| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Malwarebytes findet über 500 infizierte Dateien - Internetschadensfall Telekom OnlinespielWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
21.08.2013, 20:13
| #5 |
| |  Malwarebytes findet über 500 infizierte Dateien - Internetschadensfall Telekom Onlinespiel Hi Leo, hier die beiden Logfiles, hoffe diesmal reicht die Zeichenanzahl (den Anhang hatte ich grade nur geklöppelt, da es zuviele Zeichen waren): LG Sandra FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 21-08-2013 Ran by SanDi (administrator) on 21-08-2013 21:08:19 Running from C:\Users\SanDi\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\M4ONTJKO Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard Internet Explorer Version 10 Boot Mode: Normal ==================== Processes (Whitelisted) ================= (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe (Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe (Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe () C:\Windows\SysWOW64\srvany.exe (Nitro PDF Software) C:\Program Files\Common Files\Nitro PDF\Reader\2.0\NitroPDFReaderDriverService2x64.exe (Protexis Inc.) c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe () C:\Windows\KMService.exe (Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe () C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe () C:\Program Files (x86)\watchmi\TvdService.exe (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (X10) C:\PROGRA~2\COMMON~1\X10\Common\x10nets.exe (Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Intel Corporation) C:\Windows\System32\hkcmd.exe (Intel Corporation) C:\Windows\System32\igfxpers.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe (Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe (Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe (Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe () C:\Program Files (x86)\watchmi\TvdTray.exe (Dropbox, Inc.) C:\Users\SanDi\AppData\Roaming\Dropbox\bin\Dropbox.exe (Adobe Systems, Inc.) C:\Program Files (x86)\Adobe\Adobe Bridge CS5.1\Bridge.exe (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\ink\InputPersonalization.exe (Wistron) C:\Program Files (x86)\Launch Manager\HotkeyApp.exe (Wistron Corp.) C:\Program Files (x86)\Launch Manager\OSD.exe (Wistron Corp.) C:\Program Files (x86)\Launch Manager\WButton.exe (Renesas Electronics Corporation) C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (Dolby Laboratories Inc.) C:\Program Files (x86)\Dolby Home Theater v4\pcee4.exe (CyberLink) C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe (Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuSchd2.exe (Wistron Corp.) C:\Program Files (x86)\Launch Manager\WisLMSvc.exe (Adobe Systems Inc.) C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\acrotray.exe (SkyHawke) C:\Program Files (x86)\SkyGolf\CaddieSync Express\CaddieSyncExpress.exe (Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe (Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\BTPlayerCtrl.exe (Bandoo Media, inc) C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\datamngrUI.exe (Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe (Ask) C:\Program Files (x86)\Ask.com\Updater\Updater.exe (Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe (Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Hewlett-Packard) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe (Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe (Microsoft Corporation) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE (Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe (Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe (Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe (Adobe Systems Incorporated) C:\Windows\system32\Macromed\Flash\FlashUtil64_11_7_700_224_ActiveX.exe (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe (Microsoft Corporation) C:\Windows\System32\MsSpellCheckingFacility.exe ==================== Registry (Whitelisted) ================== HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [11785832 2011-03-28] (Realtek Semiconductor) HKLM\...\Run: [RtHDVBg] - C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2207848 2011-03-28] (Realtek Semiconductor) HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2294568 2010-09-03] (Synaptics Incorporated) HKLM\...\Run: [IntelWireless] - C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe [1933584 2011-02-05] (Intel(R) Corporation) HKLM\...\Run: [BTMTrayAgent] - C:\Program Files (x86)\Intel\Bluetooth\btmshell.dll [10361616 2011-02-11] (Intel Corporation) HKLM\...\Run: [AdobeAAMUpdater-1.0] - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [499608 2011-03-30] (Adobe Systems Incorporated) HKLM-x32\...\RunOnce: [ Malwarebytes Anti-Malware ] - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent [532040 2013-04-04] (Malwarebytes Corporation) HKCU\...\Run: [AdobeBridge] - C:\Program Files (x86)\Adobe\Adobe Bridge CS5.1\Bridge.exe [12008296 2011-03-02] (Adobe Systems, Inc.) HKCU\...\Run: [Skype] - C:\Program Files (x86)\Skype\Phone\Skype.exe [19875432 2013-06-21] (Skype Technologies S.A.) HKCU\...\RunOnce: [FlashPlayerUpdate] - C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_7_700_224_Plugin.exe -update plugin [814472 2013-06-12] (Adobe Systems Incorporated) MountPoints2: {1fd7d381-b903-11e1-8632-00262dc73c8e} - F:\CD_Start.exe HKLM-x32\...\Run: [HotkeyApp] - C:\Program Files (x86)\Launch Manager\HotkeyApp.exe [207400 2010-12-16] (Wistron) HKLM-x32\...\Run: [LMgrVolOSD] - C:\Program Files (x86)\Launch Manager\OSD.exe [348960 2009-12-12] (Wistron Corp.) HKLM-x32\...\Run: [Wbutton] - C:\Program Files (x86)\Launch Manager\Wbutton.exe [436264 2010-06-21] (Wistron Corp.) HKLM-x32\...\Run: [NUSB3MON] - C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe [113288 2010-11-17] (Renesas Electronics Corporation) HKLM-x32\...\Run: [Dolby Home Theater v4] - C:\Program Files (x86)\Dolby Home Theater v4\pcee4.exe [506712 2011-02-03] (Dolby Laboratories Inc.) HKLM-x32\...\Run: [CLMLServer] - C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe [107816 2010-08-04] (CyberLink) HKLM-x32\...\Run: [HP Software Update] - C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [54840 2007-05-08] (Hewlett-Packard) HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated) HKLM-x32\...\Run: [SwitchBoard] - C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) HKLM-x32\...\Run: [AdobeCS5.5ServiceManager] - C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe [1523360 2011-01-12] (Adobe Systems Incorporated) HKLM-x32\...\Run: [] - [x] HKLM-x32\...\Run: [Adobe Acrobat Speed Launcher] - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe [38984 2013-05-10] (Adobe Systems Incorporated) HKLM-x32\...\Run: [Acrobat Assistant 8.0] - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe [840768 2013-05-10] (Adobe Systems Inc.) HKLM-x32\...\Run: [BCSSync] - C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [91520 2010-03-13] (Microsoft Corporation) HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59280 2012-11-28] (Apple Inc.) HKLM-x32\...\Run: [CaddieSyncConduit] - C:\Program Files (x86)\SkyGolf\CaddieSync Express\CaddieSyncExpress.exe [2544960 2013-05-08] (SkyHawke) HKLM-x32\...\Run: [DATAMNGR] - C:\PROGRA~2\WIA6EB~1\Datamngr\DATAMN~1.EXE [1890744 2012-08-06] (Bandoo Media, inc) HKLM-x32\...\Run: [ApnUpdater] - C:\Program Files (x86)\Ask.com\Updater\Updater.exe [1564872 2012-06-06] (Ask) HKLM-x32\...\Run: [AVP] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe [218880 2012-05-31] (Kaspersky Lab ZAO) HKLM-x32\...\Run: [iTunesHelper] - C:\Program Files (x86)\iTunes\iTunesHelper.exe [152544 2012-12-12] (Apple Inc.) HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jaureg.exe [232368 2012-07-03] (Sun Microsystems, Inc.) HKU\Default\...\RunOnce: [Screensaver] - C:\Windows\Web\Wallpaper\MEDION\start.vbs [129 2009-10-23] () HKU\Default User\...