Dennis_89 | 29.10.2013 15:19 | FRST Logfile:
FRST Logfile:
FRST Logfile:
FRST Logfile: Code:
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 28-10-2013
Ran by SYSTEM on MININT-GC7GU8A on 29-10-2013 13:35:40
Running from I:\
Windows 7 Ultimate (X86) OS Language: English(US)
Internet Explorer Version 10
Boot Mode: Recovery
The current controlset is ControlSet001 ATTENTION!:=====> If the system is bootable FRST could be run from normal or Safe mode to create a complete log.
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [Samsung PanelMgr] - C:\Windows\Samsung\PanelMgr\SSMMgr.exe [614400 2009-08-14] ()
HKLM\...\Run: [Logitech Download Assistant] - C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
HKLM\...\Run: [Launch LCore] - C:\Program Files\Logitech Gaming Software\LCore.exe [5529328 2013-02-27] (Logitech Inc.)
HKLM\...\Run: [EvtMgr6] - C:\Program Files\Logitech\SetPointP\SetPoint.exe [1851192 2012-11-04] (Logitech, Inc.)
HKLM\...\Run: [APSDaemon] - C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
HKLM\...\Run: [iTunesHelper] - C:\Program Files\iTunes\iTunesHelper.exe [152392 2013-05-15] (Apple Inc.)
HKLM\...\Run: [Adobe ARM] - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-05-11] (Adobe Systems Incorporated)
Winlogon\Notify\LBTWlgn: C:\Program Files\Common Files\LogiShrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.)
HKU\Haus\...\Run: [TBPanel] - C:\Program Files\Vtune\TBPANEL.exe [ 2011-08-02] ()
HKU\Haus\...\Winlogon: [Shell] explorer.exe,C:\Users\Haus\AppData\Roaming\cache.dat [ 2013-10-29] () <==== ATTENTION
Startup: C:\Users\Doreen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk
ShortcutTarget: OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk -> C:\Program Files\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation)
Startup: C:\Users\Haus\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CurseClientStartup.ccip ()
========================== Services (Whitelisted) =================
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.130\McCHSvc.exe [235216 2013-09-06] (McAfee, Inc.)
S2 NitroReaderDriverReadSpool3; C:\Program Files\Nitro\Reader 3\NitroPDFReaderDriverService3.exe [196624 2013-01-14] (Nitro PDF Software)
S3 SandraAgentSrv; C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2013.SP1\RpcAgentSrv.exe [68760 2008-12-27] (SiSoftware)
==================== Drivers (Whitelisted) ====================
S2 DgiVecp; C:\Windows\system32\Drivers\DgiVecp.sys [38400 2009-02-16] (Samsung Electronics Co., Ltd.)
S3 LachesisFltr; C:\Windows\System32\drivers\Lachesis.sys [12032 2007-08-08] (Razer (Asia-Pacific) Pte Ltd)
S3 LEqdUsb; C:\Windows\System32\Drivers\LEqdUsb.Sys [43704 2012-09-18] (Logitech, Inc.)
S3 LGBusEnum; C:\Windows\System32\drivers\LGBusEnum.sys [19720 2009-11-23] (Logitech Inc.)
S3 LGVirHid; C:\Windows\System32\drivers\LGVirHid.sys [14856 2009-11-23] (Logitech Inc.)
S3 LHidEqd; C:\Windows\System32\Drivers\LHidEqd.Sys [12216 2012-09-18] (Logitech, Inc.)
S3 netr28u; C:\Windows\System32\DRIVERS\netr28u.sys [734208 2009-05-25] (Ralink Technology Corp.)
S3 Ph3xIB32; C:\Windows\System32\DRIVERS\Ph3xIB32.sys [1311232 2009-07-13] (NXP Semiconductors)
S3 SANDRA; C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2013.SP1\WNt500x86\Sandra.sys [23112 2009-08-07] (SiSoftware)
S2 SSPORT; C:\Windows\system32\Drivers\SSPORT.sys [5120 2009-08-02] (Samsung Electronics)
S3 TBPanel; C:\Windows\System32\Drivers\TBPanel.sys [12256 2007-03-16] (Windows (R) 2000 DDK provider)
S3 XUIF; C:\Windows\System32\Drivers\x10ufx2.sys [27416 2006-11-30] (X10 Wireless Technology, Inc.)
S3 esgiguard; \??\C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [x]
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [x]
S3 tsusbhub; system32\drivers\tsusbhub.sys [x]
S3 VGPU; System32\drivers\rdvgkmd.sys [x]
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2013-10-29 04:44 - 2013-10-29 04:44 - 00078336 ____R C:\Users\Haus\AppData\Roaming\cache.dat
2013-10-29 03:52 - 2013-10-29 03:52 - 00000000 ____D C:\Users\Doreen\AppData\Local\Google
2013-10-29 03:52 - 2013-10-29 03:05 - 00018213 _____ C:\Users\Haus\Desktop\FRST.txt
2013-10-29 03:52 - 2013-10-29 03:04 - 01089183 _____ (Farbar) C:\Users\Haus\Desktop\FRST.exe
2013-10-29 03:42 - 2013-10-29 03:53 - 00000000 ____D C:\AdwCleaner
2013-10-29 03:42 - 2013-10-29 03:41 - 00460552 _____ C:\Users\Doreen\Downloads\AdwCleaner_Setup_Download(1).exe
2013-10-29 03:40 - 2013-10-29 03:51 - 00000132 _____ C:\Users\Doreen\Desktop\Amazon.url
2013-10-29 03:40 - 2013-10-29 03:40 - 00000000 ____D C:\Program Files\WinSecurity
2013-10-29 03:39 - 2013-10-29 03:39 - 00460552 _____ C:\Users\Doreen\Downloads\AdwCleaner_Setup_Download.exe
2013-10-29 03:21 - 2013-10-29 03:21 - 00002244 _____ C:\Users\Haus\Desktop\SpyHunter (2).lnk
2013-10-29 03:13 - 2013-10-29 03:48 - 00000000 ____D C:\Windows\0028CB34D5D3460FB308A39A095A5E01.TMP
2013-10-29 03:13 - 2013-10-29 03:13 - 00000000 ____D C:\Program Files\Enigma Software Group
2013-10-29 03:13 - 2013-10-29 03:13 - 00000000 ____D C:\Program Files\Common Files\Wise Installation Wizard
2013-10-29 03:11 - 2013-10-29 03:11 - 00728960 _____ (Enigma Software Group USA, LLC.) C:\Users\Doreen\Downloads\SpyHunter-Installer.exe
2013-10-29 03:05 - 2013-10-29 03:05 - 00021233 _____ C:\Users\Doreen\Downloads\Addition.txt
2013-10-29 03:05 - 2013-10-29 03:05 - 00018213 _____ C:\Users\Doreen\Downloads\FRST.txt
2013-10-29 03:04 - 2013-10-29 03:04 - 01089183 _____ (Farbar) C:\Users\Doreen\Downloads\FRST.exe
2013-10-29 03:04 - 2013-10-29 03:04 - 00000000 ____D C:\FRST
2013-10-29 02:46 - 2013-10-29 03:59 - 00000004 _____ C:\Users\Haus\AppData\Roaming\cache.ini
2013-10-09 17:07 - 2013-09-22 15:28 - 01767936 _____ (Microsoft Corporation) C:\Windows\System32\wininet.dll
2013-10-09 17:07 - 2013-09-22 15:28 - 01141248 _____ (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2013-10-09 17:07 - 2013-09-22 15:28 - 00042496 _____ (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe
2013-10-09 17:07 - 2013-09-22 15:27 - 14335488 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2013-10-09 17:07 - 2013-09-22 15:27 - 13761024 _____ (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2013-10-09 17:07 - 2013-09-22 15:27 - 02876928 _____ (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2013-10-09 17:07 - 2013-09-22 15:27 - 02048512 _____ (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2013-10-09 17:07 - 2013-09-22 15:27 - 00690688 _____ (Microsoft Corporation) C:\Windows\System32\jscript.dll
2013-10-09 17:07 - 2013-09-22 15:27 - 00493056 _____ (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2013-10-09 17:07 - 2013-09-22 15:27 - 00391168 _____ (Microsoft Corporation) C:\Windows\System32\ieui.dll
2013-10-09 17:07 - 2013-09-22 15:27 - 00109056 _____ (Microsoft Corporation) C:\Windows\System32\iesysprep.dll
2013-10-09 17:07 - 2013-09-22 15:27 - 00061440 _____ (Microsoft Corporation) C:\Windows\System32\iesetup.dll
2013-10-09 17:07 - 2013-09-22 15:27 - 00039424 _____ (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2013-10-09 17:07 - 2013-09-22 15:27 - 00033280 _____ (Microsoft Corporation) C:\Windows\System32\iernonce.dll
2013-10-09 17:07 - 2013-09-20 19:30 - 02706432 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2013-10-09 17:07 - 2013-09-20 18:39 - 00071680 _____ (Microsoft Corporation) C:\Windows\System32\RegisterIEPKEYs.exe
2013-10-09 14:45 - 2013-09-13 16:48 - 00338944 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\afd.sys
2013-10-09 14:45 - 2013-09-07 18:07 - 01294272 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\tcpip.sys
2013-10-09 14:45 - 2013-09-07 18:03 - 00231424 _____ (Microsoft Corporation) C:\Windows\System32\mswsock.dll
2013-10-09 14:45 - 2013-08-28 17:51 - 03969472 _____ (Microsoft Corporation) C:\Windows\System32\ntkrnlpa.exe
2013-10-09 14:45 - 2013-08-28 17:51 - 03914176 _____ (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe
2013-10-09 14:45 - 2013-08-28 17:50 - 01289096 _____ (Microsoft Corporation) C:\Windows\System32\ntdll.dll
2013-10-09 14:45 - 2013-08-28 17:50 - 00619520 _____ (Microsoft Corporation) C:\Windows\System32\tdh.dll
2013-10-09 14:45 - 2013-08-28 17:48 - 00640512 _____ (Microsoft Corporation) C:\Windows\System32\advapi32.dll
2013-10-09 14:45 - 2013-08-27 16:57 - 00434688 _____ (Microsoft Corporation) C:\Windows\System32\scavengeui.dll
2013-10-09 14:45 - 2013-07-04 03:50 - 00530432 _____ (Microsoft Corporation) C:\Windows\System32\comctl32.dll
2013-10-09 14:45 - 2013-07-02 20:02 - 00036352 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\usbscan.sys
2013-10-09 14:45 - 2013-07-02 19:36 - 00055808 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\hidclass.sys
2013-10-09 14:45 - 2013-07-02 19:36 - 00025728 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\hidparse.sys
2013-10-09 14:44 - 2013-08-27 17:04 - 02348544 _____ (Microsoft Corporation) C:\Windows\System32\win32k.sys
2013-10-09 14:44 - 2013-08-01 03:03 - 00729024 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\dxgkrnl.sys
2013-10-09 14:44 - 2013-07-20 02:33 - 00102608 _____ (Microsoft Corporation) C:\Windows\System32\PresentationCFFRasterizerNative_v0300.dll
2013-10-09 14:44 - 2013-07-12 02:07 - 00086016 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\usbcir.sys
2013-10-09 14:44 - 2013-07-12 02:07 - 00080896 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\USBAUDIO.sys
2013-10-09 14:44 - 2013-07-04 03:57 - 00205824 _____ (Microsoft Corporation) C:\Windows\System32\WebClnt.dll
2013-10-09 14:44 - 2013-07-04 03:51 - 00081920 _____ (Microsoft Corporation) C:\Windows\System32\davclnt.dll
2013-10-09 14:44 - 2013-07-04 01:48 - 00115712 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\mrxdav.sys
2013-10-09 14:44 - 2013-06-25 14:56 - 00527064 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\Wdf01000.sys
2013-10-09 14:44 - 2013-06-05 20:52 - 00026112 _____ (Microsoft Corporation) C:\Windows\System32\lpk.dll
2013-10-09 14:44 - 2013-06-05 20:51 - 00070656 _____ (Microsoft Corporation) C:\Windows\System32\fontsub.dll
2013-10-09 14:44 - 2013-06-05 20:50 - 00010240 _____ (Microsoft Corporation) C:\Windows\System32\dciman32.dll
2013-10-09 14:44 - 2013-06-05 19:01 - 00295424 _____ (Adobe Systems Incorporated) C:\Windows\System32\atmfd.dll
2013-10-09 14:44 - 2013-06-05 19:01 - 00034304 _____ (Adobe Systems) C:\Windows\System32\atmlib.dll
2013-10-01 08:04 - 2013-10-01 08:04 - 00000000 ____D C:\Program Files\Mozilla Firefox
==================== One Month Modified Files and Folders =======
2013-10-29 04:44 - 2013-10-29 04:44 - 00078336 ____R C:\Users\Haus\AppData\Roaming\cache.dat
2013-10-29 04:31 - 2013-01-18 10:41 - 00000000 ____D C:\ProgramData\NVIDIA
2013-10-29 04:31 - 2009-07-13 20:39 - 00068600 _____ C:\Windows\setupact.log
2013-10-29 04:23 - 2013-01-18 18:39 - 01480999 _____ C:\Windows\WindowsUpdate.log
2013-10-29 04:15 - 2009-07-13 20:34 - 00016944 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-10-29 04:15 - 2009-07-13 20:34 - 00016944 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-10-29 04:12 - 2013-01-18 09:48 - 01498506 _____ C:\Windows\System32\PerfStringBackup.INI
2013-10-29 03:59 - 2013-10-29 02:46 - 00000004 _____ C:\Users\Haus\AppData\Roaming\cache.ini
2013-10-29 03:59 - 2013-02-08 09:03 - 00000000 ____D C:\Users\Haus\AppData\Local\Deployment
2013-10-29 03:53 - 2013-10-29 03:42 - 00000000 ____D C:\AdwCleaner
2013-10-29 03:52 - 2013-10-29 03:52 - 00000000 ____D C:\Users\Doreen\AppData\Local\Google
2013-10-29 03:51 - 2013-10-29 03:40 - 00000132 _____ C:\Users\Doreen\Desktop\Amazon.url
2013-10-29 03:48 - 2013-10-29 03:13 - 00000000 ____D C:\Windows\0028CB34D5D3460FB308A39A095A5E01.TMP
2013-10-29 03:43 - 2013-02-07 10:11 - 00000000 ____D C:\Windows\System32\appmgmt
