Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung
Win 7 (64): Links im Browser unterstrichen; eDeals, SlamDunk Savings u.v.m.

Win 7 (64): Links im Browser unterstrichen; eDeals, SlamDunk Savings u.v.m.


Plagegeister aller Art und deren Bekämpfung: Win 7 (64): Links im Browser unterstrichen; eDeals, SlamDunk Savings u.v.m.

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 02.11.2014, 20:05   #1
Riddle
 
Win 7 (64): Links im Browser unterstrichen; eDeals, SlamDunk Savings u.v.m. - Standard

Win 7 (64): Links im Browser unterstrichen; eDeals, SlamDunk Savings u.v.m.


Auf ein Neues ...

Code:
ATTFilter
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 02-11-2014
Ran by Admin at 2014-11-02 19:53:38 Run:3
Running from C:\Users\Admin\Desktop
Loaded Profile: Admin (Available profiles: Admin)
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
ProxyEnable: Internet Explorer proxy is enabled.
ProxyServer: http=127.0.0.1:40405
S2 ArchiveBackupDebug.exe; C:\Users\Admin\AppData\Local\ArchiveBackupDebug\ArchiveBackupDebug.exe [X]
S2 DebuggerFreewareNet.exe; C:\Users\Admin\AppData\Local\DebuggerFreewareNet\DebuggerFreewareNet.exe [X]
S2 DebugLogTrash.exe; C:\Users\Admin\AppData\Local\DebugLogTrash\DebugLogTrash.exe [X]
S2 FunctionLogPath.exe; C:\Users\Admin\AppData\Local\FunctionLogPath\FunctionLogPath.exe [X]
S3 RgFltX64; \??\C:\Users\Admin\AppData\Local\DebuggerFreewareNet\RgFltX64.sys [X]
*****************

HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable => value deleted successfully.
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer => value deleted successfully.
ArchiveBackupDebug.exe => Service deleted successfully.
DebuggerFreewareNet.exe => Service deleted successfully.
DebugLogTrash.exe => Service deleted successfully.
FunctionLogPath.exe => Service deleted successfully.
RgFltX64 => Service deleted successfully.

==== End of Fixlog ====

FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 02-11-2014
Ran by Admin (administrator) on ADMIN-PC on 02-11-2014 19:54:37
Running from C:\Users\Admin\Desktop
Loaded Profile: Admin (Available profiles: Admin)
Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(Microsoft Corporation) C:\Windows\System32\audiodg.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(AVM Berlin) C:\Program Files (x86)\FRITZ!DSL\IGDCTRL.EXE
(AVM Berlin) C:\Program Files (x86)\avmwlanstick\WLanNetService.exe
(Microsoft Corporation) C:\Windows\System32\CISVC.EXE
(VIA Technologies, Inc.) C:\Windows\System32\ViakaraokeSrv.exe
(Microsoft Corporation) C:\Windows\WindowsMobile\wmdc.exe
(Eastman Kodak Company) C:\Windows\System32\spool\drivers\x64\3\EKIJ5000MUI.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(AVM Berlin) C:\Program Files (x86)\FRITZ!DSL\FritzDsl.exe
(AVM Berlin) C:\Program Files (x86)\FRITZ!DSL\StCenter.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE
(AVM Berlin) C:\Program Files (x86)\avmwlanstick\WLanGUI.exe
(shbox.de) C:\Program Files (x86)\FreePDF_XP\fpassist.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Microsoft Corporation) C:\Windows\System32\mobsync.exe
(Microsoft Corporation) C:\Windows\System32\msiexec.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [Windows Mobile Device Center] => C:\Windows\WindowsMobile\wmdc.exe [660360 2007-05-31] (Microsoft Corporation)
HKLM\...\Run: [EKIJ5000StatusMonitor] => C:\Windows\system32\spool\DRIVERS\x64\3\EKIJ5000MUI.exe [2922496 2011-06-16] (Eastman Kodak Company)
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1331288 2014-08-22] (Microsoft Corporation)
HKLM\...\Run: [Kernel and Hardware Abstraction Layer] => C:\Windows\KHALMNPR.EXE [242192 2008-02-29] (Logicool, Inc.)
HKLM-x32\...\Run: [AVMWlanClient] => C:\Program Files (x86)\avmwlanstick\wlangui.exe [2105344 2010-10-22] (AVM Berlin)
HKLM-x32\...\Run: [FreePDF Assistant] => C:\Program Files (x86)\FreePDF_XP\fpassist.exe [370176 2010-06-17] (shbox.de)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959176 2014-08-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [EKIJ5000StatusMonitor] => C:\Windows\System32\spool\drivers\x64\3\EKIJ5000MUI.exe
HKU\S-1-5-21-1148584671-988621172-509042803-1000\...\RunOnce: [FlashPlayerUpdate] => C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_15_0_0_152_Plugin.exe [854192 2014-10-03] (Adobe Systems Incorporated)
Startup: C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\FRITZ!DSL Internet.lnk
ShortcutTarget: FRITZ!DSL Internet.lnk -> C:\Program Files (x86)\FRITZ!DSL\FritzDsl.exe (AVM Berlin)
Startup: C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\FRITZ!DSL Startcenter.lnk
ShortcutTarget: FRITZ!DSL Startcenter.lnk -> C:\Program Files (x86)\FRITZ!DSL\StCenter.exe (AVM Berlin)
Startup: C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk
ShortcutTarget: OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk -> C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

