|
Plagegeister aller Art und deren Bekämpfung: inkasso mail mit anhang geöfnetWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
18.06.2013, 19:46 | #1 |
| inkasso mail mit anhang geöfnet Hallo zusammen, meine tochter hat gestern eine Mail von einem angeblichen Inkassobüro mit Anhang erhalten.da sie sehr aufgeregt war über email von inkaso büro hatte ich mir email angeschaut und zip datei auf pc gespeichert ,dann habe ich zip datei entpackt und es kam eine weitere zip datei zum vorschein,die ich dann nicht mehr entpackt habe,da wurde ich misstrauisch und hab alles gelöscht. Waren meine Aktionen schon zuviel? Oder bin ich noch safe, da ich die innerste Datei nicht geöffnet habe? ich habe dann meinen rechner mit trojan mover gescannt es wurde aber nix gefunden. gibt es noch ein anderes programm wo ich pc scannen kann oder brauch ich mir da keine gedanken mehr zu machen das ich mir etwas eingefangen habe? vielen dank im vorraus schon mal für eure mühe |
18.06.2013, 20:11 | #2 |
/// the machine /// TB-Ausbilder | inkasso mail mit anhang geöfnet Hi,
__________________Systemscan mit FRST Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop: FRST 32-Bit | FRST 64-Bit (Wenn du nicht sicher bist: Start > Computer (Rechtsklick) > Eigenschaften)
__________________ |
19.06.2013, 18:51 | #3 |
| inkasso mail mit anhang geöfnet hallo
__________________erstmal vielen dank für deine hilfe , ich hab beide textdateien als anhang angehängt ,habs leider nicht anders geschafft , hoffe es geht so . gruß rudi |
19.06.2013, 19:51 | #4 |
/// the machine /// TB-Ausbilder | inkasso mail mit anhang geöfnet Logs wennn nötig aufteilen und bitte in Codetags posten. So funktioniert es: Posten in CODE-Tags Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert mir massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu gross für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
19.06.2013, 20:19 | #5 |
| inkasso mail mit anhang geöfnet FRST Logfile: FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 19-06-2013 Ran by Ich (administrator) on 19-06-2013 19:39:23 Running from C:\Users\Ich\Desktop Windows 8 (X64) OS Language: German Standard Internet Explorer Version 10 Boot Mode: Normal ==================== Processes (Whitelisted) ================= (NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe (NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Qualcomm Atheros Commnucations) C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\adminservice.exe (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe (Broadcom Corp.) C:\Program Files\Broadcom\MemoryCard\BrcmCardReader.exe (Acer Incorporated) C:\Program Files (x86)\Acer\Acer Cloud\CCDMonitorService.exe (Dritek System Inc.) C:\Program Files (x86)\Launch Manager\dsiwmis.exe (ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDService.exe (Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LMutilps32.exe (Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe (ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe (Microsoft Corporation) C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe (NTI Corporation) C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe (Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe (Dritek System INC.) C:\Windows\RfBtnSvc64.exe (Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LManager.exe (Microsoft Corporation) C:\Windows\system32\dashost.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe (Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16.4.4406.1205_x64__8wekyb3d8bbwe\LiveComm.exe (ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe (Dritek System Inc.) C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe (Intel Corporation) C:\Windows\system32\igfxext.exe (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Atheros Communications) C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\BtvStack.exe () C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\ActivateDesktop.exe (Intel Corporation) C:\Windows\System32\igfxtray.exe (Intel Corporation) C:\Windows\System32\hkcmd.exe (Intel Corporation) C:\Windows\System32\igfxpers.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Electronic Arts) C:\Program Files (x86)\Origin\Origin.exe (NTI Corporation) C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe (Dolby Laboratories Inc.) C:\Dolby PCEE4\pcee4.exe (Logitech Inc.) C:\Program Files (x86)\Squeezebox\SqueezeTray.exe (Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe (Haufe-Lexware GmbH & Co. KG) C:\Program Files (x86)\Common Files\Lexware\Update Manager\LxUpdateManager.exe (Logitech Inc.) C:\PROGRA~2\SQUEEZ~1\server\SQUEEZ~3.EXE (Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (Mischel Internet Security) C:\Program Files (x86)\TrojanHunter 5.5\THGuard.exe (Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe (Acer Incorporated) C:\Program Files\Acer\Acer Power Management\ePowerTray.exe (Acer Incorporated) C:\Program Files\Acer\Acer Power Management\ePowerSvc.exe (Intel Corporation) C:\Windows\system32\igfxsrvc.exe (Acer Incorporated) C:\Program Files\Acer\Acer Power Management\ePowerEvent.exe (CyberLink) C:\Program Files (x86)\CyberLink\MediaEspresso\DeviceDetector\DeviceDetector.exe () C:\Program Files\Acer\Acer Instant Service\InstantUpdate\iuBrowserIEAgent.exe () C:\Program Files\Acer\Acer Instant Service\InstantUpdate\iuEmailOutlookAgent.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe (Microsoft Corporation) C:\Windows\system32\wwahost.exe (Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe (Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe (Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe (Egis Technology Inc.) C:\Program Files\EgisTec IPS\PMMUpdate.exe (Egis Technology Inc.) C:\Program Files\EgisTec IPS\EgisUpdate.exe ==================== Registry (Whitelisted) ================== HKLM\...\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s [12503184 2012-06-11] (Realtek Semiconductor) HKLM\...\Run: [RtHDVBg_Dolby] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe /FORPCEE4 [1212048 2012-06-07] (Realtek Semiconductor) HKLM\...\Run: [BtPreLoad] "C:\Program Files (x86)\Bluetooth Suite\BtPreLoad.exe" [x] HKLM\...\Run: [Logitech Download Assistant] C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch [3933496 2012-09-20] (Logitech, Inc.) HKLM\...\Policies\Explorer\Run: [BtvStack] C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\BtvStack.exe [132736 2013-01-28] ( (Atheros Communications)) HKCU\...\Run: [EADM] "C:\Program Files (x86)\Origin\Origin.exe" -AutoStart [3456080 2013-06-04] (Electronic Arts) HKCU\...\Run: [Sony PC Companion] "C:\Program Files (x86)\Sony Ericsson\Sony Ericsson PC Companion\PCCompanion.exe" /Background [x] MountPoints2: {0554b607-b30c-11e2-bf48-b888e3b3844c} - "F:\LaunchU3.exe" -a MountPoints2: {fa3afa14-989e-11e2-bef4-b888e3b3844c} - "F:\Startme.exe" HKLM-x32\...\Run: [LManager] [x] HKLM-x32\...\Run: [Dolby Home Theater v4] "C:\Dolby PCEE4\pcee4.exe" -autostart [508256 2012-04-23] (Dolby Laboratories Inc.) HKLM-x32\...\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59720 2013-01-28] (Apple Inc.) HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [958576 2013-04-04] (Adobe Systems Incorporated) HKLM-x32\...\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" [152392 2013-02-20] (Apple Inc.) HKLM-x32\...\Run: [LexwareInfoService] C:\Program Files (x86)\Common Files\Lexware\Update Manager\LxUpdateManager.exe /autostart [189808 2011-07-31] (Haufe-Lexware GmbH & Co. KG) HKLM-x32\...\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [253816 2013-03-12] (Oracle Corporation) HKLM-x32\...\Run: [THGuard] "C:\Program Files (x86)\TrojanHunter 5.5\THGuard.exe" [1088280 2011-10-04] (Mischel Internet Security) HKLM-x32\...\Run: [TrojanScanner] C:\Program Files (x86)\Trojan Remover\Trjscan.exe /boot [1648400 2013-04-26] (Simply Super Software) HKU\Default\...\RunOnce: [RegAutoPlay] C:\Program Files (x86)\Acer\clear.fi Media\RegAutoplay.exe /r [1845392 2012-08-21] (Acer Incorporated) HKU\Default User\...\RunOnce: [RegAutoPlay] C:\Program Files (x86)\Acer\clear.fi Media\RegAutoplay.exe /r [1845392 2012-08-21] (Acer Incorporated) AppInit_DLLs: C:\Windows\system32\nvinitx.dll [247144 2012-10-11] (NVIDIA Corporation) Startup: C:\ProgramData\Start Menu\Programs\Startup\Acer Backup Manager Tray.lnk ShortcutTarget: Acer Backup Manager Tray.lnk -> C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe (NTI Corporation) Startup: C:\ProgramData\Start Menu\Programs\Startup\Logitech Media Server-Taskleisten-Tool.lnk ShortcutTarget: Logitech Media Server-Taskleisten-Tool.lnk -> C:\Program Files (x86)\Squeezebox\SqueezeTray.exe (Logitech Inc.) Startup: C:\ProgramData\Start Menu\Programs\Startup\Quicken 2014 Zahlungserinnerung.lnk ShortcutTarget: Quicken 2014 Zahlungserinnerung.lnk -> C:\Windows\Installer\{E60036CF-1E46-4DFE-832F-5476574B30FF}\BillMinder.8C5DA79E_7079_4AB3_81F7_712153351D0D.exe (Macrovision Corporation) Startup: C:\ProgramData\Start Menu\Programs\Startup\Quicken Jubiläumsversion Zahlungserinnerung.lnk ShortcutTarget: Quicken Jubiläumsversion Zahlungserinnerung.lnk -> C:\Windows\Installer\{A907A713-DA24-4352-8786-96C7A6944646}\BillMinder.8C5DA79E_7079_4AB3_81F7_712153351D0D.exe (Macrovision Corporation) ==================== Internet (Whitelisted) ==================== HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://t-online.de/ HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://acer13.msn.com HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com HKCU SearchScopes: DefaultScope {46F3D5CC-0151-489C-8DFB-EB32C0888D07} URL = SearchScopes: HKCU - {46F3D5CC-0151-489C-8DFB-EB32C0888D07} URL = BHO: Lync Browser Helper - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation) BHO: CIESpeechBHO Class - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\IEPlugIn.dll (Qualcomm Atheros Commnucations) BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation) BHO: Microsoft SkyDrive Pro Browser Helper - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation) BHO-x32: Lync Browser Helper - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\Office15\OCHelper.dll (Microsoft Corporation) BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\Office15\URLREDIR.DLL (Microsoft Corporation) BHO-x32: Microsoft SkyDrive Pro Browser Helper - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL (Microsoft Corporation) BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL (Microsoft Corporation) Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies) Tcpip\Parameters: [DhcpNameServer] 192.168.2.1 FireFox: ======== FF ProfilePath: C:\Users\Ich\AppData\Roaming\Mozilla\Firefox\Profiles\wjhxw3dr.default FF Homepage: t-online.de FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_7_700_224.dll () FF Plugin: @videolan.org/vlc,version=2.0.5 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN) FF Plugin: @videolan.org/vlc,version=2.0.6 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN) FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll () FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 - C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.) FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation) FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=10.21.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin-x32: @microsoft.com/Lync,version=15.0 - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll (Microsoft Corporation) FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files (x86)\Microsoft Silverlight\4.0.51204.0\npctrl.dll ( Microsoft Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation) FF Plugin-x32: @SonyCreativeSoftware.com/Media Go,version=1.0 - C:\Program Files (x86)\Sony\Media Go\npmediago.dll (Sony Network Entertainment International LLC) FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) ==================== Services (Whitelisted) ================= R2 AtherosSvc; C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\adminservice.exe [227456 2013-01-28] (Qualcomm Atheros Commnucations) R2 BrcmCardReader; C:\Program Files\Broadcom\MemoryCard\BrcmCardReader.exe [176640 2012-08-20] (Broadcom Corp.) R2 CCDMonitorService; C:\Program Files (x86)\Acer\Acer Cloud\CCDMonitorService.exe [2435728 2012-08-23] (Acer Incorporated) S2 CLKMSVC10_96E434EB; C:\Program Files (x86)\Acer\clear.fi SDK21\Movie\NavFilter\kmsvc.exe [243728 2012-07-24] (CyberLink) S3 DeviceFastLaneService; C:\Program Files\Acer\Acer Device Fast-lane\DeviceFastLaneSvc.exe [468624 2012-08-23] (Acer Incorporated) R3 ePowerSvc; C:\Program Files\Acer\Acer Power Management\ePowerSvc.exe [658576 2012-08-22] (Acer Incorporated) R2 ETDService; C:\Program Files\Elantech\ETDService.exe [85904 2012-09-05] (ELAN Microelectronics Corp.) R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [165760 2012-07-18] (Intel Corporation) R2 NTI IScheduleSvc; C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe [259136 2012-11-02] (NTI Corporation) R2 OfficeSvc; C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe [1900728 2013-06-06] (Microsoft Corporation) R2 RfButtonDriverService; C:\Windows\RfBtnSvc64.exe [93296 2012-12-30] (Dritek System INC.) R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [14920 2013-01-29] (Microsoft Corporation) ==================== Drivers (Whitelisted) ==================== S3 BCM43XX; C:\Windows\system32\DRIVERS\bcmwl63a.sys [5139968 2012-06-02] (Broadcom Corporation) R3 BTATH_LWFLT; C:\Windows\system32\DRIVERS\btath_lwflt.sys [77464 2013-01-28] (Qualcomm Atheros) R3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [202752 2012-07-26] (Microsoft Corporation) R3 Ps2Kb2Hid; C:\Windows\System32\drivers\aPs2Kb2Hid.sys [26736 2012-12-30] (Dritek System Inc.) R1 UimBus; C:\Windows\System32\drivers\uimx64.sys [90960 2012-12-13] (Windows (R) 2000 DDK provider) R1 Uim_IM; C:\Windows\System32\Drivers\Uim_IMx64.sys [633680 2012-12-13] (Paragon) R1 Uim_VIM; C:\Windows\System32\Drivers\uim_vimx64.sys [390352 2012-12-13] (Paragon) R3 xusb22; C:\Windows\System32\drivers\xusb22.sys [89088 2012-07-26] (Microsoft Corporation) ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2013-06-19 19:39 - 2013-06-19 19:39 - 00000000 ____D C:\FRST 2013-06-19 19:39 - 2013-06-19 19:38 - 01928350 ____A (Farbar) C:\Users\Ich\Desktop\FRST64.exe 2013-06-18 18:56 - 2013-06-18 19:03 - 00000000 ____D C:\Users\Ich\Desktop\Neuer Ordner 2013-06-18 15:21 - 2013-06-18 15:21 - 00001103 ____A C:\Users\Public\Desktop\Trojan Remover.lnk 2013-06-18 15:21 - 2013-06-18 15:21 - 00000000 ____D C:\Users\Ich\Documents\Simply Super Software 2013-06-18 15:21 - 2013-06-18 15:21 - 00000000 ____D C:\Users\Ich\AppData\Roaming\Simply Super Software 2013-06-18 15:21 - 2013-06-18 15:21 - 00000000 ____D C:\ProgramData\Simply Super Software 2013-06-18 15:21 - 2013-06-18 15:21 - 00000000 ____D C:\Program Files (x86)\Trojan Remover 2013-06-18 15:20 - 2013-06-18 15:20 - 00431720 ____A C:\Windows\System32\FNTCACHE.DAT 2013-06-17 21:24 - 2013-06-17 21:24 - 00000000 ____D C:\Users\Ich\AppData\Roaming\TrojanHunter 2013-06-17 20:37 - 2013-06-18 15:27 - 00000000 ____D C:\Program Files (x86)\TrojanHunter 5.5 2013-06-17 20:37 - 2013-06-17 20:37 - 00059392 ____R C:\Windows\SysWOW64\streamhlp.dll 2013-06-17 20:37 - 2013-06-17 20:37 - 00000969 ____A C:\Users\Ich\Desktop\TrojanHunter.lnk 2013-06-17 20:37 - 2013-06-17 20:37 - 00000000 ____D C:\ProgramData\TrojanHunter 2013-06-17 18:50 - 2013-05-31 01:24 - 01257472 ____A (Microsoft Corporation) C:\Windows\System32\kernel32.dll 2013-06-17 18:50 - 2013-05-31 01:08 - 00974848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll 2013-06-17 17:44 - 2013-05-24 01:01 - 01300992 ____A (Microsoft Corporation) C:\Windows\System32\gdi32.dll 2013-06-17 17:44 - 2013-05-24 00:27 - 01022464 ____A (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll 2013-06-16 13:44 - 2013-05-15 04:25 - 00888320 ____A (Microsoft Corporation) C:\Windows\System32\autochk.exe 2013-06-16 13:44 - 2013-05-15 04:25 - 00542208 ____A (Microsoft Corporation) C:\Windows\System32\untfs.dll 2013-06-16 13:44 - 2013-05-15 04:24 - 00793088 ____A (Microsoft Corporation) C:\Windows\SysWOW64\autochk.exe 2013-06-16 13:44 - 2013-05-15 04:24 - 00482816 ____A (Microsoft Corporation) C:\Windows\SysWOW64\untfs.dll 2013-06-16 12:16 - 2013-05-04 09:58 - 00120736 ____A (Microsoft Corporation) C:\Windows\System32\AuthHost.exe 2013-06-16 12:16 - 2013-05-04 09:34 - 00446720 