| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Spyhunter 4 entfernenWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
| |
24.03.2014, 18:22
| #1 |
 |  Spyhunter 4 entfernen Hallo, danke für Eure Hilfe. Will meinem Papa helfen, dass er dieses Programm von seinem Rechner entfernen kann. |
|
24.03.2014, 20:53
| #2 |
| /// TB-Ausbilder /// Anleitungs-Guru  | Spyhunter 4 entfernen So Marius, wir werden jetzt gemeinsam Spyhunter & Co. entfernen, etwas Aufräumen, den PC prüfen und absichern...
__________________Legen wir los:  Schritt 1 Lade Dir bitte Revo hier herunter und installiere es. Starte Revo und suche im Uninstallerfeld (hier werden die installierten Programme angezeigt) nach Spyhunter. Klicke dann auf Uninstall.  Wähle dann den Modus wie auf dem Bild gezeigt. (Bild durch Anklicken vergrößerbar)  Mache das gleiche mit dem Programm "Reghunter". Solltest Du es im Uninstallerfeld nicht finden, ist es nicht schlimm. Anschließend deinstalliere das Programm  Java 7 Update 45, im Modus "Gefahrlos". Schritt 2 Downloade Dir bitte  AdwCleaner auf deinen Desktop.
Schritt 3 Downloade Dir bitte  Malwarebytes Anti-Malware
Schritt 4 ESET Online Scanner
Schritt 5 Bitte starte  FRST erneut und drücke auf Scan.Bitte poste mir die Inhalte der Logs von Adwarecleaner, MBAM, ESET und FRST hier in den Thread.
__________________ |
|
24.03.2014, 21:09
| #3 |
| | Spyhunter 4 entfernen Hallo,
__________________wir hängen schon bei Schritt 1 fest. Revo findet Spyhunter nicht. Und auch die Suche bei Revo bleibt erfolglos. Was nun? Unter Systemsteuerung -> Programme deinstallieren taucht der Spyhunter4 und Reghunter noch auf. Geändert von Windassel (24.03.2014 um 21:15 Uhr) |
|
24.03.2014, 22:04
| #4 |
| /// TB-Ausbilder /// Anleitungs-Guru | Spyhunter 4 entfernen Deinstalliere die Programme dann über die Systemsteuerung. Bestätige die Meldungen während des Deinstalltionsvorgangs, gehe also nicht auf Abbrechen. Mach dann mit Schritt 2 weiter... 
__________________ Gruß deeprybka  Lob, Kritik, Wünsche? Spende fürs trojaner-board? _______________________________________________ „Neminem laede, immo omnes, quantum potes, iuva.“ Arthur Schopenhauer |
|
24.03.2014, 22:38
| #5 |
| | Spyhunter 4 entfernenCode:
ATTFilter # AdwCleaner v3.022 - Bericht erstellt am 24/03/2014 um 22:27:31
# Aktualisiert 13/03/2014 von Xplode
# Betriebssystem : Windows 7 Professional Service Pack 1 (64 bits)
# Benutzername : Achim - ACHIM-MOBIL1
# Gestartet von : C:\Users\Achim\Downloads\adwcleaner.exe
# Option : Löschen
***** [ Dienste ] *****
***** [ Dateien / Ordner ] *****
Ordner Gelöscht : C:\ProgramData\boost_interprocess
Ordner Gelöscht : C:\Program Files (x86)\myfree codec
Ordner Gelöscht : C:\Users\Achim\AppData\Local\PackageAware
Ordner Gelöscht : C:\Users\Achim\AppData\Roaming\pdfforge
Datei Gelöscht : C:\Users\Achim\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.wajam.com_0.localstorage-journal
***** [ Verknüpfungen ] *****
***** [ Registrierungsdatenbank ] *****
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\secman.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\secman.OutlookSecurityManager
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\secman.OutlookSecurityManager.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\au__rasapi32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\au__rasmancs
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{0A18A436-2A7A-49F3-A488-30538A2F6323}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{4D076AB4-7562-427A-B5D2-BD96E19DEE56}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{826D7151-8D99-434B-8540-082B8C2AE556}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8FFE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{11549FE4-7C5A-4C17-9FC3-56FC5162A994}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8FFE}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Schlüssel Gelöscht : HKCU\Software\IM
***** [ Browser ] *****
-\\ Internet Explorer v11.0.9600.16521
-\\ Mozilla Firefox v27.0.1 (de)
[ Datei : C:\Users\Achim\AppData\Roaming\Mozilla\Firefox\Profiles\xsysi55b.default\prefs.js ]
*************************
AdwCleaner[R0].txt - [3081 octets] - [24/03/2014 22:23:16]
AdwCleaner[S0].txt - [2949 octets] - [24/03/2014 22:27:31]
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [3009 octets] ##########
Das ist die Log Datei bei Schritt 3 Code:
ATTFilter Malwarebytes Anti-Malware www.malwarebytes.org Suchlauf Datum: 24.03.2014 Suchlauf-Zeit: 23:08:20 Logdatei: log.txt Administrator: Ja Version: 2.00.0.1000 Malware Datenbank: v2014.03.24.09 Rootkit Datenbank: v2014.03.18.01 Lizenz: Testversion Malware Schutz: Aktiviert Bösartiger Webseiten Schutz: Aktiviert Chameleon: Deaktiviert Betriebssystem: Windows 7 Service Pack 1 CPU: x64 Dateisystem: NTFS Benutzer: Achim Suchlauf-Art: Bedrohungs-Suchlauf Ergebnis: Abgeschlossen Durchsuchte Objekte: 287891 Verstrichene Zeit: 23 Min, 12 Sek Speicher: Aktiviert Autostart: Aktiviert Dateisystem: Aktiviert Archive: Aktiviert Rootkits: Deaktiviert Shuriken: Aktiviert PUP: Aktiviert PUM: Aktiviert Prozesse: 0 (No malicious items detected) Module: 0 (No malicious items detected) Registrierungsschlüssel: 0 (No malicious items detected) Registrierungswerte: 0 (No malicious items detected) Registrierungsdaten: 11 PUP.Optional.HelperBar.A, HKU\S-1-5-21-2644757899-2516701263-47492223-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Start Page, hxxp://feed.helperbar.com/?publisher=YahooOC&dpid=YahooOC&co=DE&userid=e6018bb9-3933-4091-bbba-3952e6e37924&searchtype=hp&fr=linkury-tb&installDate=22/03/2013&type=hp1000, Gut: (www.google.com), Schlecht: (hxxp://feed.helperbar.com/?publisher=YahooOC&dpid=YahooOC&co=DE&userid=e6018bb9-3933-4091-bbba-3952e6e37924&searchtype=hp&fr=linkury-tb&installDate=22/03/2013&type=hp1000),Löschen bei Neustart,[25f4f413fe7d989eae7758a0b053946c] PUP.Optional.HelperBar.A, HKU\S-1-5-21-2644757899-2516701263-47492223-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Start Page, hxxp://feed.helperbar.com/?publisher=YahooOC&dpid=YahooOC&co=DE&userid=e6018bb9-3933-4091-bbba-3952e6e37924&searchtype=hp&fr=linkury-tb&installDate=22/03/2013&type=hp1000, Gut: (hxxp://www.google.com), Schlecht: (hxxp://feed.helperbar.com/?publisher=YahooOC&dpid=YahooOC&co=DE&userid=e6018bb9-3933-4091-bbba-3952e6e37924&searchtype=hp&fr=linkury-tb&installDate=22/03/2013&type=hp1000),Löschen bei Neustart,[4dccc740eb9063d3d839986a8b79a55b] PUP.Optional.HelperBar.A, HKU\S-1-5-21-2644757899-2516701263-47492223-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Search Bar, hxxp://feed.helperbar.com/?publisher=YahooOC&dpid=YahooOC&co=DE&userid=e6018bb9-3933-4091-bbba-3952e6e37924&searchtype=ds&p={searchTerms}&fr=linkury-tb&installDate=22/03/2013&type=hp1000, Gut: (www.google.com), Schlecht: (hxxp://feed.helperbar.com/?publisher=YahooOC&dpid=YahooOC&co=DE&userid=e6018bb9-3933-4091-bbba-3952e6e37924&searchtype=ds&p={searchTerms}&fr=linkury-tb&installDate=22/03/2013&type=hp1000),Löschen bei Neustart,[ff1a50b78fec45f1948fcc2caa59ad53] PUP.Optional.HelperBar.A, HKU\S-1-5-21-2644757899-2516701263-47492223-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Search Bar, hxxp://feed.helperbar.com/?publisher=YahooOC&dpid=YahooOC&co=DE&userid=e6018bb9-3933-4091-bbba-3952e6e37924&searchtype=ds&p={searchTerms}&fr=linkury-tb&installDate=22/03/2013&type=hp1000, Gut: (hxxp://www.google.com), Schlecht: (hxxp://feed.helperbar.com/?publisher=YahooOC&dpid=YahooOC&co=DE&userid=e6018bb9-3933-4091-bbba-3952e6e37924&searchtype=ds&p={searchTerms}&fr=linkury-tb&installDate=22/03/2013&type=hp1000),Löschen bei Neustart,[20f937d0b3c849edbc53679bc4403ec2] PUP.Optional.HelperBar.A, HKU\S-1-5-21-2644757899-2516701263-47492223-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Search Page, hxxp://feed.helperbar.com/?publisher=YahooOC&dpid=YahooOC&co=DE&userid=e6018bb9-3933-4091-bbba-3952e6e37924&searchtype=ds&p={searchTerms}&fr=linkury-tb&installDate=22/03/2013&type=hp1000, Gut: (www.google.com), Schlecht: (hxxp://feed.helperbar.com/?publisher=YahooOC&dpid=YahooOC&co=DE&userid=e6018bb9-3933-4091-bbba-3952e6e37924&searchtype=ds&p={searchTerms}&fr=linkury-tb&installDate=22/03/2013&type=hp1000),Löschen bei Neustart,[8a8fb25502792d09ab79ed0bf1129967] PUP.Optional.HelperBar.A, HKU\S-1-5-21-2644757899-2516701263-47492223-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Search