|
Plagegeister aller Art und deren Bekämpfung: Win7:Trojaner, Spione oder ähnliches drauf?Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
23.01.2014, 10:13 | #1 |
| Win7:Trojaner, Spione oder ähnliches drauf? Hallo! Ich hoffe es kann jemand helfen. Ich hatte kurz nach Installation von Cyberghost VPN 5 das Problem, das Firefox die Meldung brachte "Etwas hindert Firefox daran, sicher zu aktualisieren". Im Firefoxforum wurde mir geraten mit Malwarebytes und AdwCleaner zu suchen. Malwarebytes hat nichts gefunden, AdwCleaner hat ein Paar Reste von Toolbars oder sowas entfernt. Malwarebytes beist sich aber mit meinem Bitdefender, der spinnt völlig wenn es installiert ist. Die Logdateien habe ich leider nicht mehr, wurde aber bereits gepostet: hxxp://www.camp-firefox.de/forum/viewtopic.php?f=1&t=106602 Housecall sowie der installierte Bitdefender haben zu diesem Zeitpunkt nichts gefunden. Da nach dem AdwCleaner das Problem weiter bestand und nach einem Cyberghost-Update der Rechner langsam wurde und der Systemproxy nicht mehr ging, habe ich ein älteres Backup wieder hergestellt wo die Probleme nicht bestanden haben. Nachdem jetzt jedoch bei dem BSI-Sicherheitstest zwei meiner email-Adressen betroffen sind habe ich nochmal alle möglichen Scanner laufen lassen: ESET onlinescan findet nichts. Spybot findet nichts. F-Secure Onlinescan findet nichts. AdwCleaner findet nichts mehr. EU-Cleaner von Avira findet in einer Datei ADWARE/adware.gen, da es keine Systemdatei war sondern wohl in meiner Musiksammlung eine .xm zur .exe umbenannt wurde habe ich das löschen lassen. Eine Logdatei vom EU-Clenaer zum posten kann ich nirgends finden. Sollte ich jetzt noch etwas anderes laufen lassen und hier posten? Mach mir etwas sorgen, dass noch was auf dem System ist, bzw. wenn ich jetzt meine Passwörter ändere die gleich wieder geklaut werden. Ich denke zwar eher, die haben die Adressen aus irgendwelchen Seiten oder Shops ausgelesen, die meine email als Benutzername verwenden, aber sicher ist sicher... |
23.01.2014, 10:23 | #2 |
/// the machine /// TB-Ausbilder | Win7:Trojaner, Spione oder ähnliches drauf? hi,
__________________Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop: FRST 32-Bit | FRST 64-Bit (Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
__________________ |
23.01.2014, 13:48 | #3 |
| Win7:Trojaner, Spione oder ähnliches drauf? Hallo und Danke fürs schnelle Antworten!
__________________Hier mal FRST: FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 23-01-2014 Ran by Julian (administrator) on PC on 23-01-2014 13:40:38 Running from C:\Users\Julian\Desktop Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard Internet Explorer Version 11 Boot Mode: Normal ==================== Processes (Whitelisted) ================= (Bitdefender) C:\Program Files\Bitdefender\Bitdefender\vsserv.exe (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (Acronis) C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe (Acronis) C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe (Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe (Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe (Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe (Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe (Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe (Softwareentwicklung Remus - ArchiCrypt) C:\Windows\SysWOW64\STGRAMDiskHandler64.exe (Acronis) C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe (Bitdefender) C:\Program Files\Bitdefender\Bitdefender\updatesrv.exe (Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe (Intel Corporation) C:\Windows\System32\igfxtray.exe (Intel Corporation) C:\Windows\System32\hkcmd.exe (Intel Corporation) C:\Windows\System32\igfxpers.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe (Alps Electric Co., Ltd.) C:\Program Files\DellTPad\Apoint.exe (Dell Inc.) C:\Program Files\Dell\QuickSet\quickset.exe (Acronis) C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe (Bitdefender) C:\Program Files\Bitdefender\Bitdefender\bdagent.exe (Bitdefender) C:\Program Files\Bitdefender\Bitdefender\pmbxag.exe (Bitdefender) C:\Program Files\Bitdefender\Bitdefender\antispam32\bdapppassmgr.exe (Alexander Miehlke Softwareentwicklung) C:\Program Files (x86)\Browser-Anonymisierer\BrowserMaulkorb.exe (Acronis) C:\Program Files (x86)\Acronis\TrueImageHome\TimounterMonitor.exe (Zemana Ltd.) C:\Program Files (x86)\Zemana AntiLogger Free\AntiLogger Free.exe (Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE (Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApMsgFwd.exe (Alps Electric Co., Ltd.) C:\Program Files\DellTPad\hidfind.exe (Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApntEx.exe (Condusiv Technologies) C:\Program Files\Condusiv Technologies\Diskeeper\DkService.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe (Steganos Software GmbH) C:\Program Files (x86)\Steganos Privacy Suite 12\PasswordManager.exe ==================== Registry (Whitelisted) ================== HKLM\...\Run: [RTHDVCPL] - C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [6629480 2011-04-15] (Realtek Semiconductor) HKLM\...\Run: [Apoint] - C:\Program Files\DellTPad\Apoint.exe [609144 2011-04-13] (Alps Electric Co., Ltd.) HKLM\...\Run: [QuickSet] - c:\Program Files\Dell\QuickSet\QuickSet.exe [4500640 2011-03-11] (Dell Inc.) HKLM\...\Run: [IntelTBRunOnce] - C:\Program Files\Intel\TurboBoost\RunTBGadgetOnce.vbs [4526 2010-11-29] () HKLM\...\Run: [Acronis Scheduler2 Service] - C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe [403688 2012-06-29] (Acronis) HKLM\...\Run: [Bdagent] - C:\Program Files\Bitdefender\Bitdefender\bdagent.exe [1735872 2014-01-18] (Bitdefender) HKLM-x32\...\Run: [AcronisTimounterMonitor] - C:\Program Files (x86)\Acronis\TrueImageHome\TimounterMonitor.exe [1173712 2012-06-29] (Acronis) HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated) HKLM-x32\...\Run: [Dell Webcam Central] - C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe [503942 2011-04-13] (Creative Technology Ltd) HKLM-x32\...\Run: [ZALFree] - C:\Program Files (x86)\Zemana AntiLogger Free\AntiLogger Free.exe [12999472 2013-07-22] (Zemana Ltd.) Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation) HKCU\...\Run: [Bitdefender-Geldbörse-Agent] - C:\Program Files\Bitdefender\Bitdefender\pmbxag.exe [561672 2014-01-18] (Bitdefender) HKCU\...\Run: [Bitdefender-Geldbörse-Anwendungs-Agent] - C:\Program Files\Bitdefender\Bitdefender\antispam32\bdapppassmgr.exe [612696 2014-01-18] (Bitdefender) HKCU\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1 HKCU\...\Policies\Explorer: [NoRecentDocsHistory] 1 HKCU\...\Policies\Explorer: [NoRecentDocsMenu] 1 HKCU\...\Policies\Explorer: [NoStartMenuMFUprogramsList] 1 MountPoints2: {e6edea3a-1190-11e1-83c6-806e6f6e6963} - D:\autostart.exe AppInit_DLLs: C:\PROGRA~2\KEYCRY~1\KEYCRY~4.DLL,C:\Windows\system32\nvinitx.dll => C:\Windows\system32\nvinitx.dll [168616 2013-12-18] (NVIDIA Corporation) AppInit_DLLs-x32: C:\PROGRA~2\KEYCRY~1\KEYCRY~3.DLL,C:\Windows\SysWOW64\nvinit.dll => C:\Windows\SysWOW64\nvinit.dll [141336 2013-12-18] (NVIDIA Corporation) Startup: C:\Users\Julian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Browser-Anonymisierer.lnk ShortcutTarget: Browser-Anonymisierer.lnk -> C:\Program Files (x86)\Browser-Anonymisierer\BrowserMaulkorb.exe (Alexander Miehlke Softwareentwicklung) ==================== Internet (Whitelisted) ==================== HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/USCON/8 SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKCU - {1D7C86BD-BDE4-4E06-8B5B-6B7726EFA337} URL = BHO: Bitdefender-Geldbörse - {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} - C:\Program Files\Bitdefender\Bitdefender\pmbxie.dll (Bitdefender) BHO: No Name - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - No File BHO: No Name - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - No File BHO: No Name - {DBC80044-A445-435b-BC74-9C25C1C588A9} - No File BHO-x32: Bitdefender-Geldbörse - {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} - C:\Program Files\Bitdefender\Bitdefender\Antispam32\pmbxie.dll (Bitdefender) BHO-x32: CBAbzockschutz.InitToolbarBHO - {2e250b90-0e7a-42a3-9d65-e39f9f227fa4} - C:\Windows\SysWOW64\mscoree.dll (Microsoft Corporation) BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO-x32: No Name - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - No File BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) Toolbar: HKLM-x32 - Steganos Password Manager Toolbar - {9C65D12D-CF9D-454D-8049-61965D8C6FFF} - C:\Program Files (x86)\Steganos Privacy Suite 12\SPMIEToolbar.dll (Steganos Software GmbH) Toolbar: HKLM-x32 - COMPUTERBILD-Abzockschutz - {353e2a48-6254-4bd3-88f4-3b51a0ca7870} - C:\Windows\SysWOW64\mscoree.dll (Microsoft Corporation) Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - No File Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - No File Handler-x32: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - No File Handler-x32: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - No File Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - No File Filter-x32: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - No File Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 FireFox: ======== FF ProfilePath: C:\Users\Julian\AppData\Roaming\Mozilla\Firefox\Profiles\kw6okr3m.default FF SelectedSearchEngine: benefind FF Homepage: about:mozilla FF NetworkProxy: "type", 0 FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_12_0_0_43.dll () FF Plugin: @java.com/DTPlugin,version=1.6.0_33 - C:\Windows\system32\npdeployJava1.dll (Sun Microsystems, Inc.) FF Plugin: @mcafee.com/MSC,version=10 - c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL No File FF Plugin: @microsoft.com/GENUINE - disabled No File FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation) FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_43.dll () FF Plugin-x32: @Bitdefender.com/PasswordManager;version=17.8 - C:\Program Files\Bitdefender\Bitdefender\Antispam32\pmbxnp.dll (Bitdefender) FF Plugin-x32: @java.com/DTPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin-x32: @mcafee.com/MSC,version=10 - c:\progra~2\mcafee\msc\npmcsn~1.dll No File FF Plugin-x32: @mcafee.com/SAFFPlugin - C:\Program Files (x86)\McAfee\SiteAdvisor\npmcffplg32.dll No File FF Plugin-x32: @microsoft.com/GENUINE - disabled No File FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll No File FF Plugin-x32: @nvidia.com/3DVision - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation) FF Plugin-x32: @nvidia.com/3DVisionStreaming - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation) FF Plugin-x32: @videolan.org/vlc,version=2.0.0 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN) FF Plugin-x32: @videolan.org/vlc,version=2.0.1 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN) FF Plugin-x32: @videolan.org/vlc,version=2.0.2 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN) FF Plugin-x32: @videolan.org/vlc,version=2.0.8 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN) FF Plugin-x32: @videolan.org/vlc,version=2.1.1 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN) FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml FF Extension: Adblock Plus Pop-up Addon - C:\Users\Julian\AppData\Roaming\Mozilla\Firefox\Profiles\kw6okr3m.default\Extensions\adblockpopups@jessehakanen.net.xpi [2014-01-18] FF Extension: gui:config - C:\Users\Julian\AppData\Roaming\Mozilla\Firefox\Profiles\kw6okr3m.default\Extensions\guiconfig@slosd.net.xpi [2012-01-27] FF Extension: NO Google Analytics - C:\Users\Julian\AppData\Roaming\Mozilla\Firefox\Profiles\kw6okr3m.default\Extensions\jid1-JcGokIiQyjoBAQ@jetpack.xpi [2014-01-18] FF Extension: TrackMeNot - C:\Users\Julian\AppData\Roaming\Mozilla\Firefox\Profiles\kw6okr3m.default\Extensions\trackmenot@mrl.nyu.edu.xpi [2011-11-22] FF Extension: عارض PDF - C:\Users\Julian\AppData\Roaming\Mozilla\Firefox\Profiles\kw6okr3m.default\Extensions\uriloader@pdf.js.xpi [2012-11-09] FF Extension: HTTPS Finder - C:\Users\Julian\AppData\Roaming\Mozilla\Firefox\Profiles\kw6okr3m.default\Extensions\{6bdc61ae-7b80-44a3-9476-e1d121ec2238}.xpi [2012-02-15] FF Extension: NoScript - C:\Users\Julian\AppData\Roaming\Mozilla\Firefox\Profiles\kw6okr3m.default\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2011-11-22] FF Extension: Adblock Plus - C:\Users\Julian\AppData\Roaming\Mozilla\Firefox\Profiles\kw6okr3m.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2011-11-22] FF Extension: BetterPrivacy - C:\Users\Julian\AppData\Roaming\Mozilla\Firefox\Profiles\kw6okr3m.default\Extensions\{d40f5e7b-d2cf-4856-b441-cc613eeffbe3}.xpi [2011-11-22] FF HKLM\...\Thunderbird\Extensions: [bdThunderbird@bitdefender.com] - C:\Program Files\Bitdefender\Bitdefender\bdtbext FF Extension: bdToolbar - C:\Program Files\Bitdefender\Bitdefender\bdtbext [2014-01-18] FF HKLM-x32\...\Firefox\Extensions: [{09F060FA-566D-42D7-BF79-97AB30863433}] - C:\Program Files (x86)\Steganos Privacy Suite 12\pfplugin FF Extension: Steganos Private Favorites - C:\Program Files (x86)\Steganos Privacy Suite 12\pfplugin [2012-01-01] FF HKLM-x32\...\Firefox\Extensions: [{00F0643E-B367-4779-B45D-7046EBA37A88}] - C:\Program Files (x86)\Steganos Privacy Suite 12\spmplugin3 FF Extension: Steganos Password Manager - C:\Program Files (x86)\Steganos Privacy Suite 12\spmplugin3 [2012-01-01] FF HKLM-x32\...\Firefox\Extensions: [ffpwdman@bitdefender.com] - C:\Program Files\Bitdefender\Bitdefender\Antispam32\ffpwdman\ FF Extension: Bitdefender Wallet - C:\Program Files\Bitdefender\Bitdefender\Antispam32\ffpwdman\ [] FF HKLM-x32\...\Thunderbird\Extensions: [bdThunderbird@bitdefender.com] - C:\Program Files\Bitdefender\Bitdefender\bdtbext FF Extension: bdToolbar - C:\Program Files\Bitdefender\Bitdefender\bdtbext [2014-01-18] ==================== Services (Whitelisted) ================= S4 BdDesktopParental; C:\Program Files\Bitdefender\Bitdefender\bdparentalservice.exe [77632 2013-11-21] (Bitdefender) R2 Diskeeper; C:\Program Files\Condusiv Technologies\Diskeeper\DkService.exe [2721656 2012-06-29] (Condusiv Technologies) S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [340240 2011-07-28] () S3 Secunia PSI Agent; C:\Program Files (x86)\Secunia\PSI\PSIA.exe [993848 2011-04-19] (Secunia) S3 Secunia Update Agent; C:\Program Files (x86)\Secunia\PSI\sua.exe [399416 2011-04-19] (Secunia) R2 Steganos Volatile Disk; C:\Windows\SysWOW64\STGRAMDiskHandler64.exe [450560 2011-09-12] (Softwareentwicklung Remus - ArchiCrypt) R2 UPDATESRV; C:\Program Files\Bitdefender\Bitdefender\updatesrv.exe [67320 2013-10-07] (Bitdefender) R2 VSSERV; C:\Program Files\Bitdefender\Bitdefender\vsserv.exe [1507248 2013-11-15] (Bitdefender) ==================== Drivers (Whitelisted) ==================== R0 avc3; C:\Windows\System32\DRIVERS\avc3.sys [727592 2013-07-19] (BitDefender) R3 avchv; C:\Windows\System32\DRIVERS\avchv.sys [261056 2012-11-02] (BitDefender) R3 avckf; C:\Windows\System32\DRIVERS\avckf.sys [601360 2013-07-19] (BitDefender) R1 BdfNdisf; c:\program files\common files\bitdefender\bitdefender firewall\bdfndisf6.sys [93600 2013-02-22] (BitDefender LLC) R1 bdfwfpf; C:\Program Files\Common Files\Bitdefender\Bitdefender Firewall\bdfwfpf.sys [103504 2011-11-14] (BitDefender LLC) S3 bdfwfpf_pc; C:\Program Files\Common Files\Bitdefender\Bitdefender Firewall\bdfwfpf_pc.sys [121928 2013-07-02] (Bitdefender SRL) S3 BDSandBox; C:\Windows\system32\drivers\bdsandbox.sys [82824 2013-11-04] (BitDefender SRL) R0 DKDFM; C:\Windows\System32\drivers\DKDFM.sys [40752 2012-04-05] (Condusiv Technologies) R3 DKRtWrt; C:\Windows\System32\DRIVERS\DKRtWrt.sys [52048 2012-06-18] (Condusiv Technologies) R0 DKTLFSMF; C:\Windows\System32\drivers\DKTLFSMF.sys [106832 2012-06-07] (Condusiv Technologies) R0 gzflt; C:\Windows\System32\DRIVERS\gzflt.sys [150256 2013-08-23] (BitDefender LLC) R3 keycrypt; C:\Windows\System32\DRIVERS\KeyCrypt64.sys [25568 2013-07-22] (Zemana Ltd.) R1 nvkflt; C:\Windows\System32\DRIVERS\nvkflt.sys [300320 2013-12-18] (NVIDIA Corporation) S3 Serial; C:\Windows\system32\drivers\serial.sys [94208 2009-07-14] (Brother Industries Ltd.) R1 SLEE_17_DRIVER; C:\Windows\Sleen1764.sys [108256 2011-09-12] (Softwareentwicklung Remus - ArchiCrypt - ) R1 STGMFEngine64; C:\Windows\system32\drivers\STGMFEngine64.sys [28576 2011-09-12] (Softwareentwicklung Remus - ArchiCrypt.com) R0 trufos; C:\Windows\System32\DRIVERS\trufos.sys [389240 2013-08-07] (BitDefender S.R.L.) ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2014-01-23 13:40 - 2014-01-23 13:40 - 00017481 _____ C:\Users\Julian\Desktop\FRST.txt 2014-01-23 13:32 - 2014-01-23 13:32 - 00000000 ____D C:\FRST 2014-01-23 13:30 - 2014-01-23 13:30 - 02077184 _____ (Farbar) C:\Users\Julian\Desktop\FRST64.exe 2014-01-19 16:36 - 2014-01-19 16:36 - 00084040 _____ C:\Users\Julian\AppData\Local\GDIPFONTCACHEV1.DAT 2014-01-19 16:34 - 2014-01-19 16:34 - 00000000 _____ C:\Windows\setuperr.log 2014-01-19 16:34 - 2014-01-19 16:34 - 00000000 _____ C:\Windows\setupact.log 2014-01-18 14:28 - 2014-01-18 14:29 - 00000000 ____D C:\AdwCleaner 2014-01-18 13:51 - 2014-01-22 08:59 - 00009216 _____ C:\Users\Julian\Desktop\JulianAusgaben .xls 2014-01-18 12:06 - 2014-01-18 15:05 - 00000000 ____D C:\Users\Julian\AppData\Local\CrashDumps 2014-01-18 11:55 - 2014-01-18 11:54 - 00264616 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe 2014-01-18 11:54 - 2014-01-18 11:54 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe 2014-01-18 11:54 - 2014-01-18 11:54 - 00174504 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe 2014-01-18 11:54 - 2014-01-18 11:54 - 00096168 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll 2014-01-18 11:54 - 2014-01-18 11:54 - 00000000 ____D C:\Program Files (x86)\Java 2014-01-18 10:35 - 2014-01-23 08:54 - 00071890 _____ C:\Windows\WindowsUpdate.log 2014-01-18 10:26 - 2014-01-18 10:26 - 00000000 ____D C:\Windows\SysWOW64\NV 2014-01-18 10:26 - 2014-01-18 10:26 - 00000000 ____D C:\Windows\system32\NV 2014-01-18 10:12 - 2014-01-18 10:12 - 00003062 _____ C:\Windows\System32\Tasks\Microsoft_MKC_Logon_Task_ipoint.exe 2014-01-18 10:12 - 2014-01-18 10:12 - 00003060 _____ C:\Windows\System32\Tasks\Microsoft_MKC_Logon_Task_itype.exe 2014-01-18 10:11 - 2014-01-18 10:11 - 00000000 ____D C:\Program Files\Microsoft Mouse and Keyboard Center 2014-01-18 10:05 - 2013-11-26 12:54 - 23183360 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2014-01-18 10:05 - 2013-11-26 11:19 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2014-01-18 10:05 - 2013-11-26 11:18 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll 2014-01-18 10:05 - 2013-11-26 11:11 - 17112576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2014-01-18 10:05 - 2013-11-26 10:48 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll 2014-01-18 10:05 - 2013-11-26 10:46 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll 2014-01-18 10:05 - 2013-11-26 10:41 - 02764288 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2014-01-18 10:05 - 2013-11-26 10:29 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll 2014-01-18 10:05 - 2013-11-26 10:27 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll 2014-01-18 10:05 - 2013-11-26 10:23 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb 2014-01-18 10:05 - 2013-11-26 10:21 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll 2014-01-18 