|
Log-Analyse und Auswertung: Beim Anklicken von Links öffnet sich http://open.url.ph/70244Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
09.02.2014, 13:51 | #1 |
| Beim Anklicken von Links öffnet sich http://open.url.ph/70244 Hallo, ich bin neu hier. Seit einiger Zeit plagt mich das Problem, wenn ich im Browser auf beliebigen Seiten einen beliebigen Link anklicke, öffnet sich ca. jedes 2. bis 4. mal die Seite hxxp://open.url.ph/70244 . Wenn ich zurück gehe und den Link nochmals anklicke, kommt meistens die richtige Seite. Habe schon mit Malwarebytes free und Mcafee gescannt und manche Bedrohungen gefunden. Ich habe auch schon den Computerschutz daktiviert, weil ich schon oft gelesen habe, dass durch aktiven Computerschutz die Bedrohungen immer wieder aktiv werden. Das Problem tritt aber immer wieder auf. Betriebssystem ist Win7 Pro 64-bit. Im Anhang die letzten Logs von Malwarebytes. Kann mir jemand helfen? Danke! |
09.02.2014, 15:45 | #2 |
/// Winkelfunktion /// TB-Süch-Tiger™ | Beim Anklicken von Links öffnet sich http://open.url.ph/70244 Hi,
__________________Logs bitte nicht in den Anhang stecken. Nur in CODE-Tags posten (siehe unten) Scan mit Farbar's Recovery Scan Tool (FRST) Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop: FRST 32-Bit | FRST 64-Bit (Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
Lesestoff: Posten in CODE-Tags Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert mir massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu gross für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
__________________ |
10.02.2014, 17:19 | #3 |
| Beim Anklicken von Links öffnet sich http://open.url.ph/70244 Hallo,
__________________tut mir leid, dass ich die Logs nicht richtig gepostet habe. Hier die Ergebnisse von FRST: FRST Logfile: FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 09-02-2014 03 Ran by Thomas (administrator) on THOMAS-PC on 10-02-2014 17:14:07 Running from C:\Users\Thomas\Downloads Windows 7 Professional Service Pack 1 (X64) OS Language: German Standard Internet Explorer Version 11 Boot Mode: Normal ==================== Processes (Whitelisted) ================= (NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe (NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe () C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe (B.H.A Corporation) C:\Windows\SysWOW64\bgsvcgen.exe (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (McAfee, Inc.) C:\Program Files (x86)\McAfee\Common Framework\FrameworkService.exe (McAfee, Inc.) C:\Program Files (x86)\McAfee\VirusScan Enterprise\VsTskMgr.exe () C:\Program Files (x86)\ASUS\EPU-6 Engine\SixEngine.exe (McAfee, Inc.) C:\Windows\system32\mfevtps.exe () C:\Program Files (x86)\CDBurnerXP\NMSAccessU.exe (Protexis Inc.) c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe (McAfee, Inc.) C:\Program Files (x86)\McAfee\VirusScan Enterprise\mfeann.exe (Seagate) C:\Program Files (x86)\Common Files\Seagate\Schedule2\schedul2.exe (McAfee, Inc.) C:\Program Files (x86)\McAfee\Common Framework\naPrdMgr.exe (TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe (Seagate) C:\Program Files (x86)\Common Files\Seagate\Schedule2\schedhlp.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe () C:\Program Files (x86)\Greenshot\Greenshot.exe () C:\Program Files\ASUS\TurboV\TurboV.exe (McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (shbox.de) C:\Program Files (x86)\FreePDF_XP\fpassist.exe (Seagate) C:\Program Files (x86)\Seagate\BlackArmorBackup\BlackArmorBackupMonitor.exe (Seagate) C:\Program Files (x86)\Seagate\BlackArmorBackup\TimounterMonitor.exe (Panasonic Corporation) C:\Program Files (x86)\Panasonic\PHOTOfunSTUDIO\PhAutoRun.exe (Dropbox, Inc.) C:\Users\Thomas\AppData\Roaming\Dropbox\bin\Dropbox.exe (Adobe Systems Inc.) C:\Program Files (x86)\Adobe\Acrobat 7.0\Distillr\acrotray.exe (McAfee, Inc.) C:\Program Files (x86)\McAfee\Common Framework\UdaterUI.exe (Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (McAfee, Inc.) C:\Program Files (x86)\McAfee\Common Framework\McTray.exe (McAfee, Inc.) C:\Program Files (x86)\McAfee\VirusScan Enterprise\SHSTAT.EXE (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Mozilla Corporation) C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_12_0_0_44.exe (Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_12_0_0_44.exe ==================== Registry (Whitelisted) ================== HKLM\...\Run: [Skytel] - C:\Program Files\Realtek\Audio\HDA\Skytel.exe [1833504 2009-05-22] (Realtek Semiconductor Corp.) HKLM\...\Run: [Seagate Scheduler2 Service] - C:\Program Files (x86)\Common Files\Seagate\Schedule2\schedhlp.exe [376456 2009-07-24] (Seagate) HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [7833120 2009-05-22] (Realtek Semiconductor) HKLM-x32\...\Run: [TurboV] - C:\Program Files\ASUS\TurboV\TurboV.exe [5391872 2009-05-25] () HKLM-x32\...\Run: [JMB36X IDE Setup] - C:\Windows\RaidTool\xInsIDE.exe [36864 2009-06-30] () HKLM-x32\...\Run: [ISUSScheduler] - C:\Program Files (x86)\Common Files\InstallShield\UpdateService\issch.exe [81920 2004-06-16] (InstallShield Software Corporation) HKLM-x32\...\Run: [IAStorIcon] - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [284696 2010-03-03] (Intel Corporation) HKLM-x32\...\Run: [FreePDF Assistant] - C:\Program Files (x86)\FreePDF_XP\fpassist.exe [385024 2009-09-05] (shbox.de) HKLM-x32\...\Run: [BlackArmorBackupMonitor.exe] - C:\Program Files (x86)\Seagate\BlackArmorBackup\BlackArmorBackupMonitor.exe [4386112 2009-07-24] (Seagate) HKLM-x32\...\Run: [AcronisTimounterMonitor] - C:\Program Files (x86)\Seagate\BlackArmorBackup\TimounterMonitor.exe [965600 2009-07-24] (Seagate) HKLM-x32\...\Run: [Adobe Reader Speed Launcher] - C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe [41056 2013-05-08] (Adobe Systems Incorporated) HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated) HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59240 2012-02-20] (Apple Inc.) HKLM-x32\...\Run: [CanonQuickMenu] - C:\Program Files (x86)\Canon\Quick Menu\CNQMMAIN.EXE [1273448 2012-04-03] (CANON INC.) HKLM-x32\...\Run: [Acrobat Assistant 7.0] - C:\Program Files (x86)\Adobe\Acrobat 7.0\Distillr\Acrotray.exe [483328 2004-12-14] (Adobe Systems Inc.) HKLM-x32\...\Run: [] - [X] HKLM-x32\...\Run: [McAfeeUpdaterUI] - C:\Program Files (x86)\McAfee\Common Framework\udaterui.exe [333416 2012-09-05] (McAfee, Inc.) HKLM-x32\...\Run: [ShStatEXE] - C:\Program Files (x86)\McAfee\VirusScan Enterprise\SHSTAT.EXE [215656 2012-08-14] (McAfee, Inc.) HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation) HKLM\...\Policies\Explorer: [NoControlPanel] 0 HKU\S-1-5-21-807310499-3347933236-1669874931-1000\...\Run: [Greenshot] - C:\Program Files (x86)\Greenshot\Greenshot.exe [548864 2010-07-12] () HKU\S-1-5-21-807310499-3347933236-1669874931-1000\...\Run: [StoppUhr] - [X] HKU\S-1-5-21-807310499-3347933236-1669874931-1000\...\Run: [] - [X] HKU\S-1-5-21-807310499-3347933236-1669874931-1000\...\MountPoints2: {26f4dae3-fef1-11de-a91d-806e6f6e6963} - Z:\setup.exe HKU\S-1-5-21-807310499-3347933236-1669874931-1000\...\MountPoints2: {4f919af2-03d3-11e0-a718-e0cb4e1978e2} - F:\.\Autorun.exe AUTORUN=1 HKU\S-1-5-21-807310499-3347933236-1669874931-1000\...\MountPoints2: {6cb09a90-03d7-11e0-a674-e0cb4e1978e2} - F:\.\Autorun.exe AUTORUN=1 HKU\S-1-5-21-807310499-3347933236-1669874931-1000\...\MountPoints2: {bf399265-fee6-11de-9302-806e6f6e6963} - E:\.\Bin\Assetup.exe Startup: C:\Users\Thomas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk ShortcutTarget: Dropbox.lnk -> C:\Users\Thomas\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) ==================== Internet (Whitelisted) ==================== HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://at.msn.com/?ocid=iehp HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xB09CDE77FF92CA01 HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-at SearchScopes: HKCU - DefaultScope {243C8535-257A-437A-B7D2-9DF2FF56AACC} URL = hxxp://www.google.at/search?hl=de&source=hp&q={searchTerms}&meta=&aq=f&oq= SearchScopes: HKCU - {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = hxxp://search.conduit.com/Results.aspx?ctid=CT3315513&octid=EB_ORIGINAL_CTID&SearchSource=58&CUI=&UM=4&UP=SP3D0C3A73-8F5F-40A7-9B51-5E477632C0F9&q={searchTerms}&SSPV= SearchScopes: HKCU - {243C8535-257A-437A-B7D2-9DF2FF56AACC} URL = hxxp://www.google.at/search?hl=de&source=hp&q={searchTerms}&meta=&aq=f&oq= BHO: Security.filter - {11111111-1111-1111-1111-110411941182} - C:\Program Files (x86)\Security.filter\Security.filter-bho64.dll (ivanisimus) BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\McAfee\SystemCore\ScriptSn.20131002192655.dll (McAfee, Inc.) BHO-x32: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files (x86)\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) BHO-x32: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated) BHO-x32: DivX Plus Web Player HTML5 <video> - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC) BHO-x32: DivX HiQ - {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC) BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO-x32: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20131002192655.dll (McAfee, Inc.) BHO-x32: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) BHO-x32: Skype Plug-In - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) Toolbar: HKLM-x32 - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) Toolbar: HKCU - No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No File DPF: HKLM {6E718D87-6909-4FCE-92D4-EDCB2F725727} file:///C:/Program%20Files%20(x86)/C.online/VIEWERINSTALL/applications/Navigram.cab DPF: HKLM-x32 {44C1E3A2-B594-401C-B27A-D1B4476E4797} https://vpn.ams-engineering.com/XTSAC.cab DPF: HKLM-x32 {79D6214F-CFCE-480F-9901-27950E78F1E6} https://vpn.ams-engineering.com/MLWebCacheCleaner.cab DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - No File Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies) Tcpip\Parameters: [DhcpNameServer] 10.0.0.138 FireFox: ======== FF ProfilePath: C:\Users\Thomas\AppData\Roaming\Mozilla\Firefox\Profiles\9wv2m9d7.default FF Homepage: about:newtab FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_9_900_170.dll () FF Plugin: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf - C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products Ltd.) FF Plugin: @microsoft.com/GENUINE - disabled No File FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation) FF Plugin: @tracker-software.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf - C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products Ltd.) FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_44.dll () FF Plugin-x32: @canon.com/EPPEX - C:\Program Files (x86)\Canon\My Image Garden\AddOn\CIG\npmigfpi.dll (CANON INC.) FF Plugin-x32: @divx.com/DivX Browser Plugin,version=1.0.0 - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC) FF Plugin-x32: @divx.com/DivX VOD Helper,version=1.0.0 - C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.) FF Plugin-x32: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf - C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll (Tracker Software Products Ltd.) FF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google) FF Plugin-x32: @java.com/DTPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin-x32: @microsoft.com/GENUINE - disabled No File FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation) FF Plugin-x32: @nvidia.com/3DVision - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation) FF Plugin-x32: @nvidia.com/3DVisionStreaming - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation) FF Plugin-x32: @parallelgraphics.com/Cortona - C:\Program Files (x86)\Common Files\ParallelGraphics\Cortona\npCortona.dll (ParallelGraphics) FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: @tracker-software.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf - C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll (Tracker Software Products Ltd.) FF Plugin-x32: @videolan.org/vlc,version=2.1.0 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN) FF Plugin-x32: @virtools.com/3DviaPlayer - C:\Program Files (x86)\Virtools\3D Life Player\npvirtools.dll (Dassault Systèmes) FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\np-mswmp.dll (Microsoft Corporation) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npCortona.dll (ParallelGraphics) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npPDFXCviewNPPlugin.dll (Tracker Software Products Ltd.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin6.dll (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin7.dll (Apple Inc.) FF SearchPlugin: C:\Users\Thomas\AppData\Roaming\Mozilla\Firefox\Profiles\9wv2m9d7.default\searchplugins\youtube.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml FF Extension: 20-20 3D Viewer - C:\Users\Thomas\AppData\Roaming\Mozilla\Firefox\Profiles\9wv2m9d7.default\Extensions\2020Player@2020Technologies.com [2010-11-09] FF Extension: Security.filter - C:\Users\Thomas\AppData\Roaming\Mozilla\Firefox\Profiles\9wv2m9d7.default\Extensions\50a9a973-71c4-413b-87c0-419a6016ed1b@b777906f-57ec-4b14-b488-e41781b831a7.com [2014-02-07] FF Extension: Garmin Communicator - C:\Users\Thomas\AppData\Roaming\Mozilla\Firefox\Profiles\9wv2m9d7.default\Extensions\{195A3098-0BD5-4e90-AE22-BA1C540AFD1E} [2013-11-19] FF Extension: Skype extension - C:\Program Files (x86)\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1} [2014-02-05] FF HKLM-x32\...\Firefox\Extensions: [bkmrksync@nokia.com] - C:\Program Files (x86)\Nokia\Nokia PC Suite 7\bkmrksync\ FF Extension: PC Sync 2 Synchronisation Extension - C:\Program Files (x86)\Nokia\Nokia PC Suite 7\bkmrksync\ [] FF HKLM-x32\...\Firefox\Extensions: [{23fcfd51-4958-4f00-80a3-ae97e717ed8b}] - C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\html5video FF Extension: DivX Plus Web Player HTML5 <video> - C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\html5video [2011-04-20] FF HKLM-x32\...\Firefox\Extensions: [{6904342A-8307-11DF-A508-4AE2DFD72085}] - C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\wpa FF Extension: DivX HiQ - C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\wpa [2011-04-20] FF HKLM-x32\...\Firefox\Extensions: [{ACAA314B-EEBA-48e4-AD47-84E31C44796C}] - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\ff\ FF Extension: DVDVideoSoft YouTube MP3 and Video Download - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\ff\ [] FF HKLM-x32\...