| |
| |||||||
Log-Analyse und Auswertung: Win7 Home: Browser weiterleitung zu ihavenet.comWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
03.09.2013, 16:49
| #1 |
| |  Win7 Home: Browser weiterleitung zu ihavenet.com Tach zusammen  Eine gute Freundin hat mir heut ihr Laptop übergeben mit der Bitte, mir mal anzusehen warum sie oftmals nicht den gewünschten Link öffnen kann, sondern auf "irgendwelche seltsame Seiten" stößt. Über die Googlesuche bin ich dann auf Euch gestoßen und habe mir bereits einige Threads zu diesem Thema durchgelesen. Da ich schon recht versiert in Sachen Computern bin, aber natürlich kein "Virenexperte", wende ich mich hiermit vertauensvoll an Euch. Kurze Symptombeschreibung: Via Firefox wird eine Googlesuche gestartet. Die Suchergebnisse werden angezeigt, jedoch öffnet sich im Browser beim Anklicken nicht die gewünschte Seite, sondern eine Adresse die immer mit "ihavenet.com/*********" beginnt. Einen Augenblick später wird man schon auf eine andere, rein zufällige Webseite weitergeleitet. Dies geschieht allerdings nicht immer. Meist klappen die ersten Versuche, erst der 4. 5. 6. Link wird umgeleitet. Die Symptome sind ja bekannt, aber die Beseitigung scheint sich ja immer etwas zu unterscheiden. Darum wende ich mich vertrauensvoll an Euch, liebe Trojaner-Board-Member Ich war so frei und habe schon ein paar Logs vorbereitet: FRST, GMER und OTL. Avira (free) hat leider nichts gefunden, auch Malwarebytes nicht  Aufgrund der Länge der Logs hänge ich die beiden von GMER und OTL als Anhang an. Über eure Hilfe würde ich mich sehr freuen  Nachfolgend die Logs (username wurde durch ****** ersetzt): FRST Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 03-09-2013 01
Ran by ****** (administrator) on ******-TOSH on 03-09-2013 16:54:28
Running from C:\Users\******\Downloads\Virensuche
Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 10
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(Cisco Systems, Inc.) C:\Program Files (x86)\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Eastman Kodak Company) C:\Program Files (x86)\Kodak\AiO\Center\EKAiOHostService.exe
(Eastman Kodak Company) C:\Program Files (x86)\Kodak\AiO\StatusMonitor\EKPrinterSDK.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe
(TOSHIBA Corporation) C:\Windows\system32\TODDSrv.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Microsoft Corporation) C:\Program Files\Microsoft IntelliPoint\ipoint.exe
(Eastman Kodak Company) C:\Windows\System32\spool\drivers\x64\3\EKIJ5000MUI.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(TOSHIBA) C:\Program Files (x86)\TOSHIBA\TOSHIBA Online Product Information\TOPI.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE
(Dropbox, Inc.) C:\Users\******\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(OpenOffice.org) C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe
(OpenOffice.org) C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(TOSHIBA CORPORATION) C:\Program Files (x86)\TOSHIBA\ConfigFree\NDSTray.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE
(TOSHIBA CORPORATION) C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSwMgr.exe
(Microsoft Corporation) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
(TOSHIBA CORPORATION) C:\Program Files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe
(TOSHIBA CORPORATION) C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Nero AG) c:\Program Files (x86)\Nero\Update\NASvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_8_800_94.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_8_800_94.exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [11776104 2011-02-11] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg] - C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2188904 2011-01-18] (Realtek Semiconductor)
HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2679592 2011-02-03] (Synaptics Incorporated)
HKLM\...\Run: [IntelliPoint] - C:\Program Files\Microsoft IntelliPoint\ipoint.exe [2417032 2011-08-01] (Microsoft Corporation)
HKLM\...\Run: [EKIJ5000StatusMonitor] - C:\Windows\system32\spool\DRIVERS\x64\3\EKIJ5000MUI.exe [3182080 2012-10-08] (Eastman Kodak Company)
HKLM\...\Policies\Explorer: [NoDrives] 0
HKCU\...\Run: [TOPI.EXE] - C:\Program Files (x86)\TOSHIBA\TOSHIBA Online Product Information\topi.exe [845176 2011-02-18] (TOSHIBA)
HKCU\...\Run: [OfficeSyncProcess] - C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE [719672 2012-01-20] (Microsoft Corporation)
HKCU\...\Policies\Explorer: [NoDrives] 0
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe [38112 2012-12-18] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [NBAgent] - c:\Program Files (x86)\Nero\Nero 10\Nero BackItUp\NBAgent.exe [1406248 2011-01-07] (Nero AG)
HKLM-x32\...\Run: [SVPWUTIL] - C:\Program Files (x86)\TOSHIBA\Utilities\SVPWUTIL.exe [532480 2010-11-09] (TOSHIBA)
HKLM-x32\...\Run: [BCSSync] - C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [91520 2010-03-13] (Microsoft Corporation)
HKLM-x32\...\Run: [QuickTime Task] - C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2010-03-17] (Apple Inc.)
HKLM-x32\...\Run: [Nikon Message Center 2] - C:\Program Files (x86)\Nikon\Nikon Message Center 2\NkMC2.exe [619008 2010-05-25] (Nikon Corporation)
HKLM-x32\...\Run: [] - [x]
HKLM-x32\...\Run: [EKStatusMonitor] - C:\Program Files (x86)\Kodak\AiO\StatusMonitor\EKStatusMonitor.exe [2844608 2012-10-15] (Eastman Kodak Company)
HKLM-x32\...\Run: [EKIJ5000StatusMonitor] - C:\Windows\system32\spool\DRIVERS\x64\3\EKIJ5000MUI.EXE [3182080 2012-10-08] (Eastman Kodak Company)
HKLM-x32\...\Run: [avgnt] - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [345144 2013-07-01] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [Conime] - %windir%\system32\conime.exe [x]
HKU\Default\...\Run: [TOPI.EXE] - C:\Program Files (x86)\TOSHIBA\TOSHIBA Online Product Information\topi.exe [845176 2011-02-18] (TOSHIBA)
HKU\Default User\...\Run: [TOPI.EXE] - C:\Program Files (x86)\TOSHIBA\TOSHIBA Online Product Information\topi.exe [845176 2011-02-18] (TOSHIBA)
Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk
ShortcutTarget: TRDCReminder.lnk -> C:\Program Files (x86)\TOSHIBA\TRDCReminder\TRDCReminder.exe (TOSHIBA Europe)
Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk
ShortcutTarget: TRDCReminder.lnk -> C:\Program Files (x86)\TOSHIBA\TRDCReminder\TRDCReminder.exe (TOSHIBA Europe)
Startup: C:\Users\******\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\******\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
Startup: C:\Users\******\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk
ShortcutTarget: OpenOffice.org 3.3.lnk -> C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://toshiba.msn.com
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://toshiba.eu/places?touch=4&cat=1
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKCU - {12995981-2FD6-4BEE-9FB0-B1674E8E5E7E} URL = hxxp://websearch.4shared.com/results?q={searchTerms}
SearchScopes: HKCU - {2E0A800A-A0FA-4392-A8C9-A13C3F1F4544} URL = hxxp://websearch.ask.com/redirect?client=ie&tb=AVR-3&o=APN10395&src=kw&q={searchTerms}&locale=&apn_ptnrs=^ABT&apn_dtid=^YYYYYY^YY^DE&apn_uid=2c3d4c04-9934-422f-b080-4560dfff03ea&apn_sauid=200FE585-4746-4264-A9B8-F505307D1E55
SearchScopes: HKCU - {4E24C5D0-0381-4079-ABC4-457DE43D9034} URL = hxxp://rover.ebay.com/rover/1/707-44556-9400-9/4?satitle={searchTerms}
SearchScopes: HKCU - {DC4691E4-6EDC-4694-B09E-D44CA5BBF1D2} URL = hxxp://www.amazon.de/gp/search?ie=UTF8&keywords={searchTerms}&tag=tochibade-win7-ie-search-21&index=blended&linkCode=ur2
BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: 4sharedExt - {95525BD9-6136-4A26-8263-9CEE295D442D} - C:\Program Files (x86)\4shared Toolbar\4sharedExt64.dll No File
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~4\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Windows Live ID-Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~4\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: TOSHIBA Media Controller Plug-in - {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll (<TOSHIBA>)
Toolbar: HKLM - 4shared Toolbar - {95080B13-AA71-4EE8-B951-7E98221E1ED5} - C:\Program Files (x86)\4shared Toolbar\4sharedbar64.dll No File
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
FireFox:
========
FF ProfilePath: C:\Users\******\AppData\Roaming\Mozilla\Firefox\Profiles\ctwlq0bz.default
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_8_800_94.dll ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_94.dll ()
FF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @java.com/DTPlugin,version=10.7.2 - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin - C:\Program Files (x86)\Java\jre7\bin\new_plugin\npjp2.dll No File
FF Plugin-x32: @java.com/JavaPlugin,version=10.7.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MICROS~4\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 - C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll ()
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @www.flatcast.com/FlatViewer 5.2 - C:\PROGRA~2\MOZILL~1\plugins\NpFv530.dll (1 mal 1 Software GmbH)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
==================== Services (Whitelisted) =================
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [84024 2013-07-01] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [108088 2013-07-01] (Avira Operations GmbH & Co. KG)
R2 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE [589368 2013-07-01] (Avira Operations GmbH & Co. KG)
S4 IconMan_R; C:\Program Files (x86)\Realtek\Realtek USB 2.0 Card Reader\RIconMan.exe [1809920 2010-08-04] (Realsil Microelectronics Inc.)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
S3 TemproMonitoringService; C:\Program Files (x86)\Toshiba TEMPRO\TemproSvc.exe [112080 2011-02-10] (Toshiba Europe GmbH)
==================== Drivers (Whitelisted) ====================
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [100712 2013-03-28] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [130016 2013-03-28] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-03-28] (Avira Operations GmbH & Co. KG)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
S3 catchme; \??\C:\ComboFix\catchme.sys [x]
========================== Drivers MD5 =======================
C:\Windows\system32\drivers\1394ohci.sys ==> MD5 is legit
C:\Windows\System32\drivers\ACPI.sys ==> MD5 is legit
C:\Windows\system32\drivers\acpipmi.sys ==> MD5 is legit
C:\Windows\system32\drivers\adp94xx.sys ==> MD5 is legit
C:\Windows\system32\drivers\adpahci.sys ==> MD5 is legit
C:\Windows\system32\drivers\adpu320.sys ==> MD5 is legit
C:\Windows\system32\drivers\afd.sys 1C7857B62DE5994A75B054A9FD4C3825
C:\Windows\system32\drivers\agp440.sys ==> MD5 is legit
C:\Windows\system32\drivers\aliide.sys ==> MD5 is legit
C:\Windows\system32\drivers\amdide.sys ==> MD5 is legit
C:\Windows\system32\drivers\amdk8.sys ==> MD5 is legit
C:\Windows\system32\drivers\amdppm.sys ==> MD5 is legit
C:\Windows\system32\drivers\amdsata.sys D4121AE6D0C0E7E13AA221AA57EF2D49
C:\Windows\system32\drivers\amdsbs.sys ==> MD5 is legit
C:\Windows\System32\drivers\amdxata.sys 540DAF1CEA6094886D72126FD7C33048
C:\Windows\system32\drivers\appid.sys ==> MD5 is legit
C:\Windows\system32\drivers\arc.sys ==> MD5 is legit
C:\Windows\system32\drivers\arcsas.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\asyncmac.sys ==> MD5 is legit
C:\Windows\System32\drivers\atapi.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\athrx.sys E857EEE6B92AAA473EBB3465ADD8F7E7
C:\Windows\System32\DRIVERS\avgntflt.sys 09E6069EF94B345061B4BD3CEBD974C8
C:\Windows\System32\DRIVERS\avipbb.sys 488486DAD09A5B6C6DBB8B990A8B2307
C:\Windows\System32\DRIVERS\avkmgr.sys 490FA25161BF3E51993EB724ECF0ACEB
C:\Windows\system32\drivers\bxvbda.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\b57nd60a.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Beep.sys ==> MD5 is legit
C:\Windows\system32\drivers\blbdrive.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\bowser.sys ==> MD5 is legit
C:\Windows\system32\drivers\BrFiltLo.sys ==> MD5 is legit
C:\Windows\system32\drivers\BrFiltUp.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\bridge.sys 5C2F352A4E961D72518261257AAE204B
C:\Windows\System32\Drivers\Brserid.sys ==> MD5 is legit
C:\Windows\System32\Drivers\BrSerWdm.sys ==> MD5 is legit
C:\Windows\System32\Drivers\BrUsbMdm.sys ==> MD5 is legit
C:\Windows\System32\Drivers\BrUsbSer.sys ==> MD5 is legit
C:\Windows\system32\drivers\bthmodem.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\cdfs.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\cdrom.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\CeKbFilter.sys A965B206921C55F2D1481789D609B711
C:\Windows\system32\drivers\circlass.sys ==> MD5 is legit
C:\Windows\System32\CLFS.sys ==> MD5 is legit
C:\Windows\system32\drivers\CmBatt.sys ==> MD5 is legit
C:\Windows\system32\drivers\cmdide.sys ==> MD5 is legit
C:\Windows\System32\Drivers\cng.sys 9AC4F97C2D3E93367E2148EA940CD2CD
C:\Windows\System32\drivers\compbatt.sys ==> MD5 is legit
C:\Windows\system32\drivers\CompositeBus.sys ==> MD5 is legit
C:\Windows\system32\drivers\crcdisk.sys ==> MD5 is legit
C:\Windows\System32\Drivers\dfsc.sys ==> MD5 is legit
C:\Windows\System32\drivers\discache.sys ==> MD5 is legit
C:\Windows\System32\drivers\disk.sys ==> MD5 is legit
C:\Windows\System32\drivers\drmkaud.sys ==> MD5 is legit
C:\Windows\System32\drivers\dxgkrnl.sys AF2E16242AA723F68F461B6EAE2EAD3D
C:\Windows\system32\drivers\evbda.sys ==> MD5 is legit
C:\Windows\system32\drivers\elxstor.sys ==> MD5 is legit
C:\Windows\system32\drivers\errdev.sys ==> MD5 is legit
C:\Windows\System32\Drivers\exfat.sys ==> MD5 is legit
C:\Windows\System32\Drivers\fastfat.sys ==> MD5 is legit
C:\Windows\system32\drivers\fdc.sys ==> MD5 is legit
C:\Windows\System32\drivers\fileinfo.sys ==> MD5 is legit
C:\Windows\System32\drivers\filetrace.sys ==> MD5 is legit
