| |
| |||||||
Log-Analyse und Auswertung: Aus Spam-Mail Link Trojaner Mal/DrodZp-A gefangen?Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
26.02.2015, 17:24
| #1 |
 |  Aus Spam-Mail Link Trojaner Mal/DrodZp-A gefangen? Hi Trojaner-Board Gleich vorab: Ich bin Freiberufler ohne eigene IT-Abteilung, nutze meinen Rechner beruflich, und bitte um eure Hilfe. Ich hab leider aus Versehen einen extrem gut getarnten Link in einem Spammail angeklicht. Hier habe ich eine gute Beschreibung der Falle gefunden: hxxp://www.netzwelt.de/news/151379-warnung-gefaelschte-e-mails-dhl-absender.html Die gefälschte E-Mail beginnt mit dem Betreff "Paketankündigung zu Ihrer Sendung" sieht ziemlich echt aus und enthält folgenden Text: "Sehr geehrte Kundin, sehr geehrter Kunde, Ihre Sendung 00644315826582884431 wurde an DHL übergeben und wird voraussichtlich am 24.02.2015 zugestellt. Hier erhalten Sie auch weitere Informationen zu Ihrer Sendung: 00644315826582884431. Mit freundlichen Grüßen, Ihr DHL Team Jetzt hab ich mir wahrscheinlich folgenden Trojaner eingefangen : "Mal/DrodZp-A", welcher auch unter dem Namen "Trojan.Generic.KDV.675279" bekannt ist. Der Link führte mich zu folgender Datei: hxxp://www.confeitarialancaster.com.br/wp-content/dhl_paket_de/dhl_paket_de_003407293054131348371 . zip Vielleicht eine dumme Frage: Wenn ich zwar den Link geklickt habe, aber die Zip-Datei nicht entpackt habe, bin ich dann trotzdem infiziert? AV-Antivir hat nichts gefunden (aber mir leider keinen Report ausgeworfen, den ich hier posten könnte.) frst.txt: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 25-02-2015 01
Ran by **** (administrator) on ONENOTEBOOK on 26-02-2015 16:40:50
Running from C:\Users\****\Downloads
Loaded Profiles: **** (Available profiles: ****)
Platform: Windows 8.1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Microsoft Corporation.) C:\Program Files (x86)\Microsoft\BingBar\7.1.355.0\BBSvc.EXE
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Bury GmbH & Co. KG) C:\Program Files (x86)\BURY Time Suite\BuryLoggerSyncService.exe
(Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Firebird Project) C:\Program Files (x86)\FirebirdSQL\bin\fbguard.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Realsil Microelectronics Inc.) C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
() C:\Program Files (x86)\Hotkey\PowerBiosServer.exe
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Secunia) C:\Program Files (x86)\Secunia\PSI\psia.exe
(VIA Technologies, Inc.) C:\Windows\System32\ViakaraokeSrv.exe
(Western Digital Technologies, Inc.) C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Western Digital Technologies, Inc.) C:\Program Files (x86)\Western Digital\WD SmartWare\WDBackupEngine.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Firebird Project) C:\Program Files (x86)\FirebirdSQL\bin\fbserver.exe
(Microsoft Corporation) C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_6.3.9600.17477_none_fa2b7d3b9b36c7b4\TiWorker.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
(Intel Corporation) C:\Windows\System32\igfxTray.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbwe\livecomm.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudDrive.exe
(TomTom) C:\Program Files (x86)\MyDrive Connect\MyDriveConnect.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Audible, Inc.) C:\Program Files (x86)\Audible\Bin\AudibleDownloadHelper.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
() C:\Program Files (x86)\Hotkey\Hotkey.exe
(Western Digital Technologies, Inc.) C:\Program Files (x86)\Western Digital\WD Quick View\WDDMStatus.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
(McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe
(Secunia) C:\Program Files (x86)\Secunia\PSI\psi_tray.exe
(Dropbox, Inc.) C:\Users\****\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqste08.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office15\MSOSYNC.EXE
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [ETDCtrl] => C:\Program Files\Elantech\ETDCtrl.exe [2871632 2012-09-07] (ELAN Microelectronics Corp.)
HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [287592 2014-03-06] (Intel Corporation)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2585928 2015-01-16] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [169768 2015-01-27] (Apple Inc.)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [702768 2014-12-16] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [WD Quick View] => C:\Program Files (x86)\Western Digital\WD Quick View\WDDMStatus.exe [5562736 2014-07-22] (Western Digital Technologies, Inc.)
HKLM-x32\...\Run: [Avira Systray] => C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe [126712 2015-01-19] (Avira Operations GmbH & Co. KG)
HKU\S-1-5-21-812830020-1975732003-1707996029-1001\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [43816 2014-10-17] (Apple Inc.)
HKU\S-1-5-21-812830020-1975732003-1707996029-1001\...\Run: [ApplePhotoStreams] => C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [43816 2014-11-21] (Apple Inc.)
HKU\S-1-5-21-812830020-1975732003-1707996029-1001\...\Run: [iCloudDrive] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudDrive.exe [43816 2014-10-20] (Apple Inc.)
