Seit einigen Wochen habe ich mir (wie auch immer) den instant savings virus eingefangen. leider kann ich ihn nicht unter anwendungen oder in den browser einstellungen entdecken bzw. entfernen. unternommen habe ich schon folgendes:
1. scan durch otl -> hängt sich beim scannen von firefox auf
2. scan durch FRST mit dem Ergebins:
PHP-Code:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 01-07-2013 02
Ran by Marv (administrator) on 01-07-2013 22:21:24
Running from C:\Users\Marv\Downloads
Windows 7 Ultimate Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 10
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(Acronis) C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe
(Andrea Electronics Corporation) C:\Windows\system32\AEADISRV.EXE
() C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Security Suite CBE 12\avp.exe
(LogMeIn Inc.) C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe
(Nero AG) C:\Program Files (x86)\Nero\Nero8\Nero BackItUp\NBService.exe
(Prolific Technology Inc.) C:\Windows\SysWOW64\IoctlSvc.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(Microsoft Corporation) C:\Windows\System32\alg.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
() C:\Program Files (x86)\ASUS\EPU-6 Engine\SixEngine.exe
(Analog Devices, Inc.) C:\Program Files (x86)\Analog Devices\SoundMAX\SoundMAX.exe
(Logitech Inc.) C:\Program Files\Logitech Gaming Software\LCore.exe
(Samsung) C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
(Dropbox, Inc.) C:\Users\Marv\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Analog Devices, Inc.) C:\Program Files (x86)\Analog Devices\Core\smax4pnp.exe
(Razer USA Ltd) C:\Program Files (x86)\Razer\Imperator\RazerImperatorSysTray.exe
(Elaborate Bytes AG) C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Security Suite CBE 12\avp.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Logitech Inc.) C:\Program Files\Logitech Gaming Software\Applets\LCDClock.exe
(Logitech Inc.) C:\Program Files\Logitech Gaming Software\Applets\LCDMedia.exe
(Logitech Inc.) C:\Program Files\Logitech Gaming Software\Applets\LCDPop3.exe
(Logitech Inc.) C:\Program Files\Logitech Gaming Software\Applets\LCDCountdown.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [SoundMAX] C:\Program Files (x86)\Analog Devices\SoundMAX\soundmax.exe /tray [3866624 2009-05-18] (Analog Devices, Inc.)
HKLM\...\Run: [Launch LCore] C:\Program Files\Logitech Gaming Software\LCore.exe /minimized [7406392 2012-11-29] (Logitech Inc.)
HKLM-x32\...\Runonce: [GrpConv] grpconv -o [x]
Winlogon\Notify\klogon: %SystemRoot%\System32\klogon.dll (Kaspersky Lab ZAO)
HKCU\...\Run: [] C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe [1106288 2013-03-28] (Samsung)
HKCR\...0c966feabec1\InprocServer32: [Default-shell32] %SystemRoot%\system32\shell32.dll ATTENTION! ====> ZeroAccess?
HKCR\...409d6c4515e9\InprocServer32: [Default-shell32] %SystemRoot%\system32\shell32.dll ATTENTION! ====> ZeroAccess?
MountPoints2: {7dd2c044-8f3e-11e2-b73c-0009dd5034a9} - G:\LaunchU3.exe -a
MountPoints2: {a56d1d6f-8b2e-11e2-b371-0009dd5034a9} - J:\Autorun.exe
MountPoints2: {eb6bd5ba-8a63-11e2-8eb1-0009dd5034a9} - I:\Autorun.exe
HKLM-x32\...\Run: [SoundMAXPnP] C:\Program Files (x86)\Analog Devices\Core\smax4pnp.exe [1310720 2013-03-10] (Analog Devices, Inc.)
