SearchScopes: HKCU - DefaultScope {6EE4760F-2013-4BA5-BC1C-AC5D33C65EFA} URL = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3311268&CUI=UN14762058129427503&UM=2
SearchScopes: HKCU - bProtectorDefaultScope {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
SearchScopes: HKCU - {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = hxxp://www.enhanced-search.com/?q={searchTerms}&babsrc=SP_ss_mib2&mntrId=D2636C626D8AF7C3&affID=121564&tt=160713_9127&tsp=4946
SearchScopes: HKCU - {6EE4760F-2013-4BA5-BC1C-AC5D33C65EFA} URL = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3311268&CUI=UN14762058129427503&UM=2
BHO: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO: No Name - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - No File
Toolbar: HKLM - No Name - {ae07101b-46d4-4a98-af68-0333ea26e113} - No File
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
ShellExecuteHooks: ShellHook Class - {88485281-8b4b-4f8d-9ede-82e29a064277} - C:\Program Files\MarkAny\ContentSafer\MACSMANAGER.dll [192512 2004-11-23] (MarkAny Cooperation.)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1
Tcpip\..\Interfaces\{26A623EB-0DB5-4189-B290-E65C1726041A}: [NameServer]192.169.137.1
FireFox:
========
FF ProfilePath: C:\Users\kebin\AppData\Roaming\Mozilla\Firefox\Profiles\olbrdq18.default
FF DefaultSearchEngine: Conduit Search
FF SelectedSearchEngine: Conduit Search
FF Homepage: hxxp://www.golsearch.com/?babsrc=HP_ss_Btisdt6&mntrId=D2636C626D8AF7C3&affID=121564&tt=160713_9127&tsp=4946
FF Keyword.URL: hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3311268&SearchSource=2&CUI=UN38072101937782320&UM=2&q=
FF NewTab: about:newtab
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_11_9_900_117.dll ()
FF Plugin: @esn.me/esnsonar,version=0.70.4 - C:\Program Files\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll (ESN Social Software AB)
FF Plugin: @esn/esnlaunch,version=2.3.0 - C:\Program Files\Battlelog Web Plugins\2.3.0\npesnlaunch.dll (ESN Social Software AB)
FF Plugin: @esn/npbattlelog,version=2.3.2 - C:\Program Files\Battlelog Web Plugins\2.3.2\npbattlelog.dll (EA Digital Illusions CE AB)
FF Plugin: @java.com/DTPlugin,version=10.21.2 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.21.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/WLPG,version=16.4.3508.0205 - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @nokia.com/EnablerPlugin - C:\Program Files\Nokia\Nokia Suite\npNokiaSuiteEnabler.dll ( )
FF Plugin: @pandonetworks.com/PandoWebPlugin - C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: electronicarts.com/GameFacePlugin - C:\Users\kebin\AppData\Roaming\Electronic Arts\Game Face\npGameFacePlugin.dll (Electronic Arts)
FF Plugin HKCU: pandonetworks.com/PandoWebPlugin - C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF Plugin HKCU: ubisoft.com/uplaypc - C:\Program Files\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll ()
FF user.js: detected! => C:\Users\kebin\AppData\Roaming\Mozilla\Firefox\Profiles\olbrdq18.default\user.js
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: No Name - C:\Users\kebin\AppData\Roaming\Mozilla\Firefox\profiles\extensions\extensions [2013-07-09]
FF Extension: FTdownloader V3.0 - C:\Users\kebin\AppData\Roaming\Mozilla\Firefox\profiles\extensions\ftdownloader3@ftdownloader.com.xpi [2013-04-11]
FF Extension: Plus-HD-4.5 - C:\Users\kebin\AppData\Roaming\Mozilla\Firefox\Profiles\olbrdq18.default\Extensions\a892fa08-2d07-49e8-adce-f650222629ca@82592752-c212-4885-b999-cb2a1d2f9d09.com [2014-04-23]
FF Extension: WhiteSmoke New V6 - C:\Users\kebin\AppData\Roaming\Mozilla\Firefox\Profiles\olbrdq18.default\Extensions\{da7f5ae1-3be3-43c0-8098-c1d183616e97} [2014-04-16]
FF HKLM\...\Firefox\Extensions: [{21EAF666-26B3-4a3c-ABD0-CA2F5A326744}] - C:\Program Files\V-bates\Firefox
FF HKCU\...\Firefox\Extensions: [{5a95a9e0-59dd-4314-bd84-4d18ca83a0e2}] - C:\Program Files\Wajam\Firefox\{5a95a9e0-59dd-4314-bd84-4d18ca83a0e2}.xpi
Chrome:
=======
CHR HomePage: hxxp://search.conduit.com/?ctid=CT3311268&SearchSource=48&CUI=UN29504919652995354&UM=2&UP=SP227CA280-2830-4C9A-BC80-F19CEDB88F74&SSPV=
CHR Plugin: (Shockwave Flash) - C:\Program Files\Google\Chrome\Application\35.0.1916.114\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files\Google\Chrome\Application\35.0.1916.114\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files\Google\Chrome\Application\35.0.1916.114\pdf.dll ()
CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Reader 11.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (ESN Launch Mozilla Plugin) - C:\Program Files\Battlelog Web Plugins\2.1.7\npesnlaunch.dll No File
CHR Plugin: (ESN Sonar API) - C:\Program Files\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll (ESN Social Software AB)
CHR Plugin: (Google Update) - C:\Program Files\Google\Update\1.3.21.149\npGoogleUpdate3.dll No File
CHR Plugin: (Java(TM) Platform SE 7 U21) - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
CHR Plugin: (Nokia Suite Enabler Plugin) - C:\Program Files\Nokia\Nokia Suite\npNokiaSuiteEnabler.dll ( )
CHR Plugin: (Shockwave Flash) - C:\Windows\system32\Macromed\Flash\NPSWF32_11_6_602_171.dll No File
CHR Plugin: (Java Deployment Toolkit 7.0.210.11) - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
CHR Extension: (Google Drive) - C:\Users\kebin\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-07-09]
CHR Extension: (YouTube) - C:\Users\kebin\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-07-09]
CHR Extension: (Google-Suche) - C:\Users\kebin\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-07-09]
CHR Extension: (Google Wallet) - C:\Users\kebin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-22]
CHR Extension: (Google Mail) - C:\Users\kebin\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-07-09]
CHR HKLM\...\Chrome\Extension: [ibcgjcbeckcdemelifnledhihpaighfk] - C:\Users\kebin\AppData\Local\CRE\ibcgjcbeckcdemelifnledhihpaighfk.crx [2013-07-09]
CHR HKCU\...\Chrome\Extension: [ibcgjcbeckcdemelifnledhihpaighfk] - C:\Users\kebin\AppData\Local\CRE\ibcgjcbeckcdemelifnledhihpaighfk.crx [2013-07-09]
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
========================== Services (Whitelisted) =================
R2 a2AntiMalware; C:\Program Files\Emsisoft Anti-Malware\a2service.exe [4163584 2014-02-15] (Emsisoft GmbH)
R2 AntiVirSchedulerService; C:\Program Files\Avira\AntiVir Desktop\sched.exe [440400 2014-02-20] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [440400 2014-02-20] (Avira Operations GmbH & Co. KG)
R2 PnkBstrA; C:\Windows\system32\PnkBstrA.exe [76888 2014-05-09] ()
R2 Realtek11nSU; C:\Program Files\Realtek\11n USB Wireless LAN Utility\RtlService.exe [36864 2010-04-16] (Realtek)
==================== Drivers (Whitelisted) ====================
R3 a2acc; C:\PROGRAM FILES\EMSISOFT ANTI-MALWARE\a2accx86.sys [58200 2014-05-12] (Emsisoft GmbH)
R1 A2DDA; C:\Program Files\Emsisoft Anti-Malware\a2ddax86.sys [22056 2013-03-28] (Emsisoft GmbH)
R1 a2injectiondriver; C:\Program Files\Emsisoft Anti-Malware\a2dix86.sys [38248 2013-09-30] (Emsisoft GmbH)
R1 a2util; C:\Program Files\Emsisoft Anti-Malware\a2util32.sys [18552 2014-05-12] (Emsisoft GmbH)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [90400 2013-12-18] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [135648 2013-12-18] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [37352 2013-12-01] (Avira Operations GmbH & Co. KG)
R3 cleanhlp; C:\Program Files\Emsisoft Anti-Malware\cleanhlp32.sys [50200 2013-12-04] (Emsisoft GmbH)
R3 nusb3hub; C:\Windows\System32\DRIVERS\nusb3hub.sys [64904 2010-04-27] (Renesas Electronics Corporation)
R3 nusb3xhc; C:\Windows\System32\DRIVERS\nusb3xhc.sys [146568 2010-04-27] (Renesas Electronics Corporation)
R1 RrNetCapFilterDriver; C:\Windows\System32\DRIVERS\RrNetCapFilterDriver.sys [22184 2013-10-29] (Audials AG)
R1 ssmdrv; C:\Windows\System32\DRIVERS\ssmdrv.sys [28520 2013-07-09] (Avira GmbH)
R3 tbhsd; C:\Windows\System32\drivers\tbhsd.sys [39048 2013-03-07] (RapidSolution Software AG)
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2014-06-02 21:16 - 2014-06-02 21:16 - 00017926 _____ () C:\Users\kebin\Desktop\FRST.txt
2014-06-02 20:58 - 2014-06-02 20:58 - 00000000 ____D () C:\Users\kebin\Desktop\FRST-OlderVersion
2014-06-02 17:01 - 2014-06-02 21:16 - 00000000 ____D () C:\FRST
2014-06-02 17:01 - 2014-06-02 20:58 - 01059840 _____ (Farbar) C:\Users\kebin\Desktop\FRST.exe
2014-06-02 15:38 - 2014-06-02 15:38 - 00001053 _____ () C:\Users\Public\Desktop\Emsisoft Anti-Malware.lnk
2014-06-02 15:38 - 2014-06-02 15:38 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Emsisoft Anti-Malware
2014-06-02 15:36 - 2014-06-02 21:01 - 00000000 ____D () C:\Program Files\Emsisoft Anti-Malware
2014-06-02 15:36 - 2014-06-02 15:36 - 00000000 ____D () C:\Users\kebin\Documents\Anti-Malware
2014-05-14 22:03 - 2014-05-14 22:03 - 00000000 ____D () C:\Program Files\Common Files\DESIGNER
2014-05-14 22:00 - 2014-05-06 05:25 - 17382912 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-05-14 22:00 - 2014-05-06 05:07 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-05-14 22:00 - 2014-05-06 04:10 - 00069632 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-05-14 17:33 - 2014-05-09 09:06 - 00369664 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-05-14 17:33 - 2014-05-09 09:04 - 00302592 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-05-14 17:32 - 2014-04-12 04:15 - 00136640 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2014-05-14 17:32 - 2014-04-12 04:15 - 00067520 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2014-05-14 17:32 - 2014-04-12 04:12 - 00100352 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2014-05-14 17:32 - 2014-04-12 04:12 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2014-05-14 17:32 - 2014-04-12 04:12 - 00015872 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2014-05-14 17:32 - 2014-04-12 04:11 - 01059840 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-05-14 17:32 - 2014-04-12 04:11 - 00022528 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2014-05-14 17:32 - 2014-03-25 04:09 - 12874240 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2014-05-14 17:32 - 2014-03-04 11:20 - 03969984 _____ (Microsoft Corporation) C:\Windows\system32\ntkrnlpa.exe
2014-05-14 17:32 - 2014-03-04 11:20 - 03914176 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2014-05-14 17:32 - 2014-03-04 11:17 - 00550912 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-05-14 17:32 - 2014-03-04 11:17 - 00538112 _____ (Microsoft Corporation) C:\Windows\system32\objsel.dll
2014-05-14 17:32 - 2014-03-04 11:17 - 00304128 _____ (Microsoft Corporation) C:\Windows\system32\winlogon.exe
2014-05-14 17:32 - 2014-03-04 11:17 - 00293376 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2014-05-14 17:32 - 2014-03-04 11:17 - 00259584 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2014-05-14 17:32 - 2014-03-04 11:17 - 00247808 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2014-05-14 17:32 - 2014-03-04 11:17 - 00172032 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2014-05-14 17:32 - 2014-03-04 11:17 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2014-05-14 17:32 - 2014-03-04 11:17 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\cngprovider.dll
2014-05-14 17:32 - 2014-03-04 11:17 - 00049664 _____ (Microsoft Corporation) C:\Windows\system32\adprovider.dll
2014-05-14 17:32 - 2014-03-04 11:17 - 00048128 _____ (Microsoft Corporation) C:\Windows\system32\capiprovider.dll
2014-05-14 17:32 - 2014-03-04 11:17 - 00047616 _____ (Microsoft Corporation) C:\Windows\system32\dpapiprovider.dll
2014-05-14 17:32 - 2014-03-04 11:17 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\dimsroam.dll
2014-05-14 17:32 - 2014-03-04 11:17 - 00035328 _____ (Microsoft Corporation) C:\Windows\system32\wincredprovider.dll
2014-05-14 17:32 - 2014-03-04 11:17 - 00017408 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2014-05-12 17:39 - 2014-05-12 17:39 - 00000213 _____ () C:\Users\kebin\Desktop\Counter-Strike Global Offensive.url
2014-05-11 18:33 - 2014-05-11 18:33 - 00000000 ____D () C:\Users\kebin\Documents\7 Days To Die
2014-05-06 21:48 - 2014-05-15 13:08 - 00000000 ___SD () C:\Windows\system32\CompatTel
==================== One Month Modified Files and Folders =======
2014-06-02 21:16 - 2014-06-02 21:16 - 00017926 _____ () C:\Users\kebin\Desktop\FRST.txt
2014-06-02 21:16 - 2014-06-02 17:01 - 00000000 ____D () C:\FRST
2014-06-02 21:16 - 2013-03-08 21:06 - 00000000 ____D () C:\Users\kebin\AppData\Local\Temp
2014-06-02 21:09 - 2014-04-27 16:09 - 00000282 _____ () C:\Windows\Tasks\FF Watcher {4ABDC18F-3611-40F6-9256-60C9A1E18F9B}.job
2014-06-02 21:06 - 2013-03-19 16:19 - 00000000 ____D () C:\Program Files\Atari
2014-06-02 21:01 - 2014-06-02 15:36 - 00000000 ____D () C:\Program Files\Emsisoft Anti-Malware
2014-06-02 20:58 - 2014-06-02 20:58 - 00000000 ____D () C:\Users\kebin\Desktop\FRST-OlderVersion
2014-06-02 20:58 - 2014-06-02 17:01 - 01059840 _____ (Farbar) C:\Users\kebin\Desktop\FRST.exe
2014-06-02 20:55 - 2013-03-08 21:01 - 01345910 _____ () C:\Windows\WindowsUpdate.log
2014-06-02 20:54 - 2013-07-09 15:55 - 00001096 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-06-02 17:35 - 2013-10-04 12:41 - 00000000 ____D () C:\Program Files\Plus-HD-4.5
2014-06-02 16:54 - 2013-07-07 16:59 - 00000000 ____D () C:\Users\kebin\Desktop\SPIELE
2014-06-02 16:42 - 2013-05-14 18:04 - 00000000 ____D () C:\Users\kebin\Documents\My Games
2014-06-02 16:41 - 2013-07-25 14:27 - 00000000 ____D () C:\Program Files\R.G. Mechanics
2014-06-02 16:39 - 2013-07-16 16:40 - 00000000 ____D () C:\Program Files\Common Files\DVDVideoSoft
2014-06-02 16:39 - 2013-05-14 17:50 - 00000000 ____D () C:\Users\kebin\AppData\Roaming\DVDVideoSoft
2014-06-02 16:29 - 2013-11-13 18:56 - 00000000 ____D () C:\Users\kebin\Documents\W-Seminar
2014-06-02 16:01 - 2013-03-08 21:11 - 01618320 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-06-02 15:38 - 2014-06-02 15:38 - 00001053 _____ () C:\Users\Public\Desktop\Emsisoft Anti-Malware.lnk
2014-06-02 15:38 - 2014-06-02 15:38 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Emsisoft Anti-Malware
2014-06-02 15:36 - 2014-06-02 15:36 - 00000000 ____D () C:\Users\kebin\Documents\Anti-Malware
2014-06-02 14:04 - 2014-01-13 18:33 - 00000000 ____D () C:\Users\kebin\AppData\Local\PMB Files
2014-06-02 14:04 - 2014-01-13 18:33 - 00000000 ____D () C:\ProgramData\PMB Files
2014-06-02 13:40 - 2013-07-09 15:55 - 00001092 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-06-02 13:12 - 2009-07-14 06:34 - 00009696 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-06-02 13:12 - 2009-07-14 06:34 - 00009696 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-06-02 13:05 - 2013-07-07 09:34 - 00000436 _____ () C:\Windows\system32\Drivers\etc\hosts.ics
2014-06-02 13:04 - 2013-11-02 13:15 - 00028475 _____ () C:\Windows\setupact.log
2014-06-02 13:04 - 2009-07-14 06:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-05-31 20:11 - 2013-12-08 15:31 - 00000000 ____D () C:\Users\kebin\Documents\Deutsch
2014-05-30 19:38 - 2014-01-16 21:45 - 00000000 ____D () C:\Users\kebin\AppData\Roaming\TS3Client
2014-05-23 20:53 - 2013-03-09 13:44 - 00000000 ____D () C:\Users\kebin\AppData\Roaming\Spotify
2014-05-23 19:08 - 2013-04-09 14:08 - 00000000 ____D () C:\Users\kebin\AppData\Roaming\Skype
2014-05-21 16:55 - 2013-07-09 15:55 - 00002121 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-05-16 22:31 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\rescache
2014-05-15 18:46 - 2013-04-07 18:37 - 00000000 ____D () C:\Program Files\Steam
2014-05-15 13:48 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\Microsoft.NET
2014-05-15 13:08 - 2014-05-06 21:48 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-05-15 13:08 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\system32\de-DE
2014-05-14 22:10 - 2013-08-14 19:23 - 00000000 ____D () C:\Windows\system32\MRT
2014-05-14 22:03 - 2014-05-14 22:03 - 00000000 ____D () C:\Program Files\Common Files\DESIGNER
2014-05-14 22:03 - 2013-07-17 15:37 - 90547776 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-05-14 22:03 - 2013-04-11 20:34 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-05-12 17:39 - 2014-05-12 17:39 - 00000213 _____ () C:\Users\kebin\Desktop\Counter-Strike Global Offensive.url
2014-05-11 18:33 - 2014-05-11 18:33 - 00000000 ____D () C:\Users\kebin\Documents\7 Days To Die
2014-05-11 12:18 - 2013-04-24 19:41 - 00000000 ____D () C:\Users\kebin\AppData\Roaming\.minecraft
2014-05-10 13:44 - 2013-03-09 13:44 - 00000000 ____D () C:\Users\kebin\AppData\Local\Spotify
2014-05-09 21:03 - 2013-06-30 15:00 - 00290184 _____ () C:\Windows\system32\PnkBstrB.xtr
2014-05-09 21:03 - 2013-06-29 12:59 - 00290184 _____ () C:\Windows\system32\PnkBstrB.exe
2014-05-09 21:03 - 2013-06-29 12:59 - 00139032 _____ () C:\Windows\system32\Drivers\PnkBstrK.sys
2014-05-09 21:02 - 2013-06-29 12:59 - 00280904 _____ () C:\Windows\system32\PnkBstrB.ex0
2014-05-09 21:01 - 2013-06-30 14:59 - 00000000 ____D () C:\Program Files\Battlelog Web Plugins
2014-05-09 19:40 - 2013-06-29 12:59 - 00076888 _____ () C:\Windows\system32\PnkBstrA.exe
2014-05-09 19:36 - 2013-06-29 12:09 - 00000000 ____D () C:\ProgramData\Origin
2014-05-09 19:36 - 2013-06-29 12:09 - 00000000 ____D () C:\Program Files\Origin
2014-05-09 09:06 - 2014-05-14 17:33 - 00369664 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-05-09 09:04 - 2014-05-14 17:33 - 00302592 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-05-08 16:38 - 2014-05-02 12:51 - 00000000 ____D () C:\Users\kebin\Documents\Sozialkunde
2014-05-08 13:36 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\system32\NDF
2014-05-06 17:35 - 2013-10-17 19:57 - 00000000 ____D () C:\Users\kebin\AppData\Local\Windows Live
2014-05-06 05:25 - 2014-05-14 22:00 - 17382912 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-05-06 05:07 - 2014-05-14 22:00 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-05-06 04:10 - 2014-05-14 22:00 - 00069632 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
Files to move or delete:
====================
C:\Users\kebin\AppData\Roaming\Camdata.ini
C:\Users\kebin\AppData\Roaming\CamLayout.ini
C:\Users\kebin\AppData\Roaming\CamShapes.ini
Some content of TEMP:
====================
C:\Users\Gast.kebin-PC\AppData\Local\Temp\avgnt.exe
C:\Users\kebin\AppData\Local\Temp\avgnt.exe
C:\Users\kebin\AppData\Local\Temp\i4jdel0.exe
C:\Users\kebin\AppData\Local\Temp\javagiac0.5293851001103334.dll
C:\Users\kebin\AppData\Local\Temp\nsk196A.exe
C:\Users\kebin\AppData\Local\Temp\nsk1F36.exe
C:\Users\kebin\AppData\Local\Temp\nskE4B0.exe
C:\Users\kebin\AppData\Local\Temp\nspE210.exe
C:\Users\kebin\AppData\Local\Temp\nstBEE7.exe
C:\Users\kebin\AppData\Local\Temp\nsu1C67.exe
C:\Users\kebin\AppData\Local\Temp\nszDF41.exe
C:\Users\kebin\AppData\Local\Temp\SIInvoker.exe
C:\Users\kebin\AppData\Local\Temp\SkypeSetup.exe
C:\Users\kebin\AppData\Local\Temp\sonarinst.exe
C:\Users\kebin\AppData\Local\Temp\swt-win32-3349.dll
C:\Users\kebin\AppData\Local\Temp\v-bates.exe
==================== Bamital & volsnap Check =================
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\system32\winlogon.exe => MD5 is legit
C:\Windows\system32\wininit.exe => MD5 is legit
C:\Windows\system32\svchost.exe => MD5 is legit
C:\Windows\system32\services.exe => MD5 is legit
C:\Windows\system32\User32.dll => MD5 is legit
C:\Windows\system32\userinit.exe => MD5 is legit
C:\Windows\system32\rpcss.dll => MD5 is legit
C:\Windows\system32\Drivers\volsnap.sys => MD5 is legit
LastRegBack: 2014-06-01 22:11
==================== End Of Log ============================
----------------------------------- Und hier ist jetzt die Addition.txt Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x86) Version:02-06-2014
Ran by kebin at 2014-06-02 21:17:08
Running from C:\Users\kebin\Desktop
Boot Mode: Normal
==========================================================
==================== Security Center ========================
AV: Avira Desktop (Disabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
AV: Emsisoft Anti-Malware (Enabled - Up to date) {8504DEEF-CC04-1F76-2137-F1A5F4A659DA}
AS: Avira Desktop (Disabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Emsisoft Anti-Malware (Enabled - Up to date) {3E653F0B-EA3E-10F8-1B87-CAD78F211367}
==================== Installed Programs ======================
*tmx englisch (HKLM\...\{89286F5B-4B78-41DE-9982-B7AD010DE01B}) (Version: 5.00.0000 - *tmx communications)
7 Days to Die (HKLM\...\Steam App 251570) (Version: - The Fun Pimps)
Adobe Flash Player 11 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 11.6.602.171 - Adobe Systems Incorporated)
Adobe Flash Player 11 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 11.9.900.117 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.02) - Deutsch (HKLM\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.02 - Adobe Systems Incorporated)
Advanced Archive Password Recovery (HKLM\...\{01011662-76A8-41E8-B1A8-4F8821570AC5}) (Version: 4.54.48.1338 - Elcomsoft Co. Ltd.)
Age of Empires II: HD Edition (HKLM\...\Steam App 221380) (Version: - )
AMD Accelerated Video Transcoding (Version: 12.10.100.30328 - Advanced Micro Devices, Inc.) Hidden
AMD Catalyst Install Manager (HKLM\...\{FF6A8312-0A62-3AC0-A49F-9CB7390AE5EC}) (Version: 8.0.911.0 - Advanced Micro Devices, Inc.)
AMD Drag and Drop Transcoding (Version: 2.00.0000 - Advanced Micro Devices, Inc.) Hidden
AMD Media Foundation Decoders (Version: 1.0.80328.2203 - Advanced Micro Devices, Inc.) Hidden
AMD Wireless Display v3.0 (Version: 1.0.0.10 - Advanced Micro Devices, Inc.) Hidden
Application Profiles (HKLM\...\{63059735-CA97-FDFB-0E7A-3B8D81572EFD}) (Version: 2.0.4888.34279 - Advanced Micro Devices, Inc.)