C:\Windows\system32\drivers\flpydisk.sys ==> MD5 is legit
C:\Windows\System32\drivers\fltmgr.sys ==> MD5 is legit
C:\Windows\System32\drivers\FsDepends.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Fs_Rec.sys 6BD9295CC032DD3077C671FCCF579A7B
C:\Windows\System32\DRIVERS\fvevol.sys 8F6322049018354F45F05A2FD2D4E5E0
C:\Windows\system32\drivers\gagp30kx.sys ==> MD5 is legit
C:\Windows\system32\drivers\hcw85cir.sys ==> MD5 is legit
C:\Windows\System32\drivers\HdAudio.sys 975761C778E33CD22498059B91E7373A
C:\Windows\system32\drivers\HDAudBus.sys ==> MD5 is legit
C:\Windows\system32\drivers\HidBatt.sys ==> MD5 is legit
C:\Windows\system32\drivers\hidbth.sys ==> MD5 is legit
C:\Windows\system32\drivers\hidir.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\hidusb.sys ==> MD5 is legit
C:\Windows\system32\drivers\HpSAMD.sys ==> MD5 is legit
C:\Windows\System32\drivers\HTTP.sys ==> MD5 is legit
C:\Windows\System32\drivers\hwpolicy.sys ==> MD5 is legit
C:\Windows\system32\drivers\i8042prt.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\iaStor.sys D469B77687E12FE43E344806740B624D
C:\Windows\system32\drivers\iaStorV.sys AAAF44DB3BD0B9D1FB6969B23ECC8366
C:\Windows\System32\DRIVERS\igdkmd64.sys 370C2A8629B30F910F740387795DDC6F
C:\Windows\system32\drivers\iirsp.sys ==> MD5 is legit
C:\Windows\System32\drivers\RTKVHD64.sys 2CC2F7C5990BB76767038F4B16D17A56
C:\Windows\system32\drivers\intelide.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\intelppm.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ipfltdrv.sys ==> MD5 is legit
C:\Windows\system32\drivers\IPMIDrv.sys ==> MD5 is legit
C:\Windows\System32\drivers\ipnat.sys ==> MD5 is legit
C:\Windows\System32\drivers\irenum.sys ==> MD5 is legit
C:\Windows\system32\drivers\isapnp.sys ==> MD5 is legit
C:\Windows\system32\drivers\msiscsi.sys ==> MD5 is legit
C:\Windows\system32\drivers\kbdclass.sys ==> MD5 is legit
C:\Windows\system32\drivers\kbdhid.sys ==> MD5 is legit
C:\Windows\System32\Drivers\ksecdd.sys 97A7070AEA4C058B6418519E869A63B4
C:\Windows\System32\Drivers\ksecpkg.sys 26C43A7C2862447EC59DEDA188D1DA07
C:\Windows\system32\drivers\ksthunk.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\lltdio.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\LPCFilter.sys 2825A71E7501CB33B3B9F856610C729D
C:\Windows\system32\drivers\lsi_fc.sys ==> MD5 is legit
C:\Windows\system32\drivers\lsi_sas.sys ==> MD5 is legit
C:\Windows\system32\drivers\lsi_sas2.sys ==> MD5 is legit
C:\Windows\system32\drivers\lsi_scsi.sys ==> MD5 is legit
C:\Windows\system32\drivers\luafv.sys ==> MD5 is legit
C:\Windows\system32\drivers\mbam.sys 0BB97D43299910CBFBA59C461B99B910
C:\Windows\system32\drivers\mbam.sys 0BB97D43299910CBFBA59C461B99B910
C:\Windows\system32\drivers\megasas.sys ==> MD5 is legit
C:\Windows\system32\drivers\MegaSR.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\HECIx64.sys A6518DCC42F7A6E999BB3BEA8FD87567
C:\Windows\System32\drivers\modem.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\monitor.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\mouclass.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\mouhid.sys ==> MD5 is legit
C:\Windows\System32\drivers\mountmgr.sys ==> MD5 is legit
C:\Windows\system32\drivers\mpio.sys ==> MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys ==> MD5 is legit
C:\Windows\system32\drivers\mrxdav.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\mrxsmb.sys A5D9106A73DC88564C825D317CAC68AC
C:\Windows\System32\DRIVERS\mrxsmb10.sys D711B3C1D5F42C0C2415687BE09FC163
C:\Windows\System32\DRIVERS\mrxsmb20.sys 9423E9D355C8D303E76B8CFBD8A5C30C
C:\Windows\System32\DRIVERS\msahci.sys ==> MD5 is legit
C:\Windows\system32\drivers\msdsm.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Msfs.sys ==> MD5 is legit
C:\Windows\System32\drivers\mshidkmdf.sys ==> MD5 is legit
C:\Windows\System32\drivers\msisadrv.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSKSSRV.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSPCLOCK.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSPQM.sys ==> MD5 is legit
C:\Windows\System32\Drivers\MsRPC.sys ==> MD5 is legit
C:\Windows\system32\drivers\mssmbios.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSTEE.sys ==> MD5 is legit
C:\Windows\system32\drivers\MTConfig.sys ==> MD5 is legit
C:\Windows\System32\Drivers\mup.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\nwifi.sys ==> MD5 is legit
C:\Windows\System32\drivers\ndis.sys 760E38053BF56E501D562B70AD796B88
C:\Windows\System32\DRIVERS\ndiscap.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ndistapi.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ndisuio.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ndiswan.sys ==> MD5 is legit
C:\Windows\System32\Drivers\NDProxy.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\netbios.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\netbt.sys ==> MD5 is legit
C:\Windows\system32\drivers\nfrd960.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Npfs.sys ==> MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Ntfs.sys B98F8C6E31CD07B2E6F71F7F648E38C0
C:\Windows\System32\Drivers\Null.sys ==> MD5 is legit
C:\Windows\system32\drivers\nvraid.sys 0A92CB65770442ED0DC44834632F66AD
C:\Windows\system32\drivers\nvstor.sys DAB0E87525C10052BF65F06152F37E4A
C:\Windows\system32\drivers\nv_agp.sys ==> MD5 is legit
C:\Windows\system32\drivers\ohci1394.sys ==> MD5 is legit
C:\Windows\system32\drivers\parport.sys ==> MD5 is legit
C:\Windows\System32\drivers\partmgr.sys E9766131EEADE40A27DC27D2D68FBA9C
C:\Windows\System32\drivers\pci.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\pciide.sys ==> MD5 is legit
C:\Windows\system32\drivers\pcmcia.sys ==> MD5 is legit
C:\Windows\System32\drivers\pcw.sys ==> MD5 is legit
C:\Windows\System32\drivers\peauth.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\pgeffect.sys 91111CEBBDE8015E822C46120ED9537C
C:\Windows\System32\DRIVERS\point64.sys 4F0878FD62D5F7444C5F1C4C66D9D293
C:\Windows\System32\DRIVERS\raspptp.sys ==> MD5 is legit
C:\Windows\system32\drivers\processr.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\pacer.sys ==> MD5 is legit
C:\Windows\system32\drivers\ql2300.sys ==> MD5 is legit
C:\Windows\system32\drivers\ql40xx.sys ==> MD5 is legit
C:\Windows\system32\drivers\qwavedrv.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rasacd.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\AgileVpn.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rasl2tp.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\raspppoe.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rassstp.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rdbss.sys ==> MD5 is legit
C:\Windows\system32\drivers\rdpbus.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\RDPCDD.sys ==> MD5 is legit
C:\Windows\System32\drivers\rdpencdd.sys ==> MD5 is legit
C:\Windows\System32\drivers\rdprefmp.sys ==> MD5 is legit
C:\Windows\System32\Drivers\RDPWD.sys E61608AA35E98999AF9AAEEEA6114B0A
C:\Windows\System32\drivers\rdyboost.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rspndr.sys ==> MD5 is legit
C:\Windows\System32\Drivers\RtsUStor.sys 9BEB5F18A418FF70659CE2E356829568
C:\Windows\System32\DRIVERS\Rt64win7.sys 6D3C7E7D82D3DC92DC2A8B0DF9F20F8A
C:\Windows\System32\DRIVERS\rtl8192Ce.sys 64FDF4FE366CA42DA2B7D9D424B6E39B
C:\Windows\system32\drivers\sbp2port.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\scfilter.sys ==> MD5 is legit
C:\Windows\System32\Drivers\secdrv.sys ==> MD5 is legit
C:\Windows\system32\drivers\serenum.sys ==> MD5 is legit
C:\Windows\system32\drivers\serial.sys ==> MD5 is legit
C:\Windows\system32\drivers\sermouse.sys ==> MD5 is legit
C:\Windows\system32\drivers\sffdisk.sys ==> MD5 is legit
C:\Windows\system32\drivers\sffp_mmc.sys ==> MD5 is legit
C:\Windows\system32\drivers\sffp_sd.sys ==> MD5 is legit
C:\Windows\system32\drivers\sfloppy.sys ==> MD5 is legit
C:\Windows\system32\drivers\SiSRaid2.sys ==> MD5 is legit
C:\Windows\system32\drivers\sisraid4.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\smb.sys ==> MD5 is legit
C:\Windows\System32\Drivers\spldr.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\srv.sys 441FBA48BFF01FDB9D5969EBC1838F0B
C:\Windows\System32\DRIVERS\srv2.sys B4ADEBBF5E3677CCE9651E0F01F7CC28
C:\Windows\System32\DRIVERS\srvnet.sys 27E461F0BE5BFF5FC737328F749538C3
C:\Windows\System32\DRIVERS\sscdbus.sys ED161B91FDF7EAA39469D72D463D5F4E
C:\Windows\System32\DRIVERS\sscdmdfl.sys 4CB09E77593DBD8D7AF33B37375CA715
C:\Windows\System32\DRIVERS\sscdmdm.sys C7B4CF53497A6E5363F3439427663882
C:\Windows\system32\drivers\stexstor.sys ==> MD5 is legit
C:\Windows\system32\drivers\swenum.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\SynTP.sys F5B46DF59FEAA48A442AED7EEB754D4B
C:\Windows\System32\drivers\tcpip.sys DB74544B75566C974815E79A62433F29
C:\Windows\System32\DRIVERS\tcpip.sys DB74544B75566C974815E79A62433F29
C:\Windows\System32\drivers\tcpipreg.sys 1B16D0BD9841794A6E0CDE0CEF744ABC
C:\Windows\System32\DRIVERS\tdcmdpst.sys FD542B661BD22FA69CA789AD0AC58C29
C:\Windows\System32\drivers\tdpipe.sys ==> MD5 is legit
C:\Windows\System32\drivers\tdtcp.sys 51C5ECEB1CDEE2468A1748BE550CFBC8
C:\Windows\System32\DRIVERS\tdx.sys ==> MD5 is legit
C:\Windows\system32\drivers\termdd.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\tos_sps64.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\tssecsrv.sys 4CE278FC9671BA81A138D70823FCAA09
C:\Windows\System32\drivers\tsusbflt.sys ==> MD5 is legit
C:\Windows\system32\drivers\TsUsbGD.sys 9CC2CCAE8A84820EAECB886D477CBCB8
C:\Windows\System32\DRIVERS\tunnel.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\TVALZ_O.SYS ==> MD5 is legit
C:\Windows\system32\drivers\uagp35.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\udfs.sys ==> MD5 is legit
C:\Windows\system32\drivers\uliagpkx.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\umbus.sys ==> MD5 is legit
C:\Windows\system32\drivers\umpass.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\usbccgp.sys 6F1A3157A1C89435352CEB543CDB359C
C:\Windows\system32\drivers\usbcir.sys ==> MD5 is legit
C:\Windows\system32\drivers\usbehci.sys C025055FE7B87701EB042095DF1A2D7B
C:\Windows\System32\DRIVERS\usbhub.sys 287C6C9410B111B68B52CA298F7B8C24
C:\Windows\system32\drivers\usbohci.sys 9840FC418B4CBD632D3D0A667A725C31
C:\Windows\System32\DRIVERS\usbprint.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\usbscan.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\USBSTOR.SYS FED648B01349A3C8395A5169DB5FB7D6
C:\Windows\system32\drivers\usbuhci.sys 62069A34518BCF9C1FD9E74B3F6DB7CD
C:\Windows\System32\Drivers\usbvideo.sys 454800C2BC7F3927CE030141EE4F4C50
C:\Windows\System32\drivers\vdrvroot.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\vgapnp.sys ==> MD5 is legit
C:\Windows\System32\drivers\vga.sys ==> MD5 is legit
C:\Windows\system32\drivers\vhdmp.sys ==> MD5 is legit
C:\Windows\system32\drivers\viaide.sys ==> MD5 is legit
C:\Windows\System32\drivers\volmgr.sys ==> MD5 is legit
C:\Windows\System32\drivers\volmgrx.sys ==> MD5 is legit
C:\Windows\System32\drivers\volsnap.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\vpnva64.sys 13E6D95E7AC67ABB7A1196557EF8849F
C:\Windows\system32\drivers\vsmraid.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\vwifibus.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\vwififlt.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\vwifimp.sys ==> MD5 is legit
C:\Windows\system32\drivers\wacompen.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\wanarp.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\wanarp.sys ==> MD5 is legit
C:\Windows\system32\drivers\wd.sys ==> MD5 is legit
C:\Windows\System32\drivers\Wdf01000.sys 442783E2CB0DA19873B7A63833FF4CB4
C:\Windows\System32\DRIVERS\wfplwf.sys ==> MD5 is legit
C:\Windows\System32\drivers\wimmount.sys ==> MD5 is legit
C:\Windows\SysWow64\drivers\wimmount.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\WinUsb.sys FE88B288356E7B47B74B13372ADD906D
C:\Windows\system32\drivers\wmiacpi.sys ==> MD5 is legit
C:\Windows\system32\drivers\ws2ifsl.sys ==> MD5 is legit
C:\Windows\System32\drivers\WudfPf.sys AB886378EEB55C6C75B4F2D14B6C869F
C:\Windows\System32\DRIVERS\WUDFRd.sys DDA4CAF29D8C0A297F886BFE561E6659
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2013-09-03 16:52 - 2013-09-03 16:53 - 00000000 ____D C:\Users\******\Downloads\Virensuche
2013-08-30 19:29 - 2013-08-30 19:29 - 00000000 ____D C:\Users\******\AppData\Local\Nero_AG
2013-08-30 19:29 - 2013-08-30 19:29 - 00000000 ____D C:\Users\******\AppData\Local\Nero
2013-08-17 23:20 - 2013-08-18 13:15 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-08-16 22:31 - 2013-08-16 22:31 - 00030876 _____ C:\Users\******\Desktop\FRST.txt
2013-08-16 22:03 - 2013-08-16 22:03 - 00001116 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2013-08-16 22:03 - 2013-08-16 22:03 - 00000000 ____D C:\Users\******\AppData\Roaming\Malwarebytes
2013-08-16 22:03 - 2013-08-16 22:03 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-08-16 22:03 - 2013-08-16 22:03 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-08-16 22:03 - 2013-04-04 14:50 - 00025928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2013-08-16 21:27 - 2013-08-16 21:27 - 00000000 ____D C:\Users\******\AppData\Roaming\WinRAR
2013-08-16 21:27 - 2013-08-16 21:27 - 00000000 ____D C:\Users\******\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
2013-08-16 21:27 - 2013-08-16 21:27 - 00000000 ____D C:\Program Files\WinRAR
2013-08-16 20:57 - 2013-08-16 21:05 - 00000000 ____D C:\Windows\erdnt
2013-08-16 20:36 - 2013-08-16 20:36 - 00023090 _____ C:\Users\******\Desktop\Addition.txt
2013-08-16 20:27 - 2013-08-16 17:12 - 00000048 _____ C:\Users\******\Desktop\Kasp pure.txt
2013-08-16 20:27 - 2013-08-12 19:57 - 00000245 _____ C:\Users\******\Desktop\Lars******Virus.txt
2013-08-16 20:27 - 2013-08-09 17:14 - 188758520 _____ (Kaspersky Lab) C:\Users\******\Desktop\pure13.0.2.558de-de.exe