\Firefox\Extensions: [{D19CA586-DD6C-4a0a-96F8-14644F340D60}] - C:\Program Files (x86)\Common Files\McAfee\SystemCore FF Extension: IDS_SS_NAME - C:\Program Files (x86)\Common Files\McAfee\SystemCore [2013-10-02] ==================== Services (Whitelisted) ================= R2 AsSysCtrlService; C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe [90112 2009-04-02] () S3 CoCreate License Server; C:\Program Files (x86)\CoCreate\CoCreate License Server 2008\MEls32.exe [9830620 2009-02-27] () S3 Garmin Core Update Service; C:\Program Files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe [250200 2013-09-19] (Garmin Ltd or its subsidiaries) R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation) R2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation) R2 McAfeeFramework; C:\Program Files (x86)\McAfee\Common Framework\FrameworkService.exe [132712 2012-09-05] (McAfee, Inc.) R2 McShield; C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe [202376 2012-09-25] (McAfee, Inc.) R2 McTaskManager; C:\Program Files (x86)\McAfee\VirusScan Enterprise\VsTskMgr.exe [210056 2012-08-14] (McAfee, Inc.) R2 mfevtp; C:\Windows\system32\mfevtps.exe [170440 2012-09-25] (McAfee, Inc.) R2 NMSAccessU; C:\Program Files (x86)\CDBurnerXP\NMSAccessU.exe [71096 2009-11-12] () S4 PS3 Media Server; C:\Program Files (x86)\PS3 Media Server\win32\service\wrapper.exe [217088 2008-08-17] () S3 rpcapd; C:\Program Files (x86)\WinPcap\rpcapd.exe [117264 2010-06-25] (CACE Technologies, Inc.) S3 TVersityMediaServer; C:\ProgramData\TVersity\Media Server\MediaServer.exe [921600 2010-11-24] () S3 uvnc_service; C:\Program Files\UltraVNC\WinVNC.exe [2181400 2013-08-14] (UltraVNC) ==================== Drivers (Whitelisted) ==================== R1 AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [14392 2007-12-17] () R1 cdrbsdrv; C:\Windows\System32\Drivers\cdrbsdrv.sys [39208 2006-08-25] (B.H.A Corporation) R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation) R3 mfeapfk; C:\Windows\System32\drivers\mfeapfk.sys [169192 2012-09-25] (McAfee, Inc.) R3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [282736 2012-09-25] (McAfee, Inc.) U3 mfeavfk01; No ImagePath R0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [673624 2012-09-25] (McAfee, Inc.) S3 mferkdet; C:\Windows\System32\drivers\mferkdet.sys [101200 2012-09-25] (McAfee, Inc.) R0 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [305280 2012-09-25] (McAfee, Inc.) R3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [15416 2009-05-14] () R2 NPF; C:\Windows\System32\drivers\npf.sys [35344 2010-06-25] (CACE Technologies, Inc.) R0 snapman380; C:\Windows\System32\DRIVERS\snman380.sys [237600 2010-04-20] (Acronis) S3 StarOpen; C:\Windows\System32\Drivers\StarOpen.sys [5504 2009-11-12] () S3 StarOpen; C:\Windows\SysWow64\Drivers\StarOpen.sys [7168 2009-11-12] () R0 tdrpman174; C:\Windows\System32\DRIVERS\tdrpm174.sys [1581088 2010-04-20] (Acronis) S2 mdmxsdk; system32\DRIVERS\mdmxsdk.sys [X] U5 VWiFiFlt; C:\Windows\System32\Drivers\VWiFiFlt.sys [59904 2009-07-14] (Microsoft Corporation) S3 Winacusb; system32\DRIVERS\winaxusb.sys [X] ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2014-02-10 17:14 - 2014-02-10 17:15 - 00021659 _____ () C:\Users\Thomas\Downloads\FRST.txt 2014-02-10 17:14 - 2014-02-10 17:14 - 00000000 ____D () C:\FRST 2014-02-10 17:13 - 2014-02-10 17:13 - 02170880 _____ (Farbar) C:\Users\Thomas\Downloads\FRST64.exe 2014-02-06 20:27 - 2014-02-06 20:27 - 00001126 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk 2014-02-06 20:27 - 2014-02-06 20:27 - 00000000 ____D () C:\Users\Thomas\AppData\Roaming\Malwarebytes 2014-02-06 20:27 - 2014-02-06 20:27 - 00000000 ____D () C:\ProgramData\Malwarebytes 2014-02-06 20:27 - 2014-02-06 20:27 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes' Anti-Malware 2014-02-06 20:27 - 2013-04-04 14:50 - 00025928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys 2014-02-06 20:25 - 2014-02-06 20:26 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\Thomas\Downloads\mbam-setup-1.75.0.1300.exe 2014-02-06 19:23 - 2014-02-08 08:42 - 00000000 ____D () C:\Program Files (x86)\Mozilla Thunderbird 2014-02-05 20:12 - 2014-02-05 20:12 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox 2014-01-31 20:35 - 2014-02-08 08:35 - 00000000 ____D () C:\Program Files (x86)\Security.filter 2014-01-28 21:25 - 2014-01-28 21:25 - 02242727 _____ () C:\Users\Thomas\Downloads\brennweitenrechner.zip 2014-01-26 15:10 - 2014-01-26 15:12 - 00000000 ____D () C:\Users\Thomas\Desktop\Digitalkamera 2014-01-22 20:38 - 2014-02-10 16:31 - 00000000 ___RD () C:\Users\Thomas\Dropbox 2014-01-22 20:38 - 2014-01-22 20:38 - 00001057 _____ () C:\Users\Thomas\Desktop\Dropbox.lnk 2014-01-22 20:37 - 2014-02-10 16:31 - 00000000 ____D () C:\Users\Thomas\AppData\Roaming\Dropbox 2014-01-22 20:37 - 2014-01-22 20:38 - 00000000 ____D () C:\Users\Thomas\AppData\Roaming\DropboxMaster 2014-01-22 20:37 - 2014-01-22 20:37 - 00000000 ____D () C:\Users\Thomas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox 2014-01-22 20:35 - 2014-01-22 20:36 - 37660568 _____ (Dropbox, Inc.) C:\Users\Thomas\Downloads\Dropbox 2.6.2.exe 2014-01-21 17:56 - 2014-01-21 17:56 - 01887871 _____ () C:\Users\Thomas\Downloads\tools_v5.0.exe 2014-01-21 17:23 - 2014-01-21 17:33 - 00000000 ____D () C:\Users\Thomas\AppData\Local\calibre-cache 2014-01-21 17:22 - 2014-01-23 19:35 - 00000000 ____D () C:\Users\Thomas\Documents\Calibre-Bibliothek 2014-01-21 17:22 - 2014-01-23 17:03 - 00000000 ____D () C:\Users\Thomas\AppData\Roaming\calibre 2014-01-21 17:22 - 2014-01-21 17:22 - 00000947 _____ () C:\Users\Public\Desktop\calibre 64bit - E-book management.lnk 2014-01-21 17:22 - 2014-01-21 17:22 - 00000000 ____D () C:\Program Files\Calibre2 2014-01-21 16:42 - 2014-01-21 16:43 - 59793408 _____ () C:\Users\Thomas\Downloads\calibre-64bit-1.20.0.msi 2014-01-20 19:31 - 2013-12-18 21:09 - 00096168 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll 2014-01-20 19:31 - 2013-12-18 21:04 - 00264616 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe 2014-01-20 19:31 - 2013-12-18 21:04 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe 2014-01-20 19:31 - 2013-12-18 21:03 - 00174504 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe 2014-01-20 19:30 - 2014-01-20 19:31 - 00005327 _____ () C:\Windows\SysWOW64\jupdate-1.7.0_51-b13.log 2014-01-19 14:58 - 2014-01-19 14:58 - 00000000 ____D () C:\Users\Thomas\AppData\Roaming\VisualTailor 2014-01-15 18:31 - 2013-11-27 02:41 - 00343040 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbhub.sys 2014-01-15 18:31 - 2013-11-27 02:41 - 00325120 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbport.sys 2014-01-15 18:31 - 2013-11-27 02:41 - 00099840 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbccgp.sys 2014-01-15 18:31 - 2013-11-27 02:41 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbehci.sys 2014-01-15 18:31 - 2013-11-27 02:41 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbuhci.sys 2014-01-15 18:31 - 2013-11-27 02:41 - 00025600 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbohci.sys 2014-01-15 18:31 - 2013-11-27 02:41 - 00007808 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbd.sys 2014-01-15 18:31 - 2013-11-26 12:40 - 00376768 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netio.sys 2014-01-15 18:31 - 2013-11-26 11:32 - 03156480 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys ==================== One Month Modified Files and Folders ======= 2014-02-10 17:15 - 2014-02-10 17:14 - 00021659 _____ () C:\Users\Thomas\Downloads\FRST.txt 2014-02-10 17:14 - 2014-02-10 17:14 - 00000000 ____D () C:\FRST 2014-02-10 17:13 - 2014-02-10 17:13 - 02170880 _____ (Farbar) C:\Users\Thomas\Downloads\FRST64.exe 2014-02-10 17:11 - 2010-01-22 20:52 - 00000000 ____D () C:\QUARANTINE 2014-02-10 16:37 - 2009-07-14 05:45 - 00015040 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2014-02-10 16:37 - 2009-07-14 05:45 - 00015040 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2014-02-10 16:36 - 2012-04-04 15:04 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job 2014-02-10 16:34 - 2009-07-14 18:58 - 00698726 _____ () C:\Windows\system32\perfh007.dat 2014-02-10 16:34 - 2009-07-14 18:58 - 00148782 _____ () C:\Windows\system32\perfc007.dat 2014-02-10 16:34 - 2009-07-14 06:13 - 01613340 _____ () C:\Windows\system32\PerfStringBackup.INI 2014-02-10 16:31 - 2014-01-22 20:38 - 00000000 ___RD () C:\Users\Thomas\Dropbox 2014-02-10 16:31 - 2014-01-22 20:37 - 00000000 ____D () C:\Users\Thomas\AppData\Roaming\Dropbox 2014-02-10 16:30 - 2011-07-23 17:43 - 00001106 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2014-02-10 16:30 - 2010-01-11 22:24 - 00000000 ____D () C:\ProgramData\NVIDIA 2014-02-10 16:30 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2014-02-10 16:30 - 2009-07-14 05:51 - 00195126 _____ () C:\Windows\setupact.log 2014-02-09 14:09 - 2010-01-11 20:34 - 01937008 _____ () C:\Windows\WindowsUpdate.log 2014-02-09 13:16 - 2011-07-23 17:43 - 00001110 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2014-02-08 19:32 - 2012-05-18 17:43 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service 2014-02-08 19:32 - 2010-01-11 22:27 - 00025346 _____ () C:\Windows\PFRO.log 2014-02-08 08:42 - 2014-02-06 19:23 - 00000000 ____D () C:\Program Files (x86)\Mozilla Thunderbird 2014-02-08 08:35 - 2014-01-31 20:35 - 00000000 ____D () C:\Program Files (x86)\Security.filter 2014-02-06 20:27 - 2014-02-06 20:27 - 00001126 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk 2014-02-06 20:27 - 2014-02-06 20:27 - 00000000 ____D () C:\Users\Thomas\AppData\Roaming\Malwarebytes 2014-02-06 20:27 - 2014-02-06 20:27 - 00000000 ____D () C:\ProgramData\Malwarebytes 2014-02-06 20:27 - 2014-02-06 20:27 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes' Anti-Malware 2014-02-06 20:26 - 2014-02-06 20:25 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\Thomas\Downloads\mbam-setup-1.75.0.1300.exe 2014-02-06 17:36 - 2012-04-04 15:04 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2014-02-06 17:36 - 2012-04-04 15:04 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater 2014-02-06 17:36 - 2011-05-17 20:08 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2014-02-05 20:12 - 2014-02-05 20:12 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox 2014-01-30 20:05 - 2012-03-04 21:26 - 00000000 ____D () C:\Users\Public\HBPData 2014-01-30 20:05 - 2012-03-04 21:25 - 00000000 ____D () C:\Program Files (x86)\HBP 2014-01-28 21:25 - 2014-01-28 21:25 - 02242727 _____ () C:\Users\Thomas\Downloads\brennweitenrechner.zip 2014-01-27 22:33 - 2013-05-10 16:39 - 00002036 _____ () C:\Users\Public\Desktop\Adobe Acrobat 7.0 Professional.lnk 2014-01-27 18:23 - 2012-04-16 17:30 - 00000000 ____D () C:\Users\Thomas\AppData\Roaming\Nuance 2014-01-27 18:23 - 2012-04-16 17:28 - 00000000 ____D () C:\ProgramData\Nuance 2014-01-26 15:12 - 2014-01-26 15:10 - 00000000 ____D () C:\Users\Thomas\Desktop\Digitalkamera 2014-01-23 19:35 - 2014-01-21 17:22 - 00000000 ____D () C:\Users\Thomas\Documents\Calibre-Bibliothek 2014-01-23 17:03 - 2014-01-21 17:22 - 00000000 ____D () C:\Users\Thomas\AppData\Roaming\calibre 2014-01-22 20:38 - 2014-01-22 20:38 - 00001057 _____ () C:\Users\Thomas\Desktop\Dropbox.lnk 2014-01-22 20:38 - 2014-01-22 20:37 - 00000000 ____D () C:\Users\Thomas\AppData\Roaming\DropboxMaster 2014-01-22 20:38 - 2010-01-11 20:34 - 00000000 ____D () C:\Users\Thomas 2014-01-22 20:37 - 2014-01-22 20:37 - 00000000 ____D () C:\Users\Thomas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox 2014-01-22 20:37 - 2010-01-11 20:34 - 00000000 ___RD () C:\Users\Thomas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup 2014-01-22 20:36 - 2014-01-22 20:35 - 37660568 _____ (Dropbox, Inc.) C:\Users\Thomas\Downloads\Dropbox 2.6.2.exe 2014-01-21 17:56 - 2014-01-21 17:56 - 01887871 _____ () C:\Users\Thomas\Downloads\tools_v5.0.exe 2014-01-21 17:33 - 2014-01-21 17:23 - 00000000 ____D () C:\Users\Thomas\AppData\Local\calibre-cache 2014-01-21 17:22 - 2014-01-21 17:22 - 00000947 _____ () C:\Users\Public\Desktop\calibre 64bit - E-book management.lnk 2014-01-21 17:22 - 2014-01-21 17:22 - 00000000 ____D () C:\Program Files\Calibre2 2014-01-21 16:43 - 2014-01-21 16:42 - 59793408 _____ () C:\Users\Thomas\Downloads\calibre-64bit-1.20.0.msi 2014-01-20 19:31 - 2014-01-20 19:30 - 00005327 _____ () C:\Windows\SysWOW64\jupdate-1.7.0_51-b13.log 2014-01-20 19:31 - 2013-10-23 15:50 - 00000000 ____D () C:\ProgramData\Oracle 2014-01-20 19:31 - 2010-01-20 16:47 - 00000000 ____D () C:\Program Files (x86)\Java 2014-01-19 14:58 - 2014-01-19 14:58 - 00000000 ____D () C:\Users\Thomas\AppData\Roaming\VisualTailor 2014-01-16 20:22 - 2009-07-14 05:45 - 00409952 _____ () C:\Windows\system32\FNTCACHE.DAT 2014-01-15 22:03 - 2013-08-14 19:34 - 00000000 ____D () C:\Windows\system32\MRT 2014-01-15 22:00 - 2010-01-17 10:41 - 86054176 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe Files to move or delete: ==================== C:\Users\Thomas\seticons.reg Some content of TEMP: ==================== C:\Users\Thomas\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpngk1hm.dll C:\Users\Thomas\AppData\Local\Temp\jre-7u51-windows-i586-iftw.exe C:\Users\Thomas\AppData\Local\Temp\torload.exe C:\Users\Thomas\AppData\Local\Temp\torloadproxy.dll ==================== Bamital & volsnap Check ================= C:\Windows\System32\winlogon.exe => MD5 is legit C:\Windows\System32\wininit.exe => MD5 is legit C:\Windows\SysWOW64\wininit.exe => MD5 is legit C:\Windows\explorer.exe => MD5 is legit C:\Windows\SysWOW64\explorer.exe => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\SysWOW64\svchost.exe => MD5 is legit C:\Windows\System32\services.exe => MD5 is legit C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\SysWOW64\User32.dll => MD5 is legit C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\SysWOW64\userinit.exe => MD5 is legit C:\Windows\System32\rpcss.dll => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit LastRegBack: 2014-02-08 09:14 ==================== End Of Log ============================ --- --- --- --- --- --- Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x64) Version: 09-02-2014 03 Ran by Thomas at 2014-02-10 17:15:36 Running from C:\Users\Thomas\Downloads Boot Mode: Normal ========================================================== ==================== Security