unbekannte Dateien im Papierkorb

schrauber · 02.02.2014, 07:03

Zitat:

Oder soll ich sie teilen?

Code:

ATTFilter

Logs bitte immer in den Thread posten. Zur Not aufteilen und mehrere Posts nutzen.

Merkste was?

Zitat:

und ein frisches FRST log bitte. Noch Probleme?

rolf48 · 02.02.2014, 11:00

Zitat:

Zitat von schrauber

[CODE]
Merkste was?

Ja, die Datei im Papierkorb ist nicht mehr da. Danke.

Hier noch das FRST:

FRST Logfile:

Code:

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 01-02-2014 04
Ran by rolf48 (administrator) on MD-RK48 on 02-02-2014 10:46:14
Running from C:\Users\rolf48\1&1
Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 10
Boot Mode: Normal



==================== Processes (Whitelisted) =================

(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(ASUSTeK Computer Inc.) C:\Windows\System32\FBAgent.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ADSMTray.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
(ASUS) C:\Windows\AsScrPro.exe
() C:\Program Files (x86)\ASUS\ASUS Live Update\ALU.exe
(ASUS) C:\Program Files (x86)\ASUS\ASUS CopyProtect\ASPG.exe
(ASUS) C:\Program Files (x86)\ASUS\SmartLogon\sensorsrv.exe
(ATK) C:\Program Files\P4G\BatteryLife.exe
(ATK) C:\Program Files (x86)\ASUS\Splendid\ACMON.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe
(ASUSTeK) C:\Windows\SysWOW64\ACEngSvr.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft SQL Server\MSSQL10.SQLLANSWEEPER2K8\MSSQL\Binn\sqlservr.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Sonix Technology Co., Ltd.) C:\Windows\vsnp2uvc.exe
(Smartbar) C:\Users\rolf48\AppData\Local\Smartbar\Application\Smartbar.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ADSMSrv.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [snp2uvc] - C:\windows\vsnp2uvc.exe [909824 2013-06-20] (Sonix Technology Co., Ltd.)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [ASUSPRP] - C:\Program Files (x86)\ASUS\APRP\APRP.EXE [3331312 2012-02-24] (ASUSTek Computer Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [253816 2013-03-12] (Oracle Corporation)
HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
HKLM-x32\...\Run: [QuickTime Task] - C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2013-05-01] (Apple Inc.)
HKLM-x32\...\Run: [AvastUI.exe] - C:\Program Files\AVAST Software\Avast\AvastUI.exe [3764024 2013-12-25] (AVAST Software)
HKU\S-1-5-21-2649278200-1774979596-1112684347-1001\...\Run: [Browser Infrastructure Helper] - C:\Users\rolf48\AppData\Local\Smartbar\Application\Smartbar.exe [20248 2014-01-12] (Smartbar)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://feed.helperbar.com/?publisher=YahooOC&dpid=YahooOC&co=DE&userid=511a0f88-f3bb-4c4e-6aa9-cbba381f3cdf&searchtype=ds&p={searchTerms}&fr=linkury-tb&installDate=01/02/2014&type=hp1000
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.de/
HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://feed.helperbar.com/?publisher=YahooOC&dpid=YahooOC&co=DE&userid=511a0f88-f3bb-4c4e-6aa9-cbba381f3cdf&searchtype=ds&p={searchTerms}&fr=linkury-tb&installDate=01/02/2014&type=hp1000
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKLM-x32 - DefaultScope {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = hxxp://feed.helperbar.com/?publisher=YahooOC&dpid=YahooOC&co=DE&userid=511a0f88-f3bb-4c4e-6aa9-cbba381f3cdf&searchtype=ds&p={searchTerms}&fr=linkury-tb&installDate=01/02/2014&type=hp1000
SearchScopes: HKLM-x32 - {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = hxxp://feed.helperbar.com/?publisher=YahooOC&dpid=YahooOC&co=DE&userid=511a0f88-f3bb-4c4e-6aa9-cbba381f3cdf&searchtype=ds&p={searchTerms}&fr=linkury-tb&installDate=01/02/2014&type=hp1000
SearchScopes: HKCU - DefaultScope {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = hxxp://feed.helperbar.com/?publisher=YahooOC&dpid=YahooOC&co=DE&userid=511a0f88-f3bb-4c4e-6aa9-cbba381f3cdf&searchtype=ds&p={searchTerms}&fr=linkury-tb&installDate=01/02/2014&type=hp1000
SearchScopes: HKCU - {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = hxxp://feed.helperbar.com/?publisher=YahooOC&dpid=YahooOC&co=DE&userid=511a0f88-f3bb-4c4e-6aa9-cbba381f3cdf&searchtype=ds&p={searchTerms}&fr=linkury-tb&installDate=01/02/2014&type=hp1000
SearchScopes: HKCU - ÛŸÆîZ§’2¹Þpv¨IÍá*X(Ž2s(ÛÎÀJºÔÓµ± vË°!×—(ä¼48Ð¸patm6êo^Mp`Ëõ÷_i£w˜¾!„Áû†x¢8€ÙjÀÿþ*´Ñ;áa´[¦†8*º~RÙxœòÜ8'£-)x*ä* URL = 
BHO: avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO: Yahoo Community Smartbar (by Linkury)Engine - {31ad400d-1b06-4e33-a59a-90c2c140cba0} - C:\windows\system32\mscoree.dll (Microsoft Corporation)
BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll No File
BHO-x32: Yahoo Community Smartbar (by Linkury)Engine - {31ad400d-1b06-4e33-a59a-90c2c140cba0} - C:\windows\SysWOW64\mscoree.dll (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO-x32: Microsoft-Konto-Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Flagfox - {BA7B8F39-DF7F-4A98-83E9-57CE6ED9CA24} - C:\Users\rolf48\AppData\LocalLow\Flagfox\IE\Flagfox.dll (Dave G)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll No File
Toolbar: HKLM - avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
Toolbar: HKLM - avast! Online Security - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
Toolbar: HKLM - Yahoo Community Smartbar (by Linkury) - {ae07101b-46d4-4a98-af68-0333ea26e113} - C:\windows\system32\mscoree.dll (Microsoft Corporation)
Toolbar: HKLM-x32 - avast! Online Security - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
Toolbar: HKLM-x32 - Yahoo Community Smartbar (by Linkury) - {ae07101b-46d4-4a98-af68-0333ea26e113} - C:\windows\SysWOW64\mscoree.dll (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1

