| |
| |||||||
Log-Analyse und Auswertung: Windows7: Datei "dwm.exe" im Ordner "iswizard05" lässt sich nicht löschenWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
| |
07.02.2014, 13:46
| #1 |
 |  Windows7: Datei "dwm.exe" im Ordner "iswizard05" lässt sich nicht löschen Hallo, nachdem Combofix wieder eine Zeit lang über den Bildschirm geflimmert ist kam heute folgende Fehlermeldung: "NirCmd.3xe-Anwendungsfehler Die Anwendung konnte nicht korrekt gestartet werden (0x0000142). Klicken Sie auf "OK" um die Anwendung zu schließen." Hier die logfiles: Malwarebytes: Code:
ATTFilter Malwarebytes Anti-Malware (Test) 1.75.0.1300 www.malwarebytes.org Datenbank Version: v2014.02.07.03 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 10.0.9200.16750 Admin_Mirko :: MIRKOS_DELL [Administrator] Schutz: Aktiviert 07.02.2014 09:27:32 mbam-log-2014-02-07 (09-27-32).txt Art des Suchlaufs: Quick-Scan Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 311502 Laufzeit: 3 Minute(n), 15 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 0 (Keine bösartigen Objekte gefunden) (Ende) Code:
ATTFilter # AdwCleaner v3.018 - Bericht erstellt am 07/02/2014 um 09:34:25
# Updated 28/01/2014 von Xplode
# Betriebssystem : Windows 7 Professional Service Pack 1 (64 bits)
# Benutzername : Admin_Mirko - MIRKOS_DELL
# Gestartet von : C:\Users\Mirko\Desktop\05_adwcleaner.exe
# Option : Löschen
***** [ Dienste ] *****
***** [ Dateien / Ordner ] *****
Ordner Gelöscht : C:\Users\Admin_Mirko\AppData\Roaming\goforfiles
Ordner Gelöscht : C:\Users\Mirko\AppData\Roaming\goforfiles
Datei Gelöscht : C:\Windows\System32\Tasks\GoforFilesUpdate
***** [ Verknüpfungen ] *****
***** [ Registrierungsdatenbank ] *****
Schlüssel Gelöscht : HKLM\SOFTWARE\Google\Chrome\Extensions\heoldelcflnigdllmlopiefhkkobendj
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{D54C859C-6066-4F31-8FE0-2AAEDCAE67D7}
Schlüssel Gelöscht : HKCU\Software\OCS
***** [ Browser ] *****
-\\ Internet Explorer v10.0.9200.16750
-\\ Mozilla Firefox v26.0 (de)
[ Datei : C:\Users\m.warmuth\AppData\Roaming\Mozilla\Firefox\Profiles\smmvp5k3.default\prefs.js ]
[ Datei : C:\Users\Admin_Mirko\AppData\Roaming\Mozilla\Firefox\Profiles\j8u6eq4c.default\prefs.js ]
[ Datei : C:\Users\Mirko\AppData\Roaming\Mozilla\Firefox\Profiles\jybocd2l.default\prefs.js ]
*************************
AdwCleaner[R0].txt - [1482 octets] - [07/02/2014 09:33:43]
AdwCleaner[S0].txt - [1359 octets] - [07/02/2014 09:34:25]
########## EOF - \AdwCleaner\AdwCleaner[S0].txt - [1419 octets] ##########
Code:
ATTFilter ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.1 (02.04.2014:1)
OS: Windows 7 Professional x64
Ran by Admin_Mirko on 07.02.2014 at 13:21:28,51
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~ Services
~~~ Registry Values
~~~ Registry Keys
~~~ Files
~~~ Folders
~~~ Event Viewer Logs were cleared
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 07.02.2014 at 13:30:21,58
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 04-02-2014
Ran by Admin_Mirko (administrator) on MIRKOS_DELL on 07-02-2014 13:34:04
Running from C:\Users\Admin_Mirko\Desktop
Windows 7 Professional Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 10
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Windows\System32\nvwmi64.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Windows\System32\nvwmi64.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Authentec Inc.) C:\Program Files\Common Files\SPBA\upeksvr.exe
(Wave Systems Corp.) C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmService.exe
(Trend Micro Inc.) C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe
(Trend Micro Inc.) C:\Program Files\Trend Micro\UniClient\UiFrmwrk\uiWatchDog.exe
(Trend Micro Inc.) C:\Program Files\Trend Micro\AMSP\coreFrameworkHost.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
(Trend Micro Inc.) C:\Program Files\Trend Micro\AMSP\AMSP_LogServer.exe
(Portrait Displays, Inc.) C:\Program Files (x86)\Common Files\Portrait Displays\Shared\DTSRVC.exe
() C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\EMBASSY Client Core\EmbassyServer.exe
(Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
() C:\Program Files (x86)\Canon\IJPLM\ijplmsvc.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Windows\System32\IPROSetMonitor.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Microsoft Online Services\MSOIDSVC.EXE
(O2Micro International) C:\Windows\System32\o2flash.exe
(Dell, Inc.) C:\Program Files\Dell\Dell Data Protection\Access\Advanced\hapi64\pbadrvsvc.exe
(Portrait Displays, Inc.) C:\Program Files (x86)\Common Files\Portrait Displays\Drivers\pdisrvc.exe
(Sony Corporation) C:\Program Files (x86)\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Microsoft Online Services\MSOIDSVCM.EXE
(Wave Systems Corp.) C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Authentication Manager\WaveAMService.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Dell Inc.) C:\Program Files\Dell\Feature Enhancement Pack\DFEPService.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\Apoint.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
(Wave Systems Corp.) C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmNotify.exe
(Dell Inc.) C:\Program Files\Dell\Feature Enhancement Pack\DFEPApplication.exe
(Trend Micro Inc.) C:\Program Files\Trend Micro\UniClient\UiFrmwrk\uiSeAgnt.exe
(Trend Micro Inc.) C:\Program Files\Trend Micro\Titanium\plugin\TMAS\TMAS_WLM\TMAS_WLMMon.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
(Dassault Systèmes SolidWorks Corp.) C:\Program Files\SolidWorks Corp\SolidWorks\sldworks_fs.exe
(Dell Inc.) C:\Program Files\Dell\Feature Enhancement Pack\SmartSettings.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApMsgFwd.exe
(Nuance Communications, Inc.) C:\Program Files (x86)\ScanSoft\OmniPageSE4\OpWareSE4.exe
(Sony Corporation) C:\Program Files (x86)\Sony\PlayMemories Home\PMBVolumeWatcher.exe
(Adobe Systems Inc.) C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\acrotray.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\hidfind.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApntEx.exe
(Portrait Displays, Inc) C:\Program Files (x86)\Portrait Displays\PremierColor\dthtml.exe
(Portrait Displays Inc.) C:\Program Files (x86)\Common Files\Portrait Displays\Shared\HookManager.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Portrait Displays, Inc.) C:\Program Files (x86)\Common Files\Portrait Displays\Drivers\pdiSDKHelperx64.exe
(Flexera Software, Inc.) C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
(Intel Corporation) C:\Windows\System32\igfxext.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
() C:\Program Files (x86)\Common Files\Portrait Displays\Plugins\DP\DPHelper.exe
() C:\Program Files (x86)\Common Files\Portrait Displays\Plugins\DP\DPHelper64.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Dell Products, LP.) C:\Program Files (x86)\Dell Digital Delivery\DeliveryService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
(Sony Corporation) C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDms.exe
(Sony Corporation) C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\SPF\SpfService64.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Farbar) C:\Users\Admin_Mirko\Desktop\02_FRST64.exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [Apoint] - C:\Program Files\DellTPad\Apoint.exe [698712 2013-02-21] (Alps Electric Co., Ltd.)