ProxyEnable: Internet Explorer proxy is enabled.
ProxyServer: http=127.0.0.1:9986
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.de/
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:newtab
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-1148584671-988621172-509042803-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
SearchScopes: HKCU - {09038620-190C-402B-A92F-18864E6AB22F} URL = http://go.1und1.de/suchbox/1und1suche?su={searchTerms}
SearchScopes: HKCU - {0FB3AFB5-96B1-4E17-903E-84DCA71AC24D} URL = 
SearchScopes: HKCU - {5A817CF6-92D5-4DE5-AC38-82DF8A73EF28} URL = http://go.gmx.net/br/ie9_search_web/?su={searchTerms}
SearchScopes: HKCU - {6B1D1FB7-7233-4F7C-802C-21A1DDB12754} URL = http://go.web.de/br/ie9_search_web/?su={searchTerms}
SearchScopes: HKCU - {81CE708B-5104-4C62-B333-94B417473B29} URL = http://go.mail.com/br/ie9_search_web/?su={searchTerms}
BHO-x32: 1und1 Konfiguration -> {17166733-40EA-4432-A85C-AE672FF0E236} -> C:\ProgramData\1und1InternetExplorerAddon\BHOXML.dll (1&1 Mail & Media GmbH)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\ssv.dll (Oracle Corporation)
BHO-x32: 1&&1 Internet AG Browser Configuration by mquadr.at -> {D48FF4B4-E68F-47D1-8E25-81A0F0EEB341} -> C:\Windows\SysWow64\ieconfig_1und1.dll (mquadr.at software engineering und consulting GmbH)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
DPF: HKLM-x32 {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.microsoft.com/sites/production/ieawsdc32.cab
DPF: HKLM-x32 {25C29129-E95F-4564-BFE3-000000007100} http://www.123webseite.de/builder/pages/KvikVideo-7-1-0-0.CAB
DPF: HKLM-x32 {6A060448-60F9-11D5-A6CD-0002B31F7455} 
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: HKLM-x32 {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1

FireFox:
========
FF ProfilePath: C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4u8qrjmu.default-1414266222116
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_152.dll ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_152.dll ()
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF Plugin-x32: @java.com/DTPlugin,version=10.5.1 -> C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeLive,version=1.5 -> C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin-x32: @rocketlife.com/RocketLife Secure Plug-In Layer;version=1.0.5 -> C:\ProgramData\Visan\plugins\npRLSecurePluginLayer.dll (RocketLife, LLP)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.8 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @talk.google.com/GoogleTalkPlugin -> C:\Users\Admin\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF Plugin HKCU: @talk.google.com/O1DPlugin -> C:\Users\Admin\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google)
FF Plugin HKCU: @tools.google.com/Google Update;version=3 -> C:\Users\Admin\AppData\Local\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=9 -> C:\Users\Admin\AppData\Local\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin ProgramFiles/Appdata: C:\Users\Admin\AppData\Roaming\mozilla\plugins\npgoogletalk.dll (Google)
FF Plugin ProgramFiles/Appdata: C:\Users\Admin\AppData\Roaming\mozilla\plugins\npo1d.dll (Google)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: Adblock Edge - C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4u8qrjmu.default-1414266222116\Extensions\{fe272bd1-5f76-4ea4-8501-a05d35d823fc}.xpi [2014-10-26]
FF HKCU\...\Firefox\Extensions: [{b5ad6039-a173-4149-9dcf-d04371526253}] - C:\Program Files (x86)\Lyrics_Monkey\131.xpi
FF HKCU\...\Firefox\Extensions: [{354dbb0a-71d5-4e9f-9c02-6c88b9d387ba}] - C:\ProgramData\SExtension\SExtension\{354dbb0a-71d5-4e9f-9c02-6c88b9d387ba}

Chrome: 
=======
CHR Profile: C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Präsentationen) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2014-11-02]
CHR Extension: (Google Docs) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-11-02]
CHR Extension: (Google Drive) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-11-02]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-11-02]
CHR Extension: (YouTube) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-11-02]
CHR Extension: (Web Search) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\canneacfbhohinchadcbleedjidnpejc [2014-11-02]
CHR Extension: (Super Tab Homepage) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\cchedanbhebbgjmnhcpmpcniijnfbdha [2014-11-02]
CHR Extension: (Google-Suche) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-11-02]
CHR Extension: (Google Tabellen) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2014-11-02]
CHR Extension: (Super Tab) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\mmmdbehjiieocihhncnaggngbccgdcpo [2014-11-02]
CHR Extension: (Google Wallet) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-11-02]
CHR Extension: (Google Mail) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-11-02]
CHR HKLM-x32\...\Chrome\Extension: [aaaaihhnfnbnpbhpagnmoplpcjbediml] - C:\Users\Admin\AppData\Local\imeshmusicboxtoolbar\GC\toolbar.crx []
CHR HKLM-x32\...\Chrome\Extension: [kmmjjcoppdcpcdlonfflbdabbkhnnogm] - C:\Program Files (x86)\Search Results Toolbar\Datamngr\chromeExtension.crx []

