Thesaurus | 12.10.2014 22:06 | Hallo Schrauber,
nach dem Restart der von AdwCleaner durchgeführt wurde hat Malwarebytes Anti-Malware einen Trojaner.download.gen gefunden.
Deswegen zwei Protokolle... eines vorher, ohne Fund und eines danach. Code:
Malwarebytes Anti-Malware
www.malwarebytes.org
Suchlauf Datum: 12.10.2014
Suchlauf-Zeit: 20:48:07
Logdatei: MBAM.txt
Administrator: Ja
Version: 2.00.2.1012
Malware Datenbank: v2014.10.12.07
Rootkit Datenbank: v2014.10.11.01
Lizenz: Testversion
Malware Schutz: Aktiviert
Bösartiger Webseiten Schutz: Aktiviert
Self-protection: Deaktiviert
Betriebssystem: Windows 7 Service Pack 1
CPU: x64
Dateisystem: NTFS
Benutzer: diane
Suchlauf-Art: Bedrohungs-Suchlauf
Ergebnis: Abgeschlossen
Durchsuchte Objekte: 315693
Verstrichene Zeit: 9 Min, 46 Sek
Speicher: Aktiviert
Autostart: Aktiviert
Dateisystem: Aktiviert
Archive: Aktiviert
Rootkits: Deaktiviert
Heuristics: Aktiviert
PUP: Aktiviert
PUM: Aktiviert
Prozesse: 0
(No malicious items detected)
Module: 0
(No malicious items detected)
Registrierungsschlüssel: 0
(No malicious items detected)
Registrierungswerte: 0
(No malicious items detected)
Registrierungsdaten: 0
(No malicious items detected)
Ordner: 0
(No malicious items detected)
Dateien: 0
(No malicious items detected)
Physische Sektoren: 0
(No malicious items detected)
(end) Code:
Malwarebytes Anti-Malware
www.malwarebytes.org
Protection, 12.10.2014 20:46:26, SYSTEM, NB-DIANE, Protection, Malware Protection, Starting,
Protection, 12.10.2014 20:46:26, SYSTEM, NB-DIANE, Protection, Malware Protection, Started,
Protection, 12.10.2014 20:46:26, SYSTEM, NB-DIANE, Protection, Malicious Website Protection, Starting,
Update, 12.10.2014 20:46:43, SYSTEM, NB-DIANE, Manual, Rootkit Database, 2014.2.20.1, 2014.10.11.1,
Update, 12.10.2014 20:46:54, SYSTEM, NB-DIANE, Manual, Malware Database, 2014.3.4.9, 2014.10.12.7,
Protection, 12.10.2014 20:46:56, SYSTEM, NB-DIANE, Protection, Refresh, Starting,
Protection, 12.10.2014 20:47:00, SYSTEM, NB-DIANE, Protection, Malicious Website Protection, Started,
Protection, 12.10.2014 20:47:00, SYSTEM, NB-DIANE, Protection, Malicious Website Protection, Stopping,
Protection, 12.10.2014 20:47:00, SYSTEM, NB-DIANE, Protection, Malicious Website Protection, Stopped,
Protection, 12.10.2014 20:47:05, SYSTEM, NB-DIANE, Protection, Refresh, Success,
Protection, 12.10.2014 20:47:05, SYSTEM, NB-DIANE, Protection, Malicious Website Protection, Starting,
Protection, 12.10.2014 20:47:06, SYSTEM, NB-DIANE, Protection, Malicious Website Protection, Started,
Protection, 12.10.2014 21:03:38, SYSTEM, NB-DIANE, Protection, Malware Protection, Starting,
Protection, 12.10.2014 21:03:38, SYSTEM, NB-DIANE, Protection, Malware Protection, Started,
Protection, 12.10.2014 21:03:38, SYSTEM, NB-DIANE, Protection, Malicious Website Protection, Starting,
Protection, 12.10.2014 21:04:35, SYSTEM, NB-DIANE, Protection, Malicious Website Protection, Started,
Detection, 12.10.2014 21:05:22, SYSTEM, NB-DIANE, Protection, Malware Protection, File, Trojan.Downloader.Gen, C:\Users\diane\AppData\Local\Temp\iwiehpcjct.pre, Quarantine, [d502b0638def67cf025cd77d23e00ef2]
Protection, 12.10.2014 21:23:24, SYSTEM, NB-DIANE, Protection, Malicious Website Protection, Stopping,
Protection, 12.10.2014 21:23:24, SYSTEM, NB-DIANE, Protection, Malicious Website Protection, Stopped,
Protection, 12.10.2014 21:23:24, SYSTEM, NB-DIANE, Protection, Malware Protection, Stopping,
Protection, 12.10.2014 21:23:24, SYSTEM, NB-DIANE, Protection, Malware Protection, Stopped,
Protection, 12.10.2014 21:36:12, SYSTEM, NB-DIANE, Protection, Malware Protection, Starting,
Protection, 12.10.2014 21:36:12, SYSTEM, NB-DIANE, Protection, Malware Protection, Started,
Protection, 12.10.2014 21:36:12, SYSTEM, NB-DIANE, Protection, Malicious Website Protection, Starting,
Protection, 12.10.2014 21:36:13, SYSTEM, NB-DIANE, Protection, Malicious Website Protection, Started,
(end) Code:
# AdwCleaner v3.311 - Bericht erstellt am 12/10/2014 um 21:02:02
# Aktualisiert 30/09/2014 von Xplode
# Betriebssystem : Windows 7 Professional Service Pack 1 (64 bits)
# Benutzername : diane - NB-DIANE
# Gestartet von : C:\Users\diane\Desktop\AdwCleaner_3.311.exe
# Option : Löschen
***** [ Dienste ] *****
***** [ Dateien / Ordner ] *****
Datei Gelöscht : C:\Users\diane\AppData\Roaming\Mozilla\Firefox\Profiles\q2yriy2z.default\user.js
***** [ Tasks ] *****
***** [ Verknüpfungen ] *****
***** [ Registrierungsdatenbank ] *****
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{4250488A-CB24-0893-C066-B1AEA57BCFF2}
***** [ Browser ] *****
-\\ Internet Explorer v11.0.9600.17280
-\\ Mozilla Firefox v32.0.3 (x86 de)
[ Datei : C:\Users\diane\AppData\Roaming\Mozilla\Firefox\Profiles\q2yriy2z.default\prefs.js ]
-\\ Google Chrome v37.0.2062.124
[ Datei : C:\Users\diane\AppData\Local\Google\Chrome\User Data\Default\preferences ]
*************************
AdwCleaner[R0].txt - [1205 octets] - [12/10/2014 21:00:29]
AdwCleaner[S0].txt - [1122 octets] - [12/10/2014 21:02:02]
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [1182 octets] ########## Code:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.3.2 (10.09.2014:1)
OS: Windows 7 Professional x64