HKLM\...\Run: [SysTrayApp] - C:\Program Files\IDT\WDM\sttray64.exe [1702912 2013-02-05] (IDT, Inc.)
HKLM\...\Run: [IntelPROSet] - C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe [4805936 2012-08-23] (Intel(R) Corporation)
HKLM\...\Run: [TdmNotify] - C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmNotify.exe [371024 2013-03-05] (Wave Systems Corp.)
HKLM\...\Run: [DFEPApplication] - C:\Program Files\Dell\Feature Enhancement Pack\DFEPApplication.exe [7077432 2012-08-15] (Dell Inc.)
HKLM\...\Run: [Trend Micro Titanium] - C:\Program Files\Trend Micro\Titanium\UIFramework\uiWinMgr.exe [1382568 2013-09-16] (Trend Micro Inc.)
HKLM\...\Run: [Trend Micro Client Framework] - C:\Program Files\Trend Micro\UniClient\UiFrmWrk\UIWatchDog.exe [216928 2013-08-29] (Trend Micro Inc.)
HKLM\...\Run: [CanonSolutionMenu] - C:\Program Files (x86)\Canon\SolutionMenu\CNSLMAIN.exe [767312 2009-09-04] (CANON INC.)
HKLM\...\Run: [CanonMyPrinter] - C:\Program Files\Canon\MyPrinter\BJMyPrt.exe [1840720 2007-04-03] (CANON INC.)
HKLM\...\Run: [nwiz] - C:\Program Files\NVIDIA Corporation\nview\nwiz.exe [2747680 2013-12-04] ()
HKLM\...\Run: [Logitech Download Assistant] - C:\Windows\System32\LogiLDA.dll [1832760 2012-09-20] (Logitech, Inc.)
HKLM\...\Run: [combofix] - C:\04_ComboFix\Combobatch.bat [8275 2014-02-05] ()
HKLM\...\Run: [WLM] - C:\Program Files\Trend Micro\Titanium\Plugin\TMAS\TMAS_WLM\TMAS_WLMMon.exe [39528 2013-01-31] (Trend Micro Inc.)
HKLM-x32\...\Run: [USB3MON] - C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [292088 2013-02-22] (Intel Corporation)
HKLM-x32\...\Run: [IAStorIcon] - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [284480 2012-05-30] (Intel Corporation)
HKLM-x32\...\Run: [DT DL2] - C:\Program Files (x86)\Common Files\Portrait Displays\Shared\DT_startup.exe [120400 2012-07-23] (Portrait Displays, Inc.)
HKLM-x32\...\Run: [Dell Webcam Central] - C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe [462974 2011-12-16] (Creative Technology Ltd)
HKLM-x32\...\Run: [SSBkgdUpdate] - C:\Program Files (x86)\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe [210472 2006-10-25] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [OpwareSE4] - C:\Program Files (x86)\ScanSoft\OmniPageSE4\OpwareSE4.exe [79400 2007-02-04] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [PMBVolumeWatcher] - C:\Program Files (x86)\Sony\PlayMemories Home\PMBVolumeWatcher.exe [2359832 2013-10-29] (Sony Corporation)
HKLM-x32\...\Run: [Acrobat Assistant 8.0] - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe [624056 2011-08-30] (Adobe Systems Inc.)
HKLM-x32\...\Run: [] - [X]
HKLM-x32\...\Run: [mobilegeni daemon] - C:\Program Files (x86)\Mobogenie\DaemonProcess.exe
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM\...\Runonce: [combofix] - C:\04_ComboFix\CF14351.3XE /c C:\04_ComboFixCombobatch.bat
HKLM\...\runonceex: [flags] - 8
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
Winlogon\Notify\spba: C:\Program Files\Common Files\SPBA\homefus2.dll (Authentec Inc.)
HKU\S-1-5-21-664203464-2089694265-3020698547-1002\...\Run: [DAEMON Tools Lite] - "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
HKU\S-1-5-21-664203464-2089694265-3020698547-1002\...\Run: [tsiVideo] - C:\Windows\SysWOW64\rundll32.exe C:\Users\Mirko\AppData\Local\Temp\\mdi064.dll,runme <===== ATTENTION
AppInit_DLLs: C:\Windows\system32\nvinitx.dll => C:\Windows\system32\nvinitx.dll [184048 2013-12-04] (NVIDIA Corporation)
AppInit_DLLs-x32: C:\Windows\SysWOW64\nvinit.dll => C:\Windows\SysWOW64\nvinit.dll [156256 2013-12-04] (NVIDIA Corporation)
Lsa: [Notification Packages] scecli C:\Program Files\WIDCOMM\Bluetooth Software\BtwProximityCP.dll
Startup: C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Smart Settings.lnk
ShortcutTarget: Smart Settings.lnk -> C:\Program Files\Dell\Feature Enhancement Pack\SmartSettings.exe (Dell Inc.)
