| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: TR/ATRAPS.Gen2 gefunden in Windows\installerWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
12.06.2013, 06:02
| #31 |
 |  TR/ATRAPS.Gen2 gefunden in Windows\installerCode:
ATTFilter
Farbar Recovery Scan Tool (x64) Version: 11-06-2013 03
Ran by SYSTEM at 2013-06-11 21:19:34
Running from F:\
Boot Mode: Recovery
================== Search: "services.ex*" ===================
C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6002.18005_none_d14b3973ca6acc56\services.exe
[2009-12-03 08:39] - [2009-04-10 22:27] - 0279552 ____A (Microsoft Corporation) D4E6D91C1349B7BFB3599A6ADA56851B
C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6001.18000_none_cf5fc067cd49010a\services.exe
[2008-01-20 18:50] - [2008-01-20 18:50] - 0279040 ____A (Microsoft Corporation) 2B336AB6286D6C81FA02CBAB914E3C6C
C:\Windows\winsxs\x86_microsoft-windows-s..ontroller.resources_31bf3856ad364e35_6.0.6000.16386_de-de_bed5af223a2c1128\services.exe.mui
[2009-05-19 04:35] - [2009-05-19 04:35] - 0020480 ____A (Microsoft Corporation) 30BAEB4A6F56D69427ACF9FEE7FB3599
C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6002.18005_none_2d69d4f782c83d8c\services.exe
[2009-12-03 08:39] - [2009-04-10 23:10] - 0384512 ____A (Microsoft Corporation) 934E0B7D77FF78C18D9F8891221B6DE3
C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6001.18000_none_2b7e5beb85a67240\services.exe
[2008-01-20 18:49] - [2008-01-20 18:49] - 0384512 ____A (Microsoft Corporation) DFAC660F0F139276CC9299812DE42719
C:\Windows\winsxs\amd64_microsoft-windows-s..ontroller.resources_31bf3856ad364e35_6.0.6000.16386_de-de_1af44aa5f289825e\services.exe.mui
[2009-05-19 04:35] - [2009-05-19 04:35] - 0019968 ____A (Microsoft Corporation) DBCE1B90B7075AAECF0B6C4AFB09B757
C:\Windows\SysWOW64\services.exe
[2009-12-03 08:39] - [2009-04-10 22:27] - 0279552 ____A (Microsoft Corporation) D4E6D91C1349B7BFB3599A6ADA56851B
C:\Windows\SysWOW64\de-DE\services.exe.mui
[2009-05-19 04:35] - [2009-05-19 04:35] - 0020480 ____A (Microsoft Corporation) 30BAEB4A6F56D69427ACF9FEE7FB3599
C:\Windows\System32\services.exe
[2009-12-03 08:39] - [2013-06-08 11:59] - 0380928 ____A (Microsoft Corporation) F8DCE3BED869F69C9F7C562B943BC255
C:\Windows\System32\de-DE\services.exe.mui
[2009-05-19 04:35] - [2009-05-19 04:35] - 0019968 ____A (Microsoft Corporation) DBCE1B90B7075AAECF0B6C4AFB09B757
====== End Of Search ======
|
|
12.06.2013, 06:35
| #32 |
| /// the machine /// TB-Ausbilder    | TR/ATRAPS.Gen2 gefunden in Windows\installer Drücke bitte die
__________________ + R Taste und schreibe notepad in das Ausführen Fenster.Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument Code:
ATTFilter Replace: C:\Windows\SysWOW64\services.exe C:\Windows\System32\services.exe
__________________ |
|
12.06.2013, 06:56
| #33 |
| | TR/ATRAPS.Gen2 gefunden in Windows\installer Moin! Windows startet nur noch auf einen schwarzen Bildschirm. Die passwortabfrage erscheint gar nicht. Jetzt schon über 15min. Der fix hat aber funktioniert...
__________________Neustart hat auch nichts gebracht :-( |
|
12.06.2013, 07:03
| #34 |
| /// the machine /// TB-Ausbilder | TR/ATRAPS.Gen2 gefunden in Windows\installer Mach mal en neues FRST Scanlog.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
12.06.2013, 07:13
| #35 |
| | TR/ATRAPS.Gen2 gefunden in Windows\installer Fixlog: Code:
ATTFilter Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 11-06-2013 03
Ran by SYSTEM at 2013-06-12 07:46:25 Run:2
Running from F:\
Boot Mode: Recovery
==============================================
C:\Windows\System32\services.exe => Moved successfully.
C:\Windows\SysWOW64\services.exe copied successfully to C:\Windows\System32\services.exe
==== End of Fixlog ====
|
|
12.06.2013, 07:13
| #36 |
| /// the machine /// TB-Ausbilder | TR/ATRAPS.Gen2 gefunden in Windows\installer Das ist das Fixlog, ich hätte gerne einen neuen Scan 
__________________ --> TR/ATRAPS.Gen2 gefunden in Windows\installer |
|
12.06.2013, 07:17
| #37 |
| | TR/ATRAPS.Gen2 gefunden in Windows\installer FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 11-06-2013 03
Ran by SYSTEM on 12-06-2013 08:05:52
Running from F:\
Windows Vista (TM) Home Premium Service Pack 1 (X64) OS Language: English(US)
Internet Explorer Version 9
Boot Mode: Recovery
The current controlset is ControlSet001
ATTENTION!:=====> FRST is updated to run from normal or Safe mode to produce a full FRST.txt log and an extra Addition.txt log.
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [AdobeAAMUpdater-1.0] "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [444904 2012-09-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AVMWlanClient] "C:\Program Files (x86)\avmwlanstick\wlangui.exe" [2105344 2010-10-21] (AVM Berlin)
HKLM-x32\...\Run: [EEventManager] "C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe" [979328 2010-10-12] (SEIKO EPSON CORPORATION)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [41056 2013-05-08] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [30040 2009-02-26] (Microsoft Corporation)
HKLM-x32\...\Run: [LWS] C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe -hide [204136 2012-09-12] (Logitech Inc.)
HKLM-x32\...\Run: [] [x]
HKLM-x32\...\Run: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Acrotray.exe" [3478600 2013-05-11] (Adobe Systems Inc.)
HKLM-x32\...\Run: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW [1263952 2013-02-12] ()
HKLM-x32\...\Run: [DivXMediaServer] "C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe" [450560 2013-04-15] (DivX, LLC)
HKLM-x32\...\Run: [Cisco AnyConnect Secure Mobility Agent for Windows] "C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe" -minimized [685048 2012-08-03] (Cisco Systems, Inc.)
HKU\Default\...\Run: [HPADVISOR] c:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe autorun=AUTORUN [x]
HKU\Default User\...\Run: [HPADVISOR] c:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe autorun=AUTORUN [x]
HKU\postgres\...\Run: [HPADVISOR] c:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe autorun=AUTORUN [x]
HKU\xxx\...\Run: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe [2260480 2009-03-05] (Safer-Networking Ltd.)
HKU\xxx\...\Run: [F.lux] "C:\Users\xxx\Local Settings\Apps\F.lux\flux.exe" /noshow [966656 2009-08-28] ()
HKU\xxx\...\Run: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun [18678376 2013-05-09] (Skype Technologies S.A.)
HKU\UpdatusUser\...\Run: [HPADVISOR] c:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe autorun=AUTORUN [x]
Startup: C:\Users\xxx\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\windows\system32\config\systemprofile\AppData\Roaming\Dropbox\bin\Dropbox.exe (No File)
SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\Windows\System32\webcheck.dll (Microsoft Corporation)
==================== Services (Whitelisted) =================
S2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [128752 2010-06-29] (SUPERAntiSpyware.com)
S2 ABBYY.Licensing.FineReader.Sprint.9.0; C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe [759048 2009-05-14] (ABBYY)
S2 Apple Mobile Device; C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [144672 2009-08-28] (Apple Inc.)
S2 ASGT; C:\Windows\SysWOW64\ASGT.exe [55296 2012-01-17] ()
S2 AVM WLAN Connection Service; C:\Program Files (x86)\avmwlanstick\WlanNetService.exe [376832 2010-10-21] (AVM Berlin)
S2 HauppaugeTVServer; C:\PROGRA~2\WinTV\TVServer\HAUPPA~1.EXE [602624 2010-03-29] (Hauppauge Computer Works)
S2 matlabserver; C:\Program Files (x86)\MATLAB71\webserver\bin\win32\matlabserver.exe [536576 2005-07-27] ()
S2 SBSDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [1153368 2009-01-26] (Safer Networking Ltd.)
S2 ezSharedSvc; C:\Windows\System32\ezsvc7.dll [x]
S2 Norton Internet Security; "C:\Program Files (x86)\Norton Internet Security\Engine\16.0.0.125\ccSvcHst.exe" /s "Norton Internet Security" /m "C:\Program Files (x86)\Norton Internet Security\Engine\16.0.0.125\diMaster.dll" /prefetch:1 [x]
S2 postgresql-8.4; C:/Program Files (x86)/PostgreSQL/8.4/bin/pg_ctl.exe runservice -N "postgresql-8.4" -D "C:/Program Files (x86)/PostgreSQL/8.4/data" -w [x]
==================== Drivers (Whitelisted) ====================
S3 acsint; C:\Windows\System32\DRIVERS\acsint64.sys [45480 2012-08-03] (Cisco Systems, Inc.)
S3 acsmux; C:\Windows\System32\DRIVERS\acsmux64.sys [69544 2012-08-03] (Cisco Systems, Inc.)
S3 avmeject; C:\Windows\System32\drivers\avmeject.sys [14120 2010-10-21] (AVM Berlin)
S3 fwlanusbn; C:\Windows\System32\DRIVERS\fwlanusbn.sys [714368 2010-10-21] (AVM GmbH)
S3 hcw95bda; C:\Windows\System32\Drivers\hcw95bda.sys [658944 2011-04-04] (Hauppauge Computer Works, Inc.)
S3 hcw95rc; C:\Windows\System32\DRIVERS\hcw95rc.sys [19840 2011-04-04] (Hauppauge Computer Works, Inc.)
S1 LUMDriver; C:\Windows\system32\drivers\LUMDriver.sys [24848 2008-01-02] (IBM)
S1 LUMDriver; C:\Windows\system32\drivers\LUMDriver.sys [24848 2008-01-02] (IBM)
S3 NVFLASH; C:\Windows\system32\drivers\nvflash.sys [15168 2012-03-10] ()
S3 NVFLASH; C:\Windows\system32\drivers\nvflash.sys [15168 2012-03-10] ()
S1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14920 2010-02-17] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
S1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14920 2010-02-17] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
S1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12360 2010-02-17] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
S1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12360 2010-02-17] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
S1 Beep; No ImagePath
S3 catchme; \??\C:\ComboFix\catchme.sys [x]
S0 ildid; system32\drivers\icbpzwk.sys [x]
S3 IpInIp; system32\DRIVERS\ipinip.sys [x]
S3 lvpepf64; system32\DRIVERS\lv302a64.sys [x]
S3 LVPr2M64; system32\DRIVERS\LVPr2M64.sys [x]
S3 LVUSBS64; system32\drivers\LVUSBS64.sys [x]
S3 NAVENG; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20081126.003\ENG64.SYS [x]
S3 NAVEX15; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20081126.003\EX64.SYS [x]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [x]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [x]
S3 PID_PEPI; system32\DRIVERS\LV302V64.SYS [x]
S0 sboliv; system32\drivers\giecpry.sys [x]
S1 SRTSP; \??\C:\Windows\system32\drivers\NISx64\1000000.07D\SRTSP64.SYS [x]
S1 SRTSPX; \??\C:\Windows\system32\drivers\NISx64\1000000.07D\SRTSPX64.SYS [x]
S0 yyca; system32\drivers\txgtym.sys [x]
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2013-06-11 21:43 - 2013-06-11 21:43 - 00000074 ____A C:\Users\\Desktop\Fixlist.txt
2013-06-11 10:46 - 2013-06-11 10:52 - 00002360 ____A C:\Users\\Desktop\Search.txt
2013-06-10 12:53 - 2013-06-10 12:58 - 00020507 ____A C:\ComboFix.txt
2013-06-10 10:40 - 2013-06-10 10:41 - 05078680 ____R (Swearware) C:\Users\\Desktop\NoMBR.exe
2013-06-10 09:03 - 2013-06-10 10:44 - 00000000 ____D C:\32788R22FWJFW
2013-06-09 22:06 - 2013-05-05 13:36 - 17818624 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2013-06-09 22:06 - 2013-05-05 13:16 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2013-06-09 22:06 - 2013-05-05 11:25 - 12324864 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-06-09 22:06 - 2013-05-05 11:12 - 02382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-06-09 09:58 - 2013-06-09 09:58 - 00000000 ____D C:\FRST
2013-06-09 09:56 - 2013-06-11 10:45 - 01920158 ____A (Farbar) C:\Users\\Desktop\FRST64.exe
2013-06-09 02:57 - 2011-06-25 22:45 - 00256000 ____A C:\Windows\PEV.exe
2013-06-09 02:57 - 2010-11-07 09:20 - 00208896 ____A C:\Windows\MBR.exe
2013-06-09 02:57 - 2009-04-19 20:56 - 00060416 ____A (NirSoft) C:\Windows\NIRCMD.exe
2013-06-09 02:57 - 2000-08-30 16:00 - 00518144 ____A (SteelWerX) C:\Windows\SWREG.exe
2013-06-09 02:57 - 2000-08-30 16:00 - 00406528 ____A (SteelWerX) C:\Windows\SWSC.exe
2013-06-09 02:57 - 2000-08-30 16:00 - 00098816 ____A C:\Windows\sed.exe
2013-06-09 02:57 - 2000-08-30 16:00 - 00080412 ____A C:\Windows\grep.exe
2013-06-09 02:57 - 2000-08-30 16:00 - 00068096 ____A C:\Windows\zip.exe
2013-06-09 02:53 - 2013-06-10 12:53 - 00000000 ____D C:\Qoobox
2013-06-09 02:53 - 2013-06-10 12:47 - 00000000 ____D C:\Windows\erdnt
2013-06-08 13:59 - 2013-06-08 13:59 - 00000134 ____A C:\Users\\Desktop\Internet Explorer-Problembehebung.url
2013-06-08 12:57 - 2013-06-08 12:57 - 10926080 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2013-06-08 12:57 - 2013-06-08 12:57 - 09738752 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-06-08 12:57 - 2013-06-08 12:57 - 03695416 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dat
2013-06-08 12:57 - 2013-06-08 12:57 - 03695416 ____A (Microsoft Corporation) C:\Windows\System32\ieapfltr.dat
2013-06-08 12:57 - 2013-06-08 12:57 - 02312704 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2013-06-08 12:57 - 2013-06-08 12:57 - 02147840 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2013-06-08 12:57 - 2013-06-08 12:57 - 01800704 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-06-08 12:57 - 2013-06-08 12:57 - 01796096 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-06-08 12:57 - 2013-06-08 12:57 - 01494528 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2013-06-08 12:57 - 2013-06-08 12:57 - 01427968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2013-06-08 12:57 - 2013-06-08 12:57 - 01392128 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2013-06-08 12:57 - 2013-06-08 12:57 - 01346560 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2013-06-08 12:57 - 2013-06-08 12:57 - 01129472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-06-08 12:57 - 2013-06-08 12:57 - 01104384 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-06-08 12:57 - 2013-06-08 12:57 - 00816640 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2013-06-08 12:57 - 2013-06-08 12:57 - 00729088 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2013-06-08 12:57 - 2013-06-08 12:57 - 00717824 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-06-08 12:57 - 2013-06-08 12:57 - 00607744 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-06-08 12:57 - 2013-06-08 12:57 - 00599040 ____A (Microsoft Corporation) C:\Windows\System32\vbscript.dll
2013-06-08 12:57 - 2013-06-08 12:57 - 00534528 ____A (Microsoft Corporation) C:\Windows\System32\ieapfltr.dll
2013-06-08 12:57 - 2013-06-08 12:57 - 00452608 ____A (Microsoft Corporation) C:\Windows\System32\dxtmsft.dll
2013-06-08 12:57 - 2013-06-08 12:57 - 00448512 ____A (Microsoft Corporation) C:\Windows\System32\html.iec
2013-06-08 12:57 - 2013-06-08 12:57 - 00434176 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2013-06-08 12:57 - 2013-06-08 12:57 - 00420864 ____A (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2013-06-08 12:57 - 2013-06-08 12:57 - 00403248 ____A (Microsoft Corporation) C:\Windows\System32\iedkcs32.dll
2013-06-08 12:57 - 2013-06-08 12:57 - 00367104 ____A (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2013-06-08 12:57 - 2013-06-08 12:57 - 00353792 ____A (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2013-06-08 12:57 - 2013-06-08 12:57 - 00353584 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2013-06-08 12:57 - 2013-06-08 12:57 - 00282112 ____A (Microsoft Corporation) C:\Windows\System32\dxtrans.dll
2013-06-08 12:57 - 2013-06-08 12:57 - 00267776 ____A (Microsoft Corporation) C:\Windows\System32\ieaksie.dll
2013-06-08 12:57 - 2013-06-08 12:57 - 00249344 ____A (Microsoft Corporation) C:\Windows\System32\webcheck.dll
2013-06-08 12:57 - 2013-06-08 12:57 - 00248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2013-06-08 12:57 - 2013-06-08 12:57 - 00237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2013-06-08 12:57 - 2013-06-08 12:57 - 00231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2013-06-08 12:57 - 2013-06-08 12:57 - 00227840 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieaksie.dll
2013-06-08 12:57 - 2013-06-08 12:57 - 00223232 ____A (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2013-06-08 12:57 - 2013-06-08 12:57 - 00222208 ____A (Microsoft Corporation) C:\Windows\System32\msls31.dll
2013-06-08 12:57 - 2013-06-08 12:57 - 00203776 ____A (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2013-06-08 12:57 - 2013-06-08 12:57 - 00197120 ____A (Microsoft Corporation) C:\Windows\System32\msrating.dll
2013-06-08 12:57 - 2013-06-08 12:57 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-06-08 12:57 - 2013-06-08 12:57 - 00173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2013-06-08 12:57 - 2013-06-08 12:57 - 00165888 ____A (Microsoft Corporation) C:\Windows\System32\iexpress.exe
2013-06-08 12:57 - 2013-06-08 12:57 - 00163840 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieakui.dll
2013-06-08 12:57 - 2013-06-08 12:57 - 00163840 ____A (Microsoft Corporation) C:\Windows\System32\ieakui.dll
2013-06-08 12:57 - 2013-06-08 12:57 - 00162304 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2013-06-08 12:57 - 2013-06-08 12:57 - 00161792 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msls31.dll