ASIO4ALL (HKLM\...\ASIO4ALL) (Version: 2.10 - Michael Tippach)
Assassin’s Creed® III (HKLM\...\Steam App 208480) (Version: - Ubisoft Montreal)
Audials (HKLM\...\{D37248E4-6C59-4F21-ACBF-E58FAD54F9DB}) (Version: 11.0.39402.200 - Audials AG)
Avira Free Antivirus (HKLM\...\Avira AntiVir Desktop) (Version: 14.0.3.350 - Avira)
Battlefield 3™ (HKLM\...\{76285C16-411A-488A-BCE3-C83CB933D8CF}) (Version: 1.0.0.0 - Electronic Arts)
Battlelog Web Plugins (HKLM\...\Battlelog Web Plugins) (Version: 2.3.2 - EA Digital Illusions CE AB)
BlueJ (HKLM\...\{7D66971C-652B-4065-A6B1-B3EE313C254B}) (Version: 3.1.0 - BlueJ Team)
BPM Counter 1.6.0.0 (HKLM\...\BPM Counter_is1) (Version: 1.6.0.0 - AbyssMedia.com)
Call of Duty: Modern Warfare 2 - Multiplayer (HKLM\...\Steam App 10190) (Version: - Infinity Ward)
Catalyst Control Center - Branding (Version: 1.00.0000 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center (Version: 2013.0328.2218.38225 - Ihr Firmenname) Hidden
Catalyst Control Center Graphics Previews Common (Version: 2013.0328.2218.38225 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center InstallProxy (Version: 2013.0328.2218.38225 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Localization All (Version: 2013.0328.2218.38225 - Advanced Micro Devices, Inc.) Hidden
CCC Help Chinese Standard (Version: 2013.0328.2217.38225 - Advanced Micro Devices, Inc.) Hidden
CCC Help Chinese Traditional (Version: 2013.0328.2217.38225 - Advanced Micro Devices, Inc.) Hidden
CCC Help Czech (Version: 2013.0328.2217.38225 - Advanced Micro Devices, Inc.) Hidden
CCC Help Danish (Version: 2013.0328.2217.38225 - Advanced Micro Devices, Inc.) Hidden
CCC Help Dutch (Version: 2013.0328.2217.38225 - Advanced Micro Devices, Inc.) Hidden
CCC Help English (Version: 2013.0328.2217.38225 - Advanced Micro Devices, Inc.) Hidden
CCC Help Finnish (Version: 2013.0328.2217.38225 - Advanced Micro Devices, Inc.) Hidden
CCC Help French (Version: 2013.0328.2217.38225 - Advanced Micro Devices, Inc.) Hidden
CCC Help German (Version: 2013.0328.2217.38225 - Advanced Micro Devices, Inc.) Hidden
CCC Help Greek (Version: 2013.0328.2217.38225 - Advanced Micro Devices, Inc.) Hidden
CCC Help Hungarian (Version: 2013.0328.2217.38225 - Advanced Micro Devices, Inc.) Hidden
CCC Help Italian (Version: 2013.0328.2217.38225 - Advanced Micro Devices, Inc.) Hidden
CCC Help Japanese (Version: 2013.0328.2217.38225 - Advanced Micro Devices, Inc.) Hidden
CCC Help Korean (Version: 2013.0328.2217.38225 - Advanced Micro Devices, Inc.) Hidden
CCC Help Norwegian (Version: 2013.0328.2217.38225 - Advanced Micro Devices, Inc.) Hidden
CCC Help Polish (Version: 2013.0328.2217.38225 - Advanced Micro Devices, Inc.) Hidden
CCC Help Portuguese (Version: 2013.0328.2217.38225 - Advanced Micro Devices, Inc.) Hidden
CCC Help Russian (Version: 2013.0328.2217.38225 - Advanced Micro Devices, Inc.) Hidden
CCC Help Spanish (Version: 2013.0328.2217.38225 - Advanced Micro Devices, Inc.) Hidden
CCC Help Swedish (Version: 2013.0328.2217.38225 - Advanced Micro Devices, Inc.) Hidden
CCC Help Thai (Version: 2013.0328.2217.38225 - Advanced Micro Devices, Inc.) Hidden
CCC Help Turkish (Version: 2013.0328.2217.38225 - Advanced Micro Devices, Inc.) Hidden
ccc-utility (Version: 2013.0328.2218.38225 - Advanced Micro Devices, Inc.) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 3.25 - Piriform)
Cisco EAP-FAST Module (HKLM\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.)
Cisco LEAP Module (HKLM\...\{51C7AD07-C3F6-4635-8E8A-231306D810FE}) (Version: 1.0.19 - Cisco Systems, Inc.)
Cisco PEAP Module (HKLM\...\{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}) (Version: 1.1.6 - Cisco Systems, Inc.)
Counter-Strike: Global Offensive (HKLM\...\Steam App 730) (Version: - Valve)
CPU-Control (HKLM\...\CPU-Control_is1) (Version: - Koma-Code)
D3DX10 (Version: 15.4.2368.0902 - Microsoft) Hidden
Dart2010 2.0.1 (HKLM\...\Dart2010) (Version: 2.0.1 - Klaus Sobieray)
DartPro 2.9.0.0 (HKLM\...\DartPro_is1) (Version: - RuSyS)
DiRT 2 (HKLM\...\Steam App 12840) (Version: - Codemasters Racing Studio)
EA SPORTS Game Face Browser Plugin 1.8.0.0 (HKCU\...\EA SPORTS Game Face Browser Plugin) (Version: 1.8.0.0 - Electronic Arts)
Emsisoft Anti-Malware (HKLM\...\{BC30E5E7-047D-4232-A7E8-F2CB7CC7B2E0}_is1) (Version: 8.1 - Emsisoft GmbH)
ESN Sonar (HKLM\...\ESN Sonar-0.70.4) (Version: 0.70.4 - ESN Social Software AB)
Fotogalerie (Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
GeoGebra 4.2 (HKLM\...\GeoGebra 4.2) (Version: 4.2.57.0 - International GeoGebra Institute)
GeoGebra 5.0 (HKLM\...\GeoGebra 5.0) (Version: 4.9.248.0 - International GeoGebra Institute)
GIANTS Editor 5.0.1 (HKLM\...\giants_editor_5.0.1_is1) (Version: 5.0.1 - GIANTS Software GmbH)
GIMP 2.8.6 (HKLM\...\GIMP-2_is1) (Version: 2.8.6 - The GIMP Team)
Google Chrome (HKLM\...\Google Chrome) (Version: 35.0.1916.114 - Google Inc.)
Google Update Helper (Version: 1.3.24.7 - Google Inc.) Hidden
HP Officejet 6100 - Grundlegende Software für das Gerät (HKLM\...\{28FE6C88-97EC-4FC5-8FF3-70E800F5C33E}) (Version: 25.0.617.0 - Hewlett-Packard Co.)
HP Officejet 6100 Hilfe (HKLM\...\{2033DC31-6C96-4E5B-BF51-6BFFDB3E6564}) (Version: 140.0.2.2 - Hewlett Packard)
HP Update (HKLM\...\{85DF2EED-08BC-46FB-90DA-28B0D0A8E8A8}) (Version: 5.003.000.004 - Hewlett-Packard)
IL Shared Libraries (HKLM\...\IL Shared Libraries) (Version: - Image-Line)
Java 7 Update 21 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83217021FF}) (Version: 7.0.210 - Oracle)
Java Auto Updater (Version: 2.1.9.5 - Sun Microsystems, Inc.) Hidden
Java SE Development Kit 7 Update 21 (HKLM\...\{32A3A4F4-B792-11D6-A78A-00B0D0170210}) (Version: 1.7.0.210 - Oracle)
Junk Mail filter update (Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Kinovea (HKLM\...\Kinovea) (Version: 0.8.15 - Kinovea)
K-Lite Codec Pack 10.2.0 Full (HKLM\...\KLiteCodecPack_is1) (Version: 10.2.0 - )
Lame ACM MP3 Codec (HKLM\...\Lame MP3 Codec (for the ACM)) (Version: - )
Landwirtschafts Simulator 2011 (HKLM\...\FarmingSimulator2011DE_is1) (Version: 1.0 - GIANTS Software)
Langenscheidt Vokabeltrainer 6.0 Demoversion (HKLM\...\{B2F9A670-BA19-4B2C-8CB9-97801C488C02}) (Version: 6.0.16 - Langenscheidt)
League of Legends (HKLM\...\League of Legends 3.0.1) (Version: 3.0.1 - Riot Games )
League of Legends (Version: 3.0.1 - Riot Games ) Hidden
Magic The Gathering - Duels of the Planeswalkers 2013 (HKLM\...\Magic The Gathering - Duels of the Planeswalkers 2013_is1) (Version: - )
Microsoft .NET Framework 4.5.1 (DEU) (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6012.5000 - Microsoft Corporation) Hidden
Microsoft Games for Windows - LIVE (HKLM\...\{2C9EE786-1DDB-4C98-8FA4-B1B9B5A66B77}) (Version: 3.1.186.0 - Microsoft Corporation)
Microsoft Games for Windows - LIVE Redistributable (HKLM\...\{00C5F4F4-62F9-40D7-8000-AD8A9CD0C669}) (Version: 3.1.99.0 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM\...\{90120000-001B-0000-0000-0000000FF1CE}_WORD_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft)
Microsoft Office 2007 Service Pack 3 (SP3) (Version: - Microsoft) Hidden
Microsoft Office Excel MUI (German) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Home and Student 2007 (HKLM\...\HOMESTUDENTR) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Home and Student 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (German) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (German) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (German) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Italian) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Spanish) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (English) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proofing (German) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) (Version: - Microsoft) Hidden
Microsoft Office Shared MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (German) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Word 2007 (HKLM\...\WORD) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Word 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (German) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{A49F249F-0C91-497F-86DF-B2585E8E76B7}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM\...\{6AFCA4E1-9B78-3640-8F72-A7BF33448200}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 (HKLM\...\{95716cce-fc71-413f-8ad5-56c2892d4b3a}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.60610 (Version: 11.0.60610 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.60610 (Version: 11.0.60610 - Microsoft Corporation) Hidden
Microsoft_VC100_CRT_SP1_x86 (Version: 10.0.40219.1 - Nokia) Hidden
Movie Maker (Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Mozilla Firefox 26.0 (x86 de) (HKLM\...\Mozilla Firefox 26.0 (x86 de)) (Version: 26.0 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 26.0 - Mozilla)
MSVC80_x86_v2 (Version: 1.0.3.0 - Nokia) Hidden
MSVC90_x86 (Version: 1.0.1.2 - Nokia) Hidden
MSVCRT (Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT110 (Version: 16.4.1108.0727 - Microsoft) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Nokia Connectivity Cable Driver (HKLM\...\{6FE12C01-2FBC-42E2-AEB9-4CA2238C462F}) (Version: 7.1.101.0 - Nokia)
Nokia Suite (HKLM\...\Nokia Suite) (Version: 3.7.22.0 - Nokia)
Nokia Suite (Version: 3.7.22.0 - Nokia) Hidden
OpenAL (HKLM\...\OpenAL) (Version: - )
OpenOffice.org 3.4.1 (HKLM\...\{2303AEEA-0FA8-4AFD-80A9-8F86BA4B44D2}) (Version: 3.41.9593 - Apache Software Foundation)
Opera 12.16 (HKLM\...\Opera 12.16.1860) (Version: 12.16.1860 - Opera Software ASA)
Opera Stable 18.0.1284.63 (HKLM\...\Opera 18.0.1284.63) (Version: 18.0.1284.63 - Opera Software ASA)
Origin (HKLM\...\Origin) (Version: 9.2.1.4399 - Electronic Arts, Inc.)
Paint.NET v3.5.11 (HKLM\...\{72EF03F5-0507-4861-9A44-D99FD4C41417}) (Version: 3.61.0 - dotPDN LLC)
Pando Media Booster (HKLM\...\{980A182F-E0A2-4A40-94C1-AE0C1235902E}) (Version: 2.6.0.7 - Pando Networks Inc.)
PC Connectivity Solution (HKLM\...\{6B722793-E77B-41F5-BAB3-6C9832274E75}) (Version: 12.0.76.0 - Nokia)
Photo Common (Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Photo Gallery (Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
PokerTH (HKLM\...\PokerTH 1.0.1) (Version: 1.0.1 - www.pokerth.net)
PokerTH (HKLM\...\PokerTH 1.1) (Version: 1.1 - www.pokerth.net)
PunkBuster Services (HKLM\...\PunkBusterSvc) (Version: 0.991 - Even Balance, Inc.)
Rapture3D 2.3.26 Game (HKLM\...\{D2FCA41E-AC01-4DCD-B3A7-DC9E32363065}}_is1) (Version: - Blue Ripple Sound)
Realtek Ethernet Controller Driver For Windows 7 (HKLM\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.21.531.2010 - Realtek)
Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6136 - Realtek Semiconductor Corp.)
REALTEK Wireless LAN Driver (HKLM\...\{B20F9D1C-A0A5-4cd8-8306-DE95842311B1}) (Version: 1.00.0129 - REALTEK Semiconductor Corp.)
REALTEK Wireless LAN Driver and Utility (HKLM\...\{9C049499-055C-4a0c-A916-1D8CA1FF45EB}) (Version: 1.00.0187 - REALTEK Semiconductor Corp.)
Renesas Electronics USB 3.0 Host Controller Driver (HKLM\...\InstallShield_{5442DAB8-7177-49E1-8B22-09A049EA5996}) (Version: 2.0.4.0 - Renesas Electronics Corporation)
Renesas Electronics USB 3.0 Host Controller Driver (Version: 2.0.4.0 - Renesas Electronics Corporation) Hidden
RollerCoaster Tycoon 3 (HKLM\...\RollerCoaster Tycoon 3_is1) (Version: - Atari)
Samsung Media Studio (HKLM\...\{C20CE592-B0F8-4D20-BF31-0151CA6331A6}) (Version: 5 - Samsung)
SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.4.8.0 - SAMSUNG Electronics Co., Ltd.)
Sid Meier's Civilization V (HKLM\...\Steam App 8930) (Version: - 2K Games, Inc.)
Skype™ 6.11 (HKLM\...\{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}) (Version: 6.11.102 - Skype Technologies S.A.)
Spotify (HKCU\...\Spotify) (Version: 0.9.8.296.g91f68827 - Spotify AB)
Steam (HKLM\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve Corporation)
TeamSpeak 3 Client (HKCU\...\TeamSpeak 3 Client) (Version: 3.0.13 - TeamSpeak Systems GmbH)
The Lord of the Rings: War in the North (HKLM\...\Steam App 32800) (Version: - Snowblind Studios)
TmNationsForever (HKLM\...\TmNationsForever_is1) (Version: - Nadeo)
Update for 2007 Microsoft Office System (KB967642) (HKLM\...\{90120000-001B-0000-0000-0000000FF1CE}_WORD_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft)
Update for 2007 Microsoft Office System (KB967642) (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft)
Update for Microsoft Office 2007 Help for Common Features (KB963673) (HKLM\...\{90120000-006E-0409-0000-0000000FF1CE}_WORD_{AB365889-0395-4FAD-B702-CA5985D53D42}) (Version: - Microsoft)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition (HKLM\...\{90120000-001B-0000-0000-0000000FF1CE}_WORD_{A024FC7B-77DE-45DE-A058-1C049A17BFB3}) (Version: - Microsoft)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{A024FC7B-77DE-45DE-A058-1C049A17BFB3}) (Version: - Microsoft)
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (HKLM\...\{90120000-001B-0000-0000-0000000FF1CE}_WORD_{CB68A5B0-3508-4193-AEB9-AF636DAECE0F}) (Version: - Microsoft)
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{CB68A5B0-3508-4193-AEB9-AF636DAECE0F}) (Version: - Microsoft)
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition (HKLM\...\{90120000-001B-0000-0000-0000000FF1CE}_WORD_{E9A82945-BA29-4EE8-8F2A-2F49545E9CF2}) (Version: - Microsoft)
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{E9A82945-BA29-4EE8-8F2A-2F49545E9CF2}) (Version: - Microsoft)
Update for Microsoft Office Script Editor Help (KB963671) (HKLM\...\{90120000-006E-0409-0000-0000000FF1CE}_WORD_{CD11C6A2-FFC6-4271-8EAB-79C3582F505C}) (Version: - Microsoft)
Update for Microsoft Office Word 2007 Help (KB963665) (HKLM\...\{90120000-001B-0409-0000-0000000FF1CE}_WORD_{80E762AA-C921-4839-9D7D-DB62A72C0726}) (Version: - Microsoft)
Update für Microsoft Office Excel 2007 Help (KB963678) (HKLM\...\{90120000-0016-0407-0000-0000000FF1CE}_HOMESTUDENTR_{BEC163EC-7A83-48A1-BFB6-3BF47CC2F8CF}) (Version: - Microsoft)
Update für Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM\...\{90120000-0018-0407-0000-0000000FF1CE}_HOMESTUDENTR_{EA160DA3-E9B5-4D03-A518-21D306665B96}) (Version: - Microsoft)
Update für Microsoft Office Word 2007 Help (KB963665) (HKLM\...\{90120000-001B-0407-0000-0000000FF1CE}_HOMESTUDENTR_{38472199-D7B6-4833-A949-10E4EE6365A1}) (Version: - Microsoft)
Uplay (HKLM\...\Uplay) (Version: 2.0 - Ubisoft)
VC80CRTRedist - 8.0.50727.6195 (Version: 1.2.0 - DivX, Inc) Hidden
Windows Live Communications Platform (Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM\...\WinLiveSuite) (Version: 16.4.3508.0205 - Microsoft Corporation)
Windows Live Essentials (Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live ID Sign-in Assistant (Version: 7.250.4311.0 - Microsoft Corporation) Hidden
Windows Live Installer (Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live Mail (Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live MIME IFilter (Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live Photo Common (Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live SOXE (Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live UX Platform (Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live Writer (Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live Writer Resources (Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows-Treiberpaket - Nokia pccsmcfd “LegacyDriver” (05/31/2012 7.1.2.0) (HKLM\...\17D063A0A9F5D5A225B76B1D9BCB5ADBE85C8382) (Version: 05/31/2012 7.1.2.0 - Nokia)
WinRAR 4.20 (32-bit) (HKLM\...\WinRAR archiver) (Version: 4.20.0 - win.rar GmbH)
XviD MPEG-4 Video Codec (HKLM\...\XviD_is1) (Version: XviD-1.0.3-20122004 - XviD Team (Koepi))
==================== Restore Points =========================
14-05-2014 19:58:52 Windows Update
24-05-2014 17:02:01 Geplanter Prüfpunkt
01-06-2014 20:18:34 Geplanter Prüfpunkt
==================== Hosts content: ==========================
2009-07-14 04:04 - 2009-06-10 23:39 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
==================== Scheduled Tasks (whitelisted) =============
Task: {02D9C747-3DE4-4EA9-B314-9D7507BF3C85} - System32\Tasks\{29138DB8-65F5-41A1-AD3D-D24659EE651F} => C:\Program Files\DDS Converter 2\DDS Converter 2.exe
Task: {11428800-BABD-4EC0-8DF7-F9B0014941F9} - System32\Tasks\Dealply => C:\Users\kebin\AppData\Roaming\Dealply\UPDATE~1\UPDATE~1.EXE <==== ATTENTION
Task: {82AEEE4E-A795-4597-BD04-EABC0A8FF318} - System32\Tasks\EPUpdater => C:\Users\kebin\AppData\Roaming\BABSOL~1\Shared\BabMaint.exe <==== ATTENTION
Task: {9B9DEAEB-AD03-4D29-A527-F088816D3486} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2012-11-24] (Piriform Ltd)
Task: {ACDACEA7-2EE0-4613-8F30-114192EB9520} - \Express FilesUpdate No Task File <==== ATTENTION
Task: {BFFA05F7-DD6B-4BF9-8A71-6456135F7285} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2013-07-09] (Google Inc.)
Task: {CA556849-99B3-49F1-A0AC-42D0BA1DC656} - System32\Tasks\FF Watcher {4ABDC18F-3611-40F6-9256-60C9A1E18F9B} => C:\Program Files\V-bates\PrefHelper.exe
Task: {D06FACCC-0160-487B-B897-151B08EF4CEC} - System32\Tasks\Desk 365 RunAsStdUser => C:\Program Files\Desk 365\desk365.exe <==== ATTENTION
Task: {F0616216-E5D1-48B5-B0EE-CC3753EBEA07} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2013-07-09] (Google Inc.)
Task: C:\Windows\Tasks\Dealply.job => C:\Users\kebin\AppData\Roaming\Dealply\UPDATE~1\UPDATE~1.EXE <==== ATTENTION
Task: C:\Windows\Tasks\FF Watcher {4ABDC18F-3611-40F6-9256-60C9A1E18F9B}.job => C:\Program Files\V-bates\PrefHelper.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
==================== Loaded Modules (whitelisted) =============
2013-07-09 16:07 - 2013-07-09 16:06 - 00394824 _____ () C:\Program Files\Avira\AntiVir Desktop\sqlite3.dll
2013-06-29 12:59 - 2014-05-09 19:40 - 00076888 _____ () C:\Windows\system32\PnkBstrA.exe
2013-07-22 20:10 - 2009-12-09 21:20 - 00126976 _____ () C:\Program Files\Realtek\11n USB Wireless LAN Utility\EnumDevLib.dll
2014-05-21 16:55 - 2014-05-14 01:40 - 00716616 _____ () C:\Program Files\Google\Chrome\Application\35.0.1916.114\libglesv2.dll
2014-05-21 16:55 - 2014-05-14 01:40 - 00126280 _____ () C:\Program Files\Google\Chrome\Application\35.0.1916.114\libegl.dll
2014-05-21 16:55 - 2014-05-14 01:40 - 04217672 _____ () C:\Program Files\Google\Chrome\Application\35.0.1916.114\pdf.dll
2014-05-21 16:55 - 2014-05-14 01:40 - 00414536 _____ () C:\Program Files\Google\Chrome\Application\35.0.1916.114\ppGoogleNaClPluginChrome.dll
2014-05-21 16:55 - 2014-05-14 01:40 - 01732424 _____ () C:\Program Files\Google\Chrome\Application\35.0.1916.114\ffmpegsumo.dll
2014-05-21 16:55 - 2014-05-14 01:40 - 13695816 _____ () C:\Program Files\Google\Chrome\Application\35.0.1916.114\PepperFlash\pepflashplayer.dll
==================== Alternate Data Streams (whitelisted) =========
==================== Safe Mode (whitelisted) ===================
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CleanHlp => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CleanHlp.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\CleanHlp => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\CleanHlp.sys => ""="Driver"
==================== EXE Association (whitelisted) =============
==================== Disabled items from MSCONFIG ==============
==================== Faulty Device Manager Devices =============
Name: Microsoft-Adapter für Miniports virtueller WiFis
Description: Microsoft-Adapter für Miniports virtueller WiFis
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: vwifimp
Problem: : Windows has stopped this device because it has reported problems. (Code 43)
Resolution: One of the drivers controlling the device notified the operating system that the device failed in some manner. For more information about how to diagnose the problem, see the hardware documentation.
==================== Event log errors: =========================
Application errors:
==================
Error: (05/13/2014 05:43:20 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: csgo.exe, Version: 0.0.0.0, Zeitstempel: 0x53628ca7
Name des fehlerhaften Moduls: tier0.dll, Version: 0.0.0.0, Zeitstempel: 0x5362c098
Ausnahmecode: 0x40000015
Fehleroffset: 0x0002181e
ID des fehlerhaften Prozesses: 0x15c
Startzeit der fehlerhaften Anwendung: 0xcsgo.exe0
Pfad der fehlerhaften Anwendung: csgo.exe1
Pfad des fehlerhaften Moduls: csgo.exe2
Berichtskennung: csgo.exe3
Error: (05/12/2014 09:16:23 PM) (Source: VSS) (EventID: 8194) (User: )
Description: Volumeschattenkopie-Dienstfehler: Beim Abfragen nach der Schnittstelle "IVssWriterCallback" ist ein unerwarteter Fehler aufgetreten. hr = 0x80070005, Zugriff verweigert
.
Die Ursache hierfür ist oft eine falsche Sicherheitseinstellung im Schreib- oder Anfrageprozess.
Vorgang:
Generatordaten werden gesammelt
Kontext:
Generatorklassen-ID: {e8132975-6f93-4464-a53e-1050253ae220}
Generatorname: System Writer
Generatorinstanz-ID: {48d14729-e79d-4fdb-be73-2efe5d33eaff}
Error: (05/12/2014 09:15:28 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: csgo.exe, Version: 0.0.0.0, Zeitstempel: 0x53628ca7
Name des fehlerhaften Moduls: tier0.dll, Version: 0.0.0.0, Zeitstempel: 0x5362c098
Ausnahmecode: 0x40000015
Fehleroffset: 0x0002181e
ID des fehlerhaften Prozesses: 0x1524
Startzeit der fehlerhaften Anwendung: 0xcsgo.exe0
Pfad der fehlerhaften Anwendung: csgo.exe1
Pfad des fehlerhaften Moduls: csgo.exe2
Berichtskennung: csgo.exe3
Error: (05/07/2014 05:07:08 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm rads_user_kernel.exe, Version 0.0.0.0 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.
Prozess-ID: a00
Startzeit: 01cf6a05f6fad44e
Endzeit: 3
Anwendungspfad: C:\Riot Games\League of Legends\RADS\system\rads_user_kernel.exe
Berichts-ID: 3b5191ca-d5f9-11e3-a131-6c626d8af7c3
Error: (04/27/2014 06:54:58 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm rads_user_kernel.exe, Version 0.0.0.0 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.
Prozess-ID: 15b0
Startzeit: 01cf6239670a735d
Endzeit: 3
Anwendungspfad: C:\Riot Games\League of Legends\RADS\system\rads_user_kernel.exe
Berichts-ID: a8439d55-ce2c-11e3-9fab-6c626d8af7c3
Error: (04/27/2014 06:09:34 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: AC3SP.exe, Version: 0.0.0.0, Zeitstempel: 0x5155b7ef
Name des fehlerhaften Moduls: ubiorbitapi_r2.dll, Version: 4.4.1.2822, Zeitstempel: 0x535a50f6
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00009024
ID des fehlerhaften Prozesses: 0xa68
Startzeit der fehlerhaften Anwendung: 0xAC3SP.exe0
Pfad der fehlerhaften Anwendung: AC3SP.exe1
Pfad des fehlerhaften Moduls: AC3SP.exe2
Berichtskennung: AC3SP.exe3
Error: (04/27/2014 11:00:48 AM) (Source: Steam Client Service) (EventID: 1) (User: )
Description: Error: Failed to poke open firewall
Error: (04/27/2014 10:59:17 AM) (Source: Steam Client Service) (EventID: 1) (User: )
Description: Error: Failed to poke open firewall
Error: (04/26/2014 06:43:45 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm rads_user_kernel.exe, Version 0.0.0.0 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.
