Hallo,
Nach dem letzten Neustart meldete sich AVAST (obwohl ich auf deaktivieren gedrückt hatte und die Sicherheitsabfrage kam, und in der notification bar den Hinweis erhielt, dass AVAST nicht aktiv sein) eine Meldung, dass es beim Start von Firefox die Erweiterung flowsurf gefunden hätte - die eine schlechte reputation hätte. Hier habe ich keine Aktion durchführen lassen.
Die Logs:
mbam Code:
Malwarebytes Anti-Malware
www.malwarebytes.org
Suchlauf Datum: 15.01.2015
Suchlauf-Zeit: 19:09:55
Logdatei: mbam.txt
Administrator: Ja
Version: 2.00.4.1028
Malware Datenbank: v2015.01.15.10
Rootkit Datenbank: v2015.01.14.01
Lizenz: Testversion
Malware Schutz: Aktiviert
Bösartiger Webseiten Schutz: Aktiviert
Selbstschutz: Deaktiviert
Betriebssystem: Windows 7 Service Pack 1
CPU: x86
Dateisystem: NTFS
Benutzer: Dominik
Suchlauf-Art: Bedrohungs-Suchlauf
Ergebnis: Abgeschlossen
Durchsuchte Objekte: 370016
Verstrichene Zeit: 36 Min, 2 Sek
Speicher: Aktiviert
Autostart: Aktiviert
Dateisystem: Aktiviert
Archive: Aktiviert
Rootkits: Deaktiviert
Heuristik: Aktiviert
PUP: Aktiviert
PUM: Aktiviert
Prozesse: 9
PUP.Optional.CompatibilityVerifier.A, C:\Users\Default\AppData\Roaming\Compatibility Verifier\compatibilitycheck.exe, 1536, Löschen bei Neustart, [c9ed1cdb1178b680e277551a1ee5be42]
PUP.Optional.CompatibilityVerifier.A, C:\Users\Default\AppData\Roaming\Compatibility Verifier\compatibilitycheck.exe, 540, Löschen bei Neustart, [c9ed1cdb1178b680e277551a1ee5be42]
PUP.Optional.CompatibilityVerifier.A, C:\Users\Default\AppData\Roaming\Compatibility Verifier\compatibilitycheck.exe, 1248, Löschen bei Neustart, [c9ed1cdb1178b680e277551a1ee5be42]
PUP.Optional.CompatibilityVerifier.A, C:\Users\Default\AppData\Roaming\Compatibility Verifier\compatibilitycheck.exe, 5960, Löschen bei Neustart, [c9ed1cdb1178b680e277551a1ee5be42]
PUP.Optional.CompatibilityVerifier.A, C:\Users\Default\AppData\Roaming\Compatibility Verifier\compatibilitycheck.exe, 1092, Löschen bei Neustart, [c9ed1cdb1178b680e277551a1ee5be42]
PUP.Optional.CompatibilityVerifier.A, C:\Users\Default\AppData\Roaming\Compatibility Verifier\compatibilitycheck.exe, 4104, Löschen bei Neustart, [c9ed1cdb1178b680e277551a1ee5be42]
PUP.Optional.CompatibilityVerifier.A, C:\Users\Default\AppData\Roaming\Compatibility Verifier\compatibilitycheck.exe, 3076, Löschen bei Neustart, [c9ed1cdb1178b680e277551a1ee5be42]
PUP.Optional.CompatibilityVerifier.A, C:\Users\Default\AppData\Roaming\Compatibility Verifier\compatibilitycheck.exe, 3752, Löschen bei Neustart, [c9ed1cdb1178b680e277551a1ee5be42]
PUP.Optional.CompatibilityVerifier.A, C:\Users\Default\AppData\Roaming\Compatibility Verifier\compatibilitychecksvc.exe, 3276, Löschen bei Neustart, [c9ed1cdb1178b680e277551a1ee5be42]
Module: 10
PUP.Optional.CompatibilityVerifier.A, C:\Users\Default\AppData\Roaming\Compatibility Verifier\d3dcompiler_46.dll, Löschen bei Neustart, [c9ed1cdb1178b680e277551a1ee5be42],
PUP.Optional.CompatibilityVerifier.A, C:\Users\Default\AppData\Roaming\Compatibility Verifier\d3dcompiler_46.dll, Löschen bei Neustart, [c9ed1cdb1178b680e277551a1ee5be42],
PUP.Optional.CompatibilityVerifier.A, C:\Users\Default\AppData\Roaming\Compatibility Verifier\ffmpegsumo.dll, Löschen bei Neustart, [c9ed1cdb1178b680e277551a1ee5be42],
PUP.Optional.CompatibilityVerifier.A, C:\Users\Default\AppData\Roaming\Compatibility Verifier\ffmpegsumo.dll, Löschen bei Neustart, [c9ed1cdb1178b680e277551a1ee5be42],
PUP.Optional.CompatibilityVerifier.A, C:\Users\Default\AppData\Roaming\Compatibility Verifier\libEGL.dll, Löschen bei Neustart, [c9ed1cdb1178b680e277551a1ee5be42],
PUP.Optional.CompatibilityVerifier.A, C:\Users\Default\AppData\Roaming\Compatibility Verifier\libEGL.dll, Löschen bei Neustart, [c9ed1cdb1178b680e277551a1ee5be42],
PUP.Optional.CompatibilityVerifier.A, C:\Users\Default\AppData\Roaming\Compatibility Verifier\libGLESv2.dll, Löschen bei Neustart, [c9ed1cdb1178b680e277551a1ee5be42],
PUP.Optional.CompatibilityVerifier.A, C:\Users\Default\AppData\Roaming\Compatibility Verifier\libGLESv2.dll, Löschen bei Neustart, [c9ed1cdb1178b680e277551a1ee5be42],
PUP.Optional.CompatibilityVerifier.A, C:\Users\Default\AppData\Roaming\Compatibility Verifier\NPSWF32_15_0_0_189.dll, Löschen bei Neustart, [c9ed1cdb1178b680e277551a1ee5be42],
PUP.Optional.CompatibilityVerifier.A, C:\Users\Default\AppData\Roaming\Compatibility Verifier\NPSWF32_15_0_0_189.dll, Löschen bei Neustart, [c9ed1cdb1178b680e277551a1ee5be42],
Registrierungsschlüssel: 10
PUP.Optional.FlowSurf.A, HKLM\SOFTWARE\CLASSES\CLSID\{6CA2A4DE-483E-456B-8634-6445460D7097}, In Quarantäne, [c8ee19deb6d3b18597951ecfa161619f],
PUP.Optional.FlowSurf.A, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\EXTENSIONS\{6CA2A4DE-483E-456B-8634-6445460D7097}, In Quarantäne, [c8ee19deb6d3b18597951ecfa161619f],
PUP.Optional.FlowSurf.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\EXTENSIONS\{6CA2A4DE-483E-456B-8634-6445460D7097}, In Quarantäne, [c8ee19deb6d3b18597951ecfa161619f],
PUP.Optional.AdPeak.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{10AD2C61-0898-4348-8600-14A342F22AC3}, In Quarantäne, [288e62958306dc5ace2ba34905fddf21],
PUP.Optional.SupTab.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C}, In Quarantäne, [cbebe611fb8e79bde7b77975d62c1ae6],
PUP.Optional.CompatibilityVerifier.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\Verifies and fixes application compatibility issues, In Quarantäne, [c9ed1cdb1178b680e277551a1ee5be42],
PUP.Optional.AdPeak.A, HKLM\SOFTWARE\LevelQualityWatcher, In Quarantäne, [a01646b199f05cda58c897fae51e60a0],
PUP.Optional.RRSavings.A, HKLM\SOFTWARE\rrsavings, In Quarantäne, [4472cd2a19709e988130b4eda75c56aa],
PUP.Optional.IEPluginServices.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\EVENTLOG\APPLICATION\IePluginService, In Quarantäne, [fbbb48afb1d8b086547510665da656aa],
PUP.Optional.FlowSurf.A, HKU\S-1-5-21-3362981809-2306697286-120240772-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\FLOWSURF, In Quarantäne, [189e32c5a9e0d85e4a64dd07eb19b050],
Registrierungswerte: 3
PUP.Optional.FlowSurf.A, HKLM\SOFTWARE\MOZILLA\FIREFOX\EXTENSIONS|jid1-tofUlNEIFlkUIA@jetpack, C:\Program Files\Flowsurf\jid1-tofUlNEIFlkUIA@jetpack, In Quarantäne, [3b7bbb3cc3c6082e63d99610b54e4ab6]
PUP.Optional.FlowSurf.A, HKU\S-1-5-21-3362981809-2306697286-120240772-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\FLOWSURF|chrid, oglkiljdmflopemijdadoiepkhcaodjn, In Quarantäne, [189e32c5a9e0d85e4a64dd07eb19b050]
PUP.Optional.QuickStart.A, HKU\S-1-5-21-3362981809-2306697286-120240772-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MOZILLA\EXTENDS|appid, quick_start@gmail.com, In Quarantäne, [eec8a6516c1d5dd99283b8db7b880bf5]
