|
Log-Analyse und Auswertung: Habe Probleme wie schon der Vorgänger der hier gepostet hatWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
17.03.2014, 13:32 | #1 |
| Habe Probleme wie schon der Vorgänger der hier gepostet hat ...es öffnet sich gelegentlich ein leeres Fenster - manche Wörter sind farbig und wenn man mit dem Cursor drüber fährt öffnet sich wieder ein kleines Fenster wo man anklicken soll. Habe schon malware-programm suchen lassen - hat Fehler gefunden und gelöscht - aber funktionierte noch nicht. Jetzt habe ich frst64 laufen lassen und habe folgenden Text erhalten: Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 13-03-2014 Ran by Mader (administrator) on MADER-PC on 17-03-2014 13:17:31 Running from C:\Users\Mader\Downloads Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard Internet Explorer Version 11 Boot Mode: Normal The only official download link for FRST: Download link for 32-Bit version: hxxp://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/ Download link for 64-Bit Version: hxxp://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/ Download link from any site other than Bleeping Computer is unpermitted or outdated. See tutorial for FRST: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe (Microsoft Corporation) C:\Windows\system32\WLANExt.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe (NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe () C:\Program Files (x86)\AAVUpdateManager\aavus.exe (Adobe Systems Incorporated) c:\Creative Suite CS2\Adobe Version Cue CS2\bin\VersionCueCS2.exe () C:\Users\Mader\AppData\LocalLow\AdobeAir\IE\AdobeAirUpdater.exe (Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avp.exe (Dritek System Inc.) C:\Program Files (x86)\Launch Manager\dsiwmis.exe (Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe (SEIKO EPSON CORPORATION) C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RPB.EXE (Acer Incorporated) C:\Program Files (x86)\Acer\Registration\GREGsvc.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (NewTech Infosystems, Inc.) C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe () C:\Users\Mader\AppData\Roaming\OCS\SM\SearchAnonymizerHelper.exe (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avpui.exe () c:\Creative Suite CS2\Adobe Version Cue CS2\data\database\bin\mysqld-nt.exe (TuneUp Software) C:\Program Files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesService64.exe (Acer Group) C:\Program Files\Acer\Acer Updater\UpdaterService.exe (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe (ELAN Microelectronic Corp.) C:\Program Files\Elantech\ETDCtrl.exe (Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe (NewSoft Technology Corporation) C:\Windows\System32\spool\drivers\x64\3\WrtMon.exe (Sonix) C:\Windows\vsnp2std.exe (Intel Corporation) C:\Windows\System32\igfxpers.exe (Secunia) C:\Program Files (x86)\Secunia\PSI\psi.exe (Microsoft Corporation) C:\Windows\WindowsMobile\wmdcBase.exe (Intel Corporation) C:\Windows\system32\igfxsrvc.exe (NewSoft Technology Corporation) C:\Windows\System32\spool\drivers\x64\3\WrtProc.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LManager.exe (NewSoft Technology Corporation) C:\Program Files (x86)\NewSoft\Presto! PageManager 9 for EP\PMSpeed.exe (Adobe Sytems Incorporated) C:\Creative Suite CS2\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe (Dritek System Inc.) C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe (Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LMworker.exe (Intel Corporation) C:\Windows\system32\igfxext.exe (TuneUp Software) C:\Program Files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesApp64.exe (ELAN Microelectronic Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe (Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerEvent.exe (Microsoft Corporation) C:\Windows\splwow64.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe ==================== Registry (Whitelisted) ================== HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [10920552 2010-06-22] (Realtek Semiconductor) HKLM\...\Run: [ETDWare] - C:\Program Files\Elantech\ETDCtrl.exe [649608 2010-04-13] (ELAN Microelectronic Corp.) HKLM\...\Run: [Acer ePower Management] - C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe [861216 2010-06-11] (Acer Incorporated) HKLM\...\Run: [WrtMon.exe] - C:\Windows\system32\spool\drivers\x64\3\WrtMon.exe [26448 2008-05-24] (NewSoft Technology Corporation) HKLM\...\Run: [snp2std] - C:\Windows\vsnp2std.exe [348160 2007-08-07] (Sonix) HKLM\...\Run: [Ocs_SM] - C:\Users\Mader\AppData\Roaming\OCS\SM\SearchAnonymizer.exe [106496 2012-02-22] (OCS) HKLM\...\Run: [Windows Mobile-based device management] - C:\Windows\WindowsMobile\wmdcBase.exe [660360 2007-05-31] (Microsoft Corporation) HKLM-x32\...\Run: [IAStorIcon] - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [284696 2010-04-13] (Intel Corporation) HKLM-x32\...\Run: [LManager] - C:\Program Files (x86)\Launch Manager\LManager.exe [975952 2010-08-10] (Dritek System Inc.) HKLM-x32\...\Run: [Microsoft Default Manager] - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe [439568 2010-05-10] (Microsoft Corporation) HKLM-x32\...\Run: [PMSpeed] - C:\Program Files (x86)\NewSoft\Presto! PageManager 9 for EP\PMSpeed.EXE [112464 2009-12-04] (NewSoft Technology Corporation) HKLM-x32\...\Run: [Adobe Version Cue CS2] - c:\Creative Suite CS2\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe [856064 2005-04-06] (Adobe Sytems Incorporated) Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation) HKU\S-1-5-21-2990733432-2411743892-3817270005-1001\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1 HKU\S-1-5-21-2990733432-2411743892-3817270005-1001\...