Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: Infizierte Email "Bayer.com"

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 22.01.2014, 06:21   #1
Steve12
 
Infizierte Email "Bayer.com" - Standard

Infizierte Email "Bayer.com"



Hi Leute,

ich bin zur Zeit auf arbeitssuche und irgendwie wahrscheinlich über monster.de wo ich meinen LL hinterlegt hatte, hat man meine Mailadresse bekommen und mir von diesem Absender: "hrdirect_noreply@bayer.com" eine Mail geschickt, in der Stand, dass ich doch für weitere Informationen bitte den Anhang öffnen sollte.
Klar ist, dass dies keine echte Mail von Bayer ist. Ich habe sie dennoch mit Thunderbird gelesen, aber den Anhang nicht geöffnet.

1. Bin ich jetzt möglicherweise dadurch schon infiziert?
2. Kann ich diese Mailadresse "hrdirect_noreply@bayer.com" irgendwo melden?

Schönen Gruß
Steve

Alt 22.01.2014, 07:08   #2
schrauber
/// the machine
/// TB-Ausbilder
 

Infizierte Email "Bayer.com" - Standard

Infizierte Email "Bayer.com"



Kannste die Mail mal zippen und anhängen, oder weiterleiten an schrauber(at)trojaner-board.de?


Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop: FRST Download FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
  • Starte jetzt FRST.
  • Ändere ungefragt keine der Checkboxen und klicke auf Untersuchen.
  • Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
  • Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)

__________________

__________________

Alt 22.01.2014, 11:42   #3
Steve12
 
Infizierte Email "Bayer.com" - Standard

Infizierte Email "Bayer.com"



Hi,

Mail ist weitergeleitet.

Code:
ATTFilter
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 22-01-2014
Ran by John at 2014-01-22 12:36:50
Running from C:\Users\John\Downloads
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AV: Avira Desktop (Disabled - Up to date) {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
AS: Avira Desktop (Disabled - Up to date) {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

