kgleichauf | 01.05.2014 16:39 | Hi,
vorab danke für die rasche Rückmeldung.
Habe alle Schritte durchgeführt und hier nun die Logs: mbam.txt Code:
Malwarebytes Anti-Malware
www.malwarebytes.org
Suchlauf Datum: 01.05.2014
Suchlauf-Zeit: 17:09:32
Logdatei: mbam.txt
Administrator: Ja
Version: 2.00.1.1004
Malware Datenbank: v2014.05.01.08
Rootkit Datenbank: v2014.03.27.01
Lizenz: Testversion
Malware Schutz: Aktiviert
Bösartiger Webseiten Schutz: Aktiviert
Chameleon: Deaktiviert
Betriebssystem: Windows 8
CPU: x64
Dateisystem: NTFS
Benutzer: Kai
Suchlauf-Art: Bedrohungs-Suchlauf
Ergebnis: Abgeschlossen
Durchsuchte Objekte: 274239
Verstrichene Zeit: 26 Min, 45 Sek
Speicher: Aktiviert
Autostart: Aktiviert
Dateisystem: Aktiviert
Archive: Aktiviert
Rootkits: Aktiviert
Shuriken: Aktiviert
PUP: Aktiviert
PUM: Aktiviert
Prozesse: 0
(No malicious items detected)
Module: 0
(No malicious items detected)
Registrierungsschlüssel: 0
(No malicious items detected)
Registrierungswerte: 0
(No malicious items detected)
Registrierungsdaten: 0
(No malicious items detected)
Ordner: 2
PUP.Optional.OpenCandy, C:\Users\Kai\AppData\Roaming\OPENCANDY, In Quarantäne, [f30d16ea0af6ec14a5fd0363b54dae52],
PUP.Optional.OpenCandy, C:\Users\Kai\AppData\Roaming\OPENCANDY\63D6DF8E28CB4D27A20670039ADF96AD, In Quarantäne, [f30d16ea0af6ec14a5fd0363b54dae52],
Dateien: 5
PUP.Optional.Linkury.A, C:\Users\Kai\AppData\Roaming\OpenCandy\63D6DF8E28CB4D27A20670039ADF96AD\Installer.exe, In Quarantäne, [f20ec0405ea27d8319bbe026e02449b7],
PUP.Optional.Delta.A, C:\Users\Kai\AppData\Local\Temp\is1070216317\DeltaTB.exe, In Quarantäne, [97691ae622de8878c48f9470a061827e],
PUP.Optional.RegCleanerPro, C:\Users\Kai\AppData\Local\Temp\is1070216317\rcpsetup_binstall2_binstall2.exe, In Quarantäne, [a15f10f057a96997a5364fb88f72d729],
PUP.Optional.WebSearch.A, C:\Users\Kai\AppData\Roaming\Mozilla\Firefox\Profiles\it9wu9lc.default\searchplugins\WEB SEARCH.XML, In Quarantäne, [bd431be54bb5a25e1a63443c7b87a858],
PUP.Optional.HelperBar.A, C:\Users\Kai\AppData\Roaming\Mozilla\Firefox\Profiles\it9wu9lc.default\prefs.js, Gut: (), Schlecht: (user_pref("keyword.URL", "hxxp://feed.helperbar.com/?publisher=YahooOC&dpid=YahooOC&co=DE&userid=0cc53e88-8e6b-f3f8-634f-08f0d0c4f5fd&searchtype=ds&fr=linkury-tb&installDate=23/02/2014&type=hp1000&p=");), Ersetzt,[c040ae521de398686acca3bff80cb24e]
Physische Sektoren: 0
(No malicious items detected)
(end) AdwCleaner[S0].txt Code:
# AdwCleaner v3.205 - Bericht erstellt am 01/05/2014 um 17:19:34
# Aktualisiert 28/04/2014 von Xplode
# Betriebssystem : Windows 8 Pro with Media Center (64 bits)
# Benutzername : Kai - KAI
# Gestartet von : C:\Users\Kai\Downloads\Trojaner\adwcleaner.exe
# Option : Löschen
***** [ Dienste ] *****
***** [ Dateien / Ordner ] *****
***** [ Verknüpfungen ] *****
***** [ Registrierungsdatenbank ] *****
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\smartbar_rasapi32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\smartbar_rasmancs
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{35B8892D-C3FB-4D88-990D-31DB2EBD72BD}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{3F607E46-0D3C-4442-B1DE-DE7FA4768F5C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{FE0273D1-99DF-4AC0-87D5-1371C6271785}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{93E3D79C-0786-48FF-9329-93BC9F6DC2B3}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{006EE092-9658-4FD6-BD8E-A21A348E59F5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{006EE092-9658-4FD6-BD8E-A21A348E59F5}
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{AE07101B-46D4-4A98-AF68-0333EA26E113}]
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{3F607E46-0D3C-4442-B1DE-DE7FA4768F5C}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{FE0273D1-99DF-4AC0-87D5-1371C6271785}
Wert Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{AE07101B-46D4-4A98-AF68-0333EA26E113}]
Schlüssel Gelöscht : HKCU\Software\APN PIP
Schlüssel Gelöscht : HKCU\Software\SmartBar
Schlüssel Gelöscht : HKLM\Software\PIP
***** [ Browser ] *****
-\\ Internet Explorer v10.0.9200.16537
-\\ Mozilla Firefox v28.0 (de)
[ Datei : C:\Users\Kai\AppData\Roaming\Mozilla\Firefox\Profiles\it9wu9lc.default\prefs.js ]
Zeile gelöscht : user_pref("browser.search.defaultenginename", "Web Search");
Zeile gelöscht : user_pref("browser.search.selectedEngine", "Web Search");
Zeile gelöscht : user_pref("browser.startup.homepage", "http://www.trojaner-board.de/153307-...oc-co-de.html");
Zeile gelöscht : user_pref("extensions.helperbar.DockingPositionDown", false);
Zeile gelöscht : user_pref("extensions.helperbar.SmartbarDisabled", false);
Zeile gelöscht : user_pref("extensions.helperbar.SmartbarStateMinimaized", false);
Zeile gelöscht : user_pref("extensions.helperbar.Visibility", true);
Zeile gelöscht : user_pref("extensions.helperbar.countryiso", "de");
Zeile gelöscht : user_pref("extensions.helperbar.downloadprovider", "yahoooc");
Zeile gelöscht : user_pref("extensions.helperbar.externalJsFiles", "{\"d\":\"[{\\\"ExcludeDomains\\\":[\\\"snap.do\\\",\\\"snapdo.com\\\"],\\\"hxxpInjection\\\":\\\"hxxp:\\\\\\/\\\\\\/i.linkuryjs.info\\\\\\/kury\\\\\\[...]