Startup: C:\Users\Admin_Mirko\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Analoguhr.lnk
ShortcutTarget: Analoguhr.lnk -> C:\Users\Mirko\AppData\Local\Temp\Temp1_clock.zip\CLOCK.EXE (No File)
Startup: C:\Users\Admin_Mirko\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk
ShortcutTarget: OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk -> C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation)
Startup: C:\Users\Admin_Mirko\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Smart Settings.lnk
ShortcutTarget: Smart Settings.lnk -> C:\Program Files\Dell\Feature Enhancement Pack\SmartSettings.exe (Dell Inc.)
Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Smart Settings.lnk
ShortcutTarget: Smart Settings.lnk -> C:\Program Files\Dell\Feature Enhancement Pack\SmartSettings.exe (Dell Inc.)
Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Smart Settings.lnk
ShortcutTarget: Smart Settings.lnk -> C:\Program Files\Dell\Feature Enhancement Pack\SmartSettings.exe (Dell Inc.)
Startup: C:\Users\m.warmuth\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Smart Settings.lnk
ShortcutTarget: Smart Settings.lnk -> C:\Program Files\Dell\Feature Enhancement Pack\SmartSettings.exe (Dell Inc.)
Startup: C:\Users\Mirko\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Smart Settings.lnk
ShortcutTarget: Smart Settings.lnk -> C:\Program Files\Dell\Feature Enhancement Pack\SmartSettings.exe (Dell Inc.)
Startup: C:\Users\UpdatusUser\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Smart Settings.lnk
ShortcutTarget: Smart Settings.lnk -> C:\Program Files\Dell\Feature Enhancement Pack\SmartSettings.exe (Dell Inc.)
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM - DefaultScope {90699434-2CF0-45A9-B20C-CE9A2C807EDB} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MDDRJS
SearchScopes: HKLM - {90699434-2CF0-45A9-B20C-CE9A2C807EDB} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MDDRJS
SearchScopes: HKLM-x32 - {90699434-2CF0-45A9-B20C-CE9A2C807EDB} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MDDRJS
SearchScopes: HKCU - {90699434-2CF0-45A9-B20C-CE9A2C807EDB} URL =
BHO: TmIEPlugInBHO Class - {1CA1377B-DC1D-4A52-9585-6E06050FAC53} - C:\Program Files\Trend Micro\AMSP\Module\20004\2.5.1331\6.8.1094\TmIEPlg.dll (Trend Micro Inc.)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: TmBpIeBHO Class - {BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC} - C:\Program Files\Trend Micro\AMSP\Module\20002\7.5.1137\7.5.1137\TmBpIe64.dll (Trend Micro Inc.)
BHO-x32: Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
BHO-x32: TmIEPlugInBHO Class - {1CA1377B-DC1D-4A52-9585-6E06050FAC53} - C:\Program Files\Trend Micro\AMSP\Module\20004\2.5.1331\6.8.1094\TmIEPlg32.dll (Trend Micro Inc.)
BHO-x32: TSToolbarBHO - {43C6D902-A1C5-45c9-91F6-FD9E90337E18} - C:\Program Files\Trend Micro\Titanium\UIFramework\ToolbarIE.dll (Trend Micro Inc.)
BHO-x32: Microsoft-Konto-Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: TmBpIeBHO Class - {BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC} - C:\Program Files\Trend Micro\AMSP\Module\20002\7.5.1137\7.5.1137\TmBpIe32.dll (Trend Micro Inc.)
Toolbar: HKLM-x32 - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKLM-x32 - Trend Micro Toolbar - {CCAC5586-44D7-4c43-B64A-F042461A97D2} - C:\Program Files\Trend Micro\Titanium\UIFramework\ToolbarIE.dll (Trend Micro Inc.)
Handler: tmbp - {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - C:\Program Files\Trend Micro\AMSP\Module\20002\7.5.1137\7.5.1137\TmBpIe64.dll (Trend Micro Inc.)
Handler: tmpx - {0E526CB5-7446-41D1-A403-19BFE95E8C23} - C:\Program Files\Trend Micro\AMSP\Module\20004\2.5.1331\6.8.1094\TmIEPlg.dll (Trend Micro Inc.)
Handler: tmtb - {04EAF3FB-4BAC-4B5A-A37D-A1CF210A5A42} - No File
Handler: tmtbim - {0B37915C-8B98-4B9E-80D4-464D2C830D10} - No File
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Handler-x32: tmbp - {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - C:\Program Files\Trend Micro\AMSP\Module\20002\7.5.1137\7.5.1137\TmBpIe32.dll (Trend Micro Inc.)
Handler-x32: tmpx - {0E526CB5-7446-41D1-A403-19BFE95E8C23} - C:\Program Files\Trend Micro\AMSP\Module\20004\2.5.1331\6.8.1094\TmIEPlg32.dll (Trend Micro Inc.)
Handler-x32: tmtb - {04EAF3FB-4BAC-4B5A-A37D-A1CF210A5A42} - C:\Program Files\Trend Micro\Titanium\UIFramework\ToolbarIE.dll (Trend Micro Inc.)
Handler-x32: tmtbim - {0B37915C-8B98-4B9E-80D4-464D2C830D10} - C:\Program Files\Trend Micro\Titanium\UIFramework\ProToolbarIMRatingActiveX.dll (Trend Micro Inc.)