FireFox:
========
FF Plugin: @adobe.com/FlashPlayer - C:\windows\system32\Macromed\Flash\NPSWF64_12_0_0_43.dll ()
FF Plugin: @java.com/DTPlugin,version=10.5.0 - C:\windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_43.dll ()
FF Plugin-x32: @java.com/DTPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3505.0912 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @Google.com/GoogleEarthPlugin - C:\Users\rolf48\AppData\Local\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Extension: No Name - C:\Users\rolf48\AppData\Roaming\Mozilla\Firefox\profiles\extensions\extensions [2013-04-12]
FF Extension: HDvid Codec - C:\Users\rolf48\AppData\Roaming\Mozilla\Firefox\profiles\extensions\hdvc@hdvc.com.xpi [2013-04-08]
FF Extension: Movie2kDownloader - C:\Users\rolf48\AppData\Roaming\Mozilla\Firefox\profiles\extensions\movie2kdownloader@movie2kdownloader.com.xpi [2012-12-13]
FF HKLM-x32\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF HKCU\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3

Chrome: 
=======
CHR HomePage: hxxp://www.google.de/
CHR Extension: (Yahoo Community Smartbar) - C:\Users\rolf48\AppData\Local\Google\Chrome\User Data\Default\Extensions\amfclgbdpgndipgoegfpkkgobahigbcl [2014-02-01]
CHR Extension: (Google Drive) - C:\Users\rolf48\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-11-14]
CHR Extension: (YouTube) - C:\Users\rolf48\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-11-14]
CHR Extension: (Google-Suche) - C:\Users\rolf48\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-11-14]
CHR Extension: (Malvorlagen) - C:\Users\rolf48\AppData\Local\Google\Chrome\User Data\Default\Extensions\foniidelkdlapcpngdpcchdemnemdbnf [2014-01-18]
CHR Extension: (Der Planer der Räume) - C:\Users\rolf48\AppData\Local\Google\Chrome\User Data\Default\Extensions\gjfkgdpkecnmfcgfpfibpcnkeakahllc [2014-01-20]
CHR Extension: (avast! Online Security) - C:\Users\rolf48\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2014-01-18]
CHR Extension: (Marble) - C:\Users\rolf48\AppData\Local\Google\Chrome\User Data\Default\Extensions\ijhebjoppbkfocoeceijgihihgckeool [2014-01-27]
CHR Extension: (Google Wallet) - C:\Users\rolf48\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-23]
CHR Extension: (Google Mail) - C:\Users\rolf48\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-11-14]
CHR HKCU\...\Chrome\Extension: [engeblojhfeingnjnfpiceofljnjpldp] - C:\Users\rolf48\AppData\Local\CRE\engeblojhfeingnjnfpiceofljnjpldp.crx [2013-11-14]
CHR HKCU\...\Chrome\Extension: [nikpibnbobmbdbheedjfogjlikpgpnhp] - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\DVDVideoSoftBrowserExtension.crx [2013-11-14]
CHR HKLM-x32\...\Chrome\Extension: [cfdfamfnacokbbbnmpdfmhonipnhmbid] - C:\Users\rolf48\AppData\LocalLow\Flagfox\CHROME\Flagfox.crx [2013-04-28]
CHR HKLM-x32\...\Chrome\Extension: [engeblojhfeingnjnfpiceofljnjpldp] - C:\Users\rolf48\AppData\Local\CRE\engeblojhfeingnjnfpiceofljnjpldp.crx [2013-04-28]

==================== Services (Whitelisted) =================

R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2013-12-25] (AVAST Software)
R2 MSSQL$SQLLANSWEEPER2K8; C:\Program Files (x86)\Microsoft SQL Server\MSSQL10.SQLLANSWEEPER2K8\MSSQL\Binn\sqlservr.exe [43028328 2011-09-22] (Microsoft Corporation)
S4 SQLAgent$SQLLANSWEEPER2K8; C:\Program Files (x86)\Microsoft SQL Server\MSSQL10.SQLLANSWEEPER2K8\MSSQL\Binn\SQLAGENT.EXE [370024 2011-09-22] (Microsoft Corporation)
S4 StarMoney 8.0 OnlineUpdate; C:\Program Files (x86)\StarMoney 8.0\ouservice\StarMoneyOnlineUpdate.exe [699680 2012-12-21] (Star Finanz - Software Entwicklung und Vertriebs GmbH)