Prozess-ID: 1418
Startzeit: 01cf616ea2e75868
Endzeit: 29
Anwendungspfad: C:\Riot Games\League of Legends\RADS\system\rads_user_kernel.exe
Berichts-ID: eb44577c-cd61-11e3-8632-6c626d8af7c3
Error: (04/25/2014 00:32:50 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm rads_user_kernel.exe, Version 0.0.0.0 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.
Prozess-ID: 350
Startzeit: 01cf6071af1442ce
Endzeit: 1
Anwendungspfad: C:\Riot Games\League of Legends\RADS\system\rads_user_kernel.exe
Berichts-ID: f0f1a987-cc64-11e3-984b-6c626d8af7c3
System errors:
=============
Error: (06/02/2014 08:55:23 PM) (Source: WMPNetworkSvc) (EventID: 14332) (User: )
Description: WMPNetworkSvc0x80070422
Error: (06/02/2014 08:55:18 PM) (Source: ipnathlp) (EventID: 31004) (User: )
Description: 0
Error: (06/02/2014 02:41:56 PM) (Source: WMPNetworkSvc) (EventID: 14332) (User: )
Description: WMPNetworkSvc0x80070422
Error: (06/02/2014 02:40:56 PM) (Source: WMPNetworkSvc) (EventID: 14332) (User: )
Description: WMPNetworkSvc0x80070422
Error: (06/02/2014 02:40:51 PM) (Source: ipnathlp) (EventID: 31004) (User: )
Description: 0
Error: (06/02/2014 02:40:49 PM) (Source: ipnathlp) (EventID: 31004) (User: )
Description: 0
Error: (06/02/2014 01:19:44 PM) (Source: WMPNetworkSvc) (EventID: 14332) (User: )
Description: WMPNetworkSvc0x80070422
Error: (06/01/2014 06:03:52 PM) (Source: WMPNetworkSvc) (EventID: 14332) (User: )
Description: WMPNetworkSvc0x80070422
Error: (06/01/2014 06:03:48 PM) (Source: WMPNetworkSvc) (EventID: 14332) (User: )
Description: WMPNetworkSvc0x80070422
Error: (06/01/2014 06:03:43 PM) (Source: ipnathlp) (EventID: 31004) (User: )
Description: 0
Microsoft Office Sessions:
=========================
==================== Memory info ===========================
Percentage of memory in use: 45%
Total physical RAM: 3063.11 MB
Available physical RAM: 1657.73 MB
Total Pagefile: 6124.52 MB
Available Pagefile: 3656.27 MB
Total Virtual: 2047.88 MB
Available Virtual: 1897.14 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:1356.17 GB) (Free:1193.33 GB) NTFS
Drive d: (Recover) (Fixed) (Total:40 GB) (Free:1.57 GB) NTFS
Drive j: () (Removable) (Total:1.86 GB) (Free:1.72 GB) FAT
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 1397 GB) (Disk ID: 2BD2C32A)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=-742852132864) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=40 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=1 GB) - (Type=12)
========================================================
Disk: 4 (Size: 2 GB) (Disk ID: 00887956)
Partition 1: (Active) - (Size=2 GB) - (Type=0E)
==================== End Of Log ============================
Geändert von kebin (02.06.2014 um 20:19 Uhr) |
|
03.06.2014, 18:41
| #4 |
| /// the machine /// TB-Ausbilder | Mein yahoo email-account verschickt SPAM an meine Kontakte Downloade Dir bitte  Malwarebytes Anti-Malware
Downloade Dir bitte  AdwCleaner auf deinen Desktop.
Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
und ein frisches FRST log bitte.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
03.06.2014, 20:58
| #5 |
| | Mein yahoo email-account verschickt SPAM an meine Kontakte Danke für deine schnelle Hilfe. mbam.txt Code:
ATTFilter Malwarebytes Anti-Malware www.malwarebytes.org Suchlauf Datum: 03.06.2014 Suchlauf-Zeit: 18:39:05 Logdatei: mbam.txt Administrator: Ja Version: 2.00.2.1012 Malware Datenbank: v2014.06.03.05 Rootkit Datenbank: v2014.06.02.01 Lizenz: Testversion Malware Schutz: Aktiviert Bösartiger Webseiten Schutz: Aktiviert Self-protection: Deaktiviert Betriebssystem: Windows 7 Service Pack 1 CPU: x86 Dateisystem: NTFS Benutzer: kebin Suchlauf-Art: Bedrohungs-Suchlauf Ergebnis: Abgeschlossen Durchsuchte Objekte: 309763 Verstrichene Zeit: 2 Std, 44 Min, 49 Sek Speicher: Aktiviert Autostart: Aktiviert Dateisystem: Aktiviert Archive: Aktiviert Rootkits: Deaktiviert Heuristics: Aktiviert PUP: Aktiviert PUM: Aktiviert Prozesse: 0 (No malicious items detected) Module: 0 (No malicious items detected) Registrierungsschlüssel: 6 PUP.Optional.OutBrowse, HKLM\SOFTWARE\CLASSES\TYPELIB\{DCABB943-792E-44C4-9029-ECBEE6265AF9}, In Quarantäne, [3dd4a7cd6714ed49d6149f9950b2d32d], PUP.Optional.OutBrowse, HKLM\SOFTWARE\CLASSES\INTERFACE\{3408AC0D-510E-4808-8F7B-6B70B1F88534}, In Quarantäne, [3dd4a7cd6714ed49d6149f9950b2d32d], PUP.Optional.Zwangi, HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{47AE1BA9-0BD1-44F4-88AE-45F8F7B605EF}, Löschen bei Neustart, [020f21531e5d4fe7e540b588758d06fa], PUP.Optional.PlusHD.A, HKLM\SOFTWARE\Plus-HD-4.5, In Quarantäne, [37da7df7d7a47cba4a65b204bd454ab6], PUP.Optional.CrossRider.A, HKU\S-1-5-21-3919152501-1714073753-3578707811-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\Crossrider, Löschen bei Neustart, [eb26b5bf3d3e71c53934d509ed1648b8], PUP.Optional.FilesFrog.A, HKU\S-1-5-21-3919152501-1714073753-3578707811-501-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\BI, Löschen bei Neustart, [7c95571ddc9f0d292058953a000321df], Registrierungswerte: 8 PUP.Optional.VBates, HKLM\SOFTWARE\MOZILLA\FIREFOX\EXTENSIONS\{21EAF666-26B3-4a3c-ABD0-CA2F5A326744}, In Quarantäne, [db3680f4bbc09f97e90fb88131d1e818], PUP.Optional.VBates, HKLM\SOFTWARE\MOZILLA\FIREFOX\EXTENSIONS|{21EAF666-26B3-4A3C-ABD0-CA2F5A326744}, C:\Program Files\V-bates\Firefox, In Quarantäne, [db3680f4bbc09f97e90fb88131d1e818] PUP.Optional.VBates, HKLM\SOFTWARE\WOW6432NODE\MOZILLA\FIREFOX\EXTENSIONS|{21EAF666-26B3-4A3C-ABD0-CA2F5A326744}, C:\Program Files\V-bates\Firefox, In Quarantäne, [db3680f4bbc09f97e90fb88131d1e818] PUP.Optional.VBates, HKLM\SOFTWARE\WOW6432NODE\MOZILLA\FIREFOX\EXTENSIONS\{21EAF666-26B3-4a3c-ABD0-CA2F5A326744}, In Quarantäne, [e42d373d304bde581edac6736c969a66], PUP.BProtector, HKU\S-1-5-21-3919152501-1714073753-3578707811-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|bProtector Start Page, hxxp://www1.delta-search.com/?babsrc=HP_ss&mntrId=D2636C626D8AF7C3&affID=120517&tt=160713_9127&tsp=4945, Löschen bei Neustart, [0b06c6ae9fdc181ea82818b1986be917] PUP.BProtector, HKU\S-1-5-21-3919152501-1714073753-3578707811-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES|bProtectorDefaultScope, {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}, Löschen bei Neustart, [ef226c08b8c3092defe29039838043bd] PUP.Optional.Wajam.A, HKU\S-1-5-21-3919152501-1714073753-3578707811-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MOZILLA\FIREFOX\EXTENSIONS|{5a95a9e0-59dd-4314-bd84-4d18ca83a0e2}, C:\Program Files\Wajam\Firefox\{5a95a9e0-59dd-4314-bd84-4d18ca83a0e2}.xpi, Löschen bei Neustart, [a869d59fc4b7e452372e4851dd258f71] PUP.Optional.FilesFrog.A, HKU\S-1-5-21-3919152501-1714073753-3578707811-501-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\BI|ui_path_filesfrog, HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\FilesFrog Update Checker, Löschen bei Neustart, [7c95571ddc9f0d292058953a000321df] Registrierungsdaten: 10 PUP.Optional.Qvo6.A, HKLM\SOFTWARE\CLIENTS\STARTMENUINTERNET\IEXPLORE.EXE\SHELL\OPEN\COMMAND, C:\Program Files\Internet Explorer\iexplore.exe hxxp://www.qvo6.com/?utm_source=b&utm_medium=vtt&from=vtt&uid=WDCXWD15EARS-00MVWB0_WD-WMAZA083549035490&ts=1373373982, Gut: (iexplore.exe), Schlecht: (C:\Program Files\Internet Explorer\iexplore.exe hxxp://www.qvo6.com/?utm_source=b&utm_medium=vtt&from=vtt&uid=WDCXWD15EARS-00MVWB0_WD-WMAZA083549035490&ts=1373373982),Ersetzt,[49c8b0c4cab154e28685bfa96d97926e] Hijack.StartPage, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Default_Page_URL, hxxp://www.qvo6.com/?utm_source=b&utm_medium=vtt&from=vtt&uid=WDCXWD15EARS-00MVWB0_WD-WMAZA083549035490&ts=1373376527, Gut: (hxxp://www.google.com), Schlecht: (hxxp://www.qvo6.com/?utm_source=b&utm_medium=vtt&from=vtt&uid=WDCXWD15EARS-00MVWB0_WD-WMAZA083549035490&ts=1373376527),Ersetzt,[f0219fd5f3889c9a24ee6502ab5948b8] Hijack.StartPage, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Start Page, hxxp://www.qvo6.com/?utm_source=b&utm_medium=vtt&from=vtt&uid=WDCXWD15EARS-00MVWB0_WD-WMAZA083549035490&ts=1373376527, Gut: (hxxp://www.google.com), Schlecht: (hxxp://www.qvo6.com/?utm_source=b&utm_medium=vtt&from=vtt&uid=WDCXWD15EARS-00MVWB0_WD-WMAZA083549035490&ts=1373376527),Ersetzt,[52bfd4a05c1fad89e729481f887c7987] PUP.Optional.SnapDo.A, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHURL|Default, hxxp://feed.snapdo.com/?publisher=VertiTechnologyYB&dpid=VertiTechnologyYB&co=DE&userid=67df9fbc-4fcc-49d5-9d21-2130fbe62346&searchtype=ds&q={searchTerms}&installDate=01/01/1970, Gut: (www.google.com), Schlecht: (hxxp://feed.snapdo.com/?publisher=VertiTechnologyYB&dpid=VertiTechnologyYB&co=DE&userid=67df9fbc-4fcc-49d5-9d21-2130fbe62346&searchtype=ds&q={searchTerms}&installDate=01/01/1970),Ersetzt,[18f921537803072ff881fe5faf5519e7] PUP.Optional.Snapdo, HKU\S-1-5-21-3919152501-1714073753-3578707811-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Search Page, hxxp://feed.snapdo.com/?publisher=VertiTechnologyYB&dpid=VertiTechnologyYB&co=DE&userid=67df9fbc-4fcc-49d5-9d21-2130fbe62346&searchtype=ds&q={searchTerms}&installDate=01/01/1970, Gut: (hxxp://www.google.com), Schlecht: (hxxp://feed.snapdo.com/?publisher=VertiTechnologyYB&dpid=VertiTechnologyYB&co=DE&userid=67df9fbc-4fcc-49d5-9d21-2130fbe62346&searchtype=ds&q={searchTerms}&installDate=01/01/1970),Löschen bei Neustart,[6da41a5a1f5cc3733ea1442234d053ad] PUP.Optional.Snapdo, HKU\S-1-5-21-3919152501-1714073753-3578707811-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Search Bar, hxxp://feed.snapdo.com/?publisher=VertiTechnologyYB&dpid=VertiTechnologyYB&co=DE&userid=67df9fbc-4fcc-49d5-9d21-2130fbe62346&searchtype=ds&q={searchTerms}&installDate=01/01/1970, Gut: (hxxp://www.google.com), Schlecht: (hxxp://feed.snapdo.com/?publisher=VertiTechnologyYB&dpid=VertiTechnologyYB&co=DE&userid=67df9fbc-4fcc-49d5-9d21-2130fbe62346&searchtype=ds&q={searchTerms}&installDate=01/01/1970),Löschen bei Neustart,[5eb3f381f08b989e9d411b4b30d443bd] Hijack.StartPage, HKU\S-1-5-21-3919152501-1714073753-3578707811-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Default_Page_URL, hxxp://www.qvo6.com/?utm_source=b&utm_medium=vtt&from=vtt&uid=WDCXWD15EARS-00MVWB0_WD-WMAZA083549035490&ts=1373376527, Gut: (hxxp://www.google.com), Schlecht: (hxxp://www.qvo6.com/?utm_source=b&utm_medium=vtt&from=vtt&uid=WDCXWD15EARS-00MVWB0_WD-WMAZA083549035490&ts=1373376527),Löschen bei Neustart,[e22f353f245765d1e52c3235fe062dd3] PUP.Optional.Snapdo, HKU\S-1-5-21-3919152501-1714073753-3578707811-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCH|Default_Search_URL, hxxp://feed.snapdo.com/?publisher=VertiTechnologyYB&dpid=VertiTechnologyYB&co=DE&userid=67df9fbc-4fcc-49d5-9d21-2130fbe62346&searchtype=ds&q={searchTerms}&installDate=01/01/1970, Gut: (hxxp://www.google.com), Schlecht: (hxxp://feed.snapdo.com/?publisher=VertiTechnologyYB&dpid=VertiTechnologyYB&co=DE&userid=67df9fbc-4fcc-49d5-9d21-2130fbe62346&searchtype=ds&q={searchTerms}&installDate=01/01/1970),Löschen bei Neustart,[ad64db99a9d287af04dd85e107fd3bc5] PUP.Optional.Snapdo, HKU\S-1-5-21-3919152501-1714073753-3578707811-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCH|SearchAssistant, hxxp://feed.snapdo.com/?publisher=VertiTechnologyYB&dpid=VertiTechnologyYB&co=DE&userid=67df9fbc-4fcc-49d5-9d21-2130fbe62346&searchtype=ds&q={searchTerms}&installDate=01/01/1970, Gut: (hxxp://www.google.com), Schlecht: (hxxp://feed.snapdo.com/?publisher=VertiTechnologyYB&dpid=VertiTechnologyYB&co=DE&userid=67df9fbc-4fcc-49d5-9d21-2130fbe62346&searchtype=ds&q={searchTerms}&installDate=01/01/1970),Löschen bei Neustart,[947d056f017a3bfb6b772d39cb3926da] PUP.Optional.SnapDo.A, HKU\S-1-5-21-3919152501-1714073753-3578707811-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHURL|Default, hxxp://feed.snapdo.com/?publisher=VertiTechnologyYB&dpid=VertiTechnologyYB&co=DE&userid=67df9fbc-4fcc-49d5-9d21-2130fbe62346&searchtype=ds&q={searchTerms}&installDate=01/01/1970, Gut: (www.google.com), Schlecht: (hxxp://feed.snapdo.com/?publisher=VertiTechnologyYB&dpid=VertiTechnologyYB&co=DE&userid=67df9fbc-4fcc-49d5-9d21-2130fbe62346&searchtype=ds&q={searchTerms}&installDate=01/01/1970),Löschen bei Neustart,[7998571dbfbc092d3b3f8ecfa36126da] Ordner: 18 PUP.Optional.Conduit.A, C:\Users\kebin\AppData\Local\Temp\ct3288691, In Quarantäne, [2be6f57fd3a8c27400e4522e7b87b54b], PUP.Optional.Conduit.A, C:\Users\kebin\AppData\Local\Temp\ct3297265, In Quarantäne, [5eb33341631845f140a4433d966c38c8], PUP.Optional.Conduit.A, C:\Users\kebin\AppData\Local\Temp\ct3297861, In Quarantäne, [f1206b094c2fb581ba2a651bc83a55ab], PUP.Optional.CrossRider.A, C:\Users\kebin\AppData\Local\Updater21058, In Quarantäne, [4dc45f15ec8f9e98ee6e7310ba48837d], PUP.Optional.CrossRider.A, C:\Users\kebin\AppData\Roaming\Mozilla\Firefox\Profiles\olbrdq18.default\extensions\a892fa08-2d07-49e8-adce-f650222629ca@82592752-c212-4885-b999-cb2a1d2f9d09.com, In Quarantäne, [45cce09493e8e84ee71e572f48ba0af6], PUP.Optional.CrossRider.A, C:\Users\kebin\AppData\Roaming\Mozilla\Firefox\Profiles\olbrdq18.default\extensions\a892fa08-2d07-49e8-adce-f650222629ca@82592752-c212-4885-b999-cb2a1d2f9d09.com\chrome, In Quarantäne, [45cce09493e8e84ee71e572f48ba0af6], PUP.Optional.CrossRider.A, C:\Users\kebin\AppData\Roaming\Mozilla\Firefox\Profiles\olbrdq18.default\extensions\a892fa08-2d07-49e8-adce-f650222629ca@82592752-c212-4885-b999-cb2a1d2f9d09.com\chrome\content, In Quarantäne, [45cce09493e8e84ee71e572f48ba0af6], PUP.Optional.CrossRider.A, C:\Users\kebin\AppData\Roaming\Mozilla\Firefox\Profiles\olbrdq18.default\extensions\a892fa08-2d07-49e8-adce-f650222629ca@82592752-c212-4885-b999-cb2a1d2f9d09.com\chrome\content\api, In Quarantäne, [45cce09493e8e84ee71e572f48ba0af6], PUP.Optional.CrossRider.A, C:\Users\kebin\AppData\Roaming\Mozilla\Firefox\Profiles\olbrdq18.default\extensions\a892fa08-2d07-49e8-adce-f650222629ca@82592752-c212-4885-b999-cb2a1d2f9d09.com\chrome\content\core, In Quarantäne, [45cce09493e8e84ee71e572f48ba0af6], PUP.Optional.CrossRider.A, C:\Users\kebin\AppData\Roaming\Mozilla\Firefox\Profiles\olbrdq18.default\extensions\a892fa08-2d07-49e8-adce-f650222629ca@82592752-c212-4885-b999-cb2a1d2f9d09.com\defaults, In Quarantäne, [45cce09493e8e84ee71e572f48ba0af6], PUP.Optional.CrossRider.A, C:\Users\kebin\AppData\Roaming\Mozilla\Firefox\Profiles\olbrdq18.default\extensions\a892fa08-2d07-49e8-adce-f650222629ca@82592752-c212-4885-b999-cb2a1d2f9d09.com\defaults\preferences, In Quarantäne, [45cce09493e8e84ee71e572f48ba0af6], PUP.Optional.CrossRider.A, C:\Users\kebin\AppData\Roaming\Mozilla\Firefox\Profiles\olbrdq18.default\extensions\a892fa08-2d07-49e8-adce-f650222629ca@82592752-c212-4885-b999-cb2a1d2f9d09.com\extensionData, In Quarantäne, [45cce09493e8e84ee71e572f48ba0af6], PUP.Optional.CrossRider.A, C:\Users\kebin\AppData\Roaming\Mozilla\Firefox\Profiles\olbrdq18.default\extensions\a892fa08-2d07-49e8-adce-f650222629ca@82592752-c212-4885-b999-cb2a1d2f9d09.com\extensionData\plugins, In Quarantäne, [45cce09493e8e84ee71e572f48ba0af6], PUP.Optional.CrossRider.A, C:\Users\kebin\AppData\Roaming\Mozilla\Firefox\Profiles\olbrdq18.default\extensions\a892fa08-2d07-49e8-adce-f650222629ca@82592752-c212-4885-b999-cb2a1d2f9d09.com\extensionData\userCode, In Quarantäne, [45cce09493e8e84ee71e572f48ba0af6], PUP.Optional.CrossRider.A, C:\Users\kebin\AppData\Roaming\Mozilla\Firefox\Profiles\olbrdq18.default\extensions\a892fa08-2d07-49e8-adce-f650222629ca@82592752-c212-4885-b999-cb2a1d2f9d09.com\locale, In Quarantäne, [45cce09493e8e84ee71e572f48ba0af6], PUP.Optional.CrossRider.A, C:\Users\kebin\AppData\Roaming\Mozilla\Firefox\Profiles\olbrdq18.default\extensions\a892fa08-2d07-49e8-adce-f650222629ca@82592752-c212-4885-b999-cb2a1d2f9d09.com\locale\en-US, In Quarantäne, [45cce09493e8e84ee71e572f48ba0af6], PUP.Optional.CrossRider.A, C:\Users\kebin\AppData\Roaming\Mozilla\Firefox\Profiles\olbrdq18.default\extensions\a892fa08-2d07-49e8-adce-f650222629ca@82592752-c212-4885-b999-cb2a1d2f9d09.com\skin, In Quarantäne, [45cce09493e8e84ee71e572f48ba0af6], PUP.Optional.PlusHD.A, C:\Program Files\Plus-HD-4.5, In Quarantäne, [35dccba94a31dc5ae96807804eb4bb45], Dateien: 139 PUP.Optional.E7, C:\Users\kebin\AppData\Roaming\eIntaller\24A49A9502EA478b890445B08B958055\Desk365.exe, In Quarantäne, [cb4681f38eed8aac3669db430cf455ab], PUP.Optional.E7, C:\Users\kebin\AppData\Roaming\eIntaller\A27FA4BE44DE4315AC0ECEF4B05FF221\Desk365.exe, In Quarantäne, [b25fb9bbe59694a29c03ce50837d4cb4], PUP.Optional.SearchProtect.A, C:\Users\kebin\AppData\Local\Temp\nsk196A.exe, In Quarantäne, [20f1d0a493e8f44243b09d8dc0410af6], PUP.Optional.SearchProtect.A, C:\Users\kebin\AppData\Local\Temp\nsk1F36.exe, In Quarantäne, [dd34096b17643204ad465bcf58a9a65a], PUP.Optional.SearchProtect.A, C:\Users\kebin\AppData\Local\Temp\nskE4B0.exe, In Quarantäne, [37dafa7a16659c9a53a045e5669b26da], PUP.Optional.SearchProtect.A, C:\Users\kebin\AppData\Local\Temp\nspE210.exe, In Quarantäne, [3bd60b697803ce685e95e644e918946c], PUP.Optional.SearchProtect.A, C:\Users\kebin\AppData\Local\Temp\nstBEE7.exe, In Quarantäne, [a8693f357ffc62d4589b7ab00cf59b65], PUP.Optional.SearchProtect.A, C:\Users\kebin\AppData\Local\Temp\nsu1C67.exe, In Quarantäne, [809173013a419d99ca298aa0c33e9868], PUP.Optional.SearchProtect.A, C:\Users\kebin\AppData\Local\Temp\nszDF41.exe, In Quarantäne, [9e73e490cab1979f1fd48d9dd52c30d0], PUP.Optional.VBates.A, C:\Users\kebin\AppData\Local\Temp\v-bates.exe, In Quarantäne, [b65b096b780362d47a109aabef11ed13], PUP.Optional.Conduit.A, C:\Users\kebin\AppData\Local\Temp\nszAA3C\SpSetup.exe, In Quarantäne, [7c955420b1cae45207dc53cc14ed25db], PUP.Optional.Superfish.A, C:\Users\kebin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.superfish.com_0.localstorage, In Quarantäne, [fd14e68ee398fd3936d3cecd1ee4a957], PUP.Optional.Superfish.A, C:\Users\kebin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.superfish.com_0.localstorage-journal, In Quarantäne, [6da48ee63942e0562ddc4b50c0421ce4], PUP.Optional.PCPerformer.A, C:\Windows\System32\roboot.exe, In Quarantäne, [cb46571de7940f27de0ef8d2729118e8], PUP.Optional.BProtector.A, C:\Users\kebin\AppData\Local\Google\Chrome\User Data\Default\bProtectorPreferences, In Quarantäne, [937e6113b6c551e537f24e7fe71cbd43], PUP.Optional.PricePeep.A, C:\Users\kebin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_licjnkifamhpbaefhdpacpmihicfbomb_0.localstorage, In Quarantäne, [61b0cca8d0abcd698bb8d0182fd45ea2], PUP.Optional.PricePeep.A, C:\Users\kebin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_licjnkifamhpbaefhdpacpmihicfbomb_0.localstorage-journal, In Quarantäne, [957c581c5625ed49a0a32abefb08956b], PUP.Optional.Conduit.A, C:\Users\kebin\AppData\Local\Temp\ct3288691\chromeid.txt, In Quarantäne, [2be6f57fd3a8c27400e4522e7b87b54b], PUP.Optional.Conduit.A, C:\Users\kebin\AppData\Local\Temp\ct3288691\setup.ini.txt, In Quarantäne, [2be6f57fd3a8c27400e4522e7b87b54b], PUP.Optional.Conduit.A, C:\Users\kebin\AppData\Local\Temp\ct3297265\ism.exe, In Quarantäne, [5eb33341631845f140a4433d966c38c8], PUP.Optional.Conduit.A, C:\Users\kebin\AppData\Local\Temp\ct3297861\chromeid.txt, In Quarantäne, [f1206b094c2fb581ba2a651bc83a55ab], PUP.Optional.Conduit.A, C:\Users\kebin\AppData\Local\Temp\ct3297861\setup.ini.txt, In