|
Log-Analyse und Auswertung: Computer bzw. Firefox seit einiger Zeit langsam, dabei Lüfter auf HochtourenWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
20.03.2014, 04:11 | #1 |
| Computer bzw. Firefox seit einiger Zeit langsam, dabei Lüfter auf Hochtouren Hallo zusammen! Vor einigen Wochen hatte ich beim Surfen auf eigentlich harmlosen Seiten eine Warnmeldung von Antivir, es hätte einen Schädlingsfund gegeben. Es hat sich dabei um "APPL/Somoto.Gen2" gehandelt. Ich ließ das Programm - wie von ihm im Dialogfenster empfohlen - alle befallene Dateien (es waren nur 5-6 und alle aus dem "Temp"-Ordner von Firefox) in die Quarantäne verschieben und hatte keine Probleme und keinerlei Fehler-/Warnmeldungen. Etwa eine Woche später meldete das Betriebssystem (Windows 7), daß angeblich kein Virenschutzprogramm aktiv wäre. Zu dieser Zeit fing auch mein Firewall-Programm (Zonealarm) an, mich jedes Mal zu fragen, ob Antivir ins Netz oder dies und jenes darf. Dies wunderte mich stark, denn ich hatte bei der Installation von Antivir die entsprechende Zonealarm-Erlaubnis gespeichert und war seitdem selbstverständlich nicht mehr mit solchen Anfragen zu Antivir konfrontiert worden. Ich checkte Antivir, es war ganz normal eingeschaltet - hatte aber offenbar seit einigen Tagen - entgegen seinen Gewohnheiten - keine Virendefinitionen herunterladen können. Ich startete das Programm im Administrator-Modus und lud die Virendefinitionen herunter. Dann speicherte wieder die Zonealarm-Erlaubnis für Antivir und es kamen keine Anfragen dazu mehr. Schließlich führte ich einen kompletten Systemscan durch, der ohne Virenfunde blieb - sieht man von ein paar altbekannten Fehlalarmen (ich habe vor langer Zeit aus zuverlässiger Quelle ein paar Schriftarten heruntergeladen, die mir jedes Mal von Antivir als "Malware" gemeldet haben, weil sie eigentlich Downloader-Dateien für diese Schriftarten sind) ab. Vor ca. 10 Tagen war ich auf ein paar Seiten aus buddhistischen Ländern. Mittendrin bemerkte ich auf einmal, daß einige davon extrem lange zum Laden brauchten (also gefühlt noch länger als es für Seiten aus fernen Ländern erfahrungsgemäß ohnehin üblich ist) und währenddessen der Lüfter meines Rechners in bisher ungeahnte Hochtouren getrieben wurde. Dann fiel mir auf, daß sich diese Seiten - obwohl fast fertiggeladen - plötzlich selbsständig neu luden, wobei deren Adresse auf der Browser-Adresszeile eine neue wurde. Beunruhigend fand ich, daß dann jeglicher Klick auf einen Link, der sich auf diesen Seiten befand, nicht mehr wie sonst zur erwarteten Seite, sondern zu einer Werbungsseite - und zwar alle Links zur gleichen. Wenn man das Laden der Seite vor dem blitzartigen "Neu-Laden" stoppte oder aber danach neu lud, dann stimmten die Adresszeile und die Links wieder. Dann konnte der Rechner plötzlich trotz stehender Verbindung für einige Stunden nicht mehr aufs Internet zugreifen (weder Firefox noch Explorer noch sonstige Programme). Trotzdem gab es keine Warnung von Antivir und Zonealarm. Auch hier blieb ein vollständiger Systemscan mit Antivir ergebnislos. Seit etwa 1 Woche ist es nun so, daß Firefox beim Surfen nach 1-2 Stunden extrem langsam wird (langsamer geht nicht), oft hängen bleibt und manchmal abstürzt. Gleichzeitig geht die Lüfter-Drehzahl unermeßlich in die Höhe. Das hatte ich bis jetzt noch nie seit Kauf des Rechners vor ca. 1 Jahr (neu, OVP und mit Garantie gekauft). Was ist da los? Weiß jemand Rat? Danke im voraus! Balsberg PS. Wie in der Anleitung beschrieben anbei die Log-Dateien: Antivir Das Exportieren der Antivir-Daten funktioniert komischerweise nicht. Defogger Code:
ATTFilter defogger_disable by jpshortstuff (23.02.10.1) Log created at 02:27 on 20/03/2014 (HP) Checking for autostart values... HKCU\~\Run values retrieved. HKLM\~\Run values retrieved. Checking for services/drivers... -=E.O.F=- FRST Log FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 13-03-2014 Ran by HP (administrator) on HP-HP on 20-03-2014 02:29:37 Running from C:\Users\HP\Desktop Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard Internet Explorer Version 11 Boot Mode: Normal ==================== Processes (Whitelisted) ================= (AMD) C:\Windows\system32\atiesrxx.exe (IDT, Inc.) C:\Program Files\IDT\WDM\STacSV64.exe (AMD) C:\Windows\system32\atieclxx.exe (Hewlett-Packard Company) C:\Windows\system32\Hpservice.exe (Check Point Software Technologies LTD) C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe (Check Point Software Technologies) C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Microsoft Corporation) C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE (EasyBits Software AS) C:\Windows\SysWOW64\ezSharedSvcHost.exe (Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe (Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe (Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe (Microsoft Corporation) C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE (Check Point Software Technologies) C:\Program Files\CheckPoint\ZAForceField\ForceField.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe (CANON INC.) C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE (Logitech Inc.) C:\Program Files\Logitech\Gaming Software\LWEMon.exe (Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe (Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe (Check Point Software Technologies LTD) C:\Program Files (x86)\CheckPoint\ZoneAlarm\zatray.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe (Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe (CyberLink) C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe (ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe (Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe (Synaptics Incorporated) C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE (Microsoft Corporation) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe (Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe ==================== Registry (Whitelisted) ================== HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2837288 2011-10-14] (Synaptics Incorporated) HKLM\...\Run: [SysTrayApp] - C:\Program Files\IDT\WDM\sttray64.exe [1425408 2012-01-04] (IDT, Inc.) HKLM\...\Run: [CanonSolutionMenu] - C:\Program Files (x86)\Canon\SolutionMenu\CNSLMAIN.exe [644696 2007-05-14] (CANON INC.) HKLM\...\Run: [CanonMyPrinter] - C:\Program Files\Canon\MyPrinter\BJMyPrt.exe [1840720 2007-04-03] (CANON INC.) HKLM\...\Run: [CIS_{15198508-521A-4D69-8E5B-B94A6CCFF805}] - "C:\Users\HP\AppData\Local\Temp\cisBC7B.exe" --PostUninstall {15198508-521A-4D69-8E5B-B94A6CCFF805} <===== ATTENTION HKLM\...\Run: [CIS_{81EFDD93-DBBE-415B-BE6E-49B9664E3E82}] - "C:\Users\HP\AppData\Local\Temp\cisBC7B.exe" --PostUninstall {81EFDD93-DBBE-415B-BE6E-49B9664E3E82} <===== ATTENTION HKLM\...\Run: [ISW] - C:\Program Files\CheckPoint\ZAForceField\ForceField.exe [1127592 2012-11-02] (Check Point Software Technologies) HKLM\...\Run: [Start WingMan Profiler] - C:\Program Files\Logitech\Gaming Software\LWEMon.exe [190472 2009-09-17] (Logitech Inc.) HKLM-x32\...\Run: [StartCCC] - C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [630912 2012-02-10] (Advanced Micro Devices, Inc.) HKLM-x32\...\Run: [Easybits Recovery] - C:\Program Files (x86)\EasyBits For Kids\ezRecover.exe [61112 2011-09-15] (EasyBits Software AS) HKLM-x32\...\Run: [HPOSD] - C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe [379960 2011-08-19] (Hewlett-Packard Development Company, L.P.) HKLM-x32\...\Run: [HP CoolSense] - C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe [1343904 2012-11-05] (Hewlett-Packard Development Company, L.P.) HKLM-x32\...\Run: [SSBkgdUpdate] - C:\Program Files (x86)\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe [210472 2006-10-25] (Nuance Communications, Inc.) HKLM-x32\...\Run: [ZoneAlarm] - C:\Program Files (x86)\CheckPoint\ZoneAlarm\zatray.exe [73392 2012-11-19] (Check Point Software Technologies LTD) HKLM-x32\...\Run: [avgnt] - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [689744 2014-02-21] (Avira Operations GmbH & Co. KG) HKLM-x32\...\Run: [HP Quick Launch] - C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe [578944 2012-03-05] (Hewlett-Packard Development Company, L.P.) HKLM\...\Winlogon: [Userinit] c:\windows\system32\userinit.exe,C:\Program Files\MPK\mpk.exe HKLM\...\Policies\Explorer: [EnableShellExecuteHooks] 1 HKU\S-1-5-21-4233285500-2345498560-950285895-1001\...\Policies\system: [DisableLockWorkstation] 0 HKU\S-1-5-21-4233285500-2345498560-950285895-1001\...\Policies\system: [DisableChangePassword] 0 ==================== Internet (Whitelisted) ==================== HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/HPNOT/4 SearchScopes: HKLM - {2fa28606-de77-4029-af96-b231e3b8f827} URL = hxxp://eu.ask.com/web?q={searchterms}&l=dis&o=HPNTDF SearchScopes: HKLM - {68978A37-704A-4963-879F-3FC10CCF1A18} URL = hxxp://www.amazon.de/s/ref=azs_osd_ieade?ie=UTF-8&tag=hp-de2-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms} SearchScopes: HKLM - {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = hxxp://de.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF SearchScopes: HKLM - {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = hxxp://de.wikipedia.org/wiki/Special:Search?search={searchTerms} SearchScopes: HKLM - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/707-111076-19270-3/4?mpre=hxxp://www.ebay.de/sch/i.html?_nkw={searchTerms} SearchScopes: HKLM-x32 - {2fa28606-de77-4029-af96-b231e3b8f827} URL = hxxp://eu.ask.com/web?q={searchterms}&l=dis&o=HPNTDF SearchScopes: HKLM-x32 - {68978A37-704A-4963-879F-3FC10CCF1A18} URL = hxxp://www.amazon.de/s/ref=azs_osd_ieade?ie=UTF-8&tag=hp-de2-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms} SearchScopes: HKLM-x32 - {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = hxxp://de.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF SearchScopes: HKLM-x32 - {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = hxxp://de.wikipedia.org/wiki/Special:Search?search={searchTerms} SearchScopes: HKLM-x32 - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/707-111076-19270-3/4?mpre=hxxp://www.ebay.de/sch/i.html?_nkw={searchTerms} SearchScopes: HKCU - {2fa28606-de77-4029-af96-b231e3b8f827} URL = hxxp://eu.ask.com/web?q={searchterms}&l=dis&o=HPNTDF SearchScopes: HKCU - {68978A37-704A-4963-879F-3FC10CCF1A18} URL = hxxp://www.amazon.de/s/ref=azs_osd_ieade?ie=UTF-8&tag=hp-de2-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms} SearchScopes: HKCU - {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = hxxp://de.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF SearchScopes: HKCU - {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = hxxp://de.wikipedia.org/wiki/Special:Search?search={searchTerms} SearchScopes: HKCU - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/707-111076-19270-3/4?mpre=hxxp://www.ebay.de/sch/i.html?_nkw={searchTerms} BHO: SteadyVideoBHO Class - {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} - C:\Program Files\AMD\SteadyVideo\SteadyVideo.dll (Advanced Micro Devices) BHO: ZoneAlarm Security Engine Registrar - {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies) BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) BHO-x32: SteadyVideoBHO Class - {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} - C:\Program Files (x86)\amd\SteadyVideo\SteadyVideo.dll (Advanced Micro Devices) BHO-x32: ZoneAlarm Security Engine Registrar - {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies) BHO-x32: Windows Live ID-Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) BHO-x32: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.) BHO-x32: HP Network Check Helper - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard) Toolbar: HKLM - ZoneAlarm Security Engine - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies) Toolbar: HKLM-x32 - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.) Toolbar: HKLM-x32 - ZoneAlarm Security Engine - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies) Toolbar: HKCU - No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File Handler-x32: http\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation) Handler-x32: http\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation) Handler-x32: https\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation) Handler-x32: https\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation) Handler-x32: msdaipp\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation) Handler-x32: msdaipp\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation) Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies) Filter: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices) Filter: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices) Filter-x32: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices) Filter-x32: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices) ShellExecuteHooks-x32: EasyBits ShellExecute Hook - {E54729E8-BB3D-4270-9D49-7389EA579090} - C:\Windows\SysWOW64\ezUPBHook.dll [52920 2012-06-25] (EasyBits Software Corp.) Tcpip\Parameters: [DhcpNameServer] 192.168.2.1 FireFox: ======== FF ProfilePath: C:\Users\HP\AppData\Roaming\Mozilla\Firefox\Profiles\3qkit518.default FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_12_0_0_77.dll () FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation) FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_77.dll () FF Plugin-x32: @adobe.com/ShockwavePlayer - C:\Windows\SysWOW64\Adobe\Director\np32dsw_1203133.dll (Adobe Systems, Inc.) FF Plugin-x32: @checkpoint.com/FFApi - C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\npFFApi.dll () FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 - C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll () FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF Plugin HKCU: @Google.com/GoogleEarthPlugin - C:\Users\HP\AppData\Local\Google\Google Earth\plugin\npgeplugin.dll (Google) FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml FF Extension: Flash Video Downloader - Full HD Download - C:\Users\HP\AppData\Roaming\Mozilla\Firefox\Profiles\3qkit518.default\Extensions\artur.dubovoy@gmail.com [2014-03-10] FF HKLM\...\Firefox\Extensions: [{FFB96CC1-7EB3-449D-B827-DB661701C6BB}] - C:\Program Files\CheckPoint\ZAForceField\TrustChecker FF Extension: No Name - C:\Program Files\CheckPoint\ZAForceField\TrustChecker [2013-02-07] FF HKLM-x32\...\Firefox\Extensions: [{FFB96CC1-7EB3-449D-B827-DB661701C6BB}] - C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker FF Extension: ZoneAlarm Security Engine - C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker [2013-02-07] ==================== Services (Whitelisted) ================= R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [361984 2012-02-10] (Advanced Micro Devices, Inc.) R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [440400 2014-02-21] (Avira Operations GmbH & Co. KG) R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [440400 2014-02-21] (Avira Operations GmbH & Co. KG) S4 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\avwebg7.exe [1017424 2014-02-21] (Avira Operations GmbH & Co. KG) R2 IswSvc; C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe [827560 2012-11-02] (Check Point Software Technologies) R2 vsmon; C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe [2447440 2012-11-19] (Check Point Software Technologies LTD) ==================== Drivers (Whitelisted) ==================== R0 amdkmpfd; C:\Windows\System32\drivers\amdkmpfd.sys [31872 2012-02-02] (Advanced Micro Devices, Inc.) R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [108440 2013-12-12] (Avira Operations GmbH & Co. KG) R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [131576 2013-12-12] (Avira Operations GmbH & Co. KG) R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-12-01] (Avira Operations GmbH & Co. KG) R2 ISWKL; C:\Program Files\CheckPoint\ZAForceField\ISWKL.sys [33712 2012-11-02] (Check Point Software Technologies) R3 RSP2STOR; C:\Windows\System32\DRIVERS\RtsP2Stor.sys [258664 2011-09-22] (Realtek Semiconductor Corp.) R1 Vsdatant; C:\Windows\System32\DRIVERS\vsdatant.sys [450136 2012-11-01] (Check Point Software Technologies LTD) ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2014-03-20 02:29 - 2014-03-20 02:29 - 00017675 _____ () C:\Users\HP\Desktop\FRST.txt 2014-03-20 02:28 - 2014-03-20 02:29 - 00000000 ____D () C:\FRST 2014-03-20 02:27 - 2014-03-20 02:27 - 00000466 _____ () C:\Users\HP\Desktop\defogger_disable.log 2014-03-20 02:27 - 2014-03-20 02:27 - 00000000 _____ () C:\Users\HP\defogger_reenable 2014-03-20 02:09 - 2014-03-20 02:09 - 02157056 _____ (Farbar) C:\Users\HP\Desktop\FRST64.exe 2014-03-20 02:09 - 2014-03-20 02:09 - 00380416 _____ () C:\Users\HP\Desktop\Gmer-19357.exe 2014-03-20 02:07 - 2014-03-20 02:08 - 00050477 _____ () C:\Users\HP\Desktop\Defogger.exe 2014-03-19 23:37 - 2014-03-19 23:56 - 00228494 _____ () C:\Users\HP\Desktop\_20140319_235443.tif 2014-03-19 23:37 - 2014-03-19 23:37 - 01480772 _____ () C:\Users\HP\Desktop\_20140319_235650.tif 2014-03-19 05:26 - 2014-03-19 05:26 - 00000000 _____ () C:\Windows\SysWOW64\sho43EF.tmp 2014-03-16 04:21 - 2014-03-01 06:17 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2014-03-16 04:21 - 2014-03-01 06:16 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll 2014-03-16 04:21 - 2014-03-01 05:58 - 02765824 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2014-03-16 04:21 - 2014-03-01 05:40 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll 2014-03-16 04:21 - 2014-03-01 05:30 - 17074688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2014-03-16 04:21 - 2014-03-01 04:52 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll 2014-03-16 04:21 - 2014-03-01 04:51 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll 2014-03-16 04:21 - 2014-03-01 04:47 - 02168320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2014-03-16 04:21 - 2014-03-01 04:43 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll 2014-03-16 04:21 - 2014-03-01 04:03 - 00524288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll 2014-03-16 04:21 - 2014-03-01 03:27 - 01156096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2014-03-16 04:20 - 2014-03-01 07:05 - 23133696 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2014-03-16 04:20 - 2014-03-01 05:52 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll 2014-03-16 04:20 - 2014-03-01 05:51 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll 2014-03-16 04:20 - 2014-03-01 05:42 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll 2014-03-16 04:20 - 2014-03-01 05:37 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll 2014-03-16 04:20 - 2014-03-01 05:33 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe 2014-03-16 04:20 - 2014-03-01 05:33 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe 2014-03-16 04:20 - 2014-03-01 05:32 - 00708608 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll 2014-03-16 04:20 - 2014-03-01 05:23 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe 2014-03-16 04:20 - 2014-03-01 05:17 - 00218624 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe 2014-03-16 04:20 - 2014-03-01 05:11 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb 2014-03-16 04:20 - 2014-03-01 05:02 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll 2014-03-16 04:20 - 2014-03-01 04:54 - 05768704 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2014-03-16 04:20 - 2014-03-01 04:43 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll 2014-03-16 04:20 - 2014-03-01 04:42 - 00627200 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2014-03-16 04:20 - 2014-03-01 04:40 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll 2014-03-16 04:20 - 2014-03-01 04:38 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe 2014-03-16 04:20 - 2014-03-01 04:37 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll 2014-03-16 04:20 - 2014-03-01 04:35 - 02041856 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl 2014-03-16 04:20 - 2014-03-01 04:18 - 13051904 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2014-03-16 04:20 - 2014-03-01 04:16 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll 2014-03-16 04:20 - 2014-03-01 04:14 - 04244480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll 2014-03-16 04:20 - 2014-03-01 04:10 - 02334208 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2014-03-16 04:20 - 2014-03-01 04:00 - 01964032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl 2014-03-16 04:20 - 2014-03-01 03:57 - 11266048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2014-03-16 04:20 - 2014-03-01 03:38 - 01393664 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2014-03-16 04:20 - 2014-03-01 03:32 - 01820160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2014-03-16 04:20 - 2014-03-01 03:25 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll 2014-03-16 04:20 - 2014-03-01 03:25 - 00703488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll 2014-03-16 04:20 - 2014-01-29 03:32 - 00484864 _____ (Microsoft Corporation) C:\Windows\system32\wer.dll 2014-03-16 04:20 - 2014-01-29 03:06 - 00381440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wer.dll 2014-03-16 04:20 - 2014-01-28 03:32 - 00228864 _____ (Microsoft Corporation) C:\Windows\system32\wwansvc.dll 2014-03-16 04:19 - 2014-02-07 02:23 - 03156480 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys 2014-03-16 04:19 - 2014-02-04 03:32 - 01424384 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll 2014-03-16 04:19 - 2014-02-04 03:32 - 00624128 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll 2014-03-16 04:19 - 2014-02-04 03:04 - 01230336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll 2014-03-16 04:19 - 2014-02-04 03:04 - 00509440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll 2014-03-16 04:18 - 2014-03-16 04:18 - 00195896 _____ () C:\Users\HP\Desktop\_20140315_233149.tif 2014-03-13 15:36 - 2014-03-13 15:36 - 00029373 _____ () C:\Users\HP\Desktop\Klausurergebnisse.xlsx 2014-02-27 02:10 - 2014-01-09 03:22 - 05694464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll 2014-02-27 02:10 - 2014-01-03 23:44 - 06574592 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll 2014-02-24 05:55 - 2014-02-24 05:55 - 00001154 _____ () C:\Users\HP\Desktop\PUF.txt ==================== One Month Modified Files and Folders ======= 2014-03-20 02:29 - 2014-03-20 02:29 - 00017675 _____ () C:\Users\HP\Desktop\FRST.txt 2014-03-20 02:29 - 2014-03-20 02:28 - 00000000 ____D () C:\FRST 2014-03-20 02:27 - 2014-03-20 02:27 - 00000466 _____ () C:\Users\HP\Desktop\defogger_disable.log 2014-03-20 02:27 - 2014-03-20 02:27 - 00000000 _____ () C:\Users\HP\defogger_reenable 2014-03-20 02:27 - 2013-02-01 08:44 - 00000000 ____D () C:\Users\HP 2014-03-20 02:09 - 2014-03-20 02:09 - 02157056 _____ (Farbar) C:\Users\HP\Desktop\FRST64.exe 2014-03-20 02:09 - 2014-03-20 02:09 - 00380416 _____ () C:\Users\HP\Desktop\Gmer-19357.exe 2014-03-20 02:08 - 2014-03-20 02:07 - 00050477 _____ () C:\Users\HP\Desktop\Defogger.exe 2014-03-19 23:56 - 2014-03-19 23:37 - 00228494 _____ () C:\Users\HP\Desktop\_20140319_235443.tif 2014-03-19 23:37 - 2014-03-19 23:37 - 01480772 _____ () C:\Users\HP\Desktop\_20140319_235650.tif 2014-03-19 18:35 - 2009-07-14 05:45 - 00031248 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2014-03-19 18:35 - 2009-07-14 05:45 - 00031248 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2014-03-19 13:41 - 2013-02-01 08:44 - 01707278 _____ () C:\Windows\WindowsUpdate.log 2014-03-19 13:39 - 2012-03-03 15:32 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2014-03-19 13:39 - 2012-03-03 15:32 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2014-03-19 13:35 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2014-03-19 13:35 - 2009-07-14 05:51 - 00083471 _____ () C:\Windows\setupact.log 2014-03-19 05:26 - 2014-03-19 05:26 - 00000000 _____ () C:\Windows\SysWOW64\sho43EF.tmp 2014-03-18 14:27 - 2013-02-01 08:47 - 00003906 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{60B686FB-5218-4ED2-938C-C2748479D3B2} 2014-03-16 06:44 - 2009-07-14 05:45 - 00368800 _____ () C:\Windows\system32\FNTCACHE.DAT 2014-03-16 06:42 - 2013-02-15 02:18 - 00000000 ____D () C:\Program Files\Microsoft Silverlight 2014-03-16 06:42 - 2013-02-15 02:18 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight 2014-03-16 06:18 - 2013-05-06 00:20 - 00000000 ____D () C:\Users\HP\AppData\Local\CrashDumps 2014-03-16 05:34 - 2013-02-06 19:55 - 00003168 _____ () C:\Windows\System32\Tasks\HPCeeScheduleForHP 2014-03-16 05:34 - 2013-02-06 19:55 - 00000320 _____ () C:\Windows\Tasks\HPCeeScheduleForHP.job 2014-03-16 04:27 - 2013-07-17 11:08 - 00000000 ____D () C:\Windows\system32\MRT 2014-03-16 04:25 - 2013-02-05 22:10 - 90015360 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe 2014-03-16 04:18 - 2014-03-16 04:18 - 00195896 _____ () C:\Users\HP\Desktop\_20140315_233149.tif 2014-03-16 04:11 - 2013-02-01 08:52 - 00087376 _____ () C:\Users\HP\AppData\Local\GDIPFONTCACHEV1.DAT 2014-03-14 16:33 - 2013-02-12 03:18 - 00000000 ____D () C:\Users\HP\AppData\Roaming\SoftGrid Client 2014-03-14 15:50 - 2012-03-03 23:46 - 00700134 _____ () C:\Windows\system32\perfh007.dat 2014-03-14 15:50 - 2012-03-03 23:46 - 00149984 _____ () C:\Windows\system32\perfc007.dat 2014-03-14 15:50 - 2009-07-14 06:13 - 01622236 _____ () C:\Windows\system32\PerfStringBackup.INI 2014-03-13 15:36 - 2014-03-13 15:36 - 00029373 _____ () C:\Users\HP\Desktop\Klausurergebnisse.xlsx 2014-03-10 15:39 - 2013-02-15 05:21 - 00000000 ____D () C:\Users\HP\Total 2014-03-01 07:05 - 2014-03-16 04:20 - 23133696 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2014-03-01 06:17 - 2014-03-16 04:21 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2014-03-01 06:16 - 2014-03-16 04:21 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll 2014-03-01 05:58 - 2014-03-16 04:21 - 02765824 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2014-03-01 05:52 - 2014-03-16 04:20 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll 2014-03-01 05:51 - 2014-03-16 04:20 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll 2014-03-01 05:42 - 2014-03-16 04:20 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll 2014-03-01 05:40 - 2014-03-16 04:21 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll 2014-03-01 05:37 - 2014-03-16 04:20 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll 2014-03-01 05:33 - 2014-03-16 04:20 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe 2014-03-01 05:33 - 2014-03-16 04:20 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe 2014-03-01 05:32 - 2014-03-16 04:20 - 00708608 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll 2014-03-01 05:30 - 2014-03-16 04:21 - 17074688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2014-03-01 05:23 - 2014-03-16 04:20 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe 2014-03-01 05:17 - 2014-03-16 04:20 - 00218624 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe 2014-03-01 05:11 - 2014-03-16 04:20 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb 2014-03-01 05:02 - 2014-03-16 04:20 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll 2014-03-01 04:54 - 2014-03-16 04:20 - 05768704 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2014-03-01 04:52 - 2014-03-16 04:21 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll 2014-03-01 04:51 - 2014-03-16 04:21 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll 2014-03-01 04:47 - 2014-03-16 04:21 - 02168320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2014-03-01 04:43 - 2014-03-16 04:21 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll 2014-03-01 04:43 - 2014-03-16 04:20 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll 2014-03-01 04:42 - 2014-03-16 04:20 - 00627200 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2014-03-01 04:40 - 2014-03-16 04:20 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll 2014-03-01 04:38 - 2014-03-16 04:20 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe 2014-03-01 04:37 - 2014-03-16 04:20 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll 2014-03-01 04:35 - 2014-03-16 04:20 - 02041856 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl 2014-03-01 04:18 - 2014-03-16 04:20 - 13051904 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2014-03-01 04:16 - 2014-03-16 04:20 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll 2014-03-01 04:14 - 2014-03-16 04:20 - 04244480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll 2014-03-01 04:10 - 2014-03-16 04:20 - 02334208 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2014-03-01 04:03 - 2014-03-16 04:21 - 00524288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll 2014-03-01 04:00 - 2014-03-16 04:20 - 01964032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl 2014-03-01 03:57 - 2014-03-16 04:20 - 11266048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2014-03-01 03:38 - 2014-03-16 04:20 - 01393664 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2014-03-01 03:32 - 2014-03-16 04:20 - 01820160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2014-03-01 03:27 - 2014-03-16 04:21 - 01156096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2014-03-01 03:25 - 2014-03-16 04:20 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll 2014-03-01 03:25 - 2014-03-16 04:20 - 00703488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll 2014-02-28 00:13 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\rescache 2014-02-24 05:55 - 2014-02-24 05:55 - 00001154 _____ () C:\Users\HP\Desktop\PUF.txt Some content of TEMP: ==================== C:\Users\HP\AppData\Local\Temp\AskSLib.dll C:\Users\HP\AppData\Local\Temp\avgnt.exe C:\Users\HP\AppData\Local\Temp\bundlesweetimsetup.exe C:\Users\HP\AppData\Local\Temp\DeltaTB.exe C:\Users\HP\AppData\Local\Temp\dp.exe C:\Users\HP\AppData\Local\Temp\Extract.exe C:\Users\HP\AppData\Local\Temp\MyBabylonTB.exe C:\Users\HP\AppData\Local\Temp\pricepeep_130001_1001.exe C:\Users\HP\AppData\Local\Temp\SkypeSetup.exe C:\Users\HP\AppData\Local\Temp\SP56750.exe C:\Users\HP\AppData\Local\Temp\SP56929.exe C:\Users\HP\AppData\Local\Temp\SP57232.exe C:\Users\HP\AppData\Local\Temp\sp58915.exe C:\Users\HP\AppData\Local\Temp\SP59202.exe C:\Users\HP\AppData\Local\Temp\SP60051.exe C:\Users\HP\AppData\Local\Temp\SP60936.exe C:\Users\HP\AppData\Local\Temp\SP61037.exe C:\Users\HP\AppData\Local\Temp\UninstallHPSA.exe ==================== Bamital & volsnap Check ================= C:\Windows\System32\winlogon.exe => MD5 is legit C:\Windows\System32\wininit.exe => MD5 is legit C:\Windows\SysWOW64\wininit.exe => MD5 is legit C:\Windows\explorer.exe => MD5 is legit C:\Windows\SysWOW64\explorer.exe => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\SysWOW64\svchost.exe => MD5 is legit C:\Windows\System32\services.exe => MD5 is legit C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\SysWOW64\User32.dll => MD5 is legit C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\SysWOW64\userinit.exe => MD5 is legit C:\Windows\System32\rpcss.dll => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit LastRegBack: 2014-03-12 06:46 ==================== End Of Log ============================ --- --- --- Addition Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x64) Version: 13-03-2014 Ran by HP at 2014-03-20 02:30:10 Running from C:\Users\HP\Desktop Boot Mode: Normal ========================================================== ==================== Security Center ======================== AV: Avira Desktop (Enabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859} AS: Avira Desktop (Enabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4} AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} FW: ZoneAlarm Free Firewall Firewall (Enabled) {E6380B7E-D4B2-19F1-083E-56486607704B} ==================== Installed Programs ====================== Adobe Flash Player 11 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 11.7.700.202 - Adobe Systems Incorporated) Adobe Flash Player 12 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 12.0.0.77 - Adobe Systems Incorporated) Adobe Reader XI (11.0.06) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.06 - Adobe Systems Incorporated) Adobe Shockwave Player 12.0 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.0.3.133 - Adobe Systems, Inc.) AMD Accelerated Video Transcoding (Version: 2.00.0000 - Advanced Micro Devices, Inc.) Hidden AMD APP SDK Runtime (Version: 10.0.873.1 - Advanced Micro Devices Inc.) Hidden AMD Catalyst Install Manager (HKLM\...