| |
| |||||||
Log-Analyse und Auswertung: Windows 7: Verlinkungen und Popups in ChromeWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
22.03.2014, 11:02
| #1 |
| |  Windows 7: Verlinkungen und Popups in Chrome Hallo an Alle, ich habe ein ähnliches Problem wie das gestern Abend von "Sherry93" beschriebene. Es werden Links in Website-Texten gesetzt und es gehen Popup-Fenster auf. Zur Vorgeschichte: Ich habe gestern "FreeOCR" installiert und da hat sich "Registry Helper" mitinstalliert was ich jedoch schon wieder deinstalliert habe. FRST-Text: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 13-03-2014 01
Ran by David (administrator) on DAVID-PC on 22-03-2014 10:53:36
Running from C:\Users\David\Downloads
Microsoft Windows 7 Professional Service Pack 1 (X86) OS Language: German Standard
Internet Explorer Version 11
Boot Mode: Normal
The only official download link for FRST:
Download link for 32-Bit version: hxxp://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: hxxp://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avguard.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE
(APN LLC.) C:\Program Files\AskPartnerNetwork\Toolbar\apnmcp.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
(Adobe Systems Incorporated) C:\Program Files\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Geek Software GmbH) C:\Program Files\PDF24\pdf24.exe
(Adobe Systems Incorporated) C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe
(Adobe Systems Incorporated) C:\Program Files\Common Files\Adobe\CEPServiceManager4\CEPServiceManager.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
() C:\Program Files\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe
(Microsoft Corporation) C:\Windows\system32\wbem\unsecapp.exe
(Adobe Systems Incorporated) C:\Program Files\Adobe\Elements 12 Organizer\PhotoshopElementsFileAgent.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Conduit) C:\Program Files\SearchProtect\Main\bin\CltMngSvc.exe
() C:\Program Files\V-bates\ExtensionUpdaterService.exe
(Microsoft Corporation) C:\Program Files\Windows Media Player\wmplayer.exe
(Foxit Corporation) C:\Users\David\AppData\Local\Temp\Foxit Reader Updater.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\system32\cmd.exe
() C:\Program Files\V-bates\NMHClient.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avcenter.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avscan.exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [avgnt] - C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [689744 2014-02-20] (Avira Operations GmbH & Co. KG)
HKLM\...\Run: [ApnTBMon] - C:\Program Files\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe [1758160 2014-02-13] (APN)
HKLM\...\Run: [GrooveMonitor] - C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [31016 2006-10-26] (Microsoft Corporation)
HKLM\...\Run: [Adobe ARM] - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM\...\Run: [AdobeAAMUpdater-1.0] - C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [472984 2013-09-25] (Adobe Systems Incorporated)
HKLM\...\Run: [Adobe Creative Cloud] - C:\Program Files\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe [2237328 2013-11-05] (Adobe Systems Incorporated)
HKLM\...\Run: [SunJavaUpdateSched] - C:\Program Files\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM\...\Run: [PDFPrint] - C:\Program Files\PDF24\pdf24.exe [189480 2014-02-06] (Geek Software GmbH)
AppInit_DLLs: C:\PROGRA~1\SearchProtect\SearchProtect\bin\SPVC32Loader.dll => C:\Program Files\SearchProtect\SearchProtect\bin\SPVC32Loader.dll [1050912 2014-03-03] (Conduit)
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x65FDA83E2C7ACE01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
SearchScopes: HKCU - {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = hxxp://www.delta-search.com/?q={searchTerms}&babsrc=SP_ss&mntrId=3C4F001F161781A6&affID=119357&tt=040713_xmlful&tsp=4939
BHO: V-bates - {21EAF666-26B3-4a3c-ABD0-CA2F5A326744} - C:\Program Files\V-bates\Extension32.dll ()
BHO: Avira SearchFree Toolbar - {41564952-412D-5637-00A7-7A786E7484D7} - C:\Program Files\AskPartnerNetwork\Toolbar\AVIRA-V7\Passport.dll (APN LLC.)
BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - Avira SearchFree Toolbar - {41564952-412D-5637-00A7-7A786E7484D7} - C:\Program Files\AskPartnerNetwork\Toolbar\AVIRA-V7\Passport.dll (APN LLC.)
Toolbar: HKCU - Avira SearchFree Toolbar - {41564952-412D-5637-00A7-7A786E7484D7} - C:\Program Files\AskPartnerNetwork\Toolbar\AVIRA-V7\Passport.dll (APN LLC.)
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
Winsock: Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [152864] (Apple Inc.)
Winsock: Catalog9 01 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [257608] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 02 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [257608] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 03 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [257608] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 04 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [257608] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 05 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [257608] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 06 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [257608] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 07 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [257608] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 08 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [257608] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 19 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [257608] (Avira Operations GmbH & Co. KG)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1
FireFox:
========
FF ProfilePath: C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\et9h69v2.default-1385554400356
FF user.js: detected! => C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\et9h69v2.default-1385554400356\user.js
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_11_9_900_117.dll ()
FF Plugin: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf - C:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll No File
FF Plugin: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf - C:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll No File
FF Plugin: @java.com/DTPlugin,version=10.51.2 - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.51.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @nvidia.com/3DVision - C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin: @nvidia.com/3DVisionStreaming - C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @videolan.org/vlc,version=2.0.8 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin: adobe.com/AdobeAAMDetect - C:\Program Files\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll (Adobe Systems)
FF HKLM\...\Firefox\Extensions: [{21EAF666-26B3-4a3c-ABD0-CA2F5A326744}] - C:\Program Files\V-bates\Firefox
FF Extension: V-bates - C:\Program Files\V-bates\Firefox [2014-03-21]
Chrome:
=======
CHR Extension: (Avira SearchFree Toolbar plus Web Protection) - C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Extensions\aaaaacalgebmfelllfiaoknifldpngjh [2013-12-07]
CHR Extension: (Google Docs) - C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-12-07]
CHR Extension: (Google Drive) - C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-12-07]
CHR Extension: (YouTube) - C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-12-07]
CHR Extension: (Google-Suche) - C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-12-07]
CHR Extension: (V-bates) - C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Extensions\ljmibnagodajacnnbifpamhggcohblip [2014-03-22]
CHR Extension: (Google Wallet) - C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-12-07]
CHR Extension: (Google Mail) - C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-12-07]
CHR HKLM\...\Chrome\Extension: [aaaaacalgebmfelllfiaoknifldpngjh] - C:\ProgramData\AskPartnerNetwork\Toolbar\AVIRA-V7\CRX\ToolbarCR.crx [2014-02-20]
========================== Services (Whitelisted) =================
R2 AdobeActiveFileMonitor12.0; C:\Program Files\Adobe\Elements 12 Organizer\PhotoshopElementsFileAgent.exe [181152 2013-09-03] (Adobe Systems Incorporated)
R2 AntiVirSchedulerService; C:\Program Files\Avira\AntiVir Desktop\sched.exe [440400 2014-02-20] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [440400 2014-02-20] (Avira Operations GmbH & Co. KG)
R2 AntiVirWebService; C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE [1017424 2014-02-20] (Avira Operations GmbH & Co. KG)
R2 APNMCP; C:\Program Files\AskPartnerNetwork\Toolbar\apnmcp.exe [166352 2014-02-13] (APN LLC.)