2013-08-15 20:44 - 2013-07-26 07:13 - 02241024 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-08-15 20:44 - 2013-07-26 07:13 - 01365504 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-08-15 20:44 - 2013-07-26 07:13 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-08-15 20:44 - 2013-07-26 07:12 - 19239424 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-08-15 20:44 - 2013-07-26 07:12 - 15405056 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-08-15 20:44 - 2013-07-26 07:12 - 03958784 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-08-15 20:44 - 2013-07-26 07:12 - 02647040 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-08-15 20:44 - 2013-07-26 07:12 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-08-15 20:44 - 2013-07-26 07:12 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-08-15 20:44 - 2013-07-26 07:12 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-08-15 20:44 - 2013-07-26 07:12 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2013-08-15 20:44 - 2013-07-26 07:12 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-08-15 20:44 - 2013-07-26 07:12 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-08-15 20:44 - 2013-07-26 07:12 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-08-15 20:44 - 2013-07-26 05:35 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-08-15 20:44 - 2013-07-26 05:13 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-08-15 20:44 - 2013-07-26 05:13 - 01141248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-08-15 20:44 - 2013-07-26 05:12 - 14329344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-08-15 20:44 - 2013-07-26 05:12 - 02877440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-08-15 20:44 - 2013-07-26 05:12 - 02048512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-08-15 20:44 - 2013-07-26 05:12 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-08-15 20:44 - 2013-07-26 05:12 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-08-15 20:44 - 2013-07-26 05:12 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-08-15 20:44 - 2013-07-26 05:12 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-08-15 20:44 - 2013-07-26 05:12 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-08-15 20:44 - 2013-07-26 05:12 - 00039936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-08-15 20:44 - 2013-07-26 05:11 - 13761024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-08-15 20:44 - 2013-07-26 05:11 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-08-15 20:44 - 2013-07-26 04:49 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-08-15 20:44 - 2013-07-26 04:39 - 00089600 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2013-08-15 20:44 - 2013-07-26 03:59 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-08-15 06:32 - 2013-07-25 11:25 - 01888768 _____ (Microsoft Corporation) C:\Windows\system32\WMVDECOD.DLL
2013-08-15 06:32 - 2013-07-25 10:57 - 01620992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVDECOD.DLL
2013-08-15 06:32 - 2013-07-19 03:58 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2013-08-15 06:32 - 2013-07-19 03:41 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2013-08-15 06:32 - 2013-07-09 08:03 - 05550528 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2013-08-15 06:32 - 2013-07-09 07:54 - 01732032 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2013-08-15 06:32 - 2013-07-09 07:53 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2013-08-15 06:32 - 2013-07-09 07:52 - 00224256 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
2013-08-15 06:32 - 2013-07-09 07:51 - 01217024 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2013-08-15 06:32 - 2013-07-09 07:46 - 01472512 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2013-08-15 06:32 - 2013-07-09 07:46 - 00184320 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
2013-08-15 06:32 - 2013-07-09 07:46 - 00139776 _____ (Microsoft Corporation) C:\Windows\system32\cryptnet.dll
2013-08-15 06:32 - 2013-07-09 07:03 - 03968960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2013-08-15 06:32 - 2013-07-09 07:03 - 03913664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2013-08-15 06:32 - 2013-07-09 06:53 - 01292192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2013-08-15 06:32 - 2013-07-09 06:52 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2013-08-15 06:32 - 2013-07-09 06:52 - 00175104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
2013-08-15 06:32 - 2013-07-09 06:52 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2013-08-15 06:32 - 2013-07-09 06:46 - 01166848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2013-08-15 06:32 - 2013-07-09 06:46 - 00140288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2013-08-15 06:32 - 2013-07-09 06:46 - 00103936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
2013-08-15 06:32 - 2013-07-09 04:49 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2013-08-15 06:32 - 2013-07-09 04:49 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2013-08-15 06:32 - 2013-07-09 04:49 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2013-08-15 06:32 - 2013-07-09 04:49 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2013-08-15 06:32 - 2013-07-06 08:03 - 01910208 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2013-08-15 06:32 - 2013-06-15 06:32 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tssecsrv.sys
2013-08-14 14:20 - 2013-08-14 14:20 - 00000000 ____D C:\Users\******\AppData\Local\{FD95CC53-8929-4C2E-A08B-287C4A9E8A93}
2013-08-12 17:43 - 2013-08-12 17:43 - 00000000 ____D C:\Windows\pss
2013-08-12 17:34 - 2013-08-12 17:34 - 00001099 _____ C:\AdwCleaner[S2].txt
2013-08-12 17:34 - 2013-08-12 17:34 - 00001036 _____ C:\AdwCleaner[R3].txt
2013-08-12 17:16 - 2013-08-12 17:16 - 00000977 _____ C:\AdwCleaner[R2].txt
2013-08-12 17:01 - 2013-08-12 17:01 - 00005328 _____ C:\AdwCleaner[S1].txt
2013-08-12 17:00 - 2013-08-12 17:00 - 00666633 _____ C:\Users\******\Downloads\adwcleaner.exe
2013-08-12 17:00 - 2013-08-12 17:00 - 00005266 _____ C:\AdwCleaner[R1].txt
2013-08-08 22:26 - 2013-08-08 22:27 - 00000000 ____D C:\Users\******\AppData\Local\{7E7E285D-C016-4D71-9214-848479C4AC70}
2013-08-08 21:48 - 2013-08-09 21:06 - 00031744 _____ C:\Users\******\Documents\Fußballtipp 2013.xls
==================== One Month Modified Files and Folders =======
2013-09-03 16:53 - 2013-09-03 16:52 - 00000000 ____D C:\Users\******\Downloads\Virensuche
2013-09-03 16:21 - 2011-11-20 13:03 - 00001110 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-09-03 16:16 - 2013-01-16 09:34 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-09-03 15:56 - 2009-07-14 06:45 - 00024912 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-09-03 15:56 - 2009-07-14 06:45 - 00024912 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-09-03 15:54 - 2011-07-13 05:46 - 01583108 _____ C:\Windows\WindowsUpdate.log
2013-09-03 15:51 - 2009-07-14 05:20 - 00000000 __RHD C:\Users\Public\Libraries
2013-09-03 15:50 - 2012-04-14 11:39 - 00000000 ___RD C:\Users\******\Dropbox
2013-09-03 15:50 - 2012-04-14 11:37 - 00000000 ____D C:\Users\******\AppData\Roaming\Dropbox
2013-09-03 15:50 - 2011-10-23 19:09 - 00000000 ____D C:\ProgramData\Kodak
2013-09-03 15:48 - 2011-11-20 13:03 - 00001106 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-09-03 15:48 - 2009-07-14 07:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-09-03 15:48 - 2009-07-14 06:51 - 00139064 _____ C:\Windows\setupact.log
2013-08-30 19:29 - 2013-08-30 19:29 - 00000000 ____D C:\Users\******\AppData\Local\Nero_AG
2013-08-30 19:29 - 2013-08-30 19:29 - 00000000 ____D C:\Users\******\AppData\Local\Nero
2013-08-30 17:38 - 2011-02-11 10:21 - 00654400 _____ C:\Windows\system32\perfh007.dat
2013-08-30 17:38 - 2011-02-11 10:21 - 00130240 _____ C:\Windows\system32\perfc007.dat
2013-08-30 17:38 - 2009-07-14 07:13 - 01498742 _____ C:\Windows\system32\PerfStringBackup.INI
2013-08-30 14:06 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\rescache
2013-08-30 11:02 - 2011-11-20 13:19 - 00000000 ____D C:\Users\******\Documents\Nähen
2013-08-30 11:02 - 2011-11-20 13:19 - 00000000 ____D C:\Users\******\Documents\Häkeln
2013-08-28 14:34 - 2011-10-27 15:18 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-08-21 21:40 - 2012-08-11 12:31 - 00001137 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk
2013-08-21 13:16 - 2013-01-16 09:34 - 00692104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-08-21 13:16 - 2013-01-16 09:34 - 00003822 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2013-08-21 13:16 - 2011-10-19 22:27 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-08-19 14:13 - 2009-07-14 07:08 - 00032632 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2013-08-19 12:09 - 2013-06-27 13:16 - 00000000 ____D C:\Users\******\Documents\Schule
2013-08-18 15:50 - 2012-05-03 15:50 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2013-08-18 13:15 - 2013-08-17 23:20 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-08-17 10:38 - 2013-02-22 18:45 - 00000000 ____D C:\Users\******\Desktop\Lars
2013-08-16 22:32 - 2010-11-21 05:47 - 00105736 _____ C:\Windows\PFRO.log
2013-08-16 22:31 - 2013-08-16 22:31 - 00030876 _____ C:\Users\******\Desktop\FRST.txt
2013-08-16 22:03 - 2013-08-16 22:03 - 00001116 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2013-08-16 22:03 - 2013-08-16 22:03 - 00000000 ____D C:\Users\******\AppData\Roaming\Malwarebytes
2013-08-16 22:03 - 2013-08-16 22:03 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-08-16 22:03 - 2013-08-16 22:03 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-08-16 21:31 - 2012-12-02 14:22 - 00000000 ____D C:\ProgramData\tmp
2013-08-16 21:27 - 2013-08-16 21:27 - 00000000 ____D C:\Users\******\AppData\Roaming\WinRAR
2013-08-16 21:27 - 2013-08-16 21:27 - 00000000 ____D C:\Users\******\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
2013-08-16 21:27 - 2013-08-16 21:27 - 00000000 ____D C:\Program Files\WinRAR
2013-08-16 21:07 - 2009-07-14 05:20 - 00000000 __RHD C:\Users\Default
2013-08-16 21:05 - 2013-08-16 20:57 - 00000000 ____D C:\Windows\erdnt
2013-08-16 21:04 - 2009-07-14 04:34 - 00000215 _____ C:\Windows\system.ini
2013-08-16 20:36 - 2013-08-16 20:36 - 00023090 _____ C:\Users\******\Desktop\Addition.txt
2013-08-16 17:12 - 2013-08-16 20:27 - 00000048 _____ C:\Users\******\Desktop\Kasp pure.txt
2013-08-14 14:20 - 2013-08-14 14:20 - 00000000 ____D C:\Users\******\AppData\Local\{FD95CC53-8929-4C2E-A08B-287C4A9E8A93}
2013-08-12 19:57 - 2013-08-16 20:27 - 00000245 _____ C:\Users\******\Desktop\Lars******Virus.txt
2013-08-12 17:43 - 2013-08-12 17:43 - 00000000 ____D C:\Windows\pss
2013-08-12 17:34 - 2013-08-12 17:34 - 00001099 _____ C:\AdwCleaner[S2].txt
2013-08-12 17:34 - 2013-08-12 17:34 - 00001036 _____ C:\AdwCleaner[R3].txt
2013-08-12 17:20 - 2011-05-02 15:29 - 00000000 ____D C:\ProgramData\McAfee
2013-08-12 17:16 - 2013-08-12 17:16 - 00000977 _____ C:\AdwCleaner[R2].txt
2013-08-12 17:14 - 2011-05-02 15:34 - 00000000 ____D C:\Program Files (x86)\Windows Live
2013-08-12 17:05 - 2013-01-31 09:02 - 00000000 ____D C:\Program Files\McAfee
2013-08-12 17:01 - 2013-08-12 17:01 - 00005328 _____ C:\AdwCleaner[S1].txt
2013-08-12 17:00 - 2013-08-12 17:00 - 00666633 _____ C:\Users\******\Downloads\adwcleaner.exe
2013-08-12 17:00 - 2013-08-12 17:00 - 00005266 _____ C:\AdwCleaner[R1].txt
2013-08-09 21:06 - 2013-08-08 21:48 - 00031744 _____ C:\Users\******\Documents\Fußballtipp 2013.xls
2013-08-09 17:14 - 2013-08-16 20:27 - 188758520 _____ (Kaspersky Lab) C:\Users\******\Desktop\pure13.0.2.558de-de.exe
2013-08-08 22:27 - 2013-08-08 22:26 - 00000000 ____D C:\Users\******\AppData\Local\{7E7E285D-C016-4D71-9214-848479C4AC70}
2013-08-08 21:48 - 2012-08-19 14:55 - 00031744 _____ C:\Users\******\Documents\Fußballtipp 2012 fertig.xls
==================== Bamital & volsnap Check =================
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
==================== BCD ================================
Windows-Start-Manager
---------------------
Bezeichner {bootmgr}
device partition=\Device\HarddiskVolume1
description Windows Boot Manager
locale de-DE
inherit {globalsettings}
default {current}
resumeobject {9f678289-74b6-11e0-8be3-1c75087fbc27}
displayorder {current}
toolsdisplayorder {memdiag}
timeout 30
Windows-Startladeprogramm
-------------------------
Bezeichner {current}
device partition=C:
path \Windows\system32\winload.exe
description Windows 7
locale de-DE
inherit {bootloadersettings}
recoverysequence {9f67828b-74b6-11e0-8be3-1c75087fbc27}
recoveryenabled Yes
osdevice partition=C:
systemroot \Windows
resumeobject {9f678289-74b6-11e0-8be3-1c75087fbc27}
nx OptIn
Windows-Startladeprogramm
-------------------------
Bezeichner {9f67828b-74b6-11e0-8be3-1c75087fbc27}
device ramdisk=[\Device\HarddiskVolume1]\Recovery\WindowsRE\Winre.wim,{9f67828c-74b6-11e0-8be3-1c75087fbc27}
path \windows\system32\winload.exe
description Windows Recovery Environment
inherit {bootloadersettings}
osdevice ramdisk=[\Device\HarddiskVolume1]\Recovery\WindowsRE\Winre.wim,{9f67828c-74b6-11e0-8be3-1c75087fbc27}
systemroot \windows
nx OptIn
winpe Yes
Wiederaufnahme aus dem Ruhezustand
----------------------------------
Bezeichner {9f678289-74b6-11e0-8be3-1c75087fbc27}
device partition=C:
path \Windows\system32\winresume.exe
description Windows Resume Application
locale de-DE
inherit {resumeloadersettings}
filedevice partition=C:
filepath \hiberfil.sys
debugoptionenabled No
Windows-Speichertestprogramm
----------------------------
Bezeichner {memdiag}
device partition=\Device\HarddiskVolume1
path \boot\memtest.exe
description Windows Memory Diagnostic
locale de-DE
inherit {globalsettings}
badmemoryaccess Yes
EMS-Einstellungen
-----------------
Bezeichner {emssettings}
bootems Yes
Debuggereinstellungen
---------------------
Bezeichner {dbgsettings}
debugtype Serial
debugport 1
baudrate 115200
RAM-Defekte
-----------
Bezeichner {badmemory}
Globale Einstellungen