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AVM IGD CTRL Service; C:\Program Files (x86)\FRITZ!DSL\IGDCTRL.EXE [81920 2005-11-21] (AVM Berlin) [File not signed]
R2 AVM WLAN Connection Service; C:\Program Files (x86)\avmwlanstick\WlanNetService.exe [376832 2010-10-22] (AVM Berlin) [File not signed]
S3 de_serv; C:\Program Files (x86)\Common Files\AVM\de_serv.exe [315392 2005-11-21] (AVM Berlin) [File not signed]
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23784 2014-08-22] (Microsoft Corporation)
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [368624 2014-08-22] (Microsoft Corporation)
R2 VIAKaraokeService; C:\Windows\system32\viakaraokesrv.exe [27760 2011-06-14] (VIA Technologies, Inc.)
S2 Kodak AiO Status Monitor Service; "C:\Program Files (x86)\Kodak\AiO\StatusMonitor\EKPrinterSDK.exe" [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S3 avmeject; C:\Windows\System32\drivers\avmeject.sys [14120 2010-10-22] (AVM Berlin)
S3 FWLANUSB; C:\Windows\System32\DRIVERS\fwlanusb.sys [460800 2010-10-22] (AVM GmbH)
S3 LHidFilt; C:\Windows\System32\DRIVERS\LHidFilt.Sys [54800 2008-02-29] (Logicool, Inc.)
S3 LMouFilt; C:\Windows\System32\DRIVERS\LMouFilt.Sys [57360 2008-02-29] (Logicool, Inc.)
S3 LUsbFilt; C:\Windows\System32\Drivers\LUsbFilt.Sys [41488 2008-02-29] (Logicool, Inc.)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [269008 2014-07-17] (Microsoft Corporation)
R3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [15416 2009-07-16] ()
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [125584 2014-07-17] (Microsoft Corporation)
U5 VWiFiFlt; C:\Windows\System32\Drivers\VWiFiFlt.sys [59904 2009-07-14] (Microsoft Corporation)
S1 avbdsgdp; \??\C:\Windows\system32\drivers\avbdsgdp.sys [X]
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 esgiguard; \??\C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-11-02 19:44 - 2014-11-02 19:44 - 00002261 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-11-02 19:44 - 2014-11-02 19:44 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2014-11-02 19:40 - 2014-11-02 19:46 - 00001108 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-11-02 19:40 - 2014-11-02 19:45 - 00001104 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-11-02 19:40 - 2014-11-02 19:40 - 00880272 _____ (Google Inc.) C:\Users\Admin\Downloads\ChromeSetup.exe
2014-11-02 19:40 - 2014-11-02 19:40 - 00003852 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-10-30 11:15 - 2014-11-02 19:53 - 00000000 ____D () C:\Users\Admin\Desktop\FRST-OlderVersion
2014-10-30 10:38 - 2014-10-30 10:39 - 00854448 _____ () C:\Users\Admin\Desktop\SecurityCheck.exe
2014-10-29 12:00 - 2014-10-29 12:00 - 02347384 _____ (ESET) C:\Users\Admin\Downloads\esetsmartinstaller_deu(1).exe
2014-10-28 15:05 - 2014-10-28 15:05 - 00000000 ____D () C:\Users\Admin\Downloads\tweaking.com_windows_repair_aio
2014-10-28 15:04 - 2014-10-28 15:05 - 07864386 _____ () C:\Users\Admin\Downloads\tweaking.com_windows_repair_aio.zip
2014-10-28 13:36 - 2014-10-28 13:36 - 00000770 _____ () C:\Users\Admin\Desktop\JRT.txt
2014-10-28 13:33 - 2014-10-28 13:33 - 00000000 ____D () C:\Users\Admin\AppData\Local\CheckCode
2014-10-28 13:20 - 2014-10-28 13:21 - 01706144 _____ (Thisisu) C:\Users\Admin\Desktop\JRT.exe
2014-10-28 13:17 - 2014-10-28 13:17 - 01998336 _____ () C:\Users\Admin\Desktop\AdwCleaner_4.002.exe
2014-10-28 10:22 - 2014-10-28 10:31 - 00001164 _____ () C:\Users\Admin\Desktop\SystemLook.txt
2014-10-28 10:20 - 2014-10-28 10:20 - 00165376 _____ () C:\Users\Admin\Desktop\SystemLook_x64.exe
2014-10-27 21:47 - 2014-10-27 21:48 - 00003234 _____ () C:\Windows\System32\Tasks\SidebarExecute
2014-10-27 21:32 - 2014-10-27 21:34 - 00000000 ____D () C:\Program Files (x86)\SpywareBlaster
2014-10-27 21:32 - 2014-10-27 21:32 - 00001093 _____ () C:\Users\Public\Desktop\SpywareBlaster.lnk
2014-10-27 21:32 - 2014-10-27 21:32 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SpywareBlaster
2014-10-27 21:32 - 2014-10-27 21:32 - 00000000 ____D () C:\ProgramData\Licenses
2014-10-27 21:23 - 2014-10-27 21:25 - 04095448 _____ (BrightFort LLC ) C:\Users\Admin\Downloads\spywareblastersetup50.exe
2014-10-27 17:51 - 2014-10-27 17:51 - 00029549 _____ () C:\ComboFix.txt
2014-10-27 17:29 - 2011-06-26 07:45 - 00256000 _____ () C:\Windows\PEV.exe
2014-10-27 17:29 - 2010-11-07 18:20 - 00208896 _____ () C:\Windows\MBR.exe
2014-10-27 17:29 - 2009-04-20 05:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2014-10-27 17:29 - 2000-08-31 01:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2014-10-27 17:29 - 2000-08-31 01:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2014-10-27 17:29 - 2000-08-31 01:00 - 00098816 _____ () C:\Windows\sed.exe
2014-10-27 17:29 - 2000-08-31 01:00 - 00080412 _____ () C:\Windows\grep.exe
2014-10-27 17:29 - 2000-08-31 01:00 - 00068096 _____ () C:\Windows\zip.exe
2014-10-27 17:28 - 2014-10-27 17:51 - 00000000 ____D () C:\Qoobox