HKLM-x32\...\Run: [Razer Imperator Driver] C:\Program Files (x86)\Razer\Imperator\RazerImperatorSysTray.exe [979360 2012-02-09] (Razer USA Ltd)
HKLM-x32\...\Run: [VirtualCloneDrive] "C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s [89456 2011-03-07] (Elaborate Bytes AG)
HKLM-x32\...\Run: [AVP] "C:\Program Files (x86)\Kaspersky Security Suite CBE 12\avp.exe" [202296 2012-04-10] (Kaspersky Lab ZAO)
HKLM-x32\...\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
Startup: C:\Users\Marv\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Marv\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
Startup: C:\Users\Marv\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\_uninst_Kaspersky scan.exe.lnk
ShortcutTarget: _uninst_Kaspersky scan.exe.lnk -> C:\Users\Marv\AppData\Local\Temp\_uninst_Kaspersky scan.exe.bat ()
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
BHO: IEVkbdBHO Class - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files (x86)\Kaspersky Security Suite CBE 12\x64\ievkbd.dll (Kaspersky Lab ZAO)
BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO: FilterBHO Class - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Security Suite CBE 12\x64\klwtbbho.dll (Kaspersky Lab ZAO)
BHO-x32: Plus-HD-2.3 - {11111111-1111-1111-1111-110311341126} - C:\Program Files (x86)\Plus-HD-2.3\Plus-HD-2.3-bho.dll (Plus HD)
BHO-x32: IEVkbdBHO Class - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files (x86)\Kaspersky Security Suite CBE 12\ievkbd.dll (Kaspersky Lab ZAO)
BHO-x32: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Microsoft-Konto-Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: FilterBHO Class - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Security Suite CBE 12\klwtbbho.dll (Kaspersky Lab ZAO)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1
FireFox:
========
FF ProfilePath: C:\Users\Marv\AppData\Roaming\Mozilla\Firefox\Profiles\xl8t7akv.default
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_7_700_224.dll ()
FF Plugin: @java.com/DTPlugin,version=10.17.2 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.17.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.0.5 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll ()
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3505.0912 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Extension: No Name - C:\Users\Marv\AppData\Roaming\Mozilla\Firefox\Profiles\xl8t7akv.default\Extensions\7125a285-7e68-47aa-9d72-e81874f4d47e@d3fcdb92-135d-4a8a-8cf6-11e3b57c5fda.com
FF Extension: Ant Video Downloader - C:\Users\Marv\AppData\Roaming\Mozilla\Firefox\Profiles\xl8t7akv.default\Extensions\anttoolbar@ant.com
FF Extension: LavaFox V2-Green - C:\Users\Marv\AppData\Roaming\Mozilla\Firefox\Profiles\xl8t7akv.default\Extensions\zigboom@ymail.com
FF Extension: Anti-Banner - C:\Program Files (x86)\Mozilla Firefox\extensions\KavAntiBanner@kaspersky.ru_bak2
FF Extension: Modul zur Link-Untersuchung - C:\Program Files (x86)\Mozilla Firefox\extensions\linkfilter@kaspersky.ru_bak2
FF Extension: Default - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF HKLM-x32\...\Firefox\Extensions: [virtualKeyboard@kaspersky.ru] C:\Program Files (x86)\Kaspersky Security Suite CBE 12\FFExt\virtualKeyboard@kaspersky.ru
FF Extension: Virtuelle Tastatur - C:\Program Files (x86)\Kaspersky Security Suite CBE 12\FFExt\virtualKeyboard@kaspersky.ru
FF HKLM-x32\...\Firefox\Extensions: [linkfilter@kaspersky.ru] C:\Program Files (x86)\Kaspersky Security Suite CBE 12\FFExt\linkfilter@kaspersky.ru
FF Extension: Modul zur Link-Untersuchung - C:\Program Files (x86)\Kaspersky Security Suite CBE 12\FFExt\linkfilter@kaspersky.ru
FF HKLM-x32\...\Firefox\Extensions: [KavAntiBanner@Kaspersky.ru] C:\Program Files (x86)\Kaspersky Security Suite CBE 12\FFExt\KavAntiBanner@Kaspersky.ru
FF Extension: Anti-Banner - C:\Program Files (x86)\Kaspersky Security Suite CBE 12\FFExt\KavAntiBanner@Kaspersky.ru
==================== Services (Whitelisted) =================
R2 AEADIFilters; C:\Windows\system32\AEADISRV.EXE [111616 2013-03-10] (Andrea Electronics Corporation)
R2 AsSysCtrlService; C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe [90112 2009-04-02] ()
R2 AVP; C:\Program Files (x86)\Kaspersky Security Suite CBE 12\avp.exe [202296 2012-04-10] (Kaspersky Lab ZAO)
R2 Nero BackItUp Scheduler 3; C:\Program Files (x86)\Nero\Nero8\Nero BackItUp\NBService.exe [877864 2008-06-10] (Nero AG)
R2 PLFlash DeviceIoControl Service; C:\Windows\SysWOW64\IoctlSvc.exe [81920 2006-12-19] (Prolific Technology Inc.)