Ran by diane on 12.10.2014 at 21:23:49,39
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~ Services
~~~ Registry Values
~~~ Registry Keys
~~~ Files
Successfully deleted: [File] "C:\Windows\wininit.ini"
~~~ Folders
~~~ FireFox
Emptied folder: C:\Users\diane\AppData\Roaming\mozilla\firefox\profiles\q2yriy2z.default\minidumps [18 files]
~~~ Event Viewer Logs were cleared
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 12.10.2014 at 21:27:28,76
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
FRST Logfile:
FRST Logfile: Code:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 12-10-2014
Ran by diane (administrator) on NB-DIANE on 12-10-2014 21:30:32
Running from C:\Users\diane\Downloads
Loaded Profile: diane (Available profiles: diane)
Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1331288 2014-08-22] (Microsoft Corporation)
HKLM-x32\...\Run: [] => [X]
HKU\S-1-5-21-2748120554-2483438233-3915823188-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [6482200 2014-09-26] (Piriform Ltd)
HKU\S-1-5-21-2748120554-2483438233-3915823188-1000\...\Run: [mkwjkona] => C:\Users\diane\AppData\Local\Ulvfmkllu\elgbheikona.exe [80384 2014-10-10] ()
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x69D9897BAF60CF01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://global.acer.com
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&s=2&o=vp32&d=0809&m=aspire_5738
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM - {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW
SearchScopes: HKCU - {02F990CF-921F-4607-A87E-212A9B80619F} URL = https://www.google.com/search?q={searchTerms}
SearchScopes: HKCU - {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1
FireFox:
========
FF ProfilePath: C:\Users\diane\AppData\Roaming\Mozilla\Firefox\Profiles\q2yriy2z.default
FF Homepage: www.google.de
FF NetworkProxy: "type", 4
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_152.dll ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_152.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @java.com/DTPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\NPOFFICE.DLL (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin6.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin7.dll (Apple Inc.)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: Avira Browser Safety - C:\Users\diane\AppData\Roaming\Mozilla\Firefox\Profiles\q2yriy2z.default\Extensions\abs@avira.com [2014-10-01]
FF Extension: FRITZ!Box AddOn - C:\Users\diane\AppData\Roaming\Mozilla\Firefox\Profiles\q2yriy2z.default\Extensions\fb_add_on@avm.de [2012-05-15]
FF Extension: iCloud Bookmarks - C:\Users\diane\AppData\Roaming\Mozilla\Firefox\Profiles\q2yriy2z.default\Extensions\firefoxdav@icloud.com [2014-04-27]
FF Extension: Microsoft .NET Framework Assistant - C:\Users\diane\AppData\Roaming\Mozilla\Firefox\Profiles\q2yriy2z.default\Extensions\{20a82645-c095-46ed-80e3-08825760534b} [2011-03-02]
FF Extension: Flashblock - C:\Users\diane\AppData\Roaming\Mozilla\Firefox\Profiles\q2yriy2z.default\Extensions\{3d7eb24f-2740-49df-8937-200b1cc08f8a} [2014-04-27]
FF Extension: YouTube to MP3 - C:\Users\diane\AppData\Roaming\Mozilla\Firefox\Profiles\q2yriy2z.default\Extensions\youtube2mp3@mondayx.de.xpi [2011-11-08]
FF Extension: Adblock Plus - C:\Users\diane\AppData\Roaming\Mozilla\Firefox\Profiles\q2yriy2z.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2011-05-31]
FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} [2014-09-20]
Chrome:
=======
CHR Profile: C:\Users\diane\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Angry Birds) - C:\Users\diane\AppData\Local\Google\Chrome\User Data\Default\Extensions\aknpkdffaafgjchaibgeefbgmgeghloj [2014-05-29]
CHR Extension: (Google Docs) - C:\Users\diane\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-04-25]
CHR Extension: (Google Drive) - C:\Users\diane\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-04-25]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\diane\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-09-11]
CHR Extension: (YouTube) - C:\Users\diane\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-04-25]
CHR Extension: (Google-Suche) - C:\Users\diane\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-04-25]
CHR Extension: (Google Wallet) - C:\Users\diane\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-04-25]
CHR Extension: (Google Mail) - C:\Users\diane\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-04-25]
==================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2428088 2014-08-12] (Microsoft Corporation)
S2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1809720 2014-05-12] (Malwarebytes Corporation)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [860472 2014-05-12] (Malwarebytes Corporation)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23784 2014-08-22] (Microsoft Corporation)
S3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [368624 2014-08-22] (Microsoft Corporation)
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R0 74056961; C:\Windows\System32\DRIVERS\74056961.sys [458336 2014-10-09] (Kaspersky Lab ZAO)