R2 CltMngSvc; C:\Program Files\SearchProtect\Main\bin\CltMngSvc.exe [2454816 2014-03-03] (Conduit)
R2 V-bates Updater; C:\Program Files\V-bates\ExtensionUpdaterService.exe [209408 2014-02-26] ()
==================== Drivers (Whitelisted) ====================
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [90400 2013-12-12] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [135648 2013-12-12] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [37352 2013-11-27] (Avira Operations GmbH & Co. KG)
R0 PxHelp20; C:\Windows\System32\drivers\PxHelp20.sys [46096 2013-07-19] (Corel Corporation)
R1 ssmdrv; C:\Windows\System32\DRIVERS\ssmdrv.sys [28520 2013-07-06] (Avira GmbH)
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2014-03-22 10:32 - 2014-03-22 10:53 - 00012821 _____ () C:\Users\David\Downloads\FRST.txt
2014-03-22 10:32 - 2014-03-22 10:53 - 00000000 ____D () C:\FRST
2014-03-22 10:32 - 2014-03-22 10:33 - 00020380 _____ () C:\Users\David\Downloads\Addition.txt
2014-03-22 10:31 - 2014-03-22 10:31 - 01145856 _____ (Farbar) C:\Users\David\Downloads\FRST.exe
2014-03-22 08:54 - 2014-03-22 08:54 - 00000000 ____D () C:\Users\David\AppData\Local\FreeOCR
2014-03-21 17:14 - 2014-03-21 17:14 - 01373777 _____ () C:\Users\David\Downloads\tesseract-2.00.deu.tar.gz
2014-03-21 17:11 - 2014-03-22 08:55 - 00000000 ____D () C:\Program Files\Registry Helper
2014-03-21 17:11 - 2014-03-21 17:18 - 00000000 ____D () C:\FreeOCR
2014-03-21 17:11 - 2007-03-10 09:11 - 02680320 _____ (HiComponents) C:\Windows\system32\ImageEnXLibrary.ocx
2014-03-21 17:10 - 2014-03-22 10:40 - 00000282 _____ () C:\Windows\Tasks\FF Watcher {4308B9BD-EDA4-435D-A681-11759066F812}.job
2014-03-21 17:10 - 2014-03-21 17:10 - 00000000 ____D () C:\Users\David\AppData\Local\SearchProtect
2014-03-21 17:10 - 2014-03-21 17:10 - 00000000 ____D () C:\Program Files\V-bates
2014-03-21 17:10 - 2014-03-21 17:10 - 00000000 ____D () C:\Program Files\SearchProtect
2014-03-21 17:08 - 2014-03-21 17:08 - 00414625 _____ ( ) C:\Users\David\Downloads\freeocr_422.exe
2014-03-20 21:42 - 2014-03-20 21:42 - 00000000 ____D () C:\Users\David\AppData\Roaming\com.wd.WDMyCloud
2014-03-20 21:42 - 2014-03-20 21:42 - 00000000 ____D () C:\Program Files\Western Digital
2014-03-20 21:41 - 2014-03-20 21:41 - 00000000 ____D () C:\Users\David\AppData\Local\Western Digital
2014-03-20 21:41 - 2014-03-20 21:41 - 00000000 ____D () C:\ProgramData\Apple
2014-03-20 21:41 - 2014-03-20 21:41 - 00000000 ____D () C:\Program Files\Bonjour Print Services
2014-03-20 21:41 - 2014-03-20 21:41 - 00000000 ____D () C:\Program Files\Bonjour
2014-03-20 21:38 - 2014-03-20 21:41 - 64320016 _____ () C:\Users\David\Downloads\WDMyCloud_win.exe
2014-03-20 21:35 - 2014-03-20 21:35 - 00000000 ____D () C:\Users\David\AppData\Roaming\WDC
2014-03-19 12:45 - 2014-03-19 12:45 - 00052021 _____ () C:\Users\David\Downloads\Serpentine-Bold.ttf
2014-03-14 14:11 - 2014-03-01 05:30 - 17074688 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-03-14 14:11 - 2014-03-01 05:11 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-03-14 14:11 - 2014-03-01 05:10 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-03-14 14:11 - 2014-03-01 04:52 - 00061952 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-03-14 14:11 - 2014-03-01 04:51 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-03-14 14:11 - 2014-03-01 04:47 - 02168320 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-03-14 14:11 - 2014-03-01 04:43 