2014-10-27 17:27 - 2014-10-27 17:49 - 00000000 ____D () C:\Windows\erdnt
2014-10-27 16:50 - 2012-05-04 18:29 - 00772504 _____ (Oracle Corporation) C:\Windows\SysWOW64\npDeployJava1.dll
2014-10-27 16:30 - 2014-10-27 16:30 - 05591695 ____R (Swearware) C:\Users\Admin\Desktop\ComboFix.exe
2014-10-27 10:11 - 2012-05-04 18:29 - 00687504 _____ (Oracle Corporation) C:\Windows\SysWOW64\deployJava1.dll
2014-10-27 10:08 - 2014-10-27 10:08 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2014-10-26 18:35 - 2014-10-25 09:51 - 00008957 _____ () C:\Windows\system32\Drivers\etc\hosts - vir
2014-10-26 18:27 - 2014-10-26 18:30 - 00005136 _____ () C:\Users\Admin\Desktop\Rkill.txt
2014-10-26 18:27 - 2014-10-26 18:27 - 01944824 _____ (Bleeping Computer, LLC) C:\Users\Admin\Desktop\rkill.exe
2014-10-26 18:16 - 2014-10-26 18:16 - 00001796 _____ () C:\sc-cleaner.txt
2014-10-26 18:14 - 2014-10-26 18:14 - 00441592 _____ (Bleeping Computer, LLC) C:\Users\Admin\Desktop\sc-cleaner.exe
2014-10-26 17:06 - 2014-10-26 17:06 - 00000004 _____ () C:\Users\Admin\AppData\Roaming\appdataFr2.bin
2014-10-26 10:38 - 2014-10-26 10:38 - 02347384 _____ (ESET) C:\Users\Admin\Downloads\esetsmartinstaller_deu.exe
2014-10-26 10:38 - 2014-10-26 10:38 - 00000000 ____D () C:\Program Files (x86)\ESET
2014-10-25 23:08 - 2014-10-25 23:08 - 00000000 ____D () C:\Program Files (x86)\Tweaking.com - Windows Repair
2014-10-25 21:54 - 2014-11-02 18:21 - 00001288 _____ () C:\Windows\setupact.log
2014-10-25 21:54 - 2014-10-25 21:54 - 00000000 _____ () C:\Windows\setuperr.log
2014-10-25 21:53 - 2014-10-28 13:29 - 00206268 _____ () C:\Windows\PFRO.log
2014-10-25 20:48 - 2014-10-27 09:54 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-10-25 16:57 - 2014-10-27 10:21 - 00000000 ____D () C:\Windows\pss
2014-10-25 15:52 - 2014-10-25 15:52 - 00000000 ____D () C:\Windows\ERUNT
2014-10-25 14:03 - 2014-10-07 03:54 - 00378552 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-10-25 14:03 - 2014-10-07 03:04 - 00331448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-10-25 14:03 - 2014-09-25 23:46 - 00365056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-10-25 14:03 - 2014-09-25 23:46 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-10-25 14:03 - 2014-09-25 23:32 - 02017280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-10-25 14:03 - 2014-09-19 02:56 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-10-25 14:03 - 2014-09-19 02:55 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-10-25 14:03 - 2014-09-19 02:44 - 17484800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-10-25 14:03 - 2014-09-19 02:39 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-10-25 14:03 - 2014-09-19 02:30 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-10-25 14:03 - 2014-09-19 02:25 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-10-25 14:03 - 2014-09-19 02:14 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-10-25 14:03 - 2014-09-19 02:06 - 00072704 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-10-25 14:03 - 2014-09-19 02:01 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-10-25 14:03 - 2014-09-19 02:01 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-10-25 14:03 - 2014-09-19 01:55 - 02187264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-10-25 14:03 - 2014-09-19 01:54 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-10-25 14:03 - 2014-09-19 01:53 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-10-25 14:03 - 2014-09-19 01:49 - 00597504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-10-25 14:03 - 2014-09-19 01:42 - 00710656 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-10-25 14:03 - 2014-09-19 01:20 - 00607744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-10-25 14:03 - 2014-09-19 01:14 - 01447936 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-10-25 14:03 - 2014-09-19 00:53 - 01190400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-10-25 14:02 - 2014-09-29 01:58 - 03198976 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-10-25 14:02 - 2014-09-25 23:50 - 13619200 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-10-25 14:02 - 2014-09-25 23:46 - 00243200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-10-25 14:02 - 2014-09-25 23:43 - 11807232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-10-25 14:02 - 2014-09-25 23:31 - 02108416 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-10-25 14:02 - 2014-09-19 03:25 - 23631360 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-10-25 14:02 - 2014-09-19 02:41 - 02796032 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-10-25 14:02 - 2014-09-19 02:40 - 00547328 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-10-25 14:02 - 2014-09-19 02:40 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-10-25 14:02 - 2014-09-19 02:38 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-10-25 14:02 - 2014-09-19 02:36 - 05829632 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-10-25 14:02 - 2014-09-19 