S3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-05-12] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-05-12] (Malwarebytes Corporation)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [269008 2014-07-17] (Microsoft Corporation)
S3 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [125584 2014-07-17] (Microsoft Corporation)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 GDPkIcpt; \??\C:\Windows\system32\drivers\PktIcpt.sys [X]
S3 lmimirr; system32\DRIVERS\lmimirr.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-10-12 21:30 - 2014-10-12 21:30 - 02110464 _____ (Farbar) C:\Users\diane\Downloads\FRST64.exe
2014-10-12 21:30 - 2014-10-12 21:30 - 00012278 _____ () C:\Users\diane\Downloads\FRST.txt
2014-10-12 21:27 - 2014-10-12 21:27 - 00000814 _____ () C:\Users\diane\Desktop\JRT.txt
2014-10-12 21:23 - 2014-10-12 21:23 - 00000000 ____D () C:\Windows\ERUNT
2014-10-12 21:05 - 2014-10-12 21:05 - 00001266 _____ () C:\Users\diane\Desktop\AdwCleaner[S0].txt
2014-10-12 21:00 - 2014-10-12 21:02 - 00000000 ____D () C:\AdwCleaner
2014-10-12 20:58 - 2014-10-12 20:58 - 00001156 _____ () C:\Users\diane\Desktop\MBAM.txt
2014-10-12 20:46 - 2014-10-12 21:04 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-10-12 20:46 - 2014-10-12 20:46 - 00001106 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-10-12 20:46 - 2014-10-12 20:46 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-10-12 20:46 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-10-12 20:46 - 2014-05-12 07:26 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-10-12 20:46 - 2014-05-12 07:25 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-10-12 20:44 - 2014-10-12 20:44 - 01705755 _____ (Thisisu) C:\Users\diane\Desktop\JRT.exe
2014-10-12 20:44 - 2014-10-12 20:44 - 01375089 _____ () C:\Users\diane\Desktop\AdwCleaner_3.311.exe
2014-10-12 20:43 - 2014-10-12 20:44 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\diane\Downloads\mbam-setup-2.0.2.1012.exe
2014-10-11 17:26 - 2014-10-11 17:26 - 00026462 _____ () C:\ComboFix.txt
2014-10-11 17:08 - 2014-10-12 21:03 - 00006314 _____ () C:\Windows\PFRO.log
2014-10-11 17:08 - 2014-10-12 21:03 - 00000112 _____ () C:\Windows\setupact.log
2014-10-11 17:08 - 2014-10-11 17:08 - 00000000 _____ () C:\Windows\setuperr.log
2014-10-11 16:29 - 2014-10-11 17:26 - 00000000 ____D () C:\Qoobox
2014-10-11 16:29 - 2014-10-11 17:24 - 00000000 ____D () C:\Windows\erdnt
2014-10-11 16:29 - 2011-06-26 08:45 - 00256000 _____ () C:\Windows\PEV.exe
2014-10-11 16:29 - 2010-11-07 19:20 - 00208896 _____ () C:\Windows\MBR.exe
2014-10-11 16:29 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2014-10-11 16:29 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2014-10-11 16:29 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2014-10-11 16:29 - 2000-08-31 02:00 - 00098816 _____ () C:\Windows\sed.exe
2014-10-11 16:29 - 2000-08-31 02:00 - 00080412 _____ () C:\Windows\grep.exe
2014-10-11 16:29 - 2000-08-31 02:00 - 00068096 _____ () C:\Windows\zip.exe
2014-10-11 16:27 - 2014-10-11 16:27 - 05582481 ____R (Swearware) C:\Users\diane\Desktop\ComboFix.exe
2014-10-10 07:46 - 2014-10-10 07:46 - 00000000 ___HD () C:\Users\diane\AppData\Local\Ulvfmkllu
2014-10-09 17:57 - 2014-10-10 07:46 - 00000000 ___HD () C:\Users\diane\AppData\Local\Huvesojsqb
2014-10-09 10:53 - 2014-10-09 10:53 - 00003392 _____ () C:\Users\diane\Desktop\GMER.log
2014-10-09 09:37 - 2014-10-12 21:30 - 00000000 ____D () C:\FRST
2014-10-09 08:44 - 2014-10-09 08:44 - 00000000 ____D () C:\Users\diane\AppData\Local\VirtualStore
2014-10-09 07:49 - 2014-10-09 07:49 - 00004880 _____ () C:\Windows\system32\PerfStringBackup.TMP
2014-10-09 00:42 - 2014-10-09 00:25 - 00458336 _____ (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\74056961.sys
2014-10-08 23:42 - 2014-10-08 23:45 - 00002155 _____ () C:\Windows\epplauncher.mif
2014-10-08 23:42 - 2014-10-08 23:45 - 00000000 ____D () C:\Program Files\Microsoft Security Client
2014-10-08 23:42 - 2014-10-08 23:44 - 00000000 ____D () C:\Program Files (x86)\Microsoft Security Client
2014-10-08 23:39 - 2014-10-12 21:25 - 00005134 _____ () C:\Windows\System32\Tasks\Microsoft Office 15 Sync Maintenance for nb-diane-diane nb-diane
2014-10-07 19:06 - 2014-10-07 19:06 - 00000000 ___RD () C:\MSOCache
2014-10-05 17:41 - 2014-10-05 17:41 - 00000000 ____D () C:\Program Files (x86)\Microsoft Office
2014-10-05 17:37 - 2014-10-05 17:38 - 00000000 ____D () C:\Program Files\Microsoft Office 15
2014-10-05 17:26 - 2014-10-05 17:26 - 00016854 _____ () C:\Users\diane\Documents\cc_20141005_172631.reg
2014-10-05 17:26 - 2014-10-05 17:26 - 00000816 _____ () C:\Users\diane\Documents\cc_20141005_172648.reg
2014-10-05 17:25 - 2014-10-05 17:26 - 00411658 _____ () C:\Users\diane\Documents\cc_20141005_172550.reg
2014-10-05 17:16 - 2014-10-05 17:16 - 00002772 _____ () C:\Windows\System32\Tasks\CCleanerSkipUAC
2014-10-05 17:16 - 2014-10-05 17:16 - 00000822 _____ () C:\Users\Public\Desktop\CCleaner.lnk
2014-10-05 17:16 - 2014-10-05 17:16 - 00000000 ____D () C:\Program Files\CCleaner
2014-10-05 16:26 - 2014-07-09 04:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDYAK.DLL
2014-10-05 16:26 - 2014-07-09 04:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDTAT.DLL
