| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: trojan-spy.html.fraud.genWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
10.08.2013, 16:40
| #1 |
 |  trojan-spy.html.fraud.gen Hallo mein Kaspersky sagt das der Trojaner trojan-spy.html.fraud.gen gefunden wurde und nicht bearbeitet wird, ich kann auf bearbeiten klicken wie ich möchte es tut sich nichts, was kann ich tun? |
|
10.08.2013, 16:54
| #2 |
| /// the machine /// TB-Ausbilder    | trojan-spy.html.fraud.gen Hi,
__________________Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop:  FRST 32-Bit | FRST 64-Bit(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
__________________ |
|
11.08.2013, 08:50
| #3 |
| | trojan-spy.html.fraud.gen Huhu, danke für die schnelle Antwort hier Addition FileFRST Additions Logfile:
__________________[CODE]Additional scan result of Farbar Recovery Scan Tool (x64) Version: 09-08-2013 Ran by Sabrina at 2013-08-11 09:45:54 Running from C:\Users\Sabrina\Downloads Boot Mode: Normal ========================================================== ==================== Installed Programs ======================= Adobe Flash Player 11 Plugin (x32 Version: 11.8.800.94) Aloha TriPeaks (x32 Version: 2.2.0.98) ArcSoft Perfect365 (x32 Version: 1.0.0.45) Bejeweled 3 (x32 Version: 2.2.0.98) Brother MFL-Pro Suite DCP-7055W (x32 Version: 1.1.3.0) BrowserDefender (x32) Chuzzle Deluxe (x32 Version: 2.2.0.95) Definition Update for Microsoft Office 2013 (KB2760587) 64-Bit Edition Delta Chrome Toolbar (x32) Delta toolbar (x32 Version: 1.8.21.5) DHTML Editing Component (x32 Version: 6.02.0001) Empress of the Deep - The Darkest Secret (x32 Version: 2.2.0.98) FTDownloader (x32 Version: 2.1 Build 26473) Google Chrome (x32 Version: 28.0.1500.95) Google Update Helper (x32 Version: 1.3.21.153) Intel AppUp(SM) center (x32 Version: 3.6.1.33268.15) Intel(R) Management Engine Components (x32 Version: 8.1.0.1252) Intel(R) Processor Graphics (x32 Version: 9.17.10.2828) Intel(R) Rapid Storage Technology (x32 Version: 11.5.2.1001) Intel(R) SDK for OpenCL - CPU Only Runtime Package (x32 Version: 2.0.0.37149) Intel® Trusted Connect Service Client (Version: 1.24.388.1) IrfanView (remove only) (x32 Version: 4.35) Island Tribe (x32 Version: 2.2.0.98) Jasc Paint Shop Pro 9 (x32 Version: 9.00.0000) Jewel Quest Solitaire 2 (x32 Version: 2.2.0.98) Kaspersky Anti-Virus 2013 (x32 Version: 13.0.1.4190) lightshot-4.4.1.0 (x32 Version: 4.4.1.0) Magic Academy (x32 Version: 2.2.0.98) Microsoft Access MUI (German) 2013 (Version: 15.0.4420.1017) Microsoft DCF MUI (German) 2013 (Version: 15.0.4420.1017) Microsoft Excel MUI (German) 2013 (Version: 15.0.4420.1017) Microsoft Groove MUI (German) 2013 (Version: 15.0.4420.1017) Microsoft InfoPath MUI (German) 2013 (Version: 15.0.4420.1017) Microsoft Lync MUI (German) 2013 (Version: 15.0.4420.1017) Microsoft Office 32-bit Components 2013 (Version: 15.0.4420.1017) Microsoft Office Korrekturhilfen 2013 - Deutsch (Version: 15.0.4420.1017) Microsoft Office OSM MUI (German) 2013 (Version: 15.0.4420.1017) Microsoft Office OSM UX MUI (German) 2013 (Version: 15.0.4420.1017) Microsoft Office Proofing (German) 2013 (Version: 15.0.4420.1017) Microsoft Office Proofing Tools 2013 - English (Version: 15.0.4420.1017) Microsoft Office Proofing Tools 2013 - Italiano (Version: 15.0.4420.1017) Microsoft Office Shared 32-bit MUI (German) 2013 (Version: 15.0.4420.1017) Microsoft Office Shared MUI (German) 2013 (Version: 15.0.4420.1017) Microsoft OneNote MUI (German) 2013 (Version: 15.0.4420.1017) Microsoft Outlook MUI (German) 2013 (Version: 15.0.4420.1017) Microsoft PowerPoint MUI (German) 2013 (Version: 15.0.4420.1017) Microsoft Publisher MUI (German) 2013 (Version: 15.0.4420.1017) Microsoft SkyDrive (HKCU Version: 17.0.2011.0627) Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.56336) Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.61001) Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.59192) Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.61000) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (Version: 9.0.30729) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (x32 Version: 9.0.30729) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (x32 Version: 9.0.30729.6161) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (Version: 10.0.40219) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (x32 Version: 10.0.40219) Microsoft Word MUI (German) 2013 (Version: 15.0.4420.1017) Mozilla Firefox 22.0 (x86 de) (x32 Version: 22.0) Mozilla Maintenance Service (x32 Version: 22.0) MSXML 4.0 SP3 Parser (KB2758694) (x32 Version: 4.30.2117.0) MSXML 4.0 SP3 Parser (x32 Version: 4.30.2100.0) Nuance PaperPort 12 (x32 Version: 12.1.0000) Nuance PDF Viewer Plus (x32 Version: 5.30.3290) Outils de vérification linguistique 2013 de Microsoft Office*- Français (Version: 15.0.4420.1017) PaperPort Image Printer 64-bit (Version: 1.00.0001) Peggle Nights (x32 Version: 2.2.0.98) PhotoImpact X3 (x32 Version: 13.0) Plants vs. Zombies - Game of the Year (x32 Version: 2.2.0.98) Plus-HD-2.2 (x32 Version: 1.27.153.3) Polar Bowler (x32 Version: 2.2.0.97) Premium Sound HD (Version: 1.12.5000) Realtek Ethernet Controller Driver (x32 Version: 8.3.730.2012) Realtek High Definition Audio Driver (x32 Version: 6.0.1.6738) Realtek USB 2.0 Card Reader (x32 Version: 6.1.8400.30136) Realtek WLAN Driver (x32 Version: 2.00.0020) rosoft Office Professional Plus 2013 (Version: 15.0.4420.1017) Scansoft PDF Professional (x32) Shared C Run-time for x64 (Version: 10.0.0) Synaptics Pointing Device Driver (Version: 16.2.10.5) TOSHIBA Desktop Assist (Version: 1.00.08.6402) TOSHIBA eco Utility (Version: 2.0.0.6415) TOSHIBA Function Key (Version: 1.00.6626.6406) TOSHIBA Manuals (x32 Version: 10.10) Toshiba Password Utility (x32 Version: 2.00.972) TOSHIBA PC Health Monitor (Version: 1.8.17.640104) TOSHIBA Recovery Media Creator (x32 Version: 2.2.1.54043006) TOSHIBA Resolution+ Plug-in for Windows Media Player (x32 Version: 1.2.2.00) TOSHIBA Service Station (Version: 2.4.4) TOSHIBA System Driver (x32 Version: 1.00.0015) TOSHIBA System Settings (x32 Version: 1.00.0002.32002) Toshiba TEMPRO (x32 Version: 4.2.2) TOSHIBA VIDEO PLAYER (Version: 5.1.0.12-A) Update for Microsoft Access 2013 (KB2760350) 64-Bit Edition Update for Microsoft Excel 2013 (KB2760339) 64-Bit Edition Update for Microsoft Office 2013 (KB2726954) 64-Bit Edition Update for Microsoft Office 2013 (KB2726996) 64-Bit Edition Update for Microsoft Office 2013 (KB2737954) 64-Bit Edition Update for Microsoft Office 2013 (KB2752025) 64-Bit Edition Update for Microsoft Office 2013 (KB2752094) 64-Bit Edition Update for Microsoft Office 2013 (KB2752101) 64-Bit Edition Update for Microsoft Office 2013 (KB2760224) 64-Bit Edition Update for Microsoft Office 2013 (KB2760538) 64-Bit Edition Update for Microsoft Office 2013 (KB2760610) 64-Bit Edition Update for Microsoft Office 2013 (KB2767845) 64-Bit Edition Update for Microsoft Office 2013 (KB2767851) 64-Bit Edition Update for Microsoft Office 2013 (KB2767860) 64-Bit Edition Update for Microsoft Office 2013 (KB2768016) 64-Bit Edition Update for Microsoft Office 2013 (KB2810010) 64-Bit Edition Update for Microsoft Office 2013 (KB2817320) 64-Bit Edition Update for Microsoft Office 2013 (KB2817482) 64-Bit Edition Update for Microsoft Office 2013 (KB2817489) 64-Bit Edition Update for Microsoft Office 2013 (KB2817492) 64-Bit Edition Update for Microsoft OneNote 2013 (KB2768011) 64-Bit Edition Update for Microsoft OneNote 2013 (KB2817467) 64-Bit Edition Update for Microsoft Outlook 2013 (KB2817468) 64-Bit Edition Update for Microsoft PowerPoint 2013 (KB2726947) 64-Bit Edition Update for Microsoft PowerPoint 2013 (KB2810006) 64-Bit Edition Update for Microsoft SkyDrive Pro (KB2817469) 64-Bit Edition Update for Microsoft Visio 2013 (KB2810008) 64-Bit Edition Update for Microsoft Visio Viewer 2013 (KB2768338) 64-Bit Edition Update for Microsoft Word 2013 (KB2767863) 64-Bit Edition Update for Microsoft Word 2013 (KB2810086) 64-Bit Edition Update Installer for WildTangent Games App (x32) Virtual Villagers 4 - The Tree of Life (x32 Version: 2.2.0.98) WebCake 3.00 (Version: 3.00) WildTangent Games (x32 Version: 1.0.3.0) WildTangent Games App (Toshiba Games) (x32 Version: 4.0.9.7) WinRAR 4.20 (64-Bit) (Version: 4.20.0) ==================== Restore Points ========================= 25-07-2013 10:23:27 Geplanter Prüfpunkt 10-08-2013 11:28:06 Geplanter Prüfpunkt ==================== Hosts content: ========================== 2012-07-26 07:26 - 2012-07-26 07:26 - 00000824 ____A C:\windows\system32\Drivers\etc\hosts ==================== Scheduled Tasks (whitelisted) ============= Task: {10D85952-E3F6-47A1-96CF-5E1C2D874EA6} - System32\Tasks\Microsoft\Windows\SystemRestore\SR => C:\Windows\system32\srtasks.exe [2012-07-26] (Microsoft Corporation) Task: {12AD1669-09EE-4D45-8532-98EB6BB0109A} - System32\Tasks\Microsoft\Windows\WindowsUpdate\Scheduled Start => C:\windows\system32\sc.exe [2012-07-26] (Microsoft Corporation) Task: {13A2AC02-B682-48CC-9155-2E2673580117} - System32\Tasks\Microsoft\Windows\.NET Framework\.NET Framework NGEN v4.0.30319 64 Critical Task: {14705CD4-D6AA-4856-A3EF-1153139E1E89} - System32\Tasks\Microsoft Office 15 Sync Maintenance for CHAMUELA-Sabrina Chamuela => C:\Program Files\Microsoft Office\Office15\MsoSync.exe [2012-10-01] (Microsoft Corporation) Task: {17644F17-DC4C-4AC8-9444-7AAA52EB5CDC} - System32\Tasks\Microsoft\Windows\NetCfg\BindingWorkItemQueueHandler Task: {18611F09-5B76-461B-883A-CFA086081257} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe [2012-10-01] (Microsoft Corporation) Task: {1AAFF332-5C62-4558-9991-DAA649C4C9C5} - System32\Tasks\Microsoft\Windows\Sysmain\WsSwapAssessmentTask => C:\Windows\system32\rundll32.exe [2012-07-26] (Microsoft Corporation) Task: {1D11AD5C-CDAC-46B5-982C-A3F17F3E8D01} - System32\Tasks\Plus-HD-2.2-updater => C:\Program Files (x86)\Plus-HD-2.2\Plus-HD-2.2-updater.exe [2013-06-06] (Plus HD) Task: {1DB7C2F1-876C-4F24-AD17-8428211113F9} - System32\Tasks\Microsoft\Windows\MemoryDiagnostic\ProcessMemoryDiagnosticEvents Task: {214B24F4-FEB4-4C59-AF1F-70136065199C} - System32\Tasks\Microsoft\Windows\Shell\IndexerAutomaticMaintenance Task: {23700E5C-0E77-499D-908A-415D5C6252F4} - System32\Tasks\Microsoft\Windows\Plug and Play\Device Install Group Policy Task: {23A5D8BE-9196-40EB-BD89-794398B2B073} - System32\Tasks\Microsoft\Windows\WS\WSRefreshBannedAppsListTask => C:\Windows\System32\rundll32.exe [2012-07-26] (Microsoft Corporation) Task: {25FBE7B6-0FEF-461A-A025-B21DA72C27ED} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office\Office15\msoia.exe [2012-10-01] (Microsoft Corporation) Task: {26410CB4-8EC3-4544-BBF3-E6BB928F277A} - System32\Tasks\Microsoft\Windows\MUI\Lpksetup => C:\windows\System32\lpksetup.exe [2012-09-20] (Microsoft Corporation) Task: {2C6B9EA8-7F5A-4ABA-BF96-8D352D02A743} - System32\Tasks\Microsoft\Windows\Device Setup\Metadata Refresh Task: {2E030FA7-3D7C-4E1D-8CFE-56ADB26FD402} - System32\Tasks\Microsoft\Windows\PI\Sqm-Tasks Task: {2ED40076-E206-442C-B1A9-DFAD94853D20} - System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3688149276-2920383417-1206681556-1001 Task: {3054485A-F517-4E95-9977-4DD827B1E9B3} - System32\Tasks\Microsoft\Windows\WS\Badge Update Task: {32518A6B-C55C-428B-B7BC-0FA9637EF9A5} - System32\Tasks\TOSHIBA\Service Station => C:\Program Files\TOSHIBA\Toshiba Service Station\ToshibaServiceStation.exe [2012-07-27] (TOSHIBA Corporation) Task: {378401BA-A703-444A-A79C-3C47AD2DC5B6} - System32\Tasks\Microsoft\Windows\TaskScheduler\Maintenance Configurator Task: {37C46720-740E-4BA3-833D-482857C251EC} - System32\Tasks\Microsoft\Windows\WindowsUpdate\AUFirmwareInstall Task: {3AE164E7-30CD-40BC-9422-3EC7A5618965} - System32\Tasks\Microsoft\Windows\WS\WSTask Task: {3C490ABD-D849-41AF-9AC4-87DD759B0996} - System32\Tasks\Microsoft\Windows\Power Efficiency Diagnostics\AnalyzeSystem Task: {4073C1B3-6E16-4AA8-B7F3-C6A6D35D5071} - System32\Tasks\Microsoft\Windows\TPM\Tpm-Maintenance Task: {44B3F1B8-5943-4072-8D8C-A9484676AC44} - System32\Tasks\Microsoft\Windows\Live\Roaming\SynchronizeWithStorage Task: {476553E5-CB3D-458F-94C3-7D518D8F79D5} - System32\Tasks\Toshiba\CommonNotifier => C:\Program Files (x86)\Toshiba TEMPRO\Toshiba.Tempro.UI.CommonNotifier.exe [2012-09-25] (Toshiba Europe GmbH) Task: {483A8F5C-5D26-44B5-B49E-AF6741D1BBEB} - System32\Tasks\Microsoft\Windows\Mobile Broadband Accounts\MNO Metadata Parser => C:\Windows\System32\MbaeParserTask.exe [2013-06-01] (Microsoft Corporation) Task: {4B952129-9AE9-41A3-BE2B-8AD2E06F66B6} - System32\Tasks\Microsoft\Windows\SoftwareProtectionPlatform\SvcRestartTaskLogon Task: {4BEC883E-B1CE-4D6D-A22F-79E3C8EC88AA} - System32\Tasks\Plus-HD-2.2-enabler => C:\Program Files (x86)\Plus-HD-2.2\Plus-HD-2.2-enabler.exe [2013-06-06] (Plus HD) Task: {559A0580-F1EC-4596-9680-1B6C3F97C855} - System32\Tasks\Adobe Flash Player Updater => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-07-20] (Adobe Systems Incorporated) Task: {5755E746-D7ED-4C20-A472-66C11834CDE4} - System32\Tasks\Microsoft\Windows\TaskScheduler\Manual Maintenance Task: {592992EF-C672-4485-8A11-869F4AF9BBF1} - System32\Tasks\EPUpdater => C:\Users\Sabrina\AppData\Roaming\BABSOL~1\Shared\BabMaint.exe [2013-06-06] () Task: {5C4EFB77-EFA6-45DF-A373-D795C0725BFF} - System32\Tasks\Microsoft\Windows\Plug and Play\Device Install Reboot Required Task: {627441F3-8526-4B62-BF9A-1A3EA414E71A} - System32\Tasks\Microsoft\Windows\SpacePort\SpaceAgentTask => C:\Windows\system32\SpaceAgent.exe [2012-07-26] (Microsoft Corporation) Task: {6B18737B-5E60-4306-AF9F-E3E523CE8CB9} - System32\Tasks\Microsoft\Windows\WindowsUpdate\AUScheduledInstall Task: {6DB213D3-80B4-4C3B-8CE2-91060213A642} - System32\Tasks\Plus-HD-2.2-firefoxinstaller => C:\Program Files (x86)\Plus-HD-2.2\Plus-HD-2.2-firefoxinstaller.exe [2013-06-06] (Plus HD) Task: {6E9DE125-5583-4031-B572-FEE48F25CFFF} - System32\Tasks\Microsoft\Windows\Shell\FamilySafetyMonitor => C:\Windows\System32\wpcmon.exe [2012-09-20] (Microsoft Corporation) Task: {6FDDEA7C-6310-428D-AEB2-54FFC72811EF} - System32\Tasks\Microsoft\Windows\.NET Framework\.NET Framework NGEN v4.0.30319 Task: {74096F94-B654-4DB0-96F5-3C3408B92FE3} - System32\Tasks\Microsoft\Windows\PI\Secure-Boot-Update Task: {7D9A9A1C-499C-40A6-8F8A-5BCC4CC9A87C} - System32\Tasks\Microsoft\Windows\TaskScheduler\Regular Maintenance Task: {7E0EE0D5-87B3-4DBD-89A1-1ADF29CEBA09} - System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3688149276-2920383417-1206681556-500 Task: {842F36D4-E03A-4D38-BB0C-7DDD122F25C3} - System32\Tasks\Microsoft\Windows\WindowsUpdate\AUSessionConnect Task: {845CB020-68B5-4C6B-9876-7BEC7B3E27AC} - System32\Tasks\Microsoft\Windows\TaskScheduler\Idle Maintenance Task: {87354DAA-66DF-4B41-9346-15958D96E1D2} - System32\Tasks\Microsoft\Windows\FileHistory\File History (maintenance mode) Task: {921A1D4E-32FB-46D7-B6C0-6F467884074D} - System32\Tasks\Microsoft\Windows\WS\Sync Licenses Task: {9479EF8E-11D4-41B3-9783-CC65070D592D} - System32\Tasks\Microsoft\Windows\Time Synchronization\ForceSynchronizeTime Task: {94DCF254-64FB-4C4E-8E12-5F4055C10C2A} - System32\Tasks\Microsoft\Windows\.NET Framework\.NET Framework NGEN v4.0.30319 64 Task: {989A7C6D-BE82-4C3C-AF96-6116039E336B} - System32\Tasks\Microsoft\Windows\MemoryDiagnostic\RunFullMemoryDiagnostic Task: {A72208BF-7A49-4FB8-B684-252375F3443A} - System32\Tasks\Microsoft\Windows\WS\License Validation => C:\Windows\System32\rundll32.exe [2012-07-26] (Microsoft Corporation) Task: {A800277E-E202-4492-AD38-3312641CBC04} - System32\Tasks\Microsoft\Windows\Live\Roaming\MaintenanceTask Task: {AB62FA47-2C99-44B1-A5D0-D4161423BE43} - System32\Tasks\Microsoft\Windows\Shell\FamilySafetyRefresh Task: {AC6259DE-AC59-459E-849E-6ADFFD1ADE63} - System32\Tasks\Microsoft\Windows\Shell\CreateObjectTask Task: {AEB0B5BD-B9E5-458A-898A-E559BD9EB51B} - System32\Tasks\Microsoft\Windows\SettingSync\BackgroundUploadTask Task: {AF268EC2-B574-477A-98DD-55467EA94AFD} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office\Office15\msoia.exe [2012-10-01] (Microsoft Corporation) Task: {AF549BD8-337C-4BF7-8681-36A182E30507} - System32\Tasks\Microsoft\Windows\Chkdsk\ProactiveScan Task: {B1A4FD79-37DE-4CCD-BF21-55795A09BC8A} - System32\Tasks\Synaptics TouchPad Enhancements => \Program Files\Synaptics\SynTP\SynTPEnh.exe [2012-08-16] (Synaptics Incorporated) Task: {B230B23D-3004-4E30-B313-0379F2CFDCD2} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-06-06] (Google Inc.) Task: {BC76AEF7-2CF0-4EB6-B65B-A8803E0B5E12} - System32\Tasks\Microsoft\Windows\AppID\SmartScreenSpecific Task: {C1ACCD1E-4385-4FB2-B5E4-7F2A57A626A2} - System32\Tasks\Microsoft\Windows\Data Integrity Scan\Data Integrity Scan Task: {C37F8D79-0C79-43A8-B339-BE4AFB5E781C} - System32\Tasks\update-S-1-5-21-3688149276-2920383417-1206681556-1001 => C:\Program Files (x86)\Skillbrains\Updater\Updater.exe [2013-02-23] () Task: {C463FD1E-31C7-4C20-AB65-08E514CA152D} - System32\Tasks\Microsoft\Windows\IME\SQM data sender Task: {C4E27165-169C-41E0-BD40-A9426359DF97} - System32\Tasks\Plus-HD-2.2-codedownloader => C:\Program Files (x86)\Plus-HD-2.2\Plus-HD-2.2-codedownloader.exe [2013-06-06] (Plus HD) Task: {C6A88F2D-53D2-4805-9D69-443738A1847C} - System32\Tasks\Microsoft\Windows\ApplicationData\CleanupTemporaryState => C:\Windows\system32\rundll32.exe [2012-07-26] (Microsoft Corporation) Task: {CD1054FF-8005-4904-8B9C-436EAB1E2021} - System32\Tasks\Microsoft\Windows\SoftwareProtectionPlatform\SvcRestartTaskNetwork Task: {D0C0E040-BEE9-4576-9E23-91CCDEE28C9D} - System32\Tasks\BrowserDefendert => C:\windows\system32\sc.exe [2012-07-26] (Microsoft Corporation) Task: {DBCF6E1B-CE0A-441E-B7A5-219C8BE50C65} - System32\Tasks\Microsoft\Windows\.NET Framework\.NET Framework NGEN v4.0.30319 Critical Task: {DECE5921-598D-454B-9A04-B2DE95EFC1B3} - System32\Tasks\Microsoft\Windows\Data Integrity Scan\Data Integrity Scan for Crash Recovery Task: {E4DFE66F-E089-4CC3-A70F-957223D565F4} - System32\Tasks\Microsoft\Windows\SoftwareProtectionPlatform\SvcRestartTask Task: {E8DAA09B-DF2A-4951-9134-6FA9587793F9} - System32\Tasks\Microsoft\Windows\Plug and Play\Sysprep Generalize Drivers => C:\Windows\System32\drvinst.exe [2012-09-20] (Microsoft Corporation) Task: {EBF06DEC-4228-4813-AC0C-62821AE4E330} - System32\Tasks\Microsoft\Windows\Application Experience\StartupAppTask => C:\Windows\system32\rundll32.exe [2012-07-26] (Microsoft Corporation) Task: {ED0C1F69-C3A2-41EA-B8C3-3F0D83A1F6C0} - System32\Tasks\Microsoft\Windows\Customer Experience Improvement Program\BthSQM Task: {EDFA10BE-E7F8-47B0-BEA0-5775B9587F16} - System32\Tasks\update-sys => C:\Program Files (x86)\Skillbrains\Updater\Updater.exe [2013-02-23] () Task: {F3683F2A-7516-4F3A-8FD3-5797003D5FF6} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-06-06] (Google Inc.) Task: {FAE8DB23-0565-4A84-ADB1-9354DBFBFD2D} - System32\Tasks\Microsoft\Windows\Servicing\StartComponentCleanup Task: C:\windows\Tasks\Adobe Flash Player Updater.job => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe Task: C:\windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\windows\Tasks\Plus-HD-2.2-codedownloader.job => C:\Program Files (x86)\Plus-HD-2.2\Plus-HD-2.2-codedownloader.exe Task: C:\windows\Tasks\Plus-HD-2.2-enabler.job => C:\Program Files (x86)\Plus-HD-2.2\Plus-HD-2.2-enabler.exe Task: C:\windows\Tasks\Plus-HD-2.2-firefoxinstaller.job => C:\Program Files (x86)\Plus-HD-2.2\Plus-HD-2.2-firefoxinstaller.exe Task: C:\windows\Tasks\Plus-HD-2.2-updater.job => C:\Program Files (x86)\Plus-HD-2.2\Plus-HD-2.2-updater.exe Task: C:\windows\Tasks\update-S-1-5-21-3688149276-2920383417-1206681556-1001.job => C:\Program Files (x86)\Skillbrains\Updater\Updater.exe Task: C:\windows\Tasks\update-sys.job => C:\Program Files (x86)\Skillbrains\Updater\Updater.exe ==================== Faulty Device Manager Devices ============= ==================== Event log errors: ========================= Application errors: ================== Error: (08/01/2013 10:30:38 AM) (Source: Application Error) (User: ) Description: Name der fehlerhaften Anwendung: BrowserDefender.exe, Version: 2.6.1339.144, Zeitstempel: 0x519ddcdf Name des fehlerhaften Moduls: BrowserDefender.exe, Version: 2.6.1339.144, Zeitstempel: 0x519ddcdf Ausnahmecode: 0xc0000005 Fehleroffset: 0x00002adb ID des fehlerhaften Prozesses: 0xc98 Startzeit der fehlerhaften Anwendung: 0xBrowserDefender.exe0 Pfad der fehlerhaften Anwendung: BrowserDefender.exe1 Pfad des fehlerhaften Moduls: BrowserDefender.exe2 Berichtskennung: BrowserDefender.exe3 Vollständiger Name des fehlerhaften Pakets: BrowserDefender.exe4 Anwendungs-ID, die relativ zum fehlerhaften Paket ist: BrowserDefender.exe5 Error: (07/30/2013 11:17:39 PM) (Source: Application Hang) (User: ) Description: Programm explorer.exe, Version 6.2.9200.16628 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: e0 Startzeit: 01ce8be0a07995a4 Endzeit: 0 Anwendungspfad: C:\Windows\explorer.exe Berichts-ID: 6de7730e-f95d-11e2-be81-7c05070ba37c Vollständiger Name des fehlerhaften Pakets: Anwendungs-ID, die relativ zum fehlerhaften Paket ist: Error: (07/29/2013 09:37:39 AM) (Source: Application Error) (User: ) Description: Name der fehlerhaften Anwendung: glcnd.exe, Version: 6.2.9200.20623, Zeitstempel: 0x510c9a4f Name des fehlerhaften Moduls: glcnd.exe, Version: 6.2.9200.20623, Zeitstempel: 0x510c9a4f Ausnahmecode: 0xc0000005 Fehleroffset: 0x00000000001e774d ID des fehlerhaften Prozesses: 0x1060 Startzeit der fehlerhaften Anwendung: 0xglcnd.exe0 Pfad der fehlerhaften Anwendung: glcnd.exe1 Pfad des fehlerhaften Moduls: glcnd.exe2 Berichtskennung: glcnd.exe3 Vollständiger Name des fehlerhaften Pakets: glcnd.exe4 Anwendungs-ID, die relativ zum fehlerhaften Paket ist: glcnd.exe5 Error: (07/29/2013 00:36:36 AM) (Source: Microsoft Office 15) (User: ) Description: Microsoft Outlook: Accepted Safe Mode action : Outlook konnte beim letzten Mal nicht gestartet werden. Der abgesicherte Modus kann Ihnen bei der Problembehandlung behilflich sein. Einige Features sind aber in diesem Modus möglicherweise nicht verfügbar. Möchten Sie im abgesicherten Modus starten?. Accepted Safe Mode action : Microsoft Outlook. Error: (07/29/2013 00:20:12 AM) (Source: Application Hang) (User: ) Description: Programm explorer.exe, Version 6.2.9200.16628 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: 160c Startzeit: 01ce8be059cdcff6 Endzeit: 0 Anwendungspfad: C:\Windows\explorer.exe Berichts-ID: dc316ce7-f7d3-11e2-be81-7c05070ba37c Vollständiger Name des fehlerhaften Pakets: Anwendungs-ID, die relativ zum fehlerhaften Paket ist: Error: (07/29/2013 00:18:13 AM) (Source: Application Hang) (User: ) Description: Programm Explorer.EXE, Version 6.2.9200.16628 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: fa8 Startzeit: 01ce8be0118d2a80 Endzeit: 0 Anwendungspfad: C:\windows\Explorer.EXE Berichts-ID: 906b0cc7-f7d3-11e2-be81-7c05070ba37c Vollständiger Name des fehlerhaften Pakets: Anwendungs-ID, die relativ zum fehlerhaften Paket ist: Error: (07/29/2013 00:11:53 AM) (Source: Application Hang) (User: ) Description: Programm OUTLOOK.EXE, Version 15.0.4517.1003 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: 2e20 Startzeit: 01ce86b6801fab6b Endzeit: 508 Anwendungspfad: C:\Program Files\Microsoft Office\Office15\OUTLOOK.EXE Berichts-ID: a991cc4f-f7d2-11e2-be80-7c05070ba37c Vollständiger Name des fehlerhaften Pakets: Anwendungs-ID, die relativ zum fehlerhaften Paket ist: Error: (07/26/2013 11:54:14 AM) (Source: Application Hang) (User: ) Description: Programm firefox.exe, Version 22.0.0.4917 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: 15c0 Startzeit: 01ce852a7b8f1d75 Endzeit: 3757 Anwendungspfad: C:\Program Files (x86)\Mozilla Firefox\firefox.exe Berichts-ID: 4c957f83-f5d9-11e2-be80-7c05070ba37c Vollständiger Name des fehlerhaften Pakets: Anwendungs-ID, die relativ zum fehlerhaften Paket ist: Error: (07/24/2013 09:34:57 AM) (Source: Microsoft-Windows-Immersive-Shell) (User: CHAMUELA) Description: Bei der Aktivierung der App „microsoft.windowscommunicationsapps_8wekyb3d8bbwe!Microsoft.WindowsLive.Mail“ ist folgender Fehler aufgetreten: -2147023174. Weitere Informationen finden Sie im Protokoll „Microsoft-Windows-TWinUI/Betriebsbereit“. Error: (07/22/2013 08:53:47 AM) (Source: SideBySide) (User: ) Description: Fehler beim Generieren des Aktivierungskontexts für "C:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_8937eec6860750f5.