02:31 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-10-25 14:02 - 2014-09-19 02:27 - 00595968 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-10-25 14:02 - 2014-09-19 02:26 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-10-25 14:02 - 2014-09-19 02:25 - 04201472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-10-25 14:02 - 2014-09-19 02:25 - 00758272 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-10-25 14:02 - 2014-09-19 02:18 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-10-25 14:02 - 2014-09-19 02:14 - 00446464 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-10-25 14:02 - 2014-09-19 02:02 - 00454656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-10-25 14:02 - 2014-09-19 02:01 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-10-25 14:02 - 2014-09-19 02:00 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-10-25 14:02 - 2014-09-19 01:59 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-10-25 14:02 - 2014-09-19 01:58 - 00289280 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-10-25 14:02 - 2014-09-19 01:51 - 00440320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-10-25 14:02 - 2014-09-19 01:50 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-10-25 14:02 - 2014-09-19 01:42 - 00731136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-10-25 14:02 - 2014-09-19 01:40 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-10-25 14:02 - 2014-09-19 01:36 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-10-25 14:02 - 2014-09-19 01:33 - 02309632 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-10-25 14:02 - 2014-09-19 01:32 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-10-25 14:02 - 2014-09-19 01:18 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-10-25 14:02 - 2014-09-19 00:59 - 01810944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-10-25 14:02 - 2014-09-19 00:59 - 00775168 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-10-25 14:02 - 2014-09-19 00:52 - 00678400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-10-25 14:02 - 2014-06-18 23:23 - 01943696 _____ (Microsoft Corporation) C:\Windows\system32\dfshim.dll
2014-10-25 14:02 - 2014-06-18 23:23 - 01131664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dfshim.dll
2014-10-25 14:02 - 2014-06-18 23:23 - 00156824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mscorier.dll
2014-10-25 14:02 - 2014-06-18 23:23 - 00156312 _____ (Microsoft Corporation) C:\Windows\system32\mscorier.dll
2014-10-25 14:02 - 2014-06-18 23:23 - 00081560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mscories.dll
2014-10-25 14:02 - 2014-06-18 23:23 - 00073880 _____ (Microsoft Corporation) C:\Windows\system32\mscories.dll
2014-10-25 14:01 - 2014-10-10 03:05 - 00507392 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-10-25 14:01 - 2014-10-10 03:05 - 00276480 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2014-10-25 14:01 - 2014-10-10 03:00 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-10-25 14:01 - 2014-07-09 03:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDYAK.DLL
2014-10-25 14:01 - 2014-07-09 03:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDTAT.DLL
2014-10-25 14:01 - 2014-07-09 03:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDRU1.DLL
2014-10-25 14:01 - 2014-07-09 03:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDBASH.DLL
2014-10-25 14:01 - 2014-07-09 03:03 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\KBDRU.DLL
2014-10-25 14:01 - 2014-07-09 02:31 - 00007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDYAK.DLL
2014-10-25 14:01 - 2014-07-09 02:31 - 00007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDTAT.DLL
2014-10-25 14:01 - 2014-07-09 02:31 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDRU1.DLL
2014-10-25 14:01 - 2014-07-09 02:31 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDRU.DLL
2014-10-25 14:01 - 2014-07-09 02:31 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDBASH.DLL
2014-10-25 14:01 - 2014-07-08 23:38 - 00419992 _____ () C:\Windows\system32\locale.nls
2014-10-25 14:01 - 2014-07-08 23:30 - 00419992 _____ () C:\Windows\SysWOW64\locale.nls
2014-10-25 13:56 - 2014-09-25 03:08 - 00371712 _____ (Microsoft Corporation) C:\Windows\system32\qdvd.dll
2014-10-25 13:56 - 2014-09-25 02:40 - 00519680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qdvd.dll
2014-10-25 13:49 - 2014-09-18 03:00 - 03241472 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2014-10-25 13:49 - 2014-09-18 02:32 - 02363904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2014-10-25 13:48 - 2014-08-29 03:07 - 05780480 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2014-10-25 13:48 - 2014-08-29 03:07 - 03179520 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll
2014-10-25 13:48 - 2014-08-29 03:07 - 00322560 _____ (Microsoft Corporation) C:\Windows\system32\aaclient.dll
2014-10-25 13:48 - 2014-08-29 03:07 - 00044032 _____ (Microsoft Corporation) C:\Windows\system32\tsgqec.dll
