Nerenina | 26.06.2014 20:09 | Hallo,
es gab ein paar Laptop-Ladekabel Probleme, zu viele Klausuren und ein vergessliches Ich, wodurch ich es (mal wieder) nicht hinbekommen habe, hieran zu denken, Sorry!
Hab jetzt die ganzen Schritte mit mehr oder weniger Talent durchgeführt und poste das jetzt einfach mal.. Code:
Malwarebytes Anti-Malware
www.malwarebytes.org
Suchlauf Datum: 26/06/2014
Suchlauf-Zeit: 16:22:17
Logdatei: mbam.txt
Administrator: Ja
Version: 2.00.2.1012
Malware Datenbank: v2014.06.26.05
Rootkit Datenbank: v2014.06.23.02
Lizenz: Kostenlos
Malware Schutz: Deaktiviert
Bösartiger Webseiten Schutz: Deaktiviert
Self-protection: Deaktiviert
Betriebssystem: Windows 8
CPU: x64
Dateisystem: NTFS
Benutzer: Nerea
Suchlauf-Art: Bedrohungs-Suchlauf
Ergebnis: Abgeschlossen
Durchsuchte Objekte: 307899
Verstrichene Zeit: 13 Min, 39 Sek
Speicher: Aktiviert
Autostart: Aktiviert
Dateisystem: Aktiviert
Archive: Aktiviert
Rootkits: Deaktiviert
Heuristics: Aktiviert
PUP: Aktiviert
PUM: Aktiviert
Prozesse: 2
PUP.Optional.WebCake.A, C:\Program Files (x86)\Tepfel\WebCakeDesktop.Updater.exe, 2312, Löschen bei Neustart, [010cee8f35465cda24d3f816669bb24e]
PUP.Optional.WebCake.A, C:\Users\Nerea\AppData\Roaming\Tepfel\WebCakeDesktop.exe, 5264, Löschen bei Neustart, [e12c55286d0eb18564dbfe2023dd40c0]
Module: 2
PUP.Optional.WebCake.A, C:\Users\Nerea\AppData\Roaming\Tepfel\dat\bsvc.dll, Löschen bei Neustart, [2ae344398bf06fc79a12058d689a857b],
PUP.Optional.WebCake.A, C:\Users\Nerea\AppData\Roaming\Tepfel\dat\Desktop.OS.dll, Löschen bei Neustart, [2ae344398bf06fc79a12058d689a857b],
Registrierungsschlüssel: 16
PUP.Optional.WebCake.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\WebCakeUpdater, In Quarantäne, [010cee8f35465cda24d3f816669bb24e],
PUP.Optional.PricePeep.A, HKLM\SOFTWARE\CLASSES\APPID\{38A066B0-DD5F-4226-AC4F-6A27C1BFB892}, In Quarantäne, [69a4d8a58bf02313b840b6c927db9868],
PUP.Optional.PricePeep.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\APPID\{38A066B0-DD5F-4226-AC4F-6A27C1BFB892}, In Quarantäne, [69a4d8a58bf02313b840b6c927db9868],
PUP.Optional.WebCake.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{BB975E58-E769-4E5A-BA12-B765BC559FF3}, In Quarantäne, [46c758253e3d63d3dbab4d32738fd828],
PUP.Optional.WebCake.A, HKU\S-1-5-21-1495532002-145744468-2854867227-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{AF6B0594-6008-4327-93E5-608AD710A6FA}, In Quarantäne, [94799be2cfac54e2f791106f09f929d7],
PUP.Optional.WebCake.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\PREAPPROVED\{AF6B0594-6008-4327-93E5-608AD710A6FA}, In Quarantäne, [94799be2cfac54e2f791106f09f929d7],
Adware.Agent, HKLM\SOFTWARE\CLASSES\INTERFACE\{1B97A696-5576-43AC-A73B-E1D2C78F21E8}, In Quarantäne, [927b6d100b706ec8b3c31b3339c9b54b],
Adware.Agent, HKLM\SOFTWARE\CLASSES\TypeLib\{3BF3DED5-0FC8-4207-AC09-AA7B5AF4E408}, In Quarantäne, [ea237706502be452d2a4440af11105fb],
Adware.Agent, HKLM\SOFTWARE\CLASSES\INTERFACE\{75BF416E-4326-45B5-8A2D-AE32D05B930B}, In Quarantäne, [ea237706502be452d2a4440af11105fb],
Adware.Agent, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{1B97A696-5576-43AC-A73B-E1D2C78F21E8}, In Quarantäne, [ea237706502be452d2a4440af11105fb],
Adware.Agent, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{75BF416E-4326-45B5-8A2D-AE32D05B930B}, In Quarantäne, [ea237706502be452d2a4440af11105fb],
Adware.Agent, HKLM\SOFTWARE\WOW6432NODE\CLASSES\TypeLib\{3BF3DED5-0FC8-4207-AC09-AA7B5AF4E408}, In Quarantäne, [7e8f0d70accff83e98de430b62a08977],
PUP.Optional.WebCake.A, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{C4ED781C-7394-4906-AAFF-D6AB64FF7C38}, In Quarantäne, [8c818bf2671439fd6162bc237d865ea2],
PUP.Optional.PricePeep.A, HKLM\SOFTWARE\CLASSES\APPID\PricePeep.DLL, In Quarantäne, [5cb1235af6850d29cbb18661dd2630d0],
PUP.Optional.PricePeep.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\APPID\PricePeep.DLL, In Quarantäne, [fc11b2cb3b4069cd522a9453de25f30d],
PUP.Optional.WebCake.A, HKLM\SOFTWARE\WOW6432NODE\GOOGLE\CHROME\EXTENSIONS\fjoijdanhaiflhibkljeklcghcmmfffh, In Quarantäne, [47c6ccb13a414ee8269f419e9e65f10f],
Registrierungswerte: 1
PUP.Optional.WebCake.A, HKU\S-1-5-21-1495532002-145744468-2854867227-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|WebCake Desktop, "C:\Users\Nerea\AppData\Roaming\Tepfel\WebCakeDesktop.exe", In Quarantäne, [e12c55286d0eb18564dbfe2023dd40c0]
Registrierungsdaten: 13
PUP.Optional.SnapDo.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\SEARCHURL|Default, hxxp://feed.snapdo.com/?publisher=AdKnowledgeYB&dpid=AdKnowledgeYB&co=DE&userid=908f7d5a-96ed-2fcc-3bbe-877740079768&searchtype=ds&q={searchTerms}&installDate=01/09/2013, Gut: (www.google.com), Schlecht: (hxxp://feed.snapdo.com/?publisher=AdKnowledgeYB&dpid=AdKnowledgeYB&co=DE&userid=908f7d5a-96ed-2fcc-3bbe-877740079768&searchtype=ds&q={searchTerms}&installDate=01/09/2013),Ersetzt,[3cd17706d2a942f418f4f88705ff8977]
PUP.Optional.Snapdo, HKU\S-1-5-21-1495532002-145744468-2854867227-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Start Page, hxxp://feed.snapdo.com/?publisher=AdKnowledgeYB&dpid=AdKnowledgeYB&co=DE&userid=908f7d5a-96ed-2fcc-3bbe-877740079768&searchtype=hp&installDate=01/09/2013, Gut: (hxxp://www.google.com), Schlecht: (hxxp://feed.snapdo.com/?publisher=AdKnowledgeYB&dpid=AdKnowledgeYB&co=DE&userid=908f7d5a-96ed-2fcc-3bbe-877740079768&searchtype=hp&installDate=01/09/2013),Ersetzt,[f21bcab3c5b67cbacfa42365b64ea15f]
PUP.Optional.Snapdo, HKU\S-1-5-21-1495532002-145744468-2854867227-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Search Bar, hxxp://feed.snapdo.com/?publisher=AdKnowledgeYB&dpid=AdKnowledgeYB&co=DE&userid=908f7d5a-96ed-2fcc-3bbe-877740079768&searchtype=ds&q={searchTerms}&installDate=01/09/2013, Gut: (hxxp://www.google.com), Schlecht: (hxxp://feed.snapdo.com/?publisher=AdKnowledgeYB&dpid=AdKnowledgeYB&co=DE&userid=908f7d5a-96ed-2fcc-3bbe-877740079768&searchtype=ds&q={searchTerms}&installDate=01/09/2013),Ersetzt,[50bd4e2fabd050e63f325e2af4102fd1]
PUP.Optional.Snapdo, HKU\S-1-5-21-1495532002-145744468-2854867227-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Search Page, hxxp://feed.snapdo.com/?publisher=AdKnowledgeYB&dpid=AdKnowledgeYB&co=DE&userid=908f7d5a-96ed-2fcc-3bbe-877740079768&searchtype=ds&q={searchTerms}&installDate=01/09/2013, Gut: (hxxp://www.google.com), Schlecht: (hxxp://feed.snapdo.com/?publisher=AdKnowledgeYB&dpid=AdKnowledgeYB&co=DE&userid=908f7d5a-96ed-2fcc-3bbe-877740079768&searchtype=ds&q={searchTerms}&installDate=01/09/2013),Ersetzt,[89844d306417171f076bd4b47f85d42c]