HKU\S-1-5-21-812830020-1975732003-1707996029-1001\...\Run: [MyDriveConnect.exe] => C:\Program Files (x86)\MyDrive Connect\MyDriveConnect.exe [1792376 2014-10-03] (TomTom)
HKU\S-1-5-21-812830020-1975732003-1707996029-1001\...\MountPoints2: {04666cd7-221a-11e4-825b-a0a8cded914d} - "E:\AutoRun.exe"
HKU\S-1-5-21-812830020-1975732003-1707996029-1001\...\MountPoints2: {04666d0d-221a-11e4-825b-a0a8cded914d} - "E:\AutoRun.exe"
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Audible Download Manager.lnk
ShortcutTarget: Audible Download Manager.lnk -> C:\Program Files (x86)\Audible\Bin\AudibleDownloadHelper.exe (Audible, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Hotkey.lnk
ShortcutTarget: Hotkey.lnk -> C:\Program Files (x86)\Hotkey\Hotkey.exe ()
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe (McAfee, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Secunia PSI Tray.lnk
ShortcutTarget: Secunia PSI Tray.lnk -> C:\Program Files (x86)\Secunia\PSI\psi_tray.exe (Secunia)
Startup: C:\Users****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\An OneNote senden.lnk
ShortcutTarget: An OneNote senden.lnk -> C:\Program Files\Microsoft Office\Office15\ONENOTEM.EXE (Microsoft Corporation)
Startup: C:\Users****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\****\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt1"] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\****\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt2"] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\****\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt3"] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users****\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt4"] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users****\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt5"] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users****\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt6"] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users****\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt7"] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users****\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt8"] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users****\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKU\S-1-5-21-812830020-1975732003-1707996029-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://localoem.msn.com/?pc=SBJB
HKU\S-1-5-21-812830020-1975732003-1707996029-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://localoem.msn.com/?pc=SBJB
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-812830020-1975732003-1707996029-1001 -> DefaultScope {94F23E3F-3C71-4DA3-8391-F01D51F5B4FE} URL =
SearchScopes: HKU\S-1-5-21-812830020-1975732003-1707996029-1001 -> {94F23E3F-3C71-4DA3-8391-F01D51F5B4FE} URL =
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: MSS+ Identifier -> {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} -> C:\Program Files\McAfee Security Scan\3.8.150\McAfeeMSS_IE.dll (McAfee, Inc.)
BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Bing Bar Helper -> {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -> C:\Program Files (x86)\Microsoft\BingBar\7.1.355.0\BingExt.dll (Microsoft Corporation.)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM-x32 - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\7.1.355.0\BingExt.dll (Microsoft Corporation.)
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 217.0.43.177
FireFox:
========
FF ProfilePath: C:\Users****\AppData\Roaming\Mozilla\Firefox\Profiles\v2aq7y57.default
FF DefaultSearchEngine: Google Deutschland
FF SelectedSearchEngine: Google Deutschland
FF NetworkProxy: "type", 4
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_16_0_0_305.dll ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~1\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.1.2 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.5 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_305.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @java.com/DTPlugin,version=10.75.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.75.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Users\****\AppData\Roaming\Mozilla\Firefox\Profiles\v2aq7y57.default\searchplugins\google-deutschland.xml
FF SearchPlugin: C:\Users\****\AppData\Roaming\Mozilla\Firefox\Profiles\v2aq7y57.default\searchplugins\s-amazon-de.xml
FF Extension: Avira Browser Safety - C:\Users****\AppData\Roaming\Mozilla\Firefox\Profiles\v2aq7y57.default\Extensions\abs@avira.com [2015-02-02]
FF Extension: iCloud Bookmarks - C:\Users****\AppData\Roaming\Mozilla\Firefox\Profiles\v2aq7y57.default\Extensions\firefoxdav@icloud.com [2014-11-15]