Zeile gelöscht : user_pref("extensions.helperbar.installationid", "0cc53e88-8e6b-f3f8-634f-08f0d0c4f5fd");
Zeile gelöscht : user_pref("extensions.helperbar.installdate", "23/02/2014");
Zeile gelöscht : user_pref("extensions.helperbar.lastExternalJsUpdate", "1393185711869");
Zeile gelöscht : user_pref("extensions.helperbar.publisher", "yahoooc");
Zeile gelöscht : user_pref("extensions.helperbar.type", "hp1000");
Zeile gelöscht : user_pref("keyword.URL", "hxxp://feed.helperbar.com/?publisher=YahooOC&dpid=YahooOC&co=DE&userid=0cc53e88-8e6b-f3f8-634f-08f0d0c4f5fd&searchtype=ds&fr=linkury-tb&installDate=23/02/2014&type=hp1000&p="[...]
*************************
AdwCleaner[R0].txt - [4178 octets] - [01/05/2014 17:19:18]
AdwCleaner[S0].txt - [3860 octets] - [01/05/2014 17:19:34]
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [3920 octets] ########## JRT.txt Code:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.3 (03.23.2014:1)
OS: Windows 8 Pro with Media Center x64
Ran by Kai on 01.05.2014 at 17:30:34,45
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~ Services
~~~ Registry Values
~~~ Registry Keys
~~~ Files
~~~ Folders
~~~ FireFox
Emptied folder: C:\Users\Kai\AppData\Roaming\mozilla\firefox\profiles\it9wu9lc.default\minidumps [294 files]
~~~ Event Viewer Logs were cleared
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 01.05.2014 at 17:33:21,98
Computer was rebooted
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ frisches FRST log
FRST Logfile: Code:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 01-05-2014
Ran by Kai (administrator) on KAI on 01-05-2014 17:34:36
Running from C:\Users\Kai\Downloads\Trojaner
Windows 8 Pro with Media Center (X64) OS Language: German Standard
Internet Explorer Version 10
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(Bitdefender) C:\Program Files\Bitdefender\Bitdefender 2013\vsserv.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Creative Technology Ltd) C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
(Sandboxie Holdings, LLC) C:\Program Files\Sandboxie\SbieSvc.exe
(Acronis) C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe
(Acronis) C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Broadcom Corporation.) C:\Windows\System32\BtwRSupportService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
(Intel Corporation) C:\Windows\System32\IPROSetMonitor.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
(Andreas Sammann) C:\Program Files (x86)\C2DtoG15\SystoG15Svc.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
() C:\Program Files (x86)\1&1 Surf-Stick\AssistantServices.exe
(Bitdefender) C:\Program Files\Bitdefender\Bitdefender 2013\updatesrv.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.0.1119.516_x64__8wekyb3d8bbwe\LiveComm.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\tv_w32.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\tv_x64.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Bitdefender) C:\Program Files\Bitdefender\Bitdefender 2013\bdagent.exe
(Logitech Inc.) C:\Program Files\Logitech Gaming Software\LCore.exe
(Logitech Inc.) C:\Program Files\Logitech Gaming Software\Applets\LCDMedia.exe
(Acronis) C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe
(Valve Corporation) C:\Program Files (x86)\Steam\Steam.exe
(Electronic Arts) C:\Program Files (x86)\Origin\Origin.exe
(Sandboxie Holdings, LLC) C:\Program Files\Sandboxie\SbieCtrl.exe
(Microsoft Corporation) C:\Users\Kai\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe
(Aqua Computer GmbH & Co. KG) C:\Program Files (x86)\Aqua Computer\aquasuite\aquasuite.exe
(Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe
(shbox.de) C:\Program Files (x86)\FreePDF_XP\fpassist.exe
(Creative Technology Ltd) C:\Program Files (x86)\Auzentech\X-Fi Forte 7.1\Volume Panel\VolPanlu.exe
(Andreas Sammann) C:\Program Files (x86)\C2DtoG15\C2DtoG15.exe
(Dropbox, Inc.) C:\Users\Kai\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Creative Technology Ltd) C:\Windows\SysWOW64\Ctxfihlp.exe
(Creative Technology Ltd) C:\Windows\SysWOW64\CTxfispi.exe
(Acronis) C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe
(Acronis) C:\Program Files (x86)\Common Files\Acronis\TibMounter\TibMounterMonitor.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonX86\Microsoft Shared\OFFICE15\CSISYNCCLIENT.EXE
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\root\office15\MSOSYNC.EXE
() C:\Program Files (x86)\1&1 Surf-Stick\UIExec.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Microsoft Corporation) C:\Windows\System32\msiexec.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Acronis) C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe
(Microsoft Corporation) C:\Windows\System32\wbem\WMIADAP.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_13_0_0_206.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_13_0_0_206.exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [Bdagent] => C:\Program Files\Bitdefender\Bitdefender 2013\bdagent.exe [1575192 2013-10-24] (Bitdefender)
HKLM\...\Run: [Launch LCore] => C:\Program Files\Logitech Gaming Software\LCore.exe [6900024 2012-07-24] (Logitech Inc.)
HKLM\...\Run: [AsioReg] => REGSVR32 /S CTASIO.DLL
HKLM\...\Run: [Acronis Scheduler2 Service] => C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe [517912 2013-02-15] (Acronis)
HKLM\...\Run: [Nvtmru] => C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe [1028384 2013-10-18] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\nvspcap64.dll [1100248 2013-12-10] (NVIDIA Corporation)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2279712 2013-12-10] (NVIDIA Corporation)
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [285240 2012-11-19] (Intel Corporation)
HKLM-x32\...\Run: [KeePass 2 PreLoad] => C:\Program Files (x86)\KeePass Password Safe 2\KeePass.exe [1911808 2012-09-08] (Dominik Reichl)
HKLM-x32\...\Run: [FreePDF Assistant] => C:\Program Files (x86)\FreePDF_XP\fpassist.exe [373760 2013-01-10] (shbox.de)
HKLM-x32\...\Run: [VolPanel] => C:\Program Files (x86)\Auzentech\X-Fi Forte 7.1\Volume Panel\VolPanlu.exe [241789 2009-05-04] (Creative Technology Ltd)
HKLM-x32\...\Run: [CTxfiHlp] => CTXFIHLP.EXE
HKLM-x32\...\Run: [AsioReg] => REGSVR32 /S CTASIO.DLL
HKLM-x32\...\Run: [UpdReg] => C:\Windows\UpdReg.EXE [90112 2000-05-11] (Creative Technology Ltd.)
