Bundesamt für Polizei, oder so...

S

spiderpig

Mitglied
Hallo zusammen

Ich bin auf diese Seite gestossen, nachdem besagte Seite vom Bundesamt für Polizei bei mir aufgetaucht ist und mich partout nicht mehr weglassen wollte. Über den Task Manager bin ich dann doch noch aus der Nummer rausgekommen.

Ich habe anschliessend das im fixierten Thread geschilderte Prozedere durchgeführt und stelle hier gerne die Log Files von Malwarebytes und OTL zur Verfügung.

Ich hatte anschliessend an den Vorfahl (ist etwa um 15.30 Uhr, also vor anderthalb Stunden geschehen) keinerlei Probleme.

Danke für weitere Informationen

Spidy



Malwarebytes Log:

<?xml version="1.0" encoding="UTF-16"?>

-<mbam-log>


-<header>

<date>2015/06/20 15:39:28 +0200</date>

<logfile>mbam-log-2015-06-20 (15-39-26).xml</logfile>

<isadmin>yes</isadmin>

</header>


+<engine>


-<system>

<osversion>Windows 7 Service Pack 1</osversion>

<arch>x64</arch>

<username>rms</username>

<filesys>NTFS</filesys>

</system>


-<summary>

<type>threat</type>

<result>completed</result>

<objects>371723</objects>

<time>780</time>

<processes>0</processes>

<modules>0</modules>

<keys>3</keys>

<values>5</values>

<datas>0</datas>

<folders>0</folders>

<files>3</files>

<sectors>0</sectors>

</summary>


-<options>

<memory>enabled</memory>

<startup>enabled</startup>

<filesystem>enabled</filesystem>

<archives>enabled</archives>

<rootkits>disabled</rootkits>

<deeprootkit>disabled</deeprootkit>

<heuristics>enabled</heuristics>

<pup>enabled</pup>

<pum>enabled</pum>

</options>


-<items>


-<key>

<path>HKU\S-1-5-21-549124750-1769519980-1495428139-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{006ee092-9658-4fd6-bd8e-a21a348e59f5}</path>

<vendor>PUP.Optional.Snapdo.T</vendor>

<action>success</action>

<hash>14de893306849e989fec347b3dc69070</hash>

</key>


-<key>

<path>HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{006EE092-9658-4FD6-BD8E-A21A348E59F5}</path>

<vendor>PUP.Optional.Snapdo.T</vendor>

<action>success</action>

<hash>14de893306849e989fec347b3dc69070</hash>

</key>


-<key>

<path>HKU\S-1-5-21-549124750-1769519980-1495428139-1000\SOFTWARE\SMARTBAR</path>

<vendor>PUP.Optional.SnapDo.A</vendor>

<action>success</action>

<hash>18da4b71632724129249f94bf50f8878</hash>

</key>


-<value>

<path>HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\TOOLBAR</path>

<valuename>{ae07101b-46d4-4a98-af68-0333ea26e113}</valuename>

<vendor>PUP.Optional.SmartBar</vendor>

<action>success</action>

<valuedata>Smartbar</valuedata>

<hash>24ce65572169f244c21dfb1e7e86bf41</hash>

</value>


-<value>

<path>HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{006ee092-9658-4fd6-bd8e-a21a348e59f5}</path>

<valuename>URL</valuename>

<vendor>PUP.Optional.SnapDo.A</vendor>

<action>success</action>

<valuedata>http://feed.snap.do/?publisher=SnapdoSoftonicYB&dpid=SnapdoSoftonicYB&co=TJ&userid=5451a4eb-20b5-48c4-8e9d-a74b42d431ae&searchtype=ds&q={searchTerms}&installDate=25/04/2013</valuedata>

<hash>6290803c5832989ef6077a7a917209f7</hash>

</value>


-<value>

<path>HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\TOOLBAR</path>

<valuename>{ae07101b-46d4-4a98-af68-0333ea26e113}</valuename>

<vendor>PUP.Optional.SmartBar</vendor>

<action>success</action>

<valuedata>Smartbar</valuedata>

<hash>eb07f6c65733cb6b30afd445a3618f71</hash>

</value>


-<value>

<path>HKU\S-1-5-21-549124750-1769519980-1495428139-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES</path>

<valuename>DefaultScope</valuename>

<vendor>PUP.Optional.Snapdo.T</vendor>

<action>success</action>

<valuedata>{006ee092-9658-4fd6-bd8e-a21a348e59f5}</valuedata>

<hash>ac46b7055d2d3105cf756bb77a8a7789</hash>

</value>


-<value>

<path>HKU\S-1-5-21-549124750-1769519980-1495428139-1000\SOFTWARE\SMARTBAR</path>

<valuename>publisher</valuename>

<vendor>PUP.Optional.SnapDo.A</vendor>

<action>success</action>

<valuedata>SnapdoSoftonicYB</valuedata>

<hash>18da4b71632724129249f94bf50f8878</hash>

</value>


-<file>

<path>C:\Users\rms\AppData\Local\Temp\Low\C8SY.dll</path>

<vendor>Trojan.FakeMS.gen</vendor>

<action>success</action>

<hash>c52d96262466b77f226e936433cee51b</hash>

</file>


-<file>

<path>C:\Users\rms\AppData\Local\Temp\Low\EyC7.dll</path>

<vendor>Trojan.Ransom.VEGen</vendor>

<action>success</action>

<hash>f200417ba2e89e98c70dfad2d0313fc1</hash>

</file>


-<file>

<path>C:\Users\rms\AppData\Local\Temp\Low\rad83127.tmp.exe</path>

<vendor>Trojan.MSIL.ED</vendor>

<action>success</action>

<hash>c92904b88703d165880633f6699923dd</hash>

</file>

</items>

</mbam-log>
 
Zuletzt bearbeitet:
S

spiderpig

Mitglied
OTL Log:

OTL logfile created on: 6/20/2015 4:11:19 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\rms\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.17843)
Locale: 00000409 | Country: Schweiz | Language: DES | Date Format: dd.MM.yyyy

4.00 Gb Total Physical Memory | 3.07 Gb Available Physical Memory | 76.69% Memory free
8.00 Gb Paging File | 7.26 Gb Available in Paging File | 90.82% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 917.24 Gb Total Space | 802.72 Gb Free Space | 87.51% Space Free | Partition Type: NTFS
Drive D: | 14.17 Gb Total Space | 1.75 Gb Free Space | 12.35% Space Free | Partition Type: NTFS

Computer Name: FAETZE | User Name: rms | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2015/06/20 16:10:24 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\rms\Desktop\OTL.exe
PRC - [2015/04/14 09:36:20 | 006,212,920 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe


========== Modules (No Company Name) ==========

MOD - [2013/09/05 01:14:10 | 004,300,456 | ---- | M] () -- C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE14\Cultures\office.odf


========== Services (SafeList) ==========

SRV:64bit: - [2015/05/25 20:19:13 | 001,255,424 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\SysNative\diagtrack.dll -- (DiagTrack)
SRV:64bit: - [2015/05/22 20:47:34 | 000,114,688 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\IEEtwCollector.exe -- (IEEtwCollectorService)
SRV:64bit: - [2013/05/27 07:50:47 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend)
SRV:64bit: - [2010/10/11 11:48:14 | 000,346,168 | ---- | M] (Hewlett-Packard Company) [Auto | Stopped] -- C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe -- (HPClientSvc)
SRV:64bit: - [2010/03/05 02:25:36 | 000,209,000 | ---- | M] () [Auto | Stopped] -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe -- (nSvcIp)
SRV:64bit: - [2010/03/05 02:25:34 | 000,496,232 | ---- | M] () [Auto | Stopped] -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe -- (ForceWare Intelligent Application Manager (IAM)
SRV - [2015/05/19 17:22:06 | 000,099,128 | ---- | M] (Hewlett-Packard Company) [Auto | Stopped] -- C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe -- (HP Support Assistant Service)
SRV - [2015/04/14 09:36:30 | 001,080,120 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2015/04/14 09:36:28 | 001,871,160 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2015/03/09 14:28:46 | 000,060,456 | ---- | M] (F-Secure Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Internet Security\apps\CCF_Reputation\fsorsp.exe -- (FSORSPClient)
SRV - [2014/12/11 10:30:48 | 000,315,496 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2014/10/14 17:34:00 | 000,216,104 | ---- | M] (F-Secure Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Internet Security\apps\ComputerSecurity\Common\FSMA32.EXE -- (FSMA)
SRV - [2014/10/08 18:18:56 | 000,211,104 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa)
SRV - [2014/10/08 18:18:50 | 000,534,184 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist)
SRV - [2014/04/12 00:08:08 | 000,103,608 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2014/03/21 00:49:18 | 000,067,224 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2014/02/19 13:56:20 | 000,187,432 | ---- | M] (F-Secure Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Internet Security\fshoster32.exe -- (fshoster)
SRV - [2011/02/01 10:49:44 | 001,127,448 | ---- | M] (PDF Complete Inc) [Auto | Stopped] -- C:\Program Files (x86)\PDF Complete\pdfsvc.exe -- (pdfcDispatcher)
SRV - [2010/10/12 19:59:12 | 000,206,072 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe -- (GamesAppService)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2015/06/20 15:53:12 | 000,079,064 | ---- | M] (Malwarebytes Corporation) [Kernel | Boot | Unknown] -- C:\Windows\SysNative\drivers\rterldix.sys -- (ujid)
DRV:64bit: - [2015/06/20 15:37:57 | 000,136,408 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\MBAMSwissArmy.sys -- (MBAMSwissArmy)
DRV:64bit: - [2015/05/26 19:38:23 | 000,055,336 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\fsbts.sys -- (fsbts)
DRV:64bit: - [2015/04/14 09:37:56 | 000,063,704 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mwac.sys -- (MBAMWebAccessControl)
DRV:64bit: - [2015/04/14 09:37:42 | 000,025,816 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2014/10/08 18:18:54 | 000,273,576 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Sftplaylh.sys -- (Sftplay)
DRV:64bit: - [2014/10/08 18:18:54 | 000,029,352 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Sftredirlh.sys -- (Sftredir)
DRV:64bit: - [2014/10/08 18:18:54 | 000,023,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Sftvollh.sys -- (Sftvol)
DRV:64bit: - [2014/10/08 18:18:50 | 000,766,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Sftfslh.sys -- (Sftfs)
DRV:64bit: - [2012/09/21 21:04:22 | 000,351,520 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lvrs64.sys -- (LVRS64)
DRV:64bit: - [2012/03/01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/03/11 08:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 08:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011/03/03 19:59:20 | 000,174,184 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA)
DRV:64bit: - [2010/11/21 05:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/21 05:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/21 05:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2010/07/22 04:57:22 | 001,002,848 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\netr28x.sys -- (netr28x)
DRV:64bit: - [2010/03/04 13:26:58 | 000,349,416 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvmf6264.sys -- (NVNET)
DRV:64bit: - [2009/07/14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/10 22:37:05 | 006,108,416 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2009/06/10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV - [2015/06/15 13:38:54 | 000,095,784 | ---- | M] (F-Secure Corporation) [Kernel | On_Demand | Stopped] -- C:\Program Files (x86)\Internet Security\apps\CCF_Scanning\bin\fsni64.sys -- (fsni)
DRV - [2015/06/10 18:11:07 | 000,208,424 | ---- | M] (F-Secure Corporation) [Kernel | On_Demand | Stopped] -- C:\Program Files (x86)\Internet Security\apps\ComputerSecurity\Anti-Virus\minifilter\fsgk.sys -- (F-Secure Gatekeeper)
DRV - [2015/06/10 18:08:42 | 000,071,080 | ---- | M] (F-Secure Corporation) [Kernel | System | Stopped] -- C:\Program Files (x86)\Internet Security\apps\ComputerSecurity\HIPS\drivers\fshs.sys -- (F-Secure HIPS)
DRV - [2014/05/04 13:42:09 | 000,041,024 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysWOW64\drivers\fsbts.sys -- (fsbts)
DRV - [2013/06/24 18:44:50 | 000,013,248 | ---- | M] () [Kernel | System | Stopped] -- C:\Program Files (x86)\Internet Security\apps\ComputerSecurity\Anti-Virus\minifilter\fsvista.sys -- (fsvista)
DRV - [2009/07/14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&form=HPDTDF&pc=HPDTDF&src=IE-SearchBox
IE:64bit: - HKLM\..\SearchScopes\{0E821378-F39E-4281-8115-1649C28F9630}: "URL" = http://www.amazon.de/s/ref=azs_osd_ieade?ie=UTF-8&tag=hp-de3-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
IE:64bit: - HKLM\..\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}: "URL" = http://eu.ask.com/web?q={searchterms}&l=dis&o=HPDTDF
IE:64bit: - HKLM\..\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}: "URL" = http://ch.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPDTDF
IE:64bit: - HKLM\..\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}: "URL" = http://de.wikipedia.org/wiki/Special:Search?search={searchTerms}
IE:64bit: - HKLM\..\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}: "URL" = http://rover.ebay.com/rover/1/5222-111091-7834-2/4?mpre=http://shop.ebay.com/?_nkw={searchTerms}
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {006ee092-9658-4fd6-bd8e-a21a348e59f5}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&form=HPDTDF&pc=HPDTDF&src=IE-SearchBox

