| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Spam Mails werden von yahoo account verschickt - auch nach PasswortänderungWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
28.03.2014, 13:58
| #1 |
| |  Spam Mails werden von yahoo account verschickt - auch nach Passwortänderung Hallo, mein Problem ist folgendes: Ende letzten Jahres wurden von meinem Yahoo account SPAM Mails verschickt. Daraufhin habe ich das Passwort geändert, Virenscanner hat seiner Zeit keinen Befall feststellen können. Jetzt habe ich gestern von verschiedenen Bekannten mitgeteilt bekommen, dass wieder Spam Mails verschickt wurden  Hier die geforderten Log Files: Code:
ATTFilter defogger_disable by jpshortstuff (23.02.10.1)
Log created at 13:06 on 28/03/2014 (andreas)
Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.
Checking for services/drivers...
-=E.O.F=-
FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 13-03-2014
Ran by andreas (administrator) on ANDREAS-PC on 28-03-2014 13:10:11
Running from C:\Users\andreas\Desktop
Windows 7 Home Premium Service Pack 1 (X64) OS Language: English(US)
Internet Explorer Version 11
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(NVIDIA Corporation) C:\windows\system32\nvvsvc.exe
(NVIDIA Corporation) C:\windows\system32\nvvsvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Microsoft Corporation) C:\windows\SysWOW64\svchost.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(Starfield Technologies) C:\Program Files (x86)\Workspace\offSyncService.exe
() C:\windows\SysWOW64\Rezip.exe
(SafeNet, Inc.) C:\Program Files\SafeNet\Authentication\SAC\x64\SACSrv.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Yahoo! Inc.) C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(SEC) C:\Program Files (x86)\Samsung\Samsung Recovery Solution 4\WCScheduler.exe
(Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\Easy Display Manager\dmhkcore.exe
(SAMSUNG Electronics) C:\Program Files (x86)\Samsung\Samsung Support Center\SSCKbdHk.exe
(Samsung Electronics Co., Ltd.) C:\Program Files (x86)\SAMSUNG\EasySpeedUpManager\EasySpeedUpManager.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.22.5\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.22.5\GoogleCrashHandler64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Microsoft Corporation) C:\Windows\WindowsMobile\wmdc.exe
(Akamai Technologies, Inc.) C:\Users\andreas\AppData\Local\Akamai\netsession_win.exe
(Starfield Technologies) C:\Users\andreas\AppData\Local\Workspace\workspaceupdate.exe
(Starfield Technologies) C:\Users\andreas\AppData\Local\Workspace\workspacestatus.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(Dropbox, Inc.) C:\Users\andreas\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Akamai Technologies, Inc.) C:\Users\andreas\AppData\Local\Akamai\netsession_win.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD8\PDVD8Serv.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Nero AG) C:\Program Files (x86)\Nero\Update\NASvc.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
() C:\Users\andreas\Desktop\Defogger.exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2074408 2010-02-26] (Synaptics Incorporated)
HKLM\...\Run: [NvCplDaemon] - C:\windows\system32\NvCpl.dll [16413288 2010-02-09] (NVIDIA Corporation)
HKLM\...\Run: [Windows Mobile Device Center] - C:\Windows\WindowsMobile\wmdc.exe [660360 2007-05-31] (Microsoft Corporation)
HKLM-x32\...\Run: [RemoteControl8] - C:\Program Files (x86)\CyberLink\PowerDVD8\PDVD8Serv.exe [91432 2009-04-15] (CyberLink Corp.)
HKLM-x32\...\Run: [PDVD8LanguageShortcut] - C:\Program Files (x86)\CyberLink\PowerDVD8\Language\Language.exe [50472 2009-04-15] (CyberLink Corp.)
HKLM-x32\...\Run: [GrooveMonitor] - C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
HKLM-x32\...\Run: [Ad-Aware Browsing Protection] - C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe [198032 2011-10-21] (Lavasoft)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [avgnt] - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [689744 2014-02-20] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM-x32\...\Run: [HP Software Update] - C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard)
HKLM-x32\...\Run: [] - [X]
HKU\S-1-5-21-522234228-4192544273-3428825822-1001\...\Run: [Akamai NetSession Interface] - C:\Users\andreas\AppData\Local\Akamai\netsession_win.exe [4489472 2013-06-05] (Akamai Technologies, Inc.)
HKU\S-1-5-21-522234228-4192544273-3428825822-1001\...\Run: [swg] - C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2011-08-06] (Google Inc.)
HKU\S-1-5-21-522234228-4192544273-3428825822-1001\...\Run: [Starfield Updater] - C:\Users\andreas\AppData\Local\Workspace\WorkspaceUpdate.exe [35008 2013-05-26] (Starfield Technologies)
HKU\S-1-5-21-522234228-4192544273-3428825822-1001\...\Run: [Workspace Status] - C:\Users\andreas\AppData\Local\Workspace\workspacestatus.exe [694760 2013-07-26] (Starfield Technologies)
HKU\S-1-5-21-522234228-4192544273-3428825822-1001\...\Run: [Skype] - C:\Program Files (x86)\Skype\Phone\Skype.exe [20922016 2014-02-10] (Skype Technologies S.A.)
HKU\S-1-5-21-522234228-4192544273-3428825822-1001\...\MountPoints2: F - F:\AutoRun.exe
HKU\S-1-5-21-522234228-4192544273-3428825822-1001\...\MountPoints2: {32f51433-89e1-11e0-97a7-002454e954ae} - F:\AutoRun.exe
HKU\S-1-5-21-522234228-4192544273-3428825822-1001\...\MountPoints2: {32f51450-89e1-11e0-97a7-002454e954ae} - F:\AutoRun.exe
HKU\S-1-5-21-522234228-4192544273-3428825822-1001\...\MountPoints2: {41887a51-d21b-11e0-bf74-18f46a98bd77} - F:\AutoRun.exe
HKU\S-1-5-21-522234228-4192544273-3428825822-1001\...\MountPoints2: {6b2f40ea-8e7a-11e0-8377-001e101f57d0} - F:\AutoRun.exe
HKU\S-1-5-21-522234228-4192544273-3428825822-1001\...\MountPoints2: {6c622be6-6ed1-11e3-88f1-b093d91fc81a} - F:\Autorun.exe
HKU\S-1-5-21-522234228-4192544273-3428825822-1001\...\MountPoints2: {724dbaef-39fa-11e2-89df-c98f64111666} - F:\Autorun.exe
HKU\S-1-5-21-522234228-4192544273-3428825822-1001\...\MountPoints2: {7aa5abac-6b8b-11e2-b97e-1ef46a98bd77} - F:\Autorun.exe
HKU\S-1-5-21-522234228-4192544273-3428825822-1001\...\MountPoints2: {e67be80c-e7ab-11e2-bc21-18f46a98bd77} - G:\AutoRun.exe
Startup: C:\Users\andreas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\andreas\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
Startup: C:\Users\andreas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
ShortcutTarget: OneNote 2007 Screen Clipper and Launcher.lnk -> C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:Tabs
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://de.yahoo.com/?fr=fp-yie9
SearchScopes: HKCU - DefaultScope {F3EC1F04-D859-491B-921C-C994A33669CD} URL = hxxp://search.zonealarm.com/search?src=sp&tbid=goughGA&Lan=de&q={searchTerms}&gu=386d05aab96640798e6ea6ac9f50f5fc&tu=10GXz00Au1C01g0&sku=&tstsId=&ver=&&r=334
SearchScopes: HKCU - {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = hxxp://search.babylon.com/?q={searchTerms}&AF=108760&babsrc=SP_ss&mntrId=c641592b0000000000001ef46a98bd77
SearchScopes: HKCU - {171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E} URL = hxxp://websearch.ask.com/redirect?client=ie&tb=WBG&o=15132&src=crm&q={searchTerms}&locale=en_US
SearchScopes: HKCU - {3BD44F0E-0596-4008-AEE0-45D47E3A8F0E} URL = hxxp://www.google.com/search?ie=utf-8&oe=utf-8&mssrc=ms_chr&mstb=adawaretb&q={searchTerms}
SearchScopes: HKCU - {92C33D4D-06C3-49C7-9BDC-3A342E3899AD} URL = hxxp://de.search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=chr-yie9
SearchScopes: HKCU - {AD20EAA2-12B9-46B5-BBB3-32A3A31661D2} URL = hxxp://www.flickr.com/search/?q={searchTerms}
SearchScopes: HKCU - {F3EC1F04-D859-491B-921C-C994A33669CD} URL = hxxp://search.zonealarm.com/search?src=sp&tbid=goughGA&Lan=de&q={searchTerms}&gu=386d05aab96640798e6ea6ac9f50f5fc&tu=10GXz00Au1C01g0&sku=&tstsId=&ver=&&r=334
BHO: Windows Live Family Safety Browser Helper Class - {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - C:\Program Files\Windows Live\Family Safety\fssbho.dll (Microsoft Corporation)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
BHO: Skype add-on for Internet Explorer - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)
BHO-x32: BFlix Class - {0C9F4179-6CE2-4c6a-A3E5-67FF3592A12E} - C:\Program Files (x86)\BFlix\BFlix.dll (BFlix)
BHO-x32: No Name - {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO-x32: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO-x32: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO-x32: Skype Browser Helper - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: Google Gears Helper - {E0FEFE40-FBF9-42AE-BA58-794CA7E3FB53} - C:\Program Files (x86)\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll (Google Inc.)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKCU - No Name - {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
Toolbar: HKCU - Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
DPF: HKLM-x32 {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)
Handler-x32: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
Handler-x32: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
Tcpip\..\Interfaces\{011E7012-FCC3-417B-B375-8A252ADD8B30}: [NameServer]193.189.244.206 193.189.244.225
Tcpip\..\Interfaces\{708DB8B2-E39B-4BEE-842B-07EC99E3E497}: [NameServer]193.189.244.206 193.189.244.225
Tcpip\..\Interfaces\{8B8CA7B7-057C-43EE-9A22-091EB0577D86}: [NameServer]193.189.244.206 193.189.244.225
FireFox:
========
FF ProfilePath: C:\Users\andreas\AppData\Roaming\Mozilla\Firefox\Profiles\f3er6lil.default
FF user.js: detected! => C:\Users\andreas\AppData\Roaming\Mozilla\Firefox\Profiles\f3er6lil.default\user.js
FF Homepage: hxxp://yahoo.de/
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/FlashPlayer - C:\windows\system32\Macromed\Flash\NPSWF64_11_1_102.dll ()
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF Plugin-x32: @checkpoint.com/FFApi - C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\npFFApi.dll No File
FF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @java.com/DTPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=14.0.8117.0416 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @starfield.com/off - C:\Users\andreas\AppData\Roaming\Mozilla\Plugins\npoff.dll ( Starfield Technologies, LLC.)
FF Plugin HKCU: @starfield.com/off64 - C:\Users\andreas\AppData\Roaming\Mozilla\Plugins\npoff64.dll ( Starfield Technologies, LLC.)
FF Plugin HKCU: @starfield.com/wbe - C:\Users\andreas\AppData\Roaming\Mozilla\Plugins\npwbe.dll (Starfield Technology, LLC)
FF Plugin HKCU: @starfield.com/wbe64 - C:\Users\andreas\AppData\Roaming\Mozilla\Plugins\npwbe64.dll (Starfield Technology, LLC)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Users\andreas\AppData\Roaming\mozilla\plugins\npoff.dll ( Starfield Technologies, LLC.)
FF Plugin ProgramFiles/Appdata: C:\Users\andreas\AppData\Roaming\mozilla\plugins\npoff64.dll ( Starfield Technologies, LLC.)
FF Plugin ProgramFiles/Appdata: C:\Users\andreas\AppData\Roaming\mozilla\plugins\npwbe.dll (Starfield Technology, LLC)
FF Plugin ProgramFiles/Appdata: C:\Users\andreas\AppData\Roaming\mozilla\plugins\npwbe64.dll (Starfield Technology, LLC)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: WBE Paste - C:\Users\andreas\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\wbepaste@starfield [2013-05-26]
FF Extension: Workspace Email Zoom - C:\Users\andreas\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\zoomext@starfield [2013-05-26]
FF Extension: Bflix extension - C:\Users\andreas\AppData\Roaming\Mozilla\Firefox\Profiles\f3er6lil.default\Extensions\info@thebflix.com [2012-01-28]
FF Extension: loadtbs - C:\Users\andreas\AppData\Roaming\Mozilla\Firefox\Profiles\f3er6lil.default\Extensions\software@loadtubes.com [2013-12-14]
FF Extension: Yahoo! Toolbar - C:\Users\andreas\AppData\Roaming\Mozilla\Firefox\Profiles\f3er6lil.default\Extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1} [2013-12-15]
FF Extension: Bluhell Firewall - C:\Users\andreas\AppData\Roaming\Mozilla\Firefox\Profiles\f3er6lil.default\Extensions\{6BB5760D-F97E-421B-AF5B-8457A90C3CED}.xpi [2013-12-15]
FF Extension: No Name - C:\Program Files (x86)\Mozilla Firefox\extensions\KavAntiBanner@Kaspersky.ru [2014-02-28]
FF Extension: Anti-Banner - C:\Program Files (x86)\Mozilla Firefox\extensions\KavAntiBanner@kaspersky.ru_bak [2014-02-28]
FF Extension: No Name - C:\Program Files (x86)\Mozilla Firefox\extensions\linkfilter@kaspersky.ru [2014-02-28]
FF Extension: Modul zur Link-Untersuchung - C:\Program Files (x86)\Mozilla Firefox\extensions\linkfilter@kaspersky.ru_bak [2014-02-28]
FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2014-03-03]
FF HKLM-x32\...\Firefox\Extensions: [{000a9d1c-beef-4f90-9363-039d445309b8}] - C:\Program Files (x86)\Google\Google Gears\Firefox\
FF Extension: Google Gears - C:\Program Files (x86)\Google\Google Gears\Firefox\ []
FF HKLM-x32\...\Firefox\Extensions: [virtualKeyboard@kaspersky.ru] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\FFExt\virtualKeyboard@kaspersky.ru
FF HKLM-x32\...\Firefox\Extensions: [KavAntiBanner@Kaspersky.ru] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\FFExt\KavAntiBanner@kaspersky.ru
FF HKLM-x32\...\Firefox\Extensions: [linkfilter@kaspersky.ru] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\FFExt\linkfilter@kaspersky.ru
FF HKLM-x32\...\Firefox\Extensions: [{FFB96CC1-7EB3-449D-B827-DB661701C6BB}] - C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker
Chrome:
=======
CHR DefaultSearchURL: hxxp://www.google.de/search?hl=de&source=hp&q={searchTerms}
CHR DefaultNewTabURL:
CHR Extension: (Google Docs) - C:\Users\andreas\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-12-13]
CHR Extension: (Google Drive) - C:\Users\andreas\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-12-13]
CHR Extension: (YouTube) - C:\Users\andreas\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-12-13]
CHR Extension: (Google Search) - C:\Users\andreas\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-12-13]
CHR Extension: (Bflix extension) - C:\Users\andreas\AppData\Local\Google\Chrome\User Data\Default\Extensions\jlfihafpijfdgmojeeigcldgchhojpfp [2014-03-04]
CHR Extension: (Skype Click to Call) - C:\Users\andreas\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2014-03-04]
CHR Extension: (Google Wallet) - C:\Users\andreas\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-23]
CHR Extension: (Gmail) - C:\Users\andreas\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-12-13]
CHR HKLM-x32\...\Chrome\Extension: [jlfihafpijfdgmojeeigcldgchhojpfp] - C:\Program Files (x86)\BFlix\BFlix.crx [2011-12-19]
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2014-03-03]
==================== Services (Whitelisted) =================
R2 Akamai; c:\program files (x86)\common files\akamai/netsession_win_8fa3539.dll [4569856 2013-07-01] (Akamai Technologies, Inc.)
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [440400 2014-02-20] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [440400 2014-02-20] (Avira Operations GmbH & Co. KG)
S4 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\avwebg7.exe [1017424 2014-02-20] (Avira Operations GmbH & Co. KG)
S3 Autodesk Licensing Service; C:\Program Files (x86)\Common Files\Autodesk Shared\Service\AdskScSrv.exe [77944 2011-03-08] (Autodesk)
R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1363584 2014-03-03] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1748608 2014-03-03] (Microsoft Corporation)
R2 File Backup; C:\Program Files (x86)\Workspace\offSyncService.exe [1187040 2013-07-22] (Starfield Technologies)
R2 Rezip; C:\windows\SysWOW64\Rezip.exe [311296 2009-03-05] ()
R2 SACSrv; C:\Program Files\SafeNet\Authentication\SAC\x64\SACSrv.exe [10712 2011-10-02] (SafeNet, Inc.)
S4 mcmscsvc; C:\PROGRA~2\McAfee\MSC\mcmscsvc.exe [X]
S4 McNASvc; "c:\PROGRA~2\COMMON~1\mcafee\mna\mcnasvc.exe" [X]
S4 McProxy; c:\PROGRA~2\COMMON~1\mcafee\mcproxy\mcproxy.exe [X]
S4 MpfService; "C:\Program Files (x86)\McAfee\MPF\MPFSrv.exe" [X]
S2 MSK80Service; "C:\Program Files (x86)\McAfee\MSK\MskSrver.exe" [X]
==================== Drivers (Whitelisted) ====================
R3 AKSIFDH; C:\Windows\System32\DRIVERS\aksifdh.sys [62632 2008-07-30] (Aladdin Knowledge Systems, Ltd.)
S3 AKSUP; C:\Windows\System32\drivers\aksup.sys [44712 2008-07-30] (Aladdin Knowledge Systems, Ltd.)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [108440 2013-12-09] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [131576 2013-12-09] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-12-09] (Avira Operations GmbH & Co. KG)
R2 avnetflt; C:\Windows\System32\DRIVERS\avnetflt.sys [84720 2013-12-09] (Avira Operations GmbH & Co. KG)
S3 ewusbnet; C:\Windows\System32\DRIVERS\ewusbnet.sys [243200 2009-10-21] (Huawei Technologies Co., Ltd.)
S3 hwusbdev; C:\Windows\System32\DRIVERS\ewusbdev.sys [114304 2009-10-12] (Huawei Technologies Co., Ltd.)
R3 iKeyEnum; C:\Windows\System32\DRIVERS\ikeyenum.sys [16160 2010-07-08] (SafeNet, Inc.)
R3 iKeyIFD; C:\Windows\System32\DRIVERS\ikeyifd.sys [22304 2010-07-08] (SafeNet, Inc.)
U5 klflt; C:\Windows\System32\Drivers\klflt.sys [89944 2013-02-21] (Kaspersky Lab)
S4 MPFP; C:\Windows\System32\Drivers\Mpfp.sys [176144 2010-07-15] (McAfee, Inc.)
U5 RnbToken; C:\Windows\System32\Drivers\RnbToken.sys [24352 2010-07-08] (SafeNet, Inc.)
S3 rtport; C:\windows\SysWOW64\drivers\rtport.sys [15144 2010-11-05] (Windows (R) 2003 DDK 3790 provider)
S4 Serial; C:\Windows\system32\DRIVERS\serial.sys [94208 2009-07-14] (Brother Industries Ltd.)
S3 yukonw7; C:\Windows\System32\DRIVERS\yk62x64.sys [395264 2009-09-28] ()
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2014-03-28 13:10 - 2014-03-28 13:10 - 00024591 _____ () C:\Users\andreas\Desktop\FRST.txt
2014-03-28 13:10 - 2014-03-28 13:10 - 00000000 ____D () C:\FRST
2014-03-28 13:09 - 2014-03-28 13:09 - 02157056 _____ (Farbar) C:\Users\andreas\Desktop\FRST64.exe
2014-03-28 13:08 - 2014-03-28 13:09 - 02157056 _____ (Farbar) C:\Users\andreas\Downloads\FRST64.exe
2014-03-28 13:07 - 2014-03-28 13:07 - 01145856 _____ (Farbar) C:\Users\andreas\Downloads\FRST.exe
2014-03-28 13:06 - 2014-03-28 13:06 - 00000476 _____ () C:\Users\andreas\Desktop\defogger_disable.log
2014-03-28 13:06 - 2014-03-28 13:06 - 00000000 _____ () C:\Users\andreas\defogger_reenable
2014-03-28 13:05 - 2014-03-28 13:05 - 00050477 _____ () C:\Users\andreas\Downloads\Defogger.exe
2014-03-28 13:05 - 2014-03-28 13:05 - 00050477 _____ () C:\Users\andreas\Desktop\Defogger.exe
2014-03-28 10:00 - 2014-03-28 10:00 - 00167424 _____ () C:\Users\andreas\Downloads\OBRASCI ZAVRSNI 2013 - SEMNONES (2).xls
2014-03-28 09:59 - 2014-03-28 09:59 - 00167424 _____ () C:\Users\andreas\Downloads\OBRASCI ZAVRSNI 2013 - SEMNONES (1).xls
2014-03-28 09:57 - 2014-03-28 09:57 - 00167424 _____ () C:\Users\andreas\Downloads\OBRASCI ZAVRSNI 2013 - SEMNONES.xls
2014-03-22 14:26 - 2014-03-22 14:33 - 00064000 ____H () C:\Users\Guest\Desktop\~WRL3555.tmp
2014-03-22 13:25 - 2014-03-22 13:34 - 00009169 _____ () C:\Users\andreas\Documents\Bieter.xlsx
2014-03-22 09:03 - 2014-03-22 09:03 - 00000000 ____D () C:\Users\Guest\AppData\Local\Adobe
2014-03-22 09:02 - 2014-03-22 09:02 - 00000000 ____D () C:\Users\Guest\AppData\Local\Google
2014-03-22 08:35 - 2014-03-22 08:35 - 00000000 ____D () C:\Users\Guest\AppData\Roaming\Avira
2014-03-22 08:29 - 2014-03-22 08:29 - 00000000 ____H () C:\windows\system32\Drivers\Msft_User_wpdcomp_01_09_00.Wdf
2014-03-22 06:45 - 2014-03-22 06:45 - 00000000 ____D () C:\Users\Guest\Desktop\Bieterregistrierungen
2014-03-21 16:09 - 2014-03-27 22:58 - 00003942 _____ () C:\windows\System32\Tasks\User_Feed_Synchronization-{92299EF7-1E5C-417C-864B-B520F20C2A67}
2014-03-20 23:33 - 2014-03-22 15:21 - 00000000 ____D () C:\Users\Guest\Desktop\forms
2014-03-20 23:33 - 2014-03-20 23:33 - 00000000 ____D () C:\Users\Guest\Desktop\logo avus
2014-03-20 23:20 - 2014-03-20 23:20 - 00000000 ____D () C:\Users\Guest\AppData\Local\adaware
2014-03-20 23:19 - 2014-03-25 10:52 - 00000000 ____D () C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CyberLink DVD Suite
2014-03-20 23:19 - 2014-03-22 09:03 - 00000000 ____D () C:\Users\Guest\AppData\Roaming\Adobe
2014-03-20 23:19 - 2014-03-20 23:20 - 00000000 ___RD () C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-03-20 23:19 - 2014-03-20 23:20 - 00000000 ___RD () C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2014-03-20 23:19 - 2014-03-20 23:20 - 00000000 ____D () C:\Users\Guest\AppData\Local\VirtualStore
2014-03-20 23:19 - 2014-03-20 23:19 - 00001413 _____ () C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-03-20 23:19 - 2014-03-20 23:19 - 00000020 ___SH () C:\Users\Guest\ntuser.ini
2014-03-20 23:19 - 2014-03-20 23:19 - 00000000 ____D () C:\Users\Guest\AppData\Local\offsync
2014-03-20 23:19 - 2014-03-20 23:19 - 00000000 ____D () C:\Users\Guest
2014-03-20 23:19 - 2011-03-10 16:30 - 00000000 ____D () C:\Users\Guest\AppData\Local\Microsoft Help
2014-03-20 23:19 - 2011-03-06 19:34 - 00001135 _____ () C:\Users\Guest\Desktop\CyberLink YouCam.lnk
2014-03-20 23:19 - 2011-03-06 19:34 - 00000000 ____D () C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CyberLink YouCam
2014-03-20 23:19 - 2010-08-04 03:37 - 00001190 _____ () C:\Users\Guest\Desktop\CyberLink DVD Suite.lnk
2014-03-20 23:19 - 2009-07-14 05:54 - 00000000 ___RD () C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2014-03-20 23:19 - 2009-07-14 05:49 - 00000000 ___RD () C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2014-03-13 21:26 - 2014-03-01 06:17 - 02724864 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb
2014-03-13 21:26 - 2014-03-01 06:16 - 00004096 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollectorres.dll
2014-03-13 21:26 - 2014-03-01 05:58 - 02765824 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
2014-03-13 21:26 - 2014-03-01 05:52 - 00066048 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll
2014-03-13 21:26 - 2014-03-01 05:51 - 00048640 _____ (Microsoft Corporation) C:\windows\system32\ieetwproxystub.dll
2014-03-13 21:26 - 2014-03-01 05:40 - 00033792 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll
2014-03-13 21:26 - 2014-03-01 05:30 - 17074688 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll
2014-03-13 21:26 - 2014-03-01 05:17 - 00218624 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe
2014-03-13 21:26 - 2014-03-01 05:11 - 02724864 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.tlb
2014-03-13 21:26 - 2014-03-01 04:52 - 00061952 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesetup.dll
2014-03-13 21:26 - 2014-03-01 04:51 - 00051200 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieetwproxystub.dll
2014-03-13 21:26 - 2014-03-01 04:47 - 02168320 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll
2014-03-13 21:26 - 2014-03-01 04:43 - 00043008 _____ (Microsoft Corporation) C:\windows\SysWOW64\jsproxy.dll
2014-03-13 21:26 - 2014-03-01 04:43 - 00032768 _____ (Microsoft Corporation) C:\windows\SysWOW64\iernonce.dll
2014-03-13 21:26 - 2014-03-01 04:42 - 00627200 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll
2014-03-13 21:26 - 2014-03-01 04:40 - 00440832 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieui.dll
2014-03-13 21:26 - 2014-03-01 04:38 - 00112128 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieUnatt.exe
2014-03-13 21:26 - 2014-03-01 04:37 - 00553472 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9diag.dll
2014-03-13 21:26 - 2014-03-01 04:35 - 02041856 _____ (Microsoft Corporation) C:\windows\system32\inetcpl.cpl
2014-03-13 21:26 - 2014-03-01 04:14 - 04244480 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll
2014-03-13 21:26 - 2014-03-01 04:03 - 00524288 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll
2014-03-13 21:26 - 2014-03-01 04:00 - 01964032 _____ (Microsoft Corporation) C:\windows\SysWOW64\inetcpl.cpl
2014-03-13 21:26 - 2014-03-01 03:57 - 11266048 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll
2014-03-13 21:26 - 2014-03-01 03:38 - 01393664 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
2014-03-13 21:26 - 2014-03-01 03:27 - 01156096 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll
2014-03-13 21:26 - 2014-02-07 02:23 - 03156480 _____ (Microsoft Corporation) C:\windows\system32\win32k.sys
2014-03-13 21:26 - 2014-01-29 03:32 - 00484864 _____ (Microsoft Corporation) C:\windows\system32\wer.dll
2014-03-13 21:26 - 2014-01-29 03:06 - 00381440 _____ (Microsoft Corporation) C:\windows\SysWOW64\wer.dll
2014-03-13 21:26 - 2014-01-28 03:32 - 00228864 _____ (Microsoft Corporation) C:\windows\system32\wwansvc.dll
2014-03-13 21:25 - 2014-03-01 07:05 - 23133696 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2014-03-13 21:25 - 2014-03-01 05:42 - 00053760 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll
2014-03-13 21:25 - 2014-03-01 05:37 - 00574976 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll
2014-03-13 21:25 - 2014-03-01 05:33 - 00139264 _____ (Microsoft Corporation) C:\windows\system32\ieUnatt.exe
2014-03-13 21:25 - 2014-03-01 05:33 - 00111616 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollector.exe
2014-03-13 21:25 - 2014-03-01 05:32 - 00708608 _____ (Microsoft Corporation) C:\windows\system32\jscript9diag.dll
2014-03-13 21:25 - 2014-03-01 05:23 - 00940032 _____ (Microsoft Corporation) C:\windows\system32\MsSpellCheckingFacility.exe
2014-03-13 21:25 - 2014-03-01 05:02 - 00195584 _____ (Microsoft Corporation) C:\windows\system32\msrating.dll
2014-03-13 21:25 - 2014-03-01 04:54 - 05768704 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
2014-03-13 21:25 - 2014-03-01 04:18 - 13051904 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
2014-03-13 21:25 - 2014-03-01 04:16 - 00164864 _____ (Microsoft Corporation) C:\windows\SysWOW64\msrating.dll
2014-03-13 21:25 - 2014-03-01 04:10 - 02334208 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
2014-03-13 21:25 - 2014-03-01 03:32 - 01820160 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll
2014-03-13 21:25 - 2014-03-01 03:25 - 00817664 _____ (Microsoft Corporation) C:\windows\system32\ieapfltr.dll
2014-03-13 21:25 - 2014-03-01 03:25 - 00703488 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieapfltr.dll
2014-03-13 21:24 - 2014-02-04 03:32 - 01424384 _____ (Microsoft Corporation) C:\windows\system32\WindowsCodecs.dll
2014-03-13 21:24 - 2014-02-04 03:32 - 00624128 _____ (Microsoft Corporation) C:\windows\system32\qedit.dll
2014-03-13 21:24 - 2014-02-04 03:04 - 01230336 _____ (Microsoft Corporation) C:\windows\SysWOW64\WindowsCodecs.dll
2014-03-13 21:24 - 2014-02-04 03:04 - 00509440 _____ (Microsoft Corporation) C:\windows\SysWOW64\qedit.dll
2014-03-04 09:46 - 2014-03-04 09:46 - 00001109 _____ () C:\Users\andreas\Desktop\desktoptools.lnk
2014-02-28 16:55 - 2014-02-28 16:55 - 00002699 _____ () C:\Users\Public\Desktop\Skype.lnk
2014-02-28 16:55 - 2014-02-28 16:55 - 00000000 ____D () C:\Users\andreas\AppData\Local\Skype
2014-02-28 16:46 - 2014-02-28 16:46 - 00001074 _____ () C:\Users\andreas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\join.me.lnk
2014-02-28 16:46 - 2014-02-28 16:46 - 00000000 ____D () C:\Users\andreas\AppData\Local\join.me
2014-02-28 15:14 - 2014-02-28 15:14 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
==================== One Month Modified Files and Folders =======
2014-03-28 13:10 - 2014-03-28 13:10 - 00024591 _____ () C:\Users\andreas\Desktop\FRST.txt
2014-03-28 13:10 - 2014-03-28 13:10 - 00000000 ____D () C:\FRST
2014-03-28 13:09 - 2014-03-28 13:09 - 02157056 _____ (Farbar) C:\Users\andreas\Desktop\FRST64.exe
2014-03-28 13:09 - 2014-03-28 13:08 - 02157056 _____ (Farbar) C:\Users\andreas\Downloads\FRST64.exe
2014-03-28 13:07 - 2014-03-28 13:07 - 01145856 _____ (Farbar) C:\Users\andreas\Downloads\FRST.exe
2014-03-28 13:06 - 2014-03-28 13:06 - 00000476 _____ () C:\Users\andreas\Desktop\defogger_disable.log
2014-03-28 13:06 - 2014-03-28 13:06 - 00000000 _____ () C:\Users\andreas\defogger_reenable
2014-03-28 13:06 - 2011-03-06 19:21 - 00000000 ____D () C:\Users\andreas
2014-03-28 13:05 - 2014-03-28 13:05 - 00050477 _____ () C:\Users\andreas\Downloads\Defogger.exe
2014-03-28 13:05 - 2014-03-28 13:05 - 00050477 _____ () C:\Users\andreas\Desktop\Defogger.exe
2014-03-28 13:03 - 2014-01-22 09:00 - 00000830 _____ () C:\windows\Tasks\Adobe Flash Player Updater.job
2014-03-28 12:56 - 2011-03-06 19:52 - 00000000 ____D () C:\Users\andreas\AppData\Roaming\Skype
2014-03-28 12:40 - 2011-03-09 14:40 - 00001112 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-03-28 12:25 - 2013-08-06 13:09 - 00000000 ____D () C:\Users\andreas\Desktop\Classic Car Auction
2014-03-28 10:56 - 2010-08-04 03:27 - 01459412 _____ () C:\windows\WindowsUpdate.log
2014-03-28 10:00 - 2014-03-28 10:00 - 00167424 _____ () C:\Users\andreas\Downloads\OBRASCI ZAVRSNI 2013 - SEMNONES (2).xls
2014-03-28 09:59 - 2014-03-28 09:59 - 00167424 _____ () C:\Users\andreas\Downloads\OBRASCI ZAVRSNI 2013 - SEMNONES (1).xls
2014-03-28 09:57 - 2014-03-28 09:57 - 00167424 _____ () C:\Users\andreas\Downloads\OBRASCI ZAVRSNI 2013 - SEMNONES.xls
2014-03-28 09:28 - 2009-07-14 05:45 - 00014144 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-03-28 09:28 - 2009-07-14 05:45 - 00014144 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-03-28 09:22 - 2014-01-15 20:25 - 00000000 ____D () C:\Users\andreas\AppData\Roaming\Dropbox
2014-03-28 09:21 - 2014-01-15 20:44 - 00000000 ___RD () C:\Users\andreas\Desktop\Dropbox
2014-03-28 09:20 - 2011-03-06 19:21 - 00000000 ____D () C:\Users\andreas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CyberLink DVD Suite
2014-03-28 09:19 - 2011-03-09 14:40 - 00001108 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-03-28 09:18 - 2013-12-14 13:12 - 00019092 _____ () C:\windows\setupact.log
2014-03-28 09:18 - 2009-07-14 06:08 - 00000006 ____H () C:\windows\Tasks\SA.DAT
2014-03-27 22:58 - 2014-03-21 16:09 - 00003942 _____ () C:\windows\System32\Tasks\User_Feed_Synchronization-{92299EF7-1E5C-417C-864B-B520F20C2A67}
2014-03-25 20:11 - 2009-07-14 06:13 - 00801824 _____ () C:\windows\system32\PerfStringBackup.INI
2014-03-25 10:52 - 2014-03-20 23:19 - 00000000 ____D () C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CyberLink DVD Suite
2014-03-24 16:06 - 2014-02-22 14:14 - 00000000 ____D () C:\Users\andreas\Desktop\semnones jdoo
2014-03-22 15:21 - 2014-03-20 23:33 - 00000000 ____D () C:\Users\Guest\Desktop\forms
2014-03-22 14:33 - 2014-03-22 14:26 - 00064000 ____H () C:\Users\Guest\Desktop\~WRL3555.tmp
2014-03-22 13:34 - 2014-03-22 13:25 - 00009169 _____ () C:\Users\andreas\Documents\Bieter.xlsx
2014-03-22 09:03 - 2014-03-22 09:03 - 00000000 ____D () C:\Users\Guest\AppData\Local\Adobe
2014-03-22 09:03 - 2014-03-20 23:19 - 00000000 ____D () C:\Users\Guest\AppData\Roaming\Adobe
2014-03-22 09:02 - 2014-03-22 09:02 - 00000000 ____D () C:\Users\Guest\AppData\Local\Google
2014-03-22 08:35 - 2014-03-22 08:35 - 00000000 ____D () C:\Users\Guest\AppData\Roaming\Avira
2014-03-22 08:29 - 2014-03-22 08:29 - 00000000 ____H () C:\windows\system32\Drivers\Msft_User_wpdcomp_01_09_00.Wdf
2014-03-22 06:45 - 2014-03-22 06:45 - 00000000 ____D () C:\Users\Guest\Desktop\Bieterregistrierungen
2014-03-21 17:48 - 2009-07-14 04:20 - 00000000 ____D () C:\windows\system32\NDF
2014-03-20 23:33 - 2014-03-20 23:33 - 00000000 ____D () C:\Users\Guest\Desktop\logo avus
2014-03-20 23:20 - 2014-03-20 23:20 - 00000000 ____D () C:\Users\Guest\AppData\Local\adaware
2014-03-20 23:20 - 2014-03-20 23:19 - 00000000 ___RD () C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-03-20 23:20 - 2014-03-20 23:19 - 00000000 ___RD () C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2014-03-20 23:20 - 2014-03-20 23:19 - 00000000 ____D () C:\Users\Guest\AppData\Local\VirtualStore
2014-03-20 23:19 - 2014-03-20 23:19 - 00001413 _____ () C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-03-20 23:19 - 2014-03-20 23:19 - 00000020 ___SH () C:\Users\Guest\ntuser.ini
2014-03-20 23:19 - 2014-03-20 23:19 - 00000000 ____D () C:\Users\Guest\AppData\Local\offsync
2014-03-20 23:19 - 2014-03-20 23:19 - 00000000 ____D () C:\Users\Guest
2014-03-20 21:52 - 2011-07-21 11:47 - 00000000 ____D () C:\Users\andreas\Desktop\james
2014-03-18 18:17 - 2011-04-06 10:41 - 00000000 ____D () C:\Users\andreas\Desktop\Roccadoro
2014-03-17 23:43 - 2013-08-15 07:57 - 00000000 ____D () C:\windows\system32\MRT
2014-03-17 23:41 - 2011-03-19 10:57 - 90015360 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe
2014-03-17 09:16 - 2011-03-08 21:20 - 00000000 ____D () C:\Users\andreas\Desktop\THE VIEW Villas doo
2014-03-16 20:04 - 2011-06-04 10:26 - 00000000 ____D () C:\Users\andreas\Desktop\Inntal Montenegro
2014-03-16 19:12 - 2011-03-06 19:43 - 00000000 ___RD () C:\Users\andreas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-03-16 15:17 - 2011-03-20 18:43 - 00000000 ____D () C:\Users\andreas\Desktop\montague stein
2014-03-15 19:29 - 2011-04-05 14:32 - 00002175 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-03-14 12:57 - 2014-02-14 09:37 - 00000000 ____D () C:\Users\andreas\Desktop\Photos portals
2014-03-14 09:32 - 2010-08-04 03:29 - 00000000 ___RD () C:\Program Files (x86)\Skype
2014-03-14 07:36 - 2009-07-14 05:45 - 00426592 _____ () C:\windows\system32\FNTCACHE.DAT
2014-03-14 07:34 - 2013-03-13 23:27 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2014-03-14 07:34 - 2013-03-13 23:27 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2014-03-14 02:16 - 2011-03-08 18:36 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-03-14 00:06 - 2013-05-26 17:55 - 00000000 ____D () C:\Users\andreas\AppData\Local\Workspace
2014-03-04 09:46 - 2014-03-04 09:46 - 00001109 _____ () C:\Users\andreas\Desktop\desktoptools.lnk
2014-03-01 07:05 - 2014-03-13 21:25 - 23133696 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2014-03-01 06:17 - 2014-03-13 21:26 - 02724864 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb
2014-03-01 06:16 - 2014-03-13 21:26 - 00004096 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollectorres.dll
2014-03-01 05:58 - 2014-03-13 21:26 - 02765824 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
2014-03-01 05:52 - 2014-03-13 21:26 - 00066048 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll
2014-03-01 05:51 - 2014-03-13 21:26 - 00048640 _____ (Microsoft Corporation) C:\windows\system32\ieetwproxystub.dll
2014-03-01 05:42 - 2014-03-13 21:25 - 00053760 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll
2014-03-01 05:40 - 2014-03-13 21:26 - 00033792 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll
2014-03-01 05:37 - 2014-03-13 21:25 - 00574976 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll
2014-03-01 05:33 - 2014-03-13 21:25 - 00139264 _____ (Microsoft Corporation) C:\windows\system32\ieUnatt.exe
2014-03-01 05:33 - 2014-03-13 21:25 - 00111616 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollector.exe
2014-03-01 05:32 - 2014-03-13 21:25 - 00708608 _____ (Microsoft Corporation) C:\windows\system32\jscript9diag.dll
2014-03-01 05:30 - 2014-03-13 21:26 - 17074688 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll
2014-03-01 05:23 - 2014-03-13 21:25 - 00940032 _____ (Microsoft Corporation) C:\windows\system32\MsSpellCheckingFacility.exe
2014-03-01 05:17 - 2014-03-13 21:26 - 00218624 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe
2014-03-01 05:11 - 2014-03-13 21:26 - 02724864 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.tlb
2014-03-01 05:02 - 2014-03-13 21:25 - 00195584 _____ (Microsoft Corporation) C:\windows\system32\msrating.dll
2014-03-01 04:54 - 2014-03-13 21:25 - 05768704 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
2014-03-01 04:52 - 2014-03-13 21:26 - 00061952 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesetup.dll
2014-03-01 04:51 - 2014-03-13 21:26 - 00051200 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieetwproxystub.dll
2014-03-01 04:47 - 2014-03-13 21:26 - 02168320 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll
2014-03-01 04:43 - 2014-03-13 21:26 - 00043008 _____ (Microsoft Corporation) C:\windows\SysWOW64\jsproxy.dll
2014-03-01 04:43 - 2014-03-13 21:26 - 00032768 _____ (Microsoft Corporation) C:\windows\SysWOW64\iernonce.dll
2014-03-01 04:42 - 2014-03-13 21:26 - 00627200 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll
2014-03-01 04:40 - 2014-03-13 21:26 - 00440832 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieui.dll
2014-03-01 04:38 - 2014-03-13 21:26 - 00112128 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieUnatt.exe
2014-03-01 04:37 - 2014-03-13 21:26 - 00553472 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9diag.dll
2014-03-01 04:35 - 2014-03-13 21:26 - 02041856 _____ (Microsoft Corporation) C:\windows\system32\inetcpl.cpl
2014-03-01 04:18 - 2014-03-13 21:25 - 13051904 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
2014-03-01 04:16 - 2014-03-13 21:25 - 00164864 _____ (Microsoft Corporation) C:\windows\SysWOW64\msrating.dll
2014-03-01 04:14 - 2014-03-13 21:26 - 04244480 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll
2014-03-01 04:10 - 2014-03-13 21:25 - 02334208 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
2014-03-01 04:03 - 2014-03-13 21:26 - 00524288 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll
2014-03-01 04:00 - 2014-03-13 21:26 - 01964032 _____ (Microsoft Corporation) C:\windows\SysWOW64\inetcpl.cpl
2014-03-01 03:57 - 2014-03-13 21:26 - 11266048 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll
2014-03-01 03:38 - 2014-03-13 21:26 - 01393664 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
2014-03-01 03:32 - 2014-03-13 21:25 - 01820160 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll
2014-03-01 03:27 - 2014-03-13 21:26 - 01156096 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll
2014-03-01 03:25 - 2014-03-13 21:25 - 00817664 _____ (Microsoft Corporation) C:\windows\system32\ieapfltr.dll
2014-03-01 03:25 - 2014-03-13 21:25 - 00703488 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieapfltr.dll
2014-02-28 16:55 - 2014-02-28 16:55 - 00002699 _____ () C:\Users\Public\Desktop\Skype.lnk
2014-02-28 16:55 - 2014-02-28 16:55 - 00000000 ____D () C:\Users\andreas\AppData\Local\Skype
2014-02-28 16:55 - 2010-08-04 03:29 - 00000000 ____D () C:\ProgramData\Skype
2014-02-28 16:51 - 2014-01-21 20:49 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-02-28 16:46 - 2014-02-28 16:46 - 00001074 _____ () C:\Users\andreas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\join.me.lnk
2014-02-28 16:46 - 2014-02-28 16:46 - 00000000 ____D () C:\Users\andreas\AppData\Local\join.me
2014-02-28 15:14 - 2014-02-28 15:14 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-02-27 09:04 - 2013-12-15 09:46 - 00570924 _____ () C:\windows\PFRO.log
2014-02-26 23:42 - 2011-04-21 12:42 - 00786134 _____ () C:\windows\SysWOW64\PerfStringBackup.INI
Some content of TEMP:
====================
C:\Users\andreas\AppData\Local\Temp\avgnt.exe
C:\Users\andreas\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmphck9ey.dll
C:\Users\Guest\AppData\Local\Temp\avgnt.exe
==================== Bamital & volsnap Check =================
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
LastRegBack: 2014-03-20 09:45
==================== End Of Log ============================
Addition FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 13-03-2014
Ran by andreas (administrator) on ANDREAS-PC on 28-03-2014 13:10:11
Running from C:\Users\andreas\Desktop
Windows 7 Home Premium Service Pack 1 (X64) OS Language: English(US)
Internet Explorer Version 11
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(NVIDIA Corporation) C:\windows\system32\nvvsvc.exe
(NVIDIA Corporation) C:\windows\system32\nvvsvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Microsoft Corporation) C:\windows\SysWOW64\svchost.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(Starfield Technologies) C:\Program Files (x86)\Workspace\offSyncService.exe
() C:\windows\SysWOW64\Rezip.exe
(SafeNet, Inc.) C:\Program Files\SafeNet\Authentication\SAC\x64\SACSrv.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Yahoo! Inc.) C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(SEC) C:\Program Files (x86)\Samsung\Samsung Recovery Solution 4\WCScheduler.exe
(Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\Easy Display Manager\dmhkcore.exe
(SAMSUNG Electronics) C:\Program Files (x86)\Samsung\Samsung Support Center\SSCKbdHk.exe
(Samsung Electronics Co., Ltd.) C:\Program Files (x86)\SAMSUNG\EasySpeedUpManager\EasySpeedUpManager.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.22.5\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.22.5\GoogleCrashHandler64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Microsoft Corporation) C:\Windows\WindowsMobile\wmdc.exe
(Akamai Technologies, Inc.) C:\Users\andreas\AppData\Local\Akamai\netsession_win.exe
(Starfield Technologies) C:\Users\andreas\AppData\Local\Workspace\workspaceupdate.exe
(Starfield Technologies) C:\Users\andreas\AppData\Local\Workspace\workspacestatus.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(Dropbox, Inc.) C:\Users\andreas\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Akamai Technologies, Inc.) C:\Users\andreas\AppData\Local\Akamai\netsession_win.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD8\PDVD8Serv.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Nero AG) C:\Program Files (x86)\Nero\Update\NASvc.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
() C:\Users\andreas\Desktop\Defogger.exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2074408 2010-02-26] (Synaptics Incorporated)
HKLM\...\Run: [NvCplDaemon] - C:\windows\system32\NvCpl.dll [16413288 2010-02-09] (NVIDIA Corporation)
HKLM\...\Run: [Windows Mobile Device Center] - C:\Windows\WindowsMobile\wmdc.exe [660360 2007-05-31] (Microsoft Corporation)
HKLM-x32\...\Run: [RemoteControl8] - C:\Program Files (x86)\CyberLink\PowerDVD8\PDVD8Serv.exe [91432 2009-04-15] (CyberLink Corp.)