Registrierungsdaten: 0
(Keine schädliche Elemente erkannt)
Ordner: 15
PUP.Optional.CompatibilityVerifier.A, C:\Users\Default\AppData\Roaming\Compatibility Verifier, Löschen bei Neustart, [c9ed1cdb1178b680e277551a1ee5be42],
PUP.Optional.CompatibilityVerifier.A, C:\Users\Default\AppData\Roaming\Compatibility Verifier\locales, In Quarantäne, [c9ed1cdb1178b680e277551a1ee5be42],
PUP.Optional.CompatibilityVerifier.A, C:\Users\Dominik\AppData\Roaming\Compatibility Verifier, In Quarantäne, [05b14fa8a6e332041a3ff57a54af2fd1],
PUP.Optional.CompatibilityVerifier.A, C:\Users\Dominik\AppData\Roaming\Compatibility Verifier\locales, In Quarantäne, [05b14fa8a6e332041a3ff57a54af2fd1],
PUP.Optional.AdPeak.A, C:\temp, In Quarantäne, [1a9c787f7f0a9c9a6ef0d1c551b20000],
PUP.Optional.IePluginService.A, C:\ProgramData\IePluginService, In Quarantäne, [179f9d5a36535dd90017db5fc340be42],
PUP.Optional.IePluginService.A, C:\ProgramData\IePluginService\update, In Quarantäne, [179f9d5a36535dd90017db5fc340be42],
PUP.Optional.FlowSurf.A, C:\Users\Dominik\AppData\Local\Google\Chrome\User Data\Default\Extensions\oglkiljdmflopemijdadoiepkhcaodjn, In Quarantäne, [694d52a54049c86ece41fa4510f3b64a],
PUP.Optional.FlowSurf.A, C:\Users\Dominik\AppData\Local\Google\Chrome\User Data\Default\Extensions\oglkiljdmflopemijdadoiepkhcaodjn\1.5.28_0, In Quarantäne, [694d52a54049c86ece41fa4510f3b64a],
PUP.Optional.FlowSurf.A, C:\Users\Dominik\AppData\Local\Google\Chrome\User Data\Default\Extensions\oglkiljdmflopemijdadoiepkhcaodjn\1.5.28_0\icons, In Quarantäne, [694d52a54049c86ece41fa4510f3b64a],
PUP.Optional.FlowSurf.A, C:\Users\Dominik\AppData\Local\Google\Chrome\User Data\Default\Extensions\oglkiljdmflopemijdadoiepkhcaodjn\1.5.28_0\includes, In Quarantäne, [694d52a54049c86ece41fa4510f3b64a],
PUP.Optional.FlowSurf.A, C:\Users\Dominik\AppData\Local\Google\Chrome\User Data\Default\Extensions\oglkiljdmflopemijdadoiepkhcaodjn\1.5.28_0\kango, In Quarantäne, [694d52a54049c86ece41fa4510f3b64a],
PUP.Optional.FlowSurf.A, C:\Users\Dominik\AppData\Local\Google\Chrome\User Data\Default\Extensions\oglkiljdmflopemijdadoiepkhcaodjn\1.5.28_0\kango-ui, In Quarantäne, [694d52a54049c86ece41fa4510f3b64a],
PUP.Optional.RRSavings.A, C:\Program Files\RrFilter, In Quarantäne, [30866790464310269e21ec569d66c838],
PUP.Optional.RRSavings.A, C:\Program Files\RrFilter\SSL, In Quarantäne, [30866790464310269e21ec569d66c838],
Dateien: 74
PUP.Optional.IePluginService.A, C:\ProgramData\IePluginService\PluginService.exe, In Quarantäne, [3d7929cebbce71c5077bc0b87b86a759],
PUP.Optional.CompatibilityVerifier.A, C:\Users\Default\AppData\Roaming\Compatibility Verifier\cef.pak, Löschen bei Neustart, [c9ed1cdb1178b680e277551a1ee5be42],
PUP.Optional.CompatibilityVerifier.A, C:\Users\Default\AppData\Roaming\Compatibility Verifier\cef_100_percent.pak, Löschen bei Neustart, [c9ed1cdb1178b680e277551a1ee5be42],
PUP.Optional.CompatibilityVerifier.A, C:\Users\Default\AppData\Roaming\Compatibility Verifier\cef_200_percent.pak, In Quarantäne, [c9ed1cdb1178b680e277551a1ee5be42],
PUP.Optional.CompatibilityVerifier.A, C:\Users\Default\AppData\Roaming\Compatibility Verifier\compatibilitycheck.exe, Löschen bei Neustart, [c9ed1cdb1178b680e277551a1ee5be42],
PUP.Optional.CompatibilityVerifier.A, C:\Users\Default\AppData\Roaming\Compatibility Verifier\compatibilitychecksvc.exe, Löschen bei Neustart, [c9ed1cdb1178b680e277551a1ee5be42],
PUP.Optional.CompatibilityVerifier.A, C:\Users\Default\AppData\Roaming\Compatibility Verifier\d3dcompiler_46.dll, Löschen bei Neustart, [c9ed1cdb1178b680e277551a1ee5be42],
PUP.Optional.CompatibilityVerifier.A, C:\Users\Default\AppData\Roaming\Compatibility Verifier\debug.log, Löschen bei Neustart, [c9ed1cdb1178b680e277551a1ee5be42],
PUP.Optional.CompatibilityVerifier.A, C:\Users\Default\AppData\Roaming\Compatibility Verifier\ffmpegsumo.dll, Löschen bei Neustart, [c9ed1cdb1178b680e277551a1ee5be42],
PUP.Optional.CompatibilityVerifier.A, C:\Users\Default\AppData\Roaming\Compatibility Verifier\icudtl.dat, Löschen bei Neustart, [c9ed1cdb1178b680e277551a1ee5be42],
PUP.Optional.CompatibilityVerifier.A, C:\Users\Default\AppData\Roaming\Compatibility Verifier\libEGL.dll, Löschen bei Neustart, [c9ed1cdb1178b680e277551a1ee5be42],
PUP.Optional.CompatibilityVerifier.A, C:\Users\Default\AppData\Roaming\Compatibility Verifier\libGLESv2.dll, Löschen bei Neustart, [c9ed1cdb1178b680e277551a1ee5be42],
PUP.Optional.CompatibilityVerifier.A, C:\Users\Default\AppData\Roaming\Compatibility Verifier\NPSWF32_15_0_0_189.dll, Löschen bei Neustart, [c9ed1cdb1178b680e277551a1ee5be42],
PUP.Optional.CompatibilityVerifier.A, C:\Users\Default\AppData\Roaming\Compatibility Verifier\vcredist_x86.exe, In Quarantäne, [c9ed1cdb1178b680e277551a1ee5be42],
PUP.Optional.CompatibilityVerifier.A, C:\Users\Dominik\AppData\Roaming\Compatibility Verifier\cef.pak, In Quarantäne, [05b14fa8a6e332041a3ff57a54af2fd1],
PUP.Optional.CompatibilityVerifier.A, C:\Users\Dominik\AppData\Roaming\Compatibility Verifier\cef_100_percent.pak, In Quarantäne, [05b14fa8a6e332041a3ff57a54af2fd1],
PUP.Optional.CompatibilityVerifier.A, C:\Users\Dominik\AppData\Roaming\Compatibility Verifier\cef_200_percent.pak, In Quarantäne, [05b14fa8a6e332041a3ff57a54af2fd1],
PUP.Optional.CompatibilityVerifier.A, C:\Users\Dominik\AppData\Roaming\Compatibility Verifier\compatibilitycheck.exe, In Quarantäne, [05b14fa8a6e332041a3ff57a54af2fd1],
PUP.Optional.CompatibilityVerifier.A, C:\Users\Dominik\AppData\Roaming\Compatibility Verifier\compatibilitychecksvc.exe, In Quarantäne, [05b14fa8a6e332041a3ff57a54af2fd1],
PUP.Optional.CompatibilityVerifier.A, C:\Users\Dominik\AppData\Roaming\Compatibility Verifier\d3dcompiler_46.dll, In Quarantäne, [05b14fa8a6e332041a3ff57a54af2fd1],
PUP.Optional.CompatibilityVerifier.A, C:\Users\Dominik\AppData\Roaming\Compatibility Verifier\debug.log, In Quarantäne, [05b14fa8a6e332041a3ff57a54af2fd1],
PUP.Optional.CompatibilityVerifier.A, C:\Users\Dominik\AppData\Roaming\Compatibility Verifier\ffmpegsumo.dll, In Quarantäne, [05b14fa8a6e332041a3ff57a54af2fd1],
PUP.Optional.CompatibilityVerifier.A, C:\Users\Dominik\AppData\Roaming\Compatibility Verifier\icudtl.dat, In Quarantäne, [05b14fa8a6e332041a3ff57a54af2fd1],
PUP.Optional.CompatibilityVerifier.A, C:\Users\Dominik\AppData\Roaming\Compatibility Verifier\libEGL.dll, In Quarantäne, [05b14fa8a6e332041a3ff57a54af2fd1],
PUP.Optional.CompatibilityVerifier.A, C:\Users\Dominik\AppData\Roaming\Compatibility Verifier\libGLESv2.dll, In Quarantäne, [05b14fa8a6e332041a3ff57a54af2fd1],
PUP.Optional.CompatibilityVerifier.A, C:\Users\Dominik\AppData\Roaming\Compatibility Verifier\NPSWF32_15_0_0_189.dll, In Quarantäne, [05b14fa8a6e332041a3ff57a54af2fd1],
