| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Secure Banking bringt: Infizierte Funktionen:PR_WriteWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
08.04.2014, 18:36
| #1 |
 |  Secure Banking bringt: Infizierte Funktionen:PR_Write ch benutze Secure Banking auf meinem Rechner. Als Schutzsoftware benutze ich Comodo Internet Security. Gestern gab es ein Update von Comodo. Dabei wurde PrivDog mitinstalliert. Dieses habe ich sofort wieder gelöscht. Nun kommt aber jedesmal wenn ich den Firefox starte ein Hinweis von Secure Banking das ich Malware festgestellt worden ist. Bei Chrome und IE kommt keine Meldung. Das ist der genaue Fehlertext: ======================================== [07.04.2014 - 22:18:26] Malware gefunden! ---------------------------------------- Malware: ---------------------------------------- Infizierter Prozess: firefox.exe ---------------------------------------- Infizierte Funktionen: PR_Write ======================================== Was kann ich machen? |
|
08.04.2014, 18:56
| #2 |
| /// the machine /// TB-Ausbilder    | Secure Banking bringt: Infizierte Funktionen:PR_Write hi,
__________________Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop:  FRST 32-Bit | FRST 64-Bit(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
__________________ |
|
09.04.2014, 23:20
| #3 |
| | Secure Banking bringt: Infizierte Funktionen:PR_Write FRST.txt
__________________FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 13-03-2014 (ATTENTION: ====> FRST version is 28 days old and could be outdated)
Ran by Marco (administrator) on MARCO-PC on 10-04-2014 00:05:23
Running from C:\Users\Marco\Desktop
Windows 7 Ultimate Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 11
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(Lenovo.) C:\Windows\system32\ibmpmsvc.exe
(COMODO) C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
(Andrea Electronics Corporation) C:\Windows\system32\AEADISRV.EXE
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
(Samsung Electronics Co., Ltd.) C:\Windows\system32\RAPID\SamsungRapidSvc.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
(Lenovo Group Limited) C:\Program Files\LENOVO\HOTKEY\TPHKSVC.exe
(Conexant Systems, Inc.) C:\Windows\system32\DRIVERS\xaudio64.exe
(Lenovo Group Limited) C:\Program Files\LENOVO\HOTKEY\TPHKLOAD.exe
(Lenovo Group Limited) C:\Program Files\LENOVO\HOTKEY\tposdsvc.exe
(Lenovo Group Limited) C:\Program Files\LENOVO\HOTKEY\shtctky.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\Zoom\TpScrex.exe
(COMODO) C:\Program Files\COMODO\COMODO Internet Security\cistray.exe
(COMODO) C:\Program Files\COMODO\COMODO Internet Security\cavwp.exe
(Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\RAPID\CacheFilter\SamsungRapidApp.exe
(Nokia) C:\Program Files (x86)\Nokia\Nokia Suite\NokiaSuite.exe
(Secure Banking) C:\Program Files (x86)\Secure Banking\SecureBanking.exe
() C:\Program Files (x86)\Secure Banking\sbservice.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Nokia) C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe
(Nokia) C:\Program Files (x86)\PC Connectivity Solution\Transports\NclUSBSrv64.exe
(Nokia) C:\Program Files (x86)\PC Connectivity Solution\Transports\NclMSBTSrvEx.exe
(Lenovo Group Limited) C:\Program Files (x86)\ThinkPad\Utilities\SCHTASK.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe
(COMODO) C:\Program Files\COMODO\COMODO Internet Security\cis.exe
(Google Inc.) C:\Users\Marco\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Marco\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Marco\AppData\Local\Google\Chrome\Application\chrome.exe
(Lenovo) C:\Program Files (x86)\ThinkPad\Utilities\PWMDBSVC.EXE
(Microsoft Corporation) C:\Program Files (x86)\Internet Explorer\IELowutil.exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [COMODO Internet Security] - C:\Program Files\COMODO\COMODO Internet Security\cistray.exe [1275608 2014-03-25] (COMODO)
HKLM\...\Run: [SamsungRapidApp] - C:\Program Files (x86)\Samsung\RAPID\CacheFilter\SamsungRapidApp.exe [109280 2013-07-29] (Samsung Electronics Co., Ltd.)
HKLM-x32\...\Run: [] - [X]
HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM-x32\...\Run: [PWMTRV] - rundll32 "C:\Program Files (x86)\ThinkPad\Utilities\PWMTR64V.DLL",PwrMgrBkGndMonitor
HKU\S-1-5-21-830970416-4275679583-823849880-1000\...\Run: [] - [X]
HKU\S-1-5-21-830970416-4275679583-823849880-1000\...\Run: [NokiaSuite.exe] - C:\Program Files (x86)\Nokia\Nokia Suite\NokiaSuite.exe [1090912 2013-10-02] (Nokia)
HKU\S-1-5-21-830970416-4275679583-823849880-1000\...\Run: [SecureBanking] - C:\Program Files (x86)\Secure Banking\SecureBanking.exe [507904 2013-06-30] (Secure Banking)
HKU\S-1-5-21-830970416-4275679583-823849880-1000\...\MountPoints2: {b7aedfd3-3aca-11e2-9dc2-0016d32f7311} - E:\SETUP.EXE
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:Tabs
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x57C38802832FCC01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKCU - {3A5F302B-4F67-45C2-938B-AEF31E13CBF9} URL = hxxp://search.gmx.com/web?q={searchTerms}&origin=tb_splugin_ie
SearchScopes: HKCU - {547EDC23-878F-4219-874B-01B686723A0D} URL = hxxp://go.web.de/tb/ie_searchplugin/?su={searchTerms}
SearchScopes: HKCU - {8EEAC88A-079B-4b2c-80C1-7836F79EB40A} URL = hxxp://de.search.yahoo.com/search?p={searchTerms}&fr=chr-comodo
SearchScopes: HKCU - {929E3872-5684-44EC-8BAB-B77922A95CF3} URL = hxxp://go.1und1.de/tb/ie_searchplugin/?su={searchTerms}
SearchScopes: HKCU - {D6668A2D-0E85-42AE-8E3F-3481E49AAAB5} URL = hxxp://go.gmx.net/tb/ie_searchplugin/?su={searchTerms}
SearchScopes: HKCU - {F6B00BBA-588D-42A0-A1E7-55F5E585BE98} URL = hxxp://www.google.de/search?q={searchTerms}
BHO: Lync Browser Helper - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Adobe Acrobat Create PDF Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll (Adobe Systems Incorporated)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO: Adobe Acrobat Create PDF from Selection - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll (Adobe Systems Incorporated)
BHO-x32: Lync Browser Helper - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO-x32: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Adobe Acrobat Create PDF Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Microsoft SkyDrive Pro Browser Helper - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: Adobe Acrobat Create PDF from Selection - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKLM - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKLM-x32 - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKCU - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll (Adobe Systems Incorporated)
DPF: HKLM-x32 {17492023-C23A-453E-A040-C7C580BBF700} hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
DPF: HKLM-x32 {816BE035-1450-40D0-8A3B-BA7825A83A77} hxxp://support.lenovo.com/Resources/Lenovo/AutoDetect/acpirexe.cab
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler: haufereader - No CLSID Value -
Handler-x32: haufereader - No CLSID Value -
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
FireFox:
========
FF ProfilePath: C:\Users\Marco\AppData\Roaming\Mozilla\Firefox\Profiles\uob9bdy8.default
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_12_0_0_77.dll ()
FF Plugin: @java.com/DTPlugin,version=10.7.2 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.7.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin: adobe.com/AdobeAAMDetect - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll (Adobe Systems)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_77.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @java.com/DTPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 - C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~1\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @nokia.com/EnablerPlugin - C:\Program Files (x86)\Nokia\Nokia Suite\npNokiaSuiteEnabler.dll ( )
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.6 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.3 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Acrobat - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll (Adobe Systems)
FF Plugin HKCU: @tools.google.com/Google Update;version=3 - C:\Users\Marco\AppData\Local\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=9 - C:\Users\Marco\AppData\Local\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF HKLM-x32\...\Firefox\Extensions: [web2pdfextension@web2pdf.adobedotcom] - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtn
FF Extension: Adobe Acrobat - Create PDF - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtn [2012-12-31]
Chrome:
=======
CHR HomePage: hxxp://de.yahoo.com?fr=fpc-comodo
CHR DefaultSearchURL: hxxp://www.google.de/search?q={searchTerms}
CHR DefaultNewTabURL:
CHR Plugin: (Remoting Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Users\Marco\AppData\Local\Google\Chrome\Application\33.0.1750.154\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Users\Marco\AppData\Local\Google\Chrome\Application\33.0.1750.154\pdf.dll ()
CHR Plugin: (Shockwave Flash) - C:\Users\Marco\AppData\Local\Google\Chrome\Application\33.0.1750.154\gcswf32.dll No File
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_235.dll No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\nppdf32.dll No File
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll No File
CHR Plugin: (Java(TM) Platform SE 6 U31) - C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll No File
CHR Plugin: (VLC Web Plugin) - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll No File
CHR Extension: (YouTube) - C:\Users\Marco\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2011-12-21]
CHR Extension: (Google-Suche) - C:\Users\Marco\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2011-12-21]
CHR Extension: (Adobe Acrobat – PDF-Datei erstellen) - C:\Users\Marco\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2013-01-01]
CHR Extension: (Google Wallet) - C:\Users\Marco\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-29]
CHR Extension: (Google Mail) - C:\Users\Marco\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2011-12-21]
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCChromeExtn\WCChromeExtn.crx [2013-12-21]
==================== Services (Whitelisted) =================
R2 AEADIFilters; C:\Windows\system32\AEADISRV.EXE [111616 2008-07-15] (Andrea Electronics Corporation)
R2 cmdAgent; C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe [6812400 2014-03-25] (COMODO)
S3 cmdvirth; C:\Program Files\COMODO\COMODO Internet Security\cmdvirth.exe [2264280 2014-03-25] (COMODO)
S3 DozeSvc; C:\Program Files (x86)\ThinkPad\Utilities\DZSVC64.EXE [320560 2013-12-09] (Lenovo.)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
R2 SamsungRapidSvc; C:\Windows\System32\RAPID\SamsungRapidSvc.exe [27360 2013-07-29] (Samsung Electronics Co., Ltd.)
S3 SUService; C:\Program Files (x86)\Lenovo\System Update\SUService.exe [22888 2013-09-17] ()
==================== Drivers (Whitelisted) ====================
R1 cmderd; C:\Windows\System32\DRIVERS\cmderd.sys [23168 2014-03-25] (COMODO)
R1 cmdGuard; C:\Windows\System32\DRIVERS\cmdguard.sys [738472 2014-03-25] (COMODO)
R1 cmdHlp; C:\Windows\System32\DRIVERS\cmdhlp.sys [48360 2014-03-25] (COMODO)
R1 inspect; C:\Windows\System32\DRIVERS\inspect.sys [105552 2014-03-25] (COMODO)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
R0 SamsungRapidDiskFltr; C:\Windows\System32\DRIVERS\SamsungRapidDiskFltr.sys [240864 2013-07-29] (Samsung Electronics Co., Ltd.)
R0 SamsungRapidFSFltr; C:\Windows\System32\DRIVERS\SamsungRapidFSFltr.sys [111328 2013-07-29] (Samsung Electronics Co., Ltd.)
U5 VWiFiFlt; C:\Windows\System32\Drivers\VWiFiFlt.sys [59904 2009-07-14] (Microsoft Corporation)
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X]
S3 tsusbhub; system32\drivers\tsusbhub.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2014-04-10 00:05 - 2014-04-10 00:05 - 00018071 _____ () C:\Users\Marco\Desktop\FRST.txt
2014-04-10 00:05 - 2014-04-10 00:05 - 00000000 ____D () C:\FRST
2014-04-10 00:03 - 2014-04-10 00:03 - 02157056 _____ (Farbar) C:\Users\Marco\Desktop\FRST64.exe
2014-04-07 23:53 - 2014-04-07 23:53 - 00001147 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2014-04-07 23:53 - 2014-04-07 23:53 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-04-07 22:57 - 2014-04-07 22:57 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\Marco\Downloads\revosetup95 (1).exe
2014-04-07 22:57 - 2014-04-07 22:57 - 00001264 _____ () C:\Users\Marco\Desktop\Revo Uninstaller.lnk
2014-04-07 22:54 - 2014-04-07 22:54 - 00029989 _____ () C:\Users\Marco\Downloads\Addition.txt
2014-04-07 22:11 - 2014-04-07 22:11 - 01426178 _____ () C:\Users\Marco\Downloads\adwcleaner3023.exe
2014-04-07 22:03 - 2014-04-07 22:03 - 00000342 _____ () C:\Windows\PFRO.log
2014-04-07 22:02 - 2014-04-07 22:02 - 00000000 ____D () C:\Program Files (x86)\Secure Banking
2014-04-07 22:01 - 2014-04-07 22:01 - 00414150 _____ () C:\Users\Marco\Downloads\Secure Banking v1.5.2.rar
2014-04-07 20:29 - 2014-04-07 23:53 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-04-07 20:27 - 2014-04-07 20:27 - 00283192 _____ (Mozilla) C:\Users\Marco\Downloads\Firefox Setup Stub 28.0.exe
2014-04-07 20:04 - 2014-04-07 20:04 - 00000000 ____D () C:\Users\Marco\AppData\Roaming\LavasoftStatistics
2014-04-07 17:56 - 2014-04-07 17:56 - 00000000 ____D () C:\ProgramData\Lavasoft
2014-04-07 17:22 - 2014-04-07 22:57 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group
2014-04-07 17:21 - 2014-04-07 17:22 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\Marco\Downloads\revosetup95.exe
2014-04-07 16:55 - 2014-04-09 23:59 - 00000728 _____ () C:\Windows\setupact.log
2014-04-07 16:55 - 2014-04-07 16:55 - 00000000 _____ () C:\Windows\setuperr.log
2014-04-07 14:14 - 2014-04-07 14:14 - 00000000 ____D () C:\Users\Marco\AppData\Local\AdTrustMedia
2014-04-06 20:07 - 2014-04-06 20:07 - 00000000 ____D () C:\ProgramData\Adtrustmedia
2014-04-03 20:58 - 2014-04-07 23:35 - 00005132 _____ () C:\Windows\System32\Tasks\Microsoft Office 15 Sync Maintenance for Marco-PC-Marco Marco-PC
2014-03-30 13:57 - 2014-03-30 13:57 - 00001240 _____ () C:\Users\Public\Desktop\Lenovo Battery Utility 2014.lnk
2014-03-30 13:57 - 2014-03-30 13:57 - 00000000 ____D () C:\Program Files (x86)\Lenovo Battery Utility 2014
2014-03-30 13:56 - 2014-03-30 13:57 - 03462480 _____ (Lenovo Corp ) C:\Users\Marco\Downloads\LenovoBattery.exe
2014-03-18 16:32 - 2014-03-18 16:32 - 00000000 ____D () C:\Program Files (x86)\Mozilla Thunderbird
2014-03-18 11:01 - 2014-03-18 11:01 - 00000000 ____D () C:\Users\Marco\Documents\Corel PaintShop Pro
2014-03-18 11:01 - 2014-03-18 11:01 - 00000000 ____D () C:\Users\Marco\AppData\Local\Corel PaintShop Pro
2014-03-15 16:36 - 2014-03-15 16:37 - 04765152 _____ (Piriform Ltd) C:\Users\Marco\Downloads\ccsetup411.exe
2014-03-14 13:56 - 2014-03-14 13:56 - 00001783 _____ () C:\Users\Public\Desktop\iTunes.lnk
2014-03-14 13:56 - 2014-03-14 13:56 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2014-03-14 13:56 - 2014-03-14 13:56 - 00000000 ____D () C:\Program Files\iTunes
2014-03-14 13:56 - 2014-03-14 13:56 - 00000000 ____D () C:\Program Files\iPod
2014-03-14 13:56 - 2014-03-14 13:56 - 00000000 ____D () C:\Program Files (x86)\iTunes
2014-03-12 17:43 - 2014-03-12 17:43 - 00000000 ____D () C:\Users\Marco\Downloads\Senioren
2014-03-12 10:57 - 2014-03-01 08:05 - 23133696 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-03-12 10:57 - 2014-03-01 07:17 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-03-12 10:57 - 2014-03-01 07:16 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-03-12 10:57 - 2014-03-01 06:58 - 02765824 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-03-12 10:57 - 2014-03-01 06:52 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-03-12 10:57 - 2014-03-01 06:51 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-03-12 10:57 - 2014-03-01 06:42 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-03-12 10:57 - 2014-03-01 06:40 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-03-12 10:57 - 2014-03-01 06:37 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-03-12 10:57 - 2014-03-01 06:33 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-03-12 10:57 - 2014-03-01 06:33 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-03-12 10:57 - 2014-03-01 06:32 - 00708608 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-03-12 10:57 - 2014-03-01 06:30 - 17074688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-03-12 10:57 - 2014-03-01 06:23 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-03-12 10:57 - 2014-03-01 06:17 - 00218624 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-03-12 10:57 - 2014-03-01 06:11 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-03-12 10:57 - 2014-03-01 06:02 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-03-12 10:57 - 2014-03-01 05:54 - 05768704 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-03-12 10:57 - 2014-03-01 05:52 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-03-12 10:57 - 2014-03-01 05:51 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-03-12 10:57 - 2014-03-01 05:47 - 02168320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-03-12 10:57 - 2014-03-01 05:43 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-03-12 10:57 - 2014-03-01 05:43 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-03-12 10:57 - 2014-03-01 05:42 - 00627200 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-03-12 10:57 - 2014-03-01 05:40 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-03-12 10:57 - 2014-03-01 05:38 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-03-12 10:57 - 2014-03-01 05:37 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-03-12 10:57 - 2014-03-01 05:35 - 02041856 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-03-12 10:57 - 2014-03-01 05:18 - 13051904 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-03-12 10:57 - 2014-03-01 05:16 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-03-12 10:57 - 2014-03-01 05:14 - 04244480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-03-12 10:57 - 2014-03-01 05:10 - 02334208 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-03-12 10:57 - 2014-03-01 05:03 - 00524288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-03-12 10:57 - 2014-03-01 05:00 - 01964032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-03-12 10:57 - 2014-03-01 04:57 - 11266048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-03-12 10:57 - 2014-03-01 04:38 - 01393664 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-03-12 10:57 - 2014-03-01 04:32 - 01820160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-03-12 10:57 - 2014-03-01 04:27 - 01156096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-03-12 10:57 - 2014-03-01 04:25 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-03-12 10:57 - 2014-03-01 04:25 - 00703488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-03-12 10:56 - 2014-02-07 03:23 - 03156480 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-03-12 10:56 - 2014-02-04 04:32 - 00624128 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2014-03-12 10:56 - 2014-02-04 04:04 - 00509440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll
2014-03-12 10:56 - 2014-01-29 04:32 - 00484864 _____ (Microsoft Corporation) C:\Windows\system32\wer.dll
2014-03-12 10:56 - 2014-01-29 04:06 - 00381440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wer.dll
2014-03-12 10:56 - 2014-01-28 04:32 - 00228864 _____ (Microsoft Corporation) C:\Windows\system32\wwansvc.dll
2014-03-12 10:55 - 2014-02-04 04:32 - 01424384 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2014-03-12 10:55 - 2014-02-04 04:04 - 01230336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
==================== One Month Modified Files and Folders =======
2014-04-10 00:05 - 2014-04-10 00:05 - 00018071 _____ () C:\Users\Marco\Desktop\FRST.txt
2014-04-10 00:05 - 2014-04-10 00:05 - 00000000 ____D () C:\FRST
2014-04-10 00:04 - 2009-07-14 19:58 - 00701576 _____ () C:\Windows\system32\perfh007.dat
2014-04-10 00:04 - 2009-07-14 19:58 - 00150444 _____ () C:\Windows\system32\perfc007.dat
2014-04-10 00:04 - 2009-07-14 07:13 - 01620684 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-04-10 00:03 - 2014-04-10 00:03 - 02157056 _____ (Farbar) C:\Users\Marco\Desktop\FRST64.exe
2014-04-10 00:03 - 2011-11-06 00:33 - 00003930 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{284655A8-D076-44C3-BDEF-AAF3B941D8C9}
2014-04-10 00:03 - 2011-06-20 19:21 - 01402370 _____ () C:\Windows\WindowsUpdate.log
2014-04-09 23:59 - 2014-04-07 16:55 - 00000728 _____ () C:\Windows\setupact.log
2014-04-09 23:59 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-04-09 13:18 - 2011-11-05 21:00 - 01474832 _____ () C:\Windows\system32\Drivers\sfi.dat
2014-04-09 13:17 - 2011-06-21 19:50 - 00000000 ____D () C:\Users\Marco\Documents\Outlook-Dateien
2014-04-09 13:06 - 2009-07-14 06:45 - 00014016 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-04-09 13:06 - 2009-07-14 06:45 - 00014016 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-04-07 23:53 - 2014-04-07 23:53 - 00001147 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2014-04-07 23:53 - 2014-04-07 23:53 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-04-07 23:53 - 2014-04-07 20:29 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-04-07 23:53 - 2011-06-20 22:29 - 00000000 ____D () C:\Users\Marco\AppData\Roaming\Mozilla
2014-04-07 23:43 - 2013-09-12 00:35 - 00000000 ____D () C:\AdwCleaner
2014-04-07 23:36 - 2009-07-14 05:20 - 00000000 ___HD () C:\Windows\system32\GroupPolicy
2014-04-07 23:35 - 2014-04-03 20:58 - 00005132 _____ () C:\Windows\System32\Tasks\Microsoft Office 15 Sync Maintenance for Marco-PC-Marco Marco-PC
2014-04-07 23:27 - 2013-01-27 20:52 - 00000000 ____D () C:\Users\Marco\Desktop\CCEnhancer
2014-04-07 23:26 - 2011-06-20 22:09 - 00000000 ____D () C:\Users\Marco\AppData\Local\Microsoft Help
2014-04-07 22:57 - 2014-04-07 22:57 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\Marco\Downloads\revosetup95 (1).exe
2014-04-07 22:57 - 2014-04-07 22:57 - 00001264 _____ () C:\Users\Marco\Desktop\Revo Uninstaller.lnk
2014-04-07 22:57 - 2014-04-07 17:22 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group
2014-04-07 22:54 - 2014-04-07 22:54 - 00029989 _____ () C:\Users\Marco\Downloads\Addition.txt
2014-04-07 22:11 - 2014-04-07 22:11 - 01426178 _____ () C:\Users\Marco\Downloads\adwcleaner3023.exe
2014-04-07 22:03 - 2014-04-07 22:03 - 00000342 _____ () C:\Windows\PFRO.log
2014-04-07 22:03 - 2012-11-28 13:03 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy 2
2014-04-07 22:02 - 2014-04-07 22:02 - 00000000 ____D () C:\Program Files (x86)\Secure Banking
2014-04-07 22:01 - 2014-04-07 22:01 - 00414150 _____ () C:\Users\Marco\Downloads\Secure Banking v1.5.2.rar
2014-04-07 20:27 - 2014-04-07 20:27 - 00283192 _____ (Mozilla) C:\Users\Marco\Downloads\Firefox Setup Stub 28.0.exe
2014-04-07 20:04 - 2014-04-07 20:04 - 00000000 ____D () C:\Users\Marco\AppData\Roaming\LavasoftStatistics
2014-04-07 17:56 - 2014-04-07 17:56 - 00000000 ____D () C:\ProgramData\Lavasoft
2014-04-07 17:22 - 2014-04-07 17:21 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\Marco\Downloads\revosetup95.exe
2014-04-07 16:55 - 2014-04-07 16:55 - 00000000 _____ () C:\Windows\setuperr.log
2014-04-07 14:14 - 2014-04-07 14:14 - 00000000 ____D () C:\Users\Marco\AppData\Local\AdTrustMedia
2014-04-06 20:12 - 2013-05-03 15:11 - 00034230 _____ () C:\Windows\system32\Drivers\fvstore.dat
2014-04-06 20:07 - 2014-04-06 20:07 - 00000000 ____D () C:\ProgramData\Adtrustmedia
2014-04-06 20:05 - 2013-05-03 10:42 - 00000000 ____D () C:\Windows\System32\Tasks\COMODO
2014-03-30 14:43 - 2011-06-26 11:48 - 00000000 ____D () C:\Users\Marco\Downloads\Software
2014-03-30 13:57 - 2014-03-30 13:57 - 00001240 _____ () C:\Users\Public\Desktop\Lenovo Battery Utility 2014.lnk
2014-03-30 13:57 - 2014-03-30 13:57 - 00000000 ____D () C:\Program Files (x86)\Lenovo Battery Utility 2014
2014-03-30 13:57 - 2014-03-30 13:56 - 03462480 _____ (Lenovo Corp ) C:\Users\Marco\Downloads\LenovoBattery.exe
2014-03-25 21:22 - 2013-04-25 11:05 - 00105552 _____ (COMODO) C:\Windows\system32\Drivers\inspect.sys
2014-03-25 21:22 - 2013-04-23 15:04 - 00453680 _____ (COMODO) C:\Windows\system32\guard64.dll
2014-03-25 21:22 - 2013-04-23 15:04 - 00363504 _____ (COMODO) C:\Windows\SysWOW64\guard32.dll
2014-03-25 21:22 - 2013-04-15 18:38 - 00738472 _____ (COMODO) C:\Windows\system32\Drivers\cmdguard.sys
2014-03-25 21:22 - 2013-04-15 18:38 - 00352984 _____ (COMODO) C:\Windows\system32\cmdvrt64.dll
2014-03-25 21:22 - 2013-04-15 18:38 - 00284888 _____ (COMODO) C:\Windows\SysWOW64\cmdvrt32.dll
2014-03-25 21:22 - 2013-04-15 18:38 - 00048360 _____ (COMODO) C:\Windows\system32\Drivers\cmdhlp.sys
2014-03-25 21:22 - 2013-04-15 18:38 - 00045784 _____ (COMODO) C:\Windows\system32\cmdkbd64.dll
2014-03-25 21:22 - 2013-04-15 18:38 - 00043216 _____ (COMODO) C:\Windows\system32\cmdcsr.dll
2014-03-25 21:22 - 2013-04-15 18:38 - 00040664 _____ (COMODO) C:\Windows\SysWOW64\cmdkbd32.dll
2014-03-25 21:22 - 2013-04-15 18:38 - 00023168 _____ (COMODO) C:\Windows\system32\Drivers\cmderd.sys
2014-03-22 23:21 - 2013-06-04 13:07 - 00000000 ____D () C:\Users\Marco\Desktop\Festplatte
2014-03-20 23:20 - 2012-12-22 19:21 - 00000000 ____D () C:\Users\Marco\Documents\mobackups
2014-03-20 23:13 - 2012-12-22 19:21 - 00000000 ____D () C:\Users\Marco\AppData\Roaming\MOBackup
2014-03-19 10:55 - 2013-04-03 21:37 - 00000000 ____D () C:\Program Files (x86)\JDownloader
2014-03-18 16:32 - 2014-03-18 16:32 - 00000000 ____D () C:\Program Files (x86)\Mozilla Thunderbird
2014-03-18 11:41 - 2011-06-23 17:39 - 00002356 _____ () C:\Users\Marco\Desktop\Google Chrome.lnk
2014-03-18 11:29 - 2011-07-11 15:34 - 00000000 ____D () C:\Users\Marco\Downloads\Movie
2014-03-18 11:01 - 2014-03-18 11:01 - 00000000 ____D () C:\Users\Marco\Documents\Corel PaintShop Pro
2014-03-18 11:01 - 2014-03-18 11:01 - 00000000 ____D () C:\Users\Marco\AppData\Local\Corel PaintShop Pro
2014-03-18 10:41 - 2011-06-23 17:23 - 00000000 ____D () C:\ProgramData\Lenovo
2014-03-15 16:50 - 2011-06-23 13:10 - 00000000 ____D () C:\Users\Marco\AppData\Roaming\Notepad++
2014-03-15 16:50 - 2011-06-23 13:10 - 00000000 ____D () C:\Program Files (x86)\Notepad++
2014-03-15 16:37 - 2014-03-15 16:36 - 04765152 _____ (Piriform Ltd) C:\Users\Marco\Downloads\ccsetup411.exe
2014-03-15 16:37 - 2012-01-06 23:13 - 00000000 ____D () C:\Program Files\CCleaner
2014-03-15 16:34 - 2014-01-01 15:48 - 00000020 ____H () C:\ProgramData\PKP_DLet.DAT
2014-03-14 15:14 - 2014-01-01 15:48 - 00000020 ____H () C:\ProgramData\PKP_DLev.DAT
2014-03-14 14:22 - 2013-12-28 00:43 - 00000000 ____D () C:\Users\Marco\Downloads\Nikon
2014-03-14 13:56 - 2014-03-14 13:56 - 00001783 _____ () C:\Users\Public\Desktop\iTunes.lnk
2014-03-14 13:56 - 2014-03-14 13:56 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2014-03-14 13:56 - 2014-03-14 13:56 - 00000000 ____D () C:\Program Files\iTunes
2014-03-14 13:56 - 2014-03-14 13:56 - 00000000 ____D () C:\Program Files\iPod
2014-03-14 13:56 - 2014-03-14 13:56 - 00000000 ____D () C:\Program Files (x86)\iTunes
2014-03-14 12:04 - 2012-12-08 20:13 - 00000000 ____D () C:\Program Files\Common Files\Apple
2014-03-14 12:04 - 2011-06-21 19:06 - 00000000 ____D () C:\Users\Marco\AppData\Roaming\Apple Computer
2014-03-14 00:25 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\rescache
2014-03-12 18:06 - 2011-06-23 13:04 - 00000000 ____D () C:\Users\Marco\AppData\Roaming\FileZilla
2014-03-12 17:43 - 2014-03-12 17:43 - 00000000 ____D () C:\Users\Marco\Downloads\Senioren
2014-03-12 17:28 - 2011-06-21 19:00 - 00000000 ____D () C:\Users\Marco\Downloads\Joomla
2014-03-12 15:11 - 2012-04-12 23:03 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-03-12 13:17 - 2012-04-12 23:03 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-03-12 13:17 - 2012-04-12 23:03 - 00003824 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-03-12 13:17 - 2011-06-20 22:42 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-03-12 13:14 - 2012-05-14 22:01 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2014-03-12 13:14 - 2012-05-14 22:01 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2014-03-12 13:14 - 2009-07-14 06:45 - 00446352 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-03-12 11:23 - 2011-06-20 22:09 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-03-12 11:20 - 2009-07-14 04:34 - 00000478 _____ () C:\Windows\win.ini
2014-03-12 11:17 - 2013-07-18 18:53 - 00000000 ____D () C:\Windows\system32\MRT
2014-03-12 11:06 - 2011-06-20 21:04 - 90015360 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
Files to move or delete:
====================
C:\ProgramData\PKP_DLbx.DAT
C:\ProgramData\PKP_DLeo.DAT
C:\ProgramData\PKP_DLes.DAT
C:\ProgramData\PKP_DLet.DAT
C:\ProgramData\PKP_DLev.DAT
Some content of TEMP:
====================
C:\Users\Marco\AppData\Local\Temp\NOSEventMessages.dll
C:\Users\Marco\AppData\Local\Temp\Quarantine.exe
==================== Bamital & volsnap Check =================
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
LastRegBack: 2014-04-03 21:52
==================== End Of Log ============================
--- --- --- FRST Additions Logfile: Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x64) Version: 13-03-2014
Ran by Marco at 2014-04-10 00:06:12
Running from C:\Users\Marco\Desktop
Boot Mode: Normal
==========================================================
==================== Security Center ========================
AV: COMODO Antivirus (Enabled - Up to date) {B74CC7D2-B407-E1DC-1033-DD315BCDC8C8}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: COMODO Antivirus (Enabled - Up to date) {0C2D2636-923D-EE52-2A83-E643204A8275}
FW: COMODO Firewall (Enabled) {8F7746F7-FE68-E084-3B6C-7404A51E8FB3}
==================== Installed Programs ======================
Adobe Acrobat XI Pro (HKLM-x32\...\{AC76BA86-1033-FFFF-7760-000000000006}) (Version: 11.0.06 - Adobe Systems)
Adobe Flash Player 11 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 11.9.900.117 - Adobe Systems Incorporated)
Adobe Flash Player 12 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 12.0.0.77 - Adobe Systems Incorporated)
Anzeige am Bildschirm (HKLM\...\OnScreenDisplay) (Version: 6.71.00 - )
Apple Application Support (HKLM-x32\...\{AAC5D43E-816D-4C2D-8E51-55FFF35BE301}) (Version: 3.0.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{787136D2-F0F8-4625-AA3F-72D7795AC842}) (Version: 7.1.1.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Biet-O-Matic v2.14.8 (HKLM-x32\...\Biet-O-Matic v2.14.8) (Version: Biet-O-Matic v2.14.8 - BOM Development Team)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Catalyst Control Center Core Implementation (x32 Version: 2007.0621.1715.28924 - ATI) Hidden
Catalyst Control Center Graphics Full Existing (x32 Version: 2007.0621.1715.28924 - ATI) Hidden
Catalyst Control Center Graphics Full New (x32 Version: 2007.0621.1715.28924 - ATI) Hidden
Catalyst Control Center Graphics Light (x32 Version: 2007.0621.1715.28924 - ATI) Hidden
Catalyst Control Center Graphics Previews Vista (x32 Version: 2007.0621.1715.28924 - ATI) Hidden
Catalyst Control Center Localization German (x32 Version: 2007.0621.1715.28924 - ATI) Hidden
CCC Help German (x32 Version: 2007.0621.1714.28924 - ATI) Hidden
ccc-core-static (x32 Version: 2007.0621.1715.28924 - Ihr Firmenname) Hidden
ccc-utility64 (Version: 2007.0621.1715.28924 - ATI) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 4.11 - Piriform)
CDBurnerXP (HKLM-x32\...\{7E265513-8CDA-4631-B696-F40D983F3B07}_is1) (Version: 4.5.2.4478 - CDBurnerXP)
COMODO Internet Security Premium (HKLM\...\{F1EC4151-805B-4097-B9BB-7D71A417AAF1}) (Version: 6.1.14723.2813 - COMODO Security Solutions Inc.)
CVE-2013-3893 (HKLM\...\{55aab41f-5d5c-abdf-4568-baef76587bd7}.sdb) (Version: - )
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{92C42EDD-6524-4577-B2EB-6C68C63B6D4A}) (Version: - Microsoft)
Definition Update for Microsoft Office 2013 (KB2760587) 32-Bit Edition (HKLM-x32\...\{91150000-0011-0000-0000-0000000FF1CE}_Office15.PROPLUSR_{CD3C2621-B611-4A30-BB37-81CA880AB895}) (Version: - Microsoft)
DHTML Editing Component (HKLM-x32\...\{2EA870FA-585F-4187-903D-CB9FFD21E2E0}) (Version: 6.02.0001 - Microsoft Corporation)
Dropbox (HKCU\...\Dropbox) (Version: 2.0.22 - Dropbox, Inc.)
Energie-Manager (HKLM-x32\...\{DAC01CEE-5BAE-42D5-81FC-B687E84E8405}) (Version: 6.64.2 - Lenovo Group Limited)
FileZilla Client 3.7.4.1 (HKLM-x32\...\FileZilla Client) (Version: 3.7.4.1 - Tim Kosse)
Google Chrome (HKCU\...\Google Chrome) (Version: 33.0.1750.154 - Google Inc.)
Google Drive (HKLM-x32\...\{EACCC042-848D-4166-9D97-B13D1D108722}) (Version: 1.4.3365.1552 - Google, Inc.)
Google Update Helper (x32 Version: 1.3.21.123 - Google Inc.) Hidden
Haufe iDesk-Browser (HKLM-x32\...\{0F32914F-A633-4516-B531-7084C8F19F93}) (Version: 10.10.14.0000 - Haufe-Lexware GmbH & Co. KG)
Haufe iDesk-Service (HKLM-x32\...\{1D081AB0-B1CC-11E0-80C0-005056B12123}) (Version: 11.07.19.8023 - Haufe)
ImgBurn (HKLM-x32\...\ImgBurn) (Version: 2.5.8.0 - LIGHTNING UK!)
iTunes (HKLM\...\{B8BA155B-1E75-405F-9CB4-8A99615D09DC}) (Version: 11.1.5.5 - Apple Inc.)
Java 7 Update 51 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217045FF}) (Version: 7.0.510 - Oracle)
Java 7 Update 7 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86417007FF}) (Version: 7.0.70 - Oracle)
Java Auto Updater (x32 Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden
JDownloader 0.9 (HKLM-x32\...\5513-1208-7298-9440) (Version: 0.9 - AppWork GmbH)
Lenovo Battery Utility 2014 1.2 (HKLM-x32\...\{62D5A67D-E5CC-4D79-8998-DDFDB7750346}_is1) (Version: 1.2 - Lenovo Corp)
Lenovo Patch Utility (x32 Version: 1.4.0.4 - Lenovo Group Limited) Hidden
Lenovo Patch Utility 64 bit (Version: 1.4.0.4 - Lenovo Group Limited) Hidden
Lenovo Power Management Driver (HKLM\...\Power Management Driver) (Version: 1.67.04.05 - )
Lenovo System Interface Driver (HKLM\...\LENOVO.SMIIF) (Version: 1.05 - )
Lenovo System Update (HKLM-x32\...\{25C64847-B900-48AD-A164-1B4F9B774650}) (Version: 5.03.0005 - Lenovo)
Lexware buchhalter 2013 (HKLM-x32\...\{6AB4E5CD-0062-48E8-96A3-E5B4486DFCB3}) (Version: 18.04.00.0021 - Haufe-Lexware GmbH Co.KG)
Lexware Elster (HKLM-x32\...\{9F6BFB0F-6B1F-4D1A-A9DA-42F6794C9188}) (Version: 13.00.00.0027 - Haufe-Lexware GmbH & Co.KG)
Lexware Info Service (HKLM-x32\...\{85BF9FDB-BD5B-407C-9CAE-3542E5164783}) (Version: 4.00.00.0075 - Haufe-Lexware GmbH & Co.KG)
Malwarebytes Anti-Malware Version 1.75.0.1300 (HKLM-x32\...\Malwarebytes' Anti-Malware_is1) (Version: 1.75.0.1300 - Malwarebytes Corporation)
Microsoft .NET Framework 4.5.1 (DEU) (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Access MUI (German) 2013 (x32 Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft DCF MUI (German) 2013 (x32 Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft Excel MUI (German) 2013 (x32 Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft Groove MUI (German) 2013 (x32 Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft InfoPath MUI (German) 2013 (x32 Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft Lync MUI (German) 2013 (x32 Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft Office 64-bit Components 2013 (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft Office Access MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Groove MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office InfoPath MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Korrekturhilfen 2013 - Deutsch (x32 Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft Office Office 64-bit Components 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office OSM MUI (German) 2013 (x32 Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft Office OSM UX MUI (German) 2013 (x32 Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft Office Outlook MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Professional Plus 2010 (HKLM-x32\...\Office14.PROPLUSR) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Professional Plus 2013 (HKLM-x32\...\Office15.PROPLUSR) (Version: 15.0.4569.1506 - Microsoft Corporation)
Microsoft Office Professional Plus 2013 (x32 Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Italian) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (German) 2013 (x32 Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft Office Proofing Tools 2013 - English (x32 Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft Office Proofing Tools 2013 - Italiano (x32 Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft Office Publisher MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit MUI (German) 2013 (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (German) 2013 (x32 Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft OneNote MUI (German) 2013 (x32 Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft Outlook MUI (German) 2013 (x32 Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft PowerPoint MUI (German) 2013 (x32 Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft Publisher MUI (German) 2013 (x32 Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30214.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 (HKLM\...\{B6E3757B-5E77-3915-866A-CCFC4B8D194C}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Word MUI (German) 2013 (x32 Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft_VC100_CRT_SP1_x64 (Version: 10.0.40219.1 - Nokia) Hidden
Microsoft_VC100_CRT_SP1_x86 (x32 Version: 10.0.40219.1 - Nokia) Hidden
Mozilla Firefox 28.0 (x86 de) (HKLM-x32\...\Mozilla Firefox 28.0 (x86 de)) (Version: 28.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 28.0 - Mozilla)
Mozilla Thunderbird 24.4.0 (x86 de) (HKLM-x32\...\Mozilla Thunderbird 24.4.0 (x86 de)) (Version: 24.4.0 - Mozilla)
MSVC80_x64_v2 (Version: 1.0.3.0 - Nokia) Hidden
MSVC80_x86_v2 (x32 Version: 1.0.3.0 - Nokia) Hidden
MSVC90_x64 (Version: 1.0.1.2 - Nokia) Hidden
MSVC90_x86 (x32 Version: 1.0.1.2 - Nokia) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Nikon Message Center 2 (HKLM-x32\...\{B014EE44-9197-4513-9613-71E6EB1B514E}) (Version: 2.1.0 - Nikon)
Nikon Movie Editor (HKLM-x32\...\{5CAD3393-EEC0-44CE-9F93-BCAA365B77FB}) (Version: 2.8.3 - Nikon)
Nokia Connectivity Cable Driver (HKLM-x32\...\{29373274-977E-413C-A4DE-DC0F8E80C429}) (Version: 7.1.172.0 - Nokia)
Nokia Suite (HKLM-x32\...\Nokia Suite) (Version: 3.8.48.0 - Nokia)
Nokia Suite (x32 Version: 3.8.48.0 - Nokia) Hidden
Notepad++ (HKLM-x32\...\Notepad++) (Version: 6.5.5 - Notepad++ Team)
Outils de vérification linguistique 2013 de Microsoft Office*- Français (x32 Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Passware Kit Forensic 12.5 (HKLM-x32\...\{4C22BF4D-D230-46FA-80C4-D4D9B9CA8936}) (Version: 12.5.6875 - Passware)
PC Connectivity Solution (HKLM-x32\...\{6D01D1B1-17BD-4F10-BB11-F08F0C47D42B}) (Version: 12.0.109.0 - Nokia)
Picture Control Utility x64 (HKLM\...\{11953C65-BB4E-4CA4-B0F0-2600A4B20040}) (Version: 1.4.16 - Nikon)
RAPID Mode (Version: 1.0.1.42 - Samsung Electronics Co., Ltd.) Hidden
RedMon - Redirection Port Monitor (HKLM\...\Redirection Port Monitor) (Version: - )
Remote Control (HKLM-x32\...\{6C66A576-3DAD-46CC-A55A-6F4491E068C5}) (Version: 4.0.8 - None provided)
Revo Uninstaller 1.95 (HKLM-x32\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group)
Samsung Magician (HKLM-x32\...\{29AE3F9F-7158-4ca7-B1ED-28A73ECDB215}_is1) (Version: 4.3.0 - Samsung Electronics)
Secure Banking Version 1.5.2 (HKLM-x32\...\{0BEE0AF9-79F3-4C4F-B374-90C0A16BF294}_is1) (Version: 1.5.2 - Hopfgartner Niklas)
Service Pack 1 for Microsoft Office 2013 (KB2850036) 32-Bit Edition (HKLM-x32\...\{91150000-0011-0000-0000-0000000FF1CE}_Office15.PROPLUSR_{7F6C4883-A18C-459A-82C1-A2F9403F2DA6}) (Version: - Microsoft)
Service Pack 1 for Microsoft Office 2013 (KB2850036) 32-Bit Edition (x32 Version: - Microsoft) Hidden
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version: - Microsoft)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (x32 Version: - Microsoft) Hidden
Skins (x32 Version: 2007.0621.1715.28924 - ATI) Hidden
TAXMAN 2012 (HKLM-x32\...\{FA3FDB06-3368-4579-B2F2-5AE8AD6E7871}) (Version: 18.09.00.0004 - Haufe-Lexware GmbH & Co.KG)
TAXMAN 2013 (HKLM-x32\...\{F289D934-2224-473B-B57E-0040D2693F83}) (Version: 19.07.00.0004 - Haufe-Lexware GmbH & Co.KG)
TAXMAN 2014 (HKLM-x32\...\{4A1C559D-38F6-49CF-BDA5-CF354FFE04E4}) (Version: 20.03.00.0002 - Haufe-Lexware GmbH & Co.KG)
TAXMAN Bibliothek 2012 (HKLM-x32\...\{DF344785-0900-471E-B9F5-6F28C89AF638}) (Version: 18.1.0.0 - Haufe-Lexware GmbH & Co. KG)
TeamViewer 9 (HKLM-x32\...\TeamViewer 9) (Version: 9.0.26297 - TeamViewer)
ThinkPad FullScreen Magnifier (HKLM\...\ThinkPad FullScreen Magnifier) (Version: 2.40 - )
Turbo Lister 2 (HKLM-x32\...\{8927E07C-97F7-4A54-88FB-D976F50DD46E}) (Version: 2.00.0000 - eBay Inc.)
Update for Microsoft Access 2010 (KB2553446) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{B4A38370-2ADB-46B0-A1B0-0C4A2F7DCA31}) (Version: - Microsoft)
Update for Microsoft Filter Pack 2.0 (KB2837594) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{D3C85176-ACCC-4AF0-817D-1BC803303B74}) (Version: - Microsoft)
Update for Microsoft Filter Pack 2.0 (KB2837594) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{D3C85176-ACCC-4AF0-817D-1BC803303B74}) (Version: - Microsoft)
Update for Microsoft InfoPath 2010 (KB2817369) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{4EEA3D3E-989C-4DF4-AB0A-3042C0C12AA3}) (Version: - Microsoft)
Update for Microsoft InfoPath 2010 (KB2817396) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{39767ECA-1731-45DB-AB5B-6BF40E151D66}) (Version: - Microsoft)
Update for Microsoft Lync 2013 (KB2817678) 32-Bit Edition (HKLM-x32\...\{90150000-012B-0407-0000-0000000FF1CE}_Office15.PROPLUSR_{7FBE2D23-9F3C-4983-B927-2A4BF600B7A7}) (Version: - Microsoft)
Update for Microsoft Lync 2013 (KB2863908) 32-Bit Edition (HKLM-x32\...\{90150000-002A-0000-1000-0000000FF1CE}_Office15.PROPLUSR_{6764E50D-D076-41BC-B069-08DD488AE88B}) (Version: - Microsoft)
Update for Microsoft Lync 2013 (KB2863908) 32-Bit Edition (HKLM-x32\...\{90150000-012B-0407-0000-0000000FF1CE}_Office15.PROPLUSR_{885A0D95-13A8-4A31-B01C-B02454F414AA}) (Version: - Microsoft)
Update for Microsoft Lync 2013 (KB2863908) 32-Bit Edition (HKLM-x32\...\{91150000-0011-0000-0000-0000000FF1CE}_Office15.PROPLUSR_{6764E50D-D076-41BC-B069-08DD488AE88B}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2494150) (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{3FCFD88F-4D13-4F38-8625-ABABEA7F61EA}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2589298) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{DADF7E25-FFA4-4D02-BE84-1DAE62C18516}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{F4284D93-7AE8-4309-8CF3-9AD394F35F3A}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{F4284D93-7AE8-4309-8CF3-9AD394F35F3A}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2589375) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{287A1E92-9E41-4BC1-8920-B3D0E9220800}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2597087) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{9D69691D-823D-4C3E-9B12-563A3F520366}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{ECFE33A3-B8B7-439A-ADE4-59FBD29EF9B8}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{ECFE33A3-B8B7-439A-ADE4-59FBD29EF9B8}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{35698CB7-AAA2-4577-B505-DBFF504AEF23}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2794737) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{5AA578BB-759C-40FD-9661-A737C0884541}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2825640) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{BA610006-2C39-4419-9834-CF61AB24810A}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2850079) 32-Bit Edition (HKLM-x32\...\{90140000-001F-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{C70D2038-A2C4-4A99-87DE-5272BB44F0CE}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2850079) 32-Bit Edition (HKLM-x32\...\{90140000-001F-040C-0000-0000000FF1CE}_Office14.PROPLUSR_{82F87E28-B18E-46D6-A399-E2F19CF5949B}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2863818) 32-Bit Edition (HKLM-x32\...\{90140000-001F-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{83B1B530-7D9E-4C6A-907F-E979CEE9C295}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2878225) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{EFF5EBA3-40AD-4859-85E7-3C1CF4F297EB}) (Version: - Microsoft)
Update for Microsoft OneNote 2010 (KB2837595) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{51CCA922-A0CC-47C4-8910-6936D97CAC2E}) (Version: - Microsoft)
Update for Microsoft OneNote 2010 (KB2837595) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{51CCA922-A0CC-47C4-8910-6936D97CAC2E}) (Version: - Microsoft)
Update for Microsoft Outlook 2010 (KB2687567) 32-Bit Edition (HKLM-x32\...\{90140000-001A-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{A0657506-69DC-44AE-8DC1-58E7C6F5B1C9}) (Version: - Microsoft)
Update for Microsoft Outlook 2010 (KB2687567) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{2AB483F1-C86E-427A-83B4-23889B03512D}) (Version: - Microsoft)
Update for Microsoft Outlook 2013 (KB2863911) 32-Bit Edition (HKLM-x32\...\{90150000-001A-0407-0000-0000000FF1CE}_Office15.PROPLUSR_{DA3F3D63-4C9F-407B-9CA1-39638F85BDDD}) (Version: - Microsoft)
Update for Microsoft Outlook 2013 (KB2863911) 32-Bit Edition (HKLM-x32\...\{91150000-0011-0000-0000-0000000FF1CE}_Office15.PROPLUSR_{6022B459-32A4-4318-A9A4-815C0BCEF977}) (Version: - Microsoft)
Update for Microsoft PowerPoint 2010 (KB2553145) 32-Bit Edition (HKLM-x32\...\{90140000-0018-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{81812245-FC84-426A-BC02-6659C88CC7B2}) (Version: - Microsoft)
Update for Microsoft PowerPoint 2010 (KB2775360) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{80F56E3F-1D47-4E45-B6E0-FEF4E919F4F9}) (Version: - Microsoft)
Update for Microsoft SharePoint Workspace 2010 (KB2760601) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{F9F5A080-AF38-4966-9A6B-C43DCA465035}) (Version: - Microsoft)
Update for Microsoft SharePoint Workspace 2010 (KB2760601) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{F9F5A080-AF38-4966-9A6B-C43DCA465035}) (Version: - Microsoft)
Update for Microsoft Visio 2010 (KB2878227) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{5D357893-40BA-4323-86BA-D97C66CD72F4}) (Version: - Microsoft)
Update for Microsoft Visio Viewer 2010 (KB2810066) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{8C55AA83-54C2-4236-A622-78440A411DC5}) (Version: - Microsoft)
Update for Microsoft Word 2010 (KB2837593) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{E78E2B68-8FD1-42EE-BB74-99A4D9E6222D}) (Version: - Microsoft)
ViewNX 2 (HKLM\...\{635BE602-BB9C-4C59-8CC5-93F9366E8A21}) (Version: 2.8.3 - Nikon)
VLC media player 2.1.3 (HKLM-x32\...\VLC media player) (Version: 2.1.3 - VideoLAN)
Windows Automated Installation Kit (HKLM\...\{31E8F586-4EF7-4500-844D-BA8756474FF1}) (Version: 2.0.0.0 - Microsoft Corporation)
Windows-Treiberpaket - Nokia pccsmcfd LegacyDriver (05/31/2012 7.1.2.0) (HKLM\...\62BBD193ADFDBB228C7E1ADB56463F5732FF7F6F) (Version: 05/31/2012 7.1.2.0 - Nokia)
WinRAR 5.01 (64-Bit) (HKLM\...\WinRAR archiver) (Version: 5.01.0 - win.rar GmbH)
WinZip 18.0 (HKLM\...\{CD95F661-A5C4-44F5-A6AA-ECDD91C240DF}) (Version: 18.0.10661 - WinZip Computing, S.L. )
==================== Restore Points =========================
07-04-2014 15:46:33 Revo Uninstaller's restore point - Mozilla Firefox 28.0 (x86 de)
07-04-2014 15:56:44 AA11
07-04-2014 19:40:38 AA11
07-04-2014 21:48:20 Revo Uninstaller's restore point - Mozilla Firefox 28.0 (x86 de)
==================== Hosts content: ==========================
2009-07-14 04:34 - 2013-12-23 11:01 - 00450931 ____R C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 2vt27zn0.firoli-sys.com
127.0.0.1 2zgfd0.hoststorageforyou.com
127.0.0.1 www.3mates.com
127.0.0.1 3mates.com
127.0.0.1 7172224.hostedresource.com
127.0.0.1 85ni5bnb60.firoli-sys.com
127.0.0.1 aboveredirect.com
127.0.0.1 www.aboveredirect.com
127.0.0.1 ads.agadoo.biz
127.0.0.1 www.agadoo.biz
127.0.0.1 agadoo.biz
127.0.0.1 www.alawwal.ae
127.0.0.1 alawwal.ae
127.0.0.1 www.alblogspot.com
127.0.0.1 alblogspot.com
127.0.0.1 www.apple-iphone-5s.info
127.0.0.1 apple-iphone-5s.info
127.0.0.1 www.atwebpages.com
127.0.0.1 atwebpages.com
127.0.0.1 avcheck.checkyourfiles.com
127.0.0.1 www.badoo.com
127.0.0.1 badoo.com
127.0.0.1 www.bashcontrolilimited.tecnologiaovh.com
127.0.0.1 bashcontrolilimited.tecnologiaovh.com
127.0.0.1 www.besser-mehr-leidenschaft-im-bett.info
There are 1000 more lines.
==================== Scheduled Tasks (whitelisted) =============
Task: {06D12339-3E08-4E81-A5BB-3639772DAD72} - System32\Tasks\Lexware-Online-Aktualisierungsprogramm => C:\Program Files (x86)\Common Files\Lexware\Update Manager\LxUpdateManager.exe
Task: {0C8CA44B-F490-4D4A-9DEA-BB362E2E9169} - System32\Tasks\Microsoft Office 15 Sync Maintenance for Marco-PC-Marco Marco-PC => C:\Program Files (x86)\Microsoft Office\Office15\MsoSync.exe [2014-01-23] (Microsoft Corporation)
Task: {107A3F2C-59B0-4D21-975B-831DB9EFD856} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-22] (Microsoft Corporation)
Task: {1822D12D-8D1A-4DEA-ADFC-AD41E510785C} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {2653032E-8CE4-4651-8FE2-286869D93ED3} - System32\Tasks\Lenovo\Lenovo Customer Feedback Program => C:\Program Files\Lenovo\Customer Feedback Program\Lenovo.TVT.CustomerFeedback.Agent.exe
Task: {2C4B5C51-0267-4B07-898E-4EC928C59A9F} - System32\Tasks\COMODO\COMODO Signature Update {B9D5C6F9-17D2-4917-8BD0-614BAA1C6A59} => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe [2014-03-31] (COMODO)
Task: {479A687E-05EB-4523-BF66-9FEC26B5F8F8} - System32\Tasks\Adobe-Online-Aktualisierungsprogramm => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2013-11-21] (Adobe Systems Incorporated)
Task: {5194ED27-09FC-44E4-8ABD-0DA11D585003} - System32\Tasks\COMODO\COMODO Scan {F140D794-60B6-4F00-9235-D6457AA25B22} => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe [2014-03-31] (COMODO)
Task: {54467F6D-142A-4F4C-8034-F28198EE5A1E} - System32\Tasks\SidebarExecute => C:\Program Files (x86)\Windows Sidebar\sidebar.exe [2010-11-20] (Microsoft Corporation)
Task: {57D38F5D-5665-468A-933D-D03ACFCB7F92} - System32\Tasks\Google Updater and Installer => C:\Users\Marco\AppData\Local\Google\Update\GoogleUpdate.exe [2011-06-23] (Google Inc.)
Task: {6CE864AB-C571-41A2-973C-7AE0C24C989E} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-22] (Microsoft Corporation)
Task: {6DD9D685-0CE1-4726-A7D7-215FBDF1FED0} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe
Task: {80BEF70A-1BD3-4406-BCF1-CFCF55C3ED0D} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-05-13] (Google Inc.)
Task: {9658C314-5828-41A9-8DE7-AD5A7606C310} - System32\Tasks\TVT\TVSUUpdateTask => C:\Program Files (x86)\Lenovo\System Update\tvsuShim.exe [2013-09-17] ()
Task: {BC5C0E49-39ED-4AF2-BB2B-C3933DAA2CE0} - System32\Tasks\COMODO\COMODO Update {A6D52E4F-569B-4756-B3D8-DF217313DA85} => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe [2014-03-31] (COMODO)
Task: {C7DE753A-D283-43A1-9D13-CA84DD23E62C} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-02-20] (Piriform Ltd)
Task: {CD45A311-8735-4FD6-98D8-DFCE979B4FED} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-830970416-4275679583-823849880-1000Core => C:\Users\Marco\AppData\Local\Google\Update\GoogleUpdate.exe [2011-06-23] (Google Inc.)
Task: {D5B56CDB-3639-4D31-8E59-874F5781B218} - System32\Tasks\COMODO\COMODO Cache Builder {0FB77674-7905-4F34-A362-C5A9A26F8CF9} => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe [2014-03-31] (COMODO)
Task: {D99F6C97-428F-4219-8422-3E2D561D4EE0} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-05-13] (Google Inc.)
Task: {F18CB654-BE8D-40C9-B165-DA8753140935} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-03-12] (Adobe Systems Incorporated)
Task: {F85CDF13-3E08-49D5-A6D6-106D6A2F19AE} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-830970416-4275679583-823849880-1000UA => C:\Users\Marco\AppData\Local\Google\Update\GoogleUpdate.exe [2011-06-23] (Google Inc.)
Task: {FEF97B27-B87D-475E-914E-64EC5836DC8C} - System32\Tasks\Java Update Scheduler => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [2013-07-02] (Oracle Corporation)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-830970416-4275679583-823849880-1000Core.job => C:\Users\Marco\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-830970416-4275679583-823849880-1000UA.job => C:\Users\Marco\AppData\Local\Google\Update\GoogleUpdate.exe
==================== Loaded Modules (whitelisted) =============
2007-01-16 12:27 - 2007-01-16 12:27 - 00022016 _____ () C:\Windows\System32\clpa1l6.dll
2012-03-27 17:35 - 2010-06-17 21:56 - 00087040 _____ () C:\Windows\System32\redmonnt.dll
2014-01-08 19:57 - 2013-12-09 07:04 - 00117248 ____N () C:\Program Files (x86)\ThinkPad\Utilities\GR\PWMRT64V.DLL
2010-01-02 16:42 - 2010-01-02 16:42 - 00098304 _____ () C:\Program Files (x86)\FileZilla FTP Client\fzshellext_64.dll
2013-04-15 18:39 - 2013-04-15 18:39 - 00073424 _____ () C:\Program Files\COMODO\COMODO Internet Security\scanners\smart.cav
2014-04-07 22:02 - 2012-09-07 17:30 - 00002560 _____ () C:\Program Files (x86)\Secure Banking\sbservice.exe
2014-01-20 14:17 - 2014-01-20 14:17 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-01-20 14:16 - 2014-01-20 14:16 - 01044808 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2013-10-02 20:29 - 2013-10-02 20:29 - 08507232 _____ () C:\Program Files (x86)\Nokia\Nokia Suite\QtGui4.dll
2013-10-02 20:29 - 2013-10-02 20:29 - 02354016 _____ () C:\Program Files (x86)\Nokia\Nokia Suite\QtCore4.dll
2013-10-02 20:29 - 2013-10-02 20:29 - 01014624 _____ () C:\Program Files (x86)\Nokia\Nokia Suite\QtNetwork4.dll
2013-10-02 20:29 - 2013-10-02 20:29 - 00364384 _____ () C:\Program Files (x86)\Nokia\Nokia Suite\QtXml4.dll
2013-10-02 20:29 - 2013-10-02 20:29 - 02480992 _____ () C:\Program Files (x86)\Nokia\Nokia Suite\QtDeclarative4.dll
2013-10-02 20:29 - 2013-10-02 20:29 - 01346912 _____ () C:\Program Files (x86)\Nokia\Nokia Suite\QtScript4.dll
2013-10-02 20:29 - 2013-10-02 20:29 - 00206176 _____ () C:\Program Files (x86)\Nokia\Nokia Suite\QtSql4.dll
2013-10-02 20:29 - 2013-10-02 20:29 - 02653024 _____ () C:\Program Files (x86)\Nokia\Nokia Suite\QtXmlPatterns4.dll
2013-10-02 20:29 - 2013-10-02 20:29 - 00033120 _____ () C:\Program Files (x86)\Nokia\Nokia Suite\imageformats\qgif4.dll
2013-10-02 20:29 - 2013-10-02 20:29 - 00035680 _____ () C:\Program Files (x86)\Nokia\Nokia Suite\imageformats\qico4.dll
2013-10-02 20:29 - 2013-10-02 20:29 - 00207200 _____ () C:\Program Files (x86)\Nokia\Nokia Suite\imageformats\qjpeg4.dll
2013-10-02 20:29 - 2013-10-02 20:29 - 11166560 _____ () C:\Program Files (x86)\Nokia\Nokia Suite\QtWebKit4.dll
2013-10-02 20:30 - 2013-10-02 20:30 - 00276832 _____ () C:\Program Files (x86)\Nokia\Nokia Suite\phonon4.dll
2013-04-15 13:26 - 2013-04-15 13:26 - 00391600 _____ () C:\Program Files (x86)\Nokia\Nokia Suite\ssoengine.dll
2013-04-15 13:26 - 2013-04-15 13:26 - 00059280 _____ () C:\Program Files (x86)\Nokia\Nokia Suite\securestorage.dll
2013-10-02 20:28 - 2013-10-02 20:28 - 00438624 _____ () C:\Program Files (x86)\Nokia\Nokia Suite\NService.dll
2013-10-02 20:29 - 2013-10-02 20:29 - 00446304 _____ () C:\Program Files (x86)\Nokia\Nokia Suite\sqldrivers\qsqlite4.dll
2013-10-02 20:29 - 2013-10-02 20:29 - 00520544 _____ () C:\Program Files (x86)\Nokia\Nokia Suite\QtMultimediaKit1.dll
2013-10-02 20:29 - 2013-10-02 20:29 - 00720736 _____ () C:\Program Files (x86)\Nokia\Nokia Suite\QtOpenGL4.dll
2013-10-02 20:28 - 2013-10-02 20:28 - 00606560 _____ () C:\Program Files (x86)\Nokia\Nokia Suite\CommonUpdateChecker.dll
2013-10-02 20:30 - 2013-10-02 20:30 - 00093024 _____ () C:\Program Files (x86)\Nokia\Nokia Suite\qjson.dll
2014-04-07 22:02 - 2013-06-30 17:01 - 00017920 _____ () C:\Program Files (x86)\Secure Banking\SecureBanking.dll
2014-04-07 22:02 - 2013-05-26 13:13 - 00008704 _____ () C:\Program Files (x86)\Secure Banking\funcs.dll
2014-03-18 16:32 - 2014-03-18 16:32 - 03018864 _____ () C:\Program Files (x86)\Mozilla Thunderbird\mozjs.dll
2014-03-18 16:32 - 2014-03-18 16:32 - 00158832 _____ () C:\Program Files (x86)\Mozilla Thunderbird\NSLDAP32V60.dll
2014-03-18 16:32 - 2014-03-18 16:32 - 00023152 _____ () C:\Program Files (x86)\Mozilla Thunderbird\NSLDAPPR32V60.dll
2014-03-18 11:41 - 2014-03-15 02:50 - 00051016 _____ () C:\Users\Marco\AppData\Local\Google\Chrome\Application\33.0.1750.154\chrome_elf.dll
2014-02-11 21:29 - 2014-02-11 21:29 - 00093696 _____ () C:\Program Files (x86)\FileZilla FTP Client\fzshellext.dll
2013-09-05 01:14 - 2013-09-05 01:14 - 04300456 _____ () C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
2014-03-18 11:41 - 2014-03-15 02:50 - 04061000 _____ () C:\Users\Marco\AppData\Local\Google\Chrome\Application\33.0.1750.154\pdf.dll
2014-03-18 11:41 - 2014-03-15 02:50 - 00394568 _____ () C:\Users\Marco\AppData\Local\Google\Chrome\Application\33.0.1750.154\ppGoogleNaClPluginChrome.dll
2014-03-18 11:41 - 2014-03-15 02:50 - 01647432 _____ () C:\Users\Marco\AppData\Local\Google\Chrome\Application\33.0.1750.154\ffmpegsumo.dll
2014-03-18 11:41 - 2014-03-15 02:50 - 13637448 _____ () C:\Users\Marco\AppData\Local\Google\Chrome\Application\33.0.1750.154\PepperFlash\pepflashplayer.dll
==================== Alternate Data Streams (whitelisted) =========
AlternateDataStreams: C:\Windows:BFA9CC3D832CCB2F
==================== Safe Mode (whitelisted) ===================
==================== Disabled items from MSCONFIG ==============
MSCONFIG\Services: AdobeFlashPlayerUpdateSvc => 3
MSCONFIG\startupfolder: C:^Users^Marco^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Dropbox.lnk => C:\Windows\pss\Dropbox.lnk.Startup
MSCONFIG\startupreg: Acrobat Assistant 8.0 => "C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Acrotray.exe"
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: ApplePhotoStreams => C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
MSCONFIG\startupreg: APSDaemon => "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
MSCONFIG\startupreg: BCSSync => "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
MSCONFIG\startupreg: iCloud => "C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloud.exe"
MSCONFIG\startupreg: iCloudServices => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
MSCONFIG\startupreg: iTunesHelper => "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
MSCONFIG\startupreg: LexwareInfoService => C:\Program Files (x86)\Lexware\Update Manager\LxUpdateManager.exe /autostart
MSCONFIG\startupreg: Nikon Message Center 2 => C:\Program Files (x86)\Nikon\Nikon Message Center 2\NkMC2.exe -s
MSCONFIG\startupreg: NokiaSuite.exe => C:\Program Files (x86)\Nokia\Nokia Suite\NokiaSuite.exe -tray
MSCONFIG\startupreg: Spybot-S&D Cleaning => "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDCleaner.exe" /autoclean
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
MSCONFIG\startupreg: TpShocks => TpShocks.exe
MSCONFIG\startupreg: Windows Mobile-based device management => %windir%\WindowsMobile\wmdcBase.exe
==================== Faulty Device Manager Devices =============
==================== Event log errors: =========================
Application errors:
==================
Error: (04/08/2014 07:04:26 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 10920
Error: (04/08/2014 07:04:26 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 10920
Error: (04/08/2014 07:04:26 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
Error: (04/08/2014 07:04:24 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 9266
Error: (04/08/2014 07:04:24 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 9266
Error: (04/08/2014 07:04:24 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
Error: (04/08/2014 07:04:23 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 8268
Error: (04/08/2014 07:04:23 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 8268
Error: (04/08/2014 07:04:23 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
Error: (04/08/2014 07:04:22 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 7269
System errors:
=============
Error: (04/07/2014 04:28:33 PM) (Source: Service Control Manager) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung von Dienst Wlansvc erreicht.
Error: (04/07/2014 02:38:39 PM) (Source: EventLog) (User: )
Description: Das System wurde zuvor am 07.04.2014 um 14:37:54 unerwartet heruntergefahren.
Error: (04/07/2014 02:36:41 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Windows Search" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1053
Error: (04/07/2014 02:36:41 PM) (Source: Service Control Manager) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Windows Search erreicht.
Error: (03/18/2014 00:09:12 PM) (Source: Service Control Manager) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung von Dienst RapiMgr erreicht.
Error: (03/15/2014 04:00:39 PM) (Source: Service Control Manager) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung von Dienst Wlansvc erreicht.
Error: (03/14/2014 02:43:17 PM) (Source: EventLog) (User: )
Description: Das System wurde zuvor am 14.03.2014 um 13:22:50 unerwartet heruntergefahren.
Error: (03/14/2014 01:52:26 PM) (Source: Service Control Manager) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung von Dienst Wlansvc erreicht.
Error: (03/14/2014 00:15:26 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Windows Search" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 30000 Millisekunden durchgeführt: Neustart des Diensts.
Error: (03/14/2014 00:15:26 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Windows Search" wurde mit folgendem dienstspezifischem Fehler beendet: %%-1073473535.
Microsoft Office Sessions:
=========================
Error: (04/08/2014 07:04:26 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 10920
Error: (04/08/2014 07:04:26 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledEvent 10920
Error: (04/08/2014 07:04:26 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: Continuously busy for more than a second
Error: (04/08/2014 07:04:24 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 9266
Error: (04/08/2014 07:04:24 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledEvent 9266
Error: (04/08/2014 07:04:24 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: Continuously busy for more than a second
Error: (04/08/2014 07:04:23 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 8268
Error: (04/08/2014 07:04:23 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledEvent 8268
Error: (04/08/2014 07:04:23 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: Continuously busy for more than a second
Error: (04/08/2014 07:04:22 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 7269
CodeIntegrity Errors:
===================================
Date: 2011-12-11 15:19:08.379
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Users\Marco\Downloads\Software\Sandboxie 3.62 x64\Sandboxie_3.62_x64\SbieDrv.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2011-12-11 15:19:08.199
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Users\Marco\Downloads\Software\Sandboxie 3.62 x64\Sandboxie_3.62_x64\SbieDrv.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2011-12-11 15:19:08.043
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Users\Marco\Downloads\Software\Sandboxie 3.62 x64\Sandboxie_3.62_x64\SbieDrv.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2011-12-11 15:19:07.862
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Users\Marco\Downloads\Software\Sandboxie 3.62 x64\Sandboxie_3.62_x64\SbieDrv.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2011-06-21 23:29:09.697
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files (x86)\Spybot - Search & Destroy 2\pcrelib.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2011-06-21 23:29:09.401
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files (x86)\Spybot - Search & Destroy 2\pcrelib.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2011-06-21 20:27:51.798
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files (x86)\Spybot - Search & Destroy 2\pcrelib.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2011-06-21 20:27:51.642
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files (x86)\Spybot - Search & Destroy 2\pcrelib.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2011-06-21 20:15:36.667
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files (x86)\Spybot - Search & Destroy 2\pcrelib.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2011-06-21 20:15:36.371
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files (x86)\Spybot - Search & Destroy 2\pcrelib.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
==================== Memory info ===========================
Percentage of memory in use: 73%
Total physical RAM: 3070.43 MB
Available physical RAM: 818.89 MB
Total Pagefile: 6139.04 MB
Available Pagefile: 3702.78 MB
Total Virtual: 8192 MB
Available Virtual: 8191.83 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:209.5 GB) (Free:69.25 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (Size: 233 GB) (Disk ID: F289E658)
Partition: GPT Partition Type.
==================== End Of Log ============================
|
|
10.04.2014, 20:38
| #4 |
| /// the machine /// TB-Ausbilder | Secure Banking bringt: Infizierte Funktionen:PR_Write UNd wenn Du Comodo komplett abschaltest?
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
13.04.2014, 21:11
| #5 |
| | Secure Banking bringt: Infizierte Funktionen:PR_Write Comodo ausgeschaltet. Leider kommt es immer noch |
|
13.04.2014, 21:33
| #6 |
| /// Helfer-Team  | Secure Banking bringt: Infizierte Funktionen:PR_Write Hallo!  Hatte schon einige E-Mails bzgl. dem Problem bekommen. Ein Upgrade auf die aktuelle Beta Version verschafft abhilfe. Du kannst sie unter support.secure-banking.net herunterladen. Wichtig: Vorher die alte Version umbedingt deinstallieren.
__________________ --> Secure Banking bringt: Infizierte Funktionen:PR_Write |
|
13.04.2014, 21:53
| #7 |
| | Secure Banking bringt: Infizierte Funktionen:PR_Write Neue Version installiert. Firefox funktioniert wieder. danke |
|
14.04.2014, 00:03
| #8 |
| /// Helfer-Team | Secure Banking bringt: Infizierte Funktionen:PR_Write Super!
__________________ MfG, Niklas |
|
15.04.2014, 10:22
| #9 |
| /// the machine /// TB-Ausbilder | Secure Banking bringt: Infizierte Funktionen:PR_Write Sonst noch Probleme?
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
21.04.2014, 13:35
| #10 |
| | Secure Banking bringt: Infizierte Funktionen:PR_Write Das Programm zeigt an das meine Lizenz bald abläuft. Wie wird die Zukunft von dem Programm ausssehen? woher bekomme ich die Lizenz? |
|
21.04.2014, 13:37
| #11 |
| /// Helfer-Team | Secure Banking bringt: Infizierte Funktionen:PR_Write Hey, wenn man vor dem offiziellen Release als Beta Tester mitmacht, kostenlos. Nähere Infos findest du unter support.secure-banking.net
__________________ MfG, Niklas |
|
21.04.2014, 13:41
| #12 |
| | Secure Banking bringt: Infizierte Funktionen:PR_Write Ja wer lesen kann ist klar im Vorteil. Ich warte bis sich die Software meldet. Danke |
|
21.04.2014, 13:42
| #13 |
| /// Helfer-Team | Secure Banking bringt: Infizierte Funktionen:PR_Write Gerne doch!
__________________ MfG, Niklas |
|
21.04.2014, 13:45
| #14 |
| | Secure Banking bringt: Infizierte Funktionen:PR_Write Um auf das Problem wieder zurückzukommen. Ich habe es gefunden. Es liegt an Comodo. Auf meinem zweiten Rechner habe ich heute ein Update von Comodo durchgeführt, uhnd siehe da, das gefällt deinem Programm nicht, oder Comodo. Das ist die Ursache. |
|
21.04.2014, 13:47
| #15 |
| /// Helfer-Team | Secure Banking bringt: Infizierte Funktionen:PR_Write Aber das war nur bei Version 1.5.2 so, oder? Mit der neuen Beta klappts auch mit Comodo?
__________________ MfG, Niklas |
|
| Themen zu Secure Banking bringt: Infizierte Funktionen:PR_Write |
| banking, chrome, comodo, fehler, festgestellt, firefox, funktionen, gefunde, gestellt, hinweis, infizierte, installier, inter, interne, internet, jedesmal, malware, malware gefunden, prozess, schutzsoftware, secure, secure banking, sofort, starte, update, write |
