| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Bundesministerium für Internetsicherheit. Trojaner?Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
19.01.2014, 19:56
| #1 |
| |  Bundesministerium für Internetsicherheit. Trojaner? Guten Abend zusammen, gestern Abend hat es mich dann scheinbar nach jahrelangem Glück erwischt. Beim surfen öffnete sich eine Seite die angeblich vom Bundesministerium für Internetsicherheit kam. Dort war die Rede von Paypalbezahlung usw., den Rest habe ich mir aber nicht durchgelesen, da ich mich so erschrocken habe. Leider habe ich auch keinen Screenshot gemacht. Die Seite lies sich nicht schliessen, also öffnete ich den Taskmanager und beendete Firefox. Bis jetzt habe ich keine Probleme bzw. Störungen an meinem System feststellen können, alles läuft normal. Ich benutze GData InternetSecurity 2014, welches aber keine Infektion anzeigte nach dem ersten vollständigen Suchlauf. Ich habe GData auch von meinem aktuellen Bootstick laufen lassen, zeigte auch keinen Befall. Malwarebytes AntiMaleware habe ich auch laufen lassen, zeigte auch keinen Fund an. Trotzdem habe ich jetzt so einige Bedenken, ob sich mein PC nicht doch etwas gefangen hat, da ich auch mein Online-Banking darüber mache. Vielleicht kann sich jemand von euch meinem Problem annehmen. Vielen Dank schon einmal im voraus. Ps. OTL Log könnte ich schon anbieten u. Log von AntiMalware Betriebssystem ist Windows 8.1 |
|
19.01.2014, 21:35
| #2 | |
| /// TB-Ausbilder   | Bundesministerium für Internetsicherheit. Trojaner? Hi,
__________________Zitat:
Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop:  FRST 64-Bit(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
__________________ |
|
20.01.2014, 14:08
| #3 |
| | Bundesministerium für Internetsicherheit. Trojaner? FRST LOG
__________________FRST Logfile: FRST Logfile: FRST Logfile: FRST Logfile: FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 19-01-2014 04
Ran by Fro (administrator) on FRO-PC on 20-01-2014 13:39:04
Running from C:\Users\Fro\Desktop
Windows 8.1 Pro (X64) OS Language: German Standard
Internet Explorer Version 11
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(G Data Software AG) C:\Program Files (x86)\Common Files\G Data\GDScan\GDScan.exe
(G Data Software AG) C:\Program Files (x86)\G Data\InternetSecurity\AVK\AVKWCtlx64.exe
(G Data Software AG) C:\Program Files (x86)\Common Files\G Data\AVKProxy\AVKProxy.exe
(G Data Software AG) C:\Program Files (x86)\G Data\InternetSecurity\AVK\AVKService.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Garmin Ltd or its subsidiaries) C:\Program Files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
(Sony Corporation) C:\Program Files (x86)\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
(G Data Software AG) C:\Program Files (x86)\G Data\InternetSecurity\Firewall\GDFirewallTray.exe
(G Data Software AG) C:\Program Files (x86)\G Data\InternetSecurity\AVKTray\AVKTray.exe
(G Data Software AG) C:\Program Files (x86)\Common Files\G Data\AVKProxy\GdBgInx64.exe
(Sony Corporation) C:\Program Files (x86)\Sony\PlayMemories Home\PMBVolumeWatcher.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
(G Data Software AG) C:\Program Files (x86)\G Data\InternetSecurity\Firewall\GDFwSvcx64.exe
(Sony Corporation) C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDms.exe
(Sony Corporation) C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\SPF\SpfService64.exe
(G Data Software AG) C:\Program Files (x86)\Common Files\G Data\AVKProxy\AvkBap64.exe
(Farbar) C:\Users\Fro\Desktop\FRST64(1).exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20315_x64__8wekyb3d8bbwe\livecomm.exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [CanonSolutionMenu] - C:\Program Files (x86)\Canon\SolutionMenu\CNSLMAIN.exe [767312 2009-09-04] (CANON INC.)
HKLM-x32\...\Run: [] - [x]
HKLM-x32\...\Run: [GDFirewallTray] - C:\Program Files (x86)\G Data\InternetSecurity\Firewall\GDFirewallTray.exe [1854928 2013-03-22] (G Data Software AG)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [PDFPrint] - C:\Program Files (x86)\PDF24\pdf24.exe [162408 2012-11-29] (Geek Software GmbH)
HKLM-x32\...\Run: [G Data AntiVirus Tray] - C:\Program Files (x86)\G Data\InternetSecurity\AVKTray\AVKTray.exe [1444472 2013-08-21] (G Data Software AG)
HKLM-x32\...\Run: [StartCCC] - C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [641704 2012-11-16] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [AMD AVT] - C:\Program Files (x86)\AMD AVT\bin\kdbsync.exe [20992 2012-03-19] ()
HKLM-x32\...\Run: [BingDesktop] - C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktop.exe [2249352 2013-06-20] (Microsoft Corp.)
HKLM-x32\...\Run: [SDTray] - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [3830224 2013-05-16] (Safer-Networking Ltd.)
HKLM-x32\...\Run: [KiesTrayAgent] - C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe [311152 2013-07-15] (Samsung Electronics Co., Ltd.)
HKLM-x32\...\Run: [PMBVolumeWatcher] - C:\Program Files (x86)\Sony\PlayMemories Home\PMBVolumeWatcher.exe [2346008 2013-10-01] (Sony Corporation)
HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKCU\...\Run: [GameShadow] - C:\Program Files (x86)\GameShadow\GameShadow.exe [667928 2010-08-05] (GameShadow Ltd)
HKCU\...\Run: [GarminExpressTrayApp] - C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe [1093464 2013-07-22] (Garmin Ltd or its subsidiaries)
HKCU\...\Run: [KiesPreload] - C:\Program Files (x86)\Samsung\Kies\Kies.exe [1564016 2013-07-15] (Samsung)
HKCU\...\Run: [] - C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe [844656 2013-07-15] (Samsung)
Startup: C:\Users\Fro\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Registration .LNK
ShortcutTarget: Registration .LNK -> C:\Program Files (x86)\Ubisoft\Silent Hunter 4 Wolves of the Pacific\RegistrationReminder\RegistrationReminder.exe ()
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://web.de/
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://t.de.msn.com/
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xFD727463ADD1CD01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE,de;q=0.8,en-US;q=0.7,en;q=0.5,fr-FR;q=0.3,fr;q=0.2
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: MSS+ Identifier - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files\McAfee Security Scan\3.8.130\McAfeeMSS_IE.dll (McAfee, Inc.)
BHO-x32: Canon Easy-WebPrint EX BHO - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM-x32 - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
Toolbar: HKCU - No Name - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - No File
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1
FireFox:
========
FF ProfilePath: C:\Users\Fro\AppData\Roaming\Mozilla\Firefox\Profiles\i8ktil6a.default
FF NewTab: chrome://unitedtb/content/newtab/newtab-page.xhtml
FF Homepage: hxxp://go.web.de/tb/mff_startpage_homepage
FF Plugin: @adobe.com/FlashPlayer - C:\WINDOWS\system32\Macromed\Flash\NPSWF64_11_9_900_170.dll ()
FF Plugin: @java.com/DTPlugin,version=10.45.2 - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.45.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.1.1 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_170.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer - C:\WINDOWS\SysWOW64\Adobe\Director\np32dsw_1168638.dll (Adobe Systems, Inc.)
FF Plugin-x32: @canon.com/EPPEX - C:\Program Files (x86)\Canon\My Image Garden\AddOn\CIG\npmigfpi.dll (CANON INC.)
FF Plugin-x32: @java.com/DTPlugin,version=10.45.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.45.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @mcafee.com/McAfeeMssPlugin - C:\Program Files\McAfee Security Scan\3.8.130\npMcAfeeMss.dll (McAfee, Inc.)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeLive,version=1.5 - C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: amazon.com/AmazonMP3DownloaderPlugin - C:\Program Files (x86)\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin10174.dll (Amazon.com, Inc.)
FF SearchPlugin: C:\Users\Fro\AppData\Roaming\Mozilla\Firefox\Profiles\i8ktil6a.default\searchplugins\11-suche.xml
FF SearchPlugin: C:\Users\Fro\AppData\Roaming\Mozilla\Firefox\Profiles\i8ktil6a.default\searchplugins\englische-ergebnisse.xml
FF SearchPlugin: C:\Users\Fro\AppData\Roaming\Mozilla\Firefox\Profiles\i8ktil6a.default\searchplugins\gmx-suche.xml
FF SearchPlugin: C:\Users\Fro\AppData\Roaming\Mozilla\Firefox\Profiles\i8ktil6a.default\searchplugins\lastminute.xml
FF SearchPlugin: C:\Users\Fro\AppData\Roaming\Mozilla\Firefox\Profiles\i8ktil6a.default\searchplugins\webde-suche.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: Garmin Communicator - C:\Users\Fro\AppData\Roaming\Mozilla\Firefox\Profiles\i8ktil6a.default\Extensions\{195A3098-0BD5-4e90-AE22-BA1C540AFD1E} [2013-11-19]
FF Extension: WOT - C:\Users\Fro\AppData\Roaming\Mozilla\Firefox\Profiles\i8ktil6a.default\Extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} [2013-11-29]
FF Extension: Bitdefender QuickScan - C:\Users\Fro\AppData\Roaming\Mozilla\Firefox\Profiles\i8ktil6a.default\Extensions\{e001c731-5e37-4538-a5cb-8168736a2360} [2013-06-24]
FF Extension: WEB.DE MailCheck - C:\Users\Fro\AppData\Roaming\Mozilla\Firefox\Profiles\i8ktil6a.default\Extensions\toolbar@web.de.xpi [2013-03-08]
FF Extension: Adblock Plus - C:\Users\Fro\AppData\Roaming\Mozilla\Firefox\Profiles\i8ktil6a.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2012-12-04]
FF Extension: QuickJava - C:\Users\Fro\AppData\Roaming\Mozilla\Firefox\Profiles\i8ktil6a.default\Extensions\{E6C1199F-E687-42da-8C24-E7770CC3AE66}.xpi [2013-08-31]
==================== Services (Whitelisted) =================
U2 AVKProxy; C:\Program Files (x86)\Common Files\G Data\AVKProxy\AVKProxy.exe [1970296 2013-08-26] (G Data Software AG)
U2 AVKService; C:\Program Files (x86)\G Data\InternetSecurity\AVK\AVKService.exe [635000 2013-08-21] (G Data Software AG)
U2 AVKWCtl; C:\Program Files (x86)\G Data\InternetSecurity\AVK\AVKWCtlX64.exe [2562208 2013-10-15] (G Data Software AG)
U2 BingDesktopUpdate; C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktopUpdater.exe [173192 2013-06-20] (Microsoft Corp.)
U2 Garmin Core Update Service; C:\Program Files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe [219480 2013-07-22] (Garmin Ltd or its subsidiaries)
U3 GDFwSvc; C:\Program Files (x86)\G Data\InternetSecurity\Firewall\GDFwSvcx64.exe [2942808 2013-10-17] (G Data Software AG)
U2 GDScan; C:\Program Files (x86)\Common Files\G Data\GDScan\GDScan.exe [695416 2013-08-22] (G Data Software AG)
U2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
U2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
U3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.130\McCHSvc.exe [288776 2013-09-06] (McAfee, Inc.)
U2 PMBDeviceInfoProvider; C:\Program Files (x86)\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe [481304 2013-10-01] (Sony Corporation)
U2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1817560 2013-05-16] (Safer-Networking Ltd.)
U2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [1033688 2013-05-16] (Safer-Networking Ltd.)
U2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2013-05-15] (Safer-Networking Ltd.)