PUP.Optional.CompatibilityVerifier.A, C:\Users\Dominik\AppData\Roaming\Compatibility Verifier\vcredist_x86.exe, In Quarantäne, [05b14fa8a6e332041a3ff57a54af2fd1],
PUP.Optional.AdPeak.A, C:\temp\lsp2.log, In Quarantäne, [1a9c787f7f0a9c9a6ef0d1c551b20000],
PUP.Optional.AdPeak.A, C:\temp\InstallFilter32.msi, In Quarantäne, [1a9c787f7f0a9c9a6ef0d1c551b20000],
PUP.Optional.AdPeak.A, C:\temp\output.txt, In Quarantäne, [1a9c787f7f0a9c9a6ef0d1c551b20000],
PUP.Optional.AdPeak.A, C:\temp\t.txt, In Quarantäne, [1a9c787f7f0a9c9a6ef0d1c551b20000],
PUP.Optional.QuickStart.A, C:\Users\Dominik\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_pelmeidfhdlhlbjimpabfcbnnojbboma_0.localstorage, In Quarantäne, [d2e4b93e70192016d42006e2a262d729],
PUP.Optional.QuickStart.A, C:\Users\Dominik\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_pelmeidfhdlhlbjimpabfcbnnojbboma_0.localstorage-journal, In Quarantäne, [22947b7c2f5a79bd8f65e6024bb907f9],
PUP.Optional.IePluginService.A, C:\ProgramData\IePluginService\update\conf, In Quarantäne, [179f9d5a36535dd90017db5fc340be42],
PUP.Optional.FlowSurf.A, C:\Users\Dominik\AppData\Local\Google\Chrome\User Data\Default\Extensions\oglkiljdmflopemijdadoiepkhcaodjn\1.5.28_0\background.html, In Quarantäne, [694d52a54049c86ece41fa4510f3b64a],
PUP.Optional.FlowSurf.A, C:\Users\Dominik\AppData\Local\Google\Chrome\User Data\Default\Extensions\oglkiljdmflopemijdadoiepkhcaodjn\1.5.28_0\extension_info.json, In Quarantäne, [694d52a54049c86ece41fa4510f3b64a],
PUP.Optional.FlowSurf.A, C:\Users\Dominik\AppData\Local\Google\Chrome\User Data\Default\Extensions\oglkiljdmflopemijdadoiepkhcaodjn\1.5.28_0\extension_info.json.bak, In Quarantäne, [694d52a54049c86ece41fa4510f3b64a],
PUP.Optional.FlowSurf.A, C:\Users\Dominik\AppData\Local\Google\Chrome\User Data\Default\Extensions\oglkiljdmflopemijdadoiepkhcaodjn\1.5.28_0\flowsurf-drop.png, In Quarantäne, [694d52a54049c86ece41fa4510f3b64a],
PUP.Optional.FlowSurf.A, C:\Users\Dominik\AppData\Local\Google\Chrome\User Data\Default\Extensions\oglkiljdmflopemijdadoiepkhcaodjn\1.5.28_0\flowsurf.css, In Quarantäne, [694d52a54049c86ece41fa4510f3b64a],
PUP.Optional.FlowSurf.A, C:\Users\Dominik\AppData\Local\Google\Chrome\User Data\Default\Extensions\oglkiljdmflopemijdadoiepkhcaodjn\1.5.28_0\jquery-1.7.2.min.js, In Quarantäne, [694d52a54049c86ece41fa4510f3b64a],
PUP.Optional.FlowSurf.A, C:\Users\Dominik\AppData\Local\Google\Chrome\User Data\Default\Extensions\oglkiljdmflopemijdadoiepkhcaodjn\1.5.28_0\main.js, In Quarantäne, [694d52a54049c86ece41fa4510f3b64a],
PUP.Optional.FlowSurf.A, C:\Users\Dominik\AppData\Local\Google\Chrome\User Data\Default\Extensions\oglkiljdmflopemijdadoiepkhcaodjn\1.5.28_0\main.js.bak, In Quarantäne, [694d52a54049c86ece41fa4510f3b64a],
PUP.Optional.FlowSurf.A, C:\Users\Dominik\AppData\Local\Google\Chrome\User Data\Default\Extensions\oglkiljdmflopemijdadoiepkhcaodjn\1.5.28_0\manifest.json, In Quarantäne, [694d52a54049c86ece41fa4510f3b64a],
PUP.Optional.FlowSurf.A, C:\Users\Dominik\AppData\Local\Google\Chrome\User Data\Default\Extensions\oglkiljdmflopemijdadoiepkhcaodjn\1.5.28_0\readme.txt, In Quarantäne, [694d52a54049c86ece41fa4510f3b64a],
PUP.Optional.FlowSurf.A, C:\Users\Dominik\AppData\Local\Google\Chrome\User Data\Default\Extensions\oglkiljdmflopemijdadoiepkhcaodjn\1.5.28_0\icons\button.png, In Quarantäne, [694d52a54049c86ece41fa4510f3b64a],
PUP.Optional.FlowSurf.A, C:\Users\Dominik\AppData\Local\Google\Chrome\User Data\Default\Extensions\oglkiljdmflopemijdadoiepkhcaodjn\1.5.28_0\icons\icon100.png, In Quarantäne, [694d52a54049c86ece41fa4510f3b64a],
PUP.Optional.FlowSurf.A, C:\Users\Dominik\AppData\Local\Google\Chrome\User Data\Default\Extensions\oglkiljdmflopemijdadoiepkhcaodjn\1.5.28_0\icons\icon128.png, In Quarantäne, [694d52a54049c86ece41fa4510f3b64a],
PUP.Optional.FlowSurf.A, C:\Users\Dominik\AppData\Local\Google\Chrome\User Data\Default\Extensions\oglkiljdmflopemijdadoiepkhcaodjn\1.5.28_0\icons\icon16.png, In Quarantäne, [694d52a54049c86ece41fa4510f3b64a],
PUP.Optional.FlowSurf.A, C:\Users\Dominik\AppData\Local\Google\Chrome\User Data\Default\Extensions\oglkiljdmflopemijdadoiepkhcaodjn\1.5.28_0\icons\icon256.png, In Quarantäne, [694d52a54049c86ece41fa4510f3b64a],
PUP.Optional.FlowSurf.A, C:\Users\Dominik\AppData\Local\Google\Chrome\User Data\Default\Extensions\oglkiljdmflopemijdadoiepkhcaodjn\1.5.28_0\icons\icon32.png, In Quarantäne, [694d52a54049c86ece41fa4510f3b64a],
PUP.Optional.FlowSurf.A, C:\Users\Dominik\AppData\Local\Google\Chrome\User Data\Default\Extensions\oglkiljdmflopemijdadoiepkhcaodjn\1.5.28_0\icons\icon48.png, In Quarantäne, [694d52a54049c86ece41fa4510f3b64a],
PUP.Optional.FlowSurf.A, C:\Users\Dominik\AppData\Local\Google\Chrome\User Data\Default\Extensions\oglkiljdmflopemijdadoiepkhcaodjn\1.5.28_0\icons\icon64.png, In Quarantäne, [694d52a54049c86ece41fa4510f3b64a],
PUP.Optional.FlowSurf.A, C:\Users\Dominik\AppData\Local\Google\Chrome\User Data\Default\Extensions\oglkiljdmflopemijdadoiepkhcaodjn\1.5.28_0\includes\content_init.js, In Quarantäne, [694d52a54049c86ece41fa4510f3b64a],
PUP.Optional.FlowSurf.A, C:\Users\Dominik\AppData\Local\Google\Chrome\User Data\Default\Extensions\oglkiljdmflopemijdadoiepkhcaodjn\1.5.28_0\includes\content_kango.js, In Quarantäne, [694d52a54049c86ece41fa4510f3b64a],
PUP.Optional.FlowSurf.A, C:\Users\Dominik\AppData\Local\Google\Chrome\User Data\Default\Extensions\oglkiljdmflopemijdadoiepkhcaodjn\1.5.28_0\includes\invoke_async_module.js, In Quarantäne, [694d52a54049c86ece41fa4510f3b64a],
PUP.Optional.FlowSurf.A, C:\Users\Dominik\AppData\Local\Google\Chrome\User Data\Default\Extensions\oglkiljdmflopemijdadoiepkhcaodjn\1.5.28_0\includes\message_target_module.js, In Quarantäne, [694d52a54049c86ece41fa4510f3b64a],
PUP.Optional.FlowSurf.A, C:\Users\Dominik\AppData\Local\Google\Chrome\User Data\Default\Extensions\oglkiljdmflopemijdadoiepkhcaodjn\1.5.28_0\includes\userscript_client.js, In Quarantäne, [694d52a54049c86ece41fa4510f3b64a],
PUP.Optional.FlowSurf.A, C:\Users\Dominik\AppData\Local\Google\Chrome\User Data\Default\Extensions\oglkiljdmflopemijdadoiepkhcaodjn\1.5.28_0\kango\backgroundscript_engine.js, In Quarantäne, [694d52a54049c86ece41fa4510f3b64a],
PUP.Optional.FlowSurf.A, C:\Users\Dominik\AppData\Local\Google\Chrome\User Data\Default\Extensions\oglkiljdmflopemijdadoiepkhcaodjn\1.5.28_0\kango\browser.js, In Quarantäne, [694d52a54049c86ece41fa4510f3b64a],
PUP.Optional.FlowSurf.A, C:\Users\Dominik\AppData\Local\Google\Chrome\User Data\Default\Extensions\oglkiljdmflopemijdadoiepkhcaodjn\1.5.28_0\kango\console.js, In Quarantäne, [694d52a54049c86ece41fa4510f3b64a],
