|
Log-Analyse und Auswertung: Win 7 Lollipop Trojaner aktiv - Webseiten werden auf Werbung umgeleitetWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
18.12.2013, 08:46 | #1 |
| Win 7 Lollipop Trojaner aktiv - Webseiten werden auf Werbung umgeleitet Hallo, leider habe ich mir den Trojaner Lollipop eigefangen. Dies bemerkte ich das erste Mal als sich beim Anklicken von Links weitere Fenster öffneten (es öffneten sich beispielsweise Seiten von SpyHunter4 oder andere Seiten von "yoursoftsite.com"). Eine weitere Veränderung ist, dass einzelne Begriffe auf vielen Webseiten mit grün verlinkt sind. Wenn ich diese Begriffe anklicke, werde ich Seiten von "yoursoftsite.com" umgeleitet. Der Prozess "lollipop.exe" tauchte in meinem Taskmanager auf. Diesen habe ich über msconfig ausgeschaltet (war im Systemstart). Nach einem Neustart hat sich "lollipop.exe" nicht mehr neu gestartet, aber das Problem ist nach wie vor wie oben beschrieben. System: Win 7 Ultimate Ich bitte um eure Unterstützung. Liebe Grüße Bene Code:
ATTFilter defogger_disable by jpshortstuff (23.02.10.1) Log created at 07:20 on 18/12/2013 **** Checking for autostart values... HKCU\~\Run values retrieved. HKLM\~\Run values retrieved. Checking for services/drivers... SPTD -> Disabled (Service running -> reboot required) -=E.O.F=- Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 17-12-2013 02 Ran by **** (administrator) on ****-PC on 18-12-2013 07:30:00 Running from C:\Users\****\Desktop\Virus Windows 7 Ultimate Service Pack 1 (X64) OS Language: German Standard Internet Explorer Version 11 Boot Mode: Normal ==================== Processes (Whitelisted) ================= (Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe (AMD) C:\Windows\System32\atiesrxx.exe (AMD) C:\Windows\System32\atieclxx.exe (Microsoft Corporation) C:\Windows\System32\wisptis.exe (Microsoft Corporation) C:\Windows\System32\wisptis.exe (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe (Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (DeviceVM, Inc.) C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCU.exe (DeviceVM, Inc.) C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCUService.exe (NEC Electronics Corporation) C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (RealNetworks, Inc.) C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe (Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe (Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe () C:\Windows\SysWOW64\XSrvSetup.exe (SMART Technologies) C:\Program Files (x86)\SMART Technologies\Education Software\SMARTHelperService.exe (WDC) C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe () C:\Program Files (x86)\Western Digital\WD Smartware\Front Parlor\WDFME\WDFME.exe () C:\Program Files (x86)\Western Digital\WD Smartware\Front Parlor\WDSC.exe (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE (ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe (Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe (Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_9_900_170.exe (Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_9_900_170.exe (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\ink\InputPersonalization.exe (Microsoft Corporation) C:\Program Files\Microsoft Security Client\MpCmdRun.exe ==================== Registry (Whitelisted) ================== HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [8306208 2009-10-21] (Realtek Semiconductor) HKLM\...\Run: [MSC] - C:\Program Files\Microsoft Security Client\msseces.exe [1266912 2013-10-23] (Microsoft Corporation) HKCU\...\Run: [GoogleDriveSync] - C:\Program Files (x86)\Google\Drive\googledrivesync.exe [20203904 2013-12-06] (Google) MountPoints2: {86906f86-6c32-11e0-814c-6cf0490ead50} - H:\LaunchU3.exe -a MountPoints2: {db691e74-48c0-11df-9575-806e6f6e6963} - E:\autostart.exe HKLM-x32\...\Run: [BCU] - C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCU.exe [346320 2009-08-04] (DeviceVM, Inc.) HKLM-x32\...\Run: [JMB36X IDE Setup] - C:\Windows\RaidTool\xInsIDE.exe [36864 2007-03-20] () HKLM-x32\...\Run: [NUSB3MON] - C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe [106496 2009-09-25] (NEC Electronics Corporation) HKLM-x32\...\Run: [StartCCC] - C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [98304 2010-02-02] (Advanced Micro Devices, Inc.) HKLM-x32\...\Run: [ATICustomerCare] - C:\Program Files (x86)\ATI\ATICustomerCare\ATICustomerCare.exe [307200 2009-06-14] (Advanced Micro Devices, Inc.) HKLM-x32\...\Run: [AVG_UI] - C:\Program Files (x86)\AVG\AVG2013\avgui.exe [3143800 2012-11-06] (AVG Technologies CZ, s.r.o.) HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated) HKLM-x32\...\Run: [TkBellExe] - C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe [273544 2011-02-09] (RealNetworks, Inc.) HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation) Startup: C:\Users\****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Firefox.lnk ShortcutTarget: Firefox.lnk -> C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) ==================== Internet (Whitelisted) ==================== HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/ HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xEFDC2069B5E3CA01 HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de URLSearchHook: HKCU - SearchHook Class - {BC86E1AB-EDA5-4059-938F-CE307B0C6F0A} - C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\AddressBarSearch.dll (DeviceVM, Inc.) SearchScopes: HKLM - DefaultScope value is missing. SearchScopes: HKCU - DefaultScope {1ED84690-DA20-4bab-9546-D050FFB40251} URL = hxxp://de.search.yahoo.com/search?p={searchTerms}&fr=chr-devicevm&type=IEBD SearchScopes: HKCU - {09FC4750-61E6-4F45-9B4F-75C3678F7BB0} URL = hxxp://dict.leo.org/ende?lp=ende&lang=de&searchLoc=0&cmpType=relaxed§Hdr=on&spellToler=on&chinese=both&pinyin=diacritic&search={searchTerms}&relink=on SearchScopes: HKCU - {0B12F864-C38E-4FF3-BD58-E0AA40C69335} URL = hxxp://www.amazon.de/gp/search?search-alias=aps&field-keywords={searchTerms} SearchScopes: HKCU - {1ED84690-DA20-4bab-9546-D050FFB40251} URL = hxxp://de.search.yahoo.com/search?p={searchTerms}&fr=chr-devicevm&type=IEBD SearchScopes: HKCU - {895B8F27-7D21-42EB-8CC2-C4A35E196BE1} URL = hxxp://de.wikipedia.org/wiki/Spezial:Search?search={searchTerms} SearchScopes: HKCU - {E0C19C7C-D92A-403D-BE2B-E4A22BBF8E3B} URL = hxxp://rover.ebay.com/rover/1/707-37276-23097-0/4?satitle={searchTerms} BHO: SMART Notebook Download Utility - {67BCF957-85FC-4036-8DC4-D4D80E00A77B} - C:\Program Files (x86)\SMART Technologies\Education Software\Win64\NotebookPlugin.dll (SMART Technologies ULC.) BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) BHO-x32: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer) BHO-x32: SMART Notebook Download Utility - {67BCF957-85FC-4036-8DC4-D4D80E00A77B} - C:\Program Files (x86)\SMART Technologies\Education Software\Win32\NotebookPlugin.dll (SMART Technologies ULC.) BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO-x32: Windows Live ID-Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) BHO-x32: Re-markit - {b2ada999-eb19-4a3b-b005-7ff786bd2887} - C:\Program Files (x86)\Re-markit\136.dll () BHO-x32: QUICKfind BHO Object - {C08DF07A-3E49-4E25-9AB0-D3882835F153} - C:\Program Files (x86)\IDM\QUICKfind\PlugIns\IEHelp.dll (IDM) BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) DPF: HKLM-x32 {0D6709DD-4ED8-40CA-B459-2757AEEF7BEE} hxxp://download.gigabyte.com.tw/object/Dldrv.ocx Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - No File Handler-x32: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - No File Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies) Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 FireFox: ======== FF ProfilePath: C:\Users\****\AppData\Roaming\Mozilla\Firefox\Profiles\ylcxm0ry.default FF user.js: detected! => C:\Users\****\AppData\Roaming\Mozilla\Firefox\Profiles\ylcxm0ry.default\user.js FF Homepage: hxxp://www.google.de/ig FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_9_900_170.dll () FF Plugin: @microsoft.com/GENUINE - disabled No File FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_170.dll () FF Plugin-x32: @adobe.com/ShockwavePlayer - C:\Windows\system32\Adobe\Director\np32dsw.dll No File FF Plugin-x32: @canon.com/MycameraPlugin - C:\Program Files (x86)\Canon\MyCamera Download Plugin\NPCIG.dll (CANON INC.) FF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google) FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 - C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.) FF Plugin-x32: @java.com/DTPlugin,version=10.45.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=10.45.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin-x32: @microsoft.com/GENUINE - disabled No File FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin-x32: @pages.tvunetworks.com/WebPlayer - C:\Program Files (x86)\TVUPlayer\npTVUAx.dll (TVU networks) FF Plugin-x32: @real.com/nppl3260;version=12.0.1.633 - C:\Program Files (x86)\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.) FF Plugin-x32: @real.com/nprjplug;version=12.0.1.633 - C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.) FF Plugin-x32: @real.com/nprphtml5videoshim;version=12.0.1.633 - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.) FF Plugin-x32: @real.com/nprpjplug;version=12.0.1.633 - C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: @veetle.com/vbp;version=0.9.17 - C:\Program Files (x86)\Veetle\VLCBroadcast\npvbp.dll (Veetle Inc) FF Plugin-x32: @veetle.com/veetleCorePlugin,version=0.9.18 - C:\Program Files (x86)\Veetle\plugins\npVeetle.dll (Veetle Inc) FF Plugin-x32: @veetle.com/veetlePlayerPlugin,version=0.9.18 - C:\Program Files (x86)\Veetle\Player\npvlc.dll (Veetle Inc) FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF Plugin HKCU: @Skype Limited.com/Facebook Video Calling Plugin - C:\Users\****\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited) FF SearchPlugin: C:\Users\****\AppData\Roaming\Mozilla\Firefox\Profiles\ylcxm0ry.default\searchplugins\comunio.xml FF SearchPlugin: C:\Users\****\AppData\Roaming\Mozilla\Firefox\Profiles\ylcxm0ry.default\searchplugins\geizhalsat.xml FF SearchPlugin: C:\Users\****\AppData\Roaming\Mozilla\Firefox\Profiles\ylcxm0ry.default\searchplugins\idealode.xml FF SearchPlugin: C:\Users\****\AppData\Roaming\Mozilla\Firefox\Profiles\ylcxm0ry.default\searchplugins\imdb.xml FF SearchPlugin: C:\Users\****\AppData\Roaming\Mozilla\Firefox\Profiles\ylcxm0ry.default\searchplugins\the-free-dictionary.xml FF SearchPlugin: C:\Users\****\AppData\Roaming\Mozilla\Firefox\Profiles\ylcxm0ry.default\searchplugins\torrentday.xml FF SearchPlugin: C:\Users\****\AppData\Roaming\Mozilla\Firefox\Profiles\ylcxm0ry.default\searchplugins\youtube.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml FF Extension: TVU Web Player - C:\Users\****\AppData\Roaming\Mozilla\Firefox\Profiles\ylcxm0ry.default\Extensions\firefox@tvunetworks.com FF Extension: DownloadHelper - C:\Users\****\AppData\Roaming\Mozilla\Firefox\Profiles\ylcxm0ry.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} FF Extension: FoxyDeal - C:\Users\****\AppData\Roaming\Mozilla\Firefox\Profiles\ylcxm0ry.default\Extensions\{F58A62EB-38DC-43C4-A539-DC52E135208D} FF Extension: add-to-searchbox - C:\Users\****\AppData\Roaming\Mozilla\Firefox\Profiles\ylcxm0ry.default\Extensions\add-to-searchbox@maltekraus.de.xpi FF Extension: firegestures - C:\Users\****\AppData\Roaming\Mozilla\Firefox\Profiles\ylcxm0ry.default\Extensions\firegestures@xuldev.org.xpi FF Extension: jid0-DY3JlbKAAeLydLoHa0dLJn4735o - C:\Users\****\AppData\Roaming\Mozilla\Firefox\Profiles\ylcxm0ry.default\Extensions\jid0-DY3JlbKAAeLydLoHa0dLJn4735o@jetpack.xpi FF Extension: smarterwiki - C:\Users\****\AppData\Roaming\Mozilla\Firefox\Profiles\ylcxm0ry.default\Extensions\smarterwiki@wikiatic.com.xpi FF Extension: googtrans - C:\Users\****\AppData\Roaming\Mozilla\Firefox\Profiles\ylcxm0ry.default\Extensions\{aff87fa2-a58e-4edd-b852-0a20203c1e17}.xpi FF Extension: rightlinks_prefs - C:\Users\****\AppData\Roaming\Mozilla\Firefox\Profiles\ylcxm0ry.default\Extensions\{B5F5E8D3-AE31-49A1-AC42-78B7B1CC5CDC}.xpi FF Extension: prefs - C:\Users\****\AppData\Roaming\Mozilla\Firefox\Profiles\ylcxm0ry.default\Extensions\{c0c9a2c7-2e5c-4447-bc53-97718bc91e1b}.xpi FF Extension: Adblock Plus - C:\Users\****\AppData\Roaming\Mozilla\Firefox\Profiles\ylcxm0ry.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi FF Extension: dta - C:\Users\****\AppData\Roaming\Mozilla\Firefox\Profiles\ylcxm0ry.default\Extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}.xpi FF Extension: greasemonkey - C:\Users\****\AppData\Roaming\Mozilla\Firefox\Profiles\ylcxm0ry.default\Extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}.xpi FF Extension: FoxTab - C:\Users\****\AppData\Roaming\Mozilla\Firefox\Profiles\ylcxm0ry.default\Extensions\{ef4e370e-d9f0-4e00-b93e-a4f274cfdd5a}.xpi FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0034-ABCDEFFEDCBA} FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} FF HKLM-x32\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext FF Extension: RealPlayer Browser Record Plugin - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext FF HKLM-x32\...\Firefox\Extensions: [{1E73965B-8B48-48be-9C8D-68B920ABC1C4}] - C:\Program Files (x86)\AVG\AVG2012\Firefox4\ FF HKLM-x32\...\Firefox\Extensions: [{F53C93F1-07D5-430c-86D4-C9531B27DFAF}] - C:\Program Files (x86)\AVG\AVG2012\Firefox\DoNotTrack\ FF HKLM-x32\...\Thunderbird\Extensions: [avgthb@avg.com] - C:\Program Files (x86)\AVG\AVG2012\Thunderbird\ FF HKCU\...\Firefox\Extensions: [{cc6a68a2-5499-46aa-a76d-6f366657e154}] - C:\Program Files (x86)\Re-markit\136.xpi FF Extension: No Name - C:\Program Files (x86)\Re-markit\136.xpi ==================== Services (Whitelisted) ================= S2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe [5814392 2012-11-06] (AVG Technologies CZ, s.r.o.) S2 avgwd; C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe [196664 2012-10-22] (AVG Technologies CZ, s.r.o.) R2 JMB36X; C:\Windows\SysWOW64\XSrvSetup.exe [65536 2009-08-06] () R2 MsMpSvc; C:\Program Files\Microsoft Security Client\MsMpEng.exe [23808 2013-10-23] (Microsoft Corporation) R3 NisSrv; C:\Program Files\Microsoft Security Client\NisSrv.exe [348376 2013-10-23] (Microsoft Corporation) R2 SMARTHelperService; C:\Program Files (x86)\SMART Technologies\Education Software\SMARTHelperService.exe [582552 2012-10-17] (SMART Technologies) R2 WDFME; C:\Program Files (x86)\Western Digital\WD Smartware\Front Parlor\WDFME\WDFME.exe [1034752 2010-09-08] () R2 WDSC; C:\Program Files (x86)\Western Digital\WD Smartware\Front Parlor\WDSC.exe [485376 2010-09-08] () ==================== Drivers (Whitelisted) ==================== R2 atksgt; C:\Windows\System32\DRIVERS\atksgt.sys [314016 2010-12-04] () R2 lirsgt; C:\Windows\System32\DRIVERS\lirsgt.sys [43680 2010-12-04] () R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [248240 2013-09-27] (Microsoft Corporation) R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [134944 2013-09-27] (Microsoft Corporation) R2 npf; C:\Windows\System32\drivers\npf.sys [47632 2010-01-27] (CACE Technologies, Inc.) R3 SMARTMouseFilterx64; C:\Windows\System32\DRIVERS\SMARTMouseFilterx64.sys [13168 2012-03-21] (SMART Technologies ULC) R3 SMARTVHidMiniVistaAmd64; C:\Windows\System32\DRIVERS\SMARTVHidMiniVistaAmd64.sys [16368 2012-03-21] (SMART Technologies ULC) R3 SMARTVTabletPCx64; C:\Windows\System32\DRIVERS\SMARTVTabletPCx64.sys [24944 2012-03-21] (SMART Technologies ULC) S4 sptd; \SystemRoot\\SystemRoot\System32\Drivers\sptd.sys [x] S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [x] S3 tsusbhub; system32\drivers\tsusbhub.sys [x] S3 VGPU; System32\drivers\rdvgkmd.sys [x] ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2013-12-18 07:19 - 2013-12-18 07:30 - 00000000 ____D C:\Users\****\Desktop\Virus 2013-12-16 22:52 - 2013-12-16 22:53 - 00044884 _____ C:\Users\****\Desktop\the-hangover_english-272570.zip 2013-12-16 22:52 - 2010-01-10 12:21 - 00123576 _____ C:\Users\****\Desktop\The.Hangover[2009]DvDrip-aXXo.srt 2013-12-16 22:51 - 2013-12-16 22:52 - 00030278 _____ C:\Users\****\Desktop\the-hangover_english-291259.rar 2013-12-16 22:48 - 2013-12-16 22:49 - 00030890 _____ C:\Users\****\Desktop\bad-santa_english-395630.zip 2013-12-16 22:48 - 2010-12-19 14:43 - 00082605 ____N C:\Users\****\Desktop\English Subtitles.srt 2013-12-16 22:39 - 2013-12-16 22:39 - 00035755 _____ C:\Users\****\Desktop\bad-santa_english-413865.zip 2013-12-16 22:39 - 2011-02-20 12:52 - 00099051 ____N C:\Users\****\Desktop\Bad.Santa.Unrated.2003.1080p.BluRay.x264-RO4EVA.srt 2013-12-16 22:37 - 2013-12-16 22:38 - 00028840 _____ C:\Users\****\Desktop\bad-santa_english-90455.rar 2013-12-16 22:36 - 2013-12-16 22:37 - 00031205 _____ C:\Users\****\Desktop\bad-santa_english-119658.zip 2013-12-16 22:36 - 2007-12-28 06:52 - 00073180 ____N C:\Users\****\Desktop\Bad Santa [2003].sub 2013-12-16 22:30 - 2013-12-16 22:31 - 00042178 _____ C:\Users\****\Desktop\bad-santa_english-199183.zip 2013-12-16 22:30 - 2009-01-22 04:05 - 00112030 ____N C:\Users\****\Desktop\bad.santa.eng.srt 2013-12-16 22:27 - 2013-12-16 22:28 - 00037702 _____ C:\Users\****\Desktop\bad-santa_english-395784.zip 2013-12-16 22:27 - 2010-12-20 02:53 - 00099155 ____N C:\Users\****\Desktop\Bad Santa [Extended].2003.DVDRip.Xvid.AC3.DiVERSiTY.srt 2013-12-16 22:26 - 2010-09-17 14:30 - 00099153 ____N C:\Users\****\Desktop\badder.santa.dvdrip.xvid-deity.srt 2013-12-16 22:25 - 2013-12-16 22:26 - 00037708 _____ C:\Users\****\Desktop\bad-santa_english-365001.zip 2013-12-16 22:23 - 2012-10-12 17:03 - 00065708 ____N C:\Users\****\Desktop\Identity (2003) 720p.srt 2013-12-16 22:22 - 2013-12-16 22:22 - 00024131 _____ C:\Users\****\Desktop\identity_english-637862.zip 2013-12-16 20:58 - 2013-12-16 20:59 - 00022006 _____ C:\Users\****\Desktop\health care india.odt 2013-12-16 16:12 - 2013-12-16 16:16 - 00035399 _____ C:\Users\****\Desktop\Addition.txt 2013-12-16 16:08 - 2013-12-16 16:16 - 00055789 _____ C:\Users\****\Desktop\FRST.txt 2013-12-16 16:08 - 2013-12-16 16:08 - 00000000 ____D C:\FRST 2013-12-16 16:07 - 2013-12-16 16:08 - 01927940 _____ (Farbar) C:\Users\****\Desktop\FRST64.exe 2013-12-16 14:56 - 2013-12-16 14:56 - 00000746 _____ C:\Windows\PFRO.log 2013-12-15 19:17 - 2013-12-18 07:21 - 00000352 _____ C:\Windows\Tasks\AmiUpdXp.job 2013-12-15 19:17 - 2013-12-17 07:16 - 00001960 _____ C:\Users\****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Lollipop.lnk 2013-12-15 19:17 - 2013-12-17 06:56 - 00000000 ____D C:\Users\****\AppData\Local\Lollipop 2013-12-15 19:17 - 2013-12-15 19:17 - 00003370 _____ C:\Windows\System32\Tasks\AmiUpdXp 2013-12-15 19:17 - 2013-12-15 19:17 - 00000000 ____D C:\Users\****\AppData\Local\SwvUpdater 2013-12-15 19:16 - 2013-12-17 07:21 - 00000000 ____D C:\Program Files (x86)\Re-markit 2013-12-15 19:16 - 2013-12-15 19:16 - 00003070 _____ C:\Windows\System32\Tasks\GoforFilesUpdate 2013-12-15 19:16 - 2013-12-15 19:16 - 00000000 ____D C:\Users\****\AppData\Roaming\GoforFiles 2013-12-15 19:16 - 2013-12-15 19:16 - 00000000 ____D C:\Program Files (x86)\foxydeal 2013-12-13 11:22 - 2013-12-14 10:48 - 00000000 ____D C:\Program Files (x86)\Mozilla Thunderbird 2013-12-11 19:40 - 2013-12-11 19:40 - 09293192 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe 2013-12-11 12:30 - 2013-05-10 06:56 - 14631424 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll 2013-12-11 12:30 - 2013-05-10 06:56 - 12625920 _____ (Microsoft Corporation) C:\Windows\system32\wmploc.DLL 2013-12-11 12:30 - 2013-05-10 05:56 - 12625408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmploc.DLL 2013-12-11 12:30 - 2013-05-10 05:56 - 11410432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmp.dll 2013-12-11 12:29 - 2013-11-26 12:54 - 23183360 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2013-12-11 12:29 - 2013-11-26 11:19 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2013-12-11 12:29 - 2013-11-26 11:18 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll 2013-12-11 12:29 - 2013-11-26 11:11 - 17112576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2013-12-11 12:29 - 2013-11-26 10:48 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll 2013-12-11 12:29 - 2013-11-26 10:46 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll 2013-12-11 12:29 - 2013-11-26 10:41 - 02764288 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2013-12-11 12:29 - 2013-11-26 10:29 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll 2013-12-11 12:29 - 2013-11-26 10:27 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll 2013-12-11 12:29 - 2013-11-26 10:23 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb 2013-12-11 12:29 - 2013-11-26 10:21 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll 2013-12-11 12:29 - 2013-11-26 10:18 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe 2013-12-11 12:29 - 2013-11-26 10:18 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe 2013-12-11 12:29 - 2013-11-26 10:16 - 00708608 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll 2013-12-11 12:29 - 2013-11-26 09:57 - 00218624 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe 2013-12-11 12:29 - 2013-11-26 09:38 - 02166784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2013-12-11 12:29 - 2013-11-26 09:38 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll 2013-12-11 12:29 - 2013-11-26 09:35 - 05769216 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2013-12-11 12:29 - 2013-11-26 09:32 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll 2013-12-11 12:29 - 2013-11-26 09:28 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll 2013-12-11 12:29 - 2013-11-26 09:16 - 04243968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll 2013-12-11 12:29 - 2013-11-26 09:02 - 01995264 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl 2013-12-11 12:29 - 2013-11-26 08:48 - 12996608 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2013-12-11 12:29 - 2013-11-26 08:32 - 01928192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl 2013-12-11 12:29 - 2013-11-26 08:26 - 11221504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2013-12-11 12:29 - 2013-11-26 08:07 - 02334208 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2013-12-11 12:29 - 2013-11-26 07:40 - 01395200 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2013-12-11 12:29 - 2013-11-26 07:34 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll 2013-12-11 12:29 - 2013-11-26 07:34 - 00703488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll 2013-12-11 12:29 - 2013-11-26 07:33 - 01820160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2013-12-11 12:29 - 2013-11-26 07:27 - 01157632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2013-12-11 09:03 - 2013-11-23 19:26 - 00417792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMPhoto.dll 2013-12-11 09:03 - 2013-11-23 18:47 - 00465920 _____ (Microsoft Corporation) C:\Windows\system32\WMPhoto.dll 2013-12-11 09:03 - 2013-11-12 03:23 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll 2013-12-11 09:03 - 2013-11-12 03:07 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll 2013-12-11 09:03 - 2013-10-30 03:32 - 00335360 _____ (Microsoft Corporation) C:\Windows\system32\msieftp.dll 2013-12-11 09:03 - 2013-10-30 03:19 - 00301568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msieftp.dll 2013-12-11 09:03 - 2013-10-30 02:24 - 03155968 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys 2013-12-11 09:03 - 2013-10-19 03:18 - 00081408 _____ (Microsoft Corporation) C:\Windows\system32\imagehlp.dll 2013-12-11 09:03 - 2013-10-19 02:36 - 00159232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\imagehlp.dll 2013-12-11 09:03 - 2013-10-12 03:32 - 00150016 _____ (Microsoft Corporation) C:\Windows\system32\wshom.ocx 2013-12-11 09:03 - 2013-10-12 03:31 - 00202752 _____ (Microsoft Corporation) C:\Windows\system32\scrrun.dll 2013-12-11 09:03 - 2013-10-12 03:04 - 00121856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wshom.ocx 2013-12-11 09:03 - 2013-10-12 03:03 - 00163840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\scrrun.dll 2013-12-11 09:03 - 2013-10-12 02:33 - 00168960 _____ (Microsoft Corporation) C:\Windows\system32\wscript.exe 2013-12-11 09:03 - 2013-10-12 02:33 - 00156160 _____ (Microsoft Corporation) C:\Windows\system32\cscript.exe 2013-12-11 09:03 - 2013-10-12 02:15 - 00141824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wscript.exe 2013-12-11 09:03 - 2013-10-12 02:15 - 00126976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cscript.exe 2013-12-11 09:03 - 2013-10-04 03:16 - 00116736 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\drmk.sys 2013-12-11 09:03 - 2013-10-04 02:36 - 00230400 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\portcls.sys 2013-11-30 21:04 - 2013-12-07 09:18 - 00000000 ____D C:\Users\****\Desktop\bitte was machen 2013-11-26 08:42 - 2013-10-14 18:00 - 00028368 _____ (Microsoft Corporation) C:\Windows\system32\IEUDINIT.EXE 2013-11-26 08:39 - 2013-11-26 08:39 - 01228800 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll 2013-11-26 08:39 - 2013-11-26 08:39 - 01051136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll 2013-11-26 08:39 - 2013-11-26 08:39 - 00942592 _____ (Microsoft Corporation) C:\Windows\system32\jsIntl.dll 2013-11-26 08:39 - 2013-11-26 08:39 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe 2013-11-26 08:39 - 2013-11-26 08:39 - 00774144 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll 2013-11-26 08:39 - 2013-11-26 08:39 - 00645120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsIntl.dll 2013-11-26 08:39 - 2013-11-26 08:39 - 00626176 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2013-11-26 08:39 - 2013-11-26 08:39 - 00616104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dat 2013-11-26 08:39 - 2013-11-26 08:39 - 00616104 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dat 2013-11-26 08:39 - 2013-11-26 08:39 - 00610304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll 2013-11-26 08:39 - 2013-11-26 08:39 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll 2013-11-26 08:39 - 2013-11-26 08:39 - 00523776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll 2013-11-26 08:39 - 2013-11-26 08:39 - 00454656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll 2013-11-26 08:39 - 2013-11-26 08:39 - 00453120 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll 2013-11-26 08:39 - 2013-11-26 08:39 - 00413696 _____ (Microsoft Corporation) C:\Windows\system32\html.iec 2013-11-26 08:39 - 2013-11-26 08:39 - 00367104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll 2013-11-26 08:39 - 2013-11-26 08:39 - 00337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec 2013-11-26 08:39 - 2013-11-26 08:39 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll 2013-11-26 08:39 - 2013-11-26 08:39 - 00263376 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll 2013-11-26 08:39 - 2013-11-26 08:39 - 00247808 _____ (Microsoft Corporation) C:\Windows\system32\msls31.dll 2013-11-26 08:39 - 2013-11-26 08:39 - 00244736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll 2013-11-26 08:39 - 2013-11-26 08:39 - 00243200 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll 2013-11-26 08:39 - 2013-11-26 08:39 - 00238288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll 2013-11-26 08:39 - 2013-11-26 08:39 - 00235520 _____ (Microsoft Corporation) C:\Windows\system32\url.dll 2013-11-26 08:39 - 2013-11-26 08:39 - 00235008 _____ (Microsoft Corporation) C:\Windows\system32\elshyph.dll 2013-11-26 08:39 - 2013-11-26 08:39 - 00233472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll 2013-11-26 08:39 - 2013-11-26 08:39 - 00208384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll 2013-11-26 08:39 - 2013-11-26 08:39 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll 2013-11-26 08:39 - 2013-11-26 08:39 - 00194048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\elshyph.dll 2013-11-26 08:39 - 2013-11-26 08:39 - 00182272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msls31.dll 2013-11-26 08:39 - 2013-11-26 08:39 - 00167424 _____ (Microsoft Corporation) C:\Windows\system32\iexpress.exe 2013-11-26 08:39 - 2013-11-26 08:39 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll 2013-11-26 08:39 - 2013-11-26 08:39 - 00151552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iexpress.exe 2013-11-26 08:39 - 2013-11-26 08:39 - 00147968 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll 2013-11-26 08:39 - 2013-11-26 08:39 - 00143872 _____ (Microsoft Corporation) C:\Windows\system32\wextract.exe 2013-11-26 08:39 - 2013-11-26 08:39 - 00139264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wextract.exe 2013-11-26 08:39 - 2013-11-26 08:39 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll 2013-11-26 08:39 - 2013-11-26 08:39 - 00131072 _____ (Microsoft Corporation) C:\Windows\system32\IEAdvpack.dll 2013-11-26 08:39 - 2013-11-26 08:39 - 00127488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll 2013-11-26 08:39 - 2013-11-26 08:39 - 00116736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll 2013-11-26 08:39 - 2013-11-26 08:39 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe 2013-11-26 08:39 - 2013-11-26 08:39 - 00111616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IEAdvpack.dll 2013-11-26 08:39 - 2013-11-26 08:39 - 00105984 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll 2013-11-26 08:39 - 2013-11-26 08:39 - 00101376 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll 2013-11-26 08:39 - 2013-11-26 08:39 - 00090112 _____ (Microsoft Corporation) C:\Windows\system32\SetIEInstalledDate.exe 2013-11-26 08:39 - 2013-11-26 08:39 - 00086016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll 2013-11-26 08:39 - 2013-11-26 08:39 - 00086016 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe 2013-11-26 08:39 - 2013-11-26 08:39 - 00084992 