U3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [346872 2013-08-22] (Microsoft Corporation)
U3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23840 2013-08-22] (Microsoft Corporation)
==================== Drivers (Whitelisted) ====================
U0 ADP80XX; C:\Windows\System32\drivers\ADP80XX.SYS [782176 2013-08-22] (PMC-Sierra)
U2 atksgt; C:\Windows\System32\DRIVERS\atksgt.sys [314016 2012-12-08] ()
U3 bcmfn2; C:\Windows\System32\drivers\bcmfn2.sys [17624 2013-08-13] (Windows (R) Win 7 DDK provider)
U0 GDBehave; C:\Windows\System32\drivers\GDBehave.sys [60248 2013-10-05] (G Data Software AG)
U1 GDMnIcpt; C:\WINDOWS\system32\drivers\MiniIcpt.sys [130392 2013-10-05] (G Data Software AG)
U3 GDPkIcpt; C:\WINDOWS\system32\drivers\PktIcpt.sys [64856 2013-10-05] (G Data Software AG)
U1 gdwfpcd; C:\Windows\System32\drivers\gdwfpcd64.sys [68440 2013-10-25] (G Data Software AG)
U1 GRD; C:\WINDOWS\system32\drivers\GRD.sys [106272 2013-10-05] (G Data Software)
U1 HookCentre; C:\WINDOWS\system32\drivers\HookCentre.sys [65368 2013-10-05] (G Data Software AG)
U3 iaLPSSi_GPIO; C:\Windows\System32\drivers\iaLPSSi_GPIO.sys [24568 2013-07-30] (Intel Corporation)
U3 iaLPSSi_I2C; C:\Windows\System32\drivers\iaLPSSi_I2C.sys [99320 2013-07-25] (Intel Corporation)
U0 iaStorAV; C:\Windows\System32\drivers\iaStorAV.sys [651248 2013-08-10] (Intel Corporation)
U0 intelpep; C:\Windows\System32\drivers\intelpep.sys [39768 2013-11-11] (Microsoft Corporation)
U3 kbldfltr; C:\Windows\System32\drivers\kbldfltr.sys [22272 2013-09-30] (Microsoft Corporation)
U2 lirsgt; C:\Windows\System32\DRIVERS\lirsgt.sys [43680 2012-12-08] ()
U0 LSI_SAS3; C:\Windows\System32\drivers\lsi_sas3.sys [81760 2013-08-22] (LSI Corporation)
U3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
U3 NdisVirtualBus; C:\Windows\System32\drivers\NdisVirtualBus.sys [16384 2013-08-22] (Microsoft Corporation)
U3 netvsc; C:\Windows\system32\DRIVERS\netvsc63.sys [87040 2013-08-22] (Microsoft Corporation)
U3 ReFS; C:\Windows\System32\Drivers\ReFS.sys [924512 2013-08-22] (Microsoft Corporation)
U3 SerCx2; C:\Windows\System32\drivers\SerCx2.sys [146776 2013-10-26] (Microsoft Corporation)
U0 stornvme; C:\Windows\System32\drivers\stornvme.sys [57176 2013-11-21] (Microsoft Corporation)
U3 UEFI; C:\Windows\System32\drivers\UEFI.sys [26976 2013-08-22] (Microsoft Corporation)
U3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [124256 2013-08-22] (Microsoft Corporation)
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2014-01-20 13:39 - 2014-01-20 13:39 - 00015589 _____ C:\Users\Fro\Desktop\FRST.txt
2014-01-20 13:34 - 2014-01-20 13:34 - 00091526 _____ C:\Users\Fro\Desktop\OTL.Txt
2014-01-20 13:29 - 2014-01-20 13:29 - 00000000 ____D C:\FRST
2014-01-20 13:27 - 2014-01-20 13:27 - 02076672 _____ (Farbar) C:\Users\Fro\Desktop\FRST64(1).exe
2014-01-19 20:10 - 2014-01-19 20:11 - 00000000 ____D C:\Users\Fro\Desktop\Troj Board
2014-01-19 20:01 - 2014-01-19 20:01 - 00370610 _____ C:\Users\Fro\Downloads\gmer_2.1.19323.zip
2014-01-19 20:00 - 2014-01-19 20:00 - 02076672 _____ (Farbar) C:\Users\Fro\Downloads\FRST64.exe
2014-01-19 20:00 - 2014-01-19 20:00 - 00050477 _____ C:\Users\Fro\Downloads\Defogger(1).exe
2014-01-19 19:43 - 2014-01-19 19:43 - 01236282 _____ C:\Users\Fro\Downloads\adwcleaner(1).exe
2014-01-19 18:33 - 2014-01-19 18:33 - 05167985 _____ (Swearware) C:\Users\Fro\Downloads\ComboFix.exe
2014-01-19 18:26 - 2014-01-19 18:26 - 00000000 ____D C:\Users\Fro\Downloads\Kaspersky Rescue2Usb
2014-01-19 18:25 - 2014-01-19 18:25 - 00000795 _____ C:\WINDOWS\setupact.log
2014-01-19 18:25 - 2014-01-19 18:25 - 00000000 _____ C:\WINDOWS\setuperr.log
2014-01-19 18:22 - 2014-01-19 18:22 - 00387584 _____ C:\Users\Fro\Downloads\rescue2usb1007.exe
2014-01-19 18:22 - 2014-01-19 18:22 - 00387584 _____ C:\Users\Fro\Downloads\rescue2usb1007(1).exe
2014-01-19 18:21 - 2014-01-19 18:23 - 340465664 _____ C:\Users\Fro\Downloads\kav_rescue_10-0513.iso
2014-01-19 14:50 - 2014-01-19 14:50 - 02347384 _____ (ESET) C:\Users\Fro\Downloads\esetsmartinstaller_deu(1).exe
2014-01-19 02:03 - 2014-01-20 13:37 - 00154856 _____ C:\WINDOWS\WindowsUpdate.log
2014-01-19 00:39 - 2014-01-19 00:39 - 00000000 ____D C:\WINDOWS\ERUNT
2014-01-19 00:27 - 2014-01-19 00:27 - 00073978 _____ C:\Users\Fro\Downloads\Extras.Txt
2014-01-19 00:26 - 2014-01-19 19:13 - 00092980 _____ C:\Users\Fro\Downloads\OTL.Txt
2014-01-19 00:25 - 2014-01-19 00:37 - 00000000 ____D C:\AdwCleaner
2014-01-19 00:25 - 2014-01-19 00:25 - 01236282 _____ C:\Users\Fro\Downloads\adwcleaner.exe
2014-01-19 00:25 - 2014-01-19 00:25 - 01037068 _____ (Thisisu) C:\Users\Fro\Downloads\JRT.exe
2014-01-19 00:21 - 2014-01-19 00:21 - 00001125 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-01-19 00:21 - 2014-01-19 00:21 - 00000000 ____D C:\Users\Fro\AppData\Roaming\Malwarebytes
2014-01-19 00:21 - 2014-01-19 00:21 - 00000000 ____D C:\ProgramData\Malwarebytes
2014-01-19 00:21 - 2014-01-19 00:21 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-01-19 00:21 - 2013-04-04 14:50 - 00025928 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys
2014-01-19 00:20 - 2014-01-19 00:20 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\Fro\Downloads\mbam-setup-1.75.0.1300.exe
2014-01-19 00:17 - 2014-01-19 00:17 - 00050477 _____ C:\Users\Fro\Downloads\Defogger.exe
2014-01-19 00:16 - 2014-01-19 00:16 - 00602112 _____ (OldTimer Tools) C:\Users\Fro\Desktop\OTL.exe
2014-01-19 00:15 - 2014-01-19 00:15 - 00379904 _____ C:\Users\Fro\Downloads\ku8n2lj3.exe
2014-01-18 20:19 - 2014-01-18 20:19 - 00000000 ____D C:\Users\Fro\AppData\Local\Overwolf
2014-01-18 19:14 - 2014-01-18 19:29 - 1073741824 _____ C:\Users\Fro\Downloads\ROMSetup-7.bin
2014-01-18 19:14 - 2014-01-18 19:29 - 1073741824 _____ C:\Users\Fro\Downloads\ROMSetup-5.bin
2014-01-18 19:14 - 2014-01-18 19:28 - 1073741824 _____ C:\Users\Fro\Downloads\ROMSetup-6.bin
2014-01-18 19:09 - 2014-01-18 19:24 - 1073741824 _____ C:\Users\Fro\Downloads\ROMSetup-8.bin
2014-01-18 19:09 - 2014-01-18 19:24 - 1073741824 _____ C:\Users\Fro\Downloads\ROMSetup-4.bin
2014-01-18 19:09 - 2014-01-18 19:14 - 249187774 _____ C:\Users\Fro\Downloads\ROMSetup-9.bin
2014-01-18 19:09 - 2014-01-18 19:09 - 00466344 _____ (Frogster Online Gaming GmbH ) C:\Users\Fro\Downloads\ROMSetup.exe
2014-01-18 18:54 - 2014-01-18 19:19 - 1073741824 _____ C:\Users\Fro\Downloads\ROMSetup-2.bin
2014-01-18 18:54 - 2014-01-18 19:09 - 1073741824 _____ C:\Users\Fro\Downloads\ROMSetup-3.bin
2014-01-18 18:54 - 2014-01-18 19:07 - 1073280512 _____ C:\Users\Fro\Downloads\ROMSetup-1.bin
2014-01-15 19:27 - 2013-12-09 01:15 - 00787968 _____ (Microsoft Corporation) C:\WINDOWS\system32\uDWM.dll
2014-01-15 19:27 - 2013-11-27 16:36 - 03395920 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSService.dll
2014-01-15 19:27 - 2013-11-27 12:41 - 00084480 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSCollect.exe
2014-01-15 19:27 - 2013-11-27 11:34 - 00138240 _____ C:\WINDOWS\system32\OEMLicense.dll
2014-01-15 19:27 - 2013-11-27 10:54 - 00103936 _____ C:\WINDOWS\SysWOW64\OEMLicense.dll
2014-01-15 19:27 - 2013-11-27 09:48 - 00249856 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.TestingFramework.dll
2014-01-15 19:27 - 2013-11-27 09:45 - 00206336 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSClient.dll
2014-01-15 19:27 - 2013-11-27 09:40 - 00189952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll
2014-01-15 19:27 - 2013-11-27 09:38 - 00174592 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WSClient.dll
2014-01-15 19:27 - 2013-11-27 09:17 - 00695808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WSShared.dll
2014-01-15 19:27 - 2013-11-27 09:12 - 00848384 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSShared.dll
2014-01-09 14:23 - 2014-01-09 14:24 - 00000000 ____D C:\Users\Fro\Desktop\Fußboden Badezimmer
2014-01-09 14:17 - 2014-01-09 14:18 - 00000000 ____D C:\Users\Fro\Desktop\Amazon Artikel
2014-01-09 14:14 - 2014-01-09 14:25 - 00000000 ____D C:\Users\Fro\Desktop\Dänemark 2014 Verträge usw
2014-01-02 23:32 - 2014-01-02 23:32 - 04530560 _____ (InstallShield Software Corporation ) C:\Users\Fro\Downloads\AVM_FRITZ!WLAN_Repeater_310_Assistent(2).exe
2014-01-02 23:12 - 2014-01-02 23:12 - 13107200 _____ C:\Users\Fro\Downloads\fritz.wlan_repeater_310.122.06.00.image
2014-01-02 23:11 - 2014-01-02 23:11 - 00003172 _____ C:\WINDOWS\System32\Tasks\{8C68323D-04C2-4A82-A22B-126A8717C7FD}
2014-01-02 23:06 - 2014-01-02 23:06 - 04530560 _____ (InstallShield Software Corporation ) C:\Users\Fro\Downloads\AVM_FRITZ!WLAN_Repeater_310_Assistent(1).exe
2013-12-30 13:25 - 2013-10-08 07:50 - 00096168 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\WindowsAccessBridge-32.dll
2013-12-30 13:25 - 2013-10-08 07:46 - 00264616 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\javaws.exe
2013-12-30 13:25 - 2013-10-08 07:46 - 00175016 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\javaw.exe
2013-12-30 13:25 - 2013-10-08 07:46 - 00174504 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\java.exe
2013-12-30 13:24 - 2013-12-30 13:25 - 00004886 _____ C:\WINDOWS\SysWOW64\jupdate-1.7.0_45-b18.log
2013-12-30 13:23 - 2013-12-30 13:23 - 00915368 _____ (Oracle Corporation) C:\Users\Fro\Downloads\jxpiinstall(3).exe
2013-12-30 13:22 - 2013-12-30 13:22 - 01070944 _____ (Solid State Networks) C:\Users\Fro\Downloads\install_flashplayer11x32_ltr5x64d_awc_aih.exe
2013-12-30 13:20 - 2013-12-30 13:25 - 00000000 ____D C:\ProgramData\Oracle
2013-12-30 13:20 - 2013-12-30 13:20 - 00312744 _____ (Oracle Corporation) C:\WINDOWS\system32\javaws.exe
2013-12-30 13:20 - 2013-12-30 13:20 - 00189352 _____ (Oracle Corporation) C:\WINDOWS\system32\javaw.exe
2013-12-30 13:20 - 2013-12-30 13:20 - 00189352 _____ (Oracle Corporation) C:\WINDOWS\system32\java.exe
2013-12-30 13:20 - 2013-12-30 13:20 - 00108968 _____ (Oracle Corporation) C:\WINDOWS\system32\WindowsAccessBridge-64.dll
2013-12-30 13:20 - 2013-12-30 13:20 - 00000000 ____D C:\Program Files\Java
2013-12-30 13:19 - 2013-12-30 13:19 - 30694824 _____ (Oracle Corporation) C:\Users\Fro\Downloads\jre-7u45-windows-x64.exe
2013-12-21 21:54 - 2013-12-21 21:55 - 36152456 _____ (Amazon) C:\Users\Fro\Downloads\AmazonCloudPlayerInstaller_399.exe