\MountPoints2: {03d88778-967c-11e0-98cd-18f46a8e6bdb} - E:\AutoRun.exe AppInit_DLLs: C:\Windows\system32\nvinitx.dll => C:\Windows\system32\nvinitx.dll [247144 2012-10-08] (NVIDIA Corporation) AppInit_DLLs-x32: C:\Windows\SysWOW64\nvinit.dll => C:\Windows\SysWOW64\nvinit.dll [202600 2012-10-08] (NVIDIA Corporation) ==================== Internet (Whitelisted) ==================== HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank URLSearchHook: HKLM-x32 - (No Name) - {7e111a5c-3d11-4f56-9463-5310c3c69025} - No File SearchScopes: HKLM-x32 - DefaultScope {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = hxxp://feed.snapdo.com/?publisher=SnapdoOCYB&dpid=SnapdoOCYB&co=DE&userid=c3d0545f-1862-3a2b-25c3-14f63171b510&searchtype=ds&q={searchTerms}&installDate=20/02/2014 SearchScopes: HKLM-x32 - {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = hxxp://feed.snapdo.com/?publisher=SnapdoOCYB&dpid=SnapdoOCYB&co=DE&userid=c3d0545f-1862-3a2b-25c3-14f63171b510&searchtype=ds&q={searchTerms}&installDate=20/02/2014 SearchScopes: HKCU - DefaultScope {3BD44F0E-0596-4008-AEE0-45D47E3A8F0E} URL = hxxp://securedsearch2.lavasoft.com/results.php?pr=vmn&id=adawaretb&v=3_8&idate=2014-03-09&hsimp=yhs-lavasoft&ent=ch&q={searchTerms} SearchScopes: HKCU - {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = hxxp://feed.snapdo.com/?publisher=SnapdoOCYB&dpid=SnapdoOCYB&co=DE&userid=c3d0545f-1862-3a2b-25c3-14f63171b510&searchtype=ds&q={searchTerms}&installDate=20/02/2014 SearchScopes: HKCU - {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = hxxp://search.conduit.com/Results.aspx?ctid=CT3322611&octid=EB_ORIGINAL_CTID&SearchSource=58&CUI=&UM=4&UP=SP5976DB5F-6961-43B6-8115-00860E63B11C&q={searchTerms}&SSPV= SearchScopes: HKCU - {3BD44F0E-0596-4008-AEE0-45D47E3A8F0E} URL = hxxp://securedsearch2.lavasoft.com/results.php?pr=vmn&id=adawaretb&v=3_8&idate=2014-03-09&hsimp=yhs-lavasoft&ent=ch&q={searchTerms} BHO: Plus-HD-7.7 - {11111111-1111-1111-1111-110511071180} - No File BHO: Content Blocker Plugin - {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\x64\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO) BHO: Virtual Keyboard Plugin - {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO) BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) BHO: Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - No File BHO: Safe Money Plugin - {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\x64\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO) BHO: URL Advisor Plugin - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\x64\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO) BHO-x32: MSS+ Identifier - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - No File BHO-x32: Content Blocker Plugin - {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO) BHO-x32: Virtual Keyboard Plugin - {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO) BHO-x32: Windows Live ID-Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) BHO-x32: Safe Money Plugin - {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO) BHO-x32: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll (Microsoft Corporation) BHO-x32: AdobeAir - {DCA971EE-CB86-4592-AE52-A45B2E257A12} - C:\Users\Mader\AppData\LocalLow\AdobeAir\IE\AdobeAir.dll (Adobe Systems Inc.) BHO-x32: URL Advisor Plugin - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO) Toolbar: HKLM - Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - No File Toolbar: HKLM - No Name - {ae07101b-46d4-4a98-af68-0333ea26e113} - No File Toolbar: HKLM-x32 - No Name - {7e111a5c-3d11-4f56-9463-5310c3c69025} - No File Toolbar: HKLM-x32 - No Name - {ae07101b-46d4-4a98-af68-0333ea26e113} - No File Toolbar: HKCU - No Name - {7E111A5C-3D11-4F56-9463-5310C3C69025} - No File Handler-x32: http\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation) Handler-x32: http\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation) Handler-x32: https\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation) Handler-x32: https\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation) Handler-x32: msdaipp\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation) Handler-x32: msdaipp\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation) Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies) Tcpip\Parameters: [DhcpNameServer] 192.168.178.1 Tcpip\..\Interfaces\{B95537F4-325C-48D3-80F1-A45DB4249321}: [NameServer]193.189.244.206 193.189.244.225 Tcpip\..\Interfaces\{BE774339-C269-4780-A3C6-13D946E3716A}: [NameServer]193.189.244.206 193.189.244.225 FireFox: ======== FF ProfilePath: C:\Users\Mader\AppData\Roaming\Mozilla\Firefox\Profiles\wo6sho0b.default FF NewTab: about:blank FF DefaultSearchEngine: Freeware.de Customized Web Search FF SelectedSearchEngine: Freeware.de Customized Web Search FF Homepage: hxxp://search.conduit.com/?CUI=UN17810817778844068&ctid=CT2736476&SearchSource=13 FF Keyword.URL: hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2736476&SearchSource=2&CUI=UN17810817778844068&UM=&q= FF NetworkProxy: "type", 0 FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_12_0_0_77.dll () FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation) FF Plugin: @videolan.org/vlc,version=2.1.3 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN) FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_77.dll () FF Plugin-x32: @adobe.com/ShockwavePlayer - C:\Windows\SysWOW64\Adobe\Director\np32dsw_1168638.dll (Adobe Systems, Inc.) FF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google) FF Plugin-x32: @java.com/DTPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=10.5.1 - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin-x32: @mcafee.com/McAfeeMssPlugin - C:\Program Files (x86)\McAfee Security Scan\3.0.318\npMcAfeeMss.dll No File FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation) FF