HKLM-x32\...\Run: [TrueImageMonitor.exe] => C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe [6405376 2013-03-28] (Acronis)
HKLM-x32\...\Run: [AcronisTibMounterMonitor] => C:\Program Files (x86)\Common Files\Acronis\TibMounter\TibMounterMonitor.exe [1105848 2013-01-10] (Acronis)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2013-10-01] (Apple Inc.)
HKLM-x32\...\Run: [UIExec] => C:\Program Files (x86)\1&1 Surf-Stick\UIExec.exe [156448 2012-05-04] ()
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-3078760871-2392448518-2218867699-1001\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [1825984 2014-04-24] (Valve Corporation)
HKU\S-1-5-21-3078760871-2392448518-2218867699-1001\...\Run: [EADM] => C:\Program Files (x86)\Origin\Origin.exe [3588952 2014-04-27] (Electronic Arts)
HKU\S-1-5-21-3078760871-2392448518-2218867699-1001\...\Run: [SandboxieControl] => C:\Program Files\Sandboxie\SbieCtrl.exe [759384 2013-07-08] (Sandboxie Holdings, LLC)
HKU\S-1-5-21-3078760871-2392448518-2218867699-1001\...\Run: [SkyDrive] => C:\Users\Kai\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe [257224 2014-04-04] (Microsoft Corporation)
HKU\S-1-5-21-3078760871-2392448518-2218867699-1001\...\Run: [Overwolf] => C:\Program Files (x86)\Overwolf\Overwolf.exe -silent
AppInit_DLLs: C:\Windows\system32\nvinitx.dll => C:\Windows\system32\nvinitx.dll [174296 2014-02-08] (NVIDIA Corporation)
AppInit_DLLs-x32: C:\Windows\SysWOW64\nvinit.dll => C:\Windows\SysWOW64\nvinit.dll [148528 2014-02-08] (NVIDIA Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\aquasuite.lnk
ShortcutTarget: aquasuite.lnk -> C:\Program Files (x86)\Aqua Computer\aquasuite\aquasuite.exe (Aqua Computer GmbH & Co. KG)
Startup: C:\Users\Kai\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\C2DtoG15.lnk
ShortcutTarget: C2DtoG15.lnk -> C:\Program Files (x86)\C2DtoG15\C2DtoG15.exe (Andreas Sammann)
Startup: C:\Users\Kai\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Kai\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://t.de.msn.com/
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x657526B73962CF01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
BHO: BufferZone Web Privacy Manager - {311BA51F-64F2-439D-9A4A-772373D77312} - C:\Program Files\BufferZone\BZBHO64.dll No File
BHO: Lync Browser Helper - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
DPF: HKLM-x32 {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} hxxp://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_intel_4.5.13.0.cab
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1
FireFox:
========
FF ProfilePath: C:\Users\Kai\AppData\Roaming\Mozilla\Firefox\Profiles\it9wu9lc.default
FF NewTab: about:blank
FF Homepage: http://www.trojaner-board.de/153307-...ooc-co-de.html
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_13_0_0_206.dll ()
FF Plugin: @java.com/DTPlugin,version=10.51.2 - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.51.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @videolan.org/vlc,version=2.0.2 - C:\Program Files\VideoLAN\VLC\npvlc.dll No File
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_206.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @esn.me/esnsonar,version=0.70.4 - C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll (ESN Social Software AB)
FF Plugin-x32: @esn/esnlaunch,version=2.1.4 - C:\Program Files (x86)\Battlelog Web Plugins\2.1.4\npesnlaunch.dll No File
FF Plugin-x32: @esn/npbattlelog,version=2.3.1 - C:\Program Files (x86)\Battlelog Web Plugins\2.3.1\npbattlelog.dll (EA Digital Illusions CE AB)
FF Plugin-x32: @esn/npbattlelog,version=2.3.2 - C:\Program Files (x86)\Battlelog Web Plugins\2.3.2\npbattlelog.dll (EA Digital Illusions CE AB)
FF Plugin-x32: @java.com/DTPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @videolan.org/vlc,version=2.0.5 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: ProxTube - Unblock YouTube - C:\Users\Kai\AppData\Roaming\Mozilla\Firefox\Profiles\it9wu9lc.default\Extensions\ich@maltegoetz.de [2013-12-16]
FF Extension: KeeFox - C:\Users\Kai\AppData\Roaming\Mozilla\Firefox\Profiles\it9wu9lc.default\Extensions\keefox@chris.tomlinson [2014-03-23]
FF Extension: WOT - C:\Users\Kai\AppData\Roaming\Mozilla\Firefox\Profiles\it9wu9lc.default\Extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} [2013-11-30]
==================== Services (Whitelisted) =================
R2 BcmBtRSupport; C:\Windows\system32\BtwRSupportService.exe [2246184 2011-12-15] (Broadcom Corporation.)
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2211000 2014-03-30] (Microsoft Corporation)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1809720 2014-04-03] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [857912 2014-04-03] (Malwarebytes Corporation)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1494304 2013-12-10] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [15129376 2013-12-10] (NVIDIA Corporation)
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76888 2013-10-29] ()
R2 SbieSvc; C:\Program Files\Sandboxie\SbieSvc.exe [183896 2013-07-08] (Sandboxie Holdings, LLC)
R2 SystoG15Svc; C:\Program Files (x86)\C2DtoG15\SystoG15Svc.exe [64000 2012-12-12] (Andreas Sammann)
R2 UI Assistant Service; C:\Program Files (x86)\1&1 Surf-Stick\AssistantServices.exe [274208 2012-05-04] ()
R2 UPDATESRV; C:\Program Files\Bitdefender\Bitdefender 2013\updatesrv.exe [67320 2013-10-24] (Bitdefender)
R2 VSSERV; C:\Program Files\Bitdefender\Bitdefender 2013\vsserv.exe [1645256 2013-10-24] (Bitdefender)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [16048 2013-10-25] (Microsoft Corporation)
==================== Drivers (Whitelisted) ====================
R0 avc3; C:\Windows\System32\DRIVERS\avc3.sys [727592 2013-10-24] (BitDefender)
R3 avchv; C:\Windows\system32\DRIVERS\avchv.sys [261056 2012-11-02] (BitDefender)
R3 avckf; C:\Windows\System32\DRIVERS\avckf.sys [601360 2013-10-24] (BitDefender)
S3 bcbtums; C:\Windows\system32\drivers\bcbtums.sys [134696 2012-01-27] (Broadcom Corporation.)