==================== Drivers (Whitelisted) ====================
R1 AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [13368 2009-04-06] ()
R1 AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [13368 2009-04-06] ()
S3 GenericMount; C:\Windows\System32\DRIVERS\GenericMount.sys [54320 2009-09-21] (Symantec Corporation)
R0 KL1; C:\Windows\System32\DRIVERS\kl1.sys [460888 2011-03-04] (Kaspersky Lab ZAO)
R1 kl2; C:\Windows\System32\DRIVERS\kl2.sys [11864 2011-03-04] (Kaspersky Lab ZAO)
R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [615728 2013-03-13] (Kaspersky Lab)
R1 KLIM6; C:\Windows\System32\DRIVERS\klim6.sys [29488 2011-03-10] (Kaspersky Lab ZAO)
R3 klmouflt; C:\Windows\System32\DRIVERS\klmouflt.sys [22544 2009-11-02] (Kaspersky Lab)
R3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [15416 2009-05-14] ()
R0 mv61xx; C:\Windows\System32\DRIVERS\mv61xx.sys [178728 2009-05-12] (Marvell Semiconductor, Inc.)
R4 11120391; system32\DRIVERS\11120391.sys [x]
S3 cpuz135; \??\C:\Users\Marv\AppData\Local\Temp\cpuz135\cpuz135_x64.sys [x]
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [x]
S3 tsusbhub; system32\drivers\tsusbhub.sys [x]
U2 V2iMount;
S3 VGPU; System32\drivers\rdvgkmd.sys [x]
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2013-07-01 22:21 - 2013-07-01 22:21 - 00000000 ____D C:\FRST
2013-07-01 22:20 - 2013-07-01 22:21 - 01933776 ____A (Farbar) C:\Users\Marv\Downloads\FRST64.exe
2013-07-01 21:37 - 2013-07-01 22:14 - 00000000 ____D C:\Users\Marv\Desktop\DE-Cleaner powered by Kaspersky
2013-07-01 20:59 - 2013-07-01 20:59 - 00602112 ____A (OldTimer Tools) C:\Users\Marv\Downloads\OTL.exe
2013-06-26 00:01 - 2013-06-26 00:01 - 00287298 ____A C:\Windows\msxml4-KB954430-enu.LOG
2013-06-26 00:01 - 2013-06-26 00:01 - 00283518 ____A C:\Windows\msxml4-KB973688-enu.LOG
2013-06-26 00:01 - 2013-06-26 00:01 - 00000000 ____D C:\Program Files (x86)\MSXML 4.0
2013-06-24 16:34 - 2013-06-24 16:34 - 00000000 ____D C:\Users\Marv\AppData\Roaming\Apple Computer
2013-06-23 21:35 - 2013-06-23 21:36 - 00000000 ____D C:\Program Files (x86)\QuickTime
2013-06-23 21:35 - 2013-06-23 21:35 - 00000000 ____D C:\Users\Marv\AppData\Local\Apple
2013-06-23 21:35 - 2013-06-23 21:35 - 00000000 ____D C:\ProgramData\Apple Computer
2013-06-23 21:35 - 2013-06-23 21:35 - 00000000 ____D C:\ProgramData\Apple
2013-06-23 21:35 - 2013-06-23 21:35 - 00000000 ____D C:\Program Files (x86)\Apple Software Update
2013-06-23 20:51 - 2013-06-23 20:56 - 41404760 ____A (Apple Inc.) C:\Users\Marv\Downloads\QuickTimeInstaller(1).exe
2013-06-23 20:44 - 2013-06-23 20:44 - 00000000 ____D C:\Program Files (x86)\Adobe Story
2013-06-22 18:33 - 2013-06-27 18:29 - 00000074 ____A C:\Users\Marv\AppData\default.pls
2013-06-22 18:05 - 2013-06-22 18:05 - 00000000 ____D C:\Users\Marv\Documents\NeroVision
2013-06-22 18:02 - 2013-06-22 18:02 - 00000000 ____D C:\Users\Marv\AppData\Roaming\Nero
2013-06-22 18:01 - 2013-06-22 18:02 - 00000234 ____A C:\Windows\SysWOW64\MsiExec.exe.log
2013-06-22 17:59 - 2013-06-22 17:59 - 00000000 ____D C:\ProgramData\Nero
2013-06-22 17:59 - 2013-06-22 17:59 - 00000000 ____D C:\Program Files (x86)\Nero
2013-06-22 17:34 - 2013-06-22 17:34 - 00095439 ____A C:\Users\Marv\Desktop\Far Cry 3 Guide Einzigartige Waffen - So erhältst du Shredder, Bull, Ripper und Co. _ Gameplorer.de.htm
