| |
| |||||||
Log-Analyse und Auswertung: svchost /User NETZWERKDIENST belegt konstant 50% der CPUWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
01.06.2014, 21:03
| #1 |
 |  svchost /User NETZWERKDIENST belegt konstant 50% der CPU Hallo! An meinem Laptop (Win7 Professional, SP1. 32Bit; Dell Latitude Intel Duo CPU T9600, 2,8GHz, 4GB RAM) belegt der Prozess svchost.exe NETZWERKDIENST relativ konstant 50% der CPU, d.h. er nimmt wohl eine der 2 CPUs voll in Beschlag und in der LAN-Verbindung wird der Zugriff auf das Internet abgeschalt. Win7 kann selbst das Problem nicht lösen. Mit AVIRA habe ich keine Viren weiter feststellen können. Was kann ich tun? MfG Mibo's |
|
01.06.2014, 21:53
| #2 |
| /// the machine /// TB-Ausbilder    | svchost /User NETZWERKDIENST belegt konstant 50% der CPU hi,
__________________Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop:  FRST 32-Bit | FRST 64-Bit(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
__________________ |
|
02.06.2014, 19:34
| #3 |
| | svchost /User NETZWERKDIENST belegt konstant 50% der CPU Hallo Schrauber!
__________________FRST ausgeführt, Logs anbei... Jetzt bin ich aber gespannt! VG MiBo's |
|
03.06.2014, 18:39
| #4 |
| /// the machine /// TB-Ausbilder | svchost /User NETZWERKDIENST belegt konstant 50% der CPU Hi, Logs bitte immer in den Thread posten. Zur Not aufteilen und mehrere Posts nutzen. Ich kann auf Arbeit keine Anhänge öffnen, danke.  So funktioniert es:Posten in CODE-Tags Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert mir massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu gross für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
03.06.2014, 19:09
| #5 |
| | svchost /User NETZWERKDIENST belegt konstant 50% der CPU hi schrauber, sorry, ich bin hier ein absolutes greenhorn... FRST Logfile: FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:01-06-2014 01
Ran by AdminS (administrator) on SABINPC on 02-06-2014 20:15:00
Running from C:\Users\AdminS\Desktop
Platform: Microsoft Windows 7 Professional Service Pack 1 (X86) OS Language: German Standard
Internet Explorer Version 11
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(Microsoft Corporation) C:\Program Files\Microsoft\BingBar\SeaPort.EXE
(Microsoft Corporation) C:\Program Files\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Microsoft Corporation) C:\Program Files\Microsoft LifeCam\MSCamS32.exe
(Microsoft Corporation) C:\Windows\System32\taskmgr.exe
(Microsoft Corporation) C:\Windows\System32\mobsync.exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [] => [X]
HKU\S-1-5-21-2904712871-953101035-2089307719-1000\...\Run: [LaunchList] => C:\Program Files\Pinnacle\Studio 11\LaunchList2.exe [145496 2007-03-21] (Pinnacle Systems)
HKU\S-1-5-21-2904712871-953101035-2089307719-1000\...\Policies\system: [LogonHoursAction] 2
HKU\S-1-5-21-2904712871-953101035-2089307719-1000\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
HKU\S-1-5-21-2904712871-953101035-2089307719-1000\...\MountPoints2: E - E:\AutoRun.exe
HKU\S-1-5-21-2904712871-953101035-2089307719-1000\...\MountPoints2: {49b812f8-d6e2-11e0-aa7b-0026b9a9f046} - C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL E:\index.html
HKU\S-1-5-21-2904712871-953101035-2089307719-1000\...\MountPoints2: {9fbf7e6f-3aff-11e1-8d6f-0026b9a9f046} - E:\AutoRun.exe
Startup: C:\Users\micha\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.2.lnk
ShortcutTarget: OpenOffice.org 3.2.lnk -> C:\Program Files\OpenOffice.org 3\program\quickstart.exe (No File)
Startup: C:\Users\sabin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.2.lnk
ShortcutTarget: OpenOffice.org 3.2.lnk -> C:\Program Files\OpenOffice.org 3\program\quickstart.exe (No File)
Startup: C:\Users\Sofie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.2.lnk
ShortcutTarget: OpenOffice.org 3.2.lnk -> C:\Program Files\OpenOffice.org 3\program\quickstart.exe (No File)
GroupPolicyUsers\S-1-5-21-2904712871-953101035-2089307719-1006\User: Group Policy restriction detected <======= ATTENTION
==================== Internet (Whitelisted) ====================
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKCU - {90300B97-ECFD-407D-8D44-14B273A45DCF} URL = hxxp://de.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=937811&p={searchTerms}
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Skype Browser Helper - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
BHO: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1
FireFox:
========
FF ProfilePath: C:\Users\AdminS\AppData\Roaming\Mozilla\Firefox\Profiles\6uejegd8.default-1397162983529
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_13_0_0_214.dll ()
FF Plugin: @Google.com/GoogleEarthPlugin - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin: @java.com/DTPlugin,version=10.45.2 - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.45.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: Skype Click to Call - C:\Program Files\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2014-04-11]
========================== Services (Whitelisted) =================
R2 c2cautoupdatesvc; C:\Program Files\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390720 2014-04-11] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1764992 2014-04-11] (Microsoft Corporation)
S3 FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [1044816 2011-05-18] (Flexera Software, Inc.)
S2 HOSTS Anti-PUPs; C:\Program Files\Hosts_Anti_Adwares_PUPs\HOSTS_Anti-Adware.exe [285795 2014-05-11] ()
S2 PCLEPCI; C:\Windows\system32\drivers\pclepci.sys [14165 2005-02-09] (Pinnacle Systems GmbH)
==================== Drivers (Whitelisted) ====================
S3 61883; C:\Windows\System32\DRIVERS\61883.sys [46976 2009-07-14] (Microsoft Corporation)
R3 acpials; C:\Windows\System32\DRIVERS\acpials.sys [7680 2009-07-14] (Microsoft Corporation)
R3 MarvinBus; C:\Windows\System32\DRIVERS\MarvinBus.sys [171520 2007-01-04] (Pinnacle Systems GmbH)
S3 MODRC; C:\Windows\System32\DRIVERS\modrc.sys [20032 2009-11-16] (DiBcom S.A.)
S3 Ph3xIB32; C:\Windows\System32\DRIVERS\Ph3xIB32.sys [1311232 2009-07-14] (NXP Semiconductors)
S2 SE4BLPT; C:\Windows\system32\SE4BLPT.SYS [54488 2004-04-26] (Sharp Corporation)
R3 tap0901; C:\Windows\System32\DRIVERS\tap0901.sys [26112 2010-11-08] (The OpenVPN Project)
S3 TTUSB2BDA; C:\Windows\System32\DRIVERS\ttusb2bda.sys [581888 2013-12-24] (TechnoTrend Goerler GmbH)
S3 USB28xxBGA; C:\Windows\System32\DRIVERS\emBDA.sys [217088 2006-02-06] (eMPIA Technology, Inc.)
S3 USB28xxOEM; C:\Windows\System32\DRIVERS\emOEM.sys [17792 2006-02-06] (eMPIA Technology, Inc.)
S3 Afc; system32\drivers\Afc.sys [X]
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2014-06-02 20:15 - 2014-06-02 20:15 - 00008144 _____ () C:\Users\AdminS\Desktop\FRST.txt
2014-06-02 20:14 - 2014-06-02 20:15 - 00000000 ____D () C:\FRST
2014-06-02 19:24 - 2014-06-02 19:22 - 01058304 _____ (Farbar) C:\Users\AdminS\Desktop\FRST.exe
2014-05-30 10:51 - 2014-05-30 10:56 - 00033280 ___SH () C:\Users\Public\Thumbs.db
2014-05-29 23:15 - 2014-05-29 23:15 - 00000000 ____D () C:\aaavirus
2014-05-25 17:43 - 2014-05-25 17:44 - 00000000 ____D () C:\Users\micha\Downloads\KAZ
2014-05-18 21:05 - 2014-05-18 21:05 - 00008704 _____ () C:\Users\micha\Desktop\AG-Zuschuss.xls
2014-05-15 20:47 - 2014-05-06 05:25 - 17382912 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-05-15 20:47 - 2014-05-06 05:07 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-05-15 20:47 - 2014-05-06 04:10 - 00069632 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-05-15 20:10 - 2014-05-09 09:06 - 00369664 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-05-15 20:10 - 2014-05-09 09:04 - 00302592 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-05-15 20:10 - 2014-04-12 04:15 - 00136640 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2014-05-15 20:10 - 2014-04-12 04:15 - 00067520 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2014-05-15 20:10 - 2014-04-12 04:12 - 00100352 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2014-05-15 20:10 - 2014-04-12 04:12 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2014-05-15 20:10 - 2014-04-12 04:12 - 00015872 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2014-05-15 20:10 - 2014-04-12 04:11 - 01059840 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-05-15 20:10 - 2014-04-12 04:11 - 00022528 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2014-05-15 20:10 - 2014-03-04 11:20 - 03969984 _____ (Microsoft Corporation) C:\Windows\system32\ntkrnlpa.exe
2014-05-15 20:10 - 2014-03-04 11:20 - 03914176 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2014-05-15 20:10 - 2014-03-04 11:17 - 00550912 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-05-15 20:10 - 2014-03-04 11:17 - 00538112 _____ (Microsoft Corporation) C:\Windows\system32\objsel.dll
2014-05-15 20:10 - 2014-03-04 11:17 - 00304128 _____ (Microsoft Corporation) C:\Windows\system32\winlogon.exe
2014-05-15 20:10 - 2014-03-04 11:17 - 00293376 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2014-05-15 20:10 - 2014-03-04 11:17 - 00259584 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2014-05-15 20:10 - 2014-03-04 11:17 - 00247808 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2014-05-15 20:10 - 2014-03-04 11:17 - 00172032 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2014-05-15 20:10 - 2014-03-04 11:17 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2014-05-15 20:10 - 2014-03-04 11:17 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\cngprovider.dll
2014-05-15 20:10 - 2014-03-04 11:17 - 00049664 _____ (Microsoft Corporation) C:\Windows\system32\adprovider.dll
2014-05-15 20:10 - 2014-03-04 11:17 - 00048128 _____ (Microsoft Corporation) C:\Windows\system32\capiprovider.dll
2014-05-15 20:10 - 2014-03-04 11:17 - 00047616 _____ (Microsoft Corporation) C:\Windows\system32\dpapiprovider.dll
2014-05-15 20:10 - 2014-03-04 11:17 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\dimsroam.dll
2014-05-15 20:10 - 2014-03-04 11:17 - 00035328 _____ (Microsoft Corporation) C:\Windows\system32\wincredprovider.dll
2014-05-15 20:10 - 2014-03-04 11:17 - 00017408 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2014-05-15 20:09 - 2014-03-25 04:09 - 12874240 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2014-05-11 20:13 - 2014-05-11 20:13 - 00005871 _____ () C:\Users\micha\.recently-used.xbel
2014-05-11 20:07 - 2014-05-11 20:07 - 00000042 _____ () C:\Users\micha\.gtk-bookmarks
2014-05-11 18:19 - 2014-05-11 18:19 - 00000000 __SHD () C:\Users\micha\AppData\Local\EmieUserList
2014-05-11 18:19 - 2014-05-11 18:19 - 00000000 __SHD () C:\Users\micha\AppData\Local\EmieSiteList
2014-05-11 16:38 - 2014-05-11 16:38 - 00001141 _____ () C:\Users\AdminS\Desktop\Desinstaller_HOSTS_Anti-PUPs.lnk
2014-05-11 16:38 - 2014-05-11 16:38 - 00000000 ____D () C:\Program Files\Hosts_Anti_Adwares_PUPs
2014-05-11 16:28 - 2014-05-11 16:36 - 00000000 ____D () C:\AdwCleaner
2014-05-09 21:01 - 2014-05-11 16:01 - 00000063 _____ () C:\Users\AdminS\AppData\Roaming\WB.CFG
2014-05-06 20:40 - 2014-05-16 19:46 - 00000000 ___SD () C:\Windows\system32\CompatTel
==================== One Month Modified Files and Folders =======
2014-06-02 20:15 - 2014-06-02 20:15 - 00008144 _____ () C:\Users\AdminS\Desktop\FRST.txt
2014-06-02 20:15 - 2014-06-02 20:14 - 00000000 ____D () C:\FRST
2014-06-02 20:15 - 2010-12-27 17:00 - 00000000 ____D () C:\Users\AdminS\AppData\Local\Temp
2014-06-02 19:38 - 2009-07-14 06:34 - 00014032 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-06-02 19:38 - 2009-07-14 06:34 - 00014032 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-06-02 19:34 - 2010-12-27 16:47 - 01630220 _____ () C:\Windows\WindowsUpdate.log
2014-06-02 19:22 - 2014-06-02 19:24 - 01058304 _____ (Farbar) C:\Users\AdminS\Desktop\FRST.exe
2014-06-02 19:20 - 2011-03-13 14:50 - 00001094 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-06-02 19:19 - 2011-01-09 15:24 - 00252110 _____ () C:\Windows\PFRO.log
2014-06-02 19:19 - 2009-07-14 06:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-06-02 19:19 - 2009-07-14 06:39 - 00079530 _____ () C:\Windows\setupact.log
2014-06-01 21:47 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\system32\NDF
2014-06-01 21:27 - 2010-12-27 17:59 - 00000000 ____D () C:\Users\micha\AppData\Local\Temp
2014-06-01 21:25 - 2011-03-13 14:50 - 00001098 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-05-30 11:12 - 2009-07-14 04:37 - 00000000 ___RD () C:\Users\Public
2014-05-30 11:10 - 2010-05-11 20:42 - 00000000 ____D () C:\Elster
2014-05-30 10:56 - 2014-05-30 10:51 - 00033280 ___SH () C:\Users\Public\Thumbs.db
2014-05-30 10:50 - 2011-05-26 21:22 - 00000000 ____D () C:\temp
2014-05-29 23:15 - 2014-05-29 23:15 - 00000000 ____D () C:\aaavirus
2014-05-29 21:15 - 2010-12-27 17:16 - 00000000 ____D () C:\ProgramData\Kaspersky Lab
2014-05-29 15:39 - 2010-12-27 17:03 - 01620612 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-05-29 13:13 - 2013-11-02 19:09 - 00000000 ____D () C:\Users\micha\AppData\Roaming\TV-Browser
2014-05-29 13:00 - 2010-12-27 17:08 - 00000000 ____D () C:\Users\sabin\AppData\Local\Temp
2014-05-29 11:57 - 2012-05-30 05:57 - 00000680 __RSH () C:\Users\AdminS\ntuser.pol
2014-05-29 11:57 - 2010-12-27 17:00 - 00000000 ____D () C:\Users\AdminS
2014-05-27 18:39 - 2012-04-10 10:18 - 00692400 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2014-05-27 18:39 - 2011-09-07 09:40 - 00070832 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2014-05-25 17:44 - 2014-05-25 17:43 - 00000000 ____D () C:\Users\micha\Downloads\KAZ
2014-05-25 12:48 - 2012-10-25 19:20 - 00000680 __RSH () C:\Users\sabin\ntuser.pol
2014-05-25 12:48 - 2010-12-27 17:08 - 00000000 ____D () C:\Users\sabin
2014-05-22 15:11 - 2012-12-02 13:00 - 00000000 ____D () C:\Users\Sofie\AppData\Local\Temp
2014-05-22 15:06 - 2012-12-02 13:00 - 00000680 __RSH () C:\Users\Sofie\ntuser.pol
2014-05-22 15:06 - 2012-12-02 13:00 - 00000000 ____D () C:\Users\Sofie
2014-05-18 21:05 - 2014-05-18 21:05 - 00008704 _____ () C:\Users\micha\Desktop\AG-Zuschuss.xls
2014-05-16 20:40 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\rescache
2014-05-16 20:00 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\Microsoft.NET
2014-05-16 19:50 - 2012-05-30 06:04 - 00000680 __RSH () C:\Users\micha\ntuser.pol
2014-05-16 19:50 - 2010-12-27 17:59 - 00000000 ____D () C:\Users\micha
2014-05-16 19:46 - 2014-05-06 20:40 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-05-16 19:45 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\system32\de-DE
2014-05-15 20:52 - 2013-10-06 17:16 - 00000000 ____D () C:\Windows\system32\MRT
2014-05-15 20:49 - 2011-01-30 11:30 - 90547776 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-05-11 20:30 - 2011-02-13 10:22 - 00000000 ____D () C:\Users\micha\Documents\mibosoft
2014-05-11 20:14 - 2011-01-09 14:05 - 00000000 ____D () C:\Users\micha\.gimp-2.6
2014-05-11 20:13 - 2014-05-11 20:13 - 00005871 _____ () C:\Users\micha\.recently-used.xbel
2014-05-11 20:13 - 2011-01-17 20:07 - 00000000 ____D () C:\Users\micha\AppData\Roaming\gtk-2.0
2014-05-11 20:07 - 2014-05-11 20:07 - 00000042 _____ () C:\Users\micha\.gtk-bookmarks
2014-05-11 18:19 - 2014-05-11 18:19 - 00000000 __SHD () C:\Users\micha\AppData\Local\EmieUserList
2014-05-11 18:19 - 2014-05-11 18:19 - 00000000 __SHD () C:\Users\micha\AppData\Local\EmieSiteList
2014-05-11 16:55 - 2012-02-19 18:41 - 00000085 _____ () C:\Users\micha\Documents\adac.txt
2014-05-11 16:38 - 2014-05-11 16:38 - 00001141 _____ () C:\Users\AdminS\Desktop\Desinstaller_HOSTS_Anti-PUPs.lnk
2014-05-11 16:38 - 2014-05-11 16:38 - 00000000 ____D () C:\Program Files\Hosts_Anti_Adwares_PUPs
2014-05-11 16:36 - 2014-05-11 16:28 - 00000000 ____D () C:\AdwCleaner
2014-05-11 16:01 - 2014-05-09 21:01 - 00000063 _____ () C:\Users\AdminS\AppData\Roaming\WB.CFG
2014-05-09 20:34 - 2013-12-30 17:01 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-05-09 09:06 - 2014-05-15 20:10 - 00369664 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-05-09 09:04 - 2014-05-15 20:10 - 00302592 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-05-06 05:25 - 2014-05-15 20:47 - 17382912 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-05-06 05:07 - 2014-05-15 20:47 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-05-06 04:10 - 2014-05-15 20:47 - 00069632 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
Some content of TEMP:
====================
C:\Users\AdminS\AppData\Local\Temp\12264uninstall.exe
C:\Users\AdminS\AppData\Local\Temp\20038uninstall.exe
C:\Users\AdminS\AppData\Local\Temp\34309uninstall.exe
C:\Users\AdminS\AppData\Local\Temp\50601uninstall.exe
C:\Users\AdminS\AppData\Local\Temp\52826uninstall.exe
C:\Users\AdminS\AppData\Local\Temp\6423uninstall.exe
C:\Users\AdminS\AppData\Local\Temp\71061uninstall.exe
C:\Users\AdminS\AppData\Local\Temp\72063uninstall.exe
C:\Users\AdminS\AppData\Local\Temp\AcDeltree.exe
C:\Users\AdminS\AppData\Local\Temp\avgnt.exe
C:\Users\AdminS\AppData\Local\Temp\BackupSetup.exe
C:\Users\AdminS\AppData\Local\Temp\BingBarSetup-Partner.exe
C:\Users\AdminS\AppData\Local\Temp\DataCard_Setup.exe
C:\Users\AdminS\AppData\Local\Temp\FNP_ACT_InstallerCA.dll
C:\Users\AdminS\AppData\Local\Temp\ICReinstall_ImageEditorSetup.exe
C:\Users\AdminS\AppData\Local\Temp\Install_HOSTS_Anti-Adware.exe
C:\Users\AdminS\AppData\Local\Temp\jre-6u26-windows-i586-iftw-rv.exe
C:\Users\AdminS\AppData\Local\Temp\jre-7u45-windows-i586-iftw.exe
C:\Users\AdminS\AppData\Local\Temp\ResetDevice.exe
C:\Users\AdminS\AppData\Local\Temp\Sqlite3.dll
C:\Users\AdminS\AppData\Local\Temp\vcredist_x86.exe
C:\Users\AdminS\AppData\Local\Temp\_isA034.exe
C:\Users\micha\AppData\Local\Temp\avgnt.exe
C:\Users\micha\AppData\Local\Temp\contentDATs.exe
C:\Users\micha\AppData\Local\Temp\SecurityScan_Release.exe
C:\Users\sabin\AppData\Local\Temp\contentDATs.exe
C:\Users\sabin\AppData\Local\Temp\FNP_ACT_InstallerCA.dll
==================== Bamital & volsnap Check =================
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\system32\winlogon.exe => MD5 is legit
C:\Windows\system32\wininit.exe => MD5 is legit
C:\Windows\system32\svchost.exe => MD5 is legit
C:\Windows\system32\services.exe => MD5 is legit
C:\Windows\system32\User32.dll => MD5 is legit
C:\Windows\system32\userinit.exe => MD5 is legit
C:\Windows\system32\rpcss.dll => MD5 is legit
C:\Windows\system32\Drivers\volsnap.sys => MD5 is legit
LastRegBack: 2014-05-19 20:18
==================== End Of Log ============================
--- --- --- --- --- --- Addition: Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x86) Version:01-06-2014 01
Ran by AdminS at 2014-06-02 20:15:28
Running from C:\Users\AdminS\Desktop
Boot Mode: Normal
==========================================================
==================== Security Center ========================
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installed Programs ======================
7-Zip 9.20 (HKLM\...\7-Zip) (Version: - )
Able RAWer 1.4.16.0 (HKLM\...\Able RAWer_is1) (Version: 1.4.16.0 - GraphicRegion.com)
AC3Filter 1.63b (HKLM\...\AC3Filter_is1) (Version: 1.63b - Alexander Vigovsky)
Adobe Flash Player 12 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 12.0.0.70 - Adobe Systems Incorporated)
Adobe Flash Player 13 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 13.0.0.214 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.06) - Deutsch (HKLM\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.06 - Adobe Systems Incorporated)
ALL-INKL WebDisk v0.1.5 (HKLM\...\{F968F939-1B50-4AD7-A910-8647EFC2935B}) (Version: 0.1.5 - ALL-INKL.COM)
Bing Bar (HKLM\...\{16D0F2D2-242C-4885-BEF1-4B1655C141AE}) (Version: 7.0.822.0 - Microsoft Corporation)
Cinergy DT USB XS Diversity (MKII) V3.12.00.00a (HKLM\...\Cinergy DT USB XS Diversity (MKII)) (Version: 3.12.00.00a - )
Cinergy T-Stick V8.08.18.01 (HKLM\...\Cinergy T-Stick) (Version: 8.08.18.01 - )
DVBViewer Pro (HKLM\...\DVBViewer Pro_is1) (Version: 4.9.6.0 - CM&V)
DVBViewer Pro DEMO (HKLM\...\DVBViewer Pro Demo_is1) (Version: 4.8.1 - CM&V)
DVBViewer Recording Properties (HKLM\...\{F30F4040-D69D-4055-81AD-D08BF8138FD0}_is1) (Version: 1.0.0.0 - CM&V)
ElsterFormular (HKLM\...\ElsterFormular 13.1.1.8531u) (Version: 15.1.13904 - Landesfinanzdirektion Thüringen)
FileZilla Client 3.6.0.2 (HKLM\...\FileZilla Client) (Version: 3.6.0.2 - FileZilla Project)
Free Studio version 5.4.8 (HKLM\...\Free Studio_is1) (Version: 5.4.8 - DVDVideoSoft Ltd.)
Free YouTube Download version 3.0.19.1206 (HKLM\...\Free YouTube Download_is1) (Version: - DVDVideoSoft Ltd.)
