| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Spam Mails werden von yahoo account verschickt - auch nach PasswortänderungWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
28.03.2014, 13:58
| #1 |
| |  Spam Mails werden von yahoo account verschickt - auch nach Passwortänderung Hallo, mein Problem ist folgendes: Ende letzten Jahres wurden von meinem Yahoo account SPAM Mails verschickt. Daraufhin habe ich das Passwort geändert, Virenscanner hat seiner Zeit keinen Befall feststellen können. Jetzt habe ich gestern von verschiedenen Bekannten mitgeteilt bekommen, dass wieder Spam Mails verschickt wurden  Hier die geforderten Log Files: Code:
ATTFilter defogger_disable by jpshortstuff (23.02.10.1)
Log created at 13:06 on 28/03/2014 (andreas)
Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.
Checking for services/drivers...
-=E.O.F=-
FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 13-03-2014
Ran by andreas (administrator) on ANDREAS-PC on 28-03-2014 13:10:11
Running from C:\Users\andreas\Desktop
Windows 7 Home Premium Service Pack 1 (X64) OS Language: English(US)
Internet Explorer Version 11
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(NVIDIA Corporation) C:\windows\system32\nvvsvc.exe
(NVIDIA Corporation) C:\windows\system32\nvvsvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Microsoft Corporation) C:\windows\SysWOW64\svchost.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(Starfield Technologies) C:\Program Files (x86)\Workspace\offSyncService.exe
() C:\windows\SysWOW64\Rezip.exe
(SafeNet, Inc.) C:\Program Files\SafeNet\Authentication\SAC\x64\SACSrv.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Yahoo! Inc.) C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(SEC) C:\Program Files (x86)\Samsung\Samsung Recovery Solution 4\WCScheduler.exe
(Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\Easy Display Manager\dmhkcore.exe
(SAMSUNG Electronics) C:\Program Files (x86)\Samsung\Samsung Support Center\SSCKbdHk.exe
(Samsung Electronics Co., Ltd.) C:\Program Files (x86)\SAMSUNG\EasySpeedUpManager\EasySpeedUpManager.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.22.5\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.22.5\GoogleCrashHandler64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Microsoft Corporation) C:\Windows\WindowsMobile\wmdc.exe
(Akamai Technologies, Inc.) C:\Users\andreas\AppData\Local\Akamai\netsession_win.exe
(Starfield Technologies) C:\Users\andreas\AppData\Local\Workspace\workspaceupdate.exe
(Starfield Technologies) C:\Users\andreas\AppData\Local\Workspace\workspacestatus.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(Dropbox, Inc.) C:\Users\andreas\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Akamai Technologies, Inc.) C:\Users\andreas\AppData\Local\Akamai\netsession_win.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD8\PDVD8Serv.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Nero AG) C:\Program Files (x86)\Nero\Update\NASvc.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
() C:\Users\andreas\Desktop\Defogger.exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2074408 2010-02-26] (Synaptics Incorporated)
HKLM\...\Run: [NvCplDaemon] - C:\windows\system32\NvCpl.dll [16413288 2010-02-09] (NVIDIA Corporation)
HKLM\...\Run: [Windows Mobile Device Center] - C:\Windows\WindowsMobile\wmdc.exe [660360 2007-05-31] (Microsoft Corporation)
HKLM-x32\...\Run: [RemoteControl8] - C:\Program Files (x86)\CyberLink\PowerDVD8\PDVD8Serv.exe [91432 2009-04-15] (CyberLink Corp.)
HKLM-x32\...\Run: [PDVD8LanguageShortcut] - C:\Program Files (x86)\CyberLink\PowerDVD8\Language\Language.exe [50472 2009-04-15] (CyberLink Corp.)
HKLM-x32\...\Run: [GrooveMonitor] - C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
HKLM-x32\...\Run: [Ad-Aware Browsing Protection] - C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe [198032 2011-10-21] (Lavasoft)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [avgnt] - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [689744 2014-02-20] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM-x32\...\Run: [HP Software Update] - C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard)
HKLM-x32\...\Run: [] - [X]
HKU\S-1-5-21-522234228-4192544273-3428825822-1001\...\Run: [Akamai NetSession Interface] - C:\Users\andreas\AppData\Local\Akamai\netsession_win.exe [4489472 2013-06-05] (Akamai Technologies, Inc.)
HKU\S-1-5-21-522234228-4192544273-3428825822-1001\...\Run: [swg] - C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2011-08-06] (Google Inc.)
HKU\S-1-5-21-522234228-4192544273-3428825822-1001\...\Run: [Starfield Updater] - C:\Users\andreas\AppData\Local\Workspace\WorkspaceUpdate.exe [35008 2013-05-26] (Starfield Technologies)
HKU\S-1-5-21-522234228-4192544273-3428825822-1001\...\Run: [Workspace Status] - C:\Users\andreas\AppData\Local\Workspace\workspacestatus.exe [694760 2013-07-26] (Starfield Technologies)
HKU\S-1-5-21-522234228-4192544273-3428825822-1001\...\Run: [Skype] - C:\Program Files (x86)\Skype\Phone\Skype.exe [20922016 2014-02-10] (Skype Technologies S.A.)
HKU\S-1-5-21-522234228-4192544273-3428825822-1001\...\MountPoints2: F - F:\AutoRun.exe
HKU\S-1-5-21-522234228-4192544273-3428825822-1001\...\MountPoints2: {32f51433-89e1-11e0-97a7-002454e954ae} - F:\AutoRun.exe
HKU\S-1-5-21-522234228-4192544273-3428825822-1001\...\MountPoints2: {32f51450-89e1-11e0-97a7-002454e954ae} - F:\AutoRun.exe
HKU\S-1-5-21-522234228-4192544273-3428825822-1001\...\MountPoints2: {41887a51-d21b-11e0-bf74-18f46a98bd77} - F:\AutoRun.exe
HKU\S-1-5-21-522234228-4192544273-3428825822-1001\...\MountPoints2: {6b2f40ea-8e7a-11e0-8377-001e101f57d0} - F:\AutoRun.exe
HKU\S-1-5-21-522234228-4192544273-3428825822-1001\...\MountPoints2: {6c622be6-6ed1-11e3-88f1-b093d91fc81a} - F:\Autorun.exe
HKU\S-1-5-21-522234228-4192544273-3428825822-1001\...\MountPoints2: {724dbaef-39fa-11e2-89df-c98f64111666} - F:\Autorun.exe
HKU\S-1-5-21-522234228-4192544273-3428825822-1001\...\MountPoints2: {7aa5abac-6b8b-11e2-b97e-1ef46a98bd77} - F:\Autorun.exe
HKU\S-1-5-21-522234228-4192544273-3428825822-1001\...\MountPoints2: {e67be80c-e7ab-11e2-bc21-18f46a98bd77} - G:\AutoRun.exe
Startup: C:\Users\andreas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\andreas\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
Startup: C:\Users\andreas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
ShortcutTarget: OneNote 2007 Screen Clipper and Launcher.lnk -> C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:Tabs
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://de.yahoo.com/?fr=fp-yie9
SearchScopes: HKCU - DefaultScope {F3EC1F04-D859-491B-921C-C994A33669CD} URL = hxxp://search.zonealarm.com/search?src=sp&tbid=goughGA&Lan=de&q={searchTerms}&gu=386d05aab96640798e6ea6ac9f50f5fc&tu=10GXz00Au1C01g0&sku=&tstsId=&ver=&&r=334
SearchScopes: HKCU - {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = hxxp://search.babylon.com/?q={searchTerms}&AF=108760&babsrc=SP_ss&mntrId=c641592b0000000000001ef46a98bd77
SearchScopes: HKCU - {171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E} URL = hxxp://websearch.ask.com/redirect?client=ie&tb=WBG&o=15132&src=crm&q={searchTerms}&locale=en_US
SearchScopes: HKCU - {3BD44F0E-0596-4008-AEE0-45D47E3A8F0E} URL = hxxp://www.google.com/search?ie=utf-8&oe=utf-8&mssrc=ms_chr&mstb=adawaretb&q={searchTerms}
SearchScopes: HKCU - {92C33D4D-06C3-49C7-9BDC-3A342E3899AD} URL = hxxp://de.search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=chr-yie9
SearchScopes: HKCU - {AD20EAA2-12B9-46B5-BBB3-32A3A31661D2} URL = hxxp://www.flickr.com/search/?q={searchTerms}
SearchScopes: HKCU - {F3EC1F04-D859-491B-921C-C994A33669CD} URL = hxxp://search.zonealarm.com/search?src=sp&tbid=goughGA&Lan=de&q={searchTerms}&gu=386d05aab96640798e6ea6ac9f50f5fc&tu=10GXz00Au1C01g0&sku=&tstsId=&ver=&&r=334
BHO: Windows Live Family Safety Browser Helper Class - {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - C:\Program Files\Windows Live\Family Safety\fssbho.dll (Microsoft Corporation)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
BHO: Skype add-on for Internet Explorer - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)
BHO-x32: BFlix Class - {0C9F4179-6CE2-4c6a-A3E5-67FF3592A12E} - C:\Program Files (x86)\BFlix\BFlix.dll (BFlix)
BHO-x32: No Name - {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO-x32: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO-x32: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO-x32: Skype Browser Helper - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: Google Gears Helper - {E0FEFE40-FBF9-42AE-BA58-794CA7E3FB53} - C:\Program Files (x86)\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll (Google Inc.)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKCU - No Name - {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
Toolbar: HKCU - Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
DPF: HKLM-x32 {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)
Handler-x32: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
Handler-x32: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
Tcpip\..\Interfaces\{011E7012-FCC3-417B-B375-8A252ADD8B30}: [NameServer]193.189.244.206 193.189.244.225
Tcpip\..\Interfaces\{708DB8B2-E39B-4BEE-842B-07EC99E3E497}: [NameServer]193.189.244.206 193.189.244.225
Tcpip\..\Interfaces\{8B8CA7B7-057C-43EE-9A22-091EB0577D86}: [NameServer]193.189.244.206 193.189.244.225
FireFox:
========
FF ProfilePath: C:\Users\andreas\AppData\Roaming\Mozilla\Firefox\Profiles\f3er6lil.default
FF user.js: detected! => C:\Users\andreas\AppData\Roaming\Mozilla\Firefox\Profiles\f3er6lil.default\user.js
FF Homepage: hxxp://yahoo.de/
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/FlashPlayer - C:\windows\system32\Macromed\Flash\NPSWF64_11_1_102.dll ()
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF Plugin-x32: @checkpoint.com/FFApi - C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\npFFApi.dll No File
FF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @java.com/DTPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=14.0.8117.0416 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @starfield.com/off - C:\Users\andreas\AppData\Roaming\Mozilla\Plugins\npoff.dll ( Starfield Technologies, LLC.)
FF Plugin HKCU: @starfield.com/off64 - C:\Users\andreas\AppData\Roaming\Mozilla\Plugins\npoff64.dll ( Starfield Technologies, LLC.)
FF Plugin HKCU: @starfield.com/wbe - C:\Users\andreas\AppData\Roaming\Mozilla\Plugins\npwbe.dll (Starfield Technology, LLC)
FF Plugin HKCU: @starfield.com/wbe64 - C:\Users\andreas\AppData\Roaming\Mozilla\Plugins\npwbe64.dll (Starfield Technology, LLC)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Users\andreas\AppData\Roaming\mozilla\plugins\npoff.dll ( Starfield Technologies, LLC.)
FF Plugin ProgramFiles/Appdata: C:\Users\andreas\AppData\Roaming\mozilla\plugins\npoff64.dll ( Starfield Technologies, LLC.)