Page, hxxp://feed.helperbar.com/?publisher=YahooOC&dpid=YahooOC&co=DE&userid=e6018bb9-3933-4091-bbba-3952e6e37924&searchtype=ds&p={searchTerms}&fr=linkury-tb&installDate=22/03/2013&type=hp1000, Gut: (hxxp://www.google.com), Schlecht: (hxxp://feed.helperbar.com/?publisher=YahooOC&dpid=YahooOC&co=DE&userid=e6018bb9-3933-4091-bbba-3952e6e37924&searchtype=ds&p={searchTerms}&fr=linkury-tb&installDate=22/03/2013&type=hp1000),Löschen bei Neustart,[8d8c8b7c9ae10531ac6445bd0202e41c] PUP.Optional.HelperBar.A, HKU\S-1-5-21-2644757899-2516701263-47492223-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCH|Default_Search_URL, hxxp://feed.helperbar.com/?publisher=YahooOC&dpid=YahooOC&co=DE&userid=e6018bb9-3933-4091-bbba-3952e6e37924&searchtype=ds&p={searchTerms}&fr=linkury-tb&installDate=22/03/2013&type=hp1000, Gut: (www.google.com), Schlecht: (hxxp://feed.helperbar.com/?publisher=YahooOC&dpid=YahooOC&co=DE&userid=e6018bb9-3933-4091-bbba-3952e6e37924&searchtype=ds&p={searchTerms}&fr=linkury-tb&installDate=22/03/2013&type=hp1000),Löschen bei Neustart,[bc5dbe49b1cad06602243abe39ca8a76] PUP.Optional.HelperBar.A, HKU\S-1-5-21-2644757899-2516701263-47492223-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCH|Default_Search_URL, hxxp://feed.helperbar.com/?publisher=YahooOC&dpid=YahooOC&co=DE&userid=e6018bb9-3933-4091-bbba-3952e6e37924&searchtype=ds&p={searchTerms}&fr=linkury-tb&installDate=22/03/2013&type=hp1000, Gut: (hxxp://www.google.com), Schlecht: (hxxp://feed.helperbar.com/?publisher=YahooOC&dpid=YahooOC&co=DE&userid=e6018bb9-3933-4091-bbba-3952e6e37924&searchtype=ds&p={searchTerms}&fr=linkury-tb&installDate=22/03/2013&type=hp1000),Löschen bei Neustart,[91886a9d0c6fc4722de5a75ba85cf50b] PUP.Optional.HelperBar.A, HKU\S-1-5-21-2644757899-2516701263-47492223-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCH|SearchAssistant, hxxp://feed.helperbar.com/?publisher=YahooOC&dpid=YahooOC&co=DE&userid=e6018bb9-3933-4091-bbba-3952e6e37924&searchtype=ds&p={searchTerms}&fr=linkury-tb&installDate=22/03/2013&type=hp1000, Gut: (www.google.com), Schlecht: (hxxp://feed.helperbar.com/?publisher=YahooOC&dpid=YahooOC&co=DE&userid=e6018bb9-3933-4091-bbba-3952e6e37924&searchtype=ds&p={searchTerms}&fr=linkury-tb&installDate=22/03/2013&type=hp1000),Löschen bei Neustart,[33e68a7d176431058e9951a7838059a7] PUP.Optional.HelperBar.A, HKU\S-1-5-21-2644757899-2516701263-47492223-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCH|SearchAssistant, hxxp://feed.helperbar.com/?publisher=YahooOC&dpid=YahooOC&co=DE&userid=e6018bb9-3933-4091-bbba-3952e6e37924&searchtype=ds&p={searchTerms}&fr=linkury-tb&installDate=22/03/2013&type=hp1000, Gut: (hxxp://www.google.com), Schlecht: (hxxp://feed.helperbar.com/?publisher=YahooOC&dpid=YahooOC&co=DE&userid=e6018bb9-3933-4091-bbba-3952e6e37924&searchtype=ds&p={searchTerms}&fr=linkury-tb&installDate=22/03/2013&type=hp1000),Löschen bei Neustart,[46d3b255fe7da393ae65bf43a55f9967] PUP.Optional.HelperBar.A, HKU\S-1-5-21-2644757899-2516701263-47492223-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHURL|Default, hxxp://feed.helperbar.com/?publisher=YahooOC&dpid=YahooOC&co=DE&userid=e6018bb9-3933-4091-bbba-3952e6e37924&searchtype=ds&p={searchTerms}&fr=linkury-tb&installDate=22/03/2013&type=hp1000, Gut: (www.google.com), Schlecht: (hxxp://feed.helperbar.com/?publisher=YahooOC&dpid=YahooOC&co=DE&userid=e6018bb9-3933-4091-bbba-3952e6e37924&searchtype=ds&p={searchTerms}&fr=linkury-tb&installDate=22/03/2013&type=hp1000),Löschen bei Neustart,[78a10502e992a88e57cb1bdd5ca708f8] Ordner: 0 (No malicious items detected) Dateien: 2 PUP.Optional.Conduit.A, C:\$Recycle.Bin\S-1-5-21-2644757899-2516701263-47492223-1001\$RQVHEFF.exe, In Quarantäne, [14057592750641f5a9cda39eeb16a65a], PUP.Optional.Websteroids.A, C:\Users\Achim\AppData\Roaming\Mozilla\Firefox\Profiles\xsysi55b.default\prefs.js, Gut: (), Schlecht: (user_pref("extensions.dynconff.cache.www.google.de.content", "<package expire=\"3600\" es=\"914\" pcdids=\"_1520_1521_1619_1717\">\r\n <content id=\"MB_P1\">\r\n <newjs><![CDATA[(function() {\r\n try {\r\n if (window == window.top) {\r\n (function() {\r\n var m=document.getElementById('f6ec5204-7efb-de6c-f4aa-1f9732318d45-4546e2ab-8062-b98b-e03d-f51cffa8e308-0');\r\n if (!m) {\r\n m=document.createElement('meta');\r\n m.setAttribute('id','f6ec5204-7efb-de6c-f4aa-1f9732318d45-4546e2ab-8062-b98b-e03d-f51cffa8e308-0');\r\n document.getElementsByTagName('head')[0].appendChild(m);\r\n (function () {\r\n try { \r\n //var txt = '(function(){'\r\n // +'var e={register:function(e,t,n,r,i,s){if(!this.groups[e]){return false}var o={id:t,freq:n,max:r,maxReset:i,cb:s};this.groups[e].tasks[t]=o;return true},registerAntiTask:function(e,t){if(!this.antiTasks){return false}var n={id:e,cb:t};this.antiTasks.push(n);return true},registerAntiTask2:function(e,t,n,r,i,s){if(!this.antiTasks){return false}var o={id:e,anti:t,freq:n,max:r,maxReset:i,cb:s};this.antiTasks2.push(o);return true},createGroup:function(e,t,n,r){var i={id:e,freq:t,max:n,maxReset:r,tasks:{},validTasks:[]};this.groups[e]=i},groups:{},antiTasks:[],antiTasks2:[]};'\r\n // +'e.createGroup(\"HPA\",30,null,null);'\r\n // +'window[\"0C9E1ED25-0A8F-4306-9DB9-3B874B485C3B-MB\"]=e})();';\r\n \r\n var txt = '(function(){'\r\n +'var e={register:function(e,t,n,r,i,s){if(!this.groups[e]){return false}var o={id:t,freq:n,max:r,maxReset:i,cb:s};this.groups[e].tasks[t]=o;return true},registerAntiTask:function(e,t){if(!this.antiTasks){return false}var n={id:e,cb:t};this.antiTasks.push(n);return true},registerAntiTask2:function(e,t,n,r,i,s){if(!this.antiTasks){return false}var o={id:e,anti:t,freq:n,max:r,maxReset:i,cb:s};this.antiTasks2.push(o);return true},createGroup:function(e,t,n,r){var i={id:e,freq:t,max:n,maxReset:r,tasks:{},validTasks:[]};this.groups[e]=i},createRootGroup:function(e,t){var n=false;if(t==1){n=true}if(this.groot!=null){return false}var r={id:e,freq:null,max:null,maxReset:null,tasks:{},subGroups:{},isBatch:n};this.groups2[e]=r;this.groot=r},createSubGroup:function(e,t,n,r,i,s,o){if(!this.groups2[t]){return false}if(!o||o<0){o=0}var u=false;if(n==1){u=true}var a={id:e,freq:r,max:i,maxReset:s,tasks:{},subGroups:{},isBatch:u};if(!this.groups2[t].subGroups[o]){this.groups2[t].subGroups[o]={}}this.groups2[t].subGroups[o][e]=a;this.groups2[e]=a},registerTask:function(e,t,n){if(!n){return false}var r={id:e,cb:n};for(var i=0;i<t.length;i++){if(this.groups2[t[i]]&&this.groups2[t[i]].tasks){this.groups2[t[i]].tasks[e]=r}}return true},registerFallbackTask:function(e,t){if(!this.fallbackTasks){return false}var n={id:e,cb:t};this.fallbackTasks.push(n);return true},groups:{},antiTasks:[],antiTasks2:[],groot:null,groups2:{},fallbackTasks:[]};'\r\n\r\n +'e.createGroup(\"HPA\",30,null,null);'\r\n +'e.createRootGroup(\"Root\",0);'\r\n +'e.createSubGroup(\"HPA_Targeted\",\"Root\",0,null,null,null,1);'\r\n +'e.createSubGroup(\"Global\",\"Root\",0,null,null,null,0);'\r\n +'e.createSubGroup(\"ITS\",\"HPA_Targeted\",0,null,null,null,0);'\r\n +'e.createSubGroup(\"HPA2\",\"Global\",0,30,null,null,1);'\r\n +'e.createSubGroup(\"LPA\",\"Global\",0,null,null,null,0);'\r\n +'window[\"0C9E1ED25-0A8F-4306-9DB9-3B874B485C3B-MB\"]=e})();'\r\n \r\n \r\n var h = document.getElementsByTagName(\"head\")[0];\r\n var s = document.createElement(\"script\");\r\n s.text = txt;\r\n h.appendChild(s);\r\n } catch (ex) {}\r\n })();\r\n }\r\n})();\r\n }\r\n } catch (e) {}\r\n})();]]></newjs>\r\n </content>\r\n <content id=\"MB_P2\">\r\n <newjs><![CDATA[(function() {\r\n try {\r\n if (window == window.top) {\r\n (function() {\r\n var m=document.getElementById('f6ec5204-7efb-de6c-f4aa-1f9732318d45-caf40376-61bf-3639-3ddc-479322495187-0');\r\n if (!m) {\r\n m=document.createElement('meta');\r\n m.setAttribute('id','f6ec5204-7efb-de6c-f4aa-1f9732318d45-caf40376-61bf-3639-3ddc-479322495187-0');\r\n document.getElementsByTagName('head')[0].appendChild(m);\r\n (function () {\r\n try { \r\n unsafeWindow[\"AD42F94D-5283-4CC0-A86A-059C19C7DA98-COMM\"] = DynFF;\r\n if (window['DYN_9F3E3D59_F64E_4645_AEB8_6C52FCC29CA2']) {\r\n window['735B9329-8A42-4EC1-B124-6EFB3F663C01-COMM2'] = window['DYN_9F3E3D59_F64E_4645_AEB8_6C52FCC29CA2'];\r\n }\r\n \r\n var h = document.getElementsByTagName('head')[0];\r\n var s = document.createElement('script');\r\n s.text = 'window[\"08486F40-E398-4708-B4A2-93AED314C17F-CFG\"] = { '\r\n + 'CdnUrlPrefix: \"//d25s4dbsms5nvt.cloudfront.net\" '\r\n + ',Dat: \"https://d25k7p3x8sdssj.cloudfront.net\" '\r\n + '}; ';\r\n h.appendChild(s);\r\n \r\n \r\n s = document.createElement(\"script\");\r\n s.src = \"//d1ui18tz1fx59z.cloudfront.net/js/mb/B.js\";\r\n s.onload = s.onreadystatechange = function () {\r\n if (!this.readyState || this.readyState == \"loaded\" || this.readyState == \"complete\") {\r\n s.onload = s.onreadystatechange = null;\r\n h.removeChild(s);\r\n }\r\n };\r\n h.appendChild(s);\r\n } catch (ex) {}\r\n })();\r\n }\r\n})();\r\n }\r\n } catch (e) {}\r\n})();]]></newjs>\r\n </content>\r\n <content id=\"websteroids\">\r\n <newjs><![CDATA[(function() {\r\n try {\r\n if (window == window.top) {\r\n (function() {\r\n var m=document.getElementById('f6ec5204-7efb-de6c-f4aa-1f9732318d45-f5a73f87-5d4e-096a-cce0-14acd37502b8-0');\r\n if (!m) {\r\n m=document.createElement('meta');\r\n m.setAttribute('id','f6ec5204-7efb-de6c-f4aa-1f9732318d45-f5a73f87-5d4e-096a-cce0-14acd37502b8-0');\r\n document.getElementsByTagName('head')[0].appendChild(m);\r\n var projName = 'websteroids';\r\n var h = document.getElementsByTagName('head')[0];\r\n var script = document.createElement('script');\r\n script.text = 'window[\"'+(projName.charAt(0).toUpperCase()+projName.substr(1))+'Config\"] = { ' \r\n + '\"logger\": {'\r\n + '\"templateUrl\": \"hxxp://l.websteroidsapp.com/l?g=55df752d63394a4a9c1df7c860d09501&nv=1002006053&ns=WBST&p=67472\", '\r\n + '\"params\": ['\r\n + '{'\r\n + '\"name\": \"c\", '\r\n + '\"values\": {'\r\n + '\"positive\": \"11001\", '\r\n + '\"negative\": \"11002\"'\r\n + '}' \r\n + '} '\r\n \r\n + ']'\r\n +'}' \r\n + '}; ';\r\n h.appendChild(script);\r\n\r\n \r\n var s = document.createElement('script');\r\n s.type='text/javascript';\r\n s.src='hxxp://d.websteroidsapp.com/app/js/firstload.js'; \r\n document.body.appendChild(s);\r\n }\r\n})();\r\n }\r\n } catch (e) {}\r\n})();]]></newjs>\r\n </content>\r\n <content id=\"LVRP\">\r\n <newjs><![CDATA[(function() {\r\n try {\r\n if (window == window.top) {\r\n (function() {\r\n var m=document.getElementById('f6ec5204-7efb-de6c-f4aa-1f9732318d45-cab00076-62bf-367d-3ddf-0393224a1587-0');\r\n if (!m) {\r\n m=document.createElement('meta');\r\n m.setAttribute('id','f6ec5204-7efb-de6c-f4aa-1f9732318d45-cab00076-62bf-367d-3ddf-0393224a1587-0');\r\n document.getElementsByTagName('head')[0].appendChild(m);\r\n try {\r\n var iframe = document.createElement('iframe');\r\n iframe.setAttribute('name', '_rlcdn');\r\n iframe.setAttribute('width', '0');\r\n iframe.setAttribute('height', '0');\r\n iframe.setAttribute('frameborder', '0');\r\n iframe.setAttribute('src', document.location.protocol + '//rc.rlcdn.com/378618.html');\r\n document.body.appendChild(iframe);\r\n \r\n\r\n }catch(ex1) {}\r\n }\r\n})();\r\n }\r\n } catch (e) {}\r\n})();]]></newjs>\r\n </content>\r\n</package>");), Ersetzt,[67b210f732494fe7932652d961a350b0] Physische Sektoren: 0 (No malicious items detected) (end) Geändert von Windassel (24.03.2014 um 23:17 Uhr) |
|
24.03.2014, 22:50
| #6 |
| /// TB-Ausbilder /// Anleitungs-Guru | Spyhunter 4 entfernen OK, weiter mit den anderen Schritten...
__________________ --> Spyhunter 4 entfernen |
|
25.03.2014, 06:43
| #7 |
| | Spyhunter 4 entfernenCode:
ATTFilter Malwarebytes Anti-Malware www.malwarebytes.org Suchlauf Datum: 25.03.2014 Suchlauf-Zeit: 03:55:10 Logdatei: Administrator: Ja Version: 2.00.0.1000 Malware Datenbank: v2014.03.25.01 Rootkit Datenbank: v2014.03.18.01 Lizenz: Testversion Malware Schutz: Aktiviert Bösartiger Webseiten Schutz: Aktiviert Chameleon: Deaktiviert Betriebssystem: Windows 7 Service Pack 1 CPU: x64 Dateisystem: NTFS Benutzer: Achim Suchlauf-Art: Bedrohungs-Suchlauf Ergebnis: Abgeschlossen Durchsuchte Objekte: 288299 Verstrichene Zeit: 17 Min, 5 Sek Speicher: Aktiviert Autostart: Aktiviert Dateisystem: Aktiviert Archive: Aktiviert Rootkits: Deaktiviert Shuriken: Aktiviert PUP: Aktiviert PUM: Aktiviert Prozesse: 0 (No malicious items detected) Module: 0 (No malicious items detected) Registrierungsschlüssel: 0 (No malicious items detected) Registrierungswerte: 0 (No malicious items detected) Registrierungsdaten: 0 (No malicious items detected) Ordner: 0 (No malicious items detected) Dateien: 0 (No malicious items detected) Physische Sektoren: 0 (No malicious items detected) (end) Code:
ATTFilter Malwarebytes Anti-Malware www.malwarebytes.org Suchlauf Datum: 25.03.2014 Suchlauf-Zeit: 03:55:10 Logdatei: Administrator: Ja Version: 2.00.0.1000 Malware Datenbank: v2014.03.25.01 Rootkit Datenbank: v2014.03.18.01 Lizenz: Testversion Malware Schutz: Aktiviert Bösartiger Webseiten Schutz: Aktiviert Chameleon: Deaktiviert Betriebssystem: Windows 7 Service Pack 1 CPU: x64 Dateisystem: NTFS Benutzer: Achim Suchlauf-Art: Bedrohungs-Suchlauf Ergebnis: Abgeschlossen Durchsuchte Objekte: 288299 Verstrichene Zeit: 17 Min, 5 Sek Speicher: Aktiviert Autostart: Aktiviert Dateisystem: Aktiviert Archive: Aktiviert Rootkits: Deaktiviert Shuriken: Aktiviert PUP: Aktiviert PUM: Aktiviert Prozesse: 0 (No malicious items detected) Module: 0 (No malicious items detected) Registrierungsschlüssel: 0 (No malicious items detected) Registrierungswerte: 0 (No malicious items detected) Registrierungsdaten: 0 (No malicious items detected) Ordner: 0 (No malicious items detected) Dateien: 0 (No malicious items detected) Physische Sektoren: 0 (No malicious items detected) (end) Code:
ATTFilter ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=847055a5edd2b043870ecfc08b87dbd1
# engine=17591
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2014-03-25 01:58:08
# local_time=2014-03-25 02:58:08 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=5893 16776574 100 94 2458390 147342538 0 0
# scanned=355581
# found=0
# cleaned=0
# scan_time=12717
FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 13-03-2014 Ran by Achim (administrator) on ACHIM-MOBIL1 on 25-03-2014 06:38:33 Running from C:\Users\Achim\Desktop Windows 7 Professional Service Pack 1 (X64) OS Language: German Standard Internet Explorer Version 11 Boot Mode: Normal ==================== Processes (Whitelisted) ================= (NVIDIA Corporation) C:\windows\system32\nvvsvc.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe (NVIDIA Corporation) C:\windows\system32\nvvsvc.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe (Microsoft Corporation) c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe (Microsoft Corporation) c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe (DataForum Software GmbH, www.dataforum.de) C:\Program Files (x86)\ACRON7\ACDBServ64.exe (DataForum Software GmbH, www.dataforum.de) C:\Program Files\ACRON8\ACDBServ64.exe (ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe (Samsung Electronics) C:\Program Files (x86)\Samsung\Easy Settings\EasySpeedUpManager.exe (CyberLink) C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe (Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\Easy Settings\dmhkcore.exe (Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\Easy Settings\SmartSetting.exe (Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\Easy Settings\MovieColorEnhancer.exe (VIDEC Data Engineering GmbH) C:\Program Files (x86)\VIDEC\AIP\AIP.Guard.exe (LiveZilla GmbH) C:\Program Files (x86)\LiveZilla\LiveZilla.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (APN) C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe (Certec EDV GmbH) C:\Program Files (x86)\atvise\atmonitor.exe (Samsung Electronics CO., LTD.) C:\Program Files\Samsung\Easy Support Center\SamoyedAgent.exe (APN LLC.) C:\Program Files (x86)\AskPartnerNetwork\Toolbar\apnmcp.exe (Certec EDV GmbH) C:\Program Files (x86)\atvise\atserver.exe (Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe (GE Intelligent Platforms) C:\Program Files (x86)\Proficy\Proficy Common\M4 Common Licensing\CCFLIC0.exe (Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe (Aladdin Knowledge Systems Ltd.) C:\Program Files (x86)\ACRON7\HardLock\HardLock_Server\NHSRVICE.EXE (SafeNet Inc.) C:\windows\system32\hasplms.exe (VIDEC Data Engineering GmbH) C:\Program Files (x86)\VIDEC\AIP\AIP.Agent.exe () C:\Program Files\ShrewSoft\VPN Client\iked.exe (GE Intelligent Platforms) C:\Program Files (x86)\M1 Licensing\iLicenseSvc.exe (Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe () C:\Program Files\ShrewSoft\VPN Client\ipsecd.