Trojaner-Board
Seite 2 von 2 1 2
100 Beiträge dieses Themas auf einer Seite anzeigen

Trojaner-Board (https://www.trojaner-board.de/)
-   Log-Analyse und Auswertung (https://www.trojaner-board.de/log-analyse-auswertung/)
-   -   Netzwerkadapter deaktiviert und USB-Geräte werden nicht erkannt (https://www.trojaner-board.de/173390-netzwerkadapter-deaktiviert-usb-geraete-erkannt.html)

schrauber 02.12.2015 16:52
Poste bitte nochmal ein frisches FRST log.

sexyrexy 04.12.2015 16:19
Code:
Untersuchungsergebnis von Farbar Recovery Scan Tool (FRST) (x64) Version:29-11-2015
durchgeführt von marcel (Administrator) auf MARINA-PC (04-12-2015 16:18:33)
Gestartet von C:\Users\marcel\Desktop\Malware Infektion Cleaning
Geladene Profile: marcel (Verfügbare Profile: marina & marcel & mario & Gast)
Platform: Windows Vista (TM) Home Premium Service Pack 2 (X64) Sprache: Deutsch (Deutschland)
Internet Explorer Version 9 (Standard-Browser: Chrome)
Start-Modus: Normal
Anleitung für Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Prozesse (Nicht auf der Ausnahmeliste) =================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Prozess geschlossen. Die Datei wird nicht verschoben.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Microsoft Corporation) C:\Windows\System32\SLsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Logitech Inc.) C:\Program Files\Logitech\Gaming Software\LWEMon.exe
(Microsoft Corporation) C:\Windows\ehome\ehtray.exe
(Spotify Ltd) C:\Users\marcel\AppData\Roaming\Spotify\SpotifyWebHelper.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
(Apple Inc.) C:\Program Files (x86)\QuickTime\QTTask.exe
(SafeNet Inc.) C:\Windows\System32\hasplms.exe
(AnchorFree Inc.) C:\Program Files (x86)\Hotspot Shield\bin\cmw_srv.exe
() C:\Program Files (x86)\Hotspot Shield\bin\hsswd.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
(Microsoft Corporation) C:\Windows\ehome\ehmsas.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Google Inc.) C:\Users\marcel\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\marcel\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\marcel\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\marcel\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\marcel\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\marcel\AppData\Local\Google\Chrome\Application\chrome.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Google Inc.) C:\Users\marcel\AppData\Local\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Program Files\Windows Media Player\wmpnscfg.exe
(Google Inc.) C:\Users\marcel\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\marcel\AppData\Local\Google\Chrome\Application\46.0.2490.86\nacl64.exe
(Google Inc.) C:\Users\marcel\AppData\Local\Google\Chrome\Application\46.0.2490.86\nacl64.exe
(Google Inc.) C:\Users\marcel\AppData\Local\Google\Update\1.3.29.1\GoogleCrashHandler.exe
(Google Inc.) C:\Users\marcel\AppData\Local\Google\Update\1.3.29.1\GoogleCrashHandler64.exe
(Spotify Ltd) C:\Users\marcel\AppData\Roaming\Spotify\Spotify.exe
(Spotify Ltd) C:\Users\marcel\AppData\Roaming\Spotify\SpotifyCrashService.exe
(Spotify Ltd) C:\Users\marcel\AppData\Roaming\Spotify\Spotify.exe
(Google Inc.) C:\Users\marcel\AppData\Local\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\conime.exe
(Google Inc.) C:\Users\marcel\AppData\Local\Google\Chrome\Application\chrome.exe
(Valve Corporation) C:\Program Files (x86)\Steam\Steam.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
(Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
(Microsoft Corporation) C:\Windows\System32\SnippingTool.exe
(Microsoft Corporation) C:\Windows\System32\wisptis.exe
(Google Inc.) C:\Users\marcel\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\marcel\AppData\Local\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe


==================== Registry (Nicht auf der Ausnahmeliste) ===========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt. Die Datei wird nicht verschoben.)

HKLM\...\Run: [Start WingMan Profiler] => C:\Program Files\Logitech\Gaming Software\LWEMon.exe [190536 2010-06-15] (Logitech Inc.)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2634896 2015-07-24] (NVIDIA Corporation)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [43816 2014-07-31] (Apple Inc.)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [782520 2015-11-24] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2015-08-06] (Apple Inc.)
HKU\S-1-5-21-499821555-1515846726-3243709471-1001\...\Run: [ehTray.exe] => C:\Windows\ehome\ehTray.exe [138240 2008-01-21] (Microsoft Corporation)
HKU\S-1-5-21-499821555-1515846726-3243709471-1001\...\Run: [Spotify Web Helper] => C:\Users\marcel\AppData\Roaming\Spotify\SpotifyWebHelper.exe [2344768 2015-11-18] (Spotify Ltd)
HKU\S-1-5-21-499821555-1515846726-3243709471-1001\...\Run: [Google Update] => C:\Users\marcel\AppData\Local\Google\Update\GoogleUpdate.exe [144200 2015-09-01] (Google Inc.)
HKU\S-1-5-21-499821555-1515846726-3243709471-1001\...\Policies\system: [DisableLockWorkstation] 0
HKU\S-1-5-21-499821555-1515846726-3243709471-1001\...\Policies\system: [DisableChangePassword] 0
HKU\S-1-5-21-499821555-1515846726-3243709471-1001\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1
HKU\S-1-5-21-499821555-1515846726-3243709471-1001\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\ssText3d.scr [334336 2008-01-21] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} =>  Keine Datei
ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} =>  Keine Datei
ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} =>  Keine Datei
ShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} =>  Keine Datei
Startup: C:\Users\marina\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2015-11-15]
ShortcutTarget: Dropbox.lnk -> C:\Users\marcel\AppData\Roaming\Dropbox\bin\Dropbox.exe (Keine Datei)
Startup: C:\Users\marina\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk [2009-12-02]
ShortcutTarget: OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk -> C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE (Keine Datei)
Startup: C:\Users\marina\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk [2014-07-21]
ShortcutTarget: OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk -> C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation)

==================== Internet (Nicht auf der Ausnahmeliste) ====================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Eintrag entfernt oder auf den Standardwert zurückgesetzt, wenn es sich um einen Registryeintrag handelt.)

Tcpip\Parameters: [DhcpNameServer] 192.168.0.1 192.168.0.2
Tcpip\..\Interfaces\{176F75FA-2EEA-4574-9FF6-D5EE634F10B2}: [DhcpNameServer] 192.168.0.1 192.168.0.2
Tcpip\..\Interfaces\{60898117-5FDF-4AD7-913E-0657A1685320}: [DhcpNameServer] 192.168.0.1 192.168.0.2
Tcpip\..\Interfaces\{9729659E-F4AD-41A7-A304-B8FFAD2E6CB1}: [DhcpNameServer] 8.8.8.8
Tcpip\..\Interfaces\{A083A9A5-9BA3-4A07-BD4B-25914ABC1824}: [DhcpNameServer] 192.168.0.1 192.168.0.2
Tcpip\..\Interfaces\{A0EA3E07-4716-4DF2-AD89-6CBD70C1F409}: [DhcpNameServer] 192.168.0.1 192.168.0.2
Tcpip\..\Interfaces\{C4713B7D-069F-4723-8D4E-87A096190CC5}: [DhcpNameServer] 192.168.0.1 192.168.0.2
Tcpip\..\Interfaces\{D770CD81-744D-4D34-AAEA-1EDD562342AD}: [DhcpNameServer] 192.168.2.1

Internet Explorer:
==================
HKU\S-1-5-21-499821555-1515846726-3243709471-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Beschränkung <======= ACHTUNG
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_de&c=93&bd=Presario&pf=cndt
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:newtab
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Local Page =
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-499821555-1515846726-3243709471-1001\Software\Microsoft\Internet Explorer\Main,Start Page = about:newtab
HKU\S-1-5-21-499821555-1515846726-3243709471-1001\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
SearchScopes: HKLM -> DefaultScope Wert fehlt
SearchScopes: HKLM -> {017A66CC-3985-4911-A97F-FECB0BCC95B0} URL = hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=1145&query={searchTerms}&invocationType=tb50hpcndtie7-de-de
SearchScopes: HKLM -> {58235107-16C5-49E2-98F1-21B363368353} URL = hxxp://de.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=cb-hp06&type=ie2008
SearchScopes: HKLM -> {9E85F70F-E0D6-4AD4-823C-1BC5B6AE763C} URL = hxxp://de.kelkoopartners.net/ctl/do/search?siteSearchQuery={searchTerms}&fromform=true&x=true&y=true&partner=hp&partnerId=96913933
SearchScopes: HKLM-x32 -> DefaultScope Wert fehlt
SearchScopes: HKU\S-1-5-21-499821555-1515846726-3243709471-1001 -> DefaultScope {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL =
SearchScopes: HKU\S-1-5-21-499821555-1515846726-3243709471-1001 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://www.google.com/search?q={sear
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28] (Microsoft Corp.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2012-12-18] (Adobe Systems Incorporated)
BHO-x32: Kein Name -> {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} -> Keine Datei
BHO-x32: ArcPluginIEBHO Class -> {84BFE29A-8139-402a-B2A4-C23AE9E1A75F} -> C:\Program Files (x86)\Perfect World Entertainment\Arc\Plugins\ArcPluginIE.dll [2014-09-18] (Perfect World Entertainment Inc)
BHO-x32: Windows Live ID-Anmelde-Hilfsprogramm -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28] (Microsoft Corp.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: Kein Name -> {B69F34DD-F0F9-42DC-9EDD-957187DA688D} -> Keine Datei
Toolbar: HKLM-x32 - AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} -  Keine Datei
Toolbar: HKU\S-1-5-21-499821555-1515846726-3243709471-1001 -> AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} -  Keine Datei
Toolbar: HKU\S-1-5-21-499821555-1515846726-3243709471-1001 -> Kein Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  Keine Datei

FireFox:
========
FF ProfilePath: C:\Users\marcel\AppData\Roaming\Mozilla\Firefox\Profiles\ni48g1q6.default
FF NewTab: about:newtab
FF Homepage: about:home
FF Plugin: @esn/npbattlelog,version=2.5.0 -> C:\Program Files (x86)\Battlelog Web Plugins\2.5.0\npbattlelogx64.dll [Keine Datei]
FF Plugin: @esn/npbattlelog,version=2.6.2 -> C:\Program Files (x86)\Battlelog Web Plugins\2.6.2\npbattlelogx64.dll [2015-01-13] (EA Digital Illusions CE AB)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @canon.com/MycameraPlugin -> C:\Program Files (x86)\Canon\ZoomBrowser EX\Program\NPCIG.dll [2008-10-15] (CANON INC.)
FF Plugin-x32: @esn/esnlaunch,version=2.3.0 -> C:\Program Files (x86)\Battlelog Web Plugins\2.3.0\npesnlaunch.dll [Keine Datei]
FF Plugin-x32: @esn/npbattlelog,version=2.5.0 -> C:\Program Files (x86)\Battlelog Web Plugins\2.5.0\npbattlelog.dll [Keine Datei]
FF Plugin-x32: @esn/npbattlelog,version=2.6.2 -> C:\Program Files (x86)\Battlelog Web Plugins\2.6.2\npbattlelog.dll [2015-01-13] (EA Digital Illusions CE AB)
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2013-10-07] (Google)
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll [2014-08-13] (Google, Inc.)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeLive,version=1.5 -> C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll [2010-04-26] (Microsoft Corp.)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2011-05-13] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2011-05-13] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WPF,version=3.5 -> c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-29] (Microsoft Corporation)
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll [2012-10-12] (Pando Networks)
FF Plugin-x32: @perfectworld.com/npArcPlayNowPlugin -> C:\Program Files (x86)\Perfect World Entertainment\Arc\Plugins\npArcPluginFF.dll [2014-09-18] (Perfect World Entertainment Inc)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-02] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-02] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll [2013-02-15] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-499821555-1515846726-3243709471-1001: @tools.google.com/Google Update;version=3 -> C:\Users\marcel\AppData\Local\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-04] (Google Inc.)
FF Plugin HKU\S-1-5-21-499821555-1515846726-3243709471-1001: @tools.google.com/Google Update;version=9 -> C:\Users\marcel\AppData\Local\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-04] (Google Inc.)
FF Plugin HKU\S-1-5-21-499821555-1515846726-3243709471-1001: pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll [2012-10-12] (Pando Networks)
FF SearchPlugin: C:\Users\marcel\AppData\Roaming\Mozilla\Firefox\Profiles\ni48g1q6.default\searchplugins\forestle-de.xml [2012-07-12]
FF Extension: GMX MailCheck - C:\Users\marcel\AppData\Roaming\Mozilla\Firefox\Profiles\ni48g1q6.default\extensions\toolbar@gmx.net.xpi [2013-12-24] [ist nicht signiert]
FF Extension: Web Developer - C:\Users\marcel\AppData\Roaming\Mozilla\Firefox\Profiles\ni48g1q6.default\extensions\{c45c406e-ab73-11d8-be73-000a95be3b12}.xpi [2013-12-24] [ist nicht signiert]
FF Extension: Kein Name - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\FFExt\url_advisor@kaspersky.com [nicht gefunden]
FF Extension: Kein Name - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\FFExt\virtual_keyboard@kaspersky.com [nicht gefunden]
FF Extension: Kein Name - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\FFExt\content_blocker@kaspersky.com [nicht gefunden]
FF Extension: Kein Name - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\FFExt\anti_banner@kaspersky.com [nicht gefunden]
FF Extension: Kein Name - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\FFExt\online_banking@kaspersky.com [nicht gefunden]
FF Extension: Kein Name - C:\Users\marcel\AppData\Roaming\Mozilla\Firefox\Profiles\ni48g1q6.default\extensions\{aa9cc3fa-a5e4-449b-aab5-1ebdbc7314ee} [nicht gefunden]
FF HKLM-x32\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2009-09-03] [ist nicht signiert]
FF HKLM-x32\...\Firefox\Extensions: [{7BA52691-1876-45ce-9EE6-54BCB3B04BBC}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\coFFPlgn => nicht gefunden
FF HKLM-x32\...\Firefox\Extensions: [fmdownloader@gmail.com] - C:\Program Files (x86)\Freemake\Freemake Video Downloader\BrowserPlugin\Firefox\fmdownloader@gmail.com
FF Extension: Freemake Video Downloader Plugin - C:\Program Files (x86)\Freemake\Freemake Video Downloader\BrowserPlugin\Firefox\fmdownloader@gmail.com [2012-10-06] [ist nicht signiert]
FF HKLM-x32\...\Firefox\Extensions: [ytfmdownloader@gmail.com] - C:\Program Files (x86)\Freemake\Freemake Video Downloader\BrowserPlugin\Firefox\ytfmdownloader@gmail.com
FF Extension: Freemake Youtube Download Button - C:\Program Files (x86)\Freemake\Freemake Video Downloader\BrowserPlugin\Firefox\ytfmdownloader@gmail.com [2012-10-06] [ist nicht signiert]

Chrome:
=======
CHR HomePage: Default -> hxxp://www.google.de/
CHR StartupUrls: Default -> "hxxp://search.conduit.com/?ctid=CT3241949&SearchSource=48"
CHR Plugin: (Shockwave Flash) - C:\Users\marcel\AppData\Local\Google\Chrome\Application\46.0.2490.86\gcswf32.dll => Keine Datei
CHR Plugin: (Shockwave Flash) - C:\Windows\system32\Macromed\Flash\NPSWF32.dll => Keine Datei
CHR Plugin: (QuickTime Plug-in 7.6.8) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.8) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.8) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.8) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.8) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.8) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll => Keine Datei
CHR Plugin: (QuickTime Plug-in 7.6.8) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll => Keine Datei
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll => Keine Datei
CHR Plugin: (Native Client) - C:\Users\marcel\AppData\Local\Google\Chrome\Application\46.0.2490.86\ppGoogleNaClPluginChrome.dll => Keine Datei
CHR Plugin: (Chrome PDF Viewer) - C:\Users\marcel\AppData\Local\Google\Chrome\Application\46.0.2490.86\pdf.dll => Keine Datei
CHR Plugin: (registryAccess) - C:\Users\marcel\AppData\Local\Google\Chrome\User Data\Default\Extensions\aaaaaakfopmidbfddimafofbdngbkidf\7.13.0.17889_0\background/registryAccess.dll => Keine Datei
CHR Plugin: (NPCIG.dll) - C:\Program Files (x86)\Canon\ZoomBrowser EX\Program\NPCIG.dll (CANON INC.)
CHR Plugin: (Google Earth Plugin) - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.69\npGoogleUpdate3.dll => Keine Datei
CHR Plugin: (Windows Live™ Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (iTunes Application Detector) - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll => Keine Datei
CHR Plugin: (Windows Presentation Foundation) - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
CHR Profile: C:\Users\marcel\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Web Developer) - C:\Users\marcel\AppData\Local\Google\Chrome\User Data\Default\Extensions\bfbameneiokkgbdmiekhjnmfkcnldhhm [2014-05-26]
CHR Extension: (YouTube) - C:\Users\marcel\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-25]
CHR Extension: (Adblock Plus) - C:\Users\marcel\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2015-11-24]
CHR Extension: (Google-Suche) - C:\Users\marcel\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-30]
CHR Extension: (Lounge Assistant) - C:\Users\marcel\AppData\Local\Google\Chrome\User Data\Default\Extensions\enjonnlehciedbcidabdglnnihcncbml [2015-12-04]
CHR Extension: (Google Play Musik) - C:\Users\marcel\AppData\Local\Google\Chrome\User Data\Default\Extensions\fahmaaghhglfmonjliepjlchgpgfmobi [2015-11-20]
CHR Extension: (ModHeader) - C:\Users\marcel\AppData\Local\Google\Chrome\User Data\Default\Extensions\idgpnmonknjnojddfkpgkljpfnnfcklj [2015-11-11]
CHR Extension: (Chrome Web Store-Zahlungen) - C:\Users\marcel\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-07-25]
CHR Extension: (Google Mail) - C:\Users\marcel\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-03-29]
CHR Extension: (night tochpc) - C:\Users\marcel\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjmhomfflfeomeelinjbpnmomlllilom [2015-07-16]
CHR HKLM-x32\...\Chrome\Extension: [aaaaplmcbjhigpfkmaffahlojgchbgfk] - C:\Users\marcel\AppData\Local\APN\GoogleCRXs\aaaaplmcbjhigpfkmaffahlojgchbgfk_7.17.0.0.crx <nicht gefunden>
CHR HKLM-x32\...\Chrome\Extension: [bpegkgagfojjbcpkihigfmkojdmmimdf] - C:\Program Files (x86)\Freemake\Freemake Video Downloader\BrowserPlugin\Chrome\Freemake.Plugin.Chrome.crx [2012-10-06]
CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx
StartMenuInternet: Google Chrome - C:\Users\marcel\AppData\Local\Google\Chrome\Application\chrome.exe--register-chrome-browser-suffix=.marcel
StartMenuInternet: Google Chrome.marcel - C:\Users\marcel\AppData\Local\Google\Chrome\Application\chrome.exe

==================== Dienste (Nicht auf der Ausnahmeliste) ========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

S2 AntiVirMailService; C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc.exe [916968 2015-11-24] (Avira Operations GmbH & Co. KG)
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [461672 2015-11-24] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [461672 2015-11-24] (Avira Operations GmbH & Co. KG)
S2 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE [1210512 2015-11-24] (Avira Operations GmbH & Co. KG)
S3 ArcService; C:\Program Files (x86)\Perfect World Entertainment\Arc\ArcService.exe [88400 2014-09-18] (Perfect World Entertainment Inc)
S2 BstHdAndroidSvc; C:\Program Files (x86)\BlueStacks\HD-Service.exe [393080 2013-02-15] (BlueStack Systems, Inc.)
S3 BstHdLogRotatorSvc; C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe [384888 2013-02-15] (BlueStack Systems, Inc.)
S2 CGVPNCliService; C:\Program Files\CyberGhost 5\Service.exe [65640 2015-11-05] (CyberGhost S.R.L)
S4 ezSharedSvc; C:\Windows\SysWOW64\ezsvc7.dll [129584 2009-01-04] (EasyBits Sofware AS) [Datei ist nicht signiert]
S3 FLEXnet Licensing Service; C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [654848 2013-03-19] (Macrovision Europe Ltd.) [Datei ist nicht signiert]
S3 FreemakeVideoCapture; C:\Program Files (x86)\Freemake\CaptureLib\CaptureLibService.exe [8704 2012-09-07] (Freemake) [Datei ist nicht signiert]
R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1155216 2015-07-24] (NVIDIA Corporation)
R2 hasplms; C:\Windows\system32\hasplms.exe [4941768 2012-06-28] (SafeNet Inc.)
S2 HP Health Check Service; c:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe [94208 2008-12-04] (Hewlett-Packard) [Datei ist nicht signiert]
R2 hshld; C:\Program Files (x86)\Hotspot Shield\bin\cmw_srv.exe [1873616 2015-10-12] (AnchorFree Inc.)
S3 HssTrayService; C:\Program Files (x86)\Hotspot Shield\bin\HssTrayService.EXE [96600 2015-10-12] ()
R2 HssWd; C:\Program Files (x86)\Hotspot Shield\bin\hsswd.exe [850128 2015-10-12] ()
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [Datei ist nicht signiert]
R2 LightScribeService; c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe [73728 2009-03-17] (Hewlett-Packard Company) [Datei ist nicht signiert]
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1871504 2015-07-24] (NVIDIA Corporation)
S3 OpenVPNService; C:\Program Files (x86)\OpenVPN\bin\openvpnserv.exe [14848 2011-12-15] () [Datei ist nicht signiert]
S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [2057736 2015-09-15] (Electronic Arts)
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76152 2014-06-29] ()
S3 RichVideo; C:\Program Files (x86)\Cyberlink\Shared files\RichVideo.exe [254552 2012-09-11] ()
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [383544 2008-01-21] (Microsoft Corporation)

===================== Treiber (Nicht auf der Ausnahmeliste) ==========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

S3 androidusb; C:\Windows\System32\Drivers\androidusb.sys [36256 2009-11-13] (Google Inc)
U5 AppMgmt; C:\Windows\system32\svchost.exe [27648 2008-01-21] (Microsoft Corporation)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [163544 2015-11-24] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [141416 2015-11-24] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2015-03-17] (Avira Operations GmbH & Co. KG)
S1 Beep; kein ImagePath
R3 BlueletAudio; C:\Windows\System32\DRIVERS\blueletaudio.sys [38160 2007-05-11] (IVT Corporation.)
R3 BlueletAudio; C:\Windows\SysWOW64\DRIVERS\blueletaudio.sys [38160 2007-05-11] (IVT Corporation.)
R3 BlueletSCOAudio; C:\Windows\System32\DRIVERS\BlueletSCOAudio.sys [37648 2007-03-05] (IVT Corporation.)
R3 BlueletSCOAudio; C:\Windows\SysWOW64\DRIVERS\BlueletSCOAudio.sys [37648 2007-03-05] (IVT Corporation.)
R2 BstHdDrv; C:\Program Files (x86)\BlueStacks\HD-Hypervisor-amd64.sys [71032 2013-02-15] (BlueStack Systems)
S3 BT; C:\Windows\System32\DRIVERS\btnetdrv.sys [19728 2007-05-23] (IVT Corporation.)
S3 BT; C:\Windows\SysWOW64\DRIVERS\btnetdrv.sys [19728 2007-05-23] (IVT Corporation.)
S3 Btcsrusb; C:\Windows\System32\Drivers\btcusb.sys [44688 2007-05-23] (IVT Corporation.)
S3 Btcsrusb; C:\Windows\SysWOW64\Drivers\btcusb.sys [44688 2007-05-23] (IVT Corporation.)
R0 BTHidEnum; C:\Windows\System32\Drivers\vbtenum.sys [24976 2007-03-05] (IVT Corporation.)
R0 BTHidEnum; C:\Windows\SysWOW64\Drivers\vbtenum.sys [24976 2007-03-05] (IVT Corporation.)
R0 BTHidMgr; C:\Windows\System32\Drivers\BTHidMgr.sys [49680 2007-03-05] (IVT Corporation.)
R0 BTHidMgr; C:\Windows\SysWOW64\Drivers\BTHidMgr.sys [49680 2007-03-05] (IVT Corporation.)
R2 hardlock; C:\Windows\system32\drivers\hardlock.sys [321536 2011-09-28] (SafeNet Inc.)
R1 HssDRV6; C:\Windows\System32\DRIVERS\hssdrv6.sys [44744 2015-05-08] (AnchorFree Inc.)
S3 PVUSB; C:\Windows\System32\DRIVERS\CESG64.sys [63808 2007-02-19] (CASIO COMPUTER CO.,LTD.)
R3 taphss6; C:\Windows\System32\DRIVERS\taphss6.sys [42184 2015-05-08] (Anchorfree Inc.)
R1 VBoxNetAdp; C:\Windows\System32\DRIVERS\VBoxNetAdp6.sys [117768 2015-11-10] (Oracle Corporation)
R1 VBoxNetLwf; C:\Windows\System32\DRIVERS\VBoxNetLwf.sys [194976 2015-11-10] (Oracle Corporation)
S3 VBoxUSB; C:\Windows\System32\Drivers\VBoxUSB.sys [125008 2015-11-10] (Oracle Corporation)
R3 VComm; C:\Windows\System32\DRIVERS\VComm.sys [47120 2007-03-05] (IVT Corporation.)
R3 VComm; C:\Windows\SysWOW64\DRIVERS\VComm.sys [47120 2007-03-05] (IVT Corporation.)
R3 VcommMgr; C:\Windows\System32\Drivers\VcommMgr.sys [63248 2007-03-05] (IVT Corporation.)
R3 VcommMgr; C:\Windows\SysWOW64\Drivers\VcommMgr.sys [63248 2007-03-05] (IVT Corporation.)
S3 ZY202_VS; C:\Windows\System32\DRIVERS\WlanGZG.sys [1041920 2007-11-12] (Atheros Communications, Inc.)
S1 360FsFlt; system32\DRIVERS\360FsFlt.sys [X]
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]
S3 PCDSRVC{F36B3A4C-F95654BD-06000000}_0; \??\c:\program files\pc-doctor for windows\pcdsrvc_x64.pkms [X]
U4 vsserv; kein ImagePath
U2 wuaserv; kein ImagePath

==================== NetSvcs (Nicht auf der Ausnahmeliste) ===================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)


==================== Ein Monat: Erstellte Dateien und Ordner ========

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)

2015-12-02 11:44 - 2015-12-02 11:45 - 00000000 ____D C:\Program Files (x86)\QuickTime
2015-12-02 11:44 - 2015-12-02 11:44 - 00001722 _____ C:\Users\Public\Desktop\QuickTime Player.lnk
2015-12-02 11:44 - 2015-12-02 11:44 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
2015-12-02 09:30 - 2015-12-02 09:30 - 00000979 _____ C:\Users\Public\Desktop\CEWE FOTOSCHAU.lnk
2015-12-02 09:30 - 2015-12-02 09:30 - 00000964 _____ C:\Users\Public\Desktop\Müller Foto.lnk
2015-12-02 09:30 - 2015-12-02 09:30 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Müller Foto
2015-12-02 09:23 - 2015-12-02 09:23 - 00000000 ____D C:\Users\marina\AppData\Roaming\hps-install
2015-12-01 21:52 - 2015-12-01 21:52 - 00000000 ____D C:\Users\marcel\AppData\LocalLow\Oracle
2015-12-01 10:00 - 2015-12-01 10:14 - 00000000 ____D C:\Users\marina\2015-12-01 aida
2015-11-30 19:10 - 2015-11-30 19:10 - 00090150 _____ C:\Users\marcel\Desktop\kontroll.pdf
2015-11-30 16:41 - 2015-11-30 16:41 - 12479485 _____ C:\Users\marina\Downloads\Ohne Titel 1 (1).pdf
2015-11-30 16:39 - 2015-11-30 16:39 - 12479485 _____ C:\Users\marina\Downloads\Ohne Titel 1.pdf
2015-11-30 14:48 - 2015-11-30 15:08 - 00000000 ____D C:\Users\marina\2015-11-30
2015-11-30 13:55 - 2015-11-30 13:55 - 00000000 ____D C:\Users\marina\AppData\Roaming\Avira
2015-11-29 14:35 - 2015-11-29 14:35 - 00852720 _____ C:\Users\marcel\Downloads\SecurityCheck.exe
2015-11-29 14:24 - 2015-11-29 14:25 - 02870984 _____ (ESET) C:\Users\marcel\Downloads\esetsmartinstaller_deu.exe
2015-11-29 11:35 - 2015-11-29 11:35 - 00000000 _____ C:\Users\mario\AppData\Local\{B5C2BBA1-700A-4577-A18A-043BB1560A63}
2015-11-28 16:05 - 2015-11-28 16:05 - 00000000 ____D C:\Users\mario\AppData\Local\ABBYY
2015-11-28 16:01 - 2015-11-28 16:01 - 00000000 ____D C:\Users\mario\AppData\Roaming\Avira
2015-11-27 19:36 - 2015-11-27 19:36 - 00309552 _____ C:\Windows\Minidump\Mini112715-01.dmp
2015-11-27 16:23 - 2015-12-04 16:18 - 00000000 ____D C:\Users\marcel\Desktop\Malware Infektion Cleaning
2015-11-27 16:19 - 2015-11-27 16:19 - 00000000 ____D C:\Users\marcel\Desktop\FRST-OlderVersion
2015-11-27 15:51 - 2015-11-27 16:17 - 00000000 ____D C:\AdwCleaner
2015-11-27 15:51 - 2015-11-27 15:51 - 01599336 _____ (Malwarebytes) C:\Users\marcel\Downloads\JRT.exe
2015-11-27 15:49 - 2015-11-27 15:49 - 01733632 _____ C:\Users\marcel\Downloads\AdwCleaner_5.022.exe
2015-11-27 14:30 - 2015-12-01 21:39 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-11-27 14:28 - 2015-11-27 14:35 - 00109272 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-11-27 14:28 - 2015-11-27 14:28 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-11-27 14:28 - 2015-11-27 14:28 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-11-27 14:28 - 2015-10-05 09:50 - 00064216 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-11-27 14:28 - 2015-10-05 09:50 - 00025816 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
2015-11-27 14:25 - 2015-11-27 14:25 - 22908888 _____ (Malwarebytes ) C:\Users\marcel\Downloads\mbam-setup-2.2.0.1024 (4).exe
2015-11-26 19:12 - 2015-11-26 19:13 - 31916032 _____ C:\Users\marcel\Downloads\VBoxGuestAdditions_3.2.0.iso
2015-11-26 18:30 - 2015-11-26 18:30 - 00000000 ____D C:\Users\marcel\Desktop\Sharing
2015-11-26 18:24 - 2015-11-26 18:24 - 02629772 _____ C:\Users\marcel\Downloads\compat-wireless-2010-06-26-pc.tar.bz2
2015-11-26 17:38 - 2015-11-26 17:38 - 07368965 _____ C:\Users\marcel\Downloads\TL-WN721N_V1_140915 (1).zip
2015-11-26 17:38 - 2013-06-29 06:49 - 01732096 _____ (Atheros Communications, Inc.) C:\Windows\system32\Drivers\athurx.sys
2015-11-26 17:23 - 2015-11-26 17:24 - 00290040 _____ C:\Windows\Minidump\Mini112615-02.dmp
2015-11-26 16:36 - 2015-11-26 16:36 - 00284976 _____ C:\Windows\Minidump\Mini112615-01.dmp
2015-11-25 22:20 - 2015-11-25 22:20 - 00289848 _____ C:\Windows\Minidump\Mini112515-01.dmp
2015-11-25 22:06 - 2015-11-25 22:06 - 00000719 _____ C:\Users\marcel\Desktop\taskmgr.lnk
2015-11-25 22:01 - 2015-11-25 22:01 - 00000000 ____D C:\Users\marcel\{bffece50-dab4-406c-9fc8-27fe89a6a32a}
2015-11-25 19:00 - 2015-11-25 19:00 - 07368965 _____ C:\Users\marcel\Downloads\TL-WN721N_V1_140915.zip
2015-11-25 17:05 - 2011-06-26 07:45 - 00256000 _____ C:\Windows\PEV.exe
2015-11-25 17:05 - 2010-11-07 18:20 - 00208896 _____ C:\Windows\MBR.exe
2015-11-25 17:05 - 2009-04-20 05:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2015-11-25 17:05 - 2000-08-31 01:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2015-11-25 17:05 - 2000-08-31 01:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2015-11-25 17:05 - 2000-08-31 01:00 - 00098816 _____ C:\Windows\sed.exe
2015-11-25 17:05 - 2000-08-31 01:00 - 00080412 _____ C:\Windows\grep.exe
2015-11-25 17:05 - 2000-08-31 01:00 - 00068096 _____ C:\Windows\zip.exe
2015-11-25 17:00 - 2015-11-25 18:00 - 00000000 ____D C:\Qoobox
2015-11-25 16:58 - 2015-11-25 17:57 - 00000000 ____D C:\Windows\erdnt
2015-11-25 16:57 - 2015-11-25 16:57 - 05640282 _____ (Swearware) C:\Users\marcel\Downloads\Nicht bestätigt 684132.crdownload
2015-11-25 16:55 - 2015-11-25 16:56 - 05640282 _____ (Swearware) C:\Users\marcel\Downloads\ComboFix.exe
2015-11-25 16:46 - 2015-11-25 16:46 - 00000000 ____D C:\Users\marcel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller
2015-11-25 16:46 - 2015-11-25 16:46 - 00000000 ____D C:\Program Files (x86)\VS Revo Group
2015-11-25 16:45 - 2015-11-25 16:46 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\marcel\Downloads\revosetup95.exe
2015-11-24 19:34 - 2015-11-24 19:34 - 00084711 _____ C:\Users\marcel\Downloads\Addition (3).txt
2015-11-24 16:49 - 2015-11-24 16:55 - 00000000 ____D C:\Kaspersky Rescue Disk 10.0
2015-11-24 16:31 - 2015-11-24 16:31 - 00001879 _____ C:\Users\Public\Desktop\Avira Antivirus.lnk
2015-11-24 16:25 - 2015-11-24 17:52 - 00000000 ____D C:\Users\marcel\AppData\Roaming\Avira
2015-11-24 16:24 - 2015-11-24 16:31 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2015-11-24 16:23 - 2015-11-24 16:30 - 00000000 ____D C:\ProgramData\Avira
2015-11-24 16:23 - 2015-11-24 16:27 - 00163544 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
2015-11-24 16:23 - 2015-11-24 16:27 - 00141416 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys
2015-11-24 16:23 - 2015-03-17 13:01 - 00028600 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avkmgr.sys
2015-11-24 16:14 - 2015-11-24 16:14 - 00388608 _____ (Trend Micro Inc.) C:\Users\marcel\Downloads\HijackThis_2.0.5.exe
2015-11-24 16:14 - 2015-11-24 16:14 - 00388608 _____ (Trend Micro Inc.) C:\Users\marcel\Downloads\HijackThis_2.0.5 (1).exe
2015-11-24 16:10 - 2015-11-24 16:12 - 165283560 _____ C:\Users\marcel\Downloads\avira_free_antivirus259_de.exe
2015-11-24 15:56 - 2015-11-24 15:56 - 00000000 _____ C:\Users\marcel\AppData\Local\{0D2AF67A-9638-4711-8048-673C2CC0EBD8}
2015-11-24 15:45 - 2015-11-24 15:45 - 00000000 ____D C:\Users\marcel\Downloads\Kaspersky Rescue2Usb
2015-11-24 15:42 - 2015-11-24 15:42 - 00387584 _____ C:\Users\marcel\Downloads\rescue2usb.exe
2015-11-24 15:41 - 2015-11-24 15:45 - 283867136 _____ C:\Users\marcel\Downloads\kav_rescue_10.iso
2015-11-24 15:04 - 2015-11-24 15:04 - 22908888 _____ (Malwarebytes ) C:\Users\marcel\Downloads\mbam-setup-2.2.0.1024 (3).exe
2015-11-24 14:42 - 2015-11-24 14:42 - 00084711 _____ C:\Users\marcel\Downloads\Addition (2).txt
2015-11-24 14:42 - 2015-11-24 14:42 - 00067956 _____ C:\Users\marcel\Downloads\FRST (1).txt
2015-11-24 14:41 - 2015-11-24 14:41 - 00084711 _____ C:\Users\marcel\Downloads\Addition (1).txt
2015-11-24 14:41 - 2015-11-24 14:41 - 00067956 _____ C:\Users\marcel\Downloads\FRST.txt
2015-11-24 14:08 - 2015-11-24 14:08 - 22908888 _____ (Malwarebytes ) C:\Users\marcel\Downloads\mbam-setup-2.2.0.1024 (2).exe
2015-11-24 09:56 - 2015-12-02 11:22 - 00127124 _____ C:\Users\marina\Documents\Müller Foto urlaub 2015.mcf
2015-11-24 09:56 - 2015-12-02 11:22 - 00000000 ____D C:\Users\marina\Documents\Müller Foto urlaub 2015_mcf-Dateien
2015-11-24 09:56 - 2015-12-02 11:20 - 00127118 _____ C:\Users\marina\Documents\Müller Foto urlaub 2015.mcf~
2015-11-24 09:33 - 2015-11-24 09:44 - 00000000 ____D C:\Users\marina\AppData\LocalLow\360WD
2015-11-23 18:29 - 2015-11-23 18:29 - 00084711 _____ C:\Users\marcel\Downloads\Addition.txt
2015-11-23 17:12 - 2015-11-23 17:12 - 00006912 _____ C:\Users\marcel\Desktop\Gmer.txt
2015-11-21 23:19 - 2015-11-21 23:19 - 00285952 _____ C:\Windows\Minidump\Mini112115-01.dmp
2015-11-21 21:22 - 2015-11-21 21:22 - 00380416 _____ C:\Users\marcel\Downloads\Gmer-19357.exe
2015-11-21 20:54 - 2015-12-04 16:18 - 00000000 ____D C:\FRST
2015-11-21 20:51 - 2015-11-21 20:51 - 00050477 _____ C:\Users\marcel\Downloads\Defogger.exe
2015-11-21 20:30 - 2015-11-21 20:30 - 22908888 _____ (Malwarebytes ) C:\Users\marcel\Downloads\mbam-setup-2.2.0.1024.exe
2015-11-21 20:30 - 2015-11-21 20:30 - 22908888 _____ (Malwarebytes ) C:\Users\marcel\Downloads\mbam-setup-2.2.0.1024 (1).exe
2015-11-20 18:57 - 2015-11-20 18:57 - 00038291 _____ C:\Users\marcel\Downloads\zd1211-firmware-1.5 (2).tar.bz2
2015-11-20 18:57 - 2015-11-20 18:57 - 00038291 _____ C:\Users\marcel\Downloads\zd1211-firmware-1.5 (1).tar.bz2
2015-11-20 16:08 - 2015-11-20 16:08 - 00038291 _____ C:\Users\marcel\Downloads\zd1211-firmware-1.5.tar.bz2
2015-11-20 12:56 - 2015-11-20 12:56 - 01464419 _____ C:\Users\mario\Downloads\Aboretum Lehrwanderung.pdf
2015-11-20 12:56 - 2015-11-20 12:56 - 00013521 _____ C:\Users\mario\Downloads\Baumnamen Karteikarten deutsch-lateinisch.xlsx
2015-11-18 21:13 - 2015-11-18 21:13 - 00000000 ____D C:\Users\marcel\Desktop\wordlists
2015-11-18 20:41 - 2015-11-18 21:32 - 3403579392 _____ C:\Users\marcel\Downloads\kali-linux-2.0-i386.iso
2015-11-18 20:40 - 2015-11-18 20:40 - 00000000 ____D C:\Users\marcel\VirtualBox VMs
2015-11-18 20:39 - 2015-11-27 22:08 - 00000000 ____D C:\Users\marcel\.VirtualBox
2015-11-18 19:58 - 2015-11-18 19:58 - 00000989 _____ C:\Users\Public\Desktop\Oracle VM VirtualBox.lnk
2015-11-18 19:58 - 2015-11-18 19:58 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Oracle VM VirtualBox
2015-11-18 19:57 - 2015-11-10 17:56 - 00964928 _____ (Oracle Corporation) C:\Windows\system32\Drivers\VBoxDrv.sys
2015-11-18 19:57 - 2015-11-10 17:56 - 00138904 _____ (Oracle Corporation) C:\Windows\system32\Drivers\VBoxUSBMon.sys
2015-11-18 19:56 - 2015-11-18 19:56 - 00000000 ____D C:\Program Files\Oracle
2015-11-18 18:14 - 2015-11-18 18:14 - 09989712 _____ (MEGA Limited) C:\Users\marcel\Downloads\MEGAsyncSetup.exe
2015-11-18 17:24 - 2015-11-18 18:02 - 3320512512 _____ C:\Users\marcel\Downloads\kali-linux-2.0-amd64.iso
2015-11-18 17:22 - 2015-11-18 17:22 - 00000000 ____D C:\Users\marcel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\LinuxLive USB Creator
2015-11-18 17:22 - 2015-11-18 17:22 - 00000000 ____D C:\Program Files (x86)\LinuxLive USB Creator
2015-11-18 17:18 - 2015-11-18 17:18 - 01433463 _____ C:\Users\marcel\Downloads\openssl-fips-ecp-2.0.10.tar.gz
2015-11-18 17:16 - 2015-11-18 17:16 - 00000000 ____D C:\Users\marcel\Desktop\aircrack ng
2015-11-18 17:15 - 2015-11-18 17:15 - 05559264 _____ C:\Users\marcel\Downloads\aircrack-ng-1.2-rc2-win.zip
2015-11-18 16:59 - 2015-11-18 17:00 - 28620792 _____ (Python Software Foundation) C:\Users\marcel\Downloads\python-3.5.0.exe
2015-11-15 19:42 - 2015-11-15 19:42 - 01139791 _____ C:\Users\mario\Documents\Checkliste_PSA_Waschanleitung.pdf
2015-11-15 19:28 - 2015-11-20 11:02 - 00000000 ____D C:\Users\mario\AppData\LocalLow\360WD
2015-11-15 19:27 - 2015-11-15 19:27 - 00000000 ____D C:\Users\mario\AppData\Local\CrashRpt
2015-11-15 16:58 - 2015-11-24 15:38 - 00002045 _____ C:\Users\marcel\Desktop\Google Chrome.lnk
2015-11-15 16:03 - 2015-11-21 20:12 - 00000000 ____D C:\$360Section
2015-11-15 15:51 - 2015-11-15 15:51 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GnuWin32
2015-11-15 15:51 - 2015-11-15 15:51 - 00000000 ____D C:\Program Files (x86)\GnuWin32
2015-11-15 15:49 - 2015-11-15 15:49 - 03012464 _____ (GnuWin32 <gnuwin32.sourceforge.net> ) C:\Users\marcel\Downloads\wget-1.11.4-1-setup.exe
2015-11-15 15:42 - 2015-11-15 15:42 - 03432131 _____ C:\Users\marcel\Downloads\wget-1.16.1.tar.gz
2015-11-15 15:37 - 2015-11-21 20:12 - 00000000 ____D C:\ProgramData\360Quarant
2015-11-15 15:30 - 2015-11-24 15:58 - 00000000 ____D C:\Program Files (x86)\360
2015-11-15 15:28 - 2015-11-15 15:28 - 00106681 _____ C:\Users\marcel\Downloads\wgetwin-1_5_3_1-binary.zip
2015-11-15 15:28 - 2015-11-15 15:28 - 00001067 _____ C:\Users\marcel\Downloads\install.sh
2015-11-15 12:43 - 2015-11-15 12:43 - 00000000 ____D C:\Users\marina\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2015-11-14 20:04 - 2015-11-14 20:04 - 00000002 _____ C:\Users\marcel\Documents\test99.bat
2015-11-14 19:54 - 2015-11-14 19:55 - 12337752 _____ (Microsoft Corporation) C:\Users\marcel\Downloads\rktools2003.exe
2015-11-14 19:51 - 2015-11-14 19:51 - 00000000 _____ C:\Users\marcel\nNUL
2015-11-14 17:50 - 2015-11-14 17:50 - 06539752 _____ (Tim Kosse) C:\Users\marcel\Downloads\FileZilla_3.14.1_win64-setup.exe
2015-11-12 21:55 - 2015-10-17 15:35 - 02798592 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-11-12 21:55 - 2015-09-26 17:05 - 00281600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2015-11-12 21:55 - 2015-09-26 17:05 - 00077312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2015-11-12 21:55 - 2015-09-26 17:04 - 00206336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2015-11-12 21:55 - 2015-09-26 16:58 - 00350720 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-11-12 21:55 - 2015-09-26 16:58 - 00257536 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2015-11-12 21:55 - 2015-09-26 14:21 - 00275968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\bcrypt.dll
2015-11-12 21:55 - 2015-09-22 14:10 - 00517976 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-11-12 21:55 - 2015-09-22 14:10 - 00306688 _____ (Microsoft Corporation) C:\Windows\system32\bcrypt.dll
2015-11-12 21:50 - 2015-10-17 17:01 - 00501248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2015-11-12 21:50 - 2015-10-17 16:41 - 00659456 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-11-12 21:48 - 2015-10-10 16:48 - 00736192 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ndis.sys
2015-11-12 21:20 - 2015-10-13 15:45 - 00404992 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys
2015-11-12 21:20 - 2015-10-13 15:44 - 00094720 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tdx.sys
2015-11-12 21:02 - 2015-10-14 21:25 - 01586304 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2015-11-12 21:02 - 2015-10-14 21:25 - 01168600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2015-11-12 21:02 - 2015-10-14 16:47 - 04691392 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-11-11 16:35 - 2015-11-11 16:35 - 00004103 _____ C:\Users\marcel\Downloads\Ping IP Address.bat
2015-11-11 16:34 - 2015-11-11 16:34 - 00000611 _____ C:\Users\marcel\Downloads\IP Addresses.bat
2015-11-11 14:44 - 2015-10-31 20:48 - 17079296 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-11-11 14:44 - 2015-10-31 20:45 - 10886144 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-11-11 14:44 - 2015-10-31 20:45 - 00448512 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-11-11 14:44 - 2015-10-31 20:44 - 02264576 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-11-11 14:44 - 2015-10-31 20:44 - 01494016 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-11-11 14:44 - 2015-10-31 20:44 - 01299968 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-11-11 14:44 - 2015-10-31 20:44 - 01295872 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-11-11 14:44 - 2015-10-31 20:43 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-11-11 14:44 - 2015-10-31 20:43 - 02129408 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-11-11 14:44 - 2015-10-31 20:43 - 00887296 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-11-11 14:44 - 2015-10-31 20:43 - 00724992 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-11-11 14:44 - 2015-10-31 20:43 - 00521728 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-11-11 14:44 - 2015-10-31 20:43 - 00453120 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-11-11 14:44 - 2015-10-31 20:43 - 00269824 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-11-11 14:44 - 2015-10-31 20:43 - 00234496 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2015-11-11 14:44 - 2015-10-31 20:43 - 00228864 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-11-11 14:44 - 2015-10-31 20:43 - 00173568 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-11-11 14:44 - 2015-10-31 20:43 - 00095744 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-11-11 14:44 - 2015-10-31 20:43 - 00081408 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-11-11 14:44 - 2015-10-31 20:43 - 00052224 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2015-11-11 14:44 - 2015-10-31 20:43 - 00012800 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2015-11-11 14:44 - 2015-10-31 20:43 - 00011264 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2015-11-11 14:44 - 2015-10-31 19:40 - 12376576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-11-11 14:44 - 2015-10-31 19:38 - 09727488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-11-11 14:44 - 2015-10-31 19:38 - 00367616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2015-11-11 14:44 - 2015-10-31 19:37 - 01830912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-11-11 14:44 - 2015-10-31 19:36 - 02382848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2015-11-11 14:44 - 2015-10-31 19:36 - 01789440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-11-11 14:44 - 2015-10-31 19:36 - 01436160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-11-11 14:44 - 2015-10-31 19:36 - 01093632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-11-11 14:44 - 2015-10-31 19:36 - 01088512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-11-11 14:44 - 2015-10-31 19:36 - 00711168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2015-11-11 14:44 - 2015-10-31 19:36 - 00615424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-11-11 14:44 - 2015-10-31 19:36 - 00412672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-11-11 14:44 - 2015-10-31 19:36 - 00358400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2015-11-11 14:44 - 2015-10-31 19:36 - 00232960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2015-11-11 14:44 - 2015-10-31 19:36 - 00216064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-11-11 14:44 - 2015-10-31 19:36 - 00173056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2015-11-11 14:44 - 2015-10-31 19:36 - 00142848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2015-11-11 14:44 - 2015-10-31 19:36 - 00077312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-11-11 14:44 - 2015-10-31 19:36 - 00064512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2015-11-11 14:44 - 2015-10-31 19:36 - 00042496 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll
2015-11-11 14:44 - 2015-10-31 19:36 - 00011776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe
2015-11-11 14:44 - 2015-10-31 19:36 - 00010752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe
2015-11-10 17:56 - 2015-11-10 17:56 - 00194976 _____ (Oracle Corporation) C:\Windows\system32\Drivers\VBoxNetLwf.sys
2015-11-10 17:56 - 2015-11-10 17:56 - 00125008 _____ (Oracle Corporation) C:\Windows\system32\Drivers\VBoxUSB.sys
2015-11-10 17:56 - 2015-11-10 17:56 - 00117768 _____ (Oracle Corporation) C:\Windows\system32\Drivers\VBoxNetAdp6.sys
2015-11-10 17:23 - 2015-11-10 17:23 - 00000000 ____D C:\Users\marcel\AppData\Local\CyberGhost
2015-11-10 17:21 - 2015-11-10 17:23 - 00000000 ____D C:\Program Files\TAP-Windows
2015-11-10 17:21 - 2015-11-10 17:23 - 00000000 ____D C:\Program Files\CyberGhost 5
2015-11-10 17:21 - 2015-11-10 17:21 - 00001682 _____ C:\Users\marcel\Desktop\CyberGhost 5.lnk
2015-11-10 17:21 - 2015-11-10 17:21 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CyberGhost 5
2015-11-10 17:16 - 2015-11-10 17:16 - 09736240 _____ (CyberGhost S.R.L. ) C:\Users\marcel\Downloads\CG_5.5.0.2_7.exe
2015-11-06 18:27 - 2015-11-06 18:27 - 00068937 _____ C:\Users\marcel\Downloads\g147 (1).pdf
2015-11-06 18:25 - 2015-11-06 18:25 - 00068937 _____ C:\Users\marcel\Downloads\g147.pdf
2015-11-05 16:11 - 2015-11-05 16:11 - 00057178 _____ C:\Users\marcel\Downloads\3607-1445496876-0.pdf

==================== Ein Monat: Geänderte Dateien und Ordner ========

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)

2015-12-04 16:18 - 2014-12-18 18:23 - 00000000 ____D C:\Users\marcel\AppData\Roaming\Spotify
2015-12-04 16:16 - 2010-01-08 18:37 - 00001124 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-499821555-1515846726-3243709471-1001UA.job
2015-12-04 16:10 - 2010-11-10 18:58 - 00001110 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-12-04 16:09 - 2015-09-20 19:30 - 00000000 ____D C:\Users\marcel\Desktop\YouTube downloadet music
2015-12-04 16:09 - 2015-06-13 17:15 - 00001228 _____ C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-499821555-1515846726-3243709471-1000UA.job
2015-12-04 16:08 - 2014-11-10 16:41 - 00000000 ____D C:\Program Files (x86)\Steam
2015-12-04 15:59 - 2009-09-17 12:55 - 00001124 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-499821555-1515846726-3243709471-1000UA.job
2015-12-04 15:49 - 2011-02-23 19:19 - 00001120 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-499821555-1515846726-3243709471-1003UA.job
2015-12-04 15:48 - 2014-12-18 18:25 - 00000000 ____D C:\Users\marcel\AppData\Local\Spotify
2015-12-04 15:16 - 2010-01-08 18:37 - 00001072 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-499821555-1515846726-3243709471-1001Core.job
2015-12-04 15:11 - 2010-01-08 18:37 - 00004010 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-499821555-1515846726-3243709471-1001UA
2015-12-04 15:11 - 2010-01-08 18:37 - 00003614 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-499821555-1515846726-3243709471-1001Core
2015-12-04 15:06 - 2013-10-27 16:11 - 02299456 _____ C:\Windows\ntbtlog.txt
2015-12-04 15:04 - 2010-11-10 18:58 - 00001106 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-12-04 15:04 - 2010-08-17 10:32 - 00065536 _____ C:\Windows\system32\Ikeext.etl
2015-12-04 15:04 - 2006-11-02 16:42 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-12-04 15:04 - 2006-11-02 16:22 - 00003616 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2015-12-04 15:04 - 2006-11-02 16:22 - 00003616 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2015-12-03 22:24 - 2014-11-21 15:24 - 00000000 ____D C:\Users\marcel\AppData\Roaming\TS3Client
2015-12-03 22:24 - 2006-11-02 16:42 - 00032606 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2015-12-03 20:39 - 2006-11-02 14:34 - 00000000 ____D C:\Windows\tracing
2015-12-02 19:51 - 2012-02-27 17:58 - 00003698 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{80C3CF13-38B5-4DC4-8C1F-9022EAA5D8DC}
2015-12-02 18:43 - 2015-02-21 17:36 - 00000000 ____D C:\Users\marcel\AppData\Local\Steam
2015-12-02 11:44 - 2010-12-09 19:22 - 00000000 ____D C:\ProgramData\Apple Computer
2015-12-02 11:36 - 2011-01-17 12:43 - 00000000 ____D C:\ProgramData\tmp
2015-12-02 10:48 - 2011-02-23 19:19 - 00001068 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-499821555-1515846726-3243709471-1003Core.job
2015-12-02 10:09 - 2015-06-13 17:15 - 00001176 _____ C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-499821555-1515846726-3243709471-1000Core.job
2015-12-02 10:05 - 2010-11-10 18:58 - 00004106 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2015-12-02 10:05 - 2010-11-10 18:58 - 00003854 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2015-12-02 09:16 - 2013-07-25 17:20 - 00000000 ___RD C:\Users\marina\Dropbox
2015-12-02 09:16 - 2013-07-25 17:14 - 00000000 ____D C:\Users\marina\AppData\Roaming\Dropbox
2015-12-01 21:55 - 2010-01-08 18:20 - 00000000 ____D C:\Users\marcel
2015-12-01 21:50 - 2011-07-12 15:33 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2015-12-01 21:30 - 2011-02-23 19:15 - 00000000 ____D C:\Users\mario\AppData\LocalLow\BrotherSoft_Extreme
2015-12-01 21:30 - 2011-02-11 20:04 - 00000000 ____D C:\Users\marina\AppData\LocalLow\BrotherSoft_Extreme
2015-12-01 21:30 - 2011-02-01 17:30 - 00000000 ____D C:\Users\marcel\AppData\LocalLow\Temp
2015-12-01 14:00 - 2009-09-17 12:55 - 00001072 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-499821555-1515846726-3243709471-1000Core.job
2015-12-01 10:09 - 2010-11-09 15:46 - 00000000 ____D C:\Users\marina\AppData\Roaming\CameraWindowDC
2015-12-01 10:03 - 2011-04-13 18:09 - 00000000 ____D C:\Users\marina\AppData\Roaming\vlc
2015-12-01 10:00 - 2009-08-11 12:13 - 00000000 ____D C:\Users\marina
2015-11-29 11:37 - 2009-05-19 13:37 - 00674024 _____ C:\Windows\system32\perfh007.dat
2015-11-29 11:37 - 2009-05-19 13:37 - 00146036 _____ C:\Windows\system32\perfc007.dat
2015-11-29 11:37 - 2006-11-02 14:33 - 00000000 ____D C:\Windows\inf
2015-11-29 11:37 - 2006-11-02 13:46 - 01567488 _____ C:\Windows\system32\PerfStringBackup.INI
2015-11-28 16:20 - 2013-03-20 14:52 - 00000000 ____D C:\Users\mario\Desktop\Bilder
2015-11-28 04:25 - 2006-11-02 14:33 - 00000000 ____D C:\Windows\PolicyDefinitions
2015-11-27 19:36 - 2010-01-30 12:43 - 00000000 ____D C:\Windows\Minidump
2015-11-27 19:35 - 2013-09-17 15:07 - 247110928 _____ C:\Windows\MEMORY.DMP
2015-11-27 19:35 - 2006-11-02 14:33 - 00000000 ____D C:\Windows
2015-11-27 15:24 - 2006-11-02 14:33 - 00000000 ____D C:\Windows\IME
2015-11-27 15:21 - 2011-02-01 17:30 - 00000000 ____D C:\Program Files (x86)\BrotherSoft_Extreme
2015-11-26 19:37 - 2011-04-29 13:30 - 00000000 ____D C:\Users\marcel\AppData\Roaming\vlc
2015-11-25 22:07 - 2013-04-20 16:39 - 00000000 ____D C:\Users\marcel\Documents\VirtualDJ
2015-11-25 20:11 - 2011-02-23 19:05 - 00000000 ____D C:\Users\mario
2015-11-25 18:00 - 2013-07-02 13:58 - 00000000 ____D C:\Users\marcel\AppData\Local\Apps\2.0
2015-11-25 17:51 - 2006-11-02 13:34 - 00000215 _____ C:\Windows\system.ini
2015-11-25 17:47 - 2006-11-02 13:33 - 69992448 _____ C:\Windows\system32\config\components.bak
2015-11-25 17:47 - 2006-11-02 13:33 - 03145728 _____ C:\Windows\system32\config\default.bak
2015-11-25 17:47 - 2006-11-02 13:33 - 00159744 _____ C:\Windows\system32\config\sam.bak
2015-11-25 17:47 - 2006-11-02 13:33 - 00024576 _____ C:\Windows\system32\config\security.bak
2015-11-25 17:08 - 2011-02-23 17:21 - 00000000 ____D C:\Users\Gast
2015-11-24 16:23 - 2014-04-04 15:24 - 00000000 ____D C:\Program Files (x86)\Avira
2015-11-24 15:24 - 2012-09-12 12:56 - 00000000 ____D C:\Users\marcel\AppData\Local\CrashDumps
2015-11-23 18:04 - 2010-06-26 12:50 - 00001460 _____ C:\Users\marcel\AppData\Local\d3d9caps64.dat
2015-11-20 15:27 - 2014-07-23 17:04 - 00000000 ____D C:\Users\marcel\AppData\Roaming\FileZilla
2015-11-20 14:27 - 2011-12-14 21:00 - 00000000 ____D C:\Users\mario\AppData\Local\CrashDumps
2015-11-20 11:02 - 2012-02-29 16:36 - 00003694 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{0449D097-8C07-46B2-B0DE-06504224E682}
2015-11-20 10:59 - 2011-02-23 19:29 - 00002081 _____ C:\Users\mario\Desktop\Google Chrome.lnk
2015-11-18 17:19 - 2010-01-09 11:32 - 00052736 _____ C:\Users\marcel\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2015-11-15 19:47 - 2010-03-05 14:56 - 00000000 ____D C:\Program Files (x86)\Wohnwagen Park Tycoon
2015-11-15 19:28 - 2011-02-23 19:06 - 00107224 _____ C:\Users\mario\AppData\Local\GDIPFONTCACHEV1.DAT
2015-11-15 16:04 - 2013-05-06 12:20 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\StreamTransport
2015-11-15 16:04 - 2013-04-13 16:59 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BumpTop
2015-11-15 16:04 - 2012-09-09 18:33 - 00000000 ___RD C:\Users\marcel\Desktop\Tools Kiste
2015-11-15 16:04 - 2012-08-14 11:18 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ElsterFormular
2015-11-15 16:04 - 2010-02-24 18:14 - 00000000 ____D C:\Users\marcel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Zahlenzauber 4
2015-11-15 16:04 - 2010-02-03 17:45 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lernpaket
2015-11-15 16:04 - 2009-08-25 19:18 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Free Download Manager
2015-11-15 15:52 - 2010-01-09 11:19 - 00000000 ____D C:\Users\marcel\AppData\Local\Adobe
2015-11-13 15:24 - 2006-11-02 14:33 - 00000000 ____D C:\Windows\rescache
2015-11-13 14:47 - 2006-11-02 16:21 - 02299520 _____ C:\Windows\system32\FNTCACHE.DAT
2015-11-12 22:28 - 2006-11-02 16:07 - 00000000 ____D C:\Program Files\Windows Journal
2015-11-12 21:58 - 2013-08-17 20:08 - 00000000 ____D C:\Windows\system32\MRT
2015-11-12 21:57 - 2006-11-02 13:35 - 145617392 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe
2015-11-12 21:54 - 2009-08-11 12:46 - 00000000 ____D C:\ProgramData\Microsoft Help
2015-11-12 21:40 - 2013-03-08 20:36 - 01542944 _____ C:\Windows\SysWOW64\PerfStringBackup.INI
2015-11-11 14:03 - 2010-01-08 18:25 - 00000000 ____D C:\Users\marcel\AppData\Roaming\Adobe

==================== Dateien im Wurzelverzeichnis einiger Verzeichnisse =======

2010-02-08 18:27 - 2010-03-21 13:32 - 0023604 _____ () C:\Users\marcel\AppData\Roaming\UserTile.png
2013-12-28 14:14 - 2013-12-28 14:14 - 0000600 _____ () C:\Users\marcel\AppData\Roaming\winscp.rnd
2010-01-23 17:44 - 2010-01-23 17:44 - 0000000 _____ () C:\Users\marcel\AppData\Roaming\wklnhst.dat
2006-12-11 18:13 - 2006-12-11 18:13 - 0097336 _____ (Un4seen Developments) C:\Users\marcel\AppData\Local\bass.dll
2006-12-11 18:13 - 2006-12-11 18:13 - 0013872 _____ (Un4seen Developments) C:\Users\marcel\AppData\Local\basscd.dll
2007-08-13 16:46 - 2007-08-13 16:46 - 0102912 _____ (Albert L Faber) C:\Users\marcel\AppData\Local\CDRip.dll
2013-02-13 14:02 - 2013-02-13 14:02 - 0000552 _____ () C:\Users\marcel\AppData\Local\d3d8caps.dat
2010-08-10 20:26 - 2015-01-01 17:55 - 0000680 _____ () C:\Users\marcel\AppData\Local\d3d9caps.dat
2010-06-26 12:50 - 2015-11-23 18:04 - 0001460 _____ () C:\Users\marcel\AppData\Local\d3d9caps64.dat
2010-01-09 11:32 - 2015-11-18 17:19 - 0052736 _____ () C:\Users\marcel\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2013-03-08 20:49 - 2013-03-08 20:50 - 1115884 _____ () C:\Users\marcel\AppData\Local\dd_ADONETEntityFrameworkTools_deu_MSI4818.txt
2013-03-08 18:17 - 2013-04-09 13:53 - 0265781 _____ () C:\Users\marcel\AppData\Local\dd_depcheck_VB_EXP_100.txt
2013-04-17 17:35 - 2013-06-15 16:55 - 0512085 _____ () C:\Users\marcel\AppData\Local\dd_depcheck_VCS_EXP_100.txt
2013-03-08 20:33 - 2013-03-08 20:33 - 0327350 _____ () C:\Users\marcel\AppData\Local\dd_dw20shared_x86_msi3BF0.txt
2013-03-08 18:17 - 2013-03-08 18:17 - 0000002 _____ () C:\Users\marcel\AppData\Local\dd_error_vb_xcor_100.txt
2013-04-17 17:35 - 2013-04-18 14:27 - 0005908 _____ () C:\Users\marcel\AppData\Local\dd_error_vcs_xcor_100.txt
2013-03-08 20:51 - 2013-03-08 20:51 - 0242746 _____ () C:\Users\marcel\AppData\Local\dd_HelpSetupLP_MSI4937.txt
2013-03-08 20:50 - 2013-03-08 20:50 - 0336450 _____ () C:\Users\marcel\AppData\Local\dd_HelpSetup_MSI4906.txt
2013-03-08 18:17 - 2013-04-09 13:53 - 0780584 _____ () C:\Users\marcel\AppData\Local\dd_install_vb_xcor_100.txt
2013-04-17 17:34 - 2013-06-15 17:00 - 1008750 _____ () C:\Users\marcel\AppData\Local\dd_install_vcs_xcor_100.txt
2013-03-08 20:41 - 2013-03-08 20:41 - 1540220 _____ () C:\Users\marcel\AppData\Local\dd_netfx_dtp41C8.txt
2013-03-08 20:48 - 2013-03-08 20:49 - 1795838 _____ () C:\Users\marcel\AppData\Local\dd_SharedManagementObjects_MSI4782.txt
2013-03-08 20:47 - 2013-03-08 20:47 - 0227364 _____ () C:\Users\marcel\AppData\Local\dd_SQLCEToolsForVS2007_MSI46CE.txt
2013-03-08 20:48 - 2013-03-08 20:48 - 0554040 _____ () C:\Users\marcel\AppData\Local\dd_SQLSysClrTypes_msi472A.txt
2013-03-08 20:47 - 2013-03-08 20:47 - 0715122 _____ () C:\Users\marcel\AppData\Local\dd_SSCERuntime_64_MSI46AA.txt
2013-03-08 20:47 - 2013-03-08 20:47 - 0736684 _____ () C:\Users\marcel\AppData\Local\dd_SSCERuntime_MSI4676.txt
2012-10-20 13:46 - 2012-10-20 13:46 - 0413734 _____ () C:\Users\marcel\AppData\Local\dd_vcredistMSI1776.txt
2013-03-27 18:07 - 2013-03-27 18:07 - 0366274 _____ () C:\Users\marcel\AppData\Local\dd_vcredistMSI1871.txt
2012-10-27 14:33 - 2012-10-27 14:34 - 0412746 _____ () C:\Users\marcel\AppData\Local\dd_vcredistMSI5F04.txt
2012-10-20 13:46 - 2012-10-20 13:46 - 0011208 _____ () C:\Users\marcel\AppData\Local\dd_vcredistUI1776.txt
2013-03-27 18:07 - 2013-03-27 18:07 - 0011386 _____ () C:\Users\marcel\AppData\Local\dd_vcredistUI1871.txt
2012-10-27 14:33 - 2012-10-27 14:34 - 0011176 _____ () C:\Users\marcel\AppData\Local\dd_vcredistUI5F04.txt
2013-03-08 20:33 - 2013-03-08 20:33 - 0326798 _____ () C:\Users\marcel\AppData\Local\dd_vc_runtime_x64_msi3C14.txt
2013-03-08 20:40 - 2013-03-08 20:40 - 1298630 _____ () C:\Users\marcel\AppData\Local\dd_vsexpbsln64_1004124.txt
2013-04-20 11:04 - 2013-04-20 11:15 - 12620522 _____ () C:\Users\marcel\AppData\Local\dd_VSMsiLog27EB.txt
2013-03-08 20:41 - 2013-03-08 20:47 - 15125568 _____ () C:\Users\marcel\AppData\Local\dd_VSMsiLog4247.txt
2013-06-15 16:56 - 2013-06-15 16:58 - 6787946 _____ () C:\Users\marcel\AppData\Local\dd_VSMsiLog4CD7.txt
2007-01-18 20:09 - 2007-01-18 20:09 - 0623616 _____ (Ivan Bischof ©2003 - 2005) C:\Users\marcel\AppData\Local\No23 Recorder.exe
2015-10-02 14:42 - 2015-10-02 14:42 - 0000836 _____ () C:\Users\marcel\AppData\Local\recently-used.xbel
2014-03-25 15:03 - 2014-04-29 17:39 - 0000040 _____ () C:\Users\marcel\AppData\Local\tmp.no23
2013-03-08 18:17 - 2013-06-15 17:00 - 0052742 _____ () C:\Users\marcel\AppData\Local\uxeventlog.txt
2013-06-09 11:31 - 2013-06-09 11:31 - 0017408 _____ () C:\Users\marcel\AppData\Local\WebpageIcons.db
2015-11-24 15:56 - 2015-11-24 15:56 - 0000000 _____ () C:\Users\marcel\AppData\Local\{0D2AF67A-9638-4711-8048-673C2CC0EBD8}
2014-08-02 12:33 - 2014-08-02 12:33 - 0000000 _____ () C:\Users\marcel\AppData\Local\{92601203-0403-49BE-B529-B1AF716242D2}
2013-03-31 15:13 - 2013-03-31 15:13 - 0000057 _____ () C:\ProgramData\Ament.ini
2009-05-19 05:30 - 2014-06-03 16:11 - 0080734 _____ () C:\ProgramData\nvModes.001
2009-05-19 05:30 - 2014-06-03 16:11 - 0080734 _____ () C:\ProgramData\nvModes.dat

Dateien, die verschoben oder gelöscht werden sollten:
====================
C:\Users\marcel\cygwin1.dll


Einige Dateien in TEMP:
====================
C:\Users\marcel\AppData\Local\temp\avgnt.exe
C:\Users\marcel\AppData\Local\temp\jre-8u66-windows-au.exe
C:\Users\marina\AppData\Local\temp\avgnt.exe
C:\Users\marina\AppData\Local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpgwdzae.dll


==================== Bamital & volsnap =================

(Es ist kein automatischer Fix für Dateien vorhanden, die an der Verifikation gescheitert sind.)

C:\Windows\system32\winlogon.exe => Datei ist digital signiert
C:\Windows\system32\wininit.exe => Datei ist digital signiert
C:\Windows\SysWOW64\wininit.exe => Datei ist digital signiert
C:\Windows\explorer.exe => Datei ist digital signiert
C:\Windows\SysWOW64\explorer.exe => Datei ist digital signiert
C:\Windows\system32\svchost.exe => Datei ist digital signiert
C:\Windows\SysWOW64\svchost.exe => Datei ist digital signiert
C:\Windows\system32\services.exe => Datei ist digital signiert
C:\Windows\system32\User32.dll => Datei ist digital signiert
C:\Windows\SysWOW64\User32.dll => Datei ist digital signiert
C:\Windows\system32\userinit.exe => Datei ist digital signiert
C:\Windows\SysWOW64\userinit.exe => Datei ist digital signiert
C:\Windows\system32\rpcss.dll => Datei ist digital signiert
C:\Windows\system32\dnsapi.dll => Datei ist digital signiert
C:\Windows\SysWOW64\dnsapi.dll => Datei ist digital signiert
C:\Windows\system32\Drivers\volsnap.sys => Datei ist digital signiert


LastRegBack: 2015-12-04 15:13

==================== Ende von FRST.txt ============================

schrauber 05.12.2015 22:02
Revo Uninstaller - Download - Filepony
damit Chrome deinstallieren, keine Daten behalten, Reste entfernen lassen, neu installieren.

Dann:
https://support.google.com/chrome/answer/3296214?hl=de


Alle Zeitangaben in WEZ +1. Es ist jetzt 13:26 Uhr.
Seite 2 von 2 1 2
100 Beiträge dieses Themas auf einer Seite anzeigen

Copyright ©2000-2024, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58