FF Plugin ProgramFiles/Appdata: C:\Users\andreas\AppData\Roaming\mozilla\plugins\npwbe.dll (Starfield Technology, LLC)
FF Plugin ProgramFiles/Appdata: C:\Users\andreas\AppData\Roaming\mozilla\plugins\npwbe64.dll (Starfield Technology, LLC)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: WBE Paste - C:\Users\andreas\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\wbepaste@starfield [2013-05-26]
FF Extension: Workspace Email Zoom - C:\Users\andreas\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\zoomext@starfield [2013-05-26]
FF Extension: Bflix extension - C:\Users\andreas\AppData\Roaming\Mozilla\Firefox\Profiles\f3er6lil.default\Extensions\info@thebflix.com [2012-01-28]
FF Extension: loadtbs - C:\Users\andreas\AppData\Roaming\Mozilla\Firefox\Profiles\f3er6lil.default\Extensions\software@loadtubes.com [2013-12-14]
FF Extension: Yahoo! Toolbar - C:\Users\andreas\AppData\Roaming\Mozilla\Firefox\Profiles\f3er6lil.default\Extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1} [2013-12-15]
FF Extension: Bluhell Firewall - C:\Users\andreas\AppData\Roaming\Mozilla\Firefox\Profiles\f3er6lil.default\Extensions\{6BB5760D-F97E-421B-AF5B-8457A90C3CED}.xpi [2013-12-15]
FF Extension: No Name - C:\Program Files (x86)\Mozilla Firefox\extensions\KavAntiBanner@Kaspersky.ru [2014-02-28]
FF Extension: Anti-Banner - C:\Program Files (x86)\Mozilla Firefox\extensions\KavAntiBanner@kaspersky.ru_bak [2014-02-28]
FF Extension: No Name - C:\Program Files (x86)\Mozilla Firefox\extensions\linkfilter@kaspersky.ru [2014-02-28]
FF Extension: Modul zur Link-Untersuchung - C:\Program Files (x86)\Mozilla Firefox\extensions\linkfilter@kaspersky.ru_bak [2014-02-28]
FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2014-03-03]
FF HKLM-x32\...\Firefox\Extensions: [{000a9d1c-beef-4f90-9363-039d445309b8}] - C:\Program Files (x86)\Google\Google Gears\Firefox\
FF Extension: Google Gears - C:\Program Files (x86)\Google\Google Gears\Firefox\ []
FF HKLM-x32\...\Firefox\Extensions: [virtualKeyboard@kaspersky.ru] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\FFExt\virtualKeyboard@kaspersky.ru
FF HKLM-x32\...\Firefox\Extensions: [KavAntiBanner@Kaspersky.ru] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\FFExt\KavAntiBanner@kaspersky.ru
FF HKLM-x32\...\Firefox\Extensions: [linkfilter@kaspersky.ru] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\FFExt\linkfilter@kaspersky.ru
FF HKLM-x32\...\Firefox\Extensions: [{FFB96CC1-7EB3-449D-B827-DB661701C6BB}] - C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker
Chrome:
=======
CHR DefaultSearchURL: hxxp://www.google.de/search?hl=de&source=hp&q={searchTerms}
CHR DefaultNewTabURL:
CHR Extension: (Google Docs) - C:\Users\andreas\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-12-13]
CHR Extension: (Google Drive) - C:\Users\andreas\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-12-13]
CHR Extension: (YouTube) - C:\Users\andreas\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-12-13]
CHR Extension: (Google Search) - C:\Users\andreas\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-12-13]
CHR Extension: (Bflix extension) - C:\Users\andreas\AppData\Local\Google\Chrome\User Data\Default\Extensions\jlfihafpijfdgmojeeigcldgchhojpfp [2014-03-04]
CHR Extension: (Skype Click to Call) - C:\Users\andreas\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2014-03-04]
CHR Extension: (Google Wallet) - C:\Users\andreas\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-23]
CHR Extension: (Gmail) - C:\Users\andreas\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-12-13]
CHR HKLM-x32\...\Chrome\Extension: [jlfihafpijfdgmojeeigcldgchhojpfp] - C:\Program Files (x86)\BFlix\BFlix.crx [2011-12-19]
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2014-03-03]
==================== Services (Whitelisted) =================
R2 Akamai; c:\program files (x86)\common files\akamai/netsession_win_8fa3539.dll [4569856 2013-07-01] (Akamai Technologies, Inc.)
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [440400 2014-02-20] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [440400 2014-02-20] (Avira Operations GmbH & Co. KG)
S4 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\avwebg7.exe [1017424 2014-02-20] (Avira Operations GmbH & Co. KG)
S3 Autodesk Licensing Service; C:\Program Files (x86)\Common Files\Autodesk Shared\Service\AdskScSrv.exe [77944 2011-03-08] (Autodesk)
R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1363584 2014-03-03] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1748608 2014-03-03] (Microsoft Corporation)
R2 File Backup; C:\Program Files (x86)\Workspace\offSyncService.exe [1187040 2013-07-22] (Starfield Technologies)
R2 Rezip; C:\windows\SysWOW64\Rezip.exe [311296 2009-03-05] ()
R2 SACSrv; C:\Program Files\SafeNet\Authentication\SAC\x64\SACSrv.exe [10712 2011-10-02] (SafeNet, Inc.)
S4 mcmscsvc; C:\PROGRA~2\McAfee\MSC\mcmscsvc.exe [X]
S4 McNASvc; "c:\PROGRA~2\COMMON~1\mcafee\mna\mcnasvc.exe" [X]
S4 McProxy; c:\PROGRA~2\COMMON~1\mcafee\mcproxy\mcproxy.exe [X]
S4 MpfService; "C:\Program Files (x86)\McAfee\MPF\MPFSrv.exe" [X]
S2 MSK80Service; "C:\Program Files (x86)\McAfee\MSK\MskSrver.exe" [X]
==================== Drivers (Whitelisted) ====================
R3 AKSIFDH; C:\Windows\System32\DRIVERS\aksifdh.sys [62632 2008-07-30] (Aladdin Knowledge Systems, Ltd.)
S3 AKSUP; C:\Windows\System32\drivers\aksup.sys [44712 2008-07-30] (Aladdin Knowledge Systems, Ltd.)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [108440 2013-12-09] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [131576 2013-12-09] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-12-09] (Avira Operations GmbH & Co. KG)
R2 avnetflt; C:\Windows\System32\DRIVERS\avnetflt.sys [84720 2013-12-09] (Avira Operations GmbH & Co. KG)
S3 ewusbnet; C:\Windows\System32\DRIVERS\ewusbnet.sys [243200 2009-10-21] (Huawei Technologies Co., Ltd.)
S3 hwusbdev; C:\Windows\System32\DRIVERS\ewusbdev.sys [114304 2009-10-12] (Huawei Technologies Co., Ltd.)
R3 iKeyEnum; C:\Windows\System32\DRIVERS\ikeyenum.sys [16160 2010-07-08] (SafeNet, Inc.)
R3 iKeyIFD; C:\Windows\System32\DRIVERS\ikeyifd.sys [22304 2010-07-08] (SafeNet, Inc.)
U5 klflt; C:\Windows\System32\Drivers\klflt.sys [89944 2013-02-21] (Kaspersky Lab)
S4 MPFP; C:\Windows\System32\Drivers\Mpfp.sys [176144 2010-07-15] (McAfee, Inc.)
U5 RnbToken; C:\Windows\System32\Drivers\RnbToken.sys [24352 2010-07-08] (SafeNet, Inc.)
S3 rtport; C:\windows\SysWOW64\drivers\rtport.sys [15144 2010-11-05] (Windows (R) 2003 DDK 3790 provider)
S4 Serial; C:\Windows\system32\DRIVERS\serial.sys [94208 2009-07-14] (Brother Industries Ltd.)
S3 yukonw7; C:\Windows\System32\DRIVERS\yk62x64.sys [395264 2009-09-28] ()
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2014-03-28 13:10 - 2014-03-28 13:10 - 00024591 _____ () C:\Users\andreas\Desktop\FRST.txt
2014-03-28 13:10 - 2014-03-28 13:10 - 00000000 ____D () C:\FRST
2014-03-28 13:09 - 2014-03-28 13:09 - 02157056 _____ (Farbar) C:\Users\andreas\Desktop\FRST64.exe
2014-03-28 13:08 - 2014-03-28 13:09 - 02157056 _____ (Farbar) C:\Users\andreas\Downloads\FRST64.exe
2014-03-28 13:07 - 2014-03-28 13:07 - 01145856 _____ (Farbar) C:\Users\andreas\Downloads\FRST.exe
2014-03-28 13:06 - 2014-03-28 13:06 - 00000476 _____ () C:\Users\andreas\Desktop\defogger_disable.log
2014-03-28 13:06 - 2014-03-28 13:06 - 00000000 _____ () C:\Users\andreas\defogger_reenable
2014-03-28 13:05 - 2014-03-28 13:05 - 00050477 _____ () C:\Users\andreas\Downloads\Defogger.exe
2014-03-28 13:05 - 2014-03-28 13:05 - 00050477 _____ () C:\Users\andreas\Desktop\Defogger.exe
2014-03-28 10:00 - 2014-03-28 10:00 - 00167424 _____ () C:\Users\andreas\Downloads\OBRASCI ZAVRSNI 2013 - SEMNONES (2).xls
2014-03-28 09:59 - 2014-03-28 09:59 - 00167424 _____ () C:\Users\andreas\Downloads\OBRASCI ZAVRSNI 2013 - SEMNONES (1).xls
2014-03-28 09:57 - 2014-03-28 09:57 - 00167424 _____ () C:\Users\andreas\Downloads\OBRASCI ZAVRSNI 2013 - SEMNONES.xls
2014-03-22 14:26 - 2014-03-22 14:33 - 00064000 ____H () C:\Users\Guest\Desktop\~WRL3555.tmp
2014-03-22 13:25 - 2014-03-22 13:34 - 00009169 _____ () C:\Users\andreas\Documents\Bieter.xlsx
2014-03-22 09:03 - 2014-03-22 09:03 - 00000000 ____D () C:\Users\Guest\AppData\Local\Adobe
2014-03-22 09:02 - 2014-03-22 09:02 - 00000000 ____D () C:\Users\Guest\AppData\Local\Google
2014-03-22 08:35 - 2014-03-22 08:35 - 00000000 ____D () C:\Users\Guest\AppData\Roaming\Avira
2014-03-22 08:29 - 2014-03-22 08:29 - 00000000 ____H () C:\windows\system32\Drivers\Msft_User_wpdcomp_01_09_00.Wdf
2014-03-22 06:45 - 2014-03-22 06:45 - 00000000 ____D () C:\Users\Guest\Desktop\Bieterregistrierungen
2014-03-21 16:09 - 2014-03-27 22:58 - 00003942 _____ () C:\windows\System32\Tasks\User_Feed_Synchronization-{92299EF7-1E5C-417C-864B-B520F20C2A67}
2014-03-20 23:33 - 2014-03-22 15:21 - 00000000 ____D () C:\Users\Guest\Desktop\forms
2014-03-20 23:33 - 2014-03-20 23:33 - 00000000 ____D () C:\Users\Guest\Desktop\logo avus
2014-03-20 23:20 - 2014-03-20 23:20 - 00000000 ____D () C:\Users\Guest\AppData\Local\adaware
2014-03-20 23:19 - 2014-03-25 10:52 - 00000000 ____D () C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CyberLink DVD Suite
2014-03-20 23:19 - 2014-03-22 09:03 - 00000000 ____D () C:\Users\Guest\AppData\Roaming\Adobe
2014-03-20 23:19 - 2014-03-20 23:20 - 00000000 ___RD () C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-03-20 23:19 - 2014-03-20 23:20 - 00000000 ___RD () C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2014-03-20 23:19 - 2014-03-20 23:20 - 00000000 ____D () C:\Users\Guest\AppData\Local\VirtualStore
2014-03-20 23:19 - 2014-03-20 23:19 - 00001413 _____ () C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-03-20 23:19 - 2014-03-20 23:19 - 00000020 ___SH () C:\Users\Guest\ntuser.ini
2014-03-20 23:19 - 2014-03-20 23:19 - 00000000 ____D () C:\Users\Guest\AppData\Local\offsync
2014-03-20 23:19 - 2014-03-20 23:19 - 00000000 ____D () C:\Users\Guest
2014-03-20 23:19 - 2011-03-10 16:30 - 00000000 ____D () C:\Users\Guest\AppData\Local\Microsoft Help
2014-03-20 23:19 - 2011-03-06 19:34 - 00001135 _____ () C:\Users\Guest\Desktop\CyberLink YouCam.lnk
2014-03-20 23:19 - 2011-03-06 19:34 - 00000000 ____D () C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CyberLink YouCam
2014-03-20 23:19 - 2010-08-04 03:37 - 00001190 _____ () C:\Users\Guest\Desktop\CyberLink DVD Suite.lnk
