|
Plagegeister aller Art und deren Bekämpfung: Windows7: Infektion mit IhavenetWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
29.09.2013, 18:10 | #1 |
| Windows7: Infektion mit Ihavenet Hallo ihr alle! Ich hoffe, ich hab die Checkliste beachtet und das Thema hängt jetzt nicht irgendwo...bin nämlich neu hier. von daher nochmal Hallo an alle! Nachdem es mich jetzt wirklich nervt und ich mich soweit informiert habe, dass das ganze ein Virus ist, wende ich mich mit der Bitte um Hilfe an euch: Wie andere hier im Forum auch habe ich auf allen Browsern (Firefox und Internet explorer) das Problem, dass beim Anklicken der Suchergebnisse in allen Suchmaschinen meist auf ihavenet.com (Leerseite) umgeleitet wird, was ich bis jetzt ganz gut umgehen konnte, indem ich einfach direkt die URL in die Leiste eingefügt habe. (das ganze hat vor ner guten Woche angefangen). Seit jetzt aber mein Computer merklich langsamer geworden ist (seit 2 Tagen ungefähr), wollte ich mich doch mal bei euch melden, ob ihr mir nicht helfen könntet, den Virus vom Laptop zu werfen und ob das zusammenhängen kann? Falls es euch was nützt, kann ich euch gleich auch das OTL-Scanergebnis schicken, das hab ich vorsichtshalber schon mal gemacht, kenn mich aber damit nicht aus, deshalb wollte ich auf keinen Fall ohne Experten da rangehen. Viele Grüße und schon mal vielen Dank! micha |
29.09.2013, 18:39 | #2 |
/// the machine /// TB-Ausbilder | Windows7: Infektion mit Ihavenet hi,
__________________Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop: FRST 32-Bit | FRST 64-Bit (Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
__________________ |
29.09.2013, 19:22 | #3 |
| Windows7: Infektion mit Ihavenet Hi und schon mal Vielen Dank!
__________________hab jetzt genau deine Anweisungen befolgt, hab auch gesehen, dass ich mir vor ner woche schon mal FRST runtergeladen hatte und auch schon nen Scan gemacht hatte (hatte dann aber keine Folgen, weil ich ziemlich direkt danach gelesen habe, dass man die Ratschläge an die anderen User auf keinen Fall am eigenen Computer so nachmachen soll). Aber deshalb ist Addition.txt vom 15.9. Hier FRST.txt: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 27-09-2013 02 Ran by Michael Schoenball (administrator) on MICHAELSCHOENBA on 29-09-2013 20:06:35 Running from C:\Users\Michael Schoenball\Downloads Windows 7 Professional Service Pack 1 (X64) OS Language: German Standard Internet Explorer Version 10 Boot Mode: Normal ==================== Processes (Whitelisted) ================= (Validity Sensors, Inc.) C:\Windows\system32\vcsFPService.exe (Microsoft Corporation) C:\windows\system32\WLANExt.exe (DigitalPersona, Inc.) C:\Program Files\DigitalPersona\Bin\DpHostW.exe (Trend Micro Inc.) C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe (Trend Micro Inc.) C:\Program Files\Trend Micro\UniClient\UiFrmWrk\uiWatchDog.exe (Trend Micro Inc.) C:\Program Files\Trend Micro\AMSP\coreFrameworkHost.exe (Intel Corporation) C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe (Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe (DigitalPersona, Inc.) C:\Program Files (x86)\DigitalPersona\Bin\DPAgent.exe (Intel(R) Corporation) C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe (Conexant Systems Inc.) C:\Windows\system32\CxAudMsg64.exe (Conexant Systems, Inc.) C:\Program Files\Conexant\SA3\CxUtilSvc.exe (Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe (Dell, Inc.) C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe (Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe (SoftThinks SAS) C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE (Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe (Whilokii) C:\Program Files (x86)\Whilokii\updateWhilokii.exe (DigitalPersona, Inc.) C:\Program Files\DigitalPersona\Bin\DPAgent.exe (SoftThinks - Dell) C:\Program Files (x86)\Dell DataSafe Local Backup\TOASTER.EXE () C:\Program Files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe (Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation) C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE (Intel Corporation) C:\Windows\System32\igfxtray.exe (Intel Corporation) C:\Windows\System32\hkcmd.exe (Intel Corporation) C:\Windows\System32\igfxpers.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe () C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe (Dell Inc.) C:\Program Files\Dell\QuickSet\quickset.exe (Conexant Systems, Inc.) C:\Program Files\Conexant\SA3\SmartAudio3.exe (Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe (Trend Micro Inc.) C:\Program Files\Trend Micro\UniClient\UiFrmWrk\uiSeAgnt.exe (Microsoft Corporation) C:\Windows\System32\StikyNot.exe (Creative Technology Ltd) C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe (McAfee, Inc.) C:\Program Files (x86)\McAfee Security Scan\3.0.318\SSScheduler.exe () C:\Users\Michael Schoenball\AppData\Roaming\CBS Interactive\CNET TechTracker\TechTracker.exe (Dropbox, Inc.) C:\Users\Michael Schoenball\AppData\Roaming\Dropbox\bin\Dropbox.exe (OpenOffice.org) C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe (OpenOffice.org) C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin (Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe (Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\BTPlayerCtrl.exe (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe ==================== Registry (Whitelisted) ================== HKLM\...\Run: [HotKeysCmds] - C:\Windows\system32\hkcmd.exe [ ] () HKLM\...\Run: [SmartAudio] - C:\Program Files\CONEXANT\SA3\SACpl.exe [1573504 2011-06-24] (Conexant Systems, Inc.) HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2780968 2011-04-30] (Synaptics Incorporated) HKLM\...\Run: [FreeFallProtection] - C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe [686704 2010-12-17] () HKLM\...\Run: [QuickSet] - C:\Program Files\Dell\QuickSet\QuickSet.exe [3668336 2011-03-24] (Dell Inc.) HKLM\...\Run: [IntelPAN] - C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe [1935120 2011-07-28] (Intel(R) Corporation) HKLM\...\Run: [BTMTrayAgent] - rundll32.exe "C:\Program Files (x86)\Intel\Bluetooth\btmshell.dll",TrayApp HKLM\...\Run: [Trend Micro Client Framework] - C:\Program Files\Trend Micro\UniClient\UiFrmWrk\UIWatchDog.exe [192520 2011-05-21] (Trend Micro Inc.) HKLM\...\Run: [Trend Micro Titanium] - C:\Program Files\Trend Micro\Titanium\UIFramework\uiWinMgr.exe [1119392 2011-05-21] (Trend Micro Inc.) HKLM\...\Winlogon: [Userinit] C:\Windows\system32\userinit.exe,C:\Program Files (x86)\DigitalPersona\Bin\DPAgent.exe, Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation) HKCU\...\Run: [Udac] - rundll32 "C:\Users\Michael Schoenball\AppData\Roaming\msfeedsbsh.dll",Bwpybonxxw HKCU\...\Run: [RESTART_STICKY_NOTES] - C:\Windows\System32\StikyNot.exe [427520 2009-07-14] (Microsoft Corporation) HKLM-x32\...\Run: [Dell Webcam Central] - C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe [503942 2011-04-13] (Creative Technology Ltd) HKLM-x32\...\Run: [IAStorIcon] - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [283160 2011-02-18] (Intel Corporation) HKLM-x32\...\Run: [Dell DataSafe Online] - C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuClient.exe [1117528 2010-08-26] (Dell, Inc.) HKLM-x32\...\Run: [Adobe Reader Speed Launcher] - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe [35736 2010-11-16] (Adobe Systems Incorporated) HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [932288 2010-11-16] (Adobe Systems Incorporated) Lsa: [Notification Packages] DPPassFilter scecli Startup: C:\Users\Michael Schoenball\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CNET TechTracker.lnk ShortcutTarget: CNET TechTracker.lnk -> C:\Users\Michael Schoenball\AppData\Roaming\CBS Interactive\CNET TechTracker\TechTracker.exe () Startup: C:\Users\Michael Schoenball\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk ShortcutTarget: Dropbox.lnk -> C:\Users\Michael Schoenball\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) Startup: C:\Users\Michael Schoenball\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk ShortcutTarget: OpenOffice.org 3.3.lnk -> C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe () ==================== Internet (Whitelisted) ==================== ProxyServer: proxy.drsintra.de:8080 HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.qvo6.com/?utm_source=b&utm_medium=cor&utm_campaign=eXQ&utm_content=hp&from=cor&uid=TOSHIBAXMK5061GSYN_91QIT4V9TXX91QIT4V9T&ts=1380477115 HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.qvo6.com/?utm_source=b&utm_medium=cor&utm_campaign=eXQ&utm_content=hp&from=cor&uid=TOSHIBAXMK5061GSYN_91QIT4V9TXX91QIT4V9T&ts=1380477115 HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.qvo6.com/?utm_source=b&utm_medium=cor&utm_campaign=eXQ&utm_content=hp&from=cor&uid=TOSHIBAXMK5061GSYN_91QIT4V9TXX91QIT4V9T&ts=1380477115 HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.qvo6.com/?utm_source=b&utm_medium=cor&utm_campaign=eXQ&utm_content=hp&from=cor&uid=TOSHIBAXMK5061GSYN_91QIT4V9TXX91QIT4V9T&ts=1380477115 HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.qvo6.com/?utm_source=b&utm_medium=cor&utm_campaign=eXQ&utm_content=hp&from=cor&uid=TOSHIBAXMK5061GSYN_91QIT4V9TXX91QIT4V9T&ts=1380477115 HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.qvo6.com/?utm_source=b&utm_medium=cor&utm_campaign=eXQ&utm_content=hp&from=cor&uid=TOSHIBAXMK5061GSYN_91QIT4V9TXX91QIT4V9T&ts=1380477115 StartMenuInternet: IEXPLORE.EXE - C:\Program Files\Internet Explorer\iexplore.exe hxxp://www.qvo6.com/?utm_source=b&utm_medium=cor&utm_campaign=eXQ&utm_content=sc&from=cor&uid=TOSHIBAXMK5061GSYN_91QIT4V9TXX91QIT4V9T&ts=1380477115 SearchScopes: HKLM - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://search.qvo6.com/web/?utm_source=b&utm_medium=cor&utm_campaign=eXQ&utm_content=ds&from=cor&uid=TOSHIBAXMK5061GSYN_91QIT4V9TXX91QIT4V9T&ts=1380477115&type=default&q={searchTerms} SearchScopes: HKLM - {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://search.qvo6.com/web/?utm_source=b&utm_medium=cor&utm_campaign=eXQ&utm_content=ds&from=cor&uid=TOSHIBAXMK5061GSYN_91QIT4V9TXX91QIT4V9T&ts=1380477115&type=default&q={searchTerms} SearchScopes: HKLM-x32 - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://search.qvo6.com/web/?utm_source=b&utm_medium=cor&utm_campaign=eXQ&utm_content=ds&from=cor&uid=TOSHIBAXMK5061GSYN_91QIT4V9TXX91QIT4V9T&ts=1380477115&type=default&q={searchTerms} SearchScopes: HKLM-x32 - {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://search.qvo6.com/web/?utm_source=b&utm_medium=cor&utm_campaign=eXQ&utm_content=ds&from=cor&uid=TOSHIBAXMK5061GSYN_91QIT4V9TXX91QIT4V9T&ts=1380477115&type=default&q={searchTerms} SearchScopes: HKCU - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://search.qvo6.com/web/?utm_source=b&utm_medium=cor&utm_campaign=eXQ&utm_content=ds&from=cor&uid=TOSHIBAXMK5061GSYN_91QIT4V9TXX91QIT4V9T&ts=1380477115&type=default&q={searchTerms} SearchScopes: HKCU - {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = hxxp://www.searchgol.com/?q={searchTerms}&babsrc=SP_ss&mntrId=7C4EAC7289E1E5F2&affID=119357&tsp=5020 SearchScopes: HKCU - {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://search.qvo6.com/web/?utm_source=b&utm_medium=cor&utm_campaign=eXQ&utm_content=ds&from=cor&uid=TOSHIBAXMK5061GSYN_91QIT4V9TXX91QIT4V9T&ts=1380477115&type=default&q={searchTerms} BHO: TmIEPlugInBHO Class - {1CA1377B-DC1D-4A52-9585-6E06050FAC53} - C:\Program Files\Trend Micro\AMSP\Module\20004\1.5.1464\6.6.1077\TmIEPlg.dll (Trend Micro Inc.) BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) BHO: TmBpIeBHO Class - {BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC} - C:\Program Files\Trend Micro\AMSP\Module\20002\6.6.1010\6.6.1010\TmBpIe64.dll (Trend Micro Inc.) BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.) BHO-x32: MSS+ Identifier - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files (x86)\McAfee Security Scan\3.0.318\McAfeeMSS_IE.dll (McAfee, Inc.) BHO-x32: iminent Helper Object - {112BA211-334C-4A90-90EC-2AD1CDAB287C} - C:\Program Files (x86)\IminentToolbar\1.8.25.0\bh\iminent.dll No File BHO-x32: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated) BHO-x32: TmIEPlugInBHO Class - {1CA1377B-DC1D-4A52-9585-6E06050FAC53} - C:\Program Files\Trend Micro\AMSP\Module\20004\1.5.1464\6.6.1077\TmIEPlg32.dll (Trend Micro Inc.) BHO-x32: Whilokii - {204df522-9a96-4a72-abb0-60f7a216d6d2} - C:\Program Files (x86)\Whilokii\Whilokiibho.dll (Whilokii) BHO-x32: Windows Live ID-Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) BHO-x32: TmBpIeBHO Class - {BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC} - C:\Program Files\Trend Micro\AMSP\Module\20002\6.6.1010\6.6.1010\TmBpIe32.dll (Trend Micro Inc.) BHO-x32: delta Helper Object - {C1AF5FA5-852C-4C90-812E-A7F75E011D87} - C:\Program Files (x86)\Delta\delta\1.8.24.6\bh\delta.dll (Delta-search.com) BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.) BHO-x32: BonanzaDeals - {fe063412-bea4-4d76-8ed3-183be6220d17} - C:\Program Files (x86)\BonanzaDeals\BonanzaDealsIE.dll (BonanzaDeals) Toolbar: HKLM-x32 - Delta Toolbar - {82E1477C-B154-48D3-9891-33D83C26BCD3} - C:\Program Files (x86)\Delta\delta\1.8.24.6\deltaTlbr.dll (Delta-search.com) Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - No File Handler: tmbp - {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - C:\Program Files\Trend Micro\AMSP\Module\20002\6.6.1010\6.6.1010\TmBpIe64.dll (Trend Micro Inc.) Handler: tmpx - {0E526CB5-7446-41D1-A403-19BFE95E8C23} - C:\Program Files\Trend Micro\AMSP\Module\20004\1.5.1464\6.6.1077\TmIEPlg.dll (Trend Micro Inc.) Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies) Handler-x32: tmbp - {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - C:\Program Files\Trend Micro\AMSP\Module\20002\6.6.1010\6.6.1010\TmBpIe32.dll (Trend Micro Inc.) Handler-x32: tmpx - {0E526CB5-7446-41D1-A403-19BFE95E8C23} - C:\Program Files\Trend Micro\AMSP\Module\20004\1.5.1464\6.6.1077\TmIEPlg32.dll (Trend Micro Inc.) Tcpip\Parameters: [DhcpNameServer] 192.168.178.1 FireFox: ======== FF ProfilePath: C:\Users\Michael Schoenball\AppData\Roaming\Mozilla\Firefox\Profiles\6z3bu6ez.default FF user.js: detected! => C:\Users\Michael Schoenball\AppData\Roaming\Mozilla\Firefox\Profiles\6z3bu6ez.default\user.js FF NewTab: hxxp://www.qvo6.com/newtab/?utm_source=b&utm_medium=cor&utm_campaign=eXQ&utm_content=nt&from=cor&uid=TOSHIBAXMK5061GSYN_91QIT4V9TXX91QIT4V9T&ts=1380477115 FF DefaultSearchEngine: qvo6 FF SearchEngineOrder.1: Google.at FF SelectedSearchEngine: qvo6 FF Homepage: hxxp://www.qvo6.com/?utm_source=b&utm_medium=cor&utm_campaign=eXQ&utm_content=hp&from=cor&uid=TOSHIBAXMK5061GSYN_91QIT4V9TXX91QIT4V9T&ts=1380477115 FF NetworkProxy: "ftp", "proxy.drsintra.net" FF NetworkProxy: "ftp_port", 8080 FF NetworkProxy: "http", "proxy.drsintra.net" FF NetworkProxy: "http_port", 8080 FF NetworkProxy: "socks", "proxy.drsintra.net" FF NetworkProxy: "socks_port", 8080 FF NetworkProxy: "ssl", "proxy.drsintra.net" FF NetworkProxy: "ssl_port", 8080 FF Plugin: @adobe.com/FlashPlayer - C:\windows\system32\Macromed\Flash\NPSWF64_11_8_800_168.dll () FF Plugin: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf - C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.) FF Plugin: @java.com/JavaPlugin - C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation) FF Plugin-x32: @adobe.com/FlashPlayer - C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_168.dll () FF Plugin-x32: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf - C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.) FF Plugin-x32: @java.com/JavaPlugin - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF Plugin-x32: @mcafee.com/McAfeeMssPlugin - C:\Program Files (x86)\McAfee Security Scan\3.0.318\npMcAfeeMss.dll (McAfee, Inc.) FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin-x32: @tools.bdupdater.com/BonanzaDealsLive Update;version=3 - C:\Program Files (x86)\BonanzaDealsLive\Update\1.3.23.0\npGoogleUpdate3.dll (BonanzaDeals) FF Plugin-x32: @tools.bdupdater.com/BonanzaDealsLive Update;version=9 - C:\Program Files (x86)\BonanzaDealsLive\Update\1.3.23.0\npGoogleUpdate3.dll (BonanzaDeals) FF Plugin-x32: @videolan.org/vlc,version=2.0.3 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN) FF SearchPlugin: C:\Users\Michael Schoenball\AppData\Roaming\Mozilla\Firefox\Profiles\6z3bu6ez.default\searchplugins\iminent.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\qvo6.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml FF Extension: Delta Toolbar - C:\Users\Michael Schoenball\AppData\Roaming\Mozilla\Firefox\Profiles\6z3bu6ez.default\Extensions\ffxtlbr@delta.com FF Extension: BonanzaDeals - C:\Users\Michael Schoenball\AppData\Roaming\Mozilla\Firefox\Profiles\6z3bu6ez.default\Extensions\{f9d03c26-0575-497e-821d-f7956d23e0ca} FF Extension: firefox - C:\Users\Michael Schoenball\AppData\Roaming\Mozilla\Firefox\Profiles\6z3bu6ez.default\Extensions\firefox@whilokii.net.xpi FF HKLM-x32\...\Firefox\Extensions: [{22C7F6C6-8D67-4534-92B5-529A0EC09405}] - C:\Program Files\Trend Micro\AMSP\Module\20004\1.5.1464\6.6.1077\firefoxextension\ FF Extension: Trend Micro NSC Firefox Extension - C:\Program Files\Trend Micro\AMSP\Module\20004\1.5.1464\6.6.1077\firefoxextension\ FF HKLM-x32\...\Firefox\Extensions: [otis@digitalpersona.com] - C:\Program Files (x86)\DigitalPersona\Bin\FirefoxExt\ FF Extension: DigitalPersona Extension - C:\Program Files (x86)\DigitalPersona\Bin\FirefoxExt\ FF StartMenuInternet: FIREFOX.EXE - C:\Program Files (x86)\Mozilla Firefox\firefox.exe hxxp://www.qvo6.com/?utm_source=b&utm_medium=cor&utm_campaign=eXQ&utm_content=sc&from=cor&uid=TOSHIBAXMK5061GSYN_91QIT4V9TXX91QIT4V9T&ts=1380477115 Chrome: ======= Error reading preferences. Please check "preferences" file for possible corruption. <======= ATTENTION CHR Extension: (BonanzaDeals) - C:\Users\MICHAE~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\ieadcoanfjloocmfafkebdnfefmohngj\3.5.0.0_0 CHR Extension: (Iminent Chrome Toolbar) - C:\Users\MICHAE~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkhojieggfgllhllcegoffdcnmdeojgb\2.0_0 CHR HKLM-x32\...\Chrome\Extension: [eooncjejnppfjjklapaamhcdmjbilmde] - C:\Users\Michael Schoenball\AppData\Roaming\BabSolution\CR\Delta.crx CHR HKLM-x32\...\Chrome\Extension: [hpomcmndppalndoljdilmfkkjkcnongl] - C:\Program Files (x86)\1clickmoviedownloader.com\clickmoviedownloader10.crx CHR HKLM-x32\...\Chrome\Extension: [pkhojieggfgllhllcegoffdcnmdeojgb] - C:\Program Files (x86)\IminentToolbar\1.8.25.0\iminent.crx ==================== Services (Whitelisted) ================= S2 bonanzadealslive; C:\Program Files (x86)\BonanzaDealsLive\Update\BonanzaDealsLive.exe [148976 2013-09-29] (BonanzaDeals) S3 bonanzadealslivem; C:\Program Files (x86)\BonanzaDealsLive\Update\BonanzaDealsLive.exe [148976 2013-09-29] (BonanzaDeals) R2 CxUtilSvc; C:\Program Files\Conexant\SA3\CxUtilSvc.exe [28288 2011-06-24] (Conexant Systems, Inc.) S3 McComponentHostService; C:\Program Files (x86)\McAfee Security Scan\3.0.318\McCHSvc.exe [235216 2013-02-05] (McAfee, Inc.) S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [340240 2011-07-28] () R2 Update Whilokii; C:\Program Files (x86)\Whilokii\updateWhilokii.exe [206616 2013-09-26] (Whilokii) R2 Amsp; "C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe" coreFrameworkHost.exe -m=rb -dt=60000 [x] ==================== Drivers (Whitelisted) ==================== S3 esgiguard; C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [13088 2011-03-02] () R2 tmactmon; C:\Windows\System32\DRIVERS\tmactmon.sys [90896 2011-05-21] (Trend Micro Inc.) R2 tmcomm; C:\Windows\System32\DRIVERS\tmcomm.sys [144656 2011-05-21] (Trend Micro Inc.) R2 tmevtmgr; C:\Windows\System32\DRIVERS\tmevtmgr.sys [69392 2011-05-21] (Trend Micro Inc.) R1 tmtdi; C:\Windows\System32\DRIVERS\tmtdi.sys [105552 2011-05-21] (Trend Micro Inc.) ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2013-09-29 20:02 - 2013-09-29 20:02 - 01953880 _____ (Farbar) C:\Users\Michael Schoenball\Downloads\FRST64.exe 2013-09-29 19:47 - 2013-09-29 19:55 - 00000946 _____ C:\windows\Tasks\BonanzaDealsLiveUpdateTaskMachineCore.job 2013-09-29 19:47 - 2013-09-29 19:52 - 00000950 _____ C:\windows\Tasks\BonanzaDealsLiveUpdateTaskMachineUA.job 2013-09-29 19:47 - 2013-09-29 19:47 - 00003946 _____ C:\windows\System32\Tasks\BonanzaDealsLiveUpdateTaskMachineUA 2013-09-29 19:47 - 2013-09-29 19:47 - 00003694 _____ C:\windows\System32\Tasks\BonanzaDealsLiveUpdateTaskMachineCore 2013-09-29 19:47 - 2013-09-29 19:47 - 00003434 _____ C:\windows\System32\Tasks\EPUpdater 2013-09-29 19:47 - 2013-09-29 19:47 - 00000000 ____D C:\Users\Michael Schoenball\AppData\Roaming\BabSolution 2013-09-29 19:47 - 2013-09-29 19:47 - 00000000 ____D C:\Users\Michael Schoenball\AppData\Local\BonanzaDealsLive 2013-09-29 19:47 - 2013-09-29 19:47 - 00000000 ____D C:\ProgramData\DSearchLink 2013-09-29 19:47 - 2013-09-29 19:47 - 00000000 ____D C:\ProgramData\BonanzaDealsLive 2013-09-29 19:47 - 2013-09-29 19:47 - 00000000 ____D C:\Program Files (x86)\Delta 2013-09-29 19:47 - 2013-09-29 19:47 - 00000000 ____D C:\Program Files (x86)\BonanzaDealsLive 2013-09-29 19:46 - 2013-09-29 19:57 - 00003304 _____ C:\windows\System32\Tasks\DigitalSite 2013-09-29 19:46 - 2013-09-29 19:57 - 00000324 _____ C:\windows\Tasks\DigitalSite.job 2013-09-29 19:46 - 2013-09-29 19:47 - 00000000 ____D C:\Program Files (x86)\Whilokii 2013-09-29 19:46 - 2013-09-29 19:46 - 00749248 _____ C:\Users\Michael Schoenball\Downloads\ZipExtractorSetup.exe 2013-09-29 19:46 - 2013-09-29 19:46 - 00003412 _____ C:\windows\System32\Tasks\BonanzaDealsUpdate 2013-09-29 19:46 - 2013-09-29 19:46 - 00000000 ____D C:\Users\Michael Schoenball\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BonanzaDeals 2013-09-29 19:46 - 2013-09-29 19:46 - 00000000 ____D C:\Users\Michael Schoenball\AppData\Roaming\DigitalSite 2013-09-29 19:46 - 2013-09-29 19:46 - 00000000 ____D C:\Users\Michael Schoenball\AppData\Roaming\Babylon 2013-09-29 19:46 - 2013-09-29 19:46 - 00000000 ____D C:\ProgramData\Babylon 2013-09-29 19:46 - 2013-09-29 19:46 - 00000000 ____D C:\Program Files (x86)\OpenIt 2013-09-29 19:46 - 2013-09-29 19:46 - 00000000 ____D C:\Program Files (x86)\BonanzaDeals 2013-09-29 19:43 - 2013-09-29 19:43 - 00060510 _____ C:\Users\Michael Schoenball\Desktop\Extras.Txt 2013-09-29 19:41 - 2013-09-29 19:41 - 00112384 _____ C:\Users\Michael Schoenball\Desktop\OTL.Txt 2013-09-29 19:24 - 2013-09-29 19:43 - 00060510 _____ C:\Users\Michael Schoenball\Downloads\Extras.Txt 2013-09-29 19:23 - 2013-09-29 19:23 - 00112384 _____ C:\Users\Michael Schoenball\Downloads\OTL.Txt 2013-09-29 18:41 - 2013-09-29 18:41 - 00602112 _____ (OldTimer Tools) C:\Users\Michael Schoenball\Downloads\OTL.exe 2013-09-28 18:29 - 2013-09-28 18:30 - 00000000 ____D C:\Users\Michael Schoenball\AppData\Local\{42CD3EEC-23F5-44FA-B066-5A3017DF5D98} 2013-09-28 18:29 - 2013-09-28 18:29 - 00000000 ____D C:\Users\Michael Schoenball\AppData\Roaming\Windows Live Writer 2013-09-28 18:29 - 2013-09-28 18:29 - 00000000 ____D C:\Users\Michael Schoenball\AppData\Local\Windows Live Writer 2013-09-27 20:20 - 2013-09-27 20:20 - 00001116 _____ C:\Users\Public\Desktop\OpenOffice 4.0.1.lnk 2013-09-27 20:20 - 2013-09-27 20:20 - 00000000 ____D C:\Users\Michael Schoenball\AppData\Roaming\OpenOffice 2013-09-27 20:19 - 2013-09-27 20:19 - 00000000 ____D C:\Program Files (x86)\OpenOffice 4 2013-09-27 20:10 - 2013-09-27 20:13 - 163606685 _____ C:\Users\Michael Schoenball\Downloads\Apache_OpenOffice_4.0.1_Win_x86_install_de.exe 2013-09-27 11:40 - 2013-09-27 13:22 - 00000000 ____D C:\Users\Michael Schoenball\Desktop\Lieder 30 WFD 2013-09-27 11:26 - 2013-09-19 22:09 - 16999796 ____C C:\Users\Michael Schoenball\Downloads\jens_kober1 - Kopie.jpg.tif 2013-09-26 09:56 - 2013-09-26 09:57 - 00000000 ____D C:\Users\Michael Schoenball\Downloads\Marie Kees fotos 2013-09-26 09:32 - 2013-09-26 09:32 - 02650026 _____ C:\Users\Michael Schoenball\Downloads\awfotos30jahrewfd.zip 2013-09-26 09:29 - 2013-09-26 09:29 - 00010460 _____ C:\Users\Michael Schoenball\Downloads\rooming list academic orchestra 2013.xlsx 2013-09-23 14:39 - 2013-09-29 19:51 - 00001445 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk 2013-09-19 22:07 - 2013-09-19 22:09 - 16999796 _____ C:\Users\Michael Schoenball\Downloads\jens_kober1.tif 