|
Plagegeister aller Art und deren Bekämpfung: Trojan-Ransom.Win32.Blocker.cbsn & Trojan-Spy.Win.32.Zbot.nsur eingefangen -.-Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
01.04.2014, 20:57 | #1 |
| Trojan-Ransom.Win32.Blocker.cbsn & Trojan-Spy.Win.32.Zbot.nsur eingefangen -.- Moin... Ich hab Probleme mit Trojaner... Ich benutzer Kaspersky PUR 2.0 und der hat heute angeschlagen und mehrer Trojaner gefunden... Ich denke mal über Mail... Ich benutze Thunderbird und hab auch keine Ahnung wo die Dinger herkommen -.- Kaspersky zeigt mir folgender Bericht: 01) Trojan-Ransom.Win32.Blocker.cbsn c:\users\kitte\appdata\roaming\thunderbird\profiles\.... 02) Trojan-Ransom.Win32.Blocker.cbsn c:\users\kitte\appdata\roaming\thunderbird\profiles\.... 03) Trojan-Ransom.Win32.Blocker.cavm c:\users\kitte\appdata\roaming\thunderbird\profiles\.... 04) Trojan-Ransom.Win32.Blocker.cavm c:\users\kitte\appdata\roaming\thunderbird\profiles\.... 05) Trojan-Spy.Win32.Zbot.nsur c:\users\kitte\appdata\roaming\thunderbird\profiles\.... 06) Trojan-Spy.Win32.Zbot.nsur c:\users\kitte\appdata\roaming\thunderbird\profiles\.... 07) Trojan-Spy.Win32.Zbot.mafo c:\users\kitte\appdata\roaming\thunderbird\profiles\.... 08) Trojan-Spy.Win32.Zbot.mafo c:\users\kitte\appdata\roaming\thunderbird\profiles\.... 09) Trojan-Spy.Win32.Zbot.mafo c:\users\kitte\appdata\roaming\thunderbird\profiles\.... Ich hab als erstes OTL durchlaufen lassen siehe Anhang... Code:
ATTFilter OTL logfile created on: 01.04.2014 21:21:51 - Run 2 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Kitte\Downloads\PC Reinigung 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.11.9600.16521) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 6,00 Gb Total Physical Memory | 4,16 Gb Available Physical Memory | 69,35% Memory free 12,00 Gb Paging File | 6,92 Gb Available in Paging File | 57,68% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 97,56 Gb Total Space | 1,62 Gb Free Space | 1,66% Space Free | Partition Type: NTFS Drive D: | 244,14 Gb Total Space | 103,41 Gb Free Space | 42,36% Space Free | Partition Type: NTFS Drive E: | 254,38 Gb Total Space | 21,57 Gb Free Space | 8,48% Space Free | Partition Type: NTFS Drive G: | 3,91 Gb Total Space | 1,79 Gb Free Space | 45,83% Space Free | Partition Type: FAT32 Computer Name: KITTE-PC | User Name: Kitte | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\Kitte\Downloads\PC Reinigung\OTL.exe (OldTimer Tools) PRC - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) PRC - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (NVIDIA Corporation) PRC - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation) PRC - C:\Program Files (x86)\Common Files\Adobe\CEPServiceManager4\CEPServiceManager.exe (Adobe Systems Incorporated) PRC - C:\Program Files (x86)\EIZO\ScreenSlicer\ESCSlicer.exe (EIZO Corporation) PRC - C:\Program Files (x86)\Adobe\Adobe Dreamweaver CC\Dreamweaver.exe (Adobe Systems, Inc.) PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation) PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation) PRC - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\avp.exe (Kaspersky Lab ZAO) PRC - C:\Windows\SysWOW64\PnkBstrA.exe () PRC - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\acrotray.exe (Adobe Systems Inc.) PRC - C:\Program Files (x86)\Common Files\InfoWatch\CryptoStorage\ProtectedObjectsSrv.exe (Infowatch) PRC - C:\Program Files (x86)\USB Safely Remove\USBSafelyRemove.exe () ========== Modules (No Company Name) ========== MOD - C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.154\PepperFlash\pepflashplayer.dll () MOD - C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.154\ppGoogleNaClPluginChrome.dll () MOD - C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.154\pdf.dll () MOD - C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.154\ffmpegsumo.dll () MOD - C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.154\chrome_elf.dll () MOD - C:\Users\Kitte\AppData\Local\Google\Chrome\User Data\SwiftShader\1.0.5.0\libglesv2.dll () MOD - C:\Users\Kitte\AppData\Local\Google\Chrome\User Data\SwiftShader\1.0.5.0\libegl.dll () MOD - C:\Program Files (x86)\FileZilla FTP Client\fzshellext.dll () MOD - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE14\Cultures\office.odf () MOD - C:\Program Files (x86)\Common Files\Adobe\CEPServiceManager4\zlib1.dll () MOD - C:\Program Files (x86)\Adobe\Adobe Dreamweaver CC\libcurl.dll () MOD - C:\Program Files (x86)\Adobe\Adobe Dreamweaver CC\SSLEAY32.dll () MOD - C:\Program Files (x86)\Adobe\Adobe Dreamweaver CC\Configuration\KnowledgeEngines\PHP_KnowledgeEngine.dll () MOD - C:\Program Files (x86)\Adobe\Adobe Dreamweaver CC\Configuration\KnowledgeEngines\JS_KnowledgeEngine.dll () MOD - C:\Program Files (x86)\Adobe\Adobe Dreamweaver CC\c4lib.dll () MOD - C:\Program Files (x86)\Adobe\Adobe Dreamweaver CC\Workspace.dll () MOD - C:\Program Files (x86)\Adobe\Adobe Dreamweaver CC\TitanVistaFileDialog.dll () MOD - C:\Program Files (x86)\Adobe\Adobe Dreamweaver CC\LaunchEM.dll () MOD - C:\Program Files (x86)\Adobe\Adobe Dreamweaver CC\DWLog.dll () MOD - C:\Program Files (x86)\Adobe\Adobe Dreamweaver CC\AlcidDLL.dll () MOD - C:\Program Files (x86)\Adobe\Adobe Dreamweaver CC\LIBEAY32.dll () MOD - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\QtGui4.dll () MOD - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\QtScript4.dll () MOD - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\QtSql4.dll () MOD - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\QtDeclarative4.dll () MOD - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\QtCore4.dll () MOD - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\QtNetwork4.dll () MOD - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\dblite.dll () MOD - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\imageformats\qgif4.dll () MOD - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\imageformats\qjpeg4.dll () MOD - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\locale\de_de\acrotray.deu () MOD - C:\Program Files (x86)\USB Safely Remove\USBSafelyRemove.exe () ========== Services (SafeList) ========== SRV:64bit: - (IEEtwCollectorService) -- C:\Windows\SysNative\IEEtwCollector.exe (Microsoft Corporation) SRV - (nvUpdatusService) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (NVIDIA Corporation) SRV - (Stereo Service) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation) SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation) SRV - (MBAMService) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation) SRV - (MBAMScheduler) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation) SRV - (AVP) -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\avp.exe (Kaspersky Lab ZAO) SRV - (PnkBstrA) -- C:\Windows\SysWOW64\PnkBstrA.exe () SRV - (wlidsvc) -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.) SRV - (NIHardwareService) -- C:\Programme\Common Files\Native Instruments\Hardware\NIHardwareService.exe (Native Instruments GmbH) SRV - (wlcrasvc) -- C:\Programme\Windows Live\Mesh\wlcrasvc.exe (Microsoft Corporation) SRV - (osppsvc) -- C:\Programme\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE (Microsoft Corporation) SRV - (CSObjectsSrv) -- C:\Program Files (x86)\Common Files\InfoWatch\CryptoStorage\ProtectedObjectsSrv.exe (Infowatch) SRV - (USBSafelyRemoveService) -- C:\Program Files (x86)\USB Safely Remove\USBSRService.exe () SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation) ========== Driver Services (SafeList) ========== DRV:64bit: - (taphss6) -- C:\Windows\SysNative\drivers\taphss6.sys (Anchorfree Inc.) DRV:64bit: - (WsAudioDevice_383S(1) -- C:\Windows\SysNative\drivers\WsAudioDevice_383S(1).sys (Wondershare) DRV:64bit: - (mbamchameleon) -- C:\Windows\SysNative\drivers\mbamchameleon.sys () DRV:64bit: - (atksgt) -- C:\Windows\SysNative\drivers\atksgt.sys () DRV:64bit: - (lirsgt) -- C:\Windows\SysNative\drivers\lirsgt.sys () DRV:64bit: - (MBAMProtector) -- C:\Windows\SysNative\drivers\mbam.sys (Malwarebytes Corporation) DRV:64bit: - (KLIF) -- C:\Windows\SysNative\drivers\klif.sys (Kaspersky Lab) DRV:64bit: - (usb_rndisx) -- C:\Windows\SysNative\drivers\usb8023x.sys (Microsoft Corporation) DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\drivers\usbaapl64.sys (Apple, Inc.) DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.) DRV:64bit: - (PxHlpa64) -- C:\Windows\SysNative\drivers\PxHlpa64.sys (Corel Corporation) DRV:64bit: - (Netaapl) -- C:\Windows\SysNative\drivers\netaapl64.sys (Apple Inc.) DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation) DRV:64bit: - (KL1) -- C:\Windows\SysNative\drivers\kl1.sys (Kaspersky Lab ZAO) DRV:64bit: - (kl2) -- C:\Windows\SysNative\drivers\kl2.sys (Kaspersky Lab ZAO) DRV:64bit: - (VBoxNetAdp) -- C:\Windows\SysNative\drivers\VBoxNetAdp.sys (Oracle Corporation) DRV:64bit: - (fssfltr) -- C:\Windows\SysNative\drivers\fssfltr.sys (Microsoft Corporation) DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices) DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices) DRV:64bit: - (KLIM6) -- C:\Windows\SysNative\drivers\klim6.sys (Kaspersky Lab ZAO) DRV:64bit: - (npf) -- C:\Windows\SysNative\drivers\npf.sys (CACE Technologies, Inc.) DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company) DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation) DRV:64bit: - (usbser) -- C:\Windows\SysNative\drivers\usbser.sys (Microsoft Corporation) DRV:64bit: - (BazisVirtualCDBus) -- C:\Windows\SysNative\drivers\BazisVirtualCDBus.sys (SysProgs.org) DRV:64bit: - (CSCrySec) -- C:\Windows\SysNative\drivers\CSCrySec.sys (Infowatch) DRV:64bit: - (CSVirtualDiskDrv) -- C:\Windows\SysNative\drivers\CSVirtualDiskDrv.sys (Infowatch) DRV:64bit: - (klmouflt) -- C:\Windows\SysNative\drivers\klmouflt.sys (Kaspersky Lab) DRV:64bit: - (HTCAND64) -- C:\Windows\SysNative\drivers\ANDROIDUSB.sys (HTC, Corporation) DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.) DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation) DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology) DRV:64bit: - (WSDPrintDevice) -- C:\Windows\SysNative\drivers\WSDPrint.sys (Microsoft Corporation) DRV:64bit: - (NVENETFD) -- C:\Windows\SysNative\drivers\nvm62x64.sys (NVIDIA Corporation) DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation) DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation) DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation) DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.) DRV:64bit: - (VCSVADHWSer) -- C:\Windows\SysNative\drivers\vcsvad.sys (Avnex) DRV:64bit: - (Si3132r5) -- C:\Windows\SysNative\drivers\Si3132r5.sys (Silicon Image, Inc) DRV:64bit: - (SiFilter) -- C:\Windows\SysNative\drivers\SiWinAcc.sys (Silicon Image, Inc.) DRV:64bit: - (SiRemFil) -- C:\Windows\SysNative\drivers\SiRemFil.sys (Silicon Image, Inc.) DRV:64bit: - (MTsensor) -- C:\Windows\SysNative\drivers\ASACPI.sys () DRV - (HWiNFO32) -- C:\Program Files (x86)\HWiNFO32\HWiNFO64A.SYS (REALiX(tm)) DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\..\SearchScopes,DefaultScope = IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.google.com IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.giga.de/ [binary data] IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 40 C4 17 E9 C6 D9 CB 01 [binary data] IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = hxxp://www.google.com IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://www.google.com IE - HKCU\..\SearchScopes,DefaultScope = {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE11SR IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\adobe.com/AdobeAAMDetect: C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll (Adobe Systems) FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.51.2: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.51.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation) FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation) FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\adobe.com/AdobeAAMDetect: C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll (Adobe Systems) FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\linkfilter@kaspersky.ru: C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\FFExt\linkfilter@kaspersky.ru [2013.02.12 12:07:20 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\virtualKeyboard@kaspersky.ru: C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\FFExt\virtualKeyboard@kaspersky.ru [2013.02.12 12:07:20 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\KavAntiBanner@Kaspersky.ru: C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\FFExt\KavAntiBanner@Kaspersky.ru [2013.02.12 12:07:02 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\web2pdfextension@web2pdf.adobedotcom: C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn [2014.03.13 16:34:05 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 24.4.0\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 24.4.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins [2014.03.13 16:34:08 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{68cb3b56-070c-4206-ace9-0b122f7c3de9}: C:\Program Files (x86)\Re-markit-soft\157.xpi [2013.02.05 12:53:07 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Kitte\AppData\Roaming\mozilla\Extensions [2011.03.03 18:33:37 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Kitte\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6} [2014.02.26 17:46:20 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Kitte\AppData\Roaming\mozilla\Firefox\extensions [2013.04.10 13:10:15 | 000,000,000 | ---D | M] (uTorrentBar_DE) -- C:\Users\Kitte\AppData\Roaming\mozilla\Firefox\extensions\{c840e246-6b95-475e-9bd7-caa1c7eca9f2} [2014.03.10 01:54:15 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions [2011.03.03 19:00:02 | 000,000,000 | ---D | M] (Kaspersky URL Advisor) -- C:\Program Files (x86)\mozilla firefox\extensions\linkfilter@kaspersky.ru [2011.07.11 23:48:12 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npwachk.dll ========== Chrome ========== CHR - default_search_provider: Google (Enabled) CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:bookmarkBarPinned}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding} CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}sugkey={google:suggestAPIKeyParameter}, CHR - plugin: Error reading preferences file CHR - Extension: Google Docs = C:\Users\Kitte\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0\ CHR - Extension: Google Drive = C:\Users\Kitte\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\ CHR - Extension: YouTube = C:\Users\Kitte\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\ CHR - Extension: Google-Suche = C:\Users\Kitte\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\ CHR - Extension: Modul zur Link-Untersuchung = C:\Users\Kitte\AppData\Local\Google\Chrome\User Data\Default\Extensions\dchlnpcodkpfdpacogkljefecpegganj\12.0.2.733_0\ CHR - Extension: Virtuelle Tastatur = C:\Users\Kitte\AppData\Local\Google\Chrome\User Data\Default\Extensions\jagncdcchgajhfhijbbhecadmaiegcmh\12.0.2.733_0\ CHR - Extension: Amazon-Icon = C:\Users\Kitte\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkcedibhemacmilmkpndpkoidlnmgngg\1.0_0\ CHR - Extension: Google Wallet = C:\Users\Kitte\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\ CHR - Extension: Google Mail = C:\Users\Kitte\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\ CHR - Extension: Anti-Banner = C:\Users\Kitte\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjldcfjmnllhmgjclecdnfampinooman\12.0.2.733_0\ O1 HOSTS File: ([2013.03.15 18:02:20 | 000,000,147 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O2:64bit: - BHO: (V-bates) - {21EAF666-26B3-4a3c-ABD0-CA2F5A326744} - C:\Program Files\V-bates\Extension64.dll File not found O2:64bit: - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation) O2:64bit: - BHO: (no name) - AutorunsDisabled - No CLSID value found. O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - No CLSID value found. O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~2\Office14\GROOVEEX.DLL (Microsoft Corporation) O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~2\Office14\URLREDIR.DLL (Microsoft Corporation) O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O2 - BHO: (no name) - AutorunsDisabled - No CLSID value found. O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O4:64bit: - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe (Adobe Systems Inc.) O4 - HKLM..\Run: [Adobe Acrobat Speed Launcher] C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [AdobeCEPServiceManager] C:\Program Files (x86)\Common Files\Adobe\CEPServiceManager4\CEPServiceManager.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [AVP] C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\avp.exe (Kaspersky Lab ZAO) O4 - HKLM..\Run: [DivXMediaServer] C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe File not found O4 - HKLM..\Run: [Wondershare Helper Compact.exe] C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe (Wondershare) O4 - HKCU..\Run: [AdobeBridge] File not found O4 - HKCU..\Run: [USB Safely Remove] C:\Program Files (x86)\USB Safely Remove\USBSafelyRemove.exe () O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 28 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: DisallowRun = 1 O8:64bit: - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~2\MICROS~2\Office14\ONBttnIE.dll/105 File not found O8:64bit: - Extra context menu item: An vorhandene PDF-Datei anfügen - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O8:64bit: - Extra context menu item: Hinzufügen zu Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\ie_banner_deny.htm () O8:64bit: - Extra context menu item: In Adobe PDF konvertieren - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O8:64bit: - Extra context menu item: Linkziel an vorhandene PDF-Datei anhängen - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O8:64bit: - Extra context menu item: Linkziel in Adobe PDF konvertieren - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O8:64bit: - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~2\MICROS~2\Office10\EXCEL.EXE/3000 File not found O8:64bit: - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MICROS~2\Office14\EXCEL.EXE/3000 File not found O8:64bit: - Extra context menu item: SYSTRAN Suche - C:\Program Files (x86)\SYSTRAN\6\GUIres.dll () O8:64bit: - Extra context menu item: SYSTRAN Übersetzen - C:\Program Files (x86)\SYSTRAN\6\GUIres.dll () O8 - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~2\MICROS~2\Office14\ONBttnIE.dll/105 File not found O8 - Extra context menu item: An vorhandene PDF-Datei anfügen - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Hinzufügen zu Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\ie_banner_deny.htm () O8 - Extra context menu item: In Adobe PDF konvertieren - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Linkziel an vorhandene PDF-Datei anhängen - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Linkziel in Adobe PDF konvertieren - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~2\MICROS~2\Office10\EXCEL.EXE/3000 File not found O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MICROS~2\Office14\EXCEL.EXE/3000 File not found O8 - Extra context menu item: SYSTRAN Suche - C:\Program Files (x86)\SYSTRAN\6\GUIres.dll () O8 - Extra context menu item: SYSTRAN Übersetzen - C:\Program Files (x86)\SYSTRAN\6\GUIres.dll () O9:64bit: - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9:64bit: - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9:64bit: - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O9:64bit: - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab (System Requirements Lab Class) O16 - DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} hxxp://www.nvidia.com/content/DriverDownload/nforce/NvidiaSmartScan.cab (NVIDIA Smart Scan) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{7494ECBB-F4A6-46EC-A605-9084465AA60D}: DhcpNameServer = 192.168.178.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{DBA5A134-BE45-426C-984B-4AA013272A46}: DhcpNameServer = 212.23.115.132 212.23.115.148 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E90D49EC-0B1B-4441-B3B9-F04E3DB8602D}: DhcpNameServer = 192.168.42.129 O18:64bit: - Protocol\Handler\livecall - No CLSID value found O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found O18:64bit: - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found O18:64bit: - Protocol\Handler\msdaipp\oledb - No CLSID value found O18:64bit: - Protocol\Handler\ms-help - No CLSID value found O18:64bit: - Protocol\Handler\msnim - No CLSID value found O18:64bit: - Protocol\Handler\mso-offdap - No CLSID value found O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found O18:64bit: - Protocol\Handler\wlpg - No CLSID value found O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\PROGRA~2\COMMON~1\MICROS~1\WEBCOM~1\10\OWC10.DLL (Microsoft Corporation) O18:64bit: - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O20:64bit: - Winlogon\Notify\klogon: DllName - (%SystemRoot%\System32\klogon.dll) - C:\Windows\SysNative\klogon.dll (Kaspersky Lab ZAO) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O28:64bit: - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation) O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MICROS~2\Office14\GROOVEEX.DLL (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O33 - MountPoints2\{69d6a1aa-8c87-11e1-85fb-001d60be7f00}\Shell - "" = AutoRun O33 - MountPoints2\{69d6a1aa-8c87-11e1-85fb-001d60be7f00}\Shell\AutoRun\command - "" = G:\autorun.exe O33 - MountPoints2\{8bb6befb-45b1-11e0-961f-001d60be7f00}\Shell - "" = AutoRun O33 - MountPoints2\{8bb6befb-45b1-11e0-961f-001d60be7f00}\Shell\AutoRun\command - "" = V:\KASPERSKYPURE.EXE O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2014.04.01 11:45:17 | 000,000,000 | ---D | C] -- C:\Users\Kitte\AppData\Local\Microsoft Games [2014.03.19 20:29:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome [2014.03.19 19:21:34 | 000,000,000 | ---D | C] -- C:\Users\Kitte\AppData\Local\df9d36f3-94fe-4848-ebde-ca4e0b3016d7 [2014.03.19 19:08:35 | 000,000,000 | ---D | C] -- C:\Users\Kitte\AppData\Local\Wondershare [2014.03.19 19:08:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Wondershare [2014.03.19 19:08:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wondershare [2014.03.19 19:08:25 | 000,000,000 | ---D | C] -- C:\Users\Kitte\AppData\Roaming\Wondershare [2014.03.19 19:07:42 | 000,029,288 | ---- | C] (Wondershare) -- C:\Windows\SysNative\drivers\WsAudioDevice_383S(1).sys [2014.03.19 19:07:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Wondershare [2014.03.19 19:06:58 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\Wondershare [2014.03.19 17:18:26 | 000,000,000 | ---D | C] -- C:\Users\Kitte\Documents\VirtualDJ [2014.03.14 00:07:14 | 000,484,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wer.dll [2014.03.14 00:07:14 | 000,381,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wer.dll [2014.03.14 00:07:13 | 000,032,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll [2014.03.14 00:07:12 | 000,051,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieetwproxystub.dll [2014.03.14 00:07:12 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwcollectorres.dll [2014.03.14 00:07:11 | 001,964,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl [2014.03.14 00:07:11 | 000,553,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript9diag.dll [2014.03.14 00:07:11 | 000,061,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll [2014.03.14 00:07:11 | 000,033,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll [2014.03.14 00:07:10 | 000,627,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll [2014.03.14 00:07:10 | 000,440,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll [2014.03.14 00:07:10 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwproxystub.dll [2014.03.14 00:07:09 | 002,041,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl [2014.03.14 00:07:09 | 000,218,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe [2014.03.14 00:07:09 | 000,112,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe [2014.03.14 00:07:09 | 000,066,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll [2014.03.14 00:07:08 | 000,703,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dll [2014.03.14 00:07:08 | 000,574,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll [2014.03.14 00:07:08 | 000,164,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msrating.dll [2014.03.14 00:07:08 | 000,111,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwcollector.exe [2014.03.14 00:07:07 | 005,768,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll [2014.03.14 00:07:07 | 000,817,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dll [2014.03.14 00:07:07 | 000,708,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9diag.dll [2014.03.14 00:07:07 | 000,139,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe [2014.03.14 00:07:06 | 000,940,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MsSpellCheckingFacility.exe [2014.03.14 00:07:06 | 000,195,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msrating.dll [2014.03.14 00:06:16 | 000,624,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\qedit.dll [2014.03.14 00:06:15 | 001,424,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WindowsCodecs.dll [2014.03.14 00:06:15 | 000,509,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\qedit.dll [2014.03.13 17:31:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FileZilla FTP Client [2014.03.13 17:31:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\FileZilla FTP Client [2014.03.13 16:34:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe LiveCycle ES2 [2014.03.13 16:30:37 | 000,000,000 | ---D | C] -- C:\Users\Kitte\Desktop\Adobe Acrobat X [2014.03.11 20:28:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Audacity [2014.03.11 20:17:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AudioEdit Deluxe [2014.03.11 20:17:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AudioEdit Deluxe [2014.03.11 20:17:38 | 000,000,000 | -H-D | C] -- C:\ProgramData\{F481FC18-57D5-4479-B2FB-083BFF223F8F} [2014.03.11 16:10:28 | 000,000,000 | ---D | C] -- C:\ProgramData\ALM [2014.03.11 15:50:55 | 000,000,000 | ---D | C] -- C:\Users\Kitte\AppData\Roaming\PACE Anti-Piracy [2014.03.11 15:50:55 | 000,000,000 | ---D | C] -- C:\Users\Kitte\AppData\Local\PACE Anti-Piracy [2014.03.11 15:50:55 | 000,000,000 | ---D | C] -- C:\ProgramData\PACE Anti-Piracy [2014.03.11 15:50:53 | 000,000,000 | ---D | C] -- C:\Users\Kitte\Documents\Adobe [2014.03.11 04:41:45 | 000,000,000 | ---D | C] -- C:\ProgramData\YTD Video Downloader [2014.03.11 01:20:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\YTD Video Downloader [2014.03.11 01:20:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\GreenTree Applications [2014.03.10 18:40:13 | 000,000,000 | ---D | C] -- C:\Users\Kitte\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller [2014.03.10 18:40:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\VS Revo Group [2014.03.10 17:34:20 | 000,000,000 | ---D | C] -- C:\FRST [2014.03.10 01:58:52 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT [2014.03.09 22:36:57 | 000,000,000 | ---D | C] -- C:\AdwCleaner [2014.03.09 22:35:32 | 000,000,000 | ---D | C] -- C:\Users\Kitte\AppData\Roaming\Malwarebytes [2014.03.09 22:35:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2014.03.09 22:35:09 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2014.03.09 22:35:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware [2014.03.06 23:57:30 | 000,000,000 | ---D | C] -- C:\Users\Kitte\ChromeExtensions [2014.03.06 23:57:29 | 000,000,000 | ---D | C] -- C:\Users\Kitte\AppData\Local\Temp967e6bc64a9d99066d08323ca4e995a1 [2014.03.06 18:15:35 | 000,000,000 | ---D | C] -- C:\Users\Kitte\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\AVS4YOU [2014.03.06 18:14:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVS4YOU [2014.03.06 18:14:14 | 010,833,920 | ---- | C] (Intel Corporation) -- C:\Windows\SysWow64\libmfxsw32.dll [2014.03.06 18:14:13 | 010,915,840 | ---- | C] (Intel Corporation) -- C:\Windows\SysWow64\libmfxhw32.dll [2014.03.06 18:03:54 | 000,000,000 | ---D | C] -- C:\ProgramData\AVS4YOU [2014.03.06 18:03:49 | 000,000,000 | ---D | C] -- C:\Users\Kitte\AppData\Roaming\AVS4YOU [2014.03.06 18:02:18 | 001,700,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\GdiPlus.dll [2014.03.06 18:02:17 | 000,024,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msxml3a.dll [2014.03.06 18:02:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AVS4YOU [2014.03.06 18:02:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\AVSMedia [2014.03.06 17:35:57 | 000,000,000 | ---D | C] -- C:\Users\Kitte\AppData\Local\Tempf1a49d9b6192fc5596c92a39a21487dc [2014.03.06 14:23:23 | 000,000,000 | ---D | C] -- C:\Users\Kitte\AppData\Roaming\SYSTRAN [2014.03.06 14:23:23 | 000,000,000 | ---D | C] -- C:\Users\Kitte\AppData\Local\SYSTRAN [2014.03.06 14:23:19 | 000,000,000 | ---D | C] -- C:\ProgramData\InstallShield [2014.03.06 14:23:13 | 000,000,000 | ---D | C] -- C:\Users\Kitte\AppData\Local\ApplicationHistory [2014.03.06 14:23:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SYSTRAN [2014.03.06 14:22:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SYSTRAN [2014.03.06 14:20:42 | 000,144,896 | R--- | C] (SYSTRAN) -- C:\Windows\SysWow64\libsyslic1.original.dll [2014.03.06 14:06:17 | 000,057,344 | R--- | C] (NGEN TEAM) -- C:\Windows\SysWow64\libsyslic1.dll [2014.03.06 14:03:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\InstallShield [2014.03.06 13:59:17 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\URTTEMP [2014.03.05 00:10:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Free M4a to MP3 Converter [2014.03.05 00:10:58 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Free M4a to MP3 Converter [2014.03.04 13:48:49 | 000,000,000 | ---D | C] -- C:\Users\Kitte\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MP4 To MP3 Converter 2012 v3.0.4 Full [2014.03.04 13:48:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MP4 To MP3 Converter 2012 v3.0.4 Full [2014.03.04 13:16:24 | 000,000,000 | ---D | C] -- C:\Users\Kitte\AppData\Roaming\ImTOO [1 C:\*.tmp files -> C:\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2098.03.31 21:46:00 | 000,001,108 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2098.03.31 14:46:35 | 000,003,280 | ---- | M] () -- C:\bootsqm.dat [2014.04.01 21:11:00 | 000,000,282 | ---- | M] () -- C:\Windows\tasks\FF Watcher {BF8D2DBC-4BCB-4AF7-ABAB-3BEFE2C84DF8}.job [2014.04.01 20:46:28 | 001,409,024 | ---- | M] () -- C:\Users\Kitte\Documents\Unbenannt-5.indd [2014.04.01 11:40:05 | 001,658,772 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2014.04.01 11:40:05 | 000,713,578 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2014.04.01 11:40:05 | 000,666,110 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2014.04.01 11:40:05 | 000,155,514 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2014.04.01 11:40:05 | 000,127,180 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2014.04.01 10:52:01 | 000,001,104 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2014.04.01 10:50:05 | 000,015,136 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2014.04.01 10:50:05 | 000,015,136 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2014.04.01 10:42:33 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2014.04.01 10:42:16 | 535,724,031 | -HS- | M] () -- C:\hiberfil.sys [2014.03.30 07:29:34 | 000,000,036 | ---- | M] () -- C:\Users\Kitte\AppData\Local\housecall.guid.cache [2014.03.30 07:10:43 | 008,209,000 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2014.03.25 16:28:34 | 000,118,139 | ---- | M] () -- C:\Users\Kitte\Desktop\Anmeldung AREA1.pdf [2014.03.24 17:18:24 | 000,001,046 | ---- | M] () -- C:\Users\Kitte\Desktop\Virtual DJ Pro (2).lnk [2014.03.19 20:29:08 | 000,002,254 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk [2014.03.19 19:21:51 | 000,000,306 | RHS- | M] () -- C:\ProgramData\ntuser.pol [2014.03.19 19:08:26 | 000,001,348 | ---- | M] () -- C:\Users\Public\Desktop\Wondershare Streaming Audio Recorder.lnk [2014.03.19 17:19:15 | 000,001,046 | ---- | M] () -- C:\Users\Kitte\Desktop\Virtual DJ Pro.lnk [2014.03.19 03:31:15 | 000,000,132 | ---- | M] () -- C:\Users\Kitte\AppData\Roaming\Adobe PNG-Format CC - Voreinstellungen [2014.03.13 17:31:58 | 000,002,007 | ---- | M] () -- C:\Users\Public\Desktop\FileZilla Client.lnk [2014.03.13 17:17:36 | 000,005,976 | ---- | M] () -- C:\Users\Kitte\Desktop\FileZilla.xml [2014.03.13 16:34:08 | 000,002,033 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Acrobat X Pro.lnk [2014.03.11 20:28:43 | 000,001,014 | ---- | M] () -- C:\Users\Public\Desktop\Audacity.lnk [2014.03.11 20:25:06 | 000,011,783 | ---- | M] () -- C:\Track1.mp3 [2014.03.11 20:17:44 | 000,000,992 | ---- | M] () -- C:\Users\Public\Desktop\AudioEdit Deluxe.lnk [2014.03.11 16:42:20 | 000,001,673 | ---- | M] () -- C:\Users\Kitte\Desktop\Audition.lnk [2014.03.11 16:34:29 | 000,001,525 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Application Manager.lnk [2014.03.11 16:30:18 | 000,001,735 | ---- | M] () -- C:\Users\Kitte\Desktop\lightroom.lnk [2014.03.11 16:16:28 | 000,002,290 | ---- | M] () -- C:\Users\Kitte\Desktop\Illustrator.lnk [2014.03.11 16:02:23 | 000,001,524 | ---- | M] () -- C:\Users\Kitte\Desktop\Flash.lnk [2014.03.11 15:51:36 | 000,001,742 | ---- | M] () -- C:\Users\Kitte\Desktop\Media Encoder.lnk [2014.03.11 15:49:50 | 000,001,714 | ---- | M] () -- C:\Users\Kitte\Desktop\Dreamweaver.lnk [2014.03.11 15:40:27 | 000,001,854 | ---- | M] () -- C:\Users\Kitte\Desktop\AfterFX.lnk [2014.03.11 15:13:40 | 000,001,691 | ---- | M] () -- C:\Users\Kitte\Desktop\InDesign.lnk [2014.03.11 15:09:46 | 000,001,711 | ---- | M] () -- C:\Users\Kitte\Desktop\Photoshop.lnk [2014.03.11 01:20:19 | 000,001,296 | ---- | M] () -- C:\Users\Public\Desktop\YTD Video Downloader.lnk [2014.03.10 18:40:13 | 000,001,271 | ---- | M] () -- C:\Users\Kitte\Desktop\Revo Uninstaller.lnk [2014.03.09 22:35:11 | 000,001,116 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2014.03.06 18:15:37 | 000,001,300 | ---- | M] () -- C:\Users\Kitte\Desktop\AVS4YOU Software Navigator.lnk [2014.03.06 18:14:26 | 000,001,244 | ---- | M] () -- C:\Users\Kitte\Desktop\AVS Audio Converter.lnk [2014.03.06 14:23:13 | 000,000,093 | ---- | M] () -- C:\Users\Kitte\AppData\Local\fusioncache.dat [2014.03.06 14:23:04 | 000,001,061 | ---- | M] () -- C:\Users\Public\Desktop\SYSTRAN Translation Project Mngr.lnk [2014.03.06 14:23:04 | 000,000,989 | ---- | M] () -- C:\Users\Public\Desktop\SYSTRAN Toolbar.lnk [2014.03.06 14:22:28 | 000,878,080 | ---- | M] () -- C:\Windows\SysWow64\iconv.dll [2014.03.06 14:22:28 | 000,721,920 | ---- | M] () -- C:\Windows\SysWow64\libxml2.dll [2014.03.06 14:22:28 | 000,170,432 | ---- | M] () -- C:\Windows\SysWow64\libsyslic1.pd [2014.03.06 14:22:28 | 000,150,016 | ---- | M] () -- C:\Windows\SysWow64\libxslt.dll [2014.03.06 14:22:28 | 000,051,200 | ---- | M] () -- C:\Windows\SysWow64\libexslt.dll [2014.03.06 14:06:19 | 000,000,192 | ---- | M] () -- C:\Windows\SysWow64\libsyslic1.ls [2014.03.06 14:02:12 | 001,685,134 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2014.03.05 00:11:00 | 000,001,158 | ---- | M] () -- C:\Users\Kitte\Desktop\Free M4a to MP3 Converter.lnk [2014.03.04 23:43:05 | 000,000,132 | ---- | M] () -- C:\Users\Kitte\AppData\Roaming\Adobe CS6-PNG-Format - Voreinstellungen [1 C:\*.tmp files -> C:\*.tmp -> ] ========== Files Created - No Company Name ========== [2098.03.31 14:46:35 | 000,003,280 | ---- | C] () -- C:\bootsqm.dat [2014.04.01 20:46:22 | 001,409,024 | ---- | C] () -- C:\Users\Kitte\Documents\Unbenannt-5.indd [2014.03.30 07:29:34 | 000,000,036 | ---- | C] () -- C:\Users\Kitte\AppData\Local\housecall.guid.cache [2014.03.25 16:28:21 | 000,118,139 | ---- | C] () -- C:\Users\Kitte\Desktop\Anmeldung AREA1.pdf [2014.03.24 17:18:24 | 000,001,046 | ---- | C] () -- C:\Users\Kitte\Desktop\Virtual DJ Pro (2).lnk [2014.03.19 20:29:08 | 000,002,254 | ---- | C] () -- C:\Users\Public\Desktop\Google Chrome.lnk [2014.03.19 20:28:53 | 000,001,108 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2014.03.19 20:28:53 | 000,001,104 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2014.03.19 19:21:51 | 000,000,306 | RHS- | C] () -- C:\ProgramData\ntuser.pol [2014.03.19 19:08:26 | 000,001,348 | ---- | C] () -- C:\Users\Public\Desktop\Wondershare Streaming Audio Recorder.lnk [2014.03.19 17:18:31 | 000,001,046 | ---- | C] () -- C:\Users\Kitte\Desktop\Virtual DJ Pro.lnk [2014.03.13 17:31:58 | 000,002,007 | ---- | C] () -- C:\Users\Public\Desktop\FileZilla Client.lnk [2014.03.13 17:17:36 | 000,005,976 | ---- | C] () -- C:\Users\Kitte\Desktop\FileZilla.xml [2014.03.13 16:34:08 | 000,002,465 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Acrobat Distiller X.lnk [2014.03.13 16:34:08 | 000,002,453 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Acrobat X Pro.lnk [2014.03.13 16:34:08 | 000,002,033 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Acrobat X Pro.lnk [2014.03.12 22:08:40 | 000,000,132 | ---- | C] () -- C:\Users\Kitte\AppData\Roaming\Adobe PNG-Format CC - Voreinstellungen [2014.03.11 20:28:43 | 000,001,026 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Audacity.lnk [2014.03.11 20:28:43 | 000,001,014 | ---- | C] () -- C:\Users\Public\Desktop\Audacity.lnk [2014.03.11 20:25:04 | 000,011,783 | ---- | C] () -- C:\Track1.mp3 [2014.03.11 20:17:44 | 000,000,992 | ---- | C] () -- C:\Users\Public\Desktop\AudioEdit Deluxe.lnk [2014.03.11 16:42:20 | 000,001,673 | ---- | C] () -- C:\Users\Kitte\Desktop\Audition.lnk [2014.03.11 16:35:02 | 000,001,045 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Audition CC.lnk [2014.03.11 16:30:18 | 000,001,735 | ---- | C] () -- C:\Users\Kitte\Desktop\lightroom.lnk [2014.03.11 16:26:53 | 000,002,082 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Photoshop Lightroom 5.3 64-Bit.lnk [2014.03.11 16:16:28 | 000,002,290 | ---- | C] () -- C:\Users\Kitte\Desktop\Illustrator.lnk [2014.03.11 16:10:34 | 000,001,518 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Illustrator CC (64 Bit).lnk [2014.03.11 16:02:23 | 000,001,524 | ---- | C] () -- C:\Users\Kitte\Desktop\Flash.lnk [2014.03.11 15:58:34 | 000,000,960 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Flash Professional CC.lnk [2014.03.11 15:51:36 | 000,001,742 | ---- | C] () -- C:\Users\Kitte\Desktop\Media Encoder.lnk [2014.03.11 15:49:50 | 000,001,714 | ---- | C] () -- C:\Users\Kitte\Desktop\Dreamweaver.lnk [2014.03.11 15:46:10 | 000,001,231 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Dreamweaver CC.lnk [2014.03.11 15:45:06 | 000,001,537 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Application Manager.lnk [2014.03.11 15:45:06 | 000,001,525 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Application Manager.lnk [2014.03.11 15:40:27 | 000,001,854 | ---- | C] () -- C:\Users\Kitte\Desktop\AfterFX.lnk [2014.03.11 15:30:43 | 000,001,194 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe After Effects CC.lnk [2014.03.11 15:13:40 | 000,001,691 | ---- | C] () -- C:\Users\Kitte\Desktop\InDesign.lnk [2014.03.11 15:09:46 | 000,001,711 | ---- | C] () -- C:\Users\Kitte\Desktop\Photoshop.lnk [2014.03.11 14:51:33 | 000,001,313 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Update Management Tool.lnk [2014.03.11 14:47:45 | 000,001,075 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Photoshop CC (64 Bit).lnk [2014.03.11 14:46:36 | 000,001,207 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Photoshop CC.lnk [2014.03.11 14:22:34 | 000,001,037 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Bridge CC (64bit).lnk [2014.03.11 14:06:39 | 000,001,063 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe InDesign CC (64 Bit).lnk [2014.03.11 14:04:42 | 000,001,090 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Media Encoder CC.lnk [2014.03.11 01:20:19 | 000,001,296 | ---- | C] () -- C:\Users\Public\Desktop\YTD Video Downloader.lnk [2014.03.10 18:40:13 | 000,001,271 | ---- | C] () -- C:\Users\Kitte\Desktop\Revo Uninstaller.lnk [2014.03.09 22:35:11 | 000,001,116 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2014.03.06 18:15:37 | 000,001,300 | ---- | C] () -- C:\Users\Kitte\Desktop\AVS4YOU Software Navigator.lnk [2014.03.06 18:14:26 | 000,001,244 | ---- | C] () -- C:\Users\Kitte\Desktop\AVS Audio Converter.lnk [2014.03.06 14:23:13 | 000,000,093 | ---- | C] () -- C:\Users\Kitte\AppData\Local\fusioncache.dat [2014.03.06 14:23:04 | 000,001,061 | ---- | C] () -- C:\Users\Public\Desktop\SYSTRAN Translation Project Mngr.lnk [2014.03.06 14:23:04 | 000,000,989 | ---- | C] () -- C:\Users\Public\Desktop\SYSTRAN Toolbar.lnk [2014.03.06 14:06:19 | 000,000,192 | ---- | C] () -- C:\Windows\SysWow64\libsyslic1.ls [2014.03.06 14:06:17 | 000,878,080 | ---- | C] () -- C:\Windows\SysWow64\iconv.dll [2014.03.06 14:06:17 | 000,721,920 | ---- | C] () -- C:\Windows\SysWow64\libxml2.dll [2014.03.06 14:06:17 | 000,170,432 | ---- | C] () -- C:\Windows\SysWow64\libsyslic1.pd [2014.03.06 14:06:17 | 000,150,016 | ---- | C] () -- C:\Windows\SysWow64\libxslt.dll [2014.03.06 14:06:17 | 000,051,200 | ---- | C] () -- C:\Windows\SysWow64\libexslt.dll [2014.03.05 00:11:35 | 000,000,282 | ---- | C] () -- C:\Windows\tasks\FF Watcher {BF8D2DBC-4BCB-4AF7-ABAB-3BEFE2C84DF8}.job [2014.03.05 00:11:00 | 000,001,158 | ---- | C] () -- C:\Users\Kitte\Desktop\Free M4a to MP3 Converter.lnk [2014.03.04 13:48:49 | 000,002,337 | ---- | C] () -- C:\Users\Kitte\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\More New Software Only Here Full Version.lnk [2013.08.08 14:17:22 | 000,001,456 | ---- | C] () -- C:\Users\Kitte\AppData\Local\Adobe Für Web speichern 13.0 Prefs [2013.06.14 11:13:25 | 000,000,132 | ---- | C] () -- C:\Users\Kitte\AppData\Roaming\Adobe CS6-PNG-Format - Voreinstellungen [2013.02.12 12:10:08 | 000,017,408 | ---- | C] () -- C:\Users\Kitte\AppData\Local\WebpageIcons.db [2012.04.02 22:20:26 | 000,175,616 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll [2012.01.23 16:24:55 | 000,000,000 | ---- | C] () -- C:\Users\Kitte\AppData\Local\{28D042A1-6CA5-4203-83B1-36FF23DC047B} [2012.01.23 15:05:07 | 000,000,000 | ---- | C] () -- C:\Users\Kitte\AppData\Local\{DE494449-FF54-486C-92B8-89AC6E5B5721} [2011.11.19 18:55:47 | 000,001,492 | ---- | C] () -- C:\ProgramData\ss.ini [2011.09.24 18:38:07 | 000,001,456 | ---- | C] () -- C:\Users\Kitte\AppData\Local\Adobe Für Web speichern 12.0 Prefs [2011.09.04 18:24:09 | 000,000,132 | ---- | C] () -- C:\Users\Kitte\AppData\Roaming\Adobe Targa Format CS5 Prefs [2011.04.13 16:31:21 | 000,000,132 | ---- | C] () -- C:\Users\Kitte\AppData\Roaming\Adobe PNG Format CS5 Prefs [2011.03.31 11:09:19 | 000,067,403 | ---- | C] () -- C:\Users\Kitte\kitte vs tatty.jpg [2011.03.23 11:55:40 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat [2011.03.07 15:27:10 | 000,033,792 | ---- | C] () -- C:\Users\Kitte\ultrasch.jpg [2010.11.13 14:11:17 | 000,735,353 | ---- | C] () -- C:\Users\Kitte\ace_uninstaller.exe ========== ZeroAccess Check ========== [2009.07.14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2013.07.26 04:24:57 | 014,172,672 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2013.07.26 03:55:59 | 012,872,704 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 03:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 05:19:04 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] ========== Alternate Data Streams ========== @Alternate Data Stream - 1278 bytes -> C:\Users\Kitte\AppData\Local\lHX8ZAx771C3:aUxCP7h2Bi8mcXxgXdnIzy @Alternate Data Stream - 126 bytes -> C:\ProgramData\TEMP:373E1720 @Alternate Data Stream - 104 bytes -> C:\ProgramData\TEMP:90EF0C9C < End of report > ...ich dreh noch durch hier |
01.04.2014, 21:20 | #2 |
/// TB-Ausbilder /// Anleitungs-Guru | Trojan-Ransom.Win32.Blocker.cbsn & Trojan-Spy.Win.32.Zbot.nsur eingefangen -.-Mein Name ist Jürgen und ich werde Dir bei Deinem Problem behilflich sein. Zusammen schaffen wir das...
Hinweise: Ich kann Dir niemals eine Garantie geben, dass wir alle schädlichen Dateien finden werden. Eine Formatierung ist meist der schnellere und immer der sicherste Weg, aber auch nur bei wirklicher Malware empfehlenswert. Adware & Co. können wir sehr gut entfernen. Solltest Du Dich für eine Bereinigung entscheiden, arbeite solange mit, bis Dir jemand vom Team sagt, dass Du clean bist. Bitte beachte, dass alle meine Antworten zuerst von einem Ausbilder freigegeben werden müssen, bevor ich diese hier posten darf. Das dauert dann zwar ein paar Stunden länger, garantiert aber, dass Du kompetente Hilfe und geprüfte Antworten bekommst. Siehe hier... Ich bedanke mich für Deine Geduld! Schritt 1 (Scan mit FRST) Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop: FRST 32-Bit | FRST 64-Bit (Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
Lesestoff Posten in CODE-Tags: So gehts... Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert uns massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu groß für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
Bitte auch das Log bzw. einen Screenshot von den Kaspersky-Meldungen posten. DANKE
__________________ Geändert von deeprybka (01.04.2014 um 21:26 Uhr) |
01.04.2014, 21:31 | #3 |
| Trojan-Ransom.Win32.Blocker.cbsn & Trojan-Spy.Win.32.Zbot.nsur eingefangen -.- Hier der SCAN mit FIRST:
__________________Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 13-03-2014 Ran by Kitte (administrator) on KITTE-PC on 01-04-2014 22:29:31 Running from C:\Users\Kitte\Desktop Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard Internet Explorer Version 11 Boot Mode: Normal ==================== Processes (Whitelisted) ================= () C:\Program Files (x86)\USB Safely Remove\USBSRService.exe (NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe (NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe (Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\avp.exe (Infowatch) C:\Program Files (x86)\Common Files\InfoWatch\CryptoStorage\ProtectedObjectsSrv.exe (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Native Instruments GmbH) C:\Program Files\Common Files\Native Instruments\Hardware\NIHardwareService.exe () C:\Windows\SysWOW64\PnkBstrA.exe (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe () C:\Program Files (x86)\USB Safely Remove\USBSafelyRemove.exe (Macrovision Corporation) C:\Program Files (x86)\Common Files\InstallShield\UpdateService\ISUSPM.exe (EIZO Corporation) C:\Program Files (x86)\EIZO\ScreenSlicer\ESCSlicer.exe (Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\avp.exe (Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Inc.) C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\acrotray.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (Microsoft Corporation) C:\Program Files (x86)\Internet Explorer\IELowutil.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Adobe Systems, Incorporated) C:\Program Files\Adobe\Adobe Photoshop CC (64 Bit)\Photoshop.exe (Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\CEPServiceManager4\CEPServiceManager.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Adobe Systems, Inc.) C:\Program Files (x86)\Adobe\Adobe Dreamweaver CC\Dreamweaver.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (OldTimer Tools) C:\Users\Kitte\Downloads\PC Reinigung\OTL.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Farbar) C:\Users\Kitte\Desktop\FRST64 (1).exe ==================== Registry (Whitelisted) ================== HKLM\...\Run: [AdobeAAMUpdater-1.0] - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [472984 2013-12-10] (Adobe Systems Incorporated) HKLM-x32\...\Run: [DivXMediaServer] - C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe HKLM-x32\...\Run: [AVP] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\avp.exe [202328 2012-08-30] (Kaspersky Lab ZAO) HKLM-x32\...\Run: [AdobeCEPServiceManager] - C:\Program Files (x86)\Common Files\Adobe\CEPServiceManager4\CEPServiceManager.exe [1039240 2013-05-16] (Adobe Systems Incorporated) HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [932288 2010-10-25] (Adobe Systems Incorporated) HKLM-x32\...\Run: [] - [X] HKLM-x32\...\Run: [Adobe Acrobat Speed Launcher] - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe [36760 2010-10-25] (Adobe Systems Incorporated) HKLM-x32\...\Run: [Acrobat Assistant 8.0] - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe [821144 2010-10-25] (Adobe Systems Inc.) HKLM-x32\...\Run: [Wondershare Helper Compact.exe] - C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe [1679360 2012-02-28] (Wondershare) Winlogon\Notify\klogon: C:\Windows\System32\klogon.dll (Kaspersky Lab ZAO) HKU\.DEFAULT\...\Run: [SearchProtect] - \SearchProtect\bin\cltmng.exe HKU\S-1-5-21-729436633-2625193900-3310499369-1000\...\Run: [USB Safely Remove] - C:\Program Files (x86)\USB Safely Remove\USBSafelyRemove.exe [1521488 2009-11-26] () HKU\S-1-5-21-729436633-2625193900-3310499369-1000\...\Run: [AdobeBridge] - [X] HKU\S-1-5-21-729436633-2625193900-3310499369-1000\...\Run: [ISUSPM] - C:\Program Files (x86)\Common Files\InstallShield\UpdateService\ISUSPM.exe [213936 2006-03-20] (Macrovision Corporation) HKU\S-1-5-21-729436633-2625193900-3310499369-1000\...\Policies\Explorer: [DisallowRun] 1 HKU\S-1-5-21-729436633-2625193900-3310499369-1000\...\MountPoints2: {69d6a1aa-8c87-11e1-85fb-001d60be7f00} - G:\autorun.exe HKU\S-1-5-21-729436633-2625193900-3310499369-1000\...\MountPoints2: {8bb6befb-45b1-11e0-961f-001d60be7f00} - V:\KASPERSKYPURE.EXE GroupPolicy: Group Policy on Chrome detected <======= ATTENTION |
01.04.2014, 21:33 | #4 |
/// TB-Ausbilder /// Anleitungs-Guru | Trojan-Ransom.Win32.Blocker.cbsn & Trojan-Spy.Win.32.Zbot.nsur eingefangen -.-Bitte vollständiges Log und auch noch die Addition.txt sowie wenn möglich Kaspersky-Logs.
__________________ Gruß deeprybka Lob, Kritik, Wünsche? Spende fürs trojaner-board? _______________________________________________ „Neminem laede, immo omnes, quantum potes, iuva.“ Arthur Schopenhauer |
01.04.2014, 21:52 | #5 |
| Trojan-Ransom.Win32.Blocker.cbsn & Trojan-Spy.Win.32.Zbot.nsur eingefangen -.- Was meinst du mit Addition Text ? bzw. wo finde ich bei Kaspersky die Logs ? KAspersky: Code:
ATTFilter Backdoor.Win32.Androm.cue Gefunden; nicht verarbeitet 01.04.2014 21:55:50 Backdoor.Win32.Androm.cue Nicht definiert 01.04.2014 21:55:50 Trojan-Ransom.Win32.Blocker.cbsn Gefunden; nicht verarbeitet 01.04.2014 21:33:32 Trojan-Ransom.Win32.Blocker.cbsn Nicht definiert 01.04.2014 21:33:32 Trojan-Ransom.Win32.Blocker.cavm Gefunden; nicht verarbeitet 01.04.2014 21:30:09 Trojan-Ransom.Win32.Blocker.cavm Nicht definiert 01.04.2014 21:30:09 Trojan-Spy.Win32.Zbot.nsur Gefunden; nicht verarbeitet 01.04.2014 21:14:35 Trojan-Spy.Win32.Zbot.nsur Nicht definiert 01.04.2014 21:14:35 Trojan-Spy.Win32.Zbot.mafo Gefunden; nicht verarbeitet 01.04.2014 20:48:06 Trojan-Spy.Win32.Zbot.mafo Nicht definiert 01.04.2014 20:48:06 Trojan-Spy.Win32.Zbot.mafo Gefunden; nicht verarbeitet 01.04.2014 20:48:06 FRST Logfile: FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 13-03-2014 Ran by Kitte (administrator) on KITTE-PC on 01-04-2014 22:29:31 Running from C:\Users\Kitte\Desktop Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard Internet Explorer Version 11 Boot Mode: Normal ==================== Processes (Whitelisted) ================= () C:\Program Files (x86)\USB Safely Remove\USBSRService.exe (NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe (NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe (Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\avp.exe (Infowatch) C:\Program Files (x86)\Common Files\InfoWatch\CryptoStorage\ProtectedObjectsSrv.exe (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Native Instruments GmbH) C:\Program Files\Common Files\Native Instruments\Hardware\NIHardwareService.exe () C:\Windows\SysWOW64\PnkBstrA.exe (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe () C:\Program Files (x86)\USB Safely Remove\USBSafelyRemove.exe (Macrovision Corporation) C:\Program Files (x86)\Common Files\InstallShield\UpdateService\ISUSPM.exe (EIZO Corporation) C:\Program Files (x86)\EIZO\ScreenSlicer\ESCSlicer.exe (Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\avp.exe (Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Inc.) C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\acrotray.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (Microsoft Corporation) C:\Program Files (x86)\Internet Explorer\IELowutil.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Adobe Systems, Incorporated) C:\Program Files\Adobe\Adobe Photoshop CC (64 Bit)\Photoshop.exe (Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\CEPServiceManager4\CEPServiceManager.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Adobe Systems, Inc.) C:\Program Files (x86)\Adobe\Adobe Dreamweaver CC\Dreamweaver.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (OldTimer Tools) C:\Users\Kitte\Downloads\PC Reinigung\OTL.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Farbar) C:\Users\Kitte\Desktop\FRST64 (1).exe ==================== Registry (Whitelisted) ================== HKLM\...\Run: [AdobeAAMUpdater-1.0] - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [472984 2013-12-10] (Adobe Systems Incorporated) HKLM-x32\...\Run: [DivXMediaServer] - C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe HKLM-x32\...\Run: [AVP] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\avp.exe [202328 2012-08-30] (Kaspersky Lab ZAO) HKLM-x32\...\Run: [AdobeCEPServiceManager] - C:\Program Files (x86)\Common Files\Adobe\CEPServiceManager4\CEPServiceManager.exe [1039240 2013-05-16] (Adobe Systems Incorporated) HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [932288 2010-10-25] (Adobe Systems Incorporated) HKLM-x32\...\Run: [] - [X] HKLM-x32\...\Run: [Adobe Acrobat Speed Launcher] - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe [36760 2010-10-25] (Adobe Systems Incorporated) HKLM-x32\...\Run: [Acrobat Assistant 8.0] - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe [821144 2010-10-25] (Adobe Systems Inc.) HKLM-x32\...\Run: [Wondershare Helper Compact.exe] - C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe [1679360 2012-02-28] (Wondershare) Winlogon\Notify\klogon: C:\Windows\System32\klogon.dll (Kaspersky Lab ZAO) HKU\.DEFAULT\...\Run: [SearchProtect] - \SearchProtect\bin\cltmng.exe HKU\S-1-5-21-729436633-2625193900-3310499369-1000\...\Run: [USB Safely Remove] - C:\Program Files (x86)\USB Safely Remove\USBSafelyRemove.exe [1521488 2009-11-26] () HKU\S-1-5-21-729436633-2625193900-3310499369-1000\...\Run: [AdobeBridge] - [X] HKU\S-1-5-21-729436633-2625193900-3310499369-1000\...\Run: [ISUSPM] - C:\Program Files (x86)\Common Files\InstallShield\UpdateService\ISUSPM.exe [213936 2006-03-20] (Macrovision Corporation) HKU\S-1-5-21-729436633-2625193900-3310499369-1000\...\Policies\Explorer: [DisallowRun] 1 HKU\S-1-5-21-729436633-2625193900-3310499369-1000\...\MountPoints2: {69d6a1aa-8c87-11e1-85fb-001d60be7f00} - G:\autorun.exe HKU\S-1-5-21-729436633-2625193900-3310499369-1000\...\MountPoints2: {8bb6befb-45b1-11e0-961f-001d60be7f00} - V:\KASPERSKYPURE.EXE GroupPolicy: Group Policy on Chrome detected <======= ATTENTION ==================== Internet (Whitelisted) ==================== ProxyEnable: Internet Explorer proxy is enabled. HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x40C417E9C6D9CB01 HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de HKCU\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.giga.de/ SearchScopes: HKLM - DefaultScope value is missing. SearchScopes: HKCU - DefaultScope {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = BHO: V-bates - {21EAF666-26B3-4a3c-ABD0-CA2F5A326744} - C:\Program Files\V-bates\Extension64.dll No File BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation) BHO-x32: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated) BHO-x32: No Name - {53707962-6F74-2D53-2644-206D7942484F} - No File BHO-x32: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation) BHO-x32: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) BHO-x32: SmartSelect Class - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) Toolbar: HKLM-x32 - SYSTRAN Toolbar - {95daa571-4def-4a6d-97d8-98a346672a24} - C:\Windows\SysWOW64\mscoree.dll (Microsoft Corporation) Toolbar: HKLM-x32 - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) Toolbar: HKCU - No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No File DPF: HKLM-x32 {1E54D648-B804-468d-BC78-4AFFED8E262F} hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab DPF: HKLM-x32 {74DBCB52-F298-4110-951D-AD2FF67BC8AB} hxxp://www.nvidia.com/content/DriverDownload/nforce/NvidiaSmartScan.cab Handler-x32: http\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation) Handler-x32: http\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation) Handler-x32: https\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation) Handler-x32: https\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation) Handler-x32: msdaipp\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation) Handler-x32: msdaipp\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation) Tcpip\Parameters: [DhcpNameServer] 192.168.178.1 Chrome: ======= CHR Extension: (Google Docs) - C:\Users\Kitte\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-03-10] CHR Extension: (Google Drive) - C:\Users\Kitte\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-03-10] CHR Extension: (YouTube) - C:\Users\Kitte\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-03-10] CHR Extension: (Google-Suche) - C:\Users\Kitte\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-03-10] CHR Extension: (Modul zur Link-Untersuchung) - C:\Users\Kitte\AppData\Local\Google\Chrome\User Data\Default\Extensions\dchlnpcodkpfdpacogkljefecpegganj [2014-03-10] CHR Extension: (Virtuelle Tastatur) - C:\Users\Kitte\AppData\Local\Google\Chrome\User Data\Default\Extensions\jagncdcchgajhfhijbbhecadmaiegcmh [2014-03-10] CHR Extension: (Amazon-Icon) - C:\Users\Kitte\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkcedibhemacmilmkpndpkoidlnmgngg [2014-03-10] CHR Extension: (Google Wallet) - C:\Users\Kitte\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-03-10] CHR Extension: (Google Mail) - C:\Users\Kitte\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-03-10] CHR Extension: (Anti-Banner) - C:\Users\Kitte\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjldcfjmnllhmgjclecdnfampinooman [2014-03-10] CHR HKLM-x32\...\Chrome\Extension: [blibmnfiieeaddojfnmnccflofiinnhd] - C:\Users\Kitte\AppData\Local\CRE\blibmnfiieeaddojfnmnccflofiinnhd.crx [2014-03-10] CHR HKLM-x32\...\Chrome\Extension: [dchlnpcodkpfdpacogkljefecpegganj] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\ChromeExt\urladvisor.crx [2012-08-31] CHR HKLM-x32\...\Chrome\Extension: [jagncdcchgajhfhijbbhecadmaiegcmh] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\ChromeExt\virtkbd.crx [2012-08-31] CHR HKLM-x32\...\Chrome\Extension: [mkcedibhemacmilmkpndpkoidlnmgngg] - C:\Users\Kitte\ChromeExtensions\mkcedibhemacmilmkpndpkoidlnmgngg\amazon.crx [2014-03-06] CHR HKLM-x32\...\Chrome\Extension: [pjldcfjmnllhmgjclecdnfampinooman] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\ChromeExt\ab.crx [2012-08-31] CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION ==================== Services (Whitelisted) ================= R2 AVP; C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\avp.exe [202328 2012-08-30] (Kaspersky Lab ZAO) R2 CSObjectsSrv; C:\Program Files (x86)\Common Files\InfoWatch\CryptoStorage\ProtectedObjectsSrv.exe [743992 2009-12-21] (Infowatch) R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation) R2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation) R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [75136 2011-11-17] () R2 USBSafelyRemoveService; C:\Program Files (x86)\USB Safely Remove\USBSRService.exe [532280 2009-11-26] () S3 aspnet_state; %SystemRoot%\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [X] S2 SBSDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [X] ==================== Drivers (Whitelisted) ==================== R2 atksgt; C:\Windows\System32\DRIVERS\atksgt.sys [314016 2013-05-01] () R0 CSCrySec; C:\Windows\System32\DRIVERS\CSCrySec.sys [85048 2009-12-14] (Infowatch) R1 CSVirtualDiskDrv; C:\Windows\System32\DRIVERS\CSVirtualDiskDrv.sys [66104 2009-12-14] (Infowatch) R1 HWiNFO32; C:\Program Files (x86)\HWiNFO32\HWiNFO64A.SYS [28032 2010-09-30] (REALiX(tm)) R0 KL1; C:\Windows\System32\DRIVERS\kl1.sys [458032 2011-10-20] (Kaspersky Lab ZAO) R1 kl2; C:\Windows\System32\DRIVERS\kl2.sys [13616 2011-10-20] (Kaspersky Lab ZAO) R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [636760 2013-02-12] (Kaspersky Lab) R1 KLIM6; C:\Windows\System32\DRIVERS\klim6.sys [29488 2011-03-10] (Kaspersky Lab ZAO) R3 klmouflt; C:\Windows\System32\DRIVERS\klmouflt.sys [22544 2009-11-02] (Kaspersky Lab) R2 lirsgt; C:\Windows\System32\DRIVERS\lirsgt.sys [43680 2013-05-01] () S3 mbamchameleon; C:\Windows\system32\drivers\mbamchameleon.sys [36680 2013-05-28] () R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation) R3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [8192 2005-03-29] () R2 npf; C:\Windows\System32\drivers\npf.sys [35344 2011-02-11] (CACE Technologies, Inc.) R0 PxHlpa64; C:\Windows\System32\Drivers\PxHlpa64.sys [56336 2012-06-22] (Corel Corporation) R0 Si3132r5; C:\Windows\System32\DRIVERS\Si3132r5.sys [337960 2007-12-26] (Silicon Image, Inc) R0 SiFilter; C:\Windows\System32\DRIVERS\SiWinAcc.sys [22568 2007-12-26] (Silicon Image, Inc.) R0 SiRemFil; C:\Windows\System32\DRIVERS\SiRemFil.sys [16936 2007-12-26] (Silicon Image, Inc.) S3 StarOpen; No ImagePath S3 taphss6; C:\Windows\System32\DRIVERS\taphss6.sys [42184 2013-06-21] (Anchorfree Inc.) R3 VCSVADHWSer; C:\Windows\System32\DRIVERS\vcsvad.sys [21504 2008-12-26] (Avnex) R3 WsAudioDevice_383S(1); C:\Windows\System32\drivers\WsAudioDevice_383S(1).sys [29288 2013-05-30] (Wondershare) S3 pccsmcfd; system32\DRIVERS\pccsmcfdx64.sys [X] S3 VBoxNetFlt; system32\DRIVERS\VBoxNetFlt.sys [X] ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2098-03-31 14:47 - 2098-03-31 14:47 - 00296560 _____ () C:\Windows\Minidump\033198-32120-01.dmp 2098-03-31 14:46 - 2098-03-31 14:46 - 00003280 ____N () C:\bootsqm.dat 2098-03-30 07:54 - 2098-03-30 07:54 - 00270936 _____ () C:\Windows\Minidump\033098-28080-01.dmp 2098-03-30 07:39 - 2098-03-30 07:39 - 00292768 _____ () C:\Windows\Minidump\033098-18439-01.dmp 2014-04-01 22:29 - 2014-04-01 22:29 - 00015380 _____ () C:\Users\Kitte\Desktop\FRST.txt 2014-04-01 22:28 - 2014-04-01 22:28 - 02157056 _____ (Farbar) C:\Users\Kitte\Desktop\FRST64 (1).exe 2014-04-01 21:08 - 2014-04-01 21:08 - 00101329 _____ () C:\Users\Kitte\Downloads\zbotkiller.zip 2014-04-01 21:08 - 2010-08-26 19:44 - 00108368 _____ (Kaspersky Lab ZAO) C:\Users\Kitte\Downloads\ZBotKiller.exe 2014-04-01 21:08 - 2010-05-17 16:15 - 00002258 _____ () C:\Users\Kitte\Downloads\eula.txt 2014-04-01 20:46 - 2014-04-01 20:46 - 01409024 _____ () C:\Users\Kitte\Documents\Unbenannt-5.indd 2014-04-01 11:45 - 2014-04-01 11:45 - 00000000 ____D () C:\Users\Kitte\AppData\Local\Microsoft Games 2014-03-30 07:29 - 2014-03-30 07:29 - 00000036 _____ () C:\Users\Kitte\AppData\Local\housecall.guid.cache 2014-03-30 07:09 - 2014-03-30 07:09 - 00292760 _____ () C:\Windows\Minidump\033014-62416-01.dmp 2014-03-29 19:53 - 2014-03-29 19:53 - 00292456 _____ () C:\Windows\Minidump\032914-60684-01.dmp 2014-03-29 19:50 - 2014-03-29 19:50 - 00299856 _____ () C:\Windows\Minidump\032914-61386-01.dmp 2014-03-29 19:31 - 2014-03-29 19:31 - 00296640 _____ () C:\Windows\Minidump\032914-20124-01.dmp 2014-03-29 19:28 - 2014-03-29 19:28 - 00312144 _____ () C:\Windows\Minidump\032914-20982-01.dmp 2014-03-29 13:18 - 2014-03-29 13:18 - 00292680 _____ () C:\Windows\Minidump\032914-27877-01.dmp 2014-03-27 08:55 - 2014-03-27 08:55 - 00293376 _____ () C:\Windows\Minidump\032714-27456-01.dmp 2014-03-27 08:50 - 2014-03-27 08:50 - 00291360 _____ () C:\Windows\Minidump\032714-28688-01.dmp 2014-03-27 07:32 - 2014-03-27 07:32 - 00293384 _____ () C:\Windows\Minidump\032714-21980-01.dmp 2014-03-27 07:28 - 2014-03-27 07:28 - 00292512 _____ () C:\Windows\Minidump\032714-22089-01.dmp 2014-03-27 07:25 - 2014-03-27 07:25 - 00301824 _____ () C:\Windows\Minidump\032714-38204-01.dmp 2014-03-27 07:04 - 2014-03-27 07:04 - 00316256 _____ () C:\Windows\Minidump\032714-21512-01.dmp 2014-03-25 14:45 - 2014-03-25 14:45 - 01227501 _____ () C:\Users\Kitte\Downloads\fsj_transman_lite-3.0.2.1819.zip 2014-03-25 12:52 - 2014-03-25 12:53 - 41734185 _____ () C:\Users\Kitte\Downloads\Hazan-Motorcycles-Top_down.zip 2014-03-25 12:51 - 2014-03-25 12:52 - 28546315 _____ () C:\Users\Kitte\Downloads\Hazan-Motorcycles-Side_down.zip 2014-03-25 12:50 - 2014-03-25 12:51 - 19908166 _____ () C:\Users\Kitte\Downloads\Hazan-Makoto-Painting_down.zip 2014-03-25 12:49 - 2014-03-25 12:50 - 21284961 _____ () C:\Users\Kitte\Downloads\Hazan-Portrait_down.zip 2014-03-25 12:48 - 2014-03-25 12:49 - 21483652 _____ () C:\Users\Kitte\Downloads\Hazan-Harley-Detail_down.zip 2014-03-25 12:47 - 2014-03-25 12:48 - 31361281 _____ () C:\Users\Kitte\Downloads\Hazan-Harley-Front_down.zip 2014-03-25 12:46 - 2014-03-25 12:47 - 25332998 _____ () C:\Users\Kitte\Downloads\Hazan-Harley-Right_down.zip 2014-03-25 12:46 - 2014-03-25 12:46 - 14332854 _____ () C:\Users\Kitte\Downloads\Hazan-Harley-Profile_down.zip 2014-03-24 17:18 - 2014-03-24 17:18 - 00001046 _____ () C:\Users\Kitte\Desktop\Virtual DJ Pro (2).lnk 2014-03-22 17:09 - 2014-03-22 17:09 - 00308064 _____ () C:\Windows\Minidump\032214-26598-01.dmp 2014-03-20 14:39 - 2014-03-20 14:39 - 02602650 _____ () C:\Users\Kitte\Downloads\db520258096.sql 2014-03-19 20:29 - 2014-03-19 20:29 - 00002254 _____ () C:\Users\Public\Desktop\Google Chrome.lnk 2014-03-19 20:28 - 2098-03-31 21:46 - 00001108 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2014-03-19 20:28 - 2098-03-31 20:41 - 00004104 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA 2014-03-19 20:28 - 2098-03-31 20:41 - 00003852 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore 2014-03-19 20:28 - 2014-04-01 10:52 - 00001104 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2014-03-19 20:25 - 2014-03-19 20:28 - 38147064 _____ (Google Inc.) C:\Users\Kitte\Downloads\ChromeStandaloneSetup_33.0.1750.154.exe 2014-03-19 19:21 - 2014-03-19 20:08 - 00000000 ____D () C:\Users\Kitte\AppData\Local\df9d36f3-94fe-4848-ebde-ca4e0b3016d7 2014-03-19 19:21 - 2014-03-19 19:21 - 00000306 __RSH () C:\ProgramData\ntuser.pol 2014-03-19 19:08 - 2014-03-19 19:09 - 00000000 ____D () C:\Users\Kitte\AppData\Roaming\Wondershare 2014-03-19 19:08 - 2014-03-19 19:08 - 00001348 _____ () C:\Users\Public\Desktop\Wondershare Streaming Audio Recorder.lnk 2014-03-19 19:08 - 2014-03-19 19:08 - 00000000 ____D () C:\Users\Kitte\AppData\Local\Wondershare 2014-03-19 19:07 - 2014-03-19 19:07 - 00000000 ____D () C:\Program Files (x86)\Wondershare 2014-03-19 19:07 - 2013-05-30 14:56 - 00029288 _____ (Wondershare) C:\Windows\system32\Drivers\WsAudioDevice_383S(1).sys 2014-03-19 19:06 - 2014-03-19 19:07 - 00000000 ____D () C:\Users\Public\Documents\Wondershare 2014-03-19 17:18 - 2014-03-19 17:19 - 00001046 _____ () C:\Users\UpdatusUser\Desktop\Virtual DJ Pro.lnk 2014-03-19 17:18 - 2014-03-19 17:19 - 00001046 _____ () C:\Users\Kitte\Desktop\Virtual DJ Pro.lnk 2014-03-19 17:18 - 2014-03-19 17:19 - 00000000 ____D () C:\Users\Kitte\Documents\VirtualDJ 2014-03-19 17:18 - 2014-03-19 17:18 - 00003224 _____ () C:\Windows\System32\Tasks\{7238C2A4-3490-4EB4-B0B5-C28AF64654DF} 2014-03-19 15:18 - 2014-03-19 15:18 - 00308064 _____ () C:\Windows\Minidump\031914-28532-01.dmp 2014-03-14 00:07 - 2014-03-01 08:05 - 23133696 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2014-03-14 00:07 - 2014-03-01 07:17 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2014-03-14 00:07 - 2014-03-01 07:16 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll 2014-03-14 00:07 - 2014-03-01 06:58 - 02765824 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2014-03-14 00:07 - 2014-03-01 06:52 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll 2014-03-14 00:07 - 2014-03-01 06:51 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll 2014-03-14 00:07 - 2014-03-01 06:42 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll 2014-03-14 00:07 - 2014-03-01 06:40 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll 2014-03-14 00:07 - 2014-03-01 06:37 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll 2014-03-14 00:07 - 2014-03-01 06:33 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe 2014-03-14 00:07 - 2014-03-01 06:33 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe 2014-03-14 00:07 - 2014-03-01 06:32 - 00708608 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll 2014-03-14 00:07 - 2014-03-01 06:30 - 17074688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2014-03-14 00:07 - 2014-03-01 06:23 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe 2014-03-14 00:07 - 2014-03-01 06:17 - 00218624 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe 2014-03-14 00:07 - 2014-03-01 06:11 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb 2014-03-14 00:07 - 2014-03-01 06:02 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll 2014-03-14 00:07 - 2014-03-01 05:54 - 05768704 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2014-03-14 00:07 - 2014-03-01 05:52 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll 2014-03-14 00:07 - 2014-03-01 05:51 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll 2014-03-14 00:07 - 2014-03-01 05:47 - 02168320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2014-03-14 00:07 - 2014-03-01 05:43 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll 2014-03-14 00:07 - 2014-03-01 05:43 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll 2014-03-14 00:07 - 2014-03-01 05:42 - 00627200 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2014-03-14 00:07 - 2014-03-01 05:40 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll 2014-03-14 00:07 - 2014-03-01 05:38 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe 2014-03-14 00:07 - 2014-03-01 05:37 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll 2014-03-14 00:07 - 2014-03-01 05:35 - 02041856 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl 2014-03-14 00:07 - 2014-03-01 05:18 - 13051904 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2014-03-14 00:07 - 2014-03-01 05:16 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll 2014-03-14 00:07 - 2014-03-01 05:14 - 04244480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll 2014-03-14 00:07 - 2014-03-01 05:10 - 02334208 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2014-03-14 00:07 - 2014-03-01 05:03 - 00524288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll 2014-03-14 00:07 - 2014-03-01 05:00 - 01964032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl 2014-03-14 00:07 - 2014-03-01 04:57 - 11266048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2014-03-14 00:07 - 2014-03-01 04:38 - 01393664 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2014-03-14 00:07 - 2014-03-01 04:32 - 01820160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2014-03-14 00:07 - 2014-03-01 04:27 - 01156096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2014-03-14 00:07 - 2014-03-01 04:25 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll 2014-03-14 00:07 - 2014-03-01 04:25 - 00703488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll 2014-03-14 00:07 - 2014-02-07 03:23 - 03156480 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys 2014-03-14 00:07 - 2014-01-29 04:32 - 00484864 _____ (Microsoft Corporation) C:\Windows\system32\wer.dll 2014-03-14 00:07 - 2014-01-29 04:06 - 00381440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wer.dll 2014-03-14 00:07 - 2014-01-28 04:32 - 00228864 _____ (Microsoft Corporation) C:\Windows\system32\wwansvc.dll 2014-03-14 00:06 - 2014-02-04 04:32 - 01424384 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll 2014-03-14 00:06 - 2014-02-04 04:32 - 00624128 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll 2014-03-14 00:06 - 2014-02-04 04:04 - 01230336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll 2014-03-14 00:06 - 2014-02-04 04:04 - 00509440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll 2014-03-13 17:31 - 2014-03-13 17:31 - 00002007 _____ () C:\Users\Public\Desktop\FileZilla Client.lnk 2014-03-13 17:31 - 2014-03-13 17:31 - 00000000 ____D () C:\Program Files (x86)\FileZilla FTP Client 2014-03-13 17:17 - 2014-03-13 17:17 - 00005976 _____ () C:\Users\Kitte\Desktop\FileZilla.xml 2014-03-13 16:34 - 2014-03-13 16:34 - 00002033 _____ () C:\Users\Public\Desktop\Adobe Acrobat X Pro.lnk 2014-03-13 16:30 - 2014-03-13 16:31 - 00000000 ____D () C:\Users\Kitte\Desktop\Adobe Acrobat X 2014-03-12 22:08 - 2014-03-19 03:31 - 00000132 _____ () C:\Users\Kitte\AppData\Roaming\Adobe PNG-Format CC - Voreinstellungen 2014-03-11 20:28 - 2014-03-11 20:28 - 00001014 _____ () C:\Users\Public\Desktop\Audacity.lnk 2014-03-11 20:28 - 2014-03-11 20:28 - 00000000 ____D () C:\Program Files (x86)\Audacity 2014-03-11 20:17 - 2014-03-11 20:17 - 00000992 _____ () C:\Users\Public\Desktop\AudioEdit Deluxe.lnk 2014-03-11 20:17 - 2014-03-11 20:17 - 00000000 ___HD () C:\ProgramData\{F481FC18-57D5-4479-B2FB-083BFF223F8F} 2014-03-11 20:17 - 2014-03-11 20:17 - 00000000 ____D () C:\Program Files (x86)\AudioEdit Deluxe 2014-03-11 16:42 - 2014-03-11 16:42 - 00001673 _____ () C:\Users\Kitte\Desktop\Audition.lnk 2014-03-11 16:30 - 2014-03-11 16:30 - 00001735 _____ () C:\Users\Kitte\Desktop\lightroom.lnk 2014-03-11 16:16 - 2014-03-11 16:16 - 00002290 _____ () C:\Users\Kitte\Desktop\Illustrator.lnk 2014-03-11 16:10 - 2014-03-11 16:10 - 00000000 ____D () C:\ProgramData\ALM 2014-03-11 16:02 - 2014-03-11 16:02 - 00001524 _____ () C:\Users\Kitte\Desktop\Flash.lnk 2014-03-11 15:51 - 2014-03-11 15:51 - 00001742 _____ () C:\Users\Kitte\Desktop\Media Encoder.lnk 2014-03-11 15:50 - 2014-03-11 20:02 - 00000000 ____D () C:\Users\Kitte\Documents\Adobe 2014-03-11 15:50 - 2014-03-11 15:50 - 00000000 ____D () C:\Users\Kitte\AppData\Roaming\PACE Anti-Piracy 2014-03-11 15:50 - 2014-03-11 15:50 - 00000000 ____D () C:\Users\Kitte\AppData\Local\PACE Anti-Piracy 2014-03-11 15:50 - 2014-03-11 15:50 - 00000000 ____D () C:\ProgramData\PACE Anti-Piracy 2014-03-11 15:49 - 2014-03-11 15:49 - 00001714 _____ () C:\Users\Kitte\Desktop\Dreamweaver.lnk 2014-03-11 15:45 - 2014-03-11 16:34 - 00001525 _____ () C:\Users\Public\Desktop\Adobe Application Manager.lnk 2014-03-11 15:40 - 2014-03-11 15:40 - 00001854 _____ () C:\Users\Kitte\Desktop\AfterFX.lnk 2014-03-11 15:13 - 2014-03-11 15:13 - 00001691 _____ () C:\Users\Kitte\Desktop\InDesign.lnk 2014-03-11 15:09 - 2014-03-11 15:09 - 00001711 _____ () C:\Users\Kitte\Desktop\Photoshop.lnk 2014-03-11 15:00 - 2014-03-11 15:00 - 00003502 _____ () C:\Windows\System32\Tasks\AdobeAAMUpdater-1.0-Kitte-PC-Kitte 2014-03-11 04:41 - 2014-03-11 04:41 - 00000000 ____D () C:\ProgramData\YTD Video Downloader 2014-03-11 01:20 - 2014-03-11 01:20 - 00001296 _____ () C:\Users\Public\Desktop\YTD Video Downloader.lnk 2014-03-11 01:20 - 2014-03-11 01:20 - 00000000 ____D () C:\Program Files (x86)\GreenTree Applications 2014-03-10 18:40 - 2014-03-10 18:40 - 00001271 _____ () C:\Users\Kitte\Desktop\Revo Uninstaller.lnk 2014-03-10 18:40 - 2014-03-10 18:40 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group 2014-03-10 17:34 - 2014-04-01 22:29 - 00000000 ____D () C:\FRST 2014-03-10 01:58 - 2014-03-10 01:58 - 00000000 ____D () C:\Windows\ERUNT 2014-03-09 22:39 - 2014-04-01 21:51 - 00000000 ____D () C:\Users\Kitte\Downloads\PC Reinigung 2014-03-09 22:36 - 2014-03-10 02:17 - 00000000 ____D () C:\AdwCleaner 2014-03-09 22:35 - 2014-03-09 22:35 - 00001116 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk 2014-03-09 22:35 - 2014-03-09 22:35 - 00000000 ____D () C:\Users\Kitte\AppData\Roaming\Malwarebytes 2014-03-09 22:35 - 2014-03-09 22:35 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes' Anti-Malware 2014-03-09 22:35 - 2013-04-04 15:50 - 00025928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys 2014-03-06 23:57 - 2014-03-06 23:57 - 00000000 ____D () C:\Users\Kitte\ChromeExtensions 2014-03-06 23:57 - 2014-03-06 23:57 - 00000000 ____D () C:\Users\Kitte\AppData\Local\Temp967e6bc64a9d99066d08323ca4e995a1 2014-03-06 18:15 - 2014-03-06 18:15 - 00001300 _____ () C:\Users\Kitte\Desktop\AVS4YOU Software Navigator.lnk 2014-03-06 18:15 - 2014-03-06 18:15 - 00000000 ____D () C:\Users\Kitte\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\AVS4YOU 2014-03-06 18:14 - 2014-03-06 18:14 - 00001244 _____ () C:\Users\Kitte\Desktop\AVS Audio Converter.lnk 2014-03-06 18:14 - 2010-11-29 18:21 - 10915840 _____ (Intel Corporation) C:\Windows\SysWOW64\libmfxhw32.dll 2014-03-06 18:14 - 2010-11-29 18:21 - 10833920 _____ (Intel Corporation) C:\Windows\SysWOW64\libmfxsw32.dll 2014-03-06 18:03 - 2014-03-06 18:03 - 00000000 ____D () C:\Users\Kitte\AppData\Roaming\AVS4YOU 2014-03-06 18:03 - 2014-03-06 18:03 - 00000000 ____D () C:\ProgramData\AVS4YOU 2014-03-06 18:02 - 2014-03-06 18:15 - 00000000 ____D () C:\Program Files (x86)\AVS4YOU 2014-03-06 18:02 - 2010-05-11 15:17 - 01700352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\GdiPlus.dll 2014-03-06 18:02 - 2010-05-11 15:17 - 00024576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3a.dll 2014-03-06 17:55 - 2014-03-06 17:56 - 00000000 ____D () C:\Users\Kitte\Downloads\CDEX 2014-03-06 17:35 - 2014-03-06 17:35 - 00000000 ____D () C:\Users\Kitte\AppData\Local\Tempf1a49d9b6192fc5596c92a39a21487dc 2014-03-06 14:23 - 2014-03-06 14:23 - 00001061 _____ () C:\Users\Public\Desktop\SYSTRAN Translation Project Mngr.lnk 2014-03-06 14:23 - 2014-03-06 14:23 - 00000989 _____ () C:\Users\Public\Desktop\SYSTRAN Toolbar.lnk 2014-03-06 14:23 - 2014-03-06 14:23 - 00000093 _____ () C:\Users\Kitte\AppData\Local\fusioncache.dat 2014-03-06 14:23 - 2014-03-06 14:23 - 00000000 ____D () C:\Users\Kitte\AppData\Roaming\SYSTRAN 2014-03-06 14:23 - 2014-03-06 14:23 - 00000000 ____D () C:\Users\Kitte\AppData\Local\SYSTRAN 2014-03-06 14:23 - 2014-03-06 14:23 - 00000000 ____D () C:\ProgramData\InstallShield 2014-03-06 14:22 - 2014-03-06 14:22 - 00000000 ____D () C:\Program Files (x86)\SYSTRAN 2014-03-06 14:20 - 2007-03-14 02:57 - 00144896 ____R (SYSTRAN) C:\Windows\SysWOW64\libsyslic1.original.dll 2014-03-06 14:06 - 2014-03-06 14:22 - 00878080 _____ () C:\Windows\SysWOW64\iconv.dll 2014-03-06 14:06 - 2014-03-06 14:22 - 00721920 _____ () C:\Windows\SysWOW64\libxml2.dll 2014-03-06 14:06 - 2014-03-06 14:22 - 00170432 _____ () C:\Windows\SysWOW64\libsyslic1.pd 2014-03-06 14:06 - 2014-03-06 14:22 - 00150016 _____ () C:\Windows\SysWOW64\libxslt.dll 2014-03-06 14:06 - 2014-03-06 14:22 - 00051200 _____ () C:\Windows\SysWOW64\libexslt.dll 2014-03-06 14:06 - 2014-03-06 14:06 - 00000192 _____ () C:\Windows\SysWOW64\libsyslic1.ls 2014-03-06 14:06 - 2007-03-24 13:45 - 00057344 ____R (NGEN TEAM) C:\Windows\SysWOW64\libsyslic1.dll 2014-03-05 00:11 - 2014-04-01 22:11 - 00000282 _____ () C:\Windows\Tasks\FF Watcher {BF8D2DBC-4BCB-4AF7-ABAB-3BEFE2C84DF8}.job 2014-03-05 00:11 - 2014-03-05 00:11 - 00003250 _____ () C:\Windows\System32\Tasks\FF Watcher {BF8D2DBC-4BCB-4AF7-ABAB-3BEFE2C84DF8} 2014-03-05 00:11 - 2014-03-05 00:11 - 00001158 _____ () C:\Users\Kitte\Desktop\Free M4a to MP3 Converter.lnk 2014-03-05 00:10 - 2014-03-05 00:11 - 00000000 ____D () C:\Program Files (x86)\Free M4a to MP3 Converter 2014-03-04 13:48 - 2014-03-04 13:50 - 00002337 _____ () C:\Users\Kitte\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\More New Software Only Here Full Version.lnk 2014-03-04 13:48 - 2014-03-04 13:50 - 00002331 _____ () C:\Users\Kitte\AppData\Roaming\Microsoft\Windows\Start Menu\More New Software Only Here Full Version.lnk 2014-03-04 13:48 - 2014-03-04 13:50 - 00000000 ____D () C:\Users\Kitte\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MP4 To MP3 Converter 2012 v3.0.4 Full 2014-03-04 13:48 - 2014-03-04 13:50 - 00000000 ____D () C:\Program Files (x86)\MP4 To MP3 Converter 2012 v3.0.4 Full 2014-03-04 13:16 - 2014-03-04 13:16 - 00000000 ____D () C:\Users\Kitte\AppData\Roaming\ImTOO ==================== One Month Modified Files and Folders ======= 2098-03-31 21:46 - 2014-03-19 20:28 - 00001108 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2098-03-31 20:41 - 2014-03-19 20:28 - 00004104 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA 2098-03-31 20:41 - 2014-03-19 20:28 - 00003852 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore 2098-03-31 14:47 - 2098-03-31 14:47 - 00296560 _____ () C:\Windows\Minidump\033198-32120-01.dmp 2098-03-31 14:47 - 2011-05-30 18:54 - 00000000 ____D () C:\Windows\Minidump 2098-03-31 14:46 - 2098-03-31 14:46 - 00003280 ____N () C:\bootsqm.dat 2098-03-30 07:54 - 2098-03-30 07:54 - 00270936 _____ () C:\Windows\Minidump\033098-28080-01.dmp 2098-03-30 07:39 - 2098-03-30 07:39 - 00292768 _____ () C:\Windows\Minidump\033098-18439-01.dmp 2014-04-01 22:29 - 2014-04-01 22:29 - 00015380 _____ () C:\Users\Kitte\Desktop\FRST.txt 2014-04-01 22:29 - 2014-03-10 17:34 - 00000000 ____D () C:\FRST 2014-04-01 22:28 - 2014-04-01 22:28 - 02157056 _____ (Farbar) C:\Users\Kitte\Desktop\FRST64 (1).exe 2014-04-01 22:17 - 2011-03-03 18:31 - 00003930 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{7D7E7D2D-0A74-4EA2-8CCE-E6AF824A01D5} 2014-04-01 22:11 - 2014-03-05 00:11 - 00000282 _____ () C:\Windows\Tasks\FF Watcher {BF8D2DBC-4BCB-4AF7-ABAB-3BEFE2C84DF8}.job 2014-04-01 21:51 - 2014-03-09 22:39 - 00000000 ____D () C:\Users\Kitte\Downloads\PC Reinigung 2014-04-01 21:08 - 2014-04-01 21:08 - 00101329 _____ () C:\Users\Kitte\Downloads\zbotkiller.zip 2014-04-01 21:06 - 2011-03-03 18:43 - 00000000 ____D () C:\ProgramData\Kaspersky Lab 2014-04-01 20:46 - 2014-04-01 20:46 - 01409024 _____ () C:\Users\Kitte\Documents\Unbenannt-5.indd 2014-04-01 13:38 - 2011-03-04 13:50 - 00000000 ____D () C:\Users\Kitte\AppData\Roaming\FileZilla 2014-04-01 12:16 - 2011-03-03 18:14 - 01105607 _____ () C:\Windows\WindowsUpdate.log 2014-04-01 11:45 - 2014-04-01 11:45 - 00000000 ____D () C:\Users\Kitte\AppData\Local\Microsoft Games 2014-04-01 11:40 - 2009-07-14 19:58 - 00713578 _____ () C:\Windows\system32\perfh007.dat 2014-04-01 11:40 - 2009-07-14 19:58 - 00155514 _____ () C:\Windows\system32\perfc007.dat 2014-04-01 11:40 - 2009-07-14 07:13 - 01658772 _____ () C:\Windows\system32\PerfStringBackup.INI 2014-04-01 10:52 - 2014-03-19 20:28 - 00001104 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2014-04-01 10:50 - 2009-07-14 06:45 - 00015136 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2014-04-01 10:50 - 2009-07-14 06:45 - 00015136 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2014-04-01 10:42 - 2014-02-04 00:05 - 00044737 _____ () C:\Windows\setupact.log 2014-04-01 10:42 - 2011-03-03 19:39 - 00000000 ____D () C:\ProgramData\NVIDIA 2014-04-01 10:42 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2014-04-01 03:14 - 2013-06-19 21:41 - 00000000 ____D () C:\Users\Kitte\AppData\Local\Firestorm 2014-04-01 02:01 - 2011-03-04 14:28 - 00000000 ____D () C:\Users\Kitte\AppData\Local\Adobe 2014-04-01 00:21 - 2011-03-03 18:32 - 00000000 ____D () C:\Program Files (x86)\Mozilla Thunderbird 2014-03-30 07:29 - 2014-03-30 07:29 - 00000036 _____ () C:\Users\Kitte\AppData\Local\housecall.guid.cache 2014-03-30 07:10 - 2009-07-14 06:45 - 08209000 _____ () C:\Windows\system32\FNTCACHE.DAT 2014-03-30 07:09 - 2014-03-30 07:09 - 00292760 _____ () C:\Windows\Minidump\033014-62416-01.dmp 2014-03-29 19:53 - 2014-03-29 19:53 - 00292456 _____ () C:\Windows\Minidump\032914-60684-01.dmp 2014-03-29 19:50 - 2014-03-29 19:50 - 00299856 _____ () C:\Windows\Minidump\032914-61386-01.dmp 2014-03-29 19:32 - 2009-07-14 07:08 - 00032752 _____ () C:\Windows\Tasks\SCHEDLGU.TXT 2014-03-29 19:31 - 2014-03-29 19:31 - 00296640 _____ () C:\Windows\Minidump\032914-20124-01.dmp 2014-03-29 19:28 - 2014-03-29 19:28 - 00312144 _____ () C:\Windows\Minidump\032914-20982-01.dmp 2014-03-29 13:18 - 2014-03-29 13:18 - 00292680 _____ () C:\Windows\Minidump\032914-27877-01.dmp 2014-03-27 08:55 - 2014-03-27 08:55 - 00293376 _____ () C:\Windows\Minidump\032714-27456-01.dmp 2014-03-27 08:50 - 2014-03-27 08:50 - 00291360 _____ () C:\Windows\Minidump\032714-28688-01.dmp 2014-03-27 07:32 - 2014-03-27 07:32 - 00293384 _____ () C:\Windows\Minidump\032714-21980-01.dmp 2014-03-27 07:28 - 2014-03-27 07:28 - 00292512 _____ () C:\Windows\Minidump\032714-22089-01.dmp 2014-03-27 07:25 - 2014-03-27 07:25 - 00301824 _____ () C:\Windows\Minidump\032714-38204-01.dmp 2014-03-27 07:04 - 2014-03-27 07:04 - 00316256 _____ () C:\Windows\Minidump\032714-21512-01.dmp 2014-03-25 14:45 - 2014-03-25 14:45 - 01227501 _____ () C:\Users\Kitte\Downloads\fsj_transman_lite-3.0.2.1819.zip 2014-03-25 12:53 - 2014-03-25 12:52 - 41734185 _____ () C:\Users\Kitte\Downloads\Hazan-Motorcycles-Top_down.zip 2014-03-25 12:52 - 2014-03-25 12:51 - 28546315 _____ () C:\Users\Kitte\Downloads\Hazan-Motorcycles-Side_down.zip 2014-03-25 12:51 - 2014-03-25 12:50 - 19908166 _____ () C:\Users\Kitte\Downloads\Hazan-Makoto-Painting_down.zip 2014-03-25 12:50 - 2014-03-25 12:49 - 21284961 _____ () C:\Users\Kitte\Downloads\Hazan-Portrait_down.zip 2014-03-25 12:49 - 2014-03-25 12:48 - 21483652 _____ () C:\Users\Kitte\Downloads\Hazan-Harley-Detail_down.zip 2014-03-25 12:48 - 2014-03-25 12:47 - 31361281 _____ () C:\Users\Kitte\Downloads\Hazan-Harley-Front_down.zip 2014-03-25 12:47 - 2014-03-25 12:46 - 25332998 _____ () C:\Users\Kitte\Downloads\Hazan-Harley-Right_down.zip 2014-03-25 12:46 - 2014-03-25 12:46 - 14332854 _____ () C:\Users\Kitte\Downloads\Hazan-Harley-Profile_down.zip 2014-03-24 17:18 - 2014-03-24 17:18 - 00001046 _____ () C:\Users\Kitte\Desktop\Virtual DJ Pro (2).lnk 2014-03-22 17:09 - 2014-03-22 17:09 - 00308064 _____ () C:\Windows\Minidump\032214-26598-01.dmp 2014-03-22 17:09 - 2014-02-11 16:12 - 00211968 _____ () C:\Windows\PFRO.log 2014-03-21 16:54 - 2011-10-31 18:09 - 00000000 ____D () C:\Users\Kitte\AppData\Roaming\Audacity 2014-03-20 14:39 - 2014-03-20 14:39 - 02602650 _____ () C:\Users\Kitte\Downloads\db520258096.sql 2014-03-19 20:29 - 2014-03-19 20:29 - 00002254 _____ () C:\Users\Public\Desktop\Google Chrome.lnk 2014-03-19 20:29 - 2011-05-29 18:44 - 00000000 ____D () C:\Program Files (x86)\Google 2014-03-19 20:28 - 2014-03-19 20:25 - 38147064 _____ (Google Inc.) C:\Users\Kitte\Downloads\ChromeStandaloneSetup_33.0.1750.154.exe 2014-03-19 20:08 - 2014-03-19 19:21 - 00000000 ____D () C:\Users\Kitte\AppData\Local\df9d36f3-94fe-4848-ebde-ca4e0b3016d7 2014-03-19 19:21 - 2014-03-19 19:21 - 00000306 __RSH () C:\ProgramData\ntuser.pol 2014-03-19 19:21 - 2009-07-14 05:20 - 00000000 ___HD () C:\Windows\system32\GroupPolicy 2014-03-19 19:21 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\SysWOW64\GroupPolicy 2014-03-19 19:09 - 2014-03-19 19:08 - 00000000 ____D () C:\Users\Kitte\AppData\Roaming\Wondershare 2014-03-19 19:08 - 2014-03-19 19:08 - 00001348 _____ () C:\Users\Public\Desktop\Wondershare Streaming Audio Recorder.lnk 2014-03-19 19:08 - 2014-03-19 19:08 - 00000000 ____D () C:\Users\Kitte\AppData\Local\Wondershare 2014-03-19 19:07 - 2014-03-19 19:07 - 00000000 ____D () C:\Program Files (x86)\Wondershare 2014-03-19 19:07 - 2014-03-19 19:06 - 00000000 ____D () C:\Users\Public\Documents\Wondershare 2014-03-19 17:19 - 2014-03-19 17:18 - 00001046 _____ () C:\Users\UpdatusUser\Desktop\Virtual DJ Pro.lnk 2014-03-19 17:19 - 2014-03-19 17:18 - 00001046 _____ () C:\Users\Kitte\Desktop\Virtual DJ Pro.lnk 2014-03-19 17:19 - 2014-03-19 17:18 - 00000000 ____D () C:\Users\Kitte\Documents\VirtualDJ 2014-03-19 17:19 - 2012-05-09 18:35 - 00000000 ____D () C:\Program Files (x86)\VirtualDJ 2014-03-19 17:18 - 2014-03-19 17:18 - 00003224 _____ () C:\Windows\System32\Tasks\{7238C2A4-3490-4EB4-B0B5-C28AF64654DF} 2014-03-19 17:16 - 2013-03-19 05:17 - 00000000 ____D () C:\Users\Kitte\AppData\Roaming\uTorrent 2014-03-19 15:18 - 2014-03-19 15:18 - 00308064 _____ () C:\Windows\Minidump\031914-28532-01.dmp 2014-03-19 03:31 - 2014-03-12 22:08 - 00000132 _____ () C:\Users\Kitte\AppData\Roaming\Adobe PNG-Format CC - Voreinstellungen 2014-03-16 21:02 - 2014-02-18 22:45 - 00000000 ____D () C:\Windows\system32\MRT 2014-03-16 20:57 - 2011-03-21 12:39 - 90015360 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe 2014-03-14 04:21 - 2013-03-14 04:02 - 00000000 ____D () C:\Program Files\Microsoft Silverlight 2014-03-14 04:21 - 2013-03-14 04:02 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight 2014-03-14 04:05 - 2011-04-04 14:50 - 00000000 ____D () C:\ProgramData\Microsoft Help 2014-03-13 17:31 - 2014-03-13 17:31 - 00002007 _____ () C:\Users\Public\Desktop\FileZilla Client.lnk 2014-03-13 17:31 - 2014-03-13 17:31 - 00000000 ____D () C:\Program Files (x86)\FileZilla FTP Client 2014-03-13 17:17 - 2014-03-13 17:17 - 00005976 _____ () C:\Users\Kitte\Desktop\FileZilla.xml 2014-03-13 17:11 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\system32\NDF 2014-03-13 16:58 - 2011-03-03 18:36 - 00296816 _____ () C:\Users\Kitte\AppData\Local\GDIPFONTCACHEV1.DAT 2014-03-13 16:34 - 2014-03-13 16:34 - 00002033 _____ () C:\Users\Public\Desktop\Adobe Acrobat X Pro.lnk 2014-03-13 16:31 - 2014-03-13 16:30 - 00000000 ____D () C:\Users\Kitte\Desktop\Adobe Acrobat X 2014-03-11 20:28 - 2014-03-11 20:28 - 00001014 _____ () C:\Users\Public\Desktop\Audacity.lnk 2014-03-11 20:28 - 2014-03-11 20:28 - 00000000 ____D () C:\Program Files (x86)\Audacity 2014-03-11 20:17 - 2014-03-11 20:17 - 00000992 _____ () C:\Users\Public\Desktop\AudioEdit Deluxe.lnk 2014-03-11 20:17 - 2014-03-11 20:17 - 00000000 ___HD () C:\ProgramData\{F481FC18-57D5-4479-B2FB-083BFF223F8F} 2014-03-11 20:17 - 2014-03-11 20:17 - 00000000 ____D () C:\Program Files (x86)\AudioEdit Deluxe 2014-03-11 20:02 - 2014-03-11 15:50 - 00000000 ____D () C:\Users\Kitte\Documents\Adobe 2014-03-11 16:43 - 2013-07-25 14:55 - 00000000 ___HD () C:\Users\Kitte\AppData\Local\lHX8ZAx771C3 2014-03-11 16:42 - 2014-03-11 16:42 - 00001673 _____ () C:\Users\Kitte\Desktop\Audition.lnk 2014-03-11 16:37 - 2014-02-27 16:39 - 00000000 ____D () C:\Users\Public\Documents\Adobe 2014-03-11 16:37 - 2011-03-04 19:02 - 00000000 ____D () C:\ProgramData\regid.1986-12.com.adobe 2014-03-11 16:37 - 2011-03-03 19:25 - 00000000 ____D () C:\Users\Kitte\AppData\Roaming\Adobe 2014-03-11 16:35 - 2011-03-04 18:38 - 00000000 ____D () C:\Program Files\Adobe 2014-03-11 16:34 - 2014-03-11 15:45 - 00001525 _____ () C:\Users\Public\Desktop\Adobe Application Manager.lnk 2014-03-11 16:30 - 2014-03-11 16:30 - 00001735 _____ () C:\Users\Kitte\Desktop\lightroom.lnk 2014-03-11 16:26 - 2011-03-04 16:54 - 00000000 ____D () C:\Program Files\Common Files\Adobe 2014-03-11 16:26 - 2011-03-03 19:24 - 00000000 ____D () C:\ProgramData\Adobe 2014-03-11 16:16 - 2014-03-11 16:16 - 00002290 _____ () C:\Users\Kitte\Desktop\Illustrator.lnk 2014-03-11 16:10 - 2014-03-11 16:10 - 00000000 ____D () C:\ProgramData\ALM 2014-03-11 16:02 - 2014-03-11 16:02 - 00001524 _____ () C:\Users\Kitte\Desktop\Flash.lnk 2014-03-11 15:51 - 2014-03-11 15:51 - 00001742 _____ () C:\Users\Kitte\Desktop\Media Encoder.lnk 2014-03-11 15:50 - 2014-03-11 15:50 - 00000000 ____D () C:\Users\Kitte\AppData\Roaming\PACE Anti-Piracy 2014-03-11 15:50 - 2014-03-11 15:50 - 00000000 ____D () C:\Users\Kitte\AppData\Local\PACE Anti-Piracy 2014-03-11 15:50 - 2014-03-11 15:50 - 00000000 ____D () C:\ProgramData\PACE Anti-Piracy 2014-03-11 15:49 - 2014-03-11 15:49 - 00001714 _____ () C:\Users\Kitte\Desktop\Dreamweaver.lnk 2014-03-11 15:45 - 2011-03-03 19:26 - 00000000 ____D () C:\Program Files (x86)\Adobe 2014-03-11 15:40 - 2014-03-11 15:40 - 00001854 _____ () C:\Users\Kitte\Desktop\AfterFX.lnk 2014-03-11 15:13 - 2014-03-11 15:13 - 00001691 _____ () C:\Users\Kitte\Desktop\InDesign.lnk 2014-03-11 15:09 - 2014-03-11 15:09 - 00001711 _____ () C:\Users\Kitte\Desktop\Photoshop.lnk 2014-03-11 15:00 - 2014-03-11 15:00 - 00003502 _____ () C:\Windows\System32\Tasks\AdobeAAMUpdater-1.0-Kitte-PC-Kitte 2014-03-11 04:41 - 2014-03-11 04:41 - 00000000 ____D () C:\ProgramData\YTD Video Downloader 2014-03-11 01:20 - 2014-03-11 01:20 - 00001296 _____ () C:\Users\Public\Desktop\YTD Video Downloader.lnk 2014-03-11 01:20 - 2014-03-11 01:20 - 00000000 ____D () C:\Program Files (x86)\GreenTree Applications 2014-03-10 21:03 - 2011-03-03 18:20 - 00000000 ____D () C:\Users\Kitte 2014-03-10 18:49 - 2011-05-29 18:44 - 00000000 ____D () C:\Users\Kitte\AppData\Local\Google 2014-03-10 18:48 - 2013-04-19 16:15 - 00000000 ____D () C:\Users\Kitte\AppData\Local\Deployment 2014-03-10 18:40 - 2014-03-10 18:40 - 00001271 _____ () C:\Users\Kitte\Desktop\Revo Uninstaller.lnk 2014-03-10 18:40 - 2014-03-10 18:40 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group 2014-03-10 02:17 - 2014-03-09 22:36 - 00000000 ____D () C:\AdwCleaner 2014-03-10 01:58 - 2014-03-10 01:58 - 00000000 ____D () C:\Windows\ERUNT 2014-03-10 01:54 - 2011-03-03 18:20 - 00000000 ___RD () C:\Users\Kitte\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup 2014-03-09 22:35 - 2014-03-09 22:35 - 00001116 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk 2014-03-09 22:35 - 2014-03-09 22:35 - 00000000 ____D () C:\Users\Kitte\AppData\Roaming\Malwarebytes 2014-03-09 22:35 - 2014-03-09 22:35 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes' Anti-Malware 2014-03-09 22:17 - 2011-03-03 18:30 - 00000000 ____D () C:\Program Files (x86)\Everything 2014-03-06 23:57 - 2014-03-06 23:57 - 00000000 ____D () C:\Users\Kitte\ChromeExtensions 2014-03-06 23:57 - 2014-03-06 23:57 - 00000000 ____D () C:\Users\Kitte\AppData\Local\Temp967e6bc64a9d99066d08323ca4e995a1 2014-03-06 18:15 - 2014-03-06 18:15 - 00001300 _____ () C:\Users\Kitte\Desktop\AVS4YOU Software Navigator.lnk 2014-03-06 18:15 - 2014-03-06 18:15 - 00000000 ____D () C:\Users\Kitte\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\AVS4YOU 2014-03-06 18:15 - 2014-03-06 18:02 - 00000000 ____D () C:\Program Files (x86)\AVS4YOU 2014-03-06 18:14 - 2014-03-06 18:14 - 00001244 _____ () C:\Users\Kitte\Desktop\AVS Audio Converter.lnk 2014-03-06 18:03 - 2014-03-06 18:03 - 00000000 ____D () C:\Users\Kitte\AppData\Roaming\AVS4YOU 2014-03-06 18:03 - 2014-03-06 18:03 - 00000000 ____D () C:\ProgramData\AVS4YOU 2014-03-06 17:56 - 2014-03-06 17:55 - 00000000 ____D () C:\Users\Kitte\Downloads\CDEX 2014-03-06 17:35 - 2014-03-06 17:35 - 00000000 ____D () C:\Users\Kitte\AppData\Local\Tempf1a49d9b6192fc5596c92a39a21487dc 2014-03-06 14:24 - 2011-06-21 01:17 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information 2014-03-06 14:23 - 2014-03-06 14:23 - 00001061 _____ () C:\Users\Public\Desktop\SYSTRAN Translation Project Mngr.lnk 2014-03-06 14:23 - 2014-03-06 14:23 - 00000989 _____ () C:\Users\Public\Desktop\SYSTRAN Toolbar.lnk 2014-03-06 14:23 - 2014-03-06 14:23 - 00000093 _____ () C:\Users\Kitte\AppData\Local\fusioncache.dat 2014-03-06 14:23 - 2014-03-06 14:23 - 00000000 ____D () C:\Users\Kitte\AppData\Roaming\SYSTRAN 2014-03-06 14:23 - 2014-03-06 14:23 - 00000000 ____D () C:\Users\Kitte\AppData\Local\SYSTRAN 2014-03-06 14:23 - 2014-03-06 14:23 - 00000000 ____D () C:\ProgramData\InstallShield 2014-03-06 14:22 - 2014-03-06 14:22 - 00000000 ____D () C:\Program Files (x86)\SYSTRAN 2014-03-06 14:22 - 2014-03-06 14:06 - 00878080 _____ () C:\Windows\SysWOW64\iconv.dll 2014-03-06 14:22 - 2014-03-06 14:06 - 00721920 _____ () C:\Windows\SysWOW64\libxml2.dll 2014-03-06 14:22 - 2014-03-06 14:06 - 00170432 _____ () C:\Windows\SysWOW64\libsyslic1.pd 2014-03-06 14:22 - 2014-03-06 14:06 - 00150016 _____ () C:\Windows\SysWOW64\libxslt.dll 2014-03-06 14:22 - 2014-03-06 14:06 - 00051200 _____ () C:\Windows\SysWOW64\libexslt.dll 2014-03-06 14:06 - 2014-03-06 14:06 - 00000192 _____ () C:\Windows\SysWOW64\libsyslic1.ls 2014-03-06 14:02 - 2011-05-26 17:25 - 01685134 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI 2014-03-06 14:01 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\Registration 2014-03-05 16:50 - 2011-11-24 01:58 - 00000000 ____D () C:\Program Files\WinRAR 2014-03-05 00:11 - 2014-03-05 00:11 - 00003250 _____ () C:\Windows\System32\Tasks\FF Watcher {BF8D2DBC-4BCB-4AF7-ABAB-3BEFE2C84DF8} 2014-03-05 00:11 - 2014-03-05 00:11 - 00001158 _____ () C:\Users\Kitte\Desktop\Free M4a to MP3 Converter.lnk 2014-03-05 00:11 - 2014-03-05 00:10 - 00000000 ____D () C:\Program Files (x86)\Free M4a to MP3 Converter 2014-03-04 23:43 - 2013-06-14 11:13 - 00000132 _____ () C:\Users\Kitte\AppData\Roaming\Adobe CS6-PNG-Format - Voreinstellungen 2014-03-04 23:15 - 2013-07-26 06:47 - 00000000 ____D () C:\MP4ToMP3Converter 2014-03-04 13:50 - 2014-03-04 13:48 - 00002337 _____ () C:\Users\Kitte\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\More New Software Only Here Full Version.lnk 2014-03-04 13:50 - 2014-03-04 13:48 - 00002331 _____ () C:\Users\Kitte\AppData\Roaming\Microsoft\Windows\Start Menu\More New Software Only Here Full Version.lnk 2014-03-04 13:50 - 2014-03-04 13:48 - 00000000 ____D () C:\Users\Kitte\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MP4 To MP3 Converter 2012 v3.0.4 Full 2014-03-04 13:50 - 2014-03-04 13:48 - 00000000 ____D () C:\Program Files (x86)\MP4 To MP3 Converter 2012 v3.0.4 Full 2014-03-04 13:16 - 2014-03-04 13:16 - 00000000 ____D () C:\Users\Kitte\AppData\Roaming\ImTOO 2014-03-02 17:29 - 2013-08-08 14:17 - 00001456 _____ () C:\Users\Kitte\AppData\Local\Adobe Für Web speichern 13.0 Prefs Files to move or delete: ==================== C:\Users\Kitte\ace_uninstaller.exe Some content of TEMP: ==================== C:\Users\Kitte\AppData\Local\Temp\amazonicon_v4.exe C:\Users\Kitte\AppData\Local\Temp\amazoninstallernircmdc.exe C:\Users\Kitte\AppData\Local\Temp\install_reader11_de_mssa_aaa_aih.exe C:\Users\Kitte\AppData\Local\Temp\install_reader11_de_mssa_aaa_aih_1.exe C:\Users\Kitte\AppData\Local\Temp\Quarantine.exe C:\Users\Kitte\AppData\Local\Temp\sdanircmdc.exe C:\Users\Kitte\AppData\Local\Temp\sdapskill.exe C:\Users\Kitte\AppData\Local\Temp\sdaspwn.exe C:\Users\Kitte\AppData\Local\Temp\v-bates.exe ==================== Bamital & volsnap Check ================= C:\Windows\System32\winlogon.exe => MD5 is legit C:\Windows\System32\wininit.exe => MD5 is legit C:\Windows\SysWOW64\wininit.exe => MD5 is legit C:\Windows\explorer.exe => MD5 is legit C:\Windows\SysWOW64\explorer.exe => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\SysWOW64\svchost.exe => MD5 is legit C:\Windows\System32\services.exe => MD5 is legit C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\SysWOW64\User32.dll => MD5 is legit C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\SysWOW64\userinit.exe => MD5 is legit C:\Windows\System32\rpcss.dll => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit LastRegBack: 2014-03-20 04:06 ==================== End Of Log ============================ --- --- --- --- --- --- |
01.04.2014, 21:53 | #6 |
/// TB-Ausbilder /// Anleitungs-Guru | Trojan-Ransom.Win32.Blocker.cbsn & Trojan-Spy.Win.32.Zbot.nsur eingefangen -.- Kaspersky: Evtl. auch bei Erkannte Bedrohungen schauen... Schutz-Center - Berichte -Speichern FRST: Setze den Haken auch bei Addition und drücke auf Scan. Es werden 2 Dateien erstellt. FRST.txt und Addition.txt
__________________ --> Trojan-Ransom.Win32.Blocker.cbsn & Trojan-Spy.Win.32.Zbot.nsur eingefangen -.- Geändert von deeprybka (01.04.2014 um 22:01 Uhr) |
01.04.2014, 22:01 | #7 |
| Trojan-Ransom.Win32.Blocker.cbsn & Trojan-Spy.Win.32.Zbot.nsur eingefangen -.- OK.. hatte den HAken übersehen... Hier nochmal beide: FIRST LOG: FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 13-03-2014 Ran by Kitte (administrator) on KITTE-PC on 01-04-2014 22:56:32 Running from C:\Users\Kitte\Desktop Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard Internet Explorer Version 11 Boot Mode: Normal ==================== Processes (Whitelisted) ================= () C:\Program Files (x86)\USB Safely Remove\USBSRService.exe (NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe (NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe (Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\avp.exe (Infowatch) C:\Program Files (x86)\Common Files\InfoWatch\CryptoStorage\ProtectedObjectsSrv.exe (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Native Instruments GmbH) C:\Program Files\Common Files\Native Instruments\Hardware\NIHardwareService.exe () C:\Windows\SysWOW64\PnkBstrA.exe (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe () C:\Program Files (x86)\USB Safely Remove\USBSafelyRemove.exe (Macrovision Corporation) C:\Program Files (x86)\Common Files\InstallShield\UpdateService\ISUSPM.exe (EIZO Corporation) C:\Program Files (x86)\EIZO\ScreenSlicer\ESCSlicer.exe (Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\avp.exe (Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Inc.) C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\acrotray.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (Microsoft Corporation) C:\Program Files (x86)\Internet Explorer\IELowutil.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Adobe Systems, Incorporated) C:\Program Files\Adobe\Adobe Photoshop CC (64 Bit)\Photoshop.exe (Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\CEPServiceManager4\CEPServiceManager.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Adobe Systems, Inc.) C:\Program Files (x86)\Adobe\Adobe Dreamweaver CC\Dreamweaver.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (OldTimer Tools) C:\Users\Kitte\Downloads\PC Reinigung\OTL.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Farbar) C:\Users\Kitte\Desktop\FRST64 (1).exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe ==================== Registry (Whitelisted) ================== HKLM\...\Run: [AdobeAAMUpdater-1.0] - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [472984 2013-12-10] (Adobe Systems Incorporated) HKLM-x32\...\Run: [DivXMediaServer] - C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe HKLM-x32\...\Run: [AVP] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\avp.exe [202328 2012-08-30] (Kaspersky Lab ZAO) HKLM-x32\...\Run: [AdobeCEPServiceManager] - C:\Program Files (x86)\Common Files\Adobe\CEPServiceManager4\CEPServiceManager.exe [1039240 2013-05-16] (Adobe Systems Incorporated) HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [932288 2010-10-25] (Adobe Systems Incorporated) HKLM-x32\...\Run: [] - [X] HKLM-x32\...\Run: [Adobe Acrobat Speed Launcher] - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe [36760 2010-10-25] (Adobe Systems Incorporated) HKLM-x32\...\Run: [Acrobat Assistant 8.0] - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe [821144 2010-10-25] (Adobe Systems Inc.) HKLM-x32\...\Run: [Wondershare Helper Compact.exe] - C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe [1679360 2012-02-28] (Wondershare) Winlogon\Notify\klogon: C:\Windows\System32\klogon.dll (Kaspersky Lab ZAO) HKU\.DEFAULT\...\Run: [SearchProtect] - \SearchProtect\bin\cltmng.exe HKU\S-1-5-21-729436633-2625193900-3310499369-1000\...\Run: [USB Safely Remove] - C:\Program Files (x86)\USB Safely Remove\USBSafelyRemove.exe [1521488 2009-11-26] () HKU\S-1-5-21-729436633-2625193900-3310499369-1000\...\Run: [AdobeBridge] - [X] HKU\S-1-5-21-729436633-2625193900-3310499369-1000\...\Run: [ISUSPM] - C:\Program Files (x86)\Common Files\InstallShield\UpdateService\ISUSPM.exe [213936 2006-03-20] (Macrovision Corporation) HKU\S-1-5-21-729436633-2625193900-3310499369-1000\...\Policies\Explorer: [DisallowRun] 1 HKU\S-1-5-21-729436633-2625193900-3310499369-1000\...\MountPoints2: {69d6a1aa-8c87-11e1-85fb-001d60be7f00} - G:\autorun.exe HKU\S-1-5-21-729436633-2625193900-3310499369-1000\...\MountPoints2: {8bb6befb-45b1-11e0-961f-001d60be7f00} - V:\KASPERSKYPURE.EXE GroupPolicy: Group Policy on Chrome detected <======= ATTENTION ==================== Internet (Whitelisted) ==================== ProxyEnable: Internet Explorer proxy is enabled. HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x40C417E9C6D9CB01 HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de HKCU\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.giga.de/ SearchScopes: HKLM - DefaultScope value is missing. SearchScopes: HKCU - DefaultScope {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = BHO: V-bates - {21EAF666-26B3-4a3c-ABD0-CA2F5A326744} - C:\Program Files\V-bates\Extension64.dll No File BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation) BHO-x32: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated) BHO-x32: No Name - {53707962-6F74-2D53-2644-206D7942484F} - No File BHO-x32: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation) BHO-x32: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) BHO-x32: SmartSelect Class - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) Toolbar: HKLM-x32 - SYSTRAN Toolbar - {95daa571-4def-4a6d-97d8-98a346672a24} - C:\Windows\SysWOW64\mscoree.dll (Microsoft Corporation) Toolbar: HKLM-x32 - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) Toolbar: HKCU - No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No File DPF: HKLM-x32 {1E54D648-B804-468d-BC78-4AFFED8E262F} hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab DPF: HKLM-x32 {74DBCB52-F298-4110-951D-AD2FF67BC8AB} hxxp://www.nvidia.com/content/DriverDownload/nforce/NvidiaSmartScan.cab Handler-x32: http\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation) Handler-x32: http\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation) Handler-x32: https\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation) Handler-x32: https\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation) Handler-x32: msdaipp\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation) Handler-x32: msdaipp\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation) Tcpip\Parameters: [DhcpNameServer] 192.168.178.1 Chrome: ======= CHR Extension: (Google Docs) - C:\Users\Kitte\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-03-10] CHR Extension: (Google Drive) - C:\Users\Kitte\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-03-10] CHR Extension: (YouTube) - C:\Users\Kitte\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-03-10] CHR Extension: (Google-Suche) - C:\Users\Kitte\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-03-10] CHR Extension: (Modul zur Link-Untersuchung) - C:\Users\Kitte\AppData\Local\Google\Chrome\User Data\Default\Extensions\dchlnpcodkpfdpacogkljefecpegganj [2014-03-10] CHR Extension: (Virtuelle Tastatur) - C:\Users\Kitte\AppData\Local\Google\Chrome\User Data\Default\Extensions\jagncdcchgajhfhijbbhecadmaiegcmh [2014-03-10] CHR Extension: (Amazon-Icon) - C:\Users\Kitte\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkcedibhemacmilmkpndpkoidlnmgngg [2014-03-10] CHR Extension: (Google Wallet) - C:\Users\Kitte\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-03-10] CHR Extension: (Google Mail) - C:\Users\Kitte\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-03-10] CHR Extension: (Anti-Banner) - C:\Users\Kitte\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjldcfjmnllhmgjclecdnfampinooman [2014-03-10] CHR HKLM-x32\...\Chrome\Extension: [blibmnfiieeaddojfnmnccflofiinnhd] - C:\Users\Kitte\AppData\Local\CRE\blibmnfiieeaddojfnmnccflofiinnhd.crx [2014-03-10] CHR HKLM-x32\...\Chrome\Extension: [dchlnpcodkpfdpacogkljefecpegganj] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\ChromeExt\urladvisor.crx [2012-08-31] CHR HKLM-x32\...\Chrome\Extension: [jagncdcchgajhfhijbbhecadmaiegcmh] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\ChromeExt\virtkbd.crx [2012-08-31] CHR HKLM-x32\...\Chrome\Extension: [mkcedibhemacmilmkpndpkoidlnmgngg] - C:\Users\Kitte\ChromeExtensions\mkcedibhemacmilmkpndpkoidlnmgngg\amazon.crx [2014-03-06] CHR HKLM-x32\...\Chrome\Extension: [pjldcfjmnllhmgjclecdnfampinooman] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\ChromeExt\ab.crx [2012-08-31] CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION ==================== Services (Whitelisted) ================= R2 AVP; C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\avp.exe [202328 2012-08-30] (Kaspersky Lab ZAO) R2 CSObjectsSrv; C:\Program Files (x86)\Common Files\InfoWatch\CryptoStorage\ProtectedObjectsSrv.exe [743992 2009-12-21] (Infowatch) R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation) R2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation) R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [75136 2011-11-17] () R2 USBSafelyRemoveService; C:\Program Files (x86)\USB Safely Remove\USBSRService.exe [532280 2009-11-26] () S3 aspnet_state; %SystemRoot%\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [X] S2 SBSDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [X] ==================== Drivers (Whitelisted) ==================== R2 atksgt; C:\Windows\System32\DRIVERS\atksgt.sys [314016 2013-05-01] () R0 CSCrySec; C:\Windows\System32\DRIVERS\CSCrySec.sys [85048 2009-12-14] (Infowatch) R1 CSVirtualDiskDrv; C:\Windows\System32\DRIVERS\CSVirtualDiskDrv.sys [66104 2009-12-14] (Infowatch) R1 HWiNFO32; C:\Program Files (x86)\HWiNFO32\HWiNFO64A.SYS [28032 2010-09-30] (REALiX(tm)) R0 KL1; C:\Windows\System32\DRIVERS\kl1.sys [458032 2011-10-20] (Kaspersky Lab ZAO) R1 kl2; C:\Windows\System32\DRIVERS\kl2.sys [13616 2011-10-20] (Kaspersky Lab ZAO) R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [636760 2013-02-12] (Kaspersky Lab) R1 KLIM6; C:\Windows\System32\DRIVERS\klim6.sys [29488 2011-03-10] (Kaspersky Lab ZAO) R3 klmouflt; C:\Windows\System32\DRIVERS\klmouflt.sys [22544 2009-11-02] (Kaspersky Lab) R2 lirsgt; C:\Windows\System32\DRIVERS\lirsgt.sys [43680 2013-05-01] () S3 mbamchameleon; C:\Windows\system32\drivers\mbamchameleon.sys [36680 2013-05-28] () R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation) R3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [8192 2005-03-29] () R2 npf; C:\Windows\System32\drivers\npf.sys [35344 2011-02-11] (CACE Technologies, Inc.) R0 PxHlpa64; C:\Windows\System32\Drivers\PxHlpa64.sys [56336 2012-06-22] (Corel Corporation) R0 Si3132r5; C:\Windows\System32\DRIVERS\Si3132r5.sys [337960 2007-12-26] (Silicon Image, Inc) R0 SiFilter; C:\Windows\System32\DRIVERS\SiWinAcc.sys [22568 2007-12-26] (Silicon Image, Inc.) R0 SiRemFil; C:\Windows\System32\DRIVERS\SiRemFil.sys [16936 2007-12-26] (Silicon Image, Inc.) S3 StarOpen; No ImagePath S3 taphss6; C:\Windows\System32\DRIVERS\taphss6.sys [42184 2013-06-21] (Anchorfree Inc.) R3 VCSVADHWSer; C:\Windows\System32\DRIVERS\vcsvad.sys [21504 2008-12-26] (Avnex) R3 WsAudioDevice_383S(1); C:\Windows\System32\drivers\WsAudioDevice_383S(1).sys [29288 2013-05-30] (Wondershare) S3 pccsmcfd; system32\DRIVERS\pccsmcfdx64.sys [X] S3 VBoxNetFlt; system32\DRIVERS\VBoxNetFlt.sys [X] ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2098-03-31 14:47 - 2098-03-31 14:47 - 00296560 _____ () C:\Windows\Minidump\033198-32120-01.dmp 2098-03-31 14:46 - 2098-03-31 14:46 - 00003280 ____N () C:\bootsqm.dat 2098-03-30 07:54 - 2098-03-30 07:54 - 00270936 _____ () C:\Windows\Minidump\033098-28080-01.dmp 2098-03-30 07:39 - 2098-03-30 07:39 - 00292768 _____ () C:\Windows\Minidump\033098-18439-01.dmp 2014-04-01 22:54 - 2014-04-01 22:54 - 00000857 _____ () C:\Users\Kitte\Desktop\Kaspersky01.txt 2014-04-01 22:37 - 2014-04-01 22:37 - 00000809 _____ () C:\Users\Kitte\Desktop\Kaspersky.txt 2014-04-01 22:29 - 2014-04-01 22:56 - 00015755 _____ () C:\Users\Kitte\Desktop\FRST.txt 2014-04-01 22:28 - 2014-04-01 22:28 - 02157056 _____ (Farbar) C:\Users\Kitte\Desktop\FRST64 (1).exe 2014-04-01 21:08 - 2014-04-01 21:08 - 00101329 _____ () C:\Users\Kitte\Downloads\zbotkiller.zip 2014-04-01 21:08 - 2010-08-26 19:44 - 00108368 _____ (Kaspersky Lab ZAO) C:\Users\Kitte\Downloads\ZBotKiller.exe 2014-04-01 21:08 - 2010-05-17 16:15 - 00002258 _____ () C:\Users\Kitte\Downloads\eula.txt 2014-04-01 20:46 - 2014-04-01 20:46 - 01409024 _____ () C:\Users\Kitte\Documents\Unbenannt-5.indd 2014-04-01 11:45 - 2014-04-01 11:45 - 00000000 ____D () C:\Users\Kitte\AppData\Local\Microsoft Games 2014-03-30 07:29 - 2014-03-30 07:29 - 00000036 _____ () C:\Users\Kitte\AppData\Local\housecall.guid.cache 2014-03-30 07:09 - 2014-03-30 07:09 - 00292760 _____ () C:\Windows\Minidump\033014-62416-01.dmp 2014-03-29 19:53 - 2014-03-29 19:53 - 00292456 _____ () C:\Windows\Minidump\032914-60684-01.dmp 2014-03-29 19:50 - 2014-03-29 19:50 - 00299856 _____ () C:\Windows\Minidump\032914-61386-01.dmp 2014-03-29 19:31 - 2014-03-29 19:31 - 00296640 _____ () C:\Windows\Minidump\032914-20124-01.dmp 2014-03-29 19:28 - 2014-03-29 19:28 - 00312144 _____ () C:\Windows\Minidump\032914-20982-01.dmp 2014-03-29 13:18 - 2014-03-29 13:18 - 00292680 _____ () C:\Windows\Minidump\032914-27877-01.dmp 2014-03-27 08:55 - 2014-03-27 08:55 - 00293376 _____ () C:\Windows\Minidump\032714-27456-01.dmp 2014-03-27 08:50 - 2014-03-27 08:50 - 00291360 _____ () C:\Windows\Minidump\032714-28688-01.dmp 2014-03-27 07:32 - 2014-03-27 07:32 - 00293384 _____ () C:\Windows\Minidump\032714-21980-01.dmp 2014-03-27 07:28 - 2014-03-27 07:28 - 00292512 _____ () C:\Windows\Minidump\032714-22089-01.dmp 2014-03-27 07:25 - 2014-03-27 07:25 - 00301824 _____ () C:\Windows\Minidump\032714-38204-01.dmp 2014-03-27 07:04 - 2014-03-27 07:04 - 00316256 _____ () C:\Windows\Minidump\032714-21512-01.dmp 2014-03-25 14:45 - 2014-03-25 14:45 - 01227501 _____ () C:\Users\Kitte\Downloads\fsj_transman_lite-3.0.2.1819.zip 2014-03-25 12:52 - 2014-03-25 12:53 - 41734185 _____ () C:\Users\Kitte\Downloads\Hazan-Motorcycles-Top_down.zip 2014-03-25 12:51 - 2014-03-25 12:52 - 28546315 _____ () C:\Users\Kitte\Downloads\Hazan-Motorcycles-Side_down.zip 2014-03-25 12:50 - 2014-03-25 12:51 - 19908166 _____ () C:\Users\Kitte\Downloads\Hazan-Makoto-Painting_down.zip 2014-03-25 12:49 - 2014-03-25 12:50 - 21284961 _____ () C:\Users\Kitte\Downloads\Hazan-Portrait_down.zip 2014-03-25 12:48 - 2014-03-25 12:49 - 21483652 _____ () C:\Users\Kitte\Downloads\Hazan-Harley-Detail_down.zip 2014-03-25 12:47 - 2014-03-25 12:48 - 31361281 _____ () C:\Users\Kitte\Downloads\Hazan-Harley-Front_down.zip 2014-03-25 12:46 - 2014-03-25 12:47 - 25332998 _____ () C:\Users\Kitte\Downloads\Hazan-Harley-Right_down.zip 2014-03-25 12:46 - 2014-03-25 12:46 - 14332854 _____ () C:\Users\Kitte\Downloads\Hazan-Harley-Profile_down.zip 2014-03-24 17:18 - 2014-03-24 17:18 - 00001046 _____ () C:\Users\Kitte\Desktop\Virtual DJ Pro (2).lnk 2014-03-22 17:09 - 2014-03-22 17:09 - 00308064 _____ () C:\Windows\Minidump\032214-26598-01.dmp 2014-03-20 14:39 - 2014-03-20 14:39 - 02602650 _____ () C:\Users\Kitte\Downloads\db520258096.sql 2014-03-19 20:29 - 2014-03-19 20:29 - 00002254 _____ () C:\Users\Public\Desktop\Google Chrome.lnk 2014-03-19 20:28 - 2098-03-31 21:46 - 00001108 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2014-03-19 20:28 - 2098-03-31 20:41 - 00004104 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA 2014-03-19 20:28 - 2098-03-31 20:41 - 00003852 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore 2014-03-19 20:28 - 2014-04-01 10:52 - 00001104 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2014-03-19 20:25 - 2014-03-19 20:28 - 38147064 _____ (Google Inc.) C:\Users\Kitte\Downloads\ChromeStandaloneSetup_33.0.1750.154.exe 2014-03-19 19:21 - 2014-03-19 20:08 - 00000000 ____D () C:\Users\Kitte\AppData\Local\df9d36f3-94fe-4848-ebde-ca4e0b3016d7 2014-03-19 19:21 - 2014-03-19 19:21 - 00000306 __RSH () C:\ProgramData\ntuser.pol 2014-03-19 19:08 - 2014-03-19 19:09 - 00000000 ____D () C:\Users\Kitte\AppData\Roaming\Wondershare 2014-03-19 19:08 - 2014-03-19 19:08 - 00001348 _____ () C:\Users\Public\Desktop\Wondershare Streaming Audio Recorder.lnk 2014-03-19 19:08 - 2014-03-19 19:08 - 00000000 ____D () C:\Users\Kitte\AppData\Local\Wondershare 2014-03-19 19:07 - 2014-03-19 19:07 - 00000000 ____D () C:\Program Files (x86)\Wondershare 2014-03-19 19:07 - 2013-05-30 14:56 - 00029288 _____ (Wondershare) C:\Windows\system32\Drivers\WsAudioDevice_383S(1).sys 2014-03-19 19:06 - 2014-03-19 19:07 - 00000000 ____D () C:\Users\Public\Documents\Wondershare 2014-03-19 17:18 - 2014-03-19 17:19 - 00001046 _____ () C:\Users\UpdatusUser\Desktop\Virtual DJ Pro.lnk 2014-03-19 17:18 - 2014-03-19 17:19 - 00001046 _____ () C:\Users\Kitte\Desktop\Virtual DJ Pro.lnk 2014-03-19 17:18 - 2014-03-19 17:19 - 00000000 ____D () C:\Users\Kitte\Documents\VirtualDJ 2014-03-19 17:18 - 2014-03-19 17:18 - 00003224 _____ () C:\Windows\System32\Tasks\{7238C2A4-3490-4EB4-B0B5-C28AF64654DF} 2014-03-19 15:18 - 2014-03-19 15:18 - 00308064 _____ () C:\Windows\Minidump\031914-28532-01.dmp 2014-03-14 00:07 - 2014-03-01 08:05 - 23133696 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2014-03-14 00:07 - 2014-03-01 07:17 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2014-03-14 00:07 - 2014-03-01 07:16 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll 2014-03-14 00:07 - 2014-03-01 06:58 - 02765824 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2014-03-14 00:07 - 2014-03-01 06:52 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll 2014-03-14 00:07 - 2014-03-01 06:51 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll 2014-03-14 00:07 - 2014-03-01 06:42 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll 2014-03-14 00:07 - 2014-03-01 06:40 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll 2014-03-14 00:07 - 2014-03-01 06:37 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll 2014-03-14 00:07 - 2014-03-01 06:33 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe 2014-03-14 00:07 - 2014-03-01 06:33 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe 2014-03-14 00:07 - 2014-03-01 06:32 - 00708608 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll 2014-03-14 00:07 - 2014-03-01 06:30 - 17074688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2014-03-14 00:07 - 2014-03-01 06:23 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe 2014-03-14 00:07 - 2014-03-01 06:17 - 00218624 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe 2014-03-14 00:07 - 2014-03-01 06:11 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb 2014-03-14 00:07 - 2014-03-01 06:02 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll 2014-03-14 00:07 - 2014-03-01 05:54 - 05768704 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2014-03-14 00:07 - 2014-03-01 05:52 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll 2014-03-14 00:07 - 2014-03-01 05:51 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll 2014-03-14 00:07 - 2014-03-01 05:47 - 02168320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2014-03-14 00:07 - 2014-03-01 05:43 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll 2014-03-14 00:07 - 2014-03-01 05:43 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll 2014-03-14 00:07 - 2014-03-01 05:42 - 00627200 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2014-03-14 00:07 - 2014-03-01 05:40 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll 2014-03-14 00:07 - 2014-03-01 05:38 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe 2014-03-14 00:07 - 2014-03-01 05:37 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll 2014-03-14 00:07 - 2014-03-01 05:35 - 02041856 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl 2014-03-14 00:07 - 2014-03-01 05:18 - 13051904 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2014-03-14 00:07 - 2014-03-01 05:16 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll 2014-03-14 00:07 - 2014-03-01 05:14 - 04244480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll 2014-03-14 00:07 - 2014-03-01 05:10 - 02334208 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2014-03-14 00:07 - 2014-03-01 05:03 - 00524288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll 2014-03-14 00:07 - 2014-03-01 05:00 - 01964032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl 2014-03-14 00:07 - 2014-03-01 04:57 - 11266048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2014-03-14 00:07 - 2014-03-01 04:38 - 01393664 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2014-03-14 00:07 - 2014-03-01 04:32 - 01820160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2014-03-14 00:07 - 2014-03-01 04:27 - 01156096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2014-03-14 00:07 - 2014-03-01 04:25 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll 2014-03-14 00:07 - 2014-03-01 04:25 - 00703488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll 2014-03-14 00:07 - 2014-02-07 03:23 - 03156480 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys 2014-03-14 00:07 - 2014-01-29 04:32 - 00484864 _____ (Microsoft Corporation) C:\Windows\system32\wer.dll 2014-03-14 00:07 - 2014-01-29 04:06 - 00381440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wer.dll 2014-03-14 00:07 - 2014-01-28 04:32 - 00228864 _____ (Microsoft Corporation) C:\Windows\system32\wwansvc.dll 2014-03-14 00:06 - 2014-02-04 04:32 - 01424384 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll 2014-03-14 00:06 - 2014-02-04 04:32 - 00624128 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll 2014-03-14 00:06 - 2014-02-04 04:04 - 01230336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll 2014-03-14 00:06 - 2014-02-04 04:04 - 00509440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll 2014-03-13 17:31 - 2014-03-13 17:31 - 00002007 _____ () C:\Users\Public\Desktop\FileZilla Client.lnk 2014-03-13 17:31 - 2014-03-13 17:31 - 00000000 ____D () C:\Program Files (x86)\FileZilla FTP Client 2014-03-13 17:17 - 2014-03-13 17:17 - 00005976 _____ () C:\Users\Kitte\Desktop\FileZilla.xml 2014-03-13 16:34 - 2014-03-13 16:34 - 00002033 _____ () C:\Users\Public\Desktop\Adobe Acrobat X Pro.lnk 2014-03-13 16:30 - 2014-03-13 16:31 - 00000000 ____D () C:\Users\Kitte\Desktop\Adobe Acrobat X 2014-03-12 22:08 - 2014-03-19 03:31 - 00000132 _____ () C:\Users\Kitte\AppData\Roaming\Adobe PNG-Format CC - Voreinstellungen 2014-03-11 20:28 - 2014-03-11 20:28 - 00001014 _____ () C:\Users\Public\Desktop\Audacity.lnk 2014-03-11 20:28 - 2014-03-11 20:28 - 00000000 ____D () C:\Program Files (x86)\Audacity 2014-03-11 20:17 - 2014-03-11 20:17 - 00000992 _____ () C:\Users\Public\Desktop\AudioEdit Deluxe.lnk 2014-03-11 20:17 - 2014-03-11 20:17 - 00000000 ___HD () C:\ProgramData\{F481FC18-57D5-4479-B2FB-083BFF223F8F} 2014-03-11 20:17 - 2014-03-11 20:17 - 00000000 ____D () C:\Program Files (x86)\AudioEdit Deluxe 2014-03-11 16:42 - 2014-03-11 16:42 - 00001673 _____ () C:\Users\Kitte\Desktop\Audition.lnk 2014-03-11 16:30 - 2014-03-11 16:30 - 00001735 _____ () C:\Users\Kitte\Desktop\lightroom.lnk 2014-03-11 16:16 - 2014-03-11 16:16 - 00002290 _____ () C:\Users\Kitte\Desktop\Illustrator.lnk 2014-03-11 16:10 - 2014-03-11 16:10 - 00000000 ____D () C:\ProgramData\ALM 2014-03-11 16:02 - 2014-03-11 16:02 - 00001524 _____ () C:\Users\Kitte\Desktop\Flash.lnk 2014-03-11 15:51 - 2014-03-11 15:51 - 00001742 _____ () C:\Users\Kitte\Desktop\Media Encoder.lnk 2014-03-11 15:50 - 2014-03-11 20:02 - 00000000 ____D () C:\Users\Kitte\Documents\Adobe 2014-03-11 15:50 - 2014-03-11 15:50 - 00000000 ____D () C:\Users\Kitte\AppData\Roaming\PACE Anti-Piracy 2014-03-11 15:50 - 2014-03-11 15:50 - 00000000 ____D () C:\Users\Kitte\AppData\Local\PACE Anti-Piracy 2014-03-11 15:50 - 2014-03-11 15:50 - 00000000 ____D () C:\ProgramData\PACE Anti-Piracy 2014-03-11 15:49 - 2014-03-11 15:49 - 00001714 _____ () C:\Users\Kitte\Desktop\Dreamweaver.lnk 2014-03-11 15:45 - 2014-03-11 16:34 - 00001525 _____ () C:\Users\Public\Desktop\Adobe Application Manager.lnk 2014-03-11 15:40 - 2014-03-11 15:40 - 00001854 _____ () C:\Users\Kitte\Desktop\AfterFX.lnk 2014-03-11 15:13 - 2014-03-11 15:13 - 00001691 _____ () C:\Users\Kitte\Desktop\InDesign.lnk 2014-03-11 15:09 - 2014-03-11 15:09 - 00001711 _____ () C:\Users\Kitte\Desktop\Photoshop.lnk 2014-03-11 15:00 - 2014-03-11 15:00 - 00003502 _____ () C:\Windows\System32\Tasks\AdobeAAMUpdater-1.0-Kitte-PC-Kitte 2014-03-11 04:41 - 2014-03-11 04:41 - 00000000 ____D () C:\ProgramData\YTD Video Downloader 2014-03-11 01:20 - 2014-03-11 01:20 - 00001296 _____ () C:\Users\Public\Desktop\YTD Video Downloader.lnk 2014-03-11 01:20 - 2014-03-11 01:20 - 00000000 ____D () C:\Program Files (x86)\GreenTree Applications 2014-03-10 18:40 - 2014-03-10 18:40 - 00001271 _____ () C:\Users\Kitte\Desktop\Revo Uninstaller.lnk 2014-03-10 18:40 - 2014-03-10 18:40 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group 2014-03-10 17:34 - 2014-04-01 22:56 - 00000000 ____D () C:\FRST 2014-03-10 01:58 - 2014-03-10 01:58 - 00000000 ____D () C:\Windows\ERUNT 2014-03-09 22:39 - 2014-04-01 21:51 - 00000000 ____D () C:\Users\Kitte\Downloads\PC Reinigung 2014-03-09 22:36 - 2014-03-10 02:17 - 00000000 ____D () C:\AdwCleaner 2014-03-09 22:35 - 2014-03-09 22:35 - 00001116 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk 2014-03-09 22:35 - 2014-03-09 22:35 - 00000000 ____D () C:\Users\Kitte\AppData\Roaming\Malwarebytes 2014-03-09 22:35 - 2014-03-09 22:35 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes' Anti-Malware 2014-03-09 22:35 - 2013-04-04 15:50 - 00025928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys 2014-03-06 23:57 - 2014-03-06 23:57 - 00000000 ____D () C:\Users\Kitte\ChromeExtensions 2014-03-06 23:57 - 2014-03-06 23:57 - 00000000 ____D () C:\Users\Kitte\AppData\Local\Temp967e6bc64a9d99066d08323ca4e995a1 2014-03-06 18:15 - 2014-03-06 18:15 - 00001300 _____ () C:\Users\Kitte\Desktop\AVS4YOU Software Navigator.lnk 2014-03-06 18:15 - 2014-03-06 18:15 - 00000000 ____D () C:\Users\Kitte\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\AVS4YOU 2014-03-06 18:14 - 2014-03-06 18:14 - 00001244 _____ () C:\Users\Kitte\Desktop\AVS Audio Converter.lnk 2014-03-06 18:14 - 2010-11-29 18:21 - 10915840 _____ (Intel Corporation) C:\Windows\SysWOW64\libmfxhw32.dll 2014-03-06 18:14 - 2010-11-29 18:21 - 10833920 _____ (Intel Corporation) C:\Windows\SysWOW64\libmfxsw32.dll 2014-03-06 18:03 - 2014-03-06 18:03 - 00000000 ____D () C:\Users\Kitte\AppData\Roaming\AVS4YOU 2014-03-06 18:03 - 2014-03-06 18:03 - 00000000 ____D () C:\ProgramData\AVS4YOU 2014-03-06 18:02 - 2014-03-06 18:15 - 00000000 ____D () C:\Program Files (x86)\AVS4YOU 2014-03-06 18:02 - 2010-05-11 15:17 - 01700352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\GdiPlus.dll 2014-03-06 18:02 - 2010-05-11 15:17 - 00024576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3a.dll 2014-03-06 17:55 - 2014-03-06 17:56 - 00000000 ____D () C:\Users\Kitte\Downloads\CDEX 2014-03-06 17:35 - 2014-03-06 17:35 - 00000000 ____D () C:\Users\Kitte\AppData\Local\Tempf1a49d9b6192fc5596c92a39a21487dc 2014-03-06 14:23 - 2014-03-06 14:23 - 00001061 _____ () C:\Users\Public\Desktop\SYSTRAN Translation Project Mngr.lnk 2014-03-06 14:23 - 2014-03-06 14:23 - 00000989 _____ () C:\Users\Public\Desktop\SYSTRAN Toolbar.lnk 2014-03-06 14:23 - 2014-03-06 14:23 - 00000093 _____ () C:\Users\Kitte\AppData\Local\fusioncache.dat 2014-03-06 14:23 - 2014-03-06 14:23 - 00000000 ____D () C:\Users\Kitte\AppData\Roaming\SYSTRAN 2014-03-06 14:23 - 2014-03-06 14:23 - 00000000 ____D () C:\Users\Kitte\AppData\Local\SYSTRAN 2014-03-06 14:23 - 2014-03-06 14:23 - 00000000 ____D () C:\ProgramData\InstallShield 2014-03-06 14:22 - 2014-03-06 14:22 - 00000000 ____D () C:\Program Files (x86)\SYSTRAN 2014-03-06 14:20 - 2007-03-14 02:57 - 00144896 ____R (SYSTRAN) C:\Windows\SysWOW64\libsyslic1.original.dll 2014-03-06 14:06 - 2014-03-06 14:22 - 00878080 _____ () C:\Windows\SysWOW64\iconv.dll 2014-03-06 14:06 - 2014-03-06 14:22 - 00721920 _____ () C:\Windows\SysWOW64\libxml2.dll 2014-03-06 14:06 - 2014-03-06 14:22 - 00170432 _____ () C:\Windows\SysWOW64\libsyslic1.pd 2014-03-06 14:06 - 2014-03-06 14:22 - 00150016 _____ () C:\Windows\SysWOW64\libxslt.dll 2014-03-06 14:06 - 2014-03-06 14:22 - 00051200 _____ () C:\Windows\SysWOW64\libexslt.dll 2014-03-06 14:06 - 2014-03-06 14:06 - 00000192 _____ () C:\Windows\SysWOW64\libsyslic1.ls 2014-03-06 14:06 - 2007-03-24 13:45 - 00057344 ____R (NGEN TEAM) C:\Windows\SysWOW64\libsyslic1.dll 2014-03-05 00:11 - 2014-04-01 22:41 - 00000282 _____ () C:\Windows\Tasks\FF Watcher {BF8D2DBC-4BCB-4AF7-ABAB-3BEFE2C84DF8}.job 2014-03-05 00:11 - 2014-03-05 00:11 - 00003250 _____ () C:\Windows\System32\Tasks\FF Watcher {BF8D2DBC-4BCB-4AF7-ABAB-3BEFE2C84DF8} 2014-03-05 00:11 - 2014-03-05 00:11 - 00001158 _____ () C:\Users\Kitte\Desktop\Free M4a to MP3 Converter.lnk 2014-03-05 00:10 - 2014-03-05 00:11 - 00000000 ____D () C:\Program Files (x86)\Free M4a to MP3 Converter 2014-03-04 13:48 - 2014-03-04 13:50 - 00002337 _____ () C:\Users\Kitte\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\More New Software Only Here Full Version.lnk 2014-03-04 13:48 - 2014-03-04 13:50 - 00002331 _____ () C:\Users\Kitte\AppData\Roaming\Microsoft\Windows\Start Menu\More New Software Only Here Full Version.lnk 2014-03-04 13:48 - 2014-03-04 13:50 - 00000000 ____D () C:\Users\Kitte\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MP4 To MP3 Converter 2012 v3.0.4 Full 2014-03-04 13:48 - 2014-03-04 13:50 - 00000000 ____D () C:\Program Files (x86)\MP4 To MP3 Converter 2012 v3.0.4 Full 2014-03-04 13:16 - 2014-03-04 13:16 - 00000000 ____D () C:\Users\Kitte\AppData\Roaming\ImTOO ==================== One Month Modified Files and Folders ======= 2098-03-31 21:46 - 2014-03-19 20:28 - 00001108 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2098-03-31 20:41 - 2014-03-19 20:28 - 00004104 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA 2098-03-31 20:41 - 2014-03-19 20:28 - 00003852 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore 2098-03-31 14:47 - 2098-03-31 14:47 - 00296560 _____ () C:\Windows\Minidump\033198-32120-01.dmp 2098-03-31 14:47 - 2011-05-30 18:54 - 00000000 ____D () C:\Windows\Minidump 2098-03-31 14:46 - 2098-03-31 14:46 - 00003280 ____N () C:\bootsqm.dat 2098-03-30 07:54 - 2098-03-30 07:54 - 00270936 _____ () C:\Windows\Minidump\033098-28080-01.dmp 2098-03-30 07:39 - 2098-03-30 07:39 - 00292768 _____ () C:\Windows\Minidump\033098-18439-01.dmp 2014-04-01 22:56 - 2014-04-01 22:29 - 00015755 _____ () C:\Users\Kitte\Desktop\FRST.txt 2014-04-01 22:56 - 2014-03-10 17:34 - 00000000 ____D () C:\FRST 2014-04-01 22:54 - 2014-04-01 22:54 - 00000857 _____ () C:\Users\Kitte\Desktop\Kaspersky01.txt 2014-04-01 22:48 - 2011-03-03 18:31 - 00003930 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{7D7E7D2D-0A74-4EA2-8CCE-E6AF824A01D5} 2014-04-01 22:41 - 2014-03-05 00:11 - 00000282 _____ () C:\Windows\Tasks\FF Watcher {BF8D2DBC-4BCB-4AF7-ABAB-3BEFE2C84DF8}.job 2014-04-01 22:37 - 2014-04-01 22:37 - 00000809 _____ () C:\Users\Kitte\Desktop\Kaspersky.txt 2014-04-01 22:28 - 2014-04-01 22:28 - 02157056 _____ (Farbar) C:\Users\Kitte\Desktop\FRST64 (1).exe 2014-04-01 21:51 - 2014-03-09 22:39 - 00000000 ____D () C:\Users\Kitte\Downloads\PC Reinigung 2014-04-01 21:08 - 2014-04-01 21:08 - 00101329 _____ () C:\Users\Kitte\Downloads\zbotkiller.zip 2014-04-01 21:06 - 2011-03-03 18:43 - 00000000 ____D () C:\ProgramData\Kaspersky Lab 2014-04-01 20:46 - 2014-04-01 20:46 - 01409024 _____ () C:\Users\Kitte\Documents\Unbenannt-5.indd 2014-04-01 13:38 - 2011-03-04 13:50 - 00000000 ____D () C:\Users\Kitte\AppData\Roaming\FileZilla 2014-04-01 12:16 - 2011-03-03 18:14 - 01105607 _____ () C:\Windows\WindowsUpdate.log 2014-04-01 11:45 - 2014-04-01 11:45 - 00000000 ____D () C:\Users\Kitte\AppData\Local\Microsoft Games 2014-04-01 11:40 - 2009-07-14 19:58 - 00713578 _____ () C:\Windows\system32\perfh007.dat 2014-04-01 11:40 - 2009-07-14 19:58 - 00155514 _____ () C:\Windows\system32\perfc007.dat 2014-04-01 11:40 - 2009-07-14 07:13 - 01658772 _____ () C:\Windows\system32\PerfStringBackup.INI 2014-04-01 10:52 - 2014-03-19 20:28 - 00001104 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2014-04-01 10:50 - 2009-07-14 06:45 - 00015136 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2014-04-01 10:50 - 2009-07-14 06:45 - 00015136 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2014-04-01 10:42 - 2014-02-04 00:05 - 00044737 _____ () C:\Windows\setupact.log 2014-04-01 10:42 - 2011-03-03 19:39 - 00000000 ____D () C:\ProgramData\NVIDIA 2014-04-01 10:42 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2014-04-01 03:14 - 2013-06-19 21:41 - 00000000 ____D () C:\Users\Kitte\AppData\Local\Firestorm 2014-04-01 02:01 - 2011-03-04 14:28 - 00000000 ____D () C:\Users\Kitte\AppData\Local\Adobe 2014-04-01 00:21 - 2011-03-03 18:32 - 00000000 ____D () C:\Program Files (x86)\Mozilla Thunderbird 2014-03-30 07:29 - 2014-03-30 07:29 - 00000036 _____ () C:\Users\Kitte\AppData\Local\housecall.guid.cache 2014-03-30 07:10 - 2009-07-14 06:45 - 08209000 _____ () C:\Windows\system32\FNTCACHE.DAT 2014-03-30 07:09 - 2014-03-30 07:09 - 00292760 _____ () C:\Windows\Minidump\033014-62416-01.dmp 2014-03-29 19:53 - 2014-03-29 19:53 - 00292456 _____ () C:\Windows\Minidump\032914-60684-01.dmp 2014-03-29 19:50 - 2014-03-29 19:50 - 00299856 _____ () C:\Windows\Minidump\032914-61386-01.dmp 2014-03-29 19:32 - 2009-07-14 07:08 - 00032752 _____ () C:\Windows\Tasks\SCHEDLGU.TXT 2014-03-29 19:31 - 2014-03-29 19:31 - 00296640 _____ () C:\Windows\Minidump\032914-20124-01.dmp 2014-03-29 19:28 - 2014-03-29 19:28 - 00312144 _____ () C:\Windows\Minidump\032914-20982-01.dmp 2014-03-29 13:18 - 2014-03-29 13:18 - 00292680 _____ () C:\Windows\Minidump\032914-27877-01.dmp 2014-03-27 08:55 - 2014-03-27 08:55 - 00293376 _____ () C:\Windows\Minidump\032714-27456-01.dmp 2014-03-27 08:50 - 2014-03-27 08:50 - 00291360 _____ () C:\Windows\Minidump\032714-28688-01.dmp 2014-03-27 07:32 - 2014-03-27 07:32 - 00293384 _____ () C:\Windows\Minidump\032714-21980-01.dmp 2014-03-27 07:28 - 2014-03-27 07:28 - 00292512 _____ () C:\Windows\Minidump\032714-22089-01.dmp 2014-03-27 07:25 - 2014-03-27 07:25 - 00301824 _____ () C:\Windows\Minidump\032714-38204-01.dmp 2014-03-27 07:04 - 2014-03-27 07:04 - 00316256 _____ () C:\Windows\Minidump\032714-21512-01.dmp 2014-03-25 14:45 - 2014-03-25 14:45 - 01227501 _____ () C:\Users\Kitte\Downloads\fsj_transman_lite-3.0.2.1819.zip 2014-03-25 12:53 - 2014-03-25 12:52 - 41734185 _____ () C:\Users\Kitte\Downloads\Hazan-Motorcycles-Top_down.zip 2014-03-25 12:52 - 2014-03-25 12:51 - 28546315 _____ () C:\Users\Kitte\Downloads\Hazan-Motorcycles-Side_down.zip 2014-03-25 12:51 - 2014-03-25 12:50 - 19908166 _____ () C:\Users\Kitte\Downloads\Hazan-Makoto-Painting_down.zip 2014-03-25 12:50 - 2014-03-25 12:49 - 21284961 _____ () C:\Users\Kitte\Downloads\Hazan-Portrait_down.zip 2014-03-25 12:49 - 2014-03-25 12:48 - 21483652 _____ () C:\Users\Kitte\Downloads\Hazan-Harley-Detail_down.zip 2014-03-25 12:48 - 2014-03-25 12:47 - 31361281 _____ () C:\Users\Kitte\Downloads\Hazan-Harley-Front_down.zip 2014-03-25 12:47 - 2014-03-25 12:46 - 25332998 _____ () C:\Users\Kitte\Downloads\Hazan-Harley-Right_down.zip 2014-03-25 12:46 - 2014-03-25 12:46 - 14332854 _____ () C:\Users\Kitte\Downloads\Hazan-Harley-Profile_down.zip 2014-03-24 17:18 - 2014-03-24 17:18 - 00001046 _____ () C:\Users\Kitte\Desktop\Virtual DJ Pro (2).lnk 2014-03-22 17:09 - 2014-03-22 17:09 - 00308064 _____ () C:\Windows\Minidump\032214-26598-01.dmp 2014-03-22 17:09 - 2014-02-11 16:12 - 00211968 _____ () C:\Windows\PFRO.log 2014-03-21 16:54 - 2011-10-31 18:09 - 00000000 ____D () C:\Users\Kitte\AppData\Roaming\Audacity 2014-03-20 14:39 - 2014-03-20 14:39 - 02602650 _____ () C:\Users\Kitte\Downloads\db520258096.sql 2014-03-19 20:29 - 2014-03-19 20:29 - 00002254 _____ () C:\Users\Public\Desktop\Google Chrome.lnk 2014-03-19 20:29 - 2011-05-29 18:44 - 00000000 ____D () C:\Program Files (x86)\Google 2014-03-19 20:28 - 2014-03-19 20:25 - 38147064 _____ (Google Inc.) C:\Users\Kitte\Downloads\ChromeStandaloneSetup_33.0.1750.154.exe 2014-03-19 20:08 - 2014-03-19 19:21 - 00000000 ____D () C:\Users\Kitte\AppData\Local\df9d36f3-94fe-4848-ebde-ca4e0b3016d7 2014-03-19 19:21 - 2014-03-19 19:21 - 00000306 __RSH () C:\ProgramData\ntuser.pol 2014-03-19 19:21 - 2009-07-14 05:20 - 00000000 ___HD () C:\Windows\system32\GroupPolicy 2014-03-19 19:21 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\SysWOW64\GroupPolicy 2014-03-19 19:09 - 2014-03-19 19:08 - 00000000 ____D () C:\Users\Kitte\AppData\Roaming\Wondershare 2014-03-19 19:08 - 2014-03-19 19:08 - 00001348 _____ () C:\Users\Public\Desktop\Wondershare Streaming Audio Recorder.lnk 2014-03-19 19:08 - 2014-03-19 19:08 - 00000000 ____D () C:\Users\Kitte\AppData\Local\Wondershare 2014-03-19 19:07 - 2014-03-19 19:07 - 00000000 ____D () C:\Program Files (x86)\Wondershare 2014-03-19 19:07 - 2014-03-19 19:06 - 00000000 ____D () C:\Users\Public\Documents\Wondershare 2014-03-19 17:19 - 2014-03-19 17:18 - 00001046 _____ () C:\Users\UpdatusUser\Desktop\Virtual DJ Pro.lnk 2014-03-19 17:19 - 2014-03-19 17:18 - 00001046 _____ () C:\Users\Kitte\Desktop\Virtual DJ Pro.lnk 2014-03-19 17:19 - 2014-03-19 17:18 - 00000000 ____D () C:\Users\Kitte\Documents\VirtualDJ 2014-03-19 17:19 - 2012-05-09 18:35 - 00000000 ____D () C:\Program Files (x86)\VirtualDJ 2014-03-19 17:18 - 2014-03-19 17:18 - 00003224 _____ () C:\Windows\System32\Tasks\{7238C2A4-3490-4EB4-B0B5-C28AF64654DF} 2014-03-19 17:16 - 2013-03-19 05:17 - 00000000 ____D () C:\Users\Kitte\AppData\Roaming\uTorrent 2014-03-19 15:18 - 2014-03-19 15:18 - 00308064 _____ () C:\Windows\Minidump\031914-28532-01.dmp 2014-03-19 03:31 - 2014-03-12 22:08 - 00000132 _____ () C:\Users\Kitte\AppData\Roaming\Adobe PNG-Format CC - Voreinstellungen 2014-03-16 21:02 - 2014-02-18 22:45 - 00000000 ____D () C:\Windows\system32\MRT 2014-03-16 20:57 - 2011-03-21 12:39 - 90015360 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe 2014-03-14 04:21 - 2013-03-14 04:02 - 00000000 ____D () C:\Program Files\Microsoft Silverlight 2014-03-14 04:21 - 2013-03-14 04:02 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight 2014-03-14 04:05 - 2011-04-04 14:50 - 00000000 ____D () C:\ProgramData\Microsoft Help 2014-03-13 17:31 - 2014-03-13 17:31 - 00002007 _____ () C:\Users\Public\Desktop\FileZilla Client.lnk 2014-03-13 17:31 - 2014-03-13 17:31 - 00000000 ____D () C:\Program Files (x86)\FileZilla FTP Client 2014-03-13 17:17 - 2014-03-13 17:17 - 00005976 _____ () C:\Users\Kitte\Desktop\FileZilla.xml 2014-03-13 17:11 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\system32\NDF 2014-03-13 16:58 - 2011-03-03 18:36 - 00296816 _____ () C:\Users\Kitte\AppData\Local\GDIPFONTCACHEV1.DAT 2014-03-13 16:34 - 2014-03-13 16:34 - 00002033 _____ () C:\Users\Public\Desktop\Adobe Acrobat X Pro.lnk 2014-03-13 16:31 - 2014-03-13 16:30 - 00000000 ____D () C:\Users\Kitte\Desktop\Adobe Acrobat X 2014-03-11 20:28 - 2014-03-11 20:28 - 00001014 _____ () C:\Users\Public\Desktop\Audacity.lnk 2014-03-11 20:28 - 2014-03-11 20:28 - 00000000 ____D () C:\Program Files (x86)\Audacity 2014-03-11 20:17 - 2014-03-11 20:17 - 00000992 _____ () C:\Users\Public\Desktop\AudioEdit Deluxe.lnk 2014-03-11 20:17 - 2014-03-11 20:17 - 00000000 ___HD () C:\ProgramData\{F481FC18-57D5-4479-B2FB-083BFF223F8F} 2014-03-11 20:17 - 2014-03-11 20:17 - 00000000 ____D () C:\Program Files (x86)\AudioEdit Deluxe 2014-03-11 20:02 - 2014-03-11 15:50 - 00000000 ____D () C:\Users\Kitte\Documents\Adobe 2014-03-11 16:43 - 2013-07-25 14:55 - 00000000 ___HD () C:\Users\Kitte\AppData\Local\lHX8ZAx771C3 2014-03-11 16:42 - 2014-03-11 16:42 - 00001673 _____ () C:\Users\Kitte\Desktop\Audition.lnk 2014-03-11 16:37 - 2014-02-27 16:39 - 00000000 ____D () C:\Users\Public\Documents\Adobe 2014-03-11 16:37 - 2011-03-04 19:02 - 00000000 ____D () C:\ProgramData\regid.1986-12.com.adobe 2014-03-11 16:37 - 2011-03-03 19:25 - 00000000 ____D () C:\Users\Kitte\AppData\Roaming\Adobe 2014-03-11 16:35 - 2011-03-04 18:38 - 00000000 ____D () C:\Program Files\Adobe 2014-03-11 16:34 - 2014-03-11 15:45 - 00001525 _____ () C:\Users\Public\Desktop\Adobe Application Manager.lnk 2014-03-11 16:30 - 2014-03-11 16:30 - 00001735 _____ () C:\Users\Kitte\Desktop\lightroom.lnk 2014-03-11 16:26 - 2011-03-04 16:54 - 00000000 ____D () C:\Program Files\Common Files\Adobe 2014-03-11 16:26 - 2011-03-03 19:24 - 00000000 ____D () C:\ProgramData\Adobe 2014-03-11 16:16 - 2014-03-11 16:16 - 00002290 _____ () C:\Users\Kitte\Desktop\Illustrator.lnk 2014-03-11 16:10 - 2014-03-11 16:10 - 00000000 ____D () C:\ProgramData\ALM 2014-03-11 16:02 - 2014-03-11 16:02 - 00001524 _____ () C:\Users\Kitte\Desktop\Flash.lnk 2014-03-11 15:51 - 2014-03-11 15:51 - 00001742 _____ () C:\Users\Kitte\Desktop\Media Encoder.lnk 2014-03-11 15:50 - 2014-03-11 15:50 - 00000000 ____D () C:\Users\Kitte\AppData\Roaming\PACE Anti-Piracy 2014-03-11 15:50 - 2014-03-11 15:50 - 00000000 ____D () C:\Users\Kitte\AppData\Local\PACE Anti-Piracy 2014-03-11 15:50 - 2014-03-11 15:50 - 00000000 ____D () C:\ProgramData\PACE Anti-Piracy 2014-03-11 15:49 - 2014-03-11 15:49 - 00001714 _____ () C:\Users\Kitte\Desktop\Dreamweaver.lnk 2014-03-11 15:45 - 2011-03-03 19:26 - 00000000 ____D () C:\Program Files (x86)\Adobe 2014-03-11 15:40 - 2014-03-11 15:40 - 00001854 _____ () C:\Users\Kitte\Desktop\AfterFX.lnk 2014-03-11 15:13 - 2014-03-11 15:13 - 00001691 _____ () C:\Users\Kitte\Desktop\InDesign.lnk 2014-03-11 15:09 - 2014-03-11 15:09 - 00001711 _____ () C:\Users\Kitte\Desktop\Photoshop.lnk 2014-03-11 15:00 - 2014-03-11 15:00 - 00003502 _____ () C:\Windows\System32\Tasks\AdobeAAMUpdater-1.0-Kitte-PC-Kitte 2014-03-11 04:41 - 2014-03-11 04:41 - 00000000 ____D () C:\ProgramData\YTD Video Downloader 2014-03-11 01:20 - 2014-03-11 01:20 - 00001296 _____ () C:\Users\Public\Desktop\YTD Video Downloader.lnk 2014-03-11 01:20 - 2014-03-11 01:20 - 00000000 ____D () C:\Program Files (x86)\GreenTree Applications 2014-03-10 21:03 - 2011-03-03 18:20 - 00000000 ____D () C:\Users\Kitte 2014-03-10 18:49 - 2011-05-29 18:44 - 00000000 ____D () C:\Users\Kitte\AppData\Local\Google 2014-03-10 18:48 - 2013-04-19 16:15 - 00000000 ____D () C:\Users\Kitte\AppData\Local\Deployment 2014-03-10 18:40 - 2014-03-10 18:40 - 00001271 _____ () C:\Users\Kitte\Desktop\Revo Uninstaller.lnk 2014-03-10 18:40 - 2014-03-10 18:40 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group 2014-03-10 02:17 - 2014-03-09 22:36 - 00000000 ____D () C:\AdwCleaner 2014-03-10 01:58 - 2014-03-10 01:58 - 00000000 ____D () C:\Windows\ERUNT 2014-03-10 01:54 - 2011-03-03 18:20 - 00000000 ___RD () C:\Users\Kitte\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup 2014-03-09 22:35 - 2014-03-09 22:35 - 00001116 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk 2014-03-09 22:35 - 2014-03-09 22:35 - 00000000 ____D () C:\Users\Kitte\AppData\Roaming\Malwarebytes 2014-03-09 22:35 - 2014-03-09 22:35 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes' Anti-Malware 2014-03-09 22:17 - 2011-03-03 18:30 - 00000000 ____D () C:\Program Files (x86)\Everything 2014-03-06 23:57 - 2014-03-06 23:57 - 00000000 ____D () C:\Users\Kitte\ChromeExtensions 2014-03-06 23:57 - 2014-03-06 23:57 - 00000000 ____D () C:\Users\Kitte\AppData\Local\Temp967e6bc64a9d99066d08323ca4e995a1 2014-03-06 18:15 - 2014-03-06 18:15 - 00001300 _____ () C:\Users\Kitte\Desktop\AVS4YOU Software Navigator.lnk 2014-03-06 18:15 - 2014-03-06 18:15 - 00000000 ____D () C:\Users\Kitte\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\AVS4YOU 2014-03-06 18:15 - 2014-03-06 18:02 - 00000000 ____D () C:\Program Files (x86)\AVS4YOU 2014-03-06 18:14 - 2014-03-06 18:14 - 00001244 _____ () C:\Users\Kitte\Desktop\AVS Audio Converter.lnk 2014-03-06 18:03 - 2014-03-06 18:03 - 00000000 ____D () C:\Users\Kitte\AppData\Roaming\AVS4YOU 2014-03-06 18:03 - 2014-03-06 18:03 - 00000000 ____D () C:\ProgramData\AVS4YOU 2014-03-06 17:56 - 2014-03-06 17:55 - 00000000 ____D () C:\Users\Kitte\Downloads\CDEX 2014-03-06 17:35 - 2014-03-06 17:35 - 00000000 ____D () C:\Users\Kitte\AppData\Local\Tempf1a49d9b6192fc5596c92a39a21487dc 2014-03-06 14:24 - 2011-06-21 01:17 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information 2014-03-06 14:23 - 2014-03-06 14:23 - 00001061 _____ () C:\Users\Public\Desktop\SYSTRAN Translation Project Mngr.lnk 2014-03-06 14:23 - 2014-03-06 14:23 - 00000989 _____ () C:\Users\Public\Desktop\SYSTRAN Toolbar.lnk 2014-03-06 14:23 - 2014-03-06 14:23 - 00000093 _____ () C:\Users\Kitte\AppData\Local\fusioncache.dat 2014-03-06 14:23 - 2014-03-06 14:23 - 00000000 ____D () C:\Users\Kitte\AppData\Roaming\SYSTRAN 2014-03-06 14:23 - 2014-03-06 14:23 - 00000000 ____D () C:\Users\Kitte\AppData\Local\SYSTRAN 2014-03-06 14:23 - 2014-03-06 14:23 - 00000000 ____D () C:\ProgramData\InstallShield 2014-03-06 14:22 - 2014-03-06 14:22 - 00000000 ____D () C:\Program Files (x86)\SYSTRAN 2014-03-06 14:22 - 2014-03-06 14:06 - 00878080 _____ () C:\Windows\SysWOW64\iconv.dll 2014-03-06 14:22 - 2014-03-06 14:06 - 00721920 _____ () C:\Windows\SysWOW64\libxml2.dll 2014-03-06 14:22 - 2014-03-06 14:06 - 00170432 _____ () C:\Windows\SysWOW64\libsyslic1.pd 2014-03-06 14:22 - 2014-03-06 14:06 - 00150016 _____ () C:\Windows\SysWOW64\libxslt.dll 2014-03-06 14:22 - 2014-03-06 14:06 - 00051200 _____ () C:\Windows\SysWOW64\libexslt.dll 2014-03-06 14:06 - 2014-03-06 14:06 - 00000192 _____ () C:\Windows\SysWOW64\libsyslic1.ls 2014-03-06 14:02 - 2011-05-26 17:25 - 01685134 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI 2014-03-06 14:01 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\Registration 2014-03-05 16:50 - 2011-11-24 01:58 - 00000000 ____D () C:\Program Files\WinRAR 2014-03-05 00:11 - 2014-03-05 00:11 - 00003250 _____ () C:\Windows\System32\Tasks\FF Watcher {BF8D2DBC-4BCB-4AF7-ABAB-3BEFE2C84DF8} 2014-03-05 00:11 - 2014-03-05 00:11 - 00001158 _____ () C:\Users\Kitte\Desktop\Free M4a to MP3 Converter.lnk 2014-03-05 00:11 - 2014-03-05 00:10 - 00000000 ____D () C:\Program Files (x86)\Free M4a to MP3 Converter 2014-03-04 23:43 - 2013-06-14 11:13 - 00000132 _____ () C:\Users\Kitte\AppData\Roaming\Adobe CS6-PNG-Format - Voreinstellungen 2014-03-04 23:15 - 2013-07-26 06:47 - 00000000 ____D () C:\MP4ToMP3Converter 2014-03-04 13:50 - 2014-03-04 13:48 - 00002337 _____ () C:\Users\Kitte\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\More New Software Only Here Full Version.lnk 2014-03-04 13:50 - 2014-03-04 13:48 - 00002331 _____ () C:\Users\Kitte\AppData\Roaming\Microsoft\Windows\Start Menu\More New Software Only Here Full Version.lnk 2014-03-04 13:50 - 2014-03-04 13:48 - 00000000 ____D () C:\Users\Kitte\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MP4 To MP3 Converter 2012 v3.0.4 Full 2014-03-04 13:50 - 2014-03-04 13:48 - 00000000 ____D () C:\Program Files (x86)\MP4 To MP3 Converter 2012 v3.0.4 Full 2014-03-04 13:16 - 2014-03-04 13:16 - 00000000 ____D () C:\Users\Kitte\AppData\Roaming\ImTOO 2014-03-02 17:29 - 2013-08-08 14:17 - 00001456 _____ () C:\Users\Kitte\AppData\Local\Adobe Für Web speichern 13.0 Prefs Files to move or delete: ==================== C:\Users\Kitte\ace_uninstaller.exe Some content of TEMP: ==================== C:\Users\Kitte\AppData\Local\Temp\amazonicon_v4.exe C:\Users\Kitte\AppData\Local\Temp\amazoninstallernircmdc.exe C:\Users\Kitte\AppData\Local\Temp\install_reader11_de_mssa_aaa_aih.exe C:\Users\Kitte\AppData\Local\Temp\install_reader11_de_mssa_aaa_aih_1.exe C:\Users\Kitte\AppData\Local\Temp\Quarantine.exe C:\Users\Kitte\AppData\Local\Temp\sdanircmdc.exe C:\Users\Kitte\AppData\Local\Temp\sdapskill.exe C:\Users\Kitte\AppData\Local\Temp\sdaspwn.exe C:\Users\Kitte\AppData\Local\Temp\v-bates.exe ==================== Bamital & volsnap Check ================= C:\Windows\System32\winlogon.exe => MD5 is legit C:\Windows\System32\wininit.exe => MD5 is legit C:\Windows\SysWOW64\wininit.exe => MD5 is legit C:\Windows\explorer.exe => MD5 is legit C:\Windows\SysWOW64\explorer.exe => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\SysWOW64\svchost.exe => MD5 is legit C:\Windows\System32\services.exe => MD5 is legit C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\SysWOW64\User32.dll => MD5 is legit C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\SysWOW64\userinit.exe => MD5 is legit C:\Windows\System32\rpcss.dll => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit LastRegBack: 2014-03-20 04:06 ==================== End Of Log ============================ --- --- --- Addition.text: Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x64) Version: 13-03-2014 Ran by Kitte at 2014-04-01 22:57:21 Running from C:\Users\Kitte\Desktop Boot Mode: Normal ========================================================== ==================== Security Center ======================== AV: Kaspersky PURE 2.0 (Enabled - Up to date) {C3113FBF-4BCB-4461-D78D-6EDFEC9593E5} AS: Kaspersky PURE 2.0 (Enabled - Up to date) {7870DE5B-6DF1-4BEF-ED3D-55AD9712D958} AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} FW: Kaspersky PURE 2.0 (Enabled) {FB2ABE9A-01A4-4539-FCD2-C7EA1246D49E} ==================== Installed Programs ====================== µTorrent (HKCU\...\uTorrent) (Version: 3.4.0.30620 - BitTorrent Inc.) 64 Bit HP CIO Components Installer (Version: 6.2.2 - Hewlett-Packard) Hidden 7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov) Adobe Acrobat X Pro - English, Français, Deutsch (HKLM-x32\...\{AC76BA86-1033-F400-7760-000000000005}) (Version: 10.0.0 - Adobe Systems) Adobe After Effects CC (HKLM-x32\...\{317243C1-6580-4F43-AED7-37D4438C3DD5}) (Version: 12 - Adobe Systems Incorporated) Adobe Audition CC (HKLM-x32\...\{DE1E055B-679C-42F8-B114-7B6ED0B8ED95}) (Version: 6.0 - Adobe Systems Incorporated) Adobe Bridge CC (64 Bit) (HKLM-x32\...\{359F8007-6486-429C-A8C5-D67F6897C88C}) (Version: 6.0 - Adobe Systems Incorporated) Adobe Dreamweaver CC (HKLM-x32\...\{00E094E1-A852-11E2-803D-ACEA632352B4}) (Version: 13 - Adobe Systems Incorporated) Adobe Flash Professional CC (HKLM-x32\...\{B56B95BF-7161-4166-8288-DB1BA9F6C9B8}) (Version: 13.0 - Adobe Systems Incorporated) Adobe Illustrator CC (HKLM-x32\...\{F2321021-08A2-44D6-B1DF-BDB415F23EC3}) (Version: 17.0 - Adobe Systems Incorporated) Adobe InDesign CC (HKLM-x32\...\{BC448016-6F11-1014-B0EA-97CEE6E26CB6}) (Version: 9.0 - Adobe Systems Incorporated) Adobe Photoshop CC (HKLM-x32\...\{2D99B50E-431D-4AA8-85C1-172A6F8BCF09}) (Version: 14.0 - Adobe Systems Incorporated) Adobe Photoshop Lightroom 5.3 64-bit (HKLM\...\{2DD71ACB-552D-402C-9529-7906ACB95C30}) (Version: 5.3.1 - Adobe Systems Incorporated) Adobe Update Management Tool (HKLM-x32\...\{534A7A1A-7102-4AF6-23EA-7CD279C7B625}_is1) (Version: 7.0 - PainteR) Apple Application Support (HKLM-x32\...\{A922C4B7-50E0-4787-A94C-59DBF3C65DBE}) (Version: 3.0 - Apple Inc.) Apple Mobile Device Support (HKLM\...\{FE86CB0C-FCB3-4358-B4B0-B0A41E33B3DD}) (Version: 7.1.0.32 - Apple Inc.) Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.) Artisteer 4 (HKLM-x32\...\Artisteer 4) (Version: 4.1 - Extensoft) Audacity 2.0.5 (HKLM-x32\...\Audacity_is1) (Version: 2.0.5 - Audacity Team) AudioEdit Deluxe (HKLM-x32\...\AudioEdit Deluxe) (Version: - Mystik Media) AudioEdit Deluxe (x32 Version: 4.x - Mystik Media) Hidden AVS Audio Converter version 7 (HKLM-x32\...\AVS Audio Converter_is1) (Version: - Online Media Technologies Ltd.) AVS Update Manager 1.0 (HKLM-x32\...\AVS Update Manager_is1) (Version: - Online Media Technologies Ltd.) AVS4YOU Software Navigator 1.4 (HKLM-x32\...\AVS4YOU Software Navigator_is1) (Version: - Online Media Technologies Ltd.) bl (x32 Version: 1.0.0 - Your Company Name) Hidden Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.) bpd_scan (x32 Version: 3.00.0000 - Hewlett-Packard) Hidden CCleaner (HKLM\...\CCleaner) (Version: 4.10 - Piriform) CD-LabelPrint (HKLM-x32\...\MediaNavigation.CDLabelPrint) (Version: - ) D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{92C42EDD-6524-4577-B2EB-6C68C63B6D4A}) (Version: - Microsoft) EIZO ScreenSlicer (HKLM-x32\...\{292A177D-723F-4537-9985-BC8BFCD8B63D}) (Version: 1.1.4.1 - EIZO Corporation) FileParade bundle uninstaller (HKLM-x32\...\FileParade bundle uninstaller) (Version: 1.0.0.0 - FileParade) <==== ATTENTION FileZilla Client 3.7.4.1 (HKLM-x32\...\FileZilla Client) (Version: 3.7.4.1 - Tim Kosse) Firestorm-Beta (remove only) (HKLM-x32\...\Firestorm-Beta) (Version: 4.5.1.38838 - The Phoenix Firestorm Project, Inc.) Free M4a to MP3 Converter 8.1 (HKLM-x32\...\Free M4a to MP3 Converter_is1) (Version: - ManiacTools.com) Google Chrome (HKLM-x32\...\Google Chrome) (Version: 33.0.1750.154 - Google Inc.) Google Update Helper (x32 Version: 1.3.23.9 - Google Inc.) Hidden HWiNFO32 Version 3.71 (HKLM-x32\...\HWiNFO32_is1) (Version: 3.71 - Martin Malík - REALiX) iCloud (HKLM\...\{81E20D41-C277-4526-934D-F2380AF91B78}) (Version: 3.1.0.40 - Apple Inc.) iTunes (HKLM\...\{0D924CB2-2EA4-4044-BAF7-770202D6BD0D}) (Version: 11.1.4.62 - Apple Inc.) Java 7 Update 51 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217025FF}) (Version: 7.0.510 - Oracle) Java Auto Updater (x32 Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden JavaFX 2.1.1 (HKLM-x32\...\{1111706F-666A-4037-7777-211328764D10}) (Version: 2.1.1 - Oracle Corporation) Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Kaspersky PURE 2.0 (HKLM-x32\...\InstallWIX_{2D270A67-B7CD-4281-B2FE-60DF18D19B8E}) (Version: 12.0.2.733 - Kaspersky Lab) Kaspersky PURE 2.0 (x32 Version: 12.0.2.733 - Kaspersky Lab) Hidden K-Lite Codec Pack 7.9.0 (Basic) (HKLM-x32\...\KLiteCodecPack_is1) (Version: 7.9.0 - ) LAME v3.99.3 (for Windows) (HKLM-x32\...\LAME_is1) (Version: - ) Malwarebytes Anti-Malware Version 1.75.0.1300 (HKLM-x32\...\Malwarebytes' Anti-Malware_is1) (Version: 1.75.0.1300 - Malwarebytes Corporation) Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden Messenger Companion (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Microsoft .NET Framework 1.1 (HKLM-x32\...\{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}) (Version: 1.1.4322 - Microsoft) Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation) Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden Microsoft Office Access MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden Microsoft Office Excel MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden Microsoft Office Groove MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden Microsoft Office InfoPath MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden Microsoft Office Office 64-bit Components 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden Microsoft Office OneNote MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden Microsoft Office Outlook Connector (HKLM-x32\...\{95140000-007A-0407-0000-0000000FF1CE}) (Version: 14.0.5118.5000 - Microsoft Corporation) Microsoft Office Outlook MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden Microsoft Office PowerPoint MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden Microsoft Office Professional Plus 2010 (HKLM-x32\...\Office14.PROPLUS) (Version: 14.0.7015.1000 - Microsoft Corporation) Microsoft Office Professional Plus 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden Microsoft Office Proof (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden Microsoft Office Proof (French) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden Microsoft Office Proof (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden Microsoft Office Proof (Italian) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden Microsoft Office Proofing (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden Microsoft Office Publisher MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden Microsoft Office Shared 64-bit MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden Microsoft Office Shared MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden Microsoft Office Word MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden Microsoft Office Word Viewer 2003 (HKLM-x32\...\{90850407-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8173.0 - Microsoft Corporation) Microsoft Office XP Professional (HKLM-x32\...\{90110407-6000-11D3-8CFE-0050048383C9}) (Version: 10.0.6626.0 - Microsoft Corporation) Microsoft Outlook Social Connector Provider for Windows Live Messenger 32-bit (HKLM-x32\...\{95140000-007D-0409-0000-0000000FF1CE}) (Version: 14.0.5120.5000 - Microsoft Corporation) Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30214.0 - Microsoft Corporation) Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation) Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 (HKLM\...\{B6E3757B-5E77-3915-866A-CCFC4B8D194C}) (Version: 8.0.50727.4053 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable - KB2467175 (HKLM-x32\...\{a0fe116e-9a8a-466f-aee0-625cb7c207e3}) (Version: 8.0.51011 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570 (HKLM\...\{8338783A-0968-3B85-AFC7-BAAE0A63DC50}) (Version: 9.0.30729.5570 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (HKLM\...\{350AA351-21FA-3270-8B7A-835434E766AD}) (Version: 9.0.21022 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft_VC80_ATL_x86 (x32 Version: 8.0.50727.4053 - Adobe) Hidden Microsoft_VC80_ATL_x86_x64 (Version: 8.0.50727.4053 - Adobe) Hidden Microsoft_VC80_CRT_x86 (x32 Version: 8.0.50727.4053 - Adobe) Hidden Microsoft_VC80_CRT_x86_x64 (Version: 8.0.50727.4053 - Adobe) Hidden Microsoft_VC80_MFC_x86 (x32 Version: 8.0.50727.4053 - Adobe) Hidden Microsoft_VC80_MFC_x86_x64 (Version: 8.0.50727.4053 - Adobe) Hidden Microsoft_VC80_MFCLOC_x86 (x32 Version: 8.0.50727.4053 - Adobe) Hidden Microsoft_VC80_MFCLOC_x86_x64 (Version: 80.50727.4053 - Adobe) Hidden Microsoft_VC90_ATL_x86 (x32 Version: 1.00.0000 - Adobe) Hidden Microsoft_VC90_ATL_x86_x64 (Version: 1.00.0000 - Adobe) Hidden Microsoft_VC90_CRT_x86 (x32 Version: 1.00.0000 - Adobe) Hidden Microsoft_VC90_CRT_x86_x64 (Version: 1.00.0000 - Adobe) Hidden Microsoft_VC90_MFC_x86 (x32 Version: 1.00.0000 - Adobe) Hidden Microsoft_VC90_MFC_x86_x64 (Version: 1.00.0000 - Adobe) Hidden Microsoft_VC90_MFCLOC_x86 (x32 Version: 1.00.0000 - Adobe) Hidden Movie Mode (HKLM-x32\...\MovieMode) (Version: 2.6.63 - GenTechnologies Apps, LLC) Mozilla Thunderbird 24.4.0 (x86 de) (HKLM-x32\...\Mozilla Thunderbird 24.4.0 (x86 de)) (Version: 24.4.0 - Mozilla) MP4 To MP3 Converter 2012 v3.0.4 Full (HKLM-x32\...\MP4 To MP3 Converter 2012 v3.0.4 Full) (Version: - SoftVipDownload) MSVC80_x64_v2 (Version: 1.0.3.0 - Nokia) Hidden MSVC80_x86_v2 (x32 Version: 1.0.3.0 - Nokia) Hidden MSVC90_x64 (Version: 1.0.1.2 - Nokia) Hidden MSVC90_x86 (x32 Version: 1.0.1.2 - Nokia) Hidden MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden MSVCRT_amd64 (x32 Version: 15.4.2862.0708 - Microsoft) Hidden MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation) MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation) MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation) MSXML 4.0 SP3 Parser (KB2721691) (HKLM-x32\...\{355B5AC0-CEEE-42C5-AD4D-7F3CFD806C36}) (Version: 4.30.2114.0 - Microsoft Corporation) MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation) MSXML 4.0 SP3 Parser (KB973685) (HKLM-x32\...\{859DFA95-E4A6-48CD-B88E-A3E483E89B44}) (Version: 4.30.2107.0 - Microsoft Corporation) Native Instruments Controller Editor (HKLM-x32\...\Native Instruments Controller Editor) (Version: - Native Instruments) Native Instruments Controller Editor (Version: 1.3.2.583 - Native Instruments) Hidden Native Instruments Service Center (HKLM-x32\...\Native Instruments Service Center) (Version: - Native Instruments) Native Instruments Service Center (Version: 2.2.5.596 - Native Instruments) Hidden Native Instruments Traktor (HKLM-x32\...\Native Instruments Traktor) (Version: - Native Instruments) Native Instruments Traktor (Version: 1.2.7.9529 - Native Instruments) Hidden Notepad++ (HKLM-x32\...\Notepad++) (Version: 5.8.6 - ) Nur Entfernen der CopyTrans Suite möglich (HKCU\...\CopyTrans Suite) (Version: 2.37 - WindSolutions) NVIDIA 3D Vision Controller-Treiber 296.10 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 296.10 - NVIDIA Corporation) NVIDIA 3D Vision Treiber 331.65 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 331.65 - NVIDIA Corporation) NVIDIA Grafiktreiber 331.65 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 331.65 - NVIDIA Corporation) NVIDIA Install Application (Version: 2.1002.133.889 - NVIDIA Corporation) Hidden NVIDIA PhysX (x32 Version: 9.12.0213 - NVIDIA Corporation) Hidden NVIDIA PhysX-Systemsoftware 9.12.0213 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.12.0213 - NVIDIA Corporation) NVIDIA Stereoscopic 3D Driver (x32 Version: 7.17.13.3165 - NVIDIA Corporation) Hidden NVIDIA Systemsteuerung 331.65 (Version: 331.65 - NVIDIA Corporation) Hidden NVIDIA Update 1.15.2 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 1.15.2 - NVIDIA Corporation) NVIDIA Update Components (Version: 1.15.2 - NVIDIA Corporation) Hidden Pando Media Booster (HKLM-x32\...\{980A182F-E0A2-4A40-94C1-AE0C1235902E}) (Version: 2.3.6.0 - Pando Networks Inc.) PDF Settings CC (x32 Version: 12.0 - Adobe Systems Incorporated) Hidden PDF24 Creator 6.2.0 (HKLM-x32\...\{81A6F461-0DBA-4F12-B56F-0E977EC10576}_is1) (Version: - PDF24.org) ph (x32 Version: 1.0.0 - Your Company Name) Hidden PunkBuster Services (HKLM-x32\...\PunkBusterSvc) (Version: 0.991 - Even Balance, Inc.) PVSonyDll (Version: 1.00.0001 - NVIDIA Corporation) Hidden PxMergeModule (x32 Version: 1.00.0000 - Your Company Name) Hidden Revo Uninstaller 1.95 (HKLM-x32\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group) SendBlaster 3 (HKLM-x32\...\{486575DF-CC13-4F89-8636-C2CC5BDA7246}) (Version: 003.001.00000 - eDisplay srl) Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version: - Microsoft) Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (x32 Version: - Microsoft) Hidden Sun ODF Plugin for Microsoft Office 3.2 (HKLM-x32\...\{BD136CE7-6666-4273-A056-8D92F8625AAB}) (Version: 3.2.9483 - Sun Microsystems) SuperMailer 7.51 (HKLM\...\Newsletter Software SuperMailer (x64)_is1) (Version: 7.51 - Mirko Boeer Softwareentwicklungen) System Requirements Lab (HKLM-x32\...\SystemRequirementsLab) (Version: - ) SYSTRAN (HKLM-x32\...\InstallShield_{4C94F105-81D0-4AFC-8F0A-38949DC07F65}) (Version: 6.00.10.17 - SYSTRAN) SYSTRAN (x32 Version: 6.00.10.17 - SYSTRAN) Hidden TeraCopy 2.12 (HKLM\...\TeraCopy_is1) (Version: - Code Sector Inc.) TreeSize Free V2.5 (HKLM-x32\...\TreeSize Free_is1) (Version: 2.5 - JAM Software) Ubisoft Game Launcher (HKLM-x32\...\{888F1505-C2B3-4FDE-835D-36353EBD4754}) (Version: 1.0.0.0 - UBISOFT) Uninstall 1.0.0.1 (HKLM-x32\...\Uninstall_is1) (Version: - ) Update for Microsoft Access 2010 (KB2553446) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{B4A38370-2ADB-46B0-A1B0-0C4A2F7DCA31}) (Version: - Microsoft) Update for Microsoft Filter Pack 2.0 (KB2837594) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{D3C85176-ACCC-4AF0-817D-1BC803303B74}) (Version: - Microsoft) Update for Microsoft Filter Pack 2.0 (KB2837594) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUS_{D3C85176-ACCC-4AF0-817D-1BC803303B74}) (Version: - Microsoft) Update for Microsoft InfoPath 2010 (KB2817369) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{4EEA3D3E-989C-4DF4-AB0A-3042C0C12AA3}) (Version: - Microsoft) Update for Microsoft InfoPath 2010 (KB2817396) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{39767ECA-1731-45DB-AB5B-6BF40E151D66}) (Version: - Microsoft) Update for Microsoft Office 2010 (KB2494150) (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{3FCFD88F-4D13-4F38-8625-ABABEA7F61EA}) (Version: - Microsoft) Update for Microsoft Office 2010 (KB2589298) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{DADF7E25-FFA4-4D02-BE84-1DAE62C18516}) (Version: - Microsoft) Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{F4284D93-7AE8-4309-8CF3-9AD394F35F3A}) (Version: - Microsoft) Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUS_{F4284D93-7AE8-4309-8CF3-9AD394F35F3A}) (Version: - Microsoft) Update for Microsoft Office 2010 (KB2589375) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{287A1E92-9E41-4BC1-8920-B3D0E9220800}) (Version: - Microsoft) Update for Microsoft Office 2010 (KB2597087) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{9D69691D-823D-4C3E-9B12-563A3F520366}) (Version: - Microsoft) Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{ECFE33A3-B8B7-439A-ADE4-59FBD29EF9B8}) (Version: - Microsoft) Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUS_{ECFE33A3-B8B7-439A-ADE4-59FBD29EF9B8}) (Version: - Microsoft) Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{35698CB7-AAA2-4577-B505-DBFF504AEF23}) (Version: - Microsoft) Update for Microsoft Office 2010 (KB2794737) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{5AA578BB-759C-40FD-9661-A737C0884541}) (Version: - Microsoft) Update for Microsoft Office 2010 (KB2825640) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{BA610006-2C39-4419-9834-CF61AB24810A}) (Version: - Microsoft) Update for Microsoft Office 2010 (KB2850079) 32-Bit Edition (HKLM-x32\...\{90140000-001F-0407-0000-0000000FF1CE}_Office14.PROPLUS_{C70D2038-A2C4-4A99-87DE-5272BB44F0CE}) (Version: - Microsoft) Update for Microsoft Office 2010 (KB2850079) 32-Bit Edition (HKLM-x32\...\{90140000-001F-040C-0000-0000000FF1CE}_Office14.PROPLUS_{82F87E28-B18E-46D6-A399-E2F19CF5949B}) (Version: - Microsoft) Update for Microsoft Office 2010 (KB2863818) 32-Bit Edition (HKLM-x32\...\{90140000-001F-0409-0000-0000000FF1CE}_Office14.PROPLUS_{83B1B530-7D9E-4C6A-907F-E979CEE9C295}) (Version: - Microsoft) Update for Microsoft Office 2010 (KB2878225) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{EFF5EBA3-40AD-4859-85E7-3C1CF4F297EB}) (Version: - Microsoft) Update for Microsoft OneNote 2010 (KB2837595) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{51CCA922-A0CC-47C4-8910-6936D97CAC2E}) (Version: - Microsoft) Update for Microsoft OneNote 2010 (KB2837595) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUS_{51CCA922-A0CC-47C4-8910-6936D97CAC2E}) (Version: - Microsoft) Update for Microsoft Outlook 2010 (KB2687567) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{2AB483F1-C86E-427A-83B4-23889B03512D}) (Version: - Microsoft) Update for Microsoft Outlook 2010 (KB2687567) 32-Bit Edition (HKLM-x32\...\{90140000-001A-0407-0000-0000000FF1CE}_Office14.PROPLUS_{A0657506-69DC-44AE-8DC1-58E7C6F5B1C9}) (Version: - Microsoft) Update for Microsoft PowerPoint 2010 (KB2553145) 32-Bit Edition (HKLM-x32\...\{90140000-0018-0407-0000-0000000FF1CE}_Office14.PROPLUS_{81812245-FC84-426A-BC02-6659C88CC7B2}) (Version: - Microsoft) Update for Microsoft PowerPoint 2010 (KB2775360) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{80F56E3F-1D47-4E45-B6E0-FEF4E919F4F9}) (Version: - Microsoft) Update for Microsoft SharePoint Workspace 2010 (KB2760601) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{F9F5A080-AF38-4966-9A6B-C43DCA465035}) (Version: - Microsoft) Update for Microsoft SharePoint Workspace 2010 (KB2760601) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUS_{F9F5A080-AF38-4966-9A6B-C43DCA465035}) (Version: - Microsoft) Update for Microsoft Visio 2010 (KB2878227) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{5D357893-40BA-4323-86BA-D97C66CD72F4}) (Version: - Microsoft) Update for Microsoft Visio Viewer 2010 (KB2810066) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{8C55AA83-54C2-4236-A622-78440A411DC5}) (Version: - Microsoft) Update for Microsoft Word 2010 (KB2837593) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{E78E2B68-8FD1-42EE-BB74-99A4D9E6222D}) (Version: - Microsoft) Updater (HKLM-x32\...\{D54E3D9F-FEB8-4D2D-A138-B69A5C80080B}) (Version: 2.6.53 - Creative Island Media, LLC) <==== ATTENTION USB Safely Remove 4.2 (HKLM-x32\...\USB Safely Remove_is1) (Version: - SafelyRemove.com) V-bates 2.0.0.438 (HKLM\...\{21EAF666-26B3-4a3c-ABD0-CA2F5A326744}_is1) (Version: 2.0.0.438 - Southstarco) <==== ATTENTION VC80CRTRedist - 8.0.50727.6195 (x32 Version: 1.2.0 - DivX, Inc) Hidden Vector Magic (HKLM-x32\...\Vector Magic) (Version: 1.15 - Vector Magic, Inc.) Virtual DJ - Atomix Productions (HKLM-x32\...\Virtual DJ - Atomix Productions) (Version: - ) Virtual DJ Pro Full - Atomix Productions (HKLM-x32\...\Virtual DJ Pro Full - Atomix Productions) (Version: - ) Winamp (HKLM-x32\...\Winamp) (Version: 5.65 - Nullsoft, Inc) Winamp Erkennungs-Plug-in (HKCU\...\Winamp Detect) (Version: 1.0.0.1 - Nullsoft, Inc) WinCDEmu (HKLM-x32\...\WinCDEmu) (Version: 3.3 - Bazis) Windows Live Communications Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3538.0513 - Microsoft Corporation) Windows Live Essentials (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live Family Safety (Version: 15.4.3538.0513 - Microsoft Corporation) Hidden Windows Live Fotogalerie (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live ID Sign-in Assistant (Version: 7.250.4232.0 - Microsoft Corporation) Hidden Windows Live Installer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live Language Selector (Version: 15.4.3538.0513 - Microsoft Corporation) Hidden Windows Live Mail (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live Mesh (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live Mesh ActiveX control for remote connections (HKLM-x32\...\{C5398A89-516C-4DAF-BA07-EE7949090E56}) (Version: 15.4.5722.2 - Microsoft Corporation) Windows Live Messenger (x32 Version: 15.4.3538.0513 - Microsoft Corporation) Hidden Windows Live Messenger Companion Core (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live MIME IFilter (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live Movie Maker (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live Photo Common (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live Photo Gallery (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live PIMT Platform (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden Windows Live Remote Client (Version: 15.4.5722.2 - Microsoft Corporation) Hidden Windows Live Remote Client Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden Windows Live Remote Service (Version: 15.4.5722.2 - Microsoft Corporation) Hidden Windows Live Remote Service Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden Windows Live SOXE (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live SOXE Definitions (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live UX Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live UX Platform Language Pack (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden Windows Live Writer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live Writer Resources (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Media Player Firefox Plugin (HKLM-x32\...\{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}) (Version: 1.0.0.8 - Microsoft Corp) WinPcap 4.1.2 (HKLM-x32\...\WinPcapInst) (Version: 4.1.0.2001 - CACE Technologies) WinRAR 5.00 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.00.0 - win.rar GmbH) Wondershare Streaming Audio Recorder(Build 2.2.0) (HKLM-x32\...\Wondershare Streaming Audio Recorder_is1) (Version: 2.2.0.4 - Wondershare Software) Yahoo! Detect (HKLM-x32\...\YTdetect) (Version: - ) YTD Video Downloader 4.7.1 (HKLM-x32\...\{1a413f37-ed88-4fec-9666-5c48dc4b7bb7}) (Version: 4.7.1 - GreenTree Applications SRL) ==================== Restore Points ========================= ==================== Hosts content: ========================== 2009-07-14 04:34 - 2013-03-15 18:02 - 00000147 ____A C:\Windows\system32\Drivers\etc\hosts 127.0.0.1 localhost ::1 localhost ==================== Scheduled Tasks (whitelisted) ============= Task: {123C0ACA-B260-4A67-92C3-72B112C07AFA} - System32\Tasks\Microsoft\Windows\WindowsBackup\AutomaticBackup => Rundll32.exe /d sdengin2.dll,ExecuteScheduledBackup Task: {3E14F0DC-23D6-4CFA-967E-549C5267E4B9} - System32\Tasks\Microsoft\Windows Defender\MP Scheduled Scan => c:\program files\windows defender\MpCmdRun.exe Task: {3EE61E02-E2EB-4BFD-BABE-D49C395C2A51} - \Express FilesUpdate No Task File Task: {4D6671CE-900E-4492-A129-AC8BDE6D15DC} - System32\Tasks\Microsoft\Windows Defender\MpIdleTask => c:\program files\windows defender\MpCmdRun.exe Task: {54EA862A-5146-4F9C-92C6-6C9C1CEF1506} - System32\Tasks\{7A1478C6-4EE8-4266-9D9D-EA01276641DB} => C:\Program Files (x86)\Skype\\Phone\Skype.exe Task: {58093DAE-EADB-4F6E-A4A2-140D87E49059} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-01-21] (Piriform Ltd) Task: {6223E795-46B9-4349-BC4F-869E34E9C388} - System32\Tasks\FF Watcher {BF8D2DBC-4BCB-4AF7-ABAB-3BEFE2C84DF8} => C:\Program Files\V-bates\PrefHelper.exe Task: {7E9010E2-2736-40CF-9187-F7F3D7B6C9B9} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-03-19] (Google Inc.) Task: {A4C94326-C6A3-48F0-885C-BFA85DD1F6CC} - System32\Tasks\Launch HTC Sync Loader => C:\Program Files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe Task: {A7955A71-1869-4538-984B-D9E03C24E83C} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-03-19] (Google Inc.) Task: {DB31A7AF-AA5D-4E98-BB07-30F7A19472FA} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.) Task: {DD57E3B5-8620-4532-B128-9F680A2D22C8} - System32\Tasks\SidebarExecute => C:\Program Files (x86)\Windows Sidebar\sidebar.exe [2010-11-20] (Microsoft Corporation) Task: {E4472E07-90A0-4D1A-B62E-9CA0879A81FC} - \Your File Updater No Task File Task: {F354A7DA-6B1D-48DA-95FF-EE4A7712FA77} - System32\Tasks\AdobeAAMUpdater-1.0-Kitte-PC-Kitte => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2013-12-10] (Adobe Systems Incorporated) Task: C:\Windows\Tasks\FF Watcher {BF8D2DBC-4BCB-4AF7-ABAB-3BEFE2C84DF8}.job => C:\Program Files\V-bates\PrefHelper.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe ==================== Loaded Modules (whitelisted) ============= 2011-03-04 16:23 - 2009-11-26 09:59 - 00532280 _____ () C:\Program Files (x86)\USB Safely Remove\USBSRService.exe 2007-01-15 11:52 - 2007-01-15 11:52 - 00022016 _____ () C:\Windows\System32\cx21sl6.dll 2012-03-16 16:10 - 2013-10-23 10:20 - 00102176 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll 2011-11-17 01:14 - 2011-11-17 01:33 - 00075136 _____ () C:\Windows\SysWOW64\PnkBstrA.exe 2013-09-05 01:17 - 2013-09-05 01:17 - 04300456 _____ () C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF 2010-01-02 16:42 - 2010-01-02 16:42 - 00098304 _____ () C:\Program Files (x86)\FileZilla FTP Client\fzshellext_64.dll 2010-11-08 17:15 - 2010-11-08 17:15 - 00301568 _____ () C:\Program Files (x86)\Notepad++\NppShell_04.dll 2011-03-04 16:23 - 2009-11-26 09:59 - 01521488 _____ () C:\Program Files (x86)\USB Safely Remove\USBSafelyRemove.exe 2012-08-30 23:23 - 2012-08-30 23:23 - 00459192 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\dblite.dll 2013-09-05 01:14 - 2013-09-05 01:14 - 04300456 _____ () C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF 2012-08-30 23:24 - 2012-08-30 23:24 - 02126264 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\QtCore4.dll 2012-08-30 23:24 - 2012-08-30 23:24 - 07422392 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\QtGui4.dll 2012-08-30 23:24 - 2012-08-30 23:24 - 02453944 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\QtDeclarative4.dll 2012-08-30 23:24 - 2012-08-30 23:24 - 01270200 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\QtScript4.dll 2012-08-30 23:24 - 2012-08-30 23:24 - 00192952 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\QtSql4.dll 2012-08-30 23:24 - 2012-08-30 23:24 - 00795064 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\QtNetwork4.dll 2011-09-05 20:36 - 2011-09-05 20:36 - 00025088 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\imageformats\qgif4.dll 2011-09-05 20:36 - 2011-09-05 20:36 - 00180224 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\imageformats\qjpeg4.dll 2010-10-25 16:15 - 2010-10-25 16:15 - 00019968 _____ () C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\locale\de_de\acrotray.deu 2014-03-19 20:29 - 2014-03-15 02:50 - 00051016 _____ () C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.154\chrome_elf.dll 2014-02-11 21:29 - 2014-02-11 21:29 - 00093696 _____ () C:\Program Files (x86)\FileZilla FTP Client\fzshellext.dll 2014-03-19 20:29 - 2014-03-15 02:50 - 04061000 _____ () C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.154\pdf.dll 2014-03-19 20:29 - 2014-03-15 02:50 - 00394568 _____ () C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.154\ppGoogleNaClPluginChrome.dll 2014-03-19 20:29 - 2014-03-15 02:50 - 01647432 _____ () C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.154\ffmpegsumo.dll 2014-03-10 19:06 - 2014-03-10 19:06 - 04591616 _____ () C:\Users\Kitte\AppData\Local\Google\Chrome\User Data\SwiftShader\1.0.5.0\libglesv2.dll 2014-03-10 19:06 - 2014-03-10 19:06 - 00112128 _____ () C:\Users\Kitte\AppData\Local\Google\Chrome\User Data\SwiftShader\1.0.5.0\libegl.dll 2013-03-13 14:42 - 2013-05-16 12:38 - 00071560 _____ () C:\Program Files (x86)\Common Files\Adobe\CEPServiceManager4\zlib1.dll 2013-04-19 02:19 - 2013-04-19 02:19 - 00249208 _____ () C:\Program Files (x86)\Adobe\Adobe Dreamweaver CC\libcurl.dll 2013-04-19 02:19 - 2013-04-19 02:19 - 00166264 _____ () C:\Program Files (x86)\Adobe\Adobe Dreamweaver CC\SSLEAY32.dll 2013-04-19 00:02 - 2013-04-19 00:02 - 00843776 _____ () C:\Program Files (x86)\Adobe\Adobe Dreamweaver CC\LIBEAY32.dll 2013-04-19 02:19 - 2013-04-19 02:19 - 00074616 _____ () C:\Program Files (x86)\Adobe\Adobe Dreamweaver CC\AlcidDLL.dll 2013-04-19 02:19 - 2013-04-19 02:19 - 00022392 _____ () C:\Program Files (x86)\Adobe\Adobe Dreamweaver CC\DWLog.dll 2013-04-19 02:19 - 2013-04-19 02:19 - 00607608 _____ () C:\Program Files (x86)\Adobe\Adobe Dreamweaver CC\c4lib.dll 2013-04-19 02:19 - 2013-04-19 02:19 - 00162680 _____ () C:\Program Files (x86)\Adobe\Adobe Dreamweaver CC\LaunchEM.dll 2013-04-19 02:19 - 2013-04-19 02:19 - 00052088 _____ () C:\Program Files (x86)\Adobe\Adobe Dreamweaver CC\TitanVistaFileDialog.dll 2013-04-19 02:19 - 2013-04-19 02:19 - 00707960 _____ () C:\Program Files (x86)\Adobe\Adobe Dreamweaver CC\Workspace.dll 2013-04-19 02:19 - 2013-04-19 02:19 - 00661880 _____ () C:\Program Files (x86)\Adobe\Adobe Dreamweaver CC\Configuration\KnowledgeEngines\JS_KnowledgeEngine.dll 2013-04-19 02:19 - 2013-04-19 02:19 - 00641400 _____ () C:\Program Files (x86)\Adobe\Adobe Dreamweaver CC\Configuration\KnowledgeEngines\PHP_KnowledgeEngine.dll ==================== Alternate Data Streams (whitelisted) ========= AlternateDataStreams: C:\ProgramData\TEMP:373E1720 AlternateDataStreams: C:\ProgramData\TEMP:90EF0C9C AlternateDataStreams: C:\Users\Kitte\Cookies:8uBHtumwEPFVrNr6HKGXMaHUDjBz AlternateDataStreams: C:\Users\Kitte\AppData\Local\lHX8ZAx771C3:aUxCP7h2Bi8mcXxgXdnIzy ==================== Safe Mode (whitelisted) =================== ==================== Disabled items from MSCONFIG ============== MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Microsoft Office.lnk => C:\Windows\pss\Microsoft Office.lnk.CommonStartup MSCONFIG\startupreg: Acrobat Assistant 8.0 => "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe" MSCONFIG\startupreg: Adobe Acrobat Speed Launcher => "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe" MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" MSCONFIG\startupreg: AdobeAAMUpdater-1.0 => "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" MSCONFIG\startupreg: AdobeCS6ServiceManager => "C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" -launchedbylogin MSCONFIG\startupreg: ApplePhotoStreams => C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe MSCONFIG\startupreg: APSDaemon => "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" MSCONFIG\startupreg: BCSSync => "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices MSCONFIG\startupreg: iCloudServices => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe MSCONFIG\startupreg: iTunesHelper => "C:\Program Files (x86)\iTunes\iTunesHelper.exe" MSCONFIG\startupreg: PDFPrint => C:\Program Files (x86)\PDF24\pdf24.exe MSCONFIG\startupreg: Skype => "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun MSCONFIG\startupreg: Updater => C:\ProgramData\Updater\Updater.exe MSCONFIG\startupreg: uTorrent => "C:\Program Files (x86)\uTorrent\uTorrent.exe" /MINIMIZED ==================== Faulty Device Manager Devices ============= Name: Officejet 6500 E710a-f Description: Officejet 6500 E710a-f Class Guid: {4d36e971-e325-11ce-bfc1-08002be10318} Manufacturer: HP Service: Problem: : This device is disabled. (Code 22) Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions. ==================== Event log errors: ========================= Application errors: ================== Error: (04/01/2014 09:19:12 PM) (Source: SideBySide) (User: ) Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3. Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion. In Konflikt stehende Komponenten:. Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest. Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest. Error: (04/01/2014 03:53:10 PM) (Source: Application Hang) (User: ) Description: Programm Dreamweaver.exe, Version 13.0.0.6390 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: 3f4 Startzeit: 01cf4d99e0440960 Endzeit: 47 Anwendungspfad: C:\Program Files (x86)\Adobe\Adobe Dreamweaver CC\Dreamweaver.exe Berichts-ID: b7cc7db1-b9a4-11e3-b473-001d60be7f00 Error: (04/01/2014 03:22:16 AM) (Source: Application Error) (User: ) Description: Name der fehlerhaften Anwendung: SearchIndexer.exe, Version: 7.0.7601.17610, Zeitstempel: 0x4dc0d019 Name des fehlerhaften Moduls: MSSRCH.DLL, Version: 7.0.7601.17610, Zeitstempel: 0x4dc0e0c8 Ausnahmecode: 0xc0000005 Fehleroffset: 0x0000000000057d10 ID des fehlerhaften Prozesses: 0xd54 Startzeit der fehlerhaften Anwendung: 0xSearchIndexer.exe0 Pfad der fehlerhaften Anwendung: SearchIndexer.exe1 Pfad des fehlerhaften Moduls: SearchIndexer.exe2 Berichtskennung: SearchIndexer.exe3 Error: (04/01/2014 03:20:39 AM) (Source: Application Error) (User: ) Description: Name der fehlerhaften Anwendung: SearchIndexer.exe, Version: 7.0.7601.17610, Zeitstempel: 0x4dc0d019 Name des fehlerhaften Moduls: MSSRCH.DLL, Version: 7.0.7601.17610, Zeitstempel: 0x4dc0e0c8 Ausnahmecode: 0xc0000005 Fehleroffset: 0x0000000000057d10 ID des fehlerhaften Prozesses: 0x900 Startzeit der fehlerhaften Anwendung: 0xSearchIndexer.exe0 Pfad der fehlerhaften Anwendung: SearchIndexer.exe1 Pfad des fehlerhaften Moduls: SearchIndexer.exe2 Berichtskennung: SearchIndexer.exe3 Error: (04/01/2014 03:20:28 AM) (Source: Application Error) (User: ) Description: Name der fehlerhaften Anwendung: SearchIndexer.exe, Version: 7.0.7601.17610, Zeitstempel: 0x4dc0d019 Name des fehlerhaften Moduls: MSSRCH.DLL, Version: 7.0.7601.17610, Zeitstempel: 0x4dc0e0c8 Ausnahmecode: 0xc0000005 Fehleroffset: 0x0000000000057d10 ID des fehlerhaften Prozesses: 0xd30 Startzeit der fehlerhaften Anwendung: 0xSearchIndexer.exe0 Pfad der fehlerhaften Anwendung: SearchIndexer.exe1 Pfad des fehlerhaften Moduls: SearchIndexer.exe2 Berichtskennung: SearchIndexer.exe3 Error: (04/01/2014 03:20:06 AM) (Source: Application Error) (User: ) Description: Name der fehlerhaften Anwendung: SearchIndexer.exe, Version: 7.0.7601.17610, Zeitstempel: 0x4dc0d019 Name des fehlerhaften Moduls: MSSRCH.DLL, Version: 7.0.7601.17610, Zeitstempel: 0x4dc0e0c8 Ausnahmecode: 0xc0000005 Fehleroffset: 0x0000000000057d10 ID des fehlerhaften Prozesses: 0x9f0 Startzeit der fehlerhaften Anwendung: 0xSearchIndexer.exe0 Pfad der fehlerhaften Anwendung: SearchIndexer.exe1 Pfad des fehlerhaften Moduls: SearchIndexer.exe2 Berichtskennung: SearchIndexer.exe3 Error: (04/01/2014 03:15:42 AM) (Source: Application Error) (User: ) Description: Name der fehlerhaften Anwendung: SearchIndexer.exe, Version: 7.0.7601.17610, Zeitstempel: 0x4dc0d019 Name des fehlerhaften Moduls: MSSRCH.DLL, Version: 7.0.7601.17610, Zeitstempel: 0x4dc0e0c8 Ausnahmecode: 0xc0000005 Fehleroffset: 0x0000000000057d10 ID des fehlerhaften Prozesses: 0x780 Startzeit der fehlerhaften Anwendung: 0xSearchIndexer.exe0 Pfad der fehlerhaften Anwendung: SearchIndexer.exe1 Pfad des fehlerhaften Moduls: SearchIndexer.exe2 Berichtskennung: SearchIndexer.exe3 Error: (04/01/2014 02:15:45 AM) (Source: Application Error) (User: ) Description: Name der fehlerhaften Anwendung: SearchIndexer.exe, Version: 7.0.7601.17610, Zeitstempel: 0x4dc0d019 Name des fehlerhaften Moduls: MSSRCH.DLL, Version: 7.0.7601.17610, Zeitstempel: 0x4dc0e0c8 Ausnahmecode: 0xc0000005 Fehleroffset: 0x0000000000057d10 ID des fehlerhaften Prozesses: 0xc24 Startzeit der fehlerhaften Anwendung: 0xSearchIndexer.exe0 Pfad der fehlerhaften Anwendung: SearchIndexer.exe1 Pfad des fehlerhaften Moduls: SearchIndexer.exe2 Berichtskennung: SearchIndexer.exe3 Error: (04/01/2014 02:01:36 AM) (Source: Application Error) (User: ) Description: Name der fehlerhaften Anwendung: SearchIndexer.exe, Version: 7.0.7601.17610, Zeitstempel: 0x4dc0d019 Name des fehlerhaften Moduls: MSSRCH.DLL, Version: 7.0.7601.17610, Zeitstempel: 0x4dc0e0c8 Ausnahmecode: 0xc0000005 Fehleroffset: 0x0000000000057d10 ID des fehlerhaften Prozesses: 0xfe0 Startzeit der fehlerhaften Anwendung: 0xSearchIndexer.exe0 Pfad der fehlerhaften Anwendung: SearchIndexer.exe1 Pfad des fehlerhaften Moduls: SearchIndexer.exe2 Berichtskennung: SearchIndexer.exe3 Error: (04/01/2014 02:00:13 AM) (Source: Application Error) (User: ) Description: Name der fehlerhaften Anwendung: SearchIndexer.exe, Version: 7.0.7601.17610, Zeitstempel: 0x4dc0d019 Name des fehlerhaften Moduls: MSSRCH.DLL, Version: 7.0.7601.17610, Zeitstempel: 0x4dc0e0c8 Ausnahmecode: 0xc0000005 Fehleroffset: 0x0000000000057d10 ID des fehlerhaften Prozesses: 0x97c Startzeit der fehlerhaften Anwendung: 0xSearchIndexer.exe0 Pfad der fehlerhaften Anwendung: SearchIndexer.exe1 Pfad des fehlerhaften Moduls: SearchIndexer.exe2 Berichtskennung: SearchIndexer.exe3 System errors: ============= Error: (04/01/2014 11:03:07 AM) (Source: volsnap) (User: ) Description: Die Schattenkopien von Volume "C:" wurden abgebrochen, weil der Schattenkopiespeicher nicht auf ein benutzerdefiniertes Limit vergrößert werden konnte. Error: (04/01/2014 10:48:57 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (User: NT-AUTORITÄT) Description: Installationsfehler: Die Installation des folgenden Updates ist mit Fehler 0x80070643 fehlgeschlagen: Definition Update for Windows Defender - KB915597 (Definition 1.169.1377.0) Error: (04/01/2014 10:45:03 AM) (Source: Service Control Manager) (User: ) Description: Der Dienst "WinDefend" wurde mit folgendem Fehler beendet: %%-2147024894 Error: (04/01/2014 10:44:51 AM) (Source: DCOM) (User: NT-AUTORITÄT) Description: AnwendungsspezifischLokalStart{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT-AUTORITÄTSYSTEMS-1-5-18LocalHost (unter Verwendung von LRPC) Error: (04/01/2014 10:43:56 AM) (Source: DCOM) (User: ) Description: "C:\Program Files (x86)\Common Files\InstallShield\UpdateService\agent.exe" -Embedding740{FFF2D28F-E4EE-44D9-8104-8E71556757F6} Error: (04/01/2014 10:42:56 AM) (Source: Service Control Manager) (User: ) Description: Der Dienst "SBSD Security Center Service" wurde aufgrund folgenden Fehlers nicht gestartet: %%2 Error: (04/01/2014 03:22:17 AM) (Source: Service Control Manager) (User: ) Description: Dienst "Windows Search" wurde unerwartet beendet. Dies ist bereits 67 Mal passiert. Error: (04/01/2014 03:20:39 AM) (Source: Service Control Manager) (User: ) Description: Dienst "Windows Search" wurde unerwartet beendet. Dies ist bereits 66 Mal passiert. Error: (04/01/2014 03:20:28 AM) (Source: Service Control Manager) (User: ) Description: Dienst "Windows Search" wurde unerwartet beendet. Dies ist bereits 65 Mal passiert. Error: (04/01/2014 03:20:07 AM) (Source: Service Control Manager) (User: ) Description: Dienst "Windows Search" wurde unerwartet beendet. Dies ist bereits 64 Mal passiert. Microsoft Office Sessions: ========================= Error: (04/01/2014 09:19:12 PM) (Source: SideBySide)(User: ) Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Users\Kitte\Downloads\PC Reinigung\esetsmartinstaller_enu.exe Error: (04/01/2014 03:53:10 PM) (Source: Application Hang)(User: ) Description: Dreamweaver.exe13.0.0.63903f401cf4d99e044096047C:\Program Files (x86)\Adobe\Adobe Dreamweaver CC\Dreamweaver.exeb7cc7db1-b9a4-11e3-b473-001d60be7f00 Error: (04/01/2014 03:22:16 AM) (Source: Application Error)(User: ) Description: SearchIndexer.exe7.0.7601.176104dc0d019MSSRCH.DLL7.0.7601.176104dc0e0c8c00000050000000000057d10d5401cf4d48d0f98030C:\Windows\system32\SearchIndexer.exeC:\Windows\system32\MSSRCH.DLL0f7810b0-b93c-11e3-87e4-001d60be7f00 Error: (04/01/2014 03:20:39 AM) (Source: Application Error)(User: ) Description: SearchIndexer.exe7.0.7601.176104dc0d019MSSRCH.DLL7.0.7601.176104dc0e0c8c00000050000000000057d1090001cf4d4894b86410C:\Windows\system32\SearchIndexer.exeC:\Windows\system32\MSSRCH.DLLd54fe980-b93b-11e3-87e4-001d60be7f00 Error: (04/01/2014 03:20:28 AM) (Source: Application Error)(User: ) Description: SearchIndexer.exe7.0.7601.176104dc0d019MSSRCH.DLL7.0.7601.176104dc0e0c8c00000050000000000057d10d3001cf4d488f253c80C:\Windows\system32\SearchIndexer.exeC:\Windows\system32\MSSRCH.DLLced2d720-b93b-11e3-87e4-001d60be7f00 Error: (04/01/2014 03:20:06 AM) (Source: Application Error)(User: ) Description: SearchIndexer.exe7.0.7601.176104dc0d019MSSRCH.DLL7.0.7601.176104dc0e0c8c00000050000000000057d109f001cf4d4882bf4170C:\Windows\system32\SearchIndexer.exeC:\Windows\system32\MSSRCH.DLLc1fae060-b93b-11e3-87e4-001d60be7f00 Error: (04/01/2014 03:15:42 AM) (Source: Application Error)(User: ) Description: SearchIndexer.exe7.0.7601.176104dc0d019MSSRCH.DLL7.0.7601.176104dc0e0c8c00000050000000000057d1078001cf4d47e5353540C:\Windows\system32\SearchIndexer.exeC:\Windows\system32\MSSRCH.DLL2430bdf0-b93b-11e3-87e4-001d60be7f00 Error: (04/01/2014 02:15:45 AM) (Source: Application Error)(User: ) Description: SearchIndexer.exe7.0.7601.176104dc0d019MSSRCH.DLL7.0.7601.176104dc0e0c8c00000050000000000057d10c2401cf4d3f83825970C:\Windows\system32\SearchIndexer.exeC:\Windows\system32\MSSRCH.DLLc41460a0-b932-11e3-87e4-001d60be7f00 Error: (04/01/2014 02:01:36 AM) (Source: Application Error)(User: ) Description: SearchIndexer.exe7.0.7601.176104dc0d019MSSRCH.DLL7.0.7601.176104dc0e0c8c00000050000000000057d10fe001cf4d3d88c5c540C:\Windows\system32\SearchIndexer.exeC:\Windows\system32\MSSRCH.DLLca229680-b930-11e3-87e4-001d60be7f00 Error: (04/01/2014 02:00:13 AM) (Source: Application Error)(User: ) Description: SearchIndexer.exe7.0.7601.176104dc0d019MSSRCH.DLL7.0.7601.176104dc0e0c8c00000050000000000057d1097c01cf4d3d5611e1b0C:\Windows\system32\SearchIndexer.exeC:\Windows\system32\MSSRCH.DLL989f1ca0-b930-11e3-87e4-001d60be7f00 CodeIntegrity Errors: =================================== Date: 2014-03-27 06:34:07.001 Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\srv.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert. Date: 2014-03-27 06:34:06.533 Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\srv.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert. Date: 2014-03-27 06:34:05.737 Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\srv.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert. Date: 2014-03-27 06:34:05.254 Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\srv.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert. Date: 2014-03-27 06:34:04.770 Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\srv.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert. Date: 2014-03-27 06:34:04.333 Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\srv.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert. Date: 2014-03-27 06:34:01.400 Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\srv.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert. Date: 2014-03-27 06:34:00.886 Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\srv.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert. Date: 2014-03-27 06:34:00.371 Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\srv.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert. Date: 2014-03-27 06:33:59.887 Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\srv.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert. ==================== Memory info =========================== Percentage of memory in use: 36% Total physical RAM: 6142.54 MB Available physical RAM: 3883.05 MB Total Pagefile: 12283.27 MB Available Pagefile: 7097.66 MB Total Virtual: 8192 MB Available Virtual: 8191.84 MB ==================== Drives ================================ Drive c: (Windows) (Fixed) (Total:97.56 GB) (Free:1.6 GB) NTFS Drive d: () (Fixed) (Total:244.14 GB) (Free:103.41 GB) NTFS Drive e: () (Fixed) (Total:254.38 GB) (Free:21.57 GB) NTFS Drive g: (VICTORY) (Removable) (Total:3.91 GB) (Free:1.79 GB) FAT32 ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or 8) (Size: 596 GB) (Disk ID: AAED5501) Partition: GPT Partition Type. ======================================================== Disk: 1 (Size: 4 GB) (Disk ID: A8F60221) Partition: GPT Partition Type. ==================== End Of Log ============================ |
01.04.2014, 22:32 | #8 |
/// TB-Ausbilder /// Anleitungs-Guru | Trojan-Ransom.Win32.Blocker.cbsn & Trojan-Spy.Win.32.Zbot.nsur eingefangen -.- OK, gut gemacht. Schau mal bitte ob Du mit dieser Anleitung auch die Kaspersky-Logs finden kannst. Dann als Berichte.txt abspeichern und hier in Code-Tags posten.
__________________ Gruß deeprybka Lob, Kritik, Wünsche? Spende fürs trojaner-board? _______________________________________________ „Neminem laede, immo omnes, quantum potes, iuva.“ Arthur Schopenhauer |
01.04.2014, 22:37 | #9 |
| Trojan-Ransom.Win32.Blocker.cbsn & Trojan-Spy.Win.32.Zbot.nsur eingefangen -.- OK, hab ich nach deiner Anleitung gemacht: Code:
ATTFilter Typ: trojanisches Programm (Ereignisse: 11) Backdoor.Win32.Androm.cue Gefunden; nicht verarbeitet 01.04.2014 21:55:50 Backdoor.Win32.Androm.cue Nicht definiert 01.04.2014 21:55:50 Trojan-Ransom.Win32.Blocker.cavm Gefunden; nicht verarbeitet 01.04.2014 21:30:09 Trojan-Ransom.Win32.Blocker.cavm Nicht definiert 01.04.2014 21:30:09 Trojan-Ransom.Win32.Blocker.cbsn Gefunden; nicht verarbeitet 01.04.2014 21:33:32 Trojan-Ransom.Win32.Blocker.cbsn Nicht definiert 01.04.2014 21:33:32 Trojan-Spy.Win32.Zbot.mafo Gefunden; nicht verarbeitet 01.04.2014 20:48:06 Trojan-Spy.Win32.Zbot.mafo Nicht definiert 01.04.2014 20:48:06 Trojan-Spy.Win32.Zbot.mafo Gefunden; nicht verarbeitet 01.04.2014 20:48:06 Trojan-Spy.Win32.Zbot.nsur Gefunden; nicht verarbeitet 01.04.2014 21:14:35 Trojan-Spy.Win32.Zbot.nsur Nicht definiert 01.04.2014 21:14:35 |
01.04.2014, 22:41 | #10 |
| Trojan-Ransom.Win32.Blocker.cbsn & Trojan-Spy.Win.32.Zbot.nsur eingefangen -.- Wenn ich die einzelne Gefundene Objekte anklicke steht unter dem Fester noch Objekt: und ein Pfad dahinter.... siehe Anhnag |
01.04.2014, 22:42 | #11 |
/// TB-Ausbilder /// Anleitungs-Guru | Trojan-Ransom.Win32.Blocker.cbsn & Trojan-Spy.Win.32.Zbot.nsur eingefangen -.- Ok, das reicht mir... schaue die Logs durch und melde mich wieder mit weiteren Anweisungen.... Gute Nacht und Danke
__________________ Gruß deeprybka Lob, Kritik, Wünsche? Spende fürs trojaner-board? _______________________________________________ „Neminem laede, immo omnes, quantum potes, iuva.“ Arthur Schopenhauer |
02.04.2014, 09:21 | #12 |
/// TB-Ausbilder /// Anleitungs-Guru | Trojan-Ransom.Win32.Blocker.cbsn & Trojan-Spy.Win.32.Zbot.nsur eingefangen -.- Guten Morgen... Wir machen so weiter.... Schritt 1 Alle Funde etc. von Kaspersky löschen bzw. in Quarantäne verschieben lassen. Dubiose Emails immer löschen, keine Anhänge von unbekannten Absendern öffnen. Schritt 2 Bitte deinstalliere über die Windows-Systemsteuerung folgende Programme: V-bates 2.0.0.438 Updater FileParade bundle uninstaller Sollte es Probleme geben, lade Dir bitte Revo hier herunter. Starte Revo und suche im Uninstallerfeld nach den oben angegebenen Programmen. Klicke dann auf Uninstall. Wähle dann den Modus wie auf dem Bild gezeigt. (Bild durch Anklicken vergrößerbar) Solltest Du diese nicht im Uninstallerfeld finden, ist es nicht schlimm. Mach einfach weiter mit Schritt 3 Aktualisiere die Datenbanken (Bild durch Anklicken vergrößerbar) und mach bitte einen Quickscan mit Malwarebytes Antimalware. Lass am Ende des Suchlaufs alle Funde (falls vorhanden) in die Quarantäne verschieben. Poste mir den Inhalt der Logdatei. Schritt 4 Downloade Dir bitte AdwCleaner auf deinen Desktop.
Schritt 5 ESET Online Scanner
Schritt 6 Bitte starte FRST erneut, setze den Haken auch bei Addition.txt und drücke auf Scan. Bitte poste mir die Inhalte der Logs von MBAM, Adwarecleaner, ESET und FRST hier in den Thread.
__________________ Gruß deeprybka Lob, Kritik, Wünsche? Spende fürs trojaner-board? _______________________________________________ „Neminem laede, immo omnes, quantum potes, iuva.“ Arthur Schopenhauer |
02.04.2014, 13:41 | #13 |
| Trojan-Ransom.Win32.Blocker.cbsn & Trojan-Spy.Win.32.Zbot.nsur eingefangen -.- Bin gerade beim ESET Online Scanner, sobald ich alles fertig habe, poste ich die LOGS. Bisher hab ich alles kapiert *grins* ) |
02.04.2014, 13:45 | #14 |
/// TB-Ausbilder /// Anleitungs-Guru | Trojan-Ransom.Win32.Blocker.cbsn & Trojan-Spy.Win.32.Zbot.nsur eingefangen -.- Prima!
__________________ Gruß deeprybka Lob, Kritik, Wünsche? Spende fürs trojaner-board? _______________________________________________ „Neminem laede, immo omnes, quantum potes, iuva.“ Arthur Schopenhauer |
03.04.2014, 12:03 | #15 |
| Trojan-Ransom.Win32.Blocker.cbsn & Trojan-Spy.Win.32.Zbot.nsur eingefangen -.- Moin Der Eset Scanner is glaub ich a. 9h gelaufen oO als ich heute morgen am Rechner hab ich Vollhorst bei ca85 Prozent auf STOP gedrückt.... grummel Muss den nochmal durchlaufen lassen oder soll ich dir den LOG bis dahin posten ? bzw. den Mbam und Adw Cleaner LOG ? |
Themen zu Trojan-Ransom.Win32.Blocker.cbsn & Trojan-Spy.Win.32.Zbot.nsur eingefangen -.- |
adobe, adobe after effects, amazon-icon, bho, bonjour, browser, error, excel, explorer, firefox, format, ftp, google, helper, home, hängen, kaspersky, logfile, mp3, nvidia, preferences, registry, scan, senden, tastatur, temp, usb, windows |