PUP.Optional.Snapdo, HKU\S-1-5-21-1495532002-145744468-2854867227-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCH|Default_Search_URL, hxxp://feed.snapdo.com/?publisher=AdKnowledgeYB&dpid=AdKnowledgeYB&co=DE&userid=908f7d5a-96ed-2fcc-3bbe-877740079768&searchtype=ds&q={searchTerms}&installDate=01/09/2013, Gut: (hxxp://www.google.com), Schlecht: (hxxp://feed.snapdo.com/?publisher=AdKnowledgeYB&dpid=AdKnowledgeYB&co=DE&userid=908f7d5a-96ed-2fcc-3bbe-877740079768&searchtype=ds&q={searchTerms}&installDate=01/09/2013),Ersetzt,[d736b8c591ea5cda393b89fff70d9d63]
PUP.Optional.Snapdo, HKU\S-1-5-21-1495532002-145744468-2854867227-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCH|SearchAssistant, hxxp://feed.snapdo.com/?publisher=AdKnowledgeYB&dpid=AdKnowledgeYB&co=DE&userid=908f7d5a-96ed-2fcc-3bbe-877740079768&searchtype=ds&q={searchTerms}&installDate=01/09/2013, Gut: (hxxp://www.google.com), Schlecht: (hxxp://feed.snapdo.com/?publisher=AdKnowledgeYB&dpid=AdKnowledgeYB&co=DE&userid=908f7d5a-96ed-2fcc-3bbe-877740079768&searchtype=ds&q={searchTerms}&installDate=01/09/2013),Ersetzt,[a469acd1a2d99c9a34413b4d7b89ed13]
PUP.Optional.SnapDo.A, HKU\S-1-5-21-1495532002-145744468-2854867227-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHURL|Default, hxxp://feed.snapdo.com/?publisher=AdKnowledgeYB&dpid=AdKnowledgeYB&co=DE&userid=908f7d5a-96ed-2fcc-3bbe-877740079768&searchtype=ds&q={searchTerms}&installDate=01/09/2013, Gut: (www.google.com), Schlecht: (hxxp://feed.snapdo.com/?publisher=AdKnowledgeYB&dpid=AdKnowledgeYB&co=DE&userid=908f7d5a-96ed-2fcc-3bbe-877740079768&searchtype=ds&q={searchTerms}&installDate=01/09/2013),Ersetzt,[917ccdb05427af8796771867c63ecc34]
PUP.Optional.Snapdo, HKU\S-1-5-21-1495532002-145744468-2854867227-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Search Page, hxxp://feed.snapdo.com/?publisher=AdKnowledgeYB&dpid=AdKnowledgeYB&co=ES&userid=908f7d5a-96ed-2fcc-3bbe-877740079768&searchtype=ds&q={searchTerms}&installDate=01/09/2013, Gut: (hxxp://www.google.com), Schlecht: (hxxp://feed.snapdo.com/?publisher=AdKnowledgeYB&dpid=AdKnowledgeYB&co=ES&userid=908f7d5a-96ed-2fcc-3bbe-877740079768&searchtype=ds&q={searchTerms}&installDate=01/09/2013),Ersetzt,[828bd1ac0f6c37ffec86f098d4300ef2]
PUP.Optional.Snapdo, HKU\S-1-5-21-1495532002-145744468-2854867227-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Start Page, hxxp://feed.snapdo.com/?publisher=AdKnowledgeYB&dpid=AdKnowledgeYB&co=ES&userid=908f7d5a-96ed-2fcc-3bbe-877740079768&searchtype=hp&installDate=01/09/2013, Gut: (hxxp://www.google.com), Schlecht: (hxxp://feed.snapdo.com/?publisher=AdKnowledgeYB&dpid=AdKnowledgeYB&co=ES&userid=908f7d5a-96ed-2fcc-3bbe-877740079768&searchtype=hp&installDate=01/09/2013),Ersetzt,[3ad3ec916b102610670c38509d67a957]
PUP.Optional.Snapdo, HKU\S-1-5-21-1495532002-145744468-2854867227-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Search Bar, hxxp://feed.snapdo.com/?publisher=AdKnowledgeYB&dpid=AdKnowledgeYB&co=ES&userid=908f7d5a-96ed-2fcc-3bbe-877740079768&searchtype=ds&q={searchTerms}&installDate=01/09/2013, Gut: (hxxp://www.google.com), Schlecht: (hxxp://feed.snapdo.com/?publisher=AdKnowledgeYB&dpid=AdKnowledgeYB&co=ES&userid=908f7d5a-96ed-2fcc-3bbe-877740079768&searchtype=ds&q={searchTerms}&installDate=01/09/2013),Ersetzt,[99746b125a21330318593f49c63efe02]
PUP.Optional.Snapdo, HKU\S-1-5-21-1495532002-145744468-2854867227-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCH|Default_Search_URL, hxxp://feed.snapdo.com/?publisher=AdKnowledgeYB&dpid=AdKnowledgeYB&co=ES&userid=908f7d5a-96ed-2fcc-3bbe-877740079768&searchtype=ds&q={searchTerms}&installDate=01/09/2013, Gut: (hxxp://www.google.com), Schlecht: (hxxp://feed.snapdo.com/?publisher=AdKnowledgeYB&dpid=AdKnowledgeYB&co=ES&userid=908f7d5a-96ed-2fcc-3bbe-877740079768&searchtype=ds&q={searchTerms}&installDate=01/09/2013),Ersetzt,[c44918652b50d066d0a40c7cde267987]
PUP.Optional.Snapdo, HKU\S-1-5-21-1495532002-145744468-2854867227-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCH|SearchAssistant, hxxp://feed.snapdo.com/?publisher=AdKnowledgeYB&dpid=AdKnowledgeYB&co=ES&userid=908f7d5a-96ed-2fcc-3bbe-877740079768&searchtype=ds&q={searchTerms}&installDate=01/09/2013, Gut: (hxxp://www.google.com), Schlecht: (hxxp://feed.snapdo.com/?publisher=AdKnowledgeYB&dpid=AdKnowledgeYB&co=ES&userid=908f7d5a-96ed-2fcc-3bbe-877740079768&searchtype=ds&q={searchTerms}&installDate=01/09/2013),Ersetzt,[0805d9a4e29900361e57068242c2af51]
PUP.Optional.SnapDo.A, HKU\S-1-5-21-1495532002-145744468-2854867227-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHURL|Default, hxxp://feed.snapdo.com/?publisher=AdKnowledgeYB&dpid=AdKnowledgeYB&co=ES&userid=908f7d5a-96ed-2fcc-3bbe-877740079768&searchtype=ds&q={searchTerms}&installDate=01/09/2013, Gut: (www.google.com), Schlecht: (hxxp://feed.snapdo.com/?publisher=AdKnowledgeYB&dpid=AdKnowledgeYB&co=ES&userid=908f7d5a-96ed-2fcc-3bbe-877740079768&searchtype=ds&q={searchTerms}&installDate=01/09/2013),Ersetzt,[64a918650f6c2d09f716c8b7c73d7c84]
Ordner: 6
PUP.Optional.WebCake.A, C:\ProgramData\Tarma Installer\{C4ED781C-7394-4906-AAFF-D6AB64FF7C38}, In Quarantäne, [8c818bf2671439fd6162bc237d865ea2],
PUP.Optional.WebCake.A, C:\ProgramData\Tarma Installer\{C4ED781C-7394-4906-AAFF-D6AB64FF7C38}\Cache, In Quarantäne, [8c818bf2671439fd6162bc237d865ea2],
PUP.Optional.WebCake.A, C:\Program Files (x86)\Tepfel, Löschen bei Neustart, [dd300f6eb8c33ff7093db431a65de917],
PUP.Optional.WebCake.A, C:\Users\Nerea\AppData\Roaming\Tepfel, Löschen bei Neustart, [2ae344398bf06fc79a12058d689a857b],
PUP.Optional.WebCake.A, C:\Users\Nerea\AppData\Roaming\Tepfel\dat, Löschen bei Neustart, [2ae344398bf06fc79a12058d689a857b],
PUP.Optional.WebCake.A, C:\Users\Nerea\AppData\Roaming\Tepfel\dat\update, In Quarantäne, [2ae344398bf06fc79a12058d689a857b],
Dateien: 22
PUP.Optional.WebCake.A, C:\Program Files (x86)\Tepfel\WebCakeDesktop.Updater.exe, Löschen bei Neustart, [010cee8f35465cda24d3f816669bb24e],
PUP.Optional.WebCake.A, C:\Users\Nerea\AppData\Roaming\Tepfel\WebCakeDesktop.exe, Löschen bei Neustart, [e12c55286d0eb18564dbfe2023dd40c0],
PUP.Optional.PricePeep.A, C:\Users\Nerea\AppData\Local\Temp\~nsu.tmp\Au_.exe, In Quarantäne, [7994fe7fc6b580b69a6f96adf20f1be5],
PUP.Optional.OneClickDownloader.A, C:\Users\Nerea\Downloads\NatuerlichBlondGerman2001DVDRipXviDiNTERNAL-MDCavi.exe, In Quarantäne, [3ecf196415668caa50cb4fc80df48977],