==================== One Month Modified Files and Folders =======
2014-01-20 13:39 - 2014-01-20 13:39 - 00015589 _____ C:\Users\Fro\Desktop\FRST.txt
2014-01-20 13:37 - 2014-01-19 02:03 - 00154856 _____ C:\WINDOWS\WindowsUpdate.log
2014-01-20 13:34 - 2014-01-20 13:34 - 00091526 _____ C:\Users\Fro\Desktop\OTL.Txt
2014-01-20 13:29 - 2014-01-20 13:29 - 00000000 ____D C:\FRST
2014-01-20 13:28 - 2012-12-04 11:13 - 05160960 ___SH C:\Users\Fro\Desktop\Thumbs.db
2014-01-20 13:27 - 2014-01-20 13:27 - 02076672 _____ (Farbar) C:\Users\Fro\Desktop\FRST64(1).exe
2014-01-20 13:27 - 2013-11-23 00:33 - 00003914 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{95AD2C91-CE30-4D29-9104-E99BBE1D52BB}
2014-01-20 13:21 - 2013-08-22 15:45 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2014-01-19 21:00 - 2013-08-22 16:36 - 00000000 ____D C:\WINDOWS\system32\sru
2014-01-19 20:11 - 2014-01-19 20:10 - 00000000 ____D C:\Users\Fro\Desktop\Troj Board
2014-01-19 20:01 - 2014-01-19 20:01 - 00370610 _____ C:\Users\Fro\Downloads\gmer_2.1.19323.zip
2014-01-19 20:00 - 2014-01-19 20:00 - 02076672 _____ (Farbar) C:\Users\Fro\Downloads\FRST64.exe
2014-01-19 20:00 - 2014-01-19 20:00 - 00050477 _____ C:\Users\Fro\Downloads\Defogger(1).exe
2014-01-19 19:43 - 2014-01-19 19:43 - 01236282 _____ C:\Users\Fro\Downloads\adwcleaner(1).exe
2014-01-19 19:14 - 2013-11-21 11:23 - 00056320 ___SH C:\Users\Public\Desktop\Thumbs.db
2014-01-19 19:13 - 2014-01-19 00:26 - 00092980 _____ C:\Users\Fro\Downloads\OTL.Txt
2014-01-19 18:33 - 2014-01-19 18:33 - 05167985 _____ (Swearware) C:\Users\Fro\Downloads\ComboFix.exe
2014-01-19 18:29 - 2013-09-30 05:14 - 01776918 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2014-01-19 18:29 - 2013-09-30 04:56 - 00764340 _____ C:\WINDOWS\system32\perfh007.dat
2014-01-19 18:29 - 2013-09-30 04:56 - 00159160 _____ C:\WINDOWS\system32\perfc007.dat
2014-01-19 18:26 - 2014-01-19 18:26 - 00000000 ____D C:\Users\Fro\Downloads\Kaspersky Rescue2Usb
2014-01-19 18:25 - 2014-01-19 18:25 - 00000795 _____ C:\WINDOWS\setupact.log
2014-01-19 18:25 - 2014-01-19 18:25 - 00000000 _____ C:\WINDOWS\setuperr.log
2014-01-19 18:23 - 2014-01-19 18:21 - 340465664 _____ C:\Users\Fro\Downloads\kav_rescue_10-0513.iso
2014-01-19 18:22 - 2014-01-19 18:22 - 00387584 _____ C:\Users\Fro\Downloads\rescue2usb1007.exe
2014-01-19 18:22 - 2014-01-19 18:22 - 00387584 _____ C:\Users\Fro\Downloads\rescue2usb1007(1).exe
2014-01-19 14:50 - 2014-01-19 14:50 - 02347384 _____ (ESET) C:\Users\Fro\Downloads\esetsmartinstaller_deu(1).exe
2014-01-19 03:19 - 2013-08-22 14:25 - 00262144 ___SH C:\WINDOWS\system32\config\BBI
2014-01-19 02:09 - 2012-12-04 00:10 - 00003598 _____ C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3397308370-982815396-3338616787-1000
2014-01-19 00:39 - 2014-01-19 00:39 - 00000000 ____D C:\WINDOWS\ERUNT
2014-01-19 00:37 - 2014-01-19 00:25 - 00000000 ____D C:\AdwCleaner
2014-01-19 00:27 - 2014-01-19 00:27 - 00073978 _____ C:\Users\Fro\Downloads\Extras.Txt
2014-01-19 00:25 - 2014-01-19 00:25 - 01236282 _____ C:\Users\Fro\Downloads\adwcleaner.exe
2014-01-19 00:25 - 2014-01-19 00:25 - 01037068 _____ (Thisisu) C:\Users\Fro\Downloads\JRT.exe
2014-01-19 00:21 - 2014-01-19 00:21 - 00001125 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-01-19 00:21 - 2014-01-19 00:21 - 00000000 ____D C:\Users\Fro\AppData\Roaming\Malwarebytes
2014-01-19 00:21 - 2014-01-19 00:21 - 00000000 ____D C:\ProgramData\Malwarebytes
2014-01-19 00:21 - 2014-01-19 00:21 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-01-19 00:20 - 2014-01-19 00:20 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\Fro\Downloads\mbam-setup-1.75.0.1300.exe
2014-01-19 00:17 - 2014-01-19 00:17 - 00050477 _____ C:\Users\Fro\Downloads\Defogger.exe
2014-01-19 00:16 - 2014-01-19 00:16 - 00602112 _____ (OldTimer Tools) C:\Users\Fro\Desktop\OTL.exe
2014-01-19 00:15 - 2014-01-19 00:15 - 00379904 _____ C:\Users\Fro\Downloads\ku8n2lj3.exe
2014-01-18 20:19 - 2014-01-18 20:19 - 00000000 ____D C:\Users\Fro\AppData\Local\Overwolf
2014-01-18 19:29 - 2014-01-18 19:14 - 1073741824 _____ C:\Users\Fro\Downloads\ROMSetup-7.bin
2014-01-18 19:29 - 2014-01-18 19:14 - 1073741824 _____ C:\Users\Fro\Downloads\ROMSetup-5.bin
2014-01-18 19:28 - 2014-01-18 19:14 - 1073741824 _____ C:\Users\Fro\Downloads\ROMSetup-6.bin
2014-01-18 19:24 - 2014-01-18 19:09 - 1073741824 _____ C:\Users\Fro\Downloads\ROMSetup-8.bin
2014-01-18 19:24 - 2014-01-18 19:09 - 1073741824 _____ C:\Users\Fro\Downloads\ROMSetup-4.bin
2014-01-18 19:19 - 2014-01-18 18:54 - 1073741824 _____ C:\Users\Fro\Downloads\ROMSetup-2.bin
2014-01-18 19:14 - 2014-01-18 19:09 - 249187774 _____ C:\Users\Fro\Downloads\ROMSetup-9.bin
2014-01-18 19:09 - 2014-01-18 19:09 - 00466344 _____ (Frogster Online Gaming GmbH ) C:\Users\Fro\Downloads\ROMSetup.exe
2014-01-18 19:09 - 2014-01-18 18:54 - 1073741824 _____ C:\Users\Fro\Downloads\ROMSetup-3.bin
2014-01-18 19:07 - 2014-01-18 18:54 - 1073280512 _____ C:\Users\Fro\Downloads\ROMSetup-1.bin
2014-01-18 18:47 - 2013-08-22 16:36 - 00000000 ____D C:\WINDOWS\WinStore
2014-01-17 20:58 - 2013-08-25 19:23 - 00000000 ____D C:\WINDOWS\system32\MRT
2014-01-17 20:58 - 2012-12-04 11:06 - 00000000 ____D C:\ProgramData\Microsoft Help
2014-01-17 20:57 - 2013-08-22 16:36 - 00000000 ____D C:\WINDOWS\AppReadiness
2014-01-17 20:57 - 2012-12-12 19:43 - 86054176 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2014-01-11 15:43 - 2012-12-04 00:21 - 00000884 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2014-01-09 14:25 - 2014-01-09 14:14 - 00000000 ____D C:\Users\Fro\Desktop\Dänemark 2014 Verträge usw
2014-01-09 14:25 - 2013-07-09 20:04 - 00000000 ____D C:\Users\Fro\Desktop\Rutenmontage Fischereiprüfung
2014-01-09 14:24 - 2014-01-09 14:23 - 00000000 ____D C:\Users\Fro\Desktop\Fußboden Badezimmer
2014-01-09 14:24 - 2009-09-26 16:31 - 00000000 ____D C:\Users\Fro\Desktop
2014-01-09 14:24 - 2009-09-24 14:22 - 00000000 ___RD C:\Users\Fro\Desktop
2014-01-09 14:20 - 2009-09-26 16:33 - 00000000 ____D C:\Users\Fro\Desktop
2014-01-09 14:18 - 2014-01-09 14:17 - 00000000 ____D C:\Users\Fro\Desktop\Amazon Artikel
2014-01-09 14:11 - 2013-09-30 17:24 - 00000000 ____D C:\Users\Fro\AppData\Local\Thunderbird
2014-01-07 10:28 - 2012-12-04 00:44 - 00000846 _____ C:\Users\Fro\Desktop\Downloads.lnk
2014-01-06 23:31 - 2013-08-22 16:38 - 00693240 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2014-01-06 23:31 - 2013-08-22 16:38 - 00105464 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2014-01-02 23:34 - 2012-12-04 21:58 - 00408576 ___SH C:\Users\Fro\Downloads\Thumbs.db
2014-01-02 23:32 - 2014-01-02 23:32 - 04530560 _____ (InstallShield Software Corporation ) C:\Users\Fro\Downloads\AVM_FRITZ!WLAN_Repeater_310_Assistent(2).exe
2014-01-02 23:12 - 2014-01-02 23:12 - 13107200 _____ C:\Users\Fro\Downloads\fritz.wlan_repeater_310.122.06.00.image
2014-01-02 23:11 - 2014-01-02 23:11 - 00003172 _____ C:\WINDOWS\System32\Tasks\{8C68323D-04C2-4A82-A22B-126A8717C7FD}
2014-01-02 23:06 - 2014-01-02 23:06 - 04530560 _____ (InstallShield Software Corporation ) C:\Users\Fro\Downloads\AVM_FRITZ!WLAN_Repeater_310_Assistent(1).exe
2013-12-30 13:25 - 2013-12-30 13:24 - 00004886 _____ C:\WINDOWS\SysWOW64\jupdate-1.7.0_45-b18.log
2013-12-30 13:25 - 2013-12-30 13:20 - 00000000 ____D C:\ProgramData\Oracle
2013-12-30 13:25 - 2013-08-31 15:04 - 00000000 ____D C:\Program Files (x86)\Java
2013-12-30 13:23 - 2013-12-30 13:23 - 00915368 _____ (Oracle Corporation) C:\Users\Fro\Downloads\jxpiinstall(3).exe
2013-12-30 13:22 - 2013-12-30 13:22 - 01070944 _____ (Solid State Networks) C:\Users\Fro\Downloads\install_flashplayer11x32_ltr5x64d_awc_aih.exe
2013-12-30 13:20 - 2013-12-30 13:20 - 00312744 _____ (Oracle Corporation) C:\WINDOWS\system32\javaws.exe
2013-12-30 13:20 - 2013-12-30 13:20 - 00189352 _____ (Oracle Corporation) C:\WINDOWS\system32\javaw.exe
2013-12-30 13:20 - 2013-12-30 13:20 - 00189352 _____ (Oracle Corporation) C:\WINDOWS\system32\java.exe
2013-12-30 13:20 - 2013-12-30 13:20 - 00108968 _____ (Oracle Corporation) C:\WINDOWS\system32\WindowsAccessBridge-64.dll
2013-12-30 13:20 - 2013-12-30 13:20 - 00000000 ____D C:\Program Files\Java
2013-12-30 13:19 - 2013-12-30 13:19 - 30694824 _____ (Oracle Corporation) C:\Users\Fro\Downloads\jre-7u45-windows-x64.exe
2013-12-30 13:19 - 2012-12-04 21:26 - 00000000 ____D C:\Users\Fro\AppData\Local\Adobe
2013-12-30 13:19 - 2012-12-04 00:21 - 00003774 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater
2013-12-30 12:48 - 2013-08-22 16:36 - 00000000 ____D C:\WINDOWS\rescache
2013-12-21 21:55 - 2013-12-21 21:54 - 36152456 _____ (Amazon) C:\Users\Fro\Downloads\AmazonCloudPlayerInstaller_399.exe
==================== Bamital & volsnap Check =================
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
LastRegBack: 2014-01-19 15:16
==================== End Of Log ============================
--- --- --- --- --- --- --- --- --- --- --- --- --- --- --- Addition LOGFRST Additions Logfile: Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x64) Version: 19-01-2014 04
Ran by Fro at 2014-01-20 13:39:30
Running from C:\Users\Fro\Desktop
Boot Mode: Normal
==========================================================
==================== Security Center ========================
AV: G Data InternetSecurity 2014 (Enabled - Up to date) {545C8713-0744-B079-87F8-349A6D5C8CF0}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: G Data InternetSecurity 2014 (Enabled - Up to date) {EF3D66F7-217E-BFF7-BD48-0FE816DBC64D}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Spybot - Search and Destroy (Disabled - Out of date) {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
FW: G Data Personal Firewall (Enabled) {6C670636-4D2B-B121-ACA7-9DAF938FCB8B}
==================== Installed Programs ======================
Adobe AIR (x32 Version: 3.5.0.600 - Adobe Systems Incorporated)
Adobe AIR (x32 Version: 3.5.0.600 - Adobe Systems Incorporated) Hidden
Adobe Flash Player 11 Plugin (x32 Version: 11.9.900.170 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.06) - Deutsch (x32 Version: 11.0.06 - Adobe Systems Incorporated)
Adobe Shockwave Player 11.6 (x32 Version: 11.6.8.638 - Adobe Systems, Inc.)