2013-09-19 12:38 - 2013-09-23 14:39 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox 2013-09-17 15:06 - 2013-09-17 15:08 - 05216044 _____ C:\Users\Michael Schoenball\Downloads\cusanus2.wav 2013-09-17 00:23 - 2013-09-17 00:23 - 00827392 _____ () C:\Users\Michael Schoenball\Downloads\videoperformerSetup.exe 2013-09-17 00:20 - 2013-09-17 00:20 - 00575704 _____ C:\Users\Michael Schoenball\Downloads\Player_Setup.exe 2013-09-16 13:05 - 2013-09-16 13:05 - 00007898 _____ C:\Users\Michael Schoenball\Downloads\Raster Bühnenprogramm.odt 2013-09-16 01:18 - 2013-09-16 01:19 - 00000000 ____D C:\Users\Michael Schoenball\Documents\Initiativen, Kampagnen 2013-09-15 21:39 - 2013-09-15 21:39 - 97671483 _____ C:\windows\SysWOW64\Ꮆ㶊 2013-09-15 15:40 - 2013-09-15 15:40 - 00000000 ____D C:\FRST 2013-09-15 15:30 - 2013-09-15 15:30 - 00000000 ____D C:\windows\ERUNT 2013-09-15 15:24 - 2013-09-16 14:16 - 00000000 ____D C:\AdwCleaner 2013-09-15 15:23 - 2013-09-15 15:23 - 01039554 _____ C:\Users\Michael Schoenball\Downloads\adwcleaner.exe 2013-09-14 01:52 - 2013-09-14 01:52 - 00000000 ____D C:\Users\Michael Schoenball\AppData\Local\Google 2013-09-14 01:50 - 2013-09-14 01:50 - 00000000 ____D C:\Program Files (x86)\1clickmoviedownloader.com 2013-09-12 10:42 - 2013-08-10 07:22 - 00051712 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe 2013-09-12 10:42 - 2013-08-10 07:20 - 02647040 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll 2013-09-12 10:42 - 2013-08-10 07:20 - 00526336 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll 2013-09-12 10:42 - 2013-08-10 07:20 - 00136704 _____ (Microsoft Corporation) C:\windows\system32\iesysprep.dll 2013-09-12 10:42 - 2013-08-10 07:20 - 00067072 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll 2013-09-12 10:42 - 2013-08-10 07:20 - 00039936 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll 2013-09-12 10:42 - 2013-08-10 05:58 - 02048000 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll 2013-09-12 10:42 - 2013-08-10 05:58 - 00391168 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieui.dll 2013-09-12 10:42 - 2013-08-10 05:58 - 00109056 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesysprep.dll 2013-09-12 10:42 - 2013-08-10 05:58 - 00061440 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesetup.dll 2013-09-12 10:42 - 2013-08-10 05:58 - 00033280 _____ (Microsoft Corporation) C:\windows\SysWOW64\iernonce.dll 2013-09-12 10:42 - 2013-08-10 05:17 - 02706432 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb 2013-09-12 10:42 - 2013-08-10 05:07 - 02706432 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.tlb 2013-09-12 10:42 - 2013-08-10 04:27 - 00089600 _____ (Microsoft Corporation) C:\windows\system32\RegisterIEPKEYs.exe 2013-09-12 10:42 - 2013-08-10 04:17 - 00071680 _____ (Microsoft Corporation) C:\windows\SysWOW64\RegisterIEPKEYs.exe 2013-09-12 09:36 - 2013-08-10 07:22 - 02241024 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll 2013-09-12 09:36 - 2013-08-10 07:22 - 01365504 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll 2013-09-12 09:36 - 2013-08-10 07:21 - 19246592 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll 2013-09-12 09:36 - 2013-08-10 07:21 - 00603136 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll 2013-09-12 09:36 - 2013-08-10 07:21 - 00053248 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll 2013-09-12 09:36 - 2013-08-10 07:20 - 15404544 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll 2013-09-12 09:36 - 2013-08-10 07:20 - 03959296 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll 2013-09-12 09:36 - 2013-08-10 07:20 - 00855552 _____ (Microsoft Corporation) C:\windows\system32\jscript.dll 2013-09-12 09:36 - 2013-08-10 05:59 - 01767936 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll 2013-09-12 09:36 - 2013-08-10 05:59 - 01141248 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll 2013-09-12 09:36 - 2013-08-10 05:58 - 14332928 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll 2013-09-12 09:36 - 2013-08-10 05:58 - 13761024 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll 2013-09-12 09:36 - 2013-08-10 05:58 - 02876928 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll 2013-09-12 09:36 - 2013-08-10 05:58 - 00690688 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript.dll 2013-09-12 09:36 - 2013-08-10 05:58 - 00493056 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll 2013-09-12 09:36 - 2013-08-10 05:58 - 00039424 _____ (Microsoft Corporation) C:\windows\SysWOW64\jsproxy.dll 2013-09-11 09:37 - 2013-08-08 03:20 - 03155456 _____ (Microsoft Corporation) C:\windows\system32\win32k.sys 2013-09-11 09:37 - 2013-08-05 04:25 - 00155584 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ataport.sys 2013-09-11 09:37 - 2013-08-02 04:23 - 05550528 _____ (Microsoft Corporation) C:\windows\system32\ntoskrnl.exe 2013-09-11 09:37 - 2013-08-02 04:15 - 01732032 _____ (Microsoft Corporation) C:\windows\system32\ntdll.dll 2013-09-11 09:37 - 2013-08-02 04:15 - 00362496 _____ (Microsoft Corporation) C:\windows\system32\wow64win.dll 2013-09-11 09:37 - 2013-08-02 04:15 - 00243712 _____ (Microsoft Corporation) C:\windows\system32\wow64.dll 2013-09-11 09:37 - 2013-08-02 04:15 - 00013312 _____ (Microsoft Corporation) C:\windows\system32\wow64cpu.dll 2013-09-11 09:37 - 2013-08-02 04:14 - 00215040 _____ (Microsoft Corporation) C:\windows\system32\winsrv.dll 2013-09-11 09:37 - 2013-08-02 04:14 - 00016384 _____ (Microsoft Corporation) C:\windows\system32\ntvdm64.dll 2013-09-11 09:37 - 2013-08-02 04:13 - 01161216 _____ (Microsoft Corporation) C:\windows\system32\kernel32.dll 2013-09-11 09:37 - 2013-08-02 04:13 - 00424448 _____ (Microsoft Corporation) C:\windows\system32\KernelBase.dll 2013-09-11 09:37 - 2013-08-02 04:12 - 00043520 _____ (Microsoft Corporation) C:\windows\system32\csrsrv.dll 2013-09-11 09:37 - 2013-08-02 04:12 - 00006656 _____ (Microsoft Corporation) C:\windows\system32\apisetschema.dll 2013-09-11 09:37 - 2013-08-02 04:12 - 00006144 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-security-base-l1-1-0.dll 2013-09-11 09:37 - 2013-08-02 04:12 - 00005120 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-file-l1-1-0.dll 2013-09-11 09:37 - 2013-08-02 04:12 - 00004608 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-threadpool-l1-1-0.dll 2013-09-11 09:37 - 2013-08-02 04:12 - 00004608 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-processthreads-l1-1-0.dll 2013-09-11 09:37 - 2013-08-02 04:12 - 00004096 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll 2013-09-11 09:37 - 2013-08-02 04:12 - 00004096 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-synch-l1-1-0.dll 2013-09-11 09:37 - 2013-08-02 04:12 - 00004096 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-localregistry-l1-1-0.dll 2013-09-11 09:37 - 2013-08-02 04:12 - 00004096 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-localization-l1-1-0.dll 2013-09-11 09:37 - 2013-08-02 04:12 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll 2013-09-11 09:37 - 2013-08-02 04:12 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll 2013-09-11 09:37 - 2013-08-02 04:12 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll 2013-09-11 09:37 - 2013-08-02 04:12 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-misc-l1-1-0.dll 2013-09-11 09:37 - 2013-08-02 04:12 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-memory-l1-1-0.dll 2013-09-11 09:37 - 2013-08-02 04:12 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll 2013-09-11 09:37 - 2013-08-02 04:12 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-heap-l1-1-0.dll 2013-09-11 09:37 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-xstate-l1-1-0.dll 2013-09-11 09:37 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-util-l1-1-0.dll 2013-09-11 09:37 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-string-l1-1-0.dll 2013-09-11 09:37 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-profile-l1-1-0.dll 2013-09-11 09:37 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-io-l1-1-0.dll 2013-09-11 09:37 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-interlocked-l1-1-0.dll 2013-09-11 09:37 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-handle-l1-1-0.dll 2013-09-11 09:37 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-fibers-l1-1-0.dll 2013-09-11 09:37 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll 2013-09-11 09:37 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-delayload-l1-1-0.dll 2013-09-11 09:37 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-debug-l1-1-0.dll 2013-09-11 09:37 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-datetime-l1-1-0.dll 2013-09-11 09:37 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-console-l1-1-0.dll 2013-09-11 09:37 - 2013-08-02 03:59 - 03968960 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntkrnlpa.exe 2013-09-11 09:37 - 2013-08-02 03:59 - 03913664 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntoskrnl.exe 2013-09-11 09:37 - 2013-08-02 03:51 - 01292192 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntdll.dll 2013-09-11 09:37 - 2013-08-02 03:50 - 01114112 _____ (Microsoft Corporation) C:\windows\SysWOW64\kernel32.dll 2013-09-11 09:37 - 2013-08-02 03:50 - 00274944 _____ (Microsoft Corporation) C:\windows\SysWOW64\KernelBase.dll 2013-09-11 09:37 - 2013-08-02 03:50 - 00005120 _____ (Microsoft Corporation) C:\windows\SysWOW64\wow32.dll 2013-09-11 09:37 - 2013-08-02 03:48 - 00006656 _____ (Microsoft Corporation) C:\windows\SysWOW64\apisetschema.dll 2013-09-11 09:37 - 2013-08-02 03:48 - 00005120 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll 2013-09-11 09:37 - 2013-08-02 03:48 - 00004608 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll 2013-09-11 09:37 - 2013-08-02 03:48 - 00004096 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll 2013-09-11 09:37 - 2013-08-02 03:48 - 00004096 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll 2013-09-11 09:37 - 2013-08-02 03:48 - 00004096 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll 2013-09-11 09:37 - 2013-08-02 03:48 - 00004096 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll 2013-09-11 09:37 - 2013-08-02 03:48 - 00004096 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll 2013-09-11 09:37 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll 2013-09-11 09:37 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll 2013-09-11 09:37 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll 2013-09-11 09:37 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll 2013-09-11 09:37 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll 2013-09-11 09:37 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll 2013-09-11 09:37 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll 2013-09-11 09:37 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll 2013-09-11 09:37 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll 2013-09-11 09:37 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll 2013-09-11 09:37 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll 2013-09-11 09:37 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll 2013-09-11 09:37 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll 2013-09-11 09:37 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll 2013-09-11 09:37 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll 2013-09-11 09:37 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll 2013-09-11 09:37 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll 2013-09-11 09:37 - 2013-08-02 03:09 - 00338432 _____ (Microsoft Corporation) C:\windows\system32\conhost.exe 2013-09-11 09:37 - 2013-08-02 02:59 - 00112640 _____ (Microsoft Corporation) C:\windows\system32\smss.exe 2013-09-11 09:37 - 2013-08-02 02:45 - 00025600 _____ (Microsoft Corporation) C:\windows\SysWOW64\setup16.exe 2013-09-11 09:37 - 2013-08-02 02:45 - 00014336 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntvdm64.dll 2013-09-11 09:37 - 2013-08-02 02:45 - 00007680 _____ (Microsoft Corporation) C:\windows\SysWOW64\instnm.exe 2013-09-11 09:37 - 2013-08-02 02:45 - 00002048 _____ (Microsoft Corporation) C:\windows\SysWOW64\user.exe 2013-09-11 09:37 - 2013-08-02 02:43 - 00006144 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll 2013-09-11 09:37 - 2013-08-02 02:43 - 00004608 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll 2013-09-11 09:37 - 2013-08-02 02:43 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll 2013-09-11 09:37 - 2013-08-02 02:43 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll 2013-09-11 09:37 - 2013-07-26 04:24 - 14172672 _____ (Microsoft Corporation) C:\windows\system32\shell32.dll 2013-09-11 09:37 - 2013-07-26 04:24 - 00197120 _____ (Microsoft Corporation) C:\windows\system32\shdocvw.dll 2013-09-11 09:37 - 2013-07-26 03:55 - 12872704 _____ (Microsoft Corporation) C:\windows\SysWOW64\shell32.dll 2013-09-11 09:37 - 2013-07-26 03:55 - 00180224 _____ (Microsoft Corporation) C:\windows\SysWOW64\shdocvw.dll 2013-09-11 09:20 - 2013-09-12 00:12 - 97181529 _____ C:\windows\SysWOW64\䌾懚X 2013-09-10 23:54 - 2013-09-29 19:53 - 00000000 ____D C:\ProgramData\Avira 2013-09-10 23:51 - 2013-09-10 23:51 - 02092792 _____ C:\Users\Michael Schoenball\Downloads\avira_free_4052_antivirus.exe 2013-09-10 18:19 - 2013-09-10 18:19 - 00442368 __RSH C:\Users\Michael Schoenball\AppData\Roaming\msfeedsbsh.dll 2013-09-04 11:59 - 2013-09-04 11:59 - 00019212 _____ C:\Users\Michael Schoenball\Documents\Trinksprüche.odt ==================== One Month Modified Files and Folders ======= 2013-09-29 20:03 - 2009-07-14 06:45 - 00020720 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2013-09-29 20:03 - 2009-07-14 06:45 - 00020720 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2013-09-29 20:02 - 2013-09-29 20:02 - 01953880 _____ (Farbar) C:\Users\Michael Schoenball\Downloads\FRST64.exe 2013-09-29 19:59 - 2011-10-22 22:33 - 01591942 _____ C:\windows\WindowsUpdate.log 2013-09-29 19:57 - 2013-09-29 19:46 - 00003304 _____ C:\windows\System32\Tasks\DigitalSite 2013-09-29 19:57 - 2013-09-29 19:46 - 00000324 _____ C:\windows\Tasks\DigitalSite.job 2013-09-29 19:57 - 2012-02-28 16:29 - 00000000 ___RD C:\Users\Michael Schoenball\Dropbox 2013-09-29 19:57 - 2012-02-28 16:26 - 00000000 ____D C:\Users\Michael Schoenball\AppData\Roaming\Dropbox 2013-09-29 19:55 - 2013-09-29 19:47 - 00000946 _____ C:\windows\Tasks\BonanzaDealsLiveUpdateTaskMachineCore.job 2013-09-29 19:55 - 2011-10-28 11:41 - 00000000 ____D C:\Users\Michael Schoenball\AppData\Local\SoftThinks 2013-09-29 19:55 - 2011-10-22 23:53 - 00000000 ____D C:\Program Files (x86)\Dell DataSafe Local Backup 2013-09-29 19:55 - 2009-07-14 07:08 - 00000006 ____H C:\windows\Tasks\SA.DAT 2013-09-29 19:55 - 2009-07-14 06:51 - 00091974 _____ C:\windows\setupact.log 2013-09-29 19:54 - 2010-11-21 05:47 - 00383690 _____ C:\windows\PFRO.log 2013-09-29 19:53 - 2013-09-10 23:54 - 00000000 ____D C:\ProgramData\Avira 2013-09-29 19:52 - 2013-09-29 19:47 - 00000950 _____ C:\windows\Tasks\BonanzaDealsLiveUpdateTaskMachineUA.job 2013-09-29 19:51 - 2013-09-23 14:39 - 00001445 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk 2013-09-29 19:51 - 2011-10-28 11:45 - 00001731 _____ C:\Users\Michael Schoenball\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk 2013-09-29 19:47 - 2013-09-29 19:47 - 00003946 _____ C:\windows\System32\Tasks\BonanzaDealsLiveUpdateTaskMachineUA 2013-09-29 19:47 - 2013-09-29 19:47 - 00003694 _____ C:\windows\System32\Tasks\BonanzaDealsLiveUpdateTaskMachineCore 2013-09-29 19:47 - 2013-09-29 19:47 - 00003434 _____ C:\windows\System32\Tasks\EPUpdater 2013-09-29 19:47 - 2013-09-29 19:47 - 00000000 ____D C:\Users\Michael Schoenball\AppData\Roaming\BabSolution 2013-09-29 19:47 - 2013-09-29 19:47 - 00000000 ____D C:\Users\Michael Schoenball\AppData\Local\BonanzaDealsLive 2013-09-29 19:47 - 2013-09-29 19:47 - 00000000 ____D C:\ProgramData\DSearchLink 2013-09-29 19:47 - 2013-09-29 19:47 - 00000000 ____D C:\ProgramData\BonanzaDealsLive 2013-09-29 19:47 - 2013-09-29 19:47 - 00000000 ____D C:\Program Files (x86)\Delta 2013-09-29 19:47 - 2013-09-29 19:47 - 00000000 ____D C:\Program Files (x86)\BonanzaDealsLive 2013-09-29 19:47 - 2013-09-29 19:46 - 00000000 ____D C:\Program Files (x86)\Whilokii 2013-09-29 19:46 - 2013-09-29 19:46 - 00749248 _____ C:\Users\Michael Schoenball\Downloads\ZipExtractorSetup.exe 2013-09-29 19:46 - 2013-09-29 19:46 - 00003412 _____ C:\windows\System32\Tasks\BonanzaDealsUpdate 2013-09-29 19:46 - 2013-09-29 19:46 - 00000000 ____D C:\Users\Michael Schoenball\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BonanzaDeals 2013-09-29 19:46 - 2013-09-29 19:46 - 00000000 ____D C:\Users\Michael Schoenball\AppData\Roaming\DigitalSite 2013-09-29 19:46 - 2013-09-29 19:46 - 00000000 ____D C:\Users\Michael Schoenball\AppData\Roaming\Babylon 2013-09-29 19:46 - 2013-09-29 19:46 - 00000000 ____D C:\ProgramData\Babylon 2013-09-29 19:46 - 2013-09-29 19:46 - 00000000 ____D C:\Program Files (x86)\OpenIt 2013-09-29 19:46 - 2013-09-29 19:46 - 00000000 ____D C:\Program Files (x86)\BonanzaDeals 2013-09-29 19:43 - 2013-09-29 19:43 - 00060510 _____ C:\Users\Michael Schoenball\Desktop\Extras.Txt 2013-09-29 19:43 - 2013-09-29 19:24 - 00060510 _____ C:\Users\Michael Schoenball\Downloads\Extras.Txt 2013-09-29 19:41 - 2013-09-29 19:41 - 00112384 _____ C:\Users\Michael Schoenball\Desktop\OTL.Txt 2013-09-29 19:28 - 2013-02-14 20:59 - 00000884 _____ C:\windows\Tasks\Adobe Flash Player Updater.job 2013-09-29 19:23 - 2013-09-29 19:23 - 00112384 _____ C:\Users\Michael Schoenball\Downloads\OTL.Txt 2013-09-29 18:41 - 2013-09-29 18:41 - 00602112 _____ (OldTimer Tools) C:\Users\Michael Schoenball\Downloads\OTL.exe 2013-09-29 17:52 - 2011-10-23 01:23 - 10897636 _____ C:\windows\system32\perfh007.dat 2013-09-29 17:52 - 2011-10-23 01:23 - 03442566 _____ C:\windows\system32\perfc007.dat 2013-09-29 17:52 - 2009-07-14 07:13 - 00006756 _____ C:\windows\system32\PerfStringBackup.INI 2013-09-28 18:30 - 2013-09-28 18:29 - 00000000 ____D C:\Users\Michael Schoenball\AppData\Local\{42CD3EEC-23F5-44FA-B066-5A3017DF5D98} 2013-09-28 18:29 - 2013-09-28 18:29 - 00000000 ____D C:\Users\Michael Schoenball\AppData\Roaming\Windows Live Writer 2013-09-28 18:29 - 2013-09-28 18:29 - 00000000 ____D C:\Users\Michael Schoenball\AppData\Local\Windows Live Writer 2013-09-28 18:23 - 2011-10-28 11:41 - 00068552 _____ C:\Users\Michael Schoenball\AppData\Local\GDIPFONTCACHEV1.DAT 2013-09-28 18:22 - 2009-07-14 06:45 - 00303664 _____ C:\windows\system32\FNTCACHE.DAT 2013-09-28 00:39 - 2011-11-10 01:42 - 00000000 ____D C:\Users\Michael Schoenball\AppData\Roaming\SoftGrid Client 2013-09-27 20:20 - 2013-09-27 20:20 - 00001116 _____ C:\Users\Public\Desktop\OpenOffice 4.0.1.lnk 2013-09-27 20:20 - 2013-09-27 20:20 - 00000000 ____D C:\Users\Michael Schoenball\AppData\Roaming\OpenOffice 2013-09-27 20:19 - 2013-09-27 20:19 - 00000000 ____D C:\Program Files (x86)\OpenOffice 4 2013-09-27 20:18 - 2009-07-14 05:20 - 00000000 ____D C:\Program Files\Common Files\Microsoft Shared 2013-09-27 20:13 - 2013-09-27 20:10 - 163606685 _____ C:\Users\Michael Schoenball\Downloads\Apache_OpenOffice_4.0.1_Win_x86_install_de.exe 2013-09-27 13:22 - 2013-09-27 11:40 - 00000000 ____D C:\Users\Michael Schoenball\Desktop\Lieder 30 WFD 2013-09-26 09:57 - 2013-09-26 09:56 - 00000000 ____D C:\Users\Michael Schoenball\Downloads\Marie Kees fotos 2013-09-26 09:32 - 2013-09-26 09:32 - 02650026 _____ C:\Users\Michael Schoenball\Downloads\awfotos30jahrewfd.zip 2013-09-26 09:29 - 2013-09-26 09:29 - 00010460 _____ C:\Users\Michael Schoenball\Downloads\rooming list academic orchestra 2013.xlsx 2013-09-25 12:25 - 2013-06-03 23:22 - 00003440 _____ C:\windows\System32\Tasks\PCDEventLauncherTask 2013-09-23 14:39 - 2013-09-19 12:38 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox 2013-09-22 10:40 - 2012-06-10 19:28 - 00000000 ____D C:\Users\Michael Schoenball\Documents\Theologische Texte Impulse 2013-09-21 12:11 - 2013-06-03 23:22 - 00000000 ____D C:\Program Files\My Dell 2013-09-21 12:11 - 2012-03-06 16:00 - 00000000 ____D C:\ProgramData\PCDr 2013-09-20 11:28 - 2013-02-14 20:59 - 00692616 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerApp.exe 2013-09-20 11:28 - 2013-02-14 20:59 - 00071048 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl 2013-09-20 11:28 - 2013-02-14 20:59 - 00003822 _____ C:\windows\System32\Tasks\Adobe Flash Player Updater 2013-09-19 22:09 - 2013-09-27 11:26 - 16999796 ____C C:\Users\Michael Schoenball\Downloads\jens_kober1 - Kopie.jpg.tif 2013-09-19 22:09 - 2013-09-19 22:07 - 16999796 _____ C:\Users\Michael Schoenball\Downloads\jens_kober1.tif 2013-09-19 13:39 - 2011-10-28 16:49 - 00000000 ____D C:\Users\Michael Schoenball\AppData\Local\Mozilla 2013-09-17 15:08 - 2013-09-17 15:06 - 05216044 _____ C:\Users\Michael Schoenball\Downloads\cusanus2.wav 2013-09-17 00:23 - 2013-09-17 00:23 - 00827392 _____ () C:\Users\Michael Schoenball\Downloads\videoperformerSetup.exe 2013-09-17 00:20 - 2013-09-17 00:20 - 00575704 _____ C:\Users\Michael Schoenball\Downloads\Player_Setup.exe 2013-09-16 14:16 - 2013-09-15 15:24 - 00000000 ____D C:\AdwCleaner 2013-09-16 13:05 - 2013-09-16 13:05 - 00007898 _____ C:\Users\Michael Schoenball\Downloads\Raster Bühnenprogramm.odt 2013-09-16 01:22 - 2012-09-26 22:29 - 00000000 ____D C:\Users\Michael Schoenball\Documents\Noten 2013-09-16 01:20 - 2013-04-19 16:51 - 00000000 ____D C:\Users\Michael Schoenball\Documents\Cusanuswerk 2013-09-16 01:19 - 2013-09-16 01:18 - 00000000 ____D C:\Users\Michael Schoenball\Documents\Initiativen, Kampagnen 2013-09-15 21:39 - 2013-09-15 21:39 - 97671483 _____ C:\windows\SysWOW64\Ꮆ㶊 2013-09-15 15:40 - 2013-09-15 15:40 - 00000000 ____D C:\FRST 2013-09-15 15:30 - 2013-09-15 15:30 - 00000000 ____D C:\windows\ERUNT 2013-09-15 15:23 - 2013-09-15 15:23 - 01039554 _____ C:\Users\Michael Schoenball\Downloads\adwcleaner.exe 2013-09-14 10:11 - 2013-02-14 20:59 - 00002592 _____ C:\windows\SysWOW64\InstallUtil.InstallLog 2013-09-14 09:59 - 2011-10-28 11:45 - 00000000 ___RD C:\Users\Michael Schoenball\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup 2013-09-14 09:59 - 2011-10-28 11:45 - 00000000 ___RD C:\Users\Michael Schoenball\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools 2013-09-14 01:52 - 2013-09-14 01:52 - 00000000 ____D C:\Users\Michael Schoenball\AppData\Local\Google 2013-09-14 01:50 - 2013-09-14 01:50 - 00000000 ____D C:\Program Files (x86)\1clickmoviedownloader.com 2013-09-12 09:36 - 2011-11-10 01:41 - 00000000 ____D C:\Program Files (x86)\Microsoft Application Virtualization Client 2013-09-12 00:12 - 2013-09-11 09:20 - 97181529 _____ C:\windows\SysWOW64\䌾懚X 2013-09-10 23:51 - 2013-09-10 23:51 - 02092792 _____ C:\Users\Michael Schoenball\Downloads\avira_free_4052_antivirus.exe 2013-09-10 18:19 - 2013-09-10 18:19 - 00442368 __RSH C:\Users\Michael Schoenball\AppData\Roaming\msfeedsbsh.dll 2013-09-04 16:15 - 2012-11-05 00:12 - 00000000 ____D C:\Users\Michael Schoenball\Documents\Collegium musicum 2013-09-04 11:59 - 2013-09-04 11:59 - 00019212 _____ C:\Users\Michael Schoenball\Documents\Trinksprüche.odt Some content of TEMP: ==================== C:\Users\Michael Schoenball\AppData\Local\Temp\GenericUninstall.exe C:\Users\Michael Schoenball\AppData\Local\Temp\ICReinstall_ZipExtractorSetup.exe C:\Users\Michael Schoenball\AppData\Local\Temp\mgsqlite3.dll C:\Users\Michael Schoenball\AppData\Local\Temp\MSN8CBE.exe C:\Users\Michael Schoenball\AppData\Local\Temp\Player_Setup.exe C:\Users\Michael Schoenball\AppData\Local\Temp\Quarantine.exe C:\Users\Michael Schoenball\AppData\Local\Temp\Shortcut_BundleSweetIMSetup.exe C:\Users\Michael Schoenball\AppData\Local\Temp\SHSetup.exe C:\Users\Michael Schoenball\AppData\Local\Temp\SimboApp.exe C:\Users\Michael Schoenball\AppData\Local\Temp\SIMEEIInstaller.exe C:\Users\Michael Schoenball\AppData\Local\Temp\uninstaller.exe ==================== Bamital & volsnap Check ================= C:\Windows\System32\winlogon.exe => MD5 is legit C:\Windows\System32\wininit.exe => MD5 is legit C:\Windows\SysWOW64\wininit.exe => MD5 is legit C:\Windows\explorer.exe => MD5 is legit C:\Windows\SysWOW64\explorer.exe => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\SysWOW64\svchost.exe => MD5 is legit C:\Windows\System32\services.exe => MD5 is legit C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\SysWOW64\User32.dll => MD5 is legit