2013-06-22 17:34 - 2013-06-22 17:34 - 00084449 ____A C:\Users\Marv\Desktop\Far Cry 3 So findest du seltene Tiere für die beste Ausrüstung _ Gameplorer.de.htm
2013-06-22 17:34 - 2013-06-22 17:34 - 00000000 ____D C:\Users\Marv\Desktop\Far Cry 3 Guide Einzigartige Waffen - So erhältst du Shredder, Bull, Ripper und Co. _ Gameplorer.de-Dateien
2013-06-22 17:34 - 2013-06-22 17:34 - 00000000 ____D C:\Users\Marv\Desktop\Far Cry 3 So findest du seltene Tiere für die beste Ausrüstung _ Gameplorer.de-Dateien
2013-06-22 17:19 - 2013-06-22 17:29 - 00000000 ____D C:\Program Files (x86)\JDownloader
2013-06-22 17:16 - 2013-07-01 21:18 - 00001828 ____A C:\Windows\Tasks\Plus-HD-2.3-firefoxinstaller.job
2013-06-22 17:16 - 2013-07-01 21:18 - 00001196 ____A C:\Windows\Tasks\Plus-HD-2.3-codedownloader.job
2013-06-22 17:16 - 2013-07-01 21:18 - 00001192 ____A C:\Windows\Tasks\Plus-HD-2.3-updater.job
2013-06-22 17:16 - 2013-07-01 21:18 - 00001096 ____A C:\Windows\Tasks\Plus-HD-2.3-enabler.job
2013-06-22 17:16 - 2013-06-22 17:16 - 00000000 ____D C:\Program Files (x86)\Plus-HD-2.3
2013-06-22 17:14 - 2013-06-22 17:14 - 00081488 ____A (AppWork UG (haftungsbeschränkt)) C:\Users\Marv\Downloads\WebInstaller.exe
2013-06-21 20:39 - 2013-06-21 20:49 - 00000000 ____D C:\Users\Marv\Desktop\Ärzte auswahl
2013-06-20 16:45 - 2013-06-20 16:45 - 00000963 ____A C:\Users\Marv\Desktop\Dropbox.lnk
2013-06-20 16:42 - 2013-06-20 16:43 - 00001970 ____A C:\Users\Marv\Desktop\Projekte.lnk
2013-06-20 16:34 - 2013-06-20 16:43 - 00001950 ____A C:\Users\Marv\Desktop\Schule.lnk
2013-06-17 21:08 - 2013-07-01 21:11 - 00002531 ____A C:\Windows\setupact.log
2013-06-17 21:08 - 2013-06-24 16:31 - 04977256 ____A C:\Windows\System32\FNTCACHE.DAT
2013-06-17 21:08 - 2013-06-17 21:08 - 00000000 ____A C:\Windows\setuperr.log
2013-06-17 16:13 - 2013-06-23 20:44 - 00110960 ____A C:\Users\Marv\AppData\Local\GDIPFONTCACHEV1.DAT
2013-06-17 12:15 - 2013-06-08 16:08 - 01365504 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2013-06-17 12:15 - 2013-06-08 16:07 - 19233792 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2013-06-17 12:15 - 2013-06-08 16:06 - 15404544 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2013-06-17 12:15 - 2013-06-08 16:06 - 02648064 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2013-06-17 12:15 - 2013-06-08 16:06 - 00526336 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2013-06-17 12:15 - 2013-06-08 14:28 - 02706432 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2013-06-17 12:15 - 2013-06-08 13:42 - 01141248 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-06-17 12:15 - 2013-06-08 13:40 - 14327808 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-06-17 12:15 - 2013-06-08 13:40 - 13760512 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-06-17 12:15 - 2013-06-08 13:40 - 02046976 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-06-17 12:15 - 2013-06-08 13:40 - 00391168 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-06-17 12:15 - 2013-06-08 13:13 - 02706432 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-06-12 22:47 - 2013-06-12 22:47 - 00000206 ____A C:\Users\Marv\Desktop\hwmonitorw.ini