Center ======================== AV: McAfee VirusScan Enterprise (Enabled - Up to date) {ADA629C7-7F48-5689-624A-3B76997E0892} AS: McAfee VirusScan Enterprise Antispyware Module (Enabled - Up to date) {16C7C823-5972-5907-58FA-0004E2F9422F} AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} ==================== Installed Programs ====================== @icon sushi 1.21 (x32 Version: - towofu's SOFT) 3DVIA player 5.0 (x32 Version: 5.0.0.12 - 3DVIA) 7-Zip 4.65 (x64 edition) (Version: 4.65.00.0 - Igor Pavlov) A1 Internet Software (x32 Version: 8.1.1.64 - A1 Telekom Austria AG) A1 Internet Software (x32 Version: 8.1.1.64 - A1 Telekom Austria AG) Hidden Adobe Acrobat 7.0 Professional - English, Français, Deutsch (x32 Version: 7.0.0 - Adobe Systems) Adobe Acrobat 7.0 Professional - English, Français, Deutsch (x32 Version: 7.0.0 - Adobe Systems) Hidden Adobe Flash Player 12 ActiveX (x32 Version: 12.0.0.44 - Adobe Systems Incorporated) Adobe Flash Player 12 Plugin (x32 Version: 12.0.0.44 - Adobe Systems Incorporated) Adobe Reader 9.5.5 - Deutsch (x32 Version: 9.5.5 - Adobe Systems Incorporated) Agent Ransack 2010 (64-bit) (Version: - ) Agent Ransack Version 1.7.3 (x32 Version: - ) AMR to MP3 Converter 1.4 (x32 Version: - amrtomp3converter.com) Apple Application Support (x32 Version: 2.1.7 - Apple Inc.) Apple Software Update (x32 Version: 2.1.3.127 - Apple Inc.) Audacity 1.3.12 (Unicode) (x32 Version: - Audacity Team) BitTorrent (x32 Version: 7.6.1 - BitTorrent Inc.) BlackArmor Backup (x32 Version: 12.1.9799 - Seagate) BurnInTest v7.1 Pro (Version: 7.1 - Passmark Software) calibre 64bit (Version: 1.20.0 - Kovid Goyal) Canon IJ Scan Utility (x32 Version: - Canon Inc.) Canon MG5400 series Benutzerregistrierung (x32 Version: - Canon Inc.) Canon MG5400 series MP Drivers (Version: 1.00 - Canon Inc.) Canon MG5400 series On-screen Manual (x32 Version: 7.5.0 - Canon Inc.) Canon My Image Garden (x32 Version: 1.0.0 - Canon Inc.) Canon My Image Garden Design Files (x32 Version: 1.0.0 - Canon Inc.) Canon My Printer (x32 Version: 3.0.0 - Canon Inc.) Canon Quick Menu (x32 Version: 2.0.0 - Canon Inc.) capella reader 6.0 (x32 Version: 6.0.19.0 - capella software GmbH) CDBurnerXP (x32 Version: 4.3.0.2015 - CDBurnerXP) Chinese Traditional Fonts Support For Adobe Reader 9 (x32 Version: 9.0.0 - Adobe Systems Incorporated) ClickCon (x32 Version: - ) CoCreate Drafting 2008 (x32 Version: 16.50.68251 - Parametric Technology GmbH (a subsidiary of Parametric Technology Corporation)) CoCreate License Server 2008 (x32 Version: 16.00.4 - Parametric Technology Corporation ) CoCreate Modeling 2008 ( x64 ) (Version: 16.50.1004 - Parametric Technology GmbH) CoCreate Modeling Personal Edition 3.0 ( x64 ) (Version: 30.0.0015 - Parametric Technology GmbH) Corel Shell Extension - 64Bit (Version: 14.0 - Corel Corporation) Hidden CorelDRAW Graphics Suite X4 - Capture (x32 Version: 14.2 - Corel Corporation) Hidden CorelDRAW Graphics Suite X4 - Content (x32 Version: 14.2 - Corel Corporation) Hidden CorelDRAW Graphics Suite X4 - Draw (x32 Version: 14.2 - Corel Corporation) Hidden CorelDRAW Graphics Suite X4 - Filters (x32 Version: 14.2 - Corel Corporation) Hidden CorelDRAW Graphics Suite X4 - FontNav (x32 Version: 14.2 - Corel Corporation) Hidden CorelDRAW Graphics SUite X4 - ICA (x32 Version: 14.2 - Corel Corporation) Hidden CorelDRAW Graphics Suite X4 - IPM (x32 Version: 14.2 - Corel Corporation) Hidden CorelDRAW Graphics Suite X4 - Lang DE (x32 Version: 14.2 - Corel Corporation) Hidden CorelDRAW Graphics Suite X4 - PP (x32 Version: 14.2 - Corel Corporation) Hidden CorelDRAW Graphics Suite X4 - VBA (x32 Version: 14.2 - Corel Corporation) Hidden CorelDRAW Graphics Suite X4 (x32 Version: 14.2 - Corel Corporation) Hidden CorelDRAW(R) Graphics Suite X4 - Windows Shell Extension (x32 Version: - Corel Corporation) CorelDRAW(R) Graphics Suite X4 - Windows Shell Extension (x32 Version: 1.1 - Corel Corporation) Hidden CorelDRAW(R) Graphics Suite X4 (x32 Version: - Corel Corporation) Cortona3D Viewer (x32 Version: 6.0.179 - ParallelGraphics) Dalli-Klick Version 2012 (x32 Version: 2012 - Mediator-Programme) Die Sudoku Challenge (x32 Version: 1.0 - Play at Joe's, Inc.) DivX-Setup (x32 Version: 2.5.0.8 - DivX, LLC) Dropbox (HKCU Version: 2.6.2 - Dropbox, Inc.) DVD Shrink 3.2 (x32 Version: - DVD Shrink) DVD Shrink 3.2 deutsch (DeCSS-frei) (x32 Version: - DVD Shrink) DWG TrueView 2009 (Version: 17.2.56.0 - Autodesk) DWG TrueView 2009 (Version: 17.2.56.0 - Autodesk) Hidden Easy CD-DA Extractor 2010 (x32 Version: 2010 - Poikosoft) Easy CD-DA Extractor 9.1.1 (x32 Version: 9.1.1 - Poikosoft) Easy Poster Printer (x32 Version: 2.0.3 - GD Software) Elevated Installer (x32 Version: 2.3.14.0 - Garmin Ltd or its subsidiaries) Hidden EPSON Scan (x32 Version: - ) EPU-6 Engine (x32 Version: 1.01.14 - ) ffdshow [rev 3154] [2009-12-09] (x32 Version: 1.0 - ) FFmpeg for Audacity on Windows (x32 Version: - ) Finale PrintMusic! 2000 (x32 Version: - ) Finale Reader 2010 (x32 Version: 15.0.r1.0 - MakeMusic) Free YouTube to MP3 Converter version 3.11.37.1212 (x32 Version: 3.11.37.1212 - DVDVideoSoft Ltd.) FreePDF (Remove only) (x32 Version: - ) Garmin Express (x32 Version: 2.3.14.0 - Garmin Ltd or its subsidiaries) Hidden Garmin Express Tray (x32 Version: 2.3.14.0 - Garmin Ltd or its subsidiaries) Hidden GetASFStream (x32 Version: - ) Google Earth (x32 Version: 7.1.2.2041 - Google) Google SketchUp 8 (x32 Version: 3.0.11762 - Google, Inc.) Google Update Helper (x32 Version: 1.3.22.3 - Google Inc.) Hidden GPL Ghostscript 8.71 (x32 Version: - ) Greenshot (x32 Version: - ) HappyFoto Bestellassistent (nur entfernen) (x32 Version: - ) HappyFoto Bestellsoftware (HKCU Version: - HAPPY - FOTO GmbH / ©2010 Aberger Software GmbH) HappyFoto-Designer 2.7 (x32 Version: - ) HBP (C:\Program Files (x86)\HBP) (x32 Version: - ) HOFER Bestellsoftware 4.9 (x32 Version: 4.9 - ORWO Net) HP USB Disk Storage Format Tool (x32 Version: - ) ImagXpress (x32 Version: 7.0.74.0 - Nero AG) Hidden Intel(R) Rapid Storage Technology (x32 Version: 9.6.0.1014 - Intel Corporation) IrfanView (remove only) (x32 Version: 4.32 - Irfan Skiljan) Java 7 Update 51 (x32 Version: 7.0.510 - Oracle) Java Auto Updater (x32 Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden JavaFX 2.1.1 (x32 Version: 2.1.1 - Oracle Corporation) JMicron JMB36X Driver (x32 Version: 1.00.0000 - JMICRON Technology Corp.) LAME v3.99.3 (for Windows) (x32 Version: - ) Malwarebytes Anti-Malware Version 1.75.0.1300 (x32 Version: 1.75.0.1300 - Malwarebytes Corporation) McAfee Agent (x32 Version: 4.6.0.2988 - McAfee, Inc.) McAfee VirusScan Enterprise (x32 Version: 8.8.02004 - McAfee, Inc.) MedienManager 1.4.0 (x32 Version: 1.4.0 - A1 Telekom Austria AG) Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319 - Microsoft Corporation) Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319 - Microsoft Corporation) Hidden Microsoft .NET Framework 4 Extended (Version: 4.0.30319 - Microsoft Corporation) Microsoft .NET Framework 4 Extended (Version: 4.0.30319 - Microsoft Corporation) Hidden Microsoft Office Excel Viewer (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Microsoft Office PowerPoint Viewer 2007 (German) (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Microsoft Silverlight (Version: 5.1.20913.0 - Microsoft Corporation) Microsoft Small Basic v0.8 (x32 Version: 0.8 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.56336 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.61000 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (Version: 9.0.21022 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022.218 (x32 Version: 9.0.21022.218 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (x32 Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (x32 Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (x32 Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 8.0 Support DLLs (x32 Version: 1.0.0 - McNeel & Associates) Microsoft_VC100_CRT_SP1_x64 (Version: 10.0.40219.1 - Nokia) Hidden Microsoft_VC100_CRT_SP1_x86 (x32 Version: 10.0.40219.1 - Nokia) Hidden Mozilla Firefox 27.0 (x86 de) (x32 Version: 27.0 - Mozilla) Mozilla Maintenance Service (x32 Version: 24.3.0 - Mozilla) Mozilla Thunderbird 24.3.0 (x86 de) (x32 Version: 24.3.0 - Mozilla) MSVC80_x64_v2 (Version: 1.0.3.0 - Nokia) Hidden MSVC80_x86_v2 (x32 Version: 1.0.3.0 - Nokia) Hidden MSVC90_x64 (Version: 1.0.1.2 - Nokia) Hidden MSVC90_x86 (x32 Version: 1.0.1.2 - Nokia) Hidden MSXML 4.0 SP2 (KB954430) (x32 Version: 4.20.9870.0 - Microsoft Corporation) MSXML 4.0 SP2 (KB973688) (x32 Version: 4.20.9876.0 - Microsoft Corporation) neroxml (x32 Version: 1.0.0 - Nero AG) Hidden nLite 1.4.9.1 (x32 Version: 1.4.9.1 - Dino Nuhagic (nuhi)) Nokia Connectivity Cable Driver (x32 Version: 7.1.69.0 - Nokia) Nokia PC Suite (x32 Version: 7.1.51.0 - Nokia) Nokia PC Suite (x32 Version: 7.1.51.0 - Nokia) Hidden Notepad++ (x32 Version: 6.2.2 - ) NVIDIA 3D Vision Controller-Treiber 310.90 (Version: 310.90 - NVIDIA Corporation) NVIDIA 3D Vision Treiber 311.06 (Version: 311.06 - NVIDIA Corporation) NVIDIA Grafiktreiber 311.06 (Version: 311.06 - NVIDIA Corporation) NVIDIA HD-Audiotreiber 1.3.18.0 (Version: 1.3.18.0 - NVIDIA Corporation) NVIDIA Install Application (Version: 2.1002.109.718 - NVIDIA Corporation) Hidden NVIDIA PhysX (x32 Version: 9.12.1031 - NVIDIA Corporation) Hidden NVIDIA PhysX-Systemsoftware 9.12.1031 (Version: 9.12.1031 - NVIDIA Corporation) NVIDIA Stereoscopic 3D Driver (x32 Version: 7.17.13.1106 - NVIDIA Corporation) Hidden NVIDIA Systemsteuerung 311.06 (Version: 311.06 - NVIDIA Corporation) Hidden Octava SD4 (x32 Version: 5.01 - Obtiv) OpenOffice 4.0.0 (x32 Version: 4.00.9702 - Apache Software Foundation) Opera 12.16 (x32 Version: 12.16.1860 - Opera Software ASA) PC Connectivity Solution (x32 Version: 11.5.29.0 - Nokia) PDF-XChange Viewer (Version: 2.0.53.0 - Tracker Software Products Ltd.) PE Builder 3.1.10a (x32 Version: - Bart Lagerweij) PHOTOfunSTUDIO HD Edition (x32 Version: 3.00.126 - Panasonic) PIKO Master Control V2.0 v1.2.2.38199 (x32 Version: 1.2.2.38199 - KOSTAL Solar Electric GmbH) PIKO-Master-Control (x32 Version: 1.0.46 - Kostal Solar Electric GmbH) PL-2303 USB-to-Serial (x32 Version: 1.00.000 - Prolific Technology INC) PowerShellScriptOMatic v.1.0 (x32 Version: 1.0.0 - MrEdSoftware) PWGen 2.1.0 (x32 Version: - Christian Thöing) QuickTime (x32 Version: 7.72.80.56 - Apple Inc.) Realtek Ethernet Controller Driver (x32 Version: 7.49.927.2011 - Realtek) Realtek High Definition Audio Driver (x32 Version: 6.0.1.5859 - Realtek Semiconductor Corp.) RedMon - Redirection Port Monitor (Version: - ) Rhinoceros 4.0 Testversion (x32 Version: 4.0.60309 - Robert McNeel & Associates) Security.filter (x32 Version: 1.33.153.1 - ivanisimus) SimLab 3DPDF (x32 Version: 2.46 - SimLab) SimLab 3DPDF (x32 Version: 2.46 - SimLab) Hidden SimLab Plugin 2.41 for Google SketchUp (x32 Version: 2.41 - SimLab Soft) Skype Toolbars (x32 Version: 5.0.4112 - Skype Technologies S.A.) Skype™ 5.10 (x32 Version: 5.10.116 - Skype Technologies S.A.) System Requirements Lab (x32 Version: - ) TeamViewer 8 (x32 Version: 8.0.22298 - TeamViewer) TightVNC 2.0.2 (x32 Version: 2.0.2 - GlavSoft LLC.) TreeSize Free V2.7 (x32 Version: 2.7 - JAM Software) TurboV (x32 Version: 1.00.41 - ) TVersity Codec Pack 1.4 (x32 Version: 1.4 - TVersity Inc.) TVersity Media Server 1.9.3 (x32 Version: 1.9.3 - TVersity) U.S. Robotics 56K Faxmodem USB (Version: - ) UltraVnc (Version: 1.1.9.3 - uvnc bvba) Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (x32 Version: 1 - Microsoft Corporation) Update for Microsoft .NET Framework 4 Client Profile (KB2473228) (x32 Version: 1 - Microsoft Corporation) Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (x32 Version: 1 - Microsoft Corporation) Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (x32 Version: 1 - Microsoft Corporation) Update for Microsoft .NET Framework 4 Client Profile (KB2836939v3) (x32 Version: 3 - Microsoft Corporation) Update for Microsoft .NET Framework 4 Extended (KB2468871) (x32 Version: 1 - Microsoft Corporation) Update for Microsoft .NET Framework 4 Extended (KB2533523) (x32 Version: 1 - Microsoft Corporation) Update for Microsoft .NET Framework 4 Extended (KB2600217) (x32 Version: 1 - Microsoft Corporation) Update for Microsoft .NET Framework 4 Extended (KB2836939v3) (x32 Version: 3 - Microsoft Corporation) URL Snooper v2.29.01 (x32 Version: - DonationCoder.com) VC80CRTRedist - 8.0.50727.4053 (x32 Version: 1.1.0 - DivX, Inc) Hidden Visual Basic for Applications (R) Core - English (x32 Version: 6.4.99.69 - Microsoft Corporation) Hidden Visual Basic for Applications (R) Core - German (x32 Version: 6.4.99.69 - Microsoft Corporation) Hidden Visual Basic for Applications (R) Core (x32 Version: 6.4.99.69 - Microsoft Corporation) Hidden VLC media player 2.1.0 (x32 Version: 2.1.0 - VideoLAN) Windows Media Player Firefox Plugin (x32 Version: 1.0.0.8 - Microsoft Corp) Windows XP Mode (Version: 1.3.7600.16422 - Microsoft Corporation) Windows-Treiberpaket - Nokia Modem (06/09/2010 4.5) (Version: 06/09/2010 4.5 - Nokia) Windows-Treiberpaket - Nokia Modem (06/09/2010 7.01.0.7) (Version: 06/09/2010 7.01.0.7 - Nokia) Windows-Treiberpaket - Nokia pccsmcfd (08/22/2008 7.0.0.0) (Version: 08/22/2008 7.0.0.0 - Nokia) WinMerge 2.12.4 (x32 Version: 2.12.4 - Thingamahoochie Software) WinPcap 4.1.2 (x32 Version: 4.1.0.2001 - CACE Technologies) ==================== Restore Points ========================= ==================== Hosts content: ========================== 2009-07-14 03:34 - 2009-06-10 22:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts ==================== Scheduled Tasks (whitelisted) ============= Task: {011BC0D0-84D5-4DEC-98ED-CCACEF0C49D6} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-07-23] (Google Inc.) Task: {22CCED42-3250-492C-BA17-85588E932F60} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-07-23] (Google Inc.) Task: {40220252-BF8C-4316-B035-C0953E742ADC} - System32\Tasks\ASUS\ASUS SIX Engine => C:\Program Files (x86)\ASUS\EPU-6 Engine\SixEngine.exe [2009-05-25] () Task: {9DA3F9B0-5772-48FE-A578-DA5A485930DF} - System32\Tasks\Microsoft\Windows\WindowsBackup\AutomaticBackup => Rundll32.exe /d sdengin2.dll,ExecuteScheduledBackup Task: {D16AD48B-3CF3-477A-B3EE-53FC53617482} - System32\Tasks\{22DBF023-BB07-4CC4-8340-7A9FEC129AC2} => C:\Program Files (x86)\Skype\\Phone\Skype.exe [2012-07-13] (Skype Technologies S.A.) Task: {EA09B9DC-ABBD-4735-B7B0-EAD8B988496A} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-02-06] (Adobe Systems Incorporated) Task: {EA3EA430-4AE2-4838-AD07-F41ACD0D6DE5} - System32\Tasks\RunAsStdUser Task => C:\Program Files (x86)\Moo0\ImageViewer SP 1.73\ImageViewer.exe Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe ==================== Loaded Modules (whitelisted) ============= 2011-11-13 10:41 - 2009-05-25 10:33 - 06017024 _____ () C:\Program Files (x86)\ASUS\EPU-6 Engine\SixEngine.exe 2011-08-06 10:19 - 2010-07-12 06:52 - 00548864 _____ () C:\Program Files (x86)\Greenshot\Greenshot.exe 2010-01-11 20:59 - 2009-05-25 14:56 - 05391872 _____ () C:\Program Files\ASUS\TurboV\TurboV.exe 2010-01-11 20:59 - 2009-04-02 05:27 - 00090112 ____R () C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe 2007-04-18 19:30 - 2007-04-18 19:30 - 00393216 _____ () C:\Program Files (x86)\McAfee\Common Framework\cryptocme2.dll 2007-04-18 19:30 - 2007-04-18 19:30 - 00471040 _____ () C:\Program Files (x86)\McAfee\Common Framework\ccme_base.dll 2012-08-14 19:08 - 2012-08-14 19:08 - 00150328 _____ () C:\Program Files (x86)\McAfee\VirusScan Enterprise\WscAv.dll 2011-11-13 10:41 - 2009-04-22 20:20 - 00179712 _____ () C:\Program Files (x86)\ASUS\EPU-6 Engine\ASUSSERVICE.DLL 2011-11-13 10:41 - 2009-04-20 13:55 - 00565248 _____ () C:\Program Files (x86)\ASUS\EPU-6 Engine\pngio.dll 2011-11-13 10:41 - 2009-04-20 13:55 - 00053248 _____ () C:\Program Files (x86)\ASUS\EPU-6 Engine\AsSpindownTimeout.dll 2010-01-28 22:18 - 2009-11-12 13:48 - 00071096 _____ () C:\Program Files (x86)\CDBurnerXP\NMSAccessU.exe 2011-08-06 10:19 - 2010-07-12 06:52 - 00028672 _____ () C:\Program Files (x86)\Greenshot\GreenshotPlugin.dll 2010-01-11 20:59 - 2008-12-10 20:27 - 00565248 _____ () C:\Program Files\ASUS\TurboV\pngio.dll 2010-01-11 20:59 - 2009-04-29 12:47 - 01296896 _____ () C:\Program Files\ASUS\TurboV\OcProfile.dll 2010-01-11 20:59 - 2008-12-15 20:01 - 00131072 _____ () C:\Program Files\ASUS\TurboV\TVOCLIB.DLL 2014-02-10 16:31 - 2014-02-10 16:31 - 00041984 _____ () c:\users\thomas\appdata\local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpngk1hm.dll 2013-10-19 00:55 - 2013-10-19 00:55 - 25100288 _____ () C:\Users\Thomas\AppData\Roaming\Dropbox\bin\libcef.dll 2013-08-19 10:16 - 2013-08-19 10:16 - 00170496 _____ () C:\Windows\assembly\NativeImages_v2.0.50727_32\IsdiInterop\44bfa824a3b8a6f789fda79a2e01a8db\IsdiInterop.ni.dll 2010-04-10 13:05 - 2010-03-03 19:08 - 00058880 _____ () C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IsdiInterop.dll 2014-02-06 19:23 - 2014-02-06 19:23 - 03019376 _____ () C:\Program Files (x86)\Mozilla Thunderbird\mozjs.dll 2014-02-06 19:23 - 2014-02-06 19:23 - 00158832 _____ () C:\Program Files (x86)\Mozilla Thunderbird\NSLDAP32V60.dll 2014-02-06 19:23 - 2014-02-06 19:23 - 00023152 _____ () C:\Program Files (x86)\Mozilla Thunderbird\NSLDAPPR32V60.dll 2014-02-05 20:12 - 2014-02-05 20:12 - 03583600 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll 2014-02-06 17:36 - 2014-02-06 17:36 - 16287624 _____ () C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_44.dll ==================== Alternate Data Streams (whitelisted) ========= AlternateDataStreams: C:\ProgramData\TEMP:5FBC93CD AlternateDataStreams: C:\ProgramData\TEMP:7061ECCF AlternateDataStreams: C:\ProgramData\TEMP:DE406C3E ==================== Safe Mode (whitelisted) =================== HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk.sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfevtp => ""="Driver" ==================== Faulty Device Manager Devices ============= ==================== Event log errors: ========================= Application errors: ================== Error: (02/09/2014 11:02:45 AM) (Source: McLogEvent) (User: Thomas-PC) Description: Der Scan hat Entdeckungen gefunden. Scan-Modul der Version 5600.1067 DAT-Version 7342. Error: (02/09/2014 08:31:01 AM) (Source: McLogEvent) (User: NT-AUTORITÄT) Description: A thread in process C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe took longer than 90000 ms to complete a request. The process will be terminated. Thread id : 4196 (0x1064) Thread address : 0x00000000776912FA Thread message : Build VSCORE.15.0.0.476 / 5600.1067 Object being scanned = \Device\HarddiskVolume1\Windows\system32\de-DE\mprmsg.dll.mui by C:\Windows\system32\svchost.exe 4(0)(0) 4(0)(0) 7200(0)(0) 7595(0)(0) 7005(0)(0) 7004(0)(0) 5006(0)(0) 5004(0)(0) Error: (02/09/2014 08:31:01 AM) (Source: McLogEvent) (User: NT-AUTORITÄT) Description: A thread in process C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe took longer than 90000 ms to complete a request. The process will be terminated. Thread id : 4008 (0xfa8) Thread address : 0x00000000776912FA Thread message : Build VSCORE.15.0.0.476 / 5600.1067 Object being scanned = \Device\HarddiskVolume1\Windows\system32\mpssvc.dll by C:\Windows\System32\svchost.exe 4(0)(0) 4(0)(0) 7200(0)(0) 7595(0)(0) 7005(0)(0) 7004(0)(0) 5006(0)(0) 5004(0)(0) Error: (01/31/2014 08:45:20 PM) (Source: SideBySide) (User: ) Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3. Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion. In Konflikt stehende Komponenten:. Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest. Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest. Error: (01/31/2014 08:45:20 PM) (Source: SideBySide) (User: ) Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3. Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion. In Konflikt stehende Komponenten:. Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest. Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest. Error: (01/22/2014 09:49:04 PM) (Source: Application Hang) (User: ) Description: Programm firefox.exe, Version 26.0.0.5087 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: 1690 Startzeit: 01cf17b2fc5e9424 Endzeit: 40 Anwendungspfad: C:\Program Files (x86)\Mozilla Firefox\firefox.exe Berichts-ID: 9e3d1723-83a6-11e3-aba3-e0cb4e1978e2 Error: (01/22/2014 08:48:53 PM) (Source: Application Error) (User: ) Description: Name der fehlerhaften Anwendung: i_view32.exe, Version: 4.3.3.0, Zeitstempel: 0x4f72c4ac Name des fehlerhaften Moduls: SCNUI.DLL, Version: 19.0.1.25, Zeitstempel: 0x4f950fad Ausnahmecode: 0xc0000005 Fehleroffset: 0x0009b352 ID des fehlerhaften Prozesses: 0x970 Startzeit der fehlerhaften Anwendung: 0xi_view32.exe0 Pfad der fehlerhaften Anwendung: i_view32.exe1 Pfad des fehlerhaften Moduls: i_view32.exe2 Berichtskennung: i_view32.exe3 Error: (01/15/2014 06:27:55 PM) (Source: Application Hang) (User: ) Description: Programm firefox.exe, Version 26.0.0.5087 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: 47c Startzeit: 01cf1216df671074 Endzeit: 16 Anwendungspfad: C:\Program Files (x86)\Mozilla Firefox\firefox.exe Berichts-ID: 5b99ad12-7e0a-11e3-a5b9-e0cb4e1978e2 Error: (01/14/2014 10:36:02 AM) (Source: McLogEvent) (User: ) Description: Task Manager : Service Error : StartServiceCtrlDispatcher failed. Error: (01/08/2014 09:45:22 PM) (Source: Application Error) (User: ) Description: Name der fehlerhaften Anwendung: STOR_allOS_8[1].7.0.1007_PV.exe, Version: 12.0.0.49974, Zeitstempel: 0x4474907b Name des fehlerhaften Moduls: STOR_allOS_8[1].7.0.1007_PV.exe, Version: 12.0.0.49974, Zeitstempel: 0x4474907b Ausnahmecode: 0xc0000005 Fehleroffset: 0x0001e48b ID des fehlerhaften Prozesses: 0x156c Startzeit der fehlerhaften Anwendung: 0xSTOR_allOS_8[1].7.0.1007_PV.exe0 Pfad der fehlerhaften Anwendung: STOR_allOS_8[1].7.0.1007_PV.exe1 Pfad des fehlerhaften Moduls: STOR_allOS_8[1].7.0.1007_PV.exe2 Berichtskennung: STOR_allOS_8[1].7.0.1007_PV.exe3 System errors: ============= Error: (02/09/2014 08:31:42 AM) (Source: Service Control Manager) (User: ) Description: Der Dienst "McAfee McShield" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 5000 Millisekunden durchgeführt: Neustart des Diensts. Error: (02/08/2014 08:11:56 PM) (Source: Service Control Manager) (User: ) Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Windows-Fehlerberichterstattungsdienst erreicht. Error: (02/08/2014 08:41:23 AM) (Source: Service Control Manager) (User: ) Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Windows-Fehlerberichterstattungsdienst erreicht. Error: (02/04/2014 05:02:12 PM) (Source: DCOM) (User: ) Description: {005A3A96-BAC4-4B0A-94EA-C0CE100EA736} Error: (01/17/2014 07:34:22 PM) (Source: volsnap) (User: ) Description: Die Schattenkopien von Volume "C:" wurden abgebrochen, weil der Schattenkopiespeicher nicht auf ein benutzerdefiniertes Limit vergrößert werden konnte. Error: (01/08/2014 09:24:56 PM) (Source: Schannel) (User: NT-AUTORITÄT) Description: Es wurde eine schwerwiegende Warnung generiert: 40. Der interne Fehlerstatus lautet: 252. Error: (01/08/2014 09:24:56 PM) (Source: Schannel) (User: NT-AUTORITÄT) Description: Es wurde eine schwerwiegende Warnung generiert: 40. Der interne Fehlerstatus lautet: 252. Error: (01/08/2014 09:24:22 PM) (Source: Schannel) (User: NT-AUTORITÄT) Description: Es wurde eine schwerwiegende Warnung generiert: 40. Der interne Fehlerstatus lautet: 252. Error: (01/08/2014 09:24:22 PM) (Source: Schannel) (User: NT-AUTORITÄT) Description: Es wurde eine schwerwiegende Warnung generiert: 40. Der interne Fehlerstatus lautet: 252. Error: (01/08/2014 09:24:09 PM) (Source: Schannel) (User: NT-AUTORITÄT) Description: Es wurde eine schwerwiegende Warnung generiert: 40. Der interne Fehlerstatus lautet: 252. Microsoft Office Sessions: ========================= Error: (02/09/2014 11:02:45 AM) (Source: McLogEvent)(User: Thomas-PC) Description: Der Scan hat Entdeckungen gefunden. Scan-Modul der Version 5600.1067 DAT-Version 7342. Error: (02/09/2014 08:31:01 AM) (Source: McLogEvent)(User: NT-AUTORITÄT) Description: C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe900004196 (0x1064)0x00000000776912FA Build VSCORE.15.0.0.476 / 5600.1067 Object being scanned = \Device\HarddiskVolume1\Windows\system32\de-DE\mprmsg.dll.mui by C:\Windows\system32\svchost.exe 4(0)(0) 4(0)(0) 7200(0)(0) 7595(0)(0) 7005(0)(0) 7004(0)(0) 5006(0)(0) 5004(0)(0) Error: (02/09/2014 08:31:01 AM) (Source: McLogEvent)(User: NT-AUTORITÄT) Description: C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe900004008 (0xfa8)0x00000000776912FA Build VSCORE.15.0.0.476 / 5600.1067 Object being scanned = \Device\HarddiskVolume1\Windows\system32\mpssvc.dll by C:\Windows\System32\svchost.exe 4(0)(0) 4(0)(0) 7200(0)(0) 7595(0)(0) 7005(0)(0) 7004(0)(0) 5006(0)(0) 5004(0)(0) Error: (01/31/2014 08:45:20 PM) (Source: SideBySide)(User: ) Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Users\Thomas\Downloads\SoftonicDownloader_fuer_multi-timer.exe Error: (01/31/2014 08:45:20 PM) (Source: SideBySide)(User: ) Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Users\Thomas\Downloads\SoftonicDownloader_fuer_multi-timer.exe Error: (01/22/2014 09:49:04 PM) (Source: Application Hang)(User: ) Description: firefox.exe26.0.0.5087169001cf17b2fc5e942440C:\Program Files (x86)\Mozilla Firefox\firefox.exe9e3d1723-83a6-11e3-aba3-e0cb4e1978e2 Error: (01/22/2014 08:48:53 PM) (Source: Application Error)(User: ) Description: i_view32.exe4.3.3.04f72c4acSCNUI.DLL19.0.1.254f950fadc00000050009b35297001cf17aaf3f03ecbC:\Program Files (x86)\IrfanView\i_view32.exeC:\Windows\TWAIN_32\MG5400 series\SCNUI.DLL3834a05e-839e-11e3-aba3-e0cb4e1978e2 Error: (01/15/2014 06:27:55 PM) (Source: Application Hang)(User: ) Description: firefox.exe26.0.0.508747c01cf1216df67107416C:\Program Files (x86)\Mozilla Firefox\firefox.exe5b99ad12-7e0a-11e3-a5b9-e0cb4e1978e2 Error: (01/14/2014 10:36:02 AM) (Source: McLogEvent)(User: ) Description: StartServiceCtrlDispatcher failed. Error: (01/08/2014 09:45:22 PM) (Source: Application Error)(User: ) Description: STOR_allOS_8[1].7.0.1007_PV.exe12.0.0.499744474907bSTOR_allOS_8[1].7.0.1007_PV.exe12.0.0.499744474907bc00000050001e48b156c01cf0cb28b5be4c1D:\Software\Treiber\Intel AHCI Matrix storage manager\STOR_allOS_8[1].7.0.1007_PV.exeD:\Software\Treiber\Intel AHCI Matrix storage manager\STOR_allOS_8[1].7.0.1007_PV.execa6f678c-78a5-11e3-b646-e0cb4e1978e2 CodeIntegrity Errors: =================================== Date: 2010-01-11 21:27:59.337 Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\naiavf5a.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert. Date: 2010-01-11 21:27:59.321 Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\naiavf5a.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert. Date: 2010-01-11 21:27:51.303 Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\naiavf5a.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert. Date: 2010-01-11 21:27:51.303 Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\naiavf5a.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert. ==================== Memory info =========================== Percentage of memory in use: 47% Total physical RAM: 4087.09 MB Available physical RAM: 2164.88 MB Total Pagefile: 8172.35 MB Available Pagefile: 5889.82 MB Total Virtual: 8192 MB Available Virtual: 8191.82 MB ==================== Drives ================================ Drive c: (System-reserviert) (Fixed) (Total:97.66 GB) (Free:22.01 GB) NTFS ==>[Drive with boot components (obtained from BCD)] Drive d: (Daten) (Fixed) (Total:368.1 GB) (Free:250.94 GB) NTFS Drive e: (DataRaid0) (Fixed) (Total:149.04 GB) (Free:21.48 GB) NTFS ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or 8) (Size: 466 GB) (Disk ID: E51AFE49) Partition 1: (Active) - (Size=98 GB) - (Type=07 NTFS) Partition 2: (Not Active) - (Size=368 GB) - (Type=07 NTFS) ======================================================== Disk: 1 (MBR Code: Windows 7 or 8) (Size: 149 GB) (Disk ID: 1D7C896A) Partition 1: (Not Active) - (Size=149 GB) - (Type=07 NTFS) ==================== End Of Log ============================ |
10.02.2014, 23:41 | #4 | |
/// Winkelfunktion /// TB-Süch-Tiger™ | Beim Anklicken von Links öffnet sich http://open.url.ph/70244Zitat:
__________________ Logfiles bitte immer in CODE-Tags posten |
11.02.2014, 18:46 | #5 |
| Beim Anklicken von Links öffnet sich http://open.url.ph/70244 Nein. Warum? |
12.02.2014, 09:48 | #6 |
/// Winkelfunktion /// TB-Süch-Tiger™ | Beim Anklicken von Links öffnet sich http://open.url.ph/70244 Du fragst warum? Begründung steht im Zitat. Warum hast du auf einer privaten Kiste McAfee VirusScan Enterprise sowie Corel Graphics Suite X4 und ein Windows 7 Professional?