2013-10-29 03:41 - 2013-10-29 03:42 - 00460552 _____ C:\Users\Doreen\Downloads\AdwCleaner_Setup_Download(1).exe
2013-10-29 03:40 - 2013-10-29 03:40 - 00000000 ____D C:\Program Files\WinSecurity
2013-10-29 03:39 - 2013-10-29 03:39 - 00460552 _____ C:\Users\Doreen\Downloads\AdwCleaner_Setup_Download.exe
2013-10-29 03:21 - 2013-10-29 03:21 - 00002244 _____ C:\Users\Haus\Desktop\SpyHunter (2).lnk
2013-10-29 03:13 - 2013-10-29 03:13 - 00000000 ____D C:\Program Files\Enigma Software Group
2013-10-29 03:13 - 2013-10-29 03:13 - 00000000 ____D C:\Program Files\Common Files\Wise Installation Wizard
2013-10-29 03:11 - 2013-10-29 03:11 - 00728960 _____ (Enigma Software Group USA, LLC.) C:\Users\Doreen\Downloads\SpyHunter-Installer.exe
2013-10-29 03:05 - 2013-10-29 03:52 - 00018213 _____ C:\Users\Haus\Desktop\FRST.txt
2013-10-29 03:05 - 2013-10-29 03:05 - 00021233 _____ C:\Users\Doreen\Downloads\Addition.txt
2013-10-29 03:05 - 2013-10-29 03:05 - 00018213 _____ C:\Users\Doreen\Downloads\FRST.txt
2013-10-29 03:04 - 2013-10-29 03:52 - 01089183 _____ (Farbar) C:\Users\Haus\Desktop\FRST.exe
2013-10-29 03:04 - 2013-10-29 03:04 - 01089183 _____ (Farbar) C:\Users\Doreen\Downloads\FRST.exe
2013-10-29 03:04 - 2013-10-29 03:04 - 00000000 ____D C:\FRST
2013-10-29 02:54 - 2013-07-29 06:35 - 00000000 ____D C:\Users\Doreen\AppData\Local\Mozilla
2013-10-29 02:46 - 2013-09-11 00:24 - 00000000 ____D C:\Users\Haus\AppData\Local\Battle.net
2013-10-28 13:59 - 2013-02-09 12:09 - 00000000 ____D C:\Users\Haus\AppData\Roaming\TS3Client
2013-10-28 02:11 - 2013-01-18 09:40 - 00000000 ____D C:\users\Haus
2013-10-21 13:15 - 2013-09-04 07:01 - 00002012 _____ C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk
2013-10-21 13:15 - 2013-09-04 07:01 - 00000000 ____D C:\Program Files\McAfee Security Scan
2013-10-17 09:19 - 2009-07-13 18:37 - 00000000 ____D C:\Windows\rescache
2013-10-16 04:30 - 2013-09-11 00:23 - 00000000 ____D C:\Program Files\Battle.net
2013-10-10 13:31 - 2009-07-13 18:37 - 00000000 ____D C:\Windows\Microsoft.NET
2013-10-10 01:45 - 2013-07-11 06:31 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2013-10-10 01:45 - 2009-07-13 20:33 - 00409048 _____ C:\Windows\System32\FNTCACHE.DAT
2013-10-09 17:13 - 2009-07-13 18:37 - 00000000 ____D C:\Windows\System32\de-DE
2013-10-09 17:12 - 2013-02-08 10:46 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-10-09 17:11 - 2013-08-14 02:25 - 00000000 ____D C:\Windows\System32\MRT
2013-10-09 17:09 - 2013-01-18 10:32 - 78106760 _____ (Microsoft Corporation) C:\Windows\System32\MRT.exe
2013-10-08 15:17 - 2013-01-19 02:30 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerApp.exe
2013-10-08 15:17 - 2013-01-19 02:30 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerCPLApp.cpl
2013-10-02 04:33 - 2013-01-18 10:24 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service
2013-10-01 12:28 - 2013-01-18 10:24 - 00000000 ____D C:\Users\Haus\AppData\Local\Mozilla
2013-10-01 08:04 - 2013-10-01 08:04 - 00000000 ____D C:\Program Files\Mozilla Firefox
Files to move or delete:
====================
C:\Users\Haus\AppData\Roaming\cache.dat
C:\Users\Haus\AppData\Roaming\cache.ini
Some content of TEMP:
====================
C:\Users\Doreen\AppData\Local\Temp\Quarantine.exe
C:\Users\Doreen\AppData\Local\Temp\SHSetup.exe
C:\Users\Haus\AppData\Local\Temp\install_reader11_de_mssa_aaa_aih.exe
C:\Users\Haus\AppData\Local\Temp\LMkRstPt.exe
C:\Users\Haus\AppData\Local\Temp\nitro_reader3(1).exe
C:\Users\Haus\AppData\Local\Temp\nitro_reader3.exe
C:\Users\Haus\AppData\Local\Temp\nv3DVStreaming.dll
C:\Users\Haus\AppData\Local\Temp\nvSCPAPI.dll
C:\Users\Haus\AppData\Local\Temp\nvStereoApiI.dll
C:\Users\Haus\AppData\Local\Temp\nvStInst.exe
C:\Users\Haus\AppData\Local\Temp\ose00000.exe
==================== Known DLLs (Whitelisted) ============
==================== Bamital & volsnap Check =================
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
==================== EXE ASSOCIATION =====================
HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK
==================== Restore Points =========================
13
Restore point made on: 2013-09-11 16:34:49
Restore point made on: 2013-09-17 04:43:04
Restore point made on: 2013-09-24 13:25:39
Restore point made on: 2013-09-29 05:20:30
Restore point made on: 2013-10-04 03:51:13
Restore point made on: 2013-10-09 14:39:44
Restore point made on: 2013-10-09 17:01:07
Restore point made on: 2013-10-15 07:21:09
Restore point made on: 2013-10-23 01:25:38
Restore point made on: 2013-10-29 01:25:09
Restore point made on: 2013-10-29 03:13:37
Restore point made on: 2013-10-29 03:43:24
Restore point made on: 2013-10-29 03:47:59
==================== Memory info ===========================
Percentage of memory in use: 15%
Total physical RAM: 3198.18 MB
Available physical RAM: 2710.62 MB
Total Pagefile: 3196.45 MB
Available Pagefile: 2715.58 MB
Total Virtual: 2047.88 MB
Available Virtual: 1943.12 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:416.83 GB) (Free:276.56 GB) NTFS
Drive e: () (Fixed) (Total:48.83 GB) (Free:48.74 GB) NTFS
Drive i: (DOREEN) (Removable) (Total:0.94 GB) (Free:0.94 GB) FAT
Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
Drive y: () (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS ==>[System with boot components (obtained from reading drive)]
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 466 GB) (Disk ID: 2BAB359D)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=417 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=49 GB) - (Type=07 NTFS)
========================================================
Disk: 4 (MBR Code: Windows XP) (Size: 968 MB) (Disk ID: C3072E18)
Partition 1: (Active) - (Size=967 MB) - (Type=06)
LastRegBack: 2013-10-28 06:46
==================== End Of Log ============================ --- --- ---
--- --- ---
--- --- ---
--- --- ---
so richtig?