Amazon MP3-Downloader 1.0.17 (x32 Version: 1.0.17 - Amazon Services LLC)
AMD Accelerated Video Transcoding (Version: 12.5.100.21116 - Advanced Micro Devices, Inc.) Hidden
AMD APP SDK Runtime (Version: 10.0.937.2 - Advanced Micro Devices Inc.) Hidden
AMD Catalyst Install Manager (Version: 8.0.877.0 - Advanced Micro Devices, Inc.)
AMD Drag and Drop Transcoding (Version: 2.00.0000 - Advanced Micro Devices, Inc.) Hidden
AMD Media Foundation Decoders (Version: 1.0.71116.1554 - Advanced Micro Devices, Inc.) Hidden
Auslogics Disk Defrag (x32 Version: 3.5 - Auslogics Software Pty Ltd)
Bing-Desktop (x32 Version: 1.3.171.0 - Microsoft Corporation)
Canon Easy-PhotoPrint EX (x32 Version: 4.1.6 - Canon Inc.)
Canon Easy-WebPrint EX (x32 Version: 1.3.5.0 - Canon Inc.)
Canon iP4700 series Printer Driver (Version: - Canon Inc.)
Canon My Image Garden (x32 Version: 1.1.1 - Canon Inc.)
Canon My Image Garden Design Files (x32 Version: 1.0.1 - Canon Inc.)
Canon My Printer (x32 Version: 3.1.0 - Canon Inc.)
Canon Utilities Solution Menu (x32 Version: - )
Catalyst Control Center - Branding (x32 Version: 1.00.0000 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center (x32 Version: 2012.1116.1515.27190 - Ihr Firmenname) Hidden
Catalyst Control Center Graphics Previews Common (x32 Version: 2012.1116.1515.27190 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center InstallProxy (x32 Version: 2012.1116.1515.27190 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Localization All (x32 Version: 2012.1116.1515.27190 - Advanced Micro Devices, Inc.) Hidden
CCC Help Chinese Standard (x32 Version: 2012.1116.1514.27190 - Advanced Micro Devices, Inc.) Hidden
CCC Help Chinese Traditional (x32 Version: 2012.1116.1514.27190 - Advanced Micro Devices, Inc.) Hidden
CCC Help Czech (x32 Version: 2012.1116.1514.27190 - Advanced Micro Devices, Inc.) Hidden
CCC Help Danish (x32 Version: 2012.1116.1514.27190 - Advanced Micro Devices, Inc.) Hidden
CCC Help Dutch (x32 Version: 2012.1116.1514.27190 - Advanced Micro Devices, Inc.) Hidden
CCC Help English (x32 Version: 2012.1116.1514.27190 - Advanced Micro Devices, Inc.) Hidden
CCC Help Finnish (x32 Version: 2012.1116.1514.27190 - Advanced Micro Devices, Inc.) Hidden
CCC Help French (x32 Version: 2012.1116.1514.27190 - Advanced Micro Devices, Inc.) Hidden
CCC Help German (x32 Version: 2012.1116.1514.27190 - Advanced Micro Devices, Inc.) Hidden
CCC Help Greek (x32 Version: 2012.1116.1514.27190 - Advanced Micro Devices, Inc.) Hidden
CCC Help Hungarian (x32 Version: 2012.1116.1514.27190 - Advanced Micro Devices, Inc.) Hidden
CCC Help Italian (x32 Version: 2012.1116.1514.27190 - Advanced Micro Devices, Inc.) Hidden
CCC Help Japanese (x32 Version: 2012.1116.1514.27190 - Advanced Micro Devices, Inc.) Hidden
CCC Help Korean (x32 Version: 2012.1116.1514.27190 - Advanced Micro Devices, Inc.) Hidden
CCC Help Norwegian (x32 Version: 2012.1116.1514.27190 - Advanced Micro Devices, Inc.) Hidden
CCC Help Polish (x32 Version: 2012.1116.1514.27190 - Advanced Micro Devices, Inc.) Hidden
CCC Help Portuguese (x32 Version: 2012.1116.1514.27190 - Advanced Micro Devices, Inc.) Hidden
CCC Help Russian (x32 Version: 2012.1116.1514.27190 - Advanced Micro Devices, Inc.) Hidden
CCC Help Spanish (x32 Version: 2012.1116.1514.27190 - Advanced Micro Devices, Inc.) Hidden
CCC Help Swedish (x32 Version: 2012.1116.1514.27190 - Advanced Micro Devices, Inc.) Hidden
CCC Help Thai (x32 Version: 2012.1116.1514.27190 - Advanced Micro Devices, Inc.) Hidden
CCC Help Turkish (x32 Version: 2012.1116.1514.27190 - Advanced Micro Devices, Inc.) Hidden
ccc-utility64 (Version: 2012.1116.1515.27190 - Advanced Micro Devices, Inc.) Hidden
CCleaner (Version: 4.08 - Piriform)
doPDF 7.3 printer (Version: - Softland)
Elevated Installer (x32 Version: 2.2.17 - Garmin Ltd or its subsidiaries) Hidden
G Data InternetSecurity 2014 (x32 Version: 24.0.3.4 - G Data Software AG)
G Data LNK-Checker (x32 Version: 1.00.2000 - G Data Software AG)
GameShadow V3.1 (x32 Version: 3.00.000 - GameShadow Ltd)
Garmin Express (x32 Version: 2.2.17 - Garmin Ltd or its subsidiaries) Hidden
Garmin Express Tray (x32 Version: 2.2.17 - Garmin Ltd or its subsidiaries) Hidden
Garmin Update Service (x32 Version: 2.2.17 - Garmin Ltd or its subsidiaries) Hidden
Garmin USB Drivers (x32 Version: 2.3.1.0 - Garmin Ltd or its subsidiaries)
Garmin WebUpdater (x32 Version: 2.5.6 - Garmin Ltd or its subsidiaries)
Gigaset QuickSync (Version: 8.3.0868.3 - Gigaset Communications GmbH)
Java 7 Update 45 (64-bit) (Version: 7.0.450 - Oracle)
Java 7 Update 45 (x32 Version: 7.0.450 - Oracle)
Java Auto Updater (x32 Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden
LuPO 1.0.2.45 (x32 Version: - Ministerium für Schule, Wissenschaft und Forschung NRW)
Malwarebytes Anti-Malware Version 1.75.0.1300 (x32 Version: 1.75.0.1300 - Malwarebytes Corporation)
McAfee Security Scan Plus (Version: 3.8.130.10 - McAfee, Inc.)
MergeModule_x64 (Version: 8.0.00 - Sony Corporation) Hidden
Microsoft Office 2007 Service Pack 3 (SP3) (x32 Version: - Microsoft) Hidden
Microsoft Office Excel MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office File Validation Add-In (x32 Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Home and Student 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Home and Student 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Live Add-in 1.5 (x32 Version: 2.0.4024.1 - Microsoft Corporation)
Microsoft Office Office 64-bit Components 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Italian) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (German) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) (x32 Version: - Microsoft) Hidden
Microsoft Office Shared 64-bit MUI (German) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Silverlight (Version: 5.1.20913.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (x32 Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (x32 Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319 (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 (x32 Version: 10.0.30319 - Microsoft Corporation)
Mozilla Firefox 26.0 (x86 de) (x32 Version: 26.0 - Mozilla)
Mozilla Maintenance Service (x32 Version: 26.0 - Mozilla)
Mozilla Thunderbird 24.0 (x86 de) (x32 Version: 24.0 - Mozilla)
MyFreeCodec (HKCU Version: - )
OF Dragon Rising (x32 Version: 1.02.0000 - Codemasters)
PDF24 Creator 5.1.0 (x32 Version: - PDF24.org)
PlayMemories Home (x32 Version: 8.0.02.10010 - Sony Corporation)
Runes of Magic (x32 Version: 5.0.0.2535 - Frogster Online Gaming GmbH)
Samsung Kies (x32 Version: 2.6.0.13064_2 - Samsung Electronics Co., Ltd.)
Samsung Kies (x32 Version: 2.6.0.13064_2 - Samsung Electronics Co., Ltd.) Hidden
SAMSUNG USB Driver for Mobile Phones (Version: 1.5.27.0 - SAMSUNG Electronics Co., Ltd.)
ScanWizard 5 (x32 Version: - )
Silent Hunter 4 Wolves of the Pacific (x32 Version: 1.05.0000 - Ubisoft)
SOHLib for PlayMemories Home (Version: 1.0.0.09130 - Sony Corporation) Hidden
Spybot - Search & Destroy (x32 Version: 2.1.20 - Safer-Networking Ltd.)