__________________ --> Beim Anklicken von Links öffnet sich http://open.url.ph/70244 |
12.02.2014, 18:34 | #7 |
| Beim Anklicken von Links öffnet sich http://open.url.ph/70244 Du hast nach einem gewerblich genutzten System gefragt. Bei einem Familienbetrieb verläuft die Grenze oft nicht ganz geradlinig. Wenn du meinst illegal, das mit Sicherheit nicht. OK, Corel Suite sollte schon lange deinstalliert werden, wurde nicht mehr genutzt und vergessen. Aber was hat das mit meinem Problem zu tun? |
12.02.2014, 22:12 | #8 | |
/// Winkelfunktion /// TB-Süch-Tiger™ | Beim Anklicken von Links öffnet sich http://open.url.ph/70244 Das hat was mit unseren Regeln zu tun! Firmenrechner werden hier eigentlich nicht bereinigt Siehe => http://www.trojaner-board.de/108422-...-anfragen.html Zitat:
__________________ Logfiles bitte immer in CODE-Tags posten |
14.02.2014, 22:00 | #9 |
| Beim Anklicken von Links öffnet sich http://open.url.ph/70244 Ich habe die Regeln gelesen, bevor ich den Beitrag geöffnet habe. Der PC ist privat. Ehrenwort. Deshalb habe ich auch keine Angabe bezüglich Kleinunternehmen ohne IT-Support gemacht. Das trifft bei mir nebenbei auch zu. |
15.02.2014, 15:12 | #10 |
/// Winkelfunktion /// TB-Süch-Tiger™ | Beim Anklicken von Links öffnet sich http://open.url.ph/70244 Ok. Dann bitte jetzt Combofix ausführen: Scan mit Combofix
__________________ Logfiles bitte immer in CODE-Tags posten |
16.02.2014, 21:59 | #11 |
| Beim Anklicken von Links öffnet sich http://open.url.ph/70244 Danke! Hier das Ergebnis: Code:
ATTFilter ComboFix 14-02-16.01 - Thomas 16.02.2014 20:44:22.1.8 - x64 Microsoft Windows 7 Professional 6.1.7601.1.1252.43.1031.18.4087.2296 [GMT 1:00] ausgeführt von:: c:\users\Thomas\Desktop\ComboFix.exe AV: McAfee VirusScan Enterprise *Disabled/Updated* {ADA629C7-7F48-5689-624A-3B76997E0892} SP: McAfee VirusScan Enterprise Antispyware Module *Disabled/Updated* {16C7C823-5972-5907-58FA-0004E2F9422F} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} * Neuer Wiederherstellungspunkt wurde erstellt . . (((((((((((((((((((((((((((((((((((( Weitere Löschungen )))))))))))))))))))))))))))))))))))))))))))))))) . . c:\programdata\4953CDAF0A.sys c:\programdata\B7BB024061.sys c:\programdata\BEB208B17B.sys . . ((((((((((((((((((((((((((((((((((((((( Treiber/Dienste ))))))))))))))))))))))))))))))))))))))))))))))))) . . -------\Service_uvnc_service . . ((((((((((((((((((((((( Dateien erstellt von 2014-01-16 bis 2014-02-16 )))))))))))))))))))))))))))))) . . 2014-02-16 13:19 . 2014-02-16 13:19 -------- d-----w- c:\users\Thomas\AppData\Local\Adobe_Systems_Incorporate 2014-02-16 13:17 . 2014-02-16 13:17 -------- d-----w- c:\windows\SysWow64\Adobe 2014-02-12 17:40 . 2013-12-21 09:53 548864 ----a-w- c:\windows\system32\vbscript.dll 2014-02-12 17:40 . 2013-12-21 08:56 454656 ----a-w- c:\windows\SysWow64\vbscript.dll 2014-02-12 17:28 . 2013-12-06 02:30 1882112 ----a-w- c:\windows\system32\msxml3.dll 2014-02-12 17:27 . 2013-12-24 23:09 1987584 ----a-w- c:\windows\SysWow64\d3d10warp.dll 2014-02-12 17:27 . 2013-12-24 22:48 2565120 ----a-w- c:\windows\system32\d3d10warp.dll 2014-02-12 17:27 . 2013-11-26 08:16 3419136 ----a-w- c:\windows\SysWow64\d2d1.dll 2014-02-12 17:27 . 2013-11-22 22:48 3928064 ----a-w- c:\windows\system32\d2d1.dll 2014-02-10 16:14 . 2014-02-10 16:16 -------- d-----w- C:\FRST 2014-02-06 19:27 . 2014-02-06 19:27 -------- d-----w- c:\users\Thomas\AppData\Roaming\Malwarebytes 2014-02-06 19:27 . 2014-02-06 19:27 -------- d-----w- c:\programdata\Malwarebytes 2014-02-06 19:27 . 2014-02-06 19:27 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware 2014-02-06 19:27 . 2013-04-04 13:50 25928 ----a-w- c:\windows\system32\drivers\mbam.sys 2014-02-06 18:23 . 2014-02-08 07:42 -------- d-----w- c:\program files (x86)\Mozilla Thunderbird 2014-01-31 19:34 . 2014-01-31 19:34 -------- d-----w- c:\users\Thomas\AppData\Roaming\TorTemp 2014-01-22 19:38 . 2014-02-16 19:10 -------- d-----r- c:\users\Thomas\Dropbox 2014-01-22 19:37 . 2014-02-16 19:10 -------- d-----w- c:\users\Thomas\AppData\Roaming\Dropbox 2014-01-21 16:23 . 2014-01-21 16:33 -------- d-----w- c:\users\Thomas\AppData\Local\calibre-cache 2014-01-21 16:22 . 2014-01-23 16:03 -------- d-----w- c:\users\Thomas\AppData\Roaming\calibre 2014-01-21 16:22 . 2014-01-21 16:22 -------- d-----w- c:\program files\Calibre2 2014-01-20 18:31 . 2013-12-18 20:09 96168 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll 2014-01-19 13:58 . 2014-01-19 13:58 -------- d-----w- c:\users\Thomas\AppData\Roaming\VisualTailor . . . (((((((((((((((((((((((((((((((((((( Find3M Bericht )))))))))))))))))))))))))))))))))))))))))))))))))))))) . 2014-02-16 13:52 . 2010-01-17 09:41 88567024 ----a-w- c:\windows\system32\MRT.exe 2014-02-06 16:36 . 2012-04-04 14:04 692616 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe 2014-02-06 16:36 . 2011-05-17 19:08 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl 2013-12-23 10:00 . 2010-02-04 17:35 2568 --sha-w- c:\programdata\KGyGaAvL.sys 2013-11-27 01:41 . 2014-01-15 17:31 343040 ----a-w- c:\windows\system32\drivers\usbhub.sys 2013-11-27 01:41 . 2014-01-15 17:31 99840 ----a-w- c:\windows\system32\drivers\usbccgp.sys 2013-11-27 01:41 . 2014-01-15 17:31 53248 ----a-w- c:\windows\system32\drivers\usbehci.sys 2013-11-27 01:41 . 2014-01-15 17:31 325120 ----a-w- c:\windows\system32\drivers\usbport.sys 2013-11-27 01:41 . 2014-01-15 17:31 25600 ----a-w- c:\windows\system32\drivers\usbohci.sys 2013-11-27 01:41 . 2014-01-15 17:31 30720 ----a-w- c:\windows\system32\drivers\usbuhci.sys 2013-11-27 01:41 . 2014-01-15 17:31 7808 ----a-w- c:\windows\system32\drivers\usbd.sys 2013-11-26 11:40 . 2014-01-15 17:31 376768 ----a-w- c:\windows\system32\drivers\netio.sys 2013-11-26 10:32 . 2014-01-15 17:31 3156480 ----a-w- c:\windows\system32\win32k.sys 2013-11-23 18:26 . 2013-12-11 10:11 417792 ----a-w- c:\windows\SysWow64\WMPhoto.dll 2013-11-23 17:47 . 2013-12-11 10:11 465920 ----a-w- c:\windows\system32\WMPhoto.dll 2007-03-12 16:59 . 2007-03-12 16:59 299008 ----a-w- c:\program files\navigram_register.exe . . (((((((((((((((((((((((((((( Autostartpunkte der Registrierung )))))))))))))))))))))))))))))))))))))))) . . *Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. REGEDIT4 . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1] @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}] 2013-09-10 23:54 131248 ----a-w- c:\users\Thomas\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2] @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}] 2013-09-10 23:54 131248 ----a-w- c:\users\Thomas\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3] @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}] 2013-09-10 23:54 131248 ----a-w- c:\users\Thomas\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Greenshot"="c:\program files (x86)\Greenshot\Greenshot.exe" [2010-07-12 548864] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "TurboV"="c:\program files\ASUS\TurboV\TurboV.exe" [2009-05-25 5391872] "JMB36X IDE Setup"="c:\windows\RaidTool\xInsIDE.exe" [2009-06-30 36864] "ISUSScheduler"="c:\program files (x86)\Common Files\InstallShield\UpdateService\issch.exe" [2004-06-16 81920] "IAStorIcon"="c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" [2010-03-03 284696] "FreePDF Assistant"="c:\program files (x86)\FreePDF_XP\fpassist.exe" [2009-09-05 385024] "BlackArmorBackupMonitor.exe"="c:\program files (x86)\Seagate\BlackArmorBackup\BlackArmorBackupMonitor.exe" [2009-07-24 4386112] "AcronisTimounterMonitor"="c:\program files (x86)\Seagate\BlackArmorBackup\TimounterMonitor.exe" [2009-07-24 965600] "Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2013-05-08 41056] "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576] "APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-20 59240] "CanonQuickMenu"="c:\program files (x86)\Canon\Quick Menu\CNQMMAIN.EXE" [2012-04-03 1273448] "Acrobat Assistant 7.0"="c:\program files (x86)\Adobe\Acrobat 7.0\Distillr\Acrotray.exe" [2004-12-14 483328] "McAfeeUpdaterUI"="c:\program files (x86)\McAfee\Common Framework\udaterui.exe" [2012-09-05 333416] "ShStatEXE"="c:\program files (x86)\McAfee\VirusScan Enterprise\SHSTAT.EXE" [2012-08-14 215656] "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2013-07-02 254336] . c:\users\Thomas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ Dropbox.lnk - c:\users\Thomas\AppData\Roaming\Dropbox\bin\Dropbox.exe /systemstartup [2014-1-3 33508336] . c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ Adobe Acrobat - Schnellstart.lnk - c:\windows\Installer\{AC76BA86-1033-F400-7760-100000000002}\SC_Acrobat.exe [2013-5-10 25214] PHOTOfunSTUDIO HD Edition.lnk - c:\program files (x86)\Panasonic\PHOTOfunSTUDIO\PhAutoRun.exe [2010-3-16 46568] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows] "LoadAppInit_DLLs"=1 (0x1) . R2 AsSysCtrlService;ASUS System Control Service;c:\program files (x86)\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe;c:\program files (x86)\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe [x] R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x] R2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [x] R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [x] R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x] R3 CoCreate License Server;CoCreate License Server;c:\program files (x86)\CoCreate\CoCreate License Server 2008\MEls32.exe;c:\program files (x86)\CoCreate\CoCreate License Server 2008\MEls32.exe [x] R3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudbus.sys;c:\windows\SYSNATIVE\DRIVERS\ssudbus.sys [x] R3 Garmin Core Update Service;Garmin Core Update Service;c:\program files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe;c:\program files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe [x] R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x] R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x] R3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys;c:\windows\SYSNATIVE\drivers\mferkdet.sys [x] R3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudmdm.sys;c:\windows\SYSNATIVE\DRIVERS\ssudmdm.sys [x] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x] R3 vpcuxd;USB-Virtualisierungsstubdienst;c:\windows\system32\DRIVERS\vpcuxd.sys;c:\windows\SYSNATIVE\DRIVERS\vpcuxd.sys [x] R3 WatAdminSvc;Windows-Aktivierungstechnologieservice;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x] R3 Winacusb;Winacusb;c:\windows\system32\DRIVERS\winaxusb.sys;c:\windows\SYSNATIVE\DRIVERS\winaxusb.sys [x] R4 PS3 Media Server;PS3 Media Server;c:\program files (x86)\PS3 Media Server\win32\service\wrapper.exe;c:\program files (x86)\PS3 Media Server\win32\service\wrapper.exe [x] S0 mfewfpk;McAfee Inc. mfewfpk;c:\windows\system32\drivers\mfewfpk.sys;c:\windows\SYSNATIVE\drivers\mfewfpk.sys [x] S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [x] S2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe;c:\windows\SYSNATIVE\mfevtps.exe [x] S2 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys;c:\windows\SYSNATIVE\drivers\npf.sys [x] S2 SgtSch2Svc;Seagate Scheduler2 Service;c:\program files (x86)\Common Files\Seagate\Schedule2\schedul2.exe;c:\program files (x86)\Common Files\Seagate\Schedule2\schedul2.exe [x] S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [x] S2 TeamViewer8;TeamViewer 8;c:\program files (x86)\TeamViewer\Version8\TeamViewer_Service.exe;c:\program files (x86)\TeamViewer\Version8\TeamViewer_Service.exe [x] S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x] . . --- Andere Dienste/Treiber im Speicher --- . *NewlyCreated* - WS2IFSL *Deregistered* - mfeavfk01 . Inhalt des "geplante Tasks" Ordners . 2014-02-16 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-04 16:36] . 2014-02-16 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-07-23 16:43] . 2014-02-16 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-07-23 16:43] . . --------- X64 Entries ----------- . . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Skytel"="c:\program files\Realtek\Audio\HDA\Skytel.exe" [2009-05-22 1833504] "Seagate Scheduler2 Service"="c:\program files (x86)\Common Files\Seagate\Schedule2\schedhlp.exe" [2009-07-24 376456] "RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-05-22 7833120] . ------- Zusätzlicher Suchlauf ------- . uLocal Page = c:\windows\system32\blank.htm uStart Page = about:blank mLocal Page = c:\windows\SysWOW64\blank.htm IE: Ausgewählte Verknüpfungen in Adobe PDF konvertieren - c:\program files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html IE: Ausgewählte Verknüpfungen in vorhandene PDF-Datei konvertieren - c:\program files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html IE: Auswahl in Adobe PDF konvertieren - c:\program files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html IE: Auswahl in vorhandene PDF-Datei konvertieren - c:\program files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html IE: Free YouTube to MP3 Converter - c:\users\Thomas\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm IE: In Adobe PDF konvertieren - c:\program files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html IE: In vorhandene PDF-Datei konvertieren - c:\program files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html IE: Verknüpfungsziel in Adobe PDF konvertieren - c:\program files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html IE: Verknüpfungsziel in vorhandene PDF-Datei konvertieren - c:\program files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html Trusted Zone: ams-engineering.com\vpn TCP: DhcpNameServer = 10.0.0.138 DPF: {79D6214F-CFCE-480F-9901-27950E78F1E6} - hxxps://vpn.ams-engineering.com/MLWebCacheCleaner.cab FF - ProfilePath - c:\users\Thomas\AppData\Roaming\Mozilla\Firefox\Profiles\9wv2m9d7.default\ FF - prefs.js: browser.startup.homepage - about:newtab . - - - - Entfernte verwaiste Registrierungseinträge - - - - . Wow6432Node-HKCU-Run-StoppUhr - (no file) Wow6432Node-HKLM-Run-<NO NAME> - (no file) HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start ShellIconOverlayIdentifiers-{FB314ED9-A251-47B7-93E1-CDD82E34AF8B} - (no file) ShellIconOverlayIdentifiers-{FB314EDA-A251-47B7-93E1-CDD82E34AF8B} - (no file) ShellIconOverlayIdentifiers-{FB314EDB-A251-47B7-93E1-CDD82E34AF8B} - (no file) ShellIconOverlayIdentifiers-{FB314EDC-A251-47B7-93E1-CDD82E34AF8B} - (no file) AddRemove-HappyFoto Bestellsoftware - c:\windows\system32\javaws.exe . . . --------------------- Gesperrte Registrierungsschluessel --------------------- . [HKEY_USERS\.Default\Software\Classes\CLSID] @DACL=(02 0000) . [HKEY_USERS\S-1-5-21-807310499-3347933236-1669874931-1000_Classes\CLSID] @DACL=(02 0000) . [HKEY_USERS\S-1-5-21-807310499-3347933236-1669874931-1000_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}] @DACL=(02 0000) @="Dropbox Autoplay COM Server" . [HKEY_USERS\S-1-5-21-807310499-3347933236-1669874931-1000_Classes\CLSID\{3faa4380-a399-11cf-a466-00805fe418f6}] @DACL=(02 0000) @="DWG TrueView Icon Shell Extension" . [HKEY_USERS\S-1-5-21-807310499-3347933236-1669874931-1000_Classes\CLSID\{591E5416-DDC3-45E6-BE9D-C40D0B418F6E}] @DACL=(02 0000) . [HKEY_USERS\S-1-5-21-807310499-3347933236-1669874931-1000_Classes\CLSID\{7AABBB95-79BE-4C0F-8024-EB6AF271231C}] @DACL=(02 0000) @="DWG TrueView Drawing" . [HKEY_USERS\S-1-5-21-807310499-3347933236-1669874931-1000_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}] @DACL=(02 0000) @="DropboxExt" . [HKEY_USERS\S-1-5-21-807310499-3347933236-1669874931-1000_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}] @DACL=(02 0000) @="DropboxExt" . [HKEY_USERS\S-1-5-21-807310499-3347933236-1669874931-1000_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}] @DACL=(02 0000) @="DropboxExt" . [HKEY_USERS\S-1-5-21-807310499-3347933236-1669874931-1000_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}] @DACL=(02 0000) @="DropboxExt" . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_12_0_0_44_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_12_0_0_44_ActiveX.exe" . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_12_0_0_44_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_12_0_0_44_ActiveX.exe" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_12_0_0_44.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.11" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_12_0_0_44.ocx, 1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_12_0_0_44.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_12_0_0_44.ocx, 1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\software\McAfee] "SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79, 00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,6f,00,66,00,\ . [HKEY_LOCAL_MACHINE\software\Network Associates] "SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79, 00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,6f,00,66,00,\ . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0006\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000001 . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . ------------------------ Weitere laufende Prozesse ------------------------ . c:\windows\SysWOW64\bgsvcgen.exe c:\program files (x86)\McAfee\Common Framework\FrameworkService.exe c:\program files (x86)\ASUS\EPU-6 Engine\SixEngine.exe c:\program files (x86)\McAfee\VirusScan Enterprise\VsTskMgr.exe c:\program files (x86)\CDBurnerXP\NMSAccessU.exe c:\program files (x86)\Common Files\Protexis\License Service\PsiService_2.exe c:\program files (x86)\McAfee\VirusScan Enterprise\mfeann.exe c:\program files (x86)\McAfee\Common Framework\naPrdMgr.exe . ************************************************************************** . Zeit der Fertigstellung: 2014-02-16 21:16:58 - PC wurde neu gestartet ComboFix-quarantined-files.txt 2014-02-16 20:16 . Vor Suchlauf: 22 Verzeichnis(se), 23.871.832.064 Bytes frei Nach Suchlauf: 27 Verzeichnis(se), 24.807.317.504 Bytes frei . - - End Of File - - 86151FB9F05D560903BACF6121E30037 |
16.02.2014, 22:13 | #12 |
/// Winkelfunktion /// TB-Süch-Tiger™ | Beim Anklicken von Links öffnet sich http://open.url.ph/70244 Adware/Junkware/Toolbars entfernen 1. Schritt: adwCleaner Downloade Dir bitte AdwCleaner auf deinen Desktop.