\RunOnce: [Screensaver] - C:\Windows\Web\Wallpaper\MEDION\start.vbs [129 2009-10-23] () AppInit_DLLs: C:\PROGRA~2\WIA6EB~1\Datamngr\x64\datamngr.dll C:\PROGRA~2\WIA6EB~1\Datamngr\x64\IEBHO.dll [1528760 2012-08-06] (Bandoo Media, inc) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\watchmi tray.lnk ShortcutTarget: watchmi tray.lnk -> C:\Windows\Installer\{AA4D1C5E-116A-4FF4-AA91-28F526868203}\SHCT_TRAY_PROGRAMG_A10D8603999C4E9488776EF2533C58C9.exe (Acresso Software Inc.) Startup: C:\Users\SanDi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk ShortcutTarget: Dropbox.lnk -> C:\Users\SanDi\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) ==================== Internet (Whitelisted) ==================== HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.aldi.com HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/ HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.facebook.com/ URLSearchHook: (No Name) - {00000000-6E41-4FD3-8538-502F5495E5FC} - No File URLSearchHook: (No Name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No File SearchScopes: HKLM - DefaultScope {9BB47C17-9C68-4BB3-B188-DD9AF0FD2410} URL = hxxp://dts.search-results.com/sr?src=ieb&appid=0&systemid=410&sr=0&q={searchTerms} SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKLM - {9BB47C17-9C68-4BB3-B188-DD9AF0FD2410} URL = hxxp://dts.search-results.com/sr?src=ieb&appid=0&systemid=410&sr=0&q={searchTerms} SearchScopes: HKLM-x32 - DefaultScope {9BB47C17-9C68-4BB3-B188-DD9AF0FD2410} URL = hxxp://dts.search-results.com/sr?src=ieb&appid=0&systemid=410&sr=0&q={searchTerms} SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKLM-x32 - {9BB47C17-9C68-4BB3-B188-DD9AF0FD2410} URL = hxxp://dts.search-results.com/sr?src=ieb&appid=0&systemid=410&sr=0&q={searchTerms} SearchScopes: HKCU - DefaultScope {266627B6-76C5-49C6-910E-1F76DC991AFB} URL = hxxp://websearch.ask.com/redirect?client=ie&tb=ORJ&o=100000027&src=kw&q={searchTerms}&locale=de_DE&apn_ptnrs=U3&apn_dtid=YYYYYYYYDE&apn_uid=88E02FBF-932A-4BE9-BCC8-42BDFB2B9B9C&apn_sauid=16497975-B177-4C64-A693-CC0C445C64E2 SearchScopes: HKCU - {266627B6-76C5-49C6-910E-1F76DC991AFB} URL = hxxp://websearch.ask.com/redirect?client=ie&tb=ORJ&o=100000027&src=kw&q={searchTerms}&locale=de_DE&apn_ptnrs=U3&apn_dtid=YYYYYYYYDE&apn_uid=88E02FBF-932A-4BE9-BCC8-42BDFB2B9B9C&apn_sauid=16497975-B177-4C64-A693-CC0C445C64E2 SearchScopes: HKCU - {483830EE-A4CD-4b71-B0A3-3D82E62A6909} URL = SearchScopes: HKCU - {4B699018-2330-4AB6-A0CE-2C482767F8C0} URL = hxxp://search.softonic.com/INF1205T01/tb_v1?q={searchTerms}&SearchSource=4&cc=&r=377 SearchScopes: HKCU - {9BB47C17-9C68-4BB3-B188-DD9AF0FD2410} URL = hxxp://dts.search-results.com/sr?src=ieb&appid=0&systemid=410&sr=0&q={searchTerms} BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL (Microsoft Corporation) BHO: Virtual Keyboard Plugin - {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO) BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) BHO: DataMngr - {9D717F81-9148-4f12-8568-69135F087DB0} - C:\PROGRA~2\WIA6EB~1\Datamngr\x64\BROWSE~1.DLL (Bandoo Media, inc) BHO: Safe Money Plugin - {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO) BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL (Microsoft Corporation) BHO: No Name - {DBC80044-A445-435b-BC74-9C25C1C588A9} - No File BHO: URL Advisor Plugin - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO) BHO: Hotspot Shield Class - {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - C:\Program Files (x86)\Hotspot Shield\HssIE\HssIE_64.dll No File BHO-x32: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.) BHO-x32: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll (Hewlett-Packard Co.) BHO-x32: ContributeBHO Class - {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files (x86)\Adobe\Adobe Contribute CS5.1\Plugins\IEPlugin\contributeieplugin.dll (Adobe Systems, Inc.) BHO-x32: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~2\Office14\GROOVEEX.DLL (Microsoft Corporation) BHO-x32: Virtual Keyboard Plugin - {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO) BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) BHO-x32: Searchqu Toolbar - {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\PROGRA~2\WIA6EB~1\Datamngr\ToolBar\searchqudtx.dll () BHO-x32: DataMngr - {9D717F81-9148-4f12-8568-69135F087DB0} - C:\PROGRA~2\WIA6EB~1\Datamngr\BROWSE~1.DLL (Bandoo Media, inc) BHO-x32: Safe Money Plugin - {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO) BHO-x32: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) BHO-x32: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) BHO-x32: Skype Browser Helper - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~2\Office14\URLREDIR.DLL (Microsoft Corporation) BHO-x32: Ask Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask) BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) BHO-x32: URL Advisor Plugin - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO) BHO-x32: Softonic Helper Object - {E87806B5-E908-45FD-AF5E-957D83E58E68} - C:\Program Files (x86)\Softonic\Softonic\1.6.4.3\bh\Softonic.dll (Softonic.com) BHO-x32: SmartSelect Class - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) BHO-x32: Yontoo - {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - C:\Program Files (x86)\Yontoo\YontooIEClient.dll (Yontoo LLC) BHO-x32: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll (Yahoo! Inc) BHO-x32: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.) Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) Toolbar: HKLM-x32 - Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.) Toolbar: HKLM-x32 - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) Toolbar: HKLM-x32 - Contribute Toolbar - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files (x86)\Adobe\Adobe Contribute CS5.1\Plugins\IEPlugin\contributeieplugin.dll (Adobe Systems, Inc.) Toolbar: HKLM-x32 - Softonic Toolbar - {5018CFD2-804D-4C99-9F81-25EAEA2769DE} - C:\Program Files (x86)\Softonic\Softonic\1.6.4.3\SoftonicTlbr.dll (Softonic.com) Toolbar: HKLM-x32 - Searchqu Toolbar - {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\PROGRA~2\WIA6EB~1\Datamngr\ToolBar\searchqudtx.dll () Toolbar: HKLM-x32 - Ask Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask) Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) Toolbar: HKCU - No Name - {D4027C7F-154A-4066-A1AD-4243D8127440} - No File DPF: HKLM-x32 {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} hxxp://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab DPF: HKLM-x32 {5D637FAD-E202-48D1-8F18-5B9C459BD1E3} hxxp://uploadserver.info/premium/mirror2/uploader/ImageUploader5.cab DPF: HKLM-x32 {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} hxxp://game.zylom.com/activex/zylomgamesplayer.cab DPF: HKLM-x32 {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} https://akamaicdn.webex.com/client/WBXclient-T27L10NSP32EP1-13926/webex/ieatgpc1.cab Handler: fluxhttp - {8E2D00A0-82C6-4821-90BC-07F290841BB6} - No File Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - No File Handler-x32: fluxhttp - {8E2D00A0-82C6-4821-90BC-07F290841BB6} - C:\Program Files (x86)\Common Files\fluxDVD\Lib\XEB\xebnavigation.ax (ACE GmbH) Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies) Tcpip\Parameters: [DhcpNameServer] 192.168.2.1 FireFox: ======== FF ProfilePath: C:\Users\SanDi\AppData\Roaming\Mozilla\Firefox\Profiles\qxo6284e.default FF user.js: detected! => C:\Users\SanDi\AppData\Roaming\Mozilla\Firefox\Profiles\qxo6284e.default\user.js FF NewTab: hxxp://www2.delta-search.com/?affID=121562&tt=gc_050513_d9114_gc_&babsrc=NT_ss&mntrId=BE0ABC77371AE64B FF SelectedSearchEngine: Delta Search FF Homepage: hxxp://www2.delta-search.com/?affID=121562&tt=gc_050513_d9114_gc_&babsrc=HP_ss&mntrId=BE0ABC77371AE64B FF Keyword.URL: hxxp://dts.search-results.com/sr?src=ffb&appid=0&systemid=410&sr=0&q= FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_7_700_224.dll () FF Plugin: @microsoft.com/GENUINE - disabled No File FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation) FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll () FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () FF Plugin-x32: @fluxdvd.com/NPWMDRMWrapper - C:\Program Files (x86)\Videoload Manager\NPWMDRMWrapper.dll ( ) FF Plugin-x32: @java.com/DTPlugin,version=10.13.2 - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=10.13.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin-x32: @microsoft.com/GENUINE - disabled No File FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation) FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin-x32: @protectdisc.com/NPMPDRM - C:\Program Files (x86)\Common Files\mpDRM\NPMPDRM.dll ( ) FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: @videolan.org/vlc,version=2.0.3 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN) FF Plugin-x32: Adobe Acrobat - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.) FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF Plugin-x32: NitroPDF - C:\Program Files (x86)\Nitro PDF\Reader 2\npnitromozilla.dll ( ) FF SearchPlugin: C:\Users\SanDi\AppData\Roaming\Mozilla\Firefox\Profiles\qxo6284e.default\searchplugins\askcom.xml FF SearchPlugin: C:\Users\SanDi\AppData\Roaming\Mozilla\Firefox\Profiles\qxo6284e.default\searchplugins\babylon.xml FF SearchPlugin: C:\Users\SanDi\AppData\Roaming\Mozilla\Firefox\Profiles\qxo6284e.default\searchplugins\BrowserProtect.xml FF SearchPlugin: C:\Users\SanDi\AppData\Roaming\Mozilla\Firefox\Profiles\qxo6284e.default\searchplugins\delta.xml FF SearchPlugin: C:\Users\SanDi\AppData\Roaming\Mozilla\Firefox\Profiles\qxo6284e.default\searchplugins\Search_Results.xml FF SearchPlugin: C:\Users\SanDi\AppData\Roaming\Mozilla\Firefox\Profiles\qxo6284e.default\searchplugins\softonic.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\babylon.