S3 BCM43XX; C:\Windows\system32\DRIVERS\bcmwl63a.sys [5139968 2012-06-02] (Broadcom Corporation)
S0 bdelam; C:\Windows\System32\drivers\bdelam.sys [23456 2012-07-11] (Bitdefender)
R1 bdfwfpf; C:\Program Files\Common Files\Bitdefender\Bitdefender Firewall\bdfwfpf.sys [107008 2013-10-24] (BitDefender LLC)
S3 BDSandBox; C:\Windows\system32\drivers\bdsandbox.sys [82824 2013-10-24] (BitDefender SRL)
S3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [202752 2012-07-26] (Microsoft Corporation)
R1 dtsoftbus01; C:\Windows\System32\drivers\dtsoftbus01.sys [283064 2014-02-23] (Disc Soft Ltd)
R3 e1cexpress; C:\Windows\system32\DRIVERS\e1c63x64.sys [468240 2013-02-21] (Intel Corporation)
R0 gzflt; C:\Windows\System32\DRIVERS\gzflt.sys [150256 2013-10-24] (BitDefender LLC)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-04-03] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [119512 2014-05-01] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63192 2014-04-03] (Malwarebytes Corporation)
R3 nvvad_WaveExtensible; C:\Windows\system32\drivers\nvvad64v.sys [39200 2013-12-05] (NVIDIA Corporation)
R3 SbieDrv; C:\Program Files\Sandboxie\SbieDrv.sys [199384 2013-07-08] (Sandboxie Holdings, LLC)
R3 tap0901_openvpn_accl; C:\Windows\system32\DRIVERS\tap0901_openvpn_accl.sys [37912 2012-08-21] (The OpenVPN Project)
R0 tib; C:\Windows\System32\DRIVERS\tib.sys [1120032 2013-06-23] (Acronis International GmbH)
R0 tib_mounter; C:\Windows\System32\DRIVERS\tib_mounter.sys [183224 2013-06-23] (Acronis)
R0 trufos; C:\Windows\System32\DRIVERS\trufos.sys [389240 2013-10-24] (BitDefender S.R.L.)
R3 WinRing0_1_2_0; C:\Program Files (x86)\C2DtoG15\WinRing0x64.sys [14544 2008-07-26] (OpenLibSys.org)
S3 cpuz136; \??\C:\Windows\TEMP\cpuz136\cpuz136_x64.sys [X]
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2014-05-01 17:33 - 2014-05-01 17:33 - 00000788 _____ () C:\Users\Kai\Desktop\JRT.txt
2014-05-01 17:27 - 2014-05-01 17:27 - 00000000 ____D () C:\Windows\ERUNT
2014-05-01 17:19 - 2014-05-01 17:19 - 00000000 ____D () C:\AdwCleaner
2014-05-01 16:41 - 2014-05-01 17:30 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-05-01 16:40 - 2014-05-01 16:40 - 00001122 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-05-01 16:40 - 2014-05-01 16:40 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-05-01 16:40 - 2014-05-01 16:40 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-05-01 16:40 - 2014-05-01 16:40 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-05-01 16:40 - 2014-04-03 09:51 - 00088280 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-05-01 16:40 - 2014-04-03 09:51 - 00063192 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-05-01 16:40 - 2014-04-03 09:50 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-05-01 15:19 - 2014-05-01 17:34 - 00000000 ____D () C:\Users\Kai\Downloads\Trojaner
2014-05-01 15:17 - 2014-05-01 17:34 - 00000000 ____D () C:\FRST
2014-05-01 15:14 - 2014-05-01 15:14 - 00000168 _____ () C:\Users\Kai\defogger_reenable
2014-05-01 02:57 - 2014-05-01 02:57 - 00003586 _____ () C:\Windows\System32\Tasks\Bitdefender Auto-Scan
2014-05-01 01:57 - 2014-05-01 01:57 - 00214392 _____ () C:\Windows\SysWOW64\PnkBstrB.exe
2014-05-01 01:57 - 2014-05-01 01:56 - 00214392 _____ () C:\Windows\SysWOW64\PnkBstrB.ex0
2014-05-01 01:04 - 2014-05-01 01:04 - 00000000 ____D () C:\Users\Kai\AppData\Local\AutoIt v3
2014-05-01 00:40 - 2014-05-01 01:50 - 00000359 _____ () C:\Users\Kai\SciTE.session
2014-05-01 00:27 - 2014-05-01 00:27 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AutoIt v3
2014-05-01 00:27 - 2014-05-01 00:27 - 00000000 ____D () C:\Program Files (x86)\AutoIt3
2014-05-01 00:20 - 2014-05-01 01:25 - 00000000 ____D () C:\Users\Kai\Desktop\AutoIt
2014-04-29 17:43 - 2014-04-23 01:47 - 00694232 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-04-29 17:43 - 2014-04-23 01:47 - 00078296 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-04-29 17:34 - 2014-04-29 17:34 - 00001006 _____ () C:\Users\Kai\Desktop\Dropbox.lnk
2014-04-13 17:31 - 2014-04-13 17:31 - 00000000 ____D () C:\Users\Kai\Downloads\monatsuebersicht(1)
2014-04-13 17:24 - 2014-04-13 17:33 - 00000000 ____D () C:\Users\Kai\Downloads\Telekom Rechnungen
2014-04-13 16:42 - 2014-04-13 16:42 - 00046389 _____ () C:\Users\Kai\Desktop\Rechnung_12.01.2014.zip
2014-04-13 16:23 - 2014-04-13 16:33 - 00000000 ____D () C:\Users\Kai\AppData\Roaming\gnupg
2014-04-13 16:23 - 2014-04-13 16:23 - 00001057 _____ () C:\Users\Kai\Desktop\Windows Privacy Tray.lnk
2014-04-13 16:23 - 2014-04-13 16:23 - 00000000 ____D () C:\Users\Kai\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\GnuPT
2014-04-13 16:23 - 2014-04-13 16:23 - 00000000 ____D () C:\Program Files (x86)\GnuPT
2014-04-13 16:21 - 2014-04-13 16:21 - 03221593 _____ () C:\Users\Kai\Downloads\gnupt (1).zip
2014-04-13 16:21 - 2014-04-13 16:21 - 00000000 ____D () C:\Users\Kai\Downloads\gnupt (1)
2014-04-13 10:16 - 2014-04-13 10:16 - 00001169 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2014-04-13 10:14 - 2014-04-13 10:14 - 00283192 _____ (Mozilla) C:\Users\Kai\Downloads\Firefox Setup Stub 28.0.exe