µTorrent (x32 Version: 3.3.0.29038 - BitTorrent Inc.)
ActivePerl 5.16.2 Build 1602 (64-bit) (Version: 5.16.1602 - ActiveState)
Adobe AIR (x32 Version: 3.6.0.6090 - Adobe Systems Incorporated)
Adobe AIR (x32 Version: 3.6.0.6090 - Adobe Systems Incorporated) Hidden
Adobe Flash Player 11 ActiveX (x32 Version: 11.9.900.170 - Adobe Systems Incorporated)
Adobe Flash Player 12 Plugin (x32 Version: 12.0.0.43 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.0 (x32 Version: 12.0.3.133 - Adobe Systems, Inc.)
Adobe SVG Viewer 3.0 (x32 Version:  3.0 - Adobe Systems, Inc.)
AFPL Ghostscript 8.54 (x32 Version:  - )
AFPL Ghostscript Fonts (x32 Version:  - )
Agent Ransack Version 1.7.3 (x32 Version:  - )
Airline Tycoon - Deluxe (x32 Version:  - Spellbound Entertainment AG)
Allway Sync 'n' Go version 12.14.11 (x32 Version:  - Botkind Inc)
Amazon MP3-Downloader 1.0.18 (HKCU Version: 1.0.18 - Amazon Services LLC)
AMD APP SDK Runtime (Version: 2.5.793.1 - Advanced Micro Devices Inc.) Hidden
AMD Catalyst Install Manager (Version: 3.0.851.0 - Advanced Micro Devices, Inc.)
Avira Free Antivirus (x32 Version: 14.0.2.286 - Avira)
Birkenbihl Sprachen (x32 Version: 255 - Bizzons eMarketing GmbH) Hidden
Birkenbihl Sprachen (x32 Version: 3740 - Bizzons eMarketing GmbH)
BlueStacks App Player (x32 Version: 0.7.12.896 - BlueStack Systems, Inc.)
BlueStacks Notification Center (x32 Version: 0.7.12.896 - BlueStack Systems, Inc.)
CamStudio (x32 Version:  - )
Catalyst Control Center - Branding (x32 Version: 1.00.0000 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center (x32 Version: 2012.0121.2309.41511 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Graphics Previews Common (x32 Version: 2012.0121.2309.41511 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center InstallProxy (x32 Version: 2010.0228.2147.39093 - ATI Technologies, Inc.) Hidden
Catalyst Control Center InstallProxy (x32 Version: 2012.0121.2309.41511 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Localization All (x32 Version: 2012.0121.2309.41511 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Profiles Mobile (x32 Version: 2012.0121.2309.41511 - Advanced Micro Devices, Inc.) Hidden
CCC Help Chinese Standard (x32 Version: 2012.0121.2308.41511 - Advanced Micro Devices, Inc.) Hidden
CCC Help Chinese Traditional (x32 Version: 2012.0121.2308.41511 - Advanced Micro Devices, Inc.) Hidden
CCC Help Czech (x32 Version: 2012.0121.2308.41511 - Advanced Micro Devices, Inc.) Hidden
CCC Help Danish (x32 Version: 2012.0121.2308.41511 - Advanced Micro Devices, Inc.) Hidden
CCC Help Dutch (x32 Version: 2012.0121.2308.41511 - Advanced Micro Devices, Inc.) Hidden
CCC Help English (x32 Version: 2012.0121.2308.41511 - Advanced Micro Devices, Inc.) Hidden
CCC Help Finnish (x32 Version: 2012.0121.2308.41511 - Advanced Micro Devices, Inc.) Hidden
CCC Help French (x32 Version: 2012.0121.2308.41511 - Advanced Micro Devices, Inc.) Hidden
CCC Help German (x32 Version: 2012.0121.2308.41511 - Advanced Micro Devices, Inc.) Hidden
CCC Help Greek (x32 Version: 2012.0121.2308.41511 - Advanced Micro Devices, Inc.) Hidden
CCC Help Hungarian (x32 Version: 2012.0121.2308.41511 - Advanced Micro Devices, Inc.) Hidden
CCC Help Italian (x32 Version: 2012.0121.2308.41511 - Advanced Micro Devices, Inc.) Hidden
CCC Help Japanese (x32 Version: 2012.0121.2308.41511 - Advanced Micro Devices, Inc.) Hidden
CCC Help Korean (x32 Version: 2012.0121.2308.41511 - Advanced Micro Devices, Inc.) Hidden
CCC Help Norwegian (x32 Version: 2012.0121.2308.41511 - Advanced Micro Devices, Inc.) Hidden
CCC Help Polish (x32 Version: 2012.0121.2308.41511 - Advanced Micro Devices, Inc.) Hidden
CCC Help Portuguese (x32 Version: 2012.0121.2308.41511 - Advanced Micro Devices, Inc.) Hidden
CCC Help Russian (x32 Version: 2012.0121.2308.41511 - Advanced Micro Devices, Inc.) Hidden
CCC Help Spanish (x32 Version: 2012.0121.2308.41511 - Advanced Micro Devices, Inc.) Hidden
CCC Help Swedish (x32 Version: 2012.0121.2308.41511 - Advanced Micro Devices, Inc.) Hidden
CCC Help Thai (x32 Version: 2012.0121.2308.41511 - Advanced Micro Devices, Inc.) Hidden
CCC Help Turkish (x32 Version: 2012.0121.2308.41511 - Advanced Micro Devices, Inc.) Hidden
ccc-utility64 (Version: 2012.0121.2309.41511 - Advanced Micro Devices, Inc.) Hidden
CCleaner (Version: 4.01 - Piriform)
CDBurnerXP (x32 Version: 4.5.0.3717 - CDBurnerXP)
Cisco Systems VPN Client 5.0.07.0440 (Version: 5.0.7 - Cisco Systems, Inc.)
cv act sc/interface - Admin Edition (64-Bit) (Version: 5.1.0 - cv cryptovision GmbH)
DAEMON Tools Lite (x32 Version: 4.41.3.0173 - DT Soft Ltd)
DivX-Setup (x32 Version: 2.6.1.8 - DivX, LLC)
Drive Encryption for HP ProtectTools (Version: 5.0.6.0 - Hewlett-Packard) Hidden
Drive Encryption for HP ProtectTools (x32 Version: 5.0.6.0 - Hewlett-Packard)
Dropbox (HKCU Version: 2.4.11 - Dropbox, Inc.)
Energy Star Digital Logo (x32 Version: 1.0.1 - Hewlett-Packard)
Firebird SQL Server - MAGIX Edition (x32 Version: 2.1.31.0 - MAGIX AG)
foobar2000 v1.1.7 (x32 Version: 1.1.7 - Peter Pawlowski)
Free Countdown Timer 2.3.0 (x32 Version: 2.3 - Comfort Software Group)
Free iPod Video Converter 1.34 (x32 Version:  - Jodix Technologies Ltd.)
GIMP 2.8.10 (Version: 2.8.10 - The GIMP Team)
Google Earth Plug-in (x32 Version: 7.1.2.2041 - Google)
Google Update Helper (x32 Version: 1.3.22.3 - Google Inc.) Hidden
GPL Ghostscript (Version: 9.06 - Artifex Software Inc.)
Hewlett-Packard ACLM.NET v1.2.1.1 (x32 Version: 1.00.0000 - Hewlett-Packard Company) Hidden
HP 3D DriveGuard (Version: 4.1.10.1 - Hewlett-Packard Company)
HP Business Card Reader (x32 Version: 0.6.3.0 - Hewlett-Packard)
HP Customer Experience Enhancements (x32 Version: 6.0.1.7 - Hewlett-Packard) Hidden
HP Documentation (x32 Version: 1.1.0.0 - Hewlett-Packard)
HP ESU for Microsoft Windows 7 (x32 Version: 2.0.1.1 - Hewlett-Packard Company)
HP Integrated Module with Bluetooth wireless technology (Version: 6.2.1.500 - Broadcom Corporation)
HP Power Assistant (Version: 2.0.6.0 - Hewlett-Packard Company)
HP Power Data (Version: 1.0.35.187 - Hewlett-Packard Company)
HP ProtectTools Security Manager (Version: 5.13.766 - Hewlett-Packard Company)
HP ProtectTools Security Manager (Version: 5.13.766 - Hewlett-Packard Company) Hidden
HP Quick Launch Buttons (x32 Version: 6.50.17.1 - Hewlett-Packard Company)
HP QuickLook (Version: 3.3.1.4 - Hewlett-Packard Company)
HP QuickWeb (x32 Version: 1.0.1.48 - DeviceVM, Inc.)
HP QuickWeb (x32 Version: 1.0.1.74 - DeviceVM, Inc.)
HP Setup (x32 Version: 1.2.3557.3169 - Hewlett-Packard)
HP SoftPaq Download Manager (x32 Version: 3.4.4.0 - Hewlett-Packard Company)
HP Software Framework (x32 Version: 4.5.12.1 - Hewlett-Packard Company)
HP Software Setup (x32 Version: 7.0.1.5 - Hewlett-Packard Company)
HP Support Assistant (x32 Version: 7.0.39.15 - Hewlett-Packard Company)
HP System Default Settings (x32 Version: 2.3.1.2 - Hewlett-Packard Company)
HP Wallpaper (x32 Version: 1.0.1.3 - Hewlett-Packard Company)
HP Web Camera (Version: 1.0.0 - Hewlett-Packard) Hidden
HP Webcam (x32 Version: 1.0.26.3 - Roxio)
HP Webcam Driver (x32 Version: 5.8.50009.6 - Sonix)
HP Wireless Assistant (Version: 4.0.10.0 - Hewlett-Packard)
HWiNFO32 Version 4.08 (x32 Version: 4.08 - Martin Malík - REALiX)
HyperCam 2 (x32 Version: 2.27.00 - Hyperionics Technology LLC)
ICQ 5.1 (x32 Version:  - )
ICQ Update Patch 1.9 (x32 Version:  - murb.com)
IDT Audio (x32 Version: 1.0.6300.0 - IDT)
inSSIDer 2.0 (Version: 2.0.7 - MetaGeek)
Intel(R) Management Engine Components (x32 Version: 6.0.0.1179 - Intel Corporation)
Intel(R) Network Connections Drivers (Version: 16.3 - Intel)
Intel(R) PROSet/Wireless for Bluetooth(R) + High Speed (Version: 15.2.0.0284 - Intel Corporation)
Intel(R) Turbo Boost Technology Driver (x32 Version: 01.00.01.1002 - Intel Corporation)
Intel® Matrix Storage Manager (Version:  - Intel Corporation)
IrfanView (remove only) (x32 Version: 4.30 - Irfan Skiljan)
Java 7 Update 21 (64-bit) (Version: 7.0.210 - Oracle)
Java 7 Update 51 (x32 Version: 7.0.510 - Oracle)
Java Auto Updater (x32 Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden
LSI HDA Modem (Version: 2.2.97 - LSI Corporation)
MAGIX Fotos auf DVD MX Deluxe Download-Version (x32 Version: 11.0.0.61 - MAGIX AG)
MAGIX Fotos auf DVD MX Deluxe Download-Version (x32 Version: 11.0.0.61 - MAGIX AG) Hidden
MAGIX Screenshare (x32 Version: 4.3.6.1987 - MAGIX AG)
MAGIX Speed burnR (MSI) (x32 Version: 7.0.2.6 - MAGIX AG)
Malwarebytes Anti-Malware version 1.75.0.1300 (x32 Version: 1.75.0.1300 - Malwarebytes Corporation)
Messer v0.992 (x32 Version:  - )
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Extended (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Extended (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft Age of Empires II (x32 Version:  - )
Microsoft Age of Empires II: The Conquerors Expansion (x32 Version:  - )
Microsoft Office 2003 Web Components (x32 Version: 12.0.4518.1014 - Microsoft Corporation)
Microsoft Office 2010 (x32 Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Access MUI (German) 2010 (x32 Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (German) 2010 (x32 Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
Microsoft Office Groove MUI (German) 2010 (x32 Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
Microsoft Office InfoPath MUI (German) 2010 (x32 Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
Microsoft Office Office 64-bit Components 2010 (Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (German) 2010 (x32 Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
Microsoft Office Outlook MUI (German) 2010 (x32 Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (German) 2010 (x32 Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
Microsoft Office Professional Plus 2010 (x32 Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (x32 Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2010 (x32 Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2010 (x32 Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (German) 2010 (x32 Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Italian) 2010 (x32 Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (German) 2010 (x32 Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
Microsoft Office Publisher MUI (German) 2010 (x32 Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit MUI (German) 2010 (Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (German) 2010 (x32 Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (German) 2010 (x32 Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
Microsoft Silverlight (x32 Version: 4.0.60831.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable - KB2467175 (x32 Version: 8.0.51011 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (x32 Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319 (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (x32 Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio 2005 Tools for Applications - ENU (x32 Version:  - Microsoft Corporation)
Microsoft Visual Studio 2005 Tools for Applications - ENU (x32 Version: 8.0.50727.146 - Microsoft Corporation) Hidden
MiKTeX 2.9 (Version: 2.9 - MiKTeX.org)
Mozilla Firefox 26.0 (x86 de) (x32 Version: 26.0 - Mozilla)
Mozilla Maintenance Service (x32 Version: 26.0 - Mozilla)
Mozilla Thunderbird 24.2.0 (x86 de) (x32 Version: 24.2.0 - Mozilla)
Mp3tag v2.49 (x32 Version: v2.49 - Florian Heidenreich)
MSXML 4.0 SP3 Parser (KB2721691) (x32 Version: 4.30.2114.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (x32 Version: 4.30.2117.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB973685) (x32 Version: 4.30.2107.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (x32 Version: 4.30.2100.0 - Microsoft Corporation)
NEC Electronics USB 3.0 Host Controller Driver (x32 Version: 1.0.18.0 - NEC Electronics Corporation)
NEC Electronics USB 3.0 Host Controller Driver (x32 Version: 1.0.18.0 - NEC Electronics Corporation) Hidden
Nur Deinstallierung der CopyTrans Suite möglich. (HKCU Version: 2.27 - WindSolutions)
PC Streams 1.6 (x32 Version:  - )
PC Streams 2.0 (x32 Version:  - )
PCStreams (x32 Version: 3.0.0 - Team PCStreams)
PDF24 Creator 5.2.0 (x32 Version:  - PDF24.org)
PDFCreator (x32 Version: 1.6.2 - pdfforge)
PDF-XChange Viewer (Version: 2.5.197.0 - Tracker Software Products Ltd.)
Pre-Boot Security for HP ProtectTools (Version: 5.0.7.1 - Hewlett-Packard) Hidden
ProductView Express 9.1 (Version: 9.1.62.17 - PTC)
QLBCASL (x32 Version: 6.40.17.2 - Hewlett-Packard) Hidden
Rainlendar2 (remove only) (x32 Version:  - )
Renamer 1.1 (x32 Version:  - Mediachance.com)
Revo Uninstaller Pro 3.0.7 (Version: 3.0.7 - VS Revo Group, Ltd.)
RICOH Media Driver (x32 Version: 2.13.00.05 - RICOH)
Roshaz 21st. November 2011 (x32 Version:  - Roshaz Software Limited)
ScreenSteps 2.9 (x32 Version: 2.9 - Blue Mango Learning Systems)
SDK (x32 Version: 2.26.012 - Portrait Displays, Inc.) Hidden
Shockwave (x32 Version:  - )
Skype™ 6.11 (x32 Version: 6.11.102 - Skype Technologies S.A.)
SolidWorks 2010 SP0 (x32 Version: 18.0.0.5035 - SolidWorks Corporation)
SolidWorks 2010 SP0 (x32 Version: 18.100.5035 - SolidWorks) Hidden
SolidWorks Explorer 2010 SP0 (x32 Version: 18.00.5035 - SolidWorks Corporation) Hidden
SopCast 3.4.8 (x32 Version: 3.4.8 - www.sopcast.com)
Spybot - Search & Destroy (x32 Version: 1.6.2 - Safer Networking Limited)
streamWriter (x32 Version:  - )
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Synaptics Pointing Device Driver (Version: 15.0.24.0 - Synaptics Incorporated)
Teachmaster 4.3 (remove only) (x32 Version:  - )
TeXstudio 2.6.2 (x32 Version: 2.6.2 - Benito van der Zander)
Theft Recovery (x32 Version: 5.1.0.21 - Hewlett-Packard)
Theft Recovery (x32 Version: 5.1.0.21 - Hewlett-Packard) Hidden
Total Commander (Remove or Repair) (x32 Version: 7.56a - Ghisler Software GmbH)
TreeSize Free V2.5 (x32 Version: 2.5 - JAM Software)
TrekStor i.Beat organix (x32 Version:  - )
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (x32 Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2473228) (x32 Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (x32 Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (x32 Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939) (x32 Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939v3) (x32 Version: 3 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Extended (KB2468871) (x32 Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Extended (KB2533523) (x32 Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Extended (KB2600217) (x32 Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Extended (KB2836939) (x32 Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Extended (KB2836939v3) (x32 Version: 3 - Microsoft Corporation)
Validity Fingerprint Driver (Version: 4.0.15.0 - Validity Sensors, Inc.)
VC80CRTRedist - 8.0.50727.6195 (x32 Version: 1.2.0 - DivX, Inc) Hidden
VLC media player 1.1.11 (x32 Version: 1.1.11 - VideoLAN)
Windows Driver Package - Broadcom Bluetooth  (06/15/2009 6.2.0.9000) (Version: 06/15/2009 6.2.0.9000 - Broadcom)
Windows Driver Package - Broadcom Bluetooth  (07/30/2009 6.2.0.9405) (Version: 07/30/2009 6.2.0.9405 - Broadcom)
Windows Driver Package - Broadcom HIDClass  (07/28/2009 6.2.0.9800) (Version: 07/28/2009 6.2.0.9800 - Broadcom)
Windows Live ID Sign-in Assistant (Version: 6.500.3165.0 - Microsoft Corporation)
WinRAR 4.01 (64-Bit) (Version: 4.01.0 - win.rar GmbH)