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_8937eec6860750f5.manifest2" in Zeile C:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_8937eec6860750f5.manifest3. Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion. In Konflikt stehende Komponenten:. Komponente 1: C:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_8937eec6860750f5.manifest. Komponente 2: C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest. System errors: ============= Error: (08/01/2013 09:49:38 PM) (Source: NetBT) (User: ) Description: Der Name "CHAMUELA :0" konnte nicht auf der Schnittstelle mit IP-Adresse 192.168.178.33 registriert werden. Der Computer mit IP-Adresse 192.168.178.1 hat nicht zugelassen, dass dieser Computer diesen Namen verwendet. Error: (08/01/2013 09:49:36 PM) (Source: NetBT) (User: ) Description: Der Name "CHAMUELA :0" konnte nicht auf der Schnittstelle mit IP-Adresse 192.168.178.33 registriert werden. Der Computer mit IP-Adresse 192.168.178.1 hat nicht zugelassen, dass dieser Computer diesen Namen verwendet. Error: (08/01/2013 09:49:36 PM) (Source: NetBT) (User: ) Description: Der Name "CHAMUELA :20" konnte nicht auf der Schnittstelle mit IP-Adresse 192.168.178.33 registriert werden. Der Computer mit IP-Adresse 192.168.178.1 hat nicht zugelassen, dass dieser Computer diesen Namen verwendet. Error: (08/01/2013 09:49:36 PM) (Source: Server) (User: ) Description: Aufgrund eines doppelten Netzwerknamens konnte zu der Transportschicht \Device\NetBT_Tcpip_{85D6042A-BBDA-43B7-B278-DF311E2702D7} vom Serverdienst nicht gebunden werden. Der Serverdienst konnte nicht gestartet werden. Error: (07/29/2013 00:15:11 AM) (Source: Service Control Manager) (User: ) Description: Der Dienst "McAfee Boot Delay Start Service" wurde aufgrund folgenden Fehlers nicht gestartet: %%2 Error: (07/27/2013 00:08:16 PM) (Source: NetBT) (User: ) Description: Der Name "CHAMUELA :0" konnte nicht auf der Schnittstelle mit IP-Adresse 192.168.178.33 registriert werden. Der Computer mit IP-Adresse 192.168.178.1 hat nicht zugelassen, dass dieser Computer diesen Namen verwendet. Error: (07/27/2013 00:08:15 PM) (Source: NetBT) (User: ) Description: Der Name "CHAMUELA :20" konnte nicht auf der Schnittstelle mit IP-Adresse 192.168.178.33 registriert werden. Der Computer mit IP-Adresse 192.168.178.1 hat nicht zugelassen, dass dieser Computer diesen Namen verwendet. Error: (07/27/2013 00:08:15 PM) (Source: NetBT) (User: ) Description: Der Name "CHAMUELA :0" konnte nicht auf der Schnittstelle mit IP-Adresse 192.168.178.33 registriert werden. Der Computer mit IP-Adresse 192.168.178.1 hat nicht zugelassen, dass dieser Computer diesen Namen verwendet. Error: (07/27/2013 00:08:15 PM) (Source: Server) (User: ) Description: Aufgrund eines doppelten Netzwerknamens konnte zu der Transportschicht \Device\NetBT_Tcpip_{85D6042A-BBDA-43B7-B278-DF311E2702D7} vom Serverdienst nicht gebunden werden. Der Serverdienst konnte nicht gestartet werden. Error: (07/26/2013 01:50:48 PM) (Source: bowser) (User: ) Description: Der Hauptsuchdienst erhielt eine Serverankündigung vom Computer "LUCA-PC", der der Hauptsuchdienst der Domäne für den NetBT_Tcpip_{85D6042A-BBDA-43B7-B278-DF311E2702D7}-Transport zu sein scheint. Der Hauptsuchdienst wurde beendet oder es wird eine Auswahl erzwungen. Microsoft Office Sessions: ========================= Error: (08/01/2013 10:30:38 AM) (Source: Application Error)(User: ) Description: BrowserDefender.exe2.6.1339.144519ddcdfBrowserDefender.exe2.6.1339.144519ddcdfc000000500002adbc9801ce8be0142b28e7C:\ProgramData\BrowserDefender\2.6.13 39.144\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserDefender.exeC:\ProgramData\BrowserDefender\2.6.1339.144\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserDefender.exea494a651-fa84-11e2-be81-7c05070ba37c Error: (07/30/2013 11:17:39 PM) (Source: Application Hang)(User: ) Description: explorer.exe6.2.9200.16628e001ce8be0a07995a40C:\Windows\explorer.exe6de7730e-f95d-11e2-be81-7c05070ba37c Error: (07/29/2013 09:37:39 AM) (Source: Application Error)(User: ) Description: glcnd.exe6.2.9200.20623510c9a4fglcnd.exe6.2.9200.20623510c9a4fc000000500000000001e774d106001ce8be23733680fC:\Program Files\WindowsApps\Microsoft.Reader_6.2.9200.20623_x64__8wekyb3d8bbwe\glcnd.exeC:\Program Files\WindowsApps\Microsoft.Reader_6.2.9200.20623_x64__8wekyb3d8bbwe\glcnd.exebe34da94-f821-11e2-be81-7c05070ba37cMicrosoft.Reader_6.2.9200.20623_x64__8wekyb3d8bbweMicrosoft.Reader Error: (07/29/2013 00:36:36 AM) (Source: Microsoft Office 15)(User: ) Description: Microsoft OutlookOutlook konnte beim letzten Mal nicht gestartet werden. Der abgesicherte Modus kann Ihnen bei der Problembehandlung behilflich sein. Einige Features sind aber in diesem Modus möglicherweise nicht verfügbar. Möchten Sie im abgesicherten Modus starten? Error: (07/29/2013 00:20:12 AM) (Source: Application Hang)(User: ) Description: explorer.exe6.2.9200.16628160c01ce8be059cdcff60C:\Windows\explorer.exedc316ce7-f7d3-11e2-be81-7c05070ba37c Error: (07/29/2013 00:18:13 AM) (Source: Application Hang)(User: ) Description: Explorer.EXE6.2.9200.16628fa801ce8be0118d2a800C:\windows\Explorer.EXE906b0cc7-f7d3-11e2-be81-7c05070ba37c Error: (07/29/2013 00:11:53 AM) (Source: Application Hang)(User: ) Description: OUTLOOK.EXE15.0.4517.10032e2001ce86b6801fab6b508C:\Program Files\Microsoft Office\Office15\OUTLOOK.EXEa991cc4f-f7d2-11e2-be80-7c05070ba37c Error: (07/26/2013 11:54:14 AM) (Source: Application Hang)(User: ) Description: firefox.exe22.0.0.491715c001ce852a7b8f1d753757C:\Program Files (x86)\Mozilla Firefox\firefox.exe4c957f83-f5d9-11e2-be80-7c05070ba37c Error: (07/24/2013 09:34:57 AM) (Source: Microsoft-Windows-Immersive-Shell)(User: CHAMUELA) Description: microsoft.windowscommunicationsapps_8wekyb3d8bbwe!Microsoft.WindowsLive.Mail-2147023174 Error: (07/22/2013 08:53:47 AM) (Source: SideBySide)(User: ) Description: C:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_8937eec6860750f5.manifestC:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifestC:\Users\Sabrina\Downloads\SoftonicDownloader_fuer_perfect365 (1).exe ==================== Memory info =========================== Percentage of memory in use: 54% Total physical RAM: 6025.22 MB Available physical RAM: 2719.98 MB Total Pagefile: 9993.22 MB Available Pagefile: 6081.41 MB Total Virtual: 8192 MB Available Virtual: 8191.77 MB ==================== Drives ================================ Drive c: (TI31018700A) (Fixed) (Total:455.28 GB) (Free:411.93 GB) NTFS (Disk=0 Partition=4) Drive f: (MyDrive) (Fixed) (Total:465.76 GB) (Free:359.66 GB) NTFS (Disk=1 Partition=1) ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (Size: 466 GB) (Disk ID: 00000000) Partition: GPT Partition Type ======================================================== Disk: 1 (Size: 466 GB) (Disk ID: 2E910E47) Partition 1: (Not Active) - (Size=466 GB) - (Type=07 NTFS) ==================== End Of Log ============================ Und FRST FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 09-08-2013
Ran by Sabrina (administrator) on 11-08-2013 09:43:27
Running from C:\Users\Sabrina\Downloads
Windows 8 (X64) OS Language: German Standard
Internet Explorer Version 10
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
(Microsoft Corporation) C:\windows\system32\WLANExt.exe
() C:\Program Files (x86)\TOSHIBA\Password Utility\GFNEXSrv.exe
(ArcSoft Inc.) C:\Program Files (x86)\Common Files\ArcSoft\esinter\Bin\eservutil.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\avp.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Microsoft Corporation) C:\windows\system32\dashost.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
(Nuance Communications, Inc.) C:\Program Files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe
(TOSHIBA Corporation) C:\Windows\system32\TODDSrv.exe
(WebCake LLC) C:\Program Files (x86)\WebCake\WebCakeDesktop.Updater.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Teco\TecoService.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\Browny02\BrYNSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
(Toshiba Europe GmbH) C:\Program Files (x86)\Toshiba TEMPRO\TemproSvc.exe
(Microsoft Corporation) C:\windows\SysWOW64\schtasks.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.0.1119.516_x64__8wekyb3d8bbwe\LiveComm.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Teco\TecoResident.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TPHM\TPCHWMsg.exe
(Acresso Corporation) C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe
(WebCake LLC) C:\Users\Sabrina\AppData\Roaming\WebCake\WebCakeDesktop.exe
(Skillbrains) C:\Users\Sabrina\AppData\Local\Skillbrains\lightshot\4.4.1.0\LightShot.exe
(Nuance Communications, Inc.) C:\Program Files (x86)\Nuance\PaperPort\pptd40nt.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office15\OUTLOOK.EXE
(Ulead Systems, Inc.) C:\Program Files (x86)\Common Files\Ulead Systems\AutoDetector\Monitor.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\avp.exe
() C:\ProgramData\BrowserDefender\2.6.1519.190\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserDefender.exe
(Microsoft Corporation) C:\windows\SysWOW64\schtasks.exe
() C:\ProgramData\BrowserDefender\2.6.1519.190\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserDefender.exe
(Synaptics Incorporated) C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE
(Adobe Systems, Inc.) C:\windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_8_800_94.exe
(Adobe Systems, Inc.) C:\windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_8_800_94.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Toshiba Service Station\ToshibaServiceStation.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\windows\system32\wwahost.exe
(Microsoft Corporation) C:\windows\splwow64.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe
(Microsoft Corporation) C:\windows\ImmersiveControlPanel\SystemSettings.exe
(Microsoft Corporation) C:\windows\system32\msiexec.exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [] - [x]
HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13196432 2012-09-25] (Realtek Semiconductor)
HKLM\...\Run: [TCrdMain] - C:\Program Files\TOSHIBA\Hotkey\TCrdMain_Win8.exe [2611112 2012-09-04] ()
HKLM\...\Run: [TODDMain] - C:\Program Files (x86)\TOSHIBA\System Setting\TODDMain.exe [213136 2012-08-05] ()
HKLM\...\Run: [TecoResident] - C:\Program Files\TOSHIBA\Teco\TecoResident.exe [169896 2012-08-14] (TOSHIBA Corporation)
HKLM\...\Run: [TosWaitSrv] - C:\Program Files\TOSHIBA\TPHM\TosWaitSrv.exe [356776 2012-07-11] (TOSHIBA Corporation)
HKLM\...\Run: [SRS Premium Sound HD] - C:\Program Files\SRS Labs\SRS Control Panel\SRS_Premium_Sound_HD.zip [223242 2012-08-20] ()
HKCU\...\Run: [ISUSPM] - C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe [222496 2009-05-05] (Acresso Corporation)
HKCU\...\Run: [WebCake Desktop] - C:\Users\Sabrina\AppData\Roaming\WebCake\WebCakeDesktop.exe [47896 2013-05-31] (WebCake LLC)
HKCU\...\Run: [Lync] - C:\Program Files\Microsoft Office\Office15\lync.exe [22111392 2013-06-13] (Microsoft Corporation)
HKCU\...\Run: [LightShot] - C:\Users\Sabrina\AppData\Local\Skillbrains\lightshot\LightShot.exe [226592 2013-05-27] ()
HKCU\...\Run: [SkyDrive] - C:\Users\Sabrina\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe [257136 2013-07-02] (Microsoft Corporation)
HKCU\...\RunOnce: [Uninstall C:\Users\Sabrina\AppData\Local\Microsoft\SkyDrive\17.0.2010.0530\amd64] - C:\windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Sabrina\AppData\Local\Microsoft\SkyDrive\17.0.2010.0530\amd64" [404992 2012-07-26] (Microsoft Corporation)
HKLM-x32\...\Run: [Intel AppUp(SM) center] - C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe [155488 2012-08-02] (Intel Corporation)
HKLM-x32\...\Run: [TPUReg] - C:\Program Files (x86)\TOSHIBA\Password Utility\TosPU.exe [7148032 2012-10-31] (Pegatron Corporation)
HKLM-x32\...\Run: [TPUReg(x86)] - "C:\Program Files\TOSHIBA\Password Utility\TosPU.exe" /Retimes [x]
HKLM-x32\...\Run: [IndexSearch] - C:\Program Files (x86)\Nuance\PaperPort\IndexSearch.exe [46368 2010-03-09] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [PaperPort PTD] - C:\Program Files (x86)\Nuance\PaperPort\pptd40nt.exe [29984 2010-03-09] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [PPort12reminder] - C:\Program Files (x86)\Nuance\PaperPort\Ereg\Ereg.exe [328992 2010-02-09] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [PDFHook] - C:\Program Files (x86)\Nuance\PDF Viewer Plus\pdfpro5hook.exe [636192 2010-03-05] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [PDF5 Registry Controller] - C:\Program Files (x86)\Nuance\PDF Viewer Plus\RegistryController.exe [62752 2010-03-05] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [ControlCenter4] - C:\Program Files (x86)\ControlCenter4\BrCcBoot.exe [143360 2012-09-06] (Brother Industries, Ltd.)
HKLM-x32\...\Run: [BrStsMon00] - C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe [3076096 2012-06-06] (Brother Industries, Ltd.)
HKLM-x32\...\Run: [Ulead AutoDetector v2] - C:\Program Files (x86)\Common Files\Ulead Systems\AutoDetector\monitor.exe [95504 2007-08-02] (Ulead Systems, Inc.)
HKLM-x32\...\Run: [AVP] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\runner_avp.exe [24504 2013-07-07] (Kaspersky Lab ZAO)
AppInit_DLLs-x32: c:\progra~3\browse~1\261519~1.190\{c16c1~1\browse~1.dll [2691536 2013-07-26] ()
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.babylon.com/?affID=119781&babsrc=HP_ss_din2g&mntrId=84D02CD05A5C18B7
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://toshiba13.msn.com
HKCU\Software\Microsoft\Internet Explorer\Main,bProtector Start Page = hxxp://www.delta-search.com/?affID=119781&babsrc=HP_ss&mntrId=84D02CD05A5C18B7
SearchScopes: HKLM - DefaultScope {E1455FA2-3B28-422E-8E5A-12B1D073E98D} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MATMJS
SearchScopes: HKLM - {E1455FA2-3B28-422E-8E5A-12B1D073E98D} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MATMJS
SearchScopes: HKLM-x32 - DefaultScope {E1455FA2-3B28-422E-8E5A-12B1D073E98D} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MATMJS
SearchScopes: HKLM-x32 - {E1455FA2-3B28-422E-8E5A-12B1D073E98D} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MATMJS
SearchScopes: HKCU - DefaultScope {E1455FA2-3B28-422E-8E5A-12B1D073E98D} URL =
SearchScopes: HKCU - bProtectorDefaultScope {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
SearchScopes: HKCU - {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = hxxp://www.delta-search.com/?q={searchTerms}&affID=119781&babsrc=SP_ss&mntrId=84D02CD05A5C18B7
SearchScopes: HKCU - {E1455FA2-3B28-422E-8E5A-12B1D073E98D} URL =
BHO: Lync Browser Helper - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO: Content Blocker Plugin - {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\x64\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO)
BHO: Virtual Keyboard Plugin - {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~1\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\PROGRA~1\MICROS~1\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO: URL Advisor Plugin - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\x64\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
BHO-x32: Plus-HD-2.2 - {11111111-1111-1111-1111-110311301136} - C:\Program Files (x86)\Plus-HD-2.2\Plus-HD-2.2-bho.dll (Plus HD)
BHO-x32: WebCake - {2A5A2A90-3B30-4E6E-A955-2F232C6EF517} - C:\Program Files (x86)\WebCake\WebCakeIEClient.dll (WebCake LLC)
BHO-x32: Lync Browser Helper - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO-x32: PlusIEEventHelper Class - {551A852F-39A6-44A7-9C13-AFBEC9185A9D} - C:\Program Files (x86)\Nuance\PDF Viewer Plus\Bin\PlusIEContextMenu.dll (Zeon Corporation)
BHO-x32: Content Blocker Plugin - {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO)
BHO-x32: Virtual Keyboard Plugin - {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: delta Helper Object - {C1AF5FA5-852C-4C90-812E-A7F75E011D87} - C:\Program Files (x86)\Delta\delta\1.8.21.5\bh\delta.dll (Delta-search.com)
BHO-x32: Microsoft SkyDrive Pro Browser Helper - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\PROGRA~2\MICROS~1\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: URL Advisor Plugin - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
Toolbar: HKLM-x32 - Delta Toolbar - {82E1477C-B154-48D3-9891-33D83C26BCD3} - C:\Program Files (x86)\Delta\delta\1.8.21.5\deltaTlbr.dll (Delta-search.com)
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1
FireFox:
========
FF ProfilePath: C:\Users\Sabrina\AppData\Roaming\Mozilla\Firefox\Profiles\i91wl28o.default
FF user.js: detected! => C:\Users\Sabrina\AppData\Roaming\Mozilla\Firefox\Profiles\i91wl28o.default\user.js
FF NewTab: hxxp://www.delta-search.com/?affID=119781&babsrc=NT_ss&mntrId=84D02CD05A5C18B7
FF Homepage: hxxp://www.t-online.de
FF Plugin: @adobe.com/FlashPlayer - C:\windows\system32\Macromed\Flash\NPSWF64_11_8_800_94.dll ()
FF Plugin: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~1\MICROS~1\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_94.dll ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 - C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~1\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 - C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll ()
FF SearchPlugin: C:\Users\Sabrina\AppData\Roaming\Mozilla\Firefox\Profiles\i91wl28o.default\searchplugins\babylon.xml
FF SearchPlugin: C:\Users\Sabrina\AppData\Roaming\Mozilla\Firefox\Profiles\i91wl28o.default\searchplugins\delta.xml
FF Extension: No Name - C:\Users\Sabrina\AppData\Roaming\Mozilla\Firefox\Profiles\i91wl28o.default\Extensions\4fdacf00-e9c4-4ad5-b4cf-bf9800f184f6@36857116-74e0-4973-936f-860cd2a102a9.com
FF Extension: Delta Toolbar - C:\Users\Sabrina\AppData\Roaming\Mozilla\Firefox\Profiles\i91wl28o.default\Extensions\ffxtlbr@delta.com
FF Extension: WebCake - C:\Users\Sabrina\AppData\Roaming\Mozilla\Firefox\Profiles\i91wl28o.default\Extensions\plugin@getwebcake.com
FF Extension: ftdownloader4 - C:\Users\Sabrina\AppData\Roaming\Mozilla\Firefox\Profiles\i91wl28o.default\Extensions\ftdownloader4@ftdownloader.com.xpi
FF Extension: No Name - C:\Users\Sabrina\AppData\Roaming\Mozilla\Firefox\Profiles\i91wl28o.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
FF Extension: Default - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF HKLM-x32\...\Firefox\Extensions: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\FFExt\url_advisor@kaspersky.com
FF Extension: Kaspersky URL Advisor - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\FFExt\url_advisor@kaspersky.com
FF HKLM-x32\...\Firefox\Extensions: [virtual_keyboard@kaspersky.com] C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\FFExt\virtual_keyboard@kaspersky.com
FF Extension: Virtual Keyboard - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\FFExt\virtual_keyboard@kaspersky.com
FF HKLM-x32\...\Firefox\Extensions: [content_blocker@kaspersky.com] C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\FFExt\content_blocker@kaspersky.com
FF Extension: Content Blocker - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\FFExt\content_blocker@kaspersky.com
FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] C:\Program Files\McAfee\MSK
Chrome:
=======
CHR Extension: (Google Docs) - C:\Users\Sabrina\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0
CHR Extension: (Google Drive) - C:\Users\Sabrina\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0
CHR Extension: (FTdownloader V4.0) - C:\Users\Sabrina\AppData\Local\Google\Chrome\User Data\Default\Extensions\bebnnlollpcjnfpkafhoclljaojgnfok\4.0_0
CHR Extension: (YouTube) - C:\Users\Sabrina\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0
CHR Extension: (Google Search) - C:\Users\Sabrina\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0
CHR Extension: (Kaspersky URL Advisor) - C:\Users\Sabrina\AppData\Local\Google\Chrome\User Data\Default\Extensions\dchlnpcodkpfdpacogkljefecpegganj\13.0.1.4190_1
CHR Extension: (Delta Toolbar) - C:\Users\Sabrina\AppData\Local\Google\Chrome\User Data\Default\Extensions\eooncjejnppfjjklapaamhcdmjbilmde\1.4_0
CHR Extension: (Web Cake) - C:\Users\Sabrina\AppData\Local\Google\Chrome\User Data\Default\Extensions\fjoijdanhaiflhibkljeklcghcmmfffh\1.0.3_0
CHR Extension: (Virtual Keyboard) - C:\Users\Sabrina\AppData\Local\Google\Chrome\User Data\Default\Extensions\jagncdcchgajhfhijbbhecadmaiegcmh\13.0.1.4292_1
CHR Extension: (Gmail) - C:\Users\Sabrina\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0
CHR HKLM-x32\...\Chrome\Extension: [bebnnlollpcjnfpkafhoclljaojgnfok] - C:\Program Files (x86)\FTDownloader.com\FTDownloader10.crx
CHR HKLM-x32\...\Chrome\Extension: [dchlnpcodkpfdpacogkljefecpegganj] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\ChromeExt\urladvisor.crx
CHR HKLM-x32\...\Chrome\Extension: [eooncjejnppfjjklapaamhcdmjbilmde] - C:\Users\Sabrina\AppData\Roaming\BabSolution\CR\Delta.crx
CHR HKLM-x32\...\Chrome\Extension: [fjoijdanhaiflhibkljeklcghcmmfffh] - C:\Program Files (x86)\WebCakeLayers.crx
CHR HKLM-x32\...\Chrome\Extension: [hghkgaeecgjhjkannahfamoehjmkjail] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\ChromeExt\content_blocker_chrome.crx
CHR HKLM-x32\...\Chrome\Extension: [jagncdcchgajhfhijbbhecadmaiegcmh] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\ChromeExt\virtkbd.crx
CHR StartMenuInternet: Google Chrome - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
==================== Services (Whitelisted) =================
R2 ADExchange; C:\Program Files (x86)\Common Files\ArcSoft\esinter\Bin\eservutil.exe [37280 2011-10-26] (ArcSoft Inc.)