FF Extension: ColorZillaStats - C:\Users****\AppData\Roaming\Mozilla\Firefox\Profiles\v2aq7y57.default\Extensions\stats@colorzilla.com [2014-08-12]
FF Extension: Garmin Communicator - C:\Users****\AppData\Roaming\Mozilla\Firefox\Profiles\v2aq7y57.default\Extensions\{195A3098-0BD5-4e90-AE22-BA1C540AFD1E} [2014-09-29]
FF Extension: Google Toolbar for Firefox - C:\Users***\AppData\Roaming\Mozilla\Firefox\Profiles\v2aq7y57.default\Extensions\{3112ca9c-de6d-4884-a869-9855de68056c} [2014-08-12]
FF Extension: WOT - C:\Users\****\AppData\Roaming\Mozilla\Firefox\Profiles\v2aq7y57.default\Extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} [2014-08-12]
FF Extension: Page Zoom Button - C:\Users****\AppData\Roaming\Mozilla\Firefox\Profiles\v2aq7y57.default\Extensions\54c7d9671b9eccd9e5686a73df34ab60@button.codefisher.org.xpi [2014-08-12]
FF Extension: anonymoX - C:\Users****\AppData\Roaming\Mozilla\Firefox\Profiles\v2aq7y57.default\Extensions\client@anonymox.net.xpi [2014-09-15]
FF Extension: MozRepl - C:\Users****\AppData\Roaming\Mozilla\Firefox\Profiles\v2aq7y57.default\Extensions\mozrepl@hyperstruct.net.xpi [2014-08-12]
FF Extension: SEO Status PageRank/Alexa Toolbar - C:\Users****\AppData\Roaming\Mozilla\Firefox\Profiles\v2aq7y57.default\Extensions\seostatus@rubyweb.xpi [2014-08-12]
FF Extension: NoScript - C:\Users****\AppData\Roaming\Mozilla\Firefox\Profiles\v2aq7y57.default\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2015-02-21]
FF Extension: Address Bar Search - C:\Users****\AppData\Roaming\Mozilla\Firefox\Profiles\v2aq7y57.default\Extensions\{badea1ae-72ed-4f6a-8c37-4db9a4ac7bc9}.xpi [2014-08-12]
FF Extension: Adblock Plus - C:\Users****\AppData\Roaming\Mozilla\Firefox\Profiles\v2aq7y57.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2015-01-15]
FF HKU\S-1-5-21-812830020-1975732003-1707996029-1001\...\Firefox\Extensions: [{e4f94d1e-2f53-401e-8885-681602c0ddd8}] - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi
FF Extension: McAfee Security Scan Plus - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi [2014-04-04]
Chrome:
=======
CHR HKLM-x32\...\Chrome\Extension: [bopakagnckmlgajfccecajhnimjiiedh] - hxxp://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - https://clients2.google.com/service/update2/crx
==================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [431920 2014-12-16] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [431920 2014-12-16] (Avira Operations GmbH & Co. KG)
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77128 2015-01-19] (Apple Inc.)
R2 Avira.OE.ServiceHost; C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe [182520 2015-01-19] (Avira Operations GmbH & Co. KG)
R2 BuryLoggerSyncService; C:\Program Files (x86)\BURY Time Suite\BuryLoggerSyncService.exe [107520 2011-03-08] (Bury GmbH & Co. KG) [File not signed]
R2 FirebirdGuardianBURYTIMESUITE; C:\Program Files (x86)\FirebirdSQL\bin\fbguard.exe [81920 2010-04-19] (Firebird Project) [File not signed]
R3 FirebirdServerBURYTIMESUITE; C:\Program Files (x86)\FirebirdSQL\bin\fbserver.exe [2723840 2010-04-19] (Firebird Project) [File not signed]
S3 Futuremark SystemInfo Service; C:\Program Files (x86)\Futuremark\SystemInfo\FMSISvc.exe [614624 2014-09-02] (Futuremark)
R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1148744 2015-01-16] (NVIDIA Corporation)
R2 HPSLPSVC; C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL [1039360 2011-08-18] (Hewlett-Packard Co.) [File not signed]
R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [15720 2014-03-06] (Intel Corporation)
R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [315352 2014-05-21] (Intel Corporation)
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.150\McCHSvc.exe [289256 2014-04-09] (McAfee, Inc.)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [284912 2013-10-11] ()
R2 Net Driver HPZ12; C:\Windows\System32\HPZinw12.dll [71680 2010-08-06] (Hewlett-Packard) [File not signed]
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1706312 2015-01-16] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [21833544 2015-01-16] (NVIDIA Corporation)
R2 Pml Driver HPZ12; C:\Windows\System32\HPZipm12.dll [89600 2010-08-06] (Hewlett-Packard) [File not signed]
R2 PowerBiosServer; C:\Program Files (x86)\Hotkey\PowerBiosServer.exe [46080 2013-12-26] () [File not signed]
R2 Secunia PSI Agent; C:\Program Files (x86)\Secunia\PSI\PSIA.exe [1229528 2013-12-06] (Secunia)
S2 Secunia Update Agent; C:\Program Files (x86)\Secunia\PSI\sua.exe [662232 2013-12-06] (Secunia)
R2 VIAKaraokeService; C:\Windows\system32\viakaraokesrv.exe [27792 2012-08-15] (VIA Technologies, Inc.)
R2 WDBackup; C:\Program Files (x86)\Western Digital\WD SmartWare\WDBackupEngine.exe [1042808 2014-12-02] (Western Digital Technologies, Inc.)