Nachdem ich nun irgendwie wieder zugriff auf den Benutzer habe ihr paar logs ^^ Code:
Malwarebytes Anti-Malware (Test) 1.75.0.1300
www.malwarebytes.org
Datenbank Version: v2013.10.29.06
Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 10.0.9200.16721
Haus :: DENNIS-MEYER [Administrator]
Schutz: Aktiviert
29-Oct-13 2:56:52 PM
mbam-log-2013-10-29 (14-56-52).txt
Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 249544
Laufzeit: 6 Minute(n), 57 Sekunde(n)
Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)
Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)
Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)
Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)
Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)
Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)
Infizierte Dateien: 6
C:\Users\Haus\AppData\Roaming\cache.dat (Trojan.Kelihos.ED) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\$Recycle.Bin\S-1-5-21-2294712060-3132743783-407994791-1004\$RT7XB44.zip (Trojan.Kelihos.ED) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Haus\AppData\Local\Temp\0D_TN7cK.zip.part (Trojan.Kelihos.ED) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Haus\AppData\Local\Temp\NE5Wvsqh.zip.part (Trojan.Kelihos.ED) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Haus\Downloads\iLividSetup.exe (PUP.Optional.Bandoo) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Haus\Downloads\SoftonicDownloader_fuer_vlc-media-player.exe (PUP.Optional.Softonic) -> Erfolgreich gelöscht und in Quarantäne gestellt.
(Ende) AdwCleaner Logfile: Code:
# AdwCleaner v3.010 - Report created 29/10/2013 at 12:53:21
# Updated 20/10/2013 by Xplode
# Operating System : Windows 7 Ultimate Service Pack 1 (32 bits)
# Username : Doreen - DENNIS-MEYER
# Running from : C:\Users\Doreen\AppData\Local\DownloadGuide\adwcleaner.exe
# Option : Clean
***** [ Services ] *****
***** [ Files / Folders ] *****
Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Iminent
Folder Deleted : C:\Program Files\Iminent
Folder Deleted : C:\Program Files\Plus-HD-3.8
Folder Deleted : C:\Program Files\Common Files\Umbrella
Folder Deleted : C:\Users\Doreen\AppData\Local\DownloadGuide
Folder Deleted : C:\Users\Doreen\AppData\Local\Temp\Iminent
Folder Deleted : C:\Users\Doreen\AppData\Local\Temp\CT3317893
Folder Deleted : C:\Users\Doreen\AppData\Roaming\Windows Net Data
Folder Deleted : C:\Users\Doreen\AppData\Roaming\Mozilla\Firefox\Profiles\h93wza6j.default\CT3317893
Folder Deleted : C:\Users\Haus\AppData\Roaming\Mozilla\Firefox\Profiles\7ftt4tsg.default\Extensions\c17236e8-fd66-44bc-aeef-1e00981cbb64@0a4ee0fe-5356-4fd3-b37c-5cd5671a315c.com
Folder Deleted : C:\Users\Doreen\AppData\Roaming\Mozilla\Firefox\Profiles\h93wza6j.default\Extensions\c17236e8-fd66-44bc-aeef-1e00981cbb64@0a4ee0fe-5356-4fd3-b37c-5cd5671a315c.com
Folder Deleted : C:\Users\Doreen\AppData\Roaming\Mozilla\Firefox\Profiles\h93wza6j.default\Extensions\{61f0d019-b016-4d56-9dae-7b7706cd6755}
File Deleted : C:\END
File Deleted : C:\Users\Doreen\AppData\Roaming\Mozilla\Firefox\Profiles\h93wza6j.default\searchplugins\Conduit.xml
File Deleted : C:\Windows\Tasks\Plus-HD-3.8-codedownloader.job
File Deleted : C:\Windows\System32\Tasks\Plus-HD-3.8-codedownloader
File Deleted : C:\Windows\Tasks\Plus-HD-3.8-enabler.job
File Deleted : C:\Windows\System32\Tasks\Plus-HD-3.8-enabler
File Deleted : C:\Windows\Tasks\Plus-HD-3.8-firefoxinstaller.job
File Deleted : C:\Windows\System32\Tasks\Plus-HD-3.8-firefoxinstaller
File Deleted : C:\Windows\Tasks\Plus-HD-3.8-updater.job
File Deleted : C:\Windows\System32\Tasks\Plus-HD-3.8-updater
***** [ Shortcuts ] *****
***** [ Registry ] *****
[#] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Plus-HD-3.8-codedownloader
[#] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{6F3267FF-647C-4929-A7A2-D3A7CD12AB48}
[#] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{6F3267FF-647C-4929-A7A2-D3A7CD12AB48}
[#] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Plus-HD-3.8-enabler
[#] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{4C1A74B0-6462-4927-A02C-FDE9351EC6CD}
[#] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{4C1A74B0-6462-4927-A02C-FDE9351EC6CD}
[#] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Plus-HD-3.8-firefoxinstaller
[#] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{10D784A5-3CFF-4BCB-A3A3-7431BD3AA635}
[#] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{10D784A5-3CFF-4BCB-A3A3-7431BD3AA635}
[#] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Plus-HD-3.8-updater
[#] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E91EEEC5-8BF2-46E8-915D-53ABD2EF2936}
[#] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{E91EEEC5-8BF2-46E8-915D-53ABD2EF2936}
Key Deleted : HKLM\SOFTWARE\Classes\Iminent
Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [Iminent]
Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [IminentMessenger]
Key Deleted : HKLM\SOFTWARE\Classes\CrossriderApp0039030.BHO
Key Deleted : HKLM\SOFTWARE\Classes\CrossriderApp0039030.BHO.1
Key Deleted : HKLM\SOFTWARE\Classes\CrossriderApp0039030.Sandbox
Key Deleted : HKLM\SOFTWARE\Classes\CrossriderApp0039030.Sandbox.1
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{11111111-1111-1111-1111-110311901130}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{55555555-5555-5555-5555-550355905530}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660366906630}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{44444444-4444-4444-4444-440344904430}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11111111-1111-1111-1111-110311901130}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{11111111-1111-1111-1111-110311901130}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68B81CCD-A80C-4060-8947-5AE69ED01199}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E6B969FB-6D33-48D2-9061-8BBD4899EB08}
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\Iminent
Key Deleted : HKCU\Software\installedbrowserextensions
Key Deleted : HKCU\Software\AppDataLow\Software\Crossrider
Key Deleted : HKCU\Software\AppDataLow\Software\smartbar
Key Deleted : HKCU\Software\AppDataLow\Software\Plus-HD-3.8
Key Deleted : HKLM\Software\Iminent
Key Deleted : HKLM\Software\Plus-HD-3.8
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IMBoosterARP
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SearchTheWebARP
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Plus-HD-3.8
***** [ Browsers ] *****
-\\ Internet Explorer v10.0.9200.16720
-\\ Mozilla Firefox v24.0 (de)
[ File : C:\Users\Haus\AppData\Roaming\Mozilla\Firefox\Profiles\7ftt4tsg.default\prefs.js ]
[ File : C:\Users\Doreen\AppData\Roaming\Mozilla\Firefox\Profiles\h93wza6j.default\prefs.js ]