2014-04-11 22:50 - 2014-03-07 02:48 - 01766400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-04-11 22:50 - 2014-03-07 02:48 - 01140736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-04-11 22:50 - 2014-03-07 02:47 - 13760512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-04-11 22:50 - 2014-03-07 02:47 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-04-11 22:50 - 2014-03-07 02:47 - 00163840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-04-11 22:50 - 2014-03-07 02:08 - 19273216 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-04-11 22:50 - 2014-03-07 02:08 - 15404544 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-04-11 22:50 - 2014-03-07 02:08 - 02240000 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-04-11 22:50 - 2014-03-07 02:08 - 01365504 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-04-11 22:50 - 2014-03-07 02:08 - 00915968 _____ (Microsoft Corporation) C:\Windows\system32\uxtheme.dll
2014-04-11 22:50 - 2014-03-07 02:08 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2014-04-11 22:50 - 2014-03-07 02:08 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-04-11 22:50 - 2014-03-07 02:08 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-04-11 22:50 - 2014-02-04 01:56 - 00332632 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\storport.sys
2014-04-11 22:50 - 2014-02-04 01:56 - 00278872 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\msiscsi.sys
2014-04-11 22:50 - 2014-02-01 08:55 - 00041984 _____ (Microsoft Corporation) C:\Windows\system32\fveskybackup.dll
2014-04-11 22:50 - 2014-01-31 05:55 - 00209712 _____ (Microsoft Corporation) C:\Windows\system32\NotificationUI.exe
2014-04-11 22:50 - 2014-01-31 02:48 - 00564736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSShared.dll
2014-04-11 22:50 - 2014-01-31 02:48 - 00485888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSDApi.dll
2014-04-11 22:50 - 2014-01-31 02:48 - 00143872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.ApplicationModel.Store.dll
2014-04-11 22:50 - 2014-01-31 02:48 - 00124928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll
2014-04-11 22:50 - 2014-01-31 02:06 - 00690688 _____ (Microsoft Corporation) C:\Windows\system32\WSShared.dll
2014-04-11 22:50 - 2014-01-31 02:06 - 00599040 _____ (Microsoft Corporation) C:\Windows\system32\WSDApi.dll
2014-04-11 22:50 - 2014-01-31 02:06 - 00163840 _____ (Microsoft Corporation) C:\Windows\system32\Windows.ApplicationModel.Store.TestingFramework.dll
2014-04-11 22:50 - 2014-01-27 05:42 - 02232664 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2014-04-11 22:50 - 2014-01-27 05:39 - 01939288 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ntfs.sys
2014-04-11 22:50 - 2014-01-27 02:52 - 17561088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2014-04-11 22:50 - 2014-01-27 02:31 - 19752448 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2014-04-11 22:50 - 2014-01-27 01:17 - 00386722 _____ () C:\Windows\system32\ApnDatabase.xml
2014-04-11 22:50 - 2014-01-16 01:42 - 00118784 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dfsc.sys
2014-04-11 22:50 - 2014-01-11 08:48 - 05979648 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2014-04-11 22:50 - 2014-01-11 07:06 - 05092352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
2014-04-11 22:50 - 2014-01-03 01:35 - 00365568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XpsGdiConverter.dll
2014-04-11 22:50 - 2014-01-03 01:32 - 00523264 _____ (Microsoft Corporation) C:\Windows\system32\XpsGdiConverter.dll
2014-04-11 22:50 - 2013-05-16 00:37 - 00044032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\UXInit.dll
2014-04-11 22:50 - 2013-05-16 00:35 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\UXInit.dll
2014-04-11 22:50 - 2013-05-14 15:14 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-04-11 22:50 - 2013-05-14 11:23 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-04-11 22:50 - 2013-02-21 12:29 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2014-04-11 22:50 - 2013-02-21 12:29 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-04-11 22:50 - 2013-02-21 12:29 - 00039424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-04-11 22:50 - 2013-02-21 12:29 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-04-11 22:50 - 2013-02-21 12:14 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2014-04-11 22:50 - 2013-02-21 12:14 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-04-11 22:50 - 2013-02-19 11:53 - 00534528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\uxtheme.dll
2014-04-11 22:50 - 2012-11-08 06:20 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-04-11 22:50 - 2012-11-08 06:20 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-04-11 22:50 - 2012-07-26 05:06 - 00197120 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-04-11 22:49 - 2014-03-07 02:47 - 14357504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-04-11 22:49 - 2014-03-07 02:47 - 02877952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-04-11 22:49 - 2014-03-07 02:47 - 02049536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-04-11 22:49 - 2014-03-07 02:47 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2014-04-11 22:49 - 2014-03-07 02:08 - 03959808 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-04-11 22:49 - 2014-03-07 02:08 - 02648576 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-04-11 19:51 - 2014-04-11 19:51 - 00001908 _____ () C:\Windows\diagwrn.xml