R2 AVP; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\avp.exe [356376 2013-07-07] (Kaspersky Lab ZAO)
R2 BrowserDefendert; C:\ProgramData\BrowserDefender\2.6.1519.190\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserDefender.exe [2847696 2013-07-26] ()
R2 GFNEXSrv; C:\Program Files (x86)\TOSHIBA\Password Utility\GFNEXSrv.exe [156672 2011-10-13] ()
R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [129856 2012-06-27] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [166720 2012-06-25] (Intel Corporation)
R2 PDFProFiltSrvPP; C:\Program Files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe [144672 2010-03-09] (Nuance Communications, Inc.)
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [201360 2012-08-31] (Realtek Semiconductor)
R3 TemproMonitoringService; C:\Program Files (x86)\Toshiba TEMPRO\TemproSvc.exe [114656 2012-09-25] (Toshiba Europe GmbH)
R2 WebCake Desktop Updater; C:\Program Files (x86)\WebCake\WebCakeDesktop.Updater.exe [23552 2013-05-31] (WebCake LLC)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [14920 2013-01-29] (Microsoft Corporation)
S2 mcbootdelaystartsvc; "C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe" /McCoreSvc [x]
==================== Drivers (Whitelisted) ====================
R0 kl1; C:\Windows\System32\DRIVERS\kl1.sys [458584 2012-06-19] (Kaspersky Lab ZAO)
S0 klelam; C:\Windows\System32\DRIVERS\klelam.sys [29616 2012-07-27] (Kaspersky Lab)
R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [619616 2013-07-07] (Kaspersky Lab ZAO)
R1 KLIM6; C:\Windows\system32\DRIVERS\klim6.sys [28504 2012-08-02] (Kaspersky Lab ZAO)
R3 klkbdflt; C:\Windows\system32\DRIVERS\klkbdflt.sys [29016 2013-07-07] (Kaspersky Lab)
R3 klmouflt; C:\Windows\system32\DRIVERS\klmouflt.sys [29528 2013-07-07] (Kaspersky Lab)
R1 klwfp; C:\Windows\system32\DRIVERS\klwfp.sys [50448 2013-07-07] (Kaspersky Lab ZAO)
R1 kneps; C:\Windows\system32\DRIVERS\kneps.sys [178448 2013-07-07] (Kaspersky Lab ZAO)
R2 PEGAGFN; C:\Program Files (x86)\TOSHIBA\Password Utility\PEGAGFN.sys [14344 2009-09-11] (PEGATRON)
S3 RTL8192Ce; C:\Windows\system32\DRIVERS\rtwlane.sys [1498256 2012-08-29] (Realtek Semiconductor Corporation )
R3 RTWlanE; C:\Windows\system32\DRIVERS\rtwlane.sys [1498256 2012-08-29] (Realtek Semiconductor Corporation )
R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [43832 2012-08-16] (Synaptics Incorporated)
R3 Thotkey; C:\Windows\System32\drivers\Thotkey.sys [28632 2012-07-31] (Windows (R) Win 7 DDK provider)
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2013-08-11 09:42 - 2013-08-11 09:42 - 01790633 _____ (Farbar) C:\Users\Sabrina\Downloads\FRST64.exe
2013-08-11 09:41 - 2013-08-11 09:41 - 01230570 _____ (Farbar) C:\Users\Sabrina\Downloads\FRST.exe
2013-08-10 00:14 - 2013-08-10 00:14 - 00170562 _____ C:\Users\Sabrina\Documents\Foto 1
2013-08-01 10:30 - 2013-08-10 00:11 - 00003438 _____ C:\windows\System32\Tasks\BrowserDefendert
2013-07-30 20:32 - 2013-07-30 20:32 - 00003004 _____ C:\Program Files (x86)\WebCakeLayers.crx
2013-07-22 22:53 - 2013-07-22 22:53 - 00000035 _____ C:\Users\Sabrina\Downloads\1ef24632762541d96396215fc2882140.txt
2013-07-22 08:06 - 2013-07-22 08:22 - 00040169 _____ C:\p2.txt
2013-07-22 08:04 - 2013-07-22 08:04 - 00000000 ____D C:\Users\Sabrina\AppData\Roaming\ArcSoft
2013-07-22 08:03 - 2013-07-22 08:04 - 00000000 ____D C:\ProgramData\ArcSoft
2013-07-22 08:03 - 2013-07-22 08:03 - 00001170 _____ C:\Users\Sabrina\Desktop\Perfect365.lnk
2013-07-22 08:03 - 2013-07-22 08:03 - 00000000 ____D C:\Users\Sabrina\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ArcSoft
2013-07-22 08:03 - 2013-07-22 08:03 - 00000000 ____D C:\Users\Sabrina\AppData\Local\ArcSoft
2013-07-22 08:03 - 2013-07-22 08:03 - 00000000 ____D C:\Program Files (x86)\ArcSoft
2013-07-22 08:02 - 2013-07-22 08:02 - 25023095 _____ C:\Users\Sabrina\Desktop\perfect365_retail_tbyb_all.exe
2013-07-22 08:00 - 2013-07-22 08:00 - 01624136 _____ (Bandoo Media Inc) C:\Users\Sabrina\Downloads\iLividSetup-r885-n-bc.exe
2013-07-22 08:00 - 2013-07-22 08:00 - 00393048 _____ (Softonic ) C:\Users\Sabrina\Downloads\SoftonicDownloader_fuer_perfect365 (1).exe
2013-07-22 08:00 - 2013-07-22 08:00 - 00000100 _____ C:\Users\Public\sdelevURL.tmp
2013-07-20 11:17 - 2013-07-20 11:17 - 00450088 _____ C:\windows\system32\FNTCACHE.DAT
2013-07-16 22:28 - 2013-06-17 00:41 - 00997632 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ndis.sys
2013-07-16 22:28 - 2013-06-01 13:54 - 00194816 _____ (Microsoft Corporation) C:\windows\system32\Drivers\sdbus.sys
2013-07-16 22:28 - 2013-06-01 13:54 - 00125184 _____ (Microsoft Corporation) C:\windows\system32\Drivers\dumpsd.sys
2013-07-16 22:28 - 2013-06-01 13:34 - 02391280 _____ (Microsoft Corporation) C:\windows\explorer.exe
2013-07-16 22:28 - 2013-06-01 13:33 - 02233600 _____ (Microsoft Corporation) C:\windows\system32\Drivers\tcpip.sys
2013-07-16 22:28 - 2013-06-01 13:29 - 00337152 _____ (Microsoft Corporation) C:\windows\system32\Drivers\USBXHCI.SYS
2013-07-16 22:28 - 2013-06-01 13:29 - 00213248 _____ (Microsoft Corporation) C:\windows\system32\Drivers\UCX01000.SYS
2013-07-16 22:28 - 2013-06-01 13:26 - 06987008 _____ (Microsoft Corporation) C:\windows\system32\ntoskrnl.exe
2013-07-16 22:28 - 2013-06-01 13:26 - 00327936 _____ (Microsoft Corporation) C:\windows\system32\Drivers\volsnap.sys
2013-07-16 22:28 - 2013-06-01 12:24 - 02106176 _____ (Microsoft Corporation) C:\windows\SysWOW64\explorer.exe
2013-07-16 22:28 - 2013-06-01 11:25 - 00364544 _____ (Microsoft Corporation) C:\windows\SysWOW64\XpsGdiConverter.dll
2013-07-16 22:28 - 2013-06-01 11:25 - 00067584 _____ (Microsoft Corporation) C:\windows\SysWOW64\samlib.dll
2013-07-16 22:28 - 2013-06-01 11:24 - 01453568 _____ (Microsoft Corporation) C:\windows\SysWOW64\mfcore.dll
2013-07-16 22:28 - 2013-06-01 11:24 - 00850944 _____ (Microsoft Corporation) C:\windows\SysWOW64\mfasfsrcsnk.dll
2013-07-16 22:28 - 2013-06-01 11:24 - 00493056 _____ (Microsoft Corporation) C:\windows\SysWOW64\mscms.dll
2013-07-16 22:28 - 2013-06-01 11:23 - 01842176 _____ (Microsoft Corporation) C:\windows\SysWOW64\dwmcore.dll
2013-07-16 22:28 - 2013-06-01 11:23 - 00680960 _____ (Microsoft Corporation) C:\windows\system32\vds.exe
2013-07-16 22:28 - 2013-06-01 11:22 - 00523264 _____ (Microsoft Corporation) C:\windows\system32\XpsGdiConverter.dll
2013-07-16 22:28 - 2013-06-01 11:22 - 00446976 _____ (Microsoft Corporation) C:\windows\system32\wwansvc.dll
2013-07-16 22:28 - 2013-06-01 11:22 - 00190976 _____ (Microsoft Corporation) C:\windows\system32\vdsutil.dll
2013-07-16 22:28 - 2013-06-01 11:22 - 00080896 _____ (Microsoft Corporation) C:\windows\system32\MbaeParserTask.exe
2013-07-16 22:28 - 2013-06-01 11:21 - 00729600 _____ (Microsoft Corporation) C:\windows\system32\samsrv.dll
2013-07-16 22:28 - 2013-06-01 11:21 - 00106496 _____ (Microsoft Corporation) C:\windows\system32\samlib.dll
2013-07-16 22:28 - 2013-06-01 11:20 - 02219520 _____ (Microsoft Corporation) C:\windows\system32\dwmcore.dll
2013-07-16 22:28 - 2013-06-01 11:20 - 01527808 _____ (Microsoft Corporation) C:\windows\system32\mfcore.dll
2013-07-16 22:28 - 2013-06-01 11:20 - 01048576 _____ (Microsoft Corporation) C:\windows\system32\mfasfsrcsnk.dll
2013-07-16 22:28 - 2013-06-01 11:20 - 00583168 _____ (Microsoft Corporation) C:\windows\system32\mscms.dll
2013-07-16 22:28 - 2013-06-01 11:19 - 00785408 _____ (Microsoft Corporation) C:\windows\system32\audiosrv.dll
2013-07-16 22:28 - 2013-06-01 11:19 - 00207872 _____ (Microsoft Corporation) C:\windows\system32\DeviceSetupManager.dll
2013-07-16 22:28 - 2013-06-01 05:08 - 00037632 _____ (Microsoft Corporation) C:\windows\system32\Drivers\BthAvrcpTg.sys
2013-07-16 22:28 - 2013-05-25 00:09 - 01403296 _____ (Microsoft Corporation) C:\windows\system32\winload.efi
2013-07-16 22:28 - 2013-05-25 00:09 - 01271584 _____ (Microsoft Corporation) C:\windows\system32\winload.exe
2013-07-16 22:28 - 2013-05-25 00:09 - 01217352 _____ (Microsoft Corporation) C:\windows\system32\winresume.efi
2013-07-16 22:28 - 2013-05-25 00:09 - 01093904 _____ (Microsoft Corporation) C:\windows\system32\winresume.exe
2013-07-16 22:28 - 2013-05-20 02:08 - 00386642 _____ C:\windows\system32\ApnDatabase.xml
2013-07-12 11:11 - 2013-07-12 11:14 - 00000000 ____D C:\windows\system32\MRT
==================== One Month Modified Files and Folders =======
2013-08-11 09:43 - 2013-08-11 09:43 - 00000000 ____D C:\FRST
2013-08-11 09:42 - 2013-08-11 09:42 - 01790633 _____ (Farbar) C:\Users\Sabrina\Downloads\FRST64.exe
2013-08-11 09:41 - 2013-08-11 09:41 - 01230570 _____ (Farbar) C:\Users\Sabrina\Downloads\FRST.exe
2013-08-11 09:39 - 2013-06-06 22:03 - 00001130 _____ C:\windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-08-11 09:36 - 2013-06-06 13:06 - 00000000 ____D C:\Users\Sabrina\Documents\Outlook-Dateien
2013-08-11 09:34 - 2013-06-06 22:23 - 00000000 ____D C:\ProgramData\Kaspersky Lab
2013-08-11 09:33 - 2013-06-06 18:44 - 00000000 ____D C:\Users\Sabrina\AppData\Roaming\WebCake
2013-08-11 09:33 - 2012-07-26 10:12 - 00000000 ____D C:\windows\system32\sru
2013-08-10 13:59 - 2013-06-06 17:47 - 00000884 _____ C:\windows\Tasks\Adobe Flash Player Updater.job
2013-08-10 12:49 - 2013-06-06 18:44 - 00001852 _____ C:\windows\Tasks\Plus-HD-2.2-firefoxinstaller.job
2013-08-10 12:44 - 2013-06-06 18:44 - 00001220 _____ C:\windows\Tasks\Plus-HD-2.2-codedownloader.job
2013-08-10 12:44 - 2013-06-06 18:44 - 00001216 _____ C:\windows\Tasks\Plus-HD-2.2-updater.job
2013-08-10 12:44 - 2013-06-06 18:44 - 00001120 _____ C:\windows\Tasks\Plus-HD-2.2-enabler.job
2013-08-10 12:39 - 2013-06-06 22:03 - 00001126 _____ C:\windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-08-10 09:00 - 2013-06-06 11:32 - 01125566 _____ C:\windows\WindowsUpdate.log
2013-08-10 01:25 - 2012-07-26 10:12 - 00000000 ____D C:\windows\AUInstallAgent
2013-08-10 00:14 - 2013-08-10 00:14 - 00170562 _____ C:\Users\Sabrina\Documents\Foto 1
2013-08-10 00:11 - 2013-08-01 10:30 - 00003438 _____ C:\windows\System32\Tasks\BrowserDefendert
2013-08-10 00:11 - 2013-06-06 18:45 - 00000000 ____D C:\ProgramData\BrowserDefender
2013-08-10 00:11 - 2013-06-06 11:32 - 00000000 ____D C:\Users\Sabrina
2013-08-01 12:03 - 2013-06-13 23:45 - 00000410 _____ C:\windows\Tasks\update-sys.job
2013-07-31 22:44 - 2013-06-06 11:34 - 00000000 ____D C:\Users\Sabrina\AppData\Local\Packages
2013-07-31 22:41 - 2013-06-06 22:05 - 00002194 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2013-07-31 15:28 - 2013-06-13 23:45 - 00000410 _____ C:\windows\Tasks\update-S-1-5-21-3688149276-2920383417-1206681556-1001.job
2013-07-30 20:53 - 2012-07-26 09:21 - 00024177 _____ C:\windows\setupact.log
2013-07-30 20:32 - 2013-07-30 20:32 - 00003004 _____ C:\Program Files (x86)\WebCakeLayers.crx
2013-07-29 00:22 - 2012-08-01 18:38 - 00753134 _____ C:\windows\system32\perfh007.dat
2013-07-29 00:22 - 2012-08-01 18:38 - 00155826 _____ C:\windows\system32\perfc007.dat
2013-07-29 00:22 - 2012-07-26 09:28 - 01745416 _____ C:\windows\system32\PerfStringBackup.INI
2013-07-29 00:15 - 2012-07-26 09:22 - 00000006 ____H C:\windows\Tasks\SA.DAT
2013-07-29 00:14 - 2012-07-26 07:26 - 00262144 ___SH C:\windows\system32\config\BBI
2013-07-28 12:12 - 2013-06-06 11:34 - 00000000 ____D C:\Users\Sabrina\AppData\Local\VirtualStore
2013-07-27 10:20 - 2013-06-06 11:43 - 00003600 _____ C:\windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3688149276-2920383417-1206681556-1001
2013-07-23 19:09 - 2013-06-13 23:45 - 00003262 _____ C:\windows\System32\Tasks\update-S-1-5-21-3688149276-2920383417-1206681556-1001
2013-07-23 19:09 - 2013-06-13 23:45 - 00000444 _____ C:\Users\Sabrina\AppData\Local\UserProducts.xml
2013-07-23 19:09 - 2013-06-13 23:45 - 00000000 ____D C:\Users\Sabrina\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\LightShot
2013-07-22 22:53 - 2013-07-22 22:53 - 00000035 _____ C:\Users\Sabrina\Downloads\1ef24632762541d96396215fc2882140.txt
2013-07-22 08:22 - 2013-07-22 08:06 - 00040169 _____ C:\p2.txt
2013-07-22 08:04 - 2013-07-22 08:04 - 00000000 ____D C:\Users\Sabrina\AppData\Roaming\ArcSoft
2013-07-22 08:04 - 2013-07-22 08:03 - 00000000 ____D C:\ProgramData\ArcSoft
2013-07-22 08:03 - 2013-07-22 08:03 - 00001170 _____ C:\Users\Sabrina\Desktop\Perfect365.lnk
2013-07-22 08:03 - 2013-07-22 08:03 - 00000000 ____D C:\Users\Sabrina\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ArcSoft
2013-07-22 08:03 - 2013-07-22 08:03 - 00000000 ____D C:\Users\Sabrina\AppData\Local\ArcSoft
2013-07-22 08:03 - 2013-07-22 08:03 - 00000000 ____D C:\Program Files (x86)\ArcSoft
2013-07-22 08:02 - 2013-07-22 08:02 - 25023095 _____ C:\Users\Sabrina\Desktop\perfect365_retail_tbyb_all.exe
2013-07-22 08:00 - 2013-07-22 08:00 - 01624136 _____ (Bandoo Media Inc) C:\Users\Sabrina\Downloads\iLividSetup-r885-n-bc.exe
2013-07-22 08:00 - 2013-07-22 08:00 - 00393048 _____ (Softonic ) C:\Users\Sabrina\Downloads\SoftonicDownloader_fuer_perfect365 (1).exe
2013-07-22 08:00 - 2013-07-22 08:00 - 00000100 _____ C:\Users\Public\sdelevURL.tmp
2013-07-20 11:26 - 2013-06-06 17:46 - 00000000 ____D C:\Users\Sabrina\AppData\Local\Adobe
2013-07-20 11:25 - 2013-06-06 17:47 - 00003772 _____ C:\windows\System32\Tasks\Adobe Flash Player Updater
2013-07-20 11:24 - 2012-07-26 10:12 - 00000000 ____D C:\windows\rescache
2013-07-20 11:17 - 2013-07-20 11:17 - 00450088 _____ C:\windows\system32\FNTCACHE.DAT
2013-07-14 12:49 - 2012-07-26 07:38 - 00000000 ____D C:\windows\system32\oobe
2013-07-13 12:34 - 2013-06-06 22:03 - 00004102 _____ C:\windows\System32\Tasks\GoogleUpdateTaskMachineUA
2013-07-13 12:34 - 2013-06-06 22:03 - 00003866 _____ C:\windows\System32\Tasks\GoogleUpdateTaskMachineCore
2013-07-12 11:14 - 2013-07-12 11:11 - 00000000 ____D C:\windows\system32\MRT
==================== Bamital & volsnap Check =================
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
LastRegBack: 2013-08-10 09:06
==================== End Of Log ============================
--- --- --- |
|
11.08.2013, 16:09
| #4 |
| /// the machine /// TB-Ausbilder | trojan-spy.html.fraud.gen hi,  So funktioniert es:Posten in CODE-Tags Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert mir massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu gross für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
Downloade Dir bitte  Malwarebytes Anti-Malware
Downloade Dir bitte  AdwCleaner auf deinen Desktop.
Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
und ein frisches FRST log bitte.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
11.08.2013, 23:50
| #5 |
| | trojan-spy.html.fraud.genCode:
ATTFilter Malwarebytes Anti-Malware (Test) 1.75.0.1300 www.malwarebytes.org Datenbank Version: v2013.08.11.06 Windows 8 x64 NTFS Internet Explorer 10.0.9200.16635 Sabrina :: CHAMUELA [Administrator] Schutz: Aktiviert 11.08.2013 23:57:47 mbam-log-2013-08-11 (23-57-47).txt Art des Suchlaufs: Quick-Scan Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 216070 Laufzeit: 8 Minute(n), 5 Sekunde(n) Infizierte Speicherprozesse: 3 C:\ProgramData\BrowserDefender\2.6.1519.190\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserDefender.exe (PUP.Optional.BrowserDefender.A) -> 12032 -> Löschen bei Neustart. C:\ProgramData\BrowserDefender\2.6.1519.190\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserDefender.exe (PUP.Optional.BrowserDefender.A) -> 7880 -> Löschen bei Neustart. C:\Users\Sabrina\AppData\Roaming\WebCake\WebCakeDesktop.exe (PUP.WebCake) -> 6976 -> Löschen bei Neustart. Infizierte Speichermodule: 2 C:\ProgramData\BrowserDefender\2.6.1519.190\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserDefender.dll (PUP.Optional.BrowserDefender.A) -> Löschen bei Neustart. C:\Users\Sabrina\AppData\Roaming\WebCake\dat\Desktop.OS.dll (PUP.WebCake) -> Löschen bei Neustart. Infizierte Registrierungsschlüssel: 41 HKLM\SYSTEM\CurrentControlSet\Services\WebCake Desktop Updater (PUP.Optional.WebCake.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCR\CLSID\{4FCB4630-2A1C-4AA1-B422-345E8DC8A6DE} (PUP.Optional.Delta) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCR\escort.escortIEPane.1 (PUP.Optional.Delta) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCR\escort.escortIEPane (PUP.Optional.Delta) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCR\CLSID\{C1AF5FA5-852C-4C90-812E-A7F75E011D87} (PUP.Optional.Delta) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCR\delta.deltaHlpr.1 (PUP.Optional.Delta) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCR\delta.deltaHlpr (PUP.Optional.Delta) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C1AF5FA5-852C-4C90-812E-A7F75E011D87} (PUP.Optional.Delta) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{C1AF5FA5-852C-4C90-812E-A7F75E011D87} (PUP.Optional.Delta) -> Löschen bei Neustart. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{C1AF5FA5-852C-4C90-812E-A7F75E011D87} (PUP.Optional.Delta) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCR\CLSID\{261DD098-8A3E-43D4-87AA-63324FA897D8} (PUP.Optional.Delta) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCR\TypeLib\{39CB8175-E224-4446-8746-00566302DF8D} (PUP.Optional.Delta) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCR\esrv.deltaESrvc.1 (PUP.Optional.Delta) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCR\esrv.deltaESrvc (PUP.Optional.Delta) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCR\CLSID\{2A5A2A90-3B30-4E6E-A955-2F232C6EF517} (PUP.WebCake) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCR\TypeLib\{EFDF368C-8DD9-4E05-87CD-16AA5CB03CB8} (PUP.WebCake) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCR\Interface\{0AFD55C8-ADF8-4A33-A6E1-DEDB7A36AEB4} (PUP.WebCake) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCR\WebCakeIEClient.Layers.1 (PUP.WebCake) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCR\WebCakeIEClient.Layers (PUP.WebCake) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2A5A2A90-3B30-4E6E-A955-2F232C6EF517} (PUP.WebCake) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{2A5A2A90-3B30-4E6E-A955-2F232C6EF517} (PUP.WebCake) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCR\CLSID\{82E1477C-B154-48D3-9891-33D83C26BCD3} (PUP.Optional.Delta.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCR\TypeLib\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921} (PUP.Optional.Delta.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCR\delta.deltadskBnd.1 (PUP.Optional.Delta.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCR\delta.deltadskBnd (PUP.Optional.Delta.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{82E1477C-B154-48D3-9891-33D83C26BCD3} (PUP.Optional.Delta.A) -> Löschen bei Neustart. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{82E1477C-B154-48D3-9891-33D83C26BCD3} (PUP.Optional.Delta.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCR\WebCakeIEClient.Api (PUP.WebCake) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCR\WebCakeIEClient.Api.1 (PUP.WebCake) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCR\AppID\WebCakeIEClient.DLL (PUP.WebCake) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCU\SOFTWARE\DELTA\DELTA (PUP.Optional.Delta) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKLM\SOFTWARE\Google\Chrome\Extensions\fjoijdanhaiflhibkljeklcghcmmfffh (PUP.WebCake) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{15D2D75C-9CB2-4efd-BAD7-B9B4CB4BC693} (PUP.Optional.BrowserDefender.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Delta Chrome Toolbar (PUP.Optional.BabSolution.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCR\CLSID\{E97A663B-81A6-49C5-A6D3-BCB05BA1DE26} (PUP.Optional.Delta.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCR\TypeLib\{D7EE8177-D51E-4F89-92B6-83EA2EC40800} (PUP.Optional.Delta.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCR\delta.deltaappCore.1 (PUP.Optional.Delta.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCR\delta.deltaappCore (PUP.Optional.Delta.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCR\CLSID\{86838207-681D-469D-9511-D0DCC6F19F9B} (PUP.Optional.Delta.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCR\d (PUP.Optional.Delta.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\delta (PUP.Optional.Delta.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. Infizierte Registrierungswerte: 4 HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|WebCake Desktop (PUP.WebCake.A) -> Daten: C:\Users\Sabrina\AppData\Roaming\Betcat\WebCakeDesktop.exe -> Erfolgreich gelöscht und in Quarantäne gestellt. HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar|{82E1477C-B154-48D3-9891-33D83C26BCD3} (PUP.Optional.Delta.A) -> Daten: Delta Toolbar -> Erfolgreich gelöscht und in Quarantäne gestellt. HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{82E1477C-B154-48D3-9891-33D83C26BCD3} (PUP.Optional.Delta.A) -> Daten: -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCU\SOFTWARE\Delta\Delta|tlbrSrchUrl (PUP.Optional.Delta) -> Daten: -> Erfolgreich gelöscht und in Quarantäne gestellt. Infizierte Dateiobjekte der Registrierung: 1 HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows|AppInit_DLLs (PUP.Optional.BrowserDefender.A) -> Bösartig: (c:\progra~3\browse~1\261519~1.190\{c16c1~1\browse~1.dll) Gut: () -> Löschen bei Neustart. Infizierte Verzeichnisse: 22 C:\Users\Sabrina\AppData\Roaming\WebCake (PUP.WebCake) -> Löschen bei Neustart. C:\Users\Sabrina\AppData\Roaming\WebCake\dat (PUP.WebCake) -> Löschen bei Neustart. C:\Users\Sabrina\AppData\Roaming\WebCake\dat\update (PUP.WebCake) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\ProgramData\Tarma Installer\{C4ED781C-7394-4906-AAFF-D6AB64FF7C38} (PUP.WebCake) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\ProgramData\Tarma Installer\{C4ED781C-7394-4906-AAFF-D6AB64FF7C38}\Cache (PUP.WebCake) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Sabrina\AppData\Roaming\Babylon (PUP.Optional.Babylon.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\ProgramData\BrowserDefender\2.6.1339.144 (PUP.Optional.BrowserDefender.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\ProgramData\BrowserDefender\2.6.1339.144\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8} (PUP.Optional.BrowserDefender.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\ProgramData\BrowserDefender\2.6.1339.144\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\FirefoxExtension (PUP.Optional.BrowserDefender.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\ProgramData\BrowserDefender\2.6.1339.144\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\traking_settings (PUP.Optional.BrowserDefender.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\ProgramData\BrowserDefender\2.6.1519.190 (PUP.Optional.BrowserDefender.A) -> Löschen bei Neustart. C:\ProgramData\BrowserDefender\2.6.1519.190\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8} (PUP.Optional.BrowserDefender.A) -> Löschen bei Neustart. C:\ProgramData\BrowserDefender\2.6.1519.190\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\FirefoxExtension (PUP.Optional.BrowserDefender.A) -> Löschen bei Neustart. C:\ProgramData\BrowserDefender\2.6.1519.190\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\traking_settings (PUP.Optional.BrowserDefender.A) -> Löschen bei Neustart. C:\ProgramData\Tarma Installer (PUP.Optional.Tarma.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\ProgramData\Tarma Installer\{361E80BE-388B-4270-BF54-A10C2B756504} (PUP.Optional.Tarma.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\ProgramData\Tarma Installer\{361E80BE-388B-4270-BF54-A10C2B756504}\Cache (PUP.Optional.Tarma.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Sabrina\AppData\Roaming\BabSolution (PUP.Optional.BabSolution.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Sabrina\AppData\Roaming\BabSolution\CR (PUP.Optional.BabSolution.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Sabrina\AppData\Roaming\BabSolution\Shared (PUP.Optional.BabSolution.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files (x86)\Delta\delta\1.8.21.5 (PUP.Optional.Delta.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files (x86)\Delta\delta\1.8.21.5\bh (PUP.Optional.Delta.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. Infizierte Dateien: 83 C:\ProgramData\BrowserDefender\2.6.1519.190\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserDefender.dll (PUP.Optional.BrowserDefender.A) -> Löschen bei Neustart. C:\ProgramData\BrowserDefender\2.6.1519.190\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserDefender.exe (PUP.Optional.BrowserDefender.A) -> Löschen bei Neustart. C:\Users\Sabrina\AppData\Roaming\Betcat\WebCakeDesktop.exe (PUP.WebCake.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files (x86)\WBDesktop.Updater.exe (PUP.Optional.WebCake.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files (x86)\Delta\delta\1.8.21.5\bh\delta.dll (PUP.Optional.Delta) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files (x86)\Delta\delta\1.8.21.5\deltasrv.exe (PUP.Optional.Delta) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files (x86)\WebCake\WebCakeIEClient.dll (PUP.WebCake) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files (x86)\Delta\delta\1.8.21.5\deltaTlbr.dll (PUP.Optional.Delta.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\ProgramData\Tarma Installer\{361E80BE-388B-4270-BF54-A10C2B756504}\Setup.exe (PUP.Optional.Tarma.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\ProgramData\Tarma Installer\{C4ED781C-7394-4906-AAFF-D6AB64FF7C38}\Setup.exe (PUP.Optional.Tarma.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Sabrina\AppData\Roaming\BabSolution\Shared\BabMaint.exe (PUP.Optional.Babylon.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Sabrina\AppData\Local\Temp\9E2D.tmp (PUP.Babylon.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\$RECYCLE.BIN\S-1-5-21-3688149276-2920383417-1206681556-1001\$R0DOMFT.exe (PUP.Optional.Softonic) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Sabrina\AppData\Local\Temp\60732761-BAB0-7891-AB36-292EAD5AE378\Latest\ccp.exe (PUP.Babylon.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Sabrina\AppData\Local\Temp\60732761-BAB0-7891-AB36-292EAD5AE378\Latest\MyBabylonTB.exe (PUP.Optional.Delta) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Sabrina\AppData\Local\Temp\60732761-BAB0-7891-AB36-292EAD5AE378\Latest\Setup.exe (PUP.Optional.Babylon.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Sabrina\AppData\Local\Temp\upd4C57\BabMaint.x (PUP.Optional.Babylon.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Sabrina\Downloads\Corel_Ulead_PhotoImpact_X3_TW_Serial_Number_download.exe (PUP.BundleInstaller.DW) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Sabrina\Downloads\iLividSetup-r885-n-bc.exe (PUP.Optional.Vid) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Sabrina\Downloads\SoftonicDownloader_fuer_perfect365 (1).exe (PUP.Optional.Softonic) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Sabrina\AppData\Roaming\WebCake\PlugIns.cache (PUP.WebCake) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Sabrina\AppData\Roaming\WebCake\WebCakeDesktop.exe (PUP.WebCake) -> Löschen bei Neustart. C:\Users\Sabrina\AppData\Roaming\WebCake\dat\Desktop.OS.dll (PUP.WebCake) -> Löschen bei Neustart. C:\Users\Sabrina\AppData\Roaming\WebCake\dat\Dora.dat (PUP.WebCake) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Sabrina\AppData\Roaming\WebCake\dat\Maintain.dat (PUP.WebCake) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Sabrina\AppData\Roaming\WebCake\dat\Paladin.dat (PUP.WebCake) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Sabrina\AppData\Roaming\WebCake\dat\Phoenix.dat (PUP.WebCake) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\ProgramData\Tarma Installer\{C4ED781C-7394-4906-AAFF-D6AB64FF7C38}\Setup.ico (PUP.WebCake) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\ProgramData\Tarma Installer\{C4ED781C-7394-4906-AAFF-D6AB64FF7C38}\Setup.dat (PUP.WebCake) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\ProgramData\Tarma Installer\{C4ED781C-7394-4906-AAFF-D6AB64FF7C38}\_Setup.dll (PUP.WebCake) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\ProgramData\Tarma Installer\{C4ED781C-7394-4906-AAFF-D6AB64FF7C38}\_Setupx.dll (PUP.WebCake) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Sabrina\AppData\Roaming\Babylon\log_file.txt (PUP.Optional.Babylon.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\ProgramData\BrowserDefender\2.6.1339.144\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\bl (PUP.Optional.BrowserDefender.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\ProgramData\BrowserDefender\2.6.1339.144\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserDefender.dll (PUP.Optional.BrowserDefender.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\ProgramData\BrowserDefender\2.6.1339.144\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserDefender.exe (PUP.Optional.BrowserDefender.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\ProgramData\BrowserDefender\2.6.1339.144\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserDefender.settings (PUP.Optional.BrowserDefender.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\ProgramData\BrowserDefender\2.6.1339.144\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\dm (PUP.Optional.BrowserDefender.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\ProgramData\BrowserDefender\2.6.1339.144\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\uninstall.exe (PUP.Optional.BrowserDefender.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\ProgramData\BrowserDefender\2.6.1339.144\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\FirefoxExtension\bprotector.js (PUP.Optional.BrowserDefender.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\ProgramData\BrowserDefender\2.6.1339.144\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\traking_settings\00 (PUP.Optional.BrowserDefender.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\ProgramData\BrowserDefender\2.6.1339.144\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\traking_settings\01 (PUP.Optional.BrowserDefender.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\ProgramData\BrowserDefender\2.6.1339.144\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\traking_settings\02 (PUP.Optional.BrowserDefender.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\ProgramData\BrowserDefender\2.6.1339.144\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\traking_settings\03 (PUP.Optional.BrowserDefender.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\ProgramData\BrowserDefender\2.6.1339.144\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\traking_settings\10 (PUP.Optional.BrowserDefender.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\ProgramData\BrowserDefender\2.6.1339.144\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\traking_settings\11 (PUP.Optional.BrowserDefender.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\ProgramData\BrowserDefender\2.6.1339.144\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\traking_settings\12 (PUP.Optional.BrowserDefender.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\ProgramData\BrowserDefender\2.6.1339.144\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\traking_settings\13 (PUP.Optional.BrowserDefender.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\ProgramData\BrowserDefender\2.6.1339.144\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\traking_settings\20 (PUP.Optional.BrowserDefender.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\ProgramData\BrowserDefender\2.6.1339.144\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\traking_settings\21 (PUP.Optional.BrowserDefender.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\ProgramData\BrowserDefender\2.6.1339.144\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\traking_settings\22 (PUP.Optional.BrowserDefender.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\ProgramData\BrowserDefender\2.6.1339.144\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\traking_settings\23 (PUP.Optional.BrowserDefender.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\ProgramData\BrowserDefender\2.6.1519.190\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\bl (PUP.Optional.BrowserDefender.A) -> Löschen bei Neustart. C:\ProgramData\BrowserDefender\2.6.1519.190\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserDefender.settings (PUP.Optional.BrowserDefender.A) -> Löschen bei Neustart. C:\ProgramData\BrowserDefender\2.6.1519.190\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\dm (PUP.Optional.BrowserDefender.A) -> Löschen bei Neustart. C:\ProgramData\BrowserDefender\2.6.1519.190\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\uninstall.exe (PUP.Optional.BrowserDefender.A) -> Löschen bei Neustart. C:\ProgramData\BrowserDefender\2.6.1519.190\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\FirefoxExtension\bprotector.js (PUP.Optional.BrowserDefender.A) -> Löschen bei Neustart. C:\ProgramData\BrowserDefender\2.6.1519.190\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\traking_settings\00 (PUP.Optional.BrowserDefender.A) -> Löschen bei Neustart. C:\ProgramData\BrowserDefender\2.6.1519.190\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\traking_settings\01 (PUP.Optional.BrowserDefender.A) -> Löschen bei Neustart. C:\ProgramData\BrowserDefender\2.6.1519.190\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\traking_settings\02 (PUP.Optional.BrowserDefender.A) -> Löschen bei Neustart. C:\ProgramData\BrowserDefender\2.6.1519.190\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\traking_settings\03 (PUP.Optional.BrowserDefender.A) -> Löschen bei Neustart. C:\ProgramData\BrowserDefender\2.6.1519.190\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\traking_settings\10 (PUP.Optional.BrowserDefender.A) -> Löschen bei Neustart. C:\ProgramData\BrowserDefender\2.6.1519.190\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\traking_settings\11 (PUP.Optional.BrowserDefender.A) -> Löschen bei Neustart. C:\ProgramData\BrowserDefender\2.6.1519.190\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\traking_settings\12 (PUP.Optional.BrowserDefender.A) -> Löschen bei Neustart. C:\ProgramData\BrowserDefender\2.6.1519.190\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\traking_settings\13 (PUP.Optional.BrowserDefender.A) -> Löschen bei Neustart. C:\ProgramData\BrowserDefender\2.6.1519.190\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\traking_settings\20 (PUP.Optional.BrowserDefender.A) -> Löschen bei Neustart. C:\ProgramData\BrowserDefender\2.6.1519.190\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\traking_settings\21 (PUP.Optional.BrowserDefender.A) -> Löschen bei Neustart. C:\ProgramData\BrowserDefender\2.6.1519.190\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\traking_settings\22 (PUP.Optional.BrowserDefender.A) -> Löschen bei Neustart. C:\ProgramData\BrowserDefender\2.6.1519.190\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\traking_settings\23 (PUP.Optional.BrowserDefender.A) -> Löschen bei Neustart. C:\ProgramData\Tarma Installer\{361E80BE-388B-4270-BF54-A10C2B756504}\Setup.dat (PUP.Optional.Tarma.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\ProgramData\Tarma Installer\{361E80BE-388B-4270-BF54-A10C2B756504}\Setup.ico (PUP.Optional.Tarma.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\ProgramData\Tarma Installer\{361E80BE-388B-4270-BF54-A10C2B756504}\_Setup.dll (PUP.Optional.Tarma.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\ProgramData\Tarma Installer\{361E80BE-388B-4270-BF54-A10C2B756504}\_Setupx.dll (PUP.Optional.Tarma.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Sabrina\AppData\Roaming\BabSolution\CR\Delta.crx (PUP.Optional.BabSolution.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Sabrina\AppData\Roaming\BabSolution\Shared\BUSolution.dll (PUP.Optional.BabSolution.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Sabrina\AppData\Roaming\BabSolution\Shared\chu.js (PUP.Optional.BabSolution.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Sabrina\AppData\Roaming\BabSolution\Shared\Delta.ico (PUP.Optional.BabSolution.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Sabrina\AppData\Roaming\BabSolution\Shared\GUninstaller.exe (PUP.Optional.BabSolution.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Sabrina\AppData\Roaming\BabSolution\Shared\SetupParams.ini (PUP.Optional.BabSolution.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Sabrina\AppData\Roaming\BabSolution\Shared\sqlite3.dll (PUP.Optional.BabSolution.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files (x86)\Delta\delta\1.8.21.5\deltaApp.dll (PUP.Optional.Delta.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files (x86)\Delta\delta\1.8.21.5\deltaEng.dll (PUP.Optional.Delta.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files (x86)\Delta\delta\1.8.21.5\GUninstaller.exe (PUP.Optional.Delta.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files (x86)\Delta\delta\1.8.21.5\uninstall.exe (PUP.Optional.Delta.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. (Ende) Code:
ATTFilter # AdwCleaner v2.306 - Datei am 12/08/2013 um 00:22:44 erstellt
# Aktualisiert am 19/07/2013 von Xplode
# Betriebssystem : Windows 8 (64 bits)
# Benutzer : Sabrina - CHAMUELA
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\Sabrina\Downloads\adwcleaner.exe
# Option [Löschen]
**** [Dienste] ****
Gestoppt & Gelöscht : BrowserDefendert
***** [Dateien / Ordner] *****
Datei Gelöscht : C:\Users\Public\Desktop\eBay.lnk
Datei Gelöscht : C:\Users\Sabrina\AppData\Local\Google\Chrome\User Data\Default\bProtector Web Data
Datei Gelöscht : C:\Users\Sabrina\AppData\Local\Google\Chrome\User Data\Default\bprotectorpreferences
Datei Gelöscht : C:\Users\Sabrina\AppData\Roaming\Mozilla\Firefox\Profiles\i91wl28o.default\bprotector_extensions.sqlite
Datei Gelöscht : C:\Users\Sabrina\AppData\Roaming\Mozilla\Firefox\Profiles\i91wl28o.default\bprotector_prefs.js
Datei Gelöscht : C:\Users\Sabrina\AppData\Roaming\Mozilla\Firefox\Profiles\i91wl28o.default\extensions\ftdownloader4@ftdownloader.com.xpi
Datei Gelöscht : C:\Users\Sabrina\AppData\Roaming\Mozilla\Firefox\Profiles\i91wl28o.default\searchplugins\Babylon.xml
Datei Gelöscht : C:\Users\Sabrina\AppData\Roaming\Mozilla\Firefox\Profiles\i91wl28o.default\searchplugins\delta.xml
Datei Gelöscht : C:\windows\Tasks\Plus-HD-2.2-codedownloader.job
Datei Gelöscht : C:\windows\Tasks\Plus-HD-2.2-enabler.job
Datei Gelöscht : C:\windows\Tasks\Plus-HD-2.2-firefoxinstaller.job
Datei Gelöscht : C:\windows\Tasks\Plus-HD-2.2-updater.job
Ordner Gelöscht : C:\Program Files (x86)\delta
Ordner Gelöscht : C:\Program Files (x86)\FTDownloader.com
Ordner Gelöscht : C:\Program Files (x86)\Plus-HD-2.2
Ordner Gelöscht : C:\Program Files (x86)\WebCake
Ordner Gelöscht : C:\ProgramData\Babylon
Ordner Gelöscht : C:\ProgramData\BrowserDefender
Ordner Gelöscht : C:\Users\Sabrina\AppData\Local\Google\Chrome\User Data\Default\Extensions\eooncjejnppfjjklapaamhcdmjbilmde
Ordner Gelöscht : C:\Users\Sabrina\AppData\Local\Google\Chrome\User Data\Default\Extensions\fjoijdanhaiflhibkljeklcghcmmfffh
Ordner Gelöscht : C:\Users\Sabrina\AppData\Local\PutLockerDownloader
Ordner Gelöscht : C:\Users\Sabrina\AppData\LocalLow\delta
Ordner Gelöscht : C:\Users\Sabrina\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FTDownloader.com
Ordner Gelöscht : C:\Users\Sabrina\AppData\Roaming\Mozilla\Firefox\Profiles\i91wl28o.default\extensions\ffxtlbr@delta.com
Ordner Gelöscht : C:\Users\Sabrina\AppData\Roaming\Mozilla\Firefox\Profiles\i91wl28o.default\extensions\plugin@getwebcake.com
Ordner Gelöscht : C:\Users\Sabrina\AppData\Roaming\Mozilla\Firefox\Profiles\i91wl28o.default\jetpack
***** [Registrierungsdatenbank] *****
Schlüssel Gelöscht : HKCU\Software\1ClickDownload
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\Crossrider
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\Plus-HD-2.2
Schlüssel Gelöscht : HKCU\Software\BabSolution
Schlüssel Gelöscht : HKCU\Software\DataMngr
Schlüssel Gelöscht : HKCU\Software\DataMngr_Toolbar
Schlüssel Gelöscht : HKCU\Software\Delta
Schlüssel Gelöscht : HKCU\Software\InstalledBrowserExtensions
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\bProtectSettings
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{11111111-1111-1111-1111-110311301136}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AF6B0594-6008-4327-93E5-608AD710A6FA}
Schlüssel Gelöscht : HKCU\Software\Softonic
Schlüssel Gelöscht : HKCU\Software\5328ad9b36abe47
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Schlüssel Gelöscht : HKLM\Software\Babylon
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{39CB8175-E224-4446-8746-00566302DF8D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{7169BBB3-3289-4696-B35D-4A88BCF6FB12}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\escort.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\escortApp.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\escortEng.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\escorTlbr.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\esrv.EXE
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CrossriderApp0033036.BHO
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CrossriderApp0033036.BHO.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CrossriderApp0033036.Sandbox
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CrossriderApp0033036.Sandbox.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Prod.cap
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{44444444-4444-4444-4444-440344304436}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{4599D05A-D545-4069-BB42-5895B4EAE05B}
Schlüssel Gelöscht : HKLM\Software\DataMngr
Schlüssel Gelöscht : HKLM\Software\Delta
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\WebCakeDesktop_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\WebCakeDesktop_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{AF6B0594-6008-4327-93E5-608AD710A6FA}
Schlüssel Gelöscht : HKLM\Software\Plus-HD-2.2
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\5328ad9b36abe47
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{11111111-1111-1111-1111-110311301136}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{22222222-2222-2222-2222-220322302236}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{AF6B0594-6008-4327-93E5-608AD710A6FA}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{DF84E609-C3A4-49CB-A160-61767DAF8899}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{1231839B-064E-4788-B865-465A1B5266FD}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{2DAC2231-CC35-482B-97C5-CED1D4185080}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{3F1CD84C-04A3-4EA0-9EA1-7D134FD66C82}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{3F83A9CA-B5F0-44EC-9357-35BB3E84B07F}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{47E520EA-CAD2-4F51-8F30-613B3A1C33EB}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{55555555-5555-5555-5555-550355305536}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{57C91446-8D81-4156-A70E-624551442DE9}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{66666666-6666-6666-6666-660366306636}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{70AFB7B2-9FB5-4A70-905B-0E9576142E1D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{7AD65FD1-79E0-406D-B03C-DD7C14726D69}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{97DD820D-2E20-40AD-B01E-6730B2FCE630}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{B177446D-54A4-4869-BABC-8566110B4BE0}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{D9D1DFC5-502D-43E4-B1BB-4D0B7841489A}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{DF84E609-C3A4-49CB-A160-61767DAF8899}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{E0B07188-A528-4F9E-B2F7-C7FDE8680AE4}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{F05B12E1-ADE8-4485-B45B-898748B53C37}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\eooncjejnppfjjklapaamhcdmjbilmde
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{348C2DF3-1191-4C3E-92A6-B3A89A9D9C85}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{6E150862-F9E8-456E-9CBC-2CDE1A9F2E33}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{B9A768BD-F835-45D9-92A1-F52A7CEE5D5D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C8615E25-D5B5-4DDD-A3C4-21C5D716FB59}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{CDAC653C-E45E-43E8-AD5D-A09695A1AC4F}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E92D3824-41F7-4EAE-9E0D-13D0BBDE726D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11111111-1111-1111-1111-110311301136}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\1ClickDownload
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Plus-HD-2.2
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{1231839B-064E-4788-B865-465A1B5266FD}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{2DAC2231-CC35-482B-97C5-CED1D4185080}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{3F1CD84C-04A3-4EA0-9EA1-7D134FD66C82}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{3F83A9CA-B5F0-44EC-9357-35BB3E84B07F}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{47E520EA-CAD2-4F51-8F30-613B3A1C33EB}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{55555555-5555-5555-5555-550355305536}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{57C91446-8D81-4156-A70E-624551442DE9}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660366306636}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{70AFB7B2-9FB5-4A70-905B-0E9576142E1D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{7AD65FD1-79E0-406D-B03C-DD7C14726D69}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{97DD820D-2E20-40AD-B01E-6730B2FCE630}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{B177446D-54A4-4869-BABC-8566110B4BE0}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{D9D1DFC5-502D-43E4-B1BB-4D0B7841489A}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{DF84E609-C3A4-49CB-A160-61767DAF8899}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{E0B07188-A528-4F9E-B2F7-C7FDE8680AE4}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{F05B12E1-ADE8-4485-B45B-898748B53C37}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{C4ED781C-7394-4906-AAFF-D6AB64FF7C38}
Schlüssel Gelöscht : HKLM\SOFTWARE\Tarma Installer
Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\Main [bprotector start page]
Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes [bProtectorDefaultScope]
***** [Internet Browser] *****
-\\ Internet Explorer v10.0.9200.16537
Ersetzt : [HKCU\Software\Microsoft\Internet Explorer\Main - Start Page] = hxxp://search.babylon.com/?affID=119781&babsrc=HP_ss_din2g&mntrId=84D02CD05A5C18B7 --> hxxp://www.google.com
-\\ Mozilla Firefox v22.0 (de)
Datei : C:\Users\Sabrina\AppData\Roaming\Mozilla\Firefox\Profiles\i91wl28o.default\prefs.js
C:\Users\Sabrina\AppData\Roaming\Mozilla\Firefox\Profiles\i91wl28o.default\user.js ... Gelöscht !
Gelöscht : user_pref("browser.newtab.url", "hxxp://www.delta-search.com/?affID=119781&babsrc=NT_ss&mntrId=84D02[...]
Gelöscht : user_pref("extensions.a4fdacf00e9c44ad5b4cfbf9800f184f63685711674e04973936f860cd2a102a9com33036.3303[...]
Gelöscht : user_pref("extensions.a4fdacf00e9c44ad5b4cfbf9800f184f63685711674e04973936f860cd2a102a9com33036.3303[...]
Gelöscht : user_pref("extensions.a4fdacf00e9c44ad5b4cfbf9800f184f63685711674e04973936f860cd2a102a9com33036.3303[...]