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\Search_Results.xml FF Extension: No Name - C:\Users\SanDi\AppData\Roaming\Mozilla\Extensions\{1FD91A9C-410C-4090-BBCC-55D3450EF433} FF Extension: Delta Toolbar - C:\Users\SanDi\AppData\Roaming\Mozilla\Firefox\Profiles\qxo6284e.default\Extensions\ffxtlbr@delta.com FF Extension: softonic.com - C:\Users\SanDi\AppData\Roaming\Mozilla\Firefox\Profiles\qxo6284e.default\Extensions\ffxtlbra@softonic.com FF Extension: Searchqu Toolbar - C:\Users\SanDi\AppData\Roaming\Mozilla\Firefox\Profiles\qxo6284e.default\Extensions\{99079a25-328f-4bd4-be04-00955acaa0a7} FF Extension: plugin - C:\Users\SanDi\AppData\Roaming\Mozilla\Firefox\Profiles\qxo6284e.default\Extensions\plugin@yontoo.com.xpi FF Extension: No Name - C:\Users\SanDi\AppData\Roaming\Mozilla\Firefox\Profiles\qxo6284e.default\Extensions\{1FD91A9C-410C-4090-BBCC-55D3450EF433} FF Extension: No Name - C:\Users\SanDi\AppData\Roaming\Mozilla\Firefox\Profiles\qxo6284e.default\Extensions\{c45c406e-ab73-11d8-be73-000a95be3b12}.xpi FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} FF Extension: No Name - C:\Program Files (x86)\Mozilla Firefox\extensions\{1FD91A9C-410C-4090-BBCC-55D3450EF433} FF Extension: Default - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} FF HKLM-x32\...\Firefox\Extensions: [virtualKeyboard@kaspersky.ru] C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\FFExt\virtualKeyboard@kaspersky.ru FF HKLM-x32\...\Firefox\Extensions: [smartwebprinting@hp.com] C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 FF Extension: HP Smart Web Printing - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 FF HKLM-x32\...\Firefox\Extensions: [{01A8CA0A-4C96-465b-A49B-65C46FAD54F9}] C:\Program Files (x86)\Adobe\Adobe Contribute CS5.1\Plugins\FirefoxPlugin\{01A8CA0A-4C96-465b-A49B-65C46FAD54F9} FF Extension: Adobe Contribute Toolbar - C:\Program Files (x86)\Adobe\Adobe Contribute CS5.1\Plugins\FirefoxPlugin\{01A8CA0A-4C96-465b-A49B-65C46FAD54F9} FF HKLM-x32\...\Firefox\Extensions: [web2pdfextension@web2pdf.adobedotcom] C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn FF Extension: Adobe Acrobat - Create PDF - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn FF HKLM-x32\...\Firefox\Extensions: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\url_advisor@kaspersky.com FF Extension: Kaspersky URL Advisor - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\url_advisor@kaspersky.com FF HKLM-x32\...\Firefox\Extensions: [virtual_keyboard@kaspersky.com] C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\virtual_keyboard@kaspersky.com FF Extension: Virtual Keyboard - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\virtual_keyboard@kaspersky.com FF HKLM-x32\...\Firefox\Extensions: [anti_banner@kaspersky.com] C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\anti_banner@kaspersky.com FF Extension: Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\anti_banner@kaspersky.com FF HKLM-x32\...\Firefox\Extensions: [online_banking@kaspersky.com] C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\online_banking@kaspersky.com FF Extension: Safe Money - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\online_banking@kaspersky.com FF HKCU\...\Firefox\Extensions: [smartwebprinting@hp.com] C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 FF Extension: HP Smart Web Printing - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 Chrome: ======= CHR Extension: (Kaspersky URL Advisor) - C:\Users\SanDi\AppData\Local\Google\Chrome\User Data\Default\Extensions\dchlnpcodkpfdpacogkljefecpegganj\13.0.0.3370_0 CHR Extension: (Safe Money) - C:\Users\SanDi\AppData\Local\Google\Chrome\User Data\Default\Extensions\hakdifolhalapjijoafobooafbilfakh\13.0.0.3370_0 CHR Extension: (Virtual Keyboard) - C:\Users\SanDi\AppData\Local\Google\Chrome\User Data\Default\Extensions\jagncdcchgajhfhijbbhecadmaiegcmh\13.0.0.3370_0 CHR Extension: (Skype Click to Call) - C:\Users\SanDi\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.6.0.8442_0 CHR Extension: (Anti-Banner) - C:\Users\SanDi\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjldcfjmnllhmgjclecdnfampinooman\13.0.0.3370_0 CHR HKLM-x32\...\Chrome\Extension: [dchlnpcodkpfdpacogkljefecpegganj] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\ChromeExt\urladvisor.crx CHR HKLM-x32\...\Chrome\Extension: [hakdifolhalapjijoafobooafbilfakh] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\ChromeExt\online_banking_chrome.crx CHR HKLM-x32\...\Chrome\Extension: [jagncdcchgajhfhijbbhecadmaiegcmh] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\ChromeExt\virtkbd.crx CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx CHR HKLM-x32\...\Chrome\Extension: [niapdbllcanepiiimjjndipklodoedlc] - C:\Users\SanDi\AppData\Local\Temp\YontooLayers.crx CHR HKLM-x32\...\Chrome\Extension: [pjldcfjmnllhmgjclecdnfampinooman] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\ChromeExt\ab.crx ==================== Services (Whitelisted) ================= R2 AVP; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe [218880 2012-05-31] (Kaspersky Lab ZAO) R2 KMService; C:\Windows\SysWow64\srvany.exe [8192 2003-04-18] () S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [340240 2011-02-05] () R2 NitroReaderDriverReadSpool2; C:\Program Files\Common Files\Nitro PDF\Reader\2.0\NitroPDFReaderDriverService2x64.exe [341296 2011-06-21] (Nitro PDF Software) S3 npggsvc; C:\Windows\SysWow64\GameMon.des [3969336 2012-04-05] (INCA Internet Co., Ltd.) R2 RichVideo; C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe [244904 2010-12-14] () R2 watchmi; C:\Program Files (x86)\watchmi\TvdService.exe [62464 2010-12-06] () R3 WisLMSvc; C:\Program Files (x86)\Launch Manager\WisLMSvc.exe [118560 2009-10-23] (Wistron Corp.) R2 x10nets; C:\PROGRA~2\COMMON~1\X10\Common\x10nets.exe [20480 2009-11-07] (X10) ==================== Drivers (Whitelisted) ==================== R0 KL1; C:\Windows\System32\DRIVERS\kl1.sys [458544 2012-04-13] (Kaspersky Lab ZAO) R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [640344 2012-05-29] (Kaspersky Lab) R1 KLIM6; C:\Windows\System32\DRIVERS\klim6.sys [30000 2012-03-27] (Kaspersky Lab ZAO) R3 klkbdflt; C:\Windows\System32\DRIVERS\klkbdflt.sys [29016 2012-05-25] (Kaspersky Lab) R3 klmouflt; C:\Windows\System32\DRIVERS\klmouflt.sys [27992 2012-05-25] (Kaspersky Lab) R1 kltdi; C:\Windows\System32\DRIVERS\kltdi.sys [54064 2012-05-12] (Kaspersky Lab) R1 kneps; C:\Windows\System32\DRIVERS\kneps.sys [172888 2012-05-24] (Kaspersky Lab) S3 mod7764; C:\Windows\System32\DRIVERS\mod77-64.sys [1077416 2010-09-16] (DiBcom SA) S3 taphss6; C:\Windows\System32\DRIVERS\taphss6.sys [42184 2013-04-24] (Anchorfree Inc.) R3 X10Hid; C:\Windows\System32\Drivers\x10hid.sys [15896 2009-05-13] (X10 Wireless Technology, Inc.) S3 XUIF; C:\Windows\System32\Drivers\x10ufx2.sys [32792 2009-05-13] (X10 Wireless Technology, Inc.) S1 HWiNFO32; \??\G:\Hwinfo32\HWiNFO64A.SYS [x] S3 uxddrv; \??\F:\uxddrv64.sys [x] ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2013-08-21 20:30 - 2013-08-21 20:30 - 00015760 _____ C:\Users\Sandra\Documents\Logfiles.zip 2013-08-21 20:09 - 2013-08-21 20:09 - 00051348 _____ C:\Users\Sandra\Documents\FRST.txt 2013-08-21 20:09 - 2013-08-21 20:09 - 00051348 _____ C:\Users\Sandra\Documents\FRST.txt 2013-08-21 20:08 - 2013-08-21 20:08 - 00030276 _____ C:\Users\Sandra\Documents\FRS Tool.txt 2013-08-21 20:08 - 2013-08-21 20:08 - 00030276 _____ C:\Users\Sandra\Documents\FRS Tool.txt 2013-08-21 20:05 - 2013-08-21 20:05 - 00000000 ____D C:\FRST 2013-08-21 19:42 - 2013-08-21 19:42 - 00000000 ____D C:\Users\SanDi\AppData\Roaming\Malwarebytes 2013-08-21 19:39 - 2013-08-21 19:39 - 00001113 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk 2013-08-21 19:39 - 2013-08-21 19:39 - 00000000 ____D C:\ProgramData\Malwarebytes 2013-08-21 19:39 - 2013-08-21 19:39 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware 2013-08-21 19:39 - 2013-04-04 14:50 - 00025928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys 2013-08-15 09:44 - 2013-07-26 07:13 - 02241024 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2013-08-15 09:44 - 2013-07-26 07:13 - 01365504 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2013-08-15 09:44 - 2013-07-26 07:13 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe 2013-08-15 09:44 - 2013-07-26 07:12 - 19239424 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2013-08-15 09:44 - 2013-07-26 07:12 - 15405056 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2013-08-15 09:44 - 2013-07-26 07:12 - 03958784 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2013-08-15 09:44 - 2013-07-26 07:12 - 02647040 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2013-08-15 09:44 - 2013-07-26 07:12 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll 2013-08-15 09:44 - 2013-07-26 07:12 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2013-08-15 09:44 - 2013-07-26 07:12 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll 2013-08-15 09:44 - 2013-07-26 07:12 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll 2013-08-15 09:44 - 2013-07-26 07:12 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll 2013-08-15 09:44 - 2013-07-26 07:12 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll 2013-08-15 09:44 - 2013-07-26 07:12 