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
System Requirements Lab CYRI (x32 Version: 6.0.7.0 - Husdawg, LLC)
Update for 2007 Microsoft Office System (KB967642) (x32 Version: - Microsoft)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition (x32 Version: - Microsoft)
Update for Microsoft Office 2007 suites (KB2687493) 32-Bit Edition (x32 Version: - Microsoft)
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (x32 Version: - Microsoft)
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition (x32 Version: - Microsoft)
Update für Microsoft Office Excel 2007 Help (KB963678) (x32 Version: - Microsoft)
Update für Microsoft Office Powerpoint 2007 Help (KB963669) (x32 Version: - Microsoft)
Update für Microsoft Office Word 2007 Help (KB963665) (x32 Version: - Microsoft)
VLC media player 2.1.1 (Version: 2.1.1 - VideoLAN)
Windows Driver Package - Garmin (grmnusb) GARMIN Devices (04/19/2012 2.3.1.0) (Version: 04/19/2012 2.3.1.0 - Garmin)
WinRAR 4.20 (64-Bit) (Version: 4.20.0 - win.rar GmbH)
==================== Restore Points =========================
30-12-2013 11:46:14 Geplanter Prüfpunkt
08-01-2014 18:16:42 Geplanter Prüfpunkt
17-01-2014 19:57:04 Windows Update
==================== Hosts content: ==========================
2013-08-22 14:25 - 2013-08-22 14:25 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts
==================== Scheduled Tasks (whitelisted) =============
Task: {05293577-D647-4185-B859-C94839A0B2E3} - System32\Tasks\Microsoft\Windows\SettingSync\NetworkStateChangeTask
Task: {0B545118-B563-42FC-8D07-B78F602FCF34} - System32\Tasks\Microsoft\Windows\WS\WSRefreshBannedAppsListTask => Rundll32.exe WSClient.dll,RefreshBannedAppsList
Task: {2085BF56-520D-4951-B7C0-DF34AF90CC6A} - System32\Tasks\Microsoft\Windows\Sysmain\WsSwapAssessmentTask => Rundll32.exe sysmain.dll,PfSvWsSwapAssessmentTask
Task: {2C9C0C6C-2A74-46F2-858A-4389D253EAD0} - System32\Tasks\Microsoft\Windows\Sysmain\HybridDriveCachePrepopulate
Task: {352E6CA0-7314-4DF4-89C4-682368D80D57} - System32\Tasks\Microsoft\Windows\Workplace Join\Automatic-Workplace-Join => C:\Windows\System32\AutoWorkplace.exe [2013-08-22] (Microsoft Corporation)
Task: {3B6D8A73-F20B-4C93-B8FB-56A154F172D2} - System32\Tasks\Microsoft\Windows\Time Zone\SynchronizeTimeZone => C:\Windows\system32\tzsync.exe [2013-08-22] (Microsoft Corporation)
Task: {49754026-21E1-41FC-94FD-727AFE414FE7} - System32\Tasks\Microsoft\Windows\Sysmain\HybridDriveCacheRebalance
Task: {6AA91E8C-DDBD-4979-8464-4062F7681A19} - System32\Tasks\Microsoft\Windows\Plug and Play\Plug and Play Cleanup
Task: {6DFCB649-0769-4F83-BB10-F60F235F6D3D} - System32\Tasks\Microsoft\Windows\SkyDrive\Idle Sync Maintenance Task
Task: {6EBF37A1-8408-4B9A-9619-8266B0EB8740} - System32\Tasks\Sony Corporation\Sony Home Network Library\SOHLib SOHDms => C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDms.exe [2013-09-12] (Sony Corporation)
Task: {6F08B2D0-4498-4422-BA52-54927DF6F4AC} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2014-01-17] (Microsoft Corporation)
Task: {7023BE58-61AC-48A7-92F7-64DA2A85F701} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDImmunize.exe
Task: {73B1B253-CE67-4501-AE1A-377DD1D68B65} - System32\Tasks\Microsoft\Windows\Application Experience\StartupAppTask => Rundll32.exe Startupscan.dll,SusRunTask
Task: {77F1D869-6E65-4079-A2A0-E2023408EF97} - System32\Tasks\Microsoft\Windows\ApplicationData\CleanupTemporaryState => Rundll32.exe Windows.Storage.ApplicationData.dll,CleanupTemporaryState
Task: {872D0E53-FD2E-41E3-B431-698AF82882CE} - System32\Tasks\Microsoft\Windows\SkyDrive\Routine Maintenance Task
Task: {8A234211-D169-42D0-B00F-06343CBBEC43} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe
Task: {8CC813C9-712A-41EF-9512-B233444FC669} - System32\Tasks\Microsoft\Windows\AppxDeploymentClient\Pre-staged app cleanup => Rundll32.exe %windir%\system32\AppxDeploymentClient.dll,AppxPreStageCleanupRunTask
Task: {90571AC3-2C50-495C-B1A6-FBE5A7A68BE6} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDScan.exe
Task: {9FF4C139-5234-410C-B7FA-23EE2FD2AB53} - System32\Tasks\Microsoft\Windows\Work Folders\Work Folders Maintenance Work
Task: {A01471B7-7E50-4B94-A81A-8BDC46B01FF2} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2013-11-22] (Piriform Ltd)
Task: {CFD7C21A-808B-487B-A6EC-8A10E44E8360} - System32\Tasks\Microsoft\Windows\SettingSync\BackupTask
Task: {D88FEC9E-A82A-46F9-87E2-B6B97B301C1A} - System32\Tasks\Microsoft\Windows\WS\License Validation => Rundll32.exe WSClient.dll,WSpTLR licensing
Task: {DA46820F-FF8A-4B5E-A6B2-B12185DCFFFB} - System32\Tasks\Microsoft\Windows\Work Folders\Work Folders Logon Synchronization
Task: {E6D378FA-E068-4BCB-80DE-56D43A249507} - System32\Tasks\Microsoft\Windows\RecoveryEnvironment\VerifyWinRE
Task: {F0E76AAD-D252-4FF0-9085-66709D9FF053} - System32\Tasks\Adobe Flash Player Updater => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-12-30] (Adobe Systems Incorporated)
Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
==================== Loaded Modules (whitelisted) =============
2013-06-25 21:43 - 2013-05-16 09:55 - 00113496 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlThirdParty150.bpl
2013-06-25 21:43 - 2013-05-16 09:55 - 00161112 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlFileFormats150.bpl
2013-06-25 21:43 - 2013-05-16 09:55 - 00416600 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\DEC150.bpl
2013-06-25 21:43 - 2012-08-23 09:38 - 00574840 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\sqlite3.dll
2013-06-25 21:43 - 2012-04-03 16:06 - 00565640 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\av\BDSmartDB.dll
==================== Alternate Data Streams (whitelisted) =========
==================== Safe Mode (whitelisted) ===================
==================== Faulty Device Manager Devices =============
Name: Microsoft PS/2-Maus
Description: Microsoft PS/2-Maus
Class Guid: {4d36e96f-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: i8042prt
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.
Name: Standardtastatur (PS/2)
Description: Standardtastatur (PS/2)
Class Guid: {4d36e96b-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standardtastaturen)
Service: i8042prt
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.
==================== Event log errors: =========================
Could not start eventlog service, could not read events.
Der angeforderte Dienst wurde bereits gestartet.
Sie erhalten weitere Hilfe, wenn Sie NET HELPMSG 2182 eingeben.
==================== Memory info ===========================
Percentage of memory in use: 26%
Total physical RAM: 6135.17 MB
Available physical RAM: 4492.5 MB
Total Pagefile: 7159.17 MB
Available Pagefile: 5043.89 MB
Total Virtual: 131072 MB
Available Virtual: 131071.76 MB
==================== Drives ================================
Drive c: (ACER) (Fixed) (Total:457.96 GB) (Free:312.66 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: (DATA) (Fixed) (Total:457.93 GB) (Free:396.28 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (Size: 932 GB) (Disk ID: 95D70C99)
Partition 1: (Not Active) - (Size=16 GB) - (Type=27)
Partition 2: (Active) - (Size=458 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=458 GB) - (Type=07 NTFS)
==================== End Of Log ============================
MBAM LOG Malwarebytes Anti-Malware (Test) 1.75.0.1300 www.malwarebytes.org Datenbank Version: v2014.01.19.04 Windows 8 x64 NTFS Internet Explorer 11.0.9600.16476 Fro :: FRO-PC [Administrator] Schutz: Aktiviert 19.01.2014 18:19:49 mbam-log-2014-01-19 (18-19-49).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|) Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 40341 Laufzeit: 15 Minute(n), 29 Sekunde(n) [Abgebrochen] Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 0 (Keine bösartigen Objekte gefunden) (Ende) OTL LOGOTL Logfile: Code:
ATTFilter OTL logfile created on: 20.01.2014 13:29:06 - Run 4 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Fro\Desktop 64bit- Professional (Version = 6.2.9200) - Type = NTWorkstation Internet Explorer (Version = 9.11.9600.16476) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 5,99 Gb Total Physical Memory | 4,48 Gb Available Physical Memory | 74,78% Memory free 6,99 Gb Paging File | 5,02 Gb Available in Paging File | 71,82% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files (x86) Drive C: | 457,96 Gb Total Space | 312,72 Gb Free Space | 68,29% Space Free | Partition Type: NTFS Drive D: | 457,93 Gb Total Space | 396,28 Gb Free Space | 86,54% Space Free | Partition Type: NTFS Computer Name: FRO-PC | User Name: Fro | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\Fro\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) PRC - C:\Program Files (x86)\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe (Sony Corporation) PRC - C:\Program Files (x86)\Sony\PlayMemories Home\PMBVolumeWatcher.exe (Sony Corporation) PRC - C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDms.exe (Sony Corporation) PRC - C:\Program Files (x86)\Common Files\G Data\AVKProxy\AVKProxy.exe (G Data Software AG) PRC - C:\Program Files (x86)\Common Files\G Data\GDScan\GDScan.exe (G Data Software AG) PRC - C:\Program Files (x86)\G Data\InternetSecurity\AVKTray\AVKTray.exe (G Data Software AG) PRC - C:\Program Files (x86)\G Data\InternetSecurity\AVK\AVKService.exe (G Data Software AG) PRC - C:\Program Files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe (Garmin Ltd or its subsidiaries) PRC - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe (Safer-Networking Ltd.) PRC - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe (Safer-Networking Ltd.) PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation) PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation) PRC - C:\Program Files (x86)\G Data\InternetSecurity\Firewall\GDFirewallTray.exe (G Data Software AG) ========== Modules (No Company Name) ========== ========== Services (SafeList) ========== SRV:64bit: - (WSService) -- C:\Windows\SysNative\WSService.dll (Microsoft Corporation) SRV:64bit: - (workfolderssvc) -- C:\Windows\SysNative\workfolderssvc.dll (Microsoft Corporation) SRV:64bit: - (IEEtwCollectorService) -- C:\WINDOWS\SysNative\IEEtwCollector.exe (Microsoft Corporation) SRV:64bit: - (AppReadiness) -- C:\Windows\SysNative\AppReadiness.dll (Microsoft Corporation) SRV:64bit: - (AppXSvc) -- C:\Windows\SysNative\AppXDeploymentServer.dll (Microsoft Corporation) SRV:64bit: - (Wcmsvc) -- C:\Windows\SysNative\wcmsvc.dll (Microsoft Corporation) SRV:64bit: - (wlidsvc) -- C:\Windows\SysNative\wlidsvc.dll (Microsoft Corporation) SRV:64bit: - (lfsvc) -- C:\Windows\SysNative\GeofenceMonitorService.dll (Microsoft Corporation) SRV:64bit: - (BrokerInfrastructure) -- C:\Windows\SysNative\bisrv.dll (Microsoft Corporation) SRV:64bit: - (AppMgmt) -- C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation) SRV:64bit: - (MsKeyboardFilter) -- C:\Windows\SysNative\KeyboardFilterSvc.dll (Microsoft Corporation) SRV:64bit: - (PrintNotify) -- C:\Windows\SysNative\spool\drivers\x64\3\PrintConfig.dll (Microsoft Corporation) SRV:64bit: - (WEPHOSTSVC) -- C:\Windows\SysNative\wephostsvc.dll (Microsoft Corporation) SRV:64bit: - (EFS) -- C:\Windows\SysNative\efssvc.dll (Microsoft Corporation) SRV:64bit: - (WiaRpc) -- C:\Windows\SysNative\wiarpc.dll (Microsoft Corporation) SRV:64bit: - (svsvc) -- C:\Windows\SysNative\svsvc.dll (Microsoft Corporation) SRV:64bit: - (fhsvc) -- C:\Windows\SysNative\fhsvc.dll (Microsoft Corporation) SRV:64bit: - (NcaSvc) -- C:\Windows\SysNative\NcaSvc.dll (Microsoft Corporation) SRV:64bit: - (vmicvss) -- C:\Windows\SysNative\icsvc.dll (Microsoft Corporation) SRV:64bit: - (vmictimesync) -- C:\Windows\SysNative\icsvc.dll (Microsoft Corporation) SRV:64bit: - (vmicshutdown) -- C:\Windows\SysNative\icsvc.dll (Microsoft Corporation) SRV:64bit: - (vmicrdv) -- C:\Windows\SysNative\icsvc.dll (Microsoft Corporation) SRV:64bit: - (vmickvpexchange) -- C:\Windows\SysNative\icsvc.dll (Microsoft Corporation) SRV:64bit: - (vmicheartbeat) -- C:\Windows\SysNative\icsvc.dll (Microsoft Corporation) SRV:64bit: - (vmicguestinterface) -- C:\Windows\SysNative\icsvc.dll (Microsoft Corporation) SRV:64bit: - (LSM) -- C:\Windows\SysNative\lsm.dll (Microsoft Corporation) SRV:64bit: - (smphost) -- C:\Windows\SysNative\smphost.dll (Microsoft Corporation) SRV:64bit: - (Netlogon) -- C:\Windows\SysNative\netlogon.dll (Microsoft Corporation) SRV:64bit: - (SystemEventsBroker) -- C:\Windows\SysNative\SystemEventsBrokerServer.dll (Microsoft Corporation) SRV:64bit: - (ScDeviceEnum) -- C:\Windows\SysNative\ScDeviceEnum.dll (Microsoft Corporation) SRV:64bit: - (KeyIso) -- C:\Windows\SysNative\keyiso.dll (Microsoft Corporation) SRV:64bit: - (TimeBroker) -- C:\Windows\SysNative\TimeBrokerServer.dll (Microsoft Corporation) SRV:64bit: - (netprofm) -- C:\Windows\SysNative\netprofmsvc.dll (Microsoft Corporation) SRV:64bit: - (NcbService) -- C:\Windows\SysNative\ncbservice.dll (Microsoft Corporation) SRV:64bit: - (VaultSvc) -- C:\Windows\SysNative\vaultsvc.dll (Microsoft Corporation) SRV:64bit: - (DeviceAssociationService) -- C:\Windows\SysNative\das.dll (Microsoft Corporation) SRV:64bit: - (AudioEndpointBuilder) -- C:\Windows\SysNative\AudioEndpointBuilder.dll (Microsoft Corporation) SRV:64bit: - (DsmSvc) -- C:\Windows\SysNative\DeviceSetupManager.dll (Microsoft Corporation) SRV:64bit: - (NcdAutoSetup) -- C:\Windows\SysNative\NcdAutoSetup.dll (Microsoft Corporation) SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated) SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation) SRV - (GDFwSvc) -- C:\Program Files (x86)\G Data\InternetSecurity\Firewall\GDFwSvcx64.exe (G Data Software AG) SRV - (AVKWCtl) -- C:\Program Files (x86)\G Data\InternetSecurity\AVK\AVKWCtlX64.exe (G Data Software AG) SRV - (PMBDeviceInfoProvider) -- C:\Program Files (x86)\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe (Sony Corporation) SRV - (lfsvc) -- C:\Windows\SysWOW64\GeofenceMonitorService.dll (Microsoft Corporation) SRV - (SOHDms) -- C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDms.exe (Sony Corporation) SRV - (SOHDs) -- C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe (Sony Corporation) SRV - (McComponentHostService) -- C:\Programme\McAfee Security Scan\3.8.130\McCHSvc.exe (McAfee, Inc.) SRV - (AVKProxy) -- C:\Program Files (x86)\Common Files\G Data\AVKProxy\AVKProxy.exe (G Data Software AG) SRV - (PrintNotify) -- C:\Windows\system32\spool\drivers\x64\3\PrintConfig.dll (Microsoft Corporation) SRV - (GDScan) -- C:\Program Files (x86)\Common Files\G Data\GDScan\GDScan.exe (G Data Software AG) SRV - (StorSvc) -- C:\Windows\SysWOW64\StorSvc.dll (Microsoft Corporation) SRV - (smphost) -- C:\Windows\SysWOW64\smphost.dll (Microsoft Corporation) SRV - (AVKService) -- C:\Program Files (x86)\G Data\InternetSecurity\AVK\AVKService.exe (G Data Software AG) SRV - (Garmin Core Update Service) -- C:\Program Files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe (Garmin Ltd or its subsidiaries) SRV - (BingDesktopUpdate) -- C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktopUpdater.exe (Microsoft Corp.) SRV - (MBAMService) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation) SRV - (MBAMScheduler) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation) SRV - (SpfService) -- C:\Programme\Common Files\Sony Shared\VAIO Entertainment Platform\SPF\SpfService64.exe (Sony Corporation) ========== Driver Services (SafeList) ========== DRV:64bit: - (stornvme) -- C:\Windows\SysNative\drivers\stornvme.sys (Microsoft Corporation) DRV:64bit: - (WFPLWFS) -- C:\Windows\SysNative\drivers\wfplwfs.sys (Microsoft Corporation) DRV:64bit: - (intelpep) -- C:\Windows\SysNative\drivers\intelpep.sys (Microsoft Corporation) DRV:64bit: - (USBXHCI) -- C:\Windows\SysNative\drivers\USBXHCI.SYS (Microsoft Corporation) DRV:64bit: - (pdc) -- C:\Windows\SysNative\drivers\pdc.sys (Microsoft Corporation) DRV:64bit: - (spaceport) -- C:\Windows\SysNative\drivers\spaceport.sys (Microsoft Corporation) DRV:64bit: - (SerCx2) -- C:\Windows\SysNative\drivers\SerCx2.sys (Microsoft Corporation) DRV:64bit: - (gdwfpcd) -- C:\Windows\SysNative\drivers\gdwfpcd64.sys (G Data Software AG) DRV:64bit: - (GRD) -- C:\Windows\SysNative\drivers\GRD.sys (G Data Software) DRV:64bit: - (GDPkIcpt) -- C:\Windows\SysNative\drivers\PktIcpt.sys (G Data Software AG) DRV:64bit: - (GDMnIcpt) -- C:\Windows\SysNative\drivers\MiniIcpt.sys (G Data Software AG) DRV:64bit: - (HookCentre) -- C:\Windows\SysNative\drivers\HookCentre.sys (G Data Software AG) DRV:64bit: - (GDBehave) -- C:\Windows\SysNative\drivers\GDBehave.sys (G Data Software AG) DRV:64bit: - (USBHUB3) -- C:\Windows\SysNative\drivers\USBHUB3.SYS (Microsoft Corporation) DRV:64bit: - (sdbus) -- C:\Windows\SysNative\drivers\sdbus.sys (Microsoft Corporation) DRV:64bit: - (VerifierExt) -- C:\Windows\SysNative\drivers\VerifierExt.sys (Microsoft Corporation) DRV:64bit: - (kbldfltr) -- C:\Windows\SysNative\drivers\kbldfltr.sys (Microsoft Corporation) DRV:64bit: - (RdpVideoMiniport) -- C:\Windows\SysNative\drivers\rdpvideominiport.sys (Microsoft Corporation) DRV:64bit: - (terminpt) -- C:\Windows\SysNative\drivers\terminpt.sys (Microsoft Corporation) DRV:64bit: - (Vid) -- C:\Windows\SysNative\drivers\Vid.sys (Microsoft Corporation) DRV:64bit: - (vmbusr) -- C:\Windows\SysNative\drivers\vmbusr.sys (Microsoft Corporation) DRV:64bit: - (storvsp) -- C:\Windows\SysNative\drivers\storvsp.sys (Microsoft Corporation) DRV:64bit: - (vpcivsp) -- C:\Windows\SysNative\drivers\vpcivsp.sys (Microsoft Corporation) DRV:64bit: - (condrv) -- C:\Windows\SysNative\drivers\condrv.sys (Microsoft Corporation) DRV:64bit: - (Fs_Rec) -- C:\WINDOWS\SysNative\drivers\fs_rec.sys (Microsoft Corporation) DRV:64bit: - (dam) -- C:\Windows\SysNative\drivers\dam.sys (Microsoft Corporation) DRV:64bit: - (acpiex) -- C:\Windows\SysNative\drivers\acpiex.sys (Microsoft Corporation) DRV:64bit: - (TPM) -- C:\Windows\SysNative\drivers\tpm.sys (Microsoft Corporation) DRV:64bit: - (mvumis) -- C:\Windows\SysNative\drivers\mvumis.sys (Marvell Semiconductor, Inc.) DRV:64bit: - (GPIOClx0101) -- C:\Windows\SysNative\drivers\msgpioclx.sys (Microsoft Corporation) DRV:64bit: - (msgpiowin32) -- C:\Windows\SysNative\drivers\msgpiowin32.sys (Microsoft Corporation) DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation) DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation) DRV:64bit: - (LSI_SSS) -- C:\Windows\SysNative\drivers\lsi_sss.sys (LSI Corporation) DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company) DRV:64bit: - (LSI_SAS3) -- C:\Windows\SysNative\drivers\lsi_sas3.sys (LSI Corporation) DRV:64bit: - (ADP80XX) -- C:\Windows\SysNative\drivers\adp80xx.sys (PMC-Sierra) DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation) DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.) DRV:64bit: - (3ware) -- C:\Windows\SysNative\drivers\3ware.sys (LSI) DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices) DRV:64bit: - (EhStorTcgDrv) -- C:\Windows\SysNative\drivers\EhStorTcgDrv.sys (Microsoft Corporation) DRV:64bit: - (EhStorClass) -- C:\Windows\SysNative\drivers\EhStorClass.sys (Microsoft Corporation) DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices) DRV:64bit: - (VSTXRAID) -- C:\Windows\SysNative\drivers\VSTXRAID.SYS (VIA Corporation) DRV:64bit: - (UCX01000) -- C:\Windows\SysNative\drivers\UCX01000.SYS (Microsoft Corporation) DRV:64bit: - (UASPStor) -- C:\Windows\SysNative\drivers\uaspstor.sys (Microsoft Corporation) DRV:64bit: - (sdstor) -- C:\Windows\SysNative\drivers\sdstor.sys (Microsoft Corporation) DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology, Inc.) DRV:64bit: - (storahci) -- C:\Windows\SysNative\drivers\storahci.sys (Microsoft Corporation) DRV:64bit: - (SpbCx) -- C:\Windows\SysNative\drivers\SpbCx.sys (Microsoft Corporation) DRV:64bit: - (SerCx) -- C:\Windows\SysNative\drivers\SerCx.sys (Microsoft Corporation) DRV:64bit: - (wpcfltr) -- C:\Windows\SysNative\drivers\wpcfltr.sys (Microsoft Corporation) DRV:64bit: - (CLFS) -- C:\Windows\SysNative\drivers\clfs.sys (Microsoft Corporation) DRV:64bit: - (ReFS) -- C:\WINDOWS\SysNative\drivers\refs.sys (Microsoft Corporation) DRV:64bit: - (UEFI) -- C:\Windows\SysNative\drivers\uefi.sys (Microsoft Corporation) DRV:64bit: - (vpci) -- C:\Windows\SysNative\drivers\vpci.sys (Microsoft Corporation) DRV:64bit: - (WpdUpFltr) -- C:\Windows\SysNative\drivers\WpdUpFltr.sys (Microsoft Corporation) DRV:64bit: - (WdFilter) -- C:\Windows\SysNative\drivers\WdFilter.sys (Microsoft Corporation) DRV:64bit: - (WdNisDrv) -- C:\Windows\SysNative\drivers\WdNisDrv.sys (Microsoft Corporation) DRV:64bit: - (WdBoot) -- C:\Windows\SysNative\drivers\WdBoot.sys (Microsoft Corporation) DRV:64bit: - (ahcache) -- C:\Windows\SysNative\drivers\ahcache.sys (Microsoft Corporation) DRV:64bit: - (BasicDisplay) -- C:\Windows\SysNative\drivers\BasicDisplay.sys (Microsoft Corporation) DRV:64bit: - (BasicRender) -- C:\Windows\SysNative\drivers\BasicRender.sys (Microsoft Corporation) DRV:64bit: - (HyperVideo) -- C:\Windows\SysNative\drivers\HyperVideo.sys (Microsoft Corporation) DRV:64bit: - (mshidumdf) -- C:\Windows\SysNative\drivers\mshidumdf.sys (Microsoft Corporation) DRV:64bit: - (acpitime) -- C:\Windows\SysNative\drivers\acpitime.sys (Microsoft Corporation) DRV:64bit: - (acpipagr) -- C:\Windows\SysNative\drivers\acpipagr.sys (Microsoft Corporation) DRV:64bit: - (BthAvrcpTg) -- C:\Windows\SysNative\drivers\BthAvrcpTg.sys (Microsoft Corporation) DRV:64bit: - (kdnic) -- C:\Windows\SysNative\drivers\kdnic.sys (Microsoft Corporation) DRV:64bit: - (gencounter) -- C:\Windows\SysNative\drivers\vmgencounter.sys (Microsoft Corporation) DRV:64bit: - (npsvctrig) -- C:\Windows\SysNative\drivers\npsvctrig.sys (Microsoft Corporation) DRV:64bit: - (bthhfhid) -- C:\Windows\SysNative\drivers\BthhfHid.sys (Microsoft Corporation) DRV:64bit: - (hyperkbd) -- C:\Windows\SysNative\drivers\hyperkbd.sys (Microsoft Corporation) DRV:64bit: - (TsUsbGD) -- C:\Windows\SysNative\drivers\TsUsbGD.sys (Microsoft Corporation) DRV:64bit: - (BthHFEnum) -- C:\Windows\SysNative\drivers\bthhfenum.sys (Microsoft Corporation) DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation) DRV:64bit: - (hidi2c) -- C:\Windows\SysNative\drivers\hidi2c.sys (Microsoft Corporation) DRV:64bit: - (dmvsc) -- C:\Windows\SysNative\drivers\dmvsc.sys (Microsoft Corporation) DRV:64bit: - (netvsc) -- C:\Windows\SysNative\drivers\netvsc63.sys (Microsoft Corporation) DRV:64bit: - (NdisVirtualBus) -- C:\Windows\SysNative\drivers\NdisVirtualBus.sys (Microsoft Corporation) DRV:64bit: - (NdisImPlatform) -- C:\Windows\SysNative\drivers\NdisImPlatform.sys (Microsoft Corporation) DRV:64bit: - (MsLldp) -- C:\Windows\SysNative\drivers\mslldp.sys (Microsoft Corporation) DRV:64bit: - (Ndu) -- C:\Windows\SysNative\drivers\Ndu.sys (Microsoft Corporation) DRV:64bit: - (FxPPM) -- C:\Windows\SysNative\drivers\fxppm.sys (Microsoft Corporation) DRV:64bit: - (bcmfn2) -- C:\Windows\SysNative\drivers\bcmfn2.sys (Windows (R) Win 7 DDK provider) DRV:64bit: - (iaStorAV) -- C:\Windows\SysNative\drivers\iaStorAV.sys (Intel Corporation) DRV:64bit: - (iaLPSSi_GPIO) -- C:\Windows\SysNative\drivers\iaLPSSi_GPIO.sys (Intel Corporation) DRV:64bit: - (iaLPSSi_I2C) -- C:\Windows\SysNative\drivers\iaLPSSi_I2C.sys (Intel Corporation) DRV:64bit: - (e1yexpress) -- C:\Windows\SysNative\drivers\e1y60x64.sys (Intel Corporation) DRV:64bit: - (MBAMProtector) -- C:\Windows\SysNative\drivers\mbam.sys (Malwarebytes Corporation) DRV:64bit: - (atksgt) -- C:\Windows\SysNative\drivers\atksgt.sys () DRV:64bit: - (lirsgt) -- C:\Windows\SysNative\drivers\lirsgt.sys () DRV:64bit: - (amdkmdap) -- C:\Windows\SysNative\drivers\atikmpag.sys (Advanced Micro Devices, Inc.) DRV:64bit: - (amdkmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (Advanced Micro Devices, Inc.) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-3397308370-982815396-3338616787-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://web.de/ IE - HKU\S-1-5-21-3397308370-982815396-3338616787-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://t.de.msn.com/ IE - HKU\S-1-5-21-3397308370-982815396-3338616787-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE,de;q=0.8,en-US;q=0.7,en;q=0.5,fr-FR;q=0.3,fr;q=0.2 IE - HKU\S-1-5-21-3397308370-982815396-3338616787-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = FD 72 74 63 AD D1 CD 01 [binary data] IE - HKU\S-1-5-21-3397308370-982815396-3338616787-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKU\S-1-5-21-3397308370-982815396-3338616787-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE11SR IE - HKU\S-1-5-21-3397308370-982815396-3338616787-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "hxxp://go.web.de/tb/mff_startpage_homepage" FF - prefs.js..extensions.enabledAddons: %7Ba0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7%7D:20131118 FF - prefs.js..extensions.enabledAddons: %7BE6C1199F-E687-42da-8C24-E7770CC3AE66%7D:2.0.3 FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:26.0 FF - user.js - File not found FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF64_11_9_900_170.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.45.2: C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.45.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.1.1: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN) FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_170.dll () FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\SysWOW64\Adobe\Director\np32dsw_1168638.dll (Adobe Systems, Inc.) FF - HKLM\Software\MozillaPlugins\@canon.com/EPPEX: C:\Program Files (x86)\Canon\My Image Garden\AddOn\CIG\npmigfpi.dll (CANON INC.) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.45.2: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.45.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@mcafee.com/McAfeeMssPlugin: C:\Program Files\McAfee Security Scan\3.8.130\npMcAfeeMss.dll (McAfee, Inc.) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\amazon.com/AmazonMP3DownloaderPlugin: C:\Program Files (x86)\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin10174.dll (Amazon.com, Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 26.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 26.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 24.0\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 24.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 26.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 26.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.12.04 00:10:30 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Fro\AppData\Roaming\mozilla\Extensions [2014.01.17 23:16:09 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Fro\AppData\Roaming\mozilla\Firefox\Profiles\i8ktil6a.default\extensions [2013.11.19 17:30:20 | 000,000,000 | ---D | M] (Garmin Communicator) -- C:\Users\Fro\AppData\Roaming\mozilla\Firefox\Profiles\i8ktil6a.default\extensions\{195A3098-0BD5-4e90-AE22-BA1C540AFD1E} [2013.11.29 13:46:05 | 000,000,000 | ---D | M] (WOT) -- C:\Users\Fro\AppData\Roaming\mozilla\Firefox\Profiles\i8ktil6a.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} [2013.06.24 19:29:09 | 000,000,000 | ---D | M] (Bitdefender QuickScan) -- C:\Users\Fro\AppData\Roaming\mozilla\Firefox\Profiles\i8ktil6a.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360} [2014.01.17 23:16:09 | 000,666,876 | ---- | M] () (No name found) -- C:\Users\Fro\AppData\Roaming\mozilla\firefox\profiles\i8ktil6a.default\extensions\toolbar@web.de.xpi [2014.01.16 15:52:54 | 000,940,775 | ---- | M] () (No name found) -- C:\Users\Fro\AppData\Roaming\mozilla\firefox\profiles\i8ktil6a.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2013.11.09 22:24:59 | 000,024,565 | ---- | M] () (No name found) -- C:\Users\Fro\AppData\Roaming\mozilla\firefox\profiles\i8ktil6a.default\extensions\{E6C1199F-E687-42da-8C24-E7770CC3AE66}.xpi [2013.09.04 10:53:59 | 000,001,050 | ---- | M] () -- C:\Users\Fro\AppData\Roaming\mozilla\firefox\profiles\i8ktil6a.default\searchplugins\11-suche.xml [2013.09.04 10:53:59 | 000,002,418 | ---- | M] () -- C:\Users\Fro\AppData\Roaming\mozilla\firefox\profiles\i8ktil6a.default\searchplugins\englische-ergebnisse.xml [2013.09.04 10:53:59 | 000,010,701 | ---- | M] () -- C:\Users\Fro\AppData\Roaming\mozilla\firefox\profiles\i8ktil6a.default\searchplugins\gmx-suche.xml [2013.09.04 10:53:59 | 000,002,432 | ---- | M] () -- C:\Users\Fro\AppData\Roaming\mozilla\firefox\profiles\i8ktil6a.default\searchplugins\lastminute.xml [2013.09.04 10:53:59 | 000,005,682 | ---- | M] () -- C:\Users\Fro\AppData\Roaming\mozilla\firefox\profiles\i8ktil6a.default\searchplugins\webde-suche.xml [2013.12.13 19:41:49 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\browser\extensions [2013.12.13 19:41:54 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\mozilla firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} O1 HOSTS File: ([2013.08.22 14:25:41 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2:64bit: - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation) O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O2 - BHO: (MSS+ Identifier) - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Programme\McAfee Security Scan\3.8.130\McAfeeMSS_IE.dll (McAfee, Inc.) O2 - BHO: (Canon Easy-WebPrint EX BHO) - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O3 - HKLM\..\Toolbar: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.) O3 - HKU\S-1-5-21-3397308370-982815396-3338616787-1000\..\Toolbar\WebBrowser: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.) O4:64bit: - HKLM..\Run: [CanonSolutionMenu] C:\Program Files (x86)\Canon\SolutionMenu\CNSLMAIN.exe (CANON INC.) O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [AMD AVT] C:\WINDOWS\SysWow64\cmd.exe (Microsoft Corporation) O4 - HKLM..\Run: [BingDesktop] C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktop.exe (Microsoft Corp.) O4 - HKLM..\Run: [G Data AntiVirus Tray] C:\Program Files (x86)\G Data\InternetSecurity\AVKTray\AVKTray.exe (G Data Software AG) O4 - HKLM..\Run: [GDFirewallTray] C:\Program Files (x86)\G Data\InternetSecurity\Firewall\GDFirewallTray.exe (G Data Software AG) O4 - HKLM..\Run: [KiesTrayAgent] C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe (Samsung Electronics Co., Ltd.) O4 - HKLM..\Run: [PDFPrint] C:\Program Files (x86)\PDF24\pdf24.exe (Geek Software GmbH) O4 - HKLM..\Run: [PMBVolumeWatcher] C:\Program Files (x86)\Sony\PlayMemories Home\PMBVolumeWatcher.exe (Sony Corporation) O4 - HKLM..\Run: [SDTray] C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe (Safer-Networking Ltd.) O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKU\S-1-5-21-3397308370-982815396-3338616787-1000..\Run: [] C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe (Samsung) O4 - HKU\S-1-5-21-3397308370-982815396-3338616787-1000..\Run: [GameShadow] C:\Program Files (x86)\GameShadow\GameShadow.exe (GameShadow Ltd) O4 - HKU\S-1-5-21-3397308370-982815396-3338616787-1000..\Run: [GarminExpressTrayApp] C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe (Garmin Ltd or its subsidiaries) O4 - HKU\S-1-5-21-3397308370-982815396-3338616787-1000..\Run: [KiesPreload] C:\Program Files (x86)\Samsung\Kies\Kies.exe (Samsung) O4 - Startup: C:\Users\Fro\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Registration .LNK = C:\Program Files (x86)\Ubisoft\Silent Hunter 4 Wolves of the Pacific\RegistrationReminder\RegistrationReminder.exe () O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableCursorSuppression = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL (Microsoft Corporation) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O15 - HKU\S-1-5-21-3397308370-982815396-3338616787-1000\..Trusted Domains: fritz.repeater ([]* in Lokales Intranet) O15 - HKU\S-1-5-21-3397308370-982815396-3338616787-1000\..Trusted Ranges: Range1 ([*] in Lokales Intranet) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{322CC489-11C0-48ED-8974-6A21FA92E0C1}: DhcpNameServer = 192.168.178.1 O18:64bit: - Protocol\Handler\ms-help - No CLSID value found O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\WINDOWS\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\WINDOWS\SysWow64\userinit.exe (Microsoft Corporation) O20 - Winlogon\Notify\SDWinLogon: DllName - (SDWinLogon.dll) - File not found O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O30 - LSA: Security Packages - (livessp) - File not found O32 - HKLM CDRom: AutoRun - 1 O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2014.01.20 13:29:21 | 000,000,000 | ---D | C] -- C:\FRST [2014.01.20 13:27:47 | 002,076,672 | ---- | C] (Farbar) -- C:\Users\Fro\Desktop\FRST64(1).exe [2014.01.19 20:10:54 | 000,000,000 | ---D | C] -- C:\Users\Fro\Desktop\Troj Board [2014.01.19 00:39:03 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERUNT [2014.01.19 00:25:29 | 000,000,000 | ---D | C] -- C:\AdwCleaner [2014.01.19 00:21:25 | 000,000,000 | ---D | C] -- C:\Users\Fro\AppData\Roaming\Malwarebytes [2014.01.19 00:21:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2014.01.19 00:21:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2014.01.19 00:21:10 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\SysNative\drivers\mbam.sys [2014.01.19 00:21:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware [2014.01.19 00:16:56 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Fro\Desktop\OTL.exe [2014.01.18 20:19:35 | 000,000,000 | ---D | C] -- C:\Users\Fro\AppData\Local\Overwolf [2014.01.18 