2014-10-25 13:48 - 2014-08-29 03:06 - 01125888 _____ (Microsoft Corporation) C:\Windows\system32\mstsc.exe
2014-10-25 13:48 - 2014-08-29 02:44 - 04922368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
2014-10-25 13:48 - 2014-08-29 02:44 - 01050112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstsc.exe
2014-10-25 13:48 - 2014-08-29 02:44 - 00269312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\aaclient.dll
2014-10-25 13:48 - 2014-08-29 02:44 - 00037376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tsgqec.dll
2014-10-25 13:45 - 2014-09-04 06:23 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\rastls.dll
2014-10-25 13:45 - 2014-09-04 06:04 - 00372736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rastls.dll
2014-10-25 13:45 - 2014-07-17 03:07 - 00681984 _____ (Microsoft Corporation) C:\Windows\system32\termsrv.dll
2014-10-25 13:45 - 2014-07-17 03:07 - 00455168 _____ (Microsoft Corporation) C:\Windows\system32\winlogon.exe
2014-10-25 13:45 - 2014-07-17 03:07 - 00235520 _____ (Microsoft Corporation) C:\Windows\system32\winsta.dll
2014-10-25 13:45 - 2014-07-17 03:07 - 00150528 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorekmts.dll
2014-10-25 13:45 - 2014-07-17 03:07 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2014-10-25 13:45 - 2014-07-17 03:07 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2014-10-25 13:45 - 2014-07-17 02:40 - 00157696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winsta.dll
2014-10-25 13:45 - 2014-07-17 02:39 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2014-10-25 13:45 - 2014-07-17 02:39 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2014-10-25 13:45 - 2014-07-17 02:21 - 00212480 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdpwd.sys
2014-10-25 13:45 - 2014-07-17 02:21 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tssecsrv.sys
2014-10-25 13:42 - 2014-09-13 02:58 - 00077312 _____ (Microsoft Corporation) C:\Windows\system32\packager.dll
2014-10-25 13:42 - 2014-09-13 02:40 - 00067072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\packager.dll
2014-10-25 13:07 - 2014-10-28 12:47 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-10-25 13:07 - 2014-10-25 13:07 - 00001116 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-10-25 13:07 - 2014-10-25 13:07 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2014-10-25 13:07 - 2014-10-25 13:07 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-10-25 13:07 - 2014-10-25 13:07 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2014-10-25 13:07 - 2014-10-01 10:11 - 00093400 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-10-25 13:07 - 2014-10-01 10:11 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-10-25 13:07 - 2014-10-01 10:11 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-10-25 12:39 - 2014-10-25 12:39 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\Admin\Downloads\revosetup.exe
2014-10-25 12:39 - 2014-10-25 12:39 - 00001224 _____ () C:\Users\Admin\Desktop\Revo Uninstaller.lnk
2014-10-25 12:39 - 2014-10-25 12:39 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group
2014-10-25 12:01 - 2014-10-25 12:01 - 00002772 _____ () C:\Windows\System32\Tasks\CCleanerSkipUAC
2014-10-25 11:42 - 2014-10-28 13:28 - 00000000 ____D () C:\AdwCleaner
2014-10-25 11:39 - 2014-10-26 20:52 - 00035083 _____ () C:\Users\Admin\Desktop\Addition.txt
2014-10-25 11:37 - 2014-11-02 19:54 - 00015470 _____ () C:\Users\Admin\Desktop\FRST.txt
2014-10-25 11:37 - 2014-11-02 19:54 - 00000000 ____D () C:\FRST
2014-10-25 11:07 - 2014-11-02 19:53 - 02114560 _____ (Farbar) C:\Users\Admin\Desktop\FRST64.exe
2014-10-25 11:06 - 2014-10-25 11:07 - 19828376 _____ (Malwarebytes Corporation ) C:\Users\Admin\Downloads\mbam-setup-2.0.3.1025.exe
2014-10-25 11:05 - 2014-10-25 11:05 - 00709564 _____ () C:\Users\Admin\Desktop\delfix_10.8.exe
2014-10-25 11:03 - 2014-10-25 11:03 - 00448512 _____ (OldTimer Tools) C:\Users\Admin\Desktop\TFC.exe
2014-10-25 10:49 - 2014-11-02 19:54 - 00000000 ____D () C:\Users\Admin\Desktop\Wartung
2014-10-25 10:46 - 2014-10-25 10:46 - 00000822 _____ () C:\Users\Public\Desktop\CCleaner.lnk
2014-10-25 10:46 - 2014-10-25 10:46 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2014-10-25 10:46 - 2014-10-25 10:46 - 00000000 ____D () C:\Program Files\CCleaner
2014-10-25 10:45 - 2014-10-25 10:46 - 04974864 _____ (Piriform Ltd) C:\Users\Admin\Downloads\ccsetup419.exe
2014-10-18 16:09 - 2014-10-18 16:09 - 00000000 ____D () C:\found.000
2014-10-17 22:21 - 2014-10-17 22:21 - 00000000 ___HD () C:\Users\Admin\AppData\Roaming\GoldenGate
2014-10-17 22:18 - 2014-10-17 22:18 - 00000171 _____ () C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Play Games Online.url
2014-10-17 22:17 - 2014-10-17 22:17 - 00001771 _____ () C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Gameo.lnk
2014-10-17 17:06 - 2014-10-17 17:06 - 00000000 ____D () C:\Users\Admin\{01662059-3E