PUP.Optional.FlowSurf.A, C:\Users\Dominik\AppData\Local\Google\Chrome\User Data\Default\Extensions\oglkiljdmflopemijdadoiepkhcaodjn\1.5.28_0\kango\i18n.js, In Quarantäne, [694d52a54049c86ece41fa4510f3b64a],
PUP.Optional.FlowSurf.A, C:\Users\Dominik\AppData\Local\Google\Chrome\User Data\Default\Extensions\oglkiljdmflopemijdadoiepkhcaodjn\1.5.28_0\kango\initialize.js, In Quarantäne, [694d52a54049c86ece41fa4510f3b64a],
PUP.Optional.FlowSurf.A, C:\Users\Dominik\AppData\Local\Google\Chrome\User Data\Default\Extensions\oglkiljdmflopemijdadoiepkhcaodjn\1.5.28_0\kango\io.js, In Quarantäne, [694d52a54049c86ece41fa4510f3b64a],
PUP.Optional.FlowSurf.A, C:\Users\Dominik\AppData\Local\Google\Chrome\User Data\Default\Extensions\oglkiljdmflopemijdadoiepkhcaodjn\1.5.28_0\kango\kango.js, In Quarantäne, [694d52a54049c86ece41fa4510f3b64a],
PUP.Optional.FlowSurf.A, C:\Users\Dominik\AppData\Local\Google\Chrome\User Data\Default\Extensions\oglkiljdmflopemijdadoiepkhcaodjn\1.5.28_0\kango\lang.js, In Quarantäne, [694d52a54049c86ece41fa4510f3b64a],
PUP.Optional.FlowSurf.A, C:\Users\Dominik\AppData\Local\Google\Chrome\User Data\Default\Extensions\oglkiljdmflopemijdadoiepkhcaodjn\1.5.28_0\kango\messaging.js, In Quarantäne, [694d52a54049c86ece41fa4510f3b64a],
PUP.Optional.FlowSurf.A, C:\Users\Dominik\AppData\Local\Google\Chrome\User Data\Default\Extensions\oglkiljdmflopemijdadoiepkhcaodjn\1.5.28_0\kango\storage.js, In Quarantäne, [694d52a54049c86ece41fa4510f3b64a],
PUP.Optional.FlowSurf.A, C:\Users\Dominik\AppData\Local\Google\Chrome\User Data\Default\Extensions\oglkiljdmflopemijdadoiepkhcaodjn\1.5.28_0\kango\userscript_engine.js, In Quarantäne, [694d52a54049c86ece41fa4510f3b64a],
PUP.Optional.FlowSurf.A, C:\Users\Dominik\AppData\Local\Google\Chrome\User Data\Default\Extensions\oglkiljdmflopemijdadoiepkhcaodjn\1.5.28_0\kango\xhr.js, In Quarantäne, [694d52a54049c86ece41fa4510f3b64a],
PUP.Optional.FlowSurf.A, C:\Users\Dominik\AppData\Local\Google\Chrome\User Data\Default\Extensions\oglkiljdmflopemijdadoiepkhcaodjn\1.5.28_0\kango-ui\browser_button.js, In Quarantäne, [694d52a54049c86ece41fa4510f3b64a],
PUP.Optional.FlowSurf.A, C:\Users\Dominik\AppData\Local\Google\Chrome\User Data\Default\Extensions\oglkiljdmflopemijdadoiepkhcaodjn\1.5.28_0\kango-ui\kango_api.js, In Quarantäne, [694d52a54049c86ece41fa4510f3b64a],
PUP.Optional.FlowSurf.A, C:\Users\Dominik\AppData\Local\Google\Chrome\User Data\Default\Extensions\oglkiljdmflopemijdadoiepkhcaodjn\1.5.28_0\kango-ui\options.js, In Quarantäne, [694d52a54049c86ece41fa4510f3b64a],
PUP.Optional.FlowSurf.A, C:\Users\Dominik\AppData\Local\Google\Chrome\User Data\Default\Extensions\oglkiljdmflopemijdadoiepkhcaodjn\1.5.28_0\kango-ui\remote_popup_host.html, In Quarantäne, [694d52a54049c86ece41fa4510f3b64a],
PUP.Optional.FlowSurf.A, C:\Users\Dominik\AppData\Local\Google\Chrome\User Data\Default\Extensions\oglkiljdmflopemijdadoiepkhcaodjn\1.5.28_0\kango-ui\ui.js, In Quarantäne, [694d52a54049c86ece41fa4510f3b64a],
Physische Sektoren: 0
(Keine schädliche Elemente erkannt)
(end) Adwcleaner: Code:
# AdwCleaner v4.107 - Bericht erstellt am 15/01/2015 um 20:13:20
# Aktualisiert 07/01/2015 von Xplode
# Database : 2015-01-13.2 [Live]
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (32 bits)
# Benutzername : Dominik - TROLLINGSARUMAN
# Gestartet von : C:\Users\Dominik\Desktop\AdwCleaner_4.107.exe
# Option : Löschen
***** [ Dienste ] *****
***** [ Dateien / Ordner ] *****
Ordner Gelöscht : C:\ProgramData\NCH Software
Ordner Gelöscht : C:\ProgramData\WPM
Ordner Gelöscht : C:\Program Files\002
Ordner Gelöscht : C:\Users\Dominik\AppData\Local\FreeFixer
Ordner Gelöscht : C:\Users\Dominik\AppData\Roaming\FreeFixer
Ordner Gelöscht : C:\Users\Dominik\AppData\Roaming\InetStat
Ordner Gelöscht : C:\Users\Dominik\AppData\Roaming\NCH Software
Datei Gelöscht : C:\Users\Dominik\Favorites\Startfenster.lnk
Datei Gelöscht : C:\Windows\system32\drivers\netfilter.sys
Datei Gelöscht : C:\Users\Dominik\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Startfenster.lnk
Datei Gelöscht : C:\Users\Dominik\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Startfenster.lnk
Datei Gelöscht : C:\Users\Dominik\AppData\Roaming\Mozilla\Firefox\Profiles\51dpc675.default\foxydeal.sqlite
***** [ Tasks ] *****
Task Gelöscht : fsupdate
***** [ Verknüpfungen ] *****
***** [ Registrierungsdatenbank ] *****
Schlüssel Gelöscht : HKCU\Software\Mozilla\Extends
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{A8018C54-B702-4D52-9ACC-8CA78911E633}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{C6A846C5-D67F-48B4-8552-C22354E56966}
Schlüssel Gelöscht : HKCU\Software\InetStat
Schlüssel Gelöscht : HKCU\Software\OCS
Schlüssel Gelöscht : HKCU\Software\usyndication.com
Schlüssel Gelöscht : HKCU\Software\USyndication
***** [ Browser ] *****
-\\ Internet Explorer v11.0.9600.17496
-\\ Mozilla Firefox v34.0 (x86 de)
[51dpc675.default\prefs.js] - Zeile gelöscht : user_pref("extensions.quick_start.enable_search1", false);
[51dpc675.default\prefs.js] - Zeile gelöscht : user_pref("extensions.quick_start.sd.closeWindowWithLastTab_prev_state", false);
-\\ Google Chrome v39.0.2171.95
-\\ Chromium v
*************************
AdwCleaner[R0].txt - [14338 octets] - [30/04/2014 19:24:18]
AdwCleaner[R1].txt - [1315 octets] - [30/04/2014 19:50:07]
AdwCleaner[R2].txt - [1363 octets] - [02/05/2014 00:59:57]
AdwCleaner[R3].txt - [1484 octets] - [06/06/2014 23:22:50]
AdwCleaner[R4].txt - [2842 octets] - [15/01/2015 20:04:20]
AdwCleaner[S0].txt - [12962 octets] - [30/04/2014 19:25:39]
AdwCleaner[S1].txt - [1376 octets] - [30/04/2014 19:51:00]
AdwCleaner[S2].txt - [1545 octets] - [06/06/2014 23:25:39]
AdwCleaner[S3].txt - [2719 octets] - [15/01/2015 20:13:20]
########## EOF - C:\AdwCleaner\AdwCleaner[S3].txt - [2779 octets] ########## und Code:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.4.1 (12.28.2014:1)
OS: Windows 7 Home Premium x86
Ran by Dominik on 16.01.2015 at 17:33:57,93
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~ Services
~~~ Registry Values
~~~ Registry Keys
~~~ Files
Successfully deleted: [File] C:\Windows\System32\Tasks\RegistryDr_Popup
Successfully deleted: [File] C:\Windows\System32\Tasks\RegistryDr_Start
Successfully deleted: [File] "C:\Users\Dominik\favorites\links\startfenster.lnk"
~~~ Folders
~~~ FireFox
Emptied folder: C:\Users\Dominik\AppData\Roaming\mozilla\firefox\profiles\51dpc675.default\minidumps [484 files]
~~~ Event Viewer Logs were cleared
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 16.01.2015 at 17:35:47,12
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Da war doch noch was - das FRST Log....