Quarantäne, [f1206b094c2fb581ba2a651bc83a55ab], PUP.Optional.CrossRider.A, C:\Users\kebin\AppData\Roaming\Mozilla\Firefox\Profiles\olbrdq18.default\extensions\a892fa08-2d07-49e8-adce-f650222629ca@82592752-c212-4885-b999-cb2a1d2f9d09.com\chrome.manifest, In Quarantäne, [45cce09493e8e84ee71e572f48ba0af6], PUP.Optional.CrossRider.A, C:\Users\kebin\AppData\Roaming\Mozilla\Firefox\Profiles\olbrdq18.default\extensions\a892fa08-2d07-49e8-adce-f650222629ca@82592752-c212-4885-b999-cb2a1d2f9d09.com\install.rdf, In Quarantäne, [45cce09493e8e84ee71e572f48ba0af6], PUP.Optional.CrossRider.A, C:\Users\kebin\AppData\Roaming\Mozilla\Firefox\Profiles\olbrdq18.default\extensions\a892fa08-2d07-49e8-adce-f650222629ca@82592752-c212-4885-b999-cb2a1d2f9d09.com\chrome\content\api.js, In Quarantäne, [45cce09493e8e84ee71e572f48ba0af6], PUP.Optional.CrossRider.A, C:\Users\kebin\AppData\Roaming\Mozilla\Firefox\Profiles\olbrdq18.default\extensions\a892fa08-2d07-49e8-adce-f650222629ca@82592752-c212-4885-b999-cb2a1d2f9d09.com\chrome\content\background.html, In Quarantäne, [45cce09493e8e84ee71e572f48ba0af6], PUP.Optional.CrossRider.A, C:\Users\kebin\AppData\Roaming\Mozilla\Firefox\Profiles\olbrdq18.default\extensions\a892fa08-2d07-49e8-adce-f650222629ca@82592752-c212-4885-b999-cb2a1d2f9d09.com\chrome\content\baseObject.js, In Quarantäne, [45cce09493e8e84ee71e572f48ba0af6], PUP.Optional.CrossRider.A, C:\Users\kebin\AppData\Roaming\Mozilla\Firefox\Profiles\olbrdq18.default\extensions\a892fa08-2d07-49e8-adce-f650222629ca@82592752-c212-4885-b999-cb2a1d2f9d09.com\chrome\content\browser.xul, In Quarantäne, [45cce09493e8e84ee71e572f48ba0af6], PUP.Optional.CrossRider.A, C:\Users\kebin\AppData\Roaming\Mozilla\Firefox\Profiles\olbrdq18.default\extensions\a892fa08-2d07-49e8-adce-f650222629ca@82592752-c212-4885-b999-cb2a1d2f9d09.com\chrome\content\dialog.js, In Quarantäne, [45cce09493e8e84ee71e572f48ba0af6], PUP.Optional.CrossRider.A, C:\Users\kebin\AppData\Roaming\Mozilla\Firefox\Profiles\olbrdq18.default\extensions\a892fa08-2d07-49e8-adce-f650222629ca@82592752-c212-4885-b999-cb2a1d2f9d09.com\chrome\content\ffCoreFilesIndex.txt, In Quarantäne, [45cce09493e8e84ee71e572f48ba0af6], PUP.Optional.CrossRider.A, C:\Users\kebin\AppData\Roaming\Mozilla\Firefox\Profiles\olbrdq18.default\extensions\a892fa08-2d07-49e8-adce-f650222629ca@82592752-c212-4885-b999-cb2a1d2f9d09.com\chrome\content\main.js, In Quarantäne, [45cce09493e8e84ee71e572f48ba0af6], PUP.Optional.CrossRider.A, C:\Users\kebin\AppData\Roaming\Mozilla\Firefox\Profiles\olbrdq18.default\extensions\a892fa08-2d07-49e8-adce-f650222629ca@82592752-c212-4885-b999-cb2a1d2f9d09.com\chrome\content\options.js, In Quarantäne, [45cce09493e8e84ee71e572f48ba0af6], PUP.Optional.CrossRider.A, C:\Users\kebin\AppData\Roaming\Mozilla\Firefox\Profiles\olbrdq18.default\extensions\a892fa08-2d07-49e8-adce-f650222629ca@82592752-c212-4885-b999-cb2a1d2f9d09.com\chrome\content\options.xul, In Quarantäne, [45cce09493e8e84ee71e572f48ba0af6], PUP.Optional.CrossRider.A, C:\Users\kebin\AppData\Roaming\Mozilla\Firefox\Profiles\olbrdq18.default\extensions\a892fa08-2d07-49e8-adce-f650222629ca@82592752-c212-4885-b999-cb2a1d2f9d09.com\chrome\content\platformVersion.js, In Quarantäne, [45cce09493e8e84ee71e572f48ba0af6], PUP.Optional.CrossRider.A, C:\Users\kebin\AppData\Roaming\Mozilla\Firefox\Profiles\olbrdq18.default\extensions\a892fa08-2d07-49e8-adce-f650222629ca@82592752-c212-4885-b999-cb2a1d2f9d09.com\chrome\content\search_dialog.xul, In Quarantäne, [45cce09493e8e84ee71e572f48ba0af6], PUP.Optional.CrossRider.A, C:\Users\kebin\AppData\Roaming\Mozilla\Firefox\Profiles\olbrdq18.default\extensions\a892fa08-2d07-49e8-adce-f650222629ca@82592752-c212-4885-b999-cb2a1d2f9d09.com\chrome\content\api\asyncDB.js, In Quarantäne, [45cce09493e8e84ee71e572f48ba0af6], PUP.Optional.CrossRider.A, C:\Users\kebin\AppData\Roaming\Mozilla\Firefox\Profiles\olbrdq18.default\extensions\a892fa08-2d07-49e8-adce-f650222629ca@82592752-c212-4885-b999-cb2a1d2f9d09.com\chrome\content\api\background.js, In Quarantäne, [45cce09493e8e84ee71e572f48ba0af6], PUP.Optional.CrossRider.A, C:\Users\kebin\AppData\Roaming\Mozilla\Firefox\Profiles\olbrdq18.default\extensions\a892fa08-2d07-49e8-adce-f650222629ca@82592752-c212-4885-b999-cb2a1d2f9d09.com\chrome\content\api\browserAction.js, In Quarantäne, [45cce09493e8e84ee71e572f48ba0af6], PUP.Optional.CrossRider.A, C:\Users\kebin\AppData\Roaming\Mozilla\Firefox\Profiles\olbrdq18.default\extensions\a892fa08-2d07-49e8-adce-f650222629ca@82592752-c212-4885-b999-cb2a1d2f9d09.com\chrome\content\api\contextMenu.js, In Quarantäne, [45cce09493e8e84ee71e572f48ba0af6], PUP.Optional.CrossRider.A, C:\Users\kebin\AppData\Roaming\Mozilla\Firefox\Profiles\olbrdq18.default\extensions\a892fa08-2d07-49e8-adce-f650222629ca@82592752-c212-4885-b999-cb2a1d2f9d09.com\chrome\content\api\dbManager.js, In Quarantäne, [45cce09493e8e84ee71e572f48ba0af6], PUP.Optional.CrossRider.A, C:\Users\kebin\AppData\Roaming\Mozilla\Firefox\Profiles\olbrdq18.default\extensions\a892fa08-2d07-49e8-adce-f650222629ca@82592752-c212-4885-b999-cb2a1d2f9d09.com\chrome\content\api\dom_bg.js, In Quarantäne, [45cce09493e8e84ee71e572f48ba0af6], PUP.Optional.CrossRider.A, C:\Users\kebin\AppData\Roaming\Mozilla\Firefox\Profiles\olbrdq18.default\extensions\a892fa08-2d07-49e8-adce-f650222629ca@82592752-c212-4885-b999-cb2a1d2f9d09.com\chrome\content\api\fileManager.js, In Quarantäne, [45cce09493e8e84ee71e572f48ba0af6], PUP.Optional.CrossRider.A, C:\Users\kebin\AppData\Roaming\Mozilla\Firefox\Profiles\olbrdq18.default\extensions\a892fa08-2d07-49e8-adce-f650222629ca@82592752-c212-4885-b999-cb2a1d2f9d09.com\chrome\content\api\firefox.js, In Quarantäne, [45cce09493e8e84ee71e572f48ba0af6], PUP.Optional.CrossRider.A, C:\Users\kebin\AppData\Roaming\Mozilla\Firefox\Profiles\olbrdq18.default\extensions\a892fa08-2d07-49e8-adce-f650222629ca@82592752-c212-4885-b999-cb2a1d2f9d09.com\chrome\content\api\firefoxNotifications.js, In Quarantäne, [45cce09493e8e84ee71e572f48ba0af6], PUP.Optional.CrossRider.A, C:\Users\kebin\AppData\Roaming\Mozilla\Firefox\Profiles\olbrdq18.default\extensions\a892fa08-2d07-49e8-adce-f650222629ca@82592752-c212-4885-b999-cb2a1d2f9d09.com\chrome\content\api\firefoxOmnibox.js, In Quarantäne, [45cce09493e8e84ee71e572f48ba0af6], PUP.Optional.CrossRider.A, C:\Users\kebin\AppData\Roaming\Mozilla\Firefox\Profiles\olbrdq18.default\extensions\a892fa08-2d07-49e8-adce-f650222629ca@82592752-c212-4885-b999-cb2a1d2f9d09.com\chrome\content\api\message.js, In Quarantäne, [45cce09493e8e84ee71e572f48ba0af6], PUP.Optional.CrossRider.A, C:\Users\kebin\AppData\Roaming\Mozilla\Firefox\Profiles\olbrdq18.default\extensions\a892fa08-2d07-49e8-adce-f650222629ca@82592752-c212-4885-b999-cb2a1d2f9d09.com\chrome\content\api\pageAction.js, In Quarantäne, [45cce09493e8e84ee71e572f48ba0af6], PUP.Optional.CrossRider.A, C:\Users\kebin\AppData\Roaming\Mozilla\Firefox\Profiles\olbrdq18.default\extensions\a892fa08-2d07-49e8-adce-f650222629ca@82592752-c212-4885-b999-cb2a1d2f9d09.com\chrome\content\api\request.js, In Quarantäne, [45cce09493e8e84ee71e572f48ba0af6], PUP.Optional.CrossRider.A, C:\Users\kebin\AppData\Roaming\Mozilla\Firefox\Profiles\olbrdq18.default\extensions\a892fa08-2d07-49e8-adce-f650222629ca@82592752-c212-4885-b999-cb2a1d2f9d09.com\chrome\content\api\tabs.js, In Quarantäne, [45cce09493e8e84ee71e572f48ba0af6], PUP.Optional.CrossRider.A, C:\Users\kebin\AppData\Roaming\Mozilla\Firefox\Profiles\olbrdq18.default\extensions\a892fa08-2d07-49e8-adce-f650222629ca@82592752-c212-4885-b999-cb2a1d2f9d09.com\chrome\content\api\webRequest.js, In Quarantäne, [45cce09493e8e84ee71e572f48ba0af6], PUP.Optional.CrossRider.A, C:\Users\kebin\AppData\Roaming\Mozilla\Firefox\Profiles\olbrdq18.default\extensions\a892fa08-2d07-49e8-adce-f650222629ca@82592752-c212-4885-b999-cb2a1d2f9d09.com\chrome\content\api\windowsMessagingHandler.js, In Quarantäne, [45cce09493e8e84ee71e572f48ba0af6], PUP.Optional.CrossRider.A, C:\Users\kebin\AppData\Roaming\Mozilla\Firefox\Profiles\olbrdq18.default\extensions\a892fa08-2d07-49e8-adce-f650222629ca@82592752-c212-4885-b999-cb2a1d2f9d09.com\chrome\content\core\addressBarChangeObserver.js, In Quarantäne, [45cce09493e8e84ee71e572f48ba0af6], PUP.Optional.CrossRider.A, C:\Users\kebin\AppData\Roaming\Mozilla\Firefox\Profiles\olbrdq18.default\extensions\a892fa08-2d07-49e8-adce-f650222629ca@82592752-c212-4885-b999-cb2a1d2f9d09.com\chrome\content\core\console.js, In Quarantäne, [45cce09493e8e84ee71e572f48ba0af6], PUP.Optional.CrossRider.A, C:\Users\kebin\AppData\Roaming\Mozilla\Firefox\Profiles\olbrdq18.default\extensions\a892fa08-2d07-49e8-adce-f650222629ca@82592752-c212-4885-b999-cb2a1d2f9d09.com\chrome\content\core\consts.js, In Quarantäne, [45cce09493e8e84ee71e572f48ba0af6], PUP.Optional.CrossRider.A, C:\Users\kebin\AppData\Roaming\Mozilla\Firefox\Profiles\olbrdq18.default\extensions\a892fa08-2d07-49e8-adce-f650222629ca@82592752-c212-4885-b999-cb2a1d2f9d09.com\chrome\content\core\delegate.js, In Quarantäne, [45cce09493e8e84ee71e572f48ba0af6], PUP.Optional.CrossRider.A, C:\Users\kebin\AppData\Roaming\Mozilla\Firefox\Profiles\olbrdq18.default\extensions\a892fa08-2d07-49e8-adce-f650222629ca@82592752-c212-4885-b999-cb2a1d2f9d09.com\chrome\content\core\extensionDataStore.js, In Quarantäne, [45cce09493e8e84ee71e572f48ba0af6], PUP.Optional.CrossRider.A, C:\Users\kebin\AppData\Roaming\Mozilla\Firefox\Profiles\olbrdq18.default\extensions\a892fa08-2d07-49e8-adce-f650222629ca@82592752-c212-4885-b999-cb2a1d2f9d09.com\chrome\content\core\folderIOWrapper.js, In Quarantäne, [45cce09493e8e84ee71e572f48ba0af6], PUP.Optional.CrossRider.A, C:\Users\kebin\AppData\Roaming\Mozilla\Firefox\Profiles\olbrdq18.default\extensions\a892fa08-2d07-49e8-adce-f650222629ca@82592752-c212-4885-b999-cb2a1d2f9d09.com\chrome\content\core\httpObserver.js, In Quarantäne, [45cce09493e8e84ee71e572f48ba0af6], PUP.Optional.CrossRider.A, C:\Users\kebin\AppData\Roaming\Mozilla\Firefox\Profiles\olbrdq18.default\extensions\a892fa08-2d07-49e8-adce-f650222629ca@82592752-c212-4885-b999-cb2a1d2f9d09.com\chrome\content\core\IDBWrapper.js, In Quarantäne, [45cce09493e8e84ee71e572f48ba0af6], PUP.Optional.CrossRider.A, C:\Users\kebin\AppData\Roaming\Mozilla\Firefox\Profiles\olbrdq18.default\extensions\a892fa08-2d07-49e8-adce-f650222629ca@82592752-c212-4885-b999-cb2a1d2f9d09.com\chrome\content\core\installer.js, In Quarantäne, [45cce09493e8e84ee71e572f48ba0af6], PUP.Optional.CrossRider.A, C:\Users\kebin\AppData\Roaming\Mozilla\Firefox\Profiles\olbrdq18.default\extensions\a892fa08-2d07-49e8-adce-f650222629ca@82592752-c212-4885-b999-cb2a1d2f9d09.com\chrome\content\core\logFile.js, In Quarantäne, [45cce09493e8e84ee71e572f48ba0af6], PUP.Optional.CrossRider.A, C:\Users\kebin\AppData\Roaming\Mozilla\Firefox\Profiles\olbrdq18.default\extensions\a892fa08-2d07-49e8-adce-f650222629ca@82592752-c212-4885-b999-cb2a1d2f9d09.com\chrome\content\core\prefs.js, In Quarantäne, [45cce09493e8e84ee71e572f48ba0af6], PUP.Optional.CrossRider.A, C:\Users\kebin\AppData\Roaming\Mozilla\Firefox\Profiles\olbrdq18.default\extensions\a892fa08-2d07-49e8-adce-f650222629ca@82592752-c212-4885-b999-cb2a1d2f9d09.com\chrome\content\core\progressListenerObserver.js, In Quarantäne, [45cce09493e8e84ee71e572f48ba0af6], PUP.Optional.CrossRider.A, C:\Users\kebin\AppData\Roaming\Mozilla\Firefox\Profiles\olbrdq18.default\extensions\a892fa08-2d07-49e8-adce-f650222629ca@82592752-c212-4885-b999-cb2a1d2f9d09.com\chrome\content\core\registry.js, In Quarantäne, [45cce09493e8e84ee71e572f48ba0af6], PUP.Optional.CrossRider.A, C:\Users\kebin\AppData\Roaming\Mozilla\Firefox\Profiles\olbrdq18.default\extensions\a892fa08-2d07-49e8-adce-f650222629ca@82592752-c212-4885-b999-cb2a1d2f9d09.com\chrome\content\core\reloadObserver.js, In Quarantäne, [45cce09493e8e84ee71e572f48ba0af6], PUP.Optional.CrossRider.A, C:\Users\kebin\AppData\Roaming\Mozilla\Firefox\Profiles\olbrdq18.default\extensions\a892fa08-2d07-49e8-adce-f650222629ca@82592752-c212-4885-b999-cb2a1d2f9d09.com\chrome\content\core\reports.js, In Quarantäne, [45cce09493e8e84ee71e572f48ba0af6], PUP.Optional.CrossRider.A, C:\Users\kebin\AppData\Roaming\Mozilla\Firefox\Profiles\olbrdq18.default\extensions\a892fa08-2d07-49e8-adce-f650222629ca@82592752-c212-4885-b999-cb2a1d2f9d09.com\chrome\content\core\requestObject.js, In Quarantäne, [45cce09493e8e84ee71e572f48ba0af6], PUP.Optional.CrossRider.A, C:\Users\kebin\AppData\Roaming\Mozilla\Firefox\Profiles\olbrdq18.default\extensions\a892fa08-2d07-49e8-adce-f650222629ca@82592752-c212-4885-b999-cb2a1d2f9d09.com\chrome\content\core\searchSettings.js, In Quarantäne, [45cce09493e8e84ee71e572f48ba0af6], PUP.Optional.CrossRider.A, C:\Users\kebin\AppData\Roaming\Mozilla\Firefox\Profiles\olbrdq18.default\extensions\a892fa08-2d07-49e8-adce-f650222629ca@82592752-c212-4885-b999-cb2a1d2f9d09.com\chrome\content\core\uninstallObserver.js, In Quarantäne, [45cce09493e8e84ee71e572f48ba0af6], PUP.Optional.CrossRider.A, C:\Users\kebin\AppData\Roaming\Mozilla\Firefox\Profiles\olbrdq18.default\extensions\a892fa08-2d07-49e8-adce-f650222629ca@82592752-c212-4885-b999-cb2a1d2f9d09.com\chrome\content\core\updateManager.js, In Quarantäne, [45cce09493e8e84ee71e572f48ba0af6], PUP.Optional.CrossRider.A, C:\Users\kebin\AppData\Roaming\Mozilla\Firefox\Profiles\olbrdq18.default\extensions\a892fa08-2d07-49e8-adce-f650222629ca@82592752-c212-4885-b999-cb2a1d2f9d09.com\chrome\content\core\utils.js, In Quarantäne, [45cce09493e8e84ee71e572f48ba0af6], PUP.Optional.CrossRider.A, C:\Users\kebin\AppData\Roaming\Mozilla\Firefox\Profiles\olbrdq18.default\extensions\a892fa08-2d07-49e8-adce-f650222629ca@82592752-c212-4885-b999-cb2a1d2f9d09.com\chrome\content\core\xhr.js, In Quarantäne, [45cce09493e8e84ee71e572f48ba0af6], PUP.Optional.CrossRider.A, C:\Users\kebin\AppData\Roaming\Mozilla\Firefox\Profiles\olbrdq18.default\extensions\a892fa08-2d07-49e8-adce-f650222629ca@82592752-c212-4885-b999-cb2a1d2f9d09.com\defaults\preferences\prefs.js, In Quarantäne, [45cce09493e8e84ee71e572f48ba0af6], PUP.Optional.CrossRider.A, C:\Users\kebin\AppData\Roaming\Mozilla\Firefox\Profiles\olbrdq18.default\extensions\a892fa08-2d07-49e8-adce-f650222629ca@82592752-c212-4885-b999-cb2a1d2f9d09.com\extensionData\manifest.xml, In Quarantäne, [45cce09493e8e84ee71e572f48ba0af6], PUP.Optional.CrossRider.A, C:\Users\kebin\AppData\Roaming\Mozilla\Firefox\Profiles\olbrdq18.default\extensions\a892fa08-2d07-49e8-adce-f650222629ca@82592752-c212-4885-b999-cb2a1d2f9d09.com\extensionData\plugins.json, In Quarantäne, [45cce09493e8e84ee71e572f48ba0af6], PUP.Optional.CrossRider.A, C:\Users\kebin\AppData\Roaming\Mozilla\Firefox\Profiles\olbrdq18.default\extensions\a892fa08-2d07-49e8-adce-f650222629ca@82592752-c212-4885-b999-cb2a1d2f9d09.com\extensionData\plugins\207.js, In Quarantäne, [45cce09493e8e84ee71e572f48ba0af6], PUP.Optional.CrossRider.A, C:\Users\kebin\AppData\Roaming\Mozilla\Firefox\Profiles\olbrdq18.default\extensions\a892fa08-2d07-49e8-adce-f650222629ca@82592752-c212-4885-b999-cb2a1d2f9d09.com\extensionData\plugins\1.js, In Quarantäne, [45cce09493e8e84ee71e572f48ba0af6], PUP.Optional.CrossRider.A, C:\Users\kebin\AppData\Roaming\Mozilla\Firefox\Profiles\olbrdq18.default\extensions\a892fa08-2d07-49e8-adce-f650222629ca@82592752-c212-4885-b999-cb2a1d2f9d09.com\extensionData\plugins\102.js, In Quarantäne, [45cce09493e8e84ee71e572f48ba0af6], PUP.Optional.CrossRider.A, C:\Users\kebin\AppData\Roaming\Mozilla\Firefox\Profiles\olbrdq18.default\extensions\a892fa08-2d07-49e8-adce-f650222629ca@82592752-c212-4885-b999-cb2a1d2f9d09.com\extensionData\plugins\103.js, In Quarantäne, [45cce09493e8e84ee71e572f48ba0af6], PUP.Optional.CrossRider.A, C:\Users\kebin\AppData\Roaming\Mozilla\Firefox\Profiles\olbrdq18.default\extensions\a892fa08-2d07-49e8-adce-f650222629ca@82592752-c212-4885-b999-cb2a1d2f9d09.com\extensionData\plugins\104.js, In Quarantäne, [45cce09493e8e84ee71e572f48ba0af6], PUP.Optional.CrossRider.A, C:\Users\kebin\AppData\Roaming\Mozilla\Firefox\Profiles\olbrdq18.default\extensions\a892fa08-2d07-49e8-adce-f650222629ca@82592752-c212-4885-b999-cb2a1d2f9d09.com\extensionData\plugins\119.js, In Quarantäne, [45cce09493e8e84ee71e572f48ba0af6], PUP.Optional.CrossRider.A, C:\Users\kebin\AppData\Roaming\Mozilla\Firefox\Profiles\olbrdq18.default\extensions\a892fa08-2d07-49e8-adce-f650222629ca@82592752-c212-4885-b999-cb2a1d2f9d09.com\extensionData\plugins\123.js, In Quarantäne, [45cce09493e8e84ee71e572f48ba0af6], PUP.Optional.CrossRider.A, C:\Users\kebin\AppData\Roaming\Mozilla\Firefox\Profiles\olbrdq18.default\extensions\a892fa08-2d07-49e8-adce-f650222629ca@82592752-c212-4885-b999-cb2a1d2f9d09.com\extensionData\plugins\13.js, In Quarantäne, [45cce09493e8e84ee71e572f48ba0af6], PUP.Optional.CrossRider.A, C:\Users\kebin\AppData\Roaming\Mozilla\Firefox\Profiles\olbrdq18.default\extensions\a892fa08-2d07-49e8-adce-f650222629ca@82592752-c212-4885-b999-cb2a1d2f9d09.com\extensionData\plugins\14.js, In Quarantäne, [45cce09493e8e84ee71e572f48ba0af6], PUP.Optional.CrossRider.A, C:\Users\kebin\AppData\Roaming\Mozilla\Firefox\Profiles\olbrdq18.default\extensions\a892fa08-2d07-49e8-adce-f650222629ca@82592752-c212-4885-b999-cb2a1d2f9d09.com\extensionData\plugins\158.js, In Quarantäne, [45cce09493e8e84ee71e572f48ba0af6], PUP.Optional.CrossRider.A, C:\Users\kebin\AppData\Roaming\Mozilla\Firefox\Profiles\olbrdq18.default\extensions\a892fa08-2d07-49e8-adce-f650222629ca@82592752-c212-4885-b999-cb2a1d2f9d09.com\extensionData\plugins\16.js, In Quarantäne, [45cce09493e8e84ee71e572f48ba0af6], PUP.Optional.CrossRider.A, C:\Users\kebin\AppData\Roaming\Mozilla\Firefox\Profiles\olbrdq18.default\extensions\a892fa08-2d07-49e8-adce-f650222629ca@82592752-c212-4885-b999-cb2a1d2f9d09.com\extensionData\plugins\17.js, In Quarantäne, [45cce09493e8e84ee71e572f48ba0af6], PUP.Optional.CrossRider.A, C:\Users\kebin\AppData\Roaming\Mozilla\Firefox\Profiles\olbrdq18.default\extensions\a892fa08-2d07-49e8-adce-f650222629ca@82592752-c212-4885-b999-cb2a1d2f9d09.com\extensionData\plugins\177.js, In Quarantäne, [45cce09493e8e84ee71e572f48ba0af6], PUP.Optional.CrossRider.A, C:\Users\kebin\AppData\Roaming\Mozilla\Firefox\Profiles\olbrdq18.default\extensions\a892fa08-2d07-49e8-adce-f650222629ca@82592752-c212-4885-b999-cb2a1d2f9d09.com\extensionData\plugins\178.js, In Quarantäne, [45cce09493e8e84ee71e572f48ba0af6], PUP.Optional.CrossRider.A, C:\Users\kebin\AppData\Roaming\Mozilla\Firefox\Profiles\olbrdq18.default\extensions\a892fa08-2d07-49e8-adce-f650222629ca@82592752-c212-4885-b999-cb2a1d2f9d09.com\extensionData\plugins\179.js, In Quarantäne, [45cce09493e8e84ee71e572f48ba0af6], PUP.Optional.CrossRider.A, C:\Users\kebin\AppData\Roaming\Mozilla\Firefox\Profiles\olbrdq18.default\extensions\a892fa08-2d07-49e8-adce-f650222629ca@82592752-c212-4885-b999-cb2a1d2f9d09.com\extensionData\plugins\180.js, In Quarantäne, [45cce09493e8e84ee71e572f48ba0af6], PUP.Optional.CrossRider.A, C:\Users\kebin\AppData\Roaming\Mozilla\Firefox\Profiles\olbrdq18.default\extensions\a892fa08-2d07-49e8-adce-f650222629ca@82592752-c212-4885-b999-cb2a1d2f9d09.com\extensionData\plugins\182.js, In Quarantäne, [45cce09493e8e84ee71e572f48ba0af6], PUP.Optional.CrossRider.A, C:\Users\kebin\AppData\Roaming\Mozilla\Firefox\Profiles\olbrdq18.default\extensions\a892fa08-2d07-49e8-adce-f650222629ca@82592752-c212-4885-b999-cb2a1d2f9d09.com\extensionData\plugins\183.js, In