\{9D1400EC-5703-3983-53B7-AEFB8BFD1CFA}) (Version: 3.0.864.0 - Advanced Micro Devices, Inc.) AMD Fuel (Version: 2012.0210.16.136 - Ihr Firmenname) Hidden AMD Steady Video Plug-In (Version: 2.03.0000 - AMD) Hidden AMD VISION Engine Control Center (x32 Version: 2012.0210.16.136 - Ihr Firmenname) Hidden Apple Application Support (HKLM-x32\...\{5D09C772-ECB3-442B-9CC6-B4341C78FDC2}) (Version: 2.3.4 - Apple Inc.) Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.) Atheros Driver Installation Program (HKLM-x32\...\{C3A32068-8AB1-4327-BB16-BED9C6219DC7}) (Version: 9.2 - Atheros) Avira Free Antivirus (HKLM-x32\...\Avira AntiVir Desktop) (Version: 14.0.3.350 - Avira) Bejeweled 3 (x32 Version: 2.2.0.98 - WildTangent) Hidden Bing Bar (HKLM-x32\...\{A7E8CB11-B09E-46F8-9BAE-B2E01EBF7E51}) (Version: 7.0.831.0 - Microsoft Corporation) Cake Mania (x32 Version: 2.2.0.98 - WildTangent) Hidden Canon MP Navigator EX 1.0 (HKLM-x32\...\MP Navigator EX 1.0) (Version: - ) Canon MP520 series (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP520_series) (Version: - ) Canon MP520 series Benutzerregistrierung (HKLM-x32\...\Canon MP520 series Benutzerregistrierung) (Version: - ) Canon My Printer (HKLM\...\CanonMyPrinter) (Version: - ) Canon Utilities Easy-PhotoPrint EX (HKLM-x32\...\Easy-PhotoPrint EX) (Version: - ) Canon Utilities Solution Menu (HKLM-x32\...\CanonSolutionMenu) (Version: - ) Catalyst Control Center - Branding (x32 Version: 1.00.0000 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Graphics Previews Common (x32 Version: 2012.0210.16.136 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center InstallProxy (x32 Version: 2012.0210.16.136 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Localization All (x32 Version: 2012.0210.16.136 - Advanced Micro Devices, Inc.) Hidden CCC Help Chinese Standard (x32 Version: 2012.0210.0015.136 - Advanced Micro Devices, Inc.) Hidden CCC Help Chinese Traditional (x32 Version: 2012.0210.0015.136 - Advanced Micro Devices, Inc.) Hidden CCC Help Czech (x32 Version: 2012.0210.0015.136 - Advanced Micro Devices, Inc.) Hidden CCC Help Danish (x32 Version: 2012.0210.0015.136 - Advanced Micro Devices, Inc.) Hidden CCC Help Dutch (x32 Version: 2012.0210.0015.136 - Advanced Micro Devices, Inc.) Hidden CCC Help English (x32 Version: 2012.0210.0015.136 - Advanced Micro Devices, Inc.) Hidden CCC Help Finnish (x32 Version: 2012.0210.0015.136 - Advanced Micro Devices, Inc.) Hidden CCC Help French (x32 Version: 2012.0210.0015.136 - Advanced Micro Devices, Inc.) Hidden CCC Help German (x32 Version: 2012.0210.0015.136 - Advanced Micro Devices, Inc.) Hidden CCC Help Greek (x32 Version: 2012.0210.0015.136 - Advanced Micro Devices, Inc.) Hidden CCC Help Hungarian (x32 Version: 2012.0210.0015.136 - Advanced Micro Devices, Inc.) Hidden CCC Help Italian (x32 Version: 2012.0210.0015.136 - Advanced Micro Devices, Inc.) Hidden CCC Help Japanese (x32 Version: 2012.0210.0015.136 - Advanced Micro Devices, Inc.) Hidden CCC Help Korean (x32 Version: 2012.0210.0015.136 - Advanced Micro Devices, Inc.) Hidden CCC Help Norwegian (x32 Version: 2012.0210.0015.136 - Advanced Micro Devices, Inc.) Hidden CCC Help Polish (x32 Version: 2012.0210.0015.136 - Advanced Micro Devices, Inc.) Hidden CCC Help Portuguese (x32 Version: 2012.0210.0015.136 - Advanced Micro Devices, Inc.) Hidden CCC Help Russian (x32 Version: 2012.0210.0015.136 - Advanced Micro Devices, Inc.) Hidden CCC Help Spanish (x32 Version: 2012.0210.0015.136 - Advanced Micro Devices, Inc.) Hidden CCC Help Swedish (x32 Version: 2012.0210.0015.136 - Advanced Micro Devices, Inc.) Hidden CCC Help Thai (x32 Version: 2012.0210.0015.136 - Advanced Micro Devices, Inc.) Hidden CCC Help Turkish (x32 Version: 2012.0210.0015.136 - Advanced Micro Devices, Inc.) Hidden ccc-utility64 (Version: 2012.0210.16.136 - Advanced Micro Devices, Inc.) Hidden Chuzzle Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden Cisco EAP-FAST Module (HKLM-x32\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.) Cisco LEAP Module (HKLM-x32\...\{51C7AD07-C3F6-4635-8E8A-231306D810FE}) (Version: 1.0.19 - Cisco Systems, Inc.) Cisco PEAP Module (HKLM-x32\...\{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}) (Version: 1.1.6 - Cisco Systems, Inc.) Compatibility Pack für 2007 Office System (HKLM-x32\...\{90120000-0020-0407-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation) Cradle of Rome 2 (x32 Version: 2.2.0.98 - WildTangent) Hidden CyberLink YouCam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 3.5.2.4725 - CyberLink Corp.) CyberLink YouCam (x32 Version: 3.5.2.4725 - CyberLink Corp.) Hidden D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden Emsisoft HiJackFree 4.5 (HKLM-x32\...\Emsisoft HiJackFree_is1) (Version: 4.5 - Emsi Software GmbH) ESU for Microsoft Windows 7 SP1 (HKLM-x32\...\{768A6276-5822-489C-8A2B-67190F745655}) (Version: 4.1.2 - Hewlett-Packard) Evernote v. 4.5.2 (HKLM-x32\...\{8CE152BA-1D16-11E1-867D-984BE15F174E}) (Version: 4.5.2.5904 - Evernote Corp.) Farm Frenzy (x32 Version: 2.2.0.98 - WildTangent) Hidden Farmscapes (x32 Version: 2.2.0.98 - WildTangent) Hidden FATE (x32 Version: 2.2.0.97 - WildTangent) Hidden Final Drive Fury (x32 Version: 2.2.0.95 - WildTangent) Hidden Fishdom (TM) 2 (x32 Version: 2.2.0.98 - WildTangent) Hidden GNU Solfege 3.20.8 (HKLM-x32\...\GNU Solfege_is1) (Version: - ) Google Earth (HKLM-x32\...\{28E82311-8616-11E1-BEB0-B8AC6F97B88E}) (Version: 6.2.2.6613 - Google) Hewlett-Packard ACLM.NET v1.2.1.1 (x32 Version: 1.00.0000 - Hewlett-Packard Company) Hidden HP 3D DriveGuard (HKLM\...\{AB5BCC55-18E2-46C7-9405-FF61CB888F05}) (Version: 4.2.9.1 - Hewlett-Packard Company) HP Auto (Version: 1.0.12935.3667 - Hewlett-Packard Company) Hidden HP Client Services (Version: 1.1.12938.3539 - Hewlett-Packard) Hidden HP CoolSense (HKLM-x32\...\{11AF9A96-6D83-4C3B-8DCB-16EA2A358E3F}) (Version: 2.10.51 - Hewlett-Packard Company) HP Customer Experience Enhancements (x32 Version: 6.0.1.8 - Hewlett-Packard) Hidden HP Documentation (HKLM-x32\...\{16652164-D80F-4EE6-90C6-2E8D5D06092A}) (Version: 1.1.0.0 - Hewlett-Packard) HP Games (HKLM-x32\...\WildTangent hp Master Uninstall) (Version: 1.0.2.5 - WildTangent) HP Launch Box (HKLM\...\{5A847522-375C-4D05-BD3D-88C450CC047F}) (Version: 1.1.5 - Hewlett-Packard Company) HP On Screen Display (HKLM-x32\...\{ED1BD69A-07E3-418C-91F1-D856582581BF}) (Version: 1.3.5 - Hewlett-Packard Company) HP Power Manager (HKLM-x32\...\{D8BCE5B9-67CF-4F3F-93AE-3ACC754C72EB}) (Version: 1.4.7 - Hewlett-Packard Company) HP Quick Launch (HKLM-x32\...\{53B17A98-5BF0-40BC-AAFF-850A357975AC}) (Version: 2.7.2 - Hewlett-Packard Company) HP Recovery Manager (x32 Version: 2.0.0 - Hewlett-Packard) Hidden HP Security Assistant (HKLM\...\{F9DF0B5D-554B-45D2-8698-7C467FAF4BCA}) (Version: 2.0.2 - Hewlett-Packard Company) HP Setup (HKLM-x32\...\{F5E7D9AF-60F6-4A30-87E3-4EA94D322CE1}) (Version: 9.0.15109.3899 - Hewlett-Packard Company) HP Setup Manager (HKLM-x32\...\{AE856388-AFAD-4753-81DF-D96B19D0A17C}) (Version: 1.2.14901.3869 - Hewlett-Packard Company) HP Software Framework (HKLM-x32\...\{D2462056-BA75-4B2C-8267-DFEA2B6AC4AE}) (Version: 4.6.10.1 - Hewlett-Packard Company) HP Support Assistant (HKLM-x32\...\{EE202411-2C26-49E8-9784-1BC1DBF7DE96}) (Version: 7.0.39.15 - Hewlett-Packard Company) IDT Audio (HKLM-x32\...\{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}) (Version: 1.0.6381.0 - IDT) Insaniquarium Deluxe (x32 Version: 2.2.0.97 - WildTangent) Hidden Jewel Match 3 (x32 Version: 2.2.0.98 - WildTangent) Hidden Jewel Quest II (x32 Version: 2.2.0.97 - WildTangent) Hidden Jewel Quest Solitaire 2 (x32 Version: 2.2.0.98 - WildTangent) Hidden Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Logitech Gaming Software 5.08 (HKLM\...\{96F1BA99-300F-4DD5-A26B-788EF63B53B1}) (Version: 5.08.146 - Logitech) Magic Desktop (HKLM-x32\...\EasyBits Magic Desktop) (Version: 3.0 - EasyBits Software AS) Mahjongg Artifacts (x32 Version: 2.2.0.95 - WildTangent) Hidden Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden Microsoft .NET Framework 4.5.1 (DEU) (Version: 4.5.50938 - Microsoft Corporation) Hidden Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation) Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation) Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden Microsoft Flight Simulator X (HKLM-x32\...\InstallShield_{F535B2CF-C9BB-4162-B03A-02D6971F32CC}) (Version: 10.0.60905 - Microsoft Game Studios) Microsoft Flight Simulator X (x32 Version: 10.0.60905 - Microsoft Game Studios) Hidden Microsoft Office 2010 (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation) Microsoft Office Klick-und-Los 2010 (HKLM-x32\...\Office14.Click2Run) (Version: 14.0.4763.1000 - Microsoft Corporation) Microsoft Office Klick-und-Los 2010 (Version: 14.0.4763.1000 - Microsoft Corporation) Hidden Microsoft Office Starter 2010 - Deutsch (HKLM-x32\...\{90140011-0066-0407-0000-0000000FF1CE}) (Version: 14.0.5139.5005 - Microsoft Corporation) Microsoft Office XP Professional mit FrontPage (HKLM-x32\...\{90280407-6000-11D3-8CFE-0050048383C9}) (Version: 10.0.6626.0 - Microsoft Corporation) Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30214.0 - Microsoft Corporation) Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{A49F249F-0C91-497F-86DF-B2585E8E76B7}) (Version: 8.0.50727.42 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Mozilla Firefox 27.0.1 (x86 de) (HKLM-x32\...\Mozilla Firefox 27.0.1 (x86 de)) (Version: 27.0.1 - Mozilla) Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 27.0.1 - Mozilla) MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden MSVCRT_amd64 (x32 Version: 15.4.2862.0708 - Microsoft) Hidden MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation) MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation) MSXML 4.0 SP2 Parser und SDK (HKLM-x32\...\{716E0306-8318-4364-8B8F-0CC4E9376BAC}) (Version: 4.20.9818.0 - Microsoft Corporation) MuseScore 1.3 (HKLM-x32\...\MuseScore) (Version: 1.3.0 - Werner Schweer and Others) Mystery of Mortlake Mansion (x32 Version: 2.2.0.98 - WildTangent) Hidden opensource (x32 Version: 1.0.14960.3876 - Your Company Name) Hidden PDF24 Creator 5.3.0 (HKLM-x32\...\{81A6F461-0DBA-4F12-B56F-0E977EC10576}_is1) (Version: - PDF24.org) Plants vs. Zombies - Game of the Year (x32 Version: 2.2.0.98 - WildTangent) Hidden Polar Bowler (x32 Version: 2.2.0.97 - WildTangent) Hidden QuickTime (HKLM-x32\...\{B67BAFBA-4C9F-48FA-9496-933E3B255044}) (Version: 7.74.80.86 - Apple Inc.) Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.48.823.2011 - Realtek) Realtek PCIE Card Reader (HKLM-x32\...\{C1594429-8296-4652-BF54-9DBE4932A44C}) (Version: 6.1.7601.29004 - Realtek Semiconductor Corp.) ScanSoft OmniPage SE 4 (HKLM-x32\...\{DEE88727-779B-47A9-ACEF-F87CA5F92A65}) (Version: 15.2.0020 - Nuance Communications, Inc.) Skype™ 6.1 (HKLM-x32\...\{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}) (Version: 6.1.129 - Skype Technologies S.A.) SkyTest® Trainingssoftware für Fluglotsen-Eignungstests (HKLM-x32\...\SkyTest® Trainingssoftware für Fluglotsen-Eignungstests_is1) (Version: - SkyTest®) swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 15.3.29.0 - Synaptics Incorporated) Torchlight (x32 Version: 2.2.0.98 - WildTangent) Hidden Update Installer for WildTangent Games App (x32 Version: - WildTangent) Hidden Virtual Families (x32 Version: 2.2.0.98 - WildTangent) Hidden Virtual Villagers 4 - The Tree of Life (x32 Version: 2.2.0.98 - WildTangent) Hidden Wedding Dash (x32 Version: 2.2.0.95 - WildTangent) Hidden WildTangent Games App (HP Games) (x32 Version: 4.0.5.32 - WildTangent) Hidden Windows Live Communications Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3538.0513 - Microsoft Corporation) Windows Live Essentials (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live Fotogalerie (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live ID Sign-in Assistant (Version: 7.250.4232.0 - Microsoft Corporation) Hidden Windows Live Installer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live Language Selector (Version: 15.4.3538.0513 - Microsoft Corporation) Hidden Windows Live Mail (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live Mesh (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation) Windows Live Mesh ActiveX control for remote connections (HKLM-x32\...\{C5398A89-516C-4DAF-BA07-EE7949090E56}) (Version: 15.4.5722.2 - Microsoft Corporation) Windows Live Messenger (x32 Version: 15.4.3538.0513 - Microsoft Corporation) Hidden Windows Live MIME IFilter (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live Movie Maker (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live Photo Common (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live Photo Gallery (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live PIMT Platform (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden Windows Live Remote Client (Version: 15.4.5722.2 - Microsoft Corporation) Hidden Windows Live Remote Client Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden Windows Live Remote Service (Version: 15.4.5722.2 - Microsoft Corporation) Hidden Windows Live Remote Service Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden Windows Live SOXE (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live SOXE Definitions (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live UX Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live UX Platform Language Pack (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden Windows Live Writer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live Writer Resources (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden ZoneAlarm Firewall (x32 Version: 11.0.000.020 - Check Point Software Technologies Ltd.) Hidden ZoneAlarm Free Firewall (HKLM-x32\...\ZoneAlarm Free Firewall) (Version: 11.0.000.020 - Check Point) ZoneAlarm LTD Toolbar (HKLM\...\ZoneAlarm LTD Toolbar) (Version: - Check Point Software Technologies) ZoneAlarm Security (x32 Version: 11.0.000.020 - Check Point Software Technologies Ltd.) Hidden Zuma's Revenge (x32 Version: 2.2.0.98 - WildTangent) Hidden ==================== Restore Points ========================= 23-02-2014 23:07:22 Geplanter Prüfpunkt 27-02-2014 01:10:41 Windows Update 07-03-2014 22:50:10 Windows Update 16-03-2014 03:21:10 Windows Update 19-03-2014 12:40:24 Windows Update ==================== Hosts content: ========================== 2009-07-14 03:34 - 2009-06-10 22:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts ==================== Scheduled Tasks (whitelisted) ============= Task: {2D22C7EB-F2A9-4027-B2BD-0888D7CFDBD1} - System32\Tasks\HPCeeScheduleForHP => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2011-07-15] (Hewlett-Packard) Task: {307EB44A-5964-41AD-BE94-8ECE38B13840} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2012-09-27] (Hewlett-Packard Company) Task: {976A4AC8-04C8-4170-B6A1-987C96FDC6A8} - System32\Tasks\{FFC5A085-5757-414A-83D9-1FFB0F214D60} => C:\Program Files (x86)\Microsoft Office XP\Office10\POWERPNT.EXE [2011-04-26] (Microsoft Corporation) Task: {A8ABEB84-76B3-46AE-B25F-DF0A6218D06D} - System32\Tasks\MirageAgent => C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe [2011-11-28] (CyberLink) Task: {C4731F1F-696C-4F61-8564-28AB25EC26CB} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2012-09-27] (Hewlett-Packard Company) Task: {FAEDB284-011D-4FBB-9A28-820D35C8DBA7} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Update Check => C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater7\HPSFUpdater.exe [2012-09-05] (Hewlett-Packard Company) Task: {FB9B8960-1170-4F8E-B769-34AE7D4A70F4} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_DeviceScan => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2013-08-09] (Hewlett-Packard) Task: C:\Windows\Tasks\HPCeeScheduleForHP.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe ==================== Loaded Modules (whitelisted) ============= 2012-02-10 00:01 - 2012-02-10 00:01 - 00073728 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Container.Wlan.dll 2012-02-10 00:00 - 2012-02-10 00:00 - 00103424 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Proxy.Native.dll 2012-02-09 23:09 - 2012-02-09 23:09 - 00369152 _____ () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll 2011-11-09 08:55 - 2011-11-09 08:55 - 00016384 _____ () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Branding\Branding.dll 2013-06-15 13:16 - 2014-02-14 04:13 - 00394808 _____ () C:\Program Files (x86)\Avira\AntiVir Desktop\sqlite3.dll ==================== Alternate Data Streams (whitelisted) ========= ==================== Safe Mode (whitelisted) =================== HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\vsmon => ""="Service" ==================== Disabled items from MSCONFIG ============== MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Microsoft Office.lnk => C:\Windows\pss\Microsoft Office.lnk.CommonStartup MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" MSCONFIG\startupreg: APSDaemon => "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" MSCONFIG\startupreg: OpwareSE4 => "C:\Program Files (x86)\ScanSoft\OmniPageSE4\OpwareSE4.exe" MSCONFIG\startupreg: PDFPrint => C:\Program Files (x86)\PDF24\pdf24.exe MSCONFIG\startupreg: QuickTime Task => "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime MSCONFIG\startupreg: SetDefault => C:\Program Files\Hewlett-Packard\HP LaunchBox\SetDefault.exe ==================== Faulty Device Manager Devices ============= ==================== Event log errors: ========================= Application errors: ================== Error: (03/19/2014 01:36:09 PM) (Source: WinMgmt) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (03/17/2014 01:39:08 PM) (Source: WinMgmt) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (03/16/2014 11:49:36 PM) (Source: WinMgmt) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (03/16/2014 06:44:41 AM) (Source: WinMgmt) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (03/16/2014 06:18:42 AM) (Source: Application Error) (User: ) Description: Name der fehlerhaften Anwendung: AcroRd32.exe, Version: 11.0.6.70, Zeitstempel: 0x52b528e2 Name des fehlerhaften Moduls: IA32.api_unloaded, Version: 0.0.0.0, Zeitstempel: 0x52b52789 Ausnahmecode: 0xc0000005 Fehleroffset: 0x6c4c6d28 ID des fehlerhaften Prozesses: 0x1d48 Startzeit der fehlerhaften Anwendung: 0xAcroRd32.exe0 Pfad der fehlerhaften Anwendung: AcroRd32.exe1 Pfad des fehlerhaften Moduls: AcroRd32.exe2 Berichtskennung: AcroRd32.exe3 Error: (03/16/2014 04:10:12 AM) (Source: WinMgmt) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (03/14/2014 02:32:25 PM) (Source: CVHSVC) (User: ) Description: Nur zur Information. (Patch task for {90140011-0066-0407-0000-0000000FF1CE}): DownloadLatest Failed: Zurzeit sind keine aktiven Netzwerkverbindungen verfügbar. Der Vorgang wird von BITS wiederholt, sobald der Adapter über eine Verbindung verfügt. Error: (03/12/2014 02:29:59 PM) (Source: WinMgmt) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (03/12/2014 00:22:23 AM) (Source: WinMgmt) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (03/11/2014 00:27:11 AM) (Source: WinMgmt) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 System errors: ============= Error: (03/18/2014 01:13:48 PM) (Source: Schannel) (User: NT-AUTORITÄT) Description: Es wurde eine schwerwiegende Warnung generiert: 40. Der interne Fehlerstatus lautet: 252. Error: (03/18/2014 01:13:48 PM) (Source: Schannel) (User: NT-AUTORITÄT) Description: Es wurde eine schwerwiegende Warnung generiert: 40. Der interne Fehlerstatus lautet: 252. Error: (03/14/2014 04:33:17 PM) (Source: DCOM) (User: ) Description: {F9717507-6651-4EDB-BFF7-AE615179BCCF} Error: (03/08/2014 04:45:52 AM) (Source: Disk) (User: ) Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR1 gefunden. Error: (03/08/2014 04:45:51 AM) (Source: Disk) (User: ) Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR1 gefunden. Error: (03/08/2014 04:45:51 AM) (Source: Disk) (User: ) Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR1 gefunden. Error: (03/08/2014 04:45:50 AM) (Source: Disk) (User: ) Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR1 gefunden. Error: (03/08/2014 04:45:50 AM) (Source: Disk) (User: ) Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR1 gefunden. Error: (03/07/2014 11:44:45 PM) (Source: WMPNetworkSvc) (User: ) Description: WMPNetworkSvc0x80070420 Error: (03/02/2014 05:48:25 PM) (Source: DCOM) (User: HP-HP) Description: AnwendungsspezifischLokalAktivierung{D3DCB472-7261-43CE-924B-0704BD730D5F}{D3DCB472-7261-43CE-924B-0704BD730D5F}HP-HPHPS-1-5-21-4233285500-2345498560-950285895-1001LocalHost (unter Verwendung von LRPC) Microsoft Office Sessions: ========================= Error: (03/19/2014 01:36:09 PM) (Source: WinMgmt)(User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (03/17/2014 01:39:08 PM) (Source: WinMgmt)(User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (03/16/2014 11:49:36 PM) (Source: WinMgmt)(User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (03/16/2014 06:44:41 AM) (Source: WinMgmt)(User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (03/16/2014 06:18:42 AM) (Source: Application Error)(User: ) Description: AcroRd32.exe11.0.6.7052b528e2IA32.api_unloaded0.0.0.052b52789c00000056c4c6d281d4801cf40d72812e701C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AcroRd32.exeIA32.api7011a94f-acca-11e3-bc03-26e543444c33 Error: (03/16/2014 04:10:12 AM) (Source: WinMgmt)(User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (03/14/2014 02:32:25 PM) (Source: CVHSVC)(User: ) Description: (Patch task for {90140011-0066-0407-0000-0000000FF1CE}): DownloadLatest Failed: Zurzeit sind keine aktiven Netzwerkverbindungen verfügbar. Der Vorgang wird von BITS wiederholt, sobald der Adapter über eine Verbindung verfügt. Error: (03/12/2014 02:29:59 PM) (Source: WinMgmt)(User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (03/12/2014 00:22:23 AM) (Source: WinMgmt)(User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (03/11/2014 00:27:11 AM) (Source: WinMgmt)(User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 CodeIntegrity Errors: =================================== Date: 2014-03-20 02:24:05.117 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. Date: 2014-03-19 23:48:11.130 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. Date: 2014-03-19 23:20:54.131 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. Date: 2014-03-19 23:05:26.866 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. Date: 2014-03-19 19:40:13.926 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. Date: 2014-03-19 14:09:34.312 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. Date: 2014-03-19 14:03:47.724 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. Date: 2014-03-19 05:25:54.819 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. Date: 2014-03-18 13:39:49.006 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. Date: 2014-03-16 06:23:30.532 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. ==================== Memory info =========================== Percentage of memory in use: 29% Total physical RAM: 3560.37 MB Available physical RAM: 2497.51 MB Total Pagefile: 7118.91 MB Available Pagefile: 5337.88 MB Total Virtual: 8192 MB Available Virtual: 8191.82 MB ==================== Drives ================================ Drive c: (Festplatte) (Fixed) (Total:575.57 GB) (Free:479.72 GB) NTFS ==>[System with boot components (obtained from reading drive)] Drive d: (Recovery) (Fixed) (Total:20.31 GB) (Free:2.17 GB) NTFS ==>[System with boot components (obtained from reading drive)] Drive e: (20131110 Bach Collegium 002) (CDROM) (Total:4.26 GB) (Free:0 GB) UDF Drive f: (HP_TOOLS) (Fixed) (Total:0.1 GB) (Free:0.08 GB) FAT32 Drive g: (FLASH DRIVE) (Removable) (Total:7.2 GB) (Free:6.77 GB) FAT32 ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or 8) (Size: 596 GB) (Disk ID: F6D17443) Partition: GPT Partition Type. ======================================================== Disk: 1 (MBR Code: Windows XP) (Size: 7 GB) (Disk ID: C3072E18) Partition: GPT Partition Type. ==================== End Of Log ============================ GMER Code:
ATTFilter GMER 2.1.19357 - hxxp://www.gmer.net Rootkit scan 2014-03-20 02:43:23 Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\0000005f ST640LM0 rev.2AJ1 596,17GB Running: Gmer-19357.exe; Driver: C:\Users\HP\AppData\Local\Temp\kxddipog.sys ---- Kernel code sections - GMER 2.1 ---- INITKDBG C:\Windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 528 fffff80002fff000 45 bytes [00, 00, 00, 00, 00, 00, 00, ...] INITKDBG C:\Windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 575 fffff80002fff02f 16 bytes [00, 00, 00, 00, 00, 00, 00, ...] ---- User code sections - GMER 2.1 ---- .text C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe[1572] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076bc1465 2 bytes [BC, 76] .text C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe[1572] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000076bc14bb 2 bytes [BC, 76] .text ... * 2 ---- EOF - GMER 2.1 ---- Geändert von Balsberg (20.03.2014 um 04:37 Uhr) |
20.03.2014, 07:36 | #2 |
/// the machine /// TB-Ausbilder | Computer bzw. Firefox seit einiger Zeit langsam, dabei Lüfter auf Hochtouren hi,
__________________Scan mit Combofix
__________________ |
21.03.2014, 03:56 | #3 |
| Computer bzw. Firefox seit einiger Zeit langsam, dabei Lüfter auf Hochtouren Hi!
