| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Trojan-Ransom.Win32.Blocker.cbsn & Trojan-Spy.Win.32.Zbot.nsur eingefangen -.-Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
01.04.2014, 20:57
| #1 |
 |  Trojan-Ransom.Win32.Blocker.cbsn & Trojan-Spy.Win.32.Zbot.nsur eingefangen -.- Moin... Ich hab Probleme mit Trojaner... Ich benutzer Kaspersky PUR 2.0 und der hat heute angeschlagen und mehrer Trojaner gefunden... Ich denke mal über Mail... Ich benutze Thunderbird und hab auch keine Ahnung wo die Dinger herkommen -.- Kaspersky zeigt mir folgender Bericht: 01) Trojan-Ransom.Win32.Blocker.cbsn c:\users\kitte\appdata\roaming\thunderbird\profiles\.... 02) Trojan-Ransom.Win32.Blocker.cbsn c:\users\kitte\appdata\roaming\thunderbird\profiles\.... 03) Trojan-Ransom.Win32.Blocker.cavm c:\users\kitte\appdata\roaming\thunderbird\profiles\.... 04) Trojan-Ransom.Win32.Blocker.cavm c:\users\kitte\appdata\roaming\thunderbird\profiles\.... 05) Trojan-Spy.Win32.Zbot.nsur c:\users\kitte\appdata\roaming\thunderbird\profiles\.... 06) Trojan-Spy.Win32.Zbot.nsur c:\users\kitte\appdata\roaming\thunderbird\profiles\.... 07) Trojan-Spy.Win32.Zbot.mafo c:\users\kitte\appdata\roaming\thunderbird\profiles\.... 08) Trojan-Spy.Win32.Zbot.mafo c:\users\kitte\appdata\roaming\thunderbird\profiles\.... 09) Trojan-Spy.Win32.Zbot.mafo c:\users\kitte\appdata\roaming\thunderbird\profiles\.... Ich hab als erstes OTL durchlaufen lassen siehe Anhang... Code:
ATTFilter OTL logfile created on: 01.04.2014 21:21:51 - Run 2 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Kitte\Downloads\PC Reinigung 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.11.9600.16521) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 6,00 Gb Total Physical Memory | 4,16 Gb Available Physical Memory | 69,35% Memory free 12,00 Gb Paging File | 6,92 Gb Available in Paging File | 57,68% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 97,56 Gb Total Space | 1,62 Gb Free Space | 1,66% Space Free | Partition Type: NTFS Drive D: | 244,14 Gb Total Space | 103,41 Gb Free Space | 42,36% Space Free | Partition Type: NTFS Drive E: | 254,38 Gb Total Space | 21,57 Gb Free Space | 8,48% Space Free | Partition Type: NTFS Drive G: | 3,91 Gb Total Space | 1,79 Gb Free Space | 45,83% Space Free | Partition Type: FAT32 Computer Name: KITTE-PC | User Name: Kitte | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\Kitte\Downloads\PC Reinigung\OTL.exe (OldTimer Tools) PRC - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) PRC - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (NVIDIA Corporation) PRC - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation) PRC - C:\Program Files (x86)\Common Files\Adobe\CEPServiceManager4\CEPServiceManager.exe (Adobe Systems Incorporated) PRC - C:\Program Files (x86)\EIZO\ScreenSlicer\ESCSlicer.exe (EIZO Corporation) PRC - C:\Program Files (x86)\Adobe\Adobe Dreamweaver CC\Dreamweaver.exe (Adobe Systems, Inc.) PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation) PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation) PRC - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\avp.exe (Kaspersky Lab ZAO) PRC - C:\Windows\SysWOW64\PnkBstrA.exe () PRC - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\acrotray.exe (Adobe Systems Inc.) PRC - C:\Program Files (x86)\Common Files\InfoWatch\CryptoStorage\ProtectedObjectsSrv.exe (Infowatch) PRC - C:\Program Files (x86)\USB Safely Remove\USBSafelyRemove.exe () ========== Modules (No Company Name) ========== MOD - C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.154\PepperFlash\pepflashplayer.dll () MOD - C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.154\ppGoogleNaClPluginChrome.dll () MOD - C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.154\pdf.dll () MOD - C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.154\ffmpegsumo.dll () MOD - C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.154\chrome_elf.dll () MOD - C:\Users\Kitte\AppData\Local\Google\Chrome\User Data\SwiftShader\1.0.5.0\libglesv2.dll () MOD - C:\Users\Kitte\AppData\Local\Google\Chrome\User Data\SwiftShader\1.0.5.0\libegl.dll () MOD - C:\Program Files (x86)\FileZilla FTP Client\fzshellext.dll () MOD - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE14\Cultures\office.odf () MOD - C:\Program Files (x86)\Common Files\Adobe\CEPServiceManager4\zlib1.dll () MOD - C:\Program Files (x86)\Adobe\Adobe Dreamweaver CC\libcurl.dll () MOD - C:\Program Files (x86)\Adobe\Adobe Dreamweaver CC\SSLEAY32.dll () MOD - C:\Program Files (x86)\Adobe\Adobe Dreamweaver CC\Configuration\KnowledgeEngines\PHP_KnowledgeEngine.dll () MOD - C:\Program Files (x86)\Adobe\Adobe Dreamweaver CC\Configuration\KnowledgeEngines\JS_KnowledgeEngine.dll () MOD - C:\Program Files (x86)\Adobe\Adobe Dreamweaver CC\c4lib.dll () MOD - C:\Program Files (x86)\Adobe\Adobe Dreamweaver CC\Workspace.dll () MOD - C:\Program Files (x86)\Adobe\Adobe Dreamweaver CC\TitanVistaFileDialog.dll () MOD - C:\Program Files (x86)\Adobe\Adobe Dreamweaver CC\LaunchEM.dll () MOD - C:\Program Files (x86)\Adobe\Adobe Dreamweaver CC\DWLog.dll () MOD - C:\Program Files (x86)\Adobe\Adobe Dreamweaver CC\AlcidDLL.dll () MOD - C:\Program Files (x86)\Adobe\Adobe Dreamweaver CC\LIBEAY32.dll () MOD - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\QtGui4.dll () MOD - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\QtScript4.dll () MOD - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\QtSql4.dll () MOD - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\QtDeclarative4.dll () MOD - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\QtCore4.dll () MOD - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\QtNetwork4.dll () MOD - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\dblite.dll () MOD - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\imageformats\qgif4.dll () MOD - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\imageformats\qjpeg4.dll () MOD - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\locale\de_de\acrotray.deu () MOD - C:\Program Files (x86)\USB Safely Remove\USBSafelyRemove.exe () ========== Services (SafeList) ========== SRV:64bit: - (IEEtwCollectorService) -- C:\Windows\SysNative\IEEtwCollector.exe (Microsoft Corporation) SRV - (nvUpdatusService) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (NVIDIA Corporation) SRV - (Stereo Service) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation) SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation) SRV - (MBAMService) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation) SRV - (MBAMScheduler) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation) SRV - (AVP) -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\avp.exe (Kaspersky Lab ZAO) SRV - (PnkBstrA) -- C:\Windows\SysWOW64\PnkBstrA.exe () SRV - (wlidsvc) -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.) SRV - (NIHardwareService) -- C:\Programme\Common Files\Native Instruments\Hardware\NIHardwareService.exe (Native Instruments GmbH) SRV - (wlcrasvc) -- C:\Programme\Windows Live\Mesh\wlcrasvc.exe (Microsoft Corporation) SRV - (osppsvc) -- C:\Programme\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE (Microsoft Corporation) SRV - (CSObjectsSrv) -- C:\Program Files (x86)\Common Files\InfoWatch\CryptoStorage\ProtectedObjectsSrv.exe (Infowatch) SRV - (USBSafelyRemoveService) -- C:\Program Files (x86)\USB Safely Remove\USBSRService.exe () SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation) ========== Driver Services (SafeList) ========== DRV:64bit: - (taphss6) -- C:\Windows\SysNative\drivers\taphss6.sys (Anchorfree Inc.) DRV:64bit: - (WsAudioDevice_383S(1) -- C:\Windows\SysNative\drivers\WsAudioDevice_383S(1).sys (Wondershare) DRV:64bit: - (mbamchameleon) -- C:\Windows\SysNative\drivers\mbamchameleon.sys () DRV:64bit: - (atksgt) -- C:\Windows\SysNative\drivers\atksgt.sys () DRV:64bit: - (lirsgt) -- C:\Windows\SysNative\drivers\lirsgt.sys () DRV:64bit: - (MBAMProtector) -- C:\Windows\SysNative\drivers\mbam.sys (Malwarebytes Corporation) DRV:64bit: - (KLIF) -- C:\Windows\SysNative\drivers\klif.sys (Kaspersky Lab) DRV:64bit: - (usb_rndisx) -- C:\Windows\SysNative\drivers\usb8023x.sys (Microsoft Corporation) DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\drivers\usbaapl64.sys (Apple, Inc.) DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.) DRV:64bit: - (PxHlpa64) -- C:\Windows\SysNative\drivers\PxHlpa64.sys (Corel Corporation) DRV:64bit: - (Netaapl) -- C:\Windows\SysNative\drivers\netaapl64.sys (Apple Inc.) DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation) DRV:64bit: - (KL1) -- C:\Windows\SysNative\drivers\kl1.sys (Kaspersky Lab ZAO) DRV:64bit: - (kl2) -- C:\Windows\SysNative\drivers\kl2.sys (Kaspersky Lab ZAO) DRV:64bit: - (VBoxNetAdp) -- C:\Windows\SysNative\drivers\VBoxNetAdp.sys (Oracle Corporation) DRV:64bit: - (fssfltr) -- C:\Windows\SysNative\drivers\fssfltr.sys (Microsoft Corporation) DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices) DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices) DRV:64bit: - (KLIM6) -- C:\Windows\SysNative\drivers\klim6.sys (Kaspersky Lab ZAO) DRV:64bit: - (npf) -- C:\Windows\SysNative\drivers\npf.sys (CACE Technologies, Inc.) DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company) DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation) DRV:64bit: - (usbser) -- C:\Windows\SysNative\drivers\usbser.sys (Microsoft Corporation) DRV:64bit: - (BazisVirtualCDBus) -- C:\Windows\SysNative\drivers\BazisVirtualCDBus.sys (SysProgs.org) DRV:64bit: - (CSCrySec) -- C:\Windows\SysNative\drivers\CSCrySec.sys (Infowatch) DRV:64bit: - (CSVirtualDiskDrv) -- C:\Windows\SysNative\drivers\CSVirtualDiskDrv.sys (Infowatch) DRV:64bit: - (klmouflt) -- C:\Windows\SysNative\drivers\klmouflt.sys (Kaspersky Lab) DRV:64bit: - (HTCAND64) -- C:\Windows\SysNative\drivers\ANDROIDUSB.sys (HTC, Corporation) DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.) DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation) DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology) DRV:64bit: - (WSDPrintDevice) -- C:\Windows\SysNative\drivers\WSDPrint.sys (Microsoft Corporation) DRV:64bit: - (NVENETFD) -- C:\Windows\SysNative\drivers\nvm62x64.sys (NVIDIA Corporation) DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation) DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation) DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation) DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.) DRV:64bit: - (VCSVADHWSer) -- C:\Windows\SysNative\drivers\vcsvad.sys (Avnex) DRV:64bit: - (Si3132r5) -- C:\Windows\SysNative\drivers\Si3132r5.sys (Silicon Image, Inc) DRV:64bit: - (SiFilter) -- C:\Windows\SysNative\drivers\SiWinAcc.sys (Silicon Image, Inc.) DRV:64bit: - (SiRemFil) -- C:\Windows\SysNative\drivers\SiRemFil.sys (Silicon Image, Inc.) DRV:64bit: - (MTsensor) -- C:\Windows\SysNative\drivers\ASACPI.sys () DRV - (HWiNFO32) -- C:\Program Files (x86)\HWiNFO32\HWiNFO64A.SYS (REALiX(tm)) DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\..\SearchScopes,DefaultScope = IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.google.com IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.giga.de/ [binary data] IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 40 C4 17 E9 C6 D9 CB 01 [binary data] IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = hxxp://www.google.com IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://www.google.com IE - HKCU\..\SearchScopes,DefaultScope = {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE11SR IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\adobe.com/AdobeAAMDetect: C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll (Adobe Systems) FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.51.2: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.51.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation) FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation) FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\adobe.com/AdobeAAMDetect: C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll (Adobe Systems) FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\linkfilter@kaspersky.ru: C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\FFExt\linkfilter@kaspersky.ru [2013.02.12 12:07:20 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\virtualKeyboard@kaspersky.ru: C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\FFExt\virtualKeyboard@kaspersky.ru [2013.02.12 12:07:20 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\KavAntiBanner@Kaspersky.ru: C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\FFExt\KavAntiBanner@Kaspersky.ru [2013.02.12 12:07:02 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\web2pdfextension@web2pdf.adobedotcom: C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn [2014.03.13 16:34:05 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 24.4.0\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 24.4.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins [2014.03.13 16:34:08 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{68cb3b56-070c-4206-ace9-0b122f7c3de9}: C:\Program Files (x86)\Re-markit-soft\157.xpi [2013.02.05 12:53:07 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Kitte\AppData\Roaming\mozilla\Extensions [2011.03.03 18:33:37 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Kitte\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6} [2014.02.26 17:46:20 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Kitte\AppData\Roaming\mozilla\Firefox\extensions [2013.04.10 13:10:15 | 000,000,000 | ---D | M] (uTorrentBar_DE) -- C:\Users\Kitte\AppData\Roaming\mozilla\Firefox\extensions\{c840e246-6b95-475e-9bd7-caa1c7eca9f2} [2014.03.10 01:54:15 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions [2011.03.03 19:00:02 | 000,000,000 | ---D | M] (Kaspersky URL Advisor) -- C:\Program Files (x86)\mozilla firefox\extensions\linkfilter@kaspersky.ru [2011.07.11 23:48:12 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npwachk.dll ========== Chrome ========== CHR - default_search_provider: Google (Enabled) CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:bookmarkBarPinned}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding} CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}sugkey={google:suggestAPIKeyParameter}, CHR - plugin: Error reading preferences file CHR - Extension: Google Docs = C:\Users\Kitte\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0\ CHR - Extension: Google Drive = C:\Users\Kitte\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\ CHR - Extension: YouTube = C:\Users\Kitte\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\ CHR - Extension: Google-Suche = C:\Users\Kitte\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\ CHR - Extension: Modul zur Link-Untersuchung = C:\Users\Kitte\AppData\Local\Google\Chrome\User Data\Default\Extensions\dchlnpcodkpfdpacogkljefecpegganj\12.0.2.733_0\ CHR - Extension: Virtuelle Tastatur = C:\Users\Kitte\AppData\Local\Google\Chrome\User Data\Default\Extensions\jagncdcchgajhfhijbbhecadmaiegcmh\12.0.2.733_0\ CHR - Extension: Amazon-Icon = C:\Users\Kitte\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkcedibhemacmilmkpndpkoidlnmgngg\1.0_0\ CHR - Extension: Google Wallet = C:\Users\Kitte\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\ CHR - Extension: Google Mail = C:\Users\Kitte\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\ CHR - Extension: Anti-Banner = C:\Users\Kitte\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjldcfjmnllhmgjclecdnfampinooman\12.0.2.733_0\ O1 HOSTS File: ([2013.03.15 18:02:20 | 000,000,147 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O2:64bit: - BHO: (V-bates) - {21EAF666-26B3-4a3c-ABD0-CA2F5A326744} - C:\Program Files\V-bates\Extension64.dll File not found O2:64bit: - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation) O2:64bit: - BHO: (no name) - AutorunsDisabled - No CLSID value found. O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - No CLSID value found. O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~2\Office14\GROOVEEX.DLL (Microsoft Corporation) O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~2\Office14\URLREDIR.DLL (Microsoft Corporation) O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O2 - BHO: (no name) - AutorunsDisabled - No CLSID value found. O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O4:64bit: - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe (Adobe Systems Inc.) O4 - HKLM..\Run: [Adobe Acrobat Speed Launcher] C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [AdobeCEPServiceManager] C:\Program Files (x86)\Common Files\Adobe\CEPServiceManager4\CEPServiceManager.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [AVP] C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\avp.exe (Kaspersky Lab ZAO) O4 - HKLM..\Run: [DivXMediaServer] C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe File not found O4 - HKLM..\Run: [Wondershare Helper Compact.exe] C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe (Wondershare) O4 - HKCU..\Run: [AdobeBridge] File not found O4 - HKCU..\Run: [USB Safely Remove] C:\Program Files (x86)\USB Safely Remove\USBSafelyRemove.exe () O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 28 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: DisallowRun = 1 O8:64bit: - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~2\MICROS~2\Office14\ONBttnIE.dll/105 File not found O8:64bit: - Extra context menu item: An vorhandene PDF-Datei anfügen - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O8:64bit: - Extra context menu item: Hinzufügen zu Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\ie_banner_deny.htm () O8:64bit: - Extra context menu item: In Adobe PDF konvertieren - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O8:64bit: - Extra context menu item: Linkziel an vorhandene PDF-Datei anhängen - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O8:64bit: - Extra context menu item: Linkziel in Adobe PDF konvertieren - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O8:64bit: - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~2\MICROS~2\Office10\EXCEL.EXE/3000 File not found O8:64bit: - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MICROS~2\Office14\EXCEL.EXE/3000 File not found O8:64bit: - Extra context menu item: SYSTRAN Suche - C:\Program Files (x86)\SYSTRAN\6\GUIres.dll () O8:64bit: - Extra context menu item: SYSTRAN Übersetzen - C:\Program Files (x86)\SYSTRAN\6\GUIres.dll () O8 - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~2\MICROS~2\Office14\ONBttnIE.dll/105 File not found O8 - Extra context menu item: An vorhandene PDF-Datei anfügen - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Hinzufügen zu Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\ie_banner_deny.htm () O8 - Extra context menu item: In Adobe PDF konvertieren - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Linkziel an vorhandene PDF-Datei anhängen - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Linkziel in Adobe PDF konvertieren - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~2\MICROS~2\Office10\EXCEL.EXE/3000 File not found O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MICROS~2\Office14\EXCEL.EXE/3000 File not found O8 - Extra context menu item: SYSTRAN Suche - C:\Program Files (x86)\SYSTRAN\6\GUIres.dll () O8 - Extra context menu item: SYSTRAN Übersetzen - C:\Program Files (x86)\SYSTRAN\6\GUIres.dll () O9:64bit: - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9:64bit: - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9:64bit: - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O9:64bit: - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab (System Requirements Lab Class) O16 - DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} hxxp://www.nvidia.com/content/DriverDownload/nforce/NvidiaSmartScan.cab (NVIDIA Smart Scan) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{7494ECBB-F4A6-46EC-A605-9084465AA60D}: DhcpNameServer = 192.168.178.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{DBA5A134-BE45-426C-984B-4AA013272A46}: DhcpNameServer = 212.23.115.132 212.23.115.148 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E90D49EC-0B1B-4441-B3B9-F04E3DB8602D}: DhcpNameServer = 192.168.42.129 O18:64bit: - Protocol\Handler\livecall - No CLSID value found O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found O18:64bit: - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found O18:64bit: - Protocol\Handler\msdaipp\oledb - No CLSID value found O18:64bit: - Protocol\Handler\ms-help - No CLSID value found O18:64bit: - Protocol\Handler\msnim - No CLSID value found O18:64bit: - Protocol\Handler\mso-offdap - No CLSID value found O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found O18:64bit: - Protocol\Handler\wlpg - No CLSID value found O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\PROGRA~2\COMMON~1\MICROS~1\WEBCOM~1\10\OWC10.DLL (Microsoft Corporation) O18:64bit: - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O20:64bit: - Winlogon\Notify\klogon: DllName - (%SystemRoot%\System32\klogon.dll) - C:\Windows\SysNative\klogon.dll (Kaspersky Lab ZAO) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O28:64bit: - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation) O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MICROS~2\Office14\GROOVEEX.DLL (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O33 - MountPoints2\{69d6a1aa-8c87-11e1-85fb-001d60be7f00}\Shell - "" = AutoRun O33 - MountPoints2\{69d6a1aa-8c87-11e1-85fb-001d60be7f00}\Shell\AutoRun\command - "" = G:\autorun.exe O33 - MountPoints2\{8bb6befb-45b1-11e0-961f-001d60be7f00}\Shell - "" = AutoRun O33 - MountPoints2\{8bb6befb-45b1-11e0-961f-001d60be7f00}\Shell\AutoRun\command - "" = V:\KASPERSKYPURE.EXE O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2014.04.01 11:45:17 | 000,000,000 | ---D | C] -- C:\Users\Kitte\AppData\Local\Microsoft Games [2014.03.19 20:29:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome [2014.03.19 19:21:34 | 000,000,000 | ---D | C] -- C:\Users\Kitte\AppData\Local\df9d36f3-94fe-4848-ebde-ca4e0b3016d7 [2014.03.19 19:08:35 | 000,000,000 | ---D | C] -- C:\Users\Kitte\AppData\Local\Wondershare [2014.03.19 19:08:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Wondershare [2014.03.19 19:08:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wondershare [2014.03.19 19:08:25 | 000,000,000 | ---D | C] -- C:\Users\Kitte\AppData\Roaming\Wondershare [2014.03.19 19:07:42 | 000,029,288 | ---- | C] (Wondershare) -- C:\Windows\SysNative\drivers\WsAudioDevice_383S(1).sys [2014.03.19 19:07:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Wondershare [2014.03.19 19:06:58 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\Wondershare [2014.03.19 17:18:26 | 000,000,000 | ---D | C] -- C:\Users\Kitte\Documents\VirtualDJ [2014.03.14 00:07:14 | 000,484,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wer.dll [2014.03.14 00:07:14 | 000,381,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wer.dll [2014.03.14 00:07:13 | 000,032,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll [2014.03.14 00:07:12 | 000,051,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieetwproxystub.dll [2014.03.14 00:07:12 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwcollectorres.dll [2014.03.14 00:07:11 | 001,964,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl [2014.03.14 00:07:11 | 000,553,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript9diag.dll [2014.03.14 00:07:11 | 000,061,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll [2014.03.14 00:07:11 | 000,033,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll [2014.03.14 00:07:10 | 000,627,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll [2014.03.14 00:07:10 | 000,440,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll [2014.03.14 00:07:10 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwproxystub.dll [2014.03.14 00:07:09 | 002,041,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl [2014.03.14 00:07:09 | 000,218,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe [2014.03.14 00:07:09 | 000,112,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe [2014.03.14 00:07:09 | 000,066,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll [2014.03.14 00:07:08 | 000,703,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dll [2014.03.14 00:07:08 | 000,574,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll [2014.03.14 00:07:08 | 000,164,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msrating.dll [2014.03.14 00:07:08 | 000,111,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwcollector.exe [2014.03.14 00:07:07 | 005,768,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll [2014.03.14 00:07:07 | 000,817,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dll [2014.03.14 00:07:07 | 000,708,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9diag.dll [2014.03.14 00:07:07 | 000,139,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe [2014.03.14 00:07:06 | 000,940,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MsSpellCheckingFacility.exe [2014.03.14 00:07:06 | 000,195,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msrating.dll [2014.03.14 00:06:16 | 000,624,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\qedit.dll [2014.03.14 00:06:15 | 001,424,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WindowsCodecs.dll [2014.03.14 00:06:15 | 000,509,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\qedit.dll [2014.03.13 17:31:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FileZilla FTP Client [2014.03.13 17:31:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\FileZilla FTP Client [2014.03.13 16:34:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe LiveCycle ES2 [2014.03.13 16:30:37 | 000,000,000 | ---D | C] -- C:\Users\Kitte\Desktop\Adobe Acrobat X [2014.03.11 20:28:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Audacity [2014.03.11 20:17:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AudioEdit Deluxe [2014.03.11 20:17:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AudioEdit Deluxe [2014.03.11 20:17:38 | 000,000,000 | -H-D | C] -- C:\ProgramData\{F481FC18-57D5-4479-B2FB-083BFF223F8F} [2014.03.11 16:10:28 | 000,000,000 | ---D | C] -- C:\ProgramData\ALM [2014.03.11 15:50:55 | 000,000,000 | ---D | C] -- C:\Users\Kitte\AppData\Roaming\PACE Anti-Piracy [2014.03.11 15:50:55 | 000,000,000 | ---D | C] -- C:\Users\Kitte\AppData\Local\PACE Anti-Piracy [2014.03.11 15:50:55 | 000,000,000 | ---D | C] -- C:\ProgramData\PACE Anti-Piracy [2014.03.11 15:50:53 | 000,000,000 | ---D | C] -- C:\Users\Kitte\Documents\Adobe [2014.03.11 04:41:45 | 000,000,000 | ---D | C] -- C:\ProgramData\YTD Video Downloader [2014.03.11 01:20:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\YTD Video Downloader [2014.03.11 01:20:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\GreenTree Applications [2014.03.10 18:40:13 | 000,000,000 | ---D | C] -- C:\Users\Kitte\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller [2014.03.10 18:40:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\VS Revo Group [2014.03.10 17:34:20 | 000,000,000 | ---D | C] -- C:\FRST [2014.03.10 01:58:52 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT [2014.03.09 22:36:57 | 000,000,000 | ---D | C] -- C:\AdwCleaner [2014.03.09 22:35:32 | 000,000,000 | ---D | C] -- C:\Users\Kitte\AppData\Roaming\Malwarebytes [2014.03.09 22:35:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2014.03.09 22:35:09 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2014.03.09 22:35:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware [2014.03.06 23:57:30 | 000,000,000 | ---D | C] -- C:\Users\Kitte\ChromeExtensions [2014.03.06 23:57:29 | 000,000,000 | ---D | C] -- C:\Users\Kitte\AppData\Local\Temp967e6bc64a9d99066d08323ca4e995a1 [2014.03.06 18:15:35 | 000,000,000 | ---D | C] -- C:\Users\Kitte\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\AVS4YOU [2014.03.06 18:14:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVS4YOU [2014.03.06 18:14:14 | 010,833,920 | ---- | C] (Intel Corporation) -- C:\Windows\SysWow64\libmfxsw32.dll [2014.03.06 18:14:13 | 010,915,840 | ---- | C] (Intel Corporation) -- C:\Windows\SysWow64\libmfxhw32.dll [2014.03.06 18:03:54 | 000,000,000 | ---D | C] -- C:\ProgramData\AVS4YOU [2014.03.06 18:03:49 | 000,000,000 | ---D | C] -- C:\Users\Kitte\AppData\Roaming\AVS4YOU [2014.03.06 18:02:18 | 001,700,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\GdiPlus.dll [2014.03.06 18:02:17 | 000,024,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msxml3a.dll [2014.03.06 18:02:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AVS4YOU [2014.03.06 18:02:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\AVSMedia [2014.03.06 17:35:57 | 000,000,000 | ---D | C] -- C:\Users\Kitte\AppData\Local\Tempf1a49d9b6192fc5596c92a39a21487dc [2014.03.06 14:23:23 | 000,000,000 | ---D | C] -- C:\Users\Kitte\AppData\Roaming\SYSTRAN [2014.03.06 14:23:23 | 000,000,000 | ---D | C] -- C:\Users\Kitte\AppData\Local\SYSTRAN [2014.03.06 14:23:19 | 000,000,000 | ---D | C] -- C:\ProgramData\InstallShield [2014.03.06 14:23:13 | 000,000,000 | ---D | C] -- C:\Users\Kitte\AppData\Local\ApplicationHistory [2014.03.06 14:23:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SYSTRAN [2014.03.06 14:22:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SYSTRAN [2014.03.06 14:20:42 | 000,144,896 | R--- | C] (SYSTRAN) -- C:\Windows\SysWow64\libsyslic1.original.dll [2014.03.06 14:06:17 | 000,057,344 | R--- | C] (NGEN TEAM) -- C:\Windows\SysWow64\libsyslic1.dll [2014.03.06 14:03:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\InstallShield [2014.03.06 13:59:17 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\URTTEMP [2014.03.05 00:10:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Free M4a to MP3 Converter [2014.03.05 00:10:58 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Free M4a to MP3 Converter [2014.03.04 13:48:49 | 000,000,000 | ---D | C] -- C:\Users\Kitte\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MP4 To MP3 Converter 2012 v3.0.4 Full [2014.03.04 13:48:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MP4 To MP3 Converter 2012 v3.0.4 Full [2014.03.04 13:16:24 | 000,000,000 | ---D | C] -- C:\Users\Kitte\AppData\Roaming\ImTOO [1 C:\*.tmp files -> C:\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2098.03.31 21:46:00 | 000,001,108 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2098.03.31 14:46:35 | 000,003,280 | ---- | M] () -- C:\bootsqm.dat [2014.04.01 21:11:00 | 000,000,282 | ---- | M] () -- C:\Windows\tasks\FF Watcher {BF8D2DBC-4BCB-4AF7-ABAB-3BEFE2C84DF8}.job [2014.04.01 20:46:28 | 001,409,024 | ---- | M] () -- C:\Users\Kitte\Documents\Unbenannt-5.indd [2014.04.01 11:40:05 | 001,658,772 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2014.04.01 11:40:05 | 000,713,578 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2014.04.01 11:40:05 | 000,666,110 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2014.04.01 11:40:05 | 000,155,514 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2014.04.01 11:40:05 | 000,127,180 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2014.04.01 10:52:01 | 000,001,104 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2014.04.01 10:50:05 | 000,015,136 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2014.04.01 10:50:05 | 000,015,136 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2014.04.01 10:42:33 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2014.04.01 10:42:16 | 535,724,031 | -HS- | M] () -- C:\hiberfil.sys [2014.03.30 07:29:34 | 000,000,036 | ---- | M] () -- C:\Users\Kitte\AppData\Local\housecall.guid.cache [2014.03.30 07:10:43 | 008,209,000 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2014.03.25 16:28:34 | 000,118,139 | ---- | M] () -- C:\Users\Kitte\Desktop\Anmeldung AREA1.pdf [2014.03.24 17:18:24 | 000,001,046 | ---- | M] () -- C:\Users\Kitte\Desktop\Virtual DJ Pro (2).lnk [2014.03.19 20:29:08 | 000,002,254 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk [2014.03.19 19:21:51 | 000,000,306 | RHS- | M] () -- C:\ProgramData\ntuser.pol [2014.03.19 19:08:26 | 000,001,348 | ---- | M] () -- C:\Users\Public\Desktop\Wondershare Streaming Audio Recorder.lnk [2014.03.19 17:19:15 | 000,001,046 | ---- | M] () -- C:\Users\Kitte\Desktop\Virtual DJ Pro.lnk [2014.03.19 03:31:15 | 000,000,132 | ---- | M] () -- C:\Users\Kitte\AppData\Roaming\Adobe PNG-Format CC - Voreinstellungen [2014.03.13 17:31:58 | 000,002,007 | ---- | M] () -- C:\Users\Public\Desktop\FileZilla Client.lnk [2014.03.13 17:17:36 | 000,005,976 | ---- | M] () -- C:\Users\Kitte\Desktop\FileZilla.xml [2014.03.13 16:34:08 | 000,002,033 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Acrobat X Pro.lnk [2014.03.11 20:28:43 | 000,001,014 | ---- | M] () -- C:\Users\Public\Desktop\Audacity.lnk [2014.03.11 20:25:06 | 000,011,783 | ---- | M] () -- C:\Track1.mp3 [2014.03.11 20:17:44 | 000,000,992 | ---- | M] () -- C:\Users\Public\Desktop\AudioEdit Deluxe.lnk [2014.03.11 16:42:20 | 000,001,673 | ---- | M] () -- C:\Users\Kitte\Desktop\Audition.lnk [2014.03.11 16:34:29 | 000,001,525 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Application Manager.lnk [2014.03.11 16:30:18 | 000,001,735 | ---- | M] () -- C:\Users\Kitte\Desktop\lightroom.lnk [2014.03.11 16:16:28 | 000,002,290 | ---- | M] () -- C:\Users\Kitte\Desktop\Illustrator.lnk [2014.03.11 16:02:23 | 000,001,524 | ---- | M] () -- C:\Users\Kitte\Desktop\Flash.lnk [2014.03.11 15:51:36 | 000,001,742 | ---- | M] () -- C:\Users\Kitte\Desktop\Media Encoder.lnk [2014.03.11 15:49:50 | 000,001,714 | ---- | M] () -- C:\Users\Kitte\Desktop\Dreamweaver.lnk [2014.03.11 15:40:27 | 000,001,854 | ---- | M] () -- C:\Users\Kitte\Desktop\AfterFX.lnk [2014.03.11 15:13:40 | 000,001,691 | ---- | M] () -- C:\Users\Kitte\Desktop\InDesign.lnk [2014.03.11 15:09:46 | 000,001,711 | ---- | M] () -- C:\Users\Kitte\Desktop\Photoshop.lnk [2014.03.11 01:20:19 | 000,001,296 | ---- | M] () -- C:\Users\Public\Desktop\YTD Video Downloader.lnk [2014.03.10 18:40:13 | 000,001,271 | ---- | M] () -- C:\Users\Kitte\Desktop\Revo Uninstaller.lnk [2014.03.09 22:35:11 | 000,001,116 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2014.03.06 18:15:37 | 000,001,300 | ---- | M] () -- C:\Users\Kitte\Desktop\AVS4YOU Software Navigator.lnk [2014.03.06 18:14:26 | 000,001,244 | ---- | M] () -- C:\Users\Kitte\Desktop\AVS Audio Converter.lnk [2014.03.06 14:23:13 | 000,000,093 | ---- | M] () -- C:\Users\Kitte\AppData\Local\fusioncache.dat [2014.03.06 14:23:04 | 000,001,061 | ---- | M] () -- C:\Users\Public\Desktop\SYSTRAN Translation Project Mngr.lnk [2014.03.06 14:23:04 | 000,000,989 | ---- | M] () -- C:\Users\Public\Desktop\SYSTRAN Toolbar.lnk [2014.03.06 14:22:28 | 000,878,080 | ---- | M] () -- C:\Windows\SysWow64\iconv.dll [2014.03.06 14:22:28 | 000,721,920 | ---- | M] () -- C:\Windows\SysWow64\libxml2.dll [2014.03.06 14:22:28 | 000,170,432 | ---- | M] () -- C:\Windows\SysWow64\libsyslic1.pd [2014.03.06 14:22:28 | 000,150,016 | ---- | M] () -- C:\Windows\SysWow64\libxslt.dll [2014.03.06 14:22:28 | 000,051,200 | ---- | M] () -- C:\Windows\SysWow64\libexslt.dll [2014.03.06 14:06:19 | 000,000,192 | ---- | M] () -- C:\Windows\SysWow64\libsyslic1.ls [2014.03.06 14:02:12 | 001,685,134 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2014.03.05 00:11:00 | 000,001,158 | ---- | M] () -- C:\Users\Kitte\Desktop\Free M4a to MP3 Converter.lnk [2014.03.04 23:43:05 | 000,000,132 | ---- | M] () -- C:\Users\Kitte\AppData\Roaming\Adobe CS6-PNG-Format - Voreinstellungen [1 C:\*.tmp files -> C:\*.tmp -> ] ========== Files Created - No Company Name ========== [2098.03.31 14:46:35 | 000,003,280 | ---- | C] () -- C:\bootsqm.dat [2014.04.01 20:46:22 | 001,409,024 | ---- | C] () -- C:\Users\Kitte\Documents\Unbenannt-5.indd [2014.03.30 07:29:34 | 000,000,036 | ---- | C] () -- C:\Users\Kitte\AppData\Local\housecall.guid.cache [2014.03.25 16:28:21 | 000,118,139 | ---- | C] () -- C:\Users\Kitte\Desktop\Anmeldung AREA1.pdf [2014.03.24 17:18:24 | 000,001,046 | ---- | C] () -- C:\Users\Kitte\Desktop\Virtual DJ Pro (2).lnk [2014.03.19 20:29:08 | 000,002,254 | ---- | C] () -- C:\Users\Public\Desktop\Google Chrome.lnk [2014.03.19 20:28:53 | 000,001,108 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2014.03.19 20:28:53 | 000,001,104 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2014.03.19 19:21:51 | 000,000,306 | RHS- | C] () -- C:\ProgramData\ntuser.pol [2014.03.19 19:08:26 | 000,001,348 | ---- | C] () -- C:\Users\Public\Desktop\Wondershare Streaming Audio Recorder.lnk [2014.03.19 17:18:31 | 000,001,046 | ---- | C] () -- C:\Users\Kitte\Desktop\Virtual DJ Pro.lnk [2014.03.13 17:31:58 | 000,002,007 | ---- | C] () -- C:\Users\Public\Desktop\FileZilla Client.lnk [2014.03.13 17:17:36 | 000,005,976 | ---- | C] () -- C:\Users\Kitte\Desktop\FileZilla.xml [2014.03.13 16:34:08 | 000,002,465 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Acrobat Distiller X.lnk [2014.03.13 16:34:08 | 000,002,453 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Acrobat X Pro.lnk [2014.03.13 16:34:08 | 000,002,033 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Acrobat X Pro.lnk [2014.03.12 22:08:40 | 000,000,132 | ---- | C] () -- C:\Users\Kitte\AppData\Roaming\Adobe PNG-Format CC - Voreinstellungen [2014.03.11 20:28:43 | 000,001,026 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Audacity.lnk [2014.03.11 20:28:43 | 000,001,014 | ---- | C] () -- C:\Users\Public\Desktop\Audacity.lnk [2014.03.11 20:25:04 | 000,011,783 | ---- | C] () -- C:\Track1.mp3 [2014.03.11 20:17:44 | 000,000,992 | ---- | C] () -- C:\Users\Public\Desktop\AudioEdit Deluxe.lnk [2014.03.11 16:42:20 | 000,001,673 | ---- | C] () -- C:\Users\Kitte\Desktop\Audition.lnk [2014.03.11 16:35:02 | 000,001,045 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Audition CC.lnk [2014.03.11 16:30:18 | 000,001,735 | ---- | C] () -- C:\Users\Kitte\Desktop\lightroom.lnk [2014.03.11 16:26:53 | 000,002,082 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Photoshop Lightroom 5.3 64-Bit.lnk [2014.03.11 16:16:28 | 000,002,290 | ---- | C] () -- C:\Users\Kitte\Desktop\Illustrator.lnk [2014.03.11 16:10:34 | 000,001,518 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Illustrator CC (64 Bit).lnk [2014.03.11 16:02:23 | 000,001,524 | ---- | C] () -- C:\Users\Kitte\Desktop\Flash.lnk [2014.03.11 15:58:34 | 000,000,960 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Flash Professional CC.lnk [2014.03.11 15:51:36 | 000,001,742 | ---- | C] () -- C:\Users\Kitte\Desktop\Media Encoder.lnk [2014.03.11 15:49:50 | 000,001,714 | ---- | C] () -- C:\Users\Kitte\Desktop\Dreamweaver.lnk [2014.03.11 15:46:10 | 000,001,231 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Dreamweaver CC.lnk [2014.03.11 15:45:06 | 000,001,537 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Application Manager.lnk [2014.03.11 15:45:06 | 000,001,525 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Application Manager.lnk [2014.03.11 15:40:27 | 000,001,854 | ---- | C] () -- C:\Users\Kitte\Desktop\AfterFX.lnk [2014.03.11 15:30:43 | 000,001,194 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe After Effects CC.lnk [2014.03.11 15:13:40 | 000,001,691 | ---- | C] () -- C:\Users\Kitte\Desktop\InDesign.lnk [2014.03.11 15:09:46 | 000,001,711 | ---- | C] () -- C:\Users\Kitte\Desktop\Photoshop.lnk [2014.03.11 14:51:33 | 000,001,313 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Update Management Tool.lnk [2014.03.11 14:47:45 | 000,001,075 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Photoshop CC (64 Bit).lnk [2014.03.11 14:46:36 | 000,001,207 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Photoshop CC.lnk [2014.03.11 14:22:34 | 000,001,037 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Bridge CC (64bit).lnk [2014.03.11 14:06:39 | 000,001,063 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe InDesign CC (64 Bit).lnk [2014.03.11 14:04:42 | 000,001,090 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Media Encoder CC.lnk [2014.03.11 01:20:19 | 000,001,296 | ---- | C] () -- C:\Users\Public\Desktop\YTD Video Downloader.lnk [2014.03.10 18:40:13 | 000,001,271 | ---- | C] () -- C:\Users\Kitte\Desktop\Revo Uninstaller.lnk [2014.03.09 22:35:11 | 000,001,116 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2014.03.06 18:15:37 | 000,001,300 | ---- | C] () -- C:\Users\Kitte\Desktop\AVS4YOU Software Navigator.lnk [2014.03.06 18:14:26 | 000,001,244 | ---- | C] () -- C:\Users\Kitte\Desktop\AVS Audio Converter.lnk [2014.03.06 14:23:13 | 000,000,093 | ---- | C] () -- C:\Users\Kitte\AppData\Local\fusioncache.dat [2014.03.06 14:23:04 | 000,001,061 | ---- | C] () -- C:\Users\Public\Desktop\SYSTRAN Translation Project Mngr.lnk [2014.03.06 14:23:04 | 000,000,989 | ---- | C] () -- C:\Users\Public\Desktop\SYSTRAN Toolbar.lnk [2014.03.06 14:06:19 | 000,000,192 | ---- | C] () -- C:\Windows\SysWow64\libsyslic1.ls [2014.03.06 14:06:17 | 000,878,080 | ---- | C] () -- C:\Windows\SysWow64\iconv.dll [2014.03.06 14:06:17 | 000,721,920 | ---- | C] () -- C:\Windows\SysWow64\libxml2.dll [2014.03.06 14:06:17 | 000,170,432 | ---- | C] () -- C:\Windows\SysWow64\libsyslic1.pd [2014.03.06 14:06:17 | 000,150,016 | ---- | C] () -- C:\Windows\SysWow64\libxslt.dll [2014.03.06 14:06:17 | 000,051,200 | ---- | C] () -- C:\Windows\SysWow64\libexslt.dll [2014.03.05 00:11:35 | 000,000,282 | ---- | C] () -- C:\Windows\tasks\FF Watcher {BF8D2DBC-4BCB-4AF7-ABAB-3BEFE2C84DF8}.job [2014.03.05 00:11:00 | 000,001,158 | ---- | C] () -- C:\Users\Kitte\Desktop\Free M4a to MP3 Converter.lnk [2014.03.04 13:48:49 | 000,002,337 | ---- | C] () -- C:\Users\Kitte\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\More New Software Only Here Full Version.lnk [2013.08.08 14:17:22 | 000,001,456 | ---- | C] () -- C:\Users\Kitte\AppData\Local\Adobe Für Web speichern 13.0 Prefs [2013.06.14 11:13:25 | 000,000,132 | ---- | C] () -- C:\Users\Kitte\AppData\Roaming\Adobe CS6-PNG-Format - Voreinstellungen [2013.02.12 12:10:08 | 000,017,408 | ---- | C] () -- C:\Users\Kitte\AppData\Local\WebpageIcons.db [2012.04.02 22:20:26 | 000,175,616 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll [2012.01.23 16:24:55 | 000,000,000 | ---- | C] () -- C:\Users\Kitte\AppData\Local\{28D042A1-6CA5-4203-83B1-36FF23DC047B} [2012.01.23 15:05:07 | 000,000,000 | ---- | C] () -- C:\Users\Kitte\AppData\Local\{DE494449-FF54-486C-92B8-89AC6E5B5721} [2011.11.19 18:55:47 | 000,001,492 | ---- | C] () -- C:\ProgramData\ss.ini [2011.09.24 18:38:07 | 000,001,456 | ---- | C] () -- C:\Users\Kitte\AppData\Local\Adobe Für Web speichern 12.0 Prefs [2011.09.04 18:24:09 | 000,000,132 | ---- | C] () -- C:\Users\Kitte\AppData\Roaming\Adobe Targa Format CS5 Prefs [2011.04.13 16:31:21 | 000,000,132 | ---- | C] () -- C:\Users\Kitte\AppData\Roaming\Adobe PNG Format CS5 Prefs [2011.03.31 11:09:19 | 000,067,403 | ---- | C] () -- C:\Users\Kitte\kitte vs tatty.jpg [2011.03.23 11:55:40 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat [2011.03.07 15:27:10 | 000,033,792 | ---- | C] () -- C:\Users\Kitte\ultrasch.jpg [2010.11.13 14:11:17 | 000,735,353 | ---- | C] () -- C:\Users\Kitte\ace_uninstaller.exe ========== ZeroAccess Check ========== [2009.07.14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2013.07.26 04:24:57 | 014,172,672 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2013.07.26 03:55:59 | 012,872,704 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 03:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 05:19:04 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] ========== Alternate Data Streams ========== @Alternate Data Stream - 1278 bytes -> C:\Users\Kitte\AppData\Local\lHX8ZAx771C3:aUxCP7h2Bi8mcXxgXdnIzy @Alternate Data Stream - 126 bytes -> C:\ProgramData\TEMP:373E1720 @Alternate Data Stream - 104 bytes -> C:\ProgramData\TEMP:90EF0C9C < End of report > ...ich dreh noch durch hier  |
| Themen zu Trojan-Ransom.Win32.Blocker.cbsn & Trojan-Spy.Win.32.Zbot.nsur eingefangen -.- |
| adobe, adobe after effects, amazon-icon, bho, bonjour, browser, error, excel, explorer, firefox, format, ftp, google, helper, home, hängen, kaspersky, logfile, mp3, nvidia, preferences, registry, scan, senden, tastatur, temp, usb, windows |
Baum-Darstellung