Quarantäne, [45cce09493e8e84ee71e572f48ba0af6], PUP.Optional.CrossRider.A, C:\Users\kebin\AppData\Roaming\Mozilla\Firefox\Profiles\olbrdq18.default\extensions\a892fa08-2d07-49e8-adce-f650222629ca@82592752-c212-4885-b999-cb2a1d2f9d09.com\extensionData\plugins\184.js, In Quarantäne, [45cce09493e8e84ee71e572f48ba0af6], PUP.Optional.CrossRider.A, C:\Users\kebin\AppData\Roaming\Mozilla\Firefox\Profiles\olbrdq18.default\extensions\a892fa08-2d07-49e8-adce-f650222629ca@82592752-c212-4885-b999-cb2a1d2f9d09.com\extensionData\plugins\190.js, In Quarantäne, [45cce09493e8e84ee71e572f48ba0af6], PUP.Optional.CrossRider.A, C:\Users\kebin\AppData\Roaming\Mozilla\Firefox\Profiles\olbrdq18.default\extensions\a892fa08-2d07-49e8-adce-f650222629ca@82592752-c212-4885-b999-cb2a1d2f9d09.com\extensionData\plugins\195.js, In Quarantäne, [45cce09493e8e84ee71e572f48ba0af6], PUP.Optional.CrossRider.A, C:\Users\kebin\AppData\Roaming\Mozilla\Firefox\Profiles\olbrdq18.default\extensions\a892fa08-2d07-49e8-adce-f650222629ca@82592752-c212-4885-b999-cb2a1d2f9d09.com\extensionData\plugins\21.js, In Quarantäne, [45cce09493e8e84ee71e572f48ba0af6], PUP.Optional.CrossRider.A, C:\Users\kebin\AppData\Roaming\Mozilla\Firefox\Profiles\olbrdq18.default\extensions\a892fa08-2d07-49e8-adce-f650222629ca@82592752-c212-4885-b999-cb2a1d2f9d09.com\extensionData\plugins\217.js, In Quarantäne, [45cce09493e8e84ee71e572f48ba0af6], PUP.Optional.CrossRider.A, C:\Users\kebin\AppData\Roaming\Mozilla\Firefox\Profiles\olbrdq18.default\extensions\a892fa08-2d07-49e8-adce-f650222629ca@82592752-c212-4885-b999-cb2a1d2f9d09.com\extensionData\plugins\22.js, In Quarantäne, [45cce09493e8e84ee71e572f48ba0af6], PUP.Optional.CrossRider.A, C:\Users\kebin\AppData\Roaming\Mozilla\Firefox\Profiles\olbrdq18.default\extensions\a892fa08-2d07-49e8-adce-f650222629ca@82592752-c212-4885-b999-cb2a1d2f9d09.com\extensionData\plugins\220.js, In Quarantäne, [45cce09493e8e84ee71e572f48ba0af6], PUP.Optional.CrossRider.A, C:\Users\kebin\AppData\Roaming\Mozilla\Firefox\Profiles\olbrdq18.default\extensions\a892fa08-2d07-49e8-adce-f650222629ca@82592752-c212-4885-b999-cb2a1d2f9d09.com\extensionData\plugins\221.js, In Quarantäne, [45cce09493e8e84ee71e572f48ba0af6], PUP.Optional.CrossRider.A, C:\Users\kebin\AppData\Roaming\Mozilla\Firefox\Profiles\olbrdq18.default\extensions\a892fa08-2d07-49e8-adce-f650222629ca@82592752-c212-4885-b999-cb2a1d2f9d09.com\extensionData\plugins\223.js, In Quarantäne, [45cce09493e8e84ee71e572f48ba0af6], PUP.Optional.CrossRider.A, C:\Users\kebin\AppData\Roaming\Mozilla\Firefox\Profiles\olbrdq18.default\extensions\a892fa08-2d07-49e8-adce-f650222629ca@82592752-c212-4885-b999-cb2a1d2f9d09.com\extensionData\plugins\226.js, In Quarantäne, [45cce09493e8e84ee71e572f48ba0af6], PUP.Optional.CrossRider.A, C:\Users\kebin\AppData\Roaming\Mozilla\Firefox\Profiles\olbrdq18.default\extensions\a892fa08-2d07-49e8-adce-f650222629ca@82592752-c212-4885-b999-cb2a1d2f9d09.com\extensionData\plugins\242.js, In Quarantäne, [45cce09493e8e84ee71e572f48ba0af6], PUP.Optional.CrossRider.A, C:\Users\kebin\AppData\Roaming\Mozilla\Firefox\Profiles\olbrdq18.default\extensions\a892fa08-2d07-49e8-adce-f650222629ca@82592752-c212-4885-b999-cb2a1d2f9d09.com\extensionData\plugins\246.js, In Quarantäne, [45cce09493e8e84ee71e572f48ba0af6], PUP.Optional.CrossRider.A, C:\Users\kebin\AppData\Roaming\Mozilla\Firefox\Profiles\olbrdq18.default\extensions\a892fa08-2d07-49e8-adce-f650222629ca@82592752-c212-4885-b999-cb2a1d2f9d09.com\extensionData\plugins\28.js, In Quarantäne, [45cce09493e8e84ee71e572f48ba0af6], PUP.Optional.CrossRider.A, C:\Users\kebin\AppData\Roaming\Mozilla\Firefox\Profiles\olbrdq18.default\extensions\a892fa08-2d07-49e8-adce-f650222629ca@82592752-c212-4885-b999-cb2a1d2f9d09.com\extensionData\plugins\4.js, In Quarantäne, [45cce09493e8e84ee71e572f48ba0af6], PUP.Optional.CrossRider.A, C:\Users\kebin\AppData\Roaming\Mozilla\Firefox\Profiles\olbrdq18.default\extensions\a892fa08-2d07-49e8-adce-f650222629ca@82592752-c212-4885-b999-cb2a1d2f9d09.com\extensionData\plugins\47.js, In Quarantäne, [45cce09493e8e84ee71e572f48ba0af6], PUP.Optional.CrossRider.A, C:\Users\kebin\AppData\Roaming\Mozilla\Firefox\Profiles\olbrdq18.default\extensions\a892fa08-2d07-49e8-adce-f650222629ca@82592752-c212-4885-b999-cb2a1d2f9d09.com\extensionData\plugins\64.js, In Quarantäne, [45cce09493e8e84ee71e572f48ba0af6], PUP.Optional.CrossRider.A, C:\Users\kebin\AppData\Roaming\Mozilla\Firefox\Profiles\olbrdq18.default\extensions\a892fa08-2d07-49e8-adce-f650222629ca@82592752-c212-4885-b999-cb2a1d2f9d09.com\extensionData\plugins\7.js, In Quarantäne, [45cce09493e8e84ee71e572f48ba0af6], PUP.Optional.CrossRider.A, C:\Users\kebin\AppData\Roaming\Mozilla\Firefox\Profiles\olbrdq18.default\extensions\a892fa08-2d07-49e8-adce-f650222629ca@82592752-c212-4885-b999-cb2a1d2f9d09.com\extensionData\plugins\72.js, In Quarantäne, [45cce09493e8e84ee71e572f48ba0af6], PUP.Optional.CrossRider.A, C:\Users\kebin\AppData\Roaming\Mozilla\Firefox\Profiles\olbrdq18.default\extensions\a892fa08-2d07-49e8-adce-f650222629ca@82592752-c212-4885-b999-cb2a1d2f9d09.com\extensionData\plugins\78.js, In Quarantäne, [45cce09493e8e84ee71e572f48ba0af6], PUP.Optional.CrossRider.A, C:\Users\kebin\AppData\Roaming\Mozilla\Firefox\Profiles\olbrdq18.default\extensions\a892fa08-2d07-49e8-adce-f650222629ca@82592752-c212-4885-b999-cb2a1d2f9d09.com\extensionData\plugins\9.js, In Quarantäne, [45cce09493e8e84ee71e572f48ba0af6], PUP.Optional.CrossRider.A, C:\Users\kebin\AppData\Roaming\Mozilla\Firefox\Profiles\olbrdq18.default\extensions\a892fa08-2d07-49e8-adce-f650222629ca@82592752-c212-4885-b999-cb2a1d2f9d09.com\extensionData\plugins\91.js, In Quarantäne, [45cce09493e8e84ee71e572f48ba0af6], PUP.Optional.CrossRider.A, C:\Users\kebin\AppData\Roaming\Mozilla\Firefox\Profiles\olbrdq18.default\extensions\a892fa08-2d07-49e8-adce-f650222629ca@82592752-c212-4885-b999-cb2a1d2f9d09.com\extensionData\plugins\93.js, In Quarantäne, [45cce09493e8e84ee71e572f48ba0af6], PUP.Optional.CrossRider.A, C:\Users\kebin\AppData\Roaming\Mozilla\Firefox\Profiles\olbrdq18.default\extensions\a892fa08-2d07-49e8-adce-f650222629ca@82592752-c212-4885-b999-cb2a1d2f9d09.com\extensionData\plugins\98.js, In Quarantäne, [45cce09493e8e84ee71e572f48ba0af6], PUP.Optional.CrossRider.A, C:\Users\kebin\AppData\Roaming\Mozilla\Firefox\Profiles\olbrdq18.default\extensions\a892fa08-2d07-49e8-adce-f650222629ca@82592752-c212-4885-b999-cb2a1d2f9d09.com\extensionData\userCode\background.js, In Quarantäne, [45cce09493e8e84ee71e572f48ba0af6], PUP.Optional.CrossRider.A, C:\Users\kebin\AppData\Roaming\Mozilla\Firefox\Profiles\olbrdq18.default\extensions\a892fa08-2d07-49e8-adce-f650222629ca@82592752-c212-4885-b999-cb2a1d2f9d09.com\extensionData\userCode\extension.js, In Quarantäne, [45cce09493e8e84ee71e572f48ba0af6], PUP.Optional.CrossRider.A, C:\Users\kebin\AppData\Roaming\Mozilla\Firefox\Profiles\olbrdq18.default\extensions\a892fa08-2d07-49e8-adce-f650222629ca@82592752-c212-4885-b999-cb2a1d2f9d09.com\locale\en-US\translations.dtd, In Quarantäne, [45cce09493e8e84ee71e572f48ba0af6], PUP.Optional.CrossRider.A, C:\Users\kebin\AppData\Roaming\Mozilla\Firefox\Profiles\olbrdq18.default\extensions\a892fa08-2d07-49e8-adce-f650222629ca@82592752-c212-4885-b999-cb2a1d2f9d09.com\skin\button1.png, In Quarantäne, [45cce09493e8e84ee71e572f48ba0af6], PUP.Optional.CrossRider.A, C:\Users\kebin\AppData\Roaming\Mozilla\Firefox\Profiles\olbrdq18.default\extensions\a892fa08-2d07-49e8-adce-f650222629ca@82592752-c212-4885-b999-cb2a1d2f9d09.com\skin\button2.png, In Quarantäne, [45cce09493e8e84ee71e572f48ba0af6], PUP.Optional.CrossRider.A, C:\Users\kebin\AppData\Roaming\Mozilla\Firefox\Profiles\olbrdq18.default\extensions\a892fa08-2d07-49e8-adce-f650222629ca@82592752-c212-4885-b999-cb2a1d2f9d09.com\skin\button3.png, In Quarantäne, [45cce09493e8e84ee71e572f48ba0af6], PUP.Optional.CrossRider.A, C:\Users\kebin\AppData\Roaming\Mozilla\Firefox\Profiles\olbrdq18.default\extensions\a892fa08-2d07-49e8-adce-f650222629ca@82592752-c212-4885-b999-cb2a1d2f9d09.com\skin\button4.png, In Quarantäne, [45cce09493e8e84ee71e572f48ba0af6], PUP.Optional.CrossRider.A, C:\Users\kebin\AppData\Roaming\Mozilla\Firefox\Profiles\olbrdq18.default\extensions\a892fa08-2d07-49e8-adce-f650222629ca@82592752-c212-4885-b999-cb2a1d2f9d09.com\skin\button5.png, In Quarantäne, [45cce09493e8e84ee71e572f48ba0af6], PUP.Optional.CrossRider.A, C:\Users\kebin\AppData\Roaming\Mozilla\Firefox\Profiles\olbrdq18.default\extensions\a892fa08-2d07-49e8-adce-f650222629ca@82592752-c212-4885-b999-cb2a1d2f9d09.com\skin\crossrider_statusbar.png, In Quarantäne, [45cce09493e8e84ee71e572f48ba0af6], PUP.Optional.CrossRider.A, C:\Users\kebin\AppData\Roaming\Mozilla\Firefox\Profiles\olbrdq18.default\extensions\a892fa08-2d07-49e8-adce-f650222629ca@82592752-c212-4885-b999-cb2a1d2f9d09.com\skin\icon128.png, In Quarantäne, [45cce09493e8e84ee71e572f48ba0af6], PUP.Optional.CrossRider.A, C:\Users\kebin\AppData\Roaming\Mozilla\Firefox\Profiles\olbrdq18.default\extensions\a892fa08-2d07-49e8-adce-f650222629ca@82592752-c212-4885-b999-cb2a1d2f9d09.com\skin\icon16.png, In Quarantäne, [45cce09493e8e84ee71e572f48ba0af6], PUP.Optional.CrossRider.A, C:\Users\kebin\AppData\Roaming\Mozilla\Firefox\Profiles\olbrdq18.default\extensions\a892fa08-2d07-49e8-adce-f650222629ca@82592752-c212-4885-b999-cb2a1d2f9d09.com\skin\icon24.png, In Quarantäne, [45cce09493e8e84ee71e572f48ba0af6], PUP.Optional.CrossRider.A, C:\Users\kebin\AppData\Roaming\Mozilla\Firefox\Profiles\olbrdq18.default\extensions\a892fa08-2d07-49e8-adce-f650222629ca@82592752-c212-4885-b999-cb2a1d2f9d09.com\skin\icon48.png, In Quarantäne, [45cce09493e8e84ee71e572f48ba0af6], PUP.Optional.CrossRider.A, C:\Users\kebin\AppData\Roaming\Mozilla\Firefox\Profiles\olbrdq18.default\extensions\a892fa08-2d07-49e8-adce-f650222629ca@82592752-c212-4885-b999-cb2a1d2f9d09.com\skin\panelarrow-up.png, In Quarantäne, [45cce09493e8e84ee71e572f48ba0af6], PUP.Optional.CrossRider.A, C:\Users\kebin\AppData\Roaming\Mozilla\Firefox\Profiles\olbrdq18.default\extensions\a892fa08-2d07-49e8-adce-f650222629ca@82592752-c212-4885-b999-cb2a1d2f9d09.com\skin\popup.html, In Quarantäne, [45cce09493e8e84ee71e572f48ba0af6], PUP.Optional.CrossRider.A, C:\Users\kebin\AppData\Roaming\Mozilla\Firefox\Profiles\olbrdq18.default\extensions\a892fa08-2d07-49e8-adce-f650222629ca@82592752-c212-4885-b999-cb2a1d2f9d09.com\skin\skin.css, In Quarantäne, [45cce09493e8e84ee71e572f48ba0af6], PUP.Optional.CrossRider.A, C:\Users\kebin\AppData\Roaming\Mozilla\Firefox\Profiles\olbrdq18.default\extensions\a892fa08-2d07-49e8-adce-f650222629ca@82592752-c212-4885-b999-cb2a1d2f9d09.com\skin\update.css, In Quarantäne, [45cce09493e8e84ee71e572f48ba0af6], PUP.Optional.PlusHD.A, C:\Program Files\Plus-HD-4.5\39678.xpi, In Quarantäne, [35dccba94a31dc5ae96807804eb4bb45], PUP.Optional.Snapdo.A, C:\Users\Gast\AppData\Local\Google\Chrome\User Data\Default\Preferences, Gut: (), Schlecht: (,"homepage": "hxxp://feed.snapdo.com/?publisher=VertiTechnologyYB&dpid=VertiTechnologyYB&co=DE&userid=67df9fbc-4fcc-49d5-9d21-2130fbe62346&searchtype=hp&installDate=01/01/1970","homepage_is_newtabpage": false), Ersetzt,[41d0551fbac10234c35e7c1806fe6c94] PUP.Optional.Conduit.A, C:\Users\kebin\AppData\Local\Google\Chrome\User Data\Default\Preferences, Gut: (), Schlecht: ( "homepage": "hxxp://search.conduit.com/?ctid=CT3311268&SearchSource=48&CUI=UN29504919652995354&UM=2&UP=SP227CA280-2830-4C9A-BC80-F19CEDB88F74&SSPV=",), Ersetzt,[de33d79d6e0d74c230de1b7af90b55ab] PUP.Optional.CrossRider.A, C:\Users\kebin\AppData\Roaming\Mozilla\Firefox\Profiles\olbrdq18.default\prefs.js, Gut: (), Schlecht: (user_pref("extensions.crossrider.bic", "1418316622e2637b4c9a4508775cbe3c");), Ersetzt,[7c9583f1611a4aec601ceea6ab5905fb] PUP.Optional.Conduit.A, C:\Users\kebin\AppData\Roaming\Mozilla\Firefox\Profiles\olbrdq18.default\prefs.js, Gut: (), Schlecht: (user_pref("keyword.URL", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3311268&SearchSource=2&CUI=UN38072101937782320&UM=2&q=");), Ersetzt,[98793b39d7a40f27a23a148063a1a55b] PUP.Optional.Conduit.A, C:\Users\kebin\AppData\Roaming\Mozilla\Firefox\Profiles\olbrdq18.default\prefs.js, Gut: (), Schlecht: (user_pref("browser.search.defaulturl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3311268&CUI=UN38072101937782320&UM=2&SearchSource=3&q={searchTerms}");), Ersetzt,[bc5502726219d165549d256f40c443bd] Physische Sektoren: 0 (No malicious items detected) (end) AdwCleaner.txt Code:
ATTFilter # AdwCleaner v3.211 - Bericht erstellt am 03/06/2014 um 21:37:04
# Aktualisiert 26/05/2014 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (32 bits)
# Benutzername : kebin - KEBIN-PC
# Gestartet von : C:\Users\kebin\Desktop\adwcleaner_3.211.exe
# Option : Löschen
***** [ Dienste ] *****
***** [ Dateien / Ordner ] *****
Ordner Gelöscht : C:\ProgramData\Tarma Installer
Ordner Gelöscht : C:\Program Files\Omiga Plus
Ordner Gelöscht : C:\Program Files\Uninstaller
Ordner Gelöscht : C:\Program Files\V-bates
Ordner Gelöscht : C:\Program Files\WinZipper
Ordner Gelöscht : C:\Users\kebin\AppData\Local\PutLockerDownloader
Ordner Gelöscht : C:\Users\kebin\AppData\Local\Temp\OCS
Ordner Gelöscht : C:\Users\kebin\AppData\LocalLow\Conduit
Ordner Gelöscht : C:\Users\kebin\AppData\LocalLow\Delta
Ordner Gelöscht : C:\Users\kebin\AppData\Roaming\337
Ordner Gelöscht : C:\Users\kebin\AppData\Roaming\eIntaller
Ordner Gelöscht : C:\Users\kebin\AppData\Roaming\ExpressFiles
Ordner Gelöscht : C:\Users\kebin\AppData\Roaming\Omiga Plus
Ordner Gelöscht : C:\Users\kebin\AppData\Roaming\WinZipper
Ordner Gelöscht : C:\Users\kebin\AppData\Roaming\Mozilla\Firefox\Profiles\olbrdq18.default\CT3311268
Ordner Gelöscht : C:\Users\kebin\AppData\Roaming\Mozilla\Firefox\Profiles\olbrdq18.default\Extensions\{da7f5ae1-3be3-43c0-8098-c1d183616e97}
Ordner Gelöscht : C:\Users\Gast.kebin-PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\ljmibnagodajacnnbifpamhggcohblip
Datei Gelöscht : C:\END
Datei Gelöscht : C:\Users\kebin\AppData\Roaming\Mozilla\Firefox\Profiles\extensions\user.js
Datei Gelöscht : C:\Users\kebin\AppData\Roaming\Mozilla\Firefox\Profiles\olbrdq18.default\user.js
Datei Gelöscht : C:\Windows\Tasks\Dealply.job
Datei Gelöscht : C:\Windows\System32\Tasks\Dealply
Datei Gelöscht : C:\Windows\System32\Tasks\Desk 365 RunAsStdUser
Datei Gelöscht : C:\Windows\System32\Tasks\EPUpdater
***** [ Verknüpfungen ] *****
Verknüpfung Desinfiziert : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Opera.lnk
Verknüpfung Desinfiziert : C:\Users\kebin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Internet Explorer (No Add-ons).lnk
***** [ Registrierungsdatenbank ] *****
[#] Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{11428800-BABD-4EC0-8DF7-F9B0014941F9}
[#] Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{11428800-BABD-4EC0-8DF7-F9B0014941F9}
[#] Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{D06FACCC-0160-487B-B897-151B08EF4CEC}
[#] Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D06FACCC-0160-487B-B897-151B08EF4CEC}
[#] Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{82AEEE4E-A795-4597-BD04-EABC0A8FF318}
[#] Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{82AEEE4E-A795-4597-BD04-EABC0A8FF318}
[#] Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{ACDACEA7-2EE0-4613-8F30-114192EB9520}
[#] Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{ACDACEA7-2EE0-4613-8F30-114192EB9520}
Schlüssel Gelöscht : HKCU\Software\Classes\pokki
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\WMHelper.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\smartbar_rasapi32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\smartbar_rasmancs
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SnapDo_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SnapDo_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\WebCakeDesktop_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\WebCakeDesktop_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\dealplylive.exe
Schlüssel Gelöscht : HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\DeskSvc
Schlüssel Gelöscht : HKCU\Software\f4d8dae73fb946
Schlüssel Gelöscht : HKLM\SOFTWARE\f4d8dae73fb946
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Toolbar.CT3311268
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{A7DDCBDE-5C86-415C-8A37-763AE183E7E4}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{813A22E0-3E2B-4188-9BDA-ECA9878B8D48}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{BCFF5F55-6F44-11D2-86F8-00104B265ED5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{006EE092-9658-4FD6-BD8E-A21A348E59F5}
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{AE07101B-46D4-4A98-AF68-0333EA26E113}]
Schlüssel Gelöscht : HKCU\Software\BI
Schlüssel Gelöscht : HKCU\Software\ExpressFiles
Schlüssel Gelöscht : HKCU\Software\OCS
Schlüssel Gelöscht : HKCU\Software\powerpack
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software
Schlüssel Gelöscht : HKLM\Software\Desksvc
Schlüssel Gelöscht : HKLM\Software\ExpressFiles
Schlüssel Gelöscht : HKLM\Software\hdcode
Schlüssel Gelöscht : HKLM\Software\Software
Schlüssel Gelöscht : HKLM\Software\Tarma Installer
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\08121C32A9C319F4CB0C11FF059552A4
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\3152E1F19977892449DC968802CE8964
***** [ Browser ] *****
-\\ Internet Explorer v11.0.9600.17041
-\\ Mozilla Firefox v26.0 (de)
[ Datei : C:\Users\kebin\AppData\Roaming\Mozilla\Firefox\Profiles\extensions\prefs.js ]
[ Datei : C:\Users\kebin\AppData\Roaming\Mozilla\Firefox\Profiles\olbrdq18.default\prefs.js ]
Zeile gelöscht : user_pref("CT3311268.FF19Solved", "true");
Zeile gelöscht : user_pref("CT3311268.UserID", "UN38072101937782320");
Zeile gelöscht : user_pref("CT3311268.browser.search.defaultthis.engineName", "true");
Zeile gelöscht : user_pref("CT3311268.fullUserID", "UN38072101937782320.IN.20130927212443");
Zeile gelöscht : user_pref("CT3311268.installDate", "27/09/2013 21:24:50");
Zeile gelöscht : user_pref("CT3311268.installSessionId", "{191DD0B7-8CC8-486F-92AF-07A25DA7B4F0}");
Zeile gelöscht : user_pref("CT3311268.installSp", "false");
Zeile gelöscht : user_pref("CT3311268.installerVersion", "1.7.1.4");
Zeile gelöscht : user_pref("CT3311268.keyword", "true");
Zeile gelöscht : user_pref("CT3311268.originalHomepage", "about:home");
Zeile gelöscht : user_pref("CT3311268.originalSearchAddressUrl", "");
Zeile gelöscht : user_pref("CT3311268.originalSearchEngine", "");
Zeile gelöscht : user_pref("CT3311268.originalSearchEngineName", "");
Zeile gelöscht : user_pref("CT3311268.searchRevert", "true");
Zeile gelöscht : user_pref("CT3311268.searchUserMode", "2");
Zeile gelöscht : user_pref("CT3311268.smartbar.homepage", "true");
Zeile gelöscht : user_pref("CT3311268.versionFromInstaller", "10.20.1.8");
Zeile gelöscht : user_pref("CT3311268.xpeMode", "0");
Zeile gelöscht : user_pref("Smartbar.SearchFromAddressBarSavedUrl", "");
Zeile gelöscht : user_pref("browser.search.defaultenginename", "Conduit Search");
Zeile gelöscht : user_pref("browser.search.defaultthis.engineName", "WhiteSmoke New V6 Customized Web Search");
Zeile gelöscht : user_pref("browser.search.selectedEngine", "Conduit Search");
Zeile gelöscht : user_pref("extensions.aa892fa082d0749e8adcef650222629ca82592752c2124885b999cb2a1d2f9d09com39678.39678.internaldb.cache/3518e1eac042730aa1274618984462b3_DE.value", "%22var%20cat_3518e1eac042730aa127461[...]