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.uk.msn.com/HPCON/35
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.bing.com/search?q={searchTerms}
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.bing.com/search?q={searchTerms}
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.bluewin.ch/de/email/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.bing.com/search?q={searchTerms}
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.bing.com/search?q={searchTerms}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&form=HPDTDF&pc=HPDTDF&src=IE-SearchBox
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
S

spiderpig

Mitglied
OTL Log, Teil 2:

========== FireFox ==========

FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.40416.0\npctrl.dll ( Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=11.45.2: C:\Program Files (x86)\Java\jre1.8.0_45\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=11.45.2: C:\Program Files (x86)\Java\jre1.8.0_45\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.40416.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll File not found
FF - HKLM\Software\MozillaPlugins\@WildTangent.com/GamesAppPresenceDetector,Version=1.0: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\1\NP_wtapp.dll ()

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{3a54dca9-8650-4143-b5e9-977eba849863}: C:\Program Files (x86)\Internet Security\apps\CCF_Scanning\bin\browser\deploy\fs_firefox_https [2014/12/10 21:50:25 | 000,000,000 | ---D | M]


O1 HOSTS File: ([2009/06/10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Browsing Protection) - {45BBE08D-81C5-4A67-AF20-B2A077C67747} - C:\Program Files (x86)\Internet Security\apps\CCF_Scanning\bin\browser\install\fs_ie_https\fs_ie_https64.dll (F-Secure Corporation)
O2:64bit: - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL (Microsoft Corporation)
O2:64bit: - BHO: (HP Network Check Helper) - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll (Hewlett-Packard)
O2 - BHO: (Browsing Protection) - {45BBE08D-81C5-4A67-AF20-B2A077C67747} - C:\Program Files (x86)\Internet Security\apps\CCF_Scanning\bin\browser\install\fs_ie_https\fs_ie_https.dll (F-Secure Corporation)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.8.0_45\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre1.8.0_45\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (HP Network Check Helper) - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.
O4:64bit: - HKLM..\Run: [hpsysdrv] c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe (Hewlett-Packard)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [Easybits Recovery] C:\Program Files (x86)\EasyBits For Kids\ezRecover.exe (EasyBits Software AS)
O4 - HKLM..\Run: [F-Secure Hoster (45119)] C:\Program Files (x86)\Internet Security\fshoster32.exe (F-Secure Corporation)
O4 - HKLM..\Run: [F-Secure Manager] C:\Program Files (x86)\Internet Security\apps\ComputerSecurity\Common\FSM32.EXE (F-Secure Corporation)
O4 - HKLM..\Run: [LWS] C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe (Logitech Inc.)
O4 - HKLM..\Run: [Magic Desktop for HP notification] C:\ProgramData\Easybits Magic Desktop for HP\mdhpSUN.exe (Easybits)
O4 - HKLM..\Run: [PDF Complete] C:\Program Files (x86)\PDF Complete\pdfsty.exe (PDF Complete Inc)
O4 - HKLM..\Run: [PDFPrint] C:\Program Files (x86)\PDF24\pdf24.exe (Geek Software GmbH)
O4 - HKLM..\Run: [StereoLinksInstall] "C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvstlink.exe" /install1 File not found
O4 - HKCU..\Run: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\MsnMsgr.Exe" /background File not found
O4 - HKLM..\RunOnce: [Malwarebytes Anti-Malware (cleanup)] C:\ProgramData\Malwarebytes\Malwarebytes Anti-Malware\mbamdor.exe (Malwarebytes Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: EnableShellExecuteHooks = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideFastUserSwitching = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableLockWorkstation = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableChangePassword = 0
O8:64bit: - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105 File not found
O8:64bit: - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105 File not found
O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000 File not found
O9:64bit: - Extra Button: @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll,-103 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (Hewlett-Packard)
O9:64bit: - Extra 'Tools' menuitem : @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll,-102 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (Hewlett-Packard)
O9 - Extra Button: @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-103 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (Hewlett-Packard)
O9 - Extra 'Tools' menuitem : @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-102 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (Hewlett-Packard)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{4E83DB51-D469-4E51-B4AE-202349BED238}: DhcpNameServer = 192.168.1.1
O18:64bit: - Protocol\Handler\ipp - No CLSID value found
O18:64bit: - Protocol\Handler\ipp\0x00000001 - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\oledb - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O28:64bit: - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {E54729E8-BB3D-4270-9D49-7389EA579090} - C:\Windows\SysWOW64\ezUPBHook.dll (EasyBits Software Corp.)
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2015/06/20 16:10:23 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\rms\Desktop\OTL.exe
[2015/06/20 15:53:12 | 000,079,064 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\rterldix.sys
[2015/06/20 15:37:34 | 000,136,408 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\MBAMSwissArmy.sys
[2015/06/20 15:37:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
[2015/06/20 15:37:22 | 000,107,736 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbamchameleon.sys
[2015/06/20 15:37:22 | 000,063,704 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mwac.sys
[2015/06/20 15:37:22 | 000,025,816 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2015/06/20 15:37:21 | 000,000,000 | -H-D | C] -- C:\Program Files (x86)\Malwarebytes Anti-Malware
[2015/06/20 15:37:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2015/06/17 18:41:33 | 000,000,000 | ---D | C] -- C:\Users\rms\AppData\Roaming\Witchcraft
[2015/06/15 15:00:02 | 000,000,000 | ---D | C] -- C:\Users\rms\Documents\Quest_of_the_Sorceress
[2015/06/01 11:21:07 | 000,000,000 | ---D | C] -- C:\Users\rms\AppData\Local\GWX
[2015/05/30 23:32:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2015/05/30 23:32:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
[2015/05/30 23:32:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Java

========== Files - Modified Within 30 Days ==========

[2015/06/20 16:10:24 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\rms\Desktop\OTL.exe
[2015/06/20 15:53:12 | 000,079,064 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\rterldix.sys
[2015/06/20 15:37:57 | 000,136,408 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\MBAMSwissArmy.sys
[2015/06/20 15:37:24 | 000,001,104 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2015/06/20 15:27:25 | 3220,676,608 | -HS- | M] () -- C:\hiberfil.sys
[2015/06/20 15:27:25 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2015/06/20 12:37:50 | 000,024,608 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2015/06/20 12:37:50 | 000,024,608 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2015/06/20 11:38:04 | 000,000,324 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForrms.job
[2015/06/15 14:28:26 | 000,001,153 | ---- | M] () -- C:\Users\rms\Desktop\Witchcraft.lnk
[2015/06/15 14:27:53 | 000,001,237 | ---- | M] () -- C:\Users\rms\Desktop\Quest of the Sorceress.lnk
[2015/06/14 23:39:19 | 001,630,208 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2015/06/14 23:39:19 | 000,702,524 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2015/06/14 23:39:19 | 000,657,362 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2015/06/14 23:39:19 | 000,151,004 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2015/06/14 23:39:19 | 000,123,574 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2015/06/14 23:33:00 | 000,409,480 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2015/05/26 19:38:23 | 000,055,336 | ---- | M] () -- C:\Windows\SysNative\drivers\fsbts.sys

========== Files Created - No Company Name ==========
 
S

spiderpig

Mitglied
OTL Log, Teil 3:

[2015/06/20 15:37:24 | 000,001,104 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2015/06/15 14:28:26 | 000,001,153 | ---- | C] () -- C:\Users\rms\Desktop\Witchcraft.lnk
[2015/06/15 14:27:53 | 000,001,237 | ---- | C] () -- C:\Users\rms\Desktop\Quest of the Sorceress.lnk
[2014/05/04 13:42:09 | 000,041,024 | ---- | C] () -- C:\Windows\SysWow64\drivers\fsbts.sys
[2014/05/04 13:41:23 | 000,020,347 | ---- | C] () -- C:\Windows\prodsett_copy.ini
[2013/08/18 10:24:45 | 000,000,032 | ---- | C] () -- C:\Windows\setup.INI