2013-06-12 22:47 - 2013-05-17 03:25 - 02877440 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-06-12 22:47 - 2013-05-17 03:25 - 01767936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-06-12 22:47 - 2013-05-17 03:25 - 00690688 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-06-12 22:47 - 2013-05-17 03:25 - 00493056 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-06-12 22:47 - 2013-05-17 03:25 - 00109056 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-06-12 22:47 - 2013-05-17 03:25 - 00061440 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-06-12 22:47 - 2013-05-17 03:25 - 00039424 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-06-12 22:47 - 2013-05-17 03:25 - 00033280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-06-12 22:47 - 2013-05-17 02:59 - 02241024 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2013-06-12 22:47 - 2013-05-17 02:59 - 00051712 ____A (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe
2013-06-12 22:47 - 2013-05-17 02:58 - 03958784 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2013-06-12 22:47 - 2013-05-17 02:58 - 00855552 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2013-06-12 22:47 - 2013-05-17 02:58 - 00603136 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2013-06-12 22:47 - 2013-05-17 02:58 - 00136704 ____A (Microsoft Corporation) C:\Windows\System32\iesysprep.dll
2013-06-12 22:47 - 2013-05-17 02:58 - 00067072 ____A (Microsoft Corporation) C:\Windows\System32\iesetup.dll
2013-06-12 22:47 - 2013-05-17 02:58 - 00053248 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2013-06-12 22:47 - 2013-05-17 02:58 - 00039936 ____A (Microsoft Corporation) C:\Windows\System32\iernonce.dll
2013-06-12 22:47 - 2013-05-14 14:23 - 00089600 ____A (Microsoft Corporation) C:\Windows\System32\RegisterIEPKEYs.exe
2013-06-12 22:47 - 2013-05-14 10:40 - 00071680 ____A (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-06-12 22:04 - 2012-02-06 15:59 - 01807624 ____A (CPUID) C:\Users\Marv\Desktop\HWMonitor64.exe
2013-06-12 20:53 - 2013-05-08 08:39 - 01910632 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tcpip.sys
2013-06-12 20:50 - 2013-05-10 07:49 - 00030720 ____A (Microsoft Corporation) C:\Windows\System32\cryptdlg.dll
2013-06-12 20:50 - 2013-05-10 05:20 - 00024576 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptdlg.dll
2013-06-12 20:50 - 2013-04-26 07:51 - 00751104 ____A (Microsoft Corporation) C:\Windows\System32\win32spl.dll
2013-06-12 20:50 - 2013-04-26 06:55 - 00492544 ____A (Microsoft Corporation) C:\Windows\SysWOW64\win32spl.dll
2013-06-12 20:50 - 2013-04-17 09:02 - 01230336 ____A (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2013-06-12 20:50 - 2013-04-17 08:24 - 01424384 ____A (Microsoft Corporation) C:\Windows\System32\WindowsCodecs.dll
2013-06-12 20:49 - 2013-05-13 07:51 - 01464320 ____A (Microsoft Corporation) C:\Windows\System32\crypt32.dll
2013-06-12 20:49 - 2013-05-13 07:51 - 00184320 ____A (Microsoft Corporation) C:\Windows\System32\cryptsvc.dll
2013-06-12 20:49 - 2013-05-13 07:51 - 00139776 ____A (Microsoft Corporation) C:\Windows\System32\cryptnet.dll
2013-06-12 20:49 - 2013-05-13 07:50 - 00052224 ____A (Microsoft Corporation) C:\Windows\System32\certenc.dll
2013-06-12 20:49 - 2013-05-13 06:45 - 01160192 ____A (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2013-06-12 20:49 - 2013-05-13 06:45 - 00140288 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2013-06-12 20:49 - 2013-05-13 06:45 - 00103936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