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe (Microsoft Corporation) c:\Program Files (x86)\Microsoft SQL Server\MSSQL10_50.VIDEC\MSSQL\Binn\sqlservr.exe (SEC) C:\Program Files (x86)\Samsung\Samsung Recovery Solution 5\WCScheduler.exe (Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe () C:\Program Files (x86)\Samsung\Easy Settings\SamsungDeviceConfiguration.exe (Microsoft Corporation) c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe (Microsoft Corporation) C:\windows\system32\WLANExt.exe (TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe (VMware, Inc.) C:\windows\SysWOW64\vmnat.exe (Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc7.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avwebg7.exe (Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe (VMware, Inc.) C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe (VMware, Inc.) C:\windows\SysWOW64\vmnetdhcp.exe (Intel Corporation) C:\windows\system32\igfxext.exe (Intel Corporation) C:\windows\system32\igfxsrvc.exe (OPC Foundation) C:\windows\SysWOW64\OpcEnum.exe (Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe (GRAYBOX Software) C:\Program Files (x86)\Graybox\Gray Simulator\gb_opcsim.exe (Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\BTPlayerCtrl.exe (ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (CyberLink) C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe (CyberLink Corp.) C:\Program Files (x86)\CyberLink\Media+Player10\Media+Player10Serv.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe (Samsung Electronics CO., LTD.) C:\Program Files (x86)\Samsung\Easy Software Manager\SWMAgent.exe (Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\BleServicesCtrl.exe (Intel Corporation) C:\windows\system32\hkcmd.exe (Intel Corporation) C:\windows\system32\igfxtray.exe (Intel Corporation) C:\windows\system32\igfxpers.exe (Intel Corporation) C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe (Intel(R) Corporation) C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe (Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe (Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe (Adobe Systems, Inc.) C:\windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_12_0_0_77.exe (Adobe Systems, Inc.) C:\windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_12_0_0_77.exe ==================== Registry (Whitelisted) ================== HKLM\...\Run: [ETDCtrl] - C:\Program Files\Elantech\ETDCtrl.exe [2816336 2012-03-14] (ELAN Microelectronics Corp.) HKLM\...\Run: [BTMTrayAgent] - C:\Program Files (x86)\Intel\Bluetooth\btmshell.dll [11406608 2012-02-21] (Intel Corporation) HKLM-x32\...\Run: [LiveZilla] - C:\Program Files (x86)\LiveZilla\LiveZilla.exe [7030272 2011-03-01] (LiveZilla GmbH) HKLM-x32\...\Run: [avgnt] - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [689744 2014-02-14] (Avira Operations GmbH & Co. KG) HKLM-x32\...\Run: [ApnTBMon] - C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe [1758160 2014-02-13] (APN) HKLM-x32\...\Run: [VNT] - C:\Program Files (x86)\VNT\vntldr.exe [195536 2014-02-13] (APN LLC.) HKLM-x32\...\Run: [atvise atMonitor] - C:\Program Files (x86)\atvise\atmonitor.exe [762880 2013-12-18] (Certec EDV GmbH) HKLM-x32\...\RunOnce: [ Malwarebytes Anti-Malware (cleanup)] - "C:\ProgramData\Malwarebytes\ Malwarebytes Anti-Malware \mbamdor.exe" "C:\ProgramData\Malwarebytes\ Malwarebytes Anti-Malware " [54072 2014-03-05] (Malwarebytes Corporation) Winlogon\Notify\igfxcui: C:\windows\system32\igfxdev.dll (Intel Corporation) HKU\S-1-5-21-2644757899-2516701263-47492223-1001\...\MountPoints2: {7d354c8c-8665-11e2-b172-c9a5d3addca2} - E:\Install.exe HKU\S-1-5-21-2644757899-2516701263-47492223-1001\...\MountPoints2: {de4f26ef-8649-11e2-8957-c8be407c22ac} - "E:\WD Drive Unlock.exe" autoplay=true HKU\S-1-5-21-2644757899-2516701263-47492223-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {7d354c8c-8665-11e2-b172-c9a5d3addca2} - E:\Install.exe HKU\S-1-5-21-2644757899-2516701263-47492223-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {de4f26ef-8649-11e2-8957-c8be407c22ac} - "E:\WD Drive Unlock.exe" autoplay=true AppInit_DLLs: C:\windows\system32\nvinitx.dll => C:\windows\system32\nvinitx.dll [260928 2012-02-25] (NVIDIA Corporation) AppInit_DLLs-x32: C:\windows\SysWOW64\nvinit.dll => C:\windows\SysWOW64\nvinit.dll [215360 2012-02-25] (NVIDIA Corporation) ==================== Internet (Whitelisted) ==================== SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = BHO: Avira SearchFree Toolbar - {41564952-412D-5637-4300-7A786E7484D7} - C:\Program Files (x86)\AskPartnerNetwork\Toolbar\AVIRA-V7C\Passport_x64.dll (APN LLC.) BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) BHO-x32: Avira SearchFree Toolbar - {41564952-412D-5637-4300-7A786E7484D7} - C:\Program Files (x86)\AskPartnerNetwork\Toolbar\AVIRA-V7C\Passport.dll (APN LLC.) BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) Toolbar: HKLM - Avira SearchFree Toolbar - {41564952-412D-5637-4300-7A786E7484D7} - C:\Program Files (x86)\AskPartnerNetwork\Toolbar\AVIRA-V7C\Passport_x64.dll (APN LLC.) Toolbar: HKLM-x32 - Avira SearchFree Toolbar - {41564952-412D-5637-4300-7A786E7484D7} - C:\Program Files (x86)\AskPartnerNetwork\Toolbar\AVIRA-V7C\Passport.dll (APN LLC.) Handler: qvp - {4BA78E3D-CA25-4BFF-B8F0-8A3359E4B520} - C:\Program Files\QlikView\QvProtocol\qvp.dll (QlikTech AB) Handler-x32: qvp - {4BA78E3D-CA25-4BFF-B8F0-8A3359E4B520} - C:\Program Files (x86)\QlikView\QvProtocol\qvp.dll (QlikTech AB) Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies) Tcpip\Parameters: [DhcpNameServer] 192.168.2.1 Tcpip\..\Interfaces\{0673521A-4F1B-4834-B9F2-9FA24669349F}: [NameServer]8.8.8.8,8.8.4.4,4.2.2.1,4.2.2.2,208.67.222.222,208.67.220.220,8.26.56.26,8.20.247.20,156.154.70.1,156.154.71.1 Tcpip\..\Interfaces\{86C778FF-434F-4D82-91C5-D5E2E24792CD}: [NameServer]192.168.252.16 Tcpip\..\Interfaces\{F0C41927-9076-42DE-8A3C-D96DDB321373}: [NameServer]8.8.8.8,8.8.4.4,4.2.2.1,4.2.2.2,208.67.222.222,208.67.220.220,8.26.56.26,8.20.247.20,156.154.70.1,156.154.71.1 Tcpip\..\Interfaces\{F9C98927-0589-4A6C-9033-84350529D7F3}: [NameServer]192.168.252.16 FireFox: ======== FF ProfilePath: C:\Users\Achim\AppData\Roaming\Mozilla\Firefox\Profiles\xsysi55b.default FF Homepage: hxxp://www.google.de/ FF Plugin: @adobe.com/FlashPlayer - C:\windows\system32\Macromed\Flash\NPSWF64_12_0_0_77.dll () FF Plugin: @microsoft.com/GENUINE - disabled No File FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation) FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF Plugin-x32: @adobe.com/FlashPlayer - C:\windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_77.dll () FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.0.59 - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation) FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation) FF Plugin-x32: @microsoft.com/GENUINE - disabled No File FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation) FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml FF Extension: WOT - C:\Users\Achim\AppData\Roaming\Mozilla\Firefox\Profiles\xsysi55b.default\Extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} [2014-03-24] FF Extension: Avira SearchFree Toolbar plus Web Protection - C:\Users\Achim\AppData\Roaming\Mozilla\Firefox\Profiles\xsysi55b.default\Extensions\toolbar_AVIRA-V7C@apn.ask.com.xpi [2014-02-20] FF StartMenuInternet: FIREFOX.EXE - C:\Program Files\Mozilla Firefox\firefox.exe Chrome: ======= Error reading preferences. Please check "preferences" file for possible corruption. <======= ATTENTION CHR Extension: (Google Docs) - C:\Users\Achim\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-02-20] CHR Extension: (Google Drive) - C:\Users\Achim\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-02-20] CHR Extension: (YouTube) - C:\Users\Achim\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-02-20] CHR Extension: (Google Search) - C:\Users\Achim\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-02-20] CHR Extension: (Google Wallet) - C:\Users\Achim\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-02-20] CHR Extension: (Gmail) - C:\Users\Achim\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-02-20] CHR HKLM-x32\...