10:05 - 2013-11-26 10:18 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe 2014-01-18 10:05 - 2013-11-26 10:18 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe 2014-01-18 10:05 - 2013-11-26 10:16 - 00708608 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll 2014-01-18 10:05 - 2013-11-26 09:57 - 00218624 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe 2014-01-18 10:05 - 2013-11-26 09:38 - 02166784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2014-01-18 10:05 - 2013-11-26 09:38 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll 2014-01-18 10:05 - 2013-11-26 09:32 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll 2014-01-18 10:05 - 2013-11-26 09:28 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll 2014-01-18 10:05 - 2013-11-26 09:16 - 04243968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll 2014-01-18 10:05 - 2013-11-26 09:02 - 01995264 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl 2014-01-18 10:05 - 2013-11-26 08:48 - 12996608 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2014-01-18 10:05 - 2013-11-26 08:32 - 01928192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl 2014-01-18 10:05 - 2013-11-26 08:26 - 11221504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2014-01-18 10:05 - 2013-11-26 08:07 - 02334208 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2014-01-18 10:05 - 2013-11-26 07:40 - 01395200 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2014-01-18 10:05 - 2013-11-26 07:34 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll 2014-01-18 10:05 - 2013-11-26 07:34 - 00703488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll 2014-01-18 10:05 - 2013-11-26 07:33 - 01820160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2014-01-18 10:05 - 2013-11-26 07:27 - 01157632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2014-01-18 10:04 - 2014-01-18 10:04 - 00000000 ____D C:\14c39edb0dc61245ac8bd50f89 2014-01-18 10:04 - 2013-11-26 09:35 - 05769216 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2014-01-18 02:06 - 2013-05-10 06:56 - 14631424 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll 2014-01-18 02:06 - 2013-05-10 06:56 - 12625920 _____ (Microsoft Corporation) C:\Windows\system32\wmploc.DLL 2014-01-18 02:06 - 2013-05-10 05:56 - 12625408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmploc.DLL 2014-01-18 02:06 - 2013-05-10 05:56 - 11410432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmp.dll 2014-01-18 02:02 - 2014-01-23 13:39 - 00000000 ___RD C:\Users\Julian\Desktop\Wartung 2014-01-18 01:57 - 2014-01-18 02:05 - 00000000 ____D C:\80b5166afda31d2d92 2014-01-18 01:57 - 2013-10-14 18:00 - 00028368 _____ (Microsoft Corporation) C:\Windows\system32\IEUDINIT.EXE 2014-01-18 01:50 - 2014-01-18 01:50 - 01228800 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll 2014-01-18 01:50 - 2014-01-18 01:50 - 01051136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll 2014-01-18 01:50 - 2014-01-18 01:50 - 00942592 _____ (Microsoft Corporation) C:\Windows\system32\jsIntl.dll 2014-01-18 01:50 - 2014-01-18 01:50 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe 2014-01-18 01:50 - 2014-01-18 01:50 - 00774144 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll 2014-01-18 01:50 - 2014-01-18 01:50 - 00645120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsIntl.dll 2014-01-18 01:50 - 2014-01-18 01:50 - 00626176 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2014-01-18 01:50 - 2014-01-18 01:50 - 00616104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dat 2014-01-18 01:50 - 2014-01-18 01:50 - 00616104 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dat 2014-01-18 01:50 - 2014-01-18 01:50 - 00610304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll 2014-01-18 01:50 - 2014-01-18 01:50 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll 2014-01-18 01:50 - 2014-01-18 01:50 - 00523776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll 2014-01-18 01:50 - 2014-01-18 01:50 - 00454656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll 2014-01-18 01:50 - 2014-01-18 01:50 - 00453120 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll 2014-01-18 01:50 - 2014-01-18 01:50 - 00413696 _____ (Microsoft Corporation) C:\Windows\system32\html.iec 2014-01-18 01:50 - 2014-01-18 01:50 - 00367104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll 2014-01-18 01:50 - 2014-01-18 01:50 - 00337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec 2014-01-18 01:50 - 2014-01-18 01:50 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll 2014-01-18 01:50 - 2014-01-18 01:50 - 00263376 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll 2014-01-18 01:50 - 2014-01-18 01:50 - 00247808 _____ (Microsoft Corporation) C:\Windows\system32\msls31.dll 2014-01-18 01:50 - 2014-01-18 01:50 - 00244736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll 2014-01-18 01:50 - 2014-01-18 01:50 - 00243200 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll 2014-01-18 01:50 - 2014-01-18 01:50 - 00238288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll 2014-01-18 01:50 - 2014-01-18 01:50 - 00235520 _____ (Microsoft Corporation) C:\Windows\system32\url.dll 2014-01-18 01:50 - 2014-01-18 01:50 - 00235008 _____ (Microsoft Corporation) C:\Windows\system32\elshyph.dll 2014-01-18 01:50 - 2014-01-18 01:50 - 00233472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll 2014-01-18 01:50 - 2014-01-18 01:50 - 00208384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll 2014-01-18 01:50 - 2014-01-18 01:50 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll 2014-01-18 01:50 - 2014-01-18 01:50 - 00194048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\elshyph.dll 2014-01-18 01:50 - 2014-01-18 01:50 - 00182272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msls31.dll 2014-01-18 01:50 - 2014-01-18 01:50 - 00167424 _____ (Microsoft Corporation) C:\Windows\system32\iexpress.exe 2014-01-18 01:50 - 2014-01-18 01:50 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll 2014-01-18 01:50 - 2014-01-18 01:50 - 00151552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iexpress.exe 2014-01-18 01:50 - 2014-01-18 01:50 - 00147968 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll 2014-01-18 01:50 - 2014-01-18 01:50 - 00143872 _____ (Microsoft Corporation) C:\Windows\system32\wextract.exe 2014-01-18 01:50 - 2014-01-18 01:50 - 00139264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wextract.exe 2014-01-18 01:50 - 2014-01-18 01:50 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll 2014-01-18 01:50 - 2014-01-18 01:50 - 00131072 _____ (Microsoft Corporation) C:\Windows\system32\IEAdvpack.dll 2014-01-18 01:50 - 2014-01-18 01:50 - 00127488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll 2014-01-18 01:50 - 2014-01-18 01:50 - 00116736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll 2014-01-18 01:50 - 2014-01-18 01:50 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe 2014-01-18 01:50 - 2014-01-18 01:50 - 00111616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IEAdvpack.dll 2014-01-18 01:50 - 2014-01-18 01:50 - 00105984 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll 2014-01-18 01:50 - 2014-01-18 01:50 - 00101376 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll 2014-01-18 01:50 - 2014-01-18 01:50 - 00090112 _____ (Microsoft Corporation) C:\Windows\system32\SetIEInstalledDate.exe 2014-01-18 01:50 - 2014-01-18 01:50 - 00086016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll 2014-01-18 01:50 - 2014-01-18 01:50 - 00086016 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe 2014-01-18 01:50 - 2014-01-18 01:50 - 00084992 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll 2014-01-18 01:50 - 2014-01-18 01:50 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll 2014-01-18 01:50 - 2014-01-18 01:50 - 00083456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll 2014-01-18 01:50 - 2014-01-18 01:50 - 00081408 _____ (Microsoft Corporation) C:\Windows\system32\icardie.dll 2014-01-18 01:50 - 2014-01-18 01:50 - 00077312 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx 2014-01-18 01:50 - 2014-01-18 01:50 - 00074240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SetIEInstalledDate.exe 2014-01-18 01:50 - 2014-01-18 01:50 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe 2014-01-18 01:50 - 2014-01-18 01:50 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll 2014-01-18 01:50 - 2014-01-18 01:50 - 00069120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardie.dll 2014-01-18 01:50 - 2014-01-18 01:50 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx 2014-01-18 01:50 - 2014-01-18 01:50 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\pngfilt.dll 2014-01-18 01:50 - 2014-01-18 01:50 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll 2014-01-18 01:50 - 2014-01-18 01:50 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll 2014-01-18 01:50 - 2014-01-18 01:50 - 00056832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pngfilt.dll 2014-01-18 01:50 - 2014-01-18 01:50 - 00052224 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll 2014-01-18 01:50 - 2014-01-18 01:50 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll 2014-01-18 01:50 - 2014-01-18 01:50 - 00048640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmler.dll 2014-01-18 01:50 - 2014-01-18 01:50 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\mshtmler.dll 2014-01-18 01:50 - 2014-01-18 01:50 - 00048128 _____ (Microsoft Corporation) C:\Windows\system32\imgutil.dll 2014-01-18 01:50 - 2014-01-18 01:50 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll 2014-01-18 01:50 - 2014-01-18 01:50 - 00040448 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll 2014-01-18 01:50 - 2014-01-18 01:50 - 00036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\imgutil.dll 2014-01-18 01:50 - 2014-01-18 01:50 - 00034816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll 2014-01-18 01:50 - 2014-01-18 01:50 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll 2014-01-18 01:50 - 2014-01-18 01:50 - 00030208 _____ (Microsoft Corporation) C:\Windows\system32\licmgr10.dll 2014-01-18 01:50 - 2014-01-18 01:50 - 00024576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\licmgr10.dll 2014-01-18 01:50 - 2014-01-18 01:50 - 00013824 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe 2014-01-18 01:50 - 2014-01-18 01:50 - 00013312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe 2014-01-18 01:50 - 2014-01-18 01:50 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe 2014-01-18 01:50 - 2014-01-18 01:50 - 00012800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe 2014-01-18 00:57 - 2014-01-18 00:57 - 00076944 _____ (BitDefender) C:\Windows\system32\Drivers\bdvedisk.sys 2014-01-18 00:57 - 2014-01-18 00:57 - 00074512 _____ (BitDefender SRL) C:\Windows\system32\bdsandboxuiskin32.dll 2014-01-18 00:56 - 2014-01-18 00:56 - 00117464 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2014-01-18 00:49 - 2014-01-18 00:49 - 00089304 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys 2014-01-18 00:15 - 2014-01-18 00:15 - 00509670 _____ C:\ProgramData\1390000157.bdinstall.bin 2014-01-18 00:14 - 2014-01-18 00:14 - 00000684 ____H C:\bdr-cf01 2014-01-18 00:14 - 2013-11-04 15:47 - 00082824 _____ (BitDefender SRL) C:\Windows\system32\Drivers\bdsandbox.sys 2014-01-18 00:14 - 2013-07-19 17:08 - 00601360 _____ (BitDefender) C:\Windows\system32\Drivers\avckf.sys 2014-01-18 00:14 - 2013-07-19 17:04 - 00727592 _____ (BitDefender) C:\Windows\system32\Drivers\avc3.sys 2014-01-18 00:14 - 2013-02-22 18:46 - 00093600 _____ (BitDefender LLC) C:\Windows\system32\Drivers\BdfNdisf6.sys 2014-01-18 00:13 - 2014-01-18 00:14 - 00253404 ____H C:\bdr-ld01 2014-01-18 00:13 - 2014-01-18 00:14 - 00009216 ____H C:\bdr-ld01.mbr 2014-01-18 00:13 - 2014-01-18 00:13 - 00000000 ____D C:\Users\Julian\AppData\Roaming\Bitdefender 2014-01-18 00:13 - 2013-09-24 15:38 - 46879860 ____H C:\bdr-im01.gz 2014-01-18 00:13 - 2013-08-13 12:38 - 03271472 ____H C:\bdr-bz01 2014-01-18 00:09 - 2014-01-18 00:57 - 00000000 ____D C:\ProgramData\Bitdefender 2014-01-18 00:09 - 2013-08-23 12:48 - 00150256 _____ (BitDefender LLC) C:\Windows\system32\Drivers\gzflt.sys 2014-01-18 00:09 - 2013-08-07 12:46 - 00389240 _____ (BitDefender S.R.L.) C:\Windows\system32\Drivers\trufos.sys 2014-01-18 00:06 - 2014-01-18 00:06 - 00249497 _____ C:\ProgramData\1389999917.bdinstall.bin 2014-01-17 23:44 - 2014-01-17 23:44 - 00588042 _____ C:\ProgramData\1389998116.bdinstall.bin 2014-01-17 23:41 - 2014-01-18 00:57 - 00074512 _____ (BitDefender SRL) C:\Windows\SysWOW64\bdsandboxuiskin32.dll 2014-01-17 23:41 - 2012-11-02 13:17 - 00261056 _____ (BitDefender) C:\Windows\system32\Drivers\avchv.sys 2014-01-17 23:36 - 2013-11-04 15:47 - 00084848 _____ (BitDefender SRL) C:\Windows\system32\BDSandBoxUISkin.dll 2014-01-17 23:36 - 2013-11-04 15:46 - 00034384 _____ (BitDefender SRL) C:\Windows\system32\BDSandBoxUH.dll 2014-01-17 23:28 - 2014-01-17 23:28 - 00213973 _____ C:\ProgramData\1389997567.bdinstall.bin 2014-01-17 23:08 - 2014-01-17 23:08 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox 2014-01-17 14:08 - 2013-11-23 19:26 - 00417792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMPhoto.dll 2014-01-17 14:08 - 2013-11-23 18:47 - 00465920 _____ (Microsoft Corporation) C:\Windows\system32\WMPhoto.dll 2014-01-17 14:08 - 2013-11-12 03:23 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll 2014-01-17 14:08 - 2013-11-12 03:07 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll 2014-01-17 14:08 - 2013-10-30 03:32 - 00335360 _____ (Microsoft Corporation) C:\Windows\system32\msieftp.dll 2014-01-17 14:08 - 2013-10-30 03:19 - 00301568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msieftp.dll 2014-01-17 14:08 - 2013-10-19 03:18 - 00081408 _____ (Microsoft Corporation) C:\Windows\system32\imagehlp.dll 2014-01-17 14:08 - 2013-10-19 02:36 - 00159232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\imagehlp.dll 2014-01-17 14:08 - 2013-10-05 21:25 - 01474048 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll 2014-01-17 14:08 - 2013-10-05 20:57 - 01168384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll 2014-01-17 14:08 - 2013-07-04 13:50 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\comctl32.dll 2014-01-17 14:08 - 2013-07-04 12:50 - 00530432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\comctl32.dll 2014-01-17 14:07 - 2013-11-27 02:42 - 00343040 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbhub.sys 2014-01-17 14:07 - 2013-11-27 02:42 - 00325120 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbport.sys 2014-01-17 14:07 - 2013-11-27 02:42 - 00099840 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbccgp.sys 2014-01-17 14:07 - 2013-11-27 02:42 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbehci.sys 2014-01-17 14:07 - 2013-11-27 02:42 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbuhci.sys 2014-01-17 14:07 - 2013-11-27 02:42 - 00025600 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbohci.sys 2014-01-17 14:07 - 2013-11-27 02:42 - 00007808 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbd.sys 2014-01-17 14:07 - 2013-10-04 03:28 - 00190464 _____ (Microsoft Corporation) C:\Windows\system32\SmartcardCredentialProvider.dll 2014-01-17 14:07 - 2013-10-04 03:25 - 00197120 _____ (Microsoft Corporation) C:\Windows\system32\credui.dll 2014-01-17 14:07 - 2013-10-04 03:24 - 01930752 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll 2014-01-17 14:07 - 2013-10-04 03:16 - 00116736 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\drmk.sys 2014-01-17 14:07 - 2013-10-04 02:58 - 00152576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SmartcardCredentialProvider.dll 2014-01-17 14:07 - 2013-10-04 02:56 - 01796096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll 2014-01-17 14:07 - 2013-10-04 02:56 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credui.dll 2014-01-17 14:07 - 2013-10-04 02:36 - 00230400 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\portcls.sys 2014-01-17 14:07 - 2013-09-28 02:09 - 00497152 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys 2014-01-17 14:07 - 2013-09-25 03:26 - 00154560 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys 2014-01-17 14:07 - 2013-09-25 03:26 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys 2014-01-17 14:07 - 2013-09-25 03:23 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll 2014-01-17 14:07 - 2013-09-25 03:23 - 00028672 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll 2014-01-17 14:07 - 2013-09-25 03:23 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll 2014-01-17 14:07 - 2013-09-25 03:22 - 00340992 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll 2014-01-17 14:07 - 2013-09-25 03:21 - 01447936 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll 2014-01-17 14:07 - 2013-09-25 03:21 - 00307200 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll 2014-01-17 14:07 - 2013-09-25 02:58 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll 2014-01-17 14:07 - 2013-09-25 02:57 - 00247808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll 2014-01-17 14:07 - 2013-09-25 02:57 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll 2014-01-17 14:07 - 2013-09-25 02:56 - 00220160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll 2014-01-17 14:07 - 2013-09-25 02:03 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe 2014-01-17 14:07 - 2013-07-04 13:18 - 00458712 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys 2014-01-17 14:07 - 2013-06-06 06:50 - 00041472 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll 2014-01-17 14:07 - 2013-06-06 06:49 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll 2014-01-17 14:07 - 2013-06-06 06:49 - 00014336 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll 2014-01-17 14:07 - 2013-06-06 06:47 - 00046080 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll 2014-01-17 14:07 - 2013-06-06 05:57 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\lpk.dll 2014-01-17 14:07 - 2013-06-06 05:51 - 00070656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fontsub.dll 2014-01-17 14:07 - 2013-06-06 05:50 - 00010240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dciman32.dll 2014-01-17 14:07 - 2013-06-06 04:30 - 00368128 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll 2014-01-17 14:07 - 2013-06-06 04:01 - 00295424 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll 2014-01-17 14:07 - 2013-06-06 04:01 - 00034304 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll 2014-01-17 14:06 - 2013-11-26 12:40 - 00376768 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netio.sys 2014-01-17 14:06 - 2013-11-26 11:32 - 03156480 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys 2014-01-17 14:06 - 2013-10-12 03:32 - 00150016 _____ (Microsoft Corporation) C:\Windows\system32\wshom.ocx 2014-01-17 14:06 - 2013-10-12 03:31 - 00202752 _____ (Microsoft Corporation) C:\Windows\system32\scrrun.dll 2014-01-17 14:06 - 2013-10-12 03:30 - 00830464 _____ (Microsoft Corporation) C:\Windows\system32\nshwfp.dll 2014-01-17 14:06 - 2013-10-12 03:29 - 00859648 _____ (Microsoft Corporation) C:\Windows\system32\IKEEXT.DLL 2014-01-17 14:06 - 2013-10-12 03:29 - 00324096 _____ (Microsoft Corporation) C:\Windows\system32\FWPUCLNT.DLL 2014-01-17 14:06 - 2013-10-12 03:04 - 00121856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wshom.ocx 2014-01-17 