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-11-02 19:51 - 2011-06-24 17:20 - 00003930 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{C6295D87-0223-4913-87E0-549DC15EB489}
2014-11-02 19:45 - 2011-09-13 20:56 - 00000338 _____ () C:\Windows\Tasks\HP Photo Creations Communicator.job
2014-11-02 19:43 - 2011-06-24 15:07 - 00000000 ____D () C:\Program Files (x86)\Google
2014-11-02 19:40 - 2011-06-24 15:07 - 00004104 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-11-02 19:36 - 2012-03-31 07:17 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-11-02 19:30 - 2011-06-24 15:07 - 00000000 ____D () C:\Users\Admin\AppData\Local\Google
2014-11-02 19:06 - 2011-06-24 18:30 - 00001120 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1148584671-988621172-509042803-1000UA.job
2014-11-02 18:58 - 2011-06-20 23:49 - 01316555 _____ () C:\Windows\WindowsUpdate.log
2014-11-02 18:29 - 2009-07-14 05:45 - 00031680 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-11-02 18:29 - 2009-07-14 05:45 - 00031680 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-11-02 18:26 - 2010-11-21 07:50 - 00702598 _____ () C:\Windows\system32\perfh007.dat
2014-11-02 18:26 - 2010-11-21 07:50 - 00151390 _____ () C:\Windows\system32\perfc007.dat
2014-11-02 18:26 - 2009-07-14 06:13 - 01630758 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-11-02 18:21 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-10-30 12:25 - 2010-11-21 04:27 - 00275080 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2014-10-28 22:05 - 2011-06-24 18:30 - 00001068 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1148584671-988621172-509042803-1000Core.job
2014-10-28 13:12 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\SchCache
2014-10-28 10:48 - 2009-07-14 04:20 - 00000000 ___HD () C:\Windows\system32\GroupPolicy
2014-10-28 10:07 - 2011-11-01 19:52 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\Mozilla
2014-10-27 22:11 - 2013-05-08 19:39 - 00000000 ____D () C:\ProgramData\TEMP
2014-10-27 17:51 - 2009-07-14 04:20 - 00000000 __RHD () C:\Users\Default
2014-10-27 17:47 - 2009-07-14 03:34 - 00000215 _____ () C:\Windows\system.ini
2014-10-27 17:47 - 2009-07-14 03:34 - 00000027 _____ () C:\Windows\system32\Drivers\etc\HOSTS.MVP
2014-10-27 10:14 - 2013-11-09 10:03 - 00000000 ____D () C:\ProgramData\Oracle
2014-10-27 10:11 - 2011-06-25 18:05 - 00000000 ____D () C:\Program Files (x86)\Java
2014-10-27 10:08 - 2013-11-09 10:01 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-10-27 10:07 - 2014-05-23 18:10 - 00272296 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2014-10-27 10:07 - 2012-11-10 16:12 - 00176552 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2014-10-27 10:07 - 2012-11-10 16:12 - 00176552 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2014-10-26 22:00 - 2011-06-24 18:30 - 00004090 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1148584671-988621172-509042803-1000UA
2014-10-26 22:00 - 2011-06-24 18:30 - 00003694 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1148584671-988621172-509042803-1000Core
2014-10-26 21:58 - 2014-05-22 11:41 - 00000008 __RSH () C:\ProgramData\ntuser.pol
2014-10-26 21:58 - 2013-12-11 12:23 - 00000008 __RSH () C:\Users\Admin\ntuser.pol
2014-10-26 21:58 - 2011-06-20 18:00 - 00000000 ____D () C:\Users\Admin
2014-10-26 16:16 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\rescache
2014-10-26 12:35 - 2012-01-11 22:37 - 00000000 ____D () C:\Users\Admin\AppData\Local\Microsoft Games
2014-10-26 10:15 - 2009-07-14 04:20 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories
2014-10-26 10:13 - 2009-07-14 05:45 - 00407104 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-10-26 10:10 - 2014-05-06 21:16 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-10-26 01:10 - 2011-06-24 16:07 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-10-26 01:05 - 2013-08-15 23:54 - 00000000 ____D () C:\Windows\system32\MRT
2014-10-26 00:58 - 2011-06-21 12:42 - 103265616 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-10-25 21:53 - 2014-01-22 18:04 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-10-25 21:53 - 2009-07-14 06:32 - 00000000 ____D () C:\Windows\Performance
2014-10-25 17:07 - 2011-06-29 16:23 - 00000000 ____D () C:\Users\Admin\AppData\Temp
2014-10-25 16:53 - 2012-02-13 23:08 - 00000000 ____D () C:\Windows\Minidump
2014-10-25 15:33 - 2014-05-03 09:25 - 00000000 ____D () C:\temp
2014-10-25 14:36 - 2014-07-26 15:15 - 00000000 ____D () C:\Users\Admin\AppData\Local\FunctionLogPath
2014-10-25 12:42 - 2014-05-03 23:54 - 00000000 ____D () C:\ProgramData\2b58a7cbef08f6a2
2014-10-21 23:52 - 2010-11-21 08:01 - 00000000 ____D () C:\Program Files\Windows Journal
2014-10-21 23:42 - 2014-07-10 08:14 - 00000000 ____D () C:\Users\Admin\AppData\Local\WPFBChanger
2014-10-21 23:42 - 2014-06-05 05:13 - 00000000 ____D () C:\Users\Admin\AppData\Local\f2dd4267ec6c7612b89b6123980a1fab
2014-10-21 23:42 - 2011-07-25 14:08 - 00000000 ____D () C:\Users\Admin\AppData\Local\Eastman_Kodak_Company
2014-10-21 23:42 - 2011-06-26 04:17 - 00000000 ____D () C:\Users\Admin\AppData\Local\IM
2014-10-21 23:42 - 2011-06-24 13:27 - 00000000 ____D () C:\Users\Admin\AVM_Driver
2014-10-21 23:42 - 2009-07-14 04:20 - 00000000 ____D () C:\Program Files\Common Files\Microsoft Shared
2014-10-21 23:41 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\registration
2014-10-21 23:40 - 2012-01-08 23:47 - 00000000 ____D () C:\Users\Admin\AppData\Local\Greyfirst
2014-10-21 23:39 - 2014-05-03 23:53 - 00000000 ____D () C:\Users\Admin\AppData\Local\Comodo
2014-10-20 18:23 - 2013-12-19 00:26 - 00000193 _____ () C:\Users\Admin\AppData\Roaming\WB.CFG
2014-10-20 17:55 - 2009-07-14 04:20 - 00000000 __RHD () C:\Users\Public\Libraries
2014-10-20 17:04 - 2011-11-08 17:10 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\FRITZ!
2014-10-20 15:22 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\system32\NDF
2014-10-18 19:35 - 2011-11-12 14:10 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\vlc
2014-10-03 15:51 - 2012-03-31 07:17 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-10-03 15:42 - 2012-03-31 07:17 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-10-03 15:42 - 2011-06-21 17:25 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-10-03 15:40 - 2014-09-28 07:38 - 17903792 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe

Files to move or delete:
====================
C:\Users\Admin\photobooksmjpb2pah~1311301458036-5ec56f16-2b51-4723-bc50-88d0d8f055d7.js
C:\Users\Admin\photocardspah~1318247042883-e61ee557-bf45-42de-aea5-909a0eba5893.js
C:\Users\Admin\ShowScript.js


Some content of TEMP:
====================
C:\Users\Admin\AppData\Local\Temp\Quarantine.exe
C:\Users\Admin\AppData\Local\Temp\sqlite3.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-10-26 16:07

==================== End Of Log ============================
--- --- ---
Antwort

Themen zu Win 7 (64): Links im Browser unterstrichen; eDeals, SlamDunk Savings u.v.m.
allsaveer entfernen, anyprotect entfernen, blockandsurf entfernen, bonanza deals entfernen, ccsetup, cheapmme entfernen, convertad entfernen, coupon downloader entfernen, dealply entfernen, defaulttab entfernen, deisscounttexxtensi entfernen, delta chrome toolbar entfernen, delta toolbar entfernen, desk 365 entfernen, dmuninstaller entfernen, doko toolbar entfernen, edealspop, fastagain pc booster entfernen, file extractor entfernen, filesfrog update checker entfernen, flvplayer entfernen, foxtab entfernen, freesofttoday 014.89 entfernen, hosts-datei, lightning, lookthisup, pup.optional.superfish.a, siehe titel, slamdunk, trojan.antisniff, wscript.exe


« Advance Elite Ads (Werbefenster) und neue Reiter öffnen sich ständig | Problem: Win8..TR/Patched.Ren.Gen..und..TR/Patched.Ren.Gen2 »


Ähnliche Themen: Win 7 (64): Links im Browser unterstrichen; eDeals, SlamDunk Savings u.v.m.


  1. Wörter im Internet werden zu Links (blau unterstrichen und mit grünen Pfeilen versehen)
    Plagegeister aller Art und deren Bekämpfung - 18.08.2015 (12)
  2. eDeals Werbeeinblendungen, dubiose Links und PopUp-Werbung
    Log-Analyse und Auswertung - 19.01.2015 (15)
  3. Fenster öffnen sich und wörter werden blau unterstrichen (links)
    Plagegeister aller Art und deren Bekämpfung - 31.12.2014 (13)
  4. Lästige Links von eDeals
    Plagegeister aller Art und deren Bekämpfung - 24.10.2014 (38)
  5. Werbung im Browser, Wörter doppelt blau unterstrichen
    Plagegeister aller Art und deren Bekämpfung - 22.09.2014 (5)
  6. Links von edeals im Internetexplorer und Firefox
    Plagegeister aller Art und deren Bekämpfung - 15.09.2014 (5)
  7. Permanente Werbefenster und links sind doppelt unterstrichen was tun?
    Plagegeister aller Art und deren Bekämpfung - 06.09.2014 (16)
  8. Spamwerbefenster und farbige Wörter die unterstrichen sind und funktionsstörungen im Browser
    Diskussionsforum - 03.07.2014 (1)
  9. Virus. Werbungim Browser. Unterstrichen Wörter die auf Werbeseite weiterleiten
    Plagegeister aller Art und deren Bekämpfung - 28.06.2014 (14)
  10. Wörter werden plötzlich zu links, sind grün und doppelt unterstrichen
    Plagegeister aller Art und deren Bekämpfung - 17.01.2014 (9)
  11. Wörter erscheinen im Browser Grün und doppelt unterstrichen
    Log-Analyse und Auswertung - 30.12.2013 (9)
  12. Windows 7, 64bit - Virus eingefangen; Seiten-interne Links sind grün und doppelt unterstrichen; Pop-ups gehen auf, etc.
    Plagegeister aller Art und deren Bekämpfung - 17.12.2013 (9)
  13. SlamDunk Savings entfernen
    Anleitungen, FAQs & Links - 11.11.2013 (2)
  14. Links auf Websites - grün und doppelt unterstrichen - Werbung
    Alles rund um Windows - 29.07.2013 (1)
  15. Instant Savings im Browser (bei FB, ebay ...)
    Plagegeister aller Art und deren Bekämpfung - 28.07.2013 (19)
  16. Unerwünschte Werbe-Links zu de.clickcompare.info über Programm Giant Savings Extension
    Log-Analyse und Auswertung - 15.02.2013 (43)
  17. Savings Sidekick und ungewollte Links
    Plagegeister aller Art und deren Bekämpfung - 05.12.2012 (13)
Anleitungen und Tipps

- Für alle Hilfesuchenden! Was beachten?

- Anleitung: MyStartSearch.com entfernen

- Anleitung: WebSearches löschen

- Hilfe: iStartSurf entfernen – so gehts!

- Anleitung: Omiga Plus richtig entfernen

- Browser Viren entfernen


Zum Thema Win 7 (64): Links im Browser unterstrichen; eDeals, SlamDunk Savings u.v.m. - Auf ein Neues ... Code: Alles auswählen Aufklappen ATTFilter Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 02-11-2014 Ran by Admin at 2014-11-02 19:53:38 Run:3 Running - Win 7 (64): Links im Browser unterstrichen; eDeals, SlamDunk Savings u.v.m....
Archiv
Du betrachtest: Win 7 (64): Links im Browser unterstrichen; eDeals, SlamDunk Savings u.v.m. auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132