2013-06-12 20:49 - 2013-05-13 05:43 - 01192448 ____A (Microsoft Corporation) C:\Windows\System32\certutil.exe
2013-06-12 20:49 - 2013-05-13 05:08 - 00903168 ____A (Microsoft Corporation) C:\Windows\SysWOW64\certutil.exe
2013-06-12 20:49 - 2013-05-13 05:08 - 00043008 ____A (Microsoft Corporation) C:\Windows\SysWOW64\certenc.dll
2013-06-12 20:49 - 2013-04-26 01:30 - 01505280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d11.dll
2013-06-12 20:49 - 2013-04-01 00:52 - 01887232 ____A (Microsoft Corporation) C:\Windows\System32\d3d11.dll
2013-06-11 18:26 - 2013-06-11 18:27 - 07286784 ____A C:\Users\Marv\Downloads\7th-5religions.ppt
2013-06-01 13:37 - 2013-06-01 13:42 - 00000000 ____D C:\Users\Marv\Desktop\Die Ärzte
2013-06-01 13:31 - 2013-06-01 13:37 - 00000000 ____D C:\Users\Marv\Desktop\Ärzte für Schatz
==================== One Month Modified Files and Folders =======
2013-07-01 22:21 - 2013-07-01 22:21 - 00000000 ____D C:\FRST
2013-07-01 22:21 - 2013-07-01 22:20 - 01933776 ____A (Farbar) C:\Users\Marv\Downloads\FRST64.exe
2013-07-01 22:15 - 2013-03-17 15:00 - 00000000 __RAD C:\Users\Marv\Dropbox
2013-07-01 22:15 - 2013-03-17 14:48 - 00000000 ____D C:\Users\Marv\AppData\Roaming\Dropbox
2013-07-01 22:14 - 2013-07-01 21:37 - 00000000 ____D C:\Users\Marv\Desktop\DE-Cleaner powered by Kaspersky
2013-07-01 21:53 - 2013-03-13 22:23 - 00000884 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-07-01 21:40 - 2009-07-14 19:58 - 00698688 ____A C:\Windows\System32\perfh007.dat
2013-07-01 21:40 - 2009-07-14 19:58 - 00148828 ____A C:\Windows\System32\perfc007.dat
2013-07-01 21:40 - 2009-07-14 07:13 - 01618320 ____A C:\Windows\System32\PerfStringBackup.INI
2013-07-01 21:38 - 2013-03-13 19:11 - 00000000 ____D C:\ProgramData\Kaspersky Lab
2013-07-01 21:22 - 2013-03-11 23:14 - 00007646 ____A C:\Users\Marv\AppData\Local\Resmon.ResmonCfg
2013-07-01 21:18 - 2013-06-22 17:16 - 00001828 ____A C:\Windows\Tasks\Plus-HD-2.3-firefoxinstaller.job
2013-07-01 21:18 - 2013-06-22 17:16 - 00001196 ____A C:\Windows\Tasks\Plus-HD-2.3-codedownloader.job
2013-07-01 21:18 - 2013-06-22 17:16 - 00001192 ____A C:\Windows\Tasks\Plus-HD-2.3-updater.job
2013-07-01 21:18 - 2013-06-22 17:16 - 00001096 ____A C:\Windows\Tasks\Plus-HD-2.3-enabler.job
2013-07-01 21:18 - 2009-07-14 06:45 - 00014016 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-07-01 21:18 - 2009-07-14 06:45 - 00014016 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-07-01 21:14 - 2013-05-12 12:35 - 01816867 ____A C:\Windows\WindowsUpdate.log
2013-07-01 21:11 - 2013-06-17 21:08 - 00002531 ____A C:\Windows\setupact.log
2013-07-01 21:11 - 2013-05-12 17:34 - 00000435 ____A C:\Windows\System32\Drivers\etc\hosts.ics
2013-07-01 21:11 - 2009-07-14 07:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2013-07-01 21:10 - 2013-03-11 17:45 - 00000000 ____D C:\ProgramData\NVIDIA
2013-07-01 20:59 - 2013-07-01 20:59 - 00602112 ____A (OldTimer Tools) C:\Users\Marv\Downloads\OTL.exe
2013-06-27 18:30 - 2013-04-07 17:39 - 00000000 ____D C:\Users\Marv\AppData\Roaming\.minecraft
2013-06-27 18:29 - 2013-06-22 18:33 - 00000074 ____A C:\Users\Marv\AppData\default.pls
2013-06-27 17:59 - 2013-03-11 23:12 - 00000000 ____D C:\Users\Marv\AppData\Local\Adobe
2013-06-26 00:01 - 2013-06-26 00:01 - 00287298 ____A C:\Windows\msxml4-KB954430-enu.LOG
2013-06-26 00:01 - 2013-06-26 00:01 - 00283518 ____A C:\Windows\msxml4-KB973688-enu.LOG