==================== Restore Points  =========================

24-12-2013 12:38:06 Windows Update
28-12-2013 03:21:05 Windows Update
31-12-2013 16:46:18 Windows Update
07-01-2014 06:44:30 Windows Update
10-01-2014 07:56:59 Windows Update
14-01-2014 07:47:29 Windows Update
16-01-2014 06:39:50 Windows Update
21-01-2014 07:52:44 Windows Update
22-01-2014 06:16:37 Installed Java 7 Update 51

==================== Hosts content: ==========================

2009-07-14 03:34 - 2013-08-29 08:35 - 00000027 ____N C:\windows\system32\Drivers\etc\hosts
127.0.0.1       localhost

==================== Scheduled Tasks (whitelisted) =============

Task: {05986C33-ACB0-42F3-AE2E-99717A2E9A17} - System32\Tasks\{832ACE73-B00A-4B4A-8B9F-003CF666D574} => Firefox.exe hxxp://ui.skype.com/ui/0/5.5.0.124/de/go/help.faq.installer?LastError=1603
Task: {1E01D329-BC8C-4EEB-B00B-0F4D45F4C3C1} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Update Check => C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater\HPSFUpdater.exe
Task: {22660901-EF24-4CC0-A34A-C2532B072100} - System32\Tasks\{DC818F32-3CB7-4FAA-87C6-0C1BB41E432F} => Firefox.exe hxxp://ui.skype.com/ui/0/5.5.0.124/de/go/help.faq.installer?LastError=1603
Task: {37E20F5C-7D56-42B3-8F7D-76836E374371} - System32\Tasks\AutoKMS => C:\windows\AutoKMS.exe
Task: {5B6522FE-46E0-4D6F-84A6-619438A9846D} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2013-04-23] (Piriform Ltd)
Task: {6ABDC795-506B-427F-BC45-1C33E919F2E0} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2012-09-27] (Hewlett-Packard Company)
Task: {719356D9-7790-4CED-8742-14533E99DB34} - System32\Tasks\HPCeeScheduleForJohn => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-13] (Hewlett-Packard)
Task: {751BBD2E-7B4E-43AC-98AC-D71D8E0BB20C} - System32\Tasks\Adobe Flash Player Updater => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-01-18] (Adobe Systems Incorporated)
Task: {B536C886-749D-470F-87A9-A013B0C903BC} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-03-14] (Google Inc.)
Task: {BAFD4D0A-C11B-4A9B-8CB7-D098508CA292} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-03-14] (Google Inc.)
Task: {CC6F8164-AFDA-4838-8179-4BB600DCBF6C} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2012-09-27] (Hewlett-Packard Company)
Task: C:\windows\Tasks\Adobe Flash Player Updater.job => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\windows\Tasks\AutoKMS.job => C:\windows\AutoKMS.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\HPCeeScheduleForJohn.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe

==================== Loaded Modules (whitelisted) =============

2010-01-30 01:40 - 2010-01-30 01:40 - 04254560 _____ () C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF
2011-09-04 18:35 - 2011-05-28 21:05 - 00164864 _____ () C:\Program Files\WinRAR\rarext.dll
2012-01-21 22:07 - 2012-01-21 22:07 - 00369152 _____ () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll
2011-12-26 11:55 - 2011-12-26 11:55 - 00098304 _____ () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Branding\Branding.dll
2011-12-26 11:55 - 2011-12-26 11:55 - 00024576 _____ () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Branding\BrandingResources.dll
2011-09-12 17:02 - 2011-09-12 17:02 - 01083392 _____ () C:\Program Files\Hewlett-Packard\HP Power Assistant\System.Data.SQLite.dll
2012-11-15 08:28 - 2012-09-19 19:17 - 00397088 _____ () C:\Program Files (x86)\Avira\AntiVir Desktop\sqlite3.dll
2011-03-04 11:49 - 2011-03-04 11:49 - 00202752 _____ () C:\Program Files (x86)\Cisco Systems\VPN Client\vpnapi.dll
2012-07-24 09:05 - 2012-07-24 09:05 - 00140800 _____ () C:\Program Files (x86)\Rainlendar2\lua52.dll
2012-07-24 09:05 - 2012-07-24 09:05 - 00198144 _____ () C:\Program Files (x86)\Rainlendar2\plugins\iCalendarPlugin.dll
2012-07-24 09:05 - 2012-07-24 09:05 - 00012800 _____ () C:\Program Files (x86)\Rainlendar2\lfs.dll
2013-12-10 21:59 - 2013-12-10 21:59 - 03017840 _____ () C:\Program Files (x86)\Mozilla Thunderbird\mozjs.dll
2013-12-10 21:59 - 2013-12-10 21:59 - 00158832 _____ () C:\Program Files (x86)\Mozilla Thunderbird\NSLDAP32V60.dll
2013-12-10 21:59 - 2013-12-10 21:59 - 00023152 _____ () C:\Program Files (x86)\Mozilla Thunderbird\NSLDAPPR32V60.dll
2012-11-22 08:13 - 2012-11-21 06:26 - 00008704 _____ () C:\Users\John\AppData\Roaming\Thunderbird\Profiles\n1otpkol.default\extensions\mintrayr@tn123.ath.cx\lib\tray_x86-msvc.dll
2010-01-30 01:41 - 2010-01-30 01:41 - 04254560 _____ () C:\Program Files (x86)\Common Files\Microsoft Shared\office14\Cultures\office.odf
2013-12-20 23:53 - 2013-12-20 23:53 - 03559024 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll

==================== Alternate Data Streams (whitelisted) =========


==================== Safe Mode (whitelisted) ===================

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver"

==================== Faulty Device Manager Devices =============

Name: Cisco Systems VPN Adapter for 64-bit Windows
Description: Cisco Systems VPN Adapter for 64-bit Windows
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Cisco Systems
Service: CVirtA
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


==================== Event log errors: =========================

Application errors:
==================
Error: (01/16/2014 00:00:44 AM) (Source: Microsoft-Windows-Defrag) (User: )
Description: The volume Daten (D:) was not defragmented because an error was encountered: An attempt was made to load a program with an incorrect format. (0x8007000B)

Error: (01/14/2014 03:57:25 PM) (Source: Application Error) (User: )
Description: Faulting application name: Dropbox.exe, version: 2.4.11.0, time stamp: 0x527d91e4
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x1e156323
Faulting process id: 0x18d8
Faulting application start time: 0xDropbox.exe0
Faulting application path: Dropbox.exe1
Faulting module path: Dropbox.exe2
Report Id: Dropbox.exe3

Error: (01/13/2014 08:04:13 AM) (Source: SDWinSec.exe) (User: )
Description: The service process could not connect to the service controller

Error: (01/07/2014 05:31:22 PM) (Source: Application Error) (User: )
Description: Faulting application name: EXCEL.EXE, version: 14.0.4756.1000, time stamp: 0x4b9c08e8
Faulting module name: EXCEL.EXE, version: 14.0.4756.1000, time stamp: 0x4b9c08e8
Exception code: 0xc0000005
Fault offset: 0x0002f7e6
Faulting process id: 0x20c0
Faulting application start time: 0xEXCEL.EXE0
Faulting application path: EXCEL.EXE1
Faulting module path: EXCEL.EXE2
Report Id: EXCEL.EXE3

Error: (01/05/2014 09:18:25 PM) (Source: Application Error) (User: )
Description: Faulting application name: age2_x1.Exe, version: 0.7.26.809, time stamp: 0x3b7433ec
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x11f07095
Faulting process id: 0x14e8
Faulting application start time: 0xage2_x1.Exe0
Faulting application path: age2_x1.Exe1
Faulting module path: age2_x1.Exe2
Report Id: age2_x1.Exe3

Error: (12/19/2013 11:57:01 AM) (Source: Validity USDK) (User: )
Description: Flash read failed: Address:0x00050E00 Result:0x00000013.

Error: (12/12/2013 06:10:04 PM) (Source: Application Error) (User: )
Description: Faulting application name: firefox.exe, version: 25.0.1.5064, time stamp: 0x5282f204
Faulting module name: xul.dll, version: 25.0.1.5064, time stamp: 0x5282f10e
Exception code: 0xc0000005
Fault offset: 0x00118f87
Faulting process id: 0x152c
Faulting application start time: 0xfirefox.exe0
Faulting application path: firefox.exe1
Faulting module path: firefox.exe2
Report Id: firefox.exe3

Error: (12/09/2013 03:53:19 PM) (Source: Application Error) (User: )
Description: Faulting application name: age2_x1.Exe, version: 0.7.26.809, time stamp: 0x3b7433ec
Faulting module name: age2_x1.Exe, version: 0.7.26.809, time stamp: 0x3b7433ec
Exception code: 0xc0000005
Fault offset: 0x000d1077
Faulting process id: 0x14f4
Faulting application start time: 0xage2_x1.Exe0
Faulting application path: age2_x1.Exe1
Faulting module path: age2_x1.Exe2
Report Id: age2_x1.Exe3

Error: (12/07/2013 05:04:27 PM) (Source: Application Error) (User: )
Description: Faulting application name: voobly.exe, version: 0.1.1.1262, time stamp: 0x5276d682
Faulting module name: QtCore4.dll, version: 4.5.2.0, time stamp: 0x4a7d1a3d
Exception code: 0xc0000005
Fault offset: 0x000c9f05
Faulting process id: 0x1818
Faulting application start time: 0xvoobly.exe0
Faulting application path: voobly.exe1
Faulting module path: voobly.exe2
Report Id: voobly.exe3

Error: (12/02/2013 07:36:24 PM) (Source: Application Error) (User: )
Description: Faulting application name: age2_x1.Exe, version: 0.7.26.809, time stamp: 0x3b7433ec
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x0ffd1638
Faulting process id: 0x141c
Faulting application start time: 0xage2_x1.Exe0
Faulting application path: age2_x1.Exe1
Faulting module path: age2_x1.Exe2
Report Id: age2_x1.Exe3


System errors:
=============
Error: (01/22/2014 00:19:33 PM) (Source: Service Control Manager) (User: )
Description: The rixdpcie service failed to start due to the following error: 
%%1058

Error: (01/22/2014 00:19:33 PM) (Source: Service Control Manager) (User: )
Description: The risdpcie service failed to start due to the following error: 
%%1058

Error: (01/22/2014 00:19:33 PM) (Source: Service Control Manager) (User: )
Description: The rimspci service failed to start due to the following error: 
%%1058

Error: (01/22/2014 00:02:47 PM) (Source: Service Control Manager) (User: )
Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: 
%%1068

Error: (01/22/2014 00:02:47 PM) (Source: Service Control Manager) (User: )
Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: 
%%1068

Error: (01/22/2014 00:02:47 PM) (Source: Service Control Manager) (User: )
Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: 
%%1068

Error: (01/22/2014 00:02:47 PM) (Source: Service Control Manager) (User: )
Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: 
%%1068

Error: (01/22/2014 00:02:47 PM) (Source: Service Control Manager) (User: )
Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: 
%%1068

Error: (01/22/2014 00:02:47 PM) (Source: Service Control Manager) (User: )
Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: 
%%1068

Error: (01/22/2014 00:02:46 PM) (Source: Service Control Manager) (User: )
Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: 
%%1068


Microsoft Office Sessions:
=========================
Error: (01/16/2014 00:00:44 AM) (Source: Microsoft-Windows-Defrag)(User: )
Description: Daten (D:)An attempt was made to load a program with an incorrect format. (0x8007000B)

Error: (01/14/2014 03:57:25 PM) (Source: Application Error)(User: )
Description: Dropbox.exe2.4.11.0527d91e4unknown0.0.0.000000000c00000051e15632318d801cf112bed7715efC:\Users\John\AppData\Roaming\Dropbox\bin\Dropbox.exeunknown2d9b861e-7d2c-11e3-9e28-b499bae2433f

Error: (01/13/2014 08:04:13 AM) (Source: SDWinSec.exe)(User: )
Description: The service process could not connect to the service controller

Error: (01/07/2014 05:31:22 PM) (Source: Application Error)(User: )
Description: EXCEL.EXE14.0.4756.10004b9c08e8EXCEL.EXE14.0.4756.10004b9c08e8c00000050002f7e620c001cf0bc5d0ce71daC:\PROGRA~2\MICROS~1\Office14\EXCEL.EXEC:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE24402d1a-77b9-11e3-91b9-b499bae2433f