2014-04-11 19:51 - 2014-04-11 19:51 - 00001908 _____ () C:\Windows\diagerr.xml
2014-04-11 19:51 - 2014-04-11 19:51 - 00000000 ___HD () C:\$WINDOWS.~BT
2014-04-11 18:54 - 2014-04-11 18:54 - 00004976 _____ () C:\Users\Kai\Downloads\GoT3_GER_BRip_XviD_-_FIJ-htf3y2nxy6o.dlc
2014-04-11 18:53 - 2014-04-11 18:53 - 00004976 _____ () C:\Users\Kai\Downloads\GoT2_GER_BRip_XviD_-_FIJ-10f3y2nybdnp4.dlc
2014-04-11 18:44 - 2014-04-11 18:44 - 00004976 _____ () C:\Users\Kai\Downloads\GoT1_GER_BRip_XviD_-_FIJ-qzd3y2n4bfx4.dlc
2014-04-11 18:33 - 2014-04-11 18:33 - 00000000 ____D () C:\Users\Kai\Downloads\Neuer Ordner
2014-04-11 18:30 - 2014-04-11 18:30 - 31419822 _____ () C:\Users\Kai\Downloads\JDownloader.zip
2014-04-11 18:18 - 2014-04-11 18:18 - 00000000 ____D () C:\Users\Kai\CA81F8F9D5304DB588466B41A76AF692.TMP
2014-04-11 18:09 - 2014-04-11 18:09 - 00312744 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
2014-04-11 18:09 - 2014-04-11 18:09 - 00264616 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2014-04-11 18:09 - 2014-04-11 18:09 - 00189352 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe
2014-04-11 18:09 - 2014-04-11 18:09 - 00189352 _____ (Oracle Corporation) C:\Windows\system32\java.exe
2014-04-11 18:09 - 2014-04-11 18:09 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2014-04-11 18:09 - 2014-04-11 18:09 - 00174504 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2014-04-11 18:09 - 2014-04-11 18:09 - 00108968 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge-64.dll
2014-04-11 18:09 - 2014-04-11 18:09 - 00096168 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2014-04-11 18:09 - 2014-04-11 18:09 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-04-11 18:05 - 2014-04-11 18:06 - 30796712 _____ (Oracle Corporation) C:\Users\Kai\Downloads\jre-7u51-windows-x64.exe
2014-04-11 18:05 - 2014-04-11 18:06 - 29141928 _____ (Oracle Corporation) C:\Users\Kai\Downloads\jre-7u51-windows-i586.exe
2014-04-09 17:37 - 2014-04-11 18:18 - 00004330 _____ () C:\PERF.LOG
2014-04-09 17:37 - 2014-04-09 17:37 - 00000000 ____D () C:\Users\Kai\TEMPBZ.TMP
2014-04-09 17:32 - 2014-04-09 17:32 - 00431720 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-04-09 17:31 - 2014-04-11 18:14 - 00000000 _____ () C:\LongFileName.txt
2014-04-09 17:29 - 2014-04-09 17:29 - 00000000 ____D () C:\Virtual
2014-04-09 17:28 - 2014-04-17 19:38 - 00000000 ____D () C:\Program Files (x86)\BufferZone
2014-04-09 17:28 - 2014-04-11 18:18 - 00000000 ____D () C:\ProgramData\BufferZone
2014-04-09 16:04 - 2014-02-06 01:41 - 01257984 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2014-04-09 16:04 - 2014-02-06 01:41 - 00978432 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2014-04-09 16:04 - 2014-02-06 01:26 - 00666112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2014-04-09 16:04 - 2014-02-06 01:19 - 00974848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2014-04-04 21:48 - 2014-04-04 21:48 - 00002288 _____ () C:\Users\Kai\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
==================== One Month Modified Files and Folders =======
2014-05-01 17:34 - 2014-05-01 15:19 - 00000000 ____D () C:\Users\Kai\Downloads\Trojaner
2014-05-01 17:34 - 2014-05-01 15:17 - 00000000 ____D () C:\FRST
2014-05-01 17:33 - 2014-05-01 17:33 - 00000788 _____ () C:\Users\Kai\Desktop\JRT.txt
2014-05-01 17:30 - 2014-05-01 16:41 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-05-01 17:30 - 2014-02-23 21:11 - 00000000 ___RD () C:\Users\Kai\Dropbox
2014-05-01 17:30 - 2014-02-23 20:29 - 00000000 ____D () C:\Users\Kai\AppData\Roaming\Dropbox
2014-05-01 17:30 - 2014-02-23 20:04 - 00005108 _____ () C:\Windows\System32\Tasks\Microsoft Office 15 Sync Maintenance for KAI-Kai Kai
2014-05-01 17:30 - 2013-12-18 18:14 - 00000000 ____D () C:\Users\Kai\AppData\Local\FreePDF_XP
2014-05-01 17:30 - 2013-05-02 01:16 - 00000000 ___RD () C:\Users\Kai\SkyDrive
2014-05-01 17:30 - 2013-03-23 19:46 - 00000000 ____D () C:\Program Files (x86)\Origin
2014-05-01 17:30 - 2013-03-23 15:38 - 00000000 ____D () C:\Program Files (x86)\Steam
2014-05-01 17:29 - 2013-03-23 21:12 - 00000000 ____D () C:\Program Files (x86)\C2DtoG15
2014-05-01 17:29 - 2013-03-23 15:53 - 00000000 ____D () C:\ProgramData\NVIDIA
2014-05-01 17:29 - 2013-03-23 13:47 - 01386503 _____ () C:\Windows\WindowsUpdate.log
2014-05-01 17:29 - 2012-07-26 09:22 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-05-01 17:27 - 2014-05-01 17:27 - 00000000 ____D () C:\Windows\ERUNT
2014-05-01 17:26 - 2012-07-26 12:27 - 00752930 _____ () C:\Windows\system32\perfh007.dat
2014-05-01 17:26 - 2012-07-26 12:27 - 00156156 _____ () C:\Windows\system32\perfc007.dat
2014-05-01 17:26 - 2012-07-26 09:28 - 01748838 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-05-01 17:24 - 2013-03-23 19:46 - 00000000 ____D () C:\ProgramData\Origin