==================== Drivers (Whitelisted) ====================

R2 aswMonFlt; C:\windows\system32\drivers\aswMonFlt.sys [78648 2013-12-25] (AVAST Software)
R1 aswRdr; C:\windows\system32\drivers\aswRdr2.sys [92544 2013-12-04] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2013-12-04] ()
R1 aswSnx; C:\windows\system32\drivers\aswSnx.sys [1034464 2013-12-25] (AVAST Software)
R1 aswSP; C:\windows\system32\drivers\aswSP.sys [422216 2013-12-25] (AVAST Software)
R3 aswStm; C:\windows\system32\drivers\aswStm.sys [79672 2013-12-25] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [207904 2013-12-25] ()
R3 avmaura; C:\Windows\System32\DRIVERS\avmaura.sys [116480 2013-10-01] (AVM Berlin)
S3 NPF; C:\Windows\System32\drivers\NPF.sys [35344 2012-09-22] (CACE Technologies, Inc.)
S3 NPF; C:\Windows\SysWOW64\drivers\NPF.sys [35344 2012-09-22] (CACE Technologies, Inc.)
S3 pwdrvio; C:\windows\system32\pwdrvio.sys [19152 2013-09-30] ()
S3 pwdspio; C:\windows\system32\pwdspio.sys [12504 2013-09-30] ()
R3 SNP2UVC; C:\Windows\System32\DRIVERS\snp2uvc.sys [1800832 2013-06-20] (Sonix Technology Co., Ltd.)
R1 ui11rdr; C:\Windows\System32\DRIVERS\ui11rdr.sys [199752 2011-11-21] (1&1 Internet AG)
U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
S3 catchme; \??\C:\ComboFix\catchme.sys [x]
S3 CXCVBS; system32\drivers\cxCVBS.sys [x]
S3 esgiguard; \??\C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [x]
S3 ewusbnet; system32\DRIVERS\ewusbnet.sys [x]
S3 ew_hwusbdev; system32\DRIVERS\ew_hwusbdev.sys [x]
S3 Huawei; system32\DRIVERS\ewdcsc.sys [x]
S3 huawei_enumerator; system32\DRIVERS\ew_jubusenum.sys [x]
S3 hwdatacard; system32\DRIVERS\ewusbmdm.sys [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-02-01 15:49 - 2014-02-01 16:49 - 00002602 _____ () C:\Users\rolf48\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Search.lnk
2014-02-01 15:49 - 2014-02-01 16:49 - 00002555 _____ () C:\Users\rolf48\Desktop\Search.lnk
2014-02-01 15:48 - 2014-02-01 15:49 - 00000000 ____D () C:\Users\rolf48\AppData\Local\Smartbar
2014-02-01 15:47 - 2014-02-01 15:47 - 00001402 _____ () C:\Users\Public\Desktop\Free YouTube Download.lnk
2014-02-01 15:47 - 2014-02-01 15:47 - 00001205 _____ () C:\Users\Public\Desktop\DVDVideoSoft Free Studio.lnk
2014-02-01 15:47 - 2014-02-01 15:47 - 00000000 ____D () C:\Users\rolf48\AppData\Roaming\OpenCandy
2014-02-01 15:43 - 2014-02-01 15:44 - 32244744 _____ (DVDVideoSoft Ltd. ) C:\Users\rolf48\Downloads\FreeYouTubeDownload-3.2.20.1230.exe