Error: (01/05/2014 09:18:25 PM) (Source: Application Error)(User: )
Description: age2_x1.Exe0.7.26.8093b7433ecunknown0.0.0.000000000c000000511f0709514e801cf0a4a70e663c0C:\Program Files (x86)\Microsoft Games\Age of Empires II\Age2_X1\age2_x1.Exeunknown875418e8-7646-11e3-b653-b499bae2433f

Error: (12/19/2013 11:57:01 AM) (Source: Validity USDK)(User: )
Description: Address:0x00050E00 Result:0x00000013

Error: (12/12/2013 06:10:04 PM) (Source: Application Error)(User: )
Description: firefox.exe25.0.1.50645282f204xul.dll25.0.1.50645282f10ec000000500118f87152c01cef70d49e47cb2C:\Program Files (x86)\Mozilla Firefox\firefox.exeC:\Program Files (x86)\Mozilla Firefox\xul.dll3d7e0052-6350-11e3-a3b7-b499bae2433f

Error: (12/09/2013 03:53:19 PM) (Source: Application Error)(User: )
Description: age2_x1.Exe0.7.26.8093b7433ecage2_x1.Exe0.7.26.8093b7433ecc0000005000d107714f401cef4ede8b87afeC:\Program Files (x86)\Microsoft Games\Age of Empires II\Age2_X1\age2_x1.ExeC:\Program Files (x86)\Microsoft Games\Age of Empires II\Age2_X1\age2_x1.Exea40e1d42-60e1-11e3-a01b-b499bae2433f

Error: (12/07/2013 05:04:27 PM) (Source: Application Error)(User: )
Description: voobly.exe0.1.1.12625276d682QtCore4.dll4.5.2.04a7d1a3dc0000005000c9f05181801cef33ec7362eb5C:\Program Files (x86)\Voobly\voobly.exeC:\Program Files (x86)\Voobly\QtCore4.dll3f26fb2a-5f59-11e3-b6a5-b499bae2433f

Error: (12/02/2013 07:36:24 PM) (Source: Application Error)(User: )
Description: age2_x1.Exe0.7.26.8093b7433ecunknown0.0.0.000000000c00000050ffd1638141c01ceef82b4a7046cC:\Program Files (x86)\Microsoft Games\Age of Empires II\Age2_X1\age2_x1.Exeunknowna4dcce15-5b80-11e3-8c22-b499bae2433f


CodeIntegrity Errors:
===================================
  Date: 2013-08-29 09:35:21.657
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2013-08-29 09:35:21.533
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.


==================== Memory info =========================== 

Percentage of memory in use: 39%
Total physical RAM: 8047.38 MB
Available physical RAM: 4884.15 MB
Total Pagefile: 16092.94 MB
Available Pagefile: 12031.39 MB
Total Virtual: 8192 MB
Available Virtual: 8191.81 MB

==================== Drives ================================

Drive c: (Boot) (Fixed) (Total:95.25 GB) (Free:10.8 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive d: (Daten) (Fixed) (Total:185.55 GB) (Free:22.6 GB) NTFS
Drive f: (HP_TOOLS) (Fixed) (Total:1.99 GB) (Free:1.39 GB) FAT32

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 298 GB) (Disk ID: BAF111DB)
Partition 1: (Not Active) - (Size=993 KB) - (Type=42)
Partition 2: (Active) - (Size=300 MB) - (Type=42)
Partition 3: (Not Active) - (Size=95 GB) - (Type=42)
Partition 4: (Not Active) - (Size=203 GB) - (Type=42)

==================== End Of Log ============================
         

FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 22-01-2014
Ran by John (administrator) on HP85 on 22-01-2014 12:35:42
Running from C:\Users\John\Downloads
Windows 7 Professional Service Pack 1 (X64) OS Language: English(US)
Internet Explorer Version 11
Boot Mode: Normal



==================== Processes (Whitelisted) =================

(McAfee, Inc.) C:\Program Files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe
(AMD) C:\Windows\System32\atieclxx.exe
(DigitalPersona, Inc.) C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Andrea Electronics Corporation) C:\Program Files\IDT\WDM\AESTSr64.exe
(LSI Corporation) C:\Program Files\LSI SoftModem\agr64svc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(BlueStack Systems, Inc.) C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
(Cisco Systems, Inc.) C:\Program Files (x86)\Cisco Systems\VPN Client\cvpnd.exe
(Hewlett-Packard Development Company, L.P) C:\Program Files (x86)\Hewlett-Packard\2009 Password Filter for HP ProtectTools\PTChangeFilterService.exe
(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP QuickLook\32-bit\HPDayStarterService.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Portrait Displays, Inc.) C:\Program Files (x86)\Common Files\Portrait Displays\Drivers\pdisrvc.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(BlueStack Systems, Inc.) C:\Program Files (x86)\BlueStacks\HD-Service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe
(Safer Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
(BlueStack Systems) C:\Program Files (x86)\BlueStacks\HD-Network.exe
(BlueStack Systems) C:\Program Files (x86)\BlueStacks\HD-BlockDevice.exe
(BlueStack Systems) C:\Program Files (x86)\BlueStacks\HD-SharedFolder.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
(McAfee, Inc.) C:\Program Files\Hewlett-Packard\Drive Encryption\SbHpAuthenticatorService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
() C:\Program Files (x86)\Rainlendar2\Rainlendar2.exe
() C:\Users\John\AppData\Local\Program Files\Amazon\MP3 Downloader\AmazonMP3DownloaderHelper.exe
(DT Soft Ltd) C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe
(Sigmatel) C:\Windows\system\w98eject.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe
( Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
(NEC Electronics Corporation) C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
( Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\VolCtrl.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Intel Corporation) C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe
(Intel(R) Corporation) C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe
(MAGIX AG) C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe
(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Power Assistant\HPPA_Service.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe
(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Microsoft Corporation) C:\Windows\System32\prevhost.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE
(Microsoft Corporation) C:\Windows\System32\prevhost.exe
(Microsoft Corporation) C:\Windows\splwow64.exe
(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Power Assistant\HPPA_Main.exe
(Portrait Displays, Inc) C:\Program Files (x86)\Common Files\Portrait Displays\Drivers\SDKCOMServer.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Ghisler Software GmbH) C:\Program Files (x86)\totalcmd\TOTALCMD.EXE


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [IAAnotif] - C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe [186904 2010-04-05] (Intel Corporation)
HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2174760 2012-01-21] (Synaptics Incorporated)
HKLM\...\Run: [HPPowerAssistant] - C:\Program Files\Hewlett-Packard\HP Power Assistant\HPPA_Main.exe [2945080 2011-09-12] (Hewlett-Packard Company)
HKLM\...\Run: [SysTrayApp] - C:\Program Files\IDT\WDM\sttray64.exe [489472 2012-01-21] (IDT, Inc.)
HKLM\...\Run: [AutoKMS] - C:\windows\AutoKMS.exe
HKLM\...\Run: [SunJavaUpdateSched] - "C:\Program Files\Java\jre7\bin\jusched.exe"
HKLM-x32\...\Run: [QlbCtrl.exe] - C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe [287800 2010-02-25] ( Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [NUSB3MON] - c:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe [106496 2009-11-21] (NEC Electronics Corporation)
HKLM-x32\...\Run: [StartCCC] - C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [343168 2012-01-22] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [avgnt] - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [684600 2013-12-19] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM\...\RunOnce: [NCPluginUpdater] - "C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe" Update [21720 2014-01-14] (Hewlett-Packard)
Winlogon\Notify\ScCertProp: wlnotify.dll [X]
HKCU\...\Run: [SpybotSD TeaTimer] - C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe [2260480 2009-03-05] (Safer-Networking Ltd.)
HKCU\...\Run: [Rainlendar2] - C:\Program Files (x86)\Rainlendar2\Rainlendar2.exe [2498048 2012-07-24] ()
HKCU\...\Run: [AmazonMP3DownloaderHelper] - C:\Users\John\AppData\Local\Program Files\Amazon\MP3 Downloader\AmazonMP3DownloaderHelper.exe [400704 2013-05-22] ()
HKCU\...\Run: [DAEMON Tools Lite] - C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [4910912 2011-08-02] (DT Soft Ltd)
Lsa: [Notification Packages] DPPassFilter scecli
Startup: C:\Users\John\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\thunderbird.lnk
ShortcutTarget: thunderbird.lnk -> C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe (Mozilla Corporation)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.bing.com
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
BHO: HP ProtectTools Security Manager Extension - {395610AE-C624-4f58-B89E-23733EA00F9A} - C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpOtsPluginIe8.dll (DigitalPersona, Inc.)
BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO: HP Network Check Helper - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll (Hewlett-Packard)
BHO-x32: DivX Plus Web Player HTML5 <video> - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
BHO-x32: HP ProtectTools Security Manager Extension - {395610AE-C624-4f58-B89E-23733EA00F9A} - C:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpOtsPluginIe8.dll (DigitalPersona, Inc.)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: HP Network Check Helper - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1