2014-10-05 16:26 - 2014-07-09 04:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDRU1.DLL
2014-10-05 16:26 - 2014-07-09 04:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDBASH.DLL
2014-10-05 16:26 - 2014-07-09 04:03 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\KBDRU.DLL
2014-10-05 16:26 - 2014-07-09 03:31 - 00007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDYAK.DLL
2014-10-05 16:26 - 2014-07-09 03:31 - 00007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDTAT.DLL
2014-10-05 16:26 - 2014-07-09 03:31 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDRU1.DLL
2014-10-05 16:26 - 2014-07-09 03:31 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDRU.DLL
2014-10-05 16:26 - 2014-07-09 03:31 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDBASH.DLL
2014-10-05 16:26 - 2014-07-09 00:38 - 00419992 _____ () C:\Windows\system32\locale.nls
2014-10-05 16:26 - 2014-07-09 00:30 - 00419992 _____ () C:\Windows\SysWOW64\locale.nls
2014-10-05 14:44 - 2014-10-05 14:44 - 00000000 ____D () C:\MATS
2014-10-05 14:28 - 2014-10-05 20:21 - 00004096 _____ () C:\Users\Public\Documents\000015B3.LCS
2014-10-05 14:28 - 2014-10-05 14:28 - 00000000 ____D () C:\Users\diane\AppData\Roaming\ProtectDISC
2014-10-05 14:27 - 2014-10-06 01:58 - 00000000 ____D () C:\Users\diane\Documents\Lost Horizon
2014-10-05 14:27 - 2014-10-05 14:27 - 00002122 _____ () C:\Users\Public\Desktop\Lost Horizon.lnk
2014-10-05 14:27 - 2007-03-30 15:44 - 00261480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_7.dll
2014-10-05 14:27 - 2007-03-30 15:44 - 00107368 _____ (Microsoft Corporation) C:\Windows\system32\xinput1_3.dll
2014-10-05 14:27 - 2007-03-30 15:43 - 00403304 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_7.dll
2014-10-05 14:27 - 2007-03-30 15:43 - 00081768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xinput1_3.dll
2014-10-05 14:27 - 2007-03-15 16:57 - 00506728 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_33.dll
2014-10-05 14:27 - 2007-03-15 16:57 - 00443752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_33.dll
2014-10-05 14:27 - 2007-03-12 16:42 - 04494184 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_33.dll
2014-10-05 14:27 - 2007-03-12 16:42 - 03495784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_33.dll
2014-10-05 14:27 - 2007-03-12 16:42 - 01400176 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_33.dll
2014-10-05 14:27 - 2007-03-12 16:42 - 01123696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_33.dll
2014-10-05 14:27 - 2007-03-05 12:42 - 00017688 _____ (Microsoft Corporation) C:\Windows\system32\x3daudio1_1.dll
2014-10-05 14:27 - 2007-03-05 12:42 - 00015128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\x3daudio1_1.dll
2014-10-05 14:27 - 2007-01-24 15:27 - 00393576 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_6.dll
2014-10-05 14:27 - 2007-01-24 15:27 - 00255848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_6.dll
2014-10-05 14:27 - 2006-12-08 12:02 - 00251672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_5.dll
2014-10-05 14:27 - 2006-12-08 12:00 - 00390424 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_5.dll
2014-10-05 14:27 - 2006-11-29 13:06 - 04398360 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_32.dll
2014-10-05 14:27 - 2006-11-29 13:06 - 03426072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_32.dll
2014-10-05 14:27 - 2006-11-29 13:06 - 00469264 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10.dll
2014-10-05 14:27 - 2006-11-29 13:06 - 00440080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10.dll
2014-10-05 14:27 - 2006-09-28 16:05 - 03977496 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_31.dll
2014-10-05 14:27 - 2006-09-28 16:05 - 02414360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_31.dll
2014-10-05 14:27 - 2006-09-28 16:05 - 00237848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_4.dll
2014-10-05 14:27 - 2006-09-28 16:04 - 00364824 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_4.dll
2014-10-05 14:27 - 2006-07-28 09:31 - 00083736 _____ (Microsoft Corporation) C:\Windows\system32\xinput1_2.dll
2014-10-05 14:27 - 2006-07-28 09:30 - 00363288 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_3.dll
2014-10-05 14:27 - 2006-07-28 09:30 - 00236824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_3.dll
2014-10-05 14:27 - 2006-07-28 09:30 - 00062744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xinput1_2.dll
2014-10-05 14:27 - 2006-05-31 07:24 - 00230168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_2.dll
2014-10-05 14:27 - 2006-05-31 07:22 - 00354072 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_2.dll
2014-10-05 14:27 - 2006-03-31 12:41 - 03927248 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_30.dll
2014-10-05 14:27 - 2006-03-31 12:40 - 02388176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_30.dll
2014-10-05 14:27 - 2006-03-31 12:40 - 00352464 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_1.dll
2014-10-05 14:27 - 2006-03-31 12:39 - 00229584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_1.dll
2014-10-05 14:27 - 2006-03-31 12:39 - 00083664 _____ (Microsoft Corporation) C:\Windows\system32\xinput1_1.dll
