|
Habe Probleme wie schon der Vorgänger der hier gepostet hat ...es öffnet sich gelegentlich ein leeres Fenster - manche Wörter sind farbig und wenn man mit dem Cursor drüber fährt öffnet sich wieder ein kleines Fenster wo man anklicken soll. Habe schon malware-programm suchen lassen - hat Fehler gefunden und gelöscht - aber funktionierte noch nicht. Jetzt habe ich frst64 laufen lassen und habe folgenden Text erhalten: Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 13-03-2014 Ran by Mader (administrator) on MADER-PC on 17-03-2014 13:17:31 Running from C:\Users\Mader\Downloads Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard Internet Explorer Version 11 Boot Mode: Normal The only official download link for FRST: Download link for 32-Bit version: hxxp://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/ Download link for 64-Bit Version: hxxp://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/ Download link from any site other than Bleeping Computer is unpermitted or outdated. See tutorial for FRST: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe (Microsoft Corporation) C:\Windows\system32\WLANExt.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe (NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe () C:\Program Files (x86)\AAVUpdateManager\aavus.exe (Adobe Systems Incorporated) c:\Creative Suite CS2\Adobe Version Cue CS2\bin\VersionCueCS2.exe () C:\Users\Mader\AppData\LocalLow\AdobeAir\IE\AdobeAirUpdater.exe (Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avp.exe (Dritek System Inc.) C:\Program Files (x86)\Launch Manager\dsiwmis.exe (Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe (SEIKO EPSON CORPORATION) C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RPB.EXE (Acer Incorporated) C:\Program Files (x86)\Acer\Registration\GREGsvc.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (NewTech Infosystems, Inc.) C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe () C:\Users\Mader\AppData\Roaming\OCS\SM\SearchAnonymizerHelper.exe (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avpui.exe () c:\Creative Suite CS2\Adobe Version Cue CS2\data\database\bin\mysqld-nt.exe (TuneUp Software) C:\Program Files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesService64.exe (Acer Group) C:\Program Files\Acer\Acer Updater\UpdaterService.exe (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe (ELAN Microelectronic Corp.) C:\Program Files\Elantech\ETDCtrl.exe (Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe (NewSoft Technology Corporation) C:\Windows\System32\spool\drivers\x64\3\WrtMon.exe (Sonix) C:\Windows\vsnp2std.exe (Intel Corporation) C:\Windows\System32\igfxpers.exe (Secunia) C:\Program Files (x86)\Secunia\PSI\psi.exe (Microsoft Corporation) C:\Windows\WindowsMobile\wmdcBase.exe (Intel Corporation) C:\Windows\system32\igfxsrvc.exe (NewSoft Technology Corporation) C:\Windows\System32\spool\drivers\x64\3\WrtProc.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LManager.exe (NewSoft Technology Corporation) C:\Program Files (x86)\NewSoft\Presto! PageManager 9 for EP\PMSpeed.exe (Adobe Sytems Incorporated) C:\Creative Suite CS2\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe (Dritek System Inc.) C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe (Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LMworker.exe (Intel Corporation) C:\Windows\system32\igfxext.exe (TuneUp Software) C:\Program Files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesApp64.exe (ELAN Microelectronic Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe (Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerEvent.exe (Microsoft Corporation) C:\Windows\splwow64.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe ==================== Registry (Whitelisted) ================== HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [10920552 2010-06-22] (Realtek Semiconductor) HKLM\...\Run: [ETDWare] - C:\Program Files\Elantech\ETDCtrl.exe [649608 2010-04-13] (ELAN Microelectronic Corp.) HKLM\...\Run: [Acer ePower Management] - C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe [861216 2010-06-11] (Acer Incorporated) HKLM\...\Run: [WrtMon.exe] - C:\Windows\system32\spool\drivers\x64\3\WrtMon.exe [26448 2008-05-24] (NewSoft Technology Corporation) HKLM\...\Run: [snp2std] - C:\Windows\vsnp2std.exe [348160 2007-08-07] (Sonix) HKLM\...\Run: [Ocs_SM] - C:\Users\Mader\AppData\Roaming\OCS\SM\SearchAnonymizer.exe [106496 2012-02-22] (OCS) HKLM\...\Run: [Windows Mobile-based device management] - C:\Windows\WindowsMobile\wmdcBase.exe [660360 2007-05-31] (Microsoft Corporation) HKLM-x32\...\Run: [IAStorIcon] - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [284696 2010-04-13] (Intel Corporation) HKLM-x32\...\Run: [LManager] - C:\Program Files (x86)\Launch Manager\LManager.exe [975952 2010-08-10] (Dritek System Inc.) HKLM-x32\...\Run: [Microsoft Default Manager] - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe [439568 2010-05-10] (Microsoft Corporation) HKLM-x32\...\Run: [PMSpeed] - C:\Program Files (x86)\NewSoft\Presto! PageManager 9 for EP\PMSpeed.EXE [112464 2009-12-04] (NewSoft Technology Corporation) HKLM-x32\...\Run: [Adobe Version Cue CS2] - c:\Creative Suite CS2\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe [856064 2005-04-06] (Adobe Sytems Incorporated) Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation) HKU\S-1-5-21-2990733432-2411743892-3817270005-1001\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1 HKU\S-1-5-21-2990733432-2411743892-3817270005-1001\...