|
Log-Analyse und Auswertung: E-Mail wird auf Fake-Account umgeleitetWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
09.02.2014, 17:29 | #1 |
| E-Mail wird auf Fake-Account umgeleitet Hallo zusammen, ich habe seit ca. 4 Tagen das Problem das E-Mails die ich an eine bestimmte E-Mailadresse versende umgeleitet werden und zwar zu EMKEI.CZ, die Antwort ist optisch fast identisch wie das Original. Ich habe eine weile Spam-Mails erhalten die auf EMKEI.CZ verlinkt waren , ich bin nicht auf den Link gegangen habe aber wissen wollen was das ist also habe ich über google die Seite augerufen und da bin ich leider zu weit gegangen, seitdem besteht das Problem ich habe mit Malwarebyts Antimalware alles entfern was ging, jetzt gehen auch wieder die Windows updates nur die Firewall bekomme ich jetzt nicht mehr hin. Ich habe mir eine neue Mailadresse zugelegt damit ich mit der bestimmten E-Mailadresse kontakt aufnehmen kann nur hilft das nicht da versendete Mail wieder von EMKEI.CZ beantwortet wird. Wo liegt jetzt das Problem ist mein Rechner nicht in Ordnung oder werden die Mails beim versenden abgefangen und umgeleitet?Wenn ja was kann man dagegen machen? Es ist mir bis jetzt nur bei dieser einen Adresse aufgefallen, der Header stimmt nicht oder wurde mein Postfach gehackt? Ich bin leider ein Laie was den Virusbefall angeht Es handelt sich bei der bestimmten E-Mailadresse um eine wichtige mit der ich zur Zeit keinen Kontakt aufnehmen kann da sie nicht ankommt. MfG |
09.02.2014, 17:42 | #2 |
/// the machine /// TB-Ausbilder | E-Mail wird auf Fake-Account umgeleitet hi,
__________________Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop: FRST 32-Bit | FRST 64-Bit (Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
__________________ |
09.02.2014, 17:59 | #3 |
| E-Mail wird auf Fake-Account umgeleitet Hallo
__________________danke für die schnelle Antwort, hier sind die Anhänge: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 09-02-2014 02 Ran by RSR (administrator) on R1 on 09-02-2014 17:59:48 Running from C:\Users\RSR\Desktop Microsoft® Windows Vista™ Home Premium Service Pack 2 (X86) OS Language: German Standard Internet Explorer Version 9 Boot Mode: Normal ==================== Processes (Whitelisted) ================= (Microsoft Corporation) C:\Windows\system32\SLsvc.exe (ABBYY) C:\Program Files\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe (Kaspersky Lab ZAO) C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avp.exe (Geek Software GmbH) C:\Program Files\PDF24\pdf24.exe (Realtek Semiconductor) C:\Windows\RtHDVCpl.exe (Microsoft Corporation) C:\Windows\ehome\ehtray.exe (CobianSoft, Luis Cobian) C:\Program Files\Cobian Backup 11\cbVSCService11.exe () C:\ProgramData\DatacardService\HWDeviceService.exe (Huawei Technologies Co., Ltd.) C:\ProgramData\DatacardService\DCSHelper.exe (Kaspersky Lab ZAO) C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avpui.exe () C:\ProgramData\Mobile Partner\OnlineUpdate\ouc.exe (Microsoft Corporation) C:\Windows\ehome\ehmsas.exe (Realtek Semiconductor Corp.) C:\Users\RSR\AppData\Local\Temp\RtkBtMnt.exe (Microsoft Corporation) C:\Windows\system32\wbem\unsecapp.exe (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe (Almico Software (www.almico.com)) C:\Program Files\SpeedFan\speedfan.exe (Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) C:\Program Files\Mozilla Firefox\plugin-container.exe (Adobe Systems, Inc.) C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_44.exe (Adobe Systems, Inc.) C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_44.exe ==================== Registry (Whitelisted) ================== HKLM\...\Run: [SearchProtection] - C:\ProgramData\Search Protection\_run.bat HKLM\...\Run: [PDFPrint] - C:\Program Files\PDF24\pdf24.exe [162856 2013-02-19] (Geek Software GmbH) HKLM\...\Run: [Adobe ARM] - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated) HKLM\...\Run: [RtHDVCpl] - C:\Windows\RtHDVCpl.exe [4669440 2007-07-06] (Realtek Semiconductor) HKLM\...\Run: [Skytel] - C:\Windows\Skytel.exe [1826816 2007-06-15] (Realtek Semiconductor Corp.) HKLM\...\Run: [APSDaemon] - C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.) HKLM\...\Run: [QuickTime Task] - C:\Program Files\QuickTime\QTTask.exe [421888 2013-05-01] (Apple Inc.) HKLM\...D6A79037F57F\InprocServer32: [Default-fastprox] fastprox.dll ATTENTION! ====> ZeroAccess? HKU\S-1-5-19\...\Run: [WindowsWelcomeCenter] - rundll32.exe oobefldr.dll,ShowWelcomeCenter HKU\S-1-5-20\...\Run: [WindowsWelcomeCenter] - rundll32.exe oobefldr.dll,ShowWelcomeCenter HKU\S-1-5-21-3318535885-2036192723-3077812158-1000\...\Run: [ehTray.exe] - C:\Windows\ehome\ehTray.exe [125952 2008-01-19] (Microsoft Corporation) HKU\S-1-5-21-3318535885-2036192723-3077812158-1000\...\MountPoints2: {86af65fc-d316-11e1-afaa-001b386da403} - G:\AutoRun.exe HKU\S-1-5-21-3318535885-2036192723-3077812158-1000\...\MountPoints2: {86af6602-d316-11e1-afaa-001b386da403} - H:\AutoRun.exe HKU\S-1-5-21-3318535885-2036192723-3077812158-1000\...409d6c4515e9\InprocServer32: [Default-shell32] <==== ATTENTION! AppInit_DLLs: eNetHook.dll => C:\Windows\system32\eNetHook.dll [90112 2007-05-22] (acer) ==================== Internet (Whitelisted) ==================== HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.de/ HKCU\Software\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7 HKCU\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://global.acer.com HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/ URLSearchHook: HKCU - UrlSearchHook Class - {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask) URLSearchHook: HKCU - (No Name) - {B922D405-6D13-4A2B-AE89-08A030DA4402} - No File SearchScopes: HKCU - DefaultScope {7114CBE7-B242-4D97-9988-B4C325E95BA2} URL = hxxp://de.search.yahoo.com.anonymize-me.de/?anonymto=687474703A2F2F64652E7365617263682E7961686F6F2E636F6D2F7365617263683F66723D6368722D677265656E747265655F69652665693D7574662D3826696C633D313226747970653D38323733313626703D7B7365617263685465726D737D&st={searchTerms}&clid=e52614c3-3eb0-40cb-8ae5-a27424ac1250&pid=freewarede&k=0 SearchScopes: HKCU - {03BCC049-3086-4D3A-A35C-AE1F412715DC} URL = hxxp://www.myvideo.de.anonymize-me.de/?to=6D79766964656F2E6465&st={searchTerms}&clid=e52614c3-3eb0-40cb-8ae5-a27424ac1250&pid=freewarede&mode=bounce&k=0 SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com.anonymize-me.de/?anonymto=687474703A2F2F7777772E62696E672E636F6D2F7365617263683F713D7B7365617263685465726D737D267372633D49452D536561726368426F7826464F524D3D494538535243&st={searchTerms}&clid=e52614c3-3eb0-40cb-8ae5-a27424ac1250&pid=freewarede&k=0 SearchScopes: HKCU - {20A62384-EF0B-4C0D-96A2-4E580713BEB1} URL = hxxp://search.softonic.com.anonymize-me.de/?anonymto=687474703A2F2F7365617263682E736F66746F6E69632E636F6D2F4D4F4E30303031352F74625F76313F713D7B7365617263685465726D737D26536561726368536F757263653D342663633D26723D343233&st={searchTerms}&clid=e52614c3-3eb0-40cb-8ae5-a27424ac1250&pid=freewarede&k=0 SearchScopes: HKCU - {38A46175-7035-4A37-8C20-20EE2E8994F2} URL = hxxp://websearch.ask.com.anonymize-me.de/?anonymto=687474703A2F2F7765627365617263682E61736B2E636F6D2F72656469726563743F636C69656E743D69652674623D474C535635266F3D3130313638267372633D6B7726713D7B7365617263685465726D737D266C6F63616C653D2661706E5F70746E72733D474C2661706E5F647469643D595959595959434C44452661706E5F7569643D41393643363734302D444346442D343930422D413032372D3945453037363833303930322661706E5F73617569643D38323835364639432D374546372D344444372D394435372D374641423934364139334235&st={searchTerms}&clid=e52614c3-3eb0-40cb-8ae5-a27424ac1250&pid=freewarede&k=0 SearchScopes: HKCU - {3BD44F0E-0596-4008-AEE0-45D47E3A8F0E} URL = hxxp://safesearchr.lavasoft.com.anonymize-me.de/?anonymto=687474703A2F2F73616665736561726368722E6C617661736F66742E636F6D2F3F736F757263653D3333333663613566267462703D72626F7826746F6F6C62617269643D61646177617265746226753D434634313143424146434130383345364238413435323530424346354246434526713D7B7365617263685465726D737D&st={searchTerms}&clid=e52614c3-3eb0-40cb-8ae5-a27424ac1250&pid=freewarede&k=0 SearchScopes: HKCU - {4B151A7D-A9D8-415F-A557-3E4D728E747E} URL = hxxp://www.otto.de.anonymize-me.de/?to=6F74746F2E6465&st={searchTerms}&clid=e52614c3-3eb0-40cb-8ae5-a27424ac1250&pid=freewarede&mode=bounce&k=0 SearchScopes: HKCU - {5BB04328-B5D2-43F4-9424-4D69954558AA} URL = hxxp://search.ebay.de.anonymize-me.de/?to=656261792E6465&st={searchTerms}&clid=e52614c3-3eb0-40cb-8ae5-a27424ac1250&pid=freewarede&mode=bounce&k=0 SearchScopes: HKCU - {6C17E1D5-B6C9-437C-836E-E25BC04695DF} URL = hxxp://www.amazon.de.anonymize-me.de/?to=616D617A6F6E2E6465&st={searchTerms}&clid=e52614c3-3eb0-40cb-8ae5-a27424ac1250&pid=freewarede&mode=bounce&k=0 SearchScopes: HKCU - {7114CBE7-B242-4D97-9988-B4C325E95BA2} URL = hxxp://de.search.yahoo.com.anonymize-me.de/?anonymto=687474703A2F2F64652E7365617263682E7961686F6F2E636F6D2F7365617263683F66723D6368722D677265656E747265655F69652665693D7574662D3826696C633D313226747970653D38323733313626703D7B7365617263685465726D737D&st={searchTerms}&clid=e52614c3-3eb0-40cb-8ae5-a27424ac1250&pid=freewarede&k=0 SearchScopes: HKCU - {B6CF2DA6-ACB1-4F63-93CB-B0287389E597} URL = hxxp://de.wikipedia.org.anonymize-me.de/?to=64652E77696B6970656469612E6F7267&st={searchTerms}&clid=e52614c3-3eb0-40cb-8ae5-a27424ac1250&pid=freewarede&mode=bounce&k=0 SearchScopes: HKCU - {EBFDC28C-22D7-4796-B24D-5D9FB6F6428B} URL = hxxp://www.pricerunner.de.anonymize-me.de/?to=707269636572756E6E65722E6465&st={searchTerms}&clid=e52614c3-3eb0-40cb-8ae5-a27424ac1250&pid=freewarede&mode=bounce&k=0 BHO: Content Blocker Plugin - {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO) BHO: Virtual Keyboard Plugin - {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO) BHO: Windows Live Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) BHO: Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION / CyCom Technology Corp.) BHO: Safe Money Plugin - {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO) BHO: Ask Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask) BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.) BHO: URL Advisor Plugin - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO) BHO: Softonic Helper Object - {E87806B5-E908-45FD-AF5E-957D83E58E68} - C:\Program Files\Softonic\Softonic\1.6.7.4\bh\Softonic.dll (Softonic.com) Toolbar: HKLM - Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION / CyCom Technology Corp.) Toolbar: HKLM - Ask Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask) Toolbar: HKLM - Softonic Toolbar - {5018CFD2-804D-4C99-9F81-25EAEA2769DE} - C:\Program Files\Softonic\Softonic\1.6.7.4\SoftonicTlbr.dll (Softonic.com) DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation) Tcpip\Parameters: [DhcpNameServer] 192.168.2.1 FireFox: ======== FF ProfilePath: C:\Users\RSR\AppData\Roaming\Mozilla\Firefox\Profiles\f1fajayh.default FF user.js: detected! => C:\Users\RSR\AppData\Roaming\Mozilla\Firefox\Profiles\f1fajayh.default\user.js FF Homepage: hxxp://www.google.de/ FF Keyword.URL: hxxp://www.google.com/search?ie=UTF-8&oe=UTF-8&sourceid=navclient&gfns=1&q= FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32.dll () FF Plugin: @java.com/JavaPlugin - C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation) FF Plugin: @microsoft.com/OfficeLive,version=1.5 - C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.) FF Plugin: @microsoft.com/WLPG,version=14.0.8117.0416 - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin: @microsoft.com/WPF,version=3.5 - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF Plugin: @videolan.org/vlc,version=1.1.0 - C:\Programme\VideoLAN\VLC\npvlc.dll (the VideoLAN Team) FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF SearchPlugin: C:\Users\RSR\AppData\Roaming\Mozilla\Firefox\Profiles\f1fajayh.default\searchplugins\askcom.xml FF SearchPlugin: C:\Users\RSR\AppData\Roaming\Mozilla\Firefox\Profiles\f1fajayh.default\searchplugins\softonic.xml FF SearchPlugin: C:\Users\RSR\AppData\Roaming\Mozilla\Firefox\Profiles\f1fajayh.default\searchplugins\{264BD9DE-C78C-4405-83DF-109C3495DAD6}.xml FF SearchPlugin: C:\Users\RSR\AppData\Roaming\Mozilla\Firefox\Profiles\f1fajayh.default\searchplugins\{4A068CDA-BF07-4E02-9960-9FA132C088CE}.xml FF SearchPlugin: C:\Users\RSR\AppData\Roaming\Mozilla\Firefox\Profiles\f1fajayh.default\searchplugins\{85C0C13D-186D-4DB0-BD6C-466EA82C2F6A}.xml FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\amazondotcom-de.xml FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\eBay-de.xml FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\leo_ende_de.xml FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\yahoo-de.xml FF Extension: Lavasoft Search Plugin - C:\Users\RSR\AppData\Roaming\Mozilla\Firefox\Profiles\f1fajayh.default\Extensions\jid1-yZwVFzbsyfMrqQ@jetpack [2012-09-09] FF Extension: Ask Toolbar - C:\Users\RSR\AppData\Roaming\Mozilla\Firefox\Profiles\f1fajayh.default\Extensions\toolbar@ask.com [2011-12-02] FF Extension: Microsoft .NET Framework Assistant - C:\Users\RSR\AppData\Roaming\Mozilla\Firefox\Profiles\f1fajayh.default\Extensions\{20a82645-c095-46ed-80e3-08825760534b} [2011-04-08] FF Extension: Adblock Plus - C:\Users\RSR\AppData\Roaming\Mozilla\Firefox\Profiles\f1fajayh.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2011-06-17] FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ FF Extension: Microsoft .NET Framework Assistant - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [] FF HKLM\...\Firefox\Extensions: - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\url_advisor@kaspersky.com FF Extension: Kaspersky URL Advisor - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\url_advisor@kaspersky.com [2014-02-07] FF HKLM\...\Firefox\Extensions: [virtual_keyboard@kaspersky.com] - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\virtual_keyboard@kaspersky.com FF Extension: Virtual Keyboard - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\virtual_keyboard@kaspersky.com [2014-02-07] FF HKLM\...\Firefox\Extensions: [content_blocker@kaspersky.com] - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\content_blocker@kaspersky.com FF Extension: Dangerous Websites Blocker - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\content_blocker@kaspersky.com [2014-02-07] FF HKLM\...\Firefox\Extensions: [anti_banner@kaspersky.com] - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\anti_banner@kaspersky.com FF Extension: Anti-Banner - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\anti_banner@kaspersky.com [2014-02-07] FF HKLM\...\Firefox\Extensions: [online_banking@kaspersky.com] - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\online_banking@kaspersky.com FF Extension: Safe Money - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\online_banking@kaspersky.com [2014-02-07] ========================== Services (Whitelisted) ================= R2 ABBYY.Licensing.FineReader.Sprint.9.0; C:\Program Files\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe [759048 2009-05-14] (ABBYY) S4 ALaunchService; C:\Acer\ALaunch\ALaunchSvc.exe [50688 2007-01-26] () S4 Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [116040 2008-09-10] (Apple Inc.) R2 AVP; C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avp.exe [214512 2013-10-17] (Kaspersky Lab ZAO) R2 cbVSCService11; C:\Program Files\Cobian Backup 11\cbVSCService11.exe [67584 2012-12-05] (CobianSoft, Luis Cobian) S4 eDataSecurity Service; C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe [457512 2007-04-25] (HiTRSUT) S4 eLockService; C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe [24576 2007-03-14] (Acer Inc.) S4 eNet Service; C:\Acer\Empowering Technology\eNet\eNet Service.exe [135168 2007-05-22] (Acer Inc.) S4 eRecoveryService; C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe [53248 2007-02-13] (Acer Inc.) S4 eSettingsService; C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe [24576 2007-05-10] () R2 HWDeviceService.exe; C:\ProgramData\DatacardService\HWDeviceService.exe [271712 2011-03-14] () S4 LiveUpdate Notice Service; C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe [583048 2008-01-29] (Symantec Corporation) S2 Mobile Partner. RunOuc; C:\Program Files\Mobile Partner\UpdateDog\ouc.exe [246112 2012-07-31] () S4 MobilityService; C:\Acer\Mobility Center\MobilityService.exe [107008 2006-11-24] () S4 RichVideo; C:\Program Files\CyberLink\Shared Files\RichVideo.exe [266343 2007-01-23] () S4 VMCService; C:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe [14336 2008-07-04] (Vodafone) S4 WMIService; C:\Acer\Empowering Technology\ePower\ePowerSvc.exe [167936 2007-09-14] (acer) ==================== Drivers (Whitelisted) ==================== S2 BX40; C:\Windows\System32\Drivers\bx40.sys [11648 2006-07-19] (Batronix) R1 DritekPortIO; C:\Program Files\Launch Manager\DPortIO.sys [20112 2006-11-02] (Dritek System Inc.) R2 eprdrv; C:\Windows\System32\drivers\eprdrv.SYS [11456 2004-06-07] (EVC electronic GmbH) S3 FTDIBUS; C:\Windows\System32\drivers\ftdibus.sys [53184 2007-06-27] (FTDI Ltd.) S3 gfiark; C:\Windows\System32\drivers\gfiark.sys [43368 2013-05-23] (ThreatTrack Security) R0 gfibto; C:\Windows\System32\drivers\gfibto.sys [13560 2013-07-02] (GFI Software) R0 giveio; C:\Windows\System32\giveio.sys [5248 1996-04-03] () R2 int15; C:\Acer\Empowering Technology\eRecovery\int15.sys [76584 2006-12-07] () R0 kl1; C:\Windows\System32\DRIVERS\kl1.sys [135776 2014-02-07] (Kaspersky Lab ZAO) R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [574560 2014-02-07] (Kaspersky Lab ZAO) R1 KLIM6; C:\Windows\System32\DRIVERS\klim6.sys [25696 2013-10-17] (Kaspersky Lab ZAO) R3 klkbdflt; C:\Windows\System32\DRIVERS\klkbdflt.sys [25696 2013-10-17] (Kaspersky Lab ZAO) R3 klmouflt; C:\Windows\System32\DRIVERS\klmouflt.sys [25696 2013-10-17] (Kaspersky Lab ZAO) R1 klpd; C:\Windows\System32\DRIVERS\klpd.sys [14432 2013-04-12] (Kaspersky Lab ZAO) R1 kltdi; C:\Windows\System32\DRIVERS\kltdi.sys [45024 2013-05-14] (Kaspersky Lab ZAO) R1 kneps; C:\Windows\System32\DRIVERS\kneps.sys [144992 2014-02-07] (Kaspersky Lab ZAO) S3 LPWRITER; C:\Windows\System32\DRIVERS\USBWrite.SYS [14268 2005-07-26] (CYPRESS Corporation) S3 MBAMSwissArmy; C:\Windows\system32\drivers\mbamswissarmy.sys [40776 2014-02-07] (Malwarebytes Corporation) R0 PSDFilter; C:\Windows\System32\DRIVERS\psdfilter.sys [20776 2007-04-25] (HiTRUST) R0 PSDNServ; C:\Windows\System32\drivers\PSDNServ.sys [16680 2007-04-25] (HiTRUST) R0 psdvdisk; C:\Windows\System32\drivers\psdvdisk.sys [60712 2007-04-25] (HiTRUST) R2 simdrv; C:\Windows\System32\drivers\simdrv.SYS [9420 2004-06-07] (EVC electronic GmbH) R3 SNP2UVC; C:\Windows\System32\DRIVERS\snp2uvc.sys [1749376 2007-08-02] () R0 speedfan; C:\Windows\System32\speedfan.sys [21696 2010-12-18] (Almico Software) S3 WinDriver; C:\Windows\System32\drivers\WINDRVR.SYS [215640 2002-12-09] (Jungo) R2 {49DE1C67-83F8-4102-99E0-C16DCC7EEC796}; C:\Program Files\Acer Arcade Deluxe\Play Movie\000.fcl [13560 2006-11-02] (Cyberlink Corp.) S4 blbdrive; \SystemRoot\system32\drivers\blbdrive.sys [X] S3 IpInIp; system32\DRIVERS\ipinip.sys [X] U5 klflt; C:\Windows\System32\Drivers\klflt.sys [94304 2013-06-08] (Kaspersky Lab ZAO) S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X] S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X] S1 SBRE; \??\C:\Windows\system32\drivers\SBREdrv.sys [X] ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2014-02-09 17:59 - 2014-02-09 18:01 - 00021144 _____ () C:\Users\RSR\Desktop\FRST.txt 2014-02-09 17:59 - 2014-02-09 17:59 - 00000000 ____D () C:\FRST 2014-02-09 17:58 - 2014-02-09 17:57 - 01138688 _____ (Farbar) C:\Users\RSR\Desktop\FRST.exe 2014-02-09 17:57 - 2014-02-09 17:57 - 01138688 _____ (Farbar) C:\Users\RSR\Downloads\FRST.exe 2014-02-08 12:34 - 2014-02-08 12:34 - 00000218 _____ () C:\Users\RSR\AppData\Local\recently-used.xbel 2014-02-08 12:21 - 2014-02-08 12:22 - 17890696 _____ (Adobe Systems Incorporated) C:\Users\RSR\Downloads\install_flash_player(1).exe 2014-02-08 12:14 - 2014-02-08 12:50 - 00000000 ____D () C:\Program Files\McAfee Security Scan 2014-02-08 12:14 - 2014-02-08 12:14 - 00000000 ____D () C:\ProgramData\McAfee 2014-02-08 12:10 - 2014-02-08 12:10 - 00001730 _____ () C:\Users\Public\Desktop\QuickTime Player.lnk 2014-02-08 12:09 - 2014-02-08 12:10 - 00000000 ____D () C:\Program Files\QuickTime 2014-02-08 12:05 - 2014-02-08 12:05 - 00000000 ____D () C:\Program Files\Apple Software Update 2014-02-08 12:00 - 2014-02-08 12:02 - 41404760 _____ (Apple Inc.) C:\Users\RSR\Downloads\QuickTimeInstaller.exe 2014-02-07 22:02 - 2014-02-07 22:02 - 00040776 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamswissarmy.sys 2014-02-07 21:10 - 2014-02-07 21:10 - 00347816 _____ (Microsoft Corporation) C:\Users\RSR\Downloads\MicrosoftFixit.WindowsFirewall.RNP.6331523040934190.1.1.Run.exe 2014-02-07 21:08 - 2014-02-07 21:08 - 00000866 _____ () C:\Users\RSR\Downloads\avira-eu-cleaner_de.exe - Verknüpfung.lnk 2014-02-07 21:08 - 2014-02-07 21:08 - 00000866 _____ () C:\Users\RSR\Desktop\avira-eu-cleaner.lnk 2014-02-07 17:23 - 2014-02-07 17:23 - 00002115 _____ () C:\Users\RSR\Desktop\Sicherer Zahlungsverkehr.lnk 2014-02-07 17:21 - 2014-02-07 17:20 - 00001005 _____ () C:\Users\Public\Desktop\Kaspersky Internet Security.lnk 2014-02-07 17:16 - 2014-02-09 17:05 - 00000000 ____D () C:\ProgramData\Kaspersky Lab 2014-02-07 17:16 - 2014-02-07 17:50 - 00574560 _____ (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\klif.sys 2014-02-07 17:16 - 2014-02-07 17:16 - 00000000 ____D () C:\Program Files\Kaspersky Lab 2014-02-07 17:16 - 2013-06-08 20:18 - 00094304 _____ (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\klflt.sys 2014-02-07 16:50 - 2014-02-07 17:12 - 256314176 _____ () C:\Users\RSR\Downloads\kis14.0.0.4651abDE_5155.exe 2014-02-07 10:27 - 2013-11-15 00:13 - 12344320 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2014-02-07 10:27 - 2013-11-14 23:50 - 09739264 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2014-02-07 10:27 - 2013-11-14 23:50 - 01806848 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2014-02-07 10:27 - 2013-11-14 23:43 - 01105408 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2014-02-07 10:27 - 2013-11-14 23:42 - 01427968 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl 2014-02-07 10:27 - 2013-11-14 23:42 - 01129472 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2014-02-07 10:27 - 2013-11-14 23:41 - 00231936 _____ (Microsoft Corporation) C:\Windows\system32\url.dll 2014-02-07 10:27 - 2013-11-14 23:40 - 00065024 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll 2014-02-07 10:27 - 2013-11-14 23:38 - 00717824 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll 2014-02-07 10:27 - 2013-11-14 23:38 - 00420864 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll 2014-02-07 10:27 - 2013-11-14 23:38 - 00142848 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe 2014-02-07 10:27 - 2013-11-14 23:37 - 00607744 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2014-02-07 10:27 - 2013-11-14 23:36 - 01796096 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2014-02-07 10:27 - 2013-11-14 23:36 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll 2014-02-07 10:27 - 2013-11-14 23:35 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2014-02-07 10:27 - 2013-11-14 23:32 - 00176640 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll 2014-02-07 10:23 - 2012-07-26 04:39 - 00047720 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WdfLdr.sys 2014-02-07 10:23 - 2012-07-26 04:21 - 00196608 _____ (Microsoft Corporation) C:\Windows\system32\WUDFHost.exe 2014-02-07 10:23 - 2012-07-26 04:20 - 00613888 _____ (Microsoft Corporation) C:\Windows\system32\WUDFx.dll 2014-02-07 10:23 - 2012-07-26 04:20 - 00172032 _____ (Microsoft Corporation) C:\Windows\system32\WUDFPlatform.dll 2014-02-07 10:23 - 2012-07-26 04:20 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\WUDFSvc.dll 2014-02-07 10:23 - 2012-07-26 04:20 - 00038912 _____ (Microsoft Corporation) C:\Windows\system32\WUDFCoinstaller.dll 2014-02-07 10:23 - 2012-07-26 03:46 - 00009728 _____ (Microsoft Corporation) C:\Windows\system32\Wdfres.dll 2014-02-07 10:23 - 2012-07-26 03:33 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WUDFPf.sys 2014-02-07 10:23 - 2012-07-26 03:32 - 00155136 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WUDFRd.sys 