Plugin-x32: @microsoft.com/OfficeLive,version=1.5 - C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.) FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin-x32: @protectdisc.com/NPPDLicenseHelper - C:\Program Files (x86)\ProtectDisc\License Helper\NPPDLicenseHelper.dll () FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF Plugin HKCU: facebook.com/fbDesktopPlugin - C:\Users\Mader\AppData\Local\Facebook\Messenger\2.1.4814.0\npFbDesktopPlugin.dll (Facebook, Inc.) FF SearchPlugin: C:\Users\Mader\AppData\Roaming\Mozilla\Firefox\Profiles\wo6sho0b.default\searchplugins\conduit.xml FF SearchPlugin: C:\Users\Mader\AppData\Roaming\Mozilla\Firefox\Profiles\wo6sho0b.default\searchplugins\freewarede-customized-web-search-1.xml FF SearchPlugin: C:\Users\Mader\AppData\Roaming\Mozilla\Firefox\Profiles\wo6sho0b.default\searchplugins\freewarede-customized-web-search.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\adawaretb.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml FF Extension: Plus-HD-7.7 - C:\Users\Mader\AppData\Roaming\Mozilla\Firefox\Profiles\wo6sho0b.default\Extensions\29abb661-0efc-4f64-8a89-b11430d434c4@9678608e-dc95-42b0-8db0-4ce126239776.com [2014-03-09] FF Extension: AdobeAir - C:\Users\Mader\AppData\Roaming\Mozilla\Firefox\Profiles\wo6sho0b.default\Extensions\air3@adobe.com [2011-12-20] FF Extension: German Dictionary - C:\Users\Mader\AppData\Roaming\Mozilla\Firefox\Profiles\wo6sho0b.default\Extensions\de-DE@dictionaries.addons.mozilla.org [2012-10-14] FF Extension: LastPass - C:\Users\Mader\AppData\Roaming\Mozilla\Firefox\Profiles\wo6sho0b.default\Extensions\support@lastpass.com [2013-04-25] FF Extension: www.Freeware-download.com - C:\Users\Mader\AppData\Roaming\Mozilla\Firefox\Profiles\wo6sho0b.default\Extensions\{26647ca4-a2a7-4eac-8a72-761aa9141de7} [2013-12-10] FF Extension: Yahoo! Toolbar - C:\Users\Mader\AppData\Roaming\Mozilla\Firefox\Profiles\wo6sho0b.default\Extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1} [2014-02-11] FF Extension: Freeware.de - C:\Users\Mader\AppData\Roaming\Mozilla\Firefox\Profiles\wo6sho0b.default\Extensions\{7e111a5c-3d11-4f56-9463-5310c3c69025} [2013-12-15] FF Extension: WOT - C:\Users\Mader\AppData\Roaming\Mozilla\Firefox\Profiles\wo6sho0b.default\Extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} [2013-11-27] FF Extension: Flash and Video Download - C:\Users\Mader\AppData\Roaming\Mozilla\Firefox\Profiles\wo6sho0b.default\Extensions\{bee6eb20-01e0-ebd1-da83-080329fb9a3a} [2014-03-09] FF Extension: SearchPreview - C:\Users\Mader\AppData\Roaming\Mozilla\Firefox\Profiles\wo6sho0b.default\Extensions\{EF522540-89F5-46b9-B6FE-1829E2B572C6} [2014-03-16] FF Extension: Personas Plus - C:\Users\Mader\AppData\Roaming\Mozilla\Firefox\Profiles\wo6sho0b.default\Extensions\personas@christopher.beard.xpi [2012-08-06] FF Extension: WEB.DE MailCheck - C:\Users\Mader\AppData\Roaming\Mozilla\Firefox\Profiles\wo6sho0b.default\Extensions\toolbar@web.de.xpi [2013-04-03] FF Extension: Google Translator for Firefox - C:\Users\Mader\AppData\Roaming\Mozilla\Firefox\Profiles\wo6sho0b.default\Extensions\translator@zoli.bod.xpi [2012-08-06] FF Extension: ImTranslator - C:\Users\Mader\AppData\Roaming\Mozilla\Firefox\Profiles\wo6sho0b.default\Extensions\{9AA46F4F-4DC7-4c06-97AF-5035170634FE}.xpi [2013-02-11] FF Extension: New Tab Wallpapers - C:\Users\Mader\AppData\Roaming\Mozilla\Firefox\Profiles\wo6sho0b.default\Extensions\{a5312b79-bf0d-4825-a25f-b33d67d4a58a}.xpi [2013-01-06] FF Extension: Adblock Plus - C:\Users\Mader\AppData\Roaming\Mozilla\Firefox\Profiles\wo6sho0b.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2011-03-28] FF HKLM-x32\...\Firefox\Extensions: [{3252b9ae-c69a-4eaf-9502-dc9c1f6c009e}] - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DMExtension\ FF Extension: Default Manager - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DMExtension\ [] FF HKLM-x32\...\Firefox\Extensions: - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\url_advisor@kaspersky.com FF Extension: Kaspersky URL Advisor - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\url_advisor@kaspersky.com [2014-02-04] FF HKLM-x32\...\Firefox\Extensions: [virtual_keyboard@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\virtual_keyboard@kaspersky.com FF Extension: Virtual Keyboard - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\virtual_keyboard@kaspersky.com [2014-02-04] FF HKLM-x32\...\Firefox\Extensions: [content_blocker@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\content_blocker@kaspersky.com FF Extension: Dangerous Websites Blocker - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\content_blocker@kaspersky.com [2014-02-04] FF HKLM-x32\...\Firefox\Extensions: [anti_banner@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\anti_banner@kaspersky.com FF Extension: Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\anti_banner@kaspersky.com [2014-02-04] FF HKLM-x32\...\Firefox\Extensions: [online_banking@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\online_banking@kaspersky.com FF Extension: Safe Money - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\online_banking@kaspersky.com [2014-02-04] FF HKLM-x32\...\Firefox\Extensions: [fmconverter@gmail.com] - C:\Program Files (x86)\Freemake\Freemake Video Converter\BrowserPlugin\Firefox\ FF Extension: Freemake Video Converter Plugin - C:\Program Files (x86)\Freemake\Freemake Video Converter\BrowserPlugin\Firefox\ [] FF HKCU\...\Firefox\Extensions: [mail@gutscheinrausch.de] - C:\Users\Mader\AppData\Roaming\Mozilla\Firefox\Profiles\wo6sho0b.default\extensions\mail@gutscheinrausch.de FF HKCU\...\Firefox\Extensions: [firejump@firejump.net] - C:\Users\Mader\AppData\Roaming\Mozilla\Firefox\Profiles\wo6sho0b.default\extensions\firejump@firejump.net FF HKCU\...\Thunderbird\Extensions: [{528bcd12-8e45-4595-96dd-c92c3989c536}] - C:\Program Files (x86)\WEB.DE\WEB.DE MultiMessenger\ThunderbirdSyncProxy FF Extension: Adressbuchanbindung für WEB.DE MultiMessenger - C:\Program Files (x86)\WEB.DE\WEB.DE MultiMessenger\ThunderbirdSyncProxy [2012-05-04] Chrome: ======= CHR HomePage: hxxp://securedsearch2.lavasoft.com/index.php?pr=vmn&id=adawaretb&v=3_8&idate=2014-03-09&ent=hp&u=08A39062E42709F03C1EDA531CBBFFA7 CHR Extension: (Google Docs) - C:\Users\Mader\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-03-09] CHR Extension: (Google Drive) - C:\Users\Mader\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-03-09] CHR Extension: (YouTube) - C:\Users\Mader\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-03-09] CHR Extension: (Google-Suche) - C:\Users\Mader\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-03-09] CHR Extension: (Modul zur Link-Untersuchung) - C:\Users\Mader\AppData\Local\Google\Chrome\User Data\Default\Extensions\dchlnpcodkpfdpacogkljefecpegganj [2014-03-09] CHR Extension: (AdobeAir) - C:\Users\Mader\AppData\Local\Google\Chrome\User Data\Default\Extensions\gdalfokaihlahnhdieedhgfekidifmfa [2014-03-09] CHR Extension: (Sicherer Zahlungsverkehr) - C:\Users\Mader\AppData\Local\Google\Chrome\User Data\Default\Extensions\hakdifolhalapjijoafobooafbilfakh [2014-03-09] CHR Extension: (Modul zum Sperren von gefährlichen Webseiten) - C:\Users\Mader\AppData\Local\Google\Chrome\User Data\Default\Extensions\hghkgaeecgjhjkannahfamoehjmkjail [2014-03-09] CHR Extension: (Virtuelle Tastatur) - C:\Users\Mader\AppData\Local\Google\Chrome\User Data\Default\Extensions\jagncdcchgajhfhijbbhecadmaiegcmh [2014-03-09] CHR Extension: (Freemake Video Converter) - C:\Users\Mader\AppData\Local\Google\Chrome\User Data\Default\Extensions\jbolfgndggfhhpbnkgnpjkfhinclbigj [2014-03-09] CHR Extension: (Google Wallet) - C:\Users\Mader\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-03-09] CHR Extension: (Google Mail) - C:\Users\Mader\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-03-09] CHR Extension: (Anti-Banner) - C:\Users\Mader\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjldcfjmnllhmgjclecdnfampinooman [2014-03-09] CHR HKLM-x32\...\Chrome\Extension: [dchlnpcodkpfdpacogkljefecpegganj] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\ChromeExt\urladvisor.crx [2013-10-17] CHR HKLM-x32\...\Chrome\Extension: [gdalfokaihlahnhdieedhgfekidifmfa] - C:\Users\Mader\AppData\LocalLow\AdobeAir\CHROME\AdobeAir.crx [2011-11-03] CHR HKLM-x32\...\Chrome\Extension: [hakdifolhalapjijoafobooafbilfakh] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\ChromeExt\online_banking_chrome.crx [2013-10-17] CHR HKLM-x32\...\Chrome\Extension: [hghkgaeecgjhjkannahfamoehjmkjail] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\ChromeExt\content_blocker_chrome.crx [2013-10-17] CHR HKLM-x32\...\Chrome\Extension: [jagncdcchgajhfhijbbhecadmaiegcmh] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\ChromeExt\virtkbd.crx [2013-10-17] CHR HKLM-x32\...\Chrome\Extension: [jbolfgndggfhhpbnkgnpjkfhinclbigj] - C:\Program Files (x86)\Freemake\Freemake Video Converter\BrowserPlugin\Chrome\Freemake.Plugin.Chrome.crx [2014-02-21] CHR HKLM-x32\...\Chrome\Extension: [niapdbllcanepiiimjjndipklodoedlc] - C:\Program Files (x86)\Yontoo\YontooLayers.crx [2012-09-12] CHR HKLM-x32\...\Chrome\Extension: [oejkcgajlodefenbbjdnaiahmbnnoole] - C:\Program Files (x86)\Lavasoft\AdAware SecureSearch Toolbar\chrome-newtab-search.crx [2012-09-12] CHR HKLM-x32\...\Chrome\Extension: [pjldcfjmnllhmgjclecdnfampinooman] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\ChromeExt\ab.crx [2013-10-17] ==================== Services (Whitelisted) ================= R2 AAV UpdateService; C:\Program Files (x86)\AAVUpdateManager\aavus.exe [128296 2008-10-24] () S3 Adobe LM Service; C:\Program Files (x86)\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [72704 2013-02-12] (Adobe Systems) R2 Adobe Version Cue CS2; c:\Creative Suite CS2\Adobe Version Cue CS2\bin\VersionCueCS2.exe [163840 2005-04-06] (Adobe Systems Incorporated) R2 AdobeAirUpdater; C:\Users\Mader\AppData\LocalLow\AdobeAir\IE\AdobeAirUpdater.exe [18432 2011-11-03] () R2 avp; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avp.exe [214512 2013-10-17] (Kaspersky Lab ZAO) S4 DBService; C:\Program Files (x86)\Common Files\DATA BECKER Shared\DBService.exe [187456 2009-01-08] (DATA BECKER GmbH & Co KG) R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation) R2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation) S3 MWLService; C:\Program Files (x86)\EgisTec MyWinLocker\x86\MWLService.exe [305520 2010-05-27] (Egis Technology Inc.) R2 SearchAnonymizer; C:\Users\Mader\AppData\Roaming\OCS\SM\SearchAnonymizerHelper.exe [40960 2012-02-22] () R2 TuneUp.UtilitiesSvc; C:\Program Files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesService64.exe [2103096 2013-12-18] (TuneUp Software) ==================== Drivers (Whitelisted) ==================== S3 EsgScanner; C:\Windows\System32\DRIVERS\EsgScanner.sys [22704 2012-06-22] () S3 ewusbnet; C:\Windows\System32\DRIVERS\ewusbnet.sys [246224 2010-05-11] (Huawei Technologies Co., Ltd.) S3 hwusbdev; C:\Windows\System32\DRIVERS\ewusbdev.sys [114304 2010-05-11] (Huawei Technologies Co., Ltd.) R0 kl1; C:\Windows\System32\DRIVERS\kl1.sys [458336 2014-02-04] (Kaspersky Lab ZAO) S4 klflt; C:\Windows\System32\DRIVERS\klflt.sys [115296 2014-02-17] (Kaspersky Lab ZAO) R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [624224 2014-02-17] (Kaspersky Lab ZAO) R1 KLIM6; C:\Windows\System32\DRIVERS\klim6.sys [29792 2013-10-17] (Kaspersky Lab ZAO) R3 klkbdflt; C:\Windows\System32\DRIVERS\klkbdflt.sys [29280 2014-02-17] (Kaspersky Lab ZAO) R3 klmouflt; C:\Windows\System32\DRIVERS\klmouflt.sys [29280 2013-10-17] (Kaspersky Lab ZAO) R1 klpd; C:\Windows\System32\DRIVERS\klpd.sys [15456 2013-04-12] (Kaspersky Lab ZAO) R1 kltdi; C:\Windows\System32\DRIVERS\kltdi.sys [55904 2013-05-14] (Kaspersky Lab ZAO) R1 kneps; C:\Windows\System32\DRIVERS\kneps.sys [178272 2014-02-04] (Kaspersky Lab ZAO) R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation) R1 netfilter64; C:\Windows\System32\drivers\netfilter64.sys [61592 2013-12-17] (NetFilterSDK.com) R0 snapman380; C:\Windows\System32\DRIVERS\snman380.sys [237600 2011-09-26] (Acronis) S3 SNP2STD; C:\Windows\System32\DRIVERS\snp2sxp.sys [12528768 2007-09-10] () S3 SNP2STD; C:\Windows\SysWOW64\DRIVERS\snp2sxp.sys [12212864 2007-09-05] () R0 tdrpman140; C:\Windows\System32\DRIVERS\tdrpm140.sys [1580576 2011-09-26] (Acronis) R3 TuneUpUtilitiesDrv; C:\Program Files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesDriver64.sys [14112 2013-12-16] (TuneUp Software) S3 esgiguard; \??\C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [X] ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2014-03-17 10:13 - 2014-03-17 12:13 - 00013022 _____ () C:\Windows\PFRO.log 2014-03-17 08:54 - 2014-03-17 08:54 - 00001117 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk 2014-03-17 08:54 - 2014-03-17 08:54 - 00000000 ____D () C:\Users\Mader\AppData\Roaming\Malwarebytes 2014-03-17 08:54 - 2014-03-17 08:54 - 00000000 ____D () C:\ProgramData\Malwarebytes 2014-03-17 08:54 - 2014-03-17 08:54 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes' Anti-Malware 2014-03-17 08:54 - 2013-04-04 14:50 - 00025928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys 2014-03-17 08:51 - 2014-03-17 08:52 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\Mader\Downloads\mbam-setup-1.75.0.1300.exe 2014-03-16 22:06 - 2014-03-16 22:12 - 00050077 _____ () C:\Users\Mader\Downloads\Addition.txt 2014-03-16 22:03 - 2014-03-17 13:17 - 00029505 _____ () C:\Users\Mader\Downloads\FRST.txt 2014-03-16 22:02 - 2014-03-17 13:17 - 00000000 ____D () C:\FRST 2014-03-16 22:02 - 2014-03-16 22:02 - 02157056 _____ (Farbar) C:\Users\Mader\Downloads\FRST64.exe 2014-03-16 22:00 - 2014-03-16 22:00 - 01145856 _____ (Farbar) C:\Users\Mader\Downloads\FRST.exe 2014-03-11 07:58 - 2014-03-11 07:58 - 00003128 _____ () C:\Windows\System32\Tasks\{EA1ADFDB-A450-4560-A0E9-C1B9356C5182} 2014-03-11 03:09 - 2014-03-11 03:09 - 00077160 _____ () C:\Users\Mader\AppData\Local\GDIPFONTCACHEV1.DAT 2014-03-11 03:08 - 2014-03-17 12:13 - 00000784 _____ () C:\Windows\setupact.log 2014-03-11 03:08 - 2014-03-11 03:08 - 00342112 _____ () C:\Windows\system32\FNTCACHE.DAT 2014-03-11 03:08 - 2014-03-11 03:08 - 00000000 _____ () C:\Windows\setuperr.log 2014-03-11 03:02 - 2014-03-11 03:02 - 00000000 ____D () C:\Users\Mader\AppData\Local\CrashRpt 2014-03-11 03:01 - 2014-03-11 03:17 - 00000000 ____D () C:\Program Files (x86)\Systweak Support Dock 2014-03-11 03:01 - 2014-03-11 03:17 - 00000000 ____D () C:\Program Files (x86)\PC Cleaner 2014-03-11 03:01 - 2014-03-11 03:17 - 00000000 ____D () C:\Program Files (x86)\Advanced Disk Recovery 2014-03-10 15:36 - 2014-03-10 15:37 - 00991480 _____ (1&1 Mail & Media GmbH) C:\Users\Mader\Downloads\WEB.DE_Softwareaktualisierung_Setup.exe 2014-03-09 20:48 - 2014-03-09 20:48 - 00000000 ____D () C:\Users\Mader\AppData\Roaming\LavasoftStatistics 2014-03-09 20:10 - 2014-03-11 02:52 - 00000000 ____D () C:\Program Files (x86)\Toolbar Cleaner 2014-03-09 20:10 - 2014-03-09 20:10 - 00000000 ____D () C:\Program Files\Lavasoft 2014-03-09 20:08 - 2014-03-09 20:08 - 00000000 ____D () C:\Users\Mader\AppData\Roaming\SecureSearch 2014-03-09 20:07 - 2014-03-09 20:07 - 00000000 ____D () C:\Program Files (x86)\Lavasoft 2014-03-09 20:04 - 2014-03-09 20:04 - 01727624 _____ () C:\Users\Mader\Downloads\Adaware_Installer_11153540.exe 2014-03-09 20:04 - 2014-03-09 20:04 - 00000000 ____D () C:\ProgramData\Lavasoft 2014-03-09 19:54 - 2014-03-09 19:54 - 00613200 _____ (Chip Digital GmbH) C:\Users\Mader\Downloads\SuperAntiSpyware - CHIP-Downloader.exe 2014-03-09 17:06 - 2014-03-15 10:31 - 00002179 _____ () C:\Users\Public\Desktop\Google Chrome.lnk 2014-03-09 17:04 - 2014-03-09 20:21 - 00000000 ____D () C:\Program Files\SUPERAntiSpyware 2014-03-09 17:04 - 2014-03-09 17:04 - 00000000 ____D () C:\Users\Mader\AppData\Roaming\SUPERAntiSpyware.com 2014-03-09 17:04 - 2014-03-09 17:04 - 00000000 ____D () C:\ProgramData\SUPERAntiSpyware.com 2014-03-09 17:01 - 2014-03-09 17:01 - 29393568 _____ (SUPERAntiSpyware) C:\Users\Mader\Downloads\SUPERAntiSpyware.exe 2014-03-09 15:43 - 2014-03-09 15:43 - 00000000 _____ () C:\autoexec.bat 2014-03-09 15:42 - 2014-03-11 02:23 - 00003328 _____ () C:\Windows\System32\Tasks\SpyHunter4Startup 2014-03-09 15:42 - 2014-03-09 15:42 - 00000000 ____D () C:\Program Files\Enigma Software Group 2014-03-09 15:42 - 2012-06-22 11:01 - 00022704 _____ () C:\Windows\system32\Drivers\EsgScanner.sys 2014-03-09 15:39 - 2014-03-09 19:33 - 00000000 ____D () C:\Windows\ACF5FE1B377240688B872D2A6EFD0A05.TMP 2014-03-09 07:43 - 2014-03-09 07:43 - 00728960 _____ (Enigma Software Group USA, LLC.) C:\Users\Mader\Downloads\SpyHunter-Installer.exe 2014-03-06 14:32 - 2013-12-18 10:01 - 00040760 _____ (TuneUp Software) C:\Windows\system32\TURegOpt.exe 2014-03-06 14:31 - 2014-03-06 14:31 - 00002217 _____ () C:\Users\Public\Desktop\TuneUp 1-Klick-Wartung.lnk 2014-03-06 14:31 - 2014-03-06 14:31 - 00002197 _____ () C:\Users\Public\Desktop\TuneUp Utilities 2014.lnk 2014-03-06 14:31 - 2014-03-06 14:31 - 00000000 ____D () C:\Program Files (x86)\TuneUp Utilities 2014 2014-03-06 14:31 - 2013-12-18 10:01 - 00029496 _____ (TuneUp Software) C:\Windows\system32\authuitu.dll 2014-03-06 14:31 - 2013-12-18 10:01 - 00025400 _____ (TuneUp Software) C:\Windows\SysWOW64\authuitu.dll 2014-03-06 14:28 - 2014-03-06 14:41 - 00000000 __SHD () C:\ProgramData\{FE8D473A-6F06-4F99-B5F4-BED72B2A038C} 2014-03-06 14:27 - 2014-03-06 14:27 - 35955112 _____ (TuneUp Software) C:\Users\Mader\Downloads\TuneUpUtilities2014_de-DE(1).exe 2014-03-06 14:26 - 2014-03-06 14:27 - 35955112 _____ (TuneUp Software) C:\Users\Mader\Downloads\TuneUpUtilities2014_de-DE.exe 2014-02-21 22:57 - 2014-02-21 22:57 - 00001328 _____ () C:\Users\Public\Desktop\Freemake Video Converter.lnk 2014-02-21 22:57 - 2014-02-21 22:57 - 00000000 ____D () C:\Users\Mader\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Freemake 2014-02-21 22:54 - 2014-02-21 22:54 - 01308120 _____ (Ellora Assets Corporation ) C:\Users\Mader\Downloads\FreemakeVideoConverterSetup.exe 2014-02-21 12:44 - 2014-02-21 12:44 - 00001168 _____ () C:\Users\Mader\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk 2014-02-21 12:37 - 2014-02-21 12:37 - 00002772 _____ () C:\Windows\System32\Tasks\CCleanerSkipUAC 2014-02-21 12:36 - 2014-02-21 12:36 - 00000826 _____ () C:\Users\Public\Desktop\CCleaner.lnk 2014-02-21 12:36 - 2014-02-21 12:36 - 00000000 ____D () C:\Program Files\CCleaner 2014-02-21 12:34 - 2014-02-21 12:34 - 00614816 _____ (Chip Digital GmbH) C:\Users\Mader\Downloads\CCleaner - CHIP-Downloader.exe 2014-02-21 12:28 - 2014-02-21 12:31 - 00042496 ___SH () C:\Users\Mader\Downloads\Thumbs.db 2014-02-20 13:05 - 2014-02-20 13:05 - 00000000 ____D () C:\Users\Mader\AppData\Local\FreemakeVideoDownloader 2014-02-20 12:48 - 2014-02-21 07:41 - 00000000 ____D () C:\Program Files\WinPcap 2014-02-20 12:47 - 2014-02-21 22:58 - 00000000 ____D () C:\Users\Mader\Documents\Freemake 2014-02-20 12:47 - 2014-02-21 22:58 - 00000000 ____D () C:\ProgramData\Freemake 2014-02-20 12:47 - 2014-02-21 22:57 - 00000000 ____D () C:\Program Files (x86)\Freemake 2014-02-20 12:44 - 2014-02-20 12:44 - 01308464 _____ (Ellora Assets Corporation ) C:\Users\Mader\Downloads\FreemakeVideoDownloaderSetup.exe 2014-02-20 10:13 - 2014-03-16 15:08 - 00000000 ____D () C:\Users\Mader\AppData\Roaming\vlc 2014-02-20 10:12 - 2014-02-20 10:12 - 00000875 _____ () C:\Users\Public\Desktop\VLC media player.lnk 2014-02-20 10:12 - 2014-02-20 10:12 - 00000000 ____D () C:\Program Files\VideoLAN 2014-02-20 10:10 - 2014-02-20 10:10 - 00000000 ____D () C:\Program Files (x86)\ResultsAlpha 2014-02-20 10:08 - 2014-02-20 10:10 - 00000000 ____D () C:\Users\Mader\AppData\Local\DownloadGuide 2014-02-20 10:06 - 2014-02-20 10:07 - 00695664 _____ () C:\Users\Mader\Downloads\vlc-2.1.3-win64-Downloader.exe 2014-02-20 08:31 - 2014-02-20 08:31 - 01883792 _____ (Irfan Skiljan) C:\Users\Mader\Downloads\iview437_setup.exe 2014-02-20 01:03 - 2014-02-20 01:03 - 01921665 _____ () C:\Users\Mader\Downloads\VID-20140213-WA0001.mp4 2014-02-16 15:36 - 2014-02-16 15:37 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox ==================== One Month Modified Files and Folders ======= 2014-03-17 13:19 - 2014-03-16 22:03 - 00029505 _____ () C:\Users\Mader\Downloads\FRST.txt 2014-03-17 13:17 - 2014-03-16 22:02 - 00000000 ____D () C:\FRST 2014-03-17 13:05 - 2012-04-03 08:37 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job 2014-03-17 12:32 - 2013-03-01 09:33 - 00000000 ____D () C:\ProgramData\Kaspersky Lab 2014-03-17 12:27 - 2012-02-23 16:06 - 00001108 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2014-03-17 12:21 - 2009-07-14 05:45 - 00009696 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2014-03-17 12:21 - 2009-07-14 05:45 - 00009696 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2014-03-17 12:14 - 2011-10-09 16:43 - 00003430 _____ () C:\Windows\System32\Tasks\Secunia PSI Logon Task 2014-03-17 12:14 - 2011-03-28 17:37 - 00000000 ___HD () C:\Users\Mader\AppData\Roaming\.oit 2014-03-17 12:13 - 2014-03-17 10:13 - 00013022 _____ () C:\Windows\PFRO.log 2014-03-17 12:13 - 2014-03-11 03:08 - 00000784 _____ () C:\Windows\setupact.log 2014-03-17 12:13 - 2012-02-23 16:06 - 00001104 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2014-03-17 12:13 - 2011-04-17 11:08 - 00065536 _____ () C:\Windows\system32\Ikeext.etl 2014-03-17 12:13 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2014-03-17 12:11 - 2010-11-21 02:49 - 01685748 _____ () C:\Windows\WindowsUpdate.log 2014-03-17 10:44 - 2014-02-11 10:44 - 00000000 ____D () C:\Program Files\Level Quality Watcher 2014-03-17 10:29 - 2012-04-13 09:18 - 00001138 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2990733432-2411743892-3817270005-1001UA.job 2014-03-17 08:54 - 2014-03-17 08:54 - 00001117 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk 2014-03-17 08:54 - 2014-03-17 08:54 - 00000000 ____D () C:\Users\Mader\AppData\Roaming\Malwarebytes 2014-03-17 08:54 - 2014-03-17 08:54 - 00000000 ____D () C:\ProgramData\Malwarebytes 2014-03-17 08:54 - 2014-03-17 08:54 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes' Anti-Malware 2014-03-17 08:52 - 2014-03-17 08:51 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\Mader\Downloads\mbam-setup-1.75.0.1300.exe 2014-03-16 22:36 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\tracing 2014-03-16 22:12 - 2014-03-16 22:06 - 00050077 _____ () C:\Users\Mader\Downloads\Addition.txt 2014-03-16 22:02 - 2014-03-16 22:02 - 02157056 _____ (Farbar) C:\Users\Mader\Downloads\FRST64.exe 2014-03-16 22:00 - 2014-03-16 22:00 - 01145856 _____ (Farbar) C:\Users\Mader\Downloads\FRST.exe 2014-03-16 15:08 - 2014-02-20 10:13 - 00000000 ____D () C:\Users\Mader\AppData\Roaming\vlc 2014-03-16 15:05 - 2012-04-03 08:37 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2014-03-16 15:05 - 2012-04-03 08:37 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater 2014-03-16 15:05 - 2011-05-25 21:05 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2014-03-15 10:31 - 2014-03-09 17:06 - 00002179 _____ () C:\Users\Public\Desktop\Google