2013-06-08 12:57 - 2013-06-08 12:57 - 00160256 ____A (Microsoft Corporation) C:\Windows\System32\wextract.exe
2013-06-08 12:57 - 2013-06-08 12:57 - 00160256 ____A (Microsoft Corporation) C:\Windows\System32\ieakeng.dll
2013-06-08 12:57 - 2013-06-08 12:57 - 00152064 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wextract.exe
2013-06-08 12:57 - 2013-06-08 12:57 - 00150528 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iexpress.exe
2013-06-08 12:57 - 2013-06-08 12:57 - 00149504 ____A (Microsoft Corporation) C:\Windows\System32\occache.dll
2013-06-08 12:57 - 2013-06-08 12:57 - 00145920 ____A (Microsoft Corporation) C:\Windows\System32\iepeers.dll
2013-06-08 12:57 - 2013-06-08 12:57 - 00142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2013-06-08 12:57 - 2013-06-08 12:57 - 00136192 ____A (Microsoft Corporation) C:\Windows\System32\advpack.dll
2013-06-08 12:57 - 2013-06-08 12:57 - 00135168 ____A (Microsoft Corporation) C:\Windows\System32\IEAdvpack.dll
2013-06-08 12:57 - 2013-06-08 12:57 - 00130560 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieakeng.dll
2013-06-08 12:57 - 2013-06-08 12:57 - 00123392 ____A (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2013-06-08 12:57 - 2013-06-08 12:57 - 00118784 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
2013-06-08 12:57 - 2013-06-08 12:57 - 00114176 ____A (Microsoft Corporation) C:\Windows\SysWOW64\advpack.dll
2013-06-08 12:57 - 2013-06-08 12:57 - 00114176 ____A (Microsoft Corporation) C:\Windows\System32\admparse.dll
2013-06-08 12:57 - 2013-06-08 12:57 - 00111616 ____A (Microsoft Corporation) C:\Windows\System32\iesysprep.dll
2013-06-08 12:57 - 2013-06-08 12:57 - 00110592 ____A (Microsoft Corporation) C:\Windows\SysWOW64\IEAdvpack.dll
2013-06-08 12:57 - 2013-06-08 12:57 - 00103936 ____A (Microsoft Corporation) C:\Windows\System32\inseng.dll
2013-06-08 12:57 - 2013-06-08 12:57 - 00101888 ____A (Microsoft Corporation) C:\Windows\SysWOW64\admparse.dll
2013-06-08 12:57 - 2013-06-08 12:57 - 00096768 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2013-06-08 12:57 - 2013-06-08 12:57 - 00091648 ____A (Microsoft Corporation) C:\Windows\System32\SetIEInstalledDate.exe
2013-06-08 12:57 - 2013-06-08 12:57 - 00089088 ____A (Microsoft Corporation) C:\Windows\System32\RegisterIEPKEYs.exe
2013-06-08 12:57 - 2013-06-08 12:57 - 00089088 ____A (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe
2013-06-08 12:57 - 2013-06-08 12:57 - 00086528 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-06-08 12:57 - 2013-06-08 12:57 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2013-06-08 12:57 - 2013-06-08 12:57 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\iesetup.dll
2013-06-08 12:57 - 2013-06-08 12:57 - 00082432 ____A (Microsoft Corporation) C:\Windows\System32\icardie.dll
2013-06-08 12:57 - 2013-06-08 12:57 - 00078848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2013-06-08 12:57 - 2013-06-08 12:57 - 00076800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\SetIEInstalledDate.exe
2013-06-08 12:57 - 2013-06-08 12:57 - 00076800 ____A (Microsoft Corporation) C:\Windows\System32\tdc.ocx
2013-06-08 12:57 - 2013-06-08 12:57 - 00074752 ____A (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-06-08 12:57 - 2013-06-08 12:57 - 00074752 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-06-08 12:57 - 2013-06-08 12:57 - 00074240 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ie4uinit.exe
2013-06-08 12:57 - 2013-06-08 12:57 - 00073216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2013-06-08 12:57 - 2013-06-08 12:57 - 00066048 ____A (Microsoft Corporation) C:\Windows\SysWOW64\icardie.dll
2013-06-08 12:57 - 2013-06-08 12:57 - 00065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-06-08 12:57 - 2013-06-08 12:57 - 00065024 ____A (Microsoft Corporation) C:\Windows\System32\pngfilt.dll
2013-06-08 12:57 - 2013-06-08 12:57 - 00063488 ____A (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx
2013-06-08 12:57 - 2013-06-08 12:57 - 00055296 ____A (Microsoft Corporation) C:\Windows\System32\msfeedsbs.dll
2013-06-08 12:57 - 2013-06-08 12:57 - 00054272 ____A (Microsoft Corporation) C:\Windows\SysWOW64\pngfilt.dll
2013-06-08 12:57 - 2013-06-08 12:57 - 00049664 ____A (Microsoft Corporation) C:\Windows\System32\imgutil.dll
2013-06-08 12:57 - 2013-06-08 12:57 - 00048640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmler.dll
2013-06-08 12:57 - 2013-06-08 12:57 - 00048640 ____A (Microsoft Corporation) C:\Windows\System32\mshtmler.dll
2013-06-08 12:57 - 2013-06-08 12:57 - 00041472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll
2013-06-08 12:57 - 2013-06-08 12:57 - 00039936 ____A (Microsoft Corporation) C:\Windows\System32\iernonce.dll
2013-06-08 12:57 - 2013-06-08 12:57 - 00035840 ____A (Microsoft Corporation) C:\Windows\SysWOW64\imgutil.dll
2013-06-08 12:57 - 2013-06-08 12:57 - 00031744 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-06-08 12:57 - 2013-06-08 12:57 - 00030720 ____A (Microsoft Corporation) C:\Windows\System32\licmgr10.dll
2013-06-08 12:57 - 2013-06-08 12:57 - 00023552 ____A (Microsoft Corporation) C:\Windows\SysWOW64\licmgr10.dll
2013-06-08 12:57 - 2013-06-08 12:57 - 00012288 ____A (Microsoft Corporation) C:\Windows\System32\mshta.exe
2013-06-08 12:57 - 2013-06-08 12:57 - 00011776 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe
2013-06-08 12:57 - 2013-06-08 12:57 - 00010752 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe
2013-06-08 12:57 - 2013-06-08 12:57 - 00010752 ____A (Microsoft Corporation) C:\Windows\System32\msfeedssync.exe
2013-06-08 12:51 - 2013-06-08 14:00 - 00010750 ____A C:\Windows\IE9_main.log
2013-06-08 11:56 - 2013-06-08 11:56 - 00000000 ____D C:\TDSSKiller_Quarantine
2013-06-08 08:55 - 2013-04-11 00:19 - 02237968 ____A (Kaspersky Lab ZAO) C:\Users\\Desktop\001.exe
2013-06-03 10:03 - 2013-06-03 10:03 - 00000845 ____A C:\Users\UpdatusUser\Desktop\PDF Password Remover v3.1.lnk
2013-06-03 10:03 - 2013-06-03 10:03 - 00000845 ____A C:\Users\postgres\Desktop\PDF Password Remover v3.1.lnk
2013-06-03 10:03 - 2013-06-03 10:03 - 00000845 ____A C:\Users\elephant\Desktop\PDF Password Remover v3.1.lnk
2013-06-03 09:47 - 2013-06-03 10:01 - 00000000 ____D C:\Program Files (x86)\BeCyPDFMetaEdit
2013-05-22 12:55 - 2013-05-22 13:19 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-05-20 23:01 - 2013-04-25 04:17 - 00025363 ____A C:\Users\\Desktop\Auswertung .xlsx
2013-05-19 08:54 - 2013-05-19 08:54 - 00000154 ____A C:\Users\\.appletviewer
2013-05-19 03:22 - 2013-05-19 03:22 - 00000000 ____D C:\Users\\AppData\Local\Cisco
2013-05-19 03:22 - 2013-05-19 03:22 - 00000000 ____D C:\ProgramData\Cisco
2013-05-19 03:22 - 2013-05-19 03:22 - 00000000 ____D C:\ProgramData\Application Data\Cisco
2013-05-19 03:22 - 2013-05-19 03:22 - 00000000 ____D C:\Program Files (x86)\Cisco
2013-05-15 13:55 - 2013-05-15 13:55 - 00000000 ____A C:\END
2013-05-15 13:02 - 2013-04-15 06:17 - 00901496 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\dxgkrnl.sys
2013-05-15 13:02 - 2013-04-12 19:34 - 00047104 ____A (Microsoft Corporation) C:\Windows\System32\cdd.dll
2013-05-15 13:02 - 2013-04-08 17:55 - 02774016 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
==================== One Month Modified Files and Folders =======
2013-06-11 21:59 - 2009-05-18 20:30 - 00000000 ____D C:\ProgramData\NVIDIA
2013-06-11 21:59 - 2009-05-18 20:30 - 00000000 ____D C:\ProgramData\Application Data\NVIDIA
2013-06-11 21:44 - 2009-07-22 00:36 - 01700272 ____A C:\Windows\WindowsUpdate.log
2013-06-11 21:44 - 2006-11-02 07:42 - 00032632 ____A C:\Windows\Tasks\SCHEDLGU.TXT
2013-06-11 21:44 - 2006-11-02 07:42 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2013-06-11 21:44 - 2006-11-02 07:22 - 00003616 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2013-06-11 21:44 - 2006-11-02 07:22 - 00003616 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2013-06-11 21:43 - 2013-06-11 21:43 - 00000074 ____A C:\Users\\Desktop\Fixlist.txt
2013-06-11 21:02 - 2011-04-25 09:40 - 00000000 ____D C:\Users\\AppData\Roaming\Skype
2013-06-11 20:54 - 2011-12-11 17:10 - 00000000 ____D C:\Users\\AppData\Roaming\Dropbox
2013-06-11 20:53 - 2011-12-11 17:13 - 00000000 ___RD C:\Users\\Dropbox
2013-06-11 10:52 - 2013-06-11 10:46 - 00002360 ____A C:\Users\\Desktop\Search.txt
2013-06-11 10:45 - 2013-06-09 09:56 - 01920158 ____A (Farbar) C:\Users\\Desktop\FRST64.exe
2013-06-11 10:45 - 2012-04-26 04:59 - 00000884 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-06-10 22:04 - 2009-05-19 04:37 - 00674972 ____A C:\Windows\System32\perfh007.dat
2013-06-10 22:04 - 2009-05-19 04:37 - 00145640 ____A C:\Windows\System32\perfc007.dat
2013-06-10 22:04 - 2006-11-02 04:46 - 01568730 ____A C:\Windows\System32\PerfStringBackup.INI
2013-06-10 21:53 - 2012-02-11 03:15 - 00120544 ____A C:\Windows\PFRO.log
2013-06-10 12:58 - 2013-06-10 12:53 - 00020507 ____A C:\ComboFix.txt
2013-06-10 12:53 - 2013-06-09 02:53 - 00000000 ____D C:\Qoobox
2013-06-10 12:47 - 2013-06-09 02:53 - 00000000 ____D C:\Windows\erdnt
2013-06-10 12:47 - 2006-11-02 04:34 - 00000215 ____A C:\Windows\system.ini
2013-06-10 10:44 - 2013-06-10 09:03 - 00000000 ____D C:\32788R22FWJFW
2013-06-10 10:41 - 2013-06-10 10:40 - 05078680 ____R (Swearware) C:\Users\\Desktop\NoMBR.exe
2013-06-09 09:58 - 2013-06-09 09:58 - 00000000 ____D C:\FRST
2013-06-09 09:01 - 2006-11-02 05:33 - 00000000 __RHD C:\users\Default
2013-06-09 03:03 - 2006-11-02 05:33 - 00000000 ____D C:\Windows\rescache
2013-06-09 02:38 - 2012-05-08 08:07 - 00000000 ____D C:\Program Files (x86)\2012MalwarebytesAnti-Malware
2013-06-08 14:59 - 2006-11-02 05:33 - 00000000 ___RD C:\Windows\Offline Web Pages
2013-06-08 14:59 - 2006-11-02 05:33 - 00000000 ____D C:\Windows\PolicyDefinitions
2013-06-08 14:00 - 2013-06-08 12:51 - 00010750 ____A C:\Windows\IE9_main.log
2013-06-08 13:59 - 2013-06-08 13:59 - 00000134 ____A C:\Users\\Desktop\Internet Explorer-Problembehebung.url
2013-06-08 13:59 - 2012-05-08 08:07 - 00000928 ____A C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2013-06-08 13:59 - 2012-05-08 08:07 - 00000928 ____A C:\ProgramData\Desktop\ Malwarebytes Anti-Malware .lnk
2013-06-08 12:57 - 2013-06-08 12:57 - 10926080 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2013-06-08 12:57 - 2013-06-08 12:57 - 09738752 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-06-08 12:57 - 2013-06-08 12:57 - 03695416 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dat
2013-06-08 12:57 - 2013-06-08 12:57 - 03695416 ____A (Microsoft Corporation) C:\Windows\System32\ieapfltr.dat
2013-06-08 12:57 - 2013-06-08 12:57 - 02312704 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2013-06-08 12:57 - 2013-06-08 12:57 - 02147840 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2013-06-08 12:57 - 2013-06-08 12:57 - 01800704 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-06-08 12:57 - 2013-06-08 12:57 - 01796096 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-06-08 12:57 - 2013-06-08 12:57 - 01494528 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2013-06-08 12:57 - 2013-06-08 12:57 - 01427968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2013-06-08 12:57 - 2013-06-08 12:57 - 01392128 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2013-06-08 12:57 - 2013-06-08 12:57 - 01346560 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2013-06-08 12:57 - 2013-06-08 12:57 - 01129472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-06-08 12:57 - 2013-06-08 12:57 - 01104384 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-06-08 12:57 - 2013-06-08 12:57 - 00816640 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2013-06-08 12:57 - 2013-06-08 12:57 - 00729088 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2013-06-08 12:57 - 2013-06-08 12:57 - 00717824 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-06-08 12:57 - 2013-06-08 12:57 - 00607744 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-06-08 12:57 - 2013-06-08 12:57 - 00599040 ____A (Microsoft Corporation) C:\Windows\System32\vbscript.dll
2013-06-08 12:57 - 2013-06-08 12:57 - 00534528 ____A (Microsoft Corporation) C:\Windows\System32\ieapfltr.dll
2013-06-08 12:57 - 2013-06-08 12:57 - 00452608 ____A (Microsoft Corporation) C:\Windows\System32\dxtmsft.dll
2013-06-08 12:57 - 2013-06-08 12:57 - 00448512 ____A (Microsoft Corporation) C:\Windows\System32\html.iec
2013-06-08 12:57 - 2013-06-08 12:57 - 00434176 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2013-06-08 12:57 - 2013-06-08 12:57 - 00420864 ____A (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2013-06-08 12:57 - 2013-06-08 12:57 - 00403248 ____A (Microsoft Corporation) C:\Windows\System32\iedkcs32.dll
2013-06-08 12:57 - 2013-06-08 12:57 - 00367104 ____A (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2013-06-08 12:57 - 2013-06-08 12:57 - 00353792 ____A (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2013-06-08 12:57 - 2013-06-08 12:57 - 00353584 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2013-06-08 12:57 - 2013-06-08 12:57 - 00282112 ____A (Microsoft Corporation) C:\Windows\System32\dxtrans.dll
2013-06-08 12:57 - 2013-06-08 12:57 - 00267776 ____A (Microsoft Corporation) C:\Windows\System32\ieaksie.dll
2013-06-08 12:57 - 2013-06-08 12:57 - 00249344 ____A (Microsoft Corporation) C:\Windows\System32\webcheck.dll
2013-06-08 12:57 - 2013-06-08 12:57 - 00248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2013-06-08 12:57 - 2013-06-08 12:57 - 00237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2013-06-08 12:57 - 2013-06-08 12:57 - 00231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2013-06-08 12:57 - 2013-06-08 12:57 - 00227840 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieaksie.dll
2013-06-08 12:57 - 2013-06-08 12:57 - 00223232 ____A (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2013-06-08 12:57 - 2013-06-08 12:57 - 00222208 ____A (Microsoft Corporation) C:\Windows\System32\msls31.dll
2013-06-08 12:57 - 2013-06-08 12:57 - 00203776 ____A (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2013-06-08 12:57 - 2013-06-08 12:57 - 00197120 ____A (Microsoft Corporation) C:\Windows\System32\msrating.dll
2013-06-08 12:57 - 2013-06-08 12:57 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-06-08 12:57 - 2013-06-08 12:57 - 00173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2013-06-08 12:57 - 2013-06-08 12:57 - 00165888 ____A (Microsoft Corporation) C:\Windows\System32\iexpress.exe
2013-06-08 12:57 - 2013-06-08 12:57 - 00163840 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieakui.dll
2013-06-08 12:57 - 2013-06-08 12:57 - 00163840 ____A (Microsoft Corporation) C:\Windows\System32\ieakui.dll
2013-06-08 12:57 - 2013-06-08 12:57 - 00162304 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2013-06-08 12:57 - 2013-06-08 12:57 - 00161792 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msls31.dll
2013-06-08 12:57 - 2013-06-08 12:57 - 00160256 ____A (Microsoft Corporation) C:\Windows\System32\wextract.exe
2013-06-08 12:57 - 2013-06-08 12:57 - 00160256 ____A (Microsoft Corporation) C:\Windows\System32\ieakeng.dll
2013-06-08 12:57 - 2013-06-08 12:57 - 00152064 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wextract.exe
2013-06-08 12:57 - 2013-06-08 12:57 - 00150528 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iexpress.exe
2013-06-08 12:57 - 2013-06-08 12:57 - 00149504 ____A (Microsoft Corporation) C:\Windows\System32\occache.dll
2013-06-08 12:57 - 2013-06-08 12:57 - 00145920 ____A (Microsoft Corporation) C:\Windows\System32\iepeers.dll
2013-06-08 12:57 - 2013-06-08 12:57 - 00142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2013-06-08 12:57 - 2013-06-08 12:57 - 00136192 ____A (Microsoft Corporation) C:\Windows\System32\advpack.dll
2013-06-08 12:57 - 2013-06-08 12:57 - 00135168 ____A (Microsoft Corporation) C:\Windows\System32\IEAdvpack.dll
2013-06-08 12:57 - 2013-06-08 12:57 - 00130560 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieakeng.dll
2013-06-08 12:57 - 2013-06-08 12:57 - 00123392 ____A (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2013-06-08 12:57 - 2013-06-08 12:57 - 00118784 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
2013-06-08 12:57 - 2013-06-08 12:57 - 00114176 ____A (Microsoft Corporation) C:\Windows\SysWOW64\advpack.dll
2013-06-08 12:57 - 2013-06-08 12:57 - 00114176 ____A (Microsoft Corporation) C:\Windows\System32\admparse.dll
2013-06-08 12:57 - 2013-06-08 12:57 - 00111616 ____A (Microsoft Corporation) C:\Windows\System32\iesysprep.dll
2013-06-08 12:57 - 2013-06-08 12:57 - 00110592 ____A (Microsoft Corporation) C:\Windows\SysWOW64\IEAdvpack.dll
2013-06-08 12:57 - 2013-06-08 12:57 - 00103936 ____A (Microsoft Corporation) C:\Windows\System32\inseng.dll
2013-06-08 12:57 - 2013-06-08 12:57 - 00101888 ____A (Microsoft Corporation) C:\Windows\SysWOW64\admparse.dll
2013-06-08 12:57 - 2013-06-08 12:57 - 00096768 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2013-06-08 12:57 - 2013-06-08 12:57 - 00091648 ____A (Microsoft Corporation) C:\Windows\System32\SetIEInstalledDate.exe