2014-01-30 14:57 - 2014-01-30 14:57 - 00000626 _____ () C:\Users\rolf48\Desktop\JRT.txt
2014-01-30 11:58 - 2014-01-30 16:49 - 00000000 ____D () C:\Users\rolf48\Desktop\SI
2014-01-28 16:56 - 2014-02-02 10:46 - 00000000 ___DC () C:\FRST
2014-01-23 15:17 - 2014-01-23 15:17 - 00000000 ____D () C:\Users\rolf48\AppData\Roaming\.kde
2014-01-23 15:17 - 2014-01-23 15:17 - 00000000 ____D () C:\Users\rolf48\AppData\Local\GNU
2014-01-23 15:16 - 2014-01-24 09:02 - 00000000 ____D () C:\Users\rolf48\AppData\Roaming\gnupg
2014-01-23 15:16 - 2014-01-23 15:16 - 00000000 ____D () C:\ProgramData\GNU
2014-01-21 10:33 - 2014-01-21 10:33 - 00000000 ____D () C:\Users\rolf48\Documents\Fax
2014-01-21 10:32 - 2014-01-21 10:32 - 00007334 _____ () C:\Users\rolf48\Desktop\OpenDocument Text (neu).odt
2014-01-21 10:16 - 2014-01-21 10:17 - 18232168 _____ (AVM Berlin ) C:\Users\rolf48\Desktop\FRITZ!fax_3.07.04.exe
2014-01-20 11:41 - 2014-02-02 10:20 - 00000095 _____ () C:\Users\rolf48\.accessibility.properties
2014-01-18 13:33 - 2013-12-18 21:09 - 00096168 _____ (Oracle Corporation) C:\windows\SysWOW64\WindowsAccessBridge-32.dll
2014-01-18 13:33 - 2013-12-18 21:04 - 00264616 _____ (Oracle Corporation) C:\windows\SysWOW64\javaws.exe
2014-01-18 13:33 - 2013-12-18 21:04 - 00175016 _____ (Oracle Corporation) C:\windows\SysWOW64\javaw.exe
2014-01-18 13:33 - 2013-12-18 21:03 - 00174504 _____ (Oracle Corporation) C:\windows\SysWOW64\java.exe
2014-01-18 13:32 - 2014-01-18 13:33 - 00005327 _____ () C:\windows\SysWOW64\jupdate-1.7.0_51-b13.log
2014-01-15 09:24 - 2013-11-27 02:41 - 00343040 _____ (Microsoft Corporation) C:\windows\system32\Drivers\usbhub.sys
2014-01-15 09:24 - 2013-11-27 02:41 - 00325120 _____ (Microsoft Corporation) C:\windows\system32\Drivers\usbport.sys
2014-01-15 09:24 - 2013-11-27 02:41 - 00099840 _____ (Microsoft Corporation) C:\windows\system32\Drivers\usbccgp.sys
2014-01-15 09:24 - 2013-11-27 02:41 - 00053248 _____ (Microsoft Corporation) C:\windows\system32\Drivers\usbehci.sys
2014-01-15 09:24 - 2013-11-27 02:41 - 00030720 _____ (Microsoft Corporation) C:\windows\system32\Drivers\usbuhci.sys
2014-01-15 09:24 - 2013-11-27 02:41 - 00025600 _____ (Microsoft Corporation) C:\windows\system32\Drivers\usbohci.sys
2014-01-15 09:24 - 2013-11-27 02:41 - 00007808 _____ (Microsoft Corporation) C:\windows\system32\Drivers\usbd.sys
2014-01-15 09:24 - 2013-11-26 12:40 - 00376768 _____ (Microsoft Corporation) C:\windows\system32\Drivers\netio.sys
2014-01-15 09:24 - 2013-11-26 11:32 - 03156480 _____ (Microsoft Corporation) C:\windows\system32\win32k.sys