\MountPoints2: {03d88778-967c-11e0-98cd-18f46a8e6bdb} - E:\AutoRun.exe AppInit_DLLs: C:\Windows\system32\nvinitx.dll => C:\Windows\system32\nvinitx.dll [247144 2012-10-08] (NVIDIA Corporation) AppInit_DLLs-x32: C:\Windows\SysWOW64\nvinit.dll => C:\Windows\SysWOW64\nvinit.dll [202600 2012-10-08] (NVIDIA Corporation) ==================== Internet (Whitelisted) ==================== HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank URLSearchHook: HKLM-x32 - (No Name) - {7e111a5c-3d11-4f56-9463-5310c3c69025} - No File SearchScopes: HKLM-x32 - DefaultScope {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = hxxp://feed.snapdo.com/?publisher=SnapdoOCYB&dpid=SnapdoOCYB&co=DE&userid=c3d0545f-1862-3a2b-25c3-14f63171b510&searchtype=ds&q={searchTerms}&installDate=20/02/2014 SearchScopes: HKLM-x32 - {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = hxxp://feed.snapdo.com/?publisher=SnapdoOCYB&dpid=SnapdoOCYB&co=DE&userid=c3d0545f-1862-3a2b-25c3-14f63171b510&searchtype=ds&q={searchTerms}&installDate=20/02/2014 SearchScopes: HKCU - DefaultScope {3BD44F0E-0596-4008-AEE0-45D47E3A8F0E} URL = hxxp://securedsearch2.lavasoft.com/results.php?pr=vmn&id=adawaretb&v=3_8&idate=2014-03-09&hsimp=yhs-lavasoft&ent=ch&q={searchTerms} SearchScopes: HKCU - {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = hxxp://feed.snapdo.com/?publisher=SnapdoOCYB&dpid=SnapdoOCYB&co=DE&userid=c3d0545f-1862-3a2b-25c3-14f63171b510&searchtype=ds&q={searchTerms}&installDate=20/02/2014 SearchScopes: HKCU - {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = hxxp://search.conduit.com/Results.aspx?ctid=CT3322611&octid=EB_ORIGINAL_CTID&SearchSource=58&CUI=&UM=4&UP=SP5976DB5F-6961-43B6-8115-00860E63B11C&q={searchTerms}&SSPV= SearchScopes: HKCU - {3BD44F0E-0596-4008-AEE0-45D47E3A8F0E} URL = hxxp://securedsearch2.lavasoft.com/results.php?pr=vmn&id=adawaretb&v=3_8&idate=2014-03-09&hsimp=yhs-lavasoft&ent=ch&q={searchTerms} BHO: Plus-HD-7.7 - {11111111-1111-1111-1111-110511071180} - No File BHO: Content Blocker Plugin - {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\x64\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO) BHO: Virtual Keyboard Plugin - {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO) BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) BHO: Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - No File BHO: Safe Money Plugin - {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\x64\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO) BHO: URL Advisor Plugin - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\x64\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO) BHO-x32: MSS+ Identifier - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - No File BHO-x32: Content Blocker Plugin - {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO) BHO-x32: Virtual Keyboard Plugin - {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO) BHO-x32: Windows Live ID-Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) BHO-x32: Safe Money Plugin - {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO) BHO-x32: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll (Microsoft Corporation) BHO-x32: AdobeAir - {DCA971EE-CB86-4592-AE52-A45B2E257A12} - C:\Users\Mader\AppData\LocalLow\AdobeAir\IE\AdobeAir.dll (Adobe Systems Inc.) BHO-x32: URL Advisor Plugin - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO) Toolbar: HKLM - Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - No File Toolbar: HKLM - No Name - {ae07101b-46d4-4a98-af68-0333ea26e113} - No File Toolbar: HKLM-x32 - No Name - {7e111a5c-3d11-4f56-9463-5310c3c69025} - No File Toolbar: HKLM-x32 - No Name - {ae07101b-46d4-4a98-af68-0333ea26e113} - No File Toolbar: HKCU - No Name - {7E111A5C-3D11-4F56-9463-5310C3C69025} - No File Handler-x32: http\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation) Handler-x32: http\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation) Handler-x32: https\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation) Handler-x32: https\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation) Handler-x32: msdaipp\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation) Handler-x32: msdaipp\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation) Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies) Tcpip\Parameters: [DhcpNameServer] 192.168.178.1 Tcpip\..\Interfaces\{B95537F4-325C-48D3-80F1-A45DB4249321}: [NameServer]193.189.244.206 193.189.244.225 Tcpip\..\Interfaces\{BE774339-C269-4780-A3C6-13D946E3716A}: [NameServer]193.189.244.206 193.189.244.225 FireFox: ======== FF ProfilePath: C:\Users\Mader\AppData\Roaming\Mozilla\Firefox\Profiles\wo6sho0b.default FF NewTab: about:blank FF DefaultSearchEngine: Freeware.de Customized Web Search FF SelectedSearchEngine: Freeware.de Customized Web Search FF Homepage: hxxp://search.conduit.com/?CUI=UN17810817778844068&ctid=CT2736476&SearchSource=13 FF Keyword.URL: hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2736476&SearchSource=2&CUI=UN17810817778844068&UM=&q= FF NetworkProxy: "type", 0 FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_12_0_0_77.dll () FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation) FF Plugin: @videolan.org/vlc,version=2.1.3 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN) FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_77.dll () FF Plugin-x32: @adobe.com/ShockwavePlayer - C:\Windows\SysWOW64\Adobe\Director\np32dsw_1168638.dll (Adobe Systems, Inc.) FF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google) FF Plugin-x32: @java.com/DTPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=10.5.1 - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin-x32: @mcafee.com/McAfeeMssPlugin - C:\Program Files (x86)\McAfee Security Scan\3.0.318\npMcAfeeMss.dll No File FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation) FF Plugin-x32: @microsoft.com/OfficeLive,version=1.5 - C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.) FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin-x32: @protectdisc.com/NPPDLicenseHelper - C:\Program Files (x86)\ProtectDisc\License Helper\NPPDLicenseHelper.dll () FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF Plugin HKCU: facebook.com/fbDesktopPlugin - C:\Users\Mader\AppData\Local\Facebook\Messenger\2.1.4814.0\npFbDesktopPlugin.dll (Facebook, Inc.) FF SearchPlugin: C:\Users\Mader\AppData\Roaming\Mozilla\Firefox\Profiles\wo6sho0b.default\searchplugins\conduit.xml FF SearchPlugin: C:\Users\Mader\AppData\Roaming\Mozilla\Firefox\Profiles\wo6sho0b.default\searchplugins\freewarede-customized-web-search-1.xml FF SearchPlugin: C:\Users\Mader\AppData\Roaming\Mozilla\Firefox\Profiles\wo6sho0b.default\searchplugins\freewarede-customized-web-search.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\adawaretb.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml FF Extension: Plus-HD-7.7 - C:\Users\Mader\AppData\Roaming\Mozilla\Firefox\Profiles\wo6sho0b.default\Extensions\29abb661-0efc-4f64-8a89-b11430d434c4@9678608e-dc95-42b0-8db0-4ce126239776.com [2014-03-09] FF Extension: AdobeAir - C:\Users\Mader\AppData\Roaming\Mozilla\Firefox\Profiles\wo6sho0b.default\Extensions\air3@adobe.com [2011-12-20] FF Extension: German Dictionary - C:\Users\Mader\AppData\Roaming\Mozilla\Firefox\Profiles\wo6sho0b.default\Extensions\de-DE@dictionaries.addons.mozilla.org [2012-10-14] FF Extension: LastPass - C:\Users\Mader\AppData\Roaming\Mozilla\Firefox\Profiles\wo6sho0b.default\Extensions\support@lastpass.com [2013-04-25] FF Extension: www.Freeware-download.com - C:\Users\Mader\AppData\Roaming\Mozilla\Firefox\Profiles\wo6sho0b.default\Extensions\{26647ca4-a2a7-4eac-8a72-761aa9141de7} [2013-12-10] FF Extension: Yahoo! Toolbar - C:\Users\Mader\AppData\Roaming\Mozilla\Firefox\Profiles\wo6sho0b.default\Extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1} [2014-02-11] FF Extension: Freeware.de - C:\Users\Mader\AppData\Roaming\Mozilla\Firefox\Profiles\wo6sho0b.default\Extensions\{7e111a5c-3d11-4f56-9463-5310c3c69025} [2013-12-15] FF Extension: WOT - C:\Users\Mader\AppData\Roaming\Mozilla\Firefox\Profiles\wo6sho0b.default\Extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} [2013-11-27] FF Extension: Flash and Video Download - C:\Users\Mader\AppData\Roaming\Mozilla\Firefox\Profiles\wo6sho0b.default\Extensions\{bee6eb20-01e0-ebd1-da83-080329fb9a3a} [2014-03-09] FF Extension: SearchPreview - C:\Users\Mader\AppData\Roaming\Mozilla\Firefox\Profiles\wo6sho0b.default\Extensions\{EF522540-89F5-46b9-B6FE-1829E2B572C6} [2014-03-16] FF Extension: Personas Plus - C:\Users\Mader\AppData\Roaming\Mozilla\Firefox\Profiles\wo6sho0b.default\Extensions\personas@christopher.beard.xpi [2012-08-06] FF Extension: WEB.DE MailCheck - C:\Users\Mader\AppData\Roaming\Mozilla\Firefox\Profiles\wo6sho0b.default\Extensions\toolbar@web.de.xpi [2013-04-03] FF Extension: Google Translator for Firefox - C:\Users\Mader\AppData\Roaming\Mozilla\Firefox\Profiles\wo6sho0b.default\Extensions\translator@zoli.bod.xpi [2012-08-06] FF Extension: ImTranslator - C:\Users\Mader\AppData\Roaming\Mozilla\Firefox\Profiles\wo6sho0b.default\Extensions\{9AA46F4F-4DC7-4c06-97AF-5035170634FE}.xpi [2013-02-11] FF Extension: New Tab Wallpapers - C:\Users\Mader\AppData\Roaming\Mozilla\Firefox\Profiles\wo6sho0b.default\Extensions\{a5312b79-bf0d-4825-a25f-b33d67d4a58a}.xpi [2013-01-06] FF Extension: Adblock Plus - C:\Users\Mader\AppData\Roaming\Mozilla\Firefox\Profiles\wo6sho0b.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2011-03-28] FF HKLM-x32\...\Firefox\Extensions: [{3252b9ae-c69a-4eaf-9502-dc9c1f6c009e}] - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DMExtension\ FF Extension: Default Manager - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DMExtension\ [] FF HKLM-x32\...\Firefox\Extensions: - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\url_advisor@kaspersky.com FF Extension: Kaspersky URL Advisor - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\url_advisor@kaspersky.com [2014-02-04] FF HKLM-x32\...\Firefox\Extensions: [virtual_keyboard@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\virtual_keyboard@kaspersky.com FF Extension: Virtual Keyboard - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\virtual_keyboard@kaspersky.com [2014-02-04] FF HKLM-x32\...\Firefox\Extensions: [content_blocker@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\content_blocker@kaspersky.com FF Extension: Dangerous Websites Blocker - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\content_blocker@kaspersky.com [2014-02-04] FF HKLM-x32\...\Firefox\Extensions: [anti_banner@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\anti_banner@kaspersky.com FF Extension: Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\anti_banner@kaspersky.com [2014-02-04] FF HKLM-x32\...\Firefox\Extensions: [online_banking@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\online_banking@kaspersky.com FF Extension: Safe Money - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\online_banking@kaspersky.com [2014-02-04] FF HKLM-x32\...\Firefox\Extensions: [fmconverter@gmail.com] - C:\Program Files (x86)\Freemake\Freemake Video Converter\BrowserPlugin\Firefox\ FF Extension: Freemake Video Converter Plugin - C:\Program Files (x86)\Freemake\Freemake Video Converter\BrowserPlugin\Firefox\ [] FF HKCU\...\Firefox\Extensions: [mail@gutscheinrausch.de] - C:\Users\Mader\AppData\Roaming\Mozilla\Firefox\Profiles\wo6sho0b.default\extensions\mail@gutscheinrausch.de FF HKCU\...\Firefox\Extensions: [firejump@firejump.net] - C:\Users\Mader\AppData\Roaming\Mozilla\Firefox\Profiles\wo6sho0b.default\extensions\firejump@firejump.net FF HKCU\...