2013-06-08 12:57 - 2013-06-08 12:57 - 00089088 ____A (Microsoft Corporation) C:\Windows\System32\RegisterIEPKEYs.exe
2013-06-08 12:57 - 2013-06-08 12:57 - 00089088 ____A (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe
2013-06-08 12:57 - 2013-06-08 12:57 - 00086528 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-06-08 12:57 - 2013-06-08 12:57 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2013-06-08 12:57 - 2013-06-08 12:57 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\iesetup.dll
2013-06-08 12:57 - 2013-06-08 12:57 - 00082432 ____A (Microsoft Corporation) C:\Windows\System32\icardie.dll
2013-06-08 12:57 - 2013-06-08 12:57 - 00078848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2013-06-08 12:57 - 2013-06-08 12:57 - 00076800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\SetIEInstalledDate.exe
2013-06-08 12:57 - 2013-06-08 12:57 - 00076800 ____A (Microsoft Corporation) C:\Windows\System32\tdc.ocx
2013-06-08 12:57 - 2013-06-08 12:57 - 00074752 ____A (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-06-08 12:57 - 2013-06-08 12:57 - 00074752 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-06-08 12:57 - 2013-06-08 12:57 - 00074240 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ie4uinit.exe
2013-06-08 12:57 - 2013-06-08 12:57 - 00073216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2013-06-08 12:57 - 2013-06-08 12:57 - 00066048 ____A (Microsoft Corporation) C:\Windows\SysWOW64\icardie.dll
2013-06-08 12:57 - 2013-06-08 12:57 - 00065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-06-08 12:57 - 2013-06-08 12:57 - 00065024 ____A (Microsoft Corporation) C:\Windows\System32\pngfilt.dll
2013-06-08 12:57 - 2013-06-08 12:57 - 00063488 ____A (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx
2013-06-08 12:57 - 2013-06-08 12:57 - 00055296 ____A (Microsoft Corporation) C:\Windows\System32\msfeedsbs.dll
2013-06-08 12:57 - 2013-06-08 12:57 - 00054272 ____A (Microsoft Corporation) C:\Windows\SysWOW64\pngfilt.dll
2013-06-08 12:57 - 2013-06-08 12:57 - 00049664 ____A (Microsoft Corporation) C:\Windows\System32\imgutil.dll
2013-06-08 12:57 - 2013-06-08 12:57 - 00048640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmler.dll
2013-06-08 12:57 - 2013-06-08 12:57 - 00048640 ____A (Microsoft Corporation) C:\Windows\System32\mshtmler.dll
2013-06-08 12:57 - 2013-06-08 12:57 - 00041472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll
2013-06-08 12:57 - 2013-06-08 12:57 - 00039936 ____A (Microsoft Corporation) C:\Windows\System32\iernonce.dll
2013-06-08 12:57 - 2013-06-08 12:57 - 00035840 ____A (Microsoft Corporation) C:\Windows\SysWOW64\imgutil.dll
2013-06-08 12:57 - 2013-06-08 12:57 - 00031744 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-06-08 12:57 - 2013-06-08 12:57 - 00030720 ____A (Microsoft Corporation) C:\Windows\System32\licmgr10.dll
2013-06-08 12:57 - 2013-06-08 12:57 - 00023552 ____A (Microsoft Corporation) C:\Windows\SysWOW64\licmgr10.dll
2013-06-08 12:57 - 2013-06-08 12:57 - 00012288 ____A (Microsoft Corporation) C:\Windows\System32\mshta.exe
2013-06-08 12:57 - 2013-06-08 12:57 - 00011776 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe
2013-06-08 12:57 - 2013-06-08 12:57 - 00010752 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe
2013-06-08 12:57 - 2013-06-08 12:57 - 00010752 ____A (Microsoft Corporation) C:\Windows\System32\msfeedssync.exe
2013-06-08 12:57 - 2006-11-02 04:16 - 00008798 ____A C:\Windows\SysWOW64\icrav03.rat
2013-06-08 12:57 - 2006-11-02 04:16 - 00001988 ____A C:\Windows\SysWOW64\ticrf.rat
2013-06-08 12:57 - 2006-11-01 22:36 - 00008798 ____A C:\Windows\System32\icrav03.rat
2013-06-08 12:57 - 2006-11-01 22:36 - 00001988 ____A C:\Windows\System32\ticrf.rat
2013-06-08 11:56 - 2013-06-08 11:56 - 00000000 ____D C:\TDSSKiller_Quarantine
2013-06-03 10:03 - 2013-06-03 10:03 - 00000845 ____A C:\Users\UpdatusUser\Desktop\PDF Password Remover v3.1.lnk
2013-06-03 10:03 - 2013-06-03 10:03 - 00000845 ____A C:\Users\postgres\Desktop\PDF Password Remover v3.1.lnk
2013-06-03 10:03 - 2013-06-03 10:03 - 00000845 ____A C:\Users\elephant\Desktop\PDF Password Remover v3.1.lnk
2013-06-03 10:01 - 2013-06-03 09:47 - 00000000 ____D C:\Program Files (x86)\BeCyPDFMetaEdit
2013-06-02 07:44 - 2012-07-19 10:28 - 00000000 ____D C:\Users\\Desktop\Projekt
2013-06-02 06:57 - 2010-10-13 05:54 - 00000000 ____D C:\Users\\Desktop\Stuff
2013-05-23 11:03 - 2011-04-25 09:36 - 00000000 ___RD C:\Program Files (x86)\Skype
2013-05-23 11:03 - 2011-04-25 09:36 - 00000000 ____D C:\ProgramData\Skype
2013-05-23 11:03 - 2011-04-25 09:36 - 00000000 ____D C:\ProgramData\Application Data\Skype
2013-05-23 10:58 - 2012-04-25 05:55 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2013-05-22 13:19 - 2013-05-22 12:55 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-05-20 12:12 - 2010-04-09 13:30 - 00000000 ____D C:\users\postgres
2013-05-19 08:54 - 2013-05-19 08:54 - 00000154 ____A C:\Users\\.appletviewer
2013-05-19 08:54 - 2009-09-14 03:56 - 00000000 ____D C:\users\
2013-05-19 03:50 - 2011-06-06 08:38 - 00000000 ____D C:\Users\\Desktop\Bücher Ma
2013-05-19 03:48 - 2012-11-01 10:52 - 00000000 ____D C:\Users\\Desktop\Mast
2013-05-19 03:22 - 2013-05-19 03:22 - 00000000 ____D C:\Users\\AppData\Local\Cisco
2013-05-19 03:22 - 2013-05-19 03:22 - 00000000 ____D C:\ProgramData\Cisco
2013-05-19 03:22 - 2013-05-19 03:22 - 00000000 ____D C:\ProgramData\Application Data\Cisco
2013-05-19 03:22 - 2013-05-19 03:22 - 00000000 ____D C:\Program Files (x86)\Cisco
2013-05-18 02:26 - 2012-06-10 01:41 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-05-18 02:26 - 2012-06-10 01:41 - 00000000 ____D C:\ProgramData\Application Data\Microsoft Help
2013-05-16 13:24 - 2010-04-11 04:44 - 00125808 ____A C:\Windows\SysWOW64\GDIPFONTCACHEV1.DAT
2013-05-16 10:48 - 2006-11-02 07:21 - 00460928 ____A C:\Windows\System32\FNTCACHE.DAT
2013-05-16 01:05 - 2013-01-06 18:24 - 00000039 ____A C:\Windows\vbaddin.ini
2013-05-16 01:01 - 2006-11-02 04:35 - 75016696 ____A (Microsoft Corporation) C:\Windows\System32\mrt.exe
2013-05-16 00:56 - 2012-01-10 13:36 - 00001883 ____A C:\Users\Public\Desktop\Adobe Reader 9.lnk
2013-05-16 00:56 - 2012-01-10 13:36 - 00001883 ____A C:\ProgramData\Desktop\Adobe Reader 9.lnk
2013-05-16 00:53 - 2013-01-03 04:25 - 00125808 ____A C:\Windows\System32\GDIPFONTCACHEV1.DAT
2013-05-15 13:59 - 2010-08-01 03:49 - 00000000 ____D C:\ProgramData\DivX
2013-05-15 13:59 - 2010-08-01 03:49 - 00000000 ____D C:\ProgramData\Application Data\DivX
2013-05-15 13:59 - 2010-08-01 03:49 - 00000000 ____D C:\Program Files (x86)\DivX
2013-05-15 13:58 - 2010-08-01 03:52 - 00000000 ____D C:\Program Files\DivX
2013-05-15 13:55 - 2013-05-15 13:55 - 00000000 ____A C:\END
2013-05-14 13:46 - 2012-04-26 04:59 - 00692104 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-05-14 13:46 - 2011-07-05 23:40 - 00071048 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-05-14 12:23 - 2013-02-23 12:57 - 00010421 ____A C:\Windows\avmfwlanci.log
==================== Known DLLs (Whitelisted) ================
==================== Bamital & volsnap Check =================
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe
[2009-12-03 08:39] - [2009-04-10 22:27] - 0279552 ____A (Microsoft Corporation) D4E6D91C1349B7BFB3599A6ADA56851B
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
==================== EXE ASSOCIATION =====================
HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK
==================== Restore Points =========================
Restore point made on: 2013-05-02 13:34:11
Restore point made on: 2013-05-03 03:24:08
Restore point made on: 2013-05-05 10:27:08
Restore point made on: 2013-05-06 13:25:18
Restore point made on: 2013-05-07 12:20:36
Restore point made on: 2013-05-12 07:23:54
Restore point made on: 2013-05-13 09:58:19
Restore point made on: 2013-05-16 01:06:21
Restore point made on: 2013-05-16 11:04:15
Restore point made on: 2013-05-18 02:24:10
Restore point made on: 2013-05-19 03:22:06
Restore point made on: 2013-05-21 11:37:37
Restore point made on: 2013-05-24 11:46:53
Restore point made on: 2013-05-25 05:29:05
Restore point made on: 2013-05-26 04:35:52
Restore point made on: 2013-05-27 11:59:48
Restore point made on: 2013-05-28 10:17:16
Restore point made on: 2013-05-30 12:37:35
Restore point made on: 2013-05-31 12:27:36
Restore point made on: 2013-06-01 14:16:05
Restore point made on: 2013-06-02 06:03:02
Restore point made on: 2013-06-06 11:45:06
Restore point made on: 2013-06-08 06:08:53
Restore point made on: 2013-06-08 06:39:39
Restore point made on: 2013-06-08 12:53:57
Restore point made on: 2013-06-09 22:05:26
Restore point made on: 2013-06-11 21:36:28
==================== Memory info ===========================
Percentage of memory in use: 18%
Total physical RAM: 4094.26 MB
Available physical RAM: 3321.35 MB
Total Pagefile: 3726.44 MB
Available Pagefile: 3295.39 MB
Total Virtual: 8192 MB
Available Virtual: 8191.89 MB
==================== Drives ================================
Drive c: (COMPAQ) (Fixed) (Total:581.64 GB) (Free:338.64 GB) NTFS (Disk=0 Partition=1) ==>[Drive with boot components (obtained from BCD)]
Drive d: (FACTORY_IMAGE) (Fixed) (Total:14.53 GB) (Free:2.07 GB) NTFS (Disk=0 Partition=2) ==>[System with boot components (obtained from reading drive)]
Drive f: () (Removable) (Total:0.12 GB) (Free:0.12 GB) FAT (Disk=1 Partition=1)
Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (Size: 596 GB) (Disk ID: 1549F232)
Partition 1: (Active) - (Size=582 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=15 GB) - (Type=07 NTFS)
========================================================
Disk: 1 (MBR Code: Windows XP) (Size: 121 MB) (Disk ID: 2D8A0CB9)
Partition 1: (Not Active) - (Size=120 MB) - (Type=06)
LastRegBack: 2013-06-11 21:01
==================== End Of Log ============================
--- --- --- Starten von Windows im abgesicherten Modus funktioniert scheinbar auch nicht. Würde mich sehr freuen wenn alles noch irgendwie hinhaut  bin jetzt erstmal arbeiten. bis heut abend |
|
12.06.2013, 12:05
| #38 |
| /// the machine /// TB-Ausbilder | TR/ATRAPS.Gen2 gefunden in Windows\installer Das sieht gar nicht so schlimm aus? Kommt ne Fehlermeldung wenn du booten willst?
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
12.06.2013, 12:52
| #39 |
| | TR/ATRAPS.Gen2 gefunden in Windows\installer Nein. Es müsste eigentlich die Windows Anmeldung mit passwortabfrage erscheinen, aber der Bildschirm bleibt schwarz. Maus ist da. Hab 30min gewartet... Vielleicht ist der Rechner bei Windows nur seeeeehr langsam? |
|
12.06.2013, 15:52
| #40 |
| /// the machine /// TB-Ausbilder | TR/ATRAPS.Gen2 gefunden in Windows\installer Mach bitte nochmal die Suche mit FRST in der Recovery, mit services.ex* und zusätzlich danach noch nen Scan, poste beide Logfiles.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
12.06.2013, 21:55
| #41 |
| | TR/ATRAPS.Gen2 gefunden in Windows\installer Search hat gestartet. Hat letztes mal zig Stunden gedauert... Code:
ATTFilter Farbar Recovery Scan Tool (x64) Version: 11-06-2013 03
Ran by SYSTEM at 2013-06-12 22:52:33
Running from G:\
Boot Mode: Recovery
================== Search: "services.ex*" ===================
C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6002.18005_none_d14b3973ca6acc56\services.exe
[2009-12-03 08:39] - [2009-04-10 22:27] - 0279552 ____A (Microsoft Corporation) D4E6D91C1349B7BFB3599A6ADA56851B
C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6001.18000_none_cf5fc067cd49010a\services.exe
[2008-01-20 18:50] - [2008-01-20 18:50] - 0279040 ____A (Microsoft Corporation) 2B336AB6286D6C81FA02CBAB914E3C6C
C:\Windows\winsxs\x86_microsoft-windows-s..ontroller.resources_31bf3856ad364e35_6.0.6000.16386_de-de_bed5af223a2c1128\services.exe.mui
[2009-05-19 04:35] - [2009-05-19 04:35] - 0020480 ____A (Microsoft Corporation) 30BAEB4A6F56D69427ACF9FEE7FB3599
C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6002.18005_none_2d69d4f782c83d8c\services.exe
[2009-12-03 08:39] - [2009-04-10 23:10] - 0384512 ____A (Microsoft Corporation) 934E0B7D77FF78C18D9F8891221B6DE3
C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6001.18000_none_2b7e5beb85a67240\services.exe
[2008-01-20 18:49] - [2008-01-20 18:49] - 0384512 ____A (Microsoft Corporation) DFAC660F0F139276CC9299812DE42719
C:\Windows\winsxs\amd64_microsoft-windows-s..ontroller.resources_31bf3856ad364e35_6.0.6000.16386_de-de_1af44aa5f289825e\services.exe.mui
[2009-05-19 04:35] - [2009-05-19 04:35] - 0019968 ____A (Microsoft Corporation) DBCE1B90B7075AAECF0B6C4AFB09B757
C:\Windows\SysWOW64\services.exe
[2009-12-03 08:39] - [2009-04-10 22:27] - 0279552 ____A (Microsoft Corporation) D4E6D91C1349B7BFB3599A6ADA56851B
C:\Windows\SysWOW64\de-DE\services.exe.mui
[2009-05-19 04:35] - [2009-05-19 04:35] - 0020480 ____A (Microsoft Corporation) 30BAEB4A6F56D69427ACF9FEE7FB3599
C:\Windows\System32\services.exe
[2009-12-03 08:39] - [2009-04-10 22:27] - 0279552 ____A (Microsoft Corporation) D4E6D91C1349B7BFB3599A6ADA56851B
C:\Windows\System32\de-DE\services.exe.mui
[2009-05-19 04:35] - [2009-05-19 04:35] - 0019968 ____A (Microsoft Corporation) DBCE1B90B7075AAECF0B6C4AFB09B757
C:\FRST\Quarantine\services.exe
[2009-12-03 08:39] - [2013-06-08 11:59] - 0380928 ____A (Microsoft Corporation) F8DCE3BED869F69C9F7C562B943BC255
====== End Of Search ======
FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 11-06-2013 03
Ran by SYSTEM on 13-06-2013 06:47:37
Running from G:\
Windows Vista (TM) Home Premium Service Pack 1 (X64) OS Language: English(US)
Internet Explorer Version 9
Boot Mode: Recovery
The current controlset is ControlSet001
ATTENTION!:=====> FRST is updated to run from normal or Safe mode to produce a full FRST.txt log and an extra Addition.txt log.
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [AdobeAAMUpdater-1.0] "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [444904 2012-09-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AVMWlanClient] "C:\Program Files (x86)\avmwlanstick\wlangui.exe" [2105344 2010-10-21] (AVM Berlin)
HKLM-x32\...\Run: [EEventManager] "C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe" [979328 2010-10-12] (SEIKO EPSON CORPORATION)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [41056 2013-05-08] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [30040 2009-02-26] (Microsoft Corporation)
HKLM-x32\...\Run: [LWS] C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe -hide [204136 2012-09-12] (Logitech Inc.)
HKLM-x32\...\Run: [] [x]
HKLM-x32\...\Run: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Acrotray.exe" [3478600 2013-05-11] (Adobe Systems Inc.)
HKLM-x32\...\Run: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW [1263952 2013-02-12] ()
HKLM-x32\...\Run: [DivXMediaServer] "C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe" [450560 2013-04-15] (DivX, LLC)
HKLM-x32\...\Run: [Cisco AnyConnect Secure Mobility Agent for Windows] "C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe" -minimized [685048 2012-08-03] (Cisco Systems, Inc.)
HKU\Default\...\Run: [HPADVISOR] c:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe autorun=AUTORUN [x]
HKU\Default User\...\Run: [HPADVISOR] c:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe autorun=AUTORUN [x]
HKU\postgres\...\Run: [HPADVISOR] c:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe autorun=AUTORUN [x]
HKU\Xxx\...\Run: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe [2260480 2009-03-05] (Safer-Networking Ltd.)
HKU\Xxx\...\Run: [F.lux] "C:\Users\Xxx\Local Settings\Apps\F.lux\flux.exe" /noshow [966656 2009-08-28] ()
HKU\Xxx\...\Run: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun [18678376 2013-05-09] (Skype Technologies S.A.)
HKU\UpdatusUser\...\Run: [HPADVISOR] c:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe autorun=AUTORUN [x]
Startup: C:\Users\Xxx\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\windows\system32\config\systemprofile\AppData\Roaming\Dropbox\bin\Dropbox.exe (No File)
SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\Windows\System32\webcheck.dll (Microsoft Corporation)
==================== Services (Whitelisted) =================
S2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [128752 2010-06-29] (SUPERAntiSpyware.com)
S2 ABBYY.Licensing.FineReader.Sprint.9.0; C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe [759048 2009-05-14] (ABBYY)
S2 Apple Mobile Device; C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [144672 2009-08-28] (Apple Inc.)
S2 ASGT; C:\Windows\SysWOW64\ASGT.exe [55296 2012-01-17] ()
S2 AVM WLAN Connection Service; C:\Program Files (x86)\avmwlanstick\WlanNetService.exe [376832 2010-10-21] (AVM Berlin)
S2 HauppaugeTVServer; C:\PROGRA~2\WinTV\TVServer\HAUPPA~1.EXE [602624 2010-03-29] (Hauppauge Computer Works)
S2 matlabserver; C:\Program Files (x86)\MATLAB71\webserver\bin\win32\matlabserver.exe [536576 2005-07-27] ()
S2 SBSDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [1153368 2009-01-26] (Safer Networking Ltd.)
