|
Plagegeister aller Art und deren Bekämpfung: Email Account gehackt? Mail DeliveryWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
13.05.2014, 08:36 | #1 |
| Email Account gehackt? Mail Delivery Hallo, seit einiger Zeit erhalten wir über unseren T-Online Email Account Emails vom Mail Delivery Server. Die Emails werden unterschiedliche zu Tag- und Nachtzeiten gesendet. Wir haben definitiv nicht zu dieser Zeit an die dort angegebenen Adressen Emails versendet. Das Email-Passwort haben wir schon mehrfach geändert, ohne langfristigen Erfolg. Die Emails werden von 3 PCs, 2 Iphones und einem Ipad unterschiedlich eingesehen. Auf den PCs haben wir ein Kaspersky installiert. Die Datenbänke sind auch stets aktuell und konnten auch noch keine Viren etc. finden. Habt ihr einen Tipp für mich wie ich hierbei vorgehen kann, bzw. wie ich dieses anscheinend gehackte Email Konto wieder in den Griff bekommen kann? Vielen Dank vorab Stefan |
13.05.2014, 09:13 | #2 |
/// the machine /// TB-Ausbilder | Email Account gehackt? Mail Delivery hi,
__________________Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop: FRST 32-Bit | FRST 64-Bit (Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
__________________ |
13.05.2014, 09:49 | #3 |
| Email Account gehackt? Mail Delivery So,
__________________hier habe ich die Dateien vom PC1 Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x64) Version: 11-05-2014 01 Ran by buero heuser at 2014-05-13 10:32:42 Running from C:\Users\buero heuser\Desktop Boot Mode: Normal ========================================================== ==================== Security Center ======================== AV: Kaspersky Internet Security (Enabled - Up to date) {179979E8-273D-D14E-0543-2861940E4886} AS: Kaspersky Internet Security (Enabled - Up to date) {ACF8980C-0107-DEC0-3FF3-1313EF89023B} AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} FW: Kaspersky Internet Security (Enabled) {2FA2F8CD-6D52-D016-2E1C-81546ADD0FFD} ==================== Installed Programs ====================== Adobe Flash Player 13 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 13.0.0.206 - Adobe Systems Incorporated) CSS Group Kassensystem Einzelhandel 2008 SP3 (HKLM-x32\...\CSS Group Kassensystem Einzelhandel 2008 SP3) (Version: 5.0.0.0542 - CSS Group Systems Corp) CSS Group Kassensystem Einzelhandel 2008 SP3 (x32 Version: 5.0.0.0542 - CSS Group Systems Corp) Hidden EasyBCD 2.2 (HKLM-x32\...\EasyBCD) (Version: 2.2 - NeoSmart Technologies) Foxit PDF Creator Toolbar (HKLM-x32\...\{86D4B82A-ABED-442A-BE86-96357B70F4FE}) (Version: 1.15.15.0 - Ask.com) <==== ATTENTION Foxit PDF Creator Toolbar Updater (HKCU\...\{79A765E1-C399-405B-85AF-466F52E918B0}) (Version: 1.2.4.35882 - Ask.com) <==== ATTENTION Foxit Reader (HKLM-x32\...\Foxit Reader) (Version: 4.0.0.619 - Foxit Software Company) FreePDF (Remove only) (HKLM-x32\...\FreePDF_XP) (Version: - ) GPL Ghostscript 8.71 (HKLM-x32\...\GPL Ghostscript 8.71) (Version: - ) Intel(R) Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation) Intel(R) Manageability Engine Firmware Recovery Agent (HKLM-x32\...\{A6C48A9F-694A-4234-B3AA-62590B668927}) (Version: 1.0.0.35342 - Intel Corporation) Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.0.2.1410 - Intel Corporation) Intel(R) Network Connections 16.8.46.0 (HKLM\...\PROSetDX) (Version: 16.8.46.0 - Intel) Intel(R) Network Connections 16.8.46.0 (Version: 16.8.46.0 - Intel) Hidden Intel(R) OpenCL CPU Runtime (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: - Intel Corporation) Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2653 - Intel Corporation) Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 11.0.0.1032 - Intel Corporation) Intel(R) USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 1.0.3.214 - Intel Corporation) Intel® Trusted Connect Service Client (HKLM\...\{09536BA1-E498-4CC3-B834-D884A67D7E34}) (Version: 1.23.605.1 - Intel Corporation) Kaspersky Internet Security (HKLM-x32\...\InstallWIX_{6F6873E3-5C92-4049-B511-231A138DD090}) (Version: 14.0.0.4651 - Kaspersky Lab) Kaspersky Internet Security (x32 Version: 14.0.0.4651 - Kaspersky Lab) Hidden Microsoft .NET Framework 4.5.1 (DEU) (Version: 4.5.50938 - Microsoft Corporation) Hidden Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation) Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation) Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden Microsoft Office Access MUI (German) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden Microsoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISE) (Version: 12.0.4518.1014 - Microsoft Corporation) Microsoft Office Enterprise 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden Microsoft Office Excel MUI (German) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden Microsoft Office Groove MUI (German) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden Microsoft Office InfoPath MUI (German) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden Microsoft Office Office 64-bit Components 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden Microsoft Office OneNote MUI (German) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden Microsoft Office Outlook MUI (German) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden Microsoft Office PowerPoint MUI (German) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden Microsoft Office Proof (English) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden Microsoft Office Proof (French) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden Microsoft Office Proof (German) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden Microsoft Office Proof (Italian) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden Microsoft Office Proofing (German) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden Microsoft Office Publisher MUI (German) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden Microsoft Office Shared 64-bit MUI (German) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden Microsoft Office Shared MUI (German) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden Microsoft Office Word MUI (German) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 (HKLM-x32\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation) Mozilla Firefox 29.0.1 (x86 de) (HKLM-x32\...\Mozilla Firefox 29.0.1 (x86 de)) (Version: 29.0.1 - Mozilla) Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla) Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6526 - Realtek Semiconductor Corp.) RedMon - Redirection Port Monitor (HKLM\...\Redirection Port Monitor) (Version: - ) ==================== Restore Points ========================= 25-03-2014 06:52:46 Windows Update 01-04-2014 06:06:39 Windows Update 08-04-2014 06:01:47 Windows Update 09-04-2014 16:50:16 Windows Update 15-04-2014 06:01:47 Windows Update 22-04-2014 06:13:30 Windows Update 29-04-2014 06:02:25 Windows Update 29-04-2014 16:31:52 Windows Update 03-05-2014 11:23:49 Windows Update 06-05-2014 16:30:54 Windows Update 13-05-2014 05:55:40 Windows Update ==================== Hosts content: ========================== 2009-07-14 04:34 - 2009-06-10 23:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts ==================== Scheduled Tasks (whitelisted) ============= Task: {1CB9058D-462B-4A12-B423-7345934BC903} - System32\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon => C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\Bootstrap.exe [2011-11-25] (Intel Corporation) Task: {3E27105C-2EC1-41A6-AF0E-21AB4CB9B0C6} - System32\Tasks\Scheduled Update for Ask Toolbar => C:\Program Files (x86)\Ask.com\UpdateTask.exe [2013-01-24] () <==== ATTENTION Task: {51B29967-3C76-4F3D-A2D1-F5293D7B3886} - System32\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d => C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\Bootstrap.exe [2011-11-25] (Intel Corporation) Task: {9CD3ECEB-25F2-4321-93BE-1D9FC6D4EEE3} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-04-29] (Adobe Systems Incorporated) Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe Task: C:\Windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon.job => C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\Bootstrap.exe Task: C:\Windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d.job => C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\Bootstrap.exe ==================== Loaded Modules (whitelisted) ============= 2011-03-10 09:14 - 2011-03-10 09:14 - 00015360 _____ () C:\Windows\System32\KOAZ8JAL.DLL 2013-04-15 07:50 - 2005-03-12 02:07 - 00087040 _____ () C:\Windows\System32\redmonnt.dll 2013-04-13 16:29 - 2012-02-07 12:04 - 00128280 ____R () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe 2013-04-13 16:33 - 2012-02-14 03:53 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll 2013-06-17 13:35 - 2013-06-17 13:35 - 00478400 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\dblite.dll 2013-05-08 15:52 - 2013-05-08 15:52 - 01270464 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\kpcengine.2.3.dll 2014-02-13 09:29 - 2014-02-13 09:29 - 00172032 _____ () C:\Windows\assembly\NativeImages_v2.0.50727_32\IsdiInterop\b162055347700182d96325676dd591c4\IsdiInterop.ni.dll 2013-04-13 16:30 - 2011-11-29 20:00 - 00059392 _____ () C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IsdiInterop.dll 2013-04-13 16:28 - 2012-02-07 11:39 - 01198872 ____R () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\ACE.dll 2009-07-13 23:03 - 2009-07-14 03:15 - 00364544 _____ () C:\Windows\SysWOW64\msjetoledb40.dll 2014-05-12 08:46 - 2014-05-12 08:46 - 03839088 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll ==================== Alternate Data Streams (whitelisted) ========= ==================== Safe Mode (whitelisted) =================== ==================== EXE Association (whitelisted) ============= ==================== Disabled items from MSCONFIG ============== ==================== Faulty Device Manager Devices ============= ==================== Event log errors: ========================= Application errors: ================== Error: (05/13/2014 07:52:59 AM) (Source: WinMgmt) (User: ) (EventID: 10) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (05/12/2014 08:02:21 AM) (Source: WinMgmt) (User: ) (EventID: 10) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (05/10/2014 09:50:05 AM) (Source: WinMgmt) (User: ) (EventID: 10) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (05/09/2014 08:00:41 AM) (Source: WinMgmt) (User: ) (EventID: 10) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (05/08/2014 08:05:56 AM) (Source: WinMgmt) (User: ) (EventID: 10) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (05/07/2014 08:01:49 AM) (Source: WinMgmt) (User: ) (EventID: 10) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (05/06/2014 06:25:25 PM) (Source: Application Hang) (User: ) (EventID: 1002) Description: Programm avpui.exe, Version 14.0.0.4917 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: db0 Startzeit: 01cf68f02ecd1035 Endzeit: 60000 Anwendungspfad: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avpui.exe Berichts-ID: cf5c1325-d53a-11e3-99ba-7054d245154b Error: (05/06/2014 07:59:54 AM) (Source: WinMgmt) (User: ) (EventID: 10) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (05/05/2014 07:58:38 AM) (Source: WinMgmt) (User: ) (EventID: 10) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (05/03/2014 09:48:37 AM) (Source: WinMgmt) (User: ) (EventID: 10) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 System errors: ============= Error: (05/09/2014 08:06:34 AM) (Source: BROWSER) (User: ) (EventID: 8032) Description: Das Einlesen der Sicherungsliste durch den Suchdienst schlug auf Transport "\Device\NetBT_Tcpip_{E5F20637-C316-47D0-84BC-7721D3DF2E13}" zu oft fehl. Der Sicherungssuchdienst wird beendet. Error: (05/08/2014 04:01:27 PM) (Source: BROWSER) (User: ) (EventID: 8032) Description: Das Einlesen der Sicherungsliste durch den Suchdienst schlug auf Transport "\Device\NetBT_Tcpip_{E5F20637-C316-47D0-84BC-7721D3DF2E13}" zu oft fehl. Der Sicherungssuchdienst wird beendet. Error: (05/08/2014 08:20:27 AM) (Source: BROWSER) (User: ) (EventID: 8032) Description: Das Einlesen der Sicherungsliste durch den Suchdienst schlug auf Transport "\Device\NetBT_Tcpip_{E5F20637-C316-47D0-84BC-7721D3DF2E13}" zu oft fehl. Der Sicherungssuchdienst wird beendet. Error: (05/05/2014 08:35:19 AM) (Source: BROWSER) (User: ) (EventID: 8032) Description: Das Einlesen der Sicherungsliste durch den Suchdienst schlug auf Transport "\Device\NetBT_Tcpip_{E5F20637-C316-47D0-84BC-7721D3DF2E13}" zu oft fehl. Der Sicherungssuchdienst wird beendet. Error: (05/03/2014 01:24:16 PM) (Source: DCOM) (User: ) (EventID: 10010) Description: {995C996E-D918-4A8C-A302-45719A6F4EA7} Error: (05/03/2014 01:24:14 PM) (Source: DCOM) (User: ) (EventID: 10010) Description: {078AEF33-C48A-49F7-AFF3-A0EE810BFE7C} Error: (04/30/2014 08:14:32 AM) (Source: BROWSER) (User: ) (EventID: 8032) Description: Das Einlesen der Sicherungsliste durch den Suchdienst schlug auf Transport "\Device\NetBT_Tcpip_{E5F20637-C316-47D0-84BC-7721D3DF2E13}" zu oft fehl. Der Sicherungssuchdienst wird beendet. Error: (04/29/2014 06:32:21 PM) (Source: DCOM) (User: ) (EventID: 10010) Description: {995C996E-D918-4A8C-A302-45719A6F4EA7} Error: (04/23/2014 03:54:43 PM) (Source: BROWSER) (User: ) (EventID: 8032) Description: Das Einlesen der Sicherungsliste durch den Suchdienst schlug auf Transport "\Device\NetBT_Tcpip_{E5F20637-C316-47D0-84BC-7721D3DF2E13}" zu oft fehl. Der Sicherungssuchdienst wird beendet. Error: (04/23/2014 08:37:13 AM) (Source: BROWSER) (User: ) (EventID: 8032) Description: Das Einlesen der Sicherungsliste durch den Suchdienst schlug auf Transport "\Device\NetBT_Tcpip_{E5F20637-C316-47D0-84BC-7721D3DF2E13}" zu oft fehl. Der Sicherungssuchdienst wird beendet. Microsoft Office Sessions: ========================= CodeIntegrity Errors: =================================== Date: 2014-05-13 08:25:06.750 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. Date: 2014-05-13 08:25:06.750 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. Date: 2014-05-13 08:25:06.750 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. Date: 2014-05-13 08:25:06.719 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\KLELAMX64\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. Date: 2014-05-13 08:25:06.719 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\KLELAMX64\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. Date: 2014-05-13 08:25:06.719 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\KLELAMX64\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. Date: 2014-05-10 11:22:45.221 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. Date: 2014-05-10 11:22:45.221 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. Date: 2014-05-10 11:22:45.221 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. Date: 2014-05-10 11:22:45.189 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\KLELAMX64\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. ==================== Memory info =========================== Percentage of memory in use: 45% Total physical RAM: 3907.99 MB Available physical RAM: 2139.22 MB Total Pagefile: 7814.16 MB Available Pagefile: 5609.57 MB Total Virtual: 8192 MB Available Virtual: 8191.83 MB ==================== Drives ================================ Drive c: () (Fixed) (Total:233.82 GB) (Free:194.06 GB) NTFS Drive f: (Dokumente) (Fixed) (Total:231.72 GB) (Free:231.62 GB) NTFS ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (Size: 466 GB) (Disk ID: AAE888C0) Partition: GPT Partition Type. ==================== End Of Log ============================ FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 11-05-2014 01 Ran by buero heuser (administrator) on BUEROHEUSER-PC on 13-05-2014 10:32:23 Running from C:\Users\buero heuser\Desktop Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: German Standard Internet Explorer Version 11 Boot Mode: Normal ==================== Processes (Whitelisted) ================= (Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avp.exe (Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe (Intel Corporation) C:\Windows\System32\IPROSetMonitor.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Intel Corporation) C:\Windows\System32\igfxtray.exe (Intel Corporation) C:\Windows\System32\hkcmd.exe (Intel Corporation) C:\Windows\System32\igfxpers.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (shbox.de) C:\Program Files (x86)\FreePDF_XP\fpassist.exe (Ask) C:\Program Files (x86)\Ask.com\Updater\Updater.exe (Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avpui.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PrivacyIconClient.exe (CSS Group®) C:\Program Files (x86)\CSS Group Systems Corp\CSS Group Kassensystem Einzelhandel 2008\CSSKS50.exe (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Microsoft Corporation) C:\Windows\splwow64.exe (Intel Corporation) C:\Windows\System32\igfxsrvc.exe ==================== Registry (Whitelisted) ================== HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13374568 2011-12-13] (Realtek Semiconductor) HKLM-x32\...\Run: [IMSS] => C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe [133400 2012-02-07] (Intel Corporation) HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [291608 2012-01-26] (Intel Corporation) HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [284440 2011-11-29] (Intel Corporation) HKLM-x32\...\Run: [GrooveMonitor] => C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [31016 2006-10-27] (Microsoft Corporation) HKLM-x32\...\Run: [FreePDF Assistant] => C:\Program Files (x86)\FreePDF_XP\fpassist.exe [385024 2009-09-05] (shbox.de) HKLM-x32\...\Run: [] => [X] HKLM-x32\...\Run: [ApnUpdater] => C:\Program Files (x86)\Ask.com\Updater\Updater.exe [1646216 2013-01-24] (Ask) Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation) ==================== Internet (Whitelisted) ==================== HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xA84333675B38CE01 HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de BHO: Content Blocker Plugin - {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\x64\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO) BHO: Virtual Keyboard Plugin - {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO) BHO: Safe Money Plugin - {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\x64\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO) BHO: URL Advisor Plugin - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\x64\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO) BHO-x32: Content Blocker Plugin - {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO) BHO-x32: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation) BHO-x32: Virtual Keyboard Plugin - {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO) BHO-x32: Safe Money Plugin - {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO) BHO-x32: Ask Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask) BHO-x32: URL Advisor Plugin - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO) Toolbar: HKLM-x32 - Ask Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask) Toolbar: HKCU - No Name - {D4027C7F-154A-4066-A1AD-4243D8127440} - No File Tcpip\Parameters: [DhcpNameServer] 192.168.178.1 FireFox: ======== FF ProfilePath: C:\Users\buero heuser\AppData\Roaming\Mozilla\Firefox\Profiles\d0pagp99.default FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_13_0_0_206.dll () FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_206.dll () FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.0.59 - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation) FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation) FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml FF HKLM-x32\...\Firefox\Extensions: - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\url_advisor@kaspersky.com FF Extension: 卡巴斯基網址顧問 - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\url_advisor@kaspersky.com [2013-11-23] FF HKLM-x32\...\Firefox\Extensions: [virtual_keyboard@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\virtual_keyboard@kaspersky.com FF Extension: 虛擬鍵盤 - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\virtual_keyboard@kaspersky.com [2013-11-23] FF HKLM-x32\...\Firefox\Extensions: [content_blocker@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\content_blocker@kaspersky.com FF Extension: 惡意網站攔截器 - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\content_blocker@kaspersky.com [2013-11-23] FF HKLM-x32\...\Firefox\Extensions: [anti_banner@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\anti_banner@kaspersky.com FF Extension: Chặn quảng cáo - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\anti_banner@kaspersky.com [2013-11-23] FF HKLM-x32\...\Firefox\Extensions: [online_banking@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\online_banking@kaspersky.com FF Extension: Safe Money - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\online_banking@kaspersky.com [2013-11-23] ==================== Services (Whitelisted) ================= R2 AVP; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avp.exe [214512 2013-10-17] (Kaspersky Lab ZAO) R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [128280 2012-02-07] () R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [161560 2012-02-07] (Intel Corporation) ==================== Drivers (Whitelisted) ==================== R0 kl1; C:\Windows\System32\DRIVERS\kl1.sys [458336 2013-11-23] (Kaspersky Lab ZAO) S4 klflt; C:\Windows\System32\DRIVERS\klflt.sys [115296 2014-03-20] (Kaspersky Lab ZAO) R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [625248 2014-03-20] (Kaspersky Lab ZAO) R1 KLIM6; C:\Windows\System32\DRIVERS\klim6.sys [29792 2013-10-17] (Kaspersky Lab ZAO) R3 klkbdflt; C:\Windows\System32\DRIVERS\klkbdflt.sys [29280 2014-02-17] (Kaspersky Lab ZAO) R3 klmouflt; C:\Windows\System32\DRIVERS\klmouflt.sys [29280 2013-10-17] (Kaspersky Lab ZAO) R1 klpd; C:\Windows\System32\DRIVERS\klpd.sys [15456 2013-04-12] (Kaspersky Lab ZAO) R1 kltdi; C:\Windows\System32\DRIVERS\kltdi.sys [55904 2013-05-14] (Kaspersky Lab ZAO) R1 kneps; C:\Windows\System32\DRIVERS\kneps.sys [178272 2013-12-18] (Kaspersky Lab ZAO) ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2014-05-13 10:32 - 2014-05-13 10:32 - 00010634 _____ () C:\Users\buero heuser\Desktop\FRST.txt 2014-05-13 10:32 - 2014-05-13 10:32 - 00000000 ____D () C:\FRST 2014-05-13 10:32 - 2014-05-13 10:28 - 02066944 _____ (Farbar) C:\Users\buero heuser\Desktop\FRST64.exe 2014-05-12 08:46 - 2014-05-12 08:46 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox 2014-05-06 18:31 - 2014-05-06 18:31 - 00000000 ___SD () C:\Windows\system32\CompatTel 2014-05-06 12:45 - 2014-04-14 04:24 - 00465408 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll 2014-05-06 12:45 - 2014-04-14 04:19 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll 2014-05-03 13:24 - 2014-04-29 16:01 - 23547904 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2014-05-03 13:24 - 2014-04-29 15:40 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2014-05-03 13:24 - 2014-04-29 14:48 - 17384448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2014-05-03 13:24 - 2014-04-29 14:34 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb 2014-04-29 18:32 - 2014-03-06 11:31 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll 2014-04-29 18:32 - 2014-03-06 10:59 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll 2014-04-29 18:32 - 2014-03-06 10:57 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll 2014-04-29 18:32 - 2014-03-06 10:57 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll 2014-04-29 18:32 - 2014-03-06 10:53 - 02767360 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2014-04-29 18:32 - 2014-03-06 10:40 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll 2014-04-29 18:32 - 2014-03-06 10:39 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll 2014-04-29 18:32 - 2014-03-06 10:32 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll 2014-04-29 18:32 - 2014-03-06 10:29 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe 2014-04-29 18:32 - 2014-03-06 10:29 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe 2014-04-29 18:32 - 2014-03-06 10:28 - 00752640 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll 2014-04-29 18:32 - 2014-03-06 10:15 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe 2014-04-29 18:32 - 2014-03-06 10:11 - 05784064 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2014-04-29 18:32 - 2014-03-06 10:09 - 00453120 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll 2014-04-29 18:32 - 2014-03-06 10:03 - 00586240 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe 2014-04-29 18:32 - 2014-03-06 10:02 - 00455168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll 2014-04-29 18:32 - 2014-03-06 10:02 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll 2014-04-29 18:32 - 2014-03-06 10:01 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll 2014-04-29 18:32 - 2014-03-06 09:56 - 00038400 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll 2014-04-29 18:32 - 2014-03-06 09:48 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll 2014-04-29 18:32 - 2014-03-06 09:47 - 02178048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2014-04-29 18:32 - 2014-03-06 09:46 - 04254720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll 2014-04-29 18:32 - 2014-03-06 09:46 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll 2014-04-29 18:32 - 2014-03-06 09:45 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll 2014-04-29 18:32 - 2014-03-06 09:42 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll 2014-04-29 18:32 - 2014-03-06 09:40 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll 2014-04-29 18:32 - 2014-03-06 09:38 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe 2014-04-29 18:32 - 2014-03-06 09:36 - 00592896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll 2014-04-29 18:32 - 2014-03-06 09:22 - 00367616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll 2014-04-29 18:32 - 2014-03-06 09:21 - 00628736 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2014-04-29 18:32 - 2014-03-06 09:13 - 00032256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll 2014-04-29 18:32 - 2014-03-06 09:11 - 02043904 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl 2014-04-29 18:32 - 2014-03-06 09:07 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll 2014-04-29 18:32 - 2014-03-06 09:01 - 00244224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll 2014-04-29 18:32 - 2014-03-06 08:53 - 13551104 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2014-04-29 18:32 - 2014-03-06 08:46 - 00524288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll 2014-04-29 18:32 - 2014-03-06 08:40 - 01967104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl 2014-04-29 18:32 - 2014-03-06 08:36 - 11745792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2014-04-29 18:32 - 2014-03-06 08:22 - 02260480 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2014-04-29 18:32 - 2014-03-06 07:58 - 01400832 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2014-04-29 18:32 - 2014-03-06 07:50 - 00846336 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll 2014-04-29 18:32 - 2014-03-06 07:43 - 00704512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll 2014-04-29 18:32 - 2014-03-06 07:41 - 01789440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2014-04-29 18:32 - 2014-03-06 07:36 - 01143808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll ==================== One Month Modified Files and Folders ======= 2014-05-13 10:32 - 2014-05-13 10:32 - 00010634 _____ () C:\Users\buero heuser\Desktop\FRST.txt 2014-05-13 10:32 - 2014-05-13 10:32 - 00000000 ____D () C:\FRST 2014-05-13 10:28 - 2014-05-13 10:32 - 02066944 _____ (Farbar) C:\Users\buero heuser\Desktop\FRST64.exe 2014-05-13 10:08 - 2013-04-13 17:11 - 00000000 ____D () C:\ProgramData\Kaspersky Lab 2014-05-13 09:50 - 2013-09-09 07:44 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job 2014-05-13 09:33 - 2013-04-13 16:25 - 01468711 _____ () C:\Windows\WindowsUpdate.log 2014-05-13 09:11 - 2013-04-15 09:48 - 00202200 _____ () C:\fpRedmon.log 2014-05-13 09:11 - 2013-04-15 09:48 - 00000000 ____D () C:\Users\buero heuser\AppData\Local\FreePDF_XP 2014-05-13 08:50 - 2009-07-14 07:32 - 00000000 ____D () C:\Windows\system32\FxsTmp 2014-05-13 08:45 - 2013-04-13 17:28 - 00003982 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{B1158681-E919-4ED9-90B9-D778ACBD906E} 2014-05-13 07:58 - 2013-04-13 16:45 - 00000000 ____D () C:\ProgramData\CSS Group 2014-05-13 07:58 - 2009-07-14 06:45 - 00021872 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2014-05-13 07:58 - 2009-07-14 06:45 - 00021872 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2014-05-13 07:56 - 2011-04-12 09:43 - 00699432 _____ () C:\Windows\system32\perfh007.dat 2014-05-13 07:56 - 2011-04-12 09:43 - 00149572 _____ () C:\Windows\system32\perfc007.dat 2014-05-13 07:56 - 2009-07-14 07:13 - 01620684 _____ () C:\Windows\system32\PerfStringBackup.INI 2014-05-13 07:51 - 2013-04-15 10:11 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service 2014-05-13 07:51 - 2013-04-13 16:29 - 00000828 _____ () C:\Windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon.job 2014-05-13 07:51 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2014-05-13 07:51 - 2009-07-14 06:51 - 00083353 _____ () C:\Windows\setupact.log 2014-05-12 15:25 - 2013-04-13 16:29 - 00000830 _____ () C:\Windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d.job 2014-05-12 08:46 - 2014-05-12 08:46 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox 2014-05-06 18:31 - 2014-05-06 18:31 - 00000000 ___SD () C:\Windows\system32\CompatTel 2014-04-30 13:08 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\rescache 2014-04-30 07:44 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\PolicyDefinitions 2014-04-29 16:01 - 2014-05-03 13:24 - 23547904 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2014-04-29 15:40 - 2014-05-03 13:24 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2014-04-29 14:48 - 2014-05-03 13:24 - 17384448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2014-04-29 14:34 - 2014-05-03 13:24 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb 2014-04-29 08:50 - 2013-09-09 07:44 - 00692400 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2014-04-29 08:50 - 2013-09-09 07:44 - 00070832 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2014-04-29 08:50 - 2013-09-09 07:44 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater 2014-04-14 04:24 - 2014-05-06 12:45 - 00465408 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll 2014-04-14 04:19 - 2014-05-06 12:45 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll Some content of TEMP: ==================== C:\Users\buero heuser\AppData\Local\Temp\fp_pl_pfs_installer.exe C:\Users\buero heuser\AppData\Local\Temp\NEWB65.tmp.exe C:\Users\buero heuser\AppData\Local\Temp\ose00000.exe C:\Users\buero heuser\AppData\Local\Temp\setup.exe C:\Users\buero heuser\AppData\Local\Temp\_is1370.exe ==================== Bamital & volsnap Check ================= C:\Windows\System32\winlogon.exe => MD5 is legit C:\Windows\System32\wininit.exe => MD5 is legit C:\Windows\SysWOW64\wininit.exe => MD5 is legit C:\Windows\explorer.exe => MD5 is legit C:\Windows\SysWOW64\explorer.exe => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\SysWOW64\svchost.exe => MD5 is legit C:\Windows\System32\services.exe => MD5 is legit C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\SysWOW64\User32.dll => MD5 is legit C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\SysWOW64\userinit.exe => MD5 is legit C:\Windows\System32\rpcss.dll => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit LastRegBack: 2014-05-09 11:57 ==================== End Of Log ============================ --- --- --- Hier ist PC 2: Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x64) Version: 11-05-2014 01 Ran by Heuser at 2014-05-13 10:35:47 Running from C:\Users\Heuser\Desktop Boot Mode: Normal ========================================================== ==================== Security Center ======================== AV: Kaspersky Internet Security (Enabled - Up to date) {179979E8-273D-D14E-0543-2861940E4886} AS: Kaspersky Internet Security (Enabled - Up to date) {ACF8980C-0107-DEC0-3FF3-1313EF89023B} AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} FW: Kaspersky Internet Security (Enabled) {2FA2F8CD-6D52-D016-2E1C-81546ADD0FFD} ==================== Installed Programs ====================== 64 Bit HP CIO Components Installer (Version: 4.2.1 - Hewlett-Packard) Hidden Adobe Flash Player 13 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 13.0.0.206 - Adobe Systems Incorporated) Adobe Flash Player 13 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 13.0.0.206 - Adobe Systems Incorporated) Adobe Reader X (10.1.9) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AA1000000001}) (Version: 10.1.9 - Adobe Systems Incorporated) Ask Toolbar (HKLM-x32\...\{86D4B82A-ABED-442A-BE86-96357B70F4FE}) (Version: 1.14.1.0 - Ask.com) <==== ATTENTION Ask Toolbar Updater (HKCU\...\{79A765E1-C399-405B-85AF-466F52E918B0}) (Version: 1.2.0.20007 - Ask.com) <==== ATTENTION AVM FRITZ!Box Dokumentation (HKLM-x32\...\AVMFBox) (Version: - AVM Berlin) AVM FRITZ!Box Druckeranschluss (HKLM-x32\...\AVMFBoxPrinter) (Version: - AVM Berlin) Brother DCP-9010CN (HKLM-x32\...\{FB375CC2-2593-4104-9F13-01C247825778}) (Version: 1.00 - Brother) Brother MFL-Pro Suite DCP-9010CN (HKLM-x32\...\{A1BBEE16-49B1-42F2-95B8-54C8C6A1C0C3}) (Version: 2.0.1.0 - Brother Industries, Ltd.) Brother MFL-Pro Suite DCP-9040CN (HKLM-x32\...\{C83FB11D-9EC6-49D7-99A7-DDDB2264883C}) (Version: 1.0.1.0 - Brother Industries, Ltd.) CSS Group Kassensystem Einzelhandel 2008 SP3 (HKLM-x32\...\CSS Group Kassensystem Einzelhandel 2008 SP3) (Version: 5.0.0.0542 - CSS Group Systems Corp) CSS Group Kassensystem Einzelhandel 2008 SP3 (x32 Version: 5.0.0.0542 - CSS Group Systems Corp) Hidden Dropbox (HKCU\...\Dropbox) (Version: 2.6.31 - Dropbox, Inc.) Foxit Reader (HKLM-x32\...\Foxit Reader) (Version: 4.0.0.619 - Foxit Software Company) FreePDF (Remove only) (HKLM-x32\...\FreePDF_XP) (Version: - ) GPL Ghostscript 8.71 (HKLM-x32\...\GPL Ghostscript 8.71) (Version: - ) Intel(R) Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version: 8.15.10.1930 - Intel Corporation) IrfanView (remove only) (HKLM-x32\...\IrfanView) (Version: 4.30 - Irfan Skiljan) Java 2 Runtime Environment, SE v1.4.2_19 (HKLM-x32\...\{7148F0A8-6813-11D6-A77B-00B0D0142190}) (Version: 1.4.2_19 - Sun Microsystems, Inc.) Java Auto Updater (x32 Version: 2.0.7.1 - Sun Microsystems, Inc.) Hidden Java(TM) 6 Update 31 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83216031FF}) (Version: 6.0.310 - Oracle) Kaspersky Internet Security (HKLM-x32\...\InstallWIX_{6F6873E3-5C92-4049-B511-231A138DD090}) (Version: 14.0.0.4651 - Kaspersky Lab) Kaspersky Internet Security (x32 Version: 14.0.0.4651 - Kaspersky Lab) Hidden Microsoft .NET Framework 4.5.1 (DEU) (Version: 4.5.50938 - Microsoft Corporation) Hidden Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation) Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation) Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden Microsoft Office Access MUI (German) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden Microsoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISE) (Version: 12.0.4518.1014 - Microsoft Corporation) Microsoft Office Enterprise 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden Microsoft Office Excel MUI (German) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden Microsoft Office Groove MUI (German) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden Microsoft Office InfoPath MUI (German) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden Microsoft Office Office 64-bit Components 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden Microsoft Office OneNote MUI (German) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden Microsoft Office Outlook MUI (German) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden Microsoft Office PowerPoint MUI (German) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden Microsoft Office Proof (English) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden Microsoft Office Proof (French) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden Microsoft Office Proof (German) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden Microsoft Office Proof (Italian) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden Microsoft Office Proofing (German) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden Microsoft Office Publisher MUI (German) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden Microsoft Office Shared 64-bit MUI (German) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden Microsoft Office Shared MUI (German) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden Microsoft Office Word MUI (German) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden Mozilla Firefox 29.0.1 (x86 de) (HKLM-x32\...\Mozilla Firefox 29.0.1 (x86 de)) (Version: 29.0.1 - Mozilla) Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla) MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation) MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation) PaperPort Image Printer 64-bit (HKLM\...\{ABA4FAF1-6389-45F9-92CE-3914A4E5C471}) (Version: 1.00.0000 - Nuance Communications, Inc.) RedMon - Redirection Port Monitor (HKLM\...\Redirection Port Monitor) (Version: - ) ScanSoft PaperPort 11 (HKLM-x32\...\{02570AE0-BEE0-4A6C-BE3F-D806E9F2EA17}) (Version: 11.2.0000 - Nuance Communications, Inc.) WiseConvert Toolbar (HKLM-x32\...\WiseConvert Toolbar) (Version: 6.8.9.0 - WiseConvert) ==================== Restore Points ========================= 09-04-2014 10:49:38 Windows Update 15-04-2014 06:18:48 Windows Update 23-04-2014 07:13:24 Windows Update 29-04-2014 06:21:27 Windows Update 02-05-2014 08:53:09 Windows Update 03-05-2014 11:35:58 Windows Update 06-05-2014 10:44:48 Windows Update 13-05-2014 06:00:54 Windows Update ==================== Hosts content: ========================== 2009-07-14 04:34 - 2009-06-10 23:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts ==================== Scheduled Tasks (whitelisted) ============= Task: {4567077E-F273-421E-81A8-847FC3CCE69B} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-04-29] (Adobe Systems Incorporated) Task: {DDAFC7F6-4C12-4A09-A9DA-0B38587C5627} - System32\Tasks\BackgroundContainer Startup Task => Rundll32.exe "C:\Users\Heuser\AppData\Local\Conduit\BackgroundContainer\BackgroundContainer.dll",DllRun <==== ATTENTION Task: {E795DCA2-0AF6-40B5-A80F-41513D1FA763} - System32\Tasks\Scheduled Update for Ask Toolbar => C:\Program Files (x86)\Ask.com\UpdateTask.exe [2012-01-03] () <==== ATTENTION Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe ==================== Loaded Modules (whitelisted) ============= 2011-03-10 09:14 - 2011-03-10 09:14 - 00015360 _____ () C:\Windows\System32\KOAZ8JAL.DLL 2011-10-25 16:22 - 2005-03-12 02:07 - 00087040 _____ () C:\Windows\System32\redmonnt.dll 2013-02-02 13:12 - 2005-04-22 14:36 - 00143360 _____ () C:\Windows\system32\BrSNMP64.dll 2012-07-27 17:25 - 2011-04-01 12:26 - 01163264 ____R () C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe 2013-06-17 13:35 - 2013-06-17 13:35 - 00478400 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\dblite.dll 2013-05-08 15:52 - 2013-05-08 15:52 - 01270464 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\kpcengine.2.3.dll 2014-05-13 07:55 - 2014-05-13 07:55 - 00041984 _____ () c:\users\heuser\appdata\local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpteu_oe.dll 2013-10-19 01:55 - 2013-10-19 01:55 - 25100288 _____ () C:\Users\Heuser\AppData\Roaming\Dropbox\bin\libcef.dll 2012-07-27 17:25 - 2009-02-27 17:38 - 00139264 ____R () C:\Program Files (x86)\Brother\BrUtilities\BrLogAPI.dll 2006-10-26 13:56 - 2006-10-26 13:56 - 00757008 _____ () C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\MSPTLS.DLL ==================== Alternate Data Streams (whitelisted) ========= AlternateDataStreams: C:\Users\Heuser\Downloads\nachricht.eml:OECustomProperty ==================== Safe Mode (whitelisted) =================== ==================== EXE Association (whitelisted) ============= ==================== Disabled items from MSCONFIG ============== MSCONFIG\startupreg: BrMfcWnd => C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN MSCONFIG\startupreg: ControlCenter3 => C:\Program Files (x86)\Brother\ControlCenter3\brctrcen.exe /autorun ==================== Faulty Device Manager Devices ============= Name: Fingerprint Sensor Description: Fingerprint Sensor Class Guid: Manufacturer: Service: Problem: : The drivers for this device are not installed. (Code 28) Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard. Name: Basissystemgerät Description: Basissystemgerät Class Guid: Manufacturer: Service: Problem: : The drivers for this device are not installed. (Code 28) Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard. Name: Basissystemgerät Description: Basissystemgerät Class Guid: Manufacturer: Service: Problem: : The drivers for this device are not installed. (Code 28) Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard. ==================== Event log errors: ========================= Application errors: ================== Error: (05/13/2014 10:35:06 AM) (Source: Application Hang) (User: ) (EventID: 1002) Description: Programm FRST64.exe, Version 11.5.2014.1 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: 12f8 Startzeit: 01cf6e85a5fb2ca0 Endzeit: 15 Anwendungspfad: C:\Users\Heuser\Desktop\FRST64.exe Berichts-ID: Error: (05/13/2014 10:07:54 AM) (Source: SideBySide) (User: ) (EventID: 33) Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.VC80.MFC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.762"1". Die abhängige Assemblierung "Microsoft.VC80.MFC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.762"" konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe". Error: (05/13/2014 08:36:39 AM) (Source: SideBySide) (User: ) (EventID: 33) Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.VC80.MFC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.762"1". Die abhängige Assemblierung "Microsoft.VC80.MFC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.762"" konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe". Error: (05/13/2014 07:56:39 AM) (Source: WinMgmt) (User: ) (EventID: 10) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (05/12/2014 06:36:52 PM) (Source: WinMgmt) (User: ) (EventID: 10) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (05/12/2014 01:31:23 PM) (Source: WinMgmt) (User: ) (EventID: 10) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (05/12/2014 00:06:23 PM) (Source: SideBySide) (User: ) (EventID: 33) Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.VC80.MFC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.762"1". Die abhängige Assemblierung "Microsoft.VC80.MFC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.762"" konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe". Error: (05/12/2014 11:33:57 AM) (Source: WinMgmt) (User: ) (EventID: 10) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (05/12/2014 10:47:13 AM) (Source: WinMgmt) (User: ) (EventID: 10) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (05/12/2014 08:27:44 AM) (Source: WinMgmt) (User: ) (EventID: 10) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 System errors: ============= Error: (05/09/2014 04:10:31 PM) (Source: NetBT) (User: ) (EventID: 4321) Description: Der Name "HEUSER-PC :20" konnte nicht auf der Schnittstelle mit IP-Adresse 192.168.178.53 registriert werden. Der Computer mit IP-Adresse 192.168.178.59 hat nicht zugelassen, dass dieser Computer diesen Namen verwendet. Error: (05/09/2014 04:10:31 PM) (Source: NetBT) (User: ) (EventID: 4321) Description: Der Name "HEUSER-PC :0" konnte nicht auf der Schnittstelle mit IP-Adresse 192.168.178.53 registriert werden. Der Computer mit IP-Adresse 192.168.178.59 hat nicht zugelassen, dass dieser Computer diesen Namen verwendet. Error: (05/09/2014 04:10:31 PM) (Source: Server) (User: ) (EventID: 2505) Description: Aufgrund eines doppelten Netzwerknamens konnte zu der Transportschicht \Device\NetBT_Tcpip_{EAEE78C0-A3AE-4637-9A08-CC68F0249712} vom Serverdienst nicht gebunden werden. Der Serverdienst konnte nicht gestartet werden. Error: (05/09/2014 03:53:18 PM) (Source: NetBT) (User: ) (EventID: 4321) Description: Der Name "HEUSER-PC :20" konnte nicht auf der Schnittstelle mit IP-Adresse 192.168.178.53 registriert werden. Der Computer mit IP-Adresse 192.168.178.59 hat nicht zugelassen, dass dieser Computer diesen Namen verwendet. Error: (05/09/2014 03:53:18 PM) (Source: NetBT) (User: ) (EventID: 4321) Description: Der Name "HEUSER-PC :0" konnte nicht auf der Schnittstelle mit IP-Adresse 192.168.178.53 registriert werden. Der Computer mit IP-Adresse 192.168.178.62 hat nicht zugelassen, dass dieser Computer diesen Namen verwendet. Error: (05/09/2014 03:53:18 PM) (Source: Server) (User: ) (EventID: 2505) Description: Aufgrund eines doppelten Netzwerknamens konnte zu der Transportschicht \Device\NetBT_Tcpip_{EAEE78C0-A3AE-4637-9A08-CC68F0249712} vom Serverdienst nicht gebunden werden. Der Serverdienst konnte nicht gestartet werden. Error: (05/09/2014 03:14:33 PM) (Source: NetBT) (User: ) (EventID: 4321) Description: Der Name "HEUSER-PC :20" konnte nicht auf der Schnittstelle mit IP-Adresse 192.168.178.53 registriert werden. Der Computer mit IP-Adresse 192.168.178.59 hat nicht zugelassen, dass dieser Computer diesen Namen verwendet. Error: (05/09/2014 03:14:33 PM) (Source: Server) (User: ) (EventID: 2505) Description: Aufgrund eines doppelten Netzwerknamens konnte zu der Transportschicht \Device\NetBT_Tcpip_{EAEE78C0-A3AE-4637-9A08-CC68F0249712} vom Serverdienst nicht gebunden werden. Der Serverdienst konnte nicht gestartet werden. Error: (05/09/2014 03:14:31 PM) (Source: NetBT) (User: ) (EventID: 4321) Description: Der Name "HEUSER-PC :0" konnte nicht auf der Schnittstelle mit IP-Adresse 192.168.178.53 registriert werden. Der Computer mit IP-Adresse 192.168.178.59 hat nicht zugelassen, dass dieser Computer diesen Namen verwendet. Error: (05/09/2014 03:14:29 PM) (Source: NetBT) (User: ) (EventID: 4321) Description: Der Name "HEUSER-PC :0" konnte nicht auf der Schnittstelle mit IP-Adresse 192.168.178.53 registriert werden. Der Computer mit IP-Adresse 192.168.178.59 hat nicht zugelassen, dass dieser Computer diesen Namen verwendet. Microsoft Office Sessions: ========================= Error: (12/02/2011 09:27:34 AM) (Source: Microsoft Office 12 Sessions) (User: ) (EventID: 7001) Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 26 seconds with 0 seconds of active time. This session ended with a crash. CodeIntegrity Errors: =================================== Date: 2014-05-13 10:08:20.876 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. Date: 2014-05-13 10:08:20.873 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. Date: 2014-05-13 10:08:20.869 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. Date: 2014-05-13 10:08:20.856 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\KLELAMX64\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. Date: 2014-05-13 10:08:20.853 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\KLELAMX64\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. Date: 2014-05-13 10:08:20.849 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\KLELAMX64\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. Date: 2014-05-12 12:07:15.002 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. Date: 2014-05-12 12:07:15.002 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. Date: 2014-05-12 12:07:15.002 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. Date: 2014-05-12 12:07:14.987 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\KLELAMX64\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. ==================== Memory info =========================== Percentage of memory in use: 35% Total physical RAM: 4086.43 MB Available physical RAM: 2616.32 MB Total Pagefile: 8171.04 MB Available Pagefile: 6430.94 MB Total Virtual: 8192 MB Available Virtual: 8191.86 MB ==================== Drives ================================ Drive c: () (Fixed) (Total:104.88 GB) (Free:60.16 GB) NTFS ==>[Drive with boot components (obtained from BCD)] Drive f: (Dokumente) (Fixed) (Total:39.06 GB) (Free:35.62 GB) NTFS ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or 8) (Size: 149 GB) (Disk ID: 4119B9F9) Partition 1: (Not Active) - (Size=5 GB) - (Type=27) Partition 2: (Active) - (Size=105 GB) - (Type=07 NTFS) Partition 3: (Not Active) - (Size=39 GB) - (Type=07 NTFS) ==================== End Of Log ============================ FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 11-05-2014 01 Ran by Heuser (administrator) on HEUSER-PC on 13-05-2014 10:35:20 Running from C:\Users\Heuser\Desktop Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: German Standard Internet Explorer Version 11 Boot Mode: Normal ==================== Processes (Whitelisted) ================= (Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avp.exe (Intel Corporation) C:\Windows\System32\igfxtray.exe (Intel Corporation) C:\Windows\System32\hkcmd.exe (Intel Corporation) C:\Windows\System32\igfxsrvc.exe (Intel Corporation) C:\Windows\System32\igfxpers.exe (Dropbox, Inc.) C:\Users\Heuser\AppData\Roaming\Dropbox\bin\Dropbox.exe (shbox.de) C:\Program Files (x86)\FreePDF_XP\fpassist.exe (Ask) C:\Program Files (x86)\Ask.com\Updater\Updater.exe (Nuance Communications, Inc.) C:\Program Files (x86)\ScanSoft\PaperPort\pptd40nt.exe (Sun Microsystems, Inc.) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe () C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe (Brother Industries, Ltd.) C:\Program Files (x86)\Brother\ControlCenter3\BrccMCtl.exe (Brother Industries, Ltd.) C:\Program Files (x86)\Brother\Brmfcmon\BrMfimon.exe (Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avpui.exe (Microsoft Corporation) C:\Windows\splwow64.exe (Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office12\WINWORD.EXE ==================== Registry (Whitelisted) ================== HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated) HKLM-x32\...