Tcpip\..\Interfaces\{40D7FC1B-8AF7-4B01-BA89-D973FE645C48}: [NameServer]192.168.200.2
FireFox:
========
FF ProfilePath: C:\Users\Admin_Mirko\AppData\Roaming\Mozilla\Firefox\Profiles\j8u6eq4c.default
FF Homepage: www.google.at
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_12_0_0_43.dll ()
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_43.dll ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3505.0912 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @TrendMicro.com/FFExtension - C:\Program Files\Trend Micro\Titanium\UIFramework\Toolbar\firefoxextension\components\npToolbarChrome.dll (Trend Micro Inc.)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: Tab Mix Plus - C:\Users\Admin_Mirko\AppData\Roaming\Mozilla\Firefox\Profiles\j8u6eq4c.default\Extensions\{dc572301-7619-498c-a57d-39143191b318}.xpi [2014-01-09]
FF HKLM\...\Firefox\Extensions: [tmbepff-7.5@trendmicro.com] - C:\Program Files\Trend Micro\AMSP\Module\20002\7.5.1137\7.5.1137\firefoxextension
FF Extension: Trend Micro BEP Firefox Extension - C:\Program Files\Trend Micro\AMSP\Module\20002\7.5.1137\7.5.1137\firefoxextension [2013-10-08]
FF HKLM-x32\...\Firefox\Extensions: [tmbepff-7.5@trendmicro.com] - C:\Program Files\Trend Micro\AMSP\Module\20002\7.5.1137\7.5.1137\firefoxextension
FF Extension: Trend Micro BEP Firefox Extension - C:\Program Files\Trend Micro\AMSP\Module\20002\7.5.1137\7.5.1137\firefoxextension [2013-10-08]
FF HKLM-x32\...\Firefox\Extensions: [{22181a4d-af90-4ca3-a569-faed9118d6bc}] - C:\Program Files\Trend Micro\Titanium\UIFramework\Toolbar\firefoxextension
FF Extension: Trend Micro Toolbar - C:\Program Files\Trend Micro\Titanium\UIFramework\Toolbar\firefoxextension [2013-08-27]
FF HKLM-x32\...\Firefox\Extensions: [{22C7F6C6-8D67-4534-92B5-529A0EC09405}] - C:\Program Files\Trend Micro\AMSP\module\20004\FxExt\firefoxextension\
FF Extension: Trend Micro NSC Firefox Extension - C:\Program Files\Trend Micro\AMSP\module\20004\FxExt\firefoxextension\ []
==================== Services (Whitelisted) =================
S3 Autodesk Licensing Service; C:\Program Files (x86)\Common Files\Autodesk Shared\Service\AdskScSrv.exe [79360 2013-09-02] (Autodesk)
R2 DFEPService; C:\Program Files\Dell\Feature Enhancement Pack\DFEPService.exe [2280504 2012-08-15] (Dell Inc.)
R2 DTSRVC; C:\Program Files (x86)\Common Files\Portrait Displays\Shared\dtsrvc.exe [136784 2012-07-23] (Portrait Displays, Inc.)
R2 EmbassyService; C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\EMBASSY Client Core\EmbassyServer.exe [231792 2013-03-11] ()
R2 IJPLMSVC; C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE [101528 2007-04-13] ()
S3 InvProtectSvc; C:\Program Files (x86)\Invincea\Enterprise\X64\InvProtectSvc64.exe [2947856 2013-05-23] (Invincea, Inc.)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [166432 2012-10-23] (Intel Corporation)
R2 LPDSVC; C:\Windows\system32\lpdsvc.dll [45568 2009-07-14] (Microsoft Corporation)
S2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
R2 msoidsvc; C:\Program Files\Common Files\Microsoft Shared\Microsoft Online Services\MSOIDSVC.EXE [2079520 2012-05-17] (Microsoft Corp.)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [272688 2012-08-23] ()
R2 NVWMI; C:\Windows\system32\nvwmi64.exe [1290016 2013-12-04] (NVIDIA Corporation)
R2 O2FLASH; C:\Windows\system32\o2flash.exe [244328 2011-11-16] (O2Micro International)
R2 PbaDrvSvc_x64; C:\Program Files\Dell\Dell Data Protection\Access\Advanced\hapi64\pbadrvsvc.exe [21504 2013-01-21] (Dell, Inc.)
R2 PMBDeviceInfoProvider; C:\Program Files (x86)\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe [481304 2013-10-29] (Sony Corporation)
S3 SboxSvc; C:\Program Files (x86)\Invincea\Enterprise\Sandbox\SboxSvc.exe [124616 2013-05-23] ()
S2 tcsd_win32.exe; C:\Program Files (x86)\Security Innovation\SI TSS\bin\tcsd_win32.exe [1643520 2012-05-11] ()
R2 Wave Authentication Manager Service; C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Authentication Manager\WaveAMService.exe [1773056 2013-02-26] (Wave Systems Corp.)
S2 WvPCR; C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Common\WvPCR.exe [254824 2013-03-08] (Wave Systems Corp.)
R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3342640 2012-08-23] (Intel® Corporation)
R2 Amsp; "C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe" coreFrameworkHost.exe -m=rb -dt=60000 -ad [X]
==================== Drivers (Whitelisted) ====================
S3 bcbtums; C:\Windows\System32\drivers\bcbtums.sys [135720 2013-08-03] (Broadcom Corporation.)
R3 dcdbas; C:\Windows\System32\DRIVERS\dcdbas64.sys [39016 2012-09-23] (Dell Inc.)
S3 InvProtectDrv; C:\Program Files (x86)\Invincea\Enterprise\X64\InvProtectDrv64.sys [34824 2013-05-23] ()
S3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
R1 nvkflt; C:\Windows\System32\DRIVERS\nvkflt.sys [300320 2013-12-04] (NVIDIA Corporation)
S3 SboxDrv; C:\Program Files (x86)\Invincea\Enterprise\Sandbox\SboxDrv.sys [202248 2013-05-23] ()
R3 ST_ACCEL; C:\Windows\System32\DRIVERS\ST_ACCEL.sys [68208 2012-05-21] (STMicroelectronics)
R1 tmactmon; C:\Windows\System32\DRIVERS\tmactmon.sys [109072 2013-09-04] (Trend Micro Inc.)
R0 tmcomm; C:\Windows\System32\DRIVERS\tmcomm.sys [175528 2013-09-04] (Trend Micro Inc.)
R0 TMEBC; C:\Windows\System32\DRIVERS\TMEBC64.sys [46392 2012-08-24] (Trend Micro Inc.)
R3 tmeevw; C:\Windows\System32\DRIVERS\tmeevw.sys [94520 2012-12-07] (Trend Micro Inc.)
R1 tmevtmgr; C:\Windows\System32\DRIVERS\tmevtmgr.sys [77184 2013-09-04] (Trend Micro Inc.)
R3 tmnciesc; C:\Windows\System32\DRIVERS\tmnciesc.sys [210232 2012-07-06] (Trend Micro Inc.)