S2 ezSharedSvc; C:\Windows\System32\ezsvc7.dll [x]
S2 Norton Internet Security; "C:\Program Files (x86)\Norton Internet Security\Engine\16.0.0.125\ccSvcHst.exe" /s "Norton Internet Security" /m "C:\Program Files (x86)\Norton Internet Security\Engine\16.0.0.125\diMaster.dll" /prefetch:1 [x]
S2 postgresql-8.4; C:/Program Files (x86)/PostgreSQL/8.4/bin/pg_ctl.exe runservice -N "postgresql-8.4" -D "C:/Program Files (x86)/PostgreSQL/8.4/data" -w [x]
==================== Drivers (Whitelisted) ====================
S3 acsint; C:\Windows\System32\DRIVERS\acsint64.sys [45480 2012-08-03] (Cisco Systems, Inc.)
S3 acsmux; C:\Windows\System32\DRIVERS\acsmux64.sys [69544 2012-08-03] (Cisco Systems, Inc.)
S3 avmeject; C:\Windows\System32\drivers\avmeject.sys [14120 2010-10-21] (AVM Berlin)
S3 fwlanusbn; C:\Windows\System32\DRIVERS\fwlanusbn.sys [714368 2010-10-21] (AVM GmbH)
S3 hcw95bda; C:\Windows\System32\Drivers\hcw95bda.sys [658944 2011-04-04] (Hauppauge Computer Works, Inc.)
S3 hcw95rc; C:\Windows\System32\DRIVERS\hcw95rc.sys [19840 2011-04-04] (Hauppauge Computer Works, Inc.)
S1 LUMDriver; C:\Windows\system32\drivers\LUMDriver.sys [24848 2008-01-02] (IBM)
S1 LUMDriver; C:\Windows\system32\drivers\LUMDriver.sys [24848 2008-01-02] (IBM)
S3 NVFLASH; C:\Windows\system32\drivers\nvflash.sys [15168 2012-03-10] ()
S3 NVFLASH; C:\Windows\system32\drivers\nvflash.sys [15168 2012-03-10] ()
S1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14920 2010-02-17] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
S1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14920 2010-02-17] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
S1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12360 2010-02-17] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
S1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12360 2010-02-17] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
S1 Beep; No ImagePath
S3 catchme; \??\C:\ComboFix\catchme.sys [x]
S0 ildid; system32\drivers\icbpzwk.sys [x]
S3 IpInIp; system32\DRIVERS\ipinip.sys [x]
S3 lvpepf64; system32\DRIVERS\lv302a64.sys [x]
S3 LVPr2M64; system32\DRIVERS\LVPr2M64.sys [x]
S3 LVUSBS64; system32\drivers\LVUSBS64.sys [x]
S3 NAVENG; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20081126.003\ENG64.SYS [x]
S3 NAVEX15; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20081126.003\EX64.SYS [x]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [x]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [x]
S3 PID_PEPI; system32\DRIVERS\LV302V64.SYS [x]
S0 sboliv; system32\drivers\giecpry.sys [x]
S1 SRTSP; \??\C:\Windows\system32\drivers\NISx64\1000000.07D\SRTSP64.SYS [x]
S1 SRTSPX; \??\C:\Windows\system32\drivers\NISx64\1000000.07D\SRTSPX64.SYS [x]
S0 yyca; system32\drivers\txgtym.sys [x]
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2013-06-11 21:43 - 2013-06-11 21:43 - 00000074 ____A C:\Users\Xxx\Desktop\Fixlist.txt
2013-06-11 10:46 - 2013-06-11 10:52 - 00002360 ____A C:\Users\Xxx\Desktop\Search.txt
2013-06-10 12:53 - 2013-06-10 12:58 - 00020507 ____A C:\ComboFix.txt
2013-06-10 10:40 - 2013-06-10 10:41 - 05078680 ____R (Swearware) C:\Users\Xxx\Desktop\NoMBR.exe
2013-06-10 09:03 - 2013-06-10 10:44 - 00000000 ____D C:\32788R22FWJFW
2013-06-09 22:06 - 2013-05-05 13:36 - 17818624 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2013-06-09 22:06 - 2013-05-05 13:16 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2013-06-09 22:06 - 2013-05-05 11:25 - 12324864 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-06-09 22:06 - 2013-05-05 11:12 - 02382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-06-09 09:58 - 2013-06-09 09:58 - 00000000 ____D C:\FRST
2013-06-09 09:56 - 2013-06-11 10:45 - 01920158 ____A (Farbar) C:\Users\Xxx\Desktop\FRST64.exe
2013-06-09 02:57 - 2011-06-25 22:45 - 00256000 ____A C:\Windows\PEV.exe
2013-06-09 02:57 - 2010-11-07 09:20 - 00208896 ____A C:\Windows\MBR.exe
2013-06-09 02:57 - 2009-04-19 20:56 - 00060416 ____A (NirSoft) C:\Windows\NIRCMD.exe
2013-06-09 02:57 - 2000-08-30 16:00 - 00518144 ____A (SteelWerX) C:\Windows\SWREG.exe
2013-06-09 02:57 - 2000-08-30 16:00 - 00406528 ____A (SteelWerX) C:\Windows\SWSC.exe
2013-06-09 02:57 - 2000-08-30 16:00 - 00098816 ____A C:\Windows\sed.exe
2013-06-09 02:57 - 2000-08-30 16:00 - 00080412 ____A C:\Windows\grep.exe
2013-06-09 02:57 - 2000-08-30 16:00 - 00068096 ____A C:\Windows\zip.exe
2013-06-09 02:53 - 2013-06-10 12:53 - 00000000 ____D C:\Qoobox
2013-06-09 02:53 - 2013-06-10 12:47 - 00000000 ____D C:\Windows\erdnt
2013-06-08 13:59 - 2013-06-08 13:59 - 00000134 ____A C:\Users\Xxx\Desktop\Internet Explorer-Problembehebung.url
2013-06-08 12:57 - 2013-06-08 12:57 - 10926080 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2013-06-08 12:57 - 2013-06-08 12:57 - 09738752 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-06-08 12:57 - 2013-06-08 12:57 - 03695416 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dat
2013-06-08 12:57 - 2013-06-08 12:57 - 03695416 ____A (Microsoft Corporation) C:\Windows\System32\ieapfltr.dat
2013-06-08 12:57 - 2013-06-08 12:57 - 02312704 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2013-06-08 12:57 - 2013-06-08 12:57 - 02147840 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2013-06-08 12:57 - 2013-06-08 12:57 - 01800704 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-06-08 12:57 - 2013-06-08 12:57 - 01796096 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-06-08 12:57 - 2013-06-08 12:57 - 01494528 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2013-06-08 12:57 - 2013-06-08 12:57 - 01427968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2013-06-08 12:57 - 2013-06-08 12:57 - 01392128 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2013-06-08 12:57 - 2013-06-08 12:57 - 01346560 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2013-06-08 12:57 - 2013-06-08 12:57 - 01129472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-06-08 12:57 - 2013-06-08 12:57 - 01104384 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-06-08 12:57 - 2013-06-08 12:57 - 00816640 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2013-06-08 12:57 - 2013-06-08 12:57 - 00729088 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2013-06-08 12:57 - 2013-06-08 12:57 - 00717824 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-06-08 12:57 - 2013-06-08 12:57 - 00607744 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-06-08 12:57 - 2013-06-08 12:57 - 00599040 ____A (Microsoft Corporation) C:\Windows\System32\vbscript.dll
2013-06-08 12:57 - 2013-06-08 12:57 - 00534528 ____A (Microsoft Corporation) C:\Windows\System32\ieapfltr.dll
2013-06-08 12:57 - 2013-06-08 12:57 - 00452608 ____A (Microsoft Corporation) C:\Windows\System32\dxtmsft.dll
2013-06-08 12:57 - 2013-06-08 12:57 - 00448512 ____A (Microsoft Corporation) C:\Windows\System32\html.iec
2013-06-08 12:57 - 2013-06-08 12:57 - 00434176 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2013-06-08 12:57 - 2013-06-08 12:57 - 00420864 ____A (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2013-06-08 12:57 - 2013-06-08 12:57 - 00403248 ____A (Microsoft Corporation) C:\Windows\System32\iedkcs32.dll
2013-06-08 12:57 - 2013-06-08 12:57 - 00367104 ____A (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2013-06-08 12:57 - 2013-06-08 12:57 - 00353792 ____A (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2013-06-08 12:57 - 2013-06-08 12:57 - 00353584 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2013-06-08 12:57 - 2013-06-08 12:57 - 00282112 ____A (Microsoft Corporation) C:\Windows\System32\dxtrans.dll
2013-06-08 12:57 - 2013-06-08 12:57 - 00267776 ____A (Microsoft Corporation) C:\Windows\System32\ieaksie.dll
2013-06-08 12:57 - 2013-06-08 12:57 - 00249344 ____A (Microsoft Corporation) C:\Windows\System32\webcheck.dll
2013-06-08 12:57 - 2013-06-08 12:57 - 00248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2013-06-08 12:57 - 2013-06-08 12:57 - 00237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2013-06-08 12:57 - 2013-06-08 12:57 - 00231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2013-06-08 12:57 - 2013-06-08 12:57 - 00227840 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieaksie.dll
2013-06-08 12:57 - 2013-06-08 12:57 - 00223232 ____A (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2013-06-08 12:57 - 2013-06-08 12:57 - 00222208 ____A (Microsoft Corporation) C:\Windows\System32\msls31.dll
2013-06-08 12:57 - 2013-06-08 12:57 - 00203776 ____A (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2013-06-08 12:57 - 2013-06-08 12:57 - 00197120 ____A (Microsoft Corporation) C:\Windows\System32\msrating.dll
2013-06-08 12:57 - 2013-06-08 12:57 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-06-08 12:57 - 2013-06-08 12:57 - 00173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2013-06-08 12:57 - 2013-06-08 12:57 - 00165888 ____A (Microsoft Corporation) C:\Windows\System32\iexpress.exe
2013-06-08 12:57 - 2013-06-08 12:57 - 00163840 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieakui.dll
2013-06-08 12:57 - 2013-06-08 12:57 - 00163840 ____A (Microsoft Corporation) C:\Windows\System32\ieakui.dll
2013-06-08 12:57 - 2013-06-08 12:57 - 00162304 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2013-06-08 12:57 - 2013-06-08 12:57 - 00161792 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msls31.dll
2013-06-08 12:57 - 2013-06-08 12:57 - 00160256 ____A (Microsoft Corporation) C:\Windows\System32\wextract.exe
2013-06-08 12:57 - 2013-06-08 12:57 - 00160256 ____A (Microsoft Corporation) C:\Windows\System32\ieakeng.dll
2013-06-08 12:57 - 2013-06-08 12:57 - 00152064 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wextract.exe
2013-06-08 12:57 - 2013-06-08 12:57 - 00150528 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iexpress.exe
2013-06-08 12:57 - 2013-06-08 12:57 - 00149504 ____A (Microsoft Corporation) C:\Windows\System32\occache.dll
2013-06-08 12:57 - 2013-06-08 12:57 - 00145920 ____A (Microsoft Corporation) C:\Windows\System32\iepeers.dll
2013-06-08 12:57 - 2013-06-08 12:57 - 00142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2013-06-08 12:57 - 2013-06-08 12:57 - 00136192 ____A (Microsoft Corporation) C:\Windows\System32\advpack.dll
2013-06-08 12:57 - 2013-06-08 12:57 - 00135168 ____A (Microsoft Corporation) C:\Windows\System32\IEAdvpack.dll
2013-06-08 12:57 - 2013-06-08 12:57 - 00130560 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieakeng.dll
2013-06-08 12:57 - 2013-06-08 12:57 - 00123392 ____A (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2013-06-08 12:57 - 2013-06-08 12:57 - 00118784 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
2013-06-08 12:57 - 2013-06-08 12:57 - 00114176 ____A (Microsoft Corporation) C:\Windows\SysWOW64\advpack.dll
2013-06-08 12:57 - 2013-06-08 12:57 - 00114176 ____A (Microsoft Corporation) C:\Windows\System32\admparse.dll
2013-06-08 12:57 - 2013-06-08 12:57 - 00111616 ____A (Microsoft Corporation) C:\Windows\System32\iesysprep.dll
2013-06-08 12:57 - 2013-06-08 12:57 - 00110592 ____A (Microsoft Corporation) C:\Windows\SysWOW64\IEAdvpack.dll
2013-06-08 12:57 - 2013-06-08 12:57 - 00103936 ____A (Microsoft Corporation) C:\Windows\System32\inseng.dll
2013-06-08 12:57 - 2013-06-08 12:57 - 00101888 ____A (Microsoft Corporation) C:\Windows\SysWOW64\admparse.dll
2013-06-08 12:57 - 2013-06-08 12:57 - 00096768 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2013-06-08 12:57 - 2013-06-08 12:57 - 00091648 ____A (Microsoft Corporation) C:\Windows\System32\SetIEInstalledDate.exe
2013-06-08 12:57 - 2013-06-08 12:57 - 00089088 ____A (Microsoft Corporation) C:\Windows\System32\RegisterIEPKEYs.exe
2013-06-08 12:57 - 2013-06-08 12:57 - 00089088 ____A (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe
2013-06-08 12:57 - 2013-06-08 12:57 - 00086528 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-06-08 12:57 - 2013-06-08 12:57 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2013-06-08 12:57 - 2013-06-08 12:57 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\iesetup.dll
2013-06-08 12:57 - 2013-06-08 12:57 - 00082432 ____A (Microsoft Corporation) C:\Windows\System32\icardie.dll
2013-06-08 12:57 - 2013-06-08 12:57 - 00078848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2013-06-08 12:57 - 2013-06-08 12:57 - 00076800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\SetIEInstalledDate.exe
2013-06-08 12:57 - 2013-06-08 12:57 - 00076800 ____A (Microsoft Corporation) C:\Windows\System32\tdc.ocx
2013-06-08 12:57 - 2013-06-08 12:57 - 00074752 ____A (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-06-08 12:57 - 2013-06-08 12:57 - 00074752 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-06-08 12:57 - 2013-06-08 12:57 - 00074240 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ie4uinit.exe
2013-06-08 12:57 - 2013-06-08 12:57 - 00073216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2013-06-08 12:57 - 2013-06-08 12:57 - 00066048 ____A (Microsoft Corporation) C:\Windows\SysWOW64\icardie.dll
2013-06-08 12:57 - 2013-06-08 12:57 - 00065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-06-08 12:57 - 2013-06-08 12:57 - 00065024 ____A (Microsoft Corporation) C:\Windows\System32\pngfilt.dll
2013-06-08 12:57 - 2013-06-08 12:57 - 00063488 ____A (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx
2013-06-08 12:57 - 2013-06-08 12:57 - 00055296 ____A (Microsoft Corporation) C:\Windows\System32\msfeedsbs.dll
2013-06-08 12:57 - 2013-06-08 12:57 - 00054272 ____A (Microsoft Corporation) C:\Windows\SysWOW64\pngfilt.dll
2013-06-08 12:57 - 2013-06-08 12:57 - 00049664 ____A (Microsoft Corporation) C:\Windows\System32\imgutil.dll
2013-06-08 12:57 - 2013-06-08 12:57 - 00048640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmler.dll
2013-06-08 12:57 - 2013-06-08 12:57 - 00048640 ____A (Microsoft Corporation) C:\Windows\System32\mshtmler.dll
2013-06-08 12:57 - 2013-06-08 12:57 - 00041472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll
2013-06-08 12:57 - 2013-06-08 12:57 - 00039936 ____A (Microsoft Corporation) C:\Windows\System32\iernonce.dll
2013-06-08 12:57 - 2013-06-08 12:57 - 00035840 ____A (Microsoft Corporation) C:\Windows\SysWOW64\imgutil.dll
2013-06-08 12:57 - 2013-06-08 12:57 - 00031744 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-06-08 12:57 - 2013-06-08 12:57 - 00030720 ____A (Microsoft Corporation) C:\Windows\System32\licmgr10.dll
2013-06-08 12:57 - 2013-06-08 12:57 - 00023552 ____A (Microsoft Corporation) C:\Windows\SysWOW64\licmgr10.dll
2013-06-08 12:57 - 2013-06-08 12:57 - 00012288 ____A (Microsoft Corporation) C:\Windows\System32\mshta.exe
2013-06-08 12:57 - 2013-06-08 12:57 - 00011776 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe
2013-06-08 12:57 - 2013-06-08 12:57 - 00010752 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe
2013-06-08 12:57 - 2013-06-08 12:57 - 00010752 ____A (Microsoft Corporation) C:\Windows\System32\msfeedssync.exe
2013-06-08 12:51 - 2013-06-08 14:00 - 00010750 ____A C:\Windows\IE9_main.log
2013-06-08 11:56 - 2013-06-08 11:56 - 00000000 ____D C:\TDSSKiller_Quarantine
2013-06-08 08:55 - 2013-04-11 00:19 - 02237968 ____A (Kaspersky Lab ZAO) C:\Users\Xxx\Desktop\001.exe
2013-06-03 10:03 - 2013-06-03 10:03 - 00000845 ____A C:\Users\UpdatusUser\Desktop\PDF Password Remover v3.1.lnk
2013-06-03 10:03 - 2013-06-03 10:03 - 00000845 ____A C:\Users\postgres\Desktop\PDF Password Remover v3.1.lnk
2013-06-03 10:03 - 2013-06-03 10:03 - 00000845 ____A C:\Users\elephant\Desktop\PDF Password Remover v3.1.lnk
2013-06-03 09:47 - 2013-06-03 10:01 - 00000000 ____D C:\Program Files (x86)\BeCyPDFMetaEdit
2013-05-22 12:55 - 2013-05-22 13:19 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-05-20 23:01 - 2013-04-25 04:17 - 00025363 ____A C:\Users\Xxx\Desktop\Auswertung
2013-05-19 08:54 - 2013-05-19 08:54 - 00000154 ____A C:\Users\Xxx\.appletviewer
2013-05-19 03:22 - 2013-05-19 03:22 - 00000000 ____D C:\Users\Xxx\AppData\Local\Cisco
2013-05-19 03:22 - 2013-05-19 03:22 - 00000000 ____D C:\ProgramData\Cisco
2013-05-19 03:22 - 2013-05-19 03:22 - 00000000 ____D C:\ProgramData\Application Data\Cisco
2013-05-19 03:22 - 2013-05-19 03:22 - 00000000 ____D C:\Program Files (x86)\Cisco
2013-05-15 13:55 - 2013-05-15 13:55 - 00000000 ____A C:\END
2013-05-15 13:02 - 2013-04-15 06:17 - 00901496 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\dxgkrnl.sys
2013-05-15 13:02 - 2013-04-12 19:34 - 00047104 ____A (Microsoft Corporation) C:\Windows\System32\cdd.dll
2013-05-15 13:02 - 2013-04-08 17:55 - 02774016 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
==================== One Month Modified Files and Folders =======
2013-06-12 12:44 - 2009-05-18 20:30 - 00000000 ____D C:\ProgramData\NVIDIA
2013-06-12 12:44 - 2009-05-18 20:30 - 00000000 ____D C:\ProgramData\Application Data\NVIDIA
2013-06-11 21:44 - 2009-07-22 00:36 - 01700272 ____A C:\Windows\WindowsUpdate.log
2013-06-11 21:44 - 2006-11-02 07:42 - 00032632 ____A C:\Windows\Tasks\SCHEDLGU.TXT
2013-06-11 21:44 - 2006-11-02 07:42 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2013-06-11 21:44 - 2006-11-02 07:22 - 00003616 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2013-06-11 21:44 - 2006-11-02 07:22 - 00003616 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2013-06-11 21:43 - 2013-06-11 21:43 - 00000074 ____A C:\Users\Xxx\Desktop\Fixlist.txt
2013-06-11 21:02 - 2011-04-25 09:40 - 00000000 ____D C:\Users\Xxx\AppData\Roaming\Skype
2013-06-11 20:54 - 2011-12-11 17:10 - 00000000 ____D C:\Users\Xxx\AppData\Roaming\Dropbox
2013-06-11 20:53 - 2011-12-11 17:13 - 00000000 ___RD C:\Users\Xxx\Dropbox
2013-06-11 10:52 - 2013-06-11 10:46 - 00002360 ____A C:\Users\Xxx\Desktop\Search.txt
2013-06-11 10:45 - 2013-06-09 09:56 - 01920158 ____A (Farbar) C:\Users\Xxx\Desktop\FRST64.exe
2013-06-11 10:45 - 2012-04-26 04:59 - 00000884 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-06-10 22:04 - 2009-05-19 04:37 - 00674972 ____A C:\Windows\System32\perfh007.dat
2013-06-10 22:04 - 2009-05-19 04:37 - 00145640 ____A C:\Windows\System32\perfc007.dat
2013-06-10 22:04 - 2006-11-02 04:46 - 01568730 ____A C:\Windows\System32\PerfStringBackup.INI
2013-06-10 21:53 - 2012-02-11 03:15 - 00120544 ____A C:\Windows\PFRO.log
2013-06-10 12:58 - 2013-06-10 12:53 - 00020507 ____A C:\ComboFix.txt
2013-06-10 12:53 - 2013-06-09 02:53 - 00000000 ____D C:\Qoobox
2013-06-10 12:47 - 2013-06-09 02:53 - 00000000 ____D C:\Windows\erdnt
2013-06-10 12:47 - 2006-11-02 04:34 - 00000215 ____A C:\Windows\system.ini
2013-06-10 10:44 - 2013-06-10 09:03 - 00000000 ____D C:\32788R22FWJFW