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll 2013-08-15 09:44 - 2013-07-26 05:35 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2013-08-15 09:44 - 2013-07-26 05:13 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2013-08-15 09:44 - 2013-07-26 05:13 - 01141248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2013-08-15 09:44 - 2013-07-26 05:12 - 14329344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2013-08-15 09:44 - 2013-07-26 05:12 - 02877440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll 2013-08-15 09:44 - 2013-07-26 05:12 - 02048512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2013-08-15 09:44 - 2013-07-26 05:12 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll 2013-08-15 09:44 - 2013-07-26 05:12 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll 2013-08-15 09:44 - 2013-07-26 05:12 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll 2013-08-15 09:44 - 2013-07-26 05:12 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll 2013-08-15 09:44 - 2013-07-26 05:12 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll 2013-08-15 09:44 - 2013-07-26 05:12 - 00039936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll 2013-08-15 09:44 - 2013-07-26 05:11 - 13761024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2013-08-15 09:44 - 2013-07-26 05:11 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll 2013-08-15 09:44 - 2013-07-26 04:49 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb 2013-08-15 09:44 - 2013-07-26 04:39 - 00089600 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe 2013-08-15 09:44 - 2013-07-26 03:59 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe 2013-08-14 16:51 - 2013-07-09 07:52 - 00224256 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll 2013-08-14 16:51 - 2013-07-09 07:46 - 01472512 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll 2013-08-14 16:51 - 2013-07-09 07:46 - 00184320 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll 2013-08-14 16:51 - 2013-07-09 07:46 - 00139776 _____ (Microsoft Corporation) C:\Windows\system32\cryptnet.dll 2013-08-14 16:51 - 2013-07-09 06:52 - 00175104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll 2013-08-14 16:51 - 2013-07-09 06:46 - 01166848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll 2013-08-14 16:51 - 2013-07-09 06:46 - 00140288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll 2013-08-14 16:51 - 2013-07-09 06:46 - 00103936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll 2013-08-14 16:50 - 2013-07-25 11:25 - 01888768 _____ (Microsoft Corporation) C:\Windows\system32\WMVDECOD.DLL 2013-08-14 16:50 - 2013-07-25 10:57 - 01620992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVDECOD.DLL 2013-08-14 16:50 - 2013-07-19 03:58 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll 2013-08-14 16:50 - 2013-07-19 03:41 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll 2013-08-14 16:50 - 2013-07-09 08:03 - 05550528 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe 2013-08-14 16:50 - 2013-07-09 07:54 - 01732032 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll 2013-08-14 16:50 - 2013-07-09 07:53 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll 2013-08-14 16:50 - 2013-07-09 07:51 - 01217024 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll 2013-08-14 16:50 - 2013-07-09 07:03 - 03968960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe 2013-08-14 16:50 - 2013-07-09 07:03 - 03913664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe 2013-08-14 16:50 - 2013-07-09 06:53 - 01292192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll 2013-08-14 16:50 - 2013-07-09 06:52 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll 2013-08-14 16:50 - 2013-07-09 06:52 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll 2013-08-14 16:50 - 2013-07-09 04:49 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe 2013-08-14 16:50 - 2013-07-09 04:49 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll 2013-08-14 16:50 - 2013-07-09 04:49 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe 2013-08-14 16:50 - 2013-07-09 04:49 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe 2013-08-14 16:50 - 2013-07-06 08:03 - 01910208 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys 2013-08-14 16:50 - 2013-06-15 06:32 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tssecsrv.sys 2013-08-11 21:48 - 2013-08-11 21:48 - 00002517 _____ C:\Users\Public\Desktop\Skype.lnk 2013-08-09 13:12 - 2013-08-09 13:12 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox 2013-08-07 14:02 - 2013-08-09 20:03 - 00146432 ___SH C:\Users\Sandra\Documents\Thumbs.db 2013-08-07 14:02 - 2013-08-09 20:03 - 00146432 ___SH C:\Users\Sandra\Documents\Thumbs.db 2013-07-31 14:15 - 2013-08-15 09:37 - 00000000 ____D C:\Windows\system32\MRT 2013-07-29 14:56 - 2013-07-29 15:15 - 00080363 _____ C:\Users\Sandra\Documents\Wochenkalender-2013 - mit Ankommen und Pausen.xlsx 2013-07-29 14:56 - 2013-07-29 15:15 - 00080363 _____ C:\Users\Sandra\Documents\Wochenkalender-2013 - mit Ankommen und Pausen.xlsx 2013-07-29 14:41 - 2013-07-29 14:41 - 00167424 _____ C:\Users\Sandra\Documents\Wochenkalender-2013 - mit Ankommen und Pausen.xls 2013-07-29 14:41 - 2013-07-29 14:41 - 00167424 _____ C:\Users\Sandra\Documents\Wochenkalender-2013 - mit Ankommen und Pausen.xls 2013-07-28 15:38 - 2013-07-28 15:38 - 00001074 _____ C:\Users\Public\Desktop\Exact Audio Copy.lnk 2013-07-28 15:17 - 2013-07-28 15:17 - 00001409 _____ C:\Users\SanDi\Desktop\Free Audio CD to MP3 Converter.lnk 2013-07-28 12:54 - 2013-07-28 12:54 - 00167424 _____ C:\Users\Sandra\Documents\Wochenkalender-2013.xls 2013-07-28 12:54 - 2013-07-28 12:54 - 00167424 _____ C:\Users\Sandra\Documents\Wochenkalender-2013.xls 2013-07-26 17:02 - 2013-07-26 17:03 - 00000000 ____D C:\Users\SanDi\AppData\Local\{A82762E1-7922-4D49-B5DA-D73D4403A9F8} ==================== One Month Modified Files and Folders ======= 2013-08-21 20:58 - 2011-07-08 21:01 - 00001110 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2013-08-21 20:46 - 2011-07-08 21:07 - 00000000 ___RD C:\Users\Sandra\Favoriten Internet 2013-08-21 20:32 - 2012-03-30 10:07 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job 2013-08-21 20:30 - 2013-08-21 20:30 - 00015760 _____ C:\Users\Sandra\Documents\Logfiles.zip 2013-08-21 20:30 - 2013-08-21 20:30 - 00015760 _____ C:\Users\Sandra\Documents\Logfiles.zip 2013-08-21 20:09 - 2013-08-21 20:09 - 00051348 _____ C:\Users\Sandra\Documents\FRST.txt 2013-08-21 20:09 - 2013-08-21 20:09 - 00051348 _____ C:\Users\Sandra\Documents\FRST.txt 2013-08-21 20:08 - 2013-08-21 20:08 - 00030276 _____ C:\Users\Sandra\Documents\FRS Tool.txt 2013-08-21 20:08 - 2013-08-21 20:08 - 00030276 _____ C:\Users\Sandra\Documents\FRS Tool.txt 2013-08-21 20:06 - 2011-07-08 21:05 - 00000000 ____D C:\ProgramData\Kaspersky Lab 2013-08-21 20:05 - 2013-08-21 20:05 - 00000000 ____D C:\FRST 2013-08-21 20:04 - 2009-07-14 06:45 - 00016976 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2013-08-21 20:04 - 2009-07-14 06:45 - 00016976 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2013-08-21 20:01 - 2011-07-08 20:59 - 01082578 _____ C:\Windows\WindowsUpdate.log 2013-08-21 19:42 - 2013-08-21 19:42 - 00000000 ____D C:\Users\SanDi\AppData\Roaming\Malwarebytes 2013-08-21 19:39 - 2013-08-21 19:39 - 00001113 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk 2013-08-21 19:39 - 2013-08-21 19:39 - 00000000 ____D C:\ProgramData\Malwarebytes 2013-08-21 19:39 - 2013-08-21 19:39 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware 2013-08-18 19:38 - 2013-01-11 23:09 - 00000000 ____D C:\ProgramData\fluxDVD 2013-08-18 17:43 - 2013-06-13 07:48 - 00002713 _____ C:\Windows\setupact.log 2013-08-16 20:27 - 2011-10-13 20:25 - 00000000 ____D C:\Users\SanDi\AppData\Roaming\Skype 2013-08-15 16:00 - 2012-01-30 16:46 - 00000000 ____D C:\Users\Sandra\Documents\Kontoauszüge Sparkasse Duisburg 2013-08-15 16:00 - 2012-01-30 16:46 - 00000000 ____D C:\Users\Sandra\Documents\Kontoauszüge Sparkasse Duisburg 2013-08-15 15:41 - 2011-11-15 09:38 - 00000000 ____D C:\Users\Sandra\Documents\Outlook-Dateien 2013-08-15 15:41 - 2011-11-15 09:38 - 00000000 ____D C:\Users\Sandra\Documents\Outlook-Dateien 2013-08-15 15:39 - 2012-06-01 17:01 - 00000000 ____D C:\Users\Sandra\Documents\Dirk 2013-08-15 15:39 - 2012-06-01 17:01 - 00000000 ____D C:\Users\Sandra\Documents\Dirk 2013-08-15 10:18 - 2011-07-25 11:20 - 00000000 ___RD C:\Users\SanDi\Dropbox 2013-08-15 10:18 - 2011-07-25 11:18 - 00000000 ____D C:\Users\SanDi\AppData\Roaming\Dropbox 2013-08-15 10:15 - 2011-07-08 21:01 - 00001106 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2013-08-15 10:13 - 2009-07-14 07:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT 2013-08-15 09:40 - 2011-04-24 01:02 - 00654400 _____ C:\Windows\system32\perfh007.dat 2013-08-15 09:40 - 2011-04-24 01:02 - 00130240 _____ C:\Windows\system32\perfc007.dat 2013-08-15 09:40 - 2009-07-14 07:13 - 01520734 _____ C:\Windows\system32\PerfStringBackup.INI 2013-08-15 09:37 - 2013-07-31 14:15 - 00000000 ____D