Line Deleted : user_pref("CT3317893.FF19Solved", "true");
Line Deleted : user_pref("CT3317893.UserID", "UN51396801516972073");
Line Deleted : user_pref("CT3317893.browser.search.defaultthis.engineName", "true");
Line Deleted : user_pref("CT3317893.fullUserID", "UN51396801516972073.IN.20131029125129");
Line Deleted : user_pref("CT3317893.installDate", "29/10/2013 12:51:30");
Line Deleted : user_pref("CT3317893.installSessionId", "{D6334BA9-CEC0-46D0-88CD-65330023B73A}");
Line Deleted : user_pref("CT3317893.installSp", "FALSE");
Line Deleted : user_pref("CT3317893.installerVersion", "1.8.0.14");
Line Deleted : user_pref("CT3317893.keyword", "true");
Line Deleted : user_pref("CT3317893.originalHomepage", "about:home");
Line Deleted : user_pref("CT3317893.originalSearchAddressUrl", "");
Line Deleted : user_pref("CT3317893.originalSearchEngine", "");
Line Deleted : user_pref("CT3317893.originalSearchEngineName", "");
Line Deleted : user_pref("CT3317893.searchRevert", "false");
Line Deleted : user_pref("CT3317893.searchUserMode", "1");
Line Deleted : user_pref("CT3317893.smartbar.homepage", "true");
Line Deleted : user_pref("CT3317893.toolbarInstallDate", "29-10-2013 12:51:29");
Line Deleted : user_pref("CT3317893.versionFromInstaller", "10.21.1.7");
Line Deleted : user_pref("CT3317893.xpeMode", "0");
Line Deleted : user_pref("Smartbar.SearchFromAddressBarSavedUrl", "");
Line Deleted : user_pref("browser.search.defaultenginename", "RadioTotal4 Customized Web Search");
Line Deleted : user_pref("browser.search.defaultthis.engineName", "RadioTotal4 Customized Web Search");
Line Deleted : user_pref("browser.search.defaulturl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3317893&CUI=UN51396801516972073&UM=1&SearchSource=3&q={searchTerms}");
Line Deleted : user_pref("browser.search.selectedEngine", "RadioTotal4 Customized Web Search");
Line Deleted : user_pref("browser.startup.homepage", "hxxp://search.conduit.com/?ctid=CT3317893&CUI=UN51396801516972073&UM=1&SearchSource=13");
Line Deleted : user_pref("keyword.URL", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3317893&SearchSource=2&CUI=UN51396801516972073&UM=1&q=");
Line Deleted : user_pref("smartbar.addressBarOwnerCTID", "CT3317893");
Line Deleted : user_pref("smartbar.conduitHomepageList", "hxxp://search.conduit.com/?ctid=CT3317893&CUI=UN51396801516972073&UM=1&SearchSource=13");
Line Deleted : user_pref("smartbar.conduitSearchAddressUrlList", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3317893&SearchSource=2&CUI=UN51396801516972073&UM=1&q=");
Line Deleted : user_pref("smartbar.defaultSearchOwnerCTID", "CT3317893");
Line Deleted : user_pref("smartbar.homePageOwnerCTID", "CT3317893");
Line Deleted : user_pref("smartbar.machineId", "QMWQ4XBX9CTYCG90CGQJUZGOD0AWP69FXICV6VPMDLSWTAQJ5W6TKTJBAEDKOVEZDFQV+BTOTXZNEYIBEAT13G");
*************************
AdwCleaner[R0].txt - [9089 octets] - [29/10/2013 12:42:44]
AdwCleaner[R1].txt - [8784 octets] - [29/10/2013 12:52:46]
AdwCleaner[S0].txt - [9457 octets] - [29/10/2013 12:43:38]
AdwCleaner[S1].txt - [9000 octets] - [29/10/2013 12:53:21]
########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [9060 octets] ########## --- --- ---
AdwCleaner Logfile: Code:
# AdwCleaner v3.010 - Report created 29/10/2013 at 15:10:02
# Updated 20/10/2013 by Xplode
# Operating System : Windows 7 Ultimate Service Pack 1 (32 bits)
# Username : Haus - DENNIS-MEYER
# Running from : C:\Users\Haus\Desktop\adwcleaner.exe
# Option : Clean
***** [ Services ] *****
***** [ Files / Folders ] *****
***** [ Shortcuts ] *****
***** [ Registry ] *****
***** [ Browsers ] *****
-\\ Internet Explorer v10.0.9200.16720
-\\ Mozilla Firefox v24.0 (de)
[ File : C:\Users\Haus\AppData\Roaming\Mozilla\Firefox\Profiles\7ftt4tsg.default\prefs.js ]
[ File : C:\Users\Doreen\AppData\Roaming\Mozilla\Firefox\Profiles\h93wza6j.default\prefs.js ]
*************************
AdwCleaner[R0].txt - [10624 octets] - [29/10/2013 12:42:44]
AdwCleaner[R1].txt - [9832 octets] - [29/10/2013 12:52:46]
AdwCleaner[S0].txt - [11008 octets] - [29/10/2013 12:43:38]
AdwCleaner[S1].txt - [10049 octets] - [29/10/2013 12:53:21]
########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [10110 octets] ########## --- --- --- Code:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.0.7 (10.15.2013:3)
OS: Windows 7 Ultimate x86
Ran by Haus on 29-Oct-13 at 15:11:58.28
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~ Services
~~~ Registry Values
~~~ Registry Keys
~~~ Files
~~~ Folders
~~~ FireFox
Emptied folder: C:\Users\Haus\AppData\Roaming\mozilla\firefox\profiles\7ftt4tsg.default\minidumps [154 files]
~~~ Event Viewer Logs were cleared
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 29-Oct-13 at 15:15:03.32
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
ist das alles okay? viel danke :)
FRST Logfile:
FRST Logfile: Code:
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 28-10-2013
Ran by Haus (administrator) on DENNIS-MEYER on 29-10-2013 15:19:05
Running from C:\Users\Haus\Desktop
Microsoft Windows 7 Ultimate Service Pack 1 (X86) OS Language: English(US)
Internet Explorer Version 10
Boot Mode: Normal
==================== Processes (Whitelisted) ===================
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
(Nero AG) C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
(Nitro PDF Software) C:\Program Files\Nitro\Reader 3\NitroPDFReaderDriverService3.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
() C:\Windows\Samsung\PanelMgr\SSMMgr.exe
(Logitech Inc.) C:\Program Files\Logitech Gaming Software\LCore.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
() C:\Program Files\Vtune\TBPANEL.exe
(McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.8.130\SSScheduler.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Curse) C:\Users\Haus\AppData\Local\Apps\2.0\488QT5W3.MLN\92MM3JLG.ND3\curs..tion_9e9e83ddf3ed3ead_0005.0001_181b5e0542e9eb6c\CurseClient.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Logitech Inc.) C:\Program Files\Logitech Gaming Software\Applets\LCDRSS.exe
(Logitech Inc.) C:\Program Files\Logitech Gaming Software\Applets\LCDMedia.exe
(Logitech Inc.) C:\Program Files\Logitech Gaming Software\Applets\LCDCountdown.exe
(Logitech Inc.) C:\Program Files\Logitech Gaming Software\Applets\LCDClock.exe
(Logitech Inc.) C:\Program Files\Logitech Gaming Software\Applets\LCDPop3.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [Samsung PanelMgr] - C:\Windows\Samsung\PanelMgr\SSMMgr.exe [614400 2009-08-14] ()
HKLM\...\Run: [Logitech Download Assistant] - C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
HKLM\...\Run: [Launch LCore] - C:\Program Files\Logitech Gaming Software\LCore.exe [5529328 2013-02-28] (Logitech Inc.)