Zeile gelöscht : user_pref("extensions.aa892fa082d0749e8adcef650222629ca82592752c2124885b999cb2a1d2f9d09com39678.39678.internaldb.cache/5cdf8a7ef2ec84abac286c67587b78d9.value", "%22function%20tcmMarkWindow%28a%29%7Bva[...]
Zeile gelöscht : user_pref("extensions.aa892fa082d0749e8adcef650222629ca82592752c2124885b999cb2a1d2f9d09com39678.39678.internaldb.cache/d5baae4ef839769f8eb7e9f9d82d8a40_DE.value", "%22var%20cat_d5baae4ef839769f8eb7e9f[...]
Zeile gelöscht : user_pref("smartbar.addressBarOwnerCTID", "CT3311268");
Zeile gelöscht : user_pref("smartbar.conduitHomepageList", "hxxp://search.conduit.com/?ctid=CT3311268&CUI=UN38072101937782320&UM=2&SearchSource=13");
Zeile gelöscht : user_pref("smartbar.conduitSearchAddressUrlList", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3311268&SearchSource=2&CUI=UN38072101937782320&UM=2&q=");
Zeile gelöscht : user_pref("smartbar.defaultSearchOwnerCTID", "CT3311268");
Zeile gelöscht : user_pref("smartbar.homePageOwnerCTID", "CT3311268");
Zeile gelöscht : user_pref("smartbar.machineId", "KBVU9/UPX+4MGX6MKJ+YUECUQP866N/S2DSUQA019M5UH9ACGQBMQZUDEGDTRO+QCVKJ/RW+LOD3FX+CWTLVNA");
-\\ Google Chrome v35.0.1916.114
[ Datei : C:\Users\Gast\AppData\Local\Google\Chrome\User Data\Default\preferences ]
Gelöscht [Search Provider] : hxxp://feed.snapdo.com/?publisher=VertiTechnologyYB&dpid=VertiTechnologyYB&co=DE&userid=67df9fbc-4fcc-49d5-9d21-2130fbe62346&searchtype=ds&q={searchTerms}&installDate=01/01/1970
Gelöscht [Extension] : dhdepfaagokllfmhfbcfmocaeigmoebo
Gelöscht [Extension] : hphibigbodkkohoglgfkddblldpfohjl
Gelöscht [Extension] : kdcnnmifdmlmjffdgeieikcokcogpbej
Gelöscht [Extension] : kincjchfokkeneeofpeefomkikfkiedl
Gelöscht [Extension] : kkkeikdkpjenmoiicggnnodbkebafgpc
Gelöscht [Extension] : pgmfkblbflahhponhjmkcnpjinenhlnc
[ Datei : C:\Users\Gast.kebin-PC\AppData\Local\Google\Chrome\User Data\Default\preferences ]
Gelöscht [Extension] : ljmibnagodajacnnbifpamhggcohblip
[ Datei : C:\Users\kebin\AppData\Local\Google\Chrome\User Data\Default\preferences ]
Gelöscht [Homepage] : hxxp://search.conduit.com/?ctid=CT3311268&SearchSource=48&CUI=UN29504919652995354&UM=2&UP=SP227CA280-2830-4C9A-BC80-F19CEDB88F74&SSPV=
Gelöscht [Extension] : booedmolknjekdopkepjjeckmjkdpfgl
Gelöscht [Extension] : eooncjejnppfjjklapaamhcdmjbilmde
Gelöscht [Extension] : flpcjncodpafbgdpnkljologafpionhb
Gelöscht [Extension] : jpmbfleldcgkldadpdinhjjopdfpjfjp
*************************
AdwCleaner[R0].txt - [11644 octets] - [03/06/2014 21:34:27]
AdwCleaner[S0].txt - [10953 octets] - [03/06/2014 21:37:04]
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [11014 octets] ##########
JRT.txt Code:
ATTFilter ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.4 (04.06.2014:1)
OS: Windows 7 Home Premium x86
Ran by kebin on 03.06.2014 at 21:46:11,22
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~ Services
~~~ Registry Values
Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-19\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-20\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-21-3919152501-1714073753-3578707811-1000\Software\Microsoft\Internet Explorer\Main\\Start Page
~~~ Registry Keys
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-3919152501-1714073753-3578707811-1000\Software\sweetim
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{11111111-1111-1111-1111-110211101158}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{11111111-1111-1111-1111-110211101158}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{6EE4760F-2013-4BA5-BC1C-AC5D33C65EFA}
~~~ Files
~~~ Folders
Successfully deleted: [Folder] "C:\Windows\system32\ai_recyclebin"
~~~ FireFox
Successfully deleted the following from C:\Users\kebin\AppData\Roaming\mozilla\firefox\profiles\olbrdq18.default\prefs.js
user_pref("browser.startup.homepage", "hxxp://www.golsearch.com/?babsrc=HP_ss_Btisdt6&mntrId=D2636C626D8AF7C3&affID=121564&tt=160713_9127&tsp=4946");
user_pref("extensions.aa892fa082d0749e8adcef650222629ca82592752c2124885b999cb2a1d2f9d09com39678.39678.cookie.previous_page.value", "%22hxxp%3A//www.golsearch.com/%3Fbabsrc%3DH
user_pref("extensions.aa892fa082d0749e8adcef650222629ca82592752c2124885b999cb2a1d2f9d09com39678.39678.internaldb.cache/530e52021dc20843b1aa62957edeb9f8.value", "%22var%20adsDe
user_pref("extensions.aa892fa082d0749e8adcef650222629ca82592752c2124885b999cb2a1d2f9d09com39678.39678.internaldb.cache/833447eaff04548ccb80787286a7cad9_DE.value", "%22var%20ca
Emptied folder: C:\Users\kebin\AppData\Roaming\mozilla\firefox\profiles\olbrdq18.default\minidumps [23 files]
~~~ Event Viewer Logs were cleared
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 03.06.2014 at 21:52:29,96
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
|
|
04.06.2014, 18:39
| #6 |
| /// the machine /// TB-Ausbilder | Mein yahoo email-account verschickt SPAM an meine KontakteESET Online Scanner
Downloade Dir bitte  SecurityCheck und:
und ein frisches FRST log bitte. Noch Probleme? 
__________________ --> Mein yahoo email-account verschickt SPAM an meine Kontakte |
|
05.06.2014, 18:19
| #7 |
| | Mein yahoo email-account verschickt SPAM an meine Kontakte ESET Code:
ATTFilter ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7587
# api_version=3.0.2
# EOSSerial=aae67c6b316a9a439f6df99dae202626
# engine=18558
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2014-06-05 12:25:45
# local_time=2014-06-05 02:25:45 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1031
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode_1='Avira Desktop'
# compatibility_mode=1810 16777213 100 100 39225 28549178 0 0
# compatibility_mode_1=''
# compatibility_mode=5893 16776574 100 94 28299180 153559136 0 0
# scanned=285027
# found=27
# cleaned=0
# scan_time=18054
sh=1658A2A3C75D44161B2D1A185447A88D7F656E37 ft=1 fh=67c324132214aaee vn="MSIL/DomaIQ.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\Uninstaller\Uninstall.exe.vir"
sh=16068B8977B4DC562AE782D91BC009472667E331 ft=1 fh=c3b5a87b7d152749 vn="Variante von Win32/DownloadSponsor.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\kebin\AppData\Local\Temp\OCS\ocs_v71a.exe.vir"
sh=5257A2E56E63C2D8ABCCD9E574C8955FA76904E3 ft=1 fh=d9acd49d716b774a vn="Win32/InstallMonetizer.AF evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\kebin\AppData\Local\Temp\OCS\Downloads\fc14996dfa99adfc7baae624196888c5\67279ab16a958c594d1b312907cc0cdc\gbooks23.exe.vir"
sh=06187AA602DA70C0A079670280BF9B2C283AFF1E ft=1 fh=c9111abb25988d45 vn="Variante von Win32/Conduit.SearchProtect.N evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\kebin\AppData\Roaming\Mozilla\Firefox\Profiles\olbrdq18.default\Extensions\{da7f5ae1-3be3-43c0-8098-c1d183616e97}\Plugins\npFirefoxPlugin.dll.vir"
sh=19FBBAFE304BC57D46392A7FB96044B968A58FFB ft=1 fh=5858bad25e82c667 vn="Win32/Verti.A evtl. unerwünschte Anwendung" ac=I fn="C:\Users\kebin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\DGBJ14LG\MediaPlayerClassic_RocketFuelInstaller.exe"
sh=FEC19241949864DE766A2D193BC81E3366E379E4 ft=1 fh=ac6e9bcd558de938 vn="Win32/Conduit.SearchProtect.Q evtl. unerwünschte Anwendung" ac=I fn="C:\Users\kebin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\DGBJ14LG\SPSetup[1].exe"
sh=C4420C6E94B8CAACCB3811384280D8A93CB0A37D ft=1 fh=25f111c507a31a21 vn="Win32/Toolbar.Conduit.R evtl. unerwünschte Anwendung" ac=I fn="C:\Users\kebin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\KNQSQW85\sp-downloader[1].exe"
sh=9FAE98C3ABEA706F0A40BF64A01113EC91A606A5 ft=1 fh=076524552ae7c00f vn="Variante von Win32/Toolbar.BitCocktail.B evtl. unerwünschte Anwendung" ac=I fn="C:\Users\kebin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\KNQSQW85\v-bates[1].exe"
sh=918AC853BEAD5D6AAE0BCD5D200CCB12FB490BB8 ft=1 fh=05a48abc09a5595b vn="Win32/Verti.A evtl. unerwünschte Anwendung" ac=I fn="C:\Users\kebin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VM5QMBQ3\7zip_RocketFuelInstaller.exe"
sh=B09166ED1B1E138E78F807E6E7B4A19E0934E5A5 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\Users\kebin\AppData\Local\Mozilla\Firefox\Profiles\olbrdq18.default\Cache\1\E3\479B0d01"
sh=76383B8DE33E6BBFB98D545DEA12B018A0A8F2C8 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\Users\kebin\AppData\Local\Mozilla\Firefox\Profiles\olbrdq18.default\Cache\3\10\37904d01"
sh=8F41043A0C0F743CCCE9B7CD76394E9774A7E29D ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\Users\kebin\AppData\Local\Mozilla\Firefox\Profiles\olbrdq18.default\Cache\5\35\23476d01"
sh=6CB576025EF95F1FFDBEB877E91C99B131673D06 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\Users\kebin\AppData\Local\Mozilla\Firefox\Profiles\olbrdq18.default\Cache\5\F4\8685Dd01"
sh=6F7594C9F585188C288BD98D8D94FA7CFB7EFB52 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\Users\kebin\AppData\Local\Mozilla\Firefox\Profiles\olbrdq18.default\Cache\6\96\603EFd01"
sh=735CC619CF5A1EC40682C50985BB816C9AB1BEEF ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\Users\kebin\AppData\Local\Mozilla\Firefox\Profiles\olbrdq18.default\Cache\7\84\9068Fd01"
sh=8049BA4B533E2429B7931AD0E4D31901A37DF860 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\Users\kebin\AppData\Local\Mozilla\Firefox\Profiles\olbrdq18.default\Cache\9\B1\66E97d01"
sh=67530A9DFBB32849426EB31F67EBCDA24A8070C3 ft=0 fh=0000000000000000 vn="Variante von Win32/Conduit.SearchProtect.N evtl. unerwünschte Anwendung" ac=I fn="C:\Users\kebin\AppData\Local\Mozilla\Firefox\Profiles\olbrdq18.default\Cache\B\DA\55A0Fd01"
sh=98E43199E579EB6F35C724FC41BAFC335F776877 ft=0 fh=0000000000000000 vn="Variante von Win32/Conduit.SearchProtect.N evtl. unerwünschte Anwendung" ac=I fn="C:\Users\kebin\AppData\Local\Mozilla\Firefox\Profiles\olbrdq18.default\Cache\C\0F\F4FF3d01"
sh=CE163FD3855C7BAE704D7B2CFE058049F7593574 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\Users\kebin\AppData\Local\Mozilla\Firefox\Profiles\olbrdq18.default\Cache\C\5A\74BA5d01"
sh=E6ACD81D83325C8FDB6CCF9BDE50056D78F8AF97 ft=0 fh=0000000000000000 vn="Variante von Win32/Conduit.SearchProtect.N evtl. unerwünschte Anwendung" ac=I fn="C:\Users\kebin\AppData\Local\Mozilla\Firefox\Profiles\olbrdq18.default\Cache\C\F8\A9FA1d01"
sh=0873B32D1D554533AF9A22B0B4F8705F809768B4 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\Users\kebin\AppData\Local\Mozilla\Firefox\Profiles\olbrdq18.default\Cache\D\7D\6FDF0d01"
sh=8C65267C1AADD4AB670D6D979C4A686D16A86869 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\Users\kebin\AppData\Local\Mozilla\Firefox\Profiles\olbrdq18.default\Cache\D\B0\73F3Dd01"
sh=D5BF3BEAF19D898EB32267722392039A56C90C28 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\Users\kebin\AppData\Local\Mozilla\Firefox\Profiles\olbrdq18.default\Cache\F\99\7B861d01"
sh=1A989D3EC64BCA0D23EEFF96634F255FBB16C3C4 ft=0 fh=0000000000000000 vn="Win32/SoftonicDownloader.A evtl. unerwünschte Anwendung" ac=I fn="D:\KEVINH\Backup Set 2011-07-17 190155\Backup Files 2011-07-17 190155\Backup files 11.zip"
sh=A4A018E0591923D465CC7BA16D96B2797A6D938F ft=0 fh=0000000000000000 vn="Variante von Win32/Toolbar.Conduit.B evtl. unerwünschte Anwendung" ac=I fn="D:\KEVINH\Backup Set 2011-07-17 190155\Backup Files 2011-07-17 190155\Backup files 6.zip"
sh=FFEB8C4ABB26E104A3919DA0E863BC08A033DDCB ft=0 fh=0000000000000000 vn="Win32/SoftonicDownloader.A evtl. unerwünschte Anwendung" ac=I fn="D:\KEVINH\Backup Set 2011-07-17 190155\Backup Files 2011-07-24 202244\Backup files 3.zip"
sh=47DC1127D84CFB79632F24B20CB16C50E0766DEC ft=0 fh=0000000000000000 vn="Variante von Win32/Toolbar.Babylon.C evtl. unerwünschte Anwendung" ac=I fn="D:\KEVINH\Backup Set 2011-10-09 202246\Backup Files 2011-10-09 202246\Backup files 7.zip"
Security Check Code:
ATTFilter Results of screen317's Security Check version 0.99.83 Windows 7 Service Pack 1 x86 (UAC is enabled) Internet Explorer 11 ``````````````Antivirus/Firewall Check:`````````````` Avira Desktop Emsisoft Anti-Malware Antivirus up to date! (On Access scanning disabled!) `````````Anti-malware/Other Utilities Check:````````` CCleaner Java 7 Update 21 Java SE Development Kit 7 Update 21 Java version out of Date! Adobe Flash Player 11.9.900.117 Flash Player out of Date! Adobe Reader XI Mozilla Firefox (26.0) Google Chrome 34.0.1847.137 Google Chrome 35.0.1916.114 ````````Process Check: objlist.exe by Laurent```````` Malwarebytes Anti-Malware mbamservice.exe Malwarebytes Anti-Malware mbam.exe Avira Antivir avgnt.exe Avira Antivir avguard.exe Emsisoft Anti-Malware a2service.exe Malwarebytes Anti-Malware mbamscheduler.exe `````````````````System Health check````````````````` Total Fragmentation on Drive C: ````````````````````End of Log`````````````````````` ------------------------------------------------ FRST FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:02-06-2014 Ran by kebin (administrator) on KEBIN-PC on 05-06-2014 19:13:42 Running from C:\Users\kebin\Desktop Platform: Microsoft Windows 7 Home Premium Service Pack 1 (X86) OS Language: German Standard Internet Explorer Version 11 Boot Mode: Normal ==================== Processes (Whitelisted) ================= (Emsisoft GmbH) C:\Program Files\Emsisoft Anti-Malware\a2service.exe (AMD) C:\Windows\System32\atiesrxx.exe (AMD) C:\Windows\System32\atieclxx.exe (Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Malwarebytes Corporation) C:\Program Files\ Malwarebytes Anti-Malware \mbamscheduler.exe (Malwarebytes Corporation) C:\Program Files\ Malwarebytes Anti-Malware \mbamservice.exe () C:\Windows\System32\PnkBstrA.exe (Realtek) C:\Program Files\Realtek\11n USB Wireless LAN Utility\RtlService.exe (Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE (Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avshadow.exe (Malwarebytes Corporation) C:\Program Files\ Malwarebytes Anti-Malware \mbam.exe (Realtek Semiconductor Corp.) C:\Program Files\Realtek\11n USB Wireless LAN Utility\RtWLan.exe (Renesas Electronics Corporation) C:\Program Files\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe (Adobe Systems Incorporated) C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (SAMSUNG ELECTRONICS) C:\Program Files\Samsung\Samsung Media Studio 5\SMSTray.exe (Advanced Micro Devices Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe (Microsoft Corporation) C:\Windows\System32\wuauclt.exe (ATI Technologies Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe ==================== Registry (Whitelisted) ================== HKLM\...\Run: [NUSB3MON] => C:\Program Files\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe [113288 2010-04-27] (Renesas Electronics Corporation) HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [9288296 2010-06-14] (Realtek Semiconductor) HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [946352 2012-12-18] (Adobe Systems Incorporated) HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [253816 2013-03-12] (Oracle Corporation) HKLM\...\Run: [avgnt] => C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [737872 2014-06-03] (Avira Operations GmbH & Co. KG) HKLM\...\Run: [SMSTray] => C:\Program Files\Samsung\Samsung Media Studio 5\SMSTray.exe [132624 2007-12-14] (SAMSUNG ELECTRONICS) HKLM\...\Run: [StartCCC] => C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [642656 2013-03-28] (Advanced Micro Devices, Inc.) HKLM\...\Run: [HP Software Update] => C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe [49208 2011-03-24] (Hewlett-Packard) HKLM\...\Run: [] => [X] HKLM\...\Run: [emsisoft anti-malware] => c:\program files\emsisoft anti-malware\a2guard.exe [4330432 2014-02-15] (Emsisoft GmbH) HKU\.DEFAULT\...\RunOnce: [SPReview] - C:\Windows\System32\SPReview\SPReview.exe [280576 2013-03-20] (Microsoft Corporation) HKU\S-1-5-21-3919152501-1714073753-3578707811-1000\...\Run: [] => [X] HKU\S-1-5-21-3919152501-1714073753-3578707811-1000\...\Run: [Spotify Web Helper] => C:\Users\kebin\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1176632 2014-06-03] (Spotify Ltd) HKU\S-1-5-21-3919152501-1714073753-3578707811-1000\...\Run: [CPU_Control] => C:\Program Files\CPU-Control\CPU_Control.exe [1034240 2009-01-04] () HKU\S-1-5-21-3919152501-1714073753-3578707811-1000\...\Run: [DAEMON Tools Lite] => "C:\Program Files\DAEMON Tools Lite\DTLite.exe" -autorun HKU\S-1-5-21-3919152501-1714073753-3578707811-1000\...\MountPoints2: I - I:\Setup.exe HKU\S-1-5-21-3919152501-1714073753-3578707811-1000\...\MountPoints2: {7c3722b3-bc8b-11e2-ae42-c93ad4f53fab} - I:\INSTALL.EXE HKU\S-1-5-21-3919152501-1714073753-3578707811-1000\...\MountPoints2: {b34471aa-f51d-11e2-9a3c-6c626d8af7c3} - I:\setup.exe HKU\S-1-5-21-3919152501-1714073753-3578707811-1000\...\MountPoints2: {d20c0b20-c6a5-11e2-b23d-aad8909b5fad} - I:\INSTALL.EXE HKU\S-1-5-21-3919152501-1714073753-3578707811-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [] => [X] HKU\S-1-5-21-3919152501-1714073753-3578707811-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [Spotify Web Helper] => C:\Users\kebin\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1176632 2014-06-03] (Spotify Ltd) HKU\S-1-5-21-3919152501-1714073753-3578707811-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [CPU_Control] => C:\Program Files\CPU-Control\CPU_Control.exe [1034240 2009-01-04] () HKU\S-1-5-21-3919152501-1714073753-3578707811-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [DAEMON Tools Lite] => "C:\Program Files\DAEMON Tools Lite\DTLite.exe" -autorun HKU\S-1-5-21-3919152501-1714073753-3578707811-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: I - I:\Setup.exe HKU\S-1-5-21-3919152501-1714073753-3578707811-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {7c3722b3-bc8b-11e2-ae42-c93ad4f53fab} - I:\INSTALL.EXE HKU\S-1-5-21-3919152501-1714073753-3578707811-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {b34471aa-f51d-11e2-9a3c-6c626d8af7c3} - I:\setup.exe HKU\S-1-5-21-3919152501-1714073753-3578707811-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {d20c0b20-c6a5-11e2-b23d-aad8909b5fad} - I:\INSTALL.EXE Startup: C:\Users\kebin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk ShortcutTarget: OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk -> C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation) Startup: C:\Users\kebin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.4.1.lnk ShortcutTarget: OpenOffice.org 3.4.1.lnk -> C:\Program Files\OpenOffice.org 3\program\quickstart.exe () ==================== Internet (Whitelisted) ==================== ProxyEnable: Internet Explorer proxy is enabled. StartMenuInternet: IEXPLORE.EXE - iexplore.exe SearchScopes: HKLM - DefaultScope value is missing. BHO: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated) BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies) ShellExecuteHooks: ShellHook Class - {88485281-8b4b-4f8d-9ede-82e29a064277} - C:\Program Files\MarkAny\ContentSafer\MACSMANAGER.dll [192512 2004-11-23] (MarkAny Cooperation.) Tcpip\Parameters: [DhcpNameServer] 192.168.178.1 Tcpip\..\Interfaces\{26A623EB-0DB5-4189-B290-E65C1726041A}: [NameServer]192.169.137.1 FireFox: ======== FF ProfilePath: C:\Users\kebin\AppData\Roaming\Mozilla\Firefox\Profiles\olbrdq18.default FF NewTab: about:newtab FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_11_9_900_117.dll () FF Plugin: @esn.me/esnsonar,version=0.70.4 - C:\Program Files\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll (ESN Social Software AB) FF Plugin: @esn/esnlaunch,version=2.3.0 - C:\Program Files\Battlelog Web Plugins\2.3.0\npesnlaunch.dll (ESN Social Software AB) FF Plugin: @esn/npbattlelog,version=2.3.2 - C:\Program Files\Battlelog Web Plugins\2.3.2\npbattlelog.dll (EA Digital Illusions CE AB) FF Plugin: @java.com/DTPlugin,version=10.21.2 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=10.21.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin: @microsoft.com/WLPG,version=16.4.3508.0205 - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin: @nokia.com/EnablerPlugin - C:\Program Files\Nokia\Nokia Suite\npNokiaSuiteEnabler.dll ( ) FF Plugin: @pandonetworks.com/PandoWebPlugin - C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks) FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.) FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.) FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF Plugin HKCU: electronicarts.com/GameFacePlugin - C:\Users\kebin\AppData\Roaming\Electronic Arts\Game Face\npGameFacePlugin.dll (Electronic Arts) FF Plugin HKCU: pandonetworks.com/PandoWebPlugin - C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks) FF Plugin HKCU: ubisoft.com/uplaypc - C:\Program Files\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll () FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\amazondotcom-de.xml FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\eBay-de.xml FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\leo_ende_de.xml FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\yahoo-de.xml FF Extension: No Name - C:\Users\kebin\AppData\Roaming\Mozilla\Firefox\profiles\extensions\extensions [2013-07-09] FF Extension: FTdownloader V3.0 - C:\Users\kebin\AppData\Roaming\Mozilla\Firefox\profiles\extensions\ftdownloader3@ftdownloader.com.xpi [2013-04-11] Chrome: ======= CHR HomePage: hxxp://www.google.com/ CHR Plugin: (Shockwave Flash) - C:\Program Files\Google\Chrome\Application\35.0.1916.114\PepperFlash\pepflashplayer.dll () CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer CHR Plugin: (Native Client) - C:\Program Files\Google\Chrome\Application\35.0.1916.114\ppGoogleNaClPluginChrome.dll () CHR Plugin: (Chrome PDF Viewer) - C:\Program Files\Google\Chrome\Application\35.0.1916.114\pdf.dll () CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Reader 11.