========== ZeroAccess Check ==========

[2009/07/14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2015/02/13 07:22:33 | 014,177,280 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2015/02/13 07:26:18 | 012,875,264 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/14 03:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/21 05:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========

[2014/05/16 16:56:11 | 000,000,000 | ---D | M] -- C:\Users\rms\AppData\Roaming\4 Friends Games
[2013/12/20 00:20:30 | 000,000,000 | ---D | M] -- C:\Users\rms\AppData\Roaming\8floor
[2013/12/31 16:09:25 | 000,000,000 | ---D | M] -- C:\Users\rms\AppData\Roaming\AlexanderTheGreat
[2014/07/12 15:06:06 | 000,000,000 | ---D | M] -- C:\Users\rms\AppData\Roaming\Amulet_of_time
[2014/06/19 15:41:00 | 000,000,000 | ---D | M] -- C:\Users\rms\AppData\Roaming\Anabel
[2014/10/02 12:31:31 | 000,000,000 | ---D | M] -- C:\Users\rms\AppData\Roaming\Artifex Mundi
[2013/01/26 17:43:09 | 000,000,000 | ---D | M] -- C:\Users\rms\AppData\Roaming\Artogon
[2015/04/25 15:32:52 | 000,000,000 | ---D | M] -- C:\Users\rms\AppData\Roaming\Awem
[2015/05/03 17:17:57 | 000,000,000 | ---D | M] -- C:\Users\rms\AppData\Roaming\Big Fish Games
[2014/11/09 09:50:11 | 000,000,000 | ---D | M] -- C:\Users\rms\AppData\Roaming\Blue Tea Games
[2014/10/03 13:19:06 | 000,000,000 | ---D | M] -- C:\Users\rms\AppData\Roaming\casualArts
[2014/10/26 12:31:29 | 000,000,000 | ---D | M] -- C:\Users\rms\AppData\Roaming\cerasus.media
[2014/01/04 15:38:16 | 000,000,000 | ---D | M] -- C:\Users\rms\AppData\Roaming\Das Geheimnis der ägyptischen Mumie
[2014/01/04 15:39:45 | 000,000,000 | ---D | M] -- C:\Users\rms\AppData\Roaming\Das Geheimnis des Korsaren
[2014/10/19 23:31:33 | 000,000,000 | ---D | M] -- C:\Users\rms\AppData\Roaming\Deep Shadows
[2014/06/19 15:44:23 | 000,000,000 | ---D | M] -- C:\Users\rms\AppData\Roaming\Dekovir
[2014/10/26 17:47:19 | 000,000,000 | ---D | M] -- C:\Users\rms\AppData\Roaming\DE_TheInvisibleMan_v_1_0_0
[2015/04/18 08:33:21 | 000,000,000 | ---D | M] -- C:\Users\rms\AppData\Roaming\DikobrazGames
[2013/08/10 11:43:48 | 000,000,000 | ---D | M] -- C:\Users\rms\AppData\Roaming\DominiGames
[2015/04/03 14:46:35 | 000,000,000 | ---D | M] -- C:\Users\rms\AppData\Roaming\Elephant Games
[2011/09/04 08:23:13 | 000,000,000 | ---D | M] -- C:\Users\rms\AppData\Roaming\Flood Light Games
[2014/06/03 21:11:40 | 000,000,000 | ---D | M] -- C:\Users\rms\AppData\Roaming\FriendsGamesNetwork
[2013/11/14 15:36:52 | 000,000,000 | ---D | M] -- C:\Users\rms\AppData\Roaming\Funlinker
[2013/11/18 16:23:23 | 000,000,000 | ---D | M] -- C:\Users\rms\AppData\Roaming\game
[2014/01/04 17:31:31 | 000,000,000 | ---D | M] -- C:\Users\rms\AppData\Roaming\GhostPainting
[2013/10/12 17:39:52 | 000,000,000 | ---D | M] -- C:\Users\rms\AppData\Roaming\GO Games
[2014/01/04 15:53:16 | 000,000,000 | ---D | M] -- C:\Users\rms\AppData\Roaming\Happy Muffin Top
[2014/09/23 17:47:16 | 000,000,000 | ---D | M] -- C:\Users\rms\AppData\Roaming\HdO Adventure
[2015/04/11 20:36:04 | 000,000,000 | ---D | M] -- C:\Users\rms\AppData\Roaming\Hidden Objects DeadlyAssociation
[2015/04/19 22:34:38 | 000,000,000 | ---D | M] -- C:\Users\rms\AppData\Roaming\Hidden Objects JFK
[2014/09/04 19:24:47 | 000,000,000 | ---D | M] -- C:\Users\rms\AppData\Roaming\Hidden Objects TimeMachine
[2012/08/24 19:47:45 | 000,000,000 | ---D | M] -- C:\Users\rms\AppData\Roaming\iMaxGen
[2013/07/16 14:09:10 | 000,000,000 | ---D | M] -- C:\Users\rms\AppData\Roaming\JoyBits
[2011/12/18 01:32:57 | 000,000,000 | ---D | M] -- C:\Users\rms\AppData\Roaming\JQ
[2015/05/25 08:44:48 | 000,000,000 | ---D | M] -- C:\Users\rms\AppData\Roaming\Lazy Turtle Games
[2013/04/25 20:43:11 | 000,000,000 | ---D | M] -- C:\Users\rms\AppData\Roaming\Leadertech
[2013/12/14 15:48:56 | 000,000,000 | ---D | M] -- C:\Users\rms\AppData\Roaming\Magic Academy
[2014/09/04 19:29:44 | 000,000,000 | ---D | M] -- C:\Users\rms\AppData\Roaming\Magic Academy 2
[2014/08/07 12:22:42 | 000,000,000 | ---D | M] -- C:\Users\rms\AppData\Roaming\MagicIndie
[2013/01/04 00:16:42 | 000,000,000 | ---D | M] -- C:\Users\rms\AppData\Roaming\MAI
[2014/09/04 19:30:30 | 000,000,000 | ---D | M] -- C:\Users\rms\AppData\Roaming\md studio
[2014/01/20 18:21:19 | 000,000,000 | ---D | M] -- C:\Users\rms\AppData\Roaming\Melesta
[2012/12/14 18:20:22 | 000,000,000 | ---D | M] -- C:\Users\rms\AppData\Roaming\Meridian93
[2014/06/19 11:18:12 | 000,000,000 | ---D | M] -- C:\Users\rms\AppData\Roaming\MMFApplications
[2014/08/09 17:57:18 | 000,000,000 | ---D | M] -- C:\Users\rms\AppData\Roaming\MysteryTag
[2014/06/16 15:17:07 | 000,000,000 | ---D | M] -- C:\Users\rms\AppData\Roaming\Mysteryville2
[2014/01/12 03:02:40 | 000,000,000 | ---D | M] -- C:\Users\rms\AppData\Roaming\Nevosoft
[2014/12/24 16:31:37 | 000,000,000 | ---D | M] -- C:\Users\rms\AppData\Roaming\Nevosoft Games
[2014/09/04 19:35:28 | 000,000,000 | ---D | M] -- C:\Users\rms\AppData\Roaming\Old Castle
[2012/10/26 17:30:36 | 000,000,000 | ---D | M] -- C:\Users\rms\AppData\Roaming\pdfforge
[2014/05/23 20:09:51 | 000,000,000 | ---D | M] -- C:\Users\rms\AppData\Roaming\Pirateville
[2012/01/08 15:20:16 | 000,000,000 | ---D | M] -- C:\Users\rms\AppData\Roaming\Playrix Entertainment
[2013/02/26 17:43:08 | 000,000,000 | ---D | M] -- C:\Users\rms\AppData\Roaming\PoBros
[2011/09/03 15:11:01 | 000,000,000 | ---D | M] -- C:\Users\rms\AppData\Roaming\QXL Ricardo
[2015/05/09 11:54:56 | 000,000,000 | ---D | M] -- C:\Users\rms\AppData\Roaming\Rainbow
[2013/02/18 15:00:39 | 000,000,000 | ---D | M] -- C:\Users\rms\AppData\Roaming\Sahmon Games
[2014/02/15 19:25:24 | 000,000,000 | ---D | M] -- C:\Users\rms\AppData\Roaming\ScreenSeven
[2013/12/31 16:19:35 | 000,000,000 | ---D | M] -- C:\Users\rms\AppData\Roaming\Screenshots
[2014/12/19 18:05:49 | 000,000,000 | ---D | M] -- C:\Users\rms\AppData\Roaming\ShamanGS
[2012/09/22 17:36:21 | 000,000,000 | ---D | M] -- C:\Users\rms\AppData\Roaming\SoftGrid Client
[2013/11/23 17:43:48 | 000,000,000 | ---D | M] -- C:\Users\rms\AppData\Roaming\StolenSecrets
[2013/12/14 14:25:08 | 000,000,000 | ---D | M] -- C:\Users\rms\AppData\Roaming\Super-Cow
[2013/10/07 14:56:59 | 000,000,000 | ---D | M] -- C:\Users\rms\AppData\Roaming\T1 Games
[2014/10/04 15:20:52 | 000,000,000 | ---D | M] -- C:\Users\rms\AppData\Roaming\Tap It Games
[2014/09/04 19:36:00 | 000,000,000 | ---D | M] -- C:\Users\rms\AppData\Roaming\TLOTGT
[2011/12/12 10:52:57 | 000,000,000 | ---D | M] -- C:\Users\rms\AppData\Roaming\TP
[2014/05/23 23:32:44 | 000,000,000 | ---D | M] -- C:\Users\rms\AppData\Roaming\TWODESPERADOS
[2014/11/24 12:04:00 | 000,000,000 | ---D | M] -- C:\Users\rms\AppData\Roaming\URSE Games
[2011/09/04 21:33:33 | 000,000,000 | ---D | M] -- C:\Users\rms\AppData\Roaming\WildTangentv1001
[2012/08/02 20:18:09 | 000,000,000 | ---D | M] -- C:\Users\rms\AppData\Roaming\WinBatch
[2015/06/17 18:41:59 | 000,000,000 | ---D | M] -- C:\Users\rms\AppData\Roaming\Witchcraft
[2013/08/16 09:38:45 | 000,000,000 | ---D | M] -- C:\Users\rms\AppData\Roaming\Wizard's Spell
[2011/08/31 15:30:14 | 000,000,000 | ---D | M] -- C:\Users\rms\AppData\Roaming\_MDLogs