2. Schritt: JRT - Junkware Removal Tool Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
3. Schritt: Frisches Log mit FRST Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop: FRST 32-Bit | FRST 64-Bit (Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
__________________ Logfiles bitte immer in CODE-Tags posten |
16.02.2014, 22:17 | #13 |
| Beim Anklicken von Links öffnet sich http://open.url.ph/70244 Was ich noch dazusagen muss. Seit heute morgen wurde keine einzige Werbung mehr eingeblendet und das Problem mit der falschen Weiterleitung auf hxxp://open.url.ph/... ist auch nicht mehr aufgetreten. Vorgestern habe ich nochmals einen Scan mit Malwarebytes gemacht und der hat einiges gefunden und bereinigt. Hier das Log: Code:
ATTFilter Malwarebytes Anti-Malware (Test) 1.75.0.1300 www.malwarebytes.org Datenbank Version: v2014.02.13.06 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 11.0.9600.16518 Thomas :: THOMAS-PC [Administrator] Schutz: Aktiviert 14.02.2014 15:48:05 mbam-log-2014-02-14 (15-48-05).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|E:\|) Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 605949 Laufzeit: 2 Stunde(n), 25 Minute(n), 27 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 2 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Security.filter (PUP.Optional.Securityfilter.A) -> Keine Aktion durchgeführt. HKLM\Software\Security.filter (PUP.Optional.Securityfilter.A) -> Keine Aktion durchgeführt. Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 1 C:\Program Files (x86)\Security.filter (PUP.Optional.Securityfilter.A) -> Keine Aktion durchgeführt. Infizierte Dateien: 19 C:\Program Files (x86)\Security.filter\Security.filter-bg.exe (PUP.Optional.Securityfilter.A) -> Keine Aktion durchgeführt. C:\Program Files (x86)\Security.filter\Security.filter-bho64.dll (PUP.Optional.Securityfilter.A) -> Keine Aktion durchgeführt. C:\Program Files (x86)\Security.filter\Security.filter-buttonutil.exe (PUP.Optional.Securityfilter.A) -> Keine Aktion durchgeführt. C:\Program Files (x86)\Security.filter\Security.filter-buttonutil64.exe (PUP.Optional.Securityfilter.A) -> Keine Aktion durchgeführt. C:\Program Files (x86)\Security.filter\Security.filter-chromeinstaller.exe (PUP.Optional.Securityfilter.A) -> Keine Aktion durchgeführt. C:\Program Files (x86)\Security.filter\Security.filter-codedownloader.exe (PUP.Optional.Securityfilter.A) -> Keine Aktion durchgeführt. C:\Program Files (x86)\Security.filter\Security.filter-enabler.exe (PUP.Optional.Securityfilter.A) -> Keine Aktion durchgeführt. C:\Program Files (x86)\Security.filter\Security.filter-firefoxinstaller.exe (PUP.Optional.Securityfilter.A) -> Keine Aktion durchgeführt. C:\Program Files (x86)\Security.filter\Uninstall.exe (PUP.Optional.Securityfilter.A) -> Keine Aktion durchgeführt. C:\Users\Thomas\AppData\Local\Temp\is-87RIR.tmp\security-filter.exe (PUP.Optional.Securityfilter.A) -> Keine Aktion durchgeführt. C:\Users\Thomas\AppData\Local\Temp\is-I9JI4.tmp\security-filter.exe (PUP.Optional.Securityfilter.A) -> Keine Aktion durchgeführt. C:\Program Files (x86)\Security.filter\background.html (PUP.Optional.Securityfilter.A) -> Keine Aktion durchgeführt. C:\Program Files (x86)\Security.filter\49482.crx (PUP.Optional.Securityfilter.A) -> Keine Aktion durchgeführt. C:\Program Files (x86)\Security.filter\49482.xpi (PUP.Optional.Securityfilter.A) -> Keine Aktion durchgeführt. C:\Program Files (x86)\Security.filter\Installer.log (PUP.Optional.Securityfilter.A) -> Keine Aktion durchgeführt. C:\Program Files (x86)\Security.filter\Security.filter-buttonutil.dll (PUP.Optional.Securityfilter.A) -> Keine Aktion durchgeführt. C:\Program Files (x86)\Security.filter\Security.filter-buttonutil64.dll (PUP.Optional.Securityfilter.A) -> Keine Aktion durchgeführt. C:\Program Files (x86)\Security.filter\Security.filter-helper.exe (PUP.Optional.Securityfilter.A) -> Keine Aktion durchgeführt. C:\Program Files (x86)\Security.filter\Security.filter.ico (PUP.Optional.Securityfilter.A) -> Keine Aktion durchgeführt. (Ende) Kanns sein, dass das das Problem war oder ist nur zufällig momentan Ruhe? |
16.02.2014, 22:34 | #14 |
/// Winkelfunktion /// TB-Süch-Tiger™ | Beim Anklicken von Links öffnet sich http://open.url.ph/70244 Trotzdem die geforderten Tools ausführen und Logs posten
__________________ Logfiles bitte immer in CODE-Tags posten |
16.02.2014, 22:44 | #15 |
| Beim Anklicken von Links öffnet sich http://open.url.ph/70244 Schon geschehen! Code:
ATTFilter # AdwCleaner v3.018 - Bericht erstellt am 16/02/2014 um 22:23:16 # Updated 28/01/2014 von Xplode # Betriebssystem : Windows 7 Professional Service Pack 1 (64 bits) # Benutzername : Thomas - THOMAS-PC # Gestartet von : C:\Users\Thomas\Desktop\adwcleaner.exe # Option : Löschen ***** [ Dienste ] ***** ***** [ Dateien / Ordner ] ***** Ordner Gelöscht : C:\Program Files (x86)\Ilivid Ordner Gelöscht : C:\Program Files (x86)\Common Files\DVDVideoSoft\TB Ordner Gelöscht : C:\Users\Thomas\AppData\Local\DownloadGuide Ordner Gelöscht : C:\Users\Thomas\AppData\Local\Ilivid Player Ordner Gelöscht : C:\Users\Thomas\AppData\Local\PackageAware Ordner Gelöscht : C:\Users\Thomas\AppData\LocalLow\boost_interprocess Ordner Gelöscht : C:\Users\Thomas\AppData\Roaming\dvdvideosoftiehelpers ***** [ Verknüpfungen ] ***** ***** [ Registrierungsdatenbank ] ***** Wert Gelöscht : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [{ACAA314B-EEBA-48E4-AD47-84E31C44796C}] Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Applications\ilividsetupv1.exe Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\iLividSetupV1_RASAPI32 Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\iLividSetupV1_RASMANCS Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SetupDataMngr_Searchqu_RASAPI32 Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SetupDataMngr_Searchqu_RASMANCS Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader47683_RASAPI32 Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader47683_RASMANCS Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_fuer_flash-video-downloader_RASAPI32 Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_fuer_flash-video-downloader_RASMANCS Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{898EA8C8-E7FF-479B-8935-AEC46303B9E5} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660466946682} Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497} Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{7854F00C-DC77-477E-A10E-603F48442D3B} Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{898EA8C8-E7FF-479B-8935-AEC46303B9E5} Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497} Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{898EA8C8-E7FF-479B-8935-AEC46303B9E5} Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497} Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{898EA8C8-E7FF-479B-8935-AEC46303B9E5} Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{4250488A-CB24-0893-C066-B1AEA57BCFF2} Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660466946682} Schlüssel Gelöscht : HKCU\Software\OCS Schlüssel Gelöscht : HKCU\Software\Softonic Schlüssel Gelöscht : HKCU\Software\YahooPartnerToolbar Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{CD95D125-2992-4858-B3EF-5F6FB52FBAD6} ***** [ Browser ] ***** -\\ Internet Explorer v11.0.9600.16518 -\\ Mozilla Firefox v27.0.1 (de) [ Datei : C:\Users\Thomas\AppData\Roaming\Mozilla\Firefox\Profiles\9wv2m9d7.default\prefs.js ] Zeile gelöscht : user_pref("extensions.crossrider.bic", "143e9c19a3969bceda024244e1b5b33a"); ************************* AdwCleaner[R0].txt - [4238 octets] - [16/02/2014 22:21:33] AdwCleaner[S0].txt - [3888 octets] - [16/02/2014 22:23:16] ########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [3948 octets] ########## Code:
ATTFilter ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Junkware Removal Tool (JRT) by Thisisu Version: 6.1.1 (02.04.2014:1) OS: Windows 7 Professional x64 Ran by Thomas on 16.02.2014 at 22:27:26,79 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~ Services ~~~ Registry Values ~~~ Registry Keys Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{22222222-2222-2222-2222-220422942282} Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{22222222-2222-2222-2222-220422942282} ~~~ Files ~~~ Folders ~~~ FireFox Emptied folder: C:\Users\Thomas\AppData\Roaming\mozilla\firefox\profiles\9wv2m9d7.default\minidumps [93 files] ~~~ Event Viewer Logs were cleared ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Scan was completed on 16.02.2014 at 22:34:32,14 End of JRT log ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 16-02-2014 Ran by Thomas (administrator) on THOMAS-PC on 16-02-2014 22:38:07 Running from C:\Users\Thomas\Desktop Windows 7 Professional Service Pack 1 (X64) OS Language: German Standard Internet Explorer Version 11 Boot Mode: Normal ==================== Processes (Whitelisted) ================= (NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe (NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe () C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe (B.H.A Corporation) C:\Windows\SysWOW64\bgsvcgen.exe () C:\Program Files (x86)\ASUS\EPU-6 Engine\SixEngine.exe (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (McAfee, Inc.) C:\Program Files (x86)\McAfee\Common Framework\FrameworkService.exe (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (McAfee, Inc.) C:\Program Files (x86)\McAfee\VirusScan Enterprise\VsTskMgr.exe (McAfee, Inc.) C:\Windows\system32\mfevtps.exe () C:\Program Files (x86)\CDBurnerXP\NMSAccessU.exe (McAfee, Inc.) C:\Program Files (x86)\McAfee\VirusScan Enterprise\mfeann.exe (Protexis Inc.) c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe (Seagate) C:\Program Files (x86)\Common Files\Seagate\Schedule2\schedul2.exe (McAfee, Inc.) C:\Program Files (x86)\McAfee\Common Framework\naPrdMgr.exe (TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe (Seagate) C:\Program Files (x86)\Common Files\Seagate\Schedule2\schedhlp.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe () C:\Program Files (x86)\Greenshot\Greenshot.exe (Panasonic Corporation) C:\Program Files (x86)\Panasonic\PHOTOfunSTUDIO\PhAutoRun.exe (Dropbox, Inc.) C:\Users\Thomas\AppData\Roaming\Dropbox\bin\Dropbox.exe () C:\Program Files\ASUS\TurboV\TurboV.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (shbox.de) C:\Program Files (x86)\FreePDF_XP\fpassist.exe (Seagate) C:\Program Files (x86)\Seagate\BlackArmorBackup\BlackArmorBackupMonitor.exe (Seagate) C:\Program Files (x86)\Seagate\BlackArmorBackup\TimounterMonitor.exe (Adobe Systems Inc.) C:\Program Files (x86)\Adobe\Acrobat 7.0\Distillr\acrotray.exe (McAfee, Inc.) C:\Program Files (x86)\McAfee\Common Framework\UdaterUI.exe (Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe (McAfee, Inc.) C:\Program Files (x86)\McAfee\Common Framework\McTray.exe (McAfee, Inc.) C:\Program Files (x86)\McAfee\VirusScan Enterprise\SHSTAT.EXE (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe ==================== Registry (Whitelisted) ================== HKLM\...\Run: [Skytel] - C:\Program Files\Realtek\Audio\HDA\Skytel.exe [1833504 2009-05-22] (Realtek Semiconductor Corp.) HKLM\...\Run: [Seagate Scheduler2 Service] - C:\Program Files (x86)\Common Files\Seagate\Schedule2\schedhlp.exe [376456 2009-07-24] (Seagate) HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [7833120 2009-05-22] (Realtek Semiconductor) HKLM-x32\...\Run: [TurboV] - C:\Program Files\ASUS\TurboV\TurboV.exe [5391872 2009-05-25] () HKLM-x32\...\Run: [JMB36X IDE Setup] - C:\Windows\RaidTool\xInsIDE.exe [36864 2009-06-30] () HKLM-x32\...\Run: [ISUSScheduler] - C:\Program Files (x86)\Common Files\InstallShield\UpdateService\issch.exe [81920 2004-06-16] (InstallShield Software Corporation) HKLM-x32\...\Run: [IAStorIcon] - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [284696 2010-03-03] (Intel Corporation) HKLM-x32\...\Run: [FreePDF Assistant] - C:\Program Files (x86)\FreePDF_XP\fpassist.exe [385024 2009-09-05] (shbox.de) HKLM-x32\...\Run: [BlackArmorBackupMonitor.exe] - C:\Program Files (x86)\Seagate\BlackArmorBackup\BlackArmorBackupMonitor.exe [4386112 2009-07-24] (Seagate) HKLM-x32\...\Run: [AcronisTimounterMonitor] - C:\Program Files (x86)\Seagate\BlackArmorBackup\TimounterMonitor.exe [965600 2009-07-24] (Seagate) HKLM-x32\...\Run: [Adobe Reader Speed Launcher] - C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe [41056 2013-05-08] (Adobe Systems Incorporated) HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated) HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59240 2012-02-20] (Apple Inc.) HKLM-x32\...\Run: [CanonQuickMenu] - C:\Program Files (x86)\Canon\Quick Menu\CNQMMAIN.EXE [1273448 2012-04-03] (CANON INC.) HKLM-x32\...\Run: [Acrobat Assistant 7.0] - C:\Program Files (x86)\Adobe\Acrobat 7.0\Distillr\Acrotray.exe [483328 2004-12-14] (Adobe Systems Inc.) HKLM-x32\...\Run: [] - [X] HKLM-x32\...\Run: [McAfeeUpdaterUI] - C:\Program Files (x86)\McAfee\Common Framework\udaterui.exe [333416 2012-09-05] (McAfee, Inc.) HKLM-x32\...\Run: [ShStatEXE] - C:\Program Files (x86)\McAfee\VirusScan Enterprise\SHSTAT.EXE [215656 2012-08-14] (McAfee, Inc.) HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation) HKU\S-1-5-21-807310499-3347933236-1669874931-1000\...\Run: [Greenshot] - C:\Program Files (x86)\Greenshot\Greenshot.exe [548864 2010-07-12] () Startup: C:\Users\Thomas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk ShortcutTarget: Dropbox.lnk -> C:\Users\Thomas\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) ==================== Internet (Whitelisted) ==================== HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xB09CDE77FF92CA01 HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-at StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe SearchScopes: HKCU - {243C8535-257A-437A-B7D2-9DF2FF56AACC} URL = hxxp://www.google.at/search?hl=de&source=hp&q={searchTerms}&meta=&aq=f&oq= BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\McAfee\SystemCore\ScriptSn.20131002192655.dll (McAfee, Inc.) BHO-x32: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files (x86)\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) BHO-x32: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated) BHO-x32: DivX Plus Web Player HTML5 <video> - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC) BHO-x32: DivX HiQ - {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC) BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO-x32: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20131002192655.dll (McAfee, Inc.) BHO-x32: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) Toolbar: HKLM-x32 - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) Toolbar: HKCU - No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No File DPF: HKLM {6E718D87-6909-4FCE-92D4-EDCB2F725727} file:///C:/Program%20Files%20(x86)/C.online/VIEWERINSTALL/applications/Navigram.cab DPF: HKLM-x32 {44C1E3A2-B594-401C-B27A-D1B4476E4797} https://vpn.ams-engineering.com/XTSAC.cab DPF: HKLM-x32 {79D6214F-CFCE-480F-9901-27950E78F1E6} https://vpn.ams-engineering.com/MLWebCacheCleaner.cab DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - No File Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies) Tcpip\Parameters: [DhcpNameServer] 10.0.0.138 FireFox: ======== FF ProfilePath: C:\Users\Thomas\AppData\Roaming\Mozilla\Firefox\Profiles\9wv2m9d7.default FF Homepage: about:newtab FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_9_900_170.dll () FF Plugin: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf - C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products Ltd.) FF Plugin: @microsoft.com/GENUINE - disabled No File FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation) FF Plugin: @tracker-software.