14:06 - 2013-10-12 03:03 - 00656896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nshwfp.dll 2014-01-17 14:06 - 2013-10-12 03:03 - 00163840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\scrrun.dll 2014-01-17 14:06 - 2013-10-12 03:01 - 00216576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\FWPUCLNT.DLL 2014-01-17 14:06 - 2013-10-12 02:33 - 00168960 _____ (Microsoft Corporation) C:\Windows\system32\wscript.exe 2014-01-17 14:06 - 2013-10-12 02:33 - 00156160 _____ (Microsoft Corporation) C:\Windows\system32\cscript.exe 2014-01-17 14:06 - 2013-10-12 02:15 - 00141824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wscript.exe 2014-01-17 14:06 - 2013-10-12 02:15 - 00126976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cscript.exe 2014-01-17 14:06 - 2013-10-03 03:23 - 00404480 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll 2014-01-17 14:06 - 2013-10-03 03:00 - 00311808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll 2014-01-17 14:06 - 2013-09-08 03:30 - 01903552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys 2014-01-17 14:06 - 2013-09-08 03:27 - 00327168 _____ (Microsoft Corporation) C:\Windows\system32\mswsock.dll 2014-01-17 14:06 - 2013-09-08 03:03 - 00231424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mswsock.dll 2014-01-17 14:06 - 2013-08-29 03:17 - 05549504 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe 2014-01-17 14:06 - 2013-08-29 03:16 - 01732032 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll 2014-01-17 14:06 - 2013-08-29 03:16 - 00859648 _____ (Microsoft Corporation) C:\Windows\system32\tdh.dll 2014-01-17 14:06 - 2013-08-29 03:16 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll 2014-01-17 14:06 - 2013-08-29 03:13 - 00878080 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll 2014-01-17 14:06 - 2013-08-29 02:51 - 03969472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe 2014-01-17 14:06 - 2013-08-29 02:51 - 03914176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe 2014-01-17 14:06 - 2013-08-29 02:50 - 01292192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll 2014-01-17 14:06 - 2013-08-29 02:50 - 00619520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdh.dll 2014-01-17 14:06 - 2013-08-29 02:50 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll 2014-01-17 14:06 - 2013-08-29 02:48 - 00640512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll 2014-01-17 14:06 - 2013-08-29 01:49 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe 2014-01-17 14:06 - 2013-08-29 01:49 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll 2014-01-17 14:06 - 2013-08-29 01:49 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe 2014-01-17 14:06 - 2013-08-29 01:49 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe 2014-01-17 14:06 - 2013-08-28 02:12 - 00461312 _____ (Microsoft Corporation) C:\Windows\system32\scavengeui.dll 2014-01-17 14:06 - 2013-08-01 13:09 - 00983488 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys 2014-01-17 14:06 - 2013-07-20 11:33 - 00124112 _____ (Microsoft Corporation) C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll 2014-01-17 14:06 - 2013-07-20 11:33 - 00102608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PresentationCFFRasterizerNative_v0300.dll 2014-01-17 14:06 - 2013-07-12 11:41 - 00185344 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbvideo.sys 2014-01-17 14:06 - 2013-07-12 11:41 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbcir.sys 2014-01-17 14:06 - 2013-07-12 11:40 - 00109824 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\USBAUDIO.sys 2014-01-17 14:06 - 2013-07-04 13:57 - 00259584 _____ (Microsoft Corporation) C:\Windows\system32\WebClnt.dll 2014-01-17 14:06 - 2013-07-04 13:50 - 00102400 _____ (Microsoft Corporation) C:\Windows\system32\davclnt.dll 2014-01-17 14:06 - 2013-07-04 12:57 - 00205824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WebClnt.dll 2014-01-17 14:06 - 2013-07-04 12:51 - 00081920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\davclnt.dll 2014-01-17 14:06 - 2013-07-04 11:11 - 00140800 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys 2014-01-17 14:06 - 2013-07-03 05:40 - 00042496 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbscan.sys 2014-01-17 14:06 - 2013-07-03 05:05 - 00076800 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hidclass.sys 2014-01-17 14:06 - 2013-07-03 05:05 - 00032896 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hidparse.sys 2014-01-17 14:06 - 2013-06-25 23:55 - 00785624 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Wdf01000.sys ==================== One Month Modified Files and Folders ======= 2014-01-23 13:40 - 2014-01-23 13:40 - 00017481 _____ C:\Users\Julian\Desktop\FRST.txt 2014-01-23 13:39 - 2014-01-18 02:02 - 00000000 ___RD C:\Users\Julian\Desktop\Wartung 2014-01-23 13:32 - 2014-01-23 13:32 - 00000000 ____D C:\FRST 2014-01-23 13:30 - 2014-01-23 13:30 - 02077184 _____ (Farbar) C:\Users\Julian\Desktop\FRST64.exe 2014-01-23 13:25 - 2012-04-06 16:29 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job 2014-01-23 12:03 - 2013-05-22 07:09 - 00003440 _____ C:\Windows\System32\Tasks\PCDEventLauncherTask 2014-01-23 08:58 - 2010-11-21 07:50 - 00700118 _____ C:\Windows\system32\perfh007.dat 2014-01-23 08:58 - 2010-11-21 07:50 - 00149968 _____ C:\Windows\system32\perfc007.dat 2014-01-23 08:58 - 2009-07-14 06:13 - 01622228 _____ C:\Windows\system32\PerfStringBackup.INI 2014-01-23 08:54 - 2014-01-18 10:35 - 00071890 _____ C:\Windows\WindowsUpdate.log 2014-01-22 08:59 - 2014-01-18 13:51 - 00009216 _____ C:\Users\Julian\Desktop\JulianAusgaben .xls 2014-01-20 11:44 - 2011-11-26 12:29 - 00000143 _____ C:\Users\Julian\Desktop\Termine.txt 2014-01-19 16:36 - 2014-01-19 16:36 - 00084040 _____ C:\Users\Julian\AppData\Local\GDIPFONTCACHEV1.DAT 2014-01-19 16:34 - 2014-01-19 16:34 - 00000000 _____ C:\Windows\setuperr.log 2014-01-19 16:34 - 2014-01-19 16:34 - 00000000 _____ C:\Windows\setupact.log 2014-01-19 10:02 - 2009-07-14 05:45 - 00021296 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2014-01-19 10:02 - 2009-07-14 05:45 - 00021296 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2014-01-19 09:54 - 2011-11-25 09:20 - 00065536 _____ C:\Windows\system32\Ikeext.etl 2014-01-19 09:54 - 2011-11-18 04:00 - 00000000 ____D C:\ProgramData\NVIDIA 2014-01-19 09:54 - 2009-07-14 06:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT 2014-01-18 17:24 - 2012-09-28 03:19 - 00000000 ____D C:\ProgramData\Dumps 2014-01-18 15:05 - 2014-01-18 12:06 - 00000000 ____D C:\Users\Julian\AppData\Local\CrashDumps 2014-01-18 15:05 - 2011-11-25 18:44 - 00000000 ____D C:\ProgramData\Spybot - Search & Destroy 2014-01-18 14:41 - 2011-11-25 18:44 - 00000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy 2014-01-18 14:29 - 2014-01-18 14:28 - 00000000 ____D C:\AdwCleaner 2014-01-18 12:53 - 2012-01-01 15:40 - 00000000 ____D C:\Users\Julian\AppData\Roaming\Steganos 2014-01-18 12:08 - 2012-02-17 04:05 - 00000000 ____D C:\Program Files (x86)\Browser-Anonymisierer 2014-01-18 12:08 - 2011-11-21 18:11 - 00000000 ___RD C:\Users\Julian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup 2014-01-18 12:07 - 2013-08-10 08:32 - 00000000 ____D C:\Program Files (x86)\Opera 2014-01-18 11:54 - 2014-01-18 11:55 - 00264616 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe 2014-01-18 11:54 - 2014-01-18 11:54 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe 2014-01-18 11:54 - 2014-01-18 11:54 - 00174504 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe 2014-01-18 11:54 - 2014-01-18 11:54 - 00096168 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll 2014-01-18 11:54 - 2014-01-18 11:54 - 00000000 ____D C:\Program Files (x86)\Java 2014-01-18 11:52 - 2013-09-15 11:41 - 00001068 _____ C:\Users\Public\Desktop\VLC media player.lnk 2014-01-18 11:48 - 2012-04-06 16:29 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2014-01-18 11:48 - 2012-04-06 16:29 - 00003822 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater 2014-01-18 11:48 - 2011-11-18 11:09 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2014-01-18 10:39 - 2011-12-10 00:32 - 00000000 ____D C:\Program Files\CCleaner 2014-01-18 10:33 - 2011-02-11 18:13 - 00000000 ____D C:\Windows\panther 2014-01-18 10:26 - 2014-01-18 10:26 - 00000000 ____D C:\Windows\SysWOW64\NV 2014-01-18 10:26 - 2014-01-18 10:26 - 00000000 ____D C:\Windows\system32\NV 2014-01-18 10:12 - 2014-01-18 10:12 - 00003062 _____ C:\Windows\System32\Tasks\Microsoft_MKC_Logon_Task_ipoint.exe 2014-01-18 10:12 - 2014-01-18 10:12 - 00003060 _____ C:\Windows\System32\Tasks\Microsoft_MKC_Logon_Task_itype.exe 2014-01-18 10:12 - 2012-11-17 10:29 - 00003118 _____ C:\Windows\System32\Tasks\Microsoft_Hardware_Launch_mousekeyboardcenter_exe 2014-01-18 10:12 - 2012-09-02 02:51 - 00003090 _____ C:\Windows\System32\Tasks\Microsoft_Hardware_Launch_itype_exe 2014-01-18 10:12 - 2012-05-10 04:06 - 00003092 _____ C:\Windows\System32\Tasks\Microsoft_Hardware_Launch_ipoint_exe 2014-01-18 10:11 - 2014-01-18 10:11 - 00000000 ____D C:\Program Files\Microsoft Mouse and Keyboard Center 2014-01-18 10:10 - 2011-11-18 03:59 - 00000000 ____D C:\ProgramData\NVIDIA Corporation 2014-01-18 10:07 - 2011-11-18 03:59 - 00000000 ____D C:\Program Files\NVIDIA Corporation 2014-01-18 10:04 - 2014-01-18 10:04 - 00000000 ____D C:\14c39edb0dc61245ac8bd50f89 2014-01-18 10:04 - 2011-02-11 11:22 - 01596508 _____ C:\Windows\SysWOW64\PerfStringBackup.INI 2014-01-18 03:33 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\rescache 2014-01-18 02:18 - 2011-11-21 18:11 - 00001383 _____ C:\Users\Julian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk 2014-01-18 02:15 - 2012-05-11 11:51 - 00000000 ____D C:\Program