C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\SysWOW64\userinit.exe => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit LastRegBack: 2013-09-21 13:45 ==================== End Of Log ============================ Und noch Addition: Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x64) Version: 15-09-2013 04 Ran by Michael Schoenball at 2013-09-15 15:41:49 Running from C:\Users\Michael Schoenball\Downloads Boot Mode: Normal ========================================================== ==================== Installed Programs ======================= AccelerometerP11 (x32 Version: 2.00.11.22) Adobe Flash Player 11 ActiveX (x32 Version: 11.8.800.174) Adobe Flash Player 11 Plugin (x32 Version: 11.8.800.168) Adobe Reader X MUI (x32 Version: 10.0.0) Advanced Audio FX Engine (x32 Version: 1.12.05) ALDI Bestellsoftware 4.12.2 (x32 Version: 4.12.2) Avira Free Antivirus (x32 Version: 13.0.0.4052) CNET TechTracker (HKCU Version: 2.0.4) Conexant SmartAudio HD (Version: 8.54.16.0) D3DX10 (x32 Version: 15.4.2368.0902) Dell DataSafe Local Backup - Support Software (x32 Version: 9.4.57) Dell DataSafe Local Backup (x32 Version: 9.4.57) Dell DataSafe Online (x32 Version: 2.1.19634) Dell Edoc Viewer (Version: 1.0.0) Dell Touchpad (Version: 15.3.5.0) Dell Webcam Central (x32 Version: 2.00.44) DigitalPersona Fingerprint Software 5.20 (Version: 5.20.230) Dropbox (HKCU Version: 2.0.22) ffdshow v1.2.4422 [2012-04-09] (x32 Version: 1.2.4422.0) Intel PROSet Wireless Intel PROSet Wireless (x32) Intel(R) Control Center (x32 Version: 1.2.1.1007) Intel(R) Management Engine Components (x32 Version: 7.0.0.1144) Intel(R) Processor Graphics (x32 Version: 8.15.10.2418) Intel(R) PROSet/Wireless Software for Bluetooth(R) Technology (Version: 1.2.0.0587) Intel(R) PROSet/Wireless WiFi-Software (Version: 14.2.0000) Intel(R) Rapid Storage Technology (x32 Version: 10.1.5.1001) Intel(R) WiDi (x32 Version: 2.1.35.0) Intel(R) Wireless Display Java Auto Updater (x32 Version: 2.0.6.1) Java(TM) 6 Update 22 (x32 Version: 6.0.220) Java(TM) 6 Update 27 (64-bit) (Version: 6.0.270) Java(TM) 6 Update 27 (x32 Version: 6.0.270) Junk Mail filter update (x32 Version: 15.4.3502.0922) Lidl-Druckservice (x32) McAfee Security Scan Plus (x32 Version: 3.0.318.3) Mesh Runtime (x32 Version: 15.4.5722.2) Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319) Microsoft .NET Framework 4 Extended (Version: 4.0.30319) Microsoft Application Error Reporting (Version: 12.0.6015.5000) Microsoft Office Klick-und-Los 2010 (Version: 14.0.4763.1000) Microsoft Office Klick-und-Los 2010 (x32 Version: 14.0.4763.1000) Microsoft Office Starter 2010 - Deutsch (x32 Version: 14.0.4763.1000) Microsoft Silverlight (Version: 5.1.20513.0) Microsoft SQL Server 2005 Compact Edition [ENU] (x32 Version: 3.1.0000) Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.61001) Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.59192) Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.61000) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (Version: 9.0.30729) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (Version: 9.0.30729.4148) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (x32 Version: 9.0.30729) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (x32 Version: 9.0.30729) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (x32 Version: 9.0.30729.4148) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (x32 Version: 9.0.30729.6161) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (x32 Version: 10.0.40219) Mozilla Firefox 23.0.1 (x86 de) (x32 Version: 23.0.1) Mozilla Maintenance Service (x32 Version: 23.0.1) MSVCRT (x32 Version: 15.4.2862.0708) MSVCRT_amd64 (x32 Version: 15.4.2862.0708) My Dell (Version: 3.3.6280.92) Online Sheet Music Viewer 8.3.4.0 (x32 Version: 8.3.4.0) OpenOffice.org 3.3 (x32 Version: 3.3.9567) PDF-XChange Viewer (Version: 2.5.203.0) Quickset64 (Version: 10.09.25) Realtek Ethernet Controller Driver (x32 Version: 7.43.321.2011) Realtek USB 2.0 Card Reader (x32 Version: 6.1.7600.30127) Skype Toolbars (x32 Version: 1.0.4051) Skype™ 6.0 (x32 Version: 6.0.126) SpyHunter (Version: 4.14.5.4268) TI USB 3.0 Host Controller Driver (x32 Version: 1.12.14.0) TI USB3 Host Driver (x32 Version: 1.12.14.0) Trend Micro Titanium Internet Security (Version: 3.00) Trend Micro Titanium Internet Security (Version: 3.1) Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (x32 Version: 1) Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (x32 Version: 1) Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (x32 Version: 1) Update for Microsoft .NET Framework 4 Client Profile (KB2836939) (x32 Version: 1) Update for Microsoft .NET Framework 4 Extended (KB2468871) (x32 Version: 1) Update for Microsoft .NET Framework 4 Extended (KB2533523) (x32 Version: 1) Update for Microsoft .NET Framework 4 Extended (KB2600217) (x32 Version: 1) Update for Microsoft .NET Framework 4 Extended (KB2836939) (x32 Version: 1) Validity Sensors DDK (Version: 4.3.108.0) VLC media player 2.0.3 (x32 Version: 2.0.3) Windows Live Communications Platform (x32 Version: 15.4.3502.0922) Windows Live Essentials (x32 Version: 15.4.3502.0922) Windows Live Essentials (x32 Version: 15.4.3508.1109) Windows Live Fotogalerie (x32 Version: 15.4.3502.0922) Windows Live ID Sign-in Assistant (Version: 7.250.4225.0) Windows Live Installer (x32 Version: 15.4.3502.0922) Windows Live Language Selector (Version: 15.4.3508.1109) Windows Live Mail (x32 Version: 15.4.3502.0922) Windows Live Mesh (x32 Version: 15.4.3502.0922) Windows Live Mesh ActiveX control for remote connections (x32 Version: 15.4.5722.2) Windows Live Messenger (x32 Version: 15.4.3502.0922) Windows Live MIME IFilter (Version: 15.4.3502.0922) Windows Live Movie Maker (x32 Version: 15.4.3502.0922) Windows Live Photo Common (x32 Version: 15.4.3502.0922) Windows Live Photo Gallery (x32 Version: 15.4.3502.0922) Windows Live PIMT Platform (x32 Version: 15.4.3508.1109) Windows Live Remote Client (Version: 15.4.5722.2) Windows Live Remote Client Resources (Version: 15.4.5722.2) Windows Live Remote Service (Version: 15.4.5722.2) Windows Live Remote Service Resources (Version: 15.4.5722.2) Windows Live SOXE (x32 Version: 15.4.3502.0922) Windows Live SOXE Definitions (x32 Version: 15.4.3502.0922) Windows Live UX Platform (x32 Version: 15.4.3502.0922) Windows Live UX Platform Language Pack (x32 Version: 15.4.3508.1109) Windows Live Writer (x32 Version: 15.4.3502.0922) Windows Live Writer Resources (x32 Version: 15.4.3502.0922) ==================== Restore Points ========================= 17-08-2013 01:00:50 Windows Update 17-08-2013 21:25:50 Removed SpyHunter 17-08-2013 21:26:29 Removed SpyHunter 17-08-2013 21:27:15 Removed SpyHunter 17-08-2013 21:27:56 Removed SpyHunter 17-08-2013 21:28:25 Removed SpyHunter 01-09-2013 01:00:43 Windows Update 10-09-2013 11:25:19 Geplanter Prüfpunkt 11-09-2013 23:21:02 Windows Update 12-09-2013 07:28:51 Windows Update 14-09-2013 08:02:38 Windows Update ==================== Hosts content: ========================== 2009-07-14 04:34 - 2009-06-10 23:00 - 00000824 ____N C:\windows\system32\Drivers\etc\hosts ==================== Scheduled Tasks (whitelisted) ============= Task: {014BB435-4429-4308-A8DB-01D00A3CF27A} - \Plus-HD-2.2-enabler No Task File Task: {044A6734-E90E-4F8F-B357-B2DC8AB3B5EC} - System32\Tasks\Microsoft\Windows\Time Synchronization\SynchronizeTime => Sc.exe start w32time task_started Task: {15B84A37-73AA-4869-A06D-E7AA88C6D47B} - \Plus-HD-2.2-codedownloader No Task File Task: {2CEC6748-7224-4E2B-85AC-024798B46651} - System32\Tasks\Games\UpdateCheck_S-1-5-21-1894675805-202365497-958786631-1000 Task: {2E19A77F-AED3-4314-AE61-B2DC582AAE87} - System32\Tasks\SpyHunter4Startup => C:\Program Files\Enigma Software Group\SpyHunter\Spyhunter4.exe [2013-06-27] (Enigma Software Group USA, LLC.) Task: {3181EBD2-583D-4DB6-9F96-EFFD47F1FB1E} - \Plus-HD-2.2-firefoxinstaller No Task File Task: {4555AB94-DFF8-4A1F-BF68-0D0553D8055F} - System32\Tasks\Adobe Flash Player Updater => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-09-14] (Adobe Systems Incorporated) Task: {51D4C549-BA97-4F67-814E-495B7373F6E1} - System32\Tasks\Microsoft\Windows Live\SOXE\Extractor Definitions Update Task Task: {59757BBF-ECEB-4B65-8EC6-49B33C1BCBE1} - \Plus-HD-2.2-updater No Task File Task: {8661A60D-040C-4BE9-AC93-9CF122458CA1} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate_scheduled => C:\Windows\ehome\mcupdate.exe [2010-11-21] (Microsoft Corporation) Task: {89A46F7C-B61F-441E-856C-FF6FF96CF401} - System32\Tasks\SystemToolsDailyTest => C:\Windows\System32\uaclauncher.exe Task: {9A8F6E69-17A1-4339-9826-EC467D275E7A} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc Task: {AA758349-3C25-4FA7-9648-32663E049FBB} - System32\Tasks\PCDoctorBackgroundMonitorTask => C:\Program Files\My Dell\uaclauncher.exe [2013-05-07] (PC-Doctor, Inc.) Task: {C94F73EB-1379-48A1-8757-BED7BE825626} - System32\Tasks\JavaUpdateSched => %COMMONPROGRAMFILES(x86)%\Java\Java Update\jusched.exe Task: {E40C5598-2CD6-4BEE-A5F6-03F1157A20B0} - System32\Tasks\PCDEventLauncherTask => C:\Program Files\My Dell\sessionchecker.exe [2013-07-18] (PC-Doctor, Inc.) Task: C:\windows\Tasks\Adobe Flash Player Updater.job => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe ==================== Loaded Modules (whitelisted) ============= 2013-01-09 17:38 - 2012-11-23 05:13 - 00068608 _____ (Microsoft Corporation) C:\windows\system32\taskhost.exe 2010-12-29 20:53 - 2010-12-29 20:53 - 00931664 _____ (DigitalPersona, Inc.) C:\Program Files\DigitalPersona\Bin\DpoFeedb.dll 2009-07-14 02:18 - 2009-07-14 03:38 - 00022016 _____ (Microsoft Corporation) C:\windows\system32\imaadp32.acm 2009-07-14 02:18 - 2009-07-14 03:38 - 00014848 _____ (Microsoft Corporation) C:\windows\system32\msg711.acm 2009-07-14 02:18 - 2009-07-14 03:38 - 00029184 _____ (Microsoft Corporation) C:\windows\system32\msgsm32.acm 2009-07-14 02:18 - 2009-07-14 03:38 - 00024064 _____ (Microsoft Corporation) C:\windows\system32\msadp32.acm 2009-07-14 02:22 - 2009-07-14 03:38 - 00081408 _____ (Fraunhofer Institut Integrierte Schaltungen IIS) C:\Windows\System32\l3codeca.acm 2010-12-29 19:45 - 2010-12-29 19:45 - 00178512 _____ (DigitalPersona, Inc.) C:\Program Files\DigitalPersona\Bin\DpoSet.dll 2010-12-29 20:54 - 2010-12-29 20:54 - 00740688 _____ (DigitalPersona, Inc.) C:\Program Files (x86)\DigitalPersona\Bin\DPAgent.exe 2009-07-14 01:37 - 2009-07-14 03:39 - 00120320 _____ (Microsoft Corporation) C:\windows\system32\Dwm.exe 2011-10-23 01:04 - 2011-06-20 09:16 - 00167704 _____ (Intel Corporation) C:\Windows\System32\igfxtray.exe 2011-10-23 01:04 - 2011-06-10 20:45 - 00286720 _____ (Intel Corporation) C:\windows\system32\igfxrDEU.lrc 2011-10-23 01:04 - 2011-06-20 09:16 - 00392472 _____ (Intel Corporation) C:\Windows\System32\hkcmd.exe 2011-10-23 01:04 - 2011-06-20 09:16 - 00416024 _____ (Intel Corporation) C:\Windows\System32\igfxpers.exe 2011-10-23 01:04 - 2011-06-10 20:36 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll 2011-10-23 01:04 - 2011-04-30 04:00 - 02780968 _____ (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe 2011-10-23 01:04 - 2011-04-30 04:00 - 00411432 _____ (Synaptics Incorporated) C:\Windows\system32\SynCOM.dll 2011-10-23 01:04 - 2011-04-30 04:00 - 00226088 _____ (Synaptics Incorporated) C:\windows\system32\SynTPAPI.dll 2011-10-22 22:56 - 2010-12-17 17:25 - 00686704 _____ () C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe 2011-03-24 21:13 - 2011-03-24 21:13 - 03668336 _____ (Dell Inc.) C:\Program Files\Dell\QuickSet\quickset.exe 2011-07-28 03:51 - 2011-07-28 03:51 - 01935120 _____ (Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe 2011-07-28 03:44 - 2011-07-28 03:44 - 01077248 _____ (Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\PsRegApi.dll 2011-07-28 03:07 - 2011-07-28 03:07 - 01501696 _____ () C:\Program Files\Common Files\Intel\WirelessCommon\LIBEAY32.dll 2011-07-28 04:20 - 2011-07-28 04:20 - 00045568 _____ (Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\LangResources\DEU\FrWrkDEU.dll 2011-07-28 03:55 - 2011-07-28 03:55 - 01746432 _____ (Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\FrameworkPlugins\PanTray.dll 2011-07-28 03:46 - 2011-07-28 03:46 - 01045504 _____ (Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\TraceAPI.DLL 2011-07-28 03:44 - 2011-07-28 03:44 - 00234496 _____ (Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\WiMAXCoEx.dll 2011-07-28 03:50 - 2011-07-28 03:50 - 02072576 _____ (Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\PfMgrApi.dll 2011-07-28 03:51 - 2011-07-28 03:51 - 01278976 _____ (Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\MurocApi.dll 2011-07-28 03:46 - 2011-07-28 03:46 - 00841728 _____ (Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\IntStngs.dll 2011-07-28 03:53 - 2011-07-28 03:53 - 00570368 _____ (Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\PanApi.dll 2011-07-28 03:44 - 2011-07-28 03:44 - 00177152 _____ (Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\S24MUDLL.dll 2011-07-28 04:24 - 2011-07-28 04:24 - 00097280 _____ (Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\LangResources\DEU\PanTrDEU.dll 2011-10-23 01:15 - 2011-05-21 09:45 - 01410504 _____ (Trend Micro Inc.) C:\Program Files\Trend Micro\UniClient\UiFrmWrk\uiSeAgnt.exe 2011-10-22 23:36 - 2011-05-21 10:01 - 00059168 _____ (Trend Micro Inc.) C:\Program Files\Trend Micro\AMSP\utilDebugLog.dll 2011-10-22 23:36 - 2011-05-21 10:01 - 00047104 _____ () C:\Program Files\Trend Micro\AMSP\boost_thread-vc80-mt-1_36.dll 2011-10-22 23:36 - 2011-05-21 10:01 - 00042496 _____ () C:\Program Files\Trend Micro\AMSP\boost_date_time-vc80-mt-1_36.dll 2011-10-22 23:36 - 2011-05-21 10:01 - 00091104 _____ (Trend Micro Inc.) C:\Program Files\Trend Micro\AMSP\utilMsgBuffer.dll 2011-10-22 23:37 - 2011-05-21 10:01 - 00144640 _____ (Trend Micro Inc.) C:\Program Files\Trend Micro\AMSP\utilJsonHandle.dll 2011-10-22 23:36 - 2011-05-21 10:01 - 00376408 _____ (Trend Micro Inc.) C:\Program Files\Trend Micro\AMSP\outer_AMSP_ClientLibrary.dll 2011-10-22 23:36 - 2011-05-21 10:01 - 00107584 _____ (Trend Micro Inc.) C:\Program Files\Trend Micro\AMSP\utilIPC.dll 2011-10-22 23:36 - 2011-05-21 10:01 - 00024672 _____ (Trend Micro Inc.) C:\Program Files\Trend Micro\AMSP\utilThread.dll 2011-10-22 23:36 - 2011-05-21 10:01 - 00137448 _____ (Trend Micro Inc.) C:\Program Files\Trend Micro\AMSP\utilRPC.dll 2011-10-22 23:36 - 2011-05-21 10:01 - 00032912 _____ (Trend Micro Inc.) C:\Program Files\Trend Micro\AMSP\utilAccessControl.dll 2011-10-22 23:36 - 2011-05-21 10:01 - 00528336 _____ (Trend Micro Inc.) C:\Program Files\Trend Micro\AMSP\utilInstallation.dll 2011-10-22 23:36 - 2011-05-21 10:01 - 00095224 _____ (Trend Micro Inc.) C:\Program Files\Trend Micro\AMSP\utilComponentInfo.dll 2011-10-22 23:36 - 2011-05-21 10:01 - 00030864 _____ (Trend Micro Inc.) C:\Program Files\Trend Micro\AMSP\utilGenericLoader.dll 2011-10-22 22:40 - 2011-04-13 17:39 - 00503942 ____N (Creative Technology Ltd) C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe 2010-11-21 05:24 - 2010-11-21 05:24 - 00464384 _____ (Microsoft Corporation) C:\windows\system32\taskeng.exe 2013-06-27 23:46 - 2013-06-27 23:46 - 07529344 _____ (Enigma Software Group USA, LLC.) C:\Program Files\Enigma Software Group\SpyHunter\Spyhunter4.exe 2013-06-27 23:46 - 2013-06-27 23:46 - 00721792 _____ (Enigma Software Group USA, LLC.) C:\Program Files\Enigma Software Group\SpyHunter\ExecutionGuard.dll 2013-06-27 23:46 - 2013-06-27 23:46 - 03017088 _____ (Enigma Software Group USA, LLC.) C:\Program Files\Enigma Software Group\SpyHunter\ShScanner.dll 2013-06-27 23:46 - 2013-06-27 23:46 - 01190272 _____ (Enigma Software Group USA, LLC.) C:\Program Files\Enigma Software Group\SpyHunter\Defman.dll 2013-06-27 23:46 - 2013-06-27 23:46 - 00546688 _____ (Enigma Software Group USA, LLC.) C:\Program Files\Enigma Software Group\SpyHunter\Common.dll 2011-12-01 22:24 - 2011-12-01 22:24 - 02624512 _____ () C:\Users\Michael Schoenball\AppData\Roaming\CBS Interactive\CNET TechTracker\TechTracker.exe 2013-05-25 02:47 - 2013-05-25 02:47 - 27776968 _____ (Dropbox, Inc.) C:\Users\Michael Schoenball\AppData\Roaming\Dropbox\bin\Dropbox.exe 2009-07-14 01:56 - 2009-07-14 03:39 - 00193536 _____ (Microsoft Corporation) C:\windows\system32\NOTEPAD.EXE 2011-10-22 22:53 - 2011-06-24 05:36 - 00417408 _____ (Conexant Systems, Inc.) C:\Program Files\Conexant\SA3\SmartAudio3.exe 2011-10-22 22:53 - 2011-06-24 05:36 - 00212096 _____ (Conexant Systems, Inc.) C:\Program Files\Conexant\SA3\SmartAudio.Core.dll 2011-10-22 22:53 - 2011-05-23 21:43 - 00114688 _____ ( ) C:\Program Files\Conexant\SA3\Interop.CxHDAudioAPILib.dll 2011-10-22 22:53 - 2011-05-23 21:43 - 01233408 _____ (Conexant Systems, Inc.) C:\Program Files\Conexant\SA3\CxHDAudioAPI.dll 2011-10-22 22:53 - 2011-05-26 01:53 - 00014848 _____ ( ) C:\Program Files\Conexant\SA3\Interop.SRSAPOInterface.dll 2011-10-22 22:53 - 2011-06-24 05:36 - 00030208 _____ (Conexant Systems, Inc.) C:\Program Files\Conexant\SA3\SmartAudio.Creative.dll 2011-10-22 22:53 - 2011-06-24 05:36 - 02534016 _____ (Conexant Systems, Inc.) C:\Program Files\Conexant\SA3\SmartAudio.Dell.dll 2011-10-22 22:53 - 2011-06-24 05:36 - 00414848 _____ (Conexant Systems, Inc.) C:\Program Files\Conexant\SA3\SmartAudio.Localization.dll 2011-10-22 22:53 - 2011-06-24 05:36 - 00098304 _____ (Conexant Systems, Inc.) C:\Program Files\Conexant\SA3\SmartAudio.SRS.dll 2011-10-22 22:53 - 2011-06-24 03:48 - 00356352 _____ (Conexant Systems, Inc.) C:\Program Files\Conexant\SA3\Languages\de-DE\SmartAudio.resources.dll 2011-10-22 22:53 - 2011-06-08 01:32 - 00464384 _____ (SRS Labs, Inc.) C:\Program Files\Conexant\SA3\slapoi64.dll 2010-12-29 20:54 - 2010-12-29 20:54 - 00386416 _____ (DigitalPersona, Inc.) C:\Program Files\DigitalPersona\Bin\DPAgent.exe 2009-07-14 01:47 - 2009-07-14 03:39 - 00047104 _____ (Microsoft Corporation) C:\windows\system32\wbem\unsecapp.exe 2011-10-22 23:53 - 2011-07-08 17:12 - 02749248 ____N () C:\Program Files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE 2011-10-23 01:04 - 2011-04-30 04:00 - 00121640 _____ (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe 2010-11-21 05:24 - 2010-11-21 05:24 - 00302592 _____ (Microsoft Corporation) C:\windows\SysWOW64\cmd.exe 2013-09-11 09:37 - 2013-08-02 03:09 - 00338432 _____ (Microsoft Corporation) C:\windows\system32\conhost.exe 2012-07-12 14:09 - 2012-06-03 00:19 - 00057880 _____ (Microsoft Corporation) C:\windows\system32\wuauclt.exe 2011-07-29 10:49 - 2011-02-25 08:19 - 02871808 _____ (Microsoft Corporation) C:\windows\explorer.exe 2013-09-12 00:13 - 2013-09-12 00:13 - 01862024 _____ (Adobe Systems, Inc.) C:\windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_8_800_168.exe 2011-10-22 23:30 - 2011-05-04 07:19 - 00113664 _____ (Microsoft Corporation) C:\windows\system32\SearchFilterHost.exe 2013-09-15 15:40 - 2013-09-15 15:40 - 01951102 _____ (Farbar) C:\Users\Michael Schoenball\Downloads\FRST64.exe 2010-12-29 19:45 - 2010-12-29 19:45 - 00212304 _____ (DigitalPersona, Inc.) C:\Program Files (x86)\DigitalPersona\Bin\DpOSet.dll 2010-12-29 20:54 - 2010-12-29 20:54 - 00649552 _____ (DigitalPersona, Inc.) C:\windows\system32\DPFPApi.DLL 2010-12-29 20:54 - 2010-12-29 20:54 - 00376656 _____ (DigitalPersona, Inc.) C:\windows\system32\DPCLBACK.dll 2010-12-29 20:52 - 2010-12-29 20:52 - 00619856 _____ (DigitalPersona, Inc.) C:\Program Files (x86)\DigitalPersona\Bin\DPAgentOtsPlugin.dll 2010-12-29 20:53 - 2010-12-29 20:53 - 01324368 _____ (DigitalPersona, Inc.) C:\Program Files (x86)\DigitalPersona\Bin\DpFillin.dll 2010-12-29 19:45 - 2010-12-29 19:45 - 00248144 _____ (DigitalPersona, Inc.) C:\Program Files (x86)\DigitalPersona\Bin\DpoPS.dll 2010-12-29 20:53 - 2010-12-29 20:53 - 00685392 _____ (DigitalPersona, Inc.) C:\Program Files (x86)\DigitalPersona\Bin\DpOCache.dll 2010-12-29 20:53 - 2010-12-29 20:53 - 00644432 _____ (DigitalPersona, Inc.) C:\Program Files (x86)\DigitalPersona\Bin\DpoFeedb.dll 2011-10-22 22:40 - 2009-09-08 17:01 - 00237056 ____N (Creative Technology Ltd) C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\CTLoadRs.dll 2011-10-22 22:40 - 2010-07-22 20:01 - 00065536 ____N (Creative Technology Ltd.) C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\CtPinMgr.dll 2010-12-29 19:45 - 2010-12-29 19:45 - 00212304 _____ (DigitalPersona, Inc.) C:\Program Files (x86)\DigitalPersona\Bin\DpoSet.dll 2013-08-17 03:36 - 2013-08-17 03:36 - 00475648 _____ (Intel Corporation) C:\windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\aabbed019df19cbda3b3dfb80fa98bf0\IAStorUtil.ni.dll 2013-07-15 04:04 - 2013-07-15 04:04 - 00014336 _____ (Intel Corp.) C:\windows\assembly\NativeImages_v2.0.50727_32\IAStorCommon\8fae59a3cc25d36da6f7f85ef16e441c\IAStorCommon.ni.dll 2010-07-15 04:08 - 2010-07-15 04:08 - 00063827 _____ (Zlib) C:\Users\Michael Schoenball\AppData\Roaming\CBS Interactive\CNET TechTracker\zlib.dll 2012-11-14 01:32 - 2012-11-14 01:32 - 03558400 _____ (wxWidgets development team) C:\Users\Michael Schoenball\AppData\Roaming\Dropbox\bin\wxmsw28uh_vc.dll 2013-03-13 22:48 - 2013-03-13 22:48 - 24978944 _____ () C:\Users\Michael Schoenball\AppData\Roaming\Dropbox\bin\libcef.dll 2013-03-13 22:48 - 2013-03-13 22:48 - 09956864 _____ (The ICU Project) C:\Users\Michael Schoenball\AppData\Roaming\Dropbox\bin\icudt.dll 2011-01-17 16:19 - 2011-10-28 16:59 - 00985088 _____ () C:\Program Files (x86)\OpenOffice.org 3\program\libxml2.dll ==================== Alternate Data Streams (whitelisted) ========== ==================== Faulty Device Manager Devices ============= ==================== Event log errors: ========================= Application errors: ================== Error: (09/15/2013 03:34:07 PM) (Source: Microsoft-Windows-LoadPerf) (User: NT-AUTORITÄT) Description: Fehler beim Herunterladen der Zeichenfolgen der Leistungsindikatoren für Dienst "WmiApRpl" (WmiApRpl). Der Fehlercode ist das erste DWORD im Datenbereich. Error: (09/15/2013 03:34:07 PM) (Source: Microsoft-Windows-LoadPerf) (User: NT-AUTORITÄT) Description: Die Zeichenfolgen der Leistungsindikatoren in der Leistungsindikatorenregistrierung werden beschädigt wenn der Prozess "Performance" auf dem Erweiterungsleistungsindikator-Anbieter ausgeführt wird. Der Wert "BaseIndex" aus der Leistungsregistrierung ist das erste DWORD im Datenbereich, der Wert "LastCounter" ist das zweite DWORD im Datenbereich und der Werte "LastHelp" ist das dritte DWORD im Datenbereich. Error: (09/15/2013 03:34:06 PM) (Source: Microsoft-Windows-LoadPerf) (User: NT-AUTORITÄT) Description: Die Zeichenfolgen der Leistungsindikatoren in der Leistungsindikatorenregistrierung werden beschädigt wenn der Prozess "Performance" auf dem Erweiterungsleistungsindikator-Anbieter ausgeführt wird. Der Wert "BaseIndex" aus der Leistungsregistrierung ist das erste DWORD im Datenbereich, der Wert "LastCounter" ist das zweite DWORD im Datenbereich und der Werte "LastHelp" ist das dritte DWORD im Datenbereich. Error: (09/15/2013 03:28:21 PM) (Source: WinMgmt) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (09/15/2013 09:21:35 AM) (Source: Microsoft-Windows-LoadPerf) (User: NT-AUTORITÄT) Description: Fehler beim Herunterladen der Zeichenfolgen der Leistungsindikatoren für Dienst "WmiApRpl" (WmiApRpl). Der Fehlercode ist das erste DWORD im Datenbereich. Error: (09/15/2013 09:21:35 AM) (Source: Microsoft-Windows-LoadPerf) (User: NT-AUTORITÄT) Description: Die Zeichenfolgen der Leistungsindikatoren in der Leistungsindikatorenregistrierung werden beschädigt wenn der Prozess "Performance" auf dem Erweiterungsleistungsindikator-Anbieter ausgeführt wird. Der Wert "BaseIndex" aus der Leistungsregistrierung ist das erste DWORD im Datenbereich, der Wert "LastCounter" ist das zweite DWORD im Datenbereich und der Werte "LastHelp" ist das dritte DWORD im Datenbereich. Error: (09/15/2013 09:21:35 AM) (Source: Microsoft-Windows-LoadPerf) (User: NT-AUTORITÄT) Description: Die Zeichenfolgen der Leistungsindikatoren in der Leistungsindikatorenregistrierung werden beschädigt wenn der Prozess "Performance" auf dem Erweiterungsleistungsindikator-Anbieter ausgeführt wird. Der Wert "BaseIndex" aus der Leistungsregistrierung ist das erste DWORD im Datenbereich, der Wert "LastCounter" ist das zweite DWORD im Datenbereich und der Werte "LastHelp" ist das dritte DWORD im Datenbereich. Error: (09/15/2013 09:01:48 AM) (Source: Microsoft-Windows-LoadPerf) (User: NT-AUTORITÄT) Description: Fehler beim Herunterladen der Zeichenfolgen der Leistungsindikatoren für Dienst "WmiApRpl" (WmiApRpl). Der Fehlercode ist das erste DWORD im Datenbereich. Error: (09/15/2013 09:01:48 AM) (Source: Microsoft-Windows-LoadPerf) (User: NT-AUTORITÄT) Description: Die Zeichenfolgen der Leistungsindikatoren in der Leistungsindikatorenregistrierung werden beschädigt wenn der Prozess "Performance" auf dem Erweiterungsleistungsindikator-Anbieter ausgeführt wird. Der Wert "BaseIndex" aus der Leistungsregistrierung ist das erste DWORD im Datenbereich, der Wert "LastCounter" ist das zweite DWORD im Datenbereich und der Werte "LastHelp" ist das dritte DWORD im Datenbereich. Error: (09/15/2013 09:01:48 AM) (Source: Microsoft-Windows-LoadPerf) (User: NT-AUTORITÄT) Description: Die Zeichenfolgen der Leistungsindikatoren in der Leistungsindikatorenregistrierung werden beschädigt wenn der Prozess "Performance" auf dem Erweiterungsleistungsindikator-Anbieter ausgeführt wird. Der Wert "BaseIndex" aus der Leistungsregistrierung ist das erste DWORD im Datenbereich, der Wert "LastCounter" ist das zweite DWORD im Datenbereich und der Werte "LastHelp" ist das dritte DWORD im Datenbereich. System errors: ============= Error: (09/15/2013 03:27:50 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (User: NT-AUTORITÄT) Description: Das WLAN-Erweiterungsmodul konnte nicht gestartet werden. Modulpfad: C:\windows\System32\IWMSSvc.dll Fehlercode: 258 Error: (09/15/2013 00:17:28 AM) (Source: DCOM) (User: ) Description: {995C996E-D918-4A8C-A302-45719A6F4EA7} Error: (09/15/2013 00:16:23 AM) (Source: DCOM) (User: ) Description: 1053Bluetooth Media Service{9AC233E9-AC75-4DB5-85C4-DAB13A484FEA} Error: (09/15/2013 00:16:24 AM) (Source: Service Control Manager) (User: ) Description: Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung von Dienst SftService erreicht. Error: (09/15/2013 00:16:23 AM) (Source: Service Control Manager) (User: ) Description: Der Dienst "Bluetooth Media Service" wurde aufgrund folgenden Fehlers nicht gestartet: %%1053 Error: (09/15/2013 00:16:23 AM) (Source: Service Control Manager) (User: ) Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Bluetooth Media Service erreicht. Error: (09/15/2013 00:15:54 AM) (Source: Service Control Manager) (User: ) Description: Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung von Dienst SftService erreicht. Error: (09/14/2013 10:02:04 AM) (Source: Service Control Manager) (User: ) Description: Dienst "SProtection" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert. Error: (09/14/2013 09:58:51 AM) (Source: Service Control Manager) (User: ) Description: Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung von Dienst SftService erreicht. Error: (09/14/2013 02:16:04 AM) (Source: DCOM) (User: ) Description: {995C996E-D918-4A8C-A302-45719A6F4EA7} Microsoft Office Sessions: ========================= Error: (09/15/2013 03:34:07 PM) (Source: Microsoft-Windows-LoadPerf)(User: NT-AUTORITÄT) Description: WmiApRplWmiApRpl8F20300004D070000 Error: (09/15/2013 03:34:07 PM) (Source: Microsoft-Windows-LoadPerf)(User: NT-AUTORITÄT) Description: Performance1637070000000000000000000009030000 Error: (09/15/2013 03:34:06 PM) (Source: Microsoft-Windows-LoadPerf)(User: NT-AUTORITÄT) Description: Performance1637070000000000000000000009030000 Error: (09/15/2013 03:28:21 PM) (Source: WinMgmt)(User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (09/15/2013 09:21:35 AM) (Source: Microsoft-Windows-LoadPerf)(User: NT-AUTORITÄT) Description: WmiApRplWmiApRpl8F20300004D070000 Error: (09/15/2013 09:21:35 AM) (Source: Microsoft-Windows-LoadPerf)(User: NT-AUTORITÄT) Description: Performance1637070000000000000000000009030000 Error: (09/15/2013 09:21:35 AM) (Source: Microsoft-Windows-LoadPerf)(User: NT-AUTORITÄT) Description: Performance1637070000000000000000000009030000 Error: (09/15/2013 09:01:48 AM) (Source: Microsoft-Windows-LoadPerf)(User: NT-AUTORITÄT) Description: WmiApRplWmiApRpl8F20300004D070000 Error: (09/15/2013 09:01:48 AM) (Source: Microsoft-Windows-LoadPerf)(User: NT-AUTORITÄT) Description: Performance1637070000000000000000000009030000 Error: (09/15/2013 09:01:48 AM) (Source: Microsoft-Windows-LoadPerf)(User: NT-AUTORITÄT) Description: Performance1637070000000000000000000009030000 |
30.09.2013, 08:54 | #4 |
/// the machine /// TB-Ausbilder | Windows7: Infektion mit Ihavenet hi, Scan mit Combofix
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
30.09.2013, 09:48 | #5 |
| Windows7: Infektion mit Ihavenet Morgen! Danke schon mal! Hab grad die Schritte durchgemacht - keine besonderen Auffälligkeiten. Hier der Text: Code:
ATTFilter ComboFix 13-09-30.02 - Michael Schoenball 30.09.2013 10:09:46.1.4 - x64 Microsoft Windows 7 Professional 6.1.7601.1.1252.49.1031.18.4002.2755 [GMT 2:00] ausgeführt von:: c:\users\Michael Schoenball\Desktop\ComboFix.exe AV: Trend Micro Titanium Internet Security *Disabled/Outdated* {68F968AC-2AA0-091D-848C-803E83E35902} SP: Trend Micro Titanium Internet Security *Disabled/Outdated* {D3988948-0C9A-0693-BE3C-BB4CF86413BF} SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} * Neuer Wiederherstellungspunkt wurde erstellt . . (((((((((((((((((((((((((((((((((((( Weitere Löschungen )))))))))))))))))))))))))))))))))))))))))))))))) . . c:\program files (x86)\Delta\delta\1.8.24.6\bh\delta.dll c:\program files (x86)\Delta\delta\1.8.24.6\deltaApp.dll c:\program files (x86)\Delta\delta\1.8.24.6\deltaEng.dll c:\program files (x86)\Delta\delta\1.8.24.6\deltasrv.exe c:\program files (x86)\Delta\delta\1.8.24.6\deltaTlbr.dll c:\programdata\DSearchLink c:\programdata\DSearchLink\DSearchLink.exe c:\programdata\PCDr\6308\AddOnDownloaded\244ec244-34e7-4b04-85aa-c16ea08f2533.dll c:\programdata\PCDr\6308\AddOnDownloaded\31d5a116-b563-4195-8dbd-1798d14bfacd.dll c:\programdata\PCDr\6308\AddOnDownloaded\3265cc37-1ae8-4a1d-b93a-d8a0d09ba823.dll c:\programdata\PCDr\6308\AddOnDownloaded\357a8a4f-74a2-42f1-aed0-bea5984fd709.dll c:\programdata\PCDr\6308\AddOnDownloaded\393c4795-5a95-448d-89c3-2d1321ae7575.dll c:\programdata\PCDr\6308\AddOnDownloaded\394b144a-f70e-44ff-a1ce-7fed69d15b12.dll c:\programdata\PCDr\6308\AddOnDownloaded\50441041-9037-4c34-842c-4a8523e700da.dll c:\programdata\PCDr\6308\AddOnDownloaded\5737a9df-39af-4df3-b97d-07f556d679c5.dll c:\programdata\PCDr\6308\AddOnDownloaded\5ec8c7eb-8ac7-4252-bb47-87f22e27e4a9.dll c:\programdata\PCDr\6308\AddOnDownloaded\646d4422-eb1f-4e32-8b16-f32fc711fbc0.dll c:\programdata\PCDr\6308\AddOnDownloaded\751275e0-9b7c-49a7-b6d8-eaf73a4eac58.dll c:\programdata\PCDr\6308\AddOnDownloaded\7ec00d71-b236-42d5-b7d2-aab97a4a1f3d.dll c:\programdata\PCDr\6308\AddOnDownloaded\840b04b8-fb1e-4492-9645-97c163fb4348.dll c:\programdata\PCDr\6308\AddOnDownloaded\8658165e-a29d-4eca-a939-35aff3e05f62.dll c:\programdata\PCDr\6308\AddOnDownloaded\8aa95cb2-816d-4a9a-a370-962b815a3013.dll c:\programdata\PCDr\6308\AddOnDownloaded\9a29e1fb-664e-4651-a32c-e1ab34198ded.dll c:\programdata\PCDr\6308\AddOnDownloaded\a7c185b3-39a9-4aaf-9506-7726c68d6350.dll c:\programdata\PCDr\6308\AddOnDownloaded\ad245130-e9e2-4a7e-8912-a540560daf66.dll c:\programdata\PCDr\6308\AddOnDownloaded\ad3867bf-de78-4ebd-93f2-0811b275b627.dll c:\programdata\PCDr\6308\AddOnDownloaded\be543d7a-9241-474e-9567-a20b994760c0.dll c:\programdata\PCDr\6308\AddOnDownloaded\c0c54ea3-e58e-438a-9c4c-778b0979180a.dll c:\programdata\PCDr\6308\AddOnDownloaded\e2989224-3347-43ce-b7a2-533339a265b0.dll c:\programdata\Roaming c:\users\Michael Schoenball\AppData\Roaming\msfeedsbsh.dll c:\windows\RPSETUP.EXE.LOG . . ((((((((((((((((((((((( Dateien erstellt von 2013-08-28 bis 2013-09-30 )))))))))))))))))))))))))))))) . . 2013-09-30 08:16 . 2013-09-30 08:16 -------- d-----w- c:\users\Default\AppData\Local\temp 2013-09-29 17:47 . 2013-09-29 17:47 -------- d-----w- c:\program files (x86)\Delta 2013-09-29 17:47 . 2013-09-29 17:47 -------- d-----w- c:\users\Michael Schoenball\AppData\Roaming\BabSolution 2013-09-29 17:47 . 2013-09-29 17:47 -------- d-----w- c:\users\Michael Schoenball\AppData\Local\BonanzaDealsLive 2013-09-29 17:47 . 2013-09-29 17:47 -------- d-----w- c:\programdata\BonanzaDealsLive 2013-09-29 17:46 . 2013-09-29 17:46 -------- d-----w- c:\program files (x86)\BonanzaDeals 2013-09-29 17:46 . 2013-09-29 17:47 -------- d-----w- c:\program files (x86)\Whilokii 2013-09-29 17:46 . 2013-09-29 17:46 -------- d-----w- c:\programdata\Babylon 2013-09-29 17:46 . 2013-09-29 17:46 -------- d-----w- c:\users\Michael Schoenball\AppData\Roaming\Babylon 2013-09-29 17:46 . 2013-09-29 17:46 -------- d-----w- c:\program files (x86)\OpenIt 2013-09-29 17:46 . 2013-09-29 17:46 -------- d-----w- c:\users\Michael Schoenball\AppData\Roaming\DigitalSite 2013-09-28 16:29 . 2013-09-28 16:29 -------- d-----w- c:\users\Michael Schoenball\AppData\Local\Windows Live Writer 2013-09-28 16:29 . 2013-09-28 16:29 -------- d-----w- c:\users\Michael Schoenball\AppData\Roaming\Windows Live Writer 2013-09-27 18:20 . 2013-09-27 18:20 -------- d-----w- c:\users\Michael Schoenball\AppData\Roaming\OpenOffice 2013-09-27 18:19 . 2013-09-27 18:19 -------- d-----w- c:\program files (x86)\OpenOffice 4 2013-09-15 13:40 . 2013-09-15 13:40 -------- d-----w- C:\FRST 2013-09-15 13:30 . 2013-09-15 13:30 -------- d-----w- c:\windows\ERUNT 2013-09-15 13:24 . 2013-09-16 12:16 -------- d-----w- C:\AdwCleaner 2013-09-13 23:52 . 2013-09-13 23:52 -------- d-----w- c:\users\Michael Schoenball\AppData\Local\Google 2013-09-13 23:50 . 2013-09-13 23:50 -------- d-----w- c:\program files (x86)\1clickmoviedownloader.com 2013-09-12 07:36 . 2013-08-10 06:10 775256 ----a-w- c:\program files\Internet Explorer\iexplore.exe 2013-09-11 07:37 . 2013-08-05 02:25 155584 ----a-w- c:\windows\system32\drivers\ataport.sys 2013-09-10 21:54 . 2013-09-29 17:53 -------- d-----w- c:\programdata\Avira . . . (((((((((((((((((((((((((((((((((((( Find3M Bericht )))))))))))))))))))))))))))))))))))))))))))))))))))))) . 2013-09-20 09:28 . 2013-02-14 18:59 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl 2013-09-20 09:28 . 2013-02-14 18:59 692616 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe 2013-08-02 01:48 . 2013-09-11 07:37 44032 ----a-w- c:\windows\apppatch\acwow64.dll 2013-07-25 09:25 . 2013-08-15 22:23 1888768 ----a-w- c:\windows\system32\WMVDECOD.DLL 2013-07-25 08:57 . 2013-08-15 22:23 1620992 ----a-w- c:\windows\SysWow64\WMVDECOD.DLL 2013-07-20 10:28 . 2013-07-20 10:28 110080 ----a-r- c:\users\Michael Schoenball\AppData\Roaming\Microsoft\Installer\{8AE3CFB6-78B2-4F55-A7BE-618FCFF43A03}\IconF7A21AF7.exe 2013-07-20 10:28 . 2013-07-20 10:28 110080 ----a-r- c:\users\Michael Schoenball\AppData\Roaming\Microsoft\Installer\{8AE3CFB6-78B2-4F55-A7BE-618FCFF43A03}\IconD7F16134.exe 2013-07-20 10:28 . 2013-07-20 10:28 110080 ----a-r- c:\users\Michael Schoenball\AppData\Roaming\Microsoft\Installer\{8AE3CFB6-78B2-4F55-A7BE-618FCFF43A03}\Icon1226A4C5.exe 2013-07-19 01:58 . 2013-08-15 22:23 2048 ----a-w- c:\windows\system32\tzres.dll 2013-07-19 01:41 . 2013-08-15 22:23 2048 ----a-w- c:\windows\SysWow64\tzres.dll 2013-07-09 05:52 . 2013-08-15 22:25 224256 ----a-w- c:\windows\system32\wintrust.dll 2013-07-09 05:51 . 2013-08-15 22:23 1217024 ----a-w- c:\windows\system32\rpcrt4.dll 2013-07-09 05:46 . 2013-08-15 22:25 1472512 ----a-w- c:\windows\system32\crypt32.dll 2013-07-09 05:46 . 2013-08-15 22:25 184320 ----a-w- c:\windows\system32\cryptsvc.dll 2013-07-09 05:46 . 2013-08-15 22:25 139776 ----a-w- c:\windows\system32\cryptnet.dll 2013-07-09 04:52 . 2013-08-15 22:23 663552 ----a-w- c:\windows\SysWow64\rpcrt4.dll 2013-07-09 04:52 . 2013-08-15 22:25 175104 ----a-w- c:\windows\SysWow64\wintrust.dll 2013-07-09 04:46 . 2013-08-15 22:25 1166848 ----a-w- c:\windows\SysWow64\crypt32.dll 2013-07-09 04:46 . 2013-08-15 22:25 140288 ----a-w- c:\windows\SysWow64\cryptsvc.dll 2013-07-09 04:46 . 2013-08-15 22:25 103936 ----a-w- c:\windows\SysWow64\cryptnet.dll 2013-07-06 06:03 . 2013-08-15 22:23 1910208 ----a-w- c:\windows\system32\drivers\tcpip.sys . . (((((((((((((((((((((((((((( Autostartpunkte der Registrierung )))))))))))))))))))))))))))))))))))))))) . . *Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. REGEDIT4 . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{204df522-9a96-4a72-abb0-60f7a216d6d2}] 2013-09-26 20:44 249624 ----a-w- c:\program files (x86)\Whilokii\WhilokiiBHO.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{fe063412-bea4-4d76-8ed3-183be6220d17}] 2013-08-21 17:36 100336 ----a-w- c:\program files (x86)\BonanzaDeals\BonanzaDealsIE.dll . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1] @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}] 2013-05-25 00:36 130736 ----a-w- c:\users\Michael Schoenball\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2] @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}] 2013-05-25 00:36 130736 ----a-w- c:\users\Michael Schoenball\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3] @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}] 2013-05-25 00:36 130736 ----a-w- c:\users\Michael Schoenball\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "Dell Webcam Central"="c:\program files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" [2011-04-13 503942] "IAStorIcon"="c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" [2011-02-18 283160] "Dell DataSafe Online"="c:\program files (x86)\Dell\Dell Datasafe Online\NOBuClient.exe" [2010-08-26 1117528] "Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2010-11-16 35736] "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-11-16 932288] . c:\users\Michael Schoenball\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ CNET TechTracker.lnk - c:\users\Michael Schoenball\AppData\Roaming\CBS Interactive\CNET TechTracker\TechTracker.exe [2011-12-1 2624512] Dropbox.lnk - c:\users\Michael Schoenball\AppData\Roaming\Dropbox\bin\Dropbox.exe /systemstartup [2013-5-25 27776968] OpenOffice.org 3.3.lnk - c:\program files (x86)\OpenOffice.org 3\program\quickstart.exe [2010-12-13 1198592] . c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ McAfee Security Scan Plus.lnk - c:\program files (x86)\McAfee Security Scan\3.0.318\SSScheduler.exe [2013-2-5 272248] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32] "mixer4"=wdmaud.drv . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] Notification Packages REG_MULTI_SZ DPPassFilter scecli . R2 Bluetooth OBEX Service;Bluetooth OBEX Service;c:\program files (x86)\Intel\Bluetooth\obexsrv.exe;c:\program files (x86)\Intel\Bluetooth\obexsrv.exe [x] R2 bonanzadealslive;BonanzaDealsLive-Dienst (bonanzadealslive);c:\program files (x86)\BonanzaDealsLive\Update\BonanzaDealsLive.exe;c:\program files (x86)\BonanzaDealsLive\Update\BonanzaDealsLive.exe [x] R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x] R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x] R3 AMPPALP;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Protokoll;c:\windows\system32\DRIVERS\amppal.sys;c:\windows\SYSNATIVE\DRIVERS\amppal.sys [x] R3 Bluetooth Media Service;Bluetooth Media Service;c:\program files (x86)\Intel\Bluetooth\mediasrv.exe;c:\program files (x86)\Intel\Bluetooth\mediasrv.exe [x] R3 bonanzadealslivem;BonanzaDealsLive-Dienst (bonanzadealslivem);c:\program files (x86)\BonanzaDealsLive\Update\BonanzaDealsLive.exe;c:\program files (x86)\BonanzaDealsLive\Update\BonanzaDealsLive.exe [x] R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys;c:\windows\SYSNATIVE\drivers\dmvsc.sys [x] R3 esgiguard;esgiguard;c:\program files\Enigma Software Group\SpyHunter\esgiguard.sys;c:\program files\Enigma Software Group\SpyHunter\esgiguard.sys [x] R3 intaud_WaveExtensible;Intel WiDi Audio Device;c:\windows\system32\drivers\intelaud.sys;c:\windows\SYSNATIVE\drivers\intelaud.sys [x] R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files (x86)\McAfee Security Scan\3.0.318\McCHSvc.exe;c:\program files (x86)\McAfee Security Scan\3.0.318\McCHSvc.exe [x] R3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe [x] R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys;c:\windows\SYSNATIVE\Drivers\RtsUStor.sys [x] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x] R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x] R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x] S0 stdcfltn;Disk Class Filter Driver for Accelerometer;c:\windows\system32\DRIVERS\stdcfltn.sys;c:\windows\SYSNATIVE\DRIVERS\stdcfltn.sys [x] S2 AMPPALR3;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Service;c:\program files\Intel\BluetoothHS\BTHSAmpPalService.exe;c:\program files\Intel\BluetoothHS\BTHSAmpPalService.exe [x] S2 Amsp;Trend Micro Solution Platform;c:\program files\Trend Micro\AMSP\coreServiceShell.exe coreFrameworkHost.exe;c:\program files\Trend Micro\AMSP\coreServiceShell.exe coreFrameworkHost.exe [x] S2 Bluetooth Device Monitor;Bluetooth Device Monitor;c:\program files (x86)\Intel\Bluetooth\devmonsrv.exe;c:\program files (x86)\Intel\Bluetooth\devmonsrv.exe [x] S2 BTHSSecurityMgr;Intel(R) Centrino(R) Wireless Bluetooth(R) 3.0 + High Speed Security Service;c:\program files\Intel\BluetoothHS\BTHSSecurityMgr.exe;c:\program files\Intel\BluetoothHS\BTHSSecurityMgr.exe [x] S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [x] S2 CxAudMsg;Conexant Audio Message Service;c:\windows\system32\CxAudMsg64.exe;c:\windows\SYSNATIVE\CxAudMsg64.exe [x] S2 CxUtilSvc;Conexant Utility Service;c:\program files\Conexant\SA3\CxUtilSvc.exe;c:\program files\Conexant\SA3\CxUtilSvc.exe [x] S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [x] S2 NOBU;Dell DataSafe Online;c:\program files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe SERVICE;c:\program files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe SERVICE [x] S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [x] S2 SftService;SoftThinks Agent Service;c:\program files (x86)\Dell DataSafe Local Backup\sftservice.EXE;c:\program files (x86)\Dell DataSafe Local Backup\sftservice.EXE [x] S2 tmevtmgr;tmevtmgr;c:\windows\system32\DRIVERS\tmevtmgr.sys;c:\windows\SYSNATIVE\DRIVERS\tmevtmgr.sys [x] S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [x] S2 Update Whilokii;Update Whilokii;c:\program files (x86)\Whilokii\updateWhilokii.exe;c:\program files (x86)\Whilokii\updateWhilokii.exe [x] S2 vcsFPService;Validity VCS Fingerprint Service;c:\windows\system32\vcsFPService.exe;c:\windows\SYSNATIVE\vcsFPService.exe [x] S3 Acceler;Accelerometer Service;c:\windows\system32\DRIVERS\Accelern.sys;c:\windows\SYSNATIVE\DRIVERS\Accelern.sys [x] S3 AMPPAL;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed - Virtueller Adapter;c:\windows\system32\DRIVERS\AMPPAL.sys;c:\windows\SYSNATIVE\DRIVERS\AMPPAL.sys [x] S3 btmaudio;Intel Bluetooth Audio Service;c:\windows\system32\drivers\btmaud.sys;c:\windows\SYSNATIVE\drivers\btmaud.sys [x] S3 btmaux;Intel Bluetooth Auxiliary Service;c:\windows\system32\DRIVERS\btmaux.sys;c:\windows\SYSNATIVE\DRIVERS\btmaux.sys [x] S3 btmhsf;btmhsf;c:\windows\system32\DRIVERS\btmhsf.sys;c:\windows\SYSNATIVE\DRIVERS\btmhsf.sys [x] S3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\DRIVERS\CtClsFlt.sys;c:\windows\SYSNATIVE\DRIVERS\CtClsFlt.sys [x] S3 iBtFltCoex;iBtFltCoex;c:\windows\system32\DRIVERS\iBtFltCoex.sys;c:\windows\SYSNATIVE\DRIVERS\iBtFltCoex.sys [x] S3 IntcDAud;Intel(R) Display-Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x] S3 iwdbus;IWD Bus Enumerator;c:\windows\system32\DRIVERS\iwdbus.sys;c:\windows\SYSNATIVE\DRIVERS\iwdbus.sys [x] S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x] S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftfslh.sys [x] S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftplaylh.sys [x] S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftredirlh.sys [x] S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftvollh.sys [x] S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [x] S3 tihub3;TI USB3 Hub Service;c:\windows\system32\DRIVERS\tihub3.sys;c:\windows\SYSNATIVE\DRIVERS\tihub3.sys [x] S3 tixhci;TI XHCI Service;c:\windows\system32\DRIVERS\tixhci.sys;c:\windows\SYSNATIVE\DRIVERS\tixhci.sys [x] . . Inhalt des "geplante Tasks" Ordners . 2013-09-30 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-02-14 09:28] . 2013-09-29 c:\windows\Tasks\BonanzaDealsLiveUpdateTaskMachineCore.job - c:\program files (x86)\BonanzaDealsLive\Update\BonanzaDealsLive.exe [2013-09-29 17:46] . 2013-09-30 c:\windows\Tasks\BonanzaDealsLiveUpdateTaskMachineUA.job - c:\program files (x86)\BonanzaDealsLive\Update\BonanzaDealsLive.exe [2013-09-29 17:46] . . --------- X64 Entries ----------- . . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1] @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}] 2013-05-25 00:36 164016 ----a-w- c:\users\Michael Schoenball\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2] @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}] 2013-05-25 00:36 164016 ----a-w- c:\users\Michael Schoenball\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3] @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}] 2013-05-25 00:36 164016 ----a-w- c:\users\Michael Schoenball\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4] @="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}] 2013-05-25 00:36 164016 ----a-w- c:\users\Michael Schoenball\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-06-20 167704] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-06-20 392472] "Persistence"="c:\windows\system32\igfxpers.exe" [2011-06-20 416024] "SmartAudio"="c:\program files\CONEXANT\SA3\SACpl.exe" [2011-06-24 1573504] "FreeFallProtection"="c:\program files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe" [2010-12-17 686704] "IntelPAN"="c:\program files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" [2011-07-28 1935120] "BTMTrayAgent"="c:\program files (x86)\Intel\Bluetooth\btmshell.dll" [2011-05-19 10365952] "Trend Micro Client Framework"="c:\program files\Trend Micro\UniClient\UiFrmWrk\UIWatchDog.exe" [2011-05-21 192520] "Trend Micro Titanium"="c:\program files\Trend Micro\Titanium\UIFramework\uiWinMgr.exe" [2011-05-21 1119392] . ------- Zusätzlicher Suchlauf ------- . uStart Page = hxxp://www.qvo6.com/?utm_source=b&utm_medium=cor&utm_campaign=eXQ&utm_content=hp&from=cor&uid=TOSHIBAXMK5061GSYN_91QIT4V9TXX91QIT4V9T&ts=1380477115 uLocal Page = c:\windows\system32\blank.htm mDefault_Page_URL = hxxp://www.qvo6.com/?utm_source=b&utm_medium=cor&utm_campaign=eXQ&utm_content=hp&from=cor&uid=TOSHIBAXMK5061GSYN_91QIT4V9TXX91QIT4V9T&ts=1380477115 mStart Page = hxxp://www.qvo6.com/?utm_source=b&utm_medium=cor&utm_campaign=eXQ&utm_content=hp&from=cor&uid=TOSHIBAXMK5061GSYN_91QIT4V9TXX91QIT4V9T&ts=1380477115 mLocal Page = c:\windows\SysWOW64\blank.htm uInternet Settings,ProxyServer = proxy.drsintra.de:8080 TCP: DhcpNameServer = 192.168.178.1 FF - ProfilePath - c:\users\Michael Schoenball\AppData\Roaming\Mozilla\Firefox\Profiles\6z3bu6ez.default\ FF - prefs.js: browser.search.selectedEngine - qvo6 FF - prefs.js: browser.startup.homepage - hxxp://www.qvo6.com/?utm_source=b&utm_medium=cor&utm_campaign=eXQ&utm_content=hp&from=cor&uid=TOSHIBAXMK5061GSYN_91QIT4V9TXX91QIT4V9T&ts=1380477115 FF - ExtSQL: 2013-09-26 22:44; firefox@whilokii.net; c:\users\Michael Schoenball\AppData\Roaming\Mozilla\Firefox\Profiles\6z3bu6ez.default\extensions\firefox@whilokii.net.xpi FF - ExtSQL: 2013-09-29 19:46; {f9d03c26-0575-497e-821d-f7956d23e0ca}; c:\users\Michael Schoenball\AppData\Roaming\Mozilla\Firefox\Profiles\6z3bu6ez.default\extensions\{f9d03c26-0575-497e-821d-f7956d23e0ca} FF - ExtSQL: 2013-09-29 19:47; ffxtlbr@delta.com; c:\users\Michael Schoenball\AppData\Roaming\Mozilla\Firefox\Profiles\6z3bu6ez.default\extensions\ffxtlbr@delta.com FF - user.js: extensions.delta.tlbrSrchUrl - FF - user.js: extensions.delta.id - 7c4e86d4000000000000ac7289e1e5f2 FF - user.js: extensions.delta.appId - {C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3} FF - user.js: extensions.delta.instlDay - 15977 FF - user.js: extensions.delta.vrsn - 1.8.24.6 FF - user.js: extensions.delta.vrsni - 1.8.24.6 FF - user.js: extensions.delta.vrsnTs - 1.8.24.619:47 FF - user.js: extensions.delta.prtnrId - delta FF - user.js: extensions.delta.prdct - delta FF - user.js: extensions.delta.aflt - babsst FF - user.js: extensions.delta.smplGrp - none FF - user.js: extensions.delta.tlbrId - base FF - user.js: extensions.delta.instlRef - sst FF - user.js: extensions.delta.dfltLng - de FF - user.js: extensions.delta.excTlbr - false FF - user.js: extensions.delta.ffxUnstlRst - true FF - user.js: extensions.delta.admin - false FF - user.js: extensions.delta_i.babTrack - affID=119357&tsp=5020 FF - user.js: extensions.delta_i.babExt - FF - user.js: extensions.delta_i.srcExt - ss FF - user.js: extensions.delta.autoRvrt - false FF - user.js: extensions.delta.rvrt - false FF - user.js: extensions.delta.newTab - false . - - - - Entfernte verwaiste Registrierungseinträge - - - - . BHO-{112BA211-334C-4A90-90EC-2AD1CDAB287C} - c:\program files (x86)\IminentToolbar\1.8.25.0\bh\iminent.dll BHO-{C1AF5FA5-852C-4C90-812E-A7F75E011D87} - c:\program files (x86)\Delta\delta\1.8.24.6\bh\delta.dll Toolbar-{82E1477C-B154-48D3-9891-33D83C26BCD3} - c:\program files (x86)\Delta\delta\1.8.24.6\deltaTlbr.dll Wow6432Node-HKCU-Run-Udac - c:\users\Michael Schoenball\AppData\Roaming\msfeedsbsh.dll HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe . . . --------------------- Gesperrte Registrierungsschluessel --------------------- . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\windows\\system32\\Macromed\\Flash\\FlashUtil64_11_8_800_175_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\windows\\system32\\Macromed\\Flash\\FlashUtil64_11_8_800_175_ActiveX.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_8_800_175_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_8_800_175_ActiveX.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_175.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.11" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_175.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_175.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_175.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*1*] @="?????????????????? v1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*1*\CLSID] @="{E23FE9C6-778E-49D4-B537-38FCDE4887D8}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*2*] @="?????????????????? v2" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*2*\CLSID] @="{9BE31822-FDAD-461B-AD51-BE1D1C159921}" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . Zeit der Fertigstellung: 2013-09-30 10:19:04 ComboFix-quarantined-files.txt 2013-09-30 08:19 . Vor Suchlauf: 19 Verzeichnis(se), 220.712.005.632 Bytes frei Nach Suchlauf: 22 Verzeichnis(se), 222.344.429.568 Bytes frei . - - End Of File - - 2A871C372C35790E75BA625583508394 micha |