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf - C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products Ltd.) FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_44.dll () FF Plugin-x32: @adobe.com/ShockwavePlayer - C:\Windows\SysWOW64\Adobe\Director\np32dsw_1207148.dll (Adobe Systems, Inc.) FF Plugin-x32: @canon.com/EPPEX - C:\Program Files (x86)\Canon\My Image Garden\AddOn\CIG\npmigfpi.dll (CANON INC.) FF Plugin-x32: @divx.com/DivX Browser Plugin,version=1.0.0 - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC) FF Plugin-x32: @divx.com/DivX VOD Helper,version=1.0.0 - C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.) FF Plugin-x32: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf - C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll (Tracker Software Products Ltd.) FF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google) FF Plugin-x32: @java.com/DTPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin-x32: @microsoft.com/GENUINE - disabled No File FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation) FF Plugin-x32: @nvidia.com/3DVision - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation) FF Plugin-x32: @nvidia.com/3DVisionStreaming - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation) FF Plugin-x32: @parallelgraphics.com/Cortona - C:\Program Files (x86)\Common Files\ParallelGraphics\Cortona\npCortona.dll (ParallelGraphics) FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: @tracker-software.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf - C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll (Tracker Software Products Ltd.) FF Plugin-x32: @videolan.org/vlc,version=2.1.0 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN) FF Plugin-x32: @virtools.com/3DviaPlayer - C:\Program Files (x86)\Virtools\3D Life Player\npvirtools.dll (Dassault Systèmes) FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\np-mswmp.dll (Microsoft Corporation) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npCortona.dll (ParallelGraphics) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npPDFXCviewNPPlugin.dll (Tracker Software Products Ltd.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin6.dll (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin7.dll (Apple Inc.) FF SearchPlugin: C:\Users\Thomas\AppData\Roaming\Mozilla\Firefox\Profiles\9wv2m9d7.default\searchplugins\youtube.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml FF Extension: 20-20 3D Viewer - C:\Users\Thomas\AppData\Roaming\Mozilla\Firefox\Profiles\9wv2m9d7.default\Extensions\2020Player@2020Technologies.com [2010-11-09] FF Extension: Garmin Communicator - C:\Users\Thomas\AppData\Roaming\Mozilla\Firefox\Profiles\9wv2m9d7.default\Extensions\{195A3098-0BD5-4e90-AE22-BA1C540AFD1E} [2013-11-19] FF Extension: Skype extension - C:\Program Files (x86)\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1} [2014-02-16] FF HKLM-x32\...\Firefox\Extensions: [bkmrksync@nokia.com] - C:\Program Files (x86)\Nokia\Nokia PC Suite 7\bkmrksync\ FF Extension: PC Sync 2 Synchronisation Extension - C:\Program Files (x86)\Nokia\Nokia PC Suite 7\bkmrksync\ [] FF HKLM-x32\...\Firefox\Extensions: [{23fcfd51-4958-4f00-80a3-ae97e717ed8b}] - C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\html5video FF Extension: DivX Plus Web Player HTML5 <video> - C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\html5video [2011-04-20] FF HKLM-x32\...\Firefox\Extensions: [{6904342A-8307-11DF-A508-4AE2DFD72085}] - C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\wpa FF Extension: DivX HiQ - C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\wpa [2011-04-20] FF HKLM-x32\...\Firefox\Extensions: [{D19CA586-DD6C-4a0a-96F8-14644F340D60}] - C:\Program Files (x86)\Common Files\McAfee\SystemCore FF Extension: IDS_SS_NAME - C:\Program Files (x86)\Common Files\McAfee\SystemCore [2013-10-02] ==================== Services (Whitelisted) ================= R2 AsSysCtrlService; C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe [90112 2009-04-02] () S3 CoCreate License Server; C:\Program Files (x86)\CoCreate\CoCreate License Server 2008\MEls32.exe [9830620 2009-02-27] () S3 Garmin Core Update Service; C:\Program Files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe [250200 2013-09-19] (Garmin Ltd or its subsidiaries) R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation) R2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation) R2 McAfeeFramework; C:\Program Files (x86)\McAfee\Common Framework\FrameworkService.exe [132712 2012-09-05] (McAfee, Inc.) R2 McShield; C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe [202376 2012-09-25] (McAfee, Inc.) R2 McTaskManager; C:\Program Files (x86)\McAfee\VirusScan Enterprise\VsTskMgr.exe [210056 2012-08-14] (McAfee, Inc.) R2 mfevtp; C:\Windows\system32\mfevtps.exe [170440 2012-09-25] (McAfee, Inc.) R2 NMSAccessU; C:\Program Files (x86)\CDBurnerXP\NMSAccessU.exe [71096 2009-11-12] () S4 PS3 Media Server; C:\Program Files (x86)\PS3 Media Server\win32\service\wrapper.exe [217088 2008-08-17] () S3 rpcapd; C:\Program Files (x86)\WinPcap\rpcapd.exe [117264 2010-06-25] (CACE Technologies, Inc.) S3 TVersityMediaServer; C:\ProgramData\TVersity\Media Server\MediaServer.exe [921600 2010-11-24] () ==================== Drivers (Whitelisted) ==================== R1 AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [14392 2007-12-17] () R1 cdrbsdrv; C:\Windows\System32\Drivers\cdrbsdrv.sys [39208 2006-08-25] (B.H.A Corporation) R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation) R3 mfeapfk; C:\Windows\System32\drivers\mfeapfk.sys [169192 2012-09-25] (McAfee, Inc.) R3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [282736 2012-09-25] (McAfee, Inc.) U3 mfeavfk01; No ImagePath R0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [673624 2012-09-25] (McAfee, Inc.) S3 mferkdet; C:\Windows\System32\drivers\mferkdet.sys [101200 2012-09-25] (McAfee, Inc.) R0 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [305280 2012-09-25] (McAfee, Inc.) R3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [15416 2009-05-14] () R2 NPF; C:\Windows\System32\drivers\npf.sys [35344 2010-06-25] (CACE Technologies, Inc.) S3 Serial; C:\Windows\system32\DRIVERS\serial.sys [94208 2009-07-14] (Brother Industries Ltd.) R0 snapman380; C:\Windows\System32\DRIVERS\snman380.sys [237600 2010-04-20] (Acronis) S3 StarOpen; C:\Windows\System32\Drivers\StarOpen.sys [5504 2009-11-12] () S3 StarOpen; C:\Windows\SysWow64\Drivers\StarOpen.sys [7168 2009-11-12] () R0 tdrpman174; C:\Windows\System32\DRIVERS\tdrpm174.sys [1581088 2010-04-20] (Acronis) S3 catchme; \??\C:\ComboFix\catchme.sys [X] S2 mdmxsdk; system32\DRIVERS\mdmxsdk.sys [X] U5 VWiFiFlt; C:\Windows\System32\Drivers\VWiFiFlt.sys [59904 2009-07-14] (Microsoft Corporation) S3 Winacusb; system32\DRIVERS\winaxusb.sys [X] ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2014-02-16 22:38 - 2014-02-16 22:38 - 00019704 _____ () C:\Users\Thomas\Desktop\FRST.txt 2014-02-16 22:37 - 2014-02-16 22:37 - 02152448 _____ (Farbar) C:\Users\Thomas\Desktop\FRST64.exe 2014-02-16 22:34 - 2014-02-16 22:34 - 00000975 _____ () C:\Users\Thomas\Desktop\JRT.txt 2014-02-16 22:27 - 2014-02-16 22:27 - 00000000 ____D () C:\Windows\ERUNT 2014-02-16 22:26 - 2014-02-16 22:26 - 00004032 _____ () C:\Users\Thomas\Desktop\AdwCleaner[S0].txt 2014-02-16 22:21 - 2014-02-16 22:23 - 00000000 ____D () C:\AdwCleaner 2014-02-16 22:20 - 2014-02-16 22:20 - 01037530 _____ (Thisisu) C:\Users\Thomas\Downloads\JRT.exe 2014-02-16 22:20 - 2014-02-16 22:20 - 01037530 _____ (Thisisu) C:\Users\Thomas\Desktop\JRT.exe 2014-02-16 22:19 - 2014-02-16 22:19 - 01166132 _____ () C:\Users\Thomas\Downloads\adwcleaner.exe 2014-02-16 22:19 - 2014-02-16 22:19 - 01166132 _____ () C:\Users\Thomas\Desktop\adwcleaner.exe 2014-02-16 21:50 - 2014-02-16 21:50 - 00023982 _____ () C:\ComboFix.txt 2014-02-16 20:42 - 2014-02-16 21:50 - 00000000 ____D () C:\Qoobox 2014-02-16 20:42 - 2014-02-16 21:14 - 00000000 ____D () C:\Windows\erdnt 2014-02-16 20:42 - 2011-06-26 07:45 - 00256000 _____ () C:\Windows\PEV.exe 2014-02-16 20:42 - 2010-11-07 18:20 - 00208896 _____ () C:\Windows\MBR.exe 2014-02-16 20:42 - 2009-04-20 05:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe 2014-02-16 20:42 - 2000-08-31 01:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe 2014-02-16 20:42 - 2000-08-31 01:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe 2014-02-16 20:42 - 2000-08-31 01:00 - 00098816 _____ () C:\Windows\sed.exe 2014-02-16 20:42 - 2000-08-31 01:00 - 00080412 _____ () C:\Windows\grep.exe 2014-02-16 20:42 - 2000-08-31 01:00 - 00068096 _____ () C:\Windows\zip.exe 2014-02-16 20:38 - 2014-02-16 20:37 - 05183112 ____R (Swearware) C:\Users\Thomas\Desktop\ComboFix.exe 2014-02-16 20:37 - 2014-02-16 20:37 - 05183112 _____ (Swearware) C:\Users\Thomas\Downloads\ComboFix.exe 2014-02-16 20:21 - 2014-02-16 20:21 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox 2014-02-16 14:51 - 2014-02-16 14:51 - 00014076 _____ () C:\Users\Thomas\Downloads\CORA Bestellung Nr. 2092433.html 2014-02-16 14:21 - 2014-02-16 14:25 - 00001540 _____ () C:\Users\Thomas\Downloads\URLLink.acsm 2014-02-16 14:19 - 2014-02-16 14:20 - 00000000 ____D () C:\Users\Thomas\Documents\My Digital Editions 2014-02-16 14:19 - 2014-02-16 14:19 - 06063152 _____ (Adobe Systems Incorporated) C:\Users\Thomas\Downloads\ADE_3.0_Installer.exe 2014-02-16 14:19 - 2014-02-16 14:19 - 00000000 ____D () C:\Users\Thomas\AppData\Local\Adobe_Systems_Incorporate 2014-02-16 14:17 - 2014-02-16 14:17 - 00000000 ____D () C:\Windows\SysWOW64\Adobe 2014-02-12 18:40 - 2013-12-21 10:53 - 00548864 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll 2014-02-12 18:40 - 2013-12-21 09:56 - 00454656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll 2014-02-12 18:39 - 2014-02-06 13:16 - 23170048 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2014-02-12 18:39 - 2014-02-06 12:30 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2014-02-12 18:39 - 2014-02-06 12:30 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll 2014-02-12 18:39 - 2014-02-06 12:12 - 02765824 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2014-02-12 18:39 - 2014-02-06 12:07 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll 2014-02-12 18:39 - 2014-02-06 12:06 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll 2014-02-12 18:39 - 2014-02-06 11:57 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll 2014-02-12 18:39 - 2014-02-06 11:56 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll 2014-02-12 18:39 - 2014-02-06 11:52 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll 2014-02-12 18:39 - 2014-02-06 11:49 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe 2014-02-12 18:39 - 2014-02-06 11:48 - 00708608 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll 2014-02-12 18:39 - 2014-02-06 11:48 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe 2014-02-12 18:39 - 2014-02-06 11:38 - 17103872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2014-02-12 18:39 - 2014-02-06 11:32 - 00218624 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe 2014-02-12 18:39 - 2014-02-06 11:20 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb 2014-02-12 18:39 - 2014-02-06 11:17 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll 2014-02-12 18:39 - 2014-02-06 11:11 - 05768704 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2014-02-12 18:39 - 2014-02-06 11:01 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll 2014-02-12 18:39 - 2014-02-06 11:00 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll 2014-02-12 18:39 - 2014-02-06 10:57 - 02168320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2014-02-12 18:39 - 2014-02-06 10:57 - 00627200 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2014-02-12 18:39 - 2014-02-06 10:52 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll 2014-02-12 18:39 - 2014-02-06 10:52 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll 2014-02-12 18:39 - 2014-02-06 10:50 - 02041856 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl 2014-02-12 18:39 - 2014-02-06 10:49 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll 2014-02-12 18:39 - 2014-02-06 10:47 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe 2014-02-12 18:39 - 2014-02-06 10:46 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll 2014-02-12 18:39 - 2014-02-06 10:25 - 04244480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll 2014-02-12 18:39 - 2014-02-06 10:25 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll 2014-02-12 18:39 - 2014-02-06 10:24 - 02334208 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2014-02-12 18:39 - 2014-02-06 10:22 - 13051392 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2014-02-12 18:39 - 2014-02-06 10:13 - 00524288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll 2014-02-12 18:39 - 2014-02-06 10:09 - 01964032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl 2014-02-12 18:39 - 2014-02-06 10:03 - 11266048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2014-02-12 18:39 - 2014-02-06 09:55 - 01393664 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2014-02-12 18:39 - 2014-02-06 09:41 - 01820160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2014-02-12 18:39 - 2014-02-06 09:40 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll 2014-02-12 18:39 - 2014-02-06 09:36 - 01156096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2014-02-12 18:39 - 2014-02-06 09:34 - 00703488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll 2014-02-12 18:28 - 2014-01-01 00:05 - 00420008 _____ () C:\Windows\SysWOW64\locale.nls 2014-02-12 18:28 - 2014-01-01 00:04 - 00420008 _____ () C:\Windows\system32\locale.nls 2014-02-12 18:28 - 2013-12-06 03:30 - 01882112 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll 2014-02-12 18:28 - 2013-12-06 03:30 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll 2014-02-12 18:28 - 2013-12-06 03:02 - 01237504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll 2014-02-12 18:28 - 2013-12-06 03:02 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll 2014-02-12 18:28 - 2013-12-04 03:27 - 00488448 _____ (Microsoft Corporation) C:\Windows\system32\secproc.dll 2014-02-12 18:28 - 2013-12-04 03:27 - 00485888 _____ (Microsoft Corporation) C:\Windows\system32\secproc_isv.dll 2014-02-12 18:28 - 2013-12-04 03:27 - 00123392 _____ (Microsoft Corporation) C:\Windows\system32\secproc_ssp_isv.dll 2014-02-12 18:28 - 2013-12-04 03:27 - 00123392 _____ (Microsoft Corporation) C:\Windows\system32\secproc_ssp.dll 2014-02-12 18:28 - 2013-12-04 03:26 - 00528384 _____ (Microsoft Corporation) C:\Windows\system32\msdrm.dll 2014-02-12 18:28 - 2013-12-04 03:16 - 00658432 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate_isv.exe 2014-02-12 18:28 - 2013-12-04 03:16 - 00626176 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate.exe 2014-02-12 18:28 - 2013-12-04 03:16 - 00553984 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate_ssp.exe 2014-02-12 18:28 - 2013-12-04 03:16 - 00552960 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate_ssp_isv.exe 2014-02-12 18:28 - 2013-12-04 03:03 - 00428032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secproc.dll 2014-02-12 18:28 - 2013-12-04 03:03 - 00423936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secproc_isv.dll 2014-02-12 18:28 - 2013-12-04 03:03 - 00087040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secproc_ssp_isv.dll 2014-02-12 18:28 - 2013-12-04 03:03 - 00087040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secproc_ssp.dll 2014-02-12 18:28 - 2013-12-04 03:02 - 00390144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msdrm.dll 2014-02-12 18:28 - 2013-12-04 02:54 - 00594944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RMActivate_isv.exe 2014-02-12 18:28 - 2013-12-04 02:54 - 00572416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RMActivate.exe 2014-02-12 18:28 - 2013-12-04 02:54 - 00510976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RMActivate_ssp.exe 2014-02-12 18:28 - 2013-12-04 02:54 - 00508928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RMActivate_ssp_isv.exe 2014-02-12 18:27 - 2013-12-25 00:09 - 01987584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll 2014-02-12 18:27 - 2013-12-24 23:48 - 02565120 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll 2014-02-12 18:27 - 2013-11-26 09:16 - 03419136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d2d1.dll 2014-02-12 18:27 - 2013-11-22 23:48 - 03928064 _____ (Microsoft Corporation) C:\Windows\system32\d2d1.dll 2014-02-10 17:15 - 2014-02-10 17:16 - 00034112 _____ () C:\Users\Thomas\Downloads\Addition.txt 2014-02-10 17:14 - 2014-02-16 22:38 - 00000000 ____D () C:\FRST 2014-02-10 17:14 - 2014-02-10 17:16 - 00033262 _____ () C:\Users\Thomas\Downloads\FRST.txt 2014-02-10 17:13 - 2014-02-16 22:37 - 02152448 _____ (Farbar) C:\Users\Thomas\Downloads\FRST64.exe 2014-02-06 20:27 - 2014-02-06 20:27 - 00001126 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk 2014-02-06 20:27 - 2014-02-06 20:27 - 