Gelöscht : user_pref("extensions.a4fdacf00e9c44ad5b4cfbf9800f184f63685711674e04973936f860cd2a102a9com33036.3303[...]
Gelöscht : user_pref("extensions.a4fdacf00e9c44ad5b4cfbf9800f184f63685711674e04973936f860cd2a102a9com33036.3303[...]
Gelöscht : user_pref("extensions.a4fdacf00e9c44ad5b4cfbf9800f184f63685711674e04973936f860cd2a102a9com33036.3303[...]
Gelöscht : user_pref("extensions.a4fdacf00e9c44ad5b4cfbf9800f184f63685711674e04973936f860cd2a102a9com33036.3303[...]
Gelöscht : user_pref("extensions.a4fdacf00e9c44ad5b4cfbf9800f184f63685711674e04973936f860cd2a102a9com33036.3303[...]
Gelöscht : user_pref("extensions.delta.admin", false);
Gelöscht : user_pref("extensions.delta.aflt", "babsst");
Gelöscht : user_pref("extensions.delta.appId", "{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}");
Gelöscht : user_pref("extensions.delta.autoRvrt", "false");
Gelöscht : user_pref("extensions.delta.dfltLng", "en");
Gelöscht : user_pref("extensions.delta.excTlbr", false);
Gelöscht : user_pref("extensions.delta.ffxUnstlRst", true);
Gelöscht : user_pref("extensions.delta.id", "84d07fb60000000000002cd05a5c18b7");
Gelöscht : user_pref("extensions.delta.instlDay", "15862");
Gelöscht : user_pref("extensions.delta.instlRef", "sst");
Gelöscht : user_pref("extensions.delta.newTab", false);
Gelöscht : user_pref("extensions.delta.prdct", "delta");
Gelöscht : user_pref("extensions.delta.prtnrId", "delta");
Gelöscht : user_pref("extensions.delta.rvrt", "false");
Gelöscht : user_pref("extensions.delta.smplGrp", "none");
Gelöscht : user_pref("extensions.delta.tlbrId", "base");
Gelöscht : user_pref("extensions.delta.tlbrSrchUrl", "");
Gelöscht : user_pref("extensions.delta.vrsn", "1.8.21.5");
Gelöscht : user_pref("extensions.delta.vrsnTs", "1.8.21.518:44:55");
Gelöscht : user_pref("extensions.delta.vrsni", "1.8.21.5");
Gelöscht : user_pref("extensions.delta_i.babExt", "");
Gelöscht : user_pref("extensions.delta_i.babTrack", "affID=119781");
Gelöscht : user_pref("extensions.delta_i.srcExt", "ss");
-\\ Google Chrome v28.0.1500.95
Datei : C:\Users\Sabrina\AppData\Local\Google\Chrome\User Data\Default\Preferences
[OK] Die Datei ist sauber.
*************************
AdwCleaner[S1].txt - [14099 octets] - [12/08/2013 00:22:44]
########## EOF - C:\AdwCleaner[S1].txt - [14160 octets] ##########
Code:
ATTFilter ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 5.4.2 (08.11.2013:1)
OS: Windows 8 x64
Ran by Sabrina on 12.08.2013 at 0:31:08,54
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~ Services
~~~ Registry Values
~~~ Registry Keys
Failed to delete: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{A0B10EBE-4E51-4CAE-949B-E6B9E7D68CEA}
Failed to delete: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{BB975E58-E769-4E5A-BA12-B765BC559FF3}
Failed to delete: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{F511AFDB-726E-4458-90E7-1ECB97406544}
Failed to delete: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{FB684D26-01F4-4D9D-87CB-F486BEBA56DC}
Failed to delete: [Registry Key] HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{A0B10EBE-4E51-4CAE-949B-E6B9E7D68CEA}
Failed to delete: [Registry Key] HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{BB975E58-E769-4E5A-BA12-B765BC559FF3}
Failed to delete: [Registry Key] HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{F511AFDB-726E-4458-90E7-1ECB97406544}
Failed to delete: [Registry Key] HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{FB684D26-01F4-4D9D-87CB-F486BEBA56DC}
Failed to delete: [Registry Key] HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A0B10EBE-4E51-4CAE-949B-E6B9E7D68CEA}
Failed to delete: [Registry Key] HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{BB975E58-E769-4E5A-BA12-B765BC559FF3}
Failed to delete: [Registry Key] HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F511AFDB-726E-4458-90E7-1ECB97406544}
Failed to delete: [Registry Key] HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{FB684D26-01F4-4D9D-87CB-F486BEBA56DC}
Failed to delete: [Registry Key] HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A0B10EBE-4E51-4CAE-949B-E6B9E7D68CEA}
Failed to delete: [Registry Key] HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{BB975E58-E769-4E5A-BA12-B765BC559FF3}
Failed to delete: [Registry Key] HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{F511AFDB-726E-4458-90E7-1ECB97406544}
Failed to delete: [Registry Key] HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{FB684D26-01F4-4D9D-87CB-F486BEBA56DC}
~~~ Files
~~~ Folders
~~~ FireFox
Successfully deleted the following from C:\Users\Sabrina\AppData\Roaming\mozilla\firefox\profiles\i91wl28o.default\prefs.js
user_pref("extensions.a4fdacf00e9c44ad5b4cfbf9800f184f63685711674e04973936f860cd2a102a9com33036.33036.backgroundjs", "\n\n/****************************************************
user_pref("extensions.a4fdacf00e9c44ad5b4cfbf9800f184f63685711674e04973936f860cd2a102a9com33036.33036.internaldb.cache/530e52021dc20843b1aa62957edeb9f8.value", "%22var%20adsDe
user_pref("extensions.a4fdacf00e9c44ad5b4cfbf9800f184f63685711674e04973936f860cd2a102a9com33036.33036.js", "\n\n /************************************************************
user_pref("extensions.a4fdacf00e9c44ad5b4cfbf9800f184f63685711674e04973936f860cd2a102a9com33036.33036.plugins.plugin_1.code", "appAPI._cr_config={appID:function(){var a=appAPI
user_pref("extensions.a4fdacf00e9c44ad5b4cfbf9800f184f63685711674e04973936f860cd2a102a9com33036.33036.plugins.plugin_102.code", "if (typeof appAPI.internal.monetization === \"
user_pref("extensions.a4fdacf00e9c44ad5b4cfbf9800f184f63685711674e04973936f860cd2a102a9com33036.33036.plugins.plugin_119.code", "if (typeof appAPI.internal.monetization === \"
user_pref("extensions.a4fdacf00e9c44ad5b4cfbf9800f184f63685711674e04973936f860cd2a102a9com33036.33036.plugins.plugin_120.code", "if (typeof appAPI.internal.monetization === \"
user_pref("extensions.a4fdacf00e9c44ad5b4cfbf9800f184f63685711674e04973936f860cd2a102a9com33036.33036.plugins.plugin_123.code", "if (typeof appAPI.internal.monetization === \"
user_pref("extensions.a4fdacf00e9c44ad5b4cfbf9800f184f63685711674e04973936f860cd2a102a9com33036.33036.plugins.plugin_138.code", "if (typeof appAPI.internal.monetization === \"
user_pref("extensions.a4fdacf00e9c44ad5b4cfbf9800f184f63685711674e04973936f860cd2a102a9com33036.33036.plugins.plugin_14.name", "CrossriderUtils");
user_pref("extensions.a4fdacf00e9c44ad5b4cfbf9800f184f63685711674e04973936f860cd2a102a9com33036.33036.plugins.plugin_21.code", "var CrossriderDebugManager=(function(h){var f={
user_pref("extensions.a4fdacf00e9c44ad5b4cfbf9800f184f63685711674e04973936f860cd2a102a9com33036.33036.plugins.plugin_22.code", "(function(a){appAPI.queueManager={queue:[],regi
user_pref("extensions.a4fdacf00e9c44ad5b4cfbf9800f184f63685711674e04973936f860cd2a102a9com33036.33036.plugins.plugin_28.code", "var CrossriderInitializerPlugin=(function(e){va
user_pref("extensions.a4fdacf00e9c44ad5b4cfbf9800f184f63685711674e04973936f860cd2a102a9com33036.33036.plugins.plugin_47.code", "(function(){appAPI.ready=function(a){appAPI.res
user_pref("extensions.a4fdacf00e9c44ad5b4cfbf9800f184f63685711674e04973936f860cd2a102a9com33036.33036.plugins.plugin_78.name", "CrossriderInfo");
user_pref("extensions.a4fdacf00e9c44ad5b4cfbf9800f184f63685711674e04973936f860cd2a102a9com33036.33036.plugins.plugin_87.code", "var CROSSRIDER_PLATFORM=true;var JQ=bbrsJQ=$jqu
user_pref("extensions.a4fdacf00e9c44ad5b4cfbf9800f184f63685711674e04973936f860cd2a102a9com33036.33036.plugins.plugin_92.code", "if(typeof appAPI.internal.monetization===\"unde
user_pref("extensions.crossrider.bic", "13f1a60714a25505b6ec2ff66c8ebb2c");
Emptied folder: C:\Users\Sabrina\AppData\Roaming\mozilla\firefox\profiles\i91wl28o.default\minidumps [12 files]
~~~ Chrome
Successfully deleted: [Folder] C:\Users\Sabrina\appdata\local\Google\Chrome\User Data\Default\Extensions\eooncjejnppfjjklapaamhcdmjbilmde
Successfully deleted: [Folder] C:\Users\Sabrina\appdata\local\Google\Chrome\User Data\Default\Extensions\fjoijdanhaiflhibkljeklcghcmmfffh
~~~ Event Viewer Logs were cleared
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 12.08.2013 at 0:36:55,23
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
FRST Logfile: FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 09-08-2013
Ran by Sabrina (administrator) on 12-08-2013 00:46:39
Running from C:\Users\Sabrina\Downloads
Windows 8 (X64) OS Language: German Standard
Internet Explorer Version 10
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Microsoft Corporation) C:\windows\system32\WLANExt.exe
() C:\Program Files (x86)\TOSHIBA\Password Utility\GFNEXSrv.exe
(ArcSoft Inc.) C:\Program Files (x86)\Common Files\ArcSoft\esinter\Bin\eservutil.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\avp.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
(Nuance Communications, Inc.) C:\Program Files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe
(TOSHIBA Corporation) C:\Windows\system32\TODDSrv.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Teco\TecoService.exe
(Microsoft Corporation) C:\windows\system32\dashost.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.0.1119.516_x64__8wekyb3d8bbwe\LiveComm.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Synaptics Incorporated) C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Teco\TecoResident.exe
(Acresso Corporation) C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe
(Skillbrains) C:\Users\Sabrina\AppData\Local\Skillbrains\lightshot\4.4.1.0\LightShot.exe
(Nuance Communications, Inc.) C:\Program Files (x86)\Nuance\PaperPort\pptd40nt.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\Browny02\BrYNSvc.exe
(Ulead Systems, Inc.) C:\Program Files (x86)\Common Files\Ulead Systems\AutoDetector\Monitor.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\avp.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TPHM\TPCHWMsg.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Toshiba Service Station\ToshibaServiceStation.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
(Toshiba Europe GmbH) C:\Program Files (x86)\Toshiba TEMPRO\Toshiba.Tempro.UI.CommonNotifier.exe
(Toshiba Europe GmbH) C:\Program Files (x86)\Toshiba TEMPRO\TemproSvc.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\windows\system32\msiexec.exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [] - [x]
HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13196432 2012-09-25] (Realtek Semiconductor)
HKLM\...\Run: [TCrdMain] - C:\Program Files\TOSHIBA\Hotkey\TCrdMain_Win8.exe [2611112 2012-09-04] ()
HKLM\...\Run: [TODDMain] - C:\Program Files (x86)\TOSHIBA\System Setting\TODDMain.exe [213136 2012-08-05] ()
HKLM\...\Run: [TecoResident] - C:\Program Files\TOSHIBA\Teco\TecoResident.exe [169896 2012-08-14] (TOSHIBA Corporation)
HKLM\...\Run: [TosWaitSrv] - C:\Program Files\TOSHIBA\TPHM\TosWaitSrv.exe [356776 2012-07-11] (TOSHIBA Corporation)
HKLM\...\Run: [SRS Premium Sound HD] - C:\Program Files\SRS Labs\SRS Control Panel\SRS_Premium_Sound_HD.zip [223242 2012-08-20] ()
HKCU\...\Run: [ISUSPM] - C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe [222496 2009-05-05] (Acresso Corporation)
HKCU\...\Run: [Lync] - C:\Program Files\Microsoft Office\Office15\lync.exe [22111392 2013-06-13] (Microsoft Corporation)
HKCU\...\Run: [LightShot] - C:\Users\Sabrina\AppData\Local\Skillbrains\lightshot\LightShot.exe [226592 2013-05-27] ()
HKCU\...\Run: [SkyDrive] - C:\Users\Sabrina\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe [257136 2013-07-02] (Microsoft Corporation)
HKCU\...\RunOnce: [Uninstall C:\Users\Sabrina\AppData\Local\Microsoft\SkyDrive\17.0.2010.0530\amd64] - C:\windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Sabrina\AppData\Local\Microsoft\SkyDrive\17.0.2010.0530\amd64" [404992 2012-07-26] (Microsoft Corporation)
HKLM-x32\...\Run: [Intel AppUp(SM) center] - C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe [155488 2012-08-02] (Intel Corporation)
HKLM-x32\...\Run: [TPUReg] - C:\Program Files (x86)\TOSHIBA\Password Utility\TosPU.exe [7148032 2012-10-31] (Pegatron Corporation)
HKLM-x32\...\Run: [TPUReg(x86)] - "C:\Program Files\TOSHIBA\Password Utility\TosPU.exe" /Retimes [x]
HKLM-x32\...\Run: [IndexSearch] - C:\Program Files (x86)\Nuance\PaperPort\IndexSearch.exe [46368 2010-03-09] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [PaperPort PTD] - C:\Program Files (x86)\Nuance\PaperPort\pptd40nt.exe [29984 2010-03-09] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [PPort12reminder] - C:\Program Files (x86)\Nuance\PaperPort\Ereg\Ereg.exe [328992 2010-02-09] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [PDFHook] - C:\Program Files (x86)\Nuance\PDF Viewer Plus\pdfpro5hook.exe [636192 2010-03-05] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [PDF5 Registry Controller] - C:\Program Files (x86)\Nuance\PDF Viewer Plus\RegistryController.exe [62752 2010-03-05] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [ControlCenter4] - C:\Program Files (x86)\ControlCenter4\BrCcBoot.exe [143360 2012-09-06] (Brother Industries, Ltd.)
HKLM-x32\...\Run: [BrStsMon00] - C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe [3076096 2012-06-06] (Brother Industries, Ltd.)
HKLM-x32\...\Run: [Ulead AutoDetector v2] - C:\Program Files (x86)\Common Files\Ulead Systems\AutoDetector\monitor.exe [95504 2007-08-02] (Ulead Systems, Inc.)
HKLM-x32\...\Run: [AVP] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\runner_avp.exe [24504 2013-07-07] (Kaspersky Lab ZAO)
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://toshiba13.msn.com
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKLM - {E1455FA2-3B28-422E-8E5A-12B1D073E98D} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MATMJS
SearchScopes: HKLM-x32 - {E1455FA2-3B28-422E-8E5A-12B1D073E98D} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MATMJS
SearchScopes: HKCU - {E1455FA2-3B28-422E-8E5A-12B1D073E98D} URL =
BHO: Lync Browser Helper - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO: Content Blocker Plugin - {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\x64\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO)
BHO: Virtual Keyboard Plugin - {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~1\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\PROGRA~1\MICROS~1\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO: URL Advisor Plugin - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\x64\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
BHO-x32: Lync Browser Helper - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO-x32: PlusIEEventHelper Class - {551A852F-39A6-44A7-9C13-AFBEC9185A9D} - C:\Program Files (x86)\Nuance\PDF Viewer Plus\Bin\PlusIEContextMenu.dll (Zeon Corporation)
BHO-x32: Content Blocker Plugin - {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO)
BHO-x32: Virtual Keyboard Plugin - {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Microsoft SkyDrive Pro Browser Helper - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\PROGRA~2\MICROS~1\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: URL Advisor Plugin - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1
FireFox:
========
FF ProfilePath: C:\Users\Sabrina\AppData\Roaming\Mozilla\Firefox\Profiles\i91wl28o.default
FF Homepage: hxxp://www.t-online.de
FF Plugin: @adobe.com/FlashPlayer - C:\windows\system32\Macromed\Flash\NPSWF64_11_8_800_94.dll ()
FF Plugin: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~1\MICROS~1\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_94.dll ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 - C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~1\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 - C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll ()
FF Extension: No Name - C:\Users\Sabrina\AppData\Roaming\Mozilla\Firefox\Profiles\i91wl28o.default\Extensions\4fdacf00-e9c4-4ad5-b4cf-bf9800f184f6@36857116-74e0-4973-936f-860cd2a102a9.com
FF Extension: No Name - C:\Users\Sabrina\AppData\Roaming\Mozilla\Firefox\Profiles\i91wl28o.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
FF Extension: Default - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF HKLM-x32\...\Firefox\Extensions: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\FFExt\url_advisor@kaspersky.com
FF Extension: Kaspersky URL Advisor - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\FFExt\url_advisor@kaspersky.com
FF HKLM-x32\...\Firefox\Extensions: [virtual_keyboard@kaspersky.com] C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\FFExt\virtual_keyboard@kaspersky.com
FF Extension: Virtual Keyboard - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\FFExt\virtual_keyboard@kaspersky.com
FF HKLM-x32\...\Firefox\Extensions: [content_blocker@kaspersky.com] C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\FFExt\content_blocker@kaspersky.com
FF Extension: Content Blocker - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\FFExt\content_blocker@kaspersky.com
FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] C:\Program Files\McAfee\MSK
Chrome:
=======
CHR Extension: (Google Docs) - C:\Users\Sabrina\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0
CHR Extension: (Google Drive) - C:\Users\Sabrina\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0
CHR Extension: (FTdownloader V4.0) - C:\Users\Sabrina\AppData\Local\Google\Chrome\User Data\Default\Extensions\bebnnlollpcjnfpkafhoclljaojgnfok\4.0_0
CHR Extension: (YouTube) - C:\Users\Sabrina\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0
CHR Extension: (Google Search) - C:\Users\Sabrina\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0
CHR Extension: (Kaspersky URL Advisor) - C:\Users\Sabrina\AppData\Local\Google\Chrome\User Data\Default\Extensions\dchlnpcodkpfdpacogkljefecpegganj\13.0.1.4190_1
CHR Extension: (Virtual Keyboard) - C:\Users\Sabrina\AppData\Local\Google\Chrome\User Data\Default\Extensions\jagncdcchgajhfhijbbhecadmaiegcmh\13.0.1.4292_1
CHR Extension: (Gmail) - C:\Users\Sabrina\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0
CHR HKLM-x32\...\Chrome\Extension: [bebnnlollpcjnfpkafhoclljaojgnfok] - C:\Program Files (x86)\FTDownloader.com\FTDownloader10.crx
CHR HKLM-x32\...\Chrome\Extension: [dchlnpcodkpfdpacogkljefecpegganj] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\ChromeExt\urladvisor.crx
CHR HKLM-x32\...\Chrome\Extension: [hghkgaeecgjhjkannahfamoehjmkjail] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\ChromeExt\content_blocker_chrome.crx
CHR HKLM-x32\...\Chrome\Extension: [jagncdcchgajhfhijbbhecadmaiegcmh] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\ChromeExt\virtkbd.crx
CHR StartMenuInternet: Google Chrome - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
==================== Services (Whitelisted) =================
R2 ADExchange; C:\Program Files (x86)\Common Files\ArcSoft\esinter\Bin\eservutil.exe [37280 2011-10-26] (ArcSoft Inc.)
R2 AVP; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\avp.exe [356376 2013-07-07] (Kaspersky Lab ZAO)
R2 GFNEXSrv; C:\Program Files (x86)\TOSHIBA\Password Utility\GFNEXSrv.exe [156672 2011-10-13] ()
R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [129856 2012-06-27] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [166720 2012-06-25] (Intel Corporation)
R2 PDFProFiltSrvPP; C:\Program Files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe [144672 2010-03-09] (Nuance Communications, Inc.)
