| |
| |||||||
Log-Analyse und Auswertung: Virus Application.SearchProtect.J (EngineA)Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
15.07.2014, 09:41
| #6 |
 |  Virus Application.SearchProtect.J (EngineA) Hallo Matthias, Hier das Ergebnis von Fixlog: Code:
ATTFilter
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 14-07-2014
Ran by Gnuj at 2014-07-14 22:42:40 Run:1
Running from C:\Users\Gnuj\Desktop
Boot Mode: Normal
==============================================
Content of fixlist:
*****************
start
Task: {2D71BCE5-2BAF-47B5-928E-2E429F787D63} - System32\Tasks\Math Problem Solver CPU => C:\Users\Gnuj\AppData\Local\Math Problem Solver\cpu\Solve.exe [2014-01-23] () <==== ATTENTION
Task: {335C4FD5-E7D7-46F0-AE52-3C4A8756A91E} - System32\Tasks\Math Problem Solver GPU => C:\Users\Gnuj\AppData\Local\Math Problem Solver\gpu\dummysleep.exe [2014-05-11] () <==== ATTENTION
Task: {34686CFF-AFC1-45F6-A7E7-B152EE716C13} - System32\Tasks\Math Problem Solver Optimize => C:\Users\Gnuj\AppData\Local\Math Problem Solver\Optimize.exe [2014-01-20] () <==== ATTENTION
C:\Users\Gnuj\AppData\Local\Math Problem Solver
Reboot:
end
*****************
'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{2D71BCE5-2BAF-47B5-928E-2E429F787D63}' => Key deleted successfully.
'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{2D71BCE5-2BAF-47B5-928E-2E429F787D63}' => Key deleted successfully.
C:\Windows\System32\Tasks\Math Problem Solver CPU => Moved successfully.
'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Math Problem Solver CPU' => Key deleted successfully.
'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{335C4FD5-E7D7-46F0-AE52-3C4A8756A91E}' => Key deleted successfully.
'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{335C4FD5-E7D7-46F0-AE52-3C4A8756A91E}' => Key deleted successfully.
C:\Windows\System32\Tasks\Math Problem Solver GPU => Moved successfully.
'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Math Problem Solver GPU' => Key deleted successfully.
'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{34686CFF-AFC1-45F6-A7E7-B152EE716C13}' => Key deleted successfully.
'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{34686CFF-AFC1-45F6-A7E7-B152EE716C13}' => Key deleted successfully.
C:\Windows\System32\Tasks\Math Problem Solver Optimize => Moved successfully.
'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Math Problem Solver Optimize' => Key deleted successfully.
C:\Users\Gnuj\AppData\Local\Math Problem Solver => Moved successfully.
The system needed a reboot.
==== End of Fixlog ====
Code:
ATTFilter
ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=9998c4da9157d04d8f410101b364da50
# engine=15907
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2013-11-16 10:38:45
# local_time=2013-11-16 11:38:45 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=5893 16776574 100 94 10985880 136228175 0 0
# scanned=345385
# found=2
# cleaned=0
# scan_time=7742
sh=DE65BEDE7D1DB30B18E1C93ABD831FABC3E4305A ft=1 fh=3628295ec7f21e0d vn="probably unknown NewHeur_PE virus" ac=I fn="C:\Program Files (x86)\voks\vPStart.exe"
sh=D21006747ED2AFFD4E3A4CB0DFFD6C6030965750 ft=1 fh=c74f7ccb8a44fe6d vn="probably unknown NewHeur_PE virus" ac=I fn="C:\Program Files (x86)\voks\vPStartHSO.exe"
ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7623
# api_version=3.0.2
# EOSSerial=9998c4da9157d04d8f410101b364da50
# engine=19172
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2014-07-14 11:19:52
# local_time=2014-07-15 01:19:52 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1031
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode_1=''
# compatibility_mode=5893 16776574 100 94 31767547 157009842 0 0
# scanned=416284
# found=15
# cleaned=0
# scan_time=7489
sh=B57FC16A207A23BE246DBB958EFF8CA80D9ABA20 ft=1 fh=f31e5e7835b4a83f vn="Variante von Win32/Conduit.SearchProtect.H evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\SearchProtect\Main\bin\CltMngSvc.exe.vir"
sh=561869CA7ECC6868794A4AB724104E49718B1B04 ft=1 fh=645f3e001791a87c vn="möglicherweise Variante von Win32/Conduit.SearchProtect.H evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\SearchProtect\Main\bin\SPTool.dll.vir"
sh=E26341069187332C55F4E5DC3DEB99EB4DFFA8A9 ft=1 fh=48600f80b4b84481 vn="Variante von Win32/ClientConnect.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\SearchProtect\Main\bin\uninstall.exe.vir"
sh=9D9DB32AA1744DB97BE1104CEC030F015A130DBE ft=1 fh=581d11a19d960bba vn="Variante von Win32/Conduit.SearchProtect.I evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\SearchProtect\SearchProtect\bin\cltmng.exe.vir"
sh=262F212F142C9A7678C154F7B492D40CB02639EC ft=1 fh=fa270f540b0226ab vn="Variante von Win32/ClientConnect.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\SearchProtect\SearchProtect\bin\SPTool64.exe.vir"
sh=409D38DC8467CBE7BD8FB4DFB8EE90B14073E695 ft=1 fh=d8fbd6495c15a06a vn="Variante von Win32/Conduit.SearchProtect.H evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\SearchProtect\SearchProtect\bin\SPVC32.dll.vir"
sh=6663199FBE0C7713BEF13F8C21B29B91B220982B ft=1 fh=2246bdc4f33ca438 vn="Variante von Win32/ClientConnect.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\SearchProtect\SearchProtect\bin\SPVC32Loader.dll.vir"
sh=900417D2E0F2C639C8E212A3F80FC512AE683FF6 ft=1 fh=216173f9cb07dd20 vn="Variante von Win32/ClientConnect.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\SearchProtect\SearchProtect\bin\SPVC64.dll.vir"
sh=7C94F7451DBA14CA1768EEF81AF068E3452ECD78 ft=1 fh=2dfd5eba8afb3900 vn="Variante von Win32/ClientConnect.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\SearchProtect\SearchProtect\bin\SPVC64Loader.dll.vir"
sh=94ADB3426066440ADBD84F33DCDA8D8DFE63EB81 ft=1 fh=3600bd83a4e13a40 vn="Variante von Win32/ClientConnect.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\SearchProtect\UI\bin\cltmngui.exe.vir"
sh=3136AF5C7246CE25D8CB341C4672D0A78DDE142E ft=1 fh=c84688290be7c915 vn="möglicherweise unbekannter Virus NewHeur_PE Virus" ac=I fn="C:\Program Files (x86)\voks\vPStart.exe"
sh=996899EF5F83DE7A31898AA04F440D636A7490D0 ft=1 fh=ef6062ece967cb5b vn="möglicherweise unbekannter Virus NewHeur_PE Virus" ac=I fn="C:\Program Files (x86)\voks\vPStartHSO.exe"
sh=C1BC7708F1F45981D071D975DF1373B1778815AA ft=1 fh=b74f9f78e5f6fe74 vn="Variante von Win32/OutBrowse.D evtl. unerwünschte Anwendung" ac=I fn="C:\Test\Programminstallationen\free_vlc_player_setup.exe"
sh=F6D6E2A45E716AE42323D7E972B1A9504EB32A5F ft=1 fh=efce469d230090e4 vn="Win32/Systweak evtl. unerwünschte Anwendung" ac=I fn="C:\Test\Programminstallationen\rcpsetup_3335_new.exe"
sh=E7C68400464249FEA8DAF6A8A142CE587B3F6FA0 ft=1 fh=66760c6426c4084e vn="möglicherweise Variante von Win32/Toolbar.SearchSuite.J evtl. unerwünschte Anwendung" ac=I fn="C:\Users\******\Downloads\jZipSetup.exe"
Eine festgestellte Auffälligkeit: Windows Defender ist deaktiviert. Soll Windows Defender aktiviert werden? Ich verwende GData Antivirus. Hier das Ergebnis von SecurityCheck: Code:
ATTFilter Results of screen317's Security Check version 0.99.85 Windows 7 Service Pack 1 x64 (UAC is enabled) Internet Explorer 11 ``````````````Antivirus/Firewall Check:`````````````` G Data AntiVirus Antivirus up to date! `````````Anti-malware/Other Utilities Check:````````` Java 7 Update 55 Java version out of Date! Adobe Flash Player 14.0.0.145 Adobe Reader XI Mozilla Firefox (30.0) Mozilla Thunderbird (24.2.0) Google Chrome 35.0.1916.114 Google Chrome 35.0.1916.153 ````````Process Check: objlist.exe by Laurent```````` Malwarebytes Anti-Malware mbamservice.exe Malwarebytes Anti-Malware mbam.exe Malwarebytes Anti-Malware mbamscheduler.exe `````````````````System Health check````````````````` Total Fragmentation on Drive C: ````````````````````End of Log`````````````````````` Hier das Ergebnis von FRST: FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 14-07-2014 Ran by ******* (administrator) on PC01 on 15-07-2014 09:29:14 Running from C:\Users\*******\Desktop Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: Deutsch (Deutschland) Internet Explorer Version 11 Boot Mode: Normal ==================== Processes (Whitelisted) ================= (HP) C:\Program Files (x86)\HP SimplePass 2011\TrueSuiteService.exe (G Data Software AG) C:\Program Files (x86)\Common Files\G Data\GDScan\GDScan.exe (G Data Software AG) C:\Program Files (x86)\G Data\AVK\AVKWCtlX64.exe (AMD) C:\Windows\System32\atiesrxx.exe (Sandboxie Holdings, LLC) C:\Program Files\Sandboxie\SbieSvc.exe (VETAD eG) C:\VETAD\SYSTEM\Vetad.Framework.RemoteServiceModel.GenericService2010.exe (Acronis) C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe (Acronis) C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe (G Data Software AG) C:\Program Files (x86)\G Data\AVK\AVK.exe (G Data Software AG) C:\Program Files (x86)\Common Files\G Data\AVKProxy\AVKProxy.exe (VETAD eG) C:\VETAD\PROGRAMM\Install\DvInesASDSvc.Exe (VETAD eG) C:\VETAD\SYSTEM\Vetad.Framework.RemoteServiceModel.GenericService2010.exe (VETAD eG) C:\VETAD\PROGRAMM\B0001442\PSNTServ.exe (VETAD eG) C:\VETAD\PROGRAMM\B0000150\ScServer\DVckService.exe (Firebird Project) C:\Program Files\Firebird\Firebird_2_1\bin\fbguard.exe (SafeNet Inc.) C:\Windows\System32\hasplms.exe () C:\Program Files (x86)\Efuah\iDesk\iDeskService\ideskservice.exe (Intel Corporation) C:\Windows\System32\IPROSetMonitor.exe (Intel Corporation) C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe (KOBIL Systems GmbH) C:\VETAD\PROGRAMM\B0000404\msdisrv.exe (Efuah Mediengruppe) C:\Program Files (x86)\Efuah\iDesk\iDeskService\ideskpython.exe (Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe (Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe (Nuance Communications, Inc.) C:\Program Files (x86)\Nuance\PDF Professional 7\PDFProFiltSrv.exe (Protexis Inc.) C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe (VETAD eG) C:\VETAD\PROGRAMM\B0000398\SiPaHostService.exe (Acronis) C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE (AMD) C:\Windows\System32\atieclxx.exe (Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe (HP) C:\Program Files (x86)\HP SimplePass 2011\TouchControl.exe (HP) C:\Program Files (x86)\HP SimplePass 2011\BioMonitor.exe (VETAD eG) C:\VETAD\PROGRAMM\Install\DvInesASDMon.Exe (VETAD eG) C:\VETAD\SYSTEM\Vetad.Framework.RemoteServiceModel.GenericService2010.exe (Firebird Project) C:\Program Files\Firebird\Firebird_2_1\bin\fbserver.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe (Acresso Corporation) C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe (Sandboxie Holdings, LLC) C:\Program Files\Sandboxie\SbieCtrl.exe () C:\VETAD\PROGRAMM\A0000007\DHNC.exe (VETAD eG) C:\VETAD\SYSTEM\RzpjWtch.exe (G Data Software AG) C:\Program Files (x86)\G Data\AVK\AVK.exe (Nuance Communications, Inc.) C:\Program Files (x86)\Nuance\PDF Professional 7\PdfPro7Hook.exe (Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe (Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (Lotus Development Corporation) C:\lotus\organize\easyclip6.exe (Brother Industries, Ltd.) C:\Program Files (x86)\Brother\ControlCenter3\BrccMCtl.exe (VETAD eG) C:\VETAD\PROGRAMM\B0000398\SiPaHost.exe (ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe (VETAD eG) C:\VETAD\SYSTEM\Vetad.Framework.RemoteServiceModel.GenericService2010.exe (VETAD eG) C:\VETAD\PROGRAMM\DFUEISDN\SSLClt\sslclt.exe (VETADeG) C:\VETAD\PROGRAMM\B0000299\AS\as.exe (VETADeG) C:\VETAD\PROGRAMM\B0000299\AS\as.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PrivacyIconCL.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe (Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe (InterVideo) C:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE (G Data Software AG) C:\Program Files (x86)\Common Files\G Data\AVKProxy\AVKBap64.exe (Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE (Microsoft Corporation) C:\Windows\splwow64.exe ==================== Registry (Whitelisted) ================== HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [11660904 2010-11-30] (Realtek Semiconductor) HKLM\...\Run: [ApplyEsf-eDocPrintPro] => C:\Program Files\Common Files\MAYComputer\eDocPrintPro\ApplyEsf.exe [443392 2013-04-01] (May Software) HKLM-x32\...\Run: [IMSS] => C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe [112152 2011-01-17] (Intel Corporation) HKLM-x32\...\Run: [AVK CL] => C:\Program Files (x86)\G Data\AVK\AVK.exe [1800696 2012-02-28] (G Data Software AG) HKLM-x32\...\Run: [BCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation) HKLM-x32\...\Run: [PDFHook] => C:\Program Files (x86)\Nuance\PDF Professional 7\pdfpro7hook.exe [1275168 2010-10-16] (Nuance Communications, Inc.) HKLM-x32\...\Run: [PDF7 Registry Controller] => C:\Program Files (x86)\Nuance\PDF Professional 7\RegistryController.exe [121120 2010-10-16] (Nuance Communications, Inc.) HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [636032 2012-03-09] (Advanced Micro Devices, Inc.) HKLM-x32\...\Run: [AMD AVT] => C:\Program Files (x86)\AMD AVT\bin\kdbsync.exe [10752 2012-01-31] () HKLM-x32\...\Run: [BrMfcWnd] => C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe [1159168 2009-05-26] (Brother Industries, Ltd.) HKLM-x32\...\Run: [ControlCenter3] => C:\Program Files (x86)\Brother\ControlCenter3\brctrcen.exe [114688 2008-12-24] (Brother Industries, Ltd.) HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated) HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation) HKLM-x32\...\Run: [Vetad.CC.ControllerUserMode] => C:\VETAD\PROGRAMM\RZKOMM\Vetad.CC.Processes.Cmd.exe [32808 2013-12-23] (VETAD eG) HKLM-x32\...\Run: [Vetad.CC.Clear] => C:\VETAD\PROGRAMM\RZKOMM\Vetad.CC.Processes.Cmd.exe [32808 2013-12-23] (VETAD eG) HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-09-13] (Apple Inc.) HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-01-17] (Apple Inc.) HKLM-x32\...\Run: [SiPaHost] => C:\VETAD\PROGRAMM\B0000398\SiPaHost.exe [556584 2013-03-21] (VETAD eG) HKLM\...\RunOnce: [NCPluginUpdater] - "C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe" Update [21720 2014-06-27] (Hewlett-Packard) Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation) HKLM\...\Policies\Explorer: [NoWelcomeScreen] 1 HKU\S-1-5-21-3819896947-3942532061-1754202372-1137\...\Run: [ISUSPM] => C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe [222496 2009-05-05] (Acresso Corporation) HKU\S-1-5-21-3819896947-3942532061-1754202372-1137\...\Run: [SandboxieControl] => C:\Program Files\Sandboxie\SbieCtrl.exe [759496 2014-01-17] (Sandboxie Holdings, LLC) HKU\S-1-5-21-3819896947-3942532061-1754202372-1137\...\Policies\Explorer: [LinkResolveIgnoreLinkInfo] 1 Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Basisschnittstelle Office Initialisierung.lnk ShortcutTarget: Basisschnittstelle Office Initialisierung.lnk -> C:\VETAD\PROGRAMM\BSoffice\service\OfficeDiag.exe (VETAD eG) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\CleanupPrintJobs.lnk ShortcutTarget: CleanupPrintJobs.lnk -> C:\VETAD\PROGRAMM\B0001401\CleanupPrintJobs.exe (VETAD eG) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\VETAD-Hinweis Mitteilungsdienst.lnk ShortcutTarget: VETAD-Hinweis Mitteilungsdienst.lnk -> C:\VETAD\PROGRAMM\A0000007\DHNC.exe () Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\PhraseExpress.lnk ShortcutTarget: PhraseExpress.lnk -> C:\Program Files (x86)\PhraseExpress\phraseexpress.exe (Bartels Media GmbH) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\RZ-Druckertreiber V.2.3.lnk ShortcutTarget: RZ-Druckertreiber V.2.3.lnk -> C:\VETAD\SYSTEM\RzpjWtch.exe (VETAD eG) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\SkyUserDevmode-Update.lnk ShortcutTarget: SkyUserDevmode-Update.lnk -> C:\VETAD\PROGRAMM\B0001401\UpdateDevmode.exe (VETAD eG) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\VR-NetWorld Auftragsprüfung.lnk ShortcutTarget: VR-NetWorld Auftragsprüfung.lnk -> C:\Program Files (x86)\VR-NetWorld\VRToolCheckOrder.exe (VR-NetWorld Software) Startup: C:\Users\*******\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma.lnk ShortcutTarget: Adobe Gamma.lnk -> C:\Program Files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.) Startup: C:\Users\*******\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Lotus Organizer EasyClip.lnk ShortcutTarget: Lotus Organizer EasyClip.lnk -> C:\lotus\organize\easyclip6.exe (Lotus Development Corporation) Startup: C:\Users\*******\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\PhraseExpress Diagnose-Modus.lnk ShortcutTarget: PhraseExpress Diagnose-Modus.lnk -> C:\Program Files (x86)\PhraseExpress\phraseexpress.exe (Bartels Media GmbH) ShellIconOverlayIdentifiers: SkyDrive1 -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => No File ShellIconOverlayIdentifiers: SkyDrive2 -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => No File ShellIconOverlayIdentifiers: SkyDrive3 -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => No File ShellIconOverlayIdentifiers-x32: SkyDrive1 -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => No File ShellIconOverlayIdentifiers-x32: SkyDrive2 -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => No File ShellIconOverlayIdentifiers-x32: SkyDrive3 -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => No File ==================== Internet (Whitelisted) ==================== HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe SearchScopes: HKLM - DefaultScope value is missing. SearchScopes: HKLM-x32 - DefaultScope value is missing. SearchScopes: HKCU - DefaultScope {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage} SearchScopes: HKCU - {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage} BHO: DtvIePwdSafeBHO Class - {6EF6B546-25FB-455B-801F-FDB3B3D39F9E} - C:\VETAD\PROGRAMM\B0000397\DtvIePwdSafe64.dll (VETAD eG) BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation) BHO: TrueSuite Website Log On - {8590886E-EC8C-43C1-A32C-E4C2B0B6395B} - C:\Program Files (x86)\HP SimplePass 2011\x64\IEBHO.dll (HP) BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) BHO: SCardBHOEvent Class - {AF8CD625-E04A-4A8F-A90A-0C74846C2E30} - C:\VETAD\SYSTEM\DVCCSASCardBHO64002.Dll (VETAD eG) BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) BHO: HP Network Check Helper - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll (Hewlett-Packard) BHO-x32: PlusIEEventHelper Class - {551A852F-39A6-44A7-9C13-AFBEC9185A9D} - C:\Program Files (x86)\Nuance\PDF Professional 7\Bin\PlusIEContextMenu.dll (Zeon Corporation) BHO-x32: DtvIePwdSafeBHO Class - {6EF6B546-25FB-455B-801F-FDB3B3D39F9E} - C:\VETAD\PROGRAMM\B0000397\DtvIePwdSafe.dll (VETAD eG) BHO-x32: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation) BHO-x32: TrueSuite Website Log On - {8590886E-EC8C-43C1-A32C-E4C2B0B6395B} - C:\Program Files (x86)\HP SimplePass 2011\IEBHO.dll (HP) BHO-x32: Microsoft-Konto-Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) BHO-x32: SCardBHOEvent Class - {AF8CD625-E04A-4A8F-A90A-0C74846C2E30} - C:\VETAD\SYSTEM\DVCCSAScardBHO002.dll (VETAD eG) BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) BHO-x32: ZeonIEEventHelper Class - {DA986D7D-CCAF-47B2-84FE-BFA1549BEBF9} - C:\Program Files (x86)\Nuance\PDF Professional 7\Bin\ZeonIEFavCL.dll (Zeon Corporation) BHO-x32: HP Network Check Helper - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard) Toolbar: HKLM-x32 - Nuance PDF - {E3286BF1-E654-42FF-B4A6-5E111731DF6B} - C:\Program Files (x86)\Nuance\PDF Professional 7\Bin\ZeonIEFavCL.dll (Zeon Corporation) DPF: HKLM {4871A87A-BFDD-4106-8153-FFDE2BAC2967} hxxp://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex64-2.2.6.0.cab DPF: HKLM-x32 {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} hxxp://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab DPF: HKLM-x32 {15BE8BEE-4105-4A79-B385-25068AA967DB} hxxp://de1.iradiopop.com/IRD/pages/VBIMDPlayer.CAB Handler: Efuahreader - No CLSID Value - Handler: ipp\0x00000001 - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - No File Handler-x32: Efuahreader - No CLSID Value - Handler-x32: http\0x00000001 - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) Handler-x32: http\oledb - {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) Handler-x32: https\0x00000001 - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) Handler-x32: https\oledb - {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) Handler-x32: ipp\0x00000001 - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) Handler-x32: msdaipp\0x00000001 - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) Handler-x32: msdaipp\oledb - {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) Tcpip\Parameters: [DhcpNameServer] 192.168.199.10 FireFox: ======== FF ProfilePath: C:\Users\*******\AppData\Roaming\Mozilla\Firefox\Profiles\rd42lxr8.default FF NewTab: hxxp://www.google.com/ FF SearchEngineOrder.1: Google FF SelectedSearchEngine: Google FF Homepage: hxxp://www.google.com FF Keyword.URL: hxxp://www.google.com/search?btnG=Google+Search&q= FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_14_0_0_145.dll () FF Plugin: @java.com/DTPlugin,version=10.21.2 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation) FF Plugin: @microsoft.com/GENUINE - disabled No File FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation) FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_145.dll () FF Plugin-x32: @Vetad.de/VETAD_BestellManager,version=1.7 - C:\VETAD\PROGRAMM\A0000015\npdvbm.dll ( VETAD eG) FF Plugin-x32: @microsoft.com/GENUINE - disabled No File FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation) FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MIF5BA~1\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MIF5BA~1\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3508.0205 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF Plugin-x32: ZEON/PDF,version=2.0 - C:\Program Files (x86)\Nuance\PDF Professional 7\bin\nppdf.dll (Zeon Corporation) FF SearchPlugin: C:\Users\*******\AppData\Roaming\Mozilla\Firefox\Profiles\rd42lxr8.default\searchplugins\englische-ergebnisse.xml FF SearchPlugin: C:\Users\*******\AppData\Roaming\Mozilla\Firefox\Profiles\rd42lxr8.default\searchplugins\gmx-suche.xml FF SearchPlugin: C:\Users\*******\AppData\Roaming\Mozilla\Firefox\Profiles\rd42lxr8.default\searchplugins\lastminute.xml FF SearchPlugin: C:\Users\*******\AppData\Roaming\Mozilla\Firefox\Profiles\rd42lxr8.default\searchplugins\webde-suche.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml FF Extension: WEB.DE MailCheck - C:\Users\*******\AppData\Roaming\Mozilla\Firefox\Profiles\rd42lxr8.default\Extensions\toolbar@web.de [2014-07-10] FF Extension: Adblock Plus - C:\Users\*******\AppData\Roaming\Mozilla\Firefox\Profiles\rd42lxr8.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2013-04-03] FF Extension: TrueSuite Website Logon - C:\Program Files (x86)\Mozilla Firefox\extensions\websitelogon@truesuite.com [2014-06-23] Chrome: ======= Error reading preferences. Please check "preferences" file for possible corruption. <======= ATTENTION CHR Extension: (Docs) - C:\Users\*******\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-04-26] CHR Extension: (Google Drive) - C:\Users\*******\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-04-26] CHR Extension: (YouTube) - C:\Users\*******\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-04-26] CHR Extension: (Google Search) - C:\Users\*******\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-04-26] CHR Extension: (Website Logon) - C:\Users\*******\AppData\Local\Google\Chrome\User Data\Default\Extensions\dfaldikcoaplhepekpbngkepfcoiihef [2013-04-26] CHR Extension: (Gmail) - C:\Users\*******\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-04-26] CHR HKLM-x32\...\Chrome\Extension: [dfaldikcoaplhepekpbngkepfcoiihef] - C:\Program Files (x86)\HP SimplePass 2011\tschrome.crx [2011-08-22] ==================== Services (Whitelisted) ================= S3 Adobe LM Service; C:\Program Files (x86)\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [72704 2014-05-01] (Adobe Systems) [File not signed] R2 AntiVirusKit CL; C:\Program Files (x86)\G Data\AVK\AVK.exe [1800696 2012-02-28] (G Data Software AG) R2 AVKProxy; C:\Program Files (x86)\Common Files\G DATA\AVKProxy\AVKProxy.exe [1501192 2012-02-29] (G Data Software AG) R2 AVKWCtl; C:\Program Files (x86)\G Data\AVK\AVKWCtlX64.exe [2192320 2012-02-28] (G Data Software AG) R2 VETAD Update-Service; C:\VETAD\PROGRAMM\INSTALL\DvInesASDSvc.Exe [161320 2013-08-02] (VETAD eG) R2 Vetad.CC.Processes.Hosting.RdtServiceMode; C:\VETAD\SYSTEM\Vetad.Framework.RemoteServiceModel.GenericService2010.exe [7208 2013-12-05] (VETAD eG) R2 Vetad.Framework.RemoteServiceModel.EnablerService; C:\VETAD\SYSTEM\Vetad.Framework.RemoteServiceModel.GenericService2010.exe [7208 2013-12-05] (VETAD eG) R3 Vetad.Framework.RemoteServices; C:\VETAD\SYSTEM\Vetad.Framework.RemoteServiceModel.GenericService2010.exe [7208 2013-12-05] (VETAD eG) S3 Vetad.Irw.ServiceProvider.HostXcut.Server; C:\VETAD\SYSTEM\Vetad.Framework.RemoteServiceModel.GenericService2010.exe [7208 2013-12-05] (VETAD eG) R2 VetadPrintService; C:\VETAD\PROGRAMM\B0001442\PSNTSERV.EXE [185856 2013-09-02] (VETAD eG) [File not signed] S4 DBService; C:\Program Files (x86)\Common Files\DATA BECKER Shared\DBService.exe [187456 2012-12-16] (DATA BECKER GmbH & Co KG) [File not signed] S4 DfueSammlerDienst; C:\VETAD\PROGRAMM\RZKOMM\Vetad.CC.Processes.Session0Host.exe [9256 2013-12-23] () R2 DVckService; C:\VETAD\PROGRAMM\B0000150\ScServer\DVckService.exe [2706472 2013-07-26] (VETAD eG) R2 FirebirdGuardianDefaultInstance; C:\Program Files\Firebird\Firebird_2_1\bin\fbguard.exe [116224 2012-05-18] (Firebird Project) [File not signed] R3 FirebirdServerDefaultInstance; C:\Program Files\Firebird\Firebird_2_1\bin\fbserver.exe [4035584 2012-05-18] (Firebird Project) [File not signed] S3 GDBackupSvc; C:\Program Files (x86)\G Data\AVK\AVKBackupService.exe [1498616 2012-02-28] (G Data Software AG) R3 GDScan; C:\Program Files (x86)\Common Files\G DATA\GDScan\GDScan.exe [459784 2012-02-29] (G Data Software AG) R2 hasplms; C:\Windows\system32\hasplms.exe [4466120 2013-01-11] (SafeNet Inc.) R2 HP Support Assistant Service; C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [86528 2012-09-27] (Hewlett-Packard Company) [File not signed] R2 HRService; C:\Program Files (x86)\Efuah\iDesk\iDeskService\iDeskService.exe [12800 2013-07-03] () [File not signed] S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [73728 2004-10-22] (Macrovision Corporation) [File not signed] R2 KOBIL_MSDI; C:\VETAD\PROGRAMM\B0000404\msdisrv.exe [137736 2013-03-14] (KOBIL Systems GmbH) R2 MBAMScheduler; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe [1809720 2014-05-12] (Malwarebytes Corporation) R2 MBAMService; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [860472 2014-05-12] (Malwarebytes Corporation) R2 PDFProFiltSrv; C:\Program Files (x86)\Nuance\PDF Professional 7\PDFProFiltSrv.exe [134944 2010-10-16] (Nuance Communications, Inc.) R2 SbieSvc; C:\Program Files\Sandboxie\SbieSvc.exe [187592 2014-01-17] (Sandboxie Holdings, LLC) R2 Sicherheitspaket-Dienst; C:\VETAD\PROGRAMM\B0000398\SiPaHostService.exe [196136 2013-03-21] (VETAD eG) ==================== Drivers (Whitelisted) ==================== R1 avgtp; C:\Windows\system32\drivers\avgtpx64.sys [31080 2012-08-11] (AVG Technologies) R0 GDBehave; C:\Windows\System32\drivers\GDBehave.sys [50552 2012-12-03] (G Data Software AG) R1 GDMnIcpt; C:\Windows\system32\drivers\MiniIcpt.sys [111992 2012-12-03] (G Data Software AG) R1 gdwfpcd; C:\Windows\System32\drivers\gdwfpcd64.sys [65912 2012-12-03] (G Data Software AG) R1 GRD; C:\Windows\system32\drivers\GRD.sys [106648 2012-12-03] (G Data Software) R2 hardlock; C:\Windows\system32\drivers\hardlock.sys [331144 2013-03-11] (SafeNet Inc.) R1 HookCentre; C:\Windows\system32\drivers\HookCentre.sys [53112 2012-12-03] (G Data Software AG) S3 IFCoEMP; C:\Windows\system32\drivers\ifM52x64.sys [339728 2010-08-14] (Intel(R) Corporation) S3 IFCoEVB; C:\Windows\system32\drivers\ifP52X64.sys [65808 2010-08-14] (Intel(R) Corporation) S3 KOBCCEX; C:\Windows\System32\drivers\KOBCCEX.sys [25344 2012-01-03] (KOBIL Systems GmbH) [File not signed] R3 KOBCCID; C:\Windows\System32\drivers\KOBCCID.sys [116864 2012-11-11] (KOBIL Systems GmbH) R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-05-12] (Malwarebytes Corporation) R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [122584 2014-07-15] (Malwarebytes Corporation) R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-05-12] (Malwarebytes Corporation) S3 pmxdrv; C:\Windows\system32\drivers\pmxdrv.sys [31152 2011-12-09] () R3 SbieDrv; C:\Program Files\Sandboxie\SbieDrv.sys [202600 2014-01-17] (Sandboxie Holdings, LLC) R2 SC_SERV3D; C:\Windows\system32\drivers\d3_kafm.sys [84728 2012-07-03] (Vetad eG) R0 vidsflt58; C:\Windows\System32\DRIVERS\vsflt58.sys [142944 2012-10-18] (Acronis) S3 catchme; \??\C:\ComboFix\catchme.sys [X] U0 dmboot; ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2014-07-15 09:29 - 2014-07-15 09:29 - 00027016 _____ () C:\Users\*******\Desktop\FRST.txt 2014-07-15 09:21 - 2014-07-15 09:21 - 00000953 _____ () C:\Users\*******\Desktop\checkup.txt 2014-07-15 08:30 - 2014-07-15 08:30 - 00854390 _____ () C:\Users\*******\Desktop\SecurityCheck.exe 2014-07-14 22:56 - 2014-07-14 22:57 - 02347384 _____ (ESET) C:\Users\*******\Desktop\esetsmartinstaller_deu.exe 2014-07-14 10:49 - 2014-07-14 10:55 - 00000000 ____D () C:\Users\*******\Desktop\CDs 2014-07-14 01:55 - 2014-07-14 01:55 - 00000000 ____D () C:\Users\*******\Desktop\alter Scan von Zoek 2014-07-14 01:08 - 2014-07-14 01:08 - 00000000 ____D () C:\Users\*******\Desktop\FRST-OlderVersion 2014-07-13 20:45 - 2014-07-13 21:09 - 00000000 ____D () C:\zoek_backup 2014-07-13 20:43 - 2014-07-13 20:49 - 01285120 _____ () C:\Users\*******\Desktop\zoek.exe 2014-07-13 20:43 - 2014-05-21 08:36 - 01285120 _____ () C:\Users\*******\Desktop\zoek_alt.exe 2014-07-13 20:41 - 2014-07-13 20:42 - 04095664 _____ () C:\Users\*******\Desktop\zoek.zip 2014-07-11 10:31 - 2014-07-11 10:39 - 00005005 _____ () C:\Users\*******\Desktop\Malwarebytes_Protokoll_fuer_Forum.txt 2014-07-11 10:31 - 2014-07-11 10:31 - 00005005 _____ () C:\Users\*******\Desktop\Malwarebytes_Protokoll.txt 2014-07-11 10:19 - 2012-05-26 18:58 - 00000982 _____ () C:\Users\*******\Desktop\7-Zip File Manager.lnk 2014-07-11 10:03 - 2014-07-11 10:08 - 00003961 _____ () C:\Users\*******\Desktop\AdwCleaner[S0]_fuer_Forum.txt 2014-07-11 08:39 - 2014-07-15 08:08 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2014-07-11 08:38 - 2014-07-11 08:38 - 00001108 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk 2014-07-11 08:38 - 2014-07-11 08:38 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 2014-07-11 08:38 - 2014-07-11 08:38 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 2014-07-11 08:38 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys 2014-07-11 08:38 - 2014-05-12 07:26 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys 2014-07-11 08:38 - 2014-05-12 07:25 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys 2014-07-11 08:33 - 2014-07-11 08:36 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\*******\Desktop\mbam-setup-2.0.2.1012.exe 2014-07-11 01:44 - 2014-07-11 01:37 - 00003961 _____ () C:\Users\*******\Desktop\AdwCleaner[S0].txt 2014-07-10 18:42 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\Windows\SysWOW64\sqlite3.dll 2014-07-10 18:41 - 2014-07-11 01:37 - 00000000 ____D () C:\AdwCleaner 2014-07-10 18:35 - 2014-07-10 18:36 - 01348263 _____ () C:\Users\*******\Desktop\adwcleaner_3.215.exe 2014-07-10 18:21 - 2014-07-10 18:21 - 00012578 _____ () C:\Users\*******\Desktop\Addition_fuer_Forum.7z 2014-07-10 17:05 - 2014-07-10 17:31 - 00005628 _____ () C:\Users\*******\Desktop\GMER_fuer_Forum.log 2014-07-10 17:04 - 2014-07-10 17:04 - 00005628 _____ () C:\Users\*******\Desktop\GMER.log 2014-07-10 16:29 - 2014-07-10 16:29 - 00380416 _____ () C:\Users\*******\Desktop\Gmer-19357.exe 2014-07-10 15:56 - 2014-07-10 16:26 - 00061934 _____ () C:\Users\*******\Desktop\Addition_fuer_Forum_alt.txt 2014-07-10 15:55 - 2014-07-10 16:06 - 00054600 _____ () C:\Users\*******\Desktop\FRST_fuer_Forum_alt.txt 2014-07-10 15:19 - 2014-07-15 09:29 - 00000000 ____D () C:\FRST 2014-07-10 15:09 - 2014-07-14 01:08 - 02086912 _____ (Farbar) C:\Users\*******\Desktop\FRST64.exe 2014-07-10 10:36 - 2014-07-10 10:37 - 00001619 _____ () C:\DelFix.txt 2014-07-09 10:15 - 2014-06-20 22:14 - 00266424 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll 2014-07-09 10:15 - 2014-06-20 21:39 - 00240824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll 2014-07-09 10:15 - 2014-06-19 03:39 - 23464448 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2014-07-09 10:15 - 2014-06-19 03:06 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2014-07-09 10:15 - 2014-06-19 03:06 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll 2014-07-09 10:15 - 2014-06-19 02:48 - 02768384 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2014-07-09 10:15 - 2014-06-19 02:42 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll 2014-07-09 10:15 - 2014-06-19 02:42 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll 2014-07-09 10:15 - 2014-06-19 02:41 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll 2014-07-09 10:15 - 2014-06-19 02:41 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll 2014-07-09 10:15 - 2014-06-19 02:32 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll 2014-07-09 10:15 - 2014-06-19 02:31 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll 2014-07-09 10:15 - 2014-06-19 02:26 - 00598016 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll 2014-07-09 10:15 - 2014-06-19 02:24 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe 2014-07-09 10:15 - 2014-06-19 02:24 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe 2014-07-09 10:15 - 2014-06-19 02:23 - 00752640 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll 2014-07-09 10:15 - 2014-06-19 02:16 - 17276416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2014-07-09 10:15 - 2014-06-19 02:14 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe 2014-07-09 10:15 - 2014-06-19 02:09 - 00452608 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll 2014-07-09 10:15 - 2014-06-19 01:59 - 00038400 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll 2014-07-09 10:15 - 2014-06-19 01:56 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb 2014-07-09 10:15 - 2014-06-19 01:53 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll 2014-07-09 10:15 - 2014-06-19 01:51 - 05721088 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2014-07-09 10:15 - 2014-06-19 01:50 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll 2014-07-09 10:15 - 2014-06-19 01:48 - 00292864 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll 2014-07-09 10:15 - 2014-06-19 01:39 - 00608768 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe 2014-07-09 10:15 - 2014-06-19 01:38 - 00455168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll 2014-07-09 10:15 - 2014-06-19 01:37 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll 2014-07-09 10:15 - 2014-06-19 01:36 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll 2014-07-09 10:15 - 2014-06-19 01:35 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll 2014-07-09 10:15 - 2014-06-19 01:33 - 00631808 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2014-07-09 10:15 - 2014-06-19 01:32 - 02179072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2014-07-09 10:15 - 2014-06-19 01:28 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll 2014-07-09 10:15 - 2014-06-19 01:28 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll 2014-07-09 10:15 - 2014-06-19 01:27 - 02040832 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl 2014-07-09 10:15 - 2014-06-19 01:27 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll 2014-07-09 10:15 - 2014-06-19 01:25 - 00442368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll 2014-07-09 10:15 - 2014-06-19 01:23 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe 2014-07-09 10:15 - 2014-06-19 01:22 - 00592896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll 2014-07-09 10:15 - 2014-06-19 01:12 - 00367616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll 2014-07-09 10:15 - 2014-06-19 01:06 - 00032256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll 2014-07-09 10:15 - 2014-06-19 01:01 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll 2014-07-09 10:15 - 2014-06-19 00:59 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll 2014-07-09 10:15 - 2014-06-19 00:58 - 02266112 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2014-07-09 10:15 - 2014-06-19 00:58 - 00239616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll 2014-07-09 10:15 - 2014-06-19 00:52 - 04254720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll 2014-07-09 10:15 - 2014-06-19 00:51 - 13527040 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2014-07-09 10:15 - 2014-06-19 00:49 - 00526336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll 2014-07-09 10:15 - 2014-06-19 00:46 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll 2014-07-09 10:15 - 2014-06-19 00:45 - 01964544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl 2014-07-09 10:15 - 2014-06-19 00:35 - 11742208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2014-07-09 10:15 - 2014-06-19 00:34 - 01393664 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2014-07-09 10:15 - 2014-06-19 00:15 - 00846336 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll 2014-07-09 10:15 - 2014-06-19 00:13 - 01791488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2014-07-09 10:15 - 2014-06-19 00:09 - 01139200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2014-07-09 10:15 - 2014-06-19 00:07 - 00704512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll 2014-07-09 10:03 - 2014-06-30 04:09 - 00519168 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll 2014-07-09 10:03 - 2014-06-30 04:04 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll 2014-07-09 10:02 - 2014-06-18 04:18 - 00692736 _____ (Microsoft Corporation) C:\Windows\system32\osk.exe 2014-07-09 10:02 - 2014-06-18 03:51 - 00646144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\osk.exe 2014-07-09 10:02 - 2014-06-18 03:10 - 03157504 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys 2014-07-09 09:57 - 2014-06-06 12:10 - 00624128 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll 2014-07-09 09:57 - 2014-06-06 11:44 - 00509440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll 2014-07-09 09:57 - 2014-05-30 10:08 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll 2014-07-09 09:57 - 2014-05-30 10:08 - 00340992 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll 2014-07-09 09:57 - 2014-05-30 10:08 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll 2014-07-09 09:57 - 2014-05-30 10:08 - 00307200 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll 2014-07-09 09:57 - 2014-05-30 10:08 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll 2014-07-09 09:57 - 2014-05-30 10:08 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll 2014-07-09 09:57 - 2014-05-30 10:08 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll 2014-07-09 09:57 - 2014-05-30 09:52 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll 2014-07-09 09:57 - 2014-05-30 09:52 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll 2014-07-09 09:57 - 2014-05-30 09:52 - 00247808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll 2014-07-09 09:57 - 2014-05-30 09:52 - 00220160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll 2014-07-09 09:57 - 2014-05-30 09:52 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll 2014-07-09 09:57 - 2014-05-30 09:52 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll 2014-07-09 09:57 - 2014-05-30 09:52 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll 2014-07-09 09:57 - 2014-05-30 08:45 - 00497152 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys 2014-07-09 09:52 - 2014-06-05 16:45 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll 2014-07-09 09:52 - 2014-06-05 16:26 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll 2014-07-09 09:52 - 2014-06-05 16:25 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll 2014-07-01 13:56 - 2014-07-01 14:06 - 00001283 _____ () C:\Users\*******\Desktop\Word Makro funktionierend.lnk 2014-07-01 09:42 - 2014-07-01 15:27 - 00001283 _____ () C:\Users\*******\Desktop\Word VETAD funktionierend.lnk 2014-06-23 01:11 - 2014-06-23 01:11 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox 2014-06-17 07:38 - 2014-06-17 07:38 - 00002311 _____ () C:\Users\Public\Desktop\Efuah Steu aufrufen.lnk ==================== One Month Modified Files and Folders ======= 2014-07-15 09:29 - 2014-07-15 09:29 - 00027016 _____ () C:\Users\*******\Desktop\FRST.txt 2014-07-15 09:29 - 2014-07-10 15:19 - 00000000 ____D () C:\FRST 2014-07-15 09:26 - 2013-04-26 14:26 - 00001106 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2014-07-15 09:25 - 2012-01-03 12:41 - 00000128 _____ () C:\Windows\system32\config\netlogon.ftl 2014-07-15 09:21 - 2014-07-15 09:21 - 00000953 _____ () C:\Users\*******\Desktop\checkup.txt 2014-07-15 09:16 - 2012-11-14 14:59 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job 2014-07-15 08:30 - 2014-07-15 08:30 - 00854390 _____ () C:\Users\*******\Desktop\SecurityCheck.exe 2014-07-15 08:17 - 2012-01-05 18:13 - 00000000 ___RD () C:\Test 2014-07-15 08:08 - 2014-07-11 08:39 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2014-07-15 04:55 - 2011-12-30 14:49 - 01562347 _____ () C:\Windows\WindowsUpdate.log 2014-07-15 01:26 - 2013-04-26 14:26 - 00001102 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2014-07-14 23:14 - 2011-12-09 00:59 - 00699416 _____ () C:\Windows\system32\perfh007.dat 2014-07-14 23:14 - 2011-12-09 00:59 - 00149556 _____ () C:\Windows\system32\perfc007.dat 2014-07-14 23:14 - 2009-07-14 07:13 - 01620612 _____ () C:\Windows\system32\PerfStringBackup.INI 2014-07-14 23:02 - 2012-08-30 00:18 - 00000000 ____D () C:\Users\*******\Documents\PhraseExpress 2014-07-14 22:57 - 2014-07-14 22:56 - 02347384 _____ (ESET) C:\Users\*******\Desktop\esetsmartinstaller_deu.exe 2014-07-14 22:53 - 2009-07-14 06:45 - 00027568 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2014-07-14 22:53 - 2009-07-14 06:45 - 00027568 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2014-07-14 22:46 - 2012-08-30 23:53 - 00000000 ____D () C:\ProgramData\TEMP 2014-07-14 22:44 - 2012-11-14 18:32 - 00047103 _____ () C:\Windows\setupact.log 2014-07-14 22:44 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2014-07-14 22:22 - 2012-01-03 13:06 - 00000000 ____D () C:\Users\******* 2014-07-14 22:13 - 2012-08-31 10:57 - 00000000 ____D () C:\Users\*******\AppData\Roaming\BOM 2014-07-14 10:55 - 2014-07-14 10:49 - 00000000 ____D () C:\Users\*******\Desktop\CDs 2014-07-14 10:10 - 2012-01-03 13:06 - 00003922 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{71AB425F-8084-4EBF-B2D6-CC14F5A5671F} 2014-07-14 09:36 - 2012-11-14 18:32 - 00494914 _____ () C:\Windows\PFRO.log 2014-07-14 01:55 - 2014-07-14 01:55 - 00000000 ____D () C:\Users\*******\Desktop\alter Scan von Zoek 2014-07-14 01:08 - 2014-07-14 01:08 - 00000000 ____D () C:\Users\*******\Desktop\FRST-OlderVersion 2014-07-14 01:08 - 2014-07-10 15:09 - 02086912 _____ (Farbar) C:\Users\*******\Desktop\FRST64.exe 2014-07-13 21:09 - 2014-07-13 20:45 - 00000000 ____D () C:\zoek_backup 2014-07-13 20:49 - 2014-07-13 20:43 - 01285120 _____ () C:\Users\*******\Desktop\zoek.exe 2014-07-13 20:42 - 2014-07-13 20:41 - 04095664 _____ () C:\Users\*******\Desktop\zoek.zip 2014-07-13 20:40 - 2012-11-06 10:41 - 00000000 ____D () C:\Users\*******\Desktop\Debug_PhraseExpress 2014-07-13 10:01 - 2012-12-11 22:56 - 00003180 _____ () C:\Windows\System32\Tasks\HPCeeScheduleFor******* 2014-07-13 10:01 - 2012-12-11 22:56 - 00000328 _____ () C:\Windows\Tasks\HPCeeScheduleFor*******.job 2014-07-12 00:33 - 2006-01-23 13:41 - 00000000 ____D () C:\ebay 2014-07-11 23:36 - 2012-12-05 22:20 - 00000000 ____D () C:\Program Files (x86)\Mozilla Thunderbird 2014-07-11 10:39 - 2014-07-11 10:31 - 00005005 _____ () C:\Users\*******\Desktop\Malwarebytes_Protokoll_fuer_Forum.txt 2014-07-11 10:31 - 2014-07-11 10:31 - 00005005 _____ () C:\Users\*******\Desktop\Malwarebytes_Protokoll.txt 2014-07-11 10:21 - 2012-05-26 18:58 - 00000000 ____D () C:\Program Files (x86)\7-Zip 2014-07-11 10:08 - 2014-07-11 10:03 - 00003961 _____ () C:\Users\*******\Desktop\AdwCleaner[S0]_fuer_Forum.txt 2014-07-11 08:38 - 2014-07-11 08:38 - 00001108 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk 2014-07-11 08:38 - 2014-07-11 08:38 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 2014-07-11 08:38 - 2014-07-11 08:38 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 2014-07-11 08:38 - 2012-06-13 00:37 - 00000000 ____D () C:\ProgramData\Malwarebytes 2014-07-11 08:36 - 2014-07-11 08:33 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\*******\Desktop\mbam-setup-2.0.2.1012.exe 2014-07-11 01:37 - 2014-07-11 01:44 - 00003961 _____ () C:\Users\*******\Desktop\AdwCleaner[S0].txt 2014-07-11 01:37 - 2014-07-10 18:41 - 00000000 ____D () C:\AdwCleaner 2014-07-10 18:36 - 2014-07-10 18:35 - 01348263 _____ () C:\Users\*******\Desktop\adwcleaner_3.215.exe 2014-07-10 18:21 - 2014-07-10 18:21 - 00012578 _____ () C:\Users\*******\Desktop\Addition_fuer_Forum.7z 2014-07-10 17:31 - 2014-07-10 17:05 - 00005628 _____ () C:\Users\*******\Desktop\GMER_fuer_Forum.log 2014-07-10 17:04 - 2014-07-10 17:04 - 00005628 _____ () C:\Users\*******\Desktop\GMER.log 2014-07-10 16:29 - 2014-07-10 16:29 - 00380416 _____ () C:\Users\*******\Desktop\Gmer-19357.exe 2014-07-10 16:26 - 2014-07-10 15:56 - 00061934 _____ () C:\Users\*******\Desktop\Addition_fuer_Forum_alt.txt 2014-07-10 16:06 - 2014-07-10 15:55 - 00054600 _____ () C:\Users\*******\Desktop\FRST_fuer_Forum_alt.txt 2014-07-10 15:17 - 2006-02-03 20:55 - 00000000 ____D () C:\Programme_noch_pruefen 2014-07-10 12:51 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\rescache 2014-07-10 10:37 - 2014-07-10 10:36 - 00001619 _____ () C:\DelFix.txt 2014-07-10 10:36 - 2013-11-14 02:38 - 00000000 ____D () C:\Windows\ERUNT 2014-07-10 10:22 - 2012-11-10 22:17 - 00000000 ____D () C:\Windows\erdnt 2014-07-10 09:22 - 2009-07-14 06:45 - 00559416 _____ () C:\Windows\system32\FNTCACHE.DAT 2014-07-10 09:20 - 2014-05-07 01:16 - 00000000 ___SD () C:\Windows\system32\CompatTel 2014-07-10 09:20 - 2010-11-21 09:17 - 00000000 ____D () C:\Program Files\Windows Journal 2014-07-10 09:20 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\SysWOW64\Dism 2014-07-10 09:20 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\system32\Dism 2014-07-10 01:33 - 2012-02-19 08:57 - 00000000 ____D () C:\ProgramData\Microsoft Help 2014-07-10 01:31 - 2013-08-14 08:38 - 00000000 ____D () C:\Windows\system32\MRT 2014-07-10 01:29 - 2012-01-02 16:39 - 96441528 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe 2014-07-09 10:17 - 2012-11-14 14:59 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater 2014-07-09 10:16 - 2013-11-24 19:57 - 00699056 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2014-07-09 10:16 - 2012-11-14 14:59 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2014-07-08 22:01 - 2012-01-10 22:41 - 00000000 _____ () C:\Windows\system32\HP_ActiveX_Patch_NOT_DETECTED.txt 2014-07-08 22:01 - 2012-01-03 23:00 - 00000052 _____ () C:\Windows\SysWOW64\DOErrors.log 2014-07-07 23:32 - 2012-01-23 19:44 - 00005823 _____ () C:\Users\*******\AppData\Local\EmptySettings.xml 2014-07-02 20:33 - 2012-01-03 13:42 - 00000526 _____ () C:\Windows\ODBC.INI 2014-07-02 19:58 - 2012-01-03 13:21 - 00000021 _____ () C:\Windows\DvInesKurusOleServer003.INI 2014-07-01 15:27 - 2014-07-01 09:42 - 00001283 _____ () C:\Users\*******\Desktop\Word VETAD funktionierend.lnk 2014-07-01 14:06 - 2014-07-01 13:56 - 00001283 _____ () C:\Users\*******\Desktop\Word Makro funktionierend.lnk 2014-06-30 04:09 - 2014-07-09 10:03 - 00519168 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll 2014-06-30 04:04 - 2014-07-09 10:03 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll 2014-06-28 14:51 - 2012-03-08 09:51 - 00003210 _____ () C:\Windows\System32\Tasks\HPCeeScheduleForPC01$ 2014-06-28 14:51 - 2012-03-08 09:51 - 00000334 _____ () C:\Windows\Tasks\HPCeeScheduleForPC01$.job 2014-06-23 09:05 - 2012-09-02 08:19 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service 2014-06-23 01:11 - 2014-06-23 01:11 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox 2014-06-20 22:14 - 2014-07-09 10:15 - 00266424 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll 2014-06-20 21:39 - 2014-07-09 10:15 - 00240824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll 2014-06-20 01:21 - 2013-04-26 14:26 - 00004102 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA 2014-06-20 01:21 - 2013-04-26 14:26 - 00003850 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore 2014-06-19 03:39 - 2014-07-09 10:15 - 23464448 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2014-06-19 03:06 - 2014-07-09 10:15 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2014-06-19 03:06 - 2014-07-09 10:15 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll 2014-06-19 02:48 - 2014-07-09 10:15 - 02768384 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2014-06-19 02:42 - 2014-07-09 10:15 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll 2014-06-19 02:42 - 2014-07-09 10:15 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll 2014-06-19 02:41 - 2014-07-09 10:15 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll 2014-06-19 02:41 - 2014-07-09 10:15 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll 2014-06-19 02:32 - 2014-07-09 10:15 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll 2014-06-19 02:31 - 2014-07-09 10:15 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll 2014-06-19 02:26 - 2014-07-09 10:15 - 00598016 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll 2014-06-19 02:24 - 2014-07-09 10:15 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe 2014-06-19 02:24 - 2014-07-09 10:15 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe 2014-06-19 02:23 - 2014-07-09 10:15 - 00752640 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll 2014-06-19 02:16 - 2014-07-09 10:15 - 17276416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2014-06-19 02:14 - 2014-07-09 10:15 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe 2014-06-19 02:09 - 2014-07-09 10:15 - 00452608 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll 2014-06-19 01:59 - 2014-07-09 10:15 - 00038400 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll 2014-06-19 01:56 - 2014-07-09 10:15 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb 2014-06-19 01:53 - 2014-07-09 10:15 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll 2014-06-19 01:51 - 2014-07-09 10:15 - 05721088 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2014-06-19 01:50 - 2014-07-09 10:15 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll 2014-06-19 01:48 - 2014-07-09 10:15 - 00292864 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll 2014-06-19 01:39 - 2014-07-09 10:15 - 00608768 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe 2014-06-19 01:38 - 2014-07-09 10:15 - 00455168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll 2014-06-19 01:37 - 2014-07-09 10:15 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll 2014-06-19 01:36 - 2014-07-09 10:15 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll 2014-06-19 01:35 - 2014-07-09 10:15 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll 2014-06-19 01:33 - 2014-07-09 10:15 - 00631808 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2014-06-19 01:32 - 2014-07-09 10:15 - 02179072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2014-06-19 01:28 - 2014-07-09 10:15 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll 2014-06-19 01:28 - 2014-07-09 10:15 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll 2014-06-19 01:27 - 2014-07-09 10:15 - 02040832 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl 2014-06-19 01:27 - 2014-07-09 10:15 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll 2014-06-19 01:25 - 2014-07-09 10:15 - 00442368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll 2014-06-19 01:23 - 2014-07-09 10:15 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe 2014-06-19 01:22 - 2014-07-09 10:15 - 00592896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll 2014-06-19 01:12 - 2014-07-09 10:15 - 00367616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll 2014-06-19 01:06 - 2014-07-09 10:15 - 00032256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll 2014-06-19 01:01 - 2014-07-09 10:15 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll 2014-06-19 00:59 - 2014-07-09 10:15 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll 2014-06-19 00:58 - 2014-07-09 10:15 - 02266112 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2014-06-19 00:58 - 2014-07-09 10:15 - 00239616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll 2014-06-19 00:52 - 2014-07-09 10:15 - 04254720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll 2014-06-19 00:51 - 2014-07-09 10:15 - 13527040 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2014-06-19 00:49 - 2014-07-09 10:15 - 00526336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll 2014-06-19 00:46 - 2014-07-09 10:15 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll 2014-06-19 00:45 - 2014-07-09 10:15 - 01964544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl 2014-06-19 00:35 - 2014-07-09 10:15 - 11742208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2014-06-19 00:34 - 2014-07-09 10:15 - 01393664 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2014-06-19 00:15 - 2014-07-09 10:15 - 00846336 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll 2014-06-19 00:13 - 2014-07-09 10:15 - 01791488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2014-06-19 00:09 - 2014-07-09 10:15 - 01139200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2014-06-19 00:07 - 2014-07-09 10:15 - 00704512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll 2014-06-18 04:18 - 2014-07-09 10:02 - 00692736 _____ (Microsoft Corporation) C:\Windows\system32\osk.exe 2014-06-18 03:51 - 2014-07-09 10:02 - 00646144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\osk.exe 2014-06-18 03:10 - 2014-07-09 10:02 - 03157504 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys 2014-06-17 12:02 - 2012-01-03 13:06 - 00177208 _____ () C:\Users\*******\AppData\Local\GDIPFONTCACHEV1.DAT 2014-06-17 07:38 - 2014-06-17 07:38 - 00002311 _____ () C:\Users\Public\Desktop\Efuah Steu aufrufen.lnk 2014-06-17 07:38 - 2012-01-04 20:12 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Efuah ==================== Bamital & volsnap Check ================= C:\Windows\System32\winlogon.exe => File is digitally signed C:\Windows\System32\wininit.exe => File is digitally signed C:\Windows\SysWOW64\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\System32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\System32\services.exe => File is digitally signed C:\Windows\System32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\System32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\System32\rpcss.dll => File is digitally signed C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2014-07-08 12:35 ==================== End Of Log ============================ --- --- --- Fortsetzung folgt in weiterer Antwort Besten Gruß von Löwe |
Baum-Darstellung