2014-03-20 23:19 - 2009-07-14 05:54 - 00000000 ___RD () C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2014-03-20 23:19 - 2009-07-14 05:49 - 00000000 ___RD () C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2014-03-13 21:26 - 2014-03-01 06:17 - 02724864 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb
2014-03-13 21:26 - 2014-03-01 06:16 - 00004096 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollectorres.dll
2014-03-13 21:26 - 2014-03-01 05:58 - 02765824 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
2014-03-13 21:26 - 2014-03-01 05:52 - 00066048 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll
2014-03-13 21:26 - 2014-03-01 05:51 - 00048640 _____ (Microsoft Corporation) C:\windows\system32\ieetwproxystub.dll
2014-03-13 21:26 - 2014-03-01 05:40 - 00033792 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll
2014-03-13 21:26 - 2014-03-01 05:30 - 17074688 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll
2014-03-13 21:26 - 2014-03-01 05:17 - 00218624 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe
2014-03-13 21:26 - 2014-03-01 05:11 - 02724864 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.tlb
2014-03-13 21:26 - 2014-03-01 04:52 - 00061952 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesetup.dll
2014-03-13 21:26 - 2014-03-01 04:51 - 00051200 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieetwproxystub.dll
2014-03-13 21:26 - 2014-03-01 04:47 - 02168320 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll
2014-03-13 21:26 - 2014-03-01 04:43 - 00043008 _____ (Microsoft Corporation) C:\windows\SysWOW64\jsproxy.dll
2014-03-13 21:26 - 2014-03-01 04:43 - 00032768 _____ (Microsoft Corporation) C:\windows\SysWOW64\iernonce.dll
2014-03-13 21:26 - 2014-03-01 04:42 - 00627200 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll
2014-03-13 21:26 - 2014-03-01 04:40 - 00440832 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieui.dll
2014-03-13 21:26 - 2014-03-01 04:38 - 00112128 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieUnatt.exe
2014-03-13 21:26 - 2014-03-01 04:37 - 00553472 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9diag.dll
2014-03-13 21:26 - 2014-03-01 04:35 - 02041856 _____ (Microsoft Corporation) C:\windows\system32\inetcpl.cpl
2014-03-13 21:26 - 2014-03-01 04:14 - 04244480 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll
2014-03-13 21:26 - 2014-03-01 04:03 - 00524288 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll
2014-03-13 21:26 - 2014-03-01 04:00 - 01964032 _____ (Microsoft Corporation) C:\windows\SysWOW64\inetcpl.cpl
2014-03-13 21:26 - 2014-03-01 03:57 - 11266048 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll
2014-03-13 21:26 - 2014-03-01 03:38 - 01393664 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
2014-03-13 21:26 - 2014-03-01 03:27 - 01156096 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll
2014-03-13 21:26 - 2014-02-07 02:23 - 03156480 _____ (Microsoft Corporation) C:\windows\system32\win32k.sys
2014-03-13 21:26 - 2014-01-29 03:32 - 00484864 _____ (Microsoft Corporation) C:\windows\system32\wer.dll
2014-03-13 21:26 - 2014-01-29 03:06 - 00381440 _____ (Microsoft Corporation) C:\windows\SysWOW64\wer.dll
2014-03-13 21:26 - 2014-01-28 03:32 - 00228864 _____ (Microsoft Corporation) C:\windows\system32\wwansvc.dll
2014-03-13 21:25 - 2014-03-01 07:05 - 23133696 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2014-03-13 21:25 - 2014-03-01 05:42 - 00053760 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll
2014-03-13 21:25 - 2014-03-01 05:37 - 00574976 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll
2014-03-13 21:25 - 2014-03-01 05:33 - 00139264 _____ (Microsoft Corporation) C:\windows\system32\ieUnatt.exe
2014-03-13 21:25 - 2014-03-01 05:33 - 00111616 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollector.exe
2014-03-13 21:25 - 2014-03-01 05:32 - 00708608 _____ (Microsoft Corporation) C:\windows\system32\jscript9diag.dll
2014-03-13 21:25 - 2014-03-01 05:23 - 00940032 _____ (Microsoft Corporation) C:\windows\system32\MsSpellCheckingFacility.exe
2014-03-13 21:25 - 2014-03-01 05:02 - 00195584 _____ (Microsoft Corporation) C:\windows\system32\msrating.dll
2014-03-13 21:25 - 2014-03-01 04:54 - 05768704 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
2014-03-13 21:25 - 2014-03-01 04:18 - 13051904 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
2014-03-13 21:25 - 2014-03-01 04:16 - 00164864 _____ (Microsoft Corporation) C:\windows\SysWOW64\msrating.dll
2014-03-13 21:25 - 2014-03-01 04:10 - 02334208 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
2014-03-13 21:25 - 2014-03-01 03:32 - 01820160 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll
2014-03-13 21:25 - 2014-03-01 03:25 - 00817664 _____ (Microsoft Corporation) C:\windows\system32\ieapfltr.dll
2014-03-13 21:25 - 2014-03-01 03:25 - 00703488 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieapfltr.dll
2014-03-13 21:24 - 2014-02-04 03:32 - 01424384 _____ (Microsoft Corporation) C:\windows\system32\WindowsCodecs.dll
2014-03-13 21:24 - 2014-02-04 03:32 - 00624128 _____ (Microsoft Corporation) C:\windows\system32\qedit.dll
2014-03-13 21:24 - 2014-02-04 03:04 - 01230336 _____ (Microsoft Corporation) C:\windows\SysWOW64\WindowsCodecs.dll
2014-03-13 21:24 - 2014-02-04 03:04 - 00509440 _____ (Microsoft Corporation) C:\windows\SysWOW64\qedit.dll
2014-03-04 09:46 - 2014-03-04 09:46 - 00001109 _____ () C:\Users\andreas\Desktop\desktoptools.lnk
2014-02-28 16:55 - 2014-02-28 16:55 - 00002699 _____ () C:\Users\Public\Desktop\Skype.lnk
2014-02-28 16:55 - 2014-02-28 16:55 - 00000000 ____D () C:\Users\andreas\AppData\Local\Skype
2014-02-28 16:46 - 2014-02-28 16:46 - 00001074 _____ () C:\Users\andreas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\join.me.lnk
2014-02-28 16:46 - 2014-02-28 16:46 - 00000000 ____D () C:\Users\andreas\AppData\Local\join.me
2014-02-28 15:14 - 2014-02-28 15:14 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
==================== One Month Modified Files and Folders =======
2014-03-28 13:10 - 2014-03-28 13:10 - 00024591 _____ () C:\Users\andreas\Desktop\FRST.txt
2014-03-28 13:10 - 2014-03-28 13:10 - 00000000 ____D () C:\FRST
2014-03-28 13:09 - 2014-03-28 13:09 - 02157056 _____ (Farbar) C:\Users\andreas\Desktop\FRST64.exe
2014-03-28 13:09 - 2014-03-28 13:08 - 02157056 _____ (Farbar) C:\Users\andreas\Downloads\FRST64.exe
2014-03-28 13:07 - 2014-03-28 13:07 - 01145856 _____ (Farbar) C:\Users\andreas\Downloads\FRST.exe
2014-03-28 13:06 - 2014-03-28 13:06 - 00000476 _____ () C:\Users\andreas\Desktop\defogger_disable.log
2014-03-28 13:06 - 2014-03-28 13:06 - 00000000 _____ () C:\Users\andreas\defogger_reenable
2014-03-28 13:06 - 2011-03-06 19:21 - 00000000 ____D () C:\Users\andreas
2014-03-28 13:05 - 2014-03-28 13:05 - 00050477 _____ () C:\Users\andreas\Downloads\Defogger.exe
2014-03-28 13:05 - 2014-03-28 13:05 - 00050477 _____ () C:\Users\andreas\Desktop\Defogger.exe
2014-03-28 13:03 - 2014-01-22 09:00 - 00000830 _____ () C:\windows\Tasks\Adobe Flash Player Updater.job
2014-03-28 12:56 - 2011-03-06 19:52 - 00000000 ____D () C:\Users\andreas\AppData\Roaming\Skype
2014-03-28 12:40 - 2011-03-09 14:40 - 00001112 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-03-28 12:25 - 2013-08-06 13:09 - 00000000 ____D () C:\Users\andreas\Desktop\Classic Car Auction
2014-03-28 10:56 - 2010-08-04 03:27 - 01459412 _____ () C:\windows\WindowsUpdate.log
2014-03-28 10:00 - 2014-03-28 10:00 - 00167424 _____ () C:\Users\andreas\Downloads\OBRASCI ZAVRSNI 2013 - SEMNONES (2).xls
2014-03-28 09:59 - 2014-03-28 09:59 - 00167424 _____ () C:\Users\andreas\Downloads\OBRASCI ZAVRSNI 2013 - SEMNONES (1).xls
2014-03-28 09:57 - 2014-03-28 09:57 - 00167424 _____ () C:\Users\andreas\Downloads\OBRASCI ZAVRSNI 2013 - SEMNONES.xls
2014-03-28 09:28 - 2009-07-14 05:45 - 00014144 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-03-28 09:28 - 2009-07-14 05:45 - 00014144 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-03-28 09:22 - 2014-01-15 20:25 - 00000000 ____D () C:\Users\andreas\AppData\Roaming\Dropbox
2014-03-28 09:21 - 2014-01-15 20:44 - 00000000 ___RD () C:\Users\andreas\Desktop\Dropbox
2014-03-28 09:20 - 2011-03-06 19:21 - 00000000 ____D () C:\Users\andreas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CyberLink DVD Suite
2014-03-28 09:19 - 2011-03-09 14:40 - 00001108 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-03-28 09:18 - 2013-12-14 13:12 - 00019092 _____ () C:\windows\setupact.log
2014-03-28 09:18 - 2009-07-14 06:08 - 00000006 ____H () C:\windows\Tasks\SA.DAT
2014-03-27 22:58 - 2014-03-21 16:09 - 00003942 _____ () C:\windows\System32\Tasks\User_Feed_Synchronization-{92299EF7-1E5C-417C-864B-B520F20C2A67}
2014-03-25 20:11 - 2009-07-14 06:13 - 00801824 _____ () C:\windows\system32\PerfStringBackup.INI
2014-03-25 10:52 - 2014-03-20 23:19 - 00000000 ____D () C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CyberLink DVD Suite
2014-03-24 16:06 - 2014-02-22 14:14 - 00000000 ____D () C:\Users\andreas\Desktop\semnones jdoo
2014-03-22 15:21 - 2014-03-20 23:33 - 00000000 ____D () C:\Users\Guest\Desktop\forms
2014-03-22 14:33 - 2014-03-22 14:26 - 00064000 ____H () C:\Users\Guest\Desktop\~WRL3555.tmp
2014-03-22 13:34 - 2014-03-22 13:25 - 00009169 _____ () C:\Users\andreas\Documents\Bieter.xlsx
2014-03-22 09:03 - 2014-03-22 09:03 - 00000000 ____D () C:\Users\Guest\AppData\Local\Adobe
2014-03-22 09:03 - 2014-03-20 23:19 - 00000000 ____D () C:\Users\Guest\AppData\Roaming\Adobe
2014-03-22 09:02 - 2014-03-22 09:02 - 00000000 ____D () C:\Users\Guest\AppData\Local\Google
2014-03-22 08:35 - 2014-03-22 08:35 - 00000000 ____D () C:\Users\Guest\AppData\Roaming\Avira
2014-03-22 08:29 - 2014-03-22 08:29 - 00000000 ____H () C:\windows\system32\Drivers\Msft_User_wpdcomp_01_09_00.Wdf
2014-03-22 06:45 - 2014-03-22 06:45 - 00000000 ____D () C:\Users\Guest\Desktop\Bieterregistrierungen
2014-03-21 17:48 - 2009-07-14 04:20 - 00000000 ____D () C:\windows\system32\NDF
2014-03-20 23:33 - 2014-03-20 23:33 - 00000000 ____D () C:\Users\Guest\Desktop\logo avus
2014-03-20 23:20 - 2014-03-20 23:20 - 00000000 ____D () C:\Users\Guest\AppData\Local\adaware
2014-03-20 23:20 - 2014-03-20 23:19 - 00000000 ___RD () C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-03-20 23:20 - 2014-03-20 23:19 - 00000000 ___RD () C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2014-03-20 23:20 - 2014-03-20 23:19 - 00000000 ____D () C:\Users\Guest\AppData\Local\VirtualStore