FRST Logfile:
FRST Logfile: Code:
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 15-01-2015 01
Ran by Dominik (administrator) on TROLLINGSARUMAN on 16-01-2015 19:06:54
Running from C:\Users\Dominik\Desktop
Loaded Profiles: Dominik (Available profiles: Dominik & TogetherCrazyGaming)
Platform: Microsoft Windows 7 Home Premium Service Pack 1 (X86) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(LogMeIn, Inc.) C:\Program Files\LogMeIn Hamachi\LMIGuardianSvc.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe
() C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe
(LogMeIn Inc.) C:\Program Files\LogMeIn Hamachi\hamachi-2.exe
() C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe
(Avast Software) C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbam.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Update Core\NvBackend.exe
(Logitech Inc.) C:\Program Files\Logitech Gaming Software\LCore.exe
(LogMeIn Inc.) C:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(Akamai Technologies, Inc.) C:\Users\Dominik\AppData\Local\Akamai\netsession_win.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Akamai Technologies, Inc.) C:\Users\Dominik\AppData\Local\Akamai\netsession_win.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(MAGIX AG) C:\Program Files\Common Files\MAGIX Services\Database\bin\FABS.exe
(Microsoft Corporation) C:\Windows\System32\wuauclt.exe
(Microsoft Corporation) C:\Windows\System32\taskmgr.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [11733648 2012-11-19] (Realtek Semiconductor)
HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
HKLM\...\Run: [NvBackend] => C:\Program Files\NVIDIA Corporation\Update Core\NvBackend.exe [2199840 2014-04-30] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [Launch LCore] => C:\Program Files\Logitech Gaming Software\LCore.exe [8187160 2014-07-28] (Logitech Inc.)
HKLM\...\Run: [LogMeIn Hamachi Ui] => C:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe [3838800 2014-12-13] (LogMeIn Inc.)
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [5227112 2015-01-09] (AVAST Software)
HKU\S-1-5-21-3362981809-2306697286-120240772-1001\...\Run: [Akamai NetSession Interface] => C:\Users\Dominik\AppData\Local\Akamai\netsession_win.exe [4673432 2014-10-29] (Akamai Technologies, Inc.)
HKU\S-1-5-18\...\RunOnce: [SPReview] => C:\Windows\System32\SPReview\SPReview.exe [280576 2013-03-21] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll (AVAST Software)
BootExecute: autocheck autochk * sdnclean.exe
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKU\S-1-5-21-3362981809-2306697286-120240772-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-3362981809-2306697286-120240772-1001\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1
FireFox:
========
FF ProfilePath: C:\Users\Dominik\AppData\Roaming\Mozilla\Firefox\Profiles\51dpc675.default
FF Homepage: https://www.facebook.com/
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_16_0_0_257.dll ()
FF Plugin: @java.com/DTPlugin,version=10.65.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.65.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @nvidia.com/3DVision -> C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin: @nvidia.com/3DVisionStreaming -> C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin: @pandonetworks.com/PandoWebPlugin -> C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll No File
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @videolan.org/vlc,version=2.0.8 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-3362981809-2306697286-120240772-1001: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Dominik\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF Plugin HKU\S-1-5-21-3362981809-2306697286-120240772-1001: pandonetworks.com/PandoWebPlugin -> C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll No File
FF Plugin HKU\S-1-5-21-3362981809-2306697286-120240772-1001: ubisoft.com/uplaypc -> C:\Program Files\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll ()
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npwachk.dll (Nullsoft, Inc.)
FF SearchPlugin: C:\Users\Dominik\AppData\Roaming\Mozilla\Firefox\Profiles\51dpc675.default\searchplugins\amazon-deu.xml
FF SearchPlugin: C:\Users\Dominik\AppData\Roaming\Mozilla\Firefox\Profiles\51dpc675.default\searchplugins\proxerme.xml
FF SearchPlugin: C:\Users\Dominik\AppData\Roaming\Mozilla\Firefox\Profiles\51dpc675.default\searchplugins\youtube-videosuche.xml
FF Extension: FT DeepDark - C:\Users\Dominik\AppData\Roaming\Mozilla\Firefox\Profiles\51dpc675.default\Extensions\{77d2ed30-4cd2-11e0-b8af-0800200c9a66} [2015-01-03]
FF Extension: Bluhell Firewall - C:\Users\Dominik\AppData\Roaming\Mozilla\Firefox\Profiles\51dpc675.default\Extensions\{6BB5760D-F97E-421B-AF5B-8457A90C3CED}.xpi [2013-12-14]
FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2012-12-31]
Chrome:
=======
CHR HomePage: Default -> hxxp://www.google.com/
CHR Plugin: (Shockwave Flash) - F:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\21.0.1180.83\PepperFlash\pepflashplayer.dll No File
CHR Plugin: (Shockwave Flash) - C:\Program Files\Google\Chrome\Application\38.0.2125.104\gcswf32.dll No File
CHR Plugin: (Shockwave Flash) - F:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_3_300_271.dll No File
CHR Plugin: (Remoting Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files\Google\Chrome\Application\38.0.2125.104\ppGoogleNaClPluginChrome.dll No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files\Google\Chrome\Application\38.0.2125.104\pdf.dll No File
CHR Plugin: (Wajam) - F:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jpmbfleldcgkldadpdinhjjopdfpjfjp\1.24_0\plugins/PriamNPAPI.dll No File
CHR Plugin: (Adobe Acrobat) - F:\Program Files\Adobe\Reader 8.0\Reader\Browser\nppdf32.dll No File
CHR Plugin: (Java Deployment Toolkit 6.0.170.4) - F:\Program Files\Mozilla Firefox\plugins\npdeploytk.dll No File
CHR Plugin: (2007 Microsoft Office system) - F:\Program Files\Mozilla Firefox\plugins\NPOFF12.DLL No File
CHR Plugin: (QuickTime Plug-in 7.7.1) - F:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll No File
CHR Plugin: (QuickTime Plug-in 7.7.1) - F:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll No File
CHR Plugin: (QuickTime Plug-in 7.7.1) - F:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll No File
CHR Plugin: (QuickTime Plug-in 7.7.1) - F:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll No File
CHR Plugin: (QuickTime Plug-in 7.7.1) - F:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll No File
CHR Plugin: (QuickTime Plug-in 7.7.1) - F:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll No File
CHR Plugin: (QuickTime Plug-in 7.7.1) - F:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll No File
CHR Plugin: (Winamp Application Detector) - F:\Program Files\Mozilla Firefox\plugins\npwachk.dll No File
CHR Plugin: (Microsoft® DRM) - F:\Program Files\Windows Media Player\npdrmv2.dll No File
CHR Plugin: (Microsoft® DRM) - F:\Program Files\Windows Media Player\npwmsdrm.dll No File
CHR Plugin: (Windows Media Player Plug-in Dynamic Link Library) - F:\Program Files\Windows Media Player\npdsplay.dll No File
CHR Plugin: (Google Update) - F:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Update\1.3.21.115\npGoogleUpdate3.dll No File
CHR Plugin: (Google Earth Plugin) - F:\Program Files\Google\Google Earth\plugin\npgeplugin.dll No File
CHR Plugin: (Panda ActiveScan 2.0) - F:\Program Files\Panda Security\ActiveScan 2.0\npwrapper.dll No File
CHR Plugin: (iTunes Application Detector) - F:\Program Files\iTunes\Mozilla Plugins\npitunes.dll No File
CHR Plugin: (Ma-Config.com plugin) - F:\Program Files\ma-config.com\nphardwaredetection.dll No File
CHR Plugin: (Silverlight Plug-In) - f:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll No File
CHR Profile: C:\Users\Dominik\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Dominik\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-10-17]
CHR Extension: (Google Wallet) - C:\Users\Dominik\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-01-26]
CHR HKLM\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2015-01-09]
========================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2015-01-09] (AVAST Software)
R3 AvastVBoxSvc; C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe [3192344 2015-01-09] (Avast Software)
S3 EasyAntiCheat; C:\Windows\system32\EasyAntiCheat.exe [93048 2014-06-16] (EasyAntiCheat Ltd)
R2 Fabs; C:\Program Files\Common Files\MAGIX Services\Database\bin\FABS.exe [1840128 2011-05-24] (MAGIX AG) [File not signed]
S3 FirebirdServerMAGIXInstance; C:\Program Files\Common Files\MAGIX Services\Database\bin\fbserver.exe [2702848 2011-04-26] (MAGIX®) [File not signed]
R2 ForceWare Intelligent Application Manager (IAM); C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe [370792 2010-01-21] ()
R2 Hamachi2Svc; C:\Program Files\LogMeIn Hamachi\hamachi-2.exe [1895760 2014-12-13] (LogMeIn Inc.)