HKLM-x32\...\Run: [PDVD8LanguageShortcut] - C:\Program Files (x86)\CyberLink\PowerDVD8\Language\Language.exe [50472 2009-04-15] (CyberLink Corp.)
HKLM-x32\...\Run: [GrooveMonitor] - C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
HKLM-x32\...\Run: [Ad-Aware Browsing Protection] - C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe [198032 2011-10-21] (Lavasoft)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [avgnt] - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [689744 2014-02-20] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM-x32\...\Run: [HP Software Update] - C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard)
HKLM-x32\...\Run: [] - [X]
HKU\S-1-5-21-522234228-4192544273-3428825822-1001\...\Run: [Akamai NetSession Interface] - C:\Users\andreas\AppData\Local\Akamai\netsession_win.exe [4489472 2013-06-05] (Akamai Technologies, Inc.)
HKU\S-1-5-21-522234228-4192544273-3428825822-1001\...\Run: [swg] - C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2011-08-06] (Google Inc.)
HKU\S-1-5-21-522234228-4192544273-3428825822-1001\...\Run: [Starfield Updater] - C:\Users\andreas\AppData\Local\Workspace\WorkspaceUpdate.exe [35008 2013-05-26] (Starfield Technologies)
HKU\S-1-5-21-522234228-4192544273-3428825822-1001\...\Run: [Workspace Status] - C:\Users\andreas\AppData\Local\Workspace\workspacestatus.exe [694760 2013-07-26] (Starfield Technologies)
HKU\S-1-5-21-522234228-4192544273-3428825822-1001\...\Run: [Skype] - C:\Program Files (x86)\Skype\Phone\Skype.exe [20922016 2014-02-10] (Skype Technologies S.A.)
HKU\S-1-5-21-522234228-4192544273-3428825822-1001\...\MountPoints2: F - F:\AutoRun.exe
HKU\S-1-5-21-522234228-4192544273-3428825822-1001\...\MountPoints2: {32f51433-89e1-11e0-97a7-002454e954ae} - F:\AutoRun.exe
HKU\S-1-5-21-522234228-4192544273-3428825822-1001\...\MountPoints2: {32f51450-89e1-11e0-97a7-002454e954ae} - F:\AutoRun.exe
HKU\S-1-5-21-522234228-4192544273-3428825822-1001\...\MountPoints2: {41887a51-d21b-11e0-bf74-18f46a98bd77} - F:\AutoRun.exe
HKU\S-1-5-21-522234228-4192544273-3428825822-1001\...\MountPoints2: {6b2f40ea-8e7a-11e0-8377-001e101f57d0} - F:\AutoRun.exe
HKU\S-1-5-21-522234228-4192544273-3428825822-1001\...\MountPoints2: {6c622be6-6ed1-11e3-88f1-b093d91fc81a} - F:\Autorun.exe
HKU\S-1-5-21-522234228-4192544273-3428825822-1001\...\MountPoints2: {724dbaef-39fa-11e2-89df-c98f64111666} - F:\Autorun.exe
HKU\S-1-5-21-522234228-4192544273-3428825822-1001\...\MountPoints2: {7aa5abac-6b8b-11e2-b97e-1ef46a98bd77} - F:\Autorun.exe
HKU\S-1-5-21-522234228-4192544273-3428825822-1001\...\MountPoints2: {e67be80c-e7ab-11e2-bc21-18f46a98bd77} - G:\AutoRun.exe
Startup: C:\Users\andreas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\andreas\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
Startup: C:\Users\andreas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
ShortcutTarget: OneNote 2007 Screen Clipper and Launcher.lnk -> C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:Tabs
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://de.yahoo.com/?fr=fp-yie9
SearchScopes: HKCU - DefaultScope {F3EC1F04-D859-491B-921C-C994A33669CD} URL = hxxp://search.zonealarm.com/search?src=sp&tbid=goughGA&Lan=de&q={searchTerms}&gu=386d05aab96640798e6ea6ac9f50f5fc&tu=10GXz00Au1C01g0&sku=&tstsId=&ver=&&r=334
SearchScopes: HKCU - {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = hxxp://search.babylon.com/?q={searchTerms}&AF=108760&babsrc=SP_ss&mntrId=c641592b0000000000001ef46a98bd77
SearchScopes: HKCU - {171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E} URL = hxxp://websearch.ask.com/redirect?client=ie&tb=WBG&o=15132&src=crm&q={searchTerms}&locale=en_US
SearchScopes: HKCU - {3BD44F0E-0596-4008-AEE0-45D47E3A8F0E} URL = hxxp://www.google.com/search?ie=utf-8&oe=utf-8&mssrc=ms_chr&mstb=adawaretb&q={searchTerms}
SearchScopes: HKCU - {92C33D4D-06C3-49C7-9BDC-3A342E3899AD} URL = hxxp://de.search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=chr-yie9
SearchScopes: HKCU - {AD20EAA2-12B9-46B5-BBB3-32A3A31661D2} URL = hxxp://www.flickr.com/search/?q={searchTerms}
SearchScopes: HKCU - {F3EC1F04-D859-491B-921C-C994A33669CD} URL = hxxp://search.zonealarm.com/search?src=sp&tbid=goughGA&Lan=de&q={searchTerms}&gu=386d05aab96640798e6ea6ac9f50f5fc&tu=10GXz00Au1C01g0&sku=&tstsId=&ver=&&r=334
BHO: Windows Live Family Safety Browser Helper Class - {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - C:\Program Files\Windows Live\Family Safety\fssbho.dll (Microsoft Corporation)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
BHO: Skype add-on for Internet Explorer - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)
BHO-x32: BFlix Class - {0C9F4179-6CE2-4c6a-A3E5-67FF3592A12E} - C:\Program Files (x86)\BFlix\BFlix.dll (BFlix)
BHO-x32: No Name - {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO-x32: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO-x32: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO-x32: Skype Browser Helper - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: Google Gears Helper - {E0FEFE40-FBF9-42AE-BA58-794CA7E3FB53} - C:\Program Files (x86)\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll (Google Inc.)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKCU - No Name - {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
Toolbar: HKCU - Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
DPF: HKLM-x32 {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)
Handler-x32: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
Handler-x32: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
Tcpip\..\Interfaces\{011E7012-FCC3-417B-B375-8A252ADD8B30}: [NameServer]193.189.244.206 193.189.244.225
Tcpip\..\Interfaces\{708DB8B2-E39B-4BEE-842B-07EC99E3E497}: [NameServer]193.189.244.206 193.189.244.225
Tcpip\..\Interfaces\{8B8CA7B7-057C-43EE-9A22-091EB0577D86}: [NameServer]193.189.244.206 193.189.244.225
FireFox:
========
FF ProfilePath: C:\Users\andreas\AppData\Roaming\Mozilla\Firefox\Profiles\f3er6lil.default
FF user.js: detected! => C:\Users\andreas\AppData\Roaming\Mozilla\Firefox\Profiles\f3er6lil.default\user.js
FF Homepage: hxxp://yahoo.de/
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/FlashPlayer - C:\windows\system32\Macromed\Flash\NPSWF64_11_1_102.dll ()
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF Plugin-x32: @checkpoint.com/FFApi - C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\npFFApi.dll No File
FF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @java.com/DTPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=14.0.8117.0416 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @starfield.com/off - C:\Users\andreas\AppData\Roaming\Mozilla\Plugins\npoff.dll ( Starfield Technologies, LLC.)
FF Plugin HKCU: @starfield.com/off64 - C:\Users\andreas\AppData\Roaming\Mozilla\Plugins\npoff64.dll ( Starfield Technologies, LLC.)
FF Plugin HKCU: @starfield.com/wbe - C:\Users\andreas\AppData\Roaming\Mozilla\Plugins\npwbe.dll (Starfield Technology, LLC)
FF Plugin HKCU: @starfield.com/wbe64 - C:\Users\andreas\AppData\Roaming\Mozilla\Plugins\npwbe64.dll (Starfield Technology, LLC)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Users\andreas\AppData\Roaming\mozilla\plugins\npoff.dll ( Starfield Technologies, LLC.)
FF Plugin ProgramFiles/Appdata: C:\Users\andreas\AppData\Roaming\mozilla\plugins\npoff64.dll ( Starfield Technologies, LLC.)
FF Plugin ProgramFiles/Appdata: C:\Users\andreas\AppData\Roaming\mozilla\plugins\npwbe.dll (Starfield Technology, LLC)
FF Plugin ProgramFiles/Appdata: C:\Users\andreas\AppData\Roaming\mozilla\plugins\npwbe64.dll (Starfield Technology, LLC)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: WBE Paste - C:\Users\andreas\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\wbepaste@starfield [2013-05-26]
FF Extension: Workspace Email Zoom - C:\Users\andreas\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\zoomext@starfield [2013-05-26]
FF Extension: Bflix extension - C:\Users\andreas\AppData\Roaming\Mozilla\Firefox\Profiles\f3er6lil.default\Extensions\info@thebflix.com [2012-01-28]
FF Extension: loadtbs - C:\Users\andreas\AppData\Roaming\Mozilla\Firefox\Profiles\f3er6lil.default\Extensions\software@loadtubes.com [2013-12-14]
FF Extension: Yahoo! Toolbar - C:\Users\andreas\AppData\Roaming\Mozilla\Firefox\Profiles\f3er6lil.default\Extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1} [2013-12-15]
FF Extension: Bluhell Firewall - C:\Users\andreas\AppData\Roaming\Mozilla\Firefox\Profiles\f3er6lil.default\Extensions\{6BB5760D-F97E-421B-AF5B-8457A90C3CED}.xpi [2013-12-15]
FF Extension: No Name - C:\Program Files (x86)\Mozilla Firefox\extensions\KavAntiBanner@Kaspersky.ru [2014-02-28]
FF Extension: Anti-Banner - C:\Program Files (x86)\Mozilla Firefox\extensions\KavAntiBanner@kaspersky.ru_bak [2014-02-28]
FF Extension: No Name - C:\Program Files (x86)\Mozilla Firefox\extensions\linkfilter@kaspersky.ru [2014-02-28]
FF Extension: Modul zur Link-Untersuchung - C:\Program Files (x86)\Mozilla Firefox\extensions\linkfilter@kaspersky.ru_bak [2014-02-28]
FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2014-03-03]
FF HKLM-x32\...\Firefox\Extensions: [{000a9d1c-beef-4f90-9363-039d445309b8}] - C:\Program Files (x86)\Google\Google Gears\Firefox\
FF Extension: Google Gears - C:\Program Files (x86)\Google\Google Gears\Firefox\ []
FF HKLM-x32\...\Firefox\Extensions: [virtualKeyboard@kaspersky.ru] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\FFExt\virtualKeyboard@kaspersky.ru
FF HKLM-x32\...\Firefox\Extensions: [KavAntiBanner@Kaspersky.ru] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\FFExt\KavAntiBanner@kaspersky.ru
FF HKLM-x32\...\Firefox\Extensions: [linkfilter@kaspersky.ru] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\FFExt\linkfilter@kaspersky.ru
FF HKLM-x32\...\Firefox\Extensions: [{FFB96CC1-7EB3-449D-B827-DB661701C6BB}] - C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker
Chrome:
=======
CHR DefaultSearchURL: hxxp://www.google.de/search?hl=de&source=hp&q={searchTerms}
CHR DefaultNewTabURL:
CHR Extension: (Google Docs) - C:\Users\andreas\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-12-13]
CHR Extension: (Google Drive) - C:\Users\andreas\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-12-13]
CHR Extension: (YouTube) - C:\Users\andreas\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-12-13]
CHR Extension: (Google Search) - C:\Users\andreas\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-12-13]
CHR Extension: (Bflix extension) - C:\Users\andreas\AppData\Local\Google\Chrome\User Data\Default\Extensions\jlfihafpijfdgmojeeigcldgchhojpfp [2014-03-04]
CHR Extension: (Skype Click to Call) - C:\Users\andreas\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2014-03-04]
CHR Extension: (Google Wallet) - C:\Users\andreas\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-23]
CHR Extension: (Gmail) - C:\Users\andreas\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-12-13]
CHR HKLM-x32\...\Chrome\Extension: [jlfihafpijfdgmojeeigcldgchhojpfp] - C:\Program Files (x86)\BFlix\BFlix.crx [2011-12-19]
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2014-03-03]
==================== Services (Whitelisted) =================
R2 Akamai; c:\program files (x86)\common files\akamai/netsession_win_8fa3539.dll [4569856 2013-07-01] (Akamai Technologies, Inc.)
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [440400 2014-02-20] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [440400 2014-02-20] (Avira Operations GmbH & Co. KG)
S4 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\avwebg7.exe [1017424 2014-02-20] (Avira Operations GmbH & Co. KG)
S3 Autodesk Licensing Service; C:\Program Files (x86)\Common Files\Autodesk Shared\Service\AdskScSrv.exe [77944 2011-03-08] (Autodesk)
R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1363584 2014-03-03] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1748608 2014-03-03] (Microsoft Corporation)
R2 File Backup; C:\Program Files (x86)\Workspace\offSyncService.exe [1187040 2013-07-22] (Starfield Technologies)
R2 Rezip; C:\windows\SysWOW64\Rezip.exe [311296 2009-03-05] ()
R2 SACSrv; C:\Program Files\SafeNet\Authentication\SAC\x64\SACSrv.exe [10712 2011-10-02] (SafeNet, Inc.)
S4 mcmscsvc; C:\PROGRA~2\McAfee\MSC\mcmscsvc.exe [X]
S4 McNASvc; "c:\PROGRA~2\COMMON~1\mcafee\mna\mcnasvc.exe" [X]
S4 McProxy; c:\PROGRA~2\COMMON~1\mcafee\mcproxy\mcproxy.exe [X]
S4 MpfService; "C:\Program Files (x86)\McAfee\MPF\MPFSrv.exe" [X]
S2 MSK80Service; "C:\Program Files (x86)\McAfee\MSK\MskSrver.exe" [X]
==================== Drivers (Whitelisted) ====================
R3 AKSIFDH; C:\Windows\System32\DRIVERS\aksifdh.sys [62632 2008-07-30] (Aladdin Knowledge Systems, Ltd.)
S3 AKSUP; C:\Windows\System32\drivers\aksup.sys [44712 2008-07-30] (Aladdin Knowledge Systems, Ltd.)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [108440 2013-12-09] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [131576 2013-12-09] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-12-09] (Avira Operations GmbH & Co. KG)
R2 avnetflt; C:\Windows\System32\DRIVERS\avnetflt.sys [84720 2013-12-09] (Avira Operations GmbH & Co. KG)
S3 ewusbnet; C:\Windows\System32\DRIVERS\ewusbnet.sys [243200 2009-10-21] (Huawei Technologies Co., Ltd.)
S3 hwusbdev; C:\Windows\System32\DRIVERS\ewusbdev.sys [114304 2009-10-12] (Huawei Technologies Co., Ltd.)
R3 iKeyEnum; C:\Windows\System32\DRIVERS\ikeyenum.sys [16160 2010-07-08] (SafeNet, Inc.)
R3 iKeyIFD; C:\Windows\System32\DRIVERS\ikeyifd.sys [22304 2010-07-08] (SafeNet, Inc.)
U5 klflt; C:\Windows\System32\Drivers\klflt.sys [89944 2013-02-21] (Kaspersky Lab)
S4 MPFP; C:\Windows\System32\Drivers\Mpfp.sys [176144 2010-07-15] (McAfee, Inc.)
U5 RnbToken; C:\Windows\System32\Drivers\RnbToken.sys [24352 2010-07-08] (SafeNet, Inc.)
S3 rtport; C:\windows\SysWOW64\drivers\rtport.sys [15144 2010-11-05] (Windows (R) 2003 DDK 3790 provider)
S4 Serial; C:\Windows\system32\DRIVERS\serial.sys [94208 2009-07-14] (Brother Industries Ltd.)
S3 yukonw7; C:\Windows\System32\DRIVERS\yk62x64.sys [395264 2009-09-28] ()
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2014-03-28 13:10 - 2014-03-28 13:10 - 00024591 _____ () C:\Users\andreas\Desktop\FRST.txt
2014-03-28 13:10 - 2014-03-28 13:10 - 00000000 ____D () C:\FRST
2014-03-28 13:09 - 2014-03-28 13:09 - 02157056 _____ (Farbar) C:\Users\andreas\Desktop\FRST64.exe
2014-03-28 13:08 - 2014-03-28 13:09 - 02157056 _____ (Farbar) C:\Users\andreas\Downloads\FRST64.exe
2014-03-28 13:07 - 2014-03-28 13:07 - 01145856 _____ (Farbar) C:\Users\andreas\Downloads\FRST.exe
2014-03-28 13:06 - 2014-03-28 13:06 - 00000476 _____ () C:\Users\andreas\Desktop\defogger_disable.log
2014-03-28 13:06 - 2014-03-28 13:06 - 00000000 _____ () C:\Users\andreas\defogger_reenable
2014-03-28 13:05 - 2014-03-28 13:05 - 00050477 _____ () C:\Users\andreas\Downloads\Defogger.exe
2014-03-28 13:05 - 2014-03-28 13:05 - 00050477 _____ () C:\Users\andreas\Desktop\Defogger.exe
2014-03-28 10:00 - 2014-03-28 10:00 - 00167424 _____ () C:\Users\andreas\Downloads\OBRASCI ZAVRSNI 2013 - SEMNONES (2).xls
2014-03-28 09:59 - 2014-03-28 09:59 - 00167424 _____ () C:\Users\andreas\Downloads\OBRASCI ZAVRSNI 2013 - SEMNONES (1).xls
2014-03-28 09:57 - 2014-03-28 09:57 - 00167424 _____ () C:\Users\andreas\Downloads\OBRASCI ZAVRSNI 2013 - SEMNONES.xls
2014-03-22 14:26 - 2014-03-22 14:33 - 00064000 ____H () C:\Users\Guest\Desktop\~WRL3555.tmp
2014-03-22 13:25 - 2014-03-22 13:34 - 00009169 _____ () C:\Users\andreas\Documents\Bieter.xlsx
2014-03-22 09:03 - 2014-03-22 09:03 - 00000000 ____D () C:\Users\Guest\AppData\Local\Adobe
2014-03-22 09:02 - 2014-03-22 09:02 - 00000000 ____D () C:\Users\Guest\AppData\Local\Google
2014-03-22 08:35 - 2014-03-22 08:35 - 00000000 ____D () C:\Users\Guest\AppData\Roaming\Avira
2014-03-22 08:29 - 2014-03-22 08:29 - 00000000 ____H () C:\windows\system32\Drivers\Msft_User_wpdcomp_01_09_00.Wdf
2014-03-22 06:45 - 2014-03-22 06:45 - 00000000 ____D () C:\Users\Guest\Desktop\Bieterregistrierungen
2014-03-21 16:09 - 2014-03-27 22:58 - 00003942 _____ () C:\windows\System32\Tasks\User_Feed_Synchronization-{92299EF7-1E5C-417C-864B-B520F20C2A67}
2014-03-20 23:33 - 2014-03-22 15:21 - 00000000 ____D () C:\Users\Guest\Desktop\forms
2014-03-20 23:33 - 2014-03-20 23:33 - 00000000 ____D () C:\Users\Guest\Desktop\logo avus
2014-03-20 23:20 - 2014-03-20 23:20 - 00000000 ____D () C:\Users\Guest\AppData\Local\adaware
2014-03-20 23:19 - 2014-03-25 10:52 - 00000000 ____D () C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CyberLink DVD Suite
2014-03-20 23:19 - 2014-03-22 09:03 - 00000000 ____D () C:\Users\Guest\AppData\Roaming\Adobe
2014-03-20 23:19 - 2014-03-20 23:20 - 00000000 ___RD () C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-03-20 23:19 - 2014-03-20 23:20 - 00000000 ___RD () C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2014-03-20 23:19 - 2014-03-20 23:20 - 00000000 ____D () C:\Users\Guest\AppData\Local\VirtualStore
2014-03-20 23:19 - 2014-03-20 23:19 - 00001413 _____ () C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-03-20 23:19 - 2014-03-20 23:19 - 00000020 ___SH () C:\Users\Guest\ntuser.ini
2014-03-20 23:19 - 2014-03-20 23:19 - 00000000 ____D () C:\Users\Guest\AppData\Local\offsync
2014-03-20 23:19 - 2014-03-20 23:19 - 00000000 ____D () C:\Users\Guest
2014-03-20 23:19 - 2011-03-10 16:30 - 00000000 ____D () C:\Users\Guest\AppData\Local\Microsoft Help
2014-03-20 23:19 - 2011-03-06 19:34 - 00001135 _____ () C:\Users\Guest\Desktop\CyberLink YouCam.lnk
2014-03-20 23:19 - 2011-03-06 19:34 - 00000000 ____D () C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CyberLink YouCam
2014-03-20 23:19 - 2010-08-04 03:37 - 00001190 _____ () C:\Users\Guest\Desktop\CyberLink DVD Suite.lnk
2014-03-20 23:19 - 2009-07-14 05:54 - 00000000 ___RD () C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2014-03-20 23:19 - 2009-07-14 05:49 - 00000000 ___RD () C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2014-03-13 21:26 - 2014-03-01 06:17 - 02724864 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb
2014-03-13 21:26 - 2014-03-01 06:16 - 00004096 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollectorres.dll
2014-03-13 21:26 - 2014-03-01 05:58 - 02765824 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
2014-03-13 21:26 - 2014-03-01 05:52 - 00066048 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll
2014-03-13 21:26 - 2014-03-01 05:51 - 00048640 _____ (Microsoft Corporation) C:\windows\system32\ieetwproxystub.dll
2014-03-13 21:26 - 2014-03-01 05:40 - 00033792 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll
2014-03-13 21:26 - 2014-03-01 05:30 - 17074688 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll
2014-03-13 21:26 - 2014-03-01 05:17 - 00218624 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe
2014-03-13 21:26 - 2014-03-01 05:11 - 02724864 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.tlb
2014-03-13 21:26 - 2014-03-01 04:52 - 00061952 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesetup.dll
2014-03-13 21:26 - 2014-03-01 04:51 - 00051200 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieetwproxystub.dll
2014-03-13 21:26 - 2014-03-01 04:47 - 02168320 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll
2014-03-13 21:26 - 2014-03-01 04:43 - 00043008 _____ (Microsoft Corporation) C:\windows\SysWOW64\jsproxy.dll
2014-03-13 21:26 - 2014-03-01 04:43 - 00032768 _____ (Microsoft Corporation) C:\windows\SysWOW64\iernonce.dll
2014-03-13 21:26 - 2014-03-01 04:42 - 00627200 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll
2014-03-13 21:26 - 2014-03-01 04:40 - 00440832 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieui.dll
2014-03-13 21:26 - 2014-03-01 04:38 - 00112128 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieUnatt.exe
2014-03-13 21:26 - 2014-03-01 04:37 - 00553472 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9diag.dll
2014-03-13 21:26 - 2014-03-01 04:35 - 02041856 _____ (Microsoft Corporation) C:\windows\system32\inetcpl.cpl
2014-03-13 21:26 - 2014-03-01 04:14 - 04244480 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll
2014-03-13 21:26 - 2014-03-01 04:03 - 00524288 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll
2014-03-13 21:26 - 2014-03-01 04:00 - 01964032 _____ (Microsoft Corporation) C:\windows\SysWOW64\inetcpl.cpl
2014-03-13 21:26 - 2014-03-01 03:57 - 11266048 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll
2014-03-13 21:26 - 2014-03-01 03:38 - 01393664 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
2014-03-13 21:26 - 2014-03-01 03:27 - 01156096 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll
2014-03-13 21:26 - 2014-02-07 02:23 - 03156480 _____ (Microsoft Corporation) C:\windows\system32\win32k.sys
2014-03-13 21:26 - 2014-01-29 03:32 - 00484864 _____ (Microsoft Corporation) C:\windows\system32\wer.dll
2014-03-13 21:26 - 2014-01-29 03:06 - 00381440 _____ (Microsoft Corporation) C:\windows\SysWOW64\wer.dll
2014-03-13 21:26 - 2014-01-28 03:32 - 00228864 _____ (Microsoft Corporation) C:\windows\system32\wwansvc.dll
2014-03-13 21:25 - 2014-03-01 07:05 - 23133696 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2014-03-13 21:25 - 2014-03-01 05:42 - 00053760 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll
2014-03-13 21:25 - 2014-03-01 05:37 - 00574976 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll
2014-03-13 21:25 - 2014-03-01 05:33 - 00139264 _____ (Microsoft Corporation) C:\windows\system32\ieUnatt.exe
2014-03-13 21:25 - 2014-03-01 05:33 - 00111616 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollector.exe
2014-03-13 21:25 - 2014-03-01 05:32 - 00708608 _____ (Microsoft Corporation) C:\windows\system32\jscript9diag.dll
2014-03-13 21:25 - 2014-03-01 05:23 - 00940032 _____ (Microsoft Corporation) C:\windows\system32\MsSpellCheckingFacility.exe
2014-03-13 21:25 - 2014-03-01 05:02 - 00195584 _____ (Microsoft Corporation) C:\windows\system32\msrating.dll
2014-03-13 21:25 - 2014-03-01 04:54 - 05768704 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
2014-03-13 21:25 - 2014-03-01 04:18 - 13051904 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
2014-03-13 21:25 - 2014-03-01 04:16 - 00164864 _____ (Microsoft Corporation) C:\windows\SysWOW64\msrating.dll
2014-03-13 21:25 - 2014-03-01 04:10 - 02334208 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
2014-03-13 21:25 - 2014-03-01 03:32 - 01820160 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll
2014-03-13 21:25 - 2014-03-01 03:25 - 00817664 _____ (Microsoft Corporation) C:\windows\system32\ieapfltr.dll
2014-03-13 21:25 - 2014-03-01 03:25 - 00703488 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieapfltr.dll
2014-03-13 21:24 - 2014-02-04 03:32 - 01424384 _____ (Microsoft Corporation) C:\windows\system32\WindowsCodecs.dll
2014-03-13 21:24 - 2014-02-04 03:32 - 00624128 _____ (Microsoft Corporation) C:\windows\system32\qedit.dll
2014-03-13 21:24 - 2014-02-04 03:04 - 01230336 _____ (Microsoft Corporation) C:\windows\SysWOW64\WindowsCodecs.dll
2014-03-13 21:24 - 2014-02-04 03:04 - 00509440 _____ (Microsoft Corporation) C:\windows\SysWOW64\qedit.dll
2014-03-04 09:46 - 2014-03-04 09:46 - 00001109 _____ () C:\Users\andreas\Desktop\desktoptools.lnk
2014-02-28 16:55 - 2014-02-28 16:55 - 00002699 _____ () C:\Users\Public\Desktop\Skype.lnk
2014-02-28 16:55 - 2014-02-28 16:55 - 00000000 ____D () C:\Users\andreas\AppData\Local\Skype
2014-02-28 16:46 - 2014-02-28 16:46 - 00001074 _____ () C:\Users\andreas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\join.me.lnk
2014-02-28 16:46 - 2014-02-28 16:46 - 00000000 ____D () C:\Users\andreas\AppData\Local\join.me
2014-02-28 15:14 - 2014-02-28 15:14 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
==================== One Month Modified Files and Folders =======
2014-03-28 13:10 - 2014-03-28 13:10 - 00024591 _____ () C:\Users\andreas\Desktop\FRST.txt
2014-03-28 13:10 - 2014-03-28 13:10 - 00000000 ____D () C:\FRST
2014-03-28 13:09 - 2014-03-28 13:09 - 02157056 _____ (Farbar) C:\Users\andreas\Desktop\FRST64.exe
2014-03-28 13:09 - 2014-03-28 13:08 - 02157056 _____ (Farbar) C:\Users\andreas\Downloads\FRST64.exe
2014-03-28 13:07 - 2014-03-28 13:07 - 01145856 _____ (Farbar) C:\Users\andreas\Downloads\FRST.exe
2014-03-28 13:06 - 2014-03-28 13:06 - 00000476 _____ () C:\Users\andreas\Desktop\defogger_disable.log
2014-03-28 13:06 - 2014-03-28 13:06 - 00000000 _____ () C:\Users\andreas\defogger_reenable
2014-03-28 13:06 - 2011-03-06 19:21 - 00000000 ____D () C:\Users\andreas
2014-03-28 13:05 - 2014-03-28 13:05 - 00050477 _____ () C:\Users\andreas\Downloads\Defogger.exe
2014-03-28 13:05 - 2014-03-28 13:05 - 00050477 _____ () C:\Users\andreas\Desktop\Defogger.exe
2014-03-28 13:03 - 2014-01-22 09:00 - 00000830 _____ () C:\windows\Tasks\Adobe Flash Player Updater.job
2014-03-28 12:56 - 2011-03-06 19:52 - 00000000 ____D () C:\Users\andreas\AppData\Roaming\Skype
2014-03-28 12:40 - 2011-03-09 14:40 - 00001112 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-03-28 12:25 - 2013-08-06 13:09 - 00000000 ____D () C:\Users\andreas\Desktop\Classic Car Auction
2014-03-28 10:56 - 2010-08-04 03:27 - 01459412 _____ () C:\windows\WindowsUpdate.log
2014-03-28 10:00 - 2014-03-28 10:00 - 00167424 _____ () C:\Users\andreas\Downloads\OBRASCI ZAVRSNI 2013 - SEMNONES (2).xls
2014-03-28 09:59 - 2014-03-28 09:59 - 00167424 _____ () C:\Users\andreas\Downloads\OBRASCI ZAVRSNI 2013 - SEMNONES (1).xls
2014-03-28 09:57 - 2014-03-28 09:57 - 00167424 _____ () C:\Users\andreas\Downloads\OBRASCI ZAVRSNI 2013 - SEMNONES.xls
2014-03-28 09:28 - 2009-07-14 05:45 - 00014144 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-03-28 09:28 - 2009-07-14 05:45 - 00014144 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-03-28 09:22 - 2014-01-15 20:25 - 00000000 ____D () C:\Users\andreas\AppData\Roaming\Dropbox
2014-03-28 09:21 - 2014-01-15 20:44 - 00000000 ___RD () C:\Users\andreas\Desktop\Dropbox
2014-03-28 09:20 - 2011-03-06 19:21 - 00000000 ____D () C:\Users\andreas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CyberLink DVD Suite
2014-03-28 09:19 - 2011-03-09 14:40 - 00001108 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-03-28 09:18 - 2013-12-14 13:12 - 00019092 _____ () C:\windows\setupact.log
2014-03-28 09:18 - 2009-07-14 06:08 - 00000006 ____H () C:\windows\Tasks\SA.DAT
2014-03-27 22:58 - 2014-03-21 16:09 - 00003942 _____ () C:\windows\System32\Tasks\User_Feed_Synchronization-{92299EF7-1E5C-417C-864B-B520F20C2A67}
2014-03-25 20:11 - 2009-07-14 06:13 - 00801824 _____ () C:\windows\system32\PerfStringBackup.INI
2014-03-25 10:52 - 2014-03-20 23:19 - 00000000 ____D () C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CyberLink DVD Suite
2014-03-24 16:06 - 2014-02-22 14:14 - 00000000 ____D () C:\Users\andreas\Desktop\semnones jdoo
2014-03-22 15:21 - 2014-03-20 23:33 - 00000000 ____D () C:\Users\Guest\Desktop\forms
2014-03-22 14:33 - 2014-03-22 14:26 - 00064000 ____H () C:\Users\Guest\Desktop\~WRL3555.tmp
2014-03-22 13:34 - 2014-03-22 13:25 - 00009169 _____ () C:\Users\andreas\Documents\Bieter.xlsx
2014-03-22 09:03 - 2014-03-22 09:03 - 00000000 ____D () C:\Users\Guest\AppData\Local\Adobe
2014-03-22 09:03 - 2014-03-20 23:19 - 00000000 ____D () C:\Users\Guest\AppData\Roaming\Adobe
2014-03-22 09:02 - 2014-03-22 09:02 - 00000000 ____D () C:\Users\Guest\AppData\Local\Google
2014-03-22 08:35 - 2014-03-22 08:35 - 00000000 ____D () C:\Users\Guest\AppData\Roaming\Avira
2014-03-22 08:29 - 2014-03-22 08:29 - 00000000 ____H () C:\windows\system32\Drivers\Msft_User_wpdcomp_01_09_00.Wdf
2014-03-22 06:45 - 2014-03-22 06:45 - 00000000 ____D () C:\Users\Guest\Desktop\Bieterregistrierungen
2014-03-21 17:48 - 2009-07-14 04:20 - 00000000 ____D () C:\windows\system32\NDF
2014-03-20 23:33 - 2014-03-20 23:33 - 00000000 ____D () C:\Users\Guest\Desktop\logo avus
2014-03-20 23:20 - 2014-03-20 23:20 - 00000000 ____D () C:\Users\Guest\AppData\Local\adaware
2014-03-20 23:20 - 2014-03-20 23:19 - 00000000 ___RD () C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-03-20 23:20 - 2014-03-20 23:19 - 00000000 ___RD () C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2014-03-20 23:20 - 2014-03-20 23:19 - 00000000 ____D () C:\Users\Guest\AppData\Local\VirtualStore
2014-03-20 23:19 - 2014-03-20 23:19 - 00001413 _____ () C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-03-20 23:19 - 2014-03-20 23:19 - 00000020 ___SH () C:\Users\Guest\ntuser.ini
2014-03-20 23:19 - 2014-03-20 23:19 - 00000000 ____D () C:\Users\Guest\AppData\Local\offsync
2014-03-20 23:19 - 2014-03-20 23:19 - 00000000 ____D () C:\Users\Guest
2014-03-20 21:52 - 2011-07-21 11:47 - 00000000 ____D () C:\Users\andreas\Desktop\james
2014-03-18 18:17 - 2011-04-06 10:41 - 00000000 ____D () C:\Users\andreas\Desktop\Roccadoro
2014-03-17 23:43 - 2013-08-15 07:57 - 00000000 ____D () C:\windows\system32\MRT
2014-03-17 23:41 - 2011-03-19 10:57 - 90015360 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe
2014-03-17 09:16 - 2011-03-08 21:20 - 00000000 ____D () C:\Users\andreas\Desktop\THE VIEW Villas doo
2014-03-16 20:04 - 2011-06-04 10:26 - 00000000 ____D () C:\Users\andreas\Desktop\Inntal Montenegro
2014-03-16 19:12 - 2011-03-06 19:43 - 00000000 ___RD () C:\Users\andreas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-03-16 15:17 - 2011-03-20 18:43 - 00000000 ____D () C:\Users\andreas\Desktop\montague stein
2014-03-15 19:29 - 2011-04-05 14:32 - 00002175 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-03-14 12:57 - 2014-02-14 09:37 - 00000000 ____D () C:\Users\andreas\Desktop\Photos portals
2014-03-14 09:32 - 2010-08-04 03:29 - 00000000 ___RD () C:\Program Files (x86)\Skype
2014-03-14 07:36 - 2009-07-14 05:45 - 00426592 _____ () C:\windows\system32\FNTCACHE.DAT
2014-03-14 07:34 - 2013-03-13 23:27 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2014-03-14 07:34 - 2013-03-13 23:27 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2014-03-14 02:16 - 2011-03-08 18:36 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-03-14 00:06 - 2013-05-26 17:55 - 00000000 ____D () C:\Users\andreas\AppData\Local\Workspace
2014-03-04 09:46 - 2014-03-04 09:46 - 00001109 _____ () C:\Users\andreas\Desktop\desktoptools.lnk
2014-03-01 07:05 - 2014-03-13 21:25 - 23133696 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2014-03-01 06:17 - 2014-03-13 21:26 - 02724864 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb
2014-03-01 06:16 - 2014-03-13 21:26 - 00004096 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollectorres.dll
2014-03-01 05:58 - 2014-03-13 21:26 - 02765824 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
2014-03-01 05:52 - 2014-03-13 21:26 - 00066048 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll
2014-03-01 05:51 - 2014-03-13 21:26 - 00048640 _____ (Microsoft Corporation) C:\windows\system32\ieetwproxystub.dll
2014-03-01 05:42 - 2014-03-13 21:25 - 00053760 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll
2014-03-01 05:40 - 2014-03-13 21:26 - 00033792 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll
2014-03-01 05:37 - 2014-03-13 21:25 - 00574976 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll
2014-03-01 05:33 - 2014-03-13 21:25 - 00139264 _____ (Microsoft Corporation) C:\windows\system32\ieUnatt.exe
2014-03-01 05:33 - 2014-03-13 21:25 - 00111616 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollector.exe
2014-03-01 05:32 - 2014-03-13 21:25 - 00708608 _____ (Microsoft Corporation) C:\windows\system32\jscript9diag.dll
2014-03-01 05:30 - 2014-03-13 21:26 - 17074688 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll
2014-03-01 05:23 - 2014-03-13 21:25 - 00940032 _____ (Microsoft Corporation) C:\windows\system32\MsSpellCheckingFacility.exe
2014-03-01 05:17 - 2014-03-13 21:26 - 00218624 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe
2014-03-01 05:11 - 2014-03-13 21:26 - 02724864 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.tlb
2014-03-01 05:02 - 2014-03-13 21:25 - 00195584 _____ (Microsoft Corporation) C:\windows\system32\msrating.dll
2014-03-01 04:54 - 2014-03-13 21:25 - 05768704 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
2014-03-01 04:52 - 2014-03-13 21:26 - 00061952 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesetup.dll
2014-03-01 04:51 - 2014-03-13 21:26 - 00051200 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieetwproxystub.dll
2014-03-01 04:47 - 2014-03-13 21:26 - 02168320 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll
2014-03-01 04:43 - 2014-03-13 21:26 - 00043008 _____ (Microsoft Corporation) C:\windows\SysWOW64\jsproxy.dll
2014-03-01 04:43 - 2014-03-13 21:26 - 00032768 _____ (Microsoft Corporation) C:\windows\SysWOW64\iernonce.dll
2014-03-01 04:42 - 2014-03-13 21:26 - 00627200 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll
2014-03-01 04:40 - 2014-03-13 21:26 - 00440832 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieui.dll
2014-03-01 04:38 - 2014-03-13 21:26 - 00112128 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieUnatt.exe
2014-03-01 04:37 - 2014-03-13 21:26 - 00553472 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9diag.dll
2014-03-01 04:35 - 2014-03-13 21:26 - 02041856 _____ (Microsoft Corporation) C:\windows\system32\inetcpl.cpl
2014-03-01 04:18 - 2014-03-13 21:25 - 13051904 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
2014-03-01 04:16 - 2014-03-13 21:25 - 00164864 _____ (Microsoft Corporation) C:\windows\SysWOW64\msrating.dll
2014-03-01 04:14 - 2014-03-13 21:26 - 04244480 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll
2014-03-01 04:10 - 2014-03-13 21:25 - 02334208 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
2014-03-01 04:03 - 2014-03-13 21:26 - 00524288 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll
2014-03-01 04:00 - 2014-03-13 21:26 - 01964032 _____ (Microsoft Corporation) C:\windows\SysWOW64\inetcpl.cpl
2014-03-01 03:57 - 2014-03-13 21:26 - 11266048 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll
2014-03-01 03:38 - 2014-03-13 21:26 - 01393664 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
2014-03-01 03:32 - 2014-03-13 21:25 - 01820160 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll
2014-03-01 03:27 - 2014-03-13 21:26 - 01156096 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll
2014-03-01 03:25 - 2014-03-13 21:25 - 00817664 _____ (Microsoft Corporation) C:\windows\system32\ieapfltr.dll
2014-03-01 03:25 - 2014-03-13 21:25 - 00703488 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieapfltr.dll
2014-02-28 16:55 - 2014-02-28 16:55 - 00002699 _____ () C:\Users\Public\Desktop\Skype.lnk
2014-02-28 16:55 - 2014-02-28 16:55 - 00000000 ____D () C:\Users\andreas\AppData\Local\Skype
2014-02-28 16:55 - 2010-08-04 03:29 - 00000000 ____D () C:\ProgramData\Skype
2014-02-28 16:51 - 2014-01-21 20:49 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-02-28 16:46 - 2014-02-28 16:46 - 00001074 _____ () C:\Users\andreas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\join.me.lnk
2014-02-28 16:46 - 2014-02-28 16:46 - 00000000 ____D () C:\Users\andreas\AppData\Local\join.me
2014-02-28 15:14 - 2014-02-28 15:14 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-02-27 09:04 - 2013-12-15 09:46 - 00570924 _____ () C:\windows\PFRO.log
2014-02-26 23:42 - 2011-04-21 12:42 - 00786134 _____ () C:\windows\SysWOW64\PerfStringBackup.INI
Some content of TEMP:
====================
C:\Users\andreas\AppData\Local\Temp\avgnt.exe
C:\Users\andreas\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmphck9ey.dll
C:\Users\Guest\AppData\Local\Temp\avgnt.exe
==================== Bamital & volsnap Check =================
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
LastRegBack: 2014-03-20 09:45
==================== End Of Log ============================
GMER GMER Logfile: Code:
ATTFilter GMER 2.1.19357 - hxxp://www.gmer.net
Rootkit scan 2014-03-28 13:25:29
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 SAMSUNG_ rev.2AJ1 298,09GB
Running: Gmer-19357.exe; Driver: C:\Users\andreas\AppData\Local\Temp\uwtiqfob.sys
---- Kernel code sections - GMER 2.1 ----
INITKDBG C:\windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 528 fffff800045f8000 45 bytes [00, 00, 49, 00, 4E, 76, 4C, ...]