2014-03-20 23:19 - 2014-03-20 23:19 - 00001413 _____ () C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-03-20 23:19 - 2014-03-20 23:19 - 00000020 ___SH () C:\Users\Guest\ntuser.ini
2014-03-20 23:19 - 2014-03-20 23:19 - 00000000 ____D () C:\Users\Guest\AppData\Local\offsync
2014-03-20 23:19 - 2014-03-20 23:19 - 00000000 ____D () C:\Users\Guest
2014-03-20 21:52 - 2011-07-21 11:47 - 00000000 ____D () C:\Users\andreas\Desktop\james
2014-03-18 18:17 - 2011-04-06 10:41 - 00000000 ____D () C:\Users\andreas\Desktop\Roccadoro
2014-03-17 23:43 - 2013-08-15 07:57 - 00000000 ____D () C:\windows\system32\MRT
2014-03-17 23:41 - 2011-03-19 10:57 - 90015360 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe
2014-03-17 09:16 - 2011-03-08 21:20 - 00000000 ____D () C:\Users\andreas\Desktop\THE VIEW Villas doo
2014-03-16 20:04 - 2011-06-04 10:26 - 00000000 ____D () C:\Users\andreas\Desktop\Inntal Montenegro
2014-03-16 19:12 - 2011-03-06 19:43 - 00000000 ___RD () C:\Users\andreas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-03-16 15:17 - 2011-03-20 18:43 - 00000000 ____D () C:\Users\andreas\Desktop\montague stein
2014-03-15 19:29 - 2011-04-05 14:32 - 00002175 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-03-14 12:57 - 2014-02-14 09:37 - 00000000 ____D () C:\Users\andreas\Desktop\Photos portals
2014-03-14 09:32 - 2010-08-04 03:29 - 00000000 ___RD () C:\Program Files (x86)\Skype
2014-03-14 07:36 - 2009-07-14 05:45 - 00426592 _____ () C:\windows\system32\FNTCACHE.DAT
2014-03-14 07:34 - 2013-03-13 23:27 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2014-03-14 07:34 - 2013-03-13 23:27 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2014-03-14 02:16 - 2011-03-08 18:36 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-03-14 00:06 - 2013-05-26 17:55 - 00000000 ____D () C:\Users\andreas\AppData\Local\Workspace
2014-03-04 09:46 - 2014-03-04 09:46 - 00001109 _____ () C:\Users\andreas\Desktop\desktoptools.lnk
2014-03-01 07:05 - 2014-03-13 21:25 - 23133696 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2014-03-01 06:17 - 2014-03-13 21:26 - 02724864 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb
2014-03-01 06:16 - 2014-03-13 21:26 - 00004096 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollectorres.dll
2014-03-01 05:58 - 2014-03-13 21:26 - 02765824 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
2014-03-01 05:52 - 2014-03-13 21:26 - 00066048 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll
2014-03-01 05:51 - 2014-03-13 21:26 - 00048640 _____ (Microsoft Corporation) C:\windows\system32\ieetwproxystub.dll
2014-03-01 05:42 - 2014-03-13 21:25 - 00053760 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll
2014-03-01 05:40 - 2014-03-13 21:26 - 00033792 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll
2014-03-01 05:37 - 2014-03-13 21:25 - 00574976 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll
2014-03-01 05:33 - 2014-03-13 21:25 - 00139264 _____ (Microsoft Corporation) C:\windows\system32\ieUnatt.exe
2014-03-01 05:33 - 2014-03-13 21:25 - 00111616 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollector.exe
2014-03-01 05:32 - 2014-03-13 21:25 - 00708608 _____ (Microsoft Corporation) C:\windows\system32\jscript9diag.dll
2014-03-01 05:30 - 2014-03-13 21:26 - 17074688 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll
2014-03-01 05:23 - 2014-03-13 21:25 - 00940032 _____ (Microsoft Corporation) C:\windows\system32\MsSpellCheckingFacility.exe
2014-03-01 05:17 - 2014-03-13 21:26 - 00218624 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe
2014-03-01 05:11 - 2014-03-13 21:26 - 02724864 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.tlb
2014-03-01 05:02 - 2014-03-13 21:25 - 00195584 _____ (Microsoft Corporation) C:\windows\system32\msrating.dll
2014-03-01 04:54 - 2014-03-13 21:25 - 05768704 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
2014-03-01 04:52 - 2014-03-13 21:26 - 00061952 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesetup.dll
2014-03-01 04:51 - 2014-03-13 21:26 - 00051200 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieetwproxystub.dll
2014-03-01 04:47 - 2014-03-13 21:26 - 02168320 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll
2014-03-01 04:43 - 2014-03-13 21:26 - 00043008 _____ (Microsoft Corporation) C:\windows\SysWOW64\jsproxy.dll
2014-03-01 04:43 - 2014-03-13 21:26 - 00032768 _____ (Microsoft Corporation) C:\windows\SysWOW64\iernonce.dll
2014-03-01 04:42 - 2014-03-13 21:26 - 00627200 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll
2014-03-01 04:40 - 2014-03-13 21:26 - 00440832 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieui.dll
2014-03-01 04:38 - 2014-03-13 21:26 - 00112128 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieUnatt.exe
2014-03-01 04:37 - 2014-03-13 21:26 - 00553472 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9diag.dll
2014-03-01 04:35 - 2014-03-13 21:26 - 02041856 _____ (Microsoft Corporation) C:\windows\system32\inetcpl.cpl
2014-03-01 04:18 - 2014-03-13 21:25 - 13051904 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
2014-03-01 04:16 - 2014-03-13 21:25 - 00164864 _____ (Microsoft Corporation) C:\windows\SysWOW64\msrating.dll
2014-03-01 04:14 - 2014-03-13 21:26 - 04244480 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll
2014-03-01 04:10 - 2014-03-13 21:25 - 02334208 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
2014-03-01 04:03 - 2014-03-13 21:26 - 00524288 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll
2014-03-01 04:00 - 2014-03-13 21:26 - 01964032 _____ (Microsoft Corporation) C:\windows\SysWOW64\inetcpl.cpl
2014-03-01 03:57 - 2014-03-13 21:26 - 11266048 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll
2014-03-01 03:38 - 2014-03-13 21:26 - 01393664 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
2014-03-01 03:32 - 2014-03-13 21:25 - 01820160 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll
2014-03-01 03:27 - 2014-03-13 21:26 - 01156096 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll
2014-03-01 03:25 - 2014-03-13 21:25 - 00817664 _____ (Microsoft Corporation) C:\windows\system32\ieapfltr.dll
2014-03-01 03:25 - 2014-03-13 21:25 - 00703488 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieapfltr.dll
2014-02-28 16:55 - 2014-02-28 16:55 - 00002699 _____ () C:\Users\Public\Desktop\Skype.lnk
2014-02-28 16:55 - 2014-02-28 16:55 - 00000000 ____D () C:\Users\andreas\AppData\Local\Skype
2014-02-28 16:55 - 2010-08-04 03:29 - 00000000 ____D () C:\ProgramData\Skype
2014-02-28 16:51 - 2014-01-21 20:49 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-02-28 16:46 - 2014-02-28 16:46 - 00001074 _____ () C:\Users\andreas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\join.me.lnk
2014-02-28 16:46 - 2014-02-28 16:46 - 00000000 ____D () C:\Users\andreas\AppData\Local\join.me
2014-02-28 15:14 - 2014-02-28 15:14 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-02-27 09:04 - 2013-12-15 09:46 - 00570924 _____ () C:\windows\PFRO.log
2014-02-26 23:42 - 2011-04-21 12:42 - 00786134 _____ () C:\windows\SysWOW64\PerfStringBackup.INI
Some content of TEMP:
====================
C:\Users\andreas\AppData\Local\Temp\avgnt.exe
C:\Users\andreas\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmphck9ey.dll
C:\Users\Guest\AppData\Local\Temp\avgnt.exe
==================== Bamital & volsnap Check =================
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
LastRegBack: 2014-03-20 09:45
==================== End Of Log ============================
Addition FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 13-03-2014
Ran by andreas (administrator) on ANDREAS-PC on 28-03-2014 13:10:11
Running from C:\Users\andreas\Desktop
Windows 7 Home Premium Service Pack 1 (X64) OS Language: English(US)
Internet Explorer Version 11
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(NVIDIA Corporation) C:\windows\system32\nvvsvc.exe
(NVIDIA Corporation) C:\windows\system32\nvvsvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Microsoft Corporation) C:\windows\SysWOW64\svchost.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(Starfield Technologies) C:\Program Files (x86)\Workspace\offSyncService.exe
() C:\windows\SysWOW64\Rezip.exe
(SafeNet, Inc.) C:\Program Files\SafeNet\Authentication\SAC\x64\SACSrv.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Yahoo! Inc.) C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(SEC) C:\Program Files (x86)\Samsung\Samsung Recovery Solution 4\WCScheduler.exe
(Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\Easy Display Manager\dmhkcore.exe
(SAMSUNG Electronics) C:\Program Files (x86)\Samsung\Samsung Support Center\SSCKbdHk.exe
(Samsung Electronics Co., Ltd.) C:\Program Files (x86)\SAMSUNG\EasySpeedUpManager\EasySpeedUpManager.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.22.5\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.22.5\GoogleCrashHandler64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Microsoft Corporation) C:\Windows\WindowsMobile\wmdc.exe
(Akamai Technologies, Inc.) C:\Users\andreas\AppData\Local\Akamai\netsession_win.exe
(Starfield Technologies) C:\Users\andreas\AppData\Local\Workspace\workspaceupdate.exe
(Starfield Technologies) C:\Users\andreas\AppData\Local\Workspace\workspacestatus.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(Dropbox, Inc.) C:\Users\andreas\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Akamai Technologies, Inc.) C:\Users\andreas\AppData\Local\Akamai\netsession_win.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD8\PDVD8Serv.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Nero AG) C:\Program Files (x86)\Nero\Update\NASvc.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
() C:\Users\andreas\Desktop\Defogger.exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2074408 2010-02-26] (Synaptics Incorporated)
HKLM\...\Run: [NvCplDaemon] - C:\windows\system32\NvCpl.dll [16413288 2010-02-09] (NVIDIA Corporation)
HKLM\...\Run: [Windows Mobile Device Center] - C:\Windows\WindowsMobile\wmdc.exe [660360 2007-05-31] (Microsoft Corporation)
HKLM-x32\...\Run: [RemoteControl8] - C:\Program Files (x86)\CyberLink\PowerDVD8\PDVD8Serv.exe [91432 2009-04-15] (CyberLink Corp.)
HKLM-x32\...\Run: [PDVD8LanguageShortcut] - C:\Program Files (x86)\CyberLink\PowerDVD8\Language\Language.exe [50472 2009-04-15] (CyberLink Corp.)