R2 LMIGuardianSvc; C:\Program Files\LogMeIn Hamachi\LMIGuardianSvc.exe [411920 2014-12-02] (LogMeIn, Inc.)
R2 MBAMScheduler; C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2014-11-21] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [969016 2014-11-21] (Malwarebytes Corporation)
R2 nSvcIp; C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe [167528 2010-01-21] ()
R2 NvNetworkService; C:\Program Files\NVIDIA Corporation\NetService\NvNetworkService.exe [1617696 2014-04-30] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [19702048 2014-04-30] (NVIDIA Corporation)
S3 OverwolfUpdater; C:\Program Files\Overwolf\OverwolfUpdater.exe [998640 2014-12-29] (Overwolf LTD)
R2 SDScannerService; C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe [1738168 2014-06-24] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe [2088408 2014-06-27] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2014-04-25] (Safer-Networking Ltd.)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2013-05-27] (Microsoft Corporation)
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [24184 2015-01-09] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [70384 2015-01-09] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [81768 2015-01-09] (AVAST Software)
R0 aswRvrt; C:\Windows\system32\Drivers\aswRvrt.sys [49944 2015-01-09] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [787800 2015-01-09] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [423784 2015-01-09] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [91496 2015-01-09] (AVAST Software)
R0 aswVmm; C:\Windows\system32\Drivers\aswVmm.sys [206248 2015-01-09] ()
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [242240 2013-05-04] (DT Soft Ltd)
R3 EuMusDesignVirtualAudioCableWdm; C:\Windows\System32\DRIVERS\vrtaucbl.sys [50728 2013-06-25] (Eugene V. Muzychenko)
R3 hamachi; C:\Windows\System32\DRIVERS\hamachi.sys [26176 2009-03-18] (LogMeIn, Inc.)
R3 LGBusEnum; C:\Windows\System32\drivers\LGBusEnum.sys [19720 2009-11-24] (Logitech Inc.)
R3 LGSHidFilt; C:\Windows\System32\DRIVERS\LGSHidFilt.Sys [39960 2013-05-30] (Logitech Inc.)
R3 LGVirHid; C:\Windows\System32\drivers\LGVirHid.sys [14856 2009-11-24] (Logitech Inc.)
R3 MarvinBus; C:\Windows\System32\DRIVERS\MarvinBus.sys [171520 2005-09-23] (Pinnacle Systems GmbH)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [23256 2014-11-21] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [114904 2015-01-16] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [51928 2014-11-21] (Malwarebytes Corporation)
S3 MotioninJoyXFilter; C:\Windows\System32\DRIVERS\MijXfilt.sys [99400 2012-05-12] (MotioninJoy)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [17240 2014-04-30] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad32v.sys [34080 2014-03-31] (NVIDIA Corporation)
S3 SNPSTD3; C:\Windows\System32\DRIVERS\snpstd3.sys [10252544 2007-03-27] (Sonix Co. Ltd.)
R2 VBoxAswDrv; C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [218192 2015-01-09] (Avast Software)
S3 WISTechVIDCAP; C:\Windows\System32\drivers\wisgostrm.sys [226816 2006-11-03] (Pinnacle Systems)
U5 AppMgmt; C:\Windows\system32\svchost.exe [20992 2009-07-14] (Microsoft Corporation)
S3 catchme; \??\C:\Users\Dominik\AppData\Local\Temp\catchme.sys [X]
S3 musbehco; \??\C:\Users\Dominik\AppData\Local\Temp\musbehco.sys [X]
S3 pmem; \??\C:\Users\Dominik\AppData\Local\Temp\_MEI55962\drivers\winpmem32.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-01-16 19:06 - 2015-01-16 19:06 - 00000000 ____D () C:\Users\Dominik\Desktop\FRST-OlderVersion
2015-01-16 17:49 - 2015-01-16 17:49 - 00000197 _____ () C:\Windows\system32\2015-01-16-16-49-56.066-AvastVBoxSVC.exe-3504.log
2015-01-16 17:45 - 2015-01-16 17:45 - 00000286 _____ () C:\Users\Dominik\Desktop\Neues Textdokument (3).txt
2015-01-16 17:35 - 2015-01-16 17:35 - 00000992 _____ () C:\Users\Dominik\Desktop\JRT.txt
2015-01-16 17:33 - 2015-01-16 17:33 - 00000000 ____D () C:\Windows\ERUNT
2015-01-16 17:32 - 2015-01-16 17:32 - 01707939 _____ (Thisisu) C:\Users\Dominik\Desktop\JRT.exe
2015-01-16 17:26 - 2015-01-16 17:26 - 00000197 _____ () C:\Windows\system32\2015-01-16-16-26-02.025-AvastVBoxSVC.exe-3908.log
2015-01-16 17:21 - 2015-01-16 17:21 - 00000197 _____ () C:\Windows\system32\2015-01-16-16-21-57.030-AvastVBoxSVC.exe-2964.log
2015-01-16 17:10 - 2015-01-16 17:10 - 00000197 _____ () C:\Windows\system32\2015-01-16-16-10-20.087-AvastVBoxSVC.exe-4084.log
2015-01-16 17:00 - 2015-01-16 17:00 - 00000197 _____ () C:\Windows\system32\2015-01-16-16-00-02.052-AvastVBoxSVC.exe-3696.log
2015-01-16 14:45 - 2015-01-16 14:45 - 00000197 _____ () C:\Windows\system32\2015-01-16-13-45-27.090-AvastVBoxSVC.exe-3408.log
2015-01-15 20:17 - 2015-01-15 20:17 - 00000197 _____ () C:\Windows\system32\2015-01-15-19-17-41.019-AvastVBoxSVC.exe-3828.log
2015-01-15 20:12 - 2015-01-15 20:13 - 00000247 _____ () C:\Windows\system32\2015-01-15-19-12-59.029-aswFe.exe-4604.log
2015-01-15 20:08 - 2015-01-15 20:12 - 00000247 _____ () C:\Windows\system32\2015-01-15-19-08-04.058-aswFe.exe-5008.log
2015-01-15 20:02 - 2015-01-15 20:03 - 02191360 _____ () C:\Users\Dominik\Desktop\AdwCleaner_4.107.exe
2015-01-15 19:59 - 2015-01-15 19:59 - 00023039 _____ () C:\Users\Dominik\Desktop\mbam.txt
2015-01-15 19:06 - 2015-01-15 19:06 - 00001060 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-01-15 19:06 - 2015-01-15 19:06 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-01-15 19:06 - 2015-01-15 19:06 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware
2015-01-15 19:06 - 2014-11-21 06:14 - 00051928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-01-15 19:06 - 2014-11-21 06:14 - 00023256 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-01-15 18:59 - 2015-01-15 19:00 - 20447072 _____ (Malwarebytes Corporation ) C:\Users\Dominik\Desktop\mbam-setup-2.0.4.1028.exe
2015-01-15 18:56 - 2015-01-15 18:56 - 00000197 _____ () C:\Windows\system32\2015-01-15-17-56-39.075-AvastVBoxSVC.exe-2692.log
2015-01-15 18:07 - 2015-01-15 18:07 - 00017812 _____ () C:\ComboFix.txt
2015-01-15 17:44 - 2011-06-26 07:45 - 00256000 _____ () C:\Windows\PEV.exe
2015-01-15 17:44 - 2010-11-07 18:20 - 00208896 _____ () C:\Windows\MBR.exe
2015-01-15 17:44 - 2009-04-20 05:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2015-01-15 17:44 - 2000-08-31 01:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2015-01-15 17:44 - 2000-08-31 01:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2015-01-15 17:44 - 2000-08-31 01:00 - 00098816 _____ () C:\Windows\sed.exe