30.09.2013, 16:54 | #6 |
/// the machine /// TB-Ausbilder | Windows7: Infektion mit Ihavenet Downloade Dir bitte Malwarebytes Anti-Malware
Downloade Dir bitte AdwCleaner auf deinen Desktop.
Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
und ein frisches FRST log bitte.
__________________ --> Windows7: Infektion mit Ihavenet |
30.09.2013, 20:11 | #7 |
| Windows7: Infektion mit Ihavenet Hello again! So, alle Arbeitsaufräge geschafft - vielen Dank! der Computer läuft schon viel besser - vor allem die Weiterleitung auf andere Seiten ist komplett weg. Hier die Textdateien: 1. Malwarebytes Anti-Malware : Code:
ATTFilter Malwarebytes Anti-Malware 1.75.0.1300 www.malwarebytes.org Datenbank Version: v2013.09.30.07 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 10.0.9200.16686 Michael Schoenball :: MICHAELSCHOENBA [Administrator] 30.09.2013 20:19:55 mbam-log-2013-09-30 (20-19-55).txt Art des Suchlaufs: Quick-Scan Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 201505 Laufzeit: 3 Minute(n), 57 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 10 HKCR\CLSID\{112BA211-334C-4A90-90EC-2AD1CDAB287C} (PUP.Optional.Iminent.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{112BA211-334C-4A90-90EC-2AD1CDAB287C} (PUP.Optional.Iminent.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{112BA211-334C-4A90-90EC-2AD1CDAB287C} (PUP.Optional.Iminent.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{112BA211-334C-4A90-90EC-2AD1CDAB287C} (PUP.Optional.Iminent.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCR\CLSID\{1FAFD711-ABF9-4F6A-8130-5166C7371427} (PUP.Optional.Iminent.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCR\iminent.iminentdskBnd.1 (PUP.Optional.Iminent.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCR\iminent.iminentdskBnd (PUP.Optional.Iminent.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{204DF522-9A96-4A72-ABB0-60F7A216D6D2} (Adware.Whilokii) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{204DF522-9A96-4A72-ABB0-60F7A216D6D2} (Adware.Whilokii) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{204DF522-9A96-4A72-ABB0-60F7A216D6D2} (Adware.Whilokii) -> Erfolgreich gelöscht und in Quarantäne gestellt. Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 2 C:\Users\Michael Schoenball\AppData\Local\Google\Chrome\User Data\default\extensions\pkhojieggfgllhllcegoffdcnmdeojgb (PUP.Optional.Iminent.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Michael Schoenball\AppData\Local\Google\Chrome\User Data\default\extensions\pkhojieggfgllhllcegoffdcnmdeojgb\2.0_0 (PUP.Optional.Iminent.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. Infizierte Dateien: 16 C:\Users\Michael Schoenball\Downloads\Player_Setup.exe (PUP.OptionalBundleInstaller.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Michael Schoenball\Downloads\videoperformerSetup.exe (Adware.InstallBrain) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files (x86)\Mozilla Firefox\browser\searchplugins\qvo6.xml (PUP.Optional.qvo6.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Michael Schoenball\AppData\Local\Google\Chrome\User Data\default\extensions\pkhojieggfgllhllcegoffdcnmdeojgb\2.0_0\appCntrl.js (PUP.Optional.Iminent.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Michael Schoenball\AppData\Local\Google\Chrome\User Data\default\extensions\pkhojieggfgllhllcegoffdcnmdeojgb\2.0_0\bg.html (PUP.Optional.Iminent.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Michael Schoenball\AppData\Local\Google\Chrome\User Data\default\extensions\pkhojieggfgllhllcegoffdcnmdeojgb\2.0_0\bg.js (PUP.Optional.Iminent.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Michael Schoenball\AppData\Local\Google\Chrome\User Data\default\extensions\pkhojieggfgllhllcegoffdcnmdeojgb\2.0_0\CrmAdpt.dll (PUP.Optional.Iminent.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Michael Schoenball\AppData\Local\Google\Chrome\User Data\default\extensions\pkhojieggfgllhllcegoffdcnmdeojgb\2.0_0\ct.js (PUP.Optional.Iminent.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Michael Schoenball\AppData\Local\Google\Chrome\User Data\default\extensions\pkhojieggfgllhllcegoffdcnmdeojgb\2.0_0\CTB.dll (PUP.Optional.Iminent.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Michael Schoenball\AppData\Local\Google\Chrome\User Data\default\extensions\pkhojieggfgllhllcegoffdcnmdeojgb\2.0_0\dpk.js (PUP.Optional.Iminent.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Michael Schoenball\AppData\Local\Google\Chrome\User Data\default\extensions\pkhojieggfgllhllcegoffdcnmdeojgb\2.0_0\hprtkMsg.htm (PUP.Optional.Iminent.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Michael Schoenball\AppData\Local\Google\Chrome\User Data\default\extensions\pkhojieggfgllhllcegoffdcnmdeojgb\2.0_0\hprtkMsg.js (PUP.Optional.Iminent.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Michael Schoenball\AppData\Local\Google\Chrome\User Data\default\extensions\pkhojieggfgllhllcegoffdcnmdeojgb\2.0_0\json2.min.js (PUP.Optional.Iminent.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Michael Schoenball\AppData\Local\Google\Chrome\User Data\default\extensions\pkhojieggfgllhllcegoffdcnmdeojgb\2.0_0\logo.png (PUP.Optional.Iminent.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Michael Schoenball\AppData\Local\Google\Chrome\User Data\default\extensions\pkhojieggfgllhllcegoffdcnmdeojgb\2.0_0\manifest.json (PUP.Optional.Iminent.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Michael Schoenball\AppData\Local\Google\Chrome\User Data\default\extensions\pkhojieggfgllhllcegoffdcnmdeojgb\2.0_0\pref.json (PUP.Optional.Iminent.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. (Ende) Code:
ATTFilter # AdwCleaner v3.005 - Bericht erstellt am 30/09/2013 um 20:35:48 # Updated 22/09/2013 von Xplode # Betriebssystem : Windows 7 Professional Service Pack 1 (64 bits) # Benutzername : Michael Schoenball - MICHAELSCHOENBA # Gestartet von : C:\Users\Michael Schoenball\Desktop\adwcleaner_3.0.0.5.exe # Option : Löschen ***** [ Dienste ] ***** ***** [ Dateien / Ordner ] ***** ***** [ Verknüpfungen ] ***** ***** [ Registrierungsdatenbank ] ***** ***** [ Browser ] ***** -\\ Internet Explorer v10.0.9200.16686 -\\ Mozilla Firefox v24.0 (de) [ Datei : C:\Users\Michael Schoenball\AppData\Roaming\Mozilla\Firefox\Profiles\8h0eeyhr.default-1380534715240\prefs.js ] ************************* AdwCleaner[R0].txt - [15957 octets] - [15/09/2013 15:24:57] AdwCleaner[R1].txt - [970 octets] - [16/09/2013 14:15:03] AdwCleaner[R2].txt - [10167 octets] - [30/09/2013 11:57:11] AdwCleaner[R3].txt - [1229 octets] - [30/09/2013 20:35:28] AdwCleaner[S0].txt - [15749 octets] - [15/09/2013 15:25:27] AdwCleaner[S1].txt - [1030 octets] - [16/09/2013 14:15:55] AdwCleaner[S2].txt - [8086 octets] - [30/09/2013 11:57:34] AdwCleaner[S3].txt - [1151 octets] - [30/09/2013 20:35:48] ########## EOF - C:\AdwCleaner\AdwCleaner[S3].txt - [1211 octets] ########## Code:
ATTFilter ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Junkware Removal Tool (JRT) by Thisisu Version: 6.0.3 (09.27.2013:1) OS: Windows 7 Professional x64 Ran by Michael Schoenball on 30.09.2013 at 20:44:58,08 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~ Services ~~~ Registry Values ~~~ Registry Keys ~~~ Files ~~~ Folders Successfully deleted: [Folder] "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\open it!" Successfully deleted: [Empty Folder] C:\Users\Michael Schoenball\appdata\local\{42CD3EEC-23F5-44FA-B066-5A3017DF5D98} ~~~ Event Viewer Logs were cleared ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Scan was completed on 30.09.2013 at 20:58:47,82 End of JRT log ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 27-09-2013 02 Ran by Michael Schoenball (administrator) on MICHAELSCHOENBA on 30-09-2013 21:01:08 Running from C:\Users\Michael Schoenball\Desktop Windows 7 Professional Service Pack 1 (X64) OS Language: German Standard Internet Explorer Version 10 Boot Mode: Normal ==================== Processes (Whitelisted) ================= (Validity Sensors, Inc.) C:\Windows\system32\vcsFPService.exe (Microsoft Corporation) C:\windows\system32\WLANExt.exe (DigitalPersona, Inc.) C:\Program Files\DigitalPersona\Bin\DpHostW.exe (Trend Micro Inc.) C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe (Trend Micro Inc.) C:\Program Files\Trend Micro\UniClient\UiFrmWrk\uiWatchDog.exe (Intel Corporation) C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe (Trend Micro Inc.) C:\Program Files\Trend Micro\AMSP\coreFrameworkHost.exe (Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe (Intel(R) Corporation) C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe (Conexant Systems Inc.) C:\Windows\system32\CxAudMsg64.exe (Conexant Systems, Inc.) C:\Program Files\Conexant\SA3\CxUtilSvc.exe (Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe (Dell, Inc.) C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe (Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe (SoftThinks SAS) C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE (Intel Corporation) C:\Windows\System32\igfxtray.exe (Intel Corporation) C:\Windows\System32\hkcmd.exe (Intel Corporation) C:\Windows\System32\igfxpers.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe () C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe (Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe (Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe (Trend Micro Inc.) C:\Program Files\Trend Micro\UniClient\UiFrmWrk\uiSeAgnt.exe (McAfee, Inc.) C:\Program Files (x86)\McAfee Security Scan\3.0.318\SSScheduler.exe (Creative Technology Ltd) C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe (Conexant Systems, Inc.) C:\Program Files\Conexant\SA3\SmartAudio3.exe (SoftThinks - Dell) C:\Program Files (x86)\Dell DataSafe Local Backup\TOASTER.EXE (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe () C:\Program Files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE () C:\Users\Michael Schoenball\AppData\Roaming\CBS Interactive\CNET TechTracker\TechTracker.exe (Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe (Dropbox, Inc.) C:\Users\Michael Schoenball\AppData\Roaming\Dropbox\bin\Dropbox.exe (OpenOffice.org) C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe (Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe (OpenOffice.org) C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe (Microsoft Corporation) C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE (Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation) C:\Windows\system32\igfxsrvc.exe ==================== Registry (Whitelisted) ================== HKLM\...\Run: [HotKeysCmds] - C:\Windows\system32\hkcmd.exe [ ] () HKLM\...\Run: [SmartAudio] - C:\Program Files\CONEXANT\SA3\SACpl.exe [1573504 2011-06-24] (Conexant Systems, Inc.) HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2780968 2011-04-30] (Synaptics Incorporated) HKLM\...\Run: [FreeFallProtection] - C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe [686704 2010-12-17] () HKLM\...\Run: [IntelPAN] - C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe [1935120 2011-07-28] (Intel(R) Corporation) HKLM\...\Run: [BTMTrayAgent] - rundll32.exe "C:\Program Files (x86)\Intel\Bluetooth\btmshell.dll",TrayApp HKLM\...\Run: [Trend Micro Client Framework] - C:\Program Files\Trend Micro\UniClient\UiFrmWrk\UIWatchDog.exe [192520 2011-05-21] (Trend Micro Inc.) HKLM\...\Run: [Trend Micro Titanium] - C:\Program Files\Trend Micro\Titanium\UIFramework\uiWinMgr.exe [1119392 2011-05-21] (Trend Micro Inc.) Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation) HKLM-x32\...\Run: [Dell Webcam Central] - C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe [503942 2011-04-13] (Creative Technology Ltd) HKLM-x32\...\Run: [IAStorIcon] - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [283160 2011-02-18] (Intel Corporation) HKLM-x32\...\Run: [Dell DataSafe Online] - C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuClient.exe [1117528 2010-08-26] (Dell, Inc.) HKLM-x32\...\Run: [Adobe Reader Speed Launcher] - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe [35736 2010-11-16] (Adobe Systems Incorporated) HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [932288 2010-11-16] (Adobe Systems Incorporated) Lsa: [Notification Packages] DPPassFilter scecli Startup: C:\Users\Michael Schoenball\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CNET TechTracker.lnk ShortcutTarget: CNET TechTracker.lnk -> C:\Users\Michael Schoenball\AppData\Roaming\CBS Interactive\CNET TechTracker\TechTracker.exe () Startup: C:\Users\Michael Schoenball\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk ShortcutTarget: Dropbox.lnk -> C:\Users\Michael Schoenball\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) Startup: C:\Users\Michael Schoenball\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk ShortcutTarget: OpenOffice.org 3.3.lnk -> C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe () ==================== Internet (Whitelisted) ==================== ProxyServer: proxy.drsintra.de:8080 HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe SearchScopes: HKLM - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = BHO: TmIEPlugInBHO Class - {1CA1377B-DC1D-4A52-9585-6E06050FAC53} - C:\Program Files\Trend Micro\AMSP\Module\20004\1.5.1464\6.6.1077\TmIEPlg.dll (Trend Micro Inc.) BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) BHO: TmBpIeBHO Class - {BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC} - C:\Program Files\Trend Micro\AMSP\Module\20002\6.6.1010\6.6.1010\TmBpIe64.dll (Trend Micro Inc.) BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.) BHO-x32: MSS+ Identifier - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files (x86)\McAfee Security Scan\3.0.318\McAfeeMSS_IE.dll (McAfee, Inc.) BHO-x32: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated) BHO-x32: TmIEPlugInBHO Class - {1CA1377B-DC1D-4A52-9585-6E06050FAC53} - C:\Program Files\Trend Micro\AMSP\Module\20004\1.5.1464\6.6.1077\TmIEPlg32.dll (Trend Micro Inc.) BHO-x32: Windows Live ID-Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) BHO-x32: TmBpIeBHO Class - {BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC} - C:\Program Files\Trend Micro\AMSP\Module\20002\6.6.1010\6.6.1010\TmBpIe32.dll (Trend Micro Inc.) BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.) Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - No File Handler: tmbp - {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - C:\Program Files\Trend Micro\AMSP\Module\20002\6.6.1010\6.6.1010\TmBpIe64.dll (Trend Micro Inc.) Handler: tmpx - {0E526CB5-7446-41D1-A403-19BFE95E8C23} - C:\Program Files\Trend Micro\AMSP\Module\20004\1.5.1464\6.6.1077\TmIEPlg.dll (Trend Micro Inc.) Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies) Handler-x32: tmbp - {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - C:\Program Files\Trend Micro\AMSP\Module\20002\6.6.1010\6.6.1010\TmBpIe32.dll (Trend Micro Inc.) Handler-x32: tmpx - {0E526CB5-7446-41D1-A403-19BFE95E8C23} - C:\Program Files\Trend Micro\AMSP\Module\20004\1.5.1464\6.6.1077\TmIEPlg32.dll (Trend Micro Inc.) Tcpip\Parameters: [DhcpNameServer] 192.168.178.1 FireFox: ======== FF ProfilePath: C:\Users\Michael Schoenball\AppData\Roaming\Mozilla\Firefox\Profiles\8h0eeyhr.default-1380534715240 FF Homepage: hxxp://www.ecosia.org FF Plugin: @adobe.com/FlashPlayer - C:\windows\system32\Macromed\Flash\NPSWF64_11_8_800_168.dll () FF Plugin: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf - C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.) FF Plugin: @java.com/JavaPlugin - C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation) FF Plugin-x32: @adobe.com/FlashPlayer - C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_168.dll () FF Plugin-x32: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf - C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.) FF Plugin-x32: @java.com/JavaPlugin - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF Plugin-x32: @mcafee.com/McAfeeMssPlugin - C:\Program Files (x86)\McAfee Security Scan\3.0.318\npMcAfeeMss.dll (McAfee, Inc.) FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin-x32: @videolan.org/vlc,version=2.0.3 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN) FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml FF HKLM-x32\...\Firefox\Extensions: [{22C7F6C6-8D67-4534-92B5-529A0EC09405}] - C:\Program Files\Trend Micro\AMSP\Module\20004\1.5.1464\6.6.1077\firefoxextension\ FF Extension: Trend Micro NSC Firefox Extension - C:\Program Files\Trend Micro\AMSP\Module\20004\1.5.1464\6.6.1077\firefoxextension\ FF HKLM-x32\...\Firefox\Extensions: [otis@digitalpersona.com] - C:\Program Files (x86)\DigitalPersona\Bin\FirefoxExt\ FF Extension: DigitalPersona Extension - C:\Program Files (x86)\DigitalPersona\Bin\FirefoxExt\ Chrome: ======= Error reading preferences. Please check "preferences" file for possible corruption. <======= ATTENTION CHR HKLM-x32\...\Chrome\Extension: [hpomcmndppalndoljdilmfkkjkcnongl] - C:\Program Files (x86)\1clickmoviedownloader.com\clickmoviedownloader10.crx CHR HKLM-x32\...\Chrome\Extension: [pkhojieggfgllhllcegoffdcnmdeojgb] - C:\Program Files (x86)\IminentToolbar\1.8.25.0\iminent.crx ==================== Services (Whitelisted) ================= R2 CxUtilSvc; C:\Program Files\Conexant\SA3\CxUtilSvc.exe [28288 2011-06-24] (Conexant Systems, Inc.) S3 McComponentHostService; C:\Program Files (x86)\McAfee Security Scan\3.0.318\McCHSvc.exe [235216 2013-02-05] (McAfee, Inc.) S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [340240 2011-07-28] () R2 Amsp; "C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe" coreFrameworkHost.exe -m=rb -dt=60000 [x] ==================== Drivers (Whitelisted) ==================== R2 tmactmon; C:\Windows\System32\DRIVERS\tmactmon.sys [90896 2011-05-21] (Trend Micro Inc.) R2 tmcomm; C:\Windows\System32\DRIVERS\tmcomm.sys [144656 2011-05-21] (Trend Micro Inc.) R2 tmevtmgr; C:\Windows\System32\DRIVERS\tmevtmgr.sys [69392 2011-05-21] (Trend Micro Inc.) R1 tmtdi; C:\Windows\System32\DRIVERS\tmtdi.sys [105552 2011-05-21] (Trend Micro Inc.) S3 catchme; \??\C:\ComboFix\catchme.sys [x] S3 esgiguard; \??\C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [x] ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2013-09-30 20:58 - 2013-09-30 20:58 - 00000855 _____ C:\Users\Michael Schoenball\Desktop\JRT.txt 2013-09-30 20:43 - 2013-09-30 20:43 - 01030305 _____ (Thisisu) C:\Users\Michael Schoenball\Desktop\JRT.exe 2013-09-30 20:37 - 2013-09-30 20:37 - 00001291 _____ C:\Users\Michael Schoenball\Desktop\AdwCleaner[S3].txt 2013-09-30 20:30 - 2013-09-30 20:30 - 00003288 ____N C:\bootsqm.dat 2013-09-30 20:29 - 2013-09-30 20:29 - 00000000 __SHD C:\found.000 2013-09-30 20:15 - 2013-09-30 20:15 - 00001111 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk 2013-09-30 20:15 - 2013-09-30 20:15 - 00000000 ____D C:\Users\Michael Schoenball\AppData\Roaming\Malwarebytes 2013-09-30 20:15 - 2013-09-30 20:15 - 00000000 ____D C:\ProgramData\Malwarebytes 2013-09-30 20:15 - 2013-09-30 20:15 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware 2013-09-30 20:15 - 2013-04-04 14:50 - 00025928 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbam.sys 2013-09-30 20:14 - 2013-09-30 20:15 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\Michael Schoenball\Downloads\mbam-setup-1.75.0.1300.exe 2013-09-30 11:56 - 2013-09-30 11:56 - 01042066 _____ C:\Users\Michael Schoenball\Desktop\adwcleaner_3.0.0.5.exe 2013-09-30 10:19 - 2013-09-30 10:19 - 00030022 _____ C:\ComboFix.txt 2013-09-30 10:07 - 2013-09-30 10:19 - 00000000 ____D C:\Qoobox 2013-09-30 10:07 - 2013-09-30 10:17 - 00000000 ____D C:\windows\erdnt 2013-09-30 10:07 - 2011-06-26 08:45 - 00256000 _____ C:\windows\PEV.exe 2013-09-30 10:07 - 2010-11-07 19:20 - 00208896 _____ C:\windows\MBR.exe 2013-09-30 10:07 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\windows\NIRCMD.exe 2013-09-30 10:07 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\windows\SWREG.exe 2013-09-30 10:07 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\windows\SWSC.exe 2013-09-30 10:07 - 2000-08-31 02:00 - 00098816 _____ C:\windows\sed.exe 2013-09-30 10:07 - 2000-08-31 02:00 - 00080412 _____ C:\windows\grep.exe 2013-09-30 10:07 - 2000-08-31 02:00 - 00068096 _____ C:\windows\zip.exe 2013-09-30 10:06 - 2013-09-30 10:06 - 00009719 _____ C:\Users\Michael Schoenball\Desktop\ESTAScan druckvorlage.odt 2013-09-30 10:00 - 2013-09-30 10:00 - 05131234 ____R (Swearware) C:\Users\Michael Schoenball\Desktop\ComboFix.exe 2013-09-29 20:57 - 2013-09-30 09:58 - 00000095 _____ C:\Users\Michael Schoenball\AppData\Roaming\WB.CFG 2013-09-29 20:57 - 2013-09-30 09:58 - 00000005 _____ C:\Users\Michael Schoenball\AppData\Roaming\WBPU-TTL.DAT 2013-09-29 20:06 - 2013-09-29 20:07 - 00053591 _____ C:\Users\Michael Schoenball\Downloads\FRST.txt 2013-09-29 20:02 - 2013-09-29 20:02 - 01953880 _____ (Farbar) C:\Users\Michael Schoenball\Desktop\FRST64.exe 2013-09-29 19:46 - 2013-09-30 11:33 - 00000000 ____D C:\Program Files (x86)\BonanzaDeals 2013-09-29 19:46 - 2013-09-29 19:46 - 00749248 _____ C:\Users\Michael Schoenball\Downloads\ZipExtractorSetup.exe 2013-09-29 19:24 - 2013-09-29 19:43 - 00060510 _____ C:\Users\Michael Schoenball\Downloads\Extras.Txt 2013-09-29 19:23 - 2013-09-29 19:23 - 00112384 _____ C:\Users\Michael Schoenball\Downloads\OTL.Txt 2013-09-29 18:41 - 2013-09-29 18:41 - 00602112 _____ (OldTimer Tools) C:\Users\Michael Schoenball\Downloads\OTL.exe 2013-09-28 18:29 - 2013-09-28 18:29 - 00000000 ____D C:\Users\Michael Schoenball\AppData\Roaming\Windows Live Writer 2013-09-28 18:29 - 2013-09-28 18:29 - 00000000 ____D C:\Users\Michael Schoenball\AppData\Local\Windows Live Writer 2013-09-27 20:20 - 2013-09-27 20:20 - 00001116 _____ C:\Users\Public\Desktop\OpenOffice 4.0.1.lnk 2013-09-27 20:20 - 2013-09-27 20:20 - 00000000 ____D C:\Users\Michael Schoenball\AppData\Roaming\OpenOffice 2013-09-27 20:19 - 2013-09-27 20:19 - 00000000 ____D C:\Program Files (x86)\OpenOffice 4 2013-09-27 20:10 - 2013-09-27 20:13 - 163606685 _____ C:\Users\Michael Schoenball\Downloads\Apache_OpenOffice_4.0.1_Win_x86_install_de.exe 2013-09-27 11:40 - 2013-09-27 13:22 - 00000000 ____D C:\Users\Michael Schoenball\Desktop\Lieder 30 WFD 2013-09-27 11:26 - 2013-09-19 22:09 - 16999796 ____C C:\Users\Michael Schoenball\Downloads\jens_kober1 - Kopie.jpg.tif 2013-09-26 09:56 - 2013-09-26 09:57 - 00000000 ____D C:\Users\Michael Schoenball\Downloads\Marie Kees fotos 2013-09-26 09:32 - 2013-09-26 09:32 - 02650026 _____ C:\Users\Michael Schoenball\Downloads\awfotos30jahrewfd.zip 2013-09-26 09:29 - 2013-09-26 09:29 - 00010460 _____ C:\Users\Michael Schoenball\Downloads\rooming list academic orchestra 2013.xlsx 2013-09-23 14:39 - 2013-09-30 11:57 - 00001051 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk 2013-09-19 22:07 - 2013-09-19 22:09 - 16999796 _____ C:\Users\Michael Schoenball\Downloads\jens_kober1.tif 2013-09-19 12:38 - 2013-09-23 14:39 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox 2013-09-17 15:06 - 2013-09-17 15:08 - 05216044 _____ C:\Users\Michael Schoenball\Downloads\cusanus2.wav 2013-09-16 13:05 - 2013-09-16 13:05 - 00007898 _____ C:\Users\Michael Schoenball\Downloads\Raster Bühnenprogramm.odt 2013-09-16 01:18 - 2013-09-16 01:19 - 00000000 ____D C:\Users\Michael Schoenball\Documents\Initiativen, Kampagnen 2013-09-15 21:39 - 2013-09-15 21:39 - 97671483 _____ C:\windows\SysWOW64\Ꮆ㶊 2013-09-15 15:40 - 2013-09-15 15:40 - 00000000 ____D C:\FRST 2013-09-15 15:30 - 2013-09-15 15:30 - 00000000 ____D C:\windows\ERUNT 2013-09-15 15:24 - 2013-09-30 20:35 - 00000000 ____D C:\AdwCleaner 2013-09-14 01:52 - 2013-09-14 01:52 - 00000000 ____D C:\Users\Michael Schoenball\AppData\Local\Google 2013-09-14 01:50 - 2013-09-14 01:50 - 00000000 ____D C:\Program Files (x86)\1clickmoviedownloader.com 2013-09-12 10:42 - 2013-08-10 07:22 - 00051712 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe 2013-09-12 10:42 - 2013-08-10 07:20 - 02647040 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll 2013-09-12 10:42 - 2013-08-10 07:20 - 00526336 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll 2013-09-12 10:42 - 2013-08-10 07:20 - 00136704 _____ (Microsoft Corporation) C:\windows\system32\iesysprep.dll 2013-09-12 10:42 - 2013-08-10 07:20 - 00067072 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll 2013-09-12 10:42 - 2013-08-10 07:20 - 00039936 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll 2013-09-12 10:42 - 2013-08-10 05:58 - 02048000 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll 2013-09-12 10:42 - 2013-08-10 05:58 - 00391168 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieui.dll 2013-09-12 10:42 - 2013-08-10 05:58 - 00109056 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesysprep.dll 2013-09-12 10:42 - 2013-08-10 05:58 - 00061440 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesetup.dll 2013-09-12 10:42 - 2013-08-10 05:58 - 00033280 _____ (Microsoft Corporation) C:\windows\SysWOW64\iernonce.dll 2013-09-12 10:42 - 2013-08-10 05:17 - 02706432 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb 2013-09-12 10:42 - 2013-08-10 05:07 - 02706432 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.tlb 2013-09-12 10:42 - 2013-08-10 04:27 - 00089600 _____ (Microsoft Corporation) C:\windows\system32\RegisterIEPKEYs.exe 2013-09-12 10:42 - 2013-08-10 04:17 - 00071680 _____ (Microsoft Corporation) C:\windows\SysWOW64\RegisterIEPKEYs.exe 2013-09-12 09:36 - 2013-08-10 07:22 - 02241024 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll 2013-09-12 09:36 - 2013-08-10 07:22 - 01365504 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll 2013-09-12 09:36 - 2013-08-10 07:21 - 19246592 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll 2013-09-12 09:36 - 2013-08-10 07:21 - 00603136 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll 2013-09-12 09:36 - 2013-08-10 07:21 - 00053248 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll 2013-09-12 09:36 - 2013-08-10 07:20 - 15404544 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll 2013-09-12 09:36 - 2013-08-10 07:20 - 03959296 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll 2013-09-12 09:36 - 2013-08-10 07:20 - 00855552 _____ (Microsoft Corporation) C:\windows\system32\jscript.dll 2013-09-12 09:36 - 2013-08-10 05:59 - 01767936 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll 2013-09-12 09:36 - 2013-08-10 05:59 - 01141248 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll 2013-09-12 09:36 - 2013-08-10 05:58 - 14332928 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll 2013-09-12 09:36 - 2013-08-10 05:58 - 13761024 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll 2013-09-12 09:36 - 2013-08-10 05:58 - 02876928 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll 2013-09-12 09:36 - 2013-08-10 05:58 - 00690688 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript.dll 2013-09-12 09:36 - 2013-08-10 05:58 - 00493056 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll 2013-09-12 09:36 - 2013-08-10 05:58 - 00039424 _____ (Microsoft Corporation) C:\windows\SysWOW64\jsproxy.dll 2013-09-11 09:37 - 2013-08-08 03:20 - 03155456 _____ (Microsoft Corporation) C:\windows\system32\win32k.sys 2013-09-11 09:37 - 2013-08-05 04:25 - 00155584 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ataport.sys 2013-09-11 09:37 - 2013-08-02 04:23 - 05550528 _____ (Microsoft Corporation) C:\windows\system32\ntoskrnl.exe 2013-09-11 09:37 - 2013-08-02 04:15 - 01732032 _____ (Microsoft Corporation) C:\windows\system32\ntdll.dll 2013-09-11 09:37 - 2013-08-02 04:15 - 00362496 _____ (Microsoft Corporation) C:\windows\system32\wow64win.dll 2013-09-11 09:37 - 2013-08-02 04:15 - 00243712 _____ (Microsoft Corporation) C:\windows\system32\wow64.dll 2013-09-11 09:37 - 2013-08-02 04:15 - 00013312 _____ (Microsoft Corporation) C:\windows\system32\wow64cpu.dll 2013-09-11 09:37 - 2013-08-02 04:14 - 00215040 _____ (Microsoft Corporation) C:\windows\system32\winsrv.dll 2013-09-11 09:37 - 2013-08-02 04:14 - 00016384 _____ (Microsoft Corporation) C:\windows\system32\ntvdm64.dll 2013-09-11 09:37 - 2013-08-02 04:13 - 01161216 _____ (Microsoft Corporation) C:\windows\system32\kernel32.dll 2013-09-11 09:37 - 2013-08-02 04:13 - 00424448 _____ (Microsoft Corporation) C:\windows\system32\KernelBase.dll 2013-09-11 09:37 - 2013-08-02 04:12 - 00043520 _____ (Microsoft Corporation) C:\windows\system32\csrsrv.dll 2013-09-11 09:37 - 2013-08-02 04:12 - 00006656 _____ (Microsoft Corporation) C:\windows\system32\apisetschema.dll 2013-09-11 09:37 - 2013-08-02 04:12 - 00006144 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-security-base-l1-1-0.dll 2013-09-11 09:37 - 2013-08-02 04:12 - 00005120 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-file-l1-1-0.dll 2013-09-11 09:37 - 2013-08-02 04:12 - 00004608 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-threadpool-l1-1-0.dll 2013-09-11 09:37 - 2013-08-02 04:12 - 00004608 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-processthreads-l1-1-0.dll 2013-09-11 09:37 - 2013-08-02 04:12 - 00004096 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll 2013-09-11 09:37 - 2013-08-02 04:12 - 00004096 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-synch-l1-1-0.dll 2013-09-11 09:37 - 2013-08-02 04:12 - 00004096 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-localregistry-l1-1-0.dll 2013-09-11 09:37 - 2013-08-02 04:12 - 00004096 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-localization-l1-1-0.dll 2013-09-11 09:37 - 2013-08-02 04:12 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll 2013-09-11 09:37 - 2013-08-02 04:12 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll 2013-09-11 09:37 - 2013-08-02 04:12 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll 2013-09-11 09:37 - 2013-08-02 04:12 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-misc-l1-1-0.dll 2013-09-11 09:37 - 2013-08-02 04:12 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-memory-l1-1-0.dll 2013-09-11 09:37 - 2013-08-02 04:12 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll 2013-09-11 09:37 - 2013-08-02 04:12 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-heap-l1-1-0.dll 2013-09-11 09:37 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-xstate-l1-1-0.dll 2013-09-11 09:37 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-util-l1-1-0.dll 2013-09-11 09:37 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-string-l1-1-0.dll 2013-09-11 09:37 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-profile-l1-1-0.dll 2013-09-11 09:37 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-io-l1-1-0.dll 2013-09-11 09:37 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-interlocked-l1-1-0.dll 2013-09-11 09:37 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-handle-l1-1-0.dll 2013-09-11 09:37 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-fibers-l1-1-0.dll 2013-09-11 09:37 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll 2013-09-11 09:37 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-delayload-l1-1-0.dll 2013-09-11 09:37 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-debug-l1-1-0.dll 2013-09-11 09:37 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-datetime-l1-1-0.dll 2013-09-11 09:37 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-console-l1-1-0.dll 2013-09-11 09:37 - 2013-08-02 03:59 - 03968960 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntkrnlpa.exe 2013-09-11 09:37 - 2013-08-02 03:59 - 03913664 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntoskrnl.exe 2013-09-11 09:37 - 2013-08-02 03:51 - 01292192 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntdll.dll 2013-09-11 09:37 - 2013-08-02 03:50 - 01114112 _____ (Microsoft Corporation) C:\windows\SysWOW64\kernel32.dll 2013-09-11 09:37 - 2013-08-02 03:50 - 00274944 _____ (Microsoft Corporation) C:\windows\SysWOW64\KernelBase.dll 2013-09-11 09:37 - 2013-08-02 03:50 - 00005120 _____ (Microsoft Corporation) C:\windows\SysWOW64\wow32.dll 2013-09-11 09:37 - 2013-08-02 03:48 - 00006656 _____ (Microsoft Corporation) C:\windows\SysWOW64\apisetschema.dll 2013-09-11 09:37 - 2013-08-02 03:48 - 00005120 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll 2013-09-11 09:37 - 2013-08-02 03:48 - 00004608 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll 2013-09-11 09:37 - 2013-08-02 03:48 - 00004096 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll 2013-09-11 09:37 - 2013-08-02 03:48 - 00004096 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll 2013-09-11 09:37 - 2013-08-02 03:48 - 00004096 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll 2013-09-11 09:37 - 2013-08-02 03:48 - 00004096 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll 2013-09-11 09:37 - 2013-08-02 03:48 - 00004096 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll 2013-09-11 09:37 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll 2013-09-11 09:37 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll 2013-09-11 09:37 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll 2013-09-11 09:37 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll 2013-09-11 09:37 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll 2013-09-11 09:37 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll 2013-09-11 09:37 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll 2013-09-11 09:37 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll 2013-09-11 09:37 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll 2013-09-11 09:37 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll 2013-09-11 09:37 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll 2013-09-11 09:37 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll 2013-09-11 09:37 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll 2013-09-11 09:37 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll 2013-09-11 09:37 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll 2013-09-11 09:37 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll 2013-09-11 09:37 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll 2013-09-11 09:37 - 2013-08-02 03:09 - 00338432 _____ (Microsoft Corporation) C:\windows\system32\conhost.exe 2013-09-11 09:37 - 2013-08-02 02:59 - 00112640 _____ (Microsoft Corporation) C:\windows\system32\smss.exe 2013-09-11 09:37 - 2013-08-02 02:45 - 00025600 _____ (Microsoft Corporation) C:\windows\SysWOW64\setup16.exe 2013-09-11 09:37 - 2013-08-02 02:45 - 00014336 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntvdm64.dll 2013-09-11 09:37 - 2013-08-02 02:45 - 00007680 _____ (Microsoft Corporation) C:\windows\SysWOW64\instnm.exe 2013-09-11 09:37 - 2013-08-02 02:45 - 00002048 _____ (Microsoft Corporation) C:\windows\SysWOW64\user.exe 2013-09-11 09:37 - 2013-08-02 02:43 - 00006144 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll 2013-09-11 09:37 - 2013-08-02 02:43 - 00004608 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll 2013-09-11 09:37 - 2013-08-02 02:43 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll 2013-09-11 09:37 - 2013-08-02 02:43 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll 2013-09-11 09:37 - 2013-07-26 04:24 - 14172672 _____ (Microsoft Corporation) C:\windows\system32\shell32.dll 2013-09-11 09:37 - 2013-07-26 04:24 - 00197120 _____ (Microsoft Corporation) C:\windows\system32\shdocvw.dll 2013-09-11 09:37 - 2013-07-26 03:55 - 12872704 _____ (Microsoft Corporation) C:\windows\SysWOW64\shell32.dll 2013-09-11 09:37 - 2013-07-26 03:55 - 00180224 _____ (Microsoft Corporation) C:\windows\SysWOW64\shdocvw.dll 2013-09-11 09:20 - 2013-09-12 00:12 - 97181529 _____ C:\windows\SysWOW64\䌾懚X 2013-09-10 23:54 - 2013-09-29 19:53 - 00000000 ____D C:\ProgramData\Avira 2013-09-10 23:51 - 2013-09-10 23:51 - 02092792 _____ C:\Users\Michael Schoenball\Downloads\avira_free_4052_antivirus.exe 2013-09-04 11:59 - 2013-09-04 11:59 - 00019212 _____ C:\Users\Michael Schoenball\Documents\Trinksprüche.odt ==================== One Month Modified Files and Folders ======= 2013-09-30 20:58 - 2013-09-30 20:58 - 00000855 _____ C:\Users\Michael Schoenball\Desktop\JRT.txt 2013-09-30 20:48 - 2009-07-14 06:45 - 00020720 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2013-09-30 20:48 - 2009-07-14 06:45 - 00020720 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2013-09-30 20:43 - 2013-09-30 20:43 - 01030305 _____ (Thisisu) C:\Users\Michael Schoenball\Desktop\JRT.exe 2013-09-30 20:38 - 2012-02-28 16:29 - 00000000 ___RD C:\Users\Michael Schoenball\Dropbox 2013-09-30 20:38 - 2012-02-28 16:26 - 00000000 ____D C:\Users\Michael Schoenball\AppData\Roaming\Dropbox 2013-09-30 20:37 - 2013-09-30 20:37 - 00001291 _____ C:\Users\Michael Schoenball\Desktop\AdwCleaner[S3].txt 2013-09-30 20:37 - 2011-10-28 11:41 - 00000000 ____D C:\Users\Michael Schoenball\AppData\Local\SoftThinks 2013-09-30 20:37 - 2011-10-22 23:53 - 00000000 ____D C:\Program Files (x86)\Dell DataSafe Local Backup 2013-09-30 20:36 - 2009-07-14 07:08 - 00000006 ____H C:\windows\Tasks\SA.DAT 2013-09-30 20:36 - 2009-07-14 06:51 - 00092198 _____ C:\windows\setupact.log 2013-09-30 20:35 - 2013-09-15 15:24 - 00000000 ____D C:\AdwCleaner 2013-09-30 20:35 - 2011-10-22 22:33 - 01632784 _____ C:\windows\WindowsUpdate.log 2013-09-30 20:30 - 2013-09-30 20:30 - 00003288 ____N C:\bootsqm.dat 2013-09-30 20:30 - 2010-11-21 05:47 - 00391790 _____ C:\windows\PFRO.log 2013-09-30 20:29 - 2013-09-30 20:29 - 00000000 __SHD C:\found.000 2013-09-30 20:15 - 2013-09-30 20:15 - 00001111 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk 2013-09-30 20:15 - 2013-09-30 20:15 - 00000000 ____D C:\Users\Michael Schoenball\AppData\Roaming\Malwarebytes 2013-09-30 20:15 - 2013-09-30 20:15 - 00000000 ____D C:\ProgramData\Malwarebytes 2013-09-30 20:15 - 2013-09-30 20:15 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware 2013-09-30 20:15 - 2013-09-30 20:14 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\Michael Schoenball\Downloads\mbam-setup-1.75.0.1300.exe 2013-09-30 20:12 - 2009-07-14 05:20 - 00000000 ____D C:\windows\system32\NDF 2013-09-30 19:28 - 2013-02-14 20:59 - 00000884 _____ C:\windows\Tasks\Adobe Flash Player Updater.job 2013-09-30 12:35 - 2011-12-23 22:59 - 00000000 ____D C:\windows\System32\Tasks\Games 2013-09-30 12:35 - 2009-07-14 05:20 - 00000000 ____D C:\windows\rescache 2013-09-30 12:04 - 2013-06-03 23:22 - 00003440 _____ C:\windows\System32\Tasks\PCDEventLauncherTask 2013-09-30 11:57 - 2013-09-23 14:39 - 00001051 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk 2013-09-30 11:57 - 2011-10-28 11:45 - 00001023 _____ C:\Users\Michael Schoenball\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk 2013-09-30 11:56 - 2013-09-30 11:56 - 01042066 _____ C:\Users\Michael Schoenball\Desktop\adwcleaner_3.0.0.5.exe 2013-09-30 11:33 - 2013-09-29 19:46 - 00000000 ____D C:\Program Files (x86)\BonanzaDeals 2013-09-30 11:24 - 2013-07-20 12:26 - 00000000 ____D C:\windows\8AE3CFB678B24F55A7BE618FCFF43A03.TMP 2013-09-30 10:19 - 2013-09-30 10:19 - 00030022 _____ C:\ComboFix.txt 2013-09-30 10:19 - 2013-09-30 10:07 - 00000000 ____D C:\Qoobox 2013-09-30 10:19 - 2009-07-14 05:20 - 00000000 __RHD C:\Users\Default 2013-09-30 10:17 - 2013-09-30 10:07 - 00000000 ____D C:\windows\erdnt 2013-09-30 10:16 - 2009-07-14 04:34 - 00000215 _____ C:\windows\system.ini 2013-09-30 10:06 - 2013-09-30 10:06 - 00009719 _____ C:\Users\Michael Schoenball\Desktop\ESTAScan druckvorlage.odt 2013-09-30 10:01 - 2011-10-23 01:23 - 10912608 _____ C:\windows\system32\perfh007.dat 2013-09-30 10:01 - 2011-10-23 01:23 - 03447482 _____ C:\windows\system32\perfc007.dat 2013-09-30 10:01 - 2009-07-14 07:13 - 00006756 _____ C:\windows\system32\PerfStringBackup.INI 2013-09-30 10:00 - 2013-09-30 10:00 - 05131234 ____R (Swearware) C:\Users\Michael Schoenball\Desktop\ComboFix.exe 2013-09-30 09:58 - 2013-09-29 20:57 - 00000095 _____ C:\Users\Michael Schoenball\AppData\Roaming\WB.CFG 2013-09-30 09:58 - 2013-09-29 20:57 - 00000005 _____ C:\Users\Michael Schoenball\AppData\Roaming\WBPU-TTL.DAT 2013-09-29 20:07 - 2013-09-29 20:06 - 00053591 _____ C:\Users\Michael Schoenball\Downloads\FRST.txt 2013-09-29 20:02 - 2013-09-29 20:02 - 01953880 _____ (Farbar) C:\Users\Michael Schoenball\Desktop\FRST64.exe 2013-09-29 19:53 - 2013-09-10 23:54 - 00000000 ____D C:\ProgramData\Avira 2013-09-29 19:46 - 2013-09-29 19:46 - 00749248 _____ C:\Users\Michael Schoenball\Downloads\ZipExtractorSetup.exe 2013-09-29 19:43 - 2013-09-29 19:24 - 00060510 _____ C:\Users\Michael Schoenball\Downloads\Extras.Txt 2013-09-29 19:23 - 2013-09-29 19:23 - 00112384 _____ C:\Users\Michael Schoenball\Downloads\OTL.Txt 2013-09-29 18:41 - 2013-09-29 18:41 - 00602112 _____ (OldTimer Tools) C:\Users\Michael Schoenball\Downloads\OTL.exe 2013-09-28 18:29 - 2013-09-28 18:29 - 00000000 ____D C:\Users\Michael Schoenball\AppData\Roaming\Windows Live Writer 2013-09-28 18:29 - 2013-09-28 18:29 - 00000000 ____D C:\Users\Michael Schoenball\AppData\Local\Windows Live Writer 2013-09-28 18:23 - 2011-10-28 11:41 - 00068552 _____ C:\Users\Michael Schoenball\AppData\Local\GDIPFONTCACHEV1.DAT 2013-09-28 18:22 - 2009-07-14 06:45 - 00303664 _____ C:\windows\system32\FNTCACHE.DAT 2013-09-28 00:39 - 2011-11-10 01:42 - 00000000 ____D C:\Users\Michael Schoenball\AppData\Roaming\SoftGrid Client 2013-09-27 20:20 - 2013-09-27 20:20 - 00001116 _____ C:\Users\Public\Desktop\OpenOffice 4.0.1.lnk 2013-09-27 20:20 - 2013-09-27 20:20 - 00000000 ____D C:\Users\Michael Schoenball\AppData\Roaming\OpenOffice 2013-09-27 20:19 - 2013-09-27 20:19 - 00000000 ____D C:\Program Files (x86)\OpenOffice 4 2013-09-27 20:18 - 2009-07-14 05:20 - 00000000 ____D C:\Program Files\Common Files\Microsoft Shared 2013-09-27 20:13 - 2013-09-27 20:10 - 163606685 _____ C:\Users\Michael Schoenball\Downloads\Apache_OpenOffice_4.0.1_Win_x86_install_de.exe 2013-09-27 13:22 - 2013-09-27 11:40 - 00000000 ____D C:\Users\Michael Schoenball\Desktop\Lieder 30 WFD 2013-09-26 09:57 - 2013-09-26 09:56 - 00000000 ____D C:\Users\Michael Schoenball\Downloads\Marie Kees fotos 2013-09-26 09:32 - 2013-09-26 09:32 - 02650026 _____ C:\Users\Michael Schoenball\Downloads\awfotos30jahrewfd.zip 2013-09-26 09:29 - 2013-09-26 09:29 - 00010460 _____ C:\Users\Michael Schoenball\Downloads\rooming list academic orchestra 2013.xlsx 2013-09-23 14:39 - 2013-09-19 12:38 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox 2013-09-22 10:40 - 2012-06-10 19:28 - 00000000 ____D C:\Users\Michael Schoenball\Documents\Theologische Texte Impulse 2013-09-21 12:11 - 2013-06-03 23:22 - 00000000 ____D C:\Program Files\My Dell 2013-09-21 12:11 - 2012-03-06 16:00 - 00000000 ____D C:\ProgramData\PCDr 2013-09-20 11:28 - 2013-02-14 20:59 - 00692616 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerApp.exe 2013-09-20 11:28 - 2013-02-14 20:59 - 00071048 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl 2013-09-20 11:28 - 2013-02-14 20:59 - 00003822 _____ C:\windows\System32\Tasks\Adobe Flash Player Updater 2013-09-19 22:09 - 2013-09-27 11:26 - 16999796 ____C C:\Users\Michael Schoenball\Downloads\jens_kober1 - Kopie.jpg.tif 2013-09-19 22:09 - 2013-09-19 22:07 - 16999796 _____ C:\Users\Michael Schoenball\Downloads\jens_kober1.tif 2013-09-19 13:39 - 2011-10-28 16:49 - 00000000 ____D C:\Users\Michael Schoenball\AppData\Local\Mozilla 2013-09-17 15:08 - 2013-09-17 15:06 - 05216044 _____ C:\Users\Michael Schoenball\Downloads\cusanus2.wav 2013-09-16 13:05 - 2013-09-16 13:05 - 00007898 _____ C:\Users\Michael Schoenball\Downloads\Raster Bühnenprogramm.odt 2013-09-16 01:22 - 2012-09-26 22:29 - 00000000 ____D C:\Users\Michael Schoenball\Documents\Noten 2013-09-16 01:20 - 2013-04-19 16:51 - 00000000 ____D C:\Users\Michael Schoenball\Documents\Cusanuswerk 2013-09-16 01:19 - 2013-09-16 01:18 - 00000000 ____D C:\Users\Michael Schoenball\Documents\Initiativen, Kampagnen 2013-09-15 21:39 - 2013-09-15 21:39 - 97671483 _____ C:\windows\SysWOW64\Ꮆ㶊 2013-09-15 15:40 - 2013-09-15 15:40 - 00000000 ____D C:\FRST 2013-09-15 15:30 - 2013-09-15 15:30 - 00000000 ____D C:\windows\ERUNT 2013-09-14 10:11 - 2013-02-14 20:59 - 00002592 _____ C:\windows\SysWOW64\InstallUtil.InstallLog 2013-09-14 09:59 - 2011-10-28 11:45 - 00000000 ___RD C:\Users\Michael Schoenball\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup 2013-09-14 09:59 - 2011-10-28 11:45 - 00000000 ___RD C:\Users\Michael Schoenball\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools 2013-09-14 01:52 - 2013-09-14 01:52 - 00000000 ____D C:\Users\Michael Schoenball\AppData\Local\Google 2013-09-14 01:50 - 2013-09-14 01:50 - 00000000 ____D C:\Program Files (x86)\1clickmoviedownloader.com 2013-09-12 09:36 - 2011-11-10 01:41 - 00000000 ____D C:\Program Files (x86)\Microsoft Application Virtualization Client 2013-09-12 00:12 - 2013-09-11 09:20 - 97181529 _____ C:\windows\SysWOW64\䌾懚X 2013-09-10 23:51 - 2013-09-10 23:51 - 02092792 _____ C:\Users\Michael Schoenball\Downloads\avira_free_4052_antivirus.exe 2013-09-04 16:15 - 2012-11-05 00:12 - 00000000 ____D C:\Users\Michael Schoenball\Documents\Collegium musicum 2013-09-04 11:59 - 2013-09-04 11:59 - 00019212 _____ C:\Users\Michael Schoenball\Documents\Trinksprüche.odt Some content of TEMP: ==================== C:\Users\Michael Schoenball\AppData\Local\Temp\Quarantine.exe C:\Users\Michael Schoenball\AppData\Local\Temp\uninst1.exe ==================== Bamital & volsnap Check ================= C:\Windows\System32\winlogon.exe => MD5 is legit C:\Windows\System32\wininit.exe => MD5 is legit C:\Windows\SysWOW64\wininit.exe => MD5 is legit C:\Windows\explorer.exe => MD5 is legit C:\Windows\SysWOW64\explorer.exe => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\SysWOW64\svchost.exe => MD5 is legit C:\Windows\System32\services.exe => MD5 is legit C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\SysWOW64\User32.dll => MD5 is legit C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\SysWOW64\userinit.exe => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit LastRegBack: 2013-09-21 13:45 ==================== End Of Log ============================ bis bald micha |
01.10.2013, 16:24 | #8 |
/// the machine /// TB-Ausbilder | Windows7: Infektion mit IhavenetESET Online Scanner
Downloade Dir bitte SecurityCheck und:
und ein frisches FRST log bitte. Noch Probleme?