C:\Windows\system32\MRT 2013-08-15 08:19 - 2011-04-24 01:44 - 78161360 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe 2013-08-13 16:38 - 2012-05-28 08:46 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service 2013-08-13 16:38 - 2009-07-14 07:08 - 00032640 _____ C:\Windows\Tasks\SCHEDLGU.TXT 2013-08-13 08:07 - 2011-08-26 16:04 - 00118272 ___SH C:\Users\SanDi\Thumbs.db 2013-08-11 21:48 - 2013-08-11 21:48 - 00002517 _____ C:\Users\Public\Desktop\Skype.lnk 2013-08-11 21:48 - 2011-10-13 20:25 - 00000000 ___RD C:\Program Files (x86)\Skype 2013-08-11 21:48 - 2011-10-13 20:24 - 00000000 ____D C:\ProgramData\Skype 2013-08-11 21:38 - 2013-06-14 19:41 - 547056337 _____ C:\Windows\MEMORY.DMP 2013-08-09 20:03 - 2013-08-07 14:02 - 00146432 ___SH C:\Users\Sandra\Documents\Thumbs.db 2013-08-09 20:03 - 2013-08-07 14:02 - 00146432 ___SH C:\Users\Sandra\Documents\Thumbs.db 2013-08-09 13:12 - 2013-08-09 13:12 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox 2013-08-05 20:03 - 2011-09-29 09:15 - 00000000 ____D C:\Users\Sandra\Documents\Eigene Scans 2013-08-05 20:03 - 2011-09-29 09:15 - 00000000 ____D C:\Users\Sandra\Documents\Eigene Scans 2013-08-01 16:00 - 2011-07-08 21:01 - 00002187 _____ C:\Users\Public\Desktop\Google Chrome.lnk 2013-07-31 10:06 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\system32\NDF 2013-07-29 15:15 - 2013-07-29 14:56 - 00080363 _____ C:\Users\Sandra\Documents\Wochenkalender-2013 - mit Ankommen und Pausen.xlsx 2013-07-29 15:15 - 2013-07-29 14:56 - 00080363 _____ C:\Users\Sandra\Documents\Wochenkalender-2013 - mit Ankommen und Pausen.xlsx 2013-07-29 14:41 - 2013-07-29 14:41 - 00167424 _____ C:\Users\Sandra\Documents\Wochenkalender-2013 - mit Ankommen und Pausen.xls 2013-07-29 14:41 - 2013-07-29 14:41 - 00167424 _____ C:\Users\Sandra\Documents\Wochenkalender-2013 - mit Ankommen und Pausen.xls 2013-07-28 21:00 - 2013-07-12 15:32 - 00001310 _____ C:\Windows\PFRO.log 2013-07-28 15:38 - 2013-07-28 15:38 - 00001074 _____ C:\Users\Public\Desktop\Exact Audio Copy.lnk 2013-07-28 15:38 - 2012-10-14 10:38 - 00000000 ____D C:\Program Files (x86)\Exact Audio Copy 2013-07-28 15:31 - 2012-10-14 11:02 - 00000000 ____D C:\Users\Sandra\Documents\DVDVideoSoft 2013-07-28 15:31 - 2012-10-14 11:02 - 00000000 ____D C:\Users\Sandra\Documents\DVDVideoSoft 2013-07-28 15:17 - 2013-07-28 15:17 - 00001409 _____ C:\Users\SanDi\Desktop\Free Audio CD to MP3 Converter.lnk 2013-07-28 15:17 - 2013-05-05 19:34 - 00000000 ____D C:\Users\SanDi\AppData\Roaming\OpenCandy 2013-07-28 15:17 - 2013-05-05 19:34 - 00000000 ____D C:\Program Files (x86)\DVDVideoSoft 2013-07-28 15:17 - 2012-10-14 10:52 - 00000000 ____D C:\Users\SanDi\AppData\Roaming\DVDVideoSoft 2013-07-28 14:42 - 2013-07-12 15:33 - 00003432 _____ C:\Windows\System32\Tasks\BrowserProtect 2013-07-28 12:54 - 2013-07-28 12:54 - 00167424 _____ C:\Users\Sandra\Documents\Wochenkalender-2013.xls 2013-07-28 12:54 - 2013-07-28 12:54 - 00167424 _____ C:\Users\Sandra\Documents\Wochenkalender-2013.xls 2013-07-26 17:03 - 2013-07-26 17:02 - 00000000 ____D C:\Users\SanDi\AppData\Local\{A82762E1-7922-4D49-B5DA-D73D4403A9F8} 2013-07-26 07:13 - 2013-08-15 09:44 - 02241024 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2013-07-26 07:13 - 2013-08-15 09:44 - 01365504 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2013-07-26 07:13 - 2013-08-15 09:44 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe 2013-07-26 07:12 - 2013-08-15 09:44 - 19239424 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2013-07-26 07:12 - 2013-08-15 09:44 - 15405056 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2013-07-26 07:12 - 2013-08-15 09:44 - 03958784 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2013-07-26 07:12 - 2013-08-15 09:44 - 02647040 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2013-07-26 07:12 - 2013-08-15 09:44 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll 2013-07-26 07:12 - 2013-08-15 09:44 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2013-07-26 07:12 - 2013-08-15 09:44 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll 2013-07-26 07:12 - 2013-08-15 09:44 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll 2013-07-26 07:12 - 2013-08-15 09:44 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll 2013-07-26 07:12 - 2013-08-15 09:44 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll 2013-07-26 07:12 - 2013-08-15 09:44 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll 2013-07-26 05:35 - 2013-08-15 09:44 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2013-07-26 05:13 - 2013-08-15 09:44 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2013-07-26 05:13 - 2013-08-15 09:44 - 01141248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2013-07-26 05:12 - 2013-08-15 09:44 - 14329344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2013-07-26 05:12 - 2013-08-15 09:44 - 02877440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll 2013-07-26 05:12 - 2013-08-15 09:44 - 02048512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2013-07-26 05:12 - 2013-08-15 09:44 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll 2013-07-26 05:12 - 2013-08-15 09:44 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll 2013-07-26 05:12 - 2013-08-15 09:44 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll 2013-07-26 05:12 - 2013-08-15 09:44 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll 2013-07-26 05:12 - 2013-08-15 09:44 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll 2013-07-26 05:12 - 2013-08-15 09:44 - 00039936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll 2013-07-26 05:11 - 2013-08-15 09:44 - 13761024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2013-07-26 05:11 - 2013-08-15 09:44 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll 2013-07-26 04:49 - 2013-08-15 09:44 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb 2013-07-26 04:39 - 2013-08-15 09:44 - 00089600 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe 2013-07-26 03:59 - 2013-08-15 09:44 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe 2013-07-25 11:25 - 2013-08-14 16:50 - 01888768 _____ (Microsoft Corporation) C:\Windows\system32\WMVDECOD.DLL 2013-07-25 10:57 - 2013-08-14 16:50 - 01620992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVDECOD.DLL ==================== Bamital & volsnap Check ================= C:\Windows\System32\winlogon.exe => MD5 is legit C:\Windows\System32\wininit.exe => MD5 is legit C:\Windows\SysWOW64\wininit.exe => MD5 is legit C:\Windows\explorer.exe => MD5 is legit C:\Windows\SysWOW64\explorer.exe => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\SysWOW64\svchost.exe => MD5 is legit C:\Windows\System32\services.exe => MD5 is legit C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\SysWOW64\User32.dll => MD5 is legit C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\SysWOW64\userinit.exe => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit LastRegBack: 2013-07-27 07:45 ==================== End Of Log ============================ FRST Additions Logfile: Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x64) Version: 21-08-2013 Ran by SanDi at 2013-08-21 21:10:00 Running from C:\Users\SanDi\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\M4ONTJKO Boot Mode: Normal ========================================================== ==================== Installed Programs ======================= 4500_G510af_Help (x32 Version: 000.0.439.000) 4500G510af (x32 Version: 000.0.423.000) 4500G510af_Software_Min (x32 Version: 000.0.423.000) 64 Bit HP CIO Components Installer (Version: 6.2.1) 7-Zip 9.20 (x32) Adobe Acrobat X Pro - English, Français, Deutsch (x32 Version: 10.1.7) Adobe AIR (x32 Version: 2.7.0.19530) Adobe Community Help (x32 Version: 3.4.980) Adobe Creative Suite 5.5 Web Premium (x32 Version: 5.5) Adobe Download Assistant (x32 Version: 1.0.2) Adobe Flash Player 11 ActiveX (x32 Version: 11.7.700.224) Adobe Flash Player 11 Plugin (x32 Version: 11.7.700.224) Adobe Reader X (10.1.7) MUI (x32 Version: 10.1.7) Adobe Widget Browser (x32 Version: 2.0 Build 230) Adobe Widget Browser (x32 Version: 2.0.230) ALDI SÜD Mah Jong (x32) AMI VR-pulse OS Switcher (Version: 1.1) Apple Application Support (x32 Version: 2.3.2) Apple Mobile Device Support (Version: 6.0.1.3) Apple Software Update (x32 Version: 2.1.3.127) Ashampoo Burning Studio (x32 Version: 9.23.0) Ashampoo Photo Commander (x32 Version: 8.3.2) Ashampoo Photo Optimizer (x32 Version: 3.12.0) Ashampoo Snap (x32 Version: 3.4.1) Ask Toolbar (x32 Version: 1.15.4.0) Ask Toolbar Updater (HKCU Version: 1.2.2.23821) Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver (x32 Version: 1.0.0.39) Bonjour (Version: 3.0.0.10) BrowserProtect (x32) BufferChm (x32 Version: 130.0.331.000) CaddieSync Express 1.5.14 (x32 Version: 1.5.14) Cisco WebEx Meetings (x32) Contrôle ActiveX Windows Live Mesh pour connexions à distance (x32 Version: 15.4.5722.2) Corel Graphics - Windows Shell Extension (x32 Version: 15.1.0.588) Corel Graphics - Windows Shell Extension (x32 Version: 15.1.588) CorelDRAW