2015-01-15 17:44 - 2000-08-31 01:00 - 00080412 _____ () C:\Windows\grep.exe
2015-01-15 17:44 - 2000-08-31 01:00 - 00068096 _____ () C:\Windows\zip.exe
2015-01-15 17:35 - 2015-01-15 18:07 - 00000000 ____D () C:\Qoobox
2015-01-15 17:34 - 2015-01-15 18:05 - 00000000 ____D () C:\Windows\erdnt
2015-01-15 17:32 - 2015-01-15 17:32 - 05609736 ____R (Swearware) C:\Users\Dominik\Desktop\ComboFix.exe
2015-01-15 17:28 - 2015-01-15 17:28 - 00000197 _____ () C:\Windows\system32\2015-01-15-16-28-45.010-AvastVBoxSVC.exe-3576.log
2015-01-15 16:16 - 2015-01-15 16:19 - 00102593 _____ () C:\Users\Dominik\Desktop\Neues Textdokument (2).txt
2015-01-15 16:09 - 2015-01-15 16:10 - 04187592 _____ (Kaspersky Lab ZAO) C:\Users\Dominik\Desktop\tdsskiller.exe
2015-01-14 21:36 - 2015-01-14 21:36 - 00000197 _____ () C:\Windows\system32\2015-01-14-20-36-18.044-AvastVBoxSVC.exe-3592.log
2015-01-14 21:17 - 2015-01-14 21:17 - 00000000 ____H () C:\Users\Dominik\Documents\Default.rdp
2015-01-14 20:32 - 2015-01-15 19:06 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-01-14 20:31 - 2015-01-16 18:08 - 00114904 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-01-14 20:31 - 2015-01-15 17:25 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2015-01-14 20:29 - 2014-11-21 06:14 - 00075480 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-01-14 20:28 - 2015-01-15 16:11 - 00000000 ____D () C:\Users\Dominik\Desktop\mbar
2015-01-14 20:26 - 2015-01-14 20:27 - 16448208 _____ (Malwarebytes Corp.) C:\Users\Dominik\Desktop\mbar-1.08.2.1001.exe
2015-01-14 20:21 - 2015-01-14 20:21 - 00000197 _____ () C:\Windows\system32\2015-01-14-19-21-53.063-AvastVBoxSVC.exe-3692.log
2015-01-14 20:03 - 2015-01-14 20:03 - 00001222 _____ () C:\Users\Dominik\Desktop\Revo Uninstaller.lnk
2015-01-14 20:03 - 2015-01-14 20:03 - 00000000 ____D () C:\Program Files\VS Revo Group
2015-01-14 20:00 - 2015-01-14 20:00 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\Dominik\Desktop\revosetup95.exe
2015-01-14 19:54 - 2015-01-14 19:54 - 00000197 _____ () C:\Windows\system32\2015-01-14-18-54-07.069-AvastVBoxSVC.exe-3156.log
2015-01-14 19:19 - 2015-01-14 19:19 - 00000197 _____ () C:\Windows\system32\2015-01-14-18-19-08.073-AvastVBoxSVC.exe-3128.log
2015-01-14 18:43 - 2015-01-14 18:43 - 00008989 _____ () C:\Users\Dominik\Desktop\gmer.log
2015-01-14 18:11 - 2015-01-14 18:13 - 00039072 _____ () C:\Users\Dominik\Desktop\Addition.txt
2015-01-14 18:06 - 2015-01-16 19:06 - 00018761 _____ () C:\Users\Dominik\Desktop\FRST.txt
2015-01-14 18:06 - 2015-01-16 19:06 - 00000000 ____D () C:\FRST
2015-01-14 18:04 - 2015-01-14 18:05 - 00000476 _____ () C:\Users\Dominik\Desktop\defogger_disable.log
2015-01-14 18:04 - 2015-01-14 18:04 - 00000000 _____ () C:\Users\Dominik\defogger_reenable
2015-01-14 17:52 - 2015-01-16 19:06 - 01116672 _____ (Farbar) C:\Users\Dominik\Desktop\FRST.exe
2015-01-14 17:52 - 2015-01-14 17:52 - 00050477 _____ () C:\Users\Dominik\Desktop\Defogger.exe
2015-01-14 17:50 - 2015-01-14 17:50 - 00380416 _____ () C:\Users\Dominik\Desktop\rz1b2ley.exe
2015-01-14 16:58 - 2014-12-12 06:11 - 03971512 _____ (Microsoft Corporation) C:\Windows\system32\ntkrnlpa.exe
2015-01-14 16:58 - 2014-12-12 06:11 - 03916728 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-01-14 16:57 - 2014-12-19 03:43 - 00164864 _____ (Microsoft Corporation) C:\Windows\system32\profsvc.dll
2015-01-14 16:57 - 2014-12-19 02:34 - 00116224 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys
2015-01-14 16:57 - 2014-12-11 18:47 - 00046592 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe
2015-01-14 16:57 - 2014-12-06 04:50 - 00242688 _____ (Microsoft Corporation) C:\Windows\system32\nlasvc.dll
2015-01-14 16:27 - 2015-01-14 16:27 - 00000197 _____ () C:\Windows\system32\2015-01-14-15-27-18.023-AvastVBoxSVC.exe-3216.log
2015-01-13 22:35 - 2015-01-13 22:35 - 280280668 ____N () C:\Windows\MEMORY.DMP
2015-01-13 22:35 - 2015-01-13 22:35 - 00160160 _____ () C:\Windows\Minidump\011315-31875-01.dmp
2015-01-13 15:54 - 2015-01-13 15:54 - 00000197 _____ () C:\Windows\system32\2015-01-13-14-54-55.027-AvastVBoxSVC.exe-792.log
2015-01-13 13:57 - 2015-01-13 13:57 - 00000197 _____ () C:\Windows\system32\2015-01-13-12-57-17.013-AvastVBoxSVC.exe-5424.log
2015-01-13 12:57 - 2015-01-15 18:20 - 00000112 _____ () C:\ProgramData\q485uB3.dat
2015-01-13 12:52 - 2015-01-13 12:53 - 00000197 _____ () C:\Windows\system32\2015-01-13-11-52-33.019-AvastVBoxSVC.exe-3616.log
2015-01-12 13:31 - 2015-01-12 13:32 - 00000197 _____ () C:\Windows\system32\2015-01-12-12-31-33.000-AvastVBoxSVC.exe-3368.log
2015-01-11 15:25 - 2015-01-11 15:25 - 00000197 _____ () C:\Windows\system32\2015-01-11-14-25-05.016-AvastVBoxSVC.exe-3124.log
2015-01-11 13:45 - 2015-01-11 13:45 - 00000197 _____ () C:\Windows\system32\2015-01-11-12-45-48.064-AvastVBoxSVC.exe-3404.log
2015-01-11 13:08 - 2015-01-11 13:08 - 00000197 _____ () C:\Windows\system32\2015-01-11-12-08-40.050-AvastVBoxSVC.exe-3532.log
2015-01-11 12:54 - 2009-06-10 22:39 - 00000824 _____ () C:\Windows\system32\Drivers\etc\hosts.20150111-125459.backup
2015-01-11 12:20 - 2015-01-11 12:20 - 00000197 _____ () C:\Windows\system32\2015-01-11-11-20-40.098-AvastVBoxSVC.exe-3528.log
2015-01-11 12:14 - 2015-01-11 12:14 - 00000000 ____D () C:\Users\Dominik\Documents\ProcAlyzer Dumps
2015-01-11 11:28 - 2015-01-11 12:24 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2015-01-11 11:28 - 2015-01-11 11:30 - 00000000 ____D () C:\Program Files\Spybot - Search & Destroy 2
2015-01-11 11:28 - 2015-01-11 11:28 - 00002131 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk
2015-01-11 11:28 - 2015-01-11 11:28 - 00002119 _____ () C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
2015-01-11 11:28 - 2015-01-11 11:28 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2
2015-01-11 11:28 - 2013-09-20 10:49 - 00018968 _____ (Safer Networking Limited) C:\Windows\system32\sdnclean.exe
2015-01-11 11:26 - 2015-01-11 11:27 - 46525608 _____ (Safer-Networking Ltd. ) C:\Users\Dominik\Downloads\spybot-2.4.exe
2015-01-11 10:46 - 2015-01-11 10:47 - 00000197 _____ () C:\Windows\system32\2015-01-11-09-46-54.007-AvastVBoxSVC.exe-3012.log
2015-01-10 13:58 - 2015-01-10 13:58 - 00000197 _____ () C:\Windows\system32\2015-01-10-12-58-28.073-AvastVBoxSVC.exe-3244.log
2015-01-09 23:36 - 2015-01-09 23:37 - 00000247 _____ () C:\Windows\system32\2015-01-09-22-36-57.044-aswFe.exe-6088.log
