| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Mein yahoo email-account verschickt SPAM an meine KontakteWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
02.06.2014, 16:10
| #1 |
| |  Mein yahoo email-account verschickt SPAM an meine Kontakte Seit gestern wurde ich mehrmals darauf hingewiesen, dass Personen von meiner email-Adresse aus Spam-Nachrichten erhalten haben. In meinem Gesendet-Ordner sind keine emails zu sehen und es hat sich auch niemand anderes in meinen Account eingeloggt. Ich habe gestern mein Passwort geändert und meine Kontakte gelöscht, jedoch wurden in der Nacht um 4 Uhr wieder Mails an gelöschte Kontakte verschickt. Jetzt weiß ich nicht mehr weiter, da sich in meinen Kontakten Lehrer und weitere Personen befunden haben. Das wäre sehr unangenehm, wenn diese von ständigen Spam-Mails überhäuft werden würden. Hier sind die Logs vom FRST-Scan: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:01-06-2014 01
Ran by kebin (administrator) on KEBIN-PC on 02-06-2014 17:02:21
Running from C:\Users\kebin\Downloads
Platform: Microsoft Windows 7 Home Premium Service Pack 1 (X86) OS Language: German Standard
Internet Explorer Version 11
Boot Mode: Normal
The only official download link for FRST:
Download link for 32-Bit version: hxxp://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: hxxp://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avguard.exe
() C:\Windows\System32\PnkBstrA.exe
(Realtek) C:\Program Files\Realtek\11n USB Wireless LAN Utility\RtlService.exe
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
(Renesas Electronics Corporation) C:\Program Files\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
(SAMSUNG ELECTRONICS) C:\Program Files\Samsung\Samsung Media Studio 5\SMSTray.exe
(Advanced Micro Devices Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(ATI Technologies Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Realtek Semiconductor Corp.) C:\Program Files\Realtek\11n USB Wireless LAN Utility\RtWLan.exe
(Microsoft Corporation) C:\Windows\System32\wuauclt.exe
(Emsisoft GmbH) C:\Program Files\Emsisoft Anti-Malware\a2service.exe
(Emsisoft GmbH) C:\Program Files\Emsisoft Anti-Malware\a2guard.exe
(Emsisoft GmbH) C:\Program Files\Emsisoft Anti-Malware\a2start.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [NUSB3MON] => C:\Program Files\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe [113288 2010-04-27] (Renesas Electronics Corporation)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [9288296 2010-06-14] (Realtek Semiconductor)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [946352 2012-12-18] (Adobe Systems Incorporated)
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [253816 2013-03-12] (Oracle Corporation)
HKLM\...\Run: [avgnt] => C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [689744 2014-02-20] (Avira Operations GmbH & Co. KG)
HKLM\...\Run: [SMSTray] => C:\Program Files\Samsung\Samsung Media Studio 5\SMSTray.exe [132624 2007-12-14] (SAMSUNG ELECTRONICS)
HKLM\...\Run: [StartCCC] => C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [642656 2013-03-28] (Advanced Micro Devices, Inc.)
HKLM\...\Run: [HP Software Update] => C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe [49208 2011-03-24] (Hewlett-Packard)
HKLM\...\Run: [] => [X]
HKLM\...\Run: [emsisoft anti-malware] => c:\program files\emsisoft anti-malware\a2guard.exe [4330432 2014-02-15] (Emsisoft GmbH)
HKU\.DEFAULT\...\RunOnce: [SPReview] - C:\Windows\System32\SPReview\SPReview.exe [280576 2013-03-20] (Microsoft Corporation)
HKU\S-1-5-21-3919152501-1714073753-3578707811-1000\...\Run: [] => [X]
HKU\S-1-5-21-3919152501-1714073753-3578707811-1000\...\Run: [Spotify Web Helper] => C:\Users\kebin\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1171000 2014-04-16] (Spotify Ltd)
HKU\S-1-5-21-3919152501-1714073753-3578707811-1000\...\Run: [CPU_Control] => C:\Program Files\CPU-Control\CPU_Control.exe [1034240 2009-01-04] ()
HKU\S-1-5-21-3919152501-1714073753-3578707811-1000\...\Run: [DAEMON Tools Lite] => "C:\Program Files\DAEMON Tools Lite\DTLite.exe" -autorun
HKU\S-1-5-21-3919152501-1714073753-3578707811-1000\...\MountPoints2: I - I:\Setup.exe
HKU\S-1-5-21-3919152501-1714073753-3578707811-1000\...\MountPoints2: {7c3722b3-bc8b-11e2-ae42-c93ad4f53fab} - I:\INSTALL.EXE
HKU\S-1-5-21-3919152501-1714073753-3578707811-1000\...\MountPoints2: {b34471aa-f51d-11e2-9a3c-6c626d8af7c3} - I:\setup.exe
HKU\S-1-5-21-3919152501-1714073753-3578707811-1000\...\MountPoints2: {d20c0b20-c6a5-11e2-b23d-aad8909b5fad} - I:\INSTALL.EXE
Startup: C:\Users\kebin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk
ShortcutTarget: OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk -> C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
Startup: C:\Users\kebin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.4.1.lnk
ShortcutTarget: OpenOffice.org 3.4.1.lnk -> C:\Program Files\OpenOffice.org 3\program\quickstart.exe ()
==================== Internet (Whitelisted) ====================
ProxyServer: 95.211.129.32:3128
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://feed.snapdo.com/?publisher=VertiTechnologyYB&dpid=VertiTechnologyYB&co=DE&userid=67df9fbc-4fcc-49d5-9d21-2130fbe62346&searchtype=ds&q={searchTerms}&installDate=01/01/1970
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.golsearch.com/?babsrc=HP_ss_Btisdt6&mntrId=D2636C626D8AF7C3&affID=121564&tt=160713_9127&tsp=4946
HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://feed.snapdo.com/?publisher=VertiTechnologyYB&dpid=VertiTechnologyYB&co=DE&userid=67df9fbc-4fcc-49d5-9d21-2130fbe62346&searchtype=ds&q={searchTerms}&installDate=01/01/1970
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.qvo6.com/?utm_source=b&utm_medium=vtt&from=vtt&uid=WDCXWD15EARS-00MVWB0_WD-WMAZA083549035490&ts=1373376527
HKCU\Software\Microsoft\Internet Explorer\Main,bProtector Start Page = hxxp://www1.delta-search.com/?babsrc=HP_ss&mntrId=D2636C626D8AF7C3&affID=120517&tt=160713_9127&tsp=4945
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.qvo6.com/?utm_source=b&utm_medium=vtt&from=vtt&uid=WDCXWD15EARS-00MVWB0_WD-WMAZA083549035490&ts=1373376527
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.qvo6.com/?utm_source=b&utm_medium=vtt&from=vtt&uid=WDCXWD15EARS-00MVWB0_WD-WMAZA083549035490&ts=1373376527
StartMenuInternet: IEXPLORE.EXE - C:\Program Files\Internet Explorer\iexplore.exe hxxp://www.qvo6.com/?utm_source=b&utm_medium=vtt&from=vtt&uid=WDCXWD15EARS-00MVWB0_WD-WMAZA083549035490&ts=1373373982
SearchScopes: HKLM - DefaultScope {6EE4760F-2013-4BA5-BC1C-AC5D33C65EFA} URL =
SearchScopes: HKLM - {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = hxxp://feed.snapdo.com/?publisher=VertiTechnologyYB&dpid=VertiTechnologyYB&co=DE&userid=67df9fbc-4fcc-49d5-9d21-2130fbe62346&searchtype=ds&q={searchTerms}&installDate=01/01/1970
SearchScopes: HKCU - DefaultScope {6EE4760F-2013-4BA5-BC1C-AC5D33C65EFA} URL = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3311268&CUI=UN14762058129427503&UM=2
SearchScopes: HKCU - bProtectorDefaultScope {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
SearchScopes: HKCU - {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = hxxp://www.enhanced-search.com/?q={searchTerms}&babsrc=SP_ss_mib2&mntrId=D2636C626D8AF7C3&affID=121564&tt=160713_9127&tsp=4946
SearchScopes: HKCU - {6EE4760F-2013-4BA5-BC1C-AC5D33C65EFA} URL = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3311268&CUI=UN14762058129427503&UM=2
BHO: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO: No Name - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - No File
Toolbar: HKLM - No Name - {ae07101b-46d4-4a98-af68-0333ea26e113} - No File
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
ShellExecuteHooks: ShellHook Class - {88485281-8b4b-4f8d-9ede-82e29a064277} - C:\Program Files\MarkAny\ContentSafer\MACSMANAGER.dll [192512 2004-11-23] (MarkAny Cooperation.)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1
Tcpip\..\Interfaces\{26A623EB-0DB5-4189-B290-E65C1726041A}: [NameServer]192.169.137.1
FireFox:
========
FF ProfilePath: C:\Users\kebin\AppData\Roaming\Mozilla\Firefox\Profiles\olbrdq18.default
FF DefaultSearchEngine: Conduit Search
FF SelectedSearchEngine: Conduit Search
FF Homepage: hxxp://www.golsearch.com/?babsrc=HP_ss_Btisdt6&mntrId=D2636C626D8AF7C3&affID=121564&tt=160713_9127&tsp=4946
FF Keyword.URL: hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3311268&SearchSource=2&CUI=UN38072101937782320&UM=2&q=
FF NewTab: about:newtab
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_11_9_900_117.dll ()
FF Plugin: @esn.me/esnsonar,version=0.70.4 - C:\Program Files\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll (ESN Social Software AB)
FF Plugin: @esn/esnlaunch,version=2.3.0 - C:\Program Files\Battlelog Web Plugins\2.3.0\npesnlaunch.dll (ESN Social Software AB)
FF Plugin: @esn/npbattlelog,version=2.3.2 - C:\Program Files\Battlelog Web Plugins\2.3.2\npbattlelog.dll (EA Digital Illusions CE AB)
FF Plugin: @java.com/DTPlugin,version=10.21.2 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.21.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/WLPG,version=16.4.3508.0205 - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @nokia.com/EnablerPlugin - C:\Program Files\Nokia\Nokia Suite\npNokiaSuiteEnabler.dll ( )
FF Plugin: @pandonetworks.com/PandoWebPlugin - C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: electronicarts.com/GameFacePlugin - C:\Users\kebin\AppData\Roaming\Electronic Arts\Game Face\npGameFacePlugin.dll (Electronic Arts)
FF Plugin HKCU: pandonetworks.com/PandoWebPlugin - C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF Plugin HKCU: ubisoft.com/uplaypc - C:\Program Files\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll ()
FF user.js: detected! => C:\Users\kebin\AppData\Roaming\Mozilla\Firefox\Profiles\olbrdq18.default\user.js
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: No Name - C:\Users\kebin\AppData\Roaming\Mozilla\Firefox\profiles\extensions\extensions [2013-07-09]
FF Extension: FTdownloader V3.0 - C:\Users\kebin\AppData\Roaming\Mozilla\Firefox\profiles\extensions\ftdownloader3@ftdownloader.com.xpi [2013-04-11]
FF Extension: Plus-HD-4.5 - C:\Users\kebin\AppData\Roaming\Mozilla\Firefox\Profiles\olbrdq18.default\Extensions\a892fa08-2d07-49e8-adce-f650222629ca@82592752-c212-4885-b999-cb2a1d2f9d09.com [2014-04-23]
FF Extension: WhiteSmoke New V6 - C:\Users\kebin\AppData\Roaming\Mozilla\Firefox\Profiles\olbrdq18.default\Extensions\{da7f5ae1-3be3-43c0-8098-c1d183616e97} [2014-04-16]
FF HKLM\...\Firefox\Extensions: [{21EAF666-26B3-4a3c-ABD0-CA2F5A326744}] - C:\Program Files\V-bates\Firefox
FF HKCU\...\Firefox\Extensions: [{5a95a9e0-59dd-4314-bd84-4d18ca83a0e2}] - C:\Program Files\Wajam\Firefox\{5a95a9e0-59dd-4314-bd84-4d18ca83a0e2}.xpi
Chrome:
=======
CHR HomePage: hxxp://search.conduit.com/?ctid=CT3311268&SearchSource=48&CUI=UN29504919652995354&UM=2&UP=SP227CA280-2830-4C9A-BC80-F19CEDB88F74&SSPV=
CHR Plugin: (Shockwave Flash) - C:\Program Files\Google\Chrome\Application\35.0.1916.114\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files\Google\Chrome\Application\35.0.1916.114\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files\Google\Chrome\Application\35.0.1916.114\pdf.dll ()
CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Reader 11.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (ESN Launch Mozilla Plugin) - C:\Program Files\Battlelog Web Plugins\2.1.7\npesnlaunch.dll No File
CHR Plugin: (ESN Sonar API) - C:\Program Files\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll (ESN Social Software AB)
CHR Plugin: (Google Update) - C:\Program Files\Google\Update\1.3.21.149\npGoogleUpdate3.dll No File
CHR Plugin: (Java(TM) Platform SE 7 U21) - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
CHR Plugin: (Nokia Suite Enabler Plugin) - C:\Program Files\Nokia\Nokia Suite\npNokiaSuiteEnabler.dll ( )
CHR Plugin: (Shockwave Flash) - C:\Windows\system32\Macromed\Flash\NPSWF32_11_6_602_171.dll No File
CHR Plugin: (Java Deployment Toolkit 7.0.210.11) - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
CHR Extension: (ProxFlow) - C:\Users\kebin\AppData\Local\Google\Chrome\User Data\Default\Extensions\aakchaleigkohafkfjfjbblobjifikek [2013-11-10]
CHR Extension: (Google Drive) - C:\Users\kebin\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-07-09]
CHR Extension: (YouTube) - C:\Users\kebin\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-07-09]
CHR Extension: (Google-Suche) - C:\Users\kebin\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-07-09]
CHR Extension: (AdBlock) - C:\Users\kebin\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2013-08-09]
CHR Extension: (Google Wallet) - C:\Users\kebin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-22]
CHR Extension: (Google Mail) - C:\Users\kebin\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-07-09]
CHR HKLM\...\Chrome\Extension: [ibcgjcbeckcdemelifnledhihpaighfk] - C:\Users\kebin\AppData\Local\CRE\ibcgjcbeckcdemelifnledhihpaighfk.crx [2013-07-09]
CHR HKCU\...\Chrome\Extension: [ibcgjcbeckcdemelifnledhihpaighfk] - C:\Users\kebin\AppData\Local\CRE\ibcgjcbeckcdemelifnledhihpaighfk.crx [2013-07-09]
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
========================== Services (Whitelisted) =================
R2 a2AntiMalware; C:\Program Files\Emsisoft Anti-Malware\a2service.exe [4163584 2014-02-15] (Emsisoft GmbH)
R2 AntiVirSchedulerService; C:\Program Files\Avira\AntiVir Desktop\sched.exe [440400 2014-02-20] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [440400 2014-02-20] (Avira Operations GmbH & Co. KG)
R2 PnkBstrA; C:\Windows\system32\PnkBstrA.exe [76888 2014-05-09] ()
R2 Realtek11nSU; C:\Program Files\Realtek\11n USB Wireless LAN Utility\RtlService.exe [36864 2010-04-16] (Realtek)
==================== Drivers (Whitelisted) ====================
R3 a2acc; C:\PROGRAM FILES\EMSISOFT ANTI-MALWARE\a2accx86.sys [58200 2014-05-12] (Emsisoft GmbH)
R1 A2DDA; C:\Program Files\Emsisoft Anti-Malware\a2ddax86.sys [22056 2013-03-28] (Emsisoft GmbH)
R1 a2injectiondriver; C:\Program Files\Emsisoft Anti-Malware\a2dix86.sys [38248 2013-09-30] (Emsisoft GmbH)
R1 a2util; C:\Program Files\Emsisoft Anti-Malware\a2util32.sys [18552 2014-05-12] (Emsisoft GmbH)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [90400 2013-12-18] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [135648 2013-12-18] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [37352 2013-12-01] (Avira Operations GmbH & Co. KG)
R3 cleanhlp; C:\Program Files\Emsisoft Anti-Malware\cleanhlp32.sys [50200 2013-12-04] (Emsisoft GmbH)
R3 nusb3hub; C:\Windows\System32\DRIVERS\nusb3hub.sys [64904 2010-04-27] (Renesas Electronics Corporation)
R3 nusb3xhc; C:\Windows\System32\DRIVERS\nusb3xhc.sys [146568 2010-04-27] (Renesas Electronics Corporation)
R1 RrNetCapFilterDriver; C:\Windows\System32\DRIVERS\RrNetCapFilterDriver.sys [22184 2013-10-29] (Audials AG)
R1 ssmdrv; C:\Windows\System32\DRIVERS\ssmdrv.sys [28520 2013-07-09] (Avira GmbH)
R3 tbhsd; C:\Windows\System32\drivers\tbhsd.sys [39048 2013-03-07] (RapidSolution Software AG)
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2014-06-02 17:02 - 2014-06-02 17:02 - 00018551 _____ () C:\Users\kebin\Downloads\FRST.txt
2014-06-02 17:01 - 2014-06-02 17:02 - 00000000 ____D () C:\FRST
2014-06-02 17:01 - 2014-06-02 17:01 - 01058304 _____ (Farbar) C:\Users\kebin\Downloads\FRST.exe
2014-06-02 16:30 - 2014-06-02 16:30 - 00429673 _____ () C:\Users\kebin\Downloads\Anhänge_201462.zip
2014-06-02 16:30 - 2014-06-02 16:30 - 00429673 _____ () C:\Users\kebin\Downloads\Anhänge_201462 (1).zip
2014-06-02 15:38 - 2014-06-02 15:38 - 00001053 _____ () C:\Users\Public\Desktop\Emsisoft Anti-Malware.lnk
2014-06-02 15:38 - 2014-06-02 15:38 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Emsisoft Anti-Malware
2014-06-02 15:36 - 2014-06-02 16:51 - 00000000 ____D () C:\Program Files\Emsisoft Anti-Malware
2014-06-02 15:36 - 2014-06-02 15:36 - 00000000 ____D () C:\Users\kebin\Documents\Anti-Malware
2014-06-02 15:31 - 2014-06-02 15:35 - 232891856 _____ (Emsisoft GmbH ) C:\Users\kebin\Downloads\EmsisoftAntiMalwareSetup.exe
2014-06-02 15:31 - 2014-06-02 15:31 - 00602112 _____ (OldTimer Tools) C:\Users\kebin\Downloads\OTL.exe
2014-05-14 22:03 - 2014-05-14 22:03 - 00000000 ____D () C:\Program Files\Common Files\DESIGNER
2014-05-14 22:00 - 2014-05-06 05:25 - 17382912 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-05-14 22:00 - 2014-05-06 05:07 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-05-14 22:00 - 2014-05-06 04:10 - 00069632 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-05-14 17:33 - 2014-05-09 09:06 - 00369664 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-05-14 17:33 - 2014-05-09 09:04 - 00302592 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-05-14 17:32 - 2014-04-12 04:15 - 00136640 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2014-05-14 17:32 - 2014-04-12 04:15 - 00067520 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2014-05-14 17:32 - 2014-04-12 04:12 - 00100352 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2014-05-14 17:32 - 2014-04-12 04:12 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2014-05-14 17:32 - 2014-04-12 04:12 - 00015872 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2014-05-14 17:32 - 2014-04-12 04:11 - 01059840 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-05-14 17:32 - 2014-04-12 04:11 - 00022528 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2014-05-14 17:32 - 2014-03-25 04:09 - 12874240 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2014-05-14 17:32 - 2014-03-04 11:20 - 03969984 _____ (Microsoft Corporation) C:\Windows\system32\ntkrnlpa.exe
2014-05-14 17:32 - 2014-03-04 11:20 - 03914176 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2014-05-14 17:32 - 2014-03-04 11:17 - 00550912 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-05-14 17:32 - 2014-03-04 11:17 - 00538112 _____ (Microsoft Corporation) C:\Windows\system32\objsel.dll
2014-05-14 17:32 - 2014-03-04 11:17 - 00304128 _____ (Microsoft Corporation) C:\Windows\system32\winlogon.exe
2014-05-14 17:32 - 2014-03-04 11:17 - 00293376 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2014-05-14 17:32 - 2014-03-04 11:17 - 00259584 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2014-05-14 17:32 - 2014-03-04 11:17 - 00247808 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2014-05-14 17:32 - 2014-03-04 11:17 - 00172032 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2014-05-14 17:32 - 2014-03-04 11:17 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2014-05-14 17:32 - 2014-03-04 11:17 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\cngprovider.dll
2014-05-14 17:32 - 2014-03-04 11:17 - 00049664 _____ (Microsoft Corporation) C:\Windows\system32\adprovider.dll
2014-05-14 17:32 - 2014-03-04 11:17 - 00048128 _____ (Microsoft Corporation) C:\Windows\system32\capiprovider.dll
2014-05-14 17:32 - 2014-03-04 11:17 - 00047616 _____ (Microsoft Corporation) C:\Windows\system32\dpapiprovider.dll
2014-05-14 17:32 - 2014-03-04 11:17 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\dimsroam.dll
2014-05-14 17:32 - 2014-03-04 11:17 - 00035328 _____ (Microsoft Corporation) C:\Windows\system32\wincredprovider.dll
2014-05-14 17:32 - 2014-03-04 11:17 - 00017408 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2014-05-12 17:39 - 2014-05-12 17:39 - 00000213 _____ () C:\Users\kebin\Desktop\Counter-Strike Global Offensive.url
2014-05-11 18:33 - 2014-05-11 18:33 - 00000000 ____D () C:\Users\kebin\Documents\7 Days To Die
2014-05-11 12:59 - 2014-05-11 12:59 - 00208780 _____ () C:\Users\kebin\Downloads\USAIP (1).pbk
2014-05-11 11:04 - 2014-05-11 11:06 - 42001384 _____ () C:\Users\kebin\Downloads\1.5+MeineKraft+Honeyball.zip
2014-05-11 11:00 - 2014-05-11 11:00 - 00675988 _____ () C:\Users\kebin\Downloads\Minecraft (2).exe
2014-05-09 21:01 - 2014-05-09 21:01 - 03822544 _____ () C:\Users\kebin\Downloads\battlelog-web-plugins_2.3.2_134.exe
2014-05-06 21:48 - 2014-05-15 13:08 - 00000000 ___SD () C:\Windows\system32\CompatTel
==================== One Month Modified Files and Folders =======
2014-06-02 17:02 - 2014-06-02 17:02 - 00018551 _____ () C:\Users\kebin\Downloads\FRST.txt
2014-06-02 17:02 - 2014-06-02 17:01 - 00000000 ____D () C:\FRST
2014-06-02 17:02 - 2013-03-08 21:06 - 00000000 ____D () C:\Users\kebin\AppData\Local\Temp
2014-06-02 17:01 - 2014-06-02 17:01 - 01058304 _____ (Farbar) C:\Users\kebin\Downloads\FRST.exe
2014-06-02 16:54 - 2013-07-07 16:59 - 00000000 ____D () C:\Users\kebin\Desktop\SPIELE
2014-06-02 16:51 - 2014-06-02 15:36 - 00000000 ____D () C:\Program Files\Emsisoft Anti-Malware
2014-06-02 16:42 - 2013-05-14 18:04 - 00000000 ____D () C:\Users\kebin\Documents\My Games
2014-06-02 16:41 - 2013-07-25 14:27 - 00000000 ____D () C:\Program Files\R.G. Mechanics
2014-06-02 16:40 - 2013-07-09 15:55 - 00001096 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-06-02 16:39 - 2014-04-27 16:09 - 00000282 _____ () C:\Windows\Tasks\FF Watcher {4ABDC18F-3611-40F6-9256-60C9A1E18F9B}.job
2014-06-02 16:39 - 2013-07-16 16:40 - 00000000 ____D () C:\Program Files\Common Files\DVDVideoSoft
2014-06-02 16:39 - 2013-05-14 17:50 - 00000000 ____D () C:\Users\kebin\AppData\Roaming\DVDVideoSoft
2014-06-02 16:30 - 2014-06-02 16:30 - 00429673 _____ () C:\Users\kebin\Downloads\Anhänge_201462.zip
2014-06-02 16:30 - 2014-06-02 16:30 - 00429673 _____ () C:\Users\kebin\Downloads\Anhänge_201462 (1).zip
2014-06-02 16:29 - 2013-11-13 18:56 - 00000000 ____D () C:\Users\kebin\Documents\W-Seminar
2014-06-02 16:01 - 2013-03-08 21:11 - 01618320 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-06-02 15:38 - 2014-06-02 15:38 - 00001053 _____ () C:\Users\Public\Desktop\Emsisoft Anti-Malware.lnk
2014-06-02 15:38 - 2014-06-02 15:38 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Emsisoft Anti-Malware
2014-06-02 15:36 - 2014-06-02 15:36 - 00000000 ____D () C:\Users\kebin\Documents\Anti-Malware
2014-06-02 15:35 - 2014-06-02 15:31 - 232891856 _____ (Emsisoft GmbH ) C:\Users\kebin\Downloads\EmsisoftAntiMalwareSetup.exe
2014-06-02 15:31 - 2014-06-02 15:31 - 00602112 _____ (OldTimer Tools) C:\Users\kebin\Downloads\OTL.exe
2014-06-02 14:40 - 2013-03-08 21:01 - 01345542 _____ () C:\Windows\WindowsUpdate.log
2014-06-02 14:04 - 2014-01-13 18:33 - 00000000 ____D () C:\Users\kebin\AppData\Local\PMB Files
2014-06-02 14:04 - 2014-01-13 18:33 - 00000000 ____D () C:\ProgramData\PMB Files
2014-06-02 13:40 - 2013-07-09 15:55 - 00001092 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-06-02 13:12 - 2009-07-14 06:34 - 00009696 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-06-02 13:12 - 2009-07-14 06:34 - 00009696 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-06-02 13:05 - 2013-07-07 09:34 - 00000436 _____ () C:\Windows\system32\Drivers\etc\hosts.ics
2014-06-02 13:04 - 2013-11-02 13:15 - 00028475 _____ () C:\Windows\setupact.log
2014-06-02 13:04 - 2009-07-14 06:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-05-31 20:11 - 2013-12-08 15:31 - 00000000 ____D () C:\Users\kebin\Documents\Deutsch
2014-05-30 19:38 - 2014-01-16 21:45 - 00000000 ____D () C:\Users\kebin\AppData\Roaming\TS3Client
2014-05-29 18:45 - 2013-10-22 18:12 - 00000000 ____D () C:\Users\kebin\Downloads\n01_019
2014-05-23 20:53 - 2013-03-09 13:44 - 00000000 ____D () C:\Users\kebin\AppData\Roaming\Spotify
2014-05-23 19:08 - 2013-04-09 14:08 - 00000000 ____D () C:\Users\kebin\AppData\Roaming\Skype
2014-05-21 16:55 - 2013-07-09 15:55 - 00002121 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-05-16 22:31 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\rescache
2014-05-15 18:46 - 2013-04-07 18:37 - 00000000 ____D () C:\Program Files\Steam
2014-05-15 13:48 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\Microsoft.NET
2014-05-15 13:08 - 2014-05-06 21:48 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-05-15 13:08 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\system32\de-DE
2014-05-14 22:10 - 2013-08-14 19:23 - 00000000 ____D () C:\Windows\system32\MRT
2014-05-14 22:03 - 2014-05-14 22:03 - 00000000 ____D () C:\Program Files\Common Files\DESIGNER
2014-05-14 22:03 - 2013-07-17 15:37 - 90547776 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-05-14 22:03 - 2013-04-11 20:34 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-05-12 17:39 - 2014-05-12 17:39 - 00000213 _____ () C:\Users\kebin\Desktop\Counter-Strike Global Offensive.url
2014-05-11 18:33 - 2014-05-11 18:33 - 00000000 ____D () C:\Users\kebin\Documents\7 Days To Die
2014-05-11 12:59 - 2014-05-11 12:59 - 00208780 _____ () C:\Users\kebin\Downloads\USAIP (1).pbk
2014-05-11 12:18 - 2013-04-24 19:41 - 00000000 ____D () C:\Users\kebin\AppData\Roaming\.minecraft
2014-05-11 11:06 - 2014-05-11 11:04 - 42001384 _____ () C:\Users\kebin\Downloads\1.5+MeineKraft+Honeyball.zip
2014-05-11 11:00 - 2014-05-11 11:00 - 00675988 _____ () C:\Users\kebin\Downloads\Minecraft (2).exe
2014-05-10 13:44 - 2013-03-09 13:44 - 00000000 ____D () C:\Users\kebin\AppData\Local\Spotify
2014-05-09 21:03 - 2013-06-30 15:00 - 00290184 _____ () C:\Windows\system32\PnkBstrB.xtr
2014-05-09 21:03 - 2013-06-29 12:59 - 00290184 _____ () C:\Windows\system32\PnkBstrB.exe
2014-05-09 21:03 - 2013-06-29 12:59 - 00139032 _____ () C:\Windows\system32\Drivers\PnkBstrK.sys
2014-05-09 21:02 - 2013-06-29 12:59 - 00280904 _____ () C:\Windows\system32\PnkBstrB.ex0
2014-05-09 21:01 - 2014-05-09 21:01 - 03822544 _____ () C:\Users\kebin\Downloads\battlelog-web-plugins_2.3.2_134.exe
2014-05-09 21:01 - 2013-06-30 14:59 - 00000000 ____D () C:\Program Files\Battlelog Web Plugins
2014-05-09 19:40 - 2013-06-29 12:59 - 00076888 _____ () C:\Windows\system32\PnkBstrA.exe
2014-05-09 19:36 - 2013-06-29 12:09 - 00000000 ____D () C:\ProgramData\Origin
2014-05-09 19:36 - 2013-06-29 12:09 - 00000000 ____D () C:\Program Files\Origin
2014-05-09 09:06 - 2014-05-14 17:33 - 00369664 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-05-09 09:04 - 2014-05-14 17:33 - 00302592 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-05-08 16:38 - 2014-05-02 12:51 - 00000000 ____D () C:\Users\kebin\Documents\Sozialkunde
2014-05-08 13:36 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\system32\NDF
2014-05-06 17:35 - 2013-10-17 19:57 - 00000000 ____D () C:\Users\kebin\AppData\Local\Windows Live
2014-05-06 05:25 - 2014-05-14 22:00 - 17382912 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-05-06 05:07 - 2014-05-14 22:00 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-05-06 04:10 - 2014-05-14 22:00 - 00069632 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
Files to move or delete:
====================
C:\Users\kebin\AppData\Roaming\Camdata.ini
C:\Users\kebin\AppData\Roaming\CamLayout.ini
C:\Users\kebin\AppData\Roaming\CamShapes.ini
Some content of TEMP:
====================
C:\Users\Gast.kebin-PC\AppData\Local\Temp\avgnt.exe
C:\Users\kebin\AppData\Local\Temp\avgnt.exe
C:\Users\kebin\AppData\Local\Temp\i4jdel0.exe
C:\Users\kebin\AppData\Local\Temp\javagiac0.5293851001103334.dll
C:\Users\kebin\AppData\Local\Temp\nsk196A.exe
C:\Users\kebin\AppData\Local\Temp\nsk1F36.exe
C:\Users\kebin\AppData\Local\Temp\nskE4B0.exe
C:\Users\kebin\AppData\Local\Temp\nspE210.exe
C:\Users\kebin\AppData\Local\Temp\nstBEE7.exe
C:\Users\kebin\AppData\Local\Temp\nsu1C67.exe
C:\Users\kebin\AppData\Local\Temp\nszDF41.exe
C:\Users\kebin\AppData\Local\Temp\SIInvoker.exe
C:\Users\kebin\AppData\Local\Temp\SkypeSetup.exe
C:\Users\kebin\AppData\Local\Temp\sonarinst.exe
C:\Users\kebin\AppData\Local\Temp\swt-win32-3349.dll
C:\Users\kebin\AppData\Local\Temp\v-bates.exe
==================== Bamital & volsnap Check =================
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\system32\winlogon.exe => MD5 is legit
C:\Windows\system32\wininit.exe => MD5 is legit
C:\Windows\system32\svchost.exe => MD5 is legit
C:\Windows\system32\services.exe => MD5 is legit
C:\Windows\system32\User32.dll => MD5 is legit
C:\Windows\system32\userinit.exe => MD5 is legit
C:\Windows\system32\rpcss.dll => MD5 is legit
C:\Windows\system32\Drivers\volsnap.sys => MD5 is legit
LastRegBack: 2014-06-01 22:11
==================== End Of Log ============================
-------------- Addition.txt Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:01-06-2014 01
Ran by kebin (administrator) on KEBIN-PC on 02-06-2014 17:02:21
Running from C:\Users\kebin\Downloads
Platform: Microsoft Windows 7 Home Premium Service Pack 1 (X86) OS Language: German Standard
Internet Explorer Version 11
Boot Mode: Normal
The only official download link for FRST:
Download link for 32-Bit version: hxxp://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: hxxp://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avguard.exe
() C:\Windows\System32\PnkBstrA.exe
(Realtek) C:\Program Files\Realtek\11n USB Wireless LAN Utility\RtlService.exe
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
(Renesas Electronics Corporation) C:\Program Files\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
(SAMSUNG ELECTRONICS) C:\Program Files\Samsung\Samsung Media Studio 5\SMSTray.exe
(Advanced Micro Devices Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(ATI Technologies Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Realtek Semiconductor Corp.) C:\Program Files\Realtek\11n USB Wireless LAN Utility\RtWLan.exe
(Microsoft Corporation) C:\Windows\System32\wuauclt.exe
(Emsisoft GmbH) C:\Program Files\Emsisoft Anti-Malware\a2service.exe
(Emsisoft GmbH) C:\Program Files\Emsisoft Anti-Malware\a2guard.exe
(Emsisoft GmbH) C:\Program Files\Emsisoft Anti-Malware\a2start.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [NUSB3MON] => C:\Program Files\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe [113288 2010-04-27] (Renesas Electronics Corporation)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [9288296 2010-06-14] (Realtek Semiconductor)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [946352 2012-12-18] (Adobe Systems Incorporated)
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [253816 2013-03-12] (Oracle Corporation)
HKLM\...\Run: [avgnt] => C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [689744 2014-02-20] (Avira Operations GmbH & Co. KG)
HKLM\...\Run: [SMSTray] => C:\Program Files\Samsung\Samsung Media Studio 5\SMSTray.exe [132624 2007-12-14] (SAMSUNG ELECTRONICS)
HKLM\...\Run: [StartCCC] => C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [642656 2013-03-28] (Advanced Micro Devices, Inc.)
HKLM\...\Run: [HP Software Update] => C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe [49208 2011-03-24] (Hewlett-Packard)
HKLM\...\Run: [] => [X]
HKLM\...\Run: [emsisoft anti-malware] => c:\program files\emsisoft anti-malware\a2guard.exe [4330432 2014-02-15] (Emsisoft GmbH)
HKU\.DEFAULT\...\RunOnce: [SPReview] - C:\Windows\System32\SPReview\SPReview.exe [280576 2013-03-20] (Microsoft Corporation)
HKU\S-1-5-21-3919152501-1714073753-3578707811-1000\...\Run: [] => [X]
HKU\S-1-5-21-3919152501-1714073753-3578707811-1000\...\Run: [Spotify Web Helper] => C:\Users\kebin\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1171000 2014-04-16] (Spotify Ltd)
HKU\S-1-5-21-3919152501-1714073753-3578707811-1000\...\Run: [CPU_Control] => C:\Program Files\CPU-Control\CPU_Control.exe [1034240 2009-01-04] ()
HKU\S-1-5-21-3919152501-1714073753-3578707811-1000\...\Run: [DAEMON Tools Lite] => "C:\Program Files\DAEMON Tools Lite\DTLite.exe" -autorun
HKU\S-1-5-21-3919152501-1714073753-3578707811-1000\...\MountPoints2: I - I:\Setup.exe
HKU\S-1-5-21-3919152501-1714073753-3578707811-1000\...\MountPoints2: {7c3722b3-bc8b-11e2-ae42-c93ad4f53fab} - I:\INSTALL.EXE
HKU\S-1-5-21-3919152501-1714073753-3578707811-1000\...\MountPoints2: {b34471aa-f51d-11e2-9a3c-6c626d8af7c3} - I:\setup.exe
HKU\S-1-5-21-3919152501-1714073753-3578707811-1000\...\MountPoints2: {d20c0b20-c6a5-11e2-b23d-aad8909b5fad} - I:\INSTALL.EXE
Startup: C:\Users\kebin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk
ShortcutTarget: OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk -> C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
Startup: C:\Users\kebin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.4.1.lnk
ShortcutTarget: OpenOffice.org 3.4.1.lnk -> C:\Program Files\OpenOffice.org 3\program\quickstart.exe ()
==================== Internet (Whitelisted) ====================
ProxyServer: 95.211.129.32:3128
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://feed.snapdo.com/?publisher=VertiTechnologyYB&dpid=VertiTechnologyYB&co=DE&userid=67df9fbc-4fcc-49d5-9d21-2130fbe62346&searchtype=ds&q={searchTerms}&installDate=01/01/1970
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.golsearch.com/?babsrc=HP_ss_Btisdt6&mntrId=D2636C626D8AF7C3&affID=121564&tt=160713_9127&tsp=4946
HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://feed.snapdo.com/?publisher=VertiTechnologyYB&dpid=VertiTechnologyYB&co=DE&userid=67df9fbc-4fcc-49d5-9d21-2130fbe62346&searchtype=ds&q={searchTerms}&installDate=01/01/1970
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.qvo6.com/?utm_source=b&utm_medium=vtt&from=vtt&uid=WDCXWD15EARS-00MVWB0_WD-WMAZA083549035490&ts=1373376527
HKCU\Software\Microsoft\Internet Explorer\Main,bProtector Start Page = hxxp://www1.delta-search.com/?babsrc=HP_ss&mntrId=D2636C626D8AF7C3&affID=120517&tt=160713_9127&tsp=4945
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.qvo6.com/?utm_source=b&utm_medium=vtt&from=vtt&uid=WDCXWD15EARS-00MVWB0_WD-WMAZA083549035490&ts=1373376527
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.qvo6.com/?utm_source=b&utm_medium=vtt&from=vtt&uid=WDCXWD15EARS-00MVWB0_WD-WMAZA083549035490&ts=1373376527
StartMenuInternet: IEXPLORE.EXE - C:\Program Files\Internet Explorer\iexplore.exe hxxp://www.qvo6.com/?utm_source=b&utm_medium=vtt&from=vtt&uid=WDCXWD15EARS-00MVWB0_WD-WMAZA083549035490&ts=1373373982
SearchScopes: HKLM - DefaultScope {6EE4760F-2013-4BA5-BC1C-AC5D33C65EFA} URL =
SearchScopes: HKLM - {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = hxxp://feed.snapdo.com/?publisher=VertiTechnologyYB&dpid=VertiTechnologyYB&co=DE&userid=67df9fbc-4fcc-49d5-9d21-2130fbe62346&searchtype=ds&q={searchTerms}&installDate=01/01/1970
SearchScopes: HKCU - DefaultScope {6EE4760F-2013-4BA5-BC1C-AC5D33C65EFA} URL = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3311268&CUI=UN14762058129427503&UM=2
SearchScopes: HKCU - bProtectorDefaultScope {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
SearchScopes: HKCU - {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = hxxp://www.enhanced-search.com/?q={searchTerms}&babsrc=SP_ss_mib2&mntrId=D2636C626D8AF7C3&affID=121564&tt=160713_9127&tsp=4946
SearchScopes: HKCU - {6EE4760F-2013-4BA5-BC1C-AC5D33C65EFA} URL = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3311268&CUI=UN14762058129427503&UM=2