========== Purity Check ==========



========== Custom Scans ==========

< <?xml version="1.0" encoding="UTF-16"?> >
[2009/07/14 07:08:49 | 000,000,006 | -H-- | C] () -- C:\Windows\Tasks\SA.DAT
[2009/07/14 07:08:49 | 000,032,640 | ---- | C] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2013/02/16 14:45:09 | 000,000,324 | ---- | C] () -- C:\Windows\Tasks\HPCeeScheduleForrms.job

< >

< -<mbam-log> >

< >

< >

< -<header> >

< >

< <date>2015/06/20 15:39:28 +0200</date> >
Invalid Switch: date>

< >

< <logfile>mbam-log-2015-06-20 (15-39-26).xml</logfile> >
Invalid Switch: logfile>

< >

< <isadmin>yes</isadmin> >
Invalid Switch: isadmin>

< >

< </header> >
Invalid Switch: header>

< >

< >

< -<engine> >

< >

< <version>2.01.6.1022</version> >

< >

< <malware-database>v2015.06.20.02</malware-database> >
Invalid Switch: malware-database>

< >

< <rootkit-database>v2015.06.15.01</rootkit-database> >
Invalid Switch: rootkit-database>

< >

< <license>trial</license> >
Invalid Switch: license>
 
S

spiderpig

Mitglied
OTL Log, Teil 4:

< >

< <file-protection>disabled</file-protection> >
Invalid Switch: file-protection>

< >

< <web-protection>disabled</web-protection> >
Invalid Switch: web-protection>

< >

< <self-protection>disabled</self-protection> >
Invalid Switch: self-protection>

< >

< </engine> >
Invalid Switch: engine>

< >

< >

< -<system> >

< >

< <osversion>Windows 7 Service Pack 1</osversion> >
Invalid Switch: osversion>

< >

< <arch>x64</arch> >
Invalid Switch: arch>

< >

< <username>rms</username> >
Invalid Switch: username>

< >

< <filesys>NTFS</filesys> >
Invalid Switch: filesys>

< >

< </system> >
Invalid Switch: system>

< >

< >

< -<summary> >

< >

< <type>threat</type> >
Invalid Switch: type>

< >

< <result>completed</result> >
Invalid Switch: result>

< >

< <objects>371723</objects> >
Invalid Switch: objects>

< >

< <time>780</time> >
Invalid Switch: time>

< >

< <processes>0</processes> >
Invalid Switch: processes>

< >

< <modules>0</modules> >
Invalid Switch: modules>

< >

< <keys>3</keys> >
Invalid Switch: keys>

< >

< <values>5</values> >
Invalid Switch: values>

< >

< <datas>0</datas> >
Invalid Switch: datas>

< >

< <folders>0</folders> >
Invalid Switch: folders>

< >

< <files>3</files> >
Invalid Switch: files>

< >

< <sectors>0</sectors> >
Invalid Switch: sectors>

< >

< </summary> >
Invalid Switch: summary>

< >

< >

< -<options> >

< >

< <memory>enabled</memory> >
Invalid Switch: memory>

< >

< <startup>enabled</startup> >
Invalid Switch: startup>

< >

< <filesystem>enabled</filesystem> >
Invalid Switch: filesystem>

< >

< <archives>enabled</archives> >
Invalid Switch: archives>

< >

< <rootkits>disabled</rootkits> >
Invalid Switch: rootkits>

< >

< <deeprootkit>disabled</deeprootkit> >
Invalid Switch: deeprootkit>

< >

< <heuristics>enabled</heuristics> >
Invalid Switch: heuristics>

< >

< <pup>enabled</pup> >
Invalid Switch: pup>

< >

< <pum>enabled</pum> >
Invalid Switch: pum>

< >

< </options> >
Invalid Switch: options>

< >

< >

< -<items> >

< >

< >

< -<key> >

< >

< <path>HKU\S-1-5-21-549124750-1769519980-1495428139-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{006ee092-9658-4fd6-bd8e-a21a348e59f5}</path> >
Invalid Switch: path>

< >

< <vendor>PUP.Optional.Snapdo.T</vendor> >
Invalid Switch: vendor>

< >

< <action>success</action> >
Invalid Switch: action>

< >

< <hash>14de893306849e989fec347b3dc69070</hash> >
Invalid Switch: hash>

< >

< </key> >
Invalid Switch: key>

< >

< >

< -<key> >

< >

< <path>HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{006EE092-9658-4FD6-BD8E-A21A348E59F5}</path> >
Invalid Switch: path>

< >

< <vendor>PUP.Optional.Snapdo.T</vendor> >
Invalid Switch: vendor>

< >

< <action>success</action> >
Invalid Switch: action>

< >

< <hash>14de893306849e989fec347b3dc69070</hash> >
Invalid Switch: hash>

< >

< </key> >
Invalid Switch: key>

< >

< >

< -<key> >

< >

< <path>HKU\S-1-5-21-549124750-1769519980-1495428139-1000\SOFTWARE\SMARTBAR</path> >
Invalid Switch: path>

< >

< <vendor>PUP.Optional.SnapDo.A</vendor> >
Invalid Switch: vendor>

< >

< <action>success</action> >
Invalid Switch: action>

< >

< <hash>18da4b71632724129249f94bf50f8878</hash> >
Invalid Switch: hash>

< >

< </key> >
Invalid Switch: key>

< >

< >

< -<value> >

< >

< <path>HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\TOOLBAR</path> >
Invalid Switch: path>

< >

< <valuename>{ae07101b-46d4-4a98-af68-0333ea26e113}</valuename> >
Invalid Switch: valuename>

< >

< <vendor>PUP.Optional.SmartBar</vendor> >
Invalid Switch: vendor>

< >

< <action>success</action> >
Invalid Switch: action>

< >

< <valuedata>Smartbar</valuedata> >
Invalid Switch: valuedata>

< >

< <hash>24ce65572169f244c21dfb1e7e86bf41</hash> >
Invalid Switch: hash>

< >

< </value> >
Invalid Switch: value>

< >

< >

< -<value> >

< >

< <path>HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{006ee092-9658-4fd6-bd8e-a21a348e59f5}</path> >
Invalid Switch: path>

< >

< <valuename>URL</valuename> >
Invalid Switch: valuename>

< >

< <vendor>PUP.Optional.SnapDo.A</vendor> >
Invalid Switch: vendor>

< >

< <action>success</action> >
Invalid Switch: action>

< >

< <valuedata>http://feed.snap.do/?publisher=SnapdoSoftonicYB&dpid=SnapdoSoftonicYB&co=TJ&userid=5451a4eb-20b5-48c4-8e9d-a74b42d431ae&searchtype=ds&q={searchTerms}&installDate=25/04/2013</valuedata> >
Invalid Switch: valuedata>

< >

< <hash>6290803c5832989ef6077a7a917209f7</hash> >
Invalid Switch: hash>

< >

< </value> >
Invalid Switch: value>

< >

< >

< -<value> >

< >

< <path>HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\TOOLBAR</path> >
Invalid Switch: path>

< >

< <valuename>{ae07101b-46d4-4a98-af68-0333ea26e113}</valuename> >
Invalid Switch: valuename>

< >

< <vendor>PUP.Optional.SmartBar</vendor> >
Invalid Switch: vendor>

< >

< <action>success</action> >
Invalid Switch: action>

< >

< <valuedata>Smartbar</valuedata> >
Invalid Switch: valuedata>

< >

< <hash>eb07f6c65733cb6b30afd445a3618f71</hash> >
Invalid Switch: hash>

< >

< </value> >
Invalid Switch: value>

< >

< >

< -<value> >

< >

< <path>HKU\S-1-5-21-549124750-1769519980-1495428139-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES</path> >
Invalid Switch: path>

< >

< <valuename>DefaultScope</valuename> >
Invalid Switch: valuename>

< >

< <vendor>PUP.Optional.Snapdo.T</vendor> >
Invalid Switch: vendor>

< >

< <action>success</action> >
Invalid Switch: action>

< >

< <valuedata>{006ee092-9658-4fd6-bd8e-a21a348e59f5}</valuedata> >
Invalid Switch: valuedata>

< >

< <hash>ac46b7055d2d3105cf756bb77a8a7789</hash> >
Invalid Switch: hash>

< >

< </value> >
Invalid Switch: value>

< >

< >

< -<value> >

< >

< <path>HKU\S-1-5-21-549124750-1769519980-1495428139-1000\SOFTWARE\SMARTBAR</path> >
Invalid Switch: path>

< >

< <valuename>publisher</valuename> >
Invalid Switch: valuename>

< >

< <vendor>PUP.Optional.SnapDo.A</vendor> >
Invalid Switch: vendor>

< >

< <action>success</action> >
Invalid Switch: action>

< >

< <valuedata>SnapdoSoftonicYB</valuedata> >
Invalid Switch: valuedata>

< >

< <hash>18da4b71632724129249f94bf50f8878</hash> >
Invalid Switch: hash>

< >

< </value> >
Invalid Switch: value>

< >

< >

< -<file> >

< >

< <path>C:\Users\rms\AppData\Local\Temp\Low\C8SY.dll</path> >
Invalid Switch: path>

< >

< <vendor>Trojan.FakeMS.gen</vendor> >
Invalid Switch: vendor>

< >

< <action>success</action> >
Invalid Switch: action>

< >

< <hash>c52d96262466b77f226e936433cee51b</hash> >
Invalid Switch: hash>

< >

< </file> >
Invalid Switch: file>

< >

< >

< -<file> >

< >

< <path>C:\Users\rms\AppData\Local\Temp\Low\EyC7.dll</path> >
Invalid Switch: path>

< >

< <vendor>Trojan.Ransom.VEGen</vendor> >
Invalid Switch: vendor>

< >

< <action>success</action> >
Invalid Switch: action>

< >

< <hash>f200417ba2e89e98c70dfad2d0313fc1</hash> >
Invalid Switch: hash>

< >

< </file> >
Invalid Switch: file>

< >

< >

< -<file> >

< >

< <path>C:\Users\rms\AppData\Local\Temp\Low\rad83127.tmp.exe</path> >
Invalid Switch: path>

< >

< <vendor>Trojan.MSIL.ED</vendor> >
Invalid Switch: vendor>

< >

< <action>success</action> >
Invalid Switch: action>

< >

< <hash>c92904b88703d165880633f6699923dd</hash> >
Invalid Switch: hash>

< >

< </file> >
Invalid Switch: file>

< >

< </items> >
Invalid Switch: items>

< >

< </mbam-log> >
Invalid Switch: mbam-log>

========== Alternate Data Streams ==========

@Alternate Data Stream - 193 bytes -> C:\ProgramData\Temp:A4241298
@Alternate Data Stream - 171 bytes -> C:\ProgramData\Temp:9BB8C675
@Alternate Data Stream - 169 bytes -> C:\ProgramData\Temp:363E775E
@Alternate Data Stream - 167 bytes -> C:\ProgramData\Temp:5E73E1C2
@Alternate Data Stream - 166 bytes -> C:\ProgramData\Temp:5133A494
@Alternate Data Stream - 165 bytes -> C:\ProgramData\Temp:A02025CE
@Alternate Data Stream - 162 bytes -> C:\ProgramData\Temp:2701CA70
@Alternate Data Stream - 149 bytes -> C:\ProgramData\Temp:9BAC4211

< End of report >
 
P

PC-John

Stammgast
spiderpig schrieb:
... Ich bin auf diese Seite gestossen, nachdem besagte Seite vom Bundesamt für Polizei bei mir aufgetaucht ist und mich partout nicht mehr weglassen wollte. Über den Task Manager bin ich dann doch noch aus der Nummer rausgekommen ...
Zum Vergrößern anklicken....