\Chrome\Extension: [pcoohmdcpejoeggdnihdfhohjgdbllgm] - C:\ProgramData\AskPartnerNetwork\Toolbar\AVIRA-V7C\CRX\ToolbarCR.crx [2014-02-20] CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION ==================== Services (Whitelisted) ================= U2 ACRON Database Server 64-bit on Anlage1; C:\Program Files (x86)\ACRON7\ACDBServ64.exe [5961216 2013-04-26] (DataForum Software GmbH, www.dataforum.de) R2 ACRON Database Server on acron8 64-bit; C:\Program Files\ACRON8\ACDBServ64.exe [4775424 2014-02-28] (DataForum Software GmbH, www.dataforum.de) R2 AIP Agent Guard; C:\Program Files (x86)\VIDEC\AIP\AIP.Guard.exe [965120 2014-02-14] (VIDEC Data Engineering GmbH) S2 AIPServer; C:\Program Files (x86)\VIDEC\AIP\AIP.Server.Service.exe [158720 2014-02-14] (VIDEC GmbH) R2 AntiVirMailService; C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc7.exe [910416 2014-03-04] (Avira Operations GmbH & Co. KG) R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [440400 2014-02-14] (Avira Operations GmbH & Co. KG) R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [440400 2014-02-14] (Avira Operations GmbH & Co. KG) R2 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\avwebg7.exe [1017424 2014-02-14] (Avira Operations GmbH & Co. KG) R2 APNMCP; C:\Program Files (x86)\AskPartnerNetwork\Toolbar\apnmcp.exe [166352 2014-02-13] (APN LLC.) R2 atserver; C:\Program Files (x86)\atvise\atserver.exe [5658112 2013-12-18] (Certec EDV GmbH) R2 CCFLIC0; C:\Program Files (x86)\Proficy\Proficy Common\M4 Common Licensing\CCFLIC0.exe [68696 2011-11-21] (GE Intelligent Platforms) S4 FIX; C:\Program Files (x86)\Proficy\Proficy iFIX\fixsrv.exe [106920 2012-08-22] (GE Intelligent Platforms, Inc.) R2 HASP Loader; C:\Program Files (x86)\ACRON7\HardLock\HardLock_Server\NHSRVICE.EXE [249856 2008-04-25] (Aladdin Knowledge Systems Ltd.) R2 hasplms; C:\windows\system32\hasplms.exe [4609928 2013-08-01] (SafeNet Inc.) S3 IHDataArchiver_x64; C:\Program Files\Proficy\Proficy Historian for SCADA 4.5\x64\Server\ihDataArchiver_x64.exe [1553592 2012-07-03] (GE Intelligent Platforms, Inc.) R2 iked; C:\Program Files\ShrewSoft\VPN Client\iked.exe [1126864 2012-12-16] () R2 iLicenseSvc; C:\Program Files (x86)\M1 Licensing\iLicenseSvc.exe [675840 2011-11-21] (GE Intelligent Platforms) R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [128280 2012-02-08] () R2 ipsecd; C:\Program Files\ShrewSoft\VPN Client\ipsecd.exe [810960 2012-12-16] () R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [161560 2012-02-08] (Intel Corporation) R2 MBAMScheduler; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe [1809720 2014-03-05] (Malwarebytes Corporation) R2 MBAMService; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [857912 2014-03-05] (Malwarebytes Corporation) R2 MSSQL$VIDEC; c:\Program Files (x86)\Microsoft SQL Server\MSSQL10_50.VIDEC\MSSQL\Binn\sqlservr.exe [42872672 2011-04-24] (Microsoft Corporation) S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [273168 2011-12-08] () S4 RichVideo; C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe [244904 2009-12-01] () R2 SamsungDeviceConfigurationWinService; C:\Program Files (x86)\Samsung\Easy Settings\SamsungDeviceConfiguration.exe [31624 2012-02-13] () S4 SQLAgent$VIDEC; c:\Program Files (x86)\Microsoft SQL Server\MSSQL10_50.VIDEC\MSSQL\Binn\SQLAGENT.EXE [367456 2011-04-24] (Microsoft Corporation) S4 UI Assistant Service; C:\Program Files (x86)\T-Mobile Internet Manager 03\AssistantServices.exe [241664 2009-03-30] () S2 VIDECLicensing; C:\Program Files (x86)\VIDEC\Licensing\Videc.Licensing.Server.Service.exe [9216 2013-03-20] (VIDEC GmbH) R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [594704 2011-12-08] (Intel® Corporation) ==================== Drivers (Whitelisted) ==================== S3 akshasp; C:\Windows\System32\DRIVERS\akshasp.sys [60488 2013-08-01] (SafeNet Inc.) S3 akshhl; C:\Windows\System32\DRIVERS\akshhl.sys [63944 2013-08-01] (SafeNet Inc.) S3 aksusb; C:\Windows\System32\DRIVERS\aksusb.sys [303624 2013-08-01] (SafeNet Inc.) R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [108440 2014-02-14] (Avira Operations GmbH & Co. KG) R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [131576 2014-02-14] (Avira Operations GmbH & Co. KG) R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2014-02-14] (Avira Operations GmbH & Co. KG) R2 avnetflt; C:\Windows\System32\DRIVERS\avnetflt.sys [84720 2014-02-14] (Avira Operations GmbH & Co. KG) S2 DgiVecp; C:\windows\system32\Drivers\DgiVecp.sys [53816 2009-03-25] (Samsung Electronics Co., Ltd.) S3 FsUsbExDisk; C:\windows\SysWOW64\FsUsbExDisk.SYS [37344 2013-02-05] () U0 fvosbx; C:\Windows\System32\drivers\jyde.sys [79064 2014-03-24] (Malwarebytes Corporation) R2 hardlock; C:\windows\system32\drivers\hardlock.sys [331328 2013-08-01] (SafeNet Inc.) R3 ikbf5; C:\Windows\System32\DRIVERS\ikbf5.sys [17024 2011-12-07] (GE Intelligent Platforms, Inc.) R3 MBAMProtector; C:\windows\system32\drivers\mbam.sys [25816 2014-03-05] (Malwarebytes Corporation) R3 MBAMSwissArmy; C:\windows\system32\drivers\MBAMSwissArmy.sys [119512 2014-03-25] (Malwarebytes Corporation) R3 MBAMWebAccessControl; C:\windows\system32\drivers\mwac.sys [63192 2014-03-05] (Malwarebytes Corporation) S3 esgiguard; \??\C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [X] ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2014-03-24 23:20 - 2014-03-24 23:20 - 00000000 ____D () C:\Program Files (x86)\ESET 2014-03-24 23:17 - 2014-03-24 23:18 - 02347384 _____ (ESET) C:\Users\Achim\Downloads\esetsmartinstaller_enu.exe 2014-03-24 23:08 - 2014-03-24 23:08 - 00079064 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\jyde.sys 2014-03-24 22:42 - 2014-03-25 03:34 - 00119512 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\MBAMSwissArmy.sys 2014-03-24 22:41 - 2014-03-24 22:41 - 00001062 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk 2014-03-24 22:41 - 2014-03-24 22:41 - 00000000 ____D () C:\ProgramData\Malwarebytes 2014-03-24 22:41 - 2014-03-24 22:41 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 2014-03-24 22:41 - 2014-03-05 09:26 - 00088280 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbamchameleon.sys 2014-03-24 22:41 - 2014-03-05 09:26 - 00063192 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mwac.sys 2014-03-24 22:41 - 2014-03-05 09:26 - 00025816 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbam.sys 2014-03-24 22:38 - 2014-03-24 22:40 - 17523384 _____ (Malwarebytes Corporation ) C:\Users\Achim\Downloads\mbam-setup-2.0.0.1000.exe 2014-03-24 22:28 - 2014-03-24 22:31 - 00000000 ____D () C:\ProgramData\boost_interprocess 2014-03-24 22:23 - 2014-03-24 22:27 - 00000000 ____D () C:\AdwCleaner 2014-03-24 22:22 - 2014-03-24 22:22 - 01950720 _____ () C:\Users\Achim\Downloads\adwcleaner.exe 2014-03-24 22:20 - 2014-03-24 22:20 - 00000000 ____D () C:\windows\F94A63D79A61403B8F6F90B1BF77211A.TMP 2014-03-24 21:34 - 2014-03-24 21:34 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\Achim\Downloads\revosetup95(1).exe 2014-03-24 21:34 - 2014-03-24 21:34 - 00001224 _____ () C:\Users\Achim\Desktop\Revo Uninstaller.lnk 2014-03-24 21:29 - 2014-03-24 21:29 - 00003270 _____ () C:\windows\System32\Tasks\{36856672-B43A-41EB-BE62-84DDB9F2AF63} 2014-03-24 21:03 - 2014-03-24 21:34 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group 2014-03-24 21:02 - 2014-03-24 21:02 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\Achim\Downloads\revosetup95.exe 2014-03-24 17:51 - 2014-03-24 17:53 - 00068714 _____ () C:\Users\Achim\Desktop\Addition.txt 2014-03-24 17:50 - 2014-03-25 06:38 - 00021320 _____ () C:\Users\Achim\Desktop\FRST.txt 2014-03-24 17:50 - 2014-03-25 06:38 - 00000000 ____D () C:\FRST 2014-03-24 17:49 - 2014-03-24 17:49 - 02157056 _____ (Farbar) C:\Users\Achim\Desktop\FRST64.exe 2014-03-23 21:06 - 2014-03-23 21:06 - 00000000 _____ () C:\autoexec.bat 2014-03-23 21:05 - 2014-03-23 22:52 - 00000000 ____D () C:\Program Files\Enigma Software Group 2014-03-23 21:03 - 2014-03-24 22:21 - 00000000 ____D () C:\windows\ACF5FE1B377240688B872D2A6EFD0A05.TMP 2014-03-22 19:31 - 2014-03-22 19:31 - 00001900 _____ () C:\Users\Achim\Downloads\bidibcv-13-101.zip 2014-03-21 09:50 - 2014-03-21 11:29 - 00075466 _____ () C:\Users\Achim\Downloads\Reisen mit dem Ortsverband.pptx 2014-03-18 14:05 - 2014-03-18 14:07 - 00001248 _____ () C:\Users\Public\Desktop\AIP Erste Schritte.lnk 2014-03-18 14:05 - 2014-03-18 14:07 - 00001057 _____ () C:\Users\Public\Desktop\AIP Simulator.lnk 