BHO: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO: No Name - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - No File
Toolbar: HKLM - No Name - {ae07101b-46d4-4a98-af68-0333ea26e113} - No File
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
ShellExecuteHooks: ShellHook Class - {88485281-8b4b-4f8d-9ede-82e29a064277} - C:\Program Files\MarkAny\ContentSafer\MACSMANAGER.dll [192512 2004-11-23] (MarkAny Cooperation.)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1
Tcpip\..\Interfaces\{26A623EB-0DB5-4189-B290-E65C1726041A}: [NameServer]192.169.137.1
FireFox:
========
FF ProfilePath: C:\Users\kebin\AppData\Roaming\Mozilla\Firefox\Profiles\olbrdq18.default
FF DefaultSearchEngine: Conduit Search
FF SelectedSearchEngine: Conduit Search
FF Homepage: hxxp://www.golsearch.com/?babsrc=HP_ss_Btisdt6&mntrId=D2636C626D8AF7C3&affID=121564&tt=160713_9127&tsp=4946
FF Keyword.URL: hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3311268&SearchSource=2&CUI=UN38072101937782320&UM=2&q=
FF NewTab: about:newtab
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_11_9_900_117.dll ()
FF Plugin: @esn.me/esnsonar,version=0.70.4 - C:\Program Files\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll (ESN Social Software AB)
FF Plugin: @esn/esnlaunch,version=2.3.0 - C:\Program Files\Battlelog Web Plugins\2.3.0\npesnlaunch.dll (ESN Social Software AB)
FF Plugin: @esn/npbattlelog,version=2.3.2 - C:\Program Files\Battlelog Web Plugins\2.3.2\npbattlelog.dll (EA Digital Illusions CE AB)
FF Plugin: @java.com/DTPlugin,version=10.21.2 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.21.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/WLPG,version=16.4.3508.0205 - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @nokia.com/EnablerPlugin - C:\Program Files\Nokia\Nokia Suite\npNokiaSuiteEnabler.dll ( )
FF Plugin: @pandonetworks.com/PandoWebPlugin - C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: electronicarts.com/GameFacePlugin - C:\Users\kebin\AppData\Roaming\Electronic Arts\Game Face\npGameFacePlugin.dll (Electronic Arts)
FF Plugin HKCU: pandonetworks.com/PandoWebPlugin - C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF Plugin HKCU: ubisoft.com/uplaypc - C:\Program Files\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll ()
FF user.js: detected! => C:\Users\kebin\AppData\Roaming\Mozilla\Firefox\Profiles\olbrdq18.default\user.js
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: No Name - C:\Users\kebin\AppData\Roaming\Mozilla\Firefox\profiles\extensions\extensions [2013-07-09]
FF Extension: FTdownloader V3.0 - C:\Users\kebin\AppData\Roaming\Mozilla\Firefox\profiles\extensions\ftdownloader3@ftdownloader.com.xpi [2013-04-11]
FF Extension: Plus-HD-4.5 - C:\Users\kebin\AppData\Roaming\Mozilla\Firefox\Profiles\olbrdq18.default\Extensions\a892fa08-2d07-49e8-adce-f650222629ca@82592752-c212-4885-b999-cb2a1d2f9d09.com [2014-04-23]
FF Extension: WhiteSmoke New V6 - C:\Users\kebin\AppData\Roaming\Mozilla\Firefox\Profiles\olbrdq18.default\Extensions\{da7f5ae1-3be3-43c0-8098-c1d183616e97} [2014-04-16]
FF HKLM\...\Firefox\Extensions: [{21EAF666-26B3-4a3c-ABD0-CA2F5A326744}] - C:\Program Files\V-bates\Firefox
FF HKCU\...\Firefox\Extensions: [{5a95a9e0-59dd-4314-bd84-4d18ca83a0e2}] - C:\Program Files\Wajam\Firefox\{5a95a9e0-59dd-4314-bd84-4d18ca83a0e2}.xpi
Chrome:
=======
CHR HomePage: hxxp://search.conduit.com/?ctid=CT3311268&SearchSource=48&CUI=UN29504919652995354&UM=2&UP=SP227CA280-2830-4C9A-BC80-F19CEDB88F74&SSPV=
CHR Plugin: (Shockwave Flash) - C:\Program Files\Google\Chrome\Application\35.0.1916.114\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files\Google\Chrome\Application\35.0.1916.114\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files\Google\Chrome\Application\35.0.1916.114\pdf.dll ()
CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Reader 11.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (ESN Launch Mozilla Plugin) - C:\Program Files\Battlelog Web Plugins\2.1.7\npesnlaunch.dll No File
CHR Plugin: (ESN Sonar API) - C:\Program Files\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll (ESN Social Software AB)
CHR Plugin: (Google Update) - C:\Program Files\Google\Update\1.3.21.149\npGoogleUpdate3.dll No File
CHR Plugin: (Java(TM) Platform SE 7 U21) - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
CHR Plugin: (Nokia Suite Enabler Plugin) - C:\Program Files\Nokia\Nokia Suite\npNokiaSuiteEnabler.dll ( )
CHR Plugin: (Shockwave Flash) - C:\Windows\system32\Macromed\Flash\NPSWF32_11_6_602_171.dll No File
CHR Plugin: (Java Deployment Toolkit 7.0.210.11) - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
CHR Extension: (ProxFlow) - C:\Users\kebin\AppData\Local\Google\Chrome\User Data\Default\Extensions\aakchaleigkohafkfjfjbblobjifikek [2013-11-10]
CHR Extension: (Google Drive) - C:\Users\kebin\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-07-09]
CHR Extension: (YouTube) - C:\Users\kebin\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-07-09]
CHR Extension: (Google-Suche) - C:\Users\kebin\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-07-09]
CHR Extension: (AdBlock) - C:\Users\kebin\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2013-08-09]
CHR Extension: (Google Wallet) - C:\Users\kebin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-22]
CHR Extension: (Google Mail) - C:\Users\kebin\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-07-09]
CHR HKLM\...\Chrome\Extension: [ibcgjcbeckcdemelifnledhihpaighfk] - C:\Users\kebin\AppData\Local\CRE\ibcgjcbeckcdemelifnledhihpaighfk.crx [2013-07-09]
CHR HKCU\...\Chrome\Extension: [ibcgjcbeckcdemelifnledhihpaighfk] - C:\Users\kebin\AppData\Local\CRE\ibcgjcbeckcdemelifnledhihpaighfk.crx [2013-07-09]
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
========================== Services (Whitelisted) =================
R2 a2AntiMalware; C:\Program Files\Emsisoft Anti-Malware\a2service.exe [4163584 2014-02-15] (Emsisoft GmbH)
R2 AntiVirSchedulerService; C:\Program Files\Avira\AntiVir Desktop\sched.exe [440400 2014-02-20] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [440400 2014-02-20] (Avira Operations GmbH & Co. KG)
R2 PnkBstrA; C:\Windows\system32\PnkBstrA.exe [76888 2014-05-09] ()
R2 Realtek11nSU; C:\Program Files\Realtek\11n USB Wireless LAN Utility\RtlService.exe [36864 2010-04-16] (Realtek)
==================== Drivers (Whitelisted) ====================
R3 a2acc; C:\PROGRAM FILES\EMSISOFT ANTI-MALWARE\a2accx86.sys [58200 2014-05-12] (Emsisoft GmbH)
R1 A2DDA; C:\Program Files\Emsisoft Anti-Malware\a2ddax86.sys [22056 2013-03-28] (Emsisoft GmbH)
R1 a2injectiondriver; C:\Program Files\Emsisoft Anti-Malware\a2dix86.sys [38248 2013-09-30] (Emsisoft GmbH)