R2 WDDriveService; C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe [296312 2014-07-22] (Western Digital Technologies, Inc.)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [368632 2014-09-22] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2014-09-22] (Microsoft Corporation)
R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3671792 2013-10-11] (Intel® Corporation)
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R3 AirplaneModeHid; C:\Windows\system32\DRIVERS\AirplaneModeHid.sys [26888 2013-06-27] (Insyde Corporation)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [119272 2014-10-09] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\system32\DRIVERS\avipbb.sys [131608 2014-10-09] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\system32\DRIVERS\avkmgr.sys [28600 2014-07-23] (Avira Operations GmbH & Co. KG)
R3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [226304 2014-03-18] (Microsoft Corporation)
S3 dot4; C:\Windows\system32\DRIVERS\Dot4.sys [151968 2012-10-19] (Windows (R) Win 7 DDK provider)
S3 Dot4Print; C:\Windows\System32\drivers\Dot4Prt.sys [27040 2012-10-19] (Windows (R) Win 7 DDK provider)
S3 GPUZ; C:\Windows\TEMP\GPUZ.sys [27008 2014-11-21] ()
R3 MEIx64; C:\Windows\system32\DRIVERS\TeeDriverx64.sys [118272 2014-03-20] (Intel Corporation)
R3 NETwNb64; C:\Windows\system32\DRIVERS\NETwbw02.sys [3607520 2013-10-14] (Intel Corporation)
S3 NETwNe64; C:\Windows\system32\DRIVERS\NETwew02.sys [4649440 2013-06-18] (Intel Corporation)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [19784 2015-01-16] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\system32\drivers\nvvad64v.sys [38032 2014-11-22] (NVIDIA Corporation)
R3 PSI; C:\Windows\System32\DRIVERS\psi_mf_amd64.sys [18456 2013-12-06] (Secunia)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2014-09-22] (Microsoft Corporation)
S3 cpuz137; \??\C:\Windows\TEMP\cpuz137\cpuz137_x64.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-02-26 16:40 - 2015-02-26 16:41 - 00025168 _____ () C:\Users\****\Downloads\FRST.txt
2015-02-26 16:40 - 2015-02-26 16:40 - 00000000 ____D () C:\FRST
2015-02-26 16:39 - 2015-02-26 16:39 - 00008192 _____ () C:\Windows\SysWOW64\WDPABKP.dat
2015-02-26 16:35 - 2015-02-26 16:35 - 00000472 _____ () C:\Users\****\Downloads\defogger_disable.log
2015-02-26 16:35 - 2015-02-26 16:35 - 00000000 _____ () C:\Users\****\defogger_reenable
2015-02-26 16:33 - 2015-02-26 16:33 - 00380416 _____ () C:\Users\****\Downloads\Gmer-19357.exe
2015-02-26 16:32 - 2015-02-26 16:32 - 02087936 _____ (Farbar) C:\Users\****\Downloads\FRST64.exe
2015-02-26 16:32 - 2015-02-26 16:32 - 00050477 _____ () C:\Users\****\Downloads\Defogger.exe
2015-02-25 14:35 - 2014-12-13 22:28 - 00513488 _____ () C:\Windows\SysWOW64\locale.nls
2015-02-25 14:35 - 2014-12-13 22:28 - 00513488 _____ () C:\Windows\system32\locale.nls
2015-02-25 14:35 - 2014-10-29 02:27 - 01200128 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Globalization.dll
2015-02-25 14:35 - 2014-10-29 02:27 - 00323072 _____ (Microsoft Corporation) C:\Windows\system32\GlobCollationHost.dll
2015-02-25 14:35 - 2014-10-29 02:04 - 00868352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Globalization.dll
2015-02-25 14:35 - 2014-10-29 02:04 - 00200704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\GlobCollationHost.dll
2015-02-25 11:34 - 2015-02-25 11:34 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2015-02-23 17:48 - 2015-02-23 17:48 - 00002083 _____ () C:\Users\Public\Desktop\SSDlife Pro.lnk
2015-02-23 17:48 - 2015-02-23 17:48 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SSDlife
2015-02-23 17:48 - 2015-02-23 17:48 - 00000000 ____D () C:\Program Files (x86)\BinarySense
2015-02-23 17:41 - 2015-02-23 17:44 - 04812800 _____ () C:\Users\****\Downloads\SSDlife Pro 2.5.82.msi
2015-02-23 14:11 - 2015-02-23 16:22 - 00000000 __RHD () C:\ESD
2015-02-13 17:13 - 2015-02-13 17:13 - 00001035 _____ () C:\Users\****\Desktop\Dropbox.lnk
2015-02-12 15:56 - 2015-01-23 05:41 - 06041600 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-02-12 15:56 - 2015-01-23 04:17 - 04300800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-02-11 10:15 - 2015-01-15 23:43 - 00563504 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2015-02-11 10:15 - 2015-01-15 23:43 - 00177984 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-02-11 10:15 - 2015-01-14 05:22 - 00445440 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
2015-02-11 10:15 - 2015-01-14 04:53 - 00324096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
2015-02-11 10:15 - 2015-01-13 23:11 - 01762840 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2015-02-11 10:15 - 2015-01-13 23:04 - 01489072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2015-02-11 10:15 - 2015-01-10 10:10 - 07472960 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-02-11 10:15 - 2015-01-10 10:10 - 01733440 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2015-02-11 10:15 - 2015-01-10 09:28 - 01498360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2015-02-11 10:15 - 2014-12-19 09:57 - 00788680 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll
2015-02-11 10:15 - 2014-12-19 09:25 - 00602776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleaut32.dll
2015-02-11 10:15 - 2014-12-09 04:45 - 00393728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\scesrv.dll
2015-02-11 10:15 - 2014-12-09 02:56 - 00538624 _____ (Microsoft Corporation) C:\Windows\system32\scesrv.dll
2015-02-11 10:15 - 2014-12-09 00:12 - 00391526 _____ () C:\Windows\system32\ApnDatabase.xml
2015-02-11 10:15 - 2014-10-29 03:51 - 00154112 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-02-11 10:15 - 2014-10-29 03:50 - 00736768 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-02-11 10:15 - 2014-10-29 03:06 - 00736768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2015-02-11 10:15 - 2014-10-29 03:06 - 00154112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2015-02-11 10:15 - 2014-10-29 03:02 - 00285184 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2015-02-11 10:15 - 2014-10-29 03:02 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2015-02-11 10:15 - 2014-10-29 02:57 - 00016896 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2015-02-11 10:15 - 2014-10-29 02:31 - 01441792 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-02-11 10:15 - 2014-10-29 02:15 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2015-02-11 10:15 - 2014-10-29 02:15 - 00005632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2015-02-11 10:15 - 2014-10-29 02:14 - 00004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2015-02-11 10:15 - 2014-10-29 02:13 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2015-02-11 10:15 - 2014-10-29 02:13 - 00008704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2015-02-11 10:13 - 2015-01-19 19:42 - 01487976 _____ (Microsoft Corporation) C:\Windows\system32\sppobjs.dll
2015-02-11 10:13 - 2015-01-12 04:09 - 25056256 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-02-11 10:13 - 2015-01-12 03:48 - 02885632 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-02-11 10:13 - 2015-01-12 03:48 - 00584192 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-02-11 10:13 - 2015-01-12 03:47 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-02-11 10:13 - 2015-01-12 03:34 - 00816128 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-02-11 10:13 - 2015-01-12 03:25 - 19740160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-02-11 10:13 - 2015-01-12 03:21 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-02-11 10:13 - 2015-01-12 03:08 - 00503296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-02-11 10:13 - 2015-01-12 03:07 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-02-11 10:13 - 2015-01-12 03:05 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2015-02-11 10:13 - 2015-01-12 03:02 - 02277888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-02-11 10:13 - 2015-01-12 02:58 - 01032704 _____ (Microsoft Corporation) C:\Windows\system32\inetcomm.dll
2015-02-11 10:13 - 2015-01-12 02:55 - 00664064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2015-02-11 10:13 - 2015-01-12 02:51 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2015-02-11 10:13 - 2015-01-12 02:48 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-02-11 10:13 - 2015-01-12 02:48 - 00718848 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-02-11 10:13 - 2015-01-12 02:48 - 00374272 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-02-11 10:13 - 2015-01-12 02:46 - 02125824 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-02-11 10:13 - 2015-01-12 02:45 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2015-02-11 10:13 - 2015-01-12 02:43 - 14401024 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-02-11 10:13 - 2015-01-12 02:34 - 00128000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
2015-02-11 10:13 - 2015-01-12 02:30 - 00880128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcomm.dll
2015-02-11 10:13 - 2015-01-12 02:27 - 02865152 _____ (Microsoft Corporation) C:\Windows\system32\actxprxy.dll
2015-02-11 10:13 - 2015-01-12 02:27 - 02358272 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-02-11 10:13 - 2015-01-12 02:25 - 00230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2015-02-11 10:13 - 2015-01-12 02:23 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-02-11 10:13 - 2015-01-12 02:23 - 00688640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-02-11 10:13 - 2015-01-12 02:23 - 00327168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2015-02-11 10:13 - 2015-01-12 02:14 - 12829184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-02-11 10:13 - 2015-01-12 02:14 - 01548288 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-02-11 10:13 - 2015-01-12 02:02 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-02-11 10:13 - 2015-01-12 02:00 - 01888256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-02-11 10:13 - 2015-01-12 01:56 - 01307136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-02-11 10:13 - 2015-01-12 01:55 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2015-02-11 10:13 - 2015-01-10 09:22 - 04175872 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-02-11 10:13 - 2015-01-10 08:00 - 00430080 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-02-11 10:13 - 2015-01-10 07:38 - 00359424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2015-02-09 10:42 - 2015-02-09 10:42 - 00001771 _____ () C:\Users\Public\Desktop\iTunes.lnk