2014-10-05 14:27 - 2006-03-31 12:39 - 00062672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xinput1_1.dll
2014-10-05 14:27 - 2006-02-03 08:43 - 03830992 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_29.dll
2014-10-05 14:27 - 2006-02-03 08:43 - 02332368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_29.dll
2014-10-05 14:27 - 2006-02-03 08:42 - 00355536 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_0.dll
2014-10-05 14:27 - 2006-02-03 08:42 - 00230096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_0.dll
2014-10-05 14:27 - 2006-02-03 08:41 - 00016592 _____ (Microsoft Corporation) C:\Windows\system32\x3daudio1_0.dll
2014-10-05 14:27 - 2006-02-03 08:41 - 00014032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\x3daudio1_0.dll
2014-10-05 14:27 - 2005-12-05 18:09 - 03815120 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_28.dll
2014-10-05 14:27 - 2005-12-05 18:09 - 02323664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_28.dll
2014-10-05 14:27 - 2005-07-22 19:59 - 03807440 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_27.dll
2014-10-05 14:27 - 2005-07-22 19:59 - 02319568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_27.dll
2014-10-05 14:27 - 2005-05-26 15:34 - 03767504 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_26.dll
2014-10-05 14:27 - 2005-05-26 15:34 - 02297552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_26.dll
2014-10-05 14:27 - 2005-03-18 17:19 - 03823312 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_25.dll
2014-10-05 14:27 - 2005-03-18 17:19 - 02337488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_25.dll
2014-10-05 14:27 - 2005-02-05 19:45 - 03544272 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_24.dll
2014-10-05 14:27 - 2005-02-05 19:45 - 02222800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_24.dll
2014-10-05 14:16 - 2014-10-05 14:16 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2014-10-05 14:16 - 2014-10-05 14:16 - 00000000 ____D () C:\Program Files (x86)\Deep Silver
2014-10-01 14:56 - 2014-09-25 04:08 - 00371712 _____ (Microsoft Corporation) C:\Windows\system32\qdvd.dll
2014-10-01 14:56 - 2014-09-25 03:40 - 00519680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qdvd.dll
2014-09-29 13:13 - 2014-09-10 00:11 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2014-09-29 13:13 - 2014-09-09 23:47 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2014-09-25 03:24 - 2014-09-25 03:24 - 00829264 _____ (Microsoft Corporation) C:\Windows\system32\msvcr100.dll
2014-09-25 03:24 - 2014-09-25 03:24 - 00608080 _____ (Microsoft Corporation) C:\Windows\system32\msvcp100.dll
2014-09-25 01:54 - 2014-09-25 01:54 - 00773968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msvcr100.dll
2014-09-25 01:54 - 2014-09-25 01:54 - 00421200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msvcp100.dll
2014-09-20 10:28 - 2014-09-27 13:30 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-09-15 12:06 - 2014-09-15 12:06 - 00001783 _____ () C:\Users\Public\Desktop\iTunes.lnk
2014-09-15 12:05 - 2014-09-15 12:06 - 00000000 ____D () C:\Program Files\iTunes
2014-09-15 12:05 - 2014-09-15 12:06 - 00000000 ____D () C:\Program Files (x86)\iTunes
2014-09-15 12:05 - 2014-09-15 12:05 - 00000000 ____D () C:\Program Files\iPod
2014-09-13 11:04 - 2014-09-20 20:30 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox.bak
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-10-12 21:29 - 2014-04-25 17:44 - 01291861 _____ () C:\Windows\WindowsUpdate.log
2014-10-12 21:21 - 2014-04-26 09:40 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-10-12 21:10 - 2009-07-14 06:45 - 00026320 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-10-12 21:10 - 2009-07-14 06:45 - 00026320 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-10-12 21:03 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-10-12 20:41 - 2014-04-27 15:45 - 00000000 ____D () C:\Users\diane\AppData\Local\Apple
2014-10-11 17:22 - 2009-07-14 04:34 - 00000215 _____ () C:\Windows\system.ini
2014-10-11 17:10 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\system32\spool
2014-10-11 17:08 - 2009-07-14 06:45 - 00437440 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-10-11 17:08 - 2009-07-14 04:34 - 87031808 _____ () C:\Windows\system32\config\SOFTWARE.bak
2014-10-11 17:08 - 2009-07-14 04:34 - 15728640 _____ () C:\Windows\system32\config\SYSTEM.bak
2014-10-11 17:08 - 2009-07-14 04:34 - 04980736 _____ () C:\Windows\system32\config\DEFAULT.bak
2014-10-11 17:08 - 2009-07-14 04:34 - 00262144 _____ () C:\Windows\system32\config\SECURITY.bak
2014-10-11 17:08 - 2009-07-14 04:34 - 00262144 _____ () C:\Windows\system32\config\SAM.bak
2014-10-09 08:38 - 2014-04-26 08:51 - 00000000 ____D () C:\Users\diane\AppData\Roaming\Adobe
2014-10-09 07:54 - 2009-10-03 20:55 - 00000000 ____D () C:\Users\diane\AppData\Roaming\Mozilla
2014-10-09 07:49 - 2009-07-14 19:58 - 00684166 _____ () C:\Windows\system32\perfh007.dat
2014-10-09 07:49 - 2009-07-14 19:58 - 00148978 _____ () C:\Windows\system32\perfc007.dat
2014-10-09 01:34 - 2009-07-14 07:13 - 01567834 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-10-09 01:17 - 2014-04-27 14:59 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-10-09 01:17 - 2014-04-25 19:56 - 00000000 ____D () C:\Program Files (x86)\Google