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll 2013-11-26 08:39 - 2013-11-26 08:39 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll 2013-11-26 08:39 - 2013-11-26 08:39 - 00083456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll 2013-11-26 08:39 - 2013-11-26 08:39 - 00081408 _____ (Microsoft Corporation) C:\Windows\system32\icardie.dll 2013-11-26 08:39 - 2013-11-26 08:39 - 00077312 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx 2013-11-26 08:39 - 2013-11-26 08:39 - 00074240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SetIEInstalledDate.exe 2013-11-26 08:39 - 2013-11-26 08:39 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe 2013-11-26 08:39 - 2013-11-26 08:39 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll 2013-11-26 08:39 - 2013-11-26 08:39 - 00069120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardie.dll 2013-11-26 08:39 - 2013-11-26 08:39 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx 2013-11-26 08:39 - 2013-11-26 08:39 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\pngfilt.dll 2013-11-26 08:39 - 2013-11-26 08:39 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll 2013-11-26 08:39 - 2013-11-26 08:39 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll 2013-11-26 08:39 - 2013-11-26 08:39 - 00056832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pngfilt.dll 2013-11-26 08:39 - 2013-11-26 08:39 - 00052224 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll 2013-11-26 08:39 - 2013-11-26 08:39 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll 2013-11-26 08:39 - 2013-11-26 08:39 - 00048640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmler.dll 2013-11-26 08:39 - 2013-11-26 08:39 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\mshtmler.dll 2013-11-26 08:39 - 2013-11-26 08:39 - 00048128 _____ (Microsoft Corporation) C:\Windows\system32\imgutil.dll 2013-11-26 08:39 - 2013-11-26 08:39 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll 2013-11-26 08:39 - 2013-11-26 08:39 - 00040448 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll 2013-11-26 08:39 - 2013-11-26 08:39 - 00036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\imgutil.dll 2013-11-26 08:39 - 2013-11-26 08:39 - 00034816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll 2013-11-26 08:39 - 2013-11-26 08:39 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll 2013-11-26 08:39 - 2013-11-26 08:39 - 00030208 _____ (Microsoft Corporation) C:\Windows\system32\licmgr10.dll 2013-11-26 08:39 - 2013-11-26 08:39 - 00024576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\licmgr10.dll 2013-11-26 08:39 - 2013-11-26 08:39 - 00013824 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe 2013-11-26 08:39 - 2013-11-26 08:39 - 00013312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe 2013-11-26 08:39 - 2013-11-26 08:39 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe 2013-11-26 08:39 - 2013-11-26 08:39 - 00012800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe 2013-11-26 08:38 - 2013-11-26 08:42 - 00009768 _____ C:\Windows\IE11_main.log 2013-11-20 09:58 - 2013-12-11 16:50 - 04896992 _____ C:\Windows\system32\FNTCACHE.DAT 2013-11-20 08:52 - 2013-11-20 08:52 - 00082264 _____ C:\Users\****\AppData\Local\GDIPFONTCACHEV1.DAT 2013-11-19 20:04 - 2013-12-18 07:21 - 00009645 _____ C:\Windows\setupact.log 2013-11-19 20:04 - 2013-11-19 20:04 - 00000000 _____ C:\Windows\setuperr.log ==================== One Month Modified Files and Folders ======= 2013-12-18 07:30 - 2013-12-18 07:19 - 00000000 ____D C:\Users\****\Desktop\Virus 2013-12-18 07:29 - 2009-07-14 05:45 - 00017168 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2013-12-18 07:29 - 2009-07-14 05:45 - 00017168 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2013-12-18 07:27 - 2009-07-14 18:58 - 15296622 _____ C:\Windows\system32\perfh007.dat 2013-12-18 07:27 - 2009-07-14 18:58 - 04737370 _____ C:\Windows\system32\perfc007.dat 2013-12-18 07:27 - 2009-07-14 06:13 - 00005214 _____ C:\Windows\system32\PerfStringBackup.INI 2013-12-18 07:25 - 2010-04-15 20:01 - 01652861 _____ C:\Windows\WindowsUpdate.log 2013-12-18 07:22 - 2012-01-07 17:27 - 00001134 _____ C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2058888408-2479665750-2358759828-1001UA.job 2013-12-18 07:21 - 2013-12-15 19:17 - 00000352 _____ C:\Windows\Tasks\AmiUpdXp.job 2013-12-18 07:21 - 2013-11-19 20:04 - 00009645 _____ C:\Windows\setupact.log 2013-12-18 07:21 - 2010-04-21 16:31 - 00001102 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2013-12-18 07:21 - 2009-07-14 06:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT 2013-12-18 07:20 - 2012-12-29 11:30 - 00000040 _____ C:\Users\****\defogger_reenable 2013-12-17 21:25 - 2010-04-15 21:27 - 00000000 ____D C:\Users\****\AppData\Roaming\uTorrent 2013-12-17 18:40 - 2012-07-25 16:06 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job 2013-12-17 08:34 - 2010-05-18 12:09 - 00000432 _____ C:\Windows\BRWMARK.INI 2013-12-17 08:12 - 2012-09-16 13:26 - 00000000 ____D C:\ProgramData\LAT 2.0 Deutsch 2013-12-17 07:48 - 2010-04-21 16:31 - 00001106 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2013-12-17 07:21 - 2013-12-15 19:16 - 00000000 ____D C:\Program Files (x86)\Re-markit 2013-12-17 07:16 - 2013-12-15 19:17 - 00001960 _____ C:\Users\****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Lollipop.lnk 2013-12-17 06:56 - 2013-12-15 19:17 - 00000000 ____D C:\Users\****\AppData\Local\Lollipop 2013-12-16 22:53 - 2013-12-16 22:52 - 00044884 _____ C:\Users\****\Desktop\the-hangover_english-272570.zip 2013-12-16 22:52 - 2013-12-16 22:51 - 00030278 _____ C:\Users\****\Desktop\the-hangover_english-291259.rar 2013-12-16 22:49 - 2013-12-16 22:48 - 00030890 _____ C:\Users\****\Desktop\bad-santa_english-395630.zip 2013-12-16 22:39 - 2013-12-16 22:39 - 00035755 _____ C:\Users\****\Desktop\bad-santa_english-413865.zip 2013-12-16 22:38 - 2013-12-16 22:37 - 00028840 _____ C:\Users\****\Desktop\bad-santa_english-90455.rar 2013-12-16 22:37 - 2013-12-16 22:36 - 00031205 _____ C:\Users\****\Desktop\bad-santa_english-119658.zip 2013-12-16 22:31 - 2013-12-16 22:30 - 00042178 _____ C:\Users\****\Desktop\bad-santa_english-199183.zip 2013-12-16 22:28 - 2013-12-16 22:27 - 00037702 _____ C:\Users\****\Desktop\bad-santa_english-395784.zip 2013-12-16 22:26 - 2013-12-16 22:25 - 00037708 _____ C:\Users\****\Desktop\bad-santa_english-365001.zip 2013-12-16 22:22 - 2013-12-16 22:22 - 00024131 _____ C:\Users\****\Desktop\identity_english-637862.zip 2013-12-16 20:59 - 2013-12-16 20:58 - 00022006 _____ C:\Users\****\Desktop\health care india.odt 2013-12-16 16:16 - 2013-12-16 16:12 - 00035399 _____ C:\Users\****\Desktop\Addition.txt 2013-12-16 16:16 - 2013-12-16 16:08 - 00055789 _____ C:\Users\****\Desktop\FRST.txt 2013-12-16 16:11 - 2010-04-30 09:42 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware 2013-12-16 16:08 - 2013-12-16 16:08 - 00000000 ____D C:\FRST 2013-12-16 16:08 - 2013-12-16 16:07 - 01927940 _____ (Farbar) C:\Users\****\Desktop\FRST64.exe 2013-12-16 14:56 - 2013-12-16 14:56 - 00000746 _____ C:\Windows\PFRO.log 2013-12-15 19:17 - 2013-12-15 19:17 - 00003370 _____ C:\Windows\System32\Tasks\AmiUpdXp 2013-12-15 19:17 - 2013-12-15 19:17 - 00000000 ____D C:\Users\****\AppData\Local\SwvUpdater 2013-12-15 19:16 - 2013-12-15 19:16 - 00003070 _____ C:\Windows\System32\Tasks\GoforFilesUpdate 2013-12-15 19:16 - 2013-12-15 19:16 - 00000000 ____D C:\Users\****\AppData\Roaming\GoforFiles 2013-12-15 19:16 - 2013-12-15 19:16 - 00000000 ____D C:\Program Files (x86)\foxydeal 2013-12-14 18:39 - 2012-04-30 09:11 - 00000000 ____D C:\Users\****\Documents\Körperstolz 2013-12-14 18:27 - 2012-05-03 20:47 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service 2013-12-14 11:18 - 2013-07-23 08:36 - 00000000 ____D C:\Windows\system32\MRT 2013-12-14 11:16 - 2010-04-17 08:08 - 90708896 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe 2013-12-14 10:48 - 2013-12-13 11:22 - 00000000 ____D C:\Program Files (x86)\Mozilla Thunderbird 2013-12-12 10:22 - 2012-01-07 17:27 - 00001112 _____ C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2058888408-2479665750-2358759828-1001Core.job 2013-12-11 21:50 - 2010-04-21 16:31 - 00000000 ____D C:\Program Files (x86)\Google 2013-12-11 19:40 - 2013-12-11 19:40 - 09293192 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe 2013-12-11 19:40 - 2012-07-25 16:06 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2013-12-11 19:40 - 2012-07-25 16:06 - 00003822 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater 2013-12-11 19:40 - 2011-05-25 06:21 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2013-12-11 16:50 - 2013-11-20 09:58 - 04896992 _____ C:\Windows\system32\FNTCACHE.DAT 2013-12-07 09:18 - 2013-11-30 21:04 - 00000000 ____D C:\Users\****\Desktop\bitte was machen 2013-12-06 19:31 - 2009-07-14 06:08 - 00032632 _____ C:\Windows\Tasks\SCHEDLGU.TXT 2013-12-06 10:16 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\system32\NDF 2013-11-30 18:43 - 2010-04-21 16:31 - 00004102 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA 2013-11-30 18:43 - 2010-04-21 16:31 - 00003850 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore 2013-11-26 17:44 - 2011-01-22 14:44 - 00001425 _____ C:\Users\****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk 2013-11-26 17:44 - 2010-04-15 20:57 - 00000000 ____D C:\Windows\Panther 2013-11-26 17:43 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\PolicyDefinitions 2013-11-26 12:54 - 2013-12-11 12:29 - 23183360 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2013-11-26 11:19 - 2013-12-11 12:29 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2013-11-26 11:18 - 2013-12-11 12:29 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll 2013-11-26 11:11 - 2013-12-11 12:29 - 17112576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2013-11-26 10:48 - 2013-12-11 12:29 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll 2013-11-26 10:46 - 2013-12-11 12:29 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll 2013-11-26 10:41 - 2013-12-11 12:29 - 02764288 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2013-11-26 10:29 - 2013-12-11 12:29 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll 2013-11-26 10:27 - 2013-12-11 12:29 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll 2013-11-26 10:23 - 2013-12-11 12:29 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb 2013-11-26 10:21 - 2013-12-11 12:29 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll 2013-11-26 10:18 - 2013-12-11 12:29 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe 2013-11-26 10:18 - 2013-12-11 12:29 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe 2013-11-26 10:16 - 2013-12-11 12:29 - 00708608 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll 2013-11-26 09:57 - 2013-12-11 12:29 - 00218624 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe 2013-11-26 09:38 - 2013-12-11 12:29 - 02166784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2013-11-26 09:38 - 2013-12-11 12:29 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll 2013-11-26 09:35 - 2013-12-11 12:29 - 05769216 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2013-11-26 09:32 - 2013-12-11 12:29 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll 2013-11-26 09:28 - 2013-12-11 12:29 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll 2013-11-26 09:16 - 2013-12-11 12:29 - 04243968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll 2013-11-26 09:02 - 2013-12-11 12:29 - 01995264 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl 2013-11-26 08:48 - 2013-12-11 12:29 - 12996608 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2013-11-26 08:42 - 2013-11-26 08:38 - 00009768 _____ C:\Windows\IE11_main.log 2013-11-26 08:39 - 2013-11-26 08:39 - 01228800 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll 2013-11-26 08:39 - 2013-11-26 08:39 - 01051136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll 2013-11-26 08:39 - 2013-11-26 08:39 - 00942592 _____ (Microsoft Corporation) C:\Windows\system32\jsIntl.dll 2013-11-26 08:39 - 2013-11-26 08:39 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe 2013-11-26 08:39 - 2013-11-26 08:39 - 00774144 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll 2013-11-26 08:39 - 2013-11-26 08:39 - 00645120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsIntl.dll 2013-11-26 08:39 - 2013-11-26 08:39 - 00626176 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2013-11-26 08:39 - 2013-11-26 08:39 - 00616104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dat 2013-11-26 08:39 - 2013-11-26 08:39 - 00616104 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dat 2013-11-26 08:39 - 2013-11-26 08:39 - 00610304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll 2013-11-26 08:39 - 2013-11-26 08:39 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll 2013-11-26 08:39 - 2013-11-26 08:39 - 00523776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll 2013-11-26 08:39 - 2013-11-26 08:39 - 00454656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll 2013-11-26 08:39 - 2013-11-26 08:39 - 00453120 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll 2013-11-26 08:39 - 2013-11-26 08:39 - 00413696 _____ (Microsoft Corporation) C:\Windows\system32\html.iec 2013-11-26 08:39 - 2013-11-26 08:39 - 00367104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll 2013-11-26 08:39 - 2013-11-26 08:39 - 00337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec 2013-11-26 08:39 - 2013-11-26 08:39 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll 2013-11-26 08:39 - 2013-11-26 08:39 - 00263376 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll 2013-11-26 08:39 - 2013-11-26 08:39 - 00247808 _____ (Microsoft Corporation) C:\Windows\system32\msls31.dll 2013-11-26 08:39 - 2013-11-26 08:39 - 00244736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll 2013-11-26 08:39 - 2013-11-26 08:39 - 00243200 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll 2013-11-26 08:39 - 2013-11-26 08:39 - 00238288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll 2013-11-26 08:39 - 2013-11-26 08:39 - 00235520 _____ (Microsoft Corporation) C:\Windows\system32\url.dll 2013-11-26 08:39 - 2013-11-26 08:39 - 00235008 _____ (Microsoft Corporation) C:\Windows\system32\elshyph.dll 2013-11-26 08:39 - 2013-11-26 08:39 - 00233472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll 2013-11-26 08:39 - 2013-11-26 08:39 - 00208384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll 2013-11-26 08:39 - 2013-11-26 08:39 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll 2013-11-26 08:39 - 2013-11-26 08:39 - 00194048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\elshyph.dll 2013-11-26 08:39 - 2013-11-26 08:39 - 00182272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msls31.dll 2013-11-26 08:39 - 2013-11-26 08:39 - 00167424 _____ (Microsoft Corporation) C:\Windows\system32\iexpress.exe 2013-11-26 08:39 - 2013-11-26 08:39 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll 2013-11-26 08:39 - 2013-11-26 08:39 - 00151552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iexpress.exe 2013-11-26 08:39 - 2013-11-26 08:39 - 00147968 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll 2013-11-26 08:39 - 2013-11-26 08:39 - 00143872 _____ (Microsoft Corporation) C:\Windows\system32\wextract.exe 2013-11-26 08:39 - 2013-11-26 08:39 - 00139264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wextract.exe 2013-11-26 08:39 - 2013-11-26 08:39 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll 2013-11-26 08:39 - 2013-11-26 08:39 - 00131072 _____ (Microsoft Corporation) C:\Windows\system32\IEAdvpack.dll 2013-11-26 08:39 - 2013-11-26 08:39 - 00127488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll 2013-11-26 08:39 - 2013-11-26 08:39 - 00116736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll 2013-11-26 08:39 - 2013-11-26 08:39 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe 2013-11-26 08:39 - 2013-11-26 08:39 - 00111616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IEAdvpack.dll 2013-11-26 08:39 - 2013-11-26 08:39 - 00105984 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll 2013-11-26 08:39 - 2013-11-26 08:39 - 00101376 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll 2013-11-26 08:39 - 2013-11-26 08:39 - 00090112 _____ (Microsoft Corporation) C:\Windows\system32\SetIEInstalledDate.exe 2013-11-26 08:39 - 2013-11-26 08:39 - 00086016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll 2013-11-26 08:39 - 2013-11-26 08:39 - 00086016 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe 2013-11-26 08:39 - 2013-11-26 08:39 - 00084992 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll 2013-11-26 08:39 - 2013-11-26 08:39 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll 2013-11-26 08:39 - 2013-11-26 08:39 - 00083456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll 2013-11-26 08:39 - 2013-11-26 08:39 - 00081408 _____ (Microsoft Corporation) C:\Windows\system32\icardie.dll 2013-11-26 08:39 - 2013-11-26 08:39 - 00077312 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx 2013-11-26 08:39 - 2013-11-26 08:39 - 00074240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SetIEInstalledDate.exe 2013-11-26 08:39 - 2013-11-26 08:39 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe 2013-11-26 08:39 - 2013-11-26 08:39 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll 2013-11-26 08:39 - 2013-11-26 08:39 - 00069120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardie.dll 2013-11-26 08:39 - 2013-11-26 08:39 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx 2013-11-26 08:39 - 2013-11-26 08:39 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\pngfilt.dll 2013-11-26 08:39 - 2013-11-26 08:39 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll 2013-11-26 08:39 - 2013-11-26 08:39 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll 2013-11-26 08:39 - 2013-11-26 08:39 - 00056832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pngfilt.dll 2013-11-26 08:39 - 2013-11-26 08:39 - 00052224 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll 2013-11-26 08:39 - 2013-11-26 08:39 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll 2013-11-26 08:39 - 2013-11-26 08:39 - 00048640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmler.dll 2013-11-26 08:39 - 2013-11-26 08:39 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\mshtmler.dll 2013-11-26 08:39 - 2013-11-26 08:39 - 00048128 _____ (Microsoft Corporation) C:\Windows\system32\imgutil.dll 2013-11-26 08:39 - 2013-11-26 08:39 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll 2013-11-26 08:39 - 2013-11-26 08:39 - 00040448 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll 2013-11-26 08:39 - 2013-11-26 08:39 - 00036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\imgutil.dll 2013-11-26 08:39 - 2013-11-26 08:39 - 00034816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll 2013-11-26 08:39 - 2013-11-26 08:39 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll 2013-11-26 08:39 - 2013-11-26 08:39 - 00030208 _____ (Microsoft Corporation) C:\Windows\system32\licmgr10.dll 2013-11-26 08:39 - 2013-11-26 08:39 - 00024576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\licmgr10.dll 2013-11-26 08:39 - 2013-11-26 08:39 - 00013824 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe 2013-11-26 08:39 - 2013-11-26 08:39 - 00013312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe 2013-11-26 08:39 - 2013-11-26 08:39 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe 2013-11-26 08:39 - 2013-11-26 08:39 - 00012800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe 2013-11-26 08:32 - 2013-12-11 12:29 - 01928192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl 2013-11-26 08:26 - 2013-12-11 12:29 - 11221504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2013-11-26 08:07 - 2013-12-11 12:29 - 02334208 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2013-11-26 07:40 - 2013-12-11 12:29 - 01395200 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2013-11-26 07:34 - 2013-12-11 12:29 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll 2013-11-26 07:34 - 2013-12-11 12:29 - 00703488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll 2013-11-26 07:33 - 2013-12-11 12:29 - 01820160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2013-11-26 07:27 - 2013-12-11 12:29 - 01157632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2013-11-25 14:47 - 2010-02-25 21:41 - 00000000 ____D C:\Users\****\Documents\Verschiedenes 2013-11-23 19:26 - 2013-12-11 09:03 - 00417792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMPhoto.dll 2013-11-23 18:47 - 2013-12-11 09:03 - 00465920 _____ (Microsoft Corporation) C:\Windows\system32\WMPhoto.dll 2013-11-20 08:52 - 2013-11-20 08:52 - 00082264 _____ C:\Users\****\AppData\Local\GDIPFONTCACHEV1.DAT 2013-11-19 20:04 - 2013-11-19 20:04 - 00000000 _____ C:\Windows\setuperr.log 2013-11-19 11:21 - 2010-04-15 21:19 - 00267936 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe 2013-11-19 07:41 - 2011-01-25 20:06 - 00001912 _____ C:\Windows\epplauncher.mif 2013-11-19 07:41 - 2011-01-25 20:06 - 00000000 ____D C:\Program Files (x86)\Microsoft Security Client 2013-11-19 07:41 - 2011-01-25 20:05 - 00000000 ____D C:\Program Files\Microsoft Security Client Some content of TEMP: ==================== C:\Users\****\AppData\Local\Temp\DownloadManager.exe C:\Users\****\AppData\Local\Temp\htmlayout.dll C:\Users\****\AppData\Local\Temp\Launcher_i194690237.exe C:\Users\****\AppData\Local\Temp\toolbar10803428.exe C:\Users\****\AppData\Local\Temp\toolbar10852069.exe C:\Users\****\AppData\Local\Temp\uninstall10880008.exe C:\Users\****\AppData\Local\Temp\uninstall10897215.exe ==================== Bamital & volsnap Check ================= C:\Windows\System32\winlogon.exe => MD5 is legit C:\Windows\System32\wininit.exe => MD5 is legit C:\Windows\SysWOW64\wininit.exe => MD5 is legit C:\Windows\explorer.exe => MD5 is legit C:\Windows\SysWOW64\explorer.exe => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\SysWOW64\svchost.exe => MD5 is legit C:\Windows\System32\services.exe => MD5 is legit C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\SysWOW64\User32.dll => MD5 is legit C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\SysWOW64\userinit.exe => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit LastRegBack: 2013-12-10 16:25 ==================== End Of Log ============================ Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x64) Version: 17-12-2013 02 Ran by **** at 2013-12-18 07:32:39 Running from C:\Users\****\Desktop\Virus Boot Mode: Normal ========================================================== ==================== Security Center ======================== AV: Microsoft Security Essentials (Enabled - Up to date) {641105E6-77ED-3F35-A304-765193BCB75F} AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: Microsoft Security Essentials (Enabled - Up to date) {DF70E402-51D7-30BB-99B4-4D23E83BFDE2} ==================== Installed Programs ====================== µTorrent (x32 Version: 2.2.0) AbiWord 2.8.6 (x32 Version: 2.8.6) Adobe AIR (x32 Version: 1.5.3.9120) Adobe Color Video Profiles CS CS4 (x32 Version: 2.0) Adobe Community Help (x32 Version: 3.0.0) Adobe Community Help (x32 Version: 3.0.0.400) Adobe Flash Player 11 ActiveX (x32 Version: 11.9.900.170) Adobe Flash Player 11 Plugin (x32 Version: 11.9.900.170) Adobe Media Player (x32 Version: 1.8) Adobe Reader XI (11.0.05) - Deutsch (x32 Version: 11.0.05) Adobe Shockwave Player 11.5 (x32 Version: 11.5.9.615) AdobeColorCommonSetRGB (x32 Version: 2.0) Akamai NetSession Interface (HKCU) Allway Sync version 10.5.8 (x32) Apple Application Support (x32 Version: 2.1.9) Apple Mobile Device Support (Version: 5.2.0.6) Apple Software Update (x32 Version: 2.1.3.127) At the Cutting Edge (x32) ATI AVIVO64 Codecs (Version: 10.10.0.40918) ATI Catalyst Install Manager (Version: 3.0.762.0) ATI Catalyst Registration (x32 Version: 2.01.0000) AVG 2012 (Version: 12.0.1913) AVG 2012 (Version: 12.0.2178) AVG 2012 (Version: 12.0.2180) AVG 2012 (Version: 12.0.2193) AVG 2012 (Version: 12.0.2195) AVG 2012 (Version: 12.0.2197) AVG 2012 (Version: 12.0.2221) AVG 2013 (Version: 13.0.2742) AVG 2013 (Version: 13.0.2793) AVG 2013 (Version: 2013.0.2805) Bonjour (Version: 3.0.0.10) Browser Configuration Utility (x32 Version: 1.1.11.0) calibre (x32 Version: 0.9.19) CANON iMAGE GATEWAY MyCamera Download Plugin (x32 Version: 3.1.1.2) CANON iMAGE GATEWAY Task for ZoomBrowser EX (x32 Version: 1.9.0.9) Canon MOV Decoder (x32 Version: 1.8.0.7) Canon MOV Encoder (x32 Version: 1.6.0.1) Canon MovieEdit Task for ZoomBrowser EX (x32 Version: 3.7.0.4) Canon Utilities Digital Photo Professional 3.10 (x32 Version: 3.10.2.0) Canon Utilities EOS Utility (x32 Version: 2.10.2.0) Canon Utilities EOS Video Snapshot Task for ZoomBrowser EX (x32 Version: 1.0.0.10) Canon Utilities PhotoStitch (x32 Version: 3.1.22.46) Canon Utilities Picture Style Editor (x32 Version: 1.9.0.0) Canon Utilities ZoomBrowser EX (x32 Version: 6.7.0.24) Canon ZoomBrowser EX Memory Card Utility (x32 Version: 1.5.0.9) Catalyst Control Center - Branding (x32 Version: 1.00.0000) Catalyst Control Center Core Implementation (x32 Version: 2010.0202.2335.42270) Catalyst Control Center Graphics Full Existing (x32 Version: 2010.0202.2335.42270) Catalyst Control Center Graphics Full New (x32 Version: 2010.0202.2335.42270) Catalyst Control Center Graphics Light (x32 Version: 2010.0202.2335.42270) Catalyst Control Center Graphics Previews Common (x32 Version: 2010.0202.2335.42270) Catalyst Control Center HydraVision Full (x32 Version: 2010.0202.2335.42270) Catalyst Control Center InstallProxy (x32 Version: 2010.0202.2335.42270) Catalyst Control Center Localization All (x32 Version: 2010.0202.2335.42270) CCC Help English (x32 Version: 2010.0202.2334.42270) CCC Help French (x32 Version: 2010.0202.2334.42270) CCC Help German (x32 Version: 2010.0202.2334.42270) CCC Help Italian (x32 Version: 2010.0202.2334.42270) CCC Help Portuguese (x32 Version: 2010.0202.2334.42270) CCC Help Spanish (x32 Version: 2010.0202.2334.42270) ccc-core-static (x32 Version: 2010.0202.2335.42270) ccc-utility64 (Version: 2010.0202.2335.42270) CCleaner (Version: 3.26) CDex - Open Source Digital Audio CD Extractor (x32 Version: 1.70.4.2009) ComunioCalci 1.5.1 (x32) Convert AVI to MP4 1.3 (x32) ConvertHelper 2.2 (x32) D3DX10 (x32 Version: 15.4.2368.0902) DAEMON Tools Lite (x32 Version: 4.47.1.0333) Defraggler (Version: 2.12) Dota 2 (x32) ElsterFormular (x32 Version: 13.2.0.8623p) Facebook Video Calling 1.2.0.287 (x32 Version: 1.2.287) FLV Player (HKCU) FoxyDeal (x32 Version: 1.1.0) Free YouTube Download 2.9 (x32) Gigabyte Raid Cinfigurer (x32 Version: 1.00.0001) Google Drive (x32 Version: 1.13.5782.599) Google Earth (x32 Version: 7.1.2.2041) Google Update Helper (x32 Version: 1.3.22.3) GooReader (x32 Version: 2.0) HydraVision (x32 Version: 4.2.114.0) iLivid (x32 Version: 4.0.0.2410) <==== ATTENTION Internet Explorer Toolbar 4.6 by SweetPacks (x32 Version: 4.6.0003) <==== ATTENTION Java 7 Update 45 (x32 Version: 7.0.450) Java Auto Updater (x32 Version: 2.1.9.8) Klett Software Sicher ins Abitur (x32) Lehrer-Software Notting Hill Gate 3B (x32) Lollipop (HKCU) <==== ATTENTION Lyrics Plugin for Winamp (x32 Version: 0.4) <==== ATTENTION Malwarebytes Anti-Malware Version 1.75.0.1300 (x32 Version: 1.75.0.1300) Mesh Runtime (x32 Version: 15.4.5722.2) Microsoft .NET Framework 4 Client Profile (Version: 4.0.30320) Microsoft .NET Framework 4 Client Profile DEU Language Pack (Version: 4.0.30320) Microsoft Antimalware Service DE-DE Language Pack (Version: 3.0.8402.2) Microsoft Application Error Reporting (Version: 12.0.6015.5000) Microsoft Office Word Viewer 2003 (x32 Version: 11.0.8173.0) Microsoft Security Client (Version: 4.4.0304.0) Microsoft Security Client DE-DE Language Pack (Version: 2.1.1116.0) Microsoft Security Essentials (Version: 4.4.304.0) Microsoft SQL Server 2005 Compact Edition [ENU] (x32 Version: 3.1.0000) Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (x32 Version: 8.0.50727.4053) Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.56336) Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.61001) Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570 (Version: 9.0.30729.5570) Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (x32 Version: 9.0.30729.5570) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (Version: 9.0.30729.4148) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161) Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (x32 Version: 9.0.21022) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (x32 Version: 9.0.30729) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (x32 Version: 9.0.30729) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (x32 Version: 9.0.30729.4148) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (x32 Version: 9.0.30729.6161) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (Version: 10.0.40219) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (x32 Version: 10.0.40219) Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (Version: 10.0.40303) Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (Version: 10.0.40308) Microsoft Visual Studio 2010 Tools for Office Runtime (x64) Language Pack - DEU (Version: 10.0.40303) Microsoft Visual Studio 2010-Tools für Office-Laufzeit (x64) Language Pack - DEU (Version: 10.0.40303) Microsoft_VC80_ATL_x86_x64 (Version: 8.0.50727.4053) Microsoft_VC80_CRT_x86 (x32 Version: 8.0.50727.4053) Microsoft_VC80_CRT_x86_x64 (Version: 8.0.50727.4053) Microsoft_VC80_MFC_x86 (x32 Version: 8.0.50727.4053) Microsoft_VC80_MFC_x86_x64 (Version: 8.0.50727.4053) Microsoft_VC80_MFCLOC_x86 (x32 Version: 8.0.50727.4053) Microsoft_VC80_MFCLOC_x86_x64 (Version: 80.50727.4053) Microsoft_VC90_ATL_x86 (x32 Version: 1.00.0000) Microsoft_VC90_ATL_x86_x64 (Version: 1.00.0000) Microsoft_VC90_CRT_x86 (x32 Version: 