\Run: [FreePDF Assistant] => C:\Program Files (x86)\FreePDF_XP\fpassist.exe [385024 2009-09-05] (shbox.de) HKLM-x32\...\Run: [GrooveMonitor] => C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [31016 2006-10-27] (Microsoft Corporation) HKLM-x32\...\Run: [] => [X] HKLM-x32\...\Run: [ApnUpdater] => C:\Program Files (x86)\Ask.com\Updater\Updater.exe [1391272 2012-01-03] (Ask) HKLM-x32\...\Run: [SSBkgdUpdate] => C:\Program Files (x86)\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe [210472 2006-10-25] (Nuance Communications, Inc.) HKLM-x32\...\Run: [PaperPort PTD] => C:\Program Files (x86)\ScanSoft\PaperPort\pptd40nt.exe [29984 2008-07-10] (Nuance Communications, Inc.) HKLM-x32\...\Run: [IndexSearch] => C:\Program Files (x86)\ScanSoft\PaperPort\IndexSearch.exe [46368 2008-07-10] (Nuance Communications, Inc.) HKLM-x32\...\Run: [PPort11reminder] => C:\Program Files (x86)\ScanSoft\PaperPort\Ereg\Ereg.exe [328992 2007-08-31] (Nuance Communications, Inc.) HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254696 2012-01-18] (Sun Microsystems, Inc.) HKLM-x32\...\Run: [BrMfcWnd] => C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe [1163264 2011-04-01] () HKLM-x32\...\Run: [ControlCenter3] => C:\Program Files (x86)\Brother\ControlCenter3\brctrcen.exe [114688 2008-12-24] (Brother Industries, Ltd.) Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation) HKU\S-1-5-21-2655183059-2449593451-2518110874-1000\...\Run: [BackgroundContainer] => "C:\Windows\SysWOW64\Rundll32.exe" "C:\Users\Heuser\AppData\Local\Conduit\BackgroundContainer\BackgroundContainer.dll",DllRun <===== ATTENTION Startup: C:\Users\Heuser\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk ShortcutTarget: Dropbox.lnk -> C:\Users\Heuser\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) ==================== Internet (Whitelisted) ==================== HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT3196716&CUI=UN31609670868084239 HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x42F618F31893CC01 HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de URLSearchHook: HKLM-x32 - WiseConvert Toolbar - {ebd898f8-fcf6-4694-bc3b-eabc7271eeb1} - C:\Program Files (x86)\WiseConvert\prxtbWise.dll (Conduit Ltd.) URLSearchHook: HKCU - WiseConvert Toolbar - {ebd898f8-fcf6-4694-bc3b-eabc7271eeb1} - C:\Program Files (x86)\WiseConvert\prxtbWise.dll (Conduit Ltd.) SearchScopes: HKCU - DefaultScope {8A0A2F73-06C2-46DB-89D3-19B390C3B01F} URL = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3196716 SearchScopes: HKCU - {8A0A2F73-06C2-46DB-89D3-19B390C3B01F} URL = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3196716 BHO: Content Blocker Plugin - {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\x64\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO) BHO: Virtual Keyboard Plugin - {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO) BHO: Safe Money Plugin - {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\x64\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO) BHO: URL Advisor Plugin - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\x64\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO) BHO-x32: Content Blocker Plugin - {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO) BHO-x32: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation) BHO-x32: Virtual Keyboard Plugin - {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO) BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.) BHO-x32: Safe Money Plugin - {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO) BHO-x32: Ask Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask) BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.) BHO-x32: URL Advisor Plugin - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO) BHO-x32: WiseConvert Toolbar - {ebd898f8-fcf6-4694-bc3b-eabc7271eeb1} - C:\Program Files (x86)\WiseConvert\prxtbWise.dll (Conduit Ltd.) Toolbar: HKLM-x32 - Ask Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask) Toolbar: HKLM-x32 - WiseConvert Toolbar - {ebd898f8-fcf6-4694-bc3b-eabc7271eeb1} - C:\Program Files (x86)\WiseConvert\prxtbWise.dll (Conduit Ltd.) Toolbar: HKCU - No Name - {D4027C7F-154A-4066-A1AD-4243D8127440} - No File Toolbar: HKCU - No Name - {EBD898F8-FCF6-4694-BC3B-EABC7271EEB1} - No File Tcpip\Parameters: [DhcpNameServer] 192.168.178.1 FireFox: ======== FF ProfilePath: C:\Users\Heuser\AppData\Roaming\Mozilla\Firefox\Profiles\dxetymwl.default FF Homepage: hxxp://www.t-online.de/ FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_13_0_0_206.dll () FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_206.dll () FF Plugin-x32: @java.com/JavaPlugin - C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.) FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml FF HKLM-x32\...\Firefox\Extensions: - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\url_advisor@kaspersky.com FF Extension: 卡巴斯基網址顧問 - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\url_advisor@kaspersky.com [2013-11-11] FF HKLM-x32\...\Firefox\Extensions: [virtual_keyboard@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\virtual_keyboard@kaspersky.com FF Extension: 虛擬鍵盤 - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\virtual_keyboard@kaspersky.com [2013-11-11] FF HKLM-x32\...\Firefox\Extensions: [content_blocker@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\content_blocker@kaspersky.com FF Extension: 惡意網站攔截器 - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\content_blocker@kaspersky.com [2013-11-11] FF HKLM-x32\...\Firefox\Extensions: [anti_banner@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\anti_banner@kaspersky.com FF Extension: Chặn quảng cáo - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\anti_banner@kaspersky.com [2013-11-11] FF HKLM-x32\...\Firefox\Extensions: [online_banking@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\online_banking@kaspersky.com FF Extension: Safe Money - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\online_banking@kaspersky.com [2013-11-11] ==================== Services (Whitelisted) ================= R2 AVP; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avp.exe [214512 2013-10-17] (Kaspersky Lab ZAO) ==================== Drivers (Whitelisted) ==================== R0 kl1; C:\Windows\System32\DRIVERS\kl1.sys [458336 2013-11-11] (Kaspersky Lab ZAO) S4 klflt; C:\Windows\System32\DRIVERS\klflt.sys [115296 2014-03-25] (Kaspersky Lab ZAO) R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [625248 2014-03-25] (Kaspersky Lab ZAO) R1 KLIM6; C:\Windows\System32\DRIVERS\klim6.sys [29792 2013-10-17] (Kaspersky Lab ZAO) R3 klkbdflt; C:\Windows\System32\DRIVERS\klkbdflt.sys [29280 2014-02-18] (Kaspersky Lab ZAO) R3 klmouflt; C:\Windows\System32\DRIVERS\klmouflt.sys [29280 2013-10-17] (Kaspersky Lab ZAO) R1 klpd; C:\Windows\System32\DRIVERS\klpd.sys [15456 2013-04-12] (Kaspersky Lab ZAO) R1 kltdi; C:\Windows\System32\DRIVERS\kltdi.sys [55904 2013-05-14] (Kaspersky Lab ZAO) R1 kneps; C:\Windows\System32\DRIVERS\kneps.sys [178272 2013-12-19] (Kaspersky Lab ZAO) U5 VWiFiFlt; C:\Windows\System32\Drivers\VWiFiFlt.sys [59904 2009-07-14] (Microsoft Corporation) ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2014-05-13 10:31 - 2014-05-13 10:35 - 00012052 _____ () C:\Users\Heuser\Desktop\FRST.txt 2014-05-13 10:30 - 2014-05-13 10:35 - 00000000 ____D () C:\FRST 2014-05-13 10:30 - 2014-05-13 10:28 - 02066944 _____ (Farbar) C:\Users\Heuser\Desktop\FRST64.exe 2014-05-12 18:03 - 2014-05-12 18:04 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox 2014-05-06 12:45 - 2014-05-06 12:45 - 00000000 ___SD () C:\Windows\system32\CompatTel 2014-05-06 12:05 - 2014-05-06 12:06 - 33593014 _____ () C:\Users\Heuser\Downloads\Aktion_sweetspot.zip 2014-05-06 11:18 - 2014-04-14 04:24 - 00465408 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll 2014-05-06 11:18 - 2014-04-14 04:19 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll 2014-05-03 13:36 - 2014-04-29 16:01 - 23547904 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2014-05-03 13:36 - 2014-04-29 15:40 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2014-05-03 13:36 - 2014-04-29 14:48 - 17384448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2014-05-03 13:36 - 2014-04-29 14:34 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb 2014-04-30 11:31 - 2014-05-13 07:55 - 00003376 _____ () C:\Windows\System32\Tasks\BackgroundContainer Startup Task 2014-04-29 08:22 - 2014-03-06 11:31 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll 2014-04-29 08:22 - 2014-03-06 10:59 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll 2014-04-29 08:22 - 2014-03-06 10:57 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll 2014-04-29 08:22 - 2014-03-06 10:57 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll 2014-04-29 08:22 - 2014-03-06 10:53 - 02767360 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2014-04-29 08:22 - 2014-03-06 10:40 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll 2014-04-29 08:22 - 2014-03-06 10:39 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll 2014-04-29 08:22 - 2014-03-06 10:32 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll 2014-04-29 08:22 - 2014-03-06 10:29 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe 2014-04-29 08:22 - 2014-03-06 10:29 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe 2014-04-29 08:22 - 2014-03-06 10:28 - 00752640 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll 2014-04-29 08:22 - 2014-03-06 10:15 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe 2014-04-29 08:22 - 2014-03-06 10:11 - 05784064 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2014-04-29 08:22 - 2014-03-06 10:09 - 00453120 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll 2014-04-29 08:22 - 2014-03-06 10:03 - 00586240 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe 2014-04-29 08:22 - 2014-03-06 10:02 - 00455168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll 2014-04-29 08:22 - 2014-03-06 10:02 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll 2014-04-29 08:22 - 2014-03-06 10:01 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll 2014-04-29 08:22 - 2014-03-06 09:56 - 00038400 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll 2014-04-29 08:22 - 2014-03-06 09:48 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll 2014-04-29 08:22 - 2014-03-06 09:47 - 02178048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2014-04-29 08:22 - 2014-03-06 09:46 - 04254720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll 2014-04-29 08:22 - 2014-03-06 09:46 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll 2014-04-29 08:22 - 2014-03-06 09:45 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll 2014-04-29 08:22 - 2014-03-06 09:42 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll 2014-04-29 08:22 - 2014-03-06 09:40 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll 2014-04-29 08:22 - 2014-03-06 09:38 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe 2014-04-29 08:22 - 2014-03-06 09:36 - 00592896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll 2014-04-29 08:22 - 2014-03-06 09:22 - 00367616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll 2014-04-29 08:22 - 2014-03-06 09:21 - 00628736 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2014-04-29 08:22 - 2014-03-06 09:13 - 00032256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll 2014-04-29 08:22 - 2014-03-06 09:11 - 02043904 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl 2014-04-29 08:22 - 2014-03-06 09:07 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll 2014-04-29 08:22 - 2014-03-06 09:01 - 00244224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll 2014-04-29 08:22 - 2014-03-06 08:53 - 13551104 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2014-04-29 08:22 - 2014-03-06 08:46 - 00524288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll 2014-04-29 08:22 - 2014-03-06 08:40 - 01967104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl 2014-04-29 08:22 - 2014-03-06 08:36 - 11745792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2014-04-29 08:22 - 2014-03-06 08:22 - 02260480 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2014-04-29 08:22 - 2014-03-06 07:58 - 01400832 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2014-04-29 08:22 - 2014-03-06 07:50 - 00846336 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll 2014-04-29 08:22 - 2014-03-06 07:43 - 00704512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll 2014-04-29 08:22 - 2014-03-06 07:41 - 01789440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2014-04-29 08:22 - 2014-03-06 07:36 - 01143808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2014-04-24 12:28 - 2014-04-24 12:28 - 00358403 _____ () C:\Users\Heuser\Downloads\20140415_aeris_Bannerpaket_RitterRost.zip ==================== One Month Modified Files and Folders ======= 2014-05-13 10:35 - 2014-05-13 10:31 - 00012052 _____ () C:\Users\Heuser\Desktop\FRST.txt 2014-05-13 10:35 - 2014-05-13 10:30 - 00000000 ____D () C:\FRST 2014-05-13 10:28 - 2014-05-13 10:30 - 02066944 _____ (Farbar) C:\Users\Heuser\Desktop\FRST64.exe 2014-05-13 10:01 - 2013-07-03 12:19 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job 2014-05-13 09:50 - 2011-10-25 14:49 - 01371725 _____ () C:\Windows\WindowsUpdate.log 2014-05-13 09:47 - 2011-10-25 16:26 - 00073800 _____ () C:\fpRedmon.log 2014-05-13 09:47 - 2011-10-25 16:26 - 00000000 ____D () C:\Users\Heuser\AppData\Local\FreePDF_XP 2014-05-13 09:16 - 2011-10-25 15:14 - 00000000 ____D () C:\ProgramData\Kaspersky Lab 2014-05-13 08:02 - 2009-07-14 06:45 - 00021696 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2014-05-13 08:02 - 2009-07-14 06:45 - 00021696 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2014-05-13 07:56 - 2011-10-25 15:51 - 00000000 ___RD () C:\Users\Heuser\Dropbox 2014-05-13 07:56 - 2011-10-25 15:49 - 00000000 ____D () C:\Users\Heuser\AppData\Roaming\Dropbox 2014-05-13 07:55 - 2014-04-30 11:31 - 00003376 _____ () C:\Windows\System32\Tasks\BackgroundContainer Startup Task 2014-05-13 07:55 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2014-05-13 07:55 - 2009-07-14 06:51 - 00124438 _____ () C:\Windows\setupact.log 2014-05-13 07:54 - 2012-09-28 08:36 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service 2014-05-12 18:04 - 2014-05-12 18:03 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox 2014-05-12 14:33 - 2011-10-27 08:34 - 00000000 ____D () C:\ProgramData\CSS Group 2014-05-12 11:46 - 2009-07-14 07:32 - 00000000 ____D () C:\Windows\system32\FxsTmp 2014-05-06 12:45 - 2014-05-06 12:45 - 00000000 ___SD () C:\Windows\system32\CompatTel 2014-05-06 12:06 - 2014-05-06 12:05 - 33593014 _____ () C:\Users\Heuser\Downloads\Aktion_sweetspot.zip 2014-05-06 11:19 - 2011-04-12 09:43 - 00699682 _____ () C:\Windows\system32\perfh007.dat 2014-05-06 11:19 - 2011-04-12 09:43 - 00149790 _____ () C:\Windows\system32\perfc007.dat 2014-05-06 11:19 - 2009-07-14 07:13 - 01620684 _____ () C:\Windows\system32\PerfStringBackup.INI 2014-04-29 16:01 - 2014-05-03 13:36 - 23547904 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2014-04-29 15:40 - 2014-05-03 13:36 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2014-04-29 15:01 - 2013-07-03 12:19 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater 2014-04-29 15:01 - 2013-03-26 16:20 - 00692400 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2014-04-29 15:01 - 2011-10-26 09:01 - 00070832 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2014-04-29 14:48 - 2014-05-03 13:36 - 17384448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2014-04-29 14:34 - 2014-05-03 13:36 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb 2014-04-29 12:24 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\rescache 2014-04-29 11:05 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\PolicyDefinitions 2014-04-25 12:16 - 2013-10-12 12:40 - 00000000 ____D () C:\Users\Heuser\Desktop\PDF 2014-04-24 12:28 - 2014-04-24 12:28 - 00358403 _____ () C:\Users\Heuser\Downloads\20140415_aeris_Bannerpaket_RitterRost.zip 2014-04-23 09:09 - 2011-10-25 15:05 - 00000000 ___RD () C:\Users\Heuser\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup 2014-04-23 09:08 - 2011-10-25 15:50 - 00000000 ____D () C:\Users\Heuser\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox 2014-04-15 08:13 - 2009-07-14 07:08 - 00032640 _____ () C:\Windows\Tasks\SCHEDLGU.TXT 2014-04-14 04:24 - 2014-05-06 11:18 - 00465408 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll 2014-04-14 04:19 - 2014-05-06 11:18 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll Some content of TEMP: ==================== C:\Users\Heuser\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpteu_oe.dll C:\Users\Heuser\AppData\Local\Temp\firefoxjre_exe.exe C:\Users\Heuser\AppData\Local\Temp\jinstaller142_19.exe C:\Users\Heuser\AppData\Local\Temp\jre-6u39-windows-i586-iftw.exe C:\Users\Heuser\AppData\Local\Temp\ose00000.exe C:\Users\Heuser\AppData\Local\Temp\setup.exe C:\Users\Heuser\AppData\Local\Temp\_is1E78.exe ==================== Bamital & volsnap Check ================= C:\Windows\System32\winlogon.exe => MD5 is legit C:\Windows\System32\wininit.exe => MD5 is legit C:\Windows\SysWOW64\wininit.exe => MD5 is legit C:\Windows\explorer.exe => MD5 is legit C:\Windows\SysWOW64\explorer.exe => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\SysWOW64\svchost.exe => MD5 is legit C:\Windows\System32\services.exe => MD5 is legit C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\SysWOW64\User32.dll => MD5 is legit C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\SysWOW64\userinit.exe => MD5 is legit C:\Windows\System32\rpcss.dll => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit LastRegBack: 2014-05-09 12:13 ==================== End Of Log ============================ --- --- --- PC 3 folgt gleich |
13.05.2014, 09:49 | #4 |
| Email Account gehackt? Mail Delivery Und zum Schluss PC 3: Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x64) Version: 11-05-2014 01 Ran by Stefan at 2014-05-13 10:29:58 Running from C:\Users\Stefan\Desktop Boot Mode: Normal ========================================================== ==================== Security Center ======================== AV: Kaspersky Internet Security (Enabled - Up to date) {179979E8-273D-D14E-0543-2861940E4886} AS: Kaspersky Internet Security (Enabled - Up to date) {ACF8980C-0107-DEC0-3FF3-1313EF89023B} AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} FW: Kaspersky Internet Security (Enabled) {2FA2F8CD-6D52-D016-2E1C-81546ADD0FFD} ==================== Installed Programs ====================== 7-Zip 9.20 (HKLM-x32\...\7-Zip) (Version: - ) Account Manager (HKLM\...\{D64B2CEC-F8FE-41D6-9C23-1CA8430C88FF}) (Version: 3.0.03000 - ) Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 3.3.0.3650 - Adobe Systems Incorporated) Adobe AIR (x32 Version: 3.3.0.3650 - Adobe Systems Incorporated) Hidden Adobe Flash Player 13 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 13.0.0.206 - Adobe Systems Incorporated) Adobe Flash Player 13 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 13.0.0.206 - Adobe Systems Incorporated) Adobe Reader XI (11.0.06) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.06 - Adobe Systems Incorporated) Advanced Color Management (HKLM-x32\...\{FC702030-0F35-4ADB-A4C7-8289F30BABC1}) (Version: 1.1.65 - Samsung) Advanced Color Management (x32 Version: 1.1.65 - Samsung) Hidden Alps Pointing-device for VAIO (HKLM\...\{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}) (Version: - ALPS ELECTRIC CO., LTD.) Apple Application Support (HKLM-x32\...\{AAC5D43E-816D-4C2D-8E51-55FFF35BE301}) (Version: 3.0.1 - Apple Inc.) Apple Mobile Device Support (HKLM\...\{787136D2-F0F8-4625-AA3F-72D7795AC842}) (Version: 7.1.1.3 - Apple Inc.) Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.) ArcSoft WebCam Companion 3 (HKLM-x32\...\{DE8AAC73-6D8D-483E-96EA-CAEDDADB9079}) (Version: 3.0.21.193 - ArcSoft) Authentication Manager (HKLM\...\{E870F615-5BF0-4B20-B13B-CFE3DB1826EF}) (Version: 3.0.03000 - ) Avery Wizard 4.0 (HKLM-x32\...\{F5D84887-8A6F-4993-8560-B3AA44CB620D}) (Version: 4.0.201 - Avery) Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.) Box Operator 3.2.15000 (HKLM\...\{6FB97E47-C82D-45DE-B737-ECA4591CD5A2}) (Version: 3.2.15000 - ) Brother HL-5350DN (HKLM-x32\...\{C7F218F2-9E39-4BDF-8095-37045B3441AE}) (Version: 1.00 - Brother) Brother MFL-Pro Suite DCP-9040CN (HKLM-x32\...\{C83FB11D-9EC6-49D7-99A7-DDDB2264883C}) (Version: 1.0.1.0 - Brother Industries, Ltd.) Brother P-touch Address Book 1.1 (HKLM-x32\...\InstallShield_{B2023017-DEE4-44F7-8A71-CA6084BF534C}) (Version: 1.1.100 - Brother Industries, Ltd.) Brother P-touch Address Book 1.1 (x32 Version: 1.1.100 - Brother Industries, Ltd.) Hidden Brother P-touch Editor 5.0 (HKLM-x32\...\InstallShield_{DF9A6075-9308-4572-8932-A4316243C4D9}) (Version: 5.0.110 - Brother Industries, Ltd.) Brother P-touch Editor 5.0 (x32 Version: 5.0.110 - Brother Industries, Ltd.) Hidden convert+share (HKLM-x32\...\convert+share 2.1.1.2) (Version: 2.1.1.2 - Scanshare B.V.) convert+share (x32 Version: 2.1.1.2 - Scanshare B.V.) Hidden Copy Protection Utility (HKLM-x32\...\{CDA99C0E-165C-4273-A23E-F7793B8F1FC9}) (Version: 2.2.13000 - ) Corel WinDVD (HKLM-x32\...\{5C1F18D2-F6B7-4242-B803-B5A78648185D}) (Version: 10.0.5.109 - Corel Inc.) CSS Group Kassensystem Einzelhandel 2008 SP3 (HKLM-x32\...\CSS Group Kassensystem Einzelhandel 2008 SP3) (Version: 5.0.0.0542 - CSS Group Systems Corp) CSS Group Kassensystem Einzelhandel 2008 SP3 (x32 Version: 5.0.0.0542 - CSS Group Systems Corp) Hidden D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden DesignPro 5 (HKLM-x32\...\InstallShield_{F82C6574-AD88-4B40-A432-970BC77F1BD2}) (Version: 5.5.708 - Avery Dennison) DesignPro 5 (x32 Version: 5.5.708 - Avery Dennison) Hidden Device Manager (HKLM\...\{5F6D37A5-E5EB-4201-89D3-99ADB58B5A99}) (Version: 3.0.03000 - ) Device Set-Up (HKLM-x32\...\{8FB7FEB1-525E-4891-AD9F-4DFB071CC203}) (Version: 1.0.06000 - ) EGR-ShellExtension (HKLM-x32\...\EGR-ShellExtension) (Version: 1.1.0.100 - EasternGraphics) elmeg Compact WIN-Tools V7.52 (HKLM-x32\...\InstallShield_{DC0E7464-D68A-4866-8D40-2E4AF39C19F0}) (Version: 7.52.0000 - Funkwerk Enterprise Communications GmbH) elmeg Compact WIN-Tools V7.52 (x32 Version: 7.52.0000 - Funkwerk Enterprise Communications GmbH) Hidden ElsterFormular (HKLM-x32\...\ElsterFormular) (Version: 15.2.20140326 - Landesfinanzdirektion Thüringen) Fotogalerie (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden Foxit Reader (HKLM-x32\...\Foxit Reader) (Version: 4.0.0.619 - Foxit Software Company) FreePDF (Remove only) (HKLM-x32\...\FreePDF_XP) (Version: - ) Generic HDD TWAIN V4 (HKLM-x32\...\{43104C00-FBA3-43C8-B734-E54A37964ED5}) (Version: 4.0.07000 - ) GPL Ghostscript 8.71 (HKLM-x32\...\GPL Ghostscript 8.71) (Version: - ) Grundig Digta Configurator (HKLM-x32\...\{82120023-2869-444B-BD27-F404491F1184}) (Version: 7.2.12 - Grundig Business Systems GmbH) Grundig DigtaSoft Pro (HKLM-x32\...\{3E556D86-D772-40CE-A249-7A54A8EA30B8}) (Version: 5.1.21 - Grundig Business Systems GmbH) Grundig NetAdministration (HKLM-x32\...\{1B139C02-4B21-4A31-B120-C4E9E03C2DFC}) (Version: 5.0.9 - Grundig Business Systems GmbH) iCloud (HKLM\...\{81E20D41-C277-4526-934D-F2380AF91B78}) (Version: 3.1.0.40 - Apple Inc.) Intel PROSet Wireless (Version: - ) Hidden Intel(R) PROSet/Wireless WiFi-Software (HKLM\...\{CCAFF072-4DDB-4846-963D-15F02A8E9472}) (Version: 13.00.0000 - Intel Corporation) Intel(R) Turbo Boost Technology Driver (HKLM-x32\...\{D6C630BF-8DBB-4042-8562-DC9A52CB6E7E}) (Version: 01.00.00.1030 - Intel Corporation) Intel® Matrix Storage Manager (HKLM\...\{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}) (Version: - Intel Corporation) IrfanView (remove only) (HKLM-x32\...\IrfanView) (Version: 4.36 - Irfan Skiljan) iTunes (HKLM\...\{B8BA155B-1E75-405F-9CB4-8A99615D09DC}) (Version: 11.1.5.5 - Apple Inc.) Java 7 Update 25 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217021FF}) (Version: 7.0.250 - Oracle) Java Auto Updater (x32 Version: 2.1.9.5 - Sun Microsystems, Inc.) Hidden Java(TM) 6 Update 13 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83216013FF}) (Version: 6.0.130 - Sun Microsystems, Inc.) Java(TM) 6 Update 16 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86416016FF}) (Version: 6.0.160 - Sun Microsystems, Inc.) Junk Mail filter update (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden Kaspersky Internet Security (HKLM-x32\...\InstallWIX_{6F6873E3-5C92-4049-B511-231A138DD090}) (Version: 14.0.0.4651 - Kaspersky Lab) Kaspersky Internet Security (x32 Version: 14.0.0.4651 - Kaspersky Lab) Hidden MagicInfo Lite Server V2.0 Build NA-MIIPS-2000.1 (HKLM-x32\...\InstallShield_{98F8947A-E7B9-4BB7-92DB-A95F7CFE40B0}) (Version: 2.0.2.0 - Samsung Electronics) MagicInfo Lite Server V2.0 Build NA-MIIPS-2000.1 (x32 Version: 2.0.2.0 - Samsung Electronics) Hidden MagicInfo Premium Author (HKLM-x32\...\MagicInfo Premium Author) (Version: 2.0 - Samsung Electronics) MDC_Unified (HKLM-x32\...\{40B65AFB-2069-4B84-A742-0C108AE60705}) (Version: 8.1.1.10 - Ihr Firmenname) MFP-Printer Utility LP4700-1 Series (HKLM\...\MFP-Printer Utility LP4700-1 Series Installer) (Version: - MFP-Printer Utility) Microsoft – Speichern als PDF oder XPS – Add-In für 2007 Microsoft Office-Programme (HKLM-x32\...\{90120000-00B2-0407-0000-0000000FF1CE}) (Version: 12.0.4518.1014 - Microsoft Corporation) Microsoft .NET Framework 4.5.1 (DEU) (Version: 4.5.50938 - Microsoft Corporation) Hidden Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation) Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation) Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden Microsoft Application Error Reporting (x32 Version: 12.0.6012.5000 - Microsoft Corporation) Hidden Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft) Microsoft Office 2007 Service Pack 3 (SP3) (x32 Version: - Microsoft) Hidden Microsoft Office Access MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISE) (Version: 12.0.6612.1000 - Microsoft Corporation) Microsoft Office Enterprise 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office Excel MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation) Microsoft Office Groove MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office InfoPath MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office Live Add-in 1.5 (HKLM-x32\...\{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}) (Version: 2.0.4024.1 - Microsoft Corporation) Microsoft Office Office 64-bit Components 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office OneNote MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office Outlook Connector (HKLM-x32\...\{95140000-007A-0407-0000-0000000FF1CE}) (Version: 14.0.5118.5000 - Microsoft Corporation) Microsoft Office Outlook MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office PowerPoint MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office Proof (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office Proof (French) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office Proof (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office Proof (Italian) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office Proofing (German) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) (x32 Version: - Microsoft) Hidden Microsoft Office Publisher MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office Shared 64-bit MUI (German) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office Shared MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office Word MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft OneDrive (HKCU\...\OneDriveSetup.exe) (Version: 17.0.4029.0217 - Microsoft Corporation) Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation) Microsoft SQL Server 2008 (HKLM-x32\...\Microsoft SQL Server 10 Release) (Version: - Microsoft Corporation) Microsoft SQL Server 2008 (x32 Version: - Microsoft Corporation) Hidden Microsoft SQL Server 2008 Browser (HKLM-x32\...\{4AF2248C-B3DF-46FB-9596-87F5DB193689}) (Version: 10.3.5500.0 - Microsoft Corporation) Microsoft SQL Server 2008 Common Files (x32 Version: 10.3.5500.0 - Microsoft Corporation) Hidden Microsoft SQL Server 2008 Database Engine Services (x32 Version: 10.3.5500.0 - Microsoft Corporation) Hidden Microsoft SQL Server 2008 Database Engine Shared (x32 Version: 10.3.5500.0 - Microsoft Corporation) Hidden Microsoft SQL Server 2008 Native Client (HKLM\...\{12FE6AA6-65D2-40EE-B925-62193128A0E6}) (Version: 10.3.5500.0 - Microsoft Corporation) Microsoft SQL Server 2008 RsFx Driver (x32 Version: 10.3.5500.0 - Microsoft Corporation) Hidden Microsoft SQL Server VSS Writer (HKLM\...\{28D06854-572C-4A65-83E5-F8CAF26B9FDC}) (Version: 10.3.5500.0 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation) Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.21005 (x32 Version: 12.0.21005 - Microsoft Corporation) Hidden Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 (x32 Version: 12.0.21005 - Microsoft Corporation) Hidden Movie Maker (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden Mozilla Firefox 29.0.1 (x86 de) (HKLM-x32\...\Mozilla Firefox 29.0.1 (x86 de)) (Version: 29.0.1 - Mozilla) Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla) MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden MSVCRT_amd64 (x32 Version: 15.4.2862.0708 - Microsoft) Hidden MSVCRT110 (x32 Version: 16.4.1108.0727 - Microsoft) Hidden MSVCRT110_amd64 (Version: 16.4.1109.0912 - Microsoft) Hidden MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation) MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation) My Panel Manager (HKLM\...\{1E2F6D3C-CD0C-4836-A381-01FEB34F5ED0}) (Version: 3.0.00000 - ) My Print Manager (HKLM\...\{C5B3954F-EB3C-4712-9BB9-3EB8F4A2A432}) (Version: 3.0.00000 - ) NVIDIA Drivers (HKLM\...\NVIDIA Drivers) (Version: 1.9 - NVIDIA Corporation) Paint.NET v3.5.10 (HKLM\...\{529125EF-E3AC-4B74-97E6-F688A7C0F1C0}) (Version: 3.60.0 - dotPDN LLC) pCon.planner 6.8 ME (HKLM-x32\...\pCon.planner 6.8 ME) (Version: 6.8.0.101 - EasternGraphics) pCon.planner 6.8 ME (x32 Version: 6.8.0.101 - EasternGraphics) Hidden PDF24 Creator 5.6.0 (HKLM-x32\...\{81A6F461-0DBA-4F12-B56F-0E977EC10576}_is1) (Version: - PDF24.org) Photo Common (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden Photo Gallery (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden PostgreSQL 8.3 (HKLM-x32\...\{B823632F-3B72-4514-8861-B961CE263224}) (Version: 8.3 - PostgreSQL Global Development Group) PostgreSQL 9.2 (x86) (HKLM-x32\...\PostgreSQL 9.2) (Version: 9.2 - PostgreSQL Global Development Group) ProSafe Plus Utility (HKLM-x32\...\InstallShield_{AA42EDB4-A4F2-4386-A0BD-3CF8C3B71BF2}) (Version: 2.2.26 - Ihr Firmenname) ProSafe Plus Utility (x32 Version: 2.2.26 - Ihr Firmenname) Hidden PVSonyDll (Version: 1.00.0001 - NVIDIA Corporation) Hidden Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.5992 - Realtek Semiconductor Corp.) RedMon - Redirection Port Monitor (HKLM\...\Redirection Port Monitor) (Version: - ) Roxio Central Audio (x32 Version: 3.8.0 - Roxio) Hidden Roxio Central Copy (x32 Version: 3.8.0 - Roxio) Hidden Roxio Central Core (x32 Version: 3.8.0 - Roxio) Hidden Roxio Central Data (x32 Version: 3.8.0 - Roxio) Hidden Roxio Central Tools (x32 Version: 3.8.0 - Roxio) Hidden Roxio Easy Media Creator 10 LJ (HKLM-x32\...\{537BF16E-7412-448C-95D8-846E85A1D817}) (Version: 10.3 - Roxio) Roxio Easy Media Creator Home (x32 Version: 10.3.183 - Roxio) Hidden Samsung Magician (HKLM-x32\...\{29AE3F9F-7158-4ca7-B1ED-28A73ECDB215}_is1) (Version: 4.3.0 - Samsung Electronics) Service Pack 3 für SQL Server 2008 (KB2546951) (HKLM-x32\...\KB2546951) (Version: 10.3.5500.0 - Microsoft Corporation) Setting Utility Series (HKLM-x32\...\{A7DA438C-2E43-4C20-BFDA-C1F4A6208558}) (Version: 5.1.0.11200 - Sony Corporation) Shared Add-in Extensibility Update for Microsoft .NET Framework 2.0 (KB908002) (HKLM-x32\...\{09959E11-AD5D-408E-96AF-E3346954D6B8}) (Version: 1.0.0 - Microsoft) Shared Add-in Support Update for Microsoft .NET Framework 2.0 (KB908002) (HKLM-x32\...\{64F3B15C-24C7-4B2B-9B72-65CCBBD7F06B}) (Version: 1.0.0 - Microsoft) Software Version Updater (HKLM-x32\...\{99C91FC5-DB5B-4AA0-BB70-5D89C5A4DF96}) (Version: 1.1.3.8 - ) <==== ATTENTION Spotify (HKCU\...\Spotify) (Version: 0.9.8.296.g91f68827 - Spotify AB) Sql Server Customer Experience Improvement Program (x32 Version: 10.3.5500.0 - Microsoft Corporation) Hidden TeamViewer 8 (HKLM-x32\...\TeamViewer 8) (Version: 8.0.26038 - TeamViewer) TeamViewer 9 (HKLM-x32\...\TeamViewer 9) (Version: 9.0.24951 - TeamViewer) Unterstützungsdateien für Microsoft SQL Server 2008-Setup (HKLM-x32\...\{2A231800-A7CF-4223-B8A3-1FD9057BAE96}) (Version: 10.3.5500.0 - Microsoft Corporation) Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft) Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{A024FC7B-77DE-45DE-A058-1C049A17BFB3}) (Version: - Microsoft) Update for Microsoft Office 2007 suites (KB2687493) 32-Bit Edition (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6FAA03BD-2B51-4029-9AD9-64A3B8E3C84C}) (Version: - Microsoft) Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (HKLM-x32\...\{90120000-002A-0000-1000-0000000FF1CE}_ENTERPRISE_{CB68A5B0-3508-4193-AEB9-AF636DAECE0F}) (Version: - Microsoft) Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{CB68A5B0-3508-4193-AEB9-AF636DAECE0F}) (Version: - Microsoft) Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{E9A82945-BA29-4EE8-8F2A-2F49545E9CF2}) (Version: - Microsoft) Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition (HKLM-x32\...\{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISE_{EA54F104-79D2-48CC-9ABC-91A63C43D353}) (Version: - Microsoft) Update for Microsoft Office Outlook 2007 (KB2863811) 32-Bit Edition (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{53DEC068-4690-4F6B-9946-7D21EF02236B}) (Version: - Microsoft) Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2878297) 32-Bit Edition (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{9B1DEEA3-B4ED-49F0-9EF7-4A820EEEA7F1}) (Version: - Microsoft) Update for Video Converter (HKCU\...\DigitalSite) (Version: - ) <==== ATTENTION Update für Microsoft Office Excel 2007 Help (KB963678) (HKLM-x32\...\{90120000-0016-0407-0000-0000000FF1CE}_ENTERPRISE_{BEC163EC-7A83-48A1-BFB6-3BF47CC2F8CF}) (Version: - Microsoft) Update für Microsoft Office Outlook 2007 Help (KB963677) (HKLM-x32\...\{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISE_{F6828576-6F79-470D-AB50-69D1BBADBD30}) (Version: - Microsoft) Update für Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM-x32\...\{90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISE_{EA160DA3-E9B5-4D03-A518-21D306665B96}) (Version: - Microsoft) Update für Microsoft Office Word 2007 Help (KB963665) (HKLM-x32\...\{90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISE_{38472199-D7B6-4833-A949-10E4EE6365A1}) (Version: - Microsoft) VAIO Care (HKLM-x32\...\{36C5BBF0-E5BF-4DE1-B684-7E90B0C93FB5}) (Version: 5.0.3.11130 - Sony Corporation) VAIO Control Center (HKLM-x32\...\{72042FA6-5609-489F-A8EA-3C2DD650F667}) (Version: 4.1.0.10160 - Sony Corporation) VAIO Data Restore Tool (HKLM-x32\...\{57B955CE-B5D3-495D-AF1B-FAEE0540BFEF}) (Version: 1.2.0.09150 - Sony Corporation) VAIO Data Restore Tool (x32 Version: 1.2.0.09150 - Sony Corporation) Hidden VAIO Energie Verwaltung (HKLM-x32\...\{803E4FA5-A940-4420-B89D-A8BC2E160247}) (Version: 5.0.0.11300 - Sony Corporation) VAIO Event Service (HKLM-x32\...\{C7477742-DDB4-43E5-AC8D-0259E1E661B1}) (Version: 5.1.0.11300 - Sony Corporation) VAIO Gate (HKLM-x32\...\{A7C30414-2382-4086-B0D6-01A88ABA21C3}) (Version: 1.2.0.09240 - Sony Corporation) VAIO Gate Default (HKLM-x32\...\{B7546697-2A80-4256-A24B-1C33163F535B}) (Version: 1.0.0.10290 - Sony Corporation) VAIO Hardware Diagnostics (x32 Version: 3.9.1 - Sony Corporation) Hidden VAIO Marketing Tools (HKLM-x32\...\MarketingTools) (Version: - Sony Corporation) VAIO Premium Partners (HKLM-x32\...\VAIO Premium Partners) (Version: 1.0 - Sony Europe) VAIO screensaver (HKLM-x32\...\VAIO screensaver) (Version: 1.0.0.0 - Sony Europe) VAIO Smart Network (HKLM-x32\...\{0899D75A-C2FC-42EA-A702-5B9A5F24EAD5}) (Version: 3.1.0.11250 - Sony Corporation) VAIO Update (HKLM-x32\...\{9FF95DA2-7DA1-4228-93B7-DED7EC02B6B2}) (Version: 6.3.0.08010 - Sony Corporation) VAIO Wallpaper Contents (HKLM-x32\...\{D60F97EC-EF06-4E1E-B0D1-C2CBABA62FA3}) (Version: 2.0.0.06010 - Sony Corporation) VAIO Window Organizer (HKLM-x32\...\{6D320CE8-79EB-4D45-8C6D-DEF74D84B49A}) (Version: 2.0.0.08280 - Sony Corporation) VAIO-Support für Übertragungen (HKLM-x32\...\{5DDAFB4B-C52E-468A-9E23-3B0CEEB671BF}) (Version: 1.1.0.10200 - Sony Corporation) Video Player (HKLM-x32\...\Video Player) (Version: 1.1 - Video Player) <==== ATTENTION VLC media player 2.0.7 (HKLM\...\VLC media player) (Version: 2.0.7 - VideoLAN) VU5x64 (Version: 1.1.0 - Sony Corporation ) Hidden VU5x86 (x32 Version: 1.1.0 - Sony Corporation ) Hidden WIDCOMM Bluetooth Software (HKLM\...\{9E9D49A4-1DF4-4138-B7DB-5D87A893088E}) (Version: 6.2.1.500 - Broadcom Corporation) Windows Driver Package - Broadcom Bluetooth (09/09/2009 6.2.0.9405) (HKLM\...\930E4792BDAEAFB62A9514EE7578775658A5D07C) (Version: 09/09/2009 6.2.0.9405 - Broadcom) Windows Driver Package - Broadcom HIDClass (07/28/2009 6.2.0.9800) (HKLM\...\3BA80AB4C7E9F8497C115C844953A3D4BEB84D21) (Version: 07/28/2009 6.2.0.9800 - Broadcom) Windows Live Communications Platform (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3508.0205 - Microsoft Corporation) Windows Live Essentials (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden Windows Live Family Safety (Version: 16.4.3508.0205 - Microsoft Corporation) Hidden Windows Live Family Safety (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden Windows Live ID Sign-in Assistant (Version: 7.250.4311.0 - Microsoft Corporation) Hidden Windows Live Installer (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden Windows Live Mail (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden Windows Live Messenger (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden Windows Live MIME IFilter (Version: 16.4.3508.0205 - Microsoft Corporation) Hidden Windows Live Photo Common (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden Windows Live PIMT Platform (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden Windows Live SOXE (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden Windows Live SOXE Definitions (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden Windows Live UX Platform (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden Windows Live UX Platform Language Pack (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden Windows Live Writer (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden Windows Live Writer Resources (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden Windows-Treiberpaket - Grundig Business Systems GmbH (UacCtl2) USB (12/19/2006 2.0.3.3) (HKLM\...\CC5DAECF4951DEA284D78F429720CB8E8C2E057D) (Version: 12/19/2006 2.0.3.3 - Grundig Business Systems GmbH) WinPcap 4.1.2 (HKLM-x32\...\WinPcapInst) (Version: 4.1.0.2001 - CACE Technologies) Zattoo Live TV (HKCU\...\6d7aa3e3bf931c56) (Version: 1.0.0.41 - Zattoo Europa AG) ==================== Restore Points ========================= 25-04-2014 06:09:47 Windows Update 29-04-2014 07:31:37 Windows Update 29-04-2014 08:21:05 VAIO Care Automatic Restore Point 29-04-2014 10:25:13 EtikettenAssistent 4.2 wird installiert 29-04-2014 10:40:20 EtikettenAssistent 4.2 wird entfernt 29-04-2014 15:30:43 Windows Update 05-05-2014 15:11:43 Windows Update 06-05-2014 15:28:10 Windows Update 13-05-2014 07:21:04 Windows Update ==================== Hosts content: ========================== 2009-07-14 04:34 - 2009-06-10 23:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts ==================== Scheduled Tasks (whitelisted) ============= Task: {2A3F8C42-45CD-4779-AC21-A5292A7F4D9C} - System32\Tasks\SONY\VAIO Power Management\VPM Logon Start => C:\Program Files\Sony\VAIO Power Management\SPMgr.exe [2009-11-30] (Sony Corporation) Task: {341788DF-6801-4056-A637-FAE76749AA17} - System32\Tasks\SONY\VAIO Power Management\VPM Unlock => C:\Program Files\Sony\VAIO Power Management\SPMgr.exe [2009-11-30] (Sony Corporation) Task: {483F28F9-9CE2-4A7F-AEB3-69DB07E1E829} - System32\Tasks\SONY\VAIO Gate\VAIO Gate => C:\Program Files\Sony\VAIO Gate\VAIO Gate.exe [2009-09-24] (Sony Corporation) Task: {4A692C68-0BCB-467D-A318-99E3FF6B4E03} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-04-29] (Adobe Systems Incorporated) Task: {55405C7F-CEC6-4303-A4E7-0E9695875721} - System32\Tasks\SONY\SUS-BCF\Level4Daily => C:\Program Files (x86)\Sony\Setting Utility Series\WBCBatteryCare.exe [2009-11-20] (Sony Corporation) Task: {64549023-CA46-4533-AEF7-DB6A9A35CE26} - System32\Tasks\SONY\VAIO Power Management\VPM Session Change => C:\Program Files\Sony\VAIO Power Management\SPMgr.exe [2009-11-30] (Sony Corporation) Task: {66871F52-A0B8-48F2-A62F-EDAB8628E042} - \AmiUpdXp No Task File <==== ATTENTION Task: {7FF89D44-49D8-4D14-A587-EB435527426E} - System32\Tasks\SONY\SUS-BCF\Level4Month => C:\Program Files (x86)\Sony\Setting Utility Series\WBCBatteryCare.exe [2009-11-20] (Sony Corporation) Task: {80F992E9-A61A-468A-B1E5-5DC7A45FA743} - System32\Tasks\Digital Sites => C:\Users\Stefan\AppData\Roaming\DIGITA~2\UPDATE~1\UPDATE~1.EXE <==== ATTENTION Task: {B36CC32C-CDE3-4D96-9B53-12E3BA3C1FDE} - System32\Tasks\DigitalSite => C:\Users\Stefan\AppData\Roaming\DigitalSite\UpdateProc\UpdateTask.exe [2013-04-12] () <==== ATTENTION Task: {B36FA9B5-47E7-4222-9E2D-B5518AE1E891} - System32\Tasks\Sony Corporation\VAIO Update\VAIO Update => C:\Program Files\Sony\VAIO Update\VAIOUpdt.exe [2013-08-01] (Sony Corporation) Task: {CC5D8362-CFE7-4C54-AE83-295BA8EBC292} - System32\Tasks\GoforFilesUpdate => C:\Program Files (x86)\GoforFiles\GFFUpdater.exe <==== ATTENTION Task: {D8251977-082A-4357-BB94-5744C12431BF} - System32\Tasks\VAIO Care => C:\Program Files\Sony\VAIO Care\VCsystray.exe [2009-10-19] (Sony Corporation) Task: {EF4AC4E0-8B60-47C6-AA25-D7CEBF26E36E} - System32\Tasks\VAIO Care Service => C:\Program Files\Sony\VAIO Care\VAIOCareService.exe [2009-10-21] (Sony Corporation) Task: {F99BA537-B5B3-47B8-875D-F8023072B113} - System32\Tasks\Sony Corporation\VAIO Update\VAIO Update Self Repair => C:\Program Files\Sony\VAIO Update\VUSR.exe [2013-08-01] (Sony Corporation) Task: {FC5C7852-DD89-4D0B-8C8B-B16CA5FBF783} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.) Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe Task: C:\Windows\Tasks\AmiUpdXp.job => C:\Users\Stefan\AppData\Local\SwvUpdater\Updater.exe <==== ATTENTION Task: C:\Windows\Tasks\Digital Sites.job => C:\Users\Stefan\AppData\Roaming\DIGITA~2\UPDATE~1\UPDATE~1.EXE Task: C:\Windows\Tasks\DigitalSite.job => C:\Users\Stefan\AppData\Roaming\DIGITA~1\UPDATE~1\UPDATE~1.EXE <==== ATTENTION ==================== Loaded Modules (whitelisted) ============= 2009-09-21 15:04 - 2009-09-21 15:04 - 01501696 _____ () C:\Program Files\Common Files\Intel\WirelessCommon\Libeay32.dll 2011-03-10 09:14 - 2011-03-10 09:14 - 00015360 _____ () C:\Windows\System32\KOAZ8JAL.DLL 2009-10-01 09:08 - 2009-10-01 09:08 - 00015360 _____ () C:\Windows\System32\KOAZ8AAL.DLL 2012-08-27 10:57 - 2012-08-27 10:57 - 00017408 _____ () C:\Windows\System32\KOBJZJAL.dll 2011-03-10 09:14 - 2013-11-14 16:23 - 00015360 _____ () C:\Windows\System32\KOAZ8A_L.DLL 2013-06-13 12:41 - 2005-03-12 02:07 - 00087040 _____ () C:\Windows\System32\redmonnt.dll 2013-05-24 11:24 - 2013-05-24 11:24 - 00051712 _____ () C:\Program Files\MFP-Printer Utility\Enterprise Suite\bin\Release\PSESCoreScheduler.exe 2013-05-24 11:24 - 2013-05-24 11:24 - 05117440 _____ () C:\Program Files\MFP-Printer Utility\Enterprise Suite\bin\Release\PSESCoreLibrary.dll 2013-05-24 11:24 - 2013-05-24 11:24 - 00062464 _____ () C:\Program Files\MFP-Printer Utility\Enterprise Suite\bin\Release\de\PSESCoreLibrary.resources.dll 2013-05-17 15:30 - 2013-05-17 15:30 - 01085952 _____ () C:\Program Files\MFP-Printer Utility\Enterprise Suite\bin\Release\PSESAccLibrary.dll 2013-05-24 11:25 - 2013-05-24 11:25 - 03858432 _____ () C:\Program Files\MFP-Printer Utility\Enterprise Suite\bin\Release\PSESNetCareLibrary.dll 2013-06-14 20:20 - 2013-06-14 20:20 - 01289216 _____ () C:\Program Files\MFP-Printer Utility\Enterprise Suite\bin\Release\PSESAuthLibrary.dll 2013-05-24 11:24 - 2013-05-24 11:24 - 01395200 _____ () C:\Program Files\MFP-Printer Utility\Enterprise Suite\bin\Release\PSESJlcLibrary.dll 2013-01-24 13:50 - 2013-01-24 13:50 - 00539648 _____ () C:\Program Files\MFP-Printer Utility\Enterprise Suite\bin\Release\MyPrintManagerLibrary.dll 2013-02-12 16:12 - 2013-02-12 16:12 - 01926144 _____ () C:\Program Files\MFP-Printer Utility\Enterprise Suite\bin\Release\PSESProfileManagerWebLibrary.dll 2013-05-17 15:30 - 2013-05-17 15:30 - 00033280 _____ () C:\Program Files\MFP-Printer Utility\Enterprise Suite\bin\Release\de\PSESAccLibrary.resources.dll 2013-05-17 15:30 - 2013-05-17 15:30 - 00041984 _____ () C:\Program Files\MFP-Printer Utility\Enterprise Suite\bin\Release\PSESAccScheduledTask.dll 2012-08-09 10:57 - 2012-08-09 10:57 - 00621056 _____ () C:\Program Files\MFP-Printer Utility\Enterprise Suite\bin\Release\SnmpComp.dll 2009-11-06 14:46 - 2009-11-06 14:46 - 01420288 _____ () C:\Program Files\MFP-Printer Utility\Enterprise Suite\bin\Release\LIBEAY32.dll 2013-05-24 11:24 - 2013-05-24 11:24 - 00035328 _____ () C:\Program Files\MFP-Printer Utility\Enterprise Suite\bin\Release\de\PSESJlcLibrary.resources.dll 2012-01-26 13:18 - 2012-01-26 13:18 - 00042496 _____ () C:\Program Files\MFP-Printer Utility\Enterprise Suite\bin\Release\ESI.dll 2009-11-06 14:46 - 2009-11-06 14:46 - 00266240 _____ () C:\Program Files\MFP-Printer Utility\Enterprise Suite\bin\Release\SSLEAY32.dll 1998-11-22 08:09 - 1998-11-22 08:09 - 00008464 _____ () C:\MagicInfo Lite\bin\srvany.exe 2010-04-21 22:35 - 2010-04-21 22:35 - 00018944 _____ () C:\MagicInfo Lite\bin\MagicInfoStreamDaemon.exe 2013-07-18 12:30 - 2013-07-18 12:30 - 00670720 _____ () C:\BoxOperator\PSDP_ExplorerPlugIn.dll 2013-10-01 02:21 - 2013-10-01 02:21 - 00624640 _____ () C:\BoxOperator\PSDPUIHandler.dll 2013-07-18 12:27 - 2013-07-18 12:27 - 00324096 _____ () C:\BoxOperator\KMPSDPMiddleLayer.dll 2013-06-08 13:15 - 2013-06-08 13:15 - 00282624 _____ () C:\BoxOperator\KMENC.dll 2013-07-11 13:30 - 2013-07-11 13:30 - 00262144 _____ () C:\BoxOperator\PSDPUIHandler_Sat.Dll 2011-11-20 02:16 - 2011-11-20 02:16 - 00113664 _____ () C:\BoxOperator\PSDP_ExplorerPlugin_Sat.dll 2013-06-14 08:26 - 2005-04-22 13:36 - 00143360 ____N () C:\Windows\system32\BrSNMP64.dll 2013-02-12 16:12 - 2013-02-12 16:12 - 00008704 _____ () C:\Program Files\MFP-Printer Utility\Enterprise Suite\Plugin\Prof\KmProfService.exe 2013-02-12 16:12 - 2013-02-12 16:12 - 00208896 _____ () C:\Program Files\MFP-Printer Utility\Enterprise Suite\Plugin\Prof\ProfComunicationLayer.dll 2013-02-12 16:12 - 2013-02-12 16:12 - 00499200 _____ () C:\Program Files\MFP-Printer Utility\Enterprise Suite\Plugin\Prof\ProfCoreLibrary.dll 2013-02-12 16:10 - 2013-02-12 16:10 - 05038592 _____ () C:\Program Files\MFP-Printer Utility\Enterprise Suite\Plugin\Prof\PSESCoreLibrary.dll 2014-02-06 01:52 - 2014-02-06 01:52 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll 2014-02-06 01:52 - 2014-02-06 01:52 - 01044808 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll 2013-06-17 12:35 - 2013-06-17 12:35 - 00478400 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\dblite.dll 2013-05-08 14:52 - 2013-05-08 14:52 - 01270464 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\kpcengine.2.3.dll 2014-02-05 11:00 - 2014-02-05 11:00 - 00030720 _____ () C:\Program Files (x86)\convert+share\SHUtility.dll 2011-11-20 23:31 - 2011-11-20 23:31 - 00144896 _____ () C:\Program Files (x86)\convert+share\Connectors\docuvita.Core.dll 2014-02-05 10:59 - 2014-02-05 10:59 - 00904704 _____ () C:\Program Files (x86)\convert+share\System.Data.SQLite.dll 2014-02-05 11:00 - 2014-02-05 11:00 - 00073216 _____ () C:\Program Files (x86)\convert+share\SHLanguage.dll 2010-04-21 22:35 - 2010-04-21 22:35 - 00102400 _____ () C:\MagicInfo Lite\bin\StreamingModules.dll 2010-10-04 05:12 - 2010-10-04 05:12 - 00167936 _____ () C:\Program Files (x86)\PostgreSQL\8.3\bin\LIBPQ.dll 2013-06-26 18:34 - 2013-04-02 05:27 - 00137216 _____ () C:\Program Files (x86)\PostgreSQL\9.2\bin\LIBPQ.dll 2009-02-12 20:01 - 2009-02-12 20:01 - 00976384 _____ () C:\Program Files (x86)\PostgreSQL\8.3\bin\libxml2.dll 2005-07-20 06:48 - 2005-07-20 06:48 - 00059904 _____ () C:\Program Files (x86)\PostgreSQL\8.3\bin\zlib1.dll 2008-02-04 22:43 - 2008-02-04 22:43 - 00027136 _____ () C:\Program Files (x86)\PostgreSQL\8.3\lib\plugins\plugin_debugger.dll 2013-06-26 18:34 - 2012-08-14 15:30 - 01009664 _____ () C:\Program Files (x86)\PostgreSQL\9.2\bin\libxml2.dll 2013-09-14 01:51 - 2013-09-14 01:51 - 00087952 _____ () C:\Program Files (x86)\Common Files\Apple\Internet Services\zlib1.dll 2013-09-14 01:50 - 2013-09-14 01:50 - 01242952 _____ () C:\Program Files (x86)\Common Files\Apple\Internet Services\libxml2.dll 2013-06-13 12:00 - 2009-11-30 19:20 - 00010752 _____ () C:\Program Files (x86)\Sony\VAIO Event Service\VESBasePS.dll 2013-06-13 12:00 - 2009-11-30 19:20 - 00009728 _____ () C:\Program Files (x86)\Sony\VAIO Event Service\VESMgrSubPS.dll 2014-01-31 09:01 - 2013-11-28 13:14 - 00013824 _____ () C:\Program Files (x86)\Samsung Magician\SAMSUNG_SSD.dll 2014-01-31 09:01 - 2013-11-28 19:59 - 00098816 _____ () C:\Program Files (x86)\Samsung Magician\PAL.dll 2014-01-31 09:01 - 2013-11-28 19:59 - 00034304 _____ () C:\Program Files (x86)\Samsung Magician\SATA.dll 2014-01-31 09:01 - 2013-11-28 19:59 - 00032768 _____ () C:\Program Files (x86)\Samsung Magician\SAT.dll 2014-01-31 09:01 - 2013-11-28 20:00 - 00031232 _____ () C:\Program Files (x86)\Samsung Magician\SMINI.dll 2014-01-31 09:01 - 2013-11-28 19:59 - 00029696 _____ () C:\Program Files (x86)\Samsung Magician\SAS.dll 2009-02-26 13:46 - 2009-02-26 13:46 - 00064344 _____ () C:\Program Files (x86)\Microsoft Office\Office12\ADDINS\ColleagueImport.dll 2011-06-22 11:46 - 2011-06-22 11:46 - 00434016 _____ () C:\Program Files (x86)\Microsoft Office\Office12\ADDINS\UmOutlookAddin.dll 2013-07-10 18:07 - 2013-07-10 18:07 - 00756888 _____ () C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\MSPTLS.DLL 2014-05-10 12:03 - 2014-05-10 12:03 - 03839088 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll 2014-04-29 10:05 - 2014-04-29 10:05 - 16351920 _____ () C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_206.dll 2009-07-13 23:03 - 2009-07-14 03:15 - 00364544 _____ () C:\Windows\SysWOW64\msjetoledb40.dll ==================== Alternate Data Streams (whitelisted) ========= AlternateDataStreams: C:\ProgramData\TEMP:264CA462 AlternateDataStreams: C:\ProgramData\TEMP:CB0AACC9 ==================== Safe Mode (whitelisted) =================== HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcmscsvc => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MCODS => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MpfService => ""="Service" ==================== EXE Association (whitelisted) ============= ==================== Disabled items from MSCONFIG ============== MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Control Center.lnk => C:\Windows\pss\Control Center.lnk.CommonStartup MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" MSCONFIG\startupreg: APSDaemon => "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" MSCONFIG\startupreg: BrMfcWnd => C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN MSCONFIG\startupreg: ControlCenter3 => C:\Program Files (x86)\Brother\ControlCenter3\brctrcen.exe /autorun MSCONFIG\startupreg: iTunesHelper => "C:\Program Files (x86)\iTunes\iTunesHelper.exe" MSCONFIG\startupreg: MarketingTools => C:\Program Files (x86)\Sony\Marketing Tools\MarketingTools.exe MSCONFIG\startupreg: PDFPrint => C:\Program Files (x86)\PDF24\pdf24.exe MSCONFIG\startupreg: Spotify => "C:\Users\Stefan\AppData\Roaming\Spotify\Spotify.exe" /uri spotify:autostart MSCONFIG\startupreg: Spotify Web Helper => "C:\Users\Stefan\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files\Java\jre6\bin\jusched.exe" MSCONFIG\startupreg: TrojanScanner => C:\Program Files (x86)\Trojan Remover\Trjscan.exe /boot ==================== Faulty Device Manager Devices ============= ==================== Event log errors: ========================= Application errors: ================== Error: (05/13/2014 06:40:30 AM) (Source: MagicInfoStreamDaemon) (User: ) (EventID: 273) Description: Error: (05/12/2014 06:59:59 PM) (Source: MagicInfoStreamDaemon) (User: ) (EventID: 273) Description: Error: (05/12/2014 11:53:07 AM) (Source: MagicInfoStreamDaemon) (User: ) (EventID: 273) Description: Error: (05/12/2014 08:03:07 AM) (Source: MagicInfoStreamDaemon) (User: ) (EventID: 273) Description: Error: (05/11/2014 05:03:52 PM) (Source: MagicInfoStreamDaemon) (User: ) (EventID: 273) Description: Error: (05/09/2014 10:22:28 AM) (Source: MagicInfoStreamDaemon) (User: ) (EventID: 273) Description: Error: (05/09/2014 09:37:04 AM) (Source: MagicInfoStreamDaemon) (User: ) (EventID: 273) Description: Error: (05/09/2014 09:30:28 AM) (Source: MagicInfoStreamDaemon) (User: ) (EventID: 273) Description: Error: (05/08/2014 08:00:02 AM) (Source: MagicInfoStreamDaemon) (User: ) (EventID: 273) Description: Error: (05/06/2014 09:30:16 AM) (Source: MagicInfoStreamDaemon) (User: ) (EventID: 273) Description: System errors: ============= Error: (05/13/2014 10:28:43 AM) (Source: NetBT) (User: ) (EventID: 4319) Description: Ein doppelter Name wurde im TCP-Netzwerk entdeckt. Die IP-Adresse des Computers, der die Meldung gesendet hat, steht in den Daten. Verwenden Sie NBTSTAT -n an der Eingabeaufforderung, um den doppelten Namen zu bestimmen. Error: (05/13/2014 09:47:14 AM) (Source: NetBT) (User: ) (EventID: 4319) Description: Ein doppelter Name wurde im TCP-Netzwerk entdeckt. Die IP-Adresse des Computers, der die Meldung gesendet hat, steht in den Daten. Verwenden Sie NBTSTAT -n an der Eingabeaufforderung, um den doppelten Namen zu bestimmen. Error: (05/13/2014 09:47:09 AM) (Source: NetBT) (User: ) (EventID: 4319) Description: Ein doppelter Name wurde im TCP-Netzwerk entdeckt. Die IP-Adresse des Computers, der die Meldung gesendet hat, steht in den Daten. Verwenden Sie NBTSTAT -n an der Eingabeaufforderung, um den doppelten Namen zu bestimmen. Error: (05/13/2014 09:47:07 AM) (Source: NetBT) (User: ) (EventID: 4319) Description: Ein doppelter Name wurde im TCP-Netzwerk entdeckt. Die IP-Adresse des Computers, der die Meldung gesendet hat, steht in den Daten. Verwenden Sie NBTSTAT -n an der Eingabeaufforderung, um den doppelten Namen zu bestimmen. Error: (05/13/2014 09:13:53 AM) (Source: Service Control Manager) (User: ) (EventID: 7009) Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Roxio Upnp Server 10 erreicht. Error: (05/13/2014 06:40:32 AM) (Source: Service Control Manager) (User: ) (EventID: 7009) Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Roxio Upnp Server 10 erreicht. Error: (05/12/2014 07:00:02 PM) (Source: Service Control Manager) (User: ) (EventID: 7009) Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Roxio Upnp Server 10 erreicht. Error: (05/12/2014 05:15:21 PM) (Source: NetBT) (User: ) (EventID: 4319) Description: Ein doppelter Name wurde im TCP-Netzwerk entdeckt. Die IP-Adresse des Computers, der die Meldung gesendet hat, steht in den Daten. Verwenden Sie NBTSTAT -n an der Eingabeaufforderung, um den doppelten Namen zu bestimmen. Error: (05/12/2014 05:15:17 PM) (Source: NetBT) (User: ) (EventID: 4319) Description: Ein doppelter Name wurde im TCP-Netzwerk entdeckt. Die IP-Adresse des Computers, der die Meldung gesendet hat, steht in den Daten. Verwenden Sie NBTSTAT -n an der Eingabeaufforderung, um den doppelten Namen zu bestimmen. Error: (05/12/2014 05:11:51 PM) (Source: NetBT) (User: ) (EventID: 4319) Description: Ein doppelter Name wurde im TCP-Netzwerk entdeckt. Die IP-Adresse des Computers, der die Meldung gesendet hat, steht in den Daten. Verwenden Sie NBTSTAT -n an der Eingabeaufforderung, um den doppelten Namen zu bestimmen. Microsoft Office Sessions: ========================= Error: (04/01/2014 03:58:31 PM) (Source: Microsoft Office 12 Sessions) (User: ) (EventID: 7001) Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6680.