==================== One Month Modified Files and Folders =======

2014-02-02 10:46 - 2014-01-28 16:56 - 00000000 ___DC () C:\FRST
2014-02-02 10:46 - 2013-07-18 09:28 - 00000000 ____D () C:\Users\rolf48\1&1
2014-02-02 10:46 - 2012-02-24 03:29 - 00001124 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-02-02 10:42 - 2012-12-06 12:56 - 00000000 ____D () C:\Users\rolf48\AppData\Local\Windows Live
2014-02-02 10:41 - 2013-04-17 17:08 - 00000884 _____ () C:\windows\Tasks\Adobe Flash Player Updater.job
2014-02-02 10:27 - 2009-07-14 05:45 - 00009696 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-02-02 10:27 - 2009-07-14 05:45 - 00009696 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-02-02 10:25 - 2012-12-04 21:12 - 01732538 _____ () C:\windows\WindowsUpdate.log
2014-02-02 10:20 - 2014-01-20 11:41 - 00000095 _____ () C:\Users\rolf48\.accessibility.properties
2014-02-02 10:20 - 2013-03-13 08:58 - 00045056 _____ () C:\windows\system32\acovcnt.exe
2014-02-02 10:20 - 2012-12-06 10:46 - 00000000 ____D () C:\Users\rolf48
2014-02-02 10:20 - 2012-02-24 03:29 - 00001120 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-02-02 10:20 - 2009-07-14 06:08 - 00000006 ____H () C:\windows\Tasks\SA.DAT
2014-02-02 10:19 - 2009-07-14 05:51 - 00185547 _____ () C:\windows\setupact.log
2014-02-01 23:44 - 2013-10-18 08:10 - 00003930 _____ () C:\windows\System32\Tasks\User_Feed_Synchronization-{96B8498A-B99B-4919-B159-038B7D52378E}
2014-02-01 22:44 - 2013-09-23 08:10 - 00000000 ____D () C:\Program Files (x86)\freestar
2014-02-01 22:35 - 2013-01-21 21:06 - 00000000 ____D () C:\windows\System32\Tasks\NCH Software
2014-02-01 22:35 - 2013-01-21 21:06 - 00000000 ____D () C:\ProgramData\NCH Software
2014-02-01 22:35 - 2013-01-21 21:05 - 00000000 ____D () C:\Program Files (x86)\NCH Software
2014-02-01 22:29 - 2012-12-04 21:08 - 00002334 _____ () C:\windows\system32\AutoRunFilter.ini
2014-02-01 22:29 - 2012-02-24 02:34 - 00591518 _____ () C:\windows\PFRO.log
2014-02-01 16:49 - 2014-02-01 15:49 - 00002602 _____ () C:\Users\rolf48\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Search.lnk
2014-02-01 16:49 - 2014-02-01 15:49 - 00002555 _____ () C:\Users\rolf48\Desktop\Search.lnk
2014-02-01 16:11 - 2011-02-19 05:24 - 00766166 _____ () C:\windows\system32\perfh007.dat
2014-02-01 16:11 - 2011-02-19 05:24 - 00176030 _____ () C:\windows\system32\perfc007.dat
2014-02-01 16:11 - 2009-07-14 06:13 - 01808322 _____ () C:\windows\system32\PerfStringBackup.INI
2014-02-01 15:49 - 2014-02-01 15:48 - 00000000 ____D () C:\Users\rolf48\AppData\Local\Smartbar
2014-02-01 15:47 - 2014-02-01 15:47 - 00001402 _____ () C:\Users\Public\Desktop\Free YouTube Download.lnk
2014-02-01 15:47 - 2014-02-01 15:47 - 00001205 _____ () C:\Users\Public\Desktop\DVDVideoSoft Free Studio.lnk
2014-02-01 15:47 - 2014-02-01 15:47 - 00000000 ____D () C:\Users\rolf48\AppData\Roaming\OpenCandy
2014-02-01 15:47 - 2013-12-15 12:56 - 00000000 ____D () C:\Program Files (x86)\DVDVideoSoft
2014-02-01 15:47 - 2012-12-10 21:54 - 00000000 ____D () C:\Users\rolf48\AppData\Roaming\DVDVideoSoft