FireFox:
========
FF ProfilePath: C:\Users\John\AppData\Roaming\Mozilla\Firefox\Profiles\rd9h1q3r.default-1355241694188
FF DefaultSearchEngine: Ecosia
FF SelectedSearchEngine: Ecosia
FF Homepage: ecosia.org
FF Plugin: @adobe.com/FlashPlayer - C:\windows\system32\Macromed\Flash\NPSWF64_12_0_0_43.dll ()
FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 - C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin: @java.com/DTPlugin,version=10.21.2 - C:\windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.21.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin: @tracker-software.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf - C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products Ltd.)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_43.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer - C:\windows\SysWOW64\Adobe\Director\np32dsw_1203133.dll (Adobe Systems, Inc.)
FF Plugin-x32: @divx.com/DivX Browser Plugin,version=1.0.0 - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF Plugin-x32: @divx.com/DivX VOD Helper,version=1.0.0 - C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @java.com/DTPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @ptc.com/ProductViewLite - C:\Program Files (x86)\Common Files\PTC\np6_pvapplite9.dll (PTC)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tracker-software.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf - C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll (Tracker Software Products Ltd.)
FF Plugin HKCU: amazon.com/AmazonMP3DownloaderPlugin - C:\Users\John\AppData\Local\Program Files\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin10181.dll (Amazon.com, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npPDFXCviewNPPlugin.dll (Tracker Software Products Ltd.)
FF SearchPlugin: C:\Users\John\AppData\Roaming\Mozilla\Firefox\Profiles\rd9h1q3r.default-1355241694188\searchplugins\ecosia.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: FastestFox - C:\Users\John\AppData\Roaming\Mozilla\Firefox\Profiles\rd9h1q3r.default-1355241694188\Extensions\smarterwiki@wikiatic.com.xpi [2012-12-12]
FF Extension: Adblock Plus - C:\Users\John\AppData\Roaming\Mozilla\Firefox\Profiles\rd9h1q3r.default-1355241694188\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2012-12-11]
FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} [2013-12-20]
FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} [2013-12-20]
FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0038-ABCDEFFEDCBA} [2013-12-20]
FF HKLM-x32\...\Firefox\Extensions: [{23fcfd51-4958-4f00-80a3-ae97e717ed8b}] - C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5
FF Extension: DivX Plus Web Player HTML5 &lt;video&gt; - C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012-05-02]
FF HKLM-x32\...\Firefox\Extensions: [otis@digitalpersona.com] - C:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\FirefoxExt\
FF Extension: DigitalPersona Extension - C:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\FirefoxExt\ []

==================== Services (Whitelisted) =================

R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [440376 2013-12-19] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [440376 2013-11-19] (Avira Operations GmbH & Co. KG)
R2 BstHdAndroidSvc; C:\Program Files (x86)\BlueStacks\HD-Service.exe [393032 2013-05-13] (BlueStack Systems, Inc.)
R2 BstHdLogRotatorSvc; C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe [384840 2013-05-13] (BlueStack Systems, Inc.)
S3 CoordinatorServiceHost; C:\Program Files (x86)\SolidWorks Corp\SolidWorks\swScheduler\DTSCoordinatorService.exe [87336 2009-10-15] (Dassault Systèmes SolidWorks Corp.)
R3 DEBridge; C:\Program Files\Hewlett-Packard\Drive Encryption\SbHpAuthenticatorService.exe [704512 2010-02-01] (McAfee, Inc.)
R2 DpHost; C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe [462160 2010-07-16] (DigitalPersona, Inc.)
R2 HP ProtectTools Service; C:\Program Files (x86)\Hewlett-Packard\2009 Password Filter for HP ProtectTools\PTChangeFilterService.exe [32768 2010-10-19] (Hewlett-Packard Development Company, L.P)
R2 HpFkCryptService; C:\Program Files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe [281192 2010-02-01] (McAfee, Inc.)
R2 SBSDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [1153368 2009-01-26] (Safer Networking Ltd.)

