| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Startpage TrojanerWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
27.12.2013, 01:11
| #1 |
| |  Startpage Trojaner Hallo und erstmal frohe Weihnachten! Ich habe aus Versehen der Installation von Startpage zugestimmt. Sowohl die Startseite als auch die Suchmaschinen Menuleiste oeffnet automatisch die Startpage Suchseite und laesst sich manuell nicht mehr zurueck aendern. Nun bekomme ich den Virus nicht mehr runter. Habe schon diverse Foren durchsucht, Antivirensoftware auspobiert, CC Cleaner, Avira und Malwarebites, Trojan REmover und Superantispyware. Bis jetzt hat das alles nicht geholfen. Waere sehr dankebar ueber hilfreiche Tipps. Gruesse ans Team, Katrin |
|
27.12.2013, 09:49
| #2 |
| /// the machine /// TB-Ausbilder    | Startpage Trojaner hi,
__________________Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop:  FRST 32-Bit | FRST 64-Bit(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
__________________ |
|
28.12.2013, 13:48
| #3 |
| | Startpage Trojaner FRST Logfile:
__________________FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 27-12-2013 01
Ran by Katrin (administrator) on Katrin_PC on 28-12-2013 13:40:34
Running from C:\Users\Katrin\Desktop
Windows 7 Home Premium Service Pack 1 (X64) OS Language: English(US)
Internet Explorer Version 11
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\AdminService.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\dsiwmis.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LMworker.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LMutilps32.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
(Microsoft Corporation) C:\Windows\System32\PrintIsolationHost.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Updater\UpdaterService.exe
(NTI Corporation) C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe
(Skype Technologies) C:\Program Files (x86)\Skype\Updater\Updater.exe
(Microsoft Corporation) C:\Users\Katrin\Forefront UAG Remote Access Agent\iportalsickkidsca\iportaltwo1\uagqecsvc.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(Dolby Laboratories Inc.) C:\Dolby PCEE4\pcee4.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LManager.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Reader 11.0\Reader\reader_sl.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerEvent.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Microsoft Corporation) C:\Windows\System32\alg.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12446824 2012-01-31] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_Dolby] - C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1156712 2011-11-15] (Realtek Semiconductor)
HKLM\...\Run: [ETDCtrl] - C:\Program Files\Elantech\ETDCtrl.exe [2816336 2012-03-19] (ELAN Microelectronics Corp.)
HKLM\...\Run: [Power Management] - C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe [1829768 2012-02-08] (Acer Incorporated)
HKLM\...\Run: [MSC] - C:\Program Files\Microsoft Security Client\msseces.exe [1266912 2013-10-23] (Microsoft Corporation)
HKLM-x32\...\Run: [Dolby Home Theater v4] - C:\Dolby PCEE4\pcee4.exe [506712 2011-06-01] (Dolby Laboratories Inc.)
HKLM-x32\...\Run: [LManager] - C:\Program Files (x86)\Launch Manager\LManager.exe [1105488 2012-03-23] (Dritek System Inc.)
HKLM-x32\...\Run: [StartCCC] - C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [630912 2012-02-29] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [BCSSync] - C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-09-05] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM-x32\...\Run: [avgnt] - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [684600 2013-12-18] (Avira Operations GmbH & Co. KG)
HKCU\...\Run: [Skype] - C:\Program Files (x86)\Skype\Phone\Skype.exe [20587168 2013-11-18] (Skype Technologies S.A.)
HKCU\...\Run: [Google Update] - C:\Users\Katrin\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2013-04-25] (Google Inc.)
MountPoints2: {0ca4d8a3-7156-11e2-a64b-dc0ea1bbb121} - F:\SETUP.EXE
HKU\Default\...\RunOnce: [ScrSav] - C:\Program Files (x86)\Acer\Screensaver\run_Acer.exe [162408 2011-09-13] ()
HKU\Default User\...\RunOnce: [ScrSav] - C:\Program Files (x86)\Acer\Screensaver\run_Acer.exe [162408 2011-09-13] ()
AppInit_DLLs: [ ] ()
AppInit_DLLs-x32: c:\progra~2\optimi~1\optpro~1.dll [ ] ()
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://startpage.com
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://acer.msn.com
SearchScopes: HKCU - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://startpage.com/do/search?query={searchTerms}
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://startpage.com/do/search?query={searchTerms}
SearchScopes: HKCU - {25F82E00-721F-43A9-9CE4-08BFDF1B2613} URL = hxxp://www.mysearchresults.com/search?c=2408&t=14&q={searchTerms}
BHO: SteadyVideoBHO Class - {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} - C:\Program Files\AMD\SteadyVideo\SteadyVideo.dll (Advanced Micro Devices)
BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: No Name - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: SteadyVideoBHO Class - {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} - C:\Program Files (x86)\AMD\SteadyVideo\SteadyVideo.dll (Advanced Micro Devices)
BHO-x32: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: CIESpeechBHO Class - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll (Atheros Commnucations)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKCU - No Name - {41564952-412D-5637-00A7-7A786E7484D7} - No File
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Filter: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
Filter: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
Filter-x32: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
Filter-x32: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
FireFox:
========
FF ProfilePath: C:\Users\Katrin\AppData\Roaming\Mozilla\Firefox\Profiles\lzm5cqp9.default
FF SelectedSearchEngine: Google
FF Homepage: www.google.com
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_8_800_168.dll ()
FF Plugin: @java.com/DTPlugin,version=10.45.2 - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.45.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_168.dll ()
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf - C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf - C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=10.45.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.45.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MICROS~4\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll No File
FF Plugin-x32: @videolan.org/vlc,version=2.0.5 - C:\Program Files\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @talk.google.com/GoogleTalkPlugin - C:\Users\Katrin\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF Plugin HKCU: @talk.google.com/O1DPlugin - C:\Users\Katrin\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google)
FF Plugin HKCU: @talk.google.com/O3DPlugin - C:\Users\Katrin\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()
FF Plugin HKCU: @tools.google.com/Google Update;version=3 - C:\Users\Katrin\AppData\Local\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=9 - C:\Users\Katrin\AppData\Local\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Extension: German Dictionary - C:\Users\Katrin\AppData\Roaming\Mozilla\Firefox\Profiles\lzm5cqp9.default\Extensions\de-DE@dictionaries.addons.mozilla.org
FF Extension: Woordenboek Nederlands - C:\Users\Katrin\AppData\Roaming\Mozilla\Firefox\Profiles\lzm5cqp9.default\Extensions\nl-NL@dictionaries.addons.mozilla.org
FF Extension: SelectionLinks - C:\Users\Katrin\AppData\Roaming\Mozilla\Firefox\Profiles\lzm5cqp9.default\Extensions\{1EBD8847-199B-4B3B-B4B8-91E3B80FCDBF}
FF Extension: Myibidder (Myibay) Bid Sniper for eBay - C:\Users\Katrin\AppData\Roaming\Mozilla\Firefox\Profiles\lzm5cqp9.default\Extensions\firefox1@myibay.com.xpi
FF Extension: No Name - C:\Users\Katrin\AppData\Roaming\Mozilla\Firefox\Profiles\lzm5cqp9.default\Extensions\savedpasswordeditor@daniel.dawson.xpi
FF Extension: SciLor's Grooveshark(tm) Unlocker for Germany - C:\Users\Katrin\AppData\Roaming\Mozilla\Firefox\Profiles\lzm5cqp9.default\Extensions\SciLorsGrooveUnlocker@scilor.com.xpi
FF Extension: Adblock Plus - C:\Users\Katrin\AppData\Roaming\Mozilla\Firefox\Profiles\lzm5cqp9.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
FF StartMenuInternet: FIREFOX.EXE - C:\Program Files\firefox.exe
==================== Services (Whitelisted) =================
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [440376 2013-12-18] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [440376 2013-11-28] (Avira Operations GmbH & Co. KG)
R2 MsMpSvc; C:\Program Files\Microsoft Security Client\MsMpEng.exe [23808 2013-10-23] (Microsoft Corporation)
R3 NisSrv; C:\Program Files\Microsoft Security Client\NisSrv.exe [348376 2013-10-23] (Microsoft Corporation)
R2 NTI IScheduleSvc; C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe [256536 2012-01-05] (NTI Corporation)
R2 uagqecsvc; C:\Users\Katrin\Forefront UAG Remote Access Agent\iportalsickkidsca\iportaltwo1\uagqecsvc.exe [144896 2013-09-24] (Microsoft Corporation)
==================== Drivers (Whitelisted) ====================
R0 amdkmpfd; C:\Windows\System32\DRIVERS\amdkmpfd.sys [31872 2012-02-01] (Advanced Micro Devices, Inc.)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [108440 2013-12-18] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [131576 2013-12-18] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-11-28] (Avira Operations GmbH & Co. KG)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [248240 2013-09-27] (Microsoft Corporation)
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [134944 2013-09-27] (Microsoft Corporation)
S3 Serial; C:\Windows\system32\drivers\serial.sys [94208 2009-07-14] (Brother Industries Ltd.)
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2013-12-28 13:07 - 2013-12-28 13:08 - 00026551 _____ C:\Users\Katrin\Desktop\Addition.txt
2013-12-28 13:05 - 2013-12-28 13:40 - 00014510 _____ C:\Users\Katrin\Desktop\FRST.txt
2013-12-28 12:51 - 2013-12-28 12:51 - 01930746 _____ (Farbar) C:\Users\Katrin\Desktop\FRST64.exe
2013-12-28 12:51 - 2013-12-28 12:51 - 00000000 ____D C:\FRST
2013-12-28 02:42 - 2013-10-08 07:46 - 00264616 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2013-12-28 02:41 - 2013-12-28 02:41 - 00004154 _____ C:\Windows\SysWOW64\jupdate-1.7.0_45-b18.log
2013-12-28 02:41 - 2013-10-08 07:50 - 00096168 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2013-12-28 02:41 - 2013-10-08 07:46 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2013-12-28 02:41 - 2013-10-08 07:46 - 00174504 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2013-12-26 03:09 - 2013-12-26 03:09 - 00000000 ____D C:\Users\Katrin\Desktop\104_PANA
2013-12-26 03:08 - 2013-12-26 03:08 - 00000000 ____D C:\Users\Katrin\Desktop\Dale Carnegie - Sorge Dich nicht - lebe!
2013-12-25 22:23 - 2013-12-28 13:39 - 00000224 _____ C:\Windows\setupact.log
2013-12-25 22:23 - 2013-12-25 22:23 - 00000000 _____ C:\Windows\setuperr.log
2013-12-25 22:13 - 2013-12-25 22:14 - 00429808 _____ C:\Windows\system32\FNTCACHE.DAT
2013-12-25 22:13 - 2013-12-25 22:13 - 00000820 _____ C:\Windows\PFRO.log
2013-12-25 22:09 - 2013-12-25 22:17 - 00002668 _____ C:\Users\Katrin\Desktop\Rkill.txt
2013-12-25 22:09 - 2013-12-25 22:09 - 01937144 _____ (Bleeping Computer, LLC) C:\Users\Katrin\Downloads\eXplorer.exe
2013-12-25 22:09 - 2013-12-25 22:09 - 00000000 ____D C:\Users\Katrin\Desktop\rkill
2013-12-25 21:52 - 2013-12-25 21:52 - 00112096 _____ C:\Users\Katrin\AppData\Local\GDIPFONTCACHEV1.DAT
2013-12-25 21:34 - 2013-12-25 21:34 - 04645232 _____ (Piriform Ltd) C:\Users\Katrin\Downloads\ccsetup409(1).exe
2013-12-25 21:30 - 2013-12-25 21:30 - 04645232 _____ (Piriform Ltd) C:\Users\Katrin\Downloads\ccsetup409.exe
2013-12-19 00:02 - 2013-12-19 00:25 - 301690957 _____ C:\Users\Katrin\Downloads\Der_Freie_Wille_p1-2.flv
2013-12-18 23:18 - 2013-12-18 23:27 - 732624896 _____ C:\Users\Katrin\Downloads\The.Science.of.Sleep.DVDRip.XViD.avi
2013-12-17 23:49 - 2013-12-17 23:49 - 79342623 _____ C:\Users\Katrin\Desktop\pics for rani.rar
2013-12-17 23:31 - 2013-12-17 23:48 - 00000000 ____D C:\Users\Katrin\Desktop\pics for rani
2013-12-13 09:25 - 2013-12-13 10:09 - 00020110 ____H C:\Users\Katrin\Desktop\~WRL4049.tmp
2013-12-13 09:23 - 2013-05-10 06:56 - 14631424 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll
2013-12-13 09:23 - 2013-05-10 06:56 - 12625920 _____ (Microsoft Corporation) C:\Windows\system32\wmploc.DLL
2013-12-13 09:23 - 2013-05-10 05:56 - 12625408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmploc.DLL
2013-12-13 09:23 - 2013-05-10 05:56 - 11410432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmp.dll
2013-12-13 09:19 - 2013-11-26 12:54 - 23183360 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-12-13 09:19 - 2013-11-26 11:19 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-12-13 09:19 - 2013-11-26 11:18 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2013-12-13 09:19 - 2013-11-26 11:11 - 17112576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-12-13 09:19 - 2013-11-26 10:48 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-12-13 09:19 - 2013-11-26 10:46 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2013-12-13 09:19 - 2013-11-26 10:41 - 02764288 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-12-13 09:19 - 2013-11-26 10:29 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-12-13 09:19 - 2013-11-26 10:27 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-12-13 09:19 - 2013-11-26 10:23 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-12-13 09:19 - 2013-11-26 10:21 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-12-13 09:19 - 2013-11-26 10:18 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2013-12-13 09:19 - 2013-11-26 10:18 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2013-12-13 09:19 - 2013-11-26 10:16 - 00708608 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2013-12-13 09:19 - 2013-11-26 09:57 - 00218624 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-12-13 09:19 - 2013-11-26 09:38 - 02166784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-12-13 09:19 - 2013-11-26 09:38 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-12-13 09:19 - 2013-11-26 09:35 - 05769216 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-12-13 09:19 - 2013-11-26 09:32 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-12-13 09:19 - 2013-11-26 09:28 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2013-12-13 09:19 - 2013-11-26 09:16 - 04243968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-12-13 09:19 - 2013-11-26 09:02 - 01995264 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2013-12-13 09:19 - 2013-11-26 08:48 - 12996608 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-12-13 09:19 - 2013-11-26 08:32 - 01928192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2013-12-13 09:19 - 2013-11-26 08:26 - 11221504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-12-13 09:19 - 2013-11-26 08:07 - 02334208 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-12-13 09:19 - 2013-11-26 07:40 - 01395200 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-12-13 09:19 - 2013-11-26 07:34 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2013-12-13 09:19 - 2013-11-26 07:34 - 00703488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2013-12-13 09:19 - 2013-11-26 07:33 - 01820160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-12-13 09:19 - 2013-11-26 07:27 - 01157632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-12-11 20:30 - 2013-11-23 19:26 - 00417792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMPhoto.dll
2013-12-11 20:30 - 2013-11-23 18:47 - 00465920 _____ (Microsoft Corporation) C:\Windows\system32\WMPhoto.dll
2013-12-11 20:30 - 2013-11-12 03:23 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2013-12-11 20:30 - 2013-11-12 03:07 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2013-12-11 20:30 - 2013-10-30 03:32 - 00335360 _____ (Microsoft Corporation) C:\Windows\system32\msieftp.dll
2013-12-11 20:30 - 2013-10-30 03:19 - 00301568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msieftp.dll
2013-12-11 20:30 - 2013-10-30 02:24 - 03155968 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2013-12-11 20:30 - 2013-10-19 03:18 - 00081408 _____ (Microsoft Corporation) C:\Windows\system32\imagehlp.dll
2013-12-11 20:30 - 2013-10-19 02:36 - 00159232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\imagehlp.dll
2013-12-11 20:30 - 2013-10-12 03:32 - 00150016 _____ (Microsoft Corporation) C:\Windows\system32\wshom.ocx
2013-12-11 20:30 - 2013-10-12 03:31 - 00202752 _____ (Microsoft Corporation) C:\Windows\system32\scrrun.dll
2013-12-11 20:30 - 2013-10-12 03:04 - 00121856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wshom.ocx
2013-12-11 20:30 - 2013-10-12 03:03 - 00163840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\scrrun.dll
2013-12-11 20:30 - 2013-10-12 02:33 - 00168960 _____ (Microsoft Corporation) C:\Windows\system32\wscript.exe
2013-12-11 20:30 - 2013-10-12 02:33 - 00156160 _____ (Microsoft Corporation) C:\Windows\system32\cscript.exe
2013-12-11 20:30 - 2013-10-12 02:15 - 00141824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wscript.exe
2013-12-11 20:30 - 2013-10-12 02:15 - 00126976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cscript.exe
2013-12-11 20:30 - 2013-10-04 03:16 - 00116736 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\drmk.sys
2013-12-11 20:30 - 2013-10-04 02:36 - 00230400 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\portcls.sys
2013-12-10 22:53 - 2013-12-10 22:53 - 00003118 _____ C:\Windows\System32\Tasks\Microsoft_Hardware_Launch_mousekeyboardcenter_exe
2013-12-10 22:53 - 2013-12-10 22:53 - 00003092 _____ C:\Windows\System32\Tasks\Microsoft_Hardware_Launch_ipoint_exe
2013-12-10 22:53 - 2013-12-10 22:53 - 00003090 _____ C:\Windows\System32\Tasks\Microsoft_Hardware_Launch_itype_exe
2013-12-10 22:53 - 2013-12-10 22:53 - 00003062 _____ C:\Windows\System32\Tasks\Microsoft_MKC_Logon_Task_ipoint.exe
2013-12-10 22:53 - 2013-12-10 22:53 - 00003060 _____ C:\Windows\System32\Tasks\Microsoft_MKC_Logon_Task_itype.exe
2013-12-10 22:53 - 2013-12-10 22:53 - 00000000 ____H C:\Windows\system32\Drivers\Msft_Kernel_point64_01011.Wdf
2013-12-10 22:52 - 2013-12-10 22:52 - 00000000 ____D C:\Program Files\Microsoft Mouse and Keyboard Center
2013-12-10 14:34 - 2013-12-10 14:34 - 00283055 _____ C:\Users\Katrin\Downloads\AllResponses_Logfiles.xlsx
2013-12-10 14:34 - 2013-12-10 14:34 - 00000165 ____H C:\Users\Katrin\Downloads\~$AllResponses_Logfiles.xlsx
2013-12-10 14:24 - 2013-12-25 21:30 - 00000000 ____D C:\Users\Katrin\Desktop\Projectjes December 2013
2013-12-08 15:35 - 2013-12-08 15:35 - 00000355 _____ C:\Users\Katrin\Computer - Shortcut.lnk
2013-12-08 15:34 - 2013-12-08 17:54 - 00000835 _____ C:\Users\Katrin\Downloads\Pics - Rani.zip
2013-12-08 15:34 - 2013-12-08 17:54 - 00000835 _____ C:\Users\Katrin\Downloads\3 Aug - Caribean festival.zip
2013-12-05 17:08 - 2013-12-05 17:08 - 00000000 ____D C:\Users\Katrin\Desktop\lianne
2013-12-05 16:58 - 2013-12-05 17:06 - 00000000 ___RD C:\Users\Katrin\Copy
2013-12-05 16:56 - 2013-12-05 17:11 - 00000000 __SHD C:\Windows\SysWOW64\AI_RecycleBin
2013-12-05 16:56 - 2013-12-05 17:11 - 00000000 ____D C:\Users\Katrin\AppData\Roaming\Copy
2013-12-05 16:48 - 2013-12-05 16:55 - 48530640 _____ (Barracuda Networks, Inc.) C:\Users\Katrin\Downloads\Copy-1.37.0546.exe
2013-12-05 00:20 - 2013-12-05 00:20 - 30694824 _____ (Oracle Corporation) C:\Users\Katrin\Downloads\jre-7u45-windows-x64(1).exe
2013-12-04 23:27 - 2013-12-04 23:26 - 00312744 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
2013-12-04 23:27 - 2013-12-04 23:26 - 00189352 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe
2013-12-04 23:27 - 2013-12-04 23:26 - 00189352 _____ (Oracle Corporation) C:\Windows\system32\java.exe
2013-12-04 23:27 - 2013-12-04 23:26 - 00108968 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge-64.dll
2013-12-04 23:26 - 2013-12-04 23:26 - 00000000 ____D C:\Program Files\Java
2013-12-04 23:25 - 2013-12-04 23:26 - 30694824 _____ (Oracle Corporation) C:\Users\Katrin\Downloads\jre-7u45-windows-x64.exe
2013-12-04 17:22 - 2013-12-04 17:56 - 00017995 ____H C:\Users\Katrin\Desktop\~WRL0005.tmp
2013-11-29 08:53 - 2013-12-04 22:44 - 00017101 ____H C:\Users\Katrin\Desktop\~WRL0006.tmp
2013-11-29 08:53 - 2013-11-29 10:56 - 00016495 ____H C:\Users\Katrin\Desktop\~WRL0834.tmp
2013-11-29 08:53 - 2013-11-29 08:53 - 00000000 ____H C:\Users\Katrin\Desktop\~WRL2340.tmp
2013-11-28 20:32 - 2013-11-28 22:21 - 334647700 _____ C:\Users\Katrin\Downloads\Surface03.rar
==================== One Month Modified Files and Folders =======
2013-12-28 13:41 - 2013-12-28 13:05 - 00014510 _____ C:\Users\Katrin\Desktop\FRST.txt
2013-12-28 13:40 - 2013-10-26 21:31 - 00000437 _____ C:\Windows\system32\Drivers\etc\hosts.ics
2013-12-28 13:40 - 2013-02-09 14:06 - 00000000 ____D C:\Users\Katrin\AppData\Roaming\Skype
2013-12-28 13:39 - 2013-12-25 22:23 - 00000224 _____ C:\Windows\setupact.log
2013-12-28 13:39 - 2009-07-14 06:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-12-28 13:38 - 2012-06-15 22:14 - 01225327 _____ C:\Windows\WindowsUpdate.log
2013-12-28 13:08 - 2013-12-28 13:07 - 00026551 _____ C:\Users\Katrin\Desktop\Addition.txt
2013-12-28 13:00 - 2013-04-25 09:58 - 00001070 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-588370504-2637819077-3987119145-1000UA.job
2013-12-28 12:54 - 2009-07-14 05:45 - 00016976 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-12-28 12:54 - 2009-07-14 05:45 - 00016976 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-12-28 12:51 - 2013-12-28 12:51 - 01930746 _____ (Farbar) C:\Users\Katrin\Desktop\FRST64.exe
2013-12-28 12:51 - 2013-12-28 12:51 - 00000000 ____D C:\FRST
2013-12-28 02:42 - 2013-09-23 03:38 - 00000000 ____D C:\ProgramData\Oracle
2013-12-28 02:41 - 2013-12-28 02:41 - 00004154 _____ C:\Windows\SysWOW64\jupdate-1.7.0_45-b18.log
2013-12-28 02:41 - 2013-09-23 03:36 - 00000000 ____D C:\Program Files (x86)\Java
2013-12-26 03:09 - 2013-12-26 03:09 - 00000000 ____D C:\Users\Katrin\Desktop\104_PANA
2013-12-26 03:08 - 2013-12-26 03:08 - 00000000 ____D C:\Users\Katrin\Desktop\Dale Carnegie - Sorge Dich nicht - lebe!