FreeMind (HKLM\...\B991B020-2968-11D8-AF23-444553540000_is1) (Version: 0.9.0 - )
FreePDF XP (Remove only) (HKLM\...\FreePDF_XP) (Version: - )
GIMP 2.6.11 (HKLM\...\WinGimp-2.0_is1) (Version: 2.6.11 - The GIMP Team)
Google Earth Plug-in (HKLM\...\{4AB54F11-2F8C-11E3-B09F-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Update Helper (Version: 1.3.24.7 - Google Inc.) Hidden
GPL Ghostscript 9.00 (HKLM\...\GPL Ghostscript 9.00) (Version: - )
Image Editor Packages (HKCU\...\Image Editor Packages) (Version: - ) <==== ATTENTION
Java 7 Update 45 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83217025FF}) (Version: 7.0.450 - Oracle)
Java Auto Updater (Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden
Java(TM) 6 Update 26 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83216022FF}) (Version: 6.0.260 - Oracle)
LAV Filters 0.50.1 (HKLM\...\lavfilters_is1) (Version: 0.50.1 - )
LTplus architektur (HKLM\...\{FAA933B5-F74F-4841-AA49-9735D6DD4256}_is1) (Version: - ArchitektenInitiative e.V.)
Microsoft .NET Framework 4.5.1 (DEU) (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Corporation (Version: 9.1.0.0 - Microsoft Corporation) Hidden
Microsoft LifeCam (HKLM\...\{BD71B413-9FEE-49BB-A6D1-2C0BFB99BDFE}) (Version: 3.60.253.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM\...\{6AFCA4E1-9B78-3640-8F72-A7BF33448200}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 (HKLM\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)
Mozilla Firefox 29.0.1 (x86 de) (HKLM\...\Mozilla Firefox 29.0.1 (x86 de)) (Version: 29.0.1 - Mozilla)
Mozilla Thunderbird (2.0.0.18) (HKLM\...\Mozilla Thunderbird (2.0.0.18)) (Version: 2.0.0.18 (de) - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Nvu 1.0 (HKLM\...\Nvu_is1) (Version: 1.0 - Thorsten Fritz)
o2 Surf Box mini (HKLM\...\{3EAAC5FD-E209-4856-8C49-D4EA40F85032}) (Version: 1.00.0000 - o2)
OpenOffice 4.0.1 (HKLM\...\{0AEC308E-7EB3-47F7-BB59-F2C9C6166B27}) (Version: 4.01.9714 - Apache Software Foundation)
Pinnacle Instant DVD Recorder (HKLM\...\{EF781A5C-58F5-4BFD-87F9-E4F14D382F25}) (Version: 2.00.088 - )
RedMon - Redirection Port Monitor (HKLM\...\Redirection Port Monitor) (Version: - )
Roxio Creator Audio (Version: 3.7.0 - Roxio) Hidden
Roxio Creator Copy (Version: 3.7.0 - Roxio) Hidden
Roxio Creator Data (Version: 3.7.0 - Roxio) Hidden
Roxio Creator DE 10.3 (HKLM\...\{09760D42-E223-42AD-8C3E-55B47D0DDAC3}) (Version: 10.3 - Roxio)
Roxio Creator DE 10.3 (Version: 3.7.0 - Roxio) Hidden
Roxio Creator Tools (Version: 3.7.0 - Roxio) Hidden
Roxio Express Labeler 3 (Version: 3.2.2 - Roxio) Hidden
Roxio Update Manager (Version: 6.0.0 - Roxio) Hidden
SHARP AR-M160/M200 Series Type B MFP Driver (HKLM\...\SHARP AR-M160 M200 Series Type B MFP Driver) (Version: 1.00.000 - SHARP)
Skype Click to Call (HKLM\...\{BB285C9F-C821-4770-8970-56C4AB52C87E}) (Version: 7.2.15747.10003 - Microsoft Corporation)
Skype™ 5.9 (HKLM\...\{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}) (Version: 5.9.115 - Skype Technologies S.A.)
StreamTransport version: 1.0.2.2171 (HKLM\...\{FA0BBB87-91A1-4BFD-9005-EB058BBA0E14}_is1) (Version: - )
Studio 11 (HKLM\...\{110B1ADF-2EAE-4E8F-B501-D2A1E6D8ED9D}) (Version: 11.0 - Pinnacle Systems)
Studio 11 (Version: 11.0.0.0 - Pinnacle Systems) Hidden
Technotrend Viewer (HKLM\...\TT-Viewer_is1) (Version: - CM&V)
TinyPDF 2.0 (HKLM\...\TinyPDF_is1) (Version: 2.0.2600.2000 - Real Software Solutions, Inc.)
TV-Browser 3.3.2 (HKLM\...\tvbrowser) (Version: 3.3.2 - TV-Browser Team)
VBA (2627.01) (Version: 6.03.00.9402 - Microsoft Corporation) Hidden
VBA (2701.01) (Version: 6.03.00.9402 - Microsoft Corporation) Hidden
Yahoo! Desktop Login (Version: 1.00.0001 - Pinnacle Systems) Hidden
YouTube Downloader Toolbar v5.8 (HKLM\...\{2AEC19D2-037B-4099-9AE0-267CAD0B522C}) (Version: 5.8 - Spigot, Inc.)
YTD Video Downloader 4.7 (HKLM\...\{1a413f37-ed88-4fec-9666-5c48dc4b7bb7}) (Version: 4.7 - GreenTree Applications SRL)
==================== Restore Points =========================
==================== Hosts content: ==========================
2009-07-14 04:04 - 2014-05-27 20:04 - 06997232 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 08sr.combineads.info # hosts anti-adware / pups
127.0.0.1 08srvr.combineads.info # hosts anti-adware / pups
127.0.0.1 12srvr.combineads.info # hosts anti-adware / pups
127.0.0.1 2010-fr.com # hosts anti-adware / pups
127.0.0.1 2012-new.biz # hosts anti-adware / pups
127.0.0.1 212link.com # hosts anti-adware / pups
127.0.0.1 2319825.ourtoolbar.com # hosts anti-adware / pups
127.0.0.1 24h00business.com # hosts anti-adware / pups
127.0.0.1 a.adorika.net # hosts anti-adware / pups
127.0.0.1 a.ad-sys.com # hosts anti-adware / pups
127.0.0.1 a.daasafterdusk.com # hosts anti-adware / pups
127.0.0.1 ad.adn360.com # hosts anti-adware / pups
127.0.0.1 adcash.com # hosts anti-adware / pups
127.0.0.1 adeartss.eu # hosts anti-adware / pups
127.0.0.1 adesoeasy.eu # hosts anti-adware / pups
127.0.0.1 adf.girldatesforfree.net # hosts anti-adware / pups
127.0.0.1 adm.soft365.com # hosts anti-adware / pups
127.0.0.1 adomicileavail.googlepages.com # hosts anti-adware / pups
127.0.0.1 ads7.complexadveising.com # hosts anti-adware / pups
127.0.0.1 ads.adplxmd.com # hosts anti-adware / pups
127.0.0.1 ads.aff.co # hosts anti-adware / pups
127.0.0.1 ads.alpha00001.com # hosts anti-adware / pups
127.0.0.1 ads.cloud4ads.com # hosts anti-adware / pups
127.0.0.1 ads.egdating.net # hosts anti-adware / pups
127.0.0.1 ads.eorezo.com # hosts anti-adware / pups
127.0.0.1 ads.hooqy.com # hosts anti-adware / pups
127.0.0.1 ads.pornerbros.com # hosts anti-adware / pups
127.0.0.1 ads.realken.com # hosts anti-adware / pups
127.0.0.1 ads.regiedepub.com # hosts anti-adware / pups
There are 1000 more lines.
==================== Scheduled Tasks (whitelisted) =============
Task: {21A3AE9A-485E-42E7-AFDF-F31E36D941E6} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2011-03-13] (Google Inc.)
Task: {4230F764-5BF2-40D5-BF83-57392695FC73} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2014-05-27] (Adobe Systems Incorporated)
Task: {BAFD08C1-2D74-4952-9F4D-882413BD37FF} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2011-03-13] (Google Inc.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
==================== Loaded Modules (whitelisted) =============
2011-01-09 14:57 - 2008-02-25 23:23 - 00116224 _____ () C:\Windows\System32\redmonnt.dll
2012-11-29 23:59 - 2012-11-29 23:59 - 00093696 _____ () C:\Program Files\FileZilla FTP Client\fzshellext.dll
==================== Alternate Data Streams (whitelisted) =========
AlternateDataStreams: C:\ProgramData:$SS_DESCRIPTOR_LBP6VPVFLVGVVFB84LTSUTB92PFNPC7BPV4XFJDMNGTFB5V5NBJ5TBBJMT9Y0N96GMP3V0GRUEF39X8XHH0TCFUL44FTBX4MLSWPBXRTF6VEKLFEJK35PNX0WHNGT9LSVEVF1VTVVTVXVVD
AlternateDataStreams: C:\Users\All Users:$SS_DESCRIPTOR_LBP6VPVFLVGVVFB84LTSUTB92PFNPC7BPV4XFJDMNGTFB5V5NBJ5TBBJMT9Y0N96GMP3V0GRUEF39X8XHH0TCFUL44FTBX4MLSWPBXRTF6VEKLFEJK35PNX0WHNGT9LSVEVF1VTVVTVXVVD
AlternateDataStreams: C:\ProgramData\Anwendungsdaten:$SS_DESCRIPTOR_LBP6VPVFLVGVVFB84LTSUTB92PFNPC7BPV4XFJDMNGTFB5V5NBJ5TBBJMT9Y0N96GMP3V0GRUEF39X8XHH0TCFUL44FTBX4MLSWPBXRTF6VEKLFEJK35PNX0WHNGT9LSVEVF1VTVVTVXVVD
AlternateDataStreams: C:\ProgramData\Application Data:$SS_DESCRIPTOR_LBP6VPVFLVGVVFB84LTSUTB92PFNPC7BPV4XFJDMNGTFB5V5NBJ5TBBJMT9Y0N96GMP3V0GRUEF39X8XHH0TCFUL44FTBX4MLSWPBXRTF6VEKLFEJK35PNX0WHNGT9LSVEVF1VTVVTVXVVD
==================== Safe Mode (whitelisted) ===================
==================== EXE Association (whitelisted) =============
==================== Disabled items from MSCONFIG ==============
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: FreePDF Assistant => C:\Program Files\FreePDF_XP\fpassist.exe
MSCONFIG\startupreg: HOSTS Anti-Adware_PUPs => C:\Program Files\Hosts_Anti_Adwares_PUPs\HOSTS_Anti-Adware_main.exe
MSCONFIG\startupreg: LifeCam => "C:\Program Files\Microsoft LifeCam\LifeExp.exe"
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
==================== Faulty Device Manager Devices =============
Name: CD-ROM-Laufwerk
Description: CD-ROM-Laufwerk
Class Guid: {4d36e965-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standard-CD-ROM-Laufwerke)
Service: cdrom
Problem: : Windows cannot load the device driver for this hardware. The driver may be corrupted or missing. (Code 39)
Resolution: Reasons for this error include a driver that is not present; a binary file that is corrupt; a file I/O problem, or a driver that references an entry point in another binary file that could not be loaded.
Uninstall the driver, and then click "Scan for hardware changes" to reinstall or upgrade the driver.
Name: Broadcom USH
Description: Broadcom USH
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
Name: Basissystemgerät
Description: Basissystemgerät
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
==================== Event log errors: =========================
Application errors:
==================
Error: (06/02/2014 07:51:30 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm FRST.exe, Version 1.6.2014.1 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.
Prozess-ID: 328
Startzeit: 01cf7e8af84f8f9f
Endzeit: 16
Anwendungspfad: C:\Users\AdminS\Desktop\FRST.exe
Berichts-ID: 82e42ffb-ea7e-11e3-a4ea-0026b9a9f046
Error: (06/02/2014 07:49:05 PM) (Source: SideBySide) (EventID: 59) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "1". Fehler in Manifest- oder Richtliniendatei "2" in Zeile 3.
Ungültige XML-Syntax.
Error: (06/02/2014 07:24:10 PM) (Source: SideBySide) (EventID: 59) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "1". Fehler in Manifest- oder Richtliniendatei "2" in Zeile 3.
Ungültige XML-Syntax.
Error: (06/01/2014 10:04:56 PM) (Source: SideBySide) (EventID: 59) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "1". Fehler in Manifest- oder Richtliniendatei "2" in Zeile 3.
Ungültige XML-Syntax.
Error: (05/30/2014 11:12:01 AM) (Source: SideBySide) (EventID: 59) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "1". Fehler in Manifest- oder Richtliniendatei "2" in Zeile 3.
Ungültige XML-Syntax.
Error: (05/30/2014 10:59:46 AM) (Source: SideBySide) (EventID: 59) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "1". Fehler in Manifest- oder Richtliniendatei "2" in Zeile 3.
Ungültige XML-Syntax.
Error: (05/30/2014 10:59:46 AM) (Source: SideBySide) (EventID: 59) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "1". Fehler in Manifest- oder Richtliniendatei "2" in Zeile 3.
Ungültige XML-Syntax.
Error: (05/30/2014 10:59:39 AM) (Source: SideBySide) (EventID: 59) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "1". Fehler in Manifest- oder Richtliniendatei "2" in Zeile 3.
Ungültige XML-Syntax.
Error: (05/29/2014 04:15:29 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm Explorer.EXE, Version 6.1.7601.17567 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.
Prozess-ID: e58
Startzeit: 01cf7b3611c3d502
Endzeit: 31
Anwendungspfad: C:\Windows\Explorer.EXE
Berichts-ID: 9e3f7a4c-e73b-11e3-be11-0026b9a9f046
Error: (03/12/2014 10:42:54 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: firefox.exe, Version: 27.0.1.5156, Zeitstempel: 0x52fc0faa
Name des fehlerhaften Moduls: xul.dll, Version: 27.0.1.5156, Zeitstempel: 0x52fc0f79
Ausnahmecode: 0xc0000005
Fehleroffset: 0x001560c7
ID des fehlerhaften Prozesses: 0x5e0
Startzeit der fehlerhaften Anwendung: 0xfirefox.exe0
Pfad der fehlerhaften Anwendung: firefox.exe1
Pfad des fehlerhaften Moduls: firefox.exe2
Berichtskennung: firefox.exe3
System errors:
=============
Error: (06/02/2014 08:15:24 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung von Dienst Dnscache erreicht.
Error: (06/02/2014 08:04:18 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung von Dienst Dnscache erreicht.
Error: (06/02/2014 08:03:48 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung von Dienst Dnscache erreicht.
Error: (06/02/2014 07:53:44 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung von Dienst Dnscache erreicht.
Error: (06/02/2014 07:53:14 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung von Dienst LanmanWorkstation erreicht.
Error: (06/02/2014 07:52:44 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung von Dienst Dnscache erreicht.
Error: (06/02/2014 07:52:14 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung von Dienst Dnscache erreicht.
Error: (06/02/2014 07:51:44 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung von Dienst LanmanWorkstation erreicht.
Error: (06/02/2014 07:51:14 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung von Dienst Dnscache erreicht.
Error: (06/02/2014 07:50:44 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung von Dienst Dnscache erreicht.
Microsoft Office Sessions:
=========================
Error: (06/02/2014 07:51:30 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: FRST.exe1.6.2014.132801cf7e8af84f8f9f16C:\Users\AdminS\Desktop\FRST.exe82e42ffb-ea7e-11e3-a4ea-0026b9a9f046
Error: (06/02/2014 07:49:05 PM) (Source: SideBySide) (EventID: 59) (User: )
Description: D:\rescue-system.exeD:\rescue-system.exe0
Error: (06/02/2014 07:24:10 PM) (Source: SideBySide) (EventID: 59) (User: )
Description: D:\rescue-system.exeD:\rescue-system.exe0
Error: (06/01/2014 10:04:56 PM) (Source: SideBySide) (EventID: 59) (User: )
Description: D:\rescue-system.exeD:\rescue-system.exe0
Error: (05/30/2014 11:12:01 AM) (Source: SideBySide) (EventID: 59) (User: )
Description: D:\rescue-system.exeD:\rescue-system.exe0
Error: (05/30/2014 10:59:46 AM) (Source: SideBySide) (EventID: 59) (User: )
Description: D:\rescue-system.exeD:\rescue-system.exe0
Error: (05/30/2014 10:59:46 AM) (Source: SideBySide) (EventID: 59) (User: )
Description: D:\rescue-system.exeD:\rescue-system.exe0
Error: (05/30/2014 10:59:39 AM) (Source: SideBySide) (EventID: 59) (User: )
Description: D:\rescue-system.exeD:\rescue-system.exe0
Error: (05/29/2014 04:15:29 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Explorer.EXE6.1.7601.17567e5801cf7b3611c3d50231C:\Windows\Explorer.EXE9e3f7a4c-e73b-11e3-be11-0026b9a9f046
Error: (03/12/2014 10:42:54 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: firefox.exe27.0.1.515652fc0faaxul.dll27.0.1.515652fc0f79c0000005001560c75e001cf3dc4c36e2739C:\Program Files\Mozilla Firefox\firefox.exeC:\Program Files\Mozilla Firefox\xul.dll4d018cca-a9c2-11e3-a30c-0026b9a9f046
CodeIntegrity Errors:
===================================
Date: 2014-05-25 15:04:32.651
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2014-05-25 15:04:32.651
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2014-05-25 15:04:32.651
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2014-05-25 15:04:32.635
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2014-05-25 15:04:32.620
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2014-05-25 15:04:32.620
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2014-05-25 15:04:32.604
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\KLELAMX86\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2014-05-25 15:04:32.604
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\KLELAMX86\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2014-05-25 15:04:32.588
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\KLELAMX86\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2014-05-25 15:04:32.557
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\KLELAMX86\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
==================== Memory info ===========================
Percentage of memory in use: 23%
Total physical RAM: 3535.9 MB
Available physical RAM: 2707.71 MB
Total Pagefile: 7070.09 MB
Available Pagefile: 6204.99 MB
Total Virtual: 2047.88 MB
Available Virtual: 1811 MB
==================== Drives ================================
Drive c: (OS) (Fixed) (Total:148.02 GB) (Free:14.06 GB) NTFS
Drive d: (USB DISK) (Removable) (Total:3.77 GB) (Free:2.27 GB) FAT32
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 149 GB) (Disk ID: D0000000)
Partition 1: (Not Active) - (Size=298 MB) - (Type=DE)
Partition 2: (Active) - (Size=750 MB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=148 GB) - (Type=07 NTFS)
========================================================
Disk: 1 (MBR Code: Windows XP) (Size: 4 GB) (Disk ID: 633D24A1)
Partition 1: (Active) - (Size=4 GB) - (Type=0C)
==================== End Of Log ============================
|
|
04.06.2014, 18:27
| #6 |
| /// the machine /// TB-Ausbilder | svchost /User NETZWERKDIENST belegt konstant 50% der CPU Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster. Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument Code:
ATTFilter GroupPolicyUsers\S-1-5-21-2904712871-953101035-2089307719-1006\User: Group Policy restriction detected <======= ATTENTION
Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
Adware & Co. deinstallieren
Solltest Du ein Programm nicht finden oder nicht deinstallieren können, mache bitte mit dem nächsten Schritt weiter: Scan mit Combofix
__________________ --> svchost /User NETZWERKDIENST belegt konstant 50% der CPU |
|
04.06.2014, 20:10
| #7 |
| | svchost /User NETZWERKDIENST belegt konstant 50% der CPU Hi schrauber! Fixlog: Code:
ATTFilter Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version:01-06-2014 01
Ran by AdminS at 2014-06-04 19:49:45 Run:1
Running from C:\Users\AdminS\Desktop
Boot Mode: Normal
==============================================
Content of fixlist:
*****************
GroupPolicyUsers\S-1-5-21-2904712871-953101035-2089307719-1006\User: Group Policy restriction detected <======= ATTENTION
*****************
C:\Windows\system32\GroupPolicyUsers\S-1-5-21-2904712871-953101035-2089307719-1006\User => Moved successfully.
C:\Windows\system32\GroupPolicy\GPT.ini => Moved successfully.
The system needed a reboot.
==== End of Fixlog ====
Image Editor Packages was ich dann m.E. erfolgreich deinstallieren konnte. Ich habe den Rechner runter und wieder hochgefahren, aber es hat sich erstmal nichts geändert. Nachwievor 50% CPU durch svchost.exe/NETZWERKDIENST, kein Internetzugriff. Zuerst habe ich beim Icon für die Internetverbindung (in der Taskleiste/Mini icon) ewig den Kringel (als ob er keine IP-Adresse bekäme, dann recht lange dieses gelbe Dreieck mit dem Hinweis "Netzwerk2 kein Internetzugriff" (was Windows nicht asl Problem beheben kann), dann stellt das Windows irgendwann um auf "Netzwerk2 Internetzugriff", aber mein Kaspersky kann keine Verbindung zum Server bekommen, um die Kasperskydatenbank zu aktualisieren. Auf einmal ist der svchost.exe/Netzwerkdienst weg, der Leerlaufprozess schießt in die Höhe und Kasperky bekommt auch die Verbindung mit dem Server und läd jetzt die Updates runter. Beim Neustart geht es wieder von vorne los: svchost.exe/Netzwerkdienst schlägt wieder zu.... Was kann ich als nächstes tun? VG, Mibo's |
|
05.06.2014, 19:16
| #8 |
| /// the machine /// TB-Ausbilder | svchost /User NETZWERKDIENST belegt konstant 50% der CPU vielleicht den Rest der Anleitung abarbeiten? 
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
06.06.2014, 04:00
| #9 |
| | svchost /User NETZWERKDIENST belegt konstant 50% der CPU Hi schrauber! Du hattest geschrieben: "Solltest Du ein Programm nicht finden oder nicht deinstallieren können, mache bitte mit dem nächsten Schritt weiter:" - war nicht der Fall, das eine Programm konnte ich finden und deinstallieren.... aber ok, dann mache ich mit Combofix weiter.. Es gab keine Meldungen/Vorkommnisse. Hier das Log: Code:
ATTFilter ComboFix 14-06-04.01 - AdminS 05.06.2014 21:36:27.1.2 - x86
Microsoft Windows 7 Professional 6.1.7601.1.1252.49.1031.18.3536.2684 [GMT 2:00]
ausgeführt von:: D:\ComboFix.exe
AV: Kaspersky Internet Security *Disabled/Updated* {179979E8-273D-D14E-0543-2861940E4886}
FW: Kaspersky Internet Security *Disabled* {2FA2F8CD-6D52-D016-2E1C-81546ADD0FFD}
SP: Kaspersky Internet Security *Disabled/Updated* {ACF8980C-0107-DEC0-3FF3-1313EF89023B}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((( Dateien erstellt von 2014-05-05 bis 2014-06-05 ))))))))))))))))))))))))))))))
.
.