HKLM-x32\...\Run: [GrooveMonitor] - C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
HKLM-x32\...\Run: [Ad-Aware Browsing Protection] - C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe [198032 2011-10-21] (Lavasoft)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [avgnt] - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [689744 2014-02-20] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM-x32\...\Run: [HP Software Update] - C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard)
HKLM-x32\...\Run: [] - [X]
HKU\S-1-5-21-522234228-4192544273-3428825822-1001\...\Run: [Akamai NetSession Interface] - C:\Users\andreas\AppData\Local\Akamai\netsession_win.exe [4489472 2013-06-05] (Akamai Technologies, Inc.)
HKU\S-1-5-21-522234228-4192544273-3428825822-1001\...\Run: [swg] - C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2011-08-06] (Google Inc.)
HKU\S-1-5-21-522234228-4192544273-3428825822-1001\...\Run: [Starfield Updater] - C:\Users\andreas\AppData\Local\Workspace\WorkspaceUpdate.exe [35008 2013-05-26] (Starfield Technologies)
HKU\S-1-5-21-522234228-4192544273-3428825822-1001\...\Run: [Workspace Status] - C:\Users\andreas\AppData\Local\Workspace\workspacestatus.exe [694760 2013-07-26] (Starfield Technologies)
HKU\S-1-5-21-522234228-4192544273-3428825822-1001\...\Run: [Skype] - C:\Program Files (x86)\Skype\Phone\Skype.exe [20922016 2014-02-10] (Skype Technologies S.A.)
HKU\S-1-5-21-522234228-4192544273-3428825822-1001\...\MountPoints2: F - F:\AutoRun.exe
HKU\S-1-5-21-522234228-4192544273-3428825822-1001\...\MountPoints2: {32f51433-89e1-11e0-97a7-002454e954ae} - F:\AutoRun.exe
HKU\S-1-5-21-522234228-4192544273-3428825822-1001\...\MountPoints2: {32f51450-89e1-11e0-97a7-002454e954ae} - F:\AutoRun.exe
HKU\S-1-5-21-522234228-4192544273-3428825822-1001\...\MountPoints2: {41887a51-d21b-11e0-bf74-18f46a98bd77} - F:\AutoRun.exe
HKU\S-1-5-21-522234228-4192544273-3428825822-1001\...\MountPoints2: {6b2f40ea-8e7a-11e0-8377-001e101f57d0} - F:\AutoRun.exe
HKU\S-1-5-21-522234228-4192544273-3428825822-1001\...\MountPoints2: {6c622be6-6ed1-11e3-88f1-b093d91fc81a} - F:\Autorun.exe
HKU\S-1-5-21-522234228-4192544273-3428825822-1001\...\MountPoints2: {724dbaef-39fa-11e2-89df-c98f64111666} - F:\Autorun.exe
HKU\S-1-5-21-522234228-4192544273-3428825822-1001\...\MountPoints2: {7aa5abac-6b8b-11e2-b97e-1ef46a98bd77} - F:\Autorun.exe
HKU\S-1-5-21-522234228-4192544273-3428825822-1001\...\MountPoints2: {e67be80c-e7ab-11e2-bc21-18f46a98bd77} - G:\AutoRun.exe
Startup: C:\Users\andreas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\andreas\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
Startup: C:\Users\andreas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
ShortcutTarget: OneNote 2007 Screen Clipper and Launcher.lnk -> C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:Tabs
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://de.yahoo.com/?fr=fp-yie9
SearchScopes: HKCU - DefaultScope {F3EC1F04-D859-491B-921C-C994A33669CD} URL = hxxp://search.zonealarm.com/search?src=sp&tbid=goughGA&Lan=de&q={searchTerms}&gu=386d05aab96640798e6ea6ac9f50f5fc&tu=10GXz00Au1C01g0&sku=&tstsId=&ver=&&r=334
SearchScopes: HKCU - {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = hxxp://search.babylon.com/?q={searchTerms}&AF=108760&babsrc=SP_ss&mntrId=c641592b0000000000001ef46a98bd77
SearchScopes: HKCU - {171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E} URL = hxxp://websearch.ask.com/redirect?client=ie&tb=WBG&o=15132&src=crm&q={searchTerms}&locale=en_US
SearchScopes: HKCU - {3BD44F0E-0596-4008-AEE0-45D47E3A8F0E} URL = hxxp://www.google.com/search?ie=utf-8&oe=utf-8&mssrc=ms_chr&mstb=adawaretb&q={searchTerms}
SearchScopes: HKCU - {92C33D4D-06C3-49C7-9BDC-3A342E3899AD} URL = hxxp://de.search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=chr-yie9
SearchScopes: HKCU - {AD20EAA2-12B9-46B5-BBB3-32A3A31661D2} URL = hxxp://www.flickr.com/search/?q={searchTerms}
SearchScopes: HKCU - {F3EC1F04-D859-491B-921C-C994A33669CD} URL = hxxp://search.zonealarm.com/search?src=sp&tbid=goughGA&Lan=de&q={searchTerms}&gu=386d05aab96640798e6ea6ac9f50f5fc&tu=10GXz00Au1C01g0&sku=&tstsId=&ver=&&r=334
BHO: Windows Live Family Safety Browser Helper Class - {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - C:\Program Files\Windows Live\Family Safety\fssbho.dll (Microsoft Corporation)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
BHO: Skype add-on for Internet Explorer - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)
BHO-x32: BFlix Class - {0C9F4179-6CE2-4c6a-A3E5-67FF3592A12E} - C:\Program Files (x86)\BFlix\BFlix.dll (BFlix)
BHO-x32: No Name - {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO-x32: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO-x32: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO-x32: Skype Browser Helper - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: Google Gears Helper - {E0FEFE40-FBF9-42AE-BA58-794CA7E3FB53} - C:\Program Files (x86)\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll (Google Inc.)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKCU - No Name - {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
Toolbar: HKCU - Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
DPF: HKLM-x32 {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)
Handler-x32: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
Handler-x32: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
Tcpip\..\Interfaces\{011E7012-FCC3-417B-B375-8A252ADD8B30}: [NameServer]193.189.244.206 193.189.244.225
Tcpip\..\Interfaces\{708DB8B2-E39B-4BEE-842B-07EC99E3E497}: [NameServer]193.189.244.206 193.189.244.225
Tcpip\..\Interfaces\{8B8CA7B7-057C-43EE-9A22-091EB0577D86}: [NameServer]193.189.244.206 193.189.244.225
FireFox:
========
FF ProfilePath: C:\Users\andreas\AppData\Roaming\Mozilla\Firefox\Profiles\f3er6lil.default
FF user.js: detected! => C:\Users\andreas\AppData\Roaming\Mozilla\Firefox\Profiles\f3er6lil.default\user.js
FF Homepage: hxxp://yahoo.de/
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/FlashPlayer - C:\windows\system32\Macromed\Flash\NPSWF64_11_1_102.dll ()
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF Plugin-x32: @checkpoint.com/FFApi - C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\npFFApi.dll No File
FF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @java.com/DTPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=14.0.8117.0416 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @starfield.com/off - C:\Users\andreas\AppData\Roaming\Mozilla\Plugins\npoff.dll ( Starfield Technologies, LLC.)
FF Plugin HKCU: @starfield.com/off64 - C:\Users\andreas\AppData\Roaming\Mozilla\Plugins\npoff64.dll ( Starfield Technologies, LLC.)
FF Plugin HKCU: @starfield.com/wbe - C:\Users\andreas\AppData\Roaming\Mozilla\Plugins\npwbe.dll (Starfield Technology, LLC)
FF Plugin HKCU: @starfield.com/wbe64 - C:\Users\andreas\AppData\Roaming\Mozilla\Plugins\npwbe64.dll (Starfield Technology, LLC)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Users\andreas\AppData\Roaming\mozilla\plugins\npoff.dll ( Starfield Technologies, LLC.)
FF Plugin ProgramFiles/Appdata: C:\Users\andreas\AppData\Roaming\mozilla\plugins\npoff64.dll ( Starfield Technologies, LLC.)
FF Plugin ProgramFiles/Appdata: C:\Users\andreas\AppData\Roaming\mozilla\plugins\npwbe.dll (Starfield Technology, LLC)
FF Plugin ProgramFiles/Appdata: C:\Users\andreas\AppData\Roaming\mozilla\plugins\npwbe64.dll (Starfield Technology, LLC)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: WBE Paste - C:\Users\andreas\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\wbepaste@starfield [2013-05-26]
FF Extension: Workspace Email Zoom - C:\Users\andreas\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\zoomext@starfield [2013-05-26]
FF Extension: Bflix extension - C:\Users\andreas\AppData\Roaming\Mozilla\Firefox\Profiles\f3er6lil.default\Extensions\info@thebflix.com [2012-01-28]
FF Extension: loadtbs - C:\Users\andreas\AppData\Roaming\Mozilla\Firefox\Profiles\f3er6lil.default\Extensions\software@loadtubes.com [2013-12-14]
FF Extension: Yahoo! Toolbar - C:\Users\andreas\AppData\Roaming\Mozilla\Firefox\Profiles\f3er6lil.default\Extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1} [2013-12-15]
FF Extension: Bluhell Firewall - C:\Users\andreas\AppData\Roaming\Mozilla\Firefox\Profiles\f3er6lil.default\Extensions\{6BB5760D-F97E-421B-AF5B-8457A90C3CED}.xpi [2013-12-15]
FF Extension: No Name - C:\Program Files (x86)\Mozilla Firefox\extensions\KavAntiBanner@Kaspersky.ru [2014-02-28]
FF Extension: Anti-Banner - C:\Program Files (x86)\Mozilla Firefox\extensions\KavAntiBanner@kaspersky.ru_bak [2014-02-28]
FF Extension: No Name - C:\Program Files (x86)\Mozilla Firefox\extensions\linkfilter@kaspersky.ru [2014-02-28]
FF Extension: Modul zur Link-Untersuchung - C:\Program Files (x86)\Mozilla Firefox\extensions\linkfilter@kaspersky.ru_bak [2014-02-28]
FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2014-03-03]
FF HKLM-x32\...\Firefox\Extensions: [{000a9d1c-beef-4f90-9363-039d445309b8}] - C:\Program Files (x86)\Google\Google Gears\Firefox\
FF Extension: Google Gears - C:\Program Files (x86)\Google\Google Gears\Firefox\ []
FF HKLM-x32\...\Firefox\Extensions: [virtualKeyboard@kaspersky.ru] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\FFExt\virtualKeyboard@kaspersky.ru
FF HKLM-x32\...\Firefox\Extensions: [KavAntiBanner@Kaspersky.ru] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\FFExt\KavAntiBanner@kaspersky.ru
FF HKLM-x32\...\Firefox\Extensions: [linkfilter@kaspersky.ru] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\FFExt\linkfilter@kaspersky.ru
FF HKLM-x32\...\Firefox\Extensions: [{FFB96CC1-7EB3-449D-B827-DB661701C6BB}] - C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker
Chrome:
=======
CHR DefaultSearchURL: hxxp://www.google.de/search?hl=de&source=hp&q={searchTerms}
CHR DefaultNewTabURL:
CHR Extension: (Google Docs) - C:\Users\andreas\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-12-13]
CHR Extension: (Google Drive) - C:\Users\andreas\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-12-13]
CHR Extension: (YouTube) - C:\Users\andreas\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-12-13]
CHR Extension: (Google Search) - C:\Users\andreas\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-12-13]
CHR Extension: (Bflix extension) - C:\Users\andreas\AppData\Local\Google\Chrome\User Data\Default\Extensions\jlfihafpijfdgmojeeigcldgchhojpfp [2014-03-04]
CHR Extension: (Skype Click to Call) - C:\Users\andreas\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2014-03-04]
CHR Extension: (Google Wallet) - C:\Users\andreas\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-23]
CHR Extension: (Gmail) - C:\Users\andreas\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-12-13]
CHR HKLM-x32\...\Chrome\Extension: [jlfihafpijfdgmojeeigcldgchhojpfp] - C:\Program Files (x86)\BFlix\BFlix.crx [2011-12-19]
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2014-03-03]
==================== Services (Whitelisted) =================
R2 Akamai; c:\program files (x86)\common files\akamai/netsession_win_8fa3539.dll [4569856 2013-07-01] (Akamai Technologies, Inc.)