2013-06-10 10:41 - 2013-06-10 10:40 - 05078680 ____R (Swearware) C:\Users\Xxx\Desktop\NoMBR.exe
2013-06-09 09:58 - 2013-06-09 09:58 - 00000000 ____D C:\FRST
2013-06-09 09:01 - 2006-11-02 05:33 - 00000000 __RHD C:\users\Default
2013-06-09 03:03 - 2006-11-02 05:33 - 00000000 ____D C:\Windows\rescache
2013-06-09 02:38 - 2012-05-08 08:07 - 00000000 ____D C:\Program Files (x86)\2012MalwarebytesAnti-Malware
2013-06-08 14:59 - 2006-11-02 05:33 - 00000000 ___RD C:\Windows\Offline Web Pages
2013-06-08 14:59 - 2006-11-02 05:33 - 00000000 ____D C:\Windows\PolicyDefinitions
2013-06-08 14:00 - 2013-06-08 12:51 - 00010750 ____A C:\Windows\IE9_main.log
2013-06-08 13:59 - 2013-06-08 13:59 - 00000134 ____A C:\Users\Xxx\Desktop\Internet Explorer-Problembehebung.url
2013-06-08 13:59 - 2012-05-08 08:07 - 00000928 ____A C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2013-06-08 13:59 - 2012-05-08 08:07 - 00000928 ____A C:\ProgramData\Desktop\ Malwarebytes Anti-Malware .lnk
2013-06-08 12:57 - 2013-06-08 12:57 - 10926080 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2013-06-08 12:57 - 2013-06-08 12:57 - 09738752 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-06-08 12:57 - 2013-06-08 12:57 - 03695416 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dat
2013-06-08 12:57 - 2013-06-08 12:57 - 03695416 ____A (Microsoft Corporation) C:\Windows\System32\ieapfltr.dat
2013-06-08 12:57 - 2013-06-08 12:57 - 02312704 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2013-06-08 12:57 - 2013-06-08 12:57 - 02147840 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2013-06-08 12:57 - 2013-06-08 12:57 - 01800704 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-06-08 12:57 - 2013-06-08 12:57 - 01796096 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-06-08 12:57 - 2013-06-08 12:57 - 01494528 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2013-06-08 12:57 - 2013-06-08 12:57 - 01427968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2013-06-08 12:57 - 2013-06-08 12:57 - 01392128 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2013-06-08 12:57 - 2013-06-08 12:57 - 01346560 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2013-06-08 12:57 - 2013-06-08 12:57 - 01129472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-06-08 12:57 - 2013-06-08 12:57 - 01104384 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-06-08 12:57 - 2013-06-08 12:57 - 00816640 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2013-06-08 12:57 - 2013-06-08 12:57 - 00729088 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2013-06-08 12:57 - 2013-06-08 12:57 - 00717824 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-06-08 12:57 - 2013-06-08 12:57 - 00607744 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-06-08 12:57 - 2013-06-08 12:57 - 00599040 ____A (Microsoft Corporation) C:\Windows\System32\vbscript.dll
2013-06-08 12:57 - 2013-06-08 12:57 - 00534528 ____A (Microsoft Corporation) C:\Windows\System32\ieapfltr.dll
2013-06-08 12:57 - 2013-06-08 12:57 - 00452608 ____A (Microsoft Corporation) C:\Windows\System32\dxtmsft.dll
2013-06-08 12:57 - 2013-06-08 12:57 - 00448512 ____A (Microsoft Corporation) C:\Windows\System32\html.iec
2013-06-08 12:57 - 2013-06-08 12:57 - 00434176 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2013-06-08 12:57 - 2013-06-08 12:57 - 00420864 ____A (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2013-06-08 12:57 - 2013-06-08 12:57 - 00403248 ____A (Microsoft Corporation) C:\Windows\System32\iedkcs32.dll
2013-06-08 12:57 - 2013-06-08 12:57 - 00367104 ____A (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2013-06-08 12:57 - 2013-06-08 12:57 - 00353792 ____A (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2013-06-08 12:57 - 2013-06-08 12:57 - 00353584 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2013-06-08 12:57 - 2013-06-08 12:57 - 00282112 ____A (Microsoft Corporation) C:\Windows\System32\dxtrans.dll
2013-06-08 12:57 - 2013-06-08 12:57 - 00267776 ____A (Microsoft Corporation) C:\Windows\System32\ieaksie.dll
2013-06-08 12:57 - 2013-06-08 12:57 - 00249344 ____A (Microsoft Corporation) C:\Windows\System32\webcheck.dll
2013-06-08 12:57 - 2013-06-08 12:57 - 00248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2013-06-08 12:57 - 2013-06-08 12:57 - 00237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2013-06-08 12:57 - 2013-06-08 12:57 - 00231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2013-06-08 12:57 - 2013-06-08 12:57 - 00227840 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieaksie.dll
2013-06-08 12:57 - 2013-06-08 12:57 - 00223232 ____A (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2013-06-08 12:57 - 2013-06-08 12:57 - 00222208 ____A (Microsoft Corporation) C:\Windows\System32\msls31.dll
2013-06-08 12:57 - 2013-06-08 12:57 - 00203776 ____A (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2013-06-08 12:57 - 2013-06-08 12:57 - 00197120 ____A (Microsoft Corporation) C:\Windows\System32\msrating.dll
2013-06-08 12:57 - 2013-06-08 12:57 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-06-08 12:57 - 2013-06-08 12:57 - 00173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2013-06-08 12:57 - 2013-06-08 12:57 - 00165888 ____A (Microsoft Corporation) C:\Windows\System32\iexpress.exe
2013-06-08 12:57 - 2013-06-08 12:57 - 00163840 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieakui.dll
2013-06-08 12:57 - 2013-06-08 12:57 - 00163840 ____A (Microsoft Corporation) C:\Windows\System32\ieakui.dll
2013-06-08 12:57 - 2013-06-08 12:57 - 00162304 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2013-06-08 12:57 - 2013-06-08 12:57 - 00161792 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msls31.dll
2013-06-08 12:57 - 2013-06-08 12:57 - 00160256 ____A (Microsoft Corporation) C:\Windows\System32\wextract.exe
2013-06-08 12:57 - 2013-06-08 12:57 - 00160256 ____A (Microsoft Corporation) C:\Windows\System32\ieakeng.dll
2013-06-08 12:57 - 2013-06-08 12:57 - 00152064 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wextract.exe
2013-06-08 12:57 - 2013-06-08 12:57 - 00150528 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iexpress.exe
2013-06-08 12:57 - 2013-06-08 12:57 - 00149504 ____A (Microsoft Corporation) C:\Windows\System32\occache.dll
2013-06-08 12:57 - 2013-06-08 12:57 - 00145920 ____A (Microsoft Corporation) C:\Windows\System32\iepeers.dll
2013-06-08 12:57 - 2013-06-08 12:57 - 00142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2013-06-08 12:57 - 2013-06-08 12:57 - 00136192 ____A (Microsoft Corporation) C:\Windows\System32\advpack.dll
2013-06-08 12:57 - 2013-06-08 12:57 - 00135168 ____A (Microsoft Corporation) C:\Windows\System32\IEAdvpack.dll
2013-06-08 12:57 - 2013-06-08 12:57 - 00130560 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieakeng.dll
2013-06-08 12:57 - 2013-06-08 12:57 - 00123392 ____A (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2013-06-08 12:57 - 2013-06-08 12:57 - 00118784 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
2013-06-08 12:57 - 2013-06-08 12:57 - 00114176 ____A (Microsoft Corporation) C:\Windows\SysWOW64\advpack.dll
2013-06-08 12:57 - 2013-06-08 12:57 - 00114176 ____A (Microsoft Corporation) C:\Windows\System32\admparse.dll
2013-06-08 12:57 - 2013-06-08 12:57 - 00111616 ____A (Microsoft Corporation) C:\Windows\System32\iesysprep.dll
2013-06-08 12:57 - 2013-06-08 12:57 - 00110592 ____A (Microsoft Corporation) C:\Windows\SysWOW64\IEAdvpack.dll
2013-06-08 12:57 - 2013-06-08 12:57 - 00103936 ____A (Microsoft Corporation) C:\Windows\System32\inseng.dll
2013-06-08 12:57 - 2013-06-08 12:57 - 00101888 ____A (Microsoft Corporation) C:\Windows\SysWOW64\admparse.dll
2013-06-08 12:57 - 2013-06-08 12:57 - 00096768 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2013-06-08 12:57 - 2013-06-08 12:57 - 00091648 ____A (Microsoft Corporation) C:\Windows\System32\SetIEInstalledDate.exe
2013-06-08 12:57 - 2013-06-08 12:57 - 00089088 ____A (Microsoft Corporation) C:\Windows\System32\RegisterIEPKEYs.exe
2013-06-08 12:57 - 2013-06-08 12:57 - 00089088 ____A (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe
2013-06-08 12:57 - 2013-06-08 12:57 - 00086528 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-06-08 12:57 - 2013-06-08 12:57 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2013-06-08 12:57 - 2013-06-08 12:57 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\iesetup.dll
2013-06-08 12:57 - 2013-06-08 12:57 - 00082432 ____A (Microsoft Corporation) C:\Windows\System32\icardie.dll
2013-06-08 12:57 - 2013-06-08 12:57 - 00078848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2013-06-08 12:57 - 2013-06-08 12:57 - 00076800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\SetIEInstalledDate.exe
2013-06-08 12:57 - 2013-06-08 12:57 - 00076800 ____A (Microsoft Corporation) C:\Windows\System32\tdc.ocx
2013-06-08 12:57 - 2013-06-08 12:57 - 00074752 ____A (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-06-08 12:57 - 2013-06-08 12:57 - 00074752 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-06-08 12:57 - 2013-06-08 12:57 - 00074240 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ie4uinit.exe
2013-06-08 12:57 - 2013-06-08 12:57 - 00073216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2013-06-08 12:57 - 2013-06-08 12:57 - 00066048 ____A (Microsoft Corporation) C:\Windows\SysWOW64\icardie.dll
2013-06-08 12:57 - 2013-06-08 12:57 - 00065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-06-08 12:57 - 2013-06-08 12:57 - 00065024 ____A (Microsoft Corporation) C:\Windows\System32\pngfilt.dll
2013-06-08 12:57 - 2013-06-08 12:57 - 00063488 ____A (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx
2013-06-08 12:57 - 2013-06-08 12:57 - 00055296 ____A (Microsoft Corporation) C:\Windows\System32\msfeedsbs.dll
2013-06-08 12:57 - 2013-06-08 12:57 - 00054272 ____A (Microsoft Corporation) C:\Windows\SysWOW64\pngfilt.dll
2013-06-08 12:57 - 2013-06-08 12:57 - 00049664 ____A (Microsoft Corporation) C:\Windows\System32\imgutil.dll
2013-06-08 12:57 - 2013-06-08 12:57 - 00048640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmler.dll
2013-06-08 12:57 - 2013-06-08 12:57 - 00048640 ____A (Microsoft Corporation) C:\Windows\System32\mshtmler.dll
2013-06-08 12:57 - 2013-06-08 12:57 - 00041472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll
2013-06-08 12:57 - 2013-06-08 12:57 - 00039936 ____A (Microsoft Corporation) C:\Windows\System32\iernonce.dll
2013-06-08 12:57 - 2013-06-08 12:57 - 00035840 ____A (Microsoft Corporation) C:\Windows\SysWOW64\imgutil.dll
2013-06-08 12:57 - 2013-06-08 12:57 - 00031744 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-06-08 12:57 - 2013-06-08 12:57 - 00030720 ____A (Microsoft Corporation) C:\Windows\System32\licmgr10.dll
2013-06-08 12:57 - 2013-06-08 12:57 - 00023552 ____A (Microsoft Corporation) C:\Windows\SysWOW64\licmgr10.dll
2013-06-08 12:57 - 2013-06-08 12:57 - 00012288 ____A (Microsoft Corporation) C:\Windows\System32\mshta.exe
2013-06-08 12:57 - 2013-06-08 12:57 - 00011776 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe
2013-06-08 12:57 - 2013-06-08 12:57 - 00010752 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe
2013-06-08 12:57 - 2013-06-08 12:57 - 00010752 ____A (Microsoft Corporation) C:\Windows\System32\msfeedssync.exe
2013-06-08 12:57 - 2006-11-02 04:16 - 00008798 ____A C:\Windows\SysWOW64\icrav03.rat
2013-06-08 12:57 - 2006-11-02 04:16 - 00001988 ____A C:\Windows\SysWOW64\ticrf.rat
2013-06-08 12:57 - 2006-11-01 22:36 - 00008798 ____A C:\Windows\System32\icrav03.rat
2013-06-08 12:57 - 2006-11-01 22:36 - 00001988 ____A C:\Windows\System32\ticrf.rat
2013-06-08 11:56 - 2013-06-08 11:56 - 00000000 ____D C:\TDSSKiller_Quarantine
2013-06-03 10:03 - 2013-06-03 10:03 - 00000845 ____A C:\Users\UpdatusUser\Desktop\PDF Password Remover v3.1.lnk
2013-06-03 10:03 - 2013-06-03 10:03 - 00000845 ____A C:\Users\postgres\Desktop\PDF Password Remover v3.1.lnk
2013-06-03 10:03 - 2013-06-03 10:03 - 00000845 ____A C:\Users\elephant\Desktop\PDF Password Remover v3.1.lnk
2013-06-03 10:01 - 2013-06-03 09:47 - 00000000 ____D C:\Program Files (x86)\BeCyPDFMetaEdit
2013-06-02 07:44 - 2012-07-19 10:28 - 00000000 ____D C:\Users\Xxx\Desktop\Projekt
2013-06-02 06:57 - 2010-10-13 05:54 - 00000000 ____D C:\Users\Xxx\Desktop\Stuff
2013-05-23 11:03 - 2011-04-25 09:36 - 00000000 ___RD C:\Program Files (x86)\Skype
2013-05-23 11:03 - 2011-04-25 09:36 - 00000000 ____D C:\ProgramData\Skype
2013-05-23 11:03 - 2011-04-25 09:36 - 00000000 ____D C:\ProgramData\Application Data\Skype
2013-05-23 10:58 - 2012-04-25 05:55 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2013-05-22 13:19 - 2013-05-22 12:55 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-05-20 12:12 - 2010-04-09 13:30 - 00000000 ____D C:\users\postgres
2013-05-19 08:54 - 2013-05-19 08:54 - 00000154 ____A C:\Users\Xxx\.appletviewer
2013-05-19 08:54 - 2009-09-14 03:56 - 00000000 ____D C:\users\Xxx
2013-05-19 03:50 - 2011-06-06 08:38 - 00000000 ____D C:\Users\Xxx\Desktop\Bücher Maschinenbau
2013-05-19 03:48 - 2012-11-01 10:52 - 00000000 ____D C:\Users\Xxx\Desktop\Masterarbeit
2013-05-19 03:22 - 2013-05-19 03:22 - 00000000 ____D C:\Users\Xxx\AppData\Local\Cisco
2013-05-19 03:22 - 2013-05-19 03:22 - 00000000 ____D C:\ProgramData\Cisco
2013-05-19 03:22 - 2013-05-19 03:22 - 00000000 ____D C:\ProgramData\Application Data\Cisco
2013-05-19 03:22 - 2013-05-19 03:22 - 00000000 ____D C:\Program Files (x86)\Cisco
2013-05-18 02:26 - 2012-06-10 01:41 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-05-18 02:26 - 2012-06-10 01:41 - 00000000 ____D C:\ProgramData\Application Data\Microsoft Help
2013-05-16 13:24 - 2010-04-11 04:44 - 00125808 ____A C:\Windows\SysWOW64\GDIPFONTCACHEV1.DAT
2013-05-16 10:48 - 2006-11-02 07:21 - 00460928 ____A C:\Windows\System32\FNTCACHE.DAT
2013-05-16 01:05 - 2013-01-06 18:24 - 00000039 ____A C:\Windows\vbaddin.ini
2013-05-16 01:01 - 2006-11-02 04:35 - 75016696 ____A (Microsoft Corporation) C:\Windows\System32\mrt.exe
2013-05-16 00:56 - 2012-01-10 13:36 - 00001883 ____A C:\Users\Public\Desktop\Adobe Reader 9.lnk
2013-05-16 00:56 - 2012-01-10 13:36 - 00001883 ____A C:\ProgramData\Desktop\Adobe Reader 9.lnk
2013-05-16 00:53 - 2013-01-03 04:25 - 00125808 ____A C:\Windows\System32\GDIPFONTCACHEV1.DAT
2013-05-15 13:59 - 2010-08-01 03:49 - 00000000 ____D C:\ProgramData\DivX
2013-05-15 13:59 - 2010-08-01 03:49 - 00000000 ____D C:\ProgramData\Application Data\DivX
2013-05-15 13:59 - 2010-08-01 03:49 - 00000000 ____D C:\Program Files (x86)\DivX
2013-05-15 13:58 - 2010-08-01 03:52 - 00000000 ____D C:\Program Files\DivX
2013-05-15 13:55 - 2013-05-15 13:55 - 00000000 ____A C:\END
2013-05-14 13:46 - 2012-04-26 04:59 - 00692104 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-05-14 13:46 - 2011-07-05 23:40 - 00071048 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-05-14 12:23 - 2013-02-23 12:57 - 00010421 ____A C:\Windows\avmfwlanci.log
==================== Known DLLs (Whitelisted) ================
==================== Bamital & volsnap Check =================
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe
[2009-12-03 08:39] - [2009-04-10 22:27] - 0279552 ____A (Microsoft Corporation) D4E6D91C1349B7BFB3599A6ADA56851B
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
==================== EXE ASSOCIATION =====================
HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK
==================== Restore Points =========================
Restore point made on: 2013-05-02 13:34:11
Restore point made on: 2013-05-03 03:24:08
Restore point made on: 2013-05-05 10:27:08
Restore point made on: 2013-05-06 13:25:18
Restore point made on: 2013-05-07 12:20:36
Restore point made on: 2013-05-12 07:23:54
Restore point made on: 2013-05-13 09:58:19
Restore point made on: 2013-05-16 01:06:21
Restore point made on: 2013-05-16 11:04:15
Restore point made on: 2013-05-18 02:24:10
Restore point made on: 2013-05-19 03:22:06
Restore point made on: 2013-05-21 11:37:37
Restore point made on: 2013-05-24 11:46:53
Restore point made on: 2013-05-25 05:29:05
Restore point made on: 2013-05-26 04:35:52
Restore point made on: 2013-05-27 11:59:48
Restore point made on: 2013-05-28 10:17:16
Restore point made on: 2013-05-30 12:37:35
Restore point made on: 2013-05-31 12:27:36
Restore point made on: 2013-06-01 14:16:05
Restore point made on: 2013-06-02 06:03:02
Restore point made on: 2013-06-06 11:45:06
Restore point made on: 2013-06-08 06:08:53
Restore point made on: 2013-06-08 06:39:39
Restore point made on: 2013-06-08 12:53:57
Restore point made on: 2013-06-09 22:05:26
Restore point made on: 2013-06-11 21:36:28
==================== Memory info ===========================
Percentage of memory in use: 22%
Total physical RAM: 4094.26 MB
Available physical RAM: 3155.86 MB
Total Pagefile: 3726.44 MB
Available Pagefile: 3202.5 MB
Total Virtual: 8192 MB
Available Virtual: 8191.89 MB
==================== Drives ================================
Drive c: (COMPAQ) (Fixed) (Total:581.64 GB) (Free:338.64 GB) NTFS (Disk=0 Partition=1) ==>[Drive with boot components (obtained from BCD)]
Drive d: (FACTORY_IMAGE) (Fixed) (Total:14.53 GB) (Free:2.07 GB) NTFS (Disk=0 Partition=2) ==>[System with boot components (obtained from reading drive)]
Drive g: () (Removable) (Total:0.12 GB) (Free:0.12 GB) FAT (Disk=2 Partition=1)
Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (Size: 596 GB) (Disk ID: 1549F232)
Partition 1: (Active) - (Size=582 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=15 GB) - (Type=07 NTFS)
========================================================
Disk: 2 (MBR Code: Windows XP) (Size: 121 MB) (Disk ID: 2D8A0CB9)
Partition 1: (Not Active) - (Size=120 MB) - (Type=06)
LastRegBack: 2013-06-11 21:01
==================== End Of Log ============================
--- --- --- |
|
13.06.2013, 07:33
| #42 |
| /// the machine /// TB-Ausbilder | TR/ATRAPS.Gen2 gefunden in Windows\installer Drücke bitte die + R Taste und schreibe notepad in das Ausführen Fenster.Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument Code:
ATTFilter Replace: C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6001.18000_none_2b7e5beb85a67240\services.exe C:\Windows\System32\services.exe
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
13.06.2013, 21:21
| #43 |
| | TR/ATRAPS.Gen2 gefunden in Windows\installerCode:
ATTFilter Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 11-06-2013 03
Ran by SYSTEM at 2013-06-13 22:14:56 Run:3
Running from F:\
Boot Mode: Recovery
==============================================
C:\Windows\System32\services.exe => Moved successfully.