---------------------
Bezeichner {globalsettings}
inherit {dbgsettings}
{emssettings}
{badmemory}
Startladeprogramm-Einstellungen
-------------------------------
Bezeichner {bootloadersettings}
inherit {globalsettings}
{hypervisorsettings}
Hypervisoreinstellungen
-------------------
Bezeichner {hypervisorsettings}
hypervisordebugtype Serial
hypervisordebugport 1
hypervisorbaudrate 115200
Einstellungen zur Ladeprogrammfortsetzung
-----------------------------------------
Bezeichner {resumeloadersettings}
inherit {globalsettings}
Ger„teoptionen
--------------
Bezeichner {9f67828c-74b6-11e0-8be3-1c75087fbc27}
description Ramdisk Options
ramdisksdidevice partition=\Device\HarddiskVolume1
ramdisksdipath \Recovery\WindowsRE\boot.sdi
LastRegBack: 2013-08-30 13:11
==================== End Of Log ============================
Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x64) Version: 03-09-2013 01 Ran by ****** at 2013-09-03 16:54:51 Running from C:\Users\******\Downloads\Virensuche Boot Mode: Normal ========================================================== ==================== Installed Programs ======================= Adobe AIR (x32 Version: 2.0.3.13070) Adobe Flash Player 11 ActiveX (x32 Version: 11.8.800.94) Adobe Flash Player 11 Plugin (x32 Version: 11.8.800.94) Adobe Reader X (10.1.5) MUI (x32 Version: 10.1.5) aioprnt (Version: 5.3.1.0) aioscnnr (x32 Version: 5.7.5.30) aioscnnr (x32 Version: 7.3.4.0) Amazon.de (x32) Apple Application Support (x32 Version: 1.2.1) Avira Free Antivirus (x32 Version: 13.0.0.3885) Bejeweled 2 Deluxe (x32 Version: 2.2.0.95) Bejeweled 3 (x32 Version: 2.2.0.97) C4USelfUpdater (x32 Version: 1.00.0000) center (x32 Version: 6.2.5.0) Chicken Invaders 3 - Revenge of the Yolk (x32 Version: 2.2.0.95) Chuzzle Deluxe (x32 Version: 2.2.0.95) Cisco AnyConnect VPN Client (x32 Version: 2.5.3054) D3DX10 (x32 Version: 15.4.2368.0902) Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition (x32) Diner Dash 2 Restaurant Rescue (x32 Version: 2.2.0.95) Dropbox (HKCU Version: 2.0.22) eBay (x32 Version: 1.1.9) essentials (x32 Version: 6.0.14.0) FATE (x32 Version: 2.2.0.97) FileZilla Client 3.6.0.2 (x32 Version: 3.6.0.2) Final Drive: Nitro (x32 Version: 2.2.0.95) Flatcast Viewer Plugin 5.3.0.784 (x32) Free PDF to Word Doc Converter v1.1 (x32 Version: 1.1) Galerie de photos Windows Live (x32 Version: 15.4.3502.0922) Google Earth (x32 Version: 7.1.1.1888) Google Update Helper (x32 Version: 1.3.21.153) High-Definition Video Playback (x32 Version: 7.1.13900.47.0) IBM SPSS Statistics 20 (Version: 20.0.0.0) Insaniquarium Deluxe (x32 Version: 2.2.0.97) Intel(R) Management Engine Components (x32 Version: 7.0.0.1144) Intel(R) Processor Graphics (x32 Version: 8.15.10.2353) Intel(R) Rapid Storage Technology (x32 Version: 10.1.2.1004) Java 7 Update 7 (x32 Version: 7.0.70) Java Auto Updater (x32 Version: 2.1.9.0) Junk Mail filter update (x32 Version: 15.4.3502.0922) Kodak AIO Printer (Version: 7.0.3.0) KODAK All-in-One Software (x32 Version: 7.6.12.20) ksDIP (x32 Version: 3.20.0000.0001) Malwarebytes Anti-Malware Version 1.75.0.1300 (x32 Version: 1.75.0.1300) Mesh Runtime (x32 Version: 15.4.5722.2) Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319) Microsoft Application Error Reporting (Version: 12.0.6015.5000) Microsoft IntelliPoint 8.2 (Version: 8.20.468.0) Microsoft Office 2010 Service Pack 1 (SP1) (x32) Microsoft Office Access MUI (German) 2010 (x32 Version: 14.0.6029.1000) Microsoft Office Excel MUI (German) 2010 (x32 Version: 14.0.6029.1000) Microsoft Office Groove MUI (German) 2010 (x32 Version: 14.0.6029.1000) Microsoft Office InfoPath MUI (German) 2010 (x32 Version: 14.0.6029.1000) Microsoft Office Office 64-bit Components 2010 (Version: 14.0.6029.1000) Microsoft Office OneNote MUI (German) 2010 (x32 Version: 14.0.6029.1000) Microsoft Office Outlook MUI (German) 2010 (x32 Version: 14.0.6029.1000) Microsoft Office PowerPoint MUI (German) 2010 (x32 Version: 14.0.6029.1000) Microsoft Office Professional Plus 2010 (x32 Version: 14.0.6029.1000) Microsoft Office Proof (English) 2010 (x32 Version: 14.0.6029.1000) Microsoft Office Proof (French) 2010 (x32 Version: 14.0.6029.1000) Microsoft Office Proof (German) 2010 (x32 Version: 14.0.6029.1000) Microsoft Office Proof (Italian) 2010 (x32 Version: 14.0.6029.1000) Microsoft Office Proofing (German) 2010 (x32 Version: 14.0.6029.1000) Microsoft Office Publisher MUI (German) 2010 (x32 Version: 14.0.6029.1000) Microsoft Office Shared 64-bit MUI (German) 2010 (Version: 14.0.6029.1000) Microsoft Office Shared MUI (German) 2010 (x32 Version: 14.0.6029.1000) Microsoft Office Word MUI (German) 2010 (x32 Version: 14.0.6029.1000) Microsoft Primary Interoperability Assemblies 2005 (x32 Version: 9.0.21022) Microsoft Silverlight (Version: 5.1.20513.0) Microsoft SQL Server 2005 Compact Edition [ENU] (x32 Version: 3.1.0000) Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (x32 Version: 8.0.50727.4053) Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.59193) Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.61001) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (Version: 9.0.30729) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (Version: 9.0.30729.4148) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (x32 Version: 9.0.30729) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (x32 Version: 9.0.30729) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (x32 Version: 9.0.30729.4148) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (x32 Version: 9.0.30729.6161) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (x32 Version: 10.0.40219) Mozilla Firefox 23.0.1 (x86 de) (x32 Version: 23.0.1) Mozilla Maintenance Service (x32 Version: 23.0.1) MSVCRT (x32 Version: 15.4.2862.0708) MSVCRT_amd64 (x32 Version: 15.4.2862.0708) MSXML 4.0 SP2 (KB954430) (x32 Version: 4.20.9870.0) MSXML 4.0 SP2 (KB973688) (x32 Version: 4.20.9876.0) Nero 10 Movie ThemePack Basic (x32 Version: 10.2.10000.0.0) Nero BackItUp 10 (x32 Version: 5.6.11500.16.100) Nero BackItUp 10 Help (CHM) (x32 Version: 10.5.10600) Nero BurnRights 10 (x32 Version: 4.2.10500.1.102) Nero BurnRights 10 Help (CHM) (x32 Version: 10.5.10600) Nero Control Center 10 (x32 Version: 10.6.12000.0.0) Nero ControlCenter 10 Help (CHM) (x32 Version: 10.5.10600) Nero Core Components 10 (x32 Version: 2.0.18700.9.1) Nero Express 10 (x32 Version: 10.2.12000.21.100) Nero Express 10 Help (CHM) (x32 Version: 10.5.10600) Nero InfoTool 10 (x32 Version: 7.2.10400.5.100) Nero InfoTool 10 Help (CHM) (x32 Version: 10.5.10600) Nero MediaHub 10 (x32 Version: 1.2.13300.36.100) Nero MediaHub 10 Help (CHM) (x32 Version: 10.5.10600) Nero Multimedia Suite 10 Essentials (x32 Version: 10.5.14800) Nero RescueAgent 10 (x32 Version: 3.2.10800.9.100) Nero RescueAgent 10 Help (CHM) (x32 Version: 10.5.10600) Nero StartSmart 10 (x32 Version: 10.2.11600.14.100) Nero StartSmart 10 Help (CHM) (x32 Version: 10.5.10600) Nero Update (x32 Version: 1.0.10300.25.0) Nikon File Uploader 2 (x32 Version: 2.00.0001) Nikon Message Center 2 (x32 Version: 2.0.1) ocr (x32 Version: 6.2.3.50) OpenOffice.org 3.3 (x32 Version: 3.3.9567) P 2.8.2 (Version: 2.8.2) Penguins! (x32 Version: 2.2.0.95) Photo Service - powered by myphotobook (x32 Version: 1.2.0) Photo Service - powered by myphotobook (x32 Version: 1.2.0-545) Picture Control Utility (x32 Version: 1.2.0) Plants vs. Zombies - Game of the Year (x32 Version: 2.2.0.95) PlayReady PC Runtime amd64 (Version: 1.3.0) Polar Bowler (x32 Version: 2.2.0.97) PreReq (x32 Version: 6.2.4.0) PrintProjects (x32 Version: 1.0.0.9282) QuickTime (x32 Version: 7.66.71.0) Raccolta foto di Windows Live (x32 Version: 15.4.3502.0922) Realtek Ethernet Controller Driver (x32 Version: 7.38.113.2011) Realtek High Definition Audio Driver (x32 Version: 6.0.1.6307) Realtek USB 2.0 Card Reader (x32 Version: 6.1.7600.30123) Realtek WLAN Driver (x32 Version: 2.00.0013) Skype™ 6.6 (x32 Version: 6.6.106) Slingo Deluxe (x32 Version: 2.2.0.95) Synaptics Pointing Device Driver (Version: 15.2.11.1) TeamViewer 6 (x32 Version: 6.0.11117) TOSHIBA Assist (x32 Version: 4.02.02) TOSHIBA Bulletin Board (Version: 2.1.10.64) TOSHIBA Bulletin Board (x32 Version: 2.1.10.64) TOSHIBA ConfigFree (x32 Version: 8.0.38) TOSHIBA Disc Creator (Version: 2.1.0.6 for x64) TOSHIBA Face Recognition (Version: 3.1.8.64) TOSHIBA Face Recognition (x32 Version: 3.1.8.64) TOSHIBA Flash Cards Support Utility (x32 Version: 1.63.0.12C) TOSHIBA Hardware Setup (x32 Version: 1.63.1.34C) TOSHIBA HDD/SSD Alert (Version: 3.1.64.7) TOSHIBA HDD/SSD Alert (x32 Version: 3.1.64.7) Toshiba Manuals (x32 Version: 10.02) TOSHIBA Media Controller (x32 Version: 1.0.86.2) TOSHIBA Media Controller Plug-in (x32 Version: 1.0.6.1) TOSHIBA Online Product Information (x32 Version: 4.00.0008) TOSHIBA Places Icon Utility (x32 Version: 1.0.2.4) TOSHIBA Recovery Media Creator (x32 Version: 2.1.3.10010) TOSHIBA Recovery Media Creator Reminder (x32 Version: 1.00.0019) TOSHIBA ReelTime (Version: 1.7.17.64) TOSHIBA ReelTime (x32 Version: 1.7.17.64) TOSHIBA Resolution+ Plug-in for Windows Media Player (x32 Version: 1.1.0) TOSHIBA Service Station (x32 Version: 2.1.52) TOSHIBA Supervisor Password (x32 Version: 1.63.51.2C) TOSHIBA TEMPRO (x32 Version: 3.35) TOSHIBA Value Added Package (Version: 1.5.4.64) TOSHIBA Value Added Package (x32 Version: 1.5.4.64) TOSHIBA Web Camera Application (x32 Version: 2.0.0.19) TOSHIBA Wireless LAN Indicator (x32 Version: 1.0.3) TRORMCLauncher (Version: 1.0.0.10) TRORMCLauncher (x32 Version: ) Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (x32 Version: 1) Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (x32 Version: 1) Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (x32 Version: 1) Update for Microsoft .NET Framework 4 Client Profile (KB2836939) (x32 Version: 1) Update for Microsoft Office 2010 (KB2553065) (x32) Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition (x32) Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition (x32) Update for Microsoft Office 2010 (KB2553270) 32-Bit Edition (x32) Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition (x32) Update for Microsoft Office 2010 (KB2553378) 32-Bit Edition (x32) Update for Microsoft Office 2010 (KB2566458) (x32) Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition (x32) Update for Microsoft Office 2010 (KB2598242) 32-Bit Edition (x32) Update for Microsoft Office 2010 (KB2687503) 32-Bit Edition (x32) Update for Microsoft Office 2010 (KB2687509) 32-Bit Edition (x32) Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition (x32) Update for Microsoft Office 2010 (KB2767886) 32-Bit Edition (x32) Update for Microsoft Office 2010 (KB2825640) 32-Bit Edition (x32) Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition (x32) Update for Microsoft Outlook 2010 (KB2597090) 32-Bit Edition (x32) Update for Microsoft Outlook 2010 (KB2687623) 32-Bit Edition (x32) Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition (x32) Update for Microsoft PowerPoint 2010 (KB2598240) 32-Bit Edition (x32) Update for Microsoft SharePoint Workspace 2010 (KB2589371) 32-Bit Edition (x32) Update Installer for WildTangent Games App (x32) Utility Common Driver (x32 Version: 1.0.52.2C) ViewNX 2 (x32 Version: 2.0.1) Wedding Dash 2 - Rings Around the World (x32 Version: 2.2.0.95) WildTangent Games (x32 Version: 1.0.2.5) WildTangent Games App (Toshiba Games) (x32 Version: 4.0.5.5) Windows Live (x32 Version: 15.4.3502.0922) Windows Live Communications Platform (x32 Version: 15.4.3502.0922) Windows Live Essentials (x32 Version: 15.4.3502.0922) Windows Live Essentials (x32 Version: 15.4.3555.0308) Windows Live Fotogalerie (x32 Version: 15.4.3502.0922) Windows Live ID Sign-in Assistant (Version: 7.250.4232.0) Windows Live Installer (x32 Version: 15.4.3502.0922) Windows Live Language Selector (Version: 15.4.3555.0308) Windows Live Mail (x32 Version: 15.4.3502.0922) Windows Live Mesh (x32 Version: 15.4.3502.0922) Windows Live Messenger (x32 Version: 15.4.3538.0513) Windows Live MIME IFilter (Version: 15.4.3502.0922) Windows Live Movie Maker (x32 Version: 15.4.3502.0922) Windows Live Photo Common (x32 Version: 15.4.3502.0922) Windows Live Photo Gallery (x32 Version: 15.4.3502.0922) Windows Live PIMT Platform (x32 Version: 15.4.3508.1109) Windows Live Remote Client (Version: 15.4.5722.2) Windows Live Remote Client Resources (Version: 15.4.5722.2) Windows Live Remote Service (Version: 15.4.5722.2) Windows Live Remote Service Resources (Version: 15.4.5722.2) Windows Live SOXE (x32 Version: 15.4.3502.0922) Windows Live SOXE Definitions (x32 Version: 15.4.3502.0922) Windows Live UX Platform (x32 Version: 15.4.3502.0922) Windows Live UX Platform Language Pack (x32 Version: 15.4.3508.1109) Windows Live Writer (x32 Version: 15.4.3502.0922) Windows Live Writer Resources (x32 Version: 15.4.3502.0922) WinRAR 4.20 (64-Bit) (Version: 4.20.0) Zuma Deluxe (x32 Version: 2.2.0.95) ==================== Restore Points ========================= 06-07-2013 09:13:49 Windows Update 10-07-2013 18:14:26 Windows Update 10-07-2013 21:39:34 Windows Update 16-07-2013 09:24:48 Windows Update 16-08-2013 19:43:59 OTL Restore Point - 8/16/2013 9:43:59 PM 28-08-2013 12:33:50 Windows Update ==================== Hosts content: ========================== 2009-07-14 04:34 - 2013-08-16 21:04 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts 127.0.0.1 localhost ==================== Scheduled Tasks (whitelisted) ============= Task: {044A6734-E90E-4F8F-B357-B2DC8AB3B5EC} - System32\Tasks\Microsoft\Windows\Time Synchronization\SynchronizeTime => start w32time task_started Task: {0BAE12C3-62AF-4B1D-AD22-9634F4207B53} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-08-21] (Adobe Systems Incorporated) Task: {0FF6A580-3653-4A53-940F-DD8743BBFA46} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => start osppsvc Task: {1B2DEBBB-4594-4241-90C2-71E8D3615195} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-11-20] (Google Inc.) Task: {1C2884E2-32A1-4FFA-B154-79E164D93CE6} - System32\Tasks\Microsoft\Windows\MUI\Lpksetup => C:\Windows\System32\lpksetup.exe [2010-11-21] (Microsoft Corporation) Task: {27DA21C7-6E9E-47A5-9DA2-92532E80CC9B} - System32\Tasks\zeucwvgis => C:\Windows\SysWOW64\dplayxt.dll [2013-07-16] () Task: {6A7CD20A-7EB8-400C-B749-3E4F13EF27DC} - System32\Tasks\Microsoft_Hardware_Launch_IPoint_exe => C:\Program Files\Microsoft IntelliPoint\IPoint.exe [2011-08-01] (Microsoft Corporation) Task: {9E463BD1-DFD1-4CE9-87BD-CF62236D2B5A} - System32\Tasks\Scheduled Update for Ask Toolbar => C:\Program Files (x86)\Ask.com\UpdateTask.exe No File Task: {B3E46A1A-F53A-449E-8637-2364854D3DFF} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-11-20] (Google Inc.) Task: {CCBC7D49-C0D1-4FC4-B4D0-D71679E90C6A} - System32\Tasks\ConfigFree Startup Programs => C:\Program Files (x86)\TOSHIBA\ConfigFree\NDSTray.exe [2010-12-03] (TOSHIBA CORPORATION) Task: {E48F53A2-8EA0-4397-AF0F-08C512AA08CD} - System32\Tasks\Microsoft\Windows Live\SOXE\Extractor Definitions Update Task Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe ==================== Loaded Modules (whitelisted) ============= 2011-04-04 19:54 - 2011-04-04 19:54 - 07385088 _____ (Intel Corporation) C:\Windows\system32\igd10umd64.dll 2013-05-25 02:36 - 2013-05-25 02:36 - 00164016 _____ (Dropbox, Inc.) C:\Users\******\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll 2012-08-16 06:51 - 2012-08-16 06:51 - 06670496 _____ (Microsoft Corporation) C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL 2011-10-21 20:09 - 2011-10-21 20:09 - 00176456 _____ (Microsoft Corporation) C:\Windows\WinSxS\amd64_microsoft.vc90.atl_1fc8b3b9a1e18e3b_9.0.30729.6161_none_0a1fd3a3a768b895\ATL90.DLL 2011-03-17 00:07 - 2011-03-17 00:07 - 04297568 _____ () C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF 2010-10-29 04:01 - 2010-10-29 04:01 - 08953768 _____ (Microsoft Corporation) C:\Program Files\Microsoft Office\Office14\1031\GrooveIntlResource.dll 2010-01-02 16:42 - 2010-01-02 16:42 - 00098304 _____ () C:\Program Files (x86)\FileZilla FTP Client\fzshellext_64.dll 2010-01-09 21:21 - 2010-01-09 21:21 - 00077184 _____ (Microsoft Corporation) C:\Program Files\Microsoft Office\Office14\MSOHEVI.DLL 2013-08-16 21:27 - 2012-06-09 19:20 - 00196096 _____ (Alexander Roshal) C:\Program Files\WinRAR\rarext.dll 2011-04-04 19:29 - 2011-04-04 19:29 - 00335872 _____ (Intel Corporation) C:\Windows\system32\igfxpph.dll 2011-04-04 19:29 - 2011-04-04 19:29 - 00109056 _____ (Intel Corporation) C:\Windows\system32\hccutils.DLL 2011-04-04 19:30 - 2011-04-04 19:30 - 00286720 _____ (Intel Corporation) C:\Windows\system32\igfxrDEU.lrc 2011-04-04 19:29 - 2011-04-04 19:29 - 00062464 _____ (Intel Corporation) C:\Windows\system32\igfxsrvc.dll 2011-04-04 19:29 - 2011-04-04 19:29 - 00109056 _____ (Intel Corporation) C:\Windows\System32\hccutils.DLL 2011-04-04 19:28 - 2011-04-04 19:28 - 09014784 _____ (Intel Corporation) C:\Windows\System32\igfxress.dll 2011-04-04 19:18 - 2011-04-04 19:18 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll 2011-07-13 05:51 - 2010-11-03 18:30 - 00149608 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtkCfg64.dll 2011-07-13 05:51 - 2011-01-28 23:03 - 02841704 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtkAPO64.dll 2011-02-03 19:56 - 2011-02-03 19:56 - 00405800 _____ (Synaptics Incorporated) C:\Windows\system32\SynCOM.dll 2011-02-03 19:56 - 2011-02-03 19:56 - 00224040 _____ (Synaptics Incorporated) C:\Windows\system32\SynTPAPI.dll 2011-08-01 15:59 - 2011-08-01 15:59 - 01097096 _____ (Microsoft Corporation) C:\Program Files\Microsoft IntelliPoint\dpgmkb.dll 2011-08-01 15:59 - 2011-08-01 15:59 - 01936776 _____ (Microsoft Corporation) C:\Program Files\Microsoft IntelliPoint\dpgcmd.dll 2011-08-01 15:59 - 2011-08-01 15:59 - 00798088 _____ (Microsoft Corporation) C:\Program Files\Microsoft IntelliPoint\Components\Commands\dpghnt\dpghnt.dll 2012-10-08 11:06 - 2012-10-08 11:06 - 01837568 _____ (Eastman Kodak Company) C:\Windows\System32\spool\drivers\x64\3\EKIJ5000MUI.dll 2013-04-26 06:36 - 2013-04-26 06:36 - 09797768 _____ (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\clr.dll 2010-03-18 14:27 - 2010-03-18 14:27 - 00827744 _____ (Microsoft Corporation) C:\Windows\system32\MSVCR100_CLR0400.dll 2013-07-10 23:44 - 2013-07-10 23:44 - 19358208 _____ (Microsoft Corporation) C:\Windows\assembly\NativeImages_v4.0.30319_64\mscorlib\cb653b6b8da0966098d70da98cba1ef3\mscorlib.ni.dll 2013-04-26 06:36 - 2013-04-26 06:36 - 00068760 _____ (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\nlssorting.dll 2013-08-15 20:43 - 2013-08-15 20:43 - 11892224 _____ (Microsoft Corporation) C:\Windows\assembly\NativeImages_v4.0.30319_64\System\38cbf4b6872aa8f5e31d3421acdfd80d\System.ni.dll 2013-08-15 21:06 - 2013-08-15 21:06 - 05237760 _____ (Microsoft Corporation) C:\Windows\assembly\NativeImages_v4.0.30319_64\WindowsBase\3b2b52955e90267a01173047fc345b4e\WindowsBase.ni.dll 2013-08-15 21:06 - 2013-08-15 21:06 - 15909376 _____ (Microsoft Corporation) C:\Windows\assembly\NativeImages_v4.0.30319_64\PresentationCore\f667ef84c6cbf994068667e5ad0e0115\PresentationCore.ni.dll 2013-08-15 21:07 - 2013-08-15 21:07 - 24411648 _____ (Microsoft Corporation) C:\Windows\assembly\NativeImages_v4.0.30319_64\PresentationFramewo#\d7c8d42f4a18a45fe53870db95360cc4\PresentationFramework.ni.dll 2013-08-15 21:07 - 2013-08-15 21:07 - 02475520 _____ (Microsoft Corporation) C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Xaml\97b58d8732145eb6a771324da836f0f0\System.Xaml.ni.dll 2013-07-23 13:35 - 2013-07-23 13:35 - 02154656 _____ (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\wpfgfx_v0400.dll 2010-03-18 14:27 - 2010-03-18 14:27 - 01098096 _____ (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\PresentationNative_v0400.dll 2012-10-09 11:26 - 2012-10-09 11:26 - 01511000 _____ (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\clrjit.dll 2013-08-15 21:07 - 2013-08-15 21:07 - 02306560 _____ (Microsoft Corporation) C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Drawing\f9a3db5c12a423c8452e4bc33f3bf2d8\System.Drawing.ni.dll 2013-08-15 21:08 - 2013-08-15 21:08 - 17355776 _____ (Microsoft Corporation) C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Windows.Forms\771380e1dd1d349f7b1de86f5a0ed713\System.Windows.Forms.ni.dll 2013-08-15 21:07 - 2013-08-15 21:07 - 00987648 _____ (Microsoft Corporation) C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Runtime.Remo#\0580573d7e9d6c0e6b2bb58a1b5fe5f4\System.Runtime.Remoting.ni.dll 2013-08-15 21:05 - 2013-08-15 21:05 - 07062016 _____ (Microsoft Corporation) C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Xml\d71664672edd04f493a8cf12c3303019\System.Xml.ni.dll 2013-08-15 21:05 - 2013-08-15 21:05 - 01291264 _____ (Microsoft Corporation) C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Configuration\cd54961311941c9b78206daf90177ea9\System.Configuration.ni.dll 2011-05-02 15:24 - 2011-02-22 10:16 - 00559104 _____ () C:\Program Files (x86)\TOSHIBA\TOSHIBA Online Product Information\de\Humphrey.resources.dll 2013-08-15 21:05 - 2013-08-15 21:05 - 10440192 _____ (Microsoft Corporation) C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Core\48c9534b3cc8f11403f0542d7933e15f\System.Core.ni.dll 2010-03-18 14:27 - 2010-03-18 14:27 - 00114520 _____ (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsecimpl.dll 2013-08-15 21:07 - 2013-08-15 21:07 - 00528896 _____ (Microsoft Corporation) C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Xml.Linq\40c7394cde4303b27612c89d8bbe14f3\System.Xml.Linq.ni.dll 2013-08-15 21:09 - 2013-08-15 21:09 - 01470464 _____ (Microsoft Corporation) C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Management\649eb8ffe8130b1ec8c1bd7e226d2d2b\System.Management.ni.dll 2010-03-18 14:27 - 2010-03-18 14:27 - 00039256 _____ (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\wminet_utils.dll 2009-07-14 01:19 - 2009-07-14 03:41 - 00023040 _____ (Microsoft Corporation) C:\Windows\system32\ktmw32.dll 2009-07-14 01:46 - 2009-07-14 03:41 - 00017408 _____ (Microsoft Corporation) C:\Windows\system32\tschannel.dll 2009-07-14 01:46 - 2009-07-14 03:41 - 00055296 _____ (Microsoft Corporation) C:\Windows\system32\TaskSchdPS.dll 2010-11-21 05:24 - 2010-11-21 05:24 - 00094720 _____ (Microsoft Corporation) C:\Windows\system32\Cabinet.dll 2012-06-21 10:06 - 2012-06-03 00:19 - 00044056 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll 2010-03-20 23:18 - 2010-03-20 23:18 - 00020448 _____ (Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\1031\ospintl.dll 2010-12-28 00:49 - 2010-12-28 00:49 - 01366888 _____ (Microsoft Corporation) C:\Program Files (x86)\Common Files\Microsoft Shared\office14\riched20.dll 2011-10-04 12:32 - 2011-10-04 12:32 - 00765312 _____ (Microsoft Corporation) C:\Program Files (x86)\Common Files\Microsoft Shared\office14\MSPTLS.DLL 2012-09-20 14:22 - 2012-09-20 14:22 - 03429584 _____ (Microsoft Corporation) C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Csi.dll 2009-07-14 01:50 - 2009-07-14 03:32 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\security.dll 2012-11-14 01:32 - 2012-11-14 01:32 - 03558400 _____ (wxWidgets development team) C:\Users\******\AppData\Roaming\Dropbox\bin\wxmsw28uh_vc.dll 2013-03-13 22:48 - 2013-03-13 22:48 - 24978944 _____ () C:\Users\******\AppData\Roaming\Dropbox\bin\libcef.dll 2013-03-13 22:48 - 2013-03-13 22:48 - 09956864 _____ (The ICU Project) C:\Users\******\AppData\Roaming\Dropbox\bin\icudt.dll 2011-01-17 16:19 - 2011-10-19 22:41 - 01740800 _____ (OpenOffice.org) C:\Program Files (x86)\OpenOffice.org 3\URE\bin\sal3.dll 2010-11-19 18:46 - 2011-10-19 22:41 - 00086016 _____ (OpenOffice.org) C:\Program Files (x86)\OpenOffice.org 3\URE\bin\uwinapi.dll 2010-12-13 16:23 - 2011-10-19 22:41 - 00379904 _____ (OpenOffice.org) C:\Program Files (x86)\OpenOffice.org 3\program\sofficeapp.dll 2011-01-17 16:19 - 2011-10-19 22:41 - 01033728 _____ (OpenOffice.org) C:\Program Files (x86)\OpenOffice.org 3\program\comphelp4MSC.dll 2010-11-19 18:45 - 2011-10-19 22:41 - 00432128 _____ (OpenOffice.org) C:\Program Files (x86)\OpenOffice.org 3\URE\bin\cppuhelper3MSC.dll 2010-11-19 18:45 - 2011-10-19 22:41 - 00013312 _____ (OpenOffice.org) C:\Program Files (x86)\OpenOffice.org 3\URE\bin\salhelper3MSC.dll 2010-11-19 18:45 - 2011-10-19 22:41 - 00142848 _____ (OpenOffice.org) C:\Program Files (x86)\OpenOffice.org 3\URE\bin\cppu3.dll 2010-11-19 18:46 - 2011-10-19 22:41 - 00597504 _____ (STLport Consulting, Inc.) C:\Program Files (x86)\OpenOffice.org 3\URE\bin\stlport_vc7145.dll 2010-11-19 18:46 - 2011-10-19 22:41 - 00358912 _____ (OpenOffice.org) C:\Program Files (x86)\OpenOffice.org 3\program\ucbhelper4MSC.dll 2010-11-19 18:46 - 2011-10-19 22:41 - 00094208 _____ (OpenOffice.org) C:\Program Files (x86)\OpenOffice.org 3\program\vos3MSC.dll 2011-01-17 16:19 - 2011-10-19 22:41 - 00135680 _____ (OpenOffice.org) C:\Program Files (x86)\OpenOffice.org 3\program\deploymentmiscmi.dll 2011-01-17 16:19 - 2011-10-19 22:41 - 00832000 _____ (Oracle) C:\Program Files (x86)\OpenOffice.org 3\program\libdb47.dll 2011-01-17 16:19 - 2011-10-19 22:41 - 00529408 _____ (OpenOffice.org) C:\Program Files (x86)\OpenOffice.org 3\program\tlmi.dll 2011-01-17 16:19 - 2011-10-19 22:41 - 00700928 _____ (OpenOffice.org) C:\Program Files (x86)\OpenOffice.org 3\program\basegfxmi.dll 2010-11-19 18:45 - 2011-10-19 22:41 - 00026112 _____ (OpenOffice.org) C:\Program Files (x86)\OpenOffice.org 3\program\i18nisolang1MSC.dll 2011-01-17 16:19 - 2011-10-19 22:41 - 00958464 _____ (OpenOffice.org) C:\Program Files (x86)\OpenOffice.org 3\program\utlmi.dll 2010-11-19 18:46 - 2011-10-19 22:41 - 00531456 _____ (OpenOffice.org) C:\Program Files (x86)\OpenOffice.org 3\program\xcrmi.dll 2011-01-17 16:19 - 2011-10-19 22:41 - 03234816 _____ (OpenOffice.org) C:\Program Files (x86)\OpenOffice.org 3\program\sfxmi.dll 2010-12-13 16:22 - 2011-10-19 22:41 - 00869888 _____ (OpenOffice.org) C:\Program Files (x86)\OpenOffice.org 3\program\fwemi.dll 2010-12-13 16:22 - 2011-10-19 22:41 - 00311296 _____ (OpenOffice.org) C:\Program Files (x86)\OpenOffice.org 3\program\fwimi.dll 2010-12-13 16:23 - 2011-10-19 22:41 - 02863616 _____ (OpenOffice.org) C:\Program Files (x86)\OpenOffice.org 3\program\svtmi.dll 2011-01-17 16:19 - 2011-10-19 22:41 - 02186752 _____ (OpenOffice.org) C:\Program Files (x86)\OpenOffice.org 3\program\tkmi.dll 2011-01-17 16:19 - 2011-10-19 22:41 - 03266560 _____ (OpenOffice.org) C:\Program Files (x86)\OpenOffice.org 3\program\vclmi.dll 2010-11-19 18:46 - 2011-10-19 22:41 - 00256000 _____ (OpenOffice.org) C:\Program Files (x86)\OpenOffice.org 3\program\sotmi.dll 2010-11-19 18:45 - 2011-10-19 22:41 - 00029184 _____ (OpenOffice.org) C:\Program Files (x86)\OpenOffice.org 3\program\i18npapermi.dll 2010-11-19 18:45 - 2011-10-19 22:41 - 00066560 _____ (OpenOffice.org) C:\Program Files (x86)\OpenOffice.org 3\program\i18nutilMSC.dll 2010-11-19 18:45 - 2011-10-19 22:41 - 00951296 _____ (IBM Corporation and others) C:\Program Files (x86)\OpenOffice.org 3\program\icuuc40.dll 2010-11-19 18:45 - 2011-10-19 22:41 - 13914112 _____ (IBM Corporation and others) C:\Program Files (x86)\OpenOffice.org 3\program\icudt40.dll 2011-01-17 16:19 - 2011-10-19 22:41 - 00777216 _____ (OpenOffice.org) C:\Program Files (x86)\OpenOffice.org 3\program\svlmi.dll 2010-11-19 18:45 - 2011-10-19 22:41 - 00092160 _____ (OpenOffice.org) C:\Program Files (x86)\OpenOffice.org 3\URE\bin\jvmfwk3.dll 2011-01-17 16:19 - 2011-10-19 22:41 - 00985088 _____ () C:\Program Files (x86)\OpenOffice.org 3\program\libxml2.dll 2011-01-17 16:19 - 2011-10-19 22:41 - 01577984 _____ (OpenOffice.org) C:\Program Files (x86)\OpenOffice.org 3\program\sbmi.dll 2010-11-19 12:42 - 2010-11-19 12:42 - 00083456 _____ (OpenOffice.org) C:\Program Files (x86)\OpenOffice.org 3\program\saxmi.dll 2010-11-19 18:45 - 2011-10-19 22:41 - 00051712 _____ (OpenOffice.org) C:\Program Files (x86)\OpenOffice.org 3\URE\bin\msci_uno.dll 2010-11-19 18:45 - 2011-10-19 22:41 - 00452608 _____ (OpenOffice.org) C:\Program Files (x86)\OpenOffice.org 3\URE\bin\bootstrap.uno.dll 2010-11-19 18:45 - 2011-10-19 22:41 - 00092672 _____ (OpenOffice.org) C:\Program Files (x86)\OpenOffice.org 3\URE\bin\reg3.dll 2010-11-19 18:46 - 2011-10-19 22:41 - 00053248 _____ (OpenOffice.org) C:\Program Files (x86)\OpenOffice.org 3\URE\bin\store3.dll 2010-11-19 18:45 - 2011-10-19 22:41 - 00396800 _____ (OpenOffice.org) C:\Program Files (x86)\OpenOffice.org 3\program\configmgr.uno.dll 2010-12-13 16:22 - 2011-10-19 22:41 - 00024064 _____ (OpenOffice.org) C:\Program Files (x86)\OpenOffice.org 3\program\localebe1.uno.dll 2010-11-19 18:46 - 2011-10-19 22:41 - 00092672 _____ (OpenOffice.org) C:\Program Files (x86)\OpenOffice.org 3\URE\bin\stocservices.uno.dll 2010-11-19 18:46 - 2011-10-19 22:41 - 00212992 _____ (OpenOffice.org) C:\Program Files (x86)\OpenOffice.org 3\program\ucb1.dll 2010-12-13 16:22 - 2011-10-19 22:41 - 01649152 _____ (OpenOffice.org) C:\Program Files (x86)\OpenOffice.org 3\program\fwkmi.dll 2011-01-17 16:19 - 2011-10-19 22:41 - 00257024 _____ (OpenOffice.org) C:\Program Files (x86)\OpenOffice.org 3\program\ucpfile1.dll 2011-01-17 16:19 - 2011-10-19 22:41 - 01317376 _____ (OpenOffice.org) C:\Program Files (x86)\OpenOffice.org 3\program\i18npool.uno.dll 2010-11-19 18:45 - 2011-10-19 22:41 - 01071616 _____ (IBM Corporation and others) C:\Program Files (x86)\OpenOffice.org 3\program\icuin40.dll 2010-12-13 16:22 - 2011-10-19 22:41 - 00083968 _____ (OpenOffice.org) C:\Program Files (x86)\OpenOffice.org 3\program\oooimprovementmi.dll 2010-12-13 16:22 - 2011-10-19 22:41 - 00287232 _____ (OpenOffice.org) C:\Program Files (x86)\OpenOffice.org 3\program\oleautobridge.uno.dll 2010-11-19 18:45 - 2011-10-19 22:41 - 00148480 _____ (OpenOffice.org) C:\Program Files (x86)\OpenOffice.org 3\program\emsermi.dll 2011-07-13 05:59 - 2010-03-18 09:36 - 00827728 _____ (Microsoft Corporation) C:\Windows\system32\MSVCR100.dll 2011-07-13 05:59 - 2010-03-18 09:36 - 00607568 _____ (Microsoft Corporation) C:\Windows\system32\MSVCP100.dll 2011-03-30 15:25 - 2011-03-30 15:25 - 00140744 _____ (TOSHIBA CORPORATION) C:\Program Files (x86)\TOSHIBA\ConfigFree\NDSParts.dll 2010-01-29 15:33 - 2010-01-29 15:33 - 00304536 _____ (TOSHIBA CORPORATION) C:\Program Files (x86)\TOSHIBA\ConfigFree\NDSAPI.dll 2010-01-29 16:19 - 2010-01-29 16:19 - 00071032 _____ (TOSHIBA CORPORATION) C:\Program Files (x86)\TOSHIBA\ConfigFree\CFWLAPI.dll 2011-10-21 06:55 - 2011-10-21 06:55 - 01101824 _____ (Microsoft Corporation) C:\Windows\WinSxS\x86_microsoft.vc80.mfc_1fc8b3b9a1e18e3b_8.0.50727.6195_none_cbf5e994470a1a8f\MFC80.DLL 2010-06-03 17:36 - 2010-06-03 17:36 - 01562064 _____ (TOSHIBA CORPORATION) C:\Program Files (x86)\TOSHIBA\ConfigFree\NDSMUI.dll 2010-05-06 10:32 - 2010-05-06 10:32 - 00222648 _____ (TOSHIBA CORPORATION) C:\Program Files (x86)\TOSHIBA\ConfigFree\CFWRPAR_CS.dll 2011-10-21 06:56 - 2011-10-21 06:56 - 00065536 _____ (Microsoft Corporation) C:\Windows\WinSxS\x86_microsoft.vc80.mfcloc_1fc8b3b9a1e18e3b_8.0.50727.6195_none_03ce2c72205943d3\MFC80DEU.DLL 2011-10-21 06:55 - 2011-10-21 06:55 - 00479232 _____ (Microsoft Corporation) C:\Windows\WinSxS\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.6195_none_d09154e044272b9a\msvcm80.dll 2013-08-17 23:20 - 2013-08-17 23:20 - 03551640 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll 2013-05-25 02:36 - 2013-05-25 02:36 - 00130736 _____ (Dropbox, Inc.) C:\Users\******\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll 2012-08-16 06:43 - 2012-08-16 06:43 - 04171424 _____ (Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL 2011-10-21 20:10 - 2011-10-21 20:10 - 00159048 _____ (Microsoft Corporation) C:\Windows\WinSxS\x86_microsoft.vc90.atl_1fc8b3b9a1e18e3b_9.0.30729.6161_none_51cd0a7abbe4e19b\ATL90.DLL 2011-03-17 00:11 - 2011-03-17 00:11 - 04297568 _____ () C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF 2010-10-29 04:01 - 2010-10-29 04:01 - 08953256 _____ (Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\1031\GrooveIntlResource.dll 2009-07-14 02:07 - 2009-07-14 03:15 - 00079872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mp3dmod.dll 2013-08-21 13:16 - 2013-08-21 13:16 - 16166280 _____ () C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_94.dll ==================== Alternate Data Streams (whitelisted) ========== ==================== Faulty Device Manager Devices ============= Name: Cisco AnyConnect VPN Virtual Miniport Adapter for Windows x64 Description: Cisco AnyConnect VPN Virtual Miniport Adapter for Windows x64 Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318} Manufacturer: Cisco Systems Service: vpnva Problem: : This device is disabled. (Code 22) Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions. ==================== Event log errors: ========================= Application errors: ================== Error: (09/03/2013 03:50:18 PM) (Source: WinMgmt) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (08/31/2013 09:59:46 AM) (Source: WinMgmt) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (08/31/2013 09:03:35 AM) (Source: WinMgmt) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (08/30/2013 05:32:12 PM) (Source: Application Hang) (User: ) Description: Programm wmplayer.exe, Version 12.0.7601.17514 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: 1254 Startzeit: 01cea59605332507 Endzeit: 10 Anwendungspfad: C:\Program Files (x86)\Windows Media Player\wmplayer.exe Berichts-ID: 54964cf8-1189-11e3-817f-b870f4c3e34b Error: (08/30/2013 05:30:34 PM) (Source: Application Hang) (User: ) Description: Programm wmplayer.exe, Version 12.0.7601.17514 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: 133c Startzeit: 01cea595aed77201 Endzeit: 10 Anwendungspfad: C:\Program Files (x86)\Windows Media Player\wmplayer.exe Berichts-ID: 16bfb5ad-1189-11e3-817f-b870f4c3e34b Error: (08/30/2013 05:14:51 PM) (Source: WinMgmt) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (08/30/2013 11:10:13 AM) (Source: Application Error) (User: ) Description: Name der fehlerhaften Anwendung: EKAiOHostService.exe, Version: 7.6.10.0, Zeitstempel: 0x5049625e Name des fehlerhaften Moduls: msxml6.dll, Version: 6.30.7601.17988, Zeitstempel: 0x5091ff29 Ausnahmecode: 0xc0000005 Fehleroffset: 0x0000840c ID des fehlerhaften Prozesses: 0x774 Startzeit der fehlerhaften Anwendung: 0xEKAiOHostService.exe0 Pfad der fehlerhaften Anwendung: EKAiOHostService.exe1 Pfad des fehlerhaften Moduls: EKAiOHostService.exe2 Berichtskennung: EKAiOHostService.exe3 Error: (08/30/2013 11:10:11 AM) (Source: .NET Runtime) (User: ) Description: Application: EKAiOHostService.exe Framework Version: v4.0.30319 Description: The process was terminated due to an unhandled exception. Exception Info: exception code c0000005, exception address 7458840C Stack: Error: (08/30/2013 08:43:05 AM) (Source: WinMgmt) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (08/29/2013 08:01:15 PM) (Source: WinMgmt) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 System errors: ============= Error: (08/31/2013 09:56:52 AM) (Source: Service Control Manager) (User: ) Description: Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung von Dienst FontCache3.0.0.0 erreicht. Error: (08/31/2013 09:03:56 AM) (Source: Service Control Manager) (User: ) Description: Der Dienst "Windows Search" wurde aufgrund folgenden Fehlers nicht gestartet: %%1053 Error: (08/31/2013 09:03:56 AM) (Source: Service Control Manager) (User: ) Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Windows Search erreicht. Error: (08/31/2013 09:03:56 AM) (Source: DCOM) (User: ) Description: 1053WSearch{7D096C5F-AC08-4F1F-BEB7-5C22C517CE39} Error: (08/30/2013 07:27:46 PM) (Source: Disk) (User: ) Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR3 gefunden. Error: (08/30/2013 07:27:45 PM) (Source: Disk) (User: ) Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR3 gefunden. Error: (08/30/2013 07:27:45 PM) (Source: Disk) (User: ) Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR3 gefunden. Error: (08/30/2013 07:27:44 PM) (Source: Disk) (User: ) Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR3 gefunden. Error: (08/30/2013 07:27:44 PM) (Source: Disk) (User: ) Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR3 gefunden. Error: (08/30/2013 05:54:31 PM) (Source: Disk) (User: ) Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR2 gefunden. Microsoft Office Sessions: ========================= Error: (09/03/2013 03:50:18 PM) (Source: WinMgmt)(User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (08/31/2013 09:59:46 AM) (Source: WinMgmt)(User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (08/31/2013 09:03:35 AM) (Source: WinMgmt)(User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (08/30/2013 05:32:12 PM) (Source: Application Hang)(User: ) Description: wmplayer.exe12.0.7601.17514125401cea5960533250710C:\Program Files (x86)\Windows Media Player\wmplayer.exe54964cf8-1189-11e3-817f-b870f4c3e34b Error: (08/30/2013 05:30:34 PM) (Source: Application Hang)(User: ) Description: wmplayer.exe12.0.7601.17514133c01cea595aed7720110C:\Program Files (x86)\Windows Media Player\wmplayer.exe16bfb5ad-1189-11e3-817f-b870f4c3e34b Error: (08/30/2013 05:14:51 PM) (Source: WinMgmt)(User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (08/30/2013 11:10:13 AM) (Source: Application Error)(User: ) Description: EKAiOHostService.exe7.6.10.05049625emsxml6.dll6.30.7601.179885091ff29c00000050000840c77401cea54bf4409c8aC:\Program Files (x86)\Kodak\AiO\Center\EKAiOHostService.exeC:\Windows\System32\msxml6.dllf9b41044-1153-11e3-a2d1-b870f4c3e34b Error: (08/30/2013 11:10:11 AM) (Source: .NET Runtime)(User: ) Description: Application: EKAiOHostService.exe Framework Version: v4.0.30319 Description: The process was terminated due to an unhandled exception. Exception Info: exception code c0000005, exception address 7458840C Stack: Error: (08/30/2013 08:43:05 AM) (Source: WinMgmt)(User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (08/29/2013 08:01:15 PM) (Source: WinMgmt)(User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 CodeIntegrity Errors: =================================== Date: 2013-08-16 21:04:16.219 Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert. Date: 2013-08-16 21:04:16.173 Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert. ==================== Memory info =========================== Percentage of memory in use: 31% Total physical RAM: 8099.76 MB Available physical RAM: 5517.2 MB Total Pagefile: 16197.71 MB Available Pagefile: 13434.17 MB Total Virtual: 8192 MB Available Virtual: 8191.8 MB ==================== Drives ================================ Drive c: (WINDOWS) (Fixed) (Total:232.88 GB) (Free:149.87 GB) NTFS Drive d: (Data) (Fixed) (Total:232.49 GB) (Free:198.24 GB) NTFS ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or 8) (Size: 466 GB) (Disk ID: 51129AEE) Partition 1: (Active) - (Size=400 MB) - (Type=27) Partition 2: (Not Active) - (Size=233 GB) - (Type=07 NTFS) Partition 3: (Not Active) - (Size=232 GB) - (Type=07 NTFS) ==================== End Of Log ============================ |
|
03.09.2013, 17:00
| #2 |
| /// TB-Ausbilder   | Win7 Home: Browser weiterleitung zu ihavenet.com Hi,
__________________sind die Umleitungen zu ihavenet nach diesem Fix und einem Neustart verschwunden? Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster. Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument Code:
ATTFilter SearchScopes: HKCU - {12995981-2FD6-4BEE-9FB0-B1674E8E5E7E} URL = hxxp://websearch.4shared.com/results?q={searchTerms}
SearchScopes: HKCU - {2E0A800A-A0FA-4392-A8C9-A13C3F1F4544} URL = hxxp://websearch.ask.com/redirect?client=ie&tb=AVR-3&o=APN10395&src=kw&q={searchTerms}&locale=&apn_ptnrs=^ABT&apn_dtid=^YYYYYY^YY^DE&apn_uid=2c3d4c04-9934-422f-b080-4560dfff03ea&apn_sauid=200FE585-4746-4264-A9B8-F505307D1E55
BHO: 4sharedExt - {95525BD9-6136-4A26-8263-9CEE295D442D} - C:\Program Files (x86)\4shared Toolbar\4sharedExt64.dll No File
Toolbar: HKLM - 4shared Toolbar - {95080B13-AA71-4EE8-B951-7E98221E1ED5} - C:\Program Files (x86)\4shared Toolbar\4sharedbar64.dll No File
Task: {27DA21C7-6E9E-47A5-9DA2-92532E80CC9B} - System32\Tasks\zeucwvgis => C:\Windows\SysWOW64\dplayxt.dll [2013-07-16] ()
C:\Windows\SysWOW64\dplayxt.dll
CMD: sc config wscsvc start= auto
Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
__________________ |
|
03.09.2013, 17:58
| #3 |
| | Win7 Home: Browser weiterleitung zu ihavenet.com Hallo Leo,
__________________ganz lieben dank für Deine schnelle Antwort. Ich hab nun eine gazne Weile versucht, die Umleitung zu provozieren, ohne jeglichen Erfolg. Scheinbar hat der Fix funktioniert. Vielen Dank dafür Hier der Log: Code:
ATTFilter Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 03-09-2013 01
Ran by ****** at 2013-09-03 18:11:46 Run:1
Running from C:\Users\******\Downloads\Virensuche
Boot Mode: Normal
==============================================
Content of fixlist:
*****************
SearchScopes: HKCU - {12995981-2FD6-4BEE-9FB0-B1674E8E5E7E} URL = hxxp://websearch.4shared.com/results?q={searchTerms}
SearchScopes: HKCU - {2E0A800A-A0FA-4392-A8C9-A13C3F1F4544} URL = hxxp://websearch.ask.com/redirect?client=ie&tb=AVR-3&o=APN10395&src=kw&q={searchTerms}&locale=&apn_ptnrs=^ABT&apn_dtid=^YYYYYY^YY^DE&apn_uid=2c3d4c04-9934-422f-b080-4560dfff03ea&apn_sauid=200FE585-4746-4264-A9B8-F505307D1E55
BHO: 4sharedExt - {95525BD9-6136-4A26-8263-9CEE295D442D} - C:\Program Files (x86)\4shared Toolbar\4sharedExt64.dll No File
Toolbar: HKLM - 4shared Toolbar - {95080B13-AA71-4EE8-B951-7E98221E1ED5} - C:\Program Files (x86)\4shared Toolbar\4sharedbar64.dll No File
Task: {27DA21C7-6E9E-47A5-9DA2-92532E80CC9B} - System32\Tasks\zeucwvgis => C:\Windows\SysWOW64\dplayxt.dll [2013-07-16] ()
C:\Windows\SysWOW64\dplayxt.dll
CMD: sc config wscsvc start= auto
*****************
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{12995981-2FD6-4BEE-9FB0-B1674E8E5E7E} => Key deleted successfully.