1.00.0000) Microsoft_VC90_CRT_x86_x64 (Version: 1.00.0000) Microsoft_VC90_MFC_x86 (x32 Version: 1.00.0000) Microsoft_VC90_MFC_x86_x64 (Version: 1.00.0000) Mozilla Firefox 25.0.1 (x86 de) (x32 Version: 25.0.1) Mozilla Maintenance Service (x32 Version: 24.2.0) Mozilla Thunderbird 24.2.0 (x86 de) (x32 Version: 24.2.0) MSVCRT (x32 Version: 15.4.2862.0708) MSXML 4.0 SP2 (KB954430) (x32 Version: 4.20.9870.0) MSXML 4.0 SP2 (KB973688) (x32 Version: 4.20.9876.0) MyScript HWR (German) (x32 Version: 4.4.5.1) NEC Electronics USB 3.0 Host Controller Driver (x32 Version: 1.0.14.0) NVIDIA PhysX (x32 Version: 9.09.0720) OpenOffice.org 3.2 (x32 Version: 3.2.9483) Opera 12.15 (x32 Version: 12.15.1748) Oxford Advanced Learner's Dictionary - 8th Edition (x32) PC Speed Maximizer v3.2 (x32 Version: 3.2) PDF Settings CS5 (x32 Version: 10.0) PDFCreator (x32 Version: 1.2.1) PDFZilla V1.2.11 (x32) Picasa 3 (x32 Version: 3.9) QUICKfind server v1.1 (x32) QuickTime (x32 Version: 7.69.80.9) RealNetworks - Microsoft Visual C++ 2008 Runtime (x32 Version: 9.0) RealPlayer (x32) Realtek Ethernet Controller Driver For Windows Vista and Later (x32 Version: 1.00.0009) Realtek HDMI Audio Driver for ATI (x32 Version: 6.0.1.5897) Realtek High Definition Audio Driver (x32 Version: 6.0.1.5964) RealUpgrade 1.1 (x32 Version: 1.1.0) Re-markit (x32) SES Driver (Version: 1.0.0) Skype™ 5.10 (x32 Version: 5.10.116) SMART Common Files (x32 Version: 11.1.34.1) SMART German Language Pack (x32 Version: 11.0.50.1) SMART Ink (x32 Version: 1.1.233.0) SMART Notebook (x32 Version: 11.0.705.1) SMART Product Drivers (x32 Version: 11.0.510.2) SMART Product Update (x32 Version: 5.0.108.0) Software Version Updater (x32 Version: 1.1.3.8) <==== ATTENTION SopCast 3.4.0 (x32 Version: 3.4.0) SoulSeek 157 NS 13e (x32) SpeedFan (remove only) (x32) Spotify (HKCU Version: 0.9.4.185.g7545a404) StarCraft II (x32 Version: 1.4.3.21029) Steam (x32 Version: 1.0.0.0) Streamripper (Remove only) (x32) Tesseract-OCR - open source OCR engine (x32 Version: 3.02.02) The Lord of the Rings FREE Trial (x32 Version: 1.00.0000) TIPP10 Version 2.1.0 (x32) TrueCrypt (x32 Version: 7.1a) TVUPlayer 2.5.3.1 (x32 Version: 2.5.3.1) Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (x32 Version: 1) Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (x32 Version: 1) Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (x32 Version: 1) Update for Microsoft .NET Framework 4 Client Profile (KB2836939) (x32 Version: 1) Update for Microsoft .NET Framework 4 Client Profile (KB2836939v3) (x32 Version: 3) VDownloader 3.9.1627 vDownloader Packages (HKCU) Veetle TV (x32 Version: 0.9.18) Visual Studio 2008 x64 Redistributables (x32 Version: 10.0.0.2) Visual Studio 2010 x64 Redistributables (Version: 13.0.0.1) VLC media player 1.1.11 (x32 Version: 1.1.11) Warcraft III (x32) WD SmartWare (Version: 1.4.1.1) Winamp (x32 Version: 5.63 ) Winamp Erkennungs-Plug-in (HKCU Version: 1.0.0.1) Windows Driver Package - Western Digital Technologies (WDC_SAM) WDC_SAM (03/06/2009 1.0.0008.0) (Version: 03/06/2009 1.0.0008.0) Windows Live Communications Platform (x32 Version: 15.4.3502.0922) Windows Live Essentials (x32 Version: 15.4.3502.0922) Windows Live Essentials (x32 Version: 15.4.3555.0308) Windows Live Fotogalerie (x32 Version: 15.4.3502.0922) Windows Live ID Sign-in Assistant (Version: 7.250.4232.0) Windows Live Installer (x32 Version: 15.4.3502.0922) Windows Live Language Selector (Version: 15.4.3555.0308) Windows Live Mesh (x32 Version: 15.4.3502.0922) Windows Live Mesh ActiveX control for remote connections (x32 Version: 15.4.5722.2) Windows Live Movie Maker (x32 Version: 15.4.3502.0922) Windows Live Photo Common (x32 Version: 15.4.3502.0922) Windows Live Photo Gallery (x32 Version: 15.4.3502.0922) Windows Live PIMT Platform (x32 Version: 15.4.3508.1109) Windows Live Remote Client (Version: 15.4.5722.2) Windows Live Remote Client Resources (Version: 15.4.5722.2) Windows Live Remote Service (Version: 15.4.5722.2) Windows Live Remote Service Resources (Version: 15.4.5722.2) Windows Live SOXE (x32 Version: 15.4.3502.0922) Windows Live SOXE Definitions (x32 Version: 15.4.3502.0922) Windows Live UX Platform (x32 Version: 15.4.3502.0922) Windows Live UX Platform Language Pack (x32 Version: 15.4.3508.1109) WinPcap 4.1.1 (x32 Version: 4.1.0.1753) WinRAR 4.01 (64-Bit) (Version: 4.01.0) WinX Free AVI to MP4 Converter 4.0.6 (x32) ==================== Restore Points ========================= 14-12-2013 10:15:25 Windows Update 15-12-2013 18:00:58 Windows-Sicherung ==================== Scheduled Tasks (whitelisted) ============= Task: {29BB99AA-BFDF-4F7F-B675-A1E89142B939} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-12-11] (Adobe Systems Incorporated) Task: {35BCE82B-89C7-401D-9A0D-EC36EA2155C8} - System32\Tasks\FrontLine Registry Cleaner Scheduled Scan - **** => C:\Program Files (x86)\Frontline Registry Cleaner\REGCLEANER.exe Task: {39AE87D7-3AE6-4311-89CA-85E8CDAF1831} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-2058888408-2479665750-2358759828-1001Core => C:\Users\****\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-07-25] (Facebook Inc.) Task: {46ED0861-2531-458B-8BE3-F19272A99F94} - System32\Tasks\{62C40AA6-4406-467a-A5A5-DFDF1B559B7A} => C:\Windows\Szucia.exe Task: {517E3F93-F287-4CFA-B353-75843DBF4365} - System32\Tasks\CCleanerSkipUAC => C:\Program Files (x86)\CCleaner\CCleaner.exe [2012-12-19] (Piriform Ltd) Task: {62F6173C-98D2-4927-9739-5775ECDA7143} - System32\Tasks\Microsoft\Windows\TabletPC\InputPersonalization => C:\Program Files\Common Files\Microsoft Shared\ink\InputPersonalization.exe [2009-07-14] (Microsoft Corporation) Task: {99C9EB3C-D579-4ACA-9F3B-0AC31A7B411D} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-2058888408-2479665750-2358759828-1001UA => C:\Users\****\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-07-25] (Facebook Inc.) Task: {9CFAA05A-CA80-4C15-BC77-E1254031C2D5} - System32\Tasks\Microsoft\Windows\WindowsBackup\AutomaticBackup => Rundll32.exe /d sdengin2.dll,ExecuteScheduledBackup Task: {9F328E6A-1242-4E02-BAA7-FC6FB56B7137} - System32\Tasks\GoforFilesUpdate => C:\Program Files (x86)\GoforFiles\GFFUpdater.exe Task: {AD140811-7CFE-4626-A8DB-D390CE6250B7} - System32\Tasks\RealUpgradeLogonTaskS-1-5-21-2058888408-2479665750-2358759828-1001 => C:\Program Files (x86)\Real\RealUpgrade\realupgrade.exe [2011-01-24] (RealNetworks, Inc.) Task: {C0F774ED-4728-491D-8D61-44B2008DB892} - System32\Tasks\AmiUpdXp => C:\Users\****\AppData\Local\SwvUpdater\Updater.exe [2013-12-15] (Amonetizé Ltd) <==== ATTENTION Task: {E2AA917D-95DF-4E9C-B13F-850A898DBFA7} - System32\Tasks\RealUpgradeScheduledTaskS-1-5-21-2058888408-2479665750-2358759828-1001 => C:\Program Files (x86)\Real\RealUpgrade\realupgrade.exe [2011-01-24] (RealNetworks, Inc.) Task: {F5E9D5F9-50C0-44C5-9B12-8284F8CF8D7B} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-04-21] (Google Inc.) Task: {FEC145AC-F8EB-4F18-BED5-E750913D8631} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-04-21] (Google Inc.) Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe Task: C:\Windows\Tasks\AmiUpdXp.job => C:\Users\****\AppData\Local\SwvUpdater\Updater.exe <==== ATTENTION Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2058888408-2479665750-2358759828-1001Core.job => C:\Users\****\AppData\Local\Facebook\Update\FacebookUpdate.exe Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2058888408-2479665750-2358759828-1001UA.job => C:\Users\****\AppData\Local\Facebook\Update\FacebookUpdate.exe Task: C:\Windows\Tasks\FrontLine Registry Cleaner Scheduled Scan - ****.job => C:\Program Files (x86)\Frontline Registry Cleaner\REGCLEANER.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe ==================== Loaded Modules (whitelisted) ============= 2011-05-22 11:14 - 2005-03-12 00:07 - 00087040 _____ () C:\Windows\System32\pdfcmnnt.dll 2009-11-24 12:36 - 2009-11-24 12:36 - 00016384 ____R () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Branding\Branding.dll 2010-04-15 20:37 - 2010-04-15 20:37 - 00270336 _____ () C:\Windows\assembly\GAC_MSIL\CLI.Aspect.CrossDisplay.Graphics.Dashboard\1.0.0.0__90ba9c70f846762e\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll 2012-05-30 19:06 - 2012-05-30 19:06 - 00087912 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll 2012-05-30 19:06 - 2012-05-30 19:06 - 01242512 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll 2013-11-15 20:28 - 2013-11-15 20:28 - 03363952 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll 2010-04-15 20:20 - 2009-07-30 17:15 - 00503202 _____ () C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\sqlite3.dll 2013-12-18 07:21 - 2013-12-18 07:21 - 00098816 _____ () C:\Users\****\AppData\Local\Temp\_MEI25123\win32api.pyd 2013-12-18 07:21 - 2013-12-18 07:21 - 00110080 _____ () C:\Users\****\AppData\Local\Temp\_MEI25123\pywintypes27.dll 2013-12-18 07:21 - 2013-12-18 07:21 - 00364544 _____ () C:\Users\****\AppData\Local\Temp\_MEI25123\pythoncom27.dll 2013-12-18 07:21 - 2013-12-18 07:21 - 00044032 _____ () C:\Users\****\AppData\Local\Temp\_MEI25123\_socket.pyd 2013-12-18 07:21 - 2013-12-18 07:21 - 01153024 _____ () C:\Users\****\AppData\Local\Temp\_MEI25123\_ssl.pyd 2013-12-18 07:21 - 2013-12-18 07:21 - 00320512 _____ () C:\Users\****\AppData\Local\Temp\_MEI25123\win32com.shell.shell.pyd 2013-12-18 07:21 - 2013-12-18 07:21 - 00711680 _____ () C:\Users\****\AppData\Local\Temp\_MEI25123\_hashlib.pyd 2013-12-18 07:21 - 2013-12-18 07:21 - 01175040 _____ () C:\Users\****\AppData\Local\Temp\_MEI25123\wx._core_.pyd 2013-12-18 07:21 - 2013-12-18 07:21 - 00805888 _____ () C:\Users\****\AppData\Local\Temp\_MEI25123\wx._gdi_.pyd 2013-12-18 07:21 - 2013-12-18 07:21 - 00811008 _____ () C:\Users\****\AppData\Local\Temp\_MEI25123\wx._windows_.pyd 2013-12-18 07:21 - 2013-12-18 07:21 - 01062400 _____ () C:\Users\****\AppData\Local\Temp\_MEI25123\wx._controls_.pyd 2013-12-18 07:21 - 2013-12-18 07:21 - 00735232 _____ () C:\Users\****\AppData\Local\Temp\_MEI25123\wx._misc_.pyd 2013-12-18 07:21 - 2013-12-18 07:21 - 00128512 _____ () C:\Users\****\AppData\Local\Temp\_MEI25123\_elementtree.pyd 2013-12-18 07:21 - 2013-12-18 07:21 - 00127488 _____ () C:\Users\****\AppData\Local\Temp\_MEI25123\pyexpat.pyd 2013-12-18 07:21 - 2013-12-18 07:21 - 00557056 _____ () C:\Users\****\AppData\Local\Temp\_MEI25123\pysqlite2._sqlite.pyd 2013-12-18 07:21 - 2013-12-18 07:21 - 00087040 _____ () C:\Users\****\AppData\Local\Temp\_MEI25123\_ctypes.pyd 2013-12-18 07:21 - 2013-12-18 07:21 - 00119808 _____ () C:\Users\****\AppData\Local\Temp\_MEI25123\win32file.pyd 2013-12-18 07:21 - 2013-12-18 07:21 - 00108544 _____ () C:\Users\****\AppData\Local\Temp\_MEI25123\win32security.pyd 2013-12-18 07:21 - 2013-12-18 07:21 - 00018432 _____ () C:\Users\****\AppData\Local\Temp\_MEI25123\win32event.pyd 2013-12-18 07:21 - 2013-12-18 07:21 - 00038912 _____ () C:\Users\****\AppData\Local\Temp\_MEI25123\win32inet.pyd 2013-12-18 07:21 - 2013-12-18 07:21 - 00122368 _____ () C:\Users\****\AppData\Local\Temp\_MEI25123\wx._wizard.pyd 2013-12-18 07:21 - 2013-12-18 07:21 - 00026624 _____ () C:\Users\****\AppData\Local\Temp\_MEI25123\_multiprocessing.pyd 2013-12-18 07:21 - 2013-12-18 07:21 - 00070656 _____ () C:\Users\****\AppData\Local\Temp\_MEI25123\wx._html2.pyd 2013-12-18 07:21 - 2013-12-18 07:21 - 00010240 _____ () C:\Users\****\AppData\Local\Temp\_MEI25123\select.pyd 2013-12-18 07:21 - 2013-12-18 07:21 - 00686080 _____ () C:\Users\****\AppData\Local\Temp\_MEI25123\unicodedata.pyd 2013-12-18 07:21 - 2013-12-18 07:21 - 00025600 _____ () C:\Users\****\AppData\Local\Temp\_MEI25123\win32pdh.pyd 2013-12-18 07:21 - 2013-12-18 07:21 - 00521680 _____ () C:\Users\****\AppData\Local\Temp\_MEI25123\windows._lib_cacheinvalidation.pyd 2013-12-18 07:21 - 2013-12-18 07:21 - 00011264 _____ () C:\Users\****\AppData\Local\Temp\_MEI25123\win32crypt.pyd 2013-12-18 07:21 - 2013-12-18 07:21 - 00024064 _____ () C:\Users\****\AppData\Local\Temp\_MEI25123\win32pipe.pyd 2013-12-18 07:21 - 2013-12-18 07:21 - 00035840 _____ () C:\Users\****\AppData\Local\Temp\_MEI25123\win32process.pyd 2013-12-18 07:21 - 2013-12-18 07:21 - 00017408 _____ () C:\Users\****\AppData\Local\Temp\_MEI25123\win32profile.pyd 2013-12-18 07:21 - 2013-12-18 07:21 - 00022528 _____ () C:\Users\****\AppData\Local\Temp\_MEI25123\win32ts.pyd 2010-03-05 10:24 - 2010-03-05 10:24 - 00886272 _____ () C:\Program Files (x86)\Western Digital\WD Smartware\Front Parlor\WDFME\System.Data.SQLite.dll 2013-12-11 19:40 - 2013-12-11 19:40 - 16242056 _____ () C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_170.dll ==================== Alternate Data Streams (whitelisted) ========= ==================== Safe Mode (whitelisted) =================== ==================== Faulty Device Manager Devices ============= ==================== Event log errors: ========================= Application errors: ================== Error: (12/18/2013 07:27:44 AM) (Source: Microsoft-Windows-LoadPerf) (User: NT-AUTORITÄT) Description: Fehler beim Herunterladen der Zeichenfolgen der Leistungsindikatoren für Dienst "WmiApRpl" (WmiApRpl). Der Fehlercode ist das erste DWORD im Datenbereich. Error: (12/18/2013 07:27:44 AM) (Source: Microsoft-Windows-LoadPerf) (User: NT-AUTORITÄT) Description: Die Zeichenfolgen der Leistungsindikatoren in der Leistungsindikatorenregistrierung werden beschädigt wenn der Prozess "Performance" auf dem Erweiterungsleistungsindikator-Anbieter ausgeführt wird. Der Wert "BaseIndex" aus der Leistungsregistrierung ist das erste DWORD im Datenbereich, der Wert "LastCounter" ist das zweite DWORD im Datenbereich und der Werte "LastHelp" ist das dritte DWORD im Datenbereich. Error: (12/18/2013 07:27:44 AM) (Source: Microsoft-Windows-LoadPerf) (User: NT-AUTORITÄT) Description: Die Zeichenfolgen der Leistungsindikatoren in der Leistungsindikatorenregistrierung werden beschädigt wenn der Prozess "Performance" auf dem Erweiterungsleistungsindikator-Anbieter ausgeführt wird. Der Wert "BaseIndex" aus der Leistungsregistrierung ist das erste DWORD im Datenbereich, der Wert "LastCounter" ist das zweite DWORD im Datenbereich und der Werte "LastHelp" ist das dritte DWORD im Datenbereich. Error: (12/18/2013 06:57:48 AM) (Source: Microsoft-Windows-LoadPerf) (User: NT-AUTORITÄT) Description: Fehler beim Herunterladen der Zeichenfolgen der Leistungsindikatoren für Dienst "WmiApRpl" (WmiApRpl). Der Fehlercode ist das erste DWORD im Datenbereich. Error: (12/18/2013 06:57:48 AM) (Source: Microsoft-Windows-LoadPerf) (User: NT-AUTORITÄT) Description: Die Zeichenfolgen der Leistungsindikatoren in der Leistungsindikatorenregistrierung werden beschädigt wenn der Prozess "Performance" auf dem Erweiterungsleistungsindikator-Anbieter ausgeführt wird. Der Wert "BaseIndex" aus der Leistungsregistrierung ist das erste DWORD im Datenbereich, der Wert "LastCounter" ist das zweite DWORD im Datenbereich und der Werte "LastHelp" ist das dritte DWORD im Datenbereich. Error: (12/18/2013 06:57:48 AM) (Source: Microsoft-Windows-LoadPerf) (User: NT-AUTORITÄT) Description: Die Zeichenfolgen der Leistungsindikatoren in der Leistungsindikatorenregistrierung werden beschädigt wenn der Prozess "Performance" auf dem Erweiterungsleistungsindikator-Anbieter ausgeführt wird. Der Wert "BaseIndex" aus der Leistungsregistrierung ist das erste DWORD im Datenbereich, der Wert "LastCounter" ist das zweite DWORD im Datenbereich und der Werte "LastHelp" ist das dritte DWORD im Datenbereich. Error: (12/17/2013 09:22:21 PM) (Source: Microsoft-Windows-LoadPerf) (User: NT-AUTORITÄT) Description: Fehler beim Herunterladen der Zeichenfolgen der Leistungsindikatoren für Dienst "WmiApRpl" (WmiApRpl). Der Fehlercode ist das erste DWORD im Datenbereich. Error: (12/17/2013 09:22:21 PM) (Source: Microsoft-Windows-LoadPerf) (User: NT-AUTORITÄT) Description: Die Zeichenfolgen der Leistungsindikatoren in der Leistungsindikatorenregistrierung werden beschädigt wenn der Prozess "Performance" auf dem Erweiterungsleistungsindikator-Anbieter ausgeführt wird. Der Wert "BaseIndex" aus der Leistungsregistrierung ist das erste DWORD im Datenbereich, der Wert "LastCounter" ist das zweite DWORD im Datenbereich und der Werte "LastHelp" ist das dritte DWORD im Datenbereich. Error: (12/17/2013 09:22:21 PM) (Source: Microsoft-Windows-LoadPerf) (User: NT-AUTORITÄT) Description: Die Zeichenfolgen der Leistungsindikatoren in der Leistungsindikatorenregistrierung werden beschädigt wenn der Prozess "Performance" auf dem Erweiterungsleistungsindikator-Anbieter ausgeführt wird. Der Wert "BaseIndex" aus der Leistungsregistrierung ist das erste DWORD im Datenbereich, der Wert "LastCounter" ist das zweite DWORD im Datenbereich und der Werte "LastHelp" ist das dritte DWORD im Datenbereich. Error: (12/17/2013 06:02:22 PM) (Source: Microsoft-Windows-LoadPerf) (User: NT-AUTORITÄT) Description: Fehler beim Herunterladen der Zeichenfolgen der Leistungsindikatoren für Dienst "WmiApRpl" (WmiApRpl). Der Fehlercode ist das erste DWORD im Datenbereich. System errors: ============= Error: (12/18/2013 07:21:35 AM) (Source: Service Control Manager) (User: ) Description: Der Dienst "AVG WatchDog" wurde mit folgendem dienstspezifischem Fehler beendet: %%-536805315. Error: (12/18/2013 07:21:26 AM) (Source: Service Control Manager) (User: ) Description: Der Dienst "AVGIDSAgent" ist von folgendem Dienst abhängig: AVGIDSDriver. Dieser Dienst ist eventuell nicht installiert. Error: (12/18/2013 06:51:56 AM) (Source: Service Control Manager) (User: ) Description: Der Dienst "AVG WatchDog" wurde mit folgendem dienstspezifischem Fehler beendet: %%-536805315. Error: (12/18/2013 06:51:52 AM) (Source: Service Control Manager) (User: ) Description: Der Dienst "AVGIDSAgent" ist von folgendem Dienst abhängig: AVGIDSDriver. Dieser Dienst ist eventuell nicht installiert. Error: (12/17/2013 09:15:11 PM) (Source: Service Control Manager) (User: ) Description: Der Dienst "AVG WatchDog" wurde mit folgendem dienstspezifischem Fehler beendet: %%-536805315. Error: (12/17/2013 09:15:04 PM) (Source: Service Control Manager) (User: ) Description: Der Dienst "AVGIDSAgent" ist von folgendem Dienst abhängig: AVGIDSDriver. Dieser Dienst ist eventuell nicht installiert. Error: (12/17/2013 05:56:02 PM) (Source: Service Control Manager) (User: ) Description: Der Dienst "AVG WatchDog" wurde mit folgendem dienstspezifischem Fehler beendet: %%-536805315. Error: (12/17/2013 05:55:57 PM) (Source: Service Control Manager) (User: ) Description: Der Dienst "AVGIDSAgent" ist von folgendem Dienst abhängig: AVGIDSDriver. Dieser Dienst ist eventuell nicht installiert. Error: (12/17/2013 06:55:37 AM) (Source: Service Control Manager) (User: ) Description: Der Dienst "AVG WatchDog" wurde mit folgendem dienstspezifischem Fehler beendet: %%-536805315. Error: (12/17/2013 06:55:35 AM) (Source: Service Control Manager) (User: ) Description: Der Dienst "AVGIDSAgent" ist von folgendem Dienst abhängig: AVGIDSDriver. Dieser Dienst ist eventuell nicht installiert. Microsoft Office Sessions: ========================= Error: (12/18/2013 07:27:44 AM) (Source: Microsoft-Windows-LoadPerf)(User: NT-AUTORITÄT) Description: WmiApRplWmiApRpl8F20300004D070000 Error: (12/18/2013 07:27:44 AM) (Source: Microsoft-Windows-LoadPerf)(User: NT-AUTORITÄT) Description: Performance1637070000000000000000000009030000 Error: (12/18/2013 07:27:44 AM) (Source: Microsoft-Windows-LoadPerf)(User: NT-AUTORITÄT) Description: Performance1637070000000000000000000009030000 Error: (12/18/2013 06:57:48 AM) (Source: Microsoft-Windows-LoadPerf)(User: NT-AUTORITÄT) Description: WmiApRplWmiApRpl8F20300004D070000 Error: (12/18/2013 06:57:48 AM) (Source: Microsoft-Windows-LoadPerf)(User: NT-AUTORITÄT) Description: Performance1637070000000000000000000009030000 Error: (12/18/2013 06:57:48 AM) (Source: Microsoft-Windows-LoadPerf)(User: NT-AUTORITÄT) Description: Performance1637070000000000000000000009030000 Error: (12/17/2013 09:22:21 PM) (Source: Microsoft-Windows-LoadPerf)(User: NT-AUTORITÄT) Description: WmiApRplWmiApRpl8F20300004D070000 Error: (12/17/2013 09:22:21 PM) (Source: Microsoft-Windows-LoadPerf)(User: NT-AUTORITÄT) Description: Performance1637070000000000000000000009030000 Error: (12/17/2013 09:22:21 PM) (Source: Microsoft-Windows-LoadPerf)(User: NT-AUTORITÄT) Description: Performance1637070000000000000000000009030000 Error: (12/17/2013 06:02:22 PM) (Source: Microsoft-Windows-LoadPerf)(User: NT-AUTORITÄT) Description: WmiApRplWmiApRpl8F20300004D070000 CodeIntegrity Errors: =================================== Date: 2010-05-06 18:02:49.131 Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume1\Users\****\AppData\Local\Temp\EverestDriver.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert. Date: 2010-05-06 18:02:49.124 Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume1\Users\****\AppData\Local\Temp\EverestDriver.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert. Date: 2010-05-06 18:02:48.003 Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume1\Program Files (x86)\Lavalys\EVEREST Home Edition\kerneld.amd64" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert. Date: 2010-05-06 18:02:47.996 Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume1\Program Files (x86)\Lavalys\EVEREST Home Edition\kerneld.amd64" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert. ==================== Memory info =========================== Percentage of memory in use: 58% Total physical RAM: 4094.49 MB Available physical RAM: 1714.07 MB Total Pagefile: 10092.67 MB Available Pagefile: 7388.99 MB Total Virtual: 8192 MB Available Virtual: 8191.84 MB ==================== Drives ================================ Drive c: () (Fixed) (Total:127.99 GB) (Free:0.4 GB) NTFS ==>[Drive with boot components (obtained from BCD)] Drive d: () (Fixed) (Total:337.77 GB) (Free:6.35 GB) NTFS Drive e: (SICHER IN DIE OBERSTUFE ENGLISCH) (CDROM) (Total:0.1 GB) (Free:0 GB) CDFS ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or 8) (Size: 466 GB) (Disk ID: 00000001) Partition 1: (Active) - (Size=128 GB) - (Type=07 NTFS) Partition 2: (Not Active) - (Size=338 GB) - (Type=07 NTFS) ==================== End Of Log ============================ Code:
ATTFilter GMER 2.1.19163 - hxxp://www.gmer.net Rootkit scan 2013-12-18 07:42:46 Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-2 ST3500418AS rev.CC38 465,76GB Running: gmer_2.1.19163.exe; Driver: C:\Users\****\AppData\Local\Temp\kxldqpow.sys ---- Kernel code sections - GMER 2.1 ---- INITKDBG C:\Windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 528 fffff800035b3000 45 bytes [43, 4D, 32, 35, 01, 00, 00, ...] INITKDBG C:\Windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 575 fffff800035b302f 16 bytes [00, 00, 00, 00, 00, 00, 00, ...] ---- User code sections - GMER 2.1 ---- .text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin[2052] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076311465 2 bytes [31, 76] .text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin[2052] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000763114bb 2 bytes [31, 76] .text ... * 2 ---- Registry - GMER 2.1 ---- Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files (x86)\DAEMON Tools Lite\ Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0xD4 0xC3 0x97 0x02 ... Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0 Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0xBC 0xE6 0xAD 0x15 ... Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ... Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x99 0x35 0x93 0xC1 ... Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0xBD 0x4B 0xD6 0x37 ... Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1 Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1@hdf12 0xF8 0x35 0x81 0x34 ... Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files (x86)\DAEMON Tools Lite\ Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0xD4 0xC3 0x97 0x02 ... Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0 Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0xBC 0xE6 0xAD 0x15 ... Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ... Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x99 0x35 0x93 0xC1 ... Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0xBD 0x4B 0xD6 0x37 ... Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1@hdf12 0xF8 0x35 0x81 0x34 ... ---- EOF - GMER 2.1 ---- Code:
ATTFilter Malwarebytes Anti-Malware 1.75.0.1300 www.malwarebytes.org Datenbank Version: v2013.12.18.02 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 11.0.9600.16476 **** :: ****-PC [Administrator] 18.12.2013 08:19:15 mbam-log-2013-12-18 (08-19-15).txt Art des Suchlaufs: Quick-Scan Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 232816 Laufzeit: 13 Minute(n), 31 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 16 HKCR\CLSID\{67BD9EEB-AA06-4329-A940-D250019300C9} (PUP.Software.Updater) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCR\TypeLib\{A0EE0278-2986-4E5A-884E-A3BF0357E476} (PUP.Software.Updater) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCR\Interface\{9EDC0C90-2B5B-4512-953E-35767BAD5C67} (PUP.Software.Updater) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{99C91FC5-DB5B-4AA0-BB70-5D89C5A4DF96} (PUP.Software.Updater) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCR\Updater.AmiUpd.1 (PUP.Software.Updater) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCR\Updater.AmiUpd (PUP.Software.Updater) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCR\TypeLib\{DCABB943-792E-44C4-9029-ECBEE6265AF9} (PUP.Optional.OutBrowse) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCR\Interface\{3408AC0D-510E-4808-8F7B-6B70B1F88534} (PUP.Optional.OutBrowse) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\lollipop (Adware.LolliPop.IT) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCR\CLSID\{b2ada999-eb19-4a3b-b005-7ff786bd2887} (PUP.Optional.ReMarkIt.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCR\TypeLib\{b958a544-da61-4c2d-a4c2-4102f93ab355} (PUP.Optional.ReMarkIt.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCR\Interface\{60d68e1a-58d3-4aac-bf87-60c412f7353f} (PUP.Optional.ReMarkIt.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B2ADA999-EB19-4A3B-B005-7FF786BD2887} (PUP.Optional.ReMarkIt.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{21ff9553-c412-494e-8e03-a92d7eeb4f84} (PUP.Optional.ReMarkIt.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCU\SOFTWARE\INSTALLCORE (PUP.Optional.InstallCore.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKLM\SOFTWARE\Google\Chrome\Extensions\dcpfhaghaadpjpgocojgnlhjcieeooel (PUP.Optional.ReMarkIt.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. Infizierte Registrierungswerte: 1 HKCU\Software\InstallCore|tb (PUP.Optional.InstallCore.A) -> Daten: 0R0DtO0U1C1S1U1StR0J1Q2P1J1K1I2R -> Erfolgreich gelöscht und in Quarantäne gestellt. Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 2 C:\Users\****\AppData\Local\Lollipop (Adware.LolliPop.IT) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files (x86)\Re-markit (PUP.Optional.ReMarkIt.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. Infizierte Dateien: 22 C:\Users\****\AppData\Local\SwvUpdater\Updater.exe (PUP.Software.Updater) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\****\AppData\Local\Temp\awh4F4C.tmp (PUP.Optional.Amonetize) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\****\AppData\Local\Temp\DownloadManager.exe (PUP.Optional.OutBrowse) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\****\AppData\Local\Temp\Launcher_i194690237.exe (PUP.Optional.InstallMonetizer) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\****\AppData\Local\Temp\uninstall10880008.exe (PUP.Optional.GoForFiles.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Windows\Installer\33b198.msi (PUP.Optional.SweetIM) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Windows\Installer\33b19e.msi (PUP.Optional.SweetIM) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Windows\Tasks\AmiUpdXp.job (PUP.Software.Updater) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\****\AppData\Local\Lollipop\lollipop.bat (Adware.LolliPop.IT) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\****\AppData\Local\Lollipop\lollipop.dat (Adware.LolliPop.IT) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\****\AppData\Local\Lollipop\Lollipop.exe (Adware.LolliPop.IT) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\****\AppData\Local\Lollipop\lollipop.lpd (Adware.LolliPop.IT) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\****\AppData\Local\Lollipop\lollipop_cfg.lpd (Adware.LolliPop.IT) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\****\AppData\Local\Lollipop\lollipop_ps.lpd (Adware.LolliPop.IT) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files (x86)\Re-markit\136.crx (PUP.Optional.ReMarkIt.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files (x86)\Re-markit\136.dat (PUP.Optional.ReMarkIt.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files (x86)\Re-markit\136.dll (PUP.Optional.ReMarkIt.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files (x86)\Re-markit\136.xpi (PUP.Optional.ReMarkIt.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files (x86)\Re-markit\crx.db (PUP.Optional.ReMarkIt.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files (x86)\Re-markit\sqlite3.dll (PUP.Optional.ReMarkIt.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files (x86)\Re-markit\Uninstall.exe (PUP.Optional.ReMarkIt.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files (x86)\Re-markit\xpi.db (PUP.Optional.ReMarkIt.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. (Ende) |
18.12.2013, 09:12 | #2 |
/// the machine /// TB-Ausbilder | Win 7 Lollipop Trojaner aktiv - Webseiten werden auf Werbung umgeleitet hi,
__________________Downloade Dir bitte AdwCleaner auf deinen Desktop.
Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
und ein frisches FRST log bitte.