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 4 seconds with 0 seconds of active time. This session ended with a crash. Error: (02/24/2014 10:32:30 AM) (Source: Microsoft Office 12 Sessions) (User: ) (EventID: 7001) Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6690.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 5547 seconds with 2040 seconds of active time. This session ended with a crash. Error: (06/13/2013 02:32:55 PM) (Source: Microsoft Office 12 Sessions) (User: ) (EventID: 7001) Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 103 seconds with 60 seconds of active time. This session ended with a crash. CodeIntegrity Errors: =================================== Date: 2014-05-10 10:34:21.631 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. Date: 2014-05-10 10:34:21.629 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. Date: 2014-05-10 10:34:21.625 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\KLELAMX64\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. Date: 2014-05-10 10:34:21.623 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\KLELAMX64\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. Date: 2014-05-10 10:33:40.052 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. Date: 2014-05-10 10:33:40.043 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\KLELAMX64\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. Date: 2014-05-09 09:42:55.181 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\KLELAMX64\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. Date: 2014-05-09 09:42:55.176 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\KLELAMX64\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. Date: 2014-05-09 09:42:55.174 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\KLELAMX64\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. Date: 2014-05-09 09:42:55.172 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\KLELAMX64\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. ==================== Memory info =========================== Percentage of memory in use: 48% Total physical RAM: 6126.07 MB Available physical RAM: 3161.79 MB Total Pagefile: 12250.32 MB Available Pagefile: 8696.72 MB Total Virtual: 8192 MB Available Virtual: 8191.83 MB ==================== Drives ================================ Drive b: (Volume) (Fixed) (Total:78.12 GB) (Free:54.34 GB) NTFS Drive c: () (Fixed) (Total:154.14 GB) (Free:82.11 GB) NTFS Drive f: () (Removable) (Total:1.87 GB) (Free:1.87 GB) FAT ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or 8) (Size: 238 GB) (Disk ID: 52729AA7) Partition 1: (Not Active) - (Size=6 GB) - (Type=27) Partition 2: (Active) - (Size=100 MB) - (Type=07 NTFS) Partition 3: (Not Active) - (Size=154 GB) - (Type=07 NTFS) Partition 4: (Not Active) - (Size=78 GB) - (Type=OF Extended) ======================================================== Disk: 2 (Size: 2 GB) (Disk ID: 00000000) Partition: GPT Partition Type. ==================== End Of Log ============================ FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 11-05-2014 01 Ran by Stefan (administrator) on STEFANHEUSER on 13-05-2014 10:29:28 Running from C:\Users\Stefan\Desktop Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: German Standard Internet Explorer Version 11 Boot Mode: Normal ==================== Processes (Whitelisted) ================= (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (Microsoft Corporation) C:\Windows\System32\wlanext.exe (ABBYY) C:\Program Files (x86)\convert+share\ABBYY\LicensingService.exe (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avp.exe (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe (Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe (Scanshare B.V.) C:\Program Files (x86)\convert+share\NetworkService.exe (Scanshare B.V.) C:\Program Files (x86)\convert+share\OAService.exe (Scanshare B.V.) C:\Program Files (x86)\convert+share\ProcessService.exe () C:\Program Files\MFP-Printer Utility\Enterprise Suite\bin\Release\PSESCoreScheduler.exe (Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe (Sony Corporation) C:\Program Files\Sony\VAIO Care\VAIOCareService.exe (InterVideo) C:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe (Apache Software Foundation) C:\MagicInfo Lite\tomcat\bin\tomcat6.exe () C:\MagicInfo Lite\bin\srvany.exe () C:\MagicInfo Lite\bin\MagicInfoStreamDaemon.exe (Sony Corporation) C:\Program Files\Sony\VAIO Power Management\SPMgr.exe (Microsoft Corporation) C:\Program Files (x86)\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe (PostgreSQL Global Development Group) C:\Program Files (x86)\PostgreSQL\8.3\bin\pg_ctl.exe (PostgreSQL Global Development Group) C:\Program Files (x86)\PostgreSQL\9.2\bin\pg_ctl.exe (Protexis Inc.) C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe (PostgreSQL Global Development Group) C:\Program Files (x86)\PostgreSQL\8.3\bin\postgres.exe (PostgreSQL Global Development Group) C:\Program Files (x86)\PostgreSQL\9.2\bin\postgres.exe (Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe (Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe (TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe (Alps Electric Co., Ltd.) C:\Program Files\Apoint\Apoint.exe (TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe (PostgreSQL Global Development Group) C:\Program Files (x86)\PostgreSQL\8.3\bin\postgres.exe (PostgreSQL Global Development Group) C:\Program Files (x86)\PostgreSQL\9.2\bin\postgres.exe (Spotify Ltd) C:\Users\Stefan\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe (PostgreSQL Global Development Group) C:\Program Files (x86)\PostgreSQL\8.3\bin\postgres.exe (PostgreSQL Global Development Group) C:\Program Files (x86)\PostgreSQL\8.3\bin\postgres.exe (PostgreSQL Global Development Group) C:\Program Files (x86)\PostgreSQL\8.3\bin\postgres.exe (PostgreSQL Global Development Group) C:\Program Files (x86)\PostgreSQL\8.3\bin\postgres.exe (PostgreSQL Global Development Group) C:\Program Files (x86)\PostgreSQL\9.2\bin\postgres.exe (PostgreSQL Global Development Group) C:\Program Files (x86)\PostgreSQL\9.2\bin\postgres.exe (PostgreSQL Global Development Group) C:\Program Files (x86)\PostgreSQL\9.2\bin\postgres.exe (PostgreSQL Global Development Group) C:\Program Files (x86)\PostgreSQL\9.2\bin\postgres.exe () C:\MagicInfo Lite\bin\srvany.exe (PostgreSQL Global Development Group) C:\Program Files (x86)\PostgreSQL\9.2\bin\postgres.exe (Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Sony Corporation) C:\Program Files (x86)\SONY\ISB Utility\ISBMgr.exe (shbox.de) C:\Program Files (x86)\FreePDF_XP\fpassist.exe (Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe ( ) C:\MagicInfo Lite\bin\distributer.exe (Sony Corporation) C:\Program Files (x86)\SONY\VAIO Event Service\VESMgr.exe (Sony Corporation) C:\Program Files\Sony\VAIO Smart Network\VSNService.exe (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE (Sony Corporation) C:\Program Files (x86)\SONY\VAIO Event Service\VESMgrSub.exe (Sony Corporation) C:\Program Files\Sony\VAIO Smart Network\VSNClient.exe (Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avpui.exe (PostgreSQL Global Development Group) C:\Program Files (x86)\PostgreSQL\8.3\bin\postgres.exe (PostgreSQL Global Development Group) C:\Program Files (x86)\PostgreSQL\8.3\bin\postgres.exe (PostgreSQL Global Development Group) C:\Program Files (x86)\PostgreSQL\8.3\bin\postgres.exe (PostgreSQL Global Development Group) C:\Program Files (x86)\PostgreSQL\8.3\bin\postgres.exe (PostgreSQL Global Development Group) C:\Program Files (x86)\PostgreSQL\8.3\bin\postgres.exe (PostgreSQL Global Development Group) C:\Program Files (x86)\PostgreSQL\8.3\bin\postgres.exe (PostgreSQL Global Development Group) C:\Program Files (x86)\PostgreSQL\8.3\bin\postgres.exe (PostgreSQL Global Development Group) C:\Program Files (x86)\PostgreSQL\8.3\bin\postgres.exe (PostgreSQL Global Development Group) C:\Program Files (x86)\PostgreSQL\8.3\bin\postgres.exe (PostgreSQL Global Development Group) C:\Program Files (x86)\PostgreSQL\8.3\bin\postgres.exe (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\APSDaemon.exe (Sony Corporation) C:\Program Files\Sony\VAIO Care\VCsystray.exe (Sony Corporation) C:\Program Files\Sony\VAIO Update\VAIOUpdt.exe () C:\Program Files\MFP-Printer Utility\Enterprise Suite\Plugin\Prof\KmProfService.exe (Sony Corporation) C:\Program Files\Sony\VAIO Power Management\SPMService.exe (Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe (Sony Corporation) C:\Program Files\Sony\VAIO Update\VUAgent.exe (Alps Electric Co., Ltd.) C:\Program Files\Apoint\ApMsgFwd.exe (Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTStackServer.exe (ALPS) C:\Program Files\Apoint\Apvfb.exe (Alps Electric Co., Ltd.) C:\Program Files\Apoint\ApntEx.exe (Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe (Samsung Electronics.) C:\Program Files (x86)\Samsung Magician\Samsung Magician.exe (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_13_0_0_206.exe (Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_13_0_0_206.exe (PostgreSQL Global Development Group) C:\Program Files (x86)\PostgreSQL\8.3\bin\postgres.exe (CSS Group®) C:\Program Files (x86)\CSS Group Systems Corp\CSS Group Kassensystem Einzelhandel 2008\CSSKS50.exe ==================== Registry (Whitelisted) ================== HKLM\...\Run: [IAAnotif] => C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe [186904 2009-10-13] (Intel Corporation) HKLM\...\Run: [NvCplDaemon] => C:\Windows\system32\NvCpl.dll [16395880 2009-11-02] (NVIDIA Corporation) HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [9636896 2009-12-07] (Realtek Semiconductor) HKLM\...\Run: [Apoint] => C:\Program Files\Apoint\Apoint.exe [208384 2009-11-04] (Alps Electric Co., Ltd.) HKLM-x32\...\Run: [ISBMgr.exe] => C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe [320880 2009-08-26] (Sony Corporation) HKLM-x32\...\Run: [SunJavaUpdateSched] => "C:\Program Files (x86)\Java\jre7\bin\jusched.exe" HKLM-x32\...\Run: [FreePDF Assistant] => C:\Program Files (x86)\FreePDF_XP\fpassist.exe [385024 2009-09-05] (shbox.de) HKLM-x32\...\Run: [GrooveMonitor] => C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation) HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated) HKLM-x32\...\Run: [BrStsWnd] => C:\Program Files (x86)\Brownie\BrstsW64.exe [3697776 2012-06-21] (brother) HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-02-21] (Apple Inc.) Winlogon\Notify\VESWinlogon-x32: VESWinlogon.dll [X] HKU\.DEFAULT\...\RunOnce: [SPReview] - C:\Windows\System32\SPReview\SPReview.exe [301568 2013-06-20] (Microsoft Corporation) HKU\S-1-5-21-778539726-1508035087-141682171-1000\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [59720 2013-11-20] (Apple Inc.) HKU\S-1-5-21-778539726-1508035087-141682171-1000\...\Run: [ApplePhotoStreams] => C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [59720 2013-11-20] (Apple Inc.) HKU\S-1-5-21-778539726-1508035087-141682171-1000\...\Run: [Spotify Web Helper] => C:\Users\Stefan\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1171000 2014-05-08] (Spotify Ltd) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk ShortcutTarget: Bluetooth.lnk -> C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.) Startup: C:\Users\Stefan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Samsung Magician.lnk ShortcutTarget: Samsung Magician.lnk -> C:\Program Files (x86)\Samsung Magician\Samsung Magician.exe (Samsung Electronics.) GroupPolicy: Group Policy on Chrome detected <======= ATTENTION ==================== Internet (Whitelisted) ==================== HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.searchgol.com/?babsrc=HP_ss&mntrId=CEE0506313DEDF0F&affID=119357&tt=160913_m3&tsp=5015 HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=SVEC&bmod=EU01 SearchScopes: HKCU - DefaultScope {7CA2114F-56B7-4321-8B1F-37F9B785C178} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7SVEC SearchScopes: HKCU - {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = hxxp://www.searchgol.com/?q={searchTerms}&babsrc=SP_ss&mntrId=CEE0506313DEDF0F&affID=119357&tt=160913_m3&tsp=5015 SearchScopes: HKCU - {10397CF5-8768-4510-8F12-B8D001496C3A} URL = hhxxp://www.zinio.com/search/index.jsp?s={searchTerms}&rf=sonyie8search SearchScopes: HKCU - {171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E} URL = SearchScopes: HKCU - {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = SearchScopes: HKCU - {7CA2114F-56B7-4321-8B1F-37F9B785C178} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7SVEC SearchScopes: HKCU - {8BB7C53E-D0BE-4BC4-9826-9D9CE55D5839} URL = hxxp://rover.ebay.com/rover/1/707-37276-16609-0/4?satitle={searchTerms} SearchScopes: HKCU - {D6DDDB5E-7FC1-4783-8529-166343F002F4} URL = hxxp://de.shopping.com/?linkin_id=8056363 BHO: Content Blocker Plugin - {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\x64\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO) BHO: Virtual Keyboard Plugin - {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO) BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) BHO: Safe Money Plugin - {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\x64\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO) BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.) BHO: URL Advisor Plugin - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\x64\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO) BHO-x32: Content Blocker Plugin - {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO) BHO-x32: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation) BHO-x32: Virtual Keyboard Plugin - {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO) BHO-x32: Microsoft-Konto-Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) BHO-x32: Safe Money Plugin - {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO) BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) BHO-x32: URL Advisor Plugin - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO) Toolbar: HKCU - No Name - {D4027C7F-154A-4066-A1AD-4243D8127440} - No File Tcpip\Parameters: [DhcpNameServer] 192.168.178.1 FireFox: ======== FF ProfilePath: C:\Users\Stefan\AppData\Roaming\Mozilla\Firefox\Profiles\k67ysfvy.default FF user.js: detected! => C:\Users\Stefan\AppData\Roaming\Mozilla\Firefox\Profiles\k67ysfvy.default\user.js FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_13_0_0_206.dll () FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_206.dll () FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () FF Plugin-x32: @java.com/DTPlugin,version=10.25.2 - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=10.25.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin-x32: @microsoft.com/OfficeLive,version=1.5 - C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.) FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3508.0205 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml FF HKLM-x32\...\Firefox\Extensions: [ext@VideoPlayerV3beta8857.net] - C:\Program Files (x86)\VideoPlayerV3\VideoPlayerV3beta8857\ff FF Extension: Video Player - C:\Program Files (x86)\VideoPlayerV3\VideoPlayerV3beta8857\ff [2014-01-20] FF HKLM-x32\...\Firefox\Extensions: - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\url_advisor@kaspersky.com FF Extension: 卡巴斯基網址顧問 - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\url_advisor@kaspersky.com [2014-05-09] FF HKLM-x32\...\Firefox\Extensions: [virtual_keyboard@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\virtual_keyboard@kaspersky.com FF Extension: 虛擬鍵盤 - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\virtual_keyboard@kaspersky.com [2014-05-09] FF HKLM-x32\...\Firefox\Extensions: [content_blocker@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\content_blocker@kaspersky.com FF Extension: 惡意網站攔截器 - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\content_blocker@kaspersky.com [2014-05-09] FF HKLM-x32\...\Firefox\Extensions: [anti_banner@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\anti_banner@kaspersky.com FF Extension: Chặn quảng cáo - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\anti_banner@kaspersky.com [2014-05-09] FF HKLM-x32\...\Firefox\Extensions: [online_banking@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\online_banking@kaspersky.com FF Extension: Safe Money - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\online_banking@kaspersky.com [2014-05-09] ==================== Services (Whitelisted) ================= R2 ABBYY.Licensing.FineReaderEngine.Windows.10.0; C:\Program Files (x86)\convert+share\ABBYY\LicensingService.exe [1170896 2014-02-05] (ABBYY) S3 ACDaemon; C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [109056 2009-02-06] (ArcSoft Inc.) R2 avp; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avp.exe [214512 2013-10-17] (Kaspersky Lab ZAO) R2 DVNetwork; C:\Program Files (x86)\convert+share\NetworkService.exe [19456 2014-02-05] (Scanshare B.V.) R2 DVOAService; C:\Program Files (x86)\convert+share\OAService.exe [18432 2014-02-05] (Scanshare B.V.) R2 DVProcess; C:\Program Files (x86)\convert+share\ProcessService.exe [18944 2014-02-05] (Scanshare B.V.) R2 Enterprise Suite Service; C:\Program Files\MFP-Printer Utility\Enterprise Suite\bin\Release\PSESCoreScheduler.exe [51712 2013-05-24] () S4 Enterprise Suite Terminal Service; C:\Program Files\MFP-Printer Utility\Enterprise Suite\ESC\bin\wrapper.exe [233984 2011-10-07] (Tanuki Software, Ltd.) R2 MagicInfoPremium; C:\MagicInfo Lite\tomcat\\bin\tomcat6.exe [57344 2008-07-22] (Apache Software Foundation) R2 MagicInfoStreamDaemon; C:\MagicInfo Lite\bin\srvany.exe [8464 1998-11-22] () R2 MSSQL$SQLEXPRESS; c:\Program Files (x86)\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe [43028328 2011-09-22] (Microsoft Corporation) R2 My Panel Manager Service; C:\Program Files\MFP-Printer Utility\Enterprise Suite\Plugin\Prof\KmProfService.exe [8704 2013-02-12] () R2 pgsql-8.3; C:\Program Files (x86)\PostgreSQL\8.3\bin\pg_ctl.exe [65536 2010-10-04] (PostgreSQL Global Development Group) S3 Primary Server Monitor; C:\Program Files\MFP-Printer Utility\Enterprise Suite\bin\Release\PSESPrimaryServerMonitor.exe [30720 2013-05-24] () S3 Roxio UPnP Renderer 10; C:\Program Files (x86)\Roxio\Digital Home 10\RoxioUPnPRenderer10.exe [313840 2009-08-31] (Sonic Solutions) S2 Roxio Upnp Server 10; C:\Program Files (x86)\Roxio\Digital Home 10\RoxioUpnpService10.exe [362992 2009-08-31] (Sonic Solutions) S3 rpcapd; C:\Program Files (x86)\WinPcap\rpcapd.exe [117264 2010-06-25] (CACE Technologies, Inc.) S3 SampleCollector; C:\Program Files\Sony\VAIO Care\collsvc.exe [167424 2009-09-16] (Intel Corporation) S4 SQLAgent$SQLEXPRESS; c:\Program Files (x86)\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [370024 2011-09-22] (Microsoft Corporation) R2 UltraVNCRepeater; C:\MagicInfo Lite\bin\srvany.exe [8464 1998-11-22] () R3 VUAgent; C:\Program Files\Sony\VAIO Update\VUAgent.exe [1368624 2013-08-01] (Sony Corporation) R2 W3SVC; C:\Windows\system32\inetsrv\iisw3adm.dll [453120 2010-11-20] (Microsoft Corporation) S3 WMSVC; C:\Windows\system32\inetsrv\wmsvc.exe [10752 2009-07-14] (Microsoft Corporation) R2 postgresql-9.2; C:/Program Files (x86)/PostgreSQL/9.2/bin/pg_ctl.exe runservice -N "postgresql-9.2" -D "C:/Program Files (x86)/PostgreSQL/9.2/data" -w [X] ==================== Drivers (Whitelisted) ==================== R0 kl1; C:\Windows\System32\DRIVERS\kl1.sys [458336 2014-05-09] (Kaspersky Lab ZAO) S4 klflt; C:\Windows\System32\DRIVERS\klflt.sys [115296 2014-05-09] (Kaspersky Lab ZAO) R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [625248 2014-05-09] (Kaspersky Lab ZAO) R1 KLIM6; C:\Windows\System32\DRIVERS\klim6.sys [29792 2013-10-17] (Kaspersky Lab ZAO) R3 klkbdflt; C:\Windows\System32\DRIVERS\klkbdflt.sys [29280 2014-05-09] (Kaspersky Lab ZAO) R3 klmouflt; C:\Windows\System32\DRIVERS\klmouflt.sys [29280 2013-10-17] (Kaspersky Lab ZAO) R1 klpd; C:\Windows\System32\DRIVERS\klpd.sys [15456 2013-04-12] (Kaspersky Lab ZAO) R1 kltdi; C:\Windows\System32\DRIVERS\kltdi.sys [55904 2013-05-14] (Kaspersky Lab ZAO) R1 kneps; C:\Windows\System32\DRIVERS\kneps.sys [178272 2014-05-09] (Kaspersky Lab ZAO) R2 NPF; C:\Windows\System32\drivers\npf.sys [35344 2010-06-25] (CACE Technologies, Inc.) R2 regi; C:\Windows\SysWOW64\drivers\regi.sys [11032 2007-04-17] (InterVideo) ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2014-05-13 10:29 - 2014-05-13 10:29 - 00022393 _____ () C:\Users\Stefan\Desktop\FRST.txt 2014-05-13 10:29 - 2014-05-13 10:29 - 00000000 ____D () C:\FRST 2014-05-13 10:28 - 2014-05-13 10:28 - 02066944 _____ (Farbar) C:\Users\Stefan\Desktop\FRST64.exe 2014-05-10 12:03 - 2014-05-10 12:03 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox 2014-05-09 16:00 - 2014-05-09 16:04 - 00000000 ____D () C:\Users\Stefan\Desktop\Bilder_Develop 2014-05-09 09:29 - 2014-05-09 09:29 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kaspersky Internet Security 2014-05-08 10:29 - 2014-05-08 10:29 - 00511642 _____ () C:\Users\Stefan\Downloads\meet_sweetspot_tables_D.zip 2014-05-07 11:32 - 2014-05-07 11:33 - 00000000 ____D () C:\Users\Stefan\Desktop\brother 2014-05-06 17:28 - 2014-05-06 17:28 - 00000000 ___SD () C:\Windows\system32\CompatTel 2014-05-06 09:35 - 2014-04-14 04:24 - 00465408 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll 2014-05-06 09:35 - 2014-04-14 04:19 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll 2014-05-05 17:11 - 2014-04-29 16:01 - 23547904 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2014-05-05 17:11 - 2014-04-29 15:40 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2014-05-05 17:11 - 2014-04-29 14:48 - 17384448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2014-05-05 17:11 - 2014-04-29 14:34 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb 2014-04-29 17:31 - 2014-03-06 11:31 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll 2014-04-29 17:31 - 2014-03-06 10:59 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll 2014-04-29 17:31 - 2014-03-06 10:57 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll 2014-04-29 17:31 - 2014-03-06 10:40 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll 2014-04-29 17:31 - 2014-03-06 10:39 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll 2014-04-29 17:31 - 2014-03-06 10:32 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll 2014-04-29 17:31 - 2014-03-06 10:29 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe 2014-04-29 17:31 - 2014-03-06 10:28 - 00752640 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll 2014-04-29 17:31 - 2014-03-06 10:09 - 00453120 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll 2014-04-29 17:31 - 2014-03-06 10:03 - 00586240 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe 2014-04-29 17:31 - 2014-03-06 10:02 - 00455168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll 2014-04-29 17:31 - 2014-03-06 10:02 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll 2014-04-29 17:31 - 2014-03-06 09:56 - 00038400 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll 2014-04-29 17:31 - 2014-03-06 09:48 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll 2014-04-29 17:31 - 2014-03-06 09:46 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll 2014-04-29 17:31 - 2014-03-06 09:45 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll 2014-04-29 17:31 - 2014-03-06 09:42 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll 2014-04-29 17:31 - 2014-03-06 09:40 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll 2014-04-29 17:31 - 2014-03-06 09:38 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe 2014-04-29 17:31 - 2014-03-06 09:22 - 00367616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll 2014-04-29 17:31 - 2014-03-06 09:21 - 00628736 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2014-04-29 17:31 - 2014-03-06 09:13 - 00032256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll 2014-04-29 17:31 - 2014-03-06 09:07 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll 2014-04-29 17:31 - 2014-03-06 09:01 - 00244224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll 2014-04-29 17:31 - 2014-03-06 08:46 - 00524288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll 2014-04-29 17:30 - 2014-03-06 10:57 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll 2014-04-29 17:30 - 2014-03-06 10:53 - 02767360 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2014-04-29 17:30 - 2014-03-06 10:29 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe 2014-04-29 17:30 - 2014-03-06 10:15 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe 2014-04-29 17:30 - 2014-03-06 10:11 - 05784064 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2014-04-29 17:30 - 2014-03-06 10:01 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll 2014-04-29 17:30 - 2014-03-06 09:47 - 02178048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2014-04-29 17:30 - 2014-03-06 09:46 - 04254720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll 2014-04-29 17:30 - 2014-03-06 09:36 - 00592896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll 2014-04-29 17:30 - 2014-03-06 09:11 - 02043904 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl 2014-04-29 17:30 - 2014-03-06 08:53 - 13551104 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2014-04-29 17:30 - 2014-03-06 08:40 - 01967104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl 2014-04-29 17:30 - 2014-03-06 08:36 - 11745792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2014-04-29 17:30 - 2014-03-06 08:22 - 02260480 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2014-04-29 17:30 - 2014-03-06 07:58 - 01400832 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2014-04-29 17:30 - 2014-03-06 07:50 - 00846336 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll 2014-04-29 17:30 - 2014-03-06 07:43 - 00704512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll 2014-04-29 17:30 - 2014-03-06 07:41 - 01789440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2014-04-29 17:30 - 2014-03-06 07:36 - 01143808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2014-04-28 14:39 - 2014-05-07 15:56 - 00000000 ____D () C:\Users\Stefan\Desktop\BTMV 2014-04-27 18:00 - 2014-04-27 18:00 - 00000000 ____D () C:\Users\Stefan\AppData\Local\.elfohilfe 2014-04-27 17:08 - 2014-04-27 17:09 - 00000000 ____D () C:\Users\Stefan\AppData\Roaming\elsterformular 2014-04-27 17:08 - 2014-04-27 17:08 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ElsterFormular 2014-04-27 17:08 - 2014-04-27 17:08 - 00000000 ____D () C:\ProgramData\elsterformular 2014-04-27 17:08 - 2014-04-27 17:08 - 00000000 ____D () C:\Program Files (x86)\ElsterFormular 2014-04-25 16:14 - 2014-04-25 16:14 - 00000000 ___HD () C:\ProgramData\{71298098-1063-493E-A755-4CC7081782D0} 2014-04-25 16:14 - 2014-04-25 16:14 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EasternGraphics 2014-04-25 16:13 - 2014-04-25 16:13 - 00000000 ____D () C:\Users\Stefan\AppData\Local\III 2014-04-23 15:08 - 2014-04-23 16:27 - 00000000 ____D () C:\Users\Stefan\Desktop\Dev 2014-04-22 16:26 - 2014-04-22 16:30 - 00038429 _____ () C:\Users\Stefan\AppData\Roaming\Kommagetrennte Werte (Windows).ADR 2014-04-22 13:14 - 2014-04-22 13:14 - 00000020 ___SH () C:\Users\ASP.NET v4.0 DefaultAppPool\ntuser.ini 2014-04-22 13:14 - 2014-04-22 13:14 - 00000000 _SHDL () C:\Users\ASP.NET v4.0 DefaultAppPool\Vorlagen 2014-04-22 13:14 - 2014-04-22 13:14 - 00000000 _SHDL () C:\Users\ASP.NET v4.0 DefaultAppPool\Startmenü 2014-04-22 13:14 - 2014-04-22 13:14 - 00000000 _SHDL () C:\Users\ASP.NET v4.0 DefaultAppPool\Netzwerkumgebung 2014-04-22 13:14 - 2014-04-22 13:14 - 00000000 _SHDL () C:\Users\ASP.NET v4.0 DefaultAppPool\Lokale Einstellungen 2014-04-22 13:14 - 2014-04-22 13:14 - 00000000 _SHDL () C:\Users\ASP.NET v4.0 DefaultAppPool\Eigene Dateien 2014-04-22 13:14 - 2014-04-22 13:14 - 00000000 _SHDL () C:\Users\ASP.NET v4.0 DefaultAppPool\Druckumgebung 2014-04-22 13:14 - 2014-04-22 13:14 - 00000000 _SHDL () C:\Users\ASP.NET v4.0 DefaultAppPool\Documents\Eigene Musik 2014-04-22 13:14 - 2014-04-22 13:14 - 00000000 _SHDL () C:\Users\ASP.NET v4.0 DefaultAppPool\Documents\Eigene Bilder 2014-04-22 13:14 - 2014-04-22 13:14 - 00000000 _SHDL () C:\Users\ASP.NET v4.0 DefaultAppPool\AppData\Roaming\Microsoft\Windows\Start Menu\Programme 2014-04-22 13:14 - 2014-04-22 13:14 - 00000000 _SHDL () C:\Users\ASP.NET v4.0 DefaultAppPool\AppData\Local\Verlauf 2014-04-22 13:14 - 2014-04-22 13:14 - 00000000 _SHDL () C:\Users\ASP.NET v4.0 DefaultAppPool\AppData\Local\Anwendungsdaten 2014-04-22 13:14 - 2014-04-22 13:14 - 00000000 _SHDL () C:\Users\ASP.NET v4.0 DefaultAppPool\Anwendungsdaten 2014-04-22 13:14 - 2014-04-22 13:14 - 00000000 ____D () C:\Users\ASP.NET v4.0 DefaultAppPool 2014-04-22 13:14 - 2014-04-01 15:18 - 00000000 ____D () C:\Users\ASP.NET v4.0 DefaultAppPool\AppData\Roaming\Macromedia 2014-04-22 13:14 - 2013-10-01 13:23 - 00002120 _____ () C:\Users\ASP.NET v4.0 DefaultAppPool\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft SkyDrive.lnk 2014-04-22 13:14 - 2013-06-18 11:52 - 00000000 ____D () C:\Users\ASP.NET v4.0 DefaultAppPool\AppData\Local\Microsoft Help 2014-04-22 13:14 - 2009-07-14 06:54 - 00000000 ___RD () C:\Users\ASP.NET v4.0 DefaultAppPool\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories 2014-04-22 13:14 - 2009-07-14 06:49 - 00000000 ___RD () C:\Users\ASP.NET v4.0 DefaultAppPool\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance 2014-04-22 12:57 - 2014-04-22 12:57 - 00000167 _____ () C:\Windows\ODBCINST.INI 2014-04-22 12:55 - 2011-09-25 07:51 - 00050200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\perf-SQLAgent$SQLEXPRESS-sqlagtctr10.3.5500.0.dll 2014-04-22 12:55 - 2011-09-22 17:18 - 00073064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\perf-MSSQL$SQLEXPRESS-sqlctr10.3.5500.0.dll 2014-04-22 12:54 - 2014-04-22 12:55 - 00000000 ____D () C:\Program Files\Microsoft SQL Server 2014-04-22 12:54 - 2014-04-22 12:54 - 00000000 ____D () C:\Windows\SysWOW64\1033 2014-04-22 12:54 - 2014-04-22 12:54 - 00000000 ____D () C:\Windows\SysWOW64\1031 2014-04-22 12:54 - 2014-04-22 12:54 - 00000000 ____D () C:\Windows\system32\1033 2014-04-22 12:54 - 2014-04-22 12:54 - 00000000 ____D () C:\Windows\system32\1031 2014-04-22 12:54 - 2014-04-22 12:54 - 00000000 ____D () C:\Program Files (x86)\Microsoft Visual Studio 9.0 2014-04-22 12:53 - 2014-04-22 12:55 - 00000000 ____D () C:\Program Files (x86)\Microsoft SQL Server 2014-04-22 12:53 - 2014-04-22 12:54 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft SQL Server 2008 2014-04-22 12:51 - 2014-04-22 12:51 - 00000000 ____D () C:\ProgramData\MFP Utility 2014-04-22 10:04 - 2014-04-22 10:04 - 00000000 ____D () C:\Users\Stefan\AppData\Local\MFP Utility 2014-04-22 10:04 - 2014-04-22 10:04 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MFP Utility 2014-04-22 10:04 - 2014-04-22 10:04 - 00000000 ____D () C:\Program Files (x86)\Device 2014-04-22 09:36 - 2014-04-22 09:37 - 00000000 ____D () C:\BoxOperator 2014-04-22 09:36 - 2014-04-22 09:36 - 00000000 ____D () C:\ProgramData\MFP-Printer Utility 2014-04-17 13:16 - 2014-04-17 13:16 - 00000000 ____D () C:\Users\Stefan\AppData\Roaming\Zattoo 2014-04-17 13:16 - 2014-04-17 13:16 - 00000000 ____D () C:\Users\Stefan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Zattoo Europa AG 2014-04-17 13:15 - 2014-04-17 13:16 - 00000000 ____D () C:\Users\Stefan\AppData\Local\Deployment 2014-04-17 13:15 - 2014-04-17 13:15 - 00000000 ____D () C:\Users\Stefan\AppData\Local\Apps\2.0 2014-04-17 13:15 - 2014-04-17 13:15 - 00000000 ____D () C:\ProgramData\Package Cache 2014-04-15 10:51 - 2014-04-15 10:52 - 00000000 ____D () C:\Users\Stefan\Desktop\Interstuhl ==================== One Month Modified Files and Folders ======= 2014-05-13 10:29 - 2014-05-13 10:29 - 00022393 _____ () C:\Users\Stefan\Desktop\FRST.txt 2014-05-13 10:29 - 2014-05-13 10:29 - 00000000 ____D () C:\FRST 2014-05-13 10:28 - 2014-05-13 10:28 - 02066944 _____ (Farbar) C:\Users\Stefan\Desktop\FRST64.exe 2014-05-13 10:22 - 2013-06-13 11:53 - 01197765 _____ () C:\Windows\WindowsUpdate.log 2014-05-13 10:16 - 2013-06-13 14:57 - 00000000 ____D () C:\ProgramData\Kaspersky Lab 2014-05-13 10:09 - 2014-02-14 09:09 - 00000296 _____ () C:\Windows\Tasks\Digital Sites.job 2014-05-13 10:09 - 2013-09-24 11:09 - 00000177 _____ () C:\Users\Stefan\AppData\Roaming\WB.CFG 2014-05-13 10:09 - 2013-09-24 10:08 - 00000296 _____ () C:\Windows\Tasks\DigitalSite.job 2014-05-13 10:05 - 2013-06-14 08:18 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job 2014-05-13 09:50 - 2013-06-13 12:32 - 00000000 ____D () C:\ProgramData\CSS Group 2014-05-13 09:23 - 2009-07-14 06:45 - 00013936 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2014-05-13 09:23 - 2009-07-14 06:45 - 00013936 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2014-05-13 09:18 - 2013-06-13 15:22 - 00000000 ____D () C:\Users\Stefan\AppData\Local\3E865EC9-11FE-4B0A-9567-F702404AE632.aplzod 2014-05-13 09:18 - 2013-06-13 12:41 - 00844582 _____ () C:\Windows\system32\perfh007.dat 2014-05-13 09:18 - 2013-06-13 12:41 - 00202474 _____ () C:\Windows\system32\perfc007.dat 2014-05-13 09:18 - 2009-07-14 07:13 - 02003270 _____ () C:\Windows\system32\PerfStringBackup.INI 2014-05-13 09:16 - 2013-06-13 12:11 - 00003950 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{68CB2F9A-9254-4A7B-A264-A9FC71EF232D} 2014-05-13 09:13 - 2014-01-04 14:29 - 00000360 _____ () C:\Windows\Tasks\AmiUpdXp.job 2014-05-13 09:13 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2014-05-13 09:13 - 2009-07-14 06:51 - 00070573 _____ () C:\Windows\setupact.log 2014-05-12 15:19 - 2013-06-13 12:49 - 00067200 _____ () C:\fpRedmon.log 2014-05-12 15:19 - 2013-06-13 12:49 - 00000000 ____D () C:\Users\Stefan\AppData\Local\FreePDF_XP 2014-05-12 13:45 - 2009-07-14 07:32 - 00000000 ____D () C:\Windows\system32\FxsTmp 2014-05-12 11:53 - 2013-06-13 14:59 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service 2014-05-10 12:48 - 2013-12-02 15:56 - 00000000 ____D () C:\Users\Stefan\AppData\Roaming\Spotify 2014-05-10 12:03 - 2014-05-10 12:03 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox 2014-05-09 16:04 - 2014-05-09 16:00 - 00000000 ____D () C:\Users\Stefan\Desktop\Bilder_Develop 2014-05-09 15:14 - 2013-06-13 15:53 - 00000000 ____D () C:\Users\Stefan\AppData\Local\Paint.NET 2014-05-09 14:58 - 2014-02-13 18:34 - 00000000 ____D () C:\Users\Stefan\Desktop\Develop 2014-05-09 09:40 - 2013-10-17 15:47 - 00625248 _____ (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\klif.sys 2014-05-09 09:40 - 2013-10-17 15:47 - 00458336 _____ (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\kl1.sys 2014-05-09 09:40 - 2013-10-17 15:47 - 00029280 _____ (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\klkbdflt.sys 2014-05-09 09:40 - 2013-06-08 20:18 - 00115296 _____ (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\klflt.sys 2014-05-09 09:40 - 2013-06-06 17:38 - 00178272 _____ (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\kneps.sys 2014-05-09 09:30 - 2013-06-13 14:57 - 00000000 ____D () C:\Program Files (x86)\Kaspersky Lab 2014-05-09 09:30 - 2009-11-23 23:29 - 00548252 _____ () C:\Windows\PFRO.log 2014-05-09 09:29 - 2014-05-09 09:29 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kaspersky Internet Security 2014-05-09 07:53 - 2013-06-13 12:32 - 00000473 _____ () C:\Windows\BRWMARK.INI 2014-05-08 14:16 - 2013-12-02 15:56 - 00000000 ____D () C:\Users\Stefan\AppData\Local\Spotify 2014-05-08 10:29 - 2014-05-08 10:29 - 00511642 _____ () C:\Users\Stefan\Downloads\meet_sweetspot_tables_D.zip 2014-05-07 15:56 - 2014-04-28 14:39 - 00000000 ____D () C:\Users\Stefan\Desktop\BTMV 2014-05-07 11:33 - 2014-05-07 11:32 - 00000000 ____D () C:\Users\Stefan\Desktop\brother 2014-05-07 07:58 - 2013-06-26 18:27 - 00000000 ____D () C:\Users\postgres 2014-05-06 17:28 - 2014-05-06 17:28 - 00000000 ___SD () C:\Windows\system32\CompatTel 2014-05-02 08:01 - 2014-03-23 14:00 - 00000512 __RSH () C:\ProgramData\ntuser.pol 2014-04-30 08:53 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\rescache 2014-04-30 07:42 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\PolicyDefinitions 2014-04-29 16:01 - 2014-05-05 17:11 - 23547904 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2014-04-29 15:40 - 2014-05-05 17:11 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2014-04-29 14:48 - 2014-05-05 17:11 - 17384448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2014-04-29 14:34 - 2014-05-05 17:11 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb 2014-04-29 10:05 - 2013-06-14 08:18 - 00692400 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2014-04-29 10:05 - 2013-06-14 08:18 - 00070832 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2014-04-29 10:05 - 2013-06-14 08:18 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater 2014-04-28 11:22 - 2014-02-11 15:05 - 00000000 ____D () C:\Watchfolder 2014-04-27 18:00 - 2014-04-27 18:00 - 00000000 ____D () C:\Users\Stefan\AppData\Local\.elfohilfe 2014-04-27 17:09 - 2014-04-27 17:08 - 00000000 ____D () C:\Users\Stefan\AppData\Roaming\elsterformular 2014-04-27 17:08 - 2014-04-27 17:08 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ElsterFormular 2014-04-27 17:08 - 2014-04-27 17:08 - 00000000 ____D () C:\ProgramData\elsterformular 2014-04-27 17:08 - 2014-04-27 17:08 - 00000000 ____D () C:\Program Files (x86)\ElsterFormular 2014-04-25 16:14 - 2014-04-25 16:14 - 00000000 ___HD () C:\ProgramData\{71298098-1063-493E-A755-4CC7081782D0} 2014-04-25 16:14 - 2014-04-25 16:14 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EasternGraphics 2014-04-25 16:14 - 2013-11-19 18:51 - 00000000 ___HD () C:\ProgramData\{2E5F3D11-0155-4860-A4E6-7A8C7E5C8D15} 2014-04-25 16:14 - 2013-06-13 15:05 - 00000000 ____D () C:\ProgramData\EasternGraphics 2014-04-25 16:13 - 2014-04-25 16:13 - 00000000 ____D () C:\Users\Stefan\AppData\Local\III 2014-04-23 16:27 - 2014-04-23 15:08 - 00000000 ____D () C:\Users\Stefan\Desktop\Dev 2014-04-22 16:30 - 2014-04-22 16:26 - 00038429 _____ () C:\Users\Stefan\AppData\Roaming\Kommagetrennte Werte (Windows).ADR 2014-04-22 13:24 - 2009-07-14 06:45 - 00462136 _____ () C:\Windows\system32\FNTCACHE.DAT 2014-04-22 13:14 - 2014-04-22 13:14 - 00000020 ___SH () C:\Users\ASP.NET v4.0 DefaultAppPool\ntuser.ini 2014-04-22 13:14 - 2014-04-22 13:14 - 00000000 _SHDL () C:\Users\ASP.NET v4.0 DefaultAppPool\Vorlagen 2014-04-22 13:14 - 2014-04-22 13:14 - 00000000 _SHDL () C:\Users\ASP.NET v4.0 DefaultAppPool\Startmenü 2014-04-22 13:14 - 2014-04-22 13:14 - 00000000 _SHDL () C:\Users\ASP.NET v4.0 DefaultAppPool\Netzwerkumgebung 2014-04-22 13:14 - 2014-04-22 13:14 - 00000000 _SHDL () C:\Users\ASP.NET v4.0 DefaultAppPool\Lokale Einstellungen 2014-04-22 13:14 - 2014-04-22 13:14 - 00000000 _SHDL () C:\Users\ASP.NET v4.0 DefaultAppPool\Eigene Dateien 2014-04-22 13:14 - 2014-04-22 13:14 - 00000000 _SHDL () C:\Users\ASP.NET v4.0 DefaultAppPool\Druckumgebung 2014-04-22 13:14 - 2014-04-22 13:14 - 00000000 _SHDL () C:\Users\ASP.NET v4.0 DefaultAppPool\Documents\Eigene Musik 2014-04-22 13:14 - 2014-04-22 13:14 - 00000000 _SHDL () C:\Users\ASP.NET v4.0 DefaultAppPool\Documents\Eigene Bilder 2014-04-22 13:14 - 2014-04-22 13:14 - 00000000 _SHDL () C:\Users\ASP.NET v4.0 DefaultAppPool\AppData\Roaming\Microsoft\Windows\Start Menu\Programme 2014-04-22 13:14 - 2014-04-22 13:14 - 00000000 _SHDL () C:\Users\ASP.NET v4.0 DefaultAppPool\AppData\Local\Verlauf 2014-04-22 13:14 - 2014-04-22 13:14 - 00000000 _SHDL () C:\Users\ASP.NET v4.0 DefaultAppPool\AppData\Local\Anwendungsdaten 2014-04-22 13:14 - 2014-04-22 13:14 - 00000000 _SHDL () C:\Users\ASP.NET v4.0 DefaultAppPool\Anwendungsdaten 2014-04-22 13:14 - 2014-04-22 13:14 - 00000000 ____D () C:\Users\ASP.NET v4.0 DefaultAppPool 2014-04-22 13:06 - 2013-06-13 12:07 - 00120968 _____ () C:\Users\Stefan\AppData\Local\GDIPFONTCACHEV1.DAT 2014-04-22 12:57 - 2014-04-22 12:57 - 00000167 _____ () C:\Windows\ODBCINST.INI 2014-04-22 12:57 - 2014-04-08 17:18 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MFP-Printer Utility 2014-04-22 12:56 - 2014-04-08 17:18 - 00000000 ____D () C:\Program Files\MFP-Printer Utility 2014-04-22 12:55 - 2014-04-22 12:54 - 00000000 ____D () C:\Program Files\Microsoft SQL Server 2014-04-22 12:55 - 2014-04-22 12:53 - 00000000 ____D () C:\Program Files (x86)\Microsoft SQL Server 2014-04-22 12:55 - 2014-02-13 11:00 - 02026832 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI 2014-04-22 12:54 - 2014-04-22 12:54 - 00000000 ____D () C:\Windows\SysWOW64\1033 2014-04-22 12:54 - 2014-04-22 12:54 - 00000000 ____D () C:\Windows\SysWOW64\1031 2014-04-22 12:54 - 2014-04-22 12:54 - 00000000 ____D () C:\Windows\system32\1033 2014-04-22 12:54 - 2014-04-22 12:54 - 00000000 ____D () C:\Windows\system32\1031 2014-04-22 12:54 - 2014-04-22 12:54 - 00000000 ____D () C:\Program Files (x86)\Microsoft Visual Studio 9.0 2014-04-22 12:54 - 2014-04-22 12:53 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft SQL Server 2008 2014-04-22 12:51 - 2014-04-22 12:51 - 00000000 ____D () C:\ProgramData\MFP Utility 2014-04-22 10:04 - 2014-04-22 10:04 - 00000000 ____D () C:\Users\Stefan\AppData\Local\MFP Utility 2014-04-22 10:04 - 2014-04-22 10:04 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MFP Utility 2014-04-22 10:04 - 2014-04-22 10:04 - 00000000 ____D () C:\Program Files (x86)\Device 2014-04-22 09:37 - 2014-04-22 09:36 - 00000000 ____D () C:\BoxOperator 2014-04-22 09:36 - 2014-04-22 09:36 - 00000000 ____D () C:\ProgramData\MFP-Printer Utility 2014-04-17 15:19 - 2013-10-04 12:21 - 00000000 ___RD () C:\Users\Stefan\Desktop\Verknüpfungen 2014-04-17 13:17 - 2013-10-28 14:06 - 00000000 ____D () C:\Program Files (x86)\Zattoo4 2014-04-17 13:16 - 2014-04-17 13:16 - 00000000 ____D () C:\Users\Stefan\AppData\Roaming\Zattoo 2014-04-17 13:16 - 2014-04-17 13:16 - 00000000 ____D () C:\Users\Stefan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Zattoo Europa AG 2014-04-17 13:16 - 2014-04-17 13:15 - 00000000 ____D () C:\Users\Stefan\AppData\Local\Deployment 2014-04-17 13:15 - 2014-04-17 13:15 - 00000000 ____D () C:\Users\Stefan\AppData\Local\Apps\2.0 2014-04-17 13:15 - 2014-04-17 13:15 - 00000000 ____D () C:\ProgramData\Package Cache 2014-04-17 13:12 - 2013-10-28 14:06 - 00017408 _____ () C:\Users\Stefan\AppData\Local\WebpageIcons.db 2014-04-15 10:52 - 2014-04-15 10:51 - 00000000 ____D () C:\Users\Stefan\Desktop\Interstuhl 2014-04-14 04:24 - 2014-05-06 09:35 - 00465408 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll 2014-04-14 04:19 - 2014-05-06 09:35 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll Some content of TEMP: ==================== C:\Users\Stefan\AppData\Local\Temp\autorun.dll ==================== Bamital & volsnap Check ================= C:\Windows\System32\winlogon.exe => MD5 is legit C:\Windows\System32\wininit.exe => MD5 is legit C:\Windows\SysWOW64\wininit.exe => MD5 is legit C:\Windows\explorer.exe => MD5 is legit C:\Windows\SysWOW64\explorer.exe => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\SysWOW64\svchost.exe => MD5 is legit C:\Windows\System32\services.exe => MD5 is legit C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\SysWOW64\User32.dll => MD5 is legit C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\SysWOW64\userinit.exe => MD5 is legit C:\Windows\System32\rpcss.dll => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit LastRegBack: 2014-05-09 08:36 ==================== End Of Log ============================ --- --- --- Vielen Dank vorab |
14.05.2014, 08:21 | #5 |
/// the machine /// TB-Ausbilder | Email Account gehackt? Mail Delivery Passwort zum Account ändern. Auf allen 3 rechnern: Adware & Co. deinstallieren
Solltest Du ein Programm nicht finden oder nicht deinstallieren können, mache bitte mit dem nächsten Schritt weiter: Downloade Dir bitte Malwarebytes Anti-Malware
Downloade Dir bitte AdwCleaner auf deinen Desktop.
Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
und ein frisches FRST log bitte.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
14.05.2014, 14:06 | #6 |
| Email Account gehackt? Mail Delivery Hallo Schrauber, hier sind mal die Dateien vom ersten PC: Code:
ATTFilter # AdwCleaner v3.208 - Bericht erstellt am 14/05/2014 um 14:38:09 # Aktualisiert 11/05/2014 von Xplode # Betriebssystem : Windows 7 Professional Service Pack 1 (64 bits) # Benutzername : buero heuser - BUEROHEUSER-PC # Gestartet von : C:\Users\buero heuser\Desktop\3adwcleaner.exe # Option : Löschen ***** [ Dienste ] ***** ***** [ Dateien / Ordner ] ***** Ordner Gelöscht : C:\Users\buero heuser\AppData\Local\PackageAware Ordner Gelöscht : C:\Users\BUEROH~1\AppData\Local\Temp\AskSearch ***** [ Verknüpfungen ] ***** ***** [ Registrierungsdatenbank ] ***** Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\AskInstallChecker_RASAPI32 Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\AskInstallChecker_RASMANCS Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\askpartnercobrandingtool_rasapi32 Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\askpartnercobrandingtool_rasmancs Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D4027C7F-154A-4066-A1AD-4243D8127440}] ***** [ Browser ] ***** -\\ Internet Explorer v11.0.9600.17041 -\\ Mozilla Firefox v29.0.1 (de) [ Datei : C:\Users\buero heuser\AppData\Roaming\Mozilla\Firefox\Profiles\d0pagp99.default\prefs.js ] ************************* AdwCleaner[R0].txt - [1426 octets] - [14/05/2014 14:37:36] AdwCleaner[S0].txt - [1347 octets] - [14/05/2014 14:38:09] ########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [1407 octets] ########## Code:
ATTFilter ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Junkware Removal Tool (JRT) by Thisisu Version: 6.1.4 (04.06.2014:1) OS: Windows 7 Professional x64 Ran by buero heuser on 14.05.2014 at 14:40:49,60 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~ Services ~~~ Registry Values ~~~ Registry Keys ~~~ Files ~~~ Folders ~~~ FireFox Emptied folder: C:\Users\buero heuser\AppData\Roaming\mozilla\firefox\profiles\d0pagp99.default\minidumps [22 files] ~~~ Event Viewer Logs were cleared ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Scan was completed on 14.05.2014 at 14:47:13,10 End of JRT log ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Code:
ATTFilter Malwarebytes Anti-Malware www.malwarebytes.org Suchlauf Datum: 14.05.2014 Suchlauf-Zeit: 14:32:25 Logdatei: 1mbam_La.txt Administrator: Ja Version: 2.00.1.1004 Malware Datenbank: v2014.05.14.03 Rootkit Datenbank: v2014.03.27.01 Lizenz: Testversion Malware Schutz: Aktiviert Bösartiger Webseiten Schutz: Aktiviert Chameleon: Deaktiviert Betriebssystem: Windows 7 Service Pack 1 CPU: x64 Dateisystem: NTFS Benutzer: buero heuser Suchlauf-Art: Bedrohungs-Suchlauf Ergebnis: Abgeschlossen Durchsuchte Objekte: 250999 Verstrichene Zeit: 4 Min, 7 Sek Speicher: Aktiviert Autostart: Aktiviert Dateisystem: Aktiviert Archive: Aktiviert Rootkits: Deaktiviert Shuriken: Aktiviert PUP: Aktiviert PUM: Aktiviert Prozesse: 0 (No malicious items detected) Module: 0 (No malicious items detected) Registrierungsschlüssel: 0 (No malicious items detected) Registrierungswerte: 0 (No malicious items detected) Registrierungsdaten: 0 (No malicious items detected) Ordner: 0 (No malicious items detected) Dateien: 0 (No malicious items detected) Physische Sektoren: 0 (No malicious items detected) (end) FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 11-05-2014 01 Ran by buero heuser (administrator) on BUEROHEUSER-PC on 14-05-2014 15:03:36 Running from C:\Users\buero heuser\Desktop\Viren_Software Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: German Standard Internet Explorer Version 11 Boot Mode: Normal ==================== Processes (Whitelisted) ================= (Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avp.exe (Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe (Intel Corporation) C:\Windows\System32\IPROSetMonitor.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe (Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe (Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe (Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Intel Corporation) C:\Windows\System32\igfxtray.exe (Intel Corporation) C:\Windows\System32\hkcmd.exe (Intel Corporation) C:\Windows\System32\igfxpers.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (shbox.de) C:\Program Files (x86)\FreePDF_XP\fpassist.exe (Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avpui.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PrivacyIconClient.exe ==================== Registry (Whitelisted) ================== HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13374568 2011-12-13] (Realtek Semiconductor) HKLM-x32\...\Run: [IMSS] => C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe [133400 2012-02-07] (Intel Corporation) HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [291608 2012-01-26] (Intel Corporation) HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [284440 2011-11-29] (Intel Corporation) HKLM-x32\...\Run: [GrooveMonitor] => C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [31016 2006-10-27] (Microsoft Corporation) HKLM-x32\...\Run: [FreePDF Assistant] => C:\Program Files (x86)\FreePDF_XP\fpassist.exe [385024 2009-09-05] (shbox.de) Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation) ==================== Internet (Whitelisted) ==================== HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xA84333675B38CE01 HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de BHO: Content Blocker Plugin - {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\x64\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO) BHO: Virtual Keyboard Plugin - {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO) BHO: Safe Money Plugin - {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\x64\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO) BHO: URL Advisor Plugin - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\x64\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO) BHO-x32: Content Blocker Plugin - {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO) BHO-x32: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation) BHO-x32: Virtual Keyboard Plugin - {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO) BHO-x32: Safe Money Plugin - {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO) BHO-x32: URL Advisor Plugin - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO) Tcpip\Parameters: [DhcpNameServer] 192.168.178.1 FireFox: ======== FF ProfilePath: C:\Users\buero heuser\AppData\Roaming\Mozilla\Firefox\Profiles\d0pagp99.default FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_13_0_0_214.dll () FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_214.dll () FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.0.59 - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation) FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation) FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml FF HKLM-x32\...\Firefox\Extensions: - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\url_advisor@kaspersky.com FF Extension: 卡巴斯基網址顧問 - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\url_advisor@kaspersky.com [2013-11-23] FF HKLM-x32\...\Firefox\Extensions: [virtual_keyboard@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\virtual_keyboard@kaspersky.com FF Extension: 虛擬鍵盤 - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\virtual_keyboard@kaspersky.com [2013-11-23] FF HKLM-x32\...\Firefox\Extensions: [content_blocker@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\content_blocker@kaspersky.com FF Extension: 惡意網站攔截器 - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\content_blocker@kaspersky.com [2013-11-23] FF HKLM-x32\...\Firefox\Extensions: [anti_banner@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\anti_banner@kaspersky.com FF Extension: Chặn quảng cáo - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\anti_banner@kaspersky.com [2013-11-23] FF HKLM-x32\...\Firefox\Extensions: [online_banking@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\online_banking@kaspersky.com FF Extension: Safe Money - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\online_banking@kaspersky.com [2013-11-23] ==================== Services (Whitelisted) ================= R2 AVP; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avp.exe [214512 2013-10-17] (Kaspersky Lab ZAO) R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [128280 2012-02-07] () R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [161560 2012-02-07] (Intel Corporation) R2 MBAMScheduler; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe [1809720 2014-04-03] (Malwarebytes Corporation) R2 MBAMService; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [857912 2014-04-03] (Malwarebytes Corporation) ==================== Drivers (Whitelisted) ==================== R0 kl1; C:\Windows\System32\DRIVERS\kl1.sys [458336 2013-11-23] (Kaspersky Lab ZAO) S4 klflt; C:\Windows\System32\DRIVERS\klflt.sys [115296 2014-03-20] (Kaspersky Lab ZAO) R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [625248 2014-03-20] (Kaspersky Lab ZAO) R1 KLIM6; C:\Windows\System32\DRIVERS\klim6.sys [29792 2013-10-17] (Kaspersky Lab ZAO) R3 klkbdflt; C:\Windows\System32\DRIVERS\klkbdflt.sys [29280 2014-02-17] (Kaspersky Lab ZAO) R3 klmouflt; C:\Windows\System32\DRIVERS\klmouflt.sys [29280 2013-10-17] (Kaspersky Lab ZAO) R1 klpd; C:\Windows\System32\DRIVERS\klpd.sys [15456 2013-04-12] (Kaspersky Lab ZAO) R1 kltdi; C:\Windows\System32\DRIVERS\kltdi.sys [55904 2013-05-14] (Kaspersky Lab ZAO) R1 kneps; C:\Windows\System32\DRIVERS\kneps.sys [178272 2013-12-18] (Kaspersky Lab ZAO) R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-04-03] (Malwarebytes Corporation) R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [119512 2014-05-14] (Malwarebytes Corporation) R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63192 2014-04-03] (Malwarebytes Corporation) ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2014-05-14 14:53 - 2014-05-14 15:03 - 00000000 ____D () C:\Users\buero heuser\Desktop\Viren_Software 2014-05-14 14:40 - 2014-05-14 14:40 - 00000000 ____D () C:\Windows\ERUNT 2014-05-14 14:37 - 2014-05-14 14:40 - 00000000 ____D () C:\AdwCleaner 2014-05-14 14:27 - 2014-05-14 14:39 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2014-05-14 14:27 - 2014-05-14 14:27 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 2014-05-14 14:27 - 2014-05-14 14:27 - 00000000 ____D () C:\ProgramData\Malwarebytes 2014-05-14 14:27 - 2014-05-14 14:27 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 2014-05-14 14:27 - 2014-04-03 09:51 - 00088280 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys 2014-05-14 14:27 - 2014-04-03 09:51 - 00063192 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys 2014-05-14 14:27 - 2014-04-03 09:50 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys 2014-05-14 14:23 - 2014-05-14 14:23 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group 2014-05-14 10:50 - 2014-05-14 10:50 - 17938608 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe 2014-05-13 10:32 - 2014-05-14 15:03 - 00000000 ____D () C:\FRST 2014-05-12 08:46 - 2014-05-12 08:46 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox 2014-05-06 18:31 - 2014-05-06 18:31 - 00000000 ___SD () C:\Windows\system32\CompatTel 2014-05-06 12:45 - 2014-04-14 04:24 - 00465408 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll 2014-05-06 12:45 - 2014-04-14 04:19 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll 2014-05-03 13:24 - 2014-04-29 16:01 - 23547904 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2014-05-03 13:24 - 2014-04-29 15:40 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2014-05-03 13:24 - 2014-04-29 14:48 - 17384448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2014-05-03 13:24 - 2014-04-29 14:34 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb 2014-04-29 18:32 - 2014-03-06 11:31 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll 2014-04-29 18:32 - 2014-03-06 10:59 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll 2014-04-29 18:32 - 2014-03-06 10:57 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll 2014-04-29 18:32 - 2014-03-06 10:57 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll 2014-04-29 18:32 - 2014-03-06 10:53 - 02767360 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2014-04-29 18:32 - 2014-03-06 10:40 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll 2014-04-29 18:32 - 2014-03-06 10:39 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll 2014-04-29 18:32 - 2014-03-06 10:32 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll 2014-04-29 18:32 - 2014-03-06 10:29 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe 2014-04-29 18:32 - 2014-03-06 10:29 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe 2014-04-29 18:32 - 2014-03-06 10:28 - 00752640 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll 2014-04-29 18:32 - 2014-03-06 10:15 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe 2014-04-29 18:32 - 2014-03-06 10:11 - 05784064 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2014-04-29 18:32 - 2014-03-06 10:09 - 00453120 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll 2014-04-29 18:32 - 2014-03-06 10:03 - 00586240 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe 2014-04-29 18:32 - 2014-03-06 10:02 - 00455168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll 2014-04-29 18:32 - 2014-03-06 10:02 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll 2014-04-29 18:32 - 2014-03-06 10:01 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll 2014-04-29 18:32 - 2014-03-06 09:56 - 00038400 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll 2014-04-29 18:32 - 2014-03-06 09:48 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll 2014-04-29 18:32 - 2014-03-06 09:47 - 02178048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2014-04-29 18:32 - 2014-03-06 09:46 - 04254720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll 2014-04-29 18:32 - 2014-03-06 09:46 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll 2014-04-29 18:32 - 2014-03-06 09:45 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll 2014-04-29 18:32 - 2014-03-06 09:42 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll 2014-04-29 18:32 - 2014-03-06 09:40 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll 2014-04-29 18:32 - 2014-03-06 09:38 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe 2014-04-29 18:32 - 2014-03-06 09:36 - 00592896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll 2014-04-29 18:32 - 2014-03-06 09:22 - 00367616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll 2014-04-29 18:32 - 2014-03-06 09:21 - 00628736 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2014-04-29 18:32 - 2014-03-06 09:13 - 00032256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll 2014-04-29 18:32 - 2014-03-06 09:11 - 02043904 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl 2014-04-29 18:32 - 2014-03-06 09:07 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll 2014-04-29 18:32 - 2014-03-06 09:01 - 00244224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll 2014-04-29 18:32 - 2014-03-06 08:53 - 13551104 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2014-04-29 18:32 - 2014-03-06 08:46 - 00524288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll 2014-04-29 18:32 - 2014-03-06 08:40 - 01967104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl 2014-04-29 18:32 - 2014-03-06 08:36 - 11745792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2014-04-29 18:32 - 2014-03-06 08:22 - 02260480 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2014-04-29 18:32 - 2014-03-06 07:58 - 01400832 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2014-04-29 18:32 - 2014-03-06 07:50 - 00846336 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll 2014-04-29 18:32 - 2014-03-06 07:43 - 00704512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll 2014-04-29 18:32 - 2014-03-06 07:41 - 01789440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2014-04-29 18:32 - 2014-03-06 07:36 - 01143808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll ==================== One Month Modified Files and Folders ======= 2014-05-14 15:03 - 2014-05-14 14:53 - 00000000 ____D () C:\Users\buero heuser\Desktop\Viren_Software 2014-05-14 15:03 - 2014-05-13 10:32 - 00000000 ____D () C:\FRST 2014-05-14 14:54 - 2013-04-13 17:11 - 00000000 ____D () C:\ProgramData\Kaspersky Lab 2014-05-14 14:50 - 2013-09-09 07:44 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job 2014-05-14 14:46 - 2009-07-14 06:45 - 00021872 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2014-05-14 14:46 - 2009-07-14 06:45 - 00021872 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2014-05-14 14:45 - 2011-04-12 09:43 - 00699432 _____ () C:\Windows\system32\perfh007.dat 2014-05-14 14:45 - 2011-04-12 09:43 - 00149572 _____ () C:\Windows\system32\perfc007.dat 2014-05-14 14:45 - 2009-07-14 07:13 - 01620684 _____ () C:\Windows\system32\PerfStringBackup.INI 2014-05-14 14:40 - 2014-05-14 14:40 - 00000000 ____D () C:\Windows\ERUNT 2014-05-14 14:40 - 2014-05-14 14:37 - 00000000 ____D () C:\AdwCleaner 2014-05-14 14:39 - 2014-05-14 14:27 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2014-05-14 14:39 - 2013-04-13 16:29 - 00000828 _____ () C:\Windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon.job 2014-05-14 14:39 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2014-05-14 14:39 - 2009-07-14 06:51 - 00084710 _____ () C:\Windows\setupact.log 2014-05-14 14:38 - 2013-04-13 16:25 - 01551912 _____ () C:\Windows\WindowsUpdate.log 2014-05-14 14:38 - 2010-11-21 05:47 - 00103032 _____ () C:\Windows\PFRO.log 2014-05-14 14:27 - 2014-05-14 14:27 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 2014-05-14 14:27 - 2014-05-14 14:27 - 00000000 ____D () C:\ProgramData\Malwarebytes 2014-05-14 14:27 - 2014-05-14 14:27 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 2014-05-14 14:23 - 2014-05-14 14:23 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group 2014-05-14 12:06 - 2013-04-15 09:48 - 00204180 _____ () C:\fpRedmon.log 2014-05-14 12:06 - 2013-04-15 09:48 - 00000000 ____D () C:\Users\buero heuser\AppData\Local\FreePDF_XP 2014-05-14 10:50 - 2014-05-14 10:50 - 17938608 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe 2014-05-14 10:50 - 2013-09-09 07:44 - 00692400 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2014-05-14 10:50 - 2013-09-09 07:44 - 00070832 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2014-05-14 10:50 - 2013-09-09 07:44 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater 2014-05-14 09:26 - 2013-04-13 17:28 - 00003982 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{B1158681-E919-4ED9-90B9-D778ACBD906E} 2014-05-14 08:29 - 2009-07-14 07:32 - 00000000 ____D () C:\Windows\system32\FxsTmp 2014-05-14 08:20 - 2013-04-13 16:45 - 00000000 ____D () C:\ProgramData\CSS Group 2014-05-13 15:38 - 2013-04-13 16:29 - 00000830 _____ () C:\Windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d.job 2014-05-13 07:51 - 2013-04-15 10:11 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service 2014-05-12 08:46 - 2014-05-12 08:46 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox 2014-05-06 18:31 - 2014-05-06 18:31 - 00000000 ___SD () C:\Windows\system32\CompatTel 2014-04-30 13:08 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\rescache 2014-04-30 07:44 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\PolicyDefinitions 2014-04-29 16:01 - 2014-05-03 13:24 - 23547904 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2014-04-29 15:40 - 2014-05-03 13:24 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2014-04-29 14:48 - 2014-05-03 13:24 - 17384448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2014-04-29 14:34 - 2014-05-03 13:24 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb 2014-04-14 04:24 - 2014-05-06 12:45 - 00465408 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll 2014-04-14 04:19 - 2014-05-06 12:45 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll Some content of TEMP: ==================== C:\Users\buero heuser\AppData\Local\Temp\fp_pl_pfs_installer.exe C:\Users\buero heuser\AppData\Local\Temp\NEWB65.tmp.exe C:\Users\buero heuser\AppData\Local\Temp\ose00000.exe C:\Users\buero heuser\AppData\Local\Temp\Quarantine.exe C:\Users\buero heuser\AppData\Local\Temp\setup.exe C:\Users\buero heuser\AppData\Local\Temp\_is1370.exe ==================== Bamital & volsnap Check ================= C:\Windows\System32\winlogon.exe => MD5 is legit C:\Windows\System32\wininit.exe => MD5 is legit C:\Windows\SysWOW64\wininit.exe => MD5 is legit C:\Windows\explorer.exe => MD5 is legit C:\Windows\SysWOW64\explorer.exe => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\SysWOW64\svchost.exe => MD5 is legit C:\Windows\System32\services.exe => MD5 is legit C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\SysWOW64\User32.dll => MD5 is legit C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\SysWOW64\userinit.exe => MD5 is legit C:\Windows\System32\rpcss.dll => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit LastRegBack: 2014-05-09 11:57 ==================== End Of Log ============================ --- --- --- Hier kommt der zweite PC: Code:
ATTFilter # AdwCleaner v3.208 - Bericht erstellt am 14/05/2014 um 11:45:27 # Aktualisiert 11/05/2014 von Xplode # Betriebssystem : Windows 7 Professional Service Pack 1 (64 bits) # Benutzername : Heuser - HEUSER-PC # Gestartet von : C:\Users\Heuser\Desktop\3adwcleaner.exe # Option : Löschen ***** [ Dienste ] ***** ***** [ Dateien / Ordner ] ***** Ordner Gelöscht : C:\Program Files (x86)\Conduit Ordner Gelöscht : C:\Program Files (x86)\WiseConvert Ordner Gelöscht : C:\Users\Heuser\AppData\Local\Conduit Ordner Gelöscht : C:\Users\Heuser\AppData\Local\PackageAware Ordner Gelöscht : C:\Users\Heuser\AppData\Local\Temp\AskSearch Ordner Gelöscht : C:\Users\Heuser\AppData\LocalLow\Conduit Ordner Gelöscht : C:\Users\Heuser\AppData\LocalLow\PriceGong Ordner Gelöscht : C:\Users\Heuser\AppData\LocalLow\WiseConvert ***** [ Verknüpfungen ] ***** ***** [ Registrierungsdatenbank ] ***** Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\conduit.com Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\AskInstallChecker_RASAPI32 Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\AskInstallChecker_RASMANCS Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\askpartnercobrandingtool_rasapi32 Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\askpartnercobrandingtool_rasmancs Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1} Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E2B48B1D-A9E2-4AED-A955-5A5B4205DB6C} Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{087604DD-4D2C-469C-AA98-03D583EB174F} Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D4027C7F-154A-4066-A1AD-4243D8127440}] Schlüssel Gelöscht : HKCU\Software\WiseConvert Schlüssel Gelöscht : HKCU\Software\AppDataLow\Toolbar Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\BackgroundContainer Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\Conduit Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\ConduitSearchScopes Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\SmartBar Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\WiseConvert Schlüssel Gelöscht : HKLM\Software\Conduit Schlüssel Gelöscht : HKLM\Software\WiseConvert Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WiseConvert Toolbar ***** [ Browser ] ***** -\\ Internet Explorer v11.0.9600.17041 -\\ Mozilla Firefox v29.0.1 (de) [ Datei : C:\Users\Heuser\AppData\Roaming\Mozilla\Firefox\Profiles\dxetymwl.default\prefs.js ] ************************* AdwCleaner[R0].txt - [2887 octets] - [14/05/2014 11:44:32] AdwCleaner[S0].txt - [2754 octets] - [14/05/2014 11:45:27] ########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [2814 octets] ########## FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 11-05-2014 01 Ran by Heuser (administrator) on HEUSER-PC on 14-05-2014 12:07:28 Running from C:\Users\Heuser\Desktop Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: German Standard Internet Explorer Version 11 Boot Mode: Normal ==================== Processes (Whitelisted) ================= (Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe (Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe (Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe (Intel Corporation) C:\Windows\System32\igfxtray.exe (Intel Corporation) C:\Windows\System32\hkcmd.exe (Intel Corporation) C:\Windows\System32\igfxpers.exe (Intel Corporation) C:\Windows\System32\igfxsrvc.exe (Dropbox, Inc.) C:\Users\Heuser\AppData\Roaming\Dropbox\bin\Dropbox.exe (shbox.de) C:\Program Files (x86)\FreePDF_XP\fpassist.exe (Nuance Communications, Inc.) C:\Program Files (x86)\ScanSoft\PaperPort\pptd40nt.exe (Sun Microsystems, Inc.) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe () C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe (Brother Industries, Ltd.) C:\Program Files (x86)\Brother\ControlCenter3\BrccMCtl.exe (Brother Industries, Ltd.) C:\Program Files (x86)\Brother\Brmfcmon\BrMfimon.exe (Sun Microsystems, Inc.) C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe (Intel Corporation) C:\Windows\System32\igfxsrvc.exe ==================== Registry (Whitelisted) ================== HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated) HKLM-x32\...\Run: [FreePDF Assistant] => C:\Program Files (x86)\FreePDF_XP\fpassist.exe [385024 2009-09-05] (shbox.de) HKLM-x32\...\Run: [GrooveMonitor] => C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [31016 2006-10-27] (Microsoft Corporation) HKLM-x32\...\Run: [SSBkgdUpdate] => C:\Program Files (x86)\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe [210472 2006-10-25] (Nuance Communications, Inc.) HKLM-x32\...\Run: [PaperPort PTD] => C:\Program Files (x86)\ScanSoft\PaperPort\pptd40nt.exe [29984 2008-07-10] (Nuance Communications, Inc.) HKLM-x32\...\Run: [IndexSearch] => C:\Program Files (x86)\ScanSoft\PaperPort\IndexSearch.exe [46368 2008-07-10] (Nuance Communications, Inc.) HKLM-x32\...\Run: [PPort11reminder] => C:\Program Files (x86)\ScanSoft\PaperPort\Ereg\Ereg.exe [328992 2007-08-31] (Nuance Communications, Inc.) HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254696 2012-01-18] (Sun Microsystems, Inc.) HKLM-x32\...\Run: [BrMfcWnd] => C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe [1163264 2011-04-01] () HKLM-x32\...\Run: [ControlCenter3] => C:\Program Files (x86)\Brother\ControlCenter3\brctrcen.exe [114688 2008-12-24] (Brother Industries, Ltd.) Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation) Startup: C:\Users\Heuser\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk ShortcutTarget: Dropbox.lnk -> C:\Users\Heuser\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) ==================== Internet (Whitelisted) ==================== HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x42F618F31893CC01 HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de BHO: Content Blocker Plugin - {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\x64\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO) BHO: Virtual Keyboard Plugin - {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO) BHO: Safe Money Plugin - {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\x64\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO) BHO: URL Advisor Plugin - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\x64\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO) BHO-x32: Content Blocker Plugin - {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO) BHO-x32: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation) BHO-x32: Virtual Keyboard Plugin - {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO) BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.) BHO-x32: Safe Money Plugin - {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO) BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.) BHO-x32: URL Advisor Plugin - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO) Tcpip\Parameters: [DhcpNameServer] 192.168.178.1 FireFox: ======== FF ProfilePath: C:\Users\Heuser\AppData\Roaming\Mozilla\Firefox\Profiles\dxetymwl.default FF Homepage: hxxp://www.t-online.de/ FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_13_0_0_206.dll () FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_206.dll () FF Plugin-x32: @java.com/JavaPlugin - C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.) FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml FF HKLM-x32\...\Firefox\Extensions: - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\url_advisor@kaspersky.com FF Extension: 卡巴斯基網址顧問 - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\url_advisor@kaspersky.com [2013-11-11] FF HKLM-x32\...\Firefox\Extensions: [virtual_keyboard@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\virtual_keyboard@kaspersky.com FF Extension: 虛擬鍵盤 - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\virtual_keyboard@kaspersky.com [2013-11-11] FF HKLM-x32\...\Firefox\Extensions: [content_blocker@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\content_blocker@kaspersky.com FF Extension: 惡意網站攔截器 - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\content_blocker@kaspersky.com [2013-11-11] FF HKLM-x32\...\Firefox\Extensions: [anti_banner@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\anti_banner@kaspersky.com FF Extension: Chặn quảng cáo - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\anti_banner@kaspersky.com [2013-11-11] FF HKLM-x32\...\Firefox\Extensions: [online_banking@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\online_banking@kaspersky.com FF Extension: Safe Money - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\online_banking@kaspersky.com [2013-11-11] ==================== Services (Whitelisted) ================= S2 AVP; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avp.exe [214512 2013-10-17] (Kaspersky Lab ZAO) R2 MBAMScheduler; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe [1809720 2014-04-03] (Malwarebytes Corporation) R2 MBAMService; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [857912 2014-04-03] (Malwarebytes Corporation) ==================== Drivers (Whitelisted) ==================== R0 kl1; C:\Windows\System32\DRIVERS\kl1.sys [458336 2013-11-11] (Kaspersky Lab ZAO) S4 klflt; C:\Windows\System32\DRIVERS\klflt.sys [115296 2014-03-25] (Kaspersky Lab ZAO) R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [625248 2014-03-25] (Kaspersky Lab ZAO) R1 KLIM6; C:\Windows\System32\DRIVERS\klim6.sys [29792 2013-10-17] (Kaspersky Lab ZAO) R3 klkbdflt; C:\Windows\System32\DRIVERS\klkbdflt.sys [29280 2014-02-18] (Kaspersky Lab ZAO) R3 klmouflt; C:\Windows\System32\DRIVERS\klmouflt.sys [29280 2013-10-17] (Kaspersky Lab ZAO) R1 klpd; C:\Windows\System32\DRIVERS\klpd.sys [15456 2013-04-12] (Kaspersky Lab ZAO) R1 kltdi; C:\Windows\System32\DRIVERS\kltdi.sys [55904 2013-05-14] (Kaspersky Lab ZAO) R1 kneps; C:\Windows\System32\DRIVERS\kneps.sys [178272 2013-12-19] (Kaspersky Lab ZAO) R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-04-03] (Malwarebytes Corporation) R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [119512 2014-05-14] (Malwarebytes Corporation) R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63192 2014-04-03] (Malwarebytes Corporation) U5 VWiFiFlt; C:\Windows\System32\Drivers\VWiFiFlt.sys [59904 2009-07-14] (Microsoft Corporation) ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2014-05-14 12:07 - 2014-05-14 12:07 - 00010822 _____ () C:\Users\Heuser\Desktop\FRST.txt 2014-05-14 12:07 - 2014-05-14 11:56 - 02066944 _____ (Farbar) C:\Users\Heuser\Desktop\FRST64.exe 2014-05-14 11:50 - 2014-05-14 11:50 - 00000000 ____D () C:\Windows\ERUNT 2014-05-14 11:49 - 2014-05-14 11:35 - 01016261 _____ (Thisisu) C:\Users\Heuser\Desktop\4JRT.exe 2014-05-14 11:44 - 2014-05-14 11:45 - 00000000 ____D () C:\AdwCleaner 2014-05-14 11:44 - 2014-05-14 11:23 - 01325827 _____ () C:\Users\Heuser\Desktop\3adwcleaner.exe 2014-05-14 11:21 - 2014-05-14 11:48 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2014-05-14 11:21 - 2014-05-14 11:21 - 00001106 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk 2014-05-14 11:21 - 2014-05-14 11:21 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 2014-05-14 11:21 - 2014-05-14 11:21 - 00000000 ____D () C:\ProgramData\Malwarebytes 2014-05-14 11:21 - 2014-05-14 11:21 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 2014-05-14 11:21 - 2014-04-03 09:51 - 00088280 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys 2014-05-14 11:21 - 2014-04-03 09:51 - 00063192 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys 2014-05-14 11:21 - 2014-04-03 09:50 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys 2014-05-14 11:01 - 2014-05-14 11:01 - 00001268 _____ () C:\Users\Heuser\Desktop\Revo Uninstaller.lnk 2014-05-14 11:01 - 2014-05-14 11:01 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group 2014-05-13 10:30 - 2014-05-14 12:07 - 00000000 ____D () C:\FRST 2014-05-12 18:03 - 2014-05-12 18:04 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox 2014-05-06 12:45 - 2014-05-06 12:45 - 00000000 ___SD () C:\Windows\system32\CompatTel 2014-05-06 12:05 - 2014-05-06 12:06 - 33593014 _____ () C:\Users\Heuser\Downloads\Aktion_sweetspot.zip 2014-05-06 11:18 - 2014-04-14 04:24 - 00465408 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll 2014-05-06 11:18 - 2014-04-14 04:19 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll 2014-05-03 13:36 - 2014-04-29 16:01 - 23547904 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2014-05-03 13:36 - 2014-04-29 15:40 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2014-05-03 13:36 - 2014-04-29 14:48 - 17384448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2014-05-03 13:36 - 2014-04-29 14:34 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb 2014-04-29 08:22 - 2014-03-06 11:31 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll 2014-04-29 08:22 - 2014-03-06 10:59 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll 2014-04-29 08:22 - 2014-03-06 10:57 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll 2014-04-29 08:22 - 2014-03-06 10:57 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll 2014-04-29 08:22 - 2014-03-06 10:53 - 02767360 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2014-04-29 08:22 - 2014-03-06 10:40 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll 2014-04-29 08:22 - 2014-03-06 10:39 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll 2014-04-29 08:22 - 2014-03-06 10:32 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll 2014-04-29 08:22 - 2014-03-06 10:29 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe 2014-04-29 08:22 - 2014-03-06 10:29 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe 2014-04-29 08:22 - 2014-03-06 10:28 - 00752640 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll 2014-04-29 08:22 - 2014-03-06 10:15 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe 2014-04-29 08:22 - 2014-03-06 10:11 - 05784064 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2014-04-29 08:22 - 2014-03-06 10:09 - 00453120 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll 2014-04-29 08:22 - 2014-03-06 10:03 - 00586240 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe 2014-04-29 08:22 - 2014-03-06 10:02 - 00455168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll 2014-04-29 08:22 - 2014-03-06 10:02 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll 2014-04-29 08:22 - 2014-03-06 10:01 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll 2014-04-29 08:22 - 2014-03-06 09:56 - 00038400 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll 2014-04-29 08:22 - 2014-03-06 09:48 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll 2014-04-29 08:22 - 2014-03-06 09:47 - 02178048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2014-04-29 08:22 - 2014-03-06 09:46 - 04254720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll 2014-04-29 08:22 - 2014-03-06 09:46 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll 2014-04-29 08:22 - 2014-03-06 09:45 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll 2014-04-29 08:22 - 2014-03-06 09:42 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll 2014-04-29 08:22 - 2014-03-06 09:40 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll 2014-04-29 08:22 - 2014-03-06 09:38 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe 2014-04-29 08:22 - 2014-03-06 09:36 - 00592896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll 2014-04-29 08:22 - 2014-03-06 09:22 - 00367616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll 2014-04-29 08:22 - 2014-03-06 09:21 - 00628736 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2014-04-29 08:22 - 2014-03-06 09:13 - 00032256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll 2014-04-29 08:22 - 2014-03-06 09:11 - 02043904 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl 2014-04-29 08:22 - 2014-03-06 09:07 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll 2014-04-29 08:22 - 2014-03-06 09:01 - 00244224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll 2014-04-29 08:22 - 2014-03-06 08:53 - 13551104 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2014-04-29 08:22 - 2014-03-06 08:46 - 00524288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll 2014-04-29 08:22 - 2014-03-06 08:40 - 01967104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl 2014-04-29 08:22 - 2014-03-06 08:36 - 11745792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2014-04-29 08:22 - 2014-03-06 08:22 - 02260480 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2014-04-29 08:22 - 2014-03-06 07:58 - 01400832 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2014-04-29 08:22 - 2014-03-06 07:50 - 00846336 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll 2014-04-29 08:22 - 2014-03-06 07:43 - 00704512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll 2014-04-29 08:22 - 2014-03-06 07:41 - 01789440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2014-04-29 08:22 - 2014-03-06 07:36 - 01143808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2014-04-24 12:28 - 2014-04-24 12:28 - 00358403 _____ () C:\Users\Heuser\Downloads\20140415_aeris_Bannerpaket_RitterRost.zip ==================== One Month Modified Files and Folders ======= 2014-05-14 12:07 - 2014-05-14 12:07 - 00010822 _____ () C:\Users\Heuser\Desktop\FRST.txt 2014-05-14 12:07 - 2014-05-13 10:30 - 00000000 ____D () C:\FRST 2014-05-14 12:01 - 2013-07-03 12:19 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job 2014-05-14 11:56 - 2014-05-14 12:07 - 02066944 _____ (Farbar) C:\Users\Heuser\Desktop\FRST64.exe 2014-05-14 11:54 - 2009-07-14 06:45 - 00021696 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2014-05-14 11:54 - 2009-07-14 06:45 - 00021696 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2014-05-14 11:50 - 2014-05-14 11:50 - 00000000 ____D () C:\Windows\ERUNT 2014-05-14 11:48 - 2014-05-14 11:21 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2014-05-14 11:48 - 2011-10-25 15:51 - 00000000 ___RD () C:\Users\Heuser\Dropbox 2014-05-14 11:48 - 2011-10-25 15:49 - 00000000 ____D () C:\Users\Heuser\AppData\Roaming\Dropbox 2014-05-14 11:48 - 2011-10-25 15:14 - 00000000 ____D () C:\ProgramData\Kaspersky Lab 2014-05-14 11:46 - 2010-11-21 05:47 - 00116384 _____ () C:\Windows\PFRO.log 2014-05-14 11:46 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2014-05-14 11:46 - 2009-07-14 06:51 - 00124662 _____ () C:\Windows\setupact.log 2014-05-14 11:45 - 2014-05-14 11:44 - 00000000 ____D () C:\AdwCleaner 2014-05-14 11:45 - 2011-10-25 14:49 - 01474753 _____ () C:\Windows\WindowsUpdate.log 2014-05-14 11:35 - 2014-05-14 11:49 - 01016261 _____ (Thisisu) C:\Users\Heuser\Desktop\4JRT.exe 2014-05-14 11:23 - 2014-05-14 11:44 - 01325827 _____ () C:\Users\Heuser\Desktop\3adwcleaner.exe 2014-05-14 11:21 - 2014-05-14 11:21 - 00001106 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk 2014-05-14 11:21 - 2014-05-14 11:21 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 2014-05-14 11:21 - 2014-05-14 11:21 - 00000000 ____D () C:\ProgramData\Malwarebytes 2014-05-14 11:21 - 2014-05-14 11:21 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 2014-05-14 11:14 - 2011-10-25 16:19 - 00000000 ____D () C:\FIND_MOZ_EXT 2014-05-14 11:01 - 2014-05-14 11:01 - 00001268 _____ () C:\Users\Heuser\Desktop\Revo Uninstaller.lnk 2014-05-14 11:01 - 2014-05-14 11:01 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group 2014-05-14 10:42 - 2011-10-25 16:26 - 00074160 _____ () C:\fpRedmon.log 2014-05-14 10:42 - 2011-10-25 16:26 - 00000000 ____D () C:\Users\Heuser\AppData\Local\FreePDF_XP 2014-05-14 10:04 - 2009-07-14 07:32 - 00000000 ____D () C:\Windows\system32\FxsTmp 2014-05-14 09:55 - 2011-10-27 08:34 - 00000000 ____D () C:\ProgramData\CSS Group 2014-05-13 07:54 - 2012-09-28 08:36 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service 2014-05-12 18:04 - 2014-05-12 18:03 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox 2014-05-06 12:45 - 2014-05-06 12:45 - 00000000 ___SD () C:\Windows\system32\CompatTel 2014-05-06 12:06 - 2014-05-06 12:05 - 33593014 _____ () C:\Users\Heuser\Downloads\Aktion_sweetspot.zip 2014-05-06 11:19 - 2011-04-12 09:43 - 00699682 _____ () C:\Windows\system32\perfh007.dat 2014-05-06 11:19 - 2011-04-12 09:43 - 00149790 _____ () C:\Windows\system32\perfc007.dat 2014-05-06 11:19 - 2009-07-14 07:13 - 01620684 _____ () C:\Windows\system32\PerfStringBackup.INI 2014-04-29 16:01 - 2014-05-03 13:36 - 23547904 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2014-04-29 15:40 - 2014-05-03 13:36 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2014-04-29 15:01 - 2013-07-03 12:19 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater 2014-04-29 15:01 - 2013-03-26 16:20 - 00692400 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2014-04-29 15:01 - 2011-10-26 09:01 - 00070832 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2014-04-29 14:48 - 2014-05-03 13:36 - 17384448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2014-04-29 14:34 - 2014-05-03 13:36 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb 2014-04-29 12:24 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\rescache 2014-04-29 11:05 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\PolicyDefinitions 2014-04-25 12:16 - 2013-10-12 12:40 - 00000000 ____D () C:\Users\Heuser\Desktop\PDF 2014-04-24 12:28 - 2014-04-24 12:28 - 00358403 _____ () C:\Users\Heuser\Downloads\20140415_aeris_Bannerpaket_RitterRost.zip 2014-04-23 09:09 - 2011-10-25 15:05 - 00000000 ___RD () C:\Users\Heuser\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup 2014-04-23 09:08 - 2011-10-25 15:50 - 00000000 ____D () C:\Users\Heuser\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox 2014-04-15 08:13 - 2009-07-14 07:08 - 00032640 _____ () C:\Windows\Tasks\SCHEDLGU.TXT 2014-04-14 04:24 - 2014-05-06 11:18 - 00465408 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll 2014-04-14 04:19 - 2014-05-06 11:18 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll Some content of TEMP: ==================== C:\Users\Heuser\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpjcyog6.dll C:\Users\Heuser\AppData\Local\Temp\firefoxjre_exe.exe C:\Users\Heuser\AppData\Local\Temp\jinstaller142_19.exe C:\Users\Heuser\AppData\Local\Temp\jre-6u39-windows-i586-iftw.exe C:\Users\Heuser\AppData\Local\Temp\jre-7u55-windows-i586-iftw.exe C:\Users\Heuser\AppData\Local\Temp\ose00000.exe C:\Users\Heuser\AppData\Local\Temp\Quarantine.exe C:\Users\Heuser\AppData\Local\Temp\setup.exe C:\Users\Heuser\AppData\Local\Temp\_is1E78.exe ==================== Bamital & volsnap Check ================= C:\Windows\System32\winlogon.exe => MD5 is legit C:\Windows\System32\wininit.exe => MD5 is legit C:\Windows\SysWOW64\wininit.exe => MD5 is legit C:\Windows\explorer.exe => MD5 is legit C:\Windows\SysWOW64\explorer.exe => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\SysWOW64\svchost.exe => MD5 is legit C:\Windows\System32\services.exe => MD5 is legit C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\SysWOW64\User32.dll => MD5 is legit C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\SysWOW64\userinit.exe => MD5 is legit C:\Windows\System32\rpcss.dll => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit LastRegBack: 2014-05-09 12:13 ==================== End Of Log ============================ --- --- --- Code:
ATTFilter ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Junkware Removal Tool (JRT) by Thisisu Version: 6.1.4 (04.06.2014:1) OS: Windows 7 Professional x64 Ran by Heuser on 14.05.2014 at 11:50:28,02 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~ Services ~~~ Registry Values ~~~ Registry Keys Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{8A0A2F73-06C2-46DB-89D3-19B390C3B01F} ~~~ Files ~~~ Folders ~~~ FireFox Emptied folder: C:\Users\Heuser\AppData\Roaming\mozilla\firefox\profiles\dxetymwl.default\minidumps [346 files] ~~~ Event Viewer Logs were cleared ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Scan was completed on 14.05.2014 at 12:05:49,34 End of JRT log ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Code:
ATTFilter Malwarebytes Anti-Malware www.malwarebytes.org Suchlauf Datum: 14.05.2014 Suchlauf-Zeit: 11:37:35 Logdatei: 2mbam_Pa.txt Administrator: Ja Version: 2.00.1.1004 Malware Datenbank: v2014.05.14.02 Rootkit Datenbank: v2014.03.27.01 Lizenz: Testversion Malware Schutz: Aktiviert Bösartiger Webseiten Schutz: Aktiviert Chameleon: Deaktiviert Betriebssystem: Windows 7 Service Pack 1 CPU: x64 Dateisystem: NTFS Benutzer: Heuser Suchlauf-Art: Bedrohungs-Suchlauf Ergebnis: Abgeschlossen Durchsuchte Objekte: 269516 Verstrichene Zeit: 14 Min, 59 Sek Speicher: Aktiviert Autostart: Aktiviert Dateisystem: Aktiviert Archive: Aktiviert Rootkits: Deaktiviert Shuriken: Aktiviert PUP: Aktiviert PUM: Aktiviert Prozesse: 0 (No malicious items detected) Module: 0 (No malicious items detected) Registrierungsschlüssel: 10 PUP.Optional.MindSpark.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{EBD898F8-FCF6-4694-BC3B-EABC7271EEB1}, In Quarantäne, [ad9d024fe7949a9cecf5939113efcd33], PUP.Optional.MindSpark.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{71B1DF81-18D9-4E5B-9493-CAB02B6E9D8F}, In Quarantäne, [ad9d024fe7949a9cecf5939113efcd33], PUP.Optional.MindSpark.A, HKLM\SOFTWARE\CLASSES\Toolbar.CT3196716, In Quarantäne, [ad9d024fe7949a9cecf5939113efcd33], PUP.Optional.MindSpark.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\Toolbar.CT3196716, In Quarantäne, [ad9d024fe7949a9cecf5939113efcd33], PUP.Optional.MindSpark.A, HKU\S-1-5-21-2655183059-2449593451-2518110874-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{71B1DF81-18D9-4E5B-9493-CAB02B6E9D8F}, In Quarantäne, [ad9d024fe7949a9cecf5939113efcd33], PUP.Optional.MindSpark.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\PREAPPROVED\{71B1DF81-18D9-4E5B-9493-CAB02B6E9D8F}, In Quarantäne, [ad9d024fe7949a9cecf5939113efcd33], PUP.Optional.MindSpark.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{EBD898F8-FCF6-4694-BC3B-EABC7271EEB1}, In Quarantäne, [ad9d024fe7949a9cecf5939113efcd33], PUP.Optional.MindSpark.A, HKU\S-1-5-21-2655183059-2449593451-2518110874-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{EBD898F8-FCF6-4694-BC3B-EABC7271EEB1}, In Quarantäne, [ad9d024fe7949a9cecf5939113efcd33], PUP.Optional.MindSpark.A, HKU\S-1-5-21-2655183059-2449593451-2518110874-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{EBD898F8-FCF6-4694-BC3B-EABC7271EEB1}, In Quarantäne, [ad9d024fe7949a9cecf5939113efcd33], PUP.Optional.PriceGong.A, HKU\S-1-5-21-2655183059-2449593451-2518110874-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\PriceGong, In Quarantäne, [bf8b8cc55823d5613778c0d2d2308779], Registrierungswerte: 9 PUP.Optional.MindSpark.A, HKU\S-1-5-21-2655183059-2449593451-2518110874-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\TOOLBAR\WEBBROWSER|{EBD898F8-FCF6-4694-BC3B-EABC7271EEB1}, øË?Ã?ëöüâ?F¼;ê¼rqî±, In Quarantäne, [ad9d024fe7949a9cecf5939113efcd33] PUP.Optional.MindSpark.A, HKU\S-1-5-21-2655183059-2449593451-2518110874-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\URLSEARCHHOOKS|{EBD898F8-FCF6-4694-BC3B-EABC7271EEB1}, In Quarantäne, [ad9d024fe7949a9cecf5939113efcd33], PUP.Optional.MindSpark.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\TOOLBAR|{EBD898F8-FCF6-4694-BC3B-EABC7271EEB1}, WiseConvert Toolbar, In Quarantäne, [ad9d024fe7949a9cecf5939113efcd33] PUP.Optional.MindSpark.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\URLSEARCHHOOKS|{EBD898F8-FCF6-4694-BC3B-EABC7271EEB1}, In Quarantäne, [ad9d024fe7949a9cecf5939113efcd33], PUP.Optional.MindSpark.A, HKU\S-1-5-21-2655183059-2449593451-2518110874-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\TOOLBAR\WEBBROWSER\{EBD898F8-FCF6-4694-BC3B-EABC7271EEB1}, In Quarantäne, [222873decab1f442cb16d64e58aa13ed], PUP.Optional.MindSpark.A, HKU\S-1-5-21-2655183059-2449593451-2518110874-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\URLSEARCHHOOKS\{ebd898f8-fcf6-4694-bc3b-eabc7271eeb1}, In Quarantäne, [de6c64ed235890a610d1bf650cf6659b], PUP.Optional.MindSpark.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\TOOLBAR\{ebd898f8-fcf6-4694-bc3b-eabc7271eeb1}, In Quarantäne, [1634272ac1ba86b040a129fbf111bf41], PUP.Optional.MindSpark.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\URLSEARCHHOOKS\{ebd898f8-fcf6-4694-bc3b-eabc7271eeb1}, In Quarantäne, [b991232efd7eda5c1cc5ff25c63c44bc], PUP.Optional.Conduit, HKU\S-1-5-21-2655183059-2449593451-2518110874-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|BackgroundContainer, "C:\Windows\SysWOW64\Rundll32.exe" "C:\Users\Heuser\AppData\Local\Conduit\BackgroundContainer\BackgroundContainer.dll",DllRun, In Quarantäne, [c387034edf9c80b6d8d916a608fb4ab6] Registrierungsdaten: 1 PUP.Optional.Conduit, HKU\S-1-5-21-2655183059-2449593451-2518110874-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Start Page, hxxp://search.conduit.com?SearchSource=10&ctid=CT3196716&CUI=UN31609670868084239, Gut: (hxxp://www.google.com), Schlecht: (hxxp://search.conduit.com?SearchSource=10&ctid=CT3196716&CUI=UN31609670868084239),Ersetzt,[4208d27ff2890d29c5be3b0b679df20e] Ordner: 0 (No malicious items detected) Dateien: 3 PUP.Optional.MindSpark.A, C:\Program Files (x86)\WiseConvert\prxtbWise.dll, In Quarantäne, [ad9d024fe7949a9cecf5939113efcd33], PUP.Optional.Conduit, C:\Users\Heuser\AppData\Local\Conduit\CT3196716\WiseConvertAutoUpdateHelper.exe, In Quarantäne, [2b1f143d6b10e94d84fcd6597090a45c], PUP.Optional.Conduit, C:\Windows\System32\Tasks\BackgroundContainer Startup Task, In Quarantäne, [7ecc351c453668cedb328e2bba49f50b], Physische Sektoren: 0 (No malicious items detected) (end) |