2014-10-08 23:44 - 2014-04-26 08:40 - 01512944 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
2014-10-08 23:44 - 2009-07-14 05:20 - 00000000 ____D () C:\Program Files\Common Files\Microsoft Shared
2014-10-06 17:43 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\rescache
2014-10-05 17:49 - 2014-04-27 17:10 - 00002198 _____ () C:\Users\diane\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft OneDrive.lnk
2014-10-05 17:49 - 2014-04-27 17:10 - 00000000 ___RD () C:\Users\diane\OneDrive
2014-10-05 17:18 - 2014-05-14 08:13 - 00000000 ____D () C:\Users\diane\AppData\Roaming\XnView
2014-10-05 16:27 - 2014-09-02 17:49 - 00007598 _____ () C:\Users\diane\AppData\Local\Resmon.ResmonCfg
2014-10-05 15:07 - 2014-08-25 10:58 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy 2
2014-09-30 18:47 - 2009-10-06 15:36 - 00000000 ____D () C:\Users\diane\Documents\Diane
2014-09-30 17:10 - 2014-09-09 12:41 - 00000000 ____D () C:\Users\diane\AppData\Roaming\HpUpdate
2014-09-22 08:42 - 2014-04-25 18:11 - 00278152 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2014-09-19 12:03 - 2014-04-25 17:49 - 00000000 ____D () C:\Users\diane
2014-09-12 00:48 - 2014-04-27 20:07 - 00000000 ____D () C:\Program Files (x86)\SeaMonkey
Some content of TEMP:
====================
C:\Users\diane\AppData\Local\Temp\Quarantine.exe
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2014-10-06 17:35
==================== End Of Log ============================ --- --- ---
--- --- --- Code:
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 12-10-2014
Ran by diane at 2014-10-12 21:31:14
Running from C:\Users\diane\Downloads
Boot Mode: Normal
==========================================================
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Microsoft Security Essentials (Disabled - Up to date) {4F35CFC4-45A3-FC37-EF17-759A02E39AB1}
AS: Microsoft Security Essentials (Disabled - Up to date) {F4542E20-6399-F3B9-D5A7-4EE87964D00C}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installed Programs ======================
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 14.0.0.178 - Adobe Systems Incorporated)
Adobe AIR (x32 Version: 14.0.0.178 - Adobe Systems Incorporated) Hidden
Adobe Flash Player 15 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 15.0.0.152 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.08) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.08 - Adobe Systems Incorporated)
Amazon Music Importer (HKLM-x32\...\com.amazon.music.uploader) (Version: 3.0.0 - Amazon Services LLC)
Amazon Music Importer (x32 Version: 3.0.0 - Amazon Services LLC) Hidden
AMD Accelerated Video Transcoding (Version: 12.5.100.30429 - Advanced Micro Devices, Inc.) Hidden
AMD Catalyst Install Manager (HKLM\...\{37FCE154-7F59-74F0-3A35-BF503CEB230B}) (Version: 8.0.877.0 - Advanced Micro Devices, Inc.)
AMD Drag and Drop Transcoding (Version: 2.00.0000 - Advanced Micro Devices, Inc.) Hidden
AMD Media Foundation Decoders (Version: 1.0.80430.0002 - Advanced Micro Devices, Inc.) Hidden
Apple Application Support (HKLM-x32\...\{78002155-F025-4070-85B3-7C0453561701}) (Version: 3.0.6 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{B678797F-DF38-4556-8A31-8B818E261868}) (Version: 8.0.0.23 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Canon IJ Network Scan Utility (HKLM-x32\...\Canon_IJ_Network_Scan_UTILITY) (Version: - )
Canon IJ Network Tool (HKLM-x32\...\Canon_IJ_Network_UTILITY) (Version: 3.1.1 - Canon Inc.)
Catalyst Control Center - Branding (x32 Version: 1.00.0000 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center (x32 Version: 2013.0429.2313.39747 - Ihr Firmenname) Hidden
Catalyst Control Center Graphics Previews Common (x32 Version: 2013.0429.2313.39747 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center InstallProxy (x32 Version: 2013.0429.2313.39747 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Localization All (x32 Version: 2013.0429.2313.39747 - Advanced Micro Devices, Inc.) Hidden
CCC Help Chinese Standard (x32 Version: 2013.0429.2312.39747 - Advanced Micro Devices, Inc.) Hidden
CCC Help Chinese Traditional (x32 Version: 2013.0429.2312.39747 - Advanced Micro Devices, Inc.) Hidden
CCC Help Czech (x32 Version: 2013.0429.2312.39747 - Advanced Micro Devices, Inc.) Hidden
CCC Help Danish (x32 Version: 2013.0429.2312.39747 - Advanced Micro Devices, Inc.) Hidden
CCC Help Dutch (x32 Version: 2013.0429.2312.39747 - Advanced Micro Devices, Inc.) Hidden
CCC Help English (x32 Version: 2013.0429.2312.39747 - Advanced Micro Devices, Inc.) Hidden
CCC Help Finnish (x32 Version: 2013.0429.2312.39747 - Advanced Micro Devices, Inc.) Hidden
CCC Help French (x32 Version: 2013.0429.2312.39747 - Advanced Micro Devices, Inc.) Hidden
CCC Help German (x32 Version: 2013.0429.2312.39747 - Advanced Micro Devices, Inc.) Hidden
CCC Help Greek (x32 Version: 2013.0429.2312.39747 - Advanced Micro Devices, Inc.) Hidden
CCC Help Hungarian (x32 Version: 2013.0429.2312.39747 - Advanced Micro Devices, Inc.) Hidden
CCC Help Italian (x32 Version: 2013.0429.2312.39747 - Advanced Micro Devices, Inc.) Hidden