PUP.Optional.WebCake.A, C:\ProgramData\Tarma Installer\{C4ED781C-7394-4906-AAFF-D6AB64FF7C38}\Setup.ico, In Quarantäne, [8c818bf2671439fd6162bc237d865ea2],
PUP.Optional.WebCake.A, C:\ProgramData\Tarma Installer\{C4ED781C-7394-4906-AAFF-D6AB64FF7C38}\Setup.dat, In Quarantäne, [8c818bf2671439fd6162bc237d865ea2],
PUP.Optional.WebCake.A, C:\ProgramData\Tarma Installer\{C4ED781C-7394-4906-AAFF-D6AB64FF7C38}\Setup.exe, In Quarantäne, [8c818bf2671439fd6162bc237d865ea2],
PUP.Optional.WebCake.A, C:\ProgramData\Tarma Installer\{C4ED781C-7394-4906-AAFF-D6AB64FF7C38}\_Setup.dll, In Quarantäne, [8c818bf2671439fd6162bc237d865ea2],
PUP.Optional.WebCake.A, C:\ProgramData\Tarma Installer\{C4ED781C-7394-4906-AAFF-D6AB64FF7C38}\_Setupx.dll, In Quarantäne, [8c818bf2671439fd6162bc237d865ea2],
PUP.Optional.WebCake.A, C:\Program Files (x86)\Tepfel\WebCakeDesktop.Updater.InstallState, In Quarantäne, [dd300f6eb8c33ff7093db431a65de917],
PUP.Optional.WebCake.A, C:\Program Files (x86)\Tepfel\sqlite3.exe, In Quarantäne, [dd300f6eb8c33ff7093db431a65de917],
PUP.Optional.WebCake.A, C:\Users\Nerea\AppData\Roaming\Tepfel\PlugIns.cache, In Quarantäne, [2ae344398bf06fc79a12058d689a857b],
PUP.Optional.WebCake.A, C:\Users\Nerea\AppData\Roaming\Tepfel\dat\bsvc.dll, Löschen bei Neustart, [2ae344398bf06fc79a12058d689a857b],
PUP.Optional.WebCake.A, C:\Users\Nerea\AppData\Roaming\Tepfel\dat\cst.exe, In Quarantäne, [2ae344398bf06fc79a12058d689a857b],
PUP.Optional.WebCake.A, C:\Users\Nerea\AppData\Roaming\Tepfel\dat\Desktop.OS.dll, Löschen bei Neustart, [2ae344398bf06fc79a12058d689a857b],
PUP.Optional.WebCake.A, C:\Users\Nerea\AppData\Roaming\Tepfel\dat\DIBS.dat, In Quarantäne, [2ae344398bf06fc79a12058d689a857b],
PUP.Optional.WebCake.A, C:\Users\Nerea\AppData\Roaming\Tepfel\dat\Dora.dat, In Quarantäne, [2ae344398bf06fc79a12058d689a857b],
PUP.Optional.WebCake.A, C:\Users\Nerea\AppData\Roaming\Tepfel\dat\Maintain.dat, In Quarantäne, [2ae344398bf06fc79a12058d689a857b],
PUP.Optional.WebCake.A, C:\Users\Nerea\AppData\Roaming\Tepfel\dat\Paladin.dat, In Quarantäne, [2ae344398bf06fc79a12058d689a857b],
PUP.Optional.WebCake.A, C:\Users\Nerea\AppData\Roaming\Tepfel\dat\Phoenix.dat, In Quarantäne, [2ae344398bf06fc79a12058d689a857b],
PUP.Optional.WebCake.A, C:\Users\Nerea\AppData\Roaming\Tepfel\dat\sqlite3.dll, In Quarantäne, [2ae344398bf06fc79a12058d689a857b],
PUP.Optional.SnapDo.A, C:\Users\Nerea\AppData\Roaming\Mozilla\Firefox\Profiles\cxkccg0y.default\prefs.js, Gut: (), Schlecht: (user_pref("keyword.URL", "hxxp://feed.snapdo.com/?publisher=AdKnowledgeYB&dpid=AdKnowledgeYB&co=ES&userid=908f7d5a-96ed-2fcc-3bbe-877740079768&searchtype=ds&installDate=01/09/2013&q=");), Ersetzt,[1cf194e9b2c99a9c13169720fb0927d9]
Physische Sektoren: 0
(No malicious items detected)
(end) Code:
# AdwCleaner v3.213 - Bericht erstellt am 26/06/2014 um 20:29:07
# Aktualisiert 23/06/2014 von Xplode
# Betriebssystem : Windows 8 (64 bits)
# Benutzername : Nerea - FETTI-PC
# Gestartet von : C:\Users\Nerea\Downloads\adwcleaner_3.213.exe
# Option : Löschen
***** [ Dienste ] *****
***** [ Dateien / Ordner ] *****
Ordner Gelöscht : C:\ProgramData\Tarma Installer
Ordner Gelöscht : C:\Users\Nerea\AppData\Local\Temp\OCS
Datei Gelöscht : C:\Users\Nerea\AppData\Roaming\Mozilla\Firefox\Profiles\cxkccg0y.default\user.js
***** [ Verknüpfungen ] *****
Verknüpfung Desinfiziert : C:\Users\Nerea\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Search.lnk
***** [ Registrierungsdatenbank ] *****
Schlüssel Gelöscht : HKLM\SOFTWARE\Google\Chrome\Extensions\bopakagnckmlgajfccecajhnimjiiedh
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SnapDo_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SnapDo_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\WebCakeDesktop_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\WebCakeDesktop_RASMANCS
Schlüssel Gelöscht : HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\webcakeupdater
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{A0B10EBE-4E51-4CAE-949B-E6B9E7D68CEA}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{F511AFDB-726E-4458-90E7-1ECB97406544}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{FB684D26-01F4-4D9D-87CB-F486BEBA56DC}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{006EE092-9658-4FD6-BD8E-A21A348E59F5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{006EE092-9658-4FD6-BD8E-A21A348E59F5}
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{AE07101B-46D4-4A98-AF68-0333EA26E113}]
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Wert Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{AE07101B-46D4-4A98-AF68-0333EA26E113}]
Schlüssel Gelöscht : HKCU\Software\SmartBar
Schlüssel Gelöscht : HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}
Schlüssel Gelöscht : HKLM\Software\{1146AC44-2F03-4431-B4FD-889BC837521F}
Schlüssel Gelöscht : HKLM\Software\{6791A2F3-FC80-475C-A002-C014AF797E9C}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Tarma Installer
***** [ Browser ] *****
-\\ Internet Explorer v10.0.9200.16921
-\\ Mozilla Firefox v30.0 (de)
[ Datei : C:\Users\Nerea\AppData\Roaming\Mozilla\Firefox\Profiles\cxkccg0y.default\prefs.js ]
Zeile gelöscht : user_pref("extentions.webcake.defaultEnableAppsList", "layers,brain/features,newOffers/wc");
Zeile gelöscht : user_pref("extentions.webcake.installId", "92cb452e-51cf-44f5-918f-cff80538708d");
*************************
AdwCleaner[R0].txt - [3370 octets] - [26/06/2014 20:27:48]
AdwCleaner[S0].txt - [2952 octets] - [26/06/2014 20:29:07]
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [3012 octets] ########## Code:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.4 (04.06.2014:1)
OS: Windows 8 x64
Ran by Nerea on 26/06/2014 at 20:35:09,56
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~ Services
~~~ Registry Values
~~~ Registry Keys
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{FB684D26-01F4-4D9D-87CB-F486BEBA56DC}
~~~ Files
~~~ Folders
Successfully deleted: [Folder] "C:\ProgramData\big fish"
Successfully deleted: [Folder] "C:\bigfishcache"
~~~ FireFox
Emptied folder: C:\Users\Nerea\AppData\Roaming\mozilla\firefox\profiles\cxkccg0y.default\minidumps [3 files]
~~~ Event Viewer Logs were cleared
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 26/06/2014 at 20:46:08,69
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Ok ich hoffe das stimmt so jetzt irgendwie..