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\USBHUB3.SYS 2013-06-16 12:16 - 2013-05-04 09:34 - 00284416 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\spaceport.sys 2013-06-16 12:16 - 2013-05-04 09:34 - 00213248 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\UCX01000.SYS 2013-06-16 12:16 - 2013-05-04 09:30 - 00058312 ____A (Microsoft Corporation) C:\Windows\System32\wuauclt.exe 2013-06-16 12:16 - 2013-05-04 08:59 - 13644288 ____A (Microsoft Corporation) C:\Windows\System32\Windows.UI.Xaml.dll 2013-06-16 12:16 - 2013-05-04 08:59 - 03241472 ____A (Microsoft Corporation) C:\Windows\System32\wuaueng.dll 2013-06-16 12:16 - 2013-05-04 08:59 - 01619968 ____A (Microsoft Corporation) C:\Windows\System32\wucltux.dll 2013-06-16 12:16 - 2013-05-04 08:59 - 01483776 ____A (Microsoft Corporation) C:\Windows\System32\VSSVC.exe 2013-06-16 12:16 - 2013-05-04 08:59 - 00812544 ____A (Microsoft Corporation) C:\Windows\System32\Magnify.exe 2013-06-16 12:16 - 2013-05-04 08:59 - 00760320 ____A (Microsoft Corporation) C:\Windows\System32\wuapi.dll 2013-06-16 12:16 - 2013-05-04 08:59 - 00251904 ____A (Microsoft Corporation) C:\Windows\System32\WUSettingsProvider.dll 2013-06-16 12:16 - 2013-05-04 08:59 - 00141824 ____A (Microsoft Corporation) C:\Windows\System32\wuwebv.dll 2013-06-16 12:16 - 2013-05-04 08:59 - 00098304 ____A (Microsoft Corporation) C:\Windows\System32\wudriver.dll 2013-06-16 12:16 - 2013-05-04 08:59 - 00039424 ____A (Microsoft Corporation) C:\Windows\System32\wuapp.exe 2013-06-16 12:16 - 2013-05-04 08:58 - 10116096 ____A (Microsoft Corporation) C:\Windows\System32\twinui.dll 2013-06-16 12:16 - 2013-05-04 08:58 - 01332736 ____A (Microsoft Corporation) C:\Windows\System32\sysmain.dll 2013-06-16 12:16 - 2013-05-04 08:58 - 00470528 ____A (Microsoft Corporation) C:\Windows\System32\netprofmsvc.dll 2013-06-16 12:16 - 2013-05-04 08:58 - 00330240 ____A (Microsoft Corporation) C:\Windows\System32\stobject.dll 2013-06-16 12:16 - 2013-05-04 08:58 - 00328192 ____A (Microsoft Corporation) C:\Windows\System32\ubpm.dll 2013-06-16 12:16 - 2013-05-04 08:58 - 00173568 ____A (Microsoft Corporation) C:\Windows\System32\storewuauth.dll 2013-06-16 12:16 - 2013-05-04 08:58 - 00169984 ____A (Microsoft Corporation) C:\Windows\System32\netplwiz.dll 2013-06-16 12:16 - 2013-05-04 08:58 - 00151552 ____A (Microsoft Corporation) C:\Windows\System32\netprofm.dll 2013-06-16 12:16 - 2013-05-04 08:58 - 00093696 ____A (Microsoft Corporation) C:\Windows\System32\psmsrv.dll 2013-06-16 12:16 - 2013-05-04 08:57 - 02305024 ____A (Microsoft Corporation) C:\Windows\System32\authui.dll 2013-06-16 12:16 - 2013-05-04 08:57 - 01131520 ____A (Microsoft Corporation) C:\Windows\System32\AppXDeploymentServer.dll 2013-06-16 12:16 - 2013-05-04 08:57 - 00708096 ____A (Microsoft Corporation) C:\Windows\System32\AppXDeploymentExtensions.dll 2013-06-16 12:16 - 2013-05-04 08:57 - 00560640 ____A (Microsoft Corporation) C:\Windows\System32\mfmp4srcsnk.dll 2013-06-16 12:16 - 2013-05-04 08:57 - 00501760 ____A (Microsoft Corporation) C:\Windows\System32\DevicePairing.dll 2013-06-16 12:16 - 2013-05-04 08:57 - 00389120 ____A (Microsoft Corporation) C:\Windows\System32\BCP47Langs.dll 2013-06-16 12:16 - 2013-05-04 08:57 - 00179712 ____A (Microsoft Corporation) C:\Windows\System32\bisrv.dll 2013-06-16 12:16 - 2013-05-04 08:57 - 00122368 ____A (Microsoft Corporation) C:\Windows\System32\biwinrt.dll 2013-06-16 12:16 - 2013-05-04 08:57 - 00017408 ____A (Microsoft Corporation) C:\Windows\System32\muifontsetup.dll 2013-06-16 12:16 - 2013-05-04 08:56 - 00419840 ____A (Microsoft Corporation) C:\Windows\System32\intl.cpl 2013-06-16 12:16 - 2013-05-04 06:58 - 00758784 ____A (Microsoft Corporation) C:\Windows\SysWOW64\Magnify.exe 2013-06-16 12:16 - 2013-05-04 06:58 - 00621056 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll 2013-06-16 12:16 - 2013-05-04 06:58 - 00125952 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll 2013-06-16 12:16 - 2013-05-04 06:58 - 00083968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll 2013-06-16 12:16 - 2013-05-04 06:58 - 00034304 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe 2013-06-16 12:16 - 2013-05-04 06:57 - 10788864 ____A (Microsoft Corporation) C:\Windows\SysWOW64\Windows.UI.Xaml.dll 2013-06-16 12:16 - 2013-05-04 06:57 - 08857088 ____A (Microsoft Corporation) C:\Windows\SysWOW64\twinui.dll 2013-06-16 12:16 - 2013-05-04 06:57 - 00303616 ____A (Microsoft Corporation) C:\Windows\SysWOW64\stobject.dll 2013-06-16 12:16 - 2013-05-04 06:57 - 00247296 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ubpm.dll 2013-06-16 12:16 - 2013-05-04 06:57 - 00151040 ____A (Microsoft Corporation) C:\Windows\SysWOW64\netplwiz.dll 2013-06-16 12:16 - 2013-05-04 06:57 - 00115712 ____A (Microsoft Corporation) C:\Windows\SysWOW64\netprofm.dll 2013-06-16 12:16 - 2013-05-04 06:57 - 00018432 ____A (Microsoft Corporation) C:\Windows\SysWOW64\npmproxy.dll 2013-06-16 12:16 - 2013-05-04 06:57 - 00014336 ____A (Microsoft Corporation) C:\Windows\SysWOW64\muifontsetup.dll 2013-06-16 12:16 - 2013-05-04 06:56 - 02035712 ____A (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll 2013-06-16 12:16 - 2013-05-04 06:56 - 00449536 ____A (Microsoft Corporation) C:\Windows\SysWOW64\DevicePairing.dll 2013-06-16 12:16 - 2013-05-04 06:56 - 00411136 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mfmp4srcsnk.dll 2013-06-16 12:16 - 2013-05-04 06:56 - 00309760 ____A (Microsoft Corporation) C:\Windows\SysWOW64\BCP47Langs.dll 2013-06-16 12:16 - 2013-05-04 06:56 - 00092160 ____A (Microsoft Corporation) C:\Windows\SysWOW64\biwinrt.dll 2013-06-16 12:16 - 2013-05-04 06:55 - 00389632 ____A (Microsoft Corporation) C:\Windows\SysWOW64\intl.cpl 2013-06-16 12:16 - 2013-05-04 06:51 - 00014848 ____A (Microsoft) C:\Windows\System32\rars.rs 2013-06-16 12:16 - 2013-05-04 06:48 - 00083968 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\hidclass.sys 2013-06-16 12:16 - 2013-05-04 06:48 - 00027648 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\hidusb.sys 2013-06-16 12:16 - 2013-05-04 06:47 - 00427520 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\rdbss.sys 2013-06-16 12:16 - 2013-05-04 06:10 - 00014848 ____A (Microsoft) C:\Windows\SysWOW64\rars.rs 2013-06-16 12:16 - 2013-05-03 00:04 - 00386646 ____A C:\Windows\System32\ApnDatabase.xml 2013-06-12 23:38 - 2013-05-16 00:37 - 00044032 ____A (Microsoft Corporation) C:\Windows\SysWOW64\UXInit.dll 2013-06-12 23:38 - 2013-05-16 00:36 - 14320640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2013-06-12 23:38 - 2013-05-16 00:35 - 19230720 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll 2013-06-12 23:38 - 2013-05-16 00:35 - 00053760 ____A (Microsoft Corporation) C:\Windows\System32\UXInit.dll 2013-06-12 23:38 - 2013-05-14 15:14 - 02706432 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb 2013-06-12 23:38 - 2013-05-14 11:23 - 02706432 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb 2013-06-12 23:38 - 2013-05-04 09:45 - 02233600 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tcpip.sys 2013-06-12 23:38 - 2013-04-29 00:30 - 13760512 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2013-06-12 23:38 - 2013-04-29 00:30 - 02877440 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll 2013-06-12 23:38 - 2013-04-29 00:30 - 02046976 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2013-06-12 23:38 - 2013-04-29 00:30 - 01767936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2013-06-12 23:38 - 2013-04-29 00:30 - 01141248 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2013-06-12 23:38 - 2013-04-29 00:30 - 00690688 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll 2013-06-12 23:38 - 2013-04-29 00:30 - 00493056 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll 2013-06-12 23:38 - 2013-04-29 00:28 - 03958784 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll 2013-06-12 23:38 - 2013-04-29 00:28 - 02241024 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll 2013-06-12 23:38 - 2013-04-29 00:28 - 01365504 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll 2013-06-12 23:38 - 2013-04-29 00:28 - 00915968 ____A (Microsoft Corporation) C:\Windows\System32\uxtheme.dll 2013-06-12 23:38 - 2013-04-29 00:28 - 00603136 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll 2013-06-12 23:38 - 2013-04-29 00:28 - 00051712 ____A (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe 2013-06-12 23:38 - 2013-04-29 00:27 - 15404544 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll 2013-06-12 23:38 - 2013-04-29 00:27 - 02647552 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll 2013-06-12 23:38 - 2013-04-29 00:27 - 00855552 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll 2013-06-12 23:38 - 2013-04-27 07:20 - 00733184 ____A (Microsoft Corporation) C:\Windows\System32\win32spl.dll 2013-06-12 23:38 - 2013-04-24 01:13 - 01013248 ____A (Microsoft Corporation) C:\Windows\SysWOW64\certutil.exe 2013-06-12 23:38 - 2013-04-24 01:12 - 01569792 ____A (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll 2013-06-12 23:38 - 2013-04-24 01:12 - 00109056 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll 2013-06-12 23:38 - 2013-04-24 00:56 - 01255936 ____A (Microsoft Corporation) C:\Windows\System32\certutil.exe 2013-06-12 23:38 - 2013-04-24 00:55 - 01889280 ____A (Microsoft Corporation) C:\Windows\System32\crypt32.dll 2013-06-12 23:38 - 2013-04-24 00:55 - 00141312 ____A (Microsoft Corporation) C:\Windows\System32\cryptnet.dll 2013-06-12 23:38 - 2013-04-24 00:55 - 00068096 ____A (Microsoft Corporation) C:\Windows\System32\cryptsvc.dll 2013-06-12 23:38 - 2013-04-03 01:37 - 00025088 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptdlg.dll 2013-06-12 23:38 - 2013-04-03 01:12 - 00030720 ____A (Microsoft Corporation) C:\Windows\System32\cryptdlg.dll 2013-06-02 16:47 - 2013-06-02 16:47 - 00000000 ____D C:\Users\Ich\AppData\Local\SniperV2 2013-06-02 16:47 - 2013-06-02 16:47 - 00000000 ____D C:\Users\Ich\AppData\Local\SKIDROW 2013-06-02 16:25 - 2013-06-02 16:25 - 00000000 ____D C:\ProgramData\Steam 2013-06-02 16:25 - 2013-06-02 16:25 - 00000000 ____D C:\ProgramData\Codemasters 2013-06-02 12:38 - 2013-06-02 12:38 - 00910330 ____A C:\Users\Ich\Desktop\1.Juni.2013.ZIP 2013-06-02 11:22 - 2013-06-02 11:22 - 00002908 ____A C:\Users\Public\Desktop\Quicken 2014.lnk 2013-05-27 19:12 - 2013-05-27 19:12 - 00000000 ____D C:\Users\Ich\AppData\Local\Franzis 2013-05-27 19:06 - 2013-05-27 19:06 - 00001113 ____A C:\Users\Public\Desktop\3D-Eisenbahnplaner 12.lnk 2013-05-27 19:06 - 2013-05-27 19:06 - 00000000 ____D C:\Users\Ich\Documents\Franzis 2013-05-27 19:05 - 2013-05-27 19:05 - 00000000 ____D C:\Program Files (x86)\Franzis 2013-05-25 09:56 - 2013-05-26 21:09 - 00000000 ____D C:\Users\Ich\Desktop\25.05.13 2013-05-23 23:30 - 2013-05-23 23:30 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox 2013-05-23 12:32 - 2013-04-09 07:33 - 00489576 ____A (Microsoft Corporation) C:\Windows\System32\AudioEng.dll 2013-05-23 12:32 - 2013-04-09 07:33 - 00446792 ____A (Microsoft Corporation) C:\Windows\System32\AudioSes.dll 2013-05-23 12:32 - 2013-04-09 07:33 - 00253544 ____A (Microsoft Corporation) C:\Windows\System32\audiodg.exe 2013-05-23 12:32 - 2013-04-09 07:20 - 00306952 ____A (Microsoft Corporation) C:\Windows\System32\kd_02_10ec.dll 2013-05-23 12:32 - 2013-04-09 07:20 - 00086280 ____A (Microsoft Corporation) C:\Windows\System32\kdnet.dll 2013-05-23 12:32 - 2013-04-09 07:18 - 00077960 ____A (Microsoft Corporation) C:\Windows\System32\kdvm.dll 2013-05-23 12:32 - 2013-04-09 07:17 - 01829408 ____A (Microsoft Corporation) C:\Windows\System32\ntdll.dll 2013-05-23 12:32 - 2013-04-09 06:52 - 00816128 ____A (Microsoft Corporation) C:\Windows\System32\SearchIndexer.exe 2013-05-23 12:32 - 2013-04-09 06:52 - 00804352 ____A (Microsoft Corporation) C:\Windows\System32\RecoveryDrive.exe 2013-05-23 12:32 - 2013-04-09 06:52 - 00373760 ____A (Microsoft Corporation) C:\Windows\System32\SearchProtocolHost.exe 2013-05-23 12:32 - 2013-04-09 06:52 - 00197120 ____A (Microsoft Corporation) C:\Windows\System32\SearchFilterHost.exe 2013-05-23 12:32 - 2013-04-09 06:52 - 00126464 ____A (Microsoft Corporation) C:\Windows\System32\Robocopy.exe 2013-05-23 12:32 - 2013-04-09 06:51 - 14267904 ____A (Microsoft Corporation) C:\Windows\System32\wmp.dll 2013-05-23 12:32 - 2013-04-09 06:51 - 03552768 ____A (Microsoft Corporation) C:\Windows\System32\tquery.dll 2013-05-23 12:32 - 2013-04-09 06:51 - 00595456 ____A (Microsoft Corporation) C:\Windows\System32\Windows.Networking.dll 2013-05-23 12:32 - 2013-04-09 06:51 - 00523264 ____A (Microsoft Corporation) C:\Windows\System32\XpsGdiConverter.dll 2013-05-23 12:32 - 2013-04-09 06:51 - 00456704 ____A (Microsoft Corporation) C:\Windows\System32\wpncore.dll 2013-05-23 12:32 - 2013-04-09 06:51 - 00391168 ____A (Microsoft Corporation) C:\Windows\System32\Windows.Networking.BackgroundTransfer.dll 2013-05-23 12:32 - 2013-04-09 06:51 - 00367616 ____A (Microsoft Corporation) C:\Windows\System32\conhost.exe 2013-05-23 12:32 - 2013-04-09 06:51 - 00099840 ____A (Microsoft Corporation) C:\Windows\System32\wscsvc.dll 2013-05-23 12:32 - 2013-04-09 06:50 - 02107904 ____A (Microsoft Corporation) C:\Windows\System32\mssrch.dll 2013-05-23 12:32 - 2013-04-09 06:50 - 01285632 ____A (Microsoft Corporation) C:\Windows\System32\schedsvc.dll 2013-05-23 12:32 - 2013-04-09 06:50 - 00745984 ____A (Microsoft Corporation) C:\Windows\System32\mssvp.dll 2013-05-23 12:32 - 2013-04-09 06:50 - 00435200 ____A (Microsoft Corporation) C:\Windows\System32\mssph.dll 2013-05-23 12:32 - 2013-04-09 06:50 - 00422400 ____A (Microsoft Corporation) C:\Windows\System32\schannel.dll 2013-05-23 12:32 - 2013-04-09 06:50 - 00414720 ____A (Microsoft Corporation) C:\Windows\System32\GenuineCenter.dll 2013-05-23 12:32 - 2013-04-09 06:50 - 00096256 ____A (Microsoft Corporation) C:\Windows\System32\mssprxy.dll 2013-05-23 12:32 - 2013-04-09 06:50 - 00065024 ____A (Microsoft Corporation) C:\Windows\System32\msscntrs.dll 2013-05-23 12:32 - 2013-04-09 06:50 - 00013824 ____A (Microsoft Corporation) C:\Windows\System32\msshooks.dll 2013-05-23 12:32 - 2013-04-09 06:49 - 01444864 ____A (Microsoft Corporation) C:\Windows\System32\MSAudDecMFT.dll 2013-05-23 12:32 - 2013-04-09 06:49 - 00817152 ____A (Microsoft Corporation) C:\Windows\System32\kerberos.dll 2013-05-23 12:32 - 2013-04-09 06:49 - 00468992 ____A (Microsoft Corporation) C:\Windows\System32\MFMediaEngine.dll 2013-05-23 12:32 - 2013-04-09 06:49 - 00281088 ____A (Microsoft Corporation) C:\Windows\System32\mfreadwrite.dll 2013-05-23 12:32 - 2013-04-09 06:49 - 00231936 ____A (Microsoft Corporation) C:\Windows\System32\fhengine.dll 2013-05-23 12:32 - 2013-04-09 06:49 - 00210432 ____A (Microsoft Corporation) C:\Windows\System32\iuilp.dll 2013-05-23 12:32 - 2013-04-09 06:49 - 00196096 ____A (Microsoft Corporation) C:\Windows\System32\dmvdsitf.dll 2013-05-23 12:32 - 2013-04-09 06:49 - 00172544 ____A (Microsoft Corporation) C:\Windows\System32\dwmredir.dll 2013-05-23 12:32 - 2013-04-09 06:49 - 00050176 ____A (Microsoft Corporation) C:\Windows\System32\fmifs.dll 2013-05-23 12:32 - 2013-04-09 06:48 - 00785408 ____A (Microsoft Corporation) C:\Windows\System32\audiosrv.dll 2013-05-23 12:32 - 2013-04-09 06:48 - 00169472 ____A (Microsoft Corporation) C:\Windows\System32\AudioEndpointBuilder.dll 2013-05-23 12:32 - 2013-04-09 04:35 - 04038144 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys 2013-05-23 12:32 - 2013-04-09 04:34 - 00095744 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\hidbth.sys 2013-05-23 12:32 - 2013-04-09 04:33 - 00623104 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\srv2.sys 2013-05-23 12:32 - 2013-04-09 04:33 - 00060416 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ndproxy.sys 2013-05-23 12:32 - 2013-04-09 04:32 - 00805376 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\PEAuth.sys 2013-05-23 12:32 - 2013-04-09 04:31 - 00247808 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\srvnet.sys 2013-05-23 12:32 - 2013-04-09 04:31 - 00083456 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\wanarp.sys 2013-05-23 12:32 - 2013-04-09 01:44 - 00123880 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wscapi.dll 2013-05-23 12:32 - 2013-04-09 01:39 - 01408896 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll 2013-05-23 12:32 - 2013-04-09 01:37 - 00426024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\AudioEng.dll 2013-05-23 12:32 - 2013-04-09 