R1 tmtdi; C:\Windows\System32\DRIVERS\tmtdi.sys [105744 2012-05-02] (Trend Micro Inc.)
S3 catchme; \??\C:\04_ComboFix\catchme.sys [X]
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2014-02-07 13:34 - 2014-02-07 13:34 - 00025741 _____ () C:\Users\Admin_Mirko\Desktop\FRST.txt
2014-02-07 13:33 - 2014-02-04 15:27 - 02080256 _____ (Farbar) C:\Users\Admin_Mirko\Desktop\02_FRST64.exe
2014-02-07 13:30 - 2014-02-07 13:30 - 00000631 _____ () C:\Users\Admin_Mirko\Desktop\JRT.txt
2014-02-07 12:37 - 2014-02-07 12:37 - 00007676 _____ () C:\Users\Admin_Mirko\AppData\Local\Resmon.ResmonCfg
2014-02-07 09:43 - 2014-02-07 09:43 - 00000000 ____D () C:\Windows\ERUNT
2014-02-07 09:33 - 2014-02-07 09:34 - 00000000 ____D () C:\AdwCleaner
2014-02-07 09:32 - 2014-02-07 09:31 - 01037530 _____ (Thisisu) C:\Users\Mirko\Desktop\06_JRT.exe
2014-02-07 09:32 - 2014-02-07 09:30 - 01166132 _____ () C:\Users\Mirko\Desktop\05_adwcleaner.exe
2014-02-05 09:40 - 2014-02-05 09:50 - 00000000 ___SD () C:\04_ComboFix
2014-02-05 09:40 - 2014-02-05 09:40 - 00000000 ____D () C:\Qoobox
2014-02-05 09:40 - 2011-06-26 07:45 - 00256000 _____ () C:\Windows\PEV.exe
2014-02-05 09:40 - 2010-11-07 18:20 - 00208896 _____ () C:\Windows\MBR.exe
2014-02-05 09:40 - 2009-04-20 05:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2014-02-05 09:40 - 2000-08-31 01:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2014-02-05 09:40 - 2000-08-31 01:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2014-02-05 09:40 - 2000-08-31 01:00 - 00098816 _____ () C:\Windows\sed.exe
2014-02-05 09:40 - 2000-08-31 01:00 - 00080412 _____ () C:\Windows\grep.exe
2014-02-05 09:40 - 2000-08-31 01:00 - 00068096 _____ () C:\Windows\zip.exe
2014-02-05 09:39 - 2014-02-05 09:49 - 00000000 ____D () C:\Windows\erdnt
2014-02-05 09:38 - 2014-02-05 09:39 - 05180173 ____R (Swearware) C:\Users\Mirko\Desktop\04_ComboFix.exe
2014-02-04 15:39 - 2014-02-04 15:39 - 00014945 _____ () C:\Users\Admin_Mirko\Desktop\gmer.txt
2014-02-04 15:32 - 2014-02-07 13:34 - 00000000 ____D () C:\FRST
2014-02-04 15:31 - 2014-02-04 15:31 - 00000000 _____ () C:\Users\Admin_Mirko\defogger_reenable
2014-02-04 15:30 - 2014-02-04 15:27 - 02080256 _____ (Farbar) C:\Users\Mirko\Desktop\02_FRST64.exe
2014-02-04 15:30 - 2014-02-04 15:27 - 00380416 _____ () C:\Users\Mirko\Desktop\03_Gmer-19357.exe
2014-02-04 15:30 - 2014-02-04 15:23 - 00050477 _____ () C:\Users\Mirko\Desktop\01_Defogger.exe
2014-02-04 12:45 - 2014-02-04 12:45 - 00000000 ____D () C:\Users\Mirko\AppData\Roaming\Malwarebytes
2014-02-04 12:35 - 2014-02-04 12:35 - 00000000 ____D () C:\Users\Admin_Mirko\AppData\Roaming\Malwarebytes
2014-02-04 12:34 - 2014-02-04 12:35 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-02-04 12:34 - 2014-02-04 12:34 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-02-04 12:34 - 2013-04-04 14:50 - 00025928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-02-03 11:53 - 2014-02-03 12:00 - 00000000 ___RD () C:\Users\Admin_Mirko\Virtual Machines
2014-02-03 11:43 - 2014-02-04 11:47 - 00000000 ____D () C:\Users\Admin_Mirko\AppData\Local\CrashDumps
2014-01-27 14:19 - 2014-01-27 14:19 - 00000000 ____D () C:\Users\Mirko\AppData\Roaming\PDF Writer
2014-01-27 14:19 - 2014-01-27 14:19 - 00000000 ____D () C:\Users\Mirko\AppData\Local\PDF Writer
2014-01-27 14:13 - 2014-01-27 14:13 - 00000000 ____D () C:\Users\Admin_Mirko\AppData\Roaming\PDF Writer
2014-01-27 14:13 - 2014-01-27 14:13 - 00000000 ____D () C:\ProgramData\PDF Writer
2014-01-27 14:13 - 2014-01-27 14:13 - 00000000 ____D () C:\Program Files\Common Files\Bullzip
2014-01-27 14:13 - 2014-01-27 14:13 - 00000000 ____D () C:\Program Files\Bullzip
2014-01-27 14:13 - 2014-01-09 09:37 - 00147456 _____ (Bullzip) C:\Windows\SysWOW64\bzpdfc.dll
2014-01-27 14:13 - 2013-09-01 11:59 - 01103872 _____ () C:\Windows\SysWOW64\CBLCtlsU.ocx
2014-01-27 14:13 - 2013-07-13 11:15 - 00805376 _____ () C:\Windows\SysWOW64\EditCtlsU.ocx
2014-01-27 14:13 - 2013-07-12 21:57 - 00539648 _____ () C:\Windows\SysWOW64\LblCtlsU.ocx
2014-01-27 14:13 - 2013-04-05 12:55 - 00476160 _____ () C:\Windows\SysWOW64\TabStripCtlU.ocx
2014-01-27 14:13 - 2013-03-28 22:13 - 00645632 _____ () C:\Windows\SysWOW64\BtnCtlsU.ocx
2014-01-27 14:13 - 2013-03-03 13:37 - 01061888 _____ () C:\Windows\SysWOW64\ExLvwU.ocx