2013-12-26 02:40 - 2009-07-14 06:13 - 00778834 _____ C:\Windows\system32\PerfStringBackup.INI
2013-12-26 02:37 - 2013-10-10 01:42 - 00000000 ____D C:\Users\Katrin\Desktop\fb
2013-12-26 02:37 - 2013-09-02 03:37 - 00000000 ____D C:\Users\Katrin\Desktop\rani
2013-12-25 22:23 - 2013-12-25 22:23 - 00000000 _____ C:\Windows\setuperr.log
2013-12-25 22:17 - 2013-12-25 22:09 - 00002668 _____ C:\Users\Katrin\Desktop\Rkill.txt
2013-12-25 22:14 - 2013-12-25 22:13 - 00429808 _____ C:\Windows\system32\FNTCACHE.DAT
2013-12-25 22:13 - 2013-12-25 22:13 - 00000820 _____ C:\Windows\PFRO.log
2013-12-25 22:09 - 2013-12-25 22:09 - 01937144 _____ (Bleeping Computer, LLC) C:\Users\Katrin\Downloads\eXplorer.exe
2013-12-25 22:09 - 2013-12-25 22:09 - 00000000 ____D C:\Users\Katrin\Desktop\rkill
2013-12-25 21:52 - 2013-12-25 21:52 - 00112096 _____ C:\Users\Katrin\AppData\Local\GDIPFONTCACHEV1.DAT
2013-12-25 21:43 - 2013-05-01 13:32 - 00000000 ____D C:\backups
2013-12-25 21:42 - 2013-02-07 19:47 - 00000000 ____D C:\Users\Katrin\AppData\Roaming\uTorrent
2013-12-25 21:41 - 2013-04-20 09:13 - 00000000 ____D C:\Users\Katrin\AppData\Local\CrashDumps
2013-12-25 21:41 - 2007-07-12 02:49 - 00000000 ____D C:\Windows\Panther
2013-12-25 21:40 - 2013-07-14 16:17 - 00000472 _____ C:\Windows\wininit.ini
2013-12-25 21:37 - 2013-10-25 19:43 - 00000000 ____D C:\Program Files\SUPERAntiSpyware
2013-12-25 21:35 - 2013-09-25 04:20 - 00000786 _____ C:\Users\Public\Desktop\CCleaner.lnk
2013-12-25 21:35 - 2013-02-07 19:47 - 00000000 ____D C:\Program Files\CCleaner
2013-12-25 21:34 - 2013-12-25 21:34 - 04645232 _____ (Piriform Ltd) C:\Users\Katrin\Downloads\ccsetup409(1).exe
2013-12-25 21:30 - 2013-12-25 21:30 - 04645232 _____ (Piriform Ltd) C:\Users\Katrin\Downloads\ccsetup409.exe
2013-12-25 21:30 - 2013-12-10 14:24 - 00000000 ____D C:\Users\Katrin\Desktop\Projectjes December 2013
2013-12-25 20:44 - 2013-04-25 09:58 - 00001018 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-588370504-2637819077-3987119145-1000Core.job
2013-12-23 17:28 - 2013-02-08 00:23 - 00000000 ____D C:\Users\Katrin\AppData\Roaming\vlc
2013-12-23 16:47 - 2013-02-08 00:14 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2013-12-23 01:04 - 2013-02-08 00:13 - 00000000 ____D C:\Program Files\uninstall
2013-12-23 01:02 - 2013-09-25 04:00 - 03449456 _____ (Mozilla Foundation) C:\Program Files\gkmedias.dll
2013-12-23 01:02 - 2013-09-25 04:00 - 00647280 _____ (Mozilla Foundation) C:\Program Files\libGLESv2.dll
2013-12-23 01:02 - 2013-09-25 04:00 - 00302192 _____ (Mozilla Foundation) C:\Program Files\freebl3.dll
2013-12-23 01:02 - 2013-09-25 04:00 - 00275568 _____ (Mozilla Corporation) C:\Program Files\firefox.exe
2013-12-23 01:02 - 2013-09-25 04:00 - 00194552 _____ (Mozilla Corporation) C:\Program Files\maintenanceservice_installer.exe
2013-12-23 01:02 - 2013-09-25 04:00 - 00119408 _____ (Mozilla Foundation) C:\Program Files\maintenanceservice.exe
2013-12-23 01:02 - 2013-09-25 04:00 - 00117360 _____ (Mozilla Foundation) C:\Program Files\crashreporter.exe
2013-12-23 01:02 - 2013-09-25 04:00 - 00075376 _____ (Mozilla Foundation) C:\Program Files\breakpadinjector.dll
2013-12-23 01:02 - 2013-09-25 04:00 - 00053360 _____ (Mozilla Foundation) C:\Program Files\libEGL.dll
2013-12-23 01:02 - 2013-09-25 04:00 - 00020080 _____ (Mozilla Foundation) C:\Program Files\AccessibleMarshal.dll
2013-12-23 01:02 - 2013-09-25 04:00 - 00000899 _____ C:\Program Files\freebl3.chk
2013-12-23 01:02 - 2013-09-25 04:00 - 00000685 _____ C:\Program Files\application.ini
2013-12-23 01:02 - 2013-09-25 04:00 - 00000000 ____D C:\Program Files\dictionaries
2013-12-23 01:02 - 2013-09-25 04:00 - 00000000 ____D C:\Program Files\browser
2013-12-23 01:02 - 2013-02-08 00:13 - 00000000 ____D C:\Program Files\webapprt
2013-12-23 01:01 - 2013-09-25 04:00 - 22370928 _____ (Mozilla Foundation) C:\Program Files\xul.dll
2013-12-23 01:01 - 2013-09-25 04:00 - 08286039 _____ C:\Program Files\omni.ja
2013-12-23 01:01 - 2013-09-25 04:00 - 03559024 _____ C:\Program Files\mozjs.dll
2013-12-23 01:01 - 2013-09-25 04:00 - 01776240 _____ (Mozilla Foundation) C:\Program Files\nss3.dll
2013-12-23 01:01 - 2013-09-25 04:00 - 00393840 _____ (Mozilla Foundation) C:\Program Files\nssckbi.dll
2013-12-23 01:01 - 2013-09-25 04:00 - 00276592 _____ (Mozilla Foundation) C:\Program Files\updater.exe
2013-12-23 01:01 - 2013-09-25 04:00 - 00170960 _____ (Mozilla Corporation) C:\Program Files\webapp-uninstaller.exe
2013-12-23 01:01 - 2013-09-25 04:00 - 00153712 _____ (Mozilla Foundation) C:\Program Files\softokn3.dll
2013-12-23 01:01 - 2013-09-25 04:00 - 00130672 _____ (Mozilla Foundation) C:\Program Files\mozglue.dll
2013-12-23 01:01 - 2013-09-25 04:00 - 00108144 _____ (Mozilla Foundation) C:\Program Files\webapprt-stub.exe
2013-12-23 01:01 - 2013-09-25 04:00 - 00092272 _____ (Mozilla Foundation) C:\Program Files\nssdbm3.dll
2013-12-23 01:01 - 2013-09-25 04:00 - 00028272 _____ (Mozilla Corporation) C:\Program Files\plugin-hang-ui.exe
2013-12-23 01:01 - 2013-09-25 04:00 - 00018544 _____ (Mozilla Corporation) C:\Program Files\plugin-container.exe
2013-12-23 01:01 - 2013-09-25 04:00 - 00017008 _____ (Mozilla Foundation) C:\Program Files\mozalloc.dll
2013-12-23 01:01 - 2013-09-25 04:00 - 00002019 _____ C:\Program Files\precomplete
2013-12-23 01:01 - 2013-09-25 04:00 - 00000899 _____ C:\Program Files\softokn3.chk
2013-12-23 01:01 - 2013-09-25 04:00 - 00000899 _____ C:\Program Files\nssdbm3.chk
2013-12-23 01:01 - 2013-09-25 04:00 - 00000140 _____ C:\Program Files\platform.ini
2013-12-19 00:25 - 2013-12-19 00:02 - 301690957 _____ C:\Users\Katrin\Downloads\Der_Freie_Wille_p1-2.flv
2013-12-18 23:27 - 2013-12-18 23:18 - 732624896 _____ C:\Users\Katrin\Downloads\The.Science.of.Sleep.DVDRip.XViD.avi
2013-12-18 07:57 - 2013-09-26 06:03 - 00084720 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avnetflt.sys
2013-12-18 07:57 - 2013-09-26 05:58 - 00131576 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys
2013-12-18 07:57 - 2013-09-26 05:58 - 00108440 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
2013-12-17 23:49 - 2013-12-17 23:49 - 79342623 _____ C:\Users\Katrin\Desktop\pics for rani.rar
2013-12-17 23:48 - 2013-12-17 23:31 - 00000000 ____D C:\Users\Katrin\Desktop\pics for rani
2013-12-16 22:50 - 2013-10-29 22:51 - 00000000 ____D C:\Windows\system32\MRT
2013-12-16 22:46 - 2013-10-29 22:51 - 90708896 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2013-12-16 22:41 - 2009-07-14 06:09 - 00000000 ____D C:\Windows\System32\Tasks\WPD
2013-12-15 13:44 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\rescache
2013-12-13 10:09 - 2013-12-13 09:25 - 00020110 ____H C:\Users\Katrin\Desktop\~WRL4049.tmp
2013-12-13 09:22 - 2013-02-08 00:19 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-12-10 22:53 - 2013-12-10 22:53 - 00003118 _____ C:\Windows\System32\Tasks\Microsoft_Hardware_Launch_mousekeyboardcenter_exe
2013-12-10 22:53 - 2013-12-10 22:53 - 00003092 _____ C:\Windows\System32\Tasks\Microsoft_Hardware_Launch_ipoint_exe
2013-12-10 22:53 - 2013-12-10 22:53 - 00003090 _____ C:\Windows\System32\Tasks\Microsoft_Hardware_Launch_itype_exe
2013-12-10 22:53 - 2013-12-10 22:53 - 00003062 _____ C:\Windows\System32\Tasks\Microsoft_MKC_Logon_Task_ipoint.exe
2013-12-10 22:53 - 2013-12-10 22:53 - 00003060 _____ C:\Windows\System32\Tasks\Microsoft_MKC_Logon_Task_itype.exe
2013-12-10 22:53 - 2013-12-10 22:53 - 00000000 ____H C:\Windows\system32\Drivers\Msft_Kernel_point64_01011.Wdf
2013-12-10 22:52 - 2013-12-10 22:52 - 00000000 ____D C:\Program Files\Microsoft Mouse and Keyboard Center
2013-12-10 14:34 - 2013-12-10 14:34 - 00283055 _____ C:\Users\Katrin\Downloads\AllResponses_Logfiles.xlsx
2013-12-10 14:34 - 2013-12-10 14:34 - 00000165 ____H C:\Users\Katrin\Downloads\~$AllResponses_Logfiles.xlsx
2013-12-08 17:55 - 2013-04-25 09:58 - 00004042 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-588370504-2637819077-3987119145-1000UA
2013-12-08 17:55 - 2013-04-25 09:58 - 00003646 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-588370504-2637819077-3987119145-1000Core
2013-12-08 17:54 - 2013-12-08 15:34 - 00000835 _____ C:\Users\Katrin\Downloads\Pics - Rani.zip
2013-12-08 17:54 - 2013-12-08 15:34 - 00000835 _____ C:\Users\Katrin\Downloads\3 Aug - Caribean festival.zip
2013-12-08 15:35 - 2013-12-08 15:35 - 00000355 _____ C:\Users\Katrin\Computer - Shortcut.lnk
2013-12-08 15:35 - 2013-02-07 22:57 - 00000000 ____D C:\Users\Katrin
2013-12-05 17:11 - 2013-12-05 16:56 - 00000000 __SHD C:\Windows\SysWOW64\AI_RecycleBin
2013-12-05 17:11 - 2013-12-05 16:56 - 00000000 ____D C:\Users\Katrin\AppData\Roaming\Copy
2013-12-05 17:08 - 2013-12-05 17:08 - 00000000 ____D C:\Users\Katrin\Desktop\lianne
2013-12-05 17:06 - 2013-12-05 16:58 - 00000000 ___RD C:\Users\Katrin\Copy
2013-12-05 16:55 - 2013-12-05 16:48 - 48530640 _____ (Barracuda Networks, Inc.) C:\Users\Katrin\Downloads\Copy-1.37.0546.exe
2013-12-05 00:20 - 2013-12-05 00:20 - 30694824 _____ (Oracle Corporation) C:\Users\Katrin\Downloads\jre-7u45-windows-x64(1).exe
2013-12-04 23:26 - 2013-12-04 23:27 - 00312744 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
2013-12-04 23:26 - 2013-12-04 23:27 - 00189352 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe
2013-12-04 23:26 - 2013-12-04 23:27 - 00189352 _____ (Oracle Corporation) C:\Windows\system32\java.exe
2013-12-04 23:26 - 2013-12-04 23:27 - 00108968 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge-64.dll
2013-12-04 23:26 - 2013-12-04 23:26 - 00000000 ____D C:\Program Files\Java
2013-12-04 23:26 - 2013-12-04 23:25 - 30694824 _____ (Oracle Corporation) C:\Users\Katrin\Downloads\jre-7u45-windows-x64.exe
2013-12-04 22:44 - 2013-11-29 08:53 - 00017101 ____H C:\Users\Katrin\Desktop\~WRL0006.tmp
2013-12-04 17:56 - 2013-12-04 17:22 - 00017995 ____H C:\Users\Katrin\Desktop\~WRL0005.tmp
2013-11-29 11:18 - 2013-03-02 00:42 - 00000000 ___RD C:\Program Files (x86)\Skype
2013-11-29 11:18 - 2012-03-19 09:48 - 00000000 ____D C:\ProgramData\Skype
2013-11-29 10:56 - 2013-11-29 08:53 - 00016495 ____H C:\Users\Katrin\Desktop\~WRL0834.tmp
2013-11-29 08:53 - 2013-11-29 08:53 - 00000000 ____H C:\Users\Katrin\Desktop\~WRL2340.tmp
2013-11-28 22:21 - 2013-11-28 20:32 - 334647700 _____ C:\Users\Katrin\Downloads\Surface03.rar
2013-11-28 20:20 - 2013-09-26 05:58 - 00028600 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avkmgr.sys
Some content of TEMP:
====================
C:\Users\Katrin\AppData\Local\Temp\avgnt.exe
C:\Users\Katrin\AppData\Local\Temp\dsNCInst64.exe
==================== Bamital & volsnap Check =================
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
LastRegBack: 2013-12-20 18:28
==================== End Of Log ============================
--- --- --- --- --- --- Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x64) Version: 27-12-2013 01
Ran by Katrin at 2013-12-28 13:07:03
Running from C:\Users\Katrin\Desktop
Boot Mode: Normal
==========================================================
==================== Security Center ========================
AV: Microsoft Security Essentials (Enabled - Up to date) {641105E6-77ED-3F35-A304-765193BCB75F}
AV: Avira Desktop (Enabled - Up to date) {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
AS: Avira Desktop (Enabled - Up to date) {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Microsoft Security Essentials (Enabled - Up to date) {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}
==================== Installed Programs ======================
µTorrent (x32 Version: 3.3.0.29038)
Aangifte inkomstenbelasting 2012 (x32)
Acer Backup Manager (x32 Version: 3.0.0.100)
Acer Crystal Eye Webcam (x32 Version: 1.5.2624.00)
Acer ePower Management (x32 Version: 6.00.3010)
Acer eRecovery Management (x32 Version: 5.00.3508)
Acer Instant Update Service (Version: 1.00.3001)
Acer ScreenSaver (x32 Version: 20.11.1107.1418)
Acer Updater (x32 Version: 1.02.3501)
Adobe AIR (x32 Version: 2.6.0.19120)
Adobe Flash Player 11 ActiveX 64-bit (Version: 11.2.202.222)
Adobe Flash Player 11 Plugin (x32 Version: 11.8.800.168)
Adobe Reader XI (11.0.05) (x32 Version: 11.0.05)
AMD Accelerated Video Transcoding (Version: 2.00.0000)
AMD APP SDK Runtime (Version: 10.0.873.1)
AMD Catalyst Install Manager (Version: 3.0.864.0)
AMD Media Foundation Decoders (Version: 1.0.70229.1348)
AMD Steady Video Plug-In (Version: 2.03.0000)
AMD VISION Engine Control Center (x32 Version: 2012.0229.1329.23957)
Atheros Bluetooth Suite (64) (Version: 7.4.0.122)
Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver (x32 Version: 2.0.12.13)
Avira Free Antivirus (x32 Version: 14.0.2.286)
Backup Manager V3 (x32 Version: 3.0.0.100)
Catalyst Control Center - Branding (x32 Version: 1.00.0000)
Catalyst Control Center Graphics Previews Common (x32 Version: 2012.0229.1329.23957)
Catalyst Control Center InstallProxy (x32 Version: 2012.0229.1329.23957)
Catalyst Control Center Localization All (x32 Version: 2012.0229.1329.23957)
CCC Help Chinese Standard (x32 Version: 2012.0229.1328.23957)
CCC Help Chinese Traditional (x32 Version: 2012.0229.1328.23957)
CCC Help Czech (x32 Version: 2012.0229.1328.23957)
CCC Help Danish (x32 Version: 2012.0229.1328.23957)
CCC Help Dutch (x32 Version: 2012.0229.1328.23957)
CCC Help English (x32 Version: 2012.0229.1328.23957)
CCC Help Finnish (x32 Version: 2012.0229.1328.23957)
CCC Help French (x32 Version: 2012.0229.1328.23957)
CCC Help German (x32 Version: 2012.0229.1328.23957)
CCC Help Greek (x32 Version: 2012.0229.1328.23957)
CCC Help Hungarian (x32 Version: 2012.0229.1328.23957)
CCC Help Italian (x32 Version: 2012.0229.1328.23957)
CCC Help Japanese (x32 Version: 2012.0229.1328.23957)
CCC Help Korean (x32 Version: 2012.0229.1328.23957)
CCC Help Norwegian (x32 Version: 2012.0229.1328.23957)
CCC Help Polish (x32 Version: 2012.0229.1328.23957)
CCC Help Portuguese (x32 Version: 2012.0229.1328.23957)
CCC Help Russian (x32 Version: 2012.0229.1328.23957)
CCC Help Spanish (x32 Version: 2012.0229.1328.23957)
CCC Help Swedish (x32 Version: 2012.0229.1328.23957)
CCC Help Thai (x32 Version: 2012.0229.1328.23957)
CCC Help Turkish (x32 Version: 2012.0229.1328.23957)
ccc-utility64 (Version: 2012.0229.1329.23957)
CCleaner (Version: 4.09)
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition (x32)
Dolby Home Theater v4 (x32 Version: 7.2.7000.7)
Dropbox (HKCU Version: 2.2.6)
ETDWare PS/2-X64 10.6.10.8_WHQL (Version: 10.6.10.8)
FastStone Image Viewer 4.8 (x32 Version: 4.8)
Foxit Reader (x32 Version: 6.0.3.524)
Google Talk Plugin (x32 Version: 4.9.1.16010)
Java 7 Update 45 (64-bit) (Version: 7.0.450)
Java 7 Update 45 (x32 Version: 7.0.450)
Java Auto Updater (x32 Version: 2.1.9.8)
Launch Manager (x32 Version: 5.1.15)
Malwarebytes Anti-Malware version 1.75.0.1300 (x32 Version: 1.75.0.1300)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft .NET Framework 4 Extended (Version: 4.0.30319)
Microsoft Mouse and Keyboard Center (Version: 2.2.173.0)
Microsoft Office 2010 (x32 Version: 14.0.4763.1000)
Microsoft Office Access MUI (Dutch) 2010 (x32 Version: 14.0.7015.1000)
Microsoft Office Access MUI (English) 2010 (x32 Version: 14.0.7015.1000)
Microsoft Office Access Setup Metadata MUI (English) 2010 (x32 Version: 14.0.7015.1000)
Microsoft Office Excel MUI (Dutch) 2010 (x32 Version: 14.0.7015.1000)
Microsoft Office Excel MUI (English) 2010 (x32 Version: 14.0.7015.1000)
Microsoft Office Groove MUI (Dutch) 2010 (x32 Version: 14.0.7015.1000)
Microsoft Office Groove MUI (English) 2010 (x32 Version: 14.0.7015.1000)
Microsoft Office InfoPath MUI (Dutch) 2010 (x32 Version: 14.0.7015.1000)
Microsoft Office InfoPath MUI (English) 2010 (x32 Version: 14.0.7015.1000)
Microsoft Office Language Pack 2010 - Dutch/Nederlands (x32 Version: 14.0.7015.1000)
Microsoft Office O MUI (Dutch) 2010 (x32 Version: 14.0.7015.1000)
Microsoft Office Office 64-bit Components 2010 (Version: 14.0.7015.1000)
Microsoft Office OneNote MUI (Dutch) 2010 (x32 Version: 14.0.7015.1000)
Microsoft Office OneNote MUI (English) 2010 (x32 Version: 14.0.7015.1000)
Microsoft Office Outlook MUI (Dutch) 2010 (x32 Version: 14.0.7015.1000)