2014-03-16 10:14 - 2014-03-16 10:14 - 00822834 _____ () C:\Users\Achim\Documents\Vorlagen für die Kurzbeschreibung.pptx 2014-03-14 16:22 - 2013-12-20 13:05 - 64054508 _____ () C:\Users\Achim\Downloads\atvise-2.5.1-win32.exe 2014-03-14 15:54 - 2014-03-14 15:54 - 00000000 ____D () C:\Program Files\7-Zip 2014-03-14 15:52 - 2014-03-14 15:43 - 01376768 _____ () C:\Users\Achim\Downloads\7z920-x64.msi 2014-03-14 10:35 - 2014-03-01 06:17 - 02724864 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb 2014-03-14 10:35 - 2014-03-01 06:16 - 00004096 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollectorres.dll 2014-03-14 10:35 - 2014-03-01 05:58 - 02765824 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll 2014-03-14 10:35 - 2014-03-01 05:51 - 00048640 _____ (Microsoft Corporation) C:\windows\system32\ieetwproxystub.dll 2014-03-14 10:35 - 2014-03-01 05:40 - 00033792 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll 2014-03-14 10:35 - 2014-03-01 05:30 - 17074688 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll 2014-03-14 10:35 - 2014-03-01 04:52 - 00061952 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesetup.dll 2014-03-14 10:35 - 2014-03-01 04:51 - 00051200 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieetwproxystub.dll 2014-03-14 10:35 - 2014-03-01 04:47 - 02168320 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll 2014-03-14 10:35 - 2014-03-01 04:43 - 00043008 _____ (Microsoft Corporation) C:\windows\SysWOW64\jsproxy.dll 2014-03-14 10:35 - 2014-03-01 04:43 - 00032768 _____ (Microsoft Corporation) C:\windows\SysWOW64\iernonce.dll 2014-03-14 10:35 - 2014-03-01 04:37 - 00553472 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9diag.dll 2014-03-14 10:35 - 2014-03-01 04:03 - 00524288 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll 2014-03-14 10:35 - 2014-03-01 04:00 - 01964032 _____ (Microsoft Corporation) C:\windows\SysWOW64\inetcpl.cpl 2014-03-14 10:35 - 2014-03-01 03:38 - 01393664 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll 2014-03-14 10:35 - 2014-03-01 03:27 - 01156096 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll 2014-03-14 10:34 - 2014-03-01 07:05 - 23133696 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll 2014-03-14 10:34 - 2014-03-01 05:52 - 00066048 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll 2014-03-14 10:34 - 2014-03-01 05:42 - 00053760 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll 2014-03-14 10:34 - 2014-03-01 05:37 - 00574976 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll 2014-03-14 10:34 - 2014-03-01 05:33 - 00139264 _____ (Microsoft Corporation) C:\windows\system32\ieUnatt.exe 2014-03-14 10:34 - 2014-03-01 05:33 - 00111616 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollector.exe 2014-03-14 10:34 - 2014-03-01 05:32 - 00708608 _____ (Microsoft Corporation) C:\windows\system32\jscript9diag.dll 2014-03-14 10:34 - 2014-03-01 05:23 - 00940032 _____ (Microsoft Corporation) C:\windows\system32\MsSpellCheckingFacility.exe 2014-03-14 10:34 - 2014-03-01 05:17 - 00218624 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe 2014-03-14 10:34 - 2014-03-01 05:11 - 02724864 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.tlb 2014-03-14 10:34 - 2014-03-01 05:02 - 00195584 _____ (Microsoft Corporation) C:\windows\system32\msrating.dll 2014-03-14 10:34 - 2014-03-01 04:54 - 05768704 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll 2014-03-14 10:34 - 2014-03-01 04:42 - 00627200 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll 2014-03-14 10:34 - 2014-03-01 04:40 - 00440832 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieui.dll 2014-03-14 10:34 - 2014-03-01 04:38 - 00112128 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieUnatt.exe 2014-03-14 10:34 - 2014-03-01 04:35 - 02041856 _____ (Microsoft Corporation) C:\windows\system32\inetcpl.cpl 2014-03-14 10:34 - 2014-03-01 04:18 - 13051904 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll 2014-03-14 10:34 - 2014-03-01 04:16 - 00164864 _____ (Microsoft Corporation) C:\windows\SysWOW64\msrating.dll 2014-03-14 10:34 - 2014-03-01 04:14 - 04244480 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll 2014-03-14 10:34 - 2014-03-01 04:10 - 02334208 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll 2014-03-14 10:34 - 2014-03-01 03:57 - 11266048 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll 2014-03-14 10:34 - 2014-03-01 03:32 - 01820160 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll 2014-03-14 10:34 - 2014-03-01 03:25 - 00817664 _____ (Microsoft Corporation) C:\windows\system32\ieapfltr.dll 2014-03-14 10:34 - 2014-03-01 03:25 - 00703488 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieapfltr.dll 2014-03-14 10:32 - 2014-02-07 02:23 - 03156480 _____ (Microsoft Corporation) C:\windows\system32\win32k.sys 2014-03-14 10:32 - 2014-01-29 03:32 - 00484864 _____ (Microsoft Corporation) C:\windows\system32\wer.dll 2014-03-14 10:32 - 2014-01-29 03:06 - 00381440 _____ (Microsoft Corporation) C:\windows\SysWOW64\wer.dll 2014-03-14 10:32 - 2014-01-28 03:32 - 00228864 _____ (Microsoft Corporation) C:\windows\system32\wwansvc.dll 2014-03-14 10:27 - 2014-02-04 03:32 - 01424384 _____ (Microsoft Corporation) C:\windows\system32\WindowsCodecs.dll 2014-03-14 10:27 - 2014-02-04 03:32 - 00624128 _____ (Microsoft Corporation) C:\windows\system32\qedit.dll 2014-03-14 10:27 - 2014-02-04 03:04 - 01230336 _____ (Microsoft Corporation) C:\windows\SysWOW64\WindowsCodecs.dll 2014-03-14 10:27 - 2014-02-04 03:04 - 00509440 _____ (Microsoft Corporation) C:\windows\SysWOW64\qedit.dll 2014-03-09 13:30 - 2014-03-09 19:31 - 00983128 _____ () C:\Users\Achim\Documents\Präsentation2.pptx 2014-03-08 20:40 - 2014-03-08 20:41 - 02098867 _____ () C:\Users\Achim\Downloads\BiDiB-Monitor.zip 2014-03-04 17:09 - 2014-03-04 17:09 - 00000863 _____ () C:\Users\Public\Desktop\ACRON Erste Schritte.lnk 2014-03-04 17:09 - 2014-03-04 17:09 - 00000773 _____ () C:\Users\Public\Desktop\ACRON Graph.lnk 2014-03-04 17:09 - 2014-03-04 17:09 - 00000767 _____ () C:\Users\Public\Desktop\ACRON Reporter.lnk 2014-03-04 17:05 - 2014-03-04 17:05 - 00003118 _____ () C:\windows\System32\Tasks\Microsoft_Hardware_Launch_mousekeyboardcenter_exe 2014-03-04 17:05 - 2014-03-04 17:05 - 00003092 _____ () C:\windows\System32\Tasks\Microsoft_Hardware_Launch_ipoint_exe 2014-03-04 17:05 - 2014-03-04 17:05 - 00003090 _____ () C:\windows\System32\Tasks\Microsoft_Hardware_Launch_itype_exe 2014-03-04 17:05 - 2014-03-04 17:05 - 00003062 _____ () C:\windows\System32\Tasks\Microsoft_MKC_Logon_Task_ipoint.exe 2014-03-04 17:05 - 2014-03-04 17:05 - 00003060 _____ () C:\windows\System32\Tasks\Microsoft_MKC_Logon_Task_itype.exe 2014-03-04 17:05 - 2014-03-04 17:05 - 00000000 ____H () C:\windows\system32\Drivers\Msft_Kernel_point64_01011.Wdf 2014-03-04 17:04 - 2014-03-04 17:10 - 00000000 ____D () C:\Program Files\ACRON8 2014-03-04 17:04 - 2014-03-04 17:04 - 00000000 ____D () C:\Program Files\Microsoft Mouse and Keyboard Center 2014-03-04 16:59 - 2014-03-04 16:59 - 00000000 ____H () C:\windows\system32\Drivers\Msft_Kernel_dc3d_01011.Wdf 2014-03-03 07:21 - 2014-03-03 07:21 - 04366336 ____N () C:\Users\Achim\Documents\Videc.pps 2014-03-01 21:20 - 2014-03-01 21:20 - 00001903 _____ () C:\Users\Achim\Downloads\bidibcv-13-103.zip 2014-03-01 19:05 - 2014-03-01 19:07 - 11329244 _____ () C:\Users\Achim\Downloads\Basis_Handbuch_2012.zip 2014-03-01 19:04 - 2014-03-01 19:12 - 97678190 _____ () C:\Users\Achim\Downloads\wdp2012_setup_demo.zip 2014-02-26 16:38 - 2014-02-26 16:39 - 06804223 _____ (rocrail.net ) C:\Users\Achim\Downloads\rocrail-6865-win32-wx3.0.exe 2014-02-24 16:51 - 2014-02-04 18:12 - 00011283 _____ () C:\Users\Achim\Downloads\BiDiBCV-13-101.xml 2014-02-24 16:24 - 2014-02-24 16:24 - 00000000 ____D () C:\Users\Achim\AppData\Local\VNT 2014-02-24 16:24 - 2014-02-24 16:24 - 00000000 ____D () C:\ProgramData\AskPartnerNetwork 2014-02-24 16:24 - 2014-02-24 16:24 - 00000000 ____D () C:\Program Files (x86)\VNT 2014-02-24 16:24 - 2014-02-24 16:24 - 00000000 ____D () C:\Program Files (x86)\AskPartnerNetwork 2014-02-24 16:23 - 2014-02-24 16:23 - 00000000 ____D () C:\Users\Achim\AppData\Roaming\Avira 2014-02-24 16:22 - 2014-02-24 16:22 - 00002026 _____ () C:\Users\Public\Desktop\Avira Control Center.lnk 2014-02-24 16:22 - 2014-02-24 16:22 - 00000000 ____D () C:\ProgramData\Avira 2014-02-24 16:22 - 