\Thunderbird\Extensions: [{528bcd12-8e45-4595-96dd-c92c3989c536}] - C:\Program Files (x86)\WEB.DE\WEB.DE MultiMessenger\ThunderbirdSyncProxy FF Extension: Adressbuchanbindung für WEB.DE MultiMessenger - C:\Program Files (x86)\WEB.DE\WEB.DE MultiMessenger\ThunderbirdSyncProxy [2012-05-04] Chrome: ======= CHR HomePage: hxxp://securedsearch2.lavasoft.com/index.php?pr=vmn&id=adawaretb&v=3_8&idate=2014-03-09&ent=hp&u=08A39062E42709F03C1EDA531CBBFFA7 CHR Extension: (Google Docs) - C:\Users\Mader\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-03-09] CHR Extension: (Google Drive) - C:\Users\Mader\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-03-09] CHR Extension: (YouTube) - C:\Users\Mader\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-03-09] CHR Extension: (Google-Suche) - C:\Users\Mader\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-03-09] CHR Extension: (Modul zur Link-Untersuchung) - C:\Users\Mader\AppData\Local\Google\Chrome\User Data\Default\Extensions\dchlnpcodkpfdpacogkljefecpegganj [2014-03-09] CHR Extension: (AdobeAir) - C:\Users\Mader\AppData\Local\Google\Chrome\User Data\Default\Extensions\gdalfokaihlahnhdieedhgfekidifmfa [2014-03-09] CHR Extension: (Sicherer Zahlungsverkehr) - C:\Users\Mader\AppData\Local\Google\Chrome\User Data\Default\Extensions\hakdifolhalapjijoafobooafbilfakh [2014-03-09] CHR Extension: (Modul zum Sperren von gefährlichen Webseiten) - C:\Users\Mader\AppData\Local\Google\Chrome\User Data\Default\Extensions\hghkgaeecgjhjkannahfamoehjmkjail [2014-03-09] CHR Extension: (Virtuelle Tastatur) - C:\Users\Mader\AppData\Local\Google\Chrome\User Data\Default\Extensions\jagncdcchgajhfhijbbhecadmaiegcmh [2014-03-09] CHR Extension: (Freemake Video Converter) - C:\Users\Mader\AppData\Local\Google\Chrome\User Data\Default\Extensions\jbolfgndggfhhpbnkgnpjkfhinclbigj [2014-03-09] CHR Extension: (Google Wallet) - C:\Users\Mader\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-03-09] CHR Extension: (Google Mail) - C:\Users\Mader\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-03-09] CHR Extension: (Anti-Banner) - C:\Users\Mader\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjldcfjmnllhmgjclecdnfampinooman [2014-03-09] CHR HKLM-x32\...\Chrome\Extension: [dchlnpcodkpfdpacogkljefecpegganj] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\ChromeExt\urladvisor.crx [2013-10-17] CHR HKLM-x32\...\Chrome\Extension: [gdalfokaihlahnhdieedhgfekidifmfa] - C:\Users\Mader\AppData\LocalLow\AdobeAir\CHROME\AdobeAir.crx [2011-11-03] CHR HKLM-x32\...\Chrome\Extension: [hakdifolhalapjijoafobooafbilfakh] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\ChromeExt\online_banking_chrome.crx [2013-10-17] CHR HKLM-x32\...\Chrome\Extension: [hghkgaeecgjhjkannahfamoehjmkjail] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\ChromeExt\content_blocker_chrome.crx [2013-10-17] CHR HKLM-x32\...\Chrome\Extension: [jagncdcchgajhfhijbbhecadmaiegcmh] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\ChromeExt\virtkbd.crx [2013-10-17] CHR HKLM-x32\...\Chrome\Extension: [jbolfgndggfhhpbnkgnpjkfhinclbigj] - C:\Program Files (x86)\Freemake\Freemake Video Converter\BrowserPlugin\Chrome\Freemake.Plugin.Chrome.crx [2014-02-21] CHR HKLM-x32\...\Chrome\Extension: [niapdbllcanepiiimjjndipklodoedlc] - C:\Program Files (x86)\Yontoo\YontooLayers.crx [2012-09-12] CHR HKLM-x32\...\Chrome\Extension: [oejkcgajlodefenbbjdnaiahmbnnoole] - C:\Program Files (x86)\Lavasoft\AdAware SecureSearch Toolbar\chrome-newtab-search.crx [2012-09-12] CHR HKLM-x32\...\Chrome\Extension: [pjldcfjmnllhmgjclecdnfampinooman] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\ChromeExt\ab.crx [2013-10-17] ==================== Services (Whitelisted) ================= R2 AAV UpdateService; C:\Program Files (x86)\AAVUpdateManager\aavus.exe [128296 2008-10-24] () S3 Adobe LM Service; C:\Program Files (x86)\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [72704 2013-02-12] (Adobe Systems) R2 Adobe Version Cue CS2; c:\Creative Suite CS2\Adobe Version Cue CS2\bin\VersionCueCS2.exe [163840 2005-04-06] (Adobe Systems Incorporated) R2 AdobeAirUpdater; C:\Users\Mader\AppData\LocalLow\AdobeAir\IE\AdobeAirUpdater.exe [18432 2011-11-03] () R2 avp; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avp.exe [214512 2013-10-17] (Kaspersky Lab ZAO) S4 DBService; C:\Program Files (x86)\Common Files\DATA BECKER Shared\DBService.exe [187456 2009-01-08] (DATA BECKER GmbH & Co KG) R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation) R2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation) S3 MWLService; C:\Program Files (x86)\EgisTec MyWinLocker\x86\MWLService.exe [305520 2010-05-27] (Egis Technology Inc.) R2 SearchAnonymizer; C:\Users\Mader\AppData\Roaming\OCS\SM\SearchAnonymizerHelper.exe [40960 2012-02-22] () R2 TuneUp.UtilitiesSvc; C:\Program Files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesService64.exe [2103096 2013-12-18] (TuneUp Software) ==================== Drivers (Whitelisted) ==================== S3 EsgScanner; C:\Windows\System32\DRIVERS\EsgScanner.sys [22704 2012-06-22] () S3 ewusbnet; C:\Windows\System32\DRIVERS\ewusbnet.sys [246224 2010-05-11] (Huawei Technologies Co., Ltd.) S3 hwusbdev; C:\Windows\System32\DRIVERS\ewusbdev.sys [114304 2010-05-11] (Huawei Technologies Co., Ltd.) R0 kl1; C:\Windows\System32\DRIVERS\kl1.sys [458336 2014-02-04] (Kaspersky Lab ZAO) S4 klflt; C:\Windows\System32\DRIVERS\klflt.sys [115296 2014-02-17] (Kaspersky Lab ZAO) R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [624224 2014-02-17] (Kaspersky Lab ZAO) R1 KLIM6; C:\Windows\System32\DRIVERS\klim6.sys [29792 2013-10-17] (Kaspersky