2014-01-27 14:13 - 2008-10-30 09:37 - 00227840 _____ (Bullzip) C:\Windows\SysWOW64\bzFlRdr.dll
2014-01-27 14:13 - 2008-07-09 09:37 - 00103424 _____ (Bullzip) C:\Windows\SysWOW64\bzDCT.dll
2014-01-17 15:14 - 2014-01-17 15:14 - 00000000 ____D () C:\Users\Admin_Mirko\AppData\Roaming\BR
2014-01-17 15:13 - 2014-01-17 15:13 - 00000000 ____D () C:\Users\Mirko\AppData\Roaming\BR
2014-01-16 08:27 - 2014-01-16 08:27 - 00000000 ____D () C:\Users\Mirko\AppData\Roaming\WinRAR
2014-01-16 08:25 - 2014-01-16 08:25 - 00000000 ____D () C:\Users\Admin_Mirko\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
2014-01-16 08:25 - 2014-01-16 08:25 - 00000000 ____D () C:\Program Files\WinRAR
2014-01-10 11:02 - 2014-01-10 11:02 - 00000175 _____ () C:\ProgramData\OutlookFail.20140110.log
2014-01-09 13:55 - 2014-01-09 14:32 - 43703296 _____ () C:\Users\Admin_Mirko\Downloads\AcrobatUpd831_all_incr.msp
2014-01-09 12:28 - 2014-01-09 12:37 - 44644864 _____ () C:\Users\Admin_Mirko\Downloads\AcrobatUpd830_all_incr.msp
2014-01-09 12:27 - 2014-01-09 12:47 - 43396608 _____ () C:\Users\Admin_Mirko\Downloads\AcrobatUpd826_all_incr.msp
2014-01-09 12:22 - 2014-01-09 12:34 - 43589632 _____ () C:\Users\Admin_Mirko\Downloads\AcrobatUpd825_all_incr.msp
2014-01-09 12:19 - 2014-01-09 12:46 - 45099008 _____ () C:\Users\Admin_Mirko\Downloads\AcrobatUpd822_all_incr.msp
2014-01-09 12:19 - 2014-01-09 12:28 - 42970624 _____ () C:\Users\Admin_Mirko\Downloads\AcrobatUpd823_all_incr.msp
2014-01-09 12:19 - 2014-01-09 12:22 - 09225216 _____ () C:\Users\Admin_Mirko\Downloads\AcrobatUpd824_all_incr.msp
2014-01-09 12:18 - 2014-01-09 12:47 - 49241088 _____ () C:\Users\Admin_Mirko\Downloads\AcrobatUpd820_all_incr.msp
2014-01-09 12:18 - 2014-01-09 12:45 - 45229056 _____ () C:\Users\Admin_Mirko\Downloads\AcrobatUpd817_all_incr.msp
2014-01-09 12:18 - 2014-01-09 12:19 - 02953728 _____ () C:\Users\Admin_Mirko\Downloads\AcrobatUpd821_all_incr.msp
2014-01-09 12:17 - 2014-01-09 12:27 - 18554368 _____ () C:\Users\Admin_Mirko\Downloads\AcrobatUpd816_all_incr.msp
2014-01-09 12:17 - 2014-01-09 12:18 - 03162624 _____ () C:\Users\Admin_Mirko\Downloads\AcrobatUpd815_all_incr.msp
2014-01-09 12:16 - 2014-01-09 12:18 - 10935296 _____ () C:\Users\Admin_Mirko\Downloads\AcrobatUpd814_all_incr.msp
2014-01-09 12:16 - 2014-01-09 12:17 - 04498944 _____ () C:\Users\Admin_Mirko\Downloads\AcrobatUpd814_all_ce_incr.msp
2014-01-09 12:16 - 2014-01-09 12:17 - 04436992 _____ () C:\Users\Admin_Mirko\Downloads\AcrobatUpd814_all_me_incr.msp
2014-01-09 12:11 - 2007-03-23 16:55 - 00035928 _____ (Adobe Systems Incorporated.) C:\Windows\system32\AdobePDF64.dll
2014-01-09 12:07 - 2014-01-09 12:11 - 40293888 _____ () C:\Users\Admin_Mirko\Downloads\AcrobatUpd813_all_incr.msp
2014-01-09 12:04 - 2014-01-09 12:05 - 02251776 _____ () C:\Users\Admin_Mirko\Downloads\AcrobatReaderUpd812_SU1_all.msi
2014-01-09 12:03 - 2014-01-09 12:05 - 20783104 _____ () C:\Users\Admin_Mirko\Downloads\AcrobatUpd812_all_incr.msp
2014-01-09 12:01 - 2014-01-09 12:02 - 11395584 _____ () C:\Users\Admin_Mirko\Downloads\AcrobatUpd811_all_incr.msp
2014-01-09 11:54 - 2014-01-09 11:57 - 37983232 _____ () C:\Users\Admin_Mirko\Downloads\AcrobatUpd810_efgj_incr.msp
2014-01-09 10:57 - 2006-09-29 12:48 - 00033368 ____R (Adobe Systems Incorporated.) C:\Windows\SysWOW64\AdobePDF.dll
2014-01-09 10:14 - 2014-01-09 10:14 - 00000000 ____D () C:\Windows\system32\appmgmt
==================== One Month Modified Files and Folders =======
2014-02-07 13:34 - 2014-02-07 13:34 - 00025741 _____ () C:\Users\Admin_Mirko\Desktop\FRST.txt
2014-02-07 13:34 - 2014-02-04 15:32 - 00000000 ____D () C:\FRST
2014-02-07 13:32 - 2010-11-21 07:50 - 00701236 _____ () C:\Windows\system32\perfh007.dat
2014-02-07 13:32 - 2010-11-21 07:50 - 00150104 _____ () C:\Windows\system32\perfc007.dat
2014-02-07 13:32 - 2009-07-14 06:13 - 01619284 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-02-07 13:30 - 2014-02-07 13:30 - 00000631 _____ () C:\Users\Admin_Mirko\Desktop\JRT.txt
2014-02-07 13:27 - 2013-09-13 11:20 - 00005014 _____ () C:\Windows\System32\Tasks\WSCEAA
2014-02-07 13:13 - 2009-07-14 05:45 - 00021312 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-02-07 13:13 - 2009-07-14 05:45 - 00021312 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-02-07 13:06 - 2013-08-04 00:00 - 00000000 ____D () C:\ProgramData\NVIDIA