INITKDBG C:\windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 575 fffff800045f802f 16 bytes [00, 00, 00, 00, 00, 00, 00, ...]
---- User code sections - GMER 2.1 ----
.text C:\windows\SysWOW64\svchost.exe[1720] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 00000000753a1465 2 bytes [3A, 75]
.text C:\windows\SysWOW64\svchost.exe[1720] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000753a14bb 2 bytes [3A, 75]
.text ... * 2
.text C:\Users\andreas\AppData\Local\Akamai\netsession_win.exe[3664] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 00000000753a1465 2 bytes [3A, 75]
.text C:\Users\andreas\AppData\Local\Akamai\netsession_win.exe[3664] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000753a14bb 2 bytes [3A, 75]
.text ... * 2
.text C:\Users\andreas\AppData\Local\Workspace\workspaceupdate.exe[3704] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 00000000753a1465 2 bytes [3A, 75]
.text C:\Users\andreas\AppData\Local\Workspace\workspaceupdate.exe[3704] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000753a14bb 2 bytes [3A, 75]
.text ... * 2
.text C:\Program Files (x86)\Skype\Phone\Skype.exe[3768] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 00000000753a1465 2 bytes [3A, 75]
.text C:\Program Files (x86)\Skype\Phone\Skype.exe[3768] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000753a14bb 2 bytes [3A, 75]
.text ... * 2
.text C:\Users\andreas\AppData\Roaming\Dropbox\bin\Dropbox.exe[3784] C:\windows\syswow64\Psapi.dll!GetModuleInformation + 69 00000000753a1465 2 bytes [3A, 75]
.text C:\Users\andreas\AppData\Roaming\Dropbox\bin\Dropbox.exe[3784] C:\windows\syswow64\Psapi.dll!GetModuleInformation + 155 00000000753a14bb 2 bytes [3A, 75]
.text ... * 2
.text C:\Users\andreas\AppData\Local\Akamai\netsession_win.exe[1576] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 00000000753a1465 2 bytes [3A, 75]
.text C:\Users\andreas\AppData\Local\Akamai\netsession_win.exe[1576] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000753a14bb 2 bytes [3A, 75]
.text ... * 2
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[588] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 00000000753a1465 2 bytes [3A, 75]
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[588] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000753a14bb 2 bytes [3A, 75]
.text ... * 2
.text C:\Users\andreas\Desktop\Defogger.exe[3952] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 00000000753a1465 2 bytes [3A, 75]
.text C:\Users\andreas\Desktop\Defogger.exe[3952] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000753a14bb 2 bytes [3A, 75]
.text ... * 2
---- Processes - GMER 2.1 ----
Library C:\Users\andreas\AppData\Roaming\Dropbox\bin\wxmsw28uh_vc.dll (*** suspicious ***) @ C:\Users\andreas\AppData\Roaming\Dropbox\bin\Dropbox.exe [3784](2013-12-18 02:25:54) 0000000003be0000
Library c:\users\andreas\appdata\local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmphck9ey.dll (*** suspicious ***) @ C:\Users\andreas\AppData\Roaming\Dropbox\bin\Dropbox.exe [3784](2014-03-28 08:20:22) 0000000004450000
Library C:\Users\andreas\AppData\Roaming\Dropbox\bin\libcef.dll (*** suspicious ***) @ C:\Users\andreas\AppData\Roaming\Dropbox\bin\Dropbox.exe [3784](2013-10-18 23:55:02) 000000006a830000
Library C:\Users\andreas\AppData\Roaming\Dropbox\bin\icudt.dll (*** suspicious ***) @ C:\Users\andreas\AppData\Roaming\Dropbox\bin\Dropbox.exe [3784] (ICU Data DLL/The ICU Project)(2013-10-18 23:55:00) 0000000069b80000
---- Registry - GMER 2.1 ----
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\000272c42243
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\0009dd501a52
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\0026b654eb87
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\0026b654edff
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\0026b654f56e
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\0026b654f652
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\0026b66b6864
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\0026b66b6982
Reg HKLM\SYSTEM\CurrentControlSet\services\LanmanWorkstation\Linkage@Export ????????@machine.inf,%intel_mfg%;Intel????????????????????????????????????????8??????????????????????????F??FF????`??????????????????????????????????????????????????????????????????????????????????????????e???????????????????????????????????????u??disk.inf?G??????????????USB\VID_0529&PID_0620\7&1e2b8449&0&2?7???????????p??r???\??\USB#VID_0A5C&PID_219B#0026B66B6864#{a5dcbf10-6530-11d2-901f-00c04fb951ed}????????????????????????????????e??Microsoft???\??\USB#VID_04E8&PID_6860#0019328a05222f#{a5dcbf10-6530-11d2-901f-00c04fb951ed}?????????????????????wpdbusenum\fs???????????????????? ??????????????????????????????????????????WILL'S USB??????WUDFCoInstaller.dll?????????????????????)???volume.inf:MSFT.NTamd64:volume_install:6.1.7601.17514:storage\volume?A????????????????????????????????,?????????????@disk.inf,%genmanufacturer%;(Standard disk drives)??????????????????????????????USB Flash Disk ?devicename%;WPD FileSystem Volume Driver????????????a??????????????????????????????????????????? ??????? ?????????????????
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\000272c42243 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\0009dd501a52 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\0026b654eb87 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\0026b654edff (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\0026b654f56e (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\0026b654f652 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\0026b66b6864 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\0026b66b6982 (not active ControlSet)
---- Disk sectors - GMER 2.1 ----
Disk \Device\Harddisk0\DR0 unknown MBR code
---- EOF - GMER 2.1 ----
Schon mal vielen Dank für jede Hilfestellung. Gruß Andi Geändert von Andi64 (28.03.2014 um 14:20 Uhr) |
|
28.03.2014, 14:28
| #2 |
| /// the machine /// TB-Ausbilder    | Spam Mails werden von yahoo account verschickt - auch nach Passwortänderung hi,
__________________Scan mit Combofix
__________________ |
|
28.03.2014, 19:57
| #3 |
| | Spam Mails werden von yahoo account verschickt - auch nach Passwortänderung Hi Schrauber,
__________________hier das combofix log file Combofix Logfile: Code:
ATTFilter ComboFix 14-03-24.01 - andreas 28.03.2014 15:07:41.1.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.49.1033.18.3957.2046 [GMT 1:00]
ausgeführt von:: c:\users\andreas\Desktop\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {4D041356-F94D-285F-8768-AAE50FA36859}
SP: Avira Desktop *Disabled/Updated* {F665F2B2-DF77-27D1-BDD8-9197742422E4}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Neuer Wiederherstellungspunkt wurde erstellt
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\BFlix\BFLIx.dll
c:\users\andreas\AppData\Roaming\convert\convert.exe
.
.
((((((((((((((((((((((( Dateien erstellt von 2014-02-28 bis 2014-03-28 ))))))))))))))))))))))))))))))
.
.
2014-03-28 14:18 . 2014-03-28 14:18 -------- d-----w- c:\users\Default\AppData\Local\temp
2014-03-28 12:10 . 2014-03-28 12:11 -------- d-----w- C:\FRST
2014-03-20 22:19 . 2014-03-20 22:19 -------- d-----w- c:\users\Guest
2014-03-13 20:25 . 2014-03-01 22:02 235224 ----a-w- c:\program files (x86)\Internet Explorer\sqmapi.dll
2014-03-13 20:24 . 2014-02-04 02:32 624128 ----a-w- c:\windows\system32\qedit.dll
2014-03-13 20:24 . 2014-02-04 02:04 509440 ----a-w- c:\windows\SysWow64\qedit.dll
2014-03-13 20:24 . 2014-02-04 02:32 1424384 ----a-w- c:\windows\system32\WindowsCodecs.dll
2014-03-13 20:24 . 2014-02-04 02:04 1230336 ----a-w- c:\windows\SysWow64\WindowsCodecs.dll
2014-02-28 15:55 . 2014-02-28 15:55 -------- d-----w- c:\users\andreas\AppData\Local\Skype
2014-02-28 15:55 . 2014-02-28 15:55 -------- d-----w- c:\program files (x86)\Common Files\Skype
2014-02-28 15:46 . 2014-02-28 15:46 -------- d-----w- c:\users\andreas\AppData\Local\join.me
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-03-17 22:41 . 2011-03-19 09:57 90015360 ----a-w- c:\windows\system32\MRT.exe
2014-01-22 08:00 . 2014-01-22 08:00 692616 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2014-01-22 08:00 . 2011-08-07 18:08 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2014-01-15 16:46 . 2014-01-15 16:46 96168 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-10 23:54 131248 ----a-w- c:\users\andreas\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-10 23:54 131248 ----a-w- c:\users\andreas\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-10 23:54 131248 ----a-w- c:\users\andreas\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Akamai NetSession Interface"="c:\users\andreas\AppData\Local\Akamai\netsession_win.exe" [2013-06-04 4489472]
"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2011-08-06 39408]
"Starfield Updater"="c:\users\andreas\AppData\Local\Workspace\WorkspaceUpdate.exe" [2013-05-26 35008]
"Workspace Status"="c:\users\andreas\AppData\Local\Workspace\workspacestatus.exe" [2013-07-26 694760]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2014-02-10 20922016]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"RemoteControl8"="c:\program files (x86)\CyberLink\PowerDVD8\PDVD8Serv.exe" [2009-04-15 91432]
"PDVD8LanguageShortcut"="c:\program files (x86)\CyberLink\PowerDVD8\Language\Language.exe" [2009-04-15 50472]
"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]
"Ad-Aware Browsing Protection"="c:\programdata\Ad-Aware Browsing Protection\adawarebp.exe" [2011-10-21 198032]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-11-21 959904]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2014-02-20 689744]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2013-07-02 254336]
"HP Software Update"="c:\program files (x86)\Hp\HP Software Update\HPWuSchd2.exe" [2013-05-30 96056]
.
c:\users\andreas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\andreas\AppData\Roaming\Dropbox\bin\Dropbox.exe /systemstartup [2014-1-3 33508336]
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files (x86)\Microsoft Office\Office12\ONENOTEM.EXE /tsr [2009-2-26 97680]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 AKSUP;AKSUP;c:\windows\system32\drivers\aksup.sys;c:\windows\SYSNATIVE\drivers\aksup.sys [x]
R3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudbus.sys;c:\windows\SYSNATIVE\DRIVERS\ssudbus.sys [x]
R3 ewusbnet;HUAWEI USB-NDIS miniport;c:\windows\system32\DRIVERS\ewusbnet.sys;c:\windows\SYSNATIVE\DRIVERS\ewusbnet.sys [x]
R3 hwusbdev;Huawei DataCard USB PNP Device;c:\windows\system32\DRIVERS\ewusbdev.sys;c:\windows\SYSNATIVE\DRIVERS\ewusbdev.sys [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys;c:\windows\SYSNATIVE\DRIVERS\Impcd.sys [x]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
R3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftfslh.sys [x]
R3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftplaylh.sys [x]
R3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftredirlh.sys [x]
R3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftvollh.sys [x]
R3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudmdm.sys;c:\windows\SYSNATIVE\DRIVERS\ssudmdm.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam64.sys;c:\windows\SYSNATIVE\DRIVERS\wdcsam64.sys [x]
R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys;c:\windows\SYSNATIVE\DRIVERS\yk62x64.sys [x]
R4 AntiVirWebService;Avira Web Protection;c:\program files (x86)\Avira\AntiVir Desktop\avwebg7.exe;c:\program files (x86)\Avira\AntiVir Desktop\avwebg7.exe [x]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys;c:\windows\SYSNATIVE\DRIVERS\avkmgr.sys [x]
S1 SABI;SAMSUNG Kernel Driver For Windows 7;c:\windows\system32\Drivers\SABI.sys;c:\windows\SYSNATIVE\Drivers\SABI.sys [x]
S2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe;c:\windows\SYSNATIVE\svchost.exe [x]
S2 AntiVirSchedulerService;Avira Scheduler;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [x]
S2 avnetflt;avnetflt;c:\windows\system32\DRIVERS\avnetflt.sys;c:\windows\SYSNATIVE\DRIVERS\avnetflt.sys [x]
S2 c2cautoupdatesvc;Skype Click to Call Updater;c:\program files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe;c:\program files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [x]
S2 c2cpnrsvc;Skype Click to Call PNR Service;c:\program files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe;c:\program files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [x]
S2 File Backup;File Backup Service;c:\program files (x86)\Workspace\offSyncService.exe;c:\program files (x86)\Workspace\offSyncService.exe [x]
S2 NAUpdate;Nero Update;c:\program files (x86)\Nero\Update\NASvc.exe;c:\program files (x86)\Nero\Update\NASvc.exe [x]
S2 Rezip;Rezip;c:\windows\SysWOW64\Rezip.exe;c:\windows\SysWOW64\Rezip.exe [x]
S2 SACSrv;SACSrv;c:\program files\SafeNet\Authentication\SAC\x64\SACSrv.exe;c:\program files\SafeNet\Authentication\SAC\x64\SACSrv.exe [x]
S3 iKeyEnum;Rainbow iKey Enumerator;c:\windows\system32\DRIVERS\ikeyenum.sys;c:\windows\SYSNATIVE\DRIVERS\ikeyenum.sys [x]
S3 iKeyIFD;Rainbow iKey Virtual Reader;c:\windows\system32\DRIVERS\ikeyifd.sys;c:\windows\SYSNATIVE\DRIVERS\ikeyifd.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
Akamai REG_MULTI_SZ Akamai
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2014-03-15 18:27 1150280 ----a-w- c:\program files (x86)\Google\Chrome\Application\33.0.1750.154\Installer\chrmstp.exe
.
Inhalt des "geplante Tasks" Ordners
.
2014-03-28 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-01-22 08:00]
.
2014-03-28 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-03-09 13:39]
.
2014-03-28 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-03-09 13:39]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\off0]
@="{8E33AEC3-C5F2-43C4-B048-9E3EB19B1DD5}"
[HKEY_CLASSES_ROOT\CLSID\{8E33AEC3-C5F2-43C4-B048-9E3EB19B1DD5}]
2013-05-26 16:59 1308432 ----a-w- c:\program files (x86)\Workspace\offsyncext64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\off1]
@="{8E33AEC4-C5F2-43C4-B048-9E3EB19B1DD5}"
[HKEY_CLASSES_ROOT\CLSID\{8E33AEC4-C5F2-43C4-B048-9E3EB19B1DD5}]
2013-05-26 16:59 1308432 ----a-w- c:\program files (x86)\Workspace\offsyncext64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2010-02-09 16413288]
"Windows Mobile Device Center"="c:\windows\WindowsMobile\wmdc.exe" [2007-05-31 660360]
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = about:Tabs
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = <local>
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.2.1
TCP: Interfaces\{011E7012-FCC3-417B-B375-8A252ADD8B30}: NameServer = 193.189.244.206 193.189.244.225
TCP: Interfaces\{708DB8B2-E39B-4BEE-842B-07EC99E3E497}: NameServer = 193.189.244.206 193.189.244.225
TCP: Interfaces\{8B8CA7B7-057C-43EE-9A22-091EB0577D86}: NameServer = 193.189.244.206 193.189.244.225
FF - ProfilePath - c:\users\andreas\AppData\Roaming\Mozilla\Firefox\Profiles\f3er6lil.default\
FF - prefs.js: browser.startup.homepage - hxxp://yahoo.de/
FF - prefs.js: network.proxy.type - 0
FF - user.js: extensions.BabylonToolbar_i.babTrack - affID=108760
FF - user.js: extensions.BabylonToolbar_i.babExt -
FF - user.js: extensions.BabylonToolbar_i.srcExt - ss
FF - user.js: extensions.BabylonToolbar_i.id - c641592b0000000000001ef46a98bd77
FF - user.js: extensions.BabylonToolbar_i.hardId - c641592b0000000000001ef46a98bd77
FF - user.js: extensions.BabylonToolbar_i.instlDay - 15365
FF - user.js: extensions.BabylonToolbar_i.vrsn - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsni - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.5.3.1722:20
FF - user.js: extensions.BabylonToolbar_i.prtnrId - babylon
FF - user.js: extensions.BabylonToolbar_i.prdct - BabylonToolbar
FF - user.js: extensions.BabylonToolbar_i.aflt - babsst
FF - user.js: extensions.BabylonToolbar_i.smplGrp - none
FF - user.js: extensions.BabylonToolbar_i.tlbrId - base
FF - user.js: extensions.BabylonToolbar_i.instlRef - sst
FF - user.js: extensions.zonealarm_i.hmpg - true
FF - user.js: extensions.zonealarm.keyWordUrl - hxxp://search.zonealarm.com/search?Source=Browser&oemCode=ZLN116337476042057-1001&toolbarId=base&affiliateId=1001&Lan=de&utid=c641592b0000000000001ef46a98bd77&q={searchTerms}
FF - user.js: extensions.zonealarm_i.dnsErr - true
FF - user.js: extensions.zonealarm_i.newTab - true
FF - user.js: extensions.zonealarm_i.vrsnTs - 1.6.7.415:41
FF - user.js: extensions.zonealarm_i.smplGrp - none
FF - user.js: extensions.zonealarm.hpOld0 - about:home
FF - user.js: extensions.zonealarm.hmpg - true
FF - user.js: extensions.zonealarm.hmpgUrl - hxxp://search.zonealarm.com/?src=hp&tbid=base2013&Lan=de&gu=386d05aab96640798e6ea6ac9f50f5fc&tu=10GX0007f1B000v&sku=&tstsId=&ver=&
FF - user.js: extensions.zonealarm.newTabUrl - hxxp://search.zonealarm.com/?src=nt&tbid=base2013&Lan=de&gu=386d05aab96640798e6ea6ac9f50f5fc&tu=10GX0007f1B000v&sku=&tstsId=&ver=&
FF - user.js: extensions.zonealarm.tlbrSrchUrl - hxxp://search.zonealarm.com/search?src=tb&tbid=goughGA&Lan={dfltLng}&gu=386d05aab96640798e6ea6ac9f50f5fc&tu=10GXz00Au1C01g0&sku=&tstsId=&ver=&&q=
FF - user.js: extensions.zonealarm.id - c641592b00000000000018f46a98bd77
FF - user.js: extensions.zonealarm.appId - {C56C48A0-DA4E-46F6-9859-1553DC865F84}
FF - user.js: extensions.zonealarm.instlDay - 16016
FF - user.js: extensions.zonealarm.vrsn - 1.8.22.0
FF - user.js: extensions.zonealarm.vrsni - 1.8.22.0
FF - user.js: extensions.zonealarm.vrsnTs - 1.8.22.09:30
FF - user.js: extensions.zonealarm.prtnrId - checkpoint
FF - user.js: extensions.zonealarm.prdct - zonealarm
FF - user.js: extensions.zonealarm.aflt - 1025
FF - user.js: extensions.zonealarm.smplGrp - none
FF - user.js: extensions.zonealarm.tlbrId - goughGA
FF - user.js: extensions.zonealarm.instlRef - ZLN116337476042057-1001
FF - user.js: extensions.zonealarm.dfltLng - de
FF - user.js: extensions.zonealarm.excTlbr - false
FF - user.js: extensions.zonealarm.ffxUnstlRst - false
FF - user.js: extensions.zonealarm.admin - false
FF - user.js: extensions.zonealarm.autoRvrt - false
FF - user.js: extensions.zonealarm.rvrt - false
FF - user.js: extensions.zonealarm.dfltSrch - true
FF - user.js: extensions.zonealarm.srchPrvdr - Search By ZoneAlarm
FF - user.js: extensions.zonealarm.kw_url - hxxp://search.zonealarm.com/search?src=sp&tbid=goughGA&Lan=de&gu=386d05aab96640798e6ea6ac9f50f5fc&tu=10GXz00Au1C01g0&sku=&tstsId=&ver=&&q=
FF - user.js: extensions.zonealarm.dnsErr - true
FF - user.js: extensions.zonealarm.newTab - false
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
BHO-{0C9F4179-6CE2-4c6a-A3E5-67FF3592A12E} - c:\program files (x86)\BFlix\BFlix.dll
Toolbar-Locked - (no file)
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
Notify-ScCertProp - (no file)
SafeBoot-MCODS
Toolbar-Locked - (no file)
ShellIconOverlayIdentifiers-{FB314ED9-A251-47B7-93E1-CDD82E34AF8B} - c:\users\andreas\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll
ShellIconOverlayIdentifiers-{FB314EDA-A251-47B7-93E1-CDD82E34AF8B} - c:\users\andreas\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll
ShellIconOverlayIdentifiers-{FB314EDB-A251-47B7-93E1-CDD82E34AF8B} - c:\users\andreas\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll
ShellIconOverlayIdentifiers-{FB314EDC-A251-47B7-93E1-CDD82E34AF8B} - c:\users\andreas\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
AddRemove-Kroatisch 100 - c:\users\andreas\Desktop\Strokes 3.0\CRO100geruninstall.exe
AddRemove-Kroatisch 101 - c:\users\andreas\Desktop\Strokes 3.0\CRO101geruninstall.exe
AddRemove-MSC - c:\program files (x86)\McAfee\MSC\mcuninst.exe
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\Akamai]
"ServiceDll"="c:\program files (x86)\common files\akamai/netsession_win_8fa3539.dll"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\S-1-5-21-522234228-4192544273-3428825822-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.download\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="SafariDownload"
.
[HKEY_USERS\S-1-5-21-522234228-4192544273-3428825822-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.htm\UserChoice]
@Denied: (2) (S-1-5-21-522234228-4192544273-3428825822-1001)
@Denied: (2) (LocalSystem)
"Progid"="ChromeHTML"
.
[HKEY_USERS\S-1-5-21-522234228-4192544273-3428825822-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.html\UserChoice]
@Denied: (2) (S-1-5-21-522234228-4192544273-3428825822-1001)
@Denied: (2) (LocalSystem)
"Progid"="ChromeHTML"
.
[HKEY_USERS\S-1-5-21-522234228-4192544273-3428825822-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.safariextz\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="SafariExtension"
.
[HKEY_USERS\S-1-5-21-522234228-4192544273-3428825822-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.shtml\UserChoice]
@Denied: (2) (S-1-5-21-522234228-4192544273-3428825822-1001)
@Denied: (2) (LocalSystem)
"Progid"="ChromeHTML"
.
[HKEY_USERS\S-1-5-21-522234228-4192544273-3428825822-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.svg\UserChoice]
@Denied: (2) (S-1-5-21-522234228-4192544273-3428825822-1001)
@Denied: (2) (LocalSystem)
"Progid"="IE.AssocFile.SVG"
.
[HKEY_USERS\S-1-5-21-522234228-4192544273-3428825822-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.webarchive\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="SafariHTML"
.
[HKEY_USERS\S-1-5-21-522234228-4192544273-3428825822-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xht\UserChoice]
@Denied: (2) (S-1-5-21-522234228-4192544273-3428825822-1001)
@Denied: (2) (LocalSystem)
"Progid"="ChromeHTML"
.
[HKEY_USERS\S-1-5-21-522234228-4192544273-3428825822-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xhtml\UserChoice]
@Denied: (2) (S-1-5-21-522234228-4192544273-3428825822-1001)
@Denied: (2) (LocalSystem)
"Progid"="ChromeHTML"
.
[HKEY_USERS\S-1-5-21-522234228-4192544273-3428825822-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="SafariHTML"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\windows\\system32\\Macromed\\Flash\\FlashUtil64_12_0_0_38_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\windows\\system32\\Macromed\\Flash\\FlashUtil64_12_0_0_38_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_12_0_0_38_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_12_0_0_38_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_12_0_0_38.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_12_0_0_38.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_12_0_0_38.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_12_0_0_38.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\McAfee]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows CE Services]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2014-03-28 15:29:58
ComboFix-quarantined-files.txt 2014-03-28 14:29
.
Vor Suchlauf: 13.143.986.176 bytes free
Nach Suchlauf: 12.961.144.832 bytes free
.
- - End Of File - - 107ECD29CF538465D3DD03AAF7542BB7
Danke. Gruß, Andi |
|
29.03.2014, 10:06
| #4 |
| /// the machine /// TB-Ausbilder | Spam Mails werden von yahoo account verschickt - auch nach Passwortänderung Downloade Dir bitte  Malwarebytes Anti-Malware
Downloade Dir bitte  AdwCleaner auf deinen Desktop.
Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
und ein frisches FRST log bitte.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
30.03.2014, 17:41
| #5 |
| | Spam Mails werden von yahoo account verschickt - auch nach Passwortänderung Hi, hier die neuen Log files: Malwarebytes Code:
ATTFilter Malwarebytes Anti-Malware www.malwarebytes.org Suchlauf Datum: 30.03.2014 Suchlauf-Zeit: 17:55:40 Logdatei: mbam.txt Administrator: Ja Version: 2.00.0.1000 Malware Datenbank: v2014.03.30.03 Rootkit Datenbank: v2014.03.27.01 Lizenz: Kostenlos Malware Schutz: Deaktiviert Bösartiger Webseiten Schutz: Deaktiviert Chameleon: Deaktiviert Betriebssystem: Windows 7 Service Pack 1 CPU: x64 Dateisystem: NTFS Benutzer: andreas Suchlauf-Art: Bedrohungs-Suchlauf Ergebnis: Abgeschlossen Durchsuchte Objekte: 313719 Verstrichene Zeit: 36 Min, 29 Sek Speicher: Aktiviert Autostart: Aktiviert Dateisystem: Aktiviert Archive: Aktiviert Rootkits: Aktiviert Shuriken: Aktiviert PUP: Aktiviert PUM: Aktiviert Prozesse: 0 (No malicious items detected) Module: 0 (No malicious items detected) Registrierungsschlüssel: 0 (No malicious items detected) Registrierungswerte: 0 (No malicious items detected) Registrierungsdaten: 0 (No malicious items detected) Ordner: 0 (No malicious items detected) Dateien: 17 PUP.Optional.Babylon.A, C:\Users\andreas\AppData\Roaming\Mozilla\Firefox\Profiles\f3er6lil.default\prefs.js, Gut: (), Schlecht: (user_pref("extensions.BabylonToolbar_i.aflt", "babsst");), Ersetzt,[ad53b14fee12a0600308a29450b4a858] PUP.Optional.Babylon.A, C:\Users\andreas\AppData\Roaming\Mozilla\Firefox\Profiles\f3er6lil.default\prefs.js, Gut: (), Schlecht: (user_pref("extensions.BabylonToolbar_i.babExt", "");), Ersetzt,[07f949b7f60a52ae36d535018d7724dc] PUP.Optional.Babylon.A, C:\Users\andreas\AppData\Roaming\Mozilla\Firefox\Profiles\f3er6lil.default\prefs.js, Gut: (), Schlecht: (user_pref("extensions.BabylonToolbar_i.babTrack", "affID=108760");), Ersetzt,[42be11ef6a96847c23e843f3d33157a9] PUP.Optional.Babylon.A, C:\Users\andreas\AppData\Roaming\Mozilla\Firefox\Profiles\f3er6lil.default\prefs.js, Gut: (), Schlecht: (user_pref("extensions.BabylonToolbar_i.hardId", "c641592b0000000000001ef46a98bd77");), Ersetzt,[649c6d937a86eb156aa187af59ab20e0] PUP.Optional.Babylon.A, C:\Users\andreas\AppData\Roaming\Mozilla\Firefox\Profiles\f3er6lil.default\prefs.js, Gut: (), Schlecht: (user_pref("extensions.BabylonToolbar_i.id", "c641592b0000000000001ef46a98bd77");), Ersetzt,[af5109f79c648c74907bef479b698080] PUP.Optional.Babylon.A, C:\Users\andreas\AppData\Roaming\Mozilla\Firefox\Profiles\f3er6lil.default\prefs.js, Gut: (), Schlecht: (user_pref("extensions.BabylonToolbar_i.instlDay", "15365");), Ersetzt,[d62af9071be5e0206f9cb383ca3aeb15] PUP.Optional.Babylon.A, C:\Users\andreas\AppData\Roaming\Mozilla\Firefox\Profiles\f3er6lil.default\prefs.js, Gut: (), Schlecht: (user_pref("extensions.BabylonToolbar_i.instlRef", "sst");), Ersetzt,[000028d8837d946c6aa136006f95df21] PUP.Optional.Babylon.A, C:\Users\andreas\AppData\Roaming\Mozilla\Firefox\Profiles\f3er6lil.default\prefs.js, Gut: (), Schlecht: (user_pref("extensions.BabylonToolbar_i.newTab", true);), Ersetzt,[6d93ab55649c669a22e93ef8d430bf41] PUP.Optional.Babylon.A, C:\Users\andreas\AppData\Roaming\Mozilla\Firefox\Profiles\f3er6lil.default\prefs.js, Gut: (), Schlecht: (user_pref("extensions.BabylonToolbar_i.newTabUrl", "hxxp://search.babylon.com/?AF=108760&babsrc=NT_ss&mntrId=c641592b0000000000001ef46a98bd77");), Ersetzt,[9769946cce32e818f8138aac58ac6c94] PUP.Optional.Babylon.A, C:\Users\andreas\AppData\Roaming\Mozilla\Firefox\Profiles\f3er6lil.default\prefs.js, Gut: (), Schlecht: (user_pref("extensions.BabylonToolbar_i.prdct", "BabylonToolbar");), Ersetzt,[69979e6249b7ab5563a8181e6b99d729] PUP.Optional.Babylon.A, C:\Users\andreas\AppData\Roaming\Mozilla\Firefox\Profiles\f3er6lil.default\prefs.js, Gut: (), Schlecht: (user_pref("extensions.BabylonToolbar_i.prtnrId", "babylon");), Ersetzt,[768ab848639d8b75a7641c1aa75de020] PUP.Optional.Babylon.A, C:\Users\andreas\AppData\Roaming\Mozilla\Firefox\Profiles\f3er6lil.default\prefs.js, Gut: (), Schlecht: (user_pref("extensions.BabylonToolbar_i.smplGrp", "none");), Ersetzt,[04fc926e4eb214ecf81362d4669e28d8] PUP.Optional.Babylon.A, C:\Users\andreas\AppData\Roaming\Mozilla\Firefox\Profiles\f3er6lil.default\prefs.js, Gut: (), Schlecht: (user_pref("extensions.BabylonToolbar_i.srcExt", "ss");), Ersetzt,[ec14877988780df3af5c82b4e4208f71] PUP.Optional.Babylon.A, C:\Users\andreas\AppData\Roaming\Mozilla\Firefox\Profiles\f3er6lil.default\prefs.js, Gut: (), Schlecht: (user_pref("extensions.BabylonToolbar_i.tlbrId", "base");), Ersetzt,[5da3ae5223ddf50b1af137ff35cfc23e] PUP.Optional.Babylon.A, C:\Users\andreas\AppData\Roaming\Mozilla\Firefox\Profiles\f3er6lil.default\prefs.js, Gut: (), Schlecht: (user_pref("extensions.BabylonToolbar_i.vrsn", "1.5.3.17");), Ersetzt,[10f0877911ef827e43c8c86e0df75da3] PUP.Optional.Babylon.A, C:\Users\andreas\AppData\Roaming\Mozilla\Firefox\Profiles\f3er6lil.default\prefs.js, Gut: (), Schlecht: (user_pref("extensions.BabylonToolbar_i.vrsnTs", "1.5.3.1722:20:54");), Ersetzt,[2ad6a85844bc45bb66a53204de265aa6] PUP.Optional.Babylon.A, C:\Users\andreas\AppData\Roaming\Mozilla\Firefox\Profiles\f3er6lil.default\prefs.js, Gut: (), Schlecht: (user_pref("extensions.BabylonToolbar_i.vrsni", "1.5.3.17");), Ersetzt,[ed13728ec8380df37299fe385aaa5da3] Physische Sektoren: 0 (No malicious items detected) (end) AdwCleaner AdwCleaner Logfile: Code:
ATTFilter # AdwCleaner v3.022 - Report created 30/03/2014 at 18:12:26
# Updated 13/03/2014 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : andreas - ANDREAS-PC
# Running from : C:\Users\andreas\Desktop\adwcleaner.exe
# Option : Clean
***** [ Services ] *****
***** [ Files / Folders ] *****
Folder Deleted : C:\ProgramData\Babylon
Folder Deleted : C:\ProgramData\boost_interprocess
Folder Deleted : C:\ProgramData\Premium
Folder Deleted : C:\Program Files (x86)\adawaretb
Folder Deleted : C:\Program Files (x86)\iMesh Applications
Folder Deleted : C:\Program Files (x86)\Toolbar Cleaner
Folder Deleted : C:\windows\SysWOW64\AI_RecycleBin
Folder Deleted : C:\Users\andreas\AppData\Local\Babylon
Folder Deleted : C:\Users\andreas\AppData\Roaming\Babylon
Folder Deleted : C:\Users\andreas\AppData\Roaming\CheckPoint\ZoneAlarm LTD Toolbar
Folder Deleted : C:\Users\andreas\AppData\Roaming\Mozilla\Firefox\Profiles\f3er6lil.default\Extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
Folder Deleted : C:\Users\andreas\AppData\Roaming\Mozilla\Firefox\Profiles\f3er6lil.default\Extensions\software@loadtubes.com
File Deleted : C:\Users\andreas\AppData\Roaming\Mozilla\Firefox\Profiles\f3er6lil.default\user.js
***** [ Shortcuts ] *****
***** [ Registry ] *****
Key Deleted : HKLM\SOFTWARE\Classes\AppID\WLXQuickTimeShellExt.DLL
Key Deleted : HKLM\SOFTWARE\Classes\bbylntlbr.bbylntlbrHlpr
Key Deleted : HKLM\SOFTWARE\Classes\bbylntlbr.bbylntlbrHlpr.1
Key Deleted : HKLM\SOFTWARE\Classes\Prod.cap
Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho
Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho.1
Key Deleted : HKLM\SOFTWARE\Classes\speedupmypc
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\adawarebp_rasapi32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\adawarebp_rasmancs
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\askpartnercobrandingtool_rasapi32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\askpartnercobrandingtool_rasmancs
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\au__rasapi32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\au__rasmancs
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASMANCS
Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@checkpoint.com/FFApi
Value Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [Starfield Updater]
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{0A18A436-2A7A-49F3-A488-30538A2F6323}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{C2178B36-2955-479B-818C-A2AE8E500454}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{0C9F4179-6CE2-4C6A-A3E5-67FF3592A12E}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{19D2F415-D58B-46BC-9390-C03DCBC21EB2}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{2EECD738-5844-4A99-B4B6-146BF802613B}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{6C97A91E-4524-4019-86AF-2AA2D567BF5C}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E46C8196-B634-44A1-AF6E-957C64278AB1}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{22B0769F-794B-4422-AC84-47B123C8986D}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{255E0B2A-D747-4EEF-B7CE-159D73A3656D}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{28ED590D-F5ED-4E05-A87F-1D759F1C6169}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{45D5B93F-E2ED-4AF2-915E-DCDDBDA8C33C}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{771B99AB-636F-4A11-9039-8DFEB927B061}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A8321AA2-2227-40C7-8525-6C2F4E1B0EBE}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{AA41A731-6814-4A70-A6F1-C0A20FBBFBD5}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{ABBB8A9E-D8AF-40D1-94BE-5175077465FC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{BBA74401-6D6F-4BBD-9F65-E8623814F3BB}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{BF737694-56F6-46FA-9FDC-FA99A5B25FAD}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{CFCD164E-8AC9-478E-9ECC-B616A932016C}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D5961CC0-B442-4567-8030-67E241EF4CC2}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E450067F-1C93-41A7-928E-07E5C2EEC680}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{F977D9F2-4BDC-44A6-B508-7C0284C61EED}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{48C9C8B0-A546-46C1-A81F-47A31E623E9D}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{99DF8440-814E-497F-BDDD-FB93E9E9DF96}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0C9F4179-6CE2-4C6A-A3E5-67FF3592A12E}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2EECD738-5844-4A99-B4B6-146BF802613B}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{6C97A91E-4524-4019-86AF-2AA2D567BF5C}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{2EECD738-5844-4A99-B4B6-146BF802613B}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{6C97A91E-4524-4019-86AF-2AA2D567BF5C}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{83CAD530-387D-40FD-82EA-B9E863D92A9B}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{171DEBEB-C3D4-40B7-AC73-056A5EBA4A7E}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{22B0769F-794B-4422-AC84-47B123C8986D}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{255E0B2A-D747-4EEF-B7CE-159D73A3656D}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{28ED590D-F5ED-4E05-A87F-1D759F1C6169}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{45D5B93F-E2ED-4AF2-915E-DCDDBDA8C33C}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{771B99AB-636F-4A11-9039-8DFEB927B061}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{A8321AA2-2227-40C7-8525-6C2F4E1B0EBE}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{AA41A731-6814-4A70-A6F1-C0A20FBBFBD5}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{ABBB8A9E-D8AF-40D1-94BE-5175077465FC}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{BBA74401-6D6F-4BBD-9F65-E8623814F3BB}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{BF737694-56F6-46FA-9FDC-FA99A5B25FAD}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{CFCD164E-8AC9-478E-9ECC-B616A932016C}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{D5961CC0-B442-4567-8030-67E241EF4CC2}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{E450067F-1C93-41A7-928E-07E5C2EEC680}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{F977D9F2-4BDC-44A6-B508-7C0284C61EED}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\WEDLMNGR
Key Deleted : HKCU\Software\YahooPartnerToolbar
Key Deleted : HKLM\Software\Babylon
Key Deleted : HKLM\Software\BFlix
Key Deleted : HKLM\Software\Toolbar Cleaner
Key Deleted : HKLM\Software\Uniblue
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\BFlix
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ZoneAlarm LTD Toolbar
***** [ Browsers ] *****
-\\ Internet Explorer v11.0.9600.16521
-\\ Mozilla Firefox v27.0.1 (de)
[ File : C:\Users\andreas\AppData\Roaming\Mozilla\Firefox\Profiles\f3er6lil.default\prefs.js ]
Line Deleted : user_pref("browser.babylon.HPOnNewTab", "search.babylon.com");
-\\ Google Chrome v33.0.1750.154
[ File : C:\Users\andreas\AppData\Local\Google\Chrome\User Data\Default\preferences ]
*************************
AdwCleaner[R0].txt - [9050 octets] - [30/03/2014 18:05:21]
AdwCleaner[S0].txt - [8589 octets] - [30/03/2014 18:12:26]
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [8649 octets] ##########
[/CODE] JRT Code:
ATTFilter ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.3 (03.23.2014:1)
OS: Windows 7 Home Premium x64
Ran by andreas on 30.03.2014 at 18:19:55,74
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~ Services
~~~ Registry Values
~~~ Registry Keys
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{00000000-6E41-4FD3-8538-502F5495E5FC}
~~~ Files
~~~ Folders
Successfully deleted: [Folder] "C:\Program Files (x86)\coupons"
~~~ FireFox
Successfully deleted: [File] C:\user.js
Successfully deleted: [Folder] C:\Users\andreas\AppData\Roaming\mozilla\firefox\profiles\f3er6lil.default\extensions\info@thebflix.com
~~~ Event Viewer Logs were cleared
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 30.03.2014 at 18:26:16,26
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
FRST FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 13-03-2014
Ran by andreas (administrator) on ANDREAS-PC on 30-03-2014 18:34:26
Running from C:\Users\andreas\Desktop
Windows 7 Home Premium Service Pack 1 (X64) OS Language: English(US)
Internet Explorer Version 11
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(NVIDIA Corporation) C:\windows\system32\nvvsvc.exe
(NVIDIA Corporation) C:\windows\system32\nvvsvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Microsoft Corporation) C:\windows\SysWOW64\svchost.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(Starfield Technologies) C:\Program Files (x86)\Workspace\offSyncService.exe
() C:\windows\SysWOW64\Rezip.exe
(SafeNet, Inc.) C:\Program Files\SafeNet\Authentication\SAC\x64\SACSrv.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Yahoo! Inc.) C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\Easy Display Manager\dmhkcore.exe
(SEC) C:\Program Files (x86)\Samsung\Samsung Recovery Solution 4\WCScheduler.exe
(SAMSUNG Electronics) C:\Program Files (x86)\Samsung\Samsung Support Center\SSCKbdHk.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.22.5\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.22.5\GoogleCrashHandler64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Microsoft Corporation) C:\Windows\WindowsMobile\wmdc.exe
(Akamai Technologies, Inc.) C:\Users\andreas\AppData\Local\Akamai\netsession_win.exe
(Starfield Technologies) C:\Users\andreas\AppData\Local\Workspace\workspacestatus.exe
(Akamai Technologies, Inc.) C:\Users\andreas\AppData\Local\Akamai\netsession_win.exe
(Starfield Technologies) C:\Users\andreas\AppData\Local\Workspace\WorkspaceUpdate.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(Dropbox, Inc.) C:\Users\andreas\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD8\PDVD8Serv.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(Avira Operations GmbH & Co. KG) C:\program files (x86)\avira\antivir desktop\ipmGui.exe
(Nero AG) C:\Program Files (x86)\Nero\Update\NASvc.exe
(Thisisu) C:\Users\andreas\Desktop\JRT.exe
(Microsoft Corporation) C:\windows\SysWOW64\cmd.exe
(Microsoft Corporation) C:\windows\SysWOW64\notepad.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2074408 2010-02-26] (Synaptics Incorporated)
HKLM\...\Run: [NvCplDaemon] - C:\windows\system32\NvCpl.dll [16413288 2010-02-10] (NVIDIA Corporation)
HKLM\...\Run: [Windows Mobile Device Center] - C:\Windows\WindowsMobile\wmdc.exe [660360 2007-05-31] (Microsoft Corporation)
HKLM-x32\...\Run: [RemoteControl8] - C:\Program Files (x86)\CyberLink\PowerDVD8\PDVD8Serv.exe [91432 2009-04-15] (CyberLink Corp.)
HKLM-x32\...\Run: [PDVD8LanguageShortcut] - C:\Program Files (x86)\CyberLink\PowerDVD8\Language\Language.exe [50472 2009-04-15] (CyberLink Corp.)
HKLM-x32\...\Run: [GrooveMonitor] - C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
HKLM-x32\...\Run: [Ad-Aware Browsing Protection] - C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe [198032 2011-10-21] (Lavasoft)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [avgnt] - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [689744 2014-02-20] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM-x32\...\Run: [HP Software Update] - C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard)
HKLM-x32\...\Run: [] - [X]
HKU\S-1-5-21-522234228-4192544273-3428825822-1001\...\Run: [Akamai NetSession Interface] - C:\Users\andreas\AppData\Local\Akamai\netsession_win.exe [4489472 2013-06-05] (Akamai Technologies, Inc.)
HKU\S-1-5-21-522234228-4192544273-3428825822-1001\...\Run: [swg] - C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2011-08-06] (Google Inc.)
HKU\S-1-5-21-522234228-4192544273-3428825822-1001\...\Run: [Workspace Status] - C:\Users\andreas\AppData\Local\Workspace\workspacestatus.exe [694760 2013-07-26] (Starfield Technologies)
HKU\S-1-5-21-522234228-4192544273-3428825822-1001\...\Run: [Skype] - C:\Program Files (x86)\Skype\Phone\Skype.exe [20922016 2014-02-10] (Skype Technologies S.A.)
HKU\S-1-5-21-522234228-4192544273-3428825822-1001\...\Run: [Starfield Updater] - C:\Users\andreas\AppData\Local\Workspace\WorkspaceUpdate.exe [35008 2013-05-26] (Starfield Technologies)
Startup: C:\Users\andreas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\andreas\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
Startup: C:\Users\andreas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
ShortcutTarget: OneNote 2007 Screen Clipper and Launcher.lnk -> C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:Tabs
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKCU - {92C33D4D-06C3-49C7-9BDC-3A342E3899AD} URL = hxxp://de.search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=chr-yie9
SearchScopes: HKCU - {AD20EAA2-12B9-46B5-BBB3-32A3A31661D2} URL = hxxp://www.flickr.com/search/?q={searchTerms}
SearchScopes: HKCU - {F3EC1F04-D859-491B-921C-C994A33669CD} URL = hxxp://search.zonealarm.com/search?src=sp&tbid=goughGA&Lan=de&q={searchTerms}&gu=386d05aab96640798e6ea6ac9f50f5fc&tu=10GXz00Au1C01g0&sku=&tstsId=&ver=&&r=334
BHO: Windows Live Family Safety Browser Helper Class - {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - C:\Program Files\Windows Live\Family Safety\fssbho.dll (Microsoft Corporation)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
BHO-x32: No Name - {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO-x32: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO-x32: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: Google Gears Helper - {E0FEFE40-FBF9-42AE-BA58-794CA7E3FB53} - C:\Program Files (x86)\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll (Google Inc.)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKCU - Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
DPF: HKLM-x32 {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)
Handler-x32: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
Handler-x32: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
Tcpip\..\Interfaces\{011E7012-FCC3-417B-B375-8A252ADD8B30}: [NameServer]193.189.244.206 193.189.244.225
Tcpip\..\Interfaces\{708DB8B2-E39B-4BEE-842B-07EC99E3E497}: [NameServer]193.189.244.206 193.189.244.225
Tcpip\..\Interfaces\{8B8CA7B7-057C-43EE-9A22-091EB0577D86}: [NameServer]193.189.244.206 193.189.244.225
FireFox:
========
FF ProfilePath: C:\Users\andreas\AppData\Roaming\Mozilla\Firefox\Profiles\f3er6lil.default
FF Homepage: hxxp://yahoo.de/
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/FlashPlayer - C:\windows\system32\Macromed\Flash\NPSWF64_11_1_102.dll ()
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @java.com/DTPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=14.0.8117.0416 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @starfield.com/off - C:\Users\andreas\AppData\Roaming\Mozilla\Plugins\npoff.dll ( Starfield Technologies, LLC.)
FF Plugin HKCU: @starfield.com/off64 - C:\Users\andreas\AppData\Roaming\Mozilla\Plugins\npoff64.dll ( Starfield Technologies, LLC.)
FF Plugin HKCU: @starfield.com/wbe - C:\Users\andreas\AppData\Roaming\Mozilla\Plugins\npwbe.dll (Starfield Technology, LLC)
FF Plugin HKCU: @starfield.com/wbe64 - C:\Users\andreas\AppData\Roaming\Mozilla\Plugins\npwbe64.dll (Starfield Technology, LLC)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Users\andreas\AppData\Roaming\mozilla\plugins\npoff.dll ( Starfield Technologies, LLC.)
FF Plugin ProgramFiles/Appdata: C:\Users\andreas\AppData\Roaming\mozilla\plugins\npoff64.dll ( Starfield Technologies, LLC.)
FF Plugin ProgramFiles/Appdata: C:\Users\andreas\AppData\Roaming\mozilla\plugins\npwbe.dll (Starfield Technology, LLC)
FF Plugin ProgramFiles/Appdata: C:\Users\andreas\AppData\Roaming\mozilla\plugins\npwbe64.dll (Starfield Technology, LLC)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: WBE Paste - C:\Users\andreas\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\wbepaste@starfield [2013-05-26]
FF Extension: Workspace Email Zoom - C:\Users\andreas\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\zoomext@starfield [2013-05-26]
FF Extension: Bluhell Firewall - C:\Users\andreas\AppData\Roaming\Mozilla\Firefox\Profiles\f3er6lil.default\Extensions\{6BB5760D-F97E-421B-AF5B-8457A90C3CED}.xpi [2013-12-15]
FF Extension: No Name - C:\Program Files (x86)\Mozilla Firefox\extensions\KavAntiBanner@Kaspersky.ru [2014-02-28]
FF Extension: Anti-Banner - C:\Program Files (x86)\Mozilla Firefox\extensions\KavAntiBanner@kaspersky.ru_bak [2014-02-28]
FF Extension: No Name - C:\Program Files (x86)\Mozilla Firefox\extensions\linkfilter@kaspersky.ru [2014-02-28]
FF Extension: Modul zur Link-Untersuchung - C:\Program Files (x86)\Mozilla Firefox\extensions\linkfilter@kaspersky.ru_bak [2014-02-28]
FF Extension: No Name - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2014-03-03]
FF HKLM-x32\...\Firefox\Extensions: [{000a9d1c-beef-4f90-9363-039d445309b8}] - C:\Program Files (x86)\Google\Google Gears\Firefox\
FF Extension: Google Gears - C:\Program Files (x86)\Google\Google Gears\Firefox\ []
FF HKLM-x32\...\Firefox\Extensions: [virtualKeyboard@kaspersky.ru] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\FFExt\virtualKeyboard@kaspersky.ru
FF HKLM-x32\...\Firefox\Extensions: [KavAntiBanner@Kaspersky.ru] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\FFExt\KavAntiBanner@kaspersky.ru
FF HKLM-x32\...\Firefox\Extensions: [linkfilter@kaspersky.ru] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\FFExt\linkfilter@kaspersky.ru
FF HKLM-x32\...\Firefox\Extensions: [{FFB96CC1-7EB3-449D-B827-DB661701C6BB}] - C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker
Chrome:
=======
CHR DefaultSearchURL: hxxp://www.google.de/search?hl=de&source=hp&q={searchTerms}
CHR DefaultNewTabURL:
CHR Extension: (Google Docs) - C:\Users\andreas\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-12-13]
CHR Extension: (Google Drive) - C:\Users\andreas\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-12-13]
CHR Extension: (YouTube) - C:\Users\andreas\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-12-13]
CHR Extension: (Google Search) - C:\Users\andreas\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-12-13]
CHR Extension: (Bflix extension) - C:\Users\andreas\AppData\Local\Google\Chrome\User Data\Default\Extensions\jlfihafpijfdgmojeeigcldgchhojpfp [2014-03-04]
CHR Extension: (Skype Click to Call) - C:\Users\andreas\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2014-03-04]
CHR Extension: (Google Wallet) - C:\Users\andreas\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-23]
CHR Extension: (Gmail) - C:\Users\andreas\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-12-13]
CHR HKLM-x32\...\Chrome\Extension: [jlfihafpijfdgmojeeigcldgchhojpfp] - C:\Program Files (x86)\BFlix\BFlix.crx [2011-12-19]
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2014-03-03]
==================== Services (Whitelisted) =================
R2 Akamai; c:\program files (x86)\common files\akamai/netsession_win_8fa3539.dll [4569856 2013-07-01] (Akamai Technologies, Inc.)
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [440400 2014-02-20] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [440400 2014-02-20] (Avira Operations GmbH & Co. KG)
S4 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\avwebg7.exe [1017424 2014-02-20] (Avira Operations GmbH & Co. KG)
S3 Autodesk Licensing Service; C:\Program Files (x86)\Common Files\Autodesk Shared\Service\AdskScSrv.exe [77944 2011-03-08] (Autodesk)
R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1363584 2014-03-03] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1748608 2014-03-03] (Microsoft Corporation)
R2 File Backup; C:\Program Files (x86)\Workspace\offSyncService.exe [1187040 2013-07-22] (Starfield Technologies)
R2 Rezip; C:\windows\SysWOW64\Rezip.exe [311296 2009-03-05] ()
R2 SACSrv; C:\Program Files\SafeNet\Authentication\SAC\x64\SACSrv.exe [10712 2011-10-02] (SafeNet, Inc.)
S4 mcmscsvc; C:\PROGRA~2\McAfee\MSC\mcmscsvc.exe [X]
S4 McNASvc; "c:\PROGRA~2\COMMON~1\mcafee\mna\mcnasvc.exe" [X]
S4 McProxy; c:\PROGRA~2\COMMON~1\mcafee\mcproxy\mcproxy.exe [X]
S4 MpfService; "C:\Program Files (x86)\McAfee\MPF\MPFSrv.exe" [X]
S2 MSK80Service; "C:\Program Files (x86)\McAfee\MSK\MskSrver.exe" [X]
==================== Drivers (Whitelisted) ====================
R3 AKSIFDH; C:\Windows\System32\DRIVERS\aksifdh.sys [62632 2008-07-30] (Aladdin Knowledge Systems, Ltd.)
S3 AKSUP; C:\Windows\System32\drivers\aksup.sys [44712 2008-07-30] (Aladdin Knowledge Systems, Ltd.)
U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [108440 2013-12-09] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [131576 2013-12-09] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-12-09] (Avira Operations GmbH & Co. KG)
R2 avnetflt; C:\Windows\System32\DRIVERS\avnetflt.sys [84720 2013-12-09] (Avira Operations GmbH & Co. KG)
S3 ewusbnet; C:\Windows\System32\DRIVERS\ewusbnet.sys [243200 2009-10-21] (Huawei Technologies Co., Ltd.)
S3 hwusbdev; C:\Windows\System32\DRIVERS\ewusbdev.sys [114304 2009-10-12] (Huawei Technologies Co., Ltd.)
R3 iKeyEnum; C:\Windows\System32\DRIVERS\ikeyenum.sys [16160 2010-07-08] (SafeNet, Inc.)
R3 iKeyIFD; C:\Windows\System32\DRIVERS\ikeyifd.sys [22304 2010-07-08] (SafeNet, Inc.)
U5 klflt; C:\Windows\System32\Drivers\klflt.sys [89944 2013-02-21] (Kaspersky Lab)
S4 MPFP; C:\Windows\System32\Drivers\Mpfp.sys [176144 2010-07-15] (McAfee, Inc.)
U5 RnbToken; C:\Windows\System32\Drivers\RnbToken.sys [24352 2010-07-08] (SafeNet, Inc.)
S3 rtport; C:\windows\SysWOW64\drivers\rtport.sys [15144 2010-11-05] (Windows (R) 2003 DDK 3790 provider)
S4 Serial; C:\Windows\system32\DRIVERS\serial.sys [94208 2009-07-14] (Brother Industries Ltd.)
S3 yukonw7; C:\Windows\System32\DRIVERS\yk62x64.sys [395264 2009-09-28] ()
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2014-03-30 18:26 - 2014-03-30 18:26 - 00001041 _____ () C:\Users\andreas\Desktop\JRT.txt
2014-03-30 18:19 - 2014-03-30 18:19 - 00000000 ____D () C:\windows\ERUNT
2014-03-30 18:18 - 2014-03-30 18:18 - 01038974 _____ (Thisisu) C:\Users\andreas\Downloads\JRT.exe
2014-03-30 18:18 - 2014-03-30 18:18 - 01038974 _____ (Thisisu) C:\Users\andreas\Desktop\JRT.exe
2014-03-30 18:05 - 2014-03-30 18:12 - 00000000 ____D () C:\AdwCleaner
2014-03-30 18:02 - 2014-03-30 18:02 - 01950720 _____ () C:\Users\andreas\Downloads\adwcleaner.exe
2014-03-30 18:02 - 2014-03-30 18:02 - 01950720 _____ () C:\Users\andreas\Desktop\adwcleaner.exe
2014-03-30 17:59 - 2014-03-30 17:59 - 00005242 _____ () C:\Users\andreas\Desktop\mbam.txt
2014-03-30 17:14 - 2014-03-30 17:19 - 00119512 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\MBAMSwissArmy.sys
2014-03-30 17:14 - 2014-03-30 17:16 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware
2014-03-30 17:14 - 2014-03-30 17:14 - 17523384 _____ (Malwarebytes Corporation ) C:\Users\andreas\Desktop\mbam-setup-2.0.0.1000.exe
2014-03-30 17:14 - 2014-03-05 09:26 - 00088280 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbamchameleon.sys
2014-03-30 17:14 - 2014-03-05 09:26 - 00063192 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mwac.sys
2014-03-30 17:13 - 2014-03-30 17:14 - 17523384 _____ (Malwarebytes Corporation ) C:\Users\andreas\Downloads\mbam-setup-2.0.0.1000.exe
2014-03-28 20:52 - 2014-03-28 20:52 - 00026370 _____ () C:\ComboFix.txt
2014-03-28 16:05 - 2011-06-26 08:45 - 00256000 _____ () C:\windows\PEV.exe
2014-03-28 16:05 - 2010-11-07 19:20 - 00208896 _____ () C:\windows\MBR.exe
2014-03-28 16:05 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\windows\NIRCMD.exe
2014-03-28 16:05 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\windows\SWREG.exe
2014-03-28 16:05 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\windows\SWSC.exe
2014-03-28 16:05 - 2000-08-31 02:00 - 00098816 _____ () C:\windows\sed.exe
2014-03-28 16:05 - 2000-08-31 02:00 - 00080412 _____ () C:\windows\grep.exe
2014-03-28 16:05 - 2000-08-31 02:00 - 00068096 _____ () C:\windows\zip.exe
2014-03-28 16:04 - 2014-03-28 20:53 - 00000000 ____D () C:\Qoobox
2014-03-28 16:04 - 2014-03-28 16:26 - 00000000 ____D () C:\windows\erdnt
2014-03-28 16:03 - 2014-03-28 16:03 - 05192353 ____R (Swearware) C:\Users\andreas\Desktop\ComboFix.exe
2014-03-28 16:03 - 2014-03-28 16:03 - 05192353 _____ (Swearware) C:\Users\andreas\Downloads\ComboFix.exe
2014-03-28 14:25 - 2014-03-28 14:25 - 00013270 _____ () C:\Users\andreas\Desktop\GMER.log
2014-03-28 14:14 - 2014-03-28 14:13 - 00380416 _____ () C:\Users\andreas\Desktop\Gmer-19357.exe
2014-03-28 14:13 - 2014-03-28 14:13 - 00380416 _____ () C:\Users\andreas\Downloads\Gmer-19357.exe
2014-03-28 14:11 - 2014-03-28 14:11 - 00039459 _____ () C:\Users\andreas\Desktop\Addition.txt
2014-03-28 14:10 - 2014-03-30 18:34 - 00021403 _____ () C:\Users\andreas\Desktop\FRST.txt
2014-03-28 14:10 - 2014-03-30 18:34 - 00000000 ____D () C:\FRST
2014-03-28 14:09 - 2014-03-28 14:09 - 02157056 _____ (Farbar) C:\Users\andreas\Desktop\FRST64.exe
2014-03-28 14:08 - 2014-03-28 14:09 - 02157056 _____ (Farbar) C:\Users\andreas\Downloads\FRST64.exe
2014-03-28 14:07 - 2014-03-28 14:07 - 01145856 _____ (Farbar) C:\Users\andreas\Downloads\FRST.exe
2014-03-28 14:06 - 2014-03-28 14:06 - 00000476 _____ () C:\Users\andreas\Desktop\defogger_disable.log
2014-03-28 14:06 - 2014-03-28 14:06 - 00000000 _____ () C:\Users\andreas\defogger_reenable
2014-03-28 14:05 - 2014-03-28 14:05 - 00050477 _____ () C:\Users\andreas\Downloads\Defogger.exe
2014-03-28 14:05 - 2014-03-28 14:05 - 00050477 _____ () C:\Users\andreas\Desktop\Defogger.exe
2014-03-28 11:00 - 2014-03-28 11:00 - 00167424 _____ () C:\Users\andreas\Downloads\OBRASCI ZAVRSNI 2013 - SEMNONES (2).xls
2014-03-28 10:59 - 2014-03-28 10:59 - 00167424 _____ () C:\Users\andreas\Downloads\OBRASCI ZAVRSNI 2013 - SEMNONES (1).xls
2014-03-28 10:57 - 2014-03-28 10:57 - 00167424 _____ () C:\Users\andreas\Downloads\OBRASCI ZAVRSNI 2013 - SEMNONES.xls
2014-03-22 15:26 - 2014-03-22 15:33 - 00064000 ____H () C:\Users\Guest\Desktop\~WRL3555.tmp
2014-03-22 14:25 - 2014-03-22 14:34 - 00009169 _____ () C:\Users\andreas\Documents\Bieter.xlsx
2014-03-22 10:03 - 2014-03-22 10:03 - 00000000 ____D () C:\Users\Guest\AppData\Local\Adobe
2014-03-22 10:02 - 2014-03-22 10:02 - 00000000 ____D () C:\Users\Guest\AppData\Local\Google
2014-03-22 09:35 - 2014-03-22 09:35 - 00000000 ____D () C:\Users\Guest\AppData\Roaming\Avira
2014-03-22 09:29 - 2014-03-22 09:29 - 00000000 ____H () C:\windows\system32\Drivers\Msft_User_wpdcomp_01_09_00.Wdf
2014-03-22 07:45 - 2014-03-22 07:45 - 00000000 ____D () C:\Users\Guest\Desktop\Bieterregistrierungen
2014-03-21 17:09 - 2014-03-30 17:14 - 00003942 _____ () C:\windows\System32\Tasks\User_Feed_Synchronization-{92299EF7-1E5C-417C-864B-B520F20C2A67}
2014-03-21 00:33 - 2014-03-22 16:21 - 00000000 ____D () C:\Users\Guest\Desktop\forms
2014-03-21 00:33 - 2014-03-21 00:33 - 00000000 ____D () C:\Users\Guest\Desktop\logo avus
2014-03-21 00:20 - 2014-03-21 00:20 - 00000000 ____D () C:\Users\Guest\AppData\Local\adaware
2014-03-21 00:19 - 2014-03-25 11:52 - 00000000 ____D () C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CyberLink DVD Suite
2014-03-21 00:19 - 2014-03-22 10:03 - 00000000 ____D () C:\Users\Guest\AppData\Roaming\Adobe
2014-03-21 00:19 - 2014-03-21 00:20 - 00000000 ___RD () C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-03-21 00:19 - 2014-03-21 00:20 - 00000000 ___RD () C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2014-03-21 00:19 - 2014-03-21 00:20 - 00000000 ____D () C:\Users\Guest\AppData\Local\VirtualStore
2014-03-21 00:19 - 2014-03-21 00:19 - 00001413 _____ () C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-03-21 00:19 - 2014-03-21 00:19 - 00000020 ___SH () C:\Users\Guest\ntuser.ini
2014-03-21 00:19 - 2014-03-21 00:19 - 00000000 ____D () C:\Users\Guest\AppData\Local\offsync
2014-03-21 00:19 - 2014-03-21 00:19 - 00000000 ____D () C:\Users\Guest
2014-03-21 00:19 - 2011-03-10 17:30 - 00000000 ____D () C:\Users\Guest\AppData\Local\Microsoft Help
2014-03-21 00:19 - 2011-03-06 20:34 - 00001135 _____ () C:\Users\Guest\Desktop\CyberLink YouCam.lnk
2014-03-21 00:19 - 2011-03-06 20:34 - 00000000 ____D () C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CyberLink YouCam
2014-03-21 00:19 - 2010-08-04 04:37 - 00001190 _____ () C:\Users\Guest\Desktop\CyberLink DVD Suite.lnk
2014-03-21 00:19 - 2009-07-14 06:54 - 00000000 ___RD () C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2014-03-21 00:19 - 2009-07-14 06:49 - 00000000 ___RD () C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2014-03-13 22:26 - 2014-03-01 07:17 - 02724864 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb
2014-03-13 22:26 - 2014-03-01 07:16 - 00004096 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollectorres.dll
2014-03-13 22:26 - 2014-03-01 06:58 - 02765824 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
2014-03-13 22:26 - 2014-03-01 06:52 - 00066048 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll
2014-03-13 22:26 - 2014-03-01 06:51 - 00048640 _____ (Microsoft Corporation) C:\windows\system32\ieetwproxystub.dll
2014-03-13 22:26 - 2014-03-01 06:40 - 00033792 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll
2014-03-13 22:26 - 2014-03-01 06:30 - 17074688 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll
2014-03-13 22:26 - 2014-03-01 06:17 - 00218624 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe
2014-03-13 22:26 - 2014-03-01 06:11 - 02724864 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.tlb
2014-03-13 22:26 - 2014-03-01 05:52 - 00061952 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesetup.dll
2014-03-13 22:26 - 2014-03-01 05:51 - 00051200 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieetwproxystub.dll
2014-03-13 22:26 - 2014-03-01 05:47 - 02168320 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll
2014-03-13 22:26 - 2014-03-01 05:43 - 00043008 _____ (Microsoft Corporation) C:\windows\SysWOW64\jsproxy.dll
2014-03-13 22:26 - 2014-03-01 05:43 - 00032768 _____ (Microsoft Corporation) C:\windows\SysWOW64\iernonce.dll
2014-03-13 22:26 - 2014-03-01 05:42 - 00627200 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll
2014-03-13 22:26 - 2014-03-01 05:40 - 00440832 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieui.dll
2014-03-13 22:26 - 2014-03-01 05:38 - 00112128 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieUnatt.exe
2014-03-13 22:26 - 2014-03-01 05:37 - 00553472 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9diag.dll
2014-03-13 22:26 - 2014-03-01 05:35 - 02041856 _____ (Microsoft Corporation) C:\windows\system32\inetcpl.cpl
2014-03-13 22:26 - 2014-03-01 05:14 - 04244480 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll
2014-03-13 22:26 - 2014-03-01 05:03 - 00524288 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll
2014-03-13 22:26 - 2014-03-01 05:00 - 01964032 _____ (Microsoft Corporation) C:\windows\SysWOW64\inetcpl.cpl