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [440400 2014-02-20] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [440400 2014-02-20] (Avira Operations GmbH & Co. KG)
S4 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\avwebg7.exe [1017424 2014-02-20] (Avira Operations GmbH & Co. KG)
S3 Autodesk Licensing Service; C:\Program Files (x86)\Common Files\Autodesk Shared\Service\AdskScSrv.exe [77944 2011-03-08] (Autodesk)
R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1363584 2014-03-03] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1748608 2014-03-03] (Microsoft Corporation)
R2 File Backup; C:\Program Files (x86)\Workspace\offSyncService.exe [1187040 2013-07-22] (Starfield Technologies)
R2 Rezip; C:\windows\SysWOW64\Rezip.exe [311296 2009-03-05] ()
R2 SACSrv; C:\Program Files\SafeNet\Authentication\SAC\x64\SACSrv.exe [10712 2011-10-02] (SafeNet, Inc.)
S4 mcmscsvc; C:\PROGRA~2\McAfee\MSC\mcmscsvc.exe [X]
S4 McNASvc; "c:\PROGRA~2\COMMON~1\mcafee\mna\mcnasvc.exe" [X]
S4 McProxy; c:\PROGRA~2\COMMON~1\mcafee\mcproxy\mcproxy.exe [X]
S4 MpfService; "C:\Program Files (x86)\McAfee\MPF\MPFSrv.exe" [X]
S2 MSK80Service; "C:\Program Files (x86)\McAfee\MSK\MskSrver.exe" [X]
==================== Drivers (Whitelisted) ====================
R3 AKSIFDH; C:\Windows\System32\DRIVERS\aksifdh.sys [62632 2008-07-30] (Aladdin Knowledge Systems, Ltd.)
S3 AKSUP; C:\Windows\System32\drivers\aksup.sys [44712 2008-07-30] (Aladdin Knowledge Systems, Ltd.)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [108440 2013-12-09] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [131576 2013-12-09] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-12-09] (Avira Operations GmbH & Co. KG)
R2 avnetflt; C:\Windows\System32\DRIVERS\avnetflt.sys [84720 2013-12-09] (Avira Operations GmbH & Co. KG)
S3 ewusbnet; C:\Windows\System32\DRIVERS\ewusbnet.sys [243200 2009-10-21] (Huawei Technologies Co., Ltd.)
S3 hwusbdev; C:\Windows\System32\DRIVERS\ewusbdev.sys [114304 2009-10-12] (Huawei Technologies Co., Ltd.)
R3 iKeyEnum; C:\Windows\System32\DRIVERS\ikeyenum.sys [16160 2010-07-08] (SafeNet, Inc.)
R3 iKeyIFD; C:\Windows\System32\DRIVERS\ikeyifd.sys [22304 2010-07-08] (SafeNet, Inc.)
U5 klflt; C:\Windows\System32\Drivers\klflt.sys [89944 2013-02-21] (Kaspersky Lab)
S4 MPFP; C:\Windows\System32\Drivers\Mpfp.sys [176144 2010-07-15] (McAfee, Inc.)
U5 RnbToken; C:\Windows\System32\Drivers\RnbToken.sys [24352 2010-07-08] (SafeNet, Inc.)
S3 rtport; C:\windows\SysWOW64\drivers\rtport.sys [15144 2010-11-05] (Windows (R) 2003 DDK 3790 provider)
S4 Serial; C:\Windows\system32\DRIVERS\serial.sys [94208 2009-07-14] (Brother Industries Ltd.)
S3 yukonw7; C:\Windows\System32\DRIVERS\yk62x64.sys [395264 2009-09-28] ()
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2014-03-28 13:10 - 2014-03-28 13:10 - 00024591 _____ () C:\Users\andreas\Desktop\FRST.txt
2014-03-28 13:10 - 2014-03-28 13:10 - 00000000 ____D () C:\FRST
2014-03-28 13:09 - 2014-03-28 13:09 - 02157056 _____ (Farbar) C:\Users\andreas\Desktop\FRST64.exe
2014-03-28 13:08 - 2014-03-28 13:09 - 02157056 _____ (Farbar) C:\Users\andreas\Downloads\FRST64.exe
2014-03-28 13:07 - 2014-03-28 13:07 - 01145856 _____ (Farbar) C:\Users\andreas\Downloads\FRST.exe
2014-03-28 13:06 - 2014-03-28 13:06 - 00000476 _____ () C:\Users\andreas\Desktop\defogger_disable.log
2014-03-28 13:06 - 2014-03-28 13:06 - 00000000 _____ () C:\Users\andreas\defogger_reenable
2014-03-28 13:05 - 2014-03-28 13:05 - 00050477 _____ () C:\Users\andreas\Downloads\Defogger.exe
2014-03-28 13:05 - 2014-03-28 13:05 - 00050477 _____ () C:\Users\andreas\Desktop\Defogger.exe
2014-03-28 10:00 - 2014-03-28 10:00 - 00167424 _____ () C:\Users\andreas\Downloads\OBRASCI ZAVRSNI 2013 - SEMNONES (2).xls
2014-03-28 09:59 - 2014-03-28 09:59 - 00167424 _____ () C:\Users\andreas\Downloads\OBRASCI ZAVRSNI 2013 - SEMNONES (1).xls
2014-03-28 09:57 - 2014-03-28 09:57 - 00167424 _____ () C:\Users\andreas\Downloads\OBRASCI ZAVRSNI 2013 - SEMNONES.xls
2014-03-22 14:26 - 2014-03-22 14:33 - 00064000 ____H () C:\Users\Guest\Desktop\~WRL3555.tmp
2014-03-22 13:25 - 2014-03-22 13:34 - 00009169 _____ () C:\Users\andreas\Documents\Bieter.xlsx
2014-03-22 09:03 - 2014-03-22 09:03 - 00000000 ____D () C:\Users\Guest\AppData\Local\Adobe
2014-03-22 09:02 - 2014-03-22 09:02 - 00000000 ____D () C:\Users\Guest\AppData\Local\Google
2014-03-22 08:35 - 2014-03-22 08:35 - 00000000 ____D () C:\Users\Guest\AppData\Roaming\Avira
2014-03-22 08:29 - 2014-03-22 08:29 - 00000000 ____H () C:\windows\system32\Drivers\Msft_User_wpdcomp_01_09_00.Wdf
2014-03-22 06:45 - 2014-03-22 06:45 - 00000000 ____D () C:\Users\Guest\Desktop\Bieterregistrierungen
2014-03-21 16:09 - 2014-03-27 22:58 - 00003942 _____ () C:\windows\System32\Tasks\User_Feed_Synchronization-{92299EF7-1E5C-417C-864B-B520F20C2A67}
2014-03-20 23:33 - 2014-03-22 15:21 - 00000000 ____D () C:\Users\Guest\Desktop\forms
2014-03-20 23:33 - 2014-03-20 23:33 - 00000000 ____D () C:\Users\Guest\Desktop\logo avus
2014-03-20 23:20 - 2014-03-20 23:20 - 00000000 ____D () C:\Users\Guest\AppData\Local\adaware
2014-03-20 23:19 - 2014-03-25 10:52 - 00000000 ____D () C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CyberLink DVD Suite
2014-03-20 23:19 - 2014-03-22 09:03 - 00000000 ____D () C:\Users\Guest\AppData\Roaming\Adobe
2014-03-20 23:19 - 2014-03-20 23:20 - 00000000 ___RD () C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-03-20 23:19 - 2014-03-20 23:20 - 00000000 ___RD () C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2014-03-20 23:19 - 2014-03-20 23:20 - 00000000 ____D () C:\Users\Guest\AppData\Local\VirtualStore
2014-03-20 23:19 - 2014-03-20 23:19 - 00001413 _____ () C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-03-20 23:19 - 2014-03-20 23:19 - 00000020 ___SH () C:\Users\Guest\ntuser.ini
2014-03-20 23:19 - 2014-03-20 23:19 - 00000000 ____D () C:\Users\Guest\AppData\Local\offsync
2014-03-20 23:19 - 2014-03-20 23:19 - 00000000 ____D () C:\Users\Guest
2014-03-20 23:19 - 2011-03-10 16:30 - 00000000 ____D () C:\Users\Guest\AppData\Local\Microsoft Help
2014-03-20 23:19 - 2011-03-06 19:34 - 00001135 _____ () C:\Users\Guest\Desktop\CyberLink YouCam.lnk
2014-03-20 23:19 - 2011-03-06 19:34 - 00000000 ____D () C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CyberLink YouCam
2014-03-20 23:19 - 2010-08-04 03:37 - 00001190 _____ () C:\Users\Guest\Desktop\CyberLink DVD Suite.lnk
2014-03-20 23:19 - 2009-07-14 05:54 - 00000000 ___RD () C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2014-03-20 23:19 - 2009-07-14 05:49 - 00000000 ___RD () C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2014-03-13 21:26 - 2014-03-01 06:17 - 02724864 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb
2014-03-13 21:26 - 2014-03-01 06:16 - 00004096 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollectorres.dll
2014-03-13 21:26 - 2014-03-01 05:58 - 02765824 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
2014-03-13 21:26 - 2014-03-01 05:52 - 00066048 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll
2014-03-13 21:26 - 2014-03-01 05:51 - 00048640 _____ (Microsoft Corporation) C:\windows\system32\ieetwproxystub.dll
2014-03-13 21:26 - 2014-03-01 05:40 - 00033792 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll
2014-03-13 21:26 - 2014-03-01 05:30 - 17074688 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll
2014-03-13 21:26 - 2014-03-01 05:17 - 00218624 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe
2014-03-13 21:26 - 2014-03-01 05:11 - 02724864 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.tlb
2014-03-13 21:26 - 2014-03-01 04:52 - 00061952 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesetup.dll
2014-03-13 21:26 - 2014-03-01 04:51 - 00051200 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieetwproxystub.dll
2014-03-13 21:26 - 2014-03-01 04:47 - 02168320 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll
2014-03-13 21:26 - 2014-03-01 04:43 - 00043008 _____ (Microsoft Corporation) C:\windows\SysWOW64\jsproxy.dll
2014-03-13 21:26 - 2014-03-01 04:43 - 00032768 _____ (Microsoft Corporation) C:\windows\SysWOW64\iernonce.dll
2014-03-13 21:26 - 2014-03-01 04:42 - 00627200 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll
2014-03-13 21:26 - 2014-03-01 04:40 - 00440832 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieui.dll
2014-03-13 21:26 - 2014-03-01 04:38 - 00112128 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieUnatt.exe
2014-03-13 21:26 - 2014-03-01 04:37 - 00553472 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9diag.dll
2014-03-13 21:26 - 2014-03-01 04:35 - 02041856 _____ (Microsoft Corporation) C:\windows\system32\inetcpl.cpl
2014-03-13 21:26 - 2014-03-01 04:14 - 04244480 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll
2014-03-13 21:26 - 2014-03-01 04:03 - 00524288 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll
2014-03-13 21:26 - 2014-03-01 04:00 - 01964032 _____ (Microsoft Corporation) C:\windows\SysWOW64\inetcpl.cpl
2014-03-13 21:26 - 2014-03-01 03:57 - 11266048 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll
2014-03-13 21:26 - 2014-03-01 03:38 - 01393664 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
2014-03-13 21:26 - 2014-03-01 03:27 - 01156096 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll
2014-03-13 21:26 - 2014-02-07 02:23 - 03156480 _____ (Microsoft Corporation) C:\windows\system32\win32k.sys
2014-03-13 21:26 - 2014-01-29 03:32 - 00484864 _____ (Microsoft Corporation) C:\windows\system32\wer.dll
2014-03-13 21:26 - 2014-01-29 03:06 - 00381440 _____ (Microsoft Corporation) C:\windows\SysWOW64\wer.dll
2014-03-13 21:26 - 2014-01-28 03:32 - 00228864 _____ (Microsoft Corporation) C:\windows\system32\wwansvc.dll
2014-03-13 21:25 - 2014-03-01 07:05 - 23133696 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2014-03-13 21:25 - 2014-03-01 05:42 - 00053760 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll
2014-03-13 21:25 - 2014-03-01 05:37 - 00574976 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll
2014-03-13 21:25 - 2014-03-01 05:33 - 00139264 _____ (Microsoft Corporation) C:\windows\system32\ieUnatt.exe
2014-03-13 21:25 - 2014-03-01 05:33 - 00111616 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollector.exe
2014-03-13 21:25 - 2014-03-01 05:32 - 00708608 _____ (Microsoft Corporation) C:\windows\system32\jscript9diag.dll