HKCR\CLSID\{12995981-2FD6-4BEE-9FB0-B1674E8E5E7E} => Key not found.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2E0A800A-A0FA-4392-A8C9-A13C3F1F4544} => Key deleted successfully.
HKCR\CLSID\{2E0A800A-A0FA-4392-A8C9-A13C3F1F4544} => Key not found.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95525BD9-6136-4A26-8263-9CEE295D442D} => Key deleted successfully.
HKCR\CLSID\{95525BD9-6136-4A26-8263-9CEE295D442D} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{95080B13-AA71-4EE8-B951-7E98221E1ED5} => Value deleted successfully.
HKCR\CLSID\{95080B13-AA71-4EE8-B951-7E98221E1ED5} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Boot\{27DA21C7-6E9E-47A5-9DA2-92532E80CC9B} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{27DA21C7-6E9E-47A5-9DA2-92532E80CC9B} => Key deleted successfully.
C:\Windows\System32\Tasks\zeucwvgis => Moved successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\zeucwvgis => Key deleted successfully.
C:\Windows\SysWOW64\dplayxt.dll => Moved successfully.
========= sc config wscsvc start= auto =========
[SC] ChangeServiceConfig ERFOLG
========= End of CMD: =========
==== End of Fixlog ====
|
|
03.09.2013, 18:37
| #4 |
| /// TB-Ausbilder | Win7 Home: Browser weiterleitung zu ihavenet.com Hallo, dann noch eine Kontrolle. Läuft sonst alles rund? Schritt 1 ESET Online Scanner
Schritt 2 Starte noch einmal FRST.
__________________ cheers, Leo |
|
04.09.2013, 04:06
| #5 |
| | Win7 Home: Browser weiterleitung zu ihavenet.com Guten Morgäääähn Sieht soweit alles gut aus. Die Weiterleitung lässt sich nicht provozieren, ich kann nicht ungewöhnliches feststellen. Hier die Logs: Eset Code:
ATTFilter ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=b5dd6bb8aa564a439a0f41f0f2bb85d4
# engine=14998
# end=stopped
# remove_checked=false
# archives_checked=true
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2013-09-03 06:05:34
# local_time=2013-09-03 08:05:34 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=1799 16775165 100 96 15099 243654824 7881 0
# compatibility_mode=5893 16776574 100 94 4264757 129861384 0 0
# scanned=16554
# found=0
# cleaned=0
# scan_time=1244
ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=b5dd6bb8aa564a439a0f41f0f2bb85d4
# engine=14998
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2013-09-03 08:15:36
# local_time=2013-09-03 10:15:36 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=1799 16775165 100 96 22901 243662626 15683 0
# compatibility_mode=5893 16776574 100 94 4272559 129869186 0 0
# scanned=177686
# found=0
# cleaned=0
# scan_time=7740
FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 03-09-2013 03
Ran by ****** (administrator) on ******-TOSH on 04-09-2013 05:01:54
Running from C:\Users\******\Downloads\Virensuche
Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 10
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(Cisco Systems, Inc.) C:\Program Files (x86)\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Eastman Kodak Company) C:\Program Files (x86)\Kodak\AiO\Center\EKAiOHostService.exe
(Eastman Kodak Company) C:\Program Files (x86)\Kodak\AiO\StatusMonitor\EKPrinterSDK.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe
(TOSHIBA Corporation) C:\Windows\system32\TODDSrv.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Microsoft Corporation) C:\Program Files\Microsoft IntelliPoint\ipoint.exe
(Eastman Kodak Company) C:\Windows\System32\spool\drivers\x64\3\EKIJ5000MUI.exe
(TOSHIBA) C:\Program Files (x86)\TOSHIBA\TOSHIBA Online Product Information\TOPI.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE
(TOSHIBA CORPORATION) C:\Program Files (x86)\TOSHIBA\ConfigFree\NDSTray.exe
(Microsoft Corporation) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(TOSHIBA CORPORATION) C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSwMgr.exe
(TOSHIBA CORPORATION) C:\Program Files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe
(TOSHIBA CORPORATION) C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Nero AG) c:\Program Files (x86)\Nero\Update\NASvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [11776104 2011-02-11] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg] - C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2188904 2011-01-18] (Realtek Semiconductor)
HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2679592 2011-02-03] (Synaptics Incorporated)
HKLM\...\Run: [IntelliPoint] - C:\Program Files\Microsoft IntelliPoint\ipoint.exe [2417032 2011-08-01] (Microsoft Corporation)
HKLM\...\Run: [EKIJ5000StatusMonitor] - C:\Windows\system32\spool\DRIVERS\x64\3\EKIJ5000MUI.exe [3182080 2012-10-08] (Eastman Kodak Company)
HKLM\...\Policies\Explorer: [NoDrives] 0
HKCU\...\Run: [TOPI.EXE] - C:\Program Files (x86)\TOSHIBA\TOSHIBA Online Product Information\topi.exe [845176 2011-02-18] (TOSHIBA)
HKCU\...\Policies\Explorer: [NoDrives] 0
HKLM-x32\...\Run: [] - [x]
HKLM-x32\...\Run: [EKStatusMonitor] - C:\Program Files (x86)\Kodak\AiO\StatusMonitor\EKStatusMonitor.exe [2844608 2012-10-15] (Eastman Kodak Company)
HKLM-x32\...\Run: [EKIJ5000StatusMonitor] - C:\Windows\system32\spool\DRIVERS\x64\3\EKIJ5000MUI.EXE [3182080 2012-10-08] (Eastman Kodak Company)
HKLM-x32\...\Run: [avgnt] - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [345144 2013-07-01] (Avira Operations GmbH & Co. KG)
HKU\Default\...\Run: [TOPI.EXE] - C:\Program Files (x86)\TOSHIBA\TOSHIBA Online Product Information\topi.exe [845176 2011-02-18] (TOSHIBA)
Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk
ShortcutTarget: TRDCReminder.lnk -> C:\Program Files (x86)\TOSHIBA\TRDCReminder\TRDCReminder.exe (TOSHIBA Europe)
Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk
ShortcutTarget: TRDCReminder.lnk -> C:\Program Files (x86)\TOSHIBA\TRDCReminder\TRDCReminder.exe (TOSHIBA Europe)
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://toshiba.msn.com
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://toshiba.eu/places?touch=4&cat=1
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKCU - DefaultScope {4E24C5D0-0381-4079-ABC4-457DE43D9034} URL = hxxp://rover.ebay.com/rover/1/707-44556-9400-9/4?satitle={searchTerms}
SearchScopes: HKCU - {4E24C5D0-0381-4079-ABC4-457DE43D9034} URL = hxxp://rover.ebay.com/rover/1/707-44556-9400-9/4?satitle={searchTerms}
SearchScopes: HKCU - {DC4691E4-6EDC-4694-B09E-D44CA5BBF1D2} URL = hxxp://www.amazon.de/gp/search?ie=UTF8&keywords={searchTerms}&tag=tochibade-win7-ie-search-21&index=blended&linkCode=ur2
BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~4\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Windows Live ID-Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~4\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: TOSHIBA Media Controller Plug-in - {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll (<TOSHIBA>)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
FireFox:
========
FF ProfilePath: C:\Users\******\AppData\Roaming\Mozilla\Firefox\Profiles\ctwlq0bz.default
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_8_800_94.dll ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_94.dll ()
FF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @java.com/DTPlugin,version=10.7.2 - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin - C:\Program Files (x86)\Java\jre7\bin\new_plugin\npjp2.dll No File
FF Plugin-x32: @java.com/JavaPlugin,version=10.7.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MICROS~4\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 - C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll ()
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @www.flatcast.com/FlatViewer 5.2 - C:\PROGRA~2\MOZILL~1\plugins\NpFv530.dll (1 mal 1 Software GmbH)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
==================== Services (Whitelisted) =================
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [84024 2013-07-01] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [108088 2013-07-01] (Avira Operations GmbH & Co. KG)
R2 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE [589368 2013-07-01] (Avira Operations GmbH & Co. KG)
S4 IconMan_R; C:\Program Files (x86)\Realtek\Realtek USB 2.0 Card Reader\RIconMan.exe [1809920 2010-08-04] (Realsil Microelectronics Inc.)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
S3 TemproMonitoringService; C:\Program Files (x86)\Toshiba TEMPRO\TemproSvc.exe [112080 2011-02-10] (Toshiba Europe GmbH)
==================== Drivers (Whitelisted) ====================
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [100712 2013-03-28] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [130016 2013-03-28] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-03-28] (Avira Operations GmbH & Co. KG)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
S3 catchme; \??\C:\ComboFix\catchme.sys [x]
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2013-09-03 19:43 - 2013-09-03 19:43 - 00000000 ____D C:\Program Files (x86)\ESET
2013-09-03 17:19 - 2013-09-03 17:19 - 00266288 _____ C:\Windows\Minidump\090313-38641-01.dmp
2013-09-03 16:54 - 2013-09-03 16:54 - 00000000 ____D C:\FRST
2013-09-03 16:52 - 2013-09-04 05:01 - 00000000 ____D C:\Users\******\Downloads\Virensuche
2013-08-30 19:29 - 2013-08-30 19:29 - 00000000 ____D C:\Users\******\AppData\Local\Nero_AG
2013-08-30 19:29 - 2013-08-30 19:29 - 00000000 ____D C:\Users\******\AppData\Local\Nero
2013-08-17 23:20 - 2013-08-18 13:15 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-08-16 22:31 - 2013-08-16 22:31 - 00030876 _____ C:\Users\******\Desktop\FRST.txt
2013-08-16 22:03 - 2013-08-16 22:03 - 00001116 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2013-08-16 22:03 - 2013-08-16 22:03 - 00000000 ____D C:\Users\******\AppData\Roaming\Malwarebytes
2013-08-16 22:03 - 2013-08-16 22:03 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-08-16 22:03 - 2013-08-16 22:03 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-08-16 22:03 - 2013-04-04 14:50 - 00025928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2013-08-16 21:27 - 2013-08-16 21:27 - 00000000 ____D C:\Users\******\AppData\Roaming\WinRAR
2013-08-16 21:27 - 2013-08-16 21:27 - 00000000 ____D C:\Users\******\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
2013-08-16 21:27 - 2013-08-16 21:27 - 00000000 ____D C:\Program Files\WinRAR
2013-08-16 20:57 - 2013-08-16 21:05 - 00000000 ____D C:\Windows\erdnt
2013-08-16 20:36 - 2013-08-16 20:36 - 00023090 _____ C:\Users\******\Desktop\Addition.txt
2013-08-16 20:27 - 2013-08-16 17:12 - 00000048 _____ C:\Users\******\Desktop\Kasp pure.txt
2013-08-16 20:27 - 2013-08-12 19:57 - 00000245 _____ C:\Users\******\Desktop\Lars******Virus.txt
2013-08-16 20:27 - 2013-08-09 17:14 - 188758520 _____ (Kaspersky Lab) C:\Users\******\Desktop\pure13.0.2.558de-de.exe
2013-08-15 20:44 - 2013-07-26 07:13 - 02241024 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-08-15 20:44 - 2013-07-26 07:13 - 01365504 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-08-15 20:44 - 2013-07-26 07:13 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-08-15 20:44 - 2013-07-26 07:12 - 19239424 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-08-15 20:44 - 2013-07-26 07:12 - 15405056 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-08-15 20:44 - 2013-07-26 07:12 - 03958784 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-08-15 20:44 - 2013-07-26 07:12 - 02647040 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-08-15 20:44 - 2013-07-26 07:12 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-08-15 20:44 - 2013-07-26 07:12 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-08-15 20:44 - 2013-07-26 07:12 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-08-15 20:44 - 2013-07-26 07:12 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2013-08-15 20:44 - 2013-07-26 07:12 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-08-15 20:44 - 2013-07-26 07:12 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-08-15 20:44 - 2013-07-26 07:12 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-08-15 20:44 - 2013-07-26 05:35 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-08-15 20:44 - 2013-07-26 05:13 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-08-15 20:44 - 2013-07-26 05:13 - 01141248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-08-15 20:44 - 2013-07-26 05:12 - 14329344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-08-15 20:44 - 2013-07-26 05:12 - 02877440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-08-15 20:44 - 2013-07-26 05:12 - 02048512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-08-15 20:44 - 2013-07-26 05:12 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-08-15 20:44 - 2013-07-26 05:12 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-08-15 20:44 - 2013-07-26 05:12 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-08-15 20:44 - 2013-07-26 05:12 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-08-15 20:44 - 2013-07-26 05:12 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-08-15 20:44 - 2013-07-26 05:12 - 00039936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-08-15 20:44 - 2013-07-26 05:11 - 13761024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-08-15 20:44 - 2013-07-26 05:11 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-08-15 20:44 - 2013-07-26 04:49 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-08-15 20:44 - 2013-07-26 04:39 - 00089600 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2013-08-15 20:44 - 2013-07-26 03:59 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-08-15 06:32 - 2013-07-25 11:25 - 01888768 _____ (Microsoft Corporation) C:\Windows\system32\WMVDECOD.DLL
2013-08-15 06:32 - 2013-07-25 10:57 - 01620992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVDECOD.DLL
2013-08-15 06:32 - 2013-07-19 03:58 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2013-08-15 06:32 - 2013-07-19 03:41 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2013-08-15 06:32 - 2013-07-09 08:03 - 05550528 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2013-08-15 06:32 - 2013-07-09 07:54 - 01732032 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2013-08-15 06:32 - 2013-07-09 07:53 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2013-08-15 06:32 - 2013-07-09 07:52 - 00224256 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
2013-08-15 06:32 - 2013-07-09 07:51 - 01217024 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2013-08-15 06:32 - 2013-07-09 07:46 - 01472512 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2013-08-15 06:32 - 2013-07-09 07:46 - 00184320 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