2014-05-01 17:20 - 2013-03-23 13:42 - 00061304 _____ () C:\Windows\PFRO.log
2014-05-01 17:19 - 2014-05-01 17:19 - 00000000 ____D () C:\AdwCleaner
2014-05-01 17:11 - 2012-07-26 07:26 - 00262144 ___SH () C:\Windows\system32\config\BBI
2014-05-01 17:00 - 2012-07-26 10:12 - 00000000 ____D () C:\Windows\system32\sru
2014-05-01 16:46 - 2013-03-23 14:52 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-05-01 16:40 - 2014-05-01 16:40 - 00001122 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-05-01 16:40 - 2014-05-01 16:40 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-05-01 16:40 - 2014-05-01 16:40 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-05-01 16:40 - 2014-05-01 16:40 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-05-01 16:28 - 2013-03-23 13:54 - 00003600 _____ () C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3078760871-2392448518-2218867699-1001
2014-05-01 15:14 - 2014-05-01 15:14 - 00000168 _____ () C:\Users\Kai\defogger_reenable
2014-05-01 15:14 - 2013-03-23 13:46 - 00000000 ____D () C:\Users\Kai
2014-05-01 15:12 - 2013-03-23 22:27 - 00000000 ____D () C:\Users\Kai\AppData\Roaming\TS3Client
2014-05-01 02:57 - 2014-05-01 02:57 - 00003586 _____ () C:\Windows\System32\Tasks\Bitdefender Auto-Scan
2014-05-01 01:57 - 2014-05-01 01:57 - 00214392 _____ () C:\Windows\SysWOW64\PnkBstrB.exe
2014-05-01 01:56 - 2014-05-01 01:57 - 00214392 _____ () C:\Windows\SysWOW64\PnkBstrB.ex0
2014-05-01 01:50 - 2014-05-01 00:40 - 00000359 _____ () C:\Users\Kai\SciTE.session
2014-05-01 01:25 - 2014-05-01 00:20 - 00000000 ____D () C:\Users\Kai\Desktop\AutoIt
2014-05-01 01:04 - 2014-05-01 01:04 - 00000000 ____D () C:\Users\Kai\AppData\Local\AutoIt v3
2014-05-01 00:27 - 2014-05-01 00:27 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AutoIt v3
2014-05-01 00:27 - 2014-05-01 00:27 - 00000000 ____D () C:\Program Files (x86)\AutoIt3
2014-05-01 00:27 - 2012-07-26 12:29 - 00000000 ____D () C:\Windows\ShellNew
2014-04-29 17:35 - 2013-03-23 13:47 - 00000000 ___RD () C:\Users\Kai\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-04-29 17:34 - 2014-04-29 17:34 - 00001006 _____ () C:\Users\Kai\Desktop\Dropbox.lnk
2014-04-29 17:34 - 2014-02-23 21:09 - 00000000 ____D () C:\Users\Kai\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2014-04-29 17:34 - 2012-07-26 10:12 - 00000000 ____D () C:\Windows\AUInstallAgent
2014-04-28 19:47 - 2013-03-23 14:52 - 00003766 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-04-27 20:17 - 2013-03-23 21:31 - 00000000 ____D () C:\Users\Kai\AppData\Roaming\KeePass
2014-04-27 17:57 - 2012-07-26 07:26 - 00262144 ___SH () C:\Windows\system32\config\ELAM
2014-04-27 11:42 - 2013-06-23 13:11 - 00000174 _____ () C:\Users\Kai\cssdt.log
2014-04-27 11:42 - 2013-06-23 13:11 - 00000000 ____D () C:\Program Files (x86)\Corsair SSD Toolbox
2014-04-26 14:24 - 2013-03-25 00:55 - 00813056 ___SH () C:\Users\Kai\Desktop\Thumbs.db
2014-04-26 14:04 - 2013-03-23 22:27 - 00000000 ____D () C:\Program Files\TeamSpeak 3 Client
2014-04-23 01:47 - 2014-04-29 17:43 - 00694232 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-04-23 01:47 - 2014-04-29 17:43 - 00078296 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-04-17 20:21 - 2013-03-23 13:47 - 00000000 ___RD () C:\Users\Kai\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2014-04-17 20:04 - 2012-07-26 10:12 - 00000000 ____D () C:\Windows\rescache
2014-04-17 19:38 - 2014-04-09 17:28 - 00000000 ____D () C:\Program Files (x86)\BufferZone
2014-04-17 19:37 - 2012-07-26 10:12 - 00000000 ___RD () C:\Windows\ToastData
2014-04-17 19:37 - 2012-07-26 10:12 - 00000000 ____D () C:\Windows\WinStore
2014-04-13 22:33 - 2013-07-13 08:05 - 00000000 ____D () C:\Program Files (x86)\JDownloader
2014-04-13 17:33 - 2014-04-13 17:24 - 00000000 ____D () C:\Users\Kai\Downloads\Telekom Rechnungen
2014-04-13 17:31 - 2014-04-13 17:31 - 00000000 ____D () C:\Users\Kai\Downloads\monatsuebersicht(1)
2014-04-13 16:42 - 2014-04-13 16:42 - 00046389 _____ () C:\Users\Kai\Desktop\Rechnung_12.01.2014.zip
2014-04-13 16:33 - 2014-04-13 16:23 - 00000000 ____D () C:\Users\Kai\AppData\Roaming\gnupg
2014-04-13 16:23 - 2014-04-13 16:23 - 00001057 _____ () C:\Users\Kai\Desktop\Windows Privacy Tray.lnk
2014-04-13 16:23 - 2014-04-13 16:23 - 00000000 ____D () C:\Users\Kai\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\GnuPT
2014-04-13 16:23 - 2014-04-13 16:23 - 00000000 ____D () C:\Program Files (x86)\GnuPT
2014-04-13 16:21 - 2014-04-13 16:21 - 03221593 _____ () C:\Users\Kai\Downloads\gnupt (1).zip
2014-04-13 16:21 - 2014-04-13 16:21 - 00000000 ____D () C:\Users\Kai\Downloads\gnupt (1)
2014-04-13 16:10 - 2012-07-26 09:21 - 00002664 _____ () C:\Windows\setupact.log
2014-04-13 10:16 - 2014-04-13 10:16 - 00001169 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2014-04-13 10:16 - 2014-03-29 15:52 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-04-13 10:14 - 2014-04-13 10:14 - 00283192 _____ (Mozilla) C:\Users\Kai\Downloads\Firefox Setup Stub 28.0.exe
2014-04-12 16:30 - 2013-04-13 04:58 - 00000000 ____D () C:\Users\Kai\AppData\Local\Adobe
2014-04-12 09:26 - 2013-05-02 01:06 - 00000000 ____D () C:\Program Files\Microsoft Office 15