C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6001.18000_none_2b7e5beb85a67240\services.exe copied successfully to C:\Windows\System32\services.exe
==== End of Fixlog ====<
|
|
14.06.2013, 06:53
| #44 |
| /// the machine /// TB-Ausbilder | TR/ATRAPS.Gen2 gefunden in Windows\installer Sehr schön. bitte ein neues FRST Log aus dem normalen Modus, ebenso ein frisches Combofix Log.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
14.06.2013, 07:22
| #45 |
| | TR/ATRAPS.Gen2 gefunden in Windows\installerFRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 11-06-2013 03
Ran by XXX (administrator) on 14-06-2013 08:07:31
Running from C:\Users\XXX\Desktop
Windows Vista (TM) Home Premium Service Pack 2 (X64) OS Language: German Standard
Internet Explorer Version 9
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(Microsoft Corporation) C:\Windows\system32\SLsvc.exe
(Sophos Limited) C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SavService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(Cisco Systems, Inc.) C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe
(SEIKO EPSON CORPORATION) C:\Program Files (x86)\Common Files\EPSON\EBAPI\eEBSVC.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
(ABBYY) C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
() C:\Windows\SysWOW64\ASGT.exe
(AVM Berlin) C:\Program Files (x86)\avmwlanstick\WlanNetService.exe
(Apple Inc.) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Hauppauge Computer Works) C:\PROGRA~2\WinTV\TVServer\HAUPPA~1.EXE
(Hewlett-Packard Company) c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
() C:\Program Files (x86)\MATLAB71\webserver\bin\win32\matlabserver.exe
(Hauppauge Computer Works) C:\PROGRA~2\WinTV\TVServer\CAPTUR~4.EXE
(The MathWorks Inc.) C:\Program Files (x86)\MATLAB71\bin\win32\MATLAB.exe
(PostgreSQL Global Development Group) C:\Program Files (x86)\PostgreSQL\8.4\bin\pg_ctl.exe
(Sophos Limited) C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SAVAdminService.exe
(PostgreSQL Global Development Group) C:\Program Files (x86)\PostgreSQL\8.4\bin\postgres.exe
(PostgreSQL Global Development Group) C:\Program Files (x86)\PostgreSQL\8.4\bin\postgres.exe
(PostgreSQL Global Development Group) C:\Program Files (x86)\PostgreSQL\8.4\bin\postgres.exe
(PostgreSQL Global Development Group) C:\Program Files (x86)\PostgreSQL\8.4\bin\postgres.exe
(PostgreSQL Global Development Group) C:\Program Files (x86)\PostgreSQL\8.4\bin\postgres.exe
(Skype Technologies S.A.) C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
(Sophos Limited) C:\Program Files (x86)\Sophos\AutoUpdate\ALsvc.exe
(Sophos Limited) C:\Program Files (x86)\Sophos\Sophos Anti-Virus\Web Intelligence\swi_service.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(Safer Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
() C:\Users\XXX\Local Settings\Apps\F.lux\flux.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(AVM Berlin) C:\Program Files (x86)\avmwlanstick\WLanGUI.exe
(Dropbox, Inc.) C:\Users\XXX\AppData\Roaming\Dropbox\bin\Dropbox.exe
(SEIKO EPSON CORPORATION) C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe
(Logitech Inc.) C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe
(Adobe Systems Inc.) C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\acrotray.exe
() C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
(Cisco Systems, Inc.) C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe
(Sophos Limited) C:\Program Files (x86)\Sophos\AutoUpdate\ALMon.exe
() C:\Program Files (x86)\Logitech\LWS\Webcam Software\CameraHelperShell.exe
(Microsoft Corporation) C:\Windows\system32\msiexec.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [AdobeAAMUpdater-1.0] "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [444904 2012-09-20] (Adobe Systems Incorporated)
HKCU\...\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun [1555968 2009-04-11] (Microsoft Corporation)
HKCU\...\Run: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe [2260480 2009-03-05] (Safer-Networking Ltd.)
HKCU\...\Run: [F.lux] "C:\Users\XXX\Local Settings\Apps\F.lux\flux.exe" /noshow [966656 2009-08-29] ()
HKCU\...\Run: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun [18678376 2013-05-09] (Skype Technologies S.A.)
HKLM-x32\...\Run: [AVMWlanClient] "C:\Program Files (x86)\avmwlanstick\wlangui.exe" [2105344 2010-10-22] (AVM Berlin)
HKLM-x32\...\Run: [EEventManager] "C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe" [979328 2010-10-12] (SEIKO EPSON CORPORATION)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [41056 2013-05-08] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [30040 2009-02-26] (Microsoft Corporation)
HKLM-x32\...\Run: [LWS] C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe -hide [204136 2012-09-13] (Logitech Inc.)
HKLM-x32\...\Run: [] [x]
HKLM-x32\...\Run: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Acrotray.exe" [3478600 2013-05-11] (Adobe Systems Inc.)
HKLM-x32\...\Run: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW [1263952 2013-02-13] ()
HKLM-x32\...\Run: [DivXMediaServer] "C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe" [450560 2013-04-15] (DivX, LLC)
HKLM-x32\...\Run: [Cisco AnyConnect Secure Mobility Agent for Windows] "C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe" -minimized [685048 2012-08-03] (Cisco Systems, Inc.)
HKLM-x32\...\Run: [Sophos AutoUpdate Monitor] C:\Program Files (x86)\Sophos\AutoUpdate\almon.exe [928832 2012-11-12] (Sophos Limited)
HKU\Default\...\Run: [HPADVISOR] c:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe autorun=AUTORUN [x]
HKU\Default User\...\Run: [HPADVISOR] c:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe autorun=AUTORUN [x]
HKU\UpdatusUser\...\Run: [HPADVISOR] c:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe autorun=AUTORUN [x]
AppInit_DLLs: C:\PROGRA~2\Sophos\SOPHOS~1\SOPHOS~2.DLL [218256 2012-09-21] (Sophos Limited)
Startup: C:\Users\XXX\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\XXX\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\Windows\System32\webcheck.dll (Microsoft Corporation)
SSODL-x32: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\Windows\SysWOW64\webcheck.dll (Microsoft Corporation)
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_de&c=93&bd=Presario&pf=cndt
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_de&c=93&bd=Presario&pf=cndt
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_de&c=93&bd=Presario&pf=cndt
HKLM SearchScopes: DefaultScope {017A66CC-3985-4911-A97F-FECB0BCC95B0} URL = hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=1145&query={searchTerms}&invocationType=tb50hpcndtie7-de-de
SearchScopes: HKLM - {017A66CC-3985-4911-A97F-FECB0BCC95B0} URL = hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=1145&query={searchTerms}&invocationType=tb50hpcndtie7-de-de
SearchScopes: HKLM - {58235107-16C5-49E2-98F1-21B363368353} URL = hxxp://de.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=cb-hp06&type=ie2008
SearchScopes: HKLM - {9E85F70F-E0D6-4AD4-823C-1BC5B6AE763C} URL = hxxp://de.kelkoopartners.net/ctl/do/search?siteSearchQuery={searchTerms}&fromform=true&x=true&y=true&partner=hp&partnerId=96913933
HKLM-x32 SearchScopes: DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
HKCU SearchScopes: DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://search.live.com/results.aspx?q={searchTerms}&src=IE-SearchBox&Form=IE8SRC
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://search.live.com/results.aspx?q={searchTerms}&src=IE-SearchBox&Form=IE8SRC
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files (x86)\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION / CyCom Technology Corp.)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~4\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: DivX Plus Web Player HTML5 <video> - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
BHO-x32: Winload Toolbar - {40c3cc16-7269-4b32-9531-17f2950fb06f} - C:\Program Files (x86)\Winload\prxtbWinl.dll (Conduit Ltd.)
BHO-x32: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll (Safer Networking Limited)
BHO-x32: SwissAcademic.Citavi.Picker.IEPicker - {609D670F-B735-4da7-AC6D-F3BD358E325E} - C:\Windows\\SysWOW64\mscoree.dll (Microsoft Corporation)
BHO-x32: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.6.0_22\bin\ssv.dll (Sun Microsystems, Inc.)
BHO-x32: Windows Live ID-Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - No File
BHO-x32: Adobe Acrobat Create PDF Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
BHO-x32: Skype Browser Helper - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~2\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre1.6.0_22\bin\jp2ssv.dll (Sun Microsystems, Inc.)
BHO-x32: Adobe Acrobat Create PDF from Selection - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKLM - Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files (x86)\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION / CyCom Technology Corp.)
Toolbar: HKLM - No Name - {ae07101b-46d4-4a98-af68-0333ea26e113} - No File
Toolbar: HKLM-x32 - Winload Toolbar - {40c3cc16-7269-4b32-9531-17f2950fb06f} - C:\Program Files (x86)\Winload\prxtbWinl.dll (Conduit Ltd.)
Toolbar: HKLM-x32 - No Name - {ae07101b-46d4-4a98-af68-0333ea26e113} - No File
Toolbar: HKLM-x32 - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKCU - No Name - {40C3CC16-7269-4B32-9531-17F2950FB06F} - No File
Toolbar: HKCU - No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No File
DPF: HKLM-x32 {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: msdaipp - No CLSID Value -
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - No File
Handler-x32: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files (x86)\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
Handler-x32: msdaipp - No CLSID Value -
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
Winsock: Catalog5 01 %SystemRoot%\System32\mswsock.dll [223232] (Microsoft Corporation) ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"
Winsock: Catalog9 01 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll [88128] (Sophos Limited)
Winsock: Catalog9 02 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll [88128] (Sophos Limited)
Winsock: Catalog9 03 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll [88128] (Sophos Limited)
Winsock: Catalog9 04 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll [88128] (Sophos Limited)
Winsock: Catalog9 05 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll [88128] (Sophos Limited)
Winsock: Catalog9 06 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll [88128] (Sophos Limited)
Winsock: Catalog9 07 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll [88128] (Sophos Limited)
Winsock: Catalog9 08 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll [88128] (Sophos Limited)
Winsock: Catalog9 19 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll [88128] (Sophos Limited)
Winsock: Catalog5-x64 01 %SystemRoot%\System32\mswsock.dll [304128] (Microsoft Corporation) ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"
Winsock: Catalog9-x64 01 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll [131648] (Sophos Limited)
Winsock: Catalog9-x64 02 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll [131648] (Sophos Limited)
Winsock: Catalog9-x64 03 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll [131648] (Sophos Limited)
Winsock: Catalog9-x64 04 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll [131648] (Sophos Limited)
Winsock: Catalog9-x64 05 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll [131648] (Sophos Limited)
Winsock: Catalog9-x64 06 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll [131648] (Sophos Limited)
Winsock: Catalog9-x64 07 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll [131648] (Sophos Limited)
Winsock: Catalog9-x64 08 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll [131648] (Sophos Limited)
Winsock: Catalog9-x64 19 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll [131648] (Sophos Limited)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1
Tcpip\..\Interfaces\{F5DAF58B-FD6E-43BF-900F-80EF1CCBA83A}: [NameServer]130.149.7.7 130.149.7.7
FireFox:
========
FF ProfilePath: C:\Users\XXX\AppData\Roaming\Mozilla\Firefox\Profiles\jcwd05qk.default
FF Homepage: hxxp://www.google.de/
FF Keyword.URL: hxxp://www.google.de/search?q=
FF NetworkProxy: "http", "50.22.206.179"
FF NetworkProxy: "http_port", 8080
FF NetworkProxy: "no_proxies_on", ""
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_7_700_224.dll ()
FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 - C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~4\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin: adobe.com/AdobeAAMDetect - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll (Adobe Systems)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @divx.com/DivX Plus Web Player Plug-In,version=1.0.0 - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF Plugin-x32: @divx.com/DivX VOD Helper,version=1.0.0 - C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin-x32: @java.com/DTPlugin,version=1.6.0_38 - C:\Windows\SysWOW64\npdeployJava1.dll (Sun Microsystems, Inc.)
FF Plugin-x32: @java.com/JavaPlugin - C:\Program Files (x86)\Java\jre1.6.0_22\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeLive,version=1.5 - C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WPF,version=3.5 - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: Adobe Acrobat - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll (Adobe Systems)
FF Extension: FoxyProxy Basic - C:\Users\XXX\AppData\Roaming\Mozilla\Firefox\Profiles\jcwd05qk.default\Extensions\foxyproxy@eric.h.jung
FF Extension: Microsoft .NET Framework Assistant - C:\Users\XXX\AppData\Roaming\Mozilla\Firefox\Profiles\jcwd05qk.default\Extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF Extension: No Name - C:\Users\XXX\AppData\Roaming\Mozilla\Firefox\Profiles\jcwd05qk.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
FF Extension: No Name - C:\Users\XXX\AppData\Roaming\Mozilla\Firefox\Profiles\jcwd05qk.default\Extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}.xpi
==================== Services (Whitelisted) =================
R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [128752 2010-06-29] (SUPERAntiSpyware.com)
R2 ABBYY.Licensing.FineReader.Sprint.9.0; C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe [759048 2009-05-14] (ABBYY)
R2 Apple Mobile Device; C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [144672 2009-08-28] (Apple Inc.)
R2 ASGT; C:\Windows\SysWOW64\ASGT.exe [55296 2012-01-17] ()
R2 AVM WLAN Connection Service; C:\Program Files (x86)\avmwlanstick\WlanNetService.exe [376832 2010-10-22] (AVM Berlin)
R2 HauppaugeTVServer; C:\PROGRA~2\WinTV\TVServer\HAUPPA~1.EXE [602624 2010-03-29] (Hauppauge Computer Works)
R2 matlabserver; C:\Program Files (x86)\MATLAB71\webserver\bin\win32\matlabserver.exe [536576 2005-07-27] ()
R2 SAVAdminService; C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SAVAdminService.exe [216640 2012-11-12] (Sophos Limited)
R2 SAVService; C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SavService.exe [159296 2012-09-21] (Sophos Limited)
R2 SBSDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [1153368 2009-01-26] (Safer Networking Ltd.)
R2 swi_service; C:\Program Files (x86)\Sophos\Sophos Anti-Virus\Web Intelligence\swi_service.exe [2878016 2012-11-12] (Sophos Limited)
S2 swi_update_64; C:\ProgramData\Sophos\Web Intelligence\swi_update_64.exe [2010688 2012-11-12] (Sophos Limited)
R2 ezSharedSvc; C:\Windows\System32\ezsvc7.dll [x]
S2 Norton Internet Security; "C:\Program Files (x86)\Norton Internet Security\Engine\16.0.0.125\ccSvcHst.exe" /s "Norton Internet Security" /m "C:\Program Files (x86)\Norton Internet Security\Engine\16.0.0.125\diMaster.dll" /prefetch:1 [x]
R2 postgresql-8.4; C:/Program Files (x86)/PostgreSQL/8.4/bin/pg_ctl.exe runservice -N "postgresql-8.4" -D "C:/Program Files (x86)/PostgreSQL/8.4/data" -w [x]
==================== Drivers (Whitelisted) ====================
S3 acsint; C:\Windows\System32\DRIVERS\acsint64.sys [45480 2012-08-03] (Cisco Systems, Inc.)
S3 acsmux; C:\Windows\System32\DRIVERS\acsmux64.sys [69544 2012-08-03] (Cisco Systems, Inc.)