2015-02-09 10:42 - 2015-02-09 10:42 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2015-02-09 10:41 - 2015-02-09 10:42 - 00000000 ____D () C:\ProgramData\E1864A66-75E3-486a-BD95-D1B7D99A84A7
2015-02-09 10:41 - 2015-02-09 10:42 - 00000000 ____D () C:\Program Files\iTunes
2015-02-09 10:41 - 2015-02-09 10:41 - 00000000 ____D () C:\Program Files\iPod
2015-02-09 10:41 - 2015-02-09 10:41 - 00000000 ____D () C:\Program Files (x86)\iTunes
2015-02-06 12:19 - 2015-02-03 20:31 - 00714720 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-02-06 12:19 - 2015-02-03 20:31 - 00106976 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-01-28 08:55 - 2014-04-16 00:35 - 00028352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\aspnet_counters.dll
2015-01-28 08:55 - 2014-04-16 00:34 - 00029888 _____ (Microsoft Corporation) C:\Windows\system32\aspnet_counters.dll
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-02-26 16:40 - 2014-08-19 16:39 - 00005132 _____ () C:\Windows\System32\Tasks\Microsoft Office 15 Sync Maintenance for ONENOTEBOOK-**** OneNotebook
2015-02-26 16:40 - 2014-08-12 11:08 - 00000000 ___RD () C:\Users\****\OneDrive
2015-02-26 16:40 - 2014-08-12 10:58 - 01313540 _____ () C:\Windows\WindowsUpdate.log
2015-02-26 16:39 - 2014-09-30 16:37 - 00000000 ___RD () C:\Users\****\iCloudDrive
2015-02-26 16:39 - 2014-08-20 06:54 - 00000000 ___RD () C:\Users\****\Dropbox
2015-02-26 16:39 - 2014-08-20 06:52 - 00000000 ____D () C:\Users\****\AppData\Roaming\Dropbox
2015-02-26 16:38 - 2014-08-12 16:39 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2015-02-26 16:38 - 2014-03-18 02:50 - 00167984 _____ () C:\Windows\PFRO.log
2015-02-26 16:38 - 2013-08-22 15:46 - 00054389 _____ () C:\Windows\setupact.log
2015-02-26 16:38 - 2013-08-22 15:45 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-02-26 16:38 - 2013-08-22 14:25 - 00262144 ___SH () C:\Windows\system32\config\BBI
2015-02-26 16:35 - 2014-08-12 11:05 - 00000000 ____D () C:\Users\****
2015-02-26 16:00 - 2013-08-22 16:36 - 00000000 ____D () C:\Windows\system32\sru
2015-02-26 15:43 - 2015-01-24 12:18 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-02-25 16:55 - 2013-08-22 16:20 - 00000000 ____D () C:\Windows\CbsTemp
2015-02-25 10:33 - 2014-03-18 11:03 - 01780340 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-02-25 10:33 - 2014-03-18 10:25 - 00766620 _____ () C:\Windows\system32\perfh007.dat
2015-02-25 10:33 - 2014-03-18 10:25 - 00159902 _____ () C:\Windows\system32\perfc007.dat
2015-02-23 19:10 - 2014-08-12 17:57 - 00000000 ____D () C:\Users\****\.freemind
2015-02-23 18:31 - 2014-08-12 11:10 - 00003598 _____ () C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-812830020-1975732003-1707996029-1001
2015-02-23 17:50 - 2014-09-14 16:52 - 00000000 ____D () C:\ProgramData\TEMP
2015-02-21 18:17 - 2013-08-22 16:36 - 00000000 ____D () C:\Windows\AppReadiness
2015-02-18 14:14 - 2014-08-12 19:02 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013
2015-02-18 14:13 - 2014-08-12 18:58 - 00000000 ____D () C:\ProgramData\Microsoft Help
2015-02-15 17:15 - 2013-08-22 16:36 - 00000000 ____D () C:\Windows\rescache
2015-02-15 15:15 - 2014-08-12 11:05 - 00000000 ____D () C:\Users\****\AppData\Local\Packages
2015-02-13 17:13 - 2014-08-20 06:53 - 00000000 ____D () C:\Users\****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2015-02-12 15:44 - 2013-08-22 15:44 - 00483648 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-02-11 10:42 - 2014-08-19 10:40 - 00000000 ____D () C:\Windows\system32\MRT
2015-02-11 10:40 - 2014-08-19 10:40 - 116773704 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-02-11 10:40 - 2013-08-22 14:25 - 00000202 _____ () C:\Windows\win.ini
2015-02-11 09:42 - 2014-08-12 16:22 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2015-02-11 09:42 - 2014-08-12 16:22 - 00000000 ____D () C:\Program Files (x86)\Avira
2015-02-11 09:42 - 2014-08-01 10:13 - 00000000 ____D () C:\ProgramData\Package Cache
2015-02-09 10:41 - 2014-08-18 08:46 - 00000000 ____D () C:\Program Files\Common Files\Apple
2015-02-06 13:43 - 2014-08-22 08:59 - 00000000 ____D () C:\Program Files (x86)\BURY Time Suite
2015-02-05 15:43 - 2015-01-24 12:18 - 00003772 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-01-28 16:47 - 2014-11-26 10:39 - 00000000 ____D () C:\Users\****\AppData\Roaming\KeePass
==================== Files in the root of some directories =======
2014-08-18 10:20 - 2014-08-18 10:25 - 0001370 _____ () C:\ProgramData\hpzinstall.log