All dieser kilometerlange Code hilft kaum weiter.

Hast du denn von der oben genannten Seite eine Antwort eingefordert?
Nein, diese Seite kam einfach ungewünscht daher, wie Werbe-Anrufe auf das Natel, nehme ich mal an.

Bei solchen unerwünschten Seiten nie auf irgendwelchen Button oder Link drücken.
Sogar das herunterladen von "aus Sicherheit nicht angezeigten Grafiken" kann einem Schädling Tür und Tor öffnen.

Am besten gleich via Taskmanager aussteigen, wie beschrieben.
Und zur Sicherheit gleich den PC booten.

PC-John
 
Swisstreasure

Swisstreasure

Stammgast
PC-John schrieb:
All dieser kilometerlange Code hilft kaum weiter.
Zum Vergrößern anklicken....
Was ist das für eine Aussage? Wieso soll dies nicht helfen um Schadstoff auf dem System zu erkennen??

:hallo:

Eine Bereinigung ist mitunter mit viel Arbeit für Dich verbunden.
  • Bitte arbeite alle Schritte der Reihe nach ab.
  • Lese die Anleitungen sorgfältig. Sollte es Probleme geben, bitte stoppen und hier so gut es geht beschreiben.
  • Nur Scanns durchführen zu denen Du von einem Helfer aufgefordert wirst.
  • Bitte kein Crossposting ( posten in mehreren Foren).
  • Installiere oder Deinstalliere während der Bereinigung keine Software ausser Du wurdest dazu aufgefordert.
  • Lese Dir die Anleitung zuerst vollständig durch. Sollte etwas unklar sein, frage bevor Du beginnst.
  • Poste die Logfiles direkt in deinen Thread. Nicht anhängen ausser ich fordere Dich dazu auf. Erschwert mir nämlich das auswerten.

Hinweis: Ich kann Dir niemals eine Garantie geben, dass ich auch alles finde. Eine Formatierung ist meist der Schnellere und immer der sicherste Weg.
Solltest Du Dich für eine Bereinigung entscheiden, arbeite solange mit, bis dir jemand vom Team sagt, dass Du clean bist.

[size=+1]Vista[/size] und [size=+1]Win7 User[/size]
Alle Tools mit Rechtsklick "als Administrator ausführen" starten.

[size=+1]Schritt 1[/size]

Downloade Dir bitte AdwCleaner auf deinen Desktop.
  • Starte die adwcleaner.exe mit einem Doppelklick.
  • Klicke auf Search.
  • Nach Ende des Suchlaufs öffnet sich eine Textdatei.
  • Poste mir den Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner[R1].txt.

[size=+1]Schritt 2[/size]

Systemscan mit FRST
Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop: FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Start > Computer (Rechtsklick) > Eigenschaften)
  • Starte jetzt FRST.
  • Ändere ungefragt keine der Checkboxen und klicke auf Scan.
  • Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
  • Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)
 
S

spiderpig

Mitglied
AdwCleaner Log:


# AdwCleaner v4.207 - Bericht erstellt 23/06/2015 um 20:50:53
# Aktualisiert 21/06/2015 von Xplode
# Datenbank : 2015-06-23.1 [Server]
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (x64)
# Benutzername : rms - FAETZE
# Gestarted von : C:\Users\rms\Desktop\adwcleaner_4.207.exe
# Option : Suchlauf

***** [ Dienste ] *****


***** [ Dateien / Ordner ] *****

Datei Gefunden : C:\Windows\System32\roboot64.exe
Ordner Gefunden : C:\ProgramData\Trymedia
Ordner Gefunden : C:\Users\Public\Documents\iWin
Ordner Gefunden : C:\Users\rms\AppData\Roaming\pdfforge

***** [ Geplante Tasks ] *****


***** [ Verknüpfungen ] *****


***** [ Registrierungsdatenbank ] *****

Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706}
Schlüssel Gefunden : HKCU\Software\OCS
Schlüssel Gefunden : HKCU\Software\Softonic
Schlüssel Gefunden : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{D43B3890-80C7-4010-A95D-1E77B5924DC3}
Schlüssel Gefunden : [x64] HKCU\Software\OCS
Schlüssel Gefunden : [x64] HKCU\Software\Softonic
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Applications\ilividsetup.exe
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Schlüssel Gefunden : HKLM\SOFTWARE\Trymedia Systems
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{B7FCA997-D0FB-4FE0-8AFD-255E89CF9671}
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{D43B3890-80C7-4010-A95D-1E77B5924DC3}
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\3152E1F19977892449DC968802CE8964
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\649A52D257CA5DB4EAAE8BA9EB23E467

***** [ Internetbrowser ] *****

-\\ Internet Explorer v11.0.9600.17840

Einstellung Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchUrl [Default] - hxxp://feed.snap.do/?publisher=SnapdoSoftonicYB&dpid=SnapdoSoftonicYB&co=TJ&userid=5451a4eb-20b5-48c4-8e9d-a74b42d431ae&searchtype=ds&q={searchTerms}&installDate=25/04/2013

*************************

AdwCleaner[R0].txt - [3356 Bytes] - [23/06/2015 20:45:33]
AdwCleaner[R1].txt - [3159 Bytes] - [23/06/2015 20:50:53]

########## EOF - C:\AdwCleaner\AdwCleaner[R1].txt - [3218 Bytes] ##########
 
S

spiderpig

Mitglied
FRST Log, Teil 1:

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:21-06-2015 01
Ran by rms (administrator) on FAETZE on 23-06-2015 20:53:49
Running from C:\Users\rms\Desktop
Loaded Profiles: rms (Available Profiles: rms)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(EasyBits Software AS) C:\Windows\SysWOW64\ezSharedSvcHost.exe
(F-Secure Corporation) C:\Program Files (x86)\Internet Security\fshoster32.exe
(F-Secure Corporation) C:\Program Files (x86)\Internet Security\apps\CCF_Reputation\fsorsp.exe
(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(PDF Complete Inc) C:\Program Files (x86)\PDF Complete\pdfsvc.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
() C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe
() C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe
(Hewlett-Packard) C:\Program Files (x86)\Hp\HP Software Update\hpwuschd2.exe
(Logitech Inc.) C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe
(Easybits) C:\ProgramData\Easybits Magic Desktop for HP\mdhpSUN.exe
(F-Secure Corporation) C:\Program Files (x86)\Internet Security\apps\ComputerSecurity\Common\FSM32.EXE
(F-Secure Corporation) C:\Program Files (x86)\Internet Security\fshoster32.exe
(Geek Software GmbH) C:\Program Files (x86)\PDF24\pdf24.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
() C:\Program Files (x86)\Logitech\LWS\Webcam Software\CameraHelperShell.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE
(F-Secure Corporation) C:\Program Files (x86)\Internet Security\apps\ComputerSecurity\Common\FSMA32.EXE
(F-Secure Corporation) C:\Program Files (x86)\Internet Security\apps\ComputerSecurity\Common\FSHDLL64.EXE
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe
(F-Secure Corporation) C:\Program Files (x86)\Internet Security\apps\ComputerSecurity\Anti-Virus\fsgk32.exe
(F-Secure Corporation) C:\Program Files (x86)\Internet Security\apps\ComputerSecurity\Anti-Virus\fssm32.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil64_16_0_0_235_ActiveX.exe
() C:\Users\rms\Desktop\adwcleaner_4.207.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [hpsysdrv] => c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe [62768 2008-11-20] (Hewlett-Packard)
HKLM-x32\...\Run: [StereoLinksInstall] => "C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvstlink.exe" /install1
HKLM-x32\...\Run: [HP Software Update] => c:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [54576 2008-12-08] (Hewlett-Packard)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [Easybits Recovery] => C:\Program Files (x86)\EasyBits For Kids\ezRecover.exe [61112 2011-02-10] (EasyBits Software AS)
HKLM-x32\...\Run: [BCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation)
HKLM-x32\...\Run: [LWS] => C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe [204136 2012-09-13] (Logitech Inc.)
HKLM-x32\...\Run: [PDF Complete] => C:\Program Files (x86)\PDF Complete\pdfsty.exe [656920 2011-02-01] (PDF Complete Inc)
HKLM-x32\...\Run: [Magic Desktop for HP notification] => C:\ProgramData\Easybits Magic Desktop for HP\mdhpSUN.exe [1243656 2013-12-10] (Easybits)
HKLM-x32\...\Run: [F-Secure Manager] => C:\Program Files (x86)\Internet Security\apps\ComputerSecurity\Common\FSM32.EXE [310312 2014-10-14] (F-Secure Corporation)
HKLM-x32\...\Run: [F-Secure Hoster (45119)] => C:\Program Files (x86)\Internet Security\fshoster32.exe [187432 2014-02-19] (F-Secure Corporation)
HKLM-x32\...\Run: [PDFPrint] => C:\Program Files (x86)\PDF24\pdf24.exe [193568 2014-10-13] (Geek Software GmbH)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [334896 2015-04-30] (Oracle Corporation)
HKLM\...\Policies\Explorer: [EnableShellExecuteHooks] 1
HKU\S-1-5-21-549124750-1769519980-1495428139-1000\...\Run: [msnmsgr] => "C:\Program Files (x86)\Windows Live\Messenger\MsnMsgr.Exe" /background
HKU\S-1-5-21-549124750-1769519980-1495428139-1000\...\Policies\system: [DisableLockWorkstation] 0
HKU\S-1-5-21-549124750-1769519980-1495428139-1000\...\Policies\system: [DisableChangePassword] 0
HKU\S-1-5-21-549124750-1769519980-1495428139-1000\...\MountPoints2: {cf88f44a-b2ec-11e0-9d45-806e6f6e6963} - E:\start.exe
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk [2011-08-31]
ShortcutTarget: Adobe Gamma Loader.lnk -> C:\Program Files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft Office.lnk [2011-08-31]
ShortcutTarget: Microsoft Office.lnk -> C:\Program Files (x86)\Microsoft Office\Office\OSA9.EXE (Microsoft Corporation)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-549124750-1769519980-1495428139-1000\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.bluewin.ch/de/email/
HKU\S-1-5-21-549124750-1769519980-1495428139-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.uk.msn.com/HPCON/35
HKU\S-1-5-21-549124750-1769519980-1495428139-1000\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.bing.com/search?q={searchTerms}
HKU\S-1-5-21-549124750-1769519980-1495428139-1000\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.bing.com/search?q={searchTerms}
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?q={searchTerms}&form=HPDTDF&pc=HPDTDF&src=IE-SearchBox
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?q={searchTerms}&form=HPDTDF&pc=HPDTDF&src=IE-SearchBox
SearchScopes: HKLM -> {0E821378-F39E-4281-8115-1649C28F9630} URL = http://www.amazon.de/s/ref=azs_osd_ieade?ie=UTF-8&tag=hp-de3-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKLM -> {2fa28606-de77-4029-af96-b231e3b8f827} URL = http://eu.ask.com/web?q={searchterms}&l=dis&o=HPDTDF
SearchScopes: HKLM -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = http://ch.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPDTDF
SearchScopes: HKLM -> {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = http://de.wikipedia.org/wiki/Special:Search?search={searchTerms}
SearchScopes: HKLM -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.com/rover/1/5222-111091-7834-2/4?mpre=http://shop.ebay.com/?_nkw={searchTerms}
SearchScopes: HKLM-x32 -> DefaultScope {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL =
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?q={searchTerms}&form=HPDTDF&pc=HPDTDF&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-549124750-1769519980-1495428139-1000 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?q={searchTerms}&form=HPDTDF&pc=HPDTDF&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-549124750-1769519980-1495428139-1000 -> {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL =
SearchScopes: HKU\S-1-5-21-549124750-1769519980-1495428139-1000 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL =
BHO: Browsing Protection -> {45BBE08D-81C5-4A67-AF20-B2A077C67747} -> C:\Program Files (x86)\Internet Security\apps\CCF_Scanning\bin\browser\install\fs_ie_https\fs_ie_https64.dll [2015-06-15] (F-Secure Corporation)
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll [2013-08-28] (Hewlett-Packard)
BHO-x32: Browsing Protection -> {45BBE08D-81C5-4A67-AF20-B2A077C67747} -> C:\Program Files (x86)\Internet Security\apps\CCF_Scanning\bin\browser\install\fs_ie_https\fs_ie_https.dll [2015-06-15] (F-Secure Corporation)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\ssv.dll [2015-05-30] (Oracle Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\jp2ssv.dll [2015-05-30] (Oracle Corporation)
BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll [2013-08-28] (Hewlett-Packard)
Toolbar: HKU\S-1-5-21-549124750-1769519980-1495428139-1000 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
Handler-x32: http - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL [1999-02-03] (Microsoft Corporation)
Handler-x32: http - {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL [1999-02-03] (Microsoft Corporation)
Handler-x32: https - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL [1999-02-03] (Microsoft Corporation)
Handler-x32: https - {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL [1999-02-03] (Microsoft Corporation)
Handler-x32: ipp - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL [1999-02-03] (Microsoft Corporation)
Handler-x32: msdaipp - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL [1999-02-03] (Microsoft Corporation)
Handler-x32: msdaipp - {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL [1999-02-03] (Microsoft Corporation)
ShellExecuteHooks-x32: EasyBits ShellExecute Hook - {E54729E8-BB3D-4270-9D49-7389EA579090} - C:\Windows\SysWOW64\ezUPBHook.dll [52920 2011-07-20] (EasyBits Software Corp.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
 
S

spiderpig

Mitglied
FRST Log, Teil 2:

FireFox:
========
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-16] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.45.2 -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\dtplugin\npDeployJava1.dll [2015-05-30] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.45.2 -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\plugin2\npjp2.dll [2015-05-30] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-15] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll No File
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\1\NP_wtapp.dll [2010-12-08] ()
FF HKLM-x32\...\Firefox\Extensions: [{3a54dca9-8650-4143-b5e9-977eba849863}] - C:\Program Files (x86)\Internet Security\apps\CCF_Scanning\bin\browser\deploy\fs_firefox_https
FF Extension: Browsing Protection - C:\Program Files (x86)\Internet Security\apps\CCF_Scanning\bin\browser\deploy\fs_firefox_https [2014-12-10]

Chrome:
=======
CHR HKLM-x32\...\Chrome\Extension: [jmjjnhpacphpjmnnlnccpfmhkcloaade] - C:/Program Files (x86)/Internet Security/apps/CCF_Scanning/bin/browser/install/fs_chrome_https/fs_chrome_https.crx [2014-11-27]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 ezSharedSvc; C:\Windows\SysWOW64\ezSharedSvcHost.exe [514232 2010-04-23] (EasyBits Software AS) [File not signed]
R2 ForceWare Intelligent Application Manager (IAM); C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe [496232 2010-03-05] ()
R2 fshoster; C:\Program Files (x86)\Internet Security\fshoster32.exe [187432 2014-02-19] (F-Secure Corporation)
R3 FSMA; C:\Program Files (x86)\Internet Security\apps\ComputerSecurity\Common\FSMA32.EXE [216104 2014-10-14] (F-Secure Corporation)
R2 FSORSPClient; C:\Program Files (x86)\Internet Security\apps\CCF_Reputation\fsorsp.exe [60456 2015-03-09] (F-Secure Corporation)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2015-04-14] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1080120 2015-04-14] (Malwarebytes Corporation)
R2 nSvcIp; C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe [209000 2010-03-05] ()
R2 pdfcDispatcher; C:\Program Files (x86)\PDF Complete\pdfsvc.exe [1127448 2011-02-01] (PDF Complete Inc)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 F-Secure Gatekeeper; C:\Program Files (x86)\Internet Security\apps\ComputerSecurity\Anti-Virus\minifilter\fsgk.sys [208424 2015-06-10] (F-Secure Corporation)
R1 F-Secure HIPS; C:\Program Files (x86)\Internet Security\apps\ComputerSecurity\HIPS\drivers\fshs.sys [71080 2015-06-10] (F-Secure Corporation)
R0 fsbts; C:\Windows\System32\Drivers\fsbts.sys [55336 2015-05-26] ()
R0 fsbts; C:\Windows\SysWOW64\Drivers\fsbts.sys [41024 2014-05-04] ()
R3 fsni; C:\Program Files (x86)\Internet Security\apps\CCF_Scanning\bin\fsni64.sys [95784 2015-06-15] (F-Secure Corporation)
R1 fsvista; C:\Program Files (x86)\Internet Security\apps\ComputerSecurity\Anti-Virus\minifilter\fsvista.sys [13248 2013-06-24] ()
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-04-14] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [136408 2015-06-23] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2015-04-14] (Malwarebytes Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-06-23 20:53 - 2015-06-23 20:54 - 00017071 _____ C:\Users\rms\Desktop\FRST.txt
2015-06-23 20:53 - 2015-06-23 20:53 - 02109952 _____ (Farbar) C:\Users\rms\Desktop\FRST64.exe
2015-06-23 20:53 - 2015-06-23 20:53 - 00000000 ____D C:\FRST
2015-06-23 20:50 - 2015-06-23 20:50 - 02244096 _____ C:\Users\rms\Desktop\adwcleaner_4.207.exe
2015-06-23 20:45 - 2015-06-23 20:51 - 00000000 ____D C:\AdwCleaner
2015-06-22 11:45 - 2015-06-22 11:45 - 00001224 _____ C:\Users\rms\Desktop\Vatican - Verknüpfung.lnk
2015-06-22 11:45 - 2015-06-22 11:45 - 00001204 _____ C:\Users\rms\Desktop\TimeMachine - Verknüpfung.lnk
2015-06-22 11:45 - 2015-06-22 11:45 - 00001089 _____ C:\Users\rms\Desktop\FBI - Verknüpfung.lnk
2015-06-22 11:39 - 2015-06-22 11:39 - 00000000 ____D C:\Users\rms\AppData\Local\Downloaded Installations
2015-06-22 11:36 - 2015-06-22 11:36 - 00001281 _____ C:\Users\rms\Desktop\Nemo - Verknüpfung.lnk
2015-06-22 11:36 - 2015-06-22 11:36 - 00001209 _____ C:\Users\rms\Desktop\Frankenstein - Verknüpfung.lnk
2015-06-22 11:36 - 2015-06-22 11:36 - 00001161 _____ C:\Users\rms\Desktop\Profiler - Verknüpfung.lnk
2015-06-22 11:30 - 2015-06-22 11:44 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Purplehills
2015-06-22 11:30 - 2015-06-22 11:44 - 00000000 ____D C:\Program Files (x86)\Purplehills
2015-06-20 16:10 - 2015-06-20 16:10 - 00602112 _____ (OldTimer Tools) C:\Users\rms\Desktop\OTL.exe
2015-06-20 15:37 - 2015-06-23 19:46 - 00136408 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-06-20 15:37 - 2015-06-20 15:37 - 00001104 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-06-20 15:37 - 2015-06-20 15:37 - 00000000 ___HD C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-06-20 15:37 - 2015-06-20 15:37 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-06-20 15:37 - 2015-06-20 15:37 - 00000000 ____D C:\ProgramData\Malwarebytes
2015-06-20 15:37 - 2015-04-14 09:37 - 00107736 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-06-20 15:37 - 2015-04-14 09:37 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-06-20 15:37 - 2015-04-14 09:37 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-06-17 18:41 - 2015-06-17 18:41 - 00000000 ____D C:\Users\rms\AppData\Roaming\Witchcraft
2015-06-15 15:00 - 2015-06-15 15:00 - 00000000 ____D C:\Users\rms\Documents\Quest_of_the_Sorceress
2015-06-13 23:37 - 2015-04-29 20:22 - 14635008 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll
2015-06-13 23:37 - 2015-04-29 20:21 - 00009728 _____ (Microsoft Corporation) C:\Windows\system32\spwmp.dll
2015-06-13 23:37 - 2015-04-29 20:21 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\msdxm.ocx
2015-06-13 23:37 - 2015-04-29 20:21 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\dxmasf.dll
2015-06-13 23:37 - 2015-04-29 20:07 - 11411456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmp.dll
2015-06-13 23:37 - 2015-04-29 20:07 - 00008192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\spwmp.dll
2015-06-13 23:37 - 2015-04-29 20:07 - 00004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msdxm.ocx
2015-06-13 23:37 - 2015-04-29 20:07 - 00004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxmasf.dll
2015-06-13 23:36 - 2015-05-25 20:24 - 05569984 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-06-13 23:36 - 2015-05-25 20:23 - 00155584 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-06-13 23:36 - 2015-05-25 20:23 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-06-13 23:36 - 2015-05-25 20:21 - 01728960 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2015-06-13 23:36 - 2015-05-25 20:19 - 01461760 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-06-13 23:36 - 2015-05-25 20:19 - 01255424 _____ (Microsoft Corporation) C:\Windows\system32\diagtrack.dll
2015-06-13 23:36 - 2015-05-25 20:19 - 01162752 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2015-06-13 23:36 - 2015-05-25 20:19 - 00879104 _____ (Microsoft Corporation) C:\Windows\system32\tdh.dll
2015-06-13 23:36 - 2015-05-25 20:19 - 00728576 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-06-13 23:36 - 2015-05-25 20:19 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-06-13 23:36 - 2015-05-25 20:19 - 00424960 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2015-06-13 23:36 - 2015-05-25 20:19 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
 