HKLM\...\Run: [EvtMgr6] - C:\Program Files\Logitech\SetPointP\SetPoint.exe [1851192 2012-11-04] (Logitech, Inc.)
HKLM\...\Run: [APSDaemon] - C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
HKLM\...\Run: [iTunesHelper] - C:\Program Files\iTunes\iTunesHelper.exe [152392 2013-05-15] (Apple Inc.)
HKLM\...\Run: [Adobe ARM] - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-05-11] (Adobe Systems Incorporated)
Winlogon\Notify\LBTWlgn: C:\Program Files\Common Files\LogiShrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.)
HKCU\...\Run: [TBPanel] - C:\Program Files\Vtune\TBPANEL.exe [2248704 2011-08-02] ()
Startup: C:\Users\Doreen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk
ShortcutTarget: OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk -> C:\Program Files\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation)
Startup: C:\Users\Haus\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CurseClientStartup.ccip ()
==================== Internet (Whitelisted) ====================
SearchScopes: HKLM - DefaultScope value is missing.
BHO: MSS+ Identifier - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files\McAfee Security Scan\3.8.130\McAfeeMSS_IE.dll (McAfee, Inc.)
BHO: Logitech SetPoint - {AF949550-9094-4807-95EC-D1C317803333} - C:\Program Files\Logitech\SetPointP\SetPointSmooth.dll (Logitech, Inc.)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
Winsock: Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
FireFox:
========
FF ProfilePath: C:\Users\Haus\AppData\Roaming\Mozilla\Firefox\Profiles\7ftt4tsg.default
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_11_9_900_117.dll ()
FF Plugin: @Apple.com/iTunes,version=1.0 - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin: @mcafee.com/McAfeeMssPlugin - C:\Program Files\McAfee Security Scan\3.8.130\npMcAfeeMss.dll (McAfee, Inc.)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin: @nitropdf.com/NitroPDF - C:\Program Files\Nitro\Reader 3\npnitromozilla.dll (Nitro PDF)
FF Plugin: @nvidia.com/3DVision - C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin: @nvidia.com/3DVisionStreaming - C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF HKLM\...\Firefox\Extensions: [{F003DA68-8256-4b37-A6C4-350FA04494DF}] - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt
FF Extension: Logitech SetPoint - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt
========================== Services (Whitelisted) =================
R2 MBAMScheduler; C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.130\McCHSvc.exe [235216 2013-09-06] (McAfee, Inc.)
R2 NitroReaderDriverReadSpool3; C:\Program Files\Nitro\Reader 3\NitroPDFReaderDriverService3.exe [196624 2013-01-14] (Nitro PDF Software)
S3 SandraAgentSrv; C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2013.SP1\RpcAgentSrv.exe [68760 2008-12-27] (SiSoftware)
==================== Drivers (Whitelisted) ====================
S2 DgiVecp; C:\Windows\system32\Drivers\DgiVecp.sys [38400 2009-02-16] (Samsung Electronics Co., Ltd.)
S3 LachesisFltr; C:\Windows\System32\drivers\Lachesis.sys [12032 2007-08-08] (Razer (Asia-Pacific) Pte Ltd)
R3 LEqdUsb; C:\Windows\System32\Drivers\LEqdUsb.Sys [43704 2012-09-18] (Logitech, Inc.)
R3 LGBusEnum; C:\Windows\System32\drivers\LGBusEnum.sys [19720 2009-11-24] (Logitech Inc.)
R3 LGVirHid; C:\Windows\System32\drivers\LGVirHid.sys [14856 2009-11-24] (Logitech Inc.)
R3 LHidEqd; C:\Windows\System32\Drivers\LHidEqd.Sys [12216 2012-09-18] (Logitech, Inc.)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [22856 2013-04-04] (Malwarebytes Corporation)
R3 netr28u; C:\Windows\System32\DRIVERS\netr28u.sys [734208 2009-05-25] (Ralink Technology Corp.)
R3 Ph3xIB32; C:\Windows\System32\DRIVERS\Ph3xIB32.sys [1311232 2009-07-13] (NXP Semiconductors)
S3 SANDRA; C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2013.SP1\WNt500x86\Sandra.sys [23112 2009-08-08] (SiSoftware)
R2 SSPORT; C:\Windows\system32\Drivers\SSPORT.sys [5120 2009-08-03] (Samsung Electronics)
S3 TBPanel; C:\Windows\System32\Drivers\TBPanel.sys [12256 2007-03-16] (Windows (R) 2000 DDK provider)
R3 XUIF; C:\Windows\System32\Drivers\x10ufx2.sys [27416 2006-12-01] (X10 Wireless Technology, Inc.)
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [x]
S3 tsusbhub; system32\drivers\tsusbhub.sys [x]
S3 VGPU; System32\drivers\rdvgkmd.sys [x]
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2013-10-29 15:18 - 2013-10-29 13:27 - 01089183 _____ (Farbar) C:\Users\Haus\Desktop\FRST.exe
2013-10-29 15:15 - 2013-10-29 15:15 - 00000750 _____ C:\Users\Haus\Desktop\JRT.txt
2013-10-29 15:11 - 2013-10-29 15:11 - 00010191 _____ C:\Users\Haus\Desktop\2.txt
2013-10-29 15:11 - 2013-10-29 15:11 - 00000000 ____D C:\Windows\ERUNT
2013-10-29 15:07 - 2013-10-29 15:07 - 00003654 _____ C:\Users\Haus\Desktop\1.txt
2013-10-29 14:53 - 2013-10-29 14:53 - 00001067 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2013-10-29 14:53 - 2013-10-29 14:53 - 00000000 ____D C:\Users\Haus\AppData\Roaming\Malwarebytes
2013-10-29 14:53 - 2013-10-29 14:53 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-10-29 14:53 - 2013-10-29 14:53 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware
2013-10-29 14:53 - 2013-04-04 14:50 - 00022856 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2013-10-29 14:50 - 2013-10-29 14:49 - 01060070 _____ C:\Users\Haus\Desktop\adwcleaner.exe
2013-10-29 12:52 - 2013-10-29 12:52 - 00000000 ____D C:\Users\Doreen\AppData\Local\Google
2013-10-29 12:42 - 2013-10-29 15:10 - 00000000 ____D C:\AdwCleaner
2013-10-29 12:40 - 2013-10-29 23:43 - 00000000 ____D C:\Program Files\WinSecurity
2013-10-29 12:40 - 2013-10-29 12:51 - 00000132 _____ C:\Users\Doreen\Desktop\Amazon.url
2013-10-29 12:13 - 2013-10-29 12:13 - 00000000 ____D C:\Program Files\Enigma Software Group
2013-10-29 12:05 - 2013-10-29 12:05 - 00021233 _____ C:\Users\Doreen\Downloads\Addition.txt
2013-10-29 12:05 - 2013-10-29 12:05 - 00018213 _____ C:\Users\Doreen\Downloads\FRST.txt
2013-10-29 12:04 - 2013-10-29 12:04 - 00000000 ____D C:\FRST
2013-10-20 12:19 - 2013-10-29 23:43 - 00000000 ____D C:\Users\Haus\Downloads\oqueue_1.6.0
2013-10-10 02:07 - 2013-09-23 00:28 - 01767936 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-10-10 02:07 - 2013-09-23 00:28 - 01141248 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-10-10 02:07 - 2013-09-23 00:28 - 00042496 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-10-10 02:07 - 2013-09-23 00:27 - 14335488 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-10-10 02:07 - 2013-09-23 00:27 - 13761024 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-10-10 02:07 - 2013-09-23 00:27 - 02876928 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-10-10 02:07 - 2013-09-23 00:27 - 02048512 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-10-10 02:07 - 2013-09-23 00:27 - 00690688 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-10-10 02:07 - 2013-09-23 00:27 - 00493056 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-10-10 02:07 - 2013-09-23 00:27 - 00391168 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-10-10 02:07 - 2013-09-23 00:27 - 00109056 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2013-10-10 02:07 - 2013-09-23 00:27 - 00061440 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-10-10 02:07 - 2013-09-23 00:27 - 00039424 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-10-10 02:07 - 2013-09-23 00:27 - 00033280 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-10-10 02:07 - 2013-09-21 04:30 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-10-10 02:07 - 2013-09-21 03:39 - 00071680 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2013-10-09 23:45 - 2013-09-14 01:48 - 00338944 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys
2013-10-09 23:45 - 2013-09-08 03:07 - 01294272 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2013-10-09 23:45 - 2013-09-08 03:03 - 00231424 _____ (Microsoft Corporation) C:\Windows\system32\mswsock.dll
2013-10-09 23:45 - 2013-08-29 02:51 - 03969472 _____ (Microsoft Corporation) C:\Windows\system32\ntkrnlpa.exe
2013-10-09 23:45 - 2013-08-29 02:51 - 03914176 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2013-10-09 23:45 - 2013-08-29 02:50 - 01289096 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2013-10-09 23:45 - 2013-08-29 02:50 - 00619520 _____ (Microsoft Corporation) C:\Windows\system32\tdh.dll
2013-10-09 23:45 - 2013-08-29 02:48 - 00640512 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2013-10-09 23:45 - 2013-08-28 01:57 - 00434688 _____ (Microsoft Corporation) C:\Windows\system32\scavengeui.dll
2013-10-09 23:45 - 2013-07-04 12:50 - 00530432 _____ (Microsoft Corporation) C:\Windows\system32\comctl32.dll
2013-10-09 23:45 - 2013-07-03 05:02 - 00036352 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbscan.sys
2013-10-09 23:45 - 2013-07-03 04:36 - 00055808 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hidclass.sys
2013-10-09 23:45 - 2013-07-03 04:36 - 00025728 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hidparse.sys
2013-10-09 23:44 - 2013-08-28 02:04 - 02348544 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2013-10-09 23:44 - 2013-08-01 12:03 - 00729024 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys
2013-10-09 23:44 - 2013-07-20 11:33 - 00102608 _____ (Microsoft Corporation) C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll
2013-10-09 23:44 - 2013-07-12 11:07 - 00086016 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbcir.sys
2013-10-09 23:44 - 2013-07-12 11:07 - 00080896 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\USBAUDIO.sys
2013-10-09 23:44 - 2013-07-04 12:57 - 00205824 _____ (Microsoft Corporation) C:\Windows\system32\WebClnt.dll
2013-10-09 23:44 - 2013-07-04 12:51 - 00081920 _____ (Microsoft Corporation) C:\Windows\system32\davclnt.dll
2013-10-09 23:44 - 2013-07-04 10:48 - 00115712 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys
2013-10-09 23:44 - 2013-06-25 23:56 - 00527064 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Wdf01000.sys
2013-10-09 23:44 - 2013-06-06 05:52 - 00026112 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll
2013-10-09 23:44 - 2013-06-06 05:51 - 00070656 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll
2013-10-09 23:44 - 2013-06-06 05:50 - 00010240 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll
2013-10-09 23:44 - 2013-06-06 04:01 - 00295424 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2013-10-09 23:44 - 2013-06-06 04:01 - 00034304 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2013-10-01 17:04 - 2013-10-01 17:04 - 00000000 ____D C:\Program Files\Mozilla Firefox
==================== One Month Modified Files and Folders =======
2013-10-29 23:43 - 2013-10-29 12:40 - 00000000 ____D C:\Program Files\WinSecurity
2013-10-29 23:43 - 2013-10-20 12:19 - 00000000 ____D C:\Users\Haus\Downloads\oqueue_1.6.0
2013-10-29 23:43 - 2013-09-10 09:06 - 00000000 ____D C:\Users\Haus\Downloads\simc-530-7-win32
2013-10-29 23:43 - 2013-09-04 16:01 - 00000000 ____D C:\ProgramData\McAfee Security Scan
2013-10-29 23:43 - 2013-02-10 10:26 - 00000000 ____D C:\Users\Haus\Documents\StarCraft II
2013-10-29 23:43 - 2009-07-14 08:48 - 00000000 ___RD C:\Users\Public\Recorded TV
2013-10-29 23:43 - 2009-07-14 03:37 - 00000000 ____D C:\Windows\system32\wfp
2013-10-29 23:43 - 2009-07-14 03:37 - 00000000 ____D C:\Windows\registration
2013-10-29 23:42 - 2013-07-29 15:35 - 00000000 ____D C:\Users\Doreen\AppData\Local\Mozilla
2013-10-29 15:18 - 2009-07-14 05:34 - 00016944 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-10-29 15:18 - 2009-07-14 05:34 - 00016944 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-10-29 15:17 - 2013-01-19 11:30 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-10-29 15:17 - 2013-01-18 18:48 - 01498506 _____ C:\Windows\system32\PerfStringBackup.INI
2013-10-29 15:15 - 2013-10-29 15:15 - 00000750 _____ C:\Users\Haus\Desktop\JRT.txt
2013-10-29 15:11 - 2013-10-29 15:11 - 00010191 _____ C:\Users\Haus\Desktop\2.txt
2013-10-29 15:11 - 2013-10-29 15:11 - 00000000 ____D C:\Windows\ERUNT
2013-10-29 15:11 - 2013-02-08 18:03 - 00000000 ____D C:\Users\Haus\AppData\Local\Deployment
2013-10-29 15:10 - 2013-10-29 12:42 - 00000000 ____D C:\AdwCleaner
2013-10-29 15:10 - 2013-01-18 19:41 - 00000000 ____D C:\ProgramData\NVIDIA
2013-10-29 15:10 - 2009-07-14 05:53 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-10-29 15:10 - 2009-07-14 05:39 - 00067760 _____ C:\Windows\setupact.log
2013-10-29 15:08 - 2013-01-21 12:29 - 00010760 _____ C:\Windows\PFRO.log
2013-10-29 15:08 - 2013-01-19 03:39 - 01473146 _____ C:\Windows\WindowsUpdate.log
2013-10-29 15:08 - 2009-07-14 05:52 - 00000000 ____D C:\Windows\Performance
2013-10-29 15:07 - 2013-10-29 15:07 - 00003654 _____ C:\Users\Haus\Desktop\1.txt
2013-10-29 14:53 - 2013-10-29 14:53 - 00001067 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2013-10-29 14:53 - 2013-10-29 14:53 - 00000000 ____D C:\Users\Haus\AppData\Roaming\Malwarebytes
2013-10-29 14:53 - 2013-10-29 14:53 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-10-29 14:53 - 2013-10-29 14:53 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware
2013-10-29 14:49 - 2013-10-29 14:50 - 01060070 _____ C:\Users\Haus\Desktop\adwcleaner.exe
2013-10-29 14:44 - 2013-01-18 18:40 - 00000000 ____D C:\Users\Haus
2013-10-29 13:27 - 2013-10-29 15:18 - 01089183 _____ (Farbar) C:\Users\Haus\Desktop\FRST.exe
2013-10-29 12:52 - 2013-10-29 12:52 - 00000000 ____D C:\Users\Doreen\AppData\Local\Google
2013-10-29 12:51 - 2013-10-29 12:40 - 00000132 _____ C:\Users\Doreen\Desktop\Amazon.url
2013-10-29 12:43 - 2013-02-07 19:11 - 00000000 ____D C:\Windows\system32\appmgmt
2013-10-29 12:13 - 2013-10-29 12:13 - 00000000 ____D C:\Program Files\Enigma Software Group
2013-10-29 12:05 - 2013-10-29 12:05 - 00021233 _____ C:\Users\Doreen\Downloads\Addition.txt
2013-10-29 12:05 - 2013-10-29 12:05 - 00018213 _____ C:\Users\Doreen\Downloads\FRST.txt
2013-10-29 12:04 - 2013-10-29 12:04 - 00000000 ____D C:\FRST
2013-10-29 11:46 - 2013-09-11 09:24 - 00000000 ____D C:\Users\Haus\AppData\Local\Battle.net
2013-10-28 22:59 - 2013-02-09 21:09 - 00000000 ____D C:\Users\Haus\AppData\Roaming\TS3Client
2013-10-21 22:15 - 2013-09-04 16:01 - 00002012 _____ C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk
2013-10-21 22:15 - 2013-09-04 16:01 - 00000000 ____D C:\Program Files\McAfee Security Scan
2013-10-17 18:19 - 2009-07-14 03:37 - 00000000 ____D C:\Windows\rescache
2013-10-16 13:30 - 2013-09-11 09:23 - 00000000 ____D C:\Program Files\Battle.net
2013-10-10 22:31 - 2009-07-14 03:37 - 00000000 ____D C:\Windows\Microsoft.NET
2013-10-10 10:45 - 2013-07-11 15:31 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2013-10-10 10:45 - 2009-07-14 05:33 - 00409048 _____ C:\Windows\system32\FNTCACHE.DAT
2013-10-10 02:13 - 2009-07-14 03:37 - 00000000 ____D C:\Windows\system32\de-DE
2013-10-10 02:12 - 2013-02-08 19:46 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-10-10 02:11 - 2013-08-14 11:25 - 00000000 ____D C:\Windows\system32\MRT
2013-10-10 02:09 - 2013-01-18 19:32 - 78106760 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2013-10-09 00:17 - 2013-01-19 11:30 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2013-10-09 00:17 - 2013-01-19 11:30 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2013-10-02 13:33 - 2013-01-18 19:24 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service
2013-10-01 21:28 - 2013-01-18 19:24 - 00000000 ____D C:\Users\Haus\AppData\Local\Mozilla
2013-10-01 17:04 - 2013-10-01 17:04 - 00000000 ____D C:\Program Files\Mozilla Firefox
Some content of TEMP:
====================
C:\Users\Haus\AppData\Local\Temp\install_reader11_de_mssa_aaa_aih.exe
C:\Users\Haus\AppData\Local\Temp\LMkRstPt.exe
C:\Users\Haus\AppData\Local\Temp\nitro_reader3(1).exe
C:\Users\Haus\AppData\Local\Temp\nitro_reader3.exe
C:\Users\Haus\AppData\Local\Temp\nv3DVStreaming.dll
C:\Users\Haus\AppData\Local\Temp\nvSCPAPI.dll
C:\Users\Haus\AppData\Local\Temp\nvStereoApiI.dll
C:\Users\Haus\AppData\Local\Temp\nvStInst.exe
C:\Users\Haus\AppData\Local\Temp\ose00000.exe
C:\Users\Haus\AppData\Local\Temp\Quarantine.exe
==================== Bamital & volsnap Check =================
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
LastRegBack: 2013-10-28 15:46
==================== End Of Log ============================ --- --- ---
--- --- --- |