2014-06-05 19:42 . 2014-06-05 19:42 -------- d-----w- c:\users\Sofie\AppData\Local\temp
2014-06-05 19:42 . 2014-06-05 19:42 -------- d-----w- c:\users\sabin\AppData\Local\temp
2014-06-05 19:42 . 2014-06-05 19:42 -------- d-----w- c:\users\Default\AppData\Local\temp
2014-06-05 19:42 . 2014-06-05 19:42 -------- d-----w- c:\users\micha\AppData\Local\temp
2014-06-05 19:42 . 2014-06-05 19:42 -------- d-----w- c:\users\maya\AppData\Local\temp
2014-06-04 18:31 . 2014-04-30 23:37 8073384 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{675D68D6-7C18-4B76-B07E-8B4C0BAA4FCA}\mpengine.dll
2014-06-04 17:58 . 2014-06-04 17:58 -------- d-----w- c:\program files\VS Revo Group
2014-06-02 19:03 . 2014-06-02 19:03 -------- d-----w- c:\windows\ELAMBKUP
2014-06-02 19:03 . 2014-06-02 19:03 -------- d-----w- c:\program files\Kaspersky Lab
2014-06-02 19:03 . 2014-06-04 18:38 94304 ----a-w- c:\windows\system32\drivers\klflt.sys
2014-06-02 18:14 . 2014-06-04 17:49 -------- d-----w- C:\FRST
2014-05-29 21:15 . 2014-05-29 21:15 -------- d-----w- C:\aaavirus
2014-05-15 18:47 . 2014-05-06 03:07 2724864 ----a-w- c:\windows\system32\mshtml.tlb
2014-05-11 16:19 . 2014-05-11 16:19 -------- d-sh--w- c:\users\micha\AppData\Local\EmieUserList
2014-05-11 16:19 . 2014-05-11 16:19 -------- d-sh--w- c:\users\micha\AppData\Local\EmieSiteList
2014-05-11 14:38 . 2014-05-11 14:38 -------- d-----w- c:\program files\Hosts_Anti_Adwares_PUPs
2014-05-11 14:28 . 2014-05-11 14:36 -------- d-----w- C:\AdwCleaner
2014-05-09 18:34 . 2014-05-09 18:34 965232 ----a-w- c:\program files\Mozilla Firefox\icuuc52.dll
2014-05-09 18:34 . 2014-05-09 18:34 1266800 ----a-w- c:\program files\Mozilla Firefox\icuin52.dll
2014-05-09 18:34 . 2014-05-09 18:34 10594416 ----a-w- c:\program files\Mozilla Firefox\icudt52.dll
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-06-04 18:38 . 2013-10-17 13:47 25184 ----a-w- c:\windows\system32\drivers\klkbdflt.sys
2014-06-04 18:38 . 2013-06-06 15:38 144992 ----a-w- c:\windows\system32\drivers\kneps.sys
2014-06-04 18:38 . 2013-10-17 13:47 135776 ----a-w- c:\windows\system32\drivers\kl1.sys
2014-05-27 16:39 . 2012-04-10 08:18 692400 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2014-05-27 16:39 . 2011-09-07 07:40 70832 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2014-03-31 07:35 . 2010-12-27 16:14 231584 ------w- c:\windows\system32\MpSigStub.exe
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LaunchList"="c:\program files\Pinnacle\Studio 11\LaunchList2.exe" [2007-03-21 145496]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-02-11 137752]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-02-11 171032]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-02-11 172568]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2013-11-21 16:57 959904 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FreePDF Assistant]
2008-07-22 21:44 357376 ----a-w- c:\program files\FreePDF_XP\fpassist.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HOSTS Anti-Adware_PUPs]
2014-05-11 14:38 302961 ----a-w- c:\program files\Hosts_Anti_Adwares_PUPs\HOSTS_Anti-Adware_main.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LifeCam]
2010-12-13 12:37 135536 ----a-w- c:\program files\Microsoft LifeCam\LifeExp.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2013-07-02 07:16 254336 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
.
R2 HOSTS Anti-PUPs;HOSTS Anti-PUPs;c:\program files\Hosts_Anti_Adwares_PUPs\HOSTS_Anti-Adware.exe [2014-05-11 285795]
R2 SE4BLPT;SE4BLPT;c:\windows\system32\SE4BLPT.SYS [2004-04-26 54488]
R2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [2012-05-03 158856]
R3 BBSvc;Bing Bar Update Service;c:\program files\Microsoft\BingBar\BBSvc.EXE [2011-07-07 195336]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe [2014-03-06 108032]
R3 MODRC;Cinergy DT USB XS Diversity (MKII) IR Service;c:\windows\system32\DRIVERS\modrc.sys [2009-11-16 20032]
R3 Ph3xIB32;Philips 713x Inbox PCI TV Card;c:\windows\system32\DRIVERS\Ph3xIB32.sys [2009-07-13 1311232]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
R3 TTUSB2BDA;TTUSB2BDA USB 2.0 Driver;c:\windows\system32\DRIVERS\ttusb2bda.sys [2013-12-24 581888]
R4 klflt;klflt;c:\windows\system32\DRIVERS\klflt.sys [2014-06-04 94304]
S1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;c:\windows\system32\DRIVERS\klim6.sys [2013-10-17 25696]
S1 klpd;klpd;c:\windows\system32\DRIVERS\klpd.sys [2013-04-12 14432]
S1 kltdi;kltdi;c:\windows\system32\DRIVERS\kltdi.sys [2013-05-14 45024]
S1 kneps;kneps;c:\windows\system32\DRIVERS\kneps.sys [2014-06-04 144992]
S2 BBUpdate;BBUpdate;c:\program files\Microsoft\BingBar\SeaPort.EXE [2011-06-15 249648]
S2 c2cautoupdatesvc;Skype Click to Call Updater;c:\program files\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [2014-04-11 1390720]
S2 c2cpnrsvc;Skype Click to Call PNR Service;c:\program files\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [2014-04-11 1764992]
S3 acpials;ALS-Sensorfilter;c:\windows\system32\DRIVERS\acpials.sys [2009-07-13 7680]
S3 e1yexpress;Intel(R) Gigabit Network Connections Driver;c:\windows\system32\DRIVERS\e1y6232.sys [2009-06-13 221912]
S3 klkbdflt;Kaspersky Lab KLKBDFLT;c:\windows\system32\DRIVERS\klkbdflt.sys [2014-06-04 25184]
S3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\DRIVERS\klmouflt.sys [2013-10-17 25696]
.
.
Inhalt des "geplante Tasks" Ordners
.
2012-04-19 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-10 16:39]
.
2014-06-05 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-03-13 12:50]
.
2014-06-05 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-03-13 12:50]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.google.com
mStart Page = hxxp://www.google.com
IE: Free YouTube Download - c:\users\AdminS\AppData\Roaming\DVDVideoSoftIEHelpers\freeytvdownloader.htm
IE: Free YouTube to MP3 Converter - c:\users\AdminS\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
TCP: DhcpNameServer = 192.168.178.1
FF - ProfilePath - c:\users\AdminS\AppData\Roaming\Mozilla\Firefox\Profiles\6uejegd8.default-1397162983529\
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
c:\users\micha\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.2.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe
c:\users\sabin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.2.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe
c:\users\Sofie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.2.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2014-06-05 21:49:58
ComboFix-quarantined-files.txt 2014-06-05 19:44
.
Vor Suchlauf: 22 Verzeichnis(se), 15.787.552.768 Bytes frei
Nach Suchlauf: 26 Verzeichnis(se), 17.231.106.048 Bytes frei
.
- - End Of File - - F0BEDBA67F4617A2D453C6FFF3263B08
A36C5E4F47E84449FF07ED3517B43A31
Mibo's |
|
07.06.2014, 05:40
| #10 |
| /// the machine /// TB-Ausbilder | svchost /User NETZWERKDIENST belegt konstant 50% der CPU Damit is eher gemeint "wenn Revo nicht geht nicht aufhören sondern gleich weiter"  Downloade Dir bitte  Malwarebytes Anti-Malware
Downloade Dir bitte  AdwCleaner auf deinen Desktop.
Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
und ein frisches FRST log bitte.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
08.06.2014, 13:10
| #11 |
| | svchost /User NETZWERKDIENST belegt konstant 50% der CPU Hallo Schrauber! Deine Anweisungen habe ich alle ausgeführt, anbei die Logs. Die svchost.exe von Netzwerkdienst ist immer noch unbeeindruckt bei ihren 50% CPU. mbam.txt Code:
ATTFilter Malwarebytes Anti-Malware www.malwarebytes.org Scan Date: 08.06.2014 Scan Time: 12:04:46 Logfile: mbam.txt Administrator: Yes Version: 2.00.2.1012 Malware Database: v2014.06.08.01 Rootkit Database: v2014.06.02.01 License: Free Malware Protection: Disabled Malicious Website Protection: Disabled Self-protection: Disabled OS: Windows 7 Service Pack 1 CPU: x86 File System: NTFS User: AdminS Scan Type: Threat Scan Result: Completed Objects Scanned: 385635 Time Elapsed: 14 min, 44 sec Memory: Enabled Startup: Enabled Filesystem: Enabled Archives: Enabled Rootkits: Disabled Heuristics: Enabled PUP: Enabled PUM: Enabled Processes: 0 (No malicious items detected) Modules: 0 (No malicious items detected) Registry Keys: 11 PUP.Optional.YTDToolbar, HKU\S-1-5-21-2904712871-953101035-2089307719-1006-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{F3FEE66E-E034-436A-86E4-9690573BEE8A}, Quarantined, [1fe296e0611ac274bf16db5f5ea405fb], PUP.Optional.YTDToolbar, HKU\S-1-5-21-2904712871-953101035-2089307719-1006-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{F3FEE66E-E034-436A-86E4-9690573BEE8A}, Quarantined, [1fe296e0611ac274bf16db5f5ea405fb], PUP.Optional.YTDToolbar, HKU\S-1-5-21-2904712871-953101035-2089307719-1007-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{F3FEE66E-E034-436A-86E4-9690573BEE8A}, Quarantined, [1fe296e0611ac274bf16db5f5ea405fb], PUP.Optional.PlusHD.A, HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\Plus-HD-5.0, Quarantined, [956ce690b4c72f07e0b703a915ed9c64], PUP.Optional.MySearchDial.A, HKU\S-1-5-21-2904712871-953101035-2089307719-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\mysearchdial, Quarantined, [6d9443337902a49293fa30a09e65fc04], PUP.Optional.CrossRider.A, HKU\S-1-5-21-2904712871-953101035-2089307719-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\Crossrider, Quarantined, [05fc3e383a4137ff6c97489c33d0867a], PUP.Optional.PlusHD.A, HKU\S-1-5-21-2904712871-953101035-2089307719-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\Plus-HD-5.0, Quarantined, [56aba7cff68572c4c8cf9e0edb27629e], PUP.Optional.InstallCore.A, HKU\S-1-5-21-2904712871-953101035-2089307719-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\INSTALLCORE\1I1T1Q1S, Quarantined, [cf32c6b029528babe09de0d9f0127b85], PUP.Optional.MySearchDial.A, HKU\S-1-5-21-2904712871-953101035-2089307719-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\INSTALLCORE\mysearchdial, Quarantined, [fe03d0a652293df9291debe918eb817f], PUP.Optional.InstallCore.A, HKU\S-1-5-21-2904712871-953101035-2089307719-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\INSTALLCORE, Quarantined, [45bc3640bdbe55e1612827a87291c43c], PUP.Optional.Softonic.A, HKU\S-1-5-21-2904712871-953101035-2089307719-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\SOFTONIC\Universal Downloader, Quarantined, [50b163137b00ed4930f15f49e81a639d], Registry Values: 1 PUP.Optional.InstallCore.A, HKU\S-1-5-21-2904712871-953101035-2089307719-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\INSTALLCORE|tb, 0A2O0R1R1H2Z1S1G0H1F, Quarantined, [45bc3640bdbe55e1612827a87291c43c] Registry Data: 0 (No malicious items detected) Folders: 0 (No malicious items detected) Files: 6 PUP.Optional.Spigot.A, C:\ProgramData\YouTube Downloader\ytd_installer.exe, Quarantined, [c63bbcba4932989e3053a185c937837d], PUP.Optional.Bandoo.A, C:\Users\micha\Downloads\jZipSetup-r113-n-bf.exe, Quarantined, [17eae690cbb068cee7faf034847ca35d], PUP.OfferBundler.ST, C:\Users\micha\Downloads\SoftonicDownloader_fuer_nvu.exe, Quarantined, [10f16c0af68531052dd2216b6b952cd4], PUP.OfferBundler.ST, C:\Users\micha\Downloads\SoftonicDownloader_fuer_totaledit(portabel).exe, Quarantined, [f110e98dcab158de7b848309ba4656aa], PUP.OfferBundler.ST, C:\Users\micha\Downloads\SoftonicDownloader_fuer_totaledit.exe, Quarantined, [fb066c0a483382b4877855378e72a759], PUP.Optional.Spigot.A, C:\Windows\Installer\50dd4.msi, Quarantined, [50b190e64f2c4fe7a35b9ae9e021b947], Physical Sectors: 0 (No malicious items detected) (end) Code:
ATTFilter # AdwCleaner v3.212 - Bericht erstellt am 08/06/2014 um 12:51:28
# Aktualisiert 05/06/2014 von Xplode
# Betriebssystem : Windows 7 Professional Service Pack 1 (32 bits)
# Benutzername : AdminS - SABINPC
# Gestartet von : C:\Users\AdminS\Desktop\adwcleaner_3.212.exe
# Option : Löschen
***** [ Dienste ] *****
***** [ Dateien / Ordner ] *****
***** [ Verknüpfungen ] *****
***** [ Registrierungsdatenbank ] *****
Schlüssel Gelöscht : HKLM\SOFTWARE\Google\Chrome\Extensions\blbkdnmdcafmfhinpmnlhhddbepgkeaa
[#] Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{1EC9510D-A439-4950-9399-B6399EDF9EA7}
***** [ Browser ] *****
-\\ Internet Explorer v11.0.9600.17041
-\\ Mozilla Firefox v29.0.1 (de)
[ Datei : C:\Users\AdminS\AppData\Roaming\Mozilla\Firefox\Profiles\6uejegd8.default-1397162983529\prefs.js ]
Zeile gelöscht : user_pref("extensions.irmysearch.aflt", "dsites05_14_18_ff");
Zeile gelöscht : user_pref("extensions.irmysearch.cd", "2XzuyEtN2Y1L1QzutDtD0F0FyByC0EtDtD0B0A0AtAtB0AzztN0D0Tzu0SzzyDtDtN1L2XzutBtFtBtDtFyCtFtDtN1L1CzutCyEtDtAtDyD1V1StN1L1G1B1V1N2Y1L1Qzu2StByCzz0BtC0FyB0FtG0FtC0E0At[...]
Zeile gelöscht : user_pref("extensions.irmysearch.cr", "1358254258");
Zeile gelöscht : user_pref("extensions.irmysearch.instlRef", "140305_b");
[ Datei : C:\Users\maya\AppData\Roaming\Mozilla\Firefox\Profiles\t9ua2v3f.default\prefs.js ]
[ Datei : C:\Users\micha\AppData\Roaming\Mozilla\Firefox\Profiles\bntu9o8t.default\prefs.js ]
[ Datei : C:\Users\micha\AppData\Roaming\Mozilla\Firefox\Profiles\m4ux8q19.micha\prefs.js ]
Zeile gelöscht : user_pref("extensions.irmysearch.aflt", "dsites05_14_18_ff");
Zeile gelöscht : user_pref("extensions.irmysearch.cd", "2XzuyEtN2Y1L1QzutDtD0F0FyByC0EtDtD0B0A0AtAtB0AzztN0D0Tzu0SzzyDtDtN1L2XzutBtFtBtDtFyCtFtDtN1L1CzutCyEtDtAtDyD1V1StN1L1G1B1V1N2Y1L1Qzu2StByCzz0BtC0FyB0FtG0FtC0E0At[...]
Zeile gelöscht : user_pref("extensions.irmysearch.cr", "1358254258");
Zeile gelöscht : user_pref("extensions.irmysearch.instlRef", "140305_b");
[ Datei : C:\Users\sabin\AppData\Roaming\Mozilla\Firefox\Profiles\x9of3h2j.default\prefs.js ]
[ Datei : C:\Users\Sofie\AppData\Roaming\Mozilla\Firefox\Profiles\7ttul5ln.default\prefs.js ]
*************************
AdwCleaner[R0].txt - [15791 octets] - [11/05/2014 16:28:48]
AdwCleaner[R1].txt - [2573 octets] - [08/06/2014 12:49:31]
AdwCleaner[S0].txt - [15125 octets] - [11/05/2014 16:30:37]
AdwCleaner[S1].txt - [2498 octets] - [08/06/2014 12:51:28]
########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [2558 octets] ##########
Code:
ATTFilter ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.4 (04.06.2014:1)
OS: Windows 7 Professional x86
Ran by AdminS on 08.06.2014 at 13:32:19,77
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~ Services
~~~ Registry Values
~~~ Registry Keys
~~~ Files
~~~ Folders
Successfully deleted: [Folder] "C:\ProgramData\boost_interprocess"
Successfully deleted: [Folder] "C:\ProgramData\ytd video downloader"
Successfully deleted: [Folder] "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ytd video downloader"
~~~ Event Viewer Logs were cleared
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 08.06.2014 at 13:35:09,83
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
FRST.txt: FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:01-06-2014 01
Ran by AdminS (administrator) on SABINPC on 08-06-2014 13:58:00
Running from C:\Users\AdminS\Desktop
Platform: Microsoft Windows 7 Professional Service Pack 1 (X86) OS Language: German Standard
Internet Explorer Version 11
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(Kaspersky Lab ZAO) C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avp.exe
(Microsoft Corporation) C:\Program Files\Microsoft\BingBar\SeaPort.EXE
(Microsoft Corporation) C:\Program Files\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(Kaspersky Lab ZAO) C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avpui.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Microsoft Corporation) C:\Program Files\Microsoft LifeCam\MSCamS32.exe
(Kaspersky Lab ZAO) C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\wmi32.exe
(Microsoft Corporation) C:\Windows\System32\PrintIsolationHost.exe
(Microsoft Corporation) C:\Windows\System32\taskmgr.exe
==================== Registry (Whitelisted) ==================
HKU\S-1-5-21-2904712871-953101035-2089307719-1000\...\Run: [LaunchList] => C:\Program Files\Pinnacle\Studio 11\LaunchList2.exe [145496 2007-03-21] (Pinnacle Systems)
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKCU - {90300B97-ECFD-407D-8D44-14B273A45DCF} URL = hxxp://de.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=937811&p={searchTerms}
BHO: Content Blocker Plugin - {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO)
BHO: Virtual Keyboard Plugin - {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Safe Money Plugin - {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO)
BHO: Skype Browser Helper - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
BHO: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO: URL Advisor Plugin - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
Toolbar: HKLM - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1
FireFox:
========
FF ProfilePath: C:\Users\AdminS\AppData\Roaming\Mozilla\Firefox\Profiles\6uejegd8.default-1397162983529
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_13_0_0_214.dll ()
FF Plugin: @Google.com/GoogleEarthPlugin - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin: @java.com/DTPlugin,version=10.45.2 - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.45.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: Skype Click to Call - C:\Program Files\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2014-04-11]
FF Extension: Chặn quảng cáo - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\anti_banner@kaspersky.com [2014-06-02]
FF HKLM\...\Firefox\Extensions: - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\url_advisor@kaspersky.com
FF Extension: 卡巴斯基網址顧問 - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\url_advisor@kaspersky.com [2014-06-02]
FF HKLM\...\Firefox\Extensions: [virtual_keyboard@kaspersky.com] - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\virtual_keyboard@kaspersky.com
FF Extension: 虛擬鍵盤 - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\virtual_keyboard@kaspersky.com [2014-06-02]
FF HKLM\...\Firefox\Extensions: [content_blocker@kaspersky.com] - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\content_blocker@kaspersky.com
FF Extension: 惡意網站攔截器 - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\content_blocker@kaspersky.com [2014-06-02]
FF HKLM\...\Firefox\Extensions: [anti_banner@kaspersky.com] - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\anti_banner@kaspersky.com
FF Extension: Chặn quảng cáo - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\anti_banner@kaspersky.com [2014-06-02]
FF HKLM\...\Firefox\Extensions: [online_banking@kaspersky.com] - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\online_banking@kaspersky.com
FF Extension: Safe Money - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\online_banking@kaspersky.com [2014-06-02]
========================== Services (Whitelisted) =================
R2 AVP; C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avp.exe [214512 2013-10-17] (Kaspersky Lab ZAO)
R2 c2cautoupdatesvc; C:\Program Files\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390720 2014-04-11] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1764992 2014-04-11] (Microsoft Corporation)
S3 FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [1044816 2011-05-18] (Flexera Software, Inc.)
S2 HOSTS Anti-PUPs; C:\Program Files\Hosts_Anti_Adwares_PUPs\HOSTS_Anti-Adware.exe [285795 2014-05-11] ()
S2 PCLEPCI; C:\Windows\system32\drivers\pclepci.sys [14165 2005-02-09] (Pinnacle Systems GmbH)
==================== Drivers (Whitelisted) ====================
S3 61883; C:\Windows\System32\DRIVERS\61883.sys [46976 2009-07-14] (Microsoft Corporation)
R3 acpials; C:\Windows\System32\DRIVERS\acpials.sys [7680 2009-07-14] (Microsoft Corporation)
R0 kl1; C:\Windows\System32\DRIVERS\kl1.sys [135776 2014-06-04] (Kaspersky Lab ZAO)
S4 klflt; C:\Windows\System32\DRIVERS\klflt.sys [94304 2014-06-04] (Kaspersky Lab ZAO)
R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [576608 2014-06-04] (Kaspersky Lab ZAO)
R1 KLIM6; C:\Windows\System32\DRIVERS\klim6.sys [25696 2013-10-17] (Kaspersky Lab ZAO)
R3 klkbdflt; C:\Windows\System32\DRIVERS\klkbdflt.sys [25184 2014-06-04] (Kaspersky Lab ZAO)
R3 klmouflt; C:\Windows\System32\DRIVERS\klmouflt.sys [25696 2013-10-17] (Kaspersky Lab ZAO)
R1 klpd; C:\Windows\System32\DRIVERS\klpd.sys [14432 2013-04-12] (Kaspersky Lab ZAO)
R1 kltdi; C:\Windows\System32\DRIVERS\kltdi.sys [45024 2013-05-14] (Kaspersky Lab ZAO)
R1 kneps; C:\Windows\System32\DRIVERS\kneps.sys [144992 2014-06-04] (Kaspersky Lab ZAO)
R3 MarvinBus; C:\Windows\System32\DRIVERS\MarvinBus.sys [171520 2007-01-04] (Pinnacle Systems GmbH)
S3 MODRC; C:\Windows\System32\DRIVERS\modrc.sys [20032 2009-11-16] (DiBcom S.A.)
S3 Ph3xIB32; C:\Windows\System32\DRIVERS\Ph3xIB32.sys [1311232 2009-07-14] (NXP Semiconductors)
S2 SE4BLPT; C:\Windows\system32\SE4BLPT.SYS [54488 2004-04-26] (Sharp Corporation)
R3 tap0901; C:\Windows\System32\DRIVERS\tap0901.sys [26112 2010-11-08] (The OpenVPN Project)
S3 TTUSB2BDA; C:\Windows\System32\DRIVERS\ttusb2bda.sys [581888 2013-12-24] (TechnoTrend Goerler GmbH)
S3 USB28xxBGA; C:\Windows\System32\DRIVERS\emBDA.sys [217088 2006-02-06] (eMPIA Technology, Inc.)
S3 USB28xxOEM; C:\Windows\System32\DRIVERS\emOEM.sys [17792 2006-02-06] (eMPIA Technology, Inc.)