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-03-14 14:11 - 2014-03-01 04:43 - 00032768 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-03-14 14:11 - 2014-03-01 04:40 - 00440832 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-03-14 14:11 - 2014-03-01 04:38 - 00112128 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-03-14 14:11 - 2014-03-01 04:38 - 00108032 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-03-14 14:11 - 2014-03-01 04:37 - 00553472 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-03-14 14:11 - 2014-03-01 04:31 - 00646144 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-03-14 14:11 - 2014-03-01 04:25 - 00208896 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-03-14 14:11 - 2014-03-01 04:16 - 00164864 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-03-14 14:11 - 2014-03-01 04:14 - 04244480 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-03-14 14:11 - 2014-03-01 04:03 - 00524288 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-03-14 14:11 - 2014-03-01 04:00 - 01964032 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-03-14 14:11 - 2014-03-01 03:57 - 11266048 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-03-14 14:11 - 2014-03-01 03:32 - 01820160 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-03-14 14:11 - 2014-03-01 03:27 - 01156096 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-03-14 14:11 - 2014-03-01 03:25 - 00703488 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-03-14 14:11 - 2014-02-04 03:04 - 00509440 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2014-03-14 14:09 - 2014-02-07 02:07 - 02349056 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-03-14 14:09 - 2014-02-04 03:04 - 01230336 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2014-03-14 14:09 - 2014-01-29 03:06 - 00381440 _____ (Microsoft Corporation) C:\Windows\system32\wer.dll
2014-03-14 14:09 - 2014-01-28 03:07 - 00185344 _____ (Microsoft Corporation) C:\Windows\system32\wwansvc.dll
2014-03-05 17:12 - 2014-03-05 17:12 - 00000000 ____D () C:\Windows\system32\appmgmt
2014-03-05 17:12 - 2014-03-05 17:12 - 00000000 ____D () C:\Program Files\Common Files\PDF Architect
2014-03-05 17:11 - 2014-03-05 17:11 - 00000000 ____D () C:\Users\David\AppData\Roaming\PDF Architect
2014-03-05 17:07 - 2014-03-05 17:07 - 00000000 ____D () C:\Users\David\AppData\Local\PDF24
2014-03-05 17:07 - 2014-03-05 17:07 - 00000000 ____D () C:\Program Files\PDF24
2014-03-05 17:04 - 2014-03-05 17:05 - 16204160 _____ (Geek Software GmbH ) C:\Users\David\Downloads\pdf24-creator-6.3.2.exe
2014-03-05 17:03 - 2014-03-05 17:03 - 00613200 _____ (Chip Digital GmbH) C:\Users\David\Downloads\PDF24 Creator - CHIP-Downloader.exe
2014-03-05 16:57 - 2014-03-05 16:58 - 00000000 ____D () C:\Program Files\PDFCreator
2014-03-05 16:57 - 2014-03-05 16:57 - 00000000 ____D () C:\Users\David\AppData\Roaming\pdfforge
2014-03-05 16:57 - 2013-04-09 14:13 - 00095416 _____ (pdfforge GmbH) C:\Windows\system32\pdfcmon.dll
2014-03-05 16:57 - 2012-05-05 10:54 - 00137000 _____ (Microsoft Corporation) C:\Windows\system32\MSMAPI32.OCX
2014-03-05 16:57 - 2012-05-05 10:54 - 00023552 _____ (Microsoft Corporation) C:\Windows\system32\MSMPIDE.DLL
2014-03-05 16:57 - 1998-07-06 17:56 - 00125712 _____ (Microsoft Corporation) C:\Windows\system32\VB6DE.DLL
2014-03-05 16:57 - 1998-07-06 17:55 - 00158208 _____ (Microsoft Corporation) C:\Windows\system32\MSCMCDE.DLL