Some content of TEMP:
====================
C:\Users\****\AppData\Local\Temp\abelssoft.setup.exe
C:\Users\****\AppData\Local\Temp\avgnt.exe
C:\Users\****\AppData\Local\Temp\DataCard_Setup64.exe
C:\Users\****\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmprh4xju.dll
C:\Users\****\AppData\Local\Temp\jre-7u71-windows-i586-iftw.exe
C:\Users\****\AppData\Local\Temp\MouseKeyboardCenterx64_1031.exe
C:\Users\****\AppData\Local\Temp\ResetDevice.exe
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2015-02-26 13:08
==================== End Of Log ============================
Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x64) Version: 25-02-2015 01
Ran by **** at 2015-02-26 16:41:16
Running from C:\Users\****\Downloads
Boot Mode: Normal
==========================================================
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Avira Desktop (Enabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Avira Desktop (Enabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installed Programs ======================
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
3DMark (HKLM-x32\...\{33f8bc21-1d62-455b-8038-c8296d01ec48}) (Version: 1.4.780.0 - Futuremark)
3DMark (Version: 1.4.780.0 - Futuremark) Hidden
64 Bit HP CIO Components Installer (Version: 7.2.8 - Hewlett-Packard) Hidden
6500_E709_eDocs (x32 Version: 1.00.0000 - Hewlett-Packard) Hidden
6500_E709_Help (x32 Version: 1.00.0000 - Hewlett-Packard) Hidden
6500_E709n (x32 Version: 140.0.001.000 - Hewlett-Packard) Hidden
Adobe Flash Player 16 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 16.0.0.305 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.10) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)
Airplane Mode Hid Installer (HKLM-x32\...\InstallShield_{5E5B067F-52A4-447E-A3F1-D6DD10565E73}) (Version: 2.0.0.5 - )
Airplane Mode Hid Installer (x32 Version: 2.0.0.5 - ) Hidden
Apple Application Support (32-Bit) (HKLM-x32\...\{2FE00055-C4F3-4F7A-AEDD-E198D54CF12F}) (Version: 3.1.1 - Apple Inc.)
Apple Application Support (64-Bit) (HKLM\...\{28791292-D18D-42FA-AE66-3D3D20AA8618}) (Version: 3.1.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{5ED7462B-EF58-4757-B609-53755021EC34}) (Version: 8.1.0.18 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Audible Download Manager (HKLM-x32\...\AudibleDownloadManager) (Version: 6.6.0.15 - Audible, Inc.)
Avira (HKLM-x32\...\{bd538030-07d4-4999-a525-7fafa2483f56}) (Version: 1.1.30.21727 - Avira Operations & Co. KG)
Avira (x32 Version: 1.1.30.21727 - Avira Operations & Co. KG) Hidden
Avira Free Antivirus (HKLM-x32\...\Avira AntiVir Desktop) (Version: 14.0.7.468 - Avira)
Bing Bar (HKLM-x32\...\{3611CA6C-5FCA-4900-A329-6A118123CCFC}) (Version: 7.1.355.0 - Microsoft Corporation)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
bpd_scan (x32 Version: 3.00.0000 - Hewlett-Packard) Hidden
BPDSoftware (x32 Version: 140.0.001.000 - Hewlett-Packard) Hidden
BPDSoftware_Ini (x32 Version: 1.00.0000 - Hewlett-Packard) Hidden
BufferChm (x32 Version: 140.0.298.000 - Hewlett-Packard) Hidden
BURY Time Suite 1.37 (HKLM-x32\...\BURY Time Suite) (Version: 1.37 - Bury GmbH & Co. KG)
Destinations (x32 Version: 140.0.253.000 - Hewlett-Packard) Hidden
DeviceDiscovery (x32 Version: 140.0.298.000 - Hewlett-Packard) Hidden
DocProc (x32 Version: 140.0.185.000 - Hewlett-Packard) Hidden
Dropbox (HKU\S-1-5-21-812830020-1975732003-1707996029-1001\...\Dropbox) (Version: 3.2.6 - Dropbox, Inc.)
ETDWare PS/2-X64 11.10.3.4_WHQL (HKLM\...\Elantech) (Version: 11.10.3.4 - ELAN Microelectronic Corp.)
Fax (x32 Version: 140.0.307.000 - Hewlett-Packard) Hidden
FreeMind (HKLM-x32\...\B991B020-2968-11D8-AF23-444553540000_is1) (Version: 1.0.1 - )
Futuremark SystemInfo (HKLM-x32\...\{E114E635-F06E-43B4-A800-74A22536B1B0}) (Version: 4.30.472.0 - Futuremark)
Garmin BaseCamp (HKLM-x32\...\{9E38D688-E74E-4FEB-8038-A8AB586315A0}) (Version: 4.4.1 - Garmin Ltd or its subsidiaries)
Garmin USB Drivers (HKLM-x32\...\{3D5D6CFC-3097-425A-8D8F-7EAF5D57641D}) (Version: 2.3.1.0 - Garmin Ltd or its subsidiaries)
GPBaseService2 (x32 Version: 140.0.297.000 - Hewlett-Packard) Hidden
Hotkey 8.0153 (HKLM-x32\...\InstallShield_{164714B6-46BC-4649-9A30-A6ED32F03B5A}) (Version: 8.0153 - NoteBook)
Hotkey 8.0153 (x32 Version: 8.0153 - NoteBook) Hidden
HP Customer Participation Program 14.0 (HKLM\...\HPExtendedCapabilities) (Version: 14.0 - HP)
HP Imaging Device Functions 14.0 (HKLM\...\HP Imaging Device Functions) (Version: 14.0 - HP)
HP Officejet 6500 E709 Series (HKLM\...\{9C57D227-1FE7-4F40-BD49-2BCA7761B083}) (Version: 14.0 - HP)
HP Solution Center 14.0 (HKLM\...\HP Solution Center & Imaging Support Tools) (Version: 14.0 - HP)
HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
HPProductAssistant (x32 Version: 140.0.298.000 - Hewlett-Packard) Hidden
HPSSupply (x32 Version: 140.0.297.000 - Hewlett-Packard) Hidden
iCloud (HKLM\...\{309768A4-A2BB-4930-A5A2-8169678C9B4C}) (Version: 4.0.6.28 - Apple Inc.)