2014-02-24 16:22 - 00000000 ____D () C:\Program Files (x86)\Avira 2014-02-24 16:22 - 2014-02-14 15:56 - 00131576 _____ (Avira Operations GmbH & Co. KG) C:\windows\system32\Drivers\avipbb.sys 2014-02-24 16:22 - 2014-02-14 15:56 - 00108440 _____ (Avira Operations GmbH & Co. KG) C:\windows\system32\Drivers\avgntflt.sys 2014-02-24 16:22 - 2014-02-14 15:56 - 00084720 _____ (Avira Operations GmbH & Co. KG) C:\windows\system32\Drivers\avnetflt.sys 2014-02-24 16:22 - 2014-02-14 15:56 - 00028600 _____ (Avira Operations GmbH & Co. KG) C:\windows\system32\Drivers\avkmgr.sys 2014-02-24 16:17 - 2014-02-24 16:19 - 146513592 _____ () C:\Users\Achim\Downloads\avira_antivirus_suite_de.exe ==================== One Month Modified Files and Folders ======= 2014-03-25 06:38 - 2014-03-24 17:50 - 00021320 _____ () C:\Users\Achim\Desktop\FRST.txt 2014-03-25 06:38 - 2014-03-24 17:50 - 00000000 ____D () C:\FRST 2014-03-25 06:00 - 2014-02-20 20:55 - 00001108 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineUA.job 2014-03-25 05:49 - 2013-06-24 09:36 - 00000884 _____ () C:\windows\Tasks\Adobe Flash Player Updater.job 2014-03-25 03:34 - 2014-03-24 22:42 - 00119512 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\MBAMSwissArmy.sys 2014-03-25 03:00 - 2012-04-18 02:32 - 01608141 _____ () C:\windows\WindowsUpdate.log 2014-03-24 23:20 - 2014-03-24 23:20 - 00000000 ____D () C:\Program Files (x86)\ESET 2014-03-24 23:18 - 2014-03-24 23:17 - 02347384 _____ (ESET) C:\Users\Achim\Downloads\esetsmartinstaller_enu.exe 2014-03-24 23:08 - 2014-03-24 23:08 - 00079064 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\jyde.sys 2014-03-24 23:08 - 2012-04-17 12:01 - 00000000 ____D () C:\windows\fi 2014-03-24 22:42 - 2009-07-14 05:45 - 00021216 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2014-03-24 22:42 - 2009-07-14 05:45 - 00021216 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2014-03-24 22:41 - 2014-03-24 22:41 - 00001062 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk 2014-03-24 22:41 - 2014-03-24 22:41 - 00000000 ____D () C:\ProgramData\Malwarebytes 2014-03-24 22:41 - 2014-03-24 22:41 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 2014-03-24 22:40 - 2014-03-24 22:38 - 17523384 _____ (Malwarebytes Corporation ) C:\Users\Achim\Downloads\mbam-setup-2.0.0.1000.exe 2014-03-24 22:39 - 2012-04-18 03:16 - 00778784 _____ () C:\windows\system32\perfh007.dat 2014-03-24 22:39 - 2012-04-18 03:16 - 00180298 _____ () C:\windows\system32\perfc007.dat 2014-03-24 22:39 - 2009-07-14 06:13 - 01842470 _____ () C:\windows\system32\PerfStringBackup.INI 2014-03-24 22:33 - 2013-03-06 16:43 - 00000000 ____D () C:\ProgramData\VMware 2014-03-24 22:31 - 2014-03-24 22:28 - 00000000 ____D () C:\ProgramData\boost_interprocess 2014-03-24 22:30 - 2014-02-20 20:55 - 00001104 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineCore.job 2014-03-24 22:29 - 2009-07-14 06:08 - 00000006 ____H () C:\windows\Tasks\SA.DAT 2014-03-24 22:29 - 2009-07-14 05:51 - 00098692 _____ () C:\windows\setupact.log 2014-03-24 22:27 - 2014-03-24 22:23 - 00000000 ____D () C:\AdwCleaner 2014-03-24 22:22 - 2014-03-24 22:22 - 01950720 _____ () C:\Users\Achim\Downloads\adwcleaner.exe 2014-03-24 22:21 - 2014-03-23 21:03 - 00000000 ____D () C:\windows\ACF5FE1B377240688B872D2A6EFD0A05.TMP 2014-03-24 22:20 - 2014-03-24 22:20 - 00000000 ____D () C:\windows\F94A63D79A61403B8F6F90B1BF77211A.TMP 2014-03-24 21:34 - 2014-03-24 21:34 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\Achim\Downloads\revosetup95(1).exe 2014-03-24 21:34 - 2014-03-24 21:34 - 00001224 _____ () C:\Users\Achim\Desktop\Revo Uninstaller.lnk 2014-03-24 21:34 - 2014-03-24 21:03 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group 2014-03-24 21:29 - 2014-03-24 21:29 - 00003270 _____ () C:\windows\System32\Tasks\{36856672-B43A-41EB-BE62-84DDB9F2AF63} 2014-03-24 21:15 - 2013-02-16 16:04 - 00000000 ____D () C:\Users\Achim\Documents\Outlook-Dateien 2014-03-24 21:02 - 2014-03-24 21:02 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\Achim\Downloads\revosetup95.exe 2014-03-24 20:48 - 2009-07-14 04:20 - 00000000 ____D () C:\windows\system32\NDF 2014-03-24 17:53 - 2014-03-24 17:51 - 00068714 _____ () C:\Users\Achim\Desktop\Addition.txt 2014-03-24 17:49 - 2014-03-24 17:49 - 02157056 _____ (Farbar) C:\Users\Achim\Desktop\FRST64.exe 2014-03-24 11:51 - 2012-04-17 10:39 - 00000830 _____ () C:\windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d.job 2014-03-24 11:35 - 2013-03-23 09:55 - 00000000 ____D () C:\Angebote 2014-03-23 22:52 - 2014-03-23 21:05 - 00000000 ____D () C:\Program Files\Enigma Software Group 2014-03-23 21:06 - 2014-03-23 21:06 - 00000000 _____ () C:\autoexec.bat 2014-03-22 19:31 - 2014-03-22 19:31 - 00001900 _____ () C:\Users\Achim\Downloads\bidibcv-13-101.zip 2014-03-21 11:29 - 2014-03-21 09:50 - 00075466 _____ () C:\Users\Achim\Downloads\Reisen mit dem Ortsverband.pptx 2014-03-20 07:47 - 2013-07-19 05:11 - 00000000 ____D () C:\windows\system32\MRT 2014-03-20 07:43 - 2013-02-08 16:45 - 90015360 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe 2014-03-18 15:18 - 2013-02-11 12:39 - 00000000 ____D () C:\Users\Achim\AppData\Local\VIDEC_GmbH 2014-03-18 14:07 - 2014-03-18 14:05 - 00001248 _____ () C:\Users\Public\Desktop\AIP Erste Schritte.lnk 2014-03-18 14:07 - 2014-03-18 14:05 - 00001057 _____ () C:\Users\Public\Desktop\AIP Simulator.lnk 2014-03-18 13:58 - 2013-03-25 13:25 - 00000073 _____ () C:\windows\DataBaseManager.INI 2014-03-16 20:36 - 2013-11-25 14:01 - 00000000 ____D () C:\ProgramData\ACRON 2014-03-16 11:10 - 2013-02-11 13:35 - 00000000 ____D () C:\Program Files (x86)\ACRON7 2014-03-16 10:14 - 2014-03-16 10:14 - 00822834 _____ () C:\Users\Achim\Documents\Vorlagen für die Kurzbeschreibung.pptx 2014-03-14 18:48 - 2013-02-11 13:27 - 00001050 _____ () C:\Users\Public\Desktop\TeamViewer 8.lnk 2014-03-14 16:30 - 2013-02-11 14:28 - 00000000 ____D () C:\Program Files (x86)\atvise 2014-03-14 15:54 - 2014-03-14 15:54 - 00000000 ____D () C:\Program Files\7-Zip 2014-03-14 15:43 - 2014-03-14 15:52 - 01376768 _____ () C:\Users\Achim\Downloads\7z920-x64.msi 2014-03-14 13:57 - 2009-07-14 05:45 - 00422424 _____ () C:\windows\system32\FNTCACHE.DAT 2014-03-14 13:55 - 2013-03-22 19:55 - 00000000 ____D () C:\Program Files\Microsoft Silverlight 2014-03-14 13:55 - 2013-03-22 19:55 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight 2014-03-14 13:55 - 2010-11-21 04:47 - 00683058 _____ () C:\windows\PFRO.log 2014-03-14 13:51 - 2013-02-11 09:57 - 00000000 ____D () C:\ProgramData\Microsoft Help 2014-03-13 22:23 - 2014-02-19 14:51 - 00000000 ____D () C:\Users\Achim\AppData\Local\WinZip 2014-03-12 15:49 - 2013-06-24 09:36 - 00692616 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerApp.exe 2014-03-12 15:49 - 2013-06-24 09:36 - 00071048 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl 2014-03-12 15:49 - 2013-06-24 09:36 - 00003822 _____ () C:\windows\System32\Tasks\Adobe Flash Player Updater 2014-03-09 19:31 - 2014-03-09 13:30 - 00983128 _____ () C:\Users\Achim\Documents\Präsentation2.pptx 2014-03-08 20:41 - 2014-03-08 20:40 - 02098867 _____ () C:\Users\Achim\Downloads\BiDiB-Monitor.zip 2014-03-05 14:48 - 2013-05-04 10:37 - 00000000 ____D () C:\Hirthammer 2014-03-05 09:26 - 2014-03-24 22:41 - 00088280 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbamchameleon.sys 2014-03-05 09:26 - 2014-03-24 22:41 - 00063192 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mwac.sys 2014-03-05 09:26 - 2014-03-24 22:41 - 00025816 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbam.sys 2014-03-04 17:28 - 2013-11-25 16:52 - 00000000 ____D () C:\Users\Public\Documents\ACRON 2014-03-04 17:27 - 2013-04-05 18:00 - 00000000 ____D () C:\Users\Achim\Documents\Acron 2014-03-04 17:13 - 2013-02-11 09:52 - 00114776 _____ () C:\Users\Achim\AppData\Local\GDIPFONTCACHEV1.DAT 2014-03-04 17:10 - 2014-03-04 17:04 - 00000000 ____D () C:\Program Files\ACRON8 2014-03-04 17:10 - 2013-02-11 13:59 - 00002057 _____ () C:\windows\ODBCINST.INI 2014-03-04 17:09 - 2014-03-04 17:09 - 00000863 _____ () C:\Users\Public\Desktop\ACRON Erste Schritte.lnk 2014-03-04 17:09 - 2014-03-04 17:09 - 00000773 _____ () C:\Users\Public\Desktop\ACRON Graph.lnk 2014-03-04 17:09 - 2014-03-04 17:09 - 00000767 _____ () C:\Users\Public\Desktop\ACRON Reporter.lnk 2014-03-04 17:05 - 2014-03-04 17:05 - 00003118 _____ () C:\windows\System32\Tasks\Microsoft_Hardware_Launch_mousekeyboardcenter_exe 2014-03-04 17:05 - 2014-03-04 17:05 - 00003092 _____ () C:\windows\System32\Tasks\Microsoft_Hardware_Launch_ipoint_exe 2014-03-04 17:05 - 2014-03-04 17:05 - 00003090 _____ () C:\windows\System32\Tasks\Microsoft_Hardware_Launch_itype_exe 2014-03-04 17:05 - 2014-03-04 17:05 - 00003062 _____ () C:\windows\System32\Tasks\Microsoft_MKC_Logon_Task_ipoint.exe 2014-03-04 17:05 - 2014-03-04 17:05 - 00003060 _____ () C:\windows\System32\Tasks\Microsoft_MKC_Logon_Task_itype.exe 2014-03-04 17:05 - 2014-03-04 17:05 - 00000000 ____H () C:\windows\system32\Drivers\Msft_Kernel_point64_01011.Wdf 2014-03-04 17:04 - 2014-03-04 17:04 - 00000000 ____D () C:\Program Files\Microsoft Mouse and Keyboard Center 2014-03-04 16:59 - 2014-03-04 16:59 - 00000000 ____H () C:\windows\system32\Drivers\Msft_Kernel_dc3d_01011.Wdf 2014-03-03 07:21 - 2014-03-03 07:21 - 04366336 ____N () C:\Users\Achim\Documents\Videc.pps 2014-03-02 21:18 - 2013-12-28 10:17 - 00000000 ____D () C:\Users\Achim\Desktop\00 Anlagendokumentation 2014-03-01 21:20 - 2014-03-01 21:20 - 00001903 _____ () C:\Users\Achim\Downloads\bidibcv-13-103.zip 2014-03-01 19:12 - 2014-03-01 19:04 - 97678190 _____ () C:\Users\Achim\Downloads\wdp2012_setup_demo.zip 2014-03-01 19:07 - 2014-03-01 19:05 - 11329244 _____ () C:\Users\Achim\Downloads\Basis_Handbuch_2012.zip 2014-03-01 07:05 - 2014-03-14 10:34 - 23133696 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll 2014-03-01 06:17 - 2014-03-14 10:35 - 02724864 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb 2014-03-01 06:16 - 2014-03-14 10:35 - 00004096 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollectorres.dll 2014-03-01 05:58 - 2014-03-14 10:35 - 02765824 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll 2014-03-01 05:52 - 2014-03-14 10:34 - 00066048 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll 2014-03-01 05:51 - 2014-03-14 10:35 - 00048640 _____ (Microsoft Corporation) C:\windows\system32\ieetwproxystub.dll 2014-03-01 05:42 - 2014-03-14 10:34 - 00053760 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll 2014-03-01 05:40 - 2014-03-14 10:35 - 00033792 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll 2014-03-01 05:37 - 2014-03-14 10:34 - 00574976 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll 2014-03-01 05:33 - 2014-03-14 10:34 - 00139264 _____ (Microsoft Corporation) C:\windows\system32\ieUnatt.exe 2014-03-01 05:33 - 2014-03-14 10:34 - 00111616 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollector.exe 2014-03-01 05:32 - 2014-03-14 10:34 - 00708608 _____ (Microsoft Corporation) C:\windows\system32\jscript9diag.dll 2014-03-01 05:30 - 2014-03-14 10:35 - 17074688 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll 2014-03-01 05:23 - 2014-03-14 10:34 - 00940032 _____ (Microsoft Corporation) C:\windows\system32\MsSpellCheckingFacility.exe 2014-03-01 05:17 - 2014-03-14 10:34 - 00218624 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe 2014-03-01 05:11 - 2014-03-14 10:34 - 02724864 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.tlb 2014-03-01 05:02 - 2014-03-14 10:34 - 00195584 _____ (Microsoft Corporation) C:\windows\system32\msrating.dll 2014-03-01 04:54 - 2014-03-14 10:34 - 05768704 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll 2014-03-01 04:52 - 2014-03-14 10:35 - 00061952 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesetup.dll 2014-03-01 04:51 - 2014-03-14 10:35 - 00051200 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieetwproxystub.dll 2014-03-01 04:47 - 2014-03-14 10:35 - 02168320 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll 2014-03-01 04:43 - 2014-03-14 10:35 - 00043008 _____ (Microsoft Corporation) C:\windows\SysWOW64\jsproxy.dll 2014-03-01 04:43 - 2014-03-14 10:35 - 00032768 _____ (Microsoft Corporation) C:\windows\SysWOW64\iernonce.dll 2014-03-01 04:42 - 2014-03-14 10:34 - 00627200 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll 2014-03-01 04:40 - 2014-03-14 10:34 - 00440832 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieui.dll 2014-03-01 04:38 - 2014-03-14 10:34 - 00112128 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieUnatt.exe 2014-03-01 04:37 - 2014-03-14 10:35 - 00553472 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9diag.dll 2014-03-01 04:35 - 2014-03-14 10:34 - 02041856 _____ (Microsoft Corporation) C:\windows\system32\inetcpl.cpl 2014-03-01 04:18 - 2014-03-14 10:34 - 13051904 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll 2014-03-01 04:16 - 2014-03-14 10:34 - 00164864 _____ (Microsoft Corporation) C:\windows\SysWOW64\msrating.dll 2014-03-01 04:14 - 2014-03-14 10:34 - 04244480 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll 2014-03-01 04:10 - 2014-03-14 10:34 - 02334208 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll 2014-03-01 04:03 - 2014-03-14 10:35 - 00524288 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll 2014-03-01 04:00 - 2014-03-14 10:35 - 01964032 _____ (Microsoft Corporation) C:\windows\SysWOW64\inetcpl.cpl 2014-03-01 03:57 - 2014-03-14 10:34 - 11266048 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll 2014-03-01 03:38 - 2014-03-14 10:35 - 01393664 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll 2014-03-01 03:32 - 2014-03-14 10:34 - 01820160 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll 2014-03-01 03:27 - 2014-03-14 10:35 - 01156096 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll 2014-03-01 03:25 - 2014-03-14 10:34 - 00817664 _____ (Microsoft Corporation) C:\windows\system32\ieapfltr.dll 2014-03-01 03:25 - 2014-03-14 10:34 - 00703488 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieapfltr.dll 2014-02-26 17:02 - 2013-05-20 17:35 - 00000000 ____D () C:\Users\Achim\AppData\Roaming\WinTrack 2014-02-26 16:39 - 2014-02-26 16:38 - 06804223 _____ (rocrail.net ) C:\Users\Achim\Downloads\rocrail-6865-win32-wx3.0.exe 2014-02-24 16:24 - 2014-02-24 16:24 - 00000000 ____D () C:\Users\Achim\AppData\Local\VNT 2014-02-24 16:24 - 2014-02-24 16:24 - 00000000 ____D () C:\ProgramData\AskPartnerNetwork 2014-02-24 16:24 - 2014-02-24 16:24 - 00000000 ____D () C:\Program Files (x86)\VNT 2014-02-24 16:24 - 2014-02-24 16:24 - 00000000 ____D () C:\Program Files (x86)\AskPartnerNetwork 2014-02-24 16:23 - 2014-02-24 16:23 - 00000000 ____D () C:\Users\Achim\AppData\Roaming\Avira 2014-02-24 16:22 - 2014-02-24 16:22 - 00002026 _____ () C:\Users\Public\Desktop\Avira Control Center.lnk 2014-02-24 16:22 - 2014-02-24 16:22 - 00000000 ____D () C:\ProgramData\Avira 2014-02-24 16:22 - 2014-02-24 16:22 - 00000000 ____D () C:\Program Files (x86)\Avira 2014-02-24 16:19 - 2014-02-24 16:17 - 146513592 _____ () C:\Users\Achim\Downloads\avira_antivirus_suite_de.exe 2014-02-24 16:00 - 2013-03-29 21:44 - 00000000 ____D () C:\Users\Achim\AppData\Roaming\Skype 2014-02-24 15:58 - 2013-09-05 06:53 - 00000000 ____D () C:\Users\Achim\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SmartTools 2014-02-24 15:58 - 2012-04-17 11:02 - 00000000 ____D () C:\Program Files (x86)\Samsung 2014-02-24 15:55 - 2012-04-17 10:38 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information 2014-02-24 15:52 - 2013-10-18 19:10 - 00000000 ____D () C:\Program Files (x86)\ELECTRA_250 2014-02-24 15:08 - 2009-07-14 04:20 - 00000000 ____D () C:\windows\rescache Some content of TEMP: ==================== C:\Users\Achim\AppData\Local\Temp\avgnt.exe C:\Users\Achim\AppData\Local\Temp\Quarantine.exe C:\Users\Achim\AppData\Local\Temp\RHSetup.exe C:\Users\Achim\AppData\Local\Temp\SHSetup.exe ==================== Bamital & volsnap Check ================= C:\Windows\System32\winlogon.exe => MD5 is legit C:\Windows\System32\wininit.exe => MD5 is legit C:\Windows\SysWOW64\wininit.exe => MD5 is legit C:\Windows\explorer.exe => MD5 is legit C:\Windows\SysWOW64\explorer.exe => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\SysWOW64\svchost.exe => MD5 is legit C:\Windows\System32\services.exe => MD5 is legit C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\SysWOW64\User32.dll => MD5 is legit C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\SysWOW64\userinit.exe => MD5 is legit C:\Windows\System32\rpcss.dll => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit LastRegBack: 2014-03-20 12:17 ==================== End Of Log ============================ --- --- --- das war das logfile von frst |
|
Hybrid-Darstellung