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [201360 2012-08-31] (Realtek Semiconductor)
R3 TemproMonitoringService; C:\Program Files (x86)\Toshiba TEMPRO\TemproSvc.exe [114656 2012-09-25] (Toshiba Europe GmbH)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [14920 2013-01-29] (Microsoft Corporation)
S2 mcbootdelaystartsvc; "C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe" /McCoreSvc [x]
==================== Drivers (Whitelisted) ====================
R0 kl1; C:\Windows\System32\DRIVERS\kl1.sys [458584 2012-06-19] (Kaspersky Lab ZAO)
S0 klelam; C:\Windows\System32\DRIVERS\klelam.sys [29616 2012-07-27] (Kaspersky Lab)
R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [619616 2013-07-07] (Kaspersky Lab ZAO)
R1 KLIM6; C:\Windows\system32\DRIVERS\klim6.sys [28504 2012-08-02] (Kaspersky Lab ZAO)
R3 klkbdflt; C:\Windows\system32\DRIVERS\klkbdflt.sys [29016 2013-07-07] (Kaspersky Lab)
R3 klmouflt; C:\Windows\system32\DRIVERS\klmouflt.sys [29528 2013-07-07] (Kaspersky Lab)
R1 klwfp; C:\Windows\system32\DRIVERS\klwfp.sys [50448 2013-07-07] (Kaspersky Lab ZAO)
R1 kneps; C:\Windows\system32\DRIVERS\kneps.sys [178448 2013-07-07] (Kaspersky Lab ZAO)
R2 PEGAGFN; C:\Program Files (x86)\TOSHIBA\Password Utility\PEGAGFN.sys [14344 2009-09-11] (PEGATRON)
S3 RTL8192Ce; C:\Windows\system32\DRIVERS\rtwlane.sys [1498256 2012-08-29] (Realtek Semiconductor Corporation )
R3 RTWlanE; C:\Windows\system32\DRIVERS\rtwlane.sys [1498256 2012-08-29] (Realtek Semiconductor Corporation )
R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [43832 2012-08-16] (Synaptics Incorporated)
R3 Thotkey; C:\Windows\System32\drivers\Thotkey.sys [28632 2012-07-31] (Windows (R) Win 7 DDK provider)
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2013-08-12 00:28 - 2013-08-12 00:28 - 00944331 _____ (Oleg N. Scherbakov) C:\Users\Sabrina\Downloads\JRT.exe
2013-08-12 00:22 - 2013-08-12 00:23 - 00014190 _____ C:\AdwCleaner[S1].txt
2013-08-12 00:22 - 2013-08-12 00:22 - 00666633 _____ C:\Users\Sabrina\Downloads\adwcleaner.exe
2013-08-11 23:55 - 2013-08-11 23:55 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\Sabrina\Downloads\mbam-setup-1.75.0.1300.exe
2013-08-11 23:55 - 2013-08-11 23:55 - 00000000 ____D C:\Users\Sabrina\AppData\Roaming\Malwarebytes
2013-08-11 23:55 - 2013-08-11 23:55 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-08-11 10:04 - 2013-08-12 00:09 - 00000000 ____D C:\Users\Sabrina\AppData\Roaming\Betcat
2013-08-11 09:45 - 2013-08-11 09:46 - 00033214 _____ C:\Users\Sabrina\Downloads\Addition.txt
2013-08-11 09:43 - 2013-08-11 09:43 - 00000000 ____D C:\FRST
2013-08-11 09:42 - 2013-08-11 09:42 - 01790633 _____ (Farbar) C:\Users\Sabrina\Downloads\FRST64.exe
2013-08-11 09:41 - 2013-08-11 09:41 - 01230570 _____ (Farbar) C:\Users\Sabrina\Downloads\FRST.exe
2013-08-10 00:14 - 2013-08-10 00:14 - 00170562 _____ C:\Users\Sabrina\Documents\Foto 1
2013-08-01 10:30 - 2013-08-12 00:17 - 00003436 _____ C:\windows\System32\Tasks\BrowserDefendert
2013-07-30 20:32 - 2013-07-30 20:32 - 00003004 _____ C:\Program Files (x86)\WebCakeLayers.crx
2013-07-22 22:53 - 2013-07-22 22:53 - 00000035 _____ C:\Users\Sabrina\Downloads\1ef24632762541d96396215fc2882140.txt
2013-07-22 08:06 - 2013-07-22 08:22 - 00040169 _____ C:\p2.txt
2013-07-22 08:04 - 2013-07-22 08:04 - 00000000 ____D C:\Users\Sabrina\AppData\Roaming\ArcSoft
2013-07-22 08:03 - 2013-07-22 08:04 - 00000000 ____D C:\ProgramData\ArcSoft
2013-07-22 08:03 - 2013-07-22 08:03 - 00001170 _____ C:\Users\Sabrina\Desktop\Perfect365.lnk
2013-07-22 08:03 - 2013-07-22 08:03 - 00000000 ____D C:\Users\Sabrina\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ArcSoft
2013-07-22 08:03 - 2013-07-22 08:03 - 00000000 ____D C:\Users\Sabrina\AppData\Local\ArcSoft
2013-07-22 08:03 - 2013-07-22 08:03 - 00000000 ____D C:\Program Files (x86)\ArcSoft
2013-07-22 08:02 - 2013-07-22 08:02 - 25023095 _____ C:\Users\Sabrina\Desktop\perfect365_retail_tbyb_all.exe
2013-07-22 08:00 - 2013-07-22 08:00 - 00000100 _____ C:\Users\Public\sdelevURL.tmp
2013-07-20 11:17 - 2013-07-20 11:17 - 00450088 _____ C:\windows\system32\FNTCACHE.DAT
2013-07-16 22:28 - 2013-06-17 00:41 - 00997632 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ndis.sys
2013-07-16 22:28 - 2013-06-01 13:54 - 00194816 _____ (Microsoft Corporation) C:\windows\system32\Drivers\sdbus.sys
2013-07-16 22:28 - 2013-06-01 13:54 - 00125184 _____ (Microsoft Corporation) C:\windows\system32\Drivers\dumpsd.sys
2013-07-16 22:28 - 2013-06-01 13:34 - 02391280 _____ (Microsoft Corporation) C:\windows\explorer.exe
2013-07-16 22:28 - 2013-06-01 13:33 - 02233600 _____ (Microsoft Corporation) C:\windows\system32\Drivers\tcpip.sys
2013-07-16 22:28 - 2013-06-01 13:29 - 00337152 _____ (Microsoft Corporation) C:\windows\system32\Drivers\USBXHCI.SYS
2013-07-16 22:28 - 2013-06-01 13:29 - 00213248 _____ (Microsoft Corporation) C:\windows\system32\Drivers\UCX01000.SYS
2013-07-16 22:28 - 2013-06-01 13:26 - 06987008 _____ (Microsoft Corporation) C:\windows\system32\ntoskrnl.exe
2013-07-16 22:28 - 2013-06-01 13:26 - 00327936 _____ (Microsoft Corporation) C:\windows\system32\Drivers\volsnap.sys
2013-07-16 22:28 - 2013-06-01 12:24 - 02106176 _____ (Microsoft Corporation) C:\windows\SysWOW64\explorer.exe
2013-07-16 22:28 - 2013-06-01 11:25 - 00364544 _____ (Microsoft Corporation) C:\windows\SysWOW64\XpsGdiConverter.dll
2013-07-16 22:28 - 2013-06-01 11:25 - 00067584 _____ (Microsoft Corporation) C:\windows\SysWOW64\samlib.dll
2013-07-16 22:28 - 2013-06-01 11:24 - 01453568 _____ (Microsoft Corporation) C:\windows\SysWOW64\mfcore.dll
2013-07-16 22:28 - 2013-06-01 11:24 - 00850944 _____ (Microsoft Corporation) C:\windows\SysWOW64\mfasfsrcsnk.dll
2013-07-16 22:28 - 2013-06-01 11:24 - 00493056 _____ (Microsoft Corporation) C:\windows\SysWOW64\mscms.dll
2013-07-16 22:28 - 2013-06-01 11:23 - 01842176 _____ (Microsoft Corporation) C:\windows\SysWOW64\dwmcore.dll
2013-07-16 22:28 - 2013-06-01 11:23 - 00680960 _____ (Microsoft Corporation) C:\windows\system32\vds.exe
2013-07-16 22:28 - 2013-06-01 11:22 - 00523264 _____ (Microsoft Corporation) C:\windows\system32\XpsGdiConverter.dll
2013-07-16 22:28 - 2013-06-01 11:22 - 00446976 _____ (Microsoft Corporation) C:\windows\system32\wwansvc.dll
2013-07-16 22:28 - 2013-06-01 11:22 - 00190976 _____ (Microsoft Corporation) C:\windows\system32\vdsutil.dll
2013-07-16 22:28 - 2013-06-01 11:22 - 00080896 _____ (Microsoft Corporation) C:\windows\system32\MbaeParserTask.exe
2013-07-16 22:28 - 2013-06-01 11:21 - 00729600 _____ (Microsoft Corporation) C:\windows\system32\samsrv.dll
2013-07-16 22:28 - 2013-06-01 11:21 - 00106496 _____ (Microsoft Corporation) C:\windows\system32\samlib.dll
2013-07-16 22:28 - 2013-06-01 11:20 - 02219520 _____ (Microsoft Corporation) C:\windows\system32\dwmcore.dll
2013-07-16 22:28 - 2013-06-01 11:20 - 01527808 _____ (Microsoft Corporation) C:\windows\system32\mfcore.dll
2013-07-16 22:28 - 2013-06-01 11:20 - 01048576 _____ (Microsoft Corporation) C:\windows\system32\mfasfsrcsnk.dll
2013-07-16 22:28 - 2013-06-01 11:20 - 00583168 _____ (Microsoft Corporation) C:\windows\system32\mscms.dll
2013-07-16 22:28 - 2013-06-01 11:19 - 00785408 _____ (Microsoft Corporation) C:\windows\system32\audiosrv.dll
2013-07-16 22:28 - 2013-06-01 11:19 - 00207872 _____ (Microsoft Corporation) C:\windows\system32\DeviceSetupManager.dll
2013-07-16 22:28 - 2013-06-01 05:08 - 00037632 _____ (Microsoft Corporation) C:\windows\system32\Drivers\BthAvrcpTg.sys
2013-07-16 22:28 - 2013-05-25 00:09 - 01403296 _____ (Microsoft Corporation) C:\windows\system32\winload.efi
2013-07-16 22:28 - 2013-05-25 00:09 - 01271584 _____ (Microsoft Corporation) C:\windows\system32\winload.exe
2013-07-16 22:28 - 2013-05-25 00:09 - 01217352 _____ (Microsoft Corporation) C:\windows\system32\winresume.efi
2013-07-16 22:28 - 2013-05-25 00:09 - 01093904 _____ (Microsoft Corporation) C:\windows\system32\winresume.exe
2013-07-16 22:28 - 2013-05-20 02:08 - 00386642 _____ C:\windows\system32\ApnDatabase.xml
==================== One Month Modified Files and Folders =======
2013-08-12 00:39 - 2013-06-06 22:03 - 00001130 _____ C:\windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-08-12 00:31 - 2013-08-12 00:31 - 00000000 ____D C:\windows\ERUNT
2013-08-12 00:28 - 2013-08-12 00:28 - 00944331 _____ (Oleg N. Scherbakov) C:\Users\Sabrina\Downloads\JRT.exe
2013-08-12 00:28 - 2012-08-01 18:38 - 00753134 _____ C:\windows\system32\perfh007.dat
2013-08-12 00:28 - 2012-08-01 18:38 - 00155826 _____ C:\windows\system32\perfc007.dat
2013-08-12 00:28 - 2012-07-26 09:28 - 01745416 _____ C:\windows\system32\PerfStringBackup.INI
2013-08-12 00:26 - 2013-06-06 22:23 - 00000000 ____D C:\ProgramData\Kaspersky Lab
2013-08-12 00:24 - 2013-06-06 22:03 - 00001126 _____ C:\windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-08-12 00:24 - 2012-07-26 09:22 - 00000006 ____H C:\windows\Tasks\SA.DAT
2013-08-12 00:23 - 2013-08-12 00:22 - 00014190 _____ C:\AdwCleaner[S1].txt
2013-08-12 00:23 - 2012-07-26 07:26 - 00262144 ___SH C:\windows\system32\config\BBI
2013-08-12 00:22 - 2013-08-12 00:22 - 00666633 _____ C:\Users\Sabrina\Downloads\adwcleaner.exe
2013-08-12 00:18 - 2013-06-06 11:32 - 00000000 ____D C:\Users\Sabrina
2013-08-12 00:17 - 2013-08-01 10:30 - 00003436 _____ C:\windows\System32\Tasks\BrowserDefendert
2013-08-12 00:17 - 2012-11-14 04:05 - 00056002 _____ C:\windows\PFRO.log
2013-08-12 00:09 - 2013-08-11 10:04 - 00000000 ____D C:\Users\Sabrina\AppData\Roaming\Betcat
2013-08-12 00:03 - 2013-06-13 23:45 - 00000410 _____ C:\windows\Tasks\update-sys.job
2013-08-12 00:00 - 2012-07-26 10:12 - 00000000 ____D C:\windows\system32\sru
2013-08-11 23:59 - 2013-06-06 17:47 - 00000884 _____ C:\windows\Tasks\Adobe Flash Player Updater.job
2013-08-11 23:55 - 2013-08-11 23:55 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\Sabrina\Downloads\mbam-setup-1.75.0.1300.exe
2013-08-11 23:55 - 2013-08-11 23:55 - 00000000 ____D C:\Users\Sabrina\AppData\Roaming\Malwarebytes
2013-08-11 23:55 - 2013-08-11 23:55 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-08-11 23:52 - 2013-06-06 13:06 - 00000000 ____D C:\Users\Sabrina\Documents\Outlook-Dateien
2013-08-11 23:50 - 2013-06-06 11:32 - 01158351 _____ C:\windows\WindowsUpdate.log
2013-08-11 15:28 - 2013-06-13 23:45 - 00000410 _____ C:\windows\Tasks\update-S-1-5-21-3688149276-2920383417-1206681556-1001.job
2013-08-11 13:22 - 2013-06-06 11:34 - 00000000 ____D C:\Users\Sabrina\AppData\Local\VirtualStore
2013-08-11 09:46 - 2013-08-11 09:45 - 00033214 _____ C:\Users\Sabrina\Downloads\Addition.txt
2013-08-11 09:43 - 2013-08-11 09:43 - 00000000 ____D C:\FRST
2013-08-11 09:42 - 2013-08-11 09:42 - 01790633 _____ (Farbar) C:\Users\Sabrina\Downloads\FRST64.exe
2013-08-11 09:41 - 2013-08-11 09:41 - 01230570 _____ (Farbar) C:\Users\Sabrina\Downloads\FRST.exe
2013-08-10 01:25 - 2012-07-26 10:12 - 00000000 ____D C:\windows\AUInstallAgent
2013-08-10 00:14 - 2013-08-10 00:14 - 00170562 _____ C:\Users\Sabrina\Documents\Foto 1
2013-07-31 22:44 - 2013-06-06 11:34 - 00000000 ____D C:\Users\Sabrina\AppData\Local\Packages
2013-07-31 22:41 - 2013-06-06 22:05 - 00002194 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2013-07-30 20:53 - 2012-07-26 09:21 - 00024177 _____ C:\windows\setupact.log
2013-07-30 20:32 - 2013-07-30 20:32 - 00003004 _____ C:\Program Files (x86)\WebCakeLayers.crx
2013-07-27 10:20 - 2013-06-06 11:43 - 00003600 _____ C:\windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3688149276-2920383417-1206681556-1001
2013-07-23 19:09 - 2013-06-13 23:45 - 00003262 _____ C:\windows\System32\Tasks\update-S-1-5-21-3688149276-2920383417-1206681556-1001
2013-07-23 19:09 - 2013-06-13 23:45 - 00000444 _____ C:\Users\Sabrina\AppData\Local\UserProducts.xml
2013-07-23 19:09 - 2013-06-13 23:45 - 00000000 ____D C:\Users\Sabrina\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\LightShot
2013-07-22 22:53 - 2013-07-22 22:53 - 00000035 _____ C:\Users\Sabrina\Downloads\1ef24632762541d96396215fc2882140.txt
2013-07-22 08:22 - 2013-07-22 08:06 - 00040169 _____ C:\p2.txt
2013-07-22 08:04 - 2013-07-22 08:04 - 00000000 ____D C:\Users\Sabrina\AppData\Roaming\ArcSoft
2013-07-22 08:04 - 2013-07-22 08:03 - 00000000 ____D C:\ProgramData\ArcSoft
2013-07-22 08:03 - 2013-07-22 08:03 - 00001170 _____ C:\Users\Sabrina\Desktop\Perfect365.lnk
2013-07-22 08:03 - 2013-07-22 08:03 - 00000000 ____D C:\Users\Sabrina\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ArcSoft
2013-07-22 08:03 - 2013-07-22 08:03 - 00000000 ____D C:\Users\Sabrina\AppData\Local\ArcSoft
2013-07-22 08:03 - 2013-07-22 08:03 - 00000000 ____D C:\Program Files (x86)\ArcSoft
2013-07-22 08:02 - 2013-07-22 08:02 - 25023095 _____ C:\Users\Sabrina\Desktop\perfect365_retail_tbyb_all.exe
2013-07-22 08:00 - 2013-07-22 08:00 - 00000100 _____ C:\Users\Public\sdelevURL.tmp
2013-07-20 11:26 - 2013-06-06 17:46 - 00000000 ____D C:\Users\Sabrina\AppData\Local\Adobe
2013-07-20 11:25 - 2013-06-06 17:47 - 00003772 _____ C:\windows\System32\Tasks\Adobe Flash Player Updater
2013-07-20 11:24 - 2012-07-26 10:12 - 00000000 ____D C:\windows\rescache
2013-07-20 11:17 - 2013-07-20 11:17 - 00450088 _____ C:\windows\system32\FNTCACHE.DAT
2013-07-14 12:49 - 2012-07-26 07:38 - 00000000 ____D C:\windows\system32\oobe
2013-07-13 12:34 - 2013-06-06 22:03 - 00004102 _____ C:\windows\System32\Tasks\GoogleUpdateTaskMachineUA
2013-07-13 12:34 - 2013-06-06 22:03 - 00003866 _____ C:\windows\System32\Tasks\GoogleUpdateTaskMachineCore
==================== Bamital & volsnap Check =================
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
LastRegBack: 2013-08-11 13:51
==================== End Of Log ============================
--- --- --- --- --- --- ich hoffe das war ok? |
|
12.08.2013, 08:16
| #6 |
| /// the machine /// TB-Ausbilder | trojan-spy.html.fraud.genESET Online Scanner
Downloade Dir bitte  SecurityCheck und:
und ein frisches FRST log bitte. Noch Probleme? 
__________________ --> trojan-spy.html.fraud.gen |
|
12.08.2013, 12:08
| #7 |
| | trojan-spy.html.fraud.genCode:
ATTFilter ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=c5cfc675f4215b47a6e9eddb14d6f31c
# engine=14743
# end=stopped
# remove_checked=false
# archives_checked=true
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2013-08-12 10:54:26
# local_time=2013-08-12 12:54:26 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=6.2.9200 NT
# compatibility_mode=5893 16776574 100 94 2773310 16893965 0 0
# scanned=18
# found=0
# cleaned=0
# scan_time=0
Code:
ATTFilter Results of screen317's Security Check version 0.99.71
x64 (UAC is enabled)
Internet Explorer 10
``````````````Antivirus/Firewall Check:``````````````
Kaspersky Anti-Virus
Windows Defender
Antivirus up to date!
`````````Anti-malware/Other Utilities Check:`````````
Adobe Flash Player 11.8.800.94
Mozilla Firefox (22.0)
Google Chrome 28.0.1500.72
Google Chrome 28.0.1500.95
````````Process Check: objlist.exe by Laurent````````
Kaspersky Lab Kaspersky Anti-Virus 2013 avp.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: %
````````````````````End of Log``````````````````````
FRST Logfile: FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 09-08-2013
Ran by Sabrina (administrator) on 12-08-2013 13:01:21
Running from C:\Users\Sabrina\Downloads
Windows 8 (X64) OS Language: German Standard
Internet Explorer Version 10
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Microsoft Corporation) C:\windows\system32\WLANExt.exe
() C:\Program Files (x86)\TOSHIBA\Password Utility\GFNEXSrv.exe
(ArcSoft Inc.) C:\Program Files (x86)\Common Files\ArcSoft\esinter\Bin\eservutil.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\avp.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
(Nuance Communications, Inc.) C:\Program Files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe
(TOSHIBA Corporation) C:\Windows\system32\TODDSrv.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Teco\TecoService.exe
(Microsoft Corporation) C:\windows\system32\dashost.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.0.1119.516_x64__8wekyb3d8bbwe\LiveComm.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Synaptics Incorporated) C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Teco\TecoResident.exe
(Acresso Corporation) C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe
(Skillbrains) C:\Users\Sabrina\AppData\Local\Skillbrains\lightshot\4.4.1.0\LightShot.exe
(Nuance Communications, Inc.) C:\Program Files (x86)\Nuance\PaperPort\pptd40nt.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\Browny02\BrYNSvc.exe
(Ulead Systems, Inc.) C:\Program Files (x86)\Common Files\Ulead Systems\AutoDetector\Monitor.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\avp.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TPHM\TPCHWMsg.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Toshiba Service Station\ToshibaServiceStation.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
(Toshiba Europe GmbH) C:\Program Files (x86)\Toshiba TEMPRO\Toshiba.Tempro.UI.CommonNotifier.exe
(Toshiba Europe GmbH) C:\Program Files (x86)\Toshiba TEMPRO\TemproSvc.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Adobe Systems, Inc.) C:\windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_8_800_94.exe
(Adobe Systems, Inc.) C:\windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_8_800_94.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office15\OUTLOOK.EXE
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [] - [x]
HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13196432 2012-09-25] (Realtek Semiconductor)
HKLM\...\Run: [TCrdMain] - C:\Program Files\TOSHIBA\Hotkey\TCrdMain_Win8.exe [2611112 2012-09-04] ()
HKLM\...\Run: [TODDMain] - C:\Program Files (x86)\TOSHIBA\System Setting\TODDMain.exe [213136 2012-08-05] ()
HKLM\...\Run: [TecoResident] - C:\Program Files\TOSHIBA\Teco\TecoResident.exe [169896 2012-08-14] (TOSHIBA Corporation)
HKLM\...\Run: [TosWaitSrv] - C:\Program Files\TOSHIBA\TPHM\TosWaitSrv.exe [356776 2012-07-11] (TOSHIBA Corporation)
HKLM\...\Run: [SRS Premium Sound HD] - C:\Program Files\SRS Labs\SRS Control Panel\SRS_Premium_Sound_HD.zip [223242 2012-08-20] ()
HKCU\...\Run: [ISUSPM] - C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe [222496 2009-05-05] (Acresso Corporation)
HKCU\...\Run: [Lync] - C:\Program Files\Microsoft Office\Office15\lync.exe [22111392 2013-06-13] (Microsoft Corporation)
HKCU\...\Run: [LightShot] - C:\Users\Sabrina\AppData\Local\Skillbrains\lightshot\LightShot.exe [226592 2013-05-27] ()
HKCU\...\Run: [SkyDrive] - C:\Users\Sabrina\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe [257136 2013-07-02] (Microsoft Corporation)
HKCU\...\RunOnce: [Uninstall C:\Users\Sabrina\AppData\Local\Microsoft\SkyDrive\17.0.2010.0530\amd64] - C:\windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Sabrina\AppData\Local\Microsoft\SkyDrive\17.0.2010.0530\amd64" [404992 2012-07-26] (Microsoft Corporation)
HKLM-x32\...\Run: [Intel AppUp(SM) center] - C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe [155488 2012-08-02] (Intel Corporation)
HKLM-x32\...\Run: [TPUReg] - C:\Program Files (x86)\TOSHIBA\Password Utility\TosPU.exe [7148032 2012-10-31] (Pegatron Corporation)
HKLM-x32\...\Run: [TPUReg(x86)] - "C:\Program Files\TOSHIBA\Password Utility\TosPU.exe" /Retimes [x]
HKLM-x32\...\Run: [IndexSearch] - C:\Program Files (x86)\Nuance\PaperPort\IndexSearch.exe [46368 2010-03-09] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [PaperPort PTD] - C:\Program Files (x86)\Nuance\PaperPort\pptd40nt.exe [29984 2010-03-09] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [PPort12reminder] - C:\Program Files (x86)\Nuance\PaperPort\Ereg\Ereg.exe [328992 2010-02-09] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [PDFHook] - C:\Program Files (x86)\Nuance\PDF Viewer Plus\pdfpro5hook.exe [636192 2010-03-05] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [PDF5 Registry Controller] - C:\Program Files (x86)\Nuance\PDF Viewer Plus\RegistryController.exe [62752 2010-03-05] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [ControlCenter4] - C:\Program Files (x86)\ControlCenter4\BrCcBoot.exe [143360 2012-09-06] (Brother Industries, Ltd.)
HKLM-x32\...\Run: [BrStsMon00] - C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe [3076096 2012-06-06] (Brother Industries, Ltd.)
HKLM-x32\...\Run: [Ulead AutoDetector v2] - C:\Program Files (x86)\Common Files\Ulead Systems\AutoDetector\monitor.exe [95504 2007-08-02] (Ulead Systems, Inc.)
HKLM-x32\...\Run: [AVP] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\runner_avp.exe [24504 2013-07-07] (Kaspersky Lab ZAO)
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://toshiba13.msn.com
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKLM - {E1455FA2-3B28-422E-8E5A-12B1D073E98D} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MATMJS
SearchScopes: HKLM-x32 - {E1455FA2-3B28-422E-8E5A-12B1D073E98D} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MATMJS
SearchScopes: HKCU - {E1455FA2-3B28-422E-8E5A-12B1D073E98D} URL =
BHO: Lync Browser Helper - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO: Content Blocker Plugin - {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\x64\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO)
BHO: Virtual Keyboard Plugin - {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~1\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\PROGRA~1\MICROS~1\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO: URL Advisor Plugin - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\x64\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
BHO-x32: Lync Browser Helper - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO-x32: PlusIEEventHelper Class - {551A852F-39A6-44A7-9C13-AFBEC9185A9D} - C:\Program Files (x86)\Nuance\PDF Viewer Plus\Bin\PlusIEContextMenu.dll (Zeon Corporation)
BHO-x32: Content Blocker Plugin - {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO)
BHO-x32: Virtual Keyboard Plugin - {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Microsoft SkyDrive Pro Browser Helper - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\PROGRA~2\MICROS~1\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: URL Advisor Plugin - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1
FireFox:
========
FF ProfilePath: C:\Users\Sabrina\AppData\Roaming\Mozilla\Firefox\Profiles\i91wl28o.default
FF Homepage: hxxp://www.t-online.de
FF Plugin: @adobe.com/FlashPlayer - C:\windows\system32\Macromed\Flash\NPSWF64_11_8_800_94.dll ()
FF Plugin: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~1\MICROS~1\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_94.dll ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 - C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~1\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 - C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll ()
FF Extension: No Name - C:\Users\Sabrina\AppData\Roaming\Mozilla\Firefox\Profiles\i91wl28o.default\Extensions\4fdacf00-e9c4-4ad5-b4cf-bf9800f184f6@36857116-74e0-4973-936f-860cd2a102a9.com
FF Extension: No Name - C:\Users\Sabrina\AppData\Roaming\Mozilla\Firefox\Profiles\i91wl28o.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
FF Extension: Default - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF HKLM-x32\...\Firefox\Extensions: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\FFExt\url_advisor@kaspersky.com
FF Extension: Kaspersky URL Advisor - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\FFExt\url_advisor@kaspersky.com
FF HKLM-x32\...\Firefox\Extensions: [virtual_keyboard@kaspersky.com] C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\FFExt\virtual_keyboard@kaspersky.com
FF Extension: Virtual Keyboard - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\FFExt\virtual_keyboard@kaspersky.com
FF HKLM-x32\...\Firefox\Extensions: [content_blocker@kaspersky.com] C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\FFExt\content_blocker@kaspersky.com
FF Extension: Content Blocker - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\FFExt\content_blocker@kaspersky.com
FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] C:\Program Files\McAfee\MSK
Chrome:
=======
CHR RestoreOnStartup: "hxxp://www.google.com/"
CHR DefaultSearchURL: (Google) - {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}
CHR DefaultSuggestURL: (Google) - {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}sugkey={google:suggestAPIKeyParameter}
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\28.0.1500.95\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\28.0.1500.95\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\28.0.1500.95\pdf.dll ()
CHR Plugin: (Microsoft Office 2013) - C:\Program Files (x86)\Mozilla Firefox\plugins\npMeetingJoinPluginOC.dll (Microsoft Corporation)
CHR Plugin: (Microsoft Office 2013) - C:\PROGRA~2\MICROS~1\Office15\NPSPWRAP.DLL (Microsoft Corporation)
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll No File
CHR Plugin: (Intel00AE Identity Protection Technology) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
CHR Plugin: (Intel00AE Identity Protection Technology) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
CHR Plugin: (Shockwave Flash) - C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_202.dll No File
CHR Extension: (Google Docs) - C:\Users\Sabrina\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0
CHR Extension: (Google Drive) - C:\Users\Sabrina\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0
CHR Extension: (YouTube) - C:\Users\Sabrina\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0
CHR Extension: (Google Search) - C:\Users\Sabrina\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0
CHR Extension: (Kaspersky URL Advisor) - C:\Users\Sabrina\AppData\Local\Google\Chrome\User Data\Default\Extensions\dchlnpcodkpfdpacogkljefecpegganj\13.0.1.4190_1
CHR Extension: (Virtual Keyboard) - C:\Users\Sabrina\AppData\Local\Google\Chrome\User Data\Default\Extensions\jagncdcchgajhfhijbbhecadmaiegcmh\13.0.1.4292_1
CHR Extension: (Gmail) - C:\Users\Sabrina\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0
CHR HKLM-x32\...\Chrome\Extension: [bebnnlollpcjnfpkafhoclljaojgnfok] - C:\Program Files (x86)\FTDownloader.com\FTDownloader10.crx
CHR HKLM-x32\...\Chrome\Extension: [dchlnpcodkpfdpacogkljefecpegganj] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\ChromeExt\urladvisor.crx
CHR HKLM-x32\...\Chrome\Extension: [hghkgaeecgjhjkannahfamoehjmkjail] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\ChromeExt\content_blocker_chrome.crx
CHR HKLM-x32\...\Chrome\Extension: [jagncdcchgajhfhijbbhecadmaiegcmh] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\ChromeExt\virtkbd.crx
CHR StartMenuInternet: Google Chrome - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
==================== Services (Whitelisted) =================
R2 ADExchange; C:\Program Files (x86)\Common Files\ArcSoft\esinter\Bin\eservutil.exe [37280 2011-10-26] (ArcSoft Inc.)
R2 AVP; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\avp.exe [356376 2013-07-07] (Kaspersky Lab ZAO)
R2 GFNEXSrv; C:\Program Files (x86)\TOSHIBA\Password Utility\GFNEXSrv.exe [156672 2011-10-13] ()
R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [129856 2012-06-27] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [166720 2012-06-25] (Intel Corporation)
R2 PDFProFiltSrvPP; C:\Program Files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe [144672 2010-03-09] (Nuance Communications, Inc.)