__________________Danke für die schnelle Antwort. Eine wichtige Frage: Waren die ersten Log-Dateien (Defogger, FRST, GMER) eigentlich in Ordnung oder konnte man da irgendwelche Unregelmäßigkeiten erkennen? Der Scan mit Combofix hat ca. 1,5 - 2 Std. gedauert. Fehlermedlungen kamen nicht. Nur Antivir hat zu Beginn und am Ende des Scans eine Meldung gebracht, daß ein Zugriff zur Registry verhindert worden ist. Und das, obwohl ich Antivir vor Beginn des Scans deaktiviert hatte. Noch etwas: Leider war mir gar nicht bewußt, daß Windows Defender aktiv war und so hatte ich ihn vor dem Scan nicht mehr ausgeschaltet. Ich hatte in meinem ersten Beitrag auch vergessen zu erwähnen, daß Windows selbständig den Defender aktiviert hatte, als Antivir plötzlich nicht richtig funktionierte. Aber nachdem ich im Administrator-Modus die neuen Avira-Virendefinitionen heruntergeladet hatte, lief Antivir wieder und ich hörte auch nie mehr wieder etwas vom Defender. Also nahm ich an, daß Windows das Funktionieren von Antivir bemerkt hat und den Defender wieder deaktiviert hatte. Anbei das Combofix-Log: Code:
ATTFilter ComboFix 14-03-19.01 - HP 21.03.2014 1:34.1.2 - x64 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.49.1031.18.3560.2555 [GMT 1:00] ausgeführt von:: c:\users\HP\Desktop\ComboFix.exe AV: Avira Desktop *Disabled/Updated* {4D041356-F94D-285F-8768-AAE50FA36859} FW: ZoneAlarm Free Firewall Firewall *Disabled* {E6380B7E-D4B2-19F1-083E-56486607704B} SP: Avira Desktop *Disabled/Updated* {F665F2B2-DF77-27D1-BDD8-9197742422E4} SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . (((((((((((((((((((((((((((((((((((( Weitere Löschungen )))))))))))))))))))))))))))))))))))))))))))))))) . . C:\Windows-KB890830-x64-V5.8.exe . . ((((((((((((((((((((((( Dateien erstellt von 2014-02-21 bis 2014-03-21 )))))))))))))))))))))))))))))) . . 2014-03-21 00:54 . 2014-03-21 00:54 -------- d-----w- c:\users\Default\AppData\Local\temp 2014-03-21 00:40 . 2014-03-21 00:40 75888 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{303EACBE-875A-47F2-9586-7399521ADBA6}\offreg.dll 2014-03-20 01:28 . 2014-03-20 01:30 -------- d-----w- C:\FRST 2014-03-19 12:41 . 2014-03-07 04:43 10521840 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{303EACBE-875A-47F2-9586-7399521ADBA6}\mpengine.dll 2014-03-19 04:26 . 2014-03-19 04:26 0 ----a-w- c:\windows\SysWow64\sho43EF.tmp 2014-03-16 03:20 . 2014-03-01 05:08 7211520 ----a-w- c:\program files\Internet Explorer\F12Resources.dll 2014-03-16 03:19 . 2014-02-04 02:32 624128 ----a-w- c:\windows\system32\qedit.dll 2014-03-16 03:19 . 2014-02-04 02:04 509440 ----a-w- c:\windows\SysWow64\qedit.dll 2014-03-16 03:19 . 2014-02-04 02:32 1424384 ----a-w- c:\windows\system32\WindowsCodecs.dll 2014-03-16 03:19 . 2014-02-04 02:04 1230336 ----a-w- c:\windows\SysWow64\WindowsCodecs.dll 2014-03-16 03:19 . 2014-02-07 01:23 3156480 ----a-w- c:\windows\system32\win32k.sys 2014-02-27 01:10 . 2014-01-09 02:22 5694464 ----a-w- c:\windows\SysWow64\mstscax.dll 2014-02-27 01:10 . 2014-01-03 22:44 6574592 ----a-w- c:\windows\system32\mstscax.dll . . . (((((((((((((((((((((((((((((((((((( Find3M Bericht )))))))))))))))))))))))))))))))))))))))))))))))))))))) . 2014-03-19 12:39 . 2012-03-03 14:32 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl 2014-03-19 12:39 . 2012-03-03 14:32 692616 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe 2014-03-16 03:25 . 2013-02-05 21:10 90015360 ----a-w- c:\windows\system32\MRT.exe 2014-02-07 23:55 . 2014-02-07 23:54 41404760 ----a-w- C:\QuickTimeInstaller.exe 2014-01-16 22:16 . 2014-01-16 22:15 39074536 ----a-w- C:\FileFormatConverters.exe 2014-01-16 22:11 . 2014-01-16 22:11 5254992 ----a-w- C:\officexp-KB917347-FullFile-DEU.exe 2014-01-16 22:10 . 2014-01-16 22:09 7720272 ----a-w- C:\officexp-KB917153-FullFile-DEU.exe 2014-01-16 22:08 . 2014-01-16 22:08 13898064 ----a-w- C:\officexp-KB918420-FullFile-DEU.exe 2014-01-16 22:02 . 2014-01-16 22:01 64771624 ----a-w- C:\OfficeXpSp3-kb832671-fullfile-deu.exe 2013-12-24 23:09 . 2014-02-15 02:40 1987584 ----a-w- c:\windows\SysWow64\d3d10warp.dll 2013-12-24 22:48 . 2014-02-15 02:40 2565120 ----a-w- c:\windows\system32\d3d10warp.dll 2013-12-21 09:53 . 2014-02-15 02:44 548864 ----a-w- c:\windows\system32\vbscript.dll 2013-12-21 08:56 . 2014-02-15 02:44 454656 ----a-w- c:\windows\SysWow64\vbscript.dll . . (((((((((((((((((((((((((((( Autostartpunkte der Registrierung )))))))))))))))))))))))))))))))))))))))) . . *Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. REGEDIT4 . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2012-02-10 630912] "Easybits Recovery"="c:\program files (x86)\EasyBits For Kids\ezRecover.exe" [2011-09-15 61112] "HPOSD"="c:\program files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe" [2011-08-19 379960] "HP CoolSense"="c:\program files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe" [2012-11-05 1343904] "SSBkgdUpdate"="c:\program files (x86)\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-10-25 210472] "ZoneAlarm"="c:\program files (x86)\CheckPoint\ZoneAlarm\zatray.exe" [2012-11-19 73392] "avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2014-02-21 689744] "HP Quick Launch"="c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe" [2012-03-05 578944] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) "HideFastUserSwitching"= 0 (0x0) . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer] "EnableShellExecuteHooks"= 1 (0x1) . [hkey_local_machine\software\Wow6432Node\microsoft\windows\currentversion\explorer\ShellExecuteHooks] . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon] "Userinit"="userinit.exe" . R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x] R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x] R3 BBSvc;Bing Bar Update Service;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE [x] R3 GamesAppService;GamesAppService;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe [x] R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x] R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x] R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS;c:\windows\SYSNATIVE\DRIVERS\VSTAZL6.SYS [x] R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS;c:\windows\SYSNATIVE\DRIVERS\VSTDPV6.SYS [x] R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS;c:\windows\SYSNATIVE\DRIVERS\VSTCNXT6.SYS [x] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x] R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x] R4 AntiVirWebService;Avira Browser-Schutz;c:\program files (x86)\Avira\AntiVir Desktop\avwebg7.exe;c:\program files (x86)\Avira\AntiVir Desktop\avwebg7.exe [x] R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x] S0 amd_sata;amd_sata;c:\windows\system32\drivers\amd_sata.sys;c:\windows\SYSNATIVE\drivers\amd_sata.sys [x] S0 amd_xata;amd_xata;c:\windows\system32\drivers\amd_xata.sys;c:\windows\SYSNATIVE\drivers\amd_xata.sys [x] S0 amdkmpfd;AMD PCI Root Bus Lower Filter;c:\windows\system32\drivers\amdkmpfd.sys;c:\windows\SYSNATIVE\drivers\amdkmpfd.sys [x] S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys;c:\windows\SYSNATIVE\DRIVERS\avkmgr.sys [x] S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x] S2 AMD FUEL Service;AMD FUEL Service;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [x] S2 AntiVirSchedulerService;Avira Planer;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [x] S2 BBUpdate;BBUpdate;c:\program files (x86)\Microsoft\BingBar\SeaPort.EXE;c:\program files (x86)\Microsoft\BingBar\SeaPort.EXE [x] S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [x] S2 ezSharedSvc;Easybits Services for Windows;c:\windows\System32\ezSharedSvcHost.exe;c:\windows\SYSNATIVE\ezSharedSvcHost.exe [x] S2 HP Support Assistant Service;HP Support Assistant Service;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [x] S2 HPClientSvc;HP Client Services;c:\program files\Hewlett-Packard\HP Client Services\HPClientServices.exe;c:\program files\Hewlett-Packard\HP Client Services\HPClientServices.exe [x] S2 hpsrv;HP Service;c:\windows\system32\Hpservice.exe;c:\windows\SYSNATIVE\Hpservice.exe [x] S2 HPWMISVC;HPWMISVC;c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe;c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [x] S2 ISWKL;ZoneAlarm LTD Toolbar ISWKL;c:\program files\CheckPoint\ZAForceField\ISWKL.sys;c:\program files\CheckPoint\ZAForceField\ISWKL.sys [x] S2 IswSvc;ZoneAlarm LTD Toolbar IswSvc;c:\program files\CheckPoint\ZAForceField\IswSvc.exe;c:\program files\CheckPoint\ZAForceField\IswSvc.exe [x] S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [x] S3 amdhub30;AMD USB 3.0 Hub Driver;c:\windows\system32\drivers\amdhub30.sys;c:\windows\SYSNATIVE\drivers\amdhub30.sys [x] S3 amdiox64;AMD IO Driver;c:\windows\system32\drivers\amdiox64.sys;c:\windows\SYSNATIVE\drivers\amdiox64.sys [x] S3 amdxhc;AMD USB 3.0 Host Controller Driver;c:\windows\system32\drivers\amdxhc.sys;c:\windows\SYSNATIVE\drivers\amdxhc.sys [x] S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys;c:\windows\SYSNATIVE\drivers\AtihdW76.sys [x] S3 clwvd;CyberLink WebCam Virtual Driver;c:\windows\system32\DRIVERS\clwvd.sys;c:\windows\SYSNATIVE\DRIVERS\clwvd.sys [x] S3 RSP2STOR;Realtek PCIE CardReader Driver - P2;c:\windows\system32\DRIVERS\RtsP2Stor.sys;c:\windows\SYSNATIVE\DRIVERS\RtsP2Stor.sys [x] S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x] S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftfslh.sys [x] S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftplaylh.sys [x] S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftredirlh.sys [x] S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftvollh.sys [x] S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [x] S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys;c:\windows\SYSNATIVE\DRIVERS\usbfilter.sys [x] . . Inhalt des "geplante Tasks" Ordners . 2014-03-20 c:\windows\Tasks\HPCeeScheduleForHP.job - c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2011-07-15 03:43] . . --------- X64 Entries ----------- . . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2012-01-04 1425408] "CanonSolutionMenu"="c:\program files (x86)\Canon\SolutionMenu\CNSLMAIN.exe" [2007-05-14 644696] "CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2007-04-03 1840720] "ISW"="c:\program files\CheckPoint\ZAForceField\ForceField.exe" [2012-11-02 1127592] "Start WingMan Profiler"="c:\program files\Logitech\Gaming Software\LWEMon.exe" [2009-09-17 190472] . ------- Zusätzlicher Suchlauf ------- . uStart Page = about:blank uLocal Page = c:\windows\system32\blank.htm mLocal Page = c:\windows\SysWOW64\blank.htm IE: Nach Microsoft &Excel exportieren - c:\progra~2\MI3B09~1\Office10\EXCEL.EXE/3000 TCP: DhcpNameServer = 192.168.2.1 FF - ProfilePath - c:\users\HP\AppData\Roaming\Mozilla\Firefox\Profiles\3qkit518.default\ . - - - - Entfernte verwaiste Registrierungseinträge - - - - . HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start HKLM_Wow6432Node-ActiveSetup-{F5E7D9AF-60F6-4A30-87E3-4EA94D322CE1} - msiexec ShellIconOverlayIdentifiers-{FB314ED9-A251-47B7-93E1-CDD82E34AF8B} - (no file) ShellIconOverlayIdentifiers-{FB314EDA-A251-47B7-93E1-CDD82E34AF8B} - (no file) ShellIconOverlayIdentifiers-{FB314EDB-A251-47B7-93E1-CDD82E34AF8B} - (no file) ShellIconOverlayIdentifiers-{FB314EDC-A251-47B7-93E1-CDD82E34AF8B} - (no file) HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe HKLM-Run-CIS_{15198508-521A-4D69-8E5B-B94A6CCFF805} - c:\users\HP\AppData\Local\Temp\cisBC7B.exe HKLM-Run-CIS_{81EFDD93-DBBE-415B-BE6E-49B9664E3E82} - c:\users\HP\AppData\Local\Temp\cisBC7B.exe AddRemove-EasyBits Magic Desktop - c:\windows\system32\ezMDUninstall.exe AddRemove-{EE202411-2C26-49E8-9784-1BC1DBF7DE96} - c:\program files (x86)\InstallShield Installation Information\{EE202411-2C26-49E8-9784-1BC1DBF7DE96}\setup.exe . . . --------------------- Gesperrte Registrierungsschluessel --------------------- . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_202_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_202_ActiveX.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_202_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_202_ActiveX.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_202.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.11" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_202.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_202.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_202.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . Zeit der Fertigstellung: 2014-03-21 03:16:15 ComboFix-quarantined-files.txt 2014-03-21 02:15 . Vor Suchlauf: 8 Verzeichnis(se), 513.007.308.800 Bytes frei Nach Suchlauf: 14 Verzeichnis(se), 513.819.504.640 Bytes frei . - - End Of File - - C8C05D01B14B2D4218F669E5AC9D2C3D A36C5E4F47E84449FF07ED3517B43A31 LG Balsberg |
21.03.2014, 12:22 | #4 |
/// the machine /// TB-Ausbilder | Computer bzw. Firefox seit einiger Zeit langsam, dabei Lüfter auf Hochtouren Bisweilen nix wildes, ausser evtl verbogene Einstellungen. Jetzt hauen wir noch sichtbare Adware raus, dann mal testen was die Kiste tut. Downloade Dir bitte Malwarebytes Anti-Malware
Downloade Dir bitte AdwCleaner auf deinen Desktop.
Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
und ein frisches FRST log bitte.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
23.03.2014, 07:14 | #5 |
| Computer bzw. Firefox seit einiger Zeit langsam, dabei Lüfter auf Hochtouren Hi again! Vielen Dank für die prompte Rückmeldung. Ich habe alle Anweisungen befolgt. Anbei die Log-Dateien: MBAM Code:
ATTFilter Malwarebytes Anti-Malware (Test) 1.75.0.1300 www.malwarebytes.org Datenbank Version: v2014.03.22.10 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 11.0.9600.16521 HP :: HP-HP [Administrator] Schutz: Aktiviert 23.03.2014 06:11:30 mbam-log-2014-03-23 (06-11-30).txt Art des Suchlaufs: Quick-Scan Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 228660 Laufzeit: 9 Minute(n), 23 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 0 (Keine bösartigen Objekte gefunden) (Ende) AdwC Code:
ATTFilter # AdwCleaner v3.022 - Bericht erstellt am 23/03/2014 um 06:32:20 # Aktualisiert 13/03/2014 von Xplode # Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits) # Benutzername : HP - HP-HP # Gestartet von : C:\Users\HP\Desktop\adwcleaner.exe # Option : Löschen ***** [ Dienste ] ***** ***** [ Dateien / Ordner ] ***** Ordner Gelöscht : C:\Users\HP\AppData\Roaming\CheckPoint\ZoneAlarm LTD Toolbar ***** [ Verknüpfungen ] ***** ***** [ Registrierungsdatenbank ] ***** Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASAPI32 Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASMANCS Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\au__rasapi32 Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\au__rasmancs Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\BingBar_RASMANCS Schlüssel Gelöscht : HKLM\SOFTWARE\MozillaPlugins\@checkpoint.com/FFApi Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{0A18A436-2A7A-49F3-A488-30538A2F6323} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{FFB96CC1-7EB3-449D-B827-DB661701C6BB} Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827} Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{68978A37-704A-4963-879F-3FC10CCF1A18} Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{B7FCA997-D0FB-4FE0-8AFD-255E89CF9671} Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{D43B3890-80C7-4010-A95D-1E77B5924DC3} Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827} Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{68978A37-704A-4963-879F-3FC10CCF1A18} Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{B7FCA997-D0FB-4FE0-8AFD-255E89CF9671} Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{D43B3890-80C7-4010-A95D-1E77B5924DC3} Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{FFB96CC1-7EB3-449D-B827-DB661701C6BB} Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827} Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{68978A37-704A-4963-879F-3FC10CCF1A18} Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{B7FCA997-D0FB-4FE0-8AFD-255E89CF9671} Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{D43B3890-80C7-4010-A95D-1E77B5924DC3} Schlüssel Gelöscht : HKCU\Software\OCS Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ZoneAlarm LTD Toolbar ***** [ Browser ] ***** -\\ Internet Explorer v11.0.9600.16521 -\\ Mozilla Firefox v27.0.1 (de) [ Datei : C:\Users\HP\AppData\Roaming\Mozilla\Firefox\Profiles\3qkit518.default\prefs.js ] Zeile gelöscht : user_pref("extensions.fvd_single.surfcanyon.ramp.start_time", "1394026323127"); ************************* AdwCleaner[R0].txt - [3769 octets] - [23/03/2014 06:25:20] AdwCleaner[S0].txt - [3134 octets] - [23/03/2014 06:32:20] ########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [3194 octets] ########## Code:
ATTFilter ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Junkware Removal Tool (JRT) by Thisisu Version: 6.1.2 (02.20.2014:1) OS: Windows 7 Home Premium x64 Ran by HP on 23.03.2014 at 6:43:01,64 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~ Services ~~~ Registry Values ~~~ Registry Keys ~~~ Files Successfully deleted: [File] C:\Windows\syswow64\sho2712.tmp Successfully deleted: [File] C:\Windows\syswow64\sho43EF.tmp Successfully deleted: [File] C:\Windows\syswow64\sho636.tmp Successfully deleted: [File] C:\Windows\syswow64\sho8FF4.tmp ~~~ Folders Successfully deleted: [Empty Folder] C:\Users\HP\appdata\local\{B2198DF6-03FF-4F2C-8E28-05EB150060F9} Successfully deleted: [Empty Folder] C:\Users\HP\appdata\local\{FCEEF9F5-DDC8-4950-978B-105B199FDC25} ~~~ FireFox Emptied folder: C:\Users\HP\AppData\Roaming\mozilla\firefox\profiles\3qkit518.default\minidumps [128 files] ~~~ Event Viewer Logs were cleared ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Scan was completed on 23.03.2014 at 6:54:41,15 End of JRT log ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 13-03-2014 Ran by HP (administrator) on HP-HP on 23-03-2014 06:58:58 Running from C:\Users\HP\Desktop Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard Internet Explorer Version 11 Boot Mode: Normal ==================== Processes (Whitelisted) ================= (AMD) C:\Windows\system32\atiesrxx.exe (IDT, Inc.) C:\Program Files\IDT\WDM\STacSV64.exe (AMD) C:\Windows\system32\atieclxx.exe (Hewlett-Packard Company) C:\Windows\system32\Hpservice.exe (Check Point Software Technologies LTD) C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe (Check Point Software Technologies) C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Microsoft Corporation) C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE (EasyBits Software AS) C:\Windows\SysWOW64\ezSharedSvcHost.exe (Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe (Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe (Microsoft Corporation) C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE (Check Point Software Technologies) C:\Program Files\CheckPoint\ZAForceField\ForceField.exe (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe (CyberLink) C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe (CANON INC.) C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE (Logitech Inc.) C:\Program Files\Logitech\Gaming Software\LWEMon.exe (Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe (Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe (Check Point Software Technologies LTD) C:\Program Files (x86)\CheckPoint\ZoneAlarm\zatray.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe (Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe (Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe (ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe (Synaptics Incorporated) C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE (Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe (Microsoft Corporation) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe ==================== Registry (Whitelisted) ================== HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2837288 2011-10-14] (Synaptics Incorporated) HKLM\...\Run: [SysTrayApp] - C:\Program Files\IDT\WDM\sttray64.exe [1425408 2012-01-04] (IDT, Inc.) HKLM\...\Run: [CanonSolutionMenu] - C:\Program Files (x86)\Canon\SolutionMenu\CNSLMAIN.exe [644696 2007-05-14] (CANON INC.) HKLM\...\Run: [CanonMyPrinter] - C:\Program Files\Canon\MyPrinter\BJMyPrt.exe [1840720 2007-04-03] (CANON INC.) HKLM\...\Run: [CIS_{15198508-521A-4D69-8E5B-B94A6CCFF805}] - "C:\Users\HP\AppData\Local\Temp\cisBC7B.exe" --PostUninstall {15198508-521A-4D69-8E5B-B94A6CCFF805} <===== ATTENTION HKLM\...\Run: [CIS_{81EFDD93-DBBE-415B-BE6E-49B9664E3E82}] - "C:\Users\HP\AppData\Local\Temp\cisBC7B.exe" --PostUninstall {81EFDD93-DBBE-415B-BE6E-49B9664E3E82} <===== ATTENTION HKLM\...\Run: [ISW] - C:\Program Files\CheckPoint\ZAForceField\ForceField.exe [1127592 2012-11-02] (Check Point Software Technologies) HKLM\...\Run: [Start WingMan Profiler] - C:\Program Files\Logitech\Gaming Software\LWEMon.exe [190472 2009-09-17] (Logitech Inc.) HKLM-x32\...\Run: [StartCCC] - C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [630912 2012-02-10] (Advanced Micro Devices, Inc.) HKLM-x32\...\Run: [Easybits Recovery] - C:\Program Files (x86)\EasyBits For Kids\ezRecover.exe [61112 2011-09-15] (EasyBits Software AS) HKLM-x32\...\Run: [HPOSD] - C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe [379960 2011-08-19] (Hewlett-Packard Development Company, L.P.) HKLM-x32\...\Run: [HP CoolSense] - C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe [1343904 2012-11-05] (Hewlett-Packard Development Company, L.P.) HKLM-x32\...\Run: [SSBkgdUpdate] - C:\Program Files (x86)\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe [210472 2006-10-25] (Nuance Communications, Inc.) HKLM-x32\...\Run: [ZoneAlarm] - C:\Program Files (x86)\CheckPoint\ZoneAlarm\zatray.exe [73392 2012-11-19] (Check Point Software Technologies LTD) HKLM-x32\...\Run: [avgnt] - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [689744 2014-02-21] (Avira Operations GmbH & Co. KG) HKLM-x32\...\Run: [HP Quick Launch] - C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe [578944 2012-03-05] (Hewlett-Packard Development Company, L.P.) HKLM\...\Winlogon: [Userinit] c:\windows\system32\userinit.exe,C:\Program Files\MPK\mpk.exe HKLM\...\Policies\Explorer: [EnableShellExecuteHooks] 1 HKU\S-1-5-21-4233285500-2345498560-950285895-1001\...\Policies\system: [DisableLockWorkstation] 0 HKU\S-1-5-21-4233285500-2345498560-950285895-1001\...\Policies\system: [DisableChangePassword] 0 ==================== Internet (Whitelisted) ==================== HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe SearchScopes: HKLM - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/707-111076-19270-3/4?mpre=hxxp://www.ebay.de/sch/i.html?_nkw={searchTerms} SearchScopes: HKLM-x32 - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/707-111076-19270-3/4?mpre=hxxp://www.ebay.de/sch/i.html?_nkw={searchTerms} SearchScopes: HKCU - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/707-111076-19270-3/4?mpre=hxxp://www.ebay.de/sch/i.html?_nkw={searchTerms} BHO: SteadyVideoBHO Class - {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} - C:\Program Files\AMD\SteadyVideo\SteadyVideo.dll (Advanced Micro Devices) BHO: ZoneAlarm Security Engine Registrar - {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies) BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) BHO-x32: SteadyVideoBHO Class - {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} - C:\Program Files (x86)\amd\SteadyVideo\SteadyVideo.dll (Advanced Micro Devices) BHO-x32: ZoneAlarm Security Engine Registrar - {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies) BHO-x32: Windows Live ID-Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) BHO-x32: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.) BHO-x32: HP Network Check Helper - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard) Toolbar: HKLM - ZoneAlarm Security Engine - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies) Toolbar: HKLM-x32 - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.) Toolbar: HKLM-x32 - ZoneAlarm Security Engine - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies) Toolbar: HKCU - No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File Handler-x32: http\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation) Handler-x32: http\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation) Handler-x32: https\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation) Handler-x32: https\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation) Handler-x32: msdaipp\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation) Handler-x32: msdaipp\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation) Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies) Filter: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices) Filter: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices) Filter-x32: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices) Filter-x32: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices) ShellExecuteHooks-x32: EasyBits ShellExecute Hook - {E54729E8-BB3D-4270-9D49-7389EA579090} - C:\Windows\SysWOW64\ezUPBHook.dll [52920 2012-06-25] (EasyBits Software Corp.) Tcpip\Parameters: [DhcpNameServer] 192.168.2.1 FireFox: ======== FF ProfilePath: C:\Users\HP\AppData\Roaming\Mozilla\Firefox\Profiles\3qkit518.default FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_12_0_0_77.dll () FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation) FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_77.dll () FF Plugin-x32: @adobe.com/ShockwavePlayer - C:\Windows\SysWOW64\Adobe\Director\np32dsw_1203133.dll (Adobe Systems, Inc.) FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 - C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll () FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF Plugin HKCU: @Google.com/GoogleEarthPlugin - C:\Users\HP\AppData\Local\Google\Google Earth\plugin\npgeplugin.dll (Google) FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml FF Extension: Flash Video Downloader - Full HD Download - C:\Users\HP\AppData\Roaming\Mozilla\Firefox\Profiles\3qkit518.default\Extensions\artur.dubovoy@gmail.com [2014-03-10] FF HKLM\...\Firefox\Extensions: [{FFB96CC1-7EB3-449D-B827-DB661701C6BB}] - C:\Program Files\CheckPoint\ZAForceField\TrustChecker FF Extension: No Name - C:\Program Files\CheckPoint\ZAForceField\TrustChecker [2013-02-07] FF HKLM-x32\...\Firefox\Extensions: [{FFB96CC1-7EB3-449D-B827-DB661701C6BB}] - C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker FF Extension: ZoneAlarm Security Engine - C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker [2013-02-07] ==================== Services (Whitelisted) ================= R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [361984 2012-02-10] (Advanced Micro Devices, Inc.) R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [440400 2014-02-21] (Avira Operations GmbH & Co. KG) R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [440400 2014-02-21] (Avira Operations GmbH & Co. KG) S4 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\avwebg7.exe [1017424 2014-02-21] (Avira Operations GmbH & Co. KG) R2 IswSvc; C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe [827560 2012-11-02] (Check Point Software Technologies) R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation) R2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation) R2 vsmon; C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe [2447440 2012-11-19] (Check Point Software Technologies LTD) ==================== Drivers (Whitelisted) ==================== R0 amdkmpfd; C:\Windows\System32\drivers\amdkmpfd.sys [31872 2012-02-02] (Advanced Micro Devices, Inc.) U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation) R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [108440 2013-12-12] (Avira Operations GmbH & Co. KG) R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [131576 2013-12-12] (Avira Operations GmbH & Co. KG) R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-12-01] (Avira Operations GmbH & Co. KG) R2 ISWKL; C:\Program Files\CheckPoint\ZAForceField\ISWKL.sys [33712 2012-11-02] (Check Point Software Technologies) R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation) R3 RSP2STOR; C:\Windows\System32\DRIVERS\RtsP2Stor.sys [258664 2011-09-22] (Realtek Semiconductor Corp.) R1 Vsdatant; C:\Windows\System32\DRIVERS\vsdatant.sys [450136 2012-11-01] (Check Point Software Technologies LTD) S3 catchme; \??