2014-02-01 15:44 - 2014-02-01 15:43 - 32244744 _____ (DVDVideoSoft Ltd. ) C:\Users\rolf48\Downloads\FreeYouTubeDownload-3.2.20.1230.exe
2014-01-30 16:49 - 2014-01-30 11:58 - 00000000 ____D () C:\Users\rolf48\Desktop\SI
2014-01-30 14:57 - 2014-01-30 14:57 - 00000626 _____ () C:\Users\rolf48\Desktop\JRT.txt
2014-01-30 14:42 - 2013-04-29 10:32 - 00000000 ____D () C:\Users\rolf48\AppData\Roaming\Uniblue
2014-01-30 14:42 - 2013-04-29 10:32 - 00000000 ____D () C:\Program Files (x86)\Uniblue
2014-01-30 10:59 - 2013-02-17 23:36 - 00000000 ____D () C:\windows\ERUNT
2014-01-30 10:52 - 2013-05-06 15:23 - 00004182 _____ () C:\windows\System32\Tasks\avast! Emergency Update
2014-01-28 21:49 - 2013-09-24 09:47 - 00002137 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-01-24 09:02 - 2014-01-23 15:16 - 00000000 ____D () C:\Users\rolf48\AppData\Roaming\gnupg
2014-01-23 21:31 - 2012-12-04 21:08 - 00001790 _____ () C:\windows\system32\ServiceFilter.ini
2014-01-23 15:17 - 2014-01-23 15:17 - 00000000 ____D () C:\Users\rolf48\AppData\Roaming\.kde
2014-01-23 15:17 - 2014-01-23 15:17 - 00000000 ____D () C:\Users\rolf48\AppData\Local\GNU
2014-01-23 15:16 - 2014-01-23 15:16 - 00000000 ____D () C:\ProgramData\GNU
2014-01-22 14:36 - 2012-12-06 16:05 - 00000000 ____D () C:\Users\rolf48\AppData\Local\Adobe
2014-01-22 14:09 - 2013-04-17 17:08 - 00003822 _____ () C:\windows\System32\Tasks\Adobe Flash Player Updater
2014-01-22 14:09 - 2013-02-18 09:25 - 00692616 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerApp.exe
2014-01-22 14:09 - 2013-02-18 09:25 - 00071048 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-01-21 11:52 - 2009-07-14 06:32 - 00000000 ____D () C:\windows\system32\FxsTmp
2014-01-21 10:33 - 2014-01-21 10:33 - 00000000 ____D () C:\Users\rolf48\Documents\Fax
2014-01-21 10:32 - 2014-01-21 10:32 - 00007334 _____ () C:\Users\rolf48\Desktop\OpenDocument Text (neu).odt
2014-01-21 10:17 - 2014-01-21 10:16 - 18232168 _____ (AVM Berlin ) C:\Users\rolf48\Desktop\FRITZ!fax_3.07.04.exe
2014-01-18 13:33 - 2014-01-18 13:32 - 00005327 _____ () C:\windows\SysWOW64\jupdate-1.7.0_51-b13.log
2014-01-18 13:33 - 2013-10-20 18:35 - 00000000 ____D () C:\ProgramData\Oracle
2014-01-18 13:33 - 2013-02-18 09:36 - 00000000 ____D () C:\Program Files (x86)\Java
2014-01-16 16:35 - 2012-12-09 14:47 - 00014336 _____ () C:\Users\rolf48\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-01-16 09:02 - 2009-07-14 05:45 - 00317672 _____ () C:\windows\system32\FNTCACHE.DAT
2014-01-15 22:55 - 2013-07-12 11:54 - 00000000 ____D () C:\windows\system32\MRT
2014-01-15 22:51 - 2012-12-08 18:48 - 86054176 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe
2014-01-12 21:59 - 2013-01-13 09:26 - 01167360 ___SH () C:\Users\rolf48\Desktop\Thumbs.db
2014-01-11 09:55 - 2013-12-06 10:44 - 00009634 _____ () C:\Users\rolf48\Desktop\Tablet Bedienungsanleitung.lnk
2014-01-06 15:35 - 2013-02-06 11:17 - 00000000 ____D () C:\Users\rolf48\AppData\Local\GHISLER
2014-01-06 15:08 - 2013-07-08 11:27 - 00000000 ___DC () C:\Eigene Dateien