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.) CHR Plugin: (ESN Launch Mozilla Plugin) - C:\Program Files\Battlelog Web Plugins\2.1.7\npesnlaunch.dll No File CHR Plugin: (ESN Sonar API) - C:\Program Files\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll (ESN Social Software AB) CHR Plugin: (Google Update) - C:\Program Files\Google\Update\1.3.21.149\npGoogleUpdate3.dll No File CHR Plugin: (Java(TM) Platform SE 7 U21) - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) CHR Plugin: (Nokia Suite Enabler Plugin) - C:\Program Files\Nokia\Nokia Suite\npNokiaSuiteEnabler.dll ( ) CHR Plugin: (Shockwave Flash) - C:\Windows\system32\Macromed\Flash\NPSWF32_11_6_602_171.dll No File CHR Plugin: (Java Deployment Toolkit 7.0.210.11) - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation) CHR Extension: (Google Drive) - C:\Users\kebin\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-07-09] CHR Extension: (YouTube) - C:\Users\kebin\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-07-09] CHR Extension: (Adblock Plus) - C:\Users\kebin\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2014-06-03] CHR Extension: (Google-Suche) - C:\Users\kebin\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-07-09] CHR Extension: (Google Wallet) - C:\Users\kebin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-22] CHR Extension: (Google Mail) - C:\Users\kebin\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-07-09] CHR HKLM\...\Chrome\Extension: [ibcgjcbeckcdemelifnledhihpaighfk] - C:\Users\kebin\AppData\Local\CRE\ibcgjcbeckcdemelifnledhihpaighfk.crx [2013-07-09] CHR HKCU\...\Chrome\Extension: [ibcgjcbeckcdemelifnledhihpaighfk] - C:\Users\kebin\AppData\Local\CRE\ibcgjcbeckcdemelifnledhihpaighfk.crx [2013-07-09] CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION ========================== Services (Whitelisted) ================= R2 a2AntiMalware; C:\Program Files\Emsisoft Anti-Malware\a2service.exe [4163584 2014-02-15] (Emsisoft GmbH) R2 AntiVirSchedulerService; C:\Program Files\Avira\AntiVir Desktop\sched.exe [430160 2014-06-03] (Avira Operations GmbH & Co. KG) R2 AntiVirService; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [430160 2014-06-03] (Avira Operations GmbH & Co. KG) R2 MBAMScheduler; C:\Program Files\ Malwarebytes Anti-Malware \mbamscheduler.exe [1809720 2014-05-12] (Malwarebytes Corporation) R2 MBAMService; C:\Program Files\ Malwarebytes Anti-Malware \mbamservice.exe [860472 2014-05-12] (Malwarebytes Corporation) R2 PnkBstrA; C:\Windows\system32\PnkBstrA.exe [76888 2014-05-09] () R2 Realtek11nSU; C:\Program Files\Realtek\11n USB Wireless LAN Utility\RtlService.exe [36864 2010-04-16] (Realtek) ==================== Drivers (Whitelisted) ==================== R3 a2acc; C:\PROGRAM FILES\EMSISOFT ANTI-MALWARE\a2accx86.sys [58200 2014-05-12] (Emsisoft GmbH) R1 A2DDA; C:\Program Files\Emsisoft Anti-Malware\a2ddax86.sys [22056 2013-03-28] (Emsisoft GmbH) R1 a2injectiondriver; C:\Program Files\Emsisoft Anti-Malware\a2dix86.sys [38248 2013-09-30] (Emsisoft GmbH) R1 a2util; C:\Program Files\Emsisoft Anti-Malware\a2util32.sys [18552 2014-05-12] (Emsisoft GmbH) R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [93528 2014-06-03] (Avira Operations GmbH & Co. KG) R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [136216 2014-06-03] (Avira Operations GmbH & Co. KG) R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [37352 2013-12-01] (Avira Operations GmbH & Co. KG) R3 cleanhlp; C:\Program Files\Emsisoft Anti-Malware\cleanhlp32.sys [50200 2013-12-04] (Emsisoft GmbH) R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [23256 2014-05-12] (Malwarebytes Corporation) R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [110296 2014-06-05] (Malwarebytes Corporation) R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [51928 2014-05-12] (Malwarebytes Corporation) R3 nusb3hub; C:\Windows\System32\DRIVERS\nusb3hub.sys [64904 2010-04-27] (Renesas Electronics Corporation) R3 nusb3xhc; C:\Windows\System32\DRIVERS\nusb3xhc.sys [146568 2010-04-27] (Renesas Electronics Corporation) R1 RrNetCapFilterDriver; C:\Windows\System32\DRIVERS\RrNetCapFilterDriver.sys [22184 2013-10-29] (Audials AG) R1 ssmdrv; C:\Windows\System32\DRIVERS\ssmdrv.sys [28520 2013-07-09] (Avira GmbH) R3 tbhsd; C:\Windows\System32\drivers\tbhsd.sys [39048 2013-03-07] (RapidSolution Software AG) ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2014-06-05 19:03 - 2014-06-05 19:03 - 00854367 _____ () C:\Users\kebin\Desktop\SecurityCheck.exe 2014-06-04 21:22 - 2014-06-04 21:22 - 00000000 ____D () C:\Program Files\ESET 2014-06-04 21:21 - 2014-06-04 21:22 - 02347384 _____ (ESET) C:\Users\kebin\Downloads\esetsmartinstaller_deu (1).exe 2014-06-03 21:55 - 2014-06-03 21:56 - 00048540 _____ () C:\Users\kebin\Desktop\mbam.txt 2014-06-03 21:52 - 2014-06-03 21:52 - 00003011 _____ () C:\Users\kebin\Desktop\JRT.txt 2014-06-03 21:46 - 2014-06-03 21:46 - 00000000 ____D () C:\Windows\ERUNT 2014-06-03 21:42 - 2014-06-03 21:42 - 00011095 _____ () C:\Users\kebin\Desktop\AdwCleaner[S0].txt 2014-06-03 21:35 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\Windows\system32\sqlite3.dll 2014-06-03 21:25 - 2014-06-03 21:38 - 00000000 ____D () C:\AdwCleaner 2014-06-03 18:37 - 2014-06-05 05:37 - 00110296 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2014-06-03 18:36 - 2014-06-03 18:36 - 00001064 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk 2014-06-03 18:36 - 2014-06-03 18:36 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 2014-06-03 18:36 - 2014-06-03 18:36 - 00000000 ____D () C:\ProgramData\Malwarebytes 2014-06-03 18:36 - 2014-06-03 18:36 - 00000000 ____D () C:\Program Files\ Malwarebytes Anti-Malware 2014-06-03 18:36 - 2014-05-12 07:26 - 00051928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys 2014-06-03 18:36 - 2014-05-12 07:25 - 00074456 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys 2014-06-03 18:36 - 2014-05-12 07:25 - 00023256 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys 2014-06-03 18:35 - 2014-06-03 18:35 - 02347384 _____ (ESET) C:\Users\kebin\Downloads\esetsmartinstaller_deu.exe 2014-06-03 18:35 - 2014-06-03 18:35 - 01016261 _____ (Thisisu) C:\Users\kebin\Desktop\JRT.exe 2014-06-03 18:34 - 2014-06-03 18:34 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\kebin\Downloads\mbam-setup-2.0.2.1012.exe 2014-06-03 18:34 - 2014-06-03 18:34 - 01327971 _____ () C:\Users\kebin\Desktop\adwcleaner_3.211.exe 2014-06-02 21:17 - 2014-06-02 21:17 - 00033748 _____ () C:\Users\kebin\Desktop\Addition.txt 2014-06-02 21:16 - 2014-06-05 19:14 - 00016137 _____ () C:\Users\kebin\Desktop\FRST.txt 2014-06-02 20:58 - 2014-06-02 20:58 - 00000000 ____D () C:\Users\kebin\Desktop\FRST-OlderVersion 2014-06-02 17:01 - 2014-06-05 19:13 - 00000000 ____D () C:\FRST 2014-06-02 17:01 - 2014-06-02 20:58 - 01059840 _____ (Farbar) C:\Users\kebin\Desktop\FRST.exe 2014-06-02 15:38 - 2014-06-02 15:38 - 00001053 _____ () C:\Users\Public\Desktop\Emsisoft Anti-Malware.lnk 2014-06-02 15:38 - 2014-06-02 15:38 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Emsisoft Anti-Malware 2014-06-02 15:36 - 2014-06-05 19:05 - 00000000 ____D () C:\Program Files\Emsisoft Anti-Malware 2014-06-02 15:36 - 2014-06-02 15:36 - 00000000 ____D () C:\Users\kebin\Documents\Anti-Malware 2014-05-14 22:03 - 2014-05-14 22:03 - 00000000 ____D () C:\Program Files\Common Files\DESIGNER 2014-05-14 22:00 - 2014-05-06 05:25 - 17382912 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2014-05-14 22:00 - 2014-05-06 05:07 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2014-05-14 22:00 - 2014-05-06 04:10 - 00069632 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll 2014-05-14 17:33 - 2014-05-09 09:06 - 00369664 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll 2014-05-14 17:33 - 2014-05-09 09:04 - 00302592 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll 2014-05-14 17:32 - 2014-04-12 04:15 - 00136640 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys 2014-05-14 17:32 - 2014-04-12 04:15 - 00067520 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys 2014-05-14 17:32 - 2014-04-12 04:12 - 00100352 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll 2014-05-14 17:32 - 2014-04-12 04:12 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll 2014-05-14 17:32 - 2014-04-12 04:12 - 00015872 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll 2014-05-14 17:32 - 2014-04-12 04:11 - 01059840 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll 2014-05-14 17:32 - 2014-04-12 04:11 - 00022528 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe 2014-05-14 17:32 - 2014-03-25 04:09 - 12874240 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll 2014-05-14 17:32 - 2014-03-04 11:20 - 03969984 _____ (Microsoft Corporation) C:\Windows\system32\ntkrnlpa.exe 2014-05-14 17:32 - 2014-03-04 11:20 - 03914176 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe 2014-05-14 17:32 - 2014-03-04 11:17 - 00550912 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll 2014-05-14 17:32 - 2014-03-04 11:17 - 00538112 _____ (Microsoft Corporation) C:\Windows\system32\objsel.dll 2014-05-14 17:32 - 2014-03-04 11:17 - 00304128 _____ (Microsoft Corporation) C:\Windows\system32\winlogon.exe 2014-05-14 17:32 - 2014-03-04 11:17 - 00293376 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll 2014-05-14 17:32 - 2014-03-04 11:17 - 00259584 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll 2014-05-14 17:32 - 2014-03-04 11:17 - 00247808 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll 2014-05-14 17:32 - 2014-03-04 11:17 - 00172032 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll 2014-05-14 17:32 - 2014-03-04 11:17 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll 2014-05-14 17:32 - 2014-03-04 11:17 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\cngprovider.dll 2014-05-14 17:32 - 2014-03-04 11:17 - 00049664 _____ (Microsoft Corporation) C:\Windows\system32\adprovider.dll 2014-05-14 17:32 - 2014-03-04 11:17 - 00048128 _____ (Microsoft Corporation) C:\Windows\system32\capiprovider.dll 2014-05-14 17:32 - 2014-03-04 11:17 - 00047616 _____ (Microsoft Corporation) C:\Windows\system32\dpapiprovider.dll 2014-05-14 17:32 - 2014-03-04 11:17 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\dimsroam.dll 2014-05-14 17:32 - 2014-03-04 11:17 - 00035328 _____ (Microsoft Corporation) C:\Windows\system32\wincredprovider.dll 2014-05-14 17:32 - 2014-03-04 11:17 - 00017408 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll 2014-05-12 17:39 - 2014-05-12 17:39 - 00000213 _____ () C:\Users\kebin\Desktop\Counter-Strike Global Offensive.url 2014-05-11 18:33 - 2014-05-11 18:33 - 00000000 ____D () C:\Users\kebin\Documents\7 Days To Die 2014-05-06 21:48 - 2014-05-15 13:08 - 00000000 ___SD () C:\Windows\system32\CompatTel ==================== One Month Modified Files and Folders ======= 2014-06-05 19:14 - 2014-06-02 21:16 - 00016137 _____ () C:\Users\kebin\Desktop\FRST.txt 2014-06-05 19:13 - 2014-06-02 17:01 - 00000000 ____D () C:\FRST 2014-06-05 19:13 - 2014-01-13 18:33 - 00000000 ____D () C:\Users\kebin\AppData\Local\PMB Files 2014-06-05 19:13 - 2014-01-13 18:33 - 00000000 ____D () C:\ProgramData\PMB Files 2014-06-05 19:13 - 2013-03-08 21:06 - 00000000 ____D () C:\Users\kebin\AppData\Local\Temp 2014-06-05 19:09 - 2014-04-27 16:09 - 00000282 _____ () C:\Windows\Tasks\FF Watcher {4ABDC18F-3611-40F6-9256-60C9A1E18F9B}.job 2014-06-05 19:05 - 2014-06-02 15:36 - 00000000 ____D () C:\Program Files\Emsisoft Anti-Malware 2014-06-05 19:03 - 2014-06-05 19:03 - 00854367 _____ () C:\Users\kebin\Desktop\SecurityCheck.exe 2014-06-05 18:41 - 2013-03-08 21:01 - 01419147 _____ () C:\Windows\WindowsUpdate.log 2014-06-05 18:40 - 2013-07-09 15:55 - 00001096 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2014-06-05 18:38 - 2013-07-09 15:55 - 00001092 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2014-06-05 05:37 - 2014-06-03 18:37 - 00110296 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2014-06-04 21:22 - 2014-06-04 21:22 - 00000000 ____D () C:\Program Files\ESET 2014-06-04 21:22 - 2014-06-04 21:21 - 02347384 _____ (ESET) C:\Users\kebin\Downloads\esetsmartinstaller_deu (1).exe 2014-06-04 15:35 - 2009-07-14 06:34 - 00009696 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2014-06-04 15:35 - 2009-07-14 06:34 - 00009696 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2014-06-04 15:26 - 2013-11-02 13:15 - 00028755 _____ () C:\Windows\setupact.log 2014-06-04 15:26 - 2013-07-07 09:34 - 00000436 _____ () C:\Windows\system32\Drivers\etc\hosts.ics 2014-06-04 15:26 - 2009-07-14 06:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2014-06-03 21:56 - 2014-06-03 21:55 - 00048540 _____ () C:\Users\kebin\Desktop\mbam.txt 2014-06-03 21:52 - 2014-06-03 21:52 - 00003011 _____ () C:\Users\kebin\Desktop\JRT.txt 2014-06-03 21:46 - 2014-06-03 21:46 - 00000000 ____D () C:\Windows\ERUNT 2014-06-03 21:42 - 2014-06-03 21:42 - 00011095 _____ () C:\Users\kebin\Desktop\AdwCleaner[S0].txt 2014-06-03 21:39 - 2013-11-08 12:26 - 00092658 _____ () C:\Windows\PFRO.log 2014-06-03 21:38 - 2014-06-03 21:25 - 00000000 ____D () C:\AdwCleaner 2014-06-03 21:37 - 2013-03-09 16:50 - 00000937 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Opera.lnk 2014-06-03 21:28 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\AppCompat 2014-06-03 21:27 - 2013-03-09 13:44 - 00000000 ____D () C:\Users\kebin\AppData\Roaming\Spotify 2014-06-03 18:36 - 2014-06-03 18:36 - 00001064 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk 2014-06-03 18:36 - 2014-06-03 18:36 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 2014-06-03 18:36 - 2014-06-03 18:36 - 00000000 ____D () C:\ProgramData\Malwarebytes 2014-06-03 18:36 - 2014-06-03 18:36 - 00000000 ____D () C:\Program Files\ Malwarebytes Anti-Malware 2014-06-03 18:35 - 2014-06-03 18:35 - 02347384 _____ (ESET) C:\Users\kebin\Downloads\esetsmartinstaller_deu.exe 2014-06-03 18:35 - 2014-06-03 18:35 - 01016261 _____ (Thisisu) C:\Users\kebin\Desktop\JRT.exe 2014-06-03 18:34 - 2014-06-03 18:34 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\kebin\Downloads\mbam-setup-2.0.2.1012.exe 2014-06-03 18:34 - 2014-06-03 18:34 - 01327971 _____ () C:\Users\kebin\Desktop\adwcleaner_3.211.exe 2014-06-03 18:13 - 2013-03-09 13:44 - 00000000 ____D () C:\Users\kebin\AppData\Local\Spotify 2014-06-03 16:27 - 2014-01-16 21:45 - 00000000 ____D () C:\Users\kebin\AppData\Roaming\TS3Client 2014-06-03 15:37 - 2013-07-09 16:07 - 00136216 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys 2014-06-03 15:37 - 2013-07-09 16:07 - 00093528 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys 2014-06-02 21:17 - 2014-06-02 21:17 - 00033748 _____ () C:\Users\kebin\Desktop\Addition.txt 2014-06-02 21:06 - 2013-03-19 16:19 - 00000000 ____D () C:\Program Files\Atari 2014-06-02 20:58 - 2014-06-02 20:58 - 00000000 ____D () C:\Users\kebin\Desktop\FRST-OlderVersion 2014-06-02 20:58 - 2014-06-02 17:01 - 01059840 _____ (Farbar) C:\Users\kebin\Desktop\FRST.exe 2014-06-02 16:54 - 2013-07-07 16:59 - 00000000 ____D () C:\Users\kebin\Desktop\SPIELE 2014-06-02 16:42 - 2013-05-14 18:04 - 00000000 ____D () C:\Users\kebin\Documents\My Games 2014-06-02 16:41 - 2013-07-25 14:27 - 00000000 ____D () C:\Program Files\R.G. Mechanics 2014-06-02 16:39 - 2013-07-16 16:40 - 00000000 ____D () C:\Program Files\Common Files\DVDVideoSoft 2014-06-02 16:39 - 2013-05-14 17:50 - 00000000 ____D () C:\Users\kebin\AppData\Roaming\DVDVideoSoft 2014-06-02 16:29 - 2013-11-13 18:56 - 00000000 ____D () C:\Users\kebin\Documents\W-Seminar 2014-06-02 16:01 - 2013-03-08 21:11 - 01618320 _____ () C:\Windows\system32\PerfStringBackup.INI 2014-06-02 15:38 - 2014-06-02 15:38 - 00001053 _____ () C:\Users\Public\Desktop\Emsisoft Anti-Malware.lnk 2014-06-02 15:38 - 2014-06-02 15:38 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Emsisoft Anti-Malware 2014-06-02 15:36 - 2014-06-02 15:36 - 00000000 ____D () C:\Users\kebin\Documents\Anti-Malware 2014-05-31 20:11 - 2013-12-08 15:31 - 00000000 ____D () C:\Users\kebin\Documents\Deutsch 2014-05-23 19:08 - 2013-04-09 14:08 - 00000000 ____D () C:\Users\kebin\AppData\Roaming\Skype 2014-05-21 16:55 - 2013-07-09 15:55 - 00002121 _____ () C:\Users\Public\Desktop\Google Chrome.lnk 2014-05-16 22:31 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\rescache 2014-05-15 18:46 - 2013-04-07 18:37 - 00000000 ____D () C:\Program Files\Steam 2014-05-15 13:48 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\Microsoft.NET 2014-05-15 13:08 - 2014-05-06 21:48 - 00000000 ___SD () C:\Windows\system32\CompatTel 2014-05-15 13:08 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\system32\de-DE 2014-05-14 22:10 - 2013-08-14 19:23 - 00000000 ____D () C:\Windows\system32\MRT 2014-05-14 22:03 - 2014-05-14 22:03 - 00000000 ____D () C:\Program Files\Common Files\DESIGNER 2014-05-14 22:03 - 2013-07-17 15:37 - 90547776 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe 2014-05-14 22:03 - 2013-04-11 20:34 - 00000000 ____D () C:\ProgramData\Microsoft Help 2014-05-12 17:39 - 2014-05-12 17:39 - 00000213 _____ () C:\Users\kebin\Desktop\Counter-Strike Global Offensive.url 2014-05-12 07:26 - 2014-06-03 18:36 - 00051928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys 2014-05-12 07:25 - 2014-06-03 18:36 - 00074456 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys 2014-05-12 07:25 - 2014-06-03 18:36 - 00023256 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys 2014-05-11 18:33 - 2014-05-11 18:33 - 00000000 ____D () C:\Users\kebin\Documents\7 Days To Die 2014-05-11 12:18 - 2013-04-24 19:41 - 00000000 ____D () C:\Users\kebin\AppData\Roaming\.minecraft 2014-05-09 21:03 - 2013-06-30 15:00 - 00290184 _____ () C:\Windows\system32\PnkBstrB.xtr 2014-05-09 21:03 - 2013-06-29 12:59 - 00290184 _____ () C:\Windows\system32\PnkBstrB.exe 2014-05-09 21:03 - 2013-06-29 12:59 - 00139032 _____ () C:\Windows\system32\Drivers\PnkBstrK.sys 2014-05-09 21:02 - 2013-06-29 12:59 - 00280904 _____ () C:\Windows\system32\PnkBstrB.ex0 2014-05-09 21:01 - 2013-06-30 14:59 - 00000000 ____D () C:\Program Files\Battlelog Web Plugins 2014-05-09 19:40 - 2013-06-29 12:59 - 00076888 _____ () C:\Windows\system32\PnkBstrA.exe 2014-05-09 19:36 - 2013-06-29 12:09 - 00000000 ____D () C:\ProgramData\Origin 2014-05-09 19:36 - 2013-06-29 12:09 - 00000000 ____D () C:\Program Files\Origin 2014-05-09 09:06 - 2014-05-14 17:33 - 00369664 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll 2014-05-09 09:04 - 2014-05-14 17:33 - 00302592 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll 2014-05-08 16:38 - 2014-05-02 12:51 - 00000000 ____D () C:\Users\kebin\Documents\Sozialkunde 2014-05-08 13:36 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\system32\NDF 2014-05-06 17:35 - 2013-10-17 19:57 - 00000000 ____D () C:\Users\kebin\AppData\Local\Windows Live 2014-05-06 05:25 - 2014-05-14 22:00 - 17382912 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2014-05-06 05:07 - 2014-05-14 22:00 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2014-05-06 04:10 - 2014-05-14 22:00 - 00069632 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll Files to move or delete: ==================== C:\Users\kebin\AppData\Roaming\Camdata.ini C:\Users\kebin\AppData\Roaming\CamLayout.ini C:\Users\kebin\AppData\Roaming\CamShapes.ini Some content of TEMP: ==================== C:\Users\Gast.kebin-PC\AppData\Local\Temp\avgnt.exe C:\Users\kebin\AppData\Local\Temp\avgnt.exe C:\Users\kebin\AppData\Local\Temp\i4jdel0.exe C:\Users\kebin\AppData\Local\Temp\javagiac0.5293851001103334.dll C:\Users\kebin\AppData\Local\Temp\Quarantine.exe C:\Users\kebin\AppData\Local\Temp\SIInvoker.exe C:\Users\kebin\AppData\Local\Temp\SkypeSetup.exe C:\Users\kebin\AppData\Local\Temp\sonarinst.exe C:\Users\kebin\AppData\Local\Temp\swt-win32-3349.dll ==================== Bamital & volsnap Check ================= C:\Windows\explorer.exe => MD5 is legit C:\Windows\system32\winlogon.exe => MD5 is legit C:\Windows\system32\wininit.exe => MD5 is legit C:\Windows\system32\svchost.exe => MD5 is legit C:\Windows\system32\services.exe => MD5 is legit C:\Windows\system32\User32.dll => MD5 is legit C:\Windows\system32\userinit.exe => MD5 is legit C:\Windows\system32\rpcss.dll => MD5 is legit C:\Windows\system32\Drivers\volsnap.sys => MD5 is legit LastRegBack: 2014-06-01 22:11 ==================== End Of Log ============================ ------------------------------------- Addition Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x86) Version:02-06-2014
Ran by kebin at 2014-06-05 19:14:13
Running from C:\Users\kebin\Desktop
Boot Mode: Normal
==========================================================
==================== Security Center ========================
AV: Avira Desktop (Disabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
AV: Emsisoft Anti-Malware (Enabled - Up to date) {8504DEEF-CC04-1F76-2137-F1A5F4A659DA}
AS: Avira Desktop (Disabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Emsisoft Anti-Malware (Enabled - Up to date) {3E653F0B-EA3E-10F8-1B87-CAD78F211367}
==================== Installed Programs ======================
*tmx englisch (HKLM\...\{89286F5B-4B78-41DE-9982-B7AD010DE01B}) (Version: 5.00.0000 - *tmx communications)
7 Days to Die (HKLM\...\Steam App 251570) (Version: - The Fun Pimps)
Adobe Flash Player 11 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 11.6.602.171 - Adobe Systems Incorporated)
Adobe Flash Player 11 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 11.9.900.117 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.02) - Deutsch (HKLM\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.02 - Adobe Systems Incorporated)
Advanced Archive Password Recovery (HKLM\...\{01011662-76A8-41E8-B1A8-4F8821570AC5}) (Version: 4.54.48.1338 - Elcomsoft Co. Ltd.)
Age of Empires II: HD Edition (HKLM\...\Steam App 221380) (Version: - )
AMD Accelerated Video Transcoding (Version: 12.10.100.30328 - Advanced Micro Devices, Inc.) Hidden
AMD Catalyst Install Manager (HKLM\...\{FF6A8312-0A62-3AC0-A49F-9CB7390AE5EC}) (Version: 8.0.911.0 - Advanced Micro Devices, Inc.)