2014-03-13 21:25 - 2014-03-01 05:23 - 00940032 _____ (Microsoft Corporation) C:\windows\system32\MsSpellCheckingFacility.exe
2014-03-13 21:25 - 2014-03-01 05:02 - 00195584 _____ (Microsoft Corporation) C:\windows\system32\msrating.dll
2014-03-13 21:25 - 2014-03-01 04:54 - 05768704 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
2014-03-13 21:25 - 2014-03-01 04:18 - 13051904 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
2014-03-13 21:25 - 2014-03-01 04:16 - 00164864 _____ (Microsoft Corporation) C:\windows\SysWOW64\msrating.dll
2014-03-13 21:25 - 2014-03-01 04:10 - 02334208 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
2014-03-13 21:25 - 2014-03-01 03:32 - 01820160 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll
2014-03-13 21:25 - 2014-03-01 03:25 - 00817664 _____ (Microsoft Corporation) C:\windows\system32\ieapfltr.dll
2014-03-13 21:25 - 2014-03-01 03:25 - 00703488 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieapfltr.dll
2014-03-13 21:24 - 2014-02-04 03:32 - 01424384 _____ (Microsoft Corporation) C:\windows\system32\WindowsCodecs.dll
2014-03-13 21:24 - 2014-02-04 03:32 - 00624128 _____ (Microsoft Corporation) C:\windows\system32\qedit.dll
2014-03-13 21:24 - 2014-02-04 03:04 - 01230336 _____ (Microsoft Corporation) C:\windows\SysWOW64\WindowsCodecs.dll
2014-03-13 21:24 - 2014-02-04 03:04 - 00509440 _____ (Microsoft Corporation) C:\windows\SysWOW64\qedit.dll
2014-03-04 09:46 - 2014-03-04 09:46 - 00001109 _____ () C:\Users\andreas\Desktop\desktoptools.lnk
2014-02-28 16:55 - 2014-02-28 16:55 - 00002699 _____ () C:\Users\Public\Desktop\Skype.lnk
2014-02-28 16:55 - 2014-02-28 16:55 - 00000000 ____D () C:\Users\andreas\AppData\Local\Skype
2014-02-28 16:46 - 2014-02-28 16:46 - 00001074 _____ () C:\Users\andreas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\join.me.lnk
2014-02-28 16:46 - 2014-02-28 16:46 - 00000000 ____D () C:\Users\andreas\AppData\Local\join.me
2014-02-28 15:14 - 2014-02-28 15:14 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
==================== One Month Modified Files and Folders =======
2014-03-28 13:10 - 2014-03-28 13:10 - 00024591 _____ () C:\Users\andreas\Desktop\FRST.txt
2014-03-28 13:10 - 2014-03-28 13:10 - 00000000 ____D () C:\FRST
2014-03-28 13:09 - 2014-03-28 13:09 - 02157056 _____ (Farbar) C:\Users\andreas\Desktop\FRST64.exe
2014-03-28 13:09 - 2014-03-28 13:08 - 02157056 _____ (Farbar) C:\Users\andreas\Downloads\FRST64.exe
2014-03-28 13:07 - 2014-03-28 13:07 - 01145856 _____ (Farbar) C:\Users\andreas\Downloads\FRST.exe
2014-03-28 13:06 - 2014-03-28 13:06 - 00000476 _____ () C:\Users\andreas\Desktop\defogger_disable.log
2014-03-28 13:06 - 2014-03-28 13:06 - 00000000 _____ () C:\Users\andreas\defogger_reenable
2014-03-28 13:06 - 2011-03-06 19:21 - 00000000 ____D () C:\Users\andreas
2014-03-28 13:05 - 2014-03-28 13:05 - 00050477 _____ () C:\Users\andreas\Downloads\Defogger.exe
2014-03-28 13:05 - 2014-03-28 13:05 - 00050477 _____ () C:\Users\andreas\Desktop\Defogger.exe
2014-03-28 13:03 - 2014-01-22 09:00 - 00000830 _____ () C:\windows\Tasks\Adobe Flash Player Updater.job
2014-03-28 12:56 - 2011-03-06 19:52 - 00000000 ____D () C:\Users\andreas\AppData\Roaming\Skype
2014-03-28 12:40 - 2011-03-09 14:40 - 00001112 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-03-28 12:25 - 2013-08-06 13:09 - 00000000 ____D () C:\Users\andreas\Desktop\Classic Car Auction
2014-03-28 10:56 - 2010-08-04 03:27 - 01459412 _____ () C:\windows\WindowsUpdate.log
2014-03-28 10:00 - 2014-03-28 10:00 - 00167424 _____ () C:\Users\andreas\Downloads\OBRASCI ZAVRSNI 2013 - SEMNONES (2).xls
2014-03-28 09:59 - 2014-03-28 09:59 - 00167424 _____ () C:\Users\andreas\Downloads\OBRASCI ZAVRSNI 2013 - SEMNONES (1).xls
2014-03-28 09:57 - 2014-03-28 09:57 - 00167424 _____ () C:\Users\andreas\Downloads\OBRASCI ZAVRSNI 2013 - SEMNONES.xls
2014-03-28 09:28 - 2009-07-14 05:45 - 00014144 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-03-28 09:28 - 2009-07-14 05:45 - 00014144 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-03-28 09:22 - 2014-01-15 20:25 - 00000000 ____D () C:\Users\andreas\AppData\Roaming\Dropbox
2014-03-28 09:21 - 2014-01-15 20:44 - 00000000 ___RD () C:\Users\andreas\Desktop\Dropbox
2014-03-28 09:20 - 2011-03-06 19:21 - 00000000 ____D () C:\Users\andreas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CyberLink DVD Suite
2014-03-28 09:19 - 2011-03-09 14:40 - 00001108 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-03-28 09:18 - 2013-12-14 13:12 - 00019092 _____ () C:\windows\setupact.log
2014-03-28 09:18 - 2009-07-14 06:08 - 00000006 ____H () C:\windows\Tasks\SA.DAT
2014-03-27 22:58 - 2014-03-21 16:09 - 00003942 _____ () C:\windows\System32\Tasks\User_Feed_Synchronization-{92299EF7-1E5C-417C-864B-B520F20C2A67}
2014-03-25 20:11 - 2009-07-14 06:13 - 00801824 _____ () C:\windows\system32\PerfStringBackup.INI
2014-03-25 10:52 - 2014-03-20 23:19 - 00000000 ____D () C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CyberLink DVD Suite
2014-03-24 16:06 - 2014-02-22 14:14 - 00000000 ____D () C:\Users\andreas\Desktop\semnones jdoo
2014-03-22 15:21 - 2014-03-20 23:33 - 00000000 ____D () C:\Users\Guest\Desktop\forms
2014-03-22 14:33 - 2014-03-22 14:26 - 00064000 ____H () C:\Users\Guest\Desktop\~WRL3555.tmp
2014-03-22 13:34 - 2014-03-22 13:25 - 00009169 _____ () C:\Users\andreas\Documents\Bieter.xlsx
2014-03-22 09:03 - 2014-03-22 09:03 - 00000000 ____D () C:\Users\Guest\AppData\Local\Adobe
2014-03-22 09:03 - 2014-03-20 23:19 - 00000000 ____D () C:\Users\Guest\AppData\Roaming\Adobe
2014-03-22 09:02 - 2014-03-22 09:02 - 00000000 ____D () C:\Users\Guest\AppData\Local\Google
2014-03-22 08:35 - 2014-03-22 08:35 - 00000000 ____D () C:\Users\Guest\AppData\Roaming\Avira
2014-03-22 08:29 - 2014-03-22 08:29 - 00000000 ____H () C:\windows\system32\Drivers\Msft_User_wpdcomp_01_09_00.Wdf
2014-03-22 06:45 - 2014-03-22 06:45 - 00000000 ____D () C:\Users\Guest\Desktop\Bieterregistrierungen
2014-03-21 17:48 - 2009-07-14 04:20 - 00000000 ____D () C:\windows\system32\NDF
2014-03-20 23:33 - 2014-03-20 23:33 - 00000000 ____D () C:\Users\Guest\Desktop\logo avus
2014-03-20 23:20 - 2014-03-20 23:20 - 00000000 ____D () C:\Users\Guest\AppData\Local\adaware
2014-03-20 23:20 - 2014-03-20 23:19 - 00000000 ___RD () C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-03-20 23:20 - 2014-03-20 23:19 - 00000000 ___RD () C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2014-03-20 23:20 - 2014-03-20 23:19 - 00000000 ____D () C:\Users\Guest\AppData\Local\VirtualStore
2014-03-20 23:19 - 2014-03-20 23:19 - 00001413 _____ () C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-03-20 23:19 - 2014-03-20 23:19 - 00000020 ___SH () C:\Users\Guest\ntuser.ini
2014-03-20 23:19 - 2014-03-20 23:19 - 00000000 ____D () C:\Users\Guest\AppData\Local\offsync
2014-03-20 23:19 - 2014-03-20 23:19 - 00000000 ____D () C:\Users\Guest
2014-03-20 21:52 - 2011-07-21 11:47 - 00000000 ____D () C:\Users\andreas\Desktop\james
2014-03-18 18:17 - 2011-04-06 10:41 - 00000000 ____D () C:\Users\andreas\Desktop\Roccadoro
2014-03-17 23:43 - 2013-08-15 07:57 - 00000000 ____D () C:\windows\system32\MRT
2014-03-17 23:41 - 2011-03-19 10:57 - 90015360 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe
2014-03-17 09:16 - 2011-03-08 21:20 - 00000000 ____D () C:\Users\andreas\Desktop\THE VIEW Villas doo
2014-03-16 20:04 - 2011-06-04 10:26 - 00000000 ____D () C:\Users\andreas\Desktop\Inntal Montenegro
2014-03-16 19:12 - 2011-03-06 19:43 - 00000000 ___RD () C:\Users\andreas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-03-16 15:17 - 2011-03-20 18:43 - 00000000 ____D () C:\Users\andreas\Desktop\montague stein
2014-03-15 19:29 - 2011-04-05 14:32 - 00002175 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-03-14 12:57 - 2014-02-14 09:37 - 00000000 ____D () C:\Users\andreas\Desktop\Photos portals
2014-03-14 09:32 - 2010-08-04 03:29 - 00000000 ___RD () C:\Program Files (x86)\Skype
2014-03-14 07:36 - 2009-07-14 05:45 - 00426592 _____ () C:\windows\system32\FNTCACHE.DAT
2014-03-14 07:34 - 2013-03-13 23:27 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2014-03-14 07:34 - 2013-03-13 23:27 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2014-03-14 02:16 - 2011-03-08 18:36 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-03-14 00:06 - 2013-05-26 17:55 - 00000000 ____D () C:\Users\andreas\AppData\Local\Workspace
2014-03-04 09:46 - 2014-03-04 09:46 - 00001109 _____ () C:\Users\andreas\Desktop\desktoptools.lnk
2014-03-01 07:05 - 2014-03-13 21:25 - 23133696 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2014-03-01 06:17 - 2014-03-13 21:26 - 02724864 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb
2014-03-01 06:16 - 2014-03-13 21:26 - 00004096 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollectorres.dll
2014-03-01 05:58 - 2014-03-13 21:26 - 02765824 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
2014-03-01 05:52 - 2014-03-13 21:26 - 00066048 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll
2014-03-01 05:51 - 2014-03-13 21:26 - 00048640 _____ (Microsoft Corporation) C:\windows\system32\ieetwproxystub.dll
2014-03-01 05:42 - 2014-03-13 21:25 - 00053760 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll
2014-03-01 05:40 - 2014-03-13 21:26 - 00033792 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll
2014-03-01 05:37 - 2014-03-13 21:25 - 00574976 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll
2014-03-01 05:33 - 2014-03-13 21:25 - 00139264 _____ (Microsoft Corporation) C:\windows\system32\ieUnatt.exe
2014-03-01 05:33 - 2014-03-13 21:25 - 00111616 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollector.exe
2014-03-01 05:32 - 2014-03-13 21:25 - 00708608 _____ (Microsoft Corporation) C:\windows\system32\jscript9diag.dll
2014-03-01 05:30 - 2014-03-13 21:26 - 17074688 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll
2014-03-01 05:23 - 2014-03-13 21:25 - 00940032 _____ (Microsoft Corporation) C:\windows\system32\MsSpellCheckingFacility.exe
2014-03-01 05:17 - 2014-03-13 21:26 - 00218624 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe
2014-03-01 05:11 - 2014-03-13 21:26 - 02724864 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.tlb
2014-03-01 05:02 - 2014-03-13 21:25 - 00195584 _____ (Microsoft Corporation) C:\windows\system32\msrating.dll
2014-03-01 04:54 - 2014-03-13 21:25 - 05768704 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