2014-02-07 10:23 - 2012-06-02 15:57 - 00000003 _____ () C:\Windows\system32\Drivers\MsftWdf_User_01_11_00_Inbox_Critical.Wdf 2014-02-07 10:23 - 2009-07-14 13:12 - 00016896 _____ (Microsoft Corporation) C:\Windows\system32\winusb.dll 2014-02-07 10:13 - 2014-02-07 10:18 - 00000000 ____D () C:\Windows\system32\MRT 2014-02-07 10:07 - 2013-04-24 05:00 - 00041984 _____ (Microsoft Corporation) C:\Windows\system32\certenc.dll 2014-02-07 10:07 - 2013-04-24 02:46 - 00812544 _____ (Microsoft Corporation) C:\Windows\system32\certutil.exe 2014-02-07 10:06 - 2013-10-03 13:45 - 00993792 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll 2014-02-07 10:06 - 2013-07-17 20:41 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll 2014-02-07 10:05 - 2013-10-30 03:12 - 00335360 _____ (Microsoft Corporation) C:\Windows\system32\SysFxUI.dll 2014-02-07 10:05 - 2013-10-30 02:43 - 00130048 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\drmk.sys 2014-02-07 10:05 - 2013-10-30 01:43 - 00167936 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\portcls.sys 2014-02-07 10:05 - 2013-10-30 01:35 - 02050560 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys 2014-02-07 10:05 - 2013-10-11 03:08 - 00444928 _____ (Microsoft Corporation) C:\Windows\system32\IKEEXT.DLL 2014-02-07 10:05 - 2013-10-11 03:08 - 00172032 _____ (Microsoft Corporation) C:\Windows\system32\scrrun.dll 2014-02-07 10:05 - 2013-10-11 03:08 - 00131072 _____ (Microsoft Corporation) C:\Windows\system32\wshom.ocx 2014-02-07 10:05 - 2013-10-11 03:08 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wshcon.dll 2014-02-07 10:05 - 2013-10-11 03:07 - 00596480 _____ (Microsoft Corporation) C:\Windows\system32\FWPUCLNT.DLL 2014-02-07 10:05 - 2013-10-11 01:39 - 00218228 _____ () C:\Windows\system32\WFP.TMF 2014-02-07 10:05 - 2013-10-11 01:35 - 00155648 _____ (Microsoft Corporation) C:\Windows\system32\wscript.exe 2014-02-07 10:05 - 2013-10-11 01:35 - 00135168 _____ (Microsoft Corporation) C:\Windows\system32\cscript.exe 2014-02-07 10:05 - 2013-10-03 13:45 - 00297984 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll 2014-02-07 10:05 - 2013-08-27 03:47 - 01029120 _____ (Microsoft Corporation) C:\Windows\system32\d3d10.dll 2014-02-07 10:05 - 2013-08-27 03:47 - 00219648 _____ (Microsoft Corporation) C:\Windows\system32\d3d10_1core.dll 2014-02-07 10:05 - 2013-08-27 03:47 - 00189952 _____ (Microsoft Corporation) C:\Windows\system32\d3d10core.dll 2014-02-07 10:05 - 2013-08-27 03:47 - 00160768 _____ (Microsoft Corporation) C:\Windows\system32\d3d10_1.dll 2014-02-07 10:05 - 2013-08-27 02:52 - 01172480 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll 2014-02-07 10:05 - 2013-08-27 02:50 - 00486400 _____ (Microsoft Corporation) C:\Windows\system32\d3d10level9.dll 2014-02-07 10:05 - 2013-08-27 02:32 - 00683008 _____ (Microsoft Corporation) C:\Windows\system32\d2d1.dll 2014-02-07 10:05 - 2013-08-27 02:28 - 01069056 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll 2014-02-07 10:05 - 2013-08-27 02:28 - 00798208 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll 2014-02-07 10:05 - 2013-08-02 05:09 - 01548288 _____ (Microsoft Corporation) C:\Windows\system32\WMVDECOD.DLL 2014-02-07 10:05 - 2013-08-01 04:16 - 00638400 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys 2014-02-07 10:05 - 2013-08-01 03:49 - 00037376 _____ (Microsoft Corporation) C:\Windows\system32\cdd.dll 2014-02-07 10:05 - 2013-07-20 11:44 - 00102608 _____ (Microsoft Corporation) C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll 2014-02-07 10:05 - 2013-07-10 10:47 - 00783360 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll 2014-02-07 10:05 - 2013-07-09 13:10 - 01205168 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll 2014-02-07 10:05 - 2013-07-08 05:55 - 03603904 _____ (Microsoft Corporation) C:\Windows\system32\ntkrnlpa.exe 2014-02-07 10:05 - 2013-07-08 05:55 - 03551680 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe 2014-02-07 10:05 - 2013-06-29 03:07 - 00226304 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbport.sys 2014-02-07 10:05 - 2013-06-29 03:07 - 00197632 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbhub.sys 2014-02-07 10:05 - 2013-06-29 03:07 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbccgp.sys 2014-02-07 10:05 - 2013-06-29 03:06 - 00006016 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbd.sys 2014-02-07 10:05 - 2013-06-15 14:22 - 00015872 _____ (Microsoft Corporation) C:\Windows\system32\icaapi.dll 2014-02-07 10:05 - 2013-06-15 12:23 - 00024064 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tssecsrv.sys 2014-02-07 10:05 - 2013-06-04 05:16 - 00034304 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll 2014-02-07 10:05 - 2013-06-04 02:49 - 00293376 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll 2014-02-07 10:05 - 2013-05-02 05:04 - 00443904 _____ (Microsoft Corporation) C:\Windows\system32\win32spl.dll 2014-02-07 10:05 - 2013-05-02 05:03 - 00037376 _____ (Microsoft Corporation) C:\Windows\system32\printcom.dll 2014-02-07 10:05 - 2013-03-09 04:45 - 00049152 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll 2014-02-07 10:05 - 2013-03-09 02:28 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe 2014-02-07 10:05 - 2013-03-03 20:07 - 01082232 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ntfs.sys 2014-02-07 10:05 - 2012-11-22 04:54 - 00353280 _____ (Microsoft Corporation) C:\Windows\system32\shlwapi.dll 2014-02-07 10:05 - 2012-11-20 05:22 - 00204288 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll 2014-02-07 10:05 - 2012-11-08 04:48 - 01314816 _____ (Microsoft Corporation) C:\Windows\system32\quartz.dll 2014-02-07 10:05 - 2012-11-02 11:19 - 01400832 _____ (Microsoft Corporation) C:\Windows\system32\msxml6.dll 2014-02-07 10:05 - 2012-11-02 11:18 - 00376320 _____ (Microsoft Corporation) C:\Windows\system32\dpnet.dll 2014-02-07 10:05 - 2012-11-02 09:26 - 00023040 _____ (Microsoft Corporation) C:\Windows\system32\dpnsvr.exe 2014-02-07 10:05 - 2012-09-25 17:19 - 00075776 _____ (Microsoft Corporation) C:\Windows\system32\synceng.dll 2014-02-07 10:05 - 2012-08-21 12:47 - 00224640 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\volsnap.sys 2014-02-07 10:05 - 2011-05-05 14:54 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbehci.sys 2014-02-07 10:05 - 2011-05-05 14:54 - 00023552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbuhci.sys 2014-02-07 10:04 - 2013-06-01 05:06 - 00505344 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll 2014-02-07 10:03 - 2013-07-16 05:35 - 00615936 _____ (Microsoft Corporation) C:\Windows\system32\themeui.dll 2014-02-07 10:02 - 2013-10-22 08:19 - 00158208 _____ (Microsoft Corporation) C:\Windows\system32\imagehlp.dll 2014-02-07 10:02 - 2013-06-27 00:01 - 00527064 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Wdf01000.sys 2014-02-07 10:02 - 2012-09-28 17:11 - 00892928 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll 2014-02-07 09:56 - 2013-03-08 04:52 - 02067968 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll 2014-02-07 09:55 - 2013-07-05 05:53 - 00905664 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys 2014-02-07 09:54 - 2013-07-04 05:21 - 00532480 _____ (Microsoft Corporation) C:\Windows\system32\comctl32.dll 2014-02-07 09:54 - 2013-07-03 03:33 - 00035328 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbscan.sys 2014-02-07 09:54 - 2013-07-03 03:10 - 00025472 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hidparse.sys 2014-02-07 09:53 - 2013-04-17 13:30 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\cryptdlg.dll 2014-02-07 09:53 - 2013-03-08 04:53 - 00376320 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll 2014-02-07 09:52 - 2013-07-08 05:20 - 00172544 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll 2014-02-07 09:52 - 2013-07-08 05:16 - 00133120 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll 2014-02-07 09:52 - 2013-07-08 05:16 - 00098304 _____ (Microsoft Corporation) C:\Windows\system32\cryptnet.dll 2014-02-07 09:51 - 2013-02-12 02:57 - 00015872 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usb8023.sys 2014-02-07 06:58 - 2014-02-07 06:59 - 18733360 _____ (Microsoft Corporation) C:\Users\RSR\Downloads\IE9-WindowsVista-x86-deu.exe 2014-02-07 06:25 - 2014-02-07 06:25 - 00347816 _____ (Microsoft Corporation) C:\Users\RSR\Downloads\MicrosoftFixit.wu.RNP.38315177170263812.1.1.Run.exe 2014-02-06 23:03 - 2014-02-06 23:03 - 02209056 _____ () C:\Users\RSR\Downloads\avira-eu-cleaner_de.exe 2014-02-05 18:18 - 2014-02-05 18:18 - 00051055 _____ () C:\Users\RSR\Downloads\DP-R1403 & DP-R1403-1.xlsx 2014-02-04 18:10 - 2014-02-04 18:11 - 00000000 ____D () C:\Program Files\Mozilla Firefox 2014-02-02 12:05 - 2014-02-02 12:05 - 00065123 _____ () C:\Users\RSR\Downloads\Herunterladen(2).csv 2014-01-28 17:26 - 2014-01-28 17:26 - 00294400 _____ () C:\Users\RSR\Downloads\Preisliste ab 01.07.2013.xls 2014-01-28 16:27 - 2014-01-28 16:27 - 08795847 _____ () C:\Users\RSR\Downloads\AFHC 1-4.zip 2014-01-23 21:38 - 2014-01-23 21:38 - 00000000 ____D () C:\Users\RSR\AppData\Local\TSR_Software_-_www.tsr-so 2014-01-23 20:02 - 2014-01-23 20:07 - 00000000 ____D () C:\Users\RSR\Documents\TSR Software 2014-01-23 20:02 - 2014-01-23 20:02 - 00000796 _____ () C:\Users\Public\Desktop\Watermark Image.lnk 2014-01-23 20:01 - 2014-01-23 20:01 - 02983405 ____N () C:\Users\RSR\Downloads\watermark-image-free_2.7.3.2.zip 2014-01-23 18:30 - 2014-01-23 18:30 - 01725064 ____N () C:\Users\RSR\Downloads\Adaware_Installer(6).exe ==================== One Month Modified Files and Folders ======= 2014-02-09 18:01 - 2014-02-09 17:59 - 00021144 _____ () C:\Users\RSR\Desktop\FRST.txt 2014-02-09 17:59 - 2014-02-09 17:59 - 00000000 ____D () C:\FRST 2014-02-09 17:57 - 2014-02-09 17:58 - 01138688 _____ (Farbar) C:\Users\RSR\Desktop\FRST.exe 2014-02-09 17:57 - 2014-02-09 17:57 - 01138688 _____ (Farbar) C:\Users\RSR\Downloads\FRST.exe 2014-02-09 17:55 - 2006-11-02 13:47 - 00003296 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 2014-02-09 17:55 - 2006-11-02 13:47 - 00003296 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 2014-02-09 17:06 - 2012-06-30 09:05 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job 2014-02-09 17:05 - 2014-02-07 17:16 - 00000000 ____D () C:\ProgramData\Kaspersky Lab 2014-02-09 16:57 - 2007-11-25 05:05 - 01630113 _____ () C:\Windows\WindowsUpdate.log 2014-02-08 18:15 - 2009-03-08 13:03 - 00000000 ____D () C:\ProgramData\Lexware 2014-02-08 16:54 - 2011-04-08 18:04 - 00000000 ____D () C:\Program Files\SpeedFan 2014-02-08 13:19 - 2006-11-02 11:33 - 00962870 _____ () C:\Windows\system32\PerfStringBackup.INI 2014-02-08 13:13 - 2008-09-22 18:40 - 00000000 ____D () C:\Users\RSR\AppData\Roaming\Apple Computer 2014-02-08 13:12 - 2011-12-02 20:01 - 00000310 _____ () C:\Windows\Tasks\GlaryInitialize.job 2014-02-08 13:12 - 2006-11-02 14:01 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2014-02-08 13:11 - 2011-04-07 17:59 - 00127544 _____ () C:\Windows\PFRO.log 2014-02-08 13:11 - 2007-08-14 14:27 - 00000000 ___HD () C:\Program Files\InstallShield Installation Information 2014-02-08 13:08 - 2006-11-02 14:01 - 00032612 _____ () C:\Windows\Tasks\SCHEDLGU.TXT 2014-02-08 13:07 - 2006-11-02 12:18 - 00000000 ____D () C:\Windows\system32\de-DE 2014-02-08 12:54 - 2007-08-14 15:58 - 00000000 ____D () C:\Users\Public\Documents\.GamesData 2014-02-08 12:54 - 2007-08-14 15:58 - 00000000 ____D () C:\Program Files\Acer GameZone 2014-02-08 12:51 - 2007-08-14 15:40 - 00000000 ____D () C:\Program Files\CyberLink 2014-02-08 12:50 - 2014-02-08 12:14 - 00000000 ____D () C:\Program Files\McAfee Security Scan 2014-02-08 12:45 - 2007-08-14 15:14 - 00000000 ____D () C:\Program Files\Common Files\NewTech Infosystems 2014-02-08 12:34 - 2014-02-08 12:34 - 00000218 _____ () C:\Users\RSR\AppData\Local\recently-used.xbel 2014-02-08 12:34 - 2013-05-21 19:55 - 00000000 ____D () C:\Users\RSR\AppData\Roaming\inkscape 2014-02-08 12:22 - 2014-02-08 12:21 - 17890696 _____ (Adobe Systems Incorporated) C:\Users\RSR\Downloads\install_flash_player(1).exe 2014-02-08 12:15 - 2007-12-15 17:49 - 00000000 ____D () C:\Users\RSR\AppData\Local\Adobe 2014-02-08 12:14 - 2014-02-08 12:14 - 00000000 ____D () C:\ProgramData\McAfee 2014-02-08 12:10 - 2014-02-08 12:10 - 00001730 _____ () C:\Users\Public\Desktop\QuickTime Player.lnk 2014-02-08 12:10 - 2014-02-08 12:09 - 00000000 ____D () C:\Program Files\QuickTime 2014-02-08 12:09 - 2008-09-22 18:37 - 00000000 ____D () C:\ProgramData\Apple Computer 2014-02-08 12:09 - 2008-09-22 18:36 - 00000000 ____D () C:\Program Files\Common Files\Apple 2014-02-08 12:05 - 2014-02-08 12:05 - 00000000 ____D () C:\Program Files\Apple Software Update 2014-02-08 12:02 - 2014-02-08 12:00 - 41404760 _____ (Apple Inc.) C:\Users\RSR\Downloads\QuickTimeInstaller.exe 2014-02-08 08:26 - 2012-10-07 00:02 - 00000000 ____D () C:\Program Files\Blaze Audio 2014-02-08 08:22 - 2012-10-08 21:19 - 00000000 ____D () C:\Program Files\Audacity 2014-02-08 08:18 - 2012-10-08 21:27 - 00000000 ____D () C:\Users\RSR\AppData\Roaming\Audacity 2014-02-07 22:02 - 2014-02-07 22:02 - 00040776 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamswissarmy.sys 2014-02-07 21:10 - 2014-02-07 21:10 - 00347816 _____ (Microsoft Corporation) C:\Users\RSR\Downloads\MicrosoftFixit.WindowsFirewall.RNP.6331523040934190.1.1.Run.exe 2014-02-07 21:08 - 2014-02-07 21:08 - 00000866 _____ () C:\Users\RSR\Downloads\avira-eu-cleaner_de.exe - Verknüpfung.lnk 2014-02-07 21:08 - 2014-02-07 21:08 - 00000866 _____ () C:\Users\RSR\Desktop\avira-eu-cleaner.lnk 2014-02-07 17:50 - 2014-02-07 17:16 - 00574560 _____ (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\klif.sys 2014-02-07 17:50 - 2013-10-17 15:47 - 00135776 _____ (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\kl1.sys 2014-02-07 17:50 - 2013-06-06 17:38 - 00144992 _____ (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\kneps.sys 2014-02-07 17:23 - 2014-02-07 17:23 - 00002115 _____ () C:\Users\RSR\Desktop\Sicherer Zahlungsverkehr.lnk 2014-02-07 17:22 - 2009-05-22 10:10 - 00000000 ____D () C:\ProgramData\Kaspersky Lab Setup Files 2014-02-07 17:20 - 2014-02-07 17:21 - 00001005 _____ () C:\Users\Public\Desktop\Kaspersky Internet Security.lnk 2014-02-07 17:19 - 2007-12-13 18:30 - 00000000 ____D () C:\Users\RSR 2014-02-07 17:16 - 2014-02-07 17:16 - 00000000 ____D () C:\Program Files\Kaspersky Lab 2014-02-07 17:12 - 2014-02-07 16:50 - 256314176 _____ () C:\Users\RSR\Downloads\kis14.0.0.4651abDE_5155.exe 2014-02-07 16:33 - 2012-09-09 00:49 - 00000000 ____D () C:\Program Files\Spybot - Search & Destroy 2014-02-07 16:31 - 2012-09-09 00:49 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy 2014-02-07 13:38 - 2012-10-13 08:08 - 00000000 ____D () C:\Users\RSR\AppData\Roaming\LavasoftStatistics 2014-02-07 13:38 - 2012-09-09 08:53 - 00000000 ____D () C:\ProgramData\Lavasoft 2014-02-07 12:33 - 2006-11-02 12:18 - 00000000 ____D () C:\Windows\rescache 2014-02-07 11:54 - 2006-11-02 12:18 - 00000000 ____D () C:\Windows\Microsoft.NET 2014-02-07 11:31 - 2011-12-08 18:45 - 00000000 ____D () C:\Program Files\Microsoft Silverlight 2014-02-07 11:31 - 2006-11-02 13:47 - 00368896 _____ () C:\Windows\system32\FNTCACHE.DAT 2014-02-07 11:27 - 2007-08-14 14:28 - 00000000 ____D () C:\Windows\system32\RTCOM 2014-02-07 11:27 - 2006-11-02 16:31 - 00000000 ____D () C:\Windows\system32\Drivers\de-DE 2014-02-07 11:27 - 2006-11-02 13:37 - 00000000 ____D () C:\Windows\system32\XPSViewer 2014-02-07 11:27 - 2006-11-02 13:37 - 00000000 ____D () C:\Program Files\Windows Journal 2014-02-07 11:04 - 2007-08-14 15:50 - 00000000 ____D () C:\ProgramData\Microsoft Help 2014-02-07 10:18 - 2014-02-07 10:13 - 00000000 ____D () C:\Windows\system32\MRT 2014-02-07 09:38 - 2006-11-02 12:18 - 00000000 ____D () C:\Windows\tracing 2014-02-07 07:28 - 2012-11-11 20:24 - 00000000 ____D () C:\Program Files\Malwarebytes' Anti-Malware 2014-02-07 07:28 - 2012-05-11 15:37 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service 2014-02-07 07:00 - 2011-09-11 08:01 - 00004319 _____ () C:\Windows\IE9_main.log 2014-02-07 06:59 - 2014-02-07 06:58 - 18733360 _____ (Microsoft Corporation) C:\Users\RSR\Downloads\IE9-WindowsVista-x86-deu.exe 2014-02-07 06:25 - 2014-02-07 06:25 - 00347816 _____ (Microsoft Corporation) C:\Users\RSR\Downloads\MicrosoftFixit.wu.RNP.38315177170263812.1.1.Run.exe 2014-02-06 23:03 - 2014-02-06 23:03 - 02209056 _____ () C:\Users\RSR\Downloads\avira-eu-cleaner_de.exe 2014-02-05 20:06 - 2012-06-30 09:05 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe 2014-02-05 20:06 - 2011-06-19 08:43 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl 2014-02-05 18:18 - 2014-02-05 18:18 - 00051055 _____ () C:\Users\RSR\Downloads\DP-R1403 & DP-R1403-1.xlsx 2014-02-04 18:11 - 2014-02-04 18:10 - 00000000 ____D () C:\Program Files\Mozilla Firefox 2014-02-02 12:05 - 2014-02-02 12:05 - 00065123 _____ () C:\Users\RSR\Downloads\Herunterladen(2).csv 2014-01-28 17:26 - 2014-01-28 17:26 - 00294400 _____ () C:\Users\RSR\Downloads\Preisliste ab 01.07.2013.xls 2014-01-28 16:27 - 2014-01-28 16:27 - 08795847 _____ () C:\Users\RSR\Downloads\AFHC 1-4.zip 2014-01-23 21:38 - 2014-01-23 21:38 - 00000000 ____D () C:\Users\RSR\AppData\Local\TSR_Software_-_www.tsr-so 2014-01-23 20:07 - 2014-01-23 20:02 - 00000000 ____D () C:\Users\RSR\Documents\TSR Software 2014-01-23 20:02 - 2014-01-23 20:02 - 00000796 _____ () C:\Users\Public\Desktop\Watermark Image.lnk 2014-01-23 20:01 - 2014-01-23 20:01 - 02983405 ____N () C:\Users\RSR\Downloads\watermark-image-free_2.7.3.2.zip 2014-01-23 18:30 - 2014-01-23 18:30 - 01725064 ____N () C:\Users\RSR\Downloads\Adaware_Installer(6).exe ZeroAccess: C:\$Recycle.Bin\S-1-5-21-3318535885-2036192723-3077812158-1000\$ecbf0d19cddafb12959d4ce4e3362c24 ZeroAccess: C:\$Recycle.Bin\S-1-5-18\$ecbf0d19cddafb12959d4ce4e3362c24 Files to move or delete: ==================== C:\Users\RSR\PC Booster 7 Full License.exe Some content of TEMP: ==================== C:\Users\RSR\AppData\Local\Temp\RtkBtMnt.exe C:\Users\RSR\AppData\Local\Temp\sfamcc00001.dll C:\Users\RSR\AppData\Local\Temp\sfareca00001.dll ==================== Bamital & volsnap Check ================= C:\Windows\explorer.exe => MD5 is legit C:\Windows\system32\winlogon.exe => MD5 is legit C:\Windows\system32\wininit.exe => MD5 is legit C:\Windows\system32\svchost.exe => MD5 is legit C:\Windows\system32\services.exe => MD5 is legit C:\Windows\system32\User32.dll => MD5 is legit C:\Windows\system32\userinit.exe => MD5 is legit C:\Windows\system32\rpcss.dll => MD5 is legit C:\Windows\system32\Drivers\volsnap.sys => MD5 is legit LastRegBack: 2014-02-08 13:18 ==================== End Of Log ============================ FRST Additions Logfile: Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x86) Version: 09-02-2014 02 Ran by RSR at 2014-02-09 18:01:51 Running from C:\Users\RSR\Desktop Boot Mode: Normal ========================================================== ==================== Security Center ======================== AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} ==================== Installed Programs ====================== Update for Microsoft Office 2007 (KB2508958) (Version: - Microsoft) ABBYY FineReader 9.0 Sprint (Version: 9.01.513.58212 - ABBYY) ABBYY FineReader 9.0 Sprint (Version: 9.01.513.58212 - ABBYY) Hidden Acer Arcade Deluxe (Version: 1.12.4327 - CyberLink Corporation) Acer Crystal Eye webcam (Version: 1.0.13 - SUYIN) Acer Crystal Eye Webcam Video Class Camera (Version: 5.8.30.500-1.0 - Suyin) Acer eAudio Management (Version: 2.5.4012 - ) Acer eDataSecurity Management (Version: 2.5.4241 - HiTRUST Inc.) Acer eLock Management (Version: 2.5.4005 - Acer Inc.) Acer Empowering Technology (Version: 2.5.4006 - Acer Inc.) Acer eNet Management (Version: 2.6.4007 - Acer Inc.) Acer ePower Management (Version: 2.5.4021 - Acer Inc.) Acer ePresentation Management (Version: 2.5.4002 - Acer Inc.) Acer eSettings Management (Version: 2.5.4008 - Acer Inc.) Acer GridVista (Version: 2.68.622 - ) Acer Mobility Center Plug-In (Version: 1.0.3003 - Acer Inc.) Acer ScreenSaver (Version: 1.11.20070515 - Acer Inc.) Acer Tour (Version: 2.0.1003 - Acer Inc.) Activation Assistant for the 2007 Microsoft Office suites (Version: - Microsoft Corporation) Activation Assistant for the 2007 Microsoft Office suites (Version: 1.0 - Microsoft Corporation) Hidden Ad-Aware Browsing Protection (Version: 1.0.1.82 - ) Adobe Flash Player 10 Plugin (Version: 10.0.32.18 - Adobe Systems Incorporated) Adobe Flash Player 12 ActiveX (Version: 12.0.0.44 - Adobe Systems Incorporated) Adobe Reader X (10.1.9) - Deutsch (Version: 10.1.9 - Adobe Systems Incorporated) ALPS Touch Pad Driver (Version: - Alps Electric) Apple Application Support (Version: 2.3.4 - Apple Inc.) Apple Mobile Device Support (Version: 2.1.0.25 - Apple Inc.) Apple Software Update (Version: 2.1.3.127 - Apple Inc.) Ashampoo Home Designer Pro v.1.0.1 (Version: 1.0.1 - Creative Amadeo GmbH) Ashampoo Home Designer1.0.0 (Version: 1.0.0.0 - Creative Amadeo GmbH) Ask Toolbar (Version: 1.11.3.0 - Ask.com) <==== ATTENTION Audacity 2.0.2 (Version: 2.0.2 - Audacity Team) Batronix Prog-Express (Version: 2.5.1 - Batronix) CCleaner (Version: 3.05 - Piriform) Chinese Traditional Fonts Support For Adobe Reader 8 (Version: 8.0.0 - Adobe Systems) Cobian Backup 11 Gravity (Version: - ) Command & Conquer Teil 3: Operation Tiberian Sun (Version: - ) Defraggler (Version: 2.03 - Piriform) DirectX for Managed Code Update (Summer 2004) (Version: 9.02.2904 - Microsoft) Hidden Druckerdeinstallation für EPSON SX125 Series (Version: - SEIKO EPSON Corporation) ElsaWin (Version: - ) Epson Easy Photo Print 2 (Version: 2.2.3.0 - SEIKO EPSON CORPORATION) Epson Easy Photo Print Plug-in for PMB(Picture Motion Browser) (Version: 1.00.0000 - SEIKO EPSON CORPORATION) EPSON Scan (Version: - Seiko Epson Corporation) EPSON SX125 Series Handbuch (Version: - ) EVEREST Home Edition v2.20 (Version: 2.20 - Lavalys Inc) Expstudio Audio Editor FREE (Version: 4.31 - Expstudio.com) Fraps (Version: - ) Glary Utilities 2.39.0.1310 (Version: 2.39.0.1310 - Glarysoft Ltd) GT Legends 1.0.0.0 (Version: v1.0.0.0 - 10tacle Studios Publishing) Gtech PASS RR 2.0 (Version: 2.0.0 - Tesla Electronics) HDAUDIO Soft Data Fax Modem with SmartCP (Version: - ) Intel(R) Graphics Media Accelerator Driver (Version: - ) Intel(R) Matrix Storage Manager (Version: - ) Java Auto Updater (Version: 2.0.6.1 - Sun Microsystems, Inc.) Hidden Java(TM) 6 Update 2 (Version: 1.6.0.20 - Sun Microsystems, Inc.) Java(TM) 6 Update 22 (Version: 6.0.220 - Oracle) Java(TM) 6 Update 30 (Version: 6.0.300 - Oracle) Kaspersky Internet Security (Version: 14.0.0.4651 - Kaspersky Lab) Kaspersky Internet Security (Version: 14.0.0.4651 - Kaspersky Lab) Hidden Launch Manager (Version: - ) Lexware Abschreibungsrechner (Version: 7.00.04.0003 - Lexware GmbH & Co. KG) Lexware buchhalter 2012 (Version: 17.02.00.0185 - Haufe-Lexware GmbH & Co.KG) Lexware büro easy (Version: 21.00.04.0089 - Lexware GmbH & Co. KG) Lexware Elster (Version: 12.10.00.0274 - Haufe-Lexware GmbH & Co.KG) Lexware Info Service (Version: 2.80.00.0007 - Haufe-Lexware GmbH & Co.KG) Lexware online banking (Version: 14.00.00.0076 - Haufe-Lexware GmbH & Co.KG) LightScribe 1.4.142.1 (Version: 1.4.142.1 - hxxp://www.lightscribe.com) Hidden LiveUpdate Notice (Symantec Corporation) (Version: 1.4.5 - Symantec Corporation) LogWorks (Version: 2.04 - Innovate! Technologies) LogWorks3 (Version: 3.06 - Innovate! Technologies) Malwarebytes Anti-Malware Version 1.75.0.1300 (Version: 1.75.0.1300 - Malwarebytes Corporation) Microsoft .NET Framework 3.5 Language Pack SP1 - DEU (Version: - Microsoft Corporation) Microsoft .NET Framework 3.5 Language Pack SP1 - deu (Version: 3.5.30729 - Microsoft Corporation) Hidden Microsoft .NET Framework 3.5 SP1 (Version: - Microsoft Corporation) Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729 - Microsoft Corporation) Hidden Microsoft .NET Framework 4 Client Profile DEU Language Pack (Version: 4.0.30319 - Microsoft Corporation) Microsoft .NET Framework 4 Client Profile DEU Language Pack (Version: 4.0.30319 - Microsoft Corporation) Hidden Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden Microsoft Application Error Reporting (Version: 12.0.6012.5000 - Microsoft Corporation) Hidden Microsoft Choice Guard (Version: 2.0.48.0 - Microsoft