Hier noch das FRST:
FRST Logfile: Code:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 25-06-2014
Ran by Nerea (administrator) on FETTI-PC on 26-06-2014 21:06:09
Running from C:\Users\Nerea\Downloads
Platform: Windows 8 (X64) OS Language: Alemán (Alemania)
Internet Explorer Version 10
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Broadcom Corporation.) C:\Windows\System32\BtwRSupportService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Broadcom Corporation.) C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
(Conexant Systems Inc.) C:\Windows\System32\CxAudMsg64.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
(McAfee, Inc.) C:\Program Files\mcafee\msc\McAPExe.exe
(McAfee, Inc.) C:\Windows\System32\mfevtps.exe
(Nitro PDF Software) C:\Program Files\Common Files\Nitro\Pro\8.0\NitroPDFDriverService8x64.exe
(Nalpeiron Ltd.) C:\Windows\SysWOW64\NLSSRV32.EXE
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\AMCore\mcshield.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\systemcore\mfefire.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\Platform\McSvcHost\McSvHost.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Conexant Systems, Inc.) C:\Program Files\CONEXANT\cAudioFilterAgent\CAudioFilterAgent64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Lenovo (Beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe
(Spotify Ltd) C:\Users\Nerea\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
(Broadcom Corporation.) C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe
(McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe
(Dolby Laboratories Inc.) C:\Program Files (x86)\Dolby Advanced Audio v2\pcee4.exe
(Vimicro) C:\Program Files (x86)\USB Camera\VM331STI.EXE
(CyberLink) C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe
(CyberLink Corp.) C:\Program Files (x86)\Lenovo\YouCam\YouCamTray.exe
(CyberLink Corp.) C:\Program Files (x86)\Lenovo\PowerDVD10\PDVD10Serv.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\root\office15\WINWORD.EXE
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Thisisu) C:\Users\Nerea\Downloads\JRT.exe
(Microsoft Corporation) C:\Windows\SysWOW64\cmd.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\Platform\McUICnt.exe
(Microsoft Corporation) C:\Windows\SysWOW64\notepad.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [SmartAudio] => C:\Program Files\CONEXANT\SAII\SACpl.exe [1647616 2012-06-13] (Conexant Systems, Inc.)
HKLM\...\Run: [cAudioFilterAgent] => C:\Program Files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe [887968 2012-06-14] (Conexant Systems, Inc.)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2916152 2012-08-27] (Synaptics Incorporated)
HKLM\...\Run: [Energy Management] => C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe [17079376 2013-04-07] (Lenovo (Beijing) Limited)
HKLM\...\Run: [EnergyUtility] => C:\Program Files (x86)\Lenovo\Energy Management\Utility.exe [191568 2013-04-07] (Lenovo(beijing) Limited)
HKLM-x32\...\Run: [Dolby Advanced Audio v2] => C:\Program Files (x86)\Dolby Advanced Audio v2\pcee4.exe [508656 2012-07-25] (Dolby Laboratories Inc.)
HKLM-x32\...\Run: [331BigDog] => C:\Program Files (x86)\USB Camera\VM331STI.EXE [548864 2012-05-02] (Vimicro)
HKLM-x32\...\Run: [YouCam Mirage] => C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe [136488 2012-07-27] (CyberLink)
HKLM-x32\...\Run: [YouCam Tray] => C:\Program Files (x86)\Lenovo\YouCam\YouCamTray.exe [167024 2012-07-27] (CyberLink Corp.)
HKLM-x32\...\Run: [UpdateP2GShortCut] => C:\Program Files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe [217088 2012-04-18] (CyberLink Corp.)
HKLM-x32\...\Run: [RemoteControl10] => C:\Program Files (x86)\Lenovo\PowerDVD10\PDVD10Serv.exe [91432 2012-03-28] (CyberLink Corp.)
HKLM-x32\...\Run: [mcui_exe] => C:\Program Files\McAfee.com\Agent\mcagent.exe [537512 2013-09-24] (McAfee, Inc.)
HKLM-x32\...\Run: [Intel AppUp(SM) center] => C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe [155488 2012-07-12] (Intel Corporation)
HKLM-x32\...\Run: [mcpltui_exe] => C:\Program Files\McAfee.com\Agent\mcagent.exe [537512 2013-09-24] (McAfee, Inc.)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [43848 2014-04-23] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-05-26] (Apple Inc.)
Winlogon\Notify\igfxcui: C:\WINDOWS\system32\igfxdev.dll (Intel Corporation)
HKLM\...\Policies\Explorer: [NoControlPanel] 0
HKU\S-1-5-21-1495532002-145744468-2854867227-1002\...\Run: [Facebook Update] => C:\Users\Nerea\AppData\Local\Facebook\Update\FacebookUpdate.exe [138096 2013-09-08] (Facebook Inc.)
HKU\S-1-5-21-1495532002-145744468-2854867227-1002\...\Run: [Spotify] => C:\Users\Nerea\AppData\Roaming\Spotify\Spotify.exe [6189624 2014-06-26] (Spotify Ltd)
HKU\S-1-5-21-1495532002-145744468-2854867227-1002\...\Run: [Spotify Web Helper] => C:\Users\Nerea\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1176632 2014-06-26] (Spotify Ltd)
AppInit_DLLs: C:\WINDOWS\system32\nvinitx.dll => C:\WINDOWS\system32\nvinitx.dll [247144 2012-11-06] (NVIDIA Corporation)
AppInit_DLLs-x32: c:\windows\syswow64\nvinit.dll => c:\windows\syswow64\nvinit.dll [203112 2012-11-06] (NVIDIA Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk
ShortcutTarget: Bluetooth.lnk -> C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe (McAfee, Inc.)
ShellIconOverlayIdentifiers: SkyDrivePro1 (ErrorConflict) -> {8BA85C75-763B-4103-94EB-9470F12FE0F7} => C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers: SkyDrivePro2 (SyncInProgress) -> {CD55129A-B1A1-438E-A425-CEBC7DC684EE} => C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers: SkyDrivePro3 (InSync) -> {E768CD3B-BDDC-436D-9C13-E1B39CA257B1} => C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers: SugarSyncBackedUp -> {0C4A258A-3F3B-4FFF-80A7-9B3BEC139472} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll (SugarSync, Inc.)