Chrome.lnk 2014-03-11 07:58 - 2014-03-11 07:58 - 00003128 _____ () C:\Windows\System32\Tasks\{EA1ADFDB-A450-4560-A0E9-C1B9356C5182} 2014-03-11 07:29 - 2012-04-13 09:18 - 00001116 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2990733432-2411743892-3817270005-1001Core.job 2014-03-11 03:17 - 2014-03-11 03:01 - 00000000 ____D () C:\Program Files (x86)\Systweak Support Dock 2014-03-11 03:17 - 2014-03-11 03:01 - 00000000 ____D () C:\Program Files (x86)\PC Cleaner 2014-03-11 03:17 - 2014-03-11 03:01 - 00000000 ____D () C:\Program Files (x86)\Advanced Disk Recovery 2014-03-11 03:15 - 2014-02-11 10:46 - 00000000 ____D () C:\Users\Mader\AppData\Roaming\systweak 2014-03-11 03:09 - 2014-03-11 03:09 - 00077160 _____ () C:\Users\Mader\AppData\Local\GDIPFONTCACHEV1.DAT 2014-03-11 03:09 - 2011-11-25 06:00 - 00088064 ___SH () C:\Users\Mader\Desktop\Thumbs.db 2014-03-11 03:08 - 2014-03-11 03:08 - 00342112 _____ () C:\Windows\system32\FNTCACHE.DAT 2014-03-11 03:08 - 2014-03-11 03:08 - 00000000 _____ () C:\Windows\setuperr.log 2014-03-11 03:02 - 2014-03-11 03:02 - 00000000 ____D () C:\Users\Mader\AppData\Local\CrashRpt 2014-03-11 03:01 - 2014-02-11 10:47 - 00000000 ____D () C:\Program Files (x86)\Advanced System Protector 2014-03-11 02:52 - 2014-03-09 20:10 - 00000000 ____D () C:\Program Files (x86)\Toolbar Cleaner 2014-03-11 02:23 - 2014-03-09 15:42 - 00003328 _____ () C:\Windows\System32\Tasks\SpyHunter4Startup 2014-03-10 21:13 - 2011-04-14 05:24 - 00000190 _____ () C:\Windows\ktel.ini 2014-03-10 15:37 - 2014-03-10 15:36 - 00991480 _____ (1&1 Mail & Media GmbH) C:\Users\Mader\Downloads\WEB.DE_Softwareaktualisierung_Setup.exe 2014-03-09 20:48 - 2014-03-09 20:48 - 00000000 ____D () C:\Users\Mader\AppData\Roaming\LavasoftStatistics 2014-03-09 20:21 - 2014-03-09 17:04 - 00000000 ____D () C:\Program Files\SUPERAntiSpyware 2014-03-09 20:10 - 2014-03-09 20:10 - 00000000 ____D () C:\Program Files\Lavasoft 2014-03-09 20:08 - 2014-03-09 20:08 - 00000000 ____D () C:\Users\Mader\AppData\Roaming\SecureSearch 2014-03-09 20:07 - 2014-03-09 20:07 - 00000000 ____D () C:\Program Files (x86)\Lavasoft 2014-03-09 20:04 - 2014-03-09 20:04 - 01727624 _____ () C:\Users\Mader\Downloads\Adaware_Installer_11153540.exe 2014-03-09 20:04 - 2014-03-09 20:04 - 00000000 ____D () C:\ProgramData\Lavasoft 2014-03-09 19:54 - 2014-03-09 19:54 - 00613200 _____ (Chip Digital GmbH) C:\Users\Mader\Downloads\SuperAntiSpyware - CHIP-Downloader.exe 2014-03-09 19:33 - 2014-03-09 15:39 - 00000000 ____D () C:\Windows\ACF5FE1B377240688B872D2A6EFD0A05.TMP 2014-03-09 17:06 - 2012-02-23 16:06 - 00000000 ____D () C:\Program Files (x86)\Google 2014-03-09 17:04 - 2014-03-09 17:04 - 00000000 ____D () C:\Users\Mader\AppData\Roaming\SUPERAntiSpyware.com 2014-03-09 17:04 - 2014-03-09 17:04 - 00000000 ____D () C:\ProgramData\SUPERAntiSpyware.com 2014-03-09 17:01 - 2014-03-09 17:01 - 29393568 _____ (SUPERAntiSpyware) C:\Users\Mader\Downloads\SUPERAntiSpyware.exe 2014-03-09 15:43 - 2014-03-09 15:43 - 00000000 _____ () C:\autoexec.bat 2014-03-09 15:42 - 2014-03-09 15:42 - 00000000 ____D () C:\Program Files\Enigma Software Group 2014-03-09 07:43 - 2014-03-09 07:43 - 00728960 _____ (Enigma Software Group USA, LLC.) C:\Users\Mader\Downloads\SpyHunter-Installer.exe 2014-03-06 14:50 - 2012-09-12 11:05 - 00000000 ____D () C:\Program Files\Paint.NET 2014-03-06 14:41 - 2014-03-06 14:28 - 00000000 __SHD () C:\ProgramData\{FE8D473A-6F06-4F99-B5F4-BED72B2A038C} 2014-03-06 14:33 - 2012-04-13 09:18 - 00004124 _____ () C:\Windows\System32\Tasks\FacebookUpdateTaskUserS-1-5-21-2990733432-2411743892-3817270005-1001UA 2014-03-06 14:33 - 2012-04-13 09:18 - 00003756 _____ () C:\Windows\System32\Tasks\FacebookUpdateTaskUserS-1-5-21-2990733432-2411743892-3817270005-1001Core 2014-03-06 14:33 - 2011-04-10 11:30 - 00000000 ____D () C:\ProgramData\TuneUp Software 2014-03-06 14:31 - 2014-03-06 14:31 - 00002217 _____ () C:\Users\Public\Desktop\TuneUp 1-Klick-Wartung.lnk 2014-03-06 14:31 - 2014-03-06 14:31 - 00002197 _____ () C:\Users\Public\Desktop\TuneUp Utilities 2014.lnk 2014-03-06 14:31 - 2014-03-06 14:31 - 00000000 ____D () C:\Program Files (x86)\TuneUp Utilities 2014 2014-03-06 14:31 - 2011-04-10 11:35 - 00000000 ___HD () C:\Users\Mader\AppData\Roaming\TuneUp Software 2014-03-06 14:27 - 2014-03-06 14:27 - 35955112 _____ (TuneUp Software) C:\Users\Mader\Downloads\TuneUpUtilities2014_de-DE(1).exe 2014-03-06 14:27 - 2014-03-06 14:26 - 35955112 _____ (TuneUp Software) C:\Users\Mader\Downloads\TuneUpUtilities2014_de-DE.exe 2014-03-02 11:34 - 2012-08-07 21:59 - 00000000 ____D () C:\Users\Mader\Documents\HERMA 2014-02-27 14:44 - 2012-07-05 08:15 - 00012288 _____ () C:\Users\Mader\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini 2014-02-21 22:58 - 2014-02-20 12:47 - 00000000 ____D () C:\Users\Mader\Documents\Freemake 2014-02-21 22:58 - 2014-02-20 12:47 - 00000000 ____D () C:\ProgramData\Freemake 2014-02-21 22:57 - 2014-02-21 22:57 - 00001328 _____ () C:\Users\Public\Desktop\Freemake Video Converter.lnk 2014-02-21 22:57 - 2014-02-21 22:57 - 00000000 ____D () C:\Users\Mader\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Freemake 2014-02-21 22:57 - 2014-02-20 12:47 - 00000000 ____D () C:\Program Files (x86)\Freemake 2014-02-21 22:54 - 2014-02-21 22:54 - 01308120 _____ (Ellora Assets Corporation ) C:\Users\Mader\Downloads\FreemakeVideoConverterSetup.exe 2014-02-21 12:51 - 2010-08-30 10:12 - 00000000 ____D () C:\Program Files (x86)\Acer GameZone 2014-02-21 12:44 - 2014-02-21 12:44 - 00001168 _____ () C:\Users\Mader\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk 2014-02-21 12:42 - 2011-03-29 07:55 - 00000000 ___HD () C:\Users\Mader\AppData\Roaming\Apple Computer 2014-02-21 12:42 - 2011-03-29 07:53 - 00000000 ____D () C:\Program Files\Common Files\Apple 2014-02-21 