CCC Help Japanese (x32 Version: 2013.0429.2312.39747 - Advanced Micro Devices, Inc.) Hidden
CCC Help Korean (x32 Version: 2013.0429.2312.39747 - Advanced Micro Devices, Inc.) Hidden
CCC Help Norwegian (x32 Version: 2013.0429.2312.39747 - Advanced Micro Devices, Inc.) Hidden
CCC Help Polish (x32 Version: 2013.0429.2312.39747 - Advanced Micro Devices, Inc.) Hidden
CCC Help Portuguese (x32 Version: 2013.0429.2312.39747 - Advanced Micro Devices, Inc.) Hidden
CCC Help Russian (x32 Version: 2013.0429.2312.39747 - Advanced Micro Devices, Inc.) Hidden
CCC Help Spanish (x32 Version: 2013.0429.2312.39747 - Advanced Micro Devices, Inc.) Hidden
CCC Help Swedish (x32 Version: 2013.0429.2312.39747 - Advanced Micro Devices, Inc.) Hidden
CCC Help Thai (x32 Version: 2013.0429.2312.39747 - Advanced Micro Devices, Inc.) Hidden
CCC Help Turkish (x32 Version: 2013.0429.2312.39747 - Advanced Micro Devices, Inc.) Hidden
ccc-utility64 (Version: 2013.0429.2313.39747 - Advanced Micro Devices, Inc.) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 4.18 - Piriform)
CPUID CPU-Z 1.69.2 (HKLM\...\CPUID CPU-Z_is1) (Version: - )
FreePDF (Remove only) (HKLM-x32\...\FreePDF_XP) (Version: - )
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 37.0.2062.124 - Google Inc.)
Google Update Helper (x32 Version: 1.3.24.15 - Google Inc.) Hidden
GPL Ghostscript (HKLM\...\GPL Ghostscript 9.07) (Version: 9.07 - Artifex Software Inc.)
HP Officejet 6700 - Grundlegende Software für das Gerät (HKLM\...\{9086D601-50B7-491D-A143-28193DADE36B}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)
HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
I.R.I.S. OCR (HKLM-x32\...\{CA6BCA2F-EDEB-408F-850B-31404BE16A61}) (Version: 12.3.4.0 - HP)
iCloud (HKLM\...\{6096C0CC-7E19-4355-87F0-627EC5AA146D}) (Version: 4.0.3.56 - Apple Inc.)
Intel(R) Chipset Device Software (Version: 10.0.13 - Intel Corporation) Hidden
Intel® Chipsatz-Gerätesoftware (x32 Version: 10.0.13 - Intel(R) Corporation) Hidden
IrfanView (remove only) (HKLM-x32\...\IrfanView) (Version: 4.37 - Irfan Skiljan)
iTunes (HKLM\...\{F46AA0F1-E284-4878-A462-5F11B9166C0E}) (Version: 11.4.0.18 - Apple Inc.)
Java 7 Update 67 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217055FF}) (Version: 7.0.670 - Oracle)
Java Auto Updater (x32 Version: 2.1.67.1 - Oracle, Inc.) Hidden
Lost Horizon (HKLM-x32\...\{2B48B3C5-B596-4822-A148-837B11885CB5}) (Version: 1.00 - Deep Silver)
Malwarebytes Anti-Malware Version 2.0.2.1012 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
Microsoft .NET Framework 4.5.1 (DEU) (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Office 365 - de-de (HKLM\...\O365HomePremRetail - de-de) (Version: 15.0.4649.1004 - Microsoft Corporation)
Microsoft OneDrive (HKCU\...\OneDriveSetup.exe) (Version: 17.0.4023.1211 - Microsoft Corporation)
Microsoft Security Client (Version: 4.6.0305.0 - Microsoft Corporation) Hidden
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.6.305.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation)
Mozilla Firefox 32.0.3 (x86 de) (HKLM-x32\...\Mozilla Firefox 32.0.3 (x86 de)) (Version: 32.0.3 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
Mozilla Thunderbird 24.6.0 (x86 de) (HKLM-x32\...\Mozilla Thunderbird 24.6.0 (x86 de)) (Version: 24.6.0 - Mozilla)
Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4649.1004 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Licensing Component (Version: 15.0.4649.1004 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4649.1004 - Microsoft Corporation) Hidden
ProtectDisc Driver, Version 11 (HKLM-x32\...\ProtectDisc Driver 11) (Version: 11.0.0.14 - ProtectDisc Software GmbH)
SeaMonkey 2.26.1 (x86 de) (HKLM-x32\...\SeaMonkey 2.26.1 (x86 de)) (Version: 2.26.1 - Mozilla)
System Requirements Lab for Intel (HKLM-x32\...\{0941583C-A10F-4FBB-9B1C-9178CE3BFDAF}) (Version: 4.5.23.0 - Husdawg, LLC)
XnView 2.22 (HKLM-x32\...\XnView_is1) (Version: 2.22 - Gougelet Pierre-e)
==================== Custom CLSID (selected items): ==========================
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
CustomCLSID: HKU\S-1-5-21-2748120554-2483438233-3915823188-1000_Classes\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}\InprocServer32 -> C:\Users\diane\AppData\Local\Microsoft\SkyDrive\17.0.4023.1211_1\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2748120554-2483438233-3915823188-1000_Classes\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}\InprocServer32 -> C:\Users\diane\AppData\Local\Microsoft\SkyDrive\17.0.4023.1211_1\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2748120554-2483438233-3915823188-1000_Classes\CLSID\{CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B}\InprocServer32 -> C:\Users\diane\AppData\Local\Microsoft\SkyDrive\17.0.4023.1211_1\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2748120554-2483438233-3915823188-1000_Classes\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}\InprocServer32 -> C:\Users\diane\AppData\Local\Microsoft\SkyDrive\17.0.4023.1211_1\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2748120554-2483438233-3915823188-1000_Classes\CLSID\{F8071786-1FD0-4A66-81A1-3CBE29274458}\InprocServer32 -> C:\Users\diane\AppData\Local\Microsoft\SkyDrive\17.0.4023.1211_1\amd64\FileSyncApi64.dll (Microsoft Corporation)