2014-04-11 19:55 - 2013-07-13 08:10 - 00000000 ____D () C:\Users\Kai\Downloads\Jdownloader
2014-04-11 19:51 - 2014-04-11 19:51 - 00001908 _____ () C:\Windows\diagwrn.xml
2014-04-11 19:51 - 2014-04-11 19:51 - 00001908 _____ () C:\Windows\diagerr.xml
2014-04-11 19:51 - 2014-04-11 19:51 - 00000000 ___HD () C:\$WINDOWS.~BT
2014-04-11 19:51 - 2012-07-26 09:21 - 00000000 _____ () C:\Windows\setuperr.log
2014-04-11 18:54 - 2014-04-11 18:54 - 00004976 _____ () C:\Users\Kai\Downloads\GoT3_GER_BRip_XviD_-_FIJ-htf3y2nxy6o.dlc
2014-04-11 18:53 - 2014-04-11 18:53 - 00004976 _____ () C:\Users\Kai\Downloads\GoT2_GER_BRip_XviD_-_FIJ-10f3y2nybdnp4.dlc
2014-04-11 18:44 - 2014-04-11 18:44 - 00004976 _____ () C:\Users\Kai\Downloads\GoT1_GER_BRip_XviD_-_FIJ-qzd3y2n4bfx4.dlc
2014-04-11 18:33 - 2014-04-11 18:33 - 00000000 ____D () C:\Users\Kai\Downloads\Neuer Ordner
2014-04-11 18:30 - 2014-04-11 18:30 - 31419822 _____ () C:\Users\Kai\Downloads\JDownloader.zip
2014-04-11 18:18 - 2014-04-11 18:18 - 00000000 ____D () C:\Users\Kai\CA81F8F9D5304DB588466B41A76AF692.TMP
2014-04-11 18:18 - 2014-04-09 17:37 - 00004330 _____ () C:\PERF.LOG
2014-04-11 18:18 - 2014-04-09 17:28 - 00000000 ____D () C:\ProgramData\BufferZone
2014-04-11 18:14 - 2014-04-09 17:31 - 00000000 _____ () C:\LongFileName.txt
2014-04-11 18:09 - 2014-04-11 18:09 - 00312744 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
2014-04-11 18:09 - 2014-04-11 18:09 - 00264616 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2014-04-11 18:09 - 2014-04-11 18:09 - 00189352 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe
2014-04-11 18:09 - 2014-04-11 18:09 - 00189352 _____ (Oracle Corporation) C:\Windows\system32\java.exe
2014-04-11 18:09 - 2014-04-11 18:09 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2014-04-11 18:09 - 2014-04-11 18:09 - 00174504 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2014-04-11 18:09 - 2014-04-11 18:09 - 00108968 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge-64.dll
2014-04-11 18:09 - 2014-04-11 18:09 - 00096168 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2014-04-11 18:09 - 2014-04-11 18:09 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-04-11 18:09 - 2013-10-20 18:57 - 00000000 ____D () C:\ProgramData\Oracle
2014-04-11 18:09 - 2013-07-10 18:08 - 00000000 ____D () C:\Program Files (x86)\Java
2014-04-11 18:06 - 2014-04-11 18:05 - 30796712 _____ (Oracle Corporation) C:\Users\Kai\Downloads\jre-7u51-windows-x64.exe
2014-04-11 18:06 - 2014-04-11 18:05 - 29141928 _____ (Oracle Corporation) C:\Users\Kai\Downloads\jre-7u51-windows-i586.exe
2014-04-10 21:26 - 2013-10-04 02:23 - 00000000 ___RD () C:\Users\Kai\Desktop\Neuer Ordner
2014-04-09 17:37 - 2014-04-09 17:37 - 00000000 ____D () C:\Users\Kai\TEMPBZ.TMP
2014-04-09 17:32 - 2014-04-09 17:32 - 00431720 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-04-09 17:31 - 2013-03-23 15:48 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-04-09 17:29 - 2014-04-09 17:29 - 00000000 ____D () C:\Virtual
2014-04-09 16:14 - 2013-08-13 21:49 - 00000000 ____D () C:\Windows\system32\MRT
2014-04-09 16:14 - 2013-03-23 15:41 - 90655440 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-04-07 18:30 - 2013-03-23 16:14 - 00221530 _____ () C:\Windows\DirectX.log
2014-04-07 17:28 - 2013-03-23 20:27 - 00000000 ____D () C:\Program Files (x86)\Origin Games
2014-04-04 21:48 - 2014-04-04 21:48 - 00002288 _____ () C:\Users\Kai\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2014-04-03 09:51 - 2014-05-01 16:40 - 00088280 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-04-03 09:51 - 2014-05-01 16:40 - 00063192 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-04-03 09:50 - 2014-05-01 16:40 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
Some content of TEMP:
====================
C:\Users\Kai\AppData\Local\Temp\917b0b87-3358-4e79-93de-3dfc2fc99ed0.exe
C:\Users\Kai\AppData\Local\Temp\AIRRuntimeInstaller.exe
C:\Users\Kai\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpuz_rmi.dll
C:\Users\Kai\AppData\Local\Temp\installerdll113718.dll
C:\Users\Kai\AppData\Local\Temp\installerdll2041421.dll
C:\Users\Kai\AppData\Local\Temp\jre-7u21-windows-i586-iftw.exe
C:\Users\Kai\AppData\Local\Temp\jre-7u25-windows-i586-iftw.exe
C:\Users\Kai\AppData\Local\Temp\jre-7u45-windows-i586-iftw.exe
C:\Users\Kai\AppData\Local\Temp\jre-7u51-windows-i586-iftw.exe
C:\Users\Kai\AppData\Local\Temp\nv3DVStreaming.dll
C:\Users\Kai\AppData\Local\Temp\nvSCPAPI.dll
C:\Users\Kai\AppData\Local\Temp\nvSCPAPI64.dll
C:\Users\Kai\AppData\Local\Temp\nvStereoApiI.dll
C:\Users\Kai\AppData\Local\Temp\nvStInst.exe
C:\Users\Kai\AppData\Local\Temp\OfficeSetup.exe
C:\Users\Kai\AppData\Local\Temp\Quarantine.exe
C:\Users\Kai\AppData\Local\Temp\sonarinst.exe
C:\Users\Kai\AppData\Local\Temp\vlc-2.0.5-win32.exe
C:\Users\Kai\AppData\Local\Temp\_is26D.exe
C:\Users\Kai\AppData\Local\Temp\_isF34C.exe
==================== Bamital & volsnap Check =================
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
LastRegBack: 2014-04-27 10:17
==================== End Of Log ============================ --- --- ---
--- --- --- |