\C:\ComboFix\catchme.sys [X] ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2014-03-23 06:54 - 2014-03-23 06:54 - 00001209 _____ () C:\Users\HP\Desktop\JRT.txt 2014-03-23 06:42 - 2014-03-23 06:42 - 00000000 ____D () C:\Windows\ERUNT 2014-03-23 06:38 - 2014-03-23 06:38 - 00003298 _____ () C:\Users\HP\Desktop\AdwC.txt 2014-03-23 06:25 - 2014-03-23 06:32 - 00000000 ____D () C:\AdwCleaner 2014-03-23 06:24 - 2014-03-23 06:24 - 00002168 _____ () C:\Users\HP\Desktop\MBAM.txt 2014-03-23 00:17 - 2014-03-23 00:17 - 00001119 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk 2014-03-23 00:17 - 2014-03-23 00:17 - 00000000 ____D () C:\Users\HP\AppData\Roaming\Malwarebytes 2014-03-23 00:17 - 2014-03-23 00:17 - 00000000 ____D () C:\ProgramData\Malwarebytes 2014-03-23 00:17 - 2014-03-23 00:17 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes' Anti-Malware 2014-03-23 00:17 - 2013-04-04 14:50 - 00025928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys 2014-03-22 01:49 - 2014-03-22 01:49 - 01037734 _____ (Thisisu) C:\Users\HP\Desktop\JRT.exe 2014-03-22 01:48 - 2014-03-22 01:48 - 01950720 _____ () C:\Users\HP\Desktop\adwcleaner.exe 2014-03-22 01:47 - 2014-03-22 01:47 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\HP\Desktop\mbam-setup-1.75.0.1300.exe 2014-03-21 03:18 - 2014-03-21 03:18 - 00018451 _____ () C:\ComboFix.txt 2014-03-21 01:31 - 2014-03-21 03:26 - 00000000 ____D () C:\Qoobox 2014-03-21 01:31 - 2011-06-26 07:45 - 00256000 _____ () C:\Windows\PEV.exe 2014-03-21 01:31 - 2010-11-07 18:20 - 00208896 _____ () C:\Windows\MBR.exe 2014-03-21 01:31 - 2009-04-20 05:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe 2014-03-21 01:31 - 2000-08-31 01:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe 2014-03-21 01:31 - 2000-08-31 01:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe 2014-03-21 01:31 - 2000-08-31 01:00 - 00098816 _____ () C:\Windows\sed.exe 2014-03-21 01:31 - 2000-08-31 01:00 - 00080412 _____ () C:\Windows\grep.exe 2014-03-21 01:31 - 2000-08-31 01:00 - 00068096 _____ () C:\Windows\zip.exe 2014-03-21 01:30 - 2014-03-21 02:57 - 00000000 ____D () C:\Windows\erdnt 2014-03-20 10:55 - 2014-03-20 10:55 - 05190052 ____R (Swearware) C:\Users\HP\Desktop\ComboFix.exe 2014-03-20 02:43 - 2014-03-20 02:43 - 00001215 _____ () C:\Users\HP\Desktop\GMER.txt 2014-03-20 02:30 - 2014-03-20 02:30 - 00033678 _____ () C:\Users\HP\Desktop\Addition.txt 2014-03-20 02:29 - 2014-03-23 06:58 - 00016626 _____ () C:\Users\HP\Desktop\FRST.txt 2014-03-20 02:28 - 2014-03-23 06:58 - 00000000 ____D () C:\FRST 2014-03-20 02:27 - 2014-03-20 02:27 - 00000466 _____ () C:\Users\HP\Desktop\defogger_disable.log 2014-03-20 02:27 - 2014-03-20 02:27 - 00000000 _____ () C:\Users\HP\defogger_reenable 2014-03-20 02:09 - 2014-03-20 02:09 - 02157056 _____ (Farbar) C:\Users\HP\Desktop\FRST64.exe 2014-03-20 02:09 - 2014-03-20 02:09 - 00380416 _____ () C:\Users\HP\Desktop\Gmer-19357.exe 2014-03-20 02:07 - 2014-03-20 02:08 - 00050477 _____ () C:\Users\HP\Desktop\Defogger.exe 2014-03-19 23:37 - 2014-03-19 23:56 - 00228494 _____ () C:\Users\HP\Desktop\_20140319_235443.tif 2014-03-19 23:37 - 2014-03-19 23:37 - 01480772 _____ () C:\Users\HP\Desktop\_20140319_235650.tif 2014-03-16 04:21 - 2014-03-01 06:17 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2014-03-16 04:21 - 2014-03-01 06:16 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll 2014-03-16 04:21 - 2014-03-01 05:58 - 02765824 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2014-03-16 04:21 - 2014-03-01 05:40 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll 2014-03-16 04:21 - 2014-03-01 05:30 - 17074688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2014-03-16 04:21 - 2014-03-01 04:52 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll 2014-03-16 04:21 - 2014-03-01 04:51 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll 2014-03-16 04:21 - 2014-03-01 04:47 - 02168320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2014-03-16 04:21 - 2014-03-01 04:43 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll 2014-03-16 04:21 - 2014-03-01 04:03 - 00524288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll 2014-03-16 04:21 - 2014-03-01 03:27 - 01156096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2014-03-16 04:20 - 2014-03-01 07:05 - 23133696 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2014-03-16 04:20 - 2014-03-01 05:52 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll 2014-03-16 04:20 - 2014-03-01 05:51 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll 2014-03-16 04:20 - 2014-03-01 05:42 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll 2014-03-16 04:20 - 2014-03-01 05:37 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll 2014-03-16 04:20 - 2014-03-01 05:33 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe 2014-03-16 04:20 - 2014-03-01 05:33 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe 2014-03-16 04:20 - 2014-03-01 05:32 - 00708608 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll 2014-03-16 04:20 - 2014-03-01 05:23 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe 2014-03-16 04:20 - 2014-03-01 05:17 - 00218624 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe 2014-03-16 04:20 - 2014-03-01 05:11 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb 2014-03-16 04:20 - 2014-03-01 05:02 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll 2014-03-16 04:20 - 2014-03-01 04:54 - 05768704 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2014-03-16 04:20 - 2014-03-01 04:43 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll 2014-03-16 04:20 - 2014-03-01 04:42 - 00627200 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2014-03-16 04:20 - 2014-03-01 04:40 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll 2014-03-16 04:20 - 2014-03-01 04:38 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe 2014-03-16 04:20 - 2014-03-01 04:37 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll 2014-03-16 04:20 - 2014-03-01 04:35 - 02041856 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl 2014-03-16 04:20 - 2014-03-01 04:18 - 13051904 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2014-03-16 04:20 - 2014-03-01 04:16 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll 2014-03-16 04:20 - 2014-03-01 04:14 - 04244480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll 2014-03-16 04:20 - 2014-03-01 04:10 - 02334208 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2014-03-16 04:20 - 2014-03-01 04:00 - 01964032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl 2014-03-16 04:20 - 2014-03-01 03:57 - 11266048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2014-03-16 04:20 - 2014-03-01 03:38 - 01393664 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2014-03-16 04:20 - 2014-03-01 03:32 - 01820160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2014-03-16 04:20 - 2014-03-01 03:25 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll 2014-03-16 04:20 - 2014-03-01 03:25 - 00703488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll 2014-03-16 04:20 - 2014-01-29 03:32 - 00484864 _____ (Microsoft Corporation) C:\Windows\system32\wer.dll 2014-03-16 04:20 - 2014-01-29 03:06 - 00381440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wer.dll 2014-03-16 04:20 - 2014-01-28 03:32 - 00228864 _____ (Microsoft Corporation) C:\Windows\system32\wwansvc.dll 2014-03-16 04:19 - 2014-02-07 02:23 - 03156480 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys 2014-03-16 04:19 - 2014-02-04 03:32 - 01424384 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll 2014-03-16 04:19 - 2014-02-04 03:32 - 00624128 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll 2014-03-16 04:19 - 2014-02-04 03:04 - 01230336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll 2014-03-16 04:19 - 2014-02-04 03:04 - 00509440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll 2014-03-16 04:18 - 2014-03-16 04:18 - 00195896 _____ () C:\Users\HP\Desktop\_20140315_233149.tif 2014-03-13 15:36 - 2014-03-13 15:36 - 00029373 _____ () C:\Users\HP\Desktop\Klausurergebnisse.xlsx 2014-02-27 02:10 - 2014-01-09 03:22 - 05694464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll 2014-02-27 02:10 - 2014-01-03 23:44 - 06574592 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll 2014-02-24 05:55 - 2014-02-24 05:55 - 00001154 _____ () C:\Users\HP\Desktop\PUF.txt ==================== One Month Modified Files and Folders ======= 2014-03-23 06:59 - 2014-03-20 02:29 - 00016626 _____ () C:\Users\HP\Desktop\FRST.txt 2014-03-23 06:58 - 2014-03-20 02:28 - 00000000 ____D () C:\FRST 2014-03-23 06:54 - 2014-03-23 06:54 - 00001209 _____ () C:\Users\HP\Desktop\JRT.txt 2014-03-23 06:43 - 2009-07-14 05:45 - 00031248 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2014-03-23 06:43 - 2009-07-14 05:45 - 00031248 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2014-03-23 06:42 - 2014-03-23 06:42 - 00000000 ____D () C:\Windows\ERUNT 2014-03-23 06:38 - 2014-03-23 06:38 - 00003298 _____ () C:\Users\HP\Desktop\AdwC.txt 2014-03-23 06:35 - 2013-02-07 00:36 - 00000000 ____D () C:\Users\HP\AppData\Roaming\CheckPoint 2014-03-23 06:35 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2014-03-23 06:35 - 2009-07-14 05:51 - 00083785 _____ () C:\Windows\setupact.log 2014-03-23 06:33 - 2013-02-01 08:44 - 01796668 _____ () C:\Windows\WindowsUpdate.log 2014-03-23 06:32 - 2014-03-23 06:25 - 00000000 ____D () C:\AdwCleaner 2014-03-23 06:32 - 2013-02-12 03:18 - 00000000 ____D () C:\Users\HP\AppData\Roaming\SoftGrid Client 2014-03-23 06:24 - 2014-03-23 06:24 - 00002168 _____ () C:\Users\HP\Desktop\MBAM.txt 2014-03-23 00:20 - 2013-02-01 08:47 - 00003906 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{60B686FB-5218-4ED2-938C-C2748479D3B2} 2014-03-23 00:17 - 2014-03-23 00:17 - 00001119 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk 2014-03-23 00:17 - 2014-03-23 00:17 - 00000000 ____D () C:\Users\HP\AppData\Roaming\Malwarebytes 2014-03-23 00:17 - 2014-03-23 00:17 - 00000000 ____D () C:\ProgramData\Malwarebytes 2014-03-23 00:17 - 2014-03-23 00:17 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes' Anti-Malware 2014-03-22 01:49 - 2014-03-22 01:49 - 01037734 _____ (Thisisu) C:\Users\HP\Desktop\JRT.exe 2014-03-22 01:48 - 2014-03-22 01:48 - 01950720 _____ () C:\Users\HP\Desktop\adwcleaner.exe 2014-03-22 01:47 - 2014-03-22 01:47 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\HP\Desktop\mbam-setup-1.75.0.1300.exe 2014-03-21 20:50 - 2010-11-21 04:47 - 00838966 _____ () C:\Windows\PFRO.log 2014-03-21 04:57 - 2013-05-06 00:20 - 00000000 ____D () C:\Users\HP\AppData\Local\CrashDumps 2014-03-21 03:26 - 2014-03-21 01:31 - 00000000 ____D () C:\Qoobox 2014-03-21 03:22 - 2009-07-14 04:20 - 00000000 __RHD () C:\Users\Default 2014-03-21 03:18 - 2014-03-21 03:18 - 00018451 _____ () C:\ComboFix.txt 2014-03-21 02:57 - 2014-03-21 01:30 - 00000000 ____D () C:\Windows\erdnt 2014-03-21 01:56 - 2009-07-14 03:34 - 00000215 _____ () C:\Windows\system.ini 2014-03-20 11:34 - 2013-02-06 19:55 - 00003168 _____ () C:\Windows\System32\Tasks\HPCeeScheduleForHP 2014-03-20 11:34 - 2013-02-06 19:55 - 00000320 _____ () C:\Windows\Tasks\HPCeeScheduleForHP.job 2014-03-20 10:55 - 2014-03-20 10:55 - 05190052 ____R (Swearware) C:\Users\HP\Desktop\ComboFix.exe 2014-03-20 02:43 - 2014-03-20 02:43 - 00001215 _____ () C:\Users\HP\Desktop\GMER.txt 2014-03-20 02:30 - 2014-03-20 02:30 - 00033678 _____ () C:\Users\HP\Desktop\Addition.txt 2014-03-20 02:27 - 2014-03-20 02:27 - 00000466 _____ () C:\Users\HP\Desktop\defogger_disable.log 2014-03-20 02:27 - 2014-03-20 02:27 - 00000000 _____ () C:\Users\HP\defogger_reenable 2014-03-20 02:27 - 2013-02-01 08:44 - 00000000 ____D () C:\Users\HP 2014-03-20 02:09 - 2014-03-20 02:09 - 02157056 _____ (Farbar) C:\Users\HP\Desktop\FRST64.exe 2014-03-20 02:09 - 2014-03-20 02:09 - 00380416 _____ () C:\Users\HP\Desktop\Gmer-19357.exe 2014-03-20 02:08 - 2014-03-20 02:07 - 00050477 _____ () C:\Users\HP\Desktop\Defogger.exe 2014-03-19 23:56 - 2014-03-19 23:37 - 00228494 _____ () C:\Users\HP\Desktop\_20140319_235443.tif 2014-03-19 23:37 - 2014-03-19 23:37 - 01480772 _____ () C:\Users\HP\Desktop\_20140319_235650.tif 2014-03-19 13:39 - 2012-03-03 15:32 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2014-03-19 13:39 - 2012-03-03 15:32 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2014-03-16 06:44 - 2009-07-14 05:45 - 00368800 _____ () C:\Windows\system32\FNTCACHE.DAT 2014-03-16 06:42 - 2013-02-15 02:18 - 00000000 ____D () C:\Program Files\Microsoft Silverlight 2014-03-16 06:42 - 2013-02-15 02:18 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight 2014-03-16 04:27 - 2013-07-17 11:08 - 00000000 ____D () C:\Windows\system32\MRT 2014-03-16 04:25 - 2013-02-05 22:10 - 90015360 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe 2014-03-16 04:18 - 2014-03-16 04:18 - 00195896 _____ () C:\Users\HP\Desktop\_20140315_233149.tif 2014-03-16 04:11 - 2013-02-01 08:52 - 00087376 _____ () C:\Users\HP\AppData\Local\GDIPFONTCACHEV1.DAT 2014-03-14 15:50 - 2012-03-03 23:46 - 00700134 _____ () C:\Windows\system32\perfh007.dat 2014-03-14 15:50 - 2012-03-03 23:46 - 00149984 _____ () C:\Windows\system32\perfc007.dat 2014-03-14 15:50 - 2009-07-14 06:13 - 01622236 _____ () C:\Windows\system32\PerfStringBackup.INI 2014-03-13 15:36 - 2014-03-13 15:36 - 00029373 _____ () C:\Users\HP\Desktop\Klausurergebnisse.xlsx 2014-03-10 15:39 - 2013-02-15 05:21 - 00000000 ____D () C:\Users\HP\Total 2014-03-01 07:05 - 2014-03-16 04:20 - 23133696 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2014-03-01 06:17 - 2014-03-16 04:21 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2014-03-01 06:16 - 2014-03-16 04:21 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll 2014-03-01 05:58 - 2014-03-16 04:21 - 02765824 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2014-03-01 05:52 - 2014-03-16 04:20 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll 2014-03-01 05:51 - 2014-03-16 04:20 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll 2014-03-01 05:42 - 2014-03-16 04:20 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll 2014-03-01 05:40 - 2014-03-16 04:21 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll 2014-03-01 05:37 - 2014-03-16 04:20 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll 2014-03-01 05:33 - 2014-03-16 04:20 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe 2014-03-01 05:33 - 2014-03-16 04:20 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe 2014-03-01 05:32 - 2014-03-16 04:20 - 00708608 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll 2014-03-01 05:30 - 2014-03-16 04:21 - 17074688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2014-03-01 05:23 - 2014-03-16 04:20 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe 2014-03-01 05:17 - 2014-03-16 04:20 - 00218624 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe 2014-03-01 05:11 - 2014-03-16 04:20 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb 2014-03-01 05:02 - 2014-03-16 04:20 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll 2014-03-01 04:54 - 2014-03-16 04:20 - 05768704 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2014-03-01 04:52 - 2014-03-16 04:21 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll 2014-03-01 04:51 - 2014-03-16 04:21 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll 2014-03-01 04:47 - 2014-03-16 04:21 - 02168320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2014-03-01 04:43 - 2014-03-16 04:21 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll 2014-03-01 04:43 - 2014-03-16 04:20 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll 2014-03-01 04:42 - 2014-03-16 04:20 - 00627200 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2014-03-01 04:40 - 2014-03-16 04:20 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll 2014-03-01 04:38 - 2014-03-16 04:20 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe 2014-03-01 04:37 - 2014-03-16 04:20 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll 2014-03-01 04:35 - 2014-03-16 04:20 - 02041856 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl 2014-03-01 04:18 - 2014-03-16 04:20 - 13051904 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2014-03-01 04:16 - 2014-03-16 04:20 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll 2014-03-01 04:14 - 2014-03-16 04:20 - 04244480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll 2014-03-01 04:10 - 2014-03-16 04:20 - 02334208 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2014-03-01 04:03 - 2014-03-16 04:21 - 00524288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll 2014-03-01 04:00 - 2014-03-16 04:20 - 01964032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl 2014-03-01 03:57 - 2014-03-16 04:20 - 11266048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2014-03-01 03:38 - 2014-03-16 04:20 - 01393664 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2014-03-01 03:32 - 2014-03-16 04:20 - 01820160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2014-03-01 03:27 - 2014-03-16 04:21 - 01156096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2014-03-01 03:25 - 2014-03-16 04:20 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll 2014-03-01 03:25 - 2014-03-16 04:20 - 00703488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll 2014-02-28 00:13 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\rescache 2014-02-24 05:55 - 2014-02-24 05:55 - 00001154 _____ () C:\Users\HP\Desktop\PUF.txt Some content of TEMP: ==================== C:\Users\HP\AppData\Local\Temp\avgnt.exe C:\Users\HP\AppData\Local\Temp\Quarantine.exe ==================== Bamital & volsnap Check ================= C:\Windows\System32\winlogon.exe => MD5 is legit C:\Windows\System32\wininit.exe => MD5 is legit C:\Windows\SysWOW64\wininit.exe => MD5 is legit C:\Windows\explorer.exe => MD5 is legit C:\Windows\SysWOW64\explorer.exe => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\SysWOW64\svchost.exe => MD5 is legit C:\Windows\System32\services.exe => MD5 is legit C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\SysWOW64\User32.dll => MD5 is legit C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\SysWOW64\userinit.exe => MD5 is legit C:\Windows\System32\rpcss.dll => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit LastRegBack: 2014-03-20 13:11 ==================== End Of Log ============================ Wie geht es weiter? LG Balsberg |
23.03.2014, 11:35 | #6 |
/// the machine /// TB-Ausbilder | Computer bzw. Firefox seit einiger Zeit langsam, dabei Lüfter auf HochtourenESET Online Scanner
Downloade Dir bitte SecurityCheck und:
und ein frisches FRST log bitte. Noch Probleme?
__________________ --> Computer bzw. Firefox seit einiger Zeit langsam, dabei Lüfter auf Hochtouren |
23.03.2014, 16:51 | #7 |
| Computer bzw. Firefox seit einiger Zeit langsam, dabei Lüfter auf Hochtouren Danke für die rasche Antwort! Es sei mir eine kurze Zwischenfrage erlaubt, bevor ich weitermache: Ich habe vergessen, in meinem letzten Beitrag zu erwähnen, daß die eingangs beschriebenen Probleme nach dem Einsatz von Combofix weg waren. Nach den letzten Installationen und Scans habe ich den Eindruck, daß es wieder da ist... Soll ich nun weitermachen oder nicht? LG Balsberg |
24.03.2014, 11:26 | #8 |
/// the machine /// TB-Ausbilder | Computer bzw. Firefox seit einiger Zeit langsam, dabei Lüfter auf Hochtouren Ja mach mal mit obigem weiter.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
02.04.2014, 04:52 | #9 |
| Computer bzw. Firefox seit einiger Zeit langsam, dabei Lüfter auf Hochtouren Hallo! Danke für den Hinweis und sorry für die lange Funkstille, die sich u.a. durch einen Unfall inkl. Rippenfraktur ergab. Ich dachte eigentlich, mit meinem Rechner sei wohl doch alles bestens, und wollte nichtsdestotrotz mit den nächsten Schritten (ESET, Security Check, erneut FRST) weitermachen, doch letzte Woche tauchte ein neues Problem auf, das vielleicht gar nicht so neu ist, denn das "Verhalten" des Rechners war wieder genau das gleiche wie vor ca. 1 Monat, als ich dann deswegen hier um Hilfe bat! Inzwischen habe ich nämlich Malwarebytes und es hat jedesmal reagiert, wenn Firefox selbständig eine neue Adresse öffnen wollte. Beobachtet habe ich das Ganze zuerst am 26.3., leider habe ich aber die Logs aus Versehen gelöscht. Dafür sind die Logs vom 27.3., 28.3. und 29.3. vorhanden (s. unten). Seitdem trat das Problem (versuchter Abruf einer mir unbekannten Adresse durch Firefox) vorerst nicht mehr auf. Spätere Malwarebytes-Logs dokumentieren nur das (tägliche) Datenbank-Update und zeigen keinerlei Funde, daher habe ich sie hier erstmal nicht eingefügt. Hier besagte Malwarebytes-Logs: 27.3. Code:
ATTFilter 2014/03/27 05:13:27 +0100 HP-HP HP IP-BLOCK 93.115.87.171 (Type: outgoing, Port: 50189, Process: firefox.exe) 2014/03/27 05:13:35 +0100 HP-HP HP IP-BLOCK 93.115.87.171 (Type: outgoing, Port: 50195, Process: firefox.exe) 2014/03/27 05:13:35 +0100 HP-HP HP IP-BLOCK 93.115.87.171 (Type: outgoing, Port: 50197, Process: firefox.exe) 2014/03/27 05:17:52 +0100 HP-HP HP IP-BLOCK 93.174.93.77 (Type: outgoing, Port: 50296, Process: firefox.exe) 2014/03/27 05:17:52 +0100 HP-HP HP IP-BLOCK 93.174.93.77 (Type: outgoing, Port: 50303, Process: firefox.exe) 2014/03/27 05:17:52 +0100 HP-HP HP IP-BLOCK 93.174.93.77 (Type: outgoing, Port: 50305, Process: firefox.exe) 2014/03/27 05:17:52 +0100 HP-HP HP IP-BLOCK 93.174.93.77 (Type: outgoing, Port: 50307, Process: firefox.exe) 2014/03/27 05:40:53 +0100 HP-HP HP IP-BLOCK 93.115.87.171 (Type: outgoing, Port: 50950, Process: firefox.exe) 2014/03/27 05:40:54 +0100 HP-HP HP IP-BLOCK 93.115.87.171 (Type: outgoing, Port: 50954, Process: firefox.exe) 2014/03/27 05:40:54 +0100 HP-HP HP IP-BLOCK 93.115.87.171 (Type: outgoing, Port: 50958, Process: firefox.exe) 2014/03/27 05:40:54 +0100 HP-HP HP IP-BLOCK 93.115.87.171 (Type: outgoing, Port: 50959, Process: firefox.exe) 2014/03/27 05:40:54 +0100 HP-HP HP IP-BLOCK 93.115.87.171 (Type: outgoing, Port: 50961, Process: firefox.exe) 2014/03/27 05:40:54 +0100 HP-HP HP IP-BLOCK 93.115.87.171 (Type: outgoing, Port: 50962, Process: firefox.exe) 2014/03/27 05:41:02 +0100 HP-HP HP IP-BLOCK 93.115.87.171 (Type: outgoing, Port: 50969, Process: firefox.exe) 2014/03/27 05:41:02 +0100 HP-HP HP IP-BLOCK 93.115.87.171 (Type: outgoing, Port: 50970, Process: firefox.exe) 2014/03/27 05:41:18 +0100 HP-HP HP IP-BLOCK 93.115.87.171 (Type: outgoing, Port: 50976, Process: firefox.exe) 2014/03/27 05:41:18 +0100 HP-HP HP IP-BLOCK 93.115.87.171 (Type: outgoing, Port: 50977, Process: firefox.exe) 2014/03/27 05:42:46 +0100 HP-HP HP IP-BLOCK 93.174.93.77 (Type: outgoing, Port: 51046, Process: firefox.exe) 2014/03/27 12:17:35 +0100 HP-HP (null) MESSAGE Starting protection 2014/03/27 12:17:36 +0100 HP-HP (null) MESSAGE Protection started successfully 2014/03/27 12:17:36 +0100 HP-HP (null) MESSAGE Starting IP protection 2014/03/27 12:17:40 +0100 HP-HP (null) MESSAGE IP Protection started successfully 2014/03/27 12:28:52 +0100 HP-HP (null) MESSAGE Executing scheduled update: Daily 2014/03/27 12:28:53 +0100 HP-HP (null) ERROR Scheduled update failed: No address found failed with error code 0 28.3. Code:
ATTFilter 2014/03/28 00:11:47 +0100 HP-HP HP MESSAGE Starting protection 2014/03/28 00:11:47 +0100 HP-HP HP MESSAGE Protection started successfully 2014/03/28 00:11:47 +0100 HP-HP HP MESSAGE Starting IP protection 2014/03/28 00:11:51 +0100 HP-HP HP MESSAGE IP Protection started successfully 2014/03/28 00:14:16 +0100 HP-HP HP IP-BLOCK 98.126.43.221 (Type: outgoing, Port: 49194, Process: firefox.exe) 2014/03/28 00:14:16 +0100 HP-HP HP IP-BLOCK 98.126.43.221 (Type: outgoing, Port: 49203, Process: firefox.exe) 2014/03/28 00:15:12 +0100 HP-HP HP MESSAGE Executing scheduled update: Daily 2014/03/28 00:15:26 +0100 HP-HP HP MESSAGE Scheduled update executed successfully: database updated from version v2014.03.22.10 to version v2014.03.27.07 2014/03/28 00:15:26 +0100 HP-HP HP MESSAGE Starting database refresh 2014/03/28 00:15:26 +0100 HP-HP HP MESSAGE Stopping IP protection 2014/03/28 00:15:26 +0100 HP-HP HP MESSAGE IP Protection stopped successfully 2014/03/28 00:15:31 +0100 HP-HP HP MESSAGE Database refreshed successfully 2014/03/28 00:15:31 +0100 HP-HP HP MESSAGE Starting IP protection 2014/03/28 00:15:36 +0100 HP-HP HP MESSAGE IP Protection started successfully 2014/03/28 00:24:53 +0100 HP-HP HP IP-BLOCK 93.115.87.171 (Type: outgoing, Port: 49500, Process: firefox.exe) 2014/03/28 00:24:53 +0100 HP-HP HP IP-BLOCK 93.115.87.171 (Type: outgoing, Port: 49501, Process: firefox.exe) 2014/03/28 00:25:01 +0100 HP-HP HP IP-BLOCK 93.115.87.171 (Type: outgoing, Port: 49502, Process: firefox.exe) 2014/03/28 00:25:01 +0100 HP-HP HP IP-BLOCK 93.115.87.171 (Type: outgoing, Port: 49503, Process: firefox.exe) 2014/03/28 00:25:01 +0100 HP-HP HP IP-BLOCK 93.115.87.171 (Type: outgoing, Port: 49504, Process: firefox.exe) 2014/03/28 00:25:01 +0100 HP-HP HP IP-BLOCK 93.115.87.171 (Type: outgoing, Port: 49505, Process: firefox.exe) 2014/03/28 00:25:01 +0100 HP-HP HP IP-BLOCK 93.115.87.171 (Type: outgoing, Port: 49506, Process: firefox.exe) 2014/03/28 00:25:01 +0100 HP-HP HP IP-BLOCK 93.115.87.171 (Type: outgoing, Port: 49507, Process: firefox.exe) 2014/03/28 00:25:09 +0100 HP-HP HP IP-BLOCK 93.115.87.171 (Type: outgoing, Port: 49508, Process: firefox.exe) 2014/03/28 00:25:09 +0100 HP-HP HP IP-BLOCK 93.115.87.171 (Type: outgoing, Port: 49509, Process: firefox.exe) 2014/03/28 00:25:17 +0100 HP-HP HP IP-BLOCK 93.115.87.171 (Type: outgoing, Port: 49512, Process: firefox.exe) 2014/03/28 00:25:17 +0100 HP-HP HP IP-BLOCK 93.115.87.171 (Type: outgoing, Port: 49513, Process: firefox.exe) 2014/03/28 00:25:25 +0100 HP-HP HP IP-BLOCK 93.115.87.171 (Type: outgoing, Port: 49514, Process: firefox.exe) 2014/03/28 00:25:25 +0100 HP-HP HP IP-BLOCK 93.115.87.171 (Type: outgoing, Port: 49515, Process: firefox.exe) 2014/03/28 00:25:35 +0100 HP-HP HP MESSAGE Stopping IP protection 2014/03/28 00:25:36 +0100 HP-HP HP MESSAGE IP Protection stopped successfully 2014/03/28 00:28:03 +0100 HP-HP HP MESSAGE Starting IP protection 2014/03/28 00:28:07 +0100 HP-HP HP MESSAGE IP Protection started successfully 2014/03/28 00:40:54 +0100 HP-HP HP IP-BLOCK 98.126.43.221 (Type: outgoing, Port: 50332, Process: firefox.exe) 2014/03/28 00:40:54 +0100 HP-HP HP IP-BLOCK 98.126.43.221 (Type: outgoing, Port: 50333, Process: firefox.exe) 2014/03/28 00:40:57 +0100 HP-HP HP MESSAGE Stopping IP protection 2014/03/28 00:40:57 +0100 HP-HP HP MESSAGE IP Protection stopped successfully 2014/03/28 00:41:25 +0100 HP-HP HP MESSAGE Starting IP protection 2014/03/28 00:41:29 +0100 HP-HP HP MESSAGE IP Protection started successfully 2014/03/28 00:41:33 +0100 HP-HP HP IP-BLOCK 98.126.43.221 (Type: outgoing, Port: 50339, Process: firefox.exe) 2014/03/28 00:41:49 +0100 HP-HP HP IP-BLOCK 98.126.43.221 (Type: outgoing, Port: 50340, Process: firefox.exe) 2014/03/28 00:47:46 +0100 HP-HP HP MESSAGE Stopping IP protection 2014/03/28 00:47:47 +0100 HP-HP HP MESSAGE IP Protection stopped successfully 2014/03/28 00:48:15 +0100 HP-HP HP MESSAGE Starting IP protection 2014/03/28 00:48:19 +0100 HP-HP HP MESSAGE IP Protection started successfully 2014/03/28 23:27:30 +0100 HP-HP (null) MESSAGE Executing scheduled update: Daily 2014/03/28 23:27:31 +0100 HP-HP (null) ERROR Scheduled update failed: No address found failed with error code 0 2014/03/28 23:27:36 +0100 HP-HP (null) MESSAGE Starting protection 2014/03/28 23:27:36 +0100 HP-HP (null) MESSAGE Protection started successfully 2014/03/28 23:27:36 +0100 HP-HP (null) MESSAGE Starting IP protection 2014/03/28 23:27:40 +0100 HP-HP (null) MESSAGE IP Protection started successfully Code:
ATTFilter 2014/03/29 14:11:43 +0100 HP-HP (null) MESSAGE Starting protection 2014/03/29 14:11:43 +0100 HP-HP (null) MESSAGE Protection started successfully 2014/03/29 14:11:43 +0100 HP-HP (null) MESSAGE Starting IP protection 2014/03/29 14:11:47 +0100 HP-HP (null) MESSAGE IP Protection started successfully 2014/03/29 15:32:20 +0100 HP-HP HP IP-BLOCK 81.169.145.156 (Type: outgoing, Port: 51171, Process: firefox.exe) 2014/03/29 15:32:20 +0100 HP-HP HP IP-BLOCK 81.169.145.156 (Type: outgoing, Port: 51172, Process: firefox.exe) 2014/03/29 15:32:20 +0100 HP-HP HP IP-BLOCK 81.169.145.156 (Type: outgoing, Port: 51174, Process: firefox.exe) 2014/03/29 15:32:20 +0100 HP-HP HP IP-BLOCK 81.169.145.156 (Type: outgoing, Port: 51176, Process: firefox.exe) 2014/03/29 15:32:20 +0100 HP-HP HP IP-BLOCK 98.126.43.221 (Type: outgoing, Port: 51241, Process: firefox.exe) 2014/03/29 15:32:20 +0100 HP-HP HP IP-BLOCK 98.126.43.221 (Type: outgoing, Port: 51242, Process: firefox.exe) 2014/03/29 15:32:20 +0100 HP-HP HP IP-BLOCK 98.126.43.221 (Type: outgoing, Port: 51243, Process: firefox.exe) 2014/03/29 15:34:21 +0100 HP-HP HP IP-BLOCK 81.169.145.156 (Type: outgoing, Port: 51313, Process: firefox.exe) 2014/03/29 15:34:29 +0100 HP-HP HP IP-BLOCK 98.126.43.221 (Type: outgoing, Port: 51322, Process: firefox.exe) 2014/03/29 15:34:29 +0100 HP-HP HP IP-BLOCK 81.169.145.156 (Type: outgoing, Port: 51330, Process: firefox.exe) 2014/03/29 15:34:29 +0100 HP-HP HP IP-BLOCK 98.126.43.221 (Type: outgoing, Port: 51331, Process: firefox.exe) 2014/03/29 15:34:29 +0100 HP-HP HP IP-BLOCK 81.169.145.156 (Type: outgoing, Port: 51335, Process: firefox.exe) 2014/03/29 15:36:05 +0100 HP-HP HP IP-BLOCK 81.169.145.156 (Type: outgoing, Port: 51359, Process: firefox.exe) 2014/03/29 15:36:05 +0100 HP-HP HP IP-BLOCK 81.169.145.156 (Type: outgoing, Port: 51360, Process: firefox.exe) 2014/03/29 15:36:18 +0100 HP-HP HP MESSAGE Stopping IP protection 2014/03/29 15:36:19 +0100 HP-HP HP MESSAGE IP Protection stopped successfully 2014/03/29 15:36:48 +0100 HP-HP HP MESSAGE Starting IP protection 2014/03/29 15:36:53 +0100 HP-HP HP MESSAGE IP Protection started successfully FRST: FRST Logfile: FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 13-03-2014 Ran by HP (administrator) on HP-HP on 02-04-2014 03:33:13 Running from C:\Users\HP\Desktop Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard Internet Explorer Version 11 Boot Mode: Normal ==================== Processes (Whitelisted) ================= (AMD) C:\Windows\system32\atiesrxx.exe (IDT, Inc.) C:\Program Files\IDT\WDM\STacSV64.exe (Hewlett-Packard Company) C:\Windows\system32\Hpservice.exe (Check Point Software Technologies LTD) C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe (AMD) C:\Windows\system32\atieclxx.exe (Check Point Software Technologies) C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Microsoft Corporation) C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE (EasyBits Software AS) C:\Windows\SysWOW64\ezSharedSvcHost.exe (Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe (Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe (Microsoft Corporation) C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE (Check Point Software Technologies) C:\Program Files\CheckPoint\ZAForceField\ForceField.exe (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe (CANON INC.) C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE (Logitech Inc.) C:\Program Files\Logitech\Gaming Software\LWEMon.exe (Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe (Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe (Check Point Software Technologies LTD) C:\Program Files (x86)\CheckPoint\ZoneAlarm\zatray.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe (Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe (CyberLink) C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe (Synaptics Incorporated) C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE (Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe (ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe (Microsoft Corporation) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe (Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe (Microsoft Corporation) C:\Program Files (x86)\Internet Explorer\IELowutil.exe ==================== Registry (Whitelisted) ================== HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2837288 2011-10-14] (Synaptics Incorporated) HKLM\...\Run: [SysTrayApp] - C:\Program Files\IDT\WDM\sttray64.exe [1425408 2012-01-04] (IDT, Inc.) HKLM\...\Run: [CanonSolutionMenu] - C:\Program Files (x86)\Canon\SolutionMenu\CNSLMAIN.exe [644696 2007-05-14] (CANON INC.) HKLM\...\Run: [CanonMyPrinter] - C:\Program Files\Canon\MyPrinter\BJMyPrt.exe [1840720 2007-04-03] (CANON INC.) HKLM\...\Run: [CIS_{15198508-521A-4D69-8E5B-B94A6CCFF805}] - "C:\Users\HP\AppData\Local\Temp\cisBC7B.exe" --PostUninstall {15198508-521A-4D69-8E5B-B94A6CCFF805} <===== ATTENTION HKLM\...\Run: [CIS_{81EFDD93-DBBE-415B-BE6E-49B9664E3E82}] - "C:\Users\HP\AppData\Local\Temp\cisBC7B.exe" --PostUninstall {81EFDD93-DBBE-415B-BE6E-49B9664E3E82} <===== ATTENTION HKLM\...\Run: [ISW] - C:\Program Files\CheckPoint\ZAForceField\ForceField.exe [1127592 2012-11-02] (Check Point Software Technologies) HKLM\...\Run: [Start WingMan Profiler] - C:\Program Files\Logitech\Gaming Software\LWEMon.exe [190472 2009-09-17] (Logitech Inc.) HKLM-x32\...\Run: [StartCCC] - C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [630912 2012-02-10] (Advanced Micro Devices, Inc.) HKLM-x32\...\Run: [Easybits Recovery] - C:\Program Files (x86)\EasyBits For Kids\ezRecover.exe [61112 2011-09-15] (EasyBits Software AS) HKLM-x32\...\Run: [HPOSD] - C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe [379960 2011-08-19] (Hewlett-Packard Development Company, L.P.) HKLM-x32\...\Run: [HP CoolSense] - C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe [1343904 2012-11-05] (Hewlett-Packard Development Company, L.P.) HKLM-x32\...\Run: [SSBkgdUpdate] - C:\Program Files (x86)\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe [210472 2006-10-25] (Nuance Communications, Inc.) HKLM-x32\...\Run: [ZoneAlarm] - C:\Program Files (x86)\CheckPoint\ZoneAlarm\zatray.exe [73392 2012-11-19] (Check Point Software Technologies LTD) HKLM-x32\...\Run: [avgnt] - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [689744 2014-02-21] (Avira Operations GmbH & Co. KG) HKLM-x32\...\Run: [HP Quick Launch] - C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe [578944 2012-03-05] (Hewlett-Packard Development Company, L.P.) HKLM\...\Winlogon: [Userinit] c:\windows\system32\userinit.exe,C:\Program Files\MPK\mpk.exe HKLM\...\Policies\Explorer: [EnableShellExecuteHooks] 1 HKU\S-1-5-21-4233285500-2345498560-950285895-1001\...\Policies\system: [DisableLockWorkstation] 0 HKU\S-1-5-21-4233285500-2345498560-950285895-1001\...\Policies\system: [DisableChangePassword] 0 ==================== Internet (Whitelisted) ==================== HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe SearchScopes: HKLM - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/707-111076-19270-3/4?mpre=hxxp://www.ebay.de/sch/i.html?_nkw={searchTerms} SearchScopes: HKLM-x32 - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/707-111076-19270-3/4?mpre=hxxp://www.ebay.de/sch/i.html?_nkw={searchTerms} SearchScopes: HKCU - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/707-111076-19270-3/4?mpre=hxxp://www.ebay.de/sch/i.html?_nkw={searchTerms} BHO: SteadyVideoBHO Class - {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} - C:\Program Files\AMD\SteadyVideo\SteadyVideo.dll (Advanced Micro Devices) BHO: ZoneAlarm Security Engine Registrar - {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies) BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) BHO-x32: SteadyVideoBHO Class - {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} - C:\Program Files (x86)\amd\SteadyVideo\SteadyVideo.dll (Advanced Micro Devices) BHO-x32: ZoneAlarm Security Engine Registrar - {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies) BHO-x32: Windows Live ID-Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) BHO-x32: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.) BHO-x32: HP Network Check Helper - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard) Toolbar: HKLM - ZoneAlarm Security Engine - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies) Toolbar: HKLM-x32 - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.) Toolbar: HKLM-x32 - ZoneAlarm Security Engine - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies) Toolbar: HKCU - No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File Handler-x32: http\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation) Handler-x32: http\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation) Handler-x32: https\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation) Handler-x32: https\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation) Handler-x32: msdaipp\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation) Handler-x32: msdaipp\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation) Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies) Filter: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices) Filter: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices) Filter-x32: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices) Filter-x32: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices) ShellExecuteHooks-x32: EasyBits ShellExecute Hook - {E54729E8-BB3D-4270-9D49-7389EA579090} - C:\Windows\SysWOW64\ezUPBHook.dll [52920 2012-06-25] (EasyBits Software Corp.) Tcpip\Parameters: [DhcpNameServer] 192.168.2.1 FireFox: ======== FF ProfilePath: C:\Users\HP\AppData\Roaming\Mozilla\Firefox\Profiles\3qkit518.default FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_12_0_0_77.dll () FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation) FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_77.dll () FF Plugin-x32: @adobe.com/ShockwavePlayer - C:\Windows\SysWOW64\Adobe\Director\np32dsw_1203133.dll (Adobe Systems, Inc.) FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 - C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll () FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF Plugin HKCU: @Google.com/GoogleEarthPlugin - C:\Users\HP\AppData\Local\Google\Google Earth\plugin\npgeplugin.dll (Google) FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml FF Extension: Flash Video Downloader - Full HD Download - C:\Users\HP\AppData\Roaming\Mozilla\Firefox\Profiles\3qkit518.default\Extensions\artur.dubovoy@gmail.com [2014-03-10] FF HKLM\...\Firefox\Extensions: [{FFB96CC1-7EB3-449D-B827-DB661701C6BB}] - C:\Program Files\CheckPoint\ZAForceField\TrustChecker FF Extension: No Name - C:\Program Files\CheckPoint\ZAForceField\TrustChecker [2013-02-07] FF HKLM-x32\...\Firefox\Extensions: [{FFB96CC1-7EB3-449D-B827-DB661701C6BB}] - C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker FF Extension: ZoneAlarm Security Engine - C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker [2013-02-07] ==================== Services (Whitelisted) ================= R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [361984 2012-02-10] (Advanced Micro Devices, Inc.) R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [440400 2014-02-21] (Avira Operations GmbH & Co. KG) R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [440400 2014-02-21] (Avira Operations GmbH & Co. KG) S4 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\avwebg7.exe [1017424 2014-02-21] (Avira Operations GmbH & Co. KG) R2 IswSvc; C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe [827560 2012-11-02] (Check Point Software Technologies) R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation) R2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation) R2 vsmon; C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe [2447440 2012-11-19] (Check Point Software Technologies LTD) ==================== Drivers (Whitelisted) ==================== R0 amdkmpfd; C:\Windows\System32\drivers\amdkmpfd.sys [31872 2012-02-02] (Advanced Micro Devices, Inc.) U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation) R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [108440 2013-12-12] (Avira Operations GmbH & Co. KG) R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [131576 2013-12-12] (Avira Operations GmbH & Co. KG) R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-12-01] (Avira Operations GmbH & Co. KG) R2 ISWKL; C:\Program Files\CheckPoint\ZAForceField\ISWKL.sys [33712 2012-11-02] (Check Point Software Technologies) R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation) R3 RSP2STOR; C:\Windows\System32\DRIVERS\RtsP2Stor.sys [258664 2011-09-22] (Realtek Semiconductor Corp.) R1 Vsdatant; C:\Windows\System32\DRIVERS\vsdatant.sys [450136 2012-11-01] (Check Point Software Technologies LTD) S3 catchme; \??\C:\ComboFix\catchme.sys [X] ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2014-04-02 02:00 - 2014-04-02 02:00 - 03739840 _____ () C:\Users\HP\Desktop\Sprachproben_wma.wma 2014-04-02 00:25 - 2014-04-02 00:25 - 01968708 _____ () C:\Users\HP\Desktop\_20140402_003802.tif 2014-04-02 00:25 - 2014-04-02 00:25 - 00324314 _____ () C:\Users\HP\Desktop\_20140402_003508.tif 2014-03-29 16:32 - 2014-03-29 16:32 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox 2014-03-29 00:39 - 2014-03-29 00:41 - 00000000 ____D () C:\Users\HP\AppData\Local\Windows Live 2014-03-29 00:39 - 2014-03-29 00:39 - 00000000 ____D () C:\Users\HP\AppData\Local\{53C312A8-A158-42C7-8594-FAC41904AA75} 2014-03-29 00:38 - 2014-03-29 00:38 - 00003182 _____ () C:\Users\HP\Desktop\message-rfc822-attachment.eml 2014-03-28 03:20 - 2014-03-28 05:47 - 00000985 _____ () C:\Users\HP\Desktop\GG.txt 2014-03-28 03:08 - 2014-03-28 03:10 - 00001298 _____ () C:\Users\HP\Desktop\FG.txt 2014-03-28 02:45 - 2014-03-28 03:02 - 00000550 _____ () C:\Users\HP\Desktop\DFG.txt 2014-03-28 02:41 - 2014-03-28 02:53 - 00001570 _____ () C:\Users\HP\Desktop\BG.txt 2014-03-24 05:59 - 2014-03-24 05:59 - 00987442 _____ () C:\Users\HP\Desktop\SecurityCheck.exe 2014-03-23 15:13 - 2014-03-23 15:14 - 02347384 _____ (ESET) C:\Users\HP\Desktop\esetsmartinstaller_enu.exe 2014-03-23 07:54 - 2014-03-23 07:54 - 00001209 _____ () C:\Users\HP\Desktop\JRT.txt 2014-03-23 07:42 - 2014-03-23 07:42 - 00000000 ____D () C:\Windows\ERUNT 2014-03-23 07:38 - 2014-03-23 07:38 - 00003298 _____ () C:\Users\HP\Desktop\AdwC.txt 2014-03-23 07:25 - 2014-03-23 07:32 - 00000000 ____D () C:\AdwCleaner 2014-03-23 07:24 - 2014-03-23 07:24 - 00002168 _____ () C:\Users\HP\Desktop\MBAM.txt 2014-03-23 01:17 - 2014-03-23 01:17 - 00001119 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk 2014-03-23 01:17 - 2014-03-23 01:17 - 00000000 ____D () C:\Users\HP\AppData\Roaming\Malwarebytes 2014-03-23 01:17 - 2014-03-23 01:17 - 00000000 ____D () C:\ProgramData\Malwarebytes 2014-03-23 01:17 - 2014-03-23 01:17 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes' Anti-Malware 2014-03-23 01:17 - 2013-04-04 15:50 - 00025928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys 2014-03-22 02:49 - 2014-03-22 02:49 - 01037734 _____ (Thisisu) C:\Users\HP\Desktop\JRT.exe 2014-03-22 02:48 - 2014-03-22 02:48 - 01950720 _____ () C:\Users\HP\Desktop\adwcleaner.exe 2014-03-22 02:47 - 2014-03-22 02:47 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\HP\Desktop\mbam-setup-1.75.0.1300.exe 2014-03-21 04:18 - 2014-03-21 04:18 - 00018451 _____ () C:\ComboFix.txt 2014-03-21 02:31 - 2014-03-21 04:26 - 00000000 ____D () C:\Qoobox 2014-03-21 02:31 - 2011-06-26 08:45 - 00256000 _____ () C:\Windows\PEV.exe 2014-03-21 02:31 - 2010-11-07 19:20 - 00208896 _____ () C:\Windows\MBR.exe 2014-03-21 02:31 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe 2014-03-21 02:31 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe 2014-03-21 02:31 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe 2014-03-21 02:31 - 2000-08-31 02:00 - 00098816 _____ () C:\Windows\sed.exe 2014-03-21 02:31 - 2000-08-31 02:00 - 00080412 _____ () C:\Windows\grep.exe 2014-03-21 02:31 - 2000-08-31 02:00 - 00068096 _____ () C:\Windows\zip.exe 2014-03-21 02:30 - 2014-03-21 03:57 - 00000000 ____D () C:\Windows\erdnt 2014-03-20 11:55 - 2014-03-20 11:55 - 05190052 ____R (Swearware) C:\Users\HP\Desktop\ComboFix.exe 2014-03-20 03:43 - 2014-03-20 03:43 - 00001215 _____ () C:\Users\HP\Desktop\GMER.txt 2014-03-20 03:30 - 2014-03-20 03:30 - 00033678 _____ () C:\Users\HP\Desktop\Addition.txt 2014-03-20 03:29 - 2014-04-02 03:33 - 00016706 _____ () C:\Users\HP\Desktop\FRST.txt 2014-03-20 03:28 - 2014-04-02 03:33 - 00000000 ____D () C:\FRST 2014-03-20 03:27 - 2014-03-20 03:27 - 00000466 _____ () C:\Users\HP\Desktop\defogger_disable.log 2014-03-20 03:27 - 2014-03-20 03:27 - 00000000 _____ () C:\Users\HP\defogger_reenable 2014-03-20 03:09 - 2014-03-20 03:09 - 02157056 _____ (Farbar) C:\Users\HP\Desktop\FRST64.exe 2014-03-20 03:09 - 2014-03-20 03:09 - 00380416 _____ () C:\Users\HP\Desktop\Gmer-19357.exe 2014-03-20 03:07 - 2014-03-20 03:08 - 00050477 _____ () C:\Users\HP\Desktop\Defogger.exe 2014-03-16 05:21 - 2014-03-01 07:17 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2014-03-16 05:21 - 2014-03-01 07:16 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll 2014-03-16 05:21 - 2014-03-01 06:58 - 02765824 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2014-03-16 05:21 - 2014-03-01 06:40 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll 2014-03-16 05:21 - 2014-03-01 06:30 - 17074688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2014-03-16 05:21 - 2014-03-01 05:52 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll 2014-03-16 05:21 - 2014-03-01 05:51 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll 2014-03-16 05:21 - 2014-03-01 05:47 - 02168320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2014-03-16 05:21 - 2014-03-01 05:43 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll 2014-03-16 05:21 - 2014-03-01 05:03 - 00524288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll 2014-03-16 05:21 - 2014-03-01 04:27 - 01156096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2014-03-16 05:20 - 2014-03-01 08:05 - 23133696 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2014-03-16 05:20 - 2014-03-01 06:52 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll 2014-03-16 05:20 - 2014-03-01 06:51 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll 2014-03-16 05:20 - 2014-03-01 06:42 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll 2014-03-16 05:20 - 2014-03-01 06:37 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll 2014-03-16 05:20 - 2014-03-01 06:33 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe 2014-03-16 05:20 - 2014-03-01 06:33 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe 2014-03-16 05:20 - 2014-03-01 06:32 - 00708608 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll 2014-03-16 05:20 - 2014-03-01 06:23 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe 2014-03-16 05:20 - 2014-03-01 06:17 - 00218624 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe 2014-03-16 05:20 - 2014-03-01 06:11 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb 2014-03-16 05:20 - 2014-03-01 06:02 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll 2014-03-16 05:20 - 2014-03-01 05:54 - 05768704 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2014-03-16 05:20 - 2014-03-01 05:43 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll 2014-03-16 05:20 - 2014-03-01 05:42 - 00627200 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2014-03-16 05:20 - 2014-03-01 05:40 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll 2014-03-16 05:20 - 2014-03-01 05:38 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe 2014-03-16 05:20 - 2014-03-01 05:37 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll 2014-03-16 05:20 - 2014-03-01 05:35 - 02041856 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl 2014-03-16 05:20 - 2014-03-01 05:18 - 13051904 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2014-03-16 05:20 - 2014-03-01 05:16 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll 2014-03-16 05:20 - 2014-03-01 05:14 - 04244480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll 2014-03-16 05:20 - 2014-03-01 05:10 - 02334208 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2014-03-16 05:20 - 2014-03-01 05:00 - 01964032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl 2014-03-16 05:20 - 2014-03-01 04:57 - 11266048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2014-03-16 05:20 - 2014-03-01 04:38 - 01393664 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2014-03-16 05:20 - 2014-03-01 04:32 - 01820160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2014-03-16 05:20 - 2014-03-01 04:25 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll 2014-03-16 05:20 - 2014-03-01 04:25 - 00703488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll 2014-03-16 05:20 - 2014-01-29 04:32 - 00484864 _____ (Microsoft Corporation) C:\Windows\system32\wer.dll 2014-03-16 05:20 - 2014-01-29 04:06 - 00381440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wer.dll 2014-03-16 05:20 - 2014-01-28 04:32 - 00228864 _____ (Microsoft Corporation) C:\Windows\system32\wwansvc.dll 2014-03-16 05:19 - 2014-02-07 03:23 - 03156480 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys 2014-03-16 05:19 - 2014-02-04 04:32 - 01424384 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll 2014-03-16 05:19 - 2014-02-04 04:32 - 00624128 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll 2014-03-16 05:19 - 2014-02-04 04:04 - 01230336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll 2014-03-16 05:19 - 2014-02-04 04:04 - 00509440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll 2014-03-13 16:36 - 2014-03-13 16:36 - 00029373 _____ () C:\Users\HP\Desktop\Klausurergebnisse.xlsx ==================== One Month Modified Files and Folders ======= 2014-04-02 03:34 - 2014-03-20 03:29 - 00016706 _____ () C:\Users\HP\Desktop\FRST.txt 2014-04-02 03:33 - 2014-03-20 03:28 - 00000000 ____D () C:\FRST 2014-04-02 02:00 - 2014-04-02 02:00 - 03739840 _____ () C:\Users\HP\Desktop\Sprachproben_wma.wma 2014-04-02 00:27 - 2013-02-01 09:47 - 00003906 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{60B686FB-5218-4ED2-938C-C2748479D3B2} 2014-04-02 00:25 - 2014-04-02 00:25 - 01968708 _____ () C:\Users\HP\Desktop\_20140402_003802.tif 2014-04-02 00:25 - 2014-04-02 00:25 - 00324314 _____ () C:\Users\HP\Desktop\_20140402_003508.tif 2014-04-02 00:25 - 2009-07-14 06:45 - 00031248 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2014-04-02 00:25 - 2009-07-14 06:45 - 00031248 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2014-04-02 00:24 - 2012-03-04 00:46 - 00700134 _____ () C:\Windows\system32\perfh007.dat 2014-04-02 00:24 - 2012-03-04 00:46 - 00149984 _____ () C:\Windows\system32\perfc007.dat 2014-04-02 00:24 - 2009-07-14 07:13 - 01622236 _____ () C:\Windows\system32\PerfStringBackup.INI 2014-04-02 00:17 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2014-04-02 00:17 - 2009-07-14 06:51 - 00084625 _____ () C:\Windows\setupact.log 2014-04-01 13:25 - 2013-02-01 09:44 - 01989593 _____ () C:\Windows\WindowsUpdate.log 2014-03-30 04:16 - 2013-02-08 01:46 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service 2014-03-29 16:32 - 2014-03-29 16:32 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox 2014-03-29 00:41 - 2014-03-29 00:39 - 00000000 ____D () C:\Users\HP\AppData\Local\Windows Live 2014-03-29 00:39 - 2014-03-29 00:39 - 00000000 ____D () C:\Users\HP\AppData\Local\{53C312A8-A158-42C7-8594-FAC41904AA75} 2014-03-29 00:38 - 2014-03-29 00:38 - 00003182 _____ () C:\Users\HP\Desktop\message-rfc822-attachment.eml 2014-03-29 00:34 - 2013-02-06 20:55 - 00003168 _____ () C:\Windows\System32\Tasks\HPCeeScheduleForHP 2014-03-29 00:34 - 2013-02-06 20:55 - 00000320 _____ () C:\Windows\Tasks\HPCeeScheduleForHP.job 2014-03-28 05:47 - 2014-03-28 03:20 - 00000985 _____ () C:\Users\HP\Desktop\GG.txt 2014-03-28 03:10 - 2014-03-28 03:08 - 00001298 _____ () C:\Users\HP\Desktop\FG.txt 2014-03-28 03:02 - 2014-03-28 02:45 - 00000550 _____ () C:\Users\HP\Desktop\DFG.txt 2014-03-28 02:53 - 2014-03-28 02:41 - 00001570 _____ () C:\Users\HP\Desktop\BG.txt 2014-03-24 05:59 - 2014-03-24 05:59 - 00987442 _____ () C:\Users\HP\Desktop\SecurityCheck.exe 2014-03-23 20:20 - 2013-02-12 04:18 - 00000000 ____D () C:\Users\HP\AppData\Roaming\SoftGrid Client 2014-03-23 15:14 - 2014-03-23 15:13 - 02347384 _____ (ESET) C:\Users\HP\Desktop\esetsmartinstaller_enu.exe 2014-03-23 07:54 - 2014-03-23 07:54 - 00001209 _____ () C:\Users\HP\Desktop\JRT.txt 2014-03-23 07:42 - 2014-03-23 07:42 - 00000000 ____D () C:\Windows\ERUNT 2014-03-23 07:38 - 2014-03-23 07:38 - 00003298 _____ () C:\Users\HP\Desktop\AdwC.txt 2014-03-23 07:35 - 2013-02-07 01:36 - 00000000 ____D () C:\Users\HP\AppData\Roaming\CheckPoint 2014-03-23 07:32 - 2014-03-23 07:25 - 00000000 ____D () C:\AdwCleaner 2014-03-23 07:24 - 2014-03-23 07:24 - 00002168 _____ () C:\Users\HP\Desktop\MBAM.txt 2014-03-23 01:17 - 2014-03-23 01:17 - 00001119 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk 2014-03-23 01:17 - 2014-03-23 01:17 - 00000000 ____D () C:\Users\HP\AppData\Roaming\Malwarebytes 2014-03-23 01:17 - 2014-03-23 01:17 - 00000000 ____D () C:\ProgramData\Malwarebytes 2014-03-23 01:17 - 2014-03-23 01:17 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes' Anti-Malware 2014-03-22 02:49 - 2014-03-22 02:49 - 01037734 _____ (Thisisu) C:\Users\HP\Desktop\JRT.exe 2014-03-22 02:48 - 2014-03-22 02:48 - 01950720 _____ () C:\Users\HP\Desktop\adwcleaner.exe 2014-03-22 02:47 - 2014-03-22 02:47 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\HP\Desktop\mbam-setup-1.75.0.1300.exe 2014-03-21 21:50 - 2010-11-21 05:47 - 00838966 _____ () C:\Windows\PFRO.log 2014-03-21 05:57 - 2013-05-06 01:20 - 00000000 ____D () C:\Users\HP\AppData\Local\CrashDumps 2014-03-21 04:26 - 2014-03-21 02:31 - 00000000 ____D () C:\Qoobox 2014-03-21 04:22 - 2009-07-14 05:20 - 00000000 __RHD () C:\Users\Default 2014-03-21 04:18 - 2014-03-21 04:18 - 00018451 _____ () C:\ComboFix.txt 2014-03-21 03:57 - 2014-03-21 02:30 - 00000000 ____D () C:\Windows\erdnt 2014-03-21 02:56 - 2009-07-14 04:34 - 00000215 _____ () C:\Windows\system.ini 2014-03-20 11:55 - 2014-03-20 11:55 - 05190052 ____R (Swearware) C:\Users\HP\Desktop\ComboFix.exe 2014-03-20 03:43 - 2014-03-20 03:43 - 00001215 _____ () C:\Users\HP\Desktop\GMER.txt 2014-03-20 03:30 - 2014-03-20 03:30 - 00033678 _____ () C:\Users\HP\Desktop\Addition.txt 2014-03-20 03:27 - 2014-03-20 03:27 - 00000466 _____ () C:\Users\HP\Desktop\defogger_disable.log 2014-03-20 03:27 - 2014-03-20 03:27 - 00000000 _____ () C:\Users\HP\defogger_reenable 2014-03-20 03:27 - 2013-02-01 09:44 - 00000000 ____D () C:\Users\HP 2014-03-20 03:09 - 2014-03-20 03:09 - 02157056 _____ (Farbar) C:\Users\HP\Desktop\FRST64.exe 2014-03-20 03:09 - 2014-03-20 03:09 - 00380416 _____ () C:\Users\HP\Desktop\Gmer-19357.exe 2014-03-20 03:08 - 2014-03-20 03:07 - 00050477 _____ () C:\Users\HP\Desktop\Defogger.exe 2014-03-19 14:39 - 2012-03-03 16:32 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2014-03-19 14:39 - 2012-03-03 16:32 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2014-03-16 07:44 - 2009-07-14 06:45 - 00368800 _____ () C:\Windows\system32\FNTCACHE.DAT 2014-03-16 07:42 - 2013-02-15 03:18 - 00000000 ____D () C:\Program Files\Microsoft Silverlight 2014-03-16 07:42 - 2013-02-15 03:18 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight 2014-03-16 05:27 - 2013-07-17 12:08 - 00000000 ____D () C:\Windows\system32\MRT 2014-03-16 05:25 - 2013-02-05 23:10 - 90015360 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe 2014-03-16 05:11 - 2013-02-01 09:52 - 00087376 _____ () C:\Users\HP\AppData\Local\GDIPFONTCACHEV1.DAT 2014-03-13 16:36 - 2014-03-13 16:36 - 00029373 _____ () C:\Users\HP\Desktop\Klausurergebnisse.xlsx 2014-03-10 16:39 - 2013-02-15 06:21 - 00000000 ____D () C:\Users\HP\Total Some content of TEMP: ==================== C:\Users\HP\AppData\Local\Temp\avgnt.exe C:\Users\HP\AppData\Local\Temp\Quarantine.exe ==================== Bamital & volsnap Check ================= C:\Windows\System32\winlogon.exe => MD5 is legit C:\Windows\System32\wininit.exe => MD5 is legit C:\Windows\SysWOW64\wininit.exe => MD5 is legit C:\Windows\explorer.exe => MD5 is legit C:\Windows\SysWOW64\explorer.exe => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\SysWOW64\svchost.exe => MD5 is legit C:\Windows\System32\services.exe => MD5 is legit C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\SysWOW64\User32.dll => MD5 is legit C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\SysWOW64\userinit.exe => MD5 is legit C:\Windows\System32\rpcss.dll => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit LastRegBack: 2014-03-20 14:11 ==================== End Of Log ============================ --- --- --- --- --- --- GMER: Code:
ATTFilter GMER 2.1.19357 - hxxp://www.gmer.net Rootkit scan 2014-04-02 03:51:23 Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\00000060 ST640LM0 rev.2AJ1 596,17GB Running: Gmer-19357.exe; Driver: C:\Users\HP\AppData\Local\Temp\kxddipog.sys ---- Kernel code sections - GMER 2.1 ---- INITKDBG C:\Windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 528 fffff80002ff9000 16 bytes [8B, E3, 41, 5F, 41, 5E, 41, ...] INITKDBG C:\Windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 545 fffff80002ff9011 35 bytes {LEA ECX, [RSP+0x70]; CALL 0x3d64f} ---- User code sections - GMER 2.1 ---- .text C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe[1532] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076741465 2 bytes [74, 76] .text C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe[1532] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000767414bb 2 bytes [74, 76] .text ... * 2 .text C:\Windows\SysWOW64\ezSharedSvcHost.exe[2088] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076741465 2 bytes [74, 76] .text C:\Windows\SysWOW64\ezSharedSvcHost.exe[2088] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000767414bb 2 bytes [74, 76] .text ... * 2 .text C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe[2232] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076741465 2 bytes [74, 76] .text C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe[2232] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000767414bb 2 bytes [74, 76] .text ... * 2 ? C:\Windows\system32\mssprxy.dll [2724] entry point in ".rdata" section 00000000738171e6 .text C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe[5072] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076741465 2 bytes [74, 76] .text C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe[5072] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000767414bb 2 bytes [74, 76] .text ... * 2 ---- Threads - GMER 2.1 ---- Thread C:\Windows\System32\spoolsv.exe [1904:4028] 000007fef53f10c8 Thread C:\Windows\System32\spoolsv.exe [1904:3272] 000007fef5386144 Thread C:\Windows\System32\spoolsv.exe [1904:3248] 000007fef53b5fd0 Thread C:\Windows\System32\spoolsv.exe [1904:3264] 000007fef4e63438 Thread C:\Windows\System32\spoolsv.exe [1904:3316] 000007fef53b63ec Thread C:\Windows\System32\spoolsv.exe [1904:2420] 000007fef5b85e5c Thread C:\Windows\System32\spoolsv.exe [1904:3472] 000007fef5775074 Thread C:\Windows\System32\svchost.exe [2628:2252] 000007fef7089688 ---- EOF - GMER 2.1 ---- Bin nun etwas ratlos und ahne böses... LG Balsberg |