01:37 - 00324368 ____A (Microsoft Corporation) C:\Windows\SysWOW64\AudioSes.dll 2013-05-23 12:32 - 2013-04-08 23:52 - 11878912 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wmp.dll 2013-05-23 12:32 - 2013-04-08 23:52 - 00670208 ____A (Microsoft Corporation) C:\Windows\SysWOW64\SearchIndexer.exe 2013-05-23 12:32 - 2013-04-08 23:52 - 00364544 ____A (Microsoft Corporation) C:\Windows\SysWOW64\XpsGdiConverter.dll 2013-05-23 12:32 - 2013-04-08 23:52 - 00302592 ____A (Microsoft Corporation) C:\Windows\SysWOW64\SearchProtocolHost.exe 2013-05-23 12:32 - 2013-04-08 23:52 - 00171008 ____A (Microsoft Corporation) C:\Windows\SysWOW64\SearchFilterHost.exe 2013-05-23 12:32 - 2013-04-08 23:52 - 00106496 ____A (Microsoft Corporation) C:\Windows\SysWOW64\Robocopy.exe 2013-05-23 12:32 - 2013-04-08 23:51 - 02767360 ____A (Microsoft Corporation) C:\Windows\SysWOW64\tquery.dll 2013-05-23 12:32 - 2013-04-08 23:51 - 01593344 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mssrch.dll 2013-05-23 12:32 - 2013-04-08 23:51 - 01113600 ____A (Microsoft Corporation) C:\Windows\SysWOW64\MSAudDecMFT.dll 2013-05-23 12:32 - 2013-04-08 23:51 - 00659456 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mssvp.dll 2013-05-23 12:32 - 2013-04-08 23:51 - 00656896 ____A (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll 2013-05-23 12:32 - 2013-04-08 23:51 - 00411136 ____A (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Networking.dll 2013-05-23 12:32 - 2013-04-08 23:51 - 00403968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mssph.dll 2013-05-23 12:32 - 2013-04-08 23:51 - 00361984 ____A (Microsoft Corporation) C:\Windows\SysWOW64\MFMediaEngine.dll 2013-05-23 12:32 - 2013-04-08 23:51 - 00324096 ____A (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll 2013-05-23 12:32 - 2013-04-08 23:51 - 00268800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Networking.BackgroundTransfer.dll 2013-05-23 12:32 - 2013-04-08 23:51 - 00214528 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mfreadwrite.dll 2013-05-23 12:32 - 2013-04-08 23:51 - 00186880 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mssphtb.dll 2013-05-23 12:32 - 2013-04-08 23:51 - 00155648 ____A (Microsoft Corporation) C:\Windows\SysWOW64\dmvdsitf.dll 2013-05-23 12:32 - 2013-04-08 23:51 - 00041984 ____A (Microsoft Corporation) C:\Windows\SysWOW64\fmifs.dll 2013-05-23 12:32 - 2013-04-08 23:51 - 00035328 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mssprxy.dll 2013-05-23 12:32 - 2013-04-08 23:51 - 00010752 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msshooks.dll 2013-05-23 12:32 - 2013-04-05 01:30 - 00503080 ____A (Microsoft Corporation) C:\Windows\System32\ci.dll 2013-05-23 12:32 - 2013-03-30 20:16 - 01403784 ____A (Microsoft Corporation) C:\Windows\System32\winload.efi 2013-05-23 12:32 - 2013-03-30 20:16 - 01267424 ____A (Microsoft Corporation) C:\Windows\System32\winload.exe 2013-05-23 12:32 - 2013-03-29 00:09 - 01217328 ____A (Microsoft Corporation) C:\Windows\System32\winresume.efi 2013-05-23 12:32 - 2013-03-29 00:09 - 01093880 ____A (Microsoft Corporation) C:\Windows\System32\winresume.exe 2013-05-23 12:32 - 2013-03-16 00:05 - 00298456 ____A (Microsoft Corporation) C:\Windows\System32\rsaenh.dll 2013-05-23 12:32 - 2013-03-16 00:05 - 00252928 ____A (Microsoft Corporation) C:\Windows\SysWOW64\rsaenh.dll 2013-05-23 12:32 - 2012-12-13 06:00 - 00002048 ____A (Microsoft Corporation) C:\Windows\System32\tzres.dll 2013-05-23 12:32 - 2012-12-13 05:59 - 00002048 ____A (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll 2013-05-20 16:50 - 2013-04-16 04:34 - 01455368 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\dxgkrnl.sys ==================== One Month Modified Files and Folders ======= 2013-06-19 19:39 - 2013-06-19 19:39 - 00000000 ____D C:\FRST 2013-06-19 19:38 - 2013-06-19 19:39 - 01928350 ____A (Farbar) C:\Users\Ich\Desktop\FRST64.exe 2013-06-19 19:34 - 2012-12-30 11:29 - 00753134 ____A C:\Windows\System32\perfh007.dat 2013-06-19 19:34 - 2012-12-30 11:29 - 00155826 ____A C:\Windows\System32\perfc007.dat 2013-06-19 19:34 - 2012-07-26 09:28 - 01745416 ____A C:\Windows\System32\PerfStringBackup.INI 2013-06-19 19:28 - 2013-02-01 21:28 - 00000000 ____D C:\Program Files (x86)\Origin 2013-06-19 19:28 - 2012-07-26 09:22 - 00000006 ___AH C:\Windows\Tasks\SA.DAT 2013-06-18 21:13 - 2012-07-26 07:26 - 00786432 __ASH C:\Windows\System32\config\BBI 2013-06-18 21:02 - 2012-07-26 10:12 - 00000000 ____D C:\Windows\System32\sru 2013-06-18 21:01 - 2013-01-31 16:51 - 01965680 ____A C:\Windows\WindowsUpdate.log 2013-06-18 20:24 - 2012-07-26 10:12 - 00000000 ____D C:\Windows\AUInstallAgent 2013-06-18 20:16 - 2013-01-31 17:59 - 00000884 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job 2013-06-18 19:14 - 2013-01-31 21:20 - 00000000 ____D C:\Users\Ich\AppData\Roaming\vlc 2013-06-18 19:03 - 2013-06-18 18:56 - 00000000 ____D C:\Users\Ich\Desktop\Neuer Ordner 2013-06-18 15:27 - 2013-06-17 20:37 - 00000000 ____D C:\Program Files (x86)\TrojanHunter 5.5 2013-06-18 15:21 - 2013-06-18 15:21 - 00001103 ____A C:\Users\Public\Desktop\Trojan Remover.lnk 2013-06-18 15:21 - 2013-06-18 15:21 - 00000000 ____D C:\Users\Ich\Documents\Simply Super Software 2013-06-18 15:21 - 2013-06-18 15:21 - 00000000 ____D C:\Users\Ich\AppData\Roaming\Simply Super Software 2013-06-18 15:21 - 2013-06-18 15:21 - 00000000 ____D C:\ProgramData\Simply Super Software 2013-06-18 15:21 - 2013-06-18 15:21 - 00000000 ____D C:\Program Files (x86)\Trojan Remover 2013-06-18 15:20 - 2013-06-18 15:20 - 00431720 ____A C:\Windows\System32\FNTCACHE.DAT 2013-06-17 22:25 - 2013-02-01 21:56 - 00000000 ____D C:\Users\Ich\AppData\Local\CrashDumps 2013-06-17 22:13 - 2012-07-26 10:12 - 00000000 ____D C:\Windows\rescache 2013-06-17 21:24 - 2013-06-17 21:24 - 00000000 ____D C:\Users\Ich\AppData\Roaming\TrojanHunter 2013-06-17 21:24 - 2012-07-26 10:12 - 00000000 ___RD C:\Windows\ToastData 2013-06-17 21:24 - 2012-07-26 10:12 - 00000000 ____D C:\Windows\WinStore 2013-06-17 21:24 - 2012-07-26 10:12 - 00000000 ____D C:\Program Files\Windows Photo Viewer 2013-06-17 21:24 - 2012-07-26 10:12 - 00000000 ____D C:\Program Files (x86)\Windows Photo Viewer 2013-06-17 21:24 - 2012-07-26 07:38 - 00000000 ____D C:\Windows\SysWOW64\Dism 2013-06-17 21:24 - 2012-07-26 07:38 - 00000000 ____D C:\Windows\System32\Dism 2013-06-17 20:37 - 2013-06-17 20:37 - 00059392 ____R C:\Windows\SysWOW64\streamhlp.dll 2013-06-17 20:37 - 2013-06-17 20:37 - 00000969 ____A C:\Users\Ich\Desktop\TrojanHunter.lnk 2013-06-17 20:37 - 2013-06-17 20:37 - 00000000 ____D C:\ProgramData\TrojanHunter 2013-06-17 20:29 - 2013-02-01 11:03 - 00000000 ____D C:\Users\Ich\AppData\Local\Deployment 2013-06-15 23:46 - 2013-02-03 20:15 - 00000000 ____D C:\Users\Ich\AppData\Roaming\Skype 2013-06-15 17:47 - 2013-02-03 20:15 - 00000000 ___RD C:\Program Files (x86)\Skype 2013-06-15 17:47 - 2013-02-03 20:15 - 00000000 ____D C:\ProgramData\Skype 2013-06-14 11:56 - 2012-11-02 05:02 - 00045958 ____A C:\Windows\PFRO.log 2013-06-13 23:55 - 2013-04-25 15:17 - 00000000 ____D C:\Program Files\Microsoft Office 15 2013-06-13 12:07 - 2013-02-01 20:28 - 75825640 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe 2013-06-05 00:09 - 2012-07-26 10:14 - 00693112 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2013-06-05 00:09 - 2012-07-26 10:14 - 00078200 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2013-06-04 15:05 - 2013-02-01 21:29 - 00000000 ____D C:\Users\Ich\AppData\Roaming\Origin 2013-06-04 15:05 - 2013-02-01 21:29 - 00000000 ____D C:\Users\Ich\AppData\Local\Origin 2013-06-02 20:46 - 2012-07-26 09:21 - 00071961 ____A C:\Windows\setupact.log 2013-06-02 19:03 - 2013-01-31 16:51 - 00000000 ____D C:\Users\Ich\AppData\Local\Packages 2013-06-02 16:47 - 2013-06-02 16:47 - 00000000 ____D C:\Users\Ich\AppData\Local\SniperV2 2013-06-02 16:47 - 2013-06-02 16:47 - 00000000 ____D C:\Users\Ich\AppData\Local\SKIDROW 2013-06-02 16:25 - 2013-06-02 16:25 - 00000000 ____D C:\ProgramData\Steam 2013-06-02 16:25 - 2013-06-02 16:25 - 00000000 ____D C:\ProgramData\Codemasters 2013-06-02 16:25 - 2013-03-08 20:00 - 00000000 ____D C:\Users\Ich\Documents\My Games 2013-06-02 12:38 - 2013-06-02 12:38 - 00910330 ____A C:\Users\Ich\Desktop\1.Juni.2013.ZIP 2013-06-02 11:22 - 2013-06-02 11:22 - 00002908 ____A C:\Users\Public\Desktop\Quicken 2014.lnk 2013-06-02 11:22 - 2012-07-26 10:12 - 00000000 ____D C:\Windows\Help 2013-05-31 01:24 - 2013-06-17 18:50 - 01257472 ____A (Microsoft Corporation) C:\Windows\System32\kernel32.dll 2013-05-31 01:08 - 2013-06-17 18:50 - 00974848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll 2013-05-27 19:12 - 2013-05-27 19:12 - 00000000 ____D C:\Users\Ich\AppData\Local\Franzis 2013-05-27 19:06 - 2013-05-27 19:06 - 00001113 ____A C:\Users\Public\Desktop\3D-Eisenbahnplaner 12.lnk 2013-05-27 19:06 - 2013-05-27 19:06 - 00000000 ____D C:\Users\Ich\Documents\Franzis 2013-05-27 19:05 - 2013-05-27 19:05 - 00000000 ____D C:\Program Files (x86)\Franzis 2013-05-27 19:05 - 2013-02-01 21:44 - 00037414 ____A C:\Windows\DirectX.log 2013-05-26 21:09 - 2013-05-25 09:56 - 00000000 ____D C:\Users\Ich\Desktop\25.05.13 2013-05-24 23:19 - 2013-01-31 16:57 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service 2013-05-24 01:01 - 2013-06-17 17:44 - 01300992 ____A (Microsoft Corporation) C:\Windows\System32\gdi32.dll 2013-05-24 00:27 - 2013-06-17 17:44 - 01022464 ____A (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll 2013-05-23 23:30 - 2013-05-23 23:30 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox 2013-05-20 21:02 - 2013-02-01 21:55 - 00000000 ____D C:\Users\Ich\Documents\FIFA 13 ==================== Bamital & volsnap Check ================= C:\Windows\System32\winlogon.exe => MD5 is legit C:\Windows\System32\wininit.exe => MD5 is legit C:\Windows\explorer.exe => MD5 is legit C:\Windows\SysWOW64\explorer.exe => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\SysWOW64\svchost.exe => MD5 is legit C:\Windows\System32\services.exe => MD5 is legit C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\SysWOW64\User32.dll => MD5 is legit C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\SysWOW64\userinit.exe => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit LastRegBack: 2013-06-13 12:05 ==================== End Of Log ============================ --- --- --- --- --- --- Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x64) Version: 19-06-2013 Ran by Ich at 2013-06-19 19:39:41 Run: Running from C:\Users\Ich\Desktop Boot Mode: Normal ========================================================== ==================== Installed Programs ======================= clear.fi SDK - Video 2 (Version: 2.1.1925) clear.fi SDK- Movie 2 (Version: 2.1.2008) Acer Backup Manager (Version: 4.0.0.0071) Acer Device Fast-lane (Version: 1.00.3007) Acer Instant Update Service (Version: 1.00.3013) Acer Power Management (Version: 7.00.3006) Acer Recovery Management (Version: 6.00.3011) AcerCloud (Version: 2.01.3115) AcerCloud Docs (Version: 1.00.3201) Adobe Flash Player 11 Plugin (Version: 11.7.700.224) Adobe Reader XI (11.0.03) - Deutsch (Version: 11.0.03) Amazon MP3-Downloader 1.0.17 (Version: 1.0.17) Apple Application Support (Version: 2.3.3) Apple Mobile Device Support (Version: 6.1.0.13) Apple Software Update (Version: 2.1.3.127) Backup Manager v4 (Version: 4.0.0.0071) Bonjour (Version: 3.0.0.10) Broadcom Card Reader Driver Installer (Version: 15.4.7.1) Carbon (Version: 1.0.0) clear.fi Media (Version: 2.01.3108) clear.fi Photo (Version: 2.01.3108) CyberLink MediaEspresso 6.5 (Version: 6.5.3103_44819) DDBAC (Version: 5.3.10) Dolby Home Theater v4 (Version: 7.2.8000.13) ElsterFormular (Version: 14.1.11318) ETDWare PS/2-X64 11.6.9.001_WHQL (Version: 11.6.9.001) Euro Truck Simulator 2 (Version: 1.0.2) F1 2012 Version V1.0 (Version: V1.0) FIFA 13 (Version: 1.0.0.0) Franzis 3D-Eisenbahnplaner 12 (Version: 12.09) Identity Card (Version: 2.00.3004) iLivid (Version: 4.0.0.2624) Intel(R) Management Engine Components (Version: 8.1.0.1252) Intel(R) Processor Graphics (Version: 9.17.10.2867) Intel(R) Rapid Storage Technology (Version: 11.5.0.1207) Intel(R) SDK for OpenCL - CPU Only Runtime Package (Version: 2.0.0.37149) Intel® Trusted Connect Service Client (Version: 1.24.388.1) iTunes (Version: 11.0.2.26) Java 7 Update 21 (Version: 7.0.210) Java Auto Updater (Version: 2.1.9.5) Java(TM) 6 Update 21 (Version: 6.0.210) Landwirtschafts Simulator 2013 (Version: 1.0) Launch Manager (Version: 7.0.5) Lexware Info Service (Version: 2.90.00.0009) Lexware online banking (Version: 19.00.00.0059) Live Updater (Version: 2.00.3004) Logitech Media Server 7.7.2 (Version: 7.7.2) Media Go (Version: 2.4.256) Media Go Video Playback Engine 1.116.109.02030 (Version: 1.116.109.02030) Microsoft Office Professional Plus 2013 - de-de (Version: 15.0.4505.1510) Microsoft Silverlight (Version: 4.0.51204.0) Microsoft Visual C++ 2005 Redistributable (Version: 8.0.59193) Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (Version: 9.0.30729) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (Version: 10.0.40219) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (Version: 10.0.40219) Microsoft Visual Studio 2005 Tools for Office Runtime (Version: 8.0.60940.0) Mozilla Firefox 21.0 (x86 de) (Version: 21.0) Mozilla Maintenance Service (Version: 21.0) MyWinLocker (Version: 4.0.14.35) MyWinLocker 4 (Version: 4.0.14.35) MyWinLocker Suite (Version: 4.0.14.24) NTI Media Maker 9 (Version: 9.0.2.9008) NVIDIA Grafiktreiber 307.17 (Version: 307.17) NVIDIA Install Application (Version: 2.1002.85.551) NVIDIA Optimus 1.10.8 (Version: 1.10.8) NVIDIA PhysX (Version: 9.12.0613) NVIDIA PhysX-Systemsoftware 9.12.0613 (Version: 9.12.0613) NVIDIA Systemsteuerung 307.17 (Version: 307.17) NVIDIA Update 1.10.8 (Version: 1.10.8) NVIDIA Update Components (Version: 1.10.8) Office 15 Click-to-Run Extensibility Component (Version: 15.0.4505.1510) Office 15 Click-to-Run Licensing Component (Version: 15.0.4505.1510) Office 15 Click-to-Run Localization Component (Version: 15.0.4505.1510) Office Addin (Version: 2.01.3200) Origin (Version: 9.0.10.69) Paragon Backup and Recovery™ 12 Home (Version: 90.00.0003) Paragon Partition Manager™ 12 Professional (Version: 90.00.0003) Picasa 3 (Version: 3.9) PlayStation(R)Store (Version: 4.14.6.15183) Qualcomm Atheros Bluetooth Suite (64) (Version: 8.0.0.220) Qualcomm Atheros WLAN and Bluetooth Client Installation Program (Version: 11.41) Quicken 2014 (Version: 21.31.00.0109) Quicken Import Export Server Jubiläumsversion (Version: 20.30.00.0099) Quicken Jubiläumsversion (Version: 20.36.00.0134) Realtek High Definition Audio Driver (Version: 6.0.1.6657) SAMSUNG USB Driver for Mobile Phones (Version: 1.4.4.0) Shared C Run-time for x64 (Version: 10.0.0) Shredder (Version: 2.0.8.9) Skype™ 6.3 (Version: 6.3.107) Sony Ericsson Update Engine (Version: 2.13.4.20) Sony PC Companion 2.10.155 (Version: 2.10.155) Spotify (Version: 0.8.4.99.ga249b5f1) Trojan Remover 6.8.6 (Version: 6.8.6) TrojanHunter 5.5 (Version: 5.5) Visual Studio 2005 Tools for Office Second Edition Runtime Visual Studio Tools for the Office system 3.0 Runtime Visual Studio Tools for the Office system 3.0 Runtime (Version: 9.0.30729) Visual Studio Tools for the Office system 3.0 Runtime Service Pack 1 (KB949258) (Version: 1) VLC media player 2.0.6 (Version: 2.0.6) WinRAR 4.20 (64-Bit) (Version: 4.20.0) ==================== Restore Points ========================= ==================== Scheduled Tasks (whitelisted) ============= Task: {0E52EC20-206D-402D-AE62-58B24385DD48} - System32\Tasks\Microsoft\Windows\WindowsUpdate\AUFirmwareInstall Task: {10D85952-E3F6-47A1-96CF-5E1C2D874EA6} - System32\Tasks\Microsoft\Windows\SystemRestore\SR => C:\Windows\system32\srtasks.exe [2012-07-26] (Microsoft Corporation) Task: {13A2AC02-B682-48CC-9155-2E2673580117} - System32\Tasks\Microsoft\Windows\.NET Framework\.NET Framework NGEN v4.0.30319 64 Critical Task: {151DC32B-6BF6-407A-985C-3FEFBC194AC4} - System32\Tasks\Power Management => C:\Program Files\Acer\Acer Power Management\ePowerTray.exe [2012-08-22] (Acer Incorporated) Task: {17644F17-DC4C-4AC8-9444-7AAA52EB5CDC} - System32\Tasks\Microsoft\Windows\NetCfg\BindingWorkItemQueueHandler Task: {1AAFF332-5C62-4558-9991-DAA649C4C9C5} - System32\Tasks\Microsoft\Windows\Sysmain\WsSwapAssessmentTask => C:\Windows\system32\rundll32.exe [2012-07-26] (Microsoft Corporation) Task: {1BC6CD4F-C47F-4169-84FC-64FE71E55651} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\Program Files\Windows Defender\MpCmdRun.exe [2013-01-29] (Microsoft Corporation) Task: {1DB7C2F1-876C-4F24-AD17-8428211113F9} - System32\Tasks\Microsoft\Windows\MemoryDiagnostic\ProcessMemoryDiagnosticEvents Task: {20A38B43-1CB9-45E3-A803-F57AE2316C39} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-06-11] (Adobe Systems Incorporated) Task: {20AEB2BE-C59C-4215-A534-6EA1509BB0C2} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\Program Files\Windows Defender\MpCmdRun.exe [2013-01-29] (Microsoft Corporation) Task: {214B24F4-FEB4-4C59-AF1F-70136065199C} - System32\Tasks\Microsoft\Windows\Shell\IndexerAutomaticMaintenance Task: {23700E5C-0E77-499D-908A-415D5C6252F4} - System32\Tasks\Microsoft\Windows\Plug and Play\Device Install Group Policy Task: {23A5D8BE-9196-40EB-BD89-794398B2B073} - System32\Tasks\Microsoft\Windows\WS\WSRefreshBannedAppsListTask => C:\Windows\System32\rundll32.exe [2012-07-26] (Microsoft Corporation) Task: {27949D9D-ABF9-436E-A568-6B88DBF87C2B} - System32\Tasks\DeviceDetector => C:\Program Files (x86)\CyberLink\MediaEspresso\DeviceDetector\DeviceDetector.exe [2012-07-04] (CyberLink) Task: {2C6B9EA8-7F5A-4ABA-BF96-8D352D02A743} - System32\Tasks\Microsoft\Windows\Device Setup\Metadata Refresh Task: {2E030FA7-3D7C-4E1D-8CFE-56ADB26FD402} - System32\Tasks\Microsoft\Windows\PI\Sqm-Tasks Task: {3054485A-F517-4E95-9977-4DD827B1E9B3} - System32\Tasks\Microsoft\Windows\WS\Badge Update Task: {3764ACD2-537D-4A2A-B876-701C956B9C2B} - System32\Tasks\ALU => C:\Program Files (x86)\Acer\Live Updater\updater.exe [2012-08-30] () Task: {378401BA-A703-444A-A79C-3C47AD2DC5B6} - System32\Tasks\Microsoft\Windows\TaskScheduler\Maintenance Configurator Task: {3AE164E7-30CD-40BC-9422-3EC7A5618965} - System32\Tasks\Microsoft\Windows\WS\WSTask Task: {3C490ABD-D849-41AF-9AC4-87DD759B0996} - System32\Tasks\Microsoft\Windows\Power Efficiency Diagnostics\AnalyzeSystem Task: {4073C1B3-6E16-4AA8-B7F3-C6A6D35D5071} - System32\Tasks\Microsoft\Windows\TPM\Tpm-Maintenance Task: {44B3F1B8-5943-4072-8D8C-A9484676AC44} - System32\Tasks\Microsoft\Windows\Live\Roaming\SynchronizeWithStorage Task: {483A8F5C-5D26-44B5-B49E-AF6741D1BBEB} - System32\Tasks\Microsoft\Windows\Mobile Broadband Accounts\MNO Metadata Parser => C:\Windows\System32\MbaeParserTask.exe [2012-07-26] (Microsoft Corporation) Task: {4B952129-9AE9-41A3-BE2B-8AD2E06F66B6} - System32\Tasks\Microsoft\Windows\SoftwareProtectionPlatform\SvcRestartTaskLogon Task: {4D02C09C-7EC1-4366-89F4-A63219B60ED6} - System32\Tasks\iuBrowserIEAgent => C:\Program Files\Acer\Acer Instant Service\InstantUpdate\iuBrowserIEAgent.exe [2012-08-23] () Task: {4F7077FA-924B-440E-B01D-813E83EF0CF6} - System32\Tasks\CreateChoiceProcessTask => C:\Windows\BrowserChoice\browserchoice.exe [2012-08-15] (Microsoft Corporation) Task: {5755E746-D7ED-4C20-A472-66C11834CDE4} - System32\Tasks\Microsoft\Windows\TaskScheduler\Manual Maintenance Task: {5C4EFB77-EFA6-45DF-A373-D795C0725BFF} - System32\Tasks\Microsoft\Windows\Plug and Play\Device Install Reboot Required Task: {5D1288AE-6512-4DC3-9CDC-DAA033BE0115} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe [2013-06-06] (Microsoft Corporation) Task: {627441F3-8526-4B62-BF9A-1A3EA414E71A} - System32\Tasks\Microsoft\Windows\SpacePort\SpaceAgentTask => C:\Windows\system32\SpaceAgent.exe [2012-07-26] (Microsoft Corporation) Task: {663EB214-F92A-40A7-A6C5-10F4EBA73482} - System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2639919565-979996941-1917665556-1002 Task: {69AC89AD-0274-4668-8047-BEEAA6D194B4} - System32\Tasks\PMMUpdate => C:\Program Files\EgisTec IPS\PMMUpdate.exe [2012-07-12] (Egis Technology Inc.) Task: {6E9DE125-5583-4031-B572-FEE48F25CFFF} - System32\Tasks\Microsoft\Windows\Shell\FamilySafetyMonitor => C:\Windows\System32\wpcmon.exe [2012-09-20] (Microsoft Corporation) Task: {6FDDEA7C-6310-428D-AEB2-54FFC72811EF} - System32\Tasks\Microsoft\Windows\.NET Framework\.NET Framework NGEN v4.0.30319 Task: {74096F94-B654-4DB0-96F5-3C3408B92FE3} - System32\Tasks\Microsoft\Windows\PI\Secure-Boot-Update Task: {7D9A9A1C-499C-40A6-8F8A-5BCC4CC9A87C} - System32\Tasks\Microsoft\Windows\TaskScheduler\Regular Maintenance Task: {82B33C67-F329-458D-B9FC-BD1FEDEC1E40} - System32\Tasks\iuEmailOutlookAgent => C:\Program Files\Acer\Acer Instant Service\InstantUpdate\iuEmailOutlookAgent.exe [2012-08-23] () Task: {845CB020-68B5-4C6B-9876-7BEC7B3E27AC} - System32\Tasks\Microsoft\Windows\TaskScheduler\Idle Maintenance Task: {87354DAA-66DF-4B41-9346-15958D96E1D2} - System32\Tasks\Microsoft\Windows\FileHistory\File History (maintenance mode) Task: {88E528C1-9C97-41D5-B6C9-E8D6C12330DF} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office 15\root\Office15\msoia.exe [2013-06-13] (Microsoft Corporation) Task: {8D71B8DF-2A46-4C7B-90D9-CCFC5BFDBD95} - System32\Tasks\EgisUpdate => C:\Program Files\EgisTec IPS\EgisUpdate.exe [2012-07-12] (Egis Technology Inc.) Task: {921A1D4E-32FB-46D7-B6C0-6F467884074D} - System32\Tasks\Microsoft\Windows\WS\Sync Licenses Task: {9479EF8E-11D4-41B3-9783-CC65070D592D} - System32\Tasks\Microsoft\Windows\Time Synchronization\ForceSynchronizeTime Task: {94DCF254-64FB-4C4E-8E12-5F4055C10C2A} - System32\Tasks\Microsoft\Windows\.NET Framework\.NET Framework NGEN v4.0.30319 64 Task: {989A7C6D-BE82-4C3C-AF96-6116039E336B} - System32\Tasks\Microsoft\Windows\MemoryDiagnostic\RunFullMemoryDiagnostic Task: {A72208BF-7A49-4FB8-B684-252375F3443A} - System32\Tasks\Microsoft\Windows\WS\License Validation => C:\Windows\System32\rundll32.exe [2012-07-26] (Microsoft Corporation) Task: {A800277E-E202-4492-AD38-3312641CBC04} - System32\Tasks\Microsoft\Windows\Live\Roaming\MaintenanceTask Task: {AB62FA47-2C99-44B1-A5D0-D4161423BE43} - System32\Tasks\Microsoft\Windows\Shell\FamilySafetyRefresh Task: {AB96B97B-39C2-46A2-876A-EEB6AE199033} - System32\Tasks\Microsoft\Windows\Servicing\StartComponentCleanup => C:\Windows\System32\dism.exe [2012-07-26] (Microsoft Corporation) Task: {AC6259DE-AC59-459E-849E-6ADFFD1ADE63} - System32\Tasks\Microsoft\Windows\Shell\CreateObjectTask Task: {ADC49FC3-377E-422F-B07A-70BCACB1A72F} - System32\Tasks\Microsoft\Windows\WindowsUpdate\Scheduled Start => C:\Windows\system32\sc.exe [2012-07-26] (Microsoft Corporation) Task: {AEB0B5BD-B9E5-458A-898A-E559BD9EB51B} - System32\Tasks\Microsoft\Windows\SettingSync\BackgroundUploadTask Task: {AF549BD8-337C-4BF7-8681-36A182E30507} - System32\Tasks\Microsoft\Windows\Chkdsk\ProactiveScan Task: {B4ACA1C1-0B05-4B67-AFB7-D89F2782507D} - System32\Tasks\Microsoft\Windows\WindowsUpdate\AUSessionConnect Task: {BC76AEF7-2CF0-4EB6-B65B-A8803E0B5E12} - System32\Tasks\Microsoft\Windows\AppID\SmartScreenSpecific Task: {C1ACCD1E-4385-4FB2-B5E4-7F2A57A626A2} - System32\Tasks\Microsoft\Windows\Data Integrity Scan\Data Integrity Scan Task: {C463FD1E-31C7-4C20-AB65-08E514CA152D} - System32\Tasks\Microsoft\Windows\IME\SQM data sender Task: {C6A88F2D-53D2-4805-9D69-443738A1847C} - System32\Tasks\Microsoft\Windows\ApplicationData\CleanupTemporaryState => C:\Windows\system32\rundll32.exe [2012-07-26] (Microsoft Corporation) Task: {CB4911EC-ABF9-434B-B750-BF7C7CAE2855} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\Program Files\Windows Defender\MpCmdRun.exe [2013-01-29] (Microsoft Corporation) Task: {CD1054FF-8005-4904-8B9C-436EAB1E2021} - System32\Tasks\Microsoft\Windows\SoftwareProtectionPlatform\SvcRestartTaskNetwork Task: {DBCF6E1B-CE0A-441E-B7A5-219C8BE50C65} - System32\Tasks\Microsoft\Windows\.NET Framework\.NET Framework NGEN v4.0.30319 Critical Task: {DDADEDBD-2B56-4634-9D9F-F4CED38F85BA} - System32\Tasks\ALUAgent => C:\Program Files (x86)\Acer\Live Updater\liveupdater_agent.exe [2012-06-22] () Task: {DECE5921-598D-454B-9A04-B2DE95EFC1B3} - System32\Tasks\Microsoft\Windows\Data Integrity Scan\Data Integrity Scan for Crash Recovery Task: {DFFB02A5-1584-478D-BAE7-AC542E680AA2} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\Program Files\Windows Defender\MpCmdRun.exe [2013-01-29] (Microsoft Corporation) Task: {E362B774-061C-4883-A305-3D84DD76F7EF} - System32\Tasks\Microsoft\Windows\WindowsUpdate\AUScheduledInstall Task: {E4A7CAAA-1D90-466F-A3C8-356E649A5C16} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office 15\root\Office15\msoia.exe [2013-06-13] (Microsoft Corporation) Task: {E4DFE66F-E089-4CC3-A70F-957223D565F4} - System32\Tasks\Microsoft\Windows\SoftwareProtectionPlatform\SvcRestartTask Task: {E8DAA09B-DF2A-4951-9134-6FA9587793F9} - System32\Tasks\Microsoft\Windows\Plug and Play\Sysprep Generalize Drivers => C:\Windows\System32\drvinst.exe [2012-09-20] (Microsoft Corporation) Task: {EBF06DEC-4228-4813-AC0C-62821AE4E330} - System32\Tasks\Microsoft\Windows\Application Experience\StartupAppTask => C:\Windows\system32\rundll32.exe [2012-07-26] (Microsoft Corporation) Task: {ED0C1F69-C3A2-41EA-B8C3-3F0D83A1F6C0} - System32\Tasks\Microsoft\Windows\Customer Experience Improvement Program\BthSQM Task: {F810CDB1-8847-4D0A-B1DC-0F5CEBD133B2} - System32\Tasks\WPD\SqmUpload_S-1-5-21-2639919565-979996941-1917665556-1002 => C:\Windows\system32\rundll32.exe [2012-07-26] (Microsoft Corporation) ==================== Faulty Device Manager Devices ============= ==================== Event log errors: ========================= Application errors: ================== Error: (06/18/2013 05:01:18 PM) (Source: Bonjour Service) (User: ) Description: Task Scheduling Error: m->NextScheduledSPRetry 1187 Error: (06/18/2013 05:01:18 PM) (Source: Bonjour Service) (User: ) Description: Task Scheduling Error: m->NextScheduledEvent 1187 Error: (06/18/2013 05:01:18 PM) (Source: Bonjour Service) (User: ) Description: Task Scheduling Error: Continuously busy for more than a second Error: (06/18/2013 03:40:46 PM) (Source: System Restore) (User: ) Description: Fehler beim Erstellen des Wiederherstellungspunkts (Prozess = C:\Windows\system32\srtasks.exe ExecuteScheduledSPPCreation; Beschreibung = Geplanter Prüfpunkt; Fehler = 0x80070422). Error: (06/17/2013 10:24:57 PM) (Source: Application Error) (User: ) Description: Name der fehlerhaften Anwendung: TrojanHunter.exe, Version: 5.5.0.1002, Zeitstempel: 0x2a425e19 Name des fehlerhaften Moduls: TrojanHunter.exe, Version: 5.5.0.1002, Zeitstempel: 0x2a425e19 Ausnahmecode: 0xc0000005 Fehleroffset: 0x0004bb42 ID des fehlerhaften Prozesses: 0x195c Startzeit der fehlerhaften Anwendung: 0xTrojanHunter.exe0 Pfad der fehlerhaften Anwendung: TrojanHunter.exe1 Pfad des fehlerhaften Moduls: TrojanHunter.exe2 Berichtskennung: TrojanHunter.exe3 Vollständiger Name des fehlerhaften Pakets: TrojanHunter.exe4 Anwendungs-ID, die relativ zum fehlerhaften Paket ist: TrojanHunter.exe5 Error: (06/17/2013 07:11:07 PM) (Source: System Restore) (User: ) Description: Fehler beim Erstellen des Wiederherstellungspunkts (Prozess = C:\Windows\winsxs\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_6.2.9200.16455_none_624a7aa150f57306\TiWorker.exe -Embedding; Beschreibung = Windows Modules Installer; Fehler = 0x80070422). Error: (06/17/2013 07:11:07 PM) (Source: System Restore) (User: ) Description: Fehler beim Erstellen des Wiederherstellungspunkts (Prozess = C:\Windows\system32\svchost.exe -k netsvcs; Beschreibung = Windows Update; Fehler = 0x80070422). Error: (06/16/2013 09:08:51 PM) (Source: Bonjour Service) (User: ) Description: ERROR: handle_resolve_request bad interfaceIndex 24 Error: (06/16/2013 09:08:51 PM) (Source: Bonjour Service) (User: ) Description: ERROR: handle_resolve_request bad interfaceIndex 23 Error: (06/16/2013 09:08:51 PM) (Source: Bonjour Service) (User: ) Description: ERROR: handle_resolve_request bad interfaceIndex 22 System errors: ============= Error: (06/15/2013 09:15:13 PM) (Source: EventLog) (User: ) Description: Das System wurde zuvor am ?15.?06.?2013 um 20:52:01 unerwartet heruntergefahren. Error: (06/13/2013 11:35:53 PM) (Source: DCOM) (User: Rudi) Description: AnwendungsspezifischLokalStart{7022A3B3-D004-4F52-AF11-E9E987FEE25F}{ADA41B3C-C6FD-4A08-8CC1-D6EFDE67BE7D}RudiIchS-1-5-21-2639919565-979996941-1917665556-1002LocalHost (unter Verwendung von LRPC)Nicht verfügbarNicht verfügbar Error: (06/03/2013 06:56:27 PM) (Source: EventLog) (User: ) Description: Das System wurde zuvor am ?03.?06.?2013 um 18:54:22 unerwartet heruntergefahren. Error: (06/02/2013 05:33:36 PM) (Source: DCOM) (User: Rudi) Description: {9BA05972-F6A8-11CF-A442-00A0C90A8F39} Error: (06/02/2013 05:33:36 PM) (Source: DCOM) (User: Rudi) Description: {9BA05972-F6A8-11CF-A442-00A0C90A8F39} Error: (05/26/2013 08:20:21 PM) (Source: DCOM) (User: Rudi) Description: {ED1D0FDF-4414-470A-A56D-CFB68623FC58} Microsoft Office Sessions: ========================= Error: (06/18/2013 05:01:18 PM) (Source: Bonjour Service)(User: ) Description: Task Scheduling Error: m->NextScheduledSPRetry 1187 Error: (06/18/2013 05:01:18 PM) (Source: Bonjour Service)(User: ) Description: Task Scheduling Error: m->NextScheduledEvent 1187 Error: (06/18/2013 05:01:18 PM) (Source: Bonjour Service)(User: ) Description: Task Scheduling Error: Continuously busy for more than a second Error: (06/18/2013 03:40:46 PM) (Source: System Restore)(User: ) Description: C:\Windows\system32\srtasks.exe ExecuteScheduledSPPCreationGeplanter Prüfpunkt0x80070422 Error: (06/17/2013 10:24:57 PM) (Source: Application Error)(User: ) Description: TrojanHunter.exe5.5.0.10022a425e19TrojanHunter.exe5.5.0.10022a425e19c00000050004bb42195c01ce6b92d1db9cafC:\Program Files (x86)\TrojanHunter 5.5\TrojanHunter.exeC:\Program Files (x86)\TrojanHunter 5.5\TrojanHunter.exef9b53ff3-d78b-11e2-bfa7-689423c66d06 Error: (06/17/2013 07:11:07 PM) (Source: System Restore)(User: ) Description: C:\Windows\winsxs\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_6.2.9200.16455_none_624a7aa150f57306\TiWorker.exe -EmbeddingWindows Modules Installer0x80070422 Error: (06/17/2013 07:11:07 PM) (Source: System Restore)(User: ) Description: C:\Windows\system32\svchost.exe -k netsvcsWindows Update0x80070422 Error: (06/16/2013 09:08:51 PM) (Source: Bonjour Service)(User: ) Description: ERROR: handle_resolve_request bad interfaceIndex 24 Error: (06/16/2013 09:08:51 PM) (Source: Bonjour Service)(User: ) Description: ERROR: handle_resolve_request bad interfaceIndex 23 Error: (06/16/2013 09:08:51 PM) (Source: Bonjour Service)(User: ) Description: ERROR: handle_resolve_request bad interfaceIndex 22 ==================== Memory info =========================== Percentage of memory in use: 26% Total physical RAM: 8007.27 MB Available physical RAM: 5903.77 MB Total Pagefile: 9223.27 MB Available Pagefile: 7134.33 MB Total Virtual: 8192 MB Available Virtual: 8191.76 MB ==================== Drives ================================ Drive c: (Acer) (Fixed) (Total:97.09 GB) (Free:13.49 GB) NTFS (Disk=0 Partition=4) Drive e: (Arbeit) (Fixed) (Total:122.07 GB) (Free:46.66 GB) NTFS ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (Size: 238 GB) (Disk ID: 769CDBA7) Partition: GPT Partition Type ==================== End Of Log ============================ |
20.06.2013, 08:05 | #6 | |
/// the machine /// TB-Ausbilder | inkasso mail mit anhang geöfnetZitat:
__________________ --> inkasso mail mit anhang geöfnet |
20.06.2013, 19:30 | #7 |
| inkasso mail mit anhang geöfnet hallo , Quicken hab ich auf rechner , was mir aber nix sagt ist : C:\Windows\Installer\{A907A713-DA24-4352-8786-96C7A6944646}\BillMinder.8C5DA79E_7079_4AB3_81F7_712153351D0D.exe (Macrovision Corporation) gruß rudi |
21.06.2013, 07:40 | #8 |
/// the machine /// TB-Ausbilder | inkasso mail mit anhang geöfnet Das gehört aber zusammen, lass die letzte Datei mal bitte bei virustotal scannen und poste den Link zum Ergebnis.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
23.06.2013, 12:29 | #9 |
| inkasso mail mit anhang geöfnet hallo ich hab bei mir auf rechner datei gefunden mit namen : BillMinder.8C5DA79E_7079_4AB3_81F7_712153351D0D laut der ziffernfolge müsste das die letzte datei sein die du meinst, laut virustotal ist datei ok. kann ich jetzt davon ausgehen das mein rechner ok ist und ich wieder online banking machen kann ? https://www.virustotal.com/de/file/b79b69a99bc054137fe04e2043db1e31c17c53c107732419bccd83fbbd4abab3/analysis/1371986715/ schönen sonntag noch und vielen dank für die mühe. |
23.06.2013, 16:18 | #10 |
/// the machine /// TB-Ausbilder | inkasso mail mit anhang geöfnet Nicht so schnell, wir haben doch erst angefangen Downloade Dir bitte AdwCleaner auf deinen Desktop.
Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
und ein frisches FRST Log bitte.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
23.06.2013, 17:24 | #11 |
| inkasso mail mit anhang geöfnet guten abend, Code:
ATTFilter # AdwCleaner v2.303 - Datei am 23/06/2013 um 17:59:54 erstellt # Aktualisiert am 08/06/2013 von Xplode # Betriebssystem : Windows 8 (64 bits) # Benutzer : Ich - RUDI # Bootmodus : Normal # Ausgeführt unter : E:\adwcleaner.exe # Option [Suche] **** [Dienste] **** Gefunden : WebCake Desktop Updater ***** [Dateien / Ordner] ***** Datei Gefunden : C:\Users\Ich\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\iLivid.lnk Datei Gefunden : C:\Users\Ich\Desktop\Optimizer Pro.lnk Ordner Gefunden : C:\Program Files (x86)\Optimizer Pro Ordner Gefunden : C:\Program Files (x86)\WebCake Ordner Gefunden : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Optimizer Pro Ordner Gefunden : C:\ProgramData\Tarma Installer Ordner Gefunden : C:\Users\Ich\AppData\Local\Ilivid Ordner Gefunden : C:\Users\Ich\AppData\Roaming\Mozilla\Firefox\Profiles\wjhxw3dr.default\extensions\plugin@getwebcake.com Ordner Gefunden : C:\Users\Ich\AppData\Roaming\Optimizer Pro Ordner Gefunden : C:\Users\Ich\AppData\Roaming\WebCake ***** [Registrierungsdatenbank] ***** Schlüssel Gefunden : HKCU\Software\ilivid Schlüssel Gefunden : HKCU\Software\Optimizer Pro Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\{7169BBB3-3289-4696-B35D-4A88BCF6FB12} Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\WebCakeIEClient.DLL Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Applications\ilividsetup.exe Schlüssel Gefunden : HKLM\SOFTWARE\Classes\TypeLib\{EFDF368C-8DD9-4E05-87CD-16AA5CB03CB8} Schlüssel Gefunden : HKLM\SOFTWARE\Classes\WebCakeIEClient.Api Schlüssel Gefunden : HKLM\SOFTWARE\Classes\WebCakeIEClient.Api.1 Schlüssel Gefunden : HKLM\SOFTWARE\Classes\WebCakeIEClient.Layers Schlüssel Gefunden : HKLM\SOFTWARE\Classes\WebCakeIEClient.Layers.1 Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Tracing\WebCakeDesktop_RASAPI32 Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Tracing\WebCakeDesktop_RASMANCS Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{AF6B0594-6008-4327-93E5-608AD710A6FA} Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{2A5A2A90-3B30-4E6E-A955-2F232C6EF517} Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{AF6B0594-6008-4327-93E5-608AD710A6FA} Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{DF84E609-C3A4-49CB-A160-61767DAF8899} Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{DF84E609-C3A4-49CB-A160-61767DAF8899} Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\fjoijdanhaiflhibkljeklcghcmmfffh Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2A5A2A90-3B30-4E6E-A955-2F232C6EF517} Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\ilivid Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Optimizer Pro_is1 Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{DF84E609-C3A4-49CB-A160-61767DAF8899} Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{C4ED781C-7394-4906-AAFF-D6AB64FF7C38} Schlüssel Gefunden : HKLM\SOFTWARE\Tarma Installer Wert Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [Optimizer Pro] Wert Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [WebCake Desktop] ***** [Internet Browser] ***** -\\ Internet Explorer v10.0.9200.16537 [OK] Die Registrierungsdatenbank ist sauber. -\\ Mozilla Firefox v21.0 (de) Datei : C:\Users\Ich\AppData\Roaming\Mozilla\Firefox\Profiles\wjhxw3dr.default\prefs.js [OK] Die Datei ist sauber. ************************* AdwCleaner[R1].txt - [3789 octets] - [23/06/2013 17:59:26] AdwCleaner[R2].txt - [3726 octets] - [23/06/2013 17:59:54] ########## EOF - C:\AdwCleaner[R2].txt - [3786 octets] ########## Code:
ATTFilter ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Junkware Removal Tool (JRT) by Thisisu Version: 4.9.4 (05.06.2013:1) OS: Windows 8 x64 Ran by Ich on 23.06.2013 at 18:21:05,08 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~ Services ~~~ Registry Values ~~~ Registry Keys Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\ilivid Failed to delete: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\applications\ilividsetup.exe ~~~ Files Successfully deleted: [File] "C:\Users\Ich\AppData\Roaming\microsoft\windows\start menu\programs\ilivid.lnk" ~~~ Folders Failed to delete: [Folder] "C:\ProgramData\tarma installer" Failed to delete: [Folder] "C:\Users\Ich\appdata\local\ilivid" Failed to delete: [Folder] "C:\Program Files (x86)\optimizer pro" ~~~ FireFox Successfully deleted: [File] C:\Users\Ich\AppData\Roaming\mozilla\firefox\profiles\wjhxw3dr.default\user.js Emptied folder: C:\Users\Ich\AppData\Roaming\mozilla\firefox\profiles\wjhxw3dr.default\minidumps [64 files] ~~~ Event Viewer Logs were cleared ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Scan was completed on 23.06.2013 at 18:22:44,73 End of JRT log ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ FRST Logfile: FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 19-06-2013 Ran by Ich (administrator) on 23-06-2013 18:26:04 Running from C:\Users\Ich\Desktop Windows 8 (X64) OS Language: German Standard Internet Explorer Version 10 Boot Mode: Normal ==================== Processes (Whitelisted) ================= (NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe (NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Qualcomm Atheros Commnucations) C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\adminservice.exe (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe (Broadcom Corp.) C:\Program Files\Broadcom\MemoryCard\BrcmCardReader.exe (Acer Incorporated) C:\Program Files (x86)\Acer\Acer Cloud\CCDMonitorService.exe (Dritek System Inc.) C:\Program Files (x86)\Launch Manager\dsiwmis.exe (ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDService.exe (Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe (Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LMutilps32.exe (ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe (Microsoft Corporation) C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe (NTI Corporation) C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe (Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe (Dritek System INC.) C:\Windows\RfBtnSvc64.exe (Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LManager.exe (Microsoft Corporation) C:\Windows\system32\dashost.exe (Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16.4.4406.1205_x64__8wekyb3d8bbwe\LiveComm.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe (ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe (Dritek System Inc.) C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe (Intel Corporation) C:\Windows\system32\igfxext.exe (Atheros Communications) C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\BtvStack.exe () C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\ActivateDesktop.exe (Intel Corporation) C:\Windows\System32\igfxtray.exe (Intel Corporation) C:\Windows\System32\hkcmd.exe (Intel Corporation) C:\Windows\System32\igfxpers.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (NTI Corporation) C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe (Dolby Laboratories Inc.) C:\Dolby PCEE4\pcee4.exe (Logitech Inc.) C:\Program Files (x86)\Squeezebox\SqueezeTray.exe (Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe (Haufe-Lexware GmbH & Co. KG) C:\Program Files (x86)\Common Files\Lexware\Update Manager\LxUpdateManager.exe (Logitech Inc.) C:\PROGRA~2\SQUEEZ~1\server\SQUEEZ~3.EXE (Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe (Mischel Internet Security) C:\Program Files (x86)\TrojanHunter 5.5\THGuard.exe (Acer Incorporated) C:\Program Files\Acer\Acer Power Management\ePowerTray.exe (Acer Incorporated) C:\Program Files\Acer\Acer Power Management\ePowerSvc.exe (Intel Corporation) C:\Windows\system32\igfxsrvc.exe (Acer Incorporated) C:\Program Files\Acer\Acer Power Management\ePowerEvent.exe (CyberLink) C:\Program Files (x86)\CyberLink\MediaEspresso\DeviceDetector\DeviceDetector.exe () C:\Program Files\Acer\Acer Instant Service\InstantUpdate\iuEmailOutlookAgent.exe () C:\Program Files\Acer\Acer Instant Service\InstantUpdate\iuBrowserIEAgent.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Haufe-Lexware GmbH & Co. KG) C:\Program Files (x86)\Common Files\Lexware\LxWebAccess\LxWebAccess.exe (Egis Technology Inc.) C:\Program Files\EgisTec IPS\PMMUpdate.exe (Egis Technology Inc.) C:\Program Files\EgisTec IPS\EgisUpdate.exe (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe (Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe ==================== Registry (Whitelisted) ================== HKLM\...\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s [12503184 2012-06-11] (Realtek Semiconductor) HKLM\...\Run: [RtHDVBg_Dolby] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe /FORPCEE4 [1212048 2012-06-07] (Realtek Semiconductor) HKLM\...\Run: [BtPreLoad] "C:\Program Files (x86)\Bluetooth Suite\BtPreLoad.exe" [x] HKLM\...\Run: [Logitech Download Assistant] C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch [3933496 2012-09-20] (Logitech, Inc.) HKLM\...\Policies\Explorer\Run: [BtvStack] C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\BtvStack.exe [132736 2013-01-28] ( (Atheros Communications)) HKCU\...\Run: [EADM] "C:\Program Files (x86)\Origin\Origin.exe" -AutoStart [3456080 2013-06-04] (Electronic Arts) HKCU\...\Run: [Sony PC Companion] "C:\Program Files (x86)\Sony Ericsson\Sony Ericsson PC Companion\PCCompanion.exe" /Background [x] MountPoints2: {0554b607-b30c-11e2-bf48-b888e3b3844c} - "F:\LaunchU3.exe" -a MountPoints2: {fa3afa14-989e-11e2-bef4-b888e3b3844c} - "F:\Startme.exe" HKLM-x32\...\Run: [LManager] [x] HKLM-x32\...\Run: [Dolby Home Theater v4] "C:\Dolby PCEE4\pcee4.exe" -autostart [508256 2012-04-23] (Dolby Laboratories Inc.) HKLM-x32\...\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59720 2013-01-28] (Apple Inc.) HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [958576 2013-04-04] (Adobe Systems Incorporated) HKLM-x32\...\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" [152392 2013-02-20] (Apple Inc.) HKLM-x32\...\Run: [LexwareInfoService] C:\Program Files (x86)\Common Files\Lexware\Update Manager\LxUpdateManager.exe /autostart [189808 2011-07-31] (Haufe-Lexware GmbH & Co. KG) HKLM-x32\...\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [253816 2013-03-12] (Oracle Corporation) HKU\Default\...\RunOnce: [RegAutoPlay] C:\Program Files (x86)\Acer\clear.fi Media\RegAutoplay.exe /r [1845392 2012-08-21] (Acer Incorporated) HKU\Default User\...\RunOnce: [RegAutoPlay] C:\Program Files (x86)\Acer\clear.fi Media\RegAutoplay.exe /r [1845392 2012-08-21] (Acer Incorporated) AppInit_DLLs: C:\Windows\system32\nvinitx.dll [247144 2012-10-11] (NVIDIA Corporation) Startup: C:\ProgramData\Start Menu\Programs\Startup\Acer Backup Manager Tray.lnk ShortcutTarget: Acer Backup Manager Tray.lnk -> C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe (NTI Corporation) Startup: C:\ProgramData\Start Menu\Programs\Startup\Logitech Media Server-Taskleisten-Tool.lnk ShortcutTarget: Logitech Media Server-Taskleisten-Tool.lnk -> C:\Program Files (x86)\Squeezebox\SqueezeTray.exe (Logitech Inc.) Startup: C:\ProgramData\Start Menu\Programs\Startup\Quicken 2014 Zahlungserinnerung.lnk ShortcutTarget: Quicken 2014 Zahlungserinnerung.lnk -> C:\Windows\Installer\{E60036CF-1E46-4DFE-832F-5476574B30FF}\BillMinder.8C5DA79E_7079_4AB3_81F7_712153351D0D.exe (Macrovision Corporation) Startup: C:\ProgramData\Start Menu\Programs\Startup\Quicken Jubiläumsversion Zahlungserinnerung.lnk ShortcutTarget: Quicken Jubiläumsversion Zahlungserinnerung.lnk -> C:\Windows\Installer\{A907A713-DA24-4352-8786-96C7A6944646}\BillMinder.8C5DA79E_7079_4AB3_81F7_712153351D0D.exe (Macrovision Corporation) ==================== Internet (Whitelisted) ==================== HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://t-online.de/ HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://acer13.msn.com HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com HKCU SearchScopes: DefaultScope {46F3D5CC-0151-489C-8DFB-EB32C0888D07} URL = SearchScopes: HKCU - {46F3D5CC-0151-489C-8DFB-EB32C0888D07} URL = BHO: Lync Browser Helper - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation) BHO: CIESpeechBHO Class - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\IEPlugIn.dll (Qualcomm Atheros Commnucations) BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation) BHO: Microsoft SkyDrive Pro Browser Helper - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation) BHO-x32: Lync Browser Helper - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\Office15\OCHelper.dll (Microsoft Corporation) BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\Office15\URLREDIR.DLL (Microsoft Corporation) BHO-x32: Microsoft SkyDrive Pro Browser Helper - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL (Microsoft Corporation) BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL (Microsoft Corporation) Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies) Tcpip\Parameters: [DhcpNameServer] 192.168.2.1 FireFox: ======== FF ProfilePath: C:\Users\Ich\AppData\Roaming\Mozilla\Firefox\Profiles\wjhxw3dr.default FF Homepage: t-online.de FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_7_700_224.dll () FF Plugin: @videolan.org/vlc,version=2.0.5 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN) FF Plugin: @videolan.org/vlc,version=2.0.6 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN) FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll () FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 - C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.) FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation) FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation) FF Plugin-x32: @java.com/DTPlugin,version=10.25.2 - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=10.25.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin-x32: @microsoft.com/Lync,version=15.0 - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll (Microsoft Corporation) FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files (x86)\Microsoft Silverlight\4.0.51204.0\npctrl.dll ( Microsoft Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation) FF Plugin-x32: @SonyCreativeSoftware.com/Media Go,version=1.0 - C:\Program Files (x86)\Sony\Media Go\npmediago.dll (Sony Network Entertainment International LLC) FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) ==================== Services (Whitelisted) ================= R2 AtherosSvc; C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\adminservice.exe [227456 2013-01-28] (Qualcomm Atheros Commnucations) R2 BrcmCardReader; C:\Program Files\Broadcom\MemoryCard\BrcmCardReader.exe [176640 2012-08-20] (Broadcom Corp.) R2 CCDMonitorService; C:\Program Files (x86)\Acer\Acer Cloud\CCDMonitorService.exe [2435728 2012-08-23] (Acer Incorporated) S2 CLKMSVC10_96E434EB; C:\Program Files (x86)\Acer\clear.fi SDK21\Movie\NavFilter\kmsvc.exe [243728 2012-07-24] (CyberLink) S3 DeviceFastLaneService; C:\Program Files\Acer\Acer Device Fast-lane\DeviceFastLaneSvc.exe [468624 2012-08-23] (Acer Incorporated) R3 ePowerSvc; C:\Program Files\Acer\Acer Power Management\ePowerSvc.exe [658576 2012-08-22] (Acer Incorporated) R2 ETDService; C:\Program Files\Elantech\ETDService.exe [85904 2012-09-05] (ELAN Microelectronics Corp.) R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [165760 2012-07-18] (Intel Corporation) R2 NTI IScheduleSvc; C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe [259136 2012-11-02] (NTI Corporation) R2 OfficeSvc; C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe [1900728 2013-06-06] (Microsoft Corporation) R2 RfButtonDriverService; C:\Windows\RfBtnSvc64.exe [93296 2012-12-30] (Dritek System INC.) R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [14920 2013-01-29] (Microsoft Corporation) ==================== Drivers (Whitelisted) ==================== S3 BCM43XX; C:\Windows\system32\DRIVERS\bcmwl63a.sys [5139968 2012-06-02] (Broadcom Corporation) R3 BTATH_LWFLT; C:\Windows\system32\DRIVERS\btath_lwflt.sys [77464 2013-01-28] (Qualcomm Atheros) R3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [202752 2012-07-26] (Microsoft Corporation) R3 Ps2Kb2Hid; C:\Windows\System32\drivers\aPs2Kb2Hid.sys [26736 2012-12-30] (Dritek System Inc.) R1 UimBus; C:\Windows\System32\drivers\uimx64.sys [90960 2012-12-13] (Windows (R) 2000 DDK provider) R1 Uim_IM; C:\Windows\System32\Drivers\Uim_IMx64.sys [633680 2012-12-13] (Paragon) R1 Uim_VIM; C:\Windows\System32\Drivers\uim_vimx64.sys [390352 2012-12-13] (Paragon) R3 xusb22; C:\Windows\System32\drivers\xusb22.sys [89088 2012-07-26] (Microsoft Corporation) ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2013-06-23 18:22 - 2013-06-23 18:22 - 00001328 ____A C:\Users\Ich\Desktop\JRT.txt 2013-06-23 18:21 - 2013-06-23 18:21 - 00000000 ____D C:\Windows\ERUNT 2013-06-23 18:20 - 2013-06-23 18:20 - 00000000 ____D C:\JRT 2013-06-23 18:09 - 2013-06-23 18:09 - 00000000 ____D C:\Program Files (x86)\7-Zip 2013-06-23 18:00 - 2013-06-23 18:00 - 00003909 ____A C:\AdwCleaner[R3].txt 2013-06-23 18:00 - 2013-06-23 18:00 - 00003849 ____A C:\Users\Ich\Desktop\AdwCleaner[R2].txt 2013-06-23 17:59 - 2013-06-23 17:59 - 00003849 ____A C:\AdwCleaner[R2].txt 2013-06-23 17:59 - 2013-06-23 17:59 - 00003789 ____A C:\AdwCleaner[R1].txt 2013-06-23 17:57 - 2013-06-23 18:04 - 00000000 ____D C:\Program Files (x86)\Optimizer Pro 2013-06-22 16:35 - 2013-06-22 16:41 - 00000000 ____D C:\Users\Ich\Desktop\sabse 2013-06-21 17:44 - 2013-06-21 17:44 - 00002011 ____A C:\Users\Ich\Desktop\VirusTotal Uploader 2.0.lnk 2013-06-21 17:44 - 2013-06-21 17:44 - 00000000 ____D C:\Program Files (x86)\VirusTotalUploader2 2013-06-19 21:41 - 2013-06-19 21:41 - 00004944 ____A C:\Windows\SysWOW64\jupdate-1.7.0_25-b16.log 2013-06-19 21:41 - 2013-06-12 21:43 - 00263592 ____A (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe 2013-06-19 19:39 - 2013-06-19 19:39 - 00000000 ____D C:\FRST 2013-06-19 19:39 - 2013-06-19 19:38 - 01928350 ____A (Farbar) C:\Users\Ich\Desktop\FRST64.exe 2013-06-18 15:21 - 2013-06-18 15:21 - 00000000 ____D C:\ProgramData\Simply Super Software 2013-06-18 15:20 - 2013-06-18 15:20 - 00431720 ____A C:\Windows\System32\FNTCACHE.DAT 2013-06-17 21:24 - 2013-06-17 21:24 - 00000000 ____D C:\Users\Ich\AppData\Roaming\TrojanHunter 2013-06-17 20:37 - 2013-06-23 18:04 - 00000000 ____D C:\Program Files (x86)\TrojanHunter 5.5 2013-06-17 20:37 - 2013-06-17 20:37 - 00059392 ____R C:\Windows\SysWOW64\streamhlp.dll 2013-06-17 18:50 - 2013-05-31 01:24 - 01257472 ____A (Microsoft Corporation) C:\Windows\System32\kernel32.dll 2013-06-17 18:50 - 2013-05-31 01:08 - 00974848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll 2013-06-17 17:44 - 2013-05-24 01:01 - 01300992 ____A (Microsoft Corporation) C:\Windows\System32\gdi32.dll 2013-06-17 17:44 - 2013-05-24 00:27 - 01022464 ____A (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll 2013-06-16 13:44 - 2013-05-15 04:25 - 00888320 ____A (Microsoft Corporation) C:\Windows\System32\autochk.exe 2013-06-16 13:44 - 2013-05-15 04:25 - 00542208 ____A (Microsoft Corporation) C:\Windows\System32\untfs.dll 2013-06-16 13:44 - 2013-05-15 04:24 - 00793088 ____A (Microsoft Corporation) C:\Windows\SysWOW64\autochk.exe 2013-06-16 13:44 - 2013-05-15 04:24 - 00482816 ____A (Microsoft Corporation) C:\Windows\SysWOW64\untfs.dll 2013-06-16 12:16 - 2013-05-04 09:58 - 00120736 ____A (Microsoft Corporation) C:\Windows\System32\AuthHost.exe 2013-06-16 12:16 - 2013-05-04 09:34 - 00446720 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\USBHUB3.SYS 2013-06-16 12:16 - 2013-05-04 09:34 - 00284416 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\spaceport.sys 2013-06-16 12:16 - 2013-05-04 09:34 - 00213248 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\UCX01000.SYS 2013-06-16 12:16 - 2013-05-04 09:30 - 00058312 ____A (Microsoft Corporation) C:\Windows\System32\wuauclt.exe 2013-06-16 12:16 - 2013-05-04 08:59 - 13644288 ____A (Microsoft Corporation) C:\Windows\System32\Windows.UI.Xaml.dll 2013-06-16 12:16 - 2013-05-04 08:59 - 03241472 ____A (Microsoft Corporation) C:\Windows\System32\wuaueng.dll 2013-06-16 12:16 - 2013-05-04 08:59 - 01619968 ____A (Microsoft Corporation) C:\Windows\System32\wucltux.dll 2013-06-16 12:16 - 2013-05-04 08:59 - 01483776 ____A (Microsoft Corporation) C:\Windows\System32\VSSVC.exe 2013-06-16 12:16 - 2013-05-04 08:59 - 00812544 ____A (Microsoft Corporation) C:\Windows\System32\Magnify.exe 2013-06-16 12:16 - 2013-05-04 08:59 - 00760320 ____A (Microsoft Corporation) C:\Windows\System32\wuapi.dll 2013-06-16 12:16 - 2013-05-04 08:59 - 00251904 ____A (Microsoft Corporation) C:\Windows\System32\WUSettingsProvider.dll 2013-06-16 12:16 - 2013-05-04 08:59 - 00141824 ____A (Microsoft Corporation) C:\Windows\System32\wuwebv.dll 2013-06-16 12:16 - 2013-05-04 08:59 - 00098304 ____A (Microsoft Corporation) C:\Windows\System32\wudriver.dll 2013-06-16 12:16 - 2013-05-04 08:59 - 00039424 ____A (Microsoft Corporation) C:\Windows\System32\wuapp.exe 2013-06-16 12:16 - 2013-05-04 08:58 - 10116096 ____A (Microsoft Corporation) C:\Windows\System32\twinui.dll 2013-06-16 12:16 - 2013-05-04 08:58 - 01332736 ____A (Microsoft Corporation) C:\Windows\System32\sysmain.dll 2013-06-16 12:16 - 2013-05-04 08:58 - 00470528 ____A (Microsoft Corporation) C:\Windows\System32\netprofmsvc.dll 2013-06-16 12:16 - 2013-05-04 08:58 - 00330240 ____A (Microsoft Corporation) C:\Windows\System32\stobject.dll 2013-06-16 12:16 - 2013-05-04 08:58 - 00328192 ____A (Microsoft Corporation) C:\Windows\System32\ubpm.dll 2013-06-16 12:16 - 2013-05-04 08:58 - 00173568 ____A (Microsoft Corporation) C:\Windows\System32\storewuauth.dll 2013-06-16 12:16 - 2013-05-04 08:58 - 00169984 ____A (Microsoft Corporation) C:\Windows\System32\netplwiz.dll 2013-06-16 12:16 - 2013-05-04 08:58 - 00151552 ____A (Microsoft Corporation) C:\Windows\System32\netprofm.dll 2013-06-16 12:16 - 2013-05-04 08:58 - 00093696 ____A (Microsoft Corporation) C:\Windows\System32\psmsrv.dll 2013-06-16 12:16 - 2013-05-04 08:57 - 02305024 ____A (Microsoft Corporation) C:\Windows\System32\authui.dll 2013-06-16 12:16 - 2013-05-04 08:57 - 01131520 ____A (Microsoft Corporation) C:\Windows\System32\AppXDeploymentServer.dll 2013-06-16 12:16 - 2013-05-04 08:57 - 00708096 ____A (Microsoft Corporation) C:\Windows\System32\AppXDeploymentExtensions.dll 2013-06-16 12:16 - 2013-05-04 08:57 - 00560640 ____A (Microsoft Corporation) C:\Windows\System32\mfmp4srcsnk.dll 2013-06-16 12:16 - 2013-05-04 08:57 - 00501760 ____A (Microsoft Corporation) C:\Windows\System32\DevicePairing.dll 2013-06-16 12:16 - 2013-05-04 08:57 - 00389120 ____A (Microsoft Corporation) C:\Windows\System32\BCP47Langs.dll 2013-06-16 12:16 - 2013-05-04 08:57 - 00179712 ____A (Microsoft Corporation) C:\Windows\System32\bisrv.dll 2013-06-16 12:16 - 2013-05-04 08:57 - 00122368 ____A (Microsoft Corporation) C:\Windows\System32\biwinrt.dll 2013-06-16 12:16 - 2013-05-04 08:57 - 00017408 ____A (Microsoft Corporation) C:\Windows\System32\muifontsetup.dll 2013-06-16 12:16 - 2013-05-04 08:56 - 00419840 ____A (Microsoft Corporation) C:\Windows\System32\intl.cpl 2013-06-16 12:16 - 2013-05-04 06:58 - 00758784 ____A (Microsoft Corporation) C:\Windows\SysWOW64\Magnify.exe 2013-06-16 12:16 - 2013-05-04 06:58 - 00621056 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll 2013-06-16 12:16 - 2013-05-04 06:58 - 00125952 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll 2013-06-16 12:16 - 2013-05-04 06:58 - 00083968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll 2013-06-16 12:16 - 2013-05-04 06:58 - 00034304 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe 2013-06-16 12:16 - 2013-05-04 06:57 - 10788864 ____A (Microsoft Corporation) C:\Windows\SysWOW64\Windows.UI.Xaml.dll 2013-06-16 12:16 - 2013-05-04 06:57 - 08857088 ____A (Microsoft Corporation) C:\Windows\SysWOW64\twinui.dll 2013-06-16 12:16 - 2013-05-04 06:57 - 00303616 ____A (Microsoft Corporation) C:\Windows\SysWOW64\stobject.dll 2013-06-16 12:16 - 2013-05-04 06:57 - 00247296 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ubpm.dll 2013-06-16 12:16 - 2013-05-04 06:57 - 00151040 ____A (Microsoft Corporation) C:\Windows\SysWOW64\netplwiz.dll 2013-06-16 12:16 - 2013-05-04 06:57 - 00115712 ____A (Microsoft Corporation) C:\Windows\SysWOW64\netprofm.dll 2013-06-16 12:16 - 2013-05-04 06:57 - 00018432 ____A (Microsoft Corporation) C:\Windows\SysWOW64\npmproxy.dll 2013-06-16 12:16 - 2013-05-04 06:57 - 00014336 ____A (Microsoft Corporation) C:\Windows\SysWOW64\muifontsetup.dll 2013-06-16 12:16 - 2013-05-04 06:56 - 02035712 ____A (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll 2013-06-16 12:16 - 2013-05-04 06:56 - 00449536 ____A (Microsoft Corporation) C:\Windows\SysWOW64\DevicePairing.dll 2013-06-16 12:16 - 2013-05-04 06:56 - 00411136 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mfmp4srcsnk.dll 2013-06-16 12:16 - 2013-05-04 06:56 - 00309760 ____A (Microsoft Corporation) C:\Windows\SysWOW64\BCP47Langs.dll 2013-06-16 12:16 - 2013-05-04 06:56 - 00092160 ____A (Microsoft Corporation) C:\Windows\SysWOW64\biwinrt.dll 2013-06-16 12:16 - 2013-05-04 06:55 - 00389632 ____A (Microsoft Corporation) C:\Windows\SysWOW64\intl.cpl 2013-06-16 12:16 - 2013-05-04 06:51 - 00014848 ____A (Microsoft) C:\Windows\System32\rars.rs 2013-06-16 12:16 - 2013-05-04 06:48 - 00083968 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\hidclass.sys 2013-06-16 12:16 - 2013-05-04 06:48 - 00027648 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\hidusb.sys 2013-06-16 12:16 - 2013-05-04 06:47 - 00427520 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\rdbss.sys 2013-06-16 12:16 - 2013-05-04 06:10 - 00014848 ____A (Microsoft) C:\Windows\SysWOW64\rars.rs 2013-06-16 12:16 - 2013-05-03 00:04 - 00386646 ____A C:\Windows\System32\ApnDatabase.xml 2013-06-12 23:38 - 2013-05-16 00:37 - 00044032 ____A (Microsoft Corporation) C:\Windows\SysWOW64\UXInit.dll 2013-06-12 23:38 - 2013-05-16 00:36 - 14320640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2013-06-12 23:38 - 2013-05-16 00:35 - 19230720 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll 2013-06-12 23:38 - 2013-05-16 00:35 - 00053760 ____A (Microsoft Corporation) C:\Windows\System32\UXInit.dll 2013-06-12 23:38 - 2013-05-14 15:14 - 02706432 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb 2013-06-12 23:38 - 2013-05-14 11:23 - 02706432 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb 2013-06-12 23:38 - 2013-05-04 09:45 - 02233600 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tcpip.sys 2013-06-12 23:38 - 2013-04-29 00:30 - 13760512 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2013-06-12 23:38 - 2013-04-29 00:30 - 02877440 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll 2013-06-12 23:38 - 2013-04-29 00:30 - 02046976 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2013-06-12 23:38 - 2013-04-29 00:30 - 01767936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2013-06-12 23:38 - 2013-04-29 00:30 - 01141248 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2013-06-12 23:38 - 2013-04-29 00:30 - 00690688 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll 2013-06-12 23:38 - 2013-04-29 00:30 - 00493056 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll 2013-06-12 23:38 - 2013-04-29 00:28 - 03958784 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll 2013-06-12 23:38 - 2013-04-29 00:28 - 02241024 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll 2013-06-12 23:38 - 2013-04-29 00:28 - 01365504 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll 2013-06-12 23:38 - 2013-04-29 00:28 - 00915968 ____A (Microsoft Corporation) C:\Windows\System32\uxtheme.dll 2013-06-12 23:38 - 2013-04-29 00:28 - 00603136 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll 2013-06-12 23:38 - 2013-04-29 00:28 - 00051712 ____A (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe 2013-06-12 23:38 - 2013-04-29 00:27 - 15404544 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll 2013-06-12 23:38 - 2013-04-29 00:27 - 02647552 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll 2013-06-12 23:38 - 2013-04-29 00:27 - 00855552 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll 2013-06-12 23:38 - 2013-04-27 07:20 - 00733184 ____A (Microsoft Corporation) C:\Windows\System32\win32spl.dll 2013-06-12 23:38 - 2013-04-24 01:13 - 01013248 ____A (Microsoft Corporation) C:\Windows\SysWOW64\certutil.exe 2013-06-12 23:38 - 2013-04-24 01:12 - 01569792 ____A (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll 2013-06-12 23:38 - 2013-04-24 01:12 - 00109056 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll 2013-06-12 23:38 - 2013-04-24 00:56 - 01255936 ____A (Microsoft Corporation) C:\Windows\System32\certutil.exe 2013-06-12 23:38 - 2013-04-24 00:55 - 01889280 ____A (Microsoft Corporation) C:\Windows\System32\crypt32.dll 2013-06-12 23:38 - 2013-04-24 00:55 - 00141312 ____A (Microsoft Corporation) C:\Windows\System32\cryptnet.dll 2013-06-12 23:38 - 2013-04-24 00:55 - 00068096 ____A (Microsoft Corporation) C:\Windows\System32\cryptsvc.dll 2013-06-12 23:38 - 2013-04-03 01:37 - 00025088 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptdlg.dll 2013-06-12 23:38 - 2013-04-03 01:12 - 00030720 ____A (Microsoft Corporation) C:\Windows\System32\cryptdlg.dll 2013-06-02 16:47 - 2013-06-02 16:47 - 00000000 ____D C:\Users\Ich\AppData\Local\SniperV2 2013-06-02 16:47 - 2013-06-02 16:47 - 00000000 ____D C:\Users\Ich\AppData\Local\SKIDROW 2013-06-02 16:25 - 2013-06-02 16:25 - 00000000 ____D C:\ProgramData\Steam 2013-06-02 16:25 - 2013-06-02 16:25 - 00000000 ____D C:\ProgramData\Codemasters 2013-06-02 12:38 - 2013-06-02 12:38 - 00910330 ____A C:\Users\Ich\Desktop\1.Juni.2013.ZIP 2013-06-02 11:22 - 2013-06-02 11:22 - 00002908 ____A C:\Users\Public\Desktop\Quicken 2014.lnk 2013-05-27 19:12 - 2013-05-27 19:12 - 00000000 ____D C:\Users\Ich\AppData\Local\Franzis 2013-05-27 19:06 - 2013-05-27 19:06 - 00001113 ____A C:\Users\Public\Desktop\3D-Eisenbahnplaner 12.lnk 2013-05-27 19:06 - 2013-05-27 19:06 - 00000000 ____D C:\Users\Ich\Documents\Franzis 2013-05-27 19:05 - 2013-05-27 19:05 - 00000000 ____D C:\Program Files (x86)\Franzis ==================== One Month Modified Files and Folders ======= 2013-06-23 18:22 - 2013-06-23 18:22 - 00001328 ____A C:\Users\Ich\Desktop\JRT.txt 2013-06-23 18:21 - 2013-06-23 18:21 - 00000000 ____D C:\Windows\ERUNT 2013-06-23 18:21 - 2013-04-02 19:31 - 00000000 ____D C:\Users\Ich\AppData\Local\iLivid 2013-06-23 18:20 - 2013-06-23 18:20 - 00000000 ____D C:\JRT 2013-06-23 18:16 - 2013-01-31 17:59 - 00000884 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job 2013-06-23 18:09 - 2013-06-23 18:09 - 00000000 ____D C:\Program Files (x86)\7-Zip 2013-06-23 18:04 - 2013-06-23 17:57 - 00000000 ____D C:\Program Files (x86)\Optimizer Pro 2013-06-23 18:04 - 2013-06-17 20:37 - 00000000 ____D C:\Program Files (x86)\TrojanHunter 5.5 2013-06-23 18:02 - 2012-07-26 10:12 - 00000000 ____D C:\Windows\System32\sru 2013-06-23 18:00 - 2013-06-23 18:00 - 00003909 ____A C:\AdwCleaner[R3].txt 2013-06-23 18:00 - 2013-06-23 18:00 - 00003849 ____A C:\Users\Ich\Desktop\AdwCleaner[R2].txt 2013-06-23 17:59 - 2013-06-23 17:59 - 00003849 ____A C:\AdwCleaner[R2].txt 2013-06-23 17:59 - 2013-06-23 17:59 - 00003789 ____A C:\AdwCleaner[R1].txt 2013-06-23 16:42 - 2013-01-31 21:20 - 00000000 ____D C:\Users\Ich\AppData\Roaming\vlc 2013-06-23 16:20 - 2012-12-30 11:29 - 00753134 ____A C:\Windows\System32\perfh007.dat 2013-06-23 16:20 - 2012-12-30 11:29 - 00155826 ____A C:\Windows\System32\perfc007.dat 2013-06-23 16:20 - 2012-07-26 09:28 - 01745416 ____A C:\Windows\System32\PerfStringBackup.INI 2013-06-23 16:17 - 2012-07-26 09:22 - 00000006 ___AH C:\Windows\Tasks\SA.DAT 2013-06-23 16:17 - 2012-07-26 07:26 - 00786432 __ASH C:\Windows\System32\config\BBI 2013-06-23 14:54 - 2013-02-01 21:28 - 00000000 ____D C:\Program Files (x86)\Origin 2013-06-22 19:30 - 2013-01-31 16:51 - 01323057 ____A C:\Windows\WindowsUpdate.log 2013-06-22 17:56 - 2012-07-26 10:12 - 00000000 ____D C:\Windows\AUInstallAgent 2013-06-22 16:41 - 2013-06-22 16:35 - 00000000 ____D C:\Users\Ich\Desktop\sabse 2013-06-22 12:12 - 2013-02-01 11:03 - 00000000 ____D C:\Users\Ich\AppData\Local\Deployment 2013-06-21 21:51 - 2013-02-01 21:56 - 00000000 ____D C:\Users\Ich\AppData\Local\CrashDumps 2013-06-21 17:44 - 2013-06-21 17:44 - 00002011 ____A C:\Users\Ich\Desktop\VirusTotal Uploader 2.0.lnk 2013-06-21 17:44 - 2013-06-21 17:44 - 00000000 ____D C:\Program Files (x86)\VirusTotalUploader2 2013-06-19 21:41 - 2013-06-19 21:41 - 00004944 ____A C:\Windows\SysWOW64\jupdate-1.7.0_25-b16.log 2013-06-19 21:41 - 2013-02-01 12:24 - 00000000 ____D C:\Program Files (x86)\Java 2013-06-19 19:39 - 2013-06-19 19:39 - 00000000 ____D C:\FRST 2013-06-19 19:38 - 2013-06-19 19:39 - 01928350 ____A (Farbar) C:\Users\Ich\Desktop\FRST64.exe 2013-06-18 15:21 - 2013-06-18 15:21 - 00000000 ____D C:\ProgramData\Simply Super Software 2013-06-18 15:20 - 2013-06-18 15:20 - 00431720 ____A C:\Windows\System32\FNTCACHE.DAT 2013-06-17 22:13 - 2012-07-26 10:12 - 00000000 ____D C:\Windows\rescache 2013-06-17 21:24 - 2013-06-17 21:24 - 00000000 ____D C:\Users\Ich\AppData\Roaming\TrojanHunter 2013-06-17 21:24 - 2012-07-26 10:12 - 00000000 ___RD C:\Windows\ToastData 2013-06-17 21:24 - 2012-07-26 10:12 - 00000000 ____D C:\Windows\WinStore 2013-06-17 21:24 - 2012-07-26 10:12 - 00000000 ____D C:\Program Files\Windows Photo Viewer 2013-06-17 21:24 - 2012-07-26 10:12 - 00000000 ____D C:\Program Files (x86)\Windows Photo Viewer 2013-06-17 21:24 - 2012-07-26 07:38 - 00000000 ____D C:\Windows\SysWOW64\Dism 2013-06-17 21:24 - 2012-07-26 07:38 - 00000000 ____D C:\Windows\System32\Dism 2013-06-17 20:37 - 2013-06-17 20:37 - 00059392 ____R C:\Windows\SysWOW64\streamhlp.dll 2013-06-15 23:46 - 2013-02-03 20:15 - 00000000 ____D C:\Users\Ich\AppData\Roaming\Skype 2013-06-15 17:47 - 2013-02-03 20:15 - 00000000 ___RD C:\Program Files (x86)\Skype 2013-06-15 17:47 - 2013-02-03 20:15 - 00000000 ____D C:\ProgramData\Skype 2013-06-14 11:56 - 2012-11-02 05:02 - 00045958 ____A C:\Windows\PFRO.log 2013-06-13 23:55 - 2013-04-25 15:17 - 00000000 ____D C:\Program Files\Microsoft Office 15 2013-06-13 12:07 - 2013-02-01 20:28 - 75825640 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe 2013-06-12 21:48 - 2013-02-17 18:05 - 00867240 ____A (Oracle Corporation) C:\Windows\SysWOW64\npDeployJava1.dll 2013-06-12 21:48 - 2013-02-01 12:25 - 00789416 ____A (Oracle Corporation) C:\Windows\SysWOW64\deployJava1.dll 2013-06-12 21:47 - 2013-03-17 12:19 - 00096168 ____A (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll 2013-06-12 21:43 - 2013-06-19 21:41 - 00263592 ____A (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe 2013-06-12 21:43 - 2013-02-01 12:25 - 00175016 ____A (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe 2013-06-12 21:43 - 2013-02-01 12:25 - 00175016 ____A (Oracle Corporation) C:\Windows\SysWOW64\java.exe 2013-06-05 00:09 - 2012-07-26 10:14 - 00693112 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2013-06-05 00:09 - 2012-07-26 10:14 - 00078200 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2013-06-04 15:05 - 2013-02-01 21:29 - 00000000 ____D C:\Users\Ich\AppData\Roaming\Origin 2013-06-04 15:05 - 2013-02-01 21:29 - 00000000 ____D C:\Users\Ich\AppData\Local\Origin 2013-06-02 20:46 - 2012-07-26 09:21 - 00071961 ____A C:\Windows\setupact.log 2013-06-02 19:03 - 2013-01-31 16:51 - 00000000 ____D C:\Users\Ich\AppData\Local\Packages 2013-06-02 16:47 - 2013-06-02 16:47 - 00000000 ____D C:\Users\Ich\AppData\Local\SniperV2 2013-06-02 16:47 - 2013-06-02 16:47 - 00000000 ____D C:\Users\Ich\AppData\Local\SKIDROW 2013-06-02 16:25 - 2013-06-02 16:25 - 00000000 ____D C:\ProgramData\Steam 2013-06-02 16:25 - 2013-06-02 16:25 - 00000000 ____D C:\ProgramData\Codemasters 2013-06-02 16:25 - 2013-03-08 20:00 - 00000000 ____D C:\Users\Ich\Documents\My Games 2013-06-02 12:38 - 2013-06-02 12:38 - 00910330 ____A C:\Users\Ich\Desktop\1.Juni.2013.ZIP 2013-06-02 11:22 - 2013-06-02 11:22 - 00002908 ____A C:\Users\Public\Desktop\Quicken 2014.lnk 2013-06-02 11:22 - 2012-07-26 10:12 - 00000000 ____D C:\Windows\Help 2013-05-31 01:24 - 2013-06-17 18:50 - 01257472 ____A (Microsoft Corporation) C:\Windows\System32\kernel32.dll 2013-05-31 01:08 - 2013-06-17 18:50 - 00974848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll 2013-05-27 19:12 - 2013-05-27 19:12 - 00000000 ____D C:\Users\Ich\AppData\Local\Franzis 2013-05-27 19:06 - 2013-05-27 19:06 - 00001113 ____A C:\Users\Public\Desktop\3D-Eisenbahnplaner 12.lnk 2013-05-27 19:06 - 2013-05-27 19:06 - 00000000 ____D C:\Users\Ich\Documents\Franzis 2013-05-27 19:05 - 2013-05-27 19:05 - 00000000 ____D C:\Program Files (x86)\Franzis 2013-05-27 19:05 - 2013-02-01 21:44 - 00037414 ____A C:\Windows\DirectX.log 2013-05-24 23:19 - 2013-01-31 16:57 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service 2013-05-24 01:01 - 2013-06-17 17:44 - 01300992 ____A (Microsoft Corporation) C:\Windows\System32\gdi32.dll 2013-05-24 00:27 - 2013-06-17 17:44 - 01022464 ____A (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll ==================== Bamital & volsnap Check ================= C:\Windows\System32\winlogon.exe => MD5 is legit C:\Windows\System32\wininit.exe => MD5 is legit C:\Windows\explorer.exe => MD5 is legit C:\Windows\SysWOW64\explorer.exe => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\SysWOW64\svchost.exe => MD5 is legit C:\Windows\System32\services.exe => MD5 is legit C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\SysWOW64\User32.dll => MD5 is legit C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\SysWOW64\userinit.exe => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit LastRegBack: 2013-06-21 17:52 ==================== End Of Log ============================ --- --- --- --- --- --- Bitte schön , schönen abend noch danke |
23.06.2013, 20:34 | #12 |
/// the machine /// TB-Ausbilder | inkasso mail mit anhang geöfnet Supi, ESET Online Scanner
Downloade Dir bitte SecurityCheck und:
und ein frisches FRST Log. Gibt es noch Probleme mit dem Rechner?
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
24.06.2013, 08:47 | #13 |
| inkasso mail mit anhang geöfnet guten morgen , rechner macht keine probleme , läuft wie immer, gruß rudi |
24.06.2013, 11:00 | #14 |
/// the machine /// TB-Ausbilder | inkasso mail mit anhang geöfnet Gut, die Scans bitte trotzdem noch machen
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
25.06.2013, 15:12 | #15 |
| inkasso mail mit anhang geöfnet Hallo, sorry hat etwas gedauert Code:
ATTFilter ESETSmartInstaller@High as downloader log: all ok # version=8 # OnlineScannerApp.exe=1.0.0.1 # OnlineScanner.ocx=1.0.0.6920 # api_version=3.0.2 # EOSSerial=31dbdeffdc22ef43b21eb4bf91977ee0 # engine=14145 # end=finished # remove_checked=false # archives_checked=true # unwanted_checked=false # unsafe_checked=false # antistealth_checked=true # utc_time=2013-06-24 04:04:11 # local_time=2013-06-24 06:04:11 (+0100, Mitteleuropäische Sommerzeit) # country="Germany" # lang=1033 # osver=6.2.9200 NT # compatibility_mode=5893 16776573 100 94 11272 12678950 0 0 # scanned=280966 # found=0 # cleaned=0 # scan_time=5363 ESETSmartInstaller@High as downloader log: all ok # version=8 # OnlineScannerApp.exe=1.0.0.1 # OnlineScanner.ocx=1.0.0.6920 # api_version=3.0.2 # EOSSerial=31dbdeffdc22ef43b21eb4bf91977ee0 # engine=14149 # end=finished # remove_checked=false # archives_checked=true # unwanted_checked=false # unsafe_checked=false # antistealth_checked=true # utc_time=2013-06-25 12:20:23 # local_time=2013-06-25 02:20:23 (+0100, Mitteleuropäische Sommerzeit) # country="Germany" # lang=1033 # osver=6.2.9200 NT # compatibility_mode=5893 16776573 100 94 84244 12751922 0 0 # scanned=281766 # found=0 # cleaned=0 # scan_time=5559 Code:
ATTFilter Results of screen317's Security Check version 0.99.64 x64 (UAC is enabled) Internet Explorer 10 ``````````````Antivirus/Firewall Check:`````````````` Windows Defender WMI entry may not exist for antivirus; attempting automatic update. `````````Anti-malware/Other Utilities Check:````````` VirusTotal Uploader 2.0 Java(TM) 6 Update 21 Java 7 Update 25 Java version out of Date! Adobe Flash Player 11.7.700.224 Adobe Reader XI Mozilla Firefox (21.0) ````````Process Check: objlist.exe by Laurent```````` Windows Defender MSMpEng.exe Windows Defender MsMpEng.exe `````````````````System Health check````````````````` Total Fragmentation on Drive C: % ````````````````````End of Log`````````````````````` FRST Logfile: FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 19-06-2013 (ATTENTION: FRST version is 6 days old) Ran by Ich (administrator) on 25-06-2013 16:02:33 Running from C:\Users\Ich\Desktop Windows 8 (X64) OS Language: German Standard Internet Explorer Version 10 Boot Mode: Normal ==================== Processes (Whitelisted) ================= (NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe (NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Qualcomm Atheros Commnucations) C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\adminservice.exe (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe (Broadcom Corp.) C:\Program Files\Broadcom\MemoryCard\BrcmCardReader.exe (Acer Incorporated) C:\Program Files (x86)\Acer\Acer Cloud\CCDMonitorService.exe (Dritek System Inc.) C:\Program Files (x86)\Launch Manager\dsiwmis.exe (ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDService.exe (Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe (Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LMutilps32.exe (ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe (Microsoft Corporation) C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe (NTI Corporation) C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe (Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe (Dritek System INC.) C:\Windows\RfBtnSvc64.exe (Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LManager.exe (Microsoft Corporation) C:\Windows\system32\dashost.exe (Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16.4.4406.1205_x64__8wekyb3d8bbwe\LiveComm.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe (ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe (Dritek System Inc.) C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe (Intel Corporation) C:\Windows\system32\igfxext.exe (Atheros Communications) C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\BtvStack.exe () C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\ActivateDesktop.exe (Intel Corporation) C:\Windows\System32\igfxtray.exe (Intel Corporation) C:\Windows\System32\hkcmd.exe (Intel Corporation) C:\Windows\System32\igfxpers.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Electronic Arts) C:\Program Files (x86)\Origin\Origin.exe (NTI Corporation) C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe (Dolby Laboratories Inc.) C:\Dolby PCEE4\pcee4.exe (Logitech Inc.) C:\Program Files (x86)\Squeezebox\SqueezeTray.exe (Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe (Haufe-Lexware GmbH & Co. KG) C:\Program Files (x86)\Common Files\Lexware\Update Manager\LxUpdateManager.exe (Logitech Inc.) C:\PROGRA~2\SQUEEZ~1\server\SQUEEZ~3.EXE (Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe (Acer Incorporated) C:\Program Files\Acer\Acer Power Management\ePowerTray.exe (Acer Incorporated) C:\Program Files\Acer\Acer Power Management\ePowerSvc.exe (Intel Corporation) C:\Windows\system32\igfxsrvc.exe (Acer Incorporated) C:\Program Files\Acer\Acer Power Management\ePowerEvent.exe (CyberLink) C:\Program Files (x86)\CyberLink\MediaEspresso\DeviceDetector\DeviceDetector.exe () C:\Program Files\Acer\Acer Instant Service\InstantUpdate\iuEmailOutlookAgent.exe () C:\Program Files\Acer\Acer Instant Service\InstantUpdate\iuBrowserIEAgent.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Egis Technology Inc.) C:\Program Files\EgisTec IPS\PMMUpdate.exe (Egis Technology Inc.) C:\Program Files\EgisTec IPS\EgisUpdate.exe ==================== Registry (Whitelisted) ================== HKLM\...\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s [12503184 2012-06-11] (Realtek Semiconductor) HKLM\...\Run: [RtHDVBg_Dolby] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe /FORPCEE4 [1212048 2012-06-07] (Realtek Semiconductor) HKLM\...\Run: [BtPreLoad] "C:\Program Files (x86)\Bluetooth Suite\BtPreLoad.exe" [x] HKLM\...\Run: [Logitech Download Assistant] C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch [3933496 2012-09-20] (Logitech, Inc.) HKLM\...\Policies\Explorer\Run: [BtvStack] C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\BtvStack.exe [132736 2013-01-28] ( (Atheros Communications)) HKCU\...\Run: [EADM] "C:\Program Files (x86)\Origin\Origin.exe" -AutoStart [3456080 2013-06-04] (Electronic Arts) HKCU\...\Run: [Sony PC Companion] "C:\Program Files (x86)\Sony Ericsson\Sony Ericsson PC Companion\PCCompanion.exe" /Background [x] MountPoints2: {0554b607-b30c-11e2-bf48-b888e3b3844c} - "F:\LaunchU3.exe" -a MountPoints2: {fa3afa14-989e-11e2-bef4-b888e3b3844c} - "F:\Startme.exe" HKLM-x32\...\Run: [LManager] [x] HKLM-x32\...\Run: [Dolby Home Theater v4] "C:\Dolby PCEE4\pcee4.exe" -autostart [508256 2012-04-23] (Dolby Laboratories Inc.) HKLM-x32\...\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59720 2013-01-28] (Apple Inc.) HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [958576 2013-04-04] (Adobe Systems Incorporated) HKLM-x32\...\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" [152392 2013-02-20] (Apple Inc.) HKLM-x32\...\Run: [LexwareInfoService] C:\Program Files (x86)\Common Files\Lexware\Update Manager\LxUpdateManager.exe /autostart [189808 2011-07-31] (Haufe-Lexware GmbH & Co. KG) HKLM-x32\...\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [253816 2013-03-12] (Oracle Corporation) HKU\Default\...\RunOnce: [RegAutoPlay] C:\Program Files (x86)\Acer\clear.fi Media\RegAutoplay.exe /r [1845392 2012-08-21] (Acer Incorporated) HKU\Default User\...\RunOnce: [RegAutoPlay] C:\Program Files (x86)\Acer\clear.fi Media\RegAutoplay.exe /r [1845392 2012-08-21] (Acer Incorporated) AppInit_DLLs: C:\Windows\system32\nvinitx.dll [247144 2012-10-11] (NVIDIA Corporation) Startup: C:\ProgramData\Start Menu\Programs\Startup\Acer Backup Manager Tray.lnk ShortcutTarget: Acer Backup Manager Tray.lnk -> C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe (NTI Corporation) Startup: C:\ProgramData\Start Menu\Programs\Startup\Logitech Media Server-Taskleisten-Tool.lnk ShortcutTarget: Logitech Media Server-Taskleisten-Tool.lnk -> C:\Program Files (x86)\Squeezebox\SqueezeTray.exe (Logitech Inc.) Startup: C:\ProgramData\Start Menu\Programs\Startup\Quicken 2014 Zahlungserinnerung.lnk ShortcutTarget: Quicken 2014 Zahlungserinnerung.lnk -> C:\Windows\Installer\{E60036CF-1E46-4DFE-832F-5476574B30FF}\BillMinder.8C5DA79E_7079_4AB3_81F7_712153351D0D.exe (Macrovision Corporation) Startup: C:\ProgramData\Start Menu\Programs\Startup\Quicken Jubiläumsversion Zahlungserinnerung.lnk ShortcutTarget: Quicken Jubiläumsversion Zahlungserinnerung.lnk -> C:\Windows\Installer\{A907A713-DA24-4352-8786-96C7A6944646}\BillMinder.8C5DA79E_7079_4AB3_81F7_712153351D0D.exe (Macrovision Corporation) ==================== Internet (Whitelisted) ==================== HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://t-online.de/ HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://acer13.msn.com HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com HKCU SearchScopes: DefaultScope {46F3D5CC-0151-489C-8DFB-EB32C0888D07} URL = SearchScopes: HKCU - {46F3D5CC-0151-489C-8DFB-EB32C0888D07} URL = BHO: Lync Browser Helper - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation) BHO: CIESpeechBHO Class - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\IEPlugIn.dll (Qualcomm Atheros Commnucations) BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation) BHO: Microsoft SkyDrive Pro Browser Helper - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation) BHO-x32: Lync Browser Helper - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\Office15\OCHelper.dll (Microsoft Corporation) BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\Office15\URLREDIR.DLL (Microsoft Corporation) BHO-x32: Microsoft SkyDrive Pro Browser Helper - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL (Microsoft Corporation) BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL (Microsoft Corporation) Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies) Tcpip\Parameters: [DhcpNameServer] 192.168.2.1 FireFox: ======== FF ProfilePath: C:\Users\Ich\AppData\Roaming\Mozilla\Firefox\Profiles\wjhxw3dr.default FF Homepage: t-online.de FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_7_700_224.dll () FF Plugin: @videolan.org/vlc,version=2.0.5 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN) FF Plugin: @videolan.org/vlc,version=2.0.6 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN) FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll () FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 - C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.) FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation) FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation) FF Plugin-x32: @java.com/DTPlugin,version=10.25.2 - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=10.25.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin-x32: @microsoft.com/Lync,version=15.0 - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll (Microsoft Corporation) FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files (x86)\Microsoft Silverlight\4.0.51204.0\npctrl.dll ( Microsoft Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation) FF Plugin-x32: @SonyCreativeSoftware.com/Media Go,version=1.0 - C:\Program Files (x86)\Sony\Media Go\npmediago.dll (Sony Network Entertainment International LLC) FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) ==================== Services (Whitelisted) ================= R2 AtherosSvc; C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\adminservice.exe [227456 2013-01-28] (Qualcomm Atheros Commnucations) R2 BrcmCardReader; C:\Program Files\Broadcom\MemoryCard\BrcmCardReader.exe [176640 2012-08-20] (Broadcom Corp.) R2 CCDMonitorService; C:\Program Files (x86)\Acer\Acer Cloud\CCDMonitorService.exe [2435728 2012-08-23] (Acer Incorporated) S2 CLKMSVC10_96E434EB; C:\Program Files (x86)\Acer\clear.fi SDK21\Movie\NavFilter\kmsvc.exe [243728 2012-07-24] (CyberLink) S3 DeviceFastLaneService; C:\Program Files\Acer\Acer Device Fast-lane\DeviceFastLaneSvc.exe [468624 2012-08-23] (Acer Incorporated) R3 ePowerSvc; C:\Program Files\Acer\Acer Power Management\ePowerSvc.exe [658576 2012-08-22] (Acer Incorporated) R2 ETDService; C:\Program Files\Elantech\ETDService.exe [85904 2012-09-05] (ELAN Microelectronics Corp.) R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [165760 2012-07-18] (Intel Corporation) R2 NTI IScheduleSvc; C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe [259136 2012-11-02] (NTI Corporation) R2 OfficeSvc; C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe [1900728 2013-06-06] (Microsoft Corporation) R2 RfButtonDriverService; C:\Windows\RfBtnSvc64.exe [93296 2012-12-30] (Dritek System INC.) R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [14920 2013-01-29] (Microsoft Corporation) ==================== Drivers (Whitelisted) ==================== S3 BCM43XX; C:\Windows\system32\DRIVERS\bcmwl63a.sys [5139968 2012-06-02] (Broadcom Corporation) R3 BTATH_LWFLT; C:\Windows\system32\DRIVERS\btath_lwflt.sys [77464 2013-01-28] (Qualcomm Atheros) R3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [202752 2012-07-26] (Microsoft Corporation) R3 Ps2Kb2Hid; C:\Windows\System32\drivers\aPs2Kb2Hid.sys [26736 2012-12-30] (Dritek System Inc.) R1 UimBus; C:\Windows\System32\drivers\uimx64.sys [90960 2012-12-13] (Windows (R) 2000 DDK provider) R1 Uim_IM; C:\Windows\System32\Drivers\Uim_IMx64.sys [633680 2012-12-13] (Paragon) R1 Uim_VIM; C:\Windows\System32\Drivers\uim_vimx64.sys [390352 2012-12-13] (Paragon) S3 xusb22; C:\Windows\System32\drivers\xusb22.sys [89088 2012-07-26] (Microsoft Corporation) ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2013-06-25 16:02 - 2013-06-25 16:02 - 00000884 ____A C:\Users\Ich\Desktop\checkup.txt 2013-06-24 16:33 - 2013-06-24 09:48 - 00890839 ____A C:\Users\Ich\Desktop\SecurityCheck.exe 2013-06-23 18:21 - 2013-06-23 18:21 - 00000000 ____D C:\Windows\ERUNT 2013-06-23 18:20 - 2013-06-23 18:20 - 00000000 ____D C:\JRT 2013-06-23 18:09 - 2013-06-23 18:09 - 00000000 ____D C:\Program Files (x86)\7-Zip 2013-06-23 18:00 - 2013-06-23 18:00 - 00003909 ____A C:\AdwCleaner[R3].txt 2013-06-23 17:59 - 2013-06-23 17:59 - 00003849 ____A C:\AdwCleaner[R2].txt 2013-06-23 17:59 - 2013-06-23 17:59 - 00003789 ____A C:\AdwCleaner[R1].txt 2013-06-23 17:57 - 2013-06-23 18:04 - 00000000 ____D C:\Program Files (x86)\Optimizer Pro 2013-06-22 16:35 - 2013-06-22 16:41 - 00000000 ____D C:\Users\Ich\Desktop\sabse 2013-06-21 17:44 - 2013-06-21 17:44 - 00002011 ____A C:\Users\Ich\Desktop\VirusTotal Uploader 2.0.lnk 2013-06-21 17:44 - 2013-06-21 17:44 - 00000000 ____D C:\Program Files (x86)\VirusTotalUploader2 2013-06-19 21:41 - 2013-06-19 21:41 - 00004944 ____A C:\Windows\SysWOW64\jupdate-1.7.0_25-b16.log 2013-06-19 21:41 - 2013-06-12 21:43 - 00263592 ____A (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe 2013-06-19 19:39 - 2013-06-19 19:39 - 00000000 ____D C:\FRST 2013-06-19 19:39 - 2013-06-19 19:38 - 01928350 ____A (Farbar) C:\Users\Ich\Desktop\FRST64.exe 2013-06-18 15:21 - 2013-06-18 15:21 - 00000000 ____D C:\ProgramData\Simply Super Software 2013-06-18 15:20 - 2013-06-18 15:20 - 00431720 ____A C:\Windows\System32\FNTCACHE.DAT 2013-06-17 21:24 - 2013-06-17 21:24 - 00000000 ____D C:\Users\Ich\AppData\Roaming\TrojanHunter 2013-06-17 20:37 - 2013-06-23 18:04 - 00000000 ____D C:\Program Files (x86)\TrojanHunter 5.5 2013-06-17 20:37 - 2013-06-17 20:37 - 00059392 ____R C:\Windows\SysWOW64\streamhlp.dll 2013-06-17 18:50 - 2013-05-31 01:24 - 01257472 ____A (Microsoft Corporation) C:\Windows\System32\kernel32.dll 2013-06-17 18:50 - 2013-05-31 01:08 - 00974848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll 2013-06-17 17:44 - 2013-05-24 01:01 - 01300992 ____A (Microsoft Corporation) C:\Windows\System32\gdi32.dll 2013-06-17 17:44 - 2013-05-24 00:27 - 01022464 ____A (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll 2013-06-16 13:44 - 2013-05-15 04:25 - 00888320 ____A (Microsoft Corporation) C:\Windows\System32\autochk.exe 2013-06-16 13:44 - 2013-05-15 04:25 - 00542208 ____A (Microsoft Corporation) C:\Windows\System32\untfs.dll 2013-06-16 13:44 - 2013-05-15 04:24 - 00793088 ____A (Microsoft Corporation) C:\Windows\SysWOW64\autochk.exe 2013-06-16 13:44 - 2013-05-15 04:24 - 00482816 ____A (Microsoft Corporation) C:\Windows\SysWOW64\untfs.dll 2013-06-16 12:16 - 2013-05-04 09:58 - 00120736 ____A (Microsoft Corporation) C:\Windows\System32\AuthHost.exe 2013-06-16 12:16 - 2013-05-04 09:34 - 00446720 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\USBHUB3.SYS 2013-06-16 12:16 - 2013-05-04 09:34 - 00284416 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\spaceport.sys 2013-06-16 12:16 - 2013-05-04 09:34 - 00213248 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\UCX01000.SYS 2013-06-16 12:16 - 2013-05-04 09:30 - 00058312 ____A (Microsoft Corporation) C:\Windows\System32\wuauclt.exe 2013-06-16 12:16 - 2013-05-04 08:59 - 13644288 ____A (Microsoft Corporation) C:\Windows\System32\Windows.UI.Xaml.dll 2013-06-16 12:16 - 2013-05-04 08:59 - 03241472 ____A (Microsoft Corporation) C:\Windows\System32\wuaueng.dll 2013-06-16 12:16 - 2013-05-04 08:59 - 01619968 ____A (Microsoft Corporation) C:\Windows\System32\wucltux.dll 2013-06-16 12:16 - 2013-05-04 08:59 - 01483776 ____A (Microsoft Corporation) C:\Windows\System32\VSSVC.exe 2013-06-16 12:16 - 2013-05-04 08:59 - 00812544 ____A (Microsoft Corporation) C:\Windows\System32\Magnify.exe 2013-06-16 12:16 - 2013-05-04 08:59 - 00760320 ____A (Microsoft Corporation) C:\Windows\System32\wuapi.dll 2013-06-16 12:16 - 2013-05-04 08:59 - 00251904 ____A (Microsoft Corporation) C:\Windows\System32\WUSettingsProvider.dll 2013-06-16 12:16 - 2013-05-04 08:59 - 00141824 ____A (Microsoft Corporation) C:\Windows\System32\wuwebv.dll 2013-06-16 12:16 - 2013-05-04 08:59 - 00098304 ____A (Microsoft Corporation) C:\Windows\System32\wudriver.dll 2013-06-16 12:16 - 2013-05-04 08:59 - 00039424 ____A (Microsoft Corporation) C:\Windows\System32\wuapp.exe 2013-06-16 12:16 - 2013-05-04 08:58 - 10116096 ____A (Microsoft Corporation) C:\Windows\System32\twinui.dll 2013-06-16 12:16 - 2013-05-04 08:58 - 01332736 ____A (Microsoft Corporation) C:\Windows\System32\sysmain.dll 2013-06-16 12:16 - 2013-05-04 08:58 - 00470528 ____A (Microsoft Corporation) C:\Windows\System32\netprofmsvc.dll 2013-06-16 12:16 - 2013-05-04 08:58 - 00330240 ____A (Microsoft Corporation) C:\Windows\System32\stobject.dll 2013-06-16 12:16 - 2013-05-04 08:58 - 00328192 ____A (Microsoft Corporation) C:\Windows\System32\ubpm.dll 2013-06-16 12:16 - 2013-05-04 08:58 - 00173568 ____A (Microsoft Corporation) C:\Windows\System32\storewuauth.dll 2013-06-16 12:16 - 2013-05-04 08:58 - 00169984 ____A (Microsoft Corporation) C:\Windows\System32\netplwiz.dll 2013-06-16 12:16 - 2013-05-04 08:58 - 00151552 ____A (Microsoft Corporation) C:\Windows\System32\netprofm.dll 2013-06-16 12:16 - 2013-05-04 08:58 - 00093696 ____A (Microsoft Corporation) C:\Windows\System32\psmsrv.dll 2013-06-16 12:16 - 2013-05-04 08:57 - 02305024 ____A (Microsoft Corporation) C:\Windows\System32\authui.dll 2013-06-16 12:16 - 2013-05-04 08:57 - 01131520 ____A (Microsoft Corporation) C:\Windows\System32\AppXDeploymentServer.dll 2013-06-16 12:16 - 2013-05-04 08:57 - 00708096 ____A (Microsoft Corporation) C:\Windows\System32\AppXDeploymentExtensions.dll 2013-06-16 12:16 - 2013-05-04 08:57 - 00560640 ____A (Microsoft Corporation) C:\Windows\System32\mfmp4srcsnk.dll 2013-06-16 12:16 - 2013-05-04 08:57 - 00501760 ____A (Microsoft Corporation) C:\Windows\System32\DevicePairing.dll 2013-06-16 12:16 - 2013-05-04 08:57 - 00389120 ____A (Microsoft Corporation) C:\Windows\System32\BCP47Langs.dll 2013-06-16 12:16 - 2013-05-04 08:57 - 00179712 ____A (Microsoft Corporation) C:\Windows\System32\bisrv.dll 2013-06-16 12:16 - 2013-05-04 08:57 - 00122368 ____A (Microsoft Corporation) C:\Windows\System32\biwinrt.dll 2013-06-16 12:16 - 2013-05-04 08:57 - 00017408 ____A (Microsoft Corporation) C:\Windows\System32\muifontsetup.dll 2013-06-16 12:16 - 2013-05-04 08:56 - 00419840 ____A (Microsoft Corporation) C:\Windows\System32\intl.cpl 2013-06-16 12:16 - 2013-05-04 06:58 - 00758784 ____A (Microsoft Corporation) C:\Windows\SysWOW64\Magnify.exe 2013-06-16 12:16 - 2013-05-04 06:58 - 00621056 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll 2013-06-16 12:16 - 2013-05-04 06:58 - 00125952 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll 2013-06-16 12:16 - 2013-05-04 06:58 - 00083968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll 2013-06-16 12:16 - 2013-05-04 06:58 - 00034304 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe 2013-06-16 12:16 - 2013-05-04 06:57 - 10788864 ____A (Microsoft Corporation) C:\Windows\SysWOW64\Windows.UI.Xaml.dll 2013-06-16 12:16 - 2013-05-04 06:57 - 08857088 ____A (Microsoft Corporation) C:\Windows\SysWOW64\twinui.dll 2013-06-16 12:16 - 2013-05-04 06:57 - 00303616 ____A (Microsoft Corporation) C:\Windows\SysWOW64\stobject.dll 2013-06-16 12:16 - 2013-05-04 06:57 - 00247296 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ubpm.dll 2013-06-16 12:16 - 2013-05-04 06:57 - 00151040 ____A (Microsoft Corporation) C:\Windows\SysWOW64\netplwiz.dll 2013-06-16 12:16 - 2013-05-04 06:57 - 00115712 ____A (Microsoft Corporation) C:\Windows\SysWOW64\netprofm.dll 2013-06-16 12:16 - 2013-05-04 06:57 - 00018432 ____A (Microsoft Corporation) C:\Windows\SysWOW64\npmproxy.dll 2013-06-16 12:16 - 2013-05-04 06:57 - 00014336 ____A (Microsoft Corporation) C:\Windows\SysWOW64\muifontsetup.dll 2013-06-16 12:16 - 2013-05-04 06:56 - 02035712 ____A (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll 2013-06-16 12:16 - 2013-05-04 06:56 - 00449536 ____A (Microsoft Corporation) C:\Windows\SysWOW64\DevicePairing.dll 2013-06-16 12:16 - 2013-05-04 06:56 - 00411136 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mfmp4srcsnk.dll 2013-06-16 12:16 - 2013-05-04 06:56 - 00309760 ____A (Microsoft Corporation) C:\Windows\SysWOW64\BCP47Langs.dll 2013-06-16 12:16 - 2013-05-04 06:56 - 00092160 ____A (Microsoft Corporation) C:\Windows\SysWOW64\biwinrt.dll 2013-06-16 12:16 - 2013-05-04 06:55 - 00389632 ____A (Microsoft Corporation) C:\Windows\SysWOW64\intl.cpl 2013-06-16 12:16 - 2013-05-04 06:51 - 00014848 ____A (Microsoft) C:\Windows\System32\rars.rs 2013-06-16 12:16 - 2013-05-04 06:48 - 00083968 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\hidclass.sys 2013-06-16 12:16 - 2013-05-04 06:48 - 00027648 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\hidusb.sys 2013-06-16 12:16 - 2013-05-04 06:47 - 00427520 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\rdbss.sys 2013-06-16 12:16 - 2013-05-04 06:10 - 00014848 ____A (Microsoft) C:\Windows\SysWOW64\rars.rs 2013-06-16 12:16 - 2013-05-03 00:04 - 00386646 ____A C:\Windows\System32\ApnDatabase.xml 2013-06-12 23:38 - 2013-05-16 00:37 - 00044032 ____A (Microsoft Corporation) C:\Windows\SysWOW64\UXInit.dll 2013-06-12 23:38 - 2013-05-16 00:36 - 14320640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2013-06-12 23:38 - 2013-05-16 00:35 - 19230720 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll 2013-06-12 23:38 - 2013-05-16 00:35 - 00053760 ____A (Microsoft Corporation) C:\Windows\System32\UXInit.dll 2013-06-12 23:38 - 2013-05-14 15:14 - 02706432 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb 2013-06-12 23:38 - 2013-05-14 11:23 - 02706432 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb 2013-06-12 23:38 - 2013-05-04 09:45 - 02233600 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tcpip.sys 2013-06-12 23:38 - 2013-04-29 00:30 - 13760512 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2013-06-12 23:38 - 2013-04-29 00:30 - 02877440 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll 2013-06-12 23:38 - 2013-04-29 00:30 - 02046976 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2013-06-12 23:38 - 2013-04-29 00:30 - 01767936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2013-06-12 23:38 - 2013-04-29 00:30 - 01141248 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2013-06-12 23:38 - 2013-04-29 00:30 - 00690688 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll 2013-06-12 23:38 - 2013-04-29 00:30 - 00493056 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll 2013-06-12 23:38 - 2013-04-29 00:28 - 03958784 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll 2013-06-12 23:38 - 2013-04-29 00:28 - 02241024 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll 2013-06-12 23:38 - 2013-04-29 00:28 - 01365504 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll 2013-06-12 23:38 - 2013-04-29 00:28 - 00915968 ____A (Microsoft Corporation) C:\Windows\System32\uxtheme.dll 2013-06-12 23:38 - 2013-04-29 00:28 - 00603136 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll 2013-06-12 23:38 - 2013-04-29 00:28 - 00051712 ____A (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe 2013-06-12 23:38 - 2013-04-29 00:27 - 15404544 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll 2013-06-12 23:38 - 2013-04-29 00:27 - 02647552 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll 2013-06-12 23:38 - 2013-04-29 00:27 - 00855552 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll 2013-06-12 23:38 - 2013-04-27 07:20 - 00733184 ____A (Microsoft Corporation) C:\Windows\System32\win32spl.dll 2013-06-12 23:38 - 2013-04-24 01:13 - 01013248 ____A (Microsoft Corporation) C:\Windows\SysWOW64\certutil.exe 2013-06-12 23:38 - 2013-04-24 01:12 - 01569792 ____A (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll 2013-06-12 23:38 - 2013-04-24 01:12 - 00109056 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll 2013-06-12 23:38 - 2013-04-24 00:56 - 01255936 ____A (Microsoft Corporation) C:\Windows\System32\certutil.exe 2013-06-12 23:38 - 2013-04-24 00:55 - 01889280 ____A (Microsoft Corporation) C:\Windows\System32\crypt32.dll 2013-06-12 23:38 - 2013-04-24 00:55 - 00141312 ____A (Microsoft Corporation) C:\Windows\System32\cryptnet.dll 2013-06-12 23:38 - 2013-04-24 00:55 - 00068096 ____A (Microsoft Corporation) C:\Windows\System32\cryptsvc.dll 2013-06-12 23:38 - 2013-04-03 01:37 - 00025088 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptdlg.dll 2013-06-12 23:38 - 2013-04-03 01:12 - 00030720 ____A (Microsoft Corporation) C:\Windows\System32\cryptdlg.dll 2013-06-02 16:47 - 2013-06-02 16:47 - 00000000 ____D C:\Users\Ich\AppData\Local\SniperV2 2013-06-02 16:47 - 2013-06-02 16:47 - 00000000 ____D C:\Users\Ich\AppData\Local\SKIDROW 2013-06-02 16:25 - 2013-06-02 16:25 - 00000000 ____D C:\ProgramData\Steam 2013-06-02 16:25 - 2013-06-02 16:25 - 00000000 ____D C:\ProgramData\Codemasters 2013-06-02 12:38 - 2013-06-02 12:38 - 00910330 ____A C:\Users\Ich\Desktop\1.Juni.2013.ZIP 2013-06-02 11:22 - 2013-06-02 11:22 - 00002908 ____A C:\Users\Public\Desktop\Quicken 2014.lnk 2013-05-27 19:12 - 2013-05-27 19:12 - 00000000 ____D C:\Users\Ich\AppData\Local\Franzis 2013-05-27 19:06 - 2013-05-27 19:06 - 00001113 ____A C:\Users\Public\Desktop\3D-Eisenbahnplaner 12.lnk 2013-05-27 19:06 - 2013-05-27 19:06 - 00000000 ____D C:\Users\Ich\Documents\Franzis 2013-05-27 19:05 - 2013-05-27 19:05 - 00000000 ____D C:\Program Files (x86)\Franzis ==================== One Month Modified Files and Folders ======= 2013-06-25 16:02 - 2013-06-25 16:02 - 00000884 ____A C:\Users\Ich\Desktop\checkup.txt 2013-06-25 16:02 - 2012-07-26 10:12 - 00000000 ____D C:\Windows\System32\sru 2013-06-25 15:58 - 2013-02-01 21:56 - 00000000 ____D C:\Users\Ich\AppData\Local\CrashDumps 2013-06-25 15:47 - 2013-01-31 16:51 - 01502094 ____A C:\Windows\WindowsUpdate.log 2013-06-25 15:16 - 2013-01-31 17:59 - 00000884 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job 2013-06-25 14:20 - 2012-07-26 10:12 - 00000000 ____D C:\Windows\AUInstallAgent 2013-06-25 12:47 - 2012-12-30 11:29 - 00753134 ____A C:\Windows\System32\perfh007.dat 2013-06-25 12:47 - 2012-12-30 11:29 - 00155826 ____A C:\Windows\System32\perfc007.dat 2013-06-25 12:47 - 2012-07-26 09:28 - 01745416 ____A C:\Windows\System32\PerfStringBackup.INI 2013-06-25 12:44 - 2013-02-01 11:03 - 00000000 ____D C:\Users\Ich\AppData\Local\Deployment 2013-06-25 12:40 - 2013-02-01 21:28 - 00000000 ____D C:\Program Files (x86)\Origin 2013-06-25 12:40 - 2012-11-02 05:02 - 00046498 ____A C:\Windows\PFRO.log 2013-06-25 12:40 - 2012-07-26 09:22 - 00000006 ___AH C:\Windows\Tasks\SA.DAT 2013-06-24 19:30 - 2012-07-26 07:26 - 00786432 __ASH C:\Windows\System32\config\BBI 2013-06-24 09:48 - 2013-06-24 16:33 - 00890839 ____A C:\Users\Ich\Desktop\SecurityCheck.exe 2013-06-23 18:21 - 2013-06-23 18:21 - 00000000 ____D C:\Windows\ERUNT 2013-06-23 18:21 - 2013-04-02 19:31 - 00000000 ____D C:\Users\Ich\AppData\Local\iLivid 2013-06-23 18:20 - 2013-06-23 18:20 - 00000000 ____D C:\JRT 2013-06-23 18:09 - 2013-06-23 18:09 - 00000000 ____D C:\Program Files (x86)\7-Zip 2013-06-23 18:04 - 2013-06-23 17:57 - 00000000 ____D C:\Program Files (x86)\Optimizer Pro 2013-06-23 18:04 - 2013-06-17 20:37 - 00000000 ____D C:\Program Files (x86)\TrojanHunter 5.5 2013-06-23 18:00 - 2013-06-23 18:00 - 00003909 ____A C:\AdwCleaner[R3].txt 2013-06-23 17:59 - 2013-06-23 17:59 - 00003849 ____A C:\AdwCleaner[R2].txt 2013-06-23 17:59 - 2013-06-23 17:59 - 00003789 ____A C:\AdwCleaner[R1].txt 2013-06-23 16:42 - 2013-01-31 21:20 - 00000000 ____D C:\Users\Ich\AppData\Roaming\vlc 2013-06-22 16:41 - 2013-06-22 16:35 - 00000000 ____D C:\Users\Ich\Desktop\sabse 2013-06-21 17:44 - 2013-06-21 17:44 - 00002011 ____A C:\Users\Ich\Desktop\VirusTotal Uploader 2.0.lnk 2013-06-21 17:44 - 2013-06-21 17:44 - 00000000 ____D C:\Program Files (x86)\VirusTotalUploader2 2013-06-19 21:41 - 2013-06-19 21:41 - 00004944 ____A C:\Windows\SysWOW64\jupdate-1.7.0_25-b16.log 2013-06-19 21:41 - 2013-02-01 12:24 - 00000000 ____D C:\Program Files (x86)\Java 2013-06-19 19:39 - 2013-06-19 19:39 - 00000000 ____D C:\FRST 2013-06-19 19:38 - 2013-06-19 19:39 - 01928350 ____A (Farbar) C:\Users\Ich\Desktop\FRST64.exe 2013-06-18 15:21 - 2013-06-18 15:21 - 00000000 ____D C:\ProgramData\Simply Super Software 2013-06-18 15:20 - 2013-06-18 15:20 - 00431720 ____A C:\Windows\System32\FNTCACHE.DAT 2013-06-17 22:13 - 2012-07-26 10:12 - 00000000 ____D C:\Windows\rescache 2013-06-17 21:24 - 2013-06-17 21:24 - 00000000 ____D C:\Users\Ich\AppData\Roaming\TrojanHunter 2013-06-17 21:24 - 2012-07-26 10:12 - 00000000 ___RD C:\Windows\ToastData 2013-06-17 21:24 - 2012-07-26 10:12 - 00000000 ____D C:\Windows\WinStore 2013-06-17 21:24 - 2012-07-26 10:12 - 00000000 ____D C:\Program Files\Windows Photo Viewer 2013-06-17 21:24 - 2012-07-26 10:12 - 00000000 ____D C:\Program Files (x86)\Windows Photo Viewer 2013-06-17 21:24 - 2012-07-26 07:38 - 00000000 ____D C:\Windows\SysWOW64\Dism 2013-06-17 21:24 - 2012-07-26 07:38 - 00000000 ____D C:\Windows\System32\Dism 2013-06-17 20:37 - 2013-06-17 20:37 - 00059392 ____R C:\Windows\SysWOW64\streamhlp.dll 2013-06-15 23:46 - 2013-02-03 20:15 - 00000000 ____D C:\Users\Ich\AppData\Roaming\Skype 2013-06-15 17:47 - 2013-02-03 20:15 - 00000000 ___RD C:\Program Files (x86)\Skype 2013-06-15 17:47 - 2013-02-03 20:15 - 00000000 ____D C:\ProgramData\Skype 2013-06-13 23:55 - 2013-04-25 15:17 - 00000000 ____D C:\Program Files\Microsoft Office 15 2013-06-13 12:07 - 2013-02-01 20:28 - 75825640 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe 2013-06-12 21:48 - 2013-02-17 18:05 - 00867240 ____A (Oracle Corporation) C:\Windows\SysWOW64\npDeployJava1.dll 2013-06-12 21:48 - 2013-02-01 12:25 - 00789416 ____A (Oracle Corporation) C:\Windows\SysWOW64\deployJava1.dll 2013-06-12 21:47 - 2013-03-17 12:19 - 00096168 ____A (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll 2013-06-12 21:43 - 2013-06-19 21:41 - 00263592 ____A (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe 2013-06-12 21:43 - 2013-02-01 12:25 - 00175016 ____A (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe 2013-06-12 21:43 - 2013-02-01 12:25 - 00175016 ____A (Oracle Corporation) C:\Windows\SysWOW64\java.exe 2013-06-05 00:09 - 2012-07-26 10:14 - 00693112 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2013-06-05 00:09 - 2012-07-26 10:14 - 00078200 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2013-06-04 15:05 - 2013-02-01 21:29 - 00000000 ____D C:\Users\Ich\AppData\Roaming\Origin 2013-06-04 15:05 - 2013-02-01 21:29 - 00000000 ____D C:\Users\Ich\AppData\Local\Origin 2013-06-02 20:46 - 2012-07-26 09:21 - 00071961 ____A C:\Windows\setupact.log 2013-06-02 19:03 - 2013-01-31 16:51 - 00000000 ____D C:\Users\Ich\AppData\Local\Packages 2013-06-02 16:47 - 2013-06-02 16:47 - 00000000 ____D C:\Users\Ich\AppData\Local\SniperV2 2013-06-02 16:47 - 2013-06-02 16:47 - 00000000 ____D C:\Users\Ich\AppData\Local\SKIDROW 2013-06-02 16:25 - 2013-06-02 16:25 - 00000000 ____D C:\ProgramData\Steam 2013-06-02 16:25 - 2013-06-02 16:25 - 00000000 ____D C:\ProgramData\Codemasters 2013-06-02 16:25 - 2013-03-08 20:00 - 00000000 ____D C:\Users\Ich\Documents\My Games 2013-06-02 12:38 - 2013-06-02 12:38 - 00910330 ____A C:\Users\Ich\Desktop\1.Juni.2013.ZIP 2013-06-02 11:22 - 2013-06-02 11:22 - 00002908 ____A C:\Users\Public\Desktop\Quicken 2014.lnk 2013-06-02 11:22 - 2012-07-26 10:12 - 00000000 ____D C:\Windows\Help 2013-05-31 01:24 - 2013-06-17 18:50 - 01257472 ____A (Microsoft Corporation) C:\Windows\System32\kernel32.dll 2013-05-31 01:08 - 2013-06-17 18:50 - 00974848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll 2013-05-27 19:12 - 2013-05-27 19:12 - 00000000 ____D C:\Users\Ich\AppData\Local\Franzis 2013-05-27 19:06 - 2013-05-27 19:06 - 00001113 ____A C:\Users\Public\Desktop\3D-Eisenbahnplaner 12.lnk 2013-05-27 19:06 - 2013-05-27 19:06 - 00000000 ____D C:\Users\Ich\Documents\Franzis 2013-05-27 19:05 - 2013-05-27 19:05 - 00000000 ____D C:\Program Files (x86)\Franzis 2013-05-27 19:05 - 2013-02-01 21:44 - 00037414 ____A C:\Windows\DirectX.log ==================== Bamital & volsnap Check ================= C:\Windows\System32\winlogon.exe => MD5 is legit C:\Windows\System32\wininit.exe => MD5 is legit C:\Windows\explorer.exe => MD5 is legit C:\Windows\SysWOW64\explorer.exe => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\SysWOW64\svchost.exe => MD5 is legit C:\Windows\System32\services.exe => MD5 is legit C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\SysWOW64\User32.dll => MD5 is legit C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\SysWOW64\userinit.exe => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit LastRegBack: 2013-06-21 17:52 ==================== End Of Log ============================ --- --- --- --- --- --- Dankeschön und schönen Abend noch |
Themen zu inkasso mail mit anhang geöfnet |
anderes, angeblichen, anhang, brauch, datei, eingefangen, email, erhalte, gefangen, gen, gescannt, gespeichert, gestern, hallo zusammen, inkasso, mail, nicht mehr, programm, rechner, scanne, scannen, troja, trojan, zusammen, zuviel |