__________________ |
18.12.2013, 17:49 | #3 |
| Win 7 Lollipop Trojaner aktiv - Webseiten werden auf Werbung umgeleitet Hallo,
__________________danke für die schnelle Antwort. Hier die angeforderten Logfiles: Code:
ATTFilter # AdwCleaner v3.015 - Bericht erstellt am 18/12/2013 um 17:29:59 # Updated 10/12/2013 von Xplode # Betriebssystem : Windows 7 Ultimate Service Pack 1 (64 bits) # Benutzername : **** - ****-PC # Gestartet von : C:\Users\****\Desktop\Virus\adwcleaner.exe # Option : Löschen ***** [ Dienste ] ***** ***** [ Dateien / Ordner ] ***** ***** [ Verknüpfungen ] ***** ***** [ Registrierungsdatenbank ] ***** ***** [ Browser ] ***** -\\ Internet Explorer v11.0.9600.16428 -\\ Mozilla Firefox v25.0.1 (de) [ Datei : C:\Users\****\AppData\Roaming\Mozilla\Firefox\Profiles\ylcxm0ry.default\prefs.js ] ************************* AdwCleaner[R0].txt - [6611 octets] - [18/12/2013 17:05:08] AdwCleaner[R1].txt - [918 octets] - [18/12/2013 17:29:39] AdwCleaner[S0].txt - [6271 octets] - [18/12/2013 17:05:58] AdwCleaner[S1].txt - [840 octets] - [18/12/2013 17:29:59] ########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [899 octets] ########## Code:
ATTFilter ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Junkware Removal Tool (JRT) by Thisisu Version: 6.0.8 (11.05.2013:1) OS: Windows 7 Ultimate x64 Ran by **** on 18.12.2013 at 17:34:59,29 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~ Services ~~~ Registry Values ~~~ Registry Keys ~~~ Files ~~~ Folders ~~~ Event Viewer Logs were cleared ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Scan was completed on 18.12.2013 at 17:39:54,08 End of JRT log ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 18-12-2013 03 Ran by **** (administrator) on ****-PC on 18-12-2013 17:41:29 Running from C:\Users\****\Desktop\Virus Windows 7 Ultimate Service Pack 1 (X64) OS Language: German Standard Internet Explorer Version 11 Boot Mode: Normal ==================== Processes (Whitelisted) ================= (Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe (AMD) C:\Windows\System32\atiesrxx.exe (AMD) C:\Windows\System32\atieclxx.exe (Microsoft Corporation) C:\Windows\System32\wisptis.exe (Microsoft Corporation) C:\Windows\System32\wisptis.exe (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe (Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe (NEC Electronics Corporation) C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe (Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe (RealNetworks, Inc.) C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe (Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe () C:\Windows\SysWOW64\XSrvSetup.exe (ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe (SMART Technologies) C:\Program Files (x86)\SMART Technologies\Education Software\SMARTHelperService.exe (WDC) C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe () C:\Program Files (x86)\Western Digital\WD Smartware\Front Parlor\WDFME\WDFME.exe (Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe () C:\Program Files (x86)\Western Digital\WD Smartware\Front Parlor\WDSC.exe (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE (Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\ink\InputPersonalization.exe (Microsoft Corporation) C:\Program Files\Microsoft Security Client\MpCmdRun.exe ==================== Registry (Whitelisted) ================== HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [8306208 2009-10-21] (Realtek Semiconductor) HKLM\...\Run: [MSC] - C:\Program Files\Microsoft Security Client\msseces.exe [1266912 2013-10-23] (Microsoft Corporation) HKCU\...\Run: [GoogleDriveSync] - C:\Program Files (x86)\Google\Drive\googledrivesync.exe [20203904 2013-12-06] (Google) MountPoints2: {86906f86-6c32-11e0-814c-6cf0490ead50} - H:\LaunchU3.exe -a MountPoints2: {db691e74-48c0-11df-9575-806e6f6e6963} - E:\autostart.exe HKLM-x32\...\Run: [JMB36X IDE Setup] - C:\Windows\RaidTool\xInsIDE.exe [36864 2007-03-20] () HKLM-x32\...\Run: [NUSB3MON] - C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe [106496 2009-09-25] (NEC Electronics Corporation) HKLM-x32\...\Run: [StartCCC] - C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [98304 2010-02-02] (Advanced Micro Devices, Inc.) HKLM-x32\...\Run: [ATICustomerCare] - C:\Program Files (x86)\ATI\ATICustomerCare\ATICustomerCare.exe [307200 2009-06-14] (Advanced Micro Devices, Inc.) HKLM-x32\...\Run: [AVG_UI] - C:\Program Files (x86)\AVG\AVG2013\avgui.exe [3143800 2012-11-06] (AVG Technologies CZ, s.r.o.) HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated) HKLM-x32\...\Run: [TkBellExe] - C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe [273544 2011-02-09] (RealNetworks, Inc.) HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation) Startup: C:\Users\****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Firefox.lnk ShortcutTarget: Firefox.lnk -> C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) ==================== Internet (Whitelisted) ==================== HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/ HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xEFDC2069B5E3CA01 HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de URLSearchHook: HKCU - SearchHook Class - {BC86E1AB-EDA5-4059-938F-CE307B0C6F0A} - C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\AddressBarSearch.dll No File SearchScopes: HKLM - DefaultScope value is missing. SearchScopes: HKCU - {09FC4750-61E6-4F45-9B4F-75C3678F7BB0} URL = hxxp://dict.leo.org/ende?lp=ende&lang=de&searchLoc=0&cmpType=relaxed§Hdr=on&spellToler=on&chinese=both&pinyin=diacritic&search={searchTerms}&relink=on SearchScopes: HKCU - {1ED84690-DA20-4bab-9546-D050FFB40251} URL = hxxp://de.search.yahoo.com/search?p={searchTerms}&fr=chr-devicevm&type=IEBD SearchScopes: HKCU - {E0C19C7C-D92A-403D-BE2B-E4A22BBF8E3B} URL = hxxp://rover.ebay.com/rover/1/707-37276-23097-0/4?satitle={searchTerms} BHO: SMART Notebook Download Utility - {67BCF957-85FC-4036-8DC4-D4D80E00A77B} - C:\Program Files (x86)\SMART Technologies\Education Software\Win64\NotebookPlugin.dll (SMART Technologies ULC.) BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) BHO-x32: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer) BHO-x32: SMART Notebook Download Utility - {67BCF957-85FC-4036-8DC4-D4D80E00A77B} - C:\Program Files (x86)\SMART Technologies\Education Software\Win32\NotebookPlugin.dll (SMART Technologies ULC.) BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO-x32: Windows Live ID-Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) BHO-x32: QUICKfind BHO Object - {C08DF07A-3E49-4E25-9AB0-D3882835F153} - C:\Program Files (x86)\IDM\QUICKfind\PlugIns\IEHelp.dll (IDM) BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) DPF: HKLM-x32 {0D6709DD-4ED8-40CA-B459-2757AEEF7BEE} hxxp://download.gigabyte.com.tw/object/Dldrv.ocx Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - No File Handler-x32: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - No File Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies) Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 FireFox: ======== FF ProfilePath: C:\Users\****\AppData\Roaming\Mozilla\Firefox\Profiles\ylcxm0ry.default FF Homepage: hxxp://www.google.de/ig FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_9_900_170.dll () FF Plugin: @microsoft.com/GENUINE - disabled No File FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_170.dll () FF Plugin-x32: @adobe.com/ShockwavePlayer - C:\Windows\system32\Adobe\Director\np32dsw.dll No File FF Plugin-x32: @canon.com/MycameraPlugin - C:\Program Files (x86)\Canon\MyCamera Download Plugin\NPCIG.dll (CANON INC.) FF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google) FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 - C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.) FF Plugin-x32: @java.com/DTPlugin,version=10.45.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=10.45.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin-x32: @microsoft.com/GENUINE - disabled No File FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin-x32: @pages.tvunetworks.com/WebPlayer - C:\Program Files (x86)\TVUPlayer\npTVUAx.dll (TVU networks) FF Plugin-x32: @real.com/nppl3260;version=12.0.1.633 - C:\Program Files (x86)\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.) FF Plugin-x32: @real.com/nprjplug;version=12.0.1.633 - C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.) FF Plugin-x32: @real.com/nprphtml5videoshim;version=12.0.1.633 - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.) FF Plugin-x32: @real.com/nprpjplug;version=12.0.1.633 - C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: @veetle.com/vbp;version=0.9.17 - C:\Program Files (x86)\Veetle\VLCBroadcast\npvbp.dll (Veetle Inc) FF Plugin-x32: @veetle.com/veetleCorePlugin,version=0.9.18 - C:\Program Files (x86)\Veetle\plugins\npVeetle.dll (Veetle Inc) FF Plugin-x32: @veetle.com/veetlePlayerPlugin,version=0.9.18 - C:\Program Files (x86)\Veetle\Player\npvlc.dll (Veetle Inc) FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF Plugin HKCU: @Skype Limited.com/Facebook Video Calling Plugin - C:\Users\****\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited) FF SearchPlugin: C:\Users\****\AppData\Roaming\Mozilla\Firefox\Profiles\ylcxm0ry.default\searchplugins\comunio.xml FF SearchPlugin: C:\Users\****\AppData\Roaming\Mozilla\Firefox\Profiles\ylcxm0ry.default\searchplugins\geizhalsat.xml FF SearchPlugin: C:\Users\****\AppData\Roaming\Mozilla\Firefox\Profiles\ylcxm0ry.default\searchplugins\idealode.xml FF SearchPlugin: C:\Users\****\AppData\Roaming\Mozilla\Firefox\Profiles\ylcxm0ry.default\searchplugins\imdb.xml FF SearchPlugin: C:\Users\****\AppData\Roaming\Mozilla\Firefox\Profiles\ylcxm0ry.default\searchplugins\the-free-dictionary.xml FF SearchPlugin: C:\Users\****\AppData\Roaming\Mozilla\Firefox\Profiles\ylcxm0ry.default\searchplugins\torrentday.xml FF SearchPlugin: C:\Users\****\AppData\Roaming\Mozilla\Firefox\Profiles\ylcxm0ry.default\searchplugins\youtube.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml FF Extension: TVU Web Player - C:\Users\****\AppData\Roaming\Mozilla\Firefox\Profiles\ylcxm0ry.default\Extensions\firefox@tvunetworks.com FF Extension: DownloadHelper - C:\Users\****\AppData\Roaming\Mozilla\Firefox\Profiles\ylcxm0ry.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} FF Extension: FoxyDeal - C:\Users\****\AppData\Roaming\Mozilla\Firefox\Profiles\ylcxm0ry.default\Extensions\{F58A62EB-38DC-43C4-A539-DC52E135208D} FF Extension: add-to-searchbox - C:\Users\****\AppData\Roaming\Mozilla\Firefox\Profiles\ylcxm0ry.default\Extensions\add-to-searchbox@maltekraus.de.xpi FF Extension: firegestures - C:\Users\****\AppData\Roaming\Mozilla\Firefox\Profiles\ylcxm0ry.default\Extensions\firegestures@xuldev.org.xpi FF Extension: jid0-DY3JlbKAAeLydLoHa0dLJn4735o - C:\Users\****\AppData\Roaming\Mozilla\Firefox\Profiles\ylcxm0ry.default\Extensions\jid0-DY3JlbKAAeLydLoHa0dLJn4735o@jetpack.xpi FF Extension: smarterwiki - C:\Users\****\AppData\Roaming\Mozilla\Firefox\Profiles\ylcxm0ry.default\Extensions\smarterwiki@wikiatic.com.xpi FF Extension: googtrans - C:\Users\****\AppData\Roaming\Mozilla\Firefox\Profiles\ylcxm0ry.default\Extensions\{aff87fa2-a58e-4edd-b852-0a20203c1e17}.xpi FF Extension: rightlinks_prefs - C:\Users\****\AppData\Roaming\Mozilla\Firefox\Profiles\ylcxm0ry.default\Extensions\{B5F5E8D3-AE31-49A1-AC42-78B7B1CC5CDC}.xpi FF Extension: Easy Youtube Video Downloader - C:\Users\****\AppData\Roaming\Mozilla\Firefox\Profiles\ylcxm0ry.default\Extensions\{c0c9a2c7-2e5c-4447-bc53-97718bc91e1b}.xpi FF Extension: Adblock Plus - C:\Users\****\AppData\Roaming\Mozilla\Firefox\Profiles\ylcxm0ry.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi FF Extension: DownThemAll! - C:\Users\****\AppData\Roaming\Mozilla\Firefox\Profiles\ylcxm0ry.default\Extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}.xpi FF Extension: greasemonkey - C:\Users\****\AppData\Roaming\Mozilla\Firefox\Profiles\ylcxm0ry.default\Extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}.xpi FF Extension: FoxTab - C:\Users\****\AppData\Roaming\Mozilla\Firefox\Profiles\ylcxm0ry.default\Extensions\{ef4e370e-d9f0-4e00-b93e-a4f274cfdd5a}.xpi FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0034-ABCDEFFEDCBA} FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} FF HKLM-x32\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext FF Extension: RealPlayer Browser Record Plugin - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext FF HKLM-x32\...\Firefox\Extensions: [{1E73965B-8B48-48be-9C8D-68B920ABC1C4}] - C:\Program Files (x86)\AVG\AVG2012\Firefox4\ FF HKLM-x32\...\Firefox\Extensions: [{F53C93F1-07D5-430c-86D4-C9531B27DFAF}] - C:\Program Files (x86)\AVG\AVG2012\Firefox\DoNotTrack\ FF HKLM-x32\...\Thunderbird\Extensions: [avgthb@avg.com] - C:\Program Files (x86)\AVG\AVG2012\Thunderbird\ FF HKCU\...\Firefox\Extensions: [{cc6a68a2-5499-46aa-a76d-6f366657e154}] - C:\Program Files (x86)\Re-markit\136.xpi ==================== Services (Whitelisted) ================= S2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe [5814392 2012-11-06] (AVG Technologies CZ, s.r.o.) S2 avgwd; C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe [196664 2012-10-22] (AVG Technologies CZ, s.r.o.) R2 JMB36X; C:\Windows\SysWOW64\XSrvSetup.exe [65536 2009-08-06] () R2 MsMpSvc; C:\Program Files\Microsoft Security Client\MsMpEng.exe [23808 2013-10-23] (Microsoft Corporation) R3 NisSrv; C:\Program Files\Microsoft Security Client\NisSrv.exe [348376 2013-10-23] (Microsoft Corporation) R2 SMARTHelperService; C:\Program Files (x86)\SMART Technologies\Education Software\SMARTHelperService.exe [582552 2012-10-17] (SMART Technologies) R2 WDFME; C:\Program Files (x86)\Western Digital\WD Smartware\Front Parlor\WDFME\WDFME.exe [1034752 2010-09-08] () R2 WDSC; C:\Program Files (x86)\Western Digital\WD Smartware\Front Parlor\WDSC.exe [485376 2010-09-08] () ==================== Drivers (Whitelisted) ==================== R2 atksgt; C:\Windows\System32\DRIVERS\atksgt.sys [314016 2010-12-04] () R2 lirsgt; C:\Windows\System32\DRIVERS\lirsgt.sys [43680 2010-12-04] () R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [248240 2013-09-27] (Microsoft Corporation) R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [134944 2013-09-27] (Microsoft Corporation) R2 npf; C:\Windows\System32\drivers\npf.sys [47632 2010-01-27] (CACE Technologies, Inc.) R3 SMARTMouseFilterx64; C:\Windows\System32\DRIVERS\SMARTMouseFilterx64.sys [13168 2012-03-21] (SMART Technologies ULC) R3 SMARTVHidMiniVistaAmd64; C:\Windows\System32\DRIVERS\SMARTVHidMiniVistaAmd64.sys [16368 2012-03-21] (SMART Technologies ULC) R3 SMARTVTabletPCx64; C:\Windows\System32\DRIVERS\SMARTVTabletPCx64.sys [24944 2012-03-21] (SMART Technologies ULC) S4 sptd; \SystemRoot\\SystemRoot\System32\Drivers\sptd.sys [x] S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [x] S3 tsusbhub; system32\drivers\tsusbhub.sys [x] S3 VGPU; System32\drivers\rdvgkmd.sys [x] ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2013-12-18 17:28 - 2013-12-18 17:41 - 00000000 ____D C:\Users\****\Desktop\Virus 2013-12-18 17:09 - 2013-12-18 17:09 - 00000000 ____D C:\Windows\ERUNT 2013-12-18 17:05 - 2013-12-18 17:32 - 00000000 ____D C:\AdwCleaner 2013-12-18 07:35 - 2013-12-18 07:35 - 00007334 _____ C:\Users\****\Desktop\OpenDocument Text (neu).odt 2013-12-16 16:08 - 2013-12-16 16:08 - 00000000 ____D C:\FRST 2013-12-16 14:56 - 2013-12-18 16:33 - 00006398 _____ C:\Windows\PFRO.log 2013-12-15 19:16 - 2013-12-15 19:16 - 00000000 ____D C:\Program Files (x86)\foxydeal 2013-12-13 11:22 - 2013-12-14 10:48 - 00000000 ____D C:\Program Files (x86)\Mozilla Thunderbird 2013-12-11 19:40 - 2013-12-11 19:40 - 09293192 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe 2013-12-11 12:30 - 2013-05-10 06:56 - 14631424 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll 2013-12-11 12:30 - 2013-05-10 06:56 - 12625920 _____ (Microsoft Corporation) C:\Windows\system32\wmploc.DLL 2013-12-11 12:30 - 2013-05-10 05:56 - 12625408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmploc.DLL 2013-12-11 12:30 - 2013-05-10 05:56 - 11410432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmp.dll 2013-12-11 12:29 - 2013-11-26 12:54 - 23183360 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2013-12-11 12:29 - 2013-11-26 11:19 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2013-12-11 12:29 - 2013-11-26 11:18 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll 2013-12-11 12:29 - 2013-11-26 11:11 - 17112576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2013-12-11 12:29 - 2013-11-26 10:48 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll 2013-12-11 12:29 - 2013-11-26 10:46 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll 2013-12-11 12:29 - 2013-11-26 10:41 - 02764288 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2013-12-11 12:29 - 2013-11-26 10:29 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll 2013-12-11 12:29 - 2013-11-26 10:27 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll 2013-12-11 12:29 - 2013-11-26 10:23 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb 2013-12-11 12:29 - 2013-11-26 10:21 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll 2013-12-11 12:29 - 2013-11-26 10:18 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe 2013-12-11 12:29 - 2013-11-26 10:18 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe 2013-12-11 12:29 - 2013-11-26 10:16 - 00708608 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll 2013-12-11 12:29 - 2013-11-26 09:57 - 00218624 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe 2013-12-11 12:29 - 2013-11-26 09:38 - 02166784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2013-12-11 12:29 - 2013-11-26 09:38 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll 2013-12-11 12:29 - 2013-11-26 09:35 - 05769216 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2013-12-11 12:29 - 2013-11-26 09:32 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll 2013-12-11 12:29 - 2013-11-26 09:28 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll 2013-12-11 12:29 - 2013-11-26 09:16 - 04243968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll 2013-12-11 12:29 - 2013-11-26 09:02 - 01995264 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl 2013-12-11 12:29 - 2013-11-26 08:48 - 12996608 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2013-12-11 12:29 - 2013-11-26 08:32 - 01928192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl 2013-12-11 12:29 - 2013-11-26 08:26 - 11221504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2013-12-11 12:29 - 2013-11-26 08:07 - 02334208 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2013-12-11 12:29 - 2013-11-26 07:40 - 01395200 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2013-12-11 12:29 - 2013-11-26 07:34 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll 2013-12-11 12:29 - 2013-11-26 07:34 - 00703488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll 2013-12-11 12:29 - 2013-11-26 07:33 - 01820160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2013-12-11 12:29 - 2013-11-26 07:27 - 01157632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2013-12-11 09:03 - 2013-11-23 19:26 - 00417792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMPhoto.dll 2013-12-11 09:03 - 2013-11-23 18:47 - 00465920 _____ (Microsoft Corporation) C:\Windows\system32\WMPhoto.dll 2013-12-11 09:03 - 2013-11-12 03:23 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll 2013-12-11 09:03 - 2013-11-12 03:07 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll 2013-12-11 09:03 - 2013-10-30 03:32 - 00335360 _____ (Microsoft Corporation) C:\Windows\system32\msieftp.dll 2013-12-11 09:03 - 2013-10-30 03:19 - 00301568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msieftp.dll 2013-12-11 09:03 - 2013-10-30 02:24 - 03155968 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys 2013-12-11 09:03 - 2013-10-19 03:18 - 00081408 _____ (Microsoft Corporation) C:\Windows\system32\imagehlp.dll 2013-12-11 09:03 - 2013-10-19 02:36 - 00159232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\imagehlp.dll 2013-12-11 09:03 - 2013-10-12 03:32 - 00150016 _____ (Microsoft Corporation) C:\Windows\system32\wshom.ocx 2013-12-11 09:03 - 2013-10-12 03:31 - 00202752 _____ (Microsoft Corporation) C:\Windows\system32\scrrun.dll 2013-12-11 09:03 - 2013-10-12 03:04 - 00121856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wshom.ocx 2013-12-11 09:03 - 2013-10-12 03:03 - 00163840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\scrrun.dll 2013-12-11 09:03 - 2013-10-12 02:33 - 00168960 _____ (Microsoft Corporation) C:\Windows\system32\wscript.exe 2013-12-11 09:03 - 2013-10-12 02:33 - 00156160 _____ (Microsoft Corporation) C:\Windows\system32\cscript.exe 2013-12-11 09:03 - 2013-10-12 02:15 - 00141824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wscript.exe 2013-12-11 09:03 - 2013-10-12 02:15 - 00126976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cscript.exe 2013-12-11 09:03 - 2013-10-04 03:16 - 00116736 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\drmk.sys 2013-12-11 09:03 - 2013-10-04 02:36 - 00230400 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\portcls.sys 2013-11-30 21:04 - 2013-12-07 09:18 - 00000000 ____D C:\Users\****\Desktop\bitte was machen 2013-11-26 08:42 - 2013-10-14 18:00 - 00028368 _____ (Microsoft Corporation) C:\Windows\system32\IEUDINIT.EXE 2013-11-26 08:39 - 2013-11-26 08:39 - 01228800 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll 2013-11-26 08:39 - 2013-11-26 08:39 - 01051136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll 2013-11-26 08:39 - 2013-11-26 08:39 - 00942592 _____ (Microsoft Corporation) C:\Windows\system32\jsIntl.dll 2013-11-26 08:39 - 2013-11-26 08:39 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe 2013-11-26 08:39 - 2013-11-26 08:39 - 00774144 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll 2013-11-26 08:39 - 2013-11-26 08:39 - 00645120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsIntl.dll 2013-11-26 08:39 - 2013-11-26 08:39 - 00626176 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2013-11-26 08:39 - 2013-11-26 08:39 - 00616104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dat 2013-11-26 08:39 - 2013-11-26 08:39 - 00616104 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dat 2013-11-26 08:39 - 2013-11-26 08:39 - 00610304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll 2013-11-26 08:39 - 2013-11-26 08:39 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll 2013-11-26 08:39 - 2013-11-26 08:39 - 00523776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll 2013-11-26 08:39 - 2013-11-26 08:39 - 00454656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll 2013-11-26 08:39 - 2013-11-26 08:39 - 00453120 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll 2013-11-26 08:39 - 2013-11-26 08:39 - 00413696 _____ (Microsoft Corporation) C:\Windows\system32\html.iec 2013-11-26 08:39 - 2013-11-26 08:39 - 00367104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll 2013-11-26 08:39 - 2013-11-26 08:39 - 00337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec 2013-11-26 08:39 - 2013-11-26 08:39 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll 2013-11-26 08:39 - 2013-11-26 08:39 - 00263376 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll 2013-11-26 08:39 - 2013-11-26 08:39 - 00247808 _____ (Microsoft Corporation) C:\Windows\system32\msls31.dll 2013-11-26 08:39 - 2013-11-26 08:39 - 00244736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll 2013-11-26 08:39 - 2013-11-26 08:39 - 00243200 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll 2013-11-26 08:39 - 2013-11-26 08:39 - 00238288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll 2013-11-26 08:39 - 2013-11-26 08:39 - 00235520 _____ (Microsoft Corporation) C:\Windows\system32\url.dll 2013-11-26 08:39 - 2013-11-26 08:39 - 00235008 _____ (Microsoft Corporation) C:\Windows\system32\elshyph.dll 2013-11-26 08:39 - 2013-11-26 08:39 - 00233472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll 2013-11-26 08:39 - 2013-11-26 08:39 - 00208384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll 2013-11-26 08:39 - 2013-11-26 08:39 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll 2013-11-26 08:39 - 2013-11-26 08:39 - 00194048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\elshyph.dll 2013-11-26 08:39 - 2013-11-26 08:39 - 00182272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msls31.dll 2013-11-26 08:39 - 2013-11-26 08:39 - 00167424 _____ (Microsoft Corporation) C:\Windows\system32\iexpress.exe 2013-11-26 08:39 - 2013-11-26 08:39 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll 2013-11-26 08:39 - 2013-11-26 08:39 - 00151552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iexpress.exe 2013-11-26 08:39 - 2013-11-26 08:39 - 00147968 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll 2013-11-26 08:39 - 2013-11-26 08:39 - 00143872 _____ (Microsoft Corporation) C:\Windows\system32\wextract.exe 2013-11-26 08:39 - 2013-11-26 08:39 - 00139264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wextract.exe 2013-11-26 08:39 - 2013-11-26 08:39 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll 2013-11-26 08:39 - 2013-11-26 08:39 - 00131072 _____ (Microsoft Corporation) C:\Windows\system32\IEAdvpack.dll 2013-11-26 08:39 - 2013-11-26 08:39 - 00127488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll 2013-11-26 08:39 - 2013-11-26 08:39 - 00116736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll 2013-11-26 08:39 - 2013-11-26 08:39 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe 2013-11-26 08:39 - 2013-11-26 08:39 - 00111616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IEAdvpack.dll 2013-11-26 08:39 - 2013-11-26 08:39 - 00105984 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll 2013-11-26 08:39 - 2013-11-26 08:39 - 00101376 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll 2013-11-26 08:39 - 2013-11-26 08:39 - 00090112 _____ (Microsoft Corporation) C:\Windows\system32\SetIEInstalledDate.exe 2013-11-26 08:39 - 2013-11-26 08:39 - 00086016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll 2013-11-26 08:39 - 2013-11-26 08:39 - 00086016 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe 2013-11-26 08:39 - 2013-11-26 08:39 - 00084992 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll 2013-11-26 08:39 - 2013-11-26 08:39 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll 2013-11-26 08:39 - 2013-11-26 08:39 - 00083456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll 2013-11-26 08:39 - 2013-11-26 08:39 - 00081408 _____ (Microsoft Corporation) C:\Windows\system32\icardie.dll 2013-11-26 08:39 - 2013-11-26 08:39 - 00077312 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx 2013-11-26 08:39 - 2013-11-26 08:39 - 00074240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SetIEInstalledDate.exe 2013-11-26 08:39 - 2013-11-26 08:39 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe 2013-11-26 08:39 - 2013-11-26 08:39 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll 2013-11-26 08:39 - 2013-11-26 08:39 - 00069120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardie.dll 2013-11-26 08:39 - 2013-11-26 08:39 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx 2013-11-26 08:39 - 2013-11-26 08:39 