Corporation) Hidden Microsoft Office 2007 Service Pack 3 (SP3) (Version: - Microsoft) Hidden Microsoft Office Excel MUI (German) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office File Validation Add-In (Version: 14.0.5130.5003 - Microsoft Corporation) Microsoft Office Home and Student 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Microsoft Office Home and Student 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office Live Add-in 1.5 (Version: 2.0.4024.1 - Microsoft Corporation) Microsoft Office OneNote MUI (German) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office PowerPoint MUI (German) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office Proof (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office Proof (French) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office Proof (German) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office Proof (Italian) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office Proofing (German) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) (Version: - Microsoft) Hidden Microsoft Office Shared MUI (German) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office Word MUI (German) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Silverlight (Version: 5.1.20913.0 - Microsoft Corporation) Microsoft SQL Server 2005 Compact Edition [ENU] (Version: 3.1.0000 - Microsoft Corporation) Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (Version: 8.0.50727.4053 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (Version: 8.0.56336 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (Version: 10.0.40219 - Microsoft Corporation) Microsoft Works (Version: 08.05.0822 - Microsoft Corporation) Mobile Partner (Version: 21.005.15.00.705 - Huawei Technologies Co.,Ltd) Mozilla Firefox 27.0 (x86 de) (Version: 27.0 - Mozilla) Mozilla Maintenance Service (Version: 27.0 - Mozilla) MSVCRT (Version: 14.0.1468.721 - Microsoft) Hidden MSXML 4.0 SP2 (KB936181) (Version: 4.20.9848.0 - Microsoft Corporation) MSXML 4.0 SP2 (KB941833) (Version: 4.20.9849.0 - Microsoft Corporation) MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0 - Microsoft Corporation) MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0 - Microsoft Corporation) Mystery Case Files - Prime Suspects (Version: - Oberon Media) Mystery Case Files Ravenhearst (Version: - Oberon Media) Need for Speed Underground 2 (Version: - ) OpenOffice.org 3.3 (Version: 3.3.9567 - OpenOffice.org) Orion (Version: 1.0.214 - Convesoft) PDF24 Creator 5.3.0 (Version: - PDF24.org) PDFCreator (Version: 1.2.3 - Frank Heindörfer, Philip Chinery) PDF-Viewer (Version: 2.5.210.0 - Tracker Software Products Ltd) PL-2303 USB-to-Serial (Version: - ) PL-2303HXD Vista Driver Installer (Version: 3.0.0.1 - Prolific Technology Inc.) Pro Evolution Soccer 2008 (Version: 1.00.0000 - KONAMI) Pro Evolution Soccer 2008 (Version: 1.00.0000 - KONAMI) Hidden Prog-Studio 2007 (Version: 2007 - Batronix) QuickTime (Version: 7.74.80.86 - Apple Inc.) Realtek High Definition Audio Driver (Version: 6.0.1.5443 - Realtek Semiconductor Corp.) RICOH R5C83x/84x Flash Media Controller Driver Ver.3.51.01 (Version: 3.51.01 - ) Scope (Version: 1.22.0 - Zeitnitz) Servicepack Datumsaktualisierung (Version: 1.00.00.0005 - Haufe-Lexware) Hidden Softonic toolbar on IE (Version: - Softonic) <==== ATTENTION SpeedFan (remove only) (Version: - ) SSC Service Utility v4.30 (Version: - SSC Localization Group) Sweet Home 3D version 4.0 (Version: - eTeks) TSR Watermark Image software version 2.7.3.2 - Free version (Version: 2.7.3.2 - TSR Software) <==== ATTENTION TunerPro RT v5.00 (Version: - ) Update for 2007 Microsoft Office System (KB967642) (Version: - Microsoft) Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (Version: 1 - Microsoft Corporation) Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition (Version: - Microsoft) Update for Microsoft Office 2007 suites (KB2687493) 32-Bit Edition (Version: - Microsoft) Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (Version: - Microsoft) Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition (Version: - Microsoft) Update für Microsoft Office Excel 2007 Help (KB963678) (Version: - Microsoft) Update für Microsoft Office Powerpoint 2007 Help (KB963669) (Version: - Microsoft) Update für Microsoft Office Word 2007 Help (KB963665) (Version: - Microsoft) VLC media player 1.1.0 (Version: 1.1.0 - VideoLAN) Vodafone Mobile Connect Lite (Version: 9.3.3.10523 - Vodafone) WICE-M4 (Version: 1.20 - LEAP) Windows Driver Package - Innovate Motorsports Innovate USB Driver (10/12/2009 1.4.1.0) (Version: 10/12/2009 1.4.1.0 - Innovate Motorsports) Windows Live Anmelde-Assistent (Version: 5.000.818.5 - Microsoft Corporation) Windows Live Communications Platform (Version: 14.0.8117.416 - Microsoft Corporation) Hidden Windows Live Essentials (Version: 14.0.8117.0416 - Microsoft Corporation) Windows Live Essentials (Version: 14.0.8117.416 - Microsoft Corporation) Hidden Windows Live Fotogalerie (Version: 14.0.8117.416 - Microsoft Corporation) Hidden Windows Live Movie Maker (Version: 14.0.8117.0416 - Microsoft Corporation) Hidden Windows Live Sync (Version: 14.0.8117.416 - Microsoft Corporation) Windows Live-Uploadtool (Version: 14.0.8014.1029 - Microsoft Corporation) WinOLS 1.x (Version: 1.x - EVC electronic GmbH) WinRAR (Version: - ) Zuma Deluxe (Version: - Oberon Media) ==================== Restore Points ========================= 07-02-2014 12:34:54 AA11 07-02-2014 15:26:01 erster nach Viren Entfernung 07-02-2014 16:18:35 Gerätetreiber-Paketinstallation: Kaspersky Lab Netzwerkdienst 08-02-2014 11:06:25 Installed QuickTime 08-02-2014 11:38:16 Konfiguriert NTI CD & DVD-Maker 08-02-2014 11:44:45 Entfernt NTI Backup NOW! 4.7 08-02-2014 11:57:05 Removed Ask Toolbar. 08-02-2014 11:58:34 Removed Ask Toolbar. 08-02-2014 12:02:07 Removed Ask Toolbar. 08-02-2014 12:06:04 Windows Update ==================== Hosts content: ========================== 2006-11-02 11:23 - 2006-09-18 22:41 - 00000761 ____A C:\Windows\system32\Drivers\etc\hosts 127.0.0.1 localhost ::1 localhost ==================== Scheduled Tasks (whitelisted) ============= Task: {0CD45163-EB8A-4961-9AF8-87D283CE5114} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2014-02-05] (Adobe Systems Incorporated) Task: {116FEAF8-C2C8-4E4B-BA3B-FFDE110D9FAB} - System32\Tasks\GlaryInitialize => C:\Program Files\Glary Utilities\initialize.exe [2011-11-01] (Glarysoft Ltd) Task: {133AC8D3-4310-4E82-B792-02D36E5142FD} - System32\Tasks\Microsoft\Windows\NetworkAccessProtection\NAPStatus UI Task: {1CC81347-6204-4B83-900C-01E02F50F067} - System32\Tasks\Microsoft\Windows\MobilePC\TMM Task: {3BCDF251-CA5C-4045-A1FC-8FCEF9FBDC93} - System32\Tasks\Microsoft\Windows\Shell\CrawlStartPages Task: {44980BEE-7809-44A9-AC24-D6E578A3B7DF} - System32\Tasks\Microsoft\Windows\RAC\RACAgent => C:\Windows\system32\RacAgent.exe [2008-01-19] (Microsoft Corporation) Task: {4D46BA3A-D092-4356-A727-97880664C13C} - System32\Tasks\Microsoft\Windows Defender\MP Scheduled Signature Update => c:\program files\windows defender\MpCmdRun.exe [2008-01-19] (Microsoft Corporation) Task: {527FFFFA-56F9-4A55-91AB-5E5CAB73ED90} - System32\Tasks\Microsoft\Windows\WindowsBackup\AutomaticBackup => Rundll32.exe /d sdengin2.dll,ExecuteScheduledBackup Task: {9553C97D-37CB-4618-ABA5-7B9D477CDA1F} - System32\Tasks\Microsoft\Windows\Tcpip\WSHReset => C:\Windows\system32\netsh.exe [2006-11-02] (Microsoft Corporation) Task: {AEFE5B8B-E139-4229-B7E0-F0C096671F2C} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.) Task: {E5150B95-F9B4-4D5D-95A2-7EC1ACBA95F8} - System32\Tasks\Microsoft\Windows\Wireless\GatherWirelessInfo => C:\Windows\system32\gatherWirelessInfo.vbs [2008-01-05] () Task: {EE8880C8-EF96-4000-B8C1-7B79D60A7EA8} - System32\Tasks\Ad-Aware Antivirus Scheduled Scan => C:\PROGRA~1\AD-AWA~1\AdAwareLauncher.exe Task: {FB80229D-D70E-476B-826D-14CB631EBE34} - System32\Tasks\Scheduled Update for Ask Toolbar => C:\Program Files\Ask.com\UpdateTask.exe [2011-02-01] () Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe Task: C:\Windows\Tasks\GlaryInitialize.job => C:\Program Files\Glary Utilities\initialize.exe ==================== Loaded Modules (whitelisted) ============= 2008-06-09 19:34 - 2007-09-20 17:34 - 00129024 _____ () C:\Program Files\WinRAR\rarext.dll 2013-06-17 12:35 - 2013-06-17 12:35 - 00478400 _____ () C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\dblite.dll 2013-07-22 20:12 - 2014-02-08 16:54 - 00172032 _____ () C:\Users\RSR\AppData\Local\Temp\sfareca00001.dll 2011-04-08 18:04 - 2014-02-08 16:54 - 00192512 _____ () C:\Users\RSR\AppData\Local\Temp\sfamcc00001.dll 2014-02-04 18:10 - 2014-02-04 18:11 - 03583600 _____ () C:\Program Files\Mozilla Firefox\mozjs.dll 2014-02-05 20:06 - 2014-02-05 20:06 - 16287624 _____ () C:\Windows\system32\Macromed\Flash\NPSWF32_12_0_0_44.dll ==================== Alternate Data Streams (whitelisted) ========= AlternateDataStreams: C:\ProgramData\TEMP:05EE1EEF AlternateDataStreams: C:\ProgramData\TEMP:BF040455 ==================== Safe Mode (whitelisted) =================== HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver" ==================== Faulty Device Manager Devices ============= ==================== Event log errors: ========================= Application errors: ================== Error: (02/08/2014 01:02:25 PM) (Source: MsiInstaller) (User: R1) Description: Produkt: Ask Toolbar -- Fehler 2738. Für die benutzerdefinierte Aktion konnte nicht auf die VBScript-Laufzeitumgebung zugegriffen werden. Error: (02/08/2014 00:59:02 PM) (Source: MsiInstaller) (User: R1) Description: Produkt: Ask Toolbar -- Fehler 2738. Für die benutzerdefinierte Aktion konnte nicht auf die VBScript-Laufzeitumgebung zugegriffen werden. Error: (02/08/2014 00:57:28 PM) (Source: MsiInstaller) (User: R1) Description: Produkt: Ask Toolbar -- Fehler 2738. Für die benutzerdefinierte Aktion konnte nicht auf die VBScript-Laufzeitumgebung zugegriffen werden. Error: (02/08/2014 00:44:44 PM) (Source: VSS) (User: ) Description: Volumeschattenkopie-Dienstfehler: Beim Abfragen nach der Schnittstelle "IVssWriterCallback" ist ein unerwarteter Fehler aufgetreten. hr = 0x80070005. Die Ursache hierfür ist oft eine falsche Sicherheitseinstellung im Schreib- oder Anfrageprozess. Vorgang: Generatordaten werden gesammelt Kontext: Generatorklassen-ID: {e8132975-6f93-4464-a53e-1050253ae220} Generatorname: System Writer Generatorinstanz-ID: {f2444b4b-2249-4135-9115-bd06d9f2a8b4} Error: (02/08/2014 00:38:15 PM) (Source: VSS) (User: ) Description: Volumeschattenkopie-Dienstfehler: Beim Abfragen nach der Schnittstelle "IVssWriterCallback" ist ein unerwarteter Fehler aufgetreten. hr = 0x80070005. Die Ursache hierfür ist oft eine falsche Sicherheitseinstellung im Schreib- oder Anfrageprozess. Vorgang: Generatordaten werden gesammelt Kontext: Generatorklassen-ID: {e8132975-6f93-4464-a53e-1050253ae220} Generatorname: System Writer Generatorinstanz-ID: {f2444b4b-2249-4135-9115-bd06d9f2a8b4} Error: (02/08/2014 00:20:44 PM) (Source: Application Error) (User: ) Description: Fehlerhafte Anwendung FlashPlayerPlugin_12_0_0_44.exe, Version 12.0.0.44, Zeitstempel 0x52e70cce, fehlerhaftes Modul ShimEng.dll_unloaded, Version 0.0.0.0, Zeitstempel 0x4549bdb7, Ausnahmecode 0xc0000005, Fehleroffset 0x6b944618, Prozess-ID 0xc5c, Anwendungsstartzeit FlashPlayerPlugin_12_0_0_44.exe0. Error: (02/08/2014 00:20:27 PM) (Source: Application Error) (User: ) Description: Fehlerhafte Anwendung plugin-container.exe, Version 27.0.0.5140, Zeitstempel 0x52e75173, fehlerhaftes Modul NPSWF32_12_0_0_44.dll, Version 12.0.0.44, Zeitstempel 0x52e70f10, Ausnahmecode 0x80000003, Fehleroffset 0x00347dad, Prozess-ID 0x67c, Anwendungsstartzeit plugin-container.exe0. Error: (02/08/2014 00:20:24 PM) (Source: Application Error) (User: ) Description: Fehlerhafte Anwendung FlashPlayerPlugin_12_0_0_44.exe, Version 12.0.0.44, Zeitstempel 0x52e70cce, fehlerhaftes Modul ShimEng.dll_unloaded, Version 0.0.0.0, Zeitstempel 0x4549bdb7, Ausnahmecode 0xc0000005, Fehleroffset 0x6b944618, Prozess-ID 0xa00, Anwendungsstartzeit FlashPlayerPlugin_12_0_0_44.exe0. Error: (02/08/2014 00:20:11 PM) (Source: Application Error) (User: ) Description: Fehlerhafte Anwendung FlashPlayerPlugin_12_0_0_44.exe, Version 12.0.0.44, Zeitstempel 0x52e70cce, fehlerhaftes Modul ShimEng.dll_unloaded, Version 0.0.0.0, Zeitstempel 0x4549bdb7, Ausnahmecode 0xc0000005, Fehleroffset 0x6b944618, Prozess-ID 0xd20, Anwendungsstartzeit FlashPlayerPlugin_12_0_0_44.exe0. Error: (02/08/2014 00:19:48 PM) (Source: Application Error) (User: ) Description: Fehlerhafte Anwendung FlashPlayerPlugin_12_0_0_44.exe, Version 12.0.0.44, Zeitstempel 0x52e70cce, fehlerhaftes Modul ShimEng.dll_unloaded, Version 0.0.0.0, Zeitstempel 0x4549bdb7, Ausnahmecode 0xc0000005, Fehleroffset 0x6b944618, Prozess-ID 0xf28, Anwendungsstartzeit FlashPlayerPlugin_12_0_0_44.exe0. System errors: ============= Error: (02/08/2014 01:13:33 PM) (Source: Service Control Manager) (User: ) Description: SBRE Error: (02/08/2014 01:13:33 PM) (Source: Service Control Manager) (User: ) Description: Mobile Partner. OUC%%1053 Error: (02/08/2014 01:13:33 PM) (Source: Service Control Manager) (User: ) Description: 30000Mobile Partner. OUC Error: (02/08/2014 01:13:33 PM) (Source: Service Control Manager) (User: ) Description: Windows-FirewallBasisfiltermodul%%5 Error: (02/08/2014 01:13:33 PM) (Source: Service Control Manager) (User: ) Description: Basisfiltermodul%%5 Error: (02/08/2014 01:13:33 PM) (Source: Service Control Manager) (User: ) Description: BX40 Driver (bx40.sys)%%1058 Error: (02/07/2014 10:53:37 PM) (Source: Service Control Manager) (User: ) Description: SBRE Error: (02/07/2014 10:53:37 PM) (Source: Service Control Manager) (User: ) Description: Mobile Partner. OUC%%1053 Error: (02/07/2014 10:53:37 PM) (Source: Service Control Manager) (User: ) Description: 30000Mobile Partner. OUC Error: (02/07/2014 10:53:37 PM) (Source: Service Control Manager) (User: ) Description: Windows-FirewallBasisfiltermodul%%5 Microsoft Office Sessions: ========================= CodeIntegrity Errors: =================================== Date: 2014-02-09 18:01:37.354 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\kneps.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. Date: 2014-02-09 18:01:36.803 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\kneps.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. Date: 2014-02-09 18:01:36.238 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\kneps.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. Date: 2014-02-09 18:01:35.666 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\kneps.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. Date: 2014-02-09 18:01:34.984 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\klif.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. Date: 2014-02-09 18:01:34.361 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\klif.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. Date: 2014-02-09 18:01:33.782 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\klif.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. Date: 2014-02-09 18:01:33.213 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\klif.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. Date: 2014-02-09 18:01:32.657 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\klif.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. Date: 2014-02-09 18:01:32.084 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\klif.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. ==================== Memory info =========================== Percentage of memory in use: 67% Total physical RAM: 2037.32 MB Available physical RAM: 672.2 MB Total Pagefile: 4315.9 MB Available Pagefile: 2535.79 MB Total Virtual: 2047.88 MB Available Virtual: 1891.45 MB ==================== Drives ================================ Drive c: (ACER) (Fixed) (Total:69.27 GB) (Free:16.42 GB) NTFS ==>[Drive with boot components (obtained from BCD)] Drive d: (DATA) (Fixed) (Total:38.58 GB) (Free:20.03 GB) NTFS Drive f: () (Fixed) (Total:30.44 GB) (Free:2.28 GB) NTFS Drive g: (Transcend) (Removable) (Total:7.53 GB) (Free:6.75 GB) FAT32 Drive h: (TOSHIBA) (Removable) (Total:7.2 GB) (Free:6.63 GB) FAT32 ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or 8) (Size: 149 GB) (Disk ID: 6C49F5D7) Partition 1: (Not Active) - (Size=11 GB) - (Type=27) Partition 2: (Active) - (Size=69 GB) - (Type=0E) Partition 3: (Not Active) - (Size=39 GB) - (Type=07 NTFS) Partition 4: (Not Active) - (Size=30 GB) - (Type=OF Extended) ======================================================== Disk: 1 (MBR Code: Windows XP) (Size: 8 GB) (Disk ID: C3072E18) Partition 1: (Active) - (Size=8 GB) - (Type=0C) ======================================================== Disk: 2 (MBR Code: Windows XP) (Size: 7 GB) (Disk ID: C3072E18) Partition 1: (Active) - (Size=7 GB) - (Type=0C) ==================== End Of Log ============================ |
10.02.2014, 12:43 | #4 |
/// the machine /// TB-Ausbilder | E-Mail wird auf Fake-Account umgeleitet hi, Scan mit Combofix
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
10.02.2014, 20:09 | #5 |
| E-Mail wird auf Fake-Account umgeleitet Danke für die Nachricht, das werde ich machen leider fehlt mir heute die Zeit. Ich werden es morgen versuchen. PS: Nachrichten empfangen kann ich von der original Mailadresse, es werden scheinbar nur meine Sendungen umgeleitet. |
11.02.2014, 17:34 | #6 |
/// the machine /// TB-Ausbilder | E-Mail wird auf Fake-Account umgeleitet Auf jeden Fall PW vom Account ändern.
__________________ --> E-Mail wird auf Fake-Account umgeleitet |
12.02.2014, 19:21 | #7 |
| E-Mail wird auf Fake-Account umgeleitet Hallo, ich habe heute die Software probiert leider ist der Rechner danach nicht mehr hochgefahren, die Windows Startreparatur hat nicht funktioniert dann wurde auf den Wiederherstellungspunkt zurückgesetzt der zuvor erstellt wurde. Habe ich was falsch gemacht? MfG Ich habe es nochmal versucht bei zweiten mal hat es funktioniert, hier die Datei Kaspersky meckert wegen Combofix kann das gelöscht werden? Code:
ATTFilter ComboFix 14-02-12.01 - RSR 12.02.2014 18:43:30.1.2 - x86 ausgeführt von:: c:\users\RSR\Desktop\ComboFix.exe . . (((((((((((((((((((((((((((((((((((( Weitere Löschungen )))))))))))))))))))))))))))))))))))))))))))))))) . . c:\drv\Tuner\Yuan\Resources\_desktop.ini c:\windows\IsUn0407.exe c:\windows\system32\frapsvid.dll c:\windows\unin0407.exe f:\windows\system32\Desktop_.ini . ---- Vorheriger Suchlauf ------- . c:\drv\Tuner\Yuan\Resources\_desktop.ini c:\users\RSR\4.0 c:\users\RSR\AppData\Local\Temp\sfamcc00001.dll c:\users\RSR\AppData\Local\Temp\sfareca00001.dll c:\windows\IsUn0407.exe c:\windows\system32\frapsvid.dll c:\windows\unin0407.exe f:\windows\system32\Desktop_.ini . . ((((((((((((((((((((((((((((((((((((((( Treiber/Dienste ))))))))))))))))))))))))))))))))))))))))))))))))) . . -------\Service_WinDriver -------\Service_WinDriver . . ((((((((((((((((((((((( Dateien erstellt von 2014-01-12 bis 2014-02-12 )))))))))))))))))))))))))))))) . . 2014-02-12 16:02 . 2014-02-12 16:02 -------- d-----w- c:\users\RSR\AppData\Local\Temp(4) 2014-02-12 15:48 . 2014-02-12 15:48 -------- d-----w- C:\$RECYCLE(0).BIN 2014-02-09 16:59 . 2014-02-09 17:02 -------- d-----w- C:\FRST 2014-02-08 11:14 . 2014-02-08 11:14 -------- d-----w- c:\programdata\McAfee 2014-02-08 11:14 . 2014-02-08 11:50 -------- d-----w- c:\program files\McAfee Security Scan 2014-02-08 11:10 . 2014-02-08 11:10 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin5.dll 2014-02-08 11:10 . 2014-02-08 11:10 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin4.dll 2014-02-08 11:10 . 2014-02-08 11:10 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin3.dll 2014-02-08 11:10 . 2014-02-08 11:10 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin2.dll 2014-02-08 11:10 . 2014-02-08 11:10 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin.dll 2014-02-08 11:09 . 2014-02-08 11:10 -------- d-----w- c:\program files\QuickTime 2014-02-08 11:05 . 2014-02-08 11:05 -------- d-----w- c:\program files\Apple Software Update 2014-02-07 21:02 . 2014-02-07 21:02 40776 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2014-02-07 16:16 . 2014-02-12 18:15 -------- d-----w- c:\programdata\Kaspersky Lab 2014-02-07 16:16 . 2014-02-07 16:16 -------- d-----w- c:\program files\Kaspersky Lab 2014-02-07 16:16 . 2013-06-08 19:18 94304 ----a-w- c:\windows\system32\drivers\klflt.sys 2014-02-07 09:51 . 2014-02-07 09:51 -------- d-----w- c:\windows\Migration 2014-02-07 09:23 . 2012-07-26 02:33 66560 ----a-w- c:\windows\system32\drivers\WUDFPf.sys 2014-02-07 09:23 . 2012-07-26 02:32 155136 ----a-w- c:\windows\system32\drivers\WUDFRd.sys 2014-02-07 09:23 . 2012-07-26 03:39 47720 ----a-w- c:\windows\system32\drivers\WdfLdr.sys 2014-02-07 09:13 . 2014-02-07 09:18 -------- d-----w- c:\windows\system32\MRT 2014-02-07 09:07 . 2013-04-24 04:00 41984 ----a-w- c:\windows\system32\certenc.dll 2014-02-07 09:07 . 2013-04-24 01:46 812544 ----a-w- c:\windows\system32\certutil.exe 2014-02-07 09:06 . 2013-07-17 19:41 2048 ----a-w- c:\windows\system32\tzres.dll 2014-02-07 09:06 . 2013-10-03 12:45 993792 ----a-w- c:\windows\system32\crypt32.dll 2014-02-07 09:04 . 2013-06-01 04:06 505344 ----a-w- c:\windows\system32\qedit.dll 2014-02-07 09:03 . 2013-07-16 04:35 615936 ----a-w- c:\windows\system32\themeui.dll 2014-02-07 09:02 . 2013-10-22 07:19 158208 ----a-w- c:\windows\system32\imagehlp.dll 2014-02-07 09:02 . 2013-06-26 23:01 527064 ----a-w- c:\windows\system32\drivers\Wdf01000.sys 2014-02-07 08:56 . 2013-03-08 03:52 2067968 ----a-w- c:\windows\system32\mstscax.dll 2014-02-07 08:55 . 2013-07-05 04:53 905664 ----a-w- c:\windows\system32\drivers\tcpip.sys 2014-02-07 08:54 . 2013-07-03 02:33 35328 ----a-w- c:\windows\system32\drivers\usbscan.sys 2014-02-07 08:54 . 2013-07-03 02:10 25472 ----a-w- c:\windows\system32\drivers\hidparse.sys 2014-02-07 08:54 . 2013-07-04 04:21 532480 ----a-w- c:\windows\system32\comctl32.dll 2014-02-07 08:53 . 2013-04-17 12:30 24576 ----a-w- c:\windows\system32\cryptdlg.dll 2014-02-07 08:52 . 2013-07-08 04:16 98304 ----a-w- c:\windows\system32\cryptnet.dll 2014-02-07 08:52 . 2013-07-08 04:16 133120 ----a-w- c:\windows\system32\cryptsvc.dll 2014-02-07 08:52 . 2013-04-09 03:52 1218048 ----a-w- c:\program files\Windows Journal\NBDoc.DLL 2014-02-07 08:52 . 2013-04-09 03:51 936960 ----a-w- c:\program files\Common Files\Microsoft Shared\ink\journal.dll 2014-02-07 08:52 . 2013-04-09 03:51 983552 ----a-w- c:\program files\Windows Journal\JNTFiltr.dll 2014-02-07 08:52 . 2013-04-09 03:51 964608 ----a-w- c:\program files\Windows Journal\JNWDRV.dll 2014-02-07 08:51 . 2013-02-12 01:57 15872 ----a-w- c:\windows\system32\drivers\usb8023.sys 2014-02-07 05:38 . 2014-02-07 20:12 -------- d-----w- c:\users\RSR\AppData\Local\ElevatedDiagnostics 2014-01-23 20:38 . 2014-01-23 20:38 -------- d-----w- c:\users\RSR\AppData\Local\TSR_Software_-_www.tsr-so . . . (((((((((((((((((((((((((((((((((((( Find3M Bericht )))))))))))))))))))))))))))))))))))))))))))))))))))))) . 2014-02-07 16:50 . 2013-06-06 16:38 144992 ----a-w- c:\windows\system32\drivers\kneps.sys 2014-02-07 16:50 . 2013-10-17 14:47 135776 ----a-w- c:\windows\system32\drivers\kl1.sys 2014-02-05 19:06 . 2012-06-30 08:05 692616 ----a-w- c:\windows\system32\FlashPlayerApp.exe 2014-02-05 19:06 . 2011-06-19 07:43 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2014-01-06 19:01 . 2014-01-06 18:53 168166968 ----a-w- c:\programdata\Microsoft\Windows\Start Menu\Programs\OpenOffice.org 3.3\OOo_3.3.0_Win_x86_install-wJRE_de.exe 2013-11-14 22:42 . 2014-02-07 09:27 1129472 ----a-w- c:\windows\system32\wininet.dll . . (((((((((((((((((((((((((((( Autostartpunkte der Registrierung )))))))))))))))))))))))))))))))))))))))) . . *Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. REGEDIT4 . [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks] "{00000000-6E41-4FD3-8538-502F5495E5FC}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2011-02-01 1487240] . [HKEY_CLASSES_ROOT\clsid\{00000000-6e41-4fd3-8538-502f5495e5fc}] . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "PDFPrint"="c:\program files\PDF24\pdf24.exe" [2013-02-19 162856] "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-11-21 959904] "RtHDVCpl"="RtHDVCpl.exe" [2007-07-06 4669440] "Skytel"="Skytel.exe" [2007-06-15 1826816] "APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-04-21 59720] "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2013-05-01 421888] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] "AppInit_DLLs"=c:\windows\System32\eNetHook.dll . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys] @="Driver" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfPf] @="Driver" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfRd] @="Driver" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc] @="Service" . [HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Empowering Technology Launcher.lnk] backup=c:\windows\pss\Empowering Technology Launcher.lnk.CommonStartup backupExtension=.CommonStartup HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ALaunch HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SetPanel . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acer Tour Reminder] 2007-05-22 13:49 151552 ------w- c:\acer\AcerTour\Reminder.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Apoint] 2007-06-06 08:06 159744 ----a-w- c:\program files\Apoint2K\Apoint.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\eAudio] 2007-06-11 12:54 1286144 ------w- c:\acer\Empowering Technology\eAudio\eAudio.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\eDataSecurity Loader] 2007-04-25 14:33 457216 ------w- c:\acer\Empowering Technology\eDataSecurity\eDSLoader.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray.exe] 2008-01-19 07:33 125952 ----a-w- c:\windows\ehome\ehtray.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds] 2008-02-11 11:13 166424 ----a-w- c:\windows\System32\hkcmd.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IAAnotif] 2007-03-21 12:00 174872 ----a-w- c:\program files\Intel\Intel Matrix Storage Manager\IAAnotif.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray] 2008-02-11 11:13 141848 ----a-w- c:\windows\System32\igfxtray.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LexwareInfoService] 2011-07-31 13:07 189808 ----a-w- c:\program files\Common Files\Lexware\Update Manager\LxUpdateManager.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LManager] 2007-06-27 09:15 752136 ----a-w- c:\progra~1\LAUNCH~1\LManager.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MobileConnect] 2008-07-04 10:52 2072576 ----a-w- c:\program files\Vodafone\Vodafone Mobile Connect\Bin\MobileConnect.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence] 2008-02-11 11:13 133656 ----a-w- c:\windows\System32\igfxpers.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PlayMovie] 2007-05-24 12:38 206952 ------w- c:\program files\Acer Arcade Deluxe\Play Movie\PMVService.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PLFSetL] 2007-07-05 11:35 94208 ----a-w- c:\windows\PLFSetL.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] 2013-05-01 02:59 421888 ----a-w- c:\program files\QuickTime\QTTask.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RtHDVCpl] 2007-07-06 03:06 4669440 ----a-w- c:\windows\RtHDVCpl.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sidebar] 2009-04-11 06:28 1233920 ----a-w- c:\program files\Windows Sidebar\sidebar.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skytel] 2007-06-15 08:45 1826816 ----a-w- c:\windows\SkyTel.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched] 2007-07-12 03:00 132496 ----a-w- c:\program files\Java\jre1.6.0_02\bin\jusched.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Symantec PIF AlertEng] 2008-01-29 15:38 583048 ----a-w- c:\program files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WarReg_PopUp] 2006-11-05 20:48 57344 ------w- c:\acer\WR_PopUp\WarReg_PopUp.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender] 2008-01-19 07:38 1008184 ----a-w- c:\program files\Windows Defender\MSASCui.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WindowsWelcomeCenter] 2009-04-11 06:28 2153472 ----a-w- c:\windows\System32\oobefldr.dll . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG] 2008-01-19 07:33 202240 ----a-w- c:\program files\Windows Media Player\wmpnscfg.exe . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-disabled] "SearchSettings"="c:\program files\Common Files\Spigot\Search Settings\SearchSettings.exe" "Skytel"=Skytel.exe "RtHDVCpl"=RtHDVCpl.exe "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" "LexwareInfoService"=c:\program files\Common Files\Lexware\Update Manager\LxUpdateManager.exe /autostart "PLFSetL"=c:\windows\PLFSetL.exe . [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusOverride"=dword:00000001 "FirewallOverride"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring] "DisableMonitoring"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus] "DisableMonitoring"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall] "DisableMonitoring"=dword:00000001 . S2 ABBYY.Licensing.FineReader.Sprint.9.0;ABBYY FineReader 9.0 Sprint Licensing Service;c:\program files\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe [2009-05-14 759048] . . --- Andere Dienste/Treiber im Speicher --- . *NewlyCreated* - WS2IFSL . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache . Inhalt des "geplante Tasks" Ordners . 2014-02-12 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-30 19:06] . 2014-02-12 c:\windows\Tasks\GlaryInitialize.job - c:\program files\Glary Utilities\initialize.exe [2011-12-02 12:08] . . ------- Zusätzlicher Suchlauf ------- . uStart Page = https://www.google.de/ uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7 IE: Zu Anti-Banner hinzufügen - c:\program files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\ie_banner_deny.htm TCP: DhcpNameServer = 192.168.2.1 FF - ProfilePath - c:\users\RSR\AppData\Roaming\Mozilla\Firefox\Profiles\f1fajayh.default\ FF - prefs.js: browser.startup.homepage - hxxp://www.google.de/ FF - prefs.js: keyword.URL - hxxp://www.google.com/search?ie=UTF-8&oe=UTF-8&sourceid=navclient&gfns=1&q= FF - ExtSQL: !HIDDEN! 2009-09-12 09:26; {20a82645-c095-46ed-80e3-08825760534b}; c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension FF - ExtSQL: !HIDDEN! 2013-03-30 12:40; sparpilot@sparpilot.com; c:\users\RSR\AppData\Roaming\Mozilla\Firefox\Profiles\f1fajayh.default\extensions\sparpilot@sparpilot.com FF - ExtSQL: !HIDDEN! 2013-03-30 12:40; firejump@firejump.net; c:\users\RSR\AppData\Roaming\Mozilla\Firefox\Profiles\f1fajayh.default\extensions\firejump@firejump.net FF - user.js: network.http.max-persistent-connections-per-server - 4 FF - user.js: nglayout.initialpaint.delay - 600 FF - user.js: content.notify.interval - 600000 FF - user.js: content.max.tokenizing.time - 1800000 FF - user.js: content.switch.threshold - 600000 FF - user.js: extensions.Softonic.rvrtMsg - Click Yes to keep current home page and default search settings, Click No to restore original settings FF - user.js: extensions.Softonic.autoRvrt - false FF - user.js: extensions.Softonic_i.hmpg - true FF - user.js: extensions.Softonic.hmpgUrl - hxxp://search.softonic.com/MON00015/tb_v1?SearchSource=13&cc= FF - user.js: extensions.Softonic.hpOld - google.de FF - user.js: extensions.Softonic.hpNew - hxxp://search.softonic.com/MON00015/tb_v1?SearchSource=13&cc= FF - user.js: extensions.Softonic.dfltSrch - true FF - user.js: extensions.Softonic.srchPrvdr - Search the web (Softonic) FF - user.js: extensions.Softonic.keyWordUrl - hxxp://search.softonic.com/MON00015/tb_v1?SearchSource=2&cc=&q= FF - user.js: extensions.Softonic.dspOld - FF - user.js: extensions.Softonic.dspNew - Search the web (Softonic) FF - user.js: extensions.Softonic_i.dnsErr - true FF - user.js: extensions.Softonic_i.newTab - true FF - user.js: extensions.Softonic.newTabUrl - hxxp://search.softonic.com/MON00015/tb_v1?SearchSource=15&cc= FF - user.js: extensions.Softonic.tlbrSrchUrl - hxxp://search.softonic.com/MON00015/tb_v1?SearchSource=1&cc=&q= FF - user.js: extensions.Softonic.id - 44ac668c000000000000001e4c6ed90f FF - user.js: extensions.Softonic.instlDay - 15619 FF - user.js: extensions.Softonic.vrsn - 1.6.7.4 FF - user.js: extensions.Softonic.vrsni - 1.6.7.4 FF - user.js: extensions.Softonic_i.vrsnTs - 1.6.7.40:18 FF - user.js: extensions.Softonic.prtnrId - softonic FF - user.js: extensions.Softonic.prdct - Softonic FF - user.js: extensions.Softonic.aflt - SD FF - user.js: extensions.Softonic_i.smplGrp - none FF - user.js: extensions.Softonic.tlbrId - base FF - user.js: extensions.Softonic.instlRef - MON00015 FF - user.js: extensions.Softonic.dfltLng - de FF - user.js: extensions.Softonic.excTlbr - false FF - user.js: extensions.Softonic.admin - false . - - - - Entfernte verwaiste Registrierungseinträge - - - - . HKLM-Run-SearchProtection - c:\programdata\Search Protection\_run.bat MSConfigStartUp-ALUAlert - c:\program files\Symantec\LiveUpdate\ALuNotify.exe MSConfigStartUp-ccApp - c:\program files\Common Files\Symantec Shared\ccApp.exe MSConfigStartUp-osCheck - c:\program files\Norton Internet Security\osCheck.exe . . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net Rootkit scan 2014-02-12 19:15 Windows 6.0.6002 Service Pack 2 NTFS . Scanne versteckte Prozesse... . Scanne versteckte Autostarteinträge... . Scanne versteckte Dateien... . Scan erfolgreich abgeschlossen versteckte Dateien: 0 . ************************************************************************** . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\BFE] "ImagePath"="." . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\MpsSvc] "ImagePath"="." . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\{49DE1C67-83F8-4102-99E0-C16DCC7EEC796}] "ImagePath"="\??\c:\program files\Acer Arcade Deluxe\Play Movie\000.fcl" . --------------------- Gesperrte Registrierungsschluessel --------------------- . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . ------------------------ Weitere laufende Prozesse ------------------------ . c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe c:\program files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avp.exe c:\program files\Cobian Backup 11\cbVSCService11.exe c:\programdata\DatacardService\HWDeviceService.exe c:\programdata\Mobile Partner\OnlineUpdate\ouc.exe c:\program files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avpui.exe c:\windows\system32\wbem\unsecapp.exe c:\windows\ehome\ehmsas.exe c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe . ************************************************************************** . Zeit der Fertigstellung: 2014-02-12 19:26:04 - PC wurde neu gestartet ComboFix-quarantined-files.txt 2014-02-12 18:25 . Vor Suchlauf: 23 Verzeichnis(se), 16.304.275.456 Bytes frei Nach Suchlauf: 29 Verzeichnis(se), 15.840.104.448 Bytes frei . - - End Of File - - 80FD2FBD4F2A8B1E81FDEF688FBCFEE5 A36C5E4F47E84449FF07ED3517B43A31 |
13.02.2014, 19:57 | #8 |
| E-Mail wird auf Fake-Account umgeleitet Hallo, wie schaut es aus mit den Log-Files, ist etwas nicht OK? Die Nachrichten kann ich immer noch nicht versenden die landen immer noch bei EMKEi.CZ |
14.02.2014, 15:56 | #9 |
/// the machine /// TB-Ausbilder | E-Mail wird auf Fake-Account umgeleitet Passwort von einem anderen Rechner aus geändert? Combofix nicht löschen. Downloade Dir bitte Malwarebytes Anti-Malware
Downloade Dir bitte AdwCleaner auf deinen Desktop.
Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
und ein frisches FRST log bitte.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
16.02.2014, 15:21 | #10 |
| E-Mail wird auf Fake-Account umgeleitet Hallo, danke für die Nachricht, hier die Dateien: Bei JRT gab es ein Problem die erste LOG war mit einträgen da war die Meldung "BAD MODULE" remove, bin ich auf NEIN gegangen dann hatte ich später die Logdatei, danach haben ich nochmal eine Lauf gemacht und bin auf JA gegangen dabei ist die erste Log verloren gegangen,ich habe eine neue aber da steht nichts mehr drin :-(. Wenn ich wieder einen Lauf starte kommt wieder BAD MODULE ist das normal? Löschen geht scheinbar nicht. Code:
ATTFilter Malwarebytes Anti-Malware 1.75.0.1300 www.malwarebytes.org Datenbank Version: v2014.02.16.01 Windows Vista Service Pack 2 x86 NTFS Internet Explorer 9.0.8112.16421 RSR :: R1 [Administrator] 16.02.2014 10:39:32 mbam-log-2014-02-16 (10-39-32).txt Art des Suchlaufs: Quick-Scan Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 215769 Laufzeit: 15 Minute(n), 46 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 0 (Keine bösartigen Objekte gefunden) (Ende) Code:
ATTFilter # AdwCleaner v3.018 - Bericht erstellt am 16/02/2014 um 11:07:16 # Updated 28/01/2014 von Xplode # Betriebssystem : Windows Vista (TM) Home Premium Service Pack 2 (32 bits) # Benutzername : RSR - R1 # Gestartet von : C:\Users\RSR\Downloads\adwcleaner.exe # Option : Löschen ***** [ Dienste ] ***** ***** [ Dateien / Ordner ] ***** Ordner Gelöscht : C:\Program Files\Ask.com Ordner Gelöscht : C:\Program Files\Softonic Ordner Gelöscht : C:\Windows\installer\{86d4b82a-abed-442a-be86-96357b70f4fe} Ordner Gelöscht : C:\Users\RSR\AppData\LocalLow\AskToolbar Ordner Gelöscht : C:\Users\RSR\AppData\LocalLow\pdfforge Ordner Gelöscht : C:\Users\RSR\AppData\LocalLow\Softonic Ordner Gelöscht : C:\Users\RSR\AppData\Roaming\DesktopIconForAmazon Ordner Gelöscht : C:\Users\RSR\AppData\Roaming\pdfforge Ordner Gelöscht : C:\Users\RSR\AppData\Roaming\Mozilla\Firefox\Profiles\f1fajayh.default\Extensions\toolbar@ask.com Datei Gelöscht : C:\Users\RSR\AppData\Roaming\Mozilla\Firefox\Profiles\f1fajayh.default\searchplugins\Askcom.xml Datei Gelöscht : C:\Users\RSR\AppData\Roaming\Mozilla\Firefox\Profiles\f1fajayh.default\searchplugins\softonic.xml Datei Gelöscht : C:\Users\RSR\AppData\Roaming\Mozilla\Firefox\Profiles\f1fajayh.default\user.js Datei Gelöscht : C:\Windows\System32\Tasks\Scheduled Update for Ask Toolbar ***** [ Verknüpfungen ] ***** ***** [ Registrierungsdatenbank ] ***** [#] Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Scheduled Update for Ask Toolbar [#] Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{FB80229D-D70E-476B-826D-14CB631EBE34} [#] Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{FB80229D-D70E-476B-826D-14CB631EBE34} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\escort.DLL Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\escortApp.DLL Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\escortEng.DLL Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\escorTlbr.DLL Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\esrv.EXE Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\GenericAskToolbar.DLL Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\NCTAudioCDGrabber2.DLL Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\escort.escortIEPane Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\escort.escortIEPane.1 Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\SoftonicApp.appCore Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\SoftonicApp.appCore.1 Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\srv.SoftonicSrvc Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\srv.SoftonicSrvc.1 Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{7ABBFE1C-E485-44AA-8F36-353751B4124D} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{B15F118E-AF21-45E8-A809-29FDD7362565} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{00000000-6E41-4FD3-8538-502F5495E5FC} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4EFB-9B51-7695ECA05670} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{35B8892D-C3FB-4D88-990D-31DB2EBD72BD} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{44B50C01-4993-48E2-ADEE-D812BAE2E9A2} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{5EB0259D-AB79-4AE6-A6E6-24FFE21C3DA4} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{A3E2F089-DDBB-4CBF-B06C-5D44DA316ED3} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{A5679AB0-C59E-49E7-83C4-5289F844A6E0} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{CA0167C2-6295-41B8-9BDA-704B2F5E4CD9} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{CADAF6BE-BF50-4669-8BFD-C27BD4E6181B} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{087CDC12-0A11-4D1D-8DCF-44185D7C3496} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{088BF3A9-6AE8-47B9-A3FB-26262F236C79} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{2AC7B9EB-3881-4EB9-8DEE-0A731A309FDE} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{2BEF239C-752E-4001-8048-F256E0D8CD93} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{349C0469-ACDD-49DF-9B3E-0D82E7C7DC4D} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{3F607E46-0D3C-4442-B1DE-DE7FA4768F5C} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{41226591-6F7A-4082-B63A-67FE4A0CF7A6} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{49C00A51-6E59-41FE-B3FA-2D2157FAD67B} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{55D69CD1-6715-4C40-BF05-9519AC4DC6E6} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{66C8FD57-54C4-4D4F-BC95-DCCC763B410A} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{6DFF5DBA-AE3A-46DB-B301-ECFFC6DB2982} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{717BAE33-7061-4279-8AE5-6C13BC8AF3F9} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{84F06F7A-F811-48D7-8B34-3F4145183D8F} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{88F6D55F-AA3F-4003-BE69-4AC1998D6492} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{8DBCDED5-08AD-41A2-9BBC-235D84F4FE06} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{A0F66203-1A86-4812-9603-A57E09A4D7A3} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{BC39D1B3-4471-41C1-AACA-E097FAF4B7AA} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{DE34CD67-F1C8-4001-9A23-B8A68F63F377} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{DEB85542-1311-4EC6-8A32-5372EB27FC94} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{FE0273D1-99DF-4AC0-87D5-1371C6271785} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{11D9E165-B8C1-4734-A56C-BC4FCACA966B} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{93E3D79C-0786-48FF-9329-93BC9F6DC2B3} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{B15F118E-AF21-45E8-A809-29FDD7362565} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{D7EE8177-D51E-4F89-92B6-83EA2EC40800} Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9CF034EA-7B46-48D3-8895-8A14B32AE445} Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A} Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E} Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{00000000-6E41-4FD3-8538-502F5495E5FC}] Schlüssel Gelöscht : HKCU\Software\Ask.com Schlüssel Gelöscht : HKCU\Software\OCS Schlüssel Gelöscht : HKCU\Software\Softonic Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\AskToolbar Schlüssel Gelöscht : HKLM\Software\AskToolbar Schlüssel Gelöscht : HKLM\Software\Softonic Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{86D4B82A-ABED-442A-BE86-96357B70F4FE} Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Softonic Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Toolbar Cleaner Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{86D4B82A-ABED-442A-BE86-96357B70F4FE} Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Softonic Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\00E944CB89111313EAF35A0553F547F9 Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0CFE535C35F99574E8340BFA75BF92C2 Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0E12F736682067FDE4D1158D5940A82E Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\1A24B5BB8521B03E0C8D908F5ABC0AE6 Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\261F213D1F55267499B1F87D0CC3BCF7 Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\2B0D56C4F4C46D844A57FFED6F0D2852 Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\49D4375FE41653242AEA4C969E4E65E0 Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\53F55AF3F4049ED3FA6EA6F88E414E24 Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\68E4BF4B11615E03C97732FD581AB607 Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6AA0923513360135B272E8289C5F13FA Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6F7467AF8F29C134CBBAB394ECCFDE96 Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\741B4ADF27276464790022C965AB6DA8 Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7DE196B10195F5647A2B21B761F3DE01 Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\8CE3DDAB2D152683FBCEB4866BCD2B0F Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\922525DCC5199162F8935747CA3D8E59 Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\9D4F5849367142E4685ED8C25E44C5ED Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A5875B04372C19545BEB90D4D606C472 Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A876D9E80B896EC44A8620248CC79296 Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\AF6CE16AFEA5C9A39B766468A8B35C21 Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B66FFAB725B92594C986DE826A867888 Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BCDA179D619B91648538E3394CAC94CC Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D677B1A9671D4D4004F6F2A4469E86EA Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\DD1402A9DD4215A43ABDE169A41AFA0E Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E36E114A0EAD2AD46B381D23AD69CDDF Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\EF8E618DB3AEDFBB384561B5C548F65E Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\FB1E44269B58F433A8C8E671E37CFDCF Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\A28B4D68DEBAA244EB686953B7074FEF Schlüssel Gelöscht : HKLM\Software\Classes\Installer\Features\A28B4D68DEBAA244EB686953B7074FEF Schlüssel Gelöscht : HKLM\Software\Classes\Installer\Products\A28B4D68DEBAA244EB686953B7074FEF Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\F928123A039649549966D4C29D35B1C9 ***** [ Browser ] ***** -\\ Internet Explorer v9.0.8112.16533 -\\ Mozilla Firefox v27.0 (de) [ Datei : C:\Users\RSR\AppData\Roaming\Mozilla\Firefox\Profiles\f1fajayh.default\prefs.js ] Zeile gelöscht : user_pref("extensions.Softonic.admin", false); Zeile gelöscht : user_pref("extensions.Softonic.aflt", "SD"); Zeile gelöscht : user_pref("extensions.Softonic.autoRvrt", "false"); Zeile gelöscht : user_pref("extensions.Softonic.cntry", "DE"); Zeile gelöscht : user_pref("extensions.Softonic.cv", "cv5"); Zeile gelöscht : user_pref("extensions.Softonic.dfltLng", "de"); Zeile gelöscht : user_pref("extensions.Softonic.dfltSrch", true); Zeile gelöscht : user_pref("extensions.Softonic.dfltlng", "de"); Zeile gelöscht : user_pref("extensions.Softonic.dfltsrch", true); Zeile gelöscht : user_pref("extensions.Softonic.dspNew", "Search the web (Softonic)"); Zeile gelöscht : user_pref("extensions.Softonic.dspOld", ""); Zeile gelöscht : user_pref("extensions.Softonic.envrmnt", "production"); Zeile gelöscht : user_pref("extensions.Softonic.excTlbr", false); Zeile gelöscht : user_pref("extensions.Softonic.hdrMd5", "71C0C2814856BB19E10A4CE3522210A4"); Zeile gelöscht : user_pref("extensions.Softonic.hmpg", true); Zeile gelöscht : user_pref("extensions.Softonic.hmpgUrl", "hxxp://search.softonic.com/MON00015/tb_v1?SearchSource=13&cc="); Zeile gelöscht : user_pref("extensions.Softonic.hpNew", "hxxp://search.softonic.com/MON00015/tb_v1?SearchSource=13&cc="); Zeile gelöscht : user_pref("extensions.Softonic.hpOld", "google.de"); Zeile gelöscht : user_pref("extensions.Softonic.hrdid", "44ac668c000000000000001e4c6ed90f"); Zeile gelöscht : user_pref("extensions.Softonic.id", "44ac668c000000000000001e4c6ed90f"); Zeile gelöscht : user_pref("extensions.Softonic.instlDay", "15619"); Zeile gelöscht : user_pref("extensions.Softonic.instlRef", "MON00015"); Zeile gelöscht : user_pref("extensions.Softonic.instlday", "15619"); Zeile gelöscht : user_pref("extensions.Softonic.instlref", "MON00015"); Zeile gelöscht : user_pref("extensions.Softonic.isdcmntcmplt", true); Zeile gelöscht : user_pref("extensions.Softonic.keyWordUrl", "hxxp://search.softonic.com/MON00015/tb_v1?SearchSource=2&cc=&q="); Zeile gelöscht : user_pref("extensions.Softonic.keywordurl", "hxxp://search.softonic.com/MON00015/tb_v1?SearchSource=2&cc=&q="); Zeile gelöscht : user_pref("extensions.Softonic.lastVrsnTs", "1.6.7.40:18:03"); Zeile gelöscht : user_pref("extensions.Softonic.mntrvrsn", "1.3.0"); Zeile gelöscht : user_pref("extensions.Softonic.newTab", true); Zeile gelöscht : user_pref("extensions.Softonic.newTabUrl", "hxxp://search.softonic.com/MON00015/tb_v1?SearchSource=15&cc="); Zeile gelöscht : user_pref("extensions.Softonic.newtab", true); Zeile gelöscht : user_pref("extensions.Softonic.newtaburl", "hxxp://search.softonic.com/MON00015/tb_v1?SearchSource=15&cc="); Zeile gelöscht : user_pref("extensions.Softonic.prdct", "Softonic"); Zeile gelöscht : user_pref("extensions.Softonic.propectorlck", 91230538); Zeile gelöscht : user_pref("extensions.Softonic.prtkhmpg", 1); Zeile gelöscht : user_pref("extensions.Softonic.prtnrId", "softonic"); Zeile gelöscht : user_pref("extensions.Softonic.prtnrid", "softonic"); Zeile gelöscht : user_pref("extensions.Softonic.rvrtMsg", "Click Yes to keep current home page and default search settings, Click No to restore original settings"); Zeile gelöscht : user_pref("extensions.Softonic.savedVrsnTs", "1"); Zeile gelöscht : user_pref("extensions.Softonic.sg", "az"); Zeile gelöscht : user_pref("extensions.Softonic.smplGrp", "none"); Zeile gelöscht : user_pref("extensions.Softonic.smplgrp", "none"); Zeile gelöscht : user_pref("extensions.Softonic.srch", ""); Zeile gelöscht : user_pref("extensions.Softonic.srchPrvdr", "Search the web (Softonic)"); Zeile gelöscht : user_pref("extensions.Softonic.srchprvdr", "Search the web (Softonic)"); Zeile gelöscht : user_pref("extensions.Softonic.tlbrId", "base"); Zeile gelöscht : user_pref("extensions.Softonic.tlbrSrchUrl", "hxxp://search.softonic.com/MON00015/tb_v1?SearchSource=1&cc=&q="); Zeile gelöscht : user_pref("extensions.Softonic.tlbrid", "base"); Zeile gelöscht : user_pref("extensions.Softonic.tlbrsrchurl", "hxxp://search.softonic.com/MON00015/tb_v1?SearchSource=1&cc=&q="); Zeile gelöscht : user_pref("extensions.Softonic.vrsn", "1.6.7.4"); Zeile gelöscht : user_pref("extensions.Softonic.vrsnTs", "1.6.7.40:18:03"); Zeile gelöscht : user_pref("extensions.Softonic.vrsni", "1.6.7.4"); Zeile gelöscht : user_pref("extensions.Softonic.vrsnts", "1.6.7.40:18:03"); Zeile gelöscht : user_pref("extensions.Softonic_i.dnsErr", true); Zeile gelöscht : user_pref("extensions.Softonic_i.hmpg", true); Zeile gelöscht : user_pref("extensions.Softonic_i.newTab", true); Zeile gelöscht : user_pref("extensions.Softonic_i.smplGrp", "none"); Zeile gelöscht : user_pref("extensions.Softonic_i.vrsnTs", "1.6.7.40:18:03"); ************************* AdwCleaner[R0].txt - [17345 octets] - [16/02/2014 11:02:23] AdwCleaner[S0].txt - [17176 octets] - [16/02/2014 11:07:16] ########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [17237 octets] ########## Code:
ATTFilter ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Junkware Removal Tool (JRT) by Thisisu Version: 6.1.1 (02.04.2014:1) OS: Windows Vista (TM) Home Premium x86 Ran by RSR on 16.02.2014 at 12:02:07,31 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~ Services ~~~ Registry Values ~~~ Registry Keys ~~~ Files ~~~ Folders ~~~ Event Viewer Logs were cleared ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Scan was completed on 16.02.2014 at 12:08:16,80 End of JRT log ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ FRST Logfile: FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 12-02-2014 01 Ran by RSR (administrator) on R1 on 16-02-2014 13:22:24 Running from D:\ Microsoft® Windows Vista™ Home Premium Service Pack 2 (X86) OS Language: German Standard Internet Explorer Version 9 Boot Mode: Normal ==================== Processes (Whitelisted) ================= (Microsoft Corporation) C:\Windows\system32\SLsvc.exe (ABBYY) C:\Program Files\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe (CobianSoft, Luis Cobian) C:\Program Files\Cobian Backup 11\cbVSCService11.exe (Geek Software GmbH) C:\Program Files\PDF24\pdf24.exe (Realtek Semiconductor) C:\Windows\RtHDVCpl.exe () C:\ProgramData\DatacardService\HWDeviceService.exe (Microsoft Corporation) C:\Windows\ehome\ehtray.exe (Huawei Technologies Co., Ltd.) C:\ProgramData\DatacardService\DCSHelper.exe () C:\ProgramData\Mobile Partner\OnlineUpdate\ouc.exe (Microsoft Corporation) C:\Windows\ehome\ehmsas.exe (Realtek Semiconductor Corp.) C:\Users\RSR\AppData\Local\Temp\RtkBtMnt.exe (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe (Microsoft Corporation) C:\Windows\system32\wuauclt.exe (Microsoft Corporation) C:\Windows\system32\wbem\unsecapp.exe (Microsoft Corporation) C:\Program Files\Windows Media Player\wmpnscfg.exe (Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe ==================== Registry (Whitelisted) ================== HKLM\...\Run: [PDFPrint] - C:\Program Files\PDF24\pdf24.exe [162856 2013-02-19] (Geek Software GmbH) HKLM\...\Run: [Adobe ARM] - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated) HKLM\...\Run: [RtHDVCpl] - C:\Windows\RtHDVCpl.exe [4669440 2007-07-06] (Realtek Semiconductor) HKLM\...\Run: [Skytel] - C:\Windows\Skytel.exe [1826816 2007-06-15] (Realtek Semiconductor Corp.) HKLM\...\Run: [APSDaemon] - C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.) HKLM\...\Run: [QuickTime Task] - C:\Program Files\QuickTime\QTTask.exe [421888 2013-05-01] (Apple Inc.) HKU\S-1-5-21-3318535885-2036192723-3077812158-1000\...\Run: [ehTray.exe] - C:\Windows\ehome\ehTray.exe [125952 2008-01-19] (Microsoft Corporation) AppInit_DLLs: C:\Windows\System32\eNetHook.dll => C:\Windows\System32\eNetHook.dll [90112 2007-05-22] (acer) ==================== Internet (Whitelisted) ==================== HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.de/ HKCU\Software\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7 HKCU\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://global.acer.com HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/ SearchScopes: HKLM - DefaultScope value is missing. SearchScopes: HKCU - {03BCC049-3086-4D3A-A35C-AE1F412715DC} URL = hxxp://www.myvideo.de.anonymize-me.de/?to=6D79766964656F2E6465&st={searchTerms}&clid=e52614c3-3eb0-40cb-8ae5-a27424ac1250&pid=freewarede&mode=bounce&k=0 SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com.anonymize-me.de/?anonymto=687474703A2F2F7777772E62696E672E636F6D2F7365617263683F713D7B7365617263685465726D737D267372633D49452D536561726368426F7826464F524D3D494538535243&st={searchTerms}&clid=e52614c3-3eb0-40cb-8ae5-a27424ac1250&pid=freewarede&k=0 SearchScopes: HKCU - {4B151A7D-A9D8-415F-A557-3E4D728E747E} URL = hxxp://www.otto.de.anonymize-me.de/?to=6F74746F2E6465&st={searchTerms}&clid=e52614c3-3eb0-40cb-8ae5-a27424ac1250&pid=freewarede&mode=bounce&k=0 SearchScopes: HKCU - {5BB04328-B5D2-43F4-9424-4D69954558AA} URL = hxxp://search.ebay.de.anonymize-me.de/?to=656261792E6465&st={searchTerms}&clid=e52614c3-3eb0-40cb-8ae5-a27424ac1250&pid=freewarede&mode=bounce&k=0 SearchScopes: HKCU - {6C17E1D5-B6C9-437C-836E-E25BC04695DF} URL = hxxp://www.amazon.de.anonymize-me.de/?to=616D617A6F6E2E6465&st={searchTerms}&clid=e52614c3-3eb0-40cb-8ae5-a27424ac1250&pid=freewarede&mode=bounce&k=0 SearchScopes: HKCU - {7114CBE7-B242-4D97-9988-B4C325E95BA2} URL = hxxp://de.search.yahoo.com.anonymize-me.de/?anonymto=687474703A2F2F64652E7365617263682E7961686F6F2E636F6D2F7365617263683F66723D6368722D677265656E747265655F69652665693D7574662D3826696C633D313226747970653D38323733313626703D7B7365617263685465726D737D&st={searchTerms}&clid=e52614c3-3eb0-40cb-8ae5-a27424ac1250&pid=freewarede&k=0 SearchScopes: HKCU - {B6CF2DA6-ACB1-4F63-93CB-B0287389E597} URL = hxxp://de.wikipedia.org.anonymize-me.de/?to=64652E77696B6970656469612E6F7267&st={searchTerms}&clid=e52614c3-3eb0-40cb-8ae5-a27424ac1250&pid=freewarede&mode=bounce&k=0 SearchScopes: HKCU - {EBFDC28C-22D7-4796-B24D-5D9FB6F6428B} URL = hxxp://www.pricerunner.de.anonymize-me.de/?to=707269636572756E6E65722E6465&st={searchTerms}&clid=e52614c3-3eb0-40cb-8ae5-a27424ac1250&pid=freewarede&mode=bounce&k=0 BHO: Content Blocker Plugin - {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO) BHO: Virtual Keyboard Plugin - {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO) BHO: Windows Live Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) BHO: Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION / CyCom Technology Corp.) BHO: Safe Money Plugin - {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO) BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.) BHO: URL Advisor Plugin - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO) Toolbar: HKLM - Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION / CyCom Technology Corp.) DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation) Tcpip\Parameters: [DhcpNameServer] 192.168.2.1 FireFox: ======== FF ProfilePath: C:\Users\RSR\AppData\Roaming\Mozilla\Firefox\Profiles\f1fajayh.default FF Homepage: hxxp://www.google.de/ FF Keyword.URL: hxxp://www.google.com/search?ie=UTF-8&oe=UTF-8&sourceid=navclient&gfns=1&q= FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32.dll () FF Plugin: @java.com/JavaPlugin - C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation) FF Plugin: @microsoft.com/OfficeLive,version=1.5 - C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.) FF Plugin: @microsoft.com/WLPG,version=14.0.8117.0416 - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin: @microsoft.com/WPF,version=3.5 - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF Plugin: @videolan.org/vlc,version=1.1.0 - C:\Programme\VideoLAN\VLC\npvlc.dll (the VideoLAN Team) FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF SearchPlugin: C:\Users\RSR\AppData\Roaming\Mozilla\Firefox\Profiles\f1fajayh.default\searchplugins\{264BD9DE-C78C-4405-83DF-109C3495DAD6}.xml FF SearchPlugin: C:\Users\RSR\AppData\Roaming\Mozilla\Firefox\Profiles\f1fajayh.default\searchplugins\{4A068CDA-BF07-4E02-9960-9FA132C088CE}.xml FF SearchPlugin: C:\Users\RSR\AppData\Roaming\Mozilla\Firefox\Profiles\f1fajayh.default\searchplugins\{85C0C13D-186D-4DB0-BD6C-466EA82C2F6A}.xml FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\amazondotcom-de.xml FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\eBay-de.xml FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\leo_ende_de.xml FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\yahoo-de.xml FF Extension: Lavasoft Search Plugin - C:\Users\RSR\AppData\Roaming\Mozilla\Firefox\Profiles\f1fajayh.default\Extensions\jid1-yZwVFzbsyfMrqQ@jetpack [2012-09-09] FF Extension: Microsoft .NET Framework Assistant - C:\Users\RSR\AppData\Roaming\Mozilla\Firefox\Profiles\f1fajayh.default\Extensions\{20a82645-c095-46ed-80e3-08825760534b} [2011-04-08] FF Extension: Adblock Plus - C:\Users\RSR\AppData\Roaming\Mozilla\Firefox\Profiles\f1fajayh.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2011-06-17] FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ FF Extension: Microsoft .NET Framework Assistant - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [] FF HKLM\...\Firefox\Extensions: - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\url_advisor@kaspersky.com FF Extension: Kaspersky URL Advisor - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\url_advisor@kaspersky.com [2014-02-07] FF HKLM\...\Firefox\Extensions: [virtual_keyboard@kaspersky.com] - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\virtual_keyboard@kaspersky.com FF Extension: Virtual Keyboard - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\virtual_keyboard@kaspersky.com [2014-02-07] FF HKLM\...\Firefox\Extensions: [content_blocker@kaspersky.com] - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\content_blocker@kaspersky.com FF Extension: Dangerous Websites Blocker - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\content_blocker@kaspersky.com [2014-02-07] FF HKLM\...\Firefox\Extensions: [anti_banner@kaspersky.com] - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\anti_banner@kaspersky.com FF Extension: Anti-Banner - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\anti_banner@kaspersky.com [2014-02-07] FF HKLM\...\Firefox\Extensions: [online_banking@kaspersky.com] - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\online_banking@kaspersky.com FF Extension: Safe Money - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\online_banking@kaspersky.com [2014-02-07] ========================== Services (Whitelisted) ================= R2 ABBYY.Licensing.FineReader.Sprint.9.0; C:\Program Files\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe [759048 2009-05-14] (ABBYY) S4 ALaunchService; C:\Acer\ALaunch\ALaunchSvc.exe [50688 2007-01-26] () S4 Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [116040 2008-09-10] (Apple Inc.) S2 AVP; C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avp.exe [214512 2013-10-17] (Kaspersky Lab ZAO) S3 BFE; . [0 ] () R2 cbVSCService11; C:\Program Files\Cobian Backup 11\cbVSCService11.exe [67584 2012-12-05] (CobianSoft, Luis Cobian) S4 eDataSecurity Service; C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe [457512 2007-04-25] (HiTRSUT) S4 eLockService; C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe [24576 2007-03-14] (Acer Inc.) S4 eNet Service; C:\Acer\Empowering Technology\eNet\eNet Service.exe [135168 2007-05-22] (Acer Inc.) S4 eRecoveryService; C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe [53248 2007-02-13] (Acer Inc.) S4 eSettingsService; C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe [24576 2007-05-10] () R2 HWDeviceService.exe; C:\ProgramData\DatacardService\HWDeviceService.exe [271712 2011-03-14] () S4 LiveUpdate Notice Service; C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe [583048 2008-01-29] (Symantec Corporation) S2 Mobile Partner. RunOuc; C:\Program Files\Mobile Partner\UpdateDog\ouc.exe [246112 2012-07-31] () S4 MobilityService; C:\Acer\Mobility Center\MobilityService.exe [107008 2006-11-24] () S3 MpsSvc; . [0 ] () S4 RichVideo; C:\Program Files\CyberLink\Shared Files\RichVideo.exe [266343 2007-01-23] () S4 VMCService; C:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe [14336 2008-07-04] (Vodafone) S4 WMIService; C:\Acer\Empowering Technology\ePower\ePowerSvc.exe [167936 2007-09-14] (acer) ==================== Drivers (Whitelisted) ==================== S2 BX40; C:\Windows\System32\Drivers\bx40.sys [11648 2006-07-19] (Batronix) R1 DritekPortIO; C:\Program Files\Launch Manager\DPortIO.sys [20112 2006-11-02] (Dritek System Inc.) R2 eprdrv; C:\Windows\System32\drivers\eprdrv.SYS [11456 2004-06-07] (EVC electronic GmbH) S3 FTDIBUS; C:\Windows\System32\drivers\ftdibus.sys [53184 2007-06-27] (FTDI Ltd.) S3 gfiark; C:\Windows\System32\drivers\gfiark.sys [43368 2013-05-23] (ThreatTrack Security) R0 gfibto; C:\Windows\System32\drivers\gfibto.sys [13560 2013-07-02] (GFI Software) R0 giveio; C:\Windows\System32\giveio.sys [5248 1996-04-03] () R2 int15; C:\Acer\Empowering Technology\eRecovery\int15.sys [76584 2006-12-07] () R0 kl1; C:\Windows\System32\DRIVERS\kl1.sys [135776 2014-02-07] (Kaspersky Lab ZAO) R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [574560 2014-02-07] (Kaspersky Lab ZAO) R1 KLIM6; C:\Windows\System32\DRIVERS\klim6.sys [25696 2013-10-17] (Kaspersky Lab ZAO) R3 klkbdflt; C:\Windows\System32\DRIVERS\klkbdflt.sys [25696 2013-10-17] (Kaspersky Lab ZAO) R3 klmouflt; C:\Windows\System32\DRIVERS\klmouflt.sys [25696 2013-10-17] (Kaspersky Lab ZAO) R1 klpd; C:\Windows\System32\DRIVERS\klpd.sys [14432 2013-04-12] (Kaspersky Lab ZAO) R1 kltdi; C:\Windows\System32\DRIVERS\kltdi.sys [45024 2013-05-14] (Kaspersky Lab ZAO) R1 kneps; C:\Windows\System32\DRIVERS\kneps.sys [144992 2014-02-07] (Kaspersky Lab ZAO) S3 LPWRITER; C:\Windows\System32\DRIVERS\USBWrite.SYS [14268 2005-07-26] (CYPRESS Corporation) R0 PSDFilter; C:\Windows\System32\DRIVERS\psdfilter.sys [20776 2007-04-25] (HiTRUST) R0 PSDNServ; C:\Windows\System32\drivers\PSDNServ.sys [16680 2007-04-25] (HiTRUST) R0 psdvdisk; C:\Windows\System32\drivers\psdvdisk.sys [60712 2007-04-25] (HiTRUST) R2 simdrv; C:\Windows\System32\drivers\simdrv.SYS [9420 2004-06-07] (EVC electronic GmbH) R3 SNP2UVC; C:\Windows\System32\DRIVERS\snp2uvc.sys [1749376 2007-08-02] () R0 speedfan; C:\Windows\System32\speedfan.sys [21696 2010-12-18] (Almico Software) R2 {49DE1C67-83F8-4102-99E0-C16DCC7EEC796}; C:\Program Files\Acer Arcade Deluxe\Play Movie\000.fcl [13560 2006-11-02] (Cyberlink Corp.) U5 AppMgmt; C:\Windows\system32\svchost.exe [21504 2008-01-19] (Microsoft Corporation) S4 blbdrive; \SystemRoot\system32\drivers\blbdrive.sys [X] S3 catchme; \??\C:\ComboFix\catchme.sys [X] S3 IpInIp; system32\DRIVERS\ipinip.sys [X] U5 klflt; C:\Windows\System32\Drivers\klflt.sys [94304 2013-06-08] (Kaspersky Lab ZAO) S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X] S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X] U5 PROCEXP113; C:\Windows\System32\Drivers\PROCEXP113.sys [12568 2014-02-12] (Sysinternals - www.sysinternals.com) S1 SBRE; \??\C:\Windows\system32\drivers\SBREdrv.sys [X] ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2014-02-16 13:21 - 2014-02-16 13:21 - 00000399 _____ () C:\Users\RSR\Desktop\FRST.lnk 2014-02-16 13:20 - 2014-02-16 13:20 - 01141248 _____ (Farbar) C:\Users\RSR\Downloads\FRST.exe 2014-02-16 12:08 - 2014-02-16 12:08 - 00000632 _____ () C:\Users\RSR\Desktop\JRT.txt 2014-02-16 11:29 - 2014-02-16 11:29 - 00000000 ____D () C:\Windows\ERUNT 2014-02-16 11:27 - 2014-02-16 11:27 - 00000392 _____ () C:\Users\RSR\Desktop\JRT.lnk 2014-02-16 11:26 - 2014-02-16 11:26 - 01037530 _____ (Thisisu) C:\Users\RSR\Downloads\JRT.exe 2014-02-16 11:24 - 2014-02-16 11:24 - 00000433 _____ () C:\Users\RSR\Desktop\adwcleaner.lnk 2014-02-16 11:22 - 2014-02-16 11:22 - 00017318 _____ () C:\Users\RSR\Desktop\AdwCleaner[S0].txt 2014-02-16 11:01 - 2014-02-16 11:07 - 00000000 ____D () C:\AdwCleaner 2014-02-16 10:59 - 2014-02-16 11:00 - 01166132 _____ () C:\Users\RSR\Downloads\adwcleaner.exe 2014-02-15 10:30 - 2014-02-15 10:30 - 00000000 ____D () C:\Program Files\Mozilla Firefox 2014-02-14 11:47 - 2014-02-14 11:47 - 00023552 _____ () C:\Users\RSR\Downloads\ADP.xls 2014-02-13 23:43 - 2014-02-05 09:56 - 01806848 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2014-02-13 23:43 - 2014-02-05 09:53 - 09739264 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2014-02-13 23:43 - 2014-02-05 09:51 - 01105408 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2014-02-13 23:43 - 2014-02-05 09:50 - 01129472 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2014-02-13 23:43 - 2014-02-05 09:49 - 01427968 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl 2014-02-13 23:43 - 2014-02-05 09:49 - 00231936 _____ (Microsoft Corporation) C:\Windows\system32\url.dll 2014-02-13 23:43 - 2014-02-05 09:48 - 01796096 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2014-02-13 23:43 - 2014-02-05 09:48 - 00717824 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll 2014-02-13 23:43 - 2014-02-05 09:48 - 00421376 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll 2014-02-13 23:43 - 2014-02-05 09:48 - 00142848 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe 2014-02-13 23:43 - 2014-02-05 09:48 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll 2014-02-13 23:43 - 2014-02-05 09:47 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2014-02-13 23:43 - 2014-02-05 09:47 - 00607744 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2014-02-13 23:43 - 2014-02-05 09:47 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll 2014-02-13 23:43 - 2014-02-05 09:46 - 00176640 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll 2014-02-13 23:42 - 2014-02-05 09:58 - 12345344 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2014-02-13 15:05 - 2013-12-05 03:12 - 01248768 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll 2014-02-12 19:27 - 2014-02-12 19:27 - 00012568 _____ (Sysinternals - www.sysinternals.com) C:\Windows\system32\Drivers\PROCEXP113.SYS 2014-02-12 19:26 - 2014-02-12 19:26 - 00019967 _____ () C:\ComboFix.txt 2014-02-12 18:41 - 2011-06-26 07:45 - 00256000 _____ () C:\Windows\PEV.exe 2014-02-12 18:41 - 2010-11-07 18:20 - 00208896 _____ () C:\Windows\MBR.exe 2014-02-12 18:41 - 2009-04-20 05:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe 2014-02-12 18:41 - 2000-08-31 01:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe 2014-02-12 18:41 - 2000-08-31 01:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe 2014-02-12 18:41 - 2000-08-31 01:00 - 00098816 _____ () C:\Windows\sed.exe 2014-02-12 18:41 - 2000-08-31 01:00 - 00080412 _____ () C:\Windows\grep.exe 2014-02-12 18:41 - 2000-08-31 01:00 - 00068096 _____ () C:\Windows\zip.exe 2014-02-12 18:39 - 2014-02-12 19:22 - 00000000 ____D () C:\Windows\erdnt 2014-02-12 18:37 - 2014-02-12 18:37 - 05180679 ____R (Swearware) C:\Users\RSR\Desktop\ComboFix.exe 2014-02-12 18:37 - 2014-02-12 18:37 - 05180679 _____ (Swearware) C:\Users\RSR\Downloads\ComboFix(1).exe 2014-02-12 18:36 - 2014-02-12 18:36 - 05180679 _____ (Swearware) C:\Users\RSR\Downloads\ComboFix.exe 2014-02-12 17:02 - 2014-02-12 17:02 - 00000000 ____D () C:\Users\RSR\AppData\Local\Temp(4) 2014-02-12 16:48 - 2014-02-12 16:48 - 00000000 ____D () C:\$RECYCLE(0).BIN 2014-02-12 16:44 - 2014-02-12 19:28 - 00000000 ____D () C:\Qoobox 2014-02-10 19:15 - 2014-02-10 19:15 - 00031744 _____ () C:\Users\RSR\Downloads\V2014.xls 2014-02-09 18:01 - 2014-02-09 18:02 - 00025515 _____ () C:\Users\RSR\Desktop\Addition.txt 2014-02-09 17:59 - 2014-02-16 13:22 - 00000000 ____D () C:\FRST 2014-02-09 17:59 - 2014-02-09 18:02 - 00045733 _____ () C:\Users\RSR\Desktop\FRST.txt 2014-02-08 12:34 - 2014-02-08 12:34 - 00000218 _____ () C:\Users\RSR\AppData\Local\recently-used.xbel 2014-02-08 12:21 - 2014-02-08 12:22 - 17890696 _____ (Adobe Systems Incorporated) C:\Users\RSR\Downloads\install_flash_player(1).exe 2014-02-08 12:14 - 2014-02-08 12:50 - 00000000 ____D () C:\Program Files\McAfee Security Scan 2014-02-08 12:14 - 2014-02-08 12:14 - 00000000 ____D () C:\ProgramData\McAfee 2014-02-08 12:10 - 2014-02-08 12:10 - 00001730 _____ () C:\Users\Public\Desktop\QuickTime Player.lnk 2014-02-08 12:09 - 2014-02-08 12:10 - 00000000 ____D () C:\Program Files\QuickTime 2014-02-08 12:05 - 2014-02-08 12:05 - 00000000 ____D () C:\Program Files\Apple Software Update 2014-02-08 12:00 - 2014-02-08 12:02 - 41404760 _____ (Apple Inc.) C:\Users\RSR\Downloads\QuickTimeInstaller.exe 2014-02-07 21:10 - 2014-02-07 21:10 - 00347816 _____ (Microsoft Corporation) C:\Users\RSR\Downloads\MicrosoftFixit.WindowsFirewall.RNP.6331523040934190.1.1.Run.exe 2014-02-07 21:08 - 2014-02-07 21:08 - 00000866 _____ () C:\Users\RSR\Downloads\avira-eu-cleaner_de.exe - Verknüpfung.lnk 2014-02-07 21:08 - 2014-02-07 21:08 - 00000866 _____ () C:\Users\RSR\Desktop\avira-eu-cleaner.lnk 2014-02-07 17:23 - 2014-02-07 17:23 - 00002115 _____ () C:\Users\RSR\Desktop\Sicherer Zahlungsverkehr.lnk 2014-02-07 17:21 - 2014-02-07 17:20 - 00001005 _____ () C:\Users\Public\Desktop\Kaspersky Internet Security.lnk 2014-02-07 17:16 - 2014-02-16 11:53 - 00000000 ____D () C:\ProgramData\Kaspersky Lab 2014-02-07 17:16 - 2014-02-07 17:50 - 00574560 _____ (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\klif.sys 2014-02-07 17:16 - 2014-02-07 17:16 - 00000000 ____D () C:\Program Files\Kaspersky Lab 2014-02-07 17:16 - 2013-06-08 20:18 - 00094304 _____ (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\klflt.sys 2014-02-07 16:50 - 2014-02-07 17:12 - 256314176 _____ () C:\Users\RSR\Downloads\kis14.0.0.4651abDE_5155.exe 2014-02-07 10:23 - 2012-07-26 04:39 - 00047720 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WdfLdr.sys 2014-02-07 10:23 - 2012-07-26 04:21 - 00196608 _____ (Microsoft Corporation) C:\Windows\system32\WUDFHost.exe 2014-02-07 10:23 - 2012-07-26 04:20 - 00613888 _____ (Microsoft Corporation) C:\Windows\system32\WUDFx.dll 2014-02-07 10:23 - 2012-07-26 04:20 - 00172032 _____ (Microsoft Corporation) C:\Windows\system32\WUDFPlatform.dll 2014-02-07 10:23 - 2012-07-26 04:20 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\WUDFSvc.dll 2014-02-07 10:23 - 2012-07-26 04:20 - 00038912 _____ (Microsoft Corporation) C:\Windows\system32\WUDFCoinstaller.dll 2014-02-07 10:23 - 2012-07-26 03:46 - 00009728 _____ (Microsoft Corporation) C:\Windows\system32\Wdfres.dll 2014-02-07 10:23 - 2012-07-26 03:33 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WUDFPf.sys 2014-02-07 10:23 - 2012-07-26 03:32 - 00155136 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WUDFRd.sys 2014-02-07 10:23 - 2012-06-02 15:57 - 00000003 _____ () C:\Windows\system32\Drivers\MsftWdf_User_01_11_00_Inbox_Critical.Wdf 