==================== Drivers (Whitelisted) ====================

R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [108440 2013-12-19] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [131576 2013-12-19] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-11-19] (Avira Operations GmbH & Co. KG)
R2 BstHdDrv; C:\Program Files (x86)\BlueStacks\HD-Hypervisor-amd64.sys [70984 2013-05-13] (BlueStack Systems)
R3 CVPNDRVA; C:\windows\system32\Drivers\CVPNDRVA.sys [306536 2011-03-04] ()
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [270912 2011-09-04] (DT Soft Ltd)
R1 HWiNFO32; C:\windows\SysWOW64\drivers\HWiNFO64A.SYS [29672 2013-02-02] (REALiX(tm))
R3 rismcx64; C:\Windows\System32\DRIVERS\rismcx64.sys [59008 2009-07-20] (RICOH Company, Ltd.)
R1 RsvLock; C:\Windows\System32\Drivers\RsvLock.sys [58184 2010-02-01] (McAfee, Inc.)
R1 RsvLock; C:\Windows\SysWow64\Drivers\RsvLock.sys [40088 2010-02-01] (McAfee, Inc.)
R0 SafeBoot; C:\Windows\System32\Drivers\SafeBoot.sys [56648 2010-02-01] ()
R0 SafeBoot; C:\Windows\SysWow64\Drivers\SafeBoot.sys [110520 2010-02-01] (McAfee, Inc.)
R0 SbAlg; C:\Windows\System32\Drivers\SbAlg.sys [60160 2009-06-04] (McAfee, Inc.)
R0 SbAlg; C:\Windows\SysWow64\Drivers\SbAlg.sys [51800 2010-02-01] (McAfee, Inc.)
R0 SbFsLock; C:\Windows\System32\Drivers\SbFsLock.sys [15688 2010-02-01] (McAfee, Inc.)
R0 SbFsLock; C:\Windows\SysWow64\Drivers\SbFsLock.sys [13256 2010-02-01] (McAfee, Inc.)
R3 SNP2UVC; C:\Windows\System32\DRIVERS\snp2uvc.sys [1803904 2010-06-03] ()
S3 catchme; \??\C:\ComboFix\catchme.sys [x]
U4 eabfiltr; 
S3 esgiguard; \??\C:\Program Files (x86)\Enigma Software Group\SpyHunter\esgiguard.sys [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-01-22 12:35 - 2014-01-22 12:36 - 00020173 _____ C:\Users\John\Downloads\FRST.txt
2014-01-22 12:35 - 2014-01-22 12:35 - 00000000 ____D C:\FRST
2014-01-22 12:34 - 2014-01-22 12:35 - 02077184 _____ (Farbar) C:\Users\John\Downloads\FRST64.exe
2014-01-22 07:17 - 2014-01-22 07:17 - 00005175 _____ C:\windows\SysWOW64\jupdate-1.7.0_51-b13.log
2014-01-22 07:17 - 2013-12-18 21:09 - 00096168 _____ (Oracle Corporation) C:\windows\SysWOW64\WindowsAccessBridge-32.dll
2014-01-22 07:17 - 2013-12-18 21:04 - 00264616 _____ (Oracle Corporation) C:\windows\SysWOW64\javaws.exe
2014-01-22 07:17 - 2013-12-18 21:04 - 00175016 _____ (Oracle Corporation) C:\windows\SysWOW64\javaw.exe
2014-01-22 07:17 - 2013-12-18 21:03 - 00174504 _____ (Oracle Corporation) C:\windows\SysWOW64\java.exe
2014-01-20 17:05 - 2014-01-20 17:09 - 13113344 _____ C:\Users\John\Downloads\modA_lf_14.mpg
2014-01-20 17:05 - 2014-01-20 17:09 - 13094912 _____ C:\Users\John\Downloads\modA_lf_09.mpg
2014-01-20 17:01 - 2014-01-20 17:03 - 11735040 _____ C:\Users\John\Downloads\modA_lf_02.mpg
2014-01-20 16:59 - 2014-01-20 17:00 - 05572608 _____ C:\Users\John\Downloads\modA_lf_05.mpg
2014-01-20 16:56 - 2014-01-20 16:57 - 08024064 _____ C:\Users\John\Downloads\modA_lf_04.mpg
2014-01-20 16:51 - 2014-01-20 16:53 - 08222720 _____ C:\Users\John\Downloads\modA_lf_03.mpg
2014-01-20 09:47 - 2014-01-20 09:47 - 00079315 _____ C:\Users\John\Downloads\usbdeview.zip
2014-01-15 11:35 - 2014-01-15 15:34 - 734003200 _____ C:\Users\John\Downloads\The_T_of_B.part07.rar
2014-01-15 08:16 - 2013-11-27 02:41 - 00343040 _____ (Microsoft Corporation) C:\windows\system32\Drivers\usbhub.sys
2014-01-15 08:16 - 2013-11-27 02:41 - 00325120 _____ (Microsoft Corporation) C:\windows\system32\Drivers\usbport.sys
2014-01-15 08:16 - 2013-11-27 02:41 - 00099840 _____ (Microsoft Corporation) C:\windows\system32\Drivers\usbccgp.sys
2014-01-15 08:16 - 2013-11-27 02:41 - 00053248 _____ (Microsoft Corporation) C:\windows\system32\Drivers\usbehci.sys
2014-01-15 08:16 - 2013-11-27 02:41 - 00030720 _____ (Microsoft Corporation) C:\windows\system32\Drivers\usbuhci.sys
2014-01-15 08:16 - 2013-11-27 02:41 - 00025600 _____ (Microsoft Corporation) C:\windows\system32\Drivers\usbohci.sys
2014-01-15 08:16 - 2013-11-27 02:41 - 00007808 _____ (Microsoft Corporation) C:\windows\system32\Drivers\usbd.sys
2014-01-15 08:16 - 2013-11-26 12:40 - 00376768 _____ (Microsoft Corporation) C:\windows\system32\Drivers\netio.sys
2014-01-15 08:16 - 2013-11-26 11:32 - 03156480 _____ (Microsoft Corporation) C:\windows\system32\win32k.sys
2014-01-14 19:50 - 2014-01-22 07:09 - 00004693 _____ C:\windows\AutoKMS.log
2014-01-14 14:59 - 2014-01-14 14:59 - 00002058 _____ C:\Users\John\AppData\Local\recently-used.xbel
2014-01-14 11:10 - 2014-01-22 12:19 - 00000198 _____ C:\windows\Tasks\AutoKMS.job
2014-01-14 11:10 - 2014-01-14 11:10 - 00002430 _____ C:\windows\System32\Tasks\AutoKMS
2014-01-14 11:10 - 2014-01-14 11:10 - 00000135 _____ C:\windows\AutoKMS.ini
2014-01-13 18:50 - 2014-01-13 18:50 - 00222974 _____ C:\Users\John\Downloads\Konstrukteur(1)
2014-01-13 18:50 - 2014-01-13 18:50 - 00222974 _____ C:\Users\John\Downloads\Konstrukteur
2013-12-29 18:57 - 2014-01-13 19:46 - 734003200 _____ C:\Users\John\Downloads\The_T_of_B.part06.rar
2013-12-29 12:33 - 2013-12-29 16:32 - 734003200 _____ C:\Users\John\Downloads\The_T_of_B.part05.rar
2013-12-28 20:02 - 2013-11-21 20:53 - 1113320284 _____ C:\Users\John\Downloads\Schnitzel für alle.avi

==================== One Month Modified Files and Folders =======

2014-01-22 12:36 - 2014-01-22 12:35 - 00020173 _____ C:\Users\John\Downloads\FRST.txt
2014-01-22 12:35 - 2014-01-22 12:35 - 00000000 ____D C:\FRST
2014-01-22 12:35 - 2014-01-22 12:34 - 02077184 _____ (Farbar) C:\Users\John\Downloads\FRST64.exe
2014-01-22 12:28 - 2009-07-14 05:45 - 00020944 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-01-22 12:28 - 2009-07-14 05:45 - 00020944 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-01-22 12:27 - 2012-03-14 09:36 - 00001106 _____ C:\windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-01-22 12:24 - 2011-03-28 13:16 - 01212876 _____ C:\windows\WindowsUpdate.log
2014-01-22 12:21 - 2012-09-26 12:39 - 00000000 ____D C:\Users\John\.rainlendar2
2014-01-22 12:21 - 2012-03-14 09:36 - 00001102 _____ C:\windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-01-22 12:19 - 2014-01-14 11:10 - 00000198 _____ C:\windows\Tasks\AutoKMS.job
2014-01-22 12:19 - 2013-05-24 05:36 - 00028702 _____ C:\windows\setupact.log
2014-01-22 12:19 - 2009-07-14 06:08 - 00000006 ____H C:\windows\Tasks\SA.DAT
2014-01-22 12:02 - 2013-08-29 11:43 - 00004024 _____ C:\windows\PFRO.log
2014-01-22 07:17 - 2014-01-22 07:17 - 00005175 _____ C:\windows\SysWOW64\jupdate-1.7.0_51-b13.log
2014-01-22 07:17 - 2013-12-10 12:16 - 00000000 ____D C:\Program Files (x86)\Java
2014-01-22 07:09 - 2014-01-14 19:50 - 00004693 _____ C:\windows\AutoKMS.log
2014-01-22 00:17 - 2011-09-05 18:34 - 00000000 ____D C:\Users\John\AppData\Roaming\foobar2000
2014-01-22 00:04 - 2012-04-03 07:42 - 00000830 _____ C:\windows\Tasks\Adobe Flash Player Updater.job
2014-01-21 19:30 - 2012-07-13 18:53 - 00000000 ____D C:\Users\John\AppData\Roaming\SolidWorks
2014-01-21 09:47 - 2013-04-05 16:42 - 00003180 _____ C:\windows\System32\Tasks\HPCeeScheduleForJohn
2014-01-21 09:47 - 2013-04-05 16:42 - 00000328 _____ C:\windows\Tasks\HPCeeScheduleForJohn.job
2014-01-20 17:09 - 2014-01-20 17:05 - 13113344 _____ C:\Users\John\Downloads\modA_lf_14.mpg
2014-01-20 17:09 - 2014-01-20 17:05 - 13094912 _____ C:\Users\John\Downloads\modA_lf_09.mpg
2014-01-20 17:03 - 2014-01-20 17:01 - 11735040 _____ C:\Users\John\Downloads\modA_lf_02.mpg
2014-01-20 17:00 - 2014-01-20 16:59 - 05572608 _____ C:\Users\John\Downloads\modA_lf_05.mpg
2014-01-20 16:57 - 2014-01-20 16:56 - 08024064 _____ C:\Users\John\Downloads\modA_lf_04.mpg
2014-01-20 16:53 - 2014-01-20 16:51 - 08222720 _____ C:\Users\John\Downloads\modA_lf_03.mpg
2014-01-20 09:47 - 2014-01-20 09:47 - 00079315 _____ C:\Users\John\Downloads\usbdeview.zip
2014-01-18 08:48 - 2011-09-15 17:54 - 00000000 ____D C:\Users\John\AppData\Local\Adobe
2014-01-18 08:47 - 2012-04-03 07:42 - 00692616 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerApp.exe
2014-01-18 08:47 - 2012-04-03 07:42 - 00003768 _____ C:\windows\System32\Tasks\Adobe Flash Player Updater
2014-01-18 08:47 - 2011-09-03 13:50 - 00071048 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-01-16 09:09 - 2011-11-17 12:59 - 00000000 _____ C:\windows\system32\HP_ActiveX_Patch_NOT_DETECTED.txt
2014-01-16 09:09 - 2011-09-20 10:38 - 00000052 _____ C:\windows\SysWOW64\DOErrors.log
2014-01-16 08:01 - 2009-07-14 05:45 - 00604288 _____ C:\windows\system32\FNTCACHE.DAT
2014-01-16 07:44 - 2013-07-15 06:03 - 00000000 ____D C:\windows\system32\MRT
2014-01-16 07:40 - 2011-09-03 13:24 - 86054176 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe
2014-01-15 15:34 - 2014-01-15 11:35 - 734003200 _____ C:\Users\John\Downloads\The_T_of_B.part07.rar
2014-01-14 15:57 - 2011-09-06 17:52 - 00000000 ___RD C:\Users\John\Dropbox
2014-01-14 15:34 - 2013-10-16 11:18 - 00000000 ____D C:\Users\John\.gimp-2.8
2014-01-14 15:34 - 2011-09-06 17:50 - 00000000 ____D C:\Users\John\AppData\Roaming\Dropbox
2014-01-14 14:59 - 2014-01-14 14:59 - 00002058 _____ C:\Users\John\AppData\Local\recently-used.xbel
2014-01-14 14:50 - 2013-10-16 11:47 - 00000000 ____D C:\Users\John\AppData\Local\gtk-2.0
2014-01-14 11:10 - 2014-01-14 11:10 - 00002430 _____ C:\windows\System32\Tasks\AutoKMS
2014-01-14 11:10 - 2014-01-14 11:10 - 00000135 _____ C:\windows\AutoKMS.ini
2014-01-13 21:08 - 2011-09-06 16:05 - 00000000 ____D C:\Users\John\AppData\Roaming\Skype
2014-01-13 19:46 - 2013-12-29 18:57 - 734003200 _____ C:\Users\John\Downloads\The_T_of_B.part06.rar
2014-01-13 18:50 - 2014-01-13 18:50 - 00222974 _____ C:\Users\John\Downloads\Konstrukteur(1)
2014-01-13 18:50 - 2014-01-13 18:50 - 00222974 _____ C:\Users\John\Downloads\Konstrukteur
2014-01-11 22:18 - 2013-05-06 16:13 - 00000000 ____D C:\Program Files (x86)\Voobly
2014-01-10 19:11 - 2011-09-06 17:50 - 00001014 _____ C:\Users\John\Desktop\Dropbox.lnk
2014-01-10 19:11 - 2011-09-06 17:50 - 00000000 ____D C:\Users\John\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2014-01-08 02:41 - 2009-07-14 06:08 - 00032620 _____ C:\windows\Tasks\SCHEDLGU.TXT
2013-12-29 16:32 - 2013-12-29 12:33 - 734003200 _____ C:\Users\John\Downloads\The_T_of_B.part05.rar
2013-12-28 19:29 - 2013-11-08 08:17 - 734003200 _____ C:\Users\John\Downloads\The_T_of_B.part04.rar