15.05.2014, 07:40 | #7 |
| Email Account gehackt? Mail Delivery Und zum Schluß noch vom dritten Rechner: Code:
ATTFilter # AdwCleaner v3.208 - Bericht erstellt am 14/05/2014 um 11:31:45 # Aktualisiert 11/05/2014 von Xplode # Betriebssystem : Windows 7 Professional Service Pack 1 (64 bits) # Benutzername : Stefan - STEFANHEUSER # Gestartet von : C:\Users\Stefan\Desktop\3adwcleaner.exe # Option : Löschen ***** [ Dienste ] ***** ***** [ Dateien / Ordner ] ***** Ordner Gelöscht : C:\ProgramData\Babylon Ordner Gelöscht : C:\ProgramData\DSearchLink Ordner Gelöscht : C:\ProgramData\Partner Ordner Gelöscht : C:\Program Files (x86)\MediaWatchV1 Ordner Gelöscht : C:\Program Files (x86)\MyPC Backup Ordner Gelöscht : C:\Program Files (x86)\VideoPlayerV3 Ordner Gelöscht : C:\Users\Stefan\AppData\Local\PackageAware Ordner Gelöscht : C:\Users\Stefan\AppData\Roaming\Babylon Ordner Gelöscht : C:\Users\Stefan\AppData\Roaming\digitalsite Ordner Gelöscht : C:\Users\Stefan\AppData\Roaming\DigitalSites Ordner Gelöscht : C:\Users\Stefan\AppData\Roaming\goforfiles Ordner Gelöscht : C:\Users\Stefan\AppData\Roaming\Systweak Datei Gelöscht : C:\Users\Stefan\AppData\Roaming\Mozilla\Firefox\Profiles\k67ysfvy.default\invalidprefs.js Datei Gelöscht : C:\Users\Stefan\AppData\Roaming\Mozilla\Firefox\Profiles\k67ysfvy.default\user.js Datei Gelöscht : C:\Windows\Tasks\Digital Sites.job Datei Gelöscht : C:\Windows\System32\Tasks\Digital Sites Datei Gelöscht : C:\Windows\System32\Tasks\GoforFilesUpdate ***** [ Verknüpfungen ] ***** ***** [ Registrierungsdatenbank ] ***** Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\secman.DLL Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Prod.cap Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\secman.OutlookSecurityManager Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\secman.OutlookSecurityManager.1 Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Updater.AmiUpd Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\AdvancedSystemProtector_RASAPI32 Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\AdvancedSystemProtector_RASMANCS Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\AskInstallChecker_RASAPI32 Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\AskInstallChecker_RASMANCS Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\askpartnercobrandingtool_rasapi32 Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\askpartnercobrandingtool_rasmancs Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{4D076AB4-7562-427A-B5D2-BD96E19DEE56} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{20E1481B-E285-4ABC-ADC7-AE24842B81CD} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{826D7151-8D99-434B-8540-082B8C2AE556} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{6DDA37BA-0553-499A-AE0D-BEBA67204548} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{0194532A-A99C-4337-937E-2A452C8957BE} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8FFE} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{11549FE4-7C5A-4C17-9FC3-56FC5162A994} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{92E5039E-FF1E-4AFB-8F24-87592D20C383} Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9} Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{171DEBEB-C3D4-40B7-AC73-056A5EBA4A7E} Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D4027C7F-154A-4066-A1AD-4243D8127440}] Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{9EDC0C90-2B5B-4512-953E-35767BAD5C67} Schlüssel Gelöscht : HKCU\Software\BabSolution Schlüssel Gelöscht : HKCU\Software\Delta Schlüssel Gelöscht : HKCU\Software\dsiteproducts Schlüssel Gelöscht : HKCU\Software\GoforFiles Schlüssel Gelöscht : HKLM\Software\Delta Schlüssel Gelöscht : HKLM\Software\GoforFiles Schlüssel Gelöscht : HKLM\Software\systweak ***** [ Browser ] ***** -\\ Internet Explorer v11.0.9600.17041 -\\ Mozilla Firefox v29.0.1 (de) [ Datei : C:\Users\Stefan\AppData\Roaming\Mozilla\Firefox\Profiles\k67ysfvy.default\prefs.js ] Zeile gelöscht : user_pref("extensions.delta.admin", false); Zeile gelöscht : user_pref("extensions.delta.aflt", "babsst"); Zeile gelöscht : user_pref("extensions.delta.appId", "{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}"); Zeile gelöscht : user_pref("extensions.delta.autoRvrt", "false"); Zeile gelöscht : user_pref("extensions.delta.dfltLng", "de"); Zeile gelöscht : user_pref("extensions.delta.excTlbr", false); Zeile gelöscht : user_pref("extensions.delta.ffxUnstlRst", true); Zeile gelöscht : user_pref("extensions.delta.id", "cee0f7ca000000000000506313dedf0f"); Zeile gelöscht : user_pref("extensions.delta.instlDay", "15972"); Zeile gelöscht : user_pref("extensions.delta.instlRef", "sst"); Zeile gelöscht : user_pref("extensions.delta.newTab", false); Zeile gelöscht : user_pref("extensions.delta.prdct", "delta"); Zeile gelöscht : user_pref("extensions.delta.prtnrId", "delta"); Zeile gelöscht : user_pref("extensions.delta.rvrt", "false"); Zeile gelöscht : user_pref("extensions.delta.smplGrp", "none"); Zeile gelöscht : user_pref("extensions.delta.tlbrId", "base"); Zeile gelöscht : user_pref("extensions.delta.tlbrSrchUrl", ""); Zeile gelöscht : user_pref("extensions.delta.vrsn", "1.8.24.6"); Zeile gelöscht : user_pref("extensions.delta.vrsnTs", "1.8.24.610:09:15"); Zeile gelöscht : user_pref("extensions.delta.vrsni", "1.8.24.6"); Zeile gelöscht : user_pref("extensions.delta_i.babExt", ""); Zeile gelöscht : user_pref("extensions.delta_i.babTrack", "affID=119357&tt=160913_m3&tsp=5015"); Zeile gelöscht : user_pref("extensions.delta_i.srcExt", "ss"); ************************* AdwCleaner[R0].txt - [6414 octets] - [14/05/2014 11:28:41] AdwCleaner[R1].txt - [6474 octets] - [14/05/2014 11:30:49] AdwCleaner[S0].txt - [5936 octets] - [14/05/2014 11:31:45] ########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [5996 octets] ########## FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 11-05-2014 01 Ran by Stefan (administrator) on STEFANHEUSER on 14-05-2014 11:56:48 Running from C:\Users\Stefan\Desktop Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: German Standard Internet Explorer Version 11 Boot Mode: Normal ==================== Processes (Whitelisted) ================= (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (Microsoft Corporation) C:\Windows\System32\wlanext.exe (ABBYY) C:\Program Files (x86)\convert+share\ABBYY\LicensingService.exe (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avp.exe (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe (Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe (Scanshare B.V.) C:\Program Files (x86)\convert+share\NetworkService.exe (Scanshare B.V.) C:\Program Files (x86)\convert+share\OAService.exe (Scanshare B.V.) C:\Program Files (x86)\convert+share\ProcessService.exe () C:\Program Files\MFP-Printer Utility\Enterprise Suite\bin\Release\PSESCoreScheduler.exe (Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe (InterVideo) C:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe (Apache Software Foundation) C:\MagicInfo Lite\tomcat\bin\tomcat6.exe () C:\MagicInfo Lite\bin\srvany.exe (Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe (Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe (Microsoft Corporation) C:\Program Files (x86)\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe (PostgreSQL Global Development Group) C:\Program Files (x86)\PostgreSQL\8.3\bin\pg_ctl.exe (PostgreSQL Global Development Group) C:\Program Files (x86)\PostgreSQL\9.2\bin\pg_ctl.exe (Protexis Inc.) C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe (PostgreSQL Global Development Group) C:\Program Files (x86)\PostgreSQL\8.3\bin\postgres.exe (Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe (PostgreSQL Global Development Group) C:\Program Files (x86)\PostgreSQL\9.2\bin\postgres.exe (Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe (TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe (PostgreSQL Global Development Group) C:\Program Files (x86)\PostgreSQL\8.3\bin\postgres.exe (PostgreSQL Global Development Group) C:\Program Files (x86)\PostgreSQL\8.3\bin\postgres.exe (PostgreSQL Global Development Group) C:\Program Files (x86)\PostgreSQL\8.3\bin\postgres.exe (PostgreSQL Global Development Group) C:\Program Files (x86)\PostgreSQL\8.3\bin\postgres.exe (PostgreSQL Global Development Group) C:\Program Files (x86)\PostgreSQL\8.3\bin\postgres.exe (PostgreSQL Global Development Group) C:\Program Files (x86)\PostgreSQL\9.2\bin\postgres.exe (TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe (PostgreSQL Global Development Group) C:\Program Files (x86)\PostgreSQL\9.2\bin\postgres.exe (PostgreSQL Global Development Group) C:\Program Files (x86)\PostgreSQL\9.2\bin\postgres.exe (PostgreSQL Global Development Group) C:\Program Files (x86)\PostgreSQL\9.2\bin\postgres.exe (PostgreSQL Global Development Group) C:\Program Files (x86)\PostgreSQL\9.2\bin\postgres.exe (PostgreSQL Global Development Group) C:\Program Files (x86)\PostgreSQL\9.2\bin\postgres.exe () C:\MagicInfo Lite\bin\srvany.exe (Sony Corporation) C:\Program Files (x86)\SONY\VAIO Event Service\VESMgr.exe ( ) C:\MagicInfo Lite\bin\distributer.exe (Sony Corporation) C:\Program Files\Sony\VAIO Smart Network\VSNService.exe (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Intel Corporation) C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE (Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe (Sony Corporation) C:\Program Files (x86)\SONY\VAIO Event Service\VESMgrSub.exe (Sony Corporation) C:\Program Files\Sony\VAIO Smart Network\VSNClient.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Alps Electric Co., Ltd.) C:\Program Files\Apoint\Apoint.exe (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe (Spotify Ltd) C:\Users\Stefan\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe (Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Sony Corporation) C:\Program Files (x86)\SONY\ISB Utility\ISBMgr.exe (shbox.de) C:\Program Files (x86)\FreePDF_XP\fpassist.exe (Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe (Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avpui.exe (PostgreSQL Global Development Group) C:\Program Files (x86)\PostgreSQL\8.3\bin\postgres.exe (PostgreSQL Global Development Group) C:\Program Files (x86)\PostgreSQL\8.3\bin\postgres.exe (PostgreSQL Global Development Group) C:\Program Files (x86)\PostgreSQL\8.3\bin\postgres.exe (PostgreSQL Global Development Group) C:\Program Files (x86)\PostgreSQL\8.3\bin\postgres.exe (PostgreSQL Global Development Group) C:\Program Files (x86)\PostgreSQL\8.3\bin\postgres.exe (PostgreSQL Global Development Group) C:\Program Files (x86)\PostgreSQL\8.3\bin\postgres.exe (PostgreSQL Global Development Group) C:\Program Files (x86)\PostgreSQL\8.3\bin\postgres.exe (PostgreSQL Global Development Group) C:\Program Files (x86)\PostgreSQL\8.3\bin\postgres.exe (Sony Corporation) C:\Program Files\Sony\VAIO Care\VAIOCareService.exe (Sony Corporation) C:\Program Files\Sony\VAIO Power Management\SPMgr.exe (PostgreSQL Global Development Group) C:\Program Files (x86)\PostgreSQL\8.3\bin\postgres.exe (PostgreSQL Global Development Group) C:\Program Files (x86)\PostgreSQL\8.3\bin\postgres.exe (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\APSDaemon.exe (Sony Corporation) C:\Program Files\Sony\VAIO Care\VCsystray.exe () C:\Program Files\MFP-Printer Utility\Enterprise Suite\Plugin\Prof\KmProfService.exe (Sony Corporation) C:\Program Files\Sony\VAIO Power Management\SPMService.exe (Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe (Alps Electric Co., Ltd.) C:\Program Files\Apoint\ApMsgFwd.exe (Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTStackServer.exe (ALPS) C:\Program Files\Apoint\Apvfb.exe (Alps Electric Co., Ltd.) C:\Program Files\Apoint\ApntEx.exe (Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe (Samsung Electronics.) C:\Program Files (x86)\Samsung Magician\Samsung Magician.exe (Sony Corporation) C:\Program Files\Sony\VAIO Update\VAIOUpdt.exe (Sony Corporation) C:\Program Files\Sony\VAIO Update\VUAgent.exe (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe (Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe ==================== Registry (Whitelisted) ================== HKLM\...\Run: [IAAnotif] => C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe [186904 2009-10-13] (Intel Corporation) HKLM\...\Run: [NvCplDaemon] => C:\Windows\system32\NvCpl.dll [16395880 2009-11-02] (NVIDIA Corporation) HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [9636896 2009-12-07] (Realtek Semiconductor) HKLM\...\Run: [Apoint] => C:\Program Files\Apoint\Apoint.exe [208384 2009-11-04] (Alps Electric Co., Ltd.) HKLM-x32\...\Run: [ISBMgr.exe] => C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe [320880 2009-08-26] (Sony Corporation) HKLM-x32\...\Run: [SunJavaUpdateSched] => "C:\Program Files (x86)\Java\jre7\bin\jusched.exe" HKLM-x32\...\Run: [FreePDF Assistant] => C:\Program Files (x86)\FreePDF_XP\fpassist.exe [385024 2009-09-05] (shbox.de) HKLM-x32\...\Run: [GrooveMonitor] => C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation) HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated) HKLM-x32\...\Run: [BrStsWnd] => C:\Program Files (x86)\Brownie\BrstsW64.exe [3697776 2012-06-21] (brother) HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-02-21] (Apple Inc.) Winlogon\Notify\VESWinlogon-x32: VESWinlogon.dll [X] HKU\.DEFAULT\...\RunOnce: [SPReview] - C:\Windows\System32\SPReview\SPReview.exe [301568 2013-06-20] (Microsoft Corporation) HKU\S-1-5-21-778539726-1508035087-141682171-1000\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [59720 2013-11-20] (Apple Inc.) HKU\S-1-5-21-778539726-1508035087-141682171-1000\...\Run: [ApplePhotoStreams] => C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [59720 2013-11-20] (Apple Inc.) HKU\S-1-5-21-778539726-1508035087-141682171-1000\...\Run: [Spotify Web Helper] => C:\Users\Stefan\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1171000 2014-05-08] (Spotify Ltd) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk ShortcutTarget: Bluetooth.lnk -> C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.) Startup: C:\Users\Stefan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Samsung Magician.lnk ShortcutTarget: Samsung Magician.lnk -> C:\Program Files (x86)\Samsung Magician\Samsung Magician.exe (Samsung Electronics.) GroupPolicy: Group Policy on Chrome detected <======= ATTENTION ==================== Internet (Whitelisted) ==================== HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=SVEC&bmod=EU01 SearchScopes: HKCU - {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = SearchScopes: HKCU - {7CA2114F-56B7-4321-8B1F-37F9B785C178} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7SVEC SearchScopes: HKCU - {8BB7C53E-D0BE-4BC4-9826-9D9CE55D5839} URL = hxxp://rover.ebay.com/rover/1/707-37276-16609-0/4?satitle={searchTerms} SearchScopes: HKCU - {D6DDDB5E-7FC1-4783-8529-166343F002F4} URL = hxxp://de.shopping.com/?linkin_id=8056363 BHO: Content Blocker Plugin - {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\x64\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO) BHO: Virtual Keyboard Plugin - {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO) BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) BHO: Safe Money Plugin - {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\x64\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO) BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.) BHO: URL Advisor Plugin - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\x64\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO) BHO-x32: Content Blocker Plugin - {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO) BHO-x32: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation) BHO-x32: Virtual Keyboard Plugin - {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO) BHO-x32: Microsoft-Konto-Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) BHO-x32: Safe Money Plugin - {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO) BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) BHO-x32: URL Advisor Plugin - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO) Tcpip\Parameters: [DhcpNameServer] 192.168.178.1 FireFox: ======== FF ProfilePath: C:\Users\Stefan\AppData\Roaming\Mozilla\Firefox\Profiles\k67ysfvy.default FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_13_0_0_214.dll () FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_214.dll () FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () FF Plugin-x32: @java.com/DTPlugin,version=10.25.2 - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=10.25.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin-x32: @microsoft.com/OfficeLive,version=1.5 - C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.) FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3508.0205 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml FF HKLM-x32\...\Firefox\Extensions: - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\url_advisor@kaspersky.com FF Extension: 卡巴斯基網址顧問 - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\url_advisor@kaspersky.com [2014-05-09] FF HKLM-x32\...\Firefox\Extensions: [virtual_keyboard@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\virtual_keyboard@kaspersky.com FF Extension: 虛擬鍵盤 - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\virtual_keyboard@kaspersky.com [2014-05-09] FF HKLM-x32\...\Firefox\Extensions: [content_blocker@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\content_blocker@kaspersky.com FF Extension: 惡意網站攔截器 - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\content_blocker@kaspersky.com [2014-05-09] FF HKLM-x32\...\Firefox\Extensions: [anti_banner@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\anti_banner@kaspersky.com FF Extension: Chặn quảng cáo - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\anti_banner@kaspersky.com [2014-05-09] FF HKLM-x32\...\Firefox\Extensions: [online_banking@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\online_banking@kaspersky.com FF Extension: Safe Money - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\online_banking@kaspersky.com [2014-05-09] ==================== Services (Whitelisted) ================= R2 ABBYY.Licensing.FineReaderEngine.Windows.10.0; C:\Program Files (x86)\convert+share\ABBYY\LicensingService.exe [1170896 2014-02-05] (ABBYY) S3 ACDaemon; C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [109056 2009-02-06] (ArcSoft Inc.) R2 avp; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avp.exe [214512 2013-10-17] (Kaspersky Lab ZAO) R2 DVNetwork; C:\Program Files (x86)\convert+share\NetworkService.exe [19456 2014-02-05] (Scanshare B.V.) R2 DVOAService; C:\Program Files (x86)\convert+share\OAService.exe [18432 2014-02-05] (Scanshare B.V.) R2 DVProcess; C:\Program Files (x86)\convert+share\ProcessService.exe [18944 2014-02-05] (Scanshare B.V.) R2 Enterprise Suite Service; C:\Program Files\MFP-Printer Utility\Enterprise Suite\bin\Release\PSESCoreScheduler.exe [51712 2013-05-24] () S4 Enterprise Suite Terminal Service; C:\Program Files\MFP-Printer Utility\Enterprise Suite\ESC\bin\wrapper.exe [233984 2011-10-07] (Tanuki Software, Ltd.) R2 MagicInfoPremium; C:\MagicInfo Lite\tomcat\\bin\tomcat6.exe [57344 2008-07-22] (Apache Software Foundation) R2 MagicInfoStreamDaemon; C:\MagicInfo Lite\bin\srvany.exe [8464 1998-11-22] () R2 MBAMScheduler; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe [1809720 2014-04-03] (Malwarebytes Corporation) R2 MBAMService; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [857912 2014-04-03] (Malwarebytes Corporation) R2 MSSQL$SQLEXPRESS; c:\Program Files (x86)\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe [43028328 2011-09-22] (Microsoft Corporation) R2 My Panel Manager Service; C:\Program Files\MFP-Printer Utility\Enterprise Suite\Plugin\Prof\KmProfService.exe [8704 2013-02-12] () R2 pgsql-8.3; C:\Program Files (x86)\PostgreSQL\8.3\bin\pg_ctl.exe [65536 2010-10-04] (PostgreSQL Global Development Group) S3 Primary Server Monitor; C:\Program Files\MFP-Printer Utility\Enterprise Suite\bin\Release\PSESPrimaryServerMonitor.exe [30720 2013-05-24] () S3 Roxio UPnP Renderer 10; C:\Program Files (x86)\Roxio\Digital Home 10\RoxioUPnPRenderer10.exe [313840 2009-08-31] (Sonic Solutions) S2 Roxio Upnp Server 10; C:\Program Files (x86)\Roxio\Digital Home 10\RoxioUpnpService10.exe [362992 2009-08-31] (Sonic Solutions) S3 rpcapd; C:\Program Files (x86)\WinPcap\rpcapd.exe [117264 2010-06-25] (CACE Technologies, Inc.) S3 SampleCollector; C:\Program Files\Sony\VAIO Care\collsvc.exe [167424 2009-09-16] (Intel Corporation) S4 SQLAgent$SQLEXPRESS; c:\Program Files (x86)\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [370024 2011-09-22] (Microsoft Corporation) R2 UltraVNCRepeater; C:\MagicInfo Lite\bin\srvany.exe [8464 1998-11-22] () R3 VUAgent; C:\Program Files\Sony\VAIO Update\VUAgent.exe [1369136 2013-09-25] (Sony Corporation) R2 W3SVC; C:\Windows\system32\inetsrv\iisw3adm.dll [453120 2010-11-20] (Microsoft Corporation) S3 WMSVC; C:\Windows\system32\inetsrv\wmsvc.exe [10752 2009-07-14] (Microsoft Corporation) R2 postgresql-9.2; C:/Program Files (x86)/PostgreSQL/9.2/bin/pg_ctl.exe runservice -N "postgresql-9.2" -D "C:/Program Files (x86)/PostgreSQL/9.2/data" -w [X] ==================== Drivers (Whitelisted) ==================== R0 kl1; C:\Windows\System32\DRIVERS\kl1.sys [458336 2014-05-09] (Kaspersky Lab ZAO) S4 klflt; C:\Windows\System32\DRIVERS\klflt.sys [115296 2014-05-09] (Kaspersky Lab ZAO) R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [625248 2014-05-09] (Kaspersky Lab ZAO) R1 KLIM6; C:\Windows\System32\DRIVERS\klim6.sys [29792 2013-10-17] (Kaspersky Lab ZAO) R3 klkbdflt; C:\Windows\System32\DRIVERS\klkbdflt.sys [29280 2014-05-09] (Kaspersky Lab ZAO) R3 klmouflt; C:\Windows\System32\DRIVERS\klmouflt.sys [29280 2013-10-17] (Kaspersky Lab ZAO) R1 klpd; C:\Windows\System32\DRIVERS\klpd.sys [15456 2013-04-12] (Kaspersky Lab ZAO) R1 kltdi; C:\Windows\System32\DRIVERS\kltdi.sys [55904 2013-05-14] (Kaspersky Lab ZAO) R1 kneps; C:\Windows\System32\DRIVERS\kneps.sys [178272 2014-05-09] (Kaspersky Lab ZAO) R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-04-03] (Malwarebytes Corporation) R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [119512 2014-05-14] (Malwarebytes Corporation) R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63192 2014-04-03] (Malwarebytes Corporation) R2 NPF; C:\Windows\System32\drivers\npf.sys [35344 2010-06-25] (CACE Technologies, Inc.) R2 regi; C:\Windows\SysWOW64\drivers\regi.sys [11032 2007-04-17] (InterVideo) ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2014-05-14 11:56 - 2014-05-14 11:56 - 02066944 _____ (Farbar) C:\Users\Stefan\Desktop\FRST64.exe 2014-05-14 11:56 - 2014-05-14 11:56 - 00021787 _____ () C:\Users\Stefan\Desktop\FRST.txt 2014-05-14 11:36 - 2014-05-14 11:36 - 00000000 ____D () C:\Windows\ERUNT 2014-05-14 11:36 - 2014-05-14 11:35 - 01016261 _____ (Thisisu) C:\Users\Stefan\Desktop\4JRT.exe 2014-05-14 11:28 - 2014-05-14 11:31 - 00000000 ____D () C:\AdwCleaner 2014-05-14 11:27 - 2014-05-14 11:23 - 01325827 _____ () C:\Users\Stefan\Desktop\3adwcleaner.exe 2014-05-14 10:59 - 2014-05-14 11:34 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2014-05-14 10:59 - 2014-05-14 10:59 - 00001102 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk 2014-05-14 10:59 - 2014-05-14 10:59 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 2014-05-14 10:59 - 2014-05-14 10:59 - 00000000 ____D () C:\ProgramData\Malwarebytes 2014-05-14 10:59 - 2014-05-14 10:59 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 2014-05-14 10:59 - 2014-04-03 09:51 - 00088280 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys 2014-05-14 10:59 - 2014-04-03 09:51 - 00063192 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys 2014-05-14 10:59 - 2014-04-03 09:50 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys 2014-05-14 10:46 - 2014-05-14 10:46 - 00001264 _____ () C:\Users\Stefan\Desktop\Revo Uninstaller.lnk 2014-05-14 10:46 - 2014-05-14 10:46 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group 2014-05-14 10:44 - 2014-05-14 10:44 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\Stefan\Downloads\1revosetup95.exe 2014-05-14 09:05 - 2014-05-14 09:05 - 17938608 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe 2014-05-14 08:08 - 2014-05-14 08:08 - 00000000 ____D () C:\Users\Stefan\AppData\Roaming\Centra 2014-05-13 12:23 - 2014-05-13 12:23 - 00001141 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VAIO Update.lnk 2014-05-13 12:23 - 2014-05-13 12:23 - 00000092 _____ () C:\__Argon__.tmp 2014-05-13 12:23 - 2014-05-13 12:23 - 00000064 _____ () C:\shutdownprocesses.bat 2014-05-13 12:23 - 2014-05-13 12:23 - 00000032 ____N () C:\_IS6BAT_.TMP 2014-05-13 10:29 - 2014-05-14 11:56 - 00000000 ____D () C:\FRST 2014-05-10 12:03 - 2014-05-10 12:03 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox 2014-05-09 09:29 - 2014-05-09 09:29 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kaspersky Internet Security 2014-05-08 10:29 - 2014-05-08 10:29 - 00511642 _____ () C:\Users\Stefan\Downloads\meet_sweetspot_tables_D.zip 2014-05-06 17:28 - 2014-05-06 17:28 - 00000000 ___SD () C:\Windows\system32\CompatTel 2014-05-06 09:35 - 2014-04-14 04:24 - 00465408 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll 2014-05-06 09:35 - 2014-04-14 04:19 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll 2014-05-05 17:11 - 2014-04-29 16:01 - 23547904 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2014-05-05 17:11 - 2014-04-29 15:40 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2014-05-05 17:11 - 2014-04-29 14:48 - 17384448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2014-05-05 17:11 - 2014-04-29 14:34 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb 2014-04-29 17:31 - 2014-03-06 11:31 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll 2014-04-29 17:31 - 2014-03-06 10:59 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll 2014-04-29 17:31 - 2014-03-06 10:57 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll 2014-04-29 17:31 - 2014-03-06 10:40 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll 2014-04-29 17:31 - 2014-03-06 10:39 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll 2014-04-29 17:31 - 2014-03-06 10:32 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll 2014-04-29 17:31 - 2014-03-06 10:29 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe 2014-04-29 17:31 - 2014-03-06 10:28 - 00752640 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll 2014-04-29 17:31 - 2014-03-06 10:09 - 00453120 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll 2014-04-29 17:31 - 2014-03-06 10:03 - 00586240 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe 2014-04-29 17:31 - 2014-03-06 10:02 - 00455168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll 2014-04-29 17:31 - 2014-03-06 10:02 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll 2014-04-29 17:31 - 2014-03-06 09:56 - 00038400 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll 2014-04-29 17:31 - 2014-03-06 09:48 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll 2014-04-29 17:31 - 2014-03-06 09:46 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll 2014-04-29 17:31 - 2014-03-06 09:45 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll 2014-04-29 17:31 - 2014-03-06 09:42 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll 2014-04-29 17:31 - 2014-03-06 09:40 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll 2014-04-29 17:31 - 2014-03-06 09:38 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe 2014-04-29 17:31 - 2014-03-06 09:22 - 00367616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll 2014-04-29 17:31 - 2014-03-06 09:21 - 00628736 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2014-04-29 17:31 - 2014-03-06 09:13 - 00032256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll 2014-04-29 17:31 - 2014-03-06 09:07 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll 2014-04-29 17:31 - 2014-03-06 09:01 - 00244224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll 2014-04-29 17:31 - 2014-03-06 08:46 - 00524288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll 2014-04-29 17:30 - 2014-03-06 10:57 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll 2014-04-29 17:30 - 2014-03-06 10:53 - 02767360 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2014-04-29 17:30 - 2014-03-06 10:29 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe 2014-04-29 17:30 - 2014-03-06 10:15 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe 2014-04-29 17:30 - 2014-03-06 10:11 - 05784064 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2014-04-29 17:30 - 2014-03-06 10:01 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll 2014-04-29 17:30 - 2014-03-06 09:47 - 02178048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2014-04-29 17:30 - 2014-03-06 09:46 - 04254720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll 2014-04-29 17:30 - 2014-03-06 09:36 - 00592896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll 2014-04-29 17:30 - 2014-03-06 09:11 - 02043904 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl 2014-04-29 17:30 - 2014-03-06 08:53 - 13551104 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2014-04-29 17:30 - 2014-03-06 08:40 - 01967104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl 2014-04-29 17:30 - 2014-03-06 08:36 - 11745792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2014-04-29 17:30 - 2014-03-06 08:22 - 02260480 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2014-04-29 17:30 - 2014-03-06 07:58 - 01400832 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2014-04-29 17:30 - 2014-03-06 07:50 - 00846336 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll 2014-04-29 17:30 - 2014-03-06 07:43 - 00704512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll 2014-04-29 17:30 - 2014-03-06 07:41 - 01789440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2014-04-29 17:30 - 2014-03-06 07:36 - 01143808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2014-04-28 14:39 - 2014-05-07 15:56 - 00000000 ____D () C:\Users\Stefan\Desktop\BTMV 2014-04-27 18:00 - 2014-04-27 18:00 - 00000000 ____D () C:\Users\Stefan\AppData\Local\.elfohilfe 2014-04-27 17:08 - 2014-04-27 17:09 - 00000000 ____D () C:\Users\Stefan\AppData\Roaming\elsterformular 2014-04-27 17:08 - 2014-04-27 17:08 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ElsterFormular 2014-04-27 17:08 - 2014-04-27 17:08 - 00000000 ____D () C:\ProgramData\elsterformular 2014-04-27 17:08 - 2014-04-27 17:08 - 00000000 ____D () C:\Program Files (x86)\ElsterFormular 2014-04-25 16:14 - 2014-04-25 16:14 - 00000000 ___HD () C:\ProgramData\{71298098-1063-493E-A755-4CC7081782D0} 2014-04-25 16:14 - 2014-04-25 16:14 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EasternGraphics 2014-04-25 16:13 - 2014-04-25 16:13 - 00000000 ____D () C:\Users\Stefan\AppData\Local\III 2014-04-22 16:26 - 2014-04-22 16:30 - 00038429 _____ () C:\Users\Stefan\AppData\Roaming\Kommagetrennte Werte (Windows).ADR 2014-04-22 13:14 - 2014-04-22 13:14 - 00000020 ___SH () C:\Users\ASP.NET v4.0 DefaultAppPool\ntuser.ini 2014-04-22 13:14 - 2014-04-22 13:14 - 00000000 _SHDL () C:\Users\ASP.NET v4.0 DefaultAppPool\Vorlagen 2014-04-22 13:14 - 2014-04-22 13:14 - 00000000 _SHDL () C:\Users\ASP.NET v4.0 DefaultAppPool\Startmenü 2014-04-22 13:14 - 2014-04-22 13:14 - 00000000 _SHDL () C:\Users\ASP.NET v4.0 DefaultAppPool\Netzwerkumgebung 2014-04-22 13:14 - 2014-04-22 13:14 - 00000000 _SHDL () C:\Users\ASP.NET v4.0 DefaultAppPool\Lokale Einstellungen 2014-04-22 13:14 - 2014-04-22 13:14 - 00000000 _SHDL () C:\Users\ASP.NET v4.0 DefaultAppPool\Eigene Dateien 2014-04-22 13:14 - 2014-04-22 13:14 - 00000000 _SHDL () C:\Users\ASP.NET v4.0 DefaultAppPool\Druckumgebung 2014-04-22 13:14 - 2014-04-22 13:14 - 00000000 _SHDL () C:\Users\ASP.NET v4.0 DefaultAppPool\Documents\Eigene Musik 2014-04-22 13:14 - 2014-04-22 13:14 - 00000000 _SHDL () C:\Users\ASP.NET v4.0 DefaultAppPool\Documents\Eigene Bilder 2014-04-22 13:14 - 2014-04-22 13:14 - 00000000 _SHDL () C:\Users\ASP.NET v4.0 DefaultAppPool\AppData\Roaming\Microsoft\Windows\Start Menu\Programme 2014-04-22 13:14 - 2014-04-22 13:14 - 00000000 _SHDL () C:\Users\ASP.NET v4.0 DefaultAppPool\AppData\Local\Verlauf 2014-04-22 13:14 - 2014-04-22 13:14 - 00000000 _SHDL () C:\Users\ASP.NET v4.0 DefaultAppPool\AppData\Local\Anwendungsdaten 2014-04-22 13:14 - 2014-04-22 13:14 - 00000000 _SHDL () C:\Users\ASP.NET v4.0 DefaultAppPool\Anwendungsdaten 2014-04-22 13:14 - 2014-04-22 13:14 - 00000000 ____D () C:\Users\ASP.NET v4.0 DefaultAppPool 2014-04-22 13:14 - 2014-04-01 15:18 - 00000000 ____D () C:\Users\ASP.NET v4.0 DefaultAppPool\AppData\Roaming\Macromedia 2014-04-22 13:14 - 2013-10-01 13:23 - 00002120 _____ () C:\Users\ASP.NET v4.0 DefaultAppPool\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft SkyDrive.lnk 2014-04-22 13:14 - 2013-06-18 11:52 - 00000000 ____D () C:\Users\ASP.NET v4.0 DefaultAppPool\AppData\Local\Microsoft Help 2014-04-22 13:14 - 2009-07-14 06:54 - 00000000 ___RD () C:\Users\ASP.NET v4.0 DefaultAppPool\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories 2014-04-22 13:14 - 2009-07-14 06:49 - 00000000 ___RD () C:\Users\ASP.NET v4.0 DefaultAppPool\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance 2014-04-22 12:57 - 2014-04-22 12:57 - 00000167 _____ () C:\Windows\ODBCINST.INI 2014-04-22 12:55 - 2011-09-25 07:51 - 00050200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\perf-SQLAgent$SQLEXPRESS-sqlagtctr10.3.5500.0.dll 2014-04-22 12:55 - 2011-09-22 17:18 - 00073064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\perf-MSSQL$SQLEXPRESS-sqlctr10.3.5500.0.dll 2014-04-22 12:54 - 2014-04-22 12:55 - 00000000 ____D () C:\Program Files\Microsoft SQL Server 2014-04-22 12:54 - 2014-04-22 12:54 - 00000000 ____D () C:\Windows\SysWOW64\1033 2014-04-22 12:54 - 2014-04-22 12:54 - 00000000 ____D () C:\Windows\SysWOW64\1031 2014-04-22 12:54 - 2014-04-22 12:54 - 00000000 ____D () C:\Windows\system32\1033 2014-04-22 12:54 - 2014-04-22 12:54 - 00000000 ____D () C:\Windows\system32\1031 2014-04-22 12:54 - 2014-04-22 12:54 - 00000000 ____D () C:\Program Files (x86)\Microsoft Visual Studio 9.0 2014-04-22 12:53 - 2014-04-22 12:55 - 00000000 ____D () C:\Program Files (x86)\Microsoft SQL Server 2014-04-22 12:53 - 2014-04-22 12:54 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft SQL Server 2008 2014-04-22 12:51 - 2014-04-22 12:51 - 00000000 ____D () C:\ProgramData\MFP Utility 2014-04-22 10:04 - 2014-04-22 10:04 - 00000000 ____D () C:\Users\Stefan\AppData\Local\MFP Utility 2014-04-22 10:04 - 2014-04-22 10:04 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MFP Utility 2014-04-22 10:04 - 2014-04-22 10:04 - 00000000 ____D () C:\Program Files (x86)\Device 2014-04-22 09:36 - 2014-04-22 09:37 - 00000000 ____D () C:\BoxOperator 2014-04-22 09:36 - 2014-04-22 09:36 - 00000000 ____D () C:\ProgramData\MFP-Printer Utility 2014-04-17 13:16 - 2014-04-17 13:16 - 00000000 ____D () C:\Users\Stefan\AppData\Roaming\Zattoo 2014-04-17 13:16 - 2014-04-17 13:16 - 00000000 ____D () C:\Users\Stefan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Zattoo Europa AG 2014-04-17 13:15 - 2014-04-17 13:16 - 00000000 ____D () C:\Users\Stefan\AppData\Local\Deployment 2014-04-17 13:15 - 2014-04-17 13:15 - 00000000 ____D () C:\Users\Stefan\AppData\Local\Apps\2.0 2014-04-17 13:15 - 2014-04-17 13:15 - 00000000 ____D () C:\ProgramData\Package Cache 2014-04-15 10:51 - 2014-04-15 10:52 - 00000000 ____D () C:\Users\Stefan\Desktop\Interstuhl ==================== One Month Modified Files and Folders ======= 2014-05-14 11:56 - 2014-05-14 11:56 - 02066944 _____ (Farbar) C:\Users\Stefan\Desktop\FRST64.exe 2014-05-14 11:56 - 2014-05-14 11:56 - 00021787 _____ () C:\Users\Stefan\Desktop\FRST.txt 2014-05-14 11:56 - 2014-05-13 10:29 - 00000000 ____D () C:\FRST 2014-05-14 11:56 - 2014-02-13 11:00 - 02032440 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI 2014-05-14 11:56 - 2013-06-13 15:22 - 00000000 ____D () C:\Users\Stefan\AppData\Local\3E865EC9-11FE-4B0A-9567-F702404AE632.aplzod 2014-05-14 11:54 - 2013-06-13 14:57 - 00000000 ____D () C:\ProgramData\Kaspersky Lab 2014-05-14 11:53 - 2013-06-13 12:11 - 00003950 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{68CB2F9A-9254-4A7B-A264-A9FC71EF232D} 2014-05-14 11:41 - 2009-07-14 06:45 - 00013936 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2014-05-14 11:41 - 2009-07-14 06:45 - 00013936 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2014-05-14 11:38 - 2013-06-13 12:41 - 00844582 _____ () C:\Windows\system32\perfh007.dat 2014-05-14 11:38 - 2013-06-13 12:41 - 00202474 _____ () C:\Windows\system32\perfc007.dat 2014-05-14 11:38 - 2013-06-13 11:53 - 01362305 _____ () C:\Windows\WindowsUpdate.log 2014-05-14 11:38 - 2009-07-14 07:13 - 02003270 _____ () C:\Windows\system32\PerfStringBackup.INI 2014-05-14 11:36 - 2014-05-14 11:36 - 00000000 ____D () C:\Windows\ERUNT 2014-05-14 11:35 - 2014-05-14 11:36 - 01016261 _____ (Thisisu) C:\Users\Stefan\Desktop\4JRT.exe 2014-05-14 11:34 - 2014-05-14 10:59 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2014-05-14 11:32 - 2009-11-23 23:29 - 00551394 _____ () C:\Windows\PFRO.log 2014-05-14 11:32 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2014-05-14 11:32 - 2009-07-14 06:51 - 00070797 _____ () C:\Windows\setupact.log 2014-05-14 11:31 - 2014-05-14 11:28 - 00000000 ____D () C:\AdwCleaner 2014-05-14 11:23 - 2014-05-14 11:27 - 01325827 _____ () C:\Users\Stefan\Desktop\3adwcleaner.exe 2014-05-14 11:15 - 2013-06-26 18:27 - 00000000 ____D () C:\Users\postgres 2014-05-14 11:15 - 2009-07-14 09:45 - 00000000 ____D () C:\Windows\ShellNew 2014-05-14 11:05 - 2013-06-14 08:18 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job 2014-05-14 10:59 - 2014-05-14 10:59 - 00001102 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk 2014-05-14 10:59 - 2014-05-14 10:59 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 2014-05-14 10:59 - 2014-05-14 10:59 - 00000000 ____D () C:\ProgramData\Malwarebytes 2014-05-14 10:59 - 2014-05-14 10:59 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 2014-05-14 10:46 - 2014-05-14 10:46 - 00001264 _____ () C:\Users\Stefan\Desktop\Revo Uninstaller.lnk 2014-05-14 10:46 - 2014-05-14 10:46 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group 2014-05-14 10:44 - 2014-05-14 10:44 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\Stefan\Downloads\1revosetup95.exe 2014-05-14 09:05 - 2014-05-14 09:05 - 17938608 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe 2014-05-14 09:05 - 2013-06-14 08:18 - 00692400 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2014-05-14 09:05 - 2013-06-14 08:18 - 00070832 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2014-05-14 08:09 - 2013-09-24 11:09 - 00000164 _____ () C:\Users\Stefan\AppData\Roaming\WB.CFG 2014-05-14 08:08 - 2014-05-14 08:08 - 00000000 ____D () C:\Users\Stefan\AppData\Roaming\Centra 2014-05-14 08:05 - 2013-06-14 08:18 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater 2014-05-14 07:57 - 2013-06-13 12:32 - 00000000 ____D () C:\ProgramData\CSS Group 2014-05-14 07:51 - 2014-01-25 12:59 - 00000000 ____D () C:\Update 2014-05-13 15:38 - 2014-02-25 18:16 - 00000000 ____D () C:\Users\Stefan\Desktop\Bilder_Shooting 2014-05-13 15:38 - 2014-02-13 18:34 - 00000000 ____D () C:\Users\Stefan\Desktop\Develop 2014-05-13 14:02 - 2013-06-13 12:32 - 00000473 _____ () C:\Windows\BRWMARK.INI 2014-05-13 14:02 - 2009-07-14 07:32 - 00000000 ____D () C:\Windows\system32\FxsTmp 2014-05-13 12:44 - 2013-06-13 12:49 - 00067320 _____ () C:\fpRedmon.log 2014-05-13 12:44 - 2013-06-13 12:49 - 00000000 ____D () C:\Users\Stefan\AppData\Local\FreePDF_XP 2014-05-13 12:23 - 2014-05-13 12:23 - 00001141 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VAIO Update.lnk 2014-05-13 12:23 - 2014-05-13 12:23 - 00000092 _____ () C:\__Argon__.tmp 2014-05-13 12:23 - 2014-05-13 12:23 - 00000064 _____ () C:\shutdownprocesses.bat 2014-05-13 12:23 - 2014-05-13 12:23 - 00000032 ____N () C:\_IS6BAT_.TMP 2014-05-13 12:23 - 2009-11-24 00:46 - 00000000 ____D () C:\ProgramData\Sony Corporation 2014-05-12 11:53 - 2013-06-13 14:59 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service 2014-05-10 12:48 - 2013-12-02 15:56 - 00000000 ____D () C:\Users\Stefan\AppData\Roaming\Spotify 2014-05-10 12:03 - 2014-05-10 12:03 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox 2014-05-09 15:14 - 2013-06-13 15:53 - 00000000 ____D () C:\Users\Stefan\AppData\Local\Paint.NET 2014-05-09 09:40 - 2013-10-17 15:47 - 00625248 _____ (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\klif.sys 2014-05-09 09:40 - 2013-10-17 15:47 - 00458336 _____ (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\kl1.sys 2014-05-09 09:40 - 2013-10-17 15:47 - 00029280 _____ (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\klkbdflt.sys 2014-05-09 09:40 - 2013-06-08 20:18 - 00115296 _____ (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\klflt.sys 2014-05-09 09:40 - 2013-06-06 17:38 - 00178272 _____ (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\kneps.sys 2014-05-09 09:30 - 2013-06-13 14:57 - 00000000 ____D () C:\Program Files (x86)\Kaspersky Lab 2014-05-09 09:29 - 2014-05-09 09:29 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kaspersky Internet Security 2014-05-08 14:16 - 2013-12-02 15:56 - 00000000 ____D () C:\Users\Stefan\AppData\Local\Spotify 2014-05-08 10:29 - 2014-05-08 10:29 - 00511642 _____ () C:\Users\Stefan\Downloads\meet_sweetspot_tables_D.zip 2014-05-07 15:56 - 2014-04-28 14:39 - 00000000 ____D () C:\Users\Stefan\Desktop\BTMV 2014-05-06 17:28 - 2014-05-06 17:28 - 00000000 ___SD () C:\Windows\system32\CompatTel 2014-05-02 08:01 - 2014-03-23 14:00 - 00000512 __RSH () C:\ProgramData\ntuser.pol 2014-04-30 08:53 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\rescache 2014-04-30 07:42 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\PolicyDefinitions 2014-04-29 16:01 - 2014-05-05 17:11 - 23547904 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2014-04-29 15:40 - 2014-05-05 17:11 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2014-04-29 14:48 - 2014-05-05 17:11 - 17384448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2014-04-29 14:34 - 2014-05-05 17:11 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb 2014-04-28 11:22 - 2014-02-11 15:05 - 00000000 ____D () C:\Watchfolder 2014-04-27 18:00 - 2014-04-27 18:00 - 00000000 ____D () C:\Users\Stefan\AppData\Local\.elfohilfe 2014-04-27 17:09 - 2014-04-27 17:08 - 00000000 ____D () C:\Users\Stefan\AppData\Roaming\elsterformular 2014-04-27 17:08 - 2014-04-27 17:08 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ElsterFormular 2014-04-27 17:08 - 2014-04-27 17:08 - 00000000 ____D () C:\ProgramData\elsterformular 2014-04-27 17:08 - 2014-04-27 17:08 - 00000000 ____D () C:\Program Files (x86)\ElsterFormular 2014-04-25 16:14 - 2014-04-25 16:14 - 00000000 ___HD () C:\ProgramData\{71298098-1063-493E-A755-4CC7081782D0} 2014-04-25 16:14 - 2014-04-25 16:14 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EasternGraphics 2014-04-25 16:14 - 2013-11-19 18:51 - 00000000 ___HD () C:\ProgramData\{2E5F3D11-0155-4860-A4E6-7A8C7E5C8D15} 2014-04-25 16:14 - 2013-06-13 15:05 - 00000000 ____D () C:\ProgramData\EasternGraphics 2014-04-25 16:13 - 2014-04-25 16:13 - 00000000 ____D () C:\Users\Stefan\AppData\Local\III 2014-04-22 16:30 - 2014-04-22 16:26 - 00038429 _____ () C:\Users\Stefan\AppData\Roaming\Kommagetrennte Werte (Windows).ADR 2014-04-22 13:24 - 2009-07-14 06:45 - 00462136 _____ () C:\Windows\system32\FNTCACHE.DAT 2014-04-22 13:14 - 2014-04-22 13:14 - 00000020 ___SH () C:\Users\ASP.NET v4.0 DefaultAppPool\ntuser.ini 2014-04-22 13:14 - 2014-04-22 13:14 - 00000000 _SHDL () C:\Users\ASP.NET v4.0 DefaultAppPool\Vorlagen 2014-04-22 13:14 - 2014-04-22 13:14 - 00000000 _SHDL () C:\Users\ASP.NET v4.0 DefaultAppPool\Startmenü 2014-04-22 13:14 - 2014-04-22 13:14 - 00000000 _SHDL () C:\Users\ASP.NET v4.0 DefaultAppPool\Netzwerkumgebung 2014-04-22 13:14 - 2014-04-22 13:14 - 00000000 _SHDL () C:\Users\ASP.NET v4.0 DefaultAppPool\Lokale Einstellungen 2014-04-22 13:14 - 2014-04-22 13:14 - 00000000 _SHDL () C:\Users\ASP.NET v4.0 DefaultAppPool\Eigene Dateien 2014-04-22 13:14 - 2014-04-22 13:14 - 00000000 _SHDL () C:\Users\ASP.NET v4.0 DefaultAppPool\Druckumgebung 2014-04-22 13:14 - 2014-04-22 13:14 - 00000000 _SHDL () C:\Users\ASP.NET v4.0 DefaultAppPool\Documents\Eigene Musik 2014-04-22 13:14 - 2014-04-22 13:14 - 00000000 _SHDL () C:\Users\ASP.NET v4.0 DefaultAppPool\Documents\Eigene Bilder 2014-04-22 13:14 - 2014-04-22 13:14 - 00000000 _SHDL () C:\Users\ASP.NET v4.0 DefaultAppPool\AppData\Roaming\Microsoft\Windows\Start Menu\Programme 2014-04-22 13:14 - 2014-04-22 13:14 - 00000000 _SHDL () C:\Users\ASP.NET v4.0 DefaultAppPool\AppData\Local\Verlauf 2014-04-22 13:14 - 2014-04-22 13:14 - 00000000 _SHDL () C:\Users\ASP.NET v4.0 DefaultAppPool\AppData\Local\Anwendungsdaten 2014-04-22 13:14 - 2014-04-22 13:14 - 00000000 _SHDL () C:\Users\ASP.NET v4.0 DefaultAppPool\Anwendungsdaten 2014-04-22 13:14 - 2014-04-22 13:14 - 00000000 ____D () C:\Users\ASP.NET v4.0 DefaultAppPool 2014-04-22 13:06 - 2013-06-13 12:07 - 00120968 _____ () C:\Users\Stefan\AppData\Local\GDIPFONTCACHEV1.DAT 2014-04-22 12:57 - 2014-04-22 12:57 - 00000167 _____ () C:\Windows\ODBCINST.INI 2014-04-22 12:57 - 2014-04-08 17:18 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MFP-Printer Utility 2014-04-22 12:56 - 2014-04-08 17:18 - 00000000 ____D () C:\Program Files\MFP-Printer Utility 2014-04-22 12:55 - 2014-04-22 12:54 - 00000000 ____D () C:\Program Files\Microsoft SQL Server 2014-04-22 12:55 - 2014-04-22 12:53 - 00000000 ____D () C:\Program Files (x86)\Microsoft SQL Server 2014-04-22 12:54 - 2014-04-22 12:54 - 00000000 ____D () C:\Windows\SysWOW64\1033 2014-04-22 12:54 - 2014-04-22 12:54 - 00000000 ____D () C:\Windows\SysWOW64\1031 2014-04-22 12:54 - 2014-04-22 12:54 - 00000000 ____D () C:\Windows\system32\1033 2014-04-22 12:54 - 2014-04-22 12:54 - 00000000 ____D () C:\Windows\system32\1031 2014-04-22 12:54 - 2014-04-22 12:54 - 00000000 ____D () C:\Program Files (x86)\Microsoft Visual Studio 9.0 2014-04-22 12:54 - 2014-04-22 12:53 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft SQL Server 2008 2014-04-22 12:51 - 2014-04-22 12:51 - 00000000 ____D () C:\ProgramData\MFP Utility 2014-04-22 10:04 - 2014-04-22 10:04 - 00000000 ____D () C:\Users\Stefan\AppData\Local\MFP Utility 2014-04-22 10:04 - 2014-04-22 10:04 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MFP Utility 2014-04-22 10:04 - 2014-04-22 10:04 - 00000000 ____D () C:\Program Files (x86)\Device 2014-04-22 09:37 - 2014-04-22 09:36 - 00000000 ____D () C:\BoxOperator 2014-04-22 09:36 - 2014-04-22 09:36 - 00000000 ____D () C:\ProgramData\MFP-Printer Utility 2014-04-17 15:19 - 2013-10-04 12:21 - 00000000 ___RD () C:\Users\Stefan\Desktop\Verknüpfungen 2014-04-17 13:17 - 2013-10-28 14:06 - 00000000 ____D () C:\Program Files (x86)\Zattoo4 2014-04-17 13:16 - 2014-04-17 13:16 - 00000000 ____D () C:\Users\Stefan\AppData\Roaming\Zattoo 2014-04-17 13:16 - 2014-04-17 13:16 - 00000000 ____D () C:\Users\Stefan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Zattoo Europa AG 2014-04-17 13:16 - 2014-04-17 13:15 - 00000000 ____D () C:\Users\Stefan\AppData\Local\Deployment 2014-04-17 13:15 - 2014-04-17 13:15 - 00000000 ____D () C:\Users\Stefan\AppData\Local\Apps\2.0 2014-04-17 13:15 - 2014-04-17 13:15 - 00000000 ____D () C:\ProgramData\Package Cache 2014-04-17 13:12 - 2013-10-28 14:06 - 00017408 _____ () C:\Users\Stefan\AppData\Local\WebpageIcons.db 2014-04-15 10:52 - 2014-04-15 10:51 - 00000000 ____D () C:\Users\Stefan\Desktop\Interstuhl 2014-04-14 04:24 - 2014-05-06 09:35 - 00465408 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll 2014-04-14 04:19 - 2014-05-06 09:35 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll Some content of TEMP: ==================== C:\Users\Stefan\AppData\Local\Temp\autorun.dll C:\Users\Stefan\AppData\Local\Temp\Quarantine.exe ==================== Bamital & volsnap Check ================= C:\Windows\System32\winlogon.exe => MD5 is legit C:\Windows\System32\wininit.exe => MD5 is legit C:\Windows\SysWOW64\wininit.exe => MD5 is legit C:\Windows\explorer.exe => MD5 is legit C:\Windows\SysWOW64\explorer.exe => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\SysWOW64\svchost.exe => MD5 is legit C:\Windows\System32\services.exe => MD5 is legit C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\SysWOW64\User32.dll => MD5 is legit C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\SysWOW64\userinit.exe => MD5 is legit C:\Windows\System32\rpcss.dll => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit LastRegBack: 2014-05-09 08:36 ==================== End Of Log ============================ --- --- --- Code:
ATTFilter ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Junkware Removal Tool (JRT) by Thisisu Version: 6.1.4 (04.06.2014:1) OS: Windows 7 Professional x64 Ran by Stefan on 14.05.2014 at 11:41:23,49 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~ Services ~~~ Registry Values ~~~ Registry Keys Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{10397CF5-8768-4510-8F12-B8D001496C3A} ~~~ Files ~~~ Folders ~~~ FireFox Emptied folder: C:\Users\Stefan\AppData\Roaming\mozilla\firefox\profiles\k67ysfvy.default\minidumps [12 files] ~~~ Event Viewer Logs were cleared ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Scan was completed on 14.05.2014 at 11:53:21,21 End of JRT log ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Code:
ATTFilter Malwarebytes Anti-Malware www.malwarebytes.org Suchlauf Datum: 14.05.2014 Suchlauf-Zeit: 11:14:54 Logdatei: mbam.txt Administrator: Ja Version: 2.00.1.1004 Malware Datenbank: v2014.05.14.02 Rootkit Datenbank: v2014.03.27.01 Lizenz: Testversion Malware Schutz: Aktiviert Bösartiger Webseiten Schutz: Aktiviert Chameleon: Deaktiviert Betriebssystem: Windows 7 Service Pack 1 CPU: x64 Dateisystem: NTFS Benutzer: Stefan Suchlauf-Art: Bedrohungs-Suchlauf Ergebnis: Abgeschlossen Durchsuchte Objekte: 366195 Verstrichene Zeit: 14 Min, 35 Sek Speicher: Aktiviert Autostart: Aktiviert Dateisystem: Aktiviert Archive: Aktiviert Rootkits: Deaktiviert Shuriken: Aktiviert PUP: Aktiviert PUM: Aktiviert Prozesse: 0 (No malicious items detected) Module: 0 (No malicious items detected) Registrierungsschlüssel: 5 PUP.Optional.Delta.A, HKLM\SOFTWARE\CLASSES\APPID\{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}, In Quarantäne, [ba90064b9cdf78beddeb55061fe340c0], PUP.Optional.Delta.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\APPID\{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}, In Quarantäne, [ba90064b9cdf78beddeb55061fe340c0], PUP.Optional.Babylon.A, HKU\S-1-5-21-778539726-1508035087-141682171-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\BABSOLUTION\Updater, In Quarantäne, [f951292804774de91f491c9325de7888], PUP.Optional.InstallCore.A, HKU\S-1-5-21-778539726-1508035087-141682171-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\INSTALLCORE\1I1T1Q1S, In Quarantäne, [8dbdba977803b08640249efafe04d52b], PUP.Optional.InstallCore.A, HKU\S-1-5-21-778539726-1508035087-141682171-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\INSTALLCORE, In Quarantäne, [5ceec09185f6a294f0962b834eb5b14f], Registrierungswerte: 1 PUP.Optional.InstallCore.A, HKU\S-1-5-21-778539726-1508035087-141682171-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\INSTALLCORE|tb, 0L1N1H2O1S, In Quarantäne, [5ceec09185f6a294f0962b834eb5b14f] Registrierungsdaten: 1 PUP.Optional.StartPage.A, HKU\S-1-5-21-778539726-1508035087-141682171-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Start Page, hxxp://www.searchgol.com/?babsrc=HP_ss&mntrId=CEE0506313DEDF0F&affID=119357&tt=160913_m3&tsp=5015, Gut: (hxxp://www.google.com), Schlecht: (hxxp://www.searchgol.com/?babsrc=HP_ss&mntrId=CEE0506313DEDF0F&affID=119357&tt=160913_m3&tsp=5015),Ersetzt,[dc6e4f02215abb7bac41281e2fd5c13f] Ordner: 3 PUP.Optional.OpenCandy, C:\Users\Stefan\AppData\Roaming\OpenCandy, In Quarantäne, [88c27cd50a713ff7b410680628da6b95], PUP.Optional.OpenCandy, C:\Users\Stefan\AppData\Roaming\OpenCandy\A36957D12FF044AEA1376CF4805A068F, In Quarantäne, [88c27cd50a713ff7b410680628da6b95], PUP.Optional.ReMarkIt.A, C:\Program Files (x86)\Re-markit, In Quarantäne, [eb5f3021f784ff378595beb70200c040], Dateien: 29 PUP.Optional.Delta.A, C:\ProgramData\DSearchLink\DSearchLink.exe, In Quarantäne, [50facd8492e9a393ea42828d5aaace32], PUP.Optional.Amonetize, C:\Users\Stefan\AppData\Local\Temp\nsyB0EB.tmp\aminsis.dll, In Quarantäne, [d773f35e6b10c3736932212901006e92], PUP.Optional.Amonetize, C:\Users\Stefan\AppData\Local\Temp\~nsu.tmp\Au_.exe, In Quarantäne, [60ea63ee07748caa5942d8726a97b14f], PUP.Optional.PCPerformer.A, C:\Windows\System32\roboot64.exe, In Quarantäne, [19317fd2fd7e85b18aa3bdd522e0e21e], PUP.Software.Updater, C:\Windows\Tasks\AmiUpdXp.job, In Quarantäne, [2921a7aa87f45dd9bb45851bb34f07f9], PUP.Optional.OpenCandy, C:\Users\Stefan\AppData\Roaming\OpenCandy\A36957D12FF044AEA1376CF4805A068F\TuneUpUtilities2013-2200218_de-DE.exe, In Quarantäne, [88c27cd50a713ff7b410680628da6b95], PUP.Optional.Delta.A, C:\Users\Stefan\AppData\Roaming\Mozilla\Firefox\Profiles\k67ysfvy.default\prefs.js, Gut: (), Schlecht: (user_pref("extensions.delta.admin", false);), Ersetzt,[d179e26f35461125ec82284be81cc937] PUP.Optional.Delta.A, C:\Users\Stefan\AppData\Roaming\Mozilla\Firefox\Profiles\k67ysfvy.default\prefs.js, Gut: (), Schlecht: (user_pref("extensions.delta.aflt", "babsst");), Ersetzt,[1c2ee26f5328e94d541a7ef531d3e41c] PUP.Optional.Delta.A, C:\Users\Stefan\AppData\Roaming\Mozilla\Firefox\Profiles\k67ysfvy.default\prefs.js, Gut: (), Schlecht: (user_pref("extensions.delta.appId", "{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}");), Ersetzt,[79d17dd4cead55e1c9a5551e5ba90ef2] PUP.Optional.Delta.A, C:\Users\Stefan\AppData\Roaming\Mozilla\Firefox\Profiles\k67ysfvy.default\prefs.js, Gut: (), Schlecht: (user_pref("extensions.delta.autoRvrt", "false");), Ersetzt,[79d161f03249c57145290c6740c4f10f] PUP.Optional.Delta.A, C:\Users\Stefan\AppData\Roaming\Mozilla\Firefox\Profiles\k67ysfvy.default\prefs.js, Gut: (), Schlecht: (user_pref("extensions.delta.dfltLng", "de");), Ersetzt,[6ae0fd545d1ec274cca292e162a24fb1] PUP.Optional.Delta.A, C:\Users\Stefan\AppData\Roaming\Mozilla\Firefox\Profiles\k67ysfvy.default\prefs.js, Gut: (), Schlecht: (user_pref("extensions.delta.excTlbr", false);), Ersetzt,[3b0f70e10279bc7a89e5cea52fd518e8] PUP.Optional.Delta.A, C:\Users\Stefan\AppData\Roaming\Mozilla\Firefox\Profiles\k67ysfvy.default\prefs.js, Gut: (), Schlecht: (user_pref("extensions.delta.ffxUnstlRst", true);), Ersetzt,[67e3470aed8e03338de191e208fc7789] PUP.Optional.Delta.A, C:\Users\Stefan\AppData\Roaming\Mozilla\Firefox\Profiles\k67ysfvy.default\prefs.js, Gut: (), Schlecht: (user_pref("extensions.delta.id", "cee0f7ca000000000000506313dedf0f");), Ersetzt,[1d2d3120e695bd7996d86112c341dd23] PUP.Optional.Delta.A, C:\Users\Stefan\AppData\Roaming\Mozilla\Firefox\Profiles\k67ysfvy.default\prefs.js, Gut: (), Schlecht: (user_pref("extensions.delta.instlDay", "15972");), Ersetzt,[83c7bd94a8d31620c9a55a19848050b0] PUP.Optional.Delta.A, C:\Users\Stefan\AppData\Roaming\Mozilla\Firefox\Profiles\k67ysfvy.default\prefs.js, Gut: (), Schlecht: (user_pref("extensions.delta.instlRef", "sst");), Ersetzt,[2129fb56255606304925ec879f650000] PUP.Optional.Delta.A, C:\Users\Stefan\AppData\Roaming\Mozilla\Firefox\Profiles\k67ysfvy.default\prefs.js, Gut: (), Schlecht: (user_pref("extensions.delta.newTab", false);), Ersetzt,[36147ed3ee8dfa3c26484c27e1233dc3] PUP.Optional.Delta.A, C:\Users\Stefan\AppData\Roaming\Mozilla\Firefox\Profiles\k67ysfvy.default\prefs.js, Gut: (), Schlecht: (user_pref("extensions.delta.prdct", "delta");), Ersetzt,[a7a3351c0f6c9a9c0c625e152fd513ed] PUP.Optional.Delta.A, C:\Users\Stefan\AppData\Roaming\Mozilla\Firefox\Profiles\k67ysfvy.default\prefs.js, Gut: (), Schlecht: (user_pref("extensions.delta.prtnrId", "delta");), Ersetzt,[ea601d340c6f39fde08eadc639cb669a] PUP.Optional.Delta.A, C:\Users\Stefan\AppData\Roaming\Mozilla\Firefox\Profiles\k67ysfvy.default\prefs.js, Gut: (), Schlecht: (user_pref("extensions.delta.rvrt", "false");), Ersetzt,[b694cd84eb901026e787274cad578878] PUP.Optional.Delta.A, C:\Users\Stefan\AppData\Roaming\Mozilla\Firefox\Profiles\k67ysfvy.default\prefs.js, Gut: (), Schlecht: (user_pref("extensions.delta.smplGrp", "none");), Ersetzt,[a2a8a9a8552652e4f975155ed82c2dd3] PUP.Optional.Delta.A, C:\Users\Stefan\AppData\Roaming\Mozilla\Firefox\Profiles\k67ysfvy.default\prefs.js, Gut: (), Schlecht: (user_pref("extensions.delta.tlbrId", "base");), Ersetzt,[5dedd47dabd078be89e5fe75cb39a060] PUP.Optional.Delta.A, C:\Users\Stefan\AppData\Roaming\Mozilla\Firefox\Profiles\k67ysfvy.default\prefs.js, Gut: (), Schlecht: (user_pref("extensions.delta.tlbrSrchUrl", "");), Ersetzt,[23270b46dc9f95a1d5991f54be4610f0] PUP.Optional.Delta.A, C:\Users\Stefan\AppData\Roaming\Mozilla\Firefox\Profiles\k67ysfvy.default\prefs.js, Gut: (), Schlecht: (user_pref("extensions.delta.vrsn", "1.8.24.6");), Ersetzt,[3d0d2f224d2ee551046a1162dc28f40c] PUP.Optional.Delta.A, C:\Users\Stefan\AppData\Roaming\Mozilla\Firefox\Profiles\k67ysfvy.default\prefs.js, Gut: (), Schlecht: (user_pref("extensions.delta.vrsnTs", "1.8.24.610:09:15");), Ersetzt,[e46666eb6b107abc47272f44d232f907] PUP.Optional.Delta.A, C:\Users\Stefan\AppData\Roaming\Mozilla\Firefox\Profiles\k67ysfvy.default\prefs.js, Gut: (), Schlecht: (user_pref("extensions.delta.vrsni", "1.8.24.6");), Ersetzt,[b29894bd7a013105f777e58ec440c040] PUP.Optional.Delta.A, C:\Users\Stefan\AppData\Roaming\Mozilla\Firefox\Profiles\k67ysfvy.default\prefs.js, Gut: (), Schlecht: (user_pref("extensions.delta_i.babExt", "");), Ersetzt,[ed5d173a1368171f6509d0a3986cb050] PUP.Optional.Delta.A, C:\Users\Stefan\AppData\Roaming\Mozilla\Firefox\Profiles\k67ysfvy.default\prefs.js, Gut: (), Schlecht: (user_pref("extensions.delta_i.babTrack", "affID=119357&tt=160913_m3&tsp=5015");), Ersetzt,[3713cf82a7d4ba7c541a403331d3728e] PUP.Optional.Delta.A, C:\Users\Stefan\AppData\Roaming\Mozilla\Firefox\Profiles\k67ysfvy.default\prefs.js, Gut: (), Schlecht: (user_pref("extensions.delta_i.srcExt", "ss");), Ersetzt,[7dcd88c924579d99bcb25320db2942be] Physische Sektoren: 0 (No malicious items detected) (end) Und mal wieder herzlichen Dank! Ist wirklich ne super schnelle Sache hier Habe alles wie beschrieben an allen Rechnern durchgeführt... heute morgen kam schon wieder eine solche Email. Ich poste dir hier mal den Inhalt Code:
ATTFilter This message was created automatically by mail delivery software. A message that you sent could not be delivered to one or more of its recipients. This is a permanent error. The following address failed: "***@t-online.de": SMTP error from remote server after transfer of mail text: host: mx00.t-online.de 5.7.0 Message considered as spam or virus, rejected 5.7.0 Your IP: 212.227.126.130 5.7.0 Mailhost: mailin57.aul.t-online.de 5.7.0 Timestamp: 2014-05-15T06:27:10Z 5.7.0 Expurgate-ID: 149288::1400135230-00001464-9DE68B58/0-12877356342/0-10 5.7.0 Authenticator: 70E542E1C7DBAA2FE89B0A55B90293EEBF513C93BFCC94FA6FE4DD1F29C8FB0227DB1B4D 5.7.0 5.7.0 Your message has been rejected due to spam or virus classification. 5.7.0 If you feel this is inapplicable, please report the above error codes 5.7.0 back to FPR@RX.T-ONLINE.DE to help us fix possible misclassification. 5.7.0 We apologize for any inconvenience and thank you for your assistance! 5.7.0 5.7.0 Die Annahme Ihrer Nachricht wurde abgelehnt, da sie als Spam oder 5.7.0 Virus eingestuft wurde. Sollten Sie dies als unzutreffend ansehen, 5.7.0 senden Sie bitte obige Fehlercodes an FPR@RX.T-ONLINE.DE, damit wir 5.7.0 die Klassifizierung untersuchen können. Wir entschuldigen uns für 5.7.0 etwaige Unannehmlichkeiten und bedanken uns für Ihre Unterstützung! --- The header of the original message is following. --- Received: from [212.227.17.191] ([212.227.17.191]) by mx.kundenserver.de (mxeue002) with ESMTP (Nemesis) id 0MKAJ3-1Wjzmi3h1p-001T9c for <***@t-online.de>; Thu, 15 May 2014 08:27:10 +0200 Received: from trackclick.co ([207.36.91.105]) by mx.kundenserver.de (mxeue002) with ESMTP (Nemesis) id 0MhtSd-1WPYz83gqh-00Mq1u for <info@***.de>; Thu, 15 May 2014 08:27:09 +0200 Date: Thu, 15 May 2014 02:27:07 -0400 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=listclick.co; s=default; t=1400135227; bh=YzCAnYQ2RLUIJ9l2GQMbhipEGev7ik3hTwcKOrL9+xk=; h=From:Subject:To:Reply-To:List-ID:List-Unsubscribe; b=c0aPrqQrwFosP1zbtVvtx8hAYAvYqEYtaK3k4eUjashhkLRQIEvnpVkQod6J212T2 HxR3WEwN43PGYgG7Tt68u4kNvJdBe6jWwKalfSJB1TdEsIcw6Gfci1RAZolkp6lTK4 UvjLRmcr56YudPPIEspBJrDqSBZLa2ANpUv1dg2w= From: Ralf Schneider <returntrack@listclick.co> Subject: So verdienen Affiliates jedes Jahr bis zu 1.237.784 Euro von zu Hause aus.. To: info@***.de Sender: returntrack@listclick.co Reply-To: "Ralf Schneider" <rallemeuller72@gmail.com> Precedence: bulk Content-Type: multipart/alternative; boundary="_----------=_1400135187115970" List: Firmen2 MIME-Version: 1.0 X-Mailer: liststream Mailer List-Track: iulife521400135186 List-Encode: c2z3mjv94s3wh75j5hv9o85jh78j5j5h0hkt5j List-ID: 338 List-Unsubscribe: <unsubscribe@listclick.co> X-Bulkmail: 3.12 Message-Id: <20140515062707.E4CEC1B08B9@trackclick.co> Content-Transfer-Encoding: 7bit |
16.05.2014, 09:37 | #8 |
/// the machine /// TB-Ausbilder | Email Account gehackt? Mail Delivery Das Passwort ist schon geändert? ESET Online Scanner
Downloade Dir bitte SecurityCheck und:
und ein frisches FRST log bitte. Noch Probleme?
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
16.05.2014, 11:49 | #9 |
| Email Account gehackt? Mail Delivery Ja, das Passwort wurde bereits geändert. Ich lasse jetzt die genannten Programme durchlaufen und werde dann die Dateien posten. Grüße Hier PC 1 Code:
ATTFilter Results of screen317's Security Check version 0.99.82 Windows 7 Service Pack 1 x64 (UAC is enabled) Internet Explorer 11 ``````````````Antivirus/Firewall Check:`````````````` Kaspersky Internet Security Antivirus up to date! (On Access scanning disabled!) `````````Anti-malware/Other Utilities Check:````````` Adobe Flash Player 13.0.0.214 Mozilla Firefox (29.0.1) ````````Process Check: objlist.exe by Laurent```````` Malwarebytes Anti-Malware mbamservice.exe Malwarebytes Anti-Malware mbam.exe `````````````````System Health check````````````````` Total Fragmentation on Drive C: ````````````````````End of Log`````````````````````` FRST Logfile: FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 15-05-2014 Ran by buero heuser (administrator) on BUEROHEUSER-PC on 16-05-2014 12:10:40 Running from C:\Users\buero heuser\Desktop\Viren_Software Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: German Standard Internet Explorer Version 11 Boot Mode: Normal ==================== Processes (Whitelisted) ================= (Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe (Intel Corporation) C:\Windows\System32\IPROSetMonitor.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe (Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe (Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe (Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Intel Corporation) C:\Windows\System32\igfxtray.exe (Intel Corporation) C:\Windows\System32\hkcmd.exe (Intel Corporation) C:\Windows\System32\igfxpers.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (shbox.de) C:\Program Files (x86)\FreePDF_XP\fpassist.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PrivacyIconClient.exe (CSS Group®) C:\Program Files (x86)\CSS Group Systems Corp\CSS Group Kassensystem Einzelhandel 2008\CSSKS50.exe (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Microsoft Corporation) C:\Windows\splwow64.exe (Intel Corporation) C:\Windows\System32\igfxsrvc.exe ==================== Registry (Whitelisted) ================== HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13374568 2011-12-13] (Realtek Semiconductor) HKLM-x32\...\Run: [IMSS] => C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe [133400 2012-02-07] (Intel Corporation) HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [291608 2012-01-26] (Intel Corporation) HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [284440 2011-11-29] (Intel Corporation) HKLM-x32\...\Run: [GrooveMonitor] => C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [31016 2006-10-27] (Microsoft Corporation) HKLM-x32\...\Run: [FreePDF Assistant] => C:\Program Files (x86)\FreePDF_XP\fpassist.exe [385024 2009-09-05] (shbox.de) Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation) ==================== Internet (Whitelisted) ==================== HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xA84333675B38CE01 HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de BHO: Content Blocker Plugin - {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\x64\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO) BHO: Virtual Keyboard Plugin - {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO) BHO: Safe Money Plugin - {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\x64\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO) BHO: URL Advisor Plugin - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\x64\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO) BHO-x32: Content Blocker Plugin - {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO) BHO-x32: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation) BHO-x32: Virtual Keyboard Plugin - {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO) BHO-x32: Safe Money Plugin - {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO) BHO-x32: URL Advisor Plugin - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO) Tcpip\Parameters: [DhcpNameServer] 192.168.178.1 FireFox: ======== FF ProfilePath: C:\Users\buero heuser\AppData\Roaming\Mozilla\Firefox\Profiles\d0pagp99.default FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_13_0_0_214.dll () FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_214.dll () FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.0.59 - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation) FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation) FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml FF HKLM-x32\...\Firefox\Extensions: - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\url_advisor@kaspersky.com FF Extension: 卡巴斯基網址顧問 - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\url_advisor@kaspersky.com [2013-11-23] FF HKLM-x32\...\Firefox\Extensions: [virtual_keyboard@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\virtual_keyboard@kaspersky.com FF Extension: 虛擬鍵盤 - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\virtual_keyboard@kaspersky.com [2013-11-23] FF HKLM-x32\...\Firefox\Extensions: [content_blocker@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\content_blocker@kaspersky.com FF Extension: 惡意網站攔截器 - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\content_blocker@kaspersky.com [2013-11-23] FF HKLM-x32\...\Firefox\Extensions: [anti_banner@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\anti_banner@kaspersky.com FF Extension: Chặn quảng cáo - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\anti_banner@kaspersky.com [2013-11-23] FF HKLM-x32\...\Firefox\Extensions: [online_banking@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\online_banking@kaspersky.com FF Extension: Safe Money - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\online_banking@kaspersky.com [2013-11-23] ==================== Services (Whitelisted) ================= S2 AVP; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avp.exe [214512 2013-10-17] (Kaspersky Lab ZAO) R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [128280 2012-02-07] () R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [161560 2012-02-07] (Intel Corporation) R2 MBAMScheduler; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe [1809720 2014-04-03] (Malwarebytes Corporation) R2 MBAMService; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [857912 2014-04-03] (Malwarebytes Corporation) ==================== Drivers (Whitelisted) ==================== R0 kl1; C:\Windows\System32\DRIVERS\kl1.sys [458336 2013-11-23] (Kaspersky Lab ZAO) S4 klflt; C:\Windows\System32\DRIVERS\klflt.sys [115296 2014-03-20] (Kaspersky Lab ZAO) R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [625248 2014-03-20] (Kaspersky Lab ZAO) R1 KLIM6; C:\Windows\System32\DRIVERS\klim6.sys [29792 2013-10-17] (Kaspersky Lab ZAO) R3 klkbdflt; C:\Windows\System32\DRIVERS\klkbdflt.sys [29280 2014-02-17] (Kaspersky Lab ZAO) R3 klmouflt; C:\Windows\System32\DRIVERS\klmouflt.sys [29280 2013-10-17] (Kaspersky Lab ZAO) R1 klpd; C:\Windows\System32\DRIVERS\klpd.sys [15456 2013-04-12] (Kaspersky Lab ZAO) R1 kltdi; C:\Windows\System32\DRIVERS\kltdi.sys [55904 2013-05-14] (Kaspersky Lab ZAO) R1 kneps; C:\Windows\System32\DRIVERS\kneps.sys [178272 2013-12-18] (Kaspersky Lab ZAO) R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-04-03] (Malwarebytes Corporation) R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [119512 2014-05-16] (Malwarebytes Corporation) R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63192 2014-04-03] (Malwarebytes Corporation) R1 Serial; C:\Windows\System32\DRIVERS\serial.sys [94208 2009-07-14] (Brother Industries Ltd.) ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2014-05-16 11:41 - 2014-05-16 11:33 - 00855379 _____ () C:\Users\buero heuser\Desktop\2SecurityCheck.exe 2014-05-16 11:41 - 2014-05-16 11:32 - 02347384 _____ (ESET) C:\Users\buero heuser\Desktop\1esetsmartinstaller_deu.exe 2014-05-15 08:11 - 2014-05-15 08:11 - 00000000 __SHD () C:\Users\buero heuser\AppData\Local\EmieUserList 2014-05-15 08:11 - 2014-05-15 08:11 - 00000000 __SHD () C:\Users\buero heuser\AppData\Local\EmieSiteList 2014-05-14 18:13 - 2014-05-06 06:40 - 23544320 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2014-05-14 18:13 - 2014-05-06 06:17 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2014-05-14 18:13 - 2014-05-06 05:25 - 17382912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2014-05-14 18:13 - 2014-05-06 05:07 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb 2014-05-14 18:13 - 2014-05-06 05:00 - 00084992 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll 2014-05-14 18:13 - 2014-05-06 04:10 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll 2014-05-14 14:53 - 2014-05-16 12:10 - 00000000 ____D () C:\Users\buero heuser\Desktop\Viren_Software 2014-05-14 14:40 - 2014-05-14 14:40 - 00000000 ____D () C:\Windows\ERUNT 2014-05-14 14:37 - 2014-05-14 14:40 - 00000000 ____D () C:\AdwCleaner 2014-05-14 14:27 - 2014-05-16 09:22 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2014-05-14 14:27 - 2014-05-14 14:27 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 2014-05-14 14:27 - 2014-05-14 14:27 - 00000000 ____D () C:\ProgramData\Malwarebytes 2014-05-14 14:27 - 2014-05-14 14:27 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 2014-05-14 14:27 - 2014-04-03 09:51 - 00088280 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys 2014-05-14 14:27 - 2014-04-03 09:51 - 00063192 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys 2014-05-14 14:27 - 2014-04-03 09:50 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys 2014-05-14 14:23 - 2014-05-14 14:23 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group 2014-05-14 10:50 - 2014-05-14 10:50 - 17938608 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe 2014-05-14 08:06 - 2014-05-09 08:14 - 00477184 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll 2014-05-14 08:06 - 2014-05-09 08:11 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll 2014-05-14 08:06 - 2014-04-12 04:22 - 00155072 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys 2014-05-14 08:06 - 2014-04-12 04:22 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys 2014-05-14 08:06 - 2014-04-12 04:19 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll 2014-05-14 08:06 - 2014-04-12 04:19 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll 2014-05-14 08:06 - 2014-04-12 04:19 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe 2014-05-14 08:06 - 2014-04-12 04:19 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll 2014-05-14 08:06 - 2014-04-12 04:19 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll 2014-05-14 08:06 - 2014-04-12 04:12 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll 2014-05-14 08:06 - 2014-04-12 04:10 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll 2014-05-14 08:06 - 2014-03-25 04:43 - 14175744 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll 2014-05-14 08:06 - 2014-03-25 04:09 - 12874240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll 2014-05-14 08:06 - 2014-03-04 11:47 - 05550016 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe 2014-05-14 08:06 - 2014-03-04 11:44 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll 2014-05-14 08:06 - 2014-03-04 11:44 - 00722944 _____ (Microsoft Corporation) C:\Windows\system32\objsel.dll 2014-05-14 08:06 - 2014-03-04 11:44 - 00424960 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll 2014-05-14 08:06 - 2014-03-04 11:44 - 00340992 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll 2014-05-14 08:06 - 2014-03-04 11:44 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll 2014-05-14 08:06 - 2014-03-04 11:44 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll 2014-05-14 08:06 - 2014-03-04 11:44 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll 2014-05-14 08:06 - 2014-03-04 11:44 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\wincredprovider.dll 2014-05-14 08:06 - 2014-03-04 11:43 - 00455168 _____ (Microsoft Corporation) C:\Windows\system32\winlogon.exe 2014-05-14 08:06 - 2014-03-04 11:43 - 00057344 _____ (Microsoft Corporation) C:\Windows\system32\cngprovider.dll 2014-05-14 08:06 - 2014-03-04 11:43 - 00056832 _____ (Microsoft Corporation) C:\Windows\system32\adprovider.dll 2014-05-14 08:06 - 2014-03-04 11:43 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\capiprovider.dll 2014-05-14 08:06 - 2014-03-04 11:43 - 00052736 _____ (Microsoft Corporation) C:\Windows\system32\dpapiprovider.dll 2014-05-14 08:06 - 2014-03-04 11:43 - 00044544 _____ (Microsoft Corporation) C:\Windows\system32\dimsroam.dll 2014-05-14 08:06 - 2014-03-04 11:43 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll 2014-05-14 08:06 - 2014-03-04 11:20 - 03969984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe 2014-05-14 08:06 - 2014-03-04 11:20 - 03914176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe 2014-05-14 08:06 - 2014-03-04 11:17 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll 2014-05-14 08:06 - 2014-03-04 11:17 - 00538112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\objsel.dll 2014-05-14 08:06 - 2014-03-04 11:17 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll 2014-05-14 08:06 - 2014-03-04 11:17 - 00247808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll 2014-05-14 08:06 - 2014-03-04 11:17 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll 2014-05-14 08:06 - 2014-03-04 11:17 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll 2014-05-14 08:06 - 2014-03-04 11:17 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cngprovider.dll 2014-05-14 08:06 - 2014-03-04 11:17 - 00049664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adprovider.dll 2014-05-14 08:06 - 2014-03-04 11:17 - 00048128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\capiprovider.dll 2014-05-14 08:06 - 2014-03-04 11:17 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dpapiprovider.dll 2014-05-14 08:06 - 2014-03-04 11:17 - 00036864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dimsroam.dll 2014-05-14 08:06 - 2014-03-04 11:17 - 00035328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wincredprovider.dll 2014-05-14 08:06 - 2014-03-04 11:17 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll 2014-05-14 08:06 - 2014-03-04 11:16 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll 2014-05-13 10:32 - 2014-05-16 12:10 - 00000000 ____D () C:\FRST 2014-05-12 08:46 - 2014-05-12 08:46 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox 2014-05-06 18:31 - 2014-05-15 07:57 - 00000000 ___SD () C:\Windows\system32\CompatTel 2014-04-29 18:32 - 2014-03-06 11:31 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll 2014-04-29 18:32 - 2014-03-06 10:59 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll 2014-04-29 18:32 - 2014-03-06 10:57 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll 2014-04-29 18:32 - 2014-03-06 10:57 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll 2014-04-29 18:32 - 2014-03-06 10:53 - 02767360 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2014-04-29 18:32 - 2014-03-06 10:40 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll 2014-04-29 18:32 - 2014-03-06 10:39 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll 2014-04-29 18:32 - 2014-03-06 10:32 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll 2014-04-29 18:32 - 2014-03-06 10:29 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe 2014-04-29 18:32 - 2014-03-06 10:29 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe 2014-04-29 18:32 - 2014-03-06 10:28 - 00752640 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll 2014-04-29 18:32 - 2014-03-06 10:15 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe 2014-04-29 18:32 - 2014-03-06 10:11 - 05784064 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2014-04-29 18:32 - 2014-03-06 10:09 - 00453120 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll 2014-04-29 18:32 - 2014-03-06 10:03 - 00586240 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe 2014-04-29 18:32 - 2014-03-06 10:02 - 00455168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll 2014-04-29 18:32 - 2014-03-06 10:02 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll 2014-04-29 18:32 - 2014-03-06 10:01 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll 2014-04-29 18:32 - 2014-03-06 09:56 - 00038400 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll 2014-04-29 18:32 - 2014-03-06 09:48 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll 2014-04-29 18:32 - 2014-03-06 09:47 - 02178048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2014-04-29 18:32 - 2014-03-06 09:46 - 04254720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll 2014-04-29 18:32 - 2014-03-06 09:46 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll 2014-04-29 18:32 - 2014-03-06 09:45 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll 2014-04-29 18:32 - 2014-03-06 09:42 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll 2014-04-29 18:32 - 2014-03-06 09:40 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll 2014-04-29 18:32 - 2014-03-06 09:38 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe 2014-04-29 18:32 - 2014-03-06 09:36 - 00592896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll 2014-04-29 18:32 - 2014-03-06 09:22 - 00367616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll 2014-04-29 18:32 - 2014-03-06 09:21 - 00628736 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2014-04-29 18:32 - 2014-03-06 09:13 - 00032256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll 2014-04-29 18:32 - 2014-03-06 09:11 - 02043904 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl 2014-04-29 18:32 - 2014-03-06 09:07 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll 2014-04-29 18:32 - 2014-03-06 09:01 - 00244224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll 2014-04-29 18:32 - 2014-03-06 08:53 - 13551104 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2014-04-29 18:32 - 2014-03-06 08:46 - 00524288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll 2014-04-29 18:32 - 2014-03-06 08:40 - 01967104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl 2014-04-29 18:32 - 2014-03-06 08:36 - 11745792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2014-04-29 18:32 - 2014-03-06 08:22 - 02260480 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2014-04-29 18:32 - 2014-03-06 07:58 - 01400832 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2014-04-29 18:32 - 2014-03-06 07:50 - 00846336 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll 2014-04-29 18:32 - 2014-03-06 07:43 - 00704512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll 2014-04-29 18:32 - 2014-03-06 07:41 - 01789440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2014-04-29 18:32 - 2014-03-06 07:36 - 01143808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll ==================== One Month Modified Files and Folders ======= 2014-05-16 12:10 - 2014-05-14 14:53 - 00000000 ____D () C:\Users\buero heuser\Desktop\Viren_Software 2014-05-16 12:10 - 2014-05-13 10:32 - 00000000 ____D () C:\FRST 2014-05-16 11:50 - 2013-09-09 07:44 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job 2014-05-16 11:33 - 2014-05-16 11:41 - 00855379 _____ () C:\Users\buero heuser\Desktop\2SecurityCheck.exe 2014-05-16 11:32 - 2014-05-16 11:41 - 02347384 _____ (ESET) C:\Users\buero heuser\Desktop\1esetsmartinstaller_deu.exe 2014-05-16 10:58 - 2013-04-13 17:28 - 00003982 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{B1158681-E919-4ED9-90B9-D778ACBD906E} 2014-05-16 10:30 - 2013-04-15 09:48 - 00204780 _____ () C:\fpRedmon.log 2014-05-16 10:30 - 2013-04-15 09:48 - 00000000 ____D () C:\Users\buero heuser\AppData\Local\FreePDF_XP 2014-05-16 10:19 - 2013-04-13 17:11 - 00000000 ____D () C:\ProgramData\Kaspersky Lab 2014-05-16 09:47 - 2013-04-13 16:25 - 01952562 _____ () C:\Windows\WindowsUpdate.log 2014-05-16 09:22 - 2014-05-14 14:27 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2014-05-16 08:50 - 2009-07-14 07:32 - 00000000 ____D () C:\Windows\system32\FxsTmp 2014-05-16 08:24 - 2013-04-13 16:45 - 00000000 ____D () C:\ProgramData\CSS Group 2014-05-16 08:10 - 2009-07-14 06:45 - 00021872 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2014-05-16 08:10 - 2009-07-14 06:45 - 00021872 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2014-05-16 08:08 - 2011-04-12 09:43 - 00699432 _____ () C:\Windows\system32\perfh007.dat 2014-05-16 08:08 - 2011-04-12 09:43 - 00149572 _____ () C:\Windows\system32\perfc007.dat 2014-05-16 08:08 - 2009-07-14 07:13 - 01620684 _____ () C:\Windows\system32\PerfStringBackup.INI 2014-05-16 08:02 - 2013-04-13 16:29 - 00000828 _____ () C:\Windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon.job 2014-05-16 08:02 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2014-05-16 08:02 - 2009-07-14 06:51 - 00085494 _____ () C:\Windows\setupact.log 2014-05-15 15:25 - 2013-04-13 16:29 - 00000830 _____ () C:\Windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d.job 2014-05-15 13:05 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\rescache 2014-05-15 08:11 - 2014-05-15 08:11 - 00000000 __SHD () C:\Users\buero heuser\AppData\Local\EmieUserList 2014-05-15 08:11 - 2014-05-15 08:11 - 00000000 __SHD () C:\Users\buero heuser\AppData\Local\EmieSiteList 2014-05-15 07:59 - 2013-04-13 16:25 - 00000000 ___RD () C:\Users\buero heuser\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup 2014-05-15 07:59 - 2013-04-13 16:25 - 00000000 ___RD () C:\Users\buero heuser\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools 2014-05-15 07:57 - 2014-05-06 18:31 - 00000000 ___SD () C:\Windows\system32\CompatTel 2014-05-15 07:57 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\PolicyDefinitions 2014-05-14 14:40 - 2014-05-14 14:40 - 00000000 ____D () C:\Windows\ERUNT 2014-05-14 14:40 - 2014-05-14 14:37 - 00000000 ____D () C:\AdwCleaner 2014-05-14 14:38 - 2010-11-21 05:47 - 00103032 _____ () C:\Windows\PFRO.log 2014-05-14 14:27 - 2014-05-14 14:27 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 2014-05-14 14:27 - 2014-05-14 14:27 - 00000000 ____D () C:\ProgramData\Malwarebytes 2014-05-14 14:27 - 2014-05-14 14:27 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 2014-05-14 14:23 - 2014-05-14 14:23 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group 2014-05-14 10:50 - 2014-05-14 10:50 - 17938608 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe 2014-05-14 10:50 - 2013-09-09 07:44 - 00692400 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2014-05-14 10:50 - 2013-09-09 07:44 - 00070832 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2014-05-14 10:50 - 2013-09-09 07:44 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater 2014-05-13 07:51 - 2013-04-15 10:11 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service 2014-05-12 08:46 - 2014-05-12 08:46 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox 2014-05-09 08:14 - 2014-05-14 08:06 - 00477184 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll 2014-05-09 08:11 - 2014-05-14 08:06 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll 2014-05-06 06:40 - 2014-05-14 18:13 - 23544320 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2014-05-06 06:17 - 2014-05-14 18:13 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2014-05-06 05:25 - 2014-05-14 18:13 - 17382912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2014-05-06 05:07 - 2014-05-14 18:13 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb 2014-05-06 05:00 - 2014-05-14 18:13 - 00084992 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll 2014-05-06 04:10 - 2014-05-14 18:13 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll Some content of TEMP: ==================== C:\Users\buero heuser\AppData\Local\Temp\fp_pl_pfs_installer.exe C:\Users\buero heuser\AppData\Local\Temp\NEWB65.tmp.exe C:\Users\buero heuser\AppData\Local\Temp\ose00000.exe C:\Users\buero heuser\AppData\Local\Temp\Quarantine.exe C:\Users\buero heuser\AppData\Local\Temp\setup.exe C:\Users\buero heuser\AppData\Local\Temp\_is1370.exe ==================== Bamital & volsnap Check ================= C:\Windows\System32\winlogon.exe [2014-05-14 08:06] - [2014-03-04 11:43] - 0455168 ____A (Microsoft Corporation) 88AB9B72B4BF3963A0DE0820B4B0B06C C:\Windows\System32\wininit.exe => MD5 is legit C:\Windows\SysWOW64\wininit.exe => MD5 is legit C:\Windows\explorer.exe => MD5 is legit C:\Windows\SysWOW64\explorer.exe => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\SysWOW64\svchost.exe => MD5 is legit C:\Windows\System32\services.exe => MD5 is legit C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\SysWOW64\User32.dll => MD5 is legit C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\SysWOW64\userinit.exe => MD5 is legit C:\Windows\System32\rpcss.dll => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit LastRegBack: 2014-05-09 11:57 ==================== End Of Log ============================ --- --- --- --- --- --- Code:
ATTFilter ESETSmartInstaller@High as downloader log: all ok # version=8 # OnlineScannerApp.exe=1.0.0.1 # OnlineScanner.ocx=1.0.0.6920 # api_version=3.0.2 # EOSSerial=0005c03f09f73f44b2c6f8e7e066e237 # engine=18285 # end=finished # remove_checked=false # archives_checked=true # unwanted_checked=true # unsafe_checked=false # antistealth_checked=true # utc_time=2014-05-16 10:05:41 # local_time=2014-05-16 12:05:41 (+0100, Mitteleuropäische Sommerzeit) # country="Germany" # lang=1031 # osver=6.1.7601 NT Service Pack 1 # compatibility_mode=5893 16776573 100 94 14293 151864591 0 0 # scanned=111840 # found=0 # cleaned=0 # scan_time=1326 Code:
ATTFilter Results of screen317's Security Check version 0.99.82 Windows 7 Service Pack 1 x64 (UAC is enabled) Internet Explorer 11 ``````````````Antivirus/Firewall Check:`````````````` Kaspersky Internet Security Antivirus up to date! (On Access scanning disabled!) `````````Anti-malware/Other Utilities Check:````````` Java(TM) 6 Update 31 Java 2 Runtime Environment, SE v1.4.2_19 Java version out of Date! Adobe Flash Player 13.0.0.214 Adobe Reader 10.1.10 Adobe Reader out of Date! Mozilla Firefox (29.0.1) ````````Process Check: objlist.exe by Laurent```````` Malwarebytes Anti-Malware mbamservice.exe Malwarebytes Anti-Malware mbam.exe Kaspersky Lab Kaspersky Internet Security 14.0.0 avpui.exe `````````````````System Health check````````````````` Total Fragmentation on Drive C: ````````````````````End of Log`````````````````````` FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 15-05-2014 Ran by Heuser (administrator) on HEUSER-PC on 16-05-2014 12:43:39 Running from C:\Users\Heuser\Desktop Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: German Standard Internet Explorer Version 11 Boot Mode: Normal ==================== Processes (Whitelisted) ================= (Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avp.exe (Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe (Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe (Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avpui.exe (Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe (Intel Corporation) C:\Windows\System32\igfxtray.exe (Intel Corporation) C:\Windows\System32\hkcmd.exe (Intel Corporation) C:\Windows\System32\igfxpers.exe (Dropbox, Inc.) C:\Users\Heuser\AppData\Roaming\Dropbox\bin\Dropbox.exe (Intel Corporation) C:\Windows\System32\igfxsrvc.exe (shbox.de) C:\Program Files (x86)\FreePDF_XP\fpassist.exe (Nuance Communications, Inc.) C:\Program Files (x86)\ScanSoft\PaperPort\pptd40nt.exe (Sun Microsystems, Inc.) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe () C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe (Brother Industries, Ltd.) C:\Program Files (x86)\Brother\ControlCenter3\BrccMCtl.exe (Brother Industries, Ltd.) C:\Program Files (x86)\Brother\Brmfcmon\BrMfimon.exe ==================== Registry (Whitelisted) ================== HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated) HKLM-x32\...\Run: [FreePDF Assistant] => C:\Program Files (x86)\FreePDF_XP\fpassist.exe [385024 2009-09-05] (shbox.de) HKLM-x32\...\Run: [GrooveMonitor] => C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [31016 2006-10-27] (Microsoft Corporation) HKLM-x32\...\Run: [SSBkgdUpdate] => C:\Program Files (x86)\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe [210472 2006-10-25] (Nuance Communications, Inc.) HKLM-x32\...\Run: [PaperPort PTD] => C:\Program Files (x86)\ScanSoft\PaperPort\pptd40nt.exe [29984 2008-07-10] (Nuance Communications, Inc.) HKLM-x32\...\Run: [IndexSearch] => C:\Program Files (x86)\ScanSoft\PaperPort\IndexSearch.exe [46368 2008-07-10] (Nuance Communications, Inc.) HKLM-x32\...\Run: [PPort11reminder] => C:\Program Files (x86)\ScanSoft\PaperPort\Ereg\Ereg.exe [328992 2007-08-31] (Nuance Communications, Inc.) HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254696 2012-01-18] (Sun Microsystems, Inc.) HKLM-x32\...\Run: [BrMfcWnd] => C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe [1163264 2011-04-01] () HKLM-x32\...\Run: [ControlCenter3] => C:\Program Files (x86)\Brother\ControlCenter3\brctrcen.exe [114688 2008-12-24] (Brother Industries, Ltd.) Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation) Startup: C:\Users\Heuser\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk ShortcutTarget: Dropbox.lnk -> C:\Users\Heuser\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) ==================== Internet (Whitelisted) ==================== HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x42F618F31893CC01 HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de BHO: Content Blocker Plugin - {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\x64\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO) BHO: Virtual Keyboard Plugin - {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO) BHO: Safe Money Plugin - {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\x64\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO) BHO: URL Advisor Plugin - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\x64\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO) BHO-x32: Content Blocker Plugin - {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO) BHO-x32: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation) BHO-x32: Virtual Keyboard Plugin - {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO) BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.) BHO-x32: Safe Money Plugin - {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO) BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.) BHO-x32: URL Advisor Plugin - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO) Tcpip\Parameters: [DhcpNameServer] 192.168.178.1 FireFox: ======== FF ProfilePath: C:\Users\Heuser\AppData\Roaming\Mozilla\Firefox\Profiles\dxetymwl.default FF Homepage: hxxp://www.t-online.de/ FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_13_0_0_214.dll () FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_214.dll () FF Plugin-x32: @java.com/JavaPlugin - C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.) FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml FF HKLM-x32\...\Firefox\Extensions: - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\url_advisor@kaspersky.com FF Extension: 卡巴斯基網址顧問 - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\url_advisor@kaspersky.com [2013-11-11] FF HKLM-x32\...\Firefox\Extensions: [virtual_keyboard@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\virtual_keyboard@kaspersky.com FF Extension: 虛擬鍵盤 - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\virtual_keyboard@kaspersky.com [2013-11-11] FF HKLM-x32\...\Firefox\Extensions: [content_blocker@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\content_blocker@kaspersky.com FF Extension: 惡意網站攔截器 - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\content_blocker@kaspersky.com [2013-11-11] FF HKLM-x32\...\Firefox\Extensions: [anti_banner@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\anti_banner@kaspersky.com FF Extension: Chặn quảng cáo - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\anti_banner@kaspersky.com [2013-11-11] FF HKLM-x32\...\Firefox\Extensions: [online_banking@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\online_banking@kaspersky.com FF Extension: Safe Money - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\online_banking@kaspersky.com [2013-11-11] ==================== Services (Whitelisted) ================= R2 AVP; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avp.exe [214512 2013-10-17] (Kaspersky Lab ZAO) R2 MBAMScheduler; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe [1809720 2014-04-03] (Malwarebytes Corporation) R2 MBAMService; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [857912 2014-04-03] (Malwarebytes Corporation) ==================== Drivers (Whitelisted) ==================== R0 kl1; C:\Windows\System32\DRIVERS\kl1.sys [458336 2013-11-11] (Kaspersky Lab ZAO) S4 klflt; C:\Windows\System32\DRIVERS\klflt.sys [115296 2014-03-25] (Kaspersky Lab ZAO) R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [625248 2014-03-25] (Kaspersky Lab ZAO) R1 KLIM6; C:\Windows\System32\DRIVERS\klim6.sys [29792 2013-10-17] (Kaspersky Lab ZAO) R3 klkbdflt; C:\Windows\System32\DRIVERS\klkbdflt.sys [29280 2014-02-18] (Kaspersky Lab ZAO) R3 klmouflt; C:\Windows\System32\DRIVERS\klmouflt.sys [29280 2013-10-17] (Kaspersky Lab ZAO) R1 klpd; C:\Windows\System32\DRIVERS\klpd.sys [15456 2013-04-12] (Kaspersky Lab ZAO) R1 kltdi; C:\Windows\System32\DRIVERS\kltdi.sys [55904 2013-05-14] (Kaspersky Lab ZAO) R1 kneps; C:\Windows\System32\DRIVERS\kneps.sys [178272 2013-12-19] (Kaspersky Lab ZAO) R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-04-03] (Malwarebytes Corporation) R3 MBAMSwissArmy; C:\Windows\system32\drivers\70090103.sys [119512 2014-05-16] (Malwarebytes Corporation) R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63192 2014-04-03] (Malwarebytes Corporation) U5 VWiFiFlt; C:\Windows\System32\Drivers\VWiFiFlt.sys [59904 2009-07-14] (Microsoft Corporation) ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2014-05-16 12:43 - 2014-05-16 12:43 - 00010873 _____ () C:\Users\Heuser\Desktop\FRST.txt 2014-05-16 12:43 - 2014-05-16 12:43 - 00000000 ____D () C:\Users\Heuser\Desktop\FRST-OlderVersion 2014-05-16 11:39 - 2014-05-16 11:33 - 00855379 _____ () C:\Users\Heuser\Desktop\2SecurityCheck.exe 2014-05-16 11:39 - 2014-05-16 11:32 - 02347384 _____ (ESET) C:\Users\Heuser\Desktop\1esetsmartinstaller_deu.exe 2014-05-16 11:24 - 2014-05-16 11:24 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\70090103.sys 2014-05-15 17:27 - 2014-05-15 17:27 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\518F4568.sys 2014-05-15 08:30 - 2014-05-06 06:40 - 23544320 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2014-05-15 08:30 - 2014-05-06 06:17 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2014-05-15 08:30 - 2014-05-06 05:25 - 17382912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2014-05-15 08:30 - 2014-05-06 05:07 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb 2014-05-15 08:30 - 2014-05-06 05:00 - 00084992 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll 2014-05-15 08:30 - 2014-05-06 04:10 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll 2014-05-15 08:24 - 2014-05-09 08:14 - 00477184 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll 2014-05-15 08:24 - 2014-05-09 08:11 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll 2014-05-15 08:24 - 2014-04-12 04:22 - 00155072 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys 2014-05-15 08:24 - 2014-04-12 04:22 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys 2014-05-15 08:24 - 2014-04-12 04:19 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll 2014-05-15 08:24 - 2014-04-12 04:19 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll 2014-05-15 08:24 - 2014-04-12 04:19 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe 2014-05-15 08:24 - 2014-04-12 04:19 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll 2014-05-15 08:24 - 2014-04-12 04:19 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll 2014-05-15 08:24 - 2014-04-12 04:12 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll 2014-05-15 08:24 - 2014-04-12 04:10 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll 2014-05-15 08:24 - 2014-03-25 04:43 - 14175744 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll 2014-05-15 08:24 - 2014-03-25 04:09 - 12874240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll 2014-05-15 08:24 - 2014-03-04 11:47 - 05550016 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe 2014-05-15 08:24 - 2014-03-04 11:44 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll 2014-05-15 08:24 - 2014-03-04 11:44 - 00722944 _____ (Microsoft Corporation) C:\Windows\system32\objsel.dll 2014-05-15 08:24 - 2014-03-04 11:44 - 00424960 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll 2014-05-15 08:24 - 2014-03-04 11:44 - 00340992 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll 2014-05-15 08:24 - 2014-03-04 11:44 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll 2014-05-15 08:24 - 2014-03-04 11:44 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll 2014-05-15 08:24 - 2014-03-04 11:44 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll 2014-05-15 08:24 - 2014-03-04 11:44 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\wincredprovider.dll 2014-05-15 08:24 - 2014-03-04 11:43 - 00455168 _____ (Microsoft Corporation) C:\Windows\system32\winlogon.exe 2014-05-15 08:24 - 2014-03-04 11:43 - 00057344 _____ (Microsoft Corporation) C:\Windows\system32\cngprovider.dll 2014-05-15 08:24 - 2014-03-04 11:43 - 00056832 _____ (Microsoft Corporation) C:\Windows\system32\adprovider.dll 2014-05-15 08:24 - 2014-03-04 11:43 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\capiprovider.dll 2014-05-15 08:24 - 2014-03-04 11:43 - 00052736 _____ (Microsoft Corporation) C:\Windows\system32\dpapiprovider.dll 2014-05-15 08:24 - 2014-03-04 11:43 - 00044544 _____ (Microsoft Corporation) C:\Windows\system32\dimsroam.dll 2014-05-15 08:24 - 2014-03-04 11:43 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll 2014-05-15 08:24 - 2014-03-04 11:20 - 03969984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe 2014-05-15 08:24 - 2014-03-04 11:20 - 03914176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe 2014-05-15 08:24 - 2014-03-04 11:17 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll 2014-05-15 08:24 - 2014-03-04 11:17 - 00538112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\objsel.dll 2014-05-15 08:24 - 2014-03-04 11:17 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll 2014-05-15 08:24 - 2014-03-04 11:17 - 00247808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll 2014-05-15 08:24 - 2014-03-04 11:17 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll 2014-05-15 08:24 - 2014-03-04 11:17 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll 2014-05-15 08:24 - 2014-03-04 11:17 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cngprovider.dll 2014-05-15 08:24 - 2014-03-04 11:17 - 00049664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adprovider.dll 2014-05-15 08:24 - 2014-03-04 11:17 - 00048128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\capiprovider.dll 2014-05-15 08:24 - 2014-03-04 11:17 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dpapiprovider.dll 2014-05-15 08:24 - 2014-03-04 11:17 - 00036864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dimsroam.dll 2014-05-15 08:24 - 2014-03-04 11:17 - 00035328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wincredprovider.dll 2014-05-15 08:24 - 2014-03-04 11:17 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll 2014-05-15 08:24 - 2014-03-04 11:16 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll 2014-05-14 16:47 - 2014-05-14 16:47 - 07547454 _____ () C:\Users\Heuser\Downloads\Ineo4020_UG.zip 2014-05-14 12:07 - 2014-05-16 12:43 - 02067456 _____ (Farbar) C:\Users\Heuser\Desktop\FRST64.exe 2014-05-14 11:50 - 2014-05-14 11:50 - 00000000 ____D () C:\Windows\ERUNT 2014-05-14 11:49 - 2014-05-14 11:35 - 01016261 _____ (Thisisu) C:\Users\Heuser\Desktop\4JRT.exe 2014-05-14 11:44 - 2014-05-14 11:45 - 00000000 ____D () C:\AdwCleaner 2014-05-14 11:44 - 2014-05-14 11:23 - 01325827 _____ () C:\Users\Heuser\Desktop\3adwcleaner.exe 2014-05-14 11:21 - 2014-05-16 10:30 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2014-05-14 11:21 - 2014-05-14 11:21 - 00001106 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk 2014-05-14 11:21 - 2014-05-14 11:21 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 2014-05-14 11:21 - 2014-05-14 11:21 - 00000000 ____D () C:\ProgramData\Malwarebytes 2014-05-14 11:21 - 2014-05-14 11:21 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 2014-05-14 11:21 - 2014-04-03 09:51 - 00088280 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys 2014-05-14 11:21 - 2014-04-03 09:51 - 00063192 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys 2014-05-14 11:21 - 2014-04-03 09:50 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys 2014-05-14 11:01 - 2014-05-14 11:01 - 00001268 _____ () C:\Users\Heuser\Desktop\Revo Uninstaller.lnk 2014-05-14 11:01 - 2014-05-14 11:01 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group 2014-05-13 10:30 - 2014-05-16 12:43 - 00000000 ____D () C:\FRST 2014-05-12 18:03 - 2014-05-12 18:04 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox 2014-05-06 12:45 - 2014-05-15 16:37 - 00000000 ___SD () C:\Windows\system32\CompatTel 2014-05-06 12:05 - 2014-05-06 12:06 - 33593014 _____ () C:\Users\Heuser\Downloads\Aktion_sweetspot.zip 2014-04-29 08:22 - 2014-03-06 11:31 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll 2014-04-29 08:22 - 2014-03-06 10:59 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll 2014-04-29 08:22 - 2014-03-06 10:57 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll 2014-04-29 08:22 - 2014-03-06 10:57 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll 2014-04-29 08:22 - 2014-03-06 10:53 - 02767360 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2014-04-29 08:22 - 2014-03-06 10:40 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll 2014-04-29 08:22 - 2014-03-06 10:39 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll 2014-04-29 08:22 - 2014-03-06 10:32 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll 2014-04-29 08:22 - 2014-03-06 10:29 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe 2014-04-29 08:22 - 2014-03-06 10:29 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe 2014-04-29 08:22 - 2014-03-06 10:28 - 00752640 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll 2014-04-29 08:22 - 2014-03-06 10:15 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe 2014-04-29 08:22 - 2014-03-06 10:11 - 05784064 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2014-04-29 08:22 - 2014-03-06 10:09 - 00453120 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll 2014-04-29 08:22 - 2014-03-06 10:03 - 00586240 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe 2014-04-29 08:22 - 2014-03-06 10:02 - 00455168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll 2014-04-29 08:22 - 2014-03-06 10:02 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll 2014-04-29 08:22 - 2014-03-06 10:01 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll 2014-04-29 08:22 - 2014-03-06 09:56 - 00038400 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll 2014-04-29 08:22 - 2014-03-06 09:48 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll 2014-04-29 08:22 - 2014-03-06 09:47 - 02178048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2014-04-29 08:22 - 2014-03-06 09:46 - 04254720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll 2014-04-29 08:22 - 2014-03-06 09:46 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll 2014-04-29 08:22 - 2014-03-06 09:45 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll 2014-04-29 08:22 - 2014-03-06 09:42 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll 2014-04-29 08:22 - 2014-03-06 09:40 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll 2014-04-29 08:22 - 2014-03-06 09:38 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe 2014-04-29 08:22 - 2014-03-06 09:36 - 00592896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll 2014-04-29 08:22 - 2014-03-06 09:22 - 00367616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll 2014-04-29 08:22 - 2014-03-06 09:21 - 00628736 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2014-04-29 08:22 - 2014-03-06 09:13 - 00032256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll 2014-04-29 08:22 - 2014-03-06 09:11 - 02043904 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl 2014-04-29 08:22 - 2014-03-06 09:07 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll 2014-04-29 08:22 - 2014-03-06 09:01 - 00244224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll 2014-04-29 08:22 - 2014-03-06 08:53 - 13551104 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2014-04-29 08:22 - 2014-03-06 08:46 - 00524288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll 2014-04-29 08:22 - 2014-03-06 08:40 - 01967104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl 2014-04-29 08:22 - 2014-03-06 08:36 - 11745792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2014-04-29 08:22 - 2014-03-06 08:22 - 02260480 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2014-04-29 08:22 - 2014-03-06 07:58 - 01400832 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2014-04-29 08:22 - 2014-03-06 07:50 - 00846336 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll 2014-04-29 08:22 - 2014-03-06 07:43 - 00704512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll 2014-04-29 08:22 - 2014-03-06 07:41 - 01789440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2014-04-29 08:22 - 2014-03-06 07:36 - 01143808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2014-04-24 12:28 - 2014-04-24 12:28 - 00358403 _____ () C:\Users\Heuser\Downloads\20140415_aeris_Bannerpaket_RitterRost.zip ==================== One Month Modified Files and Folders ======= 2014-05-16 12:43 - 2014-05-16 12:43 - 00010873 _____ () C:\Users\Heuser\Desktop\FRST.txt 2014-05-16 12:43 - 2014-05-16 12:43 - 00000000 ____D () C:\Users\Heuser\Desktop\FRST-OlderVersion 2014-05-16 12:43 - 2014-05-14 12:07 - 02067456 _____ (Farbar) C:\Users\Heuser\Desktop\FRST64.exe 2014-05-16 12:43 - 2014-05-13 10:30 - 00000000 ____D () C:\FRST 2014-05-16 12:01 - 2013-07-03 12:19 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job 2014-05-16 11:45 - 2011-10-25 14:49 - 02055561 _____ () C:\Windows\WindowsUpdate.log 2014-05-16 11:33 - 2014-05-16 11:39 - 00855379 _____ () C:\Users\Heuser\Desktop\2SecurityCheck.exe 2014-05-16 11:32 - 2014-05-16 11:39 - 02347384 _____ (ESET) C:\Users\Heuser\Desktop\1esetsmartinstaller_deu.exe 2014-05-16 11:24 - 2014-05-16 11:24 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\70090103.sys 2014-05-16 10:43 - 2011-10-25 15:14 - 00000000 ____D () C:\ProgramData\Kaspersky Lab 2014-05-16 10:32 - 2009-07-14 06:45 - 00021696 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2014-05-16 10:32 - 2009-07-14 06:45 - 00021696 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2014-05-16 10:30 - 2014-05-14 11:21 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2014-05-16 10:30 - 2011-10-25 15:51 - 00000000 ___RD () C:\Users\Heuser\Dropbox 2014-05-16 10:30 - 2011-10-25 15:49 - 00000000 ____D () C:\Users\Heuser\AppData\Roaming\Dropbox 2014-05-16 10:25 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2014-05-16 10:25 - 2009-07-14 06:51 - 00124886 _____ () C:\Windows\setupact.log 2014-05-15 17:27 - 2014-05-15 17:27 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\518F4568.sys 2014-05-15 17:04 - 2011-10-25 15:37 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk 2014-05-15 17:01 - 2011-10-25 15:05 - 00000000 ___RD () C:\Users\Heuser\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup 2014-05-15 17:01 - 2011-10-25 15:05 - 00000000 ___RD () C:\Users\Heuser\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools 2014-05-15 16:37 - 2014-05-06 12:45 - 00000000 ___SD () C:\Windows\system32\CompatTel 2014-05-15 16:37 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\PolicyDefinitions 2014-05-15 08:17 - 2011-10-25 15:50 - 00000000 ____D () C:\Users\Heuser\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox 2014-05-15 08:15 - 2011-10-27 08:34 - 00000000 ____D () C:\ProgramData\CSS Group 2014-05-14 17:01 - 2013-07-03 12:19 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater 2014-05-14 17:01 - 2013-03-26 16:20 - 00692400 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2014-05-14 17:01 - 2011-10-26 09:01 - 00070832 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2014-05-14 16:47 - 2014-05-14 16:47 - 07547454 _____ () C:\Users\Heuser\Downloads\Ineo4020_UG.zip 2014-05-14 15:39 - 2011-04-12 09:43 - 00699682 _____ () C:\Windows\system32\perfh007.dat 2014-05-14 15:39 - 2011-04-12 09:43 - 00149790 _____ () C:\Windows\system32\perfc007.dat 2014-05-14 15:39 - 2009-07-14 07:13 - 01620684 _____ () C:\Windows\system32\PerfStringBackup.INI 2014-05-14 12:15 - 2013-10-12 12:40 - 00000000 ____D () C:\Users\Heuser\Desktop\PDF 2014-05-14 12:15 - 2011-10-25 16:26 - 00074220 _____ () C:\fpRedmon.log 2014-05-14 12:15 - 2011-10-25 16:26 - 00000000 ____D () C:\Users\Heuser\AppData\Local\FreePDF_XP 2014-05-14 11:50 - 2014-05-14 11:50 - 00000000 ____D () C:\Windows\ERUNT 2014-05-14 11:46 - 2010-11-21 05:47 - 00116384 _____ () C:\Windows\PFRO.log 2014-05-14 11:45 - 2014-05-14 11:44 - 00000000 ____D () C:\AdwCleaner 2014-05-14 11:35 - 2014-05-14 11:49 - 01016261 _____ (Thisisu) C:\Users\Heuser\Desktop\4JRT.exe 2014-05-14 11:23 - 2014-05-14 11:44 - 01325827 _____ () C:\Users\Heuser\Desktop\3adwcleaner.exe 2014-05-14 11:21 - 2014-05-14 11:21 - 00001106 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk 2014-05-14 11:21 - 2014-05-14 11:21 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 2014-05-14 11:21 - 2014-05-14 11:21 - 00000000 ____D () C:\ProgramData\Malwarebytes 2014-05-14 11:21 - 2014-05-14 11:21 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 2014-05-14 11:14 - 2011-10-25 16:19 - 00000000 ____D () C:\FIND_MOZ_EXT 2014-05-14 11:01 - 2014-05-14 11:01 - 00001268 _____ () C:\Users\Heuser\Desktop\Revo Uninstaller.lnk 2014-05-14 11:01 - 2014-05-14 11:01 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group 2014-05-14 10:04 - 2009-07-14 07:32 - 00000000 ____D () C:\Windows\system32\FxsTmp 2014-05-13 07:54 - 2012-09-28 08:36 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service 2014-05-12 18:04 - 2014-05-12 18:03 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox 2014-05-09 08:14 - 2014-05-15 08:24 - 00477184 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll 2014-05-09 08:11 - 2014-05-15 08:24 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll 2014-05-06 12:06 - 2014-05-06 12:05 - 33593014 _____ () C:\Users\Heuser\Downloads\Aktion_sweetspot.zip 2014-05-06 06:40 - 2014-05-15 08:30 - 23544320 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2014-05-06 06:17 - 2014-05-15 08:30 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2014-05-06 05:25 - 2014-05-15 08:30 - 17382912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2014-05-06 05:07 - 2014-05-15 08:30 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb 2014-05-06 05:00 - 2014-05-15 08:30 - 00084992 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll 2014-05-06 04:10 - 2014-05-15 08:30 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll 2014-04-29 12:24 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\rescache 2014-04-24 12:28 - 2014-04-24 12:28 - 00358403 _____ () C:\Users\Heuser\Downloads\20140415_aeris_Bannerpaket_RitterRost.zip Some content of TEMP: ==================== C:\Users\Heuser\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpo0xjrd.dll C:\Users\Heuser\AppData\Local\Temp\firefoxjre_exe.exe C:\Users\Heuser\AppData\Local\Temp\jinstaller142_19.exe C:\Users\Heuser\AppData\Local\Temp\jre-6u39-windows-i586-iftw.exe C:\Users\Heuser\AppData\Local\Temp\jre-7u55-windows-i586-iftw.exe C:\Users\Heuser\AppData\Local\Temp\ose00000.exe C:\Users\Heuser\AppData\Local\Temp\Quarantine.exe C:\Users\Heuser\AppData\Local\Temp\setup.exe C:\Users\Heuser\AppData\Local\Temp\_is1E78.exe ==================== Bamital & volsnap Check ================= C:\Windows\System32\winlogon.exe [2014-05-15 08:24] - [2014-03-04 11:43] - 0455168 ____A (Microsoft Corporation) 88AB9B72B4BF3963A0DE0820B4B0B06C C:\Windows\System32\wininit.exe => MD5 is legit C:\Windows\SysWOW64\wininit.exe => MD5 is legit C:\Windows\explorer.exe => MD5 is legit C:\Windows\SysWOW64\explorer.exe => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\SysWOW64\svchost.exe => MD5 is legit C:\Windows\System32\services.exe => MD5 is legit C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\SysWOW64\User32.dll => MD5 is legit C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\SysWOW64\userinit.exe => MD5 is legit C:\Windows\System32\rpcss.dll => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit LastRegBack: 2014-05-09 12:13 ==================== End Of Log ============================ --- --- --- Code:
ATTFilter ESETSmartInstaller@High as downloader log: all ok # version=8 # OnlineScannerApp.exe=1.0.0.1 # OnlineScanner.ocx=1.0.0.6920 # api_version=3.0.2 # EOSSerial=8c4ffc2fe1f37747b177f7df164aadc0 # engine=18285 # end=stopped # remove_checked=false # archives_checked=true # unwanted_checked=true # unsafe_checked=false # antistealth_checked=true # utc_time=2014-05-16 10:38:21 # local_time=2014-05-16 12:38:21 (+0100, Mitteleuropäische Sommerzeit) # country="Germany" # lang=1031 # osver=6.1.7601 NT Service Pack 1 # compatibility_mode=5893 16776573 100 94 7660 151866551 0 0 # scanned=102654 # found=22 # cleaned=0 # scan_time=3395 sh=97BCCD25561F44E9B13F05F6EEF083C9CE9BA529 ft=1 fh=641f1fb3d2e699c4 vn="Win32/Toolbar.Conduit.Y evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Conduit\Community Alerts\Alert.dll.vir" sh=0460B794834ED78BE69BA5EB9C0E6211EBEAD9B6 ft=1 fh=0f8145e534b0e78b vn="Variante von Win32/Toolbar.Conduit.P evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\WiseConvert\ldrtbWise.dll.vir" sh=8CA209A796CAB152BC9907BCEF283C221AC5F058 ft=1 fh=16efebacbcd5a9c9 vn="Variante von Win32/Toolbar.Conduit.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\WiseConvert\tbWise.dll.vir" sh=E5AD99CE7C7362CA566156033ECB0F04F9437CA7 ft=1 fh=f45d83e01e1c8734 vn="Win32/Toolbar.Conduit.Q evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\WiseConvert\WiseConvertToolbarHelper.exe.vir" sh=D86451022DDD8348105C1D52FBFD2ADB1E2DCC30 ft=1 fh=d3e706a6307522ba vn="Win32/Toolbar.Conduit.Y evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Heuser\AppData\Local\Conduit\BackgroundContainer\BackgroundContainer.dll.vir" sh=314F703F0F190BF70F0386509C10998D4E2BD10B ft=1 fh=2f9f46df1834d950 vn="Win32/Toolbar.Conduit.Y evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Heuser\AppData\Local\Conduit\BackgroundContainer\TBUpdaterLogic_1.0.0.1.dll.vir" sh=D3CBDD7C6ED2C9D81DA4FCF9AF57CDD5D3711ED3 ft=1 fh=86dbe26399c3d0fa vn="Win32/Toolbar.Conduit.Y evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Heuser\AppData\Local\Conduit\BackgroundContainer\TBUpdaterLogic_1.0.0.2.dll.vir" sh=ECAAC2B22C5DF388FA3847749C931AEF458384B8 ft=1 fh=2876dfec7d92aded vn="Variante von Win64/Toolbar.Conduit.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Heuser\AppData\LocalLow\WiseConvert\hk64tbWis0.dll.vir" sh=068A54F966DB6AC14BCA0E39E2A99E3F0027304D ft=1 fh=39f7a16b0423d981 vn="Win64/Toolbar.Conduit.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Heuser\AppData\LocalLow\WiseConvert\hk64tbWis2.dll.vir" sh=C325F9A28C049D03E23060686A70B398531CDB05 ft=1 fh=742ed93f69aeb6e1 vn="Variante von Win32/Toolbar.Conduit.X evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Heuser\AppData\LocalLow\WiseConvert\hktbWis0.dll.vir" sh=CC6AF3A384A61C1C621BA5AB43583E82FF281530 ft=1 fh=bbbd034bf7d0bf76 vn="Win32/Toolbar.Conduit.X evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Heuser\AppData\LocalLow\WiseConvert\hktbWis2.dll.vir" sh=EFB534D515903744B9755391A417051902C16DE2 ft=1 fh=e331f9a91891a78b vn="Variante von Win32/Toolbar.Conduit.P evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Heuser\AppData\LocalLow\WiseConvert\ldrtbWis0.dll.vir" sh=9B3B44428CC80CC43F085AE514E7E16F7963EACC ft=1 fh=4c03fc1250fa29f9 vn="Variante von Win32/Toolbar.Conduit.P evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Heuser\AppData\LocalLow\WiseConvert\ldrtbWis2.dll.vir" sh=0460B794834ED78BE69BA5EB9C0E6211EBEAD9B6 ft=1 fh=0f8145e534b0e78b vn="Variante von Win32/Toolbar.Conduit.P evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Heuser\AppData\LocalLow\WiseConvert\ldrtbWise.dll.vir" sh=19C0679FA65F480C9A0BC5C43396D2ADEC8BCAF9 ft=1 fh=bca908a16a338e6a vn="Variante von Win32/Toolbar.Conduit.X evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Heuser\AppData\LocalLow\WiseConvert\tbWis0.dll.vir" sh=81AF7CFB10091601ED1B82B92BDA2A254AA2B82F ft=1 fh=b76578e523b80dbc vn="Win32/Toolbar.Conduit.Y evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Heuser\AppData\LocalLow\WiseConvert\tbWis1.dll.vir" sh=33457E2F2405727124C107D6DEAF24C94E992463 ft=1 fh=e719e166edfd7994 vn="Variante von Win32/Toolbar.Conduit.X evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Heuser\AppData\LocalLow\WiseConvert\tbWis2.dll.vir" sh=8CA209A796CAB152BC9907BCEF283C221AC5F058 ft=1 fh=16efebacbcd5a9c9 vn="Variante von Win32/Toolbar.Conduit.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Heuser\AppData\LocalLow\WiseConvert\tbWise.dll.vir" sh=B5C93DA0C608B26C9487ABC49CCB643C9A15ED33 ft=1 fh=75f1c65aa8a331ed vn="Variante von Win32/PriceGong.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Heuser\AppData\LocalLow\WiseConvert\plugins\{5E1360DC-8FA8-40df-A8CD-FC3831B3634B}\3.6.12\bin\PriceGongIE.dll.vir" sh=CCAAB1BBEDE73F8187653E6DB58E39280C519984 ft=1 fh=a88cb9783b3399c4 vn="Variante von Win32/Toolbar.Conduit.Y evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Heuser\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\HXIB4DVR\tbedrs[1].dll" sh=314F703F0F190BF70F0386509C10998D4E2BD10B ft=1 fh=2f9f46df1834d950 vn="Win32/Toolbar.Conduit.Y evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Heuser\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\HXIB4DVR\TBUpdaterLogic[1].dll" sh=D3CBDD7C6ED2C9D81DA4FCF9AF57CDD5D3711ED3 ft=1 fh=86dbe26399c3d0fa vn="Win32/Toolbar.Conduit.Y evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Heuser\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\HZX01ZNR\TBUpdaterLogic[1].dll" |
16.05.2014, 11:50 | #10 |
| Email Account gehackt? Mail Delivery Und zum Schluß noch PC 3 Code:
ATTFilter Results of screen317's Security Check version 0.99.82 Windows 7 Service Pack 1 x64 (UAC is enabled) Internet Explorer 11 ``````````````Antivirus/Firewall Check:`````````````` Kaspersky Internet Security Antivirus up to date! (On Access scanning disabled!) `````````Anti-malware/Other Utilities Check:````````` Java(TM) 6 Update 13 Java 7 Update 25 Java version out of Date! Adobe Flash Player 13.0.0.214 Adobe Reader XI Mozilla Firefox (29.0.1) ````````Process Check: objlist.exe by Laurent```````` Malwarebytes Anti-Malware mbamservice.exe Malwarebytes Anti-Malware mbam.exe `````````````````System Health check````````````````` Total Fragmentation on Drive C: ````````````````````End of Log`````````````````````` FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 15-05-2014 Ran by Stefan (administrator) on STEFANHEUSER on 16-05-2014 12:38:12 Running from C:\Users\Stefan\Desktop Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: German Standard Internet Explorer Version 11 Boot Mode: Normal ==================== Processes (Whitelisted) ================= (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (Microsoft Corporation) C:\Windows\System32\wlanext.exe (ABBYY) C:\Program Files (x86)\convert+share\ABBYY\LicensingService.exe (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe (Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe (Scanshare B.V.) C:\Program Files (x86)\convert+share\NetworkService.exe (Scanshare B.V.) C:\Program Files (x86)\convert+share\OAService.exe (Scanshare B.V.) C:\Program Files (x86)\convert+share\ProcessService.exe () C:\Program Files\MFP-Printer Utility\Enterprise Suite\bin\Release\PSESCoreScheduler.exe (Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe (InterVideo) C:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe (Apache Software Foundation) C:\MagicInfo Lite\tomcat\bin\tomcat6.exe () C:\MagicInfo Lite\bin\srvany.exe () C:\MagicInfo Lite\bin\MagicInfoStreamDaemon.exe (Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe (Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe (Microsoft Corporation) C:\Program Files (x86)\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe (PostgreSQL Global Development Group) C:\Program Files (x86)\PostgreSQL\8.3\bin\pg_ctl.exe (PostgreSQL Global Development Group) C:\Program Files (x86)\PostgreSQL\9.2\bin\pg_ctl.exe (Protexis Inc.) C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe (PostgreSQL Global Development Group) C:\Program Files (x86)\PostgreSQL\8.3\bin\postgres.exe (Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe (PostgreSQL Global Development Group) C:\Program Files (x86)\PostgreSQL\9.2\bin\postgres.exe (Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe (TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe (PostgreSQL Global Development Group) C:\Program Files (x86)\PostgreSQL\8.3\bin\postgres.exe (TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe (PostgreSQL Global Development Group) C:\Program Files (x86)\PostgreSQL\9.2\bin\postgres.exe (PostgreSQL Global Development Group) C:\Program Files (x86)\PostgreSQL\8.3\bin\postgres.exe (PostgreSQL Global Development Group) C:\Program Files (x86)\PostgreSQL\8.3\bin\postgres.exe (PostgreSQL Global Development Group) C:\Program Files (x86)\PostgreSQL\8.3\bin\postgres.exe (PostgreSQL Global Development Group) C:\Program Files (x86)\PostgreSQL\8.3\bin\postgres.exe (PostgreSQL Global Development Group) C:\Program Files (x86)\PostgreSQL\9.2\bin\postgres.exe () C:\MagicInfo Lite\bin\srvany.exe (PostgreSQL Global Development Group) C:\Program Files (x86)\PostgreSQL\9.2\bin\postgres.exe (PostgreSQL Global Development Group) C:\Program Files (x86)\PostgreSQL\9.2\bin\postgres.exe (PostgreSQL Global Development Group) C:\Program Files (x86)\PostgreSQL\9.2\bin\postgres.exe (PostgreSQL Global Development Group) C:\Program Files (x86)\PostgreSQL\9.2\bin\postgres.exe ( ) C:\MagicInfo Lite\bin\distributer.exe (Sony Corporation) C:\Program Files (x86)\SONY\VAIO Event Service\VESMgr.exe (Sony Corporation) C:\Program Files\Sony\VAIO Smart Network\VSNService.exe (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE (PostgreSQL Global Development Group) C:\Program Files (x86)\PostgreSQL\8.3\bin\postgres.exe (PostgreSQL Global Development Group) C:\Program Files (x86)\PostgreSQL\8.3\bin\postgres.exe (PostgreSQL Global Development Group) C:\Program Files (x86)\PostgreSQL\8.3\bin\postgres.exe (PostgreSQL Global Development Group) C:\Program Files (x86)\PostgreSQL\8.3\bin\postgres.exe (PostgreSQL Global Development Group) C:\Program Files (x86)\PostgreSQL\8.3\bin\postgres.exe (PostgreSQL Global Development Group) C:\Program Files (x86)\PostgreSQL\8.3\bin\postgres.exe (PostgreSQL Global Development Group) C:\Program Files (x86)\PostgreSQL\8.3\bin\postgres.exe (PostgreSQL Global Development Group) C:\Program Files (x86)\PostgreSQL\8.3\bin\postgres.exe (PostgreSQL Global Development Group) C:\Program Files (x86)\PostgreSQL\8.3\bin\postgres.exe (PostgreSQL Global Development Group) C:\Program Files (x86)\PostgreSQL\8.3\bin\postgres.exe () C:\Program Files\MFP-Printer Utility\Enterprise Suite\Plugin\Prof\KmProfService.exe (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (Sony Corporation) C:\Program Files (x86)\SONY\VAIO Event Service\VESMgrSub.exe (Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Sony Corporation) C:\Program Files\Sony\VAIO Smart Network\VSNClient.exe (Alps Electric Co., Ltd.) C:\Program Files\Apoint\Apoint.exe (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe (Spotify Ltd) C:\Users\Stefan\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe (Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Sony Corporation) C:\Program Files\Sony\VAIO Care\VAIOCareService.exe (Sony Corporation) C:\Program Files\Sony\VAIO Power Management\SPMgr.exe (Sony Corporation) C:\Program Files (x86)\SONY\ISB Utility\ISBMgr.exe (shbox.de) C:\Program Files (x86)\FreePDF_XP\fpassist.exe (Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTStackServer.exe (Sony Corporation) C:\Program Files\Sony\VAIO Power Management\SPMService.exe (Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe (Alps Electric Co., Ltd.) C:\Program Files\Apoint\ApMsgFwd.exe (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\APSDaemon.exe (ALPS) C:\Program Files\Apoint\Apvfb.exe (Alps Electric Co., Ltd.) C:\Program Files\Apoint\ApntEx.exe (Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe (Samsung Electronics.) C:\Program Files (x86)\Samsung Magician\Samsung Magician.exe (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreamsDownloader.exe (Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe (Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe (Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe (Sony Corporation) C:\Program Files\Sony\VAIO Care\VCsystray.exe (Sony Corporation) C:\Program Files\Sony\VAIO Update\VAIOUpdt.exe (Sony Corporation) C:\Program Files\Sony\VAIO Update\VUAgent.exe (CSS Group®) C:\Program Files (x86)\CSS Group Systems Corp\CSS Group Kassensystem Einzelhandel 2008\CSSKS50.exe (Microsoft Corporation) C:\Windows\splwow64.exe (PostgreSQL Global Development Group) C:\Program Files (x86)\PostgreSQL\8.3\bin\postgres.exe ==================== Registry (Whitelisted) ================== HKLM\...\Run: [IAAnotif] => C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe [186904 2009-10-13] (Intel Corporation) HKLM\...\Run: [NvCplDaemon] => C:\Windows\system32\NvCpl.dll [16395880 2009-11-02] (NVIDIA Corporation) HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [9636896 2009-12-07] (Realtek Semiconductor) HKLM\...\Run: [Apoint] => C:\Program Files\Apoint\Apoint.exe [208384 2009-11-04] (Alps Electric Co., Ltd.) HKLM-x32\...\Run: [ISBMgr.exe] => C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe [320880 2009-08-26] (Sony Corporation) HKLM-x32\...\Run: [SunJavaUpdateSched] => "C:\Program Files (x86)\Java\jre7\bin\jusched.exe" HKLM-x32\...\Run: [FreePDF Assistant] => C:\Program Files (x86)\FreePDF_XP\fpassist.exe [385024 2009-09-05] (shbox.de) HKLM-x32\...\Run: [GrooveMonitor] => C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation) HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated) HKLM-x32\...\Run: [BrStsWnd] => C:\Program Files (x86)\Brownie\BrstsW64.exe [3697776 2012-06-21] (brother) HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-02-21] (Apple Inc.) Winlogon\Notify\VESWinlogon-x32: VESWinlogon.dll [X] HKU\.DEFAULT\...\RunOnce: [SPReview] - C:\Windows\System32\SPReview\SPReview.exe [301568 2013-06-20] (Microsoft Corporation) HKU\S-1-5-21-778539726-1508035087-141682171-1000\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [59720 2013-11-20] (Apple Inc.) HKU\S-1-5-21-778539726-1508035087-141682171-1000\...\Run: [ApplePhotoStreams] => C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [59720 2013-11-20] (Apple Inc.) HKU\S-1-5-21-778539726-1508035087-141682171-1000\...\Run: [Spotify Web Helper] => C:\Users\Stefan\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1171000 2014-05-08] (Spotify Ltd) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk ShortcutTarget: Bluetooth.lnk -> C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.) Startup: C:\Users\Stefan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Samsung Magician.lnk ShortcutTarget: Samsung Magician.lnk -> C:\Program Files (x86)\Samsung Magician\Samsung Magician.exe (Samsung Electronics.) GroupPolicy: Group Policy on Chrome detected <======= ATTENTION ==================== Internet (Whitelisted) ==================== HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=SVEC&bmod=EU01 SearchScopes: HKCU - {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = SearchScopes: HKCU - {7CA2114F-56B7-4321-8B1F-37F9B785C178} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7SVEC SearchScopes: HKCU - {8BB7C53E-D0BE-4BC4-9826-9D9CE55D5839} URL = hxxp://rover.ebay.com/rover/1/707-37276-16609-0/4?satitle={searchTerms} SearchScopes: HKCU - {D6DDDB5E-7FC1-4783-8529-166343F002F4} URL = hxxp://de.shopping.com/?linkin_id=8056363 BHO: Content Blocker Plugin - {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\x64\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO) BHO: Virtual Keyboard Plugin - {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO) BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) BHO: Safe Money Plugin - {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\x64\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO) BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.) BHO: URL Advisor Plugin - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\x64\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO) BHO-x32: Content Blocker Plugin - {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO) BHO-x32: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation) BHO-x32: Virtual Keyboard Plugin - {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO) BHO-x32: Microsoft-Konto-Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) BHO-x32: Safe Money Plugin - {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO) BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) BHO-x32: URL Advisor Plugin - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO) Tcpip\Parameters: [DhcpNameServer] 192.168.178.1 FireFox: ======== FF ProfilePath: C:\Users\Stefan\AppData\Roaming\Mozilla\Firefox\Profiles\k67ysfvy.default FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_13_0_0_214.dll () FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_214.dll () FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () FF Plugin-x32: @java.com/DTPlugin,version=10.25.2 - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=10.25.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin-x32: @microsoft.com/OfficeLive,version=1.5 - C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.) FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3508.0205 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml FF HKLM-x32\...\Firefox\Extensions: - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\url_advisor@kaspersky.com FF Extension: 卡巴斯基網址顧問 - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\url_advisor@kaspersky.com [2014-05-09] FF HKLM-x32\...\Firefox\Extensions: [virtual_keyboard@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\virtual_keyboard@kaspersky.com FF Extension: 虛擬鍵盤 - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\virtual_keyboard@kaspersky.com [2014-05-09] FF HKLM-x32\...\Firefox\Extensions: [content_blocker@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\content_blocker@kaspersky.com FF Extension: 惡意網站攔截器 - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\content_blocker@kaspersky.com [2014-05-09] FF HKLM-x32\...\Firefox\Extensions: [anti_banner@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\anti_banner@kaspersky.com FF Extension: Chặn quảng cáo - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\anti_banner@kaspersky.com [2014-05-09] FF HKLM-x32\...\Firefox\Extensions: [online_banking@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\online_banking@kaspersky.com FF Extension: Safe Money - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\online_banking@kaspersky.com [2014-05-09] ==================== Services (Whitelisted) ================= R2 ABBYY.Licensing.FineReaderEngine.Windows.10.0; C:\Program Files (x86)\convert+share\ABBYY\LicensingService.exe [1170896 2014-02-05] (ABBYY) S3 ACDaemon; C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [109056 2009-02-06] (ArcSoft Inc.) S2 avp; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avp.exe [214512 2013-10-17] (Kaspersky Lab ZAO) R2 DVNetwork; C:\Program Files (x86)\convert+share\NetworkService.exe [19456 2014-02-05] (Scanshare B.V.) R2 DVOAService; C:\Program Files (x86)\convert+share\OAService.exe [18432 2014-02-05] (Scanshare B.V.) R2 DVProcess; C:\Program Files (x86)\convert+share\ProcessService.exe [18944 2014-02-05] (Scanshare B.V.) R2 Enterprise Suite Service; C:\Program Files\MFP-Printer Utility\Enterprise Suite\bin\Release\PSESCoreScheduler.exe [51712 2013-05-24] () S4 Enterprise Suite Terminal Service; C:\Program Files\MFP-Printer Utility\Enterprise Suite\ESC\bin\wrapper.exe [233984 2011-10-07] (Tanuki Software, Ltd.) R2 MagicInfoPremium; C:\MagicInfo Lite\tomcat\\bin\tomcat6.exe [57344 2008-07-22] (Apache Software Foundation) R2 MagicInfoStreamDaemon; C:\MagicInfo Lite\bin\srvany.exe [8464 1998-11-22] () R2 MBAMScheduler; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe [1809720 2014-04-03] (Malwarebytes Corporation) R2 MBAMService; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [857912 2014-04-03] (Malwarebytes Corporation) R2 MSSQL$SQLEXPRESS; c:\Program Files (x86)\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe [43028328 2011-09-22] (Microsoft Corporation) R2 My Panel Manager Service; C:\Program Files\MFP-Printer Utility\Enterprise Suite\Plugin\Prof\KmProfService.exe [8704 2013-02-12] () R2 pgsql-8.3; C:\Program Files (x86)\PostgreSQL\8.3\bin\pg_ctl.exe [65536 2010-10-04] (PostgreSQL Global Development Group) S3 Primary Server Monitor; C:\Program Files\MFP-Printer Utility\Enterprise Suite\bin\Release\PSESPrimaryServerMonitor.exe [30720 2013-05-24] () S3 Roxio UPnP Renderer 10; C:\Program Files (x86)\Roxio\Digital Home 10\RoxioUPnPRenderer10.exe [313840 2009-08-31] (Sonic Solutions) S2 Roxio Upnp Server 10; C:\Program Files (x86)\Roxio\Digital Home 10\RoxioUpnpService10.exe [362992 2009-08-31] (Sonic Solutions) S3 rpcapd; C:\Program Files (x86)\WinPcap\rpcapd.exe [117264 2010-06-25] (CACE Technologies, Inc.) S3 SampleCollector; C:\Program Files\Sony\VAIO Care\collsvc.exe [167424 2009-09-16] (Intel Corporation) S4 SQLAgent$SQLEXPRESS; c:\Program Files (x86)\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [370024 2011-09-22] (Microsoft Corporation) R2 UltraVNCRepeater; C:\MagicInfo Lite\bin\srvany.exe [8464 1998-11-22] () R3 VUAgent; C:\Program Files\Sony\VAIO Update\VUAgent.exe [1369136 2013-09-25] (Sony Corporation) R2 W3SVC; C:\Windows\system32\inetsrv\iisw3adm.dll [453120 2010-11-20] (Microsoft Corporation) S3 WMSVC; C:\Windows\system32\inetsrv\wmsvc.exe [10752 2009-07-14] (Microsoft Corporation) R2 postgresql-9.2; C:/Program Files (x86)/PostgreSQL/9.2/bin/pg_ctl.exe runservice -N "postgresql-9.2" -D "C:/Program Files (x86)/PostgreSQL/9.2/data" -w [X] ==================== Drivers (Whitelisted) ==================== R0 kl1; C:\Windows\System32\DRIVERS\kl1.sys [458336 2014-05-09] (Kaspersky Lab ZAO) S4 klflt; C:\Windows\System32\DRIVERS\klflt.sys [115296 2014-05-09] (Kaspersky Lab ZAO) R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [625248 2014-05-09] (Kaspersky Lab ZAO) R1 KLIM6; C:\Windows\System32\DRIVERS\klim6.sys [29792 2013-10-17] (Kaspersky Lab ZAO) R3 klkbdflt; C:\Windows\System32\DRIVERS\klkbdflt.sys [29280 2014-05-09] (Kaspersky Lab ZAO) R3 klmouflt; C:\Windows\System32\DRIVERS\klmouflt.sys [29280 2013-10-17] (Kaspersky Lab ZAO) R1 klpd; C:\Windows\System32\DRIVERS\klpd.sys [15456 2013-04-12] (Kaspersky Lab ZAO) R1 kltdi; C:\Windows\System32\DRIVERS\kltdi.sys [55904 2013-05-14] (Kaspersky Lab ZAO) R1 kneps; C:\Windows\System32\DRIVERS\kneps.sys [178272 2014-05-09] (Kaspersky Lab ZAO) R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-04-03] (Malwarebytes Corporation) R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [119512 2014-05-16] (Malwarebytes Corporation) R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63192 2014-04-03] (Malwarebytes Corporation) R2 NPF; C:\Windows\System32\drivers\npf.sys [35344 2010-06-25] (CACE Technologies, Inc.) R2 regi; C:\Windows\SysWOW64\drivers\regi.sys [11032 2007-04-17] (InterVideo) S3 Serial; C:\Windows\system32\drivers\serial.sys [94208 2009-07-14] (Brother Industries Ltd.) ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2014-05-16 12:38 - 2014-05-16 12:38 - 00022091 _____ () C:\Users\Stefan\Desktop\FRST.txt 2014-05-16 12:38 - 2014-05-16 12:38 - 00000000 ____D () C:\Users\Stefan\Desktop\FRST-OlderVersion 2014-05-16 11:33 - 2014-05-16 11:33 - 00855379 _____ () C:\Users\Stefan\Desktop\2SecurityCheck.exe 2014-05-15 18:02 - 2014-05-06 06:40 - 23544320 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2014-05-15 18:02 - 2014-05-06 06:17 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2014-05-15 18:02 - 2014-05-06 05:25 - 17382912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2014-05-15 18:02 - 2014-05-06 05:07 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb 2014-05-15 18:02 - 2014-05-06 05:00 - 00084992 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll 2014-05-15 18:02 - 2014-05-06 04:10 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll 2014-05-15 14:03 - 2014-05-15 14:06 - 239724307 _____ () C:\Users\Stefan\Downloads\bimos_videos.zip 2014-05-15 13:05 - 2014-05-09 08:14 - 00477184 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll 2014-05-15 13:05 - 2014-05-09 08:11 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll 2014-05-15 13:05 - 2014-04-12 04:22 - 00155072 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys 2014-05-15 13:05 - 2014-04-12 04:22 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys 2014-05-15 13:05 - 2014-04-12 04:19 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll 2014-05-15 13:05 - 2014-04-12 04:19 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll 2014-05-15 13:05 - 2014-04-12 04:19 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe 2014-05-15 13:05 - 2014-04-12 04:19 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll 2014-05-15 13:05 - 2014-04-12 04:19 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll 2014-05-15 13:05 - 2014-04-12 04:12 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll 2014-05-15 13:05 - 2014-04-12 04:10 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll 2014-05-15 13:05 - 2014-03-25 04:43 - 14175744 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll 2014-05-15 13:05 - 2014-03-25 04:09 - 12874240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll 2014-05-15 13:05 - 2014-03-04 11:47 - 05550016 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe 2014-05-15 13:05 - 2014-03-04 11:44 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll 2014-05-15 13:05 - 2014-03-04 11:44 - 00722944 _____ (Microsoft Corporation) C:\Windows\system32\objsel.dll 2014-05-15 13:05 - 2014-03-04 11:44 - 00424960 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll 2014-05-15 13:05 - 2014-03-04 11:44 - 00340992 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll 2014-05-15 13:05 - 2014-03-04 11:44 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll 2014-05-15 13:05 - 2014-03-04 11:44 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll 2014-05-15 13:05 - 2014-03-04 11:44 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll 2014-05-15 13:05 - 2014-03-04 11:44 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\wincredprovider.dll 2014-05-15 13:05 - 2014-03-04 11:43 - 00455168 _____ (Microsoft Corporation) C:\Windows\system32\winlogon.exe 2014-05-15 13:05 - 2014-03-04 11:43 - 00057344 _____ (Microsoft Corporation) C:\Windows\system32\cngprovider.dll 2014-05-15 13:05 - 2014-03-04 11:43 - 00056832 _____ (Microsoft Corporation) C:\Windows\system32\adprovider.dll 2014-05-15 13:05 - 2014-03-04 11:43 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\capiprovider.dll 2014-05-15 13:05 - 2014-03-04 11:43 - 00052736 _____ (Microsoft Corporation) C:\Windows\system32\dpapiprovider.dll 2014-05-15 13:05 - 2014-03-04 11:43 - 00044544 _____ (Microsoft Corporation) C:\Windows\system32\dimsroam.dll 2014-05-15 13:05 - 2014-03-04 11:43 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll 2014-05-15 13:05 - 2014-03-04 11:20 - 03969984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe 2014-05-15 13:05 - 2014-03-04 11:20 - 03914176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe 2014-05-15 13:05 - 2014-03-04 11:17 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll 2014-05-15 13:05 - 2014-03-04 11:17 - 00538112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\objsel.dll 2014-05-15 13:05 - 2014-03-04 11:17 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll 2014-05-15 13:05 - 2014-03-04 11:17 - 00247808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll 2014-05-15 13:05 - 2014-03-04 11:17 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll 2014-05-15 13:05 - 2014-03-04 11:17 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll 2014-05-15 13:05 - 2014-03-04 11:17 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cngprovider.dll 2014-05-15 13:05 - 2014-03-04 11:17 - 00049664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adprovider.dll 2014-05-15 13:05 - 2014-03-04 11:17 - 00048128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\capiprovider.dll 2014-05-15 13:05 - 2014-03-04 11:17 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dpapiprovider.dll 2014-05-15 13:05 - 2014-03-04 11:17 - 00036864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dimsroam.dll 2014-05-15 13:05 - 2014-03-04 11:17 - 00035328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wincredprovider.dll 2014-05-15 13:05 - 2014-03-04 11:17 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll 2014-05-15 13:05 - 2014-03-04 11:16 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll 2014-05-14 16:34 - 2014-05-14 16:34 - 00411798 _____ () C:\Users\Stefan\Downloads\Brother%20Logo%20Blue.eps 2014-05-14 15:00 - 2014-05-16 11:32 - 00000000 ____D () C:\Users\Stefan\Desktop\Viren_Software 2014-05-14 14:35 - 2014-05-14 15:13 - 00000000 ____D () C:\Users\Stefan\Desktop\Banner 2014-05-14 11:56 - 2014-05-16 12:38 - 02067456 _____ (Farbar) C:\Users\Stefan\Desktop\FRST64.exe 2014-05-14 11:36 - 2014-05-14 11:36 - 00000000 ____D () C:\Windows\ERUNT 2014-05-14 11:28 - 2014-05-14 11:31 - 00000000 ____D () C:\AdwCleaner 2014-05-14 10:59 - 2014-05-16 09:34 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2014-05-14 10:59 - 2014-05-14 10:59 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 2014-05-14 10:59 - 2014-05-14 10:59 - 00000000 ____D () C:\ProgramData\Malwarebytes 2014-05-14 10:59 - 2014-05-14 10:59 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 2014-05-14 10:59 - 2014-04-03 09:51 - 00088280 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys 2014-05-14 10:59 - 2014-04-03 09:51 - 00063192 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys 2014-05-14 10:59 - 2014-04-03 09:50 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys 2014-05-14 10:46 - 2014-05-14 10:46 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group 2014-05-14 10:44 - 2014-05-14 10:44 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\Stefan\Downloads\1revosetup95.exe 2014-05-14 09:05 - 2014-05-14 09:05 - 17938608 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe 2014-05-14 08:08 - 2014-05-14 08:08 - 00000000 ____D () C:\Users\Stefan\AppData\Roaming\Centra 2014-05-13 12:23 - 2014-05-13 12:23 - 00001141 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VAIO Update.lnk 2014-05-13 12:23 - 2014-05-13 12:23 - 00000092 _____ () C:\__Argon__.tmp 2014-05-13 12:23 - 2014-05-13 12:23 - 00000064 _____ () C:\shutdownprocesses.bat 2014-05-13 12:23 - 2014-05-13 12:23 - 00000032 ____N () C:\_IS6BAT_.TMP 2014-05-13 10:29 - 2014-05-16 12:38 - 00000000 ____D () C:\FRST 2014-05-10 12:03 - 2014-05-10 12:03 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox 2014-05-09 09:29 - 2014-05-09 09:29 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kaspersky Internet Security 2014-05-08 10:29 - 2014-05-08 10:29 - 00511642 _____ () C:\Users\Stefan\Downloads\meet_sweetspot_tables_D.zip 2014-05-06 17:28 - 2014-05-16 07:46 - 00000000 ___SD () C:\Windows\system32\CompatTel 2014-04-29 17:31 - 2014-03-06 11:31 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll 2014-04-29 17:31 - 2014-03-06 10:59 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll 2014-04-29 17:31 - 2014-03-06 10:57 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll 2014-04-29 17:31 - 2014-03-06 10:40 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll 2014-04-29 17:31 - 2014-03-06 10:39 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll 2014-04-29 17:31 - 2014-03-06 10:32 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll 2014-04-29 17:31 - 2014-03-06 10:29 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe 2014-04-29 17:31 - 2014-03-06 10:28 - 00752640 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll 2014-04-29 17:31 - 2014-03-06 10:09 - 00453120 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll 2014-04-29 17:31 - 2014-03-06 10:03 - 00586240 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe 2014-04-29 17:31 - 2014-03-06 10:02 - 00455168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll 2014-04-29 17:31 - 2014-03-06 10:02 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll 2014-04-29 17:31 - 2014-03-06 09:56 - 00038400 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll 2014-04-29 17:31 - 2014-03-06 09:48 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll 2014-04-29 17:31 - 2014-03-06 09:46 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll 2014-04-29 17:31 - 2014-03-06 09:45 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll 2014-04-29 17:31 - 2014-03-06 09:42 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll 2014-04-29 17:31 - 2014-03-06 09:40 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll 2014-04-29 17:31 - 2014-03-06 09:38 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe 2014-04-29 17:31 - 2014-03-06 09:22 - 00367616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll 2014-04-29 17:31 - 2014-03-06 09:21 - 00628736 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2014-04-29 17:31 - 2014-03-06 09:13 - 00032256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll 2014-04-29 17:31 - 2014-03-06 09:07 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll 2014-04-29 17:31 - 2014-03-06 09:01 - 00244224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll 2014-04-29 17:31 - 2014-03-06 08:46 - 00524288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll 2014-04-29 17:30 - 2014-03-06 10:57 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll 2014-04-29 17:30 - 2014-03-06 10:53 - 02767360 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2014-04-29 17:30 - 2014-03-06 10:29 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe 2014-04-29 17:30 - 2014-03-06 10:15 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe 2014-04-29 17:30 - 2014-03-06 10:11 - 05784064 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2014-04-29 17:30 - 2014-03-06 10:01 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll 2014-04-29 17:30 - 2014-03-06 09:47 - 02178048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2014-04-29 17:30 - 2014-03-06 09:46 - 04254720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll 2014-04-29 17:30 - 2014-03-06 09:36 - 00592896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll 2014-04-29 17:30 - 2014-03-06 09:11 - 02043904 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl 2014-04-29 17:30 - 2014-03-06 08:53 - 13551104 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2014-04-29 17:30 - 2014-03-06 08:40 - 01967104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl 2014-04-29 17:30 - 2014-03-06 08:36 - 11745792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2014-04-29 17:30 - 2014-03-06 08:22 - 02260480 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2014-04-29 17:30 - 2014-03-06 07:58 - 01400832 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2014-04-29 17:30 - 2014-03-06 07:50 - 00846336 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll 2014-04-29 17:30 - 2014-03-06 07:43 - 00704512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll 2014-04-29 17:30 - 2014-03-06 07:41 - 01789440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2014-04-29 17:30 - 2014-03-06 07:36 - 01143808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2014-04-28 14:39 - 2014-05-15 09:44 - 00000000 ____D () C:\Users\Stefan\Desktop\BTMV 2014-04-27 18:00 - 2014-04-27 18:00 - 00000000 ____D () C:\Users\Stefan\AppData\Local\.elfohilfe 2014-04-27 17:08 - 2014-04-27 17:09 - 00000000 ____D () C:\Users\Stefan\AppData\Roaming\elsterformular 2014-04-27 17:08 - 2014-04-27 17:08 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ElsterFormular 2014-04-27 17:08 - 2014-04-27 17:08 - 00000000 ____D () C:\ProgramData\elsterformular 2014-04-27 17:08 - 2014-04-27 17:08 - 00000000 ____D () C:\Program Files (x86)\ElsterFormular 2014-04-25 16:14 - 2014-04-25 16:14 - 00000000 ___HD () C:\ProgramData\{71298098-1063-493E-A755-4CC7081782D0} 2014-04-25 16:14 - 2014-04-25 16:14 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EasternGraphics 2014-04-25 16:13 - 2014-04-25 16:13 - 00000000 ____D () C:\Users\Stefan\AppData\Local\III 2014-04-22 16:26 - 2014-04-22 16:30 - 00038429 _____ () C:\Users\Stefan\AppData\Roaming\Kommagetrennte Werte (Windows).ADR 2014-04-22 13:14 - 2014-04-22 13:14 - 00000020 ___SH () C:\Users\ASP.NET v4.0 DefaultAppPool\ntuser.ini 2014-04-22 13:14 - 2014-04-22 13:14 - 00000000 _SHDL () C:\Users\ASP.NET v4.0 DefaultAppPool\Vorlagen 2014-04-22 13:14 - 2014-04-22 13:14 - 00000000 _SHDL () C:\Users\ASP.NET v4.0 DefaultAppPool\Startmenü 2014-04-22 13:14 - 2014-04-22 13:14 - 00000000 _SHDL () C:\Users\ASP.NET v4.0 DefaultAppPool\Netzwerkumgebung 2014-04-22 13:14 - 2014-04-22 13:14 - 00000000 _SHDL () C:\Users\ASP.NET v4.0 DefaultAppPool\Lokale Einstellungen 2014-04-22 13:14 - 2014-04-22 13:14 - 00000000 _SHDL () C:\Users\ASP.NET v4.0 DefaultAppPool\Eigene Dateien 2014-04-22 13:14 - 2014-04-22 13:14 - 00000000 _SHDL () C:\Users\ASP.NET v4.0 DefaultAppPool\Druckumgebung 2014-04-22 13:14 - 2014-04-22 13:14 - 00000000 _SHDL () C:\Users\ASP.NET v4.0 DefaultAppPool\Documents\Eigene Musik 2014-04-22 13:14 - 2014-04-22 13:14 - 00000000 _SHDL () C:\Users\ASP.NET v4.0 DefaultAppPool\Documents\Eigene Bilder 2014-04-22 13:14 - 2014-04-22 13:14 - 00000000 _SHDL () C:\Users\ASP.NET v4.0 DefaultAppPool\AppData\Roaming\Microsoft\Windows\Start Menu\Programme 2014-04-22 13:14 - 2014-04-22 13:14 - 00000000 _SHDL () C:\Users\ASP.NET v4.0 DefaultAppPool\AppData\Local\Verlauf 2014-04-22 13:14 - 2014-04-22 13:14 - 00000000 _SHDL () C:\Users\ASP.NET v4.0 DefaultAppPool\AppData\Local\Anwendungsdaten 2014-04-22 13:14 - 2014-04-22 13:14 - 00000000 _SHDL () C:\Users\ASP.NET v4.0 DefaultAppPool\Anwendungsdaten 2014-04-22 13:14 - 2014-04-22 13:14 - 00000000 ____D () C:\Users\ASP.NET v4.0 DefaultAppPool 2014-04-22 13:14 - 2014-04-01 15:18 - 00000000 ____D () C:\Users\ASP.NET v4.0 DefaultAppPool\AppData\Roaming\Macromedia 2014-04-22 13:14 - 2013-10-01 13:23 - 00002120 _____ () C:\Users\ASP.NET v4.0 DefaultAppPool\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft SkyDrive.lnk 2014-04-22 13:14 - 2013-06-18 11:52 - 00000000 ____D () C:\Users\ASP.NET v4.0 DefaultAppPool\AppData\Local\Microsoft Help 2014-04-22 13:14 - 2009-07-14 06:54 - 00000000 ___RD () C:\Users\ASP.NET v4.0 DefaultAppPool\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories 2014-04-22 13:14 - 2009-07-14 06:49 - 00000000 ___RD () C:\Users\ASP.NET v4.0 DefaultAppPool\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance 2014-04-22 12:57 - 2014-04-22 12:57 - 00000167 _____ () C:\Windows\ODBCINST.INI 2014-04-22 12:55 - 2011-09-25 07:51 - 00050200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\perf-SQLAgent$SQLEXPRESS-sqlagtctr10.3.5500.0.dll 2014-04-22 12:55 - 2011-09-22 17:18 - 00073064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\perf-MSSQL$SQLEXPRESS-sqlctr10.3.5500.0.dll 2014-04-22 12:54 - 2014-04-22 12:55 - 00000000 ____D () C:\Program Files\Microsoft SQL Server 2014-04-22 12:54 - 2014-04-22 12:54 - 00000000 ____D () C:\Windows\SysWOW64\1033 2014-04-22 12:54 - 2014-04-22 12:54 - 00000000 ____D () C:\Windows\SysWOW64\1031 2014-04-22 12:54 - 2014-04-22 12:54 - 00000000 ____D () C:\Windows\system32\1033 2014-04-22 12:54 - 2014-04-22 12:54 - 00000000 ____D () C:\Windows\system32\1031 2014-04-22 12:54 - 2014-04-22 12:54 - 00000000 ____D () C:\Program Files (x86)\Microsoft Visual Studio 9.0 2014-04-22 12:53 - 2014-04-22 12:55 - 00000000 ____D () C:\Program Files (x86)\Microsoft SQL Server 2014-04-22 12:53 - 2014-04-22 12:54 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft SQL Server 2008 2014-04-22 12:51 - 2014-04-22 12:51 - 00000000 ____D () C:\ProgramData\MFP Utility 2014-04-22 10:04 - 2014-04-22 10:04 - 00000000 ____D () C:\Users\Stefan\AppData\Local\MFP Utility 2014-04-22 10:04 - 2014-04-22 10:04 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MFP Utility 2014-04-22 10:04 - 2014-04-22 10:04 - 00000000 ____D () C:\Program Files (x86)\Device 2014-04-22 09:36 - 2014-04-22 09:37 - 00000000 ____D () C:\BoxOperator 2014-04-22 09:36 - 2014-04-22 09:36 - 00000000 ____D () C:\ProgramData\MFP-Printer Utility 2014-04-17 13:16 - 2014-04-17 13:16 - 00000000 ____D () C:\Users\Stefan\AppData\Roaming\Zattoo 2014-04-17 13:16 - 2014-04-17 13:16 - 00000000 ____D () C:\Users\Stefan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Zattoo Europa AG 2014-04-17 13:15 - 2014-04-17 13:16 - 00000000 ____D () C:\Users\Stefan\AppData\Local\Deployment 2014-04-17 13:15 - 2014-04-17 13:15 - 00000000 ____D () C:\Users\Stefan\AppData\Local\Apps\2.0 2014-04-17 13:15 - 2014-04-17 13:15 - 00000000 ____D () C:\ProgramData\Package Cache ==================== One Month Modified Files and Folders ======= 2014-05-16 12:38 - 2014-05-16 12:38 - 00022091 _____ () C:\Users\Stefan\Desktop\FRST.txt 2014-05-16 12:38 - 2014-05-16 12:38 - 00000000 ____D () C:\Users\Stefan\Desktop\FRST-OlderVersion 2014-05-16 12:38 - 2014-05-14 11:56 - 02067456 _____ (Farbar) C:\Users\Stefan\Desktop\FRST64.exe 2014-05-16 12:38 - 2014-05-13 10:29 - 00000000 ____D () C:\FRST 2014-05-16 12:05 - 2013-06-14 08:18 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job 2014-05-16 11:50 - 2013-06-13 15:22 - 00000000 ____D () C:\Users\Stefan\AppData\Local\3E865EC9-11FE-4B0A-9567-F702404AE632.aplzod 2014-05-16 11:34 - 2013-06-13 12:41 - 00848130 _____ () C:\Windows\system32\perfh007.dat 2014-05-16 11:34 - 2013-06-13 12:41 - 00203522 _____ () C:\Windows\system32\perfc007.dat 2014-05-16 11:34 - 2009-07-14 07:13 - 02012030 _____ () C:\Windows\system32\PerfStringBackup.INI 2014-05-16 11:33 - 2014-05-16 11:33 - 00855379 _____ () C:\Users\Stefan\Desktop\2SecurityCheck.exe 2014-05-16 11:32 - 2014-05-14 15:00 - 00000000 ____D () C:\Users\Stefan\Desktop\Viren_Software 2014-05-16 11:14 - 2013-06-13 14:57 - 00000000 ____D () C:\ProgramData\Kaspersky Lab 2014-05-16 09:34 - 2014-05-14 10:59 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2014-05-16 09:25 - 2013-06-13 12:11 - 00003950 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{68CB2F9A-9254-4A7B-A264-A9FC71EF232D} 2014-05-16 09:20 - 2013-06-13 11:53 - 01907264 _____ () C:\Windows\WindowsUpdate.log 2014-05-16 09:12 - 2013-06-13 12:49 - 00067740 _____ () C:\fpRedmon.log 2014-05-16 09:12 - 2013-06-13 12:49 - 00000000 ____D () C:\Users\Stefan\AppData\Local\FreePDF_XP 2014-05-16 08:59 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\rescache 2014-05-16 08:28 - 2009-07-14 07:32 - 00000000 ____D () C:\Windows\system32\FxsTmp 2014-05-16 07:57 - 2013-06-13 12:32 - 00000000 ____D () C:\ProgramData\CSS Group 2014-05-16 07:56 - 2009-07-14 06:45 - 00013936 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2014-05-16 07:56 - 2009-07-14 06:45 - 00013936 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2014-05-16 07:49 - 2014-03-23 14:00 - 00000512 __RSH () C:\ProgramData\ntuser.pol 2014-05-16 07:49 - 2013-06-13 12:08 - 00000000 ___RD () C:\Users\Stefan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup 2014-05-16 07:49 - 2013-06-13 12:08 - 00000000 ___RD () C:\Users\Stefan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools 2014-05-16 07:47 - 2013-06-26 18:27 - 00000000 ____D () C:\Users\postgres 2014-05-16 07:47 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2014-05-16 07:46 - 2014-05-06 17:28 - 00000000 ___SD () C:\Windows\system32\CompatTel 2014-05-16 07:46 - 2009-07-14 06:51 - 00070909 _____ () C:\Windows\setupact.log 2014-05-16 07:46 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\PolicyDefinitions 2014-05-15 18:02 - 2013-06-13 14:23 - 00000000 ____D () C:\ProgramData\Microsoft Help 2014-05-15 17:58 - 2014-01-25 12:39 - 93223848 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe 2014-05-15 17:58 - 2014-01-25 12:39 - 00000000 ____D () C:\Windows\system32\MRT 2014-05-15 14:06 - 2014-05-15 14:03 - 239724307 _____ () C:\Users\Stefan\Downloads\bimos_videos.zip 2014-05-15 09:44 - 2014-04-28 14:39 - 00000000 ____D () C:\Users\Stefan\Desktop\BTMV 2014-05-15 09:12 - 2013-06-13 15:03 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk 2014-05-14 16:34 - 2014-05-14 16:34 - 00411798 _____ () C:\Users\Stefan\Downloads\Brother%20Logo%20Blue.eps 2014-05-14 16:31 - 2013-06-13 15:53 - 00000000 ____D () C:\Users\Stefan\AppData\Local\Paint.NET 2014-05-14 15:13 - 2014-05-14 14:35 - 00000000 ____D () C:\Users\Stefan\Desktop\Banner 2014-05-14 11:56 - 2014-02-13 11:00 - 02032440 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI 2014-05-14 11:36 - 2014-05-14 11:36 - 00000000 ____D () C:\Windows\ERUNT 2014-05-14 11:32 - 2009-11-23 23:29 - 00551394 _____ () C:\Windows\PFRO.log 2014-05-14 11:31 - 2014-05-14 11:28 - 00000000 ____D () C:\AdwCleaner 2014-05-14 11:15 - 2009-07-14 09:45 - 00000000 ____D () C:\Windows\ShellNew 2014-05-14 10:59 - 2014-05-14 10:59 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 2014-05-14 10:59 - 2014-05-14 10:59 - 00000000 ____D () C:\ProgramData\Malwarebytes 2014-05-14 10:59 - 2014-05-14 10:59 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 2014-05-14 10:46 - 2014-05-14 10:46 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group 2014-05-14 10:44 - 2014-05-14 10:44 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\Stefan\Downloads\1revosetup95.exe 2014-05-14 09:05 - 2014-05-14 09:05 - 17938608 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe 2014-05-14 09:05 - 2013-06-14 08:18 - 00692400 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2014-05-14 09:05 - 2013-06-14 08:18 - 00070832 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2014-05-14 08:09 - 2013-09-24 11:09 - 00000164 _____ () C:\Users\Stefan\AppData\Roaming\WB.CFG 2014-05-14 08:08 - 2014-05-14 08:08 - 00000000 ____D () C:\Users\Stefan\AppData\Roaming\Centra 2014-05-14 08:05 - 2013-06-14 08:18 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater 2014-05-14 07:51 - 2014-01-25 12:59 - 00000000 ____D () C:\Update 2014-05-13 15:38 - 2014-02-25 18:16 - 00000000 ____D () C:\Users\Stefan\Desktop\Bilder_Shooting 2014-05-13 15:38 - 2014-02-13 18:34 - 00000000 ____D () C:\Users\Stefan\Desktop\Develop 2014-05-13 14:02 - 2013-06-13 12:32 - 00000473 _____ () C:\Windows\BRWMARK.INI 2014-05-13 12:23 - 2014-05-13 12:23 - 00001141 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VAIO Update.lnk 2014-05-13 12:23 - 2014-05-13 12:23 - 00000092 _____ () C:\__Argon__.tmp 2014-05-13 12:23 - 2014-05-13 12:23 - 00000064 _____ () C:\shutdownprocesses.bat 2014-05-13 12:23 - 2014-05-13 12:23 - 00000032 ____N () C:\_IS6BAT_.TMP 2014-05-13 12:23 - 2009-11-24 00:46 - 00000000 ____D () C:\ProgramData\Sony Corporation 2014-05-12 11:53 - 2013-06-13 14:59 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service 2014-05-10 12:48 - 2013-12-02 15:56 - 00000000 ____D () C:\Users\Stefan\AppData\Roaming\Spotify 2014-05-10 12:03 - 2014-05-10 12:03 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox 2014-05-09 09:40 - 2013-10-17 15:47 - 00625248 _____ (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\klif.sys 2014-05-09 09:40 - 2013-10-17 15:47 - 00458336 _____ (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\kl1.sys 2014-05-09 09:40 - 2013-10-17 15:47 - 00029280 _____ (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\klkbdflt.sys 2014-05-09 09:40 - 2013-06-08 20:18 - 00115296 _____ (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\klflt.sys 2014-05-09 09:40 - 2013-06-06 17:38 - 00178272 _____ (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\kneps.sys 2014-05-09 09:30 - 2013-06-13 14:57 - 00000000 ____D () C:\Program Files (x86)\Kaspersky Lab 2014-05-09 09:29 - 2014-05-09 09:29 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kaspersky Internet Security 2014-05-09 08:14 - 2014-05-15 13:05 - 00477184 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll 2014-05-09 08:11 - 2014-05-15 13:05 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll 2014-05-08 14:16 - 2013-12-02 15:56 - 00000000 ____D () C:\Users\Stefan\AppData\Local\Spotify 2014-05-08 10:29 - 2014-05-08 10:29 - 00511642 _____ () C:\Users\Stefan\Downloads\meet_sweetspot_tables_D.zip 2014-05-06 06:40 - 2014-05-15 18:02 - 23544320 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2014-05-06 06:17 - 2014-05-15 18:02 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2014-05-06 05:25 - 2014-05-15 18:02 - 17382912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2014-05-06 05:07 - 2014-05-15 18:02 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb 2014-05-06 05:00 - 2014-05-15 18:02 - 00084992 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll 2014-05-06 04:10 - 2014-05-15 18:02 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll 2014-04-28 11:22 - 2014-02-11 15:05 - 00000000 ____D () C:\Watchfolder 2014-04-27 18:00 - 2014-04-27 18:00 - 00000000 ____D () C:\Users\Stefan\AppData\Local\.elfohilfe 2014-04-27 17:09 - 2014-04-27 17:08 - 00000000 ____D () C:\Users\Stefan\AppData\Roaming\elsterformular 2014-04-27 17:08 - 2014-04-27 17:08 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ElsterFormular 2014-04-27 17:08 - 2014-04-27 17:08 - 00000000 ____D () C:\ProgramData\elsterformular 2014-04-27 17:08 - 2014-04-27 17:08 - 00000000 ____D () C:\Program Files (x86)\ElsterFormular 2014-04-25 16:14 - 2014-04-25 16:14 - 00000000 ___HD () C:\ProgramData\{71298098-1063-493E-A755-4CC7081782D0} 2014-04-25 16:14 - 2014-04-25 16:14 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EasternGraphics 2014-04-25 16:14 - 2013-11-19 18:51 - 00000000 ___HD () C:\ProgramData\{2E5F3D11-0155-4860-A4E6-7A8C7E5C8D15} 2014-04-25 16:14 - 2013-06-13 15:05 - 00000000 ____D () C:\ProgramData\EasternGraphics 2014-04-25 16:13 - 2014-04-25 16:13 - 00000000 ____D () C:\Users\Stefan\AppData\Local\III 2014-04-22 16:30 - 2014-04-22 16:26 - 00038429 _____ () C:\Users\Stefan\AppData\Roaming\Kommagetrennte Werte (Windows).ADR 2014-04-22 13:24 - 2009-07-14 06:45 - 00462136 _____ () C:\Windows\system32\FNTCACHE.DAT 2014-04-22 13:14 - 2014-04-22 13:14 - 00000020 ___SH () C:\Users\ASP.NET v4.0 DefaultAppPool\ntuser.ini 2014-04-22 13:14 - 2014-04-22 13:14 - 00000000 _SHDL () C:\Users\ASP.NET v4.0 DefaultAppPool\Vorlagen 2014-04-22 13:14 - 2014-04-22 13:14 - 00000000 _SHDL () C:\Users\ASP.NET v4.0 DefaultAppPool\Startmenü 2014-04-22 13:14 - 2014-04-22 13:14 - 00000000 _SHDL () C:\Users\ASP.NET v4.0 DefaultAppPool\Netzwerkumgebung 2014-04-22 13:14 - 2014-04-22 13:14 - 00000000 _SHDL () C:\Users\ASP.NET v4.0 DefaultAppPool\Lokale Einstellungen 2014-04-22 13:14 - 2014-04-22 13:14 - 00000000 _SHDL () C:\Users\ASP.NET v4.0 DefaultAppPool\Eigene Dateien 2014-04-22 13:14 - 2014-04-22 13:14 - 00000000 _SHDL () C:\Users\ASP.NET v4.0 DefaultAppPool\Druckumgebung 2014-04-22 13:14 - 2014-04-22 13:14 - 00000000 _SHDL () C:\Users\ASP.NET v4.0 DefaultAppPool\Documents\Eigene Musik 2014-04-22 13:14 - 2014-04-22 13:14 - 00000000 _SHDL () C:\Users\ASP.NET v4.0 DefaultAppPool\Documents\Eigene Bilder 2014-04-22 13:14 - 2014-04-22 13:14 - 00000000 _SHDL () C:\Users\ASP.NET v4.0 DefaultAppPool\AppData\Roaming\Microsoft\Windows\Start Menu\Programme 2014-04-22 13:14 - 2014-04-22 13:14 - 00000000 _SHDL () C:\Users\ASP.NET v4.0 DefaultAppPool\AppData\Local\Verlauf 2014-04-22 13:14 - 2014-04-22 13:14 - 00000000 _SHDL () C:\Users\ASP.NET v4.0 DefaultAppPool\AppData\Local\Anwendungsdaten 2014-04-22 13:14 - 2014-04-22 13:14 - 00000000 _SHDL () C:\Users\ASP.NET v4.0 DefaultAppPool\Anwendungsdaten 2014-04-22 13:14 - 2014-04-22 13:14 - 00000000 ____D () C:\Users\ASP.NET v4.0 DefaultAppPool 2014-04-22 13:06 - 2013-06-13 12:07 - 00120968 _____ () C:\Users\Stefan\AppData\Local\GDIPFONTCACHEV1.DAT 2014-04-22 12:57 - 2014-04-22 12:57 - 00000167 _____ () C:\Windows\ODBCINST.INI 2014-04-22 12:57 - 2014-04-08 17:18 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MFP-Printer Utility 2014-04-22 12:56 - 2014-04-08 17:18 - 00000000 ____D () C:\Program Files\MFP-Printer Utility 2014-04-22 12:55 - 2014-04-22 12:54 - 00000000 ____D () C:\Program Files\Microsoft SQL Server 2014-04-22 12:55 - 2014-04-22 12:53 - 00000000 ____D () C:\Program Files (x86)\Microsoft SQL Server 2014-04-22 12:54 - 2014-04-22 12:54 - 00000000 ____D () C:\Windows\SysWOW64\1033 2014-04-22 12:54 - 2014-04-22 12:54 - 00000000 ____D () C:\Windows\SysWOW64\1031 2014-04-22 12:54 - 2014-04-22 12:54 - 00000000 ____D () C:\Windows\system32\1033 2014-04-22 12:54 - 2014-04-22 12:54 - 00000000 ____D () C:\Windows\system32\1031 2014-04-22 12:54 - 2014-04-22 12:54 - 00000000 ____D () C:\Program Files (x86)\Microsoft Visual Studio 9.0 2014-04-22 12:54 - 2014-04-22 12:53 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft SQL Server 2008 2014-04-22 12:51 - 2014-04-22 12:51 - 00000000 ____D () C:\ProgramData\MFP Utility 2014-04-22 10:04 - 2014-04-22 10:04 - 00000000 ____D () C:\Users\Stefan\AppData\Local\MFP Utility 2014-04-22 10:04 - 2014-04-22 10:04 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MFP Utility 2014-04-22 10:04 - 2014-04-22 10:04 - 00000000 ____D () C:\Program Files (x86)\Device 2014-04-22 09:37 - 2014-04-22 09:36 - 00000000 ____D () C:\BoxOperator 2014-04-22 09:36 - 2014-04-22 09:36 - 00000000 ____D () C:\ProgramData\MFP-Printer Utility 2014-04-17 15:19 - 2013-10-04 12:21 - 00000000 ___RD () C:\Users\Stefan\Desktop\Verknüpfungen 2014-04-17 13:17 - 2013-10-28 14:06 - 00000000 ____D () C:\Program Files (x86)\Zattoo4 2014-04-17 13:16 - 2014-04-17 13:16 - 00000000 ____D () C:\Users\Stefan\AppData\Roaming\Zattoo 2014-04-17 13:16 - 2014-04-17 13:16 - 00000000 ____D () C:\Users\Stefan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Zattoo Europa AG 2014-04-17 13:16 - 2014-04-17 13:15 - 00000000 ____D () C:\Users\Stefan\AppData\Local\Deployment 2014-04-17 13:15 - 2014-04-17 13:15 - 00000000 ____D () C:\Users\Stefan\AppData\Local\Apps\2.0 2014-04-17 13:15 - 2014-04-17 13:15 - 00000000 ____D () C:\ProgramData\Package Cache 2014-04-17 13:12 - 2013-10-28 14:06 - 00017408 _____ () C:\Users\Stefan\AppData\Local\WebpageIcons.db Some content of TEMP: ==================== C:\Users\Stefan\AppData\Local\Temp\autorun.dll ==================== Bamital & volsnap Check ================= C:\Windows\System32\winlogon.exe [2014-05-15 13:05] - [2014-03-04 11:43] - 0455168 ____A (Microsoft Corporation) 88AB9B72B4BF3963A0DE0820B4B0B06C C:\Windows\System32\wininit.exe => MD5 is legit C:\Windows\SysWOW64\wininit.exe => MD5 is legit C:\Windows\explorer.exe => MD5 is legit C:\Windows\SysWOW64\explorer.exe => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\SysWOW64\svchost.exe => MD5 is legit C:\Windows\System32\services.exe => MD5 is legit C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\SysWOW64\User32.dll => MD5 is legit C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\SysWOW64\userinit.exe => MD5 is legit C:\Windows\System32\rpcss.dll => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit LastRegBack: 2014-05-09 08:36 ==================== End Of Log ============================ Code:
ATTFilter ESETSmartInstaller@High as downloader log: all ok # version=8 # OnlineScannerApp.exe=1.0.0.1 # OnlineScanner.ocx=1.0.0.6920 # api_version=3.0.2 # EOSSerial=50f55ca3bce29f409916b09b86a93720 # engine=18285 # end=finished # remove_checked=false # archives_checked=true # unwanted_checked=true # unsafe_checked=false # antistealth_checked=true # utc_time=2014-05-16 10:34:01 # local_time=2014-05-16 12:34:01 (+0100, Mitteleuropäische Sommerzeit) # country="Germany" # lang=1031 # osver=6.1.7601 NT Service Pack 1 # compatibility_mode=5893 16776573 100 94 16587 151866291 0 0 # scanned=256244 # found=1 # cleaned=0 # scan_time=3481 sh=6F3A3B433459E6773C9FBE8CFB154DB6534EFA86 ft=1 fh=60bff0ff01dbe663 vn="Variante von Win32/InstallCore.A evtl. unerwünschte Anwendung" ac=I fn="C:\Program Files (x86)\VideoConverter\VideoConverter.exe" Soll ich das Email-Passwort nochmals ändern?????? |
17.05.2014, 13:12 | #11 |
/// the machine /// TB-Ausbilder | Email Account gehackt? Mail Delivery PC1: C:\Windows\System32\winlogon.exe bitte bei www.virustotal.com scannen lassen. gleiches bei den andern beiden PC.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
19.05.2014, 07:34 | #12 |
| Email Account gehackt? Mail Delivery Ich habe es an allen drei PCs versucht. Die Datei winlogon.exe existiert auf allen drei Rechnern (über den Explorer). Sobald ich mich mit Mozilla Firefox auf der genannten Seite befinde und die Datei wählen möchte, wird sie auf keinem der drei Rechner angezeigt. Leider komme ich mit diesem Schritt nicht weiter. Viele Grüße Habe gerade die Datei auf den Desktop kopiert und dann überprüfen lassen. So konnte ich sie im Browser finden. Es wurde auf allen drei Rechnern nichts gefunden. Momentan erhalten wir dafür wieder verstärkt Emails über Mail delivery... |
20.05.2014, 08:16 | #13 |
/// the machine /// TB-Ausbilder | Email Account gehackt? Mail Delivery Passwort zum Account wurde geändert. Poste bitte ein frisches FRST log von PC1, nur PC1, wir gehen jetzt einen nach dem anderen durch.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
20.05.2014, 11:04 | #14 |
| Email Account gehackt? Mail Delivery Es handelt sich bei dem Account um einen von T-online. Die Emails werden von den PCs nicht mit Outlook abgeholt, sondern direkt über den Mozilla Firefox. Hier ist das frst FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 15-05-2014 Ran by Heuser (administrator) on HEUSER-PC on 20-05-2014 12:00:29 Running from C:\Users\Heuser\Desktop Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: German Standard Internet Explorer Version 11 Boot Mode: Normal ==================== Processes (Whitelisted) ================= (Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avp.exe (Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe (Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe (Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe (Intel Corporation) C:\Windows\System32\igfxtray.exe (Intel Corporation) C:\Windows\System32\hkcmd.exe (Intel Corporation) C:\Windows\System32\igfxpers.exe (Intel Corporation) C:\Windows\System32\igfxsrvc.exe (Dropbox, Inc.) C:\Users\Heuser\AppData\Roaming\Dropbox\bin\Dropbox.exe (shbox.de) C:\Program Files (x86)\FreePDF_XP\fpassist.exe (Nuance Communications, Inc.) C:\Program Files (x86)\ScanSoft\PaperPort\pptd40nt.exe (Sun Microsystems, Inc.) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe () C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe (Brother Industries, Ltd.) C:\Program Files (x86)\Brother\ControlCenter3\BrccMCtl.exe (Brother Industries, Ltd.) C:\Program Files (x86)\Brother\Brmfcmon\BrMfimon.exe (Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avpui.exe (Sun Microsystems, Inc.) C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe ==================== Registry (Whitelisted) ================== HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated) HKLM-x32\...\Run: [FreePDF Assistant] => C:\Program Files (x86)\FreePDF_XP\fpassist.exe [385024 2009-09-05] (shbox.de) HKLM-x32\...\Run: [GrooveMonitor] => C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [31016 2006-10-27] (Microsoft Corporation) HKLM-x32\...\Run: [SSBkgdUpdate] => C:\Program Files (x86)\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe [210472 2006-10-25] (Nuance Communications, Inc.) HKLM-x32\...\Run: [PaperPort PTD] => C:\Program Files (x86)\ScanSoft\PaperPort\pptd40nt.exe [29984 2008-07-10] (Nuance Communications, Inc.) HKLM-x32\...\Run: [IndexSearch] => C:\Program Files (x86)\ScanSoft\PaperPort\IndexSearch.exe [46368 2008-07-10] (Nuance Communications, Inc.) HKLM-x32\...\Run: [PPort11reminder] => C:\Program Files (x86)\ScanSoft\PaperPort\Ereg\Ereg.exe [328992 2007-08-31] (Nuance Communications, Inc.) HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254696 2012-01-18] (Sun Microsystems, Inc.) HKLM-x32\...\Run: [BrMfcWnd] => C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe [1163264 2011-04-01] () HKLM-x32\...\Run: [ControlCenter3] => C:\Program Files (x86)\Brother\ControlCenter3\brctrcen.exe [114688 2008-12-24] (Brother Industries, Ltd.) Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation) Startup: C:\Users\Heuser\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk ShortcutTarget: Dropbox.lnk -> C:\Users\Heuser\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) ==================== Internet (Whitelisted) ==================== HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x42F618F31893CC01 HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de BHO: Content Blocker Plugin - {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\x64\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO) BHO: Virtual Keyboard Plugin - {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO) BHO: Safe Money Plugin - {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\x64\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO) BHO: URL Advisor Plugin - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\x64\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO) BHO-x32: Content Blocker Plugin - {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO) BHO-x32: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation) BHO-x32: Virtual Keyboard Plugin - {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO) BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.) BHO-x32: Safe Money Plugin - {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO) BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.) BHO-x32: URL Advisor Plugin - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO) Tcpip\Parameters: [DhcpNameServer] 192.168.178.1 FireFox: ======== FF ProfilePath: C:\Users\Heuser\AppData\Roaming\Mozilla\Firefox\Profiles\dxetymwl.default FF Homepage: hxxp://www.t-online.de/ FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_13_0_0_214.dll () FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_214.dll () FF Plugin-x32: @java.com/JavaPlugin - C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.) FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml FF HKLM-x32\...\Firefox\Extensions: - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\url_advisor@kaspersky.com FF Extension: 卡巴斯基網址顧問 - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\url_advisor@kaspersky.com [2013-11-11] FF HKLM-x32\...\Firefox\Extensions: [virtual_keyboard@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\virtual_keyboard@kaspersky.com FF Extension: 虛擬鍵盤 - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\virtual_keyboard@kaspersky.com [2013-11-11] FF HKLM-x32\...\Firefox\Extensions: [content_blocker@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\content_blocker@kaspersky.com FF Extension: 惡意網站攔截器 - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\content_blocker@kaspersky.com [2013-11-11] FF HKLM-x32\...\Firefox\Extensions: [anti_banner@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\anti_banner@kaspersky.com FF Extension: Chặn quảng cáo - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\anti_banner@kaspersky.com [2013-11-11] FF HKLM-x32\...\Firefox\Extensions: [online_banking@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\online_banking@kaspersky.com FF Extension: Safe Money - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\online_banking@kaspersky.com [2013-11-11] ==================== Services (Whitelisted) ================= R2 AVP; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avp.exe [214512 2013-10-17] (Kaspersky Lab ZAO) R2 MBAMScheduler; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe [1809720 2014-04-03] (Malwarebytes Corporation) R2 MBAMService; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [857912 2014-04-03] (Malwarebytes Corporation) ==================== Drivers (Whitelisted) ==================== R0 kl1; C:\Windows\System32\DRIVERS\kl1.sys [458336 2013-11-11] (Kaspersky Lab ZAO) S4 klflt; C:\Windows\System32\DRIVERS\klflt.sys [115296 2014-03-25] (Kaspersky Lab ZAO) R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [625248 2014-03-25] (Kaspersky Lab ZAO) R1 KLIM6; C:\Windows\System32\DRIVERS\klim6.sys [29792 2013-10-17] (Kaspersky Lab ZAO) R3 klkbdflt; C:\Windows\System32\DRIVERS\klkbdflt.sys [29280 2014-02-18] (Kaspersky Lab ZAO) R3 klmouflt; C:\Windows\System32\DRIVERS\klmouflt.sys [29280 2013-10-17] (Kaspersky Lab ZAO) R1 klpd; C:\Windows\System32\DRIVERS\klpd.sys [15456 2013-04-12] (Kaspersky Lab ZAO) R1 kltdi; C:\Windows\System32\DRIVERS\kltdi.sys [55904 2013-05-14] (Kaspersky Lab ZAO) R1 kneps; C:\Windows\System32\DRIVERS\kneps.sys [178272 2013-12-19] (Kaspersky Lab ZAO) R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-04-03] (Malwarebytes Corporation) R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [119512 2014-05-20] (Malwarebytes Corporation) R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63192 2014-04-03] (Malwarebytes Corporation) S3 Serial; C:\Windows\system32\drivers\serial.sys [94208 2009-07-14] (Brother Industries Ltd.) U5 VWiFiFlt; C:\Windows\System32\Drivers\VWiFiFlt.sys [59904 2009-07-14] (Microsoft Corporation) ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2014-05-19 08:30 - 2014-03-04 11:43 - 00455168 _____ (Microsoft Corporation) C:\Users\Heuser\Desktop\winlogon.exe 2014-05-16 12:43 - 2014-05-20 12:00 - 00011065 _____ () C:\Users\Heuser\Desktop\FRST.txt 2014-05-16 12:43 - 2014-05-16 12:43 - 00000000 ____D () C:\Users\Heuser\Desktop\FRST-OlderVersion 2014-05-16 11:39 - 2014-05-16 11:33 - 00855379 _____ () C:\Users\Heuser\Desktop\2SecurityCheck.exe 2014-05-16 11:39 - 2014-05-16 11:32 - 02347384 _____ (ESET) C:\Users\Heuser\Desktop\1esetsmartinstaller_deu.exe 2014-05-16 11:24 - 2014-05-16 11:24 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\70090103.sys 2014-05-15 17:27 - 2014-05-15 17:27 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\518F4568.sys 2014-05-15 08:30 - 2014-05-06 06:40 - 23544320 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2014-05-15 08:30 - 2014-05-06 06:17 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2014-05-15 08:30 - 2014-05-06 05:25 - 17382912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2014-05-15 08:30 - 2014-05-06 05:07 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb 2014-05-15 08:30 - 2014-05-06 05:00 - 00084992 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll 2014-05-15 08:30 - 2014-05-06 04:10 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll 2014-05-15 08:24 - 2014-05-09 08:14 - 00477184 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll 2014-05-15 08:24 - 2014-05-09 08:11 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll 2014-05-15 08:24 - 2014-04-12 04:22 - 00155072 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys 2014-05-15 08:24 - 2014-04-12 04:22 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys 2014-05-15 08:24 - 2014-04-12 04:19 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll 2014-05-15 08:24 - 2014-04-12 04:19 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll 2014-05-15 08:24 - 2014-04-12 04:19 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe 2014-05-15 08:24 - 2014-04-12 04:19 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll 2014-05-15 08:24 - 2014-04-12 04:19 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll 2014-05-15 08:24 - 2014-04-12 04:12 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll 2014-05-15 08:24 - 2014-04-12 04:10 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll 2014-05-15 08:24 - 2014-03-25 04:43 - 14175744 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll 2014-05-15 08:24 - 2014-03-25 04:09 - 12874240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll 2014-05-15 08:24 - 2014-03-04 11:47 - 05550016 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe 2014-05-15 08:24 - 2014-03-04 11:44 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll 2014-05-15 08:24 - 2014-03-04 11:44 - 00722944 _____ (Microsoft Corporation) C:\Windows\system32\objsel.dll 2014-05-15 08:24 - 2014-03-04 11:44 - 00424960 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll 2014-05-15 08:24 - 2014-03-04 11:44 - 00340992 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll 2014-05-15 08:24 - 2014-03-04 11:44 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll 2014-05-15 08:24 - 2014-03-04 11:44 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll 2014-05-15 08:24 - 2014-03-04 11:44 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll 2014-05-15 08:24 - 2014-03-04 11:44 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\wincredprovider.dll 2014-05-15 08:24 - 2014-03-04 11:43 - 00455168 _____ (Microsoft Corporation) C:\Windows\system32\winlogon.exe 2014-05-15 08:24 - 2014-03-04 11:43 - 00057344 _____ (Microsoft Corporation) C:\Windows\system32\cngprovider.dll 2014-05-15 08:24 - 2014-03-04 11:43 - 00056832 _____ (Microsoft Corporation) C:\Windows\system32\adprovider.dll 2014-05-15 08:24 - 2014-03-04 11:43 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\capiprovider.dll 2014-05-15 08:24 - 2014-03-04 11:43 - 00052736 _____ (Microsoft Corporation) C:\Windows\system32\dpapiprovider.dll 2014-05-15 08:24 - 2014-03-04 11:43 - 00044544 _____ (Microsoft Corporation) C:\Windows\system32\dimsroam.dll 2014-05-15 08:24 - 2014-03-04 11:43 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll 2014-05-15 08:24 - 2014-03-04 11:20 - 03969984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe 2014-05-15 08:24 - 2014-03-04 11:20 - 03914176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe 2014-05-15 08:24 - 2014-03-04 11:17 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll 2014-05-15 08:24 - 2014-03-04 11:17 - 00538112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\objsel.dll 2014-05-15 08:24 - 2014-03-04 11:17 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll 2014-05-15 08:24 - 2014-03-04 11:17 - 00247808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll 2014-05-15 08:24 - 2014-03-04 11:17 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll 2014-05-15 08:24 - 2014-03-04 11:17 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll 2014-05-15 08:24 - 2014-03-04 11:17 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cngprovider.dll 2014-05-15 08:24 - 2014-03-04 11:17 - 00049664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adprovider.dll 2014-05-15 08:24 - 2014-03-04 11:17 - 00048128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\capiprovider.dll 2014-05-15 08:24 - 2014-03-04 11:17 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dpapiprovider.dll 2014-05-15 08:24 - 2014-03-04 11:17 - 00036864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dimsroam.dll 2014-05-15 08:24 - 2014-03-04 11:17 - 00035328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wincredprovider.dll 2014-05-15 08:24 - 2014-03-04 11:17 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll 2014-05-15 08:24 - 2014-03-04 11:16 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll 2014-05-14 16:47 - 2014-05-14 16:47 - 07547454 _____ () C:\Users\Heuser\Downloads\Ineo4020_UG.zip 2014-05-14 12:07 - 2014-05-16 12:43 - 02067456 _____ (Farbar) C:\Users\Heuser\Desktop\FRST64.exe 2014-05-14 11:50 - 2014-05-14 11:50 - 00000000 ____D () C:\Windows\ERUNT 2014-05-14 11:49 - 2014-05-14 11:35 - 01016261 _____ (Thisisu) C:\Users\Heuser\Desktop\4JRT.exe 2014-05-14 11:44 - 2014-05-14 11:45 - 00000000 ____D () C:\AdwCleaner 2014-05-14 11:44 - 2014-05-14 11:23 - 01325827 _____ () C:\Users\Heuser\Desktop\3adwcleaner.exe 2014-05-14 11:21 - 2014-05-20 11:56 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2014-05-14 11:21 - 2014-05-14 11:21 - 00001106 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk 2014-05-14 11:21 - 2014-05-14 11:21 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 2014-05-14 11:21 - 2014-05-14 11:21 - 00000000 ____D () C:\ProgramData\Malwarebytes 2014-05-14 11:21 - 2014-05-14 11:21 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 2014-05-14 11:21 - 2014-04-03 09:51 - 00088280 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys 2014-05-14 11:21 - 2014-04-03 09:51 - 00063192 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys 2014-05-14 11:21 - 2014-04-03 09:50 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys 2014-05-14 11:01 - 2014-05-14 11:01 - 00001268 _____ () C:\Users\Heuser\Desktop\Revo Uninstaller.lnk 2014-05-14 11:01 - 2014-05-14 11:01 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group 2014-05-13 10:30 - 2014-05-20 12:00 - 00000000 ____D () C:\FRST 2014-05-12 18:03 - 2014-05-12 18:04 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox 2014-05-06 12:45 - 2014-05-15 16:37 - 00000000 ___SD () C:\Windows\system32\CompatTel 2014-05-06 12:05 - 2014-05-06 12:06 - 33593014 _____ () C:\Users\Heuser\Downloads\Aktion_sweetspot.zip 2014-04-29 08:22 - 2014-03-06 11:31 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll 2014-04-29 08:22 - 2014-03-06 10:59 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll 2014-04-29 08:22 - 2014-03-06 10:57 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll 2014-04-29 08:22 - 2014-03-06 10:57 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll 2014-04-29 08:22 - 2014-03-06 10:53 - 02767360 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2014-04-29 08:22 - 2014-03-06 10:40 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll 2014-04-29 08:22 - 2014-03-06 10:39 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll 2014-04-29 08:22 - 2014-03-06 10:32 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll 2014-04-29 08:22 - 2014-03-06 10:29 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe 2014-04-29 08:22 - 2014-03-06 10:29 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe 2014-04-29 08:22 - 2014-03-06 10:28 - 00752640 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll 2014-04-29 08:22 - 2014-03-06 10:15 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe 2014-04-29 08:22 - 2014-03-06 10:11 - 05784064 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2014-04-29 08:22 - 2014-03-06 10:09 - 00453120 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll 2014-04-29 08:22 - 2014-03-06 10:03 - 00586240 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe 2014-04-29 08:22 - 2014-03-06 10:02 - 00455168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll 2014-04-29 08:22 - 2014-03-06 10:02 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll 2014-04-29 08:22 - 2014-03-06 10:01 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll 2014-04-29 08:22 - 2014-03-06 09:56 - 00038400 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll 2014-04-29 08:22 - 2014-03-06 09:48 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll 2014-04-29 08:22 - 2014-03-06 09:47 - 02178048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2014-04-29 08:22 - 2014-03-06 09:46 - 04254720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll 2014-04-29 08:22 - 2014-03-06 09:46 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll 2014-04-29 08:22 - 2014-03-06 09:45 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll 2014-04-29 08:22 - 2014-03-06 09:42 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll 2014-04-29 08:22 - 2014-03-06 09:40 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll 2014-04-29 08:22 - 2014-03-06 09:38 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe 2014-04-29 08:22 - 2014-03-06 09:36 - 00592896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll 2014-04-29 08:22 - 2014-03-06 09:22 - 00367616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll 2014-04-29 08:22 - 2014-03-06 09:21 - 00628736 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2014-04-29 08:22 - 2014-03-06 09:13 - 00032256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll 2014-04-29 08:22 - 2014-03-06 09:11 - 02043904 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl 2014-04-29 08:22 - 2014-03-06 09:07 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll 2014-04-29 08:22 - 2014-03-06 09:01 - 00244224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll 2014-04-29 08:22 - 2014-03-06 08:53 - 13551104 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2014-04-29 08:22 - 2014-03-06 08:46 - 00524288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll 2014-04-29 08:22 - 2014-03-06 08:40 - 01967104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl 2014-04-29 08:22 - 2014-03-06 08:36 - 11745792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2014-04-29 08:22 - 2014-03-06 08:22 - 02260480 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2014-04-29 08:22 - 2014-03-06 07:58 - 01400832 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2014-04-29 08:22 - 2014-03-06 07:50 - 00846336 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll 2014-04-29 08:22 - 2014-03-06 07:43 - 00704512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll 2014-04-29 08:22 - 2014-03-06 07:41 - 01789440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2014-04-29 08:22 - 2014-03-06 07:36 - 01143808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2014-04-24 12:28 - 2014-04-24 12:28 - 00358403 _____ () C:\Users\Heuser\Downloads\20140415_aeris_Bannerpaket_RitterRost.zip ==================== One Month Modified Files and Folders ======= 2014-05-20 12:00 - 2014-05-16 12:43 - 00011065 _____ () C:\Users\Heuser\Desktop\FRST.txt 2014-05-20 12:00 - 2014-05-13 10:30 - 00000000 ____D () C:\FRST 2014-05-20 11:56 - 2014-05-14 11:21 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2014-05-20 11:19 - 2011-10-25 15:14 - 00000000 ____D () C:\ProgramData\Kaspersky Lab 2014-05-20 11:16 - 2011-10-27 08:34 - 00000000 ____D () C:\ProgramData\CSS Group 2014-05-20 11:11 - 2009-07-14 06:45 - 00021696 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2014-05-20 11:11 - 2009-07-14 06:45 - 00021696 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2014-05-20 11:05 - 2011-10-25 15:51 - 00000000 ___RD () C:\Users\Heuser\Dropbox 2014-05-20 11:05 - 2011-10-25 15:49 - 00000000 ____D () C:\Users\Heuser\AppData\Roaming\Dropbox 2014-05-20 11:03 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2014-05-20 11:03 - 2009-07-14 06:51 - 00125278 _____ () C:\Windows\setupact.log 2014-05-20 09:25 - 2011-10-25 14:49 - 01077046 _____ () C:\Windows\WindowsUpdate.log 2014-05-20 09:01 - 2013-07-03 12:19 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job 2014-05-19 11:08 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\rescache 2014-05-17 12:43 - 2011-10-25 16:26 - 00075120 _____ () C:\fpRedmon.log 2014-05-17 12:43 - 2011-10-25 16:26 - 00000000 ____D () C:\Users\Heuser\AppData\Local\FreePDF_XP 2014-05-17 11:34 - 2009-07-14 07:32 - 00000000 ____D () C:\Windows\system32\FxsTmp 2014-05-16 17:55 - 2010-11-21 05:47 - 00117218 _____ () C:\Windows\PFRO.log 2014-05-16 12:43 - 2014-05-16 12:43 - 00000000 ____D () C:\Users\Heuser\Desktop\FRST-OlderVersion 2014-05-16 12:43 - 2014-05-14 12:07 - 02067456 _____ (Farbar) C:\Users\Heuser\Desktop\FRST64.exe 2014-05-16 11:33 - 2014-05-16 11:39 - 00855379 _____ () C:\Users\Heuser\Desktop\2SecurityCheck.exe 2014-05-16 11:32 - 2014-05-16 11:39 - 02347384 _____ (ESET) C:\Users\Heuser\Desktop\1esetsmartinstaller_deu.exe 2014-05-16 11:24 - 2014-05-16 11:24 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\70090103.sys 2014-05-15 17:27 - 2014-05-15 17:27 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\518F4568.sys 2014-05-15 17:04 - 2011-10-25 15:37 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk 2014-05-15 17:01 - 2011-10-25 15:05 - 00000000 ___RD () C:\Users\Heuser\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup 2014-05-15 17:01 - 2011-10-25 15:05 - 00000000 ___RD () C:\Users\Heuser\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools 2014-05-15 16:37 - 2014-05-06 12:45 - 00000000 ___SD () C:\Windows\system32\CompatTel 2014-05-15 16:37 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\PolicyDefinitions 2014-05-15 08:17 - 2011-10-25 15:50 - 00000000 ____D () C:\Users\Heuser\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox 2014-05-14 17:01 - 2013-07-03 12:19 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater 2014-05-14 17:01 - 2013-03-26 16:20 - 00692400 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2014-05-14 17:01 - 2011-10-26 09:01 - 00070832 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2014-05-14 16:47 - 2014-05-14 16:47 - 07547454 _____ () C:\Users\Heuser\Downloads\Ineo4020_UG.zip 2014-05-14 15:39 - 2011-04-12 09:43 - 00699682 _____ () C:\Windows\system32\perfh007.dat 2014-05-14 15:39 - 2011-04-12 09:43 - 00149790 _____ () C:\Windows\system32\perfc007.dat 2014-05-14 15:39 - 2009-07-14 07:13 - 01620684 _____ () C:\Windows\system32\PerfStringBackup.INI 2014-05-14 12:15 - 2013-10-12 12:40 - 00000000 ____D () C:\Users\Heuser\Desktop\PDF 2014-05-14 11:50 - 2014-05-14 11:50 - 00000000 ____D () C:\Windows\ERUNT 2014-05-14 11:45 - 2014-05-14 11:44 - 00000000 ____D () C:\AdwCleaner 2014-05-14 11:35 - 2014-05-14 11:49 - 01016261 _____ (Thisisu) C:\Users\Heuser\Desktop\4JRT.exe 2014-05-14 11:23 - 2014-05-14 11:44 - 01325827 _____ () C:\Users\Heuser\Desktop\3adwcleaner.exe 2014-05-14 11:21 - 2014-05-14 11:21 - 00001106 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk 2014-05-14 11:21 - 2014-05-14 11:21 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 2014-05-14 11:21 - 2014-05-14 11:21 - 00000000 ____D () C:\ProgramData\Malwarebytes 2014-05-14 11:21 - 2014-05-14 11:21 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 2014-05-14 11:14 - 2011-10-25 16:19 - 00000000 ____D () C:\FIND_MOZ_EXT 2014-05-14 11:01 - 2014-05-14 11:01 - 00001268 _____ () C:\Users\Heuser\Desktop\Revo Uninstaller.lnk 2014-05-14 11:01 - 2014-05-14 11:01 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group 2014-05-13 07:54 - 2012-09-28 08:36 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service 2014-05-12 18:04 - 2014-05-12 18:03 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox 2014-05-09 08:14 - 2014-05-15 08:24 - 00477184 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll 2014-05-09 08:11 - 2014-05-15 08:24 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll 2014-05-06 12:06 - 2014-05-06 12:05 - 33593014 _____ () C:\Users\Heuser\Downloads\Aktion_sweetspot.zip 2014-05-06 06:40 - 2014-05-15 08:30 - 23544320 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2014-05-06 06:17 - 2014-05-15 08:30 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2014-05-06 05:25 - 2014-05-15 08:30 - 17382912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2014-05-06 05:07 - 2014-05-15 08:30 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb 2014-05-06 05:00 - 2014-05-15 08:30 - 00084992 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll 2014-05-06 04:10 - 2014-05-15 08:30 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll 2014-04-24 12:28 - 2014-04-24 12:28 - 00358403 _____ () C:\Users\Heuser\Downloads\20140415_aeris_Bannerpaket_RitterRost.zip Some content of TEMP: ==================== C:\Users\Heuser\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmprvlj0t.dll C:\Users\Heuser\AppData\Local\Temp\firefoxjre_exe.exe C:\Users\Heuser\AppData\Local\Temp\jinstaller142_19.exe C:\Users\Heuser\AppData\Local\Temp\jre-6u39-windows-i586-iftw.exe C:\Users\Heuser\AppData\Local\Temp\jre-7u55-windows-i586-iftw.exe C:\Users\Heuser\AppData\Local\Temp\ose00000.exe C:\Users\Heuser\AppData\Local\Temp\Quarantine.exe C:\Users\Heuser\AppData\Local\Temp\setup.exe C:\Users\Heuser\AppData\Local\Temp\_is1E78.exe ==================== Bamital & volsnap Check ================= C:\Windows\System32\winlogon.exe [2014-05-15 08:24] - [2014-03-04 11:43] - 0455168 ____A (Microsoft Corporation) 88AB9B72B4BF3963A0DE0820B4B0B06C C:\Windows\System32\wininit.exe => MD5 is legit C:\Windows\SysWOW64\wininit.exe => MD5 is legit C:\Windows\explorer.exe => MD5 is legit C:\Windows\SysWOW64\explorer.exe => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\SysWOW64\svchost.exe => MD5 is legit C:\Windows\System32\services.exe => MD5 is legit C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\SysWOW64\User32.dll => MD5 is legit C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\SysWOW64\userinit.exe => MD5 is legit C:\Windows\System32\rpcss.dll => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit LastRegBack: 2014-05-19 11:00 ==================== End Of Log ============================ Das Passwort änder ich jetzt direkt erneut. |
21.05.2014, 07:42 | #15 |
/// the machine /// TB-Ausbilder | Email Account gehackt? Mail Delivery Beobachte mal ob das mit den Mails noch immer kommt.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |