Trojaner-Board - GUV Trojaner - kann nichts mehr machen

Trojaner-Board (https://www.trojaner-board.de/)

- Plagegeister aller Art und deren Bekämpfung (https://www.trojaner-board.de/plagegeister-aller-art-deren-bekaempfung/)

- - GUV Trojaner - kann nichts mehr machen (https://www.trojaner-board.de/142141-guv-trojaner-nichts-mehr.html)

GUV Trojaner - kann nichts mehr machen

Hallo Ihr,

bin ganz neu hier und habe ein großes Problem. Gestern Abend hat sich wahrscheinlich der neue GUV Trojaner bei uns breit gemacht. Auf jeden Fall sucht uns nun Interpol und hat sogar Zugriff auf unsere Laptop-Kamera genommen. Nun wollen die, das wir per SafeCard bezahle, was wir natürlich nicht machen. Haben schon versucht in den abgesicherten Modus zu kommen, aber er lädt einige Dateien und dann stockt es plötzlich. Ich komme einfach nicht mehr weiter.

Ich habe den ASUS Model: X53S
Betriebssystem Windows 7

So viel Ahnung habe ich von Computern leider nicht, habe aber schon einige Threads hier gelesen und bin erfreut wie gut alles hier erklärt wird. Bin zur Zeit am PC, kann den Laptop aber jederzeit hinzu holen. Bitte helft uns.

hi,

Scan mit Farbar's Recovery Scan Tool (Recovery Mode - Windows Vista, 7, 8)

Hinweise für Windows 8-Nutzer: Anleitung 1 (FRST-Variante) und Anleitung 2 (zweiter Teil)

Downloade dir bitte die passende Version des Tools (im Zweifel beide) und speichere diese auf einen USB Stick: FRST 32-Bit | FRST 64-Bit

Schließe den USB Stick an das infizierte System an und boote das System in die System Reparatur Option.

Scanne jetzt nach der bebilderten Anleitung oder verwende die folgende Kurzanleitung:

Über den Boot Manager:

Starte den Rechner neu.

Während dem Hochfahren drücke mehrmals die F8 Taste

Wähle nun Computer reparieren.

Wähle dein Betriebssystem und Benutzerkonto und klicke jeweils "Weiter".

Mit Windows CD/DVD (auch bei Windows 8 möglich):

Lege die Windows CD in dein Laufwerk.

Starte den Rechner neu und starte von der CD.

Wähle die Spracheinstellungen und klicke "Weiter".

Klicke auf Computerreparaturoptionen !

Wähle dein Betriebssystem und Benutzerkonto und klicke jeweils "Weiter".

Wähle in den Reparaturoptionen: Eingabeaufforderung

Gib nun bitte notepad ein und drücke Enter.

Im öffnenden Textdokument: Datei > Speichern unter... und wähle Computer.
Hier wird dir der Laufwerksbuchstabe deines USB Sticks angezeigt, merke ihn dir.

Schließe Notepad wieder

Gib nun bitte folgenden Befehl ein.
e:\frst.exe bzw. e:\frst64.exe
Hinweis: e steht für den Laufwerksbuchstaben deines USB Sticks, den du dir gemerkt hast. Gegebenfalls anpassen.

Akzeptiere den Disclaimer mit Ja und klicke Untersuchen

Das Tool erstellt eine FRST.txt auf deinem USB Stick. Poste den Inhalt bitte hier nach Möglichkeit in Code-Tags (Anleitung).

Ich bin zu blöd, ich fnde das Laufwerk nicht. Gestern hatte ich noch den Kartenleser an dem selben USB Platz, das war Laufwerk F, nun findet er da nichts. Was mache ich falsch?

Es erscheint die Meldung:
The subsystem needed to support the image type is not present

Habe als Sprache German (Deutsch gab es nicht) eingestellt, trotzdem alles auf Englisch

Edit: nun bin ich soweit, habe den Stick gewechselt, scheint zu funktionieren, Entschuldigung

Hier ist das Logfile

FRST Logfile:

Code:

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 26-09-2013

Ran by SYSTEM on MININT-41HTFPR on 26-09-2013 19:44:02

Running from F:\

Windows 7 Home Premium (X64) OS Language: English(US)

Internet Explorer Version 10

Boot Mode: Recovery
 

The current controlset is ControlSet001
 ATTENTION!:=====> If the system is bootable FRST could be run from normal or Safe mode to create a complete log.
 

==================== Registry (Whitelisted) ==================
 

HKLM\...\Run: [ASUS WebStorage] - C:\Program Files (x86)\ASUS\ASUS WebStorage\SERVICE\AsusWSService.exe [1754448 2010-03-15] ()

HKLM\...\Run: [HotKeysCmds] - C:\Windows\system32\hkcmd.exe [ ] ()

HKLM\...\Run: [RtHDVBg] - C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2188904 2011-01-17] (Realtek Semiconductor)

HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2712360 2011-03-03] (Synaptics Incorporated)

HKLM\...\Run: [IntelWireless] - C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe [1933584 2010-11-02] (Intel(R) Corporation)

HKLM\...\Run: [SynAsusAcpi] - C:\Program Files\Synaptics\SynTP\SynAsusAcpi.exe [97064 2011-03-03] (Synaptics Incorporated)

HKLM\...\Run: [Setwallpaper] - c:\programdata\SetWallpaper.cmd

HKLM\...\Run: [Logitech Download Assistant] - C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch

Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)

HKLM-x32\...\Run: [UpdateLBPShortCut] - C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe [222504 2009-05-19] (CyberLink Corp.)

HKLM-x32\...\Run: [UpdateP2GoShortCut] - C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe [222504 2009-05-19] (CyberLink Corp.)

HKLM-x32\...\Run: [Nuance PDF Reader-reminder] - C:\ProgramData\Nuance\PDF Reader\Ereg\Ereg.ini [356 2013-09-25] ()

HKLM-x32\...\Run: [SonicMasterTray] - C:\Program Files (x86)\ASUS\Sonic Focus\SonicFocusTray.exe [984400 2010-07-09] (Virage Logic Corporation / Sonic Focus)

HKLM-x32\...\Run: [ATKOSD2] - C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe [5732992 2010-08-17] (ASUS)

HKLM-x32\...\Run: [ATKMEDIA] - C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe [170624 2010-10-07] (ASUS)

HKLM-x32\...\Run: [HControlUser] - C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe [105016 2009-06-19] (ASUS)

HKLM-x32\...\Run: [Wireless Console 3] - C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe [1601536 2010-09-23] ()

HKLM-x32\...\Run: [FreePDFAssistent] - C:\Program Files (x86)\FreePDF\FreePDFA.exe [122880 2003-05-28] (shbox)

HKLM-x32\...\Run: [AVP] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\avp.exe [356376 2013-02-28] (Kaspersky Lab ZAO)

HKLM-x32\...\Run: [PDFPrint] - C:\Program Files (x86)\PDF24\pdf24.exe [162856 2013-06-10] (Geek Software GmbH)

HKU\Kochrian\...\Run: [Exetender_148] - C:\Program Files (x86)\FreeRide Games\GPlayer.exe [4945816 2012-11-25] (Exent Technologies Ltd.)

HKU\Kochrian\...\Winlogon: [Shell] explorer.exe,C:\Users\Kochrian\AppData\Roaming\cache.dat [71680 2013-09-25] () <==== ATTENTION 

HKU\UpdatusUser\...\Run: [ISUSPM] - C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe [222496 2009-05-05] (Acresso Corporation)

HKU\UpdatusUser\...\Run: [swg] - "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"

AppInit_DLLs: C:\Windows\system32\nvinitx.dll [226920 2011-02-21] (NVIDIA Corporation)

AppInit_DLLs-x32: c:\windows\syswow64\nvinit.dll [192616 2011-02-21] (NVIDIA Corporation)

Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\DSL-Manager.lnk

ShortcutTarget: DSL-Manager.lnk -> C:\Program Files (x86)\DSL-Manager\DslMgr.exe (T-Systems Enterprise Services GmbH)

Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\DSL-Manager.lnk

ShortcutTarget: DSL-Manager.lnk -> C:\Program Files (x86)\DSL-Manager\DslMgr.exe (T-Systems Enterprise Services GmbH)

Startup: C:\Users\Kochrian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk

ShortcutTarget: Dropbox.lnk ->  (No File)

Startup: C:\Users\Kochrian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\DSL-Manager.lnk

ShortcutTarget: DSL-Manager.lnk -> C:\Program Files (x86)\DSL-Manager\DslMgr.exe (T-Systems Enterprise Services GmbH)
 

==================== Services (Whitelisted) =================
 

S2 AVP; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\avp.exe [356376 2013-02-28] (Kaspersky Lab ZAO)

S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [340240 2010-11-02] ()

S3 TDslMgrService; C:\Program Files (x86)\DSL-Manager\DslMgrSvc.exe [307200 2008-10-23] (T-Systems Enterprise Services GmbH)
 

==================== Drivers (Whitelisted) ====================
 

S3 bsitf; C:\Program Files (x86)\ASUS\WinFlash\bsitf64.sys [13440 2010-01-05] (ASUSTek Computer Inc.)

S3 bsitf; C:\Program Files (x86)\ASUS\WinFlash\bsitf64.sys [13440 2010-01-05] (ASUSTek Computer Inc.)

S1 DslMNLwf; C:\Windows\System32\DRIVERS\dslmnlwf.sys [19008 2007-08-01] (T-Systems Enterprise Services GmbH)

S3 kbfiltr; C:\Windows\System32\DRIVERS\kbfiltr.sys [15416 2009-07-20] ( )

S0 KL1; C:\Windows\System32\DRIVERS\kl1.sys [458584 2012-06-19] (Kaspersky Lab ZAO)

S1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [620128 2013-05-19] (Kaspersky Lab ZAO)

S1 KLIM6; C:\Windows\System32\DRIVERS\klim6.sys [28504 2012-08-02] (Kaspersky Lab ZAO)

S3 klkbdflt; C:\Windows\System32\DRIVERS\klkbdflt.sys [29016 2013-02-28] (Kaspersky Lab)

S3 klmouflt; C:\Windows\System32\DRIVERS\klmouflt.sys [29528 2013-02-28] (Kaspersky Lab)

S1 kltdi; C:\Windows\System32\DRIVERS\kltdi.sys [54368 2013-06-18] (Kaspersky Lab ZAO)

S1 kneps; C:\Windows\System32\DRIVERS\kneps.sys [178448 2013-05-19] (Kaspersky Lab ZAO)

S3 PciDumpr; C:\Program Files (x86)\Common Files\T-Com\DSLCheck\PciDumpr.sys [2144 2001-01-26] ()

S3 PciDumpr; C:\Program Files (x86)\Common Files\T-Com\DSLCheck\PciDumpr.sys [2144 2001-01-26] ()

S2 X5XSEx_Pr148; C:\Program Files (x86)\FreeRide Games\X5XSEx_Pr148.Sys [56136 2012-08-02] (Exent Technologies Ltd.)

S2 X5XSEx_Pr148; C:\Program Files (x86)\FreeRide Games\X5XSEx_Pr148.Sys [56136 2012-08-02] (Exent Technologies Ltd.)

S5 klflt; C:\Windows\System32\Drivers\klflt.sys [90208 2013-05-19] (Kaspersky Lab ZAO)
 

==================== NetSvcs (Whitelisted) ===================
 
 

==================== One Month Created Files and Folders ========
 

2013-09-26 19:43 - 2013-09-26 19:43 - 00000000 ____D C:\FRST

2013-09-25 12:01 - 2013-09-25 12:59 - 00000004 _____ C:\Users\Kochrian\AppData\Roaming\cache.ini

2013-09-25 11:51 - 2013-09-25 11:51 - 00071680 ____R C:\Users\Kochrian\AppData\Roaming\cache.dat

2013-09-22 13:44 - 2013-09-22 13:44 - 00000000 _____ C:\Windows\SysWOW64\sho4CDF.tmp

2013-09-22 13:14 - 2013-09-22 13:14 - 00000000 ____D C:\Users\Kochrian\Desktop\Wiederherstellung

2013-09-22 13:10 - 2013-09-25 06:58 - 00000000 ____D C:\Program Files\Recuva

2013-09-22 13:10 - 2013-09-25 06:41 - 00001704 _____ C:\Users\Public\Desktop\Recuva.lnk

2013-09-22 13:09 - 2013-09-22 13:09 - 03844296 _____ (Piriform Ltd) C:\Users\Kochrian\Downloads\rcsetup148.exe

2013-09-22 08:46 - 2013-09-22 08:46 - 00001061 _____ C:\Users\Public\Desktop\CardRecovery.lnk

2013-09-22 08:46 - 2013-09-22 08:46 - 00000000 ____D C:\Program Files (x86)\CardRecovery

2013-09-22 08:45 - 2013-09-22 08:45 - 00851400 _____ (WinRecovery Software                                        ) C:\Users\Kochrian\Downloads\cardrecovery_setup_de.exe

2013-09-14 15:00 - 2013-09-14 15:00 - 00000000 ____D C:\ProgramData\T-Online

2013-09-14 14:59 - 2007-09-12 07:24 - 00041024 _____ (Printing Communications Assoc., Inc. (PCAUSA)) C:\Windows\System32\Drivers\DslTestSp5a64.sys

2013-09-14 14:58 - 2013-09-14 14:58 - 00000000 ____D C:\Program Files (x86)\DSL-Manager

2013-09-14 14:58 - 2007-08-01 04:49 - 00019008 _____ (T-Systems Enterprise Services GmbH) C:\Windows\System32\Drivers\dslmnlwf.sys

2013-09-14 14:57 - 2013-09-14 14:57 - 04118552 _____ (T-Online                                                    ) C:\Users\Kochrian\Downloads\DSL-Manager_6.9.exe

2013-09-12 15:55 - 2013-08-09 21:22 - 02241024 _____ (Microsoft Corporation) C:\Windows\System32\wininet.dll

2013-09-12 15:55 - 2013-08-09 21:22 - 01365504 _____ (Microsoft Corporation) C:\Windows\System32\urlmon.dll

2013-09-12 15:55 - 2013-08-09 21:22 - 00051712 _____ (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe

2013-09-12 15:55 - 2013-08-09 21:21 - 19246592 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.dll

2013-09-12 15:55 - 2013-08-09 21:21 - 00603136 _____ (Microsoft Corporation) C:\Windows\System32\msfeeds.dll

2013-09-12 15:55 - 2013-08-09 21:21 - 00053248 _____ (Microsoft Corporation) C:\Windows\System32\jsproxy.dll

2013-09-12 15:55 - 2013-08-09 21:20 - 15404544 _____ (Microsoft Corporation) C:\Windows\System32\ieframe.dll

2013-09-12 15:55 - 2013-08-09 21:20 - 03959296 _____ (Microsoft Corporation) C:\Windows\System32\jscript9.dll

2013-09-12 15:55 - 2013-08-09 21:20 - 02647040 _____ (Microsoft Corporation) C:\Windows\System32\iertutil.dll

2013-09-12 15:55 - 2013-08-09 21:20 - 00855552 _____ (Microsoft Corporation) C:\Windows\System32\jscript.dll

2013-09-12 15:55 - 2013-08-09 21:20 - 00526336 _____ (Microsoft Corporation) C:\Windows\System32\ieui.dll

2013-09-12 15:55 - 2013-08-09 21:20 - 00136704 _____ (Microsoft Corporation) C:\Windows\System32\iesysprep.dll

2013-09-12 15:55 - 2013-08-09 21:20 - 00067072 _____ (Microsoft Corporation) C:\Windows\System32\iesetup.dll

2013-09-12 15:55 - 2013-08-09 21:20 - 00039936 _____ (Microsoft Corporation) C:\Windows\System32\iernonce.dll

2013-09-12 15:55 - 2013-08-09 19:59 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll

2013-09-12 15:55 - 2013-08-09 19:59 - 01141248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll

2013-09-12 15:55 - 2013-08-09 19:58 - 14332928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll

2013-09-12 15:55 - 2013-08-09 19:58 - 13761024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll

2013-09-12 15:55 - 2013-08-09 19:58 - 02876928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll

2013-09-12 15:55 - 2013-08-09 19:58 - 02048000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll

2013-09-12 15:55 - 2013-08-09 19:58 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll

2013-09-12 15:55 - 2013-08-09 19:58 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll

2013-09-12 15:55 - 2013-08-09 19:58 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll

2013-09-12 15:55 - 2013-08-09 19:58 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll

2013-09-12 15:55 - 2013-08-09 19:58 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll

2013-09-12 15:55 - 2013-08-09 19:58 - 00039424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll

2013-09-12 15:55 - 2013-08-09 19:58 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll

2013-09-12 15:55 - 2013-08-09 19:17 - 02706432 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.tlb

2013-09-12 15:55 - 2013-08-09 19:07 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb

2013-09-12 15:55 - 2013-08-09 18:27 - 00089600 _____ (Microsoft Corporation) C:\Windows\System32\RegisterIEPKEYs.exe

2013-09-12 15:55 - 2013-08-09 18:17 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe

2013-09-12 11:29 - 2013-08-07 17:20 - 03155456 _____ (Microsoft Corporation) C:\Windows\System32\win32k.sys

2013-09-12 11:29 - 2013-08-04 18:25 - 00155584 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\ataport.sys

2013-09-12 11:29 - 2013-08-01 18:23 - 05550528 _____ (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe

2013-09-12 11:29 - 2013-08-01 18:15 - 01732032 _____ (Microsoft Corporation) C:\Windows\System32\ntdll.dll

2013-09-12 11:29 - 2013-08-01 18:15 - 00362496 _____ (Microsoft Corporation) C:\Windows\System32\wow64win.dll

2013-09-12 11:29 - 2013-08-01 18:15 - 00243712 _____ (Microsoft Corporation) C:\Windows\System32\wow64.dll

2013-09-12 11:29 - 2013-08-01 18:15 - 00013312 _____ (Microsoft Corporation) C:\Windows\System32\wow64cpu.dll

2013-09-12 11:29 - 2013-08-01 18:14 - 00215040 _____ (Microsoft Corporation) C:\Windows\System32\winsrv.dll

2013-09-12 11:29 - 2013-08-01 18:14 - 00016384 _____ (Microsoft Corporation) C:\Windows\System32\ntvdm64.dll

2013-09-12 11:29 - 2013-08-01 18:13 - 01161216 _____ (Microsoft Corporation) C:\Windows\System32\kernel32.dll

2013-09-12 11:29 - 2013-08-01 18:13 - 00424448 _____ (Microsoft Corporation) C:\Windows\System32\KernelBase.dll

2013-09-12 11:29 - 2013-08-01 18:12 - 00043520 _____ (Microsoft Corporation) C:\Windows\System32\csrsrv.dll

2013-09-12 11:29 - 2013-08-01 18:12 - 00006656 _____ (Microsoft Corporation) C:\Windows\System32\apisetschema.dll

2013-09-12 11:29 - 2013-08-01 18:12 - 00006144 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-security-base-l1-1-0.dll

2013-09-12 11:29 - 2013-08-01 18:12 - 00005120 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-file-l1-1-0.dll

2013-09-12 11:29 - 2013-08-01 18:12 - 00004608 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-threadpool-l1-1-0.dll

2013-09-12 11:29 - 2013-08-01 18:12 - 00004608 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-processthreads-l1-1-0.dll

2013-09-12 11:29 - 2013-08-01 18:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-sysinfo-l1-1-0.dll

2013-09-12 11:29 - 2013-08-01 18:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-synch-l1-1-0.dll

2013-09-12 11:29 - 2013-08-01 18:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-localregistry-l1-1-0.dll

2013-09-12 11:29 - 2013-08-01 18:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-localization-l1-1-0.dll

2013-09-12 11:29 - 2013-08-01 18:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-rtlsupport-l1-1-0.dll

2013-09-12 11:29 - 2013-08-01 18:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-processenvironment-l1-1-0.dll

2013-09-12 11:29 - 2013-08-01 18:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-namedpipe-l1-1-0.dll

2013-09-12 11:29 - 2013-08-01 18:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-misc-l1-1-0.dll

2013-09-12 11:29 - 2013-08-01 18:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-memory-l1-1-0.dll

2013-09-12 11:29 - 2013-08-01 18:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-libraryloader-l1-1-0.dll

2013-09-12 11:29 - 2013-08-01 18:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-heap-l1-1-0.dll

2013-09-12 11:29 - 2013-08-01 18:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-xstate-l1-1-0.dll

2013-09-12 11:29 - 2013-08-01 18:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-util-l1-1-0.dll

2013-09-12 11:29 - 2013-08-01 18:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-string-l1-1-0.dll

2013-09-12 11:29 - 2013-08-01 18:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-profile-l1-1-0.dll

2013-09-12 11:29 - 2013-08-01 18:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-io-l1-1-0.dll

2013-09-12 11:29 - 2013-08-01 18:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-interlocked-l1-1-0.dll

2013-09-12 11:29 - 2013-08-01 18:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-handle-l1-1-0.dll

2013-09-12 11:29 - 2013-08-01 18:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-fibers-l1-1-0.dll

2013-09-12 11:29 - 2013-08-01 18:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-errorhandling-l1-1-0.dll

2013-09-12 11:29 - 2013-08-01 18:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-delayload-l1-1-0.dll

2013-09-12 11:29 - 2013-08-01 18:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-debug-l1-1-0.dll

2013-09-12 11:29 - 2013-08-01 18:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-datetime-l1-1-0.dll

2013-09-12 11:29 - 2013-08-01 18:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-console-l1-1-0.dll

2013-09-12 11:29 - 2013-08-01 17:59 - 03968960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe

2013-09-12 11:29 - 2013-08-01 17:59 - 03913664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe

2013-09-12 11:29 - 2013-08-01 17:51 - 01292192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll

2013-09-12 11:29 - 2013-08-01 17:50 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll

2013-09-12 11:29 - 2013-08-01 17:50 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll

2013-09-12 11:29 - 2013-08-01 17:50 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll

2013-09-12 11:29 - 2013-08-01 17:48 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll

2013-09-12 11:29 - 2013-08-01 17:48 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll

2013-09-12 11:29 - 2013-08-01 17:48 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll

2013-09-12 11:29 - 2013-08-01 17:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll

2013-09-12 11:29 - 2013-08-01 17:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll

2013-09-12 11:29 - 2013-08-01 17:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll

2013-09-12 11:29 - 2013-08-01 17:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll

2013-09-12 11:29 - 2013-08-01 17:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll

2013-09-12 11:29 - 2013-08-01 17:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll

2013-09-12 11:29 - 2013-08-01 17:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll

2013-09-12 11:29 - 2013-08-01 17:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll

2013-09-12 11:29 - 2013-08-01 17:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll

2013-09-12 11:29 - 2013-08-01 17:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll

2013-09-12 11:29 - 2013-08-01 17:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll

2013-09-12 11:29 - 2013-08-01 17:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll

2013-09-12 11:29 - 2013-08-01 17:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll

2013-09-12 11:29 - 2013-08-01 17:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll

2013-09-12 11:29 - 2013-08-01 17:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll

2013-09-12 11:29 - 2013-08-01 17:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll

2013-09-12 11:29 - 2013-08-01 17:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll

2013-09-12 11:29 - 2013-08-01 17:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll

2013-09-12 11:29 - 2013-08-01 17:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll

2013-09-12 11:29 - 2013-08-01 17:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll

2013-09-12 11:29 - 2013-08-01 17:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll

2013-09-12 11:29 - 2013-08-01 17:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll

2013-09-12 11:29 - 2013-08-01 17:09 - 00338432 _____ (Microsoft Corporation) C:\Windows\System32\conhost.exe

2013-09-12 11:29 - 2013-08-01 16:59 - 00112640 _____ (Microsoft Corporation) C:\Windows\System32\smss.exe

2013-09-12 11:29 - 2013-08-01 16:45 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe

2013-09-12 11:29 - 2013-08-01 16:45 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll

2013-09-12 11:29 - 2013-08-01 16:45 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe

2013-09-12 11:29 - 2013-08-01 16:45 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe

2013-09-12 11:29 - 2013-08-01 16:43 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll

2013-09-12 11:29 - 2013-08-01 16:43 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll

2013-09-12 11:29 - 2013-08-01 16:43 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll

2013-09-12 11:29 - 2013-08-01 16:43 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll

2013-09-12 11:29 - 2013-07-25 18:24 - 14172672 _____ (Microsoft Corporation) C:\Windows\System32\shell32.dll

2013-09-12 11:29 - 2013-07-25 18:24 - 00197120 _____ (Microsoft Corporation) C:\Windows\System32\shdocvw.dll

2013-09-12 11:29 - 2013-07-25 17:55 - 12872704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll

2013-09-12 11:29 - 2013-07-25 17:55 - 00180224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shdocvw.dll
 

==================== One Month Modified Files and Folders =======
 

2013-09-26 19:43 - 2013-09-26 19:43 - 00000000 ____D C:\FRST

2013-09-25 12:59 - 2013-09-25 12:01 - 00000004 _____ C:\Users\Kochrian\AppData\Roaming\cache.ini

2013-09-25 12:58 - 2013-04-02 11:49 - 00000000 ___RD C:\Users\Kochrian\Dropbox

2013-09-25 12:58 - 2013-04-02 11:39 - 00000000 ____D C:\Users\Kochrian\AppData\Roaming\Dropbox

2013-09-25 12:57 - 2012-05-21 06:55 - 00000000 ____D C:\ProgramData\Kaspersky Lab

2013-09-25 12:56 - 2011-11-03 14:56 - 00045056 _____ C:\Windows\System32\acovcnt.exe

2013-09-25 12:56 - 2011-01-12 07:50 - 00001120 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job

2013-09-25 12:56 - 2009-07-13 21:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT

2013-09-25 12:56 - 2009-07-13 20:51 - 00156847 _____ C:\Windows\setupact.log

2013-09-25 12:09 - 2011-06-07 10:56 - 01588969 _____ C:\Windows\WindowsUpdate.log

2013-09-25 12:09 - 2009-07-13 20:45 - 00009920 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

2013-09-25 12:09 - 2009-07-13 20:45 - 00009920 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

2013-09-25 11:51 - 2013-09-25 11:51 - 00071680 ____R C:\Users\Kochrian\AppData\Roaming\cache.dat

2013-09-25 11:19 - 2011-01-12 07:50 - 00001124 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job

2013-09-25 11:10 - 2012-04-06 04:27 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job

2013-09-25 10:24 - 2009-08-04 01:51 - 00666264 _____ C:\Windows\System32\perfh007.dat

2013-09-25 10:24 - 2009-08-04 01:51 - 00134186 _____ C:\Windows\System32\perfc007.dat

2013-09-25 10:24 - 2009-07-13 21:13 - 01531054 _____ C:\Windows\System32\PerfStringBackup.INI

2013-09-25 10:21 - 2012-03-05 07:52 - 00003942 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{D171BCEA-83EC-4107-A51D-3DA7F51206A8}

2013-09-25 06:58 - 2013-09-22 13:10 - 00000000 ____D C:\Program Files\Recuva

2013-09-25 06:41 - 2013-09-22 13:10 - 00001704 _____ C:\Users\Public\Desktop\Recuva.lnk

2013-09-23 05:09 - 2011-12-10 08:13 - 01517056 ___SH C:\Users\Kochrian\Desktop\Thumbs.db

2013-09-22 13:44 - 2013-09-22 13:44 - 00000000 _____ C:\Windows\SysWOW64\sho4CDF.tmp

2013-09-22 13:14 - 2013-09-22 13:14 - 00000000 ____D C:\Users\Kochrian\Desktop\Wiederherstellung

2013-09-22 13:14 - 2011-11-03 14:55 - 00000000 ____D C:\users\Kochrian

2013-09-22 13:09 - 2013-09-22 13:09 - 03844296 _____ (Piriform Ltd) C:\Users\Kochrian\Downloads\rcsetup148.exe

2013-09-22 08:46 - 2013-09-22 08:46 - 00001061 _____ C:\Users\Public\Desktop\CardRecovery.lnk

2013-09-22 08:46 - 2013-09-22 08:46 - 00000000 ____D C:\Program Files (x86)\CardRecovery

2013-09-22 08:45 - 2013-09-22 08:45 - 00851400 _____ (WinRecovery Software                                        ) C:\Users\Kochrian\Downloads\cardrecovery_setup_de.exe

2013-09-22 07:10 - 2012-04-06 04:27 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe

2013-09-22 07:10 - 2012-04-06 04:27 - 00003822 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater

2013-09-22 07:10 - 2011-11-23 10:45 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl

2013-09-14 21:12 - 2011-06-07 11:32 - 00002014 _____ C:\Windows\System32\AutoRunFilter.ini

2013-09-14 21:11 - 2011-06-07 11:32 - 00001250 _____ C:\Windows\System32\ServiceFilter.ini

2013-09-14 15:00 - 2013-09-14 15:00 - 00000000 ____D C:\ProgramData\T-Online

2013-09-14 14:58 - 2013-09-14 14:58 - 00000000 ____D C:\Program Files (x86)\DSL-Manager

2013-09-14 14:58 - 2011-01-12 07:48 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information

2013-09-14 14:57 - 2013-09-14 14:57 - 04118552 _____ (T-Online                                                    ) C:\Users\Kochrian\Downloads\DSL-Manager_6.9.exe

2013-09-13 19:54 - 2011-06-07 10:52 - 00198884 _____ C:\Windows\PFRO.log

2013-09-12 19:30 - 2009-07-13 20:45 - 00302312 _____ C:\Windows\System32\FNTCACHE.DAT

2013-09-12 15:55 - 2013-08-14 14:44 - 00000000 ____D C:\Windows\System32\MRT

2013-09-12 15:55 - 2011-11-04 09:42 - 01558672 _____ C:\Windows\SysWOW64\PerfStringBackup.INI

2013-09-12 15:55 - 2011-11-04 09:42 - 00000000 ____D C:\Program Files (x86)\Microsoft Application Virtualization Client

2013-09-12 15:52 - 2012-08-13 19:39 - 79143768 _____ (Microsoft Corporation) C:\Windows\System32\MRT.exe

2013-09-12 15:47 - 2013-04-21 16:16 - 00040174 _____ C:\Users\Kochrian\Desktop\Siedler.xlsx

2013-09-12 15:47 - 2011-11-04 09:42 - 00000000 ____D C:\Users\Kochrian\AppData\Roaming\SoftGrid Client

2013-09-09 13:52 - 2013-08-04 05:49 - 00000000 ____D C:\Users\Kochrian\Desktop\skylander

2013-09-07 13:15 - 2012-03-26 18:51 - 00000000 ____D C:\Users\Kochrian\AppData\Local\CrashDumps
 

Files to move or delete:

====================

C:\Users\Kochrian\AppData\Roaming\cache.dat

C:\Users\Kochrian\AppData\Roaming\cache.ini
 
 

Some content of TEMP:

====================

C:\Users\Kochrian\AppData\Local\Temp\GdiPlus.dll

C:\Users\Kochrian\AppData\Local\Temp\IminentSetup.exe

C:\Users\Kochrian\AppData\Local\Temp\InstallerMessageBox.exe

C:\Users\Kochrian\AppData\Local\Temp\NPSInstallerProxy.exe

C:\Users\Kochrian\AppData\Local\Temp\NPSInstallerProxyMessageBoxHookDll.dll

C:\Users\Kochrian\AppData\Local\Temp\sfamcc00001.dll

C:\Users\Kochrian\AppData\Local\Temp\sfextra.dll

C:\Users\Kochrian\AppData\Local\Temp\uninst1.exe

C:\Users\Kochrian\AppData\Local\Temp\Uninstaller-1776.exe

C:\Users\Kochrian\AppData\Local\Temp\war3_Install.exe
 
 

==================== Known DLLs (Whitelisted) ================
 
 

==================== Bamital & volsnap Check =================
 

C:\Windows\System32\winlogon.exe => MD5 is legit

C:\Windows\System32\wininit.exe => MD5 is legit

C:\Windows\SysWOW64\wininit.exe => MD5 is legit

C:\Windows\explorer.exe => MD5 is legit

C:\Windows\SysWOW64\explorer.exe => MD5 is legit

C:\Windows\System32\svchost.exe => MD5 is legit

C:\Windows\SysWOW64\svchost.exe => MD5 is legit

C:\Windows\System32\services.exe => MD5 is legit

C:\Windows\System32\User32.dll => MD5 is legit

C:\Windows\SysWOW64\User32.dll => MD5 is legit

C:\Windows\System32\userinit.exe => MD5 is legit

C:\Windows\SysWOW64\userinit.exe => MD5 is legit

C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
 

==================== EXE ASSOCIATION =====================
 

HKLM\...\.exe: exefile => OK

HKLM\...\exefile\DefaultIcon: %1 => OK

HKLM\...\exefile\open\command: "%1" %* => OK
 

==================== Restore Points  =========================
 

6

Restore point made on: 2013-09-12 11:08:36

Restore point made on: 2013-09-12 15:48:31

Restore point made on: 2013-09-14 14:58:23

Restore point made on: 2013-09-14 14:59:38

Restore point made on: 2013-09-17 02:31:34

Restore point made on: 2013-09-22 06:50:34
 

==================== Memory info =========================== 
 

Percentage of memory in use: 15%

Total physical RAM: 4007.77 MB

Available physical RAM: 3395.09 MB

Total Pagefile: 4005.92 MB

Available Pagefile: 3401.85 MB

Total Virtual: 8192 MB

Available Virtual: 8191.87 MB
 

==================== Drives ================================
 

Drive c: (OS) (Fixed) (Total:125.03 GB) (Free:9.84 GB) NTFS ==>[System with boot components (obtained from reading drive)]

Drive d: (Data) (Fixed) (Total:148.06 GB) (Free:128.56 GB) NTFS

Drive f: (USB Disk) (Removable) (Total:3.73 GB) (Free:0.4 GB) FAT32

Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
 

==================== MBR & Partition Table ==================
 

========================================================

Disk: 0 (MBR Code: Windows 7 or 8) (Size: 298 GB) (Disk ID: 343771F7)

Partition 1: (Not Active) - (Size=25 GB) - (Type=1C)

Partition 2: (Active) - (Size=125 GB) - (Type=07 NTFS)

Partition 3: (Not Active) - (Size=148 GB) - (Type=OF Extended)
 

========================================================

Disk: 1 (MBR Code: Windows XP) (Size: 4 GB) (Disk ID: C3072E18)

Partition 1: (Active) - (Size=4 GB) - (Type=0C)
 
 

LastRegBack: 2013-09-07 02:04
 

==================== End Of Log ============================

--- --- ---

Drücke bitte die

+ R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument

Code:

HKU\Kochrian\...\Winlogon: [Shell] explorer.exe,C:\Users\Kochrian\AppData\Roaming\cache.dat [71680 2013-09-25] () <==== ATTENTION 

C:\Users\Kochrian\AppData\Roaming\cache.dat

C:\Users\Kochrian\AppData\Roaming\cache.ini

Speichere diese bitte als Fixlist.txt auf deinem USB Stick.

Starte deinen Rechner erneut in die Reparaturoptionen
Starte nun die FRST.exe erneut und klicke den Entfernen Button.

Das Tool erstellt eine Fixlog.txt auf deinem USB Stick. Poste den Inhalt bitte hier.

Rechner normal starten.

Vielen, vielen Dank für die ganze Mühe bisher. Ihr erklärt das echt toll. Danke euch.

Hier ist der Inhalt vom Fixlog.txt:

Code:

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 26-09-2013

Ran by SYSTEM at 2013-09-27 13:37:30 Run:1

Running from F:\

Boot Mode: Recovery

==============================================
 

Content of fixlist:

*****************

HKU\Kochrian\...\Winlogon: [Shell] explorer.exe,C:\Users\Kochrian\AppData\Roaming\cache.dat [71680 2013-09-25] () <==== ATTENTION 

C:\Users\Kochrian\AppData\Roaming\cache.dat

C:\Users\Kochrian\AppData\Roaming\cache.ini

         

*****************
 

HKU\Kochrian\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell => Value deleted successfully.

C:\Users\Kochrian\AppData\Roaming\cache.dat => Moved successfully.

C:\Users\Kochrian\AppData\Roaming\cache.ini => Moved successfully.
 

==== End of Fixlog ====

Kann den Rechner nun wieder "normal" benutzen.
Allerdings erscheint beim Hochfahren immer die Meldung:

Einer der Datenträger muss auf Konsistenz überprüft werden....

Hatte das vorher noch nie, was ist das? Hab das mal durchlaufen lassen, aber in der sogenannten Phase 2 stockt es bei 57 % und geht nicht weiter. Ich komme nur in den "normalen Zustand" wenn ich es beim Hochfahren abbreche, bevor die Überprüfung beginnt.

Habe nun mal Kaspersky 2013 eine vollständige Untersuchung durchführen lassen und dabei hat er Malware gefunden. Ist ganz rot mit Ausrufezeichen.

Wenn ich es mir anzeigen lasse, dann steht da:

Gefunden: HEUR:Trojan.win32.Generic
Object: C:\Dokuments an Settings\Kochrian...

Hat das Ding nun so viel kaputt gemacht? Wie bekomm ich es wieder los? Besteht noch eine Chance?

Muss ich jetzt einen neuen Thread mit den neuen Problemen aufmachen?

Immer locker, wir sind noch nit fertig. Ab jetzt im normalen Modus:

Downloade Dir bitte

Malwarebytes Anti-Malware

Installiere das Programm in den vorgegebenen Pfad. (Bebilderte Anleitung zu MBAM)
Starte Malwarebytes' Anti-Malware (MBAM).
Klicke im Anschluss auf Scannen, wähle den Bedrohungssuchlauf aus und klicke auf Suchlauf starten.
Lass am Ende des Suchlaufs alle Funde (falls vorhanden) in die Quarantäne verschieben. Klicke dazu auf Auswahl entfernen.
Lass deinen Rechner ggf. neu starten, um die Bereinigung abzuschließen.
Starte MBAM, klicke auf Verlauf und dann auf Anwendungsprotokolle.
Wähle das neueste Scan-Protokoll aus und klicke auf Export. Wähle Textdatei (.txt) aus und speichere die Datei als mbam.txt auf dem Desktop ab. Das Logfile von MBAM findest du hier.
Füge den Inhalt der mbam.txt mit deiner nächsten Antwort hinzu.

Downloade Dir bitte

AdwCleaner auf deinen Desktop.

Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
Starte die AdwCleaner.exe mit einem Doppelklick.
Stimme den Nutzungsbedingungen zu.
Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
- "Tracing" Schlüssel löschen
- Winsock Einstellungen zurücksetzen
- Proxy Einstellungen zurücksetzen
- Internet Explorer Richtlinien zurücksetzen
- Chrome Richtlinien zurücksetzen
- Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
Drücke eine beliebige Taste, um das Tool zu starten.
Je nach System kann der Scan eine Weile dauern.
Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.

und ein frisches FRST log bitte.

Danke dir Schrauber, dass dich meiner annimmst

Hier der Logfile von Malwarebytes

Code:

Malwarebytes Anti-Malware (Test) 1.75.0.1300

www.malwarebytes.org
 

Datenbank Version: v2013.09.28.08
 

Windows 7 Service Pack 1 x64 NTFS

Internet Explorer 10.0.9200.16686

Kochrian :: INFINITY [Administrator]
 

Schutz: Aktiviert
 

28.09.2013 18:23:51

mbam-log-2013-09-28 (18-23-51).txt
 

Art des Suchlaufs: Quick-Scan

Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM

Deaktivierte Suchlaufeinstellungen: P2P

Durchsuchte Objekte: 224986

Laufzeit: 8 Minute(n), 32 Sekunde(n)
 

Infizierte Speicherprozesse: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Speichermodule: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Registrierungsschlüssel: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Registrierungswerte: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Dateiobjekte der Registrierung: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Verzeichnisse: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Dateien: 7

C:\Users\Kochrian\Desktop\pcpholasetup.exe (Adware.InstallBrain) -> Erfolgreich gelöscht und in Quarantäne gestellt.

C:\Users\Kochrian\AppData\Local\Temp\isl+gV+1.zip.part (Malware.Packer.ORPC) -> Erfolgreich gelöscht und in Quarantäne gestellt.

C:\Users\Kochrian\AppData\Local\Temp\jxaFzsQk.zip.part (Malware.Packer.ORPC) -> Erfolgreich gelöscht und in Quarantäne gestellt.

C:\Users\Kochrian\AppData\Local\Temp\video.hd.zip (Malware.Packer.ORPC) -> Erfolgreich gelöscht und in Quarantäne gestellt.

C:\Users\Kochrian\AppData\Local\Temp\B527EC38-BAB0-7891-AB0D-DE85F82199CE\Setup.exe (PUP.Optional.Babylon.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.

C:\Users\Kochrian\AppData\Local\Temp\B527EC38-BAB0-7891-AB0D-DE85F82199CE\Latest\CrxInstaller.dll (PUP.Optional.Babylon.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.

C:\Users\Kochrian\AppData\Local\Temp\B527EC38-BAB0-7891-AB0D-DE85F82199CE\Latest\Setup.exe (PUP.Optional.Babylon.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
 

(Ende)

Hier ist der Logfile vom AdwCleaner:

Code:

# AdwCleaner v3.005 - Bericht erstellt am 28/09/2013 um 19:37:21

# Updated 22/09/2013 von Xplode

# Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits)

# Benutzername : Kochrian - INFINITY

# Gestartet von : C:\Users\Kochrian\Downloads\adwcleaner.exe

# Option : Löschen
 

***** [ Dienste ] *****
 
 

***** [ Dateien / Ordner ] *****
 
 

***** [ Verknüpfungen ] *****
 
 

***** [ Registrierungsdatenbank ] *****
 
 

***** [ Browser ] *****
 

-\\ Internet Explorer v10.0.9200.16686
 
 

-\\ Mozilla Firefox v23.0.1 (de)
 

[ Datei : C:\Users\Kochrian\AppData\Roaming\Mozilla\Firefox\Profiles\yugsi656.default\prefs.js ]
 
 

-\\ Google Chrome v
 

[ Datei : C:\Users\Kochrian\AppData\Local\Google\Chrome\User Data\Default\preferences ]
 
 

*************************
 

AdwCleaner[R0].txt - [18849 octets] - [27/09/2013 15:02:56]

AdwCleaner[R1].txt - [1049 octets] - [28/09/2013 19:36:33]

AdwCleaner[S0].txt - [18547 octets] - [27/09/2013 15:03:50]

AdwCleaner[S1].txt - [972 octets] - [28/09/2013 19:37:21]
 

########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [1031 octets] ##########

Hier das Logfile von Junkware Removal Tool:

Code:

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Junkware Removal Tool (JRT) by Thisisu

Version: 6.0.3 (09.27.2013:1)

OS: Windows 7 Home Premium x64

Ran by Kochrian on 28.09.2013 at 19:49:34,93

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 

~~~ Services
 
 
 

~~~ Registry Values
 
 
 

~~~ Registry Keys
 
 
 

~~~ Files
 

Successfully deleted: [File] C:\Windows\syswow64\sho33AC.tmp

Successfully deleted: [File] C:\Windows\syswow64\sho42FC.tmp

Successfully deleted: [File] C:\Windows\syswow64\sho43AF.tmp

Successfully deleted: [File] C:\Windows\syswow64\sho43C8.tmp

Successfully deleted: [File] C:\Windows\syswow64\sho4CDF.tmp

Successfully deleted: [File] C:\Windows\syswow64\sho56F.tmp

Successfully deleted: [File] C:\Windows\syswow64\sho5AF0.tmp

Successfully deleted: [File] C:\Windows\syswow64\sho62F5.tmp

Successfully deleted: [File] C:\Windows\syswow64\sho78D7.tmp

Successfully deleted: [File] C:\Windows\syswow64\sho7E33.tmp

Successfully deleted: [File] C:\Windows\syswow64\sho872B.tmp

Successfully deleted: [File] C:\Windows\syswow64\sho8988.tmp

Successfully deleted: [File] C:\Windows\syswow64\sho8EA9.tmp

Successfully deleted: [File] C:\Windows\syswow64\sho9303.tmp

Successfully deleted: [File] C:\Windows\syswow64\shoA4BC.tmp

Successfully deleted: [File] C:\Windows\syswow64\shoBF57.tmp

Successfully deleted: [File] C:\Windows\syswow64\shoC107.tmp

Successfully deleted: [File] C:\Windows\syswow64\shoC303.tmp

Successfully deleted: [File] C:\Windows\syswow64\shoCF34.tmp

Successfully deleted: [File] C:\Windows\syswow64\shoD562.tmp

Successfully deleted: [File] C:\Windows\syswow64\shoD983.tmp

Successfully deleted: [File] C:\Windows\syswow64\shoD992.tmp

Successfully deleted: [File] C:\Windows\syswow64\shoE40B.tmp

Successfully deleted: [File] C:\Windows\syswow64\shoED95.tmp

Successfully deleted: [File] C:\Windows\syswow64\shoEF01.tmp

Successfully deleted: [File] C:\Windows\syswow64\shoFB41.tmp
 
 
 

~~~ Folders
 

Successfully deleted: [Empty Folder] C:\Users\Kochrian\appdata\local\{7B366A42-FBF9-4F7E-BA55-415EE8E51CBE}

Successfully deleted: [Empty Folder] C:\Users\Kochrian\appdata\local\{E51E23FF-0CA2-4D77-B366-8F66B639A6E8}
 
 
 

~~~ FireFox
 

Emptied folder: C:\Users\Kochrian\AppData\Roaming\mozilla\firefox\profiles\yugsi656.default\minidumps [247 files]
 
 
 

~~~ Event Viewer Logs were cleared
 
 
 
 
 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Scan was completed on 28.09.2013 at 20:00:04,91

End of JRT log

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Hier ist nun der FRST Log:

FRST Logfile:

FRST Logfile:

Code:

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 26-09-2013

Ran by SYSTEM on MININT-CUB9VMA on 28-09-2013 20:18:45

Running from F:\

Windows 7 Home Premium (X64) OS Language: English(US)

Internet Explorer Version 10

Boot Mode: Recovery
 

The current controlset is ControlSet001
 ATTENTION!:=====> If the system is bootable FRST could be run from normal or Safe mode to create a complete log.
 

==================== Registry (Whitelisted) ==================
 

HKLM\...\Run: [ASUS WebStorage] - C:\Program Files (x86)\ASUS\ASUS WebStorage\SERVICE\AsusWSService.exe [1754448 2010-03-15] ()

HKLM\...\Run: [HotKeysCmds] - C:\Windows\system32\hkcmd.exe [ ] ()

HKLM\...\Run: [RtHDVBg] - C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2188904 2011-01-17] (Realtek Semiconductor)

HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2712360 2011-03-03] (Synaptics Incorporated)

HKLM\...\Run: [IntelWireless] - C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe [1933584 2010-11-02] (Intel(R) Corporation)

HKLM\...\Run: [SynAsusAcpi] - C:\Program Files\Synaptics\SynTP\SynAsusAcpi.exe [97064 2011-03-03] (Synaptics Incorporated)

HKLM\...\Run: [Setwallpaper] - c:\programdata\SetWallpaper.cmd

HKLM\...\Run: [Logitech Download Assistant] - C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch

Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)

HKLM-x32\...\Run: [UpdateLBPShortCut] - C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe [222504 2009-05-19] (CyberLink Corp.)

HKLM-x32\...\Run: [UpdateP2GoShortCut] - C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe [222504 2009-05-19] (CyberLink Corp.)

HKLM-x32\...\Run: [Nuance PDF Reader-reminder] - C:\ProgramData\Nuance\PDF Reader\Ereg\Ereg.ini [356 2013-09-28] ()

HKLM-x32\...\Run: [SonicMasterTray] - C:\Program Files (x86)\ASUS\Sonic Focus\SonicFocusTray.exe [984400 2010-07-09] (Virage Logic Corporation / Sonic Focus)

HKLM-x32\...\Run: [ATKOSD2] - C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe [5732992 2010-08-17] (ASUS)

HKLM-x32\...\Run: [ATKMEDIA] - C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe [170624 2010-10-07] (ASUS)

HKLM-x32\...\Run: [HControlUser] - C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe [105016 2009-06-19] (ASUS)

HKLM-x32\...\Run: [Wireless Console 3] - C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe [1601536 2010-09-23] ()

HKLM-x32\...\Run: [FreePDFAssistent] - C:\Program Files (x86)\FreePDF\FreePDFA.exe [122880 2003-05-28] (shbox)

HKLM-x32\...\Run: [AVP] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\avp.exe [356376 2013-02-28] (Kaspersky Lab ZAO)

HKLM-x32\...\Run: [PDFPrint] - C:\Program Files (x86)\PDF24\pdf24.exe [162856 2013-06-10] (Geek Software GmbH)

HKU\Kochrian\...\Run: [Exetender_148] - C:\Program Files (x86)\FreeRide Games\GPlayer.exe [4945816 2012-11-25] (Exent Technologies Ltd.)

HKU\UpdatusUser\...\Run: [ISUSPM] - C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe [222496 2009-05-05] (Acresso Corporation)

HKU\UpdatusUser\...\Run: [swg] - "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"

AppInit_DLLs: C:\Windows\system32\nvinitx.dll [226920 2011-02-21] (NVIDIA Corporation)

AppInit_DLLs-x32: c:\windows\syswow64\nvinit.dll [192616 2011-02-21] (NVIDIA Corporation)

Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\DSL-Manager.lnk

ShortcutTarget: DSL-Manager.lnk -> C:\Program Files (x86)\DSL-Manager\DslMgr.exe (T-Systems Enterprise Services GmbH)

Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\DSL-Manager.lnk

ShortcutTarget: DSL-Manager.lnk -> C:\Program Files (x86)\DSL-Manager\DslMgr.exe (T-Systems Enterprise Services GmbH)

Startup: C:\Users\Kochrian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk

ShortcutTarget: Dropbox.lnk ->  (No File)

Startup: C:\Users\Kochrian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\DSL-Manager.lnk

ShortcutTarget: DSL-Manager.lnk -> C:\Program Files (x86)\DSL-Manager\DslMgr.exe (T-Systems Enterprise Services GmbH)
 

==================== Services (Whitelisted) =================
 

S2 AVP; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\avp.exe [356376 2013-02-28] (Kaspersky Lab ZAO)

S2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)

S2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)

S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [340240 2010-11-02] ()

S3 TDslMgrService; C:\Program Files (x86)\DSL-Manager\DslMgrSvc.exe [307200 2008-10-23] (T-Systems Enterprise Services GmbH)
 

==================== Drivers (Whitelisted) ====================
 

S3 bsitf; C:\Program Files (x86)\ASUS\WinFlash\bsitf64.sys [13440 2010-01-05] (ASUSTek Computer Inc.)

S3 bsitf; C:\Program Files (x86)\ASUS\WinFlash\bsitf64.sys [13440 2010-01-05] (ASUSTek Computer Inc.)

S1 DslMNLwf; C:\Windows\System32\DRIVERS\dslmnlwf.sys [19008 2007-08-01] (T-Systems Enterprise Services GmbH)

S3 kbfiltr; C:\Windows\System32\DRIVERS\kbfiltr.sys [15416 2009-07-20] ( )

S0 KL1; C:\Windows\System32\DRIVERS\kl1.sys [458584 2012-06-19] (Kaspersky Lab ZAO)

S1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [620128 2013-05-19] (Kaspersky Lab ZAO)

S1 KLIM6; C:\Windows\System32\DRIVERS\klim6.sys [28504 2012-08-02] (Kaspersky Lab ZAO)

S3 klkbdflt; C:\Windows\System32\DRIVERS\klkbdflt.sys [29016 2013-02-28] (Kaspersky Lab)

S3 klmouflt; C:\Windows\System32\DRIVERS\klmouflt.sys [29528 2013-02-28] (Kaspersky Lab)

S1 kltdi; C:\Windows\System32\DRIVERS\kltdi.sys [54368 2013-06-18] (Kaspersky Lab ZAO)

S1 kneps; C:\Windows\System32\DRIVERS\kneps.sys [178448 2013-05-19] (Kaspersky Lab ZAO)

S3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)

S3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)

S3 PciDumpr; C:\Program Files (x86)\Common Files\T-Com\DSLCheck\PciDumpr.sys [2144 2001-01-26] ()

S3 PciDumpr; C:\Program Files (x86)\Common Files\T-Com\DSLCheck\PciDumpr.sys [2144 2001-01-26] ()

S2 X5XSEx_Pr148; C:\Program Files (x86)\FreeRide Games\X5XSEx_Pr148.Sys [56136 2012-08-02] (Exent Technologies Ltd.)

S2 X5XSEx_Pr148; C:\Program Files (x86)\FreeRide Games\X5XSEx_Pr148.Sys [56136 2012-08-02] (Exent Technologies Ltd.)

S5 klflt; C:\Windows\System32\Drivers\klflt.sys [90208 2013-05-19] (Kaspersky Lab ZAO)
 

==================== NetSvcs (Whitelisted) ===================
 
 

==================== One Month Created Files and Folders ========
 

2013-09-28 10:00 - 2013-09-28 10:00 - 00002597 _____ C:\Users\Kochrian\Desktop\JRT.txt

2013-09-28 09:43 - 2013-09-28 09:43 - 01030305 _____ (Thisisu) C:\Users\Kochrian\Desktop\JRT.exe

2013-09-28 09:43 - 2013-09-28 09:43 - 00000000 ____D C:\Windows\ERUNT

2013-09-28 08:19 - 2013-09-28 08:19 - 00001115 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

2013-09-28 08:19 - 2013-09-28 08:19 - 00000000 ____D C:\Users\Kochrian\AppData\Roaming\Malwarebytes

2013-09-28 08:19 - 2013-09-28 08:19 - 00000000 ____D C:\ProgramData\Malwarebytes

2013-09-28 08:19 - 2013-09-28 08:19 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware

2013-09-28 08:19 - 2013-04-04 04:50 - 00025928 _____ (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys

2013-09-28 08:18 - 2013-09-28 08:18 - 10285040 _____ (Malwarebytes Corporation                                    ) C:\Users\Kochrian\Downloads\mbam-setup-1.75.0.1300.exe

2013-09-27 05:02 - 2013-09-28 09:37 - 00000000 ____D C:\AdwCleaner

2013-09-27 05:02 - 2013-09-27 05:02 - 01042066 _____ C:\Users\Kochrian\Downloads\adwcleaner.exe

2013-09-26 19:43 - 2013-09-26 19:43 - 00000000 ____D C:\FRST

2013-09-22 13:14 - 2013-09-22 13:14 - 00000000 ____D C:\Users\Kochrian\Desktop\Wiederherstellung

2013-09-22 13:10 - 2013-09-25 06:58 - 00000000 ____D C:\Program Files\Recuva

2013-09-22 13:10 - 2013-09-25 06:41 - 00001704 _____ C:\Users\Public\Desktop\Recuva.lnk

2013-09-22 13:09 - 2013-09-22 13:09 - 03844296 _____ (Piriform Ltd) C:\Users\Kochrian\Downloads\rcsetup148.exe

2013-09-22 08:46 - 2013-09-22 08:46 - 00001061 _____ C:\Users\Public\Desktop\CardRecovery.lnk

2013-09-22 08:46 - 2013-09-22 08:46 - 00000000 ____D C:\Program Files (x86)\CardRecovery

2013-09-22 08:45 - 2013-09-22 08:45 - 00851400 _____ (WinRecovery Software                                        ) C:\Users\Kochrian\Downloads\cardrecovery_setup_de.exe

2013-09-14 15:00 - 2013-09-14 15:00 - 00000000 ____D C:\ProgramData\T-Online

2013-09-14 14:59 - 2007-09-12 07:24 - 00041024 _____ (Printing Communications Assoc., Inc. (PCAUSA)) C:\Windows\System32\Drivers\DslTestSp5a64.sys

2013-09-14 14:58 - 2013-09-14 14:58 - 00000000 ____D C:\Program Files (x86)\DSL-Manager

2013-09-14 14:58 - 2007-08-01 04:49 - 00019008 _____ (T-Systems Enterprise Services GmbH) C:\Windows\System32\Drivers\dslmnlwf.sys

2013-09-14 14:57 - 2013-09-14 14:57 - 04118552 _____ (T-Online                                                    ) C:\Users\Kochrian\Downloads\DSL-Manager_6.9.exe

2013-09-12 15:55 - 2013-08-09 21:22 - 02241024 _____ (Microsoft Corporation) C:\Windows\System32\wininet.dll

2013-09-12 15:55 - 2013-08-09 21:22 - 01365504 _____ (Microsoft Corporation) C:\Windows\System32\urlmon.dll

2013-09-12 15:55 - 2013-08-09 21:22 - 00051712 _____ (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe

2013-09-12 15:55 - 2013-08-09 21:21 - 19246592 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.dll

2013-09-12 15:55 - 2013-08-09 21:21 - 00603136 _____ (Microsoft Corporation) C:\Windows\System32\msfeeds.dll

2013-09-12 15:55 - 2013-08-09 21:21 - 00053248 _____ (Microsoft Corporation) C:\Windows\System32\jsproxy.dll

2013-09-12 15:55 - 2013-08-09 21:20 - 15404544 _____ (Microsoft Corporation) C:\Windows\System32\ieframe.dll

2013-09-12 15:55 - 2013-08-09 21:20 - 03959296 _____ (Microsoft Corporation) C:\Windows\System32\jscript9.dll

2013-09-12 15:55 - 2013-08-09 21:20 - 02647040 _____ (Microsoft Corporation) C:\Windows\System32\iertutil.dll

2013-09-12 15:55 - 2013-08-09 21:20 - 00855552 _____ (Microsoft Corporation) C:\Windows\System32\jscript.dll

2013-09-12 15:55 - 2013-08-09 21:20 - 00526336 _____ (Microsoft Corporation) C:\Windows\System32\ieui.dll

2013-09-12 15:55 - 2013-08-09 21:20 - 00136704 _____ (Microsoft Corporation) C:\Windows\System32\iesysprep.dll

2013-09-12 15:55 - 2013-08-09 21:20 - 00067072 _____ (Microsoft Corporation) C:\Windows\System32\iesetup.dll

2013-09-12 15:55 - 2013-08-09 21:20 - 00039936 _____ (Microsoft Corporation) C:\Windows\System32\iernonce.dll

2013-09-12 15:55 - 2013-08-09 19:59 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll

2013-09-12 15:55 - 2013-08-09 19:59 - 01141248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll

2013-09-12 15:55 - 2013-08-09 19:58 - 14332928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll

2013-09-12 15:55 - 2013-08-09 19:58 - 13761024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll

2013-09-12 15:55 - 2013-08-09 19:58 - 02876928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll

2013-09-12 15:55 - 2013-08-09 19:58 - 02048000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll

2013-09-12 15:55 - 2013-08-09 19:58 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll

2013-09-12 15:55 - 2013-08-09 19:58 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll

2013-09-12 15:55 - 2013-08-09 19:58 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll

2013-09-12 15:55 - 2013-08-09 19:58 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll

2013-09-12 15:55 - 2013-08-09 19:58 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll

2013-09-12 15:55 - 2013-08-09 19:58 - 00039424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll

2013-09-12 15:55 - 2013-08-09 19:58 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll

2013-09-12 15:55 - 2013-08-09 19:17 - 02706432 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.tlb

2013-09-12 15:55 - 2013-08-09 19:07 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb

2013-09-12 15:55 - 2013-08-09 18:27 - 00089600 _____ (Microsoft Corporation) C:\Windows\System32\RegisterIEPKEYs.exe

2013-09-12 15:55 - 2013-08-09 18:17 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe

2013-09-12 11:29 - 2013-08-07 17:20 - 03155456 _____ (Microsoft Corporation) C:\Windows\System32\win32k.sys

2013-09-12 11:29 - 2013-08-04 18:25 - 00155584 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\ataport.sys

2013-09-12 11:29 - 2013-08-01 18:23 - 05550528 _____ (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe

2013-09-12 11:29 - 2013-08-01 18:15 - 01732032 _____ (Microsoft Corporation) C:\Windows\System32\ntdll.dll

2013-09-12 11:29 - 2013-08-01 18:15 - 00362496 _____ (Microsoft Corporation) C:\Windows\System32\wow64win.dll

2013-09-12 11:29 - 2013-08-01 18:15 - 00243712 _____ (Microsoft Corporation) C:\Windows\System32\wow64.dll

2013-09-12 11:29 - 2013-08-01 18:15 - 00013312 _____ (Microsoft Corporation) C:\Windows\System32\wow64cpu.dll

2013-09-12 11:29 - 2013-08-01 18:14 - 00215040 _____ (Microsoft Corporation) C:\Windows\System32\winsrv.dll

2013-09-12 11:29 - 2013-08-01 18:14 - 00016384 _____ (Microsoft Corporation) C:\Windows\System32\ntvdm64.dll

2013-09-12 11:29 - 2013-08-01 18:13 - 01161216 _____ (Microsoft Corporation) C:\Windows\System32\kernel32.dll

2013-09-12 11:29 - 2013-08-01 18:13 - 00424448 _____ (Microsoft Corporation) C:\Windows\System32\KernelBase.dll

2013-09-12 11:29 - 2013-08-01 18:12 - 00043520 _____ (Microsoft Corporation) C:\Windows\System32\csrsrv.dll

2013-09-12 11:29 - 2013-08-01 18:12 - 00006656 _____ (Microsoft Corporation) C:\Windows\System32\apisetschema.dll

2013-09-12 11:29 - 2013-08-01 18:12 - 00006144 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-security-base-l1-1-0.dll

2013-09-12 11:29 - 2013-08-01 18:12 - 00005120 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-file-l1-1-0.dll

2013-09-12 11:29 - 2013-08-01 18:12 - 00004608 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-threadpool-l1-1-0.dll

2013-09-12 11:29 - 2013-08-01 18:12 - 00004608 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-processthreads-l1-1-0.dll

2013-09-12 11:29 - 2013-08-01 18:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-sysinfo-l1-1-0.dll

2013-09-12 11:29 - 2013-08-01 18:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-synch-l1-1-0.dll

2013-09-12 11:29 - 2013-08-01 18:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-localregistry-l1-1-0.dll

2013-09-12 11:29 - 2013-08-01 18:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-localization-l1-1-0.dll

2013-09-12 11:29 - 2013-08-01 18:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-rtlsupport-l1-1-0.dll

2013-09-12 11:29 - 2013-08-01 18:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-processenvironment-l1-1-0.dll

2013-09-12 11:29 - 2013-08-01 18:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-namedpipe-l1-1-0.dll

2013-09-12 11:29 - 2013-08-01 18:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-misc-l1-1-0.dll

2013-09-12 11:29 - 2013-08-01 18:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-memory-l1-1-0.dll

2013-09-12 11:29 - 2013-08-01 18:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-libraryloader-l1-1-0.dll

2013-09-12 11:29 - 2013-08-01 18:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-heap-l1-1-0.dll

2013-09-12 11:29 - 2013-08-01 18:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-xstate-l1-1-0.dll

2013-09-12 11:29 - 2013-08-01 18:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-util-l1-1-0.dll

2013-09-12 11:29 - 2013-08-01 18:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-string-l1-1-0.dll

2013-09-12 11:29 - 2013-08-01 18:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-profile-l1-1-0.dll

2013-09-12 11:29 - 2013-08-01 18:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-io-l1-1-0.dll

2013-09-12 11:29 - 2013-08-01 18:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-interlocked-l1-1-0.dll

2013-09-12 11:29 - 2013-08-01 18:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-handle-l1-1-0.dll

2013-09-12 11:29 - 2013-08-01 18:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-fibers-l1-1-0.dll

2013-09-12 11:29 - 2013-08-01 18:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-errorhandling-l1-1-0.dll

2013-09-12 11:29 - 2013-08-01 18:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-delayload-l1-1-0.dll

2013-09-12 11:29 - 2013-08-01 18:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-debug-l1-1-0.dll

2013-09-12 11:29 - 2013-08-01 18:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-datetime-l1-1-0.dll

2013-09-12 11:29 - 2013-08-01 18:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-console-l1-1-0.dll

2013-09-12 11:29 - 2013-08-01 17:59 - 03968960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe

2013-09-12 11:29 - 2013-08-01 17:59 - 03913664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe

2013-09-12 11:29 - 2013-08-01 17:51 - 01292192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll

2013-09-12 11:29 - 2013-08-01 17:50 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll

2013-09-12 11:29 - 2013-08-01 17:50 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll

2013-09-12 11:29 - 2013-08-01 17:50 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll

2013-09-12 11:29 - 2013-08-01 17:48 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll

2013-09-12 11:29 - 2013-08-01 17:48 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll

2013-09-12 11:29 - 2013-08-01 17:48 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll

2013-09-12 11:29 - 2013-08-01 17:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll

2013-09-12 11:29 - 2013-08-01 17:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll

2013-09-12 11:29 - 2013-08-01 17:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll

2013-09-12 11:29 - 2013-08-01 17:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll

2013-09-12 11:29 - 2013-08-01 17:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll

2013-09-12 11:29 - 2013-08-01 17:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll

2013-09-12 11:29 - 2013-08-01 17:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll

2013-09-12 11:29 - 2013-08-01 17:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll

2013-09-12 11:29 - 2013-08-01 17:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll

2013-09-12 11:29 - 2013-08-01 17:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll

2013-09-12 11:29 - 2013-08-01 17:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll

2013-09-12 11:29 - 2013-08-01 17:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll

2013-09-12 11:29 - 2013-08-01 17:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll

2013-09-12 11:29 - 2013-08-01 17:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll

2013-09-12 11:29 - 2013-08-01 17:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll

2013-09-12 11:29 - 2013-08-01 17:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll

2013-09-12 11:29 - 2013-08-01 17:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll

2013-09-12 11:29 - 2013-08-01 17:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll

2013-09-12 11:29 - 2013-08-01 17:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll

2013-09-12 11:29 - 2013-08-01 17:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll

2013-09-12 11:29 - 2013-08-01 17:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll

2013-09-12 11:29 - 2013-08-01 17:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll

2013-09-12 11:29 - 2013-08-01 17:09 - 00338432 _____ (Microsoft Corporation) C:\Windows\System32\conhost.exe

2013-09-12 11:29 - 2013-08-01 16:59 - 00112640 _____ (Microsoft Corporation) C:\Windows\System32\smss.exe

2013-09-12 11:29 - 2013-08-01 16:45 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe

2013-09-12 11:29 - 2013-08-01 16:45 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll

2013-09-12 11:29 - 2013-08-01 16:45 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe

2013-09-12 11:29 - 2013-08-01 16:45 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe

2013-09-12 11:29 - 2013-08-01 16:43 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll

2013-09-12 11:29 - 2013-08-01 16:43 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll

2013-09-12 11:29 - 2013-08-01 16:43 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll

2013-09-12 11:29 - 2013-08-01 16:43 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll

2013-09-12 11:29 - 2013-07-25 18:24 - 14172672 _____ (Microsoft Corporation) C:\Windows\System32\shell32.dll

2013-09-12 11:29 - 2013-07-25 18:24 - 00197120 _____ (Microsoft Corporation) C:\Windows\System32\shdocvw.dll

2013-09-12 11:29 - 2013-07-25 17:55 - 12872704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll

2013-09-12 11:29 - 2013-07-25 17:55 - 00180224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shdocvw.dll
 

==================== One Month Modified Files and Folders =======
 

2013-09-28 10:17 - 2011-06-07 10:56 - 01690032 _____ C:\Windows\WindowsUpdate.log

2013-09-28 10:10 - 2012-04-06 04:27 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job

2013-09-28 10:06 - 2012-05-21 06:55 - 00000000 ____D C:\ProgramData\Kaspersky Lab

2013-09-28 10:00 - 2013-09-28 10:00 - 00002597 _____ C:\Users\Kochrian\Desktop\JRT.txt

2013-09-28 09:47 - 2009-07-13 20:45 - 00009920 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

2013-09-28 09:47 - 2009-07-13 20:45 - 00009920 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

2013-09-28 09:43 - 2013-09-28 09:43 - 01030305 _____ (Thisisu) C:\Users\Kochrian\Desktop\JRT.exe

2013-09-28 09:43 - 2013-09-28 09:43 - 00000000 ____D C:\Windows\ERUNT

2013-09-28 09:40 - 2013-04-02 11:49 - 00000000 ___RD C:\Users\Kochrian\Dropbox

2013-09-28 09:40 - 2013-04-02 11:39 - 00000000 ____D C:\Users\Kochrian\AppData\Roaming\Dropbox

2013-09-28 09:38 - 2011-11-03 14:56 - 00045056 _____ C:\Windows\System32\acovcnt.exe

2013-09-28 09:38 - 2011-01-12 07:50 - 00001120 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job

2013-09-28 09:38 - 2009-07-13 21:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT

2013-09-28 09:38 - 2009-07-13 20:51 - 00157183 _____ C:\Windows\setupact.log

2013-09-28 09:37 - 2013-09-27 05:02 - 00000000 ____D C:\AdwCleaner

2013-09-28 09:31 - 2011-06-07 11:32 - 00001276 _____ C:\Windows\System32\ServiceFilter.ini

2013-09-28 09:30 - 2011-06-07 10:52 - 00200922 _____ C:\Windows\PFRO.log

2013-09-28 08:19 - 2013-09-28 08:19 - 00001115 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

2013-09-28 08:19 - 2013-09-28 08:19 - 00000000 ____D C:\Users\Kochrian\AppData\Roaming\Malwarebytes

2013-09-28 08:19 - 2013-09-28 08:19 - 00000000 ____D C:\ProgramData\Malwarebytes

2013-09-28 08:19 - 2013-09-28 08:19 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware

2013-09-28 08:19 - 2011-01-12 07:50 - 00001124 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job

2013-09-28 08:18 - 2013-09-28 08:18 - 10285040 _____ (Malwarebytes Corporation                                    ) C:\Users\Kochrian\Downloads\mbam-setup-1.75.0.1300.exe

2013-09-28 08:12 - 2009-08-04 01:51 - 00666264 _____ C:\Windows\System32\perfh007.dat

2013-09-28 08:12 - 2009-08-04 01:51 - 00134186 _____ C:\Windows\System32\perfc007.dat

2013-09-28 08:12 - 2009-07-13 21:13 - 01531054 _____ C:\Windows\System32\PerfStringBackup.INI

2013-09-28 07:29 - 2012-03-05 07:52 - 00003942 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{D171BCEA-83EC-4107-A51D-3DA7F51206A8}

2013-09-27 05:02 - 2013-09-27 05:02 - 01042066 _____ C:\Users\Kochrian\Downloads\adwcleaner.exe

2013-09-26 19:43 - 2013-09-26 19:43 - 00000000 ____D C:\FRST

2013-09-25 06:58 - 2013-09-22 13:10 - 00000000 ____D C:\Program Files\Recuva

2013-09-25 06:41 - 2013-09-22 13:10 - 00001704 _____ C:\Users\Public\Desktop\Recuva.lnk

2013-09-23 05:09 - 2011-12-10 08:13 - 01517056 ___SH C:\Users\Kochrian\Desktop\Thumbs.db

2013-09-22 13:14 - 2013-09-22 13:14 - 00000000 ____D C:\Users\Kochrian\Desktop\Wiederherstellung

2013-09-22 13:14 - 2011-11-03 14:55 - 00000000 ____D C:\users\Kochrian

2013-09-22 13:09 - 2013-09-22 13:09 - 03844296 _____ (Piriform Ltd) C:\Users\Kochrian\Downloads\rcsetup148.exe

2013-09-22 08:46 - 2013-09-22 08:46 - 00001061 _____ C:\Users\Public\Desktop\CardRecovery.lnk

2013-09-22 08:46 - 2013-09-22 08:46 - 00000000 ____D C:\Program Files (x86)\CardRecovery

2013-09-22 08:45 - 2013-09-22 08:45 - 00851400 _____ (WinRecovery Software                                        ) C:\Users\Kochrian\Downloads\cardrecovery_setup_de.exe

2013-09-22 07:10 - 2012-04-06 04:27 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe

2013-09-22 07:10 - 2012-04-06 04:27 - 00003822 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater

2013-09-22 07:10 - 2011-11-23 10:45 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl

2013-09-14 21:12 - 2011-06-07 11:32 - 00002014 _____ C:\Windows\System32\AutoRunFilter.ini

2013-09-14 15:00 - 2013-09-14 15:00 - 00000000 ____D C:\ProgramData\T-Online

2013-09-14 14:58 - 2013-09-14 14:58 - 00000000 ____D C:\Program Files (x86)\DSL-Manager

2013-09-14 14:58 - 2011-01-12 07:48 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information

2013-09-14 14:57 - 2013-09-14 14:57 - 04118552 _____ (T-Online                                                    ) C:\Users\Kochrian\Downloads\DSL-Manager_6.9.exe

2013-09-12 19:30 - 2009-07-13 20:45 - 00302312 _____ C:\Windows\System32\FNTCACHE.DAT

2013-09-12 15:55 - 2013-08-14 14:44 - 00000000 ____D C:\Windows\System32\MRT

2013-09-12 15:55 - 2011-11-04 09:42 - 01558672 _____ C:\Windows\SysWOW64\PerfStringBackup.INI

2013-09-12 15:55 - 2011-11-04 09:42 - 00000000 ____D C:\Program Files (x86)\Microsoft Application Virtualization Client

2013-09-12 15:52 - 2012-08-13 19:39 - 79143768 _____ (Microsoft Corporation) C:\Windows\System32\MRT.exe

2013-09-12 15:47 - 2013-04-21 16:16 - 00040174 _____ C:\Users\Kochrian\Desktop\Siedler.xlsx

2013-09-12 15:47 - 2011-11-04 09:42 - 00000000 ____D C:\Users\Kochrian\AppData\Roaming\SoftGrid Client

2013-09-09 13:52 - 2013-08-04 05:49 - 00000000 ____D C:\Users\Kochrian\Desktop\skylander

2013-09-07 13:15 - 2012-03-26 18:51 - 00000000 ____D C:\Users\Kochrian\AppData\Local\CrashDumps
 

Some content of TEMP:

====================

C:\Users\Kochrian\AppData\Local\Temp\GdiPlus.dll

C:\Users\Kochrian\AppData\Local\Temp\IminentSetup.exe

C:\Users\Kochrian\AppData\Local\Temp\InstallerMessageBox.exe

C:\Users\Kochrian\AppData\Local\Temp\NPSInstallerProxy.exe

C:\Users\Kochrian\AppData\Local\Temp\NPSInstallerProxyMessageBoxHookDll.dll

C:\Users\Kochrian\AppData\Local\Temp\Quarantine.exe

C:\Users\Kochrian\AppData\Local\Temp\sfamcc00001.dll

C:\Users\Kochrian\AppData\Local\Temp\sfextra.dll

C:\Users\Kochrian\AppData\Local\Temp\uninst1.exe

C:\Users\Kochrian\AppData\Local\Temp\Uninstaller-1776.exe

C:\Users\Kochrian\AppData\Local\Temp\war3_Install.exe
 
 

==================== Known DLLs (Whitelisted) ================
 
 

==================== Bamital & volsnap Check =================
 

C:\Windows\System32\winlogon.exe => MD5 is legit

C:\Windows\System32\wininit.exe => MD5 is legit

C:\Windows\SysWOW64\wininit.exe => MD5 is legit

C:\Windows\explorer.exe => MD5 is legit

C:\Windows\SysWOW64\explorer.exe => MD5 is legit

C:\Windows\System32\svchost.exe => MD5 is legit

C:\Windows\SysWOW64\svchost.exe => MD5 is legit

C:\Windows\System32\services.exe => MD5 is legit

C:\Windows\System32\User32.dll => MD5 is legit

C:\Windows\SysWOW64\User32.dll => MD5 is legit

C:\Windows\System32\userinit.exe => MD5 is legit

C:\Windows\SysWOW64\userinit.exe => MD5 is legit

C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
 

==================== EXE ASSOCIATION =====================
 

HKLM\...\.exe: exefile => OK

HKLM\...\exefile\DefaultIcon: %1 => OK

HKLM\...\exefile\open\command: "%1" %* => OK
 

==================== Restore Points  =========================
 

5

Restore point made on: 2013-09-14 14:58:23

Restore point made on: 2013-09-14 14:59:38

Restore point made on: 2013-09-17 02:31:34

Restore point made on: 2013-09-22 06:50:34

Restore point made on: 2013-09-27 04:59:10
 

==================== Memory info =========================== 
 

Percentage of memory in use: 15%

Total physical RAM: 4007.77 MB

Available physical RAM: 3396.75 MB

Total Pagefile: 4005.92 MB

Available Pagefile: 3400.05 MB

Total Virtual: 8192 MB

Available Virtual: 8191.88 MB
 

==================== Drives ================================
 

Drive c: (OS) (Fixed) (Total:125.03 GB) (Free:11.32 GB) NTFS ==>[System with boot components (obtained from reading drive)]

Drive d: (Data) (Fixed) (Total:148.06 GB) (Free:128.56 GB) NTFS

Drive f: (USB Disk) (Removable) (Total:3.73 GB) (Free:0.4 GB) FAT32

Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
 

==================== MBR & Partition Table ==================
 

========================================================

Disk: 0 (MBR Code: Windows 7 or 8) (Size: 298 GB) (Disk ID: 343771F7)

Partition 1: (Not Active) - (Size=25 GB) - (Type=1C)

Partition 2: (Active) - (Size=125 GB) - (Type=07 NTFS)

Partition 3: (Not Active) - (Size=148 GB) - (Type=OF Extended)
 

========================================================

Disk: 1 (MBR Code: Windows XP) (Size: 4 GB) (Disk ID: C3072E18)

Partition 1: (Active) - (Size=4 GB) - (Type=0C)
 
 

LastRegBack: 2013-09-07 02:04
 

==================== End Of Log ============================

--- --- ---

--- --- ---

Gruß Alexandra

FRST bittte vom Desktop aus ausführen.

ESET Online Scanner

Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
Lade und starte Eset Online Scanner
Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
Klicke auf Starten.
Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
Klicke am Ende des Suchlaufs auf Fertig stellen.
Schließe das Fenster von ESET.
Explorer öffnen.
C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
Logfile hier posten.
Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset

Downloade Dir bitte

SecurityCheck und:

Speichere es auf dem Desktop.
Starte SecurityCheck.exe und folge den Anweisungen in der DOS-Box.
Wenn der Scan beendet wurde sollte sich ein Textdokument (checkup.txt) öffnen.

Poste den Inhalt bitte hier.

und ein frisches FRST log bitte. Noch Probleme? :)

Kann es sein, dass ich was falsch mache. Ich habe zwar in verschiedenen Threads schon gelesen das ESET Stunden dauern kann. Aber ich habe es die Nacht gestartet, heute morgen vor der Arbeit war er dann bei 31 % und als ich jetzt nach 10 weiteren Stunden (nach der Arbeit) auf meinen Laptop gesehen habe ist er immer noch bei 31 %. Er scheint zwar Dateien zu untersuchen, aber ich bin trotzdem etwas besorgt, hier was falsch gemacht zu haben.

Ich bitte um kurze Rückmeldung. Bin zur Zeit am PC, Läppi läuft solange noch weiter :confused:

Nun ist ESET durch, ich hoffe es ist alles richtig gelaufen. Er ist zwischen 15 und 16 Stunden gelaufen, stand bei 32 %, dann wurde der Bildschirm dunkel, als ich eine Taste gedrückt hatte, ging der Bildschirm wieder an und ESET war plötzlich "fertig". Auf jeden Fall hatte es aufgehört Dateien zu laden/untersuchen. Aber einen "Finish-Button" gab es nicht. War nur ein "Back-Button" da. Habe dann über das rote Kreuz geschlossen. Wenn ich was falsch gemacht habe, bitte schimpfen.

Hier der ESET Logfile: (1 Trojaner gefunden)

Code:

ESETSmartInstaller@High as downloader log:

all ok

# version=8

# OnlineScannerApp.exe=1.0.0.1

# OnlineScanner.ocx=1.0.0.6920

# api_version=3.0.2

# EOSSerial=d20f32e38a1b8143a21aa1cff08e71b2

# engine=15302

# end=stopped

# remove_checked=false

# archives_checked=true

# unwanted_checked=false

# unsafe_checked=false

# antistealth_checked=true

# utc_time=2013-09-30 02:59:27

# local_time=2013-09-30 04:59:27 (+0100, Mitteleuropäische Sommerzeit)

# country="Germany"

# lang=1033

# osver=6.1.7601 NT Service Pack 1

# compatibility_mode=5893 16776573 100 94 162417 132183017 0 0

# scanned=837791

# found=1

# cleaned=0

# scan_time=58887

sh=6C17E536D937DA9FC17C0D2A99D7820AE92920E5 ft=1 fh=a3507309ada0808f vn="a variant of Win32/Kryptik.BLGM trojan" ac=I fn="C:\FRST\Quarantine\cache.dat"

Hier das Textdokument von SecureCheck:

Code:

 Results of screen317's Security Check version 0.99.73  

 Windows 7 Service Pack 1 x64 (UAC is enabled)  

 Internet Explorer 10  
 ``````````````Antivirus/Firewall Check:`````````````` 

Kaspersky Anti-Virus   

 Antivirus up to date!   
 `````````Anti-malware/Other Utilities Check:````````` 

 Malwarebytes Anti-Malware Version 1.75.0.1300  

 Adobe Flash Player 11.8.800.168  

 Mozilla Firefox (23.0.1) 

 Google Chrome 24.0.1312.56  

 Google Chrome 24.0.1312.57  
 ````````Process Check: objlist.exe by Laurent````````  

 Malwarebytes Anti-Malware mbamservice.exe  

 Malwarebytes Anti-Malware mbamgui.exe  

 Kaspersky Lab Kaspersky Anti-Virus 2013 avp.exe  

 Malwarebytes' Anti-Malware mbamscheduler.exe   
 `````````````````System Health check````````````````` 

 Total Fragmentation on Drive C:  
 ````````````````````End of Log``````````````````````

FRST (vom Desktop aus gestartet):

Code:

 Results of screen317's Security Check version 0.99.73  

 Windows 7 Service Pack 1 x64 (UAC is enabled)  

 Internet Explorer 10  
 ``````````````Antivirus/Firewall Check:`````````````` 

Kaspersky Anti-Virus   

 Antivirus up to date!   
 `````````Anti-malware/Other Utilities Check:````````` 

 Malwarebytes Anti-Malware Version 1.75.0.1300  

 Adobe Flash Player 11.8.800.168  

 Mozilla Firefox (23.0.1) 

 Google Chrome 24.0.1312.56  

 Google Chrome 24.0.1312.57  
 ````````Process Check: objlist.exe by Laurent````````  

 Malwarebytes Anti-Malware mbamservice.exe  

 Malwarebytes Anti-Malware mbamgui.exe  

 Kaspersky Lab Kaspersky Anti-Virus 2013 avp.exe  

 Malwarebytes' Anti-Malware mbamscheduler.exe   
 `````````````````System Health check````````````````` 

 Total Fragmentation on Drive C:  
 ````````````````````End of Log``````````````````````

Addidition:

Code:

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 26-09-2013

Ran by Kochrian at 2013-09-30 19:52:05

Running from C:\Users\Kochrian\Desktop

Boot Mode: Normal

==========================================================
 
 

==================== Security Center ========================
 

AV: Kaspersky Anti-Virus (Enabled - Up to date) {C3113FBF-4BCB-4461-D78D-6EDFEC9593E5}

AS: Kaspersky Anti-Virus (Enabled - Up to date) {7870DE5B-6DF1-4BEF-ED3D-55AD9712D958}

AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 

==================== Installed Programs ======================
 

Adobe Flash Player 11 ActiveX (x32 Version: 11.8.800.175)

Adobe Flash Player 11 Plugin (x32 Version: 11.8.800.168)

AFPL Ghostscript 8.11 (x32)

AFPL Ghostscript Fonts (x32)

ASUS AI Recovery (x32 Version: 1.0.13)

ASUS FancyStart (x32 Version: 1.0.8)

ASUS K3 Series ScreenSaver (x32 Version: 1.0.0002)

ASUS LifeFrame3 (x32 Version: 3.0.20)

ASUS Live Update (x32 Version: 3.0.6)

ASUS Power4Gear Hybrid (Version: 1.1.43)

ASUS SmartLogon (x32 Version: 1.0.0011)

ASUS Splendid Video Enhancement Technology (x32 Version: 1.02.0030)

ASUS Virtual Camera (x32 Version: 1.0.21)

ASUS WebStorage (x32 Version: 2.0.46.1429)

AsusVibe2.0 (x32 Version: 2.0.3.585)

ATK Package (x32 Version: 1.0.0008)

Bing Rewards Client Installer (x32 Version: 16.0.345.0)

Bookworm Deluxe (x32)

CardRecovery 6.00 (x32)

Cars Toon (x32 Version: 1.00.0000)

Complément Messenger (x32 Version: 15.4.3502.0922)

Complemento Messenger (x32 Version: 15.4.3502.0922)

Control ActiveX de Windows Live Mesh para conexiones remotas (x32 Version: 15.4.5722.2)

Contrôle ActiveX Windows Live Mesh pour connexions à distance (x32 Version: 15.4.5722.2)

Controlo ActiveX do Windows Live Mesh para Ligações Remotas (x32 Version: 15.4.5722.2)

CyberLink LabelPrint (x32 Version: 2.5.1908)

CyberLink Power2Go (x32 Version: 6.1.3602c)

D3DX10 (x32 Version: 15.4.2368.0902)

Dropbox (HKCU Version: 2.0.22)

DSL-Manager (x32)

ESET Online Scanner v3 (x32)

Fast Boot (Version: 1.0.10)

FreePDF 2.0 (x32)

FreeRide Games (x32 Version: 07.05.81.02)

Galeria de Fotografias do Windows Live (x32 Version: 15.4.3502.0922)

Galería fotográfica de Windows Live (x32 Version: 15.4.3502.0922)

Galerie de photos Windows Live (x32 Version: 15.4.3502.0922)

Game Park Console (x32 Version: 6.2.1.1)

Google Chrome (x32 Version: 24.0.1312.57)

Governor of Poker (x32)

Hotel Dash Suite Success (x32)

Inkscape 0.48.2 (x32 Version: 0.48.2)

Intel PROSet Wireless

Intel(R) Control Center (x32 Version: 1.2.1.1007)

Intel(R) Processor Graphics (x32 Version: 8.15.10.2291)

Intel(R) PROSet/Wireless WiFi Software (Version: 14.00.0000)

Junk Mail filter update (x32 Version: 15.4.3502.0922)

Kaspersky Anti-Virus 2013 (x32 Version: 13.0.1.4190)

Malwarebytes Anti-Malware Version 1.75.0.1300 (x32 Version: 1.75.0.1300)

Mesh Runtime (x32 Version: 15.4.5722.2)

Messenger Companion (x32 Version: 15.4.3502.0922)

Messenger 分享元件 (x32 Version: 15.4.3502.0922)

Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)

Microsoft .NET Framework 4 Client Profile DEU Language Pack (Version: 4.0.30319)

Microsoft Application Error Reporting (Version: 12.0.6015.5000)

Microsoft Office 2010 (x32 Version: 14.0.4763.1000)

Microsoft Office Klick-und-Los 2010 (Version: 14.0.4763.1000)

Microsoft Office Klick-und-Los 2010 (x32 Version: 14.0.4763.1000)

Microsoft Office Starter 2010 - Deutsch (x32 Version: 14.0.4763.1000)

Microsoft PowerPoint Viewer (x32 Version: 14.0.6029.1000)

Microsoft Silverlight (Version: 5.1.20513.0)

Microsoft SQL Server 2005 Compact Edition [ENU] (x32 Version: 3.1.0000)

Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (x32 Version: 8.0.50727.4053)

Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.61001)

Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.59192)

Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.61000)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (x32 Version: 9.0.30729)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (x32 Version: 9.0.30729)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (x32 Version: 9.0.30729.6161)

Mozilla Firefox 23.0.1 (x86 de) (x32 Version: 23.0.1)

Mozilla Maintenance Service (x32 Version: 23.0.1)

MSVCRT (x32 Version: 15.4.2862.0708)

MSVCRT_amd64 (x32 Version: 15.4.2862.0708)

MSXML 4.0 SP3 Parser (KB2721691) (x32 Version: 4.30.2114.0)

MSXML 4.0 SP3 Parser (KB2758694) (x32 Version: 4.30.2117.0)

MSXML 4.0 SP3 Parser (KB973685) (x32 Version: 4.30.2107.0)

Müller Foto (x32)

Nuance PDF Reader (x32 Version: 6.00.0041)

NVIDIA Control Panel 267.21 (Version: 267.21)

NVIDIA Graphics Driver 267.21 (Version: 267.21)

NVIDIA Install Application (Version: 2.265.39.0)

NVIDIA Optimus 1.0.21 (Version: 1.0.21)

NVIDIA Update Components (Version: 1.0.21)

PDF24 Creator 5.6.0 (x32)

Plants vs Zombies (x32)

Raccolta foto di Windows Live (x32 Version: 15.4.3502.0922)

Realtek Ethernet Controller Driver (x32 Version: 7.38.113.2011)

Realtek High Definition Audio Driver (x32 Version: 6.0.1.6294)

Realtek USB 2.0 Reader Driver (x32 Version: 6.1.7600.10001)

Recuva (Version: 1.48)

SCHLECKER Foto Digital Service (x32)

Sonic Focus (x32 Version: 1.00.0000)

SpeedFan (remove only) (x32)

Synaptics Pointing Device Driver (Version: 15.2.16.1)

syncables desktop SE (x32 Version: 5.5.746.11492)

TeamSpeak 3 Client (x32 Version: 3.0.10)

The Treasures of Montezuma (x32)

Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (x32 Version: 1)

Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (x32 Version: 1)

Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (x32 Version: 1)

Update for Microsoft .NET Framework 4 Client Profile (KB2836939) (x32 Version: 1)

Werksfeuerwehr-Simulator Version 1.0 (x32)

Windows Live Communications Platform (x32 Version: 15.4.3502.0922)

Windows Live Essentials (x32 Version: 15.4.3502.0922)

Windows Live Family Safety (Version: 15.4.3502.0922)

Windows Live Fotogalerie (x32 Version: 15.4.3502.0922)

Windows Live ID Sign-in Assistant (Version: 7.250.4225.0)

Windows Live Installer (x32 Version: 15.4.3502.0922)

Windows Live Language Selector (Version: 15.4.3502.0922)

Windows Live Mail (x32 Version: 15.4.3502.0922)

Windows Live Mesh - ActiveX-besturingselement voor externe verbindingen (x32 Version: 15.4.5722.2)

Windows Live Mesh (x32 Version: 15.4.3502.0922)

Windows Live Mesh ActiveX Control for Remote Connections (x32 Version: 15.4.5722.2)

Windows Live Mesh ActiveX control for remote connections (x32 Version: 15.4.5722.2)

Windows Live Messenger (x32 Version: 15.4.3502.0922)

Windows Live Messenger Companion Core (x32 Version: 15.4.3502.0922)

Windows Live MIME IFilter (Version: 15.4.3502.0922)

Windows Live Movie Maker (x32 Version: 15.4.3502.0922)

Windows Live Photo Common (x32 Version: 15.4.3502.0922)

Windows Live Photo Gallery (x32 Version: 15.4.3502.0922)

Windows Live PIMT Platform (x32 Version: 15.4.3502.0922)

Windows Live Remote Client (Version: 15.4.5722.2)

Windows Live Remote Client Resources (Version: 15.4.5722.2)

Windows Live Remote Service (Version: 15.4.5722.2)

Windows Live Remote Service Resources (Version: 15.4.5722.2)

Windows Live SOXE (x32 Version: 15.4.3502.0922)

Windows Live SOXE Definitions (x32 Version: 15.4.3502.0922)

Windows Live UX Platform (x32 Version: 15.4.3502.0922)

Windows Live UX Platform Language Pack (x32 Version: 15.4.3502.0922)

Windows Live Writer (x32 Version: 15.4.3502.0922)

Windows Live Writer Resources (x32 Version: 15.4.3502.0922)

Windows Live 影像中心 (x32 Version: 15.4.3502.0922)

Windows Live 程式集 (x32 Version: 15.4.3502.0922)

WinFlash (x32 Version: 2.31.0)

Wireless Console 3 (x32 Version: 3.0.19)

World of Goo (x32)

Στοιχείο ελέγχου ActiveX του Windows Live Mesh για απομακρυσμένες συνδέσεις (x32 Version: 15.4.5722.2)

Συλλογή φωτογραφιών του Windows Live (x32 Version: 15.4.3502.0922)

גלריית התמונות של Windows Live (x32 Version: 15.4.3502.0922)

מסייע Messenger (x32 Version: 15.4.3502.0922)

פקד ActiveX של Windows Live Mesh עבור חיבורים מרוחקים (x32 Version: 15.4.5722.2)

適用遠端連線的 Windows Live Mesh ActiveX 控制項 (x32 Version: 15.4.5722.2)
 

==================== Restore Points  =========================
 

14-09-2013 22:57:56 Installiert DSL-Manager

14-09-2013 22:58:49 Gerätetreiber-Paketinstallation: T-Systems Netzwerkdienst

17-09-2013 10:31:07 Windows Update

22-09-2013 14:49:44 Windows Update

27-09-2013 12:58:44 Windows Update
 

==================== Hosts content: ==========================
 

2009-07-14 04:34 - 2009-06-10 23:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
 

==================== Scheduled Tasks (whitelisted) =============
 

Task: {045C44BC-FD9A-4421-B561-3DF971349815} - System32\Tasks\AIRecoveryRemind => C:\Program Files (x86)\ASUS\AI Recovery\AIRecoveryRemind.exe [2010-12-18] (ASUSTek Computer Inc.)

Task: {13686F7C-7A77-4C02-B642-FE3898593DEA} - System32\Tasks\User_Feed_Synchronization-{D171BCEA-83EC-4107-A51D-3DA7F51206A8} => C:\Windows\system32\msfeedssync.exe [2013-06-05] (Microsoft Corporation)

Task: {2A76B436-98CB-438A-9A70-5269D6F8CCDB} - System32\Tasks\CreateChoiceProcessTask => C:\Windows\System32\browserchoice.exe [2010-02-23] (Microsoft Corporation)

Task: {2E83376D-9965-4B1B-AF80-C4ADBF1DBF19} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc

Task: {42151598-A221-4401-835B-2700E8F102C5} - System32\Tasks\ASUS SmartLogon Console Sensor => C:\Program Files (x86)\ASUS\SmartLogon\sensorsrv.exe [2010-11-15] (ASUS)

Task: {44225246-C20D-4DA0-BEB1-42E680A2FA79} - System32\Tasks\ASUS P4G => C:\Program Files\P4G\BatteryLife.exe [2010-12-02] (ASUS)

Task: {6454799E-A467-4F70-881E-4C5B66B78103} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-01-12] (Google Inc.)

Task: {6DA7E1F6-70E7-4B51-A0E3-09856B065EE2} - System32\Tasks\ATKOSD2 => C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe [2010-08-17] (ASUS)

Task: {94B7BE14-469B-459F-8120-D355EB1A6812} - System32\Tasks\ACMON => C:\Program Files (x86)\ASUS\Splendid\ACMON.exe [2010-08-02] (ASUS)

Task: {C12012C5-397F-4104-98C2-396321DCF603} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-01-12] (Google Inc.)

Task: {EC2A812B-EC63-42CE-BA2D-2DFC1D5D375C} - System32\Tasks\Microsoft\Windows\MUI\Lpksetup => C:\Windows\System32\lpksetup.exe [2010-11-20] (Microsoft Corporation)

Task: {EFA2C2B9-2A31-4B13-AA8F-D25AC8E987BF} - System32\Tasks\ASUS Live Update => C:\Program Files (x86)\ASUS\ASUS Live Update\LiveUpdate.exe [2011-08-31] (ASUSTeK Computer Inc.)

Task: {F8D29D3F-162F-43DA-A367-8430B872F303} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-09-22] (Adobe Systems Incorporated)

Task: {FCBCC3A8-C415-45C8-9A91-F4BD7661E82F} - System32\Tasks\Microsoft\Windows\Windows Activation Technologies\ValidationTask => C:\Windows\system32\Wat\WatAdminSvc.exe [2012-03-10] (Microsoft Corporation)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
 

==================== Loaded Modules (whitelisted) =============
 

2011-06-07 21:18 - 2011-02-21 10:07 - 00226920 _____ (NVIDIA Corporation) C:\Windows\system32\nvinitx.dll

2013-04-05 00:12 - 2013-04-05 00:12 - 00164016 _____ (Dropbox, Inc.) C:\Users\Kochrian\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll

2011-04-22 09:38 - 2011-01-27 02:25 - 00286720 _____ (Intel Corporation) C:\Windows\system32\igfxrDEU.lrc

2009-10-26 05:38 - 2009-10-26 05:38 - 00221184 _____ ( ) C:\Program Files (x86)\ASUS\ASUS WebStorage\LogicNP.EZNamespaceExtensions.dll

2010-03-16 03:48 - 2010-03-16 03:48 - 00148816 _____ () C:\Program Files (x86)\ASUS\ASUS WebStorage\EcaremeDLL.dll

2011-01-12 18:01 - 2011-01-12 18:01 - 00030032 _____ () C:\Windows\assembly\GAC_MSIL\SqliteShared\1.0.3726.20828__0d0f4b69e50e559b\SqliteShared.dll

2011-01-12 18:01 - 2011-01-12 18:01 - 00931840 _____ () C:\Windows\assembly\GAC_64\System.Data.SQLite\1.0.60.0__db937bc2d44ff139\System.Data.SQLite.dll

2011-02-18 21:19 - 2011-02-18 21:19 - 00061032 _____ (NVIDIA Corporation) C:\Windows\system32\nvshext.dll

2009-03-02 04:07 - 2009-03-02 04:07 - 00200704 _____ ( ) C:\Program Files (x86)\ASUS\ASUS WebStorage\LogicNP.EZShellExtensions.dll

2010-07-15 01:11 - 2010-07-15 01:11 - 00031360 _____ () C:\Program Files\P4G\DevMng.dll

2011-06-07 21:18 - 2011-02-21 10:07 - 02206312 _____ (NVIDIA Corporation) C:\Windows\system32\nvapi64.dll

2010-04-03 04:21 - 2008-10-01 08:08 - 00011264 _____ () C:\Program Files (x86)\ASUS\Splendid\GLCDdll.dll

2009-10-29 05:02 - 2009-10-29 05:02 - 00004096 _____ ( ) C:\Program Files (x86)\ASUS\ASUS WebStorage\SERVICE\Interop.SIMPLEAESLib.dll

2009-11-06 20:18 - 2009-11-06 20:18 - 00004096 _____ ( ) C:\Program Files (x86)\ASUS\ASUS WebStorage\SERVICE\Interop.SimpleAES64Lib.dll

2011-04-22 09:38 - 2011-01-27 02:11 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll

2011-06-07 21:21 - 2010-11-03 12:30 - 00149608 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtkCfg64.dll

2011-06-07 21:21 - 2011-01-18 09:32 - 02838120 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtkAPO64.dll

2011-04-22 09:36 - 2011-03-04 05:40 - 00057640 _____ () C:\Program Files\Synaptics\SynTP\SynTPEnhPS.dll

2010-11-02 21:58 - 2010-11-02 21:58 - 01501696 _____ () C:\Program Files\Common Files\Intel\WirelessCommon\LIBEAY32.dll

2013-09-12 21:29 - 2013-08-02 03:51 - 01292192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll

2013-09-12 21:29 - 2013-08-02 03:50 - 01114112 _____ (Microsoft Corporation) C:\Windows\syswow64\kernel32.dll

2013-09-12 21:29 - 2013-08-02 03:50 - 00274944 _____ (Microsoft Corporation) C:\Windows\syswow64\KERNELBASE.dll

2012-02-15 11:31 - 2011-12-16 09:52 - 00690688 _____ (Microsoft Corporation) C:\Windows\syswow64\msvcrt.dll

2013-08-14 16:35 - 2013-07-09 06:52 - 00663552 _____ (Microsoft Corporation) C:\Windows\syswow64\RPCRT4.dll

2012-07-11 02:38 - 2012-06-02 06:34 - 00096768 _____ (Microsoft Corporation) C:\Windows\syswow64\SspiCli.dll

2009-07-14 01:12 - 2009-07-14 03:15 - 00036864 _____ (Microsoft Corporation) C:\Windows\syswow64\CRYPTBASE.dll

2009-07-14 01:11 - 2009-07-14 03:16 - 00092160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sechost.dll

2011-11-05 18:12 - 2010-11-20 14:08 - 00833024 _____ (Microsoft Corporation) C:\Windows\syswow64\USER32.dll

2011-11-05 18:12 - 2010-11-20 14:08 - 00311296 _____ (Microsoft Corporation) C:\Windows\syswow64\GDI32.dll

2009-07-14 01:25 - 2009-07-14 03:11 - 00025600 _____ (Microsoft Corporation) C:\Windows\syswow64\LPK.dll

2013-01-09 15:19 - 2012-11-22 06:45 - 00626688 _____ (Microsoft Corporation) C:\Windows\syswow64\USP10.dll

2011-11-05 18:12 - 2010-11-20 14:18 - 00640512 _____ (Microsoft Corporation) C:\Windows\syswow64\ADVAPI32.dll

2009-07-14 01:28 - 2009-07-14 03:15 - 00828928 _____ (Microsoft Corporation) C:\Windows\syswow64\MSCTF.dll

2011-06-07 21:18 - 2011-02-21 10:07 - 00192616 _____ (NVIDIA Corporation) c:\windows\syswow64\nvinit.dll

2011-11-05 18:12 - 2010-11-20 14:20 - 01414144 _____ (Microsoft Corporation) C:\Windows\syswow64\ole32.dll

2011-11-05 18:12 - 2010-11-20 14:21 - 01667584 _____ (Microsoft Corporation) C:\Windows\syswow64\SETUPAPI.dll

2011-11-04 18:50 - 2011-05-24 12:39 - 00145920 _____ (Microsoft Corporation) C:\Windows\syswow64\CFGMGR32.dll

2011-11-04 18:50 - 2011-08-27 06:26 - 00571904 _____ (Microsoft Corporation) C:\Windows\syswow64\OLEAUT32.dll

2011-11-04 18:50 - 2011-05-24 12:40 - 00064512 _____ (Microsoft Corporation) C:\Windows\syswow64\DEVOBJ.dll

2013-08-14 16:36 - 2013-07-09 06:46 - 01166848 _____ (Microsoft Corporation) C:\Windows\syswow64\CRYPT32.dll

2011-11-05 18:12 - 2010-11-20 14:19 - 00034304 _____ (Microsoft Corporation) C:\Windows\syswow64\MSASN1.dll

2013-09-12 21:29 - 2013-07-26 03:55 - 12872704 _____ (Microsoft Corporation) C:\Windows\syswow64\SHELL32.dll

2011-11-05 18:12 - 2010-11-20 14:21 - 00350208 _____ (Microsoft Corporation) C:\Windows\syswow64\SHLWAPI.dll

2013-08-14 16:36 - 2013-07-09 06:52 - 00175104 _____ (Microsoft Corporation) C:\Windows\syswow64\WINTRUST.dll

2009-07-14 01:12 - 2009-07-14 03:16 - 00008704 _____ (Microsoft Corporation) C:\Windows\syswow64\NSI.dll

2011-11-05 18:12 - 2010-11-20 14:21 - 00206848 _____ (Microsoft Corporation) C:\Windows\syswow64\WS2_32.dll

2012-08-17 21:39 - 2012-08-17 21:39 - 00285112 _____ (The cURL library, hxxp://curl.haxx.se/) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\libcurl.dll

2011-11-05 18:12 - 2010-11-20 14:21 - 00269824 _____ (Microsoft Corporation) C:\Windows\syswow64\WLDAP32.dll

2013-02-28 16:46 - 2013-02-28 16:46 - 01310136 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\kpcengine.2.2.dll

2009-07-14 01:15 - 2009-07-14 03:16 - 00006144 _____ (Microsoft Corporation) C:\Windows\syswow64\PSAPI.DLL

2013-05-20 01:51 - 2013-09-10 12:59 - 00369344 _____ (Kaspersky Lab ZAO) C:\ProgramData\Kaspersky Lab\AVP13\Bases\Cache\uds.dll.7d02d20a9bb6867c09459f116feac15d

2013-07-29 12:36 - 2013-07-29 12:36 - 00469184 _____ (Kaspersky Lab ZAO) C:\ProgramData\Kaspersky Lab\AVP13\Bases\Cache\avengine.dll.988476f8400a3c2f30987a0ab095a448

2013-09-12 15:07 - 2013-09-12 15:07 - 00573248 _____ (Kaspersky Lab ZAO) C:\ProgramData\Kaspersky Lab\AVP13\Bases\Cache\kavbase.kdl.ca5225ac5405c403781a75194ac31db6

2013-07-17 10:23 - 2013-07-17 10:23 - 01632256 _____ (Kaspersky Lab ZAO) C:\ProgramData\Kaspersky Lab\AVP13\Bases\Cache\klavemu.kdl.33d4094a21b474c84fafe37780a1ac43

2013-06-13 14:24 - 2013-06-13 14:24 - 00273408 _____ (Kaspersky Lab ZAO) C:\ProgramData\Kaspersky Lab\AVP13\Bases\Cache\kjim.kdl.01795aedfa570a09106a387e4ef34e1b

2013-05-20 01:59 - 2013-05-20 01:59 - 00151552 _____ (Kaspersky Lab ZAO) C:\ProgramData\Kaspersky Lab\AVP13\Bases\Cache\mark.kdl.fed411a74cc5c5dac6ac7d81339fc781

2012-04-13 00:36 - 2012-03-01 07:33 - 00159232 _____ (Microsoft Corporation) C:\Windows\syswow64\imagehlp.dll

2013-05-20 01:59 - 2013-05-20 01:59 - 00178008 _____ (Kaspersky Lab ZAO) C:\ProgramData\Kaspersky Lab\AVP13\Bases\Cache\vlns.kdl.317df7c0eff0939e6289f5c72f65ba51

2013-06-27 14:43 - 2013-06-27 14:43 - 00436736 _____ (Kaspersky Lab ZAO) C:\ProgramData\Kaspersky Lab\AVP13\Bases\Cache\qscan.kdl.dd55bf01982b299cb867acad1944e6b6

2013-05-20 02:25 - 2013-05-20 02:25 - 00435712 _____ (Kaspersky Lab ZAO) C:\ProgramData\Kaspersky Lab\AVP13\Bases\Cache\pbs.kdl.41dc267440bc79cb8c2216bd28f1f254

2013-09-13 01:55 - 2013-08-10 05:59 - 01767936 _____ (Microsoft Corporation) C:\Windows\syswow64\WININET.dll

2009-07-14 01:15 - 2009-07-14 03:09 - 00002048 _____ (Microsoft Corporation) C:\Windows\syswow64\normaliz.DLL

2013-09-13 01:55 - 2013-08-10 05:58 - 02048000 _____ (Microsoft Corporation) C:\Windows\syswow64\iertutil.dll

2011-11-05 18:12 - 2010-11-20 14:18 - 00485888 _____ (Microsoft Corporation) C:\Windows\syswow64\comdlg32.dll

2013-06-27 14:43 - 2013-06-27 14:43 - 00177664 _____ (Kaspersky Lab ZAO) C:\ProgramData\Kaspersky Lab\AVP13\Bases\Cache\kavsys.kdl.4bd2ce1e2c86bab49c5e56e0c6501110

2013-05-20 02:00 - 2013-05-20 02:00 - 00038400 _____ (Kaspersky Lab ZAO) C:\ProgramData\Kaspersky Lab\AVP13\Bases\Cache\arkmon.kdl.92baa7debedc6ebe803bc14bc5180ab3

2013-05-20 01:51 - 2013-02-15 18:18 - 00374144 _____ (Kaspersky Lab ZAO) C:\ProgramData\Kaspersky Lab\AVP13\Bases\Cache\pdm.kdl.be99d2031eb3aa6699eecce74df88b01

2013-06-05 13:14 - 2013-06-05 13:14 - 00435712 _____ (Kaspersky Lab ZAO) C:\ProgramData\Kaspersky Lab\AVP13\Bases\Cache\bsshlp2.kdl.904c718bbe32f92d8d0c4c679ec8a7ac

2009-07-14 01:33 - 2009-07-14 03:17 - 00249680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\bcryptprimitives.dll

2009-07-14 01:44 - 2009-07-14 03:15 - 00522240 _____ (Microsoft Corporation) C:\Windows\syswow64\CLBCatQ.DLL

2013-05-20 01:51 - 2013-08-14 10:52 - 00140288 _____ (Kaspersky Lab ZAO) C:\ProgramData\Kaspersky Lab\AVP13\Bases\sys_critical_obj.dll

2013-05-20 01:51 - 2013-07-30 13:47 - 01015488 _____ (Kaspersky Lab ZAO) C:\ProgramData\Kaspersky Lab\AVP13\Bases\Cache\klavasyswatch.dll.e4b9effad09c619818171c46eb660532

2012-07-11 02:38 - 2012-06-02 06:40 - 00225280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll

2013-09-13 01:55 - 2013-08-10 05:59 - 01141248 _____ (Microsoft Corporation) C:\Windows\syswow64\urlmon.dll

2011-11-05 18:12 - 2010-11-20 14:19 - 00257024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.DLL

2009-11-03 00:20 - 2009-11-03 00:20 - 00619816 _____ () C:\Program Files (x86)\CyberLink\Power2Go\CLMediaLibrary.dll

2009-11-03 00:23 - 2009-11-03 00:23 - 00013096 _____ () C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvcPS.dll

2013-09-12 21:29 - 2013-08-02 03:50 - 01114112 _____ (Microsoft Corporation) C:\Windows\syswow64\KERNEL32.dll

2013-09-12 21:29 - 2013-07-26 03:55 - 12872704 _____ (Microsoft Corporation) C:\Windows\syswow64\shell32.dll

2011-08-31 16:33 - 2011-08-31 16:33 - 00208384 _____ () C:\Program Files (x86)\ASUS\ASUS Live Update\alvupdt.dll

2012-07-11 02:38 - 2012-06-02 06:34 - 00096768 _____ (Microsoft Corporation) C:\Windows\syswow64\SSPICLI.DLL

2011-11-05 18:11 - 2010-11-20 14:08 - 00119808 _____ (Microsoft Corporation) C:\Windows\syswow64\IMM32.dll

2009-07-14 01:29 - 2009-07-14 03:16 - 00021504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qmgrprxy.dll

2005-09-22 02:30 - 2005-09-22 02:30 - 00036864 _____ (ATK) C:\Program Files (x86)\ASUS\Wireless Console 3\inter_f2.dll

2005-01-13 09:36 - 2005-01-13 09:36 - 00303104 _____ (Silicon Integrated Systems Corp.) C:\Program Files (x86)\ASUS\Wireless Console 3\SiSPkt.dll

2013-01-14 00:30 - 2001-08-18 15:00 - 01355776 _____ (Microsoft Corporation) C:\Windows\system\MSVBVM50.DLL

2011-06-07 21:18 - 2011-02-21 10:07 - 00004096 _____ () C:\Program Files (x86)\NVIDIA Corporation\CoProcManager\detoured.dll

2012-08-17 21:39 - 2012-08-17 21:39 - 02321336 _____ (Digia Plc) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\QtCore4.dll

2012-08-17 21:39 - 2012-08-17 21:39 - 02289080 _____ (Digia Plc) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\QtDeclarative4.dll

2012-08-17 21:40 - 2012-08-17 21:40 - 01296824 _____ (Digia Plc) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\QtScript4.dll

2012-08-17 21:39 - 2012-08-17 21:39 - 00182200 _____ (Digia Plc) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\QtSql4.dll

2012-08-17 21:40 - 2012-08-17 21:40 - 07269816 _____ (Digia Plc) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\QtGui4.dll

2011-11-05 18:12 - 2010-11-20 14:18 - 00485888 _____ (Microsoft Corporation) C:\Windows\syswow64\COMDLG32.dll

2012-08-17 21:40 - 2012-08-17 21:40 - 02051512 _____ (Digia Plc) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\QtNetwork4.dll

2012-08-17 21:38 - 2012-08-17 21:38 - 00479160 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\dblite.dll

2012-08-17 21:40 - 2012-08-17 21:40 - 00034232 _____ (Digia Plc) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\imageformats\qgif4.dll

2012-08-17 21:40 - 2012-08-17 21:40 - 00036792 _____ (Digia Plc) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\imageformats\qico4.dll

2012-08-17 21:40 - 2012-08-17 21:40 - 00189368 _____ (Digia Plc) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\imageformats\qjpeg4.dll

2013-07-10 00:02 - 2013-06-10 12:08 - 00057384 _____ (Geek Software GmbH) C:\Program Files (x86)\PDF24\Settings.dll

2013-07-10 00:02 - 2013-06-10 12:08 - 00395304 _____ (Geek Software GmbH) C:\Program Files (x86)\PDF24\NotifyIcon.dll

2013-07-10 00:02 - 2013-06-10 12:08 - 00047144 _____ (Geek Software GmbH) C:\Program Files (x86)\PDF24\Language.dll

2013-07-10 00:02 - 2013-06-10 12:08 - 00383016 _____ (Geek Software GmbH) C:\Program Files (x86)\PDF24\About.dll

2009-07-14 01:15 - 2009-07-14 03:16 - 00006144 _____ (Microsoft Corporation) C:\Windows\syswow64\Psapi.dll

2012-11-14 01:32 - 2012-11-14 01:32 - 03558400 _____ (wxWidgets development team) C:\Users\Kochrian\AppData\Roaming\Dropbox\bin\wxmsw28uh_vc.dll

2013-08-14 16:36 - 2013-07-09 06:46 - 01166848 _____ (Microsoft Corporation) C:\Windows\syswow64\Crypt32.DLL

2009-07-14 01:53 - 2009-07-14 03:15 - 00462848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\FirewallAPI.dll

2013-03-13 22:48 - 2013-03-13 22:48 - 24978944 _____ () C:\Users\Kochrian\AppData\Roaming\Dropbox\bin\libcef.dll

2013-03-13 22:48 - 2013-03-13 22:48 - 09956864 _____ (The ICU Project) C:\Users\Kochrian\AppData\Roaming\Dropbox\bin\icudt.dll

2011-11-05 18:12 - 2010-11-20 14:08 - 00833024 _____ (Microsoft Corporation) C:\Windows\syswow64\user32.DLL

2011-11-05 18:12 - 2010-11-20 14:21 - 00350208 _____ (Microsoft Corporation) C:\Windows\syswow64\shlwapi.DLL

2011-11-05 18:12 - 2010-11-20 14:18 - 00640512 _____ (Microsoft Corporation) C:\Windows\syswow64\advapi32.DLL

2013-09-12 21:29 - 2013-07-26 03:55 - 12872704 _____ (Microsoft Corporation) C:\Windows\syswow64\shell32.DLL

2011-11-05 18:12 - 2010-11-20 14:20 - 01414144 _____ (Microsoft Corporation) C:\Windows\syswow64\ole32.DLL

2013-09-13 01:55 - 2013-08-10 05:58 - 02876928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll

2009-07-14 01:27 - 2009-07-14 03:16 - 00561664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\uiautomationcore.dll

2011-11-05 18:12 - 2010-11-20 14:18 - 00309760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\actxprxy.dll

2013-08-17 11:26 - 2013-08-17 11:26 - 03551640 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll

2009-07-14 02:03 - 2009-07-14 03:15 - 00066560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\devenum.dll

2013-04-05 00:12 - 2013-04-05 00:12 - 00130736 _____ (Dropbox, Inc.) C:\Users\Kochrian\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll

2013-09-13 01:55 - 2013-08-10 05:59 - 01141248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll

2013-09-11 07:17 - 2013-09-11 07:17 - 16177544 _____ () C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_168.dll
 

==================== Alternate Data Streams (whitelisted) =========
 

AlternateDataStreams: C:\ProgramData\Temp:3E7393FC

AlternateDataStreams: C:\ProgramData\Temp:81F83028
 

==================== Safe Mode (whitelisted) ===================
 
 

==================== Faulty Device Manager Devices =============
 
 

==================== Event log errors: =========================
 

Application errors:

==================

Error: (09/30/2013 07:48:38 PM) (Source: Windows Search Service) (User: )

Description: Der Index kann nicht initialisiert werden.
 
 

Details:

        Das System kann die angegebene Datei nicht finden.  (HRESULT : 0x80070002) (0x80070002)
 

Error: (09/30/2013 07:48:38 PM) (Source: Windows Search Service) (User: )

Description: Die Anwendung kann nicht initialisiert werden.
 

Kontext: Windows Anwendung
 
 

Details:

        Das System kann die angegebene Datei nicht finden.  (HRESULT : 0x80070002) (0x80070002)
 

Error: (09/30/2013 07:48:38 PM) (Source: Windows Search Service) (User: )

Description: Das Gatherer-Objekt kann nicht initialisiert werden.
 

Kontext: Windows Anwendung, SystemIndex Katalog
 
 

Details:

        Das System kann die angegebene Datei nicht finden.  (HRESULT : 0x80070002) (0x80070002)
 

Error: (09/30/2013 07:48:38 PM) (Source: Windows Search Service) (User: )

Description: Plug-In in <Search.TripoliIndexer> kann nicht initialisiert werden.
 

Kontext: Windows Anwendung, SystemIndex Katalog
 
 

Details:

        Das System kann die angegebene Datei nicht finden.  (HRESULT : 0x80070002) (0x80070002)
 

Error: (09/30/2013 07:41:01 PM) (Source: SideBySide) (User: )

Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in

Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.

Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit

einer anderen, bereits aktiven Komponentenversion.

In Konflikt stehende Komponenten:.

Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.

Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
 

Error: (09/30/2013 07:41:00 PM) (Source: Windows Search Service) (User: )

Description: Der Index kann nicht initialisiert werden.
 
 

Details:

        Das System kann die angegebene Datei nicht finden.  (HRESULT : 0x80070002) (0x80070002)
 

Error: (09/30/2013 07:41:00 PM) (Source: Windows Search Service) (User: )

Description: Die Anwendung kann nicht initialisiert werden.
 

Kontext: Windows Anwendung
 
 

Details:

        Das System kann die angegebene Datei nicht finden.  (HRESULT : 0x80070002) (0x80070002)
 

Error: (09/30/2013 07:41:00 PM) (Source: Windows Search Service) (User: )

Description: Das Gatherer-Objekt kann nicht initialisiert werden.
 

Kontext: Windows Anwendung, SystemIndex Katalog
 
 

Details:

        Das System kann die angegebene Datei nicht finden.  (HRESULT : 0x80070002) (0x80070002)
 

Error: (09/30/2013 07:41:00 PM) (Source: Windows Search Service) (User: )

Description: Plug-In in <Search.TripoliIndexer> kann nicht initialisiert werden.
 

Kontext: Windows Anwendung, SystemIndex Katalog
 
 

Details:

        Das System kann die angegebene Datei nicht finden.  (HRESULT : 0x80070002) (0x80070002)
 

Error: (09/30/2013 07:40:59 PM) (Source: Windows Search Service) (User: )

Description: Der Index kann nicht initialisiert werden.
 
 

Details:

        Das System kann die angegebene Datei nicht finden.  (HRESULT : 0x80070002) (0x80070002)
 
 

System errors:

=============

Error: (09/30/2013 07:48:38 PM) (Source: Service Control Manager) (User: )

Description: Dienst "Windows Search" wurde unerwartet beendet. Dies ist bereits 18 Mal passiert.
 

Error: (09/30/2013 07:48:38 PM) (Source: Service Control Manager) (User: )

Description: Der Dienst "Windows Search" wurde mit folgendem Fehler beendet: 

%%2
 

Error: (09/30/2013 07:41:00 PM) (Source: Service Control Manager) (User: )

Description: Dienst "Windows Search" wurde unerwartet beendet. Dies ist bereits 17 Mal passiert.
 

Error: (09/30/2013 07:41:00 PM) (Source: Service Control Manager) (User: )

Description: Der Dienst "Windows Search" wurde mit folgendem Fehler beendet: 

%%2
 

Error: (09/30/2013 07:40:59 PM) (Source: Service Control Manager) (User: )

Description: Dienst "Windows Search" wurde unerwartet beendet. Dies ist bereits 16 Mal passiert.
 

Error: (09/30/2013 07:40:59 PM) (Source: Service Control Manager) (User: )

Description: Der Dienst "Windows Search" wurde mit folgendem Fehler beendet: 

%%2
 

Error: (09/30/2013 07:40:58 PM) (Source: Service Control Manager) (User: )

Description: Dienst "Windows Search" wurde unerwartet beendet. Dies ist bereits 15 Mal passiert.
 

Error: (09/30/2013 07:40:58 PM) (Source: Service Control Manager) (User: )

Description: Der Dienst "Windows Search" wurde mit folgendem Fehler beendet: 

%%2
 

Error: (09/30/2013 07:40:55 PM) (Source: Service Control Manager) (User: )

Description: Dienst "Windows Search" wurde unerwartet beendet. Dies ist bereits 14 Mal passiert.
 

Error: (09/30/2013 07:40:55 PM) (Source: Service Control Manager) (User: )

Description: Der Dienst "Windows Search" wurde mit folgendem Fehler beendet: 

%%2
 
 

Microsoft Office Sessions:

=========================

Error: (09/30/2013 07:48:38 PM) (Source: Windows Search Service)(User: )

Description: 

Details:

        Das System kann die angegebene Datei nicht finden.  (HRESULT : 0x80070002) (0x80070002)
 

Error: (09/30/2013 07:48:38 PM) (Source: Windows Search Service)(User: )

Description: Kontext: Windows Anwendung
 
 

Details:

        Das System kann die angegebene Datei nicht finden.  (HRESULT : 0x80070002) (0x80070002)
 

Error: (09/30/2013 07:48:38 PM) (Source: Windows Search Service)(User: )

Description: Kontext: Windows Anwendung, SystemIndex Katalog
 
 

Details:

        Das System kann die angegebene Datei nicht finden.  (HRESULT : 0x80070002) (0x80070002)
 

Error: (09/30/2013 07:48:38 PM) (Source: Windows Search Service)(User: )

Description: Kontext: Windows Anwendung, SystemIndex Katalog
 
 

Details:

        Das System kann die angegebene Datei nicht finden.  (HRESULT : 0x80070002) (0x80070002)

Search.TripoliIndexer
 

Error: (09/30/2013 07:41:01 PM) (Source: SideBySide)(User: )

Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Program Files (x86)\ESET\ESET Online Scanner\ESETSmartInstaller.exe
 

Error: (09/30/2013 07:41:00 PM) (Source: Windows Search Service)(User: )

Description: 

Details:

        Das System kann die angegebene Datei nicht finden.  (HRESULT : 0x80070002) (0x80070002)
 

Error: (09/30/2013 07:41:00 PM) (Source: Windows Search Service)(User: )

Description: Kontext: Windows Anwendung
 
 

Details:

        Das System kann die angegebene Datei nicht finden.  (HRESULT : 0x80070002) (0x80070002)
 

Error: (09/30/2013 07:41:00 PM) (Source: Windows Search Service)(User: )

Description: Kontext: Windows Anwendung, SystemIndex Katalog
 
 

Details:

        Das System kann die angegebene Datei nicht finden.  (HRESULT : 0x80070002) (0x80070002)
 

Error: (09/30/2013 07:41:00 PM) (Source: Windows Search Service)(User: )

Description: Kontext: Windows Anwendung, SystemIndex Katalog
 
 

Details:

        Das System kann die angegebene Datei nicht finden.  (HRESULT : 0x80070002) (0x80070002)

Search.TripoliIndexer
 

Error: (09/30/2013 07:40:59 PM) (Source: Windows Search Service)(User: )

Description: 

Details:

        Das System kann die angegebene Datei nicht finden.  (HRESULT : 0x80070002) (0x80070002)
 
 

CodeIntegrity Errors:

===================================

  Date: 2013-09-15 01:03:48.996

  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files (x86)\Common Files\T-Com\DSLCheck\PCIDumpr.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
 

  Date: 2013-09-15 01:03:48.616

  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files (x86)\Common Files\T-Com\DSLCheck\PCIDumpr.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
 

  Date: 2013-07-27 17:58:12.699

  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
 

  Date: 2013-07-27 17:58:12.699

  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
 

  Date: 2013-07-27 17:58:12.689

  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
 

  Date: 2013-07-27 17:58:12.659

  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\KLELAMX64\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
 

  Date: 2013-07-27 17:58:12.659

  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\KLELAMX64\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
 

  Date: 2013-07-27 17:58:12.659

  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\KLELAMX64\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
 

  Date: 2013-07-26 21:10:22.524

  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
 

  Date: 2013-07-26 21:10:22.524

  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
 
 

==================== Memory info =========================== 
 

Percentage of memory in use: 73%

Total physical RAM: 4007.77 MB

Available physical RAM: 1073.57 MB

Total Pagefile: 8013.73 MB

Available Pagefile: 5415.7 MB

Total Virtual: 8192 MB

Available Virtual: 8191.82 MB
 

==================== Drives ================================
 

Drive c: (OS) (Fixed) (Total:125.03 GB) (Free:10.55 GB) NTFS ==>[System with boot components (obtained from reading drive)]

Drive d: (Data) (Fixed) (Total:148.06 GB) (Free:128.56 GB) NTFS

Drive f: (USB Disk) (Removable) (Total:3.73 GB) (Free:0.4 GB) FAT32
 

==================== MBR & Partition Table ==================
 

========================================================

Disk: 0 (MBR Code: Windows 7 or 8) (Size: 298 GB) (Disk ID: 343771F7)

Partition 1: (Not Active) - (Size=25 GB) - (Type=1C)

Partition 2: (Active) - (Size=125 GB) - (Type=07 NTFS)

Partition 3: (Not Active) - (Size=148 GB) - (Type=OF Extended)
 

========================================================

Disk: 1 (MBR Code: Windows XP) (Size: 4 GB) (Disk ID: C3072E18)

Partition 1: (Active) - (Size=4 GB) - (Type=0C)
 

==================== End Of Log ============================

Jetzt bekomm ich wahrscheinlich erstmal ordentlich einen auf den Deckel,
weil die alten Versionen in meinem Rechner schon goldene Hochzeit feiern????

Meine Auswertung (von jemanden, die von nichts wirklich Ahnung hat):

Beim Hochfahren wird immer noch die Meldung angezeigt:
Einer der Datenträger muss auf Konsistenz überprüft werden.
Diese Meldung breche ich mit ESC ab, damit der Läppi hochfahren kann.

Er braucht verhältnismäßig sehr lange nach dem Hochfahren, bis alle Dateien aufgebaut sind,
dass ist mir zuerst aufgefallen nachdem Kaspersky den Trojaner gefunden hat.

Kaspersky leuchtet immer noch im strahlenden rot. Muss ich den Trojaner irgendwie manuell löschen?
Kenne mich damit gar nicht aus. Dachte immer Kasperky macht den weg, sobald er was gefunden hat.

Und Kasperksy braucht geschlagene 7 Min, bis der Schutz akziviert wird. Er hatte vor dem Angriff nie sooo lange gebraucht.
Kann das darin liegen, das zuerst die Meldung erscheint: "Es wurde Malware gefunden!" ?

Ansonsten scheint der Rechner im Großen und Ganzen ganz gut zu laufen, wenn er irgendwann mal in die Füße gekommen ist.

Infos: Habe mir Kaspersky 2013 käuflich erworben und nur eine Lizenz (über E-Mail) zum aktivieren bekommen,
weiß nicht wie es da mit deinstallieren und neu aufspielen aussieht? (keine CD vorhanden!)

Poste mal ein FRST Log, das hast Du oben vergessen. Lass die Konsistenzprüfung mal durchlaufen.

Hier nochmal das FRST.log:
FRST Logfile:

Code:

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 27-09-2013 02

Ran by Kochrian (administrator) on INFINITY on 02-10-2013 06:16:43

Running from C:\Users\Kochrian\Desktop

Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard

Internet Explorer Version 10

Boot Mode: Normal
 

==================== Processes (Whitelisted) =================
 

(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe

(ASUSTeK Computer Inc.) C:\Windows\system32\FBAgent.exe

(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe

(Microsoft Corporation) C:\Windows\system32\WLANExt.exe

(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe

(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe

(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe

(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\avp.exe

(Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe

(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe

(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe

(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe

(ASUS) C:\Program Files\P4G\BatteryLife.exe

(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe

(ASUS) C:\Program Files (x86)\ASUS\Splendid\ACMON.exe

(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\ASUS Live Update\LiveUpdate.exe

(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe

(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe

(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe

(ASUSTeK) C:\Windows\SysWOW64\ACEngSvr.exe

(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

(ASUS) C:\Windows\AsScrPro.exe

(Microsoft Corporation) C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE

(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe

(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe

() C:\Program Files (x86)\ASUS\ASUS WebStorage\SERVICE\AsusWSService.exe

(Intel Corporation) C:\Windows\System32\igfxtray.exe

(Intel Corporation) C:\Windows\System32\hkcmd.exe

(Intel Corporation) C:\Windows\System32\igfxpers.exe

(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe

(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe

(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe

(Dropbox, Inc.) C:\Users\Kochrian\AppData\Roaming\Dropbox\bin\Dropbox.exe

(T-Systems Enterprise Services GmbH) C:\Program Files (x86)\DSL-Manager\DslMgr.exe

(Virage Logic Corporation / Sonic Focus) C:\Program Files (x86)\ASUS\Sonic Focus\SonicFocusTray.exe

(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe

(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe

() C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe

(shbox) C:\Program Files (x86)\FreePDF\FreePDFA.exe

(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\avp.exe

(Geek Software GmbH) C:\Program Files (x86)\PDF24\pdf24.exe

(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe

(T-Systems Enterprise Services GmbH) C:\Program Files (x86)\DSL-Manager\DslMgrSvc.exe

(Microsoft Corporation) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe

(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe

(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe

(Microsoft Corporation) C:\Program Files (x86)\Internet Explorer\IELowutil.exe

(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_8_800_168.exe

(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_8_800_168.exe
 

==================== Registry (Whitelisted) ==================
 

HKLM\...\Run: [ASUS WebStorage] - C:\Program Files (x86)\ASUS\ASUS WebStorage\SERVICE\AsusWSService.exe [1754448 2010-03-16] ()

HKLM\...\Run: [HotKeysCmds] - C:\Windows\system32\hkcmd.exe [ ] ()

HKLM\...\Run: [RtHDVBg] - C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2188904 2011-01-18] (Realtek Semiconductor)

HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2712360 2011-03-04] (Synaptics Incorporated)

HKLM\...\Run: [IntelWireless] - C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe [1933584 2010-11-02] (Intel(R) Corporation)

HKLM\...\Run: [SynAsusAcpi] - C:\Program Files\Synaptics\SynTP\SynAsusAcpi.exe [97064 2011-03-04] (Synaptics Incorporated)

HKLM\...\Run: [Setwallpaper] - c:\programdata\SetWallpaper.cmd

HKLM\...\Run: [Logitech Download Assistant] - C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch

Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)

HKCU\...\Run: [Exetender_148] - C:\Program Files (x86)\FreeRide Games\GPlayer.exe [4945816 2012-11-25] (Exent Technologies Ltd.)

HKLM-x32\...\Run: [UpdateLBPShortCut] - C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe [222504 2009-05-20] (CyberLink Corp.)

HKLM-x32\...\Run: [UpdateP2GoShortCut] - C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe [222504 2009-05-20] (CyberLink Corp.)

HKLM-x32\...\Run: [Nuance PDF Reader-reminder] - C:\ProgramData\Nuance\PDF Reader\Ereg\Ereg.ini [354 2013-10-01] ()

HKLM-x32\...\Run: [SonicMasterTray] - C:\Program Files (x86)\ASUS\Sonic Focus\SonicFocusTray.exe [984400 2010-07-10] (Virage Logic Corporation / Sonic Focus)

HKLM-x32\...\Run: [ATKOSD2] - C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe [5732992 2010-08-17] (ASUS)

HKLM-x32\...\Run: [ATKMEDIA] - C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe [170624 2010-10-07] (ASUS)

HKLM-x32\...\Run: [HControlUser] - C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe [105016 2009-06-19] (ASUS)

HKLM-x32\...\Run: [Wireless Console 3] - C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe [1601536 2010-09-24] ()

HKLM-x32\...\Run: [FreePDFAssistent] - C:\Program Files (x86)\FreePDF\FreePDFA.exe [122880 2003-05-28] (shbox)

HKLM-x32\...\Run: [AVP] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\avp.exe [356376 2013-02-28] (Kaspersky Lab ZAO)

HKLM-x32\...\Run: [PDFPrint] - C:\Program Files (x86)\PDF24\pdf24.exe [162856 2013-06-10] (Geek Software GmbH)

AppInit_DLLs: C:\Windows\system32\nvinitx.dll [226920 2011-02-21] (NVIDIA Corporation)

AppInit_DLLs-x32: c:\windows\syswow64\nvinit.dll [192616 2011-02-21] (NVIDIA Corporation)

Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\DSL-Manager.lnk

ShortcutTarget: DSL-Manager.lnk -> C:\Program Files (x86)\DSL-Manager\DslMgr.exe (T-Systems Enterprise Services GmbH)

Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\DSL-Manager.lnk

ShortcutTarget: DSL-Manager.lnk -> C:\Program Files (x86)\DSL-Manager\DslMgr.exe (T-Systems Enterprise Services GmbH)

Startup: C:\Users\Kochrian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk

ShortcutTarget: Dropbox.lnk -> C:\Users\Kochrian\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)

Startup: C:\Users\Kochrian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\DSL-Manager.lnk

ShortcutTarget: DSL-Manager.lnk -> C:\Program Files (x86)\DSL-Manager\DslMgr.exe (T-Systems Enterprise Services GmbH)
 

==================== Internet (Whitelisted) ====================
 

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/

SearchScopes: HKLM - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=ASUTDF&pc=MAAU&src=IE-SearchBox

SearchScopes: HKCU - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 

SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 

BHO: Content Blocker Plugin - {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\x64\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO)

BHO: Virtual Keyboard Plugin - {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)

BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)

BHO: URL Advisor Plugin - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\x64\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)

BHO-x32: Content Blocker Plugin - {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO)

BHO-x32: Virtual Keyboard Plugin - {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)

BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)

BHO-x32: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll (Microsoft Corporation)

BHO-x32: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files (x86)\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll No File

BHO-x32: URL Advisor Plugin - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)

DPF: HKLM-x32 {4FF78044-96B4-4312-A5B7-FDA3CB328095} 

Tcpip\Parameters: [DhcpNameServer] 192.168.2.1

Tcpip\..\Interfaces\{E2B530AD-7D74-4C29-8995-5C4E23C175F9}: [NameServer]192.168.2.1
 

FireFox:

========

FF ProfilePath: C:\Users\Kochrian\AppData\Roaming\Mozilla\Firefox\Profiles\yugsi656.default

FF NewTab: www.google.de

FF Homepage: https://www.google.de/

FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_8_800_168.dll ()

FF Plugin: @microsoft.com/GENUINE - disabled No File

FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)

FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_168.dll ()

FF Plugin-x32: @exent.com/npExentControl,version=7.1.0.1 - C:\Program Files (x86)\FreeRide Games\npExentControl.dll (Exent Technologies Ltd.)

FF Plugin-x32: @microsoft.com/GENUINE - disabled No File

FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)

FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)

FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)

FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)

FF Plugin-x32: ZEON/PDF,version=2.0 - C:\Program Files (x86)\Nuance\PDF Reader\bin\nppdf.dll (Zeon Corporation)

FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml

FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml

FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml

FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml

FF Extension: No Name - C:\Users\Kochrian\AppData\Roaming\Mozilla\Firefox\Profiles\yugsi656.default\Extensions\{66E978CD-981F-47DF-AC42-E3CF417C1467}.xpi

FF Extension: Anti-Banner - C:\Program Files (x86)\Mozilla Firefox\extensions\KavAntiBanner@kaspersky.ru_bak2

FF Extension: Modul zur Link-Untersuchung - C:\Program Files (x86)\Mozilla Firefox\extensions\linkfilter@kaspersky.ru_bak2

FF HKLM-x32\...\Firefox\Extensions: [virtualKeyboard@kaspersky.ru] - C:\Program Files (x86)\Kaspersky Security Suite CBE 12\FFExt\virtualKeyboard@kaspersky.ru

FF HKLM-x32\...\Firefox\Extensions:  - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\FFExt\url_advisor@kaspersky.com

FF Extension: Kaspersky URL Advisor - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\FFExt\url_advisor@kaspersky.com

FF HKLM-x32\...\Firefox\Extensions: [virtual_keyboard@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\FFExt\virtual_keyboard@kaspersky.com

FF Extension: Virtual Keyboard - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\FFExt\virtual_keyboard@kaspersky.com

FF HKLM-x32\...\Firefox\Extensions: [content_blocker@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\FFExt\content_blocker@kaspersky.com

FF Extension: Content Blocker - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\FFExt\content_blocker@kaspersky.com
 

Chrome: 

=======

CHR DefaultSearchURL: (Hola Search) - hxxp://www.google.com

CHR DefaultSuggestURL: (Hola Search) - {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}&sugkey={google:suggestAPIKeyParameter}

CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\24.0.1312.57\PepperFlash\pepflashplayer.dll ()

CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer

CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\24.0.1312.57\ppGoogleNaClPluginChrome.dll ()

CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\24.0.1312.57\pdf.dll ()

CHR Plugin: (Kaspersky Anti-Virus) - C:\Users\Kochrian\AppData\Local\Google\Chrome\User Data\Default\Extensions\hghkgaeecgjhjkannahfamoehjmkjail\13.0.1.4190_0\plugin/content_blocker_npapi.dll (Kaspersky Lab ZAO)

CHR Plugin: (Kaspersky Anti-Virus) - C:\Users\Kochrian\AppData\Local\Google\Chrome\User Data\Default\Extensions\dchlnpcodkpfdpacogkljefecpegganj\13.0.1.4190_0\plugin/npUrlAdvisor.dll (Kaspersky Lab ZAO)

CHR Plugin: (Kaspersky Anti-Virus) - C:\Users\Kochrian\AppData\Local\Google\Chrome\User Data\Default\Extensions\jagncdcchgajhfhijbbhecadmaiegcmh\13.0.1.4292_0\plugin/npVKPlugin.dll (Kaspersky Lab ZAO)

CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)

CHR Plugin: (Exent\u00AE AOD Gecko Plugin) - C:\Program Files (x86)\FreeRide Games\npExentControl.dll (Exent Technologies Ltd.)

CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)

CHR Plugin: (Silverlight Plug-In) - C:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll No File

CHR Plugin: (Zeon Plus) - C:\Program Files (x86)\Nuance\PDF Reader\bin\nppdf.dll (Zeon Corporation)

CHR Plugin: (Windows Live\u0099 Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_202.dll No File

CHR Extension: (Kaspersky URL Advisor) - C:\Users\Kochrian\AppData\Local\Google\Chrome\User Data\Default\Extensions\dchlnpcodkpfdpacogkljefecpegganj\13.0.1.4190_0

CHR Extension: (Content Blocker) - C:\Users\Kochrian\AppData\Local\Google\Chrome\User Data\Default\Extensions\hghkgaeecgjhjkannahfamoehjmkjail\13.0.1.4190_0

CHR Extension: (Virtual Keyboard) - C:\Users\Kochrian\AppData\Local\Google\Chrome\User Data\Default\Extensions\jagncdcchgajhfhijbbhecadmaiegcmh\13.0.1.4292_0

CHR HKLM-x32\...\Chrome\Extension: [dchlnpcodkpfdpacogkljefecpegganj] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\ChromeExt\urladvisor.crx

CHR HKLM-x32\...\Chrome\Extension: [hghkgaeecgjhjkannahfamoehjmkjail] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\ChromeExt\content_blocker_chrome.crx

CHR HKLM-x32\...\Chrome\Extension: [jagncdcchgajhfhijbbhecadmaiegcmh] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\ChromeExt\virtkbd.crx
 

==================== Services (Whitelisted) =================
 

R2 AVP; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\avp.exe [356376 2013-02-28] (Kaspersky Lab ZAO)

R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)

R2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)

S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [340240 2010-11-02] ()

R3 TDslMgrService; C:\Program Files (x86)\DSL-Manager\DslMgrSvc.exe [307200 2008-10-23] (T-Systems Enterprise Services GmbH)
 

==================== Drivers (Whitelisted) ====================
 

S3 bsitf; C:\Program Files (x86)\ASUS\WinFlash\bsitf64.sys [13440 2010-01-06] (ASUSTek Computer Inc.)

S3 bsitf; C:\Program Files (x86)\ASUS\WinFlash\bsitf64.sys [13440 2010-01-06] (ASUSTek Computer Inc.)

R1 DslMNLwf; C:\Windows\System32\DRIVERS\dslmnlwf.sys [19008 2007-08-01] (T-Systems Enterprise Services GmbH)

R3 kbfiltr; C:\Windows\System32\DRIVERS\kbfiltr.sys [15416 2009-07-20] ( )

R0 KL1; C:\Windows\System32\DRIVERS\kl1.sys [458584 2012-06-19] (Kaspersky Lab ZAO)

R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [620128 2013-05-20] (Kaspersky Lab ZAO)

R1 KLIM6; C:\Windows\System32\DRIVERS\klim6.sys [28504 2012-08-02] (Kaspersky Lab ZAO)

R3 klkbdflt; C:\Windows\System32\DRIVERS\klkbdflt.sys [29016 2013-02-28] (Kaspersky Lab)

R3 klmouflt; C:\Windows\System32\DRIVERS\klmouflt.sys [29528 2013-02-28] (Kaspersky Lab)

R1 kltdi; C:\Windows\System32\DRIVERS\kltdi.sys [54368 2013-06-18] (Kaspersky Lab ZAO)

R1 kneps; C:\Windows\System32\DRIVERS\kneps.sys [178448 2013-05-20] (Kaspersky Lab ZAO)

R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)

R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)

S3 PciDumpr; C:\Program Files (x86)\Common Files\T-Com\DSLCheck\PciDumpr.sys [2144 2001-01-26] ()

S3 PciDumpr; C:\Program Files (x86)\Common Files\T-Com\DSLCheck\PciDumpr.sys [2144 2001-01-26] ()

R2 X5XSEx_Pr148; C:\Program Files (x86)\FreeRide Games\X5XSEx_Pr148.Sys [56136 2012-08-02] (Exent Technologies Ltd.)

R2 X5XSEx_Pr148; C:\Program Files (x86)\FreeRide Games\X5XSEx_Pr148.Sys [56136 2012-08-02] (Exent Technologies Ltd.)

U5 klflt; C:\Windows\System32\Drivers\klflt.sys [90208 2013-05-20] (Kaspersky Lab ZAO)
 

==================== NetSvcs (Whitelisted) ===================
 
 

==================== One Month Created Files and Folders ========
 

2013-10-02 06:15 - 2013-10-02 06:16 - 01953880 _____ (Farbar) C:\Users\Kochrian\Desktop\FRST64.exe

2013-09-30 19:52 - 2013-09-30 19:52 - 00039212 _____ C:\Users\Kochrian\Desktop\Addition.txt

2013-09-30 19:46 - 2013-09-30 19:46 - 00891144 _____ C:\Users\Kochrian\Downloads\SecurityCheck.exe

2013-09-29 21:56 - 2013-09-29 21:56 - 02347384 _____ (ESET) C:\Users\Kochrian\Downloads\esetsmartinstaller_enu.exe

2013-09-29 21:56 - 2013-09-29 21:56 - 00000000 ____D C:\Program Files (x86)\ESET

2013-09-29 06:26 - 2013-09-29 06:26 - 00000000 __SHD C:\found.001

2013-09-29 00:22 - 2013-09-29 00:22 - 00414150 _____ C:\Users\Kochrian\Downloads\Secure Banking v1.5.2.rar

2013-09-28 20:00 - 2013-09-28 20:00 - 00002597 _____ C:\Users\Kochrian\Desktop\JRT.txt

2013-09-28 19:43 - 2013-09-28 19:43 - 01030305 _____ (Thisisu) C:\Users\Kochrian\Desktop\JRT.exe

2013-09-28 19:43 - 2013-09-28 19:43 - 00000000 ____D C:\Windows\ERUNT

2013-09-28 18:19 - 2013-09-28 18:19 - 00001115 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

2013-09-28 18:19 - 2013-09-28 18:19 - 00000000 ____D C:\Users\Kochrian\AppData\Roaming\Malwarebytes

2013-09-28 18:19 - 2013-09-28 18:19 - 00000000 ____D C:\ProgramData\Malwarebytes

2013-09-28 18:19 - 2013-09-28 18:19 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware

2013-09-28 18:19 - 2013-04-04 14:50 - 00025928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys

2013-09-28 18:18 - 2013-09-28 18:18 - 10285040 _____ (Malwarebytes Corporation                                    ) C:\Users\Kochrian\Downloads\mbam-setup-1.75.0.1300.exe

2013-09-27 15:02 - 2013-09-28 19:37 - 00000000 ____D C:\AdwCleaner

2013-09-27 15:02 - 2013-09-27 15:02 - 01042066 _____ C:\Users\Kochrian\Downloads\adwcleaner.exe

2013-09-27 05:43 - 2013-09-27 05:43 - 00000000 ____D C:\FRST

2013-09-22 23:14 - 2013-09-22 23:14 - 00000000 ____D C:\Users\Kochrian\Desktop\Wiederherstellung

2013-09-22 23:10 - 2013-09-25 16:58 - 00000000 ____D C:\Program Files\Recuva

2013-09-22 23:10 - 2013-09-25 16:41 - 00001704 _____ C:\Users\Public\Desktop\Recuva.lnk

2013-09-22 23:09 - 2013-09-22 23:09 - 03844296 _____ (Piriform Ltd) C:\Users\Kochrian\Downloads\rcsetup148.exe

2013-09-22 18:46 - 2013-09-22 18:46 - 00001061 _____ C:\Users\Public\Desktop\CardRecovery.lnk

2013-09-22 18:46 - 2013-09-22 18:46 - 00000000 ____D C:\Program Files (x86)\CardRecovery

2013-09-22 18:45 - 2013-09-22 18:45 - 00851400 _____ (WinRecovery Software                                        ) C:\Users\Kochrian\Downloads\cardrecovery_setup_de.exe

2013-09-15 01:00 - 2013-09-15 01:00 - 00000000 ____D C:\ProgramData\T-Online

2013-09-15 00:59 - 2013-09-15 00:59 - 00000000 ___RD C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup

2013-09-15 00:59 - 2013-09-15 00:59 - 00000000 ___RD C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup

2013-09-15 00:59 - 2007-09-12 17:24 - 00041024 _____ (Printing Communications Assoc., Inc. (PCAUSA)) C:\Windows\system32\Drivers\DslTestSp5a64.sys

2013-09-15 00:58 - 2013-09-15 00:58 - 00000000 ____D C:\Program Files (x86)\DSL-Manager

2013-09-15 00:58 - 2007-08-01 14:49 - 00019008 _____ (T-Systems Enterprise Services GmbH) C:\Windows\system32\Drivers\dslmnlwf.sys

2013-09-15 00:57 - 2013-09-15 00:57 - 04118552 _____ (T-Online                                                    ) C:\Users\Kochrian\Downloads\DSL-Manager_6.9.exe

2013-09-13 01:55 - 2013-08-10 07:22 - 02241024 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll

2013-09-13 01:55 - 2013-08-10 07:22 - 01365504 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll

2013-09-13 01:55 - 2013-08-10 07:22 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe

2013-09-13 01:55 - 2013-08-10 07:21 - 19246592 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll

2013-09-13 01:55 - 2013-08-10 07:21 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll

2013-09-13 01:55 - 2013-08-10 07:21 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll

2013-09-13 01:55 - 2013-08-10 07:20 - 15404544 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll

2013-09-13 01:55 - 2013-08-10 07:20 - 03959296 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll

2013-09-13 01:55 - 2013-08-10 07:20 - 02647040 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll

2013-09-13 01:55 - 2013-08-10 07:20 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll

2013-09-13 01:55 - 2013-08-10 07:20 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll

2013-09-13 01:55 - 2013-08-10 07:20 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll

2013-09-13 01:55 - 2013-08-10 07:20 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll

2013-09-13 01:55 - 2013-08-10 07:20 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll

2013-09-13 01:55 - 2013-08-10 05:59 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll

2013-09-13 01:55 - 2013-08-10 05:59 - 01141248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll

2013-09-13 01:55 - 2013-08-10 05:58 - 14332928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll

2013-09-13 01:55 - 2013-08-10 05:58 - 13761024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll

2013-09-13 01:55 - 2013-08-10 05:58 - 02876928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll

2013-09-13 01:55 - 2013-08-10 05:58 - 02048000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll

2013-09-13 01:55 - 2013-08-10 05:58 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll

2013-09-13 01:55 - 2013-08-10 05:58 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll

2013-09-13 01:55 - 2013-08-10 05:58 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll

2013-09-13 01:55 - 2013-08-10 05:58 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll

2013-09-13 01:55 - 2013-08-10 05:58 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll

2013-09-13 01:55 - 2013-08-10 05:58 - 00039424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll

2013-09-13 01:55 - 2013-08-10 05:58 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll

2013-09-13 01:55 - 2013-08-10 05:17 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb

2013-09-13 01:55 - 2013-08-10 05:07 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb

2013-09-13 01:55 - 2013-08-10 04:27 - 00089600 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe

2013-09-13 01:55 - 2013-08-10 04:17 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe

2013-09-12 21:29 - 2013-08-08 03:20 - 03155456 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys

2013-09-12 21:29 - 2013-08-05 04:25 - 00155584 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ataport.sys

2013-09-12 21:29 - 2013-08-02 04:23 - 05550528 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe

2013-09-12 21:29 - 2013-08-02 04:15 - 01732032 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll

2013-09-12 21:29 - 2013-08-02 04:15 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll

2013-09-12 21:29 - 2013-08-02 04:15 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll

2013-09-12 21:29 - 2013-08-02 04:15 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll

2013-09-12 21:29 - 2013-08-02 04:14 - 00215040 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll

2013-09-12 21:29 - 2013-08-02 04:14 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll

2013-09-12 21:29 - 2013-08-02 04:13 - 01161216 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll

2013-09-12 21:29 - 2013-08-02 04:13 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll

2013-09-12 21:29 - 2013-08-02 04:12 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll

2013-09-12 21:29 - 2013-08-02 04:12 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll

2013-09-12 21:29 - 2013-08-02 04:12 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll

2013-09-12 21:29 - 2013-08-02 04:12 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll

2013-09-12 21:29 - 2013-08-02 04:12 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll

2013-09-12 21:29 - 2013-08-02 04:12 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll

2013-09-12 21:29 - 2013-08-02 04:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll

2013-09-12 21:29 - 2013-08-02 04:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll

2013-09-12 21:29 - 2013-08-02 04:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll

2013-09-12 21:29 - 2013-08-02 04:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll

2013-09-12 21:29 - 2013-08-02 04:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll

2013-09-12 21:29 - 2013-08-02 04:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll

2013-09-12 21:29 - 2013-08-02 04:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll

2013-09-12 21:29 - 2013-08-02 04:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll

2013-09-12 21:29 - 2013-08-02 04:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll

2013-09-12 21:29 - 2013-08-02 04:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll

2013-09-12 21:29 - 2013-08-02 04:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll

2013-09-12 21:29 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll

2013-09-12 21:29 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll

2013-09-12 21:29 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll

2013-09-12 21:29 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll

2013-09-12 21:29 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll

2013-09-12 21:29 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll

2013-09-12 21:29 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll

2013-09-12 21:29 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll

2013-09-12 21:29 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll

2013-09-12 21:29 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll

2013-09-12 21:29 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll

2013-09-12 21:29 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll

2013-09-12 21:29 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll

2013-09-12 21:29 - 2013-08-02 03:59 - 03968960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe

2013-09-12 21:29 - 2013-08-02 03:59 - 03913664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe

2013-09-12 21:29 - 2013-08-02 03:51 - 01292192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll

2013-09-12 21:29 - 2013-08-02 03:50 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll

2013-09-12 21:29 - 2013-08-02 03:50 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll

2013-09-12 21:29 - 2013-08-02 03:50 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll

2013-09-12 21:29 - 2013-08-02 03:48 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll

2013-09-12 21:29 - 2013-08-02 03:48 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll

2013-09-12 21:29 - 2013-08-02 03:48 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll

2013-09-12 21:29 - 2013-08-02 03:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll

2013-09-12 21:29 - 2013-08-02 03:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll

2013-09-12 21:29 - 2013-08-02 03:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll

2013-09-12 21:29 - 2013-08-02 03:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll

2013-09-12 21:29 - 2013-08-02 03:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll

2013-09-12 21:29 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll

2013-09-12 21:29 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll

2013-09-12 21:29 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll

2013-09-12 21:29 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll

2013-09-12 21:29 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll

2013-09-12 21:29 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll

2013-09-12 21:29 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll

2013-09-12 21:29 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll

2013-09-12 21:29 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll

2013-09-12 21:29 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll

2013-09-12 21:29 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll

2013-09-12 21:29 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll

2013-09-12 21:29 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll

2013-09-12 21:29 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll

2013-09-12 21:29 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll

2013-09-12 21:29 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll

2013-09-12 21:29 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll

2013-09-12 21:29 - 2013-08-02 03:09 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe

2013-09-12 21:29 - 2013-08-02 02:59 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe

2013-09-12 21:29 - 2013-08-02 02:45 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe

2013-09-12 21:29 - 2013-08-02 02:45 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll

2013-09-12 21:29 - 2013-08-02 02:45 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe

2013-09-12 21:29 - 2013-08-02 02:45 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe

2013-09-12 21:29 - 2013-08-02 02:43 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll

2013-09-12 21:29 - 2013-08-02 02:43 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll

2013-09-12 21:29 - 2013-08-02 02:43 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll

2013-09-12 21:29 - 2013-08-02 02:43 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll

2013-09-12 21:29 - 2013-07-26 04:24 - 14172672 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll

2013-09-12 21:29 - 2013-07-26 04:24 - 00197120 _____ (Microsoft Corporation) C:\Windows\system32\shdocvw.dll

2013-09-12 21:29 - 2013-07-26 03:55 - 12872704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll

2013-09-12 21:29 - 2013-07-26 03:55 - 00180224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shdocvw.dll
 

==================== One Month Modified Files and Folders =======
 

2013-10-02 06:16 - 2013-10-02 06:15 - 01953880 _____ (Farbar) C:\Users\Kochrian\Desktop\FRST64.exe

2013-10-02 06:10 - 2012-04-06 14:27 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job

2013-10-02 05:52 - 2012-05-21 16:55 - 00000000 ____D C:\ProgramData\Kaspersky Lab

2013-10-02 05:19 - 2011-01-12 17:50 - 00001124 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job

2013-10-02 03:46 - 2011-06-07 20:56 - 01853220 _____ C:\Windows\WindowsUpdate.log

2013-10-02 01:05 - 2012-03-05 17:52 - 00003942 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{D171BCEA-83EC-4107-A51D-3DA7F51206A8}

2013-10-01 17:31 - 2013-08-17 11:26 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox

2013-10-01 06:19 - 2011-01-12 17:50 - 00001120 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job

2013-10-01 06:03 - 2009-07-14 06:45 - 00009920 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

2013-10-01 06:03 - 2009-07-14 06:45 - 00009920 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

2013-10-01 05:56 - 2013-04-02 21:49 - 00000000 ___RD C:\Users\Kochrian\Dropbox

2013-10-01 05:56 - 2013-04-02 21:39 - 00000000 ____D C:\Users\Kochrian\AppData\Roaming\Dropbox

2013-10-01 05:55 - 2011-11-04 00:56 - 00045056 _____ C:\Windows\system32\acovcnt.exe

2013-10-01 05:54 - 2009-07-14 07:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT

2013-10-01 05:54 - 2009-07-14 06:51 - 00158260 _____ C:\Windows\setupact.log

2013-09-30 19:52 - 2013-09-30 19:52 - 00039212 _____ C:\Users\Kochrian\Desktop\Addition.txt

2013-09-30 19:46 - 2013-09-30 19:46 - 00891144 _____ C:\Users\Kochrian\Downloads\SecurityCheck.exe

2013-09-30 11:11 - 2009-08-04 11:51 - 00666264 _____ C:\Windows\system32\perfh007.dat

2013-09-30 11:11 - 2009-08-04 11:51 - 00134186 _____ C:\Windows\system32\perfc007.dat

2013-09-30 11:11 - 2009-07-14 07:13 - 01531054 _____ C:\Windows\system32\PerfStringBackup.INI

2013-09-29 21:56 - 2013-09-29 21:56 - 02347384 _____ (ESET) C:\Users\Kochrian\Downloads\esetsmartinstaller_enu.exe

2013-09-29 21:56 - 2013-09-29 21:56 - 00000000 ____D C:\Program Files (x86)\ESET

2013-09-29 06:26 - 2013-09-29 06:26 - 00000000 __SHD C:\found.001

2013-09-29 00:22 - 2013-09-29 00:22 - 00414150 _____ C:\Users\Kochrian\Downloads\Secure Banking v1.5.2.rar

2013-09-28 20:00 - 2013-09-28 20:00 - 00002597 _____ C:\Users\Kochrian\Desktop\JRT.txt

2013-09-28 19:43 - 2013-09-28 19:43 - 01030305 _____ (Thisisu) C:\Users\Kochrian\Desktop\JRT.exe

2013-09-28 19:43 - 2013-09-28 19:43 - 00000000 ____D C:\Windows\ERUNT

2013-09-28 19:37 - 2013-09-27 15:02 - 00000000 ____D C:\AdwCleaner

2013-09-28 19:31 - 2011-06-07 21:32 - 00001276 _____ C:\Windows\system32\ServiceFilter.ini

2013-09-28 19:30 - 2011-06-07 20:52 - 00200922 _____ C:\Windows\PFRO.log

2013-09-28 18:19 - 2013-09-28 18:19 - 00001115 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

2013-09-28 18:19 - 2013-09-28 18:19 - 00000000 ____D C:\Users\Kochrian\AppData\Roaming\Malwarebytes

2013-09-28 18:19 - 2013-09-28 18:19 - 00000000 ____D C:\ProgramData\Malwarebytes

2013-09-28 18:19 - 2013-09-28 18:19 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware

2013-09-28 18:18 - 2013-09-28 18:18 - 10285040 _____ (Malwarebytes Corporation                                    ) C:\Users\Kochrian\Downloads\mbam-setup-1.75.0.1300.exe

2013-09-27 15:02 - 2013-09-27 15:02 - 01042066 _____ C:\Users\Kochrian\Downloads\adwcleaner.exe

2013-09-27 05:43 - 2013-09-27 05:43 - 00000000 ____D C:\FRST

2013-09-25 16:58 - 2013-09-22 23:10 - 00000000 ____D C:\Program Files\Recuva

2013-09-25 16:41 - 2013-09-22 23:10 - 00001704 _____ C:\Users\Public\Desktop\Recuva.lnk

2013-09-23 15:09 - 2011-12-10 18:13 - 01517056 ___SH C:\Users\Kochrian\Desktop\Thumbs.db

2013-09-22 23:14 - 2013-09-22 23:14 - 00000000 ____D C:\Users\Kochrian\Desktop\Wiederherstellung

2013-09-22 23:14 - 2011-11-04 00:55 - 00000000 ____D C:\Users\Kochrian

2013-09-22 23:09 - 2013-09-22 23:09 - 03844296 _____ (Piriform Ltd) C:\Users\Kochrian\Downloads\rcsetup148.exe

2013-09-22 18:46 - 2013-09-22 18:46 - 00001061 _____ C:\Users\Public\Desktop\CardRecovery.lnk

2013-09-22 18:46 - 2013-09-22 18:46 - 00000000 ____D C:\Program Files (x86)\CardRecovery

2013-09-22 18:45 - 2013-09-22 18:45 - 00851400 _____ (WinRecovery Software                                        ) C:\Users\Kochrian\Downloads\cardrecovery_setup_de.exe

2013-09-22 17:10 - 2012-04-06 14:27 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe

2013-09-22 17:10 - 2012-04-06 14:27 - 00003822 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater

2013-09-22 17:10 - 2011-11-23 20:45 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl

2013-09-15 07:12 - 2011-06-07 21:32 - 00002014 _____ C:\Windows\system32\AutoRunFilter.ini

2013-09-15 01:00 - 2013-09-15 01:00 - 00000000 ____D C:\ProgramData\T-Online

2013-09-15 00:59 - 2013-09-15 00:59 - 00000000 ___RD C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup

2013-09-15 00:59 - 2013-09-15 00:59 - 00000000 ___RD C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup

2013-09-15 00:59 - 2011-11-04 00:56 - 00000000 ___RD C:\Users\Kochrian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup

2013-09-15 00:58 - 2013-09-15 00:58 - 00000000 ____D C:\Program Files (x86)\DSL-Manager

2013-09-15 00:58 - 2011-01-12 17:48 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information

2013-09-15 00:57 - 2013-09-15 00:57 - 04118552 _____ (T-Online                                                    ) C:\Users\Kochrian\Downloads\DSL-Manager_6.9.exe

2013-09-13 05:32 - 2011-11-04 00:56 - 00000000 ___RD C:\Users\Kochrian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools

2013-09-13 05:30 - 2009-07-14 06:45 - 00302312 _____ C:\Windows\system32\FNTCACHE.DAT

2013-09-13 01:55 - 2013-08-15 00:44 - 00000000 ____D C:\Windows\system32\MRT

2013-09-13 01:55 - 2011-11-04 19:42 - 01558672 _____ C:\Windows\SysWOW64\PerfStringBackup.INI

2013-09-13 01:55 - 2011-11-04 19:42 - 00000000 ____D C:\Program Files (x86)\Microsoft Application Virtualization Client

2013-09-13 01:52 - 2012-08-14 05:39 - 79143768 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe

2013-09-13 01:47 - 2013-04-22 02:16 - 00040174 _____ C:\Users\Kochrian\Desktop\Siedler.xlsx

2013-09-13 01:47 - 2011-11-04 19:42 - 00000000 ____D C:\Users\Kochrian\AppData\Roaming\SoftGrid Client

2013-09-09 23:52 - 2013-08-04 15:49 - 00000000 ____D C:\Users\Kochrian\Desktop\skylander

2013-09-07 23:15 - 2012-03-27 04:51 - 00000000 ____D C:\Users\Kochrian\AppData\Local\CrashDumps
 

Some content of TEMP:

====================

C:\Users\Kochrian\AppData\Local\Temp\GdiPlus.dll

C:\Users\Kochrian\AppData\Local\Temp\IminentSetup.exe

C:\Users\Kochrian\AppData\Local\Temp\InstallerMessageBox.exe

C:\Users\Kochrian\AppData\Local\Temp\NPSInstallerProxy.exe

C:\Users\Kochrian\AppData\Local\Temp\NPSInstallerProxyMessageBoxHookDll.dll

C:\Users\Kochrian\AppData\Local\Temp\Quarantine.exe

C:\Users\Kochrian\AppData\Local\Temp\sfamcc00001.dll

C:\Users\Kochrian\AppData\Local\Temp\sfextra.dll

C:\Users\Kochrian\AppData\Local\Temp\uninst1.exe

C:\Users\Kochrian\AppData\Local\Temp\Uninstaller-1776.exe

C:\Users\Kochrian\AppData\Local\Temp\war3_Install.exe
 
 

==================== Bamital & volsnap Check =================
 

C:\Windows\System32\winlogon.exe => MD5 is legit

C:\Windows\System32\wininit.exe => MD5 is legit

C:\Windows\SysWOW64\wininit.exe => MD5 is legit

C:\Windows\explorer.exe => MD5 is legit

C:\Windows\SysWOW64\explorer.exe => MD5 is legit

C:\Windows\System32\svchost.exe => MD5 is legit

C:\Windows\SysWOW64\svchost.exe => MD5 is legit

C:\Windows\System32\services.exe => MD5 is legit

C:\Windows\System32\User32.dll => MD5 is legit

C:\Windows\SysWOW64\User32.dll => MD5 is legit

C:\Windows\System32\userinit.exe => MD5 is legit

C:\Windows\SysWOW64\userinit.exe => MD5 is legit

C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
 
 

LastRegBack: 2013-09-07 12:04
 

==================== End Of Log ============================

--- --- ---

Lasse die Kostinstenzprüfung mal durchlaufen, während ich bei der Arbeit bin, poste das Ergebnis dann mal heut Nachmittag.

Konstistenzprüfung ist endlich mal durchgelaufen. Mein Freund hat das System dann ausgeschaltet und nach der Arbeit hab ich den Rechner wieder angeschaltet, nun kommt diese Meldung nicht mehr. :singsing:

Nur wie bekomm ich Kaspersky nun wieder beruhigt?

Hier mal die Funde von Kaspersky

__________

HEUR:Trojan.Win32.Generic

Objekt:

c:\documents and settings\kochrian\appdata\local\microsoft\windows\temporary internet files\ content.ie5\1bgbpmag\pack[1].7z\\bprotect.exe

Status:

Gefunden; nicht verarbeitet
__________

HEUR:Trojan.Win32.Generic

Objekt:

c:\documents and settings\kochrian\appdata\local\microsoft\windows\temporary internet files\ content.ie5\1bgbpmag\pack[1].7z\\kerberos_bho.dll

Status:

Virenfreies Objekt in der Quarantäne
__________

HEUR:Trojan.Win32.Generic

Objekt:

c:\documents and settings\kochrian\appdata\local\microsoft\windows\temporary internet files\ content.ie5\1bgbpmag\pack[1].7z\\protector.dll

Status:

Gefunden; nicht verarbeitet
__________

HEUR:Trojan.Script.Generic

Objekt:

hxxp: // oykkk . tubemary . org : 1781 / users / servlet.php ? showcase = 11 // servlet

Status:

Inaktiv
__________

Nur Funde in den Temps.

Downloade Dir bitte TFC ( von Oldtimer ) und speichere die Datei auf dem Desktop.
Schließe nun alle offenen Programme und trenne Dich von dem Internet.
Doppelklick auf die TFC.exe und drücke auf Start.
Sollte TFC nicht alle Dateien löschen können wird es einen Neustart verlangen. Dies bitte zulassen.

Scann jetzt mal mit Kaspersky, poste auch ein frisches FRST log. Noch Probleme?