| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Email Account gehackt? Mail DeliveryWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
21.05.2014, 09:37
| #16 |
 |  Email Account gehackt? Mail Delivery Bisher ist keine weitere Mail bekommen - was allerdings noch nichts gutes heißen muss. Die Mails kamen immer sehr unregelmäßig. Wir haben bisher auch nur mit einem der drei Rechner die Emails abgeholt. Das ist jetzt meine Art des Ausschlußverfahrens. Wenn wir in den nächsten beiden Tagen kein Mail Delivery erhalten, werde ich an dem zweiten PC das Passwort eingeben und ebenso wieder abwarten und zum Schluß das gleiche bei PC 3. Somit sollte ich anfang nächster Woche wissen, von welchem PC aus die Bedrohung kommt!? Zwar nicht fachmännisch, aber vielleicht auch zielführend!? Soll ich von den anderen Rechnern noch ein aktuelles frst posten? Da habe ich wohl etwas zu früh geschrieben. Soeben hat uns wieder eine Mail erreicht! Ich verzweifle echt bald daran... :-( |
|
22.05.2014, 08:39
| #17 |
| /// the machine /// TB-Ausbilder    | Email Account gehackt? Mail Delivery Von was ist die datiert? Nicht dass es nur ein Rückläufer ist. Ja frische FRST Logs von den andern bitte.
__________________
__________________ |
|
24.05.2014, 09:48
| #18 |
| | Email Account gehackt? Mail Delivery Die eine ist gestern um 18:45 gesendet worden. Wir haben in der Zwischenzeit schon 5 weitere solcher Mails erhalten. Rückläufer sind das keine. Ich habe noch alle gespeichert.
__________________Hier mal das frische frst vom PC 2 FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 15-05-2014 (ATTENTION: ====> FRST version is 9 days old and could be outdated) Ran by Stefan (administrator) on STEFANHEUSER on 24-05-2014 10:46:35 Running from C:\Users\Stefan\Desktop Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: German Standard Internet Explorer Version 11 Boot Mode: Normal ==================== Processes (Whitelisted) ================= (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (Microsoft Corporation) C:\Windows\System32\wlanext.exe (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (ABBYY) C:\Program Files (x86)\convert+share\ABBYY\LicensingService.exe (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avp.exe (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe (Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe (Scanshare B.V.) C:\Program Files (x86)\convert+share\NetworkService.exe (Scanshare B.V.) C:\Program Files (x86)\convert+share\OAService.exe (Scanshare B.V.) C:\Program Files (x86)\convert+share\ProcessService.exe () C:\Program Files\MFP-Printer Utility\Enterprise Suite\bin\Release\PSESCoreScheduler.exe (Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe (InterVideo) C:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe (Apache Software Foundation) C:\MagicInfo Lite\tomcat\bin\tomcat6.exe () C:\MagicInfo Lite\bin\srvany.exe (Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe (Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe (Microsoft Corporation) C:\Program Files (x86)\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe (PostgreSQL Global Development Group) C:\Program Files (x86)\PostgreSQL\8.3\bin\pg_ctl.exe (PostgreSQL Global Development Group) C:\Program Files (x86)\PostgreSQL\9.2\bin\pg_ctl.exe (PostgreSQL Global Development Group) C:\Program Files (x86)\PostgreSQL\8.3\bin\postgres.exe (Protexis Inc.) C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe (Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe (PostgreSQL Global Development Group) C:\Program Files (x86)\PostgreSQL\9.2\bin\postgres.exe (Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe (TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe (PostgreSQL Global Development Group) C:\Program Files (x86)\PostgreSQL\8.3\bin\postgres.exe (PostgreSQL Global Development Group) C:\Program Files (x86)\PostgreSQL\8.3\bin\postgres.exe (PostgreSQL Global Development Group) C:\Program Files (x86)\PostgreSQL\8.3\bin\postgres.exe (PostgreSQL Global Development Group) C:\Program Files (x86)\PostgreSQL\8.3\bin\postgres.exe (PostgreSQL Global Development Group) C:\Program Files (x86)\PostgreSQL\8.3\bin\postgres.exe (PostgreSQL Global Development Group) C:\Program Files (x86)\PostgreSQL\9.2\bin\postgres.exe (PostgreSQL Global Development Group) C:\Program Files (x86)\PostgreSQL\9.2\bin\postgres.exe (PostgreSQL Global Development Group) C:\Program Files (x86)\PostgreSQL\9.2\bin\postgres.exe (PostgreSQL Global Development Group) C:\Program Files (x86)\PostgreSQL\9.2\bin\postgres.exe (PostgreSQL Global Development Group) C:\Program Files (x86)\PostgreSQL\9.2\bin\postgres.exe (PostgreSQL Global Development Group) C:\Program Files (x86)\PostgreSQL\9.2\bin\postgres.exe (TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe () C:\MagicInfo Lite\bin\srvany.exe ( ) C:\MagicInfo Lite\bin\distributer.exe (Sony Corporation) C:\Program Files (x86)\SONY\VAIO Event Service\VESMgr.exe (Sony Corporation) C:\Program Files\Sony\VAIO Smart Network\VSNService.exe (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE (Sony Corporation) C:\Program Files (x86)\SONY\VAIO Event Service\VESMgrSub.exe (PostgreSQL Global Development Group) C:\Program Files (x86)\PostgreSQL\8.3\bin\postgres.exe (PostgreSQL Global Development Group) C:\Program Files (x86)\PostgreSQL\8.3\bin\postgres.exe (PostgreSQL Global Development Group) C:\Program Files (x86)\PostgreSQL\8.3\bin\postgres.exe (PostgreSQL Global Development Group) C:\Program Files (x86)\PostgreSQL\8.3\bin\postgres.exe (PostgreSQL Global Development Group) C:\Program Files (x86)\PostgreSQL\8.3\bin\postgres.exe (PostgreSQL Global Development Group) C:\Program Files (x86)\PostgreSQL\8.3\bin\postgres.exe (PostgreSQL Global Development Group) C:\Program Files (x86)\PostgreSQL\8.3\bin\postgres.exe (PostgreSQL Global Development Group) C:\Program Files (x86)\PostgreSQL\8.3\bin\postgres.exe (PostgreSQL Global Development Group) C:\Program Files (x86)\PostgreSQL\8.3\bin\postgres.exe (PostgreSQL Global Development Group) C:\Program Files (x86)\PostgreSQL\8.3\bin\postgres.exe (Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avpui.exe (Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Alps Electric Co., Ltd.) C:\Program Files\Apoint\Apoint.exe (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe (Spotify Ltd) C:\Users\Stefan\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe (Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Sony Corporation) C:\Program Files\Sony\VAIO Smart Network\VSNClient.exe (Sony Corporation) C:\Program Files (x86)\SONY\Setting Utility Series\WBCBatteryCare.exe (Sony Corporation) C:\Program Files (x86)\SONY\ISB Utility\ISBMgr.exe (shbox.de) C:\Program Files (x86)\FreePDF_XP\fpassist.exe (Sony Corporation) C:\Program Files\Sony\VAIO Care\VAIOCareService.exe (Sony Corporation) C:\Program Files\Sony\VAIO Power Management\SPMgr.exe (Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe (Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\APSDaemon.exe (Sony Corporation) C:\Program Files\Sony\VAIO Care\VCsystray.exe () C:\Program Files\MFP-Printer Utility\Enterprise Suite\Plugin\Prof\KmProfService.exe (Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe (Sony Corporation) C:\Program Files\Sony\VAIO Power Management\SPMService.exe (Alps Electric Co., Ltd.) C:\Program Files\Apoint\ApMsgFwd.exe (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreamsDownloader.exe (Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTStackServer.exe (Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe (ALPS) C:\Program Files\Apoint\Apvfb.exe (Alps Electric Co., Ltd.) C:\Program Files\Apoint\ApntEx.exe (Sony Corporation) C:\Program Files\Sony\VAIO Update\VAIOUpdt.exe (Sony Corporation) C:\Program Files\Sony\VAIO Update\VUAgent.exe (Samsung Electronics.) C:\Program Files (x86)\Samsung Magician\Samsung Magician.exe (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe (Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe ==================== Registry (Whitelisted) ================== HKLM\...\Run: [IAAnotif] => C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe [186904 2009-10-13] (Intel Corporation) HKLM\...\Run: [NvCplDaemon] => C:\Windows\system32\NvCpl.dll [16395880 2009-11-02] (NVIDIA Corporation) HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [9636896 2009-12-07] (Realtek Semiconductor) HKLM\...\Run: [Apoint] => C:\Program Files\Apoint\Apoint.exe [208384 2009-11-04] (Alps Electric Co., Ltd.) HKLM-x32\...\Run: [ISBMgr.exe] => C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe [320880 2009-08-26] (Sony Corporation) HKLM-x32\...\Run: [SunJavaUpdateSched] => "C:\Program Files (x86)\Java\jre7\bin\jusched.exe" HKLM-x32\...\Run: [FreePDF Assistant] => C:\Program Files (x86)\FreePDF_XP\fpassist.exe [385024 2009-09-05] (shbox.de) HKLM-x32\...\Run: [GrooveMonitor] => C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation) HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated) HKLM-x32\...\Run: [BrStsWnd] => C:\Program Files (x86)\Brownie\BrstsW64.exe [3697776 2012-06-21] (brother) HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-05-15] (Apple Inc.) Winlogon\Notify\VESWinlogon-x32: VESWinlogon.dll [X] HKU\.DEFAULT\...\RunOnce: [SPReview] - C:\Windows\System32\SPReview\SPReview.exe [301568 2013-06-20] (Microsoft Corporation) HKU\S-1-5-21-778539726-1508035087-141682171-1000\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [59720 2013-11-20] (Apple Inc.) HKU\S-1-5-21-778539726-1508035087-141682171-1000\...\Run: [ApplePhotoStreams] => C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [59720 2013-11-20] (Apple Inc.) HKU\S-1-5-21-778539726-1508035087-141682171-1000\...\Run: [Spotify Web Helper] => C:\Users\Stefan\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1176632 2014-05-19] (Spotify Ltd) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk ShortcutTarget: Bluetooth.lnk -> C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.) Startup: C:\Users\Stefan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Samsung Magician.lnk ShortcutTarget: Samsung Magician.lnk -> C:\Program Files (x86)\Samsung Magician\Samsung Magician.exe (Samsung Electronics.) GroupPolicy: Group Policy on Chrome detected <======= ATTENTION ==================== Internet (Whitelisted) ==================== HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=SVEC&bmod=EU01 SearchScopes: HKCU - {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = SearchScopes: HKCU - {7CA2114F-56B7-4321-8B1F-37F9B785C178} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7SVEC SearchScopes: HKCU - {8BB7C53E-D0BE-4BC4-9826-9D9CE55D5839} URL = hxxp://rover.ebay.com/rover/1/707-37276-16609-0/4?satitle={searchTerms} SearchScopes: HKCU - {D6DDDB5E-7FC1-4783-8529-166343F002F4} URL = hxxp://de.shopping.com/?linkin_id=8056363 BHO: Content Blocker Plugin - {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\x64\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO) BHO: Virtual Keyboard Plugin - {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO) BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) BHO: Safe Money Plugin - {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\x64\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO) BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.) BHO: URL Advisor Plugin - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\x64\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO) BHO-x32: Content Blocker Plugin - {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO) BHO-x32: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation) BHO-x32: Virtual Keyboard Plugin - {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO) BHO-x32: Microsoft-Konto-Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) BHO-x32: Safe Money Plugin - {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO) BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) BHO-x32: URL Advisor Plugin - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO) Tcpip\Parameters: [DhcpNameServer] 192.168.178.1 FireFox: ======== FF ProfilePath: C:\Users\Stefan\AppData\Roaming\Mozilla\Firefox\Profiles\k67ysfvy.default FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_13_0_0_214.dll () FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_214.dll () FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () FF Plugin-x32: @java.com/DTPlugin,version=10.25.2 - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=10.25.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin-x32: @microsoft.com/OfficeLive,version=1.5 - C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.) FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3508.0205 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml FF HKLM-x32\...\Firefox\Extensions: - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\url_advisor@kaspersky.com FF Extension: 卡巴斯基網址顧問 - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\url_advisor@kaspersky.com [2014-05-09] FF HKLM-x32\...\Firefox\Extensions: [virtual_keyboard@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\virtual_keyboard@kaspersky.com FF Extension: 虛擬鍵盤 - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\virtual_keyboard@kaspersky.com [2014-05-09] FF HKLM-x32\...\Firefox\Extensions: [content_blocker@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\content_blocker@kaspersky.com FF Extension: 惡意網站攔截器 - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\content_blocker@kaspersky.com [2014-05-09] FF HKLM-x32\...\Firefox\Extensions: [anti_banner@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\anti_banner@kaspersky.com FF Extension: Chặn quảng cáo - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\anti_banner@kaspersky.com [2014-05-09] FF HKLM-x32\...\Firefox\Extensions: [online_banking@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\online_banking@kaspersky.com FF Extension: Safe Money - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\online_banking@kaspersky.com [2014-05-09] ==================== Services (Whitelisted) ================= R2 ABBYY.Licensing.FineReaderEngine.Windows.10.0; C:\Program Files (x86)\convert+share\ABBYY\LicensingService.exe [1170896 2014-02-05] (ABBYY) S3 ACDaemon; C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [109056 2009-02-06] (ArcSoft Inc.) R2 avp; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avp.exe [214512 2013-10-17] (Kaspersky Lab ZAO) R2 DVNetwork; C:\Program Files (x86)\convert+share\NetworkService.exe [19456 2014-02-05] (Scanshare B.V.) R2 DVOAService; C:\Program Files (x86)\convert+share\OAService.exe [18432 2014-02-05] (Scanshare B.V.) R2 DVProcess; C:\Program Files (x86)\convert+share\ProcessService.exe [18944 2014-02-05] (Scanshare B.V.) R2 Enterprise Suite Service; C:\Program Files\MFP-Printer Utility\Enterprise Suite\bin\Release\PSESCoreScheduler.exe [51712 2013-05-24] () S4 Enterprise Suite Terminal Service; C:\Program Files\MFP-Printer Utility\Enterprise Suite\ESC\bin\wrapper.exe [233984 2011-10-07] (Tanuki Software, Ltd.) R2 MagicInfoPremium; C:\MagicInfo Lite\tomcat\\bin\tomcat6.exe [57344 2008-07-22] (Apache Software Foundation) R2 MagicInfoStreamDaemon; C:\MagicInfo Lite\bin\srvany.exe [8464 1998-11-22] () R2 MBAMScheduler; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe [1809720 2014-04-03] (Malwarebytes Corporation) R2 MBAMService; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [857912 2014-04-03] (Malwarebytes Corporation) R2 MSSQL$SQLEXPRESS; c:\Program Files (x86)\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe [43028328 2011-09-22] (Microsoft Corporation) R2 My Panel Manager Service; C:\Program Files\MFP-Printer Utility\Enterprise Suite\Plugin\Prof\KmProfService.exe [8704 2013-02-12] () R2 pgsql-8.3; C:\Program Files (x86)\PostgreSQL\8.3\bin\pg_ctl.exe [65536 2010-10-04] (PostgreSQL Global Development Group) S3 Primary Server Monitor; C:\Program Files\MFP-Printer Utility\Enterprise Suite\bin\Release\PSESPrimaryServerMonitor.exe [30720 2013-05-24] () S3 Roxio UPnP Renderer 10; C:\Program Files (x86)\Roxio\Digital Home 10\RoxioUPnPRenderer10.exe [313840 2009-08-31] (Sonic Solutions) S2 Roxio Upnp Server 10; C:\Program Files (x86)\Roxio\Digital Home 10\RoxioUpnpService10.exe [362992 2009-08-31] (Sonic Solutions) S3 rpcapd; C:\Program Files (x86)\WinPcap\rpcapd.exe [117264 2010-06-25] (CACE Technologies, Inc.) S3 SampleCollector; C:\Program Files\Sony\VAIO Care\collsvc.exe [167424 2009-09-16] (Intel Corporation) S4 SQLAgent$SQLEXPRESS; c:\Program Files (x86)\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [370024 2011-09-22] (Microsoft Corporation) R2 UltraVNCRepeater; C:\MagicInfo Lite\bin\srvany.exe [8464 1998-11-22] () R3 VUAgent; C:\Program Files\Sony\VAIO Update\vuagent.exe [1642544 2014-02-27] (Sony Corporation) R2 W3SVC; C:\Windows\system32\inetsrv\iisw3adm.dll [453120 2010-11-20] (Microsoft Corporation) S3 WMSVC; C:\Windows\system32\inetsrv\wmsvc.exe [10752 2009-07-14] (Microsoft Corporation) R2 postgresql-9.2; C:/Program Files (x86)/PostgreSQL/9.2/bin/pg_ctl.exe runservice -N "postgresql-9.2" -D "C:/Program Files (x86)/PostgreSQL/9.2/data" -w [X] ==================== Drivers (Whitelisted) ==================== R0 kl1; C:\Windows\System32\DRIVERS\kl1.sys [458336 2014-05-09] (Kaspersky Lab ZAO) S4 klflt; C:\Windows\System32\DRIVERS\klflt.sys [115296 2014-05-09] (Kaspersky Lab ZAO) R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [625248 2014-05-09] (Kaspersky Lab ZAO) R1 KLIM6; C:\Windows\System32\DRIVERS\klim6.sys [29792 2013-10-17] (Kaspersky Lab ZAO) R3 klkbdflt; C:\Windows\System32\DRIVERS\klkbdflt.sys [29280 2014-05-09] (Kaspersky Lab ZAO) R3 klmouflt; C:\Windows\System32\DRIVERS\klmouflt.sys [29280 2013-10-17] (Kaspersky Lab ZAO) R1 klpd; C:\Windows\System32\DRIVERS\klpd.sys [15456 2013-04-12] (Kaspersky Lab ZAO) R1 kltdi; C:\Windows\System32\DRIVERS\kltdi.sys [55904 2013-05-14] (Kaspersky Lab ZAO) R1 kneps; C:\Windows\System32\DRIVERS\kneps.sys [178272 2014-05-09] (Kaspersky Lab ZAO) R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-04-03] (Malwarebytes Corporation) R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [119512 2014-05-24] (Malwarebytes Corporation) R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63192 2014-04-03] (Malwarebytes Corporation) R2 NPF; C:\Windows\System32\drivers\npf.sys [35344 2010-06-25] (CACE Technologies, Inc.) R2 regi; C:\Windows\SysWOW64\drivers\regi.sys [11032 2007-04-17] (InterVideo) S3 Serial; C:\Windows\system32\drivers\serial.sys [94208 2009-07-14] (Brother Industries Ltd.) ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2014-05-24 10:46 - 2014-05-24 10:46 - 00022220 _____ () C:\Users\Stefan\Desktop\FRST.txt 2014-05-21 16:21 - 2014-05-21 16:21 - 00001783 _____ () C:\Users\Public\Desktop\iTunes.lnk 2014-05-21 16:21 - 2014-05-21 16:21 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes 2014-05-21 16:21 - 2014-05-21 16:21 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69 2014-05-21 16:21 - 2014-05-21 16:21 - 00000000 ____D () C:\Program Files\iTunes 2014-05-21 16:21 - 2014-05-21 16:21 - 00000000 ____D () C:\Program Files\iPod 2014-05-21 16:21 - 2014-05-21 16:21 - 00000000 ____D () C:\Program Files (x86)\iTunes 2014-05-21 09:43 - 2014-05-21 09:43 - 00000000 ____D () C:\Users\Stefan\Downloads\mflpro 2014-05-21 09:40 - 2014-05-21 09:40 - 45521898 _____ (A.I.SOFT,INC.) C:\Users\Stefan\Downloads\DCP-9040CN-inst-win7-A2.EXE 2014-05-21 07:57 - 2014-05-21 07:57 - 00001141 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VAIO Update.lnk 2014-05-21 07:56 - 2014-05-21 07:56 - 00000028 _____ () C:\1__Argon__.tmp 2014-05-16 15:47 - 2014-05-16 15:51 - 00000000 ____D () C:\Users\Stefan\Desktop\Swopper_Platzhirsch 2014-05-15 18:02 - 2014-05-06 06:40 - 23544320 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2014-05-15 18:02 - 2014-05-06 06:17 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2014-05-15 18:02 - 2014-05-06 05:25 - 17382912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2014-05-15 18:02 - 2014-05-06 05:07 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb 2014-05-15 18:02 - 2014-05-06 05:00 - 00084992 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll 2014-05-15 18:02 - 2014-05-06 04:10 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll 2014-05-15 14:03 - 2014-05-15 14:06 - 239724307 _____ () C:\Users\Stefan\Downloads\bimos_videos.zip 2014-05-15 13:05 - 2014-05-09 08:14 - 00477184 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll 2014-05-15 13:05 - 2014-05-09 08:11 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll 2014-05-15 13:05 - 2014-04-12 04:22 - 00155072 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys 2014-05-15 13:05 - 2014-04-12 04:22 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys 2014-05-15 13:05 - 2014-04-12 04:19 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll 2014-05-15 13:05 - 2014-04-12 04:19 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll 2014-05-15 13:05 - 2014-04-12 04:19 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe 2014-05-15 13:05 - 2014-04-12 04:19 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll 2014-05-15 13:05 - 2014-04-12 04:19 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll 2014-05-15 13:05 - 2014-04-12 04:12 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll 2014-05-15 13:05 - 2014-04-12 04:10 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll 2014-05-15 13:05 - 2014-03-25 04:43 - 14175744 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll 2014-05-15 13:05 - 2014-03-25 04:09 - 12874240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll 2014-05-15 13:05 - 2014-03-04 11:47 - 05550016 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe 2014-05-15 13:05 - 2014-03-04 11:44 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll 2014-05-15 13:05 - 2014-03-04 11:44 - 00722944 _____ (Microsoft Corporation) C:\Windows\system32\objsel.dll 2014-05-15 13:05 - 2014-03-04 11:44 - 00424960 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll 2014-05-15 13:05 - 2014-03-04 11:44 - 00340992 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll 2014-05-15 13:05 - 2014-03-04 11:44 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll 2014-05-15 13:05 - 2014-03-04 11:44 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll 2014-05-15 13:05 - 2014-03-04 11:44 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll 2014-05-15 13:05 - 2014-03-04 11:44 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\wincredprovider.dll 2014-05-15 13:05 - 2014-03-04 11:43 - 00455168 _____ (Microsoft Corporation) C:\Windows\system32\winlogon.exe 2014-05-15 13:05 - 2014-03-04 11:43 - 00057344 _____ (Microsoft Corporation) C:\Windows\system32\cngprovider.dll 2014-05-15 13:05 - 2014-03-04 11:43 - 00056832 _____ (Microsoft Corporation) C:\Windows\system32\adprovider.dll 2014-05-15 13:05 - 2014-03-04 11:43 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\capiprovider.dll 2014-05-15 13:05 - 2014-03-04 11:43 - 00052736 _____ (Microsoft Corporation) C:\Windows\system32\dpapiprovider.dll 2014-05-15 13:05 - 2014-03-04 11:43 - 00044544 _____ (Microsoft Corporation) C:\Windows\system32\dimsroam.dll 2014-05-15 13:05 - 2014-03-04 11:43 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll 2014-05-15 13:05 - 2014-03-04 11:20 - 03969984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe 2014-05-15 13:05 - 2014-03-04 11:20 - 03914176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe 2014-05-15 13:05 - 2014-03-04 11:17 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll 2014-05-15 13:05 - 2014-03-04 11:17 - 00538112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\objsel.dll 2014-05-15 13:05 - 2014-03-04 11:17 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll 2014-05-15 13:05 - 2014-03-04 11:17 - 00247808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll 2014-05-15 13:05 - 2014-03-04 11:17 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll 2014-05-15 13:05 - 2014-03-04 11:17 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll 2014-05-15 13:05 - 2014-03-04 11:17 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cngprovider.dll 2014-05-15 13:05 - 2014-03-04 11:17 - 00049664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adprovider.dll 2014-05-15 13:05 - 2014-03-04 11:17 - 00048128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\capiprovider.dll 2014-05-15 13:05 - 2014-03-04 11:17 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dpapiprovider.dll 2014-05-15 13:05 - 2014-03-04 11:17 - 00036864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dimsroam.dll 2014-05-15 13:05 - 2014-03-04 11:17 - 00035328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wincredprovider.dll 2014-05-15 13:05 - 2014-03-04 11:17 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll 2014-05-15 13:05 - 2014-03-04 11:16 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll 2014-05-14 16:34 - 2014-05-14 16:34 - 00411798 _____ () C:\Users\Stefan\Downloads\Brother%20Logo%20Blue.eps 2014-05-14 15:00 - 2014-05-20 16:23 - 00000000 ____D () C:\Users\Stefan\Desktop\Viren_Software 2014-05-14 14:35 - 2014-05-14 15:13 - 00000000 ____D () C:\Users\Stefan\Desktop\Banner 2014-05-14 11:56 - 2014-05-16 12:38 - 02067456 _____ (Farbar) C:\Users\Stefan\Desktop\FRST64.exe 2014-05-14 11:36 - 2014-05-14 11:36 - 00000000 ____D () C:\Windows\ERUNT 2014-05-14 11:28 - 2014-05-14 11:31 - 00000000 ____D () C:\AdwCleaner 2014-05-14 10:59 - 2014-05-24 10:25 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2014-05-14 10:59 - 2014-05-14 10:59 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 2014-05-14 10:59 - 2014-05-14 10:59 - 00000000 ____D () C:\ProgramData\Malwarebytes 2014-05-14 10:59 - 2014-05-14 10:59 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 2014-05-14 10:59 - 2014-04-03 09:51 - 00088280 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys 2014-05-14 10:59 - 2014-04-03 09:51 - 00063192 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys 2014-05-14 10:59 - 2014-04-03 09:50 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys 2014-05-14 10:46 - 2014-05-14 10:46 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group 2014-05-14 10:44 - 2014-05-14 10:44 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\Stefan\Downloads\1revosetup95.exe 2014-05-14 09:05 - 2014-05-14 09:05 - 17938608 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe 2014-05-14 08:08 - 2014-05-14 08:08 - 00000000 ____D () C:\Users\Stefan\AppData\Roaming\Centra 2014-05-13 12:23 - 2014-05-13 12:23 - 00000092 _____ () C:\__Argon__.tmp 2014-05-13 12:23 - 2014-05-13 12:23 - 00000032 ____N () C:\_IS6BAT_.TMP 2014-05-13 10:29 - 2014-05-24 10:46 - 00000000 ____D () C:\FRST 2014-05-10 12:03 - 2014-05-10 12:03 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox 2014-05-09 09:29 - 2014-05-09 09:29 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kaspersky Internet Security 2014-05-08 10:29 - 2014-05-08 10:29 - 00511642 _____ () C:\Users\Stefan\Downloads\meet_sweetspot_tables_D.zip 2014-05-06 17:28 - 2014-05-16 07:46 - 00000000 ___SD () C:\Windows\system32\CompatTel 2014-04-29 17:31 - 2014-03-06 11:31 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll 2014-04-29 17:31 - 2014-03-06 10:59 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll 2014-04-29 17:31 - 2014-03-06 10:57 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll 2014-04-29 17:31 - 2014-03-06 10:40 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll 2014-04-29 17:31 - 2014-03-06 10:39 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll 2014-04-29 17:31 - 2014-03-06 10:32 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll 2014-04-29 17:31 - 2014-03-06 10:29 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe 2014-04-29 17:31 - 2014-03-06 10:28 - 00752640 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll 2014-04-29 17:31 - 2014-03-06 10:09 - 00453120 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll 2014-04-29 17:31 - 2014-03-06 10:03 - 00586240 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe 2014-04-29 17:31 - 2014-03-06 10:02 - 00455168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll 2014-04-29 17:31 - 2014-03-06 10:02 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll 2014-04-29 17:31 - 2014-03-06 09:56 - 00038400 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll 2014-04-29 17:31 - 2014-03-06 09:48 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll 2014-04-29 17:31 - 2014-03-06 09:46 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll 2014-04-29 17:31 - 2014-03-06 09:45 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll 2014-04-29 17:31 - 2014-03-06 09:42 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll 2014-04-29 17:31 - 2014-03-06 09:40 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll 2014-04-29 17:31 - 2014-03-06 09:38 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe 2014-04-29 17:31 - 2014-03-06 09:22 - 00367616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll 2014-04-29 17:31 - 2014-03-06 09:21 - 00628736 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2014-04-29 17:31 - 2014-03-06 09:13 - 00032256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll 2014-04-29 17:31 - 2014-03-06 09:07 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll 2014-04-29 17:31 - 2014-03-06 09:01 - 00244224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll 2014-04-29 17:31 - 2014-03-06 08:46 - 00524288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll 2014-04-29 17:30 - 2014-03-06 10:57 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll 2014-04-29 17:30 - 2014-03-06 10:53 - 02767360 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2014-04-29 17:30 - 2014-03-06 10:29 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe 2014-04-29 17:30 - 2014-03-06 10:15 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe 2014-04-29 17:30 - 2014-03-06 10:11 - 05784064 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2014-04-29 17:30 - 2014-03-06 10:01 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll 2014-04-29 17:30 - 2014-03-06 09:47 - 02178048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2014-04-29 17:30 - 2014-03-06 09:46 - 04254720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll 2014-04-29 17:30 - 2014-03-06 09:36 - 00592896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll 2014-04-29 17:30 - 2014-03-06 09:11 - 02043904 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl 2014-04-29 17:30 - 2014-03-06 08:53 - 13551104 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2014-04-29 17:30 - 2014-03-06 08:40 - 01967104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl 2014-04-29 17:30 - 2014-03-06 08:36 - 11745792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2014-04-29 17:30 - 2014-03-06 08:22 - 02260480 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2014-04-29 17:30 - 2014-03-06 07:58 - 01400832 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2014-04-29 17:30 - 2014-03-06 07:50 - 00846336 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll 2014-04-29 17:30 - 2014-03-06 07:43 - 00704512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll 2014-04-29 17:30 - 2014-03-06 07:41 - 01789440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2014-04-29 17:30 - 2014-03-06 07:36 - 01143808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2014-04-28 14:39 - 2014-05-15 09:44 - 00000000 ____D () C:\Users\Stefan\Desktop\BTMV 2014-04-27 18:00 - 2014-05-19 10:49 - 00000000 ____D () C:\Users\Stefan\AppData\Local\.elfohilfe 2014-04-27 17:08 - 2014-04-27 17:09 - 00000000 ____D () C:\Users\Stefan\AppData\Roaming\elsterformular 2014-04-27 17:08 - 2014-04-27 17:08 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ElsterFormular 2014-04-27 17:08 - 2014-04-27 17:08 - 00000000 ____D () C:\ProgramData\elsterformular 2014-04-27 17:08 - 2014-04-27 17:08 - 00000000 ____D () C:\Program Files (x86)\ElsterFormular 2014-04-25 16:14 - 2014-04-25 16:14 - 00000000 ___HD () C:\ProgramData\{71298098-1063-493E-A755-4CC7081782D0} 2014-04-25 16:14 - 2014-04-25 16:14 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EasternGraphics 2014-04-25 16:13 - 2014-04-25 16:13 - 00000000 ____D () C:\Users\Stefan\AppData\Local\III ==================== One Month Modified Files and Folders ======= 2014-05-24 10:46 - 2014-05-24 10:46 - 00022220 _____ () C:\Users\Stefan\Desktop\FRST.txt 2014-05-24 10:46 - 2014-05-13 10:29 - 00000000 ____D () C:\FRST 2014-05-24 10:25 - 2014-05-14 10:59 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2014-05-24 10:13 - 2013-06-13 14:57 - 00000000 ____D () C:\ProgramData\Kaspersky Lab 2014-05-24 10:07 - 2009-07-14 06:45 - 00013936 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2014-05-24 10:07 - 2009-07-14 06:45 - 00013936 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2014-05-24 10:05 - 2013-06-14 08:18 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job 2014-05-24 10:05 - 2013-06-13 11:53 - 02048580 _____ () C:\Windows\WindowsUpdate.log 2014-05-24 10:04 - 2013-06-13 12:11 - 00003950 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{68CB2F9A-9254-4A7B-A264-A9FC71EF232D} 2014-05-24 10:02 - 2013-06-13 12:41 - 00848130 _____ () C:\Windows\system32\perfh007.dat 2014-05-24 10:02 - 2013-06-13 12:41 - 00203522 _____ () C:\Windows\system32\perfc007.dat 2014-05-24 10:02 - 2009-07-14 07:13 - 02012030 _____ () C:\Windows\system32\PerfStringBackup.INI 2014-05-24 10:01 - 2013-06-13 15:22 - 00000000 ____D () C:\Users\Stefan\AppData\Local\3E865EC9-11FE-4B0A-9567-F702404AE632.aplzod 2014-05-24 09:58 - 2014-03-23 14:00 - 00000512 __RSH () C:\ProgramData\ntuser.pol 2014-05-24 09:58 - 2013-06-26 18:27 - 00000000 ____D () C:\Users\postgres 2014-05-24 09:58 - 2013-06-14 08:26 - 00000034 _____ () C:\Windows\SysWOW64\bd9040cn.dat 2014-05-24 09:58 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2014-05-24 09:58 - 2009-07-14 06:51 - 00071279 _____ () C:\Windows\setupact.log 2014-05-21 16:58 - 2013-12-02 15:56 - 00000000 ____D () C:\Users\Stefan\AppData\Roaming\Spotify 2014-05-21 16:21 - 2014-05-21 16:21 - 00001783 _____ () C:\Users\Public\Desktop\iTunes.lnk 2014-05-21 16:21 - 2014-05-21 16:21 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes 2014-05-21 16:21 - 2014-05-21 16:21 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69 2014-05-21 16:21 - 2014-05-21 16:21 - 00000000 ____D () C:\Program Files\iTunes 2014-05-21 16:21 - 2014-05-21 16:21 - 00000000 ____D () C:\Program Files\iPod 2014-05-21 16:21 - 2014-05-21 16:21 - 00000000 ____D () C:\Program Files (x86)\iTunes 2014-05-21 16:21 - 2013-06-13 15:15 - 00000000 ____D () C:\ProgramData\Apple Computer 2014-05-21 12:07 - 2013-06-13 12:49 - 00068220 _____ () C:\fpRedmon.log 2014-05-21 12:07 - 2013-06-13 12:49 - 00000000 ____D () C:\Users\Stefan\AppData\Local\FreePDF_XP 2014-05-21 10:36 - 2013-06-13 12:32 - 00000473 _____ () C:\Windows\BRWMARK.INI 2014-05-21 10:36 - 2009-07-14 07:32 - 00000000 ____D () C:\Windows\system32\FxsTmp 2014-05-21 09:44 - 2013-06-14 08:24 - 00000050 _____ () C:\Windows\system32\bd9040cn.dat 2014-05-21 09:43 - 2014-05-21 09:43 - 00000000 ____D () C:\Users\Stefan\Downloads\mflpro 2014-05-21 09:40 - 2014-05-21 09:40 - 45521898 _____ (A.I.SOFT,INC.) C:\Users\Stefan\Downloads\DCP-9040CN-inst-win7-A2.EXE 2014-05-21 08:19 - 2013-06-13 12:32 - 00000000 ____D () C:\ProgramData\CSS Group 2014-05-21 07:57 - 2014-05-21 07:57 - 00001141 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VAIO Update.lnk 2014-05-21 07:57 - 2014-01-27 08:57 - 00000000 ____D () C:\Windows\System32\Tasks\Sony Corporation 2014-05-21 07:57 - 2013-06-13 12:42 - 00000000 ____D () C:\Program Files\Sony 2014-05-21 07:57 - 2009-11-24 00:46 - 00000000 ____D () C:\ProgramData\Sony Corporation 2014-05-21 07:57 - 2009-11-23 23:40 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information 2014-05-21 07:56 - 2014-05-21 07:56 - 00000028 _____ () C:\1__Argon__.tmp 2014-05-21 07:56 - 2014-01-25 12:59 - 00000000 ____D () C:\Update 2014-05-20 16:23 - 2014-05-14 15:00 - 00000000 ____D () C:\Users\Stefan\Desktop\Viren_Software 2014-05-19 18:01 - 2009-11-23 23:29 - 00553038 _____ () C:\Windows\PFRO.log 2014-05-19 14:35 - 2013-12-02 15:56 - 00000000 ____D () C:\Users\Stefan\AppData\Local\Spotify 2014-05-19 11:01 - 2013-09-24 10:08 - 00000000 ____D () C:\Program Files (x86)\VideoConverter 2014-05-19 10:49 - 2014-04-27 18:00 - 00000000 ____D () C:\Users\Stefan\AppData\Local\.elfohilfe 2014-05-16 15:51 - 2014-05-16 15:47 - 00000000 ____D () C:\Users\Stefan\Desktop\Swopper_Platzhirsch 2014-05-16 12:38 - 2014-05-14 11:56 - 02067456 _____ (Farbar) C:\Users\Stefan\Desktop\FRST64.exe 2014-05-16 08:59 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\rescache 2014-05-16 07:49 - 2013-06-13 12:08 - 00000000 ___RD () C:\Users\Stefan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup 2014-05-16 07:49 - 2013-06-13 12:08 - 00000000 ___RD () C:\Users\Stefan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools 2014-05-16 07:46 - 2014-05-06 17:28 - 00000000 ___SD () C:\Windows\system32\CompatTel 2014-05-16 07:46 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\PolicyDefinitions 2014-05-15 18:02 - 2013-06-13 14:23 - 00000000 ____D () C:\ProgramData\Microsoft Help 2014-05-15 18:00 - 2014-01-25 12:39 - 00000000 ____D () C:\Windows\system32\MRT 2014-05-15 17:58 - 2014-01-25 12:39 - 93223848 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe 2014-05-15 14:06 - 2014-05-15 14:03 - 239724307 _____ () C:\Users\Stefan\Downloads\bimos_videos.zip 2014-05-15 09:44 - 2014-04-28 14:39 - 00000000 ____D () C:\Users\Stefan\Desktop\BTMV 2014-05-15 09:12 - 2013-06-13 15:03 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk 2014-05-14 16:34 - 2014-05-14 16:34 - 00411798 _____ () C:\Users\Stefan\Downloads\Brother%20Logo%20Blue.eps 2014-05-14 16:31 - 2013-06-13 15:53 - 00000000 ____D () C:\Users\Stefan\AppData\Local\Paint.NET 2014-05-14 15:13 - 2014-05-14 14:35 - 00000000 ____D () C:\Users\Stefan\Desktop\Banner 2014-05-14 11:56 - 2014-02-13 11:00 - 02032440 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI 2014-05-14 11:36 - 2014-05-14 11:36 - 00000000 ____D () C:\Windows\ERUNT 2014-05-14 11:31 - 2014-05-14 11:28 - 00000000 ____D () C:\AdwCleaner 2014-05-14 11:15 - 2009-07-14 09:45 - 00000000 ____D () C:\Windows\ShellNew 2014-05-14 10:59 - 2014-05-14 10:59 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 2014-05-14 10:59 - 2014-05-14 10:59 - 00000000 ____D () C:\ProgramData\Malwarebytes 2014-05-14 10:59 - 2014-05-14 10:59 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 2014-05-14 10:46 - 2014-05-14 10:46 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group 2014-05-14 10:44 - 2014-05-14 10:44 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\Stefan\Downloads\1revosetup95.exe 2014-05-14 09:05 - 2014-05-14 09:05 - 17938608 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe 2014-05-14 09:05 - 2013-06-14 08:18 - 00692400 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2014-05-14 09:05 - 2013-06-14 08:18 - 00070832 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2014-05-14 08:09 - 2013-09-24 11:09 - 00000164 _____ () C:\Users\Stefan\AppData\Roaming\WB.CFG 2014-05-14 08:08 - 2014-05-14 08:08 - 00000000 ____D () C:\Users\Stefan\AppData\Roaming\Centra 2014-05-14 08:05 - 2013-06-14 08:18 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater 2014-05-13 15:38 - 2014-02-25 18:16 - 00000000 ____D () C:\Users\Stefan\Desktop\Bilder_Shooting 2014-05-13 15:38 - 2014-02-13 18:34 - 00000000 ____D () C:\Users\Stefan\Desktop\Develop 2014-05-13 12:23 - 2014-05-13 12:23 - 00000092 _____ () C:\__Argon__.tmp 2014-05-13 12:23 - 2014-05-13 12:23 - 00000032 ____N () C:\_IS6BAT_.TMP 2014-05-12 11:53 - 2013-06-13 14:59 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service 2014-05-10 12:03 - 2014-05-10 12:03 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox 2014-05-09 09:40 - 2013-10-17 15:47 - 00625248 _____ (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\klif.sys 2014-05-09 09:40 - 2013-10-17 15:47 - 00458336 _____ (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\kl1.sys 2014-05-09 09:40 - 2013-10-17 15:47 - 00029280 _____ (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\klkbdflt.sys 2014-05-09 09:40 - 2013-06-08 20:18 - 00115296 _____ (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\klflt.sys 2014-05-09 09:40 - 2013-06-06 17:38 - 00178272 _____ (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\kneps.sys 2014-05-09 09:30 - 2013-06-13 14:57 - 00000000 ____D () C:\Program Files (x86)\Kaspersky Lab 2014-05-09 09:29 - 2014-05-09 09:29 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kaspersky Internet Security 2014-05-09 08:14 - 2014-05-15 13:05 - 00477184 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll 2014-05-09 08:11 - 2014-05-15 13:05 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll 2014-05-08 10:29 - 2014-05-08 10:29 - 00511642 _____ () C:\Users\Stefan\Downloads\meet_sweetspot_tables_D.zip 2014-05-06 06:40 - 2014-05-15 18:02 - 23544320 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2014-05-06 06:17 - 2014-05-15 18:02 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2014-05-06 05:25 - 2014-05-15 18:02 - 17382912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2014-05-06 05:07 - 2014-05-15 18:02 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb 2014-05-06 05:00 - 2014-05-15 18:02 - 00084992 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll 2014-05-06 04:10 - 2014-05-15 18:02 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll 2014-04-28 11:22 - 2014-02-11 15:05 - 00000000 ____D () C:\Watchfolder 2014-04-27 17:09 - 2014-04-27 17:08 - 00000000 ____D () C:\Users\Stefan\AppData\Roaming\elsterformular 2014-04-27 17:08 - 2014-04-27 17:08 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ElsterFormular 2014-04-27 17:08 - 2014-04-27 17:08 - 00000000 ____D () C:\ProgramData\elsterformular 2014-04-27 17:08 - 2014-04-27 17:08 - 00000000 ____D () C:\Program Files (x86)\ElsterFormular 2014-04-25 16:14 - 2014-04-25 16:14 - 00000000 ___HD () C:\ProgramData\{71298098-1063-493E-A755-4CC7081782D0} 2014-04-25 16:14 - 2014-04-25 16:14 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EasternGraphics 2014-04-25 16:14 - 2013-11-19 18:51 - 00000000 ___HD () C:\ProgramData\{2E5F3D11-0155-4860-A4E6-7A8C7E5C8D15} 2014-04-25 16:14 - 2013-06-13 15:05 - 00000000 ____D () C:\ProgramData\EasternGraphics 2014-04-25 16:13 - 2014-04-25 16:13 - 00000000 ____D () C:\Users\Stefan\AppData\Local\III Some content of TEMP: ==================== C:\Users\Stefan\AppData\Local\Temp\autorun.dll ==================== Bamital & volsnap Check ================= C:\Windows\System32\winlogon.exe [2014-05-15 13:05] - [2014-03-04 11:43] - 0455168 ____A (Microsoft Corporation) 88AB9B72B4BF3963A0DE0820B4B0B06C C:\Windows\System32\wininit.exe => MD5 is legit C:\Windows\SysWOW64\wininit.exe => MD5 is legit C:\Windows\explorer.exe => MD5 is legit C:\Windows\SysWOW64\explorer.exe => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\SysWOW64\svchost.exe => MD5 is legit C:\Windows\System32\services.exe => MD5 is legit C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\SysWOW64\User32.dll => MD5 is legit C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\SysWOW64\userinit.exe => MD5 is legit C:\Windows\System32\rpcss.dll => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit LastRegBack: 2014-05-19 11:09 ==================== End Of Log ============================ Und hier PC3: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 15-05-2014 (ATTENTION: ====> FRST version is 9 days old and could be outdated) Ran by buero heuser (administrator) on BUEROHEUSER-PC on 24-05-2014 10:47:23 Running from C:\Users\buero heuser\Desktop Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: German Standard Internet Explorer Version 11 Boot Mode: Normal ==================== Processes (Whitelisted) ================= (Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avp.exe (Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe (Intel Corporation) C:\Windows\System32\IPROSetMonitor.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe (Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Intel Corporation) C:\Windows\System32\igfxtray.exe (Intel Corporation) C:\Windows\System32\hkcmd.exe (Intel Corporation) C:\Windows\System32\igfxpers.exe (Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe (Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (shbox.de) C:\Program Files (x86)\FreePDF_XP\fpassist.exe (Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avpui.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PrivacyIconClient.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation) C:\Windows\System32\igfxsrvc.exe ==================== Registry (Whitelisted) ================== HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13374568 2011-12-13] (Realtek Semiconductor) HKLM-x32\...\Run: [IMSS] => C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe [133400 2012-02-07] (Intel Corporation) HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [291608 2012-01-26] (Intel Corporation) HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [284440 2011-11-29] (Intel Corporation) HKLM-x32\...\Run: [GrooveMonitor] => C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [31016 2006-10-27] (Microsoft Corporation) HKLM-x32\...\Run: [FreePDF Assistant] => C:\Program Files (x86)\FreePDF_XP\fpassist.exe [385024 2009-09-05] (shbox.de) Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation) ==================== Internet (Whitelisted) ==================== HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xA84333675B38CE01 HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de BHO: Content Blocker Plugin - {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\x64\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO) BHO: Virtual Keyboard Plugin - {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO) BHO: Safe Money Plugin - {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\x64\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO) BHO: URL Advisor Plugin - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\x64\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO) BHO-x32: Content Blocker Plugin - {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO) BHO-x32: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation) BHO-x32: Virtual Keyboard Plugin - {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO) BHO-x32: Safe Money Plugin - {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO) BHO-x32: URL Advisor Plugin - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO) Tcpip\Parameters: [DhcpNameServer] 192.168.178.1 FireFox: ======== FF ProfilePath: C:\Users\buero heuser\AppData\Roaming\Mozilla\Firefox\Profiles\d0pagp99.default FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_13_0_0_214.dll () FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_214.dll () FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.0.59 - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation) FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation) FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml FF HKLM-x32\...\Firefox\Extensions: - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\url_advisor@kaspersky.com FF Extension: 卡巴斯基網址顧問 - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\url_advisor@kaspersky.com [2013-11-23] FF HKLM-x32\...\Firefox\Extensions: [virtual_keyboard@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\virtual_keyboard@kaspersky.com FF Extension: 虛擬鍵盤 - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\virtual_keyboard@kaspersky.com [2013-11-23] FF HKLM-x32\...\Firefox\Extensions: [content_blocker@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\content_blocker@kaspersky.com FF Extension: 惡意網站攔截器 - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\content_blocker@kaspersky.com [2013-11-23] FF HKLM-x32\...\Firefox\Extensions: [anti_banner@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\anti_banner@kaspersky.com FF Extension: Chặn quảng cáo - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\anti_banner@kaspersky.com [2013-11-23] FF HKLM-x32\...\Firefox\Extensions: [online_banking@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\online_banking@kaspersky.com FF Extension: Safe Money - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\online_banking@kaspersky.com [2013-11-23] ==================== Services (Whitelisted) ================= R2 AVP; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avp.exe [214512 2013-10-17] (Kaspersky Lab ZAO) R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [128280 2012-02-07] () R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [161560 2012-02-07] (Intel Corporation) R2 MBAMScheduler; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe [1809720 2014-04-03] (Malwarebytes Corporation) R2 MBAMService; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [857912 2014-04-03] (Malwarebytes Corporation) ==================== Drivers (Whitelisted) ==================== R0 kl1; C:\Windows\System32\DRIVERS\kl1.sys [458336 2013-11-23] (Kaspersky Lab ZAO) S4 klflt; C:\Windows\System32\DRIVERS\klflt.sys [115296 2014-03-20] (Kaspersky Lab ZAO) R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [625248 2014-03-20] (Kaspersky Lab ZAO) R1 KLIM6; C:\Windows\System32\DRIVERS\klim6.sys [29792 2013-10-17] (Kaspersky Lab ZAO) R3 klkbdflt; C:\Windows\System32\DRIVERS\klkbdflt.sys [29280 2014-02-17] (Kaspersky Lab ZAO) R3 klmouflt; C:\Windows\System32\DRIVERS\klmouflt.sys [29280 2013-10-17] (Kaspersky Lab ZAO) R1 klpd; C:\Windows\System32\DRIVERS\klpd.sys [15456 2013-04-12] (Kaspersky Lab ZAO) R1 kltdi; C:\Windows\System32\DRIVERS\kltdi.sys [55904 2013-05-14] (Kaspersky Lab ZAO) R1 kneps; C:\Windows\System32\DRIVERS\kneps.sys [178272 2013-12-18] (Kaspersky Lab ZAO) R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-04-03] (Malwarebytes Corporation) R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [119512 2014-05-24] (Malwarebytes Corporation) R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63192 2014-04-03] (Malwarebytes Corporation) R1 Serial; C:\Windows\System32\DRIVERS\serial.sys [94208 2009-07-14] (Brother Industries Ltd.) ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2014-05-24 10:47 - 2014-05-24 10:47 - 00010901 _____ () C:\Users\buero heuser\Desktop\FRST.txt 2014-05-22 15:31 - 2014-05-22 15:31 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\61211F08.sys 2014-05-16 11:41 - 2014-05-16 11:33 - 00855379 _____ () C:\Users\buero heuser\Desktop\2SecurityCheck.exe 2014-05-16 11:41 - 2014-05-16 11:32 - 02347384 _____ (ESET) C:\Users\buero heuser\Desktop\1esetsmartinstaller_deu.exe 2014-05-15 08:11 - 2014-05-15 08:11 - 00000000 __SHD () C:\Users\buero heuser\AppData\Local\EmieUserList 2014-05-15 08:11 - 2014-05-15 08:11 - 00000000 __SHD () C:\Users\buero heuser\AppData\Local\EmieSiteList 2014-05-14 18:13 - 2014-05-06 06:40 - 23544320 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2014-05-14 18:13 - 2014-05-06 06:17 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2014-05-14 18:13 - 2014-05-06 05:25 - 17382912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2014-05-14 18:13 - 2014-05-06 05:07 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb 2014-05-14 18:13 - 2014-05-06 05:00 - 00084992 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll 2014-05-14 18:13 - 2014-05-06 04:10 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll 2014-05-14 14:53 - 2014-05-24 10:47 - 00000000 ____D () C:\Users\buero heuser\Desktop\Viren_Software 2014-05-14 14:40 - 2014-05-14 14:40 - 00000000 ____D () C:\Windows\ERUNT 2014-05-14 14:37 - 2014-05-14 14:40 - 00000000 ____D () C:\AdwCleaner 2014-05-14 14:27 - 2014-05-24 09:57 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2014-05-14 14:27 - 2014-05-14 14:27 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 2014-05-14 14:27 - 2014-05-14 14:27 - 00000000 ____D () C:\ProgramData\Malwarebytes 2014-05-14 14:27 - 2014-05-14 14:27 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 2014-05-14 14:27 - 2014-04-03 09:51 - 00088280 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys 2014-05-14 14:27 - 2014-04-03 09:51 - 00063192 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys 2014-05-14 14:27 - 2014-04-03 09:50 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys 2014-05-14 14:23 - 2014-05-14 14:23 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group 2014-05-14 14:22 - 2014-05-16 12:10 - 02067456 _____ (Farbar) C:\Users\buero heuser\Desktop\FRST64.exe 2014-05-14 10:50 - 2014-05-14 10:50 - 17938608 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe 2014-05-14 08:06 - 2014-05-09 08:14 - 00477184 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll 2014-05-14 08:06 - 2014-05-09 08:11 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll 2014-05-14 08:06 - 2014-04-12 04:22 - 00155072 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys 2014-05-14 08:06 - 2014-04-12 04:22 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys 2014-05-14 08:06 - 2014-04-12 04:19 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll 2014-05-14 08:06 - 2014-04-12 04:19 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll 2014-05-14 08:06 - 2014-04-12 04:19 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe 2014-05-14 08:06 - 2014-04-12 04:19 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll 2014-05-14 08:06 - 2014-04-12 04:19 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll 2014-05-14 08:06 - 2014-04-12 04:12 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll 2014-05-14 08:06 - 2014-04-12 04:10 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll 2014-05-14 08:06 - 2014-03-25 04:43 - 14175744 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll 2014-05-14 08:06 - 2014-03-25 04:09 - 12874240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll 2014-05-14 08:06 - 2014-03-04 11:47 - 05550016 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe 2014-05-14 08:06 - 2014-03-04 11:44 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll 2014-05-14 08:06 - 2014-03-04 11:44 - 00722944 _____ (Microsoft Corporation) C:\Windows\system32\objsel.dll 2014-05-14 08:06 - 2014-03-04 11:44 - 00424960 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll 2014-05-14 08:06 - 2014-03-04 11:44 - 00340992 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll 2014-05-14 08:06 - 2014-03-04 11:44 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll 2014-05-14 08:06 - 2014-03-04 11:44 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll 2014-05-14 08:06 - 2014-03-04 11:44 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll 2014-05-14 08:06 - 2014-03-04 11:44 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\wincredprovider.dll 2014-05-14 08:06 - 2014-03-04 11:43 - 00455168 _____ (Microsoft Corporation) C:\Windows\system32\winlogon.exe 2014-05-14 08:06 - 2014-03-04 11:43 - 00057344 _____ (Microsoft Corporation) C:\Windows\system32\cngprovider.dll 2014-05-14 08:06 - 2014-03-04 11:43 - 00056832 _____ (Microsoft Corporation) C:\Windows\system32\adprovider.dll 2014-05-14 08:06 - 2014-03-04 11:43 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\capiprovider.dll 2014-05-14 08:06 - 2014-03-04 11:43 - 00052736 _____ (Microsoft Corporation) C:\Windows\system32\dpapiprovider.dll 2014-05-14 08:06 - 2014-03-04 11:43 - 00044544 _____ (Microsoft Corporation) C:\Windows\system32\dimsroam.dll 2014-05-14 08:06 - 2014-03-04 11:43 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll 2014-05-14 08:06 - 2014-03-04 11:20 - 03969984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe 2014-05-14 08:06 - 2014-03-04 11:20 - 03914176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe 2014-05-14 08:06 - 2014-03-04 11:17 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll 2014-05-14 08:06 - 2014-03-04 11:17 - 00538112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\objsel.dll 2014-05-14 08:06 - 2014-03-04 11:17 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll 2014-05-14 08:06 - 2014-03-04 11:17 - 00247808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll 2014-05-14 08:06 - 2014-03-04 11:17 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll 2014-05-14 08:06 - 2014-03-04 11:17 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll 2014-05-14 08:06 - 2014-03-04 11:17 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cngprovider.dll 2014-05-14 08:06 - 2014-03-04 11:17 - 00049664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adprovider.dll 2014-05-14 08:06 - 2014-03-04 11:17 - 00048128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\capiprovider.dll 2014-05-14 08:06 - 2014-03-04 11:17 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dpapiprovider.dll 2014-05-14 08:06 - 2014-03-04 11:17 - 00036864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dimsroam.dll 2014-05-14 08:06 - 2014-03-04 11:17 - 00035328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wincredprovider.dll 2014-05-14 08:06 - 2014-03-04 11:17 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll 2014-05-14 08:06 - 2014-03-04 11:16 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll 2014-05-13 10:32 - 2014-05-24 10:47 - 00000000 ____D () C:\FRST 2014-05-12 08:46 - 2014-05-12 08:46 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox 2014-05-06 18:31 - 2014-05-15 07:57 - 00000000 ___SD () C:\Windows\system32\CompatTel 2014-04-29 18:32 - 2014-03-06 11:31 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll 2014-04-29 18:32 - 2014-03-06 10:59 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll 2014-04-29 18:32 - 2014-03-06 10:57 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll 2014-04-29 18:32 - 2014-03-06 10:57 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll 2014-04-29 18:32 - 2014-03-06 10:53 - 02767360 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2014-04-29 18:32 - 2014-03-06 10:40 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll 2014-04-29 18:32 - 2014-03-06 10:39 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll 2014-04-29 18:32 - 2014-03-06 10:32 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll 2014-04-29 18:32 - 2014-03-06 10:29 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe 2014-04-29 18:32 - 2014-03-06 10:29 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe 2014-04-29 18:32 - 2014-03-06 10:28 - 00752640 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll 2014-04-29 18:32 - 2014-03-06 10:15 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe 2014-04-29 18:32 - 2014-03-06 10:11 - 05784064 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2014-04-29 18:32 - 2014-03-06 10:09 - 00453120 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll 2014-04-29 18:32 - 2014-03-06 10:03 - 00586240 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe 2014-04-29 18:32 - 2014-03-06 10:02 - 00455168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll 2014-04-29 18:32 - 2014-03-06 10:02 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll 2014-04-29 18:32 - 2014-03-06 10:01 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll 2014-04-29 18:32 - 2014-03-06 09:56 - 00038400 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll 2014-04-29 18:32 - 2014-03-06 09:48 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll 2014-04-29 18:32 - 2014-03-06 09:47 - 02178048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2014-04-29 18:32 - 2014-03-06 09:46 - 04254720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll 2014-04-29 18:32 - 2014-03-06 09:46 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll 2014-04-29 18:32 - 2014-03-06 09:45 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll 2014-04-29 18:32 - 2014-03-06 09:42 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll 2014-04-29 18:32 - 2014-03-06 09:40 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll 2014-04-29 18:32 - 2014-03-06 09:38 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe 2014-04-29 18:32 - 2014-03-06 09:36 - 00592896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll 2014-04-29 18:32 - 2014-03-06 09:22 - 00367616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll 2014-04-29 18:32 - 2014-03-06 09:21 - 00628736 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2014-04-29 18:32 - 2014-03-06 09:13 - 00032256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll 2014-04-29 18:32 - 2014-03-06 09:11 - 02043904 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl 2014-04-29 18:32 - 2014-03-06 09:07 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll 2014-04-29 18:32 - 2014-03-06 09:01 - 00244224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll 2014-04-29 18:32 - 2014-03-06 08:53 - 13551104 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2014-04-29 18:32 - 2014-03-06 08:46 - 00524288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll 2014-04-29 18:32 - 2014-03-06 08:40 - 01967104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl 2014-04-29 18:32 - 2014-03-06 08:36 - 11745792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2014-04-29 18:32 - 2014-03-06 08:22 - 02260480 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2014-04-29 18:32 - 2014-03-06 07:58 - 01400832 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2014-04-29 18:32 - 2014-03-06 07:50 - 00846336 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll 2014-04-29 18:32 - 2014-03-06 07:43 - 00704512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll 2014-04-29 18:32 - 2014-03-06 07:41 - 01789440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2014-04-29 18:32 - 2014-03-06 07:36 - 01143808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll ==================== One Month Modified Files and Folders ======= 2014-05-24 10:47 - 2014-05-24 10:47 - 00010901 _____ () C:\Users\buero heuser\Desktop\FRST.txt 2014-05-24 10:47 - 2014-05-14 14:53 - 00000000 ____D () C:\Users\buero heuser\Desktop\Viren_Software 2014-05-24 10:47 - 2014-05-13 10:32 - 00000000 ____D () C:\FRST 2014-05-24 10:46 - 2009-07-14 06:51 - 00087622 _____ () C:\Windows\setupact.log 2014-05-24 10:13 - 2013-04-13 17:11 - 00000000 ____D () C:\ProgramData\Kaspersky Lab 2014-05-24 10:04 - 2009-07-14 06:45 - 00021872 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2014-05-24 10:04 - 2009-07-14 06:45 - 00021872 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2014-05-24 10:02 - 2011-04-12 09:43 - 00699432 _____ () C:\Windows\system32\perfh007.dat 2014-05-24 10:02 - 2011-04-12 09:43 - 00149572 _____ () C:\Windows\system32\perfc007.dat 2014-05-24 10:02 - 2009-07-14 07:13 - 01620684 _____ () C:\Windows\system32\PerfStringBackup.INI 2014-05-24 10:00 - 2013-04-13 16:25 - 01058045 _____ () C:\Windows\WindowsUpdate.log 2014-05-24 09:57 - 2014-05-14 14:27 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2014-05-24 09:56 - 2013-04-13 16:29 - 00000828 _____ () C:\Windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon.job 2014-05-24 09:56 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2014-05-23 17:50 - 2013-09-09 07:44 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job 2014-05-23 15:25 - 2013-04-13 16:29 - 00000830 _____ () C:\Windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d.job 2014-05-23 13:32 - 2013-04-13 16:45 - 00000000 ____D () C:\ProgramData\CSS Group 2014-05-23 11:53 - 2013-04-15 09:48 - 00208380 _____ () C:\fpRedmon.log 2014-05-23 11:53 - 2013-04-15 09:48 - 00000000 ____D () C:\Users\buero heuser\AppData\Local\FreePDF_XP 2014-05-23 10:48 - 2013-04-13 17:28 - 00003982 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{B1158681-E919-4ED9-90B9-D778ACBD906E} 2014-05-23 08:04 - 2009-07-14 07:32 - 00000000 ____D () C:\Windows\system32\FxsTmp 2014-05-22 15:31 - 2014-05-22 15:31 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\61211F08.sys 2014-05-21 07:59 - 2010-11-21 05:47 - 00104186 _____ () C:\Windows\PFRO.log 2014-05-21 07:59 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\Speech 2014-05-16 12:10 - 2014-05-14 14:22 - 02067456 _____ (Farbar) C:\Users\buero heuser\Desktop\FRST64.exe 2014-05-16 11:33 - 2014-05-16 11:41 - 00855379 _____ () C:\Users\buero heuser\Desktop\2SecurityCheck.exe 2014-05-16 11:32 - 2014-05-16 11:41 - 02347384 _____ (ESET) C:\Users\buero heuser\Desktop\1esetsmartinstaller_deu.exe 2014-05-15 13:05 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\rescache 2014-05-15 08:11 - 2014-05-15 08:11 - 00000000 __SHD () C:\Users\buero heuser\AppData\Local\EmieUserList 2014-05-15 08:11 - 2014-05-15 08:11 - 00000000 __SHD () C:\Users\buero heuser\AppData\Local\EmieSiteList 2014-05-15 07:59 - 2013-04-13 16:25 - 00000000 ___RD () C:\Users\buero heuser\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup 2014-05-15 07:59 - 2013-04-13 16:25 - 00000000 ___RD () C:\Users\buero heuser\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools 2014-05-15 07:57 - 2014-05-06 18:31 - 00000000 ___SD () C:\Windows\system32\CompatTel 2014-05-15 07:57 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\PolicyDefinitions 2014-05-14 14:40 - 2014-05-14 14:40 - 00000000 ____D () C:\Windows\ERUNT 2014-05-14 14:40 - 2014-05-14 14:37 - 00000000 ____D () C:\AdwCleaner 2014-05-14 14:27 - 2014-05-14 14:27 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 2014-05-14 14:27 - 2014-05-14 14:27 - 00000000 ____D () C:\ProgramData\Malwarebytes 2014-05-14 14:27 - 2014-05-14 14:27 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 2014-05-14 14:23 - 2014-05-14 14:23 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group 2014-05-14 10:50 - 2014-05-14 10:50 - 17938608 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe 2014-05-14 10:50 - 2013-09-09 07:44 - 00692400 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2014-05-14 10:50 - 2013-09-09 07:44 - 00070832 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2014-05-14 10:50 - 2013-09-09 07:44 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater 2014-05-13 07:51 - 2013-04-15 10:11 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service 2014-05-12 08:46 - 2014-05-12 08:46 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox 2014-05-09 08:14 - 2014-05-14 08:06 - 00477184 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll 2014-05-09 08:11 - 2014-05-14 08:06 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll 2014-05-06 06:40 - 2014-05-14 18:13 - 23544320 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2014-05-06 06:17 - 2014-05-14 18:13 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2014-05-06 05:25 - 2014-05-14 18:13 - 17382912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2014-05-06 05:07 - 2014-05-14 18:13 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb 2014-05-06 05:00 - 2014-05-14 18:13 - 00084992 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll 2014-05-06 04:10 - 2014-05-14 18:13 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll Some content of TEMP: ==================== C:\Users\buero heuser\AppData\Local\Temp\fp_pl_pfs_installer.exe C:\Users\buero heuser\AppData\Local\Temp\NEWB65.tmp.exe C:\Users\buero heuser\AppData\Local\Temp\ose00000.exe C:\Users\buero heuser\AppData\Local\Temp\Quarantine.exe C:\Users\buero heuser\AppData\Local\Temp\setup.exe C:\Users\buero heuser\AppData\Local\Temp\_is1370.exe ==================== Bamital & volsnap Check ================= C:\Windows\System32\winlogon.exe [2014-05-14 08:06] - [2014-03-04 11:43] - 0455168 ____A (Microsoft Corporation) 88AB9B72B4BF3963A0DE0820B4B0B06C C:\Windows\System32\wininit.exe => MD5 is legit C:\Windows\SysWOW64\wininit.exe => MD5 is legit C:\Windows\explorer.exe => MD5 is legit C:\Windows\SysWOW64\explorer.exe => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\SysWOW64\svchost.exe => MD5 is legit C:\Windows\System32\services.exe => MD5 is legit C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\SysWOW64\User32.dll => MD5 is legit C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\SysWOW64\userinit.exe => MD5 is legit C:\Windows\System32\rpcss.dll => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit LastRegBack: 2014-05-19 12:57 ==================== End Of Log ============================ |
|
25.05.2014, 06:34
| #19 |
| /// the machine /// TB-Ausbilder | Email Account gehackt? Mail Delivery PC2: Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster. Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument Code:
ATTFilter GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
das is aber alles nix was nen EMail-Acc klaut oder hackt.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
26.05.2014, 09:49
| #20 |
| | Email Account gehackt? Mail Delivery Ich werde das gleich morgen mal versuchen. Woher kann das denn sonst noch kommen?gibt es noch weitere Möglichkeiten an nen Account ran zu kommen? Wir haben den Mail Account noch auf nem iPhone drauf... Das wäre noch eine meiner letzten Ideen... Kann man mit soetwas zur Polizei gehen und wenn ja was passiert dann? Hier ist die Fixlog.txt: Code:
ATTFilter Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 25-05-2014 02
Ran by Stefan at 2014-05-26 10:38:55 Run:1
Running from C:\Users\Stefan\Desktop
Boot Mode: Normal
==============================================
Content of fixlist:
*****************
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
*****************
C:\Windows\system32\GroupPolicy\Machine => Moved successfully.
C:\Windows\system32\GroupPolicy\GPT.ini => Moved successfully.
The system needed a reboot.
==== End of Fixlog ====
Welche Möglichkeit gibt es sonst noch um den Account sicher zu bekommen? Viele Grüße |
|
27.05.2014, 11:35
| #21 |
| /// the machine /// TB-Ausbilder | Email Account gehackt? Mail Delivery Iphone Email Account löschen, neu anlegen, passwort vom Account wieder erneuern. Die Polizei macht da in der Regel gar nix.
__________________ --> Email Account gehackt? Mail Delivery |
|
27.05.2014, 13:10
| #22 |
| | Email Account gehackt? Mail Delivery Ich habe eine erhaltene Mail mal direkt an unseren Provider weitergeleitet und hier seine Antwort darauf: Code:
ATTFilter offenbar erhalten Sie Spam an Ihre Domain-Adresse. Dieser Spam wird an
Ihre Adresse bei uns weitergeleitet. Unser System erkennt den Spam
jedoch und lehnt die E-Mail ab.
Allerdings setzt Ihr Provider als Absender bzw. "Envelope Sender" bei
der Weiterleitung Ihre eigene Adresse, so dass Sie dort eine Information
über die Unzustellbarkeit erhalten. Diese wird dann wiederum an Ihre
t-online.de-Adresse weitergeleitet.
Technisch gesehen läuft demnach alles so ab, wie es laufen soll, auch
wenn die Meldungen in Ihrem Postfach natürlich ärgerlich sind. Evtl.
deaktivieren Sie die Weiterleitung von Ihrem Domain-Postfach zu Ihrem
t-online.de-Postfach, dann erhalten Sie diese Meldungen nicht mehr.
Mit freundlichen Grüßen
Ihre Telekom
Hier auch mal eine solche Mail Delivery: Code:
ATTFilter This message was created automatically by mail delivery software.
A message that you sent could not be delivered to one or more of
its recipients. This is a permanent error. The following address
failed:
"XXXX@t-online.de":
SMTP error from remote server after transfer of mail text:
host: mx03.t-online.de
5.7.0 Message considered as spam or virus, rejected
5.7.0 Your IP: 212.227.17.24
5.7.0 Mailhost: mailin53.aul.t-online.de
5.7.0 Timestamp: 2014-05-26T16:59:43Z
5.7.0 Expurgate-ID: 149288::1401123583-000014C5-A1C9F507/0-13259352635/0-10
5.7.0 Authenticator: 9BDD3F2C22FF041AA7348F3F14E02FF8A100C7E85CAF1FA4FFA11C9B88C22C2C3F5D51B8
5.7.0
5.7.0 Your message has been rejected due to spam or virus classification.
5.7.0 If you feel this is inapplicable, please report the above error codes
5.7.0 back to FPR@RX.T-ONLINE.DE to help us fix possible misclassification.
5.7.0 We apologize for any inconvenience and thank you for your assistance!
5.7.0
5.7.0 Die Annahme Ihrer Nachricht wurde abgelehnt, da sie als Spam oder
5.7.0 Virus eingestuft wurde. Sollten Sie dies als unzutreffend ansehen,
5.7.0 senden Sie bitte obige Fehlercodes an FPR@RX.T-ONLINE.DE, damit wir
5.7.0 die Klassifizierung untersuchen können. Wir entschuldigen uns für
5.7.0 etwaige Unannehmlichkeiten und bedanken uns für Ihre Unterstützung!
--- The header of the original message is following. ---
Received: from [212.227.17.160] ([212.227.17.160]) by mx.emig.kundenserver.de
(mxeue106) with ESMTP (Nemesis) id 0Ljesy-1WI7Ow1Fou-00bZjD for
<XXXX@t-online.de>; Mon, 26 May 2014 18:59:42 +0200
Received: from trackclick.co ([207.36.91.105]) by mx.emig.kundenserver.de
(mxeue106) with ESMTP (Nemesis) id 0Mgb5j-1XBA3l1Ffr-00O3Lc for
<info@XXXX.de>; Mon, 26 May 2014 18:59:42 +0200
Date: Mon, 26 May 2014 12:59:39 -0400
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=mail1.listclick.co;
s=default; t=1401123579;
bh=JUW6z/W0WUQj+2zzFCs0r4ySyqVK2R/lNCBD3B4gF60=;
h=From:Subject:To:Reply-To:List-ID:List-Unsubscribe;
b=Sa0ZMfM8kh7SPCZveOBbbvejtyn83iXxWTRb2Wsoa9mW5G/Eo+lx2kbOGnKv4vSo6
mDL3lz0dwDHyehjzp+mLJDTiGY6mMGIpTxJoaN3iBBV2vgzRSXqP8YI5Y4eOVJnInF
RtdtDL8zlVItyhjmPlNdFlgdvL9nGH2oEh1cKjGk=
From: Ralf Mueller <returntrack@mail1.listclick.co>
Subject: So erhalten Sie 95% aller Gewinne...nur noch heute
To: info@bueroheuser.de
Sender: returntrack@mail1.listclick.co
Reply-To: "Ralf Mueller" <rallemeuller72@gmail.com>
Precedence: bulk
Content-Type: multipart/alternative; boundary="_----------=_1401123546233690"
List: Firmen2
MIME-Version: 1.0
X-Mailer: liststream Mailer
List-Track: gdel4pia1401123546
List-Encode: c2z3mjv94s3wh75j5hv9o85jh78j5j5h0hkt5j
List-ID: 338
List-Unsubscribe: <unsubscribe@mail1.listclick.co>
X-Bulkmail: 3.12
Message-Id: <20140526165939.B41B71B0EF1@trackclick.co>
Content-Transfer-Encoding: 7bit
 |
|
28.05.2014, 10:53
| #23 |
| /// the machine /// TB-Ausbilder | Email Account gehackt? Mail Delivery Jap, passt. Du musst dir ne Mail wie nen Brief im Briefumschlag vorstellen. Das einzige was deinen Anbieter intressiert ist der Umschlag. Die Adresse, die dort drauf steht, ist die die bestimmt wohin es geht (envelope). Im Umschlag kann dann ein Brief sein adressiert an Max Mustermann, und kommt trotzdem bei dir an. So als Beispiel 
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
28.05.2014, 11:31
| #24 |
| | Email Account gehackt? Mail Delivery Ein ganz großes Dankeschön an dich! Das beruhigt mich jetzt ganz schön, dass soweit alles in Ordnung ist. Aber gelohnt hat es sich wohl auf alle Fälle, denn anscheinend hatten wir ja genügend Malware auf den Rechnern! Vielen Dank für die schnelle und unkomplizierte Hilfe! |
|
29.05.2014, 06:05
| #25 |
| /// the machine /// TB-Ausbilder | Email Account gehackt? Mail Delivery Auf jedem der Rechner bitte: Fertig Die Reihenfolge ist hier entscheidend.
Falls Du Lob oder Kritik abgeben möchtest kannst Du das hier tun Hier noch ein paar Tipps zur Absicherung deines Systems. Ich kann garnicht zu oft erwähnen, wie wichtig es ist, dass dein System Up to Date ist.
Anti- Viren Software
Zusätzlicher Schutz
Sicheres Browsen
Alternative Browser Andere Browser tendieren zu etwas mehr Sicherheit als der IE, da diese keine Active X Elemente verwenden. Diese können von Spyware zur Infektion deines Systems missbraucht werden.
Performance Bereinige regelmäßig deine Temp Files. Ich empfehle hierzu TFC Halte dich fern von jedlichen Registry Cleanern. Diese Schaden deinem System mehr als sie helfen. Hier ein paar ( englishe ) Links Miekemoes Blogspot ( MVP ) Bill Castner ( MVP ) Don'ts
Hinweis: Bitte gib mir eine kurze Rückmeldung wenn alles erledigt ist und keine Fragen mehr vorhanden sind, so das ich diesen Thread aus meinen Abos löschen kann.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
Linear-Darstellung