Some content of TEMP:
====================
C:\Users\rolf48\AppData\Local\Temp\fileutil.dll
C:\Users\rolf48\AppData\Local\Temp\FoxyDeal_Setup.exe
C:\Users\rolf48\AppData\Local\Temp\hpfaicm.exe
C:\Users\rolf48\AppData\Local\Temp\hpfinst.dll
C:\Users\rolf48\AppData\Local\Temp\hpfiui.exe
C:\Users\rolf48\AppData\Local\Temp\hpfmicm.exe
C:\Users\rolf48\AppData\Local\Temp\hpzglu07.exe
C:\Users\rolf48\AppData\Local\Temp\jre-7u45-windows-i586-iftw.exe
C:\Users\rolf48\AppData\Local\Temp\jre-7u51-windows-i586-iftw.exe
C:\Users\rolf48\AppData\Local\Temp\mpsetup.exe
C:\Users\rolf48\AppData\Local\Temp\ppadsetup.exe
C:\Users\rolf48\AppData\Local\Temp\Quarantine.exe
C:\Users\rolf48\AppData\Local\Temp\SendMsg.dll
C:\Users\rolf48\AppData\Local\Temp\Softonic_chr_1-8-28-2.exe
C:\Users\rolf48\AppData\Local\Temp\tnsetup.exe
C:\Users\rolf48\AppData\Local\Temp\vis-de.exe
C:\Users\rolf48\AppData\Local\Temp\vis-de[1].exe


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2014-01-29 10:19

==================== End Of Log ============================

--- --- ---

unbekannte Dateien im Papierkorb

Log-Analyse und Auswertung: unbekannte Dateien im Papierkorb

unbekannte Dateien im Papierkorb

unbekannte Dateien im Papierkorb

Ähnliche Themen: unbekannte Dateien im Papierkorb