Files\Microsoft Silverlight 2014-01-18 02:15 - 2012-05-11 11:51 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight 2014-01-18 02:11 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\PolicyDefinitions 2014-01-18 02:05 - 2014-01-18 01:57 - 00000000 ____D C:\80b5166afda31d2d92 2014-01-18 01:50 - 2014-01-18 01:50 - 01228800 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll 2014-01-18 01:50 - 2014-01-18 01:50 - 01051136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll 2014-01-18 01:50 - 2014-01-18 01:50 - 00942592 _____ (Microsoft Corporation) C:\Windows\system32\jsIntl.dll 2014-01-18 01:50 - 2014-01-18 01:50 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe 2014-01-18 01:50 - 2014-01-18 01:50 - 00774144 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll 2014-01-18 01:50 - 2014-01-18 01:50 - 00645120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsIntl.dll 2014-01-18 01:50 - 2014-01-18 01:50 - 00626176 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2014-01-18 01:50 - 2014-01-18 01:50 - 00616104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dat 2014-01-18 01:50 - 2014-01-18 01:50 - 00616104 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dat 2014-01-18 01:50 - 2014-01-18 01:50 - 00610304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll 2014-01-18 01:50 - 2014-01-18 01:50 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll 2014-01-18 01:50 - 2014-01-18 01:50 - 00523776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll 2014-01-18 01:50 - 2014-01-18 01:50 - 00454656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll 2014-01-18 01:50 - 2014-01-18 01:50 - 00453120 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll 2014-01-18 01:50 - 2014-01-18 01:50 - 00413696 _____ (Microsoft Corporation) C:\Windows\system32\html.iec 2014-01-18 01:50 - 2014-01-18 01:50 - 00367104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll 2014-01-18 01:50 - 2014-01-18 01:50 - 00337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec 2014-01-18 01:50 - 2014-01-18 01:50 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll 2014-01-18 01:50 - 2014-01-18 01:50 - 00263376 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll 2014-01-18 01:50 - 2014-01-18 01:50 - 00247808 _____ (Microsoft Corporation) C:\Windows\system32\msls31.dll 2014-01-18 01:50 - 2014-01-18 01:50 - 00244736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll 2014-01-18 01:50 - 2014-01-18 01:50 - 00243200 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll 2014-01-18 01:50 - 2014-01-18 01:50 - 00238288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll 2014-01-18 01:50 - 2014-01-18 01:50 - 00235520 _____ (Microsoft Corporation) C:\Windows\system32\url.dll 2014-01-18 01:50 - 2014-01-18 01:50 - 00235008 _____ (Microsoft Corporation) C:\Windows\system32\elshyph.dll 2014-01-18 01:50 - 2014-01-18 01:50 - 00233472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll 2014-01-18 01:50 - 2014-01-18 01:50 - 00208384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll 2014-01-18 01:50 - 2014-01-18 01:50 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll 2014-01-18 01:50 - 2014-01-18 01:50 - 00194048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\elshyph.dll 2014-01-18 01:50 - 2014-01-18 01:50 - 00182272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msls31.dll 2014-01-18 01:50 - 2014-01-18 01:50 - 00167424 _____ (Microsoft Corporation) C:\Windows\system32\iexpress.exe 2014-01-18 01:50 - 2014-01-18 01:50 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll 2014-01-18 01:50 - 2014-01-18 01:50 - 00151552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iexpress.exe 2014-01-18 01:50 - 2014-01-18 01:50 - 00147968 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll 2014-01-18 01:50 - 2014-01-18 01:50 - 00143872 _____ (Microsoft Corporation) C:\Windows\system32\wextract.exe 2014-01-18 01:50 - 2014-01-18 01:50 - 00139264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wextract.exe 2014-01-18 01:50 - 2014-01-18 01:50 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll 2014-01-18 01:50 - 2014-01-18 01:50 - 00131072 _____ (Microsoft Corporation) C:\Windows\system32\IEAdvpack.dll 2014-01-18 01:50 - 2014-01-18 01:50 - 00127488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll 2014-01-18 01:50 - 2014-01-18 01:50 - 00116736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll 2014-01-18 01:50 - 2014-01-18 01:50 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe 2014-01-18 01:50 - 2014-01-18 01:50 - 00111616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IEAdvpack.dll 2014-01-18 01:50 - 2014-01-18 01:50 - 00105984 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll 2014-01-18 01:50 - 2014-01-18 01:50 - 00101376 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll 2014-01-18 01:50 - 2014-01-18 01:50 - 00090112 _____ (Microsoft Corporation) C:\Windows\system32\SetIEInstalledDate.exe 2014-01-18 01:50 - 2014-01-18 01:50 - 00086016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll 2014-01-18 01:50 - 2014-01-18 01:50 - 00086016 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe 2014-01-18 01:50 - 2014-01-18 01:50 - 00084992 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll 2014-01-18 01:50 - 2014-01-18 01:50 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll 2014-01-18 01:50 - 2014-01-18 01:50 - 00083456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll 2014-01-18 01:50 - 2014-01-18 01:50 - 00081408 _____ (Microsoft Corporation) C:\Windows\system32\icardie.dll 2014-01-18 01:50 - 2014-01-18 01:50 - 00077312 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx 2014-01-18 01:50 - 2014-01-18 01:50 - 00074240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SetIEInstalledDate.exe 2014-01-18 01:50 - 2014-01-18 01:50 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe 2014-01-18 01:50 - 2014-01-18 01:50 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll 2014-01-18 01:50 - 2014-01-18 01:50 - 00069120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardie.dll 2014-01-18 01:50 - 2014-01-18 01:50 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx 2014-01-18 01:50 - 2014-01-18 01:50 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\pngfilt.dll 2014-01-18 01:50 - 2014-01-18 01:50 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll 2014-01-18 01:50 - 2014-01-18 01:50 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll 2014-01-18 01:50 - 2014-01-18 01:50 - 00056832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pngfilt.dll 2014-01-18 01:50 - 2014-01-18 01:50 - 00052224 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll 2014-01-18 01:50 - 2014-01-18 01:50 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll 2014-01-18 01:50 - 2014-01-18 01:50 - 00048640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmler.dll 2014-01-18 01:50 - 2014-01-18 01:50 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\mshtmler.dll 2014-01-18 01:50 - 2014-01-18 01:50 - 00048128 _____ (Microsoft Corporation) C:\Windows\system32\imgutil.dll 2014-01-18 01:50 - 2014-01-18 01:50 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll 2014-01-18 01:50 - 2014-01-18 01:50 - 00040448 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll 2014-01-18 01:50 - 2014-01-18 01:50 - 00036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\imgutil.dll 2014-01-18 01:50 - 2014-01-18 01:50 - 00034816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll 2014-01-18 01:50 - 2014-01-18 01:50 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll 2014-01-18 01:50 - 2014-01-18 01:50 - 00030208 _____ (Microsoft Corporation) C:\Windows\system32\licmgr10.dll 2014-01-18 01:50 - 2014-01-18 01:50 - 00024576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\licmgr10.dll 2014-01-18 01:50 - 2014-01-18 01:50 - 00013824 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe 2014-01-18 01:50 - 2014-01-18 01:50 - 00013312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe 2014-01-18 01:50 - 2014-01-18 01:50 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe 2014-01-18 01:50 - 2014-01-18 01:50 - 00012800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe 2014-01-18 01:30 - 2013-07-14 20:19 - 00000000 ____D C:\Windows\system32\MRT 2014-01-18 01:24 - 2012-01-19 04:24 - 00000000 ____D C:\Program Files (x86)\AntiBrowserSpy 2014-01-18 01:19 - 2013-08-06 19:02 - 00000000 ____D C:\Users\Julian\AppData\Roaming\inkscape 2014-01-18 00:57 - 2014-01-18 00:57 - 00076944 _____ (BitDefender) C:\Windows\system32\Drivers\bdvedisk.sys 2014-01-18 00:57 - 2014-01-18 00:57 - 00074512 _____ (BitDefender SRL) C:\Windows\system32\bdsandboxuiskin32.dll 2014-01-18 00:57 - 2014-01-18 00:09 - 00000000 ____D C:\ProgramData\Bitdefender 2014-01-18 00:57 - 2014-01-17 23:41 - 00074512 _____ (BitDefender SRL) C:\Windows\SysWOW64\bdsandboxuiskin32.dll 2014-01-18 00:56 - 2014-01-18 00:56 - 00117464 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2014-01-18 00:49 - 2014-01-18 00:49 - 00089304 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys 2014-01-18 00:15 - 2014-01-18 00:15 - 00509670 _____ C:\ProgramData\1390000157.bdinstall.bin 2014-01-18 00:14 - 2014-01-18 00:14 - 00000684 ____H C:\bdr-cf01 2014-01-18 00:14 - 2014-01-18 00:13 - 00253404 ____H C:\bdr-ld01 2014-01-18 00:14 - 2014-01-18 00:13 - 00009216 ____H C:\bdr-ld01.mbr 2014-01-18 00:13 - 2014-01-18 00:13 - 00000000 ____D C:\Users\Julian\AppData\Roaming\Bitdefender 2014-01-18 00:09 - 2011-12-09 22:38 - 00000000 ____D C:\Program Files\Bitdefender 2014-01-18 00:09 - 2011-12-09 22:36 - 00000000 ____D C:\Program Files\Common Files\Bitdefender 2014-01-18 00:06 - 2014-01-18 00:06 - 00249497 _____ C:\ProgramData\1389999917.bdinstall.bin 