ShellIconOverlayIdentifiers: SugarSyncPending -> {62CCD8E3-9C21-41E1-B55E-1E26DFC68511} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll (SugarSync, Inc.)
ShellIconOverlayIdentifiers: SugarSyncRoot -> {A759AFF6-5851-457D-A540-F4ECED148351} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll (SugarSync, Inc.)
ShellIconOverlayIdentifiers: SugarSyncShared -> {1574C9EF-7D58-488F-B358-8B78C1538F51} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll (SugarSync, Inc.)
ShellIconOverlayIdentifiers-x32: SkyDrivePro1 (ErrorConflict) -> {8BA85C75-763B-4103-94EB-9470F12FE0F7} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: SkyDrivePro2 (SyncInProgress) -> {CD55129A-B1A1-438E-A425-CEBC7DC684EE} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: SkyDrivePro3 (InSync) -> {E768CD3B-BDDC-436D-9C13-E1B39CA257B1} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL (Microsoft Corporation)
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://lenovo13.msn.com
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://www.lenovo.com
SearchScopes: HKLM - DefaultScope {65A47189-6319-4816-A0DC-B7AF30B11AE5} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MALNJS
SearchScopes: HKLM - {65A47189-6319-4816-A0DC-B7AF30B11AE5} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MALNJS
SearchScopes: HKLM-x32 - DefaultScope value is missing.
BHO: Lync Browser Helper - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: MSS+ Identifier - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files\McAfee Security Scan\3.8.150\McAfeeMSS_IE.dll (McAfee, Inc.)
BHO-x32: Lync Browser Helper - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\Office15\OCHelper.dll (Microsoft Corporation)
BHO-x32: Microsoft SkyDrive Pro Browser Helper - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL (Microsoft Corporation)
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL (Microsoft Corporation)
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\mcafee\msc\McSnIePl64.dll (McAfee, Inc.)
Filter-x32: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files (x86)\McAfee\msc\McSnIePl.dll (McAfee, Inc.)
Tcpip\Parameters: [DhcpNameServer] 80.58.61.250 80.58.61.254
FireFox:
========
FF ProfilePath: C:\Users\Nerea\AppData\Roaming\Mozilla\Firefox\Profiles\cxkccg0y.default
FF NewTab: about:blank
FF Homepage: https://www.google.de/
FF Plugin: @adobe.com/FlashPlayer - C:\WINDOWS\system32\Macromed\Flash\NPSWF64_13_0_0_214.dll ()
FF Plugin: @mcafee.com/MSC,version=10 - c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL ()
FF Plugin-x32: @adobe.com/FlashPlayer - C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_214.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @mcafee.com/MSC,version=10 - c:\PROGRA~2\mcafee\msc\NPMCSN~1.DLL ()
FF Plugin-x32: @microsoft.com/Lync,version=15.0 - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @nitropdf.com/NitroPDF - C:\Program Files (x86)\Nitro\Pro 8\npnitromozilla.dll (Nitro PDF)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @Skype Limited.com/Facebook Video Calling Plugin - C:\Users\Nerea\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: Adblock Plus - C:\Users\Nerea\AppData\Roaming\Mozilla\Firefox\Profiles\cxkccg0y.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-04-24]
FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK
FF Extension: McAfee Anti-Spam Thunderbird Extension - C:\Program Files\McAfee\MSK [2013-04-07]
FF HKCU\...\Firefox\Extensions: [{e4f94d1e-2f53-401e-8885-681602c0ddd8}] - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi
FF Extension: No Name - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi [2014-04-04]
==================== Services (Whitelisted) =================
R2 BcmBtRSupport; C:\Windows\system32\BtwRSupportService.exe [2227992 2012-10-02] (Broadcom Corporation.)
R2 btwdins; C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe [959256 2012-11-15] (Broadcom Corporation.)
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2279608 2014-05-21] (Microsoft Corporation)
R2 HomeNetSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [166720 2012-06-25] (Intel Corporation)
S3 LSCWinService; C:\Program Files\Lenovo\Lenovo Solution Center\App\LSCWinService.exe [30184 2013-08-08] ()
R2 McAPExe; C:\Program Files\McAfee\MSC\McAPExe.exe [178048 2013-09-24] (McAfee, Inc.)
S3 McAWFwk; c:\Program Files\mcafee\msc\McAWFwk.exe [332080 2012-01-26] (McAfee, Inc.)
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.150\McCHSvc.exe [289256 2014-04-09] (McAfee, Inc.)
R2 McMPFSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
R2 McNaiAnn; C:\Program Files\Common Files\mcafee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
S3 McODS; C:\Program Files\mcafee\VirusScan\mcods.exe [602944 2013-08-02] (McAfee, Inc.)
S2 McOobeSv; C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe [201304 2012-08-31] (McAfee, Inc.)
R2 mcpltsvc; C:\Program Files\Common Files\mcafee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
R2 McProxy; C:\Program Files\Common Files\mcafee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
R2 mfecore; C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe [1017016 2013-09-20] (McAfee, Inc.)
R2 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [219272 2013-09-24] (McAfee, Inc.)
R2 mfevtp; C:\WINDOWS\system32\mfevtps.exe [182752 2013-09-24] (McAfee, Inc.)
R2 MSK80Service; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
R2 NitroDriverReadSpool8; C:\Program Files\Common Files\Nitro\Pro\8.0\NitroPDFDriverService8x64.exe [230408 2012-12-13] (Nitro PDF Software)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [16056 2014-03-29] (Microsoft Corporation)
==================== Drivers (Whitelisted) ====================
R3 bcbtums; C:\Windows\system32\drivers\bcbtums.sys [169240 2012-10-02] (Broadcom Corporation.)
R3 BCM43XX; C:\Windows\system32\DRIVERS\bcmwl63a.sys [6824520 2012-07-10] (Broadcom Corporation)
R3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [202752 2012-07-26] (Microsoft Corporation)
R3 cfwids; C:\Windows\System32\drivers\cfwids.sys [70112 2013-09-24] (McAfee, Inc.)
S3 HipShieldK; C:\Windows\System32\drivers\HipShieldK.sys [197704 2013-09-23] (McAfee, Inc.)
R3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [122584 2014-06-26] (Malwarebytes Corporation)
R3 mfeapfk; C:\Windows\System32\drivers\mfeapfk.sys [179664 2013-09-24] (McAfee, Inc.)
R3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [310224 2013-09-24] (McAfee, Inc.)
S0 mfeelamk; C:\Windows\System32\drivers\mfeelamk.sys [69264 2013-09-24] (McAfee, Inc.)
R3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [519192 2013-09-24] (McAfee, Inc.)
R0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [781312 2013-09-24] (McAfee, Inc.)
R3 mfencbdc; C:\Windows\system32\DRIVERS\mfencbdc.sys [390552 2013-09-20] (McAfee, Inc.)
S3 mfencrk; C:\Windows\system32\DRIVERS\mfencrk.sys [95984 2013-09-20] (McAfee, Inc.)
R0 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [343568 2013-09-24] (McAfee, Inc.)