2014-03-05 16:57 - 1998-07-06 17:55 - 00064512 _____ (Microsoft Corporation) C:\Windows\system32\MSCC2DE.DLL
2014-03-05 16:54 - 2014-03-05 16:55 - 69734576 _____ (pdfforge ) C:\Users\David\Downloads\PDFCreator-1_7_2_setup_offline.exe
2014-02-26 23:18 - 2014-02-26 23:18 - 00798208 _____ () C:\Users\David\Documents\Rescue1.asd
2014-02-25 17:04 - 2014-02-25 17:04 - 00000000 ____D () C:\Program Files\Common Files\PX Storage Engine
2014-02-25 16:06 - 2014-02-25 16:06 - 00000000 ____D () C:\Users\David\AppData\Roaming\No Company Name
2014-02-24 11:16 - 2014-02-24 11:16 - 00000000 ____D () C:\Program Files\Kundendienst
2014-02-24 11:16 - 2014-02-24 11:16 - 00000000 ____D () C:\Program Files\Hilfe
2014-02-24 11:15 - 2014-02-24 11:16 - 00000000 ____D () C:\Program Files\Adobe(R) Photoshop(R) CS2
2014-02-24 11:15 - 2014-02-24 11:15 - 00000000 ____D () C:\Program Files\Adobe Solutions Network
2014-02-24 11:15 - 2014-02-24 11:15 - 00000000 ____D () C:\Program Files\Adobe DNG Converter
==================== One Month Modified Files and Folders =======
2014-03-22 10:54 - 2014-03-22 10:32 - 00012821 _____ () C:\Users\David\Downloads\FRST.txt
2014-03-22 10:53 - 2014-03-22 10:32 - 00000000 ____D () C:\FRST
2014-03-22 10:45 - 2013-07-10 09:45 - 00000286 _____ () C:\Windows\Tasks\DSite.job
2014-03-22 10:40 - 2014-03-21 17:10 - 00000282 _____ () C:\Windows\Tasks\FF Watcher {4308B9BD-EDA4-435D-A681-11759066F812}.job
2014-03-22 10:35 - 2009-07-14 05:34 - 00021808 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-03-22 10:35 - 2009-07-14 05:34 - 00021808 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-03-22 10:33 - 2014-03-22 10:32 - 00020380 _____ () C:\Users\David\Downloads\Addition.txt
2014-03-22 10:32 - 2013-07-06 10:09 - 01463426 _____ () C:\Windows\WindowsUpdate.log
2014-03-22 10:31 - 2014-03-22 10:31 - 01145856 _____ (Farbar) C:\Users\David\Downloads\FRST.exe
2014-03-22 10:03 - 2013-12-07 15:14 - 00001096 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-03-22 09:57 - 2014-02-03 03:41 - 00000292 _____ () C:\Windows\Tasks\Digital Sites.job
2014-03-22 09:00 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\system32\NDF
2014-03-22 08:55 - 2014-03-21 17:11 - 00000000 ____D () C:\Program Files\Registry Helper
2014-03-22 08:54 - 2014-03-22 08:54 - 00000000 ____D () C:\Users\David\AppData\Local\FreeOCR
2014-03-22 07:57 - 2013-07-27 00:26 - 00000040 _____ () C:\Users\David\AppData\Roaming\WB.CFG
2014-03-22 07:34 - 2013-07-16 06:53 - 00000000 ____D () C:\Windows\system32\MRT
2014-03-22 07:24 - 2013-07-06 13:16 - 00000000 ____D () C:\Users\David\AppData\Local\Adobe
2014-03-22 07:24 - 2013-07-06 10:56 - 87350280 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-03-21 17:18 - 2014-03-21 17:11 - 00000000 ____D () C:\FreeOCR
2014-03-21 17:14 - 2014-03-21 17:14 - 01373777 _____ () C:\Users\David\Downloads\tesseract-2.00.deu.tar.gz
2014-03-21 17:10 - 2014-03-21 17:10 - 00000000 ____D () C:\Users\David\AppData\Local\SearchProtect
2014-03-21 17:10 - 2014-03-21 17:10 - 00000000 ____D () C:\Program Files\V-bates
2014-03-21 17:10 - 2014-03-21 17:10 - 00000000 ____D () C:\Program Files\SearchProtect
2014-03-21 17:08 - 2014-03-21 17:08 - 00414625 _____ ( ) C:\Users\David\Downloads\freeocr_422.exe
2014-03-21 16:03 - 2013-12-07 15:14 - 00001092 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-03-20 21:42 - 2014-03-20 21:42 - 00000000 ____D () C:\Users\David\AppData\Roaming\com.wd.WDMyCloud
2014-03-20 21:42 - 2014-03-20 21:42 - 00000000 ____D () C:\Program Files\Western Digital
2014-03-20 21:41 - 2014-03-20 21:41 - 00000000 ____D () C:\Users\David\AppData\Local\Western Digital
2014-03-20 21:41 - 2014-03-20 21:41 - 00000000 ____D () C:\ProgramData\Apple
2014-03-20 21:41 - 2014-03-20 21:41 - 00000000 ____D () C:\Program Files\Bonjour Print Services
2014-03-20 21:41 - 2014-03-20 21:41 - 00000000 ____D () C:\Program Files\Bonjour
2014-03-20 21:41 - 2014-03-20 21:38 - 64320016 _____ () C:\Users\David\Downloads\WDMyCloud_win.exe
2014-03-20 21:35 - 2014-03-20 21:35 - 00000000 ____D () C:\Users\David\AppData\Roaming\WDC
2014-03-20 21:06 - 2009-07-14 05:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-03-20 21:06 - 2009-07-14 05:39 - 00039455 _____ () C:\Windows\setupact.log
2014-03-20 21:05 - 2013-07-06 10:50 - 00000000 ____D () C:\ProgramData\NVIDIA
2014-03-20 18:02 - 2013-07-06 10:47 - 00000425 _____ () C:\Windows\BRWMARK.INI
2014-03-20 18:01 - 2009-07-14 05:33 - 01521760 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-03-19 16:16 - 2013-07-06 14:28 - 00121880 _____ () C:\Users\David\AppData\Local\GDIPFONTCACHEV1.DAT
2014-03-19 12:45 - 2014-03-19 12:45 - 00052021 _____ () C:\Users\David\Downloads\Serpentine-Bold.ttf
2014-03-05 20:43 - 2010-11-20 22:48 - 00065196 _____ () C:\Windows\PFRO.log
2014-03-05 17:12 - 2014-03-05 17:12 - 00000000 ____D () C:\Windows\system32\appmgmt
2014-03-05 17:12 - 2014-03-05 17:12 - 00000000 ____D () C:\Program Files\Common Files\PDF Architect
2014-03-05 17:11 - 2014-03-05 17:11 - 00000000 ____D () C:\Users\David\AppData\Roaming\PDF Architect
2014-03-05 17:07 - 2014-03-05 17:07 - 00000000 ____D () C:\Users\David\AppData\Local\PDF24
2014-03-05 17:07 - 2014-03-05 17:07 - 00000000 ____D () C:\Program Files\PDF24
2014-03-05 17:05 - 2014-03-05 17:04 - 16204160 _____ (Geek Software GmbH ) C:\Users\David\Downloads\pdf24-creator-6.3.2.exe
2014-03-05 17:03 - 2014-03-05 17:03 - 00613200 _____ (Chip Digital GmbH) C:\Users\David\Downloads\PDF24 Creator - CHIP-Downloader.exe
2014-03-05 16:58 - 2014-03-05 16:57 - 00000000 ____D () C:\Program Files\PDFCreator
2014-03-05 16:57 - 2014-03-05 16:57 - 00000000 ____D () C:\Users\David\AppData\Roaming\pdfforge
2014-03-05 16:55 - 2014-03-05 16:54 - 69734576 _____ (pdfforge ) C:\Users\David\Downloads\PDFCreator-1_7_2_setup_offline.exe
2014-03-01 05:30 - 2014-03-14 14:11 - 17074688 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-03-01 05:11 - 2014-03-14 14:11 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-03-01 05:10 - 2014-03-14 14:11 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-03-01 04:52 - 2014-03-14 14:11 - 00061952 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-03-01 04:51 - 2014-03-14 14:11 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-03-01 04:47 - 2014-03-14 14:11 - 02168320 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-03-01 04:43 - 2014-03-14 14:11 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-03-01 04:43 - 2014-03-14 14:11 - 00032768 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-03-01 04:40 - 2014-03-14 14:11 - 00440832 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-03-01 04:38 - 2014-03-14 14:11 - 00112128 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-03-01 04:38 - 2014-03-14 14:11 - 00108032 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-03-01 04:37 - 2014-03-14 14:11 - 00553472 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-03-01 04:31 - 2014-03-14 14:11 - 00646144 