20:19:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Runes of Magic [2014.01.15 19:27:22 | 003,395,920 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\WSService.dll [2014.01.15 19:27:22 | 000,848,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\WSShared.dll [2014.01.15 19:27:22 | 000,695,808 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\WSShared.dll [2014.01.15 19:27:22 | 000,249,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\Windows.ApplicationModel.Store.TestingFramework.dll [2014.01.15 19:27:22 | 000,189,952 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\Windows.ApplicationModel.Store.TestingFramework.dll [2014.01.15 19:27:21 | 000,206,336 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\WSClient.dll [2014.01.15 19:27:21 | 000,174,592 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\WSClient.dll [2014.01.15 19:27:21 | 000,084,480 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\WSCollect.exe [2014.01.15 19:27:14 | 000,787,968 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\uDWM.dll [2014.01.09 14:23:31 | 000,000,000 | ---D | C] -- C:\Users\Fro\Desktop\Fußboden Badezimmer [2014.01.09 14:17:59 | 000,000,000 | ---D | C] -- C:\Users\Fro\Desktop\Amazon Artikel [2014.01.09 14:14:55 | 000,000,000 | ---D | C] -- C:\Users\Fro\Desktop\Dänemark 2014 Verträge usw [2013.12.30 13:25:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java [2013.12.30 13:25:05 | 000,264,616 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\SysWow64\javaws.exe [2013.12.30 13:25:04 | 000,175,016 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\SysWow64\javaw.exe [2013.12.30 13:25:04 | 000,174,504 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\SysWow64\java.exe [2013.12.30 13:25:04 | 000,096,168 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\SysWow64\WindowsAccessBridge-32.dll [2013.12.30 13:20:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Oracle [2013.12.30 13:20:12 | 000,312,744 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\SysNative\javaws.exe [2013.12.30 13:20:09 | 000,189,352 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\SysNative\javaw.exe [2013.12.30 13:20:09 | 000,189,352 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\SysNative\java.exe [2013.12.30 13:20:09 | 000,108,968 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\SysNative\WindowsAccessBridge-64.dll [2013.12.30 13:20:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java [2013.12.30 13:20:03 | 000,000,000 | ---D | C] -- C:\Program Files\Java [1 C:\Users\Fro\Desktop\*.tmp files -> C:\Users\Fro\Desktop\*.tmp -> ] [1 C:\*.tmp files -> C:\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2014.01.20 13:27:49 | 002,076,672 | ---- | M] (Farbar) -- C:\Users\Fro\Desktop\FRST64(1).exe [2014.01.20 13:22:58 | 000,067,584 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2014.01.20 13:20:56 | 268,435,456 | -HS- | M] () -- C:\swapfile.sys [2014.01.20 13:20:52 | 851,582,975 | -HS- | M] () -- C:\hiberfil.sys [2014.01.19 18:29:15 | 001,776,918 | ---- | M] () -- C:\WINDOWS\SysNative\PerfStringBackup.INI [2014.01.19 18:29:15 | 000,764,340 | ---- | M] () -- C:\WINDOWS\SysNative\perfh007.dat [2014.01.19 18:29:15 | 000,722,278 | ---- | M] () -- C:\WINDOWS\SysNative\perfh009.dat [2014.01.19 18:29:15 | 000,159,160 | ---- | M] () -- C:\WINDOWS\SysNative\perfc007.dat [2014.01.19 18:29:15 | 000,135,394 | ---- | M] () -- C:\WINDOWS\SysNative\perfc009.dat [2014.01.19 00:21:12 | 000,001,125 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2014.01.19 00:16:58 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Fro\Desktop\OTL.exe [2014.01.16 20:08:24 | 001,983,468 | ---- | M] () -- C:\Users\Fro\Desktop\Phillip Frost.pdf [2014.01.16 20:07:18 | 001,982,943 | ---- | M] () -- C:\Users\Fro\Desktop\Andy Frost.pdf [2014.01.11 16:30:31 | 000,031,130 | ---- | M] () -- C:\Users\Fro\Desktop\(c) A.pdf [2014.01.11 15:56:27 | 000,366,058 | ---- | M] () -- C:\Users\Fro\Desktop\Entlassungsbericht Andy Frost Volmarstein 11.2013.pdf [2014.01.11 15:49:45 | 000,516,390 | ---- | M] () -- C:\Users\Fro\Desktop\mrg 4-2013.pdf [2014.01.11 15:48:43 | 001,482,559 | ---- | M] () -- C:\Users\Fro\Desktop\dkv erstattungsantrag.pdf [2014.01.11 15:43:35 | 000,000,884 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job [2014.01.09 19:59:45 | 000,065,711 | ---- | M] () -- C:\Users\Fro\Desktop\Formular_Laermprotokoll.pdf [2014.01.07 10:28:08 | 000,000,846 | ---- | M] () -- C:\Users\Fro\Desktop\Downloads.lnk [2014.01.06 23:31:05 | 000,693,240 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\SysWow64\FlashPlayerApp.exe [2014.01.06 23:31:05 | 000,105,464 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\SysWow64\FlashPlayerCPLApp.cpl [2013.12.30 14:09:13 | 000,058,882 | ---- | M] () -- C:\Users\Fro\Desktop\Ferienkalender 2014.pdf [2013.12.30 13:20:05 | 000,108,968 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\SysNative\WindowsAccessBridge-64.dll [2013.12.30 13:20:04 | 000,312,744 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\SysNative\javaws.exe [2013.12.30 13:20:04 | 000,189,352 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\SysNative\javaw.exe [2013.12.30 13:20:04 | 000,189,352 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\SysNative\java.exe [1 C:\Users\Fro\Desktop\*.tmp files -> C:\Users\Fro\Desktop\*.tmp -> ] [1 C:\*.tmp files -> C:\*.tmp -> ] ========== Files Created - No Company Name ========== [2014.01.19 00:21:12 | 000,001,125 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2014.01.16 20:07:43 | 001,983,468 | ---- | C] () -- C:\Users\Fro\Desktop\Phillip Frost.pdf [2014.01.16 20:06:52 | 001,982,943 | ---- | C] () -- C:\Users\Fro\Desktop\Andy Frost.pdf [2014.01.15 19:27:21 | 000,138,240 | ---- | C] () -- C:\WINDOWS\SysNative\OEMLicense.dll [2014.01.15 19:27:20 | 000,103,936 | ---- | C] () -- C:\WINDOWS\SysWow64\OEMLicense.dll [2014.01.11 16:30:30 | 000,031,130 | ---- | C] () -- C:\Users\Fro\Desktop\(c) A.pdf [2014.01.11 15:56:25 | 000,366,058 | ---- | C] () -- C:\Users\Fro\Desktop\Entlassungsbericht Andy Frost Volmarstein 11.2013.pdf [2014.01.11 15:49:43 | 000,516,390 | ---- | C] () -- C:\Users\Fro\Desktop\mrg 4-2013.pdf [2014.01.11 15:48:14 | 001,482,559 | ---- | C] () -- C:\Users\Fro\Desktop\dkv erstattungsantrag.pdf [2014.01.09 19:59:45 | 000,065,711 | ---- | C] () -- C:\Users\Fro\Desktop\Formular_Laermprotokoll.pdf [2013.12.30 14:09:13 | 000,058,882 | ---- | C] () -- C:\Users\Fro\Desktop\Ferienkalender 2014.pdf [2013.11.21 10:03:26 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ativpsrm.bin [2013.08.22 16:36:43 | 000,215,943 | ---- | C] () -- C:\WINDOWS\SysWow64\dssec.dat [2013.08.22 16:36:42 | 000,000,741 | ---- | C] () -- C:\WINDOWS\SysWow64\NOISE.DAT [2013.08.22 15:46:23 | 000,067,584 | --S- | C] () -- C:\WINDOWS\bootstat.dat [2013.08.22 08:01:23 | 000,043,131 | ---- | C] () -- C:\WINDOWS\mib.bin [2013.08.22 04:32:36 | 000,046,080 | ---- | C] () -- C:\WINDOWS\SysWow64\BWContextHandler.dll [2013.08.22 00:55:20 | 000,364,544 | ---- | C] () -- C:\WINDOWS\SysWow64\msjetoledb40.dll [2013.08.22 00:52:39 | 000,673,088 | ---- | C] () -- C:\WINDOWS\SysWow64\mlang.dat [2013.06.14 18:56:26 | 000,030,568 | ---- | C] () -- C:\WINDOWS\MusiccityDownload.exe [2013.06.14 18:56:18 | 000,974,848 | ---- | C] () -- C:\WINDOWS\SysWow64\cis-2.4.dll [2013.06.14 18:56:18 | 000,081,920 | ---- | C] () -- C:\WINDOWS\SysWow64\issacapi_bs-2.3.dll [2013.06.14 18:56:18 | 000,065,536 | ---- | C] () -- C:\WINDOWS\SysWow64\issacapi_pe-2.3.dll [2013.06.14 18:56:18 | 000,057,344 | ---- | C] () -- C:\WINDOWS\SysWow64\issacapi_se-2.3.dll [2012.12.04 22:53:34 | 000,005,632 | ---- | C] () -- C:\Users\Fro\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2012.12.04 21:20:39 | 001,080,627 | ---- | C] () -- C:\WINDOWS\SysWow64\sig.bin [2012.12.04 11:07:37 | 000,285,216 | ---- | C] () -- C:\WINDOWS\SysWow64\drivers\Onsio.sys [2012.12.04 11:07:37 | 000,007,680 | ---- | C] () -- C:\WINDOWS\SysWow64\drivers\Onsreged.sys [2012.04.18 17:39:10 | 000,028,672 | ---- | C] () -- C:\WINDOWS\SysWow64\kdbsdk32.dll [2012.04.11 20:22:11 | 000,000,000 | ---- | C] () -- C:\Users\Fro\mrg 4-12.prn [2012.01.01 21:13:03 | 000,008,696 | ---- | C] () -- C:\Users\Fro\2012-01-01_21.12_361266659_Kontoauszug_Nr._1.pdf ========== ZeroAccess Check ========== [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2013.11.21 09:53:14 | 021,196,664 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2013.11.21 09:53:15 | 018,642,504 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2013.08.22 10:49:49 | 000,921,088 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2013.08.22 03:45:10 | 000,691,712 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2013.08.22 10:45:17 | 000,483,840 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] ========== LOP Check ========== [2012.12.21 22:49:33 | 000,000,000 | ---D | M] -- C:\Users\Fro\AppData\Roaming\Amazon [2012.12.04 22:33:30 | 000,000,000 | ---D | M] -- C:\Users\Fro\AppData\Roaming\Auslogics [2012.12.04 10:47:41 | 000,000,000 | ---D | M] -- C:\Users\Fro\AppData\Roaming\Canon [2013.09.08 15:12:25 | 000,000,000 | ---D | M] -- C:\Users\Fro\AppData\Roaming\FRITZ! [2013.07.31 18:08:13 | 000,000,000 | ---D | M] -- C:\Users\Fro\AppData\Roaming\Garmin [2013.07.12 12:27:13 | 000,000,000 | ---D | M] -- C:\Users\Fro\AppData\Roaming\QuickScan [2013.10.04 19:54:21 | 000,000,000 | ---D | M] -- C:\Users\Fro\AppData\Roaming\Samsung [2012.12.08 14:30:20 | 000,000,000 | ---D | M] -- C:\Users\Fro\AppData\Roaming\Softland [2009.09.27 21:11:34 | 000,000,000 | ---D | M] -- C:\Users\Fro\AppData\Roaming\Template [2013.09.30 17:24:21 | 000,000,000 | ---D | M] -- C:\Users\Fro\AppData\Roaming\Thunderbird ========== Purity Check ========== < End of report > Sorry, hat leider etwas gedauert, aber konnte nicht eher wieder an den PC dran. Ich hoffe, dass ich alles soweit richtig gemacht habe. Danke für Deine schnelle Beantwortung gestern. |
|
20.01.2014, 15:29
| #4 |
| /// TB-Ausbilder | Bundesministerium für Internetsicherheit. Trojaner? Hallo, das sieht nicht so aus, als hätte sich etwas eingeschlichen. War wohl die Variante, die nur den Browser temporär sperrt, aber sonst keine Änderungen vornimmt.
__________________ cheers, Leo |
|
20.01.2014, 15:58
| #5 |
| | Bundesministerium für Internetsicherheit. Trojaner? Da fällt mir aber ein ganzer Gebirgszug vom Herzen. Kann ich denn bzw. sollte ich noch irgendetwas machen um ganz sicher gehen zu können? Ich habe da doch ein paar Bedenken wegen dem Onlinebanking. Was mir jetzt so nebenbei aufgefallen ist,ist die Zunahme an Spam-Mails in meinen Postfächern seit diesem Ereignis. Ganz viele "tolle"Mails von z.B. Online Inkasso,MeinSpeicher24(angeblich DHL Sendungsverfolgung) und natürlich alle mit Anhängen. Vielen Dank für Deine schnelle und tolle Hilfe. |
|
| Themen zu Bundesministerium für Internetsicherheit. Trojaner? |
| aktuelle, angeblich, antimalware, e-banking, fund, gdata, gen, guten, infektion, interne, log, malwarebytes, online-banking, probleme, schliessen, screenshot, security, seite, sicherheit, stick, störungen, surfen, system, taskmanager, trojaner, trojaner?, zusammen |
Linear-Darstellung