S3 Afc; system32\drivers\Afc.sys [X]
S3 catchme; \??\C:\Users\AdminS\AppData\Local\Temp\catchme.sys [X]
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2014-06-08 13:35 - 2014-06-08 13:35 - 00000874 _____ () C:\Users\AdminS\Desktop\JRT.txt
2014-06-08 13:32 - 2014-06-08 13:32 - 00000000 ____D () C:\Windows\ERUNT
2014-06-08 12:57 - 2014-06-08 12:20 - 01016261 _____ (Thisisu) C:\Users\AdminS\Desktop\JRT.exe
2014-06-08 12:55 - 2014-06-08 12:55 - 00002638 _____ () C:\Users\AdminS\Desktop\AdwCleaner[S1].txt
2014-06-08 12:48 - 2014-06-08 12:18 - 01333465 _____ () C:\Users\AdminS\Desktop\adwcleaner_3.212.exe
2014-06-08 12:46 - 2014-06-08 12:46 - 00004316 _____ () C:\Users\AdminS\Desktop\mbam.txt
2014-06-08 12:44 - 2014-06-08 12:44 - 00000000 __SHD () C:\Users\AdminS\AppData\Local\EmieUserList
2014-06-08 12:44 - 2014-06-08 12:44 - 00000000 __SHD () C:\Users\AdminS\AppData\Local\EmieSiteList
2014-06-08 11:54 - 2014-06-08 12:42 - 00110296 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-06-08 11:54 - 2014-06-08 11:54 - 00001062 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-06-08 11:54 - 2014-06-08 11:54 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware
2014-06-08 11:54 - 2014-06-08 11:54 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-06-08 11:54 - 2014-06-08 11:54 - 00000000 ____D () C:\Program Files\ Malwarebytes Anti-Malware
2014-06-08 11:54 - 2014-05-12 07:26 - 00051928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-06-08 11:54 - 2014-05-12 07:25 - 00074456 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-06-08 11:54 - 2014-05-12 07:25 - 00023256 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-06-05 21:50 - 2014-06-05 21:50 - 00000000 ____D () C:\Users\Sofie\AppData\Local\temp
2014-06-05 21:50 - 2014-06-05 21:50 - 00000000 ____D () C:\Users\sabin\AppData\Local\temp
2014-06-05 21:50 - 2014-06-05 21:50 - 00000000 ____D () C:\Users\Public\AppData\Local\temp
2014-06-05 21:50 - 2014-06-05 21:50 - 00000000 ____D () C:\Users\micha\AppData\Local\temp
2014-06-05 21:50 - 2014-06-05 21:50 - 00000000 ____D () C:\Users\maya\AppData\Local\temp
2014-06-05 21:50 - 2014-06-05 21:50 - 00000000 ____D () C:\Users\Default\AppData\Local\temp
2014-06-05 21:50 - 2014-06-05 21:50 - 00000000 ____D () C:\Users\Default User\AppData\Local\temp
2014-06-05 21:49 - 2014-06-05 21:49 - 00009287 _____ () C:\ComboFix.txt
2014-06-05 21:34 - 2014-06-05 21:50 - 00000000 ____D () C:\Qoobox
2014-06-05 21:34 - 2014-06-05 21:44 - 00000000 ____D () C:\Windows\erdnt
2014-06-05 21:34 - 2011-06-26 08:45 - 00256000 _____ () C:\Windows\PEV.exe
2014-06-05 21:34 - 2010-11-07 19:20 - 00208896 _____ () C:\Windows\MBR.exe
2014-06-05 21:34 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2014-06-05 21:34 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2014-06-05 21:34 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2014-06-05 21:34 - 2000-08-31 02:00 - 00098816 _____ () C:\Windows\sed.exe
2014-06-05 21:34 - 2000-08-31 02:00 - 00080412 _____ () C:\Windows\grep.exe
2014-06-05 21:34 - 2000-08-31 02:00 - 00068096 _____ () C:\Windows\zip.exe
2014-06-04 19:58 - 2014-06-04 19:58 - 00001224 _____ () C:\Users\AdminS\Desktop\Revo Uninstaller.lnk
2014-06-04 19:58 - 2014-06-04 19:58 - 00000000 ____D () C:\Program Files\VS Revo Group
2014-06-04 19:55 - 2014-06-04 19:48 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\AdminS\Desktop\revosetup95.exe
2014-06-02 21:04 - 2014-06-04 20:57 - 00002278 _____ () C:\Users\AdminS\Desktop\Sicherer Zahlungsverkehr.lnk
2014-06-02 21:04 - 2014-06-02 21:04 - 00001096 _____ () C:\Users\Public\Desktop\Kaspersky Internet Security.lnk
2014-06-02 21:04 - 2014-06-02 21:04 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kaspersky Internet Security
2014-06-02 21:03 - 2014-06-04 20:38 - 00576608 _____ (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\klif.sys
2014-06-02 21:03 - 2014-06-04 20:38 - 00094304 _____ (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\klflt.sys
2014-06-02 21:03 - 2014-06-02 21:03 - 00000000 ____D () C:\Windows\ELAMBKUP
2014-06-02 21:03 - 2014-06-02 21:03 - 00000000 ____D () C:\Program Files\Kaspersky Lab
2014-06-02 20:15 - 2014-06-08 13:58 - 00010671 _____ () C:\Users\AdminS\Desktop\FRST.txt
2014-06-02 20:15 - 2014-06-02 20:15 - 00024362 _____ () C:\Users\AdminS\Desktop\Addition.txt
2014-06-02 20:14 - 2014-06-08 13:58 - 00000000 ____D () C:\FRST
2014-06-02 19:24 - 2014-06-02 19:22 - 01058304 _____ (Farbar) C:\Users\AdminS\Desktop\FRST.exe
2014-05-30 10:51 - 2014-05-30 10:56 - 00033280 ___SH () C:\Users\Public\Thumbs.db
2014-05-29 23:15 - 2014-05-29 23:15 - 00000000 ____D () C:\aaavirus
2014-05-25 17:43 - 2014-05-25 17:44 - 00000000 ____D () C:\Users\micha\Downloads\KAZ
2014-05-18 21:05 - 2014-05-18 21:05 - 00008704 _____ () C:\Users\micha\Desktop\AG-Zuschuss.xls
2014-05-15 20:47 - 2014-05-06 05:25 - 17382912 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-05-15 20:47 - 2014-05-06 05:07 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-05-15 20:47 - 2014-05-06 04:10 - 00069632 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-05-15 20:10 - 2014-05-09 09:06 - 00369664 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-05-15 20:10 - 2014-05-09 09:04 - 00302592 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-05-15 20:10 - 2014-04-12 04:15 - 00136640 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2014-05-15 20:10 - 2014-04-12 04:15 - 00067520 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2014-05-15 20:10 - 2014-04-12 04:12 - 00100352 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2014-05-15 20:10 - 2014-04-12 04:12 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2014-05-15 20:10 - 2014-04-12 04:12 - 00015872 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2014-05-15 20:10 - 2014-04-12 04:11 - 01059840 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-05-15 20:10 - 2014-04-12 04:11 - 00022528 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2014-05-15 20:10 - 2014-03-04 11:20 - 03969984 _____ (Microsoft Corporation) C:\Windows\system32\ntkrnlpa.exe
2014-05-15 20:10 - 2014-03-04 11:20 - 03914176 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2014-05-15 20:10 - 2014-03-04 11:17 - 00550912 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-05-15 20:10 - 2014-03-04 11:17 - 00538112 _____ (Microsoft Corporation) C:\Windows\system32\objsel.dll
2014-05-15 20:10 - 2014-03-04 11:17 - 00304128 _____ (Microsoft Corporation) C:\Windows\system32\winlogon.exe
2014-05-15 20:10 - 2014-03-04 11:17 - 00293376 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2014-05-15 20:10 - 2014-03-04 11:17 - 00259584 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2014-05-15 20:10 - 2014-03-04 11:17 - 00247808 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2014-05-15 20:10 - 2014-03-04 11:17 - 00172032 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2014-05-15 20:10 - 2014-03-04 11:17 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2014-05-15 20:10 - 2014-03-04 11:17 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\cngprovider.dll
2014-05-15 20:10 - 2014-03-04 11:17 - 00049664 _____ (Microsoft Corporation) C:\Windows\system32\adprovider.dll
2014-05-15 20:10 - 2014-03-04 11:17 - 00048128 _____ (Microsoft Corporation) C:\Windows\system32\capiprovider.dll
2014-05-15 20:10 - 2014-03-04 11:17 - 00047616 _____ (Microsoft Corporation) C:\Windows\system32\dpapiprovider.dll
2014-05-15 20:10 - 2014-03-04 11:17 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\dimsroam.dll
2014-05-15 20:10 - 2014-03-04 11:17 - 00035328 _____ (Microsoft Corporation) C:\Windows\system32\wincredprovider.dll
2014-05-15 20:10 - 2014-03-04 11:17 - 00017408 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2014-05-15 20:09 - 2014-03-25 04:09 - 12874240 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2014-05-11 20:13 - 2014-05-11 20:13 - 00005871 _____ () C:\Users\micha\.recently-used.xbel
2014-05-11 20:07 - 2014-05-11 20:07 - 00000042 _____ () C:\Users\micha\.gtk-bookmarks
2014-05-11 18:19 - 2014-05-11 18:19 - 00000000 __SHD () C:\Users\micha\AppData\Local\EmieUserList
2014-05-11 18:19 - 2014-05-11 18:19 - 00000000 __SHD () C:\Users\micha\AppData\Local\EmieSiteList
2014-05-11 16:38 - 2014-05-11 16:38 - 00001141 _____ () C:\Users\AdminS\Desktop\Desinstaller_HOSTS_Anti-PUPs.lnk
2014-05-11 16:38 - 2014-05-11 16:38 - 00000000 ____D () C:\Program Files\Hosts_Anti_Adwares_PUPs
2014-05-11 16:28 - 2014-06-08 12:51 - 00000000 ____D () C:\AdwCleaner
2014-05-09 21:01 - 2014-05-11 16:01 - 00000063 _____ () C:\Users\AdminS\AppData\Roaming\WB.CFG
==================== One Month Modified Files and Folders =======
2014-06-08 13:58 - 2014-06-02 20:15 - 00010671 _____ () C:\Users\AdminS\Desktop\FRST.txt
2014-06-08 13:58 - 2014-06-02 20:14 - 00000000 ____D () C:\FRST
2014-06-08 13:58 - 2010-12-27 17:00 - 00000000 ____D () C:\Users\AdminS\AppData\Local\Temp
2014-06-08 13:50 - 2011-03-13 14:50 - 00001094 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-06-08 13:50 - 2010-12-27 17:16 - 00000000 ____D () C:\ProgramData\Kaspersky Lab
2014-06-08 13:50 - 2009-07-14 06:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-06-08 13:50 - 2009-07-14 06:39 - 00080146 _____ () C:\Windows\setupact.log
2014-06-08 13:37 - 2010-12-27 16:47 - 01793984 _____ () C:\Windows\WindowsUpdate.log
2014-06-08 13:35 - 2014-06-08 13:35 - 00000874 _____ () C:\Users\AdminS\Desktop\JRT.txt
2014-06-08 13:32 - 2014-06-08 13:32 - 00000000 ____D () C:\Windows\ERUNT
2014-06-08 13:23 - 2009-07-14 06:34 - 00014032 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-06-08 13:23 - 2009-07-14 06:34 - 00014032 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-06-08 13:16 - 2011-03-13 14:50 - 00001098 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-06-08 12:55 - 2014-06-08 12:55 - 00002638 _____ () C:\Users\AdminS\Desktop\AdwCleaner[S1].txt
2014-06-08 12:53 - 2011-01-09 15:24 - 00255084 _____ () C:\Windows\PFRO.log
2014-06-08 12:51 - 2014-05-11 16:28 - 00000000 ____D () C:\AdwCleaner
2014-06-08 12:46 - 2014-06-08 12:46 - 00004316 _____ () C:\Users\AdminS\Desktop\mbam.txt
2014-06-08 12:44 - 2014-06-08 12:44 - 00000000 __SHD () C:\Users\AdminS\AppData\Local\EmieUserList
2014-06-08 12:44 - 2014-06-08 12:44 - 00000000 __SHD () C:\Users\AdminS\AppData\Local\EmieSiteList
2014-06-08 12:42 - 2014-06-08 11:54 - 00110296 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-06-08 12:20 - 2014-06-08 12:57 - 01016261 _____ (Thisisu) C:\Users\AdminS\Desktop\JRT.exe
2014-06-08 12:20 - 2012-01-21 15:33 - 00000000 ____D () C:\ProgramData\YouTube Downloader
2014-06-08 12:18 - 2014-06-08 12:48 - 01333465 _____ () C:\Users\AdminS\Desktop\adwcleaner_3.212.exe
2014-06-08 11:54 - 2014-06-08 11:54 - 00001062 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-06-08 11:54 - 2014-06-08 11:54 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware
2014-06-08 11:54 - 2014-06-08 11:54 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-06-08 11:54 - 2014-06-08 11:54 - 00000000 ____D () C:\Program Files\ Malwarebytes Anti-Malware
2014-06-05 21:50 - 2014-06-05 21:50 - 00000000 ____D () C:\Users\Sofie\AppData\Local\temp
2014-06-05 21:50 - 2014-06-05 21:50 - 00000000 ____D () C:\Users\sabin\AppData\Local\temp
2014-06-05 21:50 - 2014-06-05 21:50 - 00000000 ____D () C:\Users\Public\AppData\Local\temp
2014-06-05 21:50 - 2014-06-05 21:50 - 00000000 ____D () C:\Users\micha\AppData\Local\temp
2014-06-05 21:50 - 2014-06-05 21:50 - 00000000 ____D () C:\Users\maya\AppData\Local\temp
2014-06-05 21:50 - 2014-06-05 21:50 - 00000000 ____D () C:\Users\Default\AppData\Local\temp
2014-06-05 21:50 - 2014-06-05 21:50 - 00000000 ____D () C:\Users\Default User\AppData\Local\temp
2014-06-05 21:50 - 2014-06-05 21:34 - 00000000 ____D () C:\Qoobox
2014-06-05 21:50 - 2009-07-14 04:37 - 00000000 __RHD () C:\Users\Default
2014-06-05 21:50 - 2009-07-14 04:37 - 00000000 ___RD () C:\Users\Public
2014-06-05 21:49 - 2014-06-05 21:49 - 00009287 _____ () C:\ComboFix.txt
2014-06-05 21:44 - 2014-06-05 21:34 - 00000000 ____D () C:\Windows\erdnt
2014-06-05 21:43 - 2009-07-14 04:04 - 00000215 _____ () C:\Windows\system.ini
2014-06-04 20:57 - 2014-06-02 21:04 - 00002278 _____ () C:\Users\AdminS\Desktop\Sicherer Zahlungsverkehr.lnk
2014-06-04 20:46 - 2012-05-30 06:04 - 00000008 __RSH () C:\Users\micha\ntuser.pol
2014-06-04 20:46 - 2010-12-27 17:59 - 00000000 ____D () C:\Users\micha
2014-06-04 20:38 - 2014-06-02 21:03 - 00576608 _____ (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\klif.sys
2014-06-04 20:38 - 2014-06-02 21:03 - 00094304 _____ (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\klflt.sys
2014-06-04 20:38 - 2013-10-17 15:47 - 00135776 _____ (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\kl1.sys
2014-06-04 20:38 - 2013-10-17 15:47 - 00025184 _____ (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\klkbdflt.sys
2014-06-04 20:38 - 2013-06-06 17:38 - 00144992 _____ (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\kneps.sys
2014-06-04 20:00 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\system32\NDF
2014-06-04 19:58 - 2014-06-04 19:58 - 00001224 _____ () C:\Users\AdminS\Desktop\Revo Uninstaller.lnk
2014-06-04 19:58 - 2014-06-04 19:58 - 00000000 ____D () C:\Program Files\VS Revo Group
2014-06-04 19:53 - 2012-05-30 05:57 - 00000008 __RSH () C:\Users\AdminS\ntuser.pol
2014-06-04 19:53 - 2010-12-27 17:00 - 00000000 ____D () C:\Users\AdminS
2014-06-04 19:49 - 2009-07-14 04:37 - 00000000 ___HD () C:\Windows\system32\GroupPolicy
2014-06-04 19:48 - 2014-06-04 19:55 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\AdminS\Desktop\revosetup95.exe
2014-06-02 21:04 - 2014-06-02 21:04 - 00001096 _____ () C:\Users\Public\Desktop\Kaspersky Internet Security.lnk
2014-06-02 21:04 - 2014-06-02 21:04 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kaspersky Internet Security
2014-06-02 21:03 - 2014-06-02 21:03 - 00000000 ____D () C:\Windows\ELAMBKUP
2014-06-02 21:03 - 2014-06-02 21:03 - 00000000 ____D () C:\Program Files\Kaspersky Lab
2014-06-02 20:15 - 2014-06-02 20:15 - 00024362 _____ () C:\Users\AdminS\Desktop\Addition.txt
2014-06-02 19:22 - 2014-06-02 19:24 - 01058304 _____ (Farbar) C:\Users\AdminS\Desktop\FRST.exe
2014-05-30 11:10 - 2010-05-11 20:42 - 00000000 ____D () C:\Elster
2014-05-30 10:56 - 2014-05-30 10:51 - 00033280 ___SH () C:\Users\Public\Thumbs.db
2014-05-30 10:50 - 2011-05-26 21:22 - 00000000 ____D () C:\temp
2014-05-29 23:15 - 2014-05-29 23:15 - 00000000 ____D () C:\aaavirus
2014-05-29 15:39 - 2010-12-27 17:03 - 01620612 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-05-29 13:13 - 2013-11-02 19:09 - 00000000 ____D () C:\Users\micha\AppData\Roaming\TV-Browser
2014-05-27 18:39 - 2012-04-10 10:18 - 00692400 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2014-05-27 18:39 - 2011-09-07 09:40 - 00070832 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2014-05-25 17:44 - 2014-05-25 17:43 - 00000000 ____D () C:\Users\micha\Downloads\KAZ
2014-05-25 12:48 - 2012-10-25 19:20 - 00000680 __RSH () C:\Users\sabin\ntuser.pol
2014-05-25 12:48 - 2010-12-27 17:08 - 00000000 ____D () C:\Users\sabin
2014-05-22 15:06 - 2012-12-02 13:00 - 00000680 __RSH () C:\Users\Sofie\ntuser.pol
2014-05-22 15:06 - 2012-12-02 13:00 - 00000000 ____D () C:\Users\Sofie
2014-05-18 21:05 - 2014-05-18 21:05 - 00008704 _____ () C:\Users\micha\Desktop\AG-Zuschuss.xls
2014-05-16 20:40 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\rescache
2014-05-16 20:00 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\Microsoft.NET
2014-05-16 19:46 - 2014-05-06 20:40 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-05-16 19:45 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\system32\de-DE
2014-05-15 20:52 - 2013-10-06 17:16 - 00000000 ____D () C:\Windows\system32\MRT
2014-05-15 20:49 - 2011-01-30 11:30 - 90547776 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-05-12 07:26 - 2014-06-08 11:54 - 00051928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-05-12 07:25 - 2014-06-08 11:54 - 00074456 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-05-12 07:25 - 2014-06-08 11:54 - 00023256 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-05-11 20:30 - 2011-02-13 10:22 - 00000000 ____D () C:\Users\micha\Documents\mibosoft
2014-05-11 20:14 - 2011-01-09 14:05 - 00000000 ____D () C:\Users\micha\.gimp-2.6
2014-05-11 20:13 - 2014-05-11 20:13 - 00005871 _____ () C:\Users\micha\.recently-used.xbel
2014-05-11 20:13 - 2011-01-17 20:07 - 00000000 ____D () C:\Users\micha\AppData\Roaming\gtk-2.0
2014-05-11 20:07 - 2014-05-11 20:07 - 00000042 _____ () C:\Users\micha\.gtk-bookmarks
2014-05-11 18:19 - 2014-05-11 18:19 - 00000000 __SHD () C:\Users\micha\AppData\Local\EmieUserList
2014-05-11 18:19 - 2014-05-11 18:19 - 00000000 __SHD () C:\Users\micha\AppData\Local\EmieSiteList
2014-05-11 16:55 - 2012-02-19 18:41 - 00000085 _____ () C:\Users\micha\Documents\adac.txt
2014-05-11 16:38 - 2014-05-11 16:38 - 00001141 _____ () C:\Users\AdminS\Desktop\Desinstaller_HOSTS_Anti-PUPs.lnk
2014-05-11 16:38 - 2014-05-11 16:38 - 00000000 ____D () C:\Program Files\Hosts_Anti_Adwares_PUPs
2014-05-11 16:01 - 2014-05-09 21:01 - 00000063 _____ () C:\Users\AdminS\AppData\Roaming\WB.CFG
2014-05-09 20:34 - 2013-12-30 17:01 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-05-09 09:06 - 2014-05-15 20:10 - 00369664 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-05-09 09:04 - 2014-05-15 20:10 - 00302592 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
Some content of TEMP:
====================
C:\Users\AdminS\AppData\Local\Temp\Quarantine.exe
==================== Bamital & volsnap Check =================
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\system32\winlogon.exe => MD5 is legit
C:\Windows\system32\wininit.exe => MD5 is legit
C:\Windows\system32\svchost.exe => MD5 is legit
C:\Windows\system32\services.exe => MD5 is legit
C:\Windows\system32\User32.dll => MD5 is legit
C:\Windows\system32\userinit.exe => MD5 is legit
C:\Windows\system32\rpcss.dll => MD5 is legit
C:\Windows\system32\Drivers\volsnap.sys => MD5 is legit
LastRegBack: 2014-06-02 20:55
==================== End Of Log ============================
--- --- --- Was meinst Du? Grüße, Mibo's |
|
09.06.2014, 06:39
| #12 |
| /// the machine /// TB-Ausbilder | svchost /User NETZWERKDIENST belegt konstant 50% der CPUESET Online Scanner
Downloade Dir bitte  SecurityCheck und:
und ein frisches FRST log bitte. Noch Probleme?
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
09.06.2014, 21:16
| #13 |
| | svchost /User NETZWERKDIENST belegt konstant 50% der CPU Hi Schrauber! wieder habe ich Deine Instruktionen abgearbeitet, aber es gibt keine Veränderung... ESET hatte 115 infizierte Dateien gefunden, vorher dauerte es ungefähr 3 Stunden, bis alle Daten aus dem Internet heruntergeladen waren - vermutlich wird hier u.a. die Internetverbindung stark ausgebremst. Ich finde komisch, dass das log so kurz ausfällt: Code:
ATTFilter ESETSmartInstaller@High as downloader log:
all ok
Code:
ATTFilter Results of screen317's Security Check version 0.99.83
Windows 7 Service Pack 1 x86 (UAC is enabled)
Internet Explorer 11
``````````````Antivirus/Firewall Check:``````````````
Kaspersky Internet Security
Antivirus up to date! (On Access scanning disabled!)
`````````Anti-malware/Other Utilities Check:`````````
Java(TM) 6 Update 26
Java 7 Update 45
Java version out of Date!
Adobe Flash Player 13.0.0.214
Adobe Reader XI
Mozilla Firefox (29.0.1)
Mozilla Thunderbird (2.0.0 Thunderbird out of Date!
````````Process Check: objlist.exe by Laurent````````
Kaspersky Lab Kaspersky Internet Security 14.0.0 avp.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C:
````````````````````End of Log``````````````````````
FRST Logfile: FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:09-06-2014 01
Ran by AdminS (administrator) on SABINPC on 09-06-2014 17:51:16
Running from C:\Users\AdminS\Desktop
Platform: Microsoft Windows 7 Professional Service Pack 1 (X86) OS Language: German Standard
Internet Explorer Version 11
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(Microsoft Corporation) C:\Windows\System32\lpksetup.exe
(Kaspersky Lab ZAO) C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avp.exe
(Microsoft Corporation) C:\Program Files\Microsoft\BingBar\SeaPort.EXE
(Microsoft Corporation) C:\Program Files\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft LifeCam\MSCamS32.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Microsoft Corporation) C:\Windows\System32\taskmgr.exe
==================== Registry (Whitelisted) ==================
HKU\S-1-5-21-2904712871-953101035-2089307719-1000\...\Run: [LaunchList] => C:\Program Files\Pinnacle\Studio 11\LaunchList2.exe [145496 2007-03-21] (Pinnacle Systems)
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKCU - {90300B97-ECFD-407D-8D44-14B273A45DCF} URL = hxxp://de.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=937811&p={searchTerms}
BHO: Content Blocker Plugin - {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO)
BHO: Virtual Keyboard Plugin - {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Safe Money Plugin - {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO)
BHO: Skype Browser Helper - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
BHO: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO: URL Advisor Plugin - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
Toolbar: HKLM - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1
FireFox:
========
FF ProfilePath: C:\Users\AdminS\AppData\Roaming\Mozilla\Firefox\Profiles\6uejegd8.default-1397162983529
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_13_0_0_214.dll ()
FF Plugin: @Google.com/GoogleEarthPlugin - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin: @java.com/DTPlugin,version=10.45.2 - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.45.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: Skype Click to Call - C:\Program Files\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2014-04-11]
FF Extension: Chặn quảng cáo - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\anti_banner@kaspersky.com [2014-06-02]
FF HKLM\...\Firefox\Extensions: - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\url_advisor@kaspersky.com
FF Extension: 卡巴斯基網址顧問 - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\url_advisor@kaspersky.com [2014-06-02]
FF HKLM\...\Firefox\Extensions: [virtual_keyboard@kaspersky.com] - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\virtual_keyboard@kaspersky.com
FF Extension: 虛擬鍵盤 - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\virtual_keyboard@kaspersky.com [2014-06-02]
FF HKLM\...\Firefox\Extensions: [content_blocker@kaspersky.com] - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\content_blocker@kaspersky.com
FF Extension: 惡意網站攔截器 - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\content_blocker@kaspersky.com [2014-06-02]
FF HKLM\...\Firefox\Extensions: [anti_banner@kaspersky.com] - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\anti_banner@kaspersky.com
FF Extension: Chặn quảng cáo - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\anti_banner@kaspersky.com [2014-06-02]
FF HKLM\...\Firefox\Extensions: [online_banking@kaspersky.com] - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\online_banking@kaspersky.com
FF Extension: Safe Money - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\online_banking@kaspersky.com [2014-06-02]
========================== Services (Whitelisted) =================
U2 AVP; C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avp.exe [214512 2013-10-17] (Kaspersky Lab ZAO)
R2 c2cautoupdatesvc; C:\Program Files\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390720 2014-04-11] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1764992 2014-04-11] (Microsoft Corporation)
S3 FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [1044816 2011-05-18] (Flexera Software, Inc.)
S2 HOSTS Anti-PUPs; C:\Program Files\Hosts_Anti_Adwares_PUPs\HOSTS_Anti-Adware.exe [285795 2014-05-11] () [File not signed]
S2 PCLEPCI; C:\Windows\system32\drivers\pclepci.sys [14165 2005-02-09] (Pinnacle Systems GmbH) [File not signed]
==================== Drivers (Whitelisted) ====================
S3 61883; C:\Windows\System32\DRIVERS\61883.sys [46976 2009-07-14] (Microsoft Corporation)
R3 acpials; C:\Windows\System32\DRIVERS\acpials.sys [7680 2009-07-14] (Microsoft Corporation)
R0 kl1; C:\Windows\System32\DRIVERS\kl1.sys [135776 2014-06-04] (Kaspersky Lab ZAO)
S4 klflt; C:\Windows\System32\DRIVERS\klflt.sys [94304 2014-06-04] (Kaspersky Lab ZAO)
R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [576608 2014-06-04] (Kaspersky Lab ZAO)
R1 KLIM6; C:\Windows\System32\DRIVERS\klim6.sys [25696 2013-10-17] (Kaspersky Lab ZAO)
R3 klkbdflt; C:\Windows\System32\DRIVERS\klkbdflt.sys [25184 2014-06-04] (Kaspersky Lab ZAO)
R3 klmouflt; C:\Windows\System32\DRIVERS\klmouflt.sys [25696 2013-10-17] (Kaspersky Lab ZAO)
R1 klpd; C:\Windows\System32\DRIVERS\klpd.sys [14432 2013-04-12] (Kaspersky Lab ZAO)
R1 kltdi; C:\Windows\System32\DRIVERS\kltdi.sys [45024 2013-05-14] (Kaspersky Lab ZAO)
R1 kneps; C:\Windows\System32\DRIVERS\kneps.sys [144992 2014-06-04] (Kaspersky Lab ZAO)
R3 MarvinBus; C:\Windows\System32\DRIVERS\MarvinBus.sys [171520 2007-01-04] (Pinnacle Systems GmbH)
S3 MODRC; C:\Windows\System32\DRIVERS\modrc.sys [20032 2009-11-16] (DiBcom S.A.)
S3 Ph3xIB32; C:\Windows\System32\DRIVERS\Ph3xIB32.sys [1311232 2009-07-14] (NXP Semiconductors)
S2 SE4BLPT; C:\Windows\system32\SE4BLPT.SYS [54488 2004-04-26] (Sharp Corporation) [File not signed]
R3 tap0901; C:\Windows\System32\DRIVERS\tap0901.sys [26112 2010-11-08] (The OpenVPN Project)
S3 TTUSB2BDA; C:\Windows\System32\DRIVERS\ttusb2bda.sys [581888 2013-12-24] (TechnoTrend Goerler GmbH)
S3 USB28xxBGA; C:\Windows\System32\DRIVERS\emBDA.sys [217088 2006-02-06] (eMPIA Technology, Inc.)
S3 USB28xxOEM; C:\Windows\System32\DRIVERS\emOEM.sys [17792 2006-02-06] (eMPIA Technology, Inc.)
S3 Afc; system32\drivers\Afc.sys [X]
S3 catchme; \??\C:\Users\AdminS\AppData\Local\Temp\catchme.sys [X]
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2014-06-09 17:51 - 2014-06-09 17:51 - 00000000 ____D () C:\Users\AdminS\Desktop\FRST-OlderVersion
2014-06-09 17:08 - 2014-06-09 14:39 - 00854367 _____ () C:\Users\AdminS\Desktop\SecurityCheck.exe
2014-06-09 11:10 - 2014-06-09 11:10 - 00000000 ____D () C:\Program Files\ESET
2014-06-08 13:35 - 2014-06-08 13:35 - 00000874 _____ () C:\Users\AdminS\Desktop\JRT.txt
2014-06-08 13:32 - 2014-06-08 13:32 - 00000000 ____D () C:\Windows\ERUNT
2014-06-08 12:57 - 2014-06-08 12:20 - 01016261 _____ (Thisisu) C:\Users\AdminS\Desktop\JRT.exe
2014-06-08 12:55 - 2014-06-08 12:55 - 00002638 _____ () C:\Users\AdminS\Desktop\AdwCleaner[S1].txt
2014-06-08 12:48 - 2014-06-08 12:18 - 01333465 _____ () C:\Users\AdminS\Desktop\adwcleaner_3.212.exe
2014-06-08 12:46 - 2014-06-08 12:46 - 00004316 _____ () C:\Users\AdminS\Desktop\mbam.txt
2014-06-08 12:44 - 2014-06-08 12:44 - 00000000 __SHD () C:\Users\AdminS\AppData\Local\EmieUserList
2014-06-08 12:44 - 2014-06-08 12:44 - 00000000 __SHD () C:\Users\AdminS\AppData\Local\EmieSiteList
2014-06-08 11:54 - 2014-06-08 12:42 - 00110296 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-06-08 11:54 - 2014-06-08 11:54 - 00001062 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-06-08 11:54 - 2014-06-08 11:54 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware
2014-06-08 11:54 - 2014-06-08 11:54 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-06-08 11:54 - 2014-06-08 11:54 - 00000000 ____D () C:\Program Files\ Malwarebytes Anti-Malware
2014-06-08 11:54 - 2014-05-12 07:26 - 00051928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-06-08 11:54 - 2014-05-12 07:25 - 00074456 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-06-08 11:54 - 2014-05-12 07:25 - 00023256 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-06-05 21:50 - 2014-06-05 21:50 - 00000000 ____D () C:\Users\Sofie\AppData\Local\temp
2014-06-05 21:50 - 2014-06-05 21:50 - 00000000 ____D () C:\Users\sabin\AppData\Local\temp
2014-06-05 21:50 - 2014-06-05 21:50 - 00000000 ____D () C:\Users\Public\AppData\Local\temp
2014-06-05 21:50 - 2014-06-05 21:50 - 00000000 ____D () C:\Users\micha\AppData\Local\temp
2014-06-05 21:50 - 2014-06-05 21:50 - 00000000 ____D () C:\Users\maya\AppData\Local\temp
2014-06-05 21:50 - 2014-06-05 21:50 - 00000000 ____D () C:\Users\Default\AppData\Local\temp
2014-06-05 21:50 - 2014-06-05 21:50 - 00000000 ____D () C:\Users\Default User\AppData\Local\temp
2014-06-05 21:49 - 2014-06-05 21:49 - 00009287 _____ () C:\ComboFix.txt
2014-06-05 21:34 - 2014-06-05 21:50 - 00000000 ____D () C:\Qoobox
2014-06-05 21:34 - 2014-06-05 21:44 - 00000000 ____D () C:\Windows\erdnt
2014-06-05 21:34 - 2011-06-26 08:45 - 00256000 _____ () C:\Windows\PEV.exe
2014-06-05 21:34 - 2010-11-07 19:20 - 00208896 _____ () C:\Windows\MBR.exe
2014-06-05 21:34 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2014-06-05 21:34 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2014-06-05 21:34 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2014-06-05 21:34 - 2000-08-31 02:00 - 00098816 _____ () C:\Windows\sed.exe
2014-06-05 21:34 - 2000-08-31 02:00 - 00080412 _____ () C:\Windows\grep.exe
2014-06-05 21:34 - 2000-08-31 02:00 - 00068096 _____ () C:\Windows\zip.exe
2014-06-04 19:58 - 2014-06-04 19:58 - 00001224 _____ () C:\Users\AdminS\Desktop\Revo Uninstaller.lnk
2014-06-04 19:58 - 2014-06-04 19:58 - 00000000 ____D () C:\Program Files\VS Revo Group
2014-06-04 19:55 - 2014-06-04 19:48 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\AdminS\Desktop\revosetup95.exe
2014-06-02 21:04 - 2014-06-04 20:57 - 00002278 _____ () C:\Users\AdminS\Desktop\Sicherer Zahlungsverkehr.lnk
2014-06-02 21:04 - 2014-06-02 21:04 - 00001096 _____ () C:\Users\Public\Desktop\Kaspersky Internet Security.lnk
2014-06-02 21:04 - 2014-06-02 21:04 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kaspersky Internet Security
2014-06-02 21:03 - 2014-06-04 20:38 - 00576608 _____ (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\klif.sys
2014-06-02 21:03 - 2014-06-04 20:38 - 00094304 _____ (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\klflt.sys
2014-06-02 21:03 - 2014-06-02 21:03 - 00000000 ____D () C:\Windows\ELAMBKUP
2014-06-02 21:03 - 2014-06-02 21:03 - 00000000 ____D () C:\Program Files\Kaspersky Lab
2014-06-02 20:15 - 2014-06-09 17:51 - 00010521 _____ () C:\Users\AdminS\Desktop\FRST.txt
2014-06-02 20:15 - 2014-06-02 20:15 - 00024362 _____ () C:\Users\AdminS\Desktop\Addition.txt
2014-06-02 20:14 - 2014-06-09 17:51 - 00000000 ____D () C:\FRST
2014-06-02 19:24 - 2014-06-09 17:51 - 01072128 _____ (Farbar) C:\Users\AdminS\Desktop\FRST.exe
2014-05-30 10:51 - 2014-05-30 10:56 - 00033280 ___SH () C:\Users\Public\Thumbs.db
2014-05-29 23:15 - 2014-05-29 23:15 - 00000000 ____D () C:\aaavirus
2014-05-25 17:43 - 2014-05-25 17:44 - 00000000 ____D () C:\Users\micha\Downloads\KAZ
2014-05-18 21:05 - 2014-05-18 21:05 - 00008704 _____ () C:\Users\micha\Desktop\AG-Zuschuss.xls
2014-05-15 20:47 - 2014-05-06 05:25 - 17382912 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-05-15 20:47 - 2014-05-06 05:07 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-05-15 20:47 - 2014-05-06 04:10 - 00069632 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-05-15 20:10 - 2014-05-09 09:06 - 00369664 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-05-15 20:10 - 2014-05-09 09:04 - 00302592 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-05-15 20:10 - 2014-04-12 04:15 - 00136640 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2014-05-15 20:10 - 2014-04-12 04:15 - 00067520 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2014-05-15 20:10 - 2014-04-12 04:12 - 00100352 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2014-05-15 20:10 - 2014-04-12 04:12 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2014-05-15 20:10 - 2014-04-12 04:12 - 00015872 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2014-05-15 20:10 - 2014-04-12 04:11 - 01059840 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-05-15 20:10 - 2014-04-12 04:11 - 00022528 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2014-05-15 20:10 - 2014-03-04 11:20 - 03969984 _____ (Microsoft Corporation) C:\Windows\system32\ntkrnlpa.exe
2014-05-15 20:10 - 2014-03-04 11:20 - 03914176 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2014-05-15 20:10 - 2014-03-04 11:17 - 00550912 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-05-15 20:10 - 2014-03-04 11:17 - 00538112 _____ (Microsoft Corporation) C:\Windows\system32\objsel.dll
2014-05-15 20:10 - 2014-03-04 11:17 - 00304128 _____ (Microsoft Corporation) C:\Windows\system32\winlogon.exe
2014-05-15 20:10 - 2014-03-04 11:17 - 00293376 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2014-05-15 20:10 - 2014-03-04 11:17 - 00259584 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2014-05-15 20:10 - 2014-03-04 11:17 - 00247808 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2014-05-15 20:10 - 2014-03-04 11:17 - 00172032 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2014-05-15 20:10 - 2014-03-04 11:17 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2014-05-15 20:10 - 2014-03-04 11:17 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\cngprovider.dll
2014-05-15 20:10 - 2014-03-04 11:17 - 00049664 _____ (Microsoft Corporation) C:\Windows\system32\adprovider.dll
2014-05-15 20:10 - 2014-03-04 11:17 - 00048128 _____ (Microsoft Corporation) C:\Windows\system32\capiprovider.dll
2014-05-15 20:10 - 2014-03-04 11:17 - 00047616 _____ (Microsoft Corporation) C:\Windows\system32\dpapiprovider.dll
2014-05-15 20:10 - 2014-03-04 11:17 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\dimsroam.dll
2014-05-15 20:10 - 2014-03-04 11:17 - 00035328 _____ (Microsoft Corporation) C:\Windows\system32\wincredprovider.dll
2014-05-15 20:10 - 2014-03-04 11:17 - 00017408 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2014-05-15 20:09 - 2014-03-25 04:09 - 12874240 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2014-05-11 20:13 - 2014-05-11 20:13 - 00005871 _____ () C:\Users\micha\.recently-used.xbel
2014-05-11 20:07 - 2014-05-11 20:07 - 00000042 _____ () C:\Users\micha\.gtk-bookmarks
2014-05-11 18:19 - 2014-05-11 18:19 - 00000000 __SHD () C:\Users\micha\AppData\Local\EmieUserList
2014-05-11 18:19 - 2014-05-11 18:19 - 00000000 __SHD () C:\Users\micha\AppData\Local\EmieSiteList
2014-05-11 16:38 - 2014-05-11 16:38 - 00001141 _____ () C:\Users\AdminS\Desktop\Desinstaller_HOSTS_Anti-PUPs.lnk
2014-05-11 16:38 - 2014-05-11 16:38 - 00000000 ____D () C:\Program Files\Hosts_Anti_Adwares_PUPs
2014-05-11 16:28 - 2014-06-08 12:51 - 00000000 ____D () C:\AdwCleaner
==================== One Month Modified Files and Folders =======
2014-06-09 17:51 - 2014-06-09 17:51 - 00000000 ____D () C:\Users\AdminS\Desktop\FRST-OlderVersion
2014-06-09 17:51 - 2014-06-02 20:15 - 00010521 _____ () C:\Users\AdminS\Desktop\FRST.txt
2014-06-09 17:51 - 2014-06-02 20:14 - 00000000 ____D () C:\FRST
2014-06-09 17:51 - 2014-06-02 19:24 - 01072128 _____ (Farbar) C:\Users\AdminS\Desktop\FRST.exe
2014-06-09 17:51 - 2010-12-27 17:00 - 00000000 ____D () C:\Users\AdminS\AppData\Local\Temp
2014-06-09 17:27 - 2010-12-27 16:47 - 01827054 _____ () C:\Windows\WindowsUpdate.log
2014-06-09 17:18 - 2011-03-13 14:50 - 00001098 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-06-09 14:39 - 2014-06-09 17:08 - 00854367 _____ () C:\Users\AdminS\Desktop\SecurityCheck.exe
2014-06-09 11:10 - 2014-06-09 11:10 - 00000000 ____D () C:\Program Files\ESET
2014-06-09 10:59 - 2010-12-27 17:16 - 00000000 ____D () C:\ProgramData\Kaspersky Lab
2014-06-09 09:50 - 2009-07-14 06:34 - 00014032 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-06-09 09:50 - 2009-07-14 06:34 - 00014032 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-06-09 08:37 - 2011-03-13 14:50 - 00001094 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-06-09 08:35 - 2009-07-14 06:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-06-09 08:35 - 2009-07-14 06:39 - 00080202 _____ () C:\Windows\setupact.log
2014-06-08 14:01 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\system32\NDF
2014-06-08 13:35 - 2014-06-08 13:35 - 00000874 _____ () C:\Users\AdminS\Desktop\JRT.txt
2014-06-08 13:32 - 2014-06-08 13:32 - 00000000 ____D () C:\Windows\ERUNT
2014-06-08 12:55 - 2014-06-08 12:55 - 00002638 _____ () C:\Users\AdminS\Desktop\AdwCleaner[S1].txt
2014-06-08 12:53 - 2011-01-09 15:24 - 00255084 _____ () C:\Windows\PFRO.log
2014-06-08 12:51 - 2014-05-11 16:28 - 00000000 ____D () C:\AdwCleaner
2014-06-08 12:46 - 2014-06-08 12:46 - 00004316 _____ () C:\Users\AdminS\Desktop\mbam.txt
2014-06-08 12:44 - 2014-06-08 12:44 - 00000000 __SHD () C:\Users\AdminS\AppData\Local\EmieUserList
2014-06-08 12:44 - 2014-06-08 12:44 - 00000000 __SHD () C:\Users\AdminS\AppData\Local\EmieSiteList
2014-06-08 12:42 - 2014-06-08 11:54 - 00110296 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-06-08 12:20 - 2014-06-08 12:57 - 01016261 _____ (Thisisu) C:\Users\AdminS\Desktop\JRT.exe
2014-06-08 12:20 - 2012-01-21 15:33 - 00000000 ____D () C:\ProgramData\YouTube Downloader
2014-06-08 12:18 - 2014-06-08 12:48 - 01333465 _____ () C:\Users\AdminS\Desktop\adwcleaner_3.212.exe
2014-06-08 11:54 - 2014-06-08 11:54 - 00001062 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-06-08 11:54 - 2014-06-08 11:54 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware
2014-06-08 11:54 - 2014-06-08 11:54 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-06-08 11:54 - 2014-06-08 11:54 - 00000000 ____D () C:\Program Files\ Malwarebytes Anti-Malware
2014-06-05 21:50 - 2014-06-05 21:50 - 00000000 ____D () C:\Users\Sofie\AppData\Local\temp
2014-06-05 21:50 - 2014-06-05 21:50 - 00000000 ____D () C:\Users\sabin\AppData\Local\temp
2014-06-05 21:50 - 2014-06-05 21:50 - 00000000 ____D () C:\Users\Public\AppData\Local\temp
2014-06-05 21:50 - 2014-06-05 21:50 - 00000000 ____D () C:\Users\micha\AppData\Local\temp
2014-06-05 21:50 - 2014-06-05 21:50 - 00000000 ____D () C:\Users\maya\AppData\Local\temp
2014-06-05 21:50 - 2014-06-05 21:50 - 00000000 ____D () C:\Users\Default\AppData\Local\temp
2014-06-05 21:50 - 2014-06-05 21:50 - 00000000 ____D () C:\Users\Default User\AppData\Local\temp
2014-06-05 21:50 - 2014-06-05 21:34 - 00000000 ____D () C:\Qoobox
2014-06-05 21:50 - 2009-07-14 04:37 - 00000000 __RHD () C:\Users\Default
2014-06-05 21:50 - 2009-07-14 04:37 - 00000000 ___RD () C:\Users\Public
2014-06-05 21:49 - 2014-06-05 21:49 - 00009287 _____ () C:\ComboFix.txt
2014-06-05 21:44 - 2014-06-05 21:34 - 00000000 ____D () C:\Windows\erdnt
2014-06-05 21:43 - 2009-07-14 04:04 - 00000215 _____ () C:\Windows\system.ini
2014-06-04 20:57 - 2014-06-02 21:04 - 00002278 _____ () C:\Users\AdminS\Desktop\Sicherer Zahlungsverkehr.lnk
2014-06-04 20:46 - 2012-05-30 06:04 - 00000008 __RSH () C:\Users\micha\ntuser.pol
2014-06-04 20:46 - 2010-12-27 17:59 - 00000000 ____D () C:\Users\micha
2014-06-04 20:38 - 2014-06-02 21:03 - 00576608 _____ (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\klif.sys
2014-06-04 20:38 - 2014-06-02 21:03 - 00094304 _____ (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\klflt.sys
2014-06-04 20:38 - 2013-10-17 15:47 - 00135776 _____ (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\kl1.sys
2014-06-04 20:38 - 2013-10-17 15:47 - 00025184 _____ (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\klkbdflt.sys
2014-06-04 20:38 - 2013-06-06 17:38 - 00144992 _____ (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\kneps.sys
2014-06-04 19:58 - 2014-06-04 19:58 - 00001224 _____ () C:\Users\AdminS\Desktop\Revo Uninstaller.lnk
2014-06-04 19:58 - 2014-06-04 19:58 - 00000000 ____D () C:\Program Files\VS Revo Group
2014-06-04 19:53 - 2012-05-30 05:57 - 00000008 __RSH () C:\Users\AdminS\ntuser.pol
2014-06-04 19:53 - 2010-12-27 17:00 - 00000000 ____D () C:\Users\AdminS
2014-06-04 19:49 - 2009-07-14 04:37 - 00000000 ___HD () C:\Windows\system32\GroupPolicy
2014-06-04 19:48 - 2014-06-04 19:55 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\AdminS\Desktop\revosetup95.exe
2014-06-02 21:04 - 2014-06-02 21:04 - 00001096 _____ () C:\Users\Public\Desktop\Kaspersky Internet Security.lnk
2014-06-02 21:04 - 2014-06-02 21:04 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kaspersky Internet Security
2014-06-02 21:03 - 2014-06-02 21:03 - 00000000 ____D () C:\Windows\ELAMBKUP
2014-06-02 21:03 - 2014-06-02 21:03 - 00000000 ____D () C:\Program Files\Kaspersky Lab
2014-06-02 20:15 - 2014-06-02 20:15 - 00024362 _____ () C:\Users\AdminS\Desktop\Addition.txt
2014-05-30 11:10 - 2010-05-11 20:42 - 00000000 ____D () C:\Elster
2014-05-30 10:56 - 2014-05-30 10:51 - 00033280 ___SH () C:\Users\Public\Thumbs.db
2014-05-30 10:50 - 2011-05-26 21:22 - 00000000 ____D () C:\temp
2014-05-29 23:15 - 2014-05-29 23:15 - 00000000 ____D () C:\aaavirus
2014-05-29 15:39 - 2010-12-27 17:03 - 01620612 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-05-29 13:13 - 2013-11-02 19:09 - 00000000 ____D () C:\Users\micha\AppData\Roaming\TV-Browser
2014-05-27 18:39 - 2012-04-10 10:18 - 00692400 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2014-05-27 18:39 - 2011-09-07 09:40 - 00070832 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2014-05-25 17:44 - 2014-05-25 17:43 - 00000000 ____D () C:\Users\micha\Downloads\KAZ
2014-05-25 12:48 - 2012-10-25 19:20 - 00000680 __RSH () C:\Users\sabin\ntuser.pol
2014-05-25 12:48 - 2010-12-27 17:08 - 00000000 ____D () C:\Users\sabin
2014-05-22 15:06 - 2012-12-02 13:00 - 00000680 __RSH () C:\Users\Sofie\ntuser.pol
2014-05-22 15:06 - 2012-12-02 13:00 - 00000000 ____D () C:\Users\Sofie
2014-05-18 21:05 - 2014-05-18 21:05 - 00008704 _____ () C:\Users\micha\Desktop\AG-Zuschuss.xls
2014-05-16 20:40 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\rescache
2014-05-16 20:00 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\Microsoft.NET
2014-05-16 19:46 - 2014-05-06 20:40 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-05-16 19:45 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\system32\de-DE
2014-05-15 20:52 - 2013-10-06 17:16 - 00000000 ____D () C:\Windows\system32\MRT
2014-05-15 20:49 - 2011-01-30 11:30 - 90547776 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-05-12 07:26 - 2014-06-08 11:54 - 00051928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-05-12 07:25 - 2014-06-08 11:54 - 00074456 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-05-12 07:25 - 2014-06-08 11:54 - 00023256 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-05-11 20:30 - 2011-02-13 10:22 - 00000000 ____D () C:\Users\micha\Documents\mibosoft
2014-05-11 20:14 - 2011-01-09 14:05 - 00000000 ____D () C:\Users\micha\.gimp-2.6
2014-05-11 20:13 - 2014-05-11 20:13 - 00005871 _____ () C:\Users\micha\.recently-used.xbel
2014-05-11 20:13 - 2011-01-17 20:07 - 00000000 ____D () C:\Users\micha\AppData\Roaming\gtk-2.0
2014-05-11 20:07 - 2014-05-11 20:07 - 00000042 _____ () C:\Users\micha\.gtk-bookmarks
2014-05-11 18:19 - 2014-05-11 18:19 - 00000000 __SHD () C:\Users\micha\AppData\Local\EmieUserList
2014-05-11 18:19 - 2014-05-11 18:19 - 00000000 __SHD () C:\Users\micha\AppData\Local\EmieSiteList
2014-05-11 16:55 - 2012-02-19 18:41 - 00000085 _____ () C:\Users\micha\Documents\adac.txt
2014-05-11 16:38 - 2014-05-11 16:38 - 00001141 _____ () C:\Users\AdminS\Desktop\Desinstaller_HOSTS_Anti-PUPs.lnk
2014-05-11 16:38 - 2014-05-11 16:38 - 00000000 ____D () C:\Program Files\Hosts_Anti_Adwares_PUPs
2014-05-11 16:01 - 2014-05-09 21:01 - 00000063 _____ () C:\Users\AdminS\AppData\Roaming\WB.CFG
Some content of TEMP:
====================
C:\Users\AdminS\AppData\Local\Temp\Quarantine.exe
==================== Bamital & volsnap Check =================
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2014-06-02 20:55
==================== End Of Log ============================
--- --- --- --- --- --- Ich lasse den ESET-OnlineScanner nochmal laufen und hoffe, dass Du nicht schimpfst  Hast Du noch weitere Trümpfe im Ärmel? Grüße, Mibo's Hallo Schrauber, das neue Ergebnis von ESET sieht ein bissi fülliger aus (es wurden nochmal 115 Infekte gefunden), hier das Log: Code:
ATTFilter ESETSmartInstaller@High as downloader log:
all ok
ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7587
# api_version=3.0.2
# EOSSerial=00007ea00d6c7842a316a0b9552226c8
# engine=18633
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2014-06-09 07:01:03
# local_time=2014-06-09 09:01:03 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1031
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode_1='Kaspersky Internet Security'
# compatibility_mode=1292 16777213 100 100 9980 33818485 0 0
# compatibility_mode_1=''
# compatibility_mode=5893 16776573 100 94 12664 153971654 0 0
# scanned=319220
# found=115
# cleaned=0
# scan_time=7088
sh=F13FED12BD97D2F4F352AB856AF56188F74A3B6F ft=1 fh=451c8cc6668feda5 vn="Variante von Win32/Toolbar.Widgi.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\Application Updater\ApplicationUpdater.exe.vir"
sh=8992F72873D09212597E582A16F8D9BC60E6A22A ft=1 fh=e21391a34e842ffc vn="Win32/Toolbar.Conduit evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\Common Files\DVDVideoSoft\TB\ConduitInstaller.exe.vir"
sh=56B3E6858EE89D48914D1BEEB8E762C3117C2DFE ft=1 fh=bb0925726fca96b9 vn="Variante von Win32/Toolbar.Widgi.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\Common Files\Spigot\Search Settings\wth.dll.vir"
sh=A4C12100882968291AED0400509B9336CAEFFE17 ft=1 fh=f66f43796c72ab72 vn="Variante von Win32/Toolbar.Widgi evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\Common Files\Spigot\wtxpcom\components\WidgiToolbarFF.dll.10.vir"
sh=398B52F8F4FC55D3606BFC5DE48F23B76D80EF52 ft=1 fh=554cc21b4c3b0d81 vn="Variante von Win32/Toolbar.Widgi evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\Common Files\Spigot\wtxpcom\components\WidgiToolbarFF.dll.11.vir"
sh=2322F97BAB49362E94E51157A099A4F00062DFB8 ft=1 fh=096ad82feace8a1e vn="Variante von Win32/Toolbar.Widgi evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\Common Files\Spigot\wtxpcom\components\WidgiToolbarFF.dll.12.vir"
sh=687B410A687FD2F6E614E88BD1F722BF6506276B ft=1 fh=bb40e1d383fe4ed3 vn="Variante von Win32/Toolbar.Widgi evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\Common Files\Spigot\wtxpcom\components\WidgiToolbarFF.dll.13.vir"
sh=720DE68F1FB46F7D631D26573C47F6FE6C096242 ft=1 fh=4453c88738af394b vn="Variante von Win32/Toolbar.Widgi evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\Common Files\Spigot\wtxpcom\components\WidgiToolbarFF.dll.14.vir"
sh=A5CD2A6497ED2AC5597A4BA17C24CF016F6F75C9 ft=1 fh=5ec7f6de7fed4ba1 vn="Variante von Win32/Toolbar.Widgi evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\Common Files\Spigot\wtxpcom\components\WidgiToolbarFF.dll.5.vir"
sh=0F4B8DC1FD1BC79E6E89B6A7FB15D747D5AC7B86 ft=1 fh=d18442307be45528 vn="Variante von Win32/Toolbar.Widgi evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\Common Files\Spigot\wtxpcom\components\WidgiToolbarFF.dll.6.vir"
sh=11F362492620A4B68D0C6392DCD2AA7708CBBC60 ft=1 fh=74065091cf47bfe5 vn="Variante von Win32/Toolbar.Widgi evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\Common Files\Spigot\wtxpcom\components\WidgiToolbarFF.dll.7.vir"
sh=967C2D498198D94AD1BAD95204EC23CB1B18C563 ft=1 fh=f942209c8274ac87 vn="Variante von Win32/Toolbar.Widgi evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\Common Files\Spigot\wtxpcom\components\WidgiToolbarFF.dll.8.vir"
sh=90A79A0ABBCCD00F6C76B52D82112D0B3CE6816B ft=1 fh=1b44112c4855ba93 vn="Variante von Win32/Toolbar.Widgi evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\Common Files\Spigot\wtxpcom\components\WidgiToolbarFF.dll.9.vir"
sh=040ED5EBBE59A0B3D2042B655CADEE98934923D7 ft=1 fh=acaee5b1aeb0d936 vn="Win32/Toolbar.Widgi evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\YouTube Downloader Toolbar\WidgiHelper.exe.vir"
sh=8DD1C5172B14A569584C79C307BF6EFD2B4AE217 ft=1 fh=8027a071ccabf408 vn="Variante von Win32/Toolbar.Widgi evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\YouTube Downloader Toolbar\IE\5.8\youtubedownloaderToolbarIE.dll.vir"
sh=8E6A6992A3C7FEC4000FA1A4D764DD597109E0B5 ft=1 fh=c71c0011cd00713e vn="Win32/NextLive.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\AdminS\AppData\Local\genienext\nengine.dll.vir"
sh=9DD0F7453F429A74EDA0C5519D70C91AF1EC6AA2 ft=0 fh=0000000000000000 vn="Variante von Win32/Mobogenie.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\AdminS\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie2.1.36.zip.vir"
sh=12A81C015E84CAB1346754690B8683E3D0F5C542 ft=1 fh=2038865bafb4f80a vn="Variante von Win32/Mobogenie.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\AdminS\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\DaemonProcess.exe.vir"
sh=CC52EE1298EA7A344B1C0CD7D03D1A059C77FD39 ft=1 fh=d235b59034f549ec vn="Variante von Win32/Mobogenie.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\AdminS\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\Mobogenie.exe.vir"
sh=659E678C5D8CE742CC03A211C59AA57E6018FDC6 ft=0 fh=0000000000000000 vn="Variante von Android/Mobserv.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\AdminS\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\MUServer.apk.vir"
sh=8E6A6992A3C7FEC4000FA1A4D764DD597109E0B5 ft=1 fh=c71c0011cd00713e vn="Win32/NextLive.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\AdminS\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\nengine.dll.vir"
sh=930F6C24088B7CB47481D4EDD64A873A817E73FC ft=1 fh=44fb5a4b02bb1a4e vn="Variante von Win32/Mobogenie.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\AdminS\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\New_UpdateMoboGenie.exe.vir"
sh=2DAAB83B0439BC76845E58F3F7DDB84EE8E210C4 ft=1 fh=855a37aa5dbeb36f vn="Win32/InstallCore.PC evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\AdminS\AppData\Roaming\0D0S1L2Z1P1B0T1P1B2Z\Image Editor Packages\uninstaller.exe.vir"
sh=8E6A6992A3C7FEC4000FA1A4D764DD597109E0B5 ft=1 fh=c71c0011cd00713e vn="Win32/NextLive.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\AdminS\AppData\Roaming\newnext.me\nengine.dll.vir"
sh=B5ED1E639B7D9AD3C0F3C81E5AA2E9F88DDFEB65 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\micha\AppData\Local\Google\Chrome\User Data\Default\Extensions\kjiibbppkaibndmgapooidfnmdjbecii\1.25.9_0\extensionData\plugins\102_dealply_m.js.vir"
sh=FC28D62EDB6C0C353E97185BB4B6DC87F5EDED14 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\micha\AppData\Local\Google\Chrome\User Data\Default\Extensions\kjiibbppkaibndmgapooidfnmdjbecii\1.25.9_0\extensionData\plugins\103_intext_5_m.js.vir"
sh=8BFBBD749FDAA46297DA7F28A30E29C55FD72880 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\micha\AppData\Local\Google\Chrome\User Data\Default\Extensions\kjiibbppkaibndmgapooidfnmdjbecii\1.25.9_0\extensionData\plugins\104_jollywallet_m.js.vir"
sh=0B21E41A47E579081215969619861996F43524B1 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\micha\AppData\Local\Google\Chrome\User Data\Default\Extensions\kjiibbppkaibndmgapooidfnmdjbecii\1.25.9_0\extensionData\plugins\105_corticas_m.js.vir"
sh=7F7359D9F0900191297BFDF5B85D5CDF588CD9EA ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\micha\AppData\Local\Google\Chrome\User Data\Default\Extensions\kjiibbppkaibndmgapooidfnmdjbecii\1.25.9_0\extensionData\plugins\117_coupons_intext_ads_5_m.js.vir"
sh=FE3704EEF2BFB9DCA552518E7AEC9D6AFC1ED15C ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\micha\AppData\Local\Google\Chrome\User Data\Default\Extensions\kjiibbppkaibndmgapooidfnmdjbecii\1.25.9_0\extensionData\plugins\119_similar_web_m.js.vir"
sh=35CE3B76158991DDEA79CAF0C1F826A7EE18A820 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\micha\AppData\Local\Google\Chrome\User Data\Default\Extensions\kjiibbppkaibndmgapooidfnmdjbecii\1.25.9_0\extensionData\plugins\120_luck_m.js.vir"
sh=E106EF12FBA54AD37717391E3A2A8B7416B0A30E ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\micha\AppData\Local\Google\Chrome\User Data\Default\Extensions\kjiibbppkaibndmgapooidfnmdjbecii\1.25.9_0\extensionData\plugins\123_intext_adv_m.js.vir"
sh=6376FE6DF3E7E394FAE45C47A1FDE1CF41CAFBFD ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\micha\AppData\Local\Google\Chrome\User Data\Default\Extensions\kjiibbppkaibndmgapooidfnmdjbecii\1.25.9_0\extensionData\plugins\124_superfish_no_search_no_coupons_m.js.vir"
sh=D295E3F253D0942BD3114F61DEF5D78DD0FC5BFB ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\micha\AppData\Local\Google\Chrome\User Data\Default\Extensions\kjiibbppkaibndmgapooidfnmdjbecii\1.25.9_0\extensionData\plugins\125_arcadi2_m.js.vir"
sh=3CFE90E3825BB08EB9B4222552FAC05360188207 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\micha\AppData\Local\Google\Chrome\User Data\Default\Extensions\kjiibbppkaibndmgapooidfnmdjbecii\1.25.9_0\extensionData\plugins\126_revizer_ws_m.js.vir"
sh=031F6CD140ED363E0F137E627AE1FE4DED5714E2 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\micha\AppData\Local\Google\Chrome\User Data\Default\Extensions\kjiibbppkaibndmgapooidfnmdjbecii\1.25.9_0\extensionData\plugins\127_revizer_p_m.js.vir"
sh=8127B97C670D583EED3F89EDB7543D51CC90FDB5 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\micha\AppData\Local\Google\Chrome\User Data\Default\Extensions\kjiibbppkaibndmgapooidfnmdjbecii\1.25.9_0\extensionData\plugins\128_superfish_pricora_m.js.vir"
sh=BB2946641B9FEB2F76D281220A52220336E454E1 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\micha\AppData\Local\Google\Chrome\User Data\Default\Extensions\kjiibbppkaibndmgapooidfnmdjbecii\1.25.9_0\extensionData\plugins\135_arcadi3_m.js.vir"
sh=8BD506BDCB470B73FE581B4DA1769AD9FBCAF0D8 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\micha\AppData\Local\Google\Chrome\User Data\Default\Extensions\kjiibbppkaibndmgapooidfnmdjbecii\1.25.9_0\extensionData\plugins\138_getdeal_m.js.vir"
sh=90A4F559561CF603A203F93D56C80B17B8152325 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\micha\AppData\Local\Google\Chrome\User Data\Default\Extensions\kjiibbppkaibndmgapooidfnmdjbecii\1.25.9_0\extensionData\plugins\141_corticas_ru_m.js.js.vir"
sh=8395A2B6D59D2F3EDDCFC863DDA2F674396DC74C ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\micha\AppData\Local\Google\Chrome\User Data\Default\Extensions\kjiibbppkaibndmgapooidfnmdjbecii\1.25.9_0\extensionData\plugins\142_intext_fa_m.js.vir"
sh=0CEB1A073B87956FD1F21F8425B8F76015B1BCD8 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\micha\AppData\Local\Google\Chrome\User Data\Default\Extensions\kjiibbppkaibndmgapooidfnmdjbecii\1.25.9_0\extensionData\plugins\158_50onred_ads_only_no_fb_m.js.vir"
sh=441E98540BDEC21B7E534C2B317AE91925F6CEE7 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\micha\AppData\Local\Google\Chrome\User Data\Default\Extensions\kjiibbppkaibndmgapooidfnmdjbecii\1.25.9_0\extensionData\plugins\159_cortica_rollover_m.js.vir"
sh=C8B01A1511A63AEC3D40B1D045034D76B1E85EFD ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\micha\AppData\Local\Google\Chrome\User Data\Default\Extensions\kjiibbppkaibndmgapooidfnmdjbecii\1.25.9_0\extensionData\plugins\171_arcadi2_sourceID_m.js.vir"
sh=078C314715CCC0DE7547172AD4B810FD754115C6 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\micha\AppData\Local\Google\Chrome\User Data\Default\Extensions\kjiibbppkaibndmgapooidfnmdjbecii\1.25.9_0\extensionData\plugins\174_arcadi_serp_dynamic_id_m.js.vir"
sh=CFFCA6A4EE3A0DF2319440491BB297ADEC6EEF37 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\micha\AppData\Local\Google\Chrome\User Data\Default\Extensions\kjiibbppkaibndmgapooidfnmdjbecii\1.25.9_0\extensionData\plugins\178_revizer_ws_dynamic_m.js.vir"
sh=ADB54DE323736C99B4191A45B478B70DF1B7B945 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\micha\AppData\Local\Google\Chrome\User Data\Default\Extensions\kjiibbppkaibndmgapooidfnmdjbecii\1.25.9_0\extensionData\plugins\179_revizer_p_dynamic_m.js.vir"
sh=C9A8D5AE55FA65E00EE75767C5D2E9B56041858D ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\micha\AppData\Local\Google\Chrome\User Data\Default\Extensions\kjiibbppkaibndmgapooidfnmdjbecii\1.25.9_0\extensionData\plugins\180_bpo_serp_m.js.vir"
sh=24E6E5A06D24A5CC24C0B705FDB089FD4FEC70AC ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\micha\AppData\Local\Google\Chrome\User Data\Default\Extensions\kjiibbppkaibndmgapooidfnmdjbecii\1.25.9_0\extensionData\plugins\184_noproblemppc_m.js.vir"
sh=C450AA599E6408FB93F66538C89B8D8B7799642D ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\micha\AppData\Local\Google\Chrome\User Data\Default\Extensions\kjiibbppkaibndmgapooidfnmdjbecii\1.25.9_0\extensionData\plugins\189_active_sanity.js.vir"
sh=6B3C17F9D4BD40BFCF87831196C40DBA3C4DB14C ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\micha\AppData\Local\Google\Chrome\User Data\Default\Extensions\kjiibbppkaibndmgapooidfnmdjbecii\1.25.9_0\extensionData\plugins\190_pops_5_m.js.vir"
sh=9F07ACC96BC246F25975479E9382CDF88E7D8711 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\micha\AppData\Local\Google\Chrome\User Data\Default\Extensions\kjiibbppkaibndmgapooidfnmdjbecii\1.25.9_0\extensionData\plugins\191_ciuvo_m.js.vir"
sh=F913C9EE03B4CCE8680961DBF505FA17BAC140F0 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\micha\AppData\Local\Google\Chrome\User Data\Default\Extensions\kjiibbppkaibndmgapooidfnmdjbecii\1.25.9_0\extensionData\plugins\192_revizer_ws_dynamic_b2b_m.js.vir"
sh=28F70DF1D28964084CCA8382AE4ADA97EF0C4C0A ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\micha\AppData\Local\Google\Chrome\User Data\Default\Extensions\kjiibbppkaibndmgapooidfnmdjbecii\1.25.9_0\extensionData\plugins\193_revizer_p_dynamic_b2b_m.js.vir"
sh=2B2BD3E9AC85BA029FFFBBD266DDE00AC85817F3 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\micha\AppData\Local\Google\Chrome\User Data\Default\Extensions\kjiibbppkaibndmgapooidfnmdjbecii\1.25.9_0\extensionData\plugins\194_retargeting_bi_m.js.js.vir"
sh=DB6D60F85147D2C1DF2F166A67BDBBDAE73CE0E5 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\micha\AppData\Local\Google\Chrome\User Data\Default\Extensions\kjiibbppkaibndmgapooidfnmdjbecii\1.25.9_0\extensionData\plugins\195_icm_convertmedia_m.js.vir"
sh=0A113BDC19C5B96609992E6C9D972B814B918109 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\micha\AppData\Local\Google\Chrome\User Data\Default\Extensions\kjiibbppkaibndmgapooidfnmdjbecii\1.25.9_0\extensionData\plugins\197_kreapixel_pops_m.js.vir"
sh=9A67AB016B12405F2FF8E65A64A035E46421F243 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\micha\AppData\Local\Google\Chrome\User Data\Default\Extensions\kjiibbppkaibndmgapooidfnmdjbecii\1.25.9_0\extensionData\plugins\198_superfish_no_search_no_coupons_plushd_m.js.vir"
sh=6DF0914CB2A51AA8E7F1BDDEC414B8969C38A6F7 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\micha\AppData\Local\Google\Chrome\User Data\Default\Extensions\kjiibbppkaibndmgapooidfnmdjbecii\1.25.9_0\extensionData\plugins\199_superfish_no_coupons_plushd_m.js.vir"
sh=61DB672F16D1D9053F6B8D591E51C53BA3165770 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\micha\AppData\Local\Google\Chrome\User Data\Default\Extensions\kjiibbppkaibndmgapooidfnmdjbecii\1.25.9_0\extensionData\plugins\200_foxydeal_m.js.vir"
sh=392B3EB529AF22E57C2AC4076E7702176010694C ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\micha\AppData\Local\Google\Chrome\User Data\Default\Extensions\kjiibbppkaibndmgapooidfnmdjbecii\1.25.9_0\extensionData\plugins\204_pricedetect_m.js.vir"
sh=CEFE3720E5F8912F0E75E7966BA64F23C0DAA130 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\micha\AppData\Local\Google\Chrome\User Data\Default\Extensions\kjiibbppkaibndmgapooidfnmdjbecii\1.25.9_0\extensionData\plugins\91_monetizationLoader.js.js.vir"
sh=0C5AC30A082628E85A9A8B68EF5E5EAFA46F0CC7 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\micha\AppData\Local\Google\Chrome\User Data\Default\Extensions\kjiibbppkaibndmgapooidfnmdjbecii\1.25.9_0\extensionData\plugins\93_superfish_no_coupons_m.js.vir"
sh=BE2C2FC903765EEF75F58A2684D3EBF554D1316B ft=1 fh=a41cd9b25da7c454 vn="Win32/DealPly.M evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\micha\AppData\Roaming\DigitalSites\UpdateProc\UpdateTask.exe.vir"
sh=B5ED1E639B7D9AD3C0F3C81E5AA2E9F88DDFEB65 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\micha\AppData\Roaming\Mozilla\Firefox\Profiles\bntu9o8t.default\Extensions\8c6c8c15-21d7-4f62-8a57-202aee8f7fb3@6567ba21-e435-4eb0-838d-8395b2265c30.com\extensionData\plugins\102_dealply_m.js.vir"
sh=FC28D62EDB6C0C353E97185BB4B6DC87F5EDED14 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\micha\AppData\Roaming\Mozilla\Firefox\Profiles\bntu9o8t.default\Extensions\8c6c8c15-21d7-4f62-8a57-202aee8f7fb3@6567ba21-e435-4eb0-838d-8395b2265c30.com\extensionData\plugins\103_intext_5_m.js.vir"
sh=8BFBBD749FDAA46297DA7F28A30E29C55FD72880 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\micha\AppData\Roaming\Mozilla\Firefox\Profiles\bntu9o8t.default\Extensions\8c6c8c15-21d7-4f62-8a57-202aee8f7fb3@6567ba21-e435-4eb0-838d-8395b2265c30.com\extensionData\plugins\104_jollywallet_m.js.vir"
sh=0B21E41A47E579081215969619861996F43524B1 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\micha\AppData\Roaming\Mozilla\Firefox\Profiles\bntu9o8t.default\Extensions\8c6c8c15-21d7-4f62-8a57-202aee8f7fb3@6567ba21-e435-4eb0-838d-8395b2265c30.com\extensionData\plugins\105_corticas_m.js.vir"
sh=30AFCC1D03C04E68202593C239C4964A29BA2E15 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\micha\AppData\Roaming\Mozilla\Firefox\Profiles\bntu9o8t.default\Extensions\8c6c8c15-21d7-4f62-8a57-202aee8f7fb3@6567ba21-e435-4eb0-838d-8395b2265c30.com\extensionData\plugins\108_icm_m.js.vir"
sh=7F7359D9F0900191297BFDF5B85D5CDF588CD9EA ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\micha\AppData\Roaming\Mozilla\Firefox\Profiles\bntu9o8t.default\Extensions\8c6c8c15-21d7-4f62-8a57-202aee8f7fb3@6567ba21-e435-4eb0-838d-8395b2265c30.com\extensionData\plugins\117_coupons_intext_ads_5_m.js.vir"
sh=FE3704EEF2BFB9DCA552518E7AEC9D6AFC1ED15C ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\micha\AppData\Roaming\Mozilla\Firefox\Profiles\bntu9o8t.default\Extensions\8c6c8c15-21d7-4f62-8a57-202aee8f7fb3@6567ba21-e435-4eb0-838d-8395b2265c30.com\extensionData\plugins\119_similar_web_m.js.vir"
sh=35CE3B76158991DDEA79CAF0C1F826A7EE18A820 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\micha\AppData\Roaming\Mozilla\Firefox\Profiles\bntu9o8t.default\Extensions\8c6c8c15-21d7-4f62-8a57-202aee8f7fb3@6567ba21-e435-4eb0-838d-8395b2265c30.com\extensionData\plugins\120_luck_m.js.vir"
sh=E106EF12FBA54AD37717391E3A2A8B7416B0A30E ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\micha\AppData\Roaming\Mozilla\Firefox\Profiles\bntu9o8t.default\Extensions\8c6c8c15-21d7-4f62-8a57-202aee8f7fb3@6567ba21-e435-4eb0-838d-8395b2265c30.com\extensionData\plugins\123_intext_adv_m.js.vir"
sh=6376FE6DF3E7E394FAE45C47A1FDE1CF41CAFBFD ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\micha\AppData\Roaming\Mozilla\Firefox\Profiles\bntu9o8t.default\Extensions\8c6c8c15-21d7-4f62-8a57-202aee8f7fb3@6567ba21-e435-4eb0-838d-8395b2265c30.com\extensionData\plugins\124_superfish_no_search_no_coupons_m.js.vir"
sh=D295E3F253D0942BD3114F61DEF5D78DD0FC5BFB ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\micha\AppData\Roaming\Mozilla\Firefox\Profiles\bntu9o8t.default\Extensions\8c6c8c15-21d7-4f62-8a57-202aee8f7fb3@6567ba21-e435-4eb0-838d-8395b2265c30.com\extensionData\plugins\125_arcadi2_m.js.vir"
sh=3CFE90E3825BB08EB9B4222552FAC05360188207 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\micha\AppData\Roaming\Mozilla\Firefox\Profiles\bntu9o8t.default\Extensions\8c6c8c15-21d7-4f62-8a57-202aee8f7fb3@6567ba21-e435-4eb0-838d-8395b2265c30.com\extensionData\plugins\126_revizer_ws_m.js.vir"
sh=031F6CD140ED363E0F137E627AE1FE4DED5714E2 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\micha\AppData\Roaming\Mozilla\Firefox\Profiles\bntu9o8t.default\Extensions\8c6c8c15-21d7-4f62-8a57-202aee8f7fb3@6567ba21-e435-4eb0-838d-8395b2265c30.com\extensionData\plugins\127_revizer_p_m.js.vir"
sh=8127B97C670D583EED3F89EDB7543D51CC90FDB5 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\micha\AppData\Roaming\Mozilla\Firefox\Profiles\bntu9o8t.default\Extensions\8c6c8c15-21d7-4f62-8a57-202aee8f7fb3@6567ba21-e435-4eb0-838d-8395b2265c30.com\extensionData\plugins\128_superfish_pricora_m.js.vir"
sh=BB2946641B9FEB2F76D281220A52220336E454E1 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\micha\AppData\Roaming\Mozilla\Firefox\Profiles\bntu9o8t.default\Extensions\8c6c8c15-21d7-4f62-8a57-202aee8f7fb3@6567ba21-e435-4eb0-838d-8395b2265c30.com\extensionData\plugins\135_arcadi3_m.js.vir"
sh=8BD506BDCB470B73FE581B4DA1769AD9FBCAF0D8 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\micha\AppData\Roaming\Mozilla\Firefox\Profiles\bntu9o8t.default\Extensions\8c6c8c15-21d7-4f62-8a57-202aee8f7fb3@6567ba21-e435-4eb0-838d-8395b2265c30.com\extensionData\plugins\138_getdeal_m.js.vir"
sh=90A4F559561CF603A203F93D56C80B17B8152325 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\micha\AppData\Roaming\Mozilla\Firefox\Profiles\bntu9o8t.default\Extensions\8c6c8c15-21d7-4f62-8a57-202aee8f7fb3@6567ba21-e435-4eb0-838d-8395b2265c30.com\extensionData\plugins\141_corticas_ru_m.js.js.vir"
sh=8395A2B6D59D2F3EDDCFC863DDA2F674396DC74C ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\micha\AppData\Roaming\Mozilla\Firefox\Profiles\bntu9o8t.default\Extensions\8c6c8c15-21d7-4f62-8a57-202aee8f7fb3@6567ba21-e435-4eb0-838d-8395b2265c30.com\extensionData\plugins\142_intext_fa_m.js.vir"
sh=AE2D5CE395EE9CD2595F77F616E574F4794B1152 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\micha\AppData\Roaming\Mozilla\Firefox\Profiles\bntu9o8t.default\Extensions\8c6c8c15-21d7-4f62-8a57-202aee8f7fb3@6567ba21-e435-4eb0-838d-8395b2265c30.com\extensionData\plugins\155_ibario_pops_m.js.vir"
sh=0CEB1A073B87956FD1F21F8425B8F76015B1BCD8 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\micha\AppData\Roaming\Mozilla\Firefox\Profiles\bntu9o8t.default\Extensions\8c6c8c15-21d7-4f62-8a57-202aee8f7fb3@6567ba21-e435-4eb0-838d-8395b2265c30.com\extensionData\plugins\158_50onred_ads_only_no_fb_m.js.vir"
sh=441E98540BDEC21B7E534C2B317AE91925F6CEE7 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\micha\AppData\Roaming\Mozilla\Firefox\Profiles\bntu9o8t.default\Extensions\8c6c8c15-21d7-4f62-8a57-202aee8f7fb3@6567ba21-e435-4eb0-838d-8395b2265c30.com\extensionData\plugins\159_cortica_rollover_m.js.vir"
sh=C8B01A1511A63AEC3D40B1D045034D76B1E85EFD ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\micha\AppData\Roaming\Mozilla\Firefox\Profiles\bntu9o8t.default\Extensions\8c6c8c15-21d7-4f62-8a57-202aee8f7fb3@6567ba21-e435-4eb0-838d-8395b2265c30.com\extensionData\plugins\171_arcadi2_sourceID_m.js.vir"
sh=078C314715CCC0DE7547172AD4B810FD754115C6 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\micha\AppData\Roaming\Mozilla\Firefox\Profiles\bntu9o8t.default\Extensions\8c6c8c15-21d7-4f62-8a57-202aee8f7fb3@6567ba21-e435-4eb0-838d-8395b2265c30.com\extensionData\plugins\174_arcadi_serp_dynamic_id_m.js.vir"
sh=220B01F705C009D135199A26C85EB536B16C9D6E ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\micha\AppData\Roaming\Mozilla\Firefox\Profiles\bntu9o8t.default\Extensions\8c6c8c15-21d7-4f62-8a57-202aee8f7fb3@6567ba21-e435-4eb0-838d-8395b2265c30.com\extensionData\plugins\175_coolmirage_m.js.vir"
sh=CFFCA6A4EE3A0DF2319440491BB297ADEC6EEF37 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\micha\AppData\Roaming\Mozilla\Firefox\Profiles\bntu9o8t.default\Extensions\8c6c8c15-21d7-4f62-8a57-202aee8f7fb3@6567ba21-e435-4eb0-838d-8395b2265c30.com\extensionData\plugins\178_revizer_ws_dynamic_m.js.vir"
sh=ADB54DE323736C99B4191A45B478B70DF1B7B945 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\micha\AppData\Roaming\Mozilla\Firefox\Profiles\bntu9o8t.default\Extensions\8c6c8c15-21d7-4f62-8a57-202aee8f7fb3@6567ba21-e435-4eb0-838d-8395b2265c30.com\extensionData\plugins\179_revizer_p_dynamic_m.js.vir"
sh=C9A8D5AE55FA65E00EE75767C5D2E9B56041858D ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\micha\AppData\Roaming\Mozilla\Firefox\Profiles\bntu9o8t.default\Extensions\8c6c8c15-21d7-4f62-8a57-202aee8f7fb3@6567ba21-e435-4eb0-838d-8395b2265c30.com\extensionData\plugins\180_bpo_serp_m.js.vir"
sh=24E6E5A06D24A5CC24C0B705FDB089FD4FEC70AC ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\micha\AppData\Roaming\Mozilla\Firefox\Profiles\bntu9o8t.default\Extensions\8c6c8c15-21d7-4f62-8a57-202aee8f7fb3@6567ba21-e435-4eb0-838d-8395b2265c30.com\extensionData\plugins\184_noproblemppc_m.js.vir"
sh=C450AA599E6408FB93F66538C89B8D8B7799642D ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\micha\AppData\Roaming\Mozilla\Firefox\Profiles\bntu9o8t.default\Extensions\8c6c8c15-21d7-4f62-8a57-202aee8f7fb3@6567ba21-e435-4eb0-838d-8395b2265c30.com\extensionData\plugins\189_active_sanity.js.vir"
sh=6B3C17F9D4BD40BFCF87831196C40DBA3C4DB14C ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\micha\AppData\Roaming\Mozilla\Firefox\Profiles\bntu9o8t.default\Extensions\8c6c8c15-21d7-4f62-8a57-202aee8f7fb3@6567ba21-e435-4eb0-838d-8395b2265c30.com\extensionData\plugins\190_pops_5_m.js.vir"
sh=9F07ACC96BC246F25975479E9382CDF88E7D8711 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\micha\AppData\Roaming\Mozilla\Firefox\Profiles\bntu9o8t.default\Extensions\8c6c8c15-21d7-4f62-8a57-202aee8f7fb3@6567ba21-e435-4eb0-838d-8395b2265c30.com\extensionData\plugins\191_ciuvo_m.js.vir"
sh=F913C9EE03B4CCE8680961DBF505FA17BAC140F0 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\micha\AppData\Roaming\Mozilla\Firefox\Profiles\bntu9o8t.default\Extensions\8c6c8c15-21d7-4f62-8a57-202aee8f7fb3@6567ba21-e435-4eb0-838d-8395b2265c30.com\extensionData\plugins\192_revizer_ws_dynamic_b2b_m.js.vir"
sh=28F70DF1D28964084CCA8382AE4ADA97EF0C4C0A ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\micha\AppData\Roaming\Mozilla\Firefox\Profiles\bntu9o8t.default\Extensions\8c6c8c15-21d7-4f62-8a57-202aee8f7fb3@6567ba21-e435-4eb0-838d-8395b2265c30.com\extensionData\plugins\193_revizer_p_dynamic_b2b_m.js.vir"
sh=2B2BD3E9AC85BA029FFFBBD266DDE00AC85817F3 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\micha\AppData\Roaming\Mozilla\Firefox\Profiles\bntu9o8t.default\Extensions\8c6c8c15-21d7-4f62-8a57-202aee8f7fb3@6567ba21-e435-4eb0-838d-8395b2265c30.com\extensionData\plugins\194_retargeting_bi_m.js.js.vir"
sh=DB6D60F85147D2C1DF2F166A67BDBBDAE73CE0E5 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\micha\AppData\Roaming\Mozilla\Firefox\Profiles\bntu9o8t.default\Extensions\8c6c8c15-21d7-4f62-8a57-202aee8f7fb3@6567ba21-e435-4eb0-838d-8395b2265c30.com\extensionData\plugins\195_icm_convertmedia_m.js.vir"
sh=0A113BDC19C5B96609992E6C9D972B814B918109 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\micha\AppData\Roaming\Mozilla\Firefox\Profiles\bntu9o8t.default\Extensions\8c6c8c15-21d7-4f62-8a57-202aee8f7fb3@6567ba21-e435-4eb0-838d-8395b2265c30.com\extensionData\plugins\197_kreapixel_pops_m.js.vir"
sh=9A67AB016B12405F2FF8E65A64A035E46421F243 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\micha\AppData\Roaming\Mozilla\Firefox\Profiles\bntu9o8t.default\Extensions\8c6c8c15-21d7-4f62-8a57-202aee8f7fb3@6567ba21-e435-4eb0-838d-8395b2265c30.com\extensionData\plugins\198_superfish_no_search_no_coupons_plushd_m.js.vir"
sh=6DF0914CB2A51AA8E7F1BDDEC414B8969C38A6F7 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\micha\AppData\Roaming\Mozilla\Firefox\Profiles\bntu9o8t.default\Extensions\8c6c8c15-21d7-4f62-8a57-202aee8f7fb3@6567ba21-e435-4eb0-838d-8395b2265c30.com\extensionData\plugins\199_superfish_no_coupons_plushd_m.js.vir"
sh=61DB672F16D1D9053F6B8D591E51C53BA3165770 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\micha\AppData\Roaming\Mozilla\Firefox\Profiles\bntu9o8t.default\Extensions\8c6c8c15-21d7-4f62-8a57-202aee8f7fb3@6567ba21-e435-4eb0-838d-8395b2265c30.com\extensionData\plugins\200_foxydeal_m.js.vir"
sh=392B3EB529AF22E57C2AC4076E7702176010694C ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\micha\AppData\Roaming\Mozilla\Firefox\Profiles\bntu9o8t.default\Extensions\8c6c8c15-21d7-4f62-8a57-202aee8f7fb3@6567ba21-e435-4eb0-838d-8395b2265c30.com\extensionData\plugins\204_pricedetect_m.js.vir"
sh=CEFE3720E5F8912F0E75E7966BA64F23C0DAA130 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\micha\AppData\Roaming\Mozilla\Firefox\Profiles\bntu9o8t.default\Extensions\8c6c8c15-21d7-4f62-8a57-202aee8f7fb3@6567ba21-e435-4eb0-838d-8395b2265c30.com\extensionData\plugins\91_monetizationLoader.js.js.vir"
sh=0C5AC30A082628E85A9A8B68EF5E5EAFA46F0CC7 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\micha\AppData\Roaming\Mozilla\Firefox\Profiles\bntu9o8t.default\Extensions\8c6c8c15-21d7-4f62-8a57-202aee8f7fb3@6567ba21-e435-4eb0-838d-8395b2265c30.com\extensionData\plugins\93_superfish_no_coupons_m.js.vir"
sh=98380D85DD63FCF2A3E55472D3F8B9F06A838720 ft=1 fh=fb35a249052591d3 vn="Variante von Win32/DealPly.O evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\micha\AppData\Roaming\Mysearchdial\UpdateProc\UpdateTask.exe.vir"
sh=8F070D36BA757747527BDF3736EFCBBE1D051B0A ft=1 fh=92aee2bc5570ebe1 vn="Variante von Win32/Toolbar.Montiera.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\micha\Mysearchdial\1.8.21.0\mysearchdialApp.dll.vir"
sh=E869D3646D89D4514F947304703F0483029F6CAF ft=1 fh=9691cee157383ff8 vn="Variante von Win32/Toolbar.Montiera.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\micha\Mysearchdial\1.8.21.0\mysearchdialsrv.exe.vir"
sh=6F3A3B433459E6773C9FBE8CFB154DB6534EFA86 ft=1 fh=60bff0ff01dbe663 vn="Variante von Win32/InstallCore.A evtl. unerwünschte Anwendung" ac=I fn="C:\Program Files\VideoConverter\VideoConverter.exe"
sh=2FA78B48B540F22D9E28F4AAF9EF16272A316176 ft=1 fh=e78e4dc18b37c081 vn="Win32/Toolbar.Conduit evtl. unerwünschte Anwendung" ac=I fn="C:\Users\AdminS\Downloads\FreeYouTubeDownload3019.exe"
sh=EBE1748008422C218FD21BE383F80D627749A777 ft=1 fh=0b398f41eb4bbb2e vn="Win32/Toolbar.Conduit evtl. unerwünschte Anwendung" ac=I fn="C:\Users\micha\Downloads\FreeAudioCDToMP3Converter.exe"
sh=4E9007975D0439B7C249A716EC15D08448FA4D7C ft=1 fh=62bd6aea80e702e8 vn="Win32/Toolbar.Conduit evtl. unerwünschte Anwendung" ac=I fn="C:\Users\micha\Downloads\FreeStudio.exe"
sh=58E7CE356DC13DD3B18B150E1E05E88684F3B91C ft=1 fh=c71c00115819c4ee vn="Variante von Win32/InstallCore.NC evtl. unerwünschte Anwendung" ac=I fn="C:\Users\micha\Downloads\ImageEditorSetup.exe"
sh=92C2ED46CCABFD57142C3C42D70773C4A384ED19 ft=1 fh=0f17379e74e89995 vn="Variante von Win32/Toolbar.Widgi evtl. unerwünschte Anwendung" ac=I fn="C:\Users\micha\Downloads\YouTubeDownloaderSetup35.exe"
FRST Logfile: FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:09-06-2014 01
Ran by AdminS (administrator) on SABINPC on 09-06-2014 21:58:48
Running from C:\Users\AdminS\Desktop
Platform: Microsoft Windows 7 Professional Service Pack 1 (X86) OS Language: German Standard
Internet Explorer Version 11
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(Microsoft Corporation) C:\Program Files\Microsoft\BingBar\SeaPort.EXE
(Microsoft Corporation) C:\Program Files\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Microsoft Corporation) C:\Program Files\Microsoft LifeCam\MSCamS32.exe
==================== Registry (Whitelisted) ==================
HKU\S-1-5-21-2904712871-953101035-2089307719-1000\...\Run: [LaunchList] => C:\Program Files\Pinnacle\Studio 11\LaunchList2.exe [145496 2007-03-21] (Pinnacle Systems)
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKCU - {90300B97-ECFD-407D-8D44-14B273A45DCF} URL = hxxp://de.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=937811&p={searchTerms}
BHO: Content Blocker Plugin - {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO)
BHO: Virtual Keyboard Plugin - {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Safe Money Plugin - {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO)
BHO: Skype Browser Helper - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
BHO: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO: URL Advisor Plugin - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
Toolbar: HKLM - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1
FireFox:
========
FF ProfilePath: C:\Users\AdminS\AppData\Roaming\Mozilla\Firefox\Profiles\6uejegd8.default-1397162983529
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_13_0_0_214.dll ()
FF Plugin: @Google.com/GoogleEarthPlugin - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin: @java.com/DTPlugin,version=10.45.2 - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.45.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: Skype Click to Call - C:\Program Files\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2014-04-11]
FF Extension: Chặn quảng cáo - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\anti_banner@kaspersky.com [2014-06-02]
FF HKLM\...\Firefox\Extensions: - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\url_advisor@kaspersky.com
FF Extension: 卡巴斯基網址顧問 - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\url_advisor@kaspersky.com [2014-06-02]
FF HKLM\...\Firefox\Extensions: [virtual_keyboard@kaspersky.com] - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\virtual_keyboard@kaspersky.com
FF Extension: 虛擬鍵盤 - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\virtual_keyboard@kaspersky.com [2014-06-02]
FF HKLM\...\Firefox\Extensions: [content_blocker@kaspersky.com] - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\content_blocker@kaspersky.com
FF Extension: 惡意網站攔截器 - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\content_blocker@kaspersky.com [2014-06-02]
FF HKLM\...\Firefox\Extensions: [anti_banner@kaspersky.com] - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\anti_banner@kaspersky.com
FF Extension: Chặn quảng cáo - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\anti_banner@kaspersky.com [2014-06-02]
FF HKLM\...\Firefox\Extensions: [online_banking@kaspersky.com] - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\online_banking@kaspersky.com
FF Extension: Safe Money - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\online_banking@kaspersky.com [2014-06-02]
========================== Services (Whitelisted) =================
S2 AVP; C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avp.exe [214512 2013-10-17] (Kaspersky Lab ZAO)
R2 c2cautoupdatesvc; C:\Program Files\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390720 2014-04-11] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1764992 2014-04-11] (Microsoft Corporation)
S3 FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [1044816 2011-05-18] (Flexera Software, Inc.)
S2 HOSTS Anti-PUPs; C:\Program Files\Hosts_Anti_Adwares_PUPs\HOSTS_Anti-Adware.exe [285795 2014-05-11] () [File not signed]
S2 PCLEPCI; C:\Windows\system32\drivers\pclepci.sys [14165 2005-02-09] (Pinnacle Systems GmbH) [File not signed]
==================== Drivers (Whitelisted) ====================
S3 61883; C:\Windows\System32\DRIVERS\61883.sys [46976 2009-07-14] (Microsoft Corporation)
R3 acpials; C:\Windows\System32\DRIVERS\acpials.sys [7680 2009-07-14] (Microsoft Corporation)
R0 kl1; C:\Windows\System32\DRIVERS\kl1.sys [135776 2014-06-04] (Kaspersky Lab ZAO)
S4 klflt; C:\Windows\System32\DRIVERS\klflt.sys [94304 2014-06-04] (Kaspersky Lab ZAO)
R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [576608 2014-06-04] (Kaspersky Lab ZAO)
R1 KLIM6; C:\Windows\System32\DRIVERS\klim6.sys [25696 2013-10-17] (Kaspersky Lab ZAO)
R3 klkbdflt; C:\Windows\System32\DRIVERS\klkbdflt.sys [25184 2014-06-04] (Kaspersky Lab ZAO)
R3 klmouflt; C:\Windows\System32\DRIVERS\klmouflt.sys [25696 2013-10-17] (Kaspersky Lab ZAO)
R1 klpd; C:\Windows\System32\DRIVERS\klpd.sys [14432 2013-04-12] (Kaspersky Lab ZAO)
R1 kltdi; C:\Windows\System32\DRIVERS\kltdi.sys [45024 2013-05-14] (Kaspersky Lab ZAO)
R1 kneps; C:\Windows\System32\DRIVERS\kneps.sys [144992 2014-06-04] (Kaspersky Lab ZAO)
R3 MarvinBus; C:\Windows\System32\DRIVERS\MarvinBus.sys [171520 2007-01-04] (Pinnacle Systems GmbH)
S3 MODRC; C:\Windows\System32\DRIVERS\modrc.sys [20032 2009-11-16] (DiBcom S.A.)
S3 Ph3xIB32; C:\Windows\System32\DRIVERS\Ph3xIB32.sys [1311232 2009-07-14] (NXP Semiconductors)
S2 SE4BLPT; C:\Windows\system32\SE4BLPT.SYS [54488 2004-04-26] (Sharp Corporation) [File not signed]
R3 tap0901; C:\Windows\System32\DRIVERS\tap0901.sys [26112 2010-11-08] (The OpenVPN Project)
S3 TTUSB2BDA; C:\Windows\System32\DRIVERS\ttusb2bda.sys [581888 2013-12-24] (TechnoTrend Goerler GmbH)
S3 USB28xxBGA; C:\Windows\System32\DRIVERS\emBDA.sys [217088 2006-02-06] (eMPIA Technology, Inc.)
S3 USB28xxOEM; C:\Windows\System32\DRIVERS\emOEM.sys [17792 2006-02-06] (eMPIA Technology, Inc.)
S3 Afc; system32\drivers\Afc.sys [X]
S3 catchme; \??\C:\Users\AdminS\AppData\Local\Temp\catchme.sys [X]
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2014-06-09 21:28 - 2014-06-09 21:28 - 00026767 _____ () C:\Users\AdminS\Desktop\ESET_ListeBedrohungen.txt
2014-06-09 18:17 - 2014-06-09 09:26 - 02347384 _____ (ESET) C:\Users\AdminS\Desktop\esetsmartinstaller_deu.exe
2014-06-09 17:51 - 2014-06-09 17:51 - 00000000 ____D () C:\Users\AdminS\Desktop\FRST-OlderVersion
2014-06-09 17:08 - 2014-06-09 14:39 - 00854367 _____ () C:\Users\AdminS\Desktop\SecurityCheck.exe
2014-06-09 11:10 - 2014-06-09 11:10 - 00000000 ____D () C:\Program Files\ESET
2014-06-08 13:35 - 2014-06-08 13:35 - 00000874 _____ () C:\Users\AdminS\Desktop\JRT.txt
2014-06-08 13:32 - 2014-06-08 13:32 - 00000000 ____D () C:\Windows\ERUNT
2014-06-08 12:57 - 2014-06-08 12:20 - 01016261 _____ (Thisisu) C:\Users\AdminS\Desktop\JRT.exe
2014-06-08 12:55 - 2014-06-08 12:55 - 00002638 _____ () C:\Users\AdminS\Desktop\AdwCleaner[S1].txt
2014-06-08 12:48 - 2014-06-08 12:18 - 01333465 _____ () C:\Users\AdminS\Desktop\adwcleaner_3.212.exe
2014-06-08 12:46 - 2014-06-08 12:46 - 00004316 _____ () C:\Users\AdminS\Desktop\mbam.txt
2014-06-08 12:44 - 2014-06-08 12:44 - 00000000 __SHD () C:\Users\AdminS\AppData\Local\EmieUserList
2014-06-08 12:44 - 2014-06-08 12:44 - 00000000 __SHD () C:\Users\AdminS\AppData\Local\EmieSiteList
2014-06-08 11:54 - 2014-06-08 12:42 - 00110296 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-06-08 11:54 - 2014-06-08 11:54 - 00001062 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-06-08 11:54 - 2014-06-08 11:54 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware
2014-06-08 11:54 - 2014-06-08 11:54 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-06-08 11:54 - 2014-06-08 11:54 - 00000000 ____D () C:\Program Files\ Malwarebytes Anti-Malware
2014-06-08 11:54 - 2014-05-12 07:26 - 00051928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-06-08 11:54 - 2014-05-12 07:25 - 00074456 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-06-08 11:54 - 2014-05-12 07:25 - 00023256 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-06-05 21:50 - 2014-06-05 21:50 - 00000000 ____D () C:\Users\Sofie\AppData\Local\temp
2014-06-05 21:50 - 2014-06-05 21:50 - 00000000 ____D () C:\Users\sabin\AppData\Local\temp
2014-06-05 21:50 - 2014-06-05 21:50 - 00000000 ____D () C:\Users\Public\AppData\Local\temp
2014-06-05 21:50 - 2014-06-05 21:50 - 00000000 ____D () C:\Users\micha\AppData\Local\temp
2014-06-05 21:50 - 2014-06-05 21:50 - 00000000 ____D () C:\Users\maya\AppData\Local\temp
2014-06-05 21:50 - 2014-06-05 21:50 - 00000000 ____D () C:\Users\Default\AppData\Local\temp
2014-06-05 21:50 - 2014-06-05 21:50 - 00000000 ____D () C:\Users\Default User\AppData\Local\temp
2014-06-05 21:49 - 2014-06-05 21:49 - 00009287 _____ () C:\ComboFix.txt
2014-06-05 21:34 - 2014-06-05 21:50 - 00000000 ____D () C:\Qoobox
2014-06-05 21:34 - 2014-06-05 21:44 - 00000000 ____D () C:\Windows\erdnt
2014-06-05 21:34 - 2011-06-26 08:45 - 00256000 _____ () C:\Windows\PEV.exe
2014-06-05 21:34 - 2010-11-07 19:20 - 00208896 _____ () C:\Windows\MBR.exe
2014-06-05 21:34 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2014-06-05 21:34 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2014-06-05 21:34 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2014-06-05 21:34 - 2000-08-31 02:00 - 00098816 _____ () C:\Windows\sed.exe
2014-06-05 21:34 - 2000-08-31 02:00 - 00080412 _____ () C:\Windows\grep.exe
2014-06-05 21:34 - 2000-08-31 02:00 - 00068096 _____ () C:\Windows\zip.exe
2014-06-04 19:58 - 2014-06-04 19:58 - 00001224 _____ () C:\Users\AdminS\Desktop\Revo Uninstaller.lnk
2014-06-04 19:58 - 2014-06-04 19:58 - 00000000 ____D () C:\Program Files\VS Revo Group
2014-06-04 19:55 - 2014-06-04 19:48 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\AdminS\Desktop\revosetup95.exe
2014-06-02 21:04 - 2014-06-04 20:57 - 00002278 _____ () C:\Users\AdminS\Desktop\Sicherer Zahlungsverkehr.lnk
2014-06-02 21:04 - 2014-06-02 21:04 - 00001096 _____ () C:\Users\Public\Desktop\Kaspersky Internet Security.lnk
2014-06-02 21:04 - 2014-06-02 21:04 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kaspersky Internet Security
2014-06-02 21:03 - 2014-06-04 20:38 - 00576608 _____ (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\klif.sys
2014-06-02 21:03 - 2014-06-04 20:38 - 00094304 _____ (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\klflt.sys
2014-06-02 21:03 - 2014-06-02 21:03 - 00000000 ____D () C:\Windows\ELAMBKUP
2014-06-02 21:03 - 2014-06-02 21:03 - 00000000 ____D () C:\Program Files\Kaspersky Lab
2014-06-02 20:15 - 2014-06-09 21:58 - 00010311 _____ () C:\Users\AdminS\Desktop\FRST.txt
2014-06-02 20:15 - 2014-06-02 20:15 - 00024362 _____ () C:\Users\AdminS\Desktop\Addition.txt
2014-06-02 20:14 - 2014-06-09 21:58 - 00000000 ____D () C:\FRST
2014-06-02 19:24 - 2014-06-09 17:51 - 01072128 _____ (Farbar) C:\Users\AdminS\Desktop\FRST.exe
2014-05-30 10:51 - 2014-05-30 10:56 - 00033280 ___SH () C:\Users\Public\Thumbs.db
2014-05-29 23:15 - 2014-05-29 23:15 - 00000000 ____D () C:\aaavirus
2014-05-25 17:43 - 2014-05-25 17:44 - 00000000 ____D () C:\Users\micha\Downloads\KAZ
2014-05-18 21:05 - 2014-05-18 21:05 - 00008704 _____ () C:\Users\micha\Desktop\AG-Zuschuss.xls
2014-05-15 20:47 - 2014-05-06 05:25 - 17382912 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-05-15 20:47 - 2014-05-06 05:07 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-05-15 20:47 - 2014-05-06 04:10 - 00069632 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-05-15 20:10 - 2014-05-09 09:06 - 00369664 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-05-15 20:10 - 2014-05-09 09:04 - 00302592 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-05-15 20:10 - 2014-04-12 04:15 - 00136640 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2014-05-15 20:10 - 2014-04-12 04:15 - 00067520 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2014-05-15 20:10 - 2014-04-12 04:12 - 00100352 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2014-05-15 20:10 - 2014-04-12 04:12 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2014-05-15 20:10 - 2014-04-12 04:12 - 00015872 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2014-05-15 20:10 - 2014-04-12 04:11 - 01059840 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-05-15 20:10 - 2014-04-12 04:11 - 00022528 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2014-05-15 20:10 - 2014-03-04 11:20 - 03969984 _____ (Microsoft Corporation) C:\Windows\system32\ntkrnlpa.exe
2014-05-15 20:10 - 2014-03-04 11:20 - 03914176 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2014-05-15 20:10 - 2014-03-04 11:17 - 00550912 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-05-15 20:10 - 2014-03-04 11:17 - 00538112 _____ (Microsoft Corporation) C:\Windows\system32\objsel.dll
2014-05-15 20:10 - 2014-03-04 11:17 - 00304128 _____ (Microsoft Corporation) C:\Windows\system32\winlogon.exe
2014-05-15 20:10 - 2014-03-04 11:17 - 00293376 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2014-05-15 20:10 - 2014-03-04 11:17 - 00259584 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2014-05-15 20:10 - 2014-03-04 11:17 - 00247808 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2014-05-15 20:10 - 2014-03-04 11:17 - 00172032 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2014-05-15 20:10 - 2014-03-04 11:17 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2014-05-15 20:10 - 2014-03-04 11:17 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\cngprovider.dll
2014-05-15 20:10 - 2014-03-04 11:17 - 00049664 _____ (Microsoft Corporation) C:\Windows\system32\adprovider.dll
2014-05-15 20:10 - 2014-03-04 11:17 - 00048128 _____ (Microsoft Corporation) C:\Windows\system32\capiprovider.dll
2014-05-15 20:10 - 2014-03-04 11:17 - 00047616 _____ (Microsoft Corporation) C:\Windows\system32\dpapiprovider.dll
2014-05-15 20:10 - 2014-03-04 11:17 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\dimsroam.dll
2014-05-15 20:10 - 2014-03-04 11:17 - 00035328 _____ (Microsoft Corporation) C:\Windows\system32\wincredprovider.dll
2014-05-15 20:10 - 2014-03-04 11:17 - 00017408 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2014-05-15 20:09 - 2014-03-25 04:09 - 12874240 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2014-05-11 20:13 - 2014-05-11 20:13 - 00005871 _____ () C:\Users\micha\.recently-used.xbel
2014-05-11 20:07 - 2014-05-11 20:07 - 00000042 _____ () C:\Users\micha\.gtk-bookmarks
2014-05-11 18:19 - 2014-05-11 18:19 - 00000000 __SHD () C:\Users\micha\AppData\Local\EmieUserList
2014-05-11 18:19 - 2014-05-11 18:19 - 00000000 __SHD () C:\Users\micha\AppData\Local\EmieSiteList
2014-05-11 16:38 - 2014-05-11 16:38 - 00001141 _____ () C:\Users\AdminS\Desktop\Desinstaller_HOSTS_Anti-PUPs.lnk
2014-05-11 16:38 - 2014-05-11 16:38 - 00000000 ____D () C:\Program Files\Hosts_Anti_Adwares_PUPs
2014-05-11 16:28 - 2014-06-08 12:51 - 00000000 ____D () C:\AdwCleaner
==================== One Month Modified Files and Folders =======
2014-06-09 21:59 - 2014-06-02 20:15 - 00010311 _____ () C:\Users\AdminS\Desktop\FRST.txt
2014-06-09 21:59 - 2010-12-27 17:00 - 00000000 ____D () C:\Users\AdminS\AppData\Local\Temp
2014-06-09 21:58 - 2014-06-02 20:14 - 00000000 ____D () C:\FRST
2014-06-09 21:51 - 2009-07-14 06:34 - 00014032 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-06-09 21:51 - 2009-07-14 06:34 - 00014032 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-06-09 21:38 - 2011-03-13 14:50 - 00001094 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-06-09 21:38 - 2010-12-27 17:16 - 00000000 ____D () C:\ProgramData\Kaspersky Lab
2014-06-09 21:37 - 2010-12-27 16:47 - 01845518 _____ () C:\Windows\WindowsUpdate.log
2014-06-09 21:37 - 2009-07-14 06:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-06-09 21:37 - 2009-07-14 06:39 - 00080370 _____ () C:\Windows\setupact.log
2014-06-09 21:33 - 2010-12-27 17:03 - 01620612 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-06-09 21:28 - 2014-06-09 21:28 - 00026767 _____ () C:\Users\AdminS\Desktop\ESET_ListeBedrohungen.txt
2014-06-09 21:16 - 2011-03-13 14:50 - 00001098 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-06-09 20:38 - 2010-12-27 17:18 - 00075224 _____ () C:\Users\AdminS\AppData\Local\GDIPFONTCACHEV1.DAT
2014-06-09 17:51 - 2014-06-09 17:51 - 00000000 ____D () C:\Users\AdminS\Desktop\FRST-OlderVersion
2014-06-09 17:51 - 2014-06-02 19:24 - 01072128 _____ (Farbar) C:\Users\AdminS\Desktop\FRST.exe
2014-06-09 14:39 - 2014-06-09 17:08 - 00854367 _____ () C:\Users\AdminS\Desktop\SecurityCheck.exe
2014-06-09 11:10 - 2014-06-09 11:10 - 00000000 ____D () C:\Program Files\ESET
2014-06-09 09:26 - 2014-06-09 18:17 - 02347384 _____ (ESET) C:\Users\AdminS\Desktop\esetsmartinstaller_deu.exe
2014-06-08 14:01 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\system32\NDF
2014-06-08 13:35 - 2014-06-08 13:35 - 00000874 _____ () C:\Users\AdminS\Desktop\JRT.txt
2014-06-08 13:32 - 2014-06-08 13:32 - 00000000 ____D () C:\Windows\ERUNT
2014-06-08 12:55 - 2014-06-08 12:55 - 00002638 _____ () C:\Users\AdminS\Desktop\AdwCleaner[S1].txt
2014-06-08 12:53 - 2011-01-09 15:24 - 00255084 _____ () C:\Windows\PFRO.log
2014-06-08 12:51 - 2014-05-11 16:28 - 00000000 ____D () C:\AdwCleaner
2014-06-08 12:46 - 2014-06-08 12:46 - 00004316 _____ () C:\Users\AdminS\Desktop\mbam.txt
2014-06-08 12:44 - 2014-06-08 12:44 - 00000000 __SHD () C:\Users\AdminS\AppData\Local\EmieUserList
2014-06-08 12:44 - 2014-06-08 12:44 - 00000000 __SHD () C:\Users\AdminS\AppData\Local\EmieSiteList
2014-06-08 12:42 - 2014-06-08 11:54 - 00110296 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-06-08 12:20 - 2014-06-08 12:57 - 01016261 _____ (Thisisu) C:\Users\AdminS\Desktop\JRT.exe
2014-06-08 12:20 - 2012-01-21 15:33 - 00000000 ____D () C:\ProgramData\YouTube Downloader
2014-06-08 12:18 - 2014-06-08 12:48 - 01333465 _____ () C:\Users\AdminS\Desktop\adwcleaner_3.212.exe
2014-06-08 11:54 - 2014-06-08 11:54 - 00001062 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-06-08 11:54 - 2014-06-08 11:54 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware
2014-06-08 11:54 - 2014-06-08 11:54 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-06-08 11:54 - 2014-06-08 11:54 - 00000000 ____D () C:\Program Files\ Malwarebytes Anti-Malware
2014-06-05 21:50 - 2014-06-05 21:50 - 00000000 ____D () C:\Users\Sofie\AppData\Local\temp
2014-06-05 21:50 - 2014-06-05 21:50 - 00000000 ____D () C:\Users\sabin\AppData\Local\temp
2014-06-05 21:50 - 2014-06-05 21:50 - 00000000 ____D () C:\Users\Public\AppData\Local\temp
2014-06-05 21:50 - 2014-06-05 21:50 - 00000000 ____D () C:\Users\micha\AppData\Local\temp
2014-06-05 21:50 - 2014-06-05 21:50 - 00000000 ____D () C:\Users\maya\AppData\Local\temp
2014-06-05 21:50 - 2014-06-05 21:50 - 00000000 ____D () C:\Users\Default\AppData\Local\temp
2014-06-05 21:50 - 2014-06-05 21:50 - 00000000 ____D () C:\Users\Default User\AppData\Local\temp
2014-06-05 21:50 - 2014-06-05 21:34 - 00000000 ____D () C:\Qoobox
2014-06-05 21:50 - 2009-07-14 04:37 - 00000000 __RHD () C:\Users\Default
2014-06-05 21:50 - 2009-07-14 04:37 - 00000000 ___RD () C:\Users\Public
2014-06-05 21:49 - 2014-06-05 21:49 - 00009287 _____ () C:\ComboFix.txt
2014-06-05 21:44 - 2014-06-05 21:34 - 00000000 ____D () C:\Windows\erdnt
2014-06-05 21:43 - 2009-07-14 04:04 - 00000215 _____ () C:\Windows\system.ini
2014-06-04 20:57 - 2014-06-02 21:04 - 00002278 _____ () C:\Users\AdminS\Desktop\Sicherer Zahlungsverkehr.lnk
2014-06-04 20:46 - 2012-05-30 06:04 - 00000008 __RSH () C:\Users\micha\ntuser.pol
2014-06-04 20:46 - 2010-12-27 17:59 - 00000000 ____D () C:\Users\micha
2014-06-04 20:38 - 2014-06-02 21:03 - 00576608 _____ (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\klif.sys
2014-06-04 20:38 - 2014-06-02 21:03 - 00094304 _____ (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\klflt.sys
2014-06-04 20:38 - 2013-10-17 15:47 - 00135776 _____ (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\kl1.sys
2014-06-04 20:38 - 2013-10-17 15:47 - 00025184 _____ (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\klkbdflt.sys
2014-06-04 20:38 - 2013-06-06 17:38 - 00144992 _____ (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\kneps.sys
2014-06-04 19:58 - 2014-06-04 19:58 - 00001224 _____ () C:\Users\AdminS\Desktop\Revo Uninstaller.lnk
2014-06-04 19:58 - 2014-06-04 19:58 - 00000000 ____D () C:\Program Files\VS Revo Group
2014-06-04 19:53 - 2012-05-30 05:57 - 00000008 __RSH () C:\Users\AdminS\ntuser.pol
2014-06-04 19:53 - 2010-12-27 17:00 - 00000000 ____D () C:\Users\AdminS
2014-06-04 19:49 - 2009-07-14 04:37 - 00000000 ___HD () C:\Windows\system32\GroupPolicy
2014-06-04 19:48 - 2014-06-04 19:55 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\AdminS\Desktop\revosetup95.exe
2014-06-02 21:04 - 2014-06-02 21:04 - 00001096 _____ () C:\Users\Public\Desktop\Kaspersky Internet Security.lnk
2014-06-02 21:04 - 2014-06-02 21:04 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kaspersky Internet Security
2014-06-02 21:03 - 2014-06-02 21:03 - 00000000 ____D () C:\Windows\ELAMBKUP
2014-06-02 21:03 - 2014-06-02 21:03 - 00000000 ____D () C:\Program Files\Kaspersky Lab
2014-06-02 20:15 - 2014-06-02 20:15 - 00024362 _____ () C:\Users\AdminS\Desktop\Addition.txt
2014-05-30 11:10 - 2010-05-11 20:42 - 00000000 ____D () C:\Elster
2014-05-30 10:56 - 2014-05-30 10:51 - 00033280 ___SH () C:\Users\Public\Thumbs.db
2014-05-30 10:50 - 2011-05-26 21:22 - 00000000 ____D () C:\temp
2014-05-29 23:15 - 2014-05-29 23:15 - 00000000 ____D () C:\aaavirus
2014-05-29 13:13 - 2013-11-02 19:09 - 00000000 ____D () C:\Users\micha\AppData\Roaming\TV-Browser
2014-05-27 18:39 - 2012-04-10 10:18 - 00692400 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2014-05-27 18:39 - 2011-09-07 09:40 - 00070832 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2014-05-25 17:44 - 2014-05-25 17:43 - 00000000 ____D () C:\Users\micha\Downloads\KAZ
2014-05-25 12:48 - 2012-10-25 19:20 - 00000680 __RSH () C:\Users\sabin\ntuser.pol
2014-05-25 12:48 - 2010-12-27 17:08 - 00000000 ____D () C:\Users\sabin
2014-05-22 15:06 - 2012-12-02 13:00 - 00000680 __RSH () C:\Users\Sofie\ntuser.pol
2014-05-22 15:06 - 2012-12-02 13:00 - 00000000 ____D () C:\Users\Sofie
2014-05-18 21:05 - 2014-05-18 21:05 - 00008704 _____ () C:\Users\micha\Desktop\AG-Zuschuss.xls
2014-05-16 20:40 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\rescache
2014-05-16 20:00 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\Microsoft.NET
2014-05-16 19:46 - 2014-05-06 20:40 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-05-16 19:45 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\system32\de-DE
2014-05-15 20:52 - 2013-10-06 17:16 - 00000000 ____D () C:\Windows\system32\MRT
2014-05-15 20:49 - 2011-01-30 11:30 - 90547776 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-05-12 07:26 - 2014-06-08 11:54 - 00051928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-05-12 07:25 - 2014-06-08 11:54 - 00074456 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-05-12 07:25 - 2014-06-08 11:54 - 00023256 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-05-11 20:30 - 2011-02-13 10:22 - 00000000 ____D () C:\Users\micha\Documents\mibosoft
2014-05-11 20:14 - 2011-01-09 14:05 - 00000000 ____D () C:\Users\micha\.gimp-2.6
2014-05-11 20:13 - 2014-05-11 20:13 - 00005871 _____ () C:\Users\micha\.recently-used.xbel
2014-05-11 20:13 - 2011-01-17 20:07 - 00000000 ____D () C:\Users\micha\AppData\Roaming\gtk-2.0
2014-05-11 20:07 - 2014-05-11 20:07 - 00000042 _____ () C:\Users\micha\.gtk-bookmarks
2014-05-11 18:19 - 2014-05-11 18:19 - 00000000 __SHD () C:\Users\micha\AppData\Local\EmieUserList
2014-05-11 18:19 - 2014-05-11 18:19 - 00000000 __SHD () C:\Users\micha\AppData\Local\EmieSiteList
2014-05-11 16:55 - 2012-02-19 18:41 - 00000085 _____ () C:\Users\micha\Documents\adac.txt
2014-05-11 16:38 - 2014-05-11 16:38 - 00001141 _____ () C:\Users\AdminS\Desktop\Desinstaller_HOSTS_Anti-PUPs.lnk
2014-05-11 16:38 - 2014-05-11 16:38 - 00000000 ____D () C:\Program Files\Hosts_Anti_Adwares_PUPs
2014-05-11 16:01 - 2014-05-09 21:01 - 00000063 _____ () C:\Users\AdminS\AppData\Roaming\WB.CFG
Some content of TEMP:
====================
C:\Users\AdminS\AppData\Local\Temp\Quarantine.exe
==================== Bamital & volsnap Check =================
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2014-06-02 20:55
==================== End Of Log ============================
--- --- --- --- --- --- Aber nachwievor ist das Laptop ausgebremst von svchost.exe/Netzwerkdiesnt ... Grüße, Mibo's |
|
10.06.2014, 18:32
| #14 |
| /// the machine /// TB-Ausbilder | svchost /User NETZWERKDIENST belegt konstant 50% der CPU Java und Thunderbird updaten. Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster. Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument Code:
ATTFilter Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
ProcessExplorer als Ersatz für den Windows Taskmanager installieren Lade Dir den Process Explorer als Ersatz für den Taskmanager herunter und installiere ihn, hier findest Du eine Anleitung. Das ist ein wesentlich leistungsfähigerer Ersatz für den Windows-Taskmanager. Im Menü unter "Options" kannst Du den ProcessExplorer dauerhaft als Ersatz für den Taskmanager einrichten (Replace Taskmanager). Das ist sehr empfehlenswert, weil der ProcessExplorer erheblich mehr Funktionen als der Taskmanager hat. Wenn Du diese Einstellung gemacht hast, öffnet sich mit der Tastenkombination STRG + ALT + Entf. nicht mehr der Taskmanager, sondern der ProcessExplorer. Das kann jederzeit durch Abhaken dieser Einstellung wieder rückgängig gemacht werden. Was wir jetzt konkret brauchen: In jeder Zeile steht ein Prozess, ein paar der Zeilen sind keine richtigen Prozesse, sondern nur Pseudoprozesse für die Tätigkeit des Windos-Kernels. Im Menü View => Select Columns wird ein Dialog geöffnet, in dem Du auswählen kannst, welche Spalten mit Informationen zu den Prozessen angezeigt werden sollen. In dem gehe in das Register "Process Performance" und stelle sicher, dass dort "CPU Usage" angehakt ist, "CPU History" wäre ebenfalls sinnvoll. Unter "CPU Usage" wird der aktuelle Wert der Prozessorauslastung für jeden Prozess angezeigt (im Tabellentitel steht nur kurz "CPU"), "CPU History" blendet für jeden Prozess ein Diagramm ein, das eine Kurve mit der Prozessorauslastung für die letzte Zeit anzeigt. Damit sollte es Dir möglich sein, zu identifizieren, welcher Prozess Deine CPU in Trab hält. Mache einen Doppelklick auf den Prozess. Du kannst von dem ganzen auch einen Screenshot machen und ihn als Anhang mit Deiner Antwort hochladen (auf "Erweitert" unter dem Textfeld klicken und über "Anhänge verwalten" auf Deinem Rechner suchen lassen und über "Hochladen" anhängen).
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
11.06.2014, 20:35
| #15 |
| | svchost /User NETZWERKDIENST belegt konstant 50% der CPU Hallo Schrauber! Java habe ich akzualisert, Thunderbird noch nicht (benutze ich gerade gar nicht). Hier das Fixlog: Code:
ATTFilter Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version:11-06-2014 01
Ran by AdminS at 2014-06-11 20:30:43 Run:2
Running from C:\Users\AdminS\Desktop
Boot Mode: Normal
==============================================
Content of fixlist:
*****************
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
*****************
"C:\Windows\System32\Drivers\etc\hosts" => Could not move.
Could not reset Hosts.
==== End of Fixlog ====
Ich habe dort nichts zu 'Process Explorer" gefunden. Ich habe dann von Chip einen ProcessExplorer16.02 heruntergeladen, den musste man nicht installieren (hoffentlich schimpfst Du jetzt nicht...). Aber eine Hardcopy von dem Prozess habe ich gezogen und als Bild hier angehängt. Leider sieht man den User dieses Prozesses nicht. Aber jetzt (nach ca. 15 Minuten) ist der Pozess unter 1% CPU zurückgegangen und die Kiste läuft wieder in alter Frische! Aber wenn ich runter und wieder hochfahre, ist er wieder mit seine 50% CPU abzocke da. Grüße, Mibo's |
|
Revo Uninstaller herunter.
dann auf 
und dann auf 
.
Linear-Darstellung