R1 a2util; C:\Program Files\Emsisoft Anti-Malware\a2util32.sys [18552 2014-05-12] (Emsisoft GmbH)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [90400 2013-12-18] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [135648 2013-12-18] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [37352 2013-12-01] (Avira Operations GmbH & Co. KG)
R3 cleanhlp; C:\Program Files\Emsisoft Anti-Malware\cleanhlp32.sys [50200 2013-12-04] (Emsisoft GmbH)
R3 nusb3hub; C:\Windows\System32\DRIVERS\nusb3hub.sys [64904 2010-04-27] (Renesas Electronics Corporation)
R3 nusb3xhc; C:\Windows\System32\DRIVERS\nusb3xhc.sys [146568 2010-04-27] (Renesas Electronics Corporation)
R1 RrNetCapFilterDriver; C:\Windows\System32\DRIVERS\RrNetCapFilterDriver.sys [22184 2013-10-29] (Audials AG)
R1 ssmdrv; C:\Windows\System32\DRIVERS\ssmdrv.sys [28520 2013-07-09] (Avira GmbH)
R3 tbhsd; C:\Windows\System32\drivers\tbhsd.sys [39048 2013-03-07] (RapidSolution Software AG)
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2014-06-02 17:02 - 2014-06-02 17:02 - 00018551 _____ () C:\Users\kebin\Downloads\FRST.txt
2014-06-02 17:01 - 2014-06-02 17:02 - 00000000 ____D () C:\FRST
2014-06-02 17:01 - 2014-06-02 17:01 - 01058304 _____ (Farbar) C:\Users\kebin\Downloads\FRST.exe
2014-06-02 16:30 - 2014-06-02 16:30 - 00429673 _____ () C:\Users\kebin\Downloads\Anhänge_201462.zip
2014-06-02 16:30 - 2014-06-02 16:30 - 00429673 _____ () C:\Users\kebin\Downloads\Anhänge_201462 (1).zip
2014-06-02 15:38 - 2014-06-02 15:38 - 00001053 _____ () C:\Users\Public\Desktop\Emsisoft Anti-Malware.lnk
2014-06-02 15:38 - 2014-06-02 15:38 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Emsisoft Anti-Malware
2014-06-02 15:36 - 2014-06-02 16:51 - 00000000 ____D () C:\Program Files\Emsisoft Anti-Malware
2014-06-02 15:36 - 2014-06-02 15:36 - 00000000 ____D () C:\Users\kebin\Documents\Anti-Malware
2014-06-02 15:31 - 2014-06-02 15:35 - 232891856 _____ (Emsisoft GmbH ) C:\Users\kebin\Downloads\EmsisoftAntiMalwareSetup.exe
2014-06-02 15:31 - 2014-06-02 15:31 - 00602112 _____ (OldTimer Tools) C:\Users\kebin\Downloads\OTL.exe
2014-05-14 22:03 - 2014-05-14 22:03 - 00000000 ____D () C:\Program Files\Common Files\DESIGNER
2014-05-14 22:00 - 2014-05-06 05:25 - 17382912 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-05-14 22:00 - 2014-05-06 05:07 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-05-14 22:00 - 2014-05-06 04:10 - 00069632 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-05-14 17:33 - 2014-05-09 09:06 - 00369664 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-05-14 17:33 - 2014-05-09 09:04 - 00302592 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-05-14 17:32 - 2014-04-12 04:15 - 00136640 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2014-05-14 17:32 - 2014-04-12 04:15 - 00067520 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2014-05-14 17:32 - 2014-04-12 04:12 - 00100352 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2014-05-14 17:32 - 2014-04-12 04:12 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2014-05-14 17:32 - 2014-04-12 04:12 - 00015872 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2014-05-14 17:32 - 2014-04-12 04:11 - 01059840 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-05-14 17:32 - 2014-04-12 04:11 - 00022528 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2014-05-14 17:32 - 2014-03-25 04:09 - 12874240 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2014-05-14 17:32 - 2014-03-04 11:20 - 03969984 _____ (Microsoft Corporation) C:\Windows\system32\ntkrnlpa.exe
2014-05-14 17:32 - 2014-03-04 11:20 - 03914176 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2014-05-14 17:32 - 2014-03-04 11:17 - 00550912 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-05-14 17:32 - 2014-03-04 11:17 - 00538112 _____ (Microsoft Corporation) C:\Windows\system32\objsel.dll
2014-05-14 17:32 - 2014-03-04 11:17 - 00304128 _____ (Microsoft Corporation) C:\Windows\system32\winlogon.exe
2014-05-14 17:32 - 2014-03-04 11:17 - 00293376 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2014-05-14 17:32 - 2014-03-04 11:17 - 00259584 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2014-05-14 17:32 - 2014-03-04 11:17 - 00247808 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2014-05-14 17:32 - 2014-03-04 11:17 - 00172032 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2014-05-14 17:32 - 2014-03-04 11:17 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2014-05-14 17:32 - 2014-03-04 11:17 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\cngprovider.dll
2014-05-14 17:32 - 2014-03-04 11:17 - 00049664 _____ (Microsoft Corporation) C:\Windows\system32\adprovider.dll
2014-05-14 17:32 - 2014-03-04 11:17 - 00048128 _____ (Microsoft Corporation) C:\Windows\system32\capiprovider.dll
2014-05-14 17:32 - 2014-03-04 11:17 - 00047616 _____ (Microsoft Corporation) C:\Windows\system32\dpapiprovider.dll
2014-05-14 17:32 - 2014-03-04 11:17 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\dimsroam.dll
2014-05-14 17:32 - 2014-03-04 11:17 - 00035328 _____ (Microsoft Corporation) C:\Windows\system32\wincredprovider.dll
2014-05-14 17:32 - 2014-03-04 11:17 - 00017408 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2014-05-12 17:39 - 2014-05-12 17:39 - 00000213 _____ () C:\Users\kebin\Desktop\Counter-Strike Global Offensive.url
2014-05-11 18:33 - 2014-05-11 18:33 - 00000000 ____D () C:\Users\kebin\Documents\7 Days To Die
2014-05-11 12:59 - 2014-05-11 12:59 - 00208780 _____ () C:\Users\kebin\Downloads\USAIP (1).pbk
2014-05-11 11:04 - 2014-05-11 11:06 - 42001384 _____ () C:\Users\kebin\Downloads\1.5+MeineKraft+Honeyball.zip
2014-05-11 11:00 - 2014-05-11 11:00 - 00675988 _____ () C:\Users\kebin\Downloads\Minecraft (2).exe
2014-05-09 21:01 - 2014-05-09 21:01 - 03822544 _____ () C:\Users\kebin\Downloads\battlelog-web-plugins_2.3.2_134.exe
2014-05-06 21:48 - 2014-05-15 13:08 - 00000000 ___SD () C:\Windows\system32\CompatTel
==================== One Month Modified Files and Folders =======
2014-06-02 17:02 - 2014-06-02 17:02 - 00018551 _____ () C:\Users\kebin\Downloads\FRST.txt
2014-06-02 17:02 - 2014-06-02 17:01 - 00000000 ____D () C:\FRST
2014-06-02 17:02 - 2013-03-08 21:06 - 00000000 ____D () C:\Users\kebin\AppData\Local\Temp
2014-06-02 17:01 - 2014-06-02 17:01 - 01058304 _____ (Farbar) C:\Users\kebin\Downloads\FRST.exe
2014-06-02 16:54 - 2013-07-07 16:59 - 00000000 ____D () C:\Users\kebin\Desktop\SPIELE
2014-06-02 16:51 - 2014-06-02 15:36 - 00000000 ____D () C:\Program Files\Emsisoft Anti-Malware
2014-06-02 16:42 - 2013-05-14 18:04 - 00000000 ____D () C:\Users\kebin\Documents\My Games
2014-06-02 16:41 - 2013-07-25 14:27 - 00000000 ____D () C:\Program Files\R.G. Mechanics
2014-06-02 16:40 - 2013-07-09 15:55 - 00001096 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-06-02 16:39 - 2014-04-27 16:09 - 00000282 _____ () C:\Windows\Tasks\FF Watcher {4ABDC18F-3611-40F6-9256-60C9A1E18F9B}.job
2014-06-02 16:39 - 2013-07-16 16:40 - 00000000 ____D () C:\Program Files\Common Files\DVDVideoSoft
2014-06-02 16:39 - 2013-05-14 17:50 - 00000000 ____D () C:\Users\kebin\AppData\Roaming\DVDVideoSoft