Lab ZAO) R3 klkbdflt; C:\Windows\System32\DRIVERS\klkbdflt.sys [29280 2014-02-17] (Kaspersky Lab ZAO) R3 klmouflt; C:\Windows\System32\DRIVERS\klmouflt.sys [29280 2013-10-17] (Kaspersky Lab ZAO) R1 klpd; C:\Windows\System32\DRIVERS\klpd.sys [15456 2013-04-12] (Kaspersky Lab ZAO) R1 kltdi; C:\Windows\System32\DRIVERS\kltdi.sys [55904 2013-05-14] (Kaspersky Lab ZAO) R1 kneps; C:\Windows\System32\DRIVERS\kneps.sys [178272 2014-02-04] (Kaspersky Lab ZAO) R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation) R1 netfilter64; C:\Windows\System32\drivers\netfilter64.sys [61592 2013-12-17] (NetFilterSDK.com) R0 snapman380; C:\Windows\System32\DRIVERS\snman380.sys [237600 2011-09-26] (Acronis) S3 SNP2STD; C:\Windows\System32\DRIVERS\snp2sxp.sys [12528768 2007-09-10] () S3 SNP2STD; C:\Windows\SysWOW64\DRIVERS\snp2sxp.sys [12212864 2007-09-05] () R0 tdrpman140; C:\Windows\System32\DRIVERS\tdrpm140.sys [1580576 2011-09-26] (Acronis) R3 TuneUpUtilitiesDrv; C:\Program Files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesDriver64.sys [14112 2013-12-16] (TuneUp Software) S3 esgiguard; \??\C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [X] ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2014-03-17 10:13 - 2014-03-17 12:13 - 00013022 _____ () C:\Windows\PFRO.log 2014-03-17 08:54 - 2014-03-17 08:54 - 00001117 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk 2014-03-17 08:54 - 2014-03-17 08:54 - 00000000 ____D () C:\Users\Mader\AppData\Roaming\Malwarebytes 2014-03-17 08:54 - 2014-03-17 08:54 - 00000000 ____D () C:\ProgramData\Malwarebytes 2014-03-17 08:54 - 2014-03-17 08:54 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes' Anti-Malware 2014-03-17 08:54 - 2013-04-04 14:50 - 00025928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys 2014-03-17 08:51 - 2014-03-17 08:52 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\Mader\Downloads\mbam-setup-1.75.0.1300.exe 2014-03-16 22:06 - 2014-03-16 22:12 - 00050077 _____ () C:\Users\Mader\Downloads\Addition.txt 2014-03-16 22:03 - 2014-03-17 13:17 - 00029505 _____ () C:\Users\Mader\Downloads\FRST.txt 2014-03-16 22:02 - 2014-03-17 13:17 - 00000000 ____D () C:\FRST 2014-03-16 22:02 - 2014-03-16 22:02 - 02157056 _____ (Farbar) C:\Users\Mader\Downloads\FRST64.exe 2014-03-16 22:00 - 2014-03-16 22:00 - 01145856 _____ (Farbar) C:\Users\Mader\Downloads\FRST.exe 2014-03-11 07:58 - 2014-03-11 07:58 - 00003128 _____ () C:\Windows\System32\Tasks\{EA1ADFDB-A450-4560-A0E9-C1B9356C5182} 2014-03-11 03:09 - 2014-03-11 03:09 - 00077160 _____ () C:\Users\Mader\AppData\Local\GDIPFONTCACHEV1.DAT 2014-03-11 03:08 - 2014-03-17 12:13 - 00000784 _____ () C:\Windows\setupact.log 2014-03-11 03:08 - 2014-03-11 03:08 - 00342112 _____ () C:\Windows\system32\FNTCACHE.DAT 2014-03-11 03:08 - 2014-03-11 03:08 - 00000000 _____ () C:\Windows\setuperr.log 2014-03-11 03:02 - 2014-03-11 03:02 - 00000000 ____D () C:\Users\Mader\AppData\Local\CrashRpt 2014-03-11 03:01 - 2014-03-11 03:17 - 00000000 ____D () C:\Program Files (x86)\Systweak Support Dock 2014-03-11 03:01 - 2014-03-11 03:17 - 00000000 ____D () C:\Program Files (x86)\PC Cleaner 2014-03-11 03:01 - 2014-03-11 03:17 - 00000000 ____D () C:\Program Files (x86)\Advanced Disk Recovery 2014-03-10 15:36 - 2014-03-10 15:37 - 00991480 _____ (1&1 Mail & Media GmbH) C:\Users\Mader\Downloads\WEB.DE_Softwareaktualisierung_Setup.exe 2014-03-09 20:48 - 2014-03-09 20:48 - 00000000 ____D () C:\Users\Mader\AppData\Roaming\LavasoftStatistics 2014-03-09 20:10 - 2014-03-11 02:52 - 00000000 ____D () C:\Program Files (x86)\Toolbar Cleaner 2014-03-09 20:10 - 2014-03-09 20:10 - 00000000 ____D () C:\Program Files\Lavasoft 2014-03-09 20:08 - 2014-03-09 20:08 - 00000000 ____D () C:\Users\Mader\AppData\Roaming\SecureSearch 2014-03-09 20:07 - 2014-03-09 20:07 - 00000000 ____D () C:\Program Files (x86)\Lavasoft 2014-03-09 20:04 - 2014-03-09 20:04 - 01727624 _____ () C:\Users\Mader\Downloads\Adaware_Installer_11153540.exe 2014-03-09 20:04 - 2014-03-09 20:04 - 00000000 ____D () C:\ProgramData\Lavasoft 2014-03-09 19:54 - 2014-03-09 19:54 - 00613200 _____ (Chip Digital GmbH) C:\Users\Mader\Downloads\SuperAntiSpyware - CHIP-Downloader.exe 2014-03-09 17:06 - 2014-03-15 10:31 - 00002179 _____ () C:\Users\Public\Desktop\Google Chrome.lnk 2014-03-09 17:04 - 2014-03-09 20:21 - 00000000 ____D () C:\Program Files\SUPERAntiSpyware 2014-03-09 17:04 - 2014-03-09 17:04 - 00000000 ____D () C:\Users\Mader\AppData\Roaming\SUPERAntiSpyware.com 2014-03-09 17:04 - 2014-03-09 17:04 - 00000000 ____D () C:\ProgramData\SUPERAntiSpyware.com 2014-03-09 17:01 - 2014-03-09 17:01 - 29393568 _____ (SUPERAntiSpyware) C:\Users\Mader\Downloads\SUPERAntiSpyware.exe 2014-03-09 15:43 - 2014-03-09 15:43 - 00000000 _____ () C:\autoexec.bat 2014-03-09 15:42 - 2014-03-11 02:23 - 00003328 _____ () C:\Windows\System32\Tasks\SpyHunter4Startup 2014-03-09 15:42 - 2014-03-09 15:42 - 00000000 ____D () C:\Program Files\Enigma Software Group 2014-03-09 15:42 - 2012-06-22 11:01 - 00022704 _____ () C:\Windows\system32\Drivers\EsgScanner.sys 2014-03-09 15:39 - 2014-03-09 19:33 - 00000000 ____D () C:\Windows\ACF5FE1B377240688B872D2A6EFD0A05.TMP 2014-03-09 07:43 - 2014-03-09 07:43 - 00728960 _____ (Enigma Software Group USA, LLC.) C:\Users\Mader\Downloads\SpyHunter-Installer.exe 2014-03-06 14:32 - 2013-12-18 10:01 - 00040760 _____ (TuneUp Software) C:\Windows\system32\TURegOpt.exe 2014-03-06 14:31 - 2014-03-06 14:31 - 00002217 _____ () C:\Users\Public\Desktop\TuneUp 1-Klick-Wartung.lnk 2014-03-06 14:31 - 2014-03-06 14:31 - 00002197 _____ () C:\Users\Public\Desktop\TuneUp Utilities 2014.lnk 2014-03-06 14:31 - 2014-03-06 14:31 - 00000000 ____D () C:\Program Files (x86)\TuneUp Utilities 2014 2014-03-06 14:31 - 2013-12-18 10:01 - 00029496 _____ (TuneUp Software) C:\Windows\system32\authuitu.dll 2014-03-06 14:31 - 2013-12-18 10:01 - 00025400 _____ (TuneUp Software) C:\Windows\SysWOW64\authuitu.dll 2014-03-06 14:28 - 2014-03-06 14:41 - 00000000 __SHD () C:\ProgramData\{FE8D473A-6F06-4F99-B5F4-BED72B2A038C} 2014-03-06 14:27 - 2014-03-06 14:27 - 35955112 _____ (TuneUp Software) C:\Users\Mader\Downloads\TuneUpUtilities2014_de-DE(1).exe 2014-03-06 14:26 - 2014-03-06 14:27 - 35955112 _____ (TuneUp Software) C:\Users\Mader\Downloads\TuneUpUtilities2014_de-DE.exe 2014-02-21 22:57 - 2014-02-21 22:57 - 00001328 _____ () C:\Users\Public\Desktop\Freemake Video Converter.lnk 2014-02-21 22:57 - 2014-02-21 22:57 - 00000000 ____D () C:\Users\Mader\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Freemake 2014-02-21 22:54 - 2014-02-21 22:54 - 01308120 _____ (Ellora Assets Corporation ) C:\Users\Mader\Downloads\FreemakeVideoConverterSetup.exe 2014-02-21 12:44 - 2014-02-21 12:44 - 00001168 _____ () C:\Users\Mader\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk 2014-02-21 12:37 - 2014-02-21 12:37 - 00002772 _____ () C:\Windows\System32\Tasks\CCleanerSkipUAC 2014-02-21 12:36 - 2014-02-21 12:36 - 00000826 _____ () C:\Users\Public\Desktop\CCleaner.lnk 2014-02-21 12:36 - 2014-02-21 12:36 - 00000000 ____D () C:\Program Files\CCleaner 2014-02-21 12:34 - 2014-02-21 12:34 - 00614816 _____ (Chip Digital GmbH) C:\Users\Mader\Downloads\CCleaner - CHIP-Downloader.exe 2014-02-21 12:28 - 2014-02-21 12:31 - 00042496 ___SH () C:\Users\Mader\Downloads\Thumbs.db 2014-02-20 13:05 - 2014-02-20 13:05 - 00000000 ____D () C:\Users\Mader\AppData\Local\FreemakeVideoDownloader 2014-02-20 12:48 - 2014-02-21 07:41 - 00000000 ____D () C:\Program Files\WinPcap 2014-02-20 12:47 - 2014-02-21 22:58 - 00000000 ____D () C:\Users\Mader\Documents\Freemake 2014-02-20 12:47 - 2014-02-21 22:58 - 00000000 ____D () C:\ProgramData\Freemake 2014-02-20 12:47 - 2014-02-21 22:57 - 00000000 ____D () C:\Program Files (x86)\Freemake 2014-02-20 12:44 - 2014-02-20 12:44 - 01308464 _____ (Ellora Assets Corporation ) C:\Users\Mader\Downloads\FreemakeVideoDownloaderSetup.exe 2014-02-20 10:13 - 2014-03-16 15:08 - 00000000 ____D () C:\Users\Mader\AppData\Roaming\vlc 2014-02-20 10:12 - 2014-02-20 10:12 - 00000875 _____ () C:\Users\Public\Desktop\VLC media player.lnk 2014-02-20 10:12 - 2014-02-20 10:12 - 00000000 ____D () C:\Program Files\VideoLAN 2014-02-20 10:10 - 2014-02-20 10:10 - 00000000 ____D () C:\Program Files (x86)\ResultsAlpha 2014-02-20 10:08 - 2014-02-20 10:10 - 00000000 ____D () C:\Users\Mader\AppData\Local\DownloadGuide 2014-02-20 10:06 - 2014-02-20 10:07 - 00695664 _____ () C:\Users\Mader\Downloads\vlc-2.1.3-win64-Downloader.exe 2014-02-20 08:31 - 2014-02-20 08:31 - 01883792 _____ (Irfan Skiljan) C:\Users\Mader\Downloads\iview437_setup.exe 2014-02-20 01:03 - 2014-02-20 01:03 - 01921665 _____ () C:\Users\Mader\Downloads\VID-20140213-WA0001.mp4 2014-02-16 15:36 - 2014-02-16 15:37 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox ==================== One Month Modified Files and Folders ======= 2014-03-17 13:19 - 2014-03-16 22:03 - 00029505 _____ () C:\Users\Mader\Downloads\FRST.txt 2014-03-17 13:17 - 2014-03-16 22:02 - 00000000 ____D () C:\FRST 2014-03-17 13:05 - 2012-04-03 08:37 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job 2014-03-17 12:32 - 2013-03-01 09:33 - 00000000 ____D () C:\ProgramData\Kaspersky Lab 2014-03-17 12:27 - 2012-02-23 16:06 - 00001108 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2014-03-17 12:21 - 2009-07-14 05:45 - 00009696 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2014-03-17 12:21 - 2009-07-14 05:45 - 00009696 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2014-03-17 12:14 - 2011-10-09 16:43 - 00003430 _____ () C:\Windows\System32\Tasks\Secunia PSI Logon Task 2014-03-17 12:14 - 2011-03-28 17:37 - 00000000 ___HD () C:\Users\Mader\AppData\Roaming\.oit 2014-03-17 12:13 - 2014-03-17 10:13 - 00013022 _____ () C:\Windows\PFRO.log 2014-03-17 12:13 - 2014-03-11 03:08 - 00000784 _____ () C:\Windows\setupact.log 2014-03-17 12:13 - 2012-02-23 16:06 - 00001104 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2014-03-17 12:13 - 2011-04-17 11:08 - 00065536 _____ () C:\Windows\system32\Ikeext.etl 2014-03-17 12:13 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2014-03-17 12:11 - 2010-11-21 02:49 - 01685748 _____ () C:\Windows\WindowsUpdate.log 2014-03-17 10:44 - 2014-02-11 10:44 - 00000000 ____D () C:\Program Files\Level Quality Watcher 2014-03-17 10:29 - 2012-04-13 09:18 - 00001138 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2990733432-2411743892-3817270005-1001UA.job 2014-03-17 08:54 - 2014-03-17 08:54 - 00001117 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk 2014-03-17 08:54 - 2014-03-17 08:54 - 00000000 ____D () C:\Users\Mader\AppData\Roaming\Malwarebytes 2014-03-17 08:54 - 2014-03-17 08:54 - 00000000 ____D () C:\ProgramData\Malwarebytes 2014-03-17 08:54 - 2014-03-17 08:54 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes' Anti-Malware 2014-03-17 08:52 - 2014-03-17 08:51 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\Mader\Downloads\mbam-setup-1.75.0.1300.exe 2014-03-16 22:36 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\tracing 2014-03-16 22:12 - 2014-03-16 22:06 - 00050077 _____ () C:\Users\Mader\Downloads\Addition.txt 2014-03-16 22:02 - 2014-03-16 22:02 - 02157056 _____ (Farbar) C:\Users\Mader\Downloads\FRST64.exe 2014-03-16 22:00 - 2014-03-16 22:00 - 01145856 _____ (Farbar) C:\Users\Mader\Downloads\FRST.exe 2014-03-16 15:08 - 2014-02-20 10:13 - 00000000 ____D () C:\Users\Mader\AppData\Roaming\vlc 2014-03-16 15:05 - 2012-04-03 08:37 