2014-02-07 10:23 - 2009-07-14 13:12 - 00016896 _____ (Microsoft Corporation) C:\Windows\system32\winusb.dll 2014-02-07 10:13 - 2014-02-13 23:56 - 00000000 ____D () C:\Windows\system32\MRT 2014-02-07 10:07 - 2013-04-24 05:00 - 00041984 _____ (Microsoft Corporation) C:\Windows\system32\certenc.dll 2014-02-07 10:07 - 2013-04-24 02:46 - 00812544 _____ (Microsoft Corporation) C:\Windows\system32\certutil.exe 2014-02-07 10:06 - 2013-10-03 13:45 - 00993792 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll 2014-02-07 10:06 - 2013-07-17 20:41 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll 2014-02-07 10:05 - 2013-10-30 03:12 - 00335360 _____ (Microsoft Corporation) C:\Windows\system32\SysFxUI.dll 2014-02-07 10:05 - 2013-10-30 02:43 - 00130048 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\drmk.sys 2014-02-07 10:05 - 2013-10-30 01:43 - 00167936 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\portcls.sys 2014-02-07 10:05 - 2013-10-30 01:35 - 02050560 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys 2014-02-07 10:05 - 2013-10-11 03:08 - 00444928 _____ (Microsoft Corporation) C:\Windows\system32\IKEEXT.DLL 2014-02-07 10:05 - 2013-10-11 03:08 - 00172032 _____ (Microsoft Corporation) C:\Windows\system32\scrrun.dll 2014-02-07 10:05 - 2013-10-11 03:08 - 00131072 _____ (Microsoft Corporation) C:\Windows\system32\wshom.ocx 2014-02-07 10:05 - 2013-10-11 03:08 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wshcon.dll 2014-02-07 10:05 - 2013-10-11 03:07 - 00596480 _____ (Microsoft Corporation) C:\Windows\system32\FWPUCLNT.DLL 2014-02-07 10:05 - 2013-10-11 01:39 - 00218228 _____ () C:\Windows\system32\WFP.TMF 2014-02-07 10:05 - 2013-10-11 01:35 - 00155648 _____ (Microsoft Corporation) C:\Windows\system32\wscript.exe 2014-02-07 10:05 - 2013-10-11 01:35 - 00135168 _____ (Microsoft Corporation) C:\Windows\system32\cscript.exe 2014-02-07 10:05 - 2013-10-03 13:45 - 00297984 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll 2014-02-07 10:05 - 2013-08-27 03:47 - 01029120 _____ (Microsoft Corporation) C:\Windows\system32\d3d10.dll 2014-02-07 10:05 - 2013-08-27 03:47 - 00219648 _____ (Microsoft Corporation) C:\Windows\system32\d3d10_1core.dll 2014-02-07 10:05 - 2013-08-27 03:47 - 00189952 _____ (Microsoft Corporation) C:\Windows\system32\d3d10core.dll 2014-02-07 10:05 - 2013-08-27 03:47 - 00160768 _____ (Microsoft Corporation) C:\Windows\system32\d3d10_1.dll 2014-02-07 10:05 - 2013-08-27 02:52 - 01172480 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll 2014-02-07 10:05 - 2013-08-27 02:50 - 00486400 _____ (Microsoft Corporation) C:\Windows\system32\d3d10level9.dll 2014-02-07 10:05 - 2013-08-27 02:32 - 00683008 _____ (Microsoft Corporation) C:\Windows\system32\d2d1.dll 2014-02-07 10:05 - 2013-08-27 02:28 - 01069056 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll 2014-02-07 10:05 - 2013-08-27 02:28 - 00798208 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll 2014-02-07 10:05 - 2013-08-02 05:09 - 01548288 _____ (Microsoft Corporation) C:\Windows\system32\WMVDECOD.DLL 2014-02-07 10:05 - 2013-08-01 04:16 - 00638400 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys 2014-02-07 10:05 - 2013-08-01 03:49 - 00037376 _____ (Microsoft Corporation) C:\Windows\system32\cdd.dll 2014-02-07 10:05 - 2013-07-20 11:44 - 00102608 _____ (Microsoft Corporation) C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll 2014-02-07 10:05 - 2013-07-10 10:47 - 00783360 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll 2014-02-07 10:05 - 2013-07-09 13:10 - 01205168 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll 2014-02-07 10:05 - 2013-07-08 05:55 - 03603904 _____ (Microsoft Corporation) C:\Windows\system32\ntkrnlpa.exe 2014-02-07 10:05 - 2013-07-08 05:55 - 03551680 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe 2014-02-07 10:05 - 2013-06-29 03:07 - 00226304 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbport.sys 2014-02-07 10:05 - 2013-06-29 03:07 - 00197632 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbhub.sys 2014-02-07 10:05 - 2013-06-29 03:07 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbccgp.sys 2014-02-07 10:05 - 2013-06-29 03:06 - 00006016 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbd.sys 2014-02-07 10:05 - 2013-06-15 14:22 - 00015872 _____ (Microsoft Corporation) C:\Windows\system32\icaapi.dll 2014-02-07 10:05 - 2013-06-15 12:23 - 00024064 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tssecsrv.sys 2014-02-07 10:05 - 2013-06-04 05:16 - 00034304 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll 2014-02-07 10:05 - 2013-06-04 02:49 - 00293376 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll 2014-02-07 10:05 - 2013-05-02 05:04 - 00443904 _____ (Microsoft Corporation) C:\Windows\system32\win32spl.dll 2014-02-07 10:05 - 2013-05-02 05:03 - 00037376 _____ (Microsoft Corporation) C:\Windows\system32\printcom.dll 2014-02-07 10:05 - 2013-03-09 04:45 - 00049152 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll 2014-02-07 10:05 - 2013-03-09 02:28 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe 2014-02-07 10:05 - 2013-03-03 20:07 - 01082232 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ntfs.sys 2014-02-07 10:05 - 2012-11-22 04:54 - 00353280 _____ (Microsoft Corporation) C:\Windows\system32\shlwapi.dll 2014-02-07 10:05 - 2012-11-20 05:22 - 00204288 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll 2014-02-07 10:05 - 2012-11-08 04:48 - 01314816 _____ (Microsoft Corporation) C:\Windows\system32\quartz.dll 2014-02-07 10:05 - 2012-11-02 11:19 - 01400832 _____ (Microsoft Corporation) C:\Windows\system32\msxml6.dll 2014-02-07 10:05 - 2012-11-02 11:18 - 00376320 _____ (Microsoft Corporation) C:\Windows\system32\dpnet.dll 2014-02-07 10:05 - 2012-11-02 09:26 - 00023040 _____ (Microsoft Corporation) C:\Windows\system32\dpnsvr.exe 2014-02-07 10:05 - 2012-09-25 17:19 - 00075776 _____ (Microsoft Corporation) C:\Windows\system32\synceng.dll 2014-02-07 10:05 - 2012-08-21 12:47 - 00224640 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\volsnap.sys 2014-02-07 10:05 - 2011-05-05 14:54 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbehci.sys 2014-02-07 10:05 - 2011-05-05 14:54 - 00023552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbuhci.sys 2014-02-07 10:04 - 2013-06-01 05:06 - 00505344 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll 2014-02-07 10:03 - 2013-07-16 05:35 - 00615936 _____ (Microsoft Corporation) C:\Windows\system32\themeui.dll 2014-02-07 10:02 - 2013-10-22 08:19 - 00158208 _____ (Microsoft Corporation) C:\Windows\system32\imagehlp.dll 2014-02-07 10:02 - 2013-06-27 00:01 - 00527064 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Wdf01000.sys 2014-02-07 10:02 - 2012-09-28 17:11 - 00892928 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll 2014-02-07 09:56 - 2013-03-08 04:52 - 02067968 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll 2014-02-07 09:55 - 2013-07-05 05:53 - 00905664 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys 2014-02-07 09:54 - 2013-07-04 05:21 - 00532480 _____ (Microsoft Corporation) C:\Windows\system32\comctl32.dll 2014-02-07 09:54 - 2013-07-03 03:33 - 00035328 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbscan.sys 2014-02-07 09:54 - 2013-07-03 03:10 - 00025472 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hidparse.sys 2014-02-07 09:53 - 2013-04-17 13:30 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\cryptdlg.dll 2014-02-07 09:53 - 2013-03-08 04:53 - 00376320 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll 2014-02-07 09:52 - 2013-07-08 05:20 - 00172544 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll 2014-02-07 09:52 - 2013-07-08 05:16 - 00133120 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll 2014-02-07 09:52 - 2013-07-08 05:16 - 00098304 _____ (Microsoft Corporation) C:\Windows\system32\cryptnet.dll 2014-02-07 09:51 - 2013-02-12 02:57 - 00015872 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usb8023.sys 2014-02-07 06:58 - 2014-02-07 06:59 - 18733360 _____ (Microsoft Corporation) C:\Users\RSR\Downloads\IE9-WindowsVista-x86-deu.exe 2014-02-07 06:25 - 2014-02-07 06:25 - 00347816 _____ (Microsoft Corporation) C:\Users\RSR\Downloads\MicrosoftFixit.wu.RNP.38315177170263812.1.1.Run.exe 2014-02-06 23:03 - 2014-02-06 23:03 - 02209056 _____ () C:\Users\RSR\Downloads\avira-eu-cleaner_de.exe 2014-02-05 18:18 - 2014-02-05 18:18 - 00051055 _____ () C:\Users\RSR\Downloads\VDP 122.xlsx 2014-02-02 12:05 - 2014-02-02 12:05 - 00065123 _____ () C:\Users\RSR\Downloads\Herunterladen(2).csv 2014-01-28 17:26 - 2014-01-28 17:26 - 00294400 _____ () C:\Users\RSR\Downloads\Preisliste ab 01.07.2013.xls 2014-01-28 16:27 - 2014-01-28 16:27 - 08795847 _____ () C:\Users\RSR\Downloads\AFHC 1-4.zip 2014-01-23 21:38 - 2014-01-23 21:38 - 00000000 ____D () C:\Users\RSR\AppData\Local\TSR_Software_-_www.tsr-so 2014-01-23 20:02 - 2014-01-23 20:07 - 00000000 ____D () C:\Users\RSR\Documents\TSR Software 2014-01-23 20:02 - 2014-01-23 20:02 - 00000796 _____ () C:\Users\Public\Desktop\Watermark Image.lnk 2014-01-23 20:01 - 2014-01-23 20:01 - 02983405 ____N () C:\Users\RSR\Downloads\watermark-image-free_2.7.3.2.zip 2014-01-23 18:30 - 2014-01-23 18:30 - 01725064 ____N () C:\Users\RSR\Downloads\Adaware_Installer(6).exe ==================== One Month Modified Files and Folders ======= 2014-02-16 13:22 - 2014-02-09 17:59 - 00000000 ____D () C:\FRST 2014-02-16 13:21 - 2014-02-16 13:21 - 00000399 _____ () C:\Users\RSR\Desktop\FRST.lnk 2014-02-16 13:20 - 2014-02-16 13:20 - 01141248 _____ (Farbar) C:\Users\RSR\Downloads\FRST.exe 2014-02-16 13:09 - 2012-06-30 09:05 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job 2014-02-16 12:08 - 2014-02-16 12:08 - 00000632 _____ () C:\Users\RSR\Desktop\JRT.txt 2014-02-16 12:00 - 2007-11-25 05:05 - 01117935 _____ () C:\Windows\WindowsUpdate.log 2014-02-16 11:54 - 2006-11-02 13:47 - 00003296 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 2014-02-16 11:54 - 2006-11-02 13:47 - 00003296 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 2014-02-16 11:53 - 2014-02-07 17:16 - 00000000 ____D () C:\ProgramData\Kaspersky Lab 2014-02-16 11:53 - 2011-12-02 20:01 - 00000310 _____ () C:\Windows\Tasks\GlaryInitialize.job 2014-02-16 11:53 - 2006-11-02 14:01 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2014-02-16 11:50 - 2006-11-02 14:01 - 00032612 _____ () C:\Windows\Tasks\SCHEDLGU.TXT 2014-02-16 11:43 - 2012-05-11 15:37 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service 2014-02-16 11:29 - 2014-02-16 11:29 - 00000000 ____D () C:\Windows\ERUNT 2014-02-16 11:27 - 2014-02-16 11:27 - 00000392 _____ () C:\Users\RSR\Desktop\JRT.lnk 2014-02-16 11:26 - 2014-02-16 11:26 - 01037530 _____ (Thisisu) C:\Users\RSR\Downloads\JRT.exe 2014-02-16 11:24 - 2014-02-16 11:24 - 00000433 _____ () C:\Users\RSR\Desktop\adwcleaner.lnk 2014-02-16 11:22 - 2014-02-16 11:22 - 00017318 _____ () C:\Users\RSR\Desktop\AdwCleaner[S0].txt 2014-02-16 11:07 - 2014-02-16 11:01 - 00000000 ____D () C:\AdwCleaner 2014-02-16 11:00 - 2014-02-16 10:59 - 01166132 _____ () C:\Users\RSR\Downloads\adwcleaner.exe 2014-02-15 10:30 - 2014-02-15 10:30 - 00000000 ____D () C:\Program Files\Mozilla Firefox 2014-02-14 20:41 - 2009-03-08 13:03 - 00000000 ____D () C:\ProgramData\Lexware 2014-02-14 13:12 - 2006-11-02 12:18 - 00000000 ____D () C:\Windows\Microsoft.NET 2014-02-14 11:47 - 2014-02-14 11:47 - 00023552 _____ () C:\Users\RSR\Downloads\ADP.xls 2014-02-14 11:06 - 2006-11-02 12:18 - 00000000 ____D () C:\Windows\system32\de-DE 2014-02-14 11:01 - 2011-04-08 18:04 - 00000000 ____D () C:\Program Files\SpeedFan 2014-02-14 00:25 - 2006-11-02 11:33 - 00962870 _____ () C:\Windows\system32\PerfStringBackup.INI 2014-02-14 00:03 - 2014-02-07 10:13 - 00000000 ____D () C:\Windows\system32\MRT 2014-02-13 23:56 - 2006-11-02 11:24 - 85946576 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe 2014-02-13 02:29 - 2011-12-02 20:01 - 00000000 ____D () C:\Program Files\Glary Utilities 2014-02-13 02:29 - 2007-12-13 18:30 - 00000000 ____D () C:\Users\RSR 2014-02-13 02:29 - 2006-11-02 12:18 - 00000000 ____D () C:\Windows\system32\spool 2014-02-13 02:29 - 2006-11-02 12:18 - 00000000 ____D () C:\Windows\system32\Msdtc 2014-02-13 02:29 - 2006-11-02 12:18 - 00000000 ____D () C:\Windows\registration 2014-02-13 02:29 - 2006-11-02 11:22 - 56881152 _____ () C:\Windows\system32\config\system_previous 2014-02-13 02:29 - 2006-11-02 11:22 - 49221632 _____ () C:\Windows\system32\config\software_previous 2014-02-13 02:24 - 2006-11-02 11:22 - 48644096 _____ () C:\Windows\system32\config\components_previous 2014-02-13 02:24 - 2006-11-02 11:22 - 00057344 _____ () C:\Windows\system32\config\sam_previous 2014-02-12 19:28 - 2014-02-12 16:44 - 00000000 ____D () C:\Qoobox 2014-02-12 19:27 - 2014-02-12 19:27 - 00012568 _____ (Sysinternals - www.sysinternals.com) C:\Windows\system32\Drivers\PROCEXP113.SYS 2014-02-12 19:26 - 2014-02-12 19:26 - 00019967 _____ () C:\ComboFix.txt 2014-02-12 19:26 - 2006-11-02 12:18 - 00000000 __RHD () C:\Users\Default 2014-02-12 19:26 - 2006-11-02 12:18 - 00000000 ___RD () C:\Users\Public 2014-02-12 19:22 - 2014-02-12 18:39 - 00000000 ____D () C:\Windows\erdnt 2014-02-12 19:15 - 2006-11-02 11:23 - 00000215 _____ () C:\Windows\system.ini 2014-02-12 19:14 - 2011-04-07 17:59 - 00128096 _____ () C:\Windows\PFRO.log 2014-02-12 19:11 - 2006-11-02 11:22 - 57147392 _____ () C:\Windows\system32\config\system.bak 2014-02-12 19:11 - 2006-11-02 11:22 - 49545216 _____ () C:\Windows\system32\config\software.bak 2014-02-12 19:11 - 2006-11-02 11:22 - 48758784 _____ () C:\Windows\system32\config\COMPON~3.bak 2014-02-12 19:11 - 2006-11-02 11:22 - 00262144 _____ () C:\Windows\system32\config\security.bak 2014-02-12 19:11 - 2006-11-02 11:22 - 00262144 _____ () C:\Windows\system32\config\sam.bak 2014-02-12 19:11 - 2006-11-02 11:22 - 00262144 _____ () C:\Windows\system32\config\default.bak 2014-02-12 18:37 - 2014-02-12 18:37 - 05180679 ____R (Swearware) C:\Users\RSR\Desktop\ComboFix.exe 2014-02-12 18:37 - 2014-02-12 18:37 - 05180679 _____ (Swearware) C:\Users\RSR\Downloads\ComboFix(1).exe 2014-02-12 18:36 - 2014-02-12 18:36 - 05180679 _____ (Swearware) C:\Users\RSR\Downloads\ComboFix.exe 2014-02-12 17:03 - 2006-11-02 11:22 - 00233472 _____ () C:\Windows\system32\config\default_previous 2014-02-12 17:03 - 2006-11-02 11:22 - 00024576 _____ () C:\Windows\system32\config\security_previous 2014-02-12 17:02 - 2014-02-12 17:02 - 00000000 ____D () C:\Users\RSR\AppData\Local\Temp(4) 2014-02-12 16:48 - 2014-02-12 16:48 - 00000000 ____D () C:\$RECYCLE(0).BIN 2014-02-10 19:15 - 2014-02-10 19:15 - 00031744 _____ () C:\Users\RSR\Downloads\V2014.xls 2014-02-09 18:02 - 2014-02-09 18:01 - 00025515 _____ () C:\Users\RSR\Desktop\Addition.txt 2014-02-09 18:02 - 2014-02-09 17:59 - 00045733 _____ () C:\Users\RSR\Desktop\FRST.txt 2014-02-08 13:13 - 2008-09-22 18:40 - 00000000 ____D () C:\Users\RSR\AppData\Roaming\Apple Computer 2014-02-08 13:11 - 2007-08-14 14:27 - 00000000 ___HD () C:\Program Files\InstallShield Installation Information 2014-02-08 12:54 - 2007-08-14 15:58 - 00000000 ____D () C:\Users\Public\Documents\.GamesData 2014-02-08 12:54 - 2007-08-14 15:58 - 00000000 ____D () C:\Program Files\Acer GameZone 2014-02-08 12:51 - 2007-08-14 15:40 - 00000000 ____D () C:\Program Files\CyberLink 2014-02-08 12:50 - 2014-02-08 12:14 - 00000000 ____D () C:\Program Files\McAfee Security Scan 2014-02-08 12:45 - 2007-08-14 15:14 - 00000000 ____D () C:\Program Files\Common Files\NewTech Infosystems 2014-02-08 12:34 - 2014-02-08 12:34 - 00000218 _____ () C:\Users\RSR\AppData\Local\recently-used.xbel 2014-02-08 12:34 - 2013-05-21 19:55 - 00000000 ____D () C:\Users\RSR\AppData\Roaming\inkscape 2014-02-08 12:22 - 2014-02-08 12:21 - 17890696 _____ (Adobe Systems Incorporated) C:\Users\RSR\Downloads\install_flash_player(1).exe 2014-02-08 12:15 - 2007-12-15 17:49 - 00000000 ____D () C:\Users\RSR\AppData\Local\Adobe 2014-02-08 12:14 - 2014-02-08 12:14 - 00000000 ____D () C:\ProgramData\McAfee 2014-02-08 12:10 - 2014-02-08 12:10 - 00001730 _____ () C:\Users\Public\Desktop\QuickTime Player.lnk 2014-02-08 12:10 - 2014-02-08 12:09 - 00000000 ____D () C:\Program Files\QuickTime 2014-02-08 12:09 - 2008-09-22 18:37 - 00000000 ____D () C:\ProgramData\Apple Computer 2014-02-08 12:09 - 2008-09-22 18:36 - 00000000 ____D () C:\Program Files\Common Files\Apple 2014-02-08 12:05 - 2014-02-08 12:05 - 00000000 ____D () C:\Program Files\Apple Software Update 2014-02-08 12:02 - 2014-02-08 12:00 - 41404760 _____ (Apple Inc.) C:\Users\RSR\Downloads\QuickTimeInstaller.exe 2014-02-08 08:26 - 2012-10-07 00:02 - 00000000 ____D () C:\Program Files\Blaze Audio 2014-02-08 08:22 - 2012-10-08 21:19 - 00000000 ____D () C:\Program Files\Audacity 2014-02-08 08:18 - 2012-10-08 21:27 - 00000000 ____D () C:\Users\RSR\AppData\Roaming\Audacity 2014-02-07 21:10 - 2014-02-07 21:10 - 00347816 _____ (Microsoft Corporation) C:\Users\RSR\Downloads\MicrosoftFixit.WindowsFirewall.RNP.6331523040934190.1.1.Run.exe 2014-02-07 21:08 - 2014-02-07 21:08 - 00000866 _____ () C:\Users\RSR\Downloads\avira-eu-cleaner_de.exe - Verknüpfung.lnk 2014-02-07 21:08 - 2014-02-07 21:08 - 00000866 _____ () C:\Users\RSR\Desktop\avira-eu-cleaner.lnk 2014-02-07 17:50 - 2014-02-07 17:16 - 00574560 _____ (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\klif.sys 2014-02-07 17:50 - 2013-10-17 15:47 - 00135776 _____ (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\kl1.sys 2014-02-07 17:50 - 2013-06-06 17:38 - 00144992 _____ (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\kneps.sys 2014-02-07 17:23 - 2014-02-07 17:23 - 00002115 _____ () C:\Users\RSR\Desktop\Sicherer Zahlungsverkehr.lnk 2014-02-07 17:22 - 2009-05-22 10:10 - 00000000 ____D () C:\ProgramData\Kaspersky Lab Setup Files 2014-02-07 17:20 - 2014-02-07 17:21 - 00001005 _____ () C:\Users\Public\Desktop\Kaspersky Internet Security.lnk 2014-02-07 17:16 - 2014-02-07 17:16 - 00000000 ____D () C:\Program Files\Kaspersky Lab 2014-02-07 17:12 - 2014-02-07 16:50 - 256314176 _____ () C:\Users\RSR\Downloads\kis14.0.0.4651abDE_5155.exe 2014-02-07 16:33 - 2012-09-09 00:49 - 00000000 ____D () C:\Program Files\Spybot - Search & Destroy 2014-02-07 16:31 - 2012-09-09 00:49 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy 2014-02-07 13:38 - 2012-10-13 08:08 - 00000000 ____D () C:\Users\RSR\AppData\Roaming\LavasoftStatistics 2014-02-07 13:38 - 2012-09-09 08:53 - 00000000 ____D () C:\ProgramData\Lavasoft 2014-02-07 12:33 - 2006-11-02 12:18 - 00000000 ____D () C:\Windows\rescache 2014-02-07 11:31 - 2011-12-08 18:45 - 00000000 ____D () C:\Program Files\Microsoft Silverlight 2014-02-07 11:31 - 2006-11-02 13:47 - 00368896 _____ () C:\Windows\system32\FNTCACHE.DAT 2014-02-07 11:27 - 2007-08-14 14:28 - 00000000 ____D () C:\Windows\system32\RTCOM 2014-02-07 11:27 - 2006-11-02 16:31 - 00000000 ____D () C:\Windows\system32\Drivers\de-DE 2014-02-07 11:27 - 2006-11-02 13:37 - 00000000 ____D () C:\Windows\system32\XPSViewer 2014-02-07 11:27 - 2006-11-02 13:37 - 00000000 ____D () C:\Program Files\Windows Journal 2014-02-07 11:04 - 2007-08-14 15:50 - 00000000 ____D () C:\ProgramData\Microsoft Help 2014-02-07 09:38 - 2006-11-02 12:18 - 00000000 ____D () C:\Windows\tracing 2014-02-07 07:28 - 2012-11-11 20:24 - 00000000 ____D () C:\Program Files\Malwarebytes' Anti-Malware 2014-02-07 07:00 - 2011-09-11 08:01 - 00004319 _____ () C:\Windows\IE9_main.log 2014-02-07 06:59 - 2014-02-07 06:58 - 18733360 _____ (Microsoft Corporation) C:\Users\RSR\Downloads\IE9-WindowsVista-x86-deu.exe 2014-02-07 06:25 - 2014-02-07 06:25 - 00347816 _____ (Microsoft Corporation) C:\Users\RSR\Downloads\MicrosoftFixit.wu.RNP.38315177170263812.1.1.Run.exe 2014-02-06 23:03 - 2014-02-06 23:03 - 02209056 _____ () C:\Users\RSR\Downloads\avira-eu-cleaner_de.exe 2014-02-05 20:06 - 2012-06-30 09:05 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe 2014-02-05 20:06 - 2011-06-19 08:43 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl 2014-02-05 18:18 - 2014-02-05 18:18 - 00051055 _____ () C:\Users\RSR\Downloads\VDP 122.xlsx 2014-02-05 09:58 - 2014-02-13 23:42 - 12345344 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2014-02-05 09:56 - 2014-02-13 23:43 - 01806848 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2014-02-05 09:53 - 2014-02-13 23:43 - 09739264 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2014-02-05 09:51 - 2014-02-13 23:43 - 01105408 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2014-02-05 09:50 - 2014-02-13 23:43 - 01129472 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2014-02-05 09:49 - 2014-02-13 23:43 - 01427968 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl 2014-02-05 09:49 - 2014-02-13 23:43 - 00231936 _____ (Microsoft Corporation) C:\Windows\system32\url.dll 2014-02-05 09:48 - 2014-02-13 23:43 - 01796096 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2014-02-05 09:48 - 2014-02-13 23:43 - 00717824 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll 2014-02-05 09:48 - 2014-02-13 23:43 - 00421376 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll 2014-02-05 09:48 - 2014-02-13 23:43 - 00142848 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe 2014-02-05 09:48 - 2014-02-13 23:43 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll 2014-02-05 09:47 - 2014-02-13 23:43 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2014-02-05 09:47 - 2014-02-13 23:43 - 00607744 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2014-02-05 09:47 - 2014-02-13 23:43 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll 2014-02-05 09:46 - 2014-02-13 23:43 - 00176640 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll 2014-02-02 12:05 - 2014-02-02 12:05 - 00065123 _____ () C:\Users\RSR\Downloads\Herunterladen(2).csv 2014-01-28 17:26 - 2014-01-28 17:26 - 00294400 _____ () C:\Users\RSR\Downloads\Preisliste ab 01.07.2013.xls 2014-01-28 16:27 - 2014-01-28 16:27 - 08795847 _____ () C:\Users\RSR\Downloads\AFHC 1-4.zip 2014-01-23 21:38 - 2014-01-23 21:38 - 00000000 ____D () C:\Users\RSR\AppData\Local\TSR_Software_-_www.tsr-so 2014-01-23 20:07 - 2014-01-23 20:02 - 00000000 ____D () C:\Users\RSR\Documents\TSR Software 2014-01-23 20:02 - 2014-01-23 20:02 - 00000796 _____ () C:\Users\Public\Desktop\Watermark Image.lnk 2014-01-23 20:01 - 2014-01-23 20:01 - 02983405 ____N () C:\Users\RSR\Downloads\watermark-image-free_2.7.3.2.zip 2014-01-23 18:30 - 2014-01-23 18:30 - 01725064 ____N () C:\Users\RSR\Downloads\Adaware_Installer(6).exe Files to move or delete: ==================== C:\Users\RSR\PC Booster 7 Full License.exe Some content of TEMP: ==================== C:\Users\RSR\AppData\Local\temp\Quarantine.exe C:\Users\RSR\AppData\Local\temp\RtkBtMnt.exe C:\Users\RSR\AppData\Local\temp\sfamcc00001.dll C:\Users\RSR\AppData\Local\temp\sfareca00001.dll ==================== Bamital & volsnap Check ================= C:\Windows\explorer.exe => MD5 is legit C:\Windows\system32\winlogon.exe => MD5 is legit C:\Windows\system32\wininit.exe => MD5 is legit C:\Windows\system32\svchost.exe => MD5 is legit C:\Windows\system32\services.exe => MD5 is legit C:\Windows\system32\User32.dll => MD5 is legit C:\Windows\system32\userinit.exe => MD5 is legit C:\Windows\system32\rpcss.dll => MD5 is legit C:\Windows\system32\Drivers\volsnap.sys => MD5 is legit LastRegBack: 2014-02-16 12:01 ==================== End Of Log ============================ --- --- --- --- --- --- Noch was hier die Datei von Malwarebytes vom ersten Durchlauf nach dem Befall hatte ich noch nicht eingestellt: Code:
ATTFilter Malwarebytes Anti-Malware 1.75.0.1300 www.malwarebytes.org Datenbank Version: v2013.04.04.07 Windows Vista Service Pack 2 x86 NTFS Internet Explorer 9.0.8112.16421 RSR :: R1 [Administrator] 07.02.2014 07:40:31 mbam-log-2014-02-07 (07-40-31).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|F:\|G:\|H:\|) Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 443470 Laufzeit: 1 Stunde(n), 54 Minute(n), 31 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 1 C:\$RECYCLE.BIN\S-1-5-18\$ecbf0d19cddafb12959d4ce4e3362c24\U\00000001.@ (Trojan.0Access) -> Erfolgreich gelöscht und in Quarantäne gestellt. (Ende) |
17.02.2014, 13:21 | #11 |
/// the machine /// TB-Ausbilder | E-Mail wird auf Fake-Account umgeleitetESET Online Scanner
Downloade Dir bitte SecurityCheck und:
und ein frisches FRST log bitte. Noch Probleme?
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
18.02.2014, 10:17 | #12 |
| E-Mail wird auf Fake-Account umgeleitet Hi, hier die Daten: Auf meiner externen Festplatte zur Datensicherung war auch noch was drauf! Code:
ATTFilter ESETSmartInstaller@High as downloader log: all ok # version=8 # OnlineScannerApp.exe=1.0.0.1 # OnlineScanner.ocx=1.0.0.6920 # api_version=3.0.2 # EOSSerial=401f1dc34f8db04595821d2803d1eff3 # engine=17105 # end=finished # remove_checked=false # archives_checked=true # unwanted_checked=false # unsafe_checked=false # antistealth_checked=true # utc_time=2014-02-18 02:51:43 # local_time=2014-02-18 03:51:43 (+0100, Mitteleuropäische Zeit) # country="Germany" # lang=1033 # osver=6.0.6002 NT Service Pack 2 # compatibility_mode=5892 16776574 100 100 324111 230224631 0 0 # scanned=1090590 # found=11 # cleaned=0 # scan_time=31198 sh=6D975D9DEA8F30A7FC8A84B704892C41B72ECA3C ft=0 fh=0000000000000000 vn="HTML/ScrInject.B.Gen virus" ac=I fn="C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3Q1JLSJG\showbanner[3].htm" sh=2CCAA961C2CF66EAF2E8D3D2DD947DF4EBC6F277 ft=0 fh=0000000000000000 vn="HTML/ScrInject.B.Gen virus" ac=I fn="C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3Q1JLSJG\showbanner[8].htm" sh=1CE91D09D8A8BE23F70BB02694572A6548000FD4 ft=0 fh=0000000000000000 vn="a variant of Java/Exploit.CVE-2012-1723.CT trojan" ac=I fn="I:\Backup Laptop Acer\Backup voll\C 2013-12-23 20;41;13 (Komplett)\Users\RSR\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\17\76d35dd1-6d5751be" sh=5D76270652FDDE9E8A417B3D3407D32098BF640F ft=0 fh=0000000000000000 vn="a variant of Java/Exploit.CVE-2012-1723.CT trojan" ac=I fn="I:\Backup Laptop Acer\Backup voll\C 2013-12-23 20;41;13 (Komplett)\Users\RSR\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\2\1477d9c2-75d25edc" sh=0D45D547C9B6CE24098A77B1D0B47B26A101BBFF ft=0 fh=0000000000000000 vn="a variant of Java/Exploit.CVE-2012-1723.CT trojan" ac=I fn="I:\Backup Laptop Acer\Backup voll\C 2013-12-23 20;41;13 (Komplett)\Users\RSR\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\2\5ad0cc2-1693d6e4" sh=1CE91D09D8A8BE23F70BB02694572A6548000FD4 ft=0 fh=0000000000000000 vn="a variant of Java/Exploit.CVE-2012-1723.CT trojan" ac=I fn="I:\Backup Laptop Acer\Backup voll\C 2014-01-04 16;28;17 (Komplett)\Users\RSR\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\17\76d35dd1-6d5751be" sh=5D76270652FDDE9E8A417B3D3407D32098BF640F ft=0 fh=0000000000000000 vn="a variant of Java/Exploit.CVE-2012-1723.CT trojan" ac=I fn="I:\Backup Laptop Acer\Backup voll\C 2014-01-04 16;28;17 (Komplett)\Users\RSR\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\2\1477d9c2-75d25edc" sh=0D45D547C9B6CE24098A77B1D0B47B26A101BBFF ft=0 fh=0000000000000000 vn="a variant of Java/Exploit.CVE-2012-1723.CT trojan" ac=I fn="I:\Backup Laptop Acer\Backup voll\C 2014-01-04 16;28;17 (Komplett)\Users\RSR\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\2\5ad0cc2-1693d6e4" sh=1CE91D09D8A8BE23F70BB02694572A6548000FD4 ft=0 fh=0000000000000000 vn="a variant of Java/Exploit.CVE-2012-1723.CT trojan" ac=I fn="I:\Backup Laptop Acer\Backup voll\RSR 2013-12-23 20;16;03 (Komplett)\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\17\76d35dd1-6d5751be" sh=5D76270652FDDE9E8A417B3D3407D32098BF640F ft=0 fh=0000000000000000 vn="a variant of Java/Exploit.CVE-2012-1723.CT trojan" ac=I fn="I:\Backup Laptop Acer\Backup voll\RSR 2013-12-23 20;16;03 (Komplett)\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\2\1477d9c2-75d25edc" sh=0D45D547C9B6CE24098A77B1D0B47B26A101BBFF ft=0 fh=0000000000000000 vn="a variant of Java/Exploit.CVE-2012-1723.CT trojan" ac=I fn="I:\Backup Laptop Acer\Backup voll\RSR 2013-12-23 20;16;03 (Komplett)\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\2\5ad0cc2-1693d6e4" Code:
ATTFilter Results of screen317's Security Check version 0.99.79 Windows Vista Service Pack 2 x86 (UAC is enabled) Internet Explorer 9 Internet Explorer 8 ``````````````Antivirus/Firewall Check:`````````````` WMI entry may not exist for antivirus; attempting automatic update. `````````Anti-malware/Other Utilities Check:````````` Ad-Aware Malwarebytes Anti-Malware Version 1.75.0.1300 CCleaner Java(TM) 6 Update 22 Java(TM) 6 Update 30 Java(TM) 6 Update 2 Java version out of Date! Adobe Flash Player 10 Flash Player out of Date! Adobe Flash Player 12.0.0.44 Adobe Reader 8 Adobe Reader out of Date! Mozilla Firefox (27.0.1) ````````Process Check: objlist.exe by Laurent```````` Ad-Aware AAWService.exe is disabled! Ad-Aware AAWTray.exe is disabled! Mobile Partner OnlineUpdate ouc.exe `````````````````System Health check````````````````` Total Fragmentation on Drive C: % ````````````````````End of Log`````````````````````` FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 12-02-2014 01 Ran by RSR (administrator) on R1 on 18-02-2014 10:07:02 Running from D:\ Microsoft® Windows Vista™ Home Premium Service Pack 2 (X86) OS Language: German Standard Internet Explorer Version 9 Boot Mode: Normal ==================== Processes (Whitelisted) ================= (Microsoft Corporation) C:\Windows\system32\SLsvc.exe (ABBYY) C:\Program Files\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe (Geek Software GmbH) C:\Program Files\PDF24\pdf24.exe (Realtek Semiconductor) C:\Windows\RtHDVCpl.exe (Microsoft Corporation) C:\Windows\ehome\ehtray.exe (CobianSoft, Luis Cobian) C:\Program Files\Cobian Backup 11\cbVSCService11.exe () C:\ProgramData\DatacardService\HWDeviceService.exe (Huawei Technologies Co., Ltd.) C:\ProgramData\DatacardService\DCSHelper.exe () C:\ProgramData\Mobile Partner\OnlineUpdate\ouc.exe (Realtek Semiconductor Corp.) C:\Users\RSR\AppData\Local\Temp\RtkBtMnt.exe (Almico Software (www.almico.com)) C:\Program Files\SpeedFan\speedfan.exe (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe (Microsoft Corporation) C:\Windows\system32\wbem\unsecapp.exe (Microsoft Corporation) C:\Windows\system32\wuauclt.exe (Microsoft Corporation) C:\Program Files\Windows Media Player\wmpnscfg.exe (Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe ==================== Registry (Whitelisted) ================== HKLM\...\Run: [PDFPrint] - C:\Program Files\PDF24\pdf24.exe [162856 2013-02-19] (Geek Software GmbH) HKLM\...\Run: [Adobe ARM] - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated) HKLM\...\Run: [RtHDVCpl] - C:\Windows\RtHDVCpl.exe [4669440 2007-07-06] (Realtek Semiconductor) HKLM\...\Run: [Skytel] - C:\Windows\Skytel.exe [1826816 2007-06-15] (Realtek Semiconductor Corp.) HKLM\...\Run: [APSDaemon] - C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.) HKLM\...\Run: [QuickTime Task] - C:\Program Files\QuickTime\QTTask.exe [421888 2013-05-01] (Apple Inc.) HKU\S-1-5-21-3318535885-2036192723-3077812158-1000\...\Run: [ehTray.exe] - C:\Windows\ehome\ehTray.exe [125952 2008-01-19] (Microsoft Corporation) AppInit_DLLs: C:\Windows\System32\eNetHook.dll => C:\Windows\System32\eNetHook.dll [90112 2007-05-22] (acer) ==================== Internet (Whitelisted) ==================== HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.de/ HKCU\Software\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7 HKCU\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://global.acer.com HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/ SearchScopes: HKLM - DefaultScope value is missing. SearchScopes: HKCU - {03BCC049-3086-4D3A-A35C-AE1F412715DC} URL = hxxp://www.myvideo.de.anonymize-me.de/?to=6D79766964656F2E6465&st={searchTerms}&clid=e52614c3-3eb0-40cb-8ae5-a27424ac1250&pid=freewarede&mode=bounce&k=0 SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com.anonymize-me.de/?anonymto=687474703A2F2F7777772E62696E672E636F6D2F7365617263683F713D7B7365617263685465726D737D267372633D49452D536561726368426F7826464F524D3D494538535243&st={searchTerms}&clid=e52614c3-3eb0-40cb-8ae5-a27424ac1250&pid=freewarede&k=0 SearchScopes: HKCU - {4B151A7D-A9D8-415F-A557-3E4D728E747E} URL = hxxp://www.otto.de.anonymize-me.de/?to=6F74746F2E6465&st={searchTerms}&clid=e52614c3-3eb0-40cb-8ae5-a27424ac1250&pid=freewarede&mode=bounce&k=0 SearchScopes: HKCU - {5BB04328-B5D2-43F4-9424-4D69954558AA} URL = hxxp://search.ebay.de.anonymize-me.de/?to=656261792E6465&st={searchTerms}&clid=e52614c3-3eb0-40cb-8ae5-a27424ac1250&pid=freewarede&mode=bounce&k=0 SearchScopes: HKCU - {6C17E1D5-B6C9-437C-836E-E25BC04695DF} URL = hxxp://www.amazon.de.anonymize-me.de/?to=616D617A6F6E2E6465&st={searchTerms}&clid=e52614c3-3eb0-40cb-8ae5-a27424ac1250&pid=freewarede&mode=bounce&k=0 SearchScopes: HKCU - {7114CBE7-B242-4D97-9988-B4C325E95BA2} URL = hxxp://de.search.yahoo.com.anonymize-me.de/?anonymto=687474703A2F2F64652E7365617263682E7961686F6F2E636F6D2F7365617263683F66723D6368722D677265656E747265655F69652665693D7574662D3826696C633D313226747970653D38323733313626703D7B7365617263685465726D737D&st={searchTerms}&clid=e52614c3-3eb0-40cb-8ae5-a27424ac1250&pid=freewarede&k=0 SearchScopes: HKCU - {B6CF2DA6-ACB1-4F63-93CB-B0287389E597} URL = hxxp://de.wikipedia.org.anonymize-me.de/?to=64652E77696B6970656469612E6F7267&st={searchTerms}&clid=e52614c3-3eb0-40cb-8ae5-a27424ac1250&pid=freewarede&mode=bounce&k=0 SearchScopes: HKCU - {EBFDC28C-22D7-4796-B24D-5D9FB6F6428B} URL = hxxp://www.pricerunner.de.anonymize-me.de/?to=707269636572756E6E65722E6465&st={searchTerms}&clid=e52614c3-3eb0-40cb-8ae5-a27424ac1250&pid=freewarede&mode=bounce&k=0 BHO: Content Blocker Plugin - {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO) BHO: Virtual Keyboard Plugin - {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO) BHO: Windows Live Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) BHO: Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION / CyCom Technology Corp.) BHO: Safe Money Plugin - {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO) BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.) BHO: URL Advisor Plugin - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO) Toolbar: HKLM - Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION / CyCom Technology Corp.) DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation) Tcpip\Parameters: [DhcpNameServer] 192.168.2.1 FireFox: ======== FF ProfilePath: C:\Users\RSR\AppData\Roaming\Mozilla\Firefox\Profiles\f1fajayh.default FF Homepage: hxxp://www.google.de/ FF Keyword.URL: hxxp://www.google.com/search?ie=UTF-8&oe=UTF-8&sourceid=navclient&gfns=1&q= FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32.dll () FF Plugin: @java.com/JavaPlugin - C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation) FF Plugin: @microsoft.com/OfficeLive,version=1.5 - C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.) FF Plugin: @microsoft.com/WLPG,version=14.0.8117.0416 - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin: @microsoft.com/WPF,version=3.5 - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF Plugin: @videolan.org/vlc,version=1.1.0 - C:\Programme\VideoLAN\VLC\npvlc.dll (the VideoLAN Team) FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF SearchPlugin: C:\Users\RSR\AppData\Roaming\Mozilla\Firefox\Profiles\f1fajayh.default\searchplugins\{264BD9DE-C78C-4405-83DF-109C3495DAD6}.xml FF SearchPlugin: C:\Users\RSR\AppData\Roaming\Mozilla\Firefox\Profiles\f1fajayh.default\searchplugins\{4A068CDA-BF07-4E02-9960-9FA132C088CE}.xml FF SearchPlugin: C:\Users\RSR\AppData\Roaming\Mozilla\Firefox\Profiles\f1fajayh.default\searchplugins\{85C0C13D-186D-4DB0-BD6C-466EA82C2F6A}.xml FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\amazondotcom-de.xml FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\eBay-de.xml FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\leo_ende_de.xml FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\yahoo-de.xml FF Extension: Lavasoft Search Plugin - C:\Users\RSR\AppData\Roaming\Mozilla\Firefox\Profiles\f1fajayh.default\Extensions\jid1-yZwVFzbsyfMrqQ@jetpack [2012-09-09] FF Extension: Microsoft .NET Framework Assistant - C:\Users\RSR\AppData\Roaming\Mozilla\Firefox\Profiles\f1fajayh.default\Extensions\{20a82645-c095-46ed-80e3-08825760534b} [2011-04-08] FF Extension: Adblock Plus - C:\Users\RSR\AppData\Roaming\Mozilla\Firefox\Profiles\f1fajayh.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2011-06-17] FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ FF Extension: Microsoft .NET Framework Assistant - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [] FF HKLM\...\Firefox\Extensions: - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\url_advisor@kaspersky.com FF Extension: Kaspersky URL Advisor - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\url_advisor@kaspersky.com [2014-02-07] FF HKLM\...\Firefox\Extensions: [virtual_keyboard@kaspersky.com] - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\virtual_keyboard@kaspersky.com FF Extension: Virtual Keyboard - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\virtual_keyboard@kaspersky.com [2014-02-07] FF HKLM\...\Firefox\Extensions: [content_blocker@kaspersky.com] - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\content_blocker@kaspersky.com FF Extension: Dangerous Websites Blocker - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\content_blocker@kaspersky.com [2014-02-07] FF HKLM\...\Firefox\Extensions: [anti_banner@kaspersky.com] - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\anti_banner@kaspersky.com FF Extension: Anti-Banner - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\anti_banner@kaspersky.com [2014-02-07] FF HKLM\...\Firefox\Extensions: [online_banking@kaspersky.com] - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\online_banking@kaspersky.com FF Extension: Safe Money - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\online_banking@kaspersky.com [2014-02-07] ========================== Services (Whitelisted) ================= R2 ABBYY.Licensing.FineReader.Sprint.9.0; C:\Program Files\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe [759048 2009-05-14] (ABBYY) S4 ALaunchService; C:\Acer\ALaunch\ALaunchSvc.exe [50688 2007-01-26] () S4 Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [116040 2008-09-10] (Apple Inc.) S2 AVP; C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avp.exe [214512 2013-10-17] (Kaspersky Lab ZAO) S3 BFE; . [0 ] () R2 cbVSCService11; C:\Program Files\Cobian Backup 11\cbVSCService11.exe [67584 2012-12-05] (CobianSoft, Luis Cobian) S4 eDataSecurity Service; C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe [457512 2007-04-25] (HiTRSUT) S4 eLockService; C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe [24576 2007-03-14] (Acer Inc.) S4 eNet Service; C:\Acer\Empowering Technology\eNet\eNet Service.exe [135168 2007-05-22] (Acer Inc.) S4 eRecoveryService; C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe [53248 2007-02-13] (Acer Inc.) S4 eSettingsService; C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe [24576 2007-05-10] () R2 HWDeviceService.exe; C:\ProgramData\DatacardService\HWDeviceService.exe [271712 2011-03-14] () S4 LiveUpdate Notice Service; C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe [583048 2008-01-29] (Symantec Corporation) S2 Mobile Partner. RunOuc; C:\Program Files\Mobile Partner\UpdateDog\ouc.exe [246112 2012-07-31] () S4 MobilityService; C:\Acer\Mobility Center\MobilityService.exe [107008 2006-11-24] () S3 MpsSvc; . [0 ] () S4 RichVideo; C:\Program Files\CyberLink\Shared Files\RichVideo.exe [266343 2007-01-23] () S4 VMCService; C:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe [14336 2008-07-04] (Vodafone) S4 WMIService; C:\Acer\Empowering Technology\ePower\ePowerSvc.exe [167936 2007-09-14] (acer) ==================== Drivers (Whitelisted) ==================== S2 BX40; C:\Windows\System32\Drivers\bx40.sys [11648 2006-07-19] (Batronix) R1 DritekPortIO; C:\Program Files\Launch Manager\DPortIO.sys [20112 2006-11-02] (Dritek System Inc.) R2 eprdrv; C:\Windows\System32\drivers\eprdrv.SYS [11456 2004-06-07] (EVC electronic GmbH) S3 FTDIBUS; C:\Windows\System32\drivers\ftdibus.sys [53184 2007-06-27] (FTDI Ltd.) S3 gfiark; C:\Windows\System32\drivers\gfiark.sys [43368 2013-05-23] (ThreatTrack Security) R0 gfibto; C:\Windows\System32\drivers\gfibto.sys [13560 2013-07-02] (GFI Software) R0 giveio; C:\Windows\System32\giveio.sys [5248 1996-04-03] () R2 int15; C:\Acer\Empowering Technology\eRecovery\int15.sys [76584 2006-12-07] () R0 kl1; C:\Windows\System32\DRIVERS\kl1.sys [135776 2014-02-07] (Kaspersky Lab ZAO) R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [574560 2014-02-07] (Kaspersky Lab ZAO) R1 KLIM6; C:\Windows\System32\DRIVERS\klim6.sys [25696 2013-10-17] (Kaspersky Lab ZAO) R3 klkbdflt; C:\Windows\System32\DRIVERS\klkbdflt.sys [25696 2013-10-17] (Kaspersky Lab ZAO) R3 klmouflt; C:\Windows\System32\DRIVERS\klmouflt.sys [25696 2013-10-17] (Kaspersky Lab ZAO) R1 klpd; C:\Windows\System32\DRIVERS\klpd.sys [14432 2013-04-12] (Kaspersky Lab ZAO) R1 kltdi; C:\Windows\System32\DRIVERS\kltdi.sys [45024 2013-05-14] (Kaspersky Lab ZAO) R1 kneps; C:\Windows\System32\DRIVERS\kneps.sys [144992 2014-02-07] (Kaspersky Lab ZAO) S3 LPWRITER; C:\Windows\System32\DRIVERS\USBWrite.SYS [14268 2005-07-26] (CYPRESS Corporation) R0 PSDFilter; C:\Windows\System32\DRIVERS\psdfilter.sys [20776 2007-04-25] (HiTRUST) R0 PSDNServ; C:\Windows\System32\drivers\PSDNServ.sys [16680 2007-04-25] (HiTRUST) R0 psdvdisk; C:\Windows\System32\drivers\psdvdisk.sys [60712 2007-04-25] (HiTRUST) R2 simdrv; C:\Windows\System32\drivers\simdrv.SYS [9420 2004-06-07] (EVC electronic GmbH) R3 SNP2UVC; C:\Windows\System32\DRIVERS\snp2uvc.sys [1749376 2007-08-02] () R0 speedfan; C:\Windows\System32\speedfan.sys [21696 2010-12-18] (Almico Software) R2 {49DE1C67-83F8-4102-99E0-C16DCC7EEC796}; C:\Program Files\Acer Arcade Deluxe\Play Movie\000.fcl [13560 2006-11-02] (Cyberlink Corp.) U5 AppMgmt; C:\Windows\system32\svchost.exe [21504 2008-01-19] (Microsoft Corporation) S4 blbdrive; \SystemRoot\system32\drivers\blbdrive.sys [X] S3 catchme; \??\C:\ComboFix\catchme.sys [X] S3 IpInIp; system32\DRIVERS\ipinip.sys [X] U5 klflt; C:\Windows\System32\Drivers\klflt.sys [94304 2013-06-08] (Kaspersky Lab ZAO) S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X] S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X] U5 PROCEXP113; C:\Windows\System32\Drivers\PROCEXP113.sys [12568 2014-02-12] (Sysinternals - www.sysinternals.com) S1 SBRE; \??\C:\Windows\system32\drivers\SBREdrv.sys [X] ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2014-02-18 10:04 - 2014-02-18 10:04 - 00001219 _____ () C:\Users\RSR\Desktop\checkup.txt 2014-02-18 09:56 - 2014-02-18 09:55 - 00987425 _____ () C:\Users\RSR\Desktop\SecurityCheck.exe 2014-02-18 09:55 - 2014-02-18 09:55 - 00987425 _____ () C:\Users\RSR\Downloads\SecurityCheck.exe 2014-02-17 19:04 - 2014-02-17 19:04 - 02347384 _____ (ESET) C:\Users\RSR\Downloads\esetsmartinstaller_enu.exe 2014-02-17 18:15 - 2014-02-17 18:15 - 00024064 _____ () C:\Users\RSR\Downloads\ADP(1).xls 2014-02-16 18:43 - 2014-02-16 18:43 - 00000808 _____ () C:\Users\RSR\Desktop\CCleaner.exe - Verknüpfung.lnk 2014-02-16 14:41 - 2014-02-16 14:41 - 00016540 _____ () C:\Users\RSR\Documents\Programmliste.txt 2014-02-16 14:35 - 2014-02-16 14:36 - 04721920 _____ (Piriform Ltd) C:\Users\RSR\Downloads\ccsetup410.exe 2014-02-16 13:47 - 2014-02-16 13:47 - 00049287 _____ () C:\Users\RSR\Desktop\FRST NEU.txt 2014-02-16 13:21 - 2014-02-16 13:21 - 00000399 _____ () C:\Users\RSR\Desktop\FRST.lnk 2014-02-16 13:20 - 2014-02-16 13:20 - 01141248 _____ (Farbar) C:\Users\RSR\Downloads\FRST.exe 2014-02-16 12:08 - 2014-02-16 12:08 - 00000632 _____ () C:\Users\RSR\Desktop\JRT.txt 2014-02-16 11:29 - 2014-02-16 11:29 - 00000000 ____D () C:\Windows\ERUNT 2014-02-16 11:27 - 2014-02-16 11:27 - 00000392 _____ () C:\Users\RSR\Desktop\JRT.lnk 2014-02-16 11:26 - 2014-02-16 11:26 - 01037530 _____ (Thisisu) C:\Users\RSR\Downloads\JRT.exe 2014-02-16 11:24 - 2014-02-16 11:24 - 00000433 _____ () C:\Users\RSR\Desktop\adwcleaner.lnk 2014-02-16 11:22 - 2014-02-16 11:22 - 00017318 _____ () C:\Users\RSR\Desktop\AdwCleaner[S0].txt 2014-02-16 11:01 - 2014-02-16 11:07 - 00000000 ____D () C:\AdwCleaner 2014-02-16 10:59 - 2014-02-16 11:00 - 01166132 _____ () C:\Users\RSR\Downloads\adwcleaner.exe 2014-02-15 10:30 - 2014-02-15 10:30 - 00000000 ____D () C:\Program Files\Mozilla Firefox 2014-02-14 11:47 - 2014-02-14 11:47 - 00023552 _____ () C:\Users\RSR\Downloads\ADP.xls 2014-02-13 23:43 - 2014-02-05 09:56 - 01806848 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2014-02-13 23:43 - 2014-02-05 09:53 - 09739264 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2014-02-13 23:43 - 2014-02-05 09:51 - 01105408 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2014-02-13 23:43 - 2014-02-05 09:50 - 01129472 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2014-02-13 23:43 - 2014-02-05 09:49 - 01427968 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl 2014-02-13 23:43 - 2014-02-05 09:49 - 00231936 _____ (Microsoft Corporation) C:\Windows\system32\url.dll 2014-02-13 23:43 - 2014-02-05 09:48 - 01796096 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2014-02-13 23:43 - 2014-02-05 09:48 - 00717824 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll 2014-02-13 23:43 - 2014-02-05 09:48 - 00421376 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll 2014-02-13 23:43 - 2014-02-05 09:48 - 00142848 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe 2014-02-13 23:43 - 2014-02-05 09:48 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll 2014-02-13 23:43 - 2014-02-05 09:47 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2014-02-13 23:43 - 2014-02-05 09:47 - 00607744 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2014-02-13 23:43 - 2014-02-05 09:47 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll 2014-02-13 23:43 - 2014-02-05 09:46 - 00176640 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll 2014-02-13 23:42 - 2014-02-05 09:58 - 12345344 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2014-02-13 15:05 - 2013-12-05 03:12 - 01248768 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll 2014-02-12 19:27 - 2014-02-12 19:27 - 00012568 _____ (Sysinternals - www.sysinternals.com) C:\Windows\system32\Drivers\PROCEXP113.SYS 2014-02-12 19:26 - 2014-02-12 19:26 - 00019967 _____ () C:\ComboFix.txt 2014-02-12 18:41 - 2011-06-26 07:45 - 00256000 _____ () C:\Windows\PEV.exe 2014-02-12 18:41 - 2010-11-07 18:20 - 00208896 _____ () C:\Windows\MBR.exe 2014-02-12 18:41 - 2009-04-20 05:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe 2014-02-12 18:41 - 2000-08-31 01:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe 2014-02-12 18:41 - 2000-08-31 01:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe 2014-02-12 18:41 - 2000-08-31 01:00 - 00098816 _____ () C:\Windows\sed.exe 2014-02-12 18:41 - 2000-08-31 01:00 - 00080412 _____ () C:\Windows\grep.exe 2014-02-12 18:41 - 2000-08-31 01:00 - 00068096 _____ () C:\Windows\zip.exe 2014-02-12 18:39 - 2014-02-12 19:22 - 00000000 ____D () C:\Windows\erdnt 2014-02-12 18:37 - 2014-02-12 18:37 - 05180679 ____R (Swearware) C:\Users\RSR\Desktop\ComboFix.exe 2014-02-12 18:37 - 2014-02-12 18:37 - 05180679 _____ (Swearware) C:\Users\RSR\Downloads\ComboFix(1).exe 2014-02-12 18:36 - 2014-02-12 18:36 - 05180679 _____ (Swearware) C:\Users\RSR\Downloads\ComboFix.exe 2014-02-12 17:02 - 2014-02-12 17:02 - 00000000 ____D () C:\Users\RSR\AppData\Local\Temp(4) 2014-02-12 16:44 - 2014-02-12 19:28 - 00000000 ____D () C:\Qoobox 2014-02-10 19:15 - 2014-02-10 19:15 - 00031744 _____ () C:\Users\RSR\Downloads\V 2014.xls 2014-02-09 18:01 - 2014-02-09 18:02 - 00025515 _____ () C:\Users\RSR\Desktop\Addition.txt 2014-02-09 17:59 - 2014-02-18 10:07 - 00000000 ____D () C:\FRST 2014-02-09 17:59 - 2014-02-09 18:02 - 00045733 _____ () C:\Users\RSR\Desktop\FRST.txt 2014-02-08 12:34 - 2014-02-08 12:34 - 00000218 _____ () C:\Users\RSR\AppData\Local\recently-used.xbel 2014-02-08 12:21 - 2014-02-08 12:22 - 17890696 _____ (Adobe Systems Incorporated) C:\Users\RSR\Downloads\install_flash_player(1).exe 2014-02-08 12:14 - 2014-02-08 12:50 - 00000000 ____D () C:\Program Files\McAfee Security Scan 2014-02-08 12:10 - 2014-02-08 12:10 - 00001730 _____ () C:\Users\Public\Desktop\QuickTime Player.lnk 2014-02-08 12:09 - 2014-02-08 12:10 - 00000000 ____D () C:\Program Files\QuickTime 2014-02-08 12:05 - 2014-02-08 12:05 - 00000000 ____D () C:\Program Files\Apple Software Update 2014-02-08 12:00 - 2014-02-08 12:02 - 41404760 _____ (Apple Inc.) C:\Users\RSR\Downloads\QuickTimeInstaller.exe 2014-02-07 21:10 - 2014-02-07 21:10 - 00347816 _____ (Microsoft Corporation) C:\Users\RSR\Downloads\MicrosoftFixit.WindowsFirewall.RNP.6331523040934190.1.1.Run.exe 2014-02-07 21:08 - 2014-02-07 21:08 - 00000866 _____ () C:\Users\RSR\Downloads\avira-eu-cleaner_de.exe - Verknüpfung.lnk 2014-02-07 21:08 - 2014-02-07 21:08 - 00000866 _____ () C:\Users\RSR\Desktop\avira-eu-cleaner.lnk 2014-02-07 17:23 - 2014-02-07 17:23 - 00002115 _____ () C:\Users\RSR\Desktop\Sicherer Zahlungsverkehr.lnk 2014-02-07 17:21 - 2014-02-07 17:20 - 00001005 _____ () C:\Users\Public\Desktop\Kaspersky Internet Security.lnk 2014-02-07 17:16 - 2014-02-17 18:41 - 00000000 ____D () C:\ProgramData\Kaspersky Lab 2014-02-07 17:16 - 2014-02-07 17:50 - 00574560 _____ (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\klif.sys 2014-02-07 17:16 - 2014-02-07 17:16 - 00000000 ____D () C:\Program Files\Kaspersky Lab 2014-02-07 17:16 - 2013-06-08 20:18 - 00094304 _____ (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\klflt.sys 2014-02-07 16:50 - 2014-02-07 17:12 - 256314176 _____ () C:\Users\RSR\Downloads\kis14.0.0.4651abDE_5155.exe 2014-02-07 10:23 - 2012-07-26 04:39 - 00047720 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WdfLdr.sys 2014-02-07 10:23 - 2012-07-26 04:21 - 00196608 _____ (Microsoft Corporation) C:\Windows\system32\WUDFHost.exe 2014-02-07 10:23 - 2012-07-26 04:20 - 00613888 _____ (Microsoft Corporation) C:\Windows\system32\WUDFx.dll 2014-02-07 10:23 - 2012-07-26 04:20 - 00172032 _____ (Microsoft Corporation) C:\Windows\system32\WUDFPlatform.dll 2014-02-07 10:23 - 2012-07-26 04:20 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\WUDFSvc.dll 2014-02-07 10:23 - 2012-07-26 04:20 - 00038912 _____ (Microsoft Corporation) C:\Windows\system32\WUDFCoinstaller.dll 2014-02-07 10:23 - 2012-07-26 03:46 - 00009728 _____ (Microsoft Corporation) C:\Windows\system32\Wdfres.dll 2014-02-07 10:23 - 2012-07-26 03:33 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WUDFPf.sys 2014-02-07 10:23 - 2012-07-26 03:32 - 00155136 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WUDFRd.sys 2014-02-07 10:23 - 2012-06-02 15:57 - 00000003 _____ () C:\Windows\system32\Drivers\MsftWdf_User_01_11_00_Inbox_Critical.Wdf 2014-02-07 10:23 - 2009-07-14 13:12 - 00016896 _____ (Microsoft Corporation) C:\Windows\system32\winusb.dll 2014-02-07 10:13 - 2014-02-14 00:03 - 00000000 ____D () C:\Windows\system32\MRT 2014-02-07 10:07 - 2013-04-24 05:00 - 00041984 _____ (Microsoft Corporation) C:\Windows\system32\certenc.dll 2014-02-07 10:07 - 2013-04-24 02:46 - 00812544 _____ (Microsoft Corporation) C:\Windows\system32\certutil.exe 2014-02-07 10:06 - 2013-10-03 13:45 - 00993792 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll 2014-02-07 10:06 - 2013-07-17 20:41 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll 2014-02-07 10:05 - 2013-10-30 03:12 - 00335360 _____ (Microsoft Corporation) C:\Windows\system32\SysFxUI.dll 2014-02-07 10:05 - 2013-10-30 02:43 - 00130048 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\drmk.sys 2014-02-07 10:05 - 2013-10-30 01:43 - 00167936 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\portcls.sys 2014-02-07 10:05 - 2013-10-30 01:35 - 02050560 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys 2014-02-07 10:05 - 2013-10-11 03:08 - 00444928 _____ (Microsoft Corporation) C:\Windows\system32\IKEEXT.DLL 2014-02-07 10:05 - 2013-10-11 03:08 - 00172032 _____ (Microsoft Corporation) C:\Windows\system32\scrrun.dll 2014-02-07 10:05 - 2013-10-11 03:08 - 00131072 _____ (Microsoft Corporation) C:\Windows\system32\wshom.ocx 2014-02-07 10:05 - 2013-10-11 03:08 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wshcon.dll 2014-02-07 10:05 - 2013-10-11 03:07 - 00596480 _____ (Microsoft Corporation) C:\Windows\system32\FWPUCLNT.DLL 2014-02-07 10:05 - 2013-10-11 01:39 - 00218228 _____ () C:\Windows\system32\WFP.TMF 2014-02-07 10:05 - 2013-10-11 01:35 - 00155648 _____ (Microsoft Corporation) C:\Windows\system32\wscript.exe 2014-02-07 10:05 - 2013-10-11 01:35 - 00135168 _____ (Microsoft Corporation) C:\Windows\system32\cscript.exe 2014-02-07 10:05 - 2013-10-03 13:45 - 00297984 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll 2014-02-07 10:05 - 2013-08-27 03:47 - 01029120 _____ (Microsoft Corporation) C:\Windows\system32\d3d10.dll 2014-02-07 10:05 - 2013-08-27 03:47 - 00219648 _____ (Microsoft Corporation) C:\Windows\system32\d3d10_1core.dll 2014-02-07 10:05 - 2013-08-27 03:47 - 00189952 _____ (Microsoft Corporation) C:\Windows\system32\d3d10core.dll 2014-02-07 10:05 - 2013-08-27 03:47 - 00160768 _____ (Microsoft Corporation) C:\Windows\system32\d3d10_1.dll 2014-02-07 10:05 - 2013-08-27 02:52 - 01172480 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll 2014-02-07 10:05 - 2013-08-27 02:50 - 00486400 _____ (Microsoft Corporation) C:\Windows\system32\d3d10level9.dll 2014-02-07 10:05 - 2013-08-27 02:32 - 00683008 _____ (Microsoft Corporation) C:\Windows\system32\d2d1.dll 2014-02-07 10:05 - 2013-08-27 02:28 - 01069056 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll 2014-02-07 10:05 - 2013-08-27 02:28 - 00798208 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll 2014-02-07 10:05 - 2013-08-02 05:09 - 01548288 _____ (Microsoft Corporation) C:\Windows\system32\WMVDECOD.DLL 2014-02-07 10:05 - 2013-08-01 04:16 - 00638400 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys 2014-02-07 10:05 - 2013-08-01 03:49 - 00037376 _____ (Microsoft Corporation) C:\Windows\system32\cdd.dll 2014-02-07 10:05 - 2013-07-20 11:44 - 00102608 _____ (Microsoft Corporation) C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll 2014-02-07 10:05 - 2013-07-10 10:47 - 00783360 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll 2014-02-07 10:05 - 2013-07-09 13:10 - 01205168 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll 2014-02-07 10:05 - 2013-07-08 05:55 - 03603904 _____ (Microsoft Corporation) C:\Windows\system32\ntkrnlpa.exe 2014-02-07 10:05 - 2013-07-08 05:55 - 03551680 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe 2014-02-07 10:05 - 2013-06-29 03:07 - 00226304 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbport.sys 2014-02-07 10:05 - 2013-06-29 03:07 - 00197632 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbhub.sys 2014-02-07 10:05 - 2013-06-29 03:07 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbccgp.sys 2014-02-07 10:05 - 2013-06-29 03:06 - 00006016 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbd.sys 2014-02-07 10:05 - 2013-06-15 14:22 - 00015872 _____ (Microsoft Corporation) C:\Windows\system32\icaapi.dll 2014-02-07 10:05 - 2013-06-15 12:23 - 00024064 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tssecsrv.sys 2014-02-07 10:05 - 2013-06-04 05:16 - 00034304 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll 2014-02-07 10:05 - 2013-06-04 02:49 - 00293376 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll 2014-02-07 10:05 - 2013-05-02 05:04 - 00443904 _____ (Microsoft Corporation) C:\Windows\system32\win32spl.dll 2014-02-07 10:05 - 2013-05-02 05:03 - 00037376 _____ (Microsoft Corporation) C:\Windows\system32\printcom.dll 2014-02-07 10:05 - 2013-03-09 04:45 - 00049152 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll 2014-02-07 10:05 - 2013-03-09 02:28 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe 2014-02-07 10:05 - 2013-03-03 20:07 - 01082232 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ntfs.sys 2014-02-07 10:05 - 2012-11-22 04:54 - 00353280 _____ (Microsoft Corporation) C:\Windows\system32\shlwapi.dll 2014-02-07 10:05 - 2012-11-20 05:22 - 00204288 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll 2014-02-07 10:05 - 2012-11-08 04:48 - 01314816 _____ (Microsoft Corporation) C:\Windows\system32\quartz.dll 2014-02-07 10:05 - 2012-11-02 11:19 - 01400832 _____ (Microsoft Corporation) C:\Windows\system32\msxml6.dll 2014-02-07 10:05 - 2012-11-02 11:18 - 00376320 _____ (Microsoft Corporation) C:\Windows\system32\dpnet.dll 2014-02-07 10:05 - 2012-11-02 09:26 - 00023040 _____ (Microsoft Corporation) C:\Windows\system32\dpnsvr.exe 2014-02-07 10:05 - 2012-09-25 17:19 - 00075776 _____ (Microsoft Corporation) C:\Windows\system32\synceng.dll 2014-02-07 10:05 - 2012-08-21 12:47 - 00224640 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\volsnap.sys 2014-02-07 10:05 - 2011-05-05 14:54 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbehci.sys 2014-02-07 10:05 - 2011-05-05 14:54 - 00023552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbuhci.sys 2014-02-07 10:04 - 2013-06-01 05:06 - 00505344 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll 2014-02-07 10:03 - 2013-07-16 05:35 - 00615936 _____ (Microsoft Corporation) C:\Windows\system32\themeui.dll 2014-02-07 10:02 - 2013-10-22 08:19 - 00158208 _____ (Microsoft Corporation) C:\Windows\system32\imagehlp.dll 2014-02-07 10:02 - 2013-06-27 00:01 - 00527064 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Wdf01000.sys 2014-02-07 10:02 - 2012-09-28 17:11 - 00892928 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll 2014-02-07 09:56 - 2013-03-08 04:52 - 02067968 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll 2014-02-07 09:55 - 2013-07-05 05:53 - 00905664 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys 2014-02-07 09:54 - 2013-07-04 05:21 - 00532480 _____ (Microsoft Corporation) C:\Windows\system32\comctl32.dll 2014-02-07 09:54 - 2013-07-03 03:33 - 00035328 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbscan.sys 2014-02-07 09:54 - 2013-07-03 03:10 - 00025472 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hidparse.sys 2014-02-07 09:53 - 2013-04-17 13:30 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\cryptdlg.dll 2014-02-07 09:53 - 2013-03-08 04:53 - 00376320 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll 2014-02-07 09:52 - 2013-07-08 05:20 - 00172544 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll 2014-02-07 09:52 - 2013-07-08 05:16 - 00133120 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll 2014-02-07 09:52 - 2013-07-08 05:16 - 00098304 _____ (Microsoft Corporation) C:\Windows\system32\cryptnet.dll 2014-02-07 09:51 - 2013-02-12 02:57 - 00015872 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usb8023.sys 2014-02-07 06:58 - 2014-02-07 06:59 - 18733360 _____ (Microsoft Corporation) C:\Users\RSR\Downloads\IE9-WindowsVista-x86-deu.exe 2014-02-07 06:25 - 2014-02-07 06:25 - 00347816 _____ (Microsoft Corporation) C:\Users\RSR\Downloads\MicrosoftFixit.wu.RNP.38315177170263812.1.1.Run.exe 2014-02-06 23:03 - 2014-02-06 23:03 - 02209056 _____ () C:\Users\RSR\Downloads\avira-eu-cleaner_de.exe 2014-02-05 18:18 - 2014-02-05 18:18 - 00051055 _____ () C:\Users\RSR\Downloads\VDP 122.xlsx 2014-02-02 12:05 - 2014-02-02 12:05 - 00065123 _____ () C:\Users\RSR\Downloads\Herunterladen(2).csv 2014-01-28 17:26 - 2014-01-28 17:26 - 00294400 _____ () C:\Users\RSR\Downloads\Preisliste ab 01.07.2013.xls 2014-01-28 16:27 - 2014-01-28 16:27 - 08795847 _____ () C:\Users\RSR\Downloads\AFHC 1-4.zip 2014-01-23 21:38 - 2014-01-23 21:38 - 00000000 ____D () C:\Users\RSR\AppData\Local\TSR_Software_-_www.tsr-so 2014-01-23 20:02 - 2014-01-23 20:07 - 00000000 ____D () C:\Users\RSR\Documents\TSR Software 2014-01-23 20:02 - 2014-01-23 20:02 - 00000796 _____ () C:\Users\Public\Desktop\Watermark Image.lnk 2014-01-23 20:01 - 2014-01-23 20:01 - 02983405 ____N () C:\Users\RSR\Downloads\watermark-image-free_2.7.3.2.zip 2014-01-23 18:30 - 2014-01-23 18:30 - 01725064 ____N () C:\Users\RSR\Downloads\Adaware_Installer(6).exe ==================== One Month Modified Files and Folders ======= 2014-02-18 10:07 - 2014-02-09 17:59 - 00000000 ____D () C:\FRST 2014-02-18 10:06 - 2012-06-30 09:05 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job 2014-02-18 10:04 - 2014-02-18 10:04 - 00001219 _____ () C:\Users\RSR\Desktop\checkup.txt 2014-02-18 10:00 - 2007-11-25 05:05 - 01141375 _____ () C:\Windows\WindowsUpdate.log 2014-02-18 09:55 - 2014-02-18 09:56 - 00987425 _____ () C:\Users\RSR\Desktop\SecurityCheck.exe 2014-02-18 09:55 - 2014-02-18 09:55 - 00987425 _____ () C:\Users\RSR\Downloads\SecurityCheck.exe 2014-02-18 08:19 - 2006-11-02 13:47 - 00003296 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 2014-02-18 08:19 - 2006-11-02 13:47 - 00003296 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 2014-02-17 19:08 - 2006-11-02 11:33 - 00962870 _____ () C:\Windows\system32\PerfStringBackup.INI 2014-02-17 19:04 - 2014-02-17 19:04 - 02347384 _____ (ESET) C:\Users\RSR\Downloads\esetsmartinstaller_enu.exe 2014-02-17 18:41 - 2014-02-07 17:16 - 00000000 ____D () C:\ProgramData\Kaspersky Lab 2014-02-17 18:15 - 2014-02-17 18:15 - 00024064 _____ () C:\Users\RSR\Downloads\ADP(1).xls 2014-02-16 18:43 - 2014-02-16 18:43 - 00000808 _____ () C:\Users\RSR\Desktop\CCleaner.exe - Verknüpfung.lnk 2014-02-16 14:41 - 2014-02-16 14:41 - 00016540 _____ () C:\Users\RSR\Documents\Programmliste.txt 2014-02-16 14:36 - 2014-02-16 14:35 - 04721920 _____ (Piriform Ltd) C:\Users\RSR\Downloads\ccsetup410.exe 2014-02-16 14:00 - 2011-04-08 18:04 - 00000000 ____D () C:\Program Files\SpeedFan 2014-02-16 13:57 - 2011-12-02 20:01 - 00000310 _____ () C:\Windows\Tasks\GlaryInitialize.job 2014-02-16 13:57 - 2006-11-02 14:01 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2014-02-16 13:47 - 2014-02-16 13:47 - 00049287 _____ () C:\Users\RSR\Desktop\FRST NEU.txt 2014-02-16 13:21 - 2014-02-16 13:21 - 00000399 _____ () C:\Users\RSR\Desktop\FRST.lnk 2014-02-16 13:20 - 2014-02-16 13:20 - 01141248 _____ (Farbar) C:\Users\RSR\Downloads\FRST.exe 2014-02-16 12:08 - 2014-02-16 12:08 - 00000632 _____ () C:\Users\RSR\Desktop\JRT.txt 2014-02-16 11:50 - 2006-11-02 14:01 - 00032612 _____ () C:\Windows\Tasks\SCHEDLGU.TXT 2014-02-16 11:43 - 2012-05-11 15:37 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service 2014-02-16 11:29 - 2014-02-16 11:29 - 00000000 ____D () C:\Windows\ERUNT 2014-02-16 11:27 - 2014-02-16 11:27 - 00000392 _____ () C:\Users\RSR\Desktop\JRT.lnk 2014-02-16 11:26 - 2014-02-16 11:26 - 01037530 _____ (Thisisu) C:\Users\RSR\Downloads\JRT.exe 2014-02-16 11:24 - 2014-02-16 11:24 - 00000433 _____ () C:\Users\RSR\Desktop\adwcleaner.lnk 2014-02-16 11:22 - 2014-02-16 11:22 - 00017318 _____ () C:\Users\RSR\Desktop\AdwCleaner[S0].txt 2014-02-16 11:07 - 2014-02-16 11:01 - 00000000 ____D () C:\AdwCleaner 2014-02-16 11:00 - 2014-02-16 10:59 - 01166132 _____ () C:\Users\RSR\Downloads\adwcleaner.exe 2014-02-15 10:30 - 2014-02-15 10:30 - 00000000 ____D () C:\Program Files\Mozilla Firefox 2014-02-14 20:41 - 2009-03-08 13:03 - 00000000 ____D () C:\ProgramData\Lexware 2014-02-14 13:12 - 2006-11-02 12:18 - 00000000 ____D () C:\Windows\Microsoft.NET 2014-02-14 11:47 - 2014-02-14 11:47 - 00023552 _____ () C:\Users\RSR\Downloads\ADP.xls 2014-02-14 11:06 - 2006-11-02 12:18 - 00000000 ____D () C:\Windows\system32\de-DE 2014-02-14 00:03 - 2014-02-07 10:13 - 00000000 ____D () C:\Windows\system32\MRT 2014-02-13 23:56 - 2006-11-02 11:24 - 85946576 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe 2014-02-13 02:29 - 2011-12-02 20:01 - 00000000 ____D () C:\Program Files\Glary Utilities 2014-02-13 02:29 - 2007-12-13 18:30 - 00000000 ____D () C:\Users\RSR 2014-02-13 02:29 - 2006-11-02 12:18 - 00000000 ____D () C:\Windows\system32\spool 2014-02-13 02:29 - 2006-11-02 12:18 - 00000000 ____D () C:\Windows\system32\Msdtc 2014-02-13 02:29 - 2006-11-02 12:18 - 00000000 ____D () C:\Windows\registration 2014-02-13 02:29 - 2006-11-02 11:22 - 56881152 _____ () C:\Windows\system32\config\system_previous 2014-02-13 02:29 - 2006-11-02 11:22 - 49221632 _____ () C:\Windows\system32\config\software_previous 2014-02-13 02:24 - 2006-11-02 11:22 - 48644096 _____ () C:\Windows\system32\config\components_previous 2014-02-13 02:24 - 2006-11-02 11:22 - 00057344 _____ () C:\Windows\system32\config\sam_previous 2014-02-12 19:28 - 2014-02-12 16:44 - 00000000 ____D () C:\Qoobox 2014-02-12 19:27 - 2014-02-12 19:27 - 00012568 _____ (Sysinternals - www.sysinternals.com) C:\Windows\system32\Drivers\PROCEXP113.SYS 2014-02-12 19:26 - 2014-02-12 19:26 - 00019967 _____ () C:\ComboFix.txt 2014-02-12 19:26 - 2006-11-02 12:18 - 00000000 __RHD () C:\Users\Default 2014-02-12 19:26 - 2006-11-02 12:18 - 00000000 ___RD () C:\Users\Public 2014-02-12 19:22 - 2014-02-12 18:39 - 00000000 ____D () C:\Windows\erdnt 2014-02-12 19:15 - 2006-11-02 11:23 - 00000215 _____ () C:\Windows\system.ini 2014-02-12 19:14 - 2011-04-07 17:59 - 00128096 _____ () C:\Windows\PFRO.log 2014-02-12 19:11 - 2006-11-02 11:22 - 57147392 _____ () C:\Windows\system32\config\system.bak 2014-02-12 19:11 - 2006-11-02 11:22 - 49545216 _____ () C:\Windows\system32\config\software.bak 2014-02-12 19:11 - 2006-11-02 11:22 - 48758784 _____ () C:\Windows\system32\config\COMPON~3.bak 2014-02-12 19:11 - 2006-11-02 11:22 - 00262144 _____ () C:\Windows\system32\config\security.bak 2014-02-12 19:11 - 2006-11-02 11:22 - 00262144 _____ () C:\Windows\system32\config\sam.bak 2014-02-12 19:11 - 2006-11-02 11:22 - 00262144 _____ () C:\Windows\system32\config\default.bak 2014-02-12 18:37 - 2014-02-12 18:37 - 05180679 ____R (Swearware) C:\Users\RSR\Desktop\ComboFix.exe 2014-02-12 18:37 - 2014-02-12 18:37 - 05180679 _____ (Swearware) C:\Users\RSR\Downloads\ComboFix(1).exe 2014-02-12 18:36 - 2014-02-12 18:36 - 05180679 _____ (Swearware) C:\Users\RSR\Downloads\ComboFix.exe 2014-02-12 17:03 - 2006-11-02 11:22 - 00233472 _____ () C:\Windows\system32\config\default_previous 2014-02-12 17:03 - 2006-11-02 11:22 - 00024576 _____ () C:\Windows\system32\config\security_previous 2014-02-12 17:02 - 2014-02-12 17:02 - 00000000 ____D () C:\Users\RSR\AppData\Local\Temp(4) 2014-02-10 19:15 - 2014-02-10 19:15 - 00031744 _____ () C:\Users\RSR\Downloads\V 2014.xls 2014-02-09 18:02 - 2014-02-09 18:01 - 00025515 _____ () C:\Users\RSR\Desktop\Addition.txt 2014-02-09 18:02 - 2014-02-09 17:59 - 00045733 _____ () C:\Users\RSR\Desktop\FRST.txt 2014-02-08 13:13 - 2008-09-22 18:40 - 00000000 ____D () C:\Users\RSR\AppData\Roaming\Apple Computer 2014-02-08 13:11 - 2007-08-14 14:27 - 00000000 ___HD () C:\Program Files\InstallShield Installation Information 2014-02-08 12:54 - 2007-08-14 15:58 - 00000000 ____D () C:\Users\Public\Documents\.GamesData 2014-02-08 12:54 - 2007-08-14 15:58 - 00000000 ____D () C:\Program Files\Acer GameZone 2014-02-08 12:51 - 2007-08-14 15:40 - 00000000 ____D () C:\Program Files\CyberLink 2014-02-08 12:50 - 2014-02-08 12:14 - 00000000 ____D () C:\Program Files\McAfee Security Scan 2014-02-08 12:45 - 2007-08-14 15:14 - 00000000 ____D () C:\Program Files\Common Files\NewTech Infosystems 2014-02-08 12:34 - 2014-02-08 12:34 - 00000218 _____ () C:\Users\RSR\AppData\Local\recently-used.xbel 2014-02-08 12:34 - 2013-05-21 19:55 - 00000000 ____D () C:\Users\RSR\AppData\Roaming\inkscape 2014-02-08 12:22 - 2014-02-08 12:21 - 17890696 _____ (Adobe Systems Incorporated) C:\Users\RSR\Downloads\install_flash_player(1).exe 2014-02-08 12:15 - 2007-12-15 17:49 - 00000000 ____D () C:\Users\RSR\AppData\Local\Adobe 2014-02-08 12:10 - 2014-02-08 12:10 - 00001730 _____ () C:\Users\Public\Desktop\QuickTime Player.lnk 2014-02-08 12:10 - 2014-02-08 12:09 - 00000000 ____D () C:\Program Files\QuickTime 2014-02-08 12:09 - 2008-09-22 18:37 - 00000000 ____D () C:\ProgramData\Apple Computer 2014-02-08 12:09 - 2008-09-22 18:36 - 00000000 ____D () C:\Program Files\Common Files\Apple 2014-02-08 12:05 - 2014-02-08 12:05 - 00000000 ____D () C:\Program Files\Apple Software Update 2014-02-08 12:02 - 2014-02-08 12:00 - 41404760 _____ (Apple Inc.) C:\Users\RSR\Downloads\QuickTimeInstaller.exe 2014-02-08 08:26 - 2012-10-07 00:02 - 00000000 ____D () C:\Program Files\Blaze Audio 2014-02-08 08:22 - 2012-10-08 21:19 - 00000000 ____D () C:\Program Files\Audacity 2014-02-08 08:18 - 2012-10-08 21:27 - 00000000 ____D () C:\Users\RSR\AppData\Roaming\Audacity 2014-02-07 21:10 - 2014-02-07 21:10 - 00347816 _____ (Microsoft Corporation) C:\Users\RSR\Downloads\MicrosoftFixit.WindowsFirewall.RNP.6331523040934190.1.1.Run.exe 2014-02-07 21:08 - 2014-02-07 21:08 - 00000866 _____ () C:\Users\RSR\Downloads\avira-eu-cleaner_de.exe - Verknüpfung.lnk 2014-02-07 21:08 - 2014-02-07 21:08 - 00000866 _____ () C:\Users\RSR\Desktop\avira-eu-cleaner.lnk 2014-02-07 17:50 - 2014-02-07 17:16 - 00574560 _____ (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\klif.sys 2014-02-07 17:50 - 2013-10-17 15:47 - 00135776 _____ (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\kl1.sys 2014-02-07 17:50 - 2013-06-06 17:38 - 00144992 _____ (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\kneps.sys 2014-02-07 17:23 - 2014-02-07 17:23 - 00002115 _____ () C:\Users\RSR\Desktop\Sicherer Zahlungsverkehr.lnk 2014-02-07 17:22 - 2009-05-22 10:10 - 00000000 ____D () C:\ProgramData\Kaspersky Lab Setup Files 2014-02-07 17:20 - 2014-02-07 17:21 - 00001005 _____ () C:\Users\Public\Desktop\Kaspersky Internet Security.lnk 2014-02-07 17:16 - 2014-02-07 17:16 - 00000000 ____D () C:\Program Files\Kaspersky Lab 2014-02-07 17:12 - 2014-02-07 16:50 - 256314176 _____ () C:\Users\RSR\Downloads\kis14.0.0.4651abDE_5155.exe 2014-02-07 16:33 - 2012-09-09 00:49 - 00000000 ____D () C:\Program Files\Spybot - Search & Destroy 2014-02-07 16:31 - 2012-09-09 00:49 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy 2014-02-07 13:38 - 2012-10-13 08:08 - 00000000 ____D () C:\Users\RSR\AppData\Roaming\LavasoftStatistics 2014-02-07 13:38 - 2012-09-09 08:53 - 00000000 ____D () C:\ProgramData\Lavasoft 2014-02-07 12:33 - 2006-11-02 12:18 - 00000000 ____D () C:\Windows\rescache 2014-02-07 11:31 - 2011-12-08 18:45 - 00000000 ____D () C:\Program Files\Microsoft Silverlight 2014-02-07 11:31 - 2006-11-02 13:47 - 00368896 _____ () C:\Windows\system32\FNTCACHE.DAT 2014-02-07 11:27 - 2007-08-14 14:28 - 00000000 ____D () C:\Windows\system32\RTCOM 2014-02-07 11:27 - 2006-11-02 16:31 - 00000000 ____D () C:\Windows\system32\Drivers\de-DE 2014-02-07 11:27 - 2006-11-02 13:37 - 00000000 ____D () C:\Windows\system32\XPSViewer 2014-02-07 11:27 - 2006-11-02 13:37 - 00000000 ____D () C:\Program Files\Windows Journal 2014-02-07 11:04 - 2007-08-14 15:50 - 00000000 ____D () C:\ProgramData\Microsoft Help 2014-02-07 09:38 - 2006-11-02 12:18 - 00000000 ____D () C:\Windows\tracing 2014-02-07 07:28 - 2012-11-11 20:24 - 00000000 ____D () C:\Program Files\Malwarebytes' Anti-Malware 2014-02-07 07:00 - 2011-09-11 08:01 - 00004319 _____ () C:\Windows\IE9_main.log 2014-02-07 06:59 - 2014-02-07 06:58 - 18733360 _____ (Microsoft Corporation) C:\Users\RSR\Downloads\IE9-WindowsVista-x86-deu.exe 2014-02-07 06:25 - 2014-02-07 06:25 - 00347816 _____ (Microsoft Corporation) C:\Users\RSR\Downloads\MicrosoftFixit.wu.RNP.38315177170263812.1.1.Run.exe 2014-02-06 23:03 - 2014-02-06 23:03 - 02209056 _____ () C:\Users\RSR\Downloads\avira-eu-cleaner_de.exe 2014-02-05 20:06 - 2012-06-30 09:05 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe 2014-02-05 20:06 - 2011-06-19 08:43 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl 2014-02-05 18:18 - 2014-02-05 18:18 - 00051055 _____ () C:\Users\RSR\Downloads\DP-R1403 & DP-R1403-1.xlsx 2014-02-05 09:58 - 2014-02-13 23:42 - 12345344 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2014-02-05 09:56 - 2014-02-13 23:43 - 01806848 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2014-02-05 09:53 - 2014-02-13 23:43 - 09739264 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2014-02-05 09:51 - 2014-02-13 23:43 - 01105408 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2014-02-05 09:50 - 2014-02-13 23:43 - 01129472 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2014-02-05 09:49 - 2014-02-13 23:43 - 01427968 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl 2014-02-05 09:49 - 2014-02-13 23:43 - 00231936 _____ (Microsoft Corporation) C:\Windows\system32\url.dll 2014-02-05 09:48 - 2014-02-13 23:43 - 01796096 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2014-02-05 09:48 - 2014-02-13 23:43 - 00717824 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll 2014-02-05 09:48 - 2014-02-13 23:43 - 00421376 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll 2014-02-05 09:48 - 2014-02-13 23:43 - 00142848 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe 2014-02-05 09:48 - 2014-02-13 23:43 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll 2014-02-05 09:47 - 2014-02-13 23:43 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2014-02-05 09:47 - 2014-02-13 23:43 - 00607744 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2014-02-05 09:47 - 2014-02-13 23:43 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll 2014-02-05 09:46 - 2014-02-13 23:43 - 00176640 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll 2014-02-02 12:05 - 2014-02-02 12:05 - 00065123 _____ () C:\Users\RSR\Downloads\Herunterladen(2).csv 2014-01-28 17:26 - 2014-01-28 17:26 - 00294400 _____ () C:\Users\RSR\Downloads\Preisliste ab 01.07.2013.xls 2014-01-28 16:27 - 2014-01-28 16:27 - 08795847 _____ () C:\Users\RSR\Downloads\AFHC 1-4.zip 2014-01-23 21:38 - 2014-01-23 21:38 - 00000000 ____D () C:\Users\RSR\AppData\Local\TSR_Software_-_www.tsr-so 2014-01-23 20:07 - 2014-01-23 20:02 - 00000000 ____D () C:\Users\RSR\Documents\TSR Software 2014-01-23 20:02 - 2014-01-23 20:02 - 00000796 _____ () C:\Users\Public\Desktop\Watermark Image.lnk 2014-01-23 20:01 - 2014-01-23 20:01 - 02983405 ____N () C:\Users\RSR\Downloads\watermark-image-free_2.7.3.2.zip 2014-01-23 18:30 - 2014-01-23 18:30 - 01725064 ____N () C:\Users\RSR\Downloads\Adaware_Installer(6).exe Files to move or delete: ==================== C:\Users\RSR\PC Booster 7 Full License.exe Some content of TEMP: ==================== C:\Users\RSR\AppData\Local\temp\Quarantine.exe C:\Users\RSR\AppData\Local\temp\RtkBtMnt.exe C:\Users\RSR\AppData\Local\temp\sfamcc00001.dll C:\Users\RSR\AppData\Local\temp\sfareca00001.dll ==================== Bamital & volsnap Check ================= C:\Windows\explorer.exe => MD5 is legit C:\Windows\system32\winlogon.exe => MD5 is legit C:\Windows\system32\wininit.exe => MD5 is legit C:\Windows\system32\svchost.exe => MD5 is legit C:\Windows\system32\services.exe => MD5 is legit C:\Windows\system32\User32.dll => MD5 is legit C:\Windows\system32\userinit.exe => MD5 is legit C:\Windows\system32\rpcss.dll => MD5 is legit C:\Windows\system32\Drivers\volsnap.sys => MD5 is legit LastRegBack: 2014-02-16 14:05 ==================== End Of Log ============================ --- --- --- |
19.02.2014, 09:36 | #13 |
/// the machine /// TB-Ausbilder | E-Mail wird auf Fake-Account umgeleitet Java, Flash und Adobe updaten. BAckup löschen. Downloade Dir bitte TFC ( von Oldtimer ) und speichere die Datei auf dem Desktop. Schließe nun alle offenen Programme und trenne Dich von dem Internet. Doppelklick auf die TFC.exe und drücke auf Start. Sollte TFC nicht alle Dateien löschen können wird es einen Neustart verlangen. Dies bitte zulassen. Fertig Die Reihenfolge ist hier entscheidend.
Falls Du Lob oder Kritik abgeben möchtest kannst Du das hier tun Hier noch ein paar Tipps zur Absicherung deines Systems. Ich kann garnicht zu oft erwähnen, wie wichtig es ist, dass dein System Up to Date ist.
Anti- Viren Software
Zusätzlicher Schutz
Sicheres Browsen
Alternative Browser Andere Browser tendieren zu etwas mehr Sicherheit als der IE, da diese keine Active X Elemente verwenden. Diese können von Spyware zur Infektion deines Systems missbraucht werden.
Performance Bereinige regelmäßig deine Temp Files. Ich empfehle hierzu TFC Halte dich fern von jedlichen Registry Cleanern. Diese Schaden deinem System mehr als sie helfen. Hier ein paar ( englishe ) Links Miekemoes Blogspot ( MVP ) Bill Castner ( MVP ) Don'ts
Hinweis: Bitte gib mir eine kurze Rückmeldung wenn alles erledigt ist und keine Fragen mehr vorhanden sind, so das ich diesen Thread aus meinen Abos löschen kann.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
21.02.2014, 18:54 | #14 |
| E-Mail wird auf Fake-Account umgeleitet Hallo, danke erstmal für die super Hilfe!!! Der Rechner läuft super da gibt es keine Probleme mehr, nur an die eigentliche Mailadresse kann ich immer noch keine Nachricht schicken, die scheinen nicht anzukommen oder werden immer noch abgezweigt aber das liegt ja nicht mehr an meinem Rechner oder? Gibt es die Möglichkeit eine versendete Mail zurückzuverfolgen. Ich habe jetzt die IP vom Fakeaccount über die Firewall gesperrt aber es scheint trotzdem nicht zu funktionieren. Bleibt mir bald nur vom Empfänger eine zweite Mailadresse geben zu lassen oder was gibt es noch für Möglichkeiten? Danke. MfG |
22.02.2014, 17:01 | #15 |
/// the machine /// TB-Ausbilder | E-Mail wird auf Fake-Account umgeleitet An welche Adresse willst du eine Mail schicken?
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
Themen zu E-Mail wird auf Fake-Account umgeleitet |
antimalware, antwort, bestimmte, bestimmten, e-mail, erhalte, firewall, gehackt, google, hallo zusammen, ide, kontakt, neue, nicht mehr, problem, rechner, seite, umgeleitet, updates, versenden, wichtige, windows, windows updates, worte, zusammen |