2014-02-07 13:06 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-02-07 13:06 - 2009-07-14 05:51 - 00062808 _____ () C:\Windows\setupact.log
2014-02-07 13:05 - 2013-08-03 23:54 - 01397662 _____ () C:\Windows\WindowsUpdate.log
2014-02-07 12:38 - 2013-12-19 16:00 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-02-07 12:37 - 2014-02-07 12:37 - 00007676 _____ () C:\Users\Admin_Mirko\AppData\Local\Resmon.ResmonCfg
2014-02-07 09:43 - 2014-02-07 09:43 - 00000000 ____D () C:\Windows\ERUNT
2014-02-07 09:34 - 2014-02-07 09:33 - 00000000 ____D () C:\AdwCleaner
2014-02-07 09:31 - 2014-02-07 09:32 - 01037530 _____ (Thisisu) C:\Users\Mirko\Desktop\06_JRT.exe
2014-02-07 09:30 - 2014-02-07 09:32 - 01166132 _____ () C:\Users\Mirko\Desktop\05_adwcleaner.exe
2014-02-07 09:25 - 2013-10-28 16:41 - 00000120 _____ () C:\Windows\system32\config\netlogon.ftl
2014-02-05 09:51 - 2010-11-21 04:47 - 00471874 _____ () C:\Windows\PFRO.log
2014-02-05 09:50 - 2014-02-05 09:40 - 00000000 ___SD () C:\04_ComboFix
2014-02-05 09:50 - 2009-07-14 03:34 - 91750400 _____ () C:\Windows\system32\config\SOFTWARE.bak
2014-02-05 09:50 - 2009-07-14 03:34 - 14942208 _____ () C:\Windows\system32\config\SYSTEM.bak
2014-02-05 09:50 - 2009-07-14 03:34 - 00524288 _____ () C:\Windows\system32\config\DEFAULT.bak
2014-02-05 09:50 - 2009-07-14 03:34 - 00262144 _____ () C:\Windows\system32\config\SECURITY.bak
2014-02-05 09:50 - 2009-07-14 03:34 - 00262144 _____ () C:\Windows\system32\config\SAM.bak
2014-02-05 09:49 - 2014-02-05 09:39 - 00000000 ____D () C:\Windows\erdnt
2014-02-05 09:40 - 2014-02-05 09:40 - 00000000 ____D () C:\Qoobox
2014-02-05 09:39 - 2014-02-05 09:38 - 05180173 ____R (Swearware) C:\Users\Mirko\Desktop\04_ComboFix.exe
2014-02-04 15:39 - 2014-02-04 15:39 - 00014945 _____ () C:\Users\Admin_Mirko\Desktop\gmer.txt
2014-02-04 15:31 - 2014-02-04 15:31 - 00000000 _____ () C:\Users\Admin_Mirko\defogger_reenable
2014-02-04 15:31 - 2013-08-19 19:02 - 00000000 ____D () C:\Users\Admin_Mirko
2014-02-04 15:27 - 2014-02-07 13:33 - 02080256 _____ (Farbar) C:\Users\Admin_Mirko\Desktop\02_FRST64.exe
2014-02-04 15:27 - 2014-02-04 15:30 - 02080256 _____ (Farbar) C:\Users\Mirko\Desktop\02_FRST64.exe
2014-02-04 15:27 - 2014-02-04 15:30 - 00380416 _____ () C:\Users\Mirko\Desktop\03_Gmer-19357.exe
2014-02-04 15:23 - 2014-02-04 15:30 - 00050477 _____ () C:\Users\Mirko\Desktop\01_Defogger.exe
2014-02-04 12:58 - 2014-01-04 13:43 - 00000000 ____D () C:\Users\Admin_Mirko\AppData\Local\genienext
2014-02-04 12:45 - 2014-02-04 12:45 - 00000000 ____D () C:\Users\Mirko\AppData\Roaming\Malwarebytes
2014-02-04 12:35 - 2014-02-04 12:35 - 00000000 ____D () C:\Users\Admin_Mirko\AppData\Roaming\Malwarebytes
2014-02-04 12:35 - 2014-02-04 12:34 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-02-04 12:34 - 2014-02-04 12:34 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-02-04 11:47 - 2014-02-03 11:43 - 00000000 ____D () C:\Users\Admin_Mirko\AppData\Local\CrashDumps
2014-02-03 12:00 - 2014-02-03 11:53 - 00000000 ___RD () C:\Users\Admin_Mirko\Virtual Machines
2014-02-03 11:45 - 2014-01-02 16:52 - 00000000 ___RD () C:\Users\Mirko\Virtual Machines
2014-02-03 11:39 - 2013-12-23 15:53 - 00000000 ____D () C:\Users\Mirko\AppData\Local\CrashDumps
2014-01-27 14:19 - 2014-01-27 14:19 - 00000000 ____D () C:\Users\Mirko\AppData\Roaming\PDF Writer
2014-01-27 14:19 - 2014-01-27 14:19 - 00000000 ____D () C:\Users\Mirko\AppData\Local\PDF Writer
2014-01-27 14:13 - 2014-01-27 14:13 - 00000000 ____D () C:\Users\Admin_Mirko\AppData\Roaming\PDF Writer
2014-01-27 14:13 - 2014-01-27 14:13 - 00000000 ____D () C:\ProgramData\PDF Writer
2014-01-27 14:13 - 2014-01-27 14:13 - 00000000 ____D () C:\Program Files\Common Files\Bullzip
2014-01-27 14:13 - 2014-01-27 14:13 - 00000000 ____D () C:\Program Files\Bullzip
2014-01-20 20:19 - 2013-08-19 19:07 - 00000000 ____D () C:\Users\Admin_Mirko\AppData\Local\Adobe
2014-01-20 20:18 - 2013-12-19 16:00 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-01-20 20:18 - 2013-08-03 23:54 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-01-20 20:18 - 2013-08-03 23:54 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-01-19 19:51 - 2014-01-06 15:47 - 00000000 ____D () C:\Users\Mirko\AppData\Roaming\SolidWorks