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [201360 2012-08-31] (Realtek Semiconductor)
R3 TemproMonitoringService; C:\Program Files (x86)\Toshiba TEMPRO\TemproSvc.exe [114656 2012-09-25] (Toshiba Europe GmbH)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [14920 2013-01-29] (Microsoft Corporation)
S2 mcbootdelaystartsvc; "C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe" /McCoreSvc [x]
==================== Drivers (Whitelisted) ====================
R0 kl1; C:\Windows\System32\DRIVERS\kl1.sys [458584 2012-06-19] (Kaspersky Lab ZAO)
S0 klelam; C:\Windows\System32\DRIVERS\klelam.sys [29616 2012-07-27] (Kaspersky Lab)
R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [619616 2013-07-07] (Kaspersky Lab ZAO)
R1 KLIM6; C:\Windows\system32\DRIVERS\klim6.sys [28504 2012-08-02] (Kaspersky Lab ZAO)
R3 klkbdflt; C:\Windows\system32\DRIVERS\klkbdflt.sys [29016 2013-07-07] (Kaspersky Lab)
R3 klmouflt; C:\Windows\system32\DRIVERS\klmouflt.sys [29528 2013-07-07] (Kaspersky Lab)
R1 klwfp; C:\Windows\system32\DRIVERS\klwfp.sys [50448 2013-07-07] (Kaspersky Lab ZAO)
R1 kneps; C:\Windows\system32\DRIVERS\kneps.sys [178448 2013-07-07] (Kaspersky Lab ZAO)
R2 PEGAGFN; C:\Program Files (x86)\TOSHIBA\Password Utility\PEGAGFN.sys [14344 2009-09-11] (PEGATRON)
S3 RTL8192Ce; C:\Windows\system32\DRIVERS\rtwlane.sys [1498256 2012-08-29] (Realtek Semiconductor Corporation )
R3 RTWlanE; C:\Windows\system32\DRIVERS\rtwlane.sys [1498256 2012-08-29] (Realtek Semiconductor Corporation )
R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [43832 2012-08-16] (Synaptics Incorporated)
R3 Thotkey; C:\Windows\System32\drivers\Thotkey.sys [28632 2012-07-31] (Windows (R) Win 7 DDK provider)
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2013-08-12 12:52 - 2013-08-12 12:52 - 00000000 ____D C:\Program Files (x86)\ESET
2013-08-12 12:51 - 2013-08-12 12:51 - 02347384 _____ (ESET) C:\Users\Sabrina\Downloads\esetsmartinstaller_enu.exe
2013-08-12 00:31 - 2013-08-12 00:31 - 00000000 ____D C:\windows\ERUNT
2013-08-12 00:28 - 2013-08-12 00:28 - 00944331 _____ (Oleg N. Scherbakov) C:\Users\Sabrina\Downloads\JRT.exe
2013-08-12 00:22 - 2013-08-12 00:23 - 00014190 _____ C:\AdwCleaner[S1].txt
2013-08-12 00:22 - 2013-08-12 00:22 - 00666633 _____ C:\Users\Sabrina\Downloads\adwcleaner.exe
2013-08-11 23:55 - 2013-08-11 23:55 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\Sabrina\Downloads\mbam-setup-1.75.0.1300.exe
2013-08-11 23:55 - 2013-08-11 23:55 - 00000000 ____D C:\Users\Sabrina\AppData\Roaming\Malwarebytes
2013-08-11 23:55 - 2013-08-11 23:55 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-08-11 10:04 - 2013-08-12 00:09 - 00000000 ____D C:\Users\Sabrina\AppData\Roaming\Betcat
2013-08-11 09:45 - 2013-08-11 09:46 - 00033214 _____ C:\Users\Sabrina\Downloads\Addition.txt
2013-08-11 09:43 - 2013-08-11 09:43 - 00000000 ____D C:\FRST
2013-08-11 09:42 - 2013-08-11 09:42 - 01790633 _____ (Farbar) C:\Users\Sabrina\Downloads\FRST64.exe
2013-08-11 09:41 - 2013-08-11 09:41 - 01230570 _____ (Farbar) C:\Users\Sabrina\Downloads\FRST.exe
2013-08-10 00:14 - 2013-08-10 00:14 - 00170562 _____ C:\Users\Sabrina\Documents\Foto 1
2013-08-01 10:30 - 2013-08-12 00:17 - 00003436 _____ C:\windows\System32\Tasks\BrowserDefendert
2013-07-30 20:32 - 2013-07-30 20:32 - 00003004 _____ C:\Program Files (x86)\WebCakeLayers.crx
2013-07-22 22:53 - 2013-07-22 22:53 - 00000035 _____ C:\Users\Sabrina\Downloads\1ef24632762541d96396215fc2882140.txt
2013-07-22 08:06 - 2013-07-22 08:22 - 00040169 _____ C:\p2.txt
2013-07-22 08:04 - 2013-07-22 08:04 - 00000000 ____D C:\Users\Sabrina\AppData\Roaming\ArcSoft
2013-07-22 08:03 - 2013-07-22 08:04 - 00000000 ____D C:\ProgramData\ArcSoft
2013-07-22 08:03 - 2013-07-22 08:03 - 00001170 _____ C:\Users\Sabrina\Desktop\Perfect365.lnk
2013-07-22 08:03 - 2013-07-22 08:03 - 00000000 ____D C:\Users\Sabrina\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ArcSoft
2013-07-22 08:03 - 2013-07-22 08:03 - 00000000 ____D C:\Users\Sabrina\AppData\Local\ArcSoft
2013-07-22 08:03 - 2013-07-22 08:03 - 00000000 ____D C:\Program Files (x86)\ArcSoft
2013-07-22 08:02 - 2013-07-22 08:02 - 25023095 _____ C:\Users\Sabrina\Desktop\perfect365_retail_tbyb_all.exe
2013-07-22 08:00 - 2013-07-22 08:00 - 00000100 _____ C:\Users\Public\sdelevURL.tmp
2013-07-20 11:17 - 2013-07-20 11:17 - 00450088 _____ C:\windows\system32\FNTCACHE.DAT
2013-07-16 22:28 - 2013-06-17 00:41 - 00997632 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ndis.sys
2013-07-16 22:28 - 2013-06-01 13:54 - 00194816 _____ (Microsoft Corporation) C:\windows\system32\Drivers\sdbus.sys
2013-07-16 22:28 - 2013-06-01 13:54 - 00125184 _____ (Microsoft Corporation) C:\windows\system32\Drivers\dumpsd.sys
2013-07-16 22:28 - 2013-06-01 13:34 - 02391280 _____ (Microsoft Corporation) C:\windows\explorer.exe
2013-07-16 22:28 - 2013-06-01 13:33 - 02233600 _____ (Microsoft Corporation) C:\windows\system32\Drivers\tcpip.sys
2013-07-16 22:28 - 2013-06-01 13:29 - 00337152 _____ (Microsoft Corporation) C:\windows\system32\Drivers\USBXHCI.SYS
2013-07-16 22:28 - 2013-06-01 13:29 - 00213248 _____ (Microsoft Corporation) C:\windows\system32\Drivers\UCX01000.SYS
2013-07-16 22:28 - 2013-06-01 13:26 - 06987008 _____ (Microsoft Corporation) C:\windows\system32\ntoskrnl.exe
2013-07-16 22:28 - 2013-06-01 13:26 - 00327936 _____ (Microsoft Corporation) C:\windows\system32\Drivers\volsnap.sys
2013-07-16 22:28 - 2013-06-01 12:24 - 02106176 _____ (Microsoft Corporation) C:\windows\SysWOW64\explorer.exe
2013-07-16 22:28 - 2013-06-01 11:25 - 00364544 _____ (Microsoft Corporation) C:\windows\SysWOW64\XpsGdiConverter.dll
2013-07-16 22:28 - 2013-06-01 11:25 - 00067584 _____ (Microsoft Corporation) C:\windows\SysWOW64\samlib.dll
2013-07-16 22:28 - 2013-06-01 11:24 - 01453568 _____ (Microsoft Corporation) C:\windows\SysWOW64\mfcore.dll
2013-07-16 22:28 - 2013-06-01 11:24 - 00850944 _____ (Microsoft Corporation) C:\windows\SysWOW64\mfasfsrcsnk.dll
2013-07-16 22:28 - 2013-06-01 11:24 - 00493056 _____ (Microsoft Corporation) C:\windows\SysWOW64\mscms.dll
2013-07-16 22:28 - 2013-06-01 11:23 - 01842176 _____ (Microsoft Corporation) C:\windows\SysWOW64\dwmcore.dll
2013-07-16 22:28 - 2013-06-01 11:23 - 00680960 _____ (Microsoft Corporation) C:\windows\system32\vds.exe
2013-07-16 22:28 - 2013-06-01 11:22 - 00523264 _____ (Microsoft Corporation) C:\windows\system32\XpsGdiConverter.dll
2013-07-16 22:28 - 2013-06-01 11:22 - 00446976 _____ (Microsoft Corporation) C:\windows\system32\wwansvc.dll
2013-07-16 22:28 - 2013-06-01 11:22 - 00190976 _____ (Microsoft Corporation) C:\windows\system32\vdsutil.dll
2013-07-16 22:28 - 2013-06-01 11:22 - 00080896 _____ (Microsoft Corporation) C:\windows\system32\MbaeParserTask.exe
2013-07-16 22:28 - 2013-06-01 11:21 - 00729600 _____ (Microsoft Corporation) C:\windows\system32\samsrv.dll
2013-07-16 22:28 - 2013-06-01 11:21 - 00106496 _____ (Microsoft Corporation) C:\windows\system32\samlib.dll
2013-07-16 22:28 - 2013-06-01 11:20 - 02219520 _____ (Microsoft Corporation) C:\windows\system32\dwmcore.dll
2013-07-16 22:28 - 2013-06-01 11:20 - 01527808 _____ (Microsoft Corporation) C:\windows\system32\mfcore.dll
2013-07-16 22:28 - 2013-06-01 11:20 - 01048576 _____ (Microsoft Corporation) C:\windows\system32\mfasfsrcsnk.dll
2013-07-16 22:28 - 2013-06-01 11:20 - 00583168 _____ (Microsoft Corporation) C:\windows\system32\mscms.dll
2013-07-16 22:28 - 2013-06-01 11:19 - 00785408 _____ (Microsoft Corporation) C:\windows\system32\audiosrv.dll
2013-07-16 22:28 - 2013-06-01 11:19 - 00207872 _____ (Microsoft Corporation) C:\windows\system32\DeviceSetupManager.dll
2013-07-16 22:28 - 2013-06-01 05:08 - 00037632 _____ (Microsoft Corporation) C:\windows\system32\Drivers\BthAvrcpTg.sys
2013-07-16 22:28 - 2013-05-25 00:09 - 01403296 _____ (Microsoft Corporation) C:\windows\system32\winload.efi
2013-07-16 22:28 - 2013-05-25 00:09 - 01271584 _____ (Microsoft Corporation) C:\windows\system32\winload.exe
2013-07-16 22:28 - 2013-05-25 00:09 - 01217352 _____ (Microsoft Corporation) C:\windows\system32\winresume.efi
2013-07-16 22:28 - 2013-05-25 00:09 - 01093904 _____ (Microsoft Corporation) C:\windows\system32\winresume.exe
2013-07-16 22:28 - 2013-05-20 02:08 - 00386642 _____ C:\windows\system32\ApnDatabase.xml
==================== One Month Modified Files and Folders =======
2013-08-12 13:00 - 2012-07-26 10:12 - 00000000 ____D C:\windows\system32\sru
2013-08-12 12:59 - 2013-06-06 17:47 - 00000884 _____ C:\windows\Tasks\Adobe Flash Player Updater.job
2013-08-12 12:58 - 2013-08-12 12:58 - 00891098 _____ C:\Users\Sabrina\Downloads\SecurityCheck.exe
2013-08-12 12:52 - 2013-08-12 12:52 - 00000000 ____D C:\Program Files (x86)\ESET
2013-08-12 12:51 - 2013-08-12 12:51 - 02347384 _____ (ESET) C:\Users\Sabrina\Downloads\esetsmartinstaller_enu.exe
2013-08-12 12:40 - 2013-06-06 11:32 - 01191124 _____ C:\windows\WindowsUpdate.log
2013-08-12 12:39 - 2013-06-06 22:03 - 00001130 _____ C:\windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-08-12 12:39 - 2013-06-06 22:03 - 00001126 _____ C:\windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-08-12 00:31 - 2013-08-12 00:31 - 00000000 ____D C:\windows\ERUNT
2013-08-12 00:28 - 2013-08-12 00:28 - 00944331 _____ (Oleg N. Scherbakov) C:\Users\Sabrina\Downloads\JRT.exe
2013-08-12 00:28 - 2012-08-01 18:38 - 00753134 _____ C:\windows\system32\perfh007.dat
2013-08-12 00:28 - 2012-08-01 18:38 - 00155826 _____ C:\windows\system32\perfc007.dat
2013-08-12 00:28 - 2012-07-26 09:28 - 01745416 _____ C:\windows\system32\PerfStringBackup.INI
2013-08-12 00:26 - 2013-06-06 22:23 - 00000000 ____D C:\ProgramData\Kaspersky Lab
2013-08-12 00:24 - 2012-07-26 09:22 - 00000006 ____H C:\windows\Tasks\SA.DAT
2013-08-12 00:23 - 2013-08-12 00:22 - 00014190 _____ C:\AdwCleaner[S1].txt
2013-08-12 00:23 - 2012-07-26 07:26 - 00262144 ___SH C:\windows\system32\config\BBI
2013-08-12 00:22 - 2013-08-12 00:22 - 00666633 _____ C:\Users\Sabrina\Downloads\adwcleaner.exe
2013-08-12 00:18 - 2013-06-06 11:32 - 00000000 ____D C:\Users\Sabrina
2013-08-12 00:17 - 2013-08-01 10:30 - 00003436 _____ C:\windows\System32\Tasks\BrowserDefendert
2013-08-12 00:17 - 2012-11-14 04:05 - 00056002 _____ C:\windows\PFRO.log
2013-08-12 00:09 - 2013-08-11 10:04 - 00000000 ____D C:\Users\Sabrina\AppData\Roaming\Betcat
2013-08-12 00:03 - 2013-06-13 23:45 - 00000410 _____ C:\windows\Tasks\update-sys.job
2013-08-11 23:55 - 2013-08-11 23:55 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\Sabrina\Downloads\mbam-setup-1.75.0.1300.exe
2013-08-11 23:55 - 2013-08-11 23:55 - 00000000 ____D C:\Users\Sabrina\AppData\Roaming\Malwarebytes
2013-08-11 23:55 - 2013-08-11 23:55 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-08-11 15:28 - 2013-06-13 23:45 - 00000410 _____ C:\windows\Tasks\update-S-1-5-21-3688149276-2920383417-1206681556-1001.job
2013-08-11 13:22 - 2013-06-06 11:34 - 00000000 ____D C:\Users\Sabrina\AppData\Local\VirtualStore
2013-08-11 09:46 - 2013-08-11 09:45 - 00033214 _____ C:\Users\Sabrina\Downloads\Addition.txt
2013-08-11 09:43 - 2013-08-11 09:43 - 00000000 ____D C:\FRST
2013-08-11 09:42 - 2013-08-11 09:42 - 01790633 _____ (Farbar) C:\Users\Sabrina\Downloads\FRST64.exe
2013-08-11 09:41 - 2013-08-11 09:41 - 01230570 _____ (Farbar) C:\Users\Sabrina\Downloads\FRST.exe
2013-08-10 01:25 - 2012-07-26 10:12 - 00000000 ____D C:\windows\AUInstallAgent
2013-08-10 00:14 - 2013-08-10 00:14 - 00170562 _____ C:\Users\Sabrina\Documents\Foto 1
2013-07-31 22:44 - 2013-06-06 11:34 - 00000000 ____D C:\Users\Sabrina\AppData\Local\Packages
2013-07-31 22:41 - 2013-06-06 22:05 - 00002194 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2013-07-30 20:53 - 2012-07-26 09:21 - 00024177 _____ C:\windows\setupact.log
2013-07-30 20:32 - 2013-07-30 20:32 - 00003004 _____ C:\Program Files (x86)\WebCakeLayers.crx
2013-07-27 10:20 - 2013-06-06 11:43 - 00003600 _____ C:\windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3688149276-2920383417-1206681556-1001
2013-07-23 19:09 - 2013-06-13 23:45 - 00003262 _____ C:\windows\System32\Tasks\update-S-1-5-21-3688149276-2920383417-1206681556-1001
2013-07-23 19:09 - 2013-06-13 23:45 - 00000444 _____ C:\Users\Sabrina\AppData\Local\UserProducts.xml
2013-07-23 19:09 - 2013-06-13 23:45 - 00000000 ____D C:\Users\Sabrina\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\LightShot
2013-07-22 22:53 - 2013-07-22 22:53 - 00000035 _____ C:\Users\Sabrina\Downloads\1ef24632762541d96396215fc2882140.txt
2013-07-22 08:22 - 2013-07-22 08:06 - 00040169 _____ C:\p2.txt
2013-07-22 08:04 - 2013-07-22 08:04 - 00000000 ____D C:\Users\Sabrina\AppData\Roaming\ArcSoft
2013-07-22 08:04 - 2013-07-22 08:03 - 00000000 ____D C:\ProgramData\ArcSoft
2013-07-22 08:03 - 2013-07-22 08:03 - 00001170 _____ C:\Users\Sabrina\Desktop\Perfect365.lnk
2013-07-22 08:03 - 2013-07-22 08:03 - 00000000 ____D C:\Users\Sabrina\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ArcSoft
2013-07-22 08:03 - 2013-07-22 08:03 - 00000000 ____D C:\Users\Sabrina\AppData\Local\ArcSoft
2013-07-22 08:03 - 2013-07-22 08:03 - 00000000 ____D C:\Program Files (x86)\ArcSoft
2013-07-22 08:02 - 2013-07-22 08:02 - 25023095 _____ C:\Users\Sabrina\Desktop\perfect365_retail_tbyb_all.exe
2013-07-22 08:00 - 2013-07-22 08:00 - 00000100 _____ C:\Users\Public\sdelevURL.tmp
2013-07-20 11:26 - 2013-06-06 17:46 - 00000000 ____D C:\Users\Sabrina\AppData\Local\Adobe
2013-07-20 11:25 - 2013-06-06 17:47 - 00003772 _____ C:\windows\System32\Tasks\Adobe Flash Player Updater
2013-07-20 11:24 - 2012-07-26 10:12 - 00000000 ____D C:\windows\rescache
2013-07-20 11:17 - 2013-07-20 11:17 - 00450088 _____ C:\windows\system32\FNTCACHE.DAT
2013-07-14 12:49 - 2012-07-26 07:38 - 00000000 ____D C:\windows\system32\oobe
2013-07-13 12:34 - 2013-06-06 22:03 - 00004102 _____ C:\windows\System32\Tasks\GoogleUpdateTaskMachineUA
2013-07-13 12:34 - 2013-06-06 22:03 - 00003866 _____ C:\windows\System32\Tasks\GoogleUpdateTaskMachineCore
==================== Bamital & volsnap Check =================
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
LastRegBack: 2013-08-11 13:51
==================== End Of Log ============================
--- --- --- --- --- --- Sooooooooooooo fertig :-) |
|
12.08.2013, 12:22
| #8 |
| /// the machine /// TB-Ausbilder | trojan-spy.html.fraud.gen Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster. Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument Code:
ATTFilter 2013-08-01 10:30 - 2013-08-12 00:17 - 00003436 _____ C:\windows\System32\Tasks\BrowserDefendert
2013-07-30 20:32 - 2013-07-30 20:32 - 00003004 _____ C:\Program Files (x86)\WebCakeLayers.crx
2013-07-22 22:53 - 2013-07-22 22:53 - 00000035 _____ C:\Users\Sabrina\Downloads\1ef24632762541d96396215fc2882140.txt
Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
Noch Probleme?
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
12.08.2013, 12:32
| #9 |
| | trojan-spy.html.fraud.gen Hilfe der findet den Text nicht |
|
12.08.2013, 12:43
| #10 |
| /// the machine /// TB-Ausbilder | trojan-spy.html.fraud.gen Du musst die fixlist neben der FRST.exe, dem Tool, speichern, am gleichen Platz.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
12.08.2013, 12:51
| #11 |
| | trojan-spy.html.fraud.gen Habe ich doch :-( Vielleicht noch mal für blöde erklär? |
|
12.08.2013, 17:11
| #12 |
| /// the machine /// TB-Ausbilder | trojan-spy.html.fraud.gen TExt in Notepad kopieren Speichern als "fixlist.txt" auf dem Desktop Sicherstellen dass FRST auch auf dem Desktop ist FRST öffnen und Fix klicken. Sei sicher dass das Ding fixlist.txt heisst, und nicht fixlist.txt.txt 
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
14.08.2013, 21:56
| #13 |
| | trojan-spy.html.fraud.gen Huhu, verdammt warum immer ich? Gestern kam ich nicht mehr rein, und heute bekomme ich ne Mail und wieder dasselbe, obwohl die mail nicht geöffnet wurde.... darf ich das ganze nun noch mal machen? Das mit der Fixlist hatte ich noch nicht probiert.... |
|
15.08.2013, 12:18
| #14 |
| /// the machine /// TB-Ausbilder | trojan-spy.html.fraud.gen mach das mit der fixlist und poste dann ein frisches FRST log
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
15.08.2013, 19:38
| #15 |
| | trojan-spy.html.fraud.genCode:
ATTFilter Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 14-08-2013 01
Ran by Sabrina at 2013-08-15 20:32:00 Run:1
Running from C:\Users\Sabrina\Desktop
Boot Mode: Normal
==============================================
C:\windows\System32\Tasks\BrowserDefendert => Moved successfully.
C:\Program Files (x86)\WebCakeLayers.crx => Moved successfully.
C:\Users\Sabrina\Downloads\1ef24632762541d96396215fc2882140.txt => Moved successfully.
==== End of Fixlog ====
FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 14-08-2013 01
Ran by Sabrina (administrator) on 15-08-2013 20:34:34
Running from C:\Users\Sabrina\Desktop
Windows 8 (X64) OS Language: German Standard
Internet Explorer Version 10
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Microsoft Corporation) C:\windows\system32\WLANExt.exe
() C:\Program Files (x86)\TOSHIBA\Password Utility\GFNEXSrv.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\avp.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
(Nuance Communications, Inc.) C:\Program Files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe
(TOSHIBA Corporation) C:\Windows\system32\TODDSrv.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Teco\TecoService.exe
(Microsoft Corporation) C:\windows\system32\dashost.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.0.1119.516_x64__8wekyb3d8bbwe\LiveComm.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Synaptics Incorporated) C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Teco\TecoResident.exe
(Acresso Corporation) C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe
(Skillbrains) C:\Users\Sabrina\AppData\Local\Skillbrains\lightshot\4.4.1.0\LightShot.exe
(Nuance Communications, Inc.) C:\Program Files (x86)\Nuance\PaperPort\pptd40nt.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\Browny02\BrYNSvc.exe
(Ulead Systems, Inc.) C:\Program Files (x86)\Common Files\Ulead Systems\AutoDetector\Monitor.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\avp.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TPHM\TPCHWMsg.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Toshiba Service Station\ToshibaServiceStation.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
(Toshiba Europe GmbH) C:\Program Files (x86)\Toshiba TEMPRO\Toshiba.Tempro.UI.CommonNotifier.exe
(Toshiba Europe GmbH) C:\Program Files (x86)\Toshiba TEMPRO\TemproSvc.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Adobe Systems, Inc.) C:\windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_8_800_94.exe
(Adobe Systems, Inc.) C:\windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_8_800_94.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office15\OUTLOOK.EXE
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe
(Microsoft Corporation) C:\windows\splwow64.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.Reader_6.2.9200.20623_x64__8wekyb3d8bbwe\glcnd.exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [] - [x]
HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13196432 2012-09-25] (Realtek Semiconductor)
HKLM\...\Run: [TCrdMain] - C:\Program Files\TOSHIBA\Hotkey\TCrdMain_Win8.exe [2611112 2012-09-04] ()
HKLM\...\Run: [TODDMain] - C:\Program Files (x86)\TOSHIBA\System Setting\TODDMain.exe [213136 2012-08-05] ()
HKLM\...\Run: [TecoResident] - C:\Program Files\TOSHIBA\Teco\TecoResident.exe [169896 2012-08-14] (TOSHIBA Corporation)
HKLM\...\Run: [TosWaitSrv] - C:\Program Files\TOSHIBA\TPHM\TosWaitSrv.exe [356776 2012-07-11] (TOSHIBA Corporation)
HKLM\...\Run: [SRS Premium Sound HD] - C:\Program Files\SRS Labs\SRS Control Panel\SRS_Premium_Sound_HD.zip [223242 2012-08-20] ()
HKCU\...\Run: [ISUSPM] - C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe [222496 2009-05-05] (Acresso Corporation)
HKCU\...\Run: [Lync] - C:\Program Files\Microsoft Office\Office15\lync.exe [22111392 2013-06-13] (Microsoft Corporation)
HKCU\...\Run: [LightShot] - C:\Users\Sabrina\AppData\Local\Skillbrains\lightshot\LightShot.exe [226592 2013-05-27] ()
HKCU\...\Run: [SkyDrive] - C:\Users\Sabrina\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe [257136 2013-07-02] (Microsoft Corporation)
HKCU\...\Run: [Speech Recognition] - C:\windows\Speech\Common\sapisvr.exe [45056 2012-07-26] (Microsoft Corporation)
HKCU\...\RunOnce: [Uninstall C:\Users\Sabrina\AppData\Local\Microsoft\SkyDrive\17.0.2010.0530\amd64] - C:\windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Sabrina\AppData\Local\Microsoft\SkyDrive\17.0.2010.0530\amd64" [404992 2012-07-26] (Microsoft Corporation)
HKLM-x32\...\Run: [Intel AppUp(SM) center] - C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe [155488 2012-08-02] (Intel Corporation)
HKLM-x32\...\Run: [TPUReg] - C:\Program Files (x86)\TOSHIBA\Password Utility\TosPU.exe [7148032 2012-10-31] (Pegatron Corporation)
HKLM-x32\...\Run: [TPUReg(x86)] - "C:\Program Files\TOSHIBA\Password Utility\TosPU.exe" /Retimes [x]
HKLM-x32\...\Run: [IndexSearch] - C:\Program Files (x86)\Nuance\PaperPort\IndexSearch.exe [46368 2010-03-09] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [PaperPort PTD] - C:\Program Files (x86)\Nuance\PaperPort\pptd40nt.exe [29984 2010-03-09] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [PPort12reminder] - C:\Program Files (x86)\Nuance\PaperPort\Ereg\Ereg.exe [328992 2010-02-09] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [PDFHook] - C:\Program Files (x86)\Nuance\PDF Viewer Plus\pdfpro5hook.exe [636192 2010-03-05] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [PDF5 Registry Controller] - C:\Program Files (x86)\Nuance\PDF Viewer Plus\RegistryController.exe [62752 2010-03-05] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [ControlCenter4] - C:\Program Files (x86)\ControlCenter4\BrCcBoot.exe [143360 2012-09-06] (Brother Industries, Ltd.)