Insyde Airplane Mode HID Mini-Driver (HKLM\...\AirplaneModeHid) (Version: 1.3.0.0 - Insyde Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3621 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 12.9.2.1000 - Intel Corporation)
Intel® PROSet/Wireless Software (HKLM-x32\...\{105fa5c4-72e1-41f2-a82c-884d8aa4b381}) (Version: 16.6.0 - Intel Corporation)
iTunes (HKLM\...\{7B8D4E8A-EA2B-4A71-BFEB-A4AAAB87C5D0}) (Version: 12.1.0.71 - Apple Inc.)
Java 7 Update 75 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F03217075FF}) (Version: 7.0.750 - Oracle)
MarketResearch (x32 Version: 140.0.212.000 - Hewlett-Packard) Hidden
McAfee Security Scan Plus (HKLM\...\McAfee Security Scan) (Version: 3.8.150.1 - McAfee, Inc.)
Microsoft ASP.NET MVC 4 Runtime (HKLM-x32\...\{3FE312D5-B862-40CE-8E4E-A6D8ABF62736}) (Version: 4.0.40804.0 - Microsoft Corporation)
Microsoft Office Professional Plus 2013 (HKLM\...\Office15.PROPLUSR) (Version: 15.0.4569.1506 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft Visual Studio 2010-Tools für Office-Laufzeit (x64) Language Pack - DEU (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64) Language Pack - DEU) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft-Maus- und Tastatur-Center (HKLM\...\Microsoft Mouse and Keyboard Center) (Version: 2.3.188.0 - Microsoft Corporation)
Mobile Partner (HKLM-x32\...\Mobile Partner) (Version: 11.300.05.13.40 - Huawei Technologies Co.,Ltd)
Mozilla Firefox 36.0 (x86 de) (HKLM-x32\...\Mozilla Firefox 36.0 (x86 de)) (Version: 36.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 33.0 - Mozilla)
MyDriveConnect 3.3.0.1812 (HKLM-x32\...\MyDriveConnect) (Version: 3.3.0.1812 - TomTom)
Network64 (Version: 140.0.306.000 - Hewlett-Packard) Hidden
NVIDIA GeForce Experience 2.2.2 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.2.2 - NVIDIA Corporation)
NVIDIA Grafiktreiber 347.25 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 347.25 - NVIDIA Corporation)
NVIDIA PhysX-Systemsoftware 9.14.0702 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.14.0702 - NVIDIA Corporation)
OCR Software by I.R.I.S. 14.0 (HKLM\...\HPOCR) (Version: 14.0 - HP)
Outils de vérification linguistique 2013 de Microsoft Office*- Français (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
ProductContext (x32 Version: 140.0.001.000 - Hewlett-Packard) Hidden
Realtek PCIE Card Reader (HKLM-x32\...\{0D61A55C-3ADC-409F-BF5B-A1766D1F5944}) (Version: 6.2.9200.27035 - Realtek Semiconductor Corp.)
Scan (x32 Version: 140.0.253.000 - Hewlett-Packard) Hidden
Secunia PSI (3.0.0.9016) (HKLM-x32\...\Secunia PSI) (Version: 3.0.0.9016 - Secunia)
Service Pack 1 for Microsoft Office 2013 (KB2850036) 64-Bit Edition (HKLM\...\{91150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUSR_{D82063A8-7C8C-4C3B-A9BB-95138CA55D26}) (Version: - Microsoft)
Service Pack 1 for Microsoft Office 2013 (KB2850036) 64-Bit Edition (Version: - Microsoft) Hidden
SHIELD Streaming (Version: 4.0.1000 - NVIDIA Corporation) Hidden
SHIELD Wireless Controller Driver (Version: 17.12.8 - NVIDIA Corporation) Hidden
Shop for HP Supplies (HKLM\...\Shop for HP Supplies) (Version: 14.0 - HP)
SolutionCenter (x32 Version: 140.0.299.000 - Hewlett-Packard) Hidden
SSDlife Pro (HKLM-x32\...\{6F104B6D-535A-4D27-9A11-8525368AEB1F}) (Version