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\pngfilt.dll 2013-11-26 08:39 - 2013-11-26 08:39 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll 2013-11-26 08:39 - 2013-11-26 08:39 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll 2013-11-26 08:39 - 2013-11-26 08:39 - 00056832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pngfilt.dll 2013-11-26 08:39 - 2013-11-26 08:39 - 00052224 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll 2013-11-26 08:39 - 2013-11-26 08:39 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll 2013-11-26 08:39 - 2013-11-26 08:39 - 00048640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmler.dll 2013-11-26 08:39 - 2013-11-26 08:39 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\mshtmler.dll 2013-11-26 08:39 - 2013-11-26 08:39 - 00048128 _____ (Microsoft Corporation) C:\Windows\system32\imgutil.dll 2013-11-26 08:39 - 2013-11-26 08:39 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll 2013-11-26 08:39 - 2013-11-26 08:39 - 00040448 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll 2013-11-26 08:39 - 2013-11-26 08:39 - 00036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\imgutil.dll 2013-11-26 08:39 - 2013-11-26 08:39 - 00034816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll 2013-11-26 08:39 - 2013-11-26 08:39 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll 2013-11-26 08:39 - 2013-11-26 08:39 - 00030208 _____ (Microsoft Corporation) C:\Windows\system32\licmgr10.dll 2013-11-26 08:39 - 2013-11-26 08:39 - 00024576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\licmgr10.dll 2013-11-26 08:39 - 2013-11-26 08:39 - 00013824 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe 2013-11-26 08:39 - 2013-11-26 08:39 - 00013312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe 2013-11-26 08:39 - 2013-11-26 08:39 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe 2013-11-26 08:39 - 2013-11-26 08:39 - 00012800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe 2013-11-26 08:38 - 2013-11-26 08:42 - 00009768 _____ C:\Windows\IE11_main.log 2013-11-20 09:58 - 2013-12-11 16:50 - 04896992 _____ C:\Windows\system32\FNTCACHE.DAT 2013-11-20 08:52 - 2013-11-20 08:52 - 00082264 _____ C:\Users\****\AppData\Local\GDIPFONTCACHEV1.DAT 2013-11-19 20:04 - 2013-12-18 17:30 - 00009925 _____ C:\Windows\setupact.log 2013-11-19 20:04 - 2013-11-19 20:04 - 00000000 _____ C:\Windows\setuperr.log ==================== One Month Modified Files and Folders ======= 2013-12-18 17:41 - 2013-12-18 17:28 - 00000000 ____D C:\Users\****\Desktop\Virus 2013-12-18 17:40 - 2012-07-25 16:06 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job 2013-12-18 17:38 - 2009-07-14 05:45 - 00017168 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2013-12-18 17:38 - 2009-07-14 05:45 - 00017168 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2013-12-18 17:37 - 2009-07-14 18:58 - 15370172 _____ C:\Windows\system32\perfh007.dat 2013-12-18 17:37 - 2009-07-14 18:58 - 04760800 _____ C:\Windows\system32\perfc007.dat 2013-12-18 17:37 - 2009-07-14 06:13 - 00005214 _____ C:\Windows\system32\PerfStringBackup.INI 2013-12-18 17:35 - 2010-04-15 20:01 - 01753540 _____ C:\Windows\WindowsUpdate.log 2013-12-18 17:32 - 2013-12-18 17:05 - 00000000 ____D C:\AdwCleaner 2013-12-18 17:31 - 2010-04-21 16:31 - 00001102 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2013-12-18 17:30 - 2013-11-19 20:04 - 00009925 _____ C:\Windows\setupact.log 2013-12-18 17:30 - 2009-07-14 06:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT 2013-12-18 17:09 - 2013-12-18 17:09 - 00000000 ____D C:\Windows\ERUNT 2013-12-18 16:48 - 2010-04-21 16:31 - 00001106 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2013-12-18 16:33 - 2013-12-16 14:56 - 00006398 _____ C:\Windows\PFRO.log 2013-12-18 08:14 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\system32\NDF 2013-12-18 07:35 - 2013-12-18 07:35 - 00007334 _____ C:\Users\****\Desktop\OpenDocument Text (neu).odt 2013-12-18 07:22 - 2012-01-07 17:27 - 00001134 _____ C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2058888408-2479665750-2358759828-1001UA.job 2013-12-18 07:20 - 2012-12-29 11:30 - 00000040 _____ C:\Users\****\defogger_reenable 2013-12-17 21:25 - 2010-04-15 21:27 - 00000000 ____D C:\Users\****\AppData\Roaming\uTorrent 2013-12-17 08:34 - 2010-05-18 12:09 - 00000432 _____ C:\Windows\BRWMARK.INI 2013-12-17 08:12 - 2012-09-16 13:26 - 00000000 ____D C:\ProgramData\LAT 2.0 Deutsch 2013-12-16 16:11 - 2010-04-30 09:42 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware 2013-12-16 16:08 - 2013-12-16 16:08 - 00000000 ____D C:\FRST 2013-12-15 19:16 - 2013-12-15 19:16 - 00000000 ____D C:\Program Files (x86)\foxydeal 2013-12-14 18:39 - 2012-04-30 09:11 - 00000000 ____D C:\Users\****\Documents\Körperstolz 2013-12-14 18:27 - 2012-05-03 20:47 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service 2013-12-14 11:18 - 2013-07-23 08:36 - 00000000 ____D C:\Windows\system32\MRT 2013-12-14 11:16 - 2010-04-17 08:08 - 90708896 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe 2013-12-14 10:48 - 2013-12-13 11:22 - 00000000 ____D C:\Program Files (x86)\Mozilla Thunderbird 2013-12-12 10:22 - 2012-01-07 17:27 - 00001112 _____ C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2058888408-2479665750-2358759828-1001Core.job 2013-12-11 21:50 - 2010-04-21 16:31 - 00000000 ____D C:\Program Files (x86)\Google 2013-12-11 19:40 - 2013-12-11 19:40 - 09293192 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe 2013-12-11 19:40 - 2012-07-25 16:06 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2013-12-11 19:40 - 2012-07-25 16:06 - 00003822 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater 2013-12-11 19:40 - 2011-05-25 06:21 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2013-12-11 16:50 - 2013-11-20 09:58 - 04896992 _____ C:\Windows\system32\FNTCACHE.DAT 2013-12-07 09:18 - 2013-11-30 21:04 - 00000000 ____D C:\Users\****\Desktop\bitte was machen 2013-12-06 19:31 - 2009-07-14 06:08 - 00032632 _____ C:\Windows\Tasks\SCHEDLGU.TXT 2013-11-30 18:43 - 2010-04-21 16:31 - 00004102 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA 2013-11-30 18:43 - 2010-04-21 16:31 - 00003850 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore 2013-11-26 17:44 - 2011-01-22 14:44 - 00001425 _____ C:\Users\****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk 2013-11-26 17:44 - 2010-04-15 20:57 - 00000000 ____D C:\Windows\Panther 2013-11-26 17:43 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\PolicyDefinitions 2013-11-26 12:54 - 2013-12-11 12:29 - 23183360 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2013-11-26 11:19 - 2013-12-11 12:29 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2013-11-26 11:18 - 2013-12-11 12:29 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll 2013-11-26 11:11 - 2013-12-11 12:29 - 17112576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2013-11-26 10:48 - 2013-12-11 12:29 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll 2013-11-26 10:46 - 2013-12-11 12:29 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll 2013-11-26 10:41 - 2013-12-11 12:29 - 02764288 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2013-11-26 10:29 - 2013-12-11 12:29 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll 2013-11-26 10:27 - 2013-12-11 12:29 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll 2013-11-26 10:23 - 2013-12-11 12:29 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb 2013-11-26 10:21 - 2013-12-11 12:29 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll 2013-11-26 10:18 - 2013-12-11 12:29 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe 2013-11-26 10:18 - 2013-12-11 12:29 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe 2013-11-26 10:16 - 2013-12-11 12:29 - 00708608 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll 2013-11-26 09:57 - 2013-12-11 12:29 - 00218624 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe 2013-11-26 09:38 - 2013-12-11 12:29 - 02166784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2013-11-26 09:38 - 2013-12-11 12:29 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll 2013-11-26 09:35 - 2013-12-11 12:29 - 05769216 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2013-11-26 09:32 - 2013-12-11 12:29 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll 2013-11-26 09:28 - 2013-12-11 12:29 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll 2013-11-26 09:16 - 2013-12-11 12:29 - 04243968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll 2013-11-26 09:02 - 2013-12-11 12:29 - 01995264 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl 2013-11-26 08:48 - 2013-12-11 12:29 - 12996608 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2013-11-26 08:42 - 2013-11-26 08:38 - 00009768 _____ C:\Windows\IE11_main.log 2013-11-26 08:39 - 2013-11-26 08:39 - 01228800 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll 2013-11-26 08:39 - 2013-11-26 08:39 - 01051136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll 2013-11-26 08:39 - 2013-11-26 08:39 - 00942592 _____ (Microsoft Corporation) C:\Windows\system32\jsIntl.dll 2013-11-26 08:39 - 2013-11-26 08:39 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe 2013-11-26 08:39 - 2013-11-26 08:39 - 00774144 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll 2013-11-26 08:39 - 2013-11-26 08:39 - 00645120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsIntl.dll 2013-11-26 08:39 - 2013-11-26 08:39 - 00626176 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2013-11-26 08:39 - 2013-11-26 08:39 - 00616104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dat 2013-11-26 08:39 - 2013-11-26 08:39 - 00616104 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dat 2013-11-26 08:39 - 2013-11-26 08:39 - 00610304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll 2013-11-26 08:39 - 2013-11-26 08:39 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll 2013-11-26 08:39 - 2013-11-26 08:39 - 00523776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll 2013-11-26 08:39 - 2013-11-26 08:39 - 00454656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll 2013-11-26 08:39 - 2013-11-26 08:39 - 00453120 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll 2013-11-26 08:39 - 2013-11-26 08:39 - 00413696 _____ (Microsoft Corporation) C:\Windows\system32\html.iec 2013-11-26 08:39 - 2013-11-26 08:39 - 00367104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll 2013-11-26 08:39 - 2013-11-26 08:39 - 00337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec 2013-11-26 08:39 - 2013-11-26 08:39 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll 2013-11-26 08:39 - 2013-11-26 08:39 - 00263376 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll 2013-11-26 08:39 - 2013-11-26 08:39 - 00247808 _____ (Microsoft Corporation) C:\Windows\system32\msls31.dll 2013-11-26 08:39 - 2013-11-26 08:39 - 00244736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll 2013-11-26 08:39 - 2013-11-26 08:39 - 00243200 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll 2013-11-26 08:39 - 2013-11-26 08:39 - 00238288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll 2013-11-26 08:39 - 2013-11-26 08:39 - 00235520 _____ (Microsoft Corporation) C:\Windows\system32\url.dll 2013-11-26 08:39 - 2013-11-26 08:39 - 00235008 _____ (Microsoft Corporation) C:\Windows\system32\elshyph.dll 2013-11-26 08:39 - 2013-11-26 08:39 - 00233472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll 2013-11-26 08:39 - 2013-11-26 08:39 - 00208384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll 2013-11-26 08:39 - 2013-11-26 08:39 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll 2013-11-26 08:39 - 2013-11-26 08:39 - 00194048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\elshyph.dll 2013-11-26 08:39 - 2013-11-26 08:39 - 00182272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msls31.dll 2013-11-26 08:39 - 2013-11-26 08:39 - 00167424 _____ (Microsoft Corporation) C:\Windows\system32\iexpress.exe 2013-11-26 08:39 - 2013-11-26 08:39 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll 2013-11-26 08:39 - 2013-11-26 08:39 - 00151552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iexpress.exe 2013-11-26 08:39 - 2013-11-26 08:39 - 00147968 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll 2013-11-26 08:39 - 2013-11-26 08:39 - 00143872 _____ (Microsoft Corporation) C:\Windows\system32\wextract.exe 2013-11-26 08:39 - 2013-11-26 08:39 - 00139264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wextract.exe 2013-11-26 08:39 - 2013-11-26 08:39 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll 2013-11-26 08:39 - 2013-11-26 08:39 - 00131072 _____ (Microsoft Corporation) C:\Windows\system32\IEAdvpack.dll 2013-11-26 08:39 - 2013-11-26 08:39 - 00127488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll 2013-11-26 08:39 - 2013-11-26 08:39 - 00116736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll 2013-11-26 08:39 - 2013-11-26 08:39 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe 2013-11-26 08:39 - 2013-11-26 08:39 - 00111616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IEAdvpack.dll 2013-11-26 08:39 - 2013-11-26 08:39 - 00105984 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll 2013-11-26 08:39 - 2013-11-26 08:39 - 00101376 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll 2013-11-26 08:39 - 2013-11-26 08:39 - 00090112 _____ (Microsoft Corporation) C:\Windows\system32\SetIEInstalledDate.exe 2013-11-26 08:39 - 2013-11-26 08:39 - 00086016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll 2013-11-26 08:39 - 2013-11-26 08:39 - 00086016 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe 2013-11-26 08:39 - 2013-11-26 08:39 - 00084992 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll 2013-11-26 08:39 - 2013-11-26 08:39 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll 2013-11-26 08:39 - 2013-11-26 08:39 - 00083456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll 2013-11-26 08:39 - 2013-11-26 08:39 - 00081408 _____ (Microsoft Corporation) C:\Windows\system32\icardie.dll 2013-11-26 08:39 - 2013-11-26 08:39 - 00077312 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx 2013-11-26 08:39 - 2013-11-26 08:39 - 00074240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SetIEInstalledDate.exe 2013-11-26 08:39 - 2013-11-26 08:39 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe 2013-11-26 08:39 - 2013-11-26 08:39 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll 2013-11-26 08:39 - 2013-11-26 08:39 - 00069120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardie.dll 2013-11-26 08:39 - 2013-11-26 08:39 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx 2013-11-26 08:39 - 2013-11-26 08:39 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\pngfilt.dll 2013-11-26 08:39 - 2013-11-26 08:39 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll 2013-11-26 08:39 - 2013-11-26 08:39 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll 2013-11-26 08:39 - 2013-11-26 08:39 - 00056832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pngfilt.dll 2013-11-26 08:39 - 2013-11-26 08:39 - 00052224 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll 2013-11-26 08:39 - 2013-11-26 08:39 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll 2013-11-26 08:39 - 2013-11-26 08:39 - 00048640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmler.dll 2013-11-26 08:39 - 2013-11-26 08:39 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\mshtmler.dll 2013-11-26 08:39 - 2013-11-26 08:39 - 00048128 _____ (Microsoft Corporation) C:\Windows\system32\imgutil.dll 2013-11-26 08:39 - 2013-11-26 08:39 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll 2013-11-26 08:39 - 2013-11-26 08:39 - 00040448 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll 2013-11-26 08:39 - 2013-11-26 08:39 - 00036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\imgutil.dll 2013-11-26 08:39 - 2013-11-26 08:39 - 00034816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll 2013-11-26 08:39 - 2013-11-26 08:39 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll 2013-11-26 08:39 - 2013-11-26 08:39 - 00030208 _____ (Microsoft Corporation) C:\Windows\system32\licmgr10.dll 2013-11-26 08:39 - 2013-11-26 08:39 - 00024576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\licmgr10.dll 2013-11-26 08:39 - 2013-11-26 08:39 - 00013824 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe 2013-11-26 08:39 - 2013-11-26 08:39 - 00013312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe 2013-11-26 08:39 - 2013-11-26 08:39 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe 2013-11-26 08:39 - 2013-11-26 08:39 - 00012800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe 2013-11-26 08:32 - 2013-12-11 12:29 - 01928192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl 2013-11-26 08:26 - 2013-12-11 12:29 - 11221504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2013-11-26 08:07 - 2013-12-11 12:29 - 02334208 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2013-11-26 07:40 - 2013-12-11 12:29 - 01395200 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2013-11-26 07:34 - 2013-12-11 12:29 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll 2013-11-26 07:34 - 2013-12-11 12:29 - 00703488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll 2013-11-26 07:33 - 2013-12-11 12:29 - 01820160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2013-11-26 07:27 - 2013-12-11 12:29 - 01157632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2013-11-25 14:47 - 2010-02-25 21:41 - 00000000 ____D C:\Users\****\Documents\Verschiedenes 2013-11-23 19:26 - 2013-12-11 09:03 - 00417792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMPhoto.dll 2013-11-23 18:47 - 2013-12-11 09:03 - 00465920 _____ (Microsoft Corporation) C:\Windows\system32\WMPhoto.dll 2013-11-20 08:52 - 2013-11-20 08:52 - 00082264 _____ C:\Users\****\AppData\Local\GDIPFONTCACHEV1.DAT 2013-11-19 20:04 - 2013-11-19 20:04 - 00000000 _____ C:\Windows\setuperr.log 2013-11-19 11:21 - 2010-04-15 21:19 - 00267936 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe 2013-11-19 07:41 - 2011-01-25 20:06 - 00001912 _____ C:\Windows\epplauncher.mif 2013-11-19 07:41 - 2011-01-25 20:06 - 00000000 ____D C:\Program Files (x86)\Microsoft Security Client 2013-11-19 07:41 - 2011-01-25 20:05 - 00000000 ____D C:\Program Files\Microsoft Security Client Some content of TEMP: ==================== C:\Users\****\AppData\Local\Temp\htmlayout.dll C:\Users\****\AppData\Local\Temp\Quarantine.exe C:\Users\****\AppData\Local\Temp\toolbar10803428.exe C:\Users\****\AppData\Local\Temp\toolbar10852069.exe C:\Users\****\AppData\Local\Temp\uninstall10897215.exe ==================== Bamital & volsnap Check ================= C:\Windows\System32\winlogon.exe => MD5 is legit C:\Windows\System32\wininit.exe => MD5 is legit C:\Windows\SysWOW64\wininit.exe => MD5 is legit C:\Windows\explorer.exe => MD5 is legit C:\Windows\SysWOW64\explorer.exe => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\SysWOW64\svchost.exe => MD5 is legit C:\Windows\System32\services.exe => MD5 is legit C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\SysWOW64\User32.dll => MD5 is legit C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\SysWOW64\userinit.exe => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit LastRegBack: 2013-12-10 16:25 ==================== End Of Log ============================ Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x64) Version: 18-12-2013 03 Ran by **** at 2013-12-18 17:44:04 Running from C:\Users\****\Desktop\Virus Boot Mode: Normal ========================================================== ==================== Security Center ======================== AV: Microsoft Security Essentials (Enabled - Up to date) {641105E6-77ED-3F35-A304-765193BCB75F} AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: Microsoft Security Essentials (Enabled - Up to date) {DF70E402-51D7-30BB-99B4-4D23E83BFDE2} ==================== Installed Programs ====================== µTorrent (x32 Version: 2.2.0) AbiWord 2.8.6 (x32 Version: 2.8.6) Adobe AIR (x32 Version: 1.5.3.9120) Adobe Color Video Profiles CS CS4 (x32 Version: 2.0) Adobe Community Help (x32 Version: 3.0.0) Adobe Community Help (x32 Version: 3.0.0.400) Adobe Flash Player 11 ActiveX (x32 Version: 11.9.900.170) Adobe Flash Player 11 Plugin (x32 Version: 11.9.900.170) Adobe Media Player (x32 Version: 1.8) Adobe Photoshop CS5 (x32 Version: 12.0) Adobe Reader XI (11.0.05) - Deutsch (x32 Version: 11.0.05) Adobe Shockwave Player 11.5 (x32 Version: 11.5.9.615) AdobeColorCommonSetRGB (x32 Version: 2.0) Akamai NetSession Interface (HKCU) Allway Sync version 10.5.8 (x32) Apple Application Support (x32 Version: 2.1.9) Apple Mobile Device Support (Version: 5.2.0.6) Apple Software Update (x32 Version: 2.1.3.127) At the Cutting Edge (x32) ATI AVIVO64 Codecs (Version: 10.10.0.40918) ATI Catalyst Install Manager (Version: 3.0.762.0) ATI Catalyst Registration (x32 Version: 2.01.0000) AVG 2012 (Version: 12.0.1913) AVG 2012 (Version: 12.0.2178) AVG 2012 (Version: 12.0.2180) AVG 2012 (Version: 12.0.2193) AVG 2012 (Version: 12.0.2195) AVG 2012 (Version: 12.0.2197) AVG 2012 (Version: 12.0.2221) AVG 2013 (Version: 13.0.2742) AVG 2013 (Version: 13.0.2793) AVG 2013 (Version: 2013.0.2805) Bonjour (Version: 3.0.0.10) Browser Configuration Utility (x32 Version: 1.1.11.0) calibre (x32 Version: 0.9.19) CANON iMAGE GATEWAY MyCamera Download Plugin (x32 Version: 3.1.1.2) CANON iMAGE GATEWAY Task for ZoomBrowser EX (x32 Version: 1.9.0.9) Canon MOV Decoder (x32 Version: 1.8.0.7) Canon MOV Encoder (x32 Version: 1.6.0.1) Canon MovieEdit Task for ZoomBrowser EX (x32 Version: 3.7.0.4) Canon Utilities Digital Photo Professional 3.10 (x32 Version: 3.10.2.0) Canon Utilities EOS Utility (x32 Version: 2.10.2.0) Canon Utilities EOS Video Snapshot Task for ZoomBrowser EX (x32 Version: 1.0.0.10) Canon Utilities PhotoStitch (x32 Version: 3.1.22.46) Canon Utilities Picture Style Editor (x32 Version: 1.9.0.0) Canon Utilities ZoomBrowser EX (x32 Version: 6.7.0.24) Canon ZoomBrowser EX Memory Card Utility (x32 Version: 1.5.0.9) Catalyst Control Center - Branding (x32 Version: 1.00.0000) Catalyst Control Center Core Implementation (x32 Version: 2010.0202.2335.42270) Catalyst Control Center Graphics Full Existing (x32 Version: 2010.0202.2335.42270) Catalyst Control Center Graphics Full New (x32 Version: 2010.0202.2335.42270) Catalyst Control Center Graphics Light (x32 Version: 2010.0202.2335.42270) Catalyst Control Center Graphics Previews Common (x32 Version: 2010.0202.2335.42270) Catalyst Control Center HydraVision Full (x32 Version: 2010.0202.2335.42270) Catalyst Control Center InstallProxy (x32 Version: 2010.0202.2335.42270) Catalyst Control Center Localization All (x32 Version: 2010.0202.2335.42270) CCC Help English (x32 Version: 2010.0202.2334.42270) CCC Help French (x32 Version: 2010.0202.2334.42270) CCC Help German (x32 Version: 2010.0202.2334.42270) CCC Help Italian (x32 Version: 2010.0202.2334.42270) CCC Help Portuguese (x32 Version: 2010.0202.2334.42270) CCC Help Spanish (x32 Version: 2010.0202.2334.42270) ccc-core-static (x32 Version: 2010.0202.2335.42270) ccc-utility64 (Version: 2010.0202.2335.42270) CCleaner (Version: 3.26) CDex - Open Source Digital Audio CD Extractor (x32 Version: 1.70.4.2009) ComunioCalci 1.5.1 (x32) Convert AVI to MP4 1.3 (x32) ConvertHelper 2.2 (x32) D3DX10 (x32 Version: 15.4.2368.0902) DAEMON Tools Lite (x32 Version: 4.47.1.0333) Defraggler (Version: 2.12) Dota 2 (x32) ElsterFormular (x32 Version: 13.2.0.8623p) Facebook Video Calling 1.2.0.287 (x32 Version: 1.2.287) FLV Player (HKCU) Free YouTube Download 2.9 (x32) Gigabyte Raid Cinfigurer (x32 Version: 1.00.0001) Google Drive (x32 Version: 1.13.5782.599) Google Earth (x32 Version: 7.1.2.2041) Google Update Helper (x32 Version: 1.3.22.3) GooReader (x32 Version: 2.0) HydraVision (x32 Version: 4.2.114.0) Java 7 Update 45 (x32 Version: 7.0.450) Java Auto Updater (x32 Version: 2.1.9.8) Klett Software Sicher ins Abitur (x32) Lehrer-Software Notting Hill Gate 3B (x32) Lyrics Plugin for Winamp (x32 Version: 0.4) <==== ATTENTION Malwarebytes Anti-Malware Version 1.75.0.1300 (x32 Version: 1.75.0.1300) Mesh Runtime (x32 Version: 15.4.5722.2) Microsoft .NET Framework 4 Client Profile (Version: 4.0.30320) Microsoft .NET Framework 4 Client Profile DEU Language Pack (Version: 4.0.30320) Microsoft Antimalware Service DE-DE Language Pack (Version: 3.0.8402.2) Microsoft Application Error Reporting (Version: 12.0.6015.5000) Microsoft Office Word Viewer 2003 (x32 Version: 11.0.8173.0) Microsoft Security Client (Version: 4.4.0304.0) Microsoft Security Client DE-DE Language Pack (Version: 2.1.1116.0) Microsoft Security Essentials (Version: 4.4.304.0) Microsoft SQL Server 2005 Compact Edition [ENU] (x32 Version: 3.1.0000) Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (x32 Version: 8.0.50727.4053) Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.56336) Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.61001) Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570 (Version: 9.0.30729.5570) Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (x32 Version: 9.0.30729.5570) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (Version: 9.0.30729.4148) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161) Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (x32 Version: 9.0.21022) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (x32 Version: 9.0.30729) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (x32 Version: 9.0.30729) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (x32 Version: 9.0.30729.4148) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (x32 Version: 9.0.30729.6161) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (Version: 10.0.40219) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (x32 Version: 10.0.40219) Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (Version: 10.0.40303) Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (Version: 10.0.40308) Microsoft Visual Studio 2010 Tools for Office Runtime (x64) Language Pack - DEU (Version: 10.0.40303) Microsoft Visual Studio 2010-Tools für Office-Laufzeit (x64) Language Pack - DEU (Version: 10.0.40303) Microsoft_VC80_ATL_x86_x64 (Version: 8.0.50727.4053) Microsoft_VC80_CRT_x86 (x32 Version: 8.0.50727.4053) Microsoft_VC80_CRT_x86_x64 (Version: 8.0.50727.4053) Microsoft_VC80_MFC_x86 (x32 Version: 8.0.50727.4053) Microsoft_VC80_MFC_x86_x64 (Version: 8.0.50727.4053) Microsoft_VC80_MFCLOC_x86 (x32 Version: 8.0.50727.4053) Microsoft_VC80_MFCLOC_x86_x64 (Version: 80.50727.4053) Microsoft_VC90_ATL_x86 (x32 Version: 1.00.0000) Microsoft_VC90_ATL_x86_x64 (Version: 1.00.0000) Microsoft_VC90_CRT_x86 (x32 Version: 1.00.0000) Microsoft_VC90_CRT_x86_x64 (Version: 1.00.0000) Microsoft_VC90_MFC_x86 (x32 Version: 1.00.0000) Microsoft_VC90_MFC_x86_x64 (Version: 1.00.0000) Mozilla Firefox 25.0.1 (x86 de) (x32 Version: 25.0.1) Mozilla Maintenance Service (x32 Version: 24.2.0) Mozilla Thunderbird 24.2.0 (x86 de) (x32 Version: 24.2.0) MSVCRT (x32 Version: 15.4.2862.0708) MSXML 4.0 SP2 (KB954430) (x32 Version: 4.20.9870.0) MSXML 4.0 SP2 (KB973688) (x32 Version: 4.20.9876.0) MyScript HWR (German) (x32 Version: 4.4.5.1) NEC Electronics USB 3.0 Host Controller Driver (x32 Version: 1.0.14.0) NVIDIA PhysX (x32 Version: 9.09.0720) OpenOffice.org 3.2 (x32 Version: 3.2.9483) Opera 12.15 (x32 Version: 12.15.1748) PC Speed Maximizer v3.2 (x32 Version: 3.2) PDF Settings CS5 (x32 Version: 10.0) PDFCreator (x32 Version: 1.2.1) PDFZilla V1.2.11 (x32) Picasa 3 (x32 Version: 3.9) QUICKfind server v1.1 (x32) QuickTime (x32 Version: 7.69.80.9) RealNetworks - Microsoft Visual C++ 2008 Runtime (x32 Version: 9.0) RealPlayer (x32) Realtek Ethernet Controller Driver For Windows Vista and Later (x32 Version: 1.00.0009) Realtek HDMI Audio Driver for ATI (x32 Version: 6.0.1.5897) Realtek High Definition Audio Driver (x32 Version: 6.0.1.5964) RealUpgrade 1.1 (x32 Version: 1.1.0) SES Driver (Version: 1.0.0) Skype™ 5.10 (x32 Version: 5.10.116) SMART Common Files (x32 Version: 11.1.34.1) SMART German Language Pack (x32 Version: 11.0.50.1) SMART Ink (x32 Version: 1.1.233.0) SMART Notebook (x32 Version: 11.0.705.1) SMART Product Drivers (x32 Version: 11.0.510.2) SMART Product Update (x32 Version: 5.0.108.0) SopCast 3.4.0 (x32 Version: 3.4.0) SoulSeek 157 NS 13e (x32) SpeedFan (remove only) (x32) Spotify (HKCU Version: 0.9.4.185.g7545a404) StarCraft II (x32 Version: 1.4.3.21029) Steam (x32 Version: 1.0.0.0) Streamripper (Remove only) (x32) Tesseract-OCR - open source OCR engine (x32 Version: 3.02.02) The Lord of the Rings FREE Trial (x32 Version: 1.00.0000) TIPP10 Version 2.1.0 (x32) TrueCrypt (x32 Version: 7.1a) TVUPlayer 2.5.3.1 (x32 Version: 2.5.3.1) Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (x32 Version: 1) Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (x32 Version: 1) Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (x32 Version: 1) Update for Microsoft .NET Framework 4 Client Profile (KB2836939) (x32 Version: 1) Update for Microsoft .NET Framework 4 Client Profile (KB2836939v3) (x32 Version: 3) VDownloader 3.9.1627 vDownloader Packages (HKCU) Veetle TV (x32 Version: 0.9.18) Visual Studio 2008 x64 Redistributables (x32 Version: 10.0.0.2) Visual Studio 2010 x64 Redistributables (Version: 13.0.0.1) VLC media player 1.1.11 (x32 Version: 1.1.11) Warcraft III (x32) WD SmartWare (Version: 1.4.1.1) Winamp (x32 Version: 5.63 ) Winamp Erkennungs-Plug-in (HKCU Version: 1.0.0.1) Windows Driver Package - Western Digital Technologies (WDC_SAM) WDC_SAM (03/06/2009 1.0.0008.0) (Version: 03/06/2009 1.0.0008.0) Windows Live Communications Platform (x32 Version: 15.4.3502.0922) Windows Live Essentials (x32 Version: 15.4.3502.0922) Windows Live Essentials (x32 Version: 15.4.3555.0308) Windows Live Fotogalerie (x32 Version: 15.4.3502.0922) Windows Live ID Sign-in Assistant (Version: 7.250.4232.0) Windows Live Installer (x32 Version: 15.4.3502.0922) Windows Live Language Selector (Version: 15.4.3555.0308) Windows Live Mesh (x32 Version: 15.4.3502.0922) Windows Live Mesh ActiveX control for remote connections (x32 Version: 15.4.5722.2) Windows Live Movie Maker (x32 Version: 15.4.3502.0922) Windows Live Photo Common (x32 Version: 15.4.3502.0922) Windows Live Photo Gallery (x32 Version: 15.4.3502.0922) Windows Live PIMT Platform (x32 Version: 15.4.3508.1109) Windows Live Remote Client (Version: 15.4.5722.2) Windows Live Remote Client Resources (Version: 15.4.5722.2) Windows Live Remote Service (Version: 15.4.5722.2) Windows Live Remote Service Resources (Version: 15.4.5722.2) Windows Live SOXE (x32 Version: 15.4.3502.0922) Windows Live SOXE Definitions (x32 Version: 15.4.3502.0922) Windows Live UX Platform (x32 Version: 15.4.3502.0922) Windows Live UX Platform Language Pack (x32 Version: 15.4.3508.1109) WinPcap 4.1.1 (x32 Version: 4.1.0.1753) WinRAR 4.01 (64-Bit) (Version: 4.01.0) WinX Free AVI to MP4 Converter 4.0.6 (x32) ==================== Restore Points ========================= 15-12-2013 18:00:58 Windows-Sicherung 18-12-2013 06:33:20 Windows Update ==================== Hosts content: ========================== 2009-07-14 03:34 - 2010-05-20 18:32 - 00001362 ____A C:\Windows\system32\Drivers\etc\hosts 127.0.0.1 activate.adobe.com 127.0.0.1 practivate.adobe.com 127.0.0.1 ereg.adobe.com 127.0.0.1 activate.wip3.adobe.com 127.0.0.1 wip3.adobe.com 127.0.0.1 3dns-3.adobe.com 127.0.0.1 3dns-2.adobe.com 127.0.0.1 adobe-dns.adobe.com 127.0.0.1 adobe-dns-2.adobe.com 127.0.0.1 adobe-dns-3.adobe.com 127.0.0.1 ereg.wip3.adobe.com 127.0.0.1 activate-sea.adobe.com 127.0.0.1 wwis-dubc1-vip60.adobe.com 127.0.0.1 activate-sjc0.adobe.com ==================== Scheduled Tasks (whitelisted) ============= Task: {29BB99AA-BFDF-4F7F-B675-A1E89142B939} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-12-11] (Adobe Systems Incorporated) Task: {35BCE82B-89C7-401D-9A0D-EC36EA2155C8} - System32\Tasks\FrontLine Registry Cleaner Scheduled Scan - **** => C:\Program Files (x86)\Frontline Registry Cleaner\REGCLEANER.exe Task: {39AE87D7-3AE6-4311-89CA-85E8CDAF1831} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-2058888408-2479665750-2358759828-1001Core => C:\Users\****\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-07-25] (Facebook Inc.) Task: {46ED0861-2531-458B-8BE3-F19272A99F94} - System32\Tasks\{62C40AA6-4406-467a-A5A5-DFDF1B559B7A} => C:\Windows\Szucia.exe Task: {517E3F93-F287-4CFA-B353-75843DBF4365} - System32\Tasks\CCleanerSkipUAC => C:\Program Files (x86)\CCleaner\CCleaner.exe [2012-12-19] (Piriform Ltd) Task: {62F6173C-98D2-4927-9739-5775ECDA7143} - System32\Tasks\Microsoft\Windows\TabletPC\InputPersonalization => C:\Program Files\Common Files\Microsoft Shared\ink\InputPersonalization.exe [2009-07-14] (Microsoft Corporation) Task: {99C9EB3C-D579-4ACA-9F3B-0AC31A7B411D} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-2058888408-2479665750-2358759828-1001UA => C:\Users\****\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-07-25] (Facebook Inc.) Task: {9CFAA05A-CA80-4C15-BC77-E1254031C2D5} - System32\Tasks\Microsoft\Windows\WindowsBackup\AutomaticBackup => Rundll32.exe /d sdengin2.dll,ExecuteScheduledBackup Task: {9F328E6A-1242-4E02-BAA7-FC6FB56B7137} - \GoforFilesUpdate No Task File Task: {AD140811-7CFE-4626-A8DB-D390CE6250B7} - System32\Tasks\RealUpgradeLogonTaskS-1-5-21-2058888408-2479665750-2358759828-1001 => C:\Program Files (x86)\Real\RealUpgrade\realupgrade.exe [2011-01-24] (RealNetworks, Inc.) Task: {E2AA917D-95DF-4E9C-B13F-850A898DBFA7} - System32\Tasks\RealUpgradeScheduledTaskS-1-5-21-2058888408-2479665750-2358759828-1001 => C:\Program Files (x86)\Real\RealUpgrade\realupgrade.exe [2011-01-24] (RealNetworks, Inc.) Task: {F5E9D5F9-50C0-44C5-9B12-8284F8CF8D7B} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-04-21] (Google Inc.) Task: {FEC145AC-F8EB-4F18-BED5-E750913D8631} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-04-21] (Google Inc.) Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2058888408-2479665750-2358759828-1001Core.job => C:\Users\****\AppData\Local\Facebook\Update\FacebookUpdate.exe Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2058888408-2479665750-2358759828-1001UA.job => C:\Users\****\AppData\Local\Facebook\Update\FacebookUpdate.exe Task: C:\Windows\Tasks\FrontLine Registry Cleaner Scheduled Scan - ****.job => C:\Program Files (x86)\Frontline Registry Cleaner\REGCLEANER.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe ==================== Loaded Modules (whitelisted) ============= 2009-11-24 12:36 - 2009-11-24 12:36 - 00016384 ____R () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Branding\Branding.dll 2010-04-15 20:37 - 2010-04-15 20:37 - 00270336 _____ () C:\Windows\assembly\GAC_MSIL\CLI.Aspect.CrossDisplay.Graphics.Dashboard\1.0.0.0__90ba9c70f846762e\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll 2010-06-19 20:29 - 2011-05-28 21:05 - 00164864 _____ () C:\Program Files\WinRAR\rarext.dll 2012-05-30 19:06 - 2012-05-30 19:06 - 00087912 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll 2012-05-30 19:06 - 2012-05-30 19:06 - 01242512 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll 2010-03-05 10:24 - 2010-03-05 10:24 - 00886272 _____ () C:\Program Files (x86)\Western Digital\WD Smartware\Front Parlor\WDFME\System.Data.SQLite.dll 2013-12-18 17:31 - 2013-12-18 17:31 - 00098816 _____ () C:\Users\****\AppData\Local\Temp\_MEI24642\win32api.pyd 2013-12-18 17:31 - 2013-12-18 17:31 - 00110080 _____ () C:\Users\****\AppData\Local\Temp\_MEI24642\pywintypes27.dll 2013-12-18 17:31 - 2013-12-18 17:31 - 00364544 _____ () C:\Users\****\AppData\Local\Temp\_MEI24642\pythoncom27.dll 2013-12-18 17:31 - 2013-12-18 17:31 - 00044032 _____ () C:\Users\****\AppData\Local\Temp\_MEI24642\_socket.pyd 2013-12-18 17:31 - 2013-12-18 17:31 - 01153024 _____ () C:\Users\****\AppData\Local\Temp\_MEI24642\_ssl.pyd 2013-12-18 17:31 - 2013-12-18 17:31 - 00320512 _____ () C:\Users\****\AppData\Local\Temp\_MEI24642\win32com.shell.shell.pyd 2013-12-18 17:31 - 2013-12-18 17:31 - 00711680 _____ () C:\Users\****\AppData\Local\Temp\_MEI24642\_hashlib.pyd 2013-12-18 17:31 - 2013-12-18 17:31 - 01175040 _____ () C:\Users\****\AppData\Local\Temp\_MEI24642\wx._core_.pyd 2013-12-18 17:31 - 2013-12-18 17:31 - 00805888 _____ () C:\Users\****\AppData\Local\Temp\_MEI24642\wx._gdi_.pyd 2013-12-18 17:31 - 2013-12-18 17:31 - 00811008 _____ () C:\Users\****\AppData\Local\Temp\_MEI24642\wx._windows_.pyd 2013-12-18 17:31 - 2013-12-18 17:31 - 01062400 _____ () C:\Users\****\AppData\Local\Temp\_MEI24642\wx._controls_.pyd 2013-12-18 17:31 - 2013-12-18 17:31 - 00735232 _____ () C:\Users\****\AppData\Local\Temp\_MEI24642\wx._misc_.pyd 2013-12-18 17:31 - 2013-12-18 17:31 - 00128512 _____ () C:\Users\****\AppData\Local\Temp\_MEI24642\_elementtree.pyd 2013-12-18 17:31 - 2013-12-18 17:31 - 00127488 _____ () C:\Users\****\AppData\Local\Temp\_MEI24642\pyexpat.pyd 2013-12-18 17:31 - 2013-12-18 17:31 - 00557056 _____ () C:\Users\****\AppData\Local\Temp\_MEI24642\pysqlite2._sqlite.pyd 2013-12-18 17:31 - 2013-12-18 17:31 - 00087040 _____ () C:\Users\****\AppData\Local\Temp\_MEI24642\_ctypes.pyd 2013-12-18 17:31 - 2013-12-18 17:31 - 00119808 _____ () C:\Users\****\AppData\Local\Temp\_MEI24642\win32file.pyd 2013-12-18 17:31 - 2013-12-18 17:31 - 00108544 _____ () C:\Users\****\AppData\Local\Temp\_MEI24642\win32security.pyd 2013-12-18 17:31 - 2013-12-18 17:31 - 00018432 _____ () C:\Users\****\AppData\Local\Temp\_MEI24642\win32event.pyd 2013-12-18 17:31 - 2013-12-18 17:31 - 00038912 _____ () C:\Users\****\AppData\Local\Temp\_MEI24642\win32inet.pyd 2013-12-18 17:31 - 2013-12-18 17:31 - 00122368 _____ () C:\Users\****\AppData\Local\Temp\_MEI24642\wx._wizard.pyd 2013-12-18 17:31 - 2013-12-18 17:31 - 00026624 _____ () C:\Users\****\AppData\Local\Temp\_MEI24642\_multiprocessing.pyd 2013-12-18 17:31 - 2013-12-18 17:31 - 00070656 _____ () C:\Users\****\AppData\Local\Temp\_MEI24642\wx._html2.pyd 2013-12-18 17:31 - 2013-12-18 17:31 - 00010240 _____ () C:\Users\****\AppData\Local\Temp\_MEI24642\select.pyd 2013-12-18 17:31 - 2013-12-18 17:31 - 00686080 _____ () C:\Users\****\AppData\Local\Temp\_MEI24642\unicodedata.pyd 2013-12-18 17:31 - 2013-12-18 17:31 - 00025600 _____ () C:\Users\****\AppData\Local\Temp\_MEI24642\win32pdh.pyd 2013-12-18 17:31 - 2013-12-18 17:31 - 00521680 _____ () C:\Users\****\AppData\Local\Temp\_MEI24642\windows._lib_cacheinvalidation.pyd 2013-12-18 17:31 - 2013-12-18 17:31 - 00011264 _____ () C:\Users\****\AppData\Local\Temp\_MEI24642\win32crypt.pyd 2013-12-18 17:31 - 2013-12-18 17:31 - 00024064 _____ () C:\Users\****\AppData\Local\Temp\_MEI24642\win32pipe.pyd 2013-12-18 17:31 - 2013-12-18 17:31 - 00035840 _____ () C:\Users\****\AppData\Local\Temp\_MEI24642\win32process.pyd 2013-12-18 17:31 - 2013-12-18 17:31 - 00017408 _____ () C:\Users\****\AppData\Local\Temp\_MEI24642\win32profile.pyd 2013-12-18 17:31 - 2013-12-18 17:31 - 00022528 _____ () C:\Users\****\AppData\Local\Temp\_MEI24642\win32ts.pyd ==================== Alternate Data Streams (whitelisted) ========= ==================== Safe Mode (whitelisted) =================== ==================== Faulty Device Manager Devices ============= ==================== Event log errors: ========================= Application errors: ================== System errors: ============= Microsoft Office Sessions: ========================= CodeIntegrity Errors: =================================== Date: 2010-05-06 18:02:49.131 Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume1\Users\****\AppData\Local\Temp\EverestDriver.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert. Date: 2010-05-06 18:02:49.124 Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume1\Users\****\AppData\Local\Temp\EverestDriver.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert. Date: 2010-05-06 18:02:48.003 Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume1\Program Files (x86)\Lavalys\EVEREST Home Edition\kerneld.amd64" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert. Date: 2010-05-06 18:02:47.996 Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume1\Program Files (x86)\Lavalys\EVEREST Home Edition\kerneld.amd64" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert. ==================== Memory info =========================== Percentage of memory in use: 37% Total physical RAM: 4094.49 MB Available physical RAM: 2556.81 MB Total Pagefile: 10092.67 MB Available Pagefile: 8137.87 MB Total Virtual: 8192 MB Available Virtual: 8191.82 MB ==================== Drives ================================ Drive c: () (Fixed) (Total:127.99 GB) (Free:0.86 GB) NTFS ==>[Drive with boot components (obtained from BCD)] Drive d: () (Fixed) (Total:337.77 GB) (Free:6.35 GB) NTFS Drive e: (SICHER IN DIE OBERSTUFE ENGLISCH) (CDROM) (Total:0.1 GB) (Free:0 GB) CDFS Drive j: (BTÜRKSOY) (Removable) (Total:3.76 GB) (Free:0.01 GB) FAT32 ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or 8) (Size: 466 GB) (Disk ID: 00000001) Partition 1: (Active) - (Size=128 GB) - (Type=07 NTFS) Partition 2: (Not Active) - (Size=338 GB) - (Type=07 NTFS) ======================================================== Disk: 1 (Size: 4 GB) (Disk ID: 00000000) Partition 1: (Active) - (Size=4 GB) - (Type=0B) ==================== End Of Log ============================ |
19.12.2013, 12:09 | #4 |
/// the machine /// TB-Ausbilder | Win 7 Lollipop Trojaner aktiv - Webseiten werden auf Werbung umgeleitetESET Online Scanner
Downloade Dir bitte SecurityCheck und:
und ein frisches FRST log bitte. Noch Probleme?
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
27.12.2013, 12:03 | #5 |
| Win 7 Lollipop Trojaner aktiv - Webseiten werden auf Werbung umgeleitet So jetzt ist der Weihnachtsstress vorbei und ich kann mich wieder um meinen PC kümmern Im Moment macht sich das oben beschriebene Problem nicht mehr erkennbar. Es scheint wieder alles ok zu sein. Hier die angeforderten Logfiles: Code:
ATTFilter ESETSmartInstaller@High as downloader log: all ok # version=8 # OnlineScannerApp.exe=1.0.0.1 # OnlineScanner.ocx=1.0.0.6920 # api_version=3.0.2 # EOSSerial=c88d2580cc090c43b49f2e0aa987221a # engine=16331 # end=stopped # remove_checked=false # archives_checked=true # unwanted_checked=false # unsafe_checked=false # antistealth_checked=true # utc_time=2013-12-20 07:33:26 # local_time=2013-12-20 08:33:26 (+0100, Mitteleuropäische Zeit) # country="Germany" # lang=1033 # osver=6.1.7601 NT Service Pack 1 # compatibility_mode=5893 16776574 100 94 12405238 139154656 0 0 # scanned=1584834 # found=0 # cleaned=0 # scan_time=55554 ESETSmartInstaller@High as downloader log: all ok # version=8 # OnlineScannerApp.exe=1.0.0.1 # OnlineScanner.ocx=1.0.0.6920 # api_version=3.0.2 # EOSSerial=c88d2580cc090c43b49f2e0aa987221a # engine=16406 # end=stopped # remove_checked=false # archives_checked=true # unwanted_checked=false # unsafe_checked=false # antistealth_checked=true # utc_time=2013-12-26 11:26:59 # local_time=2013-12-26 12:26:59 (+0100, Mitteleuropäische Zeit) # country="Germany" # lang=1033 # osver=6.1.7601 NT Service Pack 1 # compatibility_mode=5893 16776574 100 94 12937651 139687069 0 0 # scanned=210 # found=0 # cleaned=0 # scan_time=19 ESETSmartInstaller@High as downloader log: all ok # version=8 # OnlineScannerApp.exe=1.0.0.1 # OnlineScanner.ocx=1.0.0.6920 # api_version=3.0.2 # EOSSerial=c88d2580cc090c43b49f2e0aa987221a # engine=16406 # end=finished # remove_checked=false # archives_checked=true # unwanted_checked=false # unsafe_checked=false # antistealth_checked=true # utc_time=2013-12-27 04:47:30 # local_time=2013-12-27 05:47:30 (+0100, Mitteleuropäische Zeit) # country="Germany" # lang=1033 # osver=6.1.7601 NT Service Pack 1 # compatibility_mode=5893 16776574 100 94 13000082 139749500 0 0 # scanned=1860978 # found=0 # cleaned=0 # scan_time=60288 Code:
ATTFilter Results of screen317's Security Check version 0.99.77 Windows 7 Service Pack 1 x64 (UAC is enabled) Internet Explorer 11 ``````````````Antivirus/Firewall Check:`````````````` Microsoft Security Essentials Antivirus up to date! `````````Anti-malware/Other Utilities Check:````````` Malwarebytes Anti-Malware Version 1.75.0.1300 Java 7 Update 45 Adobe Flash Player 11.9.900.170 Adobe Reader XI Mozilla Firefox (26.0) Mozilla Thunderbird (24.2.0) ````````Process Check: objlist.exe by Laurent```````` Microsoft Security Essentials MSMpEng.exe Microsoft Security Essentials msseces.exe Bene Desktop Virus SecurityCheck.exe `````````````````System Health check````````````````` Total Fragmentation on Drive C: ````````````````````End of Log`````````````````````` FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 25-12-2013 Ran by Bene (administrator) on BENE-PC on 27-12-2013 11:58:42 Running from C:\Users\Bene\Desktop\Virus Windows 7 Ultimate Service Pack 1 (X64) OS Language: German Standard Internet Explorer Version 11 Boot Mode: Normal ==================== Processes (Whitelisted) ================= (Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe (AMD) C:\Windows\System32\atiesrxx.exe (AMD) C:\Windows\System32\atieclxx.exe (Microsoft Corporation) C:\Windows\System32\wisptis.exe (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe () C:\Windows\SysWOW64\XSrvSetup.exe (SMART Technologies) C:\Program Files (x86)\SMART Technologies\Education Software\SMARTHelperService.exe (WDC) C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe () C:\Program Files (x86)\Western Digital\WD Smartware\Front Parlor\WDFME\WDFME.exe () C:\Program Files (x86)\Western Digital\WD Smartware\Front Parlor\WDSC.exe (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE (Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe (Microsoft Corporation) C:\Windows\System32\wisptis.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe (Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe (Spotify Ltd) C:\Users\Bene\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe (NEC Electronics Corporation) C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe (RealNetworks, Inc.) C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe (Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe (Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\ink\InputPersonalization.exe (Microsoft Corporation) C:\Windows\System32\taskmgr.exe (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (AMD) C:\Windows\System32\atieclxx.exe (Microsoft Corporation) C:\Windows\System32\wisptis.exe (Microsoft Corporation) C:\Windows\System32\wisptis.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe (NEC Electronics Corporation) C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe (Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\ink\InputPersonalization.exe () C:\Users\Bene\Desktop\Virus\SecurityCheck.exe (BitTorrent, Inc.) C:\Program Files (x86)\uTorrent\uTorrent.exe (Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_9_900_170.exe (Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_9_900_170.exe ==================== Registry (Whitelisted) ================== HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [8306208 2009-10-21] (Realtek Semiconductor) HKLM\...\Run: [MSC] - C:\Program Files\Microsoft Security Client\msseces.exe [1266912 2013-10-23] (Microsoft Corporation) HKLM-x32\...\Run: [JMB36X IDE Setup] - C:\Windows\RaidTool\xInsIDE.exe [36864 2007-03-20] () HKLM-x32\...\Run: [NUSB3MON] - C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe [106496 2009-09-25] (NEC Electronics Corporation) HKLM-x32\...\Run: [StartCCC] - C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [98304 2010-02-02] (Advanced Micro Devices, Inc.) HKLM-x32\...\Run: [ATICustomerCare] - C:\Program Files (x86)\ATI\ATICustomerCare\ATICustomerCare.exe [307200 2009-06-14] (Advanced Micro Devices, Inc.) HKLM-x32\...\Run: [AVG_UI] - C:\Program Files (x86)\AVG\AVG2013\avgui.exe [3143800 2012-11-06] (AVG Technologies CZ, s.r.o.) HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated) HKLM-x32\...\Run: [TkBellExe] - C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe [273544 2011-02-09] (RealNetworks, Inc.) HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation) HKCU\...\Run: [GoogleDriveSync] - C:\Program Files (x86)\Google\Drive\googledrivesync.exe [20203904 2013-12-06] (Google) HKCU\...\Run: [Spotify Web Helper] - C:\Users\Bene\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1168896 2013-12-20] (Spotify Ltd) MountPoints2: {86906f86-6c32-11e0-814c-6cf0490ead50} - H:\LaunchU3.exe -a MountPoints2: {db691e74-48c0-11df-9575-806e6f6e6963} - E:\autostart.exe Startup: C:\Users\Bene\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Firefox.lnk ShortcutTarget: Firefox.lnk -> C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) ==================== Internet (Whitelisted) ==================== HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/ HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xEFDC2069B5E3CA01 HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de URLSearchHook: HKCU - SearchHook Class - {BC86E1AB-EDA5-4059-938F-CE307B0C6F0A} - C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\AddressBarSearch.dll No File SearchScopes: HKLM - DefaultScope value is missing. SearchScopes: HKCU - {09FC4750-61E6-4F45-9B4F-75C3678F7BB0} URL = hxxp://dict.leo.org/ende?lp=ende&lang=de&searchLoc=0&cmpType=relaxed§Hdr=on&spellToler=on&chinese=both&pinyin=diacritic&search={searchTerms}&relink=on SearchScopes: HKCU - {1ED84690-DA20-4bab-9546-D050FFB40251} URL = hxxp://de.search.yahoo.com/search?p={searchTerms}&fr=chr-devicevm&type=IEBD SearchScopes: HKCU - {B831271B-F1DD-4d5c-8FAB-5788F642F73C} URL = hxxp://www.google.com/custom?client=pub-3794288947762788&forid=1&channel=1975384696&ie=UTF-8&oe=UTF-8&safe=active&cof=GALT%3A%23008000%3BGL%3A1%3BDIV%3A%23336699%3BVLC%3A663399%3BAH%3Acenter%3BBGC%3AFFFFFF%3BLBGC%3A336699%3BALC%3A0000FF%3BLC%3A0000FF%3BT%3A000000%3BGFNT%3A0000FF%3BGIMP%3A0000FF%3BFORID%3A1&hl=de&q={searchTerms} SearchScopes: HKCU - {E0C19C7C-D92A-403D-BE2B-E4A22BBF8E3B} URL = hxxp://rover.ebay.com/rover/1/707-37276-23097-0/4?satitle={searchTerms} BHO: SMART Notebook Download Utility - {67BCF957-85FC-4036-8DC4-D4D80E00A77B} - C:\Program Files (x86)\SMART Technologies\Education Software\Win64\NotebookPlugin.dll (SMART Technologies ULC.) BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) BHO-x32: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer) BHO-x32: SMART Notebook Download Utility - {67BCF957-85FC-4036-8DC4-D4D80E00A77B} - C:\Program Files (x86)\SMART Technologies\Education Software\Win32\NotebookPlugin.dll (SMART Technologies ULC.) BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO-x32: Windows Live ID-Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) BHO-x32: QUICKfind BHO Object - {C08DF07A-3E49-4E25-9AB0-D3882835F153} - C:\Program Files (x86)\IDM\QUICKfind\PlugIns\IEHelp.dll (IDM) BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) DPF: HKLM-x32 {0D6709DD-4ED8-40CA-B459-2757AEEF7BEE} hxxp://download.gigabyte.com.tw/object/Dldrv.ocx Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - No File Handler-x32: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - No File Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies) Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 FireFox: ======== FF ProfilePath: C:\Users\Bene\AppData\Roaming\Mozilla\Firefox\Profiles\ylcxm0ry.default FF Homepage: hxxp://www.google.de/ig FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_9_900_170.dll () FF Plugin: @microsoft.com/GENUINE - disabled No File FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_170.dll () FF Plugin-x32: @adobe.com/ShockwavePlayer - C:\Windows\system32\Adobe\Director\np32dsw.dll No File FF Plugin-x32: @canon.com/MycameraPlugin - C:\Program Files (x86)\Canon\MyCamera Download Plugin\NPCIG.dll (CANON INC.) FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 - C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.) FF Plugin-x32: @java.com/DTPlugin,version=10.45.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=10.45.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin-x32: @microsoft.com/GENUINE - disabled No File FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin-x32: @pages.tvunetworks.com/WebPlayer - C:\Program Files (x86)\TVUPlayer\npTVUAx.dll (TVU networks) FF Plugin-x32: @real.com/nppl3260;version=12.0.1.633 - C:\Program Files (x86)\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.) FF Plugin-x32: @real.com/nprjplug;version=12.0.1.633 - C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.) FF Plugin-x32: @real.com/nprphtml5videoshim;version=12.0.1.633 - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.) FF Plugin-x32: @real.com/nprpjplug;version=12.0.1.633 - C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: @veetle.com/vbp;version=0.9.17 - C:\Program Files (x86)\Veetle\VLCBroadcast\npvbp.dll (Veetle Inc) FF Plugin-x32: @veetle.com/veetleCorePlugin,version=0.9.18 - C:\Program Files (x86)\Veetle\plugins\npVeetle.dll (Veetle Inc) FF Plugin-x32: @veetle.com/veetlePlayerPlugin,version=0.9.18 - C:\Program Files (x86)\Veetle\Player\npvlc.dll (Veetle Inc) FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF Plugin HKCU: @Skype Limited.com/Facebook Video Calling Plugin - C:\Users\Bene\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited) FF SearchPlugin: C:\Users\Bene\AppData\Roaming\Mozilla\Firefox\Profiles\ylcxm0ry.default\searchplugins\comunio.xml FF SearchPlugin: C:\Users\Bene\AppData\Roaming\Mozilla\Firefox\Profiles\ylcxm0ry.default\searchplugins\geizhalsat.xml FF SearchPlugin: C:\Users\Bene\AppData\Roaming\Mozilla\Firefox\Profiles\ylcxm0ry.default\searchplugins\idealode.xml FF SearchPlugin: C:\Users\Bene\AppData\Roaming\Mozilla\Firefox\Profiles\ylcxm0ry.default\searchplugins\imdb.xml FF SearchPlugin: C:\Users\Bene\AppData\Roaming\Mozilla\Firefox\Profiles\ylcxm0ry.default\searchplugins\the-free-dictionary.xml FF SearchPlugin: C:\Users\Bene\AppData\Roaming\Mozilla\Firefox\Profiles\ylcxm0ry.default\searchplugins\torrentday.xml FF SearchPlugin: C:\Users\Bene\AppData\Roaming\Mozilla\Firefox\Profiles\ylcxm0ry.default\searchplugins\youtube.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml FF Extension: TVU Web Player - C:\Users\Bene\AppData\Roaming\Mozilla\Firefox\Profiles\ylcxm0ry.default\Extensions\firefox@tvunetworks.com FF Extension: DownloadHelper - C:\Users\Bene\AppData\Roaming\Mozilla\Firefox\Profiles\ylcxm0ry.