AMD Drag and Drop Transcoding (Version: 2.00.0000 - Advanced Micro Devices, Inc.) Hidden
AMD Media Foundation Decoders (Version: 1.0.80328.2203 - Advanced Micro Devices, Inc.) Hidden
AMD Wireless Display v3.0 (Version: 1.0.0.10 - Advanced Micro Devices, Inc.) Hidden
Application Profiles (HKLM\...\{63059735-CA97-FDFB-0E7A-3B8D81572EFD}) (Version: 2.0.4888.34279 - Advanced Micro Devices, Inc.)
ASIO4ALL (HKLM\...\ASIO4ALL) (Version: 2.10 - Michael Tippach)
Assassin’s Creed® III (HKLM\...\Steam App 208480) (Version: - Ubisoft Montreal)
Audials (HKLM\...\{D37248E4-6C59-4F21-ACBF-E58FAD54F9DB}) (Version: 11.0.39402.200 - Audials AG)
Avira Free Antivirus (HKLM\...\Avira AntiVir Desktop) (Version: 14.0.4.642 - Avira)
Battlefield 3™ (HKLM\...\{76285C16-411A-488A-BCE3-C83CB933D8CF}) (Version: 1.0.0.0 - Electronic Arts)
Battlelog Web Plugins (HKLM\...\Battlelog Web Plugins) (Version: 2.3.2 - EA Digital Illusions CE AB)
BlueJ (HKLM\...\{7D66971C-652B-4065-A6B1-B3EE313C254B}) (Version: 3.1.0 - BlueJ Team)
BPM Counter 1.6.0.0 (HKLM\...\BPM Counter_is1) (Version: 1.6.0.0 - AbyssMedia.com)
Call of Duty: Modern Warfare 2 - Multiplayer (HKLM\...\Steam App 10190) (Version: - Infinity Ward)
Catalyst Control Center - Branding (Version: 1.00.0000 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center (Version: 2013.0328.2218.38225 - Ihr Firmenname) Hidden
Catalyst Control Center Graphics Previews Common (Version: 2013.0328.2218.38225 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center InstallProxy (Version: 2013.0328.2218.38225 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Localization All (Version: 2013.0328.2218.38225 - Advanced Micro Devices, Inc.) Hidden
CCC Help Chinese Standard (Version: 2013.0328.2217.38225 - Advanced Micro Devices, Inc.) Hidden
CCC Help Chinese Traditional (Version: 2013.0328.2217.38225 - Advanced Micro Devices, Inc.) Hidden
CCC Help Czech (Version: 2013.0328.2217.38225 - Advanced Micro Devices, Inc.) Hidden
CCC Help Danish (Version: 2013.0328.2217.38225 - Advanced Micro Devices, Inc.) Hidden
CCC Help Dutch (Version: 2013.0328.2217.38225 - Advanced Micro Devices, Inc.) Hidden
CCC Help English (Version: 2013.0328.2217.38225 - Advanced Micro Devices, Inc.) Hidden
CCC Help Finnish (Version: 2013.0328.2217.38225 - Advanced Micro Devices, Inc.) Hidden
CCC Help French (Version: 2013.0328.2217.38225 - Advanced Micro Devices, Inc.) Hidden
CCC Help German (Version: 2013.0328.2217.38225 - Advanced Micro Devices, Inc.) Hidden
CCC Help Greek (Version: 2013.0328.2217.38225 - Advanced Micro Devices, Inc.) Hidden
CCC Help Hungarian (Version: 2013.0328.2217.38225 - Advanced Micro Devices, Inc.) Hidden
CCC Help Italian (Version: 2013.0328.2217.38225 - Advanced Micro Devices, Inc.) Hidden
CCC Help Japanese (Version: 2013.0328.2217.38225 - Advanced Micro Devices, Inc.) Hidden
CCC Help Korean (Version: 2013.0328.2217.38225 - Advanced Micro Devices, Inc.) Hidden
CCC Help Norwegian (Version: 2013.0328.2217.38225 - Advanced Micro Devices, Inc.) Hidden
CCC Help Polish (Version: 2013.0328.2217.38225 - Advanced Micro Devices, Inc.) Hidden
CCC Help Portuguese (Version: 2013.0328.2217.38225 - Advanced Micro Devices, Inc.) Hidden
CCC Help Russian (Version: 2013.0328.2217.38225 - Advanced Micro Devices, Inc.) Hidden
CCC Help Spanish (Version: 2013.0328.2217.38225 - Advanced Micro Devices, Inc.) Hidden
CCC Help Swedish (Version: 2013.0328.2217.38225 - Advanced Micro Devices, Inc.) Hidden
CCC Help Thai (Version: 2013.0328.2217.38225 - Advanced Micro Devices, Inc.) Hidden
CCC Help Turkish (Version: 2013.0328.2217.38225 - Advanced Micro Devices, Inc.) Hidden
ccc-utility (Version: 2013.0328.2218.38225 - Advanced Micro Devices, Inc.) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 3.25 - Piriform)
Cisco EAP-FAST Module (HKLM\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.)
Cisco LEAP Module (HKLM\...\{51C7AD07-C3F6-4635-8E8A-231306D810FE}) (Version: 1.0.19 - Cisco Systems, Inc.)
Cisco PEAP Module (HKLM\...\{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}) (Version: 1.1.6 - Cisco Systems, Inc.)
Counter-Strike: Global Offensive (HKLM\...\Steam App 730) (Version: - Valve)
CPU-Control (HKLM\...\CPU-Control_is1) (Version: - Koma-Code)
D3DX10 (Version: 15.4.2368.0902 - Microsoft) Hidden
Dart2010 2.0.1 (HKLM\...\Dart2010) (Version: 2.0.1 - Klaus Sobieray)
DartPro 2.9.0.0 (HKLM\...\DartPro_is1) (Version: - RuSyS)
DiRT 2 (HKLM\...\Steam App 12840) (Version: - Codemasters Racing Studio)
EA SPORTS Game Face Browser Plugin 1.8.0.0 (HKCU\...\EA SPORTS Game Face Browser Plugin) (Version: 1.8.0.0 - Electronic Arts)
Emsisoft Anti-Malware (HKLM\...\{BC30E5E7-047D-4232-A7E8-F2CB7CC7B2E0}_is1) (Version: 8.1 - Emsisoft GmbH)
ESET Online Scanner v3 (HKLM\...\ESET Online Scanner) (Version: - )
ESN Sonar (HKLM\...\ESN Sonar-0.70.4) (Version: 0.70.4 - ESN Social Software AB)
Fotogalerie (Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
GeoGebra 4.2 (HKLM\...\GeoGebra 4.2) (Version: 4.2.57.0 - International GeoGebra Institute)
GeoGebra 5.0 (HKLM\...\GeoGebra 5.0) (Version: 4.9.248.0 - International GeoGebra Institute)
GIANTS Editor 5.0.1 (HKLM\...\giants_editor_5.0.1_is1) (Version: 5.0.1 - GIANTS Software GmbH)
GIMP 2.8.6 (HKLM\...\GIMP-2_is1) (Version: 2.8.6 - The GIMP Team)
Google Chrome (HKLM\...\Google Chrome) (Version: 35.0.1916.114 - Google Inc.)
Google Update Helper (Version: 1.3.24.7 - Google Inc.) Hidden
HP Officejet 6100 - Grundlegende Software für das Gerät (HKLM\...\{28FE6C88-97EC-4FC5-8FF3-70E800F5C33E}) (Version: 25.0.617.0 - Hewlett-Packard Co.)
HP Officejet 6100 Hilfe (HKLM\...\{2033DC31-6C96-4E5B-BF51-6BFFDB3E6564}) (Version: 140.0.2.2 - Hewlett Packard)
HP Update (HKLM\...\{85DF2EED-08BC-46FB-90DA-28B0D0A8E8A8}) (Version: 5.003.000.004 - Hewlett-Packard)
IL Shared Libraries (HKLM\...\IL Shared Libraries) (Version: - Image-Line)
Java 7 Update 21 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83217021FF}) (Version: 7.0.210 - Oracle)
Java Auto Updater (Version: 2.1.9.5 - Sun Microsystems, Inc.) Hidden
Java SE Development Kit 7 Update 21 (HKLM\...\{32A3A4F4-B792-11D6-A78A-00B0D0170210}) (Version: 1.7.0.210 - Oracle)
Junk Mail filter update (Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Kinovea (HKLM\...\Kinovea) (Version: 0.8.15 - Kinovea)
K-Lite Codec Pack 10.2.0 Full (HKLM\...\KLiteCodecPack_is1) (Version: 10.2.0 - )
Lame ACM MP3 Codec (HKLM\...\Lame MP3 Codec (for the ACM)) (Version: - )
Landwirtschafts Simulator 2011 (HKLM\...\FarmingSimulator2011DE_is1) (Version: 1.0 - GIANTS Software)
Langenscheidt Vokabeltrainer 6.0 Demoversion (HKLM\...\{B2F9A670-BA19-4B2C-8CB9-97801C488C02}) (Version: 6.0.16 - Langenscheidt)
League of Legends (HKLM\...\League of Legends 3.0.1) (Version: 3.0.1 - Riot Games )
League of Legends (Version: 3.0.1 - Riot Games ) Hidden
Magic The Gathering - Duels of the Planeswalkers 2013 (HKLM\...\Magic The Gathering - Duels of the Planeswalkers 2013_is1) (Version: - )
Malwarebytes Anti-Malware Version 2.0.2.1012 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
Microsoft .NET Framework 4.5.1 (DEU) (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6012.5000 - Microsoft Corporation) Hidden
Microsoft Games for Windows - LIVE (HKLM\...\{2C9EE786-1DDB-4C98-8FA4-B1B9B5A66B77}) (Version: 3.1.186.0 - Microsoft Corporation)
Microsoft Games for Windows - LIVE Redistributable (HKLM\...\{00C5F4F4-62F9-40D7-8000-AD8A9CD0C669}) (Version: 3.1.99.0 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM\...\{90120000-001B-0000-0000-0000000FF1CE}_WORD_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft)
Microsoft Office 2007 Service Pack 3 (SP3) (Version: - Microsoft) Hidden
Microsoft Office Excel MUI (German) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Home and Student 2007 (HKLM\...\HOMESTUDENTR) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Home and Student 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (German) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (German) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (German) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Italian) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Spanish) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (English) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proofing (German) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) (Version: - Microsoft) Hidden
Microsoft Office Shared MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (German) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Word 2007 (HKLM\...\WORD) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Word 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (German) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{A49F249F-0C91-497F-86DF-B2585E8E76B7}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM\...\{6AFCA4E1-9B78-3640-8F72-A7BF33448200}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 (HKLM\...\{95716cce-fc71-413f-8ad5-56c2892d4b3a}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.60610 (Version: 11.0.60610 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.60610 (Version: 11.0.60610 - Microsoft Corporation) Hidden
Microsoft_VC100_CRT_SP1_x86 (Version: 10.0.40219.1 - Nokia) Hidden
Movie Maker (Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Mozilla Firefox 26.0 (x86 de) (HKLM\...\Mozilla Firefox 26.0 (x86 de)) (Version: 26.0 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 26.0 - Mozilla)
MSVC80_x86_v2 (Version: 1.0.3.0 - Nokia) Hidden
MSVC90_x86 (Version: 1.0.1.2 - Nokia) Hidden
MSVCRT (Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT110 (Version: 16.4.1108.0727 - Microsoft) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Nokia Connectivity Cable Driver (HKLM\...\{6FE12C01-2FBC-42E2-AEB9-4CA2238C462F}) (Version: 7.1.101.0 - Nokia)
Nokia Suite (HKLM\...\Nokia Suite) (Version: 3.7.22.0 - Nokia)
Nokia Suite (Version: 3.7.22.0 - Nokia) Hidden
OpenAL (HKLM\...\OpenAL) (Version: - )
OpenOffice.org 3.4.1 (HKLM\...\{2303AEEA-0FA8-4AFD-80A9-8F86BA4B44D2}) (Version: 3.41.9593 - Apache Software Foundation)
Opera 12.16 (HKLM\...\Opera 12.16.1860) (Version: 12.16.1860 - Opera Software ASA)
Opera Stable 18.0.1284.63 (HKLM\...\Opera 18.0.1284.63) (Version: 18.0.1284.63 - Opera Software ASA)
Origin (HKLM\...\Origin) (Version: 9.2.1.4399 - Electronic Arts, Inc.)
Paint.NET v3.5.11 (HKLM\...\{72EF03F5-0507-4861-9A44-D99FD4C41417}) (Version: 3.61.0 - dotPDN LLC)
Pando Media Booster (HKLM\...\{980A182F-E0A2-4A40-94C1-AE0C1235902E}) (Version: 2.6.0.7 - Pando Networks Inc.)
PC Connectivity Solution (HKLM\...\{6B722793-E77B-41F5-BAB3-6C9832274E75}) (Version: 12.0.76.0 - Nokia)
Photo Common (Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Photo Gallery (Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
PokerTH (HKLM\...\PokerTH 1.0.1) (Version: 1.0.1 - www.pokerth.net)
PokerTH (HKLM\...\PokerTH 1.1) (Version: 1.1 - www.pokerth.net)
PunkBuster Services (HKLM\...\PunkBusterSvc) (Version: 0.991 - Even Balance, Inc.)
Rapture3D 2.3.26 Game (HKLM\...\{D2FCA41E-AC01-4DCD-B3A7-DC9E32363065}}_is1) (Version: - Blue Ripple Sound)
Realtek Ethernet Controller Driver For Windows 7 (HKLM\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.21.531.2010 - Realtek)
Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6136 - Realtek Semiconductor Corp.)
REALTEK Wireless LAN Driver (HKLM\...\{B20F9D1C-A0A5-4cd8-8306-DE95842311B1}) (Version: 1.00.0129 - REALTEK Semiconductor Corp.)
REALTEK Wireless LAN Driver and Utility (HKLM\...\{9C049499-055C-4a0c-A916-1D8CA1FF45EB}) (Version: 1.00.0187 - REALTEK Semiconductor Corp.)
Renesas Electronics USB 3.0 Host Controller Driver (HKLM\...\InstallShield_{5442DAB8-7177-49E1-8B22-09A049EA5996}) (Version: 2.0.4.0 - Renesas Electronics Corporation)
Renesas Electronics USB 3.0 Host Controller Driver (Version: 2.0.4.0 - Renesas Electronics Corporation) Hidden
RollerCoaster Tycoon 3 (HKLM\...\RollerCoaster Tycoon 3_is1) (Version: - Atari)
Samsung Media Studio (HKLM\...\{C20CE592-B0F8-4D20-BF31-0151CA6331A6}) (Version: 5 - Samsung)
SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.4.8.0 - SAMSUNG Electronics Co., Ltd.)
Sid Meier's Civilization V (HKLM\...\Steam App 8930) (Version: - 2K Games, Inc.)
Skype™ 6.11 (HKLM\...\{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}) (Version: 6.11.102 - Skype Technologies S.A.)
Spotify (HKCU\...\Spotify) (Version: 0.9.10.14.g578d350b - Spotify AB)
Steam (HKLM\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve Corporation)
TeamSpeak 3 Client (HKCU\...\TeamSpeak 3 Client) (Version: 3.0.13 - TeamSpeak Systems GmbH)
The Lord of the Rings: War in the North (HKLM\...\Steam App 32800) (Version: - Snowblind Studios)
TmNationsForever (HKLM\...\TmNationsForever_is1) (Version: - Nadeo)
Update for 2007 Microsoft Office System (KB967642) (HKLM\...\{90120000-001B-0000-0000-0000000FF1CE}_WORD_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft)
Update for 2007 Microsoft Office System (KB967642) (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft)
Update for Microsoft Office 2007 Help for Common Features (KB963673) (HKLM\...\{90120000-006E-0409-0000-0000000FF1CE}_WORD_{AB365889-0395-4FAD-B702-CA5985D53D42}) (Version: - Microsoft)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition (HKLM\...\{90120000-001B-0000-0000-0000000FF1CE}_WORD_{A024FC7B-77DE-45DE-A058-1C049A17BFB3}) (Version: - Microsoft)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{A024FC7B-77DE-45DE-A058-1C049A17BFB3}) (Version: - Microsoft)
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (HKLM\...\{90120000-001B-0000-0000-0000000FF1CE}_WORD_{CB68A5B0-3508-4193-AEB9-AF636DAECE0F}) (Version: - Microsoft)
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{CB68A5B0-3508-4193-AEB9-AF636DAECE0F}) (Version: - Microsoft)
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition (HKLM\...\{90120000-001B-0000-0000-0000000FF1CE}_WORD_{E9A82945-BA29-4EE8-8F2A-2F49545E9CF2}) (Version: - Microsoft)
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{E9A82945-BA29-4EE8-8F2A-2F49545E9CF2}) (Version: - Microsoft)
Update for Microsoft Office Script Editor Help (KB963671) (HKLM\...\{90120000-006E-0409-0000-0000000FF1CE}_WORD_{CD11C6A2-FFC6-4271-8EAB-79C3582F505C}) (Version: - Microsoft)
Update for Microsoft Office Word 2007 Help (KB963665) (HKLM\...\{90120000-001B-0409-0000-0000000FF1CE}_WORD_{80E762AA-C921-4839-9D7D-DB62A72C0726}) (Version: - Microsoft)
Update für Microsoft Office Excel 2007 Help (KB963678) (HKLM\...\{90120000-0016-0407-0000-0000000FF1CE}_HOMESTUDENTR_{BEC163EC-7A83-48A1-BFB6-3BF47CC2F8CF}) (Version: - Microsoft)
Update für Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM\...\{90120000-0018-0407-0000-0000000FF1CE}_HOMESTUDENTR_{EA160DA3-E9B5-4D03-A518-21D306665B96}) (Version: - Microsoft)
Update für Microsoft Office Word 2007 Help (KB963665) (HKLM\...\{90120000-001B-0407-0000-0000000FF1CE}_HOMESTUDENTR_{38472199-D7B6-4833-A949-10E4EE6365A1}) (Version: - Microsoft)
Uplay (HKLM\...\Uplay) (Version: 2.0 - Ubisoft)
VC80CRTRedist - 8.0.50727.6195 (Version: 1.2.0 - DivX, Inc) Hidden
Windows Live Communications Platform (Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM\...\WinLiveSuite) (Version: 16.4.3508.0205 - Microsoft Corporation)
Windows Live Essentials (Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live ID Sign-in Assistant (Version: 7.250.4311.0 - Microsoft Corporation) Hidden
Windows Live Installer (Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live Mail (Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live MIME IFilter (Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live Photo Common (Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live SOXE (Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live UX Platform (Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live Writer (Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live Writer Resources (Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows-Treiberpaket - Nokia pccsmcfd “LegacyDriver” (05/31/2012 7.1.2.0) (HKLM\...\17D063A0A9F5D5A225B76B1D9BCB5ADBE85C8382) (Version: 05/31/2012 7.1.2.0 - Nokia)
WinRAR 4.20 (32-bit) (HKLM\...\WinRAR archiver) (Version: 4.20.0 - win.rar GmbH)
XviD MPEG-4 Video Codec (HKLM\...\XviD_is1) (Version: XviD-1.0.3-20122004 - XviD Team (Koepi))
==================== Restore Points =========================
14-05-2014 19:58:52 Windows Update
24-05-2014 17:02:01 Geplanter Prüfpunkt
01-06-2014 20:18:34 Geplanter Prüfpunkt
==================== Hosts content: ==========================
2009-07-14 04:04 - 2009-06-10 23:39 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
==================== Scheduled Tasks (whitelisted) =============
Task: {02D9C747-3DE4-4EA9-B314-9D7507BF3C85} - System32\Tasks\{29138DB8-65F5-41A1-AD3D-D24659EE651F} => C:\Program Files\DDS Converter 2\DDS Converter 2.exe
Task: {9B9DEAEB-AD03-4D29-A527-F088816D3486} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2012-11-24] (Piriform Ltd)
Task: {BFFA05F7-DD6B-4BF9-8A71-6456135F7285} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2013-07-09] (Google Inc.)
Task: {CA556849-99B3-49F1-A0AC-42D0BA1DC656} - System32\Tasks\FF Watcher {4ABDC18F-3611-40F6-9256-60C9A1E18F9B} => C:\Program Files\V-bates\PrefHelper.exe
Task: {F0616216-E5D1-48B5-B0EE-CC3753EBEA07} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2013-07-09] (Google Inc.)
Task: C:\Windows\Tasks\FF Watcher {4ABDC18F-3611-40F6-9256-60C9A1E18F9B}.job => C:\Program Files\V-bates\PrefHelper.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
==================== Loaded Modules (whitelisted) =============
2013-06-29 12:59 - 2014-05-09 19:40 - 00076888 _____ () C:\Windows\system32\PnkBstrA.exe
2013-07-22 20:10 - 2009-12-09 21:20 - 00126976 _____ () C:\Program Files\Realtek\11n USB Wireless LAN Utility\EnumDevLib.dll
==================== Alternate Data Streams (whitelisted) =========
==================== Safe Mode (whitelisted) ===================
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CleanHlp => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CleanHlp.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\CleanHlp => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\CleanHlp.sys => ""="Driver"
==================== EXE Association (whitelisted) =============
==================== Disabled items from MSCONFIG ==============
==================== Faulty Device Manager Devices =============
Name: Microsoft-Adapter für Miniports virtueller WiFis
Description: Microsoft-Adapter für Miniports virtueller WiFis
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: vwifimp
Problem: : Windows has stopped this device because it has reported problems. (Code 43)
Resolution: One of the drivers controlling the device notified the operating system that the device failed in some manner. For more information about how to diagnose the problem, see the hardware documentation.
==================== Event log errors: =========================
Application errors:
==================
System errors:
=============
Error: (06/05/2014 06:30:06 PM) (Source: WMPNetworkSvc) (EventID: 14332) (User: )
Description: WMPNetworkSvc0x80070422
Error: (06/05/2014 06:29:59 PM) (Source: ipnathlp) (EventID: 31004) (User: )
Description: 0
Error: (06/05/2014 03:31:45 AM) (Source: ipnathlp) (EventID: 31004) (User: )
Description: 0
Error: (06/04/2014 08:03:03 PM) (Source: WMPNetworkSvc) (EventID: 14332) (User: )
Description: WMPNetworkSvc0x80070422
Error: (06/04/2014 08:01:55 PM) (Source: ipnathlp) (EventID: 31004) (User: )
Description: 0
Error: (06/04/2014 06:19:36 PM) (Source: WMPNetworkSvc) (EventID: 14332) (User: )
Description: WMPNetworkSvc0x80070422
Error: (06/04/2014 06:19:30 PM) (Source: ipnathlp) (EventID: 31004) (User: )
Description: 0
Error: (06/04/2014 03:32:54 PM) (Source: WMPNetworkSvc) (EventID: 14332) (User: )
Description: WMPNetworkSvc0x80070422
Microsoft Office Sessions:
=========================
==================== Memory info ===========================
Percentage of memory in use: 38%
Total physical RAM: 3063.11 MB
Available physical RAM: 1874.52 MB
Total Pagefile: 6124.52 MB
Available Pagefile: 3970.03 MB
Total Virtual: 2047.88 MB
Available Virtual: 1897.14 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:1356.17 GB) (Free:1186.79 GB) NTFS
Drive d: (Recover) (Fixed) (Total:40 GB) (Free:1.57 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 1397 GB) (Disk ID: 2BD2C32A)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=-742852132864) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=40 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=1 GB) - (Type=12)
==================== End Of Log ============================
Es sind keine weiteren Probleme aufgetreten. Ich bedanke recht herzlich bei dir für deine schnelle und zuverlässige Hilfe. MfG Kevin |
|
06.06.2014, 11:52
| #8 |
| /// the machine /// TB-Ausbilder | Mein yahoo email-account verschickt SPAM an meine Kontakte Java udn Flash updaten. Revo Uninstaller - Download - Filepony damit Firefox deinstallieren, keine Daten behalten, Reste entfernen lassen, neu installieren. Dann: https://support.mozilla.org/de/kb/fi...einfach-loesen Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster. Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument Code:
ATTFilter ProxyEnable: Internet Explorer proxy is enabled.
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
Fertig Die Reihenfolge ist hier entscheidend.
Falls Du Lob oder Kritik abgeben möchtest kannst Du das hier tun Hier noch ein paar Tipps zur Absicherung deines Systems. Ich kann garnicht zu oft erwähnen, wie wichtig es ist, dass dein System Up to Date ist.
Anti- Viren Software
Zusätzlicher Schutz
Sicheres Browsen
Alternative Browser Andere Browser tendieren zu etwas mehr Sicherheit als der IE, da diese keine Active X Elemente verwenden. Diese können von Spyware zur Infektion deines Systems missbraucht werden.
Performance Bereinige regelmäßig deine Temp Files. Ich empfehle hierzu TFC Halte dich fern von jedlichen Registry Cleanern. Diese Schaden deinem System mehr als sie helfen. Hier ein paar ( englishe ) Links Miekemoes Blogspot ( MVP ) Bill Castner ( MVP ) Don'ts
Hinweis: Bitte gib mir eine kurze Rückmeldung wenn alles erledigt ist und keine Fragen mehr vorhanden sind, so das ich diesen Thread aus meinen Abos löschen kann.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
07.06.2014, 15:33
| #9 |
| | Mein yahoo email-account verschickt SPAM an meine Kontakte Fixlog.txt Code:
ATTFilter Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version:06-06-2014
Ran by kebin at 2014-06-07 16:28:27 Run:1
Running from C:\Users\kebin\Desktop
Boot Mode: Normal
==============================================
Content of fixlist:
*****************
ProxyEnable: Internet Explorer proxy is enabled.
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
*****************
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable => value deleted successfully.
'HKLM\SOFTWARE\Policies\Google' => Key deleted successfully.
==== End of Fixlog ====
|
|
08.06.2014, 09:46
| #10 |
| /// the machine /// TB-Ausbilder | Mein yahoo email-account verschickt SPAM an meine Kontakte Gern Geschehen
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