2013-06-26 00:01 - 2013-06-26 00:01 - 00000000 ____D C:\Program Files (x86)\MSXML 4.0
2013-06-24 16:34 - 2013-06-24 16:34 - 00000000 ____D C:\Users\Marv\AppData\Roaming\Apple Computer
2013-06-24 16:31 - 2013-06-17 21:08 - 04977256 ____A C:\Windows\System32\FNTCACHE.DAT
2013-06-23 21:38 - 2013-03-11 17:44 - 00000000 ___RD C:\Users\Marv\Desktop\Programme
2013-06-23 21:36 - 2013-06-23 21:35 - 00000000 ____D C:\Program Files (x86)\QuickTime
2013-06-23 21:35 - 2013-06-23 21:35 - 00000000 ____D C:\Users\Marv\AppData\Local\Apple
2013-06-23 21:35 - 2013-06-23 21:35 - 00000000 ____D C:\ProgramData\Apple Computer
2013-06-23 21:35 - 2013-06-23 21:35 - 00000000 ____D C:\ProgramData\Apple
2013-06-23 21:35 - 2013-06-23 21:35 - 00000000 ____D C:\Program Files (x86)\Apple Software Update
2013-06-23 20:56 - 2013-06-23 20:51 - 41404760 ____A (Apple Inc.) C:\Users\Marv\Downloads\QuickTimeInstaller(1).exe
2013-06-23 20:48 - 2013-03-11 23:12 - 00000000 ____D C:\Users\Marv\AppData\Roaming\Adobe
2013-06-23 20:44 - 2013-06-23 20:44 - 00000000 ____D C:\Program Files (x86)\Adobe Story
2013-06-23 20:44 - 2013-06-17 16:13 - 00110960 ____A C:\Users\Marv\AppData\Local\GDIPFONTCACHEV1.DAT
2013-06-23 20:44 - 2013-03-14 22:57 - 00000000 ____D C:\ProgramData\regid.1986-12.com.adobe
2013-06-23 20:44 - 2013-03-14 22:45 - 00000000 ____D C:\Program Files\Adobe
2013-06-23 20:44 - 2013-03-11 18:10 - 00000000 ____D C:\Program Files (x86)\Adobe
2013-06-23 20:43 - 2013-03-14 22:44 - 00000000 ____D C:\Program Files\Common Files\Adobe
2013-06-23 20:42 - 2013-03-11 18:05 - 00000000 ____D C:\ProgramData\Adobe
2013-06-22 18:05 - 2013-06-22 18:05 - 00000000 ____D C:\Users\Marv\Documents\NeroVision
2013-06-22 18:02 - 2013-06-22 18:02 - 00000000 ____D C:\Users\Marv\AppData\Roaming\Nero
2013-06-22 18:02 - 2013-06-22 18:01 - 00000234 ____A C:\Windows\SysWOW64\MsiExec.exe.log
2013-06-22 18:02 - 2013-03-16 12:43 - 00000000 ____D C:\Users\Marv\AppData\Roaming\vlc
2013-06-22 17:59 - 2013-06-22 17:59 - 00000000 ____D C:\ProgramData\Nero
2013-06-22 17:59 - 2013-06-22 17:59 - 00000000 ____D C:\Program Files (x86)\Nero
2013-06-22 17:59 - 2013-03-11 17:56 - 00000000 ____D C:\Users\Marv\Desktop\Daten
2013-06-22 17:59 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\Cursors
2013-06-22 17:34 - 2013-06-22 17:34 - 00095439 ____A C:\Users\Marv\Desktop\Far Cry 3 Guide Einzigartige Waffen - So erhältst du Shredder, Bull, Ripper und Co. _ Gameplorer.de.htm
2013-06-22 17:34 - 2013-06-22 17:34 - 00084449 ____A C:\Users\Marv\Desktop\Far Cry 3 So findest du seltene Tiere für die beste Ausrüstung _ Gameplorer.de.htm
2013-06-22 17:34 - 2013-06-22 17:34 - 00000000 ____D C:\Users\Marv\Desktop\Far Cry 3 Guide Einzigartige Waffen - So erhältst du Shredder, Bull, Ripper und Co. _ Gameplorer.de-Dateien
2013-06-22 17:34 - 2013-06-22 17:34 - 00000000 ____D C:\Users\Marv\Desktop\Far Cry 3 So findest du seltene Tiere für die beste Ausrüstung _ Gameplorer.de-Dateien
2013-06-22 17:29 - 2013-06-22 17:19 - 00000000 ____D C:\Program Files (x86)\JDownloader
2013-06-22 17:16 - 2013-06-22 17:16 - 00000000 ____D C:\Program Files (x86)\Plus-HD-2.3
2013-06-22 17:14 - 2013-06-22 17:14 - 00081488 ____A (AppWork UG (haftungsbeschränkt)) C:\Users\Marv\Downloads\WebInstaller.exe
2013-06-21 20:49 - 2013-06-21 20:39 - 00000000 ____D C:\Users\Marv\Desktop\Ärzte auswahl