12:39 - 2011-04-27 11:44 - 00000000 ___HD () C:\Users\Mader\AppData\Roaming\Skype 2014-02-21 12:39 - 2011-04-10 09:25 - 00000000 ___HD () C:\Users\Mader\Tracing 2014-02-21 12:39 - 2011-03-29 06:51 - 00000000 __HDC () C:\Users\Mader\AppData\Local\MigWiz 2014-02-21 12:39 - 2007-07-12 02:49 - 00000000 ____D () C:\Windows\Panther 2014-02-21 12:37 - 2014-02-21 12:37 - 00002772 _____ () C:\Windows\System32\Tasks\CCleanerSkipUAC 2014-02-21 12:36 - 2014-02-21 12:36 - 00000826 _____ () C:\Users\Public\Desktop\CCleaner.lnk 2014-02-21 12:36 - 2014-02-21 12:36 - 00000000 ____D () C:\Program Files\CCleaner 2014-02-21 12:34 - 2014-02-21 12:34 - 00614816 _____ (Chip Digital GmbH) C:\Users\Mader\Downloads\CCleaner - CHIP-Downloader.exe 2014-02-21 12:31 - 2014-02-21 12:28 - 00042496 ___SH () C:\Users\Mader\Downloads\Thumbs.db 2014-02-21 09:42 - 2012-02-23 16:06 - 00004114 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA 2014-02-21 09:42 - 2012-02-23 16:06 - 00003862 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore 2014-02-21 07:41 - 2014-02-20 12:48 - 00000000 ____D () C:\Program Files\WinPcap 2014-02-21 07:34 - 2011-10-09 14:10 - 00077160 _____ () C:\Windows\SysWOW64\GDIPFONTCACHEV1.DAT 2014-02-20 15:51 - 2011-10-09 14:02 - 00077160 _____ () C:\Windows\system32\GDIPFONTCACHEV1.DAT 2014-02-20 13:18 - 2012-07-11 15:28 - 00000000 ____D () C:\Program Files (x86)\Biet-O-Matic 2014-02-20 13:17 - 2012-07-11 15:28 - 00000000 ____D () C:\Users\Mader\AppData\Roaming\BOM 2014-02-20 13:05 - 2014-02-20 13:05 - 00000000 ____D () C:\Users\Mader\AppData\Local\FreemakeVideoDownloader 2014-02-20 12:44 - 2014-02-20 12:44 - 01308464 _____ (Ellora Assets Corporation ) C:\Users\Mader\Downloads\FreemakeVideoDownloaderSetup.exe 2014-02-20 10:12 - 2014-02-20 10:12 - 00000875 _____ () C:\Users\Public\Desktop\VLC media player.lnk 2014-02-20 10:12 - 2014-02-20 10:12 - 00000000 ____D () C:\Program Files\VideoLAN 2014-02-20 10:11 - 2013-02-12 08:41 - 00000393 _____ () C:\Windows\wininit.ini 2014-02-20 10:10 - 2014-02-20 10:10 - 00000000 ____D () C:\Program Files (x86)\ResultsAlpha 2014-02-20 10:10 - 2014-02-20 10:08 - 00000000 ____D () C:\Users\Mader\AppData\Local\DownloadGuide 2014-02-20 10:10 - 2012-02-23 16:05 - 00000000 ____D () C:\Users\Mader\AppData\Local\Google 2014-02-20 10:07 - 2014-02-20 10:06 - 00695664 _____ () C:\Users\Mader\Downloads\vlc-2.1.3-win64-Downloader.exe 2014-02-20 08:47 - 2011-12-15 17:30 - 00001898 _____ () C:\Users\Mader\Desktop\IrfanView Thumbnails.lnk 2014-02-20 08:47 - 2011-12-15 17:30 - 00001006 _____ () C:\Users\Mader\Desktop\IrfanView.lnk 2014-02-20 08:47 - 2011-12-15 17:30 - 00000000 ____D () C:\Users\Mader\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\IrfanView 2014-02-20 08:31 - 2014-02-20 08:31 - 01883792 _____ (Irfan Skiljan) C:\Users\Mader\Downloads\iview437_setup.exe 2014-02-20 01:03 - 2014-02-20 01:03 - 01921665 _____ () C:\Users\Mader\Downloads\VID-20140213-WA0001.mp4 2014-02-19 13:10 - 2013-11-13 11:47 - 00000000 ___RD () C:\Program Files (x86)\Skype 2014-02-19 13:10 - 2011-04-27 11:43 - 00000000 ____D () C:\ProgramData\Skype 2014-02-18 09:57 - 2011-03-28 18:25 - 00000000 ___HD () C:\Users\Mader\AppData\Local\Adobe 2014-02-18 07:24 - 2012-04-25 07:39 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service 2014-02-17 20:17 - 2014-02-05 07:22 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox.bak 2014-02-17 10:06 - 2013-10-17 15:47 - 00624224 _____ (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\klif.sys 2014-02-17 10:06 - 2013-10-17 15:47 - 00029280 _____ (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\klkbdflt.sys 2014-02-17 10:06 - 2013-06-08 20:18 - 00115296 _____ (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\klflt.sys 2014-02-16 15:37 - 2014-02-16 15:36 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox 2014-02-16 11:22 - 2012-03-12 12:47 - 00000000 ____D () C:\Users\Mader\Documents\WM Rechnungen Some content of TEMP: ==================== C:\Users\Mader\AppData\Local\Temp\5e7080c1-a605-4492-9fdc-2981803797c9.exe C:\Users\Mader\AppData\Local\Temp\SHSetup.exe C:\Users\Mader\AppData\Local\Temp\vcredist_x86.exe ==================== Bamital & volsnap Check ================= C:\Windows\System32\winlogon.exe => MD5 is legit C:\Windows\System32\wininit.exe => MD5 is legit C:\Windows\SysWOW64\wininit.exe => MD5 is legit C:\Windows\explorer.exe => MD5 is legit C:\Windows\SysWOW64\explorer.exe => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\SysWOW64\svchost.exe => MD5 is legit C:\Windows\System32\services.exe => MD5 is legit C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\SysWOW64\User32.dll => MD5 is legit C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\SysWOW64\userinit.exe => MD5 is legit C:\Windows\System32\rpcss.dll => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit LastRegBack: 2014-03-10 16:37 ==================== End Of Log ============================ |
17.03.2014, 16:43 | #2 |
/// Winkelfunktion /// TB-Süch-Tiger™ | Habe Probleme wie schon der Vorgänger der hier gepostet hat Hi,
__________________Das andere Log von FRST fehlt. Außerdem sollten die Logs in CODE-Tags gepostet werden Lesestoff: Posten in CODE-Tags Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert mir massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu gross für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
__________________ |
Themen zu Habe Probleme wie schon der Vorgänger der hier gepostet hat |
administrator, adobe, browser, cursor, ebanking, esgscanner.sys, explorer, fehler, flash player, home, homepage, kaspersky, launch, modul, mozilla, newtab, nvidia, realtek, registry, secunia psi, security, services.exe, software, superantispyware, svchost.exe, system, tastatur, temp, vcredist, winlogon.exe, öffnet |