S3 avmeject; C:\Windows\System32\drivers\avmeject.sys [14120 2010-10-22] (AVM Berlin)
R3 fwlanusbn; C:\Windows\System32\DRIVERS\fwlanusbn.sys [714368 2010-10-22] (AVM GmbH)
R3 hcw95bda; C:\Windows\System32\Drivers\hcw95bda.sys [658944 2011-04-04] (Hauppauge Computer Works, Inc.)
R3 hcw95rc; C:\Windows\System32\DRIVERS\hcw95rc.sys [19840 2011-04-04] (Hauppauge Computer Works, Inc.)
R1 LUMDriver; C:\Windows\system32\drivers\LUMDriver.sys [24848 2008-01-02] (IBM)
R1 LUMDriver; C:\Windows\system32\drivers\LUMDriver.sys [24848 2008-01-02] (IBM)
S3 NVFLASH; C:\Windows\system32\drivers\nvflash.sys [15168 2012-03-10] ()
S3 NVFLASH; C:\Windows\system32\drivers\nvflash.sys [15168 2012-03-10] ()
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14920 2010-02-17] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14920 2010-02-17] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12360 2010-02-17] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12360 2010-02-17] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SAVOnAccess; C:\Windows\System32\DRIVERS\savonaccess.sys [154952 2012-09-21] (Sophos Limited)
S4 SophosBootDriver; C:\Windows\System32\DRIVERS\SophosBootDriver.sys [25608 2012-08-14] (Sophos Plc)
S1 Beep; No ImagePath
S3 catchme; \??\C:\ComboFix\catchme.sys [x]
S0 ildid; system32\drivers\icbpzwk.sys [x]
S3 IpInIp; system32\DRIVERS\ipinip.sys [x]
S3 lvpepf64; system32\DRIVERS\lv302a64.sys [x]
S3 LVPr2M64; system32\DRIVERS\LVPr2M64.sys [x]
S3 LVUSBS64; system32\drivers\LVUSBS64.sys [x]
S3 NAVENG; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20081126.003\ENG64.SYS [x]
S3 NAVEX15; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20081126.003\EX64.SYS [x]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [x]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [x]
S3 PID_PEPI; system32\DRIVERS\LV302V64.SYS [x]
S0 sboliv; system32\drivers\giecpry.sys [x]
S1 SRTSP; \??\C:\Windows\system32\drivers\NISx64\1000000.07D\SRTSP64.SYS [x]
S1 SRTSPX; \??\C:\Windows\system32\drivers\NISx64\1000000.07D\SRTSPX64.SYS [x]
S0 yyca; system32\drivers\txgtym.sys [x]
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2013-06-14 08:15 - 2013-06-14 08:15 - 05080197 ____A (Swearware) C:\Users\XXX\Desktop\ComboFix.exe
2013-06-14 08:12 - 2013-06-14 08:13 - 00000000 ___SD C:\NoMBR
2013-06-13 23:26 - 2013-06-13 23:26 - 00000000 ____D C:\Users\XXX\Desktop2013-06-13 22:54 - 2012-09-21 12:13 - 00037440 ____A (Sophos Limited) C:\Windows\System32\sophosboottasks.exe
2013-06-13 22:53 - 2013-06-14 08:10 - 00000000 ____D C:\ProgramData\Sophos
2013-06-13 22:53 - 2013-06-14 08:10 - 00000000 ____D C:\Program Files (x86)\Sophos
2013-06-13 22:39 - 2013-06-13 22:39 - 00000000 ____D C:\savw_102_sa
2013-06-13 22:39 - 2012-09-21 12:13 - 00154952 ____A (Sophos Limited) C:\Windows\System32\Drivers\savonaccess.sys
2013-06-13 22:39 - 2012-08-14 18:07 - 00025608 ____A (Sophos Plc) C:\Windows\System32\Drivers\SophosBootDriver.sys
2013-06-13 22:27 - 2013-06-13 22:32 - 104043216 ____A C:\Users\XXX\Desktop\escw_102_sa_sfx.exe
2013-06-13 22:26 - 2013-06-13 22:31 - 99026344 ____A C:\Users\XXX\Desktop\savw_102_sa_sfx.exe
2013-06-10 22:53 - 2013-06-10 22:58 - 00020507 ____A C:\ComboFix.txt
2013-06-10 19:03 - 2013-06-14 08:13 - 00000000 ___SD C:\32788R22FWJFW
2013-06-10 08:06 - 2013-05-05 23:36 - 17818624 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2013-06-10 08:06 - 2013-05-05 23:16 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2013-06-10 08:06 - 2013-05-05 21:25 - 12324864 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-06-10 08:06 - 2013-05-05 21:12 - 02382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-06-09 19:58 - 2013-06-09 19:58 - 00000000 ____D C:\FRST
2013-06-09 19:56 - 2013-06-11 20:45 - 01920158 ____A (Farbar) C:\Users\XXX\Desktop\FRST64.exe
2013-06-09 12:57 - 2011-06-26 08:45 - 00256000 ____A C:\Windows\PEV.exe
2013-06-09 12:57 - 2010-11-07 19:20 - 00208896 ____A C:\Windows\MBR.exe
2013-06-09 12:57 - 2000-08-31 02:00 - 00518144 ____A (SteelWerX) C:\Windows\SWREG.exe
2013-06-09 12:57 - 2000-08-31 02:00 - 00406528 ____A (SteelWerX) C:\Windows\SWSC.exe
2013-06-09 12:57 - 2000-08-31 02:00 - 00098816 ____A C:\Windows\sed.exe
2013-06-09 12:57 - 2000-08-31 02:00 - 00080412 ____A C:\Windows\grep.exe
2013-06-09 12:57 - 2000-08-31 02:00 - 00068096 ____A C:\Windows\zip.exe
2013-06-09 12:53 - 2013-06-14 08:13 - 00000000 ____D C:\Qoobox
2013-06-09 12:53 - 2013-06-10 22:47 - 00000000 ____D C:\Windows\erdnt
2013-06-08 22:57 - 2013-06-08 22:57 - 10926080 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2013-06-08 22:57 - 2013-06-08 22:57 - 09738752 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-06-08 22:57 - 2013-06-08 22:57 - 03695416 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dat
2013-06-08 22:57 - 2013-06-08 22:57 - 03695416 ____A (Microsoft Corporation) C:\Windows\System32\ieapfltr.dat
2013-06-08 22:57 - 2013-06-08 22:57 - 02312704 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2013-06-08 22:57 - 2013-06-08 22:57 - 02147840 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2013-06-08 22:57 - 2013-06-08 22:57 - 01800704 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-06-08 22:57 - 2013-06-08 22:57 - 01796096 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-06-08 22:57 - 2013-06-08 22:57 - 01494528 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2013-06-08 22:57 - 2013-06-08 22:57 - 01427968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2013-06-08 22:57 - 2013-06-08 22:57 - 01392128 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2013-06-08 22:57 - 2013-06-08 22:57 - 01346560 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2013-06-08 22:57 - 2013-06-08 22:57 - 01129472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-06-08 22:57 - 2013-06-08 22:57 - 01104384 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-06-08 22:57 - 2013-06-08 22:57 - 00816640 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2013-06-08 22:57 - 2013-06-08 22:57 - 00729088 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2013-06-08 22:57 - 2013-06-08 22:57 - 00717824 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-06-08 22:57 - 2013-06-08 22:57 - 00607744 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-06-08 22:57 - 2013-06-08 22:57 - 00599040 ____A (Microsoft Corporation) C:\Windows\System32\vbscript.dll
2013-06-08 22:57 - 2013-06-08 22:57 - 00534528 ____A (Microsoft Corporation) C:\Windows\System32\ieapfltr.dll
2013-06-08 22:57 - 2013-06-08 22:57 - 00452608 ____A (Microsoft Corporation) C:\Windows\System32\dxtmsft.dll
2013-06-08 22:57 - 2013-06-08 22:57 - 00448512 ____A (Microsoft Corporation) C:\Windows\System32\html.iec
2013-06-08 22:57 - 2013-06-08 22:57 - 00434176 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2013-06-08 22:57 - 2013-06-08 22:57 - 00420864 ____A (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2013-06-08 22:57 - 2013-06-08 22:57 - 00403248 ____A (Microsoft Corporation) C:\Windows\System32\iedkcs32.dll
2013-06-08 22:57 - 2013-06-08 22:57 - 00367104 ____A (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2013-06-08 22:57 - 2013-06-08 22:57 - 00353792 ____A (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2013-06-08 22:57 - 2013-06-08 22:57 - 00353584 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2013-06-08 22:57 - 2013-06-08 22:57 - 00282112 ____A (Microsoft Corporation) C:\Windows\System32\dxtrans.dll
2013-06-08 22:57 - 2013-06-08 22:57 - 00267776 ____A (Microsoft Corporation) C:\Windows\System32\ieaksie.dll
2013-06-08 22:57 - 2013-06-08 22:57 - 00249344 ____A (Microsoft Corporation) C:\Windows\System32\webcheck.dll
2013-06-08 22:57 - 2013-06-08 22:57 - 00248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2013-06-08 22:57 - 2013-06-08 22:57 - 00237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2013-06-08 22:57 - 2013-06-08 22:57 - 00231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2013-06-08 22:57 - 2013-06-08 22:57 - 00227840 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieaksie.dll
2013-06-08 22:57 - 2013-06-08 22:57 - 00223232 ____A (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2013-06-08 22:57 - 2013-06-08 22:57 - 00222208 ____A (Microsoft Corporation) C:\Windows\System32\msls31.dll
2013-06-08 22:57 - 2013-06-08 22:57 - 00203776 ____A (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2013-06-08 22:57 - 2013-06-08 22:57 - 00197120 ____A (Microsoft Corporation) C:\Windows\System32\msrating.dll
2013-06-08 22:57 - 2013-06-08 22:57 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-06-08 22:57 - 2013-06-08 22:57 - 00173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2013-06-08 22:57 - 2013-06-08 22:57 - 00165888 ____A (Microsoft Corporation) C:\Windows\System32\iexpress.exe
2013-06-08 22:57 - 2013-06-08 22:57 - 00163840 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieakui.dll
2013-06-08 22:57 - 2013-06-08 22:57 - 00163840 ____A (Microsoft Corporation) C:\Windows\System32\ieakui.dll
2013-06-08 22:57 - 2013-06-08 22:57 - 00162304 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2013-06-08 22:57 - 2013-06-08 22:57 - 00161792 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msls31.dll
2013-06-08 22:57 - 2013-06-08 22:57 - 00160256 ____A (Microsoft Corporation) C:\Windows\System32\wextract.exe
2013-06-08 22:57 - 2013-06-08 22:57 - 00160256 ____A (Microsoft Corporation) C:\Windows\System32\ieakeng.dll
2013-06-08 22:57 - 2013-06-08 22:57 - 00152064 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wextract.exe
2013-06-08 22:57 - 2013-06-08 22:57 - 00150528 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iexpress.exe
2013-06-08 22:57 - 2013-06-08 22:57 - 00149504 ____A (Microsoft Corporation) C:\Windows\System32\occache.dll
2013-06-08 22:57 - 2013-06-08 22:57 - 00145920 ____A (Microsoft Corporation) C:\Windows\System32\iepeers.dll
2013-06-08 22:57 - 2013-06-08 22:57 - 00142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2013-06-08 22:57 - 2013-06-08 22:57 - 00136192 ____A (Microsoft Corporation) C:\Windows\System32\advpack.dll
2013-06-08 22:57 - 2013-06-08 22:57 - 00135168 ____A (Microsoft Corporation) C:\Windows\System32\IEAdvpack.dll
2013-06-08 22:57 - 2013-06-08 22:57 - 00130560 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieakeng.dll
2013-06-08 22:57 - 2013-06-08 22:57 - 00123392 ____A (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2013-06-08 22:57 - 2013-06-08 22:57 - 00118784 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
2013-06-08 22:57 - 2013-06-08 22:57 - 00114176 ____A (Microsoft Corporation) C:\Windows\SysWOW64\advpack.dll
2013-06-08 22:57 - 2013-06-08 22:57 - 00114176 ____A (Microsoft Corporation) C:\Windows\System32\admparse.dll
2013-06-08 22:57 - 2013-06-08 22:57 - 00111616 ____A (Microsoft Corporation) C:\Windows\System32\iesysprep.dll
2013-06-08 22:57 - 2013-06-08 22:57 - 00110592 ____A (Microsoft Corporation) C:\Windows\SysWOW64\IEAdvpack.dll
2013-06-08 22:57 - 2013-06-08 22:57 - 00103936 ____A (Microsoft Corporation) C:\Windows\System32\inseng.dll
2013-06-08 22:57 - 2013-06-08 22:57 - 00101888 ____A (Microsoft Corporation) C:\Windows\SysWOW64\admparse.dll
2013-06-08 22:57 - 2013-06-08 22:57 - 00096768 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2013-06-08 22:57 - 2013-06-08 22:57 - 00091648 ____A (Microsoft Corporation) C:\Windows\System32\SetIEInstalledDate.exe
2013-06-08 22:57 - 2013-06-08 22:57 - 00089088 ____A (Microsoft Corporation) C:\Windows\System32\RegisterIEPKEYs.exe
2013-06-08 22:57 - 2013-06-08 22:57 - 00089088 ____A (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe
2013-06-08 22:57 - 2013-06-08 22:57 - 00086528 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-06-08 22:57 - 2013-06-08 22:57 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2013-06-08 22:57 - 2013-06-08 22:57 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\iesetup.dll
2013-06-08 22:57 - 2013-06-08 22:57 - 00082432 ____A (Microsoft Corporation) C:\Windows\System32\icardie.dll
2013-06-08 22:57 - 2013-06-08 22:57 - 00078848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2013-06-08 22:57 - 2013-06-08 22:57 - 00076800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\SetIEInstalledDate.exe
2013-06-08 22:57 - 2013-06-08 22:57 - 00076800 ____A (Microsoft Corporation) C:\Windows\System32\tdc.ocx
2013-06-08 22:57 - 2013-06-08 22:57 - 00074752 ____A (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-06-08 22:57 - 2013-06-08 22:57 - 00074752 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-06-08 22:57 - 2013-06-08 22:57 - 00074240 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ie4uinit.exe
2013-06-08 22:57 - 2013-06-08 22:57 - 00073216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2013-06-08 22:57 - 2013-06-08 22:57 - 00066048 ____A (Microsoft Corporation) C:\Windows\SysWOW64\icardie.dll
2013-06-08 22:57 - 2013-06-08 22:57 - 00065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-06-08 22:57 - 2013-06-08 22:57 - 00065024 ____A (Microsoft Corporation) C:\Windows\System32\pngfilt.dll
2013-06-08 22:57 - 2013-06-08 22:57 - 00063488 ____A (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx
2013-06-08 22:57 - 2013-06-08 22:57 - 00055296 ____A (Microsoft Corporation) C:\Windows\System32\msfeedsbs.dll
2013-06-08 22:57 - 2013-06-08 22:57 - 00054272 ____A (Microsoft Corporation) C:\Windows\SysWOW64\pngfilt.dll
2013-06-08 22:57 - 2013-06-08 22:57 - 00049664 ____A (Microsoft Corporation) C:\Windows\System32\imgutil.dll
2013-06-08 22:57 - 2013-06-08 22:57 - 00048640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmler.dll
2013-06-08 22:57 - 2013-06-08 22:57 - 00048640 ____A (Microsoft Corporation) C:\Windows\System32\mshtmler.dll
2013-06-08 22:57 - 2013-06-08 22:57 - 00041472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll
2013-06-08 22:57 - 2013-06-08 22:57 - 00039936 ____A (Microsoft Corporation) C:\Windows\System32\iernonce.dll
2013-06-08 22:57 - 2013-06-08 22:57 - 00035840 ____A (Microsoft Corporation) C:\Windows\SysWOW64\imgutil.dll
2013-06-08 22:57 - 2013-06-08 22:57 - 00031744 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-06-08 22:57 - 2013-06-08 22:57 - 00030720 ____A (Microsoft Corporation) C:\Windows\System32\licmgr10.dll
2013-06-08 22:57 - 2013-06-08 22:57 - 00023552 ____A (Microsoft Corporation) C:\Windows\SysWOW64\licmgr10.dll
2013-06-08 22:57 - 2013-06-08 22:57 - 00012288 ____A (Microsoft Corporation) C:\Windows\System32\mshta.exe
2013-06-08 22:57 - 2013-06-08 22:57 - 00011776 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe
2013-06-08 22:57 - 2013-06-08 22:57 - 00010752 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe
2013-06-08 22:57 - 2013-06-08 22:57 - 00010752 ____A (Microsoft Corporation) C:\Windows\System32\msfeedssync.exe
2013-06-08 22:51 - 2013-06-09 00:00 - 00010750 ____A C:\Windows\IE9_main.log
2013-06-08 21:56 - 2013-06-08 21:56 - 00000000 ____D C:\TDSSKiller_Quarantine
2013-06-03 20:03 - 2013-06-03 20:03 - 00000845 ____A C:\Users\UpdatusUser\Desktop\PDF Password Remover v3.1.lnk
2013-06-03 20:03 - 2013-06-03 20:03 - 00000845 ____A C:\Users\postgres\Desktop\PDF Password Remover v3.1.lnk
2013-06-03 20:03 - 2013-06-03 20:03 - 00000845 ____A C:\Users\elephant\Desktop\PDF Password Remover v3.1.lnk
2013-06-03 19:47 - 2013-06-03 20:01 - 00000000 ____D C:\Program Files (x86)\BeCyPDFMetaEdit
2013-05-22 22:55 - 2013-05-22 23:19 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-05-21 09:01 - 2013-04-25 14:17 - 00025363 ____A C:\Users\XXX\Desktop\Auswertung Gesamtenergieabgabe zu Tech_Report_E-0925_07.xlsx
2013-05-19 18:54 - 2013-05-19 18:54 - 00000154 ____A C:\Users\XXX\.appletviewer
2013-05-19 13:22 - 2013-05-19 13:22 - 00000000 ____D C:\Users\XXX\AppData\Local\Cisco
2013-05-19 13:22 - 2013-05-19 13:22 - 00000000 ____D C:\ProgramData\Cisco
2013-05-19 13:22 - 2013-05-19 13:22 - 00000000 ____D C:\Program Files (x86)\Cisco
2013-05-15 23:55 - 2013-05-15 23:55 - 00000000 ____A C:\END
2013-05-15 23:02 - 2013-04-15 16:17 - 00901496 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\dxgkrnl.sys
2013-05-15 23:02 - 2013-04-13 05:34 - 00047104 ____A (Microsoft Corporation) C:\Windows\System32\cdd.dll
2013-05-15 23:02 - 2013-04-09 03:55 - 02774016 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
==================== One Month Modified Files and Folders =======
2013-06-14 08:15 - 2013-06-14 08:15 - 05080197 ____A (Swearware) C:\Users\XXX\Desktop\ComboFix.exe
2013-06-14 08:13 - 2013-06-14 08:12 - 00000000 ___SD C:\NoMBR
2013-06-14 08:13 - 2013-06-10 19:03 - 00000000 ___SD C:\32788R22FWJFW
2013-06-14 08:13 - 2013-06-09 12:53 - 00000000 ____D C:\Qoobox