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} FF Extension: FoxyDeal - C:\Users\Bene\AppData\Roaming\Mozilla\Firefox\Profiles\ylcxm0ry.default\Extensions\{F58A62EB-38DC-43C4-A539-DC52E135208D} FF Extension: Add to Search Bar - C:\Users\Bene\AppData\Roaming\Mozilla\Firefox\Profiles\ylcxm0ry.default\Extensions\add-to-searchbox@maltekraus.de.xpi FF Extension: FireGestures - C:\Users\Bene\AppData\Roaming\Mozilla\Firefox\Profiles\ylcxm0ry.default\Extensions\firegestures@xuldev.org.xpi FF Extension: Gefällt mir nicht! - Button für Facebook - C:\Users\Bene\AppData\Roaming\Mozilla\Firefox\Profiles\ylcxm0ry.default\Extensions\jid0-DY3JlbKAAeLydLoHa0dLJn4735o@jetpack.xpi FF Extension: FastestFox - C:\Users\Bene\AppData\Roaming\Mozilla\Firefox\Profiles\ylcxm0ry.default\Extensions\smarterwiki@wikiatic.com.xpi FF Extension: gTranslate - C:\Users\Bene\AppData\Roaming\Mozilla\Firefox\Profiles\ylcxm0ry.default\Extensions\{aff87fa2-a58e-4edd-b852-0a20203c1e17}.xpi FF Extension: Right Links - C:\Users\Bene\AppData\Roaming\Mozilla\Firefox\Profiles\ylcxm0ry.default\Extensions\{B5F5E8D3-AE31-49A1-AC42-78B7B1CC5CDC}.xpi FF Extension: Easy YouTube Video Downloader - C:\Users\Bene\AppData\Roaming\Mozilla\Firefox\Profiles\ylcxm0ry.default\Extensions\{c0c9a2c7-2e5c-4447-bc53-97718bc91e1b}.xpi FF Extension: Adblock Plus - C:\Users\Bene\AppData\Roaming\Mozilla\Firefox\Profiles\ylcxm0ry.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi FF Extension: DownThemAll! - C:\Users\Bene\AppData\Roaming\Mozilla\Firefox\Profiles\ylcxm0ry.default\Extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}.xpi FF Extension: Greasemonkey - C:\Users\Bene\AppData\Roaming\Mozilla\Firefox\Profiles\ylcxm0ry.default\Extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}.xpi FF Extension: FoxTab - C:\Users\Bene\AppData\Roaming\Mozilla\Firefox\Profiles\ylcxm0ry.default\Extensions\{ef4e370e-d9f0-4e00-b93e-a4f274cfdd5a}.xpi FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0034-ABCDEFFEDCBA} FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} FF HKLM-x32\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext FF Extension: RealPlayer Browser Record Plugin - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext FF HKLM-x32\...\Firefox\Extensions: [{1E73965B-8B48-48be-9C8D-68B920ABC1C4}] - C:\Program Files (x86)\AVG\AVG2012\Firefox4\ FF HKLM-x32\...\Firefox\Extensions: [{F53C93F1-07D5-430c-86D4-C9531B27DFAF}] - C:\Program Files (x86)\AVG\AVG2012\Firefox\DoNotTrack\ FF HKLM-x32\...\Thunderbird\Extensions: [avgthb@avg.com] - C:\Program Files (x86)\AVG\AVG2012\Thunderbird\ FF HKCU\...\Firefox\Extensions: [{cc6a68a2-5499-46aa-a76d-6f366657e154}] - C:\Program Files (x86)\Re-markit\136.xpi ==================== Services (Whitelisted) ================= S2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe [5814392 2012-11-06] (AVG Technologies CZ, s.r.o.) S2 avgwd; C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe [196664 2012-10-22] (AVG Technologies CZ, s.r.o.) R2 JMB36X; C:\Windows\SysWOW64\XSrvSetup.exe [65536 2009-08-06] () R2 MsMpSvc; C:\Program Files\Microsoft Security Client\MsMpEng.exe [23808 2013-10-23] (Microsoft Corporation) R3 NisSrv; C:\Program Files\Microsoft Security Client\NisSrv.exe [348376 2013-10-23] (Microsoft Corporation) R2 SMARTHelperService; C:\Program Files (x86)\SMART Technologies\Education Software\SMARTHelperService.exe [582552 2012-10-17] (SMART Technologies) R2 WDFME; C:\Program Files (x86)\Western Digital\WD Smartware\Front Parlor\WDFME\WDFME.exe [1034752 2010-09-08] () R2 WDSC; C:\Program Files (x86)\Western Digital\WD Smartware\Front Parlor\WDSC.exe [485376 2010-09-08] () ==================== Drivers (Whitelisted) ==================== R2 atksgt; C:\Windows\System32\DRIVERS\atksgt.sys [314016 2010-12-04] () R2 lirsgt; C:\Windows\System32\DRIVERS\lirsgt.sys [43680 2010-12-04] () R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [248240 2013-09-27] (Microsoft Corporation) R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [134944 2013-09-27] (Microsoft Corporation) R2 npf; C:\Windows\System32\drivers\npf.sys [47632 2010-01-27] (CACE Technologies, Inc.) R3 SMARTMouseFilterx64; C:\Windows\System32\DRIVERS\SMARTMouseFilterx64.sys [13168 2012-03-21] (SMART Technologies ULC) R3 SMARTVHidMiniVistaAmd64; C:\Windows\System32\DRIVERS\SMARTVHidMiniVistaAmd64.sys [16368 2012-03-21] (SMART Technologies ULC) R3 SMARTVTabletPCx64; C:\Windows\System32\DRIVERS\SMARTVTabletPCx64.sys [24944 2012-03-21] (SMART Technologies ULC) S4 sptd; \SystemRoot\\SystemRoot\System32\Drivers\sptd.sys [x] S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [x] S3 tsusbhub; system32\drivers\tsusbhub.sys [x] S3 VGPU; System32\drivers\rdvgkmd.sys [x] ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2013-12-23 11:24 - 2013-12-23 11:26 - 90487267 _____ C:\Users\Bene\Desktop\Bushido_-_Mitten_in_der_Nacht.flv 2013-12-20 09:32 - 2013-12-20 09:32 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox 2013-12-20 08:40 - 2013-12-20 08:41 - 00096673 _____ C:\Users\Bene\Desktop\The.Walking.Dead.S04E03.720p.HDTV.x264-KILLERS.torrent 2013-12-19 12:49 - 2013-12-19 12:49 - 00000000 ____D C:\Users\Bene\AppData\Roaming\JAM Software 2013-12-19 12:48 - 2013-12-19 12:48 - 00000000 ____D C:\Program Files (x86)\JAM Software 2013-12-19 11:39 - 2013-12-19 11:39 - 00082264 _____ C:\Users\Administrator\AppData\Local\GDIPFONTCACHEV1.DAT 2013-12-19 11:39 - 2013-12-19 11:39 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\Real 2013-12-19 11:39 - 2013-12-19 11:39 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\ATI 2013-12-19 11:39 - 2013-12-19 11:39 - 00000000 ____D C:\Users\Administrator\AppData\Local\Avg2013 2013-12-19 11:39 - 2013-12-19 11:39 - 00000000 ____D C:\Users\Administrator\AppData\Local\ATI 2013-12-19 11:38 - 2013-12-19 11:38 - 00001421 _____ C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk 2013-12-19 11:38 - 2013-12-19 11:38 - 00000000 ___RD C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup 2013-12-19 11:38 - 2013-12-19 11:38 - 00000000 ___RD C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools 2013-12-19 11:38 - 2013-12-19 11:38 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\Adobe 2013-12-19 11:37 - 2013-12-19 11:38 - 00000000 ____D C:\Users\Administrator 2013-12-19 11:37 - 2013-12-19 11:37 - 00000020 ___SH C:\Users\Administrator\ntuser.ini 2013-12-19 11:37 - 2013-12-19 11:37 - 00000000 _SHDL C:\Users\Administrator\Vorlagen 2013-12-19 11:37 - 2013-12-19 11:37 - 00000000 _SHDL C:\Users\Administrator\Startmenü 2013-12-19 11:37 - 2013-12-19 11:37 - 00000000 _SHDL C:\Users\Administrator\Netzwerkumgebung 2013-12-19 11:37 - 2013-12-19 11:37 - 00000000 _SHDL C:\Users\Administrator\Lokale Einstellungen 2013-12-19 11:37 - 2013-12-19 11:37 - 00000000 _SHDL C:\Users\Administrator\Eigene Dateien 2013-12-19 11:37 - 2013-12-19 11:37 - 00000000 _SHDL C:\Users\Administrator\Druckumgebung 2013-12-19 11:37 - 2013-12-19 11:37 - 00000000 _SHDL C:\Users\Administrator\Documents\Eigene Musik 2013-12-19 11:37 - 2013-12-19 11:37 - 00000000 _SHDL C:\Users\Administrator\Documents\Eigene Bilder 2013-12-19 11:37 - 2013-12-19 11:37 - 00000000 _SHDL C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programme 2013-12-19 11:37 - 2013-12-19 11:37 - 00000000 _SHDL C:\Users\Administrator\AppData\Local\Verlauf 2013-12-19 11:37 - 2013-12-19 11:37 - 00000000 _SHDL C:\Users\Administrator\AppData\Local\Anwendungsdaten 2013-12-19 11:37 - 2013-12-19 11:37 - 00000000 _SHDL C:\Users\Administrator\Anwendungsdaten 2013-12-19 11:37 - 2012-11-08 18:08 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\TuneUp Software 2013-12-19 11:37 - 2012-09-20 17:23 - 00000000 ____D C:\Users\Administrator\AppData\LocalGoogle 2013-12-19 11:37 - 2012-09-20 17:23 - 00000000 ____D C:\Users\Administrator\AppData\Local\Google 2013-12-19 11:37 - 2011-07-28 11:27 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\Macromedia 2013-12-19 11:37 - 2009-07-14 05:54 - 00000000 ___RD C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories 2013-12-19 11:37 - 2009-07-14 05:49 - 00000000 ___RD C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance 2013-12-18 17:28 - 2013-12-27 11:58 - 00000000 ____D C:\Users\Bene\Desktop\Virus 2013-12-18 17:09 - 2013-12-18 17:09 - 00000000 ____D C:\Windows\ERUNT 2013-12-18 17:05 - 2013-12-18 17:32 - 00000000 ____D C:\AdwCleaner 2013-12-16 16:08 - 2013-12-27 11:58 - 00000000 ____D C:\FRST 2013-12-16 14:56 - 2013-12-18 16:33 - 00006398 _____ C:\Windows\PFRO.log 2013-12-15 19:16 - 2013-12-15 19:16 - 00000000 ____D C:\Program Files (x86)\foxydeal 2013-12-13 11:22 - 2013-12-14 10:48 - 00000000 ____D C:\Program Files (x86)\Mozilla Thunderbird 2013-12-11 19:40 - 2013-12-11 19:40 - 09293192 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe 2013-12-11 12:30 - 2013-05-10 06:56 - 14631424 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll 2013-12-11 12:30 - 2013-05-10 06:56 - 12625920 _____ (Microsoft Corporation) C:\Windows\system32\wmploc.DLL 2013-12-11 12:30 - 2013-05-10 05:56 - 12625408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmploc.DLL 2013-12-11 12:30 - 2013-05-10 05:56 - 11410432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmp.dll 2013-12-11 12:29 - 2013-11-26 12:54 - 23183360 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2013-12-11 12:29 - 2013-11-26 11:19 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2013-12-11 12:29 - 2013-11-26 11:18 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll 2013-12-11 12:29 - 2013-11-26 11:11 - 17112576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2013-12-11 12:29 - 2013-11-26 10:48 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll 2013-12-11 12:29 - 2013-11-26 10:46 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll 2013-12-11 12:29 - 2013-11-26 10:41 - 02764288 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2013-12-11 12:29 - 2013-11-26 10:29 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll 2013-12-11 12:29 - 2013-11-26 10:27 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll 2013-12-11 12:29 - 2013-11-26 10:23 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb 2013-12-11 12:29 - 2013-11-26 10:21 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll 2013-12-11 12:29 - 2013-11-26 10:18 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe 2013-12-11 12:29 - 2013-11-26 10:18 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe 2013-12-11 12:29 - 2013-11-26 10:16 - 00708608 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll 2013-12-11 12:29 - 2013-11-26 09:57 - 00218624 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe 2013-12-11 12:29 - 2013-11-26 09:38 - 02166784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2013-12-11 12:29 - 2013-11-26 09:38 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll 2013-12-11 12:29 - 2013-11-26 09:35 - 05769216 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2013-12-11 12:29 - 2013-11-26 09:32 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll 2013-12-11 12:29 - 2013-11-26 09:28 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll 2013-12-11 12:29 - 2013-11-26 09:16 - 04243968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll 2013-12-11 12:29 - 2013-11-26 09:02 - 01995264 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl 2013-12-11 12:29 - 2013-11-26 08:48 - 12996608 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2013-12-11 12:29 - 2013-11-26 08:32 - 01928192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl 2013-12-11 12:29 - 2013-11-26 08:26 - 11221504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2013-12-11 12:29 - 2013-11-26 08:07 - 02334208 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2013-12-11 12:29 - 2013-11-26 07:40 - 01395200 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2013-12-11 12:29 - 2013-11-26 07:34 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll 2013-12-11 12:29 - 2013-11-26 07:34 - 00703488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll 2013-12-11 12:29 - 2013-11-26 07:33 - 01820160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2013-12-11 12:29 - 2013-11-26 07:27 - 01157632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2013-12-11 09:03 - 2013-11-23 19:26 - 00417792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMPhoto.dll 2013-12-11 09:03 - 2013-11-23 18:47 - 00465920 _____ (Microsoft Corporation) C:\Windows\system32\WMPhoto.dll 2013-12-11 09:03 - 2013-11-12 03:23 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll 2013-12-11 09:03 - 2013-11-12 03:07 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll 2013-12-11 09:03 - 2013-10-30 03:32 - 00335360 _____ (Microsoft Corporation) C:\Windows\system32\msieftp.dll 2013-12-11 09:03 - 2013-10-30 03:19 - 00301568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msieftp.dll 2013-12-11 09:03 - 2013-10-30 02:24 - 03155968 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys 2013-12-11 09:03 - 2013-10-19 03:18 - 00081408 _____ (Microsoft Corporation) C:\Windows\system32\imagehlp.dll 2013-12-11 09:03 - 2013-10-19 02:36 - 00159232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\imagehlp.dll 2013-12-11 09:03 - 2013-10-12 03:32 - 00150016 _____ (Microsoft Corporation) C:\Windows\system32\wshom.ocx 2013-12-11 09:03 - 2013-10-12 03:31 - 00202752 _____ (Microsoft Corporation) C:\Windows\system32\scrrun.dll 2013-12-11 09:03 - 2013-10-12 03:04 - 00121856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wshom.ocx 2013-12-11 09:03 - 2013-10-12 03:03 - 00163840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\scrrun.dll 2013-12-11 09:03 - 2013-10-12 02:33 - 00168960 _____ (Microsoft Corporation) C:\Windows\system32\wscript.exe 2013-12-11 09:03 - 2013-10-12 02:33 - 00156160 _____ (Microsoft Corporation) C:\Windows\system32\cscript.exe 2013-12-11 09:03 - 2013-10-12 02:15 - 00141824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wscript.exe 2013-12-11 09:03 - 2013-10-12 02:15 - 00126976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cscript.exe 2013-12-11 09:03 - 2013-10-04 03:16 - 00116736 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\drmk.sys 2013-12-11 09:03 - 2013-10-04 02:36 - 00230400 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\portcls.sys 2013-11-30 21:04 - 2013-12-07 09:18 - 00000000 ____D C:\Users\Bene\Desktop\bitte was machen ==================== One Month Modified Files and Folders ======= 2013-12-27 11:59 - 2010-04-15 21:27 - 00000000 ____D C:\Users\Bene\AppData\Roaming\uTorrent 2013-12-27 11:58 - 2013-12-18 17:28 - 00000000 ____D C:\Users\Bene\Desktop\Virus 2013-12-27 11:58 - 2013-12-16 16:08 - 00000000 ____D C:\FRST 2013-12-27 11:48 - 2010-04-21 16:31 - 00001106 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2013-12-27 11:45 - 2013-11-19 20:04 - 00015077 _____ C:\Windows\setupact.log 2013-12-27 11:40 - 2012-07-25 16:06 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job 2013-12-27 11:38 - 2010-04-21 16:31 - 00001102 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2013-12-27 11:19 - 2010-04-15 20:01 - 01596305 _____ C:\Windows\WindowsUpdate.log 2013-12-27 10:22 - 2012-01-07 17:27 - 00001134 _____ C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2058888408-2479665750-2358759828-1001UA.job 2013-12-27 10:22 - 2012-01-07 17:27 - 00001112 _____ C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2058888408-2479665750-2358759828-1001Core.job 2013-12-26 14:53 - 2009-07-14 18:58 - 15796762 _____ C:\Windows\system32\perfh007.dat 2013-12-26 14:53 - 2009-07-14 18:58 - 04896694 _____ C:\Windows\system32\perfc007.dat 2013-12-26 14:53 - 2009-07-14 06:13 - 00005214 _____ C:\Windows\system32\PerfStringBackup.INI 2013-12-26 12:05 - 2009-07-14 05:45 - 00017168 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2013-12-26 12:05 - 2009-07-14 05:45 - 00017168 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2013-12-26 11:57 - 2009-07-14 06:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT 2013-12-25 21:49 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\system32\NDF 2013-12-25 21:35 - 2012-05-03 20:47 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service 2013-12-23 11:26 - 2013-12-23 11:24 - 90487267 _____ C:\Users\Bene\Desktop\Bushido_-_Mitten_in_der_Nacht.flv 2013-12-22 16:04 - 2012-04-30 09:11 - 00000000 ____D C:\Users\Bene\Documents\Körperstolz 2013-12-22 03:00 - 2010-07-23 17:28 - 00000430 _____ C:\Windows\Tasks\FrontLine Registry Cleaner Scheduled Scan - Bene.job 2013-12-20 23:46 - 2013-04-29 20:08 - 00000000 ____D C:\Users\Bene\AppData\Roaming\Spotify 2013-12-20 22:49 - 2013-04-29 20:10 - 00000000 ____D C:\Users\Bene\AppData\Local\Spotify 2013-12-20 09:32 - 2013-12-20 09:32 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox 2013-12-20 08:41 - 2013-12-20 08:40 - 00096673 _____ C:\Users\Bene\Desktop\The.Walking.Dead.S04E03.720p.HDTV.x264-KILLERS.torrent 2013-12-19 13:01 - 2010-04-15 20:12 - 00000000 ____D C:\Users\Bene 2013-12-19 12:49 - 2013-12-19 12:49 - 00000000 ____D C:\Users\Bene\AppData\Roaming\JAM Software 2013-12-19 12:48 - 2013-12-19 12:48 - 00000000 ____D C:\Program Files (x86)\JAM Software 2013-12-19 11:39 - 2013-12-19 11:39 - 00082264 _____ C:\Users\Administrator\AppData\Local\GDIPFONTCACHEV1.DAT 2013-12-19 11:39 - 2013-12-19 11:39 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\Real 2013-12-19 11:39 - 2013-12-19 11:39 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\ATI 2013-12-19 11:39 - 2013-12-19 11:39 - 00000000 ____D C:\Users\Administrator\AppData\Local\Avg2013 2013-12-19 11:39 - 2013-12-19 11:39 - 00000000 ____D C:\Users\Administrator\AppData\Local\ATI 2013-12-19 11:38 - 2013-12-19 11:38 - 00001421 _____ C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk 2013-12-19 11:38 - 2013-12-19 11:38 - 00000000 ___RD C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup 2013-12-19 11:38 - 2013-12-19 11:38 - 00000000 ___RD C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools 2013-12-19 11:38 - 2013-12-19 11:38 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\Adobe 2013-12-19 11:38 - 2013-12-19 11:37 - 00000000 ____D C:\Users\Administrator 2013-12-19 11:37 - 2013-12-19 11:37 - 00000020 ___SH C:\Users\Administrator\ntuser.ini 2013-12-19 11:37 - 2013-12-19 11:37 - 00000000 _SHDL C:\Users\Administrator\Vorlagen 2013-12-19 11:37 - 2013-12-19 11:37 - 00000000 _SHDL C:\Users\Administrator\Startmenü 2013-12-19 11:37 - 2013-12-19 11:37 - 00000000 _SHDL C:\Users\Administrator\Netzwerkumgebung 2013-12-19 11:37 - 2013-12-19 11:37 - 00000000 _SHDL C:\Users\Administrator\Lokale Einstellungen 2013-12-19 11:37 - 2013-12-19 11:37 - 00000000 _SHDL C:\Users\Administrator\Eigene Dateien 2013-12-19 11:37 - 2013-12-19 11:37 - 00000000 _SHDL C:\Users\Administrator\Druckumgebung 2013-12-19 11:37 - 2013-12-19 11:37 - 00000000 _SHDL C:\Users\Administrator\Documents\Eigene Musik 2013-12-19 11:37 - 2013-12-19 11:37 - 00000000 _SHDL C:\Users\Administrator\Documents\Eigene Bilder 2013-12-19 11:37 - 2013-12-19 11:37 - 00000000 _SHDL C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programme 2013-12-19 11:37 - 2013-12-19 11:37 - 00000000 _SHDL C:\Users\Administrator\AppData\Local\Verlauf 2013-12-19 11:37 - 2013-12-19 11:37 - 00000000 _SHDL C:\Users\Administrator\AppData\Local\Anwendungsdaten 2013-12-19 11:37 - 2013-12-19 11:37 - 00000000 _SHDL C:\Users\Administrator\Anwendungsdaten 2013-12-18 20:06 - 2013-01-01 15:31 - 00000000 ____D C:\Program Files\Defraggler 2013-12-18 19:11 - 2010-04-21 16:31 - 00000000 ____D C:\Program Files (x86)\Google 2013-12-18 17:32 - 2013-12-18 17:05 - 00000000 ____D C:\AdwCleaner 2013-12-18 17:09 - 2013-12-18 17:09 - 00000000 ____D C:\Windows\ERUNT 2013-12-18 16:33 - 2013-12-16 14:56 - 00006398 _____ C:\Windows\PFRO.log 2013-12-18 07:20 - 2012-12-29 11:30 - 00000040 _____ C:\Users\Bene\defogger_reenable 2013-12-17 08:34 - 2010-05-18 12:09 - 00000432 _____ C:\Windows\BRWMARK.INI 2013-12-17 08:12 - 2012-09-16 13:26 - 00000000 ____D C:\ProgramData\LAT 2.0 Deutsch 2013-12-16 16:11 - 2010-04-30 09:42 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware 2013-12-15 19:16 - 2013-12-15 19:16 - 00000000 ____D C:\Program Files (x86)\foxydeal 2013-12-14 11:18 - 2013-07-23 08:36 - 00000000 ____D C:\Windows\system32\MRT 2013-12-14 11:16 - 2010-04-17 08:08 - 90708896 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe 2013-12-14 10:48 - 2013-12-13 11:22 - 00000000 ____D C:\Program Files (x86)\Mozilla Thunderbird 2013-12-11 19:40 - 2013-12-11 19:40 - 09293192 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe 2013-12-11 19:40 - 2012-07-25 16:06 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2013-12-11 19:40 - 2012-07-25 16:06 - 00003822 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater 2013-12-11 19:40 - 2011-05-25 06:21 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2013-12-11 16:50 - 2013-11-20 09:58 - 04896992 _____ C:\Windows\system32\FNTCACHE.DAT 2013-12-07 09:18 - 2013-11-30 21:04 - 00000000 ____D C:\Users\Bene\Desktop\bitte was machen 2013-12-06 19:31 - 2009-07-14 06:08 - 00032632 _____ C:\Windows\Tasks\SCHEDLGU.TXT 2013-11-30 18:43 - 2010-04-21 16:31 - 00004102 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA 2013-11-30 18:43 - 2010-04-21 16:31 - 00003850 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore Some content of TEMP: ==================== C:\Users\Bene\AppData\Local\Temp\htmlayout.dll C:\Users\Bene\AppData\Local\Temp\Quarantine.exe C:\Users\Bene\AppData\Local\Temp\toolbar10803428.exe C:\Users\Bene\AppData\Local\Temp\toolbar10852069.exe C:\Users\Bene\AppData\Local\Temp\uninstall10897215.exe ==================== Bamital & volsnap Check ================= C:\Windows\System32\winlogon.exe => MD5 is legit C:\Windows\System32\wininit.exe => MD5 is legit C:\Windows\SysWOW64\wininit.exe => MD5 is legit C:\Windows\explorer.exe => MD5 is legit C:\Windows\SysWOW64\explorer.exe => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\SysWOW64\svchost.exe => MD5 is legit C:\Windows\System32\services.exe => MD5 is legit C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\SysWOW64\User32.dll => MD5 is legit C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\SysWOW64\userinit.exe => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit LastRegBack: 2013-12-20 10:02 ==================== End Of Log ============================ Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x64) Version: 25-12-2013 Ran by Bene at 2013-12-27 11:59:47 Running from C:\Users\Bene\Desktop\Virus Boot Mode: Normal ========================================================== ==================== Security Center ======================== AV: Microsoft Security Essentials (Enabled - Up to date) {641105E6-77ED-3F35-A304-765193BCB75F} AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: Microsoft Security Essentials (Enabled - Up to date) {DF70E402-51D7-30BB-99B4-4D23E83BFDE2} ==================== Installed Programs ====================== µTorrent (x32 Version: 2.2.0) AbiWord 2.8.6 (x32 Version: 2.8.6) Adobe AIR (x32 Version: 1.5.3.9120) Adobe Color Video Profiles CS CS4 (x32 Version: 2.0) Adobe Community Help (x32 Version: 3.0.0) Adobe Community Help (x32 Version: 3.0.0.400) Adobe Flash Player 11 ActiveX (x32 Version: 11.9.900.170) Adobe Flash Player 11 Plugin (x32 Version: 11.9.900.170) Adobe Media Player (x32 Version: 1.8) Adobe Photoshop CS5 (x32 Version: 12.0) Adobe Reader XI (11.0.05) - Deutsch (x32 Version: 11.0.05) Adobe Shockwave Player 11.5 (x32 Version: 11.5.9.615) AdobeColorCommonSetRGB (x32 Version: 2.0) Akamai NetSession Interface (HKCU) Allway Sync version 10.5.8 (x32) Apple Application Support (x32 Version: 2.1.9) Apple Mobile Device Support (Version: 5.2.0.6) Apple Software Update (x32 Version: 2.1.3.127) At the Cutting Edge (x32) ATI AVIVO64 Codecs (Version: 10.10.0.40918) ATI Catalyst Install Manager (Version: 3.0.762.0) ATI Catalyst Registration (x32 Version: 2.01.0000) AVG 2012 (Version: 12.0.1913) AVG 2012 (Version: 12.0.2178) AVG 2012 (Version: 12.0.2180) AVG 2012 (Version: 12.0.2193) AVG 2012 (Version: 12.0.2195) AVG 2012 (Version: 12.0.2197) AVG 2012 (Version: 12.0.2221) AVG 2013 (Version: 13.0.2742) AVG 2013 (Version: 13.0.2793) AVG 2013 (Version: 2013.0.2805) Bonjour (Version: 3.0.0.10) Browser Configuration Utility (x32 Version: 1.1.11.0) calibre (x32 Version: 0.9.19) CANON iMAGE GATEWAY MyCamera Download Plugin (x32 Version: 3.1.1.2) CANON iMAGE GATEWAY Task for ZoomBrowser EX (x32 Version: 1.9.0.9) Canon MOV Decoder (x32 Version: 1.8.0.7) Canon MOV Encoder (x32 Version: 1.6.0.1) Canon MovieEdit Task for ZoomBrowser EX (x32 Version: 3.7.0.4) Canon Utilities Digital Photo Professional 3.10 (x32 Version: 3.10.2.0) Canon Utilities EOS Utility (x32 Version: 2.10.2.0) Canon Utilities EOS Video Snapshot Task for ZoomBrowser EX (x32 Version: 1.0.0.10) Canon Utilities PhotoStitch (x32 Version: 3.1.22.46) Canon Utilities Picture Style Editor (x32 Version: 1.9.0.0) Canon Utilities ZoomBrowser EX (x32 Version: 6.7.0.24) Canon ZoomBrowser EX Memory Card Utility (x32 Version: 1.5.0.9) Catalyst Control Center - Branding (x32 Version: 1.00.0000) Catalyst Control Center Core Implementation (x32 Version: 2010.0202.2335.42270) Catalyst Control Center Graphics Full Existing (x32 Version: 2010.0202.2335.42270) Catalyst Control Center Graphics Full New (x32 Version: 2010.0202.2335.42270) Catalyst Control Center Graphics Light (x32 Version: 2010.0202.2335.42270) Catalyst Control Center Graphics Previews Common (x32 Version: 2010.0202.2335.42270) Catalyst Control Center HydraVision Full (x32 Version: 2010.0202.2335.42270) Catalyst Control Center InstallProxy (x32 Version: 2010.0202.2335.42270) Catalyst Control Center Localization All (x32 Version: 2010.0202.2335.42270) CCC Help English (x32 Version: 2010.0202.2334.42270) CCC Help French (x32 Version: 2010.0202.2334.42270) CCC Help German (x32 Version: 2010.0202.2334.42270) CCC Help Italian (x32 Version: 2010.0202.2334.42270) CCC Help Portuguese (x32 Version: 2010.0202.2334.42270) CCC Help Spanish (x32 Version: 2010.0202.2334.42270) ccc-core-static (x32 Version: 2010.0202.2335.42270) ccc-utility64 (Version: 2010.0202.2335.42270) CCleaner (Version: 3.26) CDex - Open Source Digital Audio CD Extractor (x32 Version: 1.70.4.2009) ComunioCalci 1.5.1 (x32) Convert AVI to MP4 1.3 (x32) ConvertHelper 2.2 (x32) D3DX10 (x32 Version: 15.4.2368.0902) DAEMON Tools Lite (x32 Version: 4.47.1.0333) Defraggler (Version: 2.16) Facebook Video Calling 1.2.0.287 (x32 Version: 1.2.287) FLV Player (HKCU) Free YouTube Download 2.9 (x32) Gigabyte Raid Cinfigurer (x32 Version: 1.00.0001) Google Drive (x32 Version: 1.13.5782.599) Google Update Helper (x32 Version: 1.3.22.3) GooReader (x32 Version: 2.0) HydraVision (x32 Version: 4.2.114.0) Java 7 Update 45 (x32 Version: 7.0.450) Java Auto Updater (x32 Version: 2.1.9.8) Klett Software Sicher ins Abitur (x32) Lehrer-Software Notting Hill Gate 3B (x32) Lyrics Plugin for Winamp (x32 Version: 0.4) <==== ATTENTION Malwarebytes Anti-Malware Version 1.75.0.1300 (x32 Version: 1.75.0.1300) Mesh Runtime (x32 Version: 15.4.5722.2) Microsoft .NET Framework 4 Client Profile (Version: 4.0.30320) Microsoft .NET Framework 4 Client Profile DEU Language Pack (Version: 4.0.30320) Microsoft Antimalware Service DE-DE Language Pack (Version: 3.0.8402.2) Microsoft Application Error Reporting (Version: 12.0.6015.5000) Microsoft Office Word Viewer 2003 (x32 Version: 11.0.8173.0) Microsoft Security Client (Version: 4.4.0304.0) Microsoft Security Client DE-DE Language Pack (Version: 2.1.1116.0) Microsoft Security Essentials (Version: 4.4.304.0) Microsoft SQL Server 2005 Compact Edition [ENU] (x32 Version: 3.1.0000) Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (x32 Version: 