S

spiderpig

Mitglied
FRST Log, Teil 3:

2015-06-13 23:36 - 2015-05-25 20:19 - 00342016 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-06-13 23:36 - 2015-05-25 20:19 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2015-06-13 23:36 - 2015-05-25 20:19 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2015-06-13 23:36 - 2015-05-25 20:19 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2015-06-13 23:36 - 2015-05-25 20:19 - 00215040 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2015-06-13 23:36 - 2015-05-25 20:19 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2015-06-13 23:36 - 2015-05-25 20:19 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2015-06-13 23:36 - 2015-05-25 20:19 - 00113664 _____ (Microsoft Corporation) C:\Windows\system32\sechost.dll
2015-06-13 23:36 - 2015-05-25 20:19 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2015-06-13 23:36 - 2015-05-25 20:19 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-06-13 23:36 - 2015-05-25 20:19 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2015-06-13 23:36 - 2015-05-25 20:19 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2015-06-13 23:36 - 2015-05-25 20:19 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2015-06-13 23:36 - 2015-05-25 20:19 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2015-06-13 23:36 - 2015-05-25 20:18 - 00879104 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2015-06-13 23:36 - 2015-05-25 20:18 - 00404992 _____ (Microsoft Corporation) C:\Windows\system32\tracerpt.exe
2015-06-13 23:36 - 2015-05-25 20:18 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2015-06-13 23:36 - 2015-05-25 20:18 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-06-13 23:36 - 2015-05-25 20:18 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2015-06-13 23:36 - 2015-05-25 20:18 - 00104448 _____ (Microsoft Corporation) C:\Windows\system32\logman.exe
2015-06-13 23:36 - 2015-05-25 20:18 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2015-06-13 23:36 - 2015-05-25 20:18 - 00047104 _____ (Microsoft Corporation) C:\Windows\system32\typeperf.exe
2015-06-13 23:36 - 2015-05-25 20:18 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2015-06-13 23:36 - 2015-05-25 20:18 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\relog.exe
2015-06-13 23:36 - 2015-05-25 20:18 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2015-06-13 23:36 - 2015-05-25 20:18 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2015-06-13 23:36 - 2015-05-25 20:18 - 00019456 _____ (Microsoft Corporation) C:\Windows\system32\diskperf.exe
2015-06-13 23:36 - 2015-05-25 20:11 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2015-06-13 23:36 - 2015-05-25 20:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2015-06-13 23:36 - 2015-05-25 20:07 - 03989440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2015-06-13 23:36 - 2015-05-25 20:07 - 03934144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2015-06-13 23:36 - 2015-05-25 20:04 - 01310744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2015-06-13 23:36 - 2015-05-25 20:01 - 00641536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll
2015-06-13 23:36 - 2015-05-25 20:01 - 00635392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdh.dll
2015-06-13 23:36 - 2015-05-25 20:01 - 00551424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2015-06-13 23:36 - 2015-05-25 20:01 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2015-06-13 23:36 - 2015-05-25 20:01 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2015-06-13 23:36 - 2015-05-25 20:01 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2015-06-13 23:36 - 2015-05-25 20:01 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2015-06-13 23:36 - 2015-05-25 20:01 - 00092160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sechost.dll
2015-06-13 23:36 - 2015-05-25 20:01 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2015-06-13 23:36 - 2015-05-25 20:01 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2015-06-13 23:36 - 2015-05-25 20:01 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2015-06-13 23:36 - 2015-05-25 20:01 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2015-06-13 23:36 - 2015-05-25 20:01 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2015-06-13 23:36 - 2015-05-25 20:00 - 00364544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tracerpt.exe
2015-06-13 23:36 - 2015-05-25 20:00 - 00082944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\logman.exe
2015-06-13 23:36 - 2015-05-25 20:00 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2015-06-13 23:36 - 2015-05-25 20:00 - 00040448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\typeperf.exe
2015-06-13 23:36 - 2015-05-25 20:00 - 00037888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\relog.exe
2015-06-13 23:36 - 2015-05-25 20:00 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2015-06-13 23:36 - 2015-05-25 20:00 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\diskperf.exe
2015-06-13 23:36 - 2015-05-25 19:59 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2015-06-13 23:36 - 2015-05-25 19:59 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2015-06-13 23:36 - 2015-05-25 19:59 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2015-06-13 23:36 - 2015-05-25 19:59 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2015-06-13 23:36 - 2015-05-25 19:55 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2015-06-13 23:36 - 2015-05-22 20:18 - 01021440 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2015-06-13 23:36 - 2015-05-22 20:18 - 00757248 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2015-06-13 23:36 - 2015-05-22 20:18 - 00700416 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2015-06-13 23:36 - 2015-05-22 20:18 - 00423424 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2015-06-13 23:36 - 2015-05-22 20:18 - 00227328 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2015-06-13 23:36 - 2015-05-22 20:18 - 00045568 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2015-06-13 23:36 - 2015-05-22 20:13 - 01119232 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2015-06-13 23:36 - 2015-05-21 15:19 - 00193536 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2015-06-13 23:36 - 2015-04-29 20:19 - 12625920 _____ (Microsoft Corporation) C:\Windows\system32\wmploc.DLL
2015-06-13 23:36 - 2015-04-29 20:05 - 12625408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmploc.DLL
2015-06-13 23:35 - 2015-05-25 20:14 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-06-13 23:35 - 2015-05-25 20:14 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2015-06-13 23:35 - 2015-05-25 20:11 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-06-13 23:35 - 2015-05-25 20:11 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2015-06-13 23:35 - 2015-05-25 20:11 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2015-06-13 23:35 - 2015-05-25 20:11 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2015-06-13 23:35 - 2015-05-25 20:11 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2015-06-13 23:35 - 2015-05-25 20:11 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2015-06-13 23:35 - 2015-05-25 20:11 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2015-06-13 23:35 - 2015-05-25 20:11 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2015-06-13 23:35 - 2015-05-25 20:11 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2015-06-13 23:35 - 2015-05-25 20:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-06-13 23:35 - 2015-05-25 20:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2015-06-13 23:35 - 2015-05-25 20:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2015-06-13 23:35 - 2015-05-25 20:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2015-06-13 23:35 - 2015-05-25 20:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2015-06-13 23:35 - 2015-05-25 20:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2015-06-13 23:35 - 2015-05-25 20:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2015-06-13 23:35 - 2015-05-25 20:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2015-06-13 23:35 - 2015-05-25 20:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2015-06-13 23:35 - 2015-05-25 20:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2015-06-13 23:35 - 2015-05-25 20:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2015-06-13 23:35 - 2015-05-25 20:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2015-06-13 23:35 - 2015-05-25 20:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2015-06-13 23:35 - 2015-05-25 20:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2015-06-13 23:35 - 2015-05-25 20:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2015-06-13 23:35 - 2015-05-25 20:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2015-06-13 23:35 - 2015-05-25 20:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2015-06-13 23:35 - 2015-05-25 20:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2015-06-13 23:35 - 2015-05-25 20:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2015-06-13 23:35 - 2015-05-25 19:57 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2015-06-13 23:35 - 2015-05-25 19:57 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2015-06-13 23:35 - 2015-05-25 19:55 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2015-06-13 23:35 - 2015-05-25 19:55 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2015-06-13 23:35 - 2015-05-25 19:55 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2015-06-13 23:35 - 2015-05-25 19:55 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2015-06-13 23:35 - 2015-05-25 19:55 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2015-06-13 23:35 - 2015-05-25 19:55 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2015-06-13 23:35 - 2015-05-25 19:55 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2015-06-13 23:35 - 2015-05-25 19:55 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2015-06-13 23:35 - 2015-05-25 19:55 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2015-06-13 23:35 - 2015-05-25 19:55 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2015-06-13 23:35 - 2015-05-25 19:55 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2015-06-13 23:35 - 2015-05-25 19:55 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2015-06-13 23:35 - 2015-05-25 19:55 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2015-06-13 23:35 - 2015-05-25 19:55 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2015-06-13 23:35 - 2015-05-25 19:55 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2015-06-13 23:35 - 2015-05-25 19:55 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-06-13 23:35 - 2015-05-25 19:55 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2015-06-13 23:35 - 2015-05-25 19:55 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2015-06-13 23:35 - 2015-05-25 19:55 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2015-06-13 23:35 - 2015-05-25 19:55 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2015-06-13 23:35 - 2015-05-25 19:55 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2015-06-13 23:35 - 2015-05-25 19:55 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
 
S

spiderpig

Mitglied
FRST Log, Teil 4:

2015-06-13 23:35 - 2015-05-25 19:55 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2015-06-13 23:35 - 2015-05-25 19:55 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2015-06-13 23:35 - 2015-05-25 19:55 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2015-06-13 23:35 - 2015-05-25 19:08 - 03206144 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-06-13 23:35 - 2015-05-25 19:00 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\UtcResources.dll
2015-06-13 23:35 - 2015-05-25 18:50 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2015-06-13 23:35 - 2015-05-25 18:50 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2015-06-13 23:35 - 2015-05-25 18:48 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2015-06-13 23:35 - 2015-05-25 18:48 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2015-06-13 23:35 - 2015-05-25 18:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2015-06-13 23:35 - 2015-05-25 18:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2015-06-13 23:35 - 2015-04-24 20:17 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\comctl32.dll
2015-06-13 23:35 - 2015-04-24 19:56 - 00530432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\comctl32.dll
2015-06-13 23:35 - 2015-04-11 05:19 - 00069888 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\stream.sys
2015-06-13 23:34 - 2015-06-01 21:16 - 00389840 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-06-13 23:34 - 2015-06-01 20:07 - 00342736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2015-06-13 23:34 - 2015-05-27 16:08 - 19607040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-06-13 23:34 - 2015-05-23 05:28 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2015-06-13 23:34 - 2015-05-23 05:15 - 00503808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-06-13 23:34 - 2015-05-23 05:15 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2015-06-13 23:34 - 2015-05-23 05:15 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2015-06-13 23:34 - 2015-05-23 05:14 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2015-06-13 23:34 - 2015-05-23 05:13 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2015-06-13 23:34 - 2015-05-23 05:10 - 02278912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-06-13 23:34 - 2015-05-23 05:09 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2015-06-13 23:34 - 2015-05-23 05:08 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2015-06-13 23:34 - 2015-05-23 05:06 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2015-06-13 23:34 - 2015-05-23 05:05 - 00664064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2015-06-13 23:34 - 2015-05-23 05:05 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2015-06-13 23:34 - 2015-05-23 05:04 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2015-06-13 23:34 - 2015-05-23 04:57 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2015-06-13 23:34 - 2015-05-23 04:52 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2015-06-13 23:34 - 2015-05-23 04:49 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2015-06-13 23:34 - 2015-05-23 04:48 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-06-13 23:34 - 2015-05-23 04:47 - 04305920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-06-13 23:34 - 2015-05-23 04:47 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-06-13 23:34 - 2015-05-23 04:38 - 00689152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-06-13 23:34 - 2015-05-23 04:37 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-06-13 23:34 - 2015-05-23 04:37 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2015-06-13 23:34 - 2015-05-23 04:28 - 12829696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-06-13 23:34 - 2015-05-23 04:20 - 01950720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-06-13 23:34 - 2015-05-23 04:16 - 01309696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-06-13 23:34 - 2015-05-23 04:14 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2015-06-13 23:34 - 2015-05-22 21:16 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-06-13 23:34 - 2015-05-22 21:16 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2015-06-13 23:34 - 2015-05-22 21:01 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-06-13 23:34 - 2015-05-22 21:00 - 02885632 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-06-13 23:34 - 2015-05-22 21:00 - 00584192 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-06-13 23:34 - 2015-05-22 21:00 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2015-06-13 23:34 - 2015-05-22 20:53 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-06-13 23:34 - 2015-05-22 20:52 - 06026240 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-06-13 23:34 - 2015-05-22 20:52 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-06-13 23:34 - 2015-05-22 20:48 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-06-13 23:34 - 2015-05-22 20:47 - 00816640 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-06-13 23:34 - 2015-05-22 20:47 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2015-06-13 23:34 - 2015-05-22 20:47 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-06-13 23:34 - 2015-05-22 20:47 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2015-06-13 23:34 - 2015-05-22 20:40 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2015-06-13 23:34 - 2015-05-22 20:36 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-06-13 23:34 - 2015-05-22 20:29 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2015-06-13 23:34 - 2015-05-22 20:24 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-06-13 23:34 - 2015-05-22 20:21 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-06-13 23:34 - 2015-05-22 20:07 - 00720384 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-06-13 23:34 - 2015-05-22 20:06 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-06-13 23:34 - 2015-05-22 20:05 - 02125824 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-06-13 23:34 - 2015-05-22 20:05 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2015-06-13 23:34 - 2015-05-22 19:57 - 14404096 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-06-13 23:34 - 2015-05-22 19:50 - 02426880 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-06-13 23:34 - 2015-05-22 19:38 - 01545728 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-06-13 23:34 - 2015-05-22 19:26 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-06-13 23:33 - 2015-05-27 16:35 - 24917504 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-06-13 23:33 - 2015-05-22 21:00 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-06-13 23:33 - 2015-05-22 20:59 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-06-13 23:33 - 2015-05-22 20:25 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-06-01 11:21 - 2015-06-01 11:21 - 00000000 ____D C:\Users\rms\AppData\Local\GWX
2015-05-30 23:32 - 2015-05-30 23:32 - 00097888 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2015-05-30 23:32 - 2015-05-30 23:32 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2015-05-30 23:32 - 2015-05-30 23:32 - 00000000 ____D C:\Program Files (x86)\Java
2015-05-26 19:43 - 2015-05-26 19:43 - 00045110 _____ C:\Users\rms\Downloads\Vorstellung - Ein gutes Vorstellungsgespräch will vorbereitet sein_2 (1).htm
2015-05-26 19:41 - 2015-05-26 19:41 - 00039234 _____ C:\Users\rms\Downloads\Vorstellung - Ein gutes Vorstellungsgespräch will vorbereitet sein.htm
2015-05-26 19:39 - 2015-05-26 19:39 - 00045110 _____ C:\Users\rms\Downloads\Vorstellung - Ein gutes Vorstellungsgespräch will vorbereitet sein_2.htm

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-06-23 20:44 - 2009-07-14 06:45 - 00024608 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-06-23 20:44 - 2009-07-14 06:45 - 00024608 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-06-23 19:34 - 2011-08-31 13:32 - 01971838 _____ C:\Windows\WindowsUpdate.log
2015-06-23 19:28 - 2011-07-20 17:10 - 00000000 ____D C:\ProgramData\PDFC
2015-06-23 19:27 - 2009-07-14 07:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-06-23 19:27 - 2009-07-14 06:51 - 00137470 _____ C:\Windows\setupact.log
2015-06-22 10:52 - 2011-12-18 01:26 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GameTop.com
2015-06-22 10:52 - 2011-12-18 01:26 - 00000000 ____D C:\Program Files (x86)\GameTop.com
2015-06-21 14:34 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\rescache
2015-06-21 10:06 - 2010-11-21 05:47 - 00511252 _____ C:\Windows\PFRO.log
2015-06-20 11:38 - 2013-02-16 14:45 - 00000324 _____ C:\Windows\Tasks\HPCeeScheduleForrms.job
2015-06-19 16:00 - 2013-02-16 14:45 - 00003174 _____ C:\Windows\System32\Tasks\HPCeeScheduleForrms
2015-06-19 16:00 - 2011-08-31 13:35 - 00000000 ____D C:\Users\rms
2015-06-18 19:25 - 2011-09-02 18:18 - 00000052 _____ C:\Windows\SysWOW64\DOErrors.log
2015-06-14 23:52 - 2014-11-14 18:37 - 00000000 __SHD C:\Users\rms\AppData\Local\EmieBrowserModeList
2015-06-14 23:52 - 2014-04-16 19:02 - 00000000 __SHD C:\Users\rms\AppData\Local\EmieUserList
2015-06-14 23:52 - 2014-04-16 19:02 - 00000000 __SHD C:\Users\rms\AppData\Local\EmieSiteList
2015-06-14 23:39 - 2011-07-20 16:19 - 00702524 _____ C:\Windows\system32\perfh007.dat
2015-06-14 23:39 - 2011-07-20 16:19 - 00151004 _____ C:\Windows\system32\perfc007.dat
2015-06-14 23:39 - 2009-07-14 07:13 - 01630208 _____ C:\Windows\system32\PerfStringBackup.INI
2015-06-14 23:35 - 2009-07-14 07:09 - 00000000 ____D C:\Windows\System32\Tasks\WPD
2015-06-14 23:33 - 2009-07-14 06:45 - 00409480 _____ C:\Windows\system32\FNTCACHE.DAT
2015-06-14 23:30 - 2014-12-13 09:26 - 00000000 ____D C:\Windows\system32\appraiser
2015-06-14 23:30 - 2014-05-06 21:44 - 00000000 ___SD C:\Windows\system32\CompatTel
2015-06-14 23:30 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\PolicyDefinitions
2015-06-13 23:47 - 2012-01-22 17:13 - 00000000 ____D C:\ProgramData\Microsoft Help
2015-06-13 23:46 - 2013-11-15 20:00 - 00000000 ____D C:\Windows\system32\MRT
2015-06-13 23:42 - 2012-08-02 23:00 - 140135120 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-06-13 23:41 - 2009-07-14 04:34 - 00000478 _____ C:\Windows\win.ini
2015-05-30 23:32 - 2015-01-31 01:17 - 00000000 ____D C:\ProgramData\Oracle
2015-05-26 19:38 - 2014-08-28 17:58 - 00055336 _____ C:\Windows\system32\Drivers\fsbts.sys
2015-05-25 08:44 - 2015-01-05 00:16 - 00000000 ____D C:\Users\rms\AppData\Roaming\Lazy Turtle Games
2015-05-24 00:51 - 2015-04-04 22:45 - 00000000 ___SD C:\Windows\SysWOW64\GWX
2015-05-24 00:51 - 2015-04-04 22:45 - 00000000 ___SD C:\Windows\system32\GWX

Some files in TEMP:
====================
C:\Users\rms\AppData\Local\Temp\AskSLib.dll
C:\Users\rms\AppData\Local\Temp\HPHelpUpdater.exe
C:\Users\rms\AppData\Local\Temp\Quarantine.exe
C:\Users\rms\AppData\Local\Temp\Resource.exe
C:\Users\rms\AppData\Local\Temp\SkypeSetup.exe
C:\Users\rms\AppData\Local\Temp\sp58915.exe
C:\Users\rms\AppData\Local\Temp\sp64126.exe
C:\Users\rms\AppData\Local\Temp\sqlite3.dll
C:\Users\rms\AppData\Local\Temp\UninstallHPSA.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-06-21 12:02

==================== End of log ============================
 
Swisstreasure

Swisstreasure

Stammgast
[size=+1]Schritt 1[/size]

Fix mit FRST
Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument
Code: 
HKLM-x32\...\Run: [] => [X]
Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
  • Starte nun FRST erneut und klicke den Fix Button.
  • Das Tool erstellt eine Fixlog.txt.
  • Poste mir deren Inhalt.

[size=+1]Schritt 2[/size]

Bestehen noch irgendwelche Probleme? Das Log sieht sauber aus :)
 
Du musst dich einloggen oder registrieren, um hier zu antworten.
Oben