2014-06-02 16:30 - 2014-06-02 16:30 - 00429673 _____ () C:\Users\kebin\Downloads\Anhänge_201462.zip
2014-06-02 16:30 - 2014-06-02 16:30 - 00429673 _____ () C:\Users\kebin\Downloads\Anhänge_201462 (1).zip
2014-06-02 16:29 - 2013-11-13 18:56 - 00000000 ____D () C:\Users\kebin\Documents\W-Seminar
2014-06-02 16:01 - 2013-03-08 21:11 - 01618320 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-06-02 15:38 - 2014-06-02 15:38 - 00001053 _____ () C:\Users\Public\Desktop\Emsisoft Anti-Malware.lnk
2014-06-02 15:38 - 2014-06-02 15:38 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Emsisoft Anti-Malware
2014-06-02 15:36 - 2014-06-02 15:36 - 00000000 ____D () C:\Users\kebin\Documents\Anti-Malware
2014-06-02 15:35 - 2014-06-02 15:31 - 232891856 _____ (Emsisoft GmbH ) C:\Users\kebin\Downloads\EmsisoftAntiMalwareSetup.exe
2014-06-02 15:31 - 2014-06-02 15:31 - 00602112 _____ (OldTimer Tools) C:\Users\kebin\Downloads\OTL.exe
2014-06-02 14:40 - 2013-03-08 21:01 - 01345542 _____ () C:\Windows\WindowsUpdate.log
2014-06-02 14:04 - 2014-01-13 18:33 - 00000000 ____D () C:\Users\kebin\AppData\Local\PMB Files
2014-06-02 14:04 - 2014-01-13 18:33 - 00000000 ____D () C:\ProgramData\PMB Files
2014-06-02 13:40 - 2013-07-09 15:55 - 00001092 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-06-02 13:12 - 2009-07-14 06:34 - 00009696 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-06-02 13:12 - 2009-07-14 06:34 - 00009696 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-06-02 13:05 - 2013-07-07 09:34 - 00000436 _____ () C:\Windows\system32\Drivers\etc\hosts.ics
2014-06-02 13:04 - 2013-11-02 13:15 - 00028475 _____ () C:\Windows\setupact.log
2014-06-02 13:04 - 2009-07-14 06:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-05-31 20:11 - 2013-12-08 15:31 - 00000000 ____D () C:\Users\kebin\Documents\Deutsch
2014-05-30 19:38 - 2014-01-16 21:45 - 00000000 ____D () C:\Users\kebin\AppData\Roaming\TS3Client
2014-05-29 18:45 - 2013-10-22 18:12 - 00000000 ____D () C:\Users\kebin\Downloads\n01_019
2014-05-23 20:53 - 2013-03-09 13:44 - 00000000 ____D () C:\Users\kebin\AppData\Roaming\Spotify
2014-05-23 19:08 - 2013-04-09 14:08 - 00000000 ____D () C:\Users\kebin\AppData\Roaming\Skype
2014-05-21 16:55 - 2013-07-09 15:55 - 00002121 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-05-16 22:31 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\rescache
2014-05-15 18:46 - 2013-04-07 18:37 - 00000000 ____D () C:\Program Files\Steam
2014-05-15 13:48 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\Microsoft.NET
2014-05-15 13:08 - 2014-05-06 21:48 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-05-15 13:08 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\system32\de-DE
2014-05-14 22:10 - 2013-08-14 19:23 - 00000000 ____D () C:\Windows\system32\MRT
2014-05-14 22:03 - 2014-05-14 22:03 - 00000000 ____D () C:\Program Files\Common Files\DESIGNER
2014-05-14 22:03 - 2013-07-17 15:37 - 90547776 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-05-14 22:03 - 2013-04-11 20:34 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-05-12 17:39 - 2014-05-12 17:39 - 00000213 _____ () C:\Users\kebin\Desktop\Counter-Strike Global Offensive.url
2014-05-11 18:33 - 2014-05-11 18:33 - 00000000 ____D () C:\Users\kebin\Documents\7 Days To Die
2014-05-11 12:59 - 2014-05-11 12:59 - 00208780 _____ () C:\Users\kebin\Downloads\USAIP (1).pbk
2014-05-11 12:18 - 2013-04-24 19:41 - 00000000 ____D () C:\Users\kebin\AppData\Roaming\.minecraft
2014-05-11 11:06 - 2014-05-11 11:04 - 42001384 _____ () C:\Users\kebin\Downloads\1.5+MeineKraft+Honeyball.zip
2014-05-11 11:00 - 2014-05-11 11:00 - 00675988 _____ () C:\Users\kebin\Downloads\Minecraft (2).exe
2014-05-10 13:44 - 2013-03-09 13:44 - 00000000 ____D () C:\Users\kebin\AppData\Local\Spotify
2014-05-09 21:03 - 2013-06-30 15:00 - 00290184 _____ () C:\Windows\system32\PnkBstrB.xtr
2014-05-09 21:03 - 2013-06-29 12:59 - 00290184 _____ () C:\Windows\system32\PnkBstrB.exe
2014-05-09 21:03 - 2013-06-29 12:59 - 00139032 _____ () C:\Windows\system32\Drivers\PnkBstrK.sys
2014-05-09 21:02 - 2013-06-29 12:59 - 00280904 _____ () C:\Windows\system32\PnkBstrB.ex0
2014-05-09 21:01 - 2014-05-09 21:01 - 03822544 _____ () C:\Users\kebin\Downloads\battlelog-web-plugins_2.3.2_134.exe
2014-05-09 21:01 - 2013-06-30 14:59 - 00000000 ____D () C:\Program Files\Battlelog Web Plugins
2014-05-09 19:40 - 2013-06-29 12:59 - 00076888 _____ () C:\Windows\system32\PnkBstrA.exe
2014-05-09 19:36 - 2013-06-29 12:09 - 00000000 ____D () C:\ProgramData\Origin
2014-05-09 19:36 - 2013-06-29 12:09 - 00000000 ____D () C:\Program Files\Origin
2014-05-09 09:06 - 2014-05-14 17:33 - 00369664 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-05-09 09:04 - 2014-05-14 17:33 - 00302592 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-05-08 16:38 - 2014-05-02 12:51 - 00000000 ____D () C:\Users\kebin\Documents\Sozialkunde
2014-05-08 13:36 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\system32\NDF
2014-05-06 17:35 - 2013-10-17 19:57 - 00000000 ____D () C:\Users\kebin\AppData\Local\Windows Live
2014-05-06 05:25 - 2014-05-14 22:00 - 17382912 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-05-06 05:07 - 2014-05-14 22:00 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-05-06 04:10 - 2014-05-14 22:00 - 00069632 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
Files to move or delete:
====================
C:\Users\kebin\AppData\Roaming\Camdata.ini
C:\Users\kebin\AppData\Roaming\CamLayout.ini
C:\Users\kebin\AppData\Roaming\CamShapes.ini
Some content of TEMP:
====================
C:\Users\Gast.kebin-PC\AppData\Local\Temp\avgnt.exe
C:\Users\kebin\AppData\Local\Temp\avgnt.exe
C:\Users\kebin\AppData\Local\Temp\i4jdel0.exe
C:\Users\kebin\AppData\Local\Temp\javagiac0.5293851001103334.dll
C:\Users\kebin\AppData\Local\Temp\nsk196A.exe
C:\Users\kebin\AppData\Local\Temp\nsk1F36.exe
C:\Users\kebin\AppData\Local\Temp\nskE4B0.exe
C:\Users\kebin\AppData\Local\Temp\nspE210.exe
C:\Users\kebin\AppData\Local\Temp\nstBEE7.exe
C:\Users\kebin\AppData\Local\Temp\nsu1C67.exe
C:\Users\kebin\AppData\Local\Temp\nszDF41.exe
C:\Users\kebin\AppData\Local\Temp\SIInvoker.exe
C:\Users\kebin\AppData\Local\Temp\SkypeSetup.exe
C:\Users\kebin\AppData\Local\Temp\sonarinst.exe
C:\Users\kebin\AppData\Local\Temp\swt-win32-3349.dll
C:\Users\kebin\AppData\Local\Temp\v-bates.exe
==================== Bamital & volsnap Check =================
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\system32\winlogon.exe => MD5 is legit
C:\Windows\system32\wininit.exe => MD5 is legit
C:\Windows\system32\svchost.exe => MD5 is legit
C:\Windows\system32\services.exe => MD5 is legit
C:\Windows\system32\User32.dll => MD5 is legit
C:\Windows\system32\userinit.exe => MD5 is legit
C:\Windows\system32\rpcss.dll => MD5 is legit
C:\Windows\system32\Drivers\volsnap.sys => MD5 is legit
LastRegBack: 2014-06-01 22:11
==================== End Of Log ============================
|
Baum-Darstellung