Essentials X5 - Common (x32 Version: 15.0) CorelDRAW Essentials X5 - Connect (x32 Version: 15.0) CorelDRAW Essentials X5 - Custom Data (x32 Version: 15.0) CorelDRAW Essentials X5 - DE (x32 Version: 15.0) CorelDRAW Essentials X5 - Draw (x32 Version: 15.0) CorelDRAW Essentials X5 - EN (x32 Version: 15.0) CorelDRAW Essentials X5 - ES (x32 Version: 15.0) CorelDRAW Essentials X5 - Extra Content (x32 Version: 15.0) CorelDRAW Essentials X5 - Filters (x32 Version: 15.0) CorelDRAW Essentials X5 - FR (x32 Version: 15.0) CorelDRAW Essentials X5 - IPM (x32 Version: 15.0) CorelDRAW Essentials X5 - IT (x32 Version: 15.0) CorelDRAW Essentials X5 - PHOTO-PAINT (x32 Version: 15.0) CorelDRAW Essentials X5 - Redist (x32 Version: 15.0) CorelDRAW Essentials X5 - Setup Files (x32 Version: 15.0) CorelDRAW Essentials X5 - WT (x32 Version: 15.0) CorelDRAW Essentials X5 (x32 Version: 15.0) CorelDRAW Essentials X5 (x32 Version: 15.1.0.588) CorelDRAW Graphics Suite X5 - Windows Shell Extension 64 Bit (Version: 15.1.588) CyberLink LabelPrint (x32 Version: 2.5.3624) CyberLink MediaEspresso (x32 Version: 6.5.1508_36229) CyberLink MediaShow (x32 Version: 5.1.2414) CyberLink PhotoNow (x32 Version: 1.1.0.6904) CyberLink Power2Go (x32 Version: 7.0.0.1327) CyberLink PowerDirector (x32 Version: 8.0.4020) CyberLink PowerDVD 10 (x32 Version: 10.0.2731.02) CyberLink PowerDVD Copy (x32 Version: 1.5.1306) CyberLink PowerProducer (x32 Version: 5.0.2.3503) CyberLink YouCam (x32 Version: 3.1.4013) D3DX10 (x32 Version: 15.4.2368.0902) Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition (x32) Delta toolbar (x32 Version: 1.8.16.16) Destinations (x32 Version: 130.0.0.0) DeviceDiscovery (x32 Version: 130.0.372.000) DocMgr (x32 Version: 130.0.000.000) DocProc (x32 Version: 13.0.0.0) Dolby Home Theater v4 (x32 Version: 7.2.7000.4) Dropbox (HKCU Version: 2.0.22) eaner (Version: 3.12) Exact Audio Copy 1.0beta3 (x32 Version: 1.0beta3) Fax (x32 Version: 130.0.418.000) Fotogalerija Windows Live (x32 Version: 15.4.3502.0922) Free Audio CD to MP3 Converter version 1.3.12.1228 (x32 Version: 1.3.12.1228) Free M4a to MP3 Converter 7.2 (x32) Free Mp3 Wma Converter V 2.2 (x32 Version: 2.2.0.0) Free YouTube to MP3 Converter version 3.12.2.426 (x32 Version: 3.12.2.426) Galerie de photos Windows Live (x32 Version: 15.4.3502.0922) Google Chrome (x32 Version: 28.0.1500.95) Google Toolbar for Internet Explorer (x32 Version: 1.0.0) Google Toolbar for Internet Explorer (x32 Version: 7.5.4209.2358) Google Update Helper (x32 Version: 1.3.21.153) GPBaseService2 (x32 Version: 130.0.371.000) HP Customer Participation Program 13.0 (Version: 13.0) HP Document Manager 2.0 (Version: 2.0) HP Imaging Device Functions 13.0 (Version: 13.0) HP Officejet 4500 G510a-f (Version: 13.0) HP Smart Web Printing 4.5 (Version: 4.5) HP Solution Center 13.0 (Version: 13.0) HP Update (x32 Version: 4.000.011.006) HPProductAssistant (x32 Version: 130.0.371.000) HPSSupply (x32 Version: 130.0.371.000) Intel PROSet Wireless Intel(R) Management Engine Components (x32 Version: 7.0.0.1144) Intel(R) Processor Graphics (x32 Version: 8.15.10.2353) Intel(R) PROSet/Wireless Software for Bluetooth(R) Technology (Version: 1.0.2.0518) Intel(R) PROSet/Wireless WiFi Software (Version: 14.0.3000) Intel(R) Rapid Storage Technology (x32 Version: 10.1.0.1008) Intel(R) WiDi (x32 Version: 2.1.35.0) Intel(R) Wireless Display iTunes (Version: 11.0.1.12) Java 7 Update 13 (x32 Version: 7.0.130) Java Auto Updater (x32 Version: 2.1.9.0) Junk Mail filter update (x32 Version: 15.4.3502.0922) Kaspersky Internet Security 2013 (x32 Version: 13.0.0.3370) Kontrolnik Windows Live Mesh ActiveX za oddaljene povezave (x32 Version: 15.4.5722.2) Launch Manager (x32 Version: 1.5.1.3) Malwarebytes Anti-Malware Version 1.75.0.1300 (x32 Version: 1.75.0.1300) MarketResearch (x32 Version: 130.0.374.000) Medion Home Cinema (x32 Version: 8.0.2608) Mesh Runtime (x32 Version: 15.4.5722.2) Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319) Microsoft Application Error Reporting (Version: 12.0.6015.5000) Microsoft Office 2010 Service Pack 1 (SP1) (x32) Microsoft Office Access MUI (German) 2010 (x32 Version: 14.0.6029.1000) Microsoft Office Excel MUI (German) 2010 (x32 Version: 14.0.6029.1000) Microsoft Office Groove MUI (German) 2010 (x32 Version: 14.0.6029.1000) Microsoft Office InfoPath MUI (German) 2010 (x32 Version: 14.0.6029.1000) Microsoft Office Office 64-bit Components 2010 (Version: 14.0.6029.1000) Microsoft Office OneNote MUI (German) 2010 (x32 Version: 14.0.6029.1000) Microsoft Office Outlook MUI (German) 2010 (x32 Version: 14.0.6029.1000) Microsoft Office PowerPoint MUI (German) 2010 (x32 Version: 14.0.6029.1000) Microsoft Office Professional Plus 2010 (x32 Version: 14.0.6029.1000) Microsoft Office Proof (English) 2010 (x32 Version: 14.0.6029.1000) Microsoft Office Proof (French) 2010 (x32 Version: 14.0.6029.1000) Microsoft Office Proof (German) 2010 (x32 Version: 14.0.6029.1000) Microsoft Office Proof (Italian) 2010 (x32 Version: 14.0.6029.1000) Microsoft Office Proofing (German) 2010 (x32 Version: 14.0.6029.1000) Microsoft Office Publisher MUI (German) 2010 (x32 Version: 14.0.6029.1000) Microsoft Office Shared 64-bit MUI (German) 2010 (Version: 14.0.6029.1000) Microsoft Office Shared MUI (German) 2010 (x32 Version: 14.0.6029.1000) Microsoft Office Word MUI (German) 2010 (x32 Version: 14.0.6029.1000) Microsoft Silverlight (Version: 5.1.20513.0) Microsoft SQL Server 2005 Compact Edition [ENU] (x32 Version: 3.1.0000) Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 (Version: 8.0.50727.4053) Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (x32 Version: 8.0.50727.4053) Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.61001) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (Version: 9.0.30729) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (x32 Version: 9.0.30729) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (x32 Version: 9.0.30729.6161) Microsoft_VC80_ATL_x86 (x32 Version: 8.0.50727.4053) Microsoft_VC80_ATL_x86_x64 (Version: 8.0.50727.4053) Microsoft_VC80_CRT_x86 (x32 Version: 8.0.50727.4053) Microsoft_VC80_CRT_x86_x64 (Version: 8.0.50727.4053) Microsoft_VC80_MFC_x86 (x32 Version: 8.0.50727.4053) Microsoft_VC80_MFC_x86_x64 (Version: 8.0.50727.4053) Microsoft_VC80_MFCLOC_x86 (x32 Version: 8.0.50727.4053) Microsoft_VC80_MFCLOC_x86_x64 (Version: 80.50727.4053) Microsoft_VC90_ATL_x86 (x32 Version: 1.00.0000) Microsoft_VC90_ATL_x86_x64 (Version: 1.00.0000) Microsoft_VC90_CRT_x86 (x32 Version: 1.00.0000) Microsoft_VC90_CRT_x86_x64 (Version: 1.00.0000) Microsoft_VC90_MFC_x86 (x32 Version: 1.00.0000) Microsoft_VC90_MFC_x86_x64 (Version: 1.00.0000) Microsoft_VC90_MFCLOC_x86 (x32 Version: 1.00.0000) Microsoft_VC90_MFCLOC_x86_x64 (Version: 1.00.0000) Mozilla Firefox 21.0 (x86 de) (x32 Version: 21.0) Mozilla Maintenance Service (x32 Version: 21.0) MSVCRT (x32 Version: 15.4.2862.0708) MSVCRT_amd64 (x32 Version: 15.4.2862.0708) MSXML 4.0 SP2 (KB954430) (x32 Version: 4.20.9870.0) MSXML 4.0 SP2 (KB973688) (x32 Version: 4.20.9876.0) Nitro PDF Reader 2 (Version: 2.0.0.29) OCR Software by I.R.I.S. 13.0 (Version: 13.0) PDF Settings CS5 (x32 Version: 10.0) PlayReady PC Runtime amd64 (Version: 1.3.0) Pošta Windows Live (x32 Version: 15.4.3502.0922) Raccolta foto di Windows Live (x32 Version: 15.4.3502.0922) Realtek High Definition Audio Driver (x32 Version: 6.0.1.6334) Realtek USB 2.0 Reader Driver (x32 Version: 6.1.7600.10010) Renesas Electronics USB 3.0 Host Controller Driver (x32 Version: 2.0.34.0) Scan (x32 Version: 13.0.0.0) Shop for HP Supplies (Version: 13.0) Silicon Laboratories CP210x USB to UART Bridge (Driver Removal) (x32) Skype Click to Call (x32 Version: 5.6.8442) Skype™ 6.6 (x32 Version: 6.6.106) SmartWebPrinting (x32 Version: 130.0.373.000) Softonic toolbar on IE (x32) SolutionCenter (x32 Version: 130.0.373.000) Spelling Dictionaries Support For Adobe Reader X (x32 Version: 10.0.0) Status (x32 Version: 130.0.373.000) Synaptics Pointing Device Driver (Version: 15.1.12.0) Toolbox (x32 Version: 130.0.648.000) TrayApp (x32 Version: 130.0.376.000) Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (x32 Version: 1) Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (x32 Version: 1) Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (x32 Version: 1) Update for Microsoft .NET Framework 4 Client Profile (KB2836939) (x32 Version: 1) Update for Microsoft Office 2010 (KB2494150) (x32) Update for Microsoft Office 2010 (KB2553065) (x32) Update for Microsoft Office 2010 (KB2553092) (x32) Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition (x32) Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition (x32) Update for Microsoft Office 2010 (KB2553270) 32-Bit Edition (x32) Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition (x32) Update for Microsoft Office 2010 (KB2553378) 32-Bit Edition (x32) Update for Microsoft Office 2010 (KB2566458) (x32) Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition (x32) Update for Microsoft Office 2010 (KB2598242) 32-Bit Edition (x32) Update for Microsoft Office 2010 (KB2687503) 32-Bit Edition (x32) Update for Microsoft Office 2010 (KB2687509) 32-Bit Edition (x32) Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition (x32) Update for Microsoft Office 2010 (KB2767886) 32-Bit Edition (x32) Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition (x32) Update for Microsoft Outlook 2010 (KB2597090) 32-Bit Edition (x32) Update for Microsoft Outlook 2010 (KB2687623) 32-Bit Edition (x32) Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition (x32) Update for Microsoft PowerPoint 2010 (KB2598240) 32-Bit Edition (x32) Update for Microsoft SharePoint Workspace 2010 (KB2589371) 32-Bit Edition (x32) Versandhelfer (x32 Version: 0.9.511) Videoload Manager 2.0.2220 (x32 Version: 2.0.2220) VLC media player 2.0.3 (x32 Version: 2.0.3) VR-pulse Installer (Version: 1.4.0) watchmi (x32 Version: 2.5.0) WebReg (x32 Version: 130.0.132.017) Windows Live (x32 Version: 15.4.3502.0922) Windows Live Communications Platform (x32 Version: 15.4.3502.0922) Windows Live Essentials (x32 Version: 15.4.3502.0922) Windows Live Essentials (x32 Version: 15.4.3508.1109) Windows Live Fotogalerie (x32 Version: 15.4.3502.0922) Windows Live Fotótár (x32 Version: 15.4.3502.0922) Windows Live ID Sign-in Assistant (Version: 7.250.4225.0) Windows Live Installer (x32 Version: 15.4.3502.0922) Windows Live Language Selector (Version: 15.4.3508.1109) Windows Live Mail (x32 Version: 15.4.3502.0922) Windows Live Mesh (x32 Version: 15.4.3502.0922) Windows Live Mesh ActiveX control for remote connections (x32 Version: 15.4.5722.2) Windows Live Mesh ActiveX Control for Remote Connections (x32 Version: 15.4.5722.2) Windows Live Mesh ActiveX-objekt til fjernforbindelser (x32 Version: 15.4.5722.2) Windows Live Mesh ActiveX-vezérlő távoli kapcsolatokhoz (x32 Version: 15.4.5722.2) Windows Live Messenger (x32 Version: 15.4.3502.0922) Windows Live MIME IFilter (Version: 15.4.3502.0922) Windows Live Movie Maker (x32 Version: 15.4.3502.0922) Windows Live Photo Common (x32 Version: 15.4.3502.0922) Windows Live Photo Gallery (x32 Version: 15.4.3502.0922) Windows Live PIMT Platform (x32 Version: 15.4.3508.1109) Windows Live Remote Client (Version: 15.4.5722.2) Windows Live Remote Client Resources (Version: 15.4.5722.2) Windows Live Remote Service (Version: 15.4.5722.2) Windows Live Remote Service Resources (Version: 15.4.5722.2) Windows Live SOXE (x32 Version: 15.4.3502.0922) Windows Live SOXE Definitions (x32 Version: 15.4.3502.0922) Windows Live UX Platform (x32 Version: 15.4.3502.0922) Windows Live UX Platform Language Pack (x32 Version: 15.4.3508.1109) Windows Live Writer (x32 Version: 15.4.3502.0922) Windows Live Writer Resources (x32 Version: 15.4.3502.0922) Windows Media Encoder 9 Series (x32 Version: 9.00.2980) Windows Media Encoder 9 Series (x32) Windows Searchqu Toolbar (x32 Version: 4.1.0.3028) X10 Hardware(TM) (x32) Yahoo! Toolbar (x32) Yontoo 1.10.02 (Version: 1.10.02) ==================== Restore Points ========================= 12-07-2013 11:57:43 Windows Update 28-07-2013 13:17:52 Uniblue SpeedUpMyPC installation 31-07-2013 12:14:30 Windows Update 15-08-2013 06:16:39 Windows Update ==================== Hosts content: ========================== 2009-07-14 04:34 - 2009-06-10 23:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts ==================== Scheduled Tasks (whitelisted) ============= Task: {16FC49D1-F774-44AD-A019-1C49E67288FC} - System32\Tasks\Microsoft\Windows\TabletPC\InputPersonalization => C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe [2009-07-14] (Microsoft Corporation) Task: {1ED9492B-F427-4F9A-AFD9-C6E8C0B92B12} - \AdobeFlashPlayerUpdate No Task File Task: {23C7D070-A58C-43DA-8E05-33EDE0F1B476} - \AdobeFlashPlayerUpdate 2 No Task File Task: {2DF55B99-F234-4438-8A3A-A562FB6A94FD} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.) Task: {69DAA773-1433-4149-A9CF-31F56AE475B2} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-07-08] (Google Inc.) Task: {744FF9BD-9F4A-4FC2-B7BC-F5C7FB077C75} - System32\Tasks\Scheduled Update for Ask Toolbar => C:\Program Files (x86)\Ask.com\UpdateTask.exe [2012-06-06] () Task: {AC0431C7-8EEC-489C-808B-81F76B84C3D3} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-07-08] (Google Inc.) Task: {ACC9EDB9-28A1-44F3-B56D-7CDA804F3449} - \Adobe Flash Player Updater No Task File Task: {BBD8DE02-7526-46F8-B724-9BD86B0DFC5C} - System32\Tasks\BrowserProtect => C:\Windows\system32\sc.exe [2009-07-14] (Microsoft Corporation) Task: {BE335EC6-C99E-48A1-93C3-93AF0656B90A} - System32\Tasks\AdobeAAMUpdater-1.0-SanDi-Läppi-SanDi => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2011-03-30] (Adobe Systems Incorporated) Task: {EECECAD0-C2C1-4ACE-8C57-D605DBDF0EC6} - System32\Tasks\Microsoft\Windows Live\SOXE\Extractor Definitions Update Task Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe ==================== Faulty Device Manager Devices ============= Name: HWiNFO32 Kernel Driver Description: HWiNFO32 Kernel Driver Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1} Manufacturer: Service: HWiNFO32 Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24) Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed. Devices stay in this state if they have been prepared for removal. After you remove the device, this error disappears.Remove the device, and this error should be resolved. ==================== Event log errors: ========================= Application errors: ================== Error: (08/21/2013 09:09:49 PM) (Source: Application Error) (User: ) Description: Name der fehlerhaften Anwendung: conhost.exe, Version: 6.1.7601.18015, Zeitstempel: 0x50b826c0 Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.18205, Zeitstempel: 0x51dba4e7 Ausnahmecode: 0xc0000005 Fehleroffset: 0x00000000000986ea ID des fehlerhaften Prozesses: 0x35b68 Startzeit der fehlerhaften Anwendung: 0xconhost.exe0 Pfad der fehlerhaften Anwendung: conhost.exe1 Pfad des fehlerhaften Moduls: conhost.exe2 Berichtskennung: conhost.exe3 Error: (08/21/2013 09:08:27 PM) (Source: Application Error) (User: ) Description: Name der fehlerhaften Anwendung: cmd.exe, Version: 6.1.7601.17514, Zeitstempel: 0x4ce798e5 Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.18205, Zeitstempel: 0x51dba4e7 Ausnahmecode: 0xc0000005 Fehleroffset: 0x00000000000986ea ID des fehlerhaften Prozesses: 0x35788 Startzeit der fehlerhaften Anwendung: 0xcmd.exe0 Pfad der fehlerhaften Anwendung: cmd.exe1 Pfad des fehlerhaften Moduls: cmd.exe2 Berichtskennung: cmd.exe3 Error: (08/21/2013 08:57:12 PM) (Source: Application Error) (User: ) Description: Name der fehlerhaften Anwendung: DllHost.exe, Version: 6.1.7600.16385, Zeitstempel: 0x4a5bca54 Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.18205, Zeitstempel: 0x51dba4e7 Ausnahmecode: 0xc0000005 Fehleroffset: 0x00000000000986ea ID des fehlerhaften Prozesses: 0x33420 Startzeit der fehlerhaften Anwendung: 0xDllHost.exe0 Pfad der fehlerhaften Anwendung: DllHost.exe1 Pfad des fehlerhaften Moduls: DllHost.exe2 Berichtskennung: DllHost.exe3 Error: (08/21/2013 08:05:36 PM) (Source: Application Error) (User: ) Description: Name der fehlerhaften Anwendung: cmd.exe, Version: 6.1.7601.17514, Zeitstempel: 0x4ce798e5 Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.18205, Zeitstempel: 0x51dba4e7 Ausnahmecode: 0xc0000005 Fehleroffset: 0x00000000000986ea ID des fehlerhaften Prozesses: 0x2c9d0 Startzeit der fehlerhaften Anwendung: 0xcmd.exe0 Pfad der fehlerhaften Anwendung: cmd.exe1 Pfad des fehlerhaften Moduls: cmd.exe2 Berichtskennung: cmd.exe3 Error: (08/21/2013 05:04:40 PM) (Source: Application Error) (User: ) Description: Aus einem der folgenden Gründe kann nicht auf die Datei "" zugegriffen werden: Es besteht ein Problem mit der Netzwerkverbindung, dem Datenträger mit der gespeicherten Datei bzw. den auf dem Computer installierten Speichertreibern, oder der Datenträger fehlt. Das Programm Kaspersky Anti-Virus wurde wegen dieses Fehlers geschlossen. Programm: Kaspersky Anti-Virus Datei: Der Fehlerwert ist im Abschnitt "Zusätzliche Dateien" aufgelistet. Benutzeraktion 1. Öffnen Sie die Datei erneut. Diese Situation ist eventuell ein temporäres Problem, das selbstständig behoben wird, wenn das Programm erneut ausgeführt wird. 2. Wenn Sie weiterhin nicht auf die Datei zugreifen können und - diese sich im Netzwerk befindet, dann sollte der Netzwerkadministrator überprüfen, dass kein Netzwerkproblem besteht und dass eine Verbindung mit dem Server hergestellt werden kann. - diese sich auf einem Wechseldatenträger, wie z. B. einer Diskette oder einer CD, befindet, überprüfen Sie, ob der Datenträger richtig in den Computer eingelegt ist. 3. Überprüfen und reparieren Sie das Dateisystem, indem Sie CHKDSK ausführen. Klicken Sie dazu im Menü "Start" auf "Ausführen", geben Sie CMD ein, und klicken Sie auf "OK". Geben Sie an der Eingabeaufforderung CHKDSK /F ein, und drücken Sie die EINGABETASTE. 4. Stellen Sie die Datei von einer Sicherungskopie wieder her, wenn das Problem weiterhin besteht. 