8.0.50727.4053) Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.56336) Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.61001) Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570 (Version: 9.0.30729.5570) Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (x32 Version: 9.0.30729.5570) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (Version: 9.0.30729.4148) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161) Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (x32 Version: 9.0.21022) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (x32 Version: 9.0.30729) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (x32 Version: 9.0.30729) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (x32 Version: 9.0.30729.4148) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (x32 Version: 9.0.30729.6161) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (Version: 10.0.40219) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (x32 Version: 10.0.40219) Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (Version: 10.0.40303) Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (Version: 10.0.40308) Microsoft Visual Studio 2010 Tools for Office Runtime (x64) Language Pack - DEU (Version: 10.0.40303) Microsoft Visual Studio 2010-Tools für Office-Laufzeit (x64) Language Pack - DEU (Version: 10.0.40303) Microsoft_VC80_ATL_x86_x64 (Version: 8.0.50727.4053) Microsoft_VC80_CRT_x86 (x32 Version: 8.0.50727.4053) Microsoft_VC80_CRT_x86_x64 (Version: 8.0.50727.4053) Microsoft_VC80_MFC_x86 (x32 Version: 8.0.50727.4053) Microsoft_VC80_MFC_x86_x64 (Version: 8.0.50727.4053) Microsoft_VC80_MFCLOC_x86 (x32 Version: 8.0.50727.4053) Microsoft_VC80_MFCLOC_x86_x64 (Version: 80.50727.4053) Microsoft_VC90_ATL_x86 (x32 Version: 1.00.0000) Microsoft_VC90_ATL_x86_x64 (Version: 1.00.0000) Microsoft_VC90_CRT_x86 (x32 Version: 1.00.0000) Microsoft_VC90_CRT_x86_x64 (Version: 1.00.0000) Microsoft_VC90_MFC_x86 (x32 Version: 1.00.0000) Microsoft_VC90_MFC_x86_x64 (Version: 1.00.0000) Mozilla Firefox 26.0 (x86 de) (x32 Version: 26.0) Mozilla Maintenance Service (x32 Version: 26.0) Mozilla Thunderbird 24.2.0 (x86 de) (x32 Version: 24.2.0) MSVCRT (x32 Version: 15.4.2862.0708) MSXML 4.0 SP2 (KB954430) (x32 Version: 4.20.9870.0) MSXML 4.0 SP2 (KB973688) (x32 Version: 4.20.9876.0) MyScript HWR (German) (x32 Version: 4.4.5.1) NEC Electronics USB 3.0 Host Controller Driver (x32 Version: 1.0.14.0) NVIDIA PhysX (x32 Version: 9.09.0720) OpenOffice.org 3.2 (x32 Version: 3.2.9483) Opera 12.15 (x32 Version: 12.15.1748) PC Speed Maximizer v3.2 (x32 Version: 3.2) PDF Settings CS5 (x32 Version: 10.0) PDFCreator (x32 Version: 1.2.1) PDFZilla V1.2.11 (x32) Picasa 3 (x32 Version: 3.9) QUICKfind server v1.1 (x32) QuickTime (x32 Version: 7.69.80.9) RealNetworks - Microsoft Visual C++ 2008 Runtime (x32 Version: 9.0) RealPlayer (x32) Realtek Ethernet Controller Driver For Windows Vista and Later (x32 Version: 1.00.0009) Realtek HDMI Audio Driver for ATI (x32 Version: 6.0.1.5897) Realtek High Definition Audio Driver (x32 Version: 6.0.1.5964) RealUpgrade 1.1 (x32 Version: 1.1.0) SES Driver (Version: 1.0.0) Skype™ 5.10 (x32 Version: 5.10.116) SMART Common Files (x32 Version: 11.1.34.1) SMART German Language Pack (x32 Version: 11.0.50.1) SMART Ink (x32 Version: 1.1.233.0) SMART Notebook (x32 Version: 11.0.705.1) SMART Product Drivers (x32 Version: 11.0.510.2) SMART Product Update (x32 Version: 5.0.108.0) SopCast 3.4.0 (x32 Version: 3.4.0) SoulSeek 157 NS 13e (x32) SpeedFan (remove only) (x32) Spotify (HKCU Version: 0.9.6.81.gd359a796) StarCraft II (x32 Version: 1.4.3.21029) Streamripper (Remove only) (x32) Tesseract-OCR - open source OCR engine (x32 Version: 3.02.02) The Lord of the Rings FREE Trial (x32 Version: 1.00.0000) TIPP10 Version 2.1.0 (x32) TreeSize Free V2.7 (x32 Version: 2.7) TrueCrypt (x32 Version: 7.1a) TVUPlayer 2.5.3.1 (x32 Version: 2.5.3.1) Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (x32 Version: 1) Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (x32 Version: 1) Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (x32 Version: 1) Update for Microsoft .NET Framework 4 Client Profile (KB2836939) (x32 Version: 1) Update for Microsoft .NET Framework 4 Client Profile (KB2836939v3) (x32 Version: 3) VDownloader 3.9.1627 vDownloader Packages (HKCU) Veetle TV (x32 Version: 0.9.18) Visual Studio 2008 x64 Redistributables (x32 Version: 10.0.0.2) Visual Studio 2010 x64 Redistributables (Version: 13.0.0.1) VLC media player 1.1.11 (x32 Version: 1.1.11) Warcraft III (x32) WD SmartWare (Version: 1.4.1.1) Winamp (x32 Version: 5.63 ) Winamp Erkennungs-Plug-in (HKCU Version: 1.0.0.1) Windows Driver Package - Western Digital Technologies (WDC_SAM) WDC_SAM (03/06/2009 1.0.0008.0) (Version: 03/06/2009 1.0.0008.0) Windows Live Communications Platform (x32 Version: 15.4.3502.0922) Windows Live Essentials (x32 Version: 15.4.3502.0922) Windows Live Essentials (x32 Version: 15.4.3555.0308) Windows Live Fotogalerie (x32 Version: 15.4.3502.0922) Windows Live ID Sign-in Assistant (Version: 7.250.4232.0) Windows Live Installer (x32 Version: 15.4.3502.0922) Windows Live Language Selector (Version: 15.4.3555.0308) Windows Live Mesh (x32 Version: 15.4.3502.0922) Windows Live Mesh ActiveX control for remote connections (x32 Version: 15.4.5722.2) Windows Live Movie Maker (x32 Version: 15.4.3502.0922) Windows Live Photo Common (x32 Version: 15.4.3502.0922) Windows Live Photo Gallery (x32 Version: 15.4.3502.0922) Windows Live PIMT Platform (x32 Version: 15.4.3508.1109) Windows Live Remote Client (Version: 15.4.5722.2) Windows Live Remote Client Resources (Version: 15.4.5722.2) Windows Live Remote Service (Version: 15.4.5722.2) Windows Live Remote Service Resources (Version: 15.4.5722.2) Windows Live SOXE (x32 Version: 15.4.3502.0922) Windows Live SOXE Definitions (x32 Version: 15.4.3502.0922) Windows Live UX Platform (x32 Version: 15.4.3502.0922) Windows Live UX Platform Language Pack (x32 Version: 15.4.3508.1109) WinPcap 4.1.1 (x32 Version: 4.1.0.1753) WinRAR 4.01 (64-Bit) (Version: 4.01.0) WinX Free AVI to MP4 Converter 4.0.6 (x32) ==================== Restore Points ========================= 24-12-2013 23:00:04 Geplanter Prüfpunkt 25-12-2013 21:12:50 Windows Update ==================== Hosts content: ========================== 2009-07-14 03:34 - 2010-05-20 18:32 - 00001362 ____A C:\Windows\system32\Drivers\etc\hosts 127.0.0.1 activate.adobe.com 127.0.0.1 practivate.adobe.com 127.0.0.1 ereg.adobe.com 127.0.0.1 activate.wip3.adobe.com 127.0.0.1 wip3.adobe.com 127.0.0.1 3dns-3.adobe.com 127.0.0.1 3dns-2.adobe.com 127.0.0.1 adobe-dns.adobe.com 127.0.0.1 adobe-dns-2.adobe.com 127.0.0.1 adobe-dns-3.adobe.com 127.0.0.1 ereg.wip3.adobe.com 127.0.0.1 activate-sea.adobe.com 127.0.0.1 wwis-dubc1-vip60.adobe.com 127.0.0.1 activate-sjc0.adobe.com ==================== Scheduled Tasks (whitelisted) ============= Task: {29BB99AA-BFDF-4F7F-B675-A1E89142B939} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-12-11] (Adobe Systems Incorporated) Task: {35BCE82B-89C7-401D-9A0D-EC36EA2155C8} - System32\Tasks\FrontLine Registry Cleaner Scheduled Scan - Bene => C:\Program Files (x86)\Frontline Registry Cleaner\REGCLEANER.exe Task: {39AE87D7-3AE6-4311-89CA-85E8CDAF1831} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-2058888408-2479665750-2358759828-1001Core => C:\Users\Bene\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-07-25] (Facebook Inc.) Task: {46ED0861-2531-458B-8BE3-F19272A99F94} - System32\Tasks\{62C40AA6-4406-467a-A5A5-DFDF1B559B7A} => C:\Windows\Szucia.exe Task: {517E3F93-F287-4CFA-B353-75843DBF4365} - System32\Tasks\CCleanerSkipUAC => C:\Program Files (x86)\CCleaner\CCleaner.exe [2012-12-19] (Piriform Ltd) Task: {62F6173C-98D2-4927-9739-5775ECDA7143} - System32\Tasks\Microsoft\Windows\TabletPC\InputPersonalization => C:\Program Files\Common Files\Microsoft Shared\ink\InputPersonalization.exe [2009-07-14] (Microsoft Corporation) Task: {99C9EB3C-D579-4ACA-9F3B-0AC31A7B411D} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-2058888408-2479665750-2358759828-1001UA => C:\Users\Bene\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-07-25] (Facebook Inc.) Task: {9CFAA05A-CA80-4C15-BC77-E1254031C2D5} - System32\Tasks\Microsoft\Windows\WindowsBackup\AutomaticBackup => Rundll32.exe /d sdengin2.dll,ExecuteScheduledBackup Task: {9F328E6A-1242-4E02-BAA7-FC6FB56B7137} - \GoforFilesUpdate No Task File Task: {AD140811-7CFE-4626-A8DB-D390CE6250B7} - System32\Tasks\RealUpgradeLogonTaskS-1-5-21-2058888408-2479665750-2358759828-1001 => C:\Program Files (x86)\Real\RealUpgrade\realupgrade.exe [2011-01-24] (RealNetworks, Inc.) Task: {E2AA917D-95DF-4E9C-B13F-850A898DBFA7} - System32\Tasks\RealUpgradeScheduledTaskS-1-5-21-2058888408-2479665750-2358759828-1001 => C:\Program Files (x86)\Real\RealUpgrade\realupgrade.exe [2011-01-24] (RealNetworks, Inc.) Task: {F5E9D5F9-50C0-44C5-9B12-8284F8CF8D7B} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-04-21] (Google Inc.) Task: {FEC145AC-F8EB-4F18-BED5-E750913D8631} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-04-21] (Google Inc.) Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2058888408-2479665750-2358759828-1001Core.job => C:\Users\Bene\AppData\Local\Facebook\Update\FacebookUpdate.exe Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2058888408-2479665750-2358759828-1001UA.job => C:\Users\Bene\AppData\Local\Facebook\Update\FacebookUpdate.exe Task: C:\Windows\Tasks\FrontLine Registry Cleaner Scheduled Scan - Bene.job => C:\Program Files (x86)\Frontline Registry Cleaner\REGCLEANER.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe ==================== Loaded Modules (whitelisted) ============= 2009-11-24 12:36 - 2009-11-24 12:36 - 00016384 ____R () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Branding\Branding.dll 2010-04-15 20:37 - 2010-04-15 20:37 - 00270336 _____ () C:\Windows\assembly\GAC_MSIL\CLI.Aspect.CrossDisplay.Graphics.Dashboard\1.0.0.0__90ba9c70f846762e\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll 2010-06-19 20:29 - 2011-05-28 21:05 - 00164864 _____ () C:\Program Files\WinRAR\rarext.dll 2012-05-30 19:06 - 2012-05-30 19:06 - 00087912 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll 2012-05-30 19:06 - 2012-05-30 19:06 - 01242512 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll 2010-03-05 10:24 - 2010-03-05 10:24 - 00886272 _____ () C:\Program Files (x86)\Western Digital\WD Smartware\Front Parlor\WDFME\System.Data.SQLite.dll 2013-12-26 12:12 - 2013-12-26 12:12 - 00098816 _____ () C:\Users\Bene\AppData\Local\Temp\_MEI33122\win32api.pyd 2013-12-26 12:12 - 2013-12-26 12:12 - 00110080 _____ () C:\Users\Bene\AppData\Local\Temp\_MEI33122\pywintypes27.dll 2013-12-26 12:12 - 2013-12-26 12:12 - 00364544 _____ () C:\Users\Bene\AppData\Local\Temp\_MEI33122\pythoncom27.dll 2013-12-26 12:12 - 2013-12-26 12:12 - 00044032 _____ () C:\Users\Bene\AppData\Local\Temp\_MEI33122\_socket.pyd 2013-12-26 12:12 - 2013-12-26 12:12 - 01153024 _____ () C:\Users\Bene\AppData\Local\Temp\_MEI33122\_ssl.pyd 2013-12-26 12:12 - 2013-12-26 12:12 - 00320512 _____ () C:\Users\Bene\AppData\Local\Temp\_MEI33122\win32com.shell.shell.pyd 2013-12-26 12:12 - 2013-12-26 12:12 - 00711680 _____ () C:\Users\Bene\AppData\Local\Temp\_MEI33122\_hashlib.pyd 2013-12-26 12:12 - 2013-12-26 12:12 - 01175040 _____ () C:\Users\Bene\AppData\Local\Temp\_MEI33122\wx._core_.pyd 2013-12-26 12:12 - 2013-12-26 12:12 - 00805888 _____ () C:\Users\Bene\AppData\Local\Temp\_MEI33122\wx._gdi_.pyd 2013-12-26 12:12 - 2013-12-26 12:12 - 00811008 _____ () C:\Users\Bene\AppData\Local\Temp\_MEI33122\wx._windows_.pyd 2013-12-26 12:12 - 2013-12-26 12:12 - 01062400 _____ () C:\Users\Bene\AppData\Local\Temp\_MEI33122\wx._controls_.pyd 2013-12-26 12:12 - 2013-12-26 12:12 - 00735232 _____ () C:\Users\Bene\AppData\Local\Temp\_MEI33122\wx._misc_.pyd 2013-12-26 12:12 - 2013-12-26 12:12 - 00128512 _____ () C:\Users\Bene\AppData\Local\Temp\_MEI33122\_elementtree.pyd 2013-12-26 12:12 - 2013-12-26 12:12 - 00127488 _____ () C:\Users\Bene\AppData\Local\Temp\_MEI33122\pyexpat.pyd 2013-12-26 12:12 - 2013-12-26 12:12 - 00557056 _____ () C:\Users\Bene\AppData\Local\Temp\_MEI33122\pysqlite2._sqlite.pyd 2013-12-26 12:12 - 2013-12-26 12:12 - 00087040 _____ () C:\Users\Bene\AppData\Local\Temp\_MEI33122\_ctypes.pyd 2013-12-26 12:12 - 2013-12-26 12:12 - 00119808 _____ () C:\Users\Bene\AppData\Local\Temp\_MEI33122\win32file.pyd 2013-12-26 12:12 - 2013-12-26 12:12 - 00108544 _____ () C:\Users\Bene\AppData\Local\Temp\_MEI33122\win32security.pyd 2013-12-26 12:12 - 2013-12-26 12:12 - 00018432 _____ () C:\Users\Bene\AppData\Local\Temp\_MEI33122\win32event.pyd 2013-12-26 12:12 - 2013-12-26 12:12 - 00038912 _____ () C:\Users\Bene\AppData\Local\Temp\_MEI33122\win32inet.pyd 2013-12-26 12:12 - 2013-12-26 12:12 - 00122368 _____ () C:\Users\Bene\AppData\Local\Temp\_MEI33122\wx._wizard.pyd 2013-12-26 12:12 - 2013-12-26 12:12 - 00026624 _____ () C:\Users\Bene\AppData\Local\Temp\_MEI33122\_multiprocessing.pyd 2013-12-26 12:12 - 2013-12-26 12:12 - 00070656 _____ () C:\Users\Bene\AppData\Local\Temp\_MEI33122\wx._html2.pyd 2013-12-26 12:12 - 2013-12-26 12:12 - 00010240 _____ () C:\Users\Bene\AppData\Local\Temp\_MEI33122\select.pyd 2013-12-26 12:12 - 2013-12-26 12:12 - 00686080 _____ () C:\Users\Bene\AppData\Local\Temp\_MEI33122\unicodedata.pyd 2013-12-26 12:12 - 2013-12-26 12:12 - 00025600 _____ () C:\Users\Bene\AppData\Local\Temp\_MEI33122\win32pdh.pyd 2013-12-26 12:12 - 2013-12-26 12:12 - 00521680 _____ () C:\Users\Bene\AppData\Local\Temp\_MEI33122\windows._lib_cacheinvalidation.pyd 2013-12-26 12:12 - 2013-12-26 12:12 - 00011264 _____ () C:\Users\Bene\AppData\Local\Temp\_MEI33122\win32crypt.pyd 2013-12-26 12:12 - 2013-12-26 12:12 - 00024064 _____ () C:\Users\Bene\AppData\Local\Temp\_MEI33122\win32pipe.pyd 2013-12-26 12:12 - 2013-12-26 12:12 - 00035840 _____ () C:\Users\Bene\AppData\Local\Temp\_MEI33122\win32process.pyd 2013-12-26 12:12 - 2013-12-26 12:12 - 00017408 _____ () C:\Users\Bene\AppData\Local\Temp\_MEI33122\win32profile.pyd 2013-12-26 12:12 - 2013-12-26 12:12 - 00022528 _____ () C:\Users\Bene\AppData\Local\Temp\_MEI33122\win32ts.pyd 2013-12-20 09:32 - 2013-12-20 09:32 - 03559024 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll ==================== Alternate Data Streams (whitelisted) ========= ==================== Safe Mode (whitelisted) =================== ==================== Faulty Device Manager Devices ============= ==================== Event log errors: ========================= Application errors: ================== Error: (12/27/2013 11:40:31 AM) (Source: SideBySide) (User: ) Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3. Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion. In Konflikt stehende Komponenten:. Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest. Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest. Error: (12/27/2013 11:38:30 AM) (Source: SideBySide) (User: ) Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3. Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion. In Konflikt stehende Komponenten:. Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest. Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest. Error: (12/27/2013 06:10:58 AM) (Source: SideBySide) (User: ) Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3. Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion. In Konflikt stehende Komponenten:. Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest. Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest. Error: (12/27/2013 06:10:52 AM) (Source: SideBySide) (User: ) Description: Fehler beim Generieren des Aktivierungskontextes für "assemblyIdentity1". Fehler in Manifest- oder Richtliniendatei "assemblyIdentity2" in Zeile assemblyIdentity3. Der Wert "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" des "version"-Attributs im assemblyIdentity-Element ist ungültig. Error: (12/26/2013 02:53:43 PM) (Source: Microsoft-Windows-LoadPerf) (User: NT-AUTORITÄT) Description: Fehler beim Herunterladen der Zeichenfolgen der Leistungsindikatoren für Dienst "WmiApRpl" (WmiApRpl). Der Fehlercode ist das erste DWORD im Datenbereich. Error: (12/26/2013 02:53:43 PM) (Source: Microsoft-Windows-LoadPerf) (User: NT-AUTORITÄT) Description: Die Zeichenfolgen der Leistungsindikatoren in der Leistungsindikatorenregistrierung werden beschädigt wenn der Prozess "Performance" auf dem Erweiterungsleistungsindikator-Anbieter ausgeführt wird. Der Wert "BaseIndex" aus der Leistungsregistrierung ist das erste DWORD im Datenbereich, der Wert "LastCounter" ist das zweite DWORD im Datenbereich und der Werte "LastHelp" ist das dritte DWORD im Datenbereich. Error: (12/26/2013 02:53:43 PM) (Source: Microsoft-Windows-LoadPerf) (User: NT-AUTORITÄT) Description: Die Zeichenfolgen der Leistungsindikatoren in der Leistungsindikatorenregistrierung werden beschädigt wenn der Prozess "Performance" auf dem Erweiterungsleistungsindikator-Anbieter ausgeführt wird. Der Wert "BaseIndex" aus der Leistungsregistrierung ist das erste DWORD im Datenbereich, der Wert "LastCounter" ist das zweite DWORD im Datenbereich und der Werte "LastHelp" ist das dritte DWORD im Datenbereich. Error: (12/26/2013 01:05:53 PM) (Source: Microsoft-Windows-LoadPerf) (User: NT-AUTORITÄT) Description: Fehler beim Herunterladen der Zeichenfolgen der Leistungsindikatoren für Dienst "WmiApRpl" (WmiApRpl). Der Fehlercode ist das erste DWORD im Datenbereich. Error: (12/26/2013 01:05:53 PM) (Source: Microsoft-Windows-LoadPerf) (User: NT-AUTORITÄT) Description: Die Zeichenfolgen der Leistungsindikatoren in der Leistungsindikatorenregistrierung werden beschädigt wenn der Prozess "Performance" auf dem Erweiterungsleistungsindikator-Anbieter ausgeführt wird. Der Wert "BaseIndex" aus der Leistungsregistrierung ist das erste DWORD im Datenbereich, der Wert "LastCounter" ist das zweite DWORD im Datenbereich und der Werte "LastHelp" ist das dritte DWORD im Datenbereich. Error: (12/26/2013 01:05:53 PM) (Source: Microsoft-Windows-LoadPerf) (User: NT-AUTORITÄT) Description: Die Zeichenfolgen der Leistungsindikatoren in der Leistungsindikatorenregistrierung werden beschädigt wenn der Prozess "Performance" auf dem Erweiterungsleistungsindikator-Anbieter ausgeführt wird. Der Wert "BaseIndex" aus der Leistungsregistrierung ist das erste DWORD im Datenbereich, der Wert "LastCounter" ist das zweite DWORD im Datenbereich und der Werte "LastHelp" ist das dritte DWORD im Datenbereich. System errors: ============= Error: (12/26/2013 11:58:06 AM) (Source: Service Control Manager) (User: ) Description: Der Dienst "AVG WatchDog" wurde mit folgendem dienstspezifischem Fehler beendet: %%-536805315. Error: (12/26/2013 11:58:00 AM) (Source: Service Control Manager) (User: ) Description: Der Dienst "AVGIDSAgent" ist von folgendem Dienst abhängig: AVGIDSDriver. Dieser Dienst ist eventuell nicht installiert. Error: (12/25/2013 09:36:22 PM) (Source: Service Control Manager) (User: ) Description: Der Dienst "AVG WatchDog" wurde mit folgendem dienstspezifischem Fehler beendet: %%-536805315. Error: (12/25/2013 09:36:21 PM) (Source: Service Control Manager) (User: ) Description: Der Dienst "AVGIDSAgent" ist von folgendem Dienst abhängig: AVGIDSDriver. Dieser Dienst ist eventuell nicht installiert. Error: (12/25/2013 00:02:37 PM) (Source: Microsoft Antimalware) (User: ) Description: Beim Aktualisieren der Signaturen wurde von %NT-AUTORITÄT60 ein Fehler festgestellt. Neue Signaturversion: Vorherige Signaturversion: 1.165.470.0 Aktualisierungsquelle: %NT-AUTORITÄT59 Aktualisierungsphase: 4.4.0304.00 Quellpfad: 4.4.0304.01 Signaturtyp: %NT-AUTORITÄT602 Aktualisierungstyp: %NT-AUTORITÄT604 Benutzer: NT-AUTORITÄT\SYSTEM Aktuelle Modulversion: %NT-AUTORITÄT605 Vorherige Modulversion: %NT-AUTORITÄT606 Fehlercode: %NT-AUTORITÄT607 Fehlerbeschreibung: %NT-AUTORITÄT608 Error: (12/25/2013 00:02:28 PM) (Source: Microsoft Antimalware) (User: ) Description: Beim Aktualisieren der Signaturen wurde von %NT-AUTORITÄT60 ein Fehler festgestellt. Neue Signaturversion: Vorherige Signaturversion: 1.165.470.0 Aktualisierungsquelle: %NT-AUTORITÄT59 Aktualisierungsphase: 4.4.0304.00 Quellpfad: 4.4.0304.01 Signaturtyp: %NT-AUTORITÄT602 Aktualisierungstyp: %NT-AUTORITÄT604 Benutzer: NT-AUTORITÄT\SYSTEM Aktuelle Modulversion: %NT-AUTORITÄT605 Vorherige Modulversion: %NT-AUTORITÄT606 Fehlercode: %NT-AUTORITÄT607 Fehlerbeschreibung: %NT-AUTORITÄT608 Error: (12/24/2013 00:02:28 PM) (Source: Microsoft Antimalware) (User: ) Description: Beim Aktualisieren der Signaturen wurde von %NT-AUTORITÄT60 ein Fehler festgestellt. Neue Signaturversion: Vorherige Signaturversion: 1.165.470.0 Aktualisierungsquelle: %NT-AUTORITÄT59 Aktualisierungsphase: 4.4.0304.00 Quellpfad: 4.4.0304.01 Signaturtyp: %NT-AUTORITÄT602 Aktualisierungstyp: %NT-AUTORITÄT604 Benutzer: NT-AUTORITÄT\SYSTEM Aktuelle Modulversion: %NT-AUTORITÄT605 Vorherige Modulversion: %NT-AUTORITÄT606 Fehlercode: %NT-AUTORITÄT607 Fehlerbeschreibung: %NT-AUTORITÄT608 Error: (12/23/2013 03:15:54 PM) (Source: volsnap) (User: ) Description: Die Schattenkopien von Volume "C:" wurden abgebrochen, weil der Schattenkopiespeicher nicht auf ein benutzerdefiniertes Limit vergrößert werden konnte. Error: (12/22/2013 11:48:25 PM) (Source: volsnap) (User: ) Description: Die Schattenkopien von Volume "C:" wurden abgebrochen, weil der Schattenkopiespeicher nicht auf ein benutzerdefiniertes Limit vergrößert werden konnte. Error: (12/22/2013 10:49:22 AM) (Source: Service Control Manager) (User: ) Description: Der Dienst "Google Update Service (gupdate)" wurde aufgrund folgenden Fehlers nicht gestartet: %%1053 Microsoft Office Sessions: ========================= Error: (12/27/2013 11:40:31 AM) (Source: SideBySide)(User: ) Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestG:\ESET Online Scanner\ESETSmartInstaller.exe Error: (12/27/2013 11:38:30 AM) (Source: SideBySide)(User: ) Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Program Files (x86)\ESET\ESET Online Scanner\ESETSmartInstaller.exe Error: (12/27/2013 06:10:58 AM) (Source: SideBySide)(User: ) Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestc:\program files (x86)\ESET\eset online scanner\ESETSmartInstaller.exe Error: (12/27/2013 06:10:52 AM) (Source: SideBySide)(User: ) Description: assemblyIdentityversionMAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINORC:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dllC:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll3 Error: (12/26/2013 02:53:43 PM) (Source: Microsoft-Windows-LoadPerf)(User: NT-AUTORITÄT) Description: WmiApRplWmiApRpl8F20300004D070000 Error: (12/26/2013 02:53:43 PM) (Source: Microsoft-Windows-LoadPerf)(User: NT-AUTORITÄT) Description: Performance1637070000000000000000000009030000 Error: (12/26/2013 02:53:43 PM) (Source: Microsoft-Windows-LoadPerf)(User: NT-AUTORITÄT) Description: Performance1637070000000000000000000009030000 Error: (12/26/2013 01:05:53 PM) (Source: Microsoft-Windows-LoadPerf)(User: NT-AUTORITÄT) Description: WmiApRplWmiApRpl8F20300004D070000 Error: (12/26/2013 01:05:53 PM) (Source: Microsoft-Windows-LoadPerf)(User: NT-AUTORITÄT) Description: Performance1637070000000000000000000009030000 Error: (12/26/2013 01:05:53 PM) (Source: Microsoft-Windows-LoadPerf)(User: NT-AUTORITÄT) Description: Performance1637070000000000000000000009030000 CodeIntegrity Errors: =================================== Date: 2010-05-06 18:02:49.131 Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume1\Users\Bene\AppData\Local\Temp\EverestDriver.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert. Date: 2010-05-06 18:02:49.124 Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume1\Users\Bene\AppData\Local\Temp\EverestDriver.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert. Date: 2010-05-06 18:02:48.003 Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume1\Program Files (x86)\Lavalys\EVEREST Home Edition\kerneld.amd64" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert. Date: 2010-05-06 18:02:47.996 Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume1\Program Files (x86)\Lavalys\EVEREST Home Edition\kerneld.amd64" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert. ==================== Memory info =========================== Percentage of memory in use: 68% Total physical RAM: 4094.49 MB Available physical RAM: 1271.66 MB Total Pagefile: 10092.67 MB Available Pagefile: 6285.48 MB Total Virtual: 8192 MB Available Virtual: 8191.81 MB ==================== Drives ================================ Drive c: () (Fixed) (Total:127.99 GB) (Free:8.08 GB) NTFS ==>[Drive with boot components (obtained from BCD)] Drive d: () (Fixed) (Total:337.77 GB) (Free:50.27 GB) NTFS Drive e: (SICHER IN DIE OBERSTUFE ENGLISCH) (CDROM) (Total:0.1 GB) (Free:0 GB) CDFS Drive g: (BTÜRKSOY) (Removable) (Total:3.76 GB) (Free:1.94 GB) FAT32 ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or 8) (Size: 466 GB) (Disk ID: 00000001) Partition 1: (Active) - (Size=128 GB) - (Type=07 NTFS) Partition 2: (Not Active) - (Size=338 GB) - (Type=07 NTFS) ======================================================== Disk: 1 (Size: 4 GB) (Disk ID: 00000000) Partition 1: (Active) - (Size=4 GB) - (Type=0B) ==================== End Of Log ============================ |
28.12.2013, 08:28 | #6 |
/// the machine /// TB-Ausbilder | Win 7 Lollipop Trojaner aktiv - Webseiten werden auf Werbung umgeleitet Fertig Falls Du Lob oder Kritik loswerden möchtest kannst Du das hier tun Die Reihenfolge ist hier entscheidend.
Hier noch ein paar Tipps zur Absicherung deines Systems. Ich kann garnicht zu oft erwähnen, wie wichtig es ist, dass dein System Up to Date ist.
Anti- Viren Software
Zusätzlicher Schutz
Sicheres Browsen
Alternative Browser Andere Browser tendieren zu etwas mehr Sicherheit als der IE, da diese keine Active X Elemente verwenden. Diese können von Spyware zur Infektion deines Systems missbraucht werden.
Performance Bereinige regelmäßig deine Temp Files. Ich empfehle hierzu TFC Halte dich fern von jedlichen Registry Cleanern. Diese Schaden deinem System mehr als sie helfen. Hier ein paar ( englishe ) Links Miekemoes Blogspot ( MVP ) Bill Castner ( MVP ) Don'ts
Hinweis: Bitte gib mir eine kurze Rückmeldung wenn alles erledigt ist und keine Fragen mehr vorhanden sind, so das ich diesen Thread aus meinen Abos löschen kann.
__________________ --> Win 7 Lollipop Trojaner aktiv - Webseiten werden auf Werbung umgeleitet |
28.12.2013, 11:25 | #7 |
| Win 7 Lollipop Trojaner aktiv - Webseiten werden auf Werbung umgeleitet Es ist alles wieder sauber und es läuft rund. Ich danke dir und deinem Team. Ihr seid echt klasse!!! |
29.12.2013, 11:25 | #8 |
/// the machine /// TB-Ausbilder | Win 7 Lollipop Trojaner aktiv - Webseiten werden auf Werbung umgeleitet Gern Geschehen
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
Themen zu Win 7 Lollipop Trojaner aktiv - Webseiten werden auf Werbung umgeleitet |
adblock, adware.lollipop.it, auf werbung umgeleitet, bonjour, branding, converter, desktop, flash player, google, homepage, install.exe, lollipop.exe, object, plug-in, prozess, pup.optional.amonetize, pup.optional.goforfiles.a, pup.optional.installcore.a, pup.optional.installmonetizer, pup.optional.outbrowse, pup.optional.remarkit.a, pup.optional.sweetim, pup.software.updater, re-markit, realtek, required, security, software, svchost.exe, taskmanager, trojaner, werbung, win64, yoursoftsite.com |