2013-08-15 06:32 - 2013-07-09 07:46 - 00139776 _____ (Microsoft Corporation) C:\Windows\system32\cryptnet.dll
2013-08-15 06:32 - 2013-07-09 07:03 - 03968960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2013-08-15 06:32 - 2013-07-09 07:03 - 03913664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2013-08-15 06:32 - 2013-07-09 06:53 - 01292192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2013-08-15 06:32 - 2013-07-09 06:52 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2013-08-15 06:32 - 2013-07-09 06:52 - 00175104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
2013-08-15 06:32 - 2013-07-09 06:52 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2013-08-15 06:32 - 2013-07-09 06:46 - 01166848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2013-08-15 06:32 - 2013-07-09 06:46 - 00140288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2013-08-15 06:32 - 2013-07-09 06:46 - 00103936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
2013-08-15 06:32 - 2013-07-09 04:49 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2013-08-15 06:32 - 2013-07-09 04:49 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2013-08-15 06:32 - 2013-07-09 04:49 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2013-08-15 06:32 - 2013-07-09 04:49 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2013-08-15 06:32 - 2013-07-06 08:03 - 01910208 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2013-08-15 06:32 - 2013-06-15 06:32 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tssecsrv.sys
2013-08-14 14:20 - 2013-08-14 14:20 - 00000000 ____D C:\Users\******\AppData\Local\{FD95CC53-8929-4C2E-A08B-287C4A9E8A93}
2013-08-12 17:43 - 2013-09-03 17:58 - 00000000 ____D C:\Windows\pss
2013-08-12 17:34 - 2013-08-12 17:34 - 00001099 _____ C:\AdwCleaner[S2].txt
2013-08-12 17:34 - 2013-08-12 17:34 - 00001036 _____ C:\AdwCleaner[R3].txt
2013-08-12 17:16 - 2013-08-12 17:16 - 00000977 _____ C:\AdwCleaner[R2].txt
2013-08-12 17:01 - 2013-08-12 17:01 - 00005328 _____ C:\AdwCleaner[S1].txt
2013-08-12 17:00 - 2013-08-12 17:00 - 00666633 _____ C:\Users\******\Downloads\adwcleaner.exe
2013-08-12 17:00 - 2013-08-12 17:00 - 00005266 _____ C:\AdwCleaner[R1].txt
2013-08-08 22:26 - 2013-08-08 22:27 - 00000000 ____D C:\Users\******\AppData\Local\{7E7E285D-C016-4D71-9214-848479C4AC70}
2013-08-08 21:48 - 2013-08-09 21:06 - 00031744 _____ C:\Users\******\Documents\Fußballtipp 2013.xls
==================== One Month Modified Files and Folders =======
2013-09-04 04:59 - 2013-09-04 04:59 - 01950416 _____ (Farbar) C:\Users\******\Downloads\FRST64.exe
2013-09-04 04:21 - 2011-11-20 13:03 - 00001110 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-09-04 04:16 - 2013-01-16 09:34 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-09-04 02:41 - 2011-07-13 05:46 - 01683830 _____ C:\Windows\WindowsUpdate.log
2013-09-03 22:45 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\rescache
2013-09-03 20:04 - 2011-02-11 10:21 - 00629594 _____ C:\Windows\system32\perfh007.dat
2013-09-03 20:04 - 2011-02-11 10:21 - 00120434 _____ C:\Windows\system32\perfc007.dat
2013-09-03 20:04 - 2009-07-14 07:13 - 01434340 _____ C:\Windows\system32\PerfStringBackup.INI
2013-09-03 19:43 - 2013-09-03 19:43 - 00000000 ____D C:\Program Files (x86)\ESET
2013-09-03 18:37 - 2009-07-14 06:45 - 00024912 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-09-03 18:37 - 2009-07-14 06:45 - 00024912 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-09-03 18:29 - 2011-11-20 13:03 - 00001106 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-09-03 18:29 - 2011-10-23 19:09 - 00000000 ____D C:\ProgramData\Kodak
2013-09-03 18:29 - 2009-07-14 07:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-09-03 18:29 - 2009-07-14 06:51 - 00139232 _____ C:\Windows\setupact.log
2013-09-03 17:58 - 2013-08-12 17:43 - 00000000 ____D C:\Windows\pss
2013-09-03 17:58 - 2011-10-19 20:16 - 00000000 ___RD C:\Users\******\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2013-09-03 17:58 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\PolicyDefinitions
2013-09-03 17:23 - 2012-04-14 11:39 - 00000000 ___RD C:\Users\******\Dropbox
2013-09-03 17:23 - 2012-04-14 11:37 - 00000000 ____D C:\Users\******\AppData\Roaming\Dropbox
2013-09-03 17:19 - 2013-09-03 17:19 - 00266288 _____ C:\Windows\Minidump\090313-38641-01.dmp
2013-09-03 17:19 - 2011-11-02 08:15 - 00000000 ____D C:\Windows\Minidump
2013-09-03 17:18 - 2011-11-02 08:15 - 766107398 _____ C:\Windows\MEMORY.DMP
2013-09-03 16:54 - 2013-09-03 16:54 - 00000000 ____D C:\FRST
2013-09-03 15:51 - 2009-07-14 05:20 - 00000000 __RHD C:\Users\Public\Libraries
2013-08-30 19:29 - 2013-08-30 19:29 - 00000000 ____D C:\Users\******\AppData\Local\Nero_AG
2013-08-30 19:29 - 2013-08-30 19:29 - 00000000 ____D C:\Users\******\AppData\Local\Nero
2013-08-30 11:02 - 2011-11-20 13:19 - 00000000 ____D C:\Users\******\Documents\Nähen
2013-08-30 11:02 - 2011-11-20 13:19 - 00000000 ____D C:\Users\******\Documents\Häkeln
2013-08-28 14:34 - 2011-10-27 15:18 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-08-21 21:40 - 2012-08-11 12:31 - 00001137 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk
2013-08-21 13:16 - 2013-01-16 09:34 - 00692104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-08-21 13:16 - 2013-01-16 09:34 - 00003822 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2013-08-21 13:16 - 2011-10-19 22:27 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-08-19 14:13 - 2009-07-14 07:08 - 00032632 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2013-08-19 12:09 - 2013-06-27 13:16 - 00000000 ____D C:\Users\******\Documents\Schule
2013-08-18 15:50 - 2012-05-03 15:50 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2013-08-18 13:15 - 2013-08-17 23:20 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-08-17 10:38 - 2013-02-22 18:45 - 00000000 ____D C:\Users\******\Desktop\Lars
2013-08-16 22:32 - 2010-11-21 05:47 - 00105736 _____ C:\Windows\PFRO.log
2013-08-16 22:31 - 2013-08-16 22:31 - 00030876 _____ C:\Users\******\Desktop\FRST.txt
2013-08-16 22:03 - 2013-08-16 22:03 - 00001116 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2013-08-16 22:03 - 2013-08-16 22:03 - 00000000 ____D C:\Users\******\AppData\Roaming\Malwarebytes
2013-08-16 22:03 - 2013-08-16 22:03 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-08-16 22:03 - 2013-08-16 22:03 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-08-16 21:31 - 2012-12-02 14:22 - 00000000 ____D C:\ProgramData\tmp
2013-08-16 21:27 - 2013-08-16 21:27 - 00000000 ____D C:\Users\******\AppData\Roaming\WinRAR
2013-08-16 21:27 - 2013-08-16 21:27 - 00000000 ____D C:\Users\******\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
2013-08-16 21:27 - 2013-08-16 21:27 - 00000000 ____D C:\Program Files\WinRAR
2013-08-16 21:07 - 2009-07-14 05:20 - 00000000 __RHD C:\Users\Default
2013-08-16 21:05 - 2013-08-16 20:57 - 00000000 ____D C:\Windows\erdnt
2013-08-16 21:04 - 2009-07-14 04:34 - 00000215 _____ C:\Windows\system.ini
2013-08-16 20:36 - 2013-08-16 20:36 - 00023090 _____ C:\Users\******\Desktop\Addition.txt
2013-08-16 17:12 - 2013-08-16 20:27 - 00000048 _____ C:\Users\******\Desktop\Kasp pure.txt
2013-08-14 14:20 - 2013-08-14 14:20 - 00000000 ____D C:\Users\******\AppData\Local\{FD95CC53-8929-4C2E-A08B-287C4A9E8A93}
2013-08-12 19:57 - 2013-08-16 20:27 - 00000245 _____ C:\Users\******\Desktop\Lars******Virus.txt
2013-08-12 17:34 - 2013-08-12 17:34 - 00001099 _____ C:\AdwCleaner[S2].txt
2013-08-12 17:34 - 2013-08-12 17:34 - 00001036 _____ C:\AdwCleaner[R3].txt
2013-08-12 17:20 - 2011-05-02 15:29 - 00000000 ____D C:\ProgramData\McAfee
2013-08-12 17:16 - 2013-08-12 17:16 - 00000977 _____ C:\AdwCleaner[R2].txt
2013-08-12 17:14 - 2011-05-02 15:34 - 00000000 ____D C:\Program Files (x86)\Windows Live
2013-08-12 17:05 - 2013-01-31 09:02 - 00000000 ____D C:\Program Files\McAfee
2013-08-12 17:01 - 2013-08-12 17:01 - 00005328 _____ C:\AdwCleaner[S1].txt
2013-08-12 17:00 - 2013-08-12 17:00 - 00666633 _____ C:\Users\******\Downloads\adwcleaner.exe
2013-08-12 17:00 - 2013-08-12 17:00 - 00005266 _____ C:\AdwCleaner[R1].txt
2013-08-09 21:06 - 2013-08-08 21:48 - 00031744 _____ C:\Users\******\Documents\Fußballtipp 2013.xls
2013-08-09 17:14 - 2013-08-16 20:27 - 188758520 _____ (Kaspersky Lab) C:\Users\******\Desktop\pure13.0.2.558de-de.exe
2013-08-08 22:27 - 2013-08-08 22:26 - 00000000 ____D C:\Users\******\AppData\Local\{7E7E285D-C016-4D71-9214-848479C4AC70}
2013-08-08 21:48 - 2012-08-19 14:55 - 00031744 _____ C:\Users\******\Documents\Fußballtipp 2012 fertig.xls
==================== Bamital & volsnap Check =================
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
LastRegBack: 2013-09-03 22:37
==================== End Of Log ============================
|
|
04.09.2013, 08:27
| #6 |
| /// TB-Ausbilder | Win7 Home: Browser weiterleitung zu ihavenet.com Hallo, sieht gut aus, wir räumen noch auf. Schritt 1 Dein Java ist nicht mehr aktuell. Ältere Versionen enthalten Sicherheitslücken, die von Malware zur Infizierung per Drive-by Download missbraucht werden können. Die aktuelle Version ist Java 7 Update 25.
Überleg dir also, ob du eine Java-Installation wirklich brauchst. Falls du Java weiterhin verwenden möchtest, dann:
Schritt 2 Die Version deines Adobe PDF Readers ist veraltet, wir müssen ihn updaten:
Überprüfe dann mit diesem Plugin-Check (mit dem Firefox hier), ob nun alle deine verwendeten Versionen aktuell sind und update sie anderenfalls. Cleanup Zum Schluss werden wir jetzt noch unsere Tools (inklusive der Quarantäne-Ordner) wegräumen, die verseuchten Systemwiederherstellungspunkte löschen und alle Einstellungen wieder herrichten. Auch diese Schritte sind noch wichtig und sollten in der angegebenen Reihenfolge ausgeführt werden.
>> OK << Wir sind durch, deine Logs sehen für mich im Moment sauber aus.  Ich habe dir nachfolgend ein paar Hinweise und Tipps zusammengestellt, die dazu beitragen sollen, dass du in Zukunft unsere Hilfe nicht mehr brauchen wirst. Bitte gib mir danach noch eine kurze Rückmeldung, wenn auch von deiner Seite keine Probleme oder Fragen mehr offen sind, damit ich dieses Thema als erledigt betrachten kann. Epilog: Tipps, Dos & Don'ts  Aktualität von System und SoftwareDas Betriebsystem Windows muss zwingend immer auf dem neusten Stand sein. Stelle sicher, dass die automatischen Updates aktiviert sind:
Auch die installierte Software sollte immer in der aktuellsten Version vorliegen. Speziell gilt das für den Browser, Java, Flash-Player und PDF-Reader, denn bekannte Sicherheitslücken in deren alten Versionen werden dazu ausgenutzt, um beim blossen Besuch einer präparierten Website per Drive-by Download Malware zu installieren. Das kann sogar auf normalerweise legitimen Websites geschehen, wenn es einem Angreifer gelungen ist, seinen Code in die Seite einzuschleusen, und ist deshalb relativ unberechenbar.
Sicherheits-SoftwareEine Bemerkung vorneweg: Jede Softwarelösung hat ihre Schwächen. Die gesamte Verantwortung für die Sicherheit auf Software zu übertragen und einen Rundum-Schutz zu erwarten, wäre eine gefährliche Illusion. Bei unbedachtem oder bewusst risikoreichem Verhalten wird auch das beste Programm früher oder später seinen Dienst versagen (z.B. ein Virenscanner, der eine verseuchte Datei nicht erkennt). Trotzdem ist entsprechende Software natürlich wichtig und hilft dir in Kombination mit einem gut gewarteten (up-to-date) System und durchdachtem Verhalten, deinen Rechner sauber zu halten.
Es liegt in der Natur der Sache, dass die am weitesten verbreitete Anwendungs-Software auch am häufigsten von Malware-Autoren attackiert wird. Es kann daher bereits einen kleinen Sicherheitsgewinn darstellen, wenn man alternative Software (z.B. einen alternativen PDF Reader) benutzt. Anstelle des Internet Explorers kann man beispielsweise den Mozilla Firefox einsetzen, für welchen es zwei nützliche Addons zur Empfehlung gibt:
(Un-)Sicheres Verhalten im InternetNebst unbemerkten Drive-by Installationen wird Malware aber auch oft mehr oder weniger aktiv vom Benutzer selbst installiert. Der Besuch zwielichtiger Websites kann bereits Risiken bergen. Und Downloads aus dubiosen Quellen sind immer russisches Roulette. Auch wenn der Virenscanner im Moment darin keine Bedrohung erkennt, muss das nichts bedeuten.
Oft wird auch versucht, den Benutzer mit mehr oder weniger trickreichen Methoden dazu zu bringen, eine für ihn verhängnisvolle Handlung selbst auszuführen (Überbegriff Social Engineering).
Nervige Adware (Werbung) und unnötige Toolbars werden auch meist durch den Benutzer selbst mitinstalliert.
Allgemeine HinweiseAbschliessend noch ein paar grundsätzliche Bemerkungen:
Wenn du möchtest, kannst du das Forum mit einer kleinen Spende unterstützen. Es bleibt mir nur noch, dir unbeschwertes und sicheres Surfen zu wünschen und dass wir uns hier so bald nicht wiedersehen. 
__________________ --> Win7 Home: Browser weiterleitung zu ihavenet.com |
|
04.09.2013, 17:05
| #7 |
| | Win7 Home: Browser weiterleitung zu ihavenet.com Jut,jut.... Soweit ist bis auf weiteres alles aktuell. Ich konnte auch immer noch nicht die Weiterleitung provozieren. Schätze Du hast es für mich "getötet" Ich danke Dir für Deine Mühe und Geduld mit mir Ich habe zu allererst einmal das Avira Free gegen Kaspersky Pure 3.0 getauscht. Sicher ist sicher. Hoffe, nun ist erst einmal wieder Ruhe Also, nochmals herzlichen Dank und weiterhin viel Erfolg bei der Bekämpfung allerlei ungewünschter Schädlinge  |
|
04.09.2013, 17:11
| #8 |
| /// TB-Ausbilder | Win7 Home: Browser weiterleitung zu ihavenet.com Danke für die Rückmeldung. Freut mich, dass wir helfen konnten.  Falls du dem Forum noch Verbesserungsvorschläge, Kritik oder ein Lob mitgeben möchtest, kannst du das hier tun. Dieses Thema scheint erledigt und wird aus meinen Abos gelöscht. Ich bekomme somit keine Benachrichtigung mehr über neue Antworten. Solltest du das Thema erneut brauchen, schicke mir bitte eine PM und wir machen hier weiter. Jeder andere bitte diese Anleitung lesen und einen eigenen Thread erstellen.
__________________ cheers, Leo |
|
| Themen zu Win7 Home: Browser weiterleitung zu ihavenet.com |
| .com, 4d36e972-e325-11ce-bfc1-08002be10318, antivir, antivirus, avira, beseitigung, bootmgr, browser, browser weiterleitung, combofix, computer, converter, desktop, device driver, error, excel, farbar, farbar recovery scan tool, firefox, flash player, ftp, hdaudio.sys, home, iexplore.exe, ihavenet trojaner google umleitung virus, kaspersky, mozilla, nodrives, plug-in, realtek, registry, scan, seltsame seite, software, svchost.exe, usb, usbvideo.sys, warum, wildtangent games, wsearch |
Linear-Darstellung