R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [43832 2012-08-27] (Synaptics Incorporated)
R3 vm331avs; C:\Windows\System32\Drivers\vm331avs.sys [975104 2012-08-24] (Vimicro Corporation)
S3 wsvd; C:\Windows\system32\DRIVERS\wsvd.sys [102376 2012-06-13] ("CyberLink)
S3 EagleX64; \??\C:\WINDOWS\system32\drivers\EagleX64.sys [X]
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2014-06-26 21:06 - 2014-06-26 21:06 - 00000000 ____D () C:\Users\Nerea\Downloads\FRST-OlderVersion
2014-06-26 20:46 - 2014-06-26 20:46 - 00000956 _____ () C:\Users\Nerea\Desktop\JRT.txt
2014-06-26 20:40 - 2014-06-26 20:40 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee
2014-06-26 20:34 - 2014-06-26 20:34 - 01016261 _____ (Thisisu) C:\Users\Nerea\Downloads\JRT.exe
2014-06-26 20:34 - 2014-06-26 20:34 - 00000000 ____D () C:\WINDOWS\ERUNT
2014-06-26 20:27 - 2014-06-26 20:29 - 00000000 ____D () C:\AdwCleaner
2014-06-26 20:27 - 2014-06-26 20:27 - 01342659 _____ () C:\Users\Nerea\Downloads\adwcleaner_3.213.exe
2014-06-26 20:26 - 2014-06-26 20:26 - 00016008 _____ () C:\mbam.txt
2014-06-26 16:20 - 2014-06-26 21:02 - 00122584 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2014-06-26 16:20 - 2014-06-26 21:02 - 00001113 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-06-26 16:20 - 2014-06-26 21:02 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-06-26 16:20 - 2014-06-26 21:02 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-06-26 16:20 - 2014-06-26 16:20 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-06-26 16:20 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2014-06-26 16:20 - 2014-05-12 07:26 - 00064216 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys
2014-06-26 16:20 - 2014-05-12 07:25 - 00025816 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys
2014-06-26 16:08 - 2014-06-26 16:08 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\Nerea\Downloads\revosetup95.exe
2014-06-26 16:08 - 2014-06-26 16:08 - 00001275 _____ () C:\Users\Nerea\Desktop\Revo Uninstaller.lnk
2014-06-26 16:08 - 2014-06-26 16:08 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group
2014-06-26 16:06 - 2014-06-26 16:07 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Nerea\Downloads\mbam-setup-2.0.2.1012.exe
2014-06-26 15:22 - 2014-06-26 15:22 - 00961360 _____ (Chip Digital GmbH) C:\Users\Nerea\Downloads\Slender The Eight Pages - CHIP-Installer.exe
2014-06-16 14:51 - 2014-06-16 14:51 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee Security Scan Plus
2014-06-16 14:51 - 2014-06-16 14:51 - 00000000 ____D () C:\Program Files\McAfee Security Scan
2014-06-14 00:19 - 2014-06-14 00:19 - 00002123 _____ () C:\Users\Public\Desktop\Spiel Grim Tales - Das Vermaechtnis.lnk
2014-06-14 00:19 - 2014-06-14 00:19 - 00001288 _____ () C:\Users\Public\Desktop\Weitere fantastische Spiele.lnk
2014-06-14 00:18 - 2014-06-14 00:19 - 00000000 ____D () C:\Program Files (x86)\Grim Tales - Das Vermaechtnis
2014-06-14 00:18 - 2014-06-14 00:18 - 00000000 ____D () C:\Users\Nerea\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Grim Tales - Das Vermaechtnis
2014-06-14 00:18 - 2014-06-14 00:18 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Grim Tales - Das Vermaechtnis
2014-06-12 23:15 - 2014-06-12 23:15 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-06-11 22:29 - 2014-05-24 04:48 - 00051712 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2014-06-11 22:29 - 2014-05-24 04:47 - 02239488 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2014-06-11 22:29 - 2014-05-24 04:47 - 01366016 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2014-06-11 22:29 - 2014-05-24 04:47 - 00915968 _____ (Microsoft Corporation) C:\WINDOWS\system32\uxtheme.dll
2014-06-11 22:29 - 2014-05-24 04:47 - 00053760 _____ (Microsoft Corporation) C:\WINDOWS\system32\UXInit.dll
2014-06-11 22:29 - 2014-05-24 04:46 - 19290112 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2014-06-11 22:29 - 2014-05-24 04:46 - 15368704 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2014-06-11 22:29 - 2014-05-24 04:46 - 00855552 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2014-06-11 22:29 - 2014-05-24 04:46 - 00603136 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2014-06-11 22:29 - 2014-05-24 04:46 - 00197120 _____ (Microsoft Corporation) C:\WINDOWS\system32\msrating.dll
2014-06-11 22:29 - 2014-05-24 04:46 - 00136704 _____ (Microsoft Corporation) C:\WINDOWS\system32\iesysprep.dll
2014-06-11 22:29 - 2014-05-24 04:46 - 00097792 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
2014-06-11 22:29 - 2014-05-24 04:46 - 00067072 _____ (Microsoft Corporation) C:\WINDOWS\system32\iesetup.dll
2014-06-11 22:29 - 2014-05-24 04:46 - 00053760 _____ (Microsoft Corporation) C:\WINDOWS\system32\jsproxy.dll
2014-06-11 22:29 - 2014-05-24 04:46 - 00039936 _____ (Microsoft Corporation) C:\WINDOWS\system32\iernonce.dll
2014-06-11 22:29 - 2014-05-24 04:45 - 01508864 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2014-06-11 22:29 - 2014-05-24 04:45 - 00452096 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtmsft.dll
2014-06-11 22:29 - 2014-05-24 04:45 - 00281600 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtrans.dll
2014-06-11 22:29 - 2014-05-24 03:26 - 01766400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2014-06-11 22:29 - 2014-05-24 03:26 - 01141248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2014-06-11 22:29 - 2014-05-24 03:26 - 00493056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2014-06-11 22:29 - 2014-05-24 03:26 - 00163840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msrating.dll
2014-06-11 22:29 - 2014-05-24 03:26 - 00044032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UXInit.dll
2014-06-11 22:29 - 2014-05-24 03:25 - 13731328 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2014-06-11 22:29 - 2014-05-24 03:25 - 01440768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2014-06-11 22:29 - 2014-05-24 03:25 - 00357888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtmsft.dll
2014-06-11 22:29 - 2014-05-24 03:25 - 00226816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtrans.dll
2014-06-11 22:29 - 2014-05-24 03:25 - 00109056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iesysprep.dll
2014-06-11 22:29 - 2014-05-24 03:25 - 00061440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iesetup.dll
2014-06-11 22:29 - 2014-05-24 03:25 - 00039936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jsproxy.dll
2014-06-11 22:29 - 2014-05-24 03:25 - 00033280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iernonce.dll
2014-06-11 22:29 - 2014-05-24 03:09 - 02706432 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.tlb
2014-06-11 22:29 - 2014-05-24 03:03 - 02706432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.tlb
2014-06-11 22:29 - 2014-05-24 00:37 - 00534528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\uxtheme.dll
2014-06-11 22:29 - 2014-05-03 07:47 - 03246592 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpcorets.dll
2014-06-11 22:29 - 2014-05-03 05:34 - 00235520 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpudd.dll
2014-06-11 22:29 - 2014-04-30 00:32 - 01301504 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32.dll
2014-06-11 22:29 - 2014-04-30 00:22 - 01023488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32.dll