2014-01-17 23:44 - 2014-01-17 23:44 - 00588042 _____ C:\ProgramData\1389998116.bdinstall.bin 2014-01-17 23:30 - 2012-05-05 03:50 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service 2014-01-17 23:28 - 2014-01-17 23:28 - 00213973 _____ C:\ProgramData\1389997567.bdinstall.bin 2014-01-17 23:09 - 2011-11-21 20:00 - 00000000 ____D C:\Users\Julian\AppData\Local\Mozilla 2014-01-17 23:08 - 2014-01-17 23:08 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox 2014-01-17 14:14 - 2013-05-22 07:09 - 00000000 ____D C:\Program Files\My Dell 2014-01-17 14:14 - 2011-11-23 13:00 - 00000000 ____D C:\ProgramData\PCDr 2014-01-06 16:20 - 2011-11-21 19:44 - 86054176 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe 2014-01-01 19:18 - 2011-11-26 12:29 - 00000373 _____ C:\Users\Julian\Desktop\todo.txt ==================== Bamital & volsnap Check ================= C:\Windows\System32\winlogon.exe => MD5 is legit C:\Windows\System32\wininit.exe => MD5 is legit C:\Windows\SysWOW64\wininit.exe => MD5 is legit C:\Windows\explorer.exe => MD5 is legit C:\Windows\SysWOW64\explorer.exe => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\SysWOW64\svchost.exe => MD5 is legit C:\Windows\System32\services.exe => MD5 is legit C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\SysWOW64\User32.dll => MD5 is legit C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\SysWOW64\userinit.exe => MD5 is legit C:\Windows\System32\rpcss.dll => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit LastRegBack: 2014-01-19 02:05 ==================== End Of Log ============================ --- --- --- Und hier ADDITION Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x64) Version: 23-01-2014 Ran by Julian at 2014-01-23 13:41:04 Running from C:\Users\Julian\Desktop Boot Mode: Normal ========================================================== ==================== Security Center ======================== AV: Bitdefender Antivirus (Enabled - Up to date) {9B5F5313-CAF9-DD97-C460-E778420237B4} AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: Bitdefender Spyware-Schutz (Enabled - Up to date) {203EB2F7-ECC3-D219-FED0-DC0A39857D09} FW: Bitdefender Firewall (Enabled) {A364D236-8096-DCCF-EF3F-4E4DBCD170CF} ==================== Installed Programs ====================== 7-Zip 9.20 (x32 Version: - ) Acronis*True*Image*Home 2012 (x32 Version: 15.0.7133 - Acronis) Hidden Adobe AIR (x32 Version: 4.0.0.1390 - Adobe Systems Incorporated) Adobe AIR (x32 Version: 4.0.0.1390 - Adobe Systems Incorporated) Hidden Adobe Flash Player 12 ActiveX (x32 Version: 12.0.0.38 - Adobe Systems Incorporated) Adobe Flash Player 12 Plugin (x32 Version: 12.0.0.43 - Adobe Systems Incorporated) Adobe Reader XI (11.0.06) - Deutsch (x32 Version: 11.0.06 - Adobe Systems Incorporated) Advanced Audio FX Engine (x32 Version: 1.12.05 - Creative Technology Ltd) AntiLogger Free version 1.6.2.245 (x32 Version: 1.6.2.245 - Zemana Ltd.) Bitdefender Internet Security (Version: 17.23.0.996 - Bitdefender) Brother MFL-Pro Suite DCP-J125 (x32 Version: 1.0.3.0 - Brother Industries, Ltd.) Browser-Anonymisierer 1.0 (x32 Version: 1.0.0.0 - Alexander Miehlke Softwareentwicklung) CCleaner (Version: 4.09 - Piriform) COMPUTERBILD-Abzockschutz (x32 Version: 1.0.35 - J3S) Dell Edoc Viewer (Version: 1.0.0 - Dell Inc) Dell Touchpad (Version: 7.1209.101.204 - ALPS ELECTRIC CO., LTD.) Dell Webcam Central (x32 Version: 2.00.44 - Creative Technology Ltd) DirectX 9 Runtime (x32 Version: 1.00.0000 - Sonic Solutions) Hidden Diskeeper 12 Home (Version: 16.0.1016.64 - Condusiv Technologies) ElsterFormular (x32 Version: 14.1.11318 - Landesfinanzdirektion Thüringen) Intel PROSet Wireless (Version: - ) Hidden Intel PROSet Wireless (x32 Version: - ) Hidden Intel(R) Control Center (x32 Version: 1.2.1.1007 - Intel Corporation) Intel(R) Management Engine Components (x32 Version: 7.0.0.1144 - Intel Corporation) Intel(R) Processor Graphics (x32 Version: 8.15.10.2455 - Intel Corporation) Intel(R) PROSet/Wireless Software for Bluetooth(R) Technology (Version: 1.2.0.0587 - Intel Corporation) Intel(R) PROSet/Wireless WiFi-Software (Version: 14.2.0000 - Intel Corporation) Intel(R) WiDi (x32 Version: 2.1.39.0 - Intel Corporation) Intel(R) Wireless Display (Version: - ) Java 7 Update 51 (x32 Version: 7.0.510 - Oracle) MFC RunTime files (x32 Version: 1.0.0 - Extensoft) Hidden Microsoft .NET Framework 4.5.1 (DEU) (Version: 4.5.50938 - Microsoft Corporation) Hidden Microsoft .NET Framework 4.5.1 (Deutsch) (Version: 4.5.50938 - Microsoft Corporation) Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden Microsoft Office 2010 (x32 Version: 14.0.4763.1000 - Microsoft Corporation) Microsoft Office Klick-und-Los 2010 (Version: 14.0.4763.1000 - Microsoft Corporation) Hidden Microsoft Office Klick-und-Los 2010 (x32 Version: 14.0.4763.1000 - Microsoft Corporation) Microsoft Office Starter 2010 - Deutsch (x32 Version: 14.0.4763.1000 - Microsoft Corporation) Microsoft Silverlight (Version: 5.1.20913.0 - Microsoft Corporation) Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (x32 Version: 8.0.50727.4053 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30411 (x32 Version: 9.0.30411 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (x32 Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (x32 Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (x32 Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (x32 Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (x32 Version: 10.0.40219 - Microsoft Corporation) Microsoft-Maus- und Tastatur-Center (Version: 2.2.173.0 - Microsoft Corporation) Microsoft-Maus- und Tastatur-Center (Version: 2.2.173.0 - Microsoft Corporation) Hidden Mozilla Firefox 26.0 (x86 de) (x32 Version: 26.0 - Mozilla) Mozilla Maintenance Service (x32 Version: 26.0 - Mozilla) MSXML 4.0 SP2 (KB954430) (x32 Version: 4.20.9870.0 - Microsoft Corporation) MSXML 4.0 SP2 (KB973688) (x32 Version: 4.20.9876.0 - Microsoft Corporation) MSXML 4.0 SP3 Parser (KB2721691) (x32 Version: 4.30.2114.0 - Microsoft Corporation) MSXML 4.0 SP3 Parser (KB2758694) (x32 Version: 4.30.2117.0 - Microsoft Corporation) MSXML 4.0 SP3 Parser (x32 Version: 4.30.2100.0 - Microsoft Corporation) My Dell (Version: 3.4.6422.14 - PC-Doctor, Inc.) NVIDIA 3D Vision Treiber 331.65 (Version: 331.65 - NVIDIA Corporation) NVIDIA Grafiktreiber 331.65 (Version: 331.65 - NVIDIA Corporation) NVIDIA Install Application (Version: 2.1002.133.889 - NVIDIA Corporation) Hidden NVIDIA Optimus 1.15.2 (Version: 1.15.2 - NVIDIA Corporation) Hidden NVIDIA Stereoscopic 3D Driver (x32 Version: 7.17.13.3165 - NVIDIA Corporation) Hidden NVIDIA Systemsteuerung 331.65 (Version: 331.65 - NVIDIA Corporation) Hidden NVIDIA Update 1.15.2 (Version: 1.15.2 - NVIDIA Corporation) NVIDIA Update Components (Version: 1.15.2 - NVIDIA Corporation) Hidden OpenOffice 4.0.0 (x32 Version: 4.00.9702 - Apache Software Foundation) Opera Stable 18.0.1284.68 (x32 Version: 18.0.1284.68 - Opera Software ASA) PhotoShowExpress (x32 Version: 2.0.063 - Sonic Solutions) Hidden Quickset64 (Version: 11.0.15 - Dell Inc.) RBVirtualFolder64Inst (Version: 1.00.0000 - Roxio, Inc.) Hidden Realtek High Definition Audio Driver (x32 Version: 6.0.1.6353 - Realtek Semiconductor Corp.) Roxio Activation Module (x32 Version: 1.0 - Roxio) Hidden Roxio BackOnTrack (x32 Version: 1.3.3 - Roxio) Hidden Roxio Burn (x32 Version: 1.8 - Roxio) Hidden Roxio Creator Starter (x32 Version: 1.0.439 - Roxio) Hidden Roxio Creator Starter (x32 Version: 12.1.77.0 - Roxio) Roxio Creator Starter (x32 Version: 5.0.0 - Roxio) Hidden Roxio Express Labeler 3 (x32 Version: 3.2.2 - Roxio) Hidden Roxio File Backup (Version: 1.3.2 - Roxio) Hidden Secunia PSI (2.0.0.3003) (x32 Version: - ) Sonic CinePlayer Decoder Pack (x32 Version: 4.3.0 - Sonic Solutions) Hidden Spybot - Search & Destroy (x32 Version: 1.6.2 - Safer Networking Limited) Steganos Privacy Suite 12 (x32 Version: 12.1.1 - Steganos Software GmbH) Timerle 1.04 (x32 Version: 1.04 - JFSoftware) Überwachungstool für die Intel® Turbo-Boost-Technik 2.0 (Version: 2.1.23.0 - Intel) VLC media player 2.1.1 (x32 Version: 2.1.1 - VideoLAN) Windows Live Mesh ActiveX control for remote connections (x32 Version: 15.4.5722.2 - Microsoft Corporation) ==================== Restore Points ========================= 18-01-2014 09:01:26 Windows Update 18-01-2014 10:54:06 Installed Java 7 Update 51 22-01-2014 22:43:34 Avira EU-Cleaner - 22.01.2014 23:43 23-01-2014 08:01:32 Removed Zinio Reader 4 ==================== Hosts content: ========================== 2009-07-14 03:34 - 2014-01-18 14:48 - 00450731 ____R C:\Windows\system32\Drivers\etc\hosts 127.0.0.1 www.007guard.com 127.0.0.1 007guard.com 127.0.0.1 008i.com 127.0.0.1 www.008k.com 127.0.0.1 008k.com 127.0.0.1 www.00hq.com 127.0.0.1 00hq.com 127.0.0.1 010402.com 127.0.0.1 www.032439.com 127.0.0.1 032439.com 127.0.0.1 www.0scan.com 127.0.0.1 0scan.com 127.0.0.1 1000gratisproben.com 127.0.0.1 www.1000gratisproben.com 127.0.0.1 1001namen.com 127.0.0.1 www.1001namen.com 127.0.0.1 100888290cs.com 127.0.0.1 www.100888290cs.com 127.0.0.1 www.100sexlinks.com 127.0.0.1 100sexlinks.com 127.0.0.1 10sek.com 127.0.0.1 www.10sek.com 127.0.0.1 www.1-2005-search.com 127.0.0.1 1-2005-search.com 127.0.0.1 123fporn.info 127.0.0.1 www.123fporn.info 127.0.0.1 123haustiereundmehr.com 127.0.0.1 www.123haustiereundmehr.com 127.0.0.1 123moviedownload.com There are 1000 more lines. ==================== Scheduled Tasks (whitelisted) ============= Task: {0740B237-C227-4DD3-8D44-65465597BF6F} - System32\Tasks\Microsoft_MKC_Logon_Task_ipoint.exe => c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2013-05-13] (Microsoft Corporation) Task: {393DD0B4-E067-4255-A549-CAD8ECB89EE7} - System32\Tasks\Microsoft_Hardware_Launch_devicecenter_exe => c:\Program Files\Microsoft Device Center\devicecenter.exe Task: {3F6A1F6A-D82A-4310-B4EF-5C3F89E025B5} - System32\Tasks\Wise Registry Cleaner Schedule Task => C:\Program Files (x86)\Wise Registry Cleaner\WiseRegCleaner.exe Task: {453A0FEA-62D7-45EB-B3C9-9CDF493BA1E3} - System32\Tasks\PCDEventLauncherTask => C:\Program Files\My Dell\sessionchecker.exe [2013-12-19] (PC-Doctor, Inc.) Task: {7424451A-0804-41B7-8A7A-6A2F938BF9B9} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-01-18] (Adobe Systems Incorporated) Task: {743BFC4A-1BC1-4362-A352-2FE9901889A9} - System32\Tasks\Microsoft_Hardware_Launch_ipoint_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2013-05-13] (Microsoft Corporation) Task: {7860A16B-88F3-4DA8-8797-C30A71419F7B} - System32\Tasks\PCDoctorBackgroundMonitorTask => C:\Program Files\My Dell\uaclauncher.exe [2013-09-06] (PC-Doctor, Inc.) Task: {790F67C3-28CA-424D-8EC1-D0381B780FD7} - System32\Tasks\Microsoft_Hardware_Launch_mousekeyboardcenter_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\mousekeyboardcenter.exe [2013-05-13] (Microsoft) Task: {916C7ABC-9EF0-48A6-B001-61302216041F} - System32\Tasks\SystemToolsDailyTest => uaclauncher.exe Task: {9708641B-82E3-46AC-9B3C-13E3132BF3CF} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2013-12-17] (Piriform Ltd) Task: {9EB4F67D-0A83-486F-912B-C008E1854E61} - System32\Tasks\Microsoft_MKC_Logon_Task_itype.exe => c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2013-05-13] (Microsoft Corporation) Task: {ECCDBEE1-4A5C-4F82-8ACB-C01EC16835AA} - System32\Tasks\Microsoft_Hardware_Launch_itype_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2013-05-13] (Microsoft Corporation) Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe Task: C:\Windows\Tasks\Wise Registry Cleaner Schedule Task.job => C:\Program Files (x86)\Wise Registry Cleaner\WiseRegCleaner.exe ==================== Loaded Modules (whitelisted) ============= 2011-09-12 14:29 - 2011-09-12 14:29 - 00220672 _____ () C:\Program Files (x86)\Steganos Privacy Suite 12\ShellExtension.dll 2011-11-18 12:27 - 2011-07-20 14:04 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll 2014-01-18 00:14 - 2013-06-19 11:45 - 00265080 _____ () C:\Program Files\Bitdefender\Bitdefender\txmlutil.dll 2012-06-28 21:58 - 2012-06-28 21:58 - 00435584 _____ () C:\Program Files (x86)\Acronis\TrueImageHome\Common\ulxmlrpcpp.dll 2014-01-18 00:14 - 2013-06-19 11:44 - 00204280 _____ () C:\Program Files\Bitdefender\Bitdefender\antispam32\txmlutil.dll 2014-01-18 12:08 - 2008-03-17 14:48 - 00432504 _____ () C:\Program Files (x86)\Browser-Anonymisierer\sqlite3.dll 2012-06-29 01:46 - 2012-06-29 01:46 - 13005184 _____ () C:\Program Files (x86)\Acronis\TrueImageHome\Common\ti_managers.dll 2012-06-28 22:34 - 2012-06-28 22:34 - 00018816 _____ () C:\Program Files (x86)\Acronis\TrueImageHome\ti_managers_proxy_stub.dll ==================== Alternate Data Streams (whitelisted) ========= AlternateDataStreams: C:\Users\Julian\Desktop\FRST64.exe:BDU ==================== Safe Mode (whitelisted) =================== HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS => ""="" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver" ==================== Faulty Device Manager Devices ============= Name: Intel(R) Centrino(R) Wireless-N 1030 Description: Intel(R) Centrino(R) Wireless-N 1030 Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318} Manufacturer: Intel Corporation Service: NETwNs64 Problem: : This device is disabled. (Code 22) Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions. Name: Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed - Virtueller Adapter Description: Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed - Virtueller Adapter Class Guid: {b0755d59-9657-467d-b89d-74c1f645aeb3} Manufacturer: Intel Corporation Service: AMPPAL Problem: : This device is disabled. (Code 22) Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions. ==================== Event log errors: ========================= Application errors: ================== System errors: ============= Error: (01/23/2014 08:54:40 AM) (Source: Service Control Manager) (User: ) Description: Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung von Dienst lmhosts erreicht. Error: (01/22/2014 08:22:41 PM) (Source: Disk) (User: ) Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk2\DR2 gefunden. Error: (01/20/2014 09:25:04 PM) (Source: Disk) (User: ) Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk2\DR2 gefunden. Error: (01/20/2014 08:14:29 PM) (Source: Disk) (User: ) Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk2\DR2 gefunden. Error: (01/20/2014 11:33:36 AM) (Source: Service Control Manager) (User: ) Description: Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung von Dienst lmhosts erreicht. Error: (01/20/2014 09:18:30 AM) (Source: Disk) (User: ) Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk2\DR2 gefunden. Error: (01/19/2014 04:32:51 PM) (Source: Disk) (User: ) Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk2\DR2 gefunden. Error: (01/19/2014 04:32:50 PM) (Source: Disk) (User: ) Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk2\DR2 gefunden. Error: (01/19/2014 01:42:26 PM) (Source: Disk) (User: ) Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk2\DR2 gefunden. Error: (01/19/2014 11:13:22 AM) (Source: Disk) (User: ) Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk2\DR2 gefunden. Microsoft Office Sessions: ========================= CodeIntegrity Errors: =================================== Date: 2012-10-02 03:57:53.212 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Program Files\Bitdefender\Bitdefender 2013\active virus control\Avc3_00160_002\avcuf64.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. Date: 2012-10-02 03:51:52.314 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Program Files\Bitdefender\Bitdefender 2013\active virus control\Avc3_00160_002\avcuf64.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. Date: 2012-10-02 03:19:22.643 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Program Files\Bitdefender\Bitdefender 2013\active virus control\Avc3_00160_002\avcuf64.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. Date: 2012-10-02 03:02:33.260 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Program Files\Bitdefender\Bitdefender 2013\active virus control\Avc3_00160_002\avcuf64.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. Date: 2012-10-02 01:51:50.483 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Program Files\Bitdefender\Bitdefender 2013\active virus control\Avc3_00160_002\avcuf64.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. Date: 2012-10-01 15:48:32.305 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Program Files\Bitdefender\Bitdefender 2013\active virus control\Avc3_00160_002\avcuf64.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. Date: 2012-10-01 15:39:18.595 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Program Files\Bitdefender\Bitdefender 2013\active virus control\Avc3_00160_002\avcuf64.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. Date: 2012-10-01 13:38:09.687 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Program Files\Bitdefender\Bitdefender 2013\active virus control\Avc3_00160_002\avcuf64.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. Date: 2012-10-01 13:21:24.754 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Program Files\Bitdefender\Bitdefender 2013\active virus control\Avc3_00160_002\avcuf64.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. Date: 2012-10-01 02:59:07.953 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Program Files\Bitdefender\Bitdefender 2013\active virus control\Avc3_00160_002\avcuf64.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. ==================== Memory info =========================== Percentage of memory in use: 51% Total physical RAM: 3990.17 MB Available physical RAM: 1952.36 MB Total Pagefile: 10132.35 MB Available Pagefile: 7295.17 MB Total Virtual: 8192 MB Available Virtual: 8191.79 MB ==================== Drives ================================ Drive c: (OS) (Fixed) (Total:576.54 GB) (Free:421.32 GB) NTFS Drive f: (Daten) (Fixed) (Total:931.51 GB) (Free:183.98 GB) NTFS ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (Size: 596 GB) (Disk ID: 07F2837E) Partition 1: (Not Active) - (Size=102 MB) - (Type=DE) Partition 2: (Active) - (Size=20 GB) - (Type=07 NTFS) Partition 3: (Not Active) - (Size=577 GB) - (Type=07 NTFS) ======================================================== Disk: 2 (MBR Code: Windows XP) (Size: 932 GB) (Disk ID: A10A563D) Partition 1: (Not Active) - (Size=932 GB) - (Type=07 NTFS) ==================== End Of Log ============================ LG Julian |
24.01.2014, 09:20 | #4 |
/// the machine /// TB-Ausbilder | Win7:Trojaner, Spione oder ähnliches drauf? Logs sidn sauber. Wenn deine Mail wirklich betroffen sein sollte, wurde der Account online gehackt.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
24.01.2014, 09:27 | #5 |
| Win7:Trojaner, Spione oder ähnliches drauf? Vielen, vielen Dank! Hat mir sehr geholfen! |
25.01.2014, 11:07 | #6 |
/// the machine /// TB-Ausbilder | Win7:Trojaner, Spione oder ähnliches drauf? Gern Geschehen
__________________ --> Win7:Trojaner, Spione oder ähnliches drauf? |
Themen zu Win7:Trojaner, Spione oder ähnliches drauf? |
adware/adware.gen, avira, bitdefender, cyberghost, defender, email gestohlen, escan, firefox, installation, langsam, löschen, malwarebytes, meldung, nicht mehr, passwörter, problem, probleme, rechner, rechner langsam, scan, seite, seiten, spinnt, suche, trojaner, vpn, win, win7, windows 7 |