Files to move or delete:
====================
C:\Users\John\AppData\Roaming\GoodnightTimer.ini


Some content of TEMP:
====================
C:\Users\John\AppData\Local\Temp\avgnt.exe


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2014-01-19 11:39

==================== End Of Log ============================
         
--- --- ---


Danke dir!
__________________

Alt 23.01.2014, 07:41   #4
schrauber
/// the machine
/// TB-Ausbilder
 

Infizierte Email "Bayer.com" - Standard

Infizierte Email "Bayer.com"



Die PDF ansich ist sauber. Solange Du darin keinen Klick auf irgendwas gemacht hast ist alles gut. Logs sind auch sauber
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 23.01.2014, 09:36   #5
Steve12
 
Infizierte Email "Bayer.com" - Standard

Infizierte Email "Bayer.com"



Super! Danke!

Aber die pdf ist ein scam oder? Das ist nicht wirklich von Bayer? Ich habe die pdf nicht geöffnet.


Geändert von Steve12 (23.01.2014 um 09:55 Uhr)

Alt 24.01.2014, 06:34   #6
schrauber
/// the machine
/// TB-Ausbilder
 

Infizierte Email "Bayer.com" - Standard

Infizierte Email "Bayer.com"



Ich habe sie auch nicht geöffnet. Schreib mir heute abend mal ne PM, ich öffne sie in einer VM
__________________
--> Infizierte Email "Bayer.com"

Antwort

Themen zu Infizierte Email "Bayer.com"
absender, anhang, email, geschickt, infiziert, infizierte, informationen, leute, mailadresse, melde, melden, möglicherweise, stand, thunderbird, wahrscheinlich, öffnen



Ähnliche Themen: Infizierte Email "Bayer.com"


  1. mehrere Kontakte bekommen eine Email "Hey! Important message", "js/js Mahtong"
    Log-Analyse und Auswertung - 20.02.2016 (51)
  2. Diverse Malware ("CoolSaleCoupon", "ddownlloaditkeep", "omiga-plus", "SaveSense", "SaleItCoupon"); lahmer PC & viel Werbung!
    Plagegeister aller Art und deren Bekämpfung - 11.01.2015 (16)
  3. "YouTube Downloader" runtergeladen und nun infizierte Objekte auf dem Rechner
    Plagegeister aller Art und deren Bekämpfung - 25.02.2014 (12)
  4. Infizierte Datei "trojan.msil" gefunden !
    Plagegeister aller Art und deren Bekämpfung - 19.01.2014 (5)
  5. Windows 7: vermutlich infizierte Mail "Luftfrachsendung AWB" Attachment geöffnet
    Plagegeister aller Art und deren Bekämpfung - 30.12.2013 (15)
  6. Infizierte Datei-"FacebookVideoCallSetup(Trojan.Agent)"
    Log-Analyse und Auswertung - 14.12.2013 (9)
  7. "monstermarketplace.com" Infektion und ihre Folgen; "Anti-Virus-Blocker"," unsichtbare Toolbars" + "Browser-Hijacker" von selbst installiert
    Log-Analyse und Auswertung - 16.11.2013 (21)
  8. Malewarebytes fand infizierte Datei "PUP.Optional.DownloadSponsor.A"
    Log-Analyse und Auswertung - 22.10.2013 (8)
  9. "Deutsche Post(eMail-Anhang)" Alle "EXE(Programme)" werden blockiert "WIN 7 Defender"
    Plagegeister aller Art und deren Bekämpfung - 27.12.2012 (3)
  10. Programme "entwählen" sich aller 2 Minuten & infizierte Desktop.ini
    Plagegeister aller Art und deren Bekämpfung - 21.11.2012 (1)
  11. "Stille" email an vorhandenes email-account senden um emails mitzulesen?
    Überwachung, Datenschutz und Spam - 29.08.2012 (2)
  12. Trojaner email- "Deine Datingwebseite-Vertragsrechnung NR: 437734395" mit Anhang "Abmelden.zip.
    Plagegeister aller Art und deren Bekämpfung - 25.05.2012 (4)
  13. "kostenpflichtiges Upgrade für infizierte Windowssysteme"
    Plagegeister aller Art und deren Bekämpfung - 16.02.2012 (28)
  14. Malwarebytes Logfile: Infizierte File "Rogue.ControlCenter" - was ist das? Bitte um Hilfe!
    Log-Analyse und Auswertung - 03.11.2011 (14)
  15. Trojaner-Warnung / "ab wann" ist eine infizierte Datei schädlich?
    Plagegeister aller Art und deren Bekämpfung - 25.02.2010 (4)
  16. Internet Traffic und "möglicherweise gefährliche oder infizierte Datei"
    Log-Analyse und Auswertung - 17.04.2009 (3)
  17. "Adware.Virtumonde"/"Downloader.MisleadApp"/"TR/VB.agt.4"/"NewDotNet.A.1350"/"Fakerec
    Plagegeister aller Art und deren Bekämpfung - 22.08.2008 (6)

Zum Thema Infizierte Email "Bayer.com" - Hi Leute, ich bin zur Zeit auf arbeitssuche und irgendwie wahrscheinlich über monster.de wo ich meinen LL hinterlegt hatte, hat man meine Mailadresse bekommen und mir von diesem Absender: "hrdirect_noreply@bayer.com" - Infizierte Email "Bayer.com"...
Archiv
Du betrachtest: Infizierte Email "Bayer.com" auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.