Microsoft Office Outlook MUI (English) 2010 (x32 Version: 14.0.7015.1000)
Microsoft Office PowerPoint MUI (Dutch) 2010 (x32 Version: 14.0.7015.1000)
Microsoft Office PowerPoint MUI (English) 2010 (x32 Version: 14.0.7015.1000)
Microsoft Office Professional Plus 2010 (x32 Version: 14.0.7015.1000)
Microsoft Office Proof (Dutch) 2010 (x32 Version: 14.0.7015.1000)
Microsoft Office Proof (English) 2010 (x32 Version: 14.0.7015.1000)
Microsoft Office Proof (French) 2010 (x32 Version: 14.0.7015.1000)
Microsoft Office Proof (German) 2010 (x32 Version: 14.0.7015.1000)
Microsoft Office Proof (Spanish) 2010 (x32 Version: 14.0.7015.1000)
Microsoft Office Proofing (Dutch) 2010 (x32 Version: 14.0.7015.1000)
Microsoft Office Proofing (English) 2010 (x32 Version: 14.0.7015.1000)
Microsoft Office Publisher MUI (Dutch) 2010 (x32 Version: 14.0.7015.1000)
Microsoft Office Publisher MUI (English) 2010 (x32 Version: 14.0.7015.1000)
Microsoft Office Shared 64-bit MUI (Dutch) 2010 (Version: 14.0.7015.1000)
Microsoft Office Shared 64-bit MUI (English) 2010 (Version: 14.0.7015.1000)
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010 (Version: 14.0.7015.1000)
Microsoft Office Shared MUI (Dutch) 2010 (x32 Version: 14.0.7015.1000)
Microsoft Office Shared MUI (English) 2010 (x32 Version: 14.0.7015.1000)
Microsoft Office Shared Setup Metadata MUI (English) 2010 (x32 Version: 14.0.7015.1000)
Microsoft Office SharePoint Designer MUI (Dutch) 2010 (x32 Version: 14.0.7015.1000)
Microsoft Office Word MUI (Dutch) 2010 (x32 Version: 14.0.7015.1000)
Microsoft Office Word MUI (English) 2010 (x32 Version: 14.0.7015.1000)
Microsoft Office X MUI (Dutch) 2010 (x32 Version: 14.0.7015.1000)
Microsoft Security Client (Version: 4.4.0304.0)
Microsoft Security Essentials (Version: 4.4.304.0)
Microsoft Silverlight (Version: 5.1.20913.0)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.61001)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (x32 Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (x32 Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (x32 Version: 9.0.30729.6161)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319 (Version: 10.0.30319)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (x32 Version: 10.0.40219)
Mozilla Firefox 26.0 (x86 en-US) (x32 Version: 26.0)
Mozilla Maintenance Service (x32 Version: 26.0)
PhonerLite 1.95 (x32 Version: 1.95)
Qualcomm Atheros WiFi Driver Installation (x32 Version: 3.1)
Realtek High Definition Audio Driver (x32 Version: 6.0.1.6559)
Realtek PCIE Card Reader (x32 Version: 6.1.7601.28104)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (x32)
Service Pack 2 for Microsoft Office 2010 Language Pack (KB2687449) 32-Bit Edition (x32)
Skype™ 6.11 (x32 Version: 6.11.102)
System Requirements Lab Detection (x32 Version: 1.0.5.0)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939v3) (x32 Version: 3)
Update for Microsoft .NET Framework 4 Extended (KB2468871) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2533523) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2600217) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2836939) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2836939v3) (x32 Version: 3)
Update for Microsoft Access 2010 (KB2553446) 32-Bit Edition (x32)
Update for Microsoft Filter Pack 2.0 (KB2810071) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2589298) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2589375) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2597087) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2794737) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2825640) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2826026) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2850079) 32-Bit Edition (x32)
Update for Microsoft OneNote 2010 (KB2810072) 32-Bit Edition (x32)
Update for Microsoft PowerPoint 2010 (KB2553145) 32-Bit Edition (x32)
Update for Microsoft Visio Viewer 2010 (KB2810066) 32-Bit Edition (x32)
Update for Microsoft Word 2010 (KB2837593) 32-Bit Edition (x32)
VLC media player 2.0.5 (x32 Version: 2.0.5)
Windows Live Mesh - ActiveX-besturingselement voor externe verbindingen (x32 Version: 15.4.5722.2)
Windows Live Mesh ActiveX Control for Remote Connections (x32 Version: 15.4.5722.2)
WinRAR 4.20 (64-bit) (Version: 4.20.0)
==================== Restore Points =========================
16-12-2013 21:45:29 Windows Update
22-12-2013 15:42:34 Windows Update
25-12-2013 20:47:20 Removed ตัวควบคุม ActiveX ใน Windows Live Mesh สำหรับการเชื่อมต่อระยะไกล (ไทย)
25-12-2013 20:48:17 Removed عنصر تحكم ActiveX الخاص بـ Windows Live Mesh للاتصالات البعيدة
26-12-2013 16:11:43 Windows Update
28-12-2013 01:40:20 Installed Java 7 Update 45
28-12-2013 01:45:15 Removed Uzak Bağlantılar İçin Windows Live Mesh ActiveX Denetimi
28-12-2013 01:45:43 Removed Ovládací prvok ActiveX programu Windows Live Mesh pre vzdialené pripojenia
28-12-2013 01:46:18 Removed Windows Live Mesh ActiveX-objekt til fjernforbindelser
28-12-2013 01:48:19 Removed Ovládací prvek ActiveX platformy Windows Live Mesh pro vzdálená připojení
28-12-2013 01:48:45 Removido Controle ActiveX do Windows Live Mesh para Conexões Remotas
28-12-2013 01:49:23 Removed Control ActiveX Windows Live Mesh pentru conexiuni la distanță
28-12-2013 01:53:51 Removed Kontrolnik Windows Live Mesh ActiveX za oddaljene povezave
28-12-2013 01:58:10 Removed عنصر تحكم ActiveX الخاص بـ Windows Live Mesh للاتصالات البعيدة
28-12-2013 01:58:42 Removed Windows Live Mesh ActiveX-kontroll for eksterne tilkoblinger
28-12-2013 11:51:52 Removed Windows Live Meshin etäyhteyksien ActiveX-komponentti
28-12-2013 11:54:28 Removed Control ActiveX del Windows Live Mesh per a connexions remotes
28-12-2013 11:54:52 Removed Элемент управления Windows Live Mesh ActiveX для удаленных подключений
28-12-2013 11:55:28 Removed ActiveX-kontroll för fjärranslutningar för Windows Live Mesh
28-12-2013 11:55:54 Removed ActiveX контрола на Windows Live Mesh за отдалечени връзки
28-12-2013 11:56:52 Removed Στοιχείο ελέγχου ActiveX του Windows Live Mesh για απομακρυσμένες συνδέσεις
28-12-2013 11:57:21 已移除 適用遠端連線的 Windows Live Mesh ActiveX 控制項
28-12-2013 11:57:53 Removed Windows Live Mesh ActiveX-vezérlő távoli kapcsolatokhoz
28-12-2013 11:58:25 Removido Controlo ActiveX do Windows Live Mesh para Ligações Remotas
28-12-2013 11:58:55 Quitado Control ActiveX de Windows Live Mesh para conexiones remotas
28-12-2013 11:59:29 Removed Contrôle ActiveX Windows Live Mesh pour connexions à distance
28-12-2013 12:00:05 Removed פקד ActiveX של Windows Live Mesh עבור חיבורים מרוחקים
28-12-2013 12:00:39 Removed Formant ActiveX programu Windows Live Mesh odpowiedzialny za obsługę połączeń zdalnych
28-12-2013 12:01:10 Removed Kontrola Windows Live Mesh ActiveX za daljinske veze
28-12-2013 12:01:42 Removed Windows Live Mesh ActiveX control for remote connections
==================== Hosts content: ==========================
2009-07-14 03:34 - 2009-06-10 22:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
==================== Scheduled Tasks (whitelisted) =============
Task: {02BD4F48-C992-4163-8857-378C3F0F99E4} - System32\Tasks\Microsoft_MKC_Logon_Task_ipoint.exe => C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2013-05-13] (Microsoft Corporation)
Task: {174122E6-45EB-4652-9F2E-DFFAAAB845B6} - System32\Tasks\Microsoft_Hardware_Launch_itype_exe => C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2013-05-13] (Microsoft Corporation)
Task: {2E738AB7-165D-4D92-8B90-FF7F6B79AFD6} - System32\Tasks\automatic shutdown => C:\Windows\System32\shutdown.exe [2009-07-14] (Microsoft Corporation)
Task: {3419A082-9C7F-4A50-B64D-ACFD72B1C92B} - System32\Tasks\Microsoft\Windows\WindowsBackup\AutomaticBackup => Rundll32.exe /d sdengin2.dll,ExecuteScheduledBackup
Task: {3C80005C-9322-4D4E-BC77-6C3293A2EB86} - System32\Tasks\{6FCA09AA-10D4-4131-8568-15BF54081AF4} => Firefox.exe hxxp://ui.skype.com/ui/0/6.6.59.106/en/abandoninstall?page=tsMain
Task: {3CD5AFD5-4A50-445F-AA50-F69DA5990CA3} - System32\Tasks\{6A4BC907-25F2-40C6-8F1B-F32DD2306CF3} => Firefox.exe hxxp://ui.skype.com/ui/0/6.2.59.106/nl/abandoninstall?page=tsBing
Task: {6A7C487E-B53B-44BE-AF25-7AAC60B4A21C} - System32\Tasks\UALU notificatin => C:\Program Files\Acer\Acer Updater\UALU.exe [2012-02-07] (Acer Incorporated)
Task: {6F243D1B-9729-40DD-A442-C73CA5F3764A} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-588370504-2637819077-3987119145-1000UA => C:\Users\Katrin\AppData\Local\Google\Update\GoogleUpdate.exe [2013-04-25] (Google Inc.)
Task: {70A40445-9722-4D0F-B557-D1B966870975} - System32\Tasks\Microsoft_Hardware_Launch_mousekeyboardcenter_exe => C:\Program Files\Microsoft Mouse and Keyboard Center\MouseKeyboardCenter.exe [2013-05-13] (Microsoft)
Task: {8417B2E3-4AFA-44D5-9EEA-895DDFE59A6D} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-588370504-2637819077-3987119145-1000Core => C:\Users\Katrin\AppData\Local\Google\Update\GoogleUpdate.exe [2013-04-25] (Google Inc.)
Task: {9240B823-7DCC-4C81-A9AD-62684BAB1FD2} - System32\Tasks\Microsoft_Hardware_Launch_ipoint_exe => C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2013-05-13] (Microsoft Corporation)
Task: {99A17EFD-8536-4318-B57C-F7AB326783FE} - System32\Tasks\Microsoft_MKC_Logon_Task_itype.exe => C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2013-05-13] (Microsoft Corporation)
Task: {CF1F1A34-B76B-4667-AE2D-ECEE7C414E91} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2013-12-17] (Piriform Ltd)
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-588370504-2637819077-3987119145-1000Core.job => C:\Users\Katrin\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-588370504-2637819077-3987119145-1000UA.job => C:\Users\Katrin\AppData\Local\Google\Update\GoogleUpdate.exe
==================== Loaded Modules (whitelisted) =============
2013-09-05 00:17 - 2013-09-05 00:17 - 04300456 _____ () C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF
2010-10-20 15:23 - 2010-10-20 15:23 - 08801632 _____ () C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll
2013-09-26 05:59 - 2013-09-26 05:56 - 00394824 _____ () C:\Program Files (x86)\Avira\AntiVir Desktop\sqlite3.dll
2012-01-05 22:22 - 2012-01-05 22:22 - 00465344 _____ () C:\Program Files (x86)\NTI\Acer Backup Manager\sqlite3.dll
2012-01-05 22:22 - 2012-01-05 22:22 - 01081368 _____ () C:\Program Files (x86)\NTI\Acer Backup Manager\ACE.dll
2012-01-05 22:22 - 2012-01-05 22:22 - 00125464 _____ () C:\Program Files (x86)\NTI\Acer Backup Manager\MailConverter32.dll
2013-09-05 00:14 - 2013-09-05 00:14 - 04300456 _____ () C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
2010-10-20 15:45 - 2010-10-20 15:45 - 08801120 _____ () C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveIntlResource.dll
2013-09-25 04:00 - 2013-12-23 01:01 - 03559024 _____ () C:\Program Files\mozjs.dll
2013-09-25 04:52 - 2013-09-25 04:52 - 16177544 _____ () C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_168.dll
==================== Alternate Data Streams (whitelisted) =========
AlternateDataStreams: C:\ProgramData\Temp:373E1720
==================== Safe Mode (whitelisted) ===================
==================== Faulty Device Manager Devices =============
Name: H:\
Description: UMS Composite
Class Guid: {eec5ad98-8080-425f-922a-dabf3de3f69a}
Manufacturer: Android
Service: WUDFRd
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
==================== Event log errors: =========================
Application errors:
==================
Error: (12/26/2013 06:54:39 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (12/26/2013 02:27:45 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (12/25/2013 10:24:01 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (12/25/2013 10:21:58 PM) (Source: System Restore) (User: )
Description: Failed to create restore point (Process = C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Setup.exe Files (x86)\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Setup.exe" -Embedding; Description = Configured Microsoft Office Professional Plus 2010; Error = 0x8007043c).
Error: (12/25/2013 10:15:33 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (12/25/2013 09:48:17 PM) (Source: Microsoft-Windows-CAPI2) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.
Details:
AddWin32ServiceFiles: Unable to back up image of service Util lucky leap since QueryServiceConfig API failed
System Error:
The system cannot find the file specified.
.
Error: (12/25/2013 09:48:17 PM) (Source: Microsoft-Windows-CAPI2) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.
Details:
AddLegacyDriverFiles: Unable to back up image of binary SASKUTIL.
System Error:
The system cannot find the file specified.
.
Error: (12/25/2013 09:47:30 PM) (Source: Microsoft-Windows-CAPI2) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.
Details:
AddWin32ServiceFiles: Unable to back up image of service Util lucky leap since QueryServiceConfig API failed
System Error:
The system cannot find the file specified.
.
Error: (12/25/2013 09:47:30 PM) (Source: Microsoft-Windows-CAPI2) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.
Details:
AddLegacyDriverFiles: Unable to back up image of binary SASKUTIL.
System Error:
The system cannot find the file specified.
.
Error: (12/25/2013 03:39:30 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
System errors:
=============
Error: (12/28/2013 00:00:57 AM) (Source: ipnathlp) (User: )
Description: 0
Error: (12/27/2013 11:57:34 AM) (Source: Disk) (User: )
Description: The device, \Device\Harddisk1\DR130, has a bad block.
Error: (12/27/2013 11:57:29 AM) (Source: Disk) (User: )
Description: The device, \Device\Harddisk1\DR130, has a bad block.
Error: (12/27/2013 11:57:24 AM) (Source: Disk) (User: )
Description: The device, \Device\Harddisk1\DR130, has a bad block.
Error: (12/27/2013 11:57:19 AM) (Source: Disk) (User: )
Description: The device, \Device\Harddisk1\DR130, has a bad block.
Error: (12/27/2013 11:57:13 AM) (Source: Disk) (User: )
Description: The device, \Device\Harddisk1\DR130, has a bad block.
Error: (12/27/2013 11:57:07 AM) (Source: Disk) (User: )
Description: The device, \Device\Harddisk1\DR130, has a bad block.
Error: (12/27/2013 11:57:00 AM) (Source: Disk) (User: )
Description: The device, \Device\Harddisk1\DR130, has a bad block.
Error: (12/27/2013 11:56:55 AM) (Source: Disk) (User: )
Description: The device, \Device\Harddisk1\DR130, has a bad block.
Error: (12/27/2013 11:56:50 AM) (Source: Disk) (User: )
Description: The device, \Device\Harddisk1\DR130, has a bad block.
Microsoft Office Sessions:
=========================
Error: (12/26/2013 06:54:39 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (12/26/2013 02:27:45 AM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (12/25/2013 10:24:01 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (12/25/2013 10:21:58 PM) (Source: System Restore)(User: )
Description: C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Setup.exe Files (x86)\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Setup.exe" -EmbeddingConfigured Microsoft Office Professional Plus 20100x8007043c
Error: (12/25/2013 10:15:33 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (12/25/2013 09:48:17 PM) (Source: Microsoft-Windows-CAPI2)(User: )
Description:
Details:
AddWin32ServiceFiles: Unable to back up image of service Util lucky leap since QueryServiceConfig API failed
System Error:
The system cannot find the file specified.
Error: (12/25/2013 09:48:17 PM) (Source: Microsoft-Windows-CAPI2)(User: )
Description:
Details:
AddLegacyDriverFiles: Unable to back up image of binary SASKUTIL.
System Error:
The system cannot find the file specified.
Error: (12/25/2013 09:47:30 PM) (Source: Microsoft-Windows-CAPI2)(User: )
Description:
Details:
AddWin32ServiceFiles: Unable to back up image of service Util lucky leap since QueryServiceConfig API failed
System Error:
The system cannot find the file specified.
Error: (12/25/2013 09:47:30 PM) (Source: Microsoft-Windows-CAPI2)(User: )
Description:
Details:
AddLegacyDriverFiles: Unable to back up image of binary SASKUTIL.
System Error:
The system cannot find the file specified.
Error: (12/25/2013 03:39:30 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
==================== Memory info ===========================
Percentage of memory in use: 43%
Total physical RAM: 7657.37 MB
Available physical RAM: 4293.39 MB
Total Pagefile: 15312.91 MB
Available Pagefile: 11385.96 MB
Total Virtual: 8192 MB
Available Virtual: 8191.81 MB
==================== Drives ================================
Drive c: (Acer) (Fixed) (Total:457.26 GB) (Free:371.56 GB) NTFS
Drive e: (Media & Documents) (Fixed) (Total:456.16 GB) (Free:277.57 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 932 GB) (Disk ID: D84C0FC4)
Partition 1: (Not Active) - (Size=18 GB) - (Type=27)
Partition 2: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=457 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=456 GB) - (Type=OF Extended)
==================== End Of Log ============================
Vielen Dank! |
|
29.12.2013, 11:44
| #4 | |
| /// the machine /// TB-Ausbilder | Startpage TrojanerCombofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!Downloade dir bitte Combofix vom folgenden Downloadspiegel Link 1 WICHTIG - Speichere Combofix auf deinem Desktop
Wenn Combofix fertig ist, wird es eine Logfile erstellen. Bitte poste die C:\Combofix.txt in deiner nächsten Antwort. Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten Zitat:
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
30.12.2013, 16:22
| #5 |
| | Startpage Trojaner ComboFix 13-12-26.01 - Katrin 30-12-2013 0:22:09.1.4 - x64 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.31.1033.18.7657.5450 [GMT 1:00] Gestart vanuit: C:\Users\Katrin\Desktop\ComboFix.exe AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C} AV: Microsoft Security Essentials *Enabled/Updated* {641105E6-77ED-3F35-A304-765193BCB75F} SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691} SP: Microsoft Security Essentials *Enabled/Updated* {DF70E402-51D7-30BB-99B4-4D23E83BFDE2} SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} (((((((((((((((((((((((((((((((((( Andere Verwijderingen ))))))))))))))))))))))))))))))))))))))))))))))))) C:\Users\Katrin\AppData\Local\Temp\nsc6E5E.tmp\System.dll C:\Users\Katrin\AppData\Roaming\Katrin_PC C:\Users\Katrin\AppData\Roaming\Katrin_PC\libcurl.dll C:\Users\Katrin\AppData\Roaming\Katrin_PC\libeay32.dll C:\Users\Katrin\AppData\Roaming\Katrin_PC\libidn-11.dll C:\Users\Katrin\AppData\Roaming\Katrin_PC\libpdcurses.dll C:\Users\Katrin\AppData\Roaming\Katrin_PC\librtmp.dll C:\Users\Katrin\AppData\Roaming\Katrin_PC\libssh2.dll C:\Users\Katrin\AppData\Roaming\Katrin_PC\libusb-1.0.dll C:\Users\Katrin\AppData\Roaming\Katrin_PC\OpenCL.dll C:\Users\Katrin\AppData\Roaming\Katrin_PC\pthreadGC2.dll C:\Users\Katrin\AppData\Roaming\Katrin_PC\scrypt130302.cl C:\Users\Katrin\AppData\Roaming\Katrin_PC\ssleay32.dll C:\Users\Katrin\AppData\Roaming\Katrin_PC\zlib1.dll (((((((((((((((((((( Bestanden Gemaakt van 2013-11-28 to 2013-12-30 )))))))))))))))))))))))))))))) 2013-12-29 23:29:54 . 2013-12-29 23:29:54 -------- d-----w- C:\Users\Default\AppData\Local\temp 2013-12-29 00:39:43 . 2013-12-04 03:28:24 10315576 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{B8D18F38-0194-4DE3-8B2C-B5ACF65DFC6A}\mpengine.dll 2013-12-28 11:51:27 . 2013-12-28 11:51:27 -------- d-----w- C:\FRST 2013-12-28 01:41:54 . 2013-10-08 06:50:37 96168 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll 2013-12-27 23:46:43 . 2013-12-04 03:28:24 10315576 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll 2013-12-13 08:23:22 . 2013-05-10 04:30:50 167424 ----a-w- C:\Program Files\Windows Media Player\wmplayer.exe 2013-12-13 08:23:22 . 2013-05-10 03:48:09 164864 ----a-w- C:\Program Files (x86)\Windows Media Player\wmplayer.exe 2013-12-13 08:23:21 . 2013-05-10 05:56:40 12625920 ----a-w- C:\Windows\system32\wmploc.DLL 2013-12-13 08:23:20 . 2013-05-10 04:56:15 12625408 ----a-w- C:\Windows\SysWow64\wmploc.DLL 2013-12-13 08:23:16 . 2013-05-10 05:56:33 14631424 ----a-w- C:\Windows\system32\wmp.dll 2013-12-11 19:30:32 . 2013-10-30 02:32:01 335360 ----a-w- C:\Windows\system32\msieftp.dll 2013-12-10 21:52:23 . 2013-12-10 21:52:35 -------- d-----w- C:\Program Files\Microsoft Mouse and Keyboard Center 2013-12-06 08:28:13 . 2013-10-19 01:07:48 965000 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{55960C2D-9204-44ED-B780-35DAB45E9F9F}\gapaengine.dll 2013-12-05 15:58:10 . 2013-12-05 16:06:49 -------- d-----r- C:\Users\Katrin\Copy 2013-12-05 15:56:58 . 2013-12-05 16:11:59 -------- d-sh--w- C:\Windows\SysWow64\AI_RecycleBin 2013-12-05 15:56:16 . 2013-12-05 16:11:59 -------- d-----w- C:\Users\Katrin\AppData\Roaming\Copy 2013-12-04 22:27:28 . 2013-12-04 22:26:54 312744 ----a-w- C:\Windows\system32\javaws.exe 2013-12-04 22:27:14 . 2013-12-04 22:26:57 108968 ----a-w- C:\Windows\system32\WindowsAccessBridge-64.dll 2013-12-04 22:27:14 . 2013-12-04 22:26:54 189352 ----a-w- C:\Windows\system32\javaw.exe 2013-12-04 22:27:14 . 2013-12-04 22:26:53 189352 ----a-w- C:\Windows\system32\java.exe 2013-12-04 22:26:50 . 2013-12-04 22:26:50 -------- d-----w- C:\Program Files\Java . ((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) 2013-12-23 00:02:10 . 2013-09-25 03:00:11 20080 ----a-w- C:\Program Files\AccessibleMarshal.dll 2013-12-23 00:02:09 . 2013-09-25 03:00:11 75376 ----a-w- C:\Program Files\breakpadinjector.dll 2013-12-23 00:02:09 . 2013-09-25 03:00:11 275568 ----a-w- C:\Program Files\firefox.exe 2013-12-23 00:02:09 . 2013-09-25 03:00:11 117360 ----a-w- C:\Program Files\crashreporter.exe 2013-12-23 00:02:08 . 2013-09-25 03:00:11 647280 ----a-w- C:\Program Files\libGLESv2.dll 2013-12-23 00:02:08 . 2013-09-25 03:00:11 53360 ----a-w- C:\Program Files\libEGL.dll 2013-12-23 00:02:08 . 2013-09-25 03:00:11 3449456 ----a-w- C:\Program Files\gkmedias.dll 2013-12-23 00:02:08 . 2013-09-25 03:00:11 302192 ----a-w- C:\Program Files\freebl3.dll 2013-12-23 00:02:08 . 2013-09-25 03:00:11 194552 ----a-w- C:\Program Files\maintenanceservice_installer.exe 2013-12-23 00:02:08 . 2013-09-25 03:00:11 119408 ----a-w- C:\Program Files\maintenanceservice.exe 2013-12-23 00:01:53 . 2013-09-25 03:00:11 393840 ----a-w- C:\Program Files\nssckbi.dll 2013-12-23 00:01:53 . 2013-09-25 03:00:11 3559024 ----a-w- C:\Program Files\mozjs.dll 2013-12-23 00:01:53 . 2013-09-25 03:00:11 1776240 ----a-w- C:\Program Files\nss3.dll 2013-12-23 00:01:53 . 2013-09-25 03:00:11 17008 ----a-w- C:\Program Files\mozalloc.dll 2013-12-23 00:01:53 . 2013-09-25 03:00:11 130672 ----a-w- C:\Program Files\mozglue.dll 2013-12-23 00:01:52 . 2013-09-25 03:00:12 28272 ----a-w- C:\Program Files\plugin-hang-ui.exe 2013-12-23 00:01:52 . 2013-09-25 03:00:12 18544 ----a-w- C:\Program Files\plugin-container.exe 2013-12-23 00:01:52 . 2013-09-25 03:00:11 92272 ----a-w- C:\Program Files\nssdbm3.dll 2013-12-23 00:01:51 . 2013-09-25 03:00:12 276592 ----a-w- C:\Program Files\updater.exe 2013-12-23 00:01:51 . 2013-09-25 03:00:12 170960 ----a-w- C:\Program Files\webapp-uninstaller.exe 2013-12-23 00:01:51 . 2013-09-25 03:00:12 153712 ----a-w- C:\Program Files\softokn3.dll 2013-12-23 00:01:50 . 2013-09-25 03:00:12 22370928 ----a-w- C:\Program Files\xul.dll 2013-12-23 00:01:50 . 2013-09-25 03:00:12 108144 ----a-w- C:\Program Files\webapprt-stub.exe 2013-12-18 06:57:20 . 2013-09-26 05:03:35 84720 ----a-w- C:\Windows\system32\drivers\avnetflt.sys 2013-12-18 06:57:20 . 2013-09-26 04:58:57 131576 ----a-w- C:\Windows\system32\drivers\avipbb.sys 2013-12-18 06:57:20 . 2013-09-26 04:58:57 108440 ----a-w- C:\Windows\system32\drivers\avgntflt.sys 2013-12-16 21:46:21 . 2013-10-29 21:51:05 90708896 ----a-w- C:\Windows\system32\MRT.exe 2013-11-28 19:20:26 . 2013-09-26 04:58:57 28600 ----a-w- C:\Windows\system32\drivers\avkmgr.sys 2013-11-23 19:33:03 . 2013-11-23 19:33:03 940032 ----a-w- C:\Windows\system32\MsSpellCheckingFacility.exe 2013-11-23 19:33:03 . 2013-11-23 19:33:03 194048 ----a-w- C:\Windows\SysWow64\elshyph.dll 2013-11-23 19:32:56 . 2013-11-23 19:32:56 71680 ----a-w- C:\Windows\SysWow64\RegisterIEPKEYs.exe 2013-11-23 19:32:56 . 2013-11-23 19:32:56 645120 ----a-w- C:\Windows\SysWow64\jsIntl.dll 2013-11-23 19:32:56 . 2013-11-23 19:32:56 235008 ----a-w- C:\Windows\system32\elshyph.dll 2013-11-23 19:32:56 . 2013-11-23 19:32:56 182272 ----a-w- C:\Windows\SysWow64\msls31.dll 2013-11-23 19:32:54 . 2013-11-23 19:32:54 62464 ----a-w- C:\Windows\SysWow64\tdc.ocx 2013-11-23 19:32:54 . 2013-11-23 19:32:54 34816 ----a-w- C:\Windows\SysWow64\JavaScriptCollectionAgent.dll 2013-11-23 19:32:54 . 2013-11-23 19:32:54 337408 ----a-w- C:\Windows\SysWow64\html.iec 2013-11-23 19:32:53 . 2013-11-23 19:32:53 61952 ----a-w- C:\Windows\SysWow64\iesetup.dll 2013-11-23 19:32:53 . 2013-11-23 19:32:53 24576 ----a-w- C:\Windows\SysWow64\licmgr10.dll 2013-11-23 19:32:53 . 2013-11-23 19:32:53 151552 ----a-w- C:\Windows\SysWow64\iexpress.exe 2013-11-23 19:32:53 . 2013-11-23 19:32:53 139264 ----a-w- C:\Windows\SysWow64\wextract.exe 2013-11-23 19:32:53 . 2013-11-23 19:32:53 1051136 ----a-w- C:\Windows\SysWow64\mshtmlmedia.dll 2013-11-23 19:32:52 . 2013-11-23 19:32:52 454656 ----a-w- C:\Windows\SysWow64\vbscript.dll 2013-11-23 19:32:52 . 2013-11-23 19:32:52 112128 ----a-w- C:\Windows\SysWow64\ieUnatt.exe 2013-11-23 19:32:51 . 2013-11-23 19:32:51 61952 ----a-w- C:\Windows\SysWow64\MshtmlDac.dll 2013-11-23 19:32:51 . 2013-11-23 19:32:51 51200 ----a-w- C:\Windows\SysWow64\ieetwproxystub.dll 2013-11-23 19:32:51 . 2013-11-23 19:32:51 36352 ----a-w- C:\Windows\SysWow64\imgutil.dll 2013-11-23 19:32:51 . 2013-11-23 19:32:51 13312 ----a-w- C:\Windows\SysWow64\mshta.exe 2013-11-23 19:32:51 . 2013-11-23 19:32:51 111616 ----a-w- C:\Windows\SysWow64\IEAdvpack.dll 2013-11-23 19:32:50 . 2013-11-23 19:32:50 86016 ----a-w- C:\Windows\SysWow64\iesysprep.dll 2013-11-23 19:32:50 . 2013-11-23 19:32:50 74240 ----a-w- C:\Windows\SysWow64\SetIEInstalledDate.exe 2013-11-23 19:32:50 . 2013-11-23 19:32:50 48640 ----a-w- C:\Windows\SysWow64\mshtmler.dll 2013-11-23 19:32:49 . 2013-11-23 19:32:49 942592 ----a-w- C:\Windows\system32\jsIntl.dll 2013-11-23 19:32:49 . 2013-11-23 19:32:49 86016 ----a-w- C:\Windows\system32\RegisterIEPKEYs.exe 2013-11-23 19:32:49 . 2013-11-23 19:32:49 247808 ----a-w- C:\Windows\system32\msls31.dll 2013-11-23 19:32:49 . 2013-11-23 19:32:49 195584 ----a-w- C:\Windows\system32\msrating.dll 2013-11-23 19:32:48 . 2013-11-23 19:32:48 90112 ----a-w- C:\Windows\system32\SetIEInstalledDate.exe 2013-11-23 19:32:48 . 2013-11-23 19:32:48 52224 ----a-w- C:\Windows\system32\msfeedsbs.dll 2013-11-23 19:32:48 . 2013-11-23 19:32:48 48640 ----a-w- C:\Windows\system32\mshtmler.dll 2013-11-23 19:32:48 . 2013-11-23 19:32:48 13312 ----a-w- C:\Windows\system32\msfeedssync.exe 2013-11-23 19:32:48 . 2013-11-23 19:32:48 131072 ----a-w- C:\Windows\system32\IEAdvpack.dll 2013-11-23 19:32:48 . 2013-11-23 19:32:48 105984 ----a-w- C:\Windows\system32\iesysprep.dll 2013-11-23 19:32:47 . 2013-11-23 19:32:47 77312 ----a-w- C:\Windows\system32\tdc.ocx 2013-11-23 19:32:47 . 2013-11-23 19:32:47 40448 ----a-w- C:\Windows\system32\JavaScriptCollectionAgent.dll 2013-11-23 19:32:46 . 2013-11-23 19:32:46 81408 ----a-w- C:\Windows\system32\icardie.dll 2013-11-23 19:32:46 . 2013-11-23 19:32:46 616104 ----a-w- C:\Windows\system32\ieapfltr.dat 2013-11-23 19:32:46 . 2013-11-23 19:32:46 453120 ----a-w- C:\Windows\system32\dxtmsft.dll 2013-11-23 19:32:46 . 2013-11-23 19:32:46 413696 ----a-w- C:\Windows\system32\html.iec 2013-11-23 19:32:46 . 2013-11-23 19:32:46 296960 ----a-w- C:\Windows\system32\dxtrans.dll 2013-11-23 19:32:46 . 2013-11-23 19:32:46 263376 ----a-w- C:\Windows\system32\iedkcs32.dll 2013-11-23 19:32:46 . 2013-11-23 19:32:46 235520 ----a-w- C:\Windows\system32\url.dll 2013-11-23 19:32:46 . 2013-11-23 19:32:46 1228800 ----a-w- C:\Windows\system32\mshtmlmedia.dll 2013-11-23 19:32:45 . 2013-11-23 19:32:45 84992 ----a-w- C:\Windows\system32\mshtmled.dll 2013-11-23 19:32:45 . 2013-11-23 19:32:45 626176 ----a-w- C:\Windows\system32\msfeeds.dll 2013-11-23 19:32:45 . 2013-11-23 19:32:45 548352 ----a-w- C:\Windows\system32\vbscript.dll 2013-11-23 19:32:45 . 2013-11-23 19:32:45 30208 ----a-w- C:\Windows\system32\licmgr10.dll 2013-11-23 19:32:45 . 2013-11-23 19:32:45 243200 ----a-w- C:\Windows\system32\webcheck.dll 2013-11-23 19:32:45 . 2013-11-23 19:32:45 167424 ----a-w- C:\Windows\system32\iexpress.exe 2013-11-23 19:32:45 . 2013-11-23 19:32:45 143872 ----a-w- C:\Windows\system32\wextract.exe 2013-11-23 19:32:45 . 2013-11-23 19:32:45 101376 ----a-w- C:\Windows\system32\inseng.dll 2013-11-23 19:32:44 . 2013-11-23 19:32:44 83968 ----a-w- C:\Windows\system32\MshtmlDac.dll 2013-11-23 19:32:44 . 2013-11-23 19:32:44 774144 ----a-w- C:\Windows\system32\jscript.dll 2013-11-23 19:32:44 . 2013-11-23 19:32:44 62464 ----a-w- C:\Windows\system32\pngfilt.dll 2013-11-23 19:32:44 . 2013-11-23 19:32:44 147968 ----a-w- C:\Windows\system32\occache.dll 2013-11-23 19:32:44 . 2013-11-23 19:32:44 13824 ----a-w- C:\Windows\system32\mshta.exe 2013-11-23 19:32:43 . 2013-11-23 19:32:43 48128 ----a-w- C:\Windows\system32\imgutil.dll 2013-11-23 19:32:43 . 2013-11-23 19:32:43 135680 ----a-w- C:\Windows\system32\iepeers.dll 2013-11-19 10:21:41 . 2010-11-21 03:27:21 267936 ------w- C:\Windows\system32\MpSigStub.exe 2013-10-19 01:07:48 . 2013-03-13 19:07:38 965000 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll 2013-10-14 17:00:00 . 2013-11-23 19:36:35 28368 ----a-w- C:\Windows\system32\IEUDINIT.EXE 2013-10-12 02:30:42 . 2013-11-13 11:53:04 830464 ----a-w- C:\Windows\system32\nshwfp.dll 2013-10-12 02:29:21 . 2013-11-13 11:53:04 859648 ----a-w- C:\Windows\system32\IKEEXT.DLL 2013-10-12 02:29:08 . 2013-11-13 11:53:04 324096 ----a-w- C:\Windows\system32\FWPUCLNT.DLL 2013-10-12 02:03:08 . 2013-11-13 11:53:03 656896 ----a-w- C:\Windows\SysWow64\nshwfp.dll 2013-10-12 02:01:25 . 2013-11-13 11:53:04 216576 ----a-w- C:\Windows\SysWow64\FWPUCLNT.DLL 2013-10-05 20:25:35 . 2013-11-13 11:53:29 1474048 ----a-w- C:\Windows\system32\crypt32.dll 2013-10-05 19:57:25 . 2013-11-13 11:53:28 1168384 ----a-w- C:\Windows\SysWow64\crypt32.dll 2013-10-04 02:28:31 . 2013-11-13 11:53:17 190464 ----a-w- C:\Windows\system32\SmartcardCredentialProvider.dll 2013-10-04 02:25:17 . 2013-11-13 11:53:17 197120 ----a-w- C:\Windows\system32\credui.dll 2013-10-04 02:24:49 . 2013-11-13 11:53:17 1930752 ----a-w- C:\Windows\system32\authui.dll |
|
31.12.2013, 14:50
| #6 |
| /// the machine /// TB-Ausbilder | Startpage Trojaner So funktioniert es:Posten in CODE-Tags Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert mir massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu gross für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
Downloade Dir bitte  Malwarebytes Anti-Malware
Downloade Dir bitte  AdwCleaner auf deinen Desktop.
Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
und ein frisches FRST log bitte.
__________________ --> Startpage Trojaner |
|
03.01.2014, 10:40
| #7 |
| | Startpage Trojaner Hallo, danke erstmal. Das Problem besteht leider weiterhin. Hier die logfiles: gr Katrin malwarebites Logfile: Code:
ATTFilter Malwarebytes Anti-Malware 1.75.0.1300 www.malwarebytes.org Database version: v2014.01.02.04 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 11.0.9600.16476 Katrin :: Katrin_PC [administrator] 2-1-2014 22:34:20 mbam-log-2014-01-02 (22-34-20).txt Scan type: Full scan (C:\|E:\|) Scan options enabled: Memory | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: Startup | P2P Objects scanned: 354264 Time elapsed: 1 hour(s), 31 minute(s), 46 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 6 HKCR\AppID\{38495740-0035-4471-851E-F5BBB86AB085} (PUP.Optional.DefaultTab.A) -> Quarantined and deleted successfully. HKCR\AppID\{A2773ED4-83BD-488A-A186-73590706C916} (PUP.Optional.MixiDJToolbar.A) -> Quarantined and deleted successfully. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7F6AFBF1-E065-4627-A2FD-810366367D01} (PUP.Optional.DefaultTab.A) -> Quarantined and deleted successfully. HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{B2D33ED6-EBBD-467C-BF6F-F175D9B51363} (PUP.Optional.DefaultTab.A) -> Quarantined and deleted successfully. HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{BAD84EE2-624D-4e7c-A8BB-41EFD720FD77} (PUP.Optional.DefaultTab.A) -> Quarantined and deleted successfully. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{A1E28287-1A31-4B0F-8D05-AA8C465D3C5A} (PUP.Optional.DefaultTab.A) -> Quarantined and deleted successfully. Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 15 C:\AdwCleaner\Quarantine\C\Program Files (x86)\lucky leap\luckyleapBHO.dll.vir (PUP.Optional.LuckyLeap.A) -> Quarantined and deleted successfully. C:\AdwCleaner\Quarantine\C\Program Files (x86)\optimizer pro\OptimizerPro.exe.vir (PUP.Optional.OptimizerPro) -> Quarantined and deleted successfully. C:\AdwCleaner\Quarantine\C\Program Files (x86)\optimizer pro\OptProGuard.exe.vir (PUP.Optional.OptimizerPro) -> Quarantined and deleted successfully. C:\AdwCleaner\Quarantine\C\Program Files (x86)\optimizer pro\OptProLauncher.exe.vir (PUP.Optional.OptimizePro.A) -> Quarantined and deleted successfully. C:\AdwCleaner\Quarantine\C\Program Files (x86)\optimizer pro\OptProReminder.exe.vir (PUP.Optional.OptimizerPro) -> Quarantined and deleted successfully. C:\AdwCleaner\Quarantine\C\Program Files (x86)\optimizer pro\OptProSchedule.exe.vir (PUP.Optional.OptimizerPro) -> Quarantined and deleted successfully. C:\AdwCleaner\Quarantine\C\Program Files (x86)\optimizer pro\OptProSmartScan.exe.vir (PUP.Optional.OptimizerPro) -> Quarantined and deleted successfully. C:\AdwCleaner\Quarantine\C\Program Files (x86)\optimizer pro\OptProStart.exe.vir (PUP.Optional.OptimizerPro) -> Quarantined and deleted successfully. C:\AdwCleaner\Quarantine\C\Users\Katrin\AppData\Roaming\DefaultTab\DefaultTab\DefaultTabBHO.dll.vir (PUP.Optional.DefaultTab) -> Quarantined and deleted successfully. C:\AdwCleaner\Quarantine\C\Users\Katrin\AppData\Roaming\DefaultTab\DefaultTab\DefaultTabStart.exe.vir (PUP.Optional.DefaultTab) -> Quarantined and deleted successfully. C:\AdwCleaner\Quarantine\C\Users\Katrin\AppData\Roaming\DefaultTab\DefaultTab\DefaultTabStart64.exe.vir (PUP.Optional.DefaultTab) -> Quarantined and deleted successfully. C:\AdwCleaner\Quarantine\C\Users\Katrin\AppData\Roaming\DefaultTab\DefaultTab\DefaultTabWrap.dll.vir (PUP.Optional.DefaultTab) -> Quarantined and deleted successfully. C:\AdwCleaner\Quarantine\C\Users\Katrin\AppData\Roaming\DefaultTab\DefaultTab\DefaultTabWrap64.dll.vir (PUP.Optional.DefaultTab) -> Quarantined and deleted successfully. C:\AdwCleaner\Quarantine\C\Users\Katrin\AppData\Roaming\DefaultTab\DefaultTab\DTUpdate.exe.vir (PUP.Optional.DefaultTab.A) -> Quarantined and deleted successfully. C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\wajam_update[6].exe (PUP.Optional.Wajam.A) -> Quarantined and deleted successfully. (end) Code:
ATTFilter # AdwCleaner v3.016 - Report created 03/01/2014 at 00:47:47
# Updated 23/12/2013 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : Katrin - Katrin_PC
# Running from : C:\Users\Katrin\Downloads\adwcleaner(1).exe
# Option : Clean
***** [ Services ] *****
***** [ Files / Folders ] *****
***** [ Shortcuts ] *****
***** [ Registry ] *****
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{1F8EDE97-36D5-422A-B8F0-9406E2D87C60}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{B8BFA10F-6FFD-44B5-9DBB-E17CBAA107FF}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{FEB62B15-CC00-4736-AAEC-BA046C9DFF73}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{1F8EDE97-36D5-422A-B8F0-9406E2D87C60}
Key Deleted : [x64] HKLM\SOFTWARE\Speedchecker Limited
***** [ Browsers ] *****
-\\ Internet Explorer v11.0.9600.16428
-\\ Mozilla Firefox v26.0 (en-GB)
[ File : C:\Users\Katrin\AppData\Roaming\Mozilla\Firefox\Profiles\lzm5cqp9.default\prefs.js ]
*************************
AdwCleaner[R0].txt - [6754 octets] - [19/11/2013 20:20:15]
AdwCleaner[R1].txt - [899 octets] - [19/11/2013 20:32:39]
AdwCleaner[R2].txt - [1017 octets] - [19/11/2013 20:40:57]
AdwCleaner[R3].txt - [1138 octets] - [19/11/2013 20:46:14]
AdwCleaner[R4].txt - [1652 octets] - [03/01/2014 00:46:47]
AdwCleaner[S0].txt - [6462 octets] - [19/11/2013 20:21:26]
AdwCleaner[S1].txt - [959 octets] - [19/11/2013 20:33:47]
AdwCleaner[S2].txt - [1078 octets] - [19/11/2013 20:41:43]
AdwCleaner[S3].txt - [1200 octets] - [19/11/2013 20:47:41]
AdwCleaner[S4].txt - [1575 octets] - [03/01/2014 00:47:47]
########## EOF - C:\AdwCleaner\AdwCleaner[S4].txt - [1635 octets] ##########
AdwCleaner Logfile: Code:
ATTFilter # AdwCleaner v3.016 - Report created 03/01/2014 at 00:47:47
# Updated 23/12/2013 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : Katrin - Katrin_PC
# Running from : C:\Users\Katrin\Downloads\adwcleaner(1).exe
# Option : Clean
***** [ Services ] *****
***** [ Files / Folders ] *****
***** [ Shortcuts ] *****
***** [ Registry ] *****
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{1F8EDE97-36D5-422A-B8F0-9406E2D87C60}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{B8BFA10F-6FFD-44B5-9DBB-E17CBAA107FF}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{FEB62B15-CC00-4736-AAEC-BA046C9DFF73}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{1F8EDE97-36D5-422A-B8F0-9406E2D87C60}
Key Deleted : [x64] HKLM\SOFTWARE\Speedchecker Limited
***** [ Browsers ] *****
-\\ Internet Explorer v11.0.9600.16428
-\\ Mozilla Firefox v26.0 (en-GB)
[ File : C:\Users\Katrin\AppData\Roaming\Mozilla\Firefox\Profiles\lzm5cqp9.default\prefs.js ]
*************************
AdwCleaner[R0].txt - [6754 octets] - [19/11/2013 20:20:15]
AdwCleaner[R1].txt - [899 octets] - [19/11/2013 20:32:39]
AdwCleaner[R2].txt - [1017 octets] - [19/11/2013 20:40:57]
AdwCleaner[R3].txt - [1138 octets] - [19/11/2013 20:46:14]
AdwCleaner[R4].txt - [1652 octets] - [03/01/2014 00:46:47]
AdwCleaner[S0].txt - [6462 octets] - [19/11/2013 20:21:26]
AdwCleaner[S1].txt - [959 octets] - [19/11/2013 20:33:47]
AdwCleaner[S2].txt - [1078 octets] - [19/11/2013 20:41:43]
AdwCleaner[S3].txt - [1200 octets] - [19/11/2013 20:47:41]
AdwCleaner[S4].txt - [1575 octets] - [03/01/2014 00:47:47]
########## EOF - C:\AdwCleaner\AdwCleaner[S4].txt - [1635 octets] ##########
Code:
ATTFilter Junkware Removal Tool (JRT) by Thisisu
Version: 6.0.9 (01.01.2014:1)
OS: Windows 7 Home Premium x64
Ran by Katrin on vr 03-01-2014 at 1:02:14,95
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~ Services
~~~ Registry Values
~~~ Registry Keys
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-588370504-2637819077-3987119145-1000\Software\sweetim
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{25F82E00-721F-43A9-9CE4-08BFDF1B2613}
~~~ Files
~~~ Folders
Successfully deleted: [Folder] "C:\ProgramData\apn"
Successfully deleted: [Folder] "C:\Windows\syswow64\ai_recyclebin"
~~~ Event Viewer Logs were cleared
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on vr 03-01-2014 at 1:13:25,34
End of JRT log
FRST Logfile: FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 03-01-2014
Ran by Katrin (administrator) on Katrin_PC on 03-01-2014 10:22:17
Running from C:\Users\Katrin\Desktop
Windows 7 Home Premium Service Pack 1 (X64) OS Language: English(US)
Internet Explorer Version 11
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\AdminService.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\dsiwmis.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LMworker.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LMutilps32.exe
(NTI Corporation) C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe
(Microsoft Corporation) C:\Users\Katrin\Forefront UAG Remote Access Agent\iportalsickkidsca\iportaltwo1\uagqecsvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Microsoft Corporation) C:\Windows\System32\alg.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(Dolby Laboratories Inc.) C:\Dolby PCEE4\pcee4.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LManager.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerEvent.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Microsoft Corporation) C:\Windows\splwow64.exe
(Mozilla Corporation) C:\Program Files\firefox.exe
(Mozilla Corporation) C:\Program Files\plugin-container.exe
(Google) C:\Users\Katrin\AppData\Local\Google\Google Talk Plugin\googletalkplugin.exe
(Mozilla Corporation) C:\Program Files\plugin-container.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_8_800_168.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_8_800_168.exe
(Microsoft Corporation) C:\Windows\SysWOW64\notepad.exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12446824 2012-01-31] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_Dolby] - C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1156712 2011-11-15] (Realtek Semiconductor)
HKLM\...\Run: [ETDCtrl] - C:\Program Files\Elantech\ETDCtrl.exe [2816336 2012-03-19] (ELAN Microelectronics Corp.)
HKLM\...\Run: [Power Management] - C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe [1829768 2012-02-08] (Acer Incorporated)
HKLM\...\Run: [MSC] - C:\Program Files\Microsoft Security Client\msseces.exe [1266912 2013-10-23] (Microsoft Corporation)
HKLM-x32\...\Run: [Dolby Home Theater v4] - C:\Dolby PCEE4\pcee4.exe [506712 2011-06-01] (Dolby Laboratories Inc.)
HKLM-x32\...\Run: [LManager] - C:\Program Files (x86)\Launch Manager\LManager.exe [1105488 2012-03-23] (Dritek System Inc.)
HKLM-x32\...\Run: [StartCCC] - C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [630912 2012-02-29] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [BCSSync] - C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation)
HKLM-x32\...\Run: [avgnt] - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [684600 2013-12-18] (Avira Operations GmbH & Co. KG)
HKCU\...\Run: [Skype] - C:\Program Files (x86)\Skype\Phone\Skype.exe [20587168 2013-11-18] (Skype Technologies S.A.)
HKU\Default\...\RunOnce: [ScrSav] - C:\Program Files (x86)\Acer\Screensaver\run_Acer.exe [162408 2011-09-13] ()
AppInit_DLLs: [ ] ()
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://startpage.com
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://startpage.com/do/search?query={searchTerms}
BHO: SteadyVideoBHO Class - {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} - C:\Program Files\AMD\SteadyVideo\SteadyVideo.dll (Advanced Micro Devices)
BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: No Name - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: SteadyVideoBHO Class - {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} - C:\Program Files (x86)\AMD\SteadyVideo\SteadyVideo.dll (Advanced Micro Devices)
BHO-x32: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: CIESpeechBHO Class - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll (Atheros Commnucations)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKCU - No Name - {41564952-412D-5637-00A7-7A786E7484D7} - No File
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Filter: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
Filter: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
Filter-x32: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
Filter-x32: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254 195.241.77.55 195.241.77.58
FireFox:
========
FF ProfilePath: C:\Users\Katrin\AppData\Roaming\Mozilla\Firefox\Profiles\lzm5cqp9.default
FF SelectedSearchEngine: Google
FF Homepage: www.google.com
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_8_800_168.dll ()
FF Plugin: @java.com/DTPlugin,version=10.45.2 - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.45.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_168.dll ()
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf - C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf - C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=10.45.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.45.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MICROS~4\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll No File
FF Plugin-x32: @videolan.org/vlc,version=2.0.5 - C:\Program Files\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @talk.google.com/GoogleTalkPlugin - C:\Users\Katrin\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF Plugin HKCU: @talk.google.com/O1DPlugin - C:\Users\Katrin\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google)
FF Plugin HKCU: @talk.google.com/O3DPlugin - C:\Users\Katrin\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()
FF Plugin HKCU: @tools.google.com/Google Update;version=3 - C:\Users\Katrin\AppData\Local\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=9 - C:\Users\Katrin\AppData\Local\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Extension: German Dictionary - C:\Users\Katrin\AppData\Roaming\Mozilla\Firefox\Profiles\lzm5cqp9.default\Extensions\de-DE@dictionaries.addons.mozilla.org
FF Extension: Woordenboek Nederlands - C:\Users\Katrin\AppData\Roaming\Mozilla\Firefox\Profiles\lzm5cqp9.default\Extensions\nl-NL@dictionaries.addons.mozilla.org
FF Extension: SelectionLinks - C:\Users\Katrin\AppData\Roaming\Mozilla\Firefox\Profiles\lzm5cqp9.default\Extensions\{1EBD8847-199B-4B3B-B4B8-91E3B80FCDBF}
FF Extension: No Name - C:\Users\Katrin\AppData\Roaming\Mozilla\Firefox\Profiles\lzm5cqp9.default\Extensions\savedpasswordeditor@daniel.dawson.xpi
FF Extension: SciLor's Grooveshark(tm) Unlocker for Germany - C:\Users\Katrin\AppData\Roaming\Mozilla\Firefox\Profiles\lzm5cqp9.default\Extensions\SciLorsGrooveUnlocker@scilor.com.xpi
FF Extension: Adblock Plus - C:\Users\Katrin\AppData\Roaming\Mozilla\Firefox\Profiles\lzm5cqp9.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
FF StartMenuInternet: FIREFOX.EXE - C:\Program Files\firefox.exe
==================== Services (Whitelisted) =================
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [440376 2013-12-18] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [440376 2013-11-28] (Avira Operations GmbH & Co. KG)
R2 MsMpSvc; C:\Program Files\Microsoft Security Client\MsMpEng.exe [23808 2013-10-23] (Microsoft Corporation)
S3 NisSrv; C:\Program Files\Microsoft Security Client\NisSrv.exe [348376 2013-10-23] (Microsoft Corporation)
R2 NTI IScheduleSvc; C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe [256536 2012-01-05] (NTI Corporation)
R2 uagqecsvc; C:\Users\Katrin\Forefront UAG Remote Access Agent\iportalsickkidsca\iportaltwo1\uagqecsvc.exe [144896 2013-09-24] (Microsoft Corporation)
==================== Drivers (Whitelisted) ====================
R0 amdkmpfd; C:\Windows\System32\DRIVERS\amdkmpfd.sys [31872 2012-02-01] (Advanced Micro Devices, Inc.)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [108440 2013-12-18] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [131576 2013-12-18] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-11-28] (Avira Operations GmbH & Co. KG)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [248240 2013-09-27] (Microsoft Corporation)
S3 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [134944 2013-09-27] (Microsoft Corporation)
S3 Serial; C:\Windows\system32\drivers\serial.sys [94208 2009-07-14] (Brother Industries Ltd.)
U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
S3 catchme; \??\C:\ComboFix\catchme.sys [x]
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2014-01-03 01:13 - 2014-01-03 01:13 - 00001089 _____ C:\Users\Katrin\Desktop\JRT.txt
2014-01-03 01:00 - 2014-01-03 01:00 - 00000000 ____D C:\Windows\ERUNT
2014-01-03 00:49 - 2014-01-03 00:49 - 00429808 _____ C:\Windows\system32\FNTCACHE.DAT
2014-01-03 00:49 - 2014-01-03 00:49 - 00005132 _____ C:\Windows\PFRO.log
2014-01-03 00:49 - 2014-01-03 00:49 - 00000056 _____ C:\Windows\setupact.log
2014-01-03 00:49 - 2014-01-03 00:49 - 00000000 _____ C:\Windows\setuperr.log
2014-01-03 00:45 - 2014-01-03 00:45 - 01233962 _____ C:\Users\Katrin\Downloads\adwcleaner.exe
2014-01-02 22:50 - 2014-01-02 22:50 - 00112096 _____ C:\Users\Katrin\AppData\Local\GDIPFONTCACHEV1.DAT
2014-01-01 21:19 - 2014-01-01 21:19 - 01036305 _____ (Thisisu) C:\Users\Katrin\Desktop\JRT.exe
2014-01-01 21:18 - 2014-01-01 21:18 - 01233962 _____ C:\Users\Katrin\Downloads\adwcleaner(1).exe
2014-01-01 21:13 - 2014-01-01 21:13 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\Katrin\Downloads\mbam-setup-1.75.0.1300(1).exe
2014-01-01 19:40 - 2014-01-03 10:21 - 00000000 ____D C:\Users\Katrin\Desktop\FRST-OlderVersion
2013-12-30 02:12 - 2013-12-30 02:12 - 00000000 ____D C:\Program Files\defaults
2013-12-30 02:12 - 2013-12-30 02:12 - 00000000 ____D C:\Program Files\browser
2013-12-30 00:18 - 2013-12-30 01:57 - 00000000 ____D C:\ComboFix
2013-12-29 23:49 - 2011-06-26 07:45 - 00256000 _____ C:\Windows\PEV.exe
2013-12-29 23:49 - 2010-11-07 18:20 - 00208896 _____ C:\Windows\MBR.exe
2013-12-29 23:49 - 2009-04-20 05:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2013-12-29 23:49 - 2000-08-31 01:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2013-12-29 23:49 - 2000-08-31 01:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2013-12-29 23:49 - 2000-08-31 01:00 - 00098816 _____ C:\Windows\sed.exe
2013-12-29 23:49 - 2000-08-31 01:00 - 00080412 _____ C:\Windows\grep.exe
2013-12-29 23:49 - 2000-08-31 01:00 - 00068096 _____ C:\Windows\zip.exe
2013-12-29 23:48 - 2013-12-29 23:49 - 00000000 ____D C:\Qoobox
2013-12-29 23:46 - 2013-12-30 00:30 - 00000000 ____D C:\Windows\erdnt
2013-12-29 13:46 - 2013-12-29 13:46 - 05158590 ____R (Swearware) C:\Users\Katrin\Desktop\ComboFix.exe
2013-12-28 13:07 - 2013-12-28 13:08 - 00026551 _____ C:\Users\Katrin\Desktop\Addition.txt
2013-12-28 13:05 - 2014-01-03 10:22 - 00014148 _____ C:\Users\Katrin\Desktop\FRST.txt
2013-12-28 12:51 - 2014-01-03 10:21 - 01931750 _____ (Farbar) C:\Users\Katrin\Desktop\FRST64.exe
2013-12-28 12:51 - 2014-01-03 10:21 - 00000000 ____D C:\FRST
2013-12-28 02:42 - 2013-10-08 07:46 - 00264616 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2013-12-28 02:41 - 2013-12-28 02:41 - 00004154 _____ C:\Windows\SysWOW64\jupdate-1.7.0_45-b18.log
2013-12-28 02:41 - 2013-10-08 07:50 - 00096168 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2013-12-28 02:41 - 2013-10-08 07:46 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2013-12-28 02:41 - 2013-10-08 07:46 - 00174504 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2013-12-26 03:09 - 2013-12-26 03:09 - 00000000 ____D C:\Users\Katrin\Desktop\104_PANA
2013-12-25 22:09 - 2013-12-25 22:17 - 00002668 _____ C:\Users\Katrin\Desktop\Rkill.txt
2013-12-25 22:09 - 2013-12-25 22:09 - 01937144 _____ (Bleeping Computer, LLC) C:\Users\Katrin\Downloads\eXplorer.exe
2013-12-25 22:09 - 2013-12-25 22:09 - 00000000 ____D C:\Users\Katrin\Desktop\rkill
2013-12-25 21:34 - 2013-12-25 21:34 - 04645232 _____ (Piriform Ltd) C:\Users\Katrin\Downloads\ccsetup409(1).exe
2013-12-25 21:30 - 2013-12-25 21:30 - 04645232 _____ (Piriform Ltd) C:\Users\Katrin\Downloads\ccsetup409.exe
2013-12-13 09:25 - 2013-12-13 10:09 - 00020110 ____H C:\Users\Katrin\Desktop\~WRL4049.tmp
2013-12-13 09:23 - 2013-05-10 06:56 - 14631424 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll
2013-12-13 09:23 - 2013-05-10 06:56 - 12625920 _____ (Microsoft Corporation) C:\Windows\system32\wmploc.DLL
2013-12-13 09:23 - 2013-05-10 05:56 - 12625408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmploc.DLL
2013-12-13 09:23 - 2013-05-10 05:56 - 11410432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmp.dll
2013-12-13 09:19 - 2013-11-26 12:54 - 23183360 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-12-13 09:19 - 2013-11-26 11:19 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-12-13 09:19 - 2013-11-26 11:18 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2013-12-13 09:19 - 2013-11-26 11:11 - 17112576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-12-13 09:19 - 2013-11-26 10:48 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-12-13 09:19 - 2013-11-26 10:46 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2013-12-13 09:19 - 2013-11-26 10:41 - 02764288 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-12-13 09:19 - 2013-11-26 10:29 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-12-13 09:19 - 2013-11-26 10:27 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-12-13 09:19 - 2013-11-26 10:23 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-12-13 09:19 - 2013-11-26 10:21 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-12-13 09:19 - 2013-11-26 10:18 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2013-12-13 09:19 - 2013-11-26 10:18 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2013-12-13 09:19 - 2013-11-26 10:16 - 00708608 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2013-12-13 09:19 - 2013-11-26 09:57 - 00218624 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-12-13 09:19 - 2013-11-26 09:38 - 02166784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-12-13 09:19 - 2013-11-26 09:38 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-12-13 09:19 - 2013-11-26 09:35 - 05769216 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-12-13 09:19 - 2013-11-26 09:32 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-12-13 09:19 - 2013-11-26 09:28 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2013-12-13 09:19 - 2013-11-26 09:16 - 04243968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-12-13 09:19 - 2013-11-26 09:02 - 01995264 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2013-12-13 09:19 - 2013-11-26 08:48 - 12996608 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-12-13 09:19 - 2013-11-26 08:32 - 01928192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2013-12-13 09:19 - 2013-11-26 08:26 - 11221504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-12-13 09:19 - 2013-11-26 08:07 - 02334208 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-12-13 09:19 - 2013-11-26 07:40 - 01395200 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-12-13 09:19 - 2013-11-26 07:34 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2013-12-13 09:19 - 2013-11-26 07:34 - 00703488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2013-12-13 09:19 - 2013-11-26 07:33 - 01820160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-12-13 09:19 - 2013-11-26 07:27 - 01157632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-12-11 20:30 - 2013-11-23 19:26 - 00417792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMPhoto.dll
2013-12-11 20:30 - 2013-11-23 18:47 - 00465920 _____ (Microsoft Corporation) C:\Windows\system32\WMPhoto.dll
2013-12-11 20:30 - 2013-11-12 03:23 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2013-12-11 20:30 - 2013-11-12 03:07 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2013-12-11 20:30 - 2013-10-30 03:32 - 00335360 _____ (Microsoft Corporation) C:\Windows\system32\msieftp.dll
2013-12-11 20:30 - 2013-10-30 03:19 - 00301568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msieftp.dll
2013-12-11 20:30 - 2013-10-30 02:24 - 03155968 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2013-12-11 20:30 - 2013-10-19 03:18 - 00081408 _____ (Microsoft Corporation) C:\Windows\system32\imagehlp.dll
2013-12-11 20:30 - 2013-10-19 02:36 - 00159232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\imagehlp.dll
2013-12-11 20:30 - 2013-10-12 03:32 - 00150016 _____ (Microsoft Corporation) C:\Windows\system32\wshom.ocx
2013-12-11 20:30 - 2013-10-12 03:31 - 00202752 _____ (Microsoft Corporation) C:\Windows\system32\scrrun.dll
2013-12-11 20:30 - 2013-10-12 03:04 - 00121856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wshom.ocx
2013-12-11 20:30 - 2013-10-12 03:03 - 00163840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\scrrun.dll
2013-12-11 20:30 - 2013-10-12 02:33 - 00168960 _____ (Microsoft Corporation) C:\Windows\system32\wscript.exe
2013-12-11 20:30 - 2013-10-12 02:33 - 00156160 _____ (Microsoft Corporation) C:\Windows\system32\cscript.exe
2013-12-11 20:30 - 2013-10-12 02:15 - 00141824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wscript.exe
2013-12-11 20:30 - 2013-10-12 02:15 - 00126976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cscript.exe
2013-12-11 20:30 - 2013-10-04 03:16 - 00116736 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\drmk.sys
2013-12-11 20:30 - 2013-10-04 02:36 - 00230400 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\portcls.sys
2013-12-10 22:53 - 2013-12-10 22:53 - 00003118 _____ C:\Windows\System32\Tasks\Microsoft_Hardware_Launch_mousekeyboardcenter_exe
2013-12-10 22:53 - 2013-12-10 22:53 - 00003092 _____ C:\Windows\System32\Tasks\Microsoft_Hardware_Launch_ipoint_exe
2013-12-10 22:53 - 2013-12-10 22:53 - 00003090 _____ C:\Windows\System32\Tasks\Microsoft_Hardware_Launch_itype_exe
2013-12-10 22:53 - 2013-12-10 22:53 - 00003062 _____ C:\Windows\System32\Tasks\Microsoft_MKC_Logon_Task_ipoint.exe
2013-12-10 22:53 - 2013-12-10 22:53 - 00003060 _____ C:\Windows\System32\Tasks\Microsoft_MKC_Logon_Task_itype.exe
2013-12-10 22:53 - 2013-12-10 22:53 - 00000000 ____H C:\Windows\system32\Drivers\Msft_Kernel_point64_01011.Wdf
2013-12-10 22:52 - 2013-12-10 22:52 - 00000000 ____D C:\Program Files\Microsoft Mouse and Keyboard Center
2013-12-10 14:34 - 2013-12-10 14:34 - 00283055 _____ C:\Users\Katrin\Downloads\AllResponses_Logfiles.xlsx
2013-12-10 14:34 - 2013-12-10 14:34 - 00000165 ____H C:\Users\Katrin\Downloads\~$AllResponses_Logfiles.xlsx
2013-12-10 14:24 - 2013-12-25 21:30 - 00000000 ____D C:\Users\Katrin\Desktop\Projectjes December 2013
2013-12-08 15:35 - 2013-12-08 15:35 - 00000355 _____ C:\Users\Katrin\Computer - Shortcut.lnk
2013-12-05 17:08 - 2013-12-05 17:08 - 00000000 ____D C:\Users\Katrin\Desktop\lianne
2013-12-05 16:58 - 2013-12-05 17:06 - 00000000 ___RD C:\Users\Katrin\Copy
2013-12-05 16:56 - 2013-12-05 17:11 - 00000000 ____D C:\Users\Katrin\AppData\Roaming\Copy
2013-12-05 16:48 - 2013-12-05 16:55 - 48530640 _____ (Barracuda Networks, Inc.) C:\Users\Katrin\Downloads\Copy-1.37.0546.exe
2013-12-05 00:20 - 2013-12-05 00:20 - 30694824 _____ (Oracle Corporation) C:\Users\Katrin\Downloads\jre-7u45-windows-x64(1).exe
2013-12-04 23:27 - 2013-12-04 23:26 - 00312744 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
2013-12-04 23:27 - 2013-12-04 23:26 - 00189352 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe
2013-12-04 23:27 - 2013-12-04 23:26 - 00189352 _____ (Oracle Corporation) C:\Windows\system32\java.exe
2013-12-04 23:27 - 2013-12-04 23:26 - 00108968 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge-64.dll
2013-12-04 23:26 - 2013-12-04 23:26 - 00000000 ____D C:\Program Files\Java
2013-12-04 23:25 - 2013-12-04 23:26 - 30694824 _____ (Oracle Corporation) C:\Users\Katrin\Downloads\jre-7u45-windows-x64.exe
2013-12-04 17:22 - 2013-12-04 17:56 - 00017995 ____H C:\Users\Katrin\Desktop\~WRL0005.tmp
==================== One Month Modified Files and Folders =======
2014-01-03 10:23 - 2013-12-28 13:05 - 00014148 _____ C:\Users\Katrin\Desktop\FRST.txt
2014-01-03 10:21 - 2014-01-01 19:40 - 00000000 ____D C:\Users\Katrin\Desktop\FRST-OlderVersion
2014-01-03 10:21 - 2013-12-28 12:51 - 01931750 _____ (Farbar) C:\Users\Katrin\Desktop\FRST64.exe
2014-01-03 10:21 - 2013-12-28 12:51 - 00000000 ____D C:\FRST
2014-01-03 10:21 - 2013-02-09 14:06 - 00000000 ____D C:\Users\Katrin\AppData\Roaming\Skype
2014-01-03 10:04 - 2013-04-25 09:58 - 00001070 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-588370504-2637819077-3987119145-1000UA.job
2014-01-03 10:04 - 2012-06-15 22:14 - 01521605 _____ C:\Windows\WindowsUpdate.log
2014-01-03 01:13 - 2014-01-03 01:13 - 00001089 _____ C:\Users\Katrin\Desktop\JRT.txt
2014-01-03 01:00 - 2014-01-03 01:00 - 00000000 ____D C:\Windows\ERUNT
2014-01-03 00:57 - 2009-07-14 05:45 - 00016976 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-01-03 00:57 - 2009-07-14 05:45 - 00016976 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-01-03 00:50 - 2013-10-26 21:31 - 00000437 _____ C:\Windows\system32\Drivers\etc\hosts.ics
2014-01-03 00:49 - 2014-01-03 00:49 - 00429808 _____ C:\Windows\system32\FNTCACHE.DAT
2014-01-03 00:49 - 2014-01-03 00:49 - 00005132 _____ C:\Windows\PFRO.log
2014-01-03 00:49 - 2014-01-03 00:49 - 00000056 _____ C:\Windows\setupact.log
2014-01-03 00:49 - 2014-01-03 00:49 - 00000000 _____ C:\Windows\setuperr.log
2014-01-03 00:49 - 2009-07-14 06:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2014-01-03 00:47 - 2013-11-19 20:20 - 00000000 ____D C:\AdwCleaner
2014-01-03 00:46 - 2014-01-02 12:02 - 00000000 ____D C:\Users\Katrin\Desktop\_Q&A__Public Outreach_
2014-01-03 00:45 - 2014-01-03 00:45 - 01233962 _____ C:\Users\Katrin\Downloads\adwcleaner.exe
2014-01-03 00:39 - 2013-02-07 19:47 - 00000000 ____D C:\Users\Katrin\AppData\Roaming\uTorrent
2014-01-02 22:50 - 2014-01-02 22:50 - 00112096 _____ C:\Users\Katrin\AppData\Local\GDIPFONTCACHEV1.DAT
2014-01-02 18:00 - 2013-04-25 09:58 - 00001018 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-588370504-2637819077-3987119145-1000Core.job
2014-01-02 12:00 - 2014-01-02 12:00 - 05625908 _____ C:\Users\Katrin\Downloads\_Q&A__Public Outreach_.zip
2014-01-01 21:19 - 2014-01-01 21:19 - 01036305 _____ (Thisisu) C:\Users\Katrin\Desktop\JRT.exe
2014-01-01 21:18 - 2014-01-01 21:18 - 01233962 _____ C:\Users\Katrin\Downloads\adwcleaner(1).exe
2014-01-01 21:13 - 2014-01-01 21:13 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\Katrin\Downloads\mbam-setup-1.75.0.1300(1).exe
2013-12-30 02:24 - 2009-07-14 06:13 - 00778834 _____ C:\Windows\system32\PerfStringBackup.INI
2013-12-30 02:14 - 2013-09-25 04:00 - 00026138 _____ C:\Program Files\install.log
2013-12-30 02:14 - 2013-02-08 00:14 - 00000708 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk
2013-12-30 02:14 - 2013-02-08 00:14 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2013-12-30 02:12 - 2013-12-30 02:12 - 00000000 ____D C:\Program Files\defaults
2013-12-30 02:12 - 2013-12-30 02:12 - 00000000 ____D C:\Program Files\browser
2013-12-30 02:12 - 2013-02-08 00:13 - 00000000 ____D C:\Program Files\webapprt
2013-12-30 02:12 - 2013-02-08 00:13 - 00000000 ____D C:\Program Files\uninstall
2013-12-30 01:57 - 2013-12-30 00:18 - 00000000 ____D C:\ComboFix
2013-12-30 01:56 - 2009-07-14 03:34 - 00000215 _____ C:\Windows\system.ini
2013-12-30 01:51 - 2013-02-08 00:23 - 00000000 ____D C:\Users\Katrin\AppData\Roaming\vlc
2013-12-30 00:30 - 2013-12-29 23:46 - 00000000 ____D C:\Windows\erdnt
2013-12-29 23:49 - 2013-12-29 23:48 - 00000000 ____D C:\Qoobox
2013-12-29 13:46 - 2013-12-29 13:46 - 05158590 ____R (Swearware) C:\Users\Katrin\Desktop\ComboFix.exe
2013-12-28 13:08 - 2013-12-28 13:07 - 00026551 _____ C:\Users\Katrin\Desktop\Addition.txt
2013-12-28 02:42 - 2013-09-23 03:38 - 00000000 ____D C:\ProgramData\Oracle
2013-12-28 02:41 - 2013-12-28 02:41 - 00004154 _____ C:\Windows\SysWOW64\jupdate-1.7.0_45-b18.log
2013-12-28 02:41 - 2013-09-23 03:36 - 00000000 ____D C:\Program Files (x86)\Java
2013-12-26 03:09 - 2013-12-26 03:09 - 00000000 ____D C:\Users\Katrin\Desktop\104_PANA
2013-12-25 22:17 - 2013-12-25 22:09 - 00002668 _____ C:\Users\Katrin\Desktop\Rkill.txt
2013-12-25 22:09 - 2013-12-25 22:09 - 01937144 _____ (Bleeping Computer, LLC) C:\Users\Katrin\Downloads\eXplorer.exe
2013-12-25 22:09 - 2013-12-25 22:09 - 00000000 ____D C:\Users\Katrin\Desktop\rkill
2013-12-25 21:43 - 2013-05-01 13:32 - 00000000 ____D C:\backups
2013-12-25 21:41 - 2013-04-20 09:13 - 00000000 ____D C:\Users\Katrin\AppData\Local\CrashDumps
2013-12-25 21:41 - 2007-07-12 02:49 - 00000000 ____D C:\Windows\Panther
2013-12-25 21:40 - 2013-07-14 16:17 - 00000472 _____ C:\Windows\wininit.ini
2013-12-25 21:37 - 2013-10-25 19:43 - 00000000 ____D C:\Program Files\SUPERAntiSpyware
2013-12-25 21:35 - 2013-09-25 04:20 - 00000786 _____ C:\Users\Public\Desktop\CCleaner.lnk
2013-12-25 21:35 - 2013-02-07 19:47 - 00000000 ____D C:\Program Files\CCleaner
2013-12-25 21:34 - 2013-12-25 21:34 - 04645232 _____ (Piriform Ltd) C:\Users\Katrin\Downloads\ccsetup409(1).exe
2013-12-25 21:30 - 2013-12-25 21:30 - 04645232 _____ (Piriform Ltd) C:\Users\Katrin\Downloads\ccsetup409.exe
2013-12-25 21:30 - 2013-12-10 14:24 - 00000000 ____D C:\Users\Katrin\Desktop\Projectjes December 2013
2013-12-19 00:25 - 2013-12-19 00:02 - 301690957 _____ C:\Users\Katrin\Downloads\Der_Freie_Wille_p1-2.flv
2013-12-18 23:27 - 2013-12-18 23:18 - 732624896 _____ C:\Users\Katrin\Downloads\The.Science.of.Sleep.DVDRip.XViD.avi
2013-12-18 07:57 - 2013-09-26 06:03 - 00084720 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avnetflt.sys
2013-12-18 07:57 - 2013-09-26 05:58 - 00131576 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys
2013-12-18 07:57 - 2013-09-26 05:58 - 00108440 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
2013-12-17 23:49 - 2013-12-17 23:49 - 79342623 _____ C:\Users\Katrin\Desktop\pics for rani.rar
2013-12-17 23:48 - 2013-12-17 23:31 - 00000000 ____D C:\Users\Katrin\Desktop\pics for rani
2013-12-16 22:50 - 2013-10-29 22:51 - 00000000 ____D C:\Windows\system32\MRT
2013-12-16 22:46 - 2013-10-29 22:51 - 90708896 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2013-12-16 22:41 - 2009-07-14 06:09 - 00000000 ____D C:\Windows\System32\Tasks\WPD
2013-12-15 13:44 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\rescache
2013-12-13 10:09 - 2013-12-13 09:25 - 00020110 ____H C:\Users\Katrin\Desktop\~WRL4049.tmp
2013-12-13 09:22 - 2013-02-08 00:19 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-12-10 22:53 - 2013-12-10 22:53 - 00003118 _____ C:\Windows\System32\Tasks\Microsoft_Hardware_Launch_mousekeyboardcenter_exe
2013-12-10 22:53 - 2013-12-10 22:53 - 00003092 _____ C:\Windows\System32\Tasks\Microsoft_Hardware_Launch_ipoint_exe
2013-12-10 22:53 - 2013-12-10 22:53 - 00003090 _____ C:\Windows\System32\Tasks\Microsoft_Hardware_Launch_itype_exe
2013-12-10 22:53 - 2013-12-10 22:53 - 00003062 _____ C:\Windows\System32\Tasks\Microsoft_MKC_Logon_Task_ipoint.exe
2013-12-10 22:53 - 2013-12-10 22:53 - 00003060 _____ C:\Windows\System32\Tasks\Microsoft_MKC_Logon_Task_itype.exe
2013-12-10 22:53 - 2013-12-10 22:53 - 00000000 ____H C:\Windows\system32\Drivers\Msft_Kernel_point64_01011.Wdf
2013-12-10 22:52 - 2013-12-10 22:52 - 00000000 ____D C:\Program Files\Microsoft Mouse and Keyboard Center
2013-12-10 14:34 - 2013-12-10 14:34 - 00283055 _____ C:\Users\Katrin\Downloads\AllResponses_Logfiles.xlsx
2013-12-10 14:34 - 2013-12-10 14:34 - 00000165 ____H C:\Users\Katrin\Downloads\~$AllResponses_Logfiles.xlsx
2013-12-08 17:55 - 2013-04-25 09:58 - 00004042 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-588370504-2637819077-3987119145-1000UA
2013-12-08 17:55 - 2013-04-25 09:58 - 00003646 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-588370504-2637819077-3987119145-1000Core
2013-12-08 17:54 - 2013-12-08 15:34 - 00000835 _____ C:\Users\Katrin\Downloads\Pics - Rani.zip
2013-12-08 17:54 - 2013-12-08 15:34 - 00000835 _____ C:\Users\Katrin\Downloads\3 Aug - Caribean festival.zip
2013-12-08 15:35 - 2013-12-08 15:35 - 00000355 _____ C:\Users\Katrin\Computer - Shortcut.lnk
2013-12-08 15:35 - 2013-02-07 22:57 - 00000000 ____D C:\Users\Katrin
2013-12-05 22:03 - 2013-09-25 04:00 - 00001974 _____ C:\Program Files\precomplete
2013-12-05 22:02 - 2013-09-25 04:00 - 08284917 _____ C:\Program Files\omni.ja
2013-12-05 22:02 - 2013-09-25 04:00 - 00004003 _____ C:\Program Files\crashreporter.ini
2013-12-05 22:02 - 2013-09-25 04:00 - 00001202 _____ C:\Program Files\updater.ini
2013-12-05 20:41 - 2013-09-25 04:00 - 22370928 _____ (Mozilla Foundation) C:\Program Files\xul.dll
2013-12-05 20:37 - 2013-09-25 04:00 - 01776240 _____ (Mozilla Foundation) C:\Program Files\nss3.dll
2013-12-05 20:37 - 2013-09-25 04:00 - 00393840 _____ (Mozilla Foundation) C:\Program Files\nssckbi.dll
2013-12-05 20:37 - 2013-09-25 04:00 - 00276592 _____ (Mozilla Foundation) C:\Program Files\updater.exe
2013-12-05 20:37 - 2013-09-25 04:00 - 00170960 _____ (Mozilla Corporation) C:\Program Files\webapp-uninstaller.exe
2013-12-05 20:37 - 2013-09-25 04:00 - 00153712 _____ (Mozilla Foundation) C:\Program Files\softokn3.dll
2013-12-05 20:37 - 2013-09-25 04:00 - 00108144 _____ (Mozilla Foundation) C:\Program Files\webapprt-stub.exe
2013-12-05 20:37 - 2013-09-25 04:00 - 00092272 _____ (Mozilla Foundation) C:\Program Files\nssdbm3.dll
2013-12-05 20:37 - 2013-09-25 04:00 - 00028272 _____ (Mozilla Corporation) C:\Program Files\plugin-hang-ui.exe
2013-12-05 20:37 - 2013-09-25 04:00 - 00018544 _____ (Mozilla Corporation) C:\Program Files\plugin-container.exe
2013-12-05 20:37 - 2013-09-25 04:00 - 00000899 _____ C:\Program Files\softokn3.chk
2013-12-05 20:37 - 2013-09-25 04:00 - 00000899 _____ C:\Program Files\nssdbm3.chk
2013-12-05 20:36 - 2013-09-25 04:00 - 03559024 _____ C:\Program Files\mozjs.dll
2013-12-05 20:36 - 2013-09-25 04:00 - 03449456 _____ (Mozilla Foundation) C:\Program Files\gkmedias.dll
2013-12-05 20:36 - 2013-09-25 04:00 - 00647280 _____ (Mozilla Foundation) C:\Program Files\libGLESv2.dll
2013-12-05 20:36 - 2013-09-25 04:00 - 00194552 _____ (Mozilla Corporation) C:\Program Files\maintenanceservice_installer.exe
2013-12-05 20:36 - 2013-09-25 04:00 - 00130672 _____ (Mozilla Foundation) C:\Program Files\mozglue.dll
2013-12-05 20:36 - 2013-09-25 04:00 - 00119408 _____ (Mozilla Foundation) C:\Program Files\maintenanceservice.exe
2013-12-05 20:36 - 2013-09-25 04:00 - 00053360 _____ (Mozilla Foundation) C:\Program Files\libEGL.dll
2013-12-05 20:36 - 2013-09-25 04:00 - 00017008 _____ (Mozilla Foundation) C:\Program Files\mozalloc.dll
2013-12-05 20:34 - 2013-09-25 04:00 - 00302192 _____ (Mozilla Foundation) C:\Program Files\freebl3.dll
2013-12-05 20:34 - 2013-09-25 04:00 - 00275568 _____ (Mozilla Corporation) C:\Program Files\firefox.exe
2013-12-05 20:34 - 2013-09-25 04:00 - 00117360 _____ (Mozilla Foundation) C:\Program Files\crashreporter.exe
2013-12-05 20:34 - 2013-09-25 04:00 - 00075376 _____ (Mozilla Foundation) C:\Program Files\breakpadinjector.dll
2013-12-05 20:34 - 2013-09-25 04:00 - 00020080 _____ (Mozilla Foundation) C:\Program Files\AccessibleMarshal.dll
2013-12-05 20:34 - 2013-09-25 04:00 - 00000899 _____ C:\Program Files\freebl3.chk
2013-12-05 20:21 - 2013-09-25 04:00 - 00000099 _____ C:\Program Files\dependentlibs.list
2013-12-05 18:50 - 2013-09-25 04:00 - 00000140 _____ C:\Program Files\platform.ini
2013-12-05 18:33 - 2013-09-25 04:00 - 00000685 _____ C:\Program Files\application.ini
2013-12-05 18:30 - 2013-09-25 04:00 - 00036692 _____ C:\Program Files\removed-files
2013-12-05 17:51 - 2013-09-25 04:00 - 00000137 _____ C:\Program Files\update-settings.ini
2013-12-05 17:11 - 2013-12-05 16:56 - 00000000 ____D C:\Users\Katrin\AppData\Roaming\Copy
2013-12-05 17:08 - 2013-12-05 17:08 - 00000000 ____D C:\Users\Katrin\Desktop\lianne
2013-12-05 17:06 - 2013-12-05 16:58 - 00000000 ___RD C:\Users\Katrin\Copy
2013-12-05 16:55 - 2013-12-05 16:48 - 48530640 _____ (Barracuda Networks, Inc.) C:\Users\Katrin\Downloads\Copy-1.37.0546.exe
2013-12-05 00:20 - 2013-12-05 00:20 - 30694824 _____ (Oracle Corporation) C:\Users\Katrin\Downloads\jre-7u45-windows-x64(1).exe
2013-12-04 23:26 - 2013-12-04 23:27 - 00312744 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
2013-12-04 23:26 - 2013-12-04 23:27 - 00189352 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe
2013-12-04 23:26 - 2013-12-04 23:27 - 00189352 _____ (Oracle Corporation) C:\Windows\system32\java.exe
2013-12-04 23:26 - 2013-12-04 23:27 - 00108968 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge-64.dll
2013-12-04 23:26 - 2013-12-04 23:26 - 00000000 ____D C:\Program Files\Java
2013-12-04 23:26 - 2013-12-04 23:25 - 30694824 _____ (Oracle Corporation) C:\Users\Katrin\Downloads\jre-7u45-windows-x64.exe
2013-12-04 22:44 - 2013-11-29 08:53 - 00017101 ____H C:\Users\Katrin\Desktop\~WRL0006.tmp
2013-12-04 17:56 - 2013-12-04 17:22 - 00017995 ____H C:\Users\Katrin\Desktop\~WRL0005.tmp
Some content of TEMP:
====================
C:\Users\Katrin\AppData\Local\Temp\avgnt.exe
C:\Users\Katrin\AppData\Local\Temp\Foxit Reader Updater.exe
C:\Users\Katrin\AppData\Local\Temp\Quarantine.exe
==================== Bamital & volsnap Check =================
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
LastRegBack: 2014-01-01 22:47
==================== End Of Log ============================
--- --- --- --- --- --- |
|
04.01.2014, 09:21
| #8 |
| /// the machine /// TB-Ausbilder | Startpage TrojanerESET Online Scanner
Downloade Dir bitte  SecurityCheck und:
und ein frisches FRST log bitte. Noch Probleme? 
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
08.01.2014, 21:12
| #9 |
| | Startpage Trojaner Hallo, hier die logfiles, das Problem besteht leider noch immer. gr Katrin Code:
ATTFilter ESETSmartInstaller@High as downloader log:
all ok
Code:
ATTFilter Results of screen317's Security Check version 0.99.78 Windows 7 Service Pack 1 x64 (UAC is enabled) Internet Explorer 11 ``````````````Antivirus/Firewall Check:`````````````` Windows Firewall Enabled! Microsoft Security Essentials Avira Desktop Antivirus up to date! (On Access scanning disabled!) `````````Anti-malware/Other Utilities Check:````````` Malwarebytes Anti-Malware version 1.75.0.1300 Java 7 Update 45 Adobe Flash Player 11.8.800.168 Adobe Reader XI Mozilla Firefox (26.0) ````````Process Check: objlist.exe by Laurent```````` Microsoft Security Essentials MSMpEng.exe Microsoft Security Essentials msseces.exe Avira Antivir avgnt.exe Avira Antivir avguard.exe `````````````````System Health check````````````````` Total Fragmentation on Drive C: 4% ````````````````````End of Log`````````````````````` Code:
ATTFilter can result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 08-01-2014 01
Ran by Katrin (administrator) on Katrin_PC on 08-01-2014 21:00:58
Running from C:\Users\Katrin\Desktop
Windows 7 Home Premium Service Pack 1 (X64) OS Language: English(US)
Internet Explorer Version 11
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\AdminService.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\dsiwmis.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LMworker.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LMutilps32.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Updater\UpdaterService.exe
(NTI Corporation) C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe
(Microsoft Corporation) C:\Users\Katrin\Forefront UAG Remote Access Agent\iportalsickkidsca\iportaltwo1\uagqecsvc.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerEvent.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(Dolby Laboratories Inc.) C:\Dolby PCEE4\pcee4.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LManager.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Microsoft Corporation) C:\Windows\System32\alg.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Mozilla Corporation) C:\Program Files\firefox.exe
(Mozilla Corporation) C:\Program Files\plugin-container.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Google Inc.) C:\Users\Katrin\AppData\Local\Google\Update\GoogleUpdate.exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12446824 2012-01-31] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_Dolby] - C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1156712 2011-11-15] (Realtek Semiconductor)
HKLM\...\Run: [ETDCtrl] - C:\Program Files\Elantech\ETDCtrl.exe [2816336 2012-03-19] (ELAN Microelectronics Corp.)
HKLM\...\Run: [Power Management] - C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe [1829768 2012-02-08] (Acer Incorporated)
HKLM\...\Run: [MSC] - C:\Program Files\Microsoft Security Client\msseces.exe [1266912 2013-10-23] (Microsoft Corporation)
HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2868496 2012-02-14] (Synaptics Incorporated)
HKLM-x32\...\Run: [Dolby Home Theater v4] - C:\Dolby PCEE4\pcee4.exe [506712 2011-06-01] (Dolby Laboratories Inc.)
HKLM-x32\...\Run: [LManager] - C:\Program Files (x86)\Launch Manager\LManager.exe [1105488 2012-03-23] (Dritek System Inc.)
HKLM-x32\...\Run: [StartCCC] - C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [630912 2012-02-29] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [BCSSync] - C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation)
HKLM-x32\...\Run: [avgnt] - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [684600 2013-12-18] (Avira Operations GmbH & Co. KG)
HKCU\...\Run: [Skype] - C:\Program Files (x86)\Skype\Phone\Skype.exe [20587168 2013-11-18] (Skype Technologies S.A.)
HKU\Default\...\RunOnce: [ScrSav] - C:\Program Files (x86)\Acer\Screensaver\run_Acer.exe [162408 2011-09-13] ()
AppInit_DLLs: [ ] ()
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://startpage.com
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://startpage.com/do/search?query={searchTerms}
BHO: SteadyVideoBHO Class - {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} - C:\Program Files\AMD\SteadyVideo\SteadyVideo.dll (Advanced Micro Devices)
BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: No Name - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: SteadyVideoBHO Class - {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} - C:\Program Files (x86)\AMD\SteadyVideo\SteadyVideo.dll (Advanced Micro Devices)
BHO-x32: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: CIESpeechBHO Class - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll (Atheros Commnucations)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKCU - No Name - {41564952-412D-5637-00A7-7A786E7484D7} - No File
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Filter: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
Filter: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
Filter-x32: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
Filter-x32: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254 195.241.77.55 195.241.77.58
FireFox:
========
FF ProfilePath: C:\Users\Katrin\AppData\Roaming\Mozilla\Firefox\Profiles\lzm5cqp9.default
FF SelectedSearchEngine: Google
FF Homepage: www.google.com
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_8_800_168.dll ()
FF Plugin: @java.com/DTPlugin,version=10.45.2 - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.45.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_168.dll ()
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf - C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf - C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=10.45.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.45.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MICROS~4\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll No File
FF Plugin-x32: @videolan.org/vlc,version=2.0.5 - C:\Program Files\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @talk.google.com/GoogleTalkPlugin - C:\Users\Katrin\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF Plugin HKCU: @talk.google.com/O1DPlugin - C:\Users\Katrin\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google)
FF Plugin HKCU: @talk.google.com/O3DPlugin - C:\Users\Katrin\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()
FF Plugin HKCU: @tools.google.com/Google Update;version=3 - C:\Users\Katrin\AppData\Local\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=9 - C:\Users\Katrin\AppData\Local\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Extension: German Dictionary - C:\Users\Katrin\AppData\Roaming\Mozilla\Firefox\Profiles\lzm5cqp9.default\Extensions\de-DE@dictionaries.addons.mozilla.org
FF Extension: Woordenboek Nederlands - C:\Users\Katrin\AppData\Roaming\Mozilla\Firefox\Profiles\lzm5cqp9.default\Extensions\nl-NL@dictionaries.addons.mozilla.org
FF Extension: SelectionLinks - C:\Users\Katrin\AppData\Roaming\Mozilla\Firefox\Profiles\lzm5cqp9.default\Extensions\{1EBD8847-199B-4B3B-B4B8-91E3B80FCDBF}
FF Extension: Myibidder (Myibay) Bid Sniper for eBay - C:\Users\Katrin\AppData\Roaming\Mozilla\Firefox\Profiles\lzm5cqp9.default\Extensions\firefox1@myibay.com.xpi
FF Extension: No Name - C:\Users\Katrin\AppData\Roaming\Mozilla\Firefox\Profiles\lzm5cqp9.default\Extensions\savedpasswordeditor@daniel.dawson.xpi
FF Extension: SciLor's Grooveshark(tm) Unlocker for Germany - C:\Users\Katrin\AppData\Roaming\Mozilla\Firefox\Profiles\lzm5cqp9.default\Extensions\SciLorsGrooveUnlocker@scilor.com.xpi
FF Extension: Adblock Plus - C:\Users\Katrin\AppData\Roaming\Mozilla\Firefox\Profiles\lzm5cqp9.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
FF StartMenuInternet: FIREFOX.EXE - C:\Program Files\firefox.exe
==================== Services (Whitelisted) =================
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [440376 2013-12-18] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [440376 2013-11-28] (Avira Operations GmbH & Co. KG)
R2 MsMpSvc; C:\Program Files\Microsoft Security Client\MsMpEng.exe [23808 2013-10-23] (Microsoft Corporation)
S3 NisSrv; C:\Program Files\Microsoft Security Client\NisSrv.exe [348376 2013-10-23] (Microsoft Corporation)
R2 NTI IScheduleSvc; C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe [256536 2012-01-05] (NTI Corporation)
R2 uagqecsvc; C:\Users\Katrin\Forefront UAG Remote Access Agent\iportalsickkidsca\iportaltwo1\uagqecsvc.exe [144896 2013-09-24] (Microsoft Corporation)
==================== Drivers (Whitelisted) ====================
R0 amdkmpfd; C:\Windows\System32\DRIVERS\amdkmpfd.sys [31872 2012-02-01] (Advanced Micro Devices, Inc.)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [108440 2013-12-18] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [131576 2013-12-18] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-11-28] (Avira Operations GmbH & Co. KG)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [248240 2013-09-27] (Microsoft Corporation)
S3 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [134944 2013-09-27] (Microsoft Corporation)
S3 Serial; C:\Windows\system32\drivers\serial.sys [94208 2009-07-14] (Brother Industries Ltd.)
U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
S3 catchme; \??\C:\ComboFix\catchme.sys [x]
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2014-01-08 00:49 - 2014-01-08 00:49 - 00013772 _____ C:\Users\Katrin\Downloads\Studienfach-Uni Liste.xlsx
2014-01-07 22:26 - 2014-01-07 22:26 - 00987410 _____ C:\Users\Katrin\Desktop\SecurityCheck.exe
2014-01-07 00:17 - 2014-01-07 00:17 - 00000000 ____H C:\Windows\system32\Drivers\Msft_Kernel_SynTP_01009.Wdf
2014-01-07 00:17 - 2014-01-07 00:17 - 00000000 ____D C:\Program Files\Synaptics
2014-01-07 00:16 - 2014-01-07 00:19 - 00009024 _____ C:\Windows\DPINST.LOG
2014-01-07 00:16 - 2014-01-07 00:16 - 00001452 _____ C:\Windows\Synaptics.log
2014-01-07 00:15 - 2014-01-07 00:15 - 00000000 ____D C:\Users\Katrin\Downloads\TouchPad_Synaptics_15.3.41.5_W7x86W7x64_A
2014-01-07 00:15 - 2012-02-14 05:33 - 00412944 _____ (Synaptics Incorporated) C:\Windows\system32\Drivers\SynTP.sys
2014-01-07 00:15 - 2012-02-14 05:33 - 00172304 _____ (Synaptics Incorporated) C:\Windows\system32\SynGlwPadShlExt.dll
2014-01-07 00:15 - 2012-02-14 05:32 - 00421648 _____ (Synaptics Incorporated) C:\Windows\system32\SynCOM.dll
2014-01-07 00:15 - 2012-02-14 05:32 - 00280336 _____ (Synaptics Incorporated) C:\Windows\system32\SynCtrl.dll
2014-01-07 00:15 - 2012-02-14 05:32 - 00229648 _____ (Synaptics Incorporated) C:\Windows\system32\SynTPAPI.dll
2014-01-07 00:15 - 2012-02-14 05:32 - 00224528 _____ (Synaptics Incorporated) C:\Windows\SysWOW64\SynCtrl.dll
2014-01-07 00:15 - 2012-02-14 05:32 - 00183568 _____ (Synaptics Incorporated) C:\Windows\SysWOW64\SynCOM.dll
2014-01-07 00:15 - 2012-02-14 05:32 - 00150800 _____ (Synaptics Incorporated) C:\Windows\system32\SynTPCo9.dll
2014-01-07 00:15 - 2012-02-14 05:32 - 00113936 _____ (Synaptics Incorporated) C:\Windows\SysWOW64\SynTPCOM.dll
2014-01-07 00:15 - 2012-02-14 05:32 - 00068880 _____ (Synaptics Incorporated) C:\Windows\SysWOW64\SynTPEnhPS.dll
2014-01-07 00:15 - 2011-09-14 12:11 - 01048576 _____ C:\Windows\system32\syndata.bin
2014-01-06 23:37 - 2014-01-06 23:46 - 102976430 _____ C:\Users\Katrin\Downloads\TouchPad_Synaptics_15.3.41.5_W7x86W7x64_A.zip
2014-01-05 19:30 - 2014-01-05 20:40 - 00000000 ____D C:\Users\Katrin\Downloads\About Time (2013)
2014-01-04 15:48 - 2014-01-04 15:48 - 00000000 ____D C:\Program Files (x86)\ESET
2014-01-04 15:39 - 2014-01-04 15:39 - 02347384 _____ (ESET) C:\Users\Katrin\Downloads\esetsmartinstaller_enu.exe
2014-01-03 01:13 - 2014-01-03 01:13 - 00001089 _____ C:\Users\Katrin\Desktop\JRT.txt
2014-01-03 01:00 - 2014-01-03 01:00 - 00000000 ____D C:\Windows\ERUNT
2014-01-03 00:49 - 2014-01-07 09:26 - 00000915 _____ C:\Windows\setupact.log
2014-01-03 00:49 - 2014-01-03 00:49 - 00429808 _____ C:\Windows\system32\FNTCACHE.DAT
2014-01-03 00:49 - 2014-01-03 00:49 - 00005132 _____ C:\Windows\PFRO.log
2014-01-03 00:49 - 2014-01-03 00:49 - 00000000 _____ C:\Windows\setuperr.log
2014-01-03 00:45 - 2014-01-03 00:45 - 01233962 _____ C:\Users\Katrin\Downloads\adwcleaner.exe
2014-01-02 22:50 - 2014-01-02 22:50 - 00112096 _____ C:\Users\Katrin\AppData\Local\GDIPFONTCACHEV1.DAT
2014-01-02 12:02 - 2014-01-03 10:51 - 00000000 ____D C:\Users\Katrin\Desktop\_Q&A__Public Outreach_
2014-01-02 12:00 - 2014-01-02 12:00 - 05625908 _____ C:\Users\Katrin\Downloads\_Q&A__Public Outreach_.zip
2014-01-01 21:19 - 2014-01-01 21:19 - 01036305 _____ (Thisisu) C:\Users\Katrin\Desktop\JRT.exe
2014-01-01 21:18 - 2014-01-01 21:18 - 01233962 _____ C:\Users\Katrin\Downloads\adwcleaner(1).exe
2014-01-01 21:13 - 2014-01-01 21:13 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\Katrin\Downloads\mbam-setup-1.75.0.1300(1).exe
2014-01-01 19:40 - 2014-01-08 21:00 - 00000000 ____D C:\Users\Katrin\Desktop\FRST-OlderVersion
2013-12-30 02:12 - 2013-12-30 02:12 - 00000000 ____D C:\Program Files\defaults
2013-12-30 02:12 - 2013-12-30 02:12 - 00000000 ____D C:\Program Files\browser
2013-12-30 00:18 - 2013-12-30 01:57 - 00000000 ____D C:\ComboFix
2013-12-29 23:49 - 2011-06-26 07:45 - 00256000 _____ C:\Windows\PEV.exe
2013-12-29 23:49 - 2010-11-07 18:20 - 00208896 _____ C:\Windows\MBR.exe
2013-12-29 23:49 - 2009-04-20 05:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2013-12-29 23:49 - 2000-08-31 01:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2013-12-29 23:49 - 2000-08-31 01:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2013-12-29 23:49 - 2000-08-31 01:00 - 00098816 _____ C:\Windows\sed.exe
2013-12-29 23:49 - 2000-08-31 01:00 - 00080412 _____ C:\Windows\grep.exe
2013-12-29 23:49 - 2000-08-31 01:00 - 00068096 _____ C:\Windows\zip.exe
2013-12-29 23:48 - 2013-12-29 23:49 - 00000000 ____D C:\Qoobox
2013-12-29 23:46 - 2013-12-30 00:30 - 00000000 ____D C:\Windows\erdnt
2013-12-29 22:56 - 2013-12-29 22:55 - 00069716 _____ C:\Users\Katrin\Desktop\fascinating-monkey-photography.htm
2013-12-29 13:46 - 2013-12-29 13:46 - 05158590 ____R (Swearware) C:\Users\Katrin\Desktop\ComboFix.exe
2013-12-28 13:07 - 2013-12-28 13:08 - 00026551 _____ C:\Users\Katrin\Desktop\Addition.txt
2013-12-28 13:05 - 2014-01-08 21:00 - 00013968 _____ C:\Users\Katrin\Desktop\FRST.txt
2013-12-28 12:51 - 2014-01-08 21:00 - 01931770 _____ (Farbar) C:\Users\Katrin\Desktop\FRST64.exe
2013-12-28 12:51 - 2014-01-08 21:00 - 00000000 ____D C:\FRST
2013-12-28 02:42 - 2013-10-08 07:46 - 00264616 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2013-12-28 02:41 - 2013-12-28 02:41 - 00004154 _____ C:\Windows\SysWOW64\jupdate-1.7.0_45-b18.log
2013-12-28 02:41 - 2013-10-08 07:50 - 00096168 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2013-12-28 02:41 - 2013-10-08 07:46 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2013-12-28 02:41 - 2013-10-08 07:46 - 00174504 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2013-12-26 03:09 - 2013-12-26 03:09 - 00000000 ____D C:\Users\Katrin\Desktop\104_PANA
2013-12-26 03:08 - 2013-12-26 03:08 - 00000000 ____D C:\Users\Katrin\Desktop\Dale Carnegie - Sorge Dich nicht - lebe!
2013-12-25 22:09 - 2013-12-25 22:17 - 00002668 _____ C:\Users\Katrin\Desktop\Rkill.txt
2013-12-25 22:09 - 2013-12-25 22:09 - 01937144 _____ (Bleeping Computer, LLC) C:\Users\Katrin\Downloads\eXplorer.exe
2013-12-25 22:09 - 2013-12-25 22:09 - 00000000 ____D C:\Users\Katrin\Desktop\rkill
2013-12-25 21:34 - 2013-12-25 21:34 - 04645232 _____ (Piriform Ltd) C:\Users\Katrin\Downloads\ccsetup409(1).exe
2013-12-25 21:30 - 2013-12-25 21:30 - 04645232 _____ (Piriform Ltd) C:\Users\Katrin\Downloads\ccsetup409.exe
2013-12-19 00:02 - 2013-12-19 00:25 - 301690957 _____ C:\Users\Katrin\Downloads\Der_Freie_Wille_p1-2.flv
2013-12-18 23:18 - 2013-12-18 23:27 - 732624896 _____ C:\Users\Katrin\Downloads\The.Science.of.Sleep.DVDRip.XViD.avi
2013-12-17 23:49 - 2013-12-17 23:49 - 79342623 _____ C:\Users\Katrin\Desktop\pics for rani.rar
2013-12-17 23:31 - 2013-12-17 23:48 - 00000000 ____D C:\Users\Katrin\Desktop\pics for rani
2013-12-13 09:25 - 2013-12-13 10:09 - 00020110 ____H C:\Users\Katrin\Desktop\~WRL4049.tmp
2013-12-13 09:23 - 2013-05-10 06:56 - 14631424 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll
2013-12-13 09:23 - 2013-05-10 06:56 - 12625920 _____ (Microsoft Corporation) C:\Windows\system32\wmploc.DLL
2013-12-13 09:23 - 2013-05-10 05:56 - 12625408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmploc.DLL
2013-12-13 09:23 - 2013-05-10 05:56 - 11410432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmp.dll
2013-12-13 09:19 - 2013-11-26 12:54 - 23183360 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-12-13 09:19 - 2013-11-26 11:19 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-12-13 09:19 - 2013-11-26 11:18 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2013-12-13 09:19 - 2013-11-26 11:11 - 17112576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-12-13 09:19 - 2013-11-26 10:48 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-12-13 09:19 - 2013-11-26 10:46 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2013-12-13 09:19 - 2013-11-26 10:41 - 02764288 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-12-13 09:19 - 2013-11-26 10:29 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-12-13 09:19 - 2013-11-26 10:27 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-12-13 09:19 - 2013-11-26 10:23 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-12-13 09:19 - 2013-11-26 10:21 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-12-13 09:19 - 2013-11-26 10:18 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2013-12-13 09:19 - 2013-11-26 10:18 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2013-12-13 09:19 - 2013-11-26 10:16 - 00708608 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2013-12-13 09:19 - 2013-11-26 09:57 - 00218624 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-12-13 09:19 - 2013-11-26 09:38 - 02166784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-12-13 09:19 - 2013-11-26 09:38 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-12-13 09:19 - 2013-11-26 09:35 - 05769216 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-12-13 09:19 - 2013-11-26 09:32 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-12-13 09:19 - 2013-11-26 09:28 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2013-12-13 09:19 - 2013-11-26 09:16 - 04243968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-12-13 09:19 - 2013-11-26 09:02 - 01995264 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2013-12-13 09:19 - 2013-11-26 08:48 - 12996608 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-12-13 09:19 - 2013-11-26 08:32 - 01928192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2013-12-13 09:19 - 2013-11-26 08:26 - 11221504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-12-13 09:19 - 2013-11-26 08:07 - 02334208 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-12-13 09:19 - 2013-11-26 07:40 - 01395200 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-12-13 09:19 - 2013-11-26 07:34 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2013-12-13 09:19 - 2013-11-26 07:34 - 00703488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2013-12-13 09:19 - 2013-11-26 07:33 - 01820160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-12-13 09:19 - 2013-11-26 07:27 - 01157632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-12-11 20:30 - 2013-11-23 19:26 - 00417792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMPhoto.dll
2013-12-11 20:30 - 2013-11-23 18:47 - 00465920 _____ (Microsoft Corporation) C:\Windows\system32\WMPhoto.dll
2013-12-11 20:30 - 2013-11-12 03:23 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2013-12-11 20:30 - 2013-11-12 03:07 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2013-12-11 20:30 - 2013-10-30 03:32 - 00335360 _____ (Microsoft Corporation) C:\Windows\system32\msieftp.dll
2013-12-11 20:30 - 2013-10-30 03:19 - 00301568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msieftp.dll
2013-12-11 20:30 - 2013-10-30 02:24 - 03155968 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2013-12-11 20:30 - 2013-10-19 03:18 - 00081408 _____ (Microsoft Corporation) C:\Windows\system32\imagehlp.dll
2013-12-11 20:30 - 2013-10-19 02:36 - 00159232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\imagehlp.dll
2013-12-11 20:30 - 2013-10-12 03:32 - 00150016 _____ (Microsoft Corporation) C:\Windows\system32\wshom.ocx
2013-12-11 20:30 - 2013-10-12 03:31 - 00202752 _____ (Microsoft Corporation) C:\Windows\system32\scrrun.dll
2013-12-11 20:30 - 2013-10-12 03:04 - 00121856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wshom.ocx
2013-12-11 20:30 - 2013-10-12 03:03 - 00163840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\scrrun.dll
2013-12-11 20:30 - 2013-10-12 02:33 - 00168960 _____ (Microsoft Corporation) C:\Windows\system32\wscript.exe
2013-12-11 20:30 - 2013-10-12 02:33 - 00156160 _____ (Microsoft Corporation) C:\Windows\system32\cscript.exe
2013-12-11 20:30 - 2013-10-12 02:15 - 00141824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wscript.exe
2013-12-11 20:30 - 2013-10-12 02:15 - 00126976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cscript.exe
2013-12-11 20:30 - 2013-10-04 03:16 - 00116736 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\drmk.sys
2013-12-11 20:30 - 2013-10-04 02:36 - 00230400 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\portcls.sys
2013-12-10 22:53 - 2013-12-10 22:53 - 00003118 _____ C:\Windows\System32\Tasks\Microsoft_Hardware_Launch_mousekeyboardcenter_exe
2013-12-10 22:53 - 2013-12-10 22:53 - 00003092 _____ C:\Windows\System32\Tasks\Microsoft_Hardware_Launch_ipoint_exe
2013-12-10 22:53 - 2013-12-10 22:53 - 00003090 _____ C:\Windows\System32\Tasks\Microsoft_Hardware_Launch_itype_exe
2013-12-10 22:53 - 2013-12-10 22:53 - 00003062 _____ C:\Windows\System32\Tasks\Microsoft_MKC_Logon_Task_ipoint.exe
2013-12-10 22:53 - 2013-12-10 22:53 - 00003060 _____ C:\Windows\System32\Tasks\Microsoft_MKC_Logon_Task_itype.exe
2013-12-10 22:53 - 2013-12-10 22:53 - 00000000 ____H C:\Windows\system32\Drivers\Msft_Kernel_point64_01011.Wdf
2013-12-10 22:52 - 2013-12-10 22:52 - 00000000 ____D C:\Program Files\Microsoft Mouse and Keyboard Center
2013-12-10 14:34 - 2013-12-10 14:34 - 00283055 _____ C:\Users\Katrin\Downloads\AllResponses_Logfiles.xlsx
2013-12-10 14:34 - 2013-12-10 14:34 - 00000165 ____H C:\Users\Katrin\Downloads\~$AllResponses_Logfiles.xlsx
2013-12-10 14:24 - 2013-12-25 21:30 - 00000000 ____D C:\Users\Katrin\Desktop\Projectjes December 2013
==================== One Month Modified Files and Folders =======
2014-01-08 21:02 - 2013-12-28 13:05 - 00013968 _____ C:\Users\Katrin\Desktop\FRST.txt
2014-01-08 21:00 - 2014-01-01 19:40 - 00000000 ____D C:\Users\Katrin\Desktop\FRST-OlderVersion
2014-01-08 21:00 - 2013-12-28 12:51 - 01931770 _____ (Farbar) C:\Users\Katrin\Desktop\FRST64.exe
2014-01-08 21:00 - 2013-12-28 12:51 - 00000000 ____D C:\FRST
2014-01-08 21:00 - 2013-04-25 09:58 - 00001070 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-588370504-2637819077-3987119145-1000UA.job
2014-01-08 21:00 - 2013-02-09 14:06 - 00000000 ____D C:\Users\Katrin\AppData\Roaming\Skype
2014-01-08 20:59 - 2013-04-25 09:58 - 00001018 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-588370504-2637819077-3987119145-1000Core.job
2014-01-08 20:59 - 2012-06-15 22:14 - 01759130 _____ C:\Windows\WindowsUpdate.log
2014-01-08 00:49 - 2014-01-08 00:49 - 00013772 _____ C:\Users\Katrin\Downloads\Studienfach-Uni Liste.xlsx
2014-01-07 22:34 - 2013-03-10 18:17 - 00000000 ____D C:\Users\Katrin\AppData\Roaming\Belastingdienst
2014-01-07 22:26 - 2014-01-07 22:26 - 00987410 _____ C:\Users\Katrin\Desktop\SecurityCheck.exe
2014-01-07 09:34 - 2009-07-14 05:45 - 00016976 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-01-07 09:34 - 2009-07-14 05:45 - 00016976 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-01-07 09:27 - 2013-10-26 21:31 - 00000437 _____ C:\Windows\system32\Drivers\etc\hosts.ics
2014-01-07 09:26 - 2014-01-03 00:49 - 00000915 _____ C:\Windows\setupact.log
2014-01-07 09:26 - 2009-07-14 06:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2014-01-07 00:19 - 2014-01-07 00:16 - 00009024 _____ C:\Windows\DPINST.LOG
2014-01-07 00:17 - 2014-01-07 00:17 - 00000000 ____H C:\Windows\system32\Drivers\Msft_Kernel_SynTP_01009.Wdf
2014-01-07 00:17 - 2014-01-07 00:17 - 00000000 ____D C:\Program Files\Synaptics
2014-01-07 00:16 - 2014-01-07 00:16 - 00001452 _____ C:\Windows\Synaptics.log
2014-01-07 00:15 - 2014-01-07 00:15 - 00000000 ____D C:\Users\Katrin\Downloads\TouchPad_Synaptics_15.3.41.5_W7x86W7x64_A
2014-01-06 23:46 - 2014-01-06 23:37 - 102976430 _____ C:\Users\Katrin\Downloads\TouchPad_Synaptics_15.3.41.5_W7x86W7x64_A.zip
2014-01-06 20:17 - 2013-04-20 09:13 - 00000000 ____D C:\Users\Katrin\AppData\Local\CrashDumps
2014-01-06 20:17 - 2013-02-07 19:47 - 00000000 ____D C:\Users\Katrin\AppData\Roaming\uTorrent
2014-01-06 00:13 - 2013-02-08 00:23 - 00000000 ____D C:\Users\Katrin\AppData\Roaming\vlc
2014-01-05 20:40 - 2014-01-05 19:30 - 00000000 ____D C:\Users\Katrin\Downloads\About Time (2013)
2014-01-04 15:48 - 2014-01-04 15:48 - 00000000 ____D C:\Program Files (x86)\ESET
2014-01-04 15:39 - 2014-01-04 15:39 - 02347384 _____ (ESET) C:\Users\Katrin\Downloads\esetsmartinstaller_enu.exe
2014-01-03 10:51 - 2014-01-02 12:02 - 00000000 ____D C:\Users\Katrin\Desktop\_Q&A__Public Outreach_
2014-01-03 01:13 - 2014-01-03 01:13 - 00001089 _____ C:\Users\Katrin\Desktop\JRT.txt
2014-01-03 01:00 - 2014-01-03 01:00 - 00000000 ____D C:\Windows\ERUNT
2014-01-03 00:49 - 2014-01-03 00:49 - 00429808 _____ C:\Windows\system32\FNTCACHE.DAT
2014-01-03 00:49 - 2014-01-03 00:49 - 00005132 _____ C:\Windows\PFRO.log
2014-01-03 00:49 - 2014-01-03 00:49 - 00000000 _____ C:\Windows\setuperr.log
2014-01-03 00:47 - 2013-11-19 20:20 - 00000000 ____D C:\AdwCleaner
2014-01-03 00:45 - 2014-01-03 00:45 - 01233962 _____ C:\Users\Katrin\Downloads\adwcleaner.exe
2014-01-02 22:50 - 2014-01-02 22:50 - 00112096 _____ C:\Users\Katrin\AppData\Local\GDIPFONTCACHEV1.DAT
2014-01-02 12:00 - 2014-01-02 12:00 - 05625908 _____ C:\Users\Katrin\Downloads\_Q&A__Public Outreach_.zip
2014-01-01 21:19 - 2014-01-01 21:19 - 01036305 _____ (Thisisu) C:\Users\Katrin\Desktop\JRT.exe
2014-01-01 21:18 - 2014-01-01 21:18 - 01233962 _____ C:\Users\Katrin\Downloads\adwcleaner(1).exe
2014-01-01 21:13 - 2014-01-01 21:13 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\Katrin\Downloads\mbam-setup-1.75.0.1300(1).exe
2013-12-30 02:24 - 2009-07-14 06:13 - 00778834 _____ C:\Windows\system32\PerfStringBackup.INI
2013-12-30 02:14 - 2013-09-25 04:00 - 00026138 _____ C:\Program Files\install.log
2013-12-30 02:14 - 2013-02-08 00:14 - 00000708 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk
2013-12-30 02:14 - 2013-02-08 00:14 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2013-12-30 02:12 - 2013-12-30 02:12 - 00000000 ____D C:\Program Files\defaults
2013-12-30 02:12 - 2013-12-30 02:12 - 00000000 ____D C:\Program Files\browser
2013-12-30 02:12 - 2013-02-08 00:13 - 00000000 ____D C:\Program Files\webapprt
2013-12-30 02:12 - 2013-02-08 00:13 - 00000000 ____D C:\Program Files\uninstall
2013-12-30 01:57 - 2013-12-30 00:18 - 00000000 ____D C:\ComboFix
2013-12-30 01:56 - 2009-07-14 03:34 - 00000215 _____ C:\Windows\system.ini
2013-12-30 00:30 - 2013-12-29 23:46 - 00000000 ____D C:\Windows\erdnt
2013-12-29 23:49 - 2013-12-29 23:48 - 00000000 ____D C:\Qoobox
2013-12-29 22:55 - 2013-12-29 22:56 - 00069716 _____ C:\Users\Katrin\Desktop\fascinating-monkey-photography.htm
2013-12-29 13:46 - 2013-12-29 13:46 - 05158590 ____R (Swearware) C:\Users\Katrin\Desktop\ComboFix.exe
2013-12-28 13:08 - 2013-12-28 13:07 - 00026551 _____ C:\Users\Katrin\Desktop\Addition.txt
2013-12-28 02:42 - 2013-09-23 03:38 - 00000000 ____D C:\ProgramData\Oracle
2013-12-28 02:41 - 2013-12-28 02:41 - 00004154 _____ C:\Windows\SysWOW64\jupdate-1.7.0_45-b18.log
2013-12-28 02:41 - 2013-09-23 03:36 - 00000000 ____D C:\Program Files (x86)\Java
2013-12-26 03:09 - 2013-12-26 03:09 - 00000000 ____D C:\Users\Katrin\Desktop\104_PANA
2013-12-26 03:08 - 2013-12-26 03:08 - 00000000 ____D C:\Users\Katrin\Desktop\Dale Carnegie - Sorge Dich nicht - lebe!
2013-12-26 02:37 - 2013-10-10 01:42 - 00000000 ____D C:\Users\Katrin\Desktop\fb
2013-12-26 02:37 - 2013-09-02 03:37 - 00000000 ____D C:\Users\Katrin\Desktop\rani
2013-12-25 22:17 - 2013-12-25 22:09 - 00002668 _____ C:\Users\Katrin\Desktop\Rkill.txt
2013-12-25 22:09 - 2013-12-25 22:09 - 01937144 _____ (Bleeping Computer, LLC) C:\Users\Katrin\Downloads\eXplorer.exe
2013-12-25 22:09 - 2013-12-25 22:09 - 00000000 ____D C:\Users\Katrin\Desktop\rkill
2013-12-25 21:43 - 2013-05-01 13:32 - 00000000 ____D C:\backups
2013-12-25 21:41 - 2007-07-12 02:49 - 00000000 ____D C:\Windows\Panther
2013-12-25 21:40 - 2013-07-14 16:17 - 00000472 _____ C:\Windows\wininit.ini
2013-12-25 21:37 - 2013-10-25 19:43 - 00000000 ____D C:\Program Files\SUPERAntiSpyware
2013-12-25 21:35 - 2013-09-25 04:20 - 00000786 _____ C:\Users\Public\Desktop\CCleaner.lnk
2013-12-25 21:35 - 2013-02-07 19:47 - 00000000 ____D C:\Program Files\CCleaner
2013-12-25 21:34 - 2013-12-25 21:34 - 04645232 _____ (Piriform Ltd) C:\Users\Katrin\Downloads\ccsetup409(1).exe
2013-12-25 21:30 - 2013-12-25 21:30 - 04645232 _____ (Piriform Ltd) C:\Users\Katrin\Downloads\ccsetup409.exe
2013-12-25 21:30 - 2013-12-10 14:24 - 00000000 ____D C:\Users\Katrin\Desktop\Projectjes December 2013
2013-12-19 00:25 - 2013-12-19 00:02 - 301690957 _____ C:\Users\Katrin\Downloads\Der_Freie_Wille_p1-2.flv
2013-12-18 23:27 - 2013-12-18 23:18 - 732624896 _____ C:\Users\Katrin\Downloads\The.Science.of.Sleep.DVDRip.XViD.avi
2013-12-18 07:57 - 2013-09-26 06:03 - 00084720 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avnetflt.sys
2013-12-18 07:57 - 2013-09-26 05:58 - 00131576 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys
2013-12-18 07:57 - 2013-09-26 05:58 - 00108440 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
2013-12-17 23:49 - 2013-12-17 23:49 - 79342623 _____ C:\Users\Katrin\Desktop\pics for rani.rar
2013-12-17 23:48 - 2013-12-17 23:31 - 00000000 ____D C:\Users\Katrin\Desktop\pics for rani
2013-12-16 22:50 - 2013-10-29 22:51 - 00000000 ____D C:\Windows\system32\MRT
2013-12-16 22:46 - 2013-10-29 22:51 - 90708896 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2013-12-16 22:41 - 2009-07-14 06:09 - 00000000 ____D C:\Windows\System32\Tasks\WPD
2013-12-15 13:44 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\rescache
2013-12-13 10:09 - 2013-12-13 09:25 - 00020110 ____H C:\Users\Katrin\Desktop\~WRL4049.tmp
2013-12-13 09:22 - 2013-02-08 00:19 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-12-10 22:53 - 2013-12-10 22:53 - 00003118 _____ C:\Windows\System32\Tasks\Microsoft_Hardware_Launch_mousekeyboardcenter_exe
2013-12-10 22:53 - 2013-12-10 22:53 - 00003092 _____ C:\Windows\System32\Tasks\Microsoft_Hardware_Launch_ipoint_exe
2013-12-10 22:53 - 2013-12-10 22:53 - 00003090 _____ C:\Windows\System32\Tasks\Microsoft_Hardware_Launch_itype_exe
2013-12-10 22:53 - 2013-12-10 22:53 - 00003062 _____ C:\Windows\System32\Tasks\Microsoft_MKC_Logon_Task_ipoint.exe
2013-12-10 22:53 - 2013-12-10 22:53 - 00003060 _____ C:\Windows\System32\Tasks\Microsoft_MKC_Logon_Task_itype.exe
2013-12-10 22:53 - 2013-12-10 22:53 - 00000000 ____H C:\Windows\system32\Drivers\Msft_Kernel_point64_01011.Wdf
2013-12-10 22:52 - 2013-12-10 22:52 - 00000000 ____D C:\Program Files\Microsoft Mouse and Keyboard Center
2013-12-10 14:34 - 2013-12-10 14:34 - 00283055 _____ C:\Users\Katrin\Downloads\AllResponses_Logfiles.xlsx
2013-12-10 14:34 - 2013-12-10 14:34 - 00000165 ____H C:\Users\Katrin\Downloads\~$AllResponses_Logfiles.xlsx
Some content of TEMP:
====================
C:\Users\Katrin\AppData\Local\Temp\avgnt.exe
C:\Users\Katrin\AppData\Local\Temp\Foxit Reader Updater.exe
C:\Users\Katrin\AppData\Local\Temp\Quarantine.exe
==================== Bamital & volsnap Check =================
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
LastRegBack: 2014-01-01 22:47
==================== End Of Log ============================
|
|
09.01.2014, 12:48
| #10 |
| /// the machine /// TB-Ausbilder | Startpage Trojaner Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster. Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument Code:
ATTFilter AppInit_DLLs: [ ] ()
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://startpage.com
Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
12.01.2014, 00:04
| #11 |
| | Startpage TrojanerCode:
ATTFilter Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 11-01-2014 05
Ran by Katrin at 2014-01-12 00:02:48 Run:1
Running from C:\Users\Katrin\Desktop
Boot Mode: Normal
==============================================
Content of fixlist:
*****************
AppInit_DLLs: [ ] ()
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://startpage.com
*****************
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_DLLs => Value was restored successfully.
HKCU\Software\Microsoft\Internet Explorer\Main\\Start Page => Value was restored successfully.
==== End of Fixlog ====
Geändert von katrin01 (12.01.2014 um 00:20 Uhr) |
|
12.01.2014, 09:17
| #12 |
| /// the machine /// TB-Ausbilder | Startpage Trojaner Lade SystemLook von jpshortstuff von einem der folgenden Spiegel herunter und speichere das Tool auf dem Desktop. SystemLook (64 bit)
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
12.01.2014, 11:51
| #13 |
| | Startpage TrojanerCode:
ATTFilter SystemLook 30.07.11 by jpshortstuff
Log created at 11:49 on 12/01/2014 by Katrin
Administrator - Elevation successful
========== regfind ==========
Searching for "startpage.com"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}]
"URL"="hxxp://startpage.com/do/search?query={searchTerms}"
[HKEY_USERS\S-1-5-21-588370504-2637819077-3987119145-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}]
"URL"="hxxp://startpage.com/do/search?query={searchTerms}"
-= EOF =-
|
|
13.01.2014, 10:07
| #14 |
| /// the machine /// TB-Ausbilder | Startpage Trojaner Kopiere den Text in der Codebox in deinen Editor (z.B. Notepad) und speichere es unter dem Namen regfix.reg (bei Dateityp bitte "alle Dateien" wählen) Code:
ATTFilter Windows Registry Editor Version 5.00
[-HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}]
[-HKEY_USERS\S-1-5-21-588370504-2637819077-3987119145-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}]
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
13.01.2014, 23:08
| #15 |
| | Startpage Trojaner hallo, Habe ich gemacht. womit sollte sich die Datei oeffnen? Bei Doppelklick oeffnen sich jetzt der Editor und nicht viel passiert? Danke dir! K |
|
Linear-Darstellung