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-03-01 04:25 - 2014-03-14 14:11 - 00208896 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-03-01 04:16 - 2014-03-14 14:11 - 00164864 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-03-01 04:14 - 2014-03-14 14:11 - 04244480 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-03-01 04:03 - 2014-03-14 14:11 - 00524288 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-03-01 04:00 - 2014-03-14 14:11 - 01964032 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-03-01 03:57 - 2014-03-14 14:11 - 11266048 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-03-01 03:32 - 2014-03-14 14:11 - 01820160 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-03-01 03:27 - 2014-03-14 14:11 - 01156096 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-03-01 03:25 - 2014-03-14 14:11 - 00703488 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-02-26 23:18 - 2014-02-26 23:18 - 00798208 _____ () C:\Users\David\Documents\Rescue1.asd
2014-02-25 18:28 - 2010-11-20 22:01 - 01619284 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-02-25 17:32 - 2013-10-12 06:33 - 00000000 ____D () C:\ProgramData\regid.1986-12.com.adobe
2014-02-25 17:32 - 2013-07-06 11:42 - 00000000 ____D () C:\Users\David\AppData\Roaming\Adobe
2014-02-25 17:18 - 2013-07-06 14:25 - 00000000 ____D () C:\ProgramData\Adobe
2014-02-25 17:15 - 2013-07-06 14:25 - 00000000 ____D () C:\Program Files\Common Files\Adobe
2014-02-25 17:15 - 2013-07-06 14:25 - 00000000 ____D () C:\Program Files\Adobe
2014-02-25 17:04 - 2014-02-25 17:04 - 00000000 ____D () C:\Program Files\Common Files\PX Storage Engine
2014-02-25 16:06 - 2014-02-25 16:06 - 00000000 ____D () C:\Users\David\AppData\Roaming\No Company Name
2014-02-24 11:16 - 2014-02-24 11:16 - 00000000 ____D () C:\Program Files\Kundendienst
2014-02-24 11:16 - 2014-02-24 11:16 - 00000000 ____D () C:\Program Files\Hilfe
2014-02-24 11:16 - 2014-02-24 11:15 - 00000000 ____D () C:\Program Files\Adobe(R) Photoshop(R) CS2
2014-02-24 11:15 - 2014-02-24 11:15 - 00000000 ____D () C:\Program Files\Adobe Solutions Network
2014-02-24 11:15 - 2014-02-24 11:15 - 00000000 ____D () C:\Program Files\Adobe DNG Converter
Some content of TEMP:
====================
C:\Users\David\AppData\Local\Temp\avgnt.exe
C:\Users\David\AppData\Local\Temp\Creative Cloud Helper.exe
C:\Users\David\AppData\Local\Temp\Foxit Reader Updater.exe
C:\Users\David\AppData\Local\Temp\fp_pl_pfs_installer.exe
C:\Users\David\AppData\Local\Temp\IminentSetup-1-.exe
C:\Users\David\AppData\Local\Temp\install_reader11_de_mssd_aaa_aih.exe
C:\Users\David\AppData\Local\Temp\nsf4074.exe
C:\Users\David\AppData\Local\Temp\nsq8F53.exe
C:\Users\David\AppData\Local\Temp\nsv3C8D.exe
C:\Users\David\AppData\Local\Temp\nsv8C17.exe
C:\Users\David\AppData\Local\Temp\readSTILog.dll
C:\Users\David\AppData\Local\Temp\uninst1.exe
==================== Bamital & volsnap Check =================
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\system32\winlogon.exe => MD5 is legit
C:\Windows\system32\wininit.exe => MD5 is legit
C:\Windows\system32\svchost.exe => MD5 is legit
C:\Windows\system32\services.exe => MD5 is legit
C:\Windows\system32\User32.dll => MD5 is legit
C:\Windows\system32\userinit.exe => MD5 is legit
C:\Windows\system32\rpcss.dll => MD5 is legit
C:\Windows\system32\Drivers\volsnap.sys => MD5 is legit
LastRegBack: 2014-03-20 08:55
==================== End Of Log ============================
|
Baum-Darstellung