2014-01-18 07:10 - 2013-11-11 07:15 - 00000000 ____D () C:\Users\Mirko\AppData\Roaming\Skype
2014-01-17 15:14 - 2014-01-17 15:14 - 00000000 ____D () C:\Users\Admin_Mirko\AppData\Roaming\BR
2014-01-17 15:13 - 2014-01-17 15:13 - 00000000 ____D () C:\Users\Mirko\AppData\Roaming\BR
2014-01-16 08:32 - 2010-11-21 08:00 - 00000000 ___RD () C:\Users\Public\Recorded TV
2014-01-16 08:27 - 2014-01-16 08:27 - 00000000 ____D () C:\Users\Mirko\AppData\Roaming\WinRAR
2014-01-16 08:25 - 2014-01-16 08:25 - 00000000 ____D () C:\Users\Admin_Mirko\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
2014-01-16 08:25 - 2014-01-16 08:25 - 00000000 ____D () C:\Program Files\WinRAR
2014-01-12 23:26 - 2013-11-11 07:15 - 00000000 ___RD () C:\Program Files (x86)\Skype
2014-01-12 23:26 - 2013-11-11 07:15 - 00000000 ____D () C:\ProgramData\Skype
2014-01-10 11:02 - 2014-01-10 11:02 - 00000175 _____ () C:\ProgramData\OutlookFail.20140110.log
2014-01-09 14:32 - 2014-01-09 13:55 - 43703296 _____ () C:\Users\Admin_Mirko\Downloads\AcrobatUpd831_all_incr.msp
2014-01-09 12:47 - 2014-01-09 12:27 - 43396608 _____ () C:\Users\Admin_Mirko\Downloads\AcrobatUpd826_all_incr.msp
2014-01-09 12:47 - 2014-01-09 12:18 - 49241088 _____ () C:\Users\Admin_Mirko\Downloads\AcrobatUpd820_all_incr.msp
2014-01-09 12:46 - 2014-01-09 12:19 - 45099008 _____ () C:\Users\Admin_Mirko\Downloads\AcrobatUpd822_all_incr.msp
2014-01-09 12:45 - 2014-01-09 12:18 - 45229056 _____ () C:\Users\Admin_Mirko\Downloads\AcrobatUpd817_all_incr.msp
2014-01-09 12:37 - 2014-01-09 12:28 - 44644864 _____ () C:\Users\Admin_Mirko\Downloads\AcrobatUpd830_all_incr.msp
2014-01-09 12:34 - 2014-01-09 12:22 - 43589632 _____ () C:\Users\Admin_Mirko\Downloads\AcrobatUpd825_all_incr.msp
2014-01-09 12:28 - 2014-01-09 12:19 - 42970624 _____ () C:\Users\Admin_Mirko\Downloads\AcrobatUpd823_all_incr.msp
2014-01-09 12:27 - 2014-01-09 12:17 - 18554368 _____ () C:\Users\Admin_Mirko\Downloads\AcrobatUpd816_all_incr.msp
2014-01-09 12:22 - 2014-01-09 12:19 - 09225216 _____ () C:\Users\Admin_Mirko\Downloads\AcrobatUpd824_all_incr.msp
2014-01-09 12:19 - 2014-01-09 12:18 - 02953728 _____ () C:\Users\Admin_Mirko\Downloads\AcrobatUpd821_all_incr.msp
2014-01-09 12:18 - 2014-01-09 12:17 - 03162624 _____ () C:\Users\Admin_Mirko\Downloads\AcrobatUpd815_all_incr.msp
2014-01-09 12:18 - 2014-01-09 12:16 - 10935296 _____ () C:\Users\Admin_Mirko\Downloads\AcrobatUpd814_all_incr.msp
2014-01-09 12:17 - 2014-01-09 12:16 - 04498944 _____ () C:\Users\Admin_Mirko\Downloads\AcrobatUpd814_all_ce_incr.msp
2014-01-09 12:17 - 2014-01-09 12:16 - 04436992 _____ () C:\Users\Admin_Mirko\Downloads\AcrobatUpd814_all_me_incr.msp
2014-01-09 12:11 - 2014-01-09 12:07 - 40293888 _____ () C:\Users\Admin_Mirko\Downloads\AcrobatUpd813_all_incr.msp
2014-01-09 12:06 - 2013-08-04 00:09 - 00000000 ____D () C:\Program Files (x86)\Adobe
2014-01-09 12:05 - 2014-01-09 12:04 - 02251776 _____ () C:\Users\Admin_Mirko\Downloads\AcrobatReaderUpd812_SU1_all.msi
2014-01-09 12:05 - 2014-01-09 12:03 - 20783104 _____ () C:\Users\Admin_Mirko\Downloads\AcrobatUpd812_all_incr.msp
2014-01-09 12:02 - 2014-01-09 12:01 - 11395584 _____ () C:\Users\Admin_Mirko\Downloads\AcrobatUpd811_all_incr.msp
2014-01-09 11:57 - 2014-01-09 11:54 - 37983232 _____ () C:\Users\Admin_Mirko\Downloads\AcrobatUpd810_efgj_incr.msp
2014-01-09 10:35 - 2009-07-14 06:32 - 00000000 ____D () C:\Windows\system32\FxsTmp
2014-01-09 10:23 - 2013-08-04 00:09 - 00000000 ____D () C:\ProgramData\Adobe
2014-01-09 10:14 - 2014-01-09 10:14 - 00000000 ____D () C:\Windows\system32\appmgmt
2014-01-09 09:37 - 2014-01-27 14:13 - 00147456 _____ (Bullzip) C:\Windows\SysWOW64\bzpdfc.dll
Some content of TEMP:
====================
C:\Users\Admin_Mirko\AppData\Local\Temp\Quarantine.exe
==================== Bamital & volsnap Check =================
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
LastRegBack: 2014-01-29 08:50
==================== End Of Log ============================
--- --- --- SG, newi |
|
| Themen zu Windows7: Datei "dwm.exe" im Ordner "iswizard05" lässt sich nicht löschen |
| administrator, browser, defender, excel, explorer, firewall, flash player, home, homepage, malware, mobogenie, mobogenie entfernen, mozilla, nvidia, registry, rundll, security, services.exe, svchost.exe, system, win32/adware.kazaa.a, windows, winlogon.exe |
Hybrid-Darstellung