2014-03-01 04:52 - 2014-03-13 21:26 - 00061952 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesetup.dll
2014-03-01 04:51 - 2014-03-13 21:26 - 00051200 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieetwproxystub.dll
2014-03-01 04:47 - 2014-03-13 21:26 - 02168320 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll
2014-03-01 04:43 - 2014-03-13 21:26 - 00043008 _____ (Microsoft Corporation) C:\windows\SysWOW64\jsproxy.dll
2014-03-01 04:43 - 2014-03-13 21:26 - 00032768 _____ (Microsoft Corporation) C:\windows\SysWOW64\iernonce.dll
2014-03-01 04:42 - 2014-03-13 21:26 - 00627200 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll
2014-03-01 04:40 - 2014-03-13 21:26 - 00440832 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieui.dll
2014-03-01 04:38 - 2014-03-13 21:26 - 00112128 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieUnatt.exe
2014-03-01 04:37 - 2014-03-13 21:26 - 00553472 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9diag.dll
2014-03-01 04:35 - 2014-03-13 21:26 - 02041856 _____ (Microsoft Corporation) C:\windows\system32\inetcpl.cpl
2014-03-01 04:18 - 2014-03-13 21:25 - 13051904 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
2014-03-01 04:16 - 2014-03-13 21:25 - 00164864 _____ (Microsoft Corporation) C:\windows\SysWOW64\msrating.dll
2014-03-01 04:14 - 2014-03-13 21:26 - 04244480 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll
2014-03-01 04:10 - 2014-03-13 21:25 - 02334208 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
2014-03-01 04:03 - 2014-03-13 21:26 - 00524288 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll
2014-03-01 04:00 - 2014-03-13 21:26 - 01964032 _____ (Microsoft Corporation) C:\windows\SysWOW64\inetcpl.cpl
2014-03-01 03:57 - 2014-03-13 21:26 - 11266048 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll
2014-03-01 03:38 - 2014-03-13 21:26 - 01393664 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
2014-03-01 03:32 - 2014-03-13 21:25 - 01820160 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll
2014-03-01 03:27 - 2014-03-13 21:26 - 01156096 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll
2014-03-01 03:25 - 2014-03-13 21:25 - 00817664 _____ (Microsoft Corporation) C:\windows\system32\ieapfltr.dll
2014-03-01 03:25 - 2014-03-13 21:25 - 00703488 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieapfltr.dll
2014-02-28 16:55 - 2014-02-28 16:55 - 00002699 _____ () C:\Users\Public\Desktop\Skype.lnk
2014-02-28 16:55 - 2014-02-28 16:55 - 00000000 ____D () C:\Users\andreas\AppData\Local\Skype
2014-02-28 16:55 - 2010-08-04 03:29 - 00000000 ____D () C:\ProgramData\Skype
2014-02-28 16:51 - 2014-01-21 20:49 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-02-28 16:46 - 2014-02-28 16:46 - 00001074 _____ () C:\Users\andreas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\join.me.lnk
2014-02-28 16:46 - 2014-02-28 16:46 - 00000000 ____D () C:\Users\andreas\AppData\Local\join.me
2014-02-28 15:14 - 2014-02-28 15:14 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-02-27 09:04 - 2013-12-15 09:46 - 00570924 _____ () C:\windows\PFRO.log
2014-02-26 23:42 - 2011-04-21 12:42 - 00786134 _____ () C:\windows\SysWOW64\PerfStringBackup.INI
Some content of TEMP:
====================
C:\Users\andreas\AppData\Local\Temp\avgnt.exe
C:\Users\andreas\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmphck9ey.dll
C:\Users\Guest\AppData\Local\Temp\avgnt.exe
==================== Bamital & volsnap Check =================
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
LastRegBack: 2014-03-20 09:45
==================== End Of Log ============================
GMER GMER Logfile: Code:
ATTFilter GMER 2.1.19357 - hxxp://www.gmer.net
Rootkit scan 2014-03-28 13:25:29
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 SAMSUNG_ rev.2AJ1 298,09GB
Running: Gmer-19357.exe; Driver: C:\Users\andreas\AppData\Local\Temp\uwtiqfob.sys
---- Kernel code sections - GMER 2.1 ----
INITKDBG C:\windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 528 fffff800045f8000 45 bytes [00, 00, 49, 00, 4E, 76, 4C, ...]
INITKDBG C:\windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 575 fffff800045f802f 16 bytes [00, 00, 00, 00, 00, 00, 00, ...]
---- User code sections - GMER 2.1 ----
.text C:\windows\SysWOW64\svchost.exe[1720] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 00000000753a1465 2 bytes [3A, 75]
.text C:\windows\SysWOW64\svchost.exe[1720] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000753a14bb 2 bytes [3A, 75]
.text ... * 2
.text C:\Users\andreas\AppData\Local\Akamai\netsession_win.exe[3664] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 00000000753a1465 2 bytes [3A, 75]
.text C:\Users\andreas\AppData\Local\Akamai\netsession_win.exe[3664] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000753a14bb 2 bytes [3A, 75]
.text ... * 2
.text C:\Users\andreas\AppData\Local\Workspace\workspaceupdate.exe[3704] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 00000000753a1465 2 bytes [3A, 75]
.text C:\Users\andreas\AppData\Local\Workspace\workspaceupdate.exe[3704] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000753a14bb 2 bytes [3A, 75]
.text ... * 2
.text C:\Program Files (x86)\Skype\Phone\Skype.exe[3768] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 00000000753a1465 2 bytes [3A, 75]
.text C:\Program Files (x86)\Skype\Phone\Skype.exe[3768] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000753a14bb 2 bytes [3A, 75]
.text ... * 2
.text C:\Users\andreas\AppData\Roaming\Dropbox\bin\Dropbox.exe[3784] C:\windows\syswow64\Psapi.dll!GetModuleInformation + 69 00000000753a1465 2 bytes [3A, 75]
.text C:\Users\andreas\AppData\Roaming\Dropbox\bin\Dropbox.exe[3784] C:\windows\syswow64\Psapi.dll!GetModuleInformation + 155 00000000753a14bb 2 bytes [3A, 75]
.text ... * 2
.text C:\Users\andreas\AppData\Local\Akamai\netsession_win.exe[1576] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 00000000753a1465 2 bytes [3A, 75]
.text C:\Users\andreas\AppData\Local\Akamai\netsession_win.exe[1576] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000753a14bb 2 bytes [3A, 75]
.text ... * 2
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[588] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 00000000753a1465 2 bytes [3A, 75]
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[588] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000753a14bb 2 bytes [3A, 75]
.text ... * 2
.text C:\Users\andreas\Desktop\Defogger.exe[3952] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 00000000753a1465 2 bytes [3A, 75]
.text C:\Users\andreas\Desktop\Defogger.exe[3952] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000753a14bb 2 bytes [3A, 75]
.text ... * 2
---- Processes - GMER 2.1 ----
Library C:\Users\andreas\AppData\Roaming\Dropbox\bin\wxmsw28uh_vc.dll (*** suspicious ***) @ C:\Users\andreas\AppData\Roaming\Dropbox\bin\Dropbox.exe [3784](2013-12-18 02:25:54) 0000000003be0000
Library c:\users\andreas\appdata\local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmphck9ey.dll (*** suspicious ***) @ C:\Users\andreas\AppData\Roaming\Dropbox\bin\Dropbox.exe [3784](2014-03-28 08:20:22) 0000000004450000
Library C:\Users\andreas\AppData\Roaming\Dropbox\bin\libcef.dll (*** suspicious ***) @ C:\Users\andreas\AppData\Roaming\Dropbox\bin\Dropbox.exe [3784](2013-10-18 23:55:02) 000000006a830000
Library C:\Users\andreas\AppData\Roaming\Dropbox\bin\icudt.dll (*** suspicious ***) @ C:\Users\andreas\AppData\Roaming\Dropbox\bin\Dropbox.exe [3784] (ICU Data DLL/The ICU Project)(2013-10-18 23:55:00) 0000000069b80000
---- Registry - GMER 2.1 ----
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\000272c42243
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\0009dd501a52
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\0026b654eb87
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\0026b654edff
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\0026b654f56e
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\0026b654f652
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\0026b66b6864
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\0026b66b6982
Reg HKLM\SYSTEM\CurrentControlSet\services\LanmanWorkstation\Linkage@Export ????????@machine.inf,%intel_mfg%;Intel????????????????????????????????????????8??????????????????????????F??FF????`??????????????????????????????????????????????????????????????????????????????????????????e???????????????????????????????????????u??disk.inf?G??????????????USB\VID_0529&PID_0620\7&1e2b8449&0&2?7???????????p??r???\??\USB#VID_0A5C&PID_219B#0026B66B6864#{a5dcbf10-6530-11d2-901f-00c04fb951ed}????????????????????????????????e??Microsoft???\??\USB#VID_04E8&PID_6860#0019328a05222f#{a5dcbf10-6530-11d2-901f-00c04fb951ed}?????????????????????wpdbusenum\fs???????????????????? ??????????????????????????????????????????WILL'S USB??????WUDFCoInstaller.dll?????????????????????)???volume.inf:MSFT.NTamd64:volume_install:6.1.7601.17514:storage\volume?A????????????????????????????????,?????????????@disk.inf,%genmanufacturer%;(Standard disk drives)??????????????????????????????USB Flash Disk ?devicename%;WPD FileSystem Volume Driver????????????a??????????????????????????????????????????? ??????? ?????????????????
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\000272c42243 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\0009dd501a52 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\0026b654eb87 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\0026b654edff (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\0026b654f56e (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\0026b654f652 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\0026b66b6864 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\0026b66b6982 (not active ControlSet)
---- Disk sectors - GMER 2.1 ----
Disk \Device\Harddisk0\DR0 unknown MBR code
---- EOF - GMER 2.1 ----
Schon mal vielen Dank für jede Hilfestellung. Gruß Andi Geändert von Andi64 (28.03.2014 um 14:20 Uhr) |
| Themen zu Spam Mails werden von yahoo account verschickt - auch nach Passwortänderung |
| ad-aware, administrator, akamai, browser, firewall, flash player, home, monte, mozilla, msil/adware.pullupdate.a, msil/adware.pullupdate.c, msil/adware.pullupdate.d, pup.optional.babylon.a, registry, scan, services.exe, spam, win32/adware.addlyrics.ah, win32/adware.addlyrics.ai, winlogon.exe |
Baum-Darstellung