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
02.10.2013, 07:03 | #9 |
| Windows7: Infektion mit Ihavenet Morgen Schrauber, hier die gewünschten Dokumente: 1. Eset Scan: Code:
ATTFilter ESETSmartInstaller@High as downloader log: all ok # version=8 # OnlineScannerApp.exe=1.0.0.1 # OnlineScanner.ocx=1.0.0.6920 # api_version=3.0.2 # EOSSerial=2ff1b64f210ea540a9aa5c3101c7b9e0 # engine=15326 # end=finished # remove_checked=false # archives_checked=true # unwanted_checked=false # unsafe_checked=false # antistealth_checked=true # utc_time=2013-10-02 12:13:12 # local_time=2013-10-02 02:13:12 (+0100, Mitteleuropäische Sommerzeit) # country="Germany" # lang=1033 # osver=6.1.7601 NT Service Pack 1 # compatibility_mode=5893 16776574 100 94 5985677 132302642 0 0 # scanned=237403 # found=2 # cleaned=0 # scan_time=8382 sh=3AEF532A0211CE7869F0EB51E940D9E0C7CAE321 ft=1 fh=c7560653d3ee2314 vn="a variant of Win32/Adware.Yontoo.B application" ac=I fn="C:\AdwCleaner\Quarantine\C\ProgramData\Tarma Installer\{361E80BE-388B-4270-BF54-A10C2B756504}\_Setupx.dll.vir" sh=87F8768AB4E6928E8309BB01EB309EFBF197DF1C ft=1 fh=c71c0011f7276225 vn="a variant of Win32/Kryptik.BKJD trojan" ac=I fn="C:\Qoobox\Quarantine\C\Users\Michael Schoenball\AppData\Roaming\msfeedsbsh.dll.vir" Code:
ATTFilter Results of screen317's Security Check version 0.99.73 Windows 7 Service Pack 1 x64 (UAC is enabled) Internet Explorer 10 ``````````````Antivirus/Firewall Check:`````````````` Trend Micro Titanium Internet Security Antivirus out of date! (On Access scanning disabled!) `````````Anti-malware/Other Utilities Check:````````` Malwarebytes Anti-Malware Version 1.75.0.1300 Java(TM) 6 Update 22 Java(TM) 6 Update 27 Java version out of Date! Adobe Flash Player 11.8.800.168 Mozilla Firefox (24.0) ````````Process Check: objlist.exe by Laurent```````` Trend Micro AMSP coreServiceShell.exe Trend Micro UniClient UiFrmWrk uiWatchDog.exe Trend Micro AMSP coreFrameworkHost.exe Trend Micro UniClient UiFrmWrk uiSeAgnt.exe `````````````````System Health check````````````````` Total Fragmentation on Drive C: ````````````````````End of Log`````````````````````` FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 27-09-2013 02 Ran by Michael Schoenball (administrator) on MICHAELSCHOENBA on 02-10-2013 07:58:45 Running from C:\Users\Michael Schoenball\Desktop Windows 7 Professional Service Pack 1 (X64) OS Language: German Standard Internet Explorer Version 10 Boot Mode: Normal ==================== Processes (Whitelisted) ================= (Validity Sensors, Inc.) C:\Windows\system32\vcsFPService.exe (Microsoft Corporation) C:\windows\system32\WLANExt.exe (DigitalPersona, Inc.) C:\Program Files\DigitalPersona\Bin\DpHostW.exe (Trend Micro Inc.) C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe (Trend Micro Inc.) C:\Program Files\Trend Micro\UniClient\UiFrmWrk\uiWatchDog.exe (Trend Micro Inc.) C:\Program Files\Trend Micro\AMSP\coreFrameworkHost.exe (Intel Corporation) C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe (Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe (Intel(R) Corporation) C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe (Conexant Systems Inc.) C:\Windows\system32\CxAudMsg64.exe (Conexant Systems, Inc.) C:\Program Files\Conexant\SA3\CxUtilSvc.exe (Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe (Dell, Inc.) C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe (Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe (SoftThinks SAS) C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE (Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe (SoftThinks - Dell) C:\Program Files (x86)\Dell DataSafe Local Backup\TOASTER.EXE () C:\Program Files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe (Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe (Intel Corporation) C:\Windows\System32\igfxtray.exe (Intel Corporation) C:\Windows\System32\hkcmd.exe (Intel Corporation) C:\Windows\System32\igfxpers.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe () C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe (Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe (Trend Micro Inc.) C:\Program Files\Trend Micro\UniClient\UiFrmWrk\uiSeAgnt.exe (Conexant Systems, Inc.) C:\Program Files\Conexant\SA3\SmartAudio3.exe (Creative Technology Ltd) C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe (McAfee, Inc.) C:\Program Files (x86)\McAfee Security Scan\3.0.318\SSScheduler.exe (Microsoft Corporation) C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE () C:\Users\Michael Schoenball\AppData\Roaming\CBS Interactive\CNET TechTracker\TechTracker.exe (Dropbox, Inc.) C:\Users\Michael Schoenball\AppData\Roaming\Dropbox\bin\Dropbox.exe (OpenOffice.org) C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe (OpenOffice.org) C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin (Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe (Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\BTPlayerCtrl.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Adobe Systems, Inc.) C:\windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_8_800_168.exe (Adobe Systems, Inc.) C:\windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_8_800_168.exe (Intel Corporation) C:\Windows\system32\igfxsrvc.exe ==================== Registry (Whitelisted) ================== HKLM\...\Run: [HotKeysCmds] - C:\Windows\system32\hkcmd.exe [ ] () HKLM\...\Run: [SmartAudio] - C:\Program Files\CONEXANT\SA3\SACpl.exe [1573504 2011-06-24] (Conexant Systems, Inc.) HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2780968 2011-04-30] (Synaptics Incorporated) HKLM\...\Run: [FreeFallProtection] - C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe [686704 2010-12-17] () HKLM\...\Run: [IntelPAN] - C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe [1935120 2011-07-28] (Intel(R) Corporation) HKLM\...\Run: [BTMTrayAgent] - rundll32.exe "C:\Program Files (x86)\Intel\Bluetooth\btmshell.dll",TrayApp HKLM\...\Run: [Trend Micro Client Framework] - C:\Program Files\Trend Micro\UniClient\UiFrmWrk\UIWatchDog.exe [192520 2011-05-21] (Trend Micro Inc.) HKLM\...\Run: [Trend Micro Titanium] - C:\Program Files\Trend Micro\Titanium\UIFramework\uiWinMgr.exe [1119392 2011-05-21] (Trend Micro Inc.) Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation) HKLM-x32\...\Run: [Dell Webcam Central] - C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe [503942 2011-04-13] (Creative Technology Ltd) HKLM-x32\...\Run: [IAStorIcon] - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [283160 2011-02-18] (Intel Corporation) HKLM-x32\...\Run: [Dell DataSafe Online] - C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuClient.exe [1117528 2010-08-26] (Dell, Inc.) HKLM-x32\...\Run: [Adobe Reader Speed Launcher] - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe [35736 2010-11-16] (Adobe Systems Incorporated) HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [932288 2010-11-16] (Adobe Systems Incorporated) Lsa: [Notification Packages] DPPassFilter scecli Startup: C:\Users\Michael Schoenball\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CNET TechTracker.lnk ShortcutTarget: CNET TechTracker.lnk -> C:\Users\Michael Schoenball\AppData\Roaming\CBS Interactive\CNET TechTracker\TechTracker.exe () Startup: C:\Users\Michael Schoenball\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk ShortcutTarget: Dropbox.lnk -> C:\Users\Michael Schoenball\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) Startup: C:\Users\Michael Schoenball\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk ShortcutTarget: OpenOffice.org 3.3.lnk -> C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe () ==================== Internet (Whitelisted) ==================== ProxyServer: proxy.drsintra.de:8080 HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe SearchScopes: HKLM - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = BHO: TmIEPlugInBHO Class - {1CA1377B-DC1D-4A52-9585-6E06050FAC53} - C:\Program Files\Trend Micro\AMSP\Module\20004\1.5.1464\6.6.1077\TmIEPlg.dll (Trend Micro Inc.) BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) BHO: TmBpIeBHO Class - {BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC} - C:\Program Files\Trend Micro\AMSP\Module\20002\6.6.1010\6.6.1010\TmBpIe64.dll (Trend Micro Inc.) BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.) BHO-x32: MSS+ Identifier - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files (x86)\McAfee Security Scan\3.0.318\McAfeeMSS_IE.dll (McAfee, Inc.) BHO-x32: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated) BHO-x32: TmIEPlugInBHO Class - {1CA1377B-DC1D-4A52-9585-6E06050FAC53} - C:\Program Files\Trend Micro\AMSP\Module\20004\1.5.1464\6.6.1077\TmIEPlg32.dll (Trend Micro Inc.) BHO-x32: Windows Live ID-Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) BHO-x32: TmBpIeBHO Class - {BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC} - C:\Program Files\Trend Micro\AMSP\Module\20002\6.6.1010\6.6.1010\TmBpIe32.dll (Trend Micro Inc.) BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.) Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - No File Handler: tmbp - {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - C:\Program Files\Trend Micro\AMSP\Module\20002\6.6.1010\6.6.1010\TmBpIe64.dll (Trend Micro Inc.) Handler: tmpx - {0E526CB5-7446-41D1-A403-19BFE95E8C23} - C:\Program Files\Trend Micro\AMSP\Module\20004\1.5.1464\6.6.1077\TmIEPlg.dll (Trend Micro Inc.) Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies) Handler-x32: tmbp - {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - C:\Program Files\Trend Micro\AMSP\Module\20002\6.6.1010\6.6.1010\TmBpIe32.dll (Trend Micro Inc.) Handler-x32: tmpx - {0E526CB5-7446-41D1-A403-19BFE95E8C23} - C:\Program Files\Trend Micro\AMSP\Module\20004\1.5.1464\6.6.1077\TmIEPlg32.dll (Trend Micro Inc.) Tcpip\Parameters: [DhcpNameServer] 192.168.178.1 FireFox: ======== FF ProfilePath: C:\Users\Michael Schoenball\AppData\Roaming\Mozilla\Firefox\Profiles\8h0eeyhr.default-1380534715240 FF Homepage: hxxp://www.ecosia.org FF Plugin: @adobe.com/FlashPlayer - C:\windows\system32\Macromed\Flash\NPSWF64_11_8_800_168.dll () FF Plugin: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf - C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.) FF Plugin: @java.com/JavaPlugin - C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation) FF Plugin-x32: @adobe.com/FlashPlayer - C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_168.dll () FF Plugin-x32: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf - C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.) FF Plugin-x32: @java.com/JavaPlugin - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF Plugin-x32: @mcafee.com/McAfeeMssPlugin - C:\Program Files (x86)\McAfee Security Scan\3.0.318\npMcAfeeMss.dll (McAfee, Inc.) FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin-x32: @videolan.org/vlc,version=2.0.3 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN) FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml FF HKLM-x32\...\Firefox\Extensions: [{22C7F6C6-8D67-4534-92B5-529A0EC09405}] - C:\Program Files\Trend Micro\AMSP\Module\20004\1.5.1464\6.6.1077\firefoxextension\ FF Extension: Trend Micro NSC Firefox Extension - C:\Program Files\Trend Micro\AMSP\Module\20004\1.5.1464\6.6.1077\firefoxextension\ FF HKLM-x32\...\Firefox\Extensions: [otis@digitalpersona.com] - C:\Program Files (x86)\DigitalPersona\Bin\FirefoxExt\ FF Extension: DigitalPersona Extension - C:\Program Files (x86)\DigitalPersona\Bin\FirefoxExt\ Chrome: ======= Error reading preferences. Please check "preferences" file for possible corruption. <======= ATTENTION CHR HKLM-x32\...\Chrome\Extension: [hpomcmndppalndoljdilmfkkjkcnongl] - C:\Program Files (x86)\1clickmoviedownloader.com\clickmoviedownloader10.crx CHR HKLM-x32\...\Chrome\Extension: [pkhojieggfgllhllcegoffdcnmdeojgb] - C:\Program Files (x86)\IminentToolbar\1.8.25.0\iminent.crx ==================== Services (Whitelisted) ================= R2 CxUtilSvc; C:\Program Files\Conexant\SA3\CxUtilSvc.exe [28288 2011-06-24] (Conexant Systems, Inc.) S3 McComponentHostService; C:\Program Files (x86)\McAfee Security Scan\3.0.318\McCHSvc.exe [235216 2013-02-05] (McAfee, Inc.) S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [340240 2011-07-28] () R2 Amsp; "C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe" coreFrameworkHost.exe -m=rb -dt=60000 [x] ==================== Drivers (Whitelisted) ==================== R2 tmactmon; C:\Windows\System32\DRIVERS\tmactmon.sys [90896 2011-05-21] (Trend Micro Inc.) R2 tmcomm; C:\Windows\System32\DRIVERS\tmcomm.sys [144656 2011-05-21] (Trend Micro Inc.) R2 tmevtmgr; C:\Windows\System32\DRIVERS\tmevtmgr.sys [69392 2011-05-21] (Trend Micro Inc.) R1 tmtdi; C:\Windows\System32\DRIVERS\tmtdi.sys [105552 2011-05-21] (Trend Micro Inc.) S3 catchme; \??\C:\ComboFix\catchme.sys [x] S3 esgiguard; \??\C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [x] ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2013-10-02 07:58 - 2013-10-02 07:58 - 00001050 _____ C:\Users\Michael Schoenball\Desktop\checkup.txt 2013-10-02 07:55 - 2013-10-02 07:55 - 00891144 _____ C:\Users\Michael Schoenball\Desktop\SecurityCheck.exe 2013-10-01 23:46 - 2013-10-01 23:46 - 02347384 _____ (ESET) C:\Users\Michael Schoenball\Downloads\esetsmartinstaller_enu.exe 2013-09-30 20:43 - 2013-09-30 20:43 - 01030305 _____ (Thisisu) C:\Users\Michael Schoenball\Desktop\JRT.exe 2013-09-30 20:29 - 2013-09-30 20:29 - 00000000 __SHD C:\found.000 2013-09-30 20:15 - 2013-09-30 20:15 - 00001111 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk 2013-09-30 20:15 - 2013-09-30 20:15 - 00000000 ____D C:\Users\Michael Schoenball\AppData\Roaming\Malwarebytes 2013-09-30 20:15 - 2013-09-30 20:15 - 00000000 ____D C:\ProgramData\Malwarebytes 2013-09-30 20:15 - 2013-09-30 20:15 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware 2013-09-30 20:15 - 2013-04-04 14:50 - 00025928 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbam.sys 2013-09-30 20:14 - 2013-09-30 20:15 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\Michael Schoenball\Downloads\mbam-setup-1.75.0.1300.exe 2013-09-30 11:56 - 2013-09-30 11:56 - 01042066 _____ C:\Users\Michael Schoenball\Desktop\adwcleaner_3.0.0.5.exe 2013-09-30 10:19 - 2013-09-30 10:19 - 00030022 _____ C:\ComboFix.txt 2013-09-30 10:07 - 2013-09-30 10:19 - 00000000 ____D C:\Qoobox 2013-09-30 10:07 - 2013-09-30 10:17 - 00000000 ____D C:\windows\erdnt 2013-09-30 10:07 - 2011-06-26 08:45 - 00256000 _____ C:\windows\PEV.exe 2013-09-30 10:07 - 2010-11-07 19:20 - 00208896 _____ C:\windows\MBR.exe 2013-09-30 10:07 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\windows\NIRCMD.exe 2013-09-30 10:07 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\windows\SWREG.exe 2013-09-30 10:07 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\windows\SWSC.exe 2013-09-30 10:07 - 2000-08-31 02:00 - 00098816 _____ C:\windows\sed.exe 2013-09-30 10:07 - 2000-08-31 02:00 - 00080412 _____ C:\windows\grep.exe 2013-09-30 10:07 - 2000-08-31 02:00 - 00068096 _____ C:\windows\zip.exe 2013-09-30 10:06 - 2013-09-30 10:06 - 00009719 _____ C:\Users\Michael Schoenball\Desktop\ESTAScan druckvorlage.odt 2013-09-30 10:00 - 2013-09-30 10:00 - 05131234 ____R (Swearware) C:\Users\Michael Schoenball\Desktop\ComboFix.exe 2013-09-29 20:57 - 2013-09-30 09:58 - 00000095 _____ C:\Users\Michael Schoenball\AppData\Roaming\WB.CFG 2013-09-29 20:57 - 2013-09-30 09:58 - 00000005 _____ C:\Users\Michael Schoenball\AppData\Roaming\WBPU-TTL.DAT 2013-09-29 20:06 - 2013-09-29 20:07 - 00053591 _____ C:\Users\Michael Schoenball\Downloads\FRST.txt 2013-09-29 20:02 - 2013-09-29 20:02 - 01953880 _____ (Farbar) C:\Users\Michael Schoenball\Desktop\FRST64.exe 2013-09-29 19:46 - 2013-09-30 11:33 - 00000000 ____D C:\Program Files (x86)\BonanzaDeals 2013-09-29 19:46 - 2013-09-29 19:46 - 00749248 _____ C:\Users\Michael Schoenball\Downloads\ZipExtractorSetup.exe 2013-09-29 19:24 - 2013-09-29 19:43 - 00060510 _____ C:\Users\Michael Schoenball\Downloads\Extras.Txt 2013-09-29 19:23 - 2013-09-29 19:23 - 00112384 _____ C:\Users\Michael Schoenball\Downloads\OTL.Txt 2013-09-29 18:41 - 2013-09-29 18:41 - 00602112 _____ (OldTimer Tools) C:\Users\Michael Schoenball\Downloads\OTL.exe 2013-09-28 18:29 - 2013-09-28 18:29 - 00000000 ____D C:\Users\Michael Schoenball\AppData\Roaming\Windows Live Writer 2013-09-28 18:29 - 2013-09-28 18:29 - 00000000 ____D C:\Users\Michael Schoenball\AppData\Local\Windows Live Writer 2013-09-27 20:20 - 2013-09-27 20:20 - 00001116 _____ C:\Users\Public\Desktop\OpenOffice 4.0.1.lnk 2013-09-27 20:20 - 2013-09-27 20:20 - 00000000 ____D C:\Users\Michael Schoenball\AppData\Roaming\OpenOffice 2013-09-27 20:19 - 2013-09-27 20:19 - 00000000 ____D C:\Program Files (x86)\OpenOffice 4 2013-09-27 20:10 - 2013-09-27 20:13 - 163606685 _____ C:\Users\Michael Schoenball\Downloads\Apache_OpenOffice_4.0.1_Win_x86_install_de.exe 2013-09-27 11:40 - 2013-09-27 13:22 - 00000000 ____D C:\Users\Michael Schoenball\Desktop\Lieder 30 WFD 2013-09-27 11:26 - 2013-09-19 22:09 - 16999796 ____C C:\Users\Michael Schoenball\Downloads\jens_kober1 - Kopie.jpg.tif 2013-09-26 09:56 - 2013-09-26 09:57 - 00000000 ____D C:\Users\Michael Schoenball\Downloads\Marie Kees fotos 2013-09-26 09:32 - 2013-09-26 09:32 - 02650026 _____ C:\Users\Michael Schoenball\Downloads\awfotos30jahrewfd.zip 2013-09-26 09:29 - 2013-09-26 09:29 - 00010460 _____ C:\Users\Michael Schoenball\Downloads\rooming list academic orchestra 2013.xlsx 2013-09-23 14:39 - 2013-09-30 11:57 - 00001051 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk 2013-09-19 22:07 - 2013-09-19 22:09 - 16999796 _____ C:\Users\Michael Schoenball\Downloads\jens_kober1.tif 2013-09-19 12:38 - 2013-09-23 14:39 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox 2013-09-17 15:06 - 2013-09-17 15:08 - 05216044 _____ C:\Users\Michael Schoenball\Downloads\cusanus2.wav 2013-09-16 13:05 - 2013-09-16 13:05 - 00007898 _____ C:\Users\Michael Schoenball\Downloads\Raster Bühnenprogramm.odt 2013-09-16 01:18 - 2013-09-16 01:19 - 00000000 ____D C:\Users\Michael Schoenball\Documents\Initiativen, Kampagnen 2013-09-15 21:39 - 2013-09-15 21:39 - 97671483 _____ C:\windows\SysWOW64\Ꮆ㶊 2013-09-15 15:40 - 2013-09-15 15:40 - 00000000 ____D C:\FRST 2013-09-15 15:30 - 2013-09-15 15:30 - 00000000 ____D C:\windows\ERUNT 2013-09-15 15:24 - 2013-09-30 20:35 - 00000000 ____D C:\AdwCleaner 2013-09-14 01:52 - 2013-09-14 01:52 - 00000000 ____D C:\Users\Michael Schoenball\AppData\Local\Google 2013-09-14 01:50 - 2013-09-14 01:50 - 00000000 ____D C:\Program Files (x86)\1clickmoviedownloader.com 2013-09-12 10:42 - 2013-08-10 07:22 - 00051712 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe 2013-09-12 10:42 - 2013-08-10 07:20 - 02647040 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll 2013-09-12 10:42 - 2013-08-10 07:20 - 00526336 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll 2013-09-12 10:42 - 2013-08-10 07:20 - 00136704 _____ (Microsoft Corporation) C:\windows\system32\iesysprep.dll 2013-09-12 10:42 - 2013-08-10 07:20 - 00067072 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll 2013-09-12 10:42 - 2013-08-10 07:20 - 00039936 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll 2013-09-12 10:42 - 2013-08-10 05:58 - 02048000 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll 2013-09-12 10:42 - 2013-08-10 05:58 - 00391168 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieui.dll 2013-09-12 10:42 - 2013-08-10 05:58 - 00109056 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesysprep.dll 2013-09-12 10:42 - 2013-08-10 05:58 - 00061440 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesetup.dll 2013-09-12 10:42 - 2013-08-10 05:58 - 00033280 _____ (Microsoft Corporation) C:\windows\SysWOW64\iernonce.dll 2013-09-12 10:42 - 2013-08-10 05:17 - 02706432 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb 2013-09-12 10:42 - 2013-08-10 05:07 - 02706432 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.tlb 2013-09-12 10:42 - 2013-08-10 04:27 - 00089600 _____ (Microsoft Corporation) C:\windows\system32\RegisterIEPKEYs.exe 2013-09-12 10:42 - 2013-08-10 04:17 - 00071680 _____ (Microsoft Corporation) C:\windows\SysWOW64\RegisterIEPKEYs.exe 2013-09-12 09:36 - 2013-08-10 07:22 - 02241024 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll 2013-09-12 09:36 - 2013-08-10 07:22 - 01365504 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll 2013-09-12 09:36 - 2013-08-10 07:21 - 19246592 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll 2013-09-12 09:36 - 2013-08-10 07:21 - 00603136 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll 2013-09-12 09:36 - 2013-08-10 07:21 - 00053248 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll 2013-09-12 09:36 - 2013-08-10 07:20 - 15404544 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll 2013-09-12 09:36 - 2013-08-10 07:20 - 03959296 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll 2013-09-12 09:36 - 2013-08-10 07:20 - 00855552 _____ (Microsoft Corporation) C:\windows\system32\jscript.dll 2013-09-12 09:36 - 2013-08-10 05:59 - 01767936 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll 2013-09-12 09:36 - 2013-08-10 05:59 - 01141248 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll 2013-09-12 09:36 - 2013-08-10 05:58 - 14332928 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll 2013-09-12 09:36 - 2013-08-10 05:58 - 13761024 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll 2013-09-12 09:36 - 2013-08-10 05:58 - 02876928 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll 2013-09-12 09:36 - 2013-08-10 05:58 - 00690688 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript.dll 2013-09-12 09:36 - 2013-08-10 05:58 - 00493056 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll 2013-09-12 09:36 - 2013-08-10 05:58 - 00039424 _____ (Microsoft Corporation) C:\windows\SysWOW64\jsproxy.dll 2013-09-11 09:37 - 2013-08-08 03:20 - 03155456 _____ (Microsoft Corporation) C:\windows\system32\win32k.sys 2013-09-11 09:37 - 2013-08-05 04:25 - 00155584 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ataport.sys 