2015-01-09 23:30 - 2015-01-09 23:36 - 00000247 _____ () C:\Windows\system32\2015-01-09-22-30-18.010-aswFe.exe-4644.log
2015-01-09 23:18 - 2015-01-09 23:18 - 00000000 ____D () C:\Windows\system32\vbox
2015-01-09 23:14 - 2015-01-09 23:14 - 00000000 ____D () C:\Users\Dominik\AppData\Roaming\AVAST Software
2015-01-09 23:09 - 2015-01-09 23:09 - 00002045 _____ () C:\Users\Public\Desktop\Avast Free Antivirus.lnk
2015-01-09 23:08 - 2015-01-09 23:08 - 00291352 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2015-01-09 23:08 - 2015-01-09 23:08 - 00091496 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys
2015-01-09 23:08 - 2015-01-09 23:08 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr
2015-01-09 23:08 - 2015-01-09 23:08 - 00024184 _____ () C:\Windows\system32\Drivers\aswHwid.sys
2015-01-09 22:27 - 2015-01-09 22:27 - 00000000 ____D () C:\Users\Default\AppData\Roaming\Adobe
2015-01-09 22:27 - 2015-01-09 22:27 - 00000000 ____D () C:\Users\Default User\AppData\Roaming\Adobe
2015-01-08 22:02 - 2015-01-08 22:02 - 00087712 _____ () C:\Users\Dominik\Downloads\GLottery-V2.1.8_Beta.zip
2015-01-08 21:59 - 2015-01-08 21:59 - 00451723 _____ () C:\Users\Dominik\Downloads\totalRP3_build_9.zip
2015-01-08 21:58 - 2015-01-08 21:58 - 00073807 _____ () C:\Users\Dominik\Downloads\MyRolePlay_6.0.0.400.zip
2015-01-08 21:57 - 2015-01-08 21:57 - 01327418 _____ () C:\Users\Dominik\Downloads\Outfitter_5.10b8.zip
2015-01-08 21:51 - 2015-01-08 21:51 - 03841803 _____ () C:\Users\Dominik\Downloads\AuctioneerSuite-5.21c.5521.zip
2014-12-24 00:53 - 2014-12-24 00:55 - 00000000 ____D () C:\Users\Dominik\Desktop\Mc Server
2014-12-18 19:27 - 2014-12-19 12:59 - 00000000 ____D () C:\Program Files\Mozilla Thunderbird
2014-12-18 15:50 - 2014-12-13 04:33 - 00115712 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-01-16 18:40 - 2014-01-26 21:50 - 00001098 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-01-16 18:19 - 2012-12-31 22:24 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-01-16 17:56 - 2009-07-14 05:34 - 00024064 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-01-16 17:56 - 2009-07-14 05:34 - 00024064 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-01-16 17:48 - 2014-01-26 21:50 - 00001094 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-01-16 17:48 - 2014-01-18 03:11 - 00000000 ____D () C:\Users\Dominik\AppData\Local\LogMeIn Hamachi
2015-01-16 17:47 - 2013-09-15 08:58 - 00000000 ____D () C:\ProgramData\NVIDIA
2015-01-16 17:47 - 2009-07-14 05:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-01-16 17:47 - 2009-07-14 05:39 - 00216466 _____ () C:\Windows\setupact.log
2015-01-16 17:46 - 2012-12-31 16:02 - 01103008 _____ () C:\Windows\WindowsUpdate.log
2015-01-15 20:14 - 2013-01-01 13:03 - 00446222 _____ () C:\Windows\PFRO.log
2015-01-15 20:13 - 2014-04-30 19:24 - 00000000 ____D () C:\AdwCleaner
2015-01-15 19:53 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\security
2015-01-15 18:07 - 2009-07-14 03:37 - 00000000 __RHD () C:\Users\Default
2015-01-15 18:07 - 2009-07-14 03:37 - 00000000 ___RD () C:\Users\Public
2015-01-15 18:04 - 2009-07-14 03:04 - 00000215 _____ () C:\Windows\system.ini
2015-01-14 21:33 - 2009-07-14 03:37 - 00000000 __RSD () C:\Windows\Media
2015-01-14 18:04 - 2012-12-31 16:03 - 00000000 ____D () C:\Users\Dominik
2015-01-14 17:17 - 2014-11-27 19:51 - 00000000 ____D () C:\Users\Dominik\AppData\Local\Battle.net
2015-01-14 17:17 - 2013-01-02 21:58 - 00000000 ____D () C:\Users\Dominik\AppData\Roaming\TS3Client
2015-01-13 22:35 - 2013-01-28 01:50 - 00000000 ____D () C:\Windows\Minidump
2015-01-13 22:19 - 2012-12-31 22:24 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2015-01-13 22:19 - 2012-12-31 22:24 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2015-01-11 18:18 - 2013-01-06 04:15 - 00000000 ____D () C:\Users\Dominik\Desktop\Editoren und Player
2015-01-10 01:08 - 2013-11-03 13:53 - 00000000 ____D () C:\Users\Dominik\AppData\Roaming\OBS
2015-01-09 23:39 - 2012-12-31 22:22 - 00787800 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsnx.sys
2015-01-09 23:39 - 2012-12-31 22:22 - 00423784 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsp.sys
2015-01-09 23:08 - 2013-06-03 08:43 - 00206248 _____ () C:\Windows\system32\Drivers\aswVmm.sys
2015-01-09 23:08 - 2013-06-03 08:43 - 00049944 _____ () C:\Windows\system32\Drivers\aswRvrt.sys
2015-01-09 23:08 - 2012-12-31 22:22 - 00081768 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2015-01-09 23:08 - 2012-12-31 22:22 - 00070384 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2015-01-09 23:05 - 2012-12-31 22:21 - 00000000 ____D () C:\ProgramData\AVAST Software
2015-01-09 23:04 - 2009-07-14 03:04 - 00002577 _____ () C:\Windows\system32\config.nt
2015-01-09 22:36 - 2012-12-31 16:04 - 01620612 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-01-09 22:26 - 2014-08-30 15:10 - 00000000 ____D () C:\ProgramData\Package Cache
2015-01-09 15:11 - 2013-01-03 20:56 - 00000000 ____D () C:\Program Files\Steam
2015-01-08 09:55 - 2012-12-31 16:17 - 00249488 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2015-01-08 00:54 - 2013-02-12 11:24 - 00000000 ____D () C:\Users\Dominik\Desktop\Musik
2015-01-05 03:09 - 2014-06-03 15:08 - 00000000 ____D () C:\Program Files\Common Files\Overwolf
2015-01-05 03:09 - 2014-05-25 19:53 - 00000000 ____D () C:\Program Files\Overwolf
2014-12-29 00:26 - 2013-01-02 22:25 - 00000000 ____D () C:\Users\Dominik\AppData\Roaming\.minecraft
2014-12-28 14:29 - 2013-01-04 23:37 - 00000000 ____D () C:\Users\Dominik\AppData\Roaming\vlc
2014-12-27 22:28 - 2013-01-03 04:28 - 00000000 ____D () C:\Program Files\Warcraft III
2014-12-25 13:00 - 2013-01-13 20:05 - 00000000 ____D () C:\Users\Dominik\Desktop\Spiele
2014-12-23 14:54 - 2013-01-06 04:15 - 00000000 ____D () C:\Users\Dominik\Desktop\Internet
2014-12-22 00:39 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\Cursors
2014-12-19 17:44 - 2013-01-13 18:52 - 00000000 ____D () C:\Users\Dominik\AppData\Local\Thunderbird
2014-12-19 12:59 - 2012-12-31 16:07 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
Files to move or delete:
====================
C:\ProgramData\q485uB3.dat
Some content of TEMP:
====================
C:\Users\Dominik\AppData\Local\Temp\Quarantine.exe
C:\Users\Dominik\AppData\Local\Temp\sqlite3.dll
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2015-01-07 19:22
==================== End Of Log ============================ --- --- ---
--- --- --- |