HKLM-x32\...\Run: [BrStsMon00] - C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe [3076096 2012-06-06] (Brother Industries, Ltd.)
HKLM-x32\...\Run: [Ulead AutoDetector v2] - C:\Program Files (x86)\Common Files\Ulead Systems\AutoDetector\monitor.exe [95504 2007-08-02] (Ulead Systems, Inc.)
HKLM-x32\...\Run: [AVP] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\runner_avp.exe [24504 2013-07-07] (Kaspersky Lab ZAO)
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://toshiba13.msn.com
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKLM - {E1455FA2-3B28-422E-8E5A-12B1D073E98D} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MATMJS
SearchScopes: HKLM-x32 - {E1455FA2-3B28-422E-8E5A-12B1D073E98D} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MATMJS
SearchScopes: HKCU - {E1455FA2-3B28-422E-8E5A-12B1D073E98D} URL =
BHO: Lync Browser Helper - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO: Content Blocker Plugin - {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\x64\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO)
BHO: Virtual Keyboard Plugin - {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~1\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\PROGRA~1\MICROS~1\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO: URL Advisor Plugin - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\x64\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
BHO-x32: Lync Browser Helper - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO-x32: PlusIEEventHelper Class - {551A852F-39A6-44A7-9C13-AFBEC9185A9D} - C:\Program Files (x86)\Nuance\PDF Viewer Plus\Bin\PlusIEContextMenu.dll (Zeon Corporation)
BHO-x32: Content Blocker Plugin - {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO)
BHO-x32: Virtual Keyboard Plugin - {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Microsoft SkyDrive Pro Browser Helper - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\PROGRA~2\MICROS~1\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: URL Advisor Plugin - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1
FireFox:
========
FF ProfilePath: C:\Users\Sabrina\AppData\Roaming\Mozilla\Firefox\Profiles\i91wl28o.default
FF Homepage: hxxp://www.t-online.de
FF Plugin: @adobe.com/FlashPlayer - C:\windows\system32\Macromed\Flash\NPSWF64_11_8_800_94.dll ()
FF Plugin: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~1\MICROS~1\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_94.dll ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 - C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~1\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 - C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll ()
FF Extension: No Name - C:\Users\Sabrina\AppData\Roaming\Mozilla\Firefox\Profiles\i91wl28o.default\Extensions\4fdacf00-e9c4-4ad5-b4cf-bf9800f184f6@36857116-74e0-4973-936f-860cd2a102a9.com
FF Extension: No Name - C:\Users\Sabrina\AppData\Roaming\Mozilla\Firefox\Profiles\i91wl28o.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
FF Extension: Default - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF HKLM-x32\...\Firefox\Extensions: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\FFExt\url_advisor@kaspersky.com
FF Extension: Kaspersky URL Advisor - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\FFExt\url_advisor@kaspersky.com
FF HKLM-x32\...\Firefox\Extensions: [virtual_keyboard@kaspersky.com] C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\FFExt\virtual_keyboard@kaspersky.com
FF Extension: Virtual Keyboard - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\FFExt\virtual_keyboard@kaspersky.com
FF HKLM-x32\...\Firefox\Extensions: [content_blocker@kaspersky.com] C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\FFExt\content_blocker@kaspersky.com
FF Extension: Content Blocker - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\FFExt\content_blocker@kaspersky.com
FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] C:\Program Files\McAfee\MSK
Chrome:
=======
CHR RestoreOnStartup: "hxxp://www.google.com/"
CHR DefaultSearchURL: (Google) - {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}
CHR DefaultSuggestURL: (Google) - {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}sugkey={google:suggestAPIKeyParameter}
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\28.0.1500.95\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\28.0.1500.95\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\28.0.1500.95\pdf.dll ()
CHR Plugin: (Microsoft Office 2013) - C:\Program Files (x86)\Mozilla Firefox\plugins\npMeetingJoinPluginOC.dll (Microsoft Corporation)
CHR Plugin: (Microsoft Office 2013) - C:\PROGRA~2\MICROS~1\Office15\NPSPWRAP.DLL (Microsoft Corporation)
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll No File
CHR Plugin: (Intel00AE Identity Protection Technology) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
CHR Plugin: (Intel00AE Identity Protection Technology) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
CHR Plugin: (Shockwave Flash) - C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_202.dll No File
CHR Extension: (Google Docs) - C:\Users\Sabrina\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0
CHR Extension: (Google Drive) - C:\Users\Sabrina\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0
CHR Extension: (YouTube) - C:\Users\Sabrina\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0
CHR Extension: (Google Search) - C:\Users\Sabrina\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0
CHR Extension: (Kaspersky URL Advisor) - C:\Users\Sabrina\AppData\Local\Google\Chrome\User Data\Default\Extensions\dchlnpcodkpfdpacogkljefecpegganj\13.0.1.4190_1
CHR Extension: (Virtual Keyboard) - C:\Users\Sabrina\AppData\Local\Google\Chrome\User Data\Default\Extensions\jagncdcchgajhfhijbbhecadmaiegcmh\13.0.1.4292_1
CHR Extension: (Gmail) - C:\Users\Sabrina\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0
CHR HKLM-x32\...\Chrome\Extension: [bebnnlollpcjnfpkafhoclljaojgnfok] - C:\Program Files (x86)\FTDownloader.com\FTDownloader10.crx
CHR HKLM-x32\...\Chrome\Extension: [dchlnpcodkpfdpacogkljefecpegganj] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\ChromeExt\urladvisor.crx
CHR HKLM-x32\...\Chrome\Extension: [hghkgaeecgjhjkannahfamoehjmkjail] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\ChromeExt\content_blocker_chrome.crx
CHR HKLM-x32\...\Chrome\Extension: [jagncdcchgajhfhijbbhecadmaiegcmh] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\ChromeExt\virtkbd.crx
==================== Services (Whitelisted) =================
R2 AVP; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\avp.exe [356376 2013-07-07] (Kaspersky Lab ZAO)
R2 GFNEXSrv; C:\Program Files (x86)\TOSHIBA\Password Utility\GFNEXSrv.exe [156672 2011-10-13] ()
R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [129856 2012-06-27] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [166720 2012-06-25] (Intel Corporation)
R2 PDFProFiltSrvPP; C:\Program Files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe [144672 2010-03-09] (Nuance Communications, Inc.)
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [201360 2012-08-31] (Realtek Semiconductor)
R3 TemproMonitoringService; C:\Program Files (x86)\Toshiba TEMPRO\TemproSvc.exe [114656 2012-09-25] (Toshiba Europe GmbH)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [14920 2013-01-29] (Microsoft Corporation)
S2 mcbootdelaystartsvc; "C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe" /McCoreSvc [x]
==================== Drivers (Whitelisted) ====================
R0 kl1; C:\Windows\System32\DRIVERS\kl1.sys [458584 2012-06-19] (Kaspersky Lab ZAO)
S0 klelam; C:\Windows\System32\DRIVERS\klelam.sys [29616 2012-07-27] (Kaspersky Lab)
R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [619616 2013-07-07] (Kaspersky Lab ZAO)
R1 KLIM6; C:\Windows\system32\DRIVERS\klim6.sys [28504 2012-08-02] (Kaspersky Lab ZAO)
R3 klkbdflt; C:\Windows\system32\DRIVERS\klkbdflt.sys [29016 2013-07-07] (Kaspersky Lab)
R3 klmouflt; C:\Windows\system32\DRIVERS\klmouflt.sys [29528 2013-07-07] (Kaspersky Lab)
R1 klwfp; C:\Windows\system32\DRIVERS\klwfp.sys [50448 2013-07-07] (Kaspersky Lab ZAO)
R1 kneps; C:\Windows\system32\DRIVERS\kneps.sys [178448 2013-07-07] (Kaspersky Lab ZAO)
R2 PEGAGFN; C:\Program Files (x86)\TOSHIBA\Password Utility\PEGAGFN.sys [14344 2009-09-11] (PEGATRON)
S3 RTL8192Ce; C:\Windows\system32\DRIVERS\rtwlane.sys [1498256 2012-08-29] (Realtek Semiconductor Corporation )
R3 RTWlanE; C:\Windows\system32\DRIVERS\rtwlane.sys [1498256 2012-08-29] (Realtek Semiconductor Corporation )
R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [43832 2012-08-16] (Synaptics Incorporated)
R3 Thotkey; C:\Windows\System32\drivers\Thotkey.sys [28632 2012-07-31] (Windows (R) Win 7 DDK provider)
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2013-08-15 20:27 - 2013-08-15 20:27 - 01575570 _____ (Farbar) C:\Users\Sabrina\Desktop\FRST64.exe
2013-08-12 13:58 - 2013-08-15 20:28 - 00000319 _____ C:\Users\Sabrina\Documents\Fixlist.txt
2013-08-12 13:29 - 2013-08-12 13:59 - 00001475 _____ C:\Users\Sabrina\Desktop\FRST64 - Verknüpfung.lnk
2013-08-12 13:02 - 2013-08-12 13:03 - 00032597 _____ C:\Users\Sabrina\Downloads\FRST.txt
2013-08-12 12:58 - 2013-08-12 12:58 - 00891098 _____ C:\Users\Sabrina\Downloads\SecurityCheck.exe
2013-08-12 12:52 - 2013-08-12 12:52 - 00000000 ____D C:\Program Files (x86)\ESET
2013-08-12 12:51 - 2013-08-12 12:51 - 02347384 _____ (ESET) C:\Users\Sabrina\Downloads\esetsmartinstaller_enu.exe
2013-08-12 00:31 - 2013-08-12 00:31 - 00000000 ____D C:\windows\ERUNT
2013-08-12 00:28 - 2013-08-12 00:28 - 00944331 _____ (Oleg N. Scherbakov) C:\Users\Sabrina\Downloads\JRT.exe
2013-08-12 00:22 - 2013-08-12 00:23 - 00014190 _____ C:\AdwCleaner[S1].txt
2013-08-12 00:22 - 2013-08-12 00:22 - 00666633 _____ C:\Users\Sabrina\Downloads\adwcleaner.exe
2013-08-11 23:55 - 2013-08-11 23:55 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\Sabrina\Downloads\mbam-setup-1.75.0.1300.exe
2013-08-11 23:55 - 2013-08-11 23:55 - 00000000 ____D C:\Users\Sabrina\AppData\Roaming\Malwarebytes
2013-08-11 23:55 - 2013-08-11 23:55 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-08-11 10:04 - 2013-08-12 00:09 - 00000000 ____D C:\Users\Sabrina\AppData\Roaming\Betcat
2013-08-11 09:45 - 2013-08-11 09:46 - 00033214 _____ C:\Users\Sabrina\Downloads\Addition.txt
2013-08-11 09:43 - 2013-08-12 13:57 - 00000000 ____D C:\FRST
2013-08-11 09:42 - 2013-08-11 09:42 - 01790633 _____ (Farbar) C:\Users\Sabrina\Downloads\FRST64.exe
2013-08-11 09:41 - 2013-08-11 09:41 - 01230570 _____ (Farbar) C:\Users\Sabrina\Downloads\FRST.exe
2013-08-10 00:14 - 2013-08-10 00:14 - 00170562 _____ C:\Users\Sabrina\Documents\Foto 1
2013-07-22 08:06 - 2013-07-22 08:22 - 00040169 _____ C:\p2.txt
2013-07-22 08:04 - 2013-07-22 08:04 - 00000000 ____D C:\Users\Sabrina\AppData\Roaming\ArcSoft
2013-07-22 08:03 - 2013-08-14 23:06 - 00000000 ____D C:\ProgramData\ArcSoft
2013-07-22 08:03 - 2013-07-22 08:03 - 00000000 ____D C:\Users\Sabrina\AppData\Local\ArcSoft
2013-07-22 08:00 - 2013-07-22 08:00 - 00000100 _____ C:\Users\Public\sdelevURL.tmp
2013-07-20 11:17 - 2013-07-20 11:17 - 00450088 _____ C:\windows\system32\FNTCACHE.DAT
2013-07-16 22:28 - 2013-06-17 00:41 - 00997632 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ndis.sys
2013-07-16 22:28 - 2013-06-01 13:54 - 00194816 _____ (Microsoft Corporation) C:\windows\system32\Drivers\sdbus.sys
2013-07-16 22:28 - 2013-06-01 13:54 - 00125184 _____ (Microsoft Corporation) C:\windows\system32\Drivers\dumpsd.sys
2013-07-16 22:28 - 2013-06-01 13:34 - 02391280 _____ (Microsoft Corporation) C:\windows\explorer.exe
2013-07-16 22:28 - 2013-06-01 13:33 - 02233600 _____ (Microsoft Corporation) C:\windows\system32\Drivers\tcpip.sys
2013-07-16 22:28 - 2013-06-01 13:29 - 00337152 _____ (Microsoft Corporation) C:\windows\system32\Drivers\USBXHCI.SYS
2013-07-16 22:28 - 2013-06-01 13:29 - 00213248 _____ (Microsoft Corporation) C:\windows\system32\Drivers\UCX01000.SYS
2013-07-16 22:28 - 2013-06-01 13:26 - 06987008 _____ (Microsoft Corporation) C:\windows\system32\ntoskrnl.exe
2013-07-16 22:28 - 2013-06-01 13:26 - 00327936 _____ (Microsoft Corporation) C:\windows\system32\Drivers\volsnap.sys
2013-07-16 22:28 - 2013-06-01 12:24 - 02106176 _____ (Microsoft Corporation) C:\windows\SysWOW64\explorer.exe
2013-07-16 22:28 - 2013-06-01 11:25 - 00364544 _____ (Microsoft Corporation) C:\windows\SysWOW64\XpsGdiConverter.dll
2013-07-16 22:28 - 2013-06-01 11:25 - 00067584 _____ (Microsoft Corporation) C:\windows\SysWOW64\samlib.dll
2013-07-16 22:28 - 2013-06-01 11:24 - 01453568 _____ (Microsoft Corporation) C:\windows\SysWOW64\mfcore.dll
2013-07-16 22:28 - 2013-06-01 11:24 - 00850944 _____ (Microsoft Corporation) C:\windows\SysWOW64\mfasfsrcsnk.dll
2013-07-16 22:28 - 2013-06-01 11:24 - 00493056 _____ (Microsoft Corporation) C:\windows\SysWOW64\mscms.dll
2013-07-16 22:28 - 2013-06-01 11:23 - 01842176 _____ (Microsoft Corporation) C:\windows\SysWOW64\dwmcore.dll
2013-07-16 22:28 - 2013-06-01 11:23 - 00680960 _____ (Microsoft Corporation) C:\windows\system32\vds.exe
2013-07-16 22:28 - 2013-06-01 11:22 - 00523264 _____ (Microsoft Corporation) C:\windows\system32\XpsGdiConverter.dll
2013-07-16 22:28 - 2013-06-01 11:22 - 00446976 _____ (Microsoft Corporation) C:\windows\system32\wwansvc.dll
2013-07-16 22:28 - 2013-06-01 11:22 - 00190976 _____ (Microsoft Corporation) C:\windows\system32\vdsutil.dll
2013-07-16 22:28 - 2013-06-01 11:22 - 00080896 _____ (Microsoft Corporation) C:\windows\system32\MbaeParserTask.exe
2013-07-16 22:28 - 2013-06-01 11:21 - 00729600 _____ (Microsoft Corporation) C:\windows\system32\samsrv.dll
2013-07-16 22:28 - 2013-06-01 11:21 - 00106496 _____ (Microsoft Corporation) C:\windows\system32\samlib.dll
2013-07-16 22:28 - 2013-06-01 11:20 - 02219520 _____ (Microsoft Corporation) C:\windows\system32\dwmcore.dll
2013-07-16 22:28 - 2013-06-01 11:20 - 01527808 _____ (Microsoft Corporation) C:\windows\system32\mfcore.dll
2013-07-16 22:28 - 2013-06-01 11:20 - 01048576 _____ (Microsoft Corporation) C:\windows\system32\mfasfsrcsnk.dll
2013-07-16 22:28 - 2013-06-01 11:20 - 00583168 _____ (Microsoft Corporation) C:\windows\system32\mscms.dll
2013-07-16 22:28 - 2013-06-01 11:19 - 00785408 _____ (Microsoft Corporation) C:\windows\system32\audiosrv.dll
2013-07-16 22:28 - 2013-06-01 11:19 - 00207872 _____ (Microsoft Corporation) C:\windows\system32\DeviceSetupManager.dll
2013-07-16 22:28 - 2013-06-01 05:08 - 00037632 _____ (Microsoft Corporation) C:\windows\system32\Drivers\BthAvrcpTg.sys
2013-07-16 22:28 - 2013-05-25 00:09 - 01403296 _____ (Microsoft Corporation) C:\windows\system32\winload.efi
2013-07-16 22:28 - 2013-05-25 00:09 - 01271584 _____ (Microsoft Corporation) C:\windows\system32\winload.exe
2013-07-16 22:28 - 2013-05-25 00:09 - 01217352 _____ (Microsoft Corporation) C:\windows\system32\winresume.efi
2013-07-16 22:28 - 2013-05-25 00:09 - 01093904 _____ (Microsoft Corporation) C:\windows\system32\winresume.exe
2013-07-16 22:28 - 2013-05-20 02:08 - 00386642 _____ C:\windows\system32\ApnDatabase.xml
==================== One Month Modified Files and Folders =======
2013-08-15 20:33 - 2013-06-06 13:06 - 00000000 ____D C:\Users\Sabrina\Documents\Outlook-Dateien
2013-08-15 20:28 - 2013-08-12 13:58 - 00000319 _____ C:\Users\Sabrina\Documents\Fixlist.txt
2013-08-15 20:27 - 2013-08-15 20:27 - 01575570 _____ (Farbar) C:\Users\Sabrina\Desktop\FRST64.exe
2013-08-15 20:03 - 2013-06-13 23:45 - 00000410 _____ C:\windows\Tasks\update-sys.job
2013-08-15 20:00 - 2012-07-26 10:12 - 00000000 ____D C:\windows\system32\sru
2013-08-15 19:59 - 2013-06-06 17:47 - 00000884 _____ C:\windows\Tasks\Adobe Flash Player Updater.job
2013-08-15 19:42 - 2013-06-06 11:32 - 01788642 _____ C:\windows\WindowsUpdate.log
2013-08-15 19:39 - 2013-06-06 22:03 - 00001130 _____ C:\windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-08-15 19:33 - 2013-06-06 22:23 - 00000000 ____D C:\ProgramData\Kaspersky Lab
2013-08-15 19:28 - 2013-06-13 23:45 - 00000410 _____ C:\windows\Tasks\update-S-1-5-21-3688149276-2920383417-1206681556-1001.job
2013-08-15 10:28 - 2013-06-06 11:34 - 00000000 ____D C:\Users\Sabrina\AppData\Local\VirtualStore
2013-08-15 09:44 - 2013-06-06 12:23 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-08-15 09:44 - 2012-07-26 07:26 - 00000199 _____ C:\windows\win.ini
2013-08-15 09:42 - 2013-07-12 11:11 - 00000000 ____D C:\windows\system32\MRT
2013-08-15 09:41 - 2013-06-08 11:18 - 78161360 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe
2013-08-14 23:06 - 2013-07-22 08:03 - 00000000 ____D C:\ProgramData\ArcSoft
2013-08-14 12:39 - 2013-06-06 22:03 - 00001126 _____ C:\windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-08-14 12:25 - 2012-08-01 18:38 - 00753134 _____ C:\windows\system32\perfh007.dat
2013-08-14 12:25 - 2012-08-01 18:38 - 00155826 _____ C:\windows\system32\perfc007.dat
2013-08-14 12:25 - 2012-07-26 09:28 - 01745416 _____ C:\windows\system32\PerfStringBackup.INI
2013-08-14 12:21 - 2012-07-26 09:21 - 00024972 _____ C:\windows\setupact.log
2013-08-13 23:40 - 2013-06-06 11:34 - 00000000 ____D C:\Users\Sabrina\AppData\Local\Packages
2013-08-13 12:50 - 2012-07-26 10:12 - 00000000 ____D C:\windows\AUInstallAgent
2013-08-12 13:59 - 2013-08-12 13:29 - 00001475 _____ C:\Users\Sabrina\Desktop\FRST64 - Verknüpfung.lnk
2013-08-12 13:57 - 2013-08-11 09:43 - 00000000 ____D C:\FRST
2013-08-12 13:18 - 2012-07-26 10:12 - 00000000 ____D C:\windows\LiveKernelReports
2013-08-12 13:03 - 2013-08-12 13:02 - 00032597 _____ C:\Users\Sabrina\Downloads\FRST.txt
2013-08-12 12:58 - 2013-08-12 12:58 - 00891098 _____ C:\Users\Sabrina\Downloads\SecurityCheck.exe
2013-08-12 12:52 - 2013-08-12 12:52 - 00000000 ____D C:\Program Files (x86)\ESET
2013-08-12 12:51 - 2013-08-12 12:51 - 02347384 _____ (ESET) C:\Users\Sabrina\Downloads\esetsmartinstaller_enu.exe
2013-08-12 00:31 - 2013-08-12 00:31 - 00000000 ____D C:\windows\ERUNT
2013-08-12 00:28 - 2013-08-12 00:28 - 00944331 _____ (Oleg N. Scherbakov) C:\Users\Sabrina\Downloads\JRT.exe
2013-08-12 00:24 - 2012-07-26 09:22 - 00000006 ____H C:\windows\Tasks\SA.DAT
2013-08-12 00:23 - 2013-08-12 00:22 - 00014190 _____ C:\AdwCleaner[S1].txt
2013-08-12 00:23 - 2012-07-26 07:26 - 00262144 ___SH C:\windows\system32\config\BBI
2013-08-12 00:22 - 2013-08-12 00:22 - 00666633 _____ C:\Users\Sabrina\Downloads\adwcleaner.exe
2013-08-12 00:18 - 2013-06-06 11:32 - 00000000 ____D C:\Users\Sabrina
2013-08-12 00:17 - 2012-11-14 04:05 - 00056002 _____ C:\windows\PFRO.log
2013-08-12 00:09 - 2013-08-11 10:04 - 00000000 ____D C:\Users\Sabrina\AppData\Roaming\Betcat
2013-08-11 23:55 - 2013-08-11 23:55 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\Sabrina\Downloads\mbam-setup-1.75.0.1300.exe
2013-08-11 23:55 - 2013-08-11 23:55 - 00000000 ____D C:\Users\Sabrina\AppData\Roaming\Malwarebytes
2013-08-11 23:55 - 2013-08-11 23:55 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-08-11 09:46 - 2013-08-11 09:45 - 00033214 _____ C:\Users\Sabrina\Downloads\Addition.txt
2013-08-11 09:42 - 2013-08-11 09:42 - 01790633 _____ (Farbar) C:\Users\Sabrina\Downloads\FRST64.exe
2013-08-11 09:41 - 2013-08-11 09:41 - 01230570 _____ (Farbar) C:\Users\Sabrina\Downloads\FRST.exe
2013-08-10 00:14 - 2013-08-10 00:14 - 00170562 _____ C:\Users\Sabrina\Documents\Foto 1
2013-07-31 22:41 - 2013-06-06 22:05 - 00002194 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2013-07-27 10:20 - 2013-06-06 11:43 - 00003600 _____ C:\windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3688149276-2920383417-1206681556-1001
2013-07-23 19:09 - 2013-06-13 23:45 - 00003262 _____ C:\windows\System32\Tasks\update-S-1-5-21-3688149276-2920383417-1206681556-1001
2013-07-23 19:09 - 2013-06-13 23:45 - 00000444 _____ C:\Users\Sabrina\AppData\Local\UserProducts.xml
2013-07-23 19:09 - 2013-06-13 23:45 - 00000000 ____D C:\Users\Sabrina\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\LightShot
2013-07-22 08:22 - 2013-07-22 08:06 - 00040169 _____ C:\p2.txt
2013-07-22 08:04 - 2013-07-22 08:04 - 00000000 ____D C:\Users\Sabrina\AppData\Roaming\ArcSoft
2013-07-22 08:03 - 2013-07-22 08:03 - 00000000 ____D C:\Users\Sabrina\AppData\Local\ArcSoft
2013-07-22 08:00 - 2013-07-22 08:00 - 00000100 _____ C:\Users\Public\sdelevURL.tmp
2013-07-20 11:26 - 2013-06-06 17:46 - 00000000 ____D C:\Users\Sabrina\AppData\Local\Adobe
2013-07-20 11:25 - 2013-06-06 17:47 - 00003772 _____ C:\windows\System32\Tasks\Adobe Flash Player Updater
2013-07-20 11:24 - 2012-07-26 10:12 - 00000000 ____D C:\windows\rescache
2013-07-20 11:17 - 2013-07-20 11:17 - 00450088 _____ C:\windows\system32\FNTCACHE.DAT
==================== Bamital & volsnap Check =================
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
LastRegBack: 2013-08-11 13:51
==================== End Of Log ============================
--- --- --- |
|
Linear-Darstellung