2013-09-11 09:37 - 2013-08-02 04:23 - 05550528 _____ (Microsoft Corporation) C:\windows\system32\ntoskrnl.exe 2013-09-11 09:37 - 2013-08-02 04:15 - 01732032 _____ (Microsoft Corporation) C:\windows\system32\ntdll.dll 2013-09-11 09:37 - 2013-08-02 04:15 - 00362496 _____ (Microsoft Corporation) C:\windows\system32\wow64win.dll 2013-09-11 09:37 - 2013-08-02 04:15 - 00243712 _____ (Microsoft Corporation) C:\windows\system32\wow64.dll 2013-09-11 09:37 - 2013-08-02 04:15 - 00013312 _____ (Microsoft Corporation) C:\windows\system32\wow64cpu.dll 2013-09-11 09:37 - 2013-08-02 04:14 - 00215040 _____ (Microsoft Corporation) C:\windows\system32\winsrv.dll 2013-09-11 09:37 - 2013-08-02 04:14 - 00016384 _____ (Microsoft Corporation) C:\windows\system32\ntvdm64.dll 2013-09-11 09:37 - 2013-08-02 04:13 - 01161216 _____ (Microsoft Corporation) C:\windows\system32\kernel32.dll 2013-09-11 09:37 - 2013-08-02 04:13 - 00424448 _____ (Microsoft Corporation) C:\windows\system32\KernelBase.dll 2013-09-11 09:37 - 2013-08-02 04:12 - 00043520 _____ (Microsoft Corporation) C:\windows\system32\csrsrv.dll 2013-09-11 09:37 - 2013-08-02 04:12 - 00006656 _____ (Microsoft Corporation) C:\windows\system32\apisetschema.dll 2013-09-11 09:37 - 2013-08-02 04:12 - 00006144 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-security-base-l1-1-0.dll 2013-09-11 09:37 - 2013-08-02 04:12 - 00005120 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-file-l1-1-0.dll 2013-09-11 09:37 - 2013-08-02 04:12 - 00004608 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-threadpool-l1-1-0.dll 2013-09-11 09:37 - 2013-08-02 04:12 - 00004608 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-processthreads-l1-1-0.dll 2013-09-11 09:37 - 2013-08-02 04:12 - 00004096 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll 2013-09-11 09:37 - 2013-08-02 04:12 - 00004096 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-synch-l1-1-0.dll 2013-09-11 09:37 - 2013-08-02 04:12 - 00004096 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-localregistry-l1-1-0.dll 2013-09-11 09:37 - 2013-08-02 04:12 - 00004096 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-localization-l1-1-0.dll 2013-09-11 09:37 - 2013-08-02 04:12 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll 2013-09-11 09:37 - 2013-08-02 04:12 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll 2013-09-11 09:37 - 2013-08-02 04:12 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll 2013-09-11 09:37 - 2013-08-02 04:12 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-misc-l1-1-0.dll 2013-09-11 09:37 - 2013-08-02 04:12 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-memory-l1-1-0.dll 2013-09-11 09:37 - 2013-08-02 04:12 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll 2013-09-11 09:37 - 2013-08-02 04:12 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-heap-l1-1-0.dll 2013-09-11 09:37 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-xstate-l1-1-0.dll 2013-09-11 09:37 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-util-l1-1-0.dll 2013-09-11 09:37 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-string-l1-1-0.dll 2013-09-11 09:37 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-profile-l1-1-0.dll 2013-09-11 09:37 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-io-l1-1-0.dll 2013-09-11 09:37 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-interlocked-l1-1-0.dll 2013-09-11 09:37 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-handle-l1-1-0.dll 2013-09-11 09:37 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-fibers-l1-1-0.dll 2013-09-11 09:37 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll 2013-09-11 09:37 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-delayload-l1-1-0.dll 2013-09-11 09:37 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-debug-l1-1-0.dll 2013-09-11 09:37 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-datetime-l1-1-0.dll 2013-09-11 09:37 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-console-l1-1-0.dll 2013-09-11 09:37 - 2013-08-02 03:59 - 03968960 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntkrnlpa.exe 2013-09-11 09:37 - 2013-08-02 03:59 - 03913664 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntoskrnl.exe 2013-09-11 09:37 - 2013-08-02 03:51 - 01292192 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntdll.dll 2013-09-11 09:37 - 2013-08-02 03:50 - 01114112 _____ (Microsoft Corporation) C:\windows\SysWOW64\kernel32.dll 2013-09-11 09:37 - 2013-08-02 03:50 - 00274944 _____ (Microsoft Corporation) C:\windows\SysWOW64\KernelBase.dll 2013-09-11 09:37 - 2013-08-02 03:50 - 00005120 _____ (Microsoft Corporation) C:\windows\SysWOW64\wow32.dll 2013-09-11 09:37 - 2013-08-02 03:48 - 00006656 _____ (Microsoft Corporation) C:\windows\SysWOW64\apisetschema.dll 2013-09-11 09:37 - 2013-08-02 03:48 - 00005120 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll 2013-09-11 09:37 - 2013-08-02 03:48 - 00004608 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll 2013-09-11 09:37 - 2013-08-02 03:48 - 00004096 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll 2013-09-11 09:37 - 2013-08-02 03:48 - 00004096 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll 2013-09-11 09:37 - 2013-08-02 03:48 - 00004096 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll 2013-09-11 09:37 - 2013-08-02 03:48 - 00004096 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll 2013-09-11 09:37 - 2013-08-02 03:48 - 00004096 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll 2013-09-11 09:37 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll 2013-09-11 09:37 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll 2013-09-11 09:37 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll 2013-09-11 09:37 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll 2013-09-11 09:37 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll 2013-09-11 09:37 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll 2013-09-11 09:37 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll 2013-09-11 09:37 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll 2013-09-11 09:37 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll 2013-09-11 09:37 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll 2013-09-11 09:37 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll 2013-09-11 09:37 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll 2013-09-11 09:37 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll 2013-09-11 09:37 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll 2013-09-11 09:37 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll 2013-09-11 09:37 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll 2013-09-11 09:37 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll 2013-09-11 09:37 - 2013-08-02 03:09 - 00338432 _____ (Microsoft Corporation) C:\windows\system32\conhost.exe 2013-09-11 09:37 - 2013-08-02 02:59 - 00112640 _____ (Microsoft Corporation) C:\windows\system32\smss.exe 2013-09-11 09:37 - 2013-08-02 02:45 - 00025600 _____ (Microsoft Corporation) C:\windows\SysWOW64\setup16.exe 2013-09-11 09:37 - 2013-08-02 02:45 - 00014336 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntvdm64.dll 2013-09-11 09:37 - 2013-08-02 02:45 - 00007680 _____ (Microsoft Corporation) C:\windows\SysWOW64\instnm.exe 2013-09-11 09:37 - 2013-08-02 02:45 - 00002048 _____ (Microsoft Corporation) C:\windows\SysWOW64\user.exe 2013-09-11 09:37 - 2013-08-02 02:43 - 00006144 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll 2013-09-11 09:37 - 2013-08-02 02:43 - 00004608 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll 2013-09-11 09:37 - 2013-08-02 02:43 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll 2013-09-11 09:37 - 2013-08-02 02:43 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll 2013-09-11 09:37 - 2013-07-26 04:24 - 14172672 _____ (Microsoft Corporation) C:\windows\system32\shell32.dll 2013-09-11 09:37 - 2013-07-26 04:24 - 00197120 _____ (Microsoft Corporation) C:\windows\system32\shdocvw.dll 2013-09-11 09:37 - 2013-07-26 03:55 - 12872704 _____ (Microsoft Corporation) C:\windows\SysWOW64\shell32.dll 2013-09-11 09:37 - 2013-07-26 03:55 - 00180224 _____ (Microsoft Corporation) C:\windows\SysWOW64\shdocvw.dll 2013-09-11 09:20 - 2013-09-12 00:12 - 97181529 _____ C:\windows\SysWOW64\䌾懚X 2013-09-10 23:54 - 2013-09-29 19:53 - 00000000 ____D C:\ProgramData\Avira 2013-09-10 23:51 - 2013-09-10 23:51 - 02092792 _____ C:\Users\Michael Schoenball\Downloads\avira_free_4052_antivirus.exe 2013-09-04 11:59 - 2013-09-04 11:59 - 00019212 _____ C:\Users\Michael Schoenball\Documents\Trinksprüche.odt ==================== One Month Modified Files and Folders ======= 2013-10-02 07:58 - 2013-10-02 07:58 - 00001050 _____ C:\Users\Michael Schoenball\Desktop\checkup.txt 2013-10-02 07:56 - 2011-10-22 22:33 - 01659949 _____ C:\windows\WindowsUpdate.log 2013-10-02 07:55 - 2013-10-02 07:55 - 00891144 _____ C:\Users\Michael Schoenball\Desktop\SecurityCheck.exe 2013-10-02 07:49 - 2013-02-14 20:59 - 00000884 _____ C:\windows\Tasks\Adobe Flash Player Updater.job 2013-10-01 23:49 - 2011-10-23 01:23 - 10972496 _____ C:\windows\system32\perfh007.dat 2013-10-01 23:49 - 2011-10-23 01:23 - 03467146 _____ C:\windows\system32\perfc007.dat 2013-10-01 23:49 - 2009-07-14 07:13 - 00006756 _____ C:\windows\system32\PerfStringBackup.INI 2013-10-01 23:46 - 2013-10-01 23:46 - 02347384 _____ (ESET) C:\Users\Michael Schoenball\Downloads\esetsmartinstaller_enu.exe 2013-10-01 23:42 - 2012-06-10 19:28 - 00000000 ____D C:\Users\Michael Schoenball\Documents\Theologische Texte Impulse 2013-10-01 10:40 - 2009-07-14 06:45 - 00020720 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2013-10-01 10:40 - 2009-07-14 06:45 - 00020720 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2013-10-01 10:32 - 2012-02-28 16:29 - 00000000 ___RD C:\Users\Michael Schoenball\Dropbox 2013-10-01 10:32 - 2012-02-28 16:26 - 00000000 ____D C:\Users\Michael Schoenball\AppData\Roaming\Dropbox 2013-10-01 10:31 - 2011-10-28 11:41 - 00000000 ____D C:\Users\Michael Schoenball\AppData\Local\SoftThinks 2013-10-01 10:31 - 2011-10-22 23:53 - 00000000 ____D C:\Program Files (x86)\Dell DataSafe Local Backup 2013-10-01 10:30 - 2009-07-14 07:08 - 00000006 ____H C:\windows\Tasks\SA.DAT 2013-10-01 10:30 - 2009-07-14 06:51 - 00092254 _____ C:\windows\setupact.log 2013-09-30 20:43 - 2013-09-30 20:43 - 01030305 _____ (Thisisu) C:\Users\Michael Schoenball\Desktop\JRT.exe 2013-09-30 20:35 - 2013-09-15 15:24 - 00000000 ____D C:\AdwCleaner 2013-09-30 20:30 - 2010-11-21 05:47 - 00391790 _____ C:\windows\PFRO.log 2013-09-30 20:29 - 2013-09-30 20:29 - 00000000 __SHD C:\found.000 2013-09-30 20:15 - 2013-09-30 20:15 - 00001111 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk 2013-09-30 20:15 - 2013-09-30 20:15 - 00000000 ____D C:\Users\Michael Schoenball\AppData\Roaming\Malwarebytes 2013-09-30 20:15 - 2013-09-30 20:15 - 00000000 ____D C:\ProgramData\Malwarebytes 2013-09-30 20:15 - 2013-09-30 20:15 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware 2013-09-30 20:15 - 2013-09-30 20:14 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\Michael Schoenball\Downloads\mbam-setup-1.75.0.1300.exe 2013-09-30 20:12 - 2009-07-14 05:20 - 00000000 ____D C:\windows\system32\NDF 2013-09-30 12:35 - 2011-12-23 22:59 - 00000000 ____D C:\windows\System32\Tasks\Games 2013-09-30 12:35 - 2009-07-14 05:20 - 00000000 ____D C:\windows\rescache 2013-09-30 12:04 - 2013-06-03 23:22 - 00003440 _____ C:\windows\System32\Tasks\PCDEventLauncherTask 2013-09-30 11:57 - 2013-09-23 14:39 - 00001051 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk 2013-09-30 11:57 - 2011-10-28 11:45 - 00001023 _____ C:\Users\Michael Schoenball\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk 2013-09-30 11:56 - 2013-09-30 11:56 - 01042066 _____ C:\Users\Michael Schoenball\Desktop\adwcleaner_3.0.0.5.exe 2013-09-30 11:33 - 2013-09-29 19:46 - 00000000 ____D C:\Program Files (x86)\BonanzaDeals 2013-09-30 11:24 - 2013-07-20 12:26 - 00000000 ____D C:\windows\8AE3CFB678B24F55A7BE618FCFF43A03.TMP 2013-09-30 10:19 - 2013-09-30 10:19 - 00030022 _____ C:\ComboFix.txt 2013-09-30 10:19 - 2013-09-30 10:07 - 00000000 ____D C:\Qoobox 2013-09-30 10:19 - 2009-07-14 05:20 - 00000000 __RHD C:\Users\Default 2013-09-30 10:17 - 2013-09-30 10:07 - 00000000 ____D C:\windows\erdnt 2013-09-30 10:16 - 2009-07-14 04:34 - 00000215 _____ C:\windows\system.ini 2013-09-30 10:06 - 2013-09-30 10:06 - 00009719 _____ C:\Users\Michael Schoenball\Desktop\ESTAScan druckvorlage.odt 2013-09-30 10:00 - 2013-09-30 10:00 - 05131234 ____R (Swearware) C:\Users\Michael Schoenball\Desktop\ComboFix.exe 2013-09-30 09:58 - 2013-09-29 20:57 - 00000095 _____ C:\Users\Michael Schoenball\AppData\Roaming\WB.CFG 2013-09-30 09:58 - 2013-09-29 20:57 - 00000005 _____ C:\Users\Michael Schoenball\AppData\Roaming\WBPU-TTL.DAT 2013-09-29 20:07 - 2013-09-29 20:06 - 00053591 _____ C:\Users\Michael Schoenball\Downloads\FRST.txt 2013-09-29 20:02 - 2013-09-29 20:02 - 01953880 _____ (Farbar) C:\Users\Michael Schoenball\Desktop\FRST64.exe 2013-09-29 19:53 - 2013-09-10 23:54 - 00000000 ____D C:\ProgramData\Avira 2013-09-29 19:46 - 2013-09-29 19:46 - 00749248 _____ C:\Users\Michael Schoenball\Downloads\ZipExtractorSetup.exe 2013-09-29 19:43 - 2013-09-29 19:24 - 00060510 _____ C:\Users\Michael Schoenball\Downloads\Extras.Txt 2013-09-29 19:23 - 2013-09-29 19:23 - 00112384 _____ C:\Users\Michael Schoenball\Downloads\OTL.Txt 2013-09-29 18:41 - 2013-09-29 18:41 - 00602112 _____ (OldTimer Tools) C:\Users\Michael Schoenball\Downloads\OTL.exe 2013-09-28 18:29 - 2013-09-28 18:29 - 00000000 ____D C:\Users\Michael Schoenball\AppData\Roaming\Windows Live Writer 2013-09-28 18:29 - 2013-09-28 18:29 - 00000000 ____D C:\Users\Michael Schoenball\AppData\Local\Windows Live Writer 2013-09-28 18:23 - 2011-10-28 11:41 - 00068552 _____ C:\Users\Michael Schoenball\AppData\Local\GDIPFONTCACHEV1.DAT 2013-09-28 18:22 - 2009-07-14 06:45 - 00303664 _____ C:\windows\system32\FNTCACHE.DAT 2013-09-28 00:39 - 2011-11-10 01:42 - 00000000 ____D C:\Users\Michael Schoenball\AppData\Roaming\SoftGrid Client 2013-09-27 20:20 - 2013-09-27 20:20 - 00001116 _____ C:\Users\Public\Desktop\OpenOffice 4.0.1.lnk 2013-09-27 20:20 - 2013-09-27 20:20 - 00000000 ____D C:\Users\Michael Schoenball\AppData\Roaming\OpenOffice 2013-09-27 20:19 - 2013-09-27 20:19 - 00000000 ____D C:\Program Files (x86)\OpenOffice 4 2013-09-27 20:18 - 2009-07-14 05:20 - 00000000 ____D C:\Program Files\Common Files\Microsoft Shared 2013-09-27 20:13 - 2013-09-27 20:10 - 163606685 _____ C:\Users\Michael Schoenball\Downloads\Apache_OpenOffice_4.0.1_Win_x86_install_de.exe 2013-09-27 13:22 - 2013-09-27 11:40 - 00000000 ____D C:\Users\Michael Schoenball\Desktop\Lieder 30 WFD 2013-09-26 09:57 - 2013-09-26 09:56 - 00000000 ____D C:\Users\Michael Schoenball\Downloads\Marie Kees fotos 2013-09-26 09:32 - 2013-09-26 09:32 - 02650026 _____ C:\Users\Michael Schoenball\Downloads\awfotos30jahrewfd.zip 2013-09-26 09:29 - 2013-09-26 09:29 - 00010460 _____ C:\Users\Michael Schoenball\Downloads\rooming list academic orchestra 2013.xlsx 2013-09-23 14:39 - 2013-09-19 12:38 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox 2013-09-21 12:11 - 2013-06-03 23:22 - 00000000 ____D C:\Program Files\My Dell 2013-09-21 12:11 - 2012-03-06 16:00 - 00000000 ____D C:\ProgramData\PCDr 2013-09-20 11:28 - 2013-02-14 20:59 - 00692616 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerApp.exe 2013-09-20 11:28 - 2013-02-14 20:59 - 00071048 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl 2013-09-20 11:28 - 2013-02-14 20:59 - 00003822 _____ C:\windows\System32\Tasks\Adobe Flash Player Updater 2013-09-19 22:09 - 2013-09-27 11:26 - 16999796 ____C C:\Users\Michael Schoenball\Downloads\jens_kober1 - Kopie.jpg.tif 2013-09-19 22:09 - 2013-09-19 22:07 - 16999796 _____ C:\Users\Michael Schoenball\Downloads\jens_kober1.tif 2013-09-19 13:39 - 2011-10-28 16:49 - 00000000 ____D C:\Users\Michael Schoenball\AppData\Local\Mozilla 2013-09-17 15:08 - 2013-09-17 15:06 - 05216044 _____ C:\Users\Michael Schoenball\Downloads\cusanus2.wav 2013-09-16 13:05 - 2013-09-16 13:05 - 00007898 _____ C:\Users\Michael Schoenball\Downloads\Raster Bühnenprogramm.odt 2013-09-16 01:22 - 2012-09-26 22:29 - 00000000 ____D C:\Users\Michael Schoenball\Documents\Noten 2013-09-16 01:20 - 2013-04-19 16:51 - 00000000 ____D C:\Users\Michael Schoenball\Documents\Cusanuswerk 2013-09-16 01:19 - 2013-09-16 01:18 - 00000000 ____D C:\Users\Michael Schoenball\Documents\Initiativen, Kampagnen 2013-09-15 21:39 - 2013-09-15 21:39 - 97671483 _____ C:\windows\SysWOW64\Ꮆ㶊 2013-09-15 15:40 - 2013-09-15 15:40 - 00000000 ____D C:\FRST 2013-09-15 15:30 - 2013-09-15 15:30 - 00000000 ____D C:\windows\ERUNT 2013-09-14 10:11 - 2013-02-14 20:59 - 00002592 _____ C:\windows\SysWOW64\InstallUtil.InstallLog 2013-09-14 09:59 - 2011-10-28 11:45 - 00000000 ___RD C:\Users\Michael Schoenball\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup 2013-09-14 09:59 - 2011-10-28 11:45 - 00000000 ___RD C:\Users\Michael Schoenball\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools 2013-09-14 01:52 - 2013-09-14 01:52 - 00000000 ____D C:\Users\Michael Schoenball\AppData\Local\Google 2013-09-14 01:50 - 2013-09-14 01:50 - 00000000 ____D C:\Program Files (x86)\1clickmoviedownloader.com 2013-09-12 09:36 - 2011-11-10 01:41 - 00000000 ____D C:\Program Files (x86)\Microsoft Application Virtualization Client 2013-09-12 00:12 - 2013-09-11 09:20 - 97181529 _____ C:\windows\SysWOW64\䌾懚X 2013-09-10 23:51 - 2013-09-10 23:51 - 02092792 _____ C:\Users\Michael Schoenball\Downloads\avira_free_4052_antivirus.exe 2013-09-04 16:15 - 2012-11-05 00:12 - 00000000 ____D C:\Users\Michael Schoenball\Documents\Collegium musicum 2013-09-04 11:59 - 2013-09-04 11:59 - 00019212 _____ C:\Users\Michael Schoenball\Documents\Trinksprüche.odt Some content of TEMP: ==================== C:\Users\Michael Schoenball\AppData\Local\Temp\Quarantine.exe C:\Users\Michael Schoenball\AppData\Local\Temp\uninst1.exe ==================== Bamital & volsnap Check ================= C:\Windows\System32\winlogon.exe => MD5 is legit C:\Windows\System32\wininit.exe => MD5 is legit C:\Windows\SysWOW64\wininit.exe => MD5 is legit C:\Windows\explorer.exe => MD5 is legit C:\Windows\SysWOW64\explorer.exe => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\SysWOW64\svchost.exe => MD5 is legit C:\Windows\System32\services.exe => MD5 is legit C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\SysWOW64\User32.dll => MD5 is legit C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\SysWOW64\userinit.exe => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit LastRegBack: 2013-10-01 15:23 ==================== End Of Log ============================ Bis bald micha |
02.10.2013, 19:29 | #10 |
/// the machine /// TB-Ausbilder | Windows7: Infektion mit Ihavenet Java updaten. Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster. Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument Code:
ATTFilter S3 esgiguard; \??\C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [x] 2013-09-29 19:46 - 2013-09-30 11:33 - 00000000 ____D C:\Program Files (x86)\BonanzaDeals 2013-09-29 19:46 - 2013-09-29 19:46 - 00749248 _____ C:\Users\Michael Schoenball\Downloads\ZipExtractorSetup.exe C:\Program Files\Enigma Software Group Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
Fertig Die Reihenfolge ist hier entscheidend.
Hier noch ein paar Tipps zur Absicherung deines Systems. Ich kann garnicht zu oft erwähnen, wie wichtig es ist, dass dein System Up to Date ist.
Anti- Viren Software
Zusätzlicher Schutz
Sicheres Browsen
Alternative Browser Andere Browser tendieren zu etwas mehr Sicherheit als der IE, da diese keine Active X Elemente verwenden. Diese können von Spyware zur Infektion deines Systems missbraucht werden.
Performance Bereinige regelmäßig deine Temp Files. Ich empfehle hierzu TFC Halte dich fern von jedlichen Registry Cleanern. Diese Schaden deinem System mehr als sie helfen. Hier ein paar ( englishe ) Links Miekemoes Blogspot ( MVP ) Bill Castner ( MVP ) Don'ts
Hinweis: Bitte gib mir eine kurze Rückmeldung wenn alles erledigt ist und keine Fragen mehr vorhanden sind, so das ich diesen Thread aus meinen Abos löschen kann.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
03.10.2013, 20:10 | #11 |
| Windows7: Infektion mit Ihavenet Hallo Schrauber, hat alles ohne Probleme funktioniert. Danke! Dann hier noch der Lesestoff: Code:
ATTFilter Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 02-10-2013 Ran by Michael Schoenball at 2013-10-03 21:04:30 Run:1 Running from C:\Users\Michael Schoenball\Desktop Boot Mode: Normal ============================================== Content of fixlist: ***************** S3 esgiguard; \??\C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [x] 2013-09-29 19:46 - 2013-09-30 11:33 - 00000000 ____D C:\Program Files (x86)\BonanzaDeals 2013-09-29 19:46 - 2013-09-29 19:46 - 00749248 _____ C:\Users\Michael Schoenball\Downloads\ZipExtractorSetup.exe C:\Program Files\Enigma Software Group ***************** esgiguard => Service not found. "C:\Program Files (x86)\BonanzaDeals" => File/Directory not found. "C:\Users\Michael Schoenball\Downloads\ZipExtractorSetup.exe" => File/Directory not found. "C:\Program Files\Enigma Software Group" => File/Directory not found. ==== End of Fixlog ==== Welches Antivirenprogramm würdest du denn empfehlen? Ich habe schon gehört, Avira soll nicht so toll sein.... herzliche Grüße micha |
04.10.2013, 02:13 | #12 |
/// the machine /// TB-Ausbilder | Windows7: Infektion mit Ihavenet Ich empfehle immer Emsisoft Gern Geschehen
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
04.10.2013, 17:26 | #13 |
| Windows7: Infektion mit Ihavenet Vielen vielen Dank! |
Themen zu Windows7: Infektion mit Ihavenet |
.com, adware.installbrain, adware.whilokii, checkliste, computer, einfach, forum, hängen, hängt, internet explorer, langsamer, laptop, pup.optional.iminent.a, pup.optional.qvo6.a, pup.optionalbundleinstaller.a, suchergebnisse, suchmaschine, umgeleitet, win32/adware.yontoo.b, win32/kryptik.bkjd, windows, wirklich |