2013-06-14 08:10 - 2013-06-13 22:53 - 00000000 ____D C:\ProgramData\Sophos
2013-06-14 08:10 - 2013-06-13 22:53 - 00000000 ____D C:\Program Files (x86)\Sophos
2013-06-14 08:04 - 2009-07-22 10:36 - 01553072 ____A C:\Windows\WindowsUpdate.log
2013-06-14 08:03 - 2011-12-12 03:10 - 00000000 ____D C:\Users\XXX\AppData\Roaming\Dropbox
2013-06-14 08:02 - 2011-12-12 03:13 - 00000000 ___RD C:\Users\XXX\Dropbox
2013-06-14 08:00 - 2006-11-02 17:42 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2013-06-14 08:00 - 2006-11-02 17:22 - 00003616 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2013-06-14 08:00 - 2006-11-02 17:22 - 00003616 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2013-06-14 07:59 - 2009-05-19 06:30 - 00000000 ____D C:\ProgramData\NVIDIA
2013-06-14 00:54 - 2006-11-02 17:42 - 00032632 ____A C:\Windows\Tasks\SCHEDLGU.TXT
2013-06-14 00:46 - 2012-04-26 14:59 - 00000884 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-06-13 23:46 - 2012-04-26 14:59 - 00692104 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-06-13 23:46 - 2011-07-06 09:40 - 00071048 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-06-13 23:28 - 2009-05-19 14:37 - 00674972 ____A C:\Windows\System32\perfh007.dat
2013-06-13 23:28 - 2009-05-19 14:37 - 00145640 ____A C:\Windows\System32\perfc007.dat
2013-06-13 23:28 - 2006-11-02 14:46 - 01568730 ____A C:\Windows\System32\PerfStringBackup.INI
2013-06-13 23:26 - 2013-06-13 23:26 - 00000000 ____D C:\Users\XXX\Desktop\Minitab v16
2013-06-13 23:26 - 2012-02-22 19:11 - 00005364 ____A C:\Windows\setupact.log
2013-06-13 22:39 - 2013-06-13 22:39 - 00000000 ____D C:\savw_102_sa
2013-06-13 22:32 - 2013-06-13 22:27 - 104043216 ____A C:\Users\XXX\Desktop\escw_102_sa_sfx.exe
2013-06-13 22:31 - 2013-06-13 22:26 - 99026344 ____A C:\Users\XXX\Desktop\savw_102_sa_sfx.exe
2013-06-13 22:19 - 2011-04-25 19:40 - 00000000 ____D C:\Users\XXX\AppData\Roaming\Skype
2013-06-11 20:45 - 2013-06-09 19:56 - 01920158 ____A (Farbar) C:\Users\XXX\Desktop\FRST64.exe
2013-06-11 07:53 - 2012-02-11 13:15 - 00120544 ____A C:\Windows\PFRO.log
2013-06-10 22:58 - 2013-06-10 22:53 - 00020507 ____A C:\ComboFix.txt
2013-06-10 22:47 - 2013-06-09 12:53 - 00000000 ____D C:\Windows\erdnt
2013-06-10 22:47 - 2006-11-02 14:34 - 00000215 ____A C:\Windows\system.ini
2013-06-09 19:58 - 2013-06-09 19:58 - 00000000 ____D C:\FRST
2013-06-09 19:01 - 2006-11-02 15:33 - 00000000 __RHD C:\users\Default
2013-06-09 13:03 - 2006-11-02 15:33 - 00000000 ____D C:\Windows\rescache
2013-06-09 12:38 - 2012-05-08 18:07 - 00000000 ____D C:\Program Files (x86)\2012MalwarebytesAnti-Malware
2013-06-09 00:59 - 2006-11-02 15:33 - 00000000 ___RD C:\Windows\Offline Web Pages
2013-06-09 00:59 - 2006-11-02 15:33 - 00000000 ____D C:\Windows\PolicyDefinitions
2013-06-09 00:00 - 2013-06-08 22:51 - 00010750 ____A C:\Windows\IE9_main.log
2013-06-08 23:59 - 2012-05-08 18:07 - 00000928 ____A C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2013-06-08 22:57 - 2013-06-08 22:57 - 10926080 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2013-06-08 22:57 - 2013-06-08 22:57 - 09738752 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-06-08 22:57 - 2013-06-08 22:57 - 03695416 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dat
2013-06-08 22:57 - 2013-06-08 22:57 - 03695416 ____A (Microsoft Corporation) C:\Windows\System32\ieapfltr.dat
2013-06-08 22:57 - 2013-06-08 22:57 - 02312704 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2013-06-08 22:57 - 2013-06-08 22:57 - 02147840 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2013-06-08 22:57 - 2013-06-08 22:57 - 01800704 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-06-08 22:57 - 2013-06-08 22:57 - 01796096 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-06-08 22:57 - 2013-06-08 22:57 - 01494528 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2013-06-08 22:57 - 2013-06-08 22:57 - 01427968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2013-06-08 22:57 - 2013-06-08 22:57 - 01392128 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2013-06-08 22:57 - 2013-06-08 22:57 - 01346560 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2013-06-08 22:57 - 2013-06-08 22:57 - 01129472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-06-08 22:57 - 2013-06-08 22:57 - 01104384 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-06-08 22:57 - 2013-06-08 22:57 - 00816640 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2013-06-08 22:57 - 2013-06-08 22:57 - 00729088 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2013-06-08 22:57 - 2013-06-08 22:57 - 00717824 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-06-08 22:57 - 2013-06-08 22:57 - 00607744 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-06-08 22:57 - 2013-06-08 22:57 - 00599040 ____A (Microsoft Corporation) C:\Windows\System32\vbscript.dll
2013-06-08 22:57 - 2013-06-08 22:57 - 00534528 ____A (Microsoft Corporation) C:\Windows\System32\ieapfltr.dll
2013-06-08 22:57 - 2013-06-08 22:57 - 00452608 ____A (Microsoft Corporation) C:\Windows\System32\dxtmsft.dll
2013-06-08 22:57 - 2013-06-08 22:57 - 00448512 ____A (Microsoft Corporation) C:\Windows\System32\html.iec
2013-06-08 22:57 - 2013-06-08 22:57 - 00434176 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2013-06-08 22:57 - 2013-06-08 22:57 - 00420864 ____A (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2013-06-08 22:57 - 2013-06-08 22:57 - 00403248 ____A (Microsoft Corporation) C:\Windows\System32\iedkcs32.dll
2013-06-08 22:57 - 2013-06-08 22:57 - 00367104 ____A (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2013-06-08 22:57 - 2013-06-08 22:57 - 00353792 ____A (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2013-06-08 22:57 - 2013-06-08 22:57 - 00353584 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2013-06-08 22:57 - 2013-06-08 22:57 - 00282112 ____A (Microsoft Corporation) C:\Windows\System32\dxtrans.dll
2013-06-08 22:57 - 2013-06-08 22:57 - 00267776 ____A (Microsoft Corporation) C:\Windows\System32\ieaksie.dll
2013-06-08 22:57 - 2013-06-08 22:57 - 00249344 ____A (Microsoft Corporation) C:\Windows\System32\webcheck.dll
2013-06-08 22:57 - 2013-06-08 22:57 - 00248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2013-06-08 22:57 - 2013-06-08 22:57 - 00237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2013-06-08 22:57 - 2013-06-08 22:57 - 00231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2013-06-08 22:57 - 2013-06-08 22:57 - 00227840 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieaksie.dll
2013-06-08 22:57 - 2013-06-08 22:57 - 00223232 ____A (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2013-06-08 22:57 - 2013-06-08 22:57 - 00222208 ____A (Microsoft Corporation) C:\Windows\System32\msls31.dll
2013-06-08 22:57 - 2013-06-08 22:57 - 00203776 ____A (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2013-06-08 22:57 - 2013-06-08 22:57 - 00197120 ____A (Microsoft Corporation) C:\Windows\System32\msrating.dll
2013-06-08 22:57 - 2013-06-08 22:57 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-06-08 22:57 - 2013-06-08 22:57 - 00173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2013-06-08 22:57 - 2013-06-08 22:57 - 00165888 ____A (Microsoft Corporation) C:\Windows\System32\iexpress.exe
2013-06-08 22:57 - 2013-06-08 22:57 - 00163840 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieakui.dll
2013-06-08 22:57 - 2013-06-08 22:57 - 00163840 ____A (Microsoft Corporation) C:\Windows\System32\ieakui.dll
2013-06-08 22:57 - 2013-06-08 22:57 - 00162304 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2013-06-08 22:57 - 2013-06-08 22:57 - 00161792 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msls31.dll
2013-06-08 22:57 - 2013-06-08 22:57 - 00160256 ____A (Microsoft Corporation) C:\Windows\System32\wextract.exe
2013-06-08 22:57 - 2013-06-08 22:57 - 00160256 ____A (Microsoft Corporation) C:\Windows\System32\ieakeng.dll
2013-06-08 22:57 - 2013-06-08 22:57 - 00152064 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wextract.exe
2013-06-08 22:57 - 2013-06-08 22:57 - 00150528 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iexpress.exe
2013-06-08 22:57 - 2013-06-08 22:57 - 00149504 ____A (Microsoft Corporation) C:\Windows\System32\occache.dll
2013-06-08 22:57 - 2013-06-08 22:57 - 00145920 ____A (Microsoft Corporation) C:\Windows\System32\iepeers.dll
2013-06-08 22:57 - 2013-06-08 22:57 - 00142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2013-06-08 22:57 - 2013-06-08 22:57 - 00136192 ____A (Microsoft Corporation) C:\Windows\System32\advpack.dll
2013-06-08 22:57 - 2013-06-08 22:57 - 00135168 ____A (Microsoft Corporation) C:\Windows\System32\IEAdvpack.dll
2013-06-08 22:57 - 2013-06-08 22:57 - 00130560 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieakeng.dll
2013-06-08 22:57 - 2013-06-08 22:57 - 00123392 ____A (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2013-06-08 22:57 - 2013-06-08 22:57 - 00118784 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
2013-06-08 22:57 - 2013-06-08 22:57 - 00114176 ____A (Microsoft Corporation) C:\Windows\SysWOW64\advpack.dll
2013-06-08 22:57 - 2013-06-08 22:57 - 00114176 ____A (Microsoft Corporation) C:\Windows\System32\admparse.dll
2013-06-08 22:57 - 2013-06-08 22:57 - 00111616 ____A (Microsoft Corporation) C:\Windows\System32\iesysprep.dll
2013-06-08 22:57 - 2013-06-08 22:57 - 00110592 ____A (Microsoft Corporation) C:\Windows\SysWOW64\IEAdvpack.dll
2013-06-08 22:57 - 2013-06-08 22:57 - 00103936 ____A (Microsoft Corporation) C:\Windows\System32\inseng.dll
2013-06-08 22:57 - 2013-06-08 22:57 - 00101888 ____A (Microsoft Corporation) C:\Windows\SysWOW64\admparse.dll
2013-06-08 22:57 - 2013-06-08 22:57 - 00096768 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2013-06-08 22:57 - 2013-06-08 22:57 - 00091648 ____A (Microsoft Corporation) C:\Windows\System32\SetIEInstalledDate.exe
2013-06-08 22:57 - 2013-06-08 22:57 - 00089088 ____A (Microsoft Corporation) C:\Windows\System32\RegisterIEPKEYs.exe
2013-06-08 22:57 - 2013-06-08 22:57 - 00089088 ____A (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe
2013-06-08 22:57 - 2013-06-08 22:57 - 00086528 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-06-08 22:57 - 2013-06-08 22:57 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2013-06-08 22:57 - 2013-06-08 22:57 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\iesetup.dll
2013-06-08 22:57 - 2013-06-08 22:57 - 00082432 ____A (Microsoft Corporation) C:\Windows\System32\icardie.dll
2013-06-08 22:57 - 2013-06-08 22:57 - 00078848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2013-06-08 22:57 - 2013-06-08 22:57 - 00076800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\SetIEInstalledDate.exe
2013-06-08 22:57 - 2013-06-08 22:57 - 00076800 ____A (Microsoft Corporation) C:\Windows\System32\tdc.ocx
2013-06-08 22:57 - 2013-06-08 22:57 - 00074752 ____A (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-06-08 22:57 - 2013-06-08 22:57 - 00074752 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-06-08 22:57 - 2013-06-08 22:57 - 00074240 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ie4uinit.exe
2013-06-08 22:57 - 2013-06-08 22:57 - 00073216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2013-06-08 22:57 - 2013-06-08 22:57 - 00066048 ____A (Microsoft Corporation) C:\Windows\SysWOW64\icardie.dll
2013-06-08 22:57 - 2013-06-08 22:57 - 00065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-06-08 22:57 - 2013-06-08 22:57 - 00065024 ____A (Microsoft Corporation) C:\Windows\System32\pngfilt.dll
2013-06-08 22:57 - 2013-06-08 22:57 - 00063488 ____A (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx
2013-06-08 22:57 - 2013-06-08 22:57 - 00055296 ____A (Microsoft Corporation) C:\Windows\System32\msfeedsbs.dll
2013-06-08 22:57 - 2013-06-08 22:57 - 00054272 ____A (Microsoft Corporation) C:\Windows\SysWOW64\pngfilt.dll
2013-06-08 22:57 - 2013-06-08 22:57 - 00049664 ____A (Microsoft Corporation) C:\Windows\System32\imgutil.dll
2013-06-08 22:57 - 2013-06-08 22:57 - 00048640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmler.dll
2013-06-08 22:57 - 2013-06-08 22:57 - 00048640 ____A (Microsoft Corporation) C:\Windows\System32\mshtmler.dll
2013-06-08 22:57 - 2013-06-08 22:57 - 00041472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll
2013-06-08 22:57 - 2013-06-08 22:57 - 00039936 ____A (Microsoft Corporation) C:\Windows\System32\iernonce.dll
2013-06-08 22:57 - 2013-06-08 22:57 - 00035840 ____A (Microsoft Corporation) C:\Windows\SysWOW64\imgutil.dll
2013-06-08 22:57 - 2013-06-08 22:57 - 00031744 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-06-08 22:57 - 2013-06-08 22:57 - 00030720 ____A (Microsoft Corporation) C:\Windows\System32\licmgr10.dll
2013-06-08 22:57 - 2013-06-08 22:57 - 00023552 ____A (Microsoft Corporation) C:\Windows\SysWOW64\licmgr10.dll
2013-06-08 22:57 - 2013-06-08 22:57 - 00012288 ____A (Microsoft Corporation) C:\Windows\System32\mshta.exe
2013-06-08 22:57 - 2013-06-08 22:57 - 00011776 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe
2013-06-08 22:57 - 2013-06-08 22:57 - 00010752 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe
2013-06-08 22:57 - 2013-06-08 22:57 - 00010752 ____A (Microsoft Corporation) C:\Windows\System32\msfeedssync.exe
2013-06-08 22:57 - 2006-11-02 14:16 - 00008798 ____A C:\Windows\SysWOW64\icrav03.rat
2013-06-08 22:57 - 2006-11-02 14:16 - 00001988 ____A C:\Windows\SysWOW64\ticrf.rat
2013-06-08 22:57 - 2006-11-02 08:36 - 00008798 ____A C:\Windows\System32\icrav03.rat
2013-06-08 22:57 - 2006-11-02 08:36 - 00001988 ____A C:\Windows\System32\ticrf.rat
2013-06-08 21:56 - 2013-06-08 21:56 - 00000000 ____D C:\TDSSKiller_Quarantine
2013-06-03 20:03 - 2013-06-03 20:03 - 00000845 ____A C:\Users\UpdatusUser\Desktop\PDF Password Remover v3.1.lnk
2013-06-03 20:03 - 2013-06-03 20:03 - 00000845 ____A C:\Users\postgres\Desktop\PDF Password Remover v3.1.lnk
2013-06-03 20:03 - 2013-06-03 20:03 - 00000845 ____A C:\Users\elephant\Desktop\PDF Password Remover v3.1.lnk
2013-06-03 20:01 - 2013-06-03 19:47 - 00000000 ____D C:\Program Files (x86)\BeCyPDFMetaEdit
2013-06-02 17:44 - 2012-07-19 20:28 - 00000000 ____D C:\Users\XXX\Desktop\Projekt
2013-06-02 16:57 - 2010-10-13 15:54 - 00000000 ____D C:\Users\XXX\Desktop\Stuff
2013-05-23 21:03 - 2011-04-25 19:36 - 00000000 ___RD C:\Program Files (x86)\Skype
2013-05-23 21:03 - 2011-04-25 19:36 - 00000000 ____D C:\ProgramData\Skype
2013-05-23 20:58 - 2012-04-25 15:55 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2013-05-22 23:19 - 2013-05-22 22:55 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-05-20 22:12 - 2010-04-09 23:30 - 00000000 ____D C:\users\postgres
2013-05-19 18:54 - 2013-05-19 18:54 - 00000154 ____A C:\Users\XXX\.appletviewer
2013-05-19 18:54 - 2009-09-14 13:56 - 00000000 ____D C:\users\XXX
2013-05-19 13:50 - 2011-06-06 18:38 - 00000000 ____D C:\Users\XXX\Desktop\Bücher
2013-05-19 13:48 - 2012-11-01 20:52 - 00000000 ____D C:\Users\XXX\Desktop\
2013-05-19 13:22 - 2013-05-19 13:22 - 00000000 ____D C:\Users\XXX\AppData\Local\Cisco
2013-05-19 13:22 - 2013-05-19 13:22 - 00000000 ____D C:\ProgramData\Cisco
2013-05-19 13:22 - 2013-05-19 13:22 - 00000000 ____D C:\Program Files (x86)\Cisco
2013-05-18 12:26 - 2012-06-10 11:41 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-05-16 23:24 - 2010-04-11 14:44 - 00125808 ____A C:\Windows\SysWOW64\GDIPFONTCACHEV1.DAT
2013-05-16 20:48 - 2006-11-02 17:21 - 00460928 ____A C:\Windows\System32\FNTCACHE.DAT
2013-05-16 11:05 - 2013-01-07 04:24 - 00000039 ____A C:\Windows\vbaddin.ini
2013-05-16 11:01 - 2006-11-02 14:35 - 75016696 ____A (Microsoft Corporation) C:\Windows\System32\mrt.exe
2013-05-16 10:56 - 2012-01-10 23:36 - 00001883 ____A C:\Users\Public\Desktop\Adobe Reader 9.lnk
2013-05-16 10:53 - 2013-01-03 14:25 - 00125808 ____A C:\Windows\System32\GDIPFONTCACHEV1.DAT
2013-05-15 23:59 - 2010-08-01 13:49 - 00000000 ____D C:\ProgramData\DivX
2013-05-15 23:59 - 2010-08-01 13:49 - 00000000 ____D C:\Program Files (x86)\DivX
2013-05-15 23:58 - 2010-08-01 13:52 - 00000000 ____D C:\Program Files\DivX
2013-05-15 23:55 - 2013-05-15 23:55 - 00000000 ____A C:\END
==================== Bamital & volsnap Check =================
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
LastRegBack: 2013-06-14 08:05
==================== End Of Log ============================
|
|
| Themen zu TR/ATRAPS.Gen2 gefunden in Windows\installer |
| befinden, daten, fehlermeldung, gefunde, heute, immer wieder, installer, installiere, installieren, inter, interne, internet, neu, programm, rechner, super, titel, tr/atraps.gen, tr/atraps.gen2, virus.win64.zaccess.a, wichtige, wichtige daten, windows, würde |
Linear-Darstellung