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2014-03-16 15:05 - 2012-04-03 08:37 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater 2014-03-16 15:05 - 2011-05-25 21:05 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2014-03-15 10:31 - 2014-03-09 17:06 - 00002179 _____ () C:\Users\Public\Desktop\Google Chrome.lnk 2014-03-11 07:58 - 2014-03-11 07:58 - 00003128 _____ () C:\Windows\System32\Tasks\{EA1ADFDB-A450-4560-A0E9-C1B9356C5182} 2014-03-11 07:29 - 2012-04-13 09:18 - 00001116 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2990733432-2411743892-3817270005-1001Core.job 2014-03-11 03:17 - 2014-03-11 03:01 - 00000000 ____D () C:\Program Files (x86)\Systweak Support Dock 2014-03-11 03:17 - 2014-03-11 03:01 - 00000000 ____D () C:\Program Files (x86)\PC Cleaner 2014-03-11 03:17 - 2014-03-11 03:01 - 00000000 ____D () C:\Program Files (x86)\Advanced Disk Recovery 2014-03-11 03:15 - 2014-02-11 10:46 - 00000000 ____D () C:\Users\Mader\AppData\Roaming\systweak 2014-03-11 03:09 - 2014-03-11 03:09 - 00077160 _____ () C:\Users\Mader\AppData\Local\GDIPFONTCACHEV1.DAT 2014-03-11 03:09 - 2011-11-25 06:00 - 00088064 ___SH () C:\Users\Mader\Desktop\Thumbs.db 2014-03-11 03:08 - 2014-03-11 03:08 - 00342112 _____ () C:\Windows\system32\FNTCACHE.DAT 2014-03-11 03:08 - 2014-03-11 03:08 - 00000000 _____ () C:\Windows\setuperr.log 2014-03-11 03:02 - 2014-03-11 03:02 - 00000000 ____D () C:\Users\Mader\AppData\Local\CrashRpt 2014-03-11 03:01 - 2014-02-11 10:47 - 00000000 ____D () C:\Program Files (x86)\Advanced System Protector 2014-03-11 02:52 - 2014-03-09 20:10 - 00000000 ____D () C:\Program Files (x86)\Toolbar Cleaner 2014-03-11 02:23 - 2014-03-09 15:42 - 00003328 _____ () C:\Windows\System32\Tasks\SpyHunter4Startup 2014-03-10 21:13 - 2011-04-14 05:24 - 00000190 _____ () C:\Windows\ktel.ini 2014-03-10 15:37 - 2014-03-10 15:36 - 00991480 _____ (1&1 Mail & Media GmbH) C:\Users\Mader\Downloads\WEB.DE_Softwareaktualisierung_Setup.exe 2014-03-09 20:48 - 2014-03-09 20:48 - 00000000 ____D () C:\Users\Mader\AppData\Roaming\LavasoftStatistics 2014-03-09 20:21 - 2014-03-09 17:04 - 00000000 ____D () C:\Program Files\SUPERAntiSpyware 2014-03-09 20:10 - 2014-03-09 20:10 - 00000000 ____D () C:\Program Files\Lavasoft 2014-03-09 20:08 - 2014-03-09 20:08 - 00000000 ____D () C:\Users\Mader\AppData\Roaming\SecureSearch 2014-03-09 20:07 - 2014-03-09 20:07 - 00000000 ____D () C:\Program Files (x86)\Lavasoft 2014-03-09 20:04 - 2014-03-09 20:04 - 01727624 _____ () C:\Users\Mader\Downloads\Adaware_Installer_11153540.exe 2014-03-09 20:04 - 2014-03-09 20:04 - 00000000 ____D () C:\ProgramData\Lavasoft 2014-03-09 19:54 - 2014-03-09 19:54 - 00613200 _____ (Chip Digital GmbH) C:\Users\Mader\Downloads\SuperAntiSpyware - CHIP-Downloader.exe 2014-03-09 19:33 - 2014-03-09 15:39 - 00000000 ____D () C:\Windows\ACF5FE1B377240688B872D2A6EFD0A05.TMP 2014-03-09 17:06 - 2012-02-23 16:06 - 00000000 ____D () C:\Program Files (x86)\Google 2014-03-09 17:04 - 2014-03-09 17:04 - 00000000 ____D () C:\Users\Mader\AppData\Roaming\SUPERAntiSpyware.com 2014-03-09 17:04 - 2014-03-09 17:04 - 00000000 ____D () C:\ProgramData\SUPERAntiSpyware.com 2014-03-09 17:01 - 2014-03-09 17:01 - 29393568 _____ (SUPERAntiSpyware) C:\Users\Mader\Downloads\SUPERAntiSpyware.exe 2014-03-09 15:43 - 2014-03-09 15:43 - 00000000 _____ () C:\autoexec.bat 2014-03-09 15:42 - 2014-03-09 15:42 - 00000000 ____D () C:\Program Files\Enigma Software Group 2014-03-09 07:43 - 2014-03-09 07:43 - 00728960 _____ (Enigma Software Group USA, LLC.) C:\Users\Mader\Downloads\SpyHunter-Installer.exe 2014-03-06 14:50 - 2012-09-12 11:05 - 00000000 ____D () C:\Program Files\Paint.NET 2014-03-06 14:41 - 2014-03-06 14:28 - 00000000 __SHD () C:\ProgramData\{FE8D473A-6F06-4F99-B5F4-BED72B2A038C} 2014-03-06 14:33 - 2012-04-13 09:18 - 00004124 _____ () C:\Windows\System32\Tasks\FacebookUpdateTaskUserS-1-5-21-2990733432-2411743892-3817270005-1001UA 2014-03-06 14:33 - 2012-04-13 09:18 - 00003756 _____ () C:\Windows\System32\Tasks\FacebookUpdateTaskUserS-1-5-21-2990733432-2411743892-3817270005-1001Core 2014-03-06 14:33 - 2011-04-10 11:30 - 00000000 ____D () C:\ProgramData\TuneUp Software 2014-03-06 14:31 - 2014-03-06 14:31 - 00002217 _____ () C:\Users\Public\Desktop\TuneUp 1-Klick-Wartung.lnk 2014-03-06 14:31 - 2014-03-06 14:31 - 00002197 _____ () C:\Users\Public\Desktop\TuneUp Utilities 2014.lnk 2014-03-06 14:31 - 2014-03-06 14:31 - 00000000 ____D () C:\Program Files (x86)\TuneUp Utilities 2014 2014-03-06 14:31 - 2011-04-10 11:35 - 00000000 ___HD () C:\Users\Mader\AppData\Roaming\TuneUp Software 2014-03-06 14:27 - 2014-03-06 14:27 - 35955112 _____ (TuneUp Software) C:\Users\Mader\Downloads\TuneUpUtilities2014_de-DE(1).exe 2014-03-06 14:27 - 2014-03-06 14:26 - 35955112 _____ (TuneUp Software) C:\Users\Mader\Downloads\TuneUpUtilities2014_de-DE.exe 2014-03-02 11:34 - 2012-08-07 21:59 - 00000000 ____D () C:\Users\Mader\Documents\HERMA 2014-02-27 14:44 - 2012-07-05 08:15 - 00012288 _____ () C:\Users\Mader\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini 2014-02-21 22:58 - 2014-02-20 12:47 - 00000000 ____D () C:\Users\Mader\Documents\Freemake 2014-02-21 22:58 - 2014-02-20 12:47 - 00000000 ____D () C:\ProgramData\Freemake 2014-02-21 22:57 - 2014-02-21 22:57 - 00001328 _____ () C:\Users\Public\Desktop\Freemake Video Converter.lnk 2014-02-21 22:57 - 2014-02-21 22:57 - 00000000 ____D () C:\Users\Mader\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Freemake 2014-02-21 22:57 - 2014-02-20 12:47 - 00000000 ____D () C:\Program Files (x86)\Freemake 2014-02-21 22:54 - 2014-02-21 22:54 - 01308120 _____ (Ellora Assets Corporation ) C:\Users\Mader\Downloads\FreemakeVideoConverterSetup.exe 2014-02-21 12:51 - 2010-08-30 10:12 - 00000000 ____D () C:\Program Files (x86)\Acer GameZone 2014-02-21 12:44 - 2014-02-21 12:44 - 00001168 _____ () C:\Users\Mader\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk 2014-02-21 12:42 - 2011-03-29 07:55 - 00000000 ___HD () C:\Users\Mader\AppData\Roaming\Apple Computer 2014-02-21 12:42 - 2011-03-29 07:53 - 00000000 ____D () C:\Program Files\Common Files\Apple 2014-02-21 12:39 - 2011-04-27 11:44 - 00000000 ___HD () C:\Users\Mader\AppData\Roaming\Skype 2014-02-21 12:39 - 2011-04-10 09:25 - 00000000 ___HD () C:\Users\Mader\Tracing 2014-02-21 12:39 - 2011-03-29 06:51 - 00000000 __HDC () C:\Users\Mader\AppData\Local\MigWiz 2014-02-21 12:39 - 2007-07-12 02:49 - 00000000 ____D () C:\Windows\Panther 2014-02-21 12:37 - 2014-02-21 12:37 - 00002772 _____ () C:\Windows\System32\Tasks\CCleanerSkipUAC 2014-02-21 12:36 - 2014-02-21 12:36 - 00000826 _____ () C:\Users\Public\Desktop\CCleaner.lnk 2014-02-21 12:36 - 2014-02-21 12:36 - 00000000 ____D () C:\Program Files\CCleaner 2014-02-21 12:34 - 2014-02-21 12:34 - 00614816 _____ (Chip Digital GmbH) C:\Users\Mader\Downloads\CCleaner - CHIP-Downloader.exe 2014-02-21 12:31 - 2014-02-21 12:28 - 00042496 ___SH () C:\Users\Mader\Downloads\Thumbs.db 2014-02-21 09:42 - 2012-02-23 16:06 - 00004114 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA 2014-02-21 09:42 - 2012-02-23 16:06 - 00003862 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore 2014-02-21 07:41 - 2014-02-20 12:48 - 00000000 ____D () C:\Program Files\WinPcap 2014-02-21 07:34 - 2011-10-09 14:10 - 00077160 _____ () C:\Windows\SysWOW64\GDIPFONTCACHEV1.DAT 2014-02-20 15:51 - 2011-10-09 14:02 - 00077160 _____ () C:\Windows\system32\GDIPFONTCACHEV1.DAT 2014-02-20 13:18 - 2012-07-11 15:28 - 00000000 ____D () C:\Program Files (x86)\Biet-O-Matic 2014-02-20 13:17 - 2012-07-11 15:28 - 00000000 ____D () C:\Users\Mader\AppData\Roaming\BOM 2014-02-20 13:05 - 2014-02-20 13:05 - 00000000 ____D () C:\Users\Mader\AppData\Local\FreemakeVideoDownloader 2014-02-20 12:44 - 2014-02-20 12:44 - 01308464 _____ (Ellora Assets Corporation ) C:\Users\Mader\Downloads\FreemakeVideoDownloaderSetup.exe 2014-02-20 10:12 - 2014-02-20 10:12 - 00000875 _____ () C:\Users\Public\Desktop\VLC media player.lnk 2014-02-20 10:12 - 2014-02-20 10:12 - 00000000 ____D () C:\Program Files\VideoLAN 2014-02-20 10:11 - 2013-02-12 08:41 - 00000393 _____ () C:\Windows\wininit.ini 2014-02-20 10:10 - 2014-02-20 10:10 - 00000000 ____D () C:\Program Files (x86)\ResultsAlpha 2014-02-20 10:10 - 2014-02-20 10:08 - 00000000 ____D () C:\Users\Mader\AppData\Local\DownloadGuide 2014-02-20 10:10 - 2012-02-23 16:05 - 00000000 ____D () C:\Users\Mader\AppData\Local\Google 2014-02-20 10:07 - 2014-02-20 10:06 - 00695664 _____ () C:\Users\Mader\Downloads\vlc-2.1.3-win64-Downloader.exe 2014-02-20 08:47 - 2011-12-15 17:30 - 00001898 _____ () C:\Users\Mader\Desktop\IrfanView Thumbnails.lnk 2014-02-20 08:47 - 2011-12-15 17:30 - 00001006 _____ () C:\Users\Mader\Desktop\IrfanView.lnk 2014-02-20 08:47 - 2011-12-15 17:30 - 00000000 ____D () C:\Users\Mader\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\IrfanView 2014-02-20 08:31 - 2014-02-20 08:31 - 01883792 _____ (Irfan Skiljan) C:\Users\Mader\Downloads\iview437_setup.exe 2014-02-20 01:03 - 2014-02-20 01:03 - 01921665 _____ () C:\Users\Mader\Downloads\VID-20140213-WA0001.mp4 2014-02-19 13:10 - 2013-11-13 11:47 - 00000000 ___RD () C:\Program Files (x86)\Skype 2014-02-19 13:10 - 2011-04-27 11:43 - 00000000 ____D () C:\ProgramData\Skype 2014-02-18 09:57 - 2011-03-28 18:25 - 00000000 ___HD () C:\Users\Mader\AppData\Local\Adobe 2014-02-18 07:24 - 2012-04-25 07:39 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service 2014-02-17 20:17 - 2014-02-05 07:22 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox.bak 2014-02-17 10:06 - 2013-10-17 15:47 - 00624224 _____ (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\klif.sys 2014-02-17 10:06 - 2013-10-17 15:47 - 00029280 _____ (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\klkbdflt.sys 2014-02-17 10:06 - 2013-06-08 20:18 - 00115296 _____ (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\klflt.sys 2014-02-16 15:37 - 2014-02-16 15:36 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox 2014-02-16 11:22 - 2012-03-12 12:47 - 00000000 ____D () C:\Users\Mader\Documents\WM Rechnungen Some content of TEMP: ==================== C:\Users\Mader\AppData\Local\Temp\5e7080c1-a605-4492-9fdc-2981803797c9.exe C:\Users\Mader\AppData\Local\Temp\SHSetup.exe C:\Users\Mader\AppData\Local\Temp\vcredist_x86.exe ==================== Bamital & volsnap Check ================= C:\Windows\System32\winlogon.exe => MD5 is legit C:\Windows\System32\wininit.exe => MD5 is legit C:\Windows\SysWOW64\wininit.exe => MD5 is legit C:\Windows\explorer.exe => MD5 is legit C:\Windows\SysWOW64\explorer.exe => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\SysWOW64\svchost.exe => MD5 is legit C:\Windows\System32\services.exe => MD5 is legit C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\SysWOW64\User32.dll => MD5 is legit C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\SysWOW64\userinit.exe => MD5 is legit C:\Windows\System32\rpcss.dll => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit LastRegBack: 2014-03-10 16:37 ==================== End Of Log ============================ |
Hi, Das andere Log von FRST fehlt. Außerdem sollten die Logs in CODE-Tags gepostet werden  Lesestoff:Posten in CODE-Tags Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert mir massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu gross für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
|
| Alle Zeitangaben in WEZ +1. Es ist jetzt 02:27 Uhr. |
Copyright ©2000-2025, Trojaner-Board