![]() |
|
Plagegeister aller Art und deren Bekämpfung: Mein yahoo email-account verschickt SPAM an meine KontakteWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
![]() | #1 |
| ![]() Mein yahoo email-account verschickt SPAM an meine Kontakte Seit gestern wurde ich mehrmals darauf hingewiesen, dass Personen von meiner email-Adresse aus Spam-Nachrichten erhalten haben. In meinem Gesendet-Ordner sind keine emails zu sehen und es hat sich auch niemand anderes in meinen Account eingeloggt. Ich habe gestern mein Passwort geändert und meine Kontakte gelöscht, jedoch wurden in der Nacht um 4 Uhr wieder Mails an gelöschte Kontakte verschickt. Jetzt weiß ich nicht mehr weiter, da sich in meinen Kontakten Lehrer und weitere Personen befunden haben. Das wäre sehr unangenehm, wenn diese von ständigen Spam-Mails überhäuft werden würden. Hier sind die Logs vom FRST-Scan: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:01-06-2014 01 Ran by kebin (administrator) on KEBIN-PC on 02-06-2014 17:02:21 Running from C:\Users\kebin\Downloads Platform: Microsoft Windows 7 Home Premium Service Pack 1 (X86) OS Language: German Standard Internet Explorer Version 11 Boot Mode: Normal The only official download link for FRST: Download link for 32-Bit version: hxxp://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/ Download link for 64-Bit Version: hxxp://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/ Download link from any site other than Bleeping Computer is unpermitted or outdated. See tutorial for FRST: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (AMD) C:\Windows\System32\atiesrxx.exe (AMD) C:\Windows\System32\atieclxx.exe (Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avguard.exe () C:\Windows\System32\PnkBstrA.exe (Realtek) C:\Program Files\Realtek\11n USB Wireless LAN Utility\RtlService.exe (Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE (Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avshadow.exe (Renesas Electronics Corporation) C:\Program Files\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe (Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (SAMSUNG ELECTRONICS) C:\Program Files\Samsung\Samsung Media Studio 5\SMSTray.exe (Advanced Micro Devices Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe (ATI Technologies Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe (Realtek Semiconductor Corp.) C:\Program Files\Realtek\11n USB Wireless LAN Utility\RtWLan.exe (Microsoft Corporation) C:\Windows\System32\wuauclt.exe (Emsisoft GmbH) C:\Program Files\Emsisoft Anti-Malware\a2service.exe (Emsisoft GmbH) C:\Program Files\Emsisoft Anti-Malware\a2guard.exe (Emsisoft GmbH) C:\Program Files\Emsisoft Anti-Malware\a2start.exe (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe ==================== Registry (Whitelisted) ================== HKLM\...\Run: [NUSB3MON] => C:\Program Files\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe [113288 2010-04-27] (Renesas Electronics Corporation) HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [9288296 2010-06-14] (Realtek Semiconductor) HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [946352 2012-12-18] (Adobe Systems Incorporated) HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [253816 2013-03-12] (Oracle Corporation) HKLM\...\Run: [avgnt] => C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [689744 2014-02-20] (Avira Operations GmbH & Co. KG) HKLM\...\Run: [SMSTray] => C:\Program Files\Samsung\Samsung Media Studio 5\SMSTray.exe [132624 2007-12-14] (SAMSUNG ELECTRONICS) HKLM\...\Run: [StartCCC] => C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [642656 2013-03-28] (Advanced Micro Devices, Inc.) HKLM\...\Run: [HP Software Update] => C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe [49208 2011-03-24] (Hewlett-Packard) HKLM\...\Run: [] => [X] HKLM\...\Run: [emsisoft anti-malware] => c:\program files\emsisoft anti-malware\a2guard.exe [4330432 2014-02-15] (Emsisoft GmbH) HKU\.DEFAULT\...\RunOnce: [SPReview] - C:\Windows\System32\SPReview\SPReview.exe [280576 2013-03-20] (Microsoft Corporation) HKU\S-1-5-21-3919152501-1714073753-3578707811-1000\...\Run: [] => [X] HKU\S-1-5-21-3919152501-1714073753-3578707811-1000\...\Run: [Spotify Web Helper] => C:\Users\kebin\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1171000 2014-04-16] (Spotify Ltd) HKU\S-1-5-21-3919152501-1714073753-3578707811-1000\...\Run: [CPU_Control] => C:\Program Files\CPU-Control\CPU_Control.exe [1034240 2009-01-04] () HKU\S-1-5-21-3919152501-1714073753-3578707811-1000\...\Run: [DAEMON Tools Lite] => "C:\Program Files\DAEMON Tools Lite\DTLite.exe" -autorun HKU\S-1-5-21-3919152501-1714073753-3578707811-1000\...\MountPoints2: I - I:\Setup.exe HKU\S-1-5-21-3919152501-1714073753-3578707811-1000\...\MountPoints2: {7c3722b3-bc8b-11e2-ae42-c93ad4f53fab} - I:\INSTALL.EXE HKU\S-1-5-21-3919152501-1714073753-3578707811-1000\...\MountPoints2: {b34471aa-f51d-11e2-9a3c-6c626d8af7c3} - I:\setup.exe HKU\S-1-5-21-3919152501-1714073753-3578707811-1000\...\MountPoints2: {d20c0b20-c6a5-11e2-b23d-aad8909b5fad} - I:\INSTALL.EXE Startup: C:\Users\kebin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk ShortcutTarget: OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk -> C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation) Startup: C:\Users\kebin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.4.1.lnk ShortcutTarget: OpenOffice.org 3.4.1.lnk -> C:\Program Files\OpenOffice.org 3\program\quickstart.exe () ==================== Internet (Whitelisted) ==================== ProxyServer: 95.211.129.32:3128 HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://feed.snapdo.com/?publisher=VertiTechnologyYB&dpid=VertiTechnologyYB&co=DE&userid=67df9fbc-4fcc-49d5-9d21-2130fbe62346&searchtype=ds&q={searchTerms}&installDate=01/01/1970 HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.golsearch.com/?babsrc=HP_ss_Btisdt6&mntrId=D2636C626D8AF7C3&affID=121564&tt=160713_9127&tsp=4946 HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://feed.snapdo.com/?publisher=VertiTechnologyYB&dpid=VertiTechnologyYB&co=DE&userid=67df9fbc-4fcc-49d5-9d21-2130fbe62346&searchtype=ds&q={searchTerms}&installDate=01/01/1970 HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.qvo6.com/?utm_source=b&utm_medium=vtt&from=vtt&uid=WDCXWD15EARS-00MVWB0_WD-WMAZA083549035490&ts=1373376527 HKCU\Software\Microsoft\Internet Explorer\Main,bProtector Start Page = hxxp://www1.delta-search.com/?babsrc=HP_ss&mntrId=D2636C626D8AF7C3&affID=120517&tt=160713_9127&tsp=4945 HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.qvo6.com/?utm_source=b&utm_medium=vtt&from=vtt&uid=WDCXWD15EARS-00MVWB0_WD-WMAZA083549035490&ts=1373376527 HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.qvo6.com/?utm_source=b&utm_medium=vtt&from=vtt&uid=WDCXWD15EARS-00MVWB0_WD-WMAZA083549035490&ts=1373376527 StartMenuInternet: IEXPLORE.EXE - C:\Program Files\Internet Explorer\iexplore.exe hxxp://www.qvo6.com/?utm_source=b&utm_medium=vtt&from=vtt&uid=WDCXWD15EARS-00MVWB0_WD-WMAZA083549035490&ts=1373373982 SearchScopes: HKLM - DefaultScope {6EE4760F-2013-4BA5-BC1C-AC5D33C65EFA} URL = SearchScopes: HKLM - {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = hxxp://feed.snapdo.com/?publisher=VertiTechnologyYB&dpid=VertiTechnologyYB&co=DE&userid=67df9fbc-4fcc-49d5-9d21-2130fbe62346&searchtype=ds&q={searchTerms}&installDate=01/01/1970 SearchScopes: HKCU - DefaultScope {6EE4760F-2013-4BA5-BC1C-AC5D33C65EFA} URL = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3311268&CUI=UN14762058129427503&UM=2 SearchScopes: HKCU - bProtectorDefaultScope {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} SearchScopes: HKCU - {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = hxxp://www.enhanced-search.com/?q={searchTerms}&babsrc=SP_ss_mib2&mntrId=D2636C626D8AF7C3&affID=121564&tt=160713_9127&tsp=4946 SearchScopes: HKCU - {6EE4760F-2013-4BA5-BC1C-AC5D33C65EFA} URL = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3311268&CUI=UN14762058129427503&UM=2 BHO: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated) BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) BHO: No Name - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - No File Toolbar: HKLM - No Name - {ae07101b-46d4-4a98-af68-0333ea26e113} - No File Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies) ShellExecuteHooks: ShellHook Class - {88485281-8b4b-4f8d-9ede-82e29a064277} - C:\Program Files\MarkAny\ContentSafer\MACSMANAGER.dll [192512 2004-11-23] (MarkAny Cooperation.) Tcpip\Parameters: [DhcpNameServer] 192.168.178.1 Tcpip\..\Interfaces\{26A623EB-0DB5-4189-B290-E65C1726041A}: [NameServer]192.169.137.1 FireFox: ======== FF ProfilePath: C:\Users\kebin\AppData\Roaming\Mozilla\Firefox\Profiles\olbrdq18.default FF DefaultSearchEngine: Conduit Search FF SelectedSearchEngine: Conduit Search FF Homepage: hxxp://www.golsearch.com/?babsrc=HP_ss_Btisdt6&mntrId=D2636C626D8AF7C3&affID=121564&tt=160713_9127&tsp=4946 FF Keyword.URL: hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3311268&SearchSource=2&CUI=UN38072101937782320&UM=2&q= FF NewTab: about:newtab FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_11_9_900_117.dll () FF Plugin: @esn.me/esnsonar,version=0.70.4 - C:\Program Files\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll (ESN Social Software AB) FF Plugin: @esn/esnlaunch,version=2.3.0 - C:\Program Files\Battlelog Web Plugins\2.3.0\npesnlaunch.dll (ESN Social Software AB) FF Plugin: @esn/npbattlelog,version=2.3.2 - C:\Program Files\Battlelog Web Plugins\2.3.2\npbattlelog.dll (EA Digital Illusions CE AB) FF Plugin: @java.com/DTPlugin,version=10.21.2 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=10.21.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin: @microsoft.com/WLPG,version=16.4.3508.0205 - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin: @nokia.com/EnablerPlugin - C:\Program Files\Nokia\Nokia Suite\npNokiaSuiteEnabler.dll ( ) FF Plugin: @pandonetworks.com/PandoWebPlugin - C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks) FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.) FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.) FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF Plugin HKCU: electronicarts.com/GameFacePlugin - C:\Users\kebin\AppData\Roaming\Electronic Arts\Game Face\npGameFacePlugin.dll (Electronic Arts) FF Plugin HKCU: pandonetworks.com/PandoWebPlugin - C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks) FF Plugin HKCU: ubisoft.com/uplaypc - C:\Program Files\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll () FF user.js: detected! => C:\Users\kebin\AppData\Roaming\Mozilla\Firefox\Profiles\olbrdq18.default\user.js FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\amazondotcom-de.xml FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\eBay-de.xml FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\leo_ende_de.xml FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\yahoo-de.xml FF Extension: No Name - C:\Users\kebin\AppData\Roaming\Mozilla\Firefox\profiles\extensions\extensions [2013-07-09] FF Extension: FTdownloader V3.0 - C:\Users\kebin\AppData\Roaming\Mozilla\Firefox\profiles\extensions\ftdownloader3@ftdownloader.com.xpi [2013-04-11] FF Extension: Plus-HD-4.5 - C:\Users\kebin\AppData\Roaming\Mozilla\Firefox\Profiles\olbrdq18.default\Extensions\a892fa08-2d07-49e8-adce-f650222629ca@82592752-c212-4885-b999-cb2a1d2f9d09.com [2014-04-23] FF Extension: WhiteSmoke New V6 - C:\Users\kebin\AppData\Roaming\Mozilla\Firefox\Profiles\olbrdq18.default\Extensions\{da7f5ae1-3be3-43c0-8098-c1d183616e97} [2014-04-16] FF HKLM\...\Firefox\Extensions: [{21EAF666-26B3-4a3c-ABD0-CA2F5A326744}] - C:\Program Files\V-bates\Firefox FF HKCU\...\Firefox\Extensions: [{5a95a9e0-59dd-4314-bd84-4d18ca83a0e2}] - C:\Program Files\Wajam\Firefox\{5a95a9e0-59dd-4314-bd84-4d18ca83a0e2}.xpi Chrome: ======= CHR HomePage: hxxp://search.conduit.com/?ctid=CT3311268&SearchSource=48&CUI=UN29504919652995354&UM=2&UP=SP227CA280-2830-4C9A-BC80-F19CEDB88F74&SSPV= CHR Plugin: (Shockwave Flash) - C:\Program Files\Google\Chrome\Application\35.0.1916.114\PepperFlash\pepflashplayer.dll () CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer CHR Plugin: (Native Client) - C:\Program Files\Google\Chrome\Application\35.0.1916.114\ppGoogleNaClPluginChrome.dll () CHR Plugin: (Chrome PDF Viewer) - C:\Program Files\Google\Chrome\Application\35.0.1916.114\pdf.dll () CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Reader 11.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.) CHR Plugin: (ESN Launch Mozilla Plugin) - C:\Program Files\Battlelog Web Plugins\2.1.7\npesnlaunch.dll No File CHR Plugin: (ESN Sonar API) - C:\Program Files\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll (ESN Social Software AB) CHR Plugin: (Google Update) - C:\Program Files\Google\Update\1.3.21.149\npGoogleUpdate3.dll No File CHR Plugin: (Java(TM) Platform SE 7 U21) - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) CHR Plugin: (Nokia Suite Enabler Plugin) - C:\Program Files\Nokia\Nokia Suite\npNokiaSuiteEnabler.dll ( ) CHR Plugin: (Shockwave Flash) - C:\Windows\system32\Macromed\Flash\NPSWF32_11_6_602_171.dll No File CHR Plugin: (Java Deployment Toolkit 7.0.210.11) - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation) CHR Extension: (ProxFlow) - C:\Users\kebin\AppData\Local\Google\Chrome\User Data\Default\Extensions\aakchaleigkohafkfjfjbblobjifikek [2013-11-10] CHR Extension: (Google Drive) - C:\Users\kebin\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-07-09] CHR Extension: (YouTube) - C:\Users\kebin\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-07-09] CHR Extension: (Google-Suche) - C:\Users\kebin\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-07-09] CHR Extension: (AdBlock) - C:\Users\kebin\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2013-08-09] CHR Extension: (Google Wallet) - C:\Users\kebin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-22] CHR Extension: (Google Mail) - C:\Users\kebin\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-07-09] CHR HKLM\...\Chrome\Extension: [ibcgjcbeckcdemelifnledhihpaighfk] - C:\Users\kebin\AppData\Local\CRE\ibcgjcbeckcdemelifnledhihpaighfk.crx [2013-07-09] CHR HKCU\...\Chrome\Extension: [ibcgjcbeckcdemelifnledhihpaighfk] - C:\Users\kebin\AppData\Local\CRE\ibcgjcbeckcdemelifnledhihpaighfk.crx [2013-07-09] CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION ========================== Services (Whitelisted) ================= R2 a2AntiMalware; C:\Program Files\Emsisoft Anti-Malware\a2service.exe [4163584 2014-02-15] (Emsisoft GmbH) R2 AntiVirSchedulerService; C:\Program Files\Avira\AntiVir Desktop\sched.exe [440400 2014-02-20] (Avira Operations GmbH & Co. KG) R2 AntiVirService; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [440400 2014-02-20] (Avira Operations GmbH & Co. KG) R2 PnkBstrA; C:\Windows\system32\PnkBstrA.exe [76888 2014-05-09] () R2 Realtek11nSU; C:\Program Files\Realtek\11n USB Wireless LAN Utility\RtlService.exe [36864 2010-04-16] (Realtek) ==================== Drivers (Whitelisted) ==================== R3 a2acc; C:\PROGRAM FILES\EMSISOFT ANTI-MALWARE\a2accx86.sys [58200 2014-05-12] (Emsisoft GmbH) R1 A2DDA; C:\Program Files\Emsisoft Anti-Malware\a2ddax86.sys [22056 2013-03-28] (Emsisoft GmbH) R1 a2injectiondriver; C:\Program Files\Emsisoft Anti-Malware\a2dix86.sys [38248 2013-09-30] (Emsisoft GmbH) R1 a2util; C:\Program Files\Emsisoft Anti-Malware\a2util32.sys [18552 2014-05-12] (Emsisoft GmbH) R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [90400 2013-12-18] (Avira Operations GmbH & Co. KG) R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [135648 2013-12-18] (Avira Operations GmbH & Co. KG) R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [37352 2013-12-01] (Avira Operations GmbH & Co. KG) R3 cleanhlp; C:\Program Files\Emsisoft Anti-Malware\cleanhlp32.sys [50200 2013-12-04] (Emsisoft GmbH) R3 nusb3hub; C:\Windows\System32\DRIVERS\nusb3hub.sys [64904 2010-04-27] (Renesas Electronics Corporation) R3 nusb3xhc; C:\Windows\System32\DRIVERS\nusb3xhc.sys [146568 2010-04-27] (Renesas Electronics Corporation) R1 RrNetCapFilterDriver; C:\Windows\System32\DRIVERS\RrNetCapFilterDriver.sys [22184 2013-10-29] (Audials AG) R1 ssmdrv; C:\Windows\System32\DRIVERS\ssmdrv.sys [28520 2013-07-09] (Avira GmbH) R3 tbhsd; C:\Windows\System32\drivers\tbhsd.sys [39048 2013-03-07] (RapidSolution Software AG) ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2014-06-02 17:02 - 2014-06-02 17:02 - 00018551 _____ () C:\Users\kebin\Downloads\FRST.txt 2014-06-02 17:01 - 2014-06-02 17:02 - 00000000 ____D () C:\FRST 2014-06-02 17:01 - 2014-06-02 17:01 - 01058304 _____ (Farbar) C:\Users\kebin\Downloads\FRST.exe 2014-06-02 16:30 - 2014-06-02 16:30 - 00429673 _____ () C:\Users\kebin\Downloads\Anhänge_201462.zip 2014-06-02 16:30 - 2014-06-02 16:30 - 00429673 _____ () C:\Users\kebin\Downloads\Anhänge_201462 (1).zip 2014-06-02 15:38 - 2014-06-02 15:38 - 00001053 _____ () C:\Users\Public\Desktop\Emsisoft Anti-Malware.lnk 2014-06-02 15:38 - 2014-06-02 15:38 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Emsisoft Anti-Malware 2014-06-02 15:36 - 2014-06-02 16:51 - 00000000 ____D () C:\Program Files\Emsisoft Anti-Malware 2014-06-02 15:36 - 2014-06-02 15:36 - 00000000 ____D () C:\Users\kebin\Documents\Anti-Malware 2014-06-02 15:31 - 2014-06-02 15:35 - 232891856 _____ (Emsisoft GmbH ) C:\Users\kebin\Downloads\EmsisoftAntiMalwareSetup.exe 2014-06-02 15:31 - 2014-06-02 15:31 - 00602112 _____ (OldTimer Tools) C:\Users\kebin\Downloads\OTL.exe 2014-05-14 22:03 - 2014-05-14 22:03 - 00000000 ____D () C:\Program Files\Common Files\DESIGNER 2014-05-14 22:00 - 2014-05-06 05:25 - 17382912 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2014-05-14 22:00 - 2014-05-06 05:07 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2014-05-14 22:00 - 2014-05-06 04:10 - 00069632 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll 2014-05-14 17:33 - 2014-05-09 09:06 - 00369664 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll 2014-05-14 17:33 - 2014-05-09 09:04 - 00302592 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll 2014-05-14 17:32 - 2014-04-12 04:15 - 00136640 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys 2014-05-14 17:32 - 2014-04-12 04:15 - 00067520 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys 2014-05-14 17:32 - 2014-04-12 04:12 - 00100352 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll 2014-05-14 17:32 - 2014-04-12 04:12 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll 2014-05-14 17:32 - 2014-04-12 04:12 - 00015872 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll 2014-05-14 17:32 - 2014-04-12 04:11 - 01059840 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll 2014-05-14 17:32 - 2014-04-12 04:11 - 00022528 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe 2014-05-14 17:32 - 2014-03-25 04:09 - 12874240 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll 2014-05-14 17:32 - 2014-03-04 11:20 - 03969984 _____ (Microsoft Corporation) C:\Windows\system32\ntkrnlpa.exe 2014-05-14 17:32 - 2014-03-04 11:20 - 03914176 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe 2014-05-14 17:32 - 2014-03-04 11:17 - 00550912 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll 2014-05-14 17:32 - 2014-03-04 11:17 - 00538112 _____ (Microsoft Corporation) C:\Windows\system32\objsel.dll 2014-05-14 17:32 - 2014-03-04 11:17 - 00304128 _____ (Microsoft Corporation) C:\Windows\system32\winlogon.exe 2014-05-14 17:32 - 2014-03-04 11:17 - 00293376 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll 2014-05-14 17:32 - 2014-03-04 11:17 - 00259584 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll 2014-05-14 17:32 - 2014-03-04 11:17 - 00247808 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll 2014-05-14 17:32 - 2014-03-04 11:17 - 00172032 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll 2014-05-14 17:32 - 2014-03-04 11:17 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll 2014-05-14 17:32 - 2014-03-04 11:17 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\cngprovider.dll 2014-05-14 17:32 - 2014-03-04 11:17 - 00049664 _____ (Microsoft Corporation) C:\Windows\system32\adprovider.dll 2014-05-14 17:32 - 2014-03-04 11:17 - 00048128 _____ (Microsoft Corporation) C:\Windows\system32\capiprovider.dll 2014-05-14 17:32 - 2014-03-04 11:17 - 00047616 _____ (Microsoft Corporation) C:\Windows\system32\dpapiprovider.dll 2014-05-14 17:32 - 2014-03-04 11:17 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\dimsroam.dll 2014-05-14 17:32 - 2014-03-04 11:17 - 00035328 _____ (Microsoft Corporation) C:\Windows\system32\wincredprovider.dll 2014-05-14 17:32 - 2014-03-04 11:17 - 00017408 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll 2014-05-12 17:39 - 2014-05-12 17:39 - 00000213 _____ () C:\Users\kebin\Desktop\Counter-Strike Global Offensive.url 2014-05-11 18:33 - 2014-05-11 18:33 - 00000000 ____D () C:\Users\kebin\Documents\7 Days To Die 2014-05-11 12:59 - 2014-05-11 12:59 - 00208780 _____ () C:\Users\kebin\Downloads\USAIP (1).pbk 2014-05-11 11:04 - 2014-05-11 11:06 - 42001384 _____ () C:\Users\kebin\Downloads\1.5+MeineKraft+Honeyball.zip 2014-05-11 11:00 - 2014-05-11 11:00 - 00675988 _____ () C:\Users\kebin\Downloads\Minecraft (2).exe 2014-05-09 21:01 - 2014-05-09 21:01 - 03822544 _____ () C:\Users\kebin\Downloads\battlelog-web-plugins_2.3.2_134.exe 2014-05-06 21:48 - 2014-05-15 13:08 - 00000000 ___SD () C:\Windows\system32\CompatTel ==================== One Month Modified Files and Folders ======= 2014-06-02 17:02 - 2014-06-02 17:02 - 00018551 _____ () C:\Users\kebin\Downloads\FRST.txt 2014-06-02 17:02 - 2014-06-02 17:01 - 00000000 ____D () C:\FRST 2014-06-02 17:02 - 2013-03-08 21:06 - 00000000 ____D () C:\Users\kebin\AppData\Local\Temp 2014-06-02 17:01 - 2014-06-02 17:01 - 01058304 _____ (Farbar) C:\Users\kebin\Downloads\FRST.exe 2014-06-02 16:54 - 2013-07-07 16:59 - 00000000 ____D () C:\Users\kebin\Desktop\SPIELE 2014-06-02 16:51 - 2014-06-02 15:36 - 00000000 ____D () C:\Program Files\Emsisoft Anti-Malware 2014-06-02 16:42 - 2013-05-14 18:04 - 00000000 ____D () C:\Users\kebin\Documents\My Games 2014-06-02 16:41 - 2013-07-25 14:27 - 00000000 ____D () C:\Program Files\R.G. Mechanics 2014-06-02 16:40 - 2013-07-09 15:55 - 00001096 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2014-06-02 16:39 - 2014-04-27 16:09 - 00000282 _____ () C:\Windows\Tasks\FF Watcher {4ABDC18F-3611-40F6-9256-60C9A1E18F9B}.job 2014-06-02 16:39 - 2013-07-16 16:40 - 00000000 ____D () C:\Program Files\Common Files\DVDVideoSoft 2014-06-02 16:39 - 2013-05-14 17:50 - 00000000 ____D () C:\Users\kebin\AppData\Roaming\DVDVideoSoft 2014-06-02 16:30 - 2014-06-02 16:30 - 00429673 _____ () C:\Users\kebin\Downloads\Anhänge_201462.zip 2014-06-02 16:30 - 2014-06-02 16:30 - 00429673 _____ () C:\Users\kebin\Downloads\Anhänge_201462 (1).zip 2014-06-02 16:29 - 2013-11-13 18:56 - 00000000 ____D () C:\Users\kebin\Documents\W-Seminar 2014-06-02 16:01 - 2013-03-08 21:11 - 01618320 _____ () C:\Windows\system32\PerfStringBackup.INI 2014-06-02 15:38 - 2014-06-02 15:38 - 00001053 _____ () C:\Users\Public\Desktop\Emsisoft Anti-Malware.lnk 2014-06-02 15:38 - 2014-06-02 15:38 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Emsisoft Anti-Malware 2014-06-02 15:36 - 2014-06-02 15:36 - 00000000 ____D () C:\Users\kebin\Documents\Anti-Malware 2014-06-02 15:35 - 2014-06-02 15:31 - 232891856 _____ (Emsisoft GmbH ) C:\Users\kebin\Downloads\EmsisoftAntiMalwareSetup.exe 2014-06-02 15:31 - 2014-06-02 15:31 - 00602112 _____ (OldTimer Tools) C:\Users\kebin\Downloads\OTL.exe 2014-06-02 14:40 - 2013-03-08 21:01 - 01345542 _____ () C:\Windows\WindowsUpdate.log 2014-06-02 14:04 - 2014-01-13 18:33 - 00000000 ____D () C:\Users\kebin\AppData\Local\PMB Files 2014-06-02 14:04 - 2014-01-13 18:33 - 00000000 ____D () C:\ProgramData\PMB Files 2014-06-02 13:40 - 2013-07-09 15:55 - 00001092 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2014-06-02 13:12 - 2009-07-14 06:34 - 00009696 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2014-06-02 13:12 - 2009-07-14 06:34 - 00009696 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2014-06-02 13:05 - 2013-07-07 09:34 - 00000436 _____ () C:\Windows\system32\Drivers\etc\hosts.ics 2014-06-02 13:04 - 2013-11-02 13:15 - 00028475 _____ () C:\Windows\setupact.log 2014-06-02 13:04 - 2009-07-14 06:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2014-05-31 20:11 - 2013-12-08 15:31 - 00000000 ____D () C:\Users\kebin\Documents\Deutsch 2014-05-30 19:38 - 2014-01-16 21:45 - 00000000 ____D () C:\Users\kebin\AppData\Roaming\TS3Client 2014-05-29 18:45 - 2013-10-22 18:12 - 00000000 ____D () C:\Users\kebin\Downloads\n01_019 2014-05-23 20:53 - 2013-03-09 13:44 - 00000000 ____D () C:\Users\kebin\AppData\Roaming\Spotify 2014-05-23 19:08 - 2013-04-09 14:08 - 00000000 ____D () C:\Users\kebin\AppData\Roaming\Skype 2014-05-21 16:55 - 2013-07-09 15:55 - 00002121 _____ () C:\Users\Public\Desktop\Google Chrome.lnk 2014-05-16 22:31 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\rescache 2014-05-15 18:46 - 2013-04-07 18:37 - 00000000 ____D () C:\Program Files\Steam 2014-05-15 13:48 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\Microsoft.NET 2014-05-15 13:08 - 2014-05-06 21:48 - 00000000 ___SD () C:\Windows\system32\CompatTel 2014-05-15 13:08 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\system32\de-DE 2014-05-14 22:10 - 2013-08-14 19:23 - 00000000 ____D () C:\Windows\system32\MRT 2014-05-14 22:03 - 2014-05-14 22:03 - 00000000 ____D () C:\Program Files\Common Files\DESIGNER 2014-05-14 22:03 - 2013-07-17 15:37 - 90547776 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe 2014-05-14 22:03 - 2013-04-11 20:34 - 00000000 ____D () C:\ProgramData\Microsoft Help 2014-05-12 17:39 - 2014-05-12 17:39 - 00000213 _____ () C:\Users\kebin\Desktop\Counter-Strike Global Offensive.url 2014-05-11 18:33 - 2014-05-11 18:33 - 00000000 ____D () C:\Users\kebin\Documents\7 Days To Die 2014-05-11 12:59 - 2014-05-11 12:59 - 00208780 _____ () C:\Users\kebin\Downloads\USAIP (1).pbk 2014-05-11 12:18 - 2013-04-24 19:41 - 00000000 ____D () C:\Users\kebin\AppData\Roaming\.minecraft 2014-05-11 11:06 - 2014-05-11 11:04 - 42001384 _____ () C:\Users\kebin\Downloads\1.5+MeineKraft+Honeyball.zip 2014-05-11 11:00 - 2014-05-11 11:00 - 00675988 _____ () C:\Users\kebin\Downloads\Minecraft (2).exe 2014-05-10 13:44 - 2013-03-09 13:44 - 00000000 ____D () C:\Users\kebin\AppData\Local\Spotify 2014-05-09 21:03 - 2013-06-30 15:00 - 00290184 _____ () C:\Windows\system32\PnkBstrB.xtr 2014-05-09 21:03 - 2013-06-29 12:59 - 00290184 _____ () C:\Windows\system32\PnkBstrB.exe 2014-05-09 21:03 - 2013-06-29 12:59 - 00139032 _____ () C:\Windows\system32\Drivers\PnkBstrK.sys 2014-05-09 21:02 - 2013-06-29 12:59 - 00280904 _____ () C:\Windows\system32\PnkBstrB.ex0 2014-05-09 21:01 - 2014-05-09 21:01 - 03822544 _____ () C:\Users\kebin\Downloads\battlelog-web-plugins_2.3.2_134.exe 2014-05-09 21:01 - 2013-06-30 14:59 - 00000000 ____D () C:\Program Files\Battlelog Web Plugins 2014-05-09 19:40 - 2013-06-29 12:59 - 00076888 _____ () C:\Windows\system32\PnkBstrA.exe 2014-05-09 19:36 - 2013-06-29 12:09 - 00000000 ____D () C:\ProgramData\Origin 2014-05-09 19:36 - 2013-06-29 12:09 - 00000000 ____D () C:\Program Files\Origin 2014-05-09 09:06 - 2014-05-14 17:33 - 00369664 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll 2014-05-09 09:04 - 2014-05-14 17:33 - 00302592 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll 2014-05-08 16:38 - 2014-05-02 12:51 - 00000000 ____D () C:\Users\kebin\Documents\Sozialkunde 2014-05-08 13:36 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\system32\NDF 2014-05-06 17:35 - 2013-10-17 19:57 - 00000000 ____D () C:\Users\kebin\AppData\Local\Windows Live 2014-05-06 05:25 - 2014-05-14 22:00 - 17382912 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2014-05-06 05:07 - 2014-05-14 22:00 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2014-05-06 04:10 - 2014-05-14 22:00 - 00069632 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll Files to move or delete: ==================== C:\Users\kebin\AppData\Roaming\Camdata.ini C:\Users\kebin\AppData\Roaming\CamLayout.ini C:\Users\kebin\AppData\Roaming\CamShapes.ini Some content of TEMP: ==================== C:\Users\Gast.kebin-PC\AppData\Local\Temp\avgnt.exe C:\Users\kebin\AppData\Local\Temp\avgnt.exe C:\Users\kebin\AppData\Local\Temp\i4jdel0.exe C:\Users\kebin\AppData\Local\Temp\javagiac0.5293851001103334.dll C:\Users\kebin\AppData\Local\Temp\nsk196A.exe C:\Users\kebin\AppData\Local\Temp\nsk1F36.exe C:\Users\kebin\AppData\Local\Temp\nskE4B0.exe C:\Users\kebin\AppData\Local\Temp\nspE210.exe C:\Users\kebin\AppData\Local\Temp\nstBEE7.exe C:\Users\kebin\AppData\Local\Temp\nsu1C67.exe C:\Users\kebin\AppData\Local\Temp\nszDF41.exe C:\Users\kebin\AppData\Local\Temp\SIInvoker.exe C:\Users\kebin\AppData\Local\Temp\SkypeSetup.exe C:\Users\kebin\AppData\Local\Temp\sonarinst.exe C:\Users\kebin\AppData\Local\Temp\swt-win32-3349.dll C:\Users\kebin\AppData\Local\Temp\v-bates.exe ==================== Bamital & volsnap Check ================= C:\Windows\explorer.exe => MD5 is legit C:\Windows\system32\winlogon.exe => MD5 is legit C:\Windows\system32\wininit.exe => MD5 is legit C:\Windows\system32\svchost.exe => MD5 is legit C:\Windows\system32\services.exe => MD5 is legit C:\Windows\system32\User32.dll => MD5 is legit C:\Windows\system32\userinit.exe => MD5 is legit C:\Windows\system32\rpcss.dll => MD5 is legit C:\Windows\system32\Drivers\volsnap.sys => MD5 is legit LastRegBack: 2014-06-01 22:11 ==================== End Of Log ============================ -------------- Addition.txt Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:01-06-2014 01 Ran by kebin (administrator) on KEBIN-PC on 02-06-2014 17:02:21 Running from C:\Users\kebin\Downloads Platform: Microsoft Windows 7 Home Premium Service Pack 1 (X86) OS Language: German Standard Internet Explorer Version 11 Boot Mode: Normal The only official download link for FRST: Download link for 32-Bit version: hxxp://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/ Download link for 64-Bit Version: hxxp://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/ Download link from any site other than Bleeping Computer is unpermitted or outdated. See tutorial for FRST: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (AMD) C:\Windows\System32\atiesrxx.exe (AMD) C:\Windows\System32\atieclxx.exe (Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avguard.exe () C:\Windows\System32\PnkBstrA.exe (Realtek) C:\Program Files\Realtek\11n USB Wireless LAN Utility\RtlService.exe (Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE (Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avshadow.exe (Renesas Electronics Corporation) C:\Program Files\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe (Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (SAMSUNG ELECTRONICS) C:\Program Files\Samsung\Samsung Media Studio 5\SMSTray.exe (Advanced Micro Devices Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe (ATI Technologies Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe (Realtek Semiconductor Corp.) C:\Program Files\Realtek\11n USB Wireless LAN Utility\RtWLan.exe (Microsoft Corporation) C:\Windows\System32\wuauclt.exe (Emsisoft GmbH) C:\Program Files\Emsisoft Anti-Malware\a2service.exe (Emsisoft GmbH) C:\Program Files\Emsisoft Anti-Malware\a2guard.exe (Emsisoft GmbH) C:\Program Files\Emsisoft Anti-Malware\a2start.exe (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe ==================== Registry (Whitelisted) ================== HKLM\...\Run: [NUSB3MON] => C:\Program Files\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe [113288 2010-04-27] (Renesas Electronics Corporation) HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [9288296 2010-06-14] (Realtek Semiconductor) HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [946352 2012-12-18] (Adobe Systems Incorporated) HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [253816 2013-03-12] (Oracle Corporation) HKLM\...\Run: [avgnt] => C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [689744 2014-02-20] (Avira Operations GmbH & Co. KG) HKLM\...\Run: [SMSTray] => C:\Program Files\Samsung\Samsung Media Studio 5\SMSTray.exe [132624 2007-12-14] (SAMSUNG ELECTRONICS) HKLM\...\Run: [StartCCC] => C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [642656 2013-03-28] (Advanced Micro Devices, Inc.) HKLM\...\Run: [HP Software Update] => C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe [49208 2011-03-24] (Hewlett-Packard) HKLM\...\Run: [] => [X] HKLM\...\Run: [emsisoft anti-malware] => c:\program files\emsisoft anti-malware\a2guard.exe [4330432 2014-02-15] (Emsisoft GmbH) HKU\.DEFAULT\...\RunOnce: [SPReview] - C:\Windows\System32\SPReview\SPReview.exe [280576 2013-03-20] (Microsoft Corporation) HKU\S-1-5-21-3919152501-1714073753-3578707811-1000\...\Run: [] => [X] HKU\S-1-5-21-3919152501-1714073753-3578707811-1000\...\Run: [Spotify Web Helper] => C:\Users\kebin\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1171000 2014-04-16] (Spotify Ltd) HKU\S-1-5-21-3919152501-1714073753-3578707811-1000\...\Run: [CPU_Control] => C:\Program Files\CPU-Control\CPU_Control.exe [1034240 2009-01-04] () HKU\S-1-5-21-3919152501-1714073753-3578707811-1000\...\Run: [DAEMON Tools Lite] => "C:\Program Files\DAEMON Tools Lite\DTLite.exe" -autorun HKU\S-1-5-21-3919152501-1714073753-3578707811-1000\...\MountPoints2: I - I:\Setup.exe HKU\S-1-5-21-3919152501-1714073753-3578707811-1000\...\MountPoints2: {7c3722b3-bc8b-11e2-ae42-c93ad4f53fab} - I:\INSTALL.EXE HKU\S-1-5-21-3919152501-1714073753-3578707811-1000\...\MountPoints2: {b34471aa-f51d-11e2-9a3c-6c626d8af7c3} - I:\setup.exe HKU\S-1-5-21-3919152501-1714073753-3578707811-1000\...\MountPoints2: {d20c0b20-c6a5-11e2-b23d-aad8909b5fad} - I:\INSTALL.EXE Startup: C:\Users\kebin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk ShortcutTarget: OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk -> C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation) Startup: C:\Users\kebin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.4.1.lnk ShortcutTarget: OpenOffice.org 3.4.1.lnk -> C:\Program Files\OpenOffice.org 3\program\quickstart.exe () ==================== Internet (Whitelisted) ==================== ProxyServer: 95.211.129.32:3128 HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://feed.snapdo.com/?publisher=VertiTechnologyYB&dpid=VertiTechnologyYB&co=DE&userid=67df9fbc-4fcc-49d5-9d21-2130fbe62346&searchtype=ds&q={searchTerms}&installDate=01/01/1970 HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.golsearch.com/?babsrc=HP_ss_Btisdt6&mntrId=D2636C626D8AF7C3&affID=121564&tt=160713_9127&tsp=4946 HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://feed.snapdo.com/?publisher=VertiTechnologyYB&dpid=VertiTechnologyYB&co=DE&userid=67df9fbc-4fcc-49d5-9d21-2130fbe62346&searchtype=ds&q={searchTerms}&installDate=01/01/1970 HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.qvo6.com/?utm_source=b&utm_medium=vtt&from=vtt&uid=WDCXWD15EARS-00MVWB0_WD-WMAZA083549035490&ts=1373376527 HKCU\Software\Microsoft\Internet Explorer\Main,bProtector Start Page = hxxp://www1.delta-search.com/?babsrc=HP_ss&mntrId=D2636C626D8AF7C3&affID=120517&tt=160713_9127&tsp=4945 HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.qvo6.com/?utm_source=b&utm_medium=vtt&from=vtt&uid=WDCXWD15EARS-00MVWB0_WD-WMAZA083549035490&ts=1373376527 HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.qvo6.com/?utm_source=b&utm_medium=vtt&from=vtt&uid=WDCXWD15EARS-00MVWB0_WD-WMAZA083549035490&ts=1373376527 StartMenuInternet: IEXPLORE.EXE - C:\Program Files\Internet Explorer\iexplore.exe hxxp://www.qvo6.com/?utm_source=b&utm_medium=vtt&from=vtt&uid=WDCXWD15EARS-00MVWB0_WD-WMAZA083549035490&ts=1373373982 SearchScopes: HKLM - DefaultScope {6EE4760F-2013-4BA5-BC1C-AC5D33C65EFA} URL = SearchScopes: HKLM - {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = hxxp://feed.snapdo.com/?publisher=VertiTechnologyYB&dpid=VertiTechnologyYB&co=DE&userid=67df9fbc-4fcc-49d5-9d21-2130fbe62346&searchtype=ds&q={searchTerms}&installDate=01/01/1970 SearchScopes: HKCU - DefaultScope {6EE4760F-2013-4BA5-BC1C-AC5D33C65EFA} URL = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3311268&CUI=UN14762058129427503&UM=2 SearchScopes: HKCU - bProtectorDefaultScope {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} SearchScopes: HKCU - {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = hxxp://www.enhanced-search.com/?q={searchTerms}&babsrc=SP_ss_mib2&mntrId=D2636C626D8AF7C3&affID=121564&tt=160713_9127&tsp=4946 SearchScopes: HKCU - {6EE4760F-2013-4BA5-BC1C-AC5D33C65EFA} URL = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3311268&CUI=UN14762058129427503&UM=2 BHO: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated) BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) BHO: No Name - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - No File Toolbar: HKLM - No Name - {ae07101b-46d4-4a98-af68-0333ea26e113} - No File Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies) ShellExecuteHooks: ShellHook Class - {88485281-8b4b-4f8d-9ede-82e29a064277} - C:\Program Files\MarkAny\ContentSafer\MACSMANAGER.dll [192512 2004-11-23] (MarkAny Cooperation.) Tcpip\Parameters: [DhcpNameServer] 192.168.178.1 Tcpip\..\Interfaces\{26A623EB-0DB5-4189-B290-E65C1726041A}: [NameServer]192.169.137.1 FireFox: ======== FF ProfilePath: C:\Users\kebin\AppData\Roaming\Mozilla\Firefox\Profiles\olbrdq18.default FF DefaultSearchEngine: Conduit Search FF SelectedSearchEngine: Conduit Search FF Homepage: hxxp://www.golsearch.com/?babsrc=HP_ss_Btisdt6&mntrId=D2636C626D8AF7C3&affID=121564&tt=160713_9127&tsp=4946 FF Keyword.URL: hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3311268&SearchSource=2&CUI=UN38072101937782320&UM=2&q= FF NewTab: about:newtab FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_11_9_900_117.dll () FF Plugin: @esn.me/esnsonar,version=0.70.4 - C:\Program Files\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll (ESN Social Software AB) FF Plugin: @esn/esnlaunch,version=2.3.0 - C:\Program Files\Battlelog Web Plugins\2.3.0\npesnlaunch.dll (ESN Social Software AB) FF Plugin: @esn/npbattlelog,version=2.3.2 - C:\Program Files\Battlelog Web Plugins\2.3.2\npbattlelog.dll (EA Digital Illusions CE AB) FF Plugin: @java.com/DTPlugin,version=10.21.2 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=10.21.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin: @microsoft.com/WLPG,version=16.4.3508.0205 - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin: @nokia.com/EnablerPlugin - C:\Program Files\Nokia\Nokia Suite\npNokiaSuiteEnabler.dll ( ) FF Plugin: @pandonetworks.com/PandoWebPlugin - C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks) FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.) FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.) FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF Plugin HKCU: electronicarts.com/GameFacePlugin - C:\Users\kebin\AppData\Roaming\Electronic Arts\Game Face\npGameFacePlugin.dll (Electronic Arts) FF Plugin HKCU: pandonetworks.com/PandoWebPlugin - C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks) FF Plugin HKCU: ubisoft.com/uplaypc - C:\Program Files\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll () FF user.js: detected! => C:\Users\kebin\AppData\Roaming\Mozilla\Firefox\Profiles\olbrdq18.default\user.js FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\amazondotcom-de.xml FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\eBay-de.xml FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\leo_ende_de.xml FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\yahoo-de.xml FF Extension: No Name - C:\Users\kebin\AppData\Roaming\Mozilla\Firefox\profiles\extensions\extensions [2013-07-09] FF Extension: FTdownloader V3.0 - C:\Users\kebin\AppData\Roaming\Mozilla\Firefox\profiles\extensions\ftdownloader3@ftdownloader.com.xpi [2013-04-11] FF Extension: Plus-HD-4.5 - C:\Users\kebin\AppData\Roaming\Mozilla\Firefox\Profiles\olbrdq18.default\Extensions\a892fa08-2d07-49e8-adce-f650222629ca@82592752-c212-4885-b999-cb2a1d2f9d09.com [2014-04-23] FF Extension: WhiteSmoke New V6 - C:\Users\kebin\AppData\Roaming\Mozilla\Firefox\Profiles\olbrdq18.default\Extensions\{da7f5ae1-3be3-43c0-8098-c1d183616e97} [2014-04-16] FF HKLM\...\Firefox\Extensions: [{21EAF666-26B3-4a3c-ABD0-CA2F5A326744}] - C:\Program Files\V-bates\Firefox FF HKCU\...\Firefox\Extensions: [{5a95a9e0-59dd-4314-bd84-4d18ca83a0e2}] - C:\Program Files\Wajam\Firefox\{5a95a9e0-59dd-4314-bd84-4d18ca83a0e2}.xpi Chrome: ======= CHR HomePage: hxxp://search.conduit.com/?ctid=CT3311268&SearchSource=48&CUI=UN29504919652995354&UM=2&UP=SP227CA280-2830-4C9A-BC80-F19CEDB88F74&SSPV= CHR Plugin: (Shockwave Flash) - C:\Program Files\Google\Chrome\Application\35.0.1916.114\PepperFlash\pepflashplayer.dll () CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer CHR Plugin: (Native Client) - C:\Program Files\Google\Chrome\Application\35.0.1916.114\ppGoogleNaClPluginChrome.dll () CHR Plugin: (Chrome PDF Viewer) - C:\Program Files\Google\Chrome\Application\35.0.1916.114\pdf.dll () CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Reader 11.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.) CHR Plugin: (ESN Launch Mozilla Plugin) - C:\Program Files\Battlelog Web Plugins\2.1.7\npesnlaunch.dll No File CHR Plugin: (ESN Sonar API) - C:\Program Files\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll (ESN Social Software AB) CHR Plugin: (Google Update) - C:\Program Files\Google\Update\1.3.21.149\npGoogleUpdate3.dll No File CHR Plugin: (Java(TM) Platform SE 7 U21) - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) CHR Plugin: (Nokia Suite Enabler Plugin) - C:\Program Files\Nokia\Nokia Suite\npNokiaSuiteEnabler.dll ( ) CHR Plugin: (Shockwave Flash) - C:\Windows\system32\Macromed\Flash\NPSWF32_11_6_602_171.dll No File CHR Plugin: (Java Deployment Toolkit 7.0.210.11) - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation) CHR Extension: (ProxFlow) - C:\Users\kebin\AppData\Local\Google\Chrome\User Data\Default\Extensions\aakchaleigkohafkfjfjbblobjifikek [2013-11-10] CHR Extension: (Google Drive) - C:\Users\kebin\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-07-09] CHR Extension: (YouTube) - C:\Users\kebin\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-07-09] CHR Extension: (Google-Suche) - C:\Users\kebin\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-07-09] CHR Extension: (AdBlock) - C:\Users\kebin\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2013-08-09] CHR Extension: (Google Wallet) - C:\Users\kebin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-22] CHR Extension: (Google Mail) - C:\Users\kebin\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-07-09] CHR HKLM\...\Chrome\Extension: [ibcgjcbeckcdemelifnledhihpaighfk] - C:\Users\kebin\AppData\Local\CRE\ibcgjcbeckcdemelifnledhihpaighfk.crx [2013-07-09] CHR HKCU\...\Chrome\Extension: [ibcgjcbeckcdemelifnledhihpaighfk] - C:\Users\kebin\AppData\Local\CRE\ibcgjcbeckcdemelifnledhihpaighfk.crx [2013-07-09] CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION ========================== Services (Whitelisted) ================= R2 a2AntiMalware; C:\Program Files\Emsisoft Anti-Malware\a2service.exe [4163584 2014-02-15] (Emsisoft GmbH) R2 AntiVirSchedulerService; C:\Program Files\Avira\AntiVir Desktop\sched.exe [440400 2014-02-20] (Avira Operations GmbH & Co. KG) R2 AntiVirService; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [440400 2014-02-20] (Avira Operations GmbH & Co. KG) R2 PnkBstrA; C:\Windows\system32\PnkBstrA.exe [76888 2014-05-09] () R2 Realtek11nSU; C:\Program Files\Realtek\11n USB Wireless LAN Utility\RtlService.exe [36864 2010-04-16] (Realtek) ==================== Drivers (Whitelisted) ==================== R3 a2acc; C:\PROGRAM FILES\EMSISOFT ANTI-MALWARE\a2accx86.sys [58200 2014-05-12] (Emsisoft GmbH) R1 A2DDA; C:\Program Files\Emsisoft Anti-Malware\a2ddax86.sys [22056 2013-03-28] (Emsisoft GmbH) R1 a2injectiondriver; C:\Program Files\Emsisoft Anti-Malware\a2dix86.sys [38248 2013-09-30] (Emsisoft GmbH) R1 a2util; C:\Program Files\Emsisoft Anti-Malware\a2util32.sys [18552 2014-05-12] (Emsisoft GmbH) R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [90400 2013-12-18] (Avira Operations GmbH & Co. KG) R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [135648 2013-12-18] (Avira Operations GmbH & Co. KG) R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [37352 2013-12-01] (Avira Operations GmbH & Co. KG) R3 cleanhlp; C:\Program Files\Emsisoft Anti-Malware\cleanhlp32.sys [50200 2013-12-04] (Emsisoft GmbH) R3 nusb3hub; C:\Windows\System32\DRIVERS\nusb3hub.sys [64904 2010-04-27] (Renesas Electronics Corporation) R3 nusb3xhc; C:\Windows\System32\DRIVERS\nusb3xhc.sys [146568 2010-04-27] (Renesas Electronics Corporation) R1 RrNetCapFilterDriver; C:\Windows\System32\DRIVERS\RrNetCapFilterDriver.sys [22184 2013-10-29] (Audials AG) R1 ssmdrv; C:\Windows\System32\DRIVERS\ssmdrv.sys [28520 2013-07-09] (Avira GmbH) R3 tbhsd; C:\Windows\System32\drivers\tbhsd.sys [39048 2013-03-07] (RapidSolution Software AG) ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2014-06-02 17:02 - 2014-06-02 17:02 - 00018551 _____ () C:\Users\kebin\Downloads\FRST.txt 2014-06-02 17:01 - 2014-06-02 17:02 - 00000000 ____D () C:\FRST 2014-06-02 17:01 - 2014-06-02 17:01 - 01058304 _____ (Farbar) C:\Users\kebin\Downloads\FRST.exe 2014-06-02 16:30 - 2014-06-02 16:30 - 00429673 _____ () C:\Users\kebin\Downloads\Anhänge_201462.zip 2014-06-02 16:30 - 2014-06-02 16:30 - 00429673 _____ () C:\Users\kebin\Downloads\Anhänge_201462 (1).zip 2014-06-02 15:38 - 2014-06-02 15:38 - 00001053 _____ () C:\Users\Public\Desktop\Emsisoft Anti-Malware.lnk 2014-06-02 15:38 - 2014-06-02 15:38 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Emsisoft Anti-Malware 2014-06-02 15:36 - 2014-06-02 16:51 - 00000000 ____D () C:\Program Files\Emsisoft Anti-Malware 2014-06-02 15:36 - 2014-06-02 15:36 - 00000000 ____D () C:\Users\kebin\Documents\Anti-Malware 2014-06-02 15:31 - 2014-06-02 15:35 - 232891856 _____ (Emsisoft GmbH ) C:\Users\kebin\Downloads\EmsisoftAntiMalwareSetup.exe 2014-06-02 15:31 - 2014-06-02 15:31 - 00602112 _____ (OldTimer Tools) C:\Users\kebin\Downloads\OTL.exe 2014-05-14 22:03 - 2014-05-14 22:03 - 00000000 ____D () C:\Program Files\Common Files\DESIGNER 2014-05-14 22:00 - 2014-05-06 05:25 - 17382912 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2014-05-14 22:00 - 2014-05-06 05:07 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2014-05-14 22:00 - 2014-05-06 04:10 - 00069632 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll 2014-05-14 17:33 - 2014-05-09 09:06 - 00369664 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll 2014-05-14 17:33 - 2014-05-09 09:04 - 00302592 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll 2014-05-14 17:32 - 2014-04-12 04:15 - 00136640 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys 2014-05-14 17:32 - 2014-04-12 04:15 - 00067520 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys 2014-05-14 17:32 - 2014-04-12 04:12 - 00100352 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll 2014-05-14 17:32 - 2014-04-12 04:12 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll 2014-05-14 17:32 - 2014-04-12 04:12 - 00015872 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll 2014-05-14 17:32 - 2014-04-12 04:11 - 01059840 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll 2014-05-14 17:32 - 2014-04-12 04:11 - 00022528 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe 2014-05-14 17:32 - 2014-03-25 04:09 - 12874240 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll 2014-05-14 17:32 - 2014-03-04 11:20 - 03969984 _____ (Microsoft Corporation) C:\Windows\system32\ntkrnlpa.exe 2014-05-14 17:32 - 2014-03-04 11:20 - 03914176 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe 2014-05-14 17:32 - 2014-03-04 11:17 - 00550912 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll 2014-05-14 17:32 - 2014-03-04 11:17 - 00538112 _____ (Microsoft Corporation) C:\Windows\system32\objsel.dll 2014-05-14 17:32 - 2014-03-04 11:17 - 00304128 _____ (Microsoft Corporation) C:\Windows\system32\winlogon.exe 2014-05-14 17:32 - 2014-03-04 11:17 - 00293376 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll 2014-05-14 17:32 - 2014-03-04 11:17 - 00259584 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll 2014-05-14 17:32 - 2014-03-04 11:17 - 00247808 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll 2014-05-14 17:32 - 2014-03-04 11:17 - 00172032 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll 2014-05-14 17:32 - 2014-03-04 11:17 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll 2014-05-14 17:32 - 2014-03-04 11:17 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\cngprovider.dll 2014-05-14 17:32 - 2014-03-04 11:17 - 00049664 _____ (Microsoft Corporation) C:\Windows\system32\adprovider.dll 2014-05-14 17:32 - 2014-03-04 11:17 - 00048128 _____ (Microsoft Corporation) C:\Windows\system32\capiprovider.dll 2014-05-14 17:32 - 2014-03-04 11:17 - 00047616 _____ (Microsoft Corporation) C:\Windows\system32\dpapiprovider.dll 2014-05-14 17:32 - 2014-03-04 11:17 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\dimsroam.dll 2014-05-14 17:32 - 2014-03-04 11:17 - 00035328 _____ (Microsoft Corporation) C:\Windows\system32\wincredprovider.dll 2014-05-14 17:32 - 2014-03-04 11:17 - 00017408 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll 2014-05-12 17:39 - 2014-05-12 17:39 - 00000213 _____ () C:\Users\kebin\Desktop\Counter-Strike Global Offensive.url 2014-05-11 18:33 - 2014-05-11 18:33 - 00000000 ____D () C:\Users\kebin\Documents\7 Days To Die 2014-05-11 12:59 - 2014-05-11 12:59 - 00208780 _____ () C:\Users\kebin\Downloads\USAIP (1).pbk 2014-05-11 11:04 - 2014-05-11 11:06 - 42001384 _____ () C:\Users\kebin\Downloads\1.5+MeineKraft+Honeyball.zip 2014-05-11 11:00 - 2014-05-11 11:00 - 00675988 _____ () C:\Users\kebin\Downloads\Minecraft (2).exe 2014-05-09 21:01 - 2014-05-09 21:01 - 03822544 _____ () C:\Users\kebin\Downloads\battlelog-web-plugins_2.3.2_134.exe 2014-05-06 21:48 - 2014-05-15 13:08 - 00000000 ___SD () C:\Windows\system32\CompatTel ==================== One Month Modified Files and Folders ======= 2014-06-02 17:02 - 2014-06-02 17:02 - 00018551 _____ () C:\Users\kebin\Downloads\FRST.txt 2014-06-02 17:02 - 2014-06-02 17:01 - 00000000 ____D () C:\FRST 2014-06-02 17:02 - 2013-03-08 21:06 - 00000000 ____D () C:\Users\kebin\AppData\Local\Temp 2014-06-02 17:01 - 2014-06-02 17:01 - 01058304 _____ (Farbar) C:\Users\kebin\Downloads\FRST.exe 2014-06-02 16:54 - 2013-07-07 16:59 - 00000000 ____D () C:\Users\kebin\Desktop\SPIELE 2014-06-02 16:51 - 2014-06-02 15:36 - 00000000 ____D () C:\Program Files\Emsisoft Anti-Malware 2014-06-02 16:42 - 2013-05-14 18:04 - 00000000 ____D () C:\Users\kebin\Documents\My Games 2014-06-02 16:41 - 2013-07-25 14:27 - 00000000 ____D () C:\Program Files\R.G. Mechanics 2014-06-02 16:40 - 2013-07-09 15:55 - 00001096 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2014-06-02 16:39 - 2014-04-27 16:09 - 00000282 _____ () C:\Windows\Tasks\FF Watcher {4ABDC18F-3611-40F6-9256-60C9A1E18F9B}.job 2014-06-02 16:39 - 2013-07-16 16:40 - 00000000 ____D () C:\Program Files\Common Files\DVDVideoSoft 2014-06-02 16:39 - 2013-05-14 17:50 - 00000000 ____D () C:\Users\kebin\AppData\Roaming\DVDVideoSoft 2014-06-02 16:30 - 2014-06-02 16:30 - 00429673 _____ () C:\Users\kebin\Downloads\Anhänge_201462.zip 2014-06-02 16:30 - 2014-06-02 16:30 - 00429673 _____ () C:\Users\kebin\Downloads\Anhänge_201462 (1).zip 2014-06-02 16:29 - 2013-11-13 18:56 - 00000000 ____D () C:\Users\kebin\Documents\W-Seminar 2014-06-02 16:01 - 2013-03-08 21:11 - 01618320 _____ () C:\Windows\system32\PerfStringBackup.INI 2014-06-02 15:38 - 2014-06-02 15:38 - 00001053 _____ () C:\Users\Public\Desktop\Emsisoft Anti-Malware.lnk 2014-06-02 15:38 - 2014-06-02 15:38 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Emsisoft Anti-Malware 2014-06-02 15:36 - 2014-06-02 15:36 - 00000000 ____D () C:\Users\kebin\Documents\Anti-Malware 2014-06-02 15:35 - 2014-06-02 15:31 - 232891856 _____ (Emsisoft GmbH ) C:\Users\kebin\Downloads\EmsisoftAntiMalwareSetup.exe 2014-06-02 15:31 - 2014-06-02 15:31 - 00602112 _____ (OldTimer Tools) C:\Users\kebin\Downloads\OTL.exe 2014-06-02 14:40 - 2013-03-08 21:01 - 01345542 _____ () C:\Windows\WindowsUpdate.log 2014-06-02 14:04 - 2014-01-13 18:33 - 00000000 ____D () C:\Users\kebin\AppData\Local\PMB Files 2014-06-02 14:04 - 2014-01-13 18:33 - 00000000 ____D () C:\ProgramData\PMB Files 2014-06-02 13:40 - 2013-07-09 15:55 - 00001092 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2014-06-02 13:12 - 2009-07-14 06:34 - 00009696 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2014-06-02 13:12 - 2009-07-14 06:34 - 00009696 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2014-06-02 13:05 - 2013-07-07 09:34 - 00000436 _____ () C:\Windows\system32\Drivers\etc\hosts.ics 2014-06-02 13:04 - 2013-11-02 13:15 - 00028475 _____ () C:\Windows\setupact.log 2014-06-02 13:04 - 2009-07-14 06:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2014-05-31 20:11 - 2013-12-08 15:31 - 00000000 ____D () C:\Users\kebin\Documents\Deutsch 2014-05-30 19:38 - 2014-01-16 21:45 - 00000000 ____D () C:\Users\kebin\AppData\Roaming\TS3Client 2014-05-29 18:45 - 2013-10-22 18:12 - 00000000 ____D () C:\Users\kebin\Downloads\n01_019 2014-05-23 20:53 - 2013-03-09 13:44 - 00000000 ____D () C:\Users\kebin\AppData\Roaming\Spotify 2014-05-23 19:08 - 2013-04-09 14:08 - 00000000 ____D () C:\Users\kebin\AppData\Roaming\Skype 2014-05-21 16:55 - 2013-07-09 15:55 - 00002121 _____ () C:\Users\Public\Desktop\Google Chrome.lnk 2014-05-16 22:31 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\rescache 2014-05-15 18:46 - 2013-04-07 18:37 - 00000000 ____D () C:\Program Files\Steam 2014-05-15 13:48 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\Microsoft.NET 2014-05-15 13:08 - 2014-05-06 21:48 - 00000000 ___SD () C:\Windows\system32\CompatTel 2014-05-15 13:08 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\system32\de-DE 2014-05-14 22:10 - 2013-08-14 19:23 - 00000000 ____D () C:\Windows\system32\MRT 2014-05-14 22:03 - 2014-05-14 22:03 - 00000000 ____D () C:\Program Files\Common Files\DESIGNER 2014-05-14 22:03 - 2013-07-17 15:37 - 90547776 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe 2014-05-14 22:03 - 2013-04-11 20:34 - 00000000 ____D () C:\ProgramData\Microsoft Help 2014-05-12 17:39 - 2014-05-12 17:39 - 00000213 _____ () C:\Users\kebin\Desktop\Counter-Strike Global Offensive.url 2014-05-11 18:33 - 2014-05-11 18:33 - 00000000 ____D () C:\Users\kebin\Documents\7 Days To Die 2014-05-11 12:59 - 2014-05-11 12:59 - 00208780 _____ () C:\Users\kebin\Downloads\USAIP (1).pbk 2014-05-11 12:18 - 2013-04-24 19:41 - 00000000 ____D () C:\Users\kebin\AppData\Roaming\.minecraft 2014-05-11 11:06 - 2014-05-11 11:04 - 42001384 _____ () C:\Users\kebin\Downloads\1.5+MeineKraft+Honeyball.zip 2014-05-11 11:00 - 2014-05-11 11:00 - 00675988 _____ () C:\Users\kebin\Downloads\Minecraft (2).exe 2014-05-10 13:44 - 2013-03-09 13:44 - 00000000 ____D () C:\Users\kebin\AppData\Local\Spotify 2014-05-09 21:03 - 2013-06-30 15:00 - 00290184 _____ () C:\Windows\system32\PnkBstrB.xtr 2014-05-09 21:03 - 2013-06-29 12:59 - 00290184 _____ () C:\Windows\system32\PnkBstrB.exe 2014-05-09 21:03 - 2013-06-29 12:59 - 00139032 _____ () C:\Windows\system32\Drivers\PnkBstrK.sys 2014-05-09 21:02 - 2013-06-29 12:59 - 00280904 _____ () C:\Windows\system32\PnkBstrB.ex0 2014-05-09 21:01 - 2014-05-09 21:01 - 03822544 _____ () C:\Users\kebin\Downloads\battlelog-web-plugins_2.3.2_134.exe 2014-05-09 21:01 - 2013-06-30 14:59 - 00000000 ____D () C:\Program Files\Battlelog Web Plugins 2014-05-09 19:40 - 2013-06-29 12:59 - 00076888 _____ () C:\Windows\system32\PnkBstrA.exe 2014-05-09 19:36 - 2013-06-29 12:09 - 00000000 ____D () C:\ProgramData\Origin 2014-05-09 19:36 - 2013-06-29 12:09 - 00000000 ____D () C:\Program Files\Origin 2014-05-09 09:06 - 2014-05-14 17:33 - 00369664 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll 2014-05-09 09:04 - 2014-05-14 17:33 - 00302592 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll 2014-05-08 16:38 - 2014-05-02 12:51 - 00000000 ____D () C:\Users\kebin\Documents\Sozialkunde 2014-05-08 13:36 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\system32\NDF 2014-05-06 17:35 - 2013-10-17 19:57 - 00000000 ____D () C:\Users\kebin\AppData\Local\Windows Live 2014-05-06 05:25 - 2014-05-14 22:00 - 17382912 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2014-05-06 05:07 - 2014-05-14 22:00 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2014-05-06 04:10 - 2014-05-14 22:00 - 00069632 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll Files to move or delete: ==================== C:\Users\kebin\AppData\Roaming\Camdata.ini C:\Users\kebin\AppData\Roaming\CamLayout.ini C:\Users\kebin\AppData\Roaming\CamShapes.ini Some content of TEMP: ==================== C:\Users\Gast.kebin-PC\AppData\Local\Temp\avgnt.exe C:\Users\kebin\AppData\Local\Temp\avgnt.exe C:\Users\kebin\AppData\Local\Temp\i4jdel0.exe C:\Users\kebin\AppData\Local\Temp\javagiac0.5293851001103334.dll C:\Users\kebin\AppData\Local\Temp\nsk196A.exe C:\Users\kebin\AppData\Local\Temp\nsk1F36.exe C:\Users\kebin\AppData\Local\Temp\nskE4B0.exe C:\Users\kebin\AppData\Local\Temp\nspE210.exe C:\Users\kebin\AppData\Local\Temp\nstBEE7.exe C:\Users\kebin\AppData\Local\Temp\nsu1C67.exe C:\Users\kebin\AppData\Local\Temp\nszDF41.exe C:\Users\kebin\AppData\Local\Temp\SIInvoker.exe C:\Users\kebin\AppData\Local\Temp\SkypeSetup.exe C:\Users\kebin\AppData\Local\Temp\sonarinst.exe C:\Users\kebin\AppData\Local\Temp\swt-win32-3349.dll C:\Users\kebin\AppData\Local\Temp\v-bates.exe ==================== Bamital & volsnap Check ================= C:\Windows\explorer.exe => MD5 is legit C:\Windows\system32\winlogon.exe => MD5 is legit C:\Windows\system32\wininit.exe => MD5 is legit C:\Windows\system32\svchost.exe => MD5 is legit C:\Windows\system32\services.exe => MD5 is legit C:\Windows\system32\User32.dll => MD5 is legit C:\Windows\system32\userinit.exe => MD5 is legit C:\Windows\system32\rpcss.dll => MD5 is legit C:\Windows\system32\Drivers\volsnap.sys => MD5 is legit LastRegBack: 2014-06-01 22:11 ==================== End Of Log ============================ |