02.04.2014, 14:03 | #10 |
/// the machine /// TB-Ausbilder | Computer bzw. Firefox seit einiger Zeit langsam, dabei Lüfter auf Hochtouren Revo Uninstaller - Download - Filepony damit Firefox deinstallieren, keine Daten behalten, Reste entfernen lassen, neu installieren. Dann: https://support.mozilla.org/de/kb/fi...einfach-loesen
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
03.04.2014, 02:27 | #11 |
| Computer bzw. Firefox seit einiger Zeit langsam, dabei Lüfter auf Hochtouren Danke für die schnelle Antwort. Eine für mich extrem wichtige Frage: ist in diesem Fall eine Deinstallation von Firefox unumgänglich? Oder nur "die einfachste Methode", alle eventuellen Probleme auf einen Schlag wegzukriegen? (Im Sinne von "Hand schmerzt - Hand ab") Außerdem wäre ich sehr dankbar über eine begleitende kurze Rückmeldung statt komentarlosen Anweisungen. Welche Art von Problem zeigen die Logs? Wenn Du beim Arzt bist, magst Du es bestimmt auch nicht, wenn er Dich stumm untersucht und Dir am Ende wortlos ein Rezept in die Hand drückt... Ich kann seit gestern die Support.mozilla.org Seite ebenso wie das Trojaner-Board mit Firefox nicht mehr abrufen. Ich schreibe gerade übern Explorer. Allerdings kann ich auch über den Explorer weder Support.mozilla.org noch manch andere Seiten (Google, Ixquick etc.) aufrufen. EDIT: Komischerweise erreiche ich aber im Firefox die Support.mozilla.org-Seite sowie das Trojaner-Board über die Proxy-Funktion von Ixquick.com ohne Probleme... EDIT 2: Wenn ich im Firefox z.B. einen Thread im Trojaner-Board aufrufe, dann erscheint etwa nur der Titel und die Seit lädt ewig weiter (in der Firefox-Statuszeile erscheint währenddessen "Übertragen der Daten von Trojaner-board.de" und dann irgendwann "Übertragen der Daten von antimalwarebytes.org"), bis sie irgendwann aufhört - ohne dass der Text jemals angezeigt wird. D.h. die Seite ist außer dem Titel und dem gelben Forumshintergrund leer. Interessanterweise kann ich das Forumsverzeichnis ohne Probleme erreichen... Was ist denn eigentlich hier los? Gruß Balsberg NACHTRAG: 1-2 Std. nach meiner letzten Nachricht konnte ich mit Firefox wieder auf die hiesige Forum-Seite und Support.mozilla.org problemlos zugreifen. Während der zuvor beobachteten und weiter oben ausführlich geschilderten "Blockade" dieser Seiten waren andere Seiten (z.B. gmx.de, google.de, zeit.de oder wikipedia.de) ohne sichtbaren Probleme zugänglich. Allerdings hat sich offenbar eine neue "Attacke" ereignet, die nach dem Muster aller bisherigen "Attacken" abgelaufen ist: der Lüfter ging ständig extrem hoch, Firefox verhielt sich komisch (Tasteneingaben und Befehle wurden nicht oder erst nach mehrmaliger Betätigung ausgeführt, als würde die Tastatur und die Maus nur beliebig funktionieren - letzteres ist aber nicht der Fall, wie man an anderen Programmen sieht) und ich erhielt eine entsprechende Warnmeldung von Malwarebytes über den angeblichen (wie IMMER von mir unbemerkten, weil UNSICHTBAREN) Versuch von Firefox, eine fragwürdige Adresse aufzurufen. Der Log gab folgende Details: Code:
ATTFilter 2014/04/02 00:18:10 +0200 HP-HP (null) MESSAGE Starting protection 2014/04/02 00:18:10 +0200 HP-HP (null) MESSAGE Protection started successfully 2014/04/02 00:18:10 +0200 HP-HP (null) MESSAGE Starting IP protection 2014/04/02 00:18:15 +0200 HP-HP (null) MESSAGE IP Protection started successfully 2014/04/02 00:30:48 +0200 HP-HP HP MESSAGE Executing scheduled update: Daily 2014/04/02 00:30:58 +0200 HP-HP HP MESSAGE Scheduled update executed successfully: database updated from version v2014.03.31.10 to version v2014.04.01.09 2014/04/02 00:30:58 +0200 HP-HP HP MESSAGE Starting database refresh 2014/04/02 00:30:59 +0200 HP-HP HP MESSAGE Stopping IP protection 2014/04/02 00:30:59 +0200 HP-HP HP MESSAGE IP Protection stopped successfully 2014/04/02 00:31:11 +0200 HP-HP HP MESSAGE Database refreshed successfully 2014/04/02 00:31:11 +0200 HP-HP HP MESSAGE Starting IP protection 2014/04/02 00:31:17 +0200 HP-HP HP MESSAGE IP Protection started successfully 2014/04/02 03:41:37 +0200 HP-HP HP MESSAGE Stopping IP protection 2014/04/02 03:41:37 +0200 HP-HP HP MESSAGE IP Protection stopped successfully 2014/04/02 03:41:38 +0200 HP-HP HP MESSAGE Stopping protection 2014/04/02 03:41:38 +0200 HP-HP HP MESSAGE Protection stopped successfully 2014/04/02 03:59:04 +0200 HP-HP HP MESSAGE Starting protection 2014/04/02 03:59:04 +0200 HP-HP HP MESSAGE Protection started successfully 2014/04/02 03:59:04 +0200 HP-HP HP MESSAGE Starting IP protection 2014/04/02 03:59:08 +0200 HP-HP HP MESSAGE IP Protection started successfully 2014/04/02 03:59:08 +0200 HP-HP HP MESSAGE Stopping IP protection 2014/04/02 03:59:09 +0200 HP-HP HP MESSAGE IP Protection stopped successfully 2014/04/02 03:59:09 +0200 HP-HP HP MESSAGE Starting IP protection 2014/04/02 03:59:12 +0200 HP-HP HP MESSAGE IP Protection started successfully 2014/04/02 03:59:12 +0200 HP-HP HP MESSAGE Stopping IP protection 2014/04/02 03:59:13 +0200 HP-HP HP MESSAGE IP Protection stopped successfully 2014/04/02 03:59:13 +0200 HP-HP HP MESSAGE Starting IP protection 2014/04/02 03:59:17 +0200 HP-HP HP MESSAGE IP Protection started successfully 2014/04/02 03:59:17 +0200 HP-HP HP MESSAGE Stopping IP protection 2014/04/02 03:59:17 +0200 HP-HP HP MESSAGE IP Protection stopped successfully 2014/04/02 03:59:17 +0200 HP-HP HP MESSAGE Starting IP protection 2014/04/02 03:59:21 +0200 HP-HP HP MESSAGE IP Protection started successfully 2014/04/02 03:59:21 +0200 HP-HP HP MESSAGE Stopping IP protection 2014/04/02 03:59:21 +0200 HP-HP HP MESSAGE IP Protection stopped successfully 2014/04/02 03:59:21 +0200 HP-HP HP MESSAGE Starting IP protection 2014/04/02 03:59:25 +0200 HP-HP HP MESSAGE IP Protection started successfully 2014/04/02 15:04:06 +0200 HP-HP HP MESSAGE Starting protection 2014/04/02 15:04:06 +0200 HP-HP HP MESSAGE Protection started successfully 2014/04/02 15:04:06 +0200 HP-HP HP MESSAGE Starting IP protection 2014/04/02 15:04:11 +0200 HP-HP HP MESSAGE IP Protection started successfully 2014/04/02 18:12:10 +0200 HP-HP HP IP-BLOCK 91.206.200.119 (Type: outgoing, Port: 58948, Process: firefox.exe) 2014/04/02 18:12:11 +0200 HP-HP HP IP-BLOCK 91.206.200.119 (Type: outgoing, Port: 58949, Process: firefox.exe) 2014/04/02 18:12:19 +0200 HP-HP HP IP-BLOCK 91.206.200.119 (Type: outgoing, Port: 58950, Process: firefox.exe) 2014/04/02 18:12:19 +0200 HP-HP HP IP-BLOCK 91.206.200.119 (Type: outgoing, Port: 58951, Process: firefox.exe) 2014/04/02 18:12:19 +0200 HP-HP HP IP-BLOCK 91.206.200.119 (Type: outgoing, Port: 58952, Process: firefox.exe) 2014/04/02 18:12:19 +0200 HP-HP HP IP-BLOCK 91.206.200.119 (Type: outgoing, Port: 58953, Process: firefox.exe) 2014/04/02 18:12:19 +0200 HP-HP HP IP-BLOCK 91.206.200.119 (Type: outgoing, Port: 58954, Process: firefox.exe) 2014/04/02 18:12:19 +0200 HP-HP HP IP-BLOCK 91.206.200.119 (Type: outgoing, Port: 58955, Process: firefox.exe) 2014/04/02 18:12:43 +0200 HP-HP HP IP-BLOCK 91.206.200.119 (Type: outgoing, Port: 58957, Process: firefox.exe) 2014/04/02 18:12:43 +0200 HP-HP HP IP-BLOCK 91.206.200.119 (Type: outgoing, Port: 58958, Process: firefox.exe) 2014/04/02 18:12:43 +0200 HP-HP HP IP-BLOCK 91.206.200.119 (Type: outgoing, Port: 58961, Process: firefox.exe) 2014/04/02 18:12:43 +0200 HP-HP HP IP-BLOCK 91.206.200.119 (Type: outgoing, Port: 58962, Process: firefox.exe) Wie ich schon in meinem vorhergehenden Beitrag andeutete, würde ich die Deinstallation von Firefox und Explorer gerne vermeiden. Könnte ich die restlichen in der 1. Runde ausgeführten Scans (Combofix, Malwarebytes, Adwcleaner, JRT) nebst der in der selbigen noch ausstehenden (ESET, Securitycheck, erneutes FRST) z.T. nochmal durchführen und dann schauen? Wäre diese Vorgehensweise aus Eurer Sicht technisch vertretbar? Gruß Balsberg PS: UND was ist mit den beiden Programmen, die schon im allerersten FRST-Log mit "Attention!" markiert sind? Geändert von Balsberg (02.04.2014 um 20:54 Uhr) |
03.04.2014, 12:20 | #12 | |
/// the machine /// TB-Ausbilder | Computer bzw. Firefox seit einiger Zeit langsam, dabei Lüfter auf Hochtouren Die fixen wir jetzt mal raus: Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster. Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument Code:
ATTFilter HKLM\...\Run: [CIS_{15198508-521A-4D69-8E5B-B94A6CCFF805}] - "C:\Users\HP\AppData\Local\Temp\cisBC7B.exe" --PostUninstall {15198508-521A-4D69-8E5B-B94A6CCFF805} <===== ATTENTION HKLM\...\Run: [CIS_{81EFDD93-DBBE-415B-BE6E-49B9664E3E82}] - "C:\Users\HP\AppData\Local\Temp\cisBC7B.exe" --PostUninstall {81EFDD93-DBBE-415B-BE6E-49B9664E3E82} <===== ATTENTION Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
Firefox deinstallieren ist das einzeige was noch über bleibt bei den beschriebenen Problemen, weil alles andre schon gemacht wurde. Zitat:
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
03.04.2014, 13:50 | #13 |
| Computer bzw. Firefox seit einiger Zeit langsam, dabei Lüfter auf Hochtouren OK, anbei das FRST-Fixlog: Code:
ATTFilter Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 13-03-2014 Ran by HP at 2014-04-03 13:54:43 Run:1 Running from C:\Users\HP\Desktop Boot Mode: Normal ============================================== Content of fixlist: ***************** HKLM\...\Run: [CIS_{15198508-521A-4D69-8E5B-B94A6CCFF805}] - "C:\Users\HP\AppData\Local\Temp\cisBC7B.exe" --PostUninstall {15198508-521A-4D69-8E5B-B94A6CCFF805} <===== ATTENTION HKLM\...\Run: [CIS_{81EFDD93-DBBE-415B-BE6E-49B9664E3E82}] - "C:\Users\HP\AppData\Local\Temp\cisBC7B.exe" --PostUninstall {81EFDD93-DBBE-415B-BE6E-49B9664E3E82} <===== ATTENTION ***************** HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\CIS_{15198508-521A-4D69-8E5B-B94A6CCFF805} => Value deleted successfully. HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\CIS_{81EFDD93-DBBE-415B-BE6E-49B9664E3E82} => Value deleted successfully. ==== End of Fixlog ==== Alles klar, dann würde ich einen letzten Versuch starten. Wenn das nicht hilft, dann geht es erstmal mit Revo und Firefox-Zurücksetzung weiter. Also, ich mache jetzt folgendes: - Scan mit Combofix danach: - Scan mit Malwarebytes Antimalware - Scan mit Adwcleaner - Scan mit JRT ----- Erneuter Scan mit FRST - Scan mit ESET - Scan mit SecurityCheck ----- Erneuter Scan mit FRST Ich poste alle Logs hier und warte dann dein Urteil ab. EDIT: Hatte heute eine Warnmeldung vom "HP Support Assistant" (Wartungssoftware des Herstellers), dass ein Gastkonto aktiviert ist. Das war ich aber definitiv nicht und es gibt auch niemanden, der aktuell Zugang zum Rechner hat!!! Ich habe dann auf "Gastkonto deaktivieren" geklickt, wie mir vom Programm empfohlen wurde. Allerdings ist die Warnmeldung nicht erloschen. Ein erneutes Klicken auf "Gastkonto deaktivieren" wurde trotzdem auch dieses Mal mit "Gastkonto deaktiviert" bestätigt. Wie ich nun gesehen habe, gibt es im Windows-Start unter "Herunterfahren" nun auch die Option "Benutzer wechseln", die es bisher nicht gab, weil ich nur ein einziges Konto (Administrator) eingerichtet habe! Ich bin leider nicht vom Fach, aber könnte es ein Rootkit-Virus sein? (Scans ohne Ergebnis, dafür Warnmeldungen von Malwarebytes, s. http://www.trojaner-board.de/151724-...kit-virus.html) Übrigens: Das ist zwar jetzt nicht mein Hauptproblem, aber der Vollständigkeit halber sei es auch erwähnt: Mit dem Explorer kann ich nach wie vor nicht auf Google und manch andere Seite zugreifen. Außerdem werden dort manche Seiten (v.a. die Menüpunkte) fehlerhaft dargestellt. Gruß Balsberg Geändert von Balsberg (03.04.2014 um 13:56 Uhr) |
04.04.2014, 09:55 | #14 |
/// the machine /// TB-Ausbilder | Computer bzw. Firefox seit einiger Zeit langsam, dabei Lüfter auf Hochtouren Mit Explorer meinst Du Internet Explorer? Aber mit Firefox geht es`? Was sagt denn Systemsteuerung > Benutzerkonten > Andere Konten verwalten? ISt dort Gast aktiv?
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
04.04.2014, 17:14 | #15 |
| Computer bzw. Firefox seit einiger Zeit langsam, dabei Lüfter auf Hochtouren Genau, den Internet Explorer. Ja, wobei mein Firefox gerade wieder einmal nicht auf die Threads vom Trojaner-Board zugreifen kann (s. vorletzten Beitrag), weswegen ich gerade wieder übern Explorer schreibe... Nein, in der Systemsteuerung ist das Gastkonto nicht aktiv. Ich hatte gleich gestern abend vor dem Combofix-Scan nachgeschaut, weil es mich natürlich brennend interessierte... Was mir noch aufgefallen ist: seit den ersten Auffälligkeiten (noch vor 2-3 Monaten, wenn Avira etwas gesponnen hat, s. ersten Beitrag) erschienen im Taskmanager die Prozesse "atieclxx.exe", "csrss.exe" und "winlogon.exe" ohne Beschreibung (Feld "Beschreibung" war leer) - im Gegensatz zu allen restlichen Prozessen. Diese 3 Prozesse waren auch die einzigen (außer "avgnt.exe" - Avira), die sich nicht beenden ließen. Auch ein Klick auf "Dateipfad öffnen" (ich wollte halt sehen, ob da alles stimmt) brachte überhaupt keine Reaktion. Nach jedem großen Scan mit Combofix/Adwcleaner/JRT (ich weiß nicht genau, nach welchem von allen dreien) war das "repariert", sprich es erscheint eine Beschreibung im Task-Manager und auch der Befehl "Dateipfad öffnen" wird normal ausgeführt. Das ist auch jetzt noch der Fall... Ansonsten konnte ich zu keinem Zeitpunkt irgendwelche andere Auffälligkeiten (z.B. seltsame Prozesse usw.) im Task-Manager beobachten. Hier der Combofix-Log: Code:
ATTFilter ComboFix 14-04-03.01 - HP 03.04.2014 15:34:15.2.2 - x64 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.49.1031.18.3560.2053 [GMT 2:00] ausgeführt von:: c:\users\HP\Desktop\ComboFix.exe AV: Avira Desktop *Disabled/Updated* {4D041356-F94D-285F-8768-AAE50FA36859} FW: ZoneAlarm Free Firewall Firewall *Disabled* {E6380B7E-D4B2-19F1-083E-56486607704B} SP: Avira Desktop *Disabled/Updated* {F665F2B2-DF77-27D1-BDD8-9197742422E4} SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . ((((((((((((((((((((((( Dateien erstellt von 2014-03-03 bis 2014-04-03 )))))))))))))))))))))))))))))) . . 2014-04-03 16:51 . 2014-04-03 16:51 -------- d-----w- c:\users\Default\AppData\Local\temp 2014-04-03 01:43 . 2014-04-03 01:43 0 ----a-w- c:\windows\SysWow64\shoB71C.tmp 2014-04-02 14:06 . 2014-04-03 11:39 75888 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{2B667EAE-6C05-4830-A94F-040E98233576}\offreg.dll 2014-04-02 13:12 . 2014-03-07 04:43 10521840 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{2B667EAE-6C05-4830-A94F-040E98233576}\mpengine.dll 2014-03-28 22:39 . 2014-03-28 22:41 -------- d-----w- c:\users\HP\AppData\Local\Windows Live 2014-03-23 05:42 . 2014-03-23 05:42 -------- d-----w- c:\windows\ERUNT 2014-03-23 05:25 . 2014-03-23 05:32 -------- d-----w- C:\AdwCleaner 2014-03-22 23:17 . 2014-03-22 23:17 -------- d-----w- c:\users\HP\AppData\Roaming\Malwarebytes 2014-03-22 23:17 . 2014-03-22 23:17 -------- d-----w- c:\programdata\Malwarebytes 2014-03-22 23:17 . 2013-04-04 13:50 25928 ----a-w- c:\windows\system32\drivers\mbam.sys 2014-03-22 23:17 . 2014-03-22 23:17 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware 2014-03-22 23:16 . 2014-03-22 23:16 -------- d-----w- c:\users\HP\AppData\Local\Programs 2014-03-20 01:28 . 2014-04-03 11:54 -------- d-----w- C:\FRST 2014-03-16 03:20 . 2014-03-01 05:08 7211520 ----a-w- c:\program files\Internet Explorer\F12Resources.dll 2014-03-16 03:19 . 2014-02-04 02:32 624128 ----a-w- c:\windows\system32\qedit.dll 2014-03-16 03:19 . 2014-02-04 02:04 509440 ----a-w- c:\windows\SysWow64\qedit.dll 2014-03-16 03:19 . 2014-02-04 02:32 1424384 ----a-w- c:\windows\system32\WindowsCodecs.dll 2014-03-16 03:19 . 2014-02-04 02:04 1230336 ----a-w- c:\windows\SysWow64\WindowsCodecs.dll 2014-03-16 03:19 . 2014-02-07 01:23 3156480 ----a-w- c:\windows\system32\win32k.sys . . . (((((((((((((((((((((((((((((((((((( Find3M Bericht )))))))))))))))))))))))))))))))))))))))))))))))))))))) . 2014-03-19 12:39 . 2012-03-03 14:32 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl 2014-03-19 12:39 . 2012-03-03 14:32 692616 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe 2014-03-16 03:25 . 2013-02-05 21:10 90015360 ----a-w- c:\windows\system32\MRT.exe 2014-02-07 23:55 . 2014-02-07 23:54 41404760 ----a-w- C:\QuickTimeInstaller.exe 2014-01-16 22:16 . 2014-01-16 22:15 39074536 ----a-w- C:\FileFormatConverters.exe 2014-01-16 22:11 . 2014-01-16 22:11 5254992 ----a-w- C:\officexp-KB917347-FullFile-DEU.exe 2014-01-16 22:10 . 2014-01-16 22:09 7720272 ----a-w- C:\officexp-KB917153-FullFile-DEU.exe 2014-01-16 22:08 . 2014-01-16 22:08 13898064 ----a-w- C:\officexp-KB918420-FullFile-DEU.exe 2014-01-16 22:02 . 2014-01-16 22:01 64771624 ----a-w- C:\OfficeXpSp3-kb832671-fullfile-deu.exe 2014-01-09 02:22 . 2014-02-27 01:10 5694464 ----a-w- c:\windows\SysWow64\mstscax.dll 2014-01-03 22:44 . 2014-02-27 01:10 6574592 ----a-w- c:\windows\system32\mstscax.dll . . (((((((((((((((((((((((((((( Autostartpunkte der Registrierung )))))))))))))))))))))))))))))))))))))))) . . *Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. REGEDIT4 . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2012-02-10 630912] "Easybits Recovery"="c:\program files (x86)\EasyBits For Kids\ezRecover.exe" [2011-09-15 61112] "HPOSD"="c:\program files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe" [2011-08-19 379960] "HP CoolSense"="c:\program files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe" [2012-11-05 1343904] "SSBkgdUpdate"="c:\program files (x86)\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-10-25 210472] "ZoneAlarm"="c:\program files (x86)\CheckPoint\ZoneAlarm\zatray.exe" [2012-11-19 73392] "avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2014-02-21 689744] "HP Quick Launch"="c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe" [2012-03-05 578944] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) "HideFastUserSwitching"= 0 (0x0) . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer] "EnableShellExecuteHooks"= 1 (0x1) . [hkey_local_machine\software\Wow6432Node\microsoft\windows\currentversion\explorer\ShellExecuteHooks] . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon] "Userinit"="userinit.exe" . R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x] R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x] R3 BBSvc;Bing Bar Update Service;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE [x] R3 GamesAppService;GamesAppService;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe [x] R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x] R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x] R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS;c:\windows\SYSNATIVE\DRIVERS\VSTAZL6.SYS [x] R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS;c:\windows\SYSNATIVE\DRIVERS\VSTDPV6.SYS [x] R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS;c:\windows\SYSNATIVE\DRIVERS\VSTCNXT6.SYS [x] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x] R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x] R4 AntiVirWebService;Avira Browser-Schutz;c:\program files (x86)\Avira\AntiVir Desktop\avwebg7.exe;c:\program files (x86)\Avira\AntiVir Desktop\avwebg7.exe [x] R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x] S0 amd_sata;amd_sata;c:\windows\system32\drivers\amd_sata.sys;c:\windows\SYSNATIVE\drivers\amd_sata.sys [x] S0 amd_xata;amd_xata;c:\windows\system32\drivers\amd_xata.sys;c:\windows\SYSNATIVE\drivers\amd_xata.sys [x] S0 amdkmpfd;AMD PCI Root Bus Lower Filter;c:\windows\system32\drivers\amdkmpfd.sys;c:\windows\SYSNATIVE\drivers\amdkmpfd.sys [x] S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys;c:\windows\SYSNATIVE\DRIVERS\avkmgr.sys [x] S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x] S2 AMD FUEL Service;AMD FUEL Service;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [x] S2 AntiVirSchedulerService;Avira Planer;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [x] S2 BBUpdate;BBUpdate;c:\program files (x86)\Microsoft\BingBar\SeaPort.EXE;c:\program files (x86)\Microsoft\BingBar\SeaPort.EXE [x] S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [x] S2 ezSharedSvc;Easybits Services for Windows;c:\windows\System32\ezSharedSvcHost.exe;c:\windows\SYSNATIVE\ezSharedSvcHost.exe [x] S2 HP Support Assistant Service;HP Support Assistant Service;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [x] S2 HPClientSvc;HP Client Services;c:\program files\Hewlett-Packard\HP Client Services\HPClientServices.exe;c:\program files\Hewlett-Packard\HP Client Services\HPClientServices.exe [x] S2 hpsrv;HP Service;c:\windows\system32\Hpservice.exe;c:\windows\SYSNATIVE\Hpservice.exe [x] S2 HPWMISVC;HPWMISVC;c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe;c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [x] S2 ISWKL;ZoneAlarm LTD Toolbar ISWKL;c:\program files\CheckPoint\ZAForceField\ISWKL.sys;c:\program files\CheckPoint\ZAForceField\ISWKL.sys [x] S2 IswSvc;ZoneAlarm LTD Toolbar IswSvc;c:\program files\CheckPoint\ZAForceField\IswSvc.exe;c:\program files\CheckPoint\ZAForceField\IswSvc.exe [x] S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [x] S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [x] S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [x] S3 amdhub30;AMD USB 3.0 Hub Driver;c:\windows\system32\drivers\amdhub30.sys;c:\windows\SYSNATIVE\drivers\amdhub30.sys [x] S3 amdiox64;AMD IO Driver;c:\windows\system32\drivers\amdiox64.sys;c:\windows\SYSNATIVE\drivers\amdiox64.sys [x] S3 amdxhc;AMD USB 3.0 Host Controller Driver;c:\windows\system32\drivers\amdxhc.sys;c:\windows\SYSNATIVE\drivers\amdxhc.sys [x] S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys;c:\windows\SYSNATIVE\drivers\AtihdW76.sys [x] S3 clwvd;CyberLink WebCam Virtual Driver;c:\windows\system32\DRIVERS\clwvd.sys;c:\windows\SYSNATIVE\DRIVERS\clwvd.sys [x] S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x] S3 RSP2STOR;Realtek PCIE CardReader Driver - P2;c:\windows\system32\DRIVERS\RtsP2Stor.sys;c:\windows\SYSNATIVE\DRIVERS\RtsP2Stor.sys [x] S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x] S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftfslh.sys [x] S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftplaylh.sys [x] S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftredirlh.sys [x] S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftvollh.sys [x] S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [x] S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys;c:\windows\SYSNATIVE\DRIVERS\usbfilter.sys [x] . . Inhalt des "geplante Tasks" Ordners . 2014-04-02 c:\windows\Tasks\HPCeeScheduleForHP.job - c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2011-07-15 03:43] . . --------- X64 Entries ----------- . . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [BU] "SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2012-01-04 1425408] "CanonSolutionMenu"="c:\program files (x86)\Canon\SolutionMenu\CNSLMAIN.exe" [2007-05-14 644696] "CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2007-04-03 1840720] "ISW"="c:\program files\CheckPoint\ZAForceField\ForceField.exe" [2012-11-02 1127592] "Start WingMan Profiler"="c:\program files\Logitech\Gaming Software\LWEMon.exe" [2009-09-17 190472] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce] "NCPluginUpdater"="c:\program files (x86)\hewlett-packard\hp health check\activecheck\product_line\NCPluginUpdater.exe" [2014-03-25 21720] . ------- Zusätzlicher Suchlauf ------- . uStart Page = about:blank uLocal Page = c:\windows\system32\blank.htm mLocal Page = c:\windows\SysWOW64\blank.htm IE: Nach Microsoft &Excel exportieren - c:\progra~2\MI3B09~1\Office10\EXCEL.EXE/3000 TCP: DhcpNameServer = 192.168.2.1 FF - ProfilePath - c:\users\HP\AppData\Roaming\Mozilla\Firefox\Profiles\3qkit518.default\ . - - - - Entfernte verwaiste Registrierungseinträge - - - - . ShellIconOverlayIdentifiers-{FB314ED9-A251-47B7-93E1-CDD82E34AF8B} - (no file) ShellIconOverlayIdentifiers-{FB314EDA-A251-47B7-93E1-CDD82E34AF8B} - (no file) ShellIconOverlayIdentifiers-{FB314EDB-A251-47B7-93E1-CDD82E34AF8B} - (no file) ShellIconOverlayIdentifiers-{FB314EDC-A251-47B7-93E1-CDD82E34AF8B} - (no file) AddRemove-EasyBits Magic Desktop - c:\windows\system32\ezMDUninstall.exe AddRemove-{EE202411-2C26-49E8-9784-1BC1DBF7DE96} - c:\program files (x86)\InstallShield Installation Information\{EE202411-2C26-49E8-9784-1BC1DBF7DE96}\setup.exe . . . --------------------- Gesperrte Registrierungsschluessel --------------------- . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_202_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_202_ActiveX.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_202_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_202_ActiveX.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_202.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.11" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_202.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_202.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_202.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . Zeit der Fertigstellung: 2014-04-04 00:56:32 ComboFix-quarantined-files.txt 2014-04-03 22:55 ComboFix2.txt 2014-03-21 02:18 . Vor Suchlauf: 14 Verzeichnis(se), 513.105.383.424 Bytes frei Nach Suchlauf: 15 Verzeichnis(se), 512.663.740.416 Bytes frei . - - End Of File - - B00C542843F71B845A21979508FCF251 A36C5E4F47E84449FF07ED3517B43A31 Code:
ATTFilter Malwarebytes Anti-Malware (Test) 1.75.0.1300 www.malwarebytes.org Datenbank Version: v2014.04.03.10 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 11.0.9600.16521 HP :: HP-HP [Administrator] Schutz: Aktiviert 04.04.2014 02:00:55 mbam-log-2014-04-04 (02-00-55).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|E:\|F:\|G:\|Q:\|) Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM | P2P Deaktivierte Suchlaufeinstellungen: Durchsuchte Objekte: 431611 Laufzeit: 58 Minute(n), 10 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 0 (Keine bösartigen Objekte gefunden) (Ende) Code:
ATTFilter # AdwCleaner v3.022 - Bericht erstellt am 04/04/2014 um 03:03:32 # Aktualisiert 13/03/2014 von Xplode # Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits) # Benutzername : HP - HP-HP # Gestartet von : C:\Users\HP\Desktop\adwcleaner.exe # Option : Löschen ***** [ Dienste ] ***** ***** [ Dateien / Ordner ] ***** [!] Ordner Gelöscht : C:\Users\HP\AppData\Roaming\CheckPoint\ZoneAlarm LTD Toolbar ***** [ Verknüpfungen ] ***** ***** [ Registrierungsdatenbank ] ***** ***** [ Browser ] ***** -\\ Internet Explorer v11.0.9600.16521 -\\ Mozilla Firefox v28.0 (de) [ Datei : C:\Users\HP\AppData\Roaming\Mozilla\Firefox\Profiles\3qkit518.default\prefs.js ] Zeile gelöscht : user_pref("extensions.fvd_single.surfcanyon.ramp.start_time", "1395554149374"); ************************* AdwCleaner[R0].txt - [3769 octets] - [23/03/2014 07:25:20] AdwCleaner[R1].txt - [1088 octets] - [04/04/2014 03:01:41] AdwCleaner[S0].txt - [3298 octets] - [23/03/2014 07:32:20] AdwCleaner[S1].txt - [1016 octets] - [04/04/2014 03:03:32] ########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [1076 octets] ########## Der JRT-Log: Code:
ATTFilter ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Junkware Removal Tool (JRT) by Thisisu Version: 6.1.2 (02.20.2014:1) OS: Windows 7 Home Premium x64 Ran by HP on 04.04.2014 at 3:11:06,82 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~ Services ~~~ Registry Values ~~~ Registry Keys ~~~ Files Successfully deleted: [File] C:\Windows\syswow64\shoB71C.tmp ~~~ Folders Successfully deleted: [Empty Folder] C:\Users\HP\appdata\local\{53C312A8-A158-42C7-8594-FAC41904AA75} ~~~ FireFox Emptied folder: C:\Users\HP\AppData\Roaming\mozilla\firefox\profiles\3qkit518.default\minidumps [7 files] ~~~ Event Viewer Logs were cleared ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Scan was completed on 04.04.2014 at 3:21:08,22 End of JRT log ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Anschließend gab es einen frischen FRST-Scan: FRST Logfile: FRST Logfile: FRST Logfile: FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 13-03-2014 Ran by HP (administrator) on HP-HP on 04-04-2014 03:23:07 Running from C:\Users\HP\Desktop Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard Internet Explorer Version 11 Boot Mode: Normal ==================== Processes (Whitelisted) ================= (AMD) C:\Windows\system32\atiesrxx.exe (IDT, Inc.) C:\Program Files\IDT\WDM\STacSV64.exe (Hewlett-Packard Company) C:\Windows\system32\Hpservice.exe (AMD) C:\Windows\system32\atieclxx.exe (Check Point Software Technologies LTD) C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe (Check Point Software Technologies) C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Microsoft Corporation) C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE (EasyBits Software AS) C:\Windows\SysWOW64\ezSharedSvcHost.exe (Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe (Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe (Microsoft Corporation) C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE (Check Point Software Technologies) C:\Program Files\CheckPoint\ZAForceField\ForceField.exe (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe (CyberLink) C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe (CANON INC.) C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE (Logitech Inc.) C:\Program Files\Logitech\Gaming Software\LWEMon.exe (Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe (Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe (Check Point Software Technologies LTD) C:\Program Files (x86)\CheckPoint\ZoneAlarm\zatray.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe (Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe (Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe (ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe (Synaptics Incorporated) C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE (Microsoft Corporation) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe (Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe ==================== Registry (Whitelisted) ================== HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2837288 2011-10-14] (Synaptics Incorporated) HKLM\...\Run: [SysTrayApp] - C:\Program Files\IDT\WDM\sttray64.exe [1425408 2012-01-04] (IDT, Inc.) HKLM\...\Run: [CanonSolutionMenu] - C:\Program Files (x86)\Canon\SolutionMenu\CNSLMAIN.exe [644696 2007-05-14] (CANON INC.) HKLM\...\Run: [CanonMyPrinter] - C:\Program Files\Canon\MyPrinter\BJMyPrt.exe [1840720 2007-04-03] (CANON INC.) HKLM\...\Run: [ISW] - C:\Program Files\CheckPoint\ZAForceField\ForceField.exe [1127592 2012-11-02] (Check Point Software Technologies) HKLM\...\Run: [Start WingMan Profiler] - C:\Program Files\Logitech\Gaming Software\LWEMon.exe [190472 2009-09-17] (Logitech Inc.) HKLM-x32\...\Run: [StartCCC] - C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [630912 2012-02-10] (Advanced Micro Devices, Inc.) HKLM-x32\...\Run: [Easybits Recovery] - C:\Program Files (x86)\EasyBits For Kids\ezRecover.exe [61112 2011-09-15] (EasyBits Software AS) HKLM-x32\...\Run: [HPOSD] - C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe [379960 2011-08-19] (Hewlett-Packard Development Company, L.P.) HKLM-x32\...\Run: [HP CoolSense] - C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe [1343904 2012-11-05] (Hewlett-Packard Development Company, L.P.) HKLM-x32\...\Run: [SSBkgdUpdate] - C:\Program Files (x86)\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe [210472 2006-10-25] (Nuance Communications, Inc.) HKLM-x32\...\Run: [ZoneAlarm] - C:\Program Files (x86)\CheckPoint\ZoneAlarm\zatray.exe [73392 2012-11-19] (Check Point Software Technologies LTD) HKLM-x32\...\Run: [avgnt] - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [689744 2014-02-21] (Avira Operations GmbH & Co. KG) HKLM-x32\...\Run: [HP Quick Launch] - C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe [578944 2012-03-05] (Hewlett-Packard Development Company, L.P.) HKLM\...\RunOnce: [NCPluginUpdater] - "C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe" Update [21720 2014-03-25] (Hewlett-Packard) HKLM\...\Winlogon: [Userinit] c:\windows\system32\userinit.exe,C:\Program Files\MPK\mpk.exe HKLM\...\Policies\Explorer: [EnableShellExecuteHooks] 1 HKU\S-1-5-21-4233285500-2345498560-950285895-1001\...\Policies\system: [DisableLockWorkstation] 0 HKU\S-1-5-21-4233285500-2345498560-950285895-1001\...\Policies\system: [DisableChangePassword] 0 ==================== Internet (Whitelisted) ==================== HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe SearchScopes: HKLM - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/707-111076-19270-3/4?mpre=hxxp://www.ebay.de/sch/i.html?_nkw={searchTerms} SearchScopes: HKLM-x32 - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/707-111076-19270-3/4?mpre=hxxp://www.ebay.de/sch/i.html?_nkw={searchTerms} SearchScopes: HKCU - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/707-111076-19270-3/4?mpre=hxxp://www.ebay.de/sch/i.html?_nkw={searchTerms} BHO: SteadyVideoBHO Class - {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} - C:\Program Files\AMD\SteadyVideo\SteadyVideo.dll (Advanced Micro Devices) BHO: ZoneAlarm Security Engine Registrar - {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies) BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) BHO: HP Network Check Helper - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll (Hewlett-Packard) BHO-x32: SteadyVideoBHO Class - {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} - C:\Program Files (x86)\amd\SteadyVideo\SteadyVideo.dll (Advanced Micro Devices) BHO-x32: ZoneAlarm Security Engine Registrar - {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies) BHO-x32: Windows Live ID-Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) BHO-x32: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.) BHO-x32: HP Network Check Helper - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard) Toolbar: HKLM - ZoneAlarm Security Engine - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies) Toolbar: HKLM-x32 - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.) Toolbar: HKLM-x32 - ZoneAlarm Security Engine - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies) Toolbar: HKCU - No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File Handler-x32: http\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation) Handler-x32: http\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation) Handler-x32: https\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation) Handler-x32: https\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation) Handler-x32: msdaipp\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation) Handler-x32: msdaipp\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation) Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies) Filter: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices) Filter: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices) Filter-x32: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices) Filter-x32: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices) ShellExecuteHooks-x32: EasyBits ShellExecute Hook - {E54729E8-BB3D-4270-9D49-7389EA579090} - C:\Windows\SysWOW64\ezUPBHook.dll [52920 2012-06-25] (EasyBits Software Corp.) Tcpip\Parameters: [DhcpNameServer] 192.168.2.1 FireFox: ======== FF ProfilePath: C:\Users\HP\AppData\Roaming\Mozilla\Firefox\Profiles\3qkit518.default FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_12_0_0_77.dll () FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation) FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_77.dll () FF Plugin-x32: @adobe.com/ShockwavePlayer - C:\Windows\SysWOW64\Adobe\Director\np32dsw_1203133.dll (Adobe Systems, Inc.) FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 - C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll () FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF Plugin HKCU: @Google.com/GoogleEarthPlugin - C:\Users\HP\AppData\Local\Google\Google Earth\plugin\npgeplugin.dll (Google) FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml FF Extension: Flash Video Downloader - Full HD Download - C:\Users\HP\AppData\Roaming\Mozilla\Firefox\Profiles\3qkit518.default\Extensions\artur.dubovoy@gmail.com [2014-03-10] FF HKLM\...\Firefox\Extensions: [{FFB96CC1-7EB3-449D-B827-DB661701C6BB}] - C:\Program Files\CheckPoint\ZAForceField\TrustChecker FF Extension: No Name - C:\Program Files\CheckPoint\ZAForceField\TrustChecker [2013-02-07] FF HKLM-x32\...\Firefox\Extensions: [{FFB96CC1-7EB3-449D-B827-DB661701C6BB}] - C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker FF Extension: ZoneAlarm Security Engine - C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker [2013-02-07] ==================== Services (Whitelisted) ================= R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [361984 2012-02-10] (Advanced Micro Devices, Inc.) R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [440400 2014-02-21] (Avira Operations GmbH & Co. KG) R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [440400 2014-02-21] (Avira Operations GmbH & Co. KG) S4 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\avwebg7.exe [1017424 2014-02-21] (Avira Operations GmbH & Co. KG) R2 IswSvc; C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe [827560 2012-11-02] (Check Point Software Technologies) R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation) R2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation) R2 vsmon; C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe [2447440 2012-11-19] (Check Point Software Technologies LTD) ==================== Drivers (Whitelisted) ==================== R0 amdkmpfd; C:\Windows\System32\drivers\amdkmpfd.sys [31872 2012-02-02] (Advanced Micro Devices, Inc.) U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation) R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [108440 2013-12-12] (Avira Operations GmbH & Co. KG) R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [131576 2013-12-12] (Avira Operations GmbH & Co. KG) R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-12-01] (Avira Operations GmbH & Co. KG) R2 ISWKL; C:\Program Files\CheckPoint\ZAForceField\ISWKL.sys [33712 2012-11-02] (Check Point Software Technologies) R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation) R3 RSP2STOR; C:\Windows\System32\DRIVERS\RtsP2Stor.sys [258664 2011-09-22] (Realtek Semiconductor Corp.) R1 Vsdatant; C:\Windows\System32\DRIVERS\vsdatant.sys [450136 2012-11-01] (Check Point Software Technologies LTD) S3 catchme; \??\C:\ComboFix\catchme.sys [X] ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2014-04-04 03:21 - 2014-04-04 03:21 - 00000919 _____ () C:\Users\HP\Desktop\JRT.txt 2014-04-04 03:21 - 2014-04-04 03:21 - 00000919 _____ () C:\Users\HP\Desktop\JRT neu.txt 2014-04-04 03:08 - 2014-04-04 03:08 - 00001156 _____ () C:\Users\HP\Desktop\AdwCleaner[S1].txt 2014-04-04 02:59 - 2014-04-04 02:59 - 00002254 _____ () C:\Users\HP\Desktop\MBAM NEU.txt 2014-04-04 01:10 - 2014-04-04 01:10 - 00018990 _____ () C:\Users\HP\Desktop\Combofix Neu.txt 2014-04-04 00:59 - 2014-04-04 00:59 - 00018990 _____ () C:\ComboFix.txt 2014-04-03 15:33 - 2011-06-26 08:45 - 00256000 _____ () C:\Windows\PEV.exe 2014-04-03 15:33 - 2010-11-07 19:20 - 00208896 _____ () C:\Windows\MBR.exe 2014-04-03 15:33 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe 2014-04-03 15:33 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe 2014-04-03 15:33 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe 2014-04-03 15:33 - 2000-08-31 02:00 - 00098816 _____ () C:\Windows\sed.exe 2014-04-03 15:33 - 2000-08-31 02:00 - 00080412 _____ () C:\Windows\grep.exe 2014-04-03 15:33 - 2000-08-31 02:00 - 00068096 _____ () C:\Windows\zip.exe 2014-04-03 00:55 - 2014-04-03 00:55 - 00000809 _____ () C:\Users\HP\Desktop\Korrektur 2.txt 2014-04-02 23:20 - 2014-04-02 23:20 - 02468740 _____ () C:\Users\HP\Desktop\_20140402_233504.tif 2014-04-02 15:21 - 2014-04-02 15:21 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\HP\Desktop\revosetup95_exe 2014-04-02 06:49 - 2014-04-02 07:14 - 00000924 _____ () C:\Users\HP\Desktop\Korrektur 1.txt 2014-04-02 03:51 - 2014-04-02 03:51 - 00004218 _____ () C:\Users\HP\Desktop\GMER_1.txt 2014-04-02 02:00 - 2014-04-02 02:00 - 03739840 _____ () C:\Users\HP\Desktop\Sprachproben_wma.wma 2014-04-02 00:25 - 2014-04-02 00:25 - 01968708 _____ () C:\Users\HP\Desktop\_20140402_003802.tif 2014-04-02 00:25 - 2014-04-02 00:25 - 00324314 _____ () C:\Users\HP\Desktop\_20140402_003508.tif 2014-03-29 16:32 - 2014-03-29 16:32 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox 2014-03-29 00:39 - 2014-03-29 00:41 - 00000000 ____D () C:\Users\HP\AppData\Local\Windows Live 2014-03-29 00:38 - 2014-03-29 00:38 - 00003182 _____ () C:\Users\HP\Desktop\message-rfc822-attachment.eml 2014-03-28 03:20 - 2014-03-28 05:47 - 00000985 _____ () C:\Users\HP\Desktop\GG.txt 2014-03-28 03:08 - 2014-03-28 03:10 - 00001298 _____ () C:\Users\HP\Desktop\FG.txt 2014-03-28 02:45 - 2014-03-28 03:02 - 00000550 _____ () C:\Users\HP\Desktop\DFG.txt 2014-03-28 02:41 - 2014-03-28 02:53 - 00001570 _____ () C:\Users\HP\Desktop\BG.txt 2014-03-24 05:59 - 2014-03-24 05:59 - 00987442 _____ () C:\Users\HP\Desktop\SecurityCheck.exe 2014-03-23 15:13 - 2014-03-23 15:14 - 02347384 _____ (ESET) C:\Users\HP\Desktop\esetsmartinstaller_enu.exe 2014-03-23 07:42 - 2014-03-23 07:42 - 00000000 ____D () C:\Windows\ERUNT 2014-03-23 07:38 - 2014-03-23 07:38 - 00003298 _____ () C:\Users\HP\Desktop\AdwC.txt 2014-03-23 07:25 - 2014-04-04 03:03 - 00000000 ____D () C:\AdwCleaner 2014-03-23 07:24 - 2014-03-23 07:24 - 00002168 _____ () C:\Users\HP\Desktop\MBAM.txt 2014-03-23 01:17 - 2014-03-23 01:17 - 00001119 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk 2014-03-23 01:17 - 2014-03-23 01:17 - 00000000 ____D () C:\Users\HP\AppData\Roaming\Malwarebytes 2014-03-23 01:17 - 2014-03-23 01:17 - 00000000 ____D () C:\ProgramData\Malwarebytes 2014-03-23 01:17 - 2014-03-23 01:17 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes' Anti-Malware 2014-03-23 01:17 - 2013-04-04 15:50 - 00025928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys 2014-03-22 02:49 - 2014-03-22 02:49 - 01037734 _____ (Thisisu) C:\Users\HP\Desktop\JRT.exe 2014-03-22 02:48 - 2014-03-22 02:48 - 01950720 _____ () C:\Users\HP\Desktop\adwcleaner.exe 2014-03-22 02:47 - 2014-03-22 02:47 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\HP\Desktop\mbam-setup-1.75.0.1300.exe 2014-03-21 02:31 - 2014-04-04 01:06 - 00000000 ____D () C:\Qoobox 2014-03-21 02:30 - 2014-03-21 03:57 - 00000000 ____D () C:\Windows\erdnt 2014-03-20 11:55 - 2014-04-03 15:27 - 05193944 ____R (Swearware) C:\Users\HP\Desktop\ComboFix.exe 2014-03-20 03:43 - 2014-03-20 03:43 - 00001215 _____ () C:\Users\HP\Desktop\GMER.txt 2014-03-20 03:30 - 2014-03-20 03:30 - 00033678 _____ () C:\Users\HP\Desktop\Addition.txt 2014-03-20 03:29 - 2014-04-04 03:23 - 00016657 _____ () C:\Users\HP\Desktop\FRST.txt 2014-03-20 03:28 - 2014-04-04 03:23 - 00000000 ____D () C:\FRST 2014-03-20 03:27 - 2014-03-20 03:27 - 00000466 _____ () C:\Users\HP\Desktop\defogger_disable.log 2014-03-20 03:27 - 2014-03-20 03:27 - 00000000 _____ () C:\Users\HP\defogger_reenable 2014-03-20 03:09 - 2014-03-20 03:09 - 02157056 _____ (Farbar) C:\Users\HP\Desktop\FRST64.exe 2014-03-20 03:09 - 2014-03-20 03:09 - 00380416 _____ () C:\Users\HP\Desktop\Gmer-19357.exe 2014-03-20 03:07 - 2014-03-20 03:08 - 00050477 _____ () C:\Users\HP\Desktop\Defogger.exe 2014-03-16 05:21 - 2014-03-01 07:17 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2014-03-16 05:21 - 2014-03-01 07:16 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll 2014-03-16 05:21 - 2014-03-01 06:58 - 02765824 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2014-03-16 05:21 - 2014-03-01 06:40 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll 2014-03-16 05:21 - 2014-03-01 06:30 - 17074688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2014-03-16 05:21 - 2014-03-01 05:52 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll 2014-03-16 05:21 - 2014-03-01 05:51 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll 2014-03-16 05:21 - 2014-03-01 05:47 - 02168320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2014-03-16 05:21 - 2014-03-01 05:43 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll 2014-03-16 05:21 - 2014-03-01 05:03 - 00524288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll 2014-03-16 05:21 - 2014-03-01 04:27 - 01156096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2014-03-16 05:20 - 2014-03-01 08:05 - 23133696 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2014-03-16 05:20 - 2014-03-01 06:52 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll 2014-03-16 05:20 - 2014-03-01 06:51 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll 2014-03-16 05:20 - 2014-03-01 06:42 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll 2014-03-16 05:20 - 2014-03-01 06:37 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll 2014-03-16 05:20 - 2014-03-01 06:33 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe 2014-03-16 05:20 - 2014-03-01 06:33 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe 2014-03-16 05:20 - 2014-03-01 06:32 - 00708608 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll 2014-03-16 05:20 - 2014-03-01 06:23 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe 2014-03-16 05:20 - 2014-03-01 06:17 - 00218624 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe 2014-03-16 05:20 - 2014-03-01 06:11 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb 2014-03-16 05:20 - 2014-03-01 06:02 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll 2014-03-16 05:20 - 2014-03-01 05:54 - 05768704 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2014-03-16 05:20 - 2014-03-01 05:43 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll 2014-03-16 05:20 - 2014-03-01 05:42 - 00627200 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2014-03-16 05:20 - 2014-03-01 05:40 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll 2014-03-16 05:20 - 2014-03-01 05:38 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe 2014-03-16 05:20 - 2014-03-01 05:37 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll 2014-03-16 05:20 - 2014-03-01 05:35 - 02041856 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl 2014-03-16 05:20 - 2014-03-01 05:18 - 13051904 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2014-03-16 05:20 - 2014-03-01 05:16 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll 2014-03-16 05:20 - 2014-03-01 05:14 - 04244480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll 2014-03-16 05:20 - 2014-03-01 05:10 - 02334208 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2014-03-16 05:20 - 2014-03-01 05:00 - 01964032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl 2014-03-16 05:20 - 2014-03-01 04:57 - 11266048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2014-03-16 05:20 - 2014-03-01 04:38 - 01393664 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2014-03-16 05:20 - 2014-03-01 04:32 - 01820160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2014-03-16 05:20 - 2014-03-01 04:25 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll 2014-03-16 05:20 - 2014-03-01 04:25 - 00703488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll 2014-03-16 05:20 - 2014-01-29 04:32 - 00484864 _____ (Microsoft Corporation) C:\Windows\system32\wer.dll 2014-03-16 05:20 - 2014-01-29 04:06 - 00381440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wer.dll 2014-03-16 05:20 - 2014-01-28 04:32 - 00228864 _____ (Microsoft Corporation) C:\Windows\system32\wwansvc.dll 2014-03-16 05:19 - 2014-02-07 03:23 - 03156480 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys 2014-03-16 05:19 - 2014-02-04 04:32 - 01424384 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll 2014-03-16 05:19 - 2014-02-04 04:32 - 00624128 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll 2014-03-16 05:19 - 2014-02-04 04:04 - 01230336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll 2014-03-16 05:19 - 2014-02-04 04:04 - 00509440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll 2014-03-13 16:36 - 2014-03-13 16:36 - 00029373 _____ () C:\Users\HP\Desktop\Klausurergebnisse.xlsx ==================== One Month Modified Files and Folders ======= 2014-04-04 03:23 - 2014-03-20 03:29 - 00016657 _____ () C:\Users\HP\Desktop\FRST.txt 2014-04-04 03:23 - 2014-03-20 03:28 - 00000000 ____D () C:\FRST 2014-04-04 03:21 - 2014-04-04 03:21 - 00000919 _____ () C:\Users\HP\Desktop\JRT.txt 2014-04-04 03:21 - 2014-04-04 03:21 - 00000919 _____ () C:\Users\HP\Desktop\JRT neu.txt 2014-04-04 03:13 - 2009-07-14 06:45 - 00031248 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2014-04-04 03:13 - 2009-07-14 06:45 - 00031248 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2014-04-04 03:10 - 2012-03-04 00:46 - 00700134 _____ () C:\Windows\system32\perfh007.dat 2014-04-04 03:10 - 2012-03-04 00:46 - 00149984 _____ () C:\Windows\system32\perfc007.dat 2014-04-04 03:10 - 2009-07-14 07:13 - 01622236 _____ () C:\Windows\system32\PerfStringBackup.INI 2014-04-04 03:08 - 2014-04-04 03:08 - 00001156 _____ () C:\Users\HP\Desktop\AdwCleaner[S1].txt 2014-04-04 03:05 - 2010-11-21 05:47 - 00839748 _____ () C:\Windows\PFRO.log 2014-04-04 03:05 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2014-04-04 03:05 - 2009-07-14 06:51 - 00084793 _____ () C:\Windows\setupact.log 2014-04-04 03:04 - 2013-02-01 09:44 - 01124408 _____ () C:\Windows\WindowsUpdate.log 2014-04-04 03:03 - 2014-03-23 07:25 - 00000000 ____D () C:\AdwCleaner 2014-04-04 02:59 - 2014-04-04 02:59 - 00002254 _____ () C:\Users\HP\Desktop\MBAM NEU.txt 2014-04-04 01:10 - 2014-04-04 01:10 - 00018990 _____ () C:\Users\HP\Desktop\Combofix Neu.txt 2014-04-04 01:06 - 2014-03-21 02:31 - 00000000 ____D () C:\Qoobox 2014-04-04 00:59 - 2014-04-04 00:59 - 00018990 _____ () C:\ComboFix.txt 2014-04-03 18:54 - 2009-07-14 04:34 - 00000215 _____ () C:\Windows\system.ini 2014-04-03 15:27 - 2014-03-20 11:55 - 05193944 ____R (Swearware) C:\Users\HP\Desktop\ComboFix.exe 2014-04-03 14:53 - 2013-10-02 13:25 - 00000000 _____ () C:\Windows\system32\HP_ActiveX_Patch_NOT_DETECTED.txt 2014-04-03 14:53 - 2013-02-06 14:19 - 00000052 _____ () C:\Windows\SysWOW64\DOErrors.log 2014-04-03 14:47 - 2013-02-01 09:44 - 00000000 ____D () C:\Users\HP 2014-04-03 01:09 - 2013-02-01 09:47 - 00003906 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{60B686FB-5218-4ED2-938C-C2748479D3B2} 2014-04-03 00:55 - 2014-04-03 00:55 - 00000809 _____ () C:\Users\HP\Desktop\Korrektur 2.txt 2014-04-02 23:20 - 2014-04-02 23:20 - 02468740 _____ () C:\Users\HP\Desktop\_20140402_233504.tif 2014-04-02 15:21 - 2014-04-02 15:21 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\HP\Desktop\revosetup95_exe 2014-04-02 07:14 - 2014-04-02 06:49 - 00000924 _____ () C:\Users\HP\Desktop\Korrektur 1.txt 2014-04-02 06:32 - 2013-05-06 01:20 - 00000000 ____D () C:\Users\HP\AppData\Local\CrashDumps 2014-04-02 05:34 - 2013-02-06 20:55 - 00003168 _____ () C:\Windows\System32\Tasks\HPCeeScheduleForHP 2014-04-02 05:34 - 2013-02-06 20:55 - 00000320 _____ () C:\Windows\Tasks\HPCeeScheduleForHP.job 2014-04-02 03:51 - 2014-04-02 03:51 - 00004218 _____ () C:\Users\HP\Desktop\GMER_1.txt 2014-04-02 02:00 - 2014-04-02 02:00 - 03739840 _____ () C:\Users\HP\Desktop\Sprachproben_wma.wma 2014-04-02 00:25 - 2014-04-02 00:25 - 01968708 _____ () C:\Users\HP\Desktop\_20140402_003802.tif 2014-04-02 00:25 - 2014-04-02 00:25 - 00324314 _____ () C:\Users\HP\Desktop\_20140402_003508.tif 2014-03-30 04:16 - 2013-02-08 01:46 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service 2014-03-29 16:32 - 2014-03-29 16:32 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox 2014-03-29 00:41 - 2014-03-29 00:39 - 00000000 ____D () C:\Users\HP\AppData\Local\Windows Live 2014-03-29 00:38 - 2014-03-29 00:38 - 00003182 _____ () C:\Users\HP\Desktop\message-rfc822-attachment.eml 2014-03-28 05:47 - 2014-03-28 03:20 - 00000985 _____ () C:\Users\HP\Desktop\GG.txt 2014-03-28 03:10 - 2014-03-28 03:08 - 00001298 _____ () C:\Users\HP\Desktop\FG.txt 2014-03-28 03:02 - 2014-03-28 02:45 - 00000550 _____ () C:\Users\HP\Desktop\DFG.txt 2014-03-28 02:53 - 2014-03-28 02:41 - 00001570 _____ () C:\Users\HP\Desktop\BG.txt 2014-03-24 05:59 - 2014-03-24 05:59 - 00987442 _____ () C:\Users\HP\Desktop\SecurityCheck.exe 2014-03-23 20:20 - 2013-02-12 04:18 - 00000000 ____D () C:\Users\HP\AppData\Roaming\SoftGrid Client 2014-03-23 15:14 - 2014-03-23 15:13 - 02347384 _____ (ESET) C:\Users\HP\Desktop\esetsmartinstaller_enu.exe 2014-03-23 07:42 - 2014-03-23 07:42 - 00000000 ____D () C:\Windows\ERUNT 2014-03-23 07:38 - 2014-03-23 07:38 - 00003298 _____ () C:\Users\HP\Desktop\AdwC.txt 2014-03-23 07:35 - 2013-02-07 01:36 - 00000000 ____D () C:\Users\HP\AppData\Roaming\CheckPoint 2014-03-23 07:24 - 2014-03-23 07:24 - 00002168 _____ () C:\Users\HP\Desktop\MBAM.txt 2014-03-23 01:17 - 2014-03-23 01:17 - 00001119 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk 2014-03-23 01:17 - 2014-03-23 01:17 - 00000000 ____D () C:\Users\HP\AppData\Roaming\Malwarebytes 2014-03-23 01:17 - 2014-03-23 01:17 - 00000000 ____D () C:\ProgramData\Malwarebytes 2014-03-23 01:17 - 2014-03-23 01:17 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes' Anti-Malware 2014-03-22 02:49 - 2014-03-22 02:49 - 01037734 _____ (Thisisu) C:\Users\HP\Desktop\JRT.exe 2014-03-22 02:48 - 2014-03-22 02:48 - 01950720 _____ () C:\Users\HP\Desktop\adwcleaner.exe 2014-03-22 02:47 - 2014-03-22 02:47 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\HP\Desktop\mbam-setup-1.75.0.1300.exe 2014-03-21 04:22 - 2009-07-14 05:20 - 00000000 __RHD () C:\Users\Default 2014-03-21 03:57 - 2014-03-21 02:30 - 00000000 ____D () C:\Windows\erdnt 2014-03-20 03:43 - 2014-03-20 03:43 - 00001215 _____ () C:\Users\HP\Desktop\GMER.txt 2014-03-20 03:30 - 2014-03-20 03:30 - 00033678 _____ () C:\Users\HP\Desktop\Addition.txt 2014-03-20 03:27 - 2014-03-20 03:27 - 00000466 _____ () C:\Users\HP\Desktop\defogger_disable.log 2014-03-20 03:27 - 2014-03-20 03:27 - 00000000 _____ () C:\Users\HP\defogger_reenable 2014-03-20 03:09 - 2014-03-20 03:09 - 02157056 _____ (Farbar) C:\Users\HP\Desktop\FRST64.exe 2014-03-20 03:09 - 2014-03-20 03:09 - 00380416 _____ () C:\Users\HP\Desktop\Gmer-19357.exe 2014-03-20 03:08 - 2014-03-20 03:07 - 00050477 _____ () C:\Users\HP\Desktop\Defogger.exe 2014-03-19 14:39 - 2012-03-03 16:32 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2014-03-19 14:39 - 2012-03-03 16:32 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2014-03-16 07:44 - 2009-07-14 06:45 - 00368800 _____ () C:\Windows\system32\FNTCACHE.DAT 2014-03-16 07:42 - 2013-02-15 03:18 - 00000000 ____D () C:\Program Files\Microsoft Silverlight 2014-03-16 07:42 - 2013-02-15 03:18 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight 2014-03-16 05:27 - 2013-07-17 12:08 - 00000000 ____D () C:\Windows\system32\MRT 2014-03-16 05:25 - 2013-02-05 23:10 - 90015360 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe 2014-03-16 05:11 - 2013-02-01 09:52 - 00087376 _____ () C:\Users\HP\AppData\Local\GDIPFONTCACHEV1.DAT 2014-03-13 16:36 - 2014-03-13 16:36 - 00029373 _____ () C:\Users\HP\Desktop\Klausurergebnisse.xlsx 2014-03-10 16:39 - 2013-02-15 06:21 - 00000000 ____D () C:\Users\HP\Total Some content of TEMP: ==================== C:\Users\HP\AppData\Local\Temp\avgnt.exe C:\Users\HP\AppData\Local\Temp\Quarantine.exe ==================== Bamital & volsnap Check ================= C:\Windows\System32\winlogon.exe => MD5 is legit C:\Windows\System32\wininit.exe => MD5 is legit C:\Windows\SysWOW64\wininit.exe => MD5 is legit C:\Windows\explorer.exe => MD5 is legit C:\Windows\SysWOW64\explorer.exe => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\SysWOW64\svchost.exe => MD5 is legit C:\Windows\System32\services.exe => MD5 is legit C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\SysWOW64\User32.dll => MD5 is legit C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\SysWOW64\userinit.exe => MD5 is legit C:\Windows\System32\rpcss.dll => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit LastRegBack: 2014-04-02 07:43 ==================== End Of Log ============================ --- --- --- --- --- --- --- --- --- --- --- --- Danach folgte ein Scan mit ESET. Ich habe irgendwann mitten im Scan den Rechner vom Internet getrennt, so dass der größte Teil des Scans offline erfolgt ist. Ich bekam auch keinerlei Fehlermeldung o.ä. von ESET, weswegen ich es so laufen ließ. Hier der ESET-Log: Code:
ATTFilter ESETSmartInstaller@High as downloader log: Can not open internetESETSmartInstaller@High as downloader log: Can not open internet# version=8 # OnlineScannerApp.exe=1.0.0.1 # OnlineScanner.ocx=1.0.0.6920 # api_version=3.0.2 # EOSSerial=f1048fe6a42aee4bb05ac5f8af85eb63 # engine=17748 # end=finished # remove_checked=false # archives_checked=true # unwanted_checked=false # unsafe_checked=false # antistealth_checked=true # utc_time=2014-04-04 05:07:59 # local_time=2014-04-04 07:07:59 (+0100, Mitteleuropäische Sommerzeit) # country="Germany" # lang=1033 # osver=6.1.7601 NT Service Pack 1 # compatibility_mode=1799 16775165 100 96 63873 25290651 56639 0 # compatibility_mode=5893 16776573 100 94 62885 148217929 0 0 # compatibility_mode=9217 16777214 75 4 36394304 36394304 0 0 # scanned=322407 # found=0 # cleaned=0 # scan_time=12653 Der Scan mit SecurityCheck konnte nicht ausgeführt werden, weil jedes Mal die Fehlermeldung erschien: "Unsupported operating system!" Das Log: Code:
ATTFilter UNSUPPORTED OPERATING SYSTEM! ABORTED! Schließlich führte ich einen frischen Scan mit FRST durch. Hier das Log: FRST Logfile: FRST Logfile: FRST Logfile: FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 13-03-2014 Ran by HP (administrator) on HP-HP on 04-04-2014 16:23:05 Running from C:\Users\HP\Desktop Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard Internet Explorer Version 11 Boot Mode: Normal ==================== Processes (Whitelisted) ================= (AMD) C:\Windows\system32\atiesrxx.exe (IDT, Inc.) C:\Program Files\IDT\WDM\STacSV64.exe (Hewlett-Packard Company) C:\Windows\system32\Hpservice.exe (AMD) C:\Windows\system32\atieclxx.exe (Check Point Software Technologies LTD) C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe (Check Point Software Technologies) C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Microsoft Corporation) C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE (EasyBits Software AS) C:\Windows\SysWOW64\ezSharedSvcHost.exe (Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe (Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe (Microsoft Corporation) C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe (CyberLink) C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe (CANON INC.) C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE (Logitech Inc.) C:\Program Files\Logitech\Gaming Software\LWEMon.exe (Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe (Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe (Check Point Software Technologies LTD) C:\Program Files (x86)\CheckPoint\ZoneAlarm\zatray.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe (Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe (Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe (ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe (Synaptics Incorporated) C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE (Microsoft Corporation) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe (Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe (Microsoft Corporation) C:\Program Files (x86)\Internet Explorer\IELowutil.exe (Check Point Software Technologies) C:\Program Files\CheckPoint\ZAForceField\ForceField.exe (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) C:\Windows\System32\MsSpellCheckingFacility.exe ==================== Registry (Whitelisted) ================== HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2837288 2011-10-14] (Synaptics Incorporated) HKLM\...\Run: [SysTrayApp] - C:\Program Files\IDT\WDM\sttray64.exe [1425408 2012-01-04] (IDT, Inc.) HKLM\...\Run: [CanonSolutionMenu] - C:\Program Files (x86)\Canon\SolutionMenu\CNSLMAIN.exe [644696 2007-05-14] (CANON INC.) HKLM\...\Run: [CanonMyPrinter] - C:\Program Files\Canon\MyPrinter\BJMyPrt.exe [1840720 2007-04-03] (CANON INC.) HKLM\...\Run: [ISW] - C:\Program Files\CheckPoint\ZAForceField\ForceField.exe [1127592 2012-11-02] (Check Point Software Technologies) HKLM\...\Run: [Start WingMan Profiler] - C:\Program Files\Logitech\Gaming Software\LWEMon.exe [190472 2009-09-17] (Logitech Inc.) HKLM-x32\...\Run: [StartCCC] - C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [630912 2012-02-10] (Advanced Micro Devices, Inc.) HKLM-x32\...\Run: [Easybits Recovery] - C:\Program Files (x86)\EasyBits For Kids\ezRecover.exe [61112 2011-09-15] (EasyBits Software AS) HKLM-x32\...\Run: [HPOSD] - C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe [379960 2011-08-19] (Hewlett-Packard Development Company, L.P.) HKLM-x32\...\Run: [HP CoolSense] - C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe [1343904 2012-11-05] (Hewlett-Packard Development Company, L.P.) HKLM-x32\...\Run: [SSBkgdUpdate] - C:\Program Files (x86)\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe [210472 2006-10-25] (Nuance Communications, Inc.) HKLM-x32\...\Run: [ZoneAlarm] - C:\Program Files (x86)\CheckPoint\ZoneAlarm\zatray.exe [73392 2012-11-19] (Check Point Software Technologies LTD) HKLM-x32\...\Run: [avgnt] - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [689744 2014-02-21] (Avira Operations GmbH & Co. KG) HKLM-x32\...\Run: [HP Quick Launch] - C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe [578944 2012-03-05] (Hewlett-Packard Development Company, L.P.) HKLM\...\RunOnce: [NCPluginUpdater] - "C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe" Update [21720 2014-03-25] (Hewlett-Packard) HKLM\...\Winlogon: [Userinit] c:\windows\system32\userinit.exe,C:\Program Files\MPK\mpk.exe HKLM\...\Policies\Explorer: [EnableShellExecuteHooks] 1 HKU\S-1-5-21-4233285500-2345498560-950285895-1001\...\Policies\system: [DisableLockWorkstation] 0 HKU\S-1-5-21-4233285500-2345498560-950285895-1001\...\Policies\system: [DisableChangePassword] 0 ==================== Internet (Whitelisted) ==================== HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe SearchScopes: HKLM - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/707-111076-19270-3/4?mpre=hxxp://www.ebay.de/sch/i.html?_nkw={searchTerms} SearchScopes: HKLM-x32 - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/707-111076-19270-3/4?mpre=hxxp://www.ebay.de/sch/i.html?_nkw={searchTerms} SearchScopes: HKCU - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/707-111076-19270-3/4?mpre=hxxp://www.ebay.de/sch/i.html?_nkw={searchTerms} BHO: SteadyVideoBHO Class - {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} - C:\Program Files\AMD\SteadyVideo\SteadyVideo.dll (Advanced Micro Devices) BHO: ZoneAlarm Security Engine Registrar - {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies) BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) BHO: HP Network Check Helper - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll (Hewlett-Packard) BHO-x32: SteadyVideoBHO Class - {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} - C:\Program Files (x86)\amd\SteadyVideo\SteadyVideo.dll (Advanced Micro Devices) BHO-x32: ZoneAlarm Security Engine Registrar - {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies) BHO-x32: Windows Live ID-Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) BHO-x32: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.) BHO-x32: HP Network Check Helper - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard) Toolbar: HKLM - ZoneAlarm Security Engine - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies) Toolbar: HKLM-x32 - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.) Toolbar: HKLM-x32 - ZoneAlarm Security Engine - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies) Toolbar: HKCU - No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File Handler-x32: http\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation) Handler-x32: http\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation) Handler-x32: https\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation) Handler-x32: https\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation) Handler-x32: msdaipp\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation) Handler-x32: msdaipp\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation) Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies) Filter: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices) Filter: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices) Filter-x32: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices) Filter-x32: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices) ShellExecuteHooks-x32: EasyBits ShellExecute Hook - {E54729E8-BB3D-4270-9D49-7389EA579090} - C:\Windows\SysWOW64\ezUPBHook.dll [52920 2012-06-25] (EasyBits Software Corp.) Tcpip\Parameters: [DhcpNameServer] 192.168.2.1 FireFox: ======== FF ProfilePath: C:\Users\HP\AppData\Roaming\Mozilla\Firefox\Profiles\3qkit518.default FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_12_0_0_77.dll () FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation) FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_77.dll () FF Plugin-x32: @adobe.com/ShockwavePlayer - C:\Windows\SysWOW64\Adobe\Director\np32dsw_1203133.dll (Adobe Systems, Inc.) FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 - C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll () FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF Plugin HKCU: @Google.com/GoogleEarthPlugin - C:\Users\HP\AppData\Local\Google\Google Earth\plugin\npgeplugin.dll (Google) FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml FF Extension: Flash Video Downloader - Full HD Download - C:\Users\HP\AppData\Roaming\Mozilla\Firefox\Profiles\3qkit518.default\Extensions\artur.dubovoy@gmail.com [2014-03-10] FF HKLM\...\Firefox\Extensions: [{FFB96CC1-7EB3-449D-B827-DB661701C6BB}] - C:\Program Files\CheckPoint\ZAForceField\TrustChecker FF Extension: No Name - C:\Program Files\CheckPoint\ZAForceField\TrustChecker [2013-02-07] FF HKLM-x32\...\Firefox\Extensions: [{FFB96CC1-7EB3-449D-B827-DB661701C6BB}] - C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker FF Extension: ZoneAlarm Security Engine - C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker [2013-02-07] ==================== Services (Whitelisted) ================= R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [361984 2012-02-10] (Advanced Micro Devices, Inc.) R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [440400 2014-02-21] (Avira Operations GmbH & Co. KG) R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [440400 2014-02-21] (Avira Operations GmbH & Co. KG) S4 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\avwebg7.exe [1017424 2014-02-21] (Avira Operations GmbH & Co. KG) R2 IswSvc; C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe [827560 2012-11-02] (Check Point Software Technologies) R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation) R2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation) R2 vsmon; C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe [2447440 2012-11-19] (Check Point Software Technologies LTD) ==================== Drivers (Whitelisted) ==================== R0 amdkmpfd; C:\Windows\System32\drivers\amdkmpfd.sys [31872 2012-02-02] (Advanced Micro Devices, Inc.) U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation) R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [108440 2013-12-12] (Avira Operations GmbH & Co. KG) R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [131576 2013-12-12] (Avira Operations GmbH & Co. KG) R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-12-01] (Avira Operations GmbH & Co. KG) R2 ISWKL; C:\Program Files\CheckPoint\ZAForceField\ISWKL.sys [33712 2012-11-02] (Check Point Software Technologies) R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation) R3 RSP2STOR; C:\Windows\System32\DRIVERS\RtsP2Stor.sys [258664 2011-09-22] (Realtek Semiconductor Corp.) R1 Vsdatant; C:\Windows\System32\DRIVERS\vsdatant.sys [450136 2012-11-01] (Check Point Software Technologies LTD) S3 catchme; \??\C:\ComboFix\catchme.sys [X] ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2014-04-04 15:44 - 2014-04-04 15:44 - 00000041 _____ () C:\Users\HP\Desktop\SecurityCheck.txt 2014-04-04 15:40 - 2014-04-04 15:40 - 00000860 _____ () C:\Users\HP\Desktop\ESET.txt 2014-04-04 03:21 - 2014-04-04 03:21 - 00000919 _____ () C:\Users\HP\Desktop\JRT.txt 2014-04-04 03:21 - 2014-04-04 03:21 - 00000919 _____ () C:\Users\HP\Desktop\JRT neu.txt 2014-04-04 03:08 - 2014-04-04 03:08 - 00001156 _____ () C:\Users\HP\Desktop\AdwCleaner[S1].txt 2014-04-04 02:59 - 2014-04-04 02:59 - 00002254 _____ () C:\Users\HP\Desktop\MBAM NEU.txt 2014-04-04 01:10 - 2014-04-04 01:10 - 00018990 _____ () C:\Users\HP\Desktop\Combofix Neu.txt 2014-04-04 00:59 - 2014-04-04 00:59 - 00018990 _____ () C:\ComboFix.txt 2014-04-03 15:33 - 2011-06-26 08:45 - 00256000 _____ () C:\Windows\PEV.exe 2014-04-03 15:33 - 2010-11-07 19:20 - 00208896 _____ () C:\Windows\MBR.exe 2014-04-03 15:33 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe 2014-04-03 15:33 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe 2014-04-03 15:33 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe 2014-04-03 15:33 - 2000-08-31 02:00 - 00098816 _____ () C:\Windows\sed.exe 2014-04-03 15:33 - 2000-08-31 02:00 - 00080412 _____ () C:\Windows\grep.exe 2014-04-03 15:33 - 2000-08-31 02:00 - 00068096 _____ () C:\Windows\zip.exe 2014-04-03 00:55 - 2014-04-03 00:55 - 00000809 _____ () C:\Users\HP\Desktop\Korrektur 2.txt 2014-04-02 23:20 - 2014-04-02 23:20 - 02468740 _____ () C:\Users\HP\Desktop\_20140402_233504.tif 2014-04-02 15:21 - 2014-04-02 15:21 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\HP\Desktop\revosetup95_exe 2014-04-02 06:49 - 2014-04-02 07:14 - 00000924 _____ () C:\Users\HP\Desktop\Korrektur 1.txt 2014-04-02 03:51 - 2014-04-02 03:51 - 00004218 _____ () C:\Users\HP\Desktop\GMER_1.txt 2014-04-02 02:00 - 2014-04-02 02:00 - 03739840 _____ () C:\Users\HP\Desktop\Sprachproben_wma.wma 2014-04-02 00:25 - 2014-04-02 00:25 - 01968708 _____ () C:\Users\HP\Desktop\_20140402_003802.tif 2014-04-02 00:25 - 2014-04-02 00:25 - 00324314 _____ () C:\Users\HP\Desktop\_20140402_003508.tif 2014-03-29 16:32 - 2014-03-29 16:32 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox 2014-03-29 00:39 - 2014-03-29 00:41 - 00000000 ____D () C:\Users\HP\AppData\Local\Windows Live 2014-03-29 00:38 - 2014-03-29 00:38 - 00003182 _____ () C:\Users\HP\Desktop\message-rfc822-attachment.eml 2014-03-28 03:20 - 2014-03-28 05:47 - 00000985 _____ () C:\Users\HP\Desktop\GG.txt 2014-03-28 03:08 - 2014-03-28 03:10 - 00001298 _____ () C:\Users\HP\Desktop\FG.txt 2014-03-28 02:45 - 2014-03-28 03:02 - 00000550 _____ () C:\Users\HP\Desktop\DFG.txt 2014-03-28 02:41 - 2014-03-28 02:53 - 00001570 _____ () C:\Users\HP\Desktop\BG.txt 2014-03-24 05:59 - 2014-03-24 05:59 - 00987442 _____ () C:\Users\HP\Desktop\SecurityCheck.exe 2014-03-23 15:13 - 2014-03-23 15:14 - 02347384 _____ (ESET) C:\Users\HP\Desktop\esetsmartinstaller_enu.exe 2014-03-23 07:42 - 2014-03-23 07:42 - 00000000 ____D () C:\Windows\ERUNT 2014-03-23 07:38 - 2014-03-23 07:38 - 00003298 _____ () C:\Users\HP\Desktop\AdwC.txt 2014-03-23 07:25 - 2014-04-04 03:03 - 00000000 ____D () C:\AdwCleaner 2014-03-23 07:24 - 2014-03-23 07:24 - 00002168 _____ () C:\Users\HP\Desktop\MBAM.txt 2014-03-23 01:17 - 2014-03-23 01:17 - 00001119 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk 2014-03-23 01:17 - 2014-03-23 01:17 - 00000000 ____D () C:\Users\HP\AppData\Roaming\Malwarebytes 2014-03-23 01:17 - 2014-03-23 01:17 - 00000000 ____D () C:\ProgramData\Malwarebytes 2014-03-23 01:17 - 2014-03-23 01:17 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes' Anti-Malware 2014-03-23 01:17 - 2013-04-04 15:50 - 00025928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys 2014-03-22 02:49 - 2014-03-22 02:49 - 01037734 _____ (Thisisu) C:\Users\HP\Desktop\JRT.exe 2014-03-22 02:48 - 2014-03-22 02:48 - 01950720 _____ () C:\Users\HP\Desktop\adwcleaner.exe 2014-03-22 02:47 - 2014-03-22 02:47 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\HP\Desktop\mbam-setup-1.75.0.1300.exe 2014-03-21 02:31 - 2014-04-04 01:06 - 00000000 ____D () C:\Qoobox 2014-03-21 02:30 - 2014-03-21 03:57 - 00000000 ____D () C:\Windows\erdnt 2014-03-20 11:55 - 2014-04-03 15:27 - 05193944 ____R (Swearware) C:\Users\HP\Desktop\ComboFix.exe 2014-03-20 03:43 - 2014-03-20 03:43 - 00001215 _____ () C:\Users\HP\Desktop\GMER.txt 2014-03-20 03:30 - 2014-03-20 03:30 - 00033678 _____ () C:\Users\HP\Desktop\Addition.txt 2014-03-20 03:29 - 2014-04-04 16:23 - 00016957 _____ () C:\Users\HP\Desktop\FRST.txt 2014-03-20 03:28 - 2014-04-04 16:23 - 00000000 ____D () C:\FRST 2014-03-20 03:27 - 2014-03-20 03:27 - 00000466 _____ () C:\Users\HP\Desktop\defogger_disable.log 2014-03-20 03:27 - 2014-03-20 03:27 - 00000000 _____ () C:\Users\HP\defogger_reenable 2014-03-20 03:09 - 2014-03-20 03:09 - 02157056 _____ (Farbar) C:\Users\HP\Desktop\FRST64.exe 2014-03-20 03:09 - 2014-03-20 03:09 - 00380416 _____ () C:\Users\HP\Desktop\Gmer-19357.exe 2014-03-20 03:07 - 2014-03-20 03:08 - 00050477 _____ () C:\Users\HP\Desktop\Defogger.exe 2014-03-16 05:21 - 2014-03-01 07:17 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2014-03-16 05:21 - 2014-03-01 07:16 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll 2014-03-16 05:21 - 2014-03-01 06:58 - 02765824 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2014-03-16 05:21 - 2014-03-01 06:40 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll 2014-03-16 05:21 - 2014-03-01 06:30 - 17074688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2014-03-16 05:21 - 2014-03-01 05:52 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll 2014-03-16 05:21 - 2014-03-01 05:51 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll 2014-03-16 05:21 - 2014-03-01 05:47 - 02168320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2014-03-16 05:21 - 2014-03-01 05:43 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll 2014-03-16 05:21 - 2014-03-01 05:03 - 00524288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll 2014-03-16 05:21 - 2014-03-01 04:27 - 01156096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2014-03-16 05:20 - 2014-03-01 08:05 - 23133696 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2014-03-16 05:20 - 2014-03-01 06:52 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll 2014-03-16 05:20 - 2014-03-01 06:51 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll 2014-03-16 05:20 - 2014-03-01 06:42 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll 2014-03-16 05:20 - 2014-03-01 06:37 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll 2014-03-16 05:20 - 2014-03-01 06:33 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe 2014-03-16 05:20 - 2014-03-01 06:33 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe 2014-03-16 05:20 - 2014-03-01 06:32 - 00708608 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll 2014-03-16 05:20 - 2014-03-01 06:23 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe 2014-03-16 05:20 - 2014-03-01 06:17 - 00218624 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe 2014-03-16 05:20 - 2014-03-01 06:11 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb 2014-03-16 05:20 - 2014-03-01 06:02 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll 2014-03-16 05:20 - 2014-03-01 05:54 - 05768704 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2014-03-16 05:20 - 2014-03-01 05:43 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll 2014-03-16 05:20 - 2014-03-01 05:42 - 00627200 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2014-03-16 05:20 - 2014-03-01 05:40 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll 2014-03-16 05:20 - 2014-03-01 05:38 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe 2014-03-16 05:20 - 2014-03-01 05:37 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll 2014-03-16 05:20 - 2014-03-01 05:35 - 02041856 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl 2014-03-16 05:20 - 2014-03-01 05:18 - 13051904 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2014-03-16 05:20 - 2014-03-01 05:16 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll 2014-03-16 05:20 - 2014-03-01 05:14 - 04244480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll 2014-03-16 05:20 - 2014-03-01 05:10 - 02334208 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2014-03-16 05:20 - 2014-03-01 05:00 - 01964032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl 2014-03-16 05:20 - 2014-03-01 04:57 - 11266048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2014-03-16 05:20 - 2014-03-01 04:38 - 01393664 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2014-03-16 05:20 - 2014-03-01 04:32 - 01820160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2014-03-16 05:20 - 2014-03-01 04:25 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll 2014-03-16 05:20 - 2014-03-01 04:25 - 00703488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll 2014-03-16 05:20 - 2014-01-29 04:32 - 00484864 _____ (Microsoft Corporation) C:\Windows\system32\wer.dll 2014-03-16 05:20 - 2014-01-29 04:06 - 00381440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wer.dll 2014-03-16 05:20 - 2014-01-28 04:32 - 00228864 _____ (Microsoft Corporation) C:\Windows\system32\wwansvc.dll 2014-03-16 05:19 - 2014-02-07 03:23 - 03156480 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys 2014-03-16 05:19 - 2014-02-04 04:32 - 01424384 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll 2014-03-16 05:19 - 2014-02-04 04:32 - 00624128 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll 2014-03-16 05:19 - 2014-02-04 04:04 - 01230336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll 2014-03-16 05:19 - 2014-02-04 04:04 - 00509440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll 2014-03-13 16:36 - 2014-03-13 16:36 - 00029373 _____ () C:\Users\HP\Desktop\Klausurergebnisse.xlsx ==================== One Month Modified Files and Folders ======= 2014-04-04 16:23 - 2014-03-20 03:29 - 00016957 _____ () C:\Users\HP\Desktop\FRST.txt 2014-04-04 16:23 - 2014-03-20 03:28 - 00000000 ____D () C:\FRST 2014-04-04 15:50 - 2009-07-14 06:45 - 00031248 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2014-04-04 15:50 - 2009-07-14 06:45 - 00031248 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2014-04-04 15:44 - 2014-04-04 15:44 - 00000041 _____ () C:\Users\HP\Desktop\SecurityCheck.txt 2014-04-04 15:40 - 2014-04-04 15:40 - 00000860 _____ () C:\Users\HP\Desktop\ESET.txt 2014-04-04 07:25 - 2013-02-01 09:44 - 01152026 _____ () C:\Windows\WindowsUpdate.log 2014-04-04 03:32 - 2013-02-01 09:47 - 00003906 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{60B686FB-5218-4ED2-938C-C2748479D3B2} 2014-04-04 03:28 - 2012-03-04 00:46 - 00700134 _____ () C:\Windows\system32\perfh007.dat 2014-04-04 03:28 - 2012-03-04 00:46 - 00149984 _____ () C:\Windows\system32\perfc007.dat 2014-04-04 03:28 - 2009-07-14 07:13 - 01622236 _____ () C:\Windows\system32\PerfStringBackup.INI 2014-04-04 03:21 - 2014-04-04 03:21 - 00000919 _____ () C:\Users\HP\Desktop\JRT.txt 2014-04-04 03:21 - 2014-04-04 03:21 - 00000919 _____ () C:\Users\HP\Desktop\JRT neu.txt 2014-04-04 03:08 - 2014-04-04 03:08 - 00001156 _____ () C:\Users\HP\Desktop\AdwCleaner[S1].txt 2014-04-04 03:05 - 2010-11-21 05:47 - 00839748 _____ () C:\Windows\PFRO.log 2014-04-04 03:05 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2014-04-04 03:05 - 2009-07-14 06:51 - 00084793 _____ () C:\Windows\setupact.log 2014-04-04 03:03 - 2014-03-23 07:25 - 00000000 ____D () C:\AdwCleaner 2014-04-04 02:59 - 2014-04-04 02:59 - 00002254 _____ () C:\Users\HP\Desktop\MBAM NEU.txt 2014-04-04 01:10 - 2014-04-04 01:10 - 00018990 _____ () C:\Users\HP\Desktop\Combofix Neu.txt 2014-04-04 01:06 - 2014-03-21 02:31 - 00000000 ____D () C:\Qoobox 2014-04-04 00:59 - 2014-04-04 00:59 - 00018990 _____ () C:\ComboFix.txt 2014-04-03 18:54 - 2009-07-14 04:34 - 00000215 _____ () C:\Windows\system.ini 2014-04-03 15:27 - 2014-03-20 11:55 - 05193944 ____R (Swearware) C:\Users\HP\Desktop\ComboFix.exe 2014-04-03 14:53 - 2013-10-02 13:25 - 00000000 _____ () C:\Windows\system32\HP_ActiveX_Patch_NOT_DETECTED.txt 2014-04-03 14:53 - 2013-02-06 14:19 - 00000052 _____ () C:\Windows\SysWOW64\DOErrors.log 2014-04-03 14:47 - 2013-02-01 09:44 - 00000000 ____D () C:\Users\HP 2014-04-03 00:55 - 2014-04-03 00:55 - 00000809 _____ () C:\Users\HP\Desktop\Korrektur 2.txt 2014-04-02 23:20 - 2014-04-02 23:20 - 02468740 _____ () C:\Users\HP\Desktop\_20140402_233504.tif 2014-04-02 15:21 - 2014-04-02 15:21 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\HP\Desktop\revosetup95_exe 2014-04-02 07:14 - 2014-04-02 06:49 - 00000924 _____ () C:\Users\HP\Desktop\Korrektur 1.txt 2014-04-02 06:32 - 2013-05-06 01:20 - 00000000 ____D () C:\Users\HP\AppData\Local\CrashDumps 2014-04-02 05:34 - 2013-02-06 20:55 - 00003168 _____ () C:\Windows\System32\Tasks\HPCeeScheduleForHP 2014-04-02 05:34 - 2013-02-06 20:55 - 00000320 _____ () C:\Windows\Tasks\HPCeeScheduleForHP.job 2014-04-02 03:51 - 2014-04-02 03:51 - 00004218 _____ () C:\Users\HP\Desktop\GMER_1.txt 2014-04-02 02:00 - 2014-04-02 02:00 - 03739840 _____ () C:\Users\HP\Desktop\Sprachproben_wma.wma 2014-04-02 00:25 - 2014-04-02 00:25 - 01968708 _____ () C:\Users\HP\Desktop\_20140402_003802.tif 2014-04-02 00:25 - 2014-04-02 00:25 - 00324314 _____ () C:\Users\HP\Desktop\_20140402_003508.tif 2014-03-30 04:16 - 2013-02-08 01:46 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service 2014-03-29 16:32 - 2014-03-29 16:32 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox 2014-03-29 00:41 - 2014-03-29 00:39 - 00000000 ____D () C:\Users\HP\AppData\Local\Windows Live 2014-03-29 00:38 - 2014-03-29 00:38 - 00003182 _____ () C:\Users\HP\Desktop\message-rfc822-attachment.eml 2014-03-28 05:47 - 2014-03-28 03:20 - 00000985 _____ () C:\Users\HP\Desktop\GG.txt 2014-03-28 03:10 - 2014-03-28 03:08 - 00001298 _____ () C:\Users\HP\Desktop\FG.txt 2014-03-28 03:02 - 2014-03-28 02:45 - 00000550 _____ () C:\Users\HP\Desktop\DFG.txt 2014-03-28 02:53 - 2014-03-28 02:41 - 00001570 _____ () C:\Users\HP\Desktop\BG.txt 2014-03-24 05:59 - 2014-03-24 05:59 - 00987442 _____ () C:\Users\HP\Desktop\SecurityCheck.exe 2014-03-23 20:20 - 2013-02-12 04:18 - 00000000 ____D () C:\Users\HP\AppData\Roaming\SoftGrid Client 2014-03-23 15:14 - 2014-03-23 15:13 - 02347384 _____ (ESET) C:\Users\HP\Desktop\esetsmartinstaller_enu.exe 2014-03-23 07:42 - 2014-03-23 07:42 - 00000000 ____D () C:\Windows\ERUNT 2014-03-23 07:38 - 2014-03-23 07:38 - 00003298 _____ () C:\Users\HP\Desktop\AdwC.txt 2014-03-23 07:35 - 2013-02-07 01:36 - 00000000 ____D () C:\Users\HP\AppData\Roaming\CheckPoint 2014-03-23 07:24 - 2014-03-23 07:24 - 00002168 _____ () C:\Users\HP\Desktop\MBAM.txt 2014-03-23 01:17 - 2014-03-23 01:17 - 00001119 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk 2014-03-23 01:17 - 2014-03-23 01:17 - 00000000 ____D () C:\Users\HP\AppData\Roaming\Malwarebytes 2014-03-23 01:17 - 2014-03-23 01:17 - 00000000 ____D () C:\ProgramData\Malwarebytes 2014-03-23 01:17 - 2014-03-23 01:17 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes' Anti-Malware 2014-03-22 02:49 - 2014-03-22 02:49 - 01037734 _____ (Thisisu) C:\Users\HP\Desktop\JRT.exe 2014-03-22 02:48 - 2014-03-22 02:48 - 01950720 _____ () C:\Users\HP\Desktop\adwcleaner.exe 2014-03-22 02:47 - 2014-03-22 02:47 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\HP\Desktop\mbam-setup-1.75.0.1300.exe 2014-03-21 04:22 - 2009-07-14 05:20 - 00000000 __RHD () C:\Users\Default 2014-03-21 03:57 - 2014-03-21 02:30 - 00000000 ____D () C:\Windows\erdnt 2014-03-20 03:43 - 2014-03-20 03:43 - 00001215 _____ () C:\Users\HP\Desktop\GMER.txt 2014-03-20 03:30 - 2014-03-20 03:30 - 00033678 _____ () C:\Users\HP\Desktop\Addition.txt 2014-03-20 03:27 - 2014-03-20 03:27 - 00000466 _____ () C:\Users\HP\Desktop\defogger_disable.log 2014-03-20 03:27 - 2014-03-20 03:27 - 00000000 _____ () C:\Users\HP\defogger_reenable 2014-03-20 03:09 - 2014-03-20 03:09 - 02157056 _____ (Farbar) C:\Users\HP\Desktop\FRST64.exe 2014-03-20 03:09 - 2014-03-20 03:09 - 00380416 _____ () C:\Users\HP\Desktop\Gmer-19357.exe 2014-03-20 03:08 - 2014-03-20 03:07 - 00050477 _____ () C:\Users\HP\Desktop\Defogger.exe 2014-03-19 14:39 - 2012-03-03 16:32 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2014-03-19 14:39 - 2012-03-03 16:32 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2014-03-16 07:44 - 2009-07-14 06:45 - 00368800 _____ () C:\Windows\system32\FNTCACHE.DAT 2014-03-16 07:42 - 2013-02-15 03:18 - 00000000 ____D () C:\Program Files\Microsoft Silverlight 2014-03-16 07:42 - 2013-02-15 03:18 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight 2014-03-16 05:27 - 2013-07-17 12:08 - 00000000 ____D () C:\Windows\system32\MRT 2014-03-16 05:25 - 2013-02-05 23:10 - 90015360 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe 2014-03-16 05:11 - 2013-02-01 09:52 - 00087376 _____ () C:\Users\HP\AppData\Local\GDIPFONTCACHEV1.DAT 2014-03-13 16:36 - 2014-03-13 16:36 - 00029373 _____ () C:\Users\HP\Desktop\Klausurergebnisse.xlsx 2014-03-10 16:39 - 2013-02-15 06:21 - 00000000 ____D () C:\Users\HP\Total Some content of TEMP: ==================== C:\Users\HP\AppData\Local\Temp\avgnt.exe C:\Users\HP\AppData\Local\Temp\Quarantine.exe ==================== Bamital & volsnap Check ================= C:\Windows\System32\winlogon.exe => MD5 is legit C:\Windows\System32\wininit.exe => MD5 is legit C:\Windows\SysWOW64\wininit.exe => MD5 is legit C:\Windows\explorer.exe => MD5 is legit C:\Windows\SysWOW64\explorer.exe => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\SysWOW64\svchost.exe => MD5 is legit C:\Windows\System32\services.exe => MD5 is legit C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\SysWOW64\User32.dll => MD5 is legit C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\SysWOW64\userinit.exe => MD5 is legit C:\Windows\System32\rpcss.dll => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit LastRegBack: 2014-04-02 07:43 ==================== End Of Log ============================ --- --- --- --- --- --- --- --- --- --- --- --- Ich schreibe die letzten Zeilen und sowohl der Rechner als auch das Internet sind gerade ungewöhnlich langsam geworden, dabei geht der Lüfter wieder hoch... Gruß Balsberg EDIT: Nun kann Firefox wieder auf die Threads vom Trojaner-board.de zugreifen... Was mir noch aufgefallen ist: in den letzten 3-Monaten hatte ich beim Surfen mit Firefox praktisch jedes Mal die Fehlermeldung, dass der Adobe Flashplayer Plug-in abgestürzt sei. Darin habe ich keine Bedrohung gesehen - im Gegenteil, ich war froh, diese lästigen Werbebanner loszusein, die heutzutage quasi jede Seite schmücken... Seit den letzten Scans bekam ich diese Fehlermeldung bisher nicht. Das würde in meinen Augen dafür sprechen, dass der Flashplayer infiziert war. Aber wie gesagt: ich bin nicht vom Fach... |
Themen zu Computer bzw. Firefox seit einiger Zeit langsam, dabei Lüfter auf Hochtouren |
antivir, antivirus, appl/somoto.gen, avira, bingbar, branding, canon, computer, defender, device driver, error, failed, festplatte, firefox, firefox langsam, flash player, frage, home, hängen, installation, langsam, launch, lüftergeschwindigkeit, malware, mozilla, programm, realtek, registry, security, seltsames, software, warnung, wildtangent games, windows, windows xp |