==================== Restore Points =========================
05-10-2014 14:26:25 Windows Update
05-10-2014 14:35:12 Windows Update
05-10-2014 14:47:56 Windows Update
08-10-2014 21:40:45 Windows Update
09-10-2014 05:50:31 Windows-Sicherung
10-10-2014 05:45:33 Windows Update
11-10-2014 14:25:50 Windows Update
12-10-2014 18:41:23 Windows Update
==================== Hosts content: ==========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2009-07-14 04:34 - 2014-10-11 17:22 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 localhost
==================== Scheduled Tasks (whitelisted) =============
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
Task: {0506CFE3-803F-407C-9F80-59779609AC6E} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {29187D2E-7962-4298-9FBD-F99CE568797E} - System32\Tasks\Microsoft Office 15 Sync Maintenance for nb-diane-diane nb-diane => C:\Program Files\Microsoft Office 15\Root\Office15\MsoSync.exe [2014-10-05] (Microsoft Corporation)
Task: {3C29A936-51C3-4812-890D-C0C46EFBA569} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-09-10] (Adobe Systems Incorporated)
Task: {90D6FFA7-D859-4D0C-966A-0A7C413F1098} - System32\Tasks\Apple Diagnostics => C:\Program Files (x86)\Common Files\Apple\Internet Services\EReporter.exe [2014-08-25] (Apple Inc.)
Task: {A1543889-BA9B-450B-9C32-E93018E21A38} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-09-26] (Piriform Ltd)
Task: {BFDED285-38D4-4EF8-A1D8-BEE29349D8D2} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2014-08-12] (Microsoft Corporation)
Task: {C208315B-42A1-4594-9A19-F833A3C848E3} - System32\Tasks\Microsoft\Windows\WindowsBackup\AutomaticBackup => Rundll32.exe /d sdengin2.dll,ExecuteScheduledBackup
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
==================== Loaded Modules (whitelisted) =============
2014-10-05 17:37 - 2014-05-20 09:19 - 00105640 _____ () C:\Program Files\Microsoft Office 15\ClientX64\ApiClient.dll
2014-09-25 20:44 - 2014-09-25 20:44 - 00053248 _____ () C:\Program Files\CCleaner\lang\lang-1031.dll
2014-02-12 20:58 - 2014-02-12 20:58 - 01044808 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2014-09-20 10:28 - 2014-09-27 13:30 - 03715184 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
==================== Alternate Data Streams (whitelisted) =========
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
==================== Safe Mode (whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
==================== EXE Association (whitelisted) =============
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
==================== MSCONFIG/TASK MANAGER disabled items =========
(Currently there is no automatic fix for this section.)
MSCONFIG\Services: AdobeARMservice => 2
MSCONFIG\Services: AdobeFlashPlayerUpdateSvc => 3
MSCONFIG\Services: AMD External Events Utility => 2
MSCONFIG\Services: Apple Mobile Device => 2
MSCONFIG\Services: Bonjour Service => 2
MSCONFIG\Services: gupdate => 2
MSCONFIG\Services: gupdatem => 3
MSCONFIG\Services: iPod Service => 3
MSCONFIG\Services: MozillaMaintenance => 3
========================= Accounts: ==========================
Administrator (S-1-5-21-2748120554-2483438233-3915823188-500 - Administrator - Disabled)
diane (S-1-5-21-2748120554-2483438233-3915823188-1000 - Administrator - Enabled) => C:\Users\diane
Gast (S-1-5-21-2748120554-2483438233-3915823188-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-2748120554-2483438233-3915823188-1003 - Limited - Enabled)
==================== Faulty Device Manager Devices =============
==================== Event log errors: =========================
Application errors:
==================
System errors:
=============
Error: (10/12/2014 09:30:26 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {9E6E74C7-0E85-4D14-8851-7635E2C1C528}
Microsoft Office Sessions:
=========================
CodeIntegrity Errors:
===================================
Date: 2014-10-11 17:06:13.658
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
Date: 2014-10-11 17:06:13.518
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
==================== Memory info ===========================
Processor: Intel(R) Core(TM)2 Duo CPU T6600 @ 2.20GHz
Percentage of memory in use: 34%
Total physical RAM: 4090.93 MB
Available physical RAM: 2685.23 MB
Total Pagefile: 8180.03 MB
Available Pagefile: 6653.45 MB
Total Virtual: 8192 MB
Available Virtual: 8191.82 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:465.66 GB) (Free:366.54 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: 25E37110)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=465.7 GB) - (Type=07 NTFS)
==================== End Of Log ============================ Danke für deine Zeit!
Gruß
Michael
Edit: gerade hat Malwarebytes Anti-Malware den Trojaner nochmal gefunden. Code:
Malwarebytes Anti-Malware
www.malwarebytes.org
Detection, 12.10.2014 23:02:21, SYSTEM, NB-DIANE, Protection, Malware Protection, File, Trojan.Downloader.Gen, C:\Users\diane\AppData\Local\Temp\gdrruijcux.pre, Quarantine, [70678291b5c7a195f965c98bf0139769]
(end) |