2014-06-11 22:29 - 2014-04-03 13:19 - 00328024 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\Classpnp.sys
2014-06-11 22:29 - 2014-04-03 05:44 - 00619008 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srv2.sys
2014-06-11 22:29 - 2014-04-01 00:08 - 00387268 _____ () C:\WINDOWS\system32\ApnDatabase.xml
2014-06-11 22:29 - 2014-03-25 01:42 - 00305152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wusa.exe
2014-06-11 22:29 - 2014-03-25 00:56 - 00309760 _____ (Microsoft Corporation) C:\WINDOWS\system32\wusa.exe
2014-06-11 22:28 - 2014-05-24 04:46 - 03958784 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2014-06-11 22:28 - 2014-05-24 04:46 - 02650112 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2014-06-11 22:28 - 2014-05-24 03:26 - 14365696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2014-06-11 22:28 - 2014-05-24 03:26 - 00080896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtmled.dll
2014-06-11 22:28 - 2014-05-24 03:25 - 02862080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2014-06-11 22:28 - 2014-05-24 03:25 - 02050560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2014-06-11 22:28 - 2014-05-24 03:25 - 00690688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2014-06-11 22:26 - 2014-04-03 13:22 - 02233176 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys
2014-06-11 22:26 - 2014-03-07 02:47 - 01419264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml3.dll
2014-06-11 22:26 - 2014-03-07 02:08 - 01845760 _____ (Microsoft Corporation) C:\WINDOWS\system32\msxml3.dll
2014-06-10 21:43 - 2014-06-10 21:43 - 00002162 _____ () C:\Users\Public\Desktop\Spiel Grim Tales - Gefaehrliche Wuensche.lnk
2014-06-10 21:42 - 2014-06-10 21:43 - 00000000 ____D () C:\Program Files (x86)\Grim Tales - Gefaehrliche Wuensche
2014-06-10 21:42 - 2014-06-10 21:42 - 00000000 ____D () C:\Users\Nerea\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Grim Tales - Gefaehrliche Wuensche
2014-06-10 21:42 - 2014-06-10 21:42 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Grim Tales - Gefaehrliche Wuensche
2014-06-07 23:42 - 2014-06-07 23:42 - 00002206 _____ () C:\Users\Public\Desktop\Spiel Redemption Cemetery - Bitterer Frost.lnk
2014-06-07 23:39 - 2014-06-07 23:42 - 00000000 ____D () C:\Program Files (x86)\Redemption Cemetery - Bitterer Frost
2014-06-07 23:39 - 2014-06-07 23:39 - 00000000 ____D () C:\Users\Nerea\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Redemption Cemetery - Bitterer Frost
2014-06-07 23:39 - 2014-06-07 23:39 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Redemption Cemetery - Bitterer Frost
2014-06-07 02:10 - 2014-06-07 02:10 - 00000000 ____D () C:\Users\Nerea\AppData\Roaming\BlamGames
2014-06-07 02:03 - 2014-06-07 02:03 - 00002155 _____ () C:\Users\Public\Desktop\Spiel Punished Talents - Sieben Musen.lnk
2014-06-07 01:57 - 2014-06-07 02:03 - 00000000 ____D () C:\Program Files (x86)\Punished Talents - Sieben Musen
2014-06-07 01:57 - 2014-06-07 01:57 - 00000000 ____D () C:\Users\Nerea\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Punished Talents - Sieben Musen
2014-06-07 01:57 - 2014-06-07 01:57 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Punished Talents - Sieben Musen
2014-06-06 20:48 - 2014-06-14 01:06 - 00000000 ____D () C:\ProgramData\Elephant Games
2014-06-06 19:14 - 2014-06-06 19:14 - 00000000 ____D () C:\Users\Nerea\AppData\Roaming\VendelGAMES
2014-06-04 18:42 - 2014-06-04 18:42 - 00237568 _____ (Big Fish Games) C:\Users\Nerea\Downloads\prinzessin-isabella-die-rueckkehr-des-fluches_s2_l2_gF6294T1L2_d2313998984.exe
2014-06-03 21:06 - 2014-06-03 21:06 - 00000000 ____D () C:\Users\Nerea\AppData\Roaming\Awem
2014-06-01 21:32 - 2014-06-01 21:32 - 00000000 ____D () C:\Users\Nerea\AppData\Roaming\Eipix
2014-06-01 20:28 - 2014-06-01 20:28 - 00000000 ____D () C:\Users\Nerea\AppData\Roaming\EleFun Games
2014-05-31 16:51 - 2014-05-31 16:51 - 00000000 ____D () C:\Users\Nerea\AppData\Roaming\Deep Shadows
2014-05-29 17:26 - 2014-05-29 17:26 - 00001794 _____ () C:\Users\Public\Desktop\iTunes.lnk
2014-05-29 17:26 - 2014-05-29 17:26 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2014-05-29 17:25 - 2014-05-29 17:26 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2014-05-29 17:25 - 2014-05-29 17:26 - 00000000 ____D () C:\Program Files\iTunes
2014-05-29 17:25 - 2014-05-29 17:26 - 00000000 ____D () C:\Program Files (x86)\iTunes
2014-05-29 17:25 - 2014-05-29 17:25 - 00000000 ____D () C:\Program Files\iPod
2014-05-28 21:29 - 2014-05-28 21:51 - 00000000 ____D () C:\Users\Nerea\Documents\Excel
==================== One Month Modified Files and Folders =======
2014-06-26 21:06 - 2014-06-26 21:06 - 00000000 ____D () C:\Users\Nerea\Downloads\FRST-OlderVersion
2014-06-26 21:06 - 2014-03-29 16:52 - 00018907 _____ () C:\Users\Nerea\Downloads\FRST.txt
2014-06-26 21:06 - 2014-03-29 16:52 - 00000000 ____D () C:\FRST
2014-06-26 21:06 - 2014-03-29 16:51 - 02082816 _____ (Farbar) C:\Users\Nerea\Downloads\FRST64.exe
2014-06-26 21:05 - 2013-09-12 15:35 - 00000000 ____D () C:\Users\Nerea\AppData\Roaming\Spotify
2014-06-26 21:02 - 2014-06-26 16:20 - 00122584 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2014-06-26 21:02 - 2014-06-26 16:20 - 00001113 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-06-26 21:02 - 2014-06-26 16:20 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-06-26 21:02 - 2014-06-26 16:20 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-06-26 21:00 - 2012-07-26 10:12 - 00000000 ____D () C:\WINDOWS\system32\sru
2014-06-26 20:51 - 2013-04-06 23:33 - 01238534 _____ () C:\WINDOWS\WindowsUpdate.log
2014-06-26 20:48 - 2013-09-04 19:09 - 00000884 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2014-06-26 20:46 - 2014-06-26 20:46 - 00000956 _____ () C:\Users\Nerea\Desktop\JRT.txt
2014-06-26 20:40 - 2014-06-26 20:40 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee
2014-06-26 20:40 - 2013-04-07 00:31 - 00001855 _____ () C:\Users\Public\Desktop\McAfee Internet Security.lnk
2014-06-26 20:34 - 2014-06-26 20:34 - 01016261 _____ (Thisisu) C:\Users\Nerea\Downloads\JRT.exe
2014-06-26 20:34 - 2014-06-26 20:34 - 00000000 ____D () C:\WINDOWS\ERUNT
2014-06-26 20:33 - 2013-04-07 00:28 - 00000000 ____D () C:\WINDOWS\System32\Tasks\Lenovo
2014-06-26 20:30 - 2012-10-10 01:08 - 00042522 _____ () C:\WINDOWS\PFRO.log
2014-06-26 20:30 - 2012-07-26 09:22 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2014-06-26 20:30 - 2012-07-26 07:26 - 00262144 ___SH () C:\WINDOWS\system32\config\ELAM
2014-06-26 20:29 - 2014-06-26 20:27 - 00000000 ____D () C:\AdwCleaner
2014-06-26 20:29 - 2013-10-29 22:19 - 00001090 _____ () C:\Users\Nerea\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Search.lnk
2014-06-26 20:29 - 2012-07-26 07:26 - 00262144 ___SH () C:\WINDOWS\system32\config\BBI
2014-06-26 20:27 - 2014-06-26 20:27 - 01342659 _____ () C:\Users\Nerea\Downloads\adwcleaner_3.213.exe
2014-06-26 20:26 - 2014-06-26 20:26 - 00016008 _____ () C:\mbam.txt
2014-06-26 16:20 - 2014-06-26 16:20 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-06-26 16:08 - 2014-06-26 16:08 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\Nerea\Downloads\revosetup95.exe
2014-06-26 16:08 - 2014-06-26 16:08 - 00001275 _____ () C:\Users\Nerea\Desktop\Revo Uninstaller.lnk
2014-06-26 16:08 - 2014-06-26 16:08 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group
2014-06-26 16:07 - 2014-06-26 16:06 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Nerea\Downloads\mbam-setup-2.0.2.1012.exe
2014-06-26 15:22 - 2014-06-26 15:22 - 00961360 _____ (Chip Digital GmbH) C:\Users\Nerea\Downloads\Slender The Eight Pages - CHIP-Installer.exe
2014-06-26 15:18 - 2013-09-12 15:35 - 00000000 ____D () C:\Users\Nerea\AppData\Local\Spotify
2014-06-25 00:13 - 2013-09-08 12:07 - 00000946 _____ () C:\WINDOWS\Tasks\FacebookUpdateTaskUserS-1-5-21-1495532002-145744468-2854867227-1002UA.job
2014-06-22 22:21 - 2012-07-26 10:12 - 00000000 ____D () C:\WINDOWS\AUInstallAgent
2014-06-22 12:12 - 2013-09-08 12:07 - 00000924 _____ () C:\WINDOWS\Tasks\FacebookUpdateTaskUserS-1-5-21-1495532002-145744468-2854867227-1002Core.job
2014-06-21 19:27 - 2013-09-09 23:12 - 00000000 ____D () C:\Program Files\Microsoft Office 15
2014-06-17 01:22 - 2013-09-01 18:08 - 00000000 ____D () C:\Users\Nerea\AppData\Local\Packages
2014-06-16 16:45 - 2012-07-26 10:12 - 00000000 ____D () C:\WINDOWS\rescache
2014-06-16 14:51 - 2014-06-16 14:51 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee Security Scan Plus
2014-06-16 14:51 - 2014-06-16 14:51 - 00000000 ____D () C:\Program Files\McAfee Security Scan
2014-06-16 14:51 - 2013-09-04 19:09 - 00001942 _____ () C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk
2014-06-16 14:51 - 2013-09-04 19:09 - 00000000 ____D () C:\ProgramData\McAfee Security Scan
2014-06-16 08:20 - 2013-09-04 14:08 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-06-14 21:34 - 2013-09-04 13:23 - 95414520 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2014-06-14 21:34 - 2013-09-04 13:23 - 00000000 ____D () C:\WINDOWS\system32\MRT
2014-06-14 01:39 - 2013-04-07 00:23 - 00000000 ____D () C:\ProgramData\Temp
2014-06-14 01:06 - 2014-06-06 20:48 - 00000000 ____D () C:\ProgramData\Elephant Games
2014-06-14 01:06 - 2014-02-23 20:12 - 00000000 ____D () C:\Users\Nerea\AppData\Roaming\Elephant Games
2014-06-14 00:19 - 2014-06-14 00:19 - 00002123 _____ () C:\Users\Public\Desktop\Spiel Grim Tales - Das Vermaechtnis.lnk
2014-06-14 00:19 - 2014-06-14 00:19 - 00001288 _____ () C:\Users\Public\Desktop\Weitere fantastische Spiele.lnk
2014-06-14 00:19 - 2014-06-14 00:18 - 00000000 ____D () C:\Program Files (x86)\Grim Tales - Das Vermaechtnis
2014-06-14 00:18 - 2014-06-14 00:18 - 00000000 ____D () C:\Users\Nerea\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Grim Tales - Das Vermaechtnis
2014-06-14 00:18 - 2014-06-14 00:18 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Grim Tales - Das Vermaechtnis
2014-06-14 00:18 - 2013-09-15 13:51 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2014-06-12 23:15 - 2014-06-12 23:15 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-06-12 23:02 - 2012-07-26 09:59 - 00000000 ____D () C:\WINDOWS\CbsTemp
2014-06-10 21:43 - 2014-06-10 21:43 - 00002162 _____ () C:\Users\Public\Desktop\Spiel Grim Tales - Gefaehrliche Wuensche.lnk
2014-06-10 21:43 - 2014-06-10 21:42 - 00000000 ____D () C:\Program Files (x86)\Grim Tales - Gefaehrliche Wuensche
2014-06-10 21:42 - 2014-06-10 21:42 - 00000000 ____D () C:\Users\Nerea\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Grim Tales - Gefaehrliche Wuensche
2014-06-10 21:42 - 2014-06-10 21:42 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Grim Tales - Gefaehrliche Wuensche
2014-06-07 23:44 - 2013-09-18 01:29 - 00000000 ____D () C:\Users\Nerea\AppData\Roaming\ERS Game Studios
2014-06-07 23:42 - 2014-06-07 23:42 - 00002206 _____ () C:\Users\Public\Desktop\Spiel Redemption Cemetery - Bitterer Frost.lnk
2014-06-07 23:42 - 2014-06-07 23:39 - 00000000 ____D () C:\Program Files (x86)\Redemption Cemetery - Bitterer Frost
2014-06-07 23:39 - 2014-06-07 23:39 - 00000000 ____D () C:\Users\Nerea\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Redemption Cemetery - Bitterer Frost
2014-06-07 23:39 - 2014-06-07 23:39 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Redemption Cemetery - Bitterer Frost
2014-06-07 12:56 - 2013-10-23 19:34 - 00000000 ____D () C:\Users\Nerea\Documents\EWA
2014-06-07 02:10 - 2014-06-07 02:10 - 00000000 ____D () C:\Users\Nerea\AppData\Roaming\BlamGames
2014-06-07 02:03 - 2014-06-07 02:03 - 00002155 _____ () C:\Users\Public\Desktop\Spiel Punished Talents - Sieben Musen.lnk
2014-06-07 02:03 - 2014-06-07 01:57 - 00000000 ____D () C:\Program Files (x86)\Punished Talents - Sieben Musen
2014-06-07 01:57 - 2014-06-07 01:57 - 00000000 ____D () C:\Users\Nerea\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Punished Talents - Sieben Musen
2014-06-07 01:57 - 2014-06-07 01:57 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Punished Talents - Sieben Musen
2014-06-07 00:23 - 2013-09-15 22:47 - 00000000 ____D () C:\Users\Nerea\Downloads\Gameforge Live
2014-06-07 00:16 - 2013-09-15 22:46 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Gameforge Live
2014-06-07 00:16 - 2013-09-15 22:46 - 00000000 ____D () C:\Program Files (x86)\GameforgeLive
2014-06-06 20:18 - 2013-09-01 18:29 - 00003598 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1495532002-145744468-2854867227-1002
2014-06-06 19:14 - 2014-06-06 19:14 - 00000000 ____D () C:\Users\Nerea\AppData\Roaming\VendelGAMES
2014-06-04 18:42 - 2014-06-04 18:42 - 00237568 _____ (Big Fish Games) C:\Users\Nerea\Downloads\prinzessin-isabella-die-rueckkehr-des-fluches_s2_l2_gF6294T1L2_d2313998984.exe
2014-06-03 21:06 - 2014-06-03 21:06 - 00000000 ____D () C:\Users\Nerea\AppData\Roaming\Awem
2014-06-01 21:32 - 2014-06-01 21:32 - 00000000 ____D () C:\Users\Nerea\AppData\Roaming\Eipix
2014-06-01 20:28 - 2014-06-01 20:28 - 00000000 ____D () C:\Users\Nerea\AppData\Roaming\EleFun Games
2014-05-31 16:51 - 2014-05-31 16:51 - 00000000 ____D () C:\Users\Nerea\AppData\Roaming\Deep Shadows
2014-05-31 07:16 - 2014-05-22 18:01 - 00703992 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2014-05-31 07:16 - 2014-05-22 18:01 - 00105464 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2014-05-29 17:26 - 2014-05-29 17:26 - 00001794 _____ () C:\Users\Public\Desktop\iTunes.lnk
2014-05-29 17:26 - 2014-05-29 17:26 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2014-05-29 17:26 - 2014-05-29 17:25 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2014-05-29 17:26 - 2014-05-29 17:25 - 00000000 ____D () C:\Program Files\iTunes
2014-05-29 17:26 - 2014-05-29 17:25 - 00000000 ____D () C:\Program Files (x86)\iTunes
2014-05-29 17:25 - 2014-05-29 17:25 - 00000000 ____D () C:\Program Files\iPod
2014-05-28 21:51 - 2014-05-28 21:29 - 00000000 ____D () C:\Users\Nerea\Documents\Excel
Files to move or delete:
====================
C:\ProgramData\Lenovo-7691.vbs
Some content of TEMP:
====================
C:\Users\Nerea\AppData\Local\Temp\bfguni.exe
C:\Users\Nerea\AppData\Local\Temp\cy7wrm7l.dll
C:\Users\Nerea\AppData\Local\Temp\OfficeSetup.exe
C:\Users\Nerea\AppData\Local\Temp\Quarantine.exe
C:\Users\Nerea\AppData\Local\Temp\rtenldrz.dll
C:\Users\Nerea\AppData\Local\Temp\tempmessage.bfg
==================== Bamital & volsnap Check =================
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2014-06-17 13:34
==================== End Of Log ============================ --- --- ---
Vielen Dank schon mal und sorry noch mal!!
LG,
Nerenina |