5. Überprüfen Sie, ob andere Dateien auf demselben Datenträger geöffnet werden können. Falls dies nicht möglich ist, ist der Datenträger eventuell beschädigt. Wenden Sie sich an den Administrator oder den Hersteller der Computerhardware, um weitere Unterstützung zu erhalten, wenn es sich um eine Festplatte handelt. Zusätzliche Daten Fehlerwert: 00000000 Datenträgertyp: 0 Error: (08/21/2013 05:04:40 PM) (Source: Application Error) (User: ) Description: Name der fehlerhaften Anwendung: avp.exe, Version: 13.0.0.3370, Zeitstempel: 0x4fc7823d Name des fehlerhaften Moduls: ole32.dll, Version: 6.1.7601.17514, Zeitstempel: 0x4ce7b96f Ausnahmecode: 0xc000001d Fehleroffset: 0x000485fe ID des fehlerhaften Prozesses: 0x43b8 Startzeit der fehlerhaften Anwendung: 0xavp.exe0 Pfad der fehlerhaften Anwendung: avp.exe1 Pfad des fehlerhaften Moduls: avp.exe2 Berichtskennung: avp.exe3 Error: (08/20/2013 09:19:01 PM) (Source: Application Error) (User: ) Description: Name der fehlerhaften Anwendung: conhost.exe, Version: 6.1.7601.18015, Zeitstempel: 0x50b826c0 Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.18205, Zeitstempel: 0x51dba4e7 Ausnahmecode: 0xc0000005 Fehleroffset: 0x00000000000986ea ID des fehlerhaften Prozesses: 0x2acd0 Startzeit der fehlerhaften Anwendung: 0xconhost.exe0 Pfad der fehlerhaften Anwendung: conhost.exe1 Pfad des fehlerhaften Moduls: conhost.exe2 Berichtskennung: conhost.exe3 Error: (08/20/2013 03:32:11 PM) (Source: Application Error) (User: ) Description: Name der fehlerhaften Anwendung: MsSpellCheckingFacility.exe, Version: 6.2.9200.16521, Zeitstempel: 0x51207ddd Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.18205, Zeitstempel: 0x51dba4e7 Ausnahmecode: 0xc0000005 Fehleroffset: 0x00000000000986ea ID des fehlerhaften Prozesses: 0x14504 Startzeit der fehlerhaften Anwendung: 0xMsSpellCheckingFacility.exe0 Pfad der fehlerhaften Anwendung: MsSpellCheckingFacility.exe1 Pfad des fehlerhaften Moduls: MsSpellCheckingFacility.exe2 Berichtskennung: MsSpellCheckingFacility.exe3 Error: (08/19/2013 05:21:01 PM) (Source: Application Error) (User: ) Description: Name der fehlerhaften Anwendung: conhost.exe, Version: 6.1.7601.18015, Zeitstempel: 0x50b826c0 Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.18205, Zeitstempel: 0x51dba4e7 Ausnahmecode: 0xc0000005 Fehleroffset: 0x00000000000986ea ID des fehlerhaften Prozesses: 0x1751c Startzeit der fehlerhaften Anwendung: 0xconhost.exe0 Pfad der fehlerhaften Anwendung: conhost.exe1 Pfad des fehlerhaften Moduls: conhost.exe2 Berichtskennung: conhost.exe3 Error: (08/19/2013 02:28:54 PM) (Source: Application Error) (User: ) Description: Name der fehlerhaften Anwendung: DllHost.exe, Version: 6.1.7600.16385, Zeitstempel: 0x4a5bca54 Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.18205, Zeitstempel: 0x51dba4e7 Ausnahmecode: 0xc0000005 Fehleroffset: 0x00000000000986ea ID des fehlerhaften Prozesses: 0xb764 Startzeit der fehlerhaften Anwendung: 0xDllHost.exe0 Pfad der fehlerhaften Anwendung: DllHost.exe1 Pfad des fehlerhaften Moduls: DllHost.exe2 Berichtskennung: DllHost.exe3 System errors: ============= Error: (08/21/2013 08:57:28 PM) (Source: DCOM) (User: ) Description: {F9717507-6651-4EDB-BFF7-AE615179BCCF} Error: (08/21/2013 08:33:16 PM) (Source: DCOM) (User: SanDi-Läppi) Description: AnwendungsspezifischLokalAktivierung{D3DCB472-7261-43CE-924B-0704BD730D5F}{D3DCB472-7261-43CE-924B-0704BD730D5F}SanDi-LäppiSanDiS-1-5-21-570945151-475279447-1476598477-1000LocalHost (unter Verwendung von LRPC) Error: (08/21/2013 08:33:16 PM) (Source: DCOM) (User: SanDi-Läppi) Description: AnwendungsspezifischLokalAktivierung{145B4335-FE2A-4927-A040-7C35AD3180EF}{145B4335-FE2A-4927-A040-7C35AD3180EF}SanDi-LäppiSanDiS-1-5-21-570945151-475279447-1476598477-1000LocalHost (unter Verwendung von LRPC) Error: (08/21/2013 08:33:14 PM) (Source: DCOM) (User: SanDi-Läppi) Description: AnwendungsspezifischLokalAktivierung{B77C4C36-0154-4C52-AB49-FAA03837E47F}{EA022610-0748-4C24-B229-6C507EBDFDBB}SanDi-LäppiSanDiS-1-5-21-570945151-475279447-1476598477-1000LocalHost (unter Verwendung von LRPC) Error: (08/21/2013 05:05:14 PM) (Source: Service Control Manager) (User: ) Description: Der Dienst "Kaspersky Anti-Virus Service" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 10000 Millisekunden durchgeführt: Neustart des Diensts. Error: (08/20/2013 03:32:56 PM) (Source: DCOM) (User: ) Description: {7AB36653-1796-484B-BDFA-E74F1DB7C1DC} Error: (08/19/2013 02:20:31 PM) (Source: DCOM) (User: ) Description: {F9717507-6651-4EDB-BFF7-AE615179BCCF} Error: (08/18/2013 10:52:22 AM) (Source: Schannel) (User: NT-AUTORITÄT) Description: Es wurde eine schwerwiegende Warnung generiert: 40. Der interne Fehlerstatus lautet: 252. Error: (08/18/2013 10:52:08 AM) (Source: Schannel) (User: NT-AUTORITÄT) Description: Es wurde eine schwerwiegende Warnung generiert: 40. Der interne Fehlerstatus lautet: 252. Error: (08/18/2013 10:52:08 AM) (Source: Schannel) (User: NT-AUTORITÄT) Description: Es wurde eine schwerwiegende Warnung generiert: 40. Der interne Fehlerstatus lautet: 252. Microsoft Office Sessions: ========================= Error: (08/21/2013 09:09:49 PM) (Source: Application Error)(User: ) Description: conhost.exe6.1.7601.1801550b826c0ntdll.dll6.1.7601.1820551dba4e7c000000500000000000986ea35b6801ce9ea2019ee077C:\Windows\system32\conhost.exeC:\Windows\SYSTEM32\ntdll.dll3f659a7b-0a95-11e3-979a-00262dc73c8e Error: (08/21/2013 09:08:27 PM) (Source: Application Error)(User: ) Description: cmd.exe6.1.7601.175144ce798e5ntdll.dll6.1.7601.1820551dba4e7c000000500000000000986ea3578801ce9ea1d0ed8da7C:\Windows\system32\cmd.exeC:\Windows\SYSTEM32\ntdll.dll0efe1252-0a95-11e3-979a-00262dc73c8e Error: (08/21/2013 08:57:12 PM) (Source: Application Error)(User: ) Description: DllHost.exe6.1.7600.163854a5bca54ntdll.dll6.1.7601.1820551dba4e7c000000500000000000986ea3342001ce9ea03df36a1bC:\Windows\system32\DllHost.exeC:\Windows\SYSTEM32\ntdll.dll7c527c2f-0a93-11e3-979a-00262dc73c8e Error: (08/21/2013 08:05:36 PM) (Source: Application Error)(User: ) Description: cmd.exe6.1.7601.175144ce798e5ntdll.dll6.1.7601.1820551dba4e7c000000500000000000986ea2c9d001ce9e9907666439C:\Windows\system32\cmd.exeC:\Windows\SYSTEM32\ntdll.dll47282356-0a8c-11e3-979a-00262dc73c8e Error: (08/21/2013 05:04:40 PM) (Source: Application Error)(User: ) Description: Kaspersky Anti-Virus000000000 Error: (08/21/2013 05:04:40 PM) (Source: Application Error)(User: ) Description: avp.exe13.0.0.33704fc7823dole32.dll6.1.7601.175144ce7b96fc000001d000485fe43b801ce9bea016a690dC:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exeC:\Windows\syswow64\ole32.dll0026ce2a-0a73-11e3-979a-00262dc73c8e Error: (08/20/2013 09:19:01 PM) (Source: Application Error)(User: ) Description: conhost.exe6.1.7601.1801550b826c0ntdll.dll6.1.7601.1820551dba4e7c000000500000000000986ea2acd001ce9dda1fb6ae86C:\Windows\system32\conhost.exeC:\Windows\SYSTEM32\ntdll.dll5e6772af-09cd-11e3-979a-00262dc73c8e Error: (08/20/2013 03:32:11 PM) (Source: Application Error)(User: ) Description: MsSpellCheckingFacility.exe6.2.9200.1652151207dddntdll.dll6.1.7601.1820551dba4e7c000000500000000000986ea1450401ce9da9ac13bcb4C:\Windows\System32\MsSpellCheckingFacility.exeC:\Windows\SYSTEM32\ntdll.dlleabefad2-099c-11e3-979a-00262dc73c8e Error: (08/19/2013 05:21:01 PM) (Source: Application Error)(User: ) Description: conhost.exe6.1.7601.1801550b826c0ntdll.dll6.1.7601.1820551dba4e7c000000500000000000986ea1751c01ce9cefb5bbd913C:\Windows\system32\conhost.exeC:\Windows\SYSTEM32\ntdll.dllf4886a75-08e2-11e3-979a-00262dc73c8e Error: (08/19/2013 02:28:54 PM) (Source: Application Error)(User: ) Description: DllHost.exe6.1.7600.163854a5bca54ntdll.dll6.1.7601.1820551dba4e7c000000500000000000986eab76401ce9cd7aa387e82C:\Windows\system32\DllHost.exeC:\Windows\SYSTEM32\ntdll.dlle92d8748-08ca-11e3-979a-00262dc73c8e ==================== Memory info =========================== Percentage of memory in use: 51% Total physical RAM: 4003 MB Available physical RAM: 1958.72 MB Total Pagefile: 8004.19 MB Available Pagefile: 4914.48 MB Total Virtual: 8192 MB Available Virtual: 8191.83 MB ==================== Drives ================================ Drive c: (Boot) (Fixed) (Total:657.54 GB) (Free:538.51 GB) NTFS Drive d: (Recover) (Fixed) (Total:37.99 GB) (Free:16.02 GB) NTFS ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (Size: 699 GB) (Disk ID: 2BD2C32A) Partition 1: (Active) - (Size=101 MB) - (Type=07 NTFS) Partition 2: (Not Active) - (Size=658 GB) - (Type=07 NTFS) Partition 3: (Not Active) - (Size=40 GB) - (Type=OF Extended) Partition 4: (Not Active) - (Size=1 GB) - (Type=12) ==================== End Of Log ============================ |
| Themen zu Malwarebytes findet über 500 infizierte Dateien - Internetschadensfall Telekom Onlinespiel |
| anhang, auswertung, dateien, dienstag, ebenfalls, euro, experten, folgende, gekauft, hinweis, infizierte, interne, konto, logfile, malwarebytes, natürlich, plagegeister, recht, sandra, spielen, spyware, stelle, telekom, termin, zahlen, zugriff |
Baum-Darstellung