2014-03-13 22:26 - 2014-03-01 04:57 - 11266048 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll
2014-03-13 22:26 - 2014-03-01 04:38 - 01393664 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
2014-03-13 22:26 - 2014-03-01 04:27 - 01156096 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll
2014-03-13 22:26 - 2014-02-07 03:23 - 03156480 _____ (Microsoft Corporation) C:\windows\system32\win32k.sys
2014-03-13 22:26 - 2014-01-29 04:32 - 00484864 _____ (Microsoft Corporation) C:\windows\system32\wer.dll
2014-03-13 22:26 - 2014-01-29 04:06 - 00381440 _____ (Microsoft Corporation) C:\windows\SysWOW64\wer.dll
2014-03-13 22:26 - 2014-01-28 04:32 - 00228864 _____ (Microsoft Corporation) C:\windows\system32\wwansvc.dll
2014-03-13 22:25 - 2014-03-01 08:05 - 23133696 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2014-03-13 22:25 - 2014-03-01 06:42 - 00053760 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll
2014-03-13 22:25 - 2014-03-01 06:37 - 00574976 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll
2014-03-13 22:25 - 2014-03-01 06:33 - 00139264 _____ (Microsoft Corporation) C:\windows\system32\ieUnatt.exe
2014-03-13 22:25 - 2014-03-01 06:33 - 00111616 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollector.exe
2014-03-13 22:25 - 2014-03-01 06:32 - 00708608 _____ (Microsoft Corporation) C:\windows\system32\jscript9diag.dll
2014-03-13 22:25 - 2014-03-01 06:23 - 00940032 _____ (Microsoft Corporation) C:\windows\system32\MsSpellCheckingFacility.exe
2014-03-13 22:25 - 2014-03-01 06:02 - 00195584 _____ (Microsoft Corporation) C:\windows\system32\msrating.dll
2014-03-13 22:25 - 2014-03-01 05:54 - 05768704 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
2014-03-13 22:25 - 2014-03-01 05:18 - 13051904 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
2014-03-13 22:25 - 2014-03-01 05:16 - 00164864 _____ (Microsoft Corporation) C:\windows\SysWOW64\msrating.dll
2014-03-13 22:25 - 2014-03-01 05:10 - 02334208 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
2014-03-13 22:25 - 2014-03-01 04:32 - 01820160 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll
2014-03-13 22:25 - 2014-03-01 04:25 - 00817664 _____ (Microsoft Corporation) C:\windows\system32\ieapfltr.dll
2014-03-13 22:25 - 2014-03-01 04:25 - 00703488 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieapfltr.dll
2014-03-13 22:24 - 2014-02-04 04:32 - 01424384 _____ (Microsoft Corporation) C:\windows\system32\WindowsCodecs.dll
2014-03-13 22:24 - 2014-02-04 04:32 - 00624128 _____ (Microsoft Corporation) C:\windows\system32\qedit.dll
2014-03-13 22:24 - 2014-02-04 04:04 - 01230336 _____ (Microsoft Corporation) C:\windows\SysWOW64\WindowsCodecs.dll
2014-03-13 22:24 - 2014-02-04 04:04 - 00509440 _____ (Microsoft Corporation) C:\windows\SysWOW64\qedit.dll
2014-03-04 10:46 - 2014-03-04 10:46 - 00001109 _____ () C:\Users\andreas\Desktop\desktoptools.lnk
2014-02-28 17:55 - 2014-02-28 17:55 - 00002699 _____ () C:\Users\Public\Desktop\Skype.lnk
2014-02-28 17:55 - 2014-02-28 17:55 - 00000000 ____D () C:\Users\andreas\AppData\Local\Skype
2014-02-28 17:46 - 2014-02-28 17:46 - 00001074 _____ () C:\Users\andreas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\join.me.lnk
2014-02-28 17:46 - 2014-02-28 17:46 - 00000000 ____D () C:\Users\andreas\AppData\Local\join.me
2014-02-28 16:14 - 2014-02-28 16:14 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
==================== One Month Modified Files and Folders =======
2014-03-30 18:35 - 2014-03-28 14:10 - 00021403 _____ () C:\Users\andreas\Desktop\FRST.txt
2014-03-30 18:34 - 2014-03-28 14:10 - 00000000 ____D () C:\FRST
2014-03-30 18:26 - 2014-03-30 18:26 - 00001041 _____ () C:\Users\andreas\Desktop\JRT.txt
2014-03-30 18:23 - 2011-03-06 20:52 - 00000000 ____D () C:\Users\andreas\AppData\Roaming\Skype
2014-03-30 18:23 - 2009-07-14 06:45 - 00014144 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-03-30 18:23 - 2009-07-14 06:45 - 00014144 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-03-30 18:19 - 2014-03-30 18:19 - 00000000 ____D () C:\windows\ERUNT
2014-03-30 18:18 - 2014-03-30 18:18 - 01038974 _____ (Thisisu) C:\Users\andreas\Downloads\JRT.exe
2014-03-30 18:18 - 2014-03-30 18:18 - 01038974 _____ (Thisisu) C:\Users\andreas\Desktop\JRT.exe
2014-03-30 18:18 - 2009-07-14 07:13 - 00801824 _____ () C:\windows\system32\PerfStringBackup.INI
2014-03-30 18:16 - 2014-01-15 21:44 - 00000000 ___RD () C:\Users\andreas\Desktop\Dropbox
2014-03-30 18:16 - 2014-01-15 21:25 - 00000000 ____D () C:\Users\andreas\AppData\Roaming\Dropbox
2014-03-30 18:15 - 2011-03-06 20:21 - 00000000 ____D () C:\Users\andreas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CyberLink DVD Suite
2014-03-30 18:14 - 2011-03-09 15:40 - 00001108 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-03-30 18:13 - 2013-12-14 14:12 - 00019260 _____ () C:\windows\setupact.log
2014-03-30 18:13 - 2010-08-04 04:27 - 01490285 _____ () C:\windows\WindowsUpdate.log
2014-03-30 18:13 - 2009-07-14 07:08 - 00000006 ____H () C:\windows\Tasks\SA.DAT
2014-03-30 18:12 - 2014-03-30 18:05 - 00000000 ____D () C:\AdwCleaner
2014-03-30 18:03 - 2014-01-22 10:00 - 00000830 _____ () C:\windows\Tasks\Adobe Flash Player Updater.job
2014-03-30 18:02 - 2014-03-30 18:02 - 01950720 _____ () C:\Users\andreas\Downloads\adwcleaner.exe
2014-03-30 18:02 - 2014-03-30 18:02 - 01950720 _____ () C:\Users\andreas\Desktop\adwcleaner.exe
2014-03-30 17:59 - 2014-03-30 17:59 - 00005242 _____ () C:\Users\andreas\Desktop\mbam.txt
2014-03-30 17:41 - 2011-03-09 15:40 - 00001112 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-03-30 17:19 - 2014-03-30 17:14 - 00119512 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\MBAMSwissArmy.sys
2014-03-30 17:16 - 2014-03-30 17:14 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware
2014-03-30 17:16 - 2014-01-23 16:33 - 00001102 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-03-30 17:14 - 2014-03-30 17:14 - 17523384 _____ (Malwarebytes Corporation ) C:\Users\andreas\Desktop\mbam-setup-2.0.0.1000.exe
2014-03-30 17:14 - 2014-03-30 17:13 - 17523384 _____ (Malwarebytes Corporation ) C:\Users\andreas\Downloads\mbam-setup-2.0.0.1000.exe
2014-03-30 17:14 - 2014-03-21 17:09 - 00003942 _____ () C:\windows\System32\Tasks\User_Feed_Synchronization-{92299EF7-1E5C-417C-864B-B520F20C2A67}
2014-03-30 17:14 - 2013-01-10 13:46 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-03-30 17:06 - 2013-12-15 10:46 - 00571470 _____ () C:\windows\PFRO.log
2014-03-28 20:53 - 2014-03-28 16:04 - 00000000 ____D () C:\Qoobox
2014-03-28 20:52 - 2014-03-28 20:52 - 00026370 _____ () C:\ComboFix.txt
2014-03-28 20:52 - 2009-07-14 05:20 - 00000000 __RHD () C:\Users\Default
2014-03-28 16:26 - 2014-03-28 16:04 - 00000000 ____D () C:\windows\erdnt
2014-03-28 16:18 - 2009-07-14 04:34 - 00000215 _____ () C:\windows\system.ini
2014-03-28 16:15 - 2012-07-13 13:34 - 00000000 ____D () C:\Users\andreas\AppData\Roaming\convert
2014-03-28 16:15 - 2012-01-26 23:21 - 00000000 ____D () C:\Program Files (x86)\BFlix
2014-03-28 16:03 - 2014-03-28 16:03 - 05192353 ____R (Swearware) C:\Users\andreas\Desktop\ComboFix.exe
2014-03-28 16:03 - 2014-03-28 16:03 - 05192353 _____ (Swearware) C:\Users\andreas\Downloads\ComboFix.exe
2014-03-28 14:25 - 2014-03-28 14:25 - 00013270 _____ () C:\Users\andreas\Desktop\GMER.log
2014-03-28 14:13 - 2014-03-28 14:14 - 00380416 _____ () C:\Users\andreas\Desktop\Gmer-19357.exe
2014-03-28 14:13 - 2014-03-28 14:13 - 00380416 _____ () C:\Users\andreas\Downloads\Gmer-19357.exe
2014-03-28 14:11 - 2014-03-28 14:11 - 00039459 _____ () C:\Users\andreas\Desktop\Addition.txt
2014-03-28 14:09 - 2014-03-28 14:09 - 02157056 _____ (Farbar) C:\Users\andreas\Desktop\FRST64.exe
2014-03-28 14:09 - 2014-03-28 14:08 - 02157056 _____ (Farbar) C:\Users\andreas\Downloads\FRST64.exe
2014-03-28 14:07 - 2014-03-28 14:07 - 01145856 _____ (Farbar) C:\Users\andreas\Downloads\FRST.exe
2014-03-28 14:06 - 2014-03-28 14:06 - 00000476 _____ () C:\Users\andreas\Desktop\defogger_disable.log
2014-03-28 14:06 - 2014-03-28 14:06 - 00000000 _____ () C:\Users\andreas\defogger_reenable
2014-03-28 14:06 - 2011-03-06 20:21 - 00000000 ____D () C:\Users\andreas
2014-03-28 14:05 - 2014-03-28 14:05 - 00050477 _____ () C:\Users\andreas\Downloads\Defogger.exe
2014-03-28 14:05 - 2014-03-28 14:05 - 00050477 _____ () C:\Users\andreas\Desktop\Defogger.exe
2014-03-28 13:25 - 2013-08-06 14:09 - 00000000 ____D () C:\Users\andreas\Desktop\Classic Car Auction
2014-03-28 11:00 - 2014-03-28 11:00 - 00167424 _____ () C:\Users\andreas\Downloads\OBRASCI ZAVRSNI 2013 - SEMNONES (2).xls
2014-03-28 10:59 - 2014-03-28 10:59 - 00167424 _____ () C:\Users\andreas\Downloads\OBRASCI ZAVRSNI 2013 - SEMNONES (1).xls
2014-03-28 10:57 - 2014-03-28 10:57 - 00167424 _____ () C:\Users\andreas\Downloads\OBRASCI ZAVRSNI 2013 - SEMNONES.xls
2014-03-25 11:52 - 2014-03-21 00:19 - 00000000 ____D () C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CyberLink DVD Suite
2014-03-24 17:06 - 2014-02-22 15:14 - 00000000 ____D () C:\Users\andreas\Desktop\semnones jdoo
2014-03-22 16:21 - 2014-03-21 00:33 - 00000000 ____D () C:\Users\Guest\Desktop\forms
2014-03-22 15:33 - 2014-03-22 15:26 - 00064000 ____H () C:\Users\Guest\Desktop\~WRL3555.tmp
2014-03-22 14:34 - 2014-03-22 14:25 - 00009169 _____ () C:\Users\andreas\Documents\Bieter.xlsx
2014-03-22 10:03 - 2014-03-22 10:03 - 00000000 ____D () C:\Users\Guest\AppData\Local\Adobe
2014-03-22 10:03 - 2014-03-21 00:19 - 00000000 ____D () C:\Users\Guest\AppData\Roaming\Adobe
2014-03-22 10:02 - 2014-03-22 10:02 - 00000000 ____D () C:\Users\Guest\AppData\Local\Google
2014-03-22 09:35 - 2014-03-22 09:35 - 00000000 ____D () C:\Users\Guest\AppData\Roaming\Avira
2014-03-22 09:29 - 2014-03-22 09:29 - 00000000 ____H () C:\windows\system32\Drivers\Msft_User_wpdcomp_01_09_00.Wdf
2014-03-22 07:45 - 2014-03-22 07:45 - 00000000 ____D () C:\Users\Guest\Desktop\Bieterregistrierungen
2014-03-21 18:48 - 2009-07-14 05:20 - 00000000 ____D () C:\windows\system32\NDF
2014-03-21 00:33 - 2014-03-21 00:33 - 00000000 ____D () C:\Users\Guest\Desktop\logo avus
2014-03-21 00:20 - 2014-03-21 00:20 - 00000000 ____D () C:\Users\Guest\AppData\Local\adaware
2014-03-21 00:20 - 2014-03-21 00:19 - 00000000 ___RD () C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-03-21 00:20 - 2014-03-21 00:19 - 00000000 ___RD () C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2014-03-21 00:20 - 2014-03-21 00:19 - 00000000 ____D () C:\Users\Guest\AppData\Local\VirtualStore
2014-03-21 00:19 - 2014-03-21 00:19 - 00001413 _____ () C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-03-21 00:19 - 2014-03-21 00:19 - 00000020 ___SH () C:\Users\Guest\ntuser.ini
2014-03-21 00:19 - 2014-03-21 00:19 - 00000000 ____D () C:\Users\Guest\AppData\Local\offsync
2014-03-21 00:19 - 2014-03-21 00:19 - 00000000 ____D () C:\Users\Guest
2014-03-20 22:52 - 2011-07-21 12:47 - 00000000 ____D () C:\Users\andreas\Desktop\james
2014-03-18 19:17 - 2011-04-06 11:41 - 00000000 ____D () C:\Users\andreas\Desktop\Roccadoro
2014-03-18 00:43 - 2013-08-15 08:57 - 00000000 ____D () C:\windows\system32\MRT
2014-03-18 00:41 - 2011-03-19 11:57 - 90015360 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe
2014-03-17 10:16 - 2011-03-08 22:20 - 00000000 ____D () C:\Users\andreas\Desktop\THE VIEW Villas doo
2014-03-16 21:04 - 2011-06-04 11:26 - 00000000 ____D () C:\Users\andreas\Desktop\Inntal Montenegro
2014-03-16 20:12 - 2011-03-06 20:43 - 00000000 ___RD () C:\Users\andreas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-03-16 16:17 - 2011-03-20 19:43 - 00000000 ____D () C:\Users\andreas\Desktop\montague stein
2014-03-15 20:29 - 2011-04-05 15:32 - 00002175 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-03-14 13:57 - 2014-02-14 10:37 - 00000000 ____D () C:\Users\andreas\Desktop\Photos portals
2014-03-14 10:32 - 2010-08-04 04:29 - 00000000 ___RD () C:\Program Files (x86)\Skype
2014-03-14 08:36 - 2009-07-14 06:45 - 00426592 _____ () C:\windows\system32\FNTCACHE.DAT
2014-03-14 08:34 - 2013-03-14 00:27 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2014-03-14 08:34 - 2013-03-14 00:27 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2014-03-14 03:16 - 2011-03-08 19:36 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-03-14 01:06 - 2013-05-26 18:55 - 00000000 ____D () C:\Users\andreas\AppData\Local\Workspace
2014-03-05 09:26 - 2014-03-30 17:14 - 00088280 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbamchameleon.sys
2014-03-05 09:26 - 2014-03-30 17:14 - 00063192 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mwac.sys
2014-03-05 09:26 - 2014-01-23 16:33 - 00025816 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbam.sys
2014-03-04 10:46 - 2014-03-04 10:46 - 00001109 _____ () C:\Users\andreas\Desktop\desktoptools.lnk
2014-03-01 08:05 - 2014-03-13 22:25 - 23133696 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2014-03-01 07:17 - 2014-03-13 22:26 - 02724864 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb
2014-03-01 07:16 - 2014-03-13 22:26 - 00004096 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollectorres.dll
2014-03-01 06:58 - 2014-03-13 22:26 - 02765824 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
2014-03-01 06:52 - 2014-03-13 22:26 - 00066048 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll
2014-03-01 06:51 - 2014-03-13 22:26 - 00048640 _____ (Microsoft Corporation) C:\windows\system32\ieetwproxystub.dll
2014-03-01 06:42 - 2014-03-13 22:25 - 00053760 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll
2014-03-01 06:40 - 2014-03-13 22:26 - 00033792 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll
2014-03-01 06:37 - 2014-03-13 22:25 - 00574976 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll
2014-03-01 06:33 - 2014-03-13 22:25 - 00139264 _____ (Microsoft Corporation) C:\windows\system32\ieUnatt.exe
2014-03-01 06:33 - 2014-03-13 22:25 - 00111616 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollector.exe
2014-03-01 06:32 - 2014-03-13 22:25 - 00708608 _____ (Microsoft Corporation) C:\windows\system32\jscript9diag.dll
2014-03-01 06:30 - 2014-03-13 22:26 - 17074688 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll
2014-03-01 06:23 - 2014-03-13 22:25 - 00940032 _____ (Microsoft Corporation) C:\windows\system32\MsSpellCheckingFacility.exe
2014-03-01 06:17 - 2014-03-13 22:26 - 00218624 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe
2014-03-01 06:11 - 2014-03-13 22:26 - 02724864 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.tlb
2014-03-01 06:02 - 2014-03-13 22:25 - 00195584 _____ (Microsoft Corporation) C:\windows\system32\msrating.dll
2014-03-01 05:54 - 2014-03-13 22:25 - 05768704 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
2014-03-01 05:52 - 2014-03-13 22:26 - 00061952 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesetup.dll
2014-03-01 05:51 - 2014-03-13 22:26 - 00051200 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieetwproxystub.dll
2014-03-01 05:47 - 2014-03-13 22:26 - 02168320 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll
2014-03-01 05:43 - 2014-03-13 22:26 - 00043008 _____ (Microsoft Corporation) C:\windows\SysWOW64\jsproxy.dll
2014-03-01 05:43 - 2014-03-13 22:26 - 00032768 _____ (Microsoft Corporation) C:\windows\SysWOW64\iernonce.dll
2014-03-01 05:42 - 2014-03-13 22:26 - 00627200 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll
2014-03-01 05:40 - 2014-03-13 22:26 - 00440832 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieui.dll
2014-03-01 05:38 - 2014-03-13 22:26 - 00112128 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieUnatt.exe
2014-03-01 05:37 - 2014-03-13 22:26 - 00553472 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9diag.dll
2014-03-01 05:35 - 2014-03-13 22:26 - 02041856 _____ (Microsoft Corporation) C:\windows\system32\inetcpl.cpl
2014-03-01 05:18 - 2014-03-13 22:25 - 13051904 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
2014-03-01 05:16 - 2014-03-13 22:25 - 00164864 _____ (Microsoft Corporation) C:\windows\SysWOW64\msrating.dll
2014-03-01 05:14 - 2014-03-13 22:26 - 04244480 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll
2014-03-01 05:10 - 2014-03-13 22:25 - 02334208 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
2014-03-01 05:03 - 2014-03-13 22:26 - 00524288 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll
2014-03-01 05:00 - 2014-03-13 22:26 - 01964032 _____ (Microsoft Corporation) C:\windows\SysWOW64\inetcpl.cpl
2014-03-01 04:57 - 2014-03-13 22:26 - 11266048 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll
2014-03-01 04:38 - 2014-03-13 22:26 - 01393664 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
2014-03-01 04:32 - 2014-03-13 22:25 - 01820160 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll
2014-03-01 04:27 - 2014-03-13 22:26 - 01156096 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll
2014-03-01 04:25 - 2014-03-13 22:25 - 00817664 _____ (Microsoft Corporation) C:\windows\system32\ieapfltr.dll
2014-03-01 04:25 - 2014-03-13 22:25 - 00703488 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieapfltr.dll
2014-02-28 17:55 - 2014-02-28 17:55 - 00002699 _____ () C:\Users\Public\Desktop\Skype.lnk
2014-02-28 17:55 - 2014-02-28 17:55 - 00000000 ____D () C:\Users\andreas\AppData\Local\Skype
2014-02-28 17:55 - 2010-08-04 04:29 - 00000000 ____D () C:\ProgramData\Skype
2014-02-28 17:51 - 2014-01-21 21:49 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-02-28 17:46 - 2014-02-28 17:46 - 00001074 _____ () C:\Users\andreas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\join.me.lnk
2014-02-28 17:46 - 2014-02-28 17:46 - 00000000 ____D () C:\Users\andreas\AppData\Local\join.me
2014-02-28 16:14 - 2014-02-28 16:14 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
Some content of TEMP:
====================
C:\Users\andreas\AppData\Local\Temp\avgnt.exe
C:\Users\andreas\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmputjrjb.dll
C:\Users\andreas\AppData\Local\Temp\Quarantine.exe
==================== Bamital & volsnap Check =================
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
LastRegBack: 2014-03-20 10:45
==================== End Of Log ============================
Dankeschön. Gruß, Andi |
|
31.03.2014, 12:48
| #6 |
| /// the machine /// TB-Ausbilder | Spam Mails werden von yahoo account verschickt - auch nach PasswortänderungESET Online Scanner
Downloade Dir bitte  SecurityCheck und:
und ein frisches FRST log bitte. Noch Probleme? 
__________________ --> Spam Mails werden von yahoo account verschickt - auch nach Passwortänderung |
|
31.03.2014, 21:35
| #7 |
| | Spam Mails werden von yahoo account verschickt - auch nach Passwortänderung Hi, hab jetzt ein neues Problem. Jetzt erscheinen ganz viele Sachen in Texten grün unterstrichen. Und ständig öffnen sich jetzt Werbebanner usw. Ich drücke z.B. hier im Forum auf Antworten und es öffnet sich eine ganz andere Seite mit dem Hinweis, das System sei veraltet und man müsste ein update machen oder sonst was runterladen  Hier jetzt trotzdem schon mal das ESET Logfile Code:
ATTFilter ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=7066e9d656ce8e4f86a6a74847b6be78
# engine=17691
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2014-03-31 08:11:31
# local_time=2014-03-31 10:11:31 (+0100, W. Europe Daylight Time)
# country="Germany"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=1799 16775165 100 94 45869 9714853 38640 0
# compatibility_mode=5893 16776574 100 94 9281290 147926541 0 0
# scanned=222487
# found=9
# cleaned=0
# scan_time=25453
sh=9E50EC17198DA4BEEFA3C1BEF347EE9996908CD5 ft=1 fh=c71c00110735cd47 vn="a variant of Win32/AdWare.AddLyrics.AI application" ac=I fn="C:\Program Files (x86)\Re-Markable Corp\ReMar.exe"
sh=6B307FFD9A36A748A38782F77DA9C36E74BC6787 ft=1 fh=39b8107e0a2101ba vn="a variant of Win32/AdWare.AddLyrics.AH application" ac=I fn="C:\Program Files (x86)\Re-Markable Corp\Uninstall.exe"
sh=B85EA2F6DCB36DE3AA938C56C13463582AE92043 ft=1 fh=c73bfdccdb739175 vn="a variant of MSIL/Adware.PullUpdate.D application" ac=I fn="C:\ProgramData\Radsteroids\Radsteroids.exe"
sh=0664AC25EF94602CC130BFD8138256ABEF676F46 ft=1 fh=2831b17f5ec51586 vn="a variant of MSIL/Adware.PullUpdate.A application" ac=I fn="C:\ProgramData\Radsteroids\RadsteroidsService.exe"
sh=B85EA2F6DCB36DE3AA938C56C13463582AE92043 ft=1 fh=c73bfdccdb739175 vn="a variant of MSIL/Adware.PullUpdate.D application" ac=I fn="C:\Users\All Users\Radsteroids\Radsteroids.exe"
sh=0664AC25EF94602CC130BFD8138256ABEF676F46 ft=1 fh=2831b17f5ec51586 vn="a variant of MSIL/Adware.PullUpdate.A application" ac=I fn="C:\Users\All Users\Radsteroids\RadsteroidsService.exe"
sh=A9B34FFF631A93427E25A5F56B26057EEE6AF32F ft=1 fh=362623e17ed43977 vn="a variant of MSIL/Adware.PullUpdate.C application" ac=I fn="C:\Windows\System32\Radsteroids.33AABCF1AD13.dll"
sh=A9B34FFF631A93427E25A5F56B26057EEE6AF32F ft=1 fh=362623e17ed43977 vn="a variant of MSIL/Adware.PullUpdate.C application" ac=I fn="C:\Windows\SysWOW64\Radsteroids.33AABCF1AD13.dll"
sh=0000000000000000000000000000000000000000 ft=- fh=0000000000000000 vn="multiple threats" ac=I fn="${Memory}"
UNSUPPORTED OPERATING SYSTEM! ABORTED! Was nun? Geändert von Andi64 (31.03.2014 um 21:41 Uhr) |
|
01.04.2014, 12:45
| #8 |
| /// the machine /// TB-Ausbilder | Spam Mails werden von yahoo account verschickt - auch nach Passwortänderung Frst öffnen, Haken setzen bei Additional und scannen, poste bitte beide Logfiles. In welchem Browser hast du jetzt die Probleme?
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
02.04.2014, 14:02
| #9 |
| | Spam Mails werden von yahoo account verschickt - auch nach Passwortänderung Hi Schrauber, eigentlich benutze ich Google Chrom. Habe jetzt Firefox und Internet Explorer ausprobiert und da besteht das gleiche Problem. Zusätzlich läuft jetzt im Hintergrund noch Werbung und Musik :-( Hier die LogFiles: FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 13-03-2014
Ran by andreas (administrator) on ANDREAS-PC on 02-04-2014 14:39:51
Running from C:\Users\andreas\Desktop
Windows 7 Home Premium Service Pack 1 (X64) OS Language: English(US)
Internet Explorer Version 11
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(NVIDIA Corporation) C:\windows\system32\nvvsvc.exe
(NVIDIA Corporation) C:\windows\system32\nvvsvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Microsoft Corporation) C:\windows\SysWOW64\svchost.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(Starfield Technologies) C:\Program Files (x86)\Workspace\offSyncService.exe
(Deals Interactive Media, LLC) C:\ProgramData\Radsteroids\RadsteroidsService.exe
() C:\Program Files (x86)\Re-Markable Corp\Re-Markable_wd.exe
() C:\Program Files (x86)\Re-Markable Corp\ReMar.exe
(SEC) C:\Program Files (x86)\Samsung\Samsung Recovery Solution 4\WCScheduler.exe
(Samsung Electronics Co., Ltd.) C:\Program Files (x86)\SAMSUNG\EasySpeedUpManager\EasySpeedUpManager.exe
(Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\Easy Display Manager\dmhkcore.exe
(SAMSUNG Electronics) C:\Program Files (x86)\Samsung\Samsung Support Center\SSCKbdHk.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.22.5\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.22.5\GoogleCrashHandler64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
() C:\Program Files (x86)\Re-Markable Corp\Re-Markable158.exe
() C:\windows\SysWOW64\Rezip.exe
(SafeNet, Inc.) C:\Program Files\SafeNet\Authentication\SAC\x64\SACSrv.exe
(Microsoft Corporation) C:\Windows\WindowsMobile\wmdc.exe
(Akamai Technologies, Inc.) C:\Users\andreas\AppData\Local\Akamai\netsession_win.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Starfield Technologies) C:\Users\andreas\AppData\Local\Workspace\workspacestatus.exe
(Akamai Technologies, Inc.) C:\Users\andreas\AppData\Local\Akamai\netsession_win.exe
(Yahoo! Inc.) C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(Starfield Technologies) C:\Users\andreas\AppData\Local\Workspace\workspaceupdate.exe
(Dropbox, Inc.) C:\Users\andreas\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD8\PDVD8Serv.exe
(Lavasoft) C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(Deals Interactive Media, LLC) C:\ProgramData\Radsteroids\Radsteroids.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2074408 2010-02-26] (Synaptics Incorporated)
HKLM\...\Run: [NvCplDaemon] - C:\windows\system32\NvCpl.dll [16413288 2010-02-10] (NVIDIA Corporation)
HKLM\...\Run: [Windows Mobile Device Center] - C:\Windows\WindowsMobile\wmdc.exe [660360 2007-05-31] (Microsoft Corporation)
HKLM-x32\...\Run: [RemoteControl8] - C:\Program Files (x86)\CyberLink\PowerDVD8\PDVD8Serv.exe [91432 2009-04-15] (CyberLink Corp.)
HKLM-x32\...\Run: [PDVD8LanguageShortcut] - C:\Program Files (x86)\CyberLink\PowerDVD8\Language\Language.exe [50472 2009-04-15] (CyberLink Corp.)
HKLM-x32\...\Run: [GrooveMonitor] - C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
HKLM-x32\...\Run: [Ad-Aware Browsing Protection] - C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe [198032 2011-10-21] (Lavasoft)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [avgnt] - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [689744 2014-02-20] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM-x32\...\Run: [HP Software Update] - C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard)
HKLM-x32\...\Run: [] - [X]
HKU\S-1-5-21-522234228-4192544273-3428825822-1001\...\Run: [Akamai NetSession Interface] - C:\Users\andreas\AppData\Local\Akamai\netsession_win.exe [4489472 2013-06-05] (Akamai Technologies, Inc.)
HKU\S-1-5-21-522234228-4192544273-3428825822-1001\...\Run: [swg] - C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2011-08-06] (Google Inc.)
HKU\S-1-5-21-522234228-4192544273-3428825822-1001\...\Run: [Workspace Status] - C:\Users\andreas\AppData\Local\Workspace\workspacestatus.exe [694760 2013-07-26] (Starfield Technologies)
HKU\S-1-5-21-522234228-4192544273-3428825822-1001\...\Run: [Skype] - C:\Program Files (x86)\Skype\Phone\Skype.exe [20922016 2014-02-10] (Skype Technologies S.A.)
HKU\S-1-5-21-522234228-4192544273-3428825822-1001\...\Run: [Starfield Updater] - C:\Users\andreas\AppData\Local\Workspace\WorkspaceUpdate.exe [35008 2013-05-26] (Starfield Technologies)
Startup: C:\Users\andreas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\andreas\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
Startup: C:\Users\andreas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
ShortcutTarget: OneNote 2007 Screen Clipper and Launcher.lnk -> C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
==================== Internet (Whitelisted) ====================
ProxyEnable: Internet Explorer proxy is enabled.
ProxyServer: http=127.0.0.1:13828
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:Tabs
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKCU - {92C33D4D-06C3-49C7-9BDC-3A342E3899AD} URL = hxxp://de.search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=chr-yie9
SearchScopes: HKCU - {AD20EAA2-12B9-46B5-BBB3-32A3A31661D2} URL = hxxp://www.flickr.com/search/?q={searchTerms}
SearchScopes: HKCU - {F3EC1F04-D859-491B-921C-C994A33669CD} URL = hxxp://search.zonealarm.com/search?src=sp&tbid=goughGA&Lan=de&q={searchTerms}&gu=386d05aab96640798e6ea6ac9f50f5fc&tu=10GXz00Au1C01g0&sku=&tstsId=&ver=&&r=334
BHO: Windows Live Family Safety Browser Helper Class - {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - C:\Program Files\Windows Live\Family Safety\fssbho.dll (Microsoft Corporation)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
BHO-x32: No Name - {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO-x32: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO-x32: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: Google Gears Helper - {E0FEFE40-FBF9-42AE-BA58-794CA7E3FB53} - C:\Program Files (x86)\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll (Google Inc.)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKCU - Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
DPF: HKLM-x32 {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)
Handler-x32: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
Handler-x32: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\..\Interfaces\{011E7012-FCC3-417B-B375-8A252ADD8B30}: [NameServer]193.189.244.206 193.189.244.225
Tcpip\..\Interfaces\{708DB8B2-E39B-4BEE-842B-07EC99E3E497}: [NameServer]193.189.244.206 193.189.244.225
Tcpip\..\Interfaces\{8B8CA7B7-057C-43EE-9A22-091EB0577D86}: [NameServer]193.189.244.206 193.189.244.225
FireFox:
========
FF ProfilePath: C:\Users\andreas\AppData\Roaming\Mozilla\Firefox\Profiles\f3er6lil.default
FF Homepage: hxxp://yahoo.de/
FF Plugin: @adobe.com/FlashPlayer - C:\windows\system32\Macromed\Flash\NPSWF64_11_1_102.dll ()
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @java.com/DTPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=14.0.8117.0416 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @starfield.com/off - C:\Users\andreas\AppData\Roaming\Mozilla\Plugins\npoff.dll ( Starfield Technologies, LLC.)
FF Plugin HKCU: @starfield.com/off64 - C:\Users\andreas\AppData\Roaming\Mozilla\Plugins\npoff64.dll ( Starfield Technologies, LLC.)
FF Plugin HKCU: @starfield.com/wbe - C:\Users\andreas\AppData\Roaming\Mozilla\Plugins\npwbe.dll (Starfield Technology, LLC)
FF Plugin HKCU: @starfield.com/wbe64 - C:\Users\andreas\AppData\Roaming\Mozilla\Plugins\npwbe64.dll (Starfield Technology, LLC)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Users\andreas\AppData\Roaming\mozilla\plugins\npoff.dll ( Starfield Technologies, LLC.)
FF Plugin ProgramFiles/Appdata: C:\Users\andreas\AppData\Roaming\mozilla\plugins\npoff64.dll ( Starfield Technologies, LLC.)
FF Plugin ProgramFiles/Appdata: C:\Users\andreas\AppData\Roaming\mozilla\plugins\npwbe.dll (Starfield Technology, LLC)
FF Plugin ProgramFiles/Appdata: C:\Users\andreas\AppData\Roaming\mozilla\plugins\npwbe64.dll (Starfield Technology, LLC)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: WBE Paste - C:\Users\andreas\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\wbepaste@starfield [2013-05-26]
FF Extension: Workspace Email Zoom - C:\Users\andreas\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\zoomext@starfield [2013-05-26]
FF Extension: Bluhell Firewall - C:\Users\andreas\AppData\Roaming\Mozilla\Firefox\Profiles\f3er6lil.default\Extensions\{6BB5760D-F97E-421B-AF5B-8457A90C3CED}.xpi [2013-12-15]
FF Extension: No Name - C:\Program Files (x86)\Mozilla Firefox\extensions\KavAntiBanner@Kaspersky.ru [2014-02-28]
FF Extension: Anti-Banner - C:\Program Files (x86)\Mozilla Firefox\extensions\KavAntiBanner@kaspersky.ru_bak [2014-02-28]
FF Extension: No Name - C:\Program Files (x86)\Mozilla Firefox\extensions\linkfilter@kaspersky.ru [2014-02-28]
FF Extension: Modul zur Link-Untersuchung - C:\Program Files (x86)\Mozilla Firefox\extensions\linkfilter@kaspersky.ru_bak [2014-02-28]
FF Extension: No Name - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2014-03-03]
FF HKLM-x32\...\Firefox\Extensions: [{000a9d1c-beef-4f90-9363-039d445309b8}] - C:\Program Files (x86)\Google\Google Gears\Firefox\
FF Extension: Google Gears - C:\Program Files (x86)\Google\Google Gears\Firefox\ []
FF HKLM-x32\...\Firefox\Extensions: [virtualKeyboard@kaspersky.ru] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\FFExt\virtualKeyboard@kaspersky.ru
FF HKLM-x32\...\Firefox\Extensions: [KavAntiBanner@Kaspersky.ru] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\FFExt\KavAntiBanner@kaspersky.ru
FF HKLM-x32\...\Firefox\Extensions: [linkfilter@kaspersky.ru] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\FFExt\linkfilter@kaspersky.ru
FF HKLM-x32\...\Firefox\Extensions: [{FFB96CC1-7EB3-449D-B827-DB661701C6BB}] - C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker
FF HKCU\...\Firefox\Extensions: [{36ee80e3-92ec-4efb-b105-85435187eb87}] - C:\Program Files (x86)\Re-Markable Corp\158.xpi
FF Extension: No Name - C:\Program Files (x86)\Re-Markable Corp\158.xpi [2014-03-31]
Chrome:
=======
CHR DefaultSearchURL: hxxp://www.google.de/search?hl=de&source=hp&q={searchTerms}
CHR DefaultNewTabURL:
CHR Extension: (Google Docs) - C:\Users\andreas\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-12-13]
CHR Extension: (Google Drive) - C:\Users\andreas\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-12-13]
CHR Extension: (YouTube) - C:\Users\andreas\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-12-13]
CHR Extension: (Google Search) - C:\Users\andreas\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-12-13]
CHR Extension: (Re-Markable) - C:\Users\andreas\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejdfidgapfiokiphmcjpmmjbdndepoja [2014-03-31]
CHR Extension: (Bflix extension) - C:\Users\andreas\AppData\Local\Google\Chrome\User Data\Default\Extensions\jlfihafpijfdgmojeeigcldgchhojpfp [2014-03-04]
CHR Extension: (Skype Click to Call) - C:\Users\andreas\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2014-03-04]
CHR Extension: (Google Wallet) - C:\Users\andreas\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-23]
CHR Extension: (Gmail) - C:\Users\andreas\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-12-13]
CHR HKLM-x32\...\Chrome\Extension: [jlfihafpijfdgmojeeigcldgchhojpfp] - C:\Program Files (x86)\BFlix\BFlix.crx [2011-12-19]
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2014-03-03]
==================== Services (Whitelisted) =================
R2 Akamai; c:\program files (x86)\common files\akamai/netsession_win_8fa3539.dll [4569856 2013-07-01] (Akamai Technologies, Inc.)
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [440400 2014-02-20] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [440400 2014-02-20] (Avira Operations GmbH & Co. KG)
S4 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\avwebg7.exe [1017424 2014-02-20] (Avira Operations GmbH & Co. KG)
S3 Autodesk Licensing Service; C:\Program Files (x86)\Common Files\Autodesk Shared\Service\AdskScSrv.exe [77944 2011-03-08] (Autodesk)
R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1363584 2014-03-03] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1748608 2014-03-03] (Microsoft Corporation)
R2 File Backup; C:\Program Files (x86)\Workspace\offSyncService.exe [1187040 2013-07-22] (Starfield Technologies)
R2 Radsteroids; C:\ProgramData\Radsteroids\Radsteroids.exe [151416 2014-03-21] (Deals Interactive Media, LLC)
R2 Re-Markable; C:\Program Files (x86)\Re-Markable Corp\Re-Markable158.exe [142336 2014-03-31] ()
R2 Rezip; C:\windows\SysWOW64\Rezip.exe [311296 2009-03-05] ()
R2 SACSrv; C:\Program Files\SafeNet\Authentication\SAC\x64\SACSrv.exe [10712 2011-10-02] (SafeNet, Inc.)
S4 mcmscsvc; C:\PROGRA~2\McAfee\MSC\mcmscsvc.exe [X]
S4 McNASvc; "c:\PROGRA~2\COMMON~1\mcafee\mna\mcnasvc.exe" [X]
S4 McProxy; c:\PROGRA~2\COMMON~1\mcafee\mcproxy\mcproxy.exe [X]
S4 MpfService; "C:\Program Files (x86)\McAfee\MPF\MPFSrv.exe" [X]
S2 MSK80Service; "C:\Program Files (x86)\McAfee\MSK\MskSrver.exe" [X]
S2 WinkHandler; C:\Program Files (x86)\Iminent\WinkHandler.exe [X]
==================== Drivers (Whitelisted) ====================
R3 AKSIFDH; C:\Windows\System32\DRIVERS\aksifdh.sys [62632 2008-07-30] (Aladdin Knowledge Systems, Ltd.)
S3 AKSUP; C:\Windows\System32\drivers\aksup.sys [44712 2008-07-30] (Aladdin Knowledge Systems, Ltd.)
U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [108440 2013-12-09] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [131576 2013-12-09] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-12-09] (Avira Operations GmbH & Co. KG)
R2 avnetflt; C:\Windows\System32\DRIVERS\avnetflt.sys [84720 2013-12-09] (Avira Operations GmbH & Co. KG)
S3 ewusbnet; C:\Windows\System32\DRIVERS\ewusbnet.sys [243200 2009-10-21] (Huawei Technologies Co., Ltd.)
S3 hwusbdev; C:\Windows\System32\DRIVERS\ewusbdev.sys [114304 2009-10-12] (Huawei Technologies Co., Ltd.)
R3 iKeyEnum; C:\Windows\System32\DRIVERS\ikeyenum.sys [16160 2010-07-08] (SafeNet, Inc.)
R3 iKeyIFD; C:\Windows\System32\DRIVERS\ikeyifd.sys [22304 2010-07-08] (SafeNet, Inc.)
U5 klflt; C:\Windows\System32\Drivers\klflt.sys [89944 2013-02-21] (Kaspersky Lab)
S3 MBAMSwissArmy; C:\windows\system32\drivers\MBAMSwissArmy.sys [119512 2014-03-31] (Malwarebytes Corporation)
S4 MPFP; C:\Windows\System32\Drivers\Mpfp.sys [176144 2010-07-15] (McAfee, Inc.)
U5 RnbToken; C:\Windows\System32\Drivers\RnbToken.sys [24352 2010-07-08] (SafeNet, Inc.)
S3 rtport; C:\windows\SysWOW64\drivers\rtport.sys [15144 2010-11-05] (Windows (R) 2003 DDK 3790 provider)
S4 Serial; C:\Windows\system32\DRIVERS\serial.sys [94208 2009-07-14] (Brother Industries Ltd.)
S3 yukonw7; C:\Windows\System32\DRIVERS\yk62x64.sys [395264 2009-09-28] ()
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2014-04-02 14:39 - 2014-04-02 14:42 - 00022217 _____ () C:\Users\andreas\Desktop\FRST.txt
2014-03-31 22:25 - 2014-03-31 22:25 - 00987442 _____ () C:\Users\andreas\Downloads\SecurityCheck.exe
2014-03-31 22:25 - 2014-03-31 22:25 - 00987442 _____ () C:\Users\andreas\Desktop\SecurityCheck.exe
2014-03-31 15:04 - 2014-03-31 15:04 - 02347384 _____ (ESET) C:\Users\andreas\Downloads\esetsmartinstaller_enu.exe
2014-03-31 15:01 - 2014-03-31 15:01 - 00000627 _____ () C:\Users\andreas\Desktop\JRT.txt
2014-03-31 14:52 - 2014-03-31 14:51 - 01038974 _____ (Thisisu) C:\Users\andreas\Desktop\JRT (1).exe
2014-03-31 14:51 - 2014-03-31 14:51 - 01038974 _____ (Thisisu) C:\Users\andreas\Downloads\JRT (1).exe
2014-03-31 14:42 - 2014-03-31 14:42 - 00025045 _____ () C:\ComboFix.txt
2014-03-31 11:22 - 2014-04-02 14:40 - 00000404 _____ () C:\windows\Tasks\Re-Markable Update.job
2014-03-31 11:22 - 2014-04-02 14:37 - 00000406 _____ () C:\windows\Tasks\Re-Markable_wd.job
2014-03-31 11:22 - 2014-03-31 14:46 - 00000258 __RSH () C:\ProgramData\ntuser.pol
2014-03-31 11:22 - 2014-03-31 11:22 - 00003056 _____ () C:\windows\System32\Tasks\Re-Markable Update
2014-03-31 11:22 - 2014-03-31 11:22 - 00002998 _____ () C:\windows\System32\Tasks\Re-Markable_wd
2014-03-31 11:22 - 2014-03-31 11:22 - 00000000 ____D () C:\Program Files (x86)\Re-Markable Corp
2014-03-31 11:22 - 2014-03-31 11:22 - 00000000 ____D () C:\Program Files (x86)\7-Zip
2014-03-31 11:20 - 2014-04-01 09:23 - 00000000 ____D () C:\Users\andreas\AppData\Local\Radsteroids
2014-03-31 11:20 - 2014-03-31 11:20 - 00000000 ____D () C:\ProgramData\Radsteroids
2014-03-31 11:19 - 2014-03-31 11:19 - 00376256 _____ () C:\Users\andreas\Downloads\7zip.exe
2014-03-30 18:19 - 2014-03-30 18:19 - 00000000 ____D () C:\windows\ERUNT
2014-03-30 18:18 - 2014-03-30 18:18 - 01038974 _____ (Thisisu) C:\Users\andreas\Downloads\JRT.exe
2014-03-30 18:05 - 2014-03-31 13:20 - 00000000 ____D () C:\AdwCleaner
2014-03-30 18:02 - 2014-03-30 18:02 - 01950720 _____ () C:\Users\andreas\Downloads\adwcleaner.exe
2014-03-30 18:02 - 2014-03-30 18:02 - 01950720 _____ () C:\Users\andreas\Desktop\adwcleaner.exe
2014-03-30 17:14 - 2014-03-31 13:33 - 00119512 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\MBAMSwissArmy.sys
2014-03-30 17:14 - 2014-03-30 17:16 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware
2014-03-30 17:14 - 2014-03-05 09:26 - 00088280 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbamchameleon.sys
2014-03-30 17:14 - 2014-03-05 09:26 - 00063192 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mwac.sys
2014-03-30 17:13 - 2014-03-30 17:14 - 17523384 _____ (Malwarebytes Corporation ) C:\Users\andreas\Downloads\mbam-setup-2.0.0.1000.exe
2014-03-28 16:05 - 2011-06-26 08:45 - 00256000 _____ () C:\windows\PEV.exe
2014-03-28 16:05 - 2010-11-07 19:20 - 00208896 _____ () C:\windows\MBR.exe
2014-03-28 16:05 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\windows\NIRCMD.exe
2014-03-28 16:05 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\windows\SWREG.exe
2014-03-28 16:05 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\windows\SWSC.exe
2014-03-28 16:05 - 2000-08-31 02:00 - 00098816 _____ () C:\windows\sed.exe
2014-03-28 16:05 - 2000-08-31 02:00 - 00080412 _____ () C:\windows\grep.exe
2014-03-28 16:05 - 2000-08-31 02:00 - 00068096 _____ () C:\windows\zip.exe
2014-03-28 16:04 - 2014-03-31 14:42 - 00000000 ____D () C:\Qoobox
2014-03-28 16:04 - 2014-03-28 16:26 - 00000000 ____D () C:\windows\erdnt
2014-03-28 16:03 - 2014-03-28 16:03 - 05192353 ____R (Swearware) C:\Users\andreas\Desktop\ComboFix.exe
2014-03-28 16:03 - 2014-03-28 16:03 - 05192353 _____ (Swearware) C:\Users\andreas\Downloads\ComboFix.exe
2014-03-28 14:14 - 2014-03-28 14:13 - 00380416 _____ () C:\Users\andreas\Desktop\Gmer-19357.exe
2014-03-28 14:13 - 2014-03-28 14:13 - 00380416 _____ () C:\Users\andreas\Downloads\Gmer-19357.exe
2014-03-28 14:10 - 2014-04-02 14:39 - 00000000 ____D () C:\FRST
2014-03-28 14:09 - 2014-03-28 14:09 - 02157056 _____ (Farbar) C:\Users\andreas\Desktop\FRST64.exe
2014-03-28 14:08 - 2014-03-28 14:09 - 02157056 _____ (Farbar) C:\Users\andreas\Downloads\FRST64.exe
2014-03-28 14:07 - 2014-03-28 14:07 - 01145856 _____ (Farbar) C:\Users\andreas\Downloads\FRST.exe
2014-03-28 14:06 - 2014-03-28 14:06 - 00000000 _____ () C:\Users\andreas\defogger_reenable
2014-03-28 14:05 - 2014-03-28 14:05 - 00050477 _____ () C:\Users\andreas\Downloads\Defogger.exe
2014-03-28 14:05 - 2014-03-28 14:05 - 00050477 _____ () C:\Users\andreas\Desktop\Defogger.exe
2014-03-28 11:00 - 2014-03-28 11:00 - 00167424 _____ () C:\Users\andreas\Downloads\OBRASCI ZAVRSNI 2013 - SEMNONES (2).xls
2014-03-28 10:59 - 2014-03-28 10:59 - 00167424 _____ () C:\Users\andreas\Downloads\OBRASCI ZAVRSNI 2013 - SEMNONES (1).xls
2014-03-28 10:57 - 2014-03-28 10:57 - 00167424 _____ () C:\Users\andreas\Downloads\OBRASCI ZAVRSNI 2013 - SEMNONES.xls
2014-03-22 15:26 - 2014-03-22 15:33 - 00064000 ____H () C:\Users\Guest\Desktop\~WRL3555.tmp
2014-03-22 14:25 - 2014-03-22 14:34 - 00009169 _____ () C:\Users\andreas\Documents\Bieter.xlsx
2014-03-22 10:03 - 2014-03-22 10:03 - 00000000 ____D () C:\Users\Guest\AppData\Local\Adobe
2014-03-22 10:02 - 2014-03-22 10:02 - 00000000 ____D () C:\Users\Guest\AppData\Local\Google
2014-03-22 09:35 - 2014-03-22 09:35 - 00000000 ____D () C:\Users\Guest\AppData\Roaming\Avira
2014-03-22 09:29 - 2014-03-22 09:29 - 00000000 ____H () C:\windows\system32\Drivers\Msft_User_wpdcomp_01_09_00.Wdf
2014-03-22 07:45 - 2014-03-22 07:45 - 00000000 ____D () C:\Users\Guest\Desktop\Bieterregistrierungen
2014-03-21 17:09 - 2014-04-02 14:40 - 00003942 _____ () C:\windows\System32\Tasks\User_Feed_Synchronization-{92299EF7-1E5C-417C-864B-B520F20C2A67}
2014-03-21 12:16 - 2014-03-21 12:16 - 01161080 _____ () C:\windows\SysWOW64\Radsteroids.33AABCF1AD13.dll
2014-03-21 00:33 - 2014-03-22 16:21 - 00000000 ____D () C:\Users\Guest\Desktop\forms
2014-03-21 00:33 - 2014-03-21 00:33 - 00000000 ____D () C:\Users\Guest\Desktop\logo avus
2014-03-21 00:20 - 2014-03-21 00:20 - 00000000 ____D () C:\Users\Guest\AppData\Local\adaware
2014-03-21 00:19 - 2014-03-25 11:52 - 00000000 ____D () C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CyberLink DVD Suite
2014-03-21 00:19 - 2014-03-22 10:03 - 00000000 ____D () C:\Users\Guest\AppData\Roaming\Adobe
2014-03-21 00:19 - 2014-03-21 00:20 - 00000000 ___RD () C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-03-21 00:19 - 2014-03-21 00:20 - 00000000 ___RD () C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2014-03-21 00:19 - 2014-03-21 00:20 - 00000000 ____D () C:\Users\Guest\AppData\Local\VirtualStore
2014-03-21 00:19 - 2014-03-21 00:19 - 00001413 _____ () C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-03-21 00:19 - 2014-03-21 00:19 - 00000020 ___SH () C:\Users\Guest\ntuser.ini
2014-03-21 00:19 - 2014-03-21 00:19 - 00000000 ____D () C:\Users\Guest\AppData\Local\offsync
2014-03-21 00:19 - 2014-03-21 00:19 - 00000000 ____D () C:\Users\Guest
2014-03-21 00:19 - 2011-03-10 17:30 - 00000000 ____D () C:\Users\Guest\AppData\Local\Microsoft Help
2014-03-21 00:19 - 2011-03-06 20:34 - 00001135 _____ () C:\Users\Guest\Desktop\CyberLink YouCam.lnk
2014-03-21 00:19 - 2011-03-06 20:34 - 00000000 ____D () C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CyberLink YouCam
2014-03-21 00:19 - 2010-08-04 04:37 - 00001190 _____ () C:\Users\Guest\Desktop\CyberLink DVD Suite.lnk
2014-03-21 00:19 - 2009-07-14 06:54 - 00000000 ___RD () C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2014-03-21 00:19 - 2009-07-14 06:49 - 00000000 ___RD () C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2014-03-13 22:26 - 2014-03-01 07:17 - 02724864 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb
2014-03-13 22:26 - 2014-03-01 07:16 - 00004096 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollectorres.dll
2014-03-13 22:26 - 2014-03-01 06:58 - 02765824 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
2014-03-13 22:26 - 2014-03-01 06:52 - 00066048 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll
2014-03-13 22:26 - 2014-03-01 06:51 - 00048640 _____ (Microsoft Corporation) C:\windows\system32\ieetwproxystub.dll
2014-03-13 22:26 - 2014-03-01 06:40 - 00033792 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll
2014-03-13 22:26 - 2014-03-01 06:30 - 17074688 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll
2014-03-13 22:26 - 2014-03-01 06:17 - 00218624 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe
2014-03-13 22:26 - 2014-03-01 06:11 - 02724864 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.tlb
2014-03-13 22:26 - 2014-03-01 05:52 - 00061952 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesetup.dll
2014-03-13 22:26 - 2014-03-01 05:51 - 00051200 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieetwproxystub.dll
2014-03-13 22:26 - 2014-03-01 05:47 - 02168320 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll
2014-03-13 22:26 - 2014-03-01 05:43 - 00043008 _____ (Microsoft Corporation) C:\windows\SysWOW64\jsproxy.dll
2014-03-13 22:26 - 2014-03-01 05:43 - 00032768 _____ (Microsoft Corporation) C:\windows\SysWOW64\iernonce.dll
2014-03-13 22:26 - 2014-03-01 05:42 - 00627200 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll
2014-03-13 22:26 - 2014-03-01 05:40 - 00440832 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieui.dll
2014-03-13 22:26 - 2014-03-01 05:38 - 00112128 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieUnatt.exe
2014-03-13 22:26 - 2014-03-01 05:37 - 00553472 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9diag.dll
2014-03-13 22:26 - 2014-03-01 05:35 - 02041856 _____ (Microsoft Corporation) C:\windows\system32\inetcpl.cpl
2014-03-13 22:26 - 2014-03-01 05:14 - 04244480 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll
2014-03-13 22:26 - 2014-03-01 05:03 - 00524288 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll
2014-03-13 22:26 - 2014-03-01 05:00 - 01964032 _____ (Microsoft Corporation) C:\windows\SysWOW64\inetcpl.cpl
2014-03-13 22:26 - 2014-03-01 04:57 - 11266048 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll
2014-03-13 22:26 - 2014-03-01 04:38 - 01393664 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
2014-03-13 22:26 - 2014-03-01 04:27 - 01156096 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll
2014-03-13 22:26 - 2014-02-07 03:23 - 03156480 _____ (Microsoft Corporation) C:\windows\system32\win32k.sys
2014-03-13 22:26 - 2014-01-29 04:32 - 00484864 _____ (Microsoft Corporation) C:\windows\system32\wer.dll
2014-03-13 22:26 - 2014-01-29 04:06 - 00381440 _____ (Microsoft Corporation) C:\windows\SysWOW64\wer.dll
2014-03-13 22:26 - 2014-01-28 04:32 - 00228864 _____ (Microsoft Corporation) C:\windows\system32\wwansvc.dll
2014-03-13 22:25 - 2014-03-01 08:05 - 23133696 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2014-03-13 22:25 - 2014-03-01 06:42 - 00053760 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll
2014-03-13 22:25 - 2014-03-01 06:37 - 00574976 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll
2014-03-13 22:25 - 2014-03-01 06:33 - 00139264 _____ (Microsoft Corporation) C:\windows\system32\ieUnatt.exe
2014-03-13 22:25 - 2014-03-01 06:33 - 00111616 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollector.exe
2014-03-13 22:25 - 2014-03-01 06:32 - 00708608 _____ (Microsoft Corporation) C:\windows\system32\jscript9diag.dll
2014-03-13 22:25 - 2014-03-01 06:23 - 00940032 _____ (Microsoft Corporation) C:\windows\system32\MsSpellCheckingFacility.exe
2014-03-13 22:25 - 2014-03-01 06:02 - 00195584 _____ (Microsoft Corporation) C:\windows\system32\msrating.dll
2014-03-13 22:25 - 2014-03-01 05:54 - 05768704 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
2014-03-13 22:25 - 2014-03-01 05:18 - 13051904 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
2014-03-13 22:25 - 2014-03-01 05:16 - 00164864 _____ (Microsoft Corporation) C:\windows\SysWOW64\msrating.dll
2014-03-13 22:25 - 2014-03-01 05:10 - 02334208 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
2014-03-13 22:25 - 2014-03-01 04:32 - 01820160 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll
2014-03-13 22:25 - 2014-03-01 04:25 - 00817664 _____ (Microsoft Corporation) C:\windows\system32\ieapfltr.dll
2014-03-13 22:25 - 2014-03-01 04:25 - 00703488 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieapfltr.dll
2014-03-13 22:24 - 2014-02-04 04:32 - 01424384 _____ (Microsoft Corporation) C:\windows\system32\WindowsCodecs.dll
2014-03-13 22:24 - 2014-02-04 04:32 - 00624128 _____ (Microsoft Corporation) C:\windows\system32\qedit.dll
2014-03-13 22:24 - 2014-02-04 04:04 - 01230336 _____ (Microsoft Corporation) C:\windows\SysWOW64\WindowsCodecs.dll
2014-03-13 22:24 - 2014-02-04 04:04 - 00509440 _____ (Microsoft Corporation) C:\windows\SysWOW64\qedit.dll
2014-03-04 10:46 - 2014-03-04 10:46 - 00001109 _____ () C:\Users\andreas\Desktop\desktoptools.lnk
==================== One Month Modified Files and Folders =======
2014-04-02 14:42 - 2014-04-02 14:39 - 00022217 _____ () C:\Users\andreas\Desktop\FRST.txt
2014-04-02 14:41 - 2010-08-04 04:27 - 01555686 _____ () C:\windows\WindowsUpdate.log
2014-04-02 14:40 - 2014-03-31 11:22 - 00000404 _____ () C:\windows\Tasks\Re-Markable Update.job
2014-04-02 14:40 - 2014-03-21 17:09 - 00003942 _____ () C:\windows\System32\Tasks\User_Feed_Synchronization-{92299EF7-1E5C-417C-864B-B520F20C2A67}
2014-04-02 14:40 - 2014-01-15 21:44 - 00000000 ___RD () C:\Users\andreas\Desktop\Dropbox
2014-04-02 14:40 - 2014-01-15 21:25 - 00000000 ____D () C:\Users\andreas\AppData\Roaming\Dropbox
2014-04-02 14:40 - 2011-03-09 15:40 - 00001112 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-04-02 14:40 - 2011-03-06 20:52 - 00000000 ____D () C:\Users\andreas\AppData\Roaming\Skype
2014-04-02 14:39 - 2014-03-28 14:10 - 00000000 ____D () C:\FRST
2014-04-02 14:37 - 2014-03-31 11:22 - 00000406 _____ () C:\windows\Tasks\Re-Markable_wd.job
2014-04-02 14:37 - 2011-03-09 15:40 - 00001108 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-04-02 14:37 - 2011-03-06 20:21 - 00000000 ____D () C:\Users\andreas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CyberLink DVD Suite
2014-04-02 14:36 - 2013-12-14 14:12 - 00019596 _____ () C:\windows\setupact.log
2014-04-02 14:36 - 2009-07-14 07:08 - 00000006 ____H () C:\windows\Tasks\SA.DAT
2014-04-01 10:21 - 2014-01-22 10:00 - 00000830 _____ () C:\windows\Tasks\Adobe Flash Player Updater.job
2014-04-01 09:23 - 2014-03-31 11:20 - 00000000 ____D () C:\Users\andreas\AppData\Local\Radsteroids
2014-04-01 08:56 - 2009-07-14 06:45 - 00014144 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-04-01 08:56 - 2009-07-14 06:45 - 00014144 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-04-01 08:46 - 2013-12-15 10:46 - 00573230 _____ () C:\windows\PFRO.log
2014-03-31 22:25 - 2014-03-31 22:25 - 00987442 _____ () C:\Users\andreas\Downloads\SecurityCheck.exe
2014-03-31 22:25 - 2014-03-31 22:25 - 00987442 _____ () C:\Users\andreas\Desktop\SecurityCheck.exe
2014-03-31 15:04 - 2014-03-31 15:04 - 02347384 _____ (ESET) C:\Users\andreas\Downloads\esetsmartinstaller_enu.exe
2014-03-31 15:01 - 2014-03-31 15:01 - 00000627 _____ () C:\Users\andreas\Desktop\JRT.txt
2014-03-31 14:51 - 2014-03-31 14:52 - 01038974 _____ (Thisisu) C:\Users\andreas\Desktop\JRT (1).exe
2014-03-31 14:51 - 2014-03-31 14:51 - 01038974 _____ (Thisisu) C:\Users\andreas\Downloads\JRT (1).exe
2014-03-31 14:46 - 2014-03-31 11:22 - 00000258 __RSH () C:\ProgramData\ntuser.pol
2014-03-31 14:42 - 2014-03-31 14:42 - 00025045 _____ () C:\ComboFix.txt
2014-03-31 14:42 - 2014-03-28 16:04 - 00000000 ____D () C:\Qoobox
2014-03-31 14:37 - 2009-07-14 04:34 - 00000215 _____ () C:\windows\system.ini
2014-03-31 13:33 - 2014-03-30 17:14 - 00119512 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\MBAMSwissArmy.sys
2014-03-31 13:20 - 2014-03-30 18:05 - 00000000 ____D () C:\AdwCleaner
2014-03-31 11:22 - 2014-03-31 11:22 - 00003056 _____ () C:\windows\System32\Tasks\Re-Markable Update
2014-03-31 11:22 - 2014-03-31 11:22 - 00002998 _____ () C:\windows\System32\Tasks\Re-Markable_wd
2014-03-31 11:22 - 2014-03-31 11:22 - 00000000 ____D () C:\Program Files (x86)\Re-Markable Corp
2014-03-31 11:22 - 2014-03-31 11:22 - 00000000 ____D () C:\Program Files (x86)\7-Zip
2014-03-31 11:22 - 2009-07-14 05:20 - 00000000 ___HD () C:\windows\system32\GroupPolicy
2014-03-31 11:22 - 2009-07-14 05:20 - 00000000 ____D () C:\windows\SysWOW64\GroupPolicy
2014-03-31 11:20 - 2014-03-31 11:20 - 00000000 ____D () C:\ProgramData\Radsteroids
2014-03-31 11:19 - 2014-03-31 11:19 - 00376256 _____ () C:\Users\andreas\Downloads\7zip.exe
2014-03-31 09:27 - 2009-07-14 07:13 - 00801824 _____ () C:\windows\system32\PerfStringBackup.INI
2014-03-30 22:56 - 2013-08-06 14:09 - 00000000 ____D () C:\Users\andreas\Desktop\Classic Car Auction
2014-03-30 18:19 - 2014-03-30 18:19 - 00000000 ____D () C:\windows\ERUNT
2014-03-30 18:18 - 2014-03-30 18:18 - 01038974 _____ (Thisisu) C:\Users\andreas\Downloads\JRT.exe
2014-03-30 18:12 - 2013-01-10 16:46 - 00000000 ____D () C:\Users\andreas\AppData\Roaming\CheckPoint
2014-03-30 18:02 - 2014-03-30 18:02 - 01950720 _____ () C:\Users\andreas\Downloads\adwcleaner.exe
2014-03-30 18:02 - 2014-03-30 18:02 - 01950720 _____ () C:\Users\andreas\Desktop\adwcleaner.exe
2014-03-30 17:16 - 2014-03-30 17:14 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware
2014-03-30 17:16 - 2014-01-23 16:33 - 00001102 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-03-30 17:14 - 2014-03-30 17:13 - 17523384 _____ (Malwarebytes Corporation ) C:\Users\andreas\Downloads\mbam-setup-2.0.0.1000.exe
2014-03-30 17:14 - 2013-01-10 13:46 - 00000000 ____D () C:\Users\andreas\AppData\Roaming\Malwarebytes
2014-03-30 17:14 - 2013-01-10 13:46 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-03-28 20:52 - 2009-07-14 05:20 - 00000000 __RHD () C:\Users\Default
2014-03-28 16:26 - 2014-03-28 16:04 - 00000000 ____D () C:\windows\erdnt
2014-03-28 16:15 - 2012-07-13 13:34 - 00000000 ____D () C:\Users\andreas\AppData\Roaming\convert
2014-03-28 16:15 - 2012-01-26 23:21 - 00000000 ____D () C:\Program Files (x86)\BFlix
2014-03-28 16:03 - 2014-03-28 16:03 - 05192353 ____R (Swearware) C:\Users\andreas\Desktop\ComboFix.exe
2014-03-28 16:03 - 2014-03-28 16:03 - 05192353 _____ (Swearware) C:\Users\andreas\Downloads\ComboFix.exe
2014-03-28 14:13 - 2014-03-28 14:14 - 00380416 _____ () C:\Users\andreas\Desktop\Gmer-19357.exe
2014-03-28 14:13 - 2014-03-28 14:13 - 00380416 _____ () C:\Users\andreas\Downloads\Gmer-19357.exe
2014-03-28 14:09 - 2014-03-28 14:09 - 02157056 _____ (Farbar) C:\Users\andreas\Desktop\FRST64.exe
2014-03-28 14:09 - 2014-03-28 14:08 - 02157056 _____ (Farbar) C:\Users\andreas\Downloads\FRST64.exe
2014-03-28 14:07 - 2014-03-28 14:07 - 01145856 _____ (Farbar) C:\Users\andreas\Downloads\FRST.exe
2014-03-28 14:06 - 2014-03-28 14:06 - 00000000 _____ () C:\Users\andreas\defogger_reenable
2014-03-28 14:06 - 2011-03-06 20:21 - 00000000 ____D () C:\Users\andreas
2014-03-28 14:05 - 2014-03-28 14:05 - 00050477 _____ () C:\Users\andreas\Downloads\Defogger.exe
2014-03-28 14:05 - 2014-03-28 14:05 - 00050477 _____ () C:\Users\andreas\Desktop\Defogger.exe
2014-03-28 11:00 - 2014-03-28 11:00 - 00167424 _____ () C:\Users\andreas\Downloads\OBRASCI ZAVRSNI 2013 - SEMNONES (2).xls
2014-03-28 10:59 - 2014-03-28 10:59 - 00167424 _____ () C:\Users\andreas\Downloads\OBRASCI ZAVRSNI 2013 - SEMNONES (1).xls
2014-03-28 10:57 - 2014-03-28 10:57 - 00167424 _____ () C:\Users\andreas\Downloads\OBRASCI ZAVRSNI 2013 - SEMNONES.xls
2014-03-25 11:52 - 2014-03-21 00:19 - 00000000 ____D () C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CyberLink DVD Suite
2014-03-24 17:06 - 2014-02-22 15:14 - 00000000 ____D () C:\Users\andreas\Desktop\semnones jdoo
2014-03-22 16:21 - 2014-03-21 00:33 - 00000000 ____D () C:\Users\Guest\Desktop\forms
2014-03-22 15:33 - 2014-03-22 15:26 - 00064000 ____H () C:\Users\Guest\Desktop\~WRL3555.tmp
2014-03-22 14:34 - 2014-03-22 14:25 - 00009169 _____ () C:\Users\andreas\Documents\Bieter.xlsx
2014-03-22 10:03 - 2014-03-22 10:03 - 00000000 ____D () C:\Users\Guest\AppData\Local\Adobe
2014-03-22 10:03 - 2014-03-21 00:19 - 00000000 ____D () C:\Users\Guest\AppData\Roaming\Adobe
2014-03-22 10:02 - 2014-03-22 10:02 - 00000000 ____D () C:\Users\Guest\AppData\Local\Google
2014-03-22 09:35 - 2014-03-22 09:35 - 00000000 ____D () C:\Users\Guest\AppData\Roaming\Avira
2014-03-22 09:29 - 2014-03-22 09:29 - 00000000 ____H () C:\windows\system32\Drivers\Msft_User_wpdcomp_01_09_00.Wdf
2014-03-22 07:45 - 2014-03-22 07:45 - 00000000 ____D () C:\Users\Guest\Desktop\Bieterregistrierungen
2014-03-21 18:48 - 2009-07-14 05:20 - 00000000 ____D () C:\windows\system32\NDF
2014-03-21 12:16 - 2014-03-21 12:16 - 01161080 _____ () C:\windows\SysWOW64\Radsteroids.33AABCF1AD13.dll
2014-03-21 00:33 - 2014-03-21 00:33 - 00000000 ____D () C:\Users\Guest\Desktop\logo avus
2014-03-21 00:20 - 2014-03-21 00:20 - 00000000 ____D () C:\Users\Guest\AppData\Local\adaware
2014-03-21 00:20 - 2014-03-21 00:19 - 00000000 ___RD () C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-03-21 00:20 - 2014-03-21 00:19 - 00000000 ___RD () C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2014-03-21 00:20 - 2014-03-21 00:19 - 00000000 ____D () C:\Users\Guest\AppData\Local\VirtualStore
2014-03-21 00:19 - 2014-03-21 00:19 - 00001413 _____ () C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-03-21 00:19 - 2014-03-21 00:19 - 00000020 ___SH () C:\Users\Guest\ntuser.ini
2014-03-21 00:19 - 2014-03-21 00:19 - 00000000 ____D () C:\Users\Guest\AppData\Local\offsync
2014-03-21 00:19 - 2014-03-21 00:19 - 00000000 ____D () C:\Users\Guest
2014-03-20 22:52 - 2011-07-21 12:47 - 00000000 ____D () C:\Users\andreas\Desktop\james
2014-03-18 19:17 - 2011-04-06 11:41 - 00000000 ____D () C:\Users\andreas\Desktop\Roccadoro
2014-03-18 00:43 - 2013-08-15 08:57 - 00000000 ____D () C:\windows\system32\MRT
2014-03-18 00:41 - 2011-03-19 11:57 - 90015360 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe
2014-03-17 10:16 - 2011-03-08 22:20 - 00000000 ____D () C:\Users\andreas\Desktop\THE VIEW Villas doo
2014-03-16 21:04 - 2011-06-04 11:26 - 00000000 ____D () C:\Users\andreas\Desktop\Inntal Montenegro
2014-03-16 20:12 - 2011-03-06 20:43 - 00000000 ___RD () C:\Users\andreas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-03-16 16:17 - 2011-03-20 19:43 - 00000000 ____D () C:\Users\andreas\Desktop\montague stein
2014-03-15 20:29 - 2011-04-05 15:32 - 00002175 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-03-14 13:57 - 2014-02-14 10:37 - 00000000 ____D () C:\Users\andreas\Desktop\Photos portals
2014-03-14 10:32 - 2010-08-04 04:29 - 00000000 ___RD () C:\Program Files (x86)\Skype
2014-03-14 08:36 - 2009-07-14 06:45 - 00426592 _____ () C:\windows\system32\FNTCACHE.DAT
2014-03-14 08:34 - 2013-03-14 00:27 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2014-03-14 08:34 - 2013-03-14 00:27 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2014-03-14 03:16 - 2011-03-08 19:36 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-03-14 01:06 - 2013-05-26 18:55 - 00000000 ____D () C:\Users\andreas\AppData\Local\Workspace
2014-03-05 09:26 - 2014-03-30 17:14 - 00088280 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbamchameleon.sys
2014-03-05 09:26 - 2014-03-30 17:14 - 00063192 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mwac.sys
2014-03-05 09:26 - 2014-01-23 16:33 - 00025816 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbam.sys
2014-03-04 10:46 - 2014-03-04 10:46 - 00001109 _____ () C:\Users\andreas\Desktop\desktoptools.lnk
Some content of TEMP:
====================
C:\Users\andreas\AppData\Local\Temp\avgnt.exe
C:\Users\andreas\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmplakqpg.dll
==================== Bamital & volsnap Check =================
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
LastRegBack: 2014-03-31 09:45
==================== End Of Log ============================
--- --- --- Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x64) Version: 13-03-2014
Ran by andreas at 2014-04-02 14:43:33
Running from C:\Users\andreas\Desktop
Boot Mode: Normal
==========================================================
==================== Security Center ========================
AV: Avira Desktop (Enabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
AS: Avira Desktop (Enabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installed Programs ======================
Update for Microsoft Office 2007 (KB2508958) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0C5823AA-7B6F-44E1-8D5B-8FD1FF0E6438}) (Version: - Microsoft)
64 Bit HP CIO Components Installer (Version: 8.2.2 - Hewlett-Packard) Hidden
7-Zip 9.20 (HKLM-x32\...\7-Zip) (Version: - )
Ad-Aware Browsing Protection (HKLM-x32\...\Ad-Aware Browsing Protection) (Version: 0.9.0.2 - Lavasoft)
Adobe Flash Player 11 Plugin 64-bit (HKLM\...\Adobe Flash Player Plugin) (Version: 11.1.102.55 - Adobe Systems Incorporated)
Adobe Flash Player 12 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 12.0.0.38 - Adobe Systems Incorporated)
Adobe Reader X (10.1.9) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AA1000000001}) (Version: 10.1.9 - Adobe Systems Incorporated)
Adobe SVG Viewer 3.0 (HKLM-x32\...\Adobe SVG Viewer) (Version: 3.0 - Adobe Systems, Inc.)
Akamai NetSession Interface (HKCU\...\Akamai) (Version: - Akamai Technologies, Inc)
Akamai NetSession Interface Service (HKLM-x32\...\Akamai) (Version: - )
Atheros Client Installation Program (HKLM-x32\...\{D1434266-0486-4469-B338-A60082CC04E1}) (Version: 1.0.5.0621 - Atheros)
Autodesk Backburner 2012.0.0 (HKLM-x32\...\{3D347E6D-5A03-4342-B5BA-6A771885F379}) (Version: 2012.0.0 - Autodesk, Inc.)
Avira Free Antivirus (HKLM-x32\...\Avira AntiVir Desktop) (Version: 14.0.3.350 - Avira)
BatteryLifeExtender (HKLM-x32\...\{74A579FB-EB06-497D-B194-01590D6FE51A}) (Version: 1.0.5 - Samsung)
Coupon Printer for Windows (HKLM-x32\...\Coupon Printer for Windows5.0.0.0) (Version: 5.0.0.0 - Coupons.com Incorporated) <==== ATTENTION
CyberLink DVD Suite (HKLM-x32\...\InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}) (Version: 6.0.2806 - CyberLink Corp.)
CyberLink DVD Suite (x32 Version: 6.0.2806 - CyberLink Corp.) Hidden
CyberLink Power2Go (HKLM-x32\...\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 6.0.3108a - CyberLink Corp.)
CyberLink Power2Go (x32 Version: 6.0.3108a - CyberLink Corp.) Hidden
CyberLink PowerDVD 8 (HKLM-x32\...\InstallShield_{2BF2E31F-B8BB-40A7-B650-98D28E0F7D47}) (Version: 8.0.2815b - CyberLink Corp.)
CyberLink PowerDVD 8 (x32 Version: 8.0.2815b - CyberLink Corp.) Hidden
CyberLink PowerProducer (HKLM-x32\...\InstallShield_{B7A0CE06-068E-11D6-97FD-0050BACBF861}) (Version: 5.0.1.1812 - CyberLink Corp.)
CyberLink PowerProducer (x32 Version: 5.0.1.1812 - CyberLink Corp.) Hidden
CyberLink YouCam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 2.0.3911 - CyberLink Corp.)
CyberLink YouCam (x32 Version: 2.0.3911 - CyberLink Corp.) Hidden
Dropbox (HKCU\...\Dropbox) (Version: 2.6.2 - Dropbox, Inc.)
Easy Display Manager (HKLM-x32\...\{17283B95-21A8-4996-97DA-547A48DB266F}) (Version: 3.2 - Samsung Electronics Co., Ltd.)
Easy Network Manager (HKLM-x32\...\{F9557866-B4C8-4CE5-8508-0E386BDC20B2}) (Version: 4.3.3 - Samsung)
Easy SpeedUp Manager (HKLM-x32\...\{EF367AA4-070B-493C-9575-85BE59D789C9}) (Version: 3.0.0.5 - Samsung Electronics Co.,Ltd.)
EasyBatteryManager (HKLM-x32\...\{4A331D24-A9E8-484F-835E-1BA7B139689C}) (Version: 4.0.0.4 - Samsung)
Engel & Völkers ML Regular Font for Windows (HKLM-x32\...\{0C8457C5-6388-4C7B-97E7-3D6A9B5A516F}) (Version: 1.0.0 - Engel & Völkers)
Free RAR Extract Frog (HKLM-x32\...\Free RAR Extract Frog) (Version: 2.70 - Philipp Winterberg)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 33.0.1750.154 - Google Inc.)
Google Earth (HKLM-x32\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Gears (HKLM-x32\...\{2FA41EBB-3F5A-35C3-85D6-51EC72A11FBD}) (Version: 0.5.3600 - Google)
Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.5111.1712 - Google Inc.)
Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.22.5 - Google Inc.) Hidden
HP Deskjet 2050 J510 series Basic Device Software (HKLM\...\{F2C07BE3-0F88-4D0C-957B-3557699981E9}) (Version: 22.50.231.0 - Hewlett-Packard Co.)
HP Deskjet 2050 J510 series Help (HKLM-x32\...\{7A3DF2E2-CF13-44FB-A93E-F71D5381DB3F}) (Version: 140.0.61.61 - Hewlett Packard)
HP Deskjet 2050 J510 series Product Improvement Study (HKLM\...\{EF48631A-7F45-430A-8AD3-B41CFB1D7596}) (Version: 22.50.231.0 - Hewlett-Packard Co.)
HP Deskjet 2540 series Basic Device Software (HKLM\...\{7AF1A318-2914-41CC-9B24-041C2D4AAAD7}) (Version: 32.0.1180.44630 - Hewlett-Packard Co.)
HP Deskjet 2540 series Help (HKLM-x32\...\{4539575D-C09D-4E71-B207-0F2D6BD74DA2}) (Version: 30.0.0 - Hewlett Packard)
HP Photo Creations (HKLM-x32\...\HP Photo Creations) (Version: 1.0.0.3781 - HP Photo Creations Powered by RocketLife)
HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
Intel PROSet Wireless (Version: - ) Hidden
Intel(R) PROSet/Wireless WiFi Software (HKLM\...\{1A8BA6CE-822D-4888-89E2-ACBF4308F271}) (Version: 13.02.0000 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 9.6.3.1001 - Intel Corporation)
Intel(R) Turbo Boost Technology Driver (HKLM-x32\...\{D6C630BF-8DBB-4042-8562-DC9A52CB6E7E}) (Version: 01.02.00.1002 - Intel Corporation)
Java 7 Update 51 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217051FF}) (Version: 7.0.510 - Oracle)
Java Auto Updater (x32 Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden
join.me (HKCU\...\JoinMe) (Version: 1.14.0.132 - LogMeIn, Inc.)
Junk Mail filter update (x32 Version: 14.0.8117.416 - Microsoft Corporation) Hidden
Kroatisch 100 (HKLM-x32\...\Kroatisch 100) (Version: - )
Kroatisch 101 (HKLM-x32\...\Kroatisch 101) (Version: - )
Malwarebytes Anti-Malware Version 2.00.0.1000 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.00.0.1000 - Malwarebytes Corporation)
McAfee SecurityCenter (HKLM-x32\...\MSC) (Version: - McAfee, Inc.)
Microsoft – Speichern als PDF oder XPS – Add-In für 2007 Microsoft Office-Programme (HKLM-x32\...\{90120000-00B2-0407-0000-0000000FF1CE}) (Version: 12.0.4518.1014 - Microsoft Corporation)
Microsoft .NET Framework 1.1 (HKLM-x32\...\{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}) (Version: 1.1.4322 - Microsoft)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Choice Guard (x32 Version: 2.0.48.0 - Microsoft Corporation) Hidden
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft)
Microsoft Office 2007 Service Pack 3 (SP3) (x32 Version: - Microsoft) Hidden
Microsoft Office 2010 (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Access MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Access Setup Metadata MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISE) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Enterprise 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Groove MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Groove Setup Metadata MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office InfoPath MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Office 64-bit Components 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Outlook MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Spanish) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (English) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) (x32 Version: - Microsoft) Hidden
Microsoft Office Publisher MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared Setup Metadata MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30214.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{A49F249F-0C91-497F-86DF-B2585E8E76B7}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 (HKLM-x32\...\{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (HKLM-x32\...\{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Mobile Partner (HKLM-x32\...\Mobile Partner) (Version: 11.302.06.07.40 - Huawei Technologies Co.,Ltd)
Mozilla Firefox 27.0.1 (x86 de) (HKLM-x32\...\Mozilla Firefox 27.0.1 (x86 de)) (Version: 27.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 27.0.1 - Mozilla)
MSVCRT (x32 Version: 14.0.1468.721 - Microsoft) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Nero BurnLite 10 (HKLM-x32\...\{842BEE12-CCCB-43F4-ABAF-CBA6DFE2583D}) (Version: 10.0.10600 - Nero AG)
Nero BurnLite 10 (HKLM-x32\...\{AB627AF2-9C7E-4DBD-816B-3B2646B81E89}) (Version: 10.0.10500.5.100 - Nero AG)
Nero Control Center 10 (x32 Version: 10.0.13100.3.1 - Nero AG) Hidden
Nero ControlCenter 10 Help (CHM) (x32 Version: 1.0.10700 - Nero AG) Hidden
Nero Core Components 10 (x32 Version: 2.0.15100.0.1 - Nero AG) Hidden
Nero Update (HKLM-x32\...\{65BB0407-4CC8-4DC7-952E-3EEFDF05602A}) (Version: 1.0.0018 - Nero AG)
NVIDIA Drivers (HKLM\...\NVIDIA Drivers) (Version: 1.4 - NVIDIA Corporation)
PBZ SmartCard Management 6.2 (HKLM-x32\...\{EAF87E76-821E-436C-BAEA-2E94643AA803}) (Version: 6.2.0 - PBZ)
PDF-XChange 4 (HKLM\...\{EA08048C-3823-4DC8-B169-1D5D11FFC19F}_is1) (Version: 4.0.194.0 - Tracker Software Products Ltd)
Product Improvement Study for HP Deskjet 2540 series (HKLM\...\{446CCB22-B632-4A1D-BF84-DA8DB0575F98}) (Version: 32.0.1180.44630 - Hewlett-Packard Co.)
Radsteroids (HKLM-x32\...\Radsteroids) (Version: 2.6.71 - Deals Interactive Media, LLC)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6003 - Realtek Semiconductor Corp.)
REALTEK Wireless LAN Software (HKLM-x32\...\{0F796312-289C-40CA-856C-9FBCF5E83342}) (Version: 0133.09.1202 - REALTEK Semiconductor Corp.)
Re-Markable (HKLM-x32\...\efbeffb6-b24d-4c4f-8cc2-06b93e00c194) (Version: - ReMarkable) <==== ATTENTION
SafeNet Authentication Client 8.1 SP1 (HKLM\...\{4DFE8ACE-8652-4CCE-A2C1-DB23C7D4F4AA}) (Version: 8.1.245.0 - SafeNet, Inc.)
Samsung Recovery Solution 4 (HKLM-x32\...\{145DE957-0679-4A2A-BB5C-1D3E9808FAB2}) (Version: 4.0.0.6 - Samsung)
Samsung R-Series (HKLM-x32\...\{3EED7541-55F8-4DC6-B9CD-28762D71310E}) (Version: 1.0 - Samsung)
Samsung Support Center (HKLM-x32\...\{F687E657-F636-44DF-8125-9FEEA2C362F5}) (Version: 1.0.2 - Samsung)
Samsung Update Plus (HKLM-x32\...\{D3F2FAA5-FEC4-42AA-9ABA-1F763919A2B5}) (Version: 2.0 - Samsung Electronics Co., Ltd.)
Skype Click to Call (HKLM-x32\...\{BB285C9F-C821-4770-8970-56C4AB52C87E}) (Version: 7.1.15383.6004 - Microsoft Corporation)
Skype™ 6.14 (HKLM-x32\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.14.104 - Skype Technologies S.A.)
SolidWorks eDrawings 2013 (HKLM-x32\...\{4C0B98D1-4A16-4C80-9E80-DB2E617A6DAC}) (Version: 13.1.127 - Dassault Systèmes SolidWorks Corp.)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 15.0.10.0 - Synaptics Incorporated)
Torrent Video Cutter 1.93 (HKLM-x32\...\{3BC7513B-BFBC-45EE-9D72-8E3132A4883A}_is1) (Version: - TorrentRockyou, Inc.)
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft)
Update for Microsoft Office 2007 Help for Common Features (KB963673) (HKLM-x32\...\{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{AB365889-0395-4FAD-B702-CA5985D53D42}) (Version: - Microsoft)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{A024FC7B-77DE-45DE-A058-1C049A17BFB3}) (Version: - Microsoft)
Update for Microsoft Office 2007 suites (KB2687493) 32-Bit Edition (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6FAA03BD-2B51-4029-9AD9-64A3B8E3C84C}) (Version: - Microsoft)
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (HKLM-x32\...\{90120000-002A-0000-1000-0000000FF1CE}_ENTERPRISE_{CB68A5B0-3508-4193-AEB9-AF636DAECE0F}) (Version: - Microsoft)
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{CB68A5B0-3508-4193-AEB9-AF636DAECE0F}) (Version: - Microsoft)
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{E9A82945-BA29-4EE8-8F2A-2F49545E9CF2}) (Version: - Microsoft)
Update for Microsoft Office Access 2007 Help (KB963663) (HKLM-x32\...\{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISE_{6B76A18A-AA1E-42AB-A7AD-6C84BBB43987}) (Version: - Microsoft)
Update for Microsoft Office Excel 2007 Help (KB963678) (HKLM-x32\...\{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISE_{199DF7B6-169C-448C-B511-1054101BE9C9}) (Version: - Microsoft)
Update for Microsoft Office Infopath 2007 Help (KB963662) (HKLM-x32\...\{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISE_{716B81B8-B13C-41DF-8EAC-7A2F656CAB63}) (Version: - Microsoft)
Update for Microsoft Office OneNote 2007 Help (KB963670) (HKLM-x32\...\{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISE_{2744EF05-38E1-4D5D-B333-E021EDAEA245}) (Version: - Microsoft)
Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition (HKLM-x32\...\{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{ED38F8A3-4F61-494E-8BCA-E3AC7760C924}) (Version: - Microsoft)
Update for Microsoft Office Outlook 2007 Help (KB963677) (HKLM-x32\...\{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{0451F231-E3E3-4943-AB9F-58EB96171784}) (Version: - Microsoft)
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2878234) 32-Bit Edition (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{EC1934B0-AE0F-4BBD-8955-54BB3247ED9E}) (Version: - Microsoft)
Update for Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM-x32\...\{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISE_{397B1D4F-ED7B-4ACA-A637-43B670843876}) (Version: - Microsoft)
Update for Microsoft Office Publisher 2007 Help (KB963667) (HKLM-x32\...\{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISE_{2E40DE55-B289-4C8B-8901-5D369B16814F}) (Version: - Microsoft)
Update for Microsoft Office Script Editor Help (KB963671) (HKLM-x32\...\{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{CD11C6A2-FFC6-4271-8EAB-79C3582F505C}) (Version: - Microsoft)
Update for Microsoft Office Word 2007 Help (KB963665) (HKLM-x32\...\{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISE_{80E762AA-C921-4839-9D7D-DB62A72C0726}) (Version: - Microsoft)
User Guide (HKLM-x32\...\{BAE68339-B0F6-4D33-9554-5A3DB2DFF5DA}) (Version: 1.0 - )
Windows Live Call (x32 Version: 14.0.8117.0416 - Microsoft Corporation) Hidden
Windows Live Communications Platform (x32 Version: 14.0.8117.416 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite_Wave3) (Version: 14.0.8117.0416 - Microsoft Corporation)
Windows Live Essentials (x32 Version: 14.0.8117.416 - Microsoft Corporation) Hidden
Windows Live Family Safety (Version: 14.0.8118.427 - Microsoft Corporation) Hidden
Windows Live ID Sign-in Assistant (HKLM\...\{9B48B0AC-C813-4174-9042-476A887592C7}) (Version: 6.500.3165.0 - Microsoft Corporation)
Windows Live Mail (x32 Version: 14.0.8117.0416 - Microsoft Corporation) Hidden
Windows Live Messenger (x32 Version: 14.0.8117.0416 - Microsoft Corporation) Hidden
Windows Live Movie Maker (x32 Version: 14.0.8117.0416 - Microsoft Corporation) Hidden
Windows Live Photo Gallery (x32 Version: 14.0.8117.416 - Microsoft Corporation) Hidden
Windows Live Sync (HKLM-x32\...\{B10914FD-8812-47A4-85A1-50FCDE7F1F33}) (Version: 14.0.8117.416 - Microsoft Corporation)
Windows Live Upload Tool (HKLM-x32\...\{205C6BDD-7B73-42DE-8505-9A093F35A238}) (Version: 14.0.8014.1029 - Microsoft Corporation)
Windows Live Writer (x32 Version: 14.0.8117.0416 - Microsoft Corporation) Hidden
Windows Mobile Device Center (HKLM\...\{626672CD-BFCF-49A9-AEFE-AB0FED3BFC5B}) (Version: 6.1.6965.0 - Microsoft Corporation)
Workspace Desktop (HKCU\...\workspacedesktop) (Version: - Starfield Technologies)
Yahoo! Software Update (HKLM-x32\...\Yahoo! Software Update) (Version: - )
Youtube Downloader HD v. 2.5 (HKLM-x32\...\Youtube Downloader HD_is1) (Version: - YoutubeDownloaderHD.com)
==================== Restore Points =========================
21-03-2014 16:27:14 Restore Operation
23-03-2014 18:01:00 Windows Backup
28-03-2014 14:05:08 ComboFix created restore point
30-03-2014 17:00:59 Windows Backup
==================== Hosts content: ==========================
2009-07-14 04:34 - 2014-03-28 16:18 - 00000027 ____A C:\windows\system32\Drivers\etc\hosts
127.0.0.1 localhost
==================== Scheduled Tasks (whitelisted) =============
Task: {05FACB47-A91F-420D-BCEC-FF600F302C99} - System32\Tasks\SUPBackground => C:\Program Files\Samsung\Samsung Update Plus\SUPBackground.exe
Task: {0B7DFB6C-E4D1-48B8-898B-4C7912F97612} - System32\Tasks\EasyBatteryManager => C:\Program Files (x86)\Samsung\EasyBatteryManager\EasyBatteryMgr4.exe [2010-03-29] (SAMSUNG Electronics co., LTD.)
Task: {226CBEF3-C14B-4D3E-9085-AAEF8FF18D69} - System32\Tasks\BatteryLifeExtender => C:\Program Files (x86)\Samsung\BatteryLifeExtender\BatteryLifeExtender.exe [2010-06-01] (Samsung Electronics. Co. Ltd.)
Task: {5BE0D17C-76F2-4E3D-B09E-6D4EE3D925FC} - System32\Tasks\Adobe Flash Player Updater => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-01-22] (Adobe Systems Incorporated)
Task: {653FEC7F-8ED0-41BD-AB56-2AF118229ACE} - System32\Tasks\advSRS4 => C:\Program Files (x86)\Samsung\Samsung Recovery Solution 4\WCScheduler.exe [2010-01-19] (SEC)
Task: {6EED5B53-C9A0-42FA-AE46-8BEEAB054DAE} - System32\Tasks\EasyPartitionManager => C:\Windows\MSetup\BA46-05053A92\EPM.exe
Task: {72F0AD20-9062-4249-8F89-F350BC828D5B} - System32\Tasks\HPCustParticipation HP Deskjet 2050 J510 series => C:\Program Files\HP\HP Deskjet 2050 J510 series\Bin\HPCustPartic.exe [2010-11-16] (Hewlett-Packard Co.)
Task: {886F123B-D25A-4AEB-A115-32CE07A5D0F9} - System32\Tasks\EasySpeedUpManager => C:\Program Files (x86)\SAMSUNG\EasySpeedUpManager\EasySpeedUpManager.exe [2009-10-13] (Samsung Electronics Co., Ltd.)
Task: {89FF33A2-F3FC-4C8D-9CF4-B2CD28DF9072} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-03-09] (Google Inc.)
Task: {A470B1C0-BFE2-4AF9-86A9-EE0053D35B0C} - System32\Tasks\HPCustParticipation HP Deskjet 2540 series => C:\Program Files\HP\HP Deskjet 2540 series\Bin\HPCustPartic.exe [2013-08-13] (Hewlett-Packard Co.)
Task: {ADFA7B18-9DAA-4834-8DB3-BBB723E7A643} - System32\Tasks\Microsoft\Windows\WindowsBackup\AutomaticBackup => Rundll32.exe /d sdengin2.dll,ExecuteScheduledBackup
Task: {D04BE3F9-8A77-465B-9FD3-EE169B863AFB} - System32\Tasks\SidebarExecute => C:\Program Files (x86)\Windows Sidebar\sidebar.exe [2010-11-20] (Microsoft Corporation)
Task: {DC6A9C4F-A5CB-4CD0-A21F-3EBC70F6B9D3} - System32\Tasks\Re-Markable Update => C:\Program Files (x86)\Re-Markable Corp\ReMar.exe [2014-03-31] ()
Task: {EE0D84EC-1E2F-4BBA-88E9-1E856F1124F1} - System32\Tasks\Re-Markable_wd => C:\Program Files (x86)\Re-Markable Corp\Re-Markable_wd.exe [2014-03-31] ()
Task: {EEB22DF6-0F59-47F0-AACB-71529433DA01} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-03-09] (Google Inc.)
Task: {F254D32B-1775-4D89-B685-49A7F1085082} - System32\Tasks\Ad-Aware Update (Weekly) => C:\Program Files (x86)\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe
Task: {F61F6EF1-4B7D-4235-A63E-9D1A37BD484D} - System32\Tasks\EasyDisplayMgr => C:\Program Files (x86)\Samsung\Easy Display Manager\dmhkcore.exe [2010-06-08] (Samsung Electronics Co., Ltd.)
Task: {FC8801BB-D0C9-48A7-B692-FE243C37E441} - System32\Tasks\SamsungSupportCenter => C:\Program Files (x86)\Samsung\Samsung Support Center\SSCKbdHk.exe [2010-05-06] (SAMSUNG Electronics)
Task: C:\windows\Tasks\Adobe Flash Player Updater.job => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\Re-Markable Update.job => C:\Program Files (x86)\Re-Markable Corp\ReMar.exe
Task: C:\windows\Tasks\Re-Markable_wd.job => C:\Program Files (x86)\Re-Markable Corp\Re-Markable_wd.exe
==================== Loaded Modules (whitelisted) =============
2014-03-31 11:22 - 2014-03-31 11:22 - 00077312 _____ () C:\Program Files (x86)\Re-Markable Corp\Re-Markable_wd.exe
2014-03-31 11:22 - 2014-03-31 11:22 - 00322048 _____ () C:\Program Files (x86)\Re-Markable Corp\ReMar.exe
2014-03-31 11:22 - 2014-03-31 11:22 - 00142336 _____ () C:\Program Files (x86)\Re-Markable Corp\Re-Markable158.exe
2010-08-04 04:27 - 2009-03-05 11:54 - 00311296 _____ () C:\windows\SysWOW64\Rezip.exe
2013-12-15 00:12 - 2013-12-09 12:37 - 00394808 _____ () C:\Program Files (x86)\Avira\AntiVir Desktop\sqlite3.dll
2010-08-04 04:39 - 2006-08-12 05:48 - 00049152 _____ () C:\Program Files (x86)\Samsung\Easy Display Manager\HookDllPS2.dll
2014-03-31 11:22 - 2014-03-31 11:22 - 00133120 _____ () C:\Program Files (x86)\Re-Markable Corp\Re-Markable158.dll
2014-04-02 14:38 - 2014-04-02 14:38 - 00041984 _____ () c:\users\andreas\appdata\local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmplakqpg.dll
2013-10-19 01:55 - 2013-10-19 01:55 - 25100288 _____ () C:\Users\andreas\AppData\Roaming\Dropbox\bin\libcef.dll
==================== Alternate Data Streams (whitelisted) =========
==================== Safe Mode (whitelisted) ===================
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcmscsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MpfService => ""="Service"
==================== Disabled items from MSCONFIG ==============
==================== Faulty Device Manager Devices =============
Name: Ethernet Controller
Description: Ethernet Controller
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
==================== Event log errors: =========================
Application errors:
==================
Error: (04/01/2014 10:22:29 AM) (Source: Application Error) (User: )
Description: Faulting application name: Re-Markable158.exe, version: 1.158.0.0, time stamp: 0x53335215
Faulting module name: KERNELBASE.dll, version: 6.1.7601.18229, time stamp: 0x51fb1116
Exception code: 0xe06d7363
Fault offset: 0x0000c41f
Faulting process id: 0xf74
Faulting application start time: 0xRe-Markable158.exe0
Faulting application path: Re-Markable158.exe1
Faulting module path: Re-Markable158.exe2
Report Id: Re-Markable158.exe3
Error: (04/01/2014 09:52:59 AM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"1".Error in manifest or policy file "WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"2" on line WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"3.
Component identity found in manifest does not match the identity of the component requested.
Reference is WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1".
Definition is WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1".
Please use sxstrace.exe for detailed diagnosis.
Error: (03/31/2014 10:22:22 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
System errors:
=============
Error: (04/02/2014 02:38:12 PM) (Source: Service Control Manager) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Schedule service.
Error: (04/02/2014 02:37:18 PM) (Source: Service Control Manager) (User: )
Description: The WinkHandler service failed to start due to the following error:
%%2
Error: (04/02/2014 02:36:55 PM) (Source: Service Control Manager) (User: )
Description: The McAfee Anti-Spam Service service failed to start due to the following error:
%%2
Error: (04/01/2014 10:22:09 AM) (Source: DCOM) (User: )
Description: {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}
Error: (04/01/2014 08:46:44 AM) (Source: Service Control Manager) (User: )
Description: The WinkHandler service failed to start due to the following error:
%%2
Error: (04/01/2014 08:46:39 AM) (Source: Service Control Manager) (User: )
Description: The McAfee Anti-Spam Service service failed to start due to the following error:
%%2
Error: (03/31/2014 11:14:49 PM) (Source: DCOM) (User: )
Description: {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}
Error: (03/31/2014 07:29:38 PM) (Source: DCOM) (User: )
Description: {995C996E-D918-4A8C-A302-45719A6F4EA7}
Error: (03/31/2014 03:15:13 PM) (Source: BROWSER) (User: )
Description: The browser service has failed to retrieve the backup list too many times on transport \Device\NetBT_Tcpip_{A25F54B9-8F0C-4985-A3AC-809B758CDD91}.
The backup browser is stopping.
Microsoft Office Sessions:
=========================
Error: (03/30/2014 08:13:40 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6690.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 24 seconds with 0 seconds of active time. This session ended with a crash.
Error: (06/27/2011 03:50:33 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6557.5001, Microsoft Office Version: 12.0.6425.1000. This session lasted 164 seconds with 60 seconds of active time. This session ended with a crash.
CodeIntegrity Errors:
===================================
Date: 2014-03-28 15:15:42.895
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2014-03-28 15:15:42.725
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2013-08-27 09:24:49.525
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll because the set of per-page image hashes could not be found on the system.
Date: 2013-08-27 08:55:07.869
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll because the set of per-page image hashes could not be found on the system.
Date: 2013-08-26 23:04:40.842
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll because the set of per-page image hashes could not be found on the system.
Date: 2013-08-26 19:28:05.170
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll because the set of per-page image hashes could not be found on the system.
Date: 2013-08-26 18:33:42.839
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll because the set of per-page image hashes could not be found on the system.
Date: 2013-08-26 17:48:15.556
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll because the set of per-page image hashes could not be found on the system.
Date: 2013-08-26 17:33:51.106
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll because the set of per-page image hashes could not be found on the system.
Date: 2013-08-26 16:28:57.528
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll because the set of per-page image hashes could not be found on the system.
==================== Memory info ===========================
Percentage of memory in use: 49%
Total physical RAM: 3956.55 MB
Available physical RAM: 1983.49 MB
Total Pagefile: 7911.28 MB
Available Pagefile: 5872.9 MB
Total Virtual: 8192 MB
Available Virtual: 8191.82 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:112 GB) (Free:11.49 GB) NTFS
Drive d: () (Fixed) (Total:165.99 GB) (Free:32.58 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (Size: 298 GB) (Disk ID: 8C0FBFDC)
Partition 1: (Not Active) - (Size=20 GB) - (Type=27)
Partition 2: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=112 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=166 GB) - (Type=OF Extended)
==================== End Of Log ============================
Gruß Andi |
|
03.04.2014, 09:29
| #10 |
| /// the machine /// TB-Ausbilder | Spam Mails werden von yahoo account verschickt - auch nach Passwortänderung Vor dem ESET scan war das FRST log fast sauber, jetzt sieht es aus wie sau. Was genau haste angestellt? Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster. Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument Code:
ATTFilter GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
ProxyEnable: Internet Explorer proxy is enabled.
ProxyServer: http=127.0.0.1:13828
Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
Revo Uninstaller - Download - Filepony Damit alles deinstallieren was Du in der Additional.txt findest mit dem Zusatz <== ATTENTION Mit Revo auch Moderat die Reste entfernen lassen. Downloade Dir bitte Malwarebytes Anti-Malware
Downloade Dir bitte AdwCleaner auf deinen Desktop.
Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
und ein frisches FRST log bitte.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
03.04.2014, 12:24
| #11 |
| | Spam Mails werden von yahoo account verschickt - auch nach Passwortänderung Hi, ja, sorry, weiß auch nicht was da passiert ist :-( Bin ja eigentlich schon sehr vorsichtig mit wo ich rauf klicke. Geändert von Andi64 (03.04.2014 um 12:36 Uhr) Grund: aus versehen 2x der gleiche Beitrag |
|
03.04.2014, 12:29
| #12 |
| | Spam Mails werden von yahoo account verschickt - auch nach Passwortänderung Hi, ja, sorry, weiß auch nicht was da passiert ist :-( Bin ja eigentlich schon sehr vorsichtig mit wo ich rauf klicke. Also hier die Log Files: FixLog Code:
ATTFilter Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 13-03-2014
Ran by andreas at 2014-04-03 11:09:52 Run:1
Running from C:\Users\andreas\Desktop
Boot Mode: Normal
==============================================
Content of fixlist:
*****************
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
ProxyEnable: Internet Explorer proxy is enabled.
ProxyServer: http=127.0.0.1:13828
*****************
C:\windows\system32\GroupPolicy\Machine => Moved successfully.
C:\windows\system32\GroupPolicy\GPT.ini => Moved successfully.
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable => Value deleted successfully.
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer => Value deleted successfully.
The system needed a reboot.
==== End of Fixlog ====
Code:
ATTFilter Malwarebytes Anti-Malware www.malwarebytes.org Suchlauf Datum: 03.04.2014 Suchlauf-Zeit: 12:18:08 Logdatei: mbam neu.txt Administrator: Ja Version: 2.00.0.1000 Malware Datenbank: v2014.04.03.02 Rootkit Datenbank: v2014.03.27.01 Lizenz: Kostenlos Malware Schutz: Deaktiviert Bösartiger Webseiten Schutz: Deaktiviert Chameleon: Deaktiviert Betriebssystem: Windows 7 Service Pack 1 CPU: x64 Dateisystem: NTFS Benutzer: andreas Suchlauf-Art: Bedrohungs-Suchlauf Ergebnis: Abgeschlossen Durchsuchte Objekte: 315679 Verstrichene Zeit: 39 Min, 35 Sek Speicher: Aktiviert Autostart: Aktiviert Dateisystem: Aktiviert Archive: Aktiviert Rootkits: Aktiviert Shuriken: Aktiviert PUP: Aktiviert PUM: Aktiviert Prozesse: 4 PUP.Optional.Radsteroids.A, C:\ProgramData\Radsteroids\RadsteroidsService.exe, 1048, Löschen bei Neustart, [5fa13ec26c94b7494661c7929869de22] PUP.Optional.Radsteroids.A, C:\ProgramData\Radsteroids\Radsteroids.exe, 3316, Löschen bei Neustart, [43bda35d27d924dc46615efb0af7ab55] PUP.Optional.ReMarkable.A, C:\Program Files (x86)\Re-Markable Corp\Re-Markable158.exe, 3732, Löschen bei Neustart, [ea16b8486a96877931120654729027d9] PUP.Optional.ReMarkable.A, C:\Program Files (x86)\Re-Markable Corp\Re-Markable_wd.exe, 4032, Löschen bei Neustart, [ea16b8486a96877931120654729027d9] Module: 1 PUP.Optional.ReMarkable.A, C:\Program Files (x86)\Re-Markable Corp\Re-Markable158.dll, Löschen bei Neustart, [ea16b8486a96877931120654729027d9], Registrierungsschlüssel: 11 PUP.Optional.Radsteroids.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\Radsteroids, In Quarantäne, [5fa13ec26c94b7494661c7929869de22], PUP.Optional.WebSteroids.A, HKLM\SOFTWARE\CLASSES\CLSID\{051E9166-B275-4683-907B-372FAE22BC7C}, In Quarantäne, [0bf516ea16ea649c9b998488ea1848b8], PUP.Optional.WebSteroids.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{051E9166-B275-4683-907B-372FAE22BC7C}, In Quarantäne, [0bf516ea16ea649c9b998488ea1848b8], PUP.Optional.DynConIE.A, HKLM\SOFTWARE\CLASSES\CLSID\{E5A7A645-8318-4895-B85C-EDC606B80DB6}, In Quarantäne, [26daea16a25e936d8b77f61613ef34cc], PUP.Optional.DynConIE.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{E5A7A645-8318-4895-B85C-EDC606B80DB6}, In Quarantäne, [26daea16a25e936d8b77f61613ef34cc], PUP.Optional.Iminent.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\WinkHandler, In Quarantäne, [9769c7397f81916fac380d5f1ae803fd], PUP.Optional.ReMarkable.A, HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\Re_Markable, Löschen bei Neustart, [8d730df3b9474eb243f593cbf01229d7], PUP.Optional.ReMarkable.A, HKU\S-1-5-21-522234228-4192544273-3428825822-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\Re_Markable, Löschen bei Neustart, [7987ee12946c709058e0ca9434ceb34d], PUP.Optional.Radsteroids.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\Radsteroids, In Quarantäne, [c53b9a669967619fa13a4710ac56f010], PUP.Optional.ReMarkable.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\Re-Markable, In Quarantäne, [ea16b8486a96877931120654729027d9], PUP.Optional.ReMarkable.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\efbeffb6-b24d-4c4f-8cc2-06b93e00c194, In Quarantäne, [ea16b8486a96877931120654729027d9], Registrierungswerte: 1 PUM.Bad.Proxy, HKU\S-1-5-21-522234228-4192544273-3428825822-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS|ProxyServer, http=127.0.0.1:13828, Löschen bei Neustart, [659bf010a55b827e9294831847bc06fa] Registrierungsdaten: 0 (No malicious items detected) Ordner: 3 PUP.Optional.Radsteroids.A, C:\Users\andreas\AppData\Local\Radsteroids, In Quarantäne, [5ca40ef218e8ef11ce0c95c2aa583dc3], PUP.Optional.Radsteroids.A, C:\ProgramData\Radsteroids, Löschen bei Neustart, [c53b9a669967619fa13a4710ac56f010], PUP.Optional.ReMarkable.A, C:\Program Files (x86)\Re-Markable Corp, Löschen bei Neustart, [ea16b8486a96877931120654729027d9], Dateien: 23 PUP.Optional.Radsteroids.A, C:\ProgramData\Radsteroids\RadsteroidsService.exe, Löschen bei Neustart, [5fa13ec26c94b7494661c7929869de22], PUP.Optional.Radsteroids.A, C:\ProgramData\Radsteroids\Radsteroids.exe, Löschen bei Neustart, [43bda35d27d924dc46615efb0af7ab55], PUP.Optional.ReMarkable.A, C:\Windows\Tasks\Re-Markable Update.job, In Quarantäne, [28d86a96e02033cd89ac91cd6f938f71], PUP.Optional.Radsteroids.A, C:\Users\andreas\AppData\Local\Radsteroids\data2.dat, In Quarantäne, [5ca40ef218e8ef11ce0c95c2aa583dc3], PUP.Optional.Radsteroids.A, C:\ProgramData\Radsteroids\app.dat, In Quarantäne, [c53b9a669967619fa13a4710ac56f010], PUP.Optional.Radsteroids.A, C:\ProgramData\Radsteroids\data.dat, In Quarantäne, [c53b9a669967619fa13a4710ac56f010], PUP.Optional.Radsteroids.A, C:\ProgramData\Radsteroids\Radsteroids.exe.config, In Quarantäne, [c53b9a669967619fa13a4710ac56f010], PUP.Optional.Radsteroids.A, C:\ProgramData\Radsteroids\Radsteroids.ico, In Quarantäne, [c53b9a669967619fa13a4710ac56f010], PUP.Optional.Radsteroids.A, C:\ProgramData\Radsteroids\RadsteroidsService.exe.config, In Quarantäne, [c53b9a669967619fa13a4710ac56f010], PUP.Optional.Radsteroids.A, C:\ProgramData\Radsteroids\Uninstall.exe, In Quarantäne, [c53b9a669967619fa13a4710ac56f010], PUP.Optional.ReMarkable.A, C:\Program Files (x86)\Re-Markable Corp\158.crx, In Quarantäne, [ea16b8486a96877931120654729027d9], PUP.Optional.ReMarkable.A, C:\Program Files (x86)\Re-Markable Corp\158.dat, In Quarantäne, [ea16b8486a96877931120654729027d9], PUP.Optional.ReMarkable.A, C:\Program Files (x86)\Re-Markable Corp\158.xpi, In Quarantäne, [ea16b8486a96877931120654729027d9], PUP.Optional.ReMarkable.A, C:\Program Files (x86)\Re-Markable Corp\a.db, In Quarantäne, [ea16b8486a96877931120654729027d9], PUP.Optional.ReMarkable.A, C:\Program Files (x86)\Re-Markable Corp\b.db, In Quarantäne, [ea16b8486a96877931120654729027d9], PUP.Optional.ReMarkable.A, C:\Program Files (x86)\Re-Markable Corp\Re-Markable158.bin, In Quarantäne, [ea16b8486a96877931120654729027d9], PUP.Optional.ReMarkable.A, C:\Program Files (x86)\Re-Markable Corp\Re-Markable158.dll, Löschen bei Neustart, [ea16b8486a96877931120654729027d9], PUP.Optional.ReMarkable.A, C:\Program Files (x86)\Re-Markable Corp\Re-Markable158.exe, Löschen bei Neustart, [ea16b8486a96877931120654729027d9], PUP.Optional.ReMarkable.A, C:\Program Files (x86)\Re-Markable Corp\Re-Markable158.ini, In Quarantäne, [ea16b8486a96877931120654729027d9], PUP.Optional.ReMarkable.A, C:\Program Files (x86)\Re-Markable Corp\Re-Markable_wd.exe, Löschen bei Neustart, [ea16b8486a96877931120654729027d9], PUP.Optional.ReMarkable.A, C:\Program Files (x86)\Re-Markable Corp\ReMar.exe, In Quarantäne, [ea16b8486a96877931120654729027d9], PUP.Optional.ReMarkable.A, C:\Program Files (x86)\Re-Markable Corp\Sqlite3.dll, In Quarantäne, [ea16b8486a96877931120654729027d9], PUP.Optional.ReMarkable.A, C:\Program Files (x86)\Re-Markable Corp\Uninstall.exe, In Quarantäne, [ea16b8486a96877931120654729027d9], Physische Sektoren: 0 (No malicious items detected) (end) AdwCleaner Logfile: Code:
ATTFilter # AdwCleaner v3.023 - Report created 03/04/2014 at 12:36:51
# Updated 01/04/2014 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : andreas - ANDREAS-PC
# Running from : C:\Users\andreas\Desktop\adwcleaner (1).exe
# Option : Clean
***** [ Services ] *****
***** [ Files / Folders ] *****
Folder Deleted : C:\Users\andreas\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejdfidgapfiokiphmcjpmmjbdndepoja
File Deleted : C:\windows\Tasks\Re-Markable_wd.job
File Deleted : C:\windows\System32\Tasks\Re-Markable_wd
***** [ Shortcuts ] *****
***** [ Registry ] *****
Value Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [Starfield Updater]
***** [ Browsers ] *****
-\\ Internet Explorer v11.0.9600.16521
-\\ Mozilla Firefox v27.0.1 (de)
[ File : C:\Users\andreas\AppData\Roaming\Mozilla\Firefox\Profiles\f3er6lil.default\prefs.js ]
-\\ Google Chrome v33.0.1750.154
[ File : C:\Users\andreas\AppData\Local\Google\Chrome\User Data\Default\preferences ]
*************************
AdwCleaner[R0].txt - [9050 octets] - [30/03/2014 18:05:21]
AdwCleaner[R1].txt - [4403 octets] - [31/03/2014 13:14:46]
AdwCleaner[R2].txt - [1465 octets] - [03/04/2014 12:33:05]
AdwCleaner[S0].txt - [8797 octets] - [30/03/2014 18:12:26]
AdwCleaner[S1].txt - [4513 octets] - [31/03/2014 13:18:37]
AdwCleaner[S2].txt - [1394 octets] - [03/04/2014 12:36:51]
########## EOF - C:\AdwCleaner\AdwCleaner[S2].txt - [1454 octets] ##########
[/CODE] AdwCleaner Logfile: Code:
ATTFilter # AdwCleaner v3.023 - Report created 03/04/2014 at 12:33:05
# Updated 01/04/2014 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : andreas - ANDREAS-PC
# Running from : C:\Users\andreas\Desktop\adwcleaner (1).exe
# Option : Scan
***** [ Services ] *****
***** [ Files / Folders ] *****
File Found : C:\windows\System32\Tasks\Re-Markable_wd
File Found : C:\windows\Tasks\Re-Markable_wd.job
Folder Found : C:\Users\andreas\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejdfidgapfiokiphmcjpmmjbdndepoja
***** [ Shortcuts ] *****
***** [ Registry ] *****
Value Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [Starfield Updater]
***** [ Browsers ] *****
-\\ Internet Explorer v11.0.9600.16521
-\\ Mozilla Firefox v27.0.1 (de)
[ File : C:\Users\andreas\AppData\Roaming\Mozilla\Firefox\Profiles\f3er6lil.default\prefs.js ]
-\\ Google Chrome v33.0.1750.154
[ File : C:\Users\andreas\AppData\Local\Google\Chrome\User Data\Default\preferences ]
*************************
AdwCleaner[R0].txt - [9050 octets] - [30/03/2014 18:05:21]
AdwCleaner[R1].txt - [4403 octets] - [31/03/2014 13:14:46]
AdwCleaner[R2].txt - [1205 octets] - [03/04/2014 12:33:05]
AdwCleaner[S0].txt - [8797 octets] - [30/03/2014 18:12:26]
AdwCleaner[S1].txt - [4513 octets] - [31/03/2014 13:18:37]
########## EOF - C:\AdwCleaner\AdwCleaner[R2].txt - [1385 octets] ##########
[/CODE] JRT Code:
ATTFilter ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.3 (03.23.2014:1)
OS: Windows 7 Home Premium x64
Ran by andreas on 03.04.2014 at 12:59:33,65
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~ Services
~~~ Registry Values
~~~ Registry Keys
~~~ Files
~~~ Folders
~~~ Event Viewer Logs were cleared
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 03.04.2014 at 13:07:16,43
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 13-03-2014
Ran by andreas (administrator) on ANDREAS-PC on 03-04-2014 13:12:05
Running from C:\Users\andreas\Desktop
Windows 7 Home Premium Service Pack 1 (X64) OS Language: English(US)
Internet Explorer Version 11
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(NVIDIA Corporation) C:\windows\system32\nvvsvc.exe
(NVIDIA Corporation) C:\windows\system32\nvvsvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Microsoft Corporation) C:\windows\SysWOW64\svchost.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(Starfield Technologies) C:\Program Files (x86)\Workspace\offSyncService.exe
() C:\windows\SysWOW64\Rezip.exe
(SafeNet, Inc.) C:\Program Files\SafeNet\Authentication\SAC\x64\SACSrv.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Yahoo! Inc.) C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Microsoft Corporation) C:\Windows\WindowsMobile\wmdc.exe
(Akamai Technologies, Inc.) C:\Users\andreas\AppData\Local\Akamai\netsession_win.exe
(Starfield Technologies) C:\Users\andreas\AppData\Local\Workspace\workspacestatus.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(Starfield Technologies) C:\Users\andreas\AppData\Local\Workspace\workspaceupdate.exe
(Dropbox, Inc.) C:\Users\andreas\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\Easy Display Manager\dmhkcore.exe
(SAMSUNG Electronics) C:\Program Files (x86)\Samsung\Samsung Support Center\SSCKbdHk.exe
(SEC) C:\Program Files (x86)\Samsung\Samsung Recovery Solution 4\WCScheduler.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD8\PDVD8Serv.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(Akamai Technologies, Inc.) C:\Users\andreas\AppData\Local\Akamai\netsession_win.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.22.5\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.22.5\GoogleCrashHandler64.exe
(Nero AG) C:\Program Files (x86)\Nero\Update\NASvc.exe
(Microsoft Corporation) C:\windows\SysWOW64\notepad.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2074408 2010-02-26] (Synaptics Incorporated)
HKLM\...\Run: [NvCplDaemon] - C:\windows\system32\NvCpl.dll [16413288 2010-02-10] (NVIDIA Corporation)
HKLM\...\Run: [Windows Mobile Device Center] - C:\Windows\WindowsMobile\wmdc.exe [660360 2007-05-31] (Microsoft Corporation)
HKLM-x32\...\Run: [RemoteControl8] - C:\Program Files (x86)\CyberLink\PowerDVD8\PDVD8Serv.exe [91432 2009-04-15] (CyberLink Corp.)
HKLM-x32\...\Run: [PDVD8LanguageShortcut] - C:\Program Files (x86)\CyberLink\PowerDVD8\Language\Language.exe [50472 2009-04-15] (CyberLink Corp.)
HKLM-x32\...\Run: [GrooveMonitor] - C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
HKLM-x32\...\Run: [Ad-Aware Browsing Protection] - C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe [198032 2011-10-21] (Lavasoft)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [avgnt] - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [689744 2014-02-20] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM-x32\...\Run: [HP Software Update] - C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard)
HKLM-x32\...\Run: [] - [X]
HKU\S-1-5-21-522234228-4192544273-3428825822-1001\...\Run: [Akamai NetSession Interface] - C:\Users\andreas\AppData\Local\Akamai\netsession_win.exe [4672920 2014-03-06] (Akamai Technologies, Inc.)
HKU\S-1-5-21-522234228-4192544273-3428825822-1001\...\Run: [swg] - C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2011-08-06] (Google Inc.)
HKU\S-1-5-21-522234228-4192544273-3428825822-1001\...\Run: [Workspace Status] - C:\Users\andreas\AppData\Local\Workspace\workspacestatus.exe [694760 2013-07-26] (Starfield Technologies)
HKU\S-1-5-21-522234228-4192544273-3428825822-1001\...\Run: [Skype] - C:\Program Files (x86)\Skype\Phone\Skype.exe [20922016 2014-02-10] (Skype Technologies S.A.)
HKU\S-1-5-21-522234228-4192544273-3428825822-1001\...\Run: [Starfield Updater] - C:\Users\andreas\AppData\Local\Workspace\workspaceupdate.exe [35008 2013-05-26] (Starfield Technologies)
Startup: C:\Users\andreas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\andreas\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
Startup: C:\Users\andreas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
ShortcutTarget: OneNote 2007 Screen Clipper and Launcher.lnk -> C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:Tabs
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKCU - {92C33D4D-06C3-49C7-9BDC-3A342E3899AD} URL = hxxp://de.search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=chr-yie9
SearchScopes: HKCU - {AD20EAA2-12B9-46B5-BBB3-32A3A31661D2} URL = hxxp://www.flickr.com/search/?q={searchTerms}
SearchScopes: HKCU - {F3EC1F04-D859-491B-921C-C994A33669CD} URL = hxxp://search.zonealarm.com/search?src=sp&tbid=goughGA&Lan=de&q={searchTerms}&gu=386d05aab96640798e6ea6ac9f50f5fc&tu=10GXz00Au1C01g0&sku=&tstsId=&ver=&&r=334
BHO: Windows Live Family Safety Browser Helper Class - {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - C:\Program Files\Windows Live\Family Safety\fssbho.dll (Microsoft Corporation)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
BHO-x32: No Name - {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO-x32: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO-x32: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: Google Gears Helper - {E0FEFE40-FBF9-42AE-BA58-794CA7E3FB53} - C:\Program Files (x86)\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll (Google Inc.)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKCU - Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
DPF: HKLM-x32 {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)
Handler-x32: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
Handler-x32: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\..\Interfaces\{011E7012-FCC3-417B-B375-8A252ADD8B30}: [NameServer]193.189.244.206 193.189.244.225
Tcpip\..\Interfaces\{708DB8B2-E39B-4BEE-842B-07EC99E3E497}: [NameServer]193.189.244.206 193.189.244.225
Tcpip\..\Interfaces\{8B8CA7B7-057C-43EE-9A22-091EB0577D86}: [NameServer]193.189.244.206 193.189.244.225
FireFox:
========
FF ProfilePath: C:\Users\andreas\AppData\Roaming\Mozilla\Firefox\Profiles\f3er6lil.default
FF Homepage: hxxp://yahoo.de/
FF Plugin: @adobe.com/FlashPlayer - C:\windows\system32\Macromed\Flash\NPSWF64_11_1_102.dll ()
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @java.com/DTPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=14.0.8117.0416 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @starfield.com/off - C:\Users\andreas\AppData\Roaming\Mozilla\Plugins\npoff.dll ( Starfield Technologies, LLC.)
FF Plugin HKCU: @starfield.com/off64 - C:\Users\andreas\AppData\Roaming\Mozilla\Plugins\npoff64.dll ( Starfield Technologies, LLC.)
FF Plugin HKCU: @starfield.com/wbe - C:\Users\andreas\AppData\Roaming\Mozilla\Plugins\npwbe.dll (Starfield Technology, LLC)
FF Plugin HKCU: @starfield.com/wbe64 - C:\Users\andreas\AppData\Roaming\Mozilla\Plugins\npwbe64.dll (Starfield Technology, LLC)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Users\andreas\AppData\Roaming\mozilla\plugins\npoff.dll ( Starfield Technologies, LLC.)
FF Plugin ProgramFiles/Appdata: C:\Users\andreas\AppData\Roaming\mozilla\plugins\npoff64.dll ( Starfield Technologies, LLC.)
FF Plugin ProgramFiles/Appdata: C:\Users\andreas\AppData\Roaming\mozilla\plugins\npwbe.dll (Starfield Technology, LLC)
FF Plugin ProgramFiles/Appdata: C:\Users\andreas\AppData\Roaming\mozilla\plugins\npwbe64.dll (Starfield Technology, LLC)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: WBE Paste - C:\Users\andreas\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\wbepaste@starfield [2013-05-26]
FF Extension: Workspace Email Zoom - C:\Users\andreas\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\zoomext@starfield [2013-05-26]
FF Extension: Bluhell Firewall - C:\Users\andreas\AppData\Roaming\Mozilla\Firefox\Profiles\f3er6lil.default\Extensions\{6BB5760D-F97E-421B-AF5B-8457A90C3CED}.xpi [2013-12-15]
FF Extension: No Name - C:\Program Files (x86)\Mozilla Firefox\extensions\KavAntiBanner@Kaspersky.ru [2014-02-28]
FF Extension: Anti-Banner - C:\Program Files (x86)\Mozilla Firefox\extensions\KavAntiBanner@kaspersky.ru_bak [2014-02-28]
FF Extension: No Name - C:\Program Files (x86)\Mozilla Firefox\extensions\linkfilter@kaspersky.ru [2014-02-28]
FF Extension: Modul zur Link-Untersuchung - C:\Program Files (x86)\Mozilla Firefox\extensions\linkfilter@kaspersky.ru_bak [2014-02-28]
FF Extension: No Name - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2014-03-03]
FF HKLM-x32\...\Firefox\Extensions: [{000a9d1c-beef-4f90-9363-039d445309b8}] - C:\Program Files (x86)\Google\Google Gears\Firefox\
FF Extension: Google Gears - C:\Program Files (x86)\Google\Google Gears\Firefox\ []
FF HKLM-x32\...\Firefox\Extensions: [virtualKeyboard@kaspersky.ru] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\FFExt\virtualKeyboard@kaspersky.ru
FF HKLM-x32\...\Firefox\Extensions: [KavAntiBanner@Kaspersky.ru] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\FFExt\KavAntiBanner@kaspersky.ru
FF HKLM-x32\...\Firefox\Extensions: [linkfilter@kaspersky.ru] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\FFExt\linkfilter@kaspersky.ru
FF HKLM-x32\...\Firefox\Extensions: [{FFB96CC1-7EB3-449D-B827-DB661701C6BB}] - C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker
FF HKCU\...\Firefox\Extensions: [{36ee80e3-92ec-4efb-b105-85435187eb87}] - C:\Program Files (x86)\Re-Markable Corp\158.xpi
Chrome:
=======
CHR DefaultSearchURL: hxxp://www.google.de/search?hl=de&source=hp&q={searchTerms}
CHR DefaultNewTabURL:
CHR Extension: (Google Docs) - C:\Users\andreas\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-12-13]
CHR Extension: (Google Drive) - C:\Users\andreas\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-12-13]
CHR Extension: (YouTube) - C:\Users\andreas\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-12-13]
CHR Extension: (Google Search) - C:\Users\andreas\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-12-13]
CHR Extension: (Re-Markable) - C:\Users\andreas\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejdfidgapfiokiphmcjpmmjbdndepoja [2014-03-31]
CHR Extension: (Bflix extension) - C:\Users\andreas\AppData\Local\Google\Chrome\User Data\Default\Extensions\jlfihafpijfdgmojeeigcldgchhojpfp [2014-03-04]
CHR Extension: (Skype Click to Call) - C:\Users\andreas\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2014-03-04]
CHR Extension: (Google Wallet) - C:\Users\andreas\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-23]
CHR Extension: (Gmail) - C:\Users\andreas\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-12-13]
CHR HKLM-x32\...\Chrome\Extension: [jlfihafpijfdgmojeeigcldgchhojpfp] - C:\Program Files (x86)\BFlix\BFlix.crx [2011-12-19]
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2014-03-03]
==================== Services (Whitelisted) =================
R2 Akamai; c:\program files (x86)\common files\akamai/netsession_win_8fa3539.dll [4569856 2013-07-01] (Akamai Technologies, Inc.)
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [440400 2014-02-20] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [440400 2014-02-20] (Avira Operations GmbH & Co. KG)
S4 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\avwebg7.exe [1017424 2014-02-20] (Avira Operations GmbH & Co. KG)
S3 Autodesk Licensing Service; C:\Program Files (x86)\Common Files\Autodesk Shared\Service\AdskScSrv.exe [77944 2011-03-08] (Autodesk)
R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1363584 2014-03-03] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1748608 2014-03-03] (Microsoft Corporation)
R2 File Backup; C:\Program Files (x86)\Workspace\offSyncService.exe [1187040 2013-07-22] (Starfield Technologies)
R2 Rezip; C:\windows\SysWOW64\Rezip.exe [311296 2009-03-05] ()
R2 SACSrv; C:\Program Files\SafeNet\Authentication\SAC\x64\SACSrv.exe [10712 2011-10-02] (SafeNet, Inc.)
S4 mcmscsvc; C:\PROGRA~2\McAfee\MSC\mcmscsvc.exe [X]
S4 McNASvc; "c:\PROGRA~2\COMMON~1\mcafee\mna\mcnasvc.exe" [X]
S4 McProxy; c:\PROGRA~2\COMMON~1\mcafee\mcproxy\mcproxy.exe [X]
S4 MpfService; "C:\Program Files (x86)\McAfee\MPF\MPFSrv.exe" [X]
S2 MSK80Service; "C:\Program Files (x86)\McAfee\MSK\MskSrver.exe" [X]
==================== Drivers (Whitelisted) ====================
R3 AKSIFDH; C:\Windows\System32\DRIVERS\aksifdh.sys [62632 2008-07-30] (Aladdin Knowledge Systems, Ltd.)
S3 AKSUP; C:\Windows\System32\drivers\aksup.sys [44712 2008-07-30] (Aladdin Knowledge Systems, Ltd.)
U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [108440 2013-12-09] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [131576 2013-12-09] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-12-09] (Avira Operations GmbH & Co. KG)
R2 avnetflt; C:\Windows\System32\DRIVERS\avnetflt.sys [84720 2013-12-09] (Avira Operations GmbH & Co. KG)
S3 ewusbnet; C:\Windows\System32\DRIVERS\ewusbnet.sys [243200 2009-10-21] (Huawei Technologies Co., Ltd.)
S3 hwusbdev; C:\Windows\System32\DRIVERS\ewusbdev.sys [114304 2009-10-12] (Huawei Technologies Co., Ltd.)
R3 iKeyEnum; C:\Windows\System32\DRIVERS\ikeyenum.sys [16160 2010-07-08] (SafeNet, Inc.)
R3 iKeyIFD; C:\Windows\System32\DRIVERS\ikeyifd.sys [22304 2010-07-08] (SafeNet, Inc.)
U5 klflt; C:\Windows\System32\Drivers\klflt.sys [89944 2013-02-21] (Kaspersky Lab)
S4 MPFP; C:\Windows\System32\Drivers\Mpfp.sys [176144 2010-07-15] (McAfee, Inc.)
U5 RnbToken; C:\Windows\System32\Drivers\RnbToken.sys [24352 2010-07-08] (SafeNet, Inc.)
S3 rtport; C:\windows\SysWOW64\drivers\rtport.sys [15144 2010-11-05] (Windows (R) 2003 DDK 3790 provider)
S4 Serial; C:\Windows\system32\DRIVERS\serial.sys [94208 2009-07-14] (Brother Industries Ltd.)
S3 yukonw7; C:\Windows\System32\DRIVERS\yk62x64.sys [395264 2009-09-28] ()
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2014-04-03 13:07 - 2014-04-03 13:07 - 00000627 _____ () C:\Users\andreas\Desktop\JRT.txt
2014-04-03 12:32 - 2014-04-03 12:32 - 01426178 _____ () C:\Users\andreas\Downloads\adwcleaner (1).exe
2014-04-03 12:32 - 2014-04-03 12:32 - 01426178 _____ () C:\Users\andreas\Desktop\adwcleaner (1).exe
2014-04-03 12:30 - 2014-04-03 12:30 - 00007128 _____ () C:\Users\andreas\Desktop\mbam neu.txt
2014-04-03 11:21 - 2014-04-03 11:28 - 00001264 _____ () C:\Users\andreas\Desktop\Revo Uninstaller.lnk
2014-04-03 11:21 - 2014-04-03 11:28 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group
2014-04-03 11:21 - 2014-04-03 11:18 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\andreas\Desktop\revosetup95.exe
2014-04-03 11:18 - 2014-04-03 11:18 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\andreas\Downloads\revosetup95.exe
2014-04-02 14:43 - 2014-04-02 14:44 - 00035940 _____ () C:\Users\andreas\Desktop\Addition.txt
2014-04-02 14:39 - 2014-04-03 13:12 - 00021566 _____ () C:\Users\andreas\Desktop\FRST.txt
2014-03-31 22:25 - 2014-03-31 22:25 - 00987442 _____ () C:\Users\andreas\Downloads\SecurityCheck.exe
2014-03-31 22:25 - 2014-03-31 22:25 - 00987442 _____ () C:\Users\andreas\Desktop\SecurityCheck.exe
2014-03-31 15:04 - 2014-03-31 15:04 - 02347384 _____ (ESET) C:\Users\andreas\Downloads\esetsmartinstaller_enu.exe
2014-03-31 14:52 - 2014-03-31 14:51 - 01038974 _____ (Thisisu) C:\Users\andreas\Desktop\JRT (1).exe
2014-03-31 14:51 - 2014-03-31 14:51 - 01038974 _____ (Thisisu) C:\Users\andreas\Downloads\JRT (1).exe
2014-03-31 14:42 - 2014-03-31 14:42 - 00025045 _____ () C:\ComboFix.txt
2014-03-31 11:22 - 2014-04-03 11:11 - 00000008 __RSH () C:\ProgramData\ntuser.pol
2014-03-31 11:22 - 2014-03-31 11:22 - 00000000 ____D () C:\Program Files (x86)\7-Zip
2014-03-31 11:19 - 2014-03-31 11:19 - 00376256 _____ () C:\Users\andreas\Downloads\7zip.exe
2014-03-30 18:19 - 2014-03-30 18:19 - 00000000 ____D () C:\windows\ERUNT
2014-03-30 18:18 - 2014-03-30 18:18 - 01038974 _____ (Thisisu) C:\Users\andreas\Downloads\JRT.exe
2014-03-30 18:05 - 2014-04-03 12:36 - 00000000 ____D () C:\AdwCleaner
2014-03-30 18:02 - 2014-03-30 18:02 - 01950720 _____ () C:\Users\andreas\Downloads\adwcleaner.exe
2014-03-30 17:14 - 2014-04-03 12:27 - 00119512 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\MBAMSwissArmy.sys
2014-03-30 17:14 - 2014-03-30 17:16 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware
2014-03-30 17:14 - 2014-03-05 09:26 - 00088280 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbamchameleon.sys
2014-03-30 17:14 - 2014-03-05 09:26 - 00063192 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mwac.sys
2014-03-30 17:13 - 2014-03-30 17:14 - 17523384 _____ (Malwarebytes Corporation ) C:\Users\andreas\Downloads\mbam-setup-2.0.0.1000.exe
2014-03-28 16:05 - 2011-06-26 08:45 - 00256000 _____ () C:\windows\PEV.exe
2014-03-28 16:05 - 2010-11-07 19:20 - 00208896 _____ () C:\windows\MBR.exe
2014-03-28 16:05 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\windows\NIRCMD.exe
2014-03-28 16:05 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\windows\SWREG.exe
2014-03-28 16:05 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\windows\SWSC.exe
2014-03-28 16:05 - 2000-08-31 02:00 - 00098816 _____ () C:\windows\sed.exe
2014-03-28 16:05 - 2000-08-31 02:00 - 00080412 _____ () C:\windows\grep.exe
2014-03-28 16:05 - 2000-08-31 02:00 - 00068096 _____ () C:\windows\zip.exe
2014-03-28 16:04 - 2014-03-31 14:42 - 00000000 ____D () C:\Qoobox
2014-03-28 16:04 - 2014-03-28 16:26 - 00000000 ____D () C:\windows\erdnt
2014-03-28 16:03 - 2014-03-28 16:03 - 05192353 ____R (Swearware) C:\Users\andreas\Desktop\ComboFix.exe
2014-03-28 16:03 - 2014-03-28 16:03 - 05192353 _____ (Swearware) C:\Users\andreas\Downloads\ComboFix.exe
2014-03-28 14:14 - 2014-03-28 14:13 - 00380416 _____ () C:\Users\andreas\Desktop\Gmer-19357.exe
2014-03-28 14:13 - 2014-03-28 14:13 - 00380416 _____ () C:\Users\andreas\Downloads\Gmer-19357.exe
2014-03-28 14:10 - 2014-04-03 13:12 - 00000000 ____D () C:\FRST
2014-03-28 14:09 - 2014-03-28 14:09 - 02157056 _____ (Farbar) C:\Users\andreas\Desktop\FRST64.exe
2014-03-28 14:08 - 2014-03-28 14:09 - 02157056 _____ (Farbar) C:\Users\andreas\Downloads\FRST64.exe
2014-03-28 14:07 - 2014-03-28 14:07 - 01145856 _____ (Farbar) C:\Users\andreas\Downloads\FRST.exe
2014-03-28 14:06 - 2014-03-28 14:06 - 00000000 _____ () C:\Users\andreas\defogger_reenable
2014-03-28 14:05 - 2014-03-28 14:05 - 00050477 _____ () C:\Users\andreas\Downloads\Defogger.exe
2014-03-28 14:05 - 2014-03-28 14:05 - 00050477 _____ () C:\Users\andreas\Desktop\Defogger.exe
2014-03-28 11:00 - 2014-03-28 11:00 - 00167424 _____ () C:\Users\andreas\Downloads\OBRASCI ZAVRSNI 2013 - SEMNONES (2).xls
2014-03-28 10:59 - 2014-03-28 10:59 - 00167424 _____ () C:\Users\andreas\Downloads\OBRASCI ZAVRSNI 2013 - SEMNONES (1).xls
2014-03-28 10:57 - 2014-03-28 10:57 - 00167424 _____ () C:\Users\andreas\Downloads\OBRASCI ZAVRSNI 2013 - SEMNONES.xls
2014-03-22 15:26 - 2014-03-22 15:33 - 00064000 ____H () C:\Users\Guest\Desktop\~WRL3555.tmp
2014-03-22 14:25 - 2014-03-22 14:34 - 00009169 _____ () C:\Users\andreas\Documents\Bieter.xlsx
2014-03-22 10:03 - 2014-03-22 10:03 - 00000000 ____D () C:\Users\Guest\AppData\Local\Adobe
2014-03-22 10:02 - 2014-03-22 10:02 - 00000000 ____D () C:\Users\Guest\AppData\Local\Google
2014-03-22 09:35 - 2014-03-22 09:35 - 00000000 ____D () C:\Users\Guest\AppData\Roaming\Avira
2014-03-22 09:29 - 2014-03-22 09:29 - 00000000 ____H () C:\windows\system32\Drivers\Msft_User_wpdcomp_01_09_00.Wdf
2014-03-22 07:45 - 2014-03-22 07:45 - 00000000 ____D () C:\Users\Guest\Desktop\Bieterregistrierungen
2014-03-21 17:09 - 2014-04-02 14:40 - 00003942 _____ () C:\windows\System32\Tasks\User_Feed_Synchronization-{92299EF7-1E5C-417C-864B-B520F20C2A67}
2014-03-21 12:16 - 2014-03-21 12:16 - 01161080 _____ () C:\windows\SysWOW64\Radsteroids.33AABCF1AD13.dll
2014-03-21 00:33 - 2014-03-22 16:21 - 00000000 ____D () C:\Users\Guest\Desktop\forms
2014-03-21 00:33 - 2014-03-21 00:33 - 00000000 ____D () C:\Users\Guest\Desktop\logo avus
2014-03-21 00:20 - 2014-03-21 00:20 - 00000000 ____D () C:\Users\Guest\AppData\Local\adaware
2014-03-21 00:19 - 2014-03-25 11:52 - 00000000 ____D () C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CyberLink DVD Suite
2014-03-21 00:19 - 2014-03-22 10:03 - 00000000 ____D () C:\Users\Guest\AppData\Roaming\Adobe
2014-03-21 00:19 - 2014-03-21 00:20 - 00000000 ___RD () C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-03-21 00:19 - 2014-03-21 00:20 - 00000000 ___RD () C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2014-03-21 00:19 - 2014-03-21 00:20 - 00000000 ____D () C:\Users\Guest\AppData\Local\VirtualStore
2014-03-21 00:19 - 2014-03-21 00:19 - 00001413 _____ () C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-03-21 00:19 - 2014-03-21 00:19 - 00000020 ___SH () C:\Users\Guest\ntuser.ini
2014-03-21 00:19 - 2014-03-21 00:19 - 00000000 ____D () C:\Users\Guest\AppData\Local\offsync
2014-03-21 00:19 - 2014-03-21 00:19 - 00000000 ____D () C:\Users\Guest
2014-03-21 00:19 - 2011-03-10 17:30 - 00000000 ____D () C:\Users\Guest\AppData\Local\Microsoft Help
2014-03-21 00:19 - 2011-03-06 20:34 - 00001135 _____ () C:\Users\Guest\Desktop\CyberLink YouCam.lnk
2014-03-21 00:19 - 2011-03-06 20:34 - 00000000 ____D () C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CyberLink YouCam
2014-03-21 00:19 - 2010-08-04 04:37 - 00001190 _____ () C:\Users\Guest\Desktop\CyberLink DVD Suite.lnk
2014-03-21 00:19 - 2009-07-14 06:54 - 00000000 ___RD () C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2014-03-21 00:19 - 2009-07-14 06:49 - 00000000 ___RD () C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2014-03-13 22:26 - 2014-03-01 07:17 - 02724864 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb
2014-03-13 22:26 - 2014-03-01 07:16 - 00004096 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollectorres.dll
2014-03-13 22:26 - 2014-03-01 06:58 - 02765824 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
2014-03-13 22:26 - 2014-03-01 06:52 - 00066048 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll
2014-03-13 22:26 - 2014-03-01 06:51 - 00048640 _____ (Microsoft Corporation) C:\windows\system32\ieetwproxystub.dll
2014-03-13 22:26 - 2014-03-01 06:40 - 00033792 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll
2014-03-13 22:26 - 2014-03-01 06:30 - 17074688 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll
2014-03-13 22:26 - 2014-03-01 06:17 - 00218624 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe
2014-03-13 22:26 - 2014-03-01 06:11 - 02724864 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.tlb
2014-03-13 22:26 - 2014-03-01 05:52 - 00061952 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesetup.dll
2014-03-13 22:26 - 2014-03-01 05:51 - 00051200 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieetwproxystub.dll
2014-03-13 22:26 - 2014-03-01 05:47 - 02168320 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll
2014-03-13 22:26 - 2014-03-01 05:43 - 00043008 _____ (Microsoft Corporation) C:\windows\SysWOW64\jsproxy.dll
2014-03-13 22:26 - 2014-03-01 05:43 - 00032768 _____ (Microsoft Corporation) C:\windows\SysWOW64\iernonce.dll
2014-03-13 22:26 - 2014-03-01 05:42 - 00627200 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll
2014-03-13 22:26 - 2014-03-01 05:40 - 00440832 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieui.dll
2014-03-13 22:26 - 2014-03-01 05:38 - 00112128 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieUnatt.exe
2014-03-13 22:26 - 2014-03-01 05:37 - 00553472 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9diag.dll
2014-03-13 22:26 - 2014-03-01 05:35 - 02041856 _____ (Microsoft Corporation) C:\windows\system32\inetcpl.cpl
2014-03-13 22:26 - 2014-03-01 05:14 - 04244480 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll
2014-03-13 22:26 - 2014-03-01 05:03 - 00524288 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll
2014-03-13 22:26 - 2014-03-01 05:00 - 01964032 _____ (Microsoft Corporation) C:\windows\SysWOW64\inetcpl.cpl
2014-03-13 22:26 - 2014-03-01 04:57 - 11266048 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll
2014-03-13 22:26 - 2014-03-01 04:38 - 01393664 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
2014-03-13 22:26 - 2014-03-01 04:27 - 01156096 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll
2014-03-13 22:26 - 2014-02-07 03:23 - 03156480 _____ (Microsoft Corporation) C:\windows\system32\win32k.sys
2014-03-13 22:26 - 2014-01-29 04:32 - 00484864 _____ (Microsoft Corporation) C:\windows\system32\wer.dll
2014-03-13 22:26 - 2014-01-29 04:06 - 00381440 _____ (Microsoft Corporation) C:\windows\SysWOW64\wer.dll
2014-03-13 22:26 - 2014-01-28 04:32 - 00228864 _____ (Microsoft Corporation) C:\windows\system32\wwansvc.dll
2014-03-13 22:25 - 2014-03-01 08:05 - 23133696 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2014-03-13 22:25 - 2014-03-01 06:42 - 00053760 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll
2014-03-13 22:25 - 2014-03-01 06:37 - 00574976 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll
2014-03-13 22:25 - 2014-03-01 06:33 - 00139264 _____ (Microsoft Corporation) C:\windows\system32\ieUnatt.exe
2014-03-13 22:25 - 2014-03-01 06:33 - 00111616 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollector.exe
2014-03-13 22:25 - 2014-03-01 06:32 - 00708608 _____ (Microsoft Corporation) C:\windows\system32\jscript9diag.dll
2014-03-13 22:25 - 2014-03-01 06:23 - 00940032 _____ (Microsoft Corporation) C:\windows\system32\MsSpellCheckingFacility.exe
2014-03-13 22:25 - 2014-03-01 06:02 - 00195584 _____ (Microsoft Corporation) C:\windows\system32\msrating.dll
2014-03-13 22:25 - 2014-03-01 05:54 - 05768704 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
2014-03-13 22:25 - 2014-03-01 05:18 - 13051904 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
2014-03-13 22:25 - 2014-03-01 05:16 - 00164864 _____ (Microsoft Corporation) C:\windows\SysWOW64\msrating.dll
2014-03-13 22:25 - 2014-03-01 05:10 - 02334208 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
2014-03-13 22:25 - 2014-03-01 04:32 - 01820160 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll
2014-03-13 22:25 - 2014-03-01 04:25 - 00817664 _____ (Microsoft Corporation) C:\windows\system32\ieapfltr.dll
2014-03-13 22:25 - 2014-03-01 04:25 - 00703488 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieapfltr.dll
2014-03-13 22:24 - 2014-02-04 04:32 - 01424384 _____ (Microsoft Corporation) C:\windows\system32\WindowsCodecs.dll
2014-03-13 22:24 - 2014-02-04 04:32 - 00624128 _____ (Microsoft Corporation) C:\windows\system32\qedit.dll
2014-03-13 22:24 - 2014-02-04 04:04 - 01230336 _____ (Microsoft Corporation) C:\windows\SysWOW64\WindowsCodecs.dll
2014-03-13 22:24 - 2014-02-04 04:04 - 00509440 _____ (Microsoft Corporation) C:\windows\SysWOW64\qedit.dll
2014-03-04 10:46 - 2014-03-04 10:46 - 00001109 _____ () C:\Users\andreas\Desktop\desktoptools.lnk
==================== One Month Modified Files and Folders =======
2014-04-03 13:12 - 2014-04-02 14:39 - 00021566 _____ () C:\Users\andreas\Desktop\FRST.txt
2014-04-03 13:12 - 2014-03-28 14:10 - 00000000 ____D () C:\FRST
2014-04-03 13:07 - 2014-04-03 13:07 - 00000627 _____ () C:\Users\andreas\Desktop\JRT.txt
2014-04-03 13:03 - 2014-01-22 10:00 - 00000830 _____ () C:\windows\Tasks\Adobe Flash Player Updater.job
2014-04-03 13:00 - 2009-07-14 06:45 - 00014144 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-04-03 13:00 - 2009-07-14 06:45 - 00014144 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-04-03 12:54 - 2014-01-15 21:25 - 00000000 ____D () C:\Users\andreas\AppData\Roaming\Dropbox
2014-04-03 12:54 - 2011-03-06 20:21 - 00000000 ____D () C:\Users\andreas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CyberLink DVD Suite
2014-04-03 12:53 - 2011-03-09 15:40 - 00001108 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-04-03 12:53 - 2009-07-14 07:08 - 00000006 ____H () C:\windows\Tasks\SA.DAT
2014-04-03 12:52 - 2013-12-14 14:12 - 00019876 _____ () C:\windows\setupact.log
2014-04-03 12:43 - 2014-01-15 21:44 - 00000000 ___RD () C:\Users\andreas\Desktop\Dropbox
2014-04-03 12:42 - 2011-03-06 20:52 - 00000000 ____D () C:\Users\andreas\AppData\Roaming\Skype
2014-04-03 12:42 - 2010-08-04 04:27 - 01599228 _____ () C:\windows\WindowsUpdate.log
2014-04-03 12:40 - 2011-03-09 15:40 - 00001112 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-04-03 12:37 - 2013-12-15 10:46 - 00579758 _____ () C:\windows\PFRO.log
2014-04-03 12:36 - 2014-03-30 18:05 - 00000000 ____D () C:\AdwCleaner
2014-04-03 12:32 - 2014-04-03 12:32 - 01426178 _____ () C:\Users\andreas\Downloads\adwcleaner (1).exe
2014-04-03 12:32 - 2014-04-03 12:32 - 01426178 _____ () C:\Users\andreas\Desktop\adwcleaner (1).exe
2014-04-03 12:30 - 2014-04-03 12:30 - 00007128 _____ () C:\Users\andreas\Desktop\mbam neu.txt
2014-04-03 12:27 - 2014-03-30 17:14 - 00119512 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\MBAMSwissArmy.sys
2014-04-03 12:12 - 2011-11-10 09:54 - 00000000 ____D () C:\Users\andreas\AppData\Local\Akamai
2014-04-03 11:28 - 2014-04-03 11:21 - 00001264 _____ () C:\Users\andreas\Desktop\Revo Uninstaller.lnk
2014-04-03 11:28 - 2014-04-03 11:21 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group
2014-04-03 11:18 - 2014-04-03 11:21 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\andreas\Desktop\revosetup95.exe
2014-04-03 11:18 - 2014-04-03 11:18 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\andreas\Downloads\revosetup95.exe
2014-04-03 11:11 - 2014-03-31 11:22 - 00000008 __RSH () C:\ProgramData\ntuser.pol
2014-04-03 11:09 - 2009-07-14 05:20 - 00000000 ___HD () C:\windows\system32\GroupPolicy
2014-04-02 14:44 - 2014-04-02 14:43 - 00035940 _____ () C:\Users\andreas\Desktop\Addition.txt
2014-04-02 14:40 - 2014-03-21 17:09 - 00003942 _____ () C:\windows\System32\Tasks\User_Feed_Synchronization-{92299EF7-1E5C-417C-864B-B520F20C2A67}
2014-03-31 22:25 - 2014-03-31 22:25 - 00987442 _____ () C:\Users\andreas\Downloads\SecurityCheck.exe
2014-03-31 22:25 - 2014-03-31 22:25 - 00987442 _____ () C:\Users\andreas\Desktop\SecurityCheck.exe
2014-03-31 15:04 - 2014-03-31 15:04 - 02347384 _____ (ESET) C:\Users\andreas\Downloads\esetsmartinstaller_enu.exe
2014-03-31 14:51 - 2014-03-31 14:52 - 01038974 _____ (Thisisu) C:\Users\andreas\Desktop\JRT (1).exe
2014-03-31 14:51 - 2014-03-31 14:51 - 01038974 _____ (Thisisu) C:\Users\andreas\Downloads\JRT (1).exe
2014-03-31 14:42 - 2014-03-31 14:42 - 00025045 _____ () C:\ComboFix.txt
2014-03-31 14:42 - 2014-03-28 16:04 - 00000000 ____D () C:\Qoobox
2014-03-31 14:37 - 2009-07-14 04:34 - 00000215 _____ () C:\windows\system.ini
2014-03-31 11:22 - 2014-03-31 11:22 - 00000000 ____D () C:\Program Files (x86)\7-Zip
2014-03-31 11:22 - 2009-07-14 05:20 - 00000000 ____D () C:\windows\SysWOW64\GroupPolicy
2014-03-31 11:19 - 2014-03-31 11:19 - 00376256 _____ () C:\Users\andreas\Downloads\7zip.exe
2014-03-31 09:27 - 2009-07-14 07:13 - 00801824 _____ () C:\windows\system32\PerfStringBackup.INI
2014-03-30 22:56 - 2013-08-06 14:09 - 00000000 ____D () C:\Users\andreas\Desktop\Classic Car Auction
2014-03-30 18:19 - 2014-03-30 18:19 - 00000000 ____D () C:\windows\ERUNT
2014-03-30 18:18 - 2014-03-30 18:18 - 01038974 _____ (Thisisu) C:\Users\andreas\Downloads\JRT.exe
2014-03-30 18:12 - 2013-01-10 16:46 - 00000000 ____D () C:\Users\andreas\AppData\Roaming\CheckPoint
2014-03-30 18:02 - 2014-03-30 18:02 - 01950720 _____ () C:\Users\andreas\Downloads\adwcleaner.exe
2014-03-30 17:16 - 2014-03-30 17:14 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware
2014-03-30 17:16 - 2014-01-23 16:33 - 00001102 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-03-30 17:14 - 2014-03-30 17:13 - 17523384 _____ (Malwarebytes Corporation ) C:\Users\andreas\Downloads\mbam-setup-2.0.0.1000.exe
2014-03-30 17:14 - 2013-01-10 13:46 - 00000000 ____D () C:\Users\andreas\AppData\Roaming\Malwarebytes
2014-03-30 17:14 - 2013-01-10 13:46 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-03-28 20:52 - 2009-07-14 05:20 - 00000000 __RHD () C:\Users\Default
2014-03-28 16:26 - 2014-03-28 16:04 - 00000000 ____D () C:\windows\erdnt
2014-03-28 16:15 - 2012-07-13 13:34 - 00000000 ____D () C:\Users\andreas\AppData\Roaming\convert
2014-03-28 16:15 - 2012-01-26 23:21 - 00000000 ____D () C:\Program Files (x86)\BFlix
2014-03-28 16:03 - 2014-03-28 16:03 - 05192353 ____R (Swearware) C:\Users\andreas\Desktop\ComboFix.exe
2014-03-28 16:03 - 2014-03-28 16:03 - 05192353 _____ (Swearware) C:\Users\andreas\Downloads\ComboFix.exe
2014-03-28 14:13 - 2014-03-28 14:14 - 00380416 _____ () C:\Users\andreas\Desktop\Gmer-19357.exe
2014-03-28 14:13 - 2014-03-28 14:13 - 00380416 _____ () C:\Users\andreas\Downloads\Gmer-19357.exe
2014-03-28 14:09 - 2014-03-28 14:09 - 02157056 _____ (Farbar) C:\Users\andreas\Desktop\FRST64.exe
2014-03-28 14:09 - 2014-03-28 14:08 - 02157056 _____ (Farbar) C:\Users\andreas\Downloads\FRST64.exe
2014-03-28 14:07 - 2014-03-28 14:07 - 01145856 _____ (Farbar) C:\Users\andreas\Downloads\FRST.exe
2014-03-28 14:06 - 2014-03-28 14:06 - 00000000 _____ () C:\Users\andreas\defogger_reenable
2014-03-28 14:06 - 2011-03-06 20:21 - 00000000 ____D () C:\Users\andreas
2014-03-28 14:05 - 2014-03-28 14:05 - 00050477 _____ () C:\Users\andreas\Downloads\Defogger.exe
2014-03-28 14:05 - 2014-03-28 14:05 - 00050477 _____ () C:\Users\andreas\Desktop\Defogger.exe
2014-03-28 11:00 - 2014-03-28 11:00 - 00167424 _____ () C:\Users\andreas\Downloads\OBRASCI ZAVRSNI 2013 - SEMNONES (2).xls
2014-03-28 10:59 - 2014-03-28 10:59 - 00167424 _____ () C:\Users\andreas\Downloads\OBRASCI ZAVRSNI 2013 - SEMNONES (1).xls
2014-03-28 10:57 - 2014-03-28 10:57 - 00167424 _____ () C:\Users\andreas\Downloads\OBRASCI ZAVRSNI 2013 - SEMNONES.xls
2014-03-25 11:52 - 2014-03-21 00:19 - 00000000 ____D () C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CyberLink DVD Suite
2014-03-24 17:06 - 2014-02-22 15:14 - 00000000 ____D () C:\Users\andreas\Desktop\semnones jdoo
2014-03-22 16:21 - 2014-03-21 00:33 - 00000000 ____D () C:\Users\Guest\Desktop\forms
2014-03-22 15:33 - 2014-03-22 15:26 - 00064000 ____H () C:\Users\Guest\Desktop\~WRL3555.tmp
2014-03-22 14:34 - 2014-03-22 14:25 - 00009169 _____ () C:\Users\andreas\Documents\Bieter.xlsx
2014-03-22 10:03 - 2014-03-22 10:03 - 00000000 ____D () C:\Users\Guest\AppData\Local\Adobe
2014-03-22 10:03 - 2014-03-21 00:19 - 00000000 ____D () C:\Users\Guest\AppData\Roaming\Adobe
2014-03-22 10:02 - 2014-03-22 10:02 - 00000000 ____D () C:\Users\Guest\AppData\Local\Google
2014-03-22 09:35 - 2014-03-22 09:35 - 00000000 ____D () C:\Users\Guest\AppData\Roaming\Avira
2014-03-22 09:29 - 2014-03-22 09:29 - 00000000 ____H () C:\windows\system32\Drivers\Msft_User_wpdcomp_01_09_00.Wdf
2014-03-22 07:45 - 2014-03-22 07:45 - 00000000 ____D () C:\Users\Guest\Desktop\Bieterregistrierungen
2014-03-21 18:48 - 2009-07-14 05:20 - 00000000 ____D () C:\windows\system32\NDF
2014-03-21 12:16 - 2014-03-21 12:16 - 01161080 _____ () C:\windows\SysWOW64\Radsteroids.33AABCF1AD13.dll
2014-03-21 00:33 - 2014-03-21 00:33 - 00000000 ____D () C:\Users\Guest\Desktop\logo avus
2014-03-21 00:20 - 2014-03-21 00:20 - 00000000 ____D () C:\Users\Guest\AppData\Local\adaware
2014-03-21 00:20 - 2014-03-21 00:19 - 00000000 ___RD () C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-03-21 00:20 - 2014-03-21 00:19 - 00000000 ___RD () C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2014-03-21 00:20 - 2014-03-21 00:19 - 00000000 ____D () C:\Users\Guest\AppData\Local\VirtualStore
2014-03-21 00:19 - 2014-03-21 00:19 - 00001413 _____ () C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-03-21 00:19 - 2014-03-21 00:19 - 00000020 ___SH () C:\Users\Guest\ntuser.ini
2014-03-21 00:19 - 2014-03-21 00:19 - 00000000 ____D () C:\Users\Guest\AppData\Local\offsync
2014-03-21 00:19 - 2014-03-21 00:19 - 00000000 ____D () C:\Users\Guest
2014-03-20 22:52 - 2011-07-21 12:47 - 00000000 ____D () C:\Users\andreas\Desktop\james
2014-03-18 19:17 - 2011-04-06 11:41 - 00000000 ____D () C:\Users\andreas\Desktop\Roccadoro
2014-03-18 00:43 - 2013-08-15 08:57 - 00000000 ____D () C:\windows\system32\MRT
2014-03-18 00:41 - 2011-03-19 11:57 - 90015360 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe
2014-03-17 10:16 - 2011-03-08 22:20 - 00000000 ____D () C:\Users\andreas\Desktop\THE VIEW Villas doo
2014-03-16 21:04 - 2011-06-04 11:26 - 00000000 ____D () C:\Users\andreas\Desktop\Inntal Montenegro
2014-03-16 20:12 - 2011-03-06 20:43 - 00000000 ___RD () C:\Users\andreas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-03-16 16:17 - 2011-03-20 19:43 - 00000000 ____D () C:\Users\andreas\Desktop\montague stein
2014-03-15 20:29 - 2011-04-05 15:32 - 00002175 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-03-14 13:57 - 2014-02-14 10:37 - 00000000 ____D () C:\Users\andreas\Desktop\Photos portals
2014-03-14 10:32 - 2010-08-04 04:29 - 00000000 ___RD () C:\Program Files (x86)\Skype
2014-03-14 08:36 - 2009-07-14 06:45 - 00426592 _____ () C:\windows\system32\FNTCACHE.DAT
2014-03-14 08:34 - 2013-03-14 00:27 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2014-03-14 08:34 - 2013-03-14 00:27 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2014-03-14 03:16 - 2011-03-08 19:36 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-03-14 01:06 - 2013-05-26 18:55 - 00000000 ____D () C:\Users\andreas\AppData\Local\Workspace
2014-03-05 09:26 - 2014-03-30 17:14 - 00088280 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbamchameleon.sys
2014-03-05 09:26 - 2014-03-30 17:14 - 00063192 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mwac.sys
2014-03-05 09:26 - 2014-01-23 16:33 - 00025816 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbam.sys
2014-03-04 10:46 - 2014-03-04 10:46 - 00001109 _____ () C:\Users\andreas\Desktop\desktoptools.lnk
Some content of TEMP:
====================
C:\Users\andreas\AppData\Local\Temp\avgnt.exe
C:\Users\andreas\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpshcvvm.dll
C:\Users\andreas\AppData\Local\Temp\Quarantine.exe
==================== Bamital & volsnap Check =================
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
LastRegBack: 2014-03-31 09:45
==================== End Of Log ============================
Gruß, Andi |
|
04.04.2014, 09:32
| #13 |
| /// the machine /// TB-Ausbilder | Spam Mails werden von yahoo account verschickt - auch nach PasswortänderungESET Online Scanner
Downloade Dir bitte SecurityCheck und:
und ein frisches FRST log bitte. Noch Probleme?
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
04.04.2014, 19:55
| #14 |
| | Spam Mails werden von yahoo account verschickt - auch nach Passwortänderung Hi, also, es scheint wieder alles richtig zu funktionieren. Das mit dem versenden von SPAM Mails von meiner E-Mail kann ich natürlich jetzt nicht überprüfen ;-) Hier noch die Log-Files: ESET Code:
ATTFilter ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=7066e9d656ce8e4f86a6a74847b6be78
# engine=17751
# end=stopped
# remove_checked=false
# archives_checked=true
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2014-04-04 09:24:19
# local_time=2014-04-04 11:24:19 (+0100, W. Europe Daylight Time)
# country="Germany"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=1799 16775165 100 94 479 10021621 0 0
# compatibility_mode=5893 16776574 100 94 9584458 148233309 0 0
# scanned=1162
# found=0
# cleaned=0
# scan_time=91
ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=7066e9d656ce8e4f86a6a74847b6be78
# engine=17751
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2014-04-04 12:32:42
# local_time=2014-04-04 02:32:42 (+0100, W. Europe Daylight Time)
# country="Germany"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=1799 16775165 100 94 11782 10032924 4512 0
# compatibility_mode=5893 16776574 100 94 9599361 148244612 0 0
# scanned=223565
# found=2
# cleaned=0
# scan_time=11243
sh=A9B34FFF631A93427E25A5F56B26057EEE6AF32F ft=1 fh=362623e17ed43977 vn="a variant of MSIL/Adware.PullUpdate.C application" ac=I fn="C:\Windows\System32\Radsteroids.33AABCF1AD13.dll"
sh=A9B34FFF631A93427E25A5F56B26057EEE6AF32F ft=1 fh=362623e17ed43977 vn="a variant of MSIL/Adware.PullUpdate.C application" ac=I fn="C:\Windows\SysWOW64\Radsteroids.33AABCF1AD13.dll"
Code:
ATTFilter Results of screen317's Security Check version 0.99.80
Windows 7 Service Pack 1 x64 (UAC is enabled)
Internet Explorer 11
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
Avira Desktop
Antivirus up to date!
`````````Anti-malware/Other Utilities Check:`````````
Ad-Aware
Java 7 Update 51
Adobe Flash Player 11.1.102.55 Flash Player out of Date!
Adobe Reader 10.1.9 Adobe Reader out of Date!
Mozilla Firefox (27.0.1)
Google Chrome 33.0.1750.146
Google Chrome 33.0.1750.154
````````Process Check: objlist.exe by Laurent````````
Ad-Aware AAWService.exe is disabled!
Ad-Aware AAWTray.exe is disabled!
Avira Antivir avgnt.exe
Avira Antivir avguard.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 0%
````````````````````End of Log``````````````````````
Herzliche Grüße Andi Geändert von Andi64 (04.04.2014 um 20:02 Uhr) |
|
05.04.2014, 11:03
| #15 |
| /// the machine /// TB-Ausbilder | Spam Mails werden von yahoo account verschickt - auch nach Passwortänderung Flash und ADobe updaten. Passwort zum Email Account auf jeden Fall ändern. Fertig Die Reihenfolge ist hier entscheidend.
Falls Du Lob oder Kritik abgeben möchtest kannst Du das hier tun Hier noch ein paar Tipps zur Absicherung deines Systems. Ich kann garnicht zu oft erwähnen, wie wichtig es ist, dass dein System Up to Date ist.
Anti- Viren Software
Zusätzlicher Schutz
Sicheres Browsen
Alternative Browser Andere Browser tendieren zu etwas mehr Sicherheit als der IE, da diese keine Active X Elemente verwenden. Diese können von Spyware zur Infektion deines Systems missbraucht werden.
Performance Bereinige regelmäßig deine Temp Files. Ich empfehle hierzu TFC Halte dich fern von jedlichen Registry Cleanern. Diese Schaden deinem System mehr als sie helfen. Hier ein paar ( englishe ) Links Miekemoes Blogspot ( MVP ) Bill Castner ( MVP ) Don'ts
Hinweis: Bitte gib mir eine kurze Rückmeldung wenn alles erledigt ist und keine Fragen mehr vorhanden sind, so das ich diesen Thread aus meinen Abos löschen kann.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
| Themen zu Spam Mails werden von yahoo account verschickt - auch nach Passwortänderung |
| ad-aware, administrator, akamai, browser, firewall, flash player, home, monte, mozilla, msil/adware.pullupdate.a, msil/adware.pullupdate.c, msil/adware.pullupdate.d, pup.optional.babylon.a, registry, scan, services.exe, spam, win32/adware.addlyrics.ah, win32/adware.addlyrics.ai, winlogon.exe |
WARNUNG an die MITLESER: 
Linear-Darstellung