00000000 ____D () C:\Users\Thomas\AppData\Roaming\Malwarebytes 2014-02-06 20:27 - 2014-02-06 20:27 - 00000000 ____D () C:\ProgramData\Malwarebytes 2014-02-06 20:27 - 2014-02-06 20:27 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes' Anti-Malware 2014-02-06 20:27 - 2013-04-04 14:50 - 00025928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys 2014-02-06 20:25 - 2014-02-06 20:26 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\Thomas\Downloads\mbam-setup-1.75.0.1300.exe 2014-02-06 19:23 - 2014-02-08 08:42 - 00000000 ____D () C:\Program Files (x86)\Mozilla Thunderbird 2014-01-28 21:25 - 2014-01-28 21:25 - 02242727 _____ () C:\Users\Thomas\Downloads\brennweitenrechner.zip 2014-01-26 15:10 - 2014-01-26 15:12 - 00000000 ____D () C:\Users\Thomas\Desktop\Digitalkamera 2014-01-22 20:38 - 2014-02-16 21:58 - 00000000 ___RD () C:\Users\Thomas\Dropbox 2014-01-22 20:38 - 2014-01-22 20:38 - 00001057 _____ () C:\Users\Thomas\Desktop\Dropbox.lnk 2014-01-22 20:37 - 2014-02-16 22:25 - 00000000 ____D () C:\Users\Thomas\AppData\Roaming\Dropbox 2014-01-22 20:37 - 2014-01-22 20:38 - 00000000 ____D () C:\Users\Thomas\AppData\Roaming\DropboxMaster 2014-01-22 20:37 - 2014-01-22 20:37 - 00000000 ____D () C:\Users\Thomas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox 2014-01-22 20:35 - 2014-01-22 20:36 - 37660568 _____ (Dropbox, Inc.) C:\Users\Thomas\Downloads\Dropbox 2.6.2.exe 2014-01-21 17:56 - 2014-01-21 17:56 - 01887871 _____ () C:\Users\Thomas\Downloads\tools_v5.0.exe 2014-01-21 17:23 - 2014-01-21 17:33 - 00000000 ____D () C:\Users\Thomas\AppData\Local\calibre-cache 2014-01-21 17:22 - 2014-02-16 14:20 - 00000000 ____D () C:\Users\Thomas\Documents\Calibre-Bibliothek 2014-01-21 17:22 - 2014-01-23 17:03 - 00000000 ____D () C:\Users\Thomas\AppData\Roaming\calibre 2014-01-21 17:22 - 2014-01-21 17:22 - 00000947 _____ () C:\Users\Public\Desktop\calibre 64bit - E-book management.lnk 2014-01-21 17:22 - 2014-01-21 17:22 - 00000000 ____D () C:\Program Files\Calibre2 2014-01-21 16:42 - 2014-01-21 16:43 - 59793408 _____ () C:\Users\Thomas\Downloads\calibre-64bit-1.20.0.msi 2014-01-20 19:31 - 2013-12-18 21:09 - 00096168 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll 2014-01-20 19:31 - 2013-12-18 21:04 - 00264616 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe 2014-01-20 19:31 - 2013-12-18 21:04 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe 2014-01-20 19:31 - 2013-12-18 21:03 - 00174504 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe 2014-01-20 19:30 - 2014-01-20 19:31 - 00005327 _____ () C:\Windows\SysWOW64\jupdate-1.7.0_51-b13.log 2014-01-19 14:58 - 2014-01-19 14:58 - 00000000 ____D () C:\Users\Thomas\AppData\Roaming\VisualTailor ==================== One Month Modified Files and Folders ======= 2014-02-16 22:39 - 2014-02-16 22:38 - 00019704 _____ () C:\Users\Thomas\Desktop\FRST.txt 2014-02-16 22:38 - 2014-02-10 17:14 - 00000000 ____D () C:\FRST 2014-02-16 22:37 - 2014-02-16 22:37 - 02152448 _____ (Farbar) C:\Users\Thomas\Desktop\FRST64.exe 2014-02-16 22:37 - 2014-02-10 17:13 - 02152448 _____ (Farbar) C:\Users\Thomas\Downloads\FRST64.exe 2014-02-16 22:36 - 2012-04-04 15:04 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job 2014-02-16 22:34 - 2014-02-16 22:34 - 00000975 _____ () C:\Users\Thomas\Desktop\JRT.txt 2014-02-16 22:33 - 2009-07-14 18:58 - 00698726 _____ () C:\Windows\system32\perfh007.dat 2014-02-16 22:33 - 2009-07-14 18:58 - 00148782 _____ () C:\Windows\system32\perfc007.dat 2014-02-16 22:33 - 2009-07-14 06:13 - 01613340 _____ () C:\Windows\system32\PerfStringBackup.INI 2014-02-16 22:32 - 2009-07-14 05:45 - 00015040 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2014-02-16 22:32 - 2009-07-14 05:45 - 00015040 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2014-02-16 22:29 - 2010-01-11 20:34 - 01574090 _____ () C:\Windows\WindowsUpdate.log 2014-02-16 22:27 - 2014-02-16 22:27 - 00000000 ____D () C:\Windows\ERUNT 2014-02-16 22:26 - 2014-02-16 22:26 - 00004032 _____ () C:\Users\Thomas\Desktop\AdwCleaner[S0].txt 2014-02-16 22:25 - 2014-01-22 20:37 - 00000000 ____D () C:\Users\Thomas\AppData\Roaming\Dropbox 2014-02-16 22:25 - 2011-07-23 17:43 - 00001106 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2014-02-16 22:25 - 2010-01-11 22:24 - 00000000 ____D () C:\ProgramData\NVIDIA 2014-02-16 22:25 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2014-02-16 22:25 - 2009-07-14 05:51 - 00195742 _____ () C:\Windows\setupact.log 2014-02-16 22:23 - 2014-02-16 22:21 - 00000000 ____D () C:\AdwCleaner 2014-02-16 22:22 - 2011-07-23 17:43 - 00001110 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2014-02-16 22:20 - 2014-02-16 22:20 - 01037530 _____ (Thisisu) C:\Users\Thomas\Downloads\JRT.exe 2014-02-16 22:20 - 2014-02-16 22:20 - 01037530 _____ (Thisisu) C:\Users\Thomas\Desktop\JRT.exe 2014-02-16 22:19 - 2014-02-16 22:19 - 01166132 _____ () C:\Users\Thomas\Downloads\adwcleaner.exe 2014-02-16 22:19 - 2014-02-16 22:19 - 01166132 _____ () C:\Users\Thomas\Desktop\adwcleaner.exe 2014-02-16 21:58 - 2014-01-22 20:38 - 00000000 ___RD () C:\Users\Thomas\Dropbox 2014-02-16 21:54 - 2010-01-11 22:27 - 00027600 _____ () C:\Windows\PFRO.log 2014-02-16 21:51 - 2010-10-11 19:02 - 00000000 ____D () C:\Program Files (x86)\WinMerge 2014-02-16 21:50 - 2014-02-16 21:50 - 00023982 _____ () C:\ComboFix.txt 2014-02-16 21:50 - 2014-02-16 20:42 - 00000000 ____D () C:\Qoobox 2014-02-16 21:43 - 2009-07-14 03:34 - 00000215 _____ () C:\Windows\system.ini 2014-02-16 21:26 - 2012-05-18 17:43 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service 2014-02-16 21:17 - 2009-07-14 04:20 - 00000000 __RHD () C:\Users\Default 2014-02-16 21:14 - 2014-02-16 20:42 - 00000000 ____D () C:\Windows\erdnt 2014-02-16 21:07 - 2009-07-14 03:34 - 78643200 _____ () C:\Windows\system32\config\software.bak 2014-02-16 21:07 - 2009-07-14 03:34 - 31457280 _____ () C:\Windows\system32\config\system.bak 2014-02-16 21:07 - 2009-07-14 03:34 - 00524288 _____ () C:\Windows\system32\config\default.bak 2014-02-16 21:07 - 2009-07-14 03:34 - 00262144 _____ () C:\Windows\system32\config\security.bak 2014-02-16 21:07 - 2009-07-14 03:34 - 00262144 _____ () C:\Windows\system32\config\sam.bak 2014-02-16 20:37 - 2014-02-16 20:38 - 05183112 ____R (Swearware) C:\Users\Thomas\Desktop\ComboFix.exe 2014-02-16 20:37 - 2014-02-16 20:37 - 05183112 _____ (Swearware) C:\Users\Thomas\Downloads\ComboFix.exe 2014-02-16 20:21 - 2014-02-16 20:21 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox 2014-02-16 14:54 - 2013-08-14 19:34 - 00000000 ____D () C:\Windows\system32\MRT 2014-02-16 14:52 - 2010-01-17 10:41 - 88567024 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe 2014-02-16 14:51 - 2014-02-16 14:51 - 00014076 _____ () C:\Users\Thomas\Downloads\CORA Bestellung Nr. 2092433.html 2014-02-16 14:25 - 2014-02-16 14:21 - 00001540 _____ () C:\Users\Thomas\Downloads\URLLink.acsm 2014-02-16 14:20 - 2014-02-16 14:19 - 00000000 ____D () C:\Users\Thomas\Documents\My Digital Editions 2014-02-16 14:20 - 2014-01-21 17:22 - 00000000 ____D () C:\Users\Thomas\Documents\Calibre-Bibliothek 2014-02-16 14:19 - 2014-02-16 14:19 - 06063152 _____ (Adobe Systems Incorporated) C:\Users\Thomas\Downloads\ADE_3.0_Installer.exe 2014-02-16 14:19 - 2014-02-16 14:19 - 00000000 ____D () C:\Users\Thomas\AppData\Local\Adobe_Systems_Incorporate 2014-02-16 14:19 - 2010-01-11 20:51 - 00000000 ____D () C:\Program Files (x86)\Adobe 2014-02-16 14:17 - 2014-02-16 14:17 - 00000000 ____D () C:\Windows\SysWOW64\Adobe 2014-02-16 14:17 - 2011-07-23 17:43 - 00004106 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA 2014-02-16 14:17 - 2011-07-23 17:43 - 00003854 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore 2014-02-14 18:51 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\rescache 2014-02-12 18:48 - 2011-05-17 20:02 - 01594042 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI 2014-02-10 17:16 - 2014-02-10 17:15 - 00034112 _____ () C:\Users\Thomas\Downloads\Addition.txt 2014-02-10 17:16 - 2014-02-10 17:14 - 00033262 _____ () C:\Users\Thomas\Downloads\FRST.txt 2014-02-10 17:11 - 2010-01-22 20:52 - 00000000 ____D () C:\QUARANTINE 2014-02-08 08:42 - 2014-02-06 19:23 - 00000000 ____D () C:\Program Files (x86)\Mozilla Thunderbird 2014-02-06 20:27 - 2014-02-06 20:27 - 00001126 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk 2014-02-06 20:27 - 2014-02-06 20:27 - 00000000 ____D () C:\Users\Thomas\AppData\Roaming\Malwarebytes 2014-02-06 20:27 - 2014-02-06 20:27 - 00000000 ____D () C:\ProgramData\Malwarebytes 2014-02-06 20:27 - 2014-02-06 20:27 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes' Anti-Malware 2014-02-06 20:26 - 2014-02-06 20:25 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\Thomas\Downloads\mbam-setup-1.75.0.1300.exe 2014-02-06 17:36 - 2012-04-04 15:04 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2014-02-06 17:36 - 2012-04-04 15:04 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater 2014-02-06 17:36 - 2011-05-17 20:08 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2014-02-06 13:16 - 2014-02-12 18:39 - 23170048 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2014-02-06 12:30 - 2014-02-12 18:39 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2014-02-06 12:30 - 2014-02-12 18:39 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll 2014-02-06 12:12 - 2014-02-12 18:39 - 02765824 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2014-02-06 12:07 - 2014-02-12 18:39 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll 2014-02-06 12:06 - 2014-02-12 18:39 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll 2014-02-06 11:57 - 2014-02-12 18:39 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll 2014-02-06 11:56 - 2014-02-12 18:39 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll 2014-02-06 11:52 - 2014-02-12 18:39 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll 2014-02-06 11:49 - 2014-02-12 18:39 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe 2014-02-06 11:48 - 2014-02-12 18:39 - 00708608 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll 2014-02-06 11:48 - 2014-02-12 18:39 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe 2014-02-06 11:38 - 2014-02-12 18:39 - 17103872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2014-02-06 11:32 - 2014-02-12 18:39 - 00218624 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe 2014-02-06 11:20 - 2014-02-12 18:39 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb 2014-02-06 11:17 - 2014-02-12 18:39 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll 2014-02-06 11:11 - 2014-02-12 18:39 - 05768704 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2014-02-06 11:01 - 2014-02-12 18:39 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll 2014-02-06 11:00 - 2014-02-12 18:39 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll 2014-02-06 10:57 - 2014-02-12 18:39 - 02168320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2014-02-06 10:57 - 2014-02-12 18:39 - 00627200 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2014-02-06 10:52 - 2014-02-12 18:39 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll 2014-02-06 10:52 - 2014-02-12 18:39 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll 2014-02-06 10:50 - 2014-02-12 18:39 - 02041856 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl 2014-02-06 10:49 - 2014-02-12 18:39 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll 2014-02-06 10:47 - 2014-02-12 18:39 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe 2014-02-06 10:46 - 2014-02-12 18:39 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll 2014-02-06 10:25 - 2014-02-12 18:39 - 04244480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll 2014-02-06 10:25 - 2014-02-12 18:39 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll 2014-02-06 10:24 - 2014-02-12 18:39 - 02334208 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2014-02-06 10:22 - 2014-02-12 18:39 - 13051392 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2014-02-06 10:13 - 2014-02-12 18:39 - 00524288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll 2014-02-06 10:09 - 2014-02-12 18:39 - 01964032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl 2014-02-06 10:03 - 2014-02-12 18:39 - 11266048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2014-02-06 09:55 - 2014-02-12 18:39 - 01393664 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2014-02-06 09:41 - 2014-02-12 18:39 - 01820160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2014-02-06 09:40 - 2014-02-12 18:39 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll 2014-02-06 09:36 - 2014-02-12 18:39 - 01156096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2014-02-06 09:34 - 2014-02-12 18:39 - 00703488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll 2014-01-30 20:05 - 2012-03-04 21:26 - 00000000 ____D () C:\Users\Public\HBPData 2014-01-30 20:05 - 2012-03-04 21:25 - 00000000 ____D () C:\Program Files (x86)\HBP 2014-01-28 21:25 - 2014-01-28 21:25 - 02242727 _____ () C:\Users\Thomas\Downloads\brennweitenrechner.zip 2014-01-27 22:33 - 2013-05-10 16:39 - 00002036 _____ () C:\Users\Public\Desktop\Adobe Acrobat 7.0 Professional.lnk 2014-01-27 18:23 - 2012-04-16 17:30 - 00000000 ____D () C:\Users\Thomas\AppData\Roaming\Nuance 2014-01-27 18:23 - 2012-04-16 17:28 - 00000000 ____D () C:\ProgramData\Nuance 2014-01-26 15:12 - 2014-01-26 15:10 - 00000000 ____D () C:\Users\Thomas\Desktop\Digitalkamera 2014-01-23 17:03 - 2014-01-21 17:22 - 00000000 ____D () C:\Users\Thomas\AppData\Roaming\calibre 2014-01-22 20:38 - 2014-01-22 20:38 - 00001057 _____ () C:\Users\Thomas\Desktop\Dropbox.lnk 2014-01-22 20:38 - 2014-01-22 20:37 - 00000000 ____D () C:\Users\Thomas\AppData\Roaming\DropboxMaster 2014-01-22 20:38 - 2010-01-11 20:34 - 00000000 ____D () C:\Users\Thomas 2014-01-22 20:37 - 2014-01-22 20:37 - 00000000 ____D () C:\Users\Thomas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox 2014-01-22 20:37 - 2010-01-11 20:34 - 00000000 ___RD () C:\Users\Thomas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup 2014-01-22 20:36 - 2014-01-22 20:35 - 37660568 _____ (Dropbox, Inc.) C:\Users\Thomas\Downloads\Dropbox 2.6.2.exe 2014-01-21 17:56 - 2014-01-21 17:56 - 01887871 _____ () C:\Users\Thomas\Downloads\tools_v5.0.exe 2014-01-21 17:33 - 2014-01-21 17:23 - 00000000 ____D () C:\Users\Thomas\AppData\Local\calibre-cache 2014-01-21 17:22 - 2014-01-21 17:22 - 00000947 _____ () C:\Users\Public\Desktop\calibre 64bit - E-book management.lnk 2014-01-21 17:22 - 2014-01-21 17:22 - 00000000 ____D () C:\Program Files\Calibre2 2014-01-21 16:43 - 2014-01-21 16:42 - 59793408 _____ () C:\Users\Thomas\Downloads\calibre-64bit-1.20.0.msi 2014-01-20 19:31 - 2014-01-20 19:30 - 00005327 _____ () C:\Windows\SysWOW64\jupdate-1.7.0_51-b13.log 2014-01-20 19:31 - 2013-10-23 15:50 - 00000000 ____D () C:\ProgramData\Oracle 2014-01-20 19:31 - 2010-01-20 16:47 - 00000000 ____D () C:\Program Files (x86)\Java 2014-01-19 14:58 - 2014-01-19 14:58 - 00000000 ____D () C:\Users\Thomas\AppData\Roaming\VisualTailor Files to move or delete: ==================== C:\Users\Thomas\seticons.reg Some content of TEMP: ==================== C:\Users\Thomas\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpoqfbjz.dll C:\Users\Thomas\AppData\Local\Temp\Quarantine.exe ==================== Bamital & volsnap Check ================= C:\Windows\System32\winlogon.exe => MD5 is legit C:\Windows\System32\wininit.exe => MD5 is legit C:\Windows\SysWOW64\wininit.exe => MD5 is legit C:\Windows\explorer.exe => MD5 is legit C:\Windows\SysWOW64\explorer.exe => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\SysWOW64\svchost.exe => MD5 is legit C:\Windows\System32\services.exe => MD5 is legit C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\SysWOW64\User32.dll => MD5 is legit C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\SysWOW64\userinit.exe => MD5 is legit C:\Windows\System32\rpcss.dll => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit LastRegBack: 2014-02-08 09:14 ==================== End Of Log ============================ --- --- --- Addition.txt wurde diesmal nicht erzeugt (war auch nicht angehakt). |
Themen zu Beim Anklicken von Links öffnet sich http://open.url.ph/70244 |
aktive, aktiven, anhang, anklicken, bedrohungen, beliebige, browser, computerschutz, einiger, free, gefunde, gescannt, klicke, klicken, link, links, malwarebytes, mcafee, neu, nochmals, problem, seite, seiten, win, win7, öffnet |