2013-06-20 16:45 - 2013-06-20 16:45 - 00000963 ____A C:\Users\Marv\Desktop\Dropbox.lnk
2013-06-20 16:45 - 2013-03-18 23:51 - 00002049 ____A C:\Users\Marv\Desktop\sicherungen.lnk
2013-06-20 16:45 - 2013-03-18 23:51 - 00001935 ____A C:\Users\Marv\Desktop\Musik.lnk
2013-06-20 16:44 - 2013-04-07 17:39 - 00000000 ___RD C:\Users\Marv\Desktop\Minecraft
2013-06-20 16:43 - 2013-06-20 16:42 - 00001970 ____A C:\Users\Marv\Desktop\Projekte.lnk
2013-06-20 16:43 - 2013-06-20 16:34 - 00001950 ____A C:\Users\Marv\Desktop\Schule.lnk
2013-06-20 15:02 - 2013-03-14 22:29 - 00000274 ____A C:\Windows\Tasks\RegClean Pro_DEFAULT.job
2013-06-19 21:29 - 2013-03-14 22:29 - 00000282 ____A C:\Windows\Tasks\RegClean Pro_UPDATES.job
2013-06-18 15:36 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\rescache
2013-06-17 21:08 - 2013-06-17 21:08 - 00000000 ____A C:\Windows\setuperr.log
2013-06-17 16:10 - 2013-03-11 17:14 - 00000000 ____D C:\Windows\Panther
2013-06-12 22:48 - 2013-03-19 14:23 - 75825640 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
2013-06-12 22:47 - 2013-06-12 22:47 - 00000206 ____A C:\Users\Marv\Desktop\hwmonitorw.ini
2013-06-12 20:53 - 2013-03-13 22:23 - 00692104 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-06-12 20:53 - 2013-03-13 22:23 - 00071048 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-06-11 23:06 - 2013-03-17 22:42 - 00000000 ____D C:\Users\Marv\AppData\Roaming\Skype
2013-06-11 18:27 - 2013-06-11 18:26 - 07286784 ____A C:\Users\Marv\Downloads\7th-5religions.ppt
2013-06-08 16:08 - 2013-06-17 12:15 - 01365504 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2013-06-08 16:07 - 2013-06-17 12:15 - 19233792 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2013-06-08 16:06 - 2013-06-17 12:15 - 15404544 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2013-06-08 16:06 - 2013-06-17 12:15 - 02648064 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2013-06-08 16:06 - 2013-06-17 12:15 - 00526336 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2013-06-08 14:28 - 2013-06-17 12:15 - 02706432 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2013-06-08 13:42 - 2013-06-17 12:15 - 01141248 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-06-08 13:40 - 2013-06-17 12:15 - 14327808 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-06-08 13:40 - 2013-06-17 12:15 - 13760512 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-06-08 13:40 - 2013-06-17 12:15 - 02046976 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-06-08 13:40 - 2013-06-17 12:15 - 00391168 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-06-08 13:13 - 2013-06-17 12:15 - 02706432 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-06-01 13:42 - 2013-06-01 13:37 - 00000000 ____D C:\Users\Marv\Desktop\Die Ärzte
2013-06-01 13:37 - 2013-06-01 13:31 - 00000000 ____D C:\Users\Marv\Desktop\Ärzte für Schatz
2013-06-01 11:16 - 2009-07-14 07:08 - 00032632 ____A C:\Windows\Tasks\SCHEDLGU.TXT
2013-06-01 01:07 - 2013-05-12 20:24 - 00000000 ____D C:\Users\Marv\AppData\Local\LogMeIn Hamachi
==================== Bamital & volsnap Check =================
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
LastRegBack: 2013-06-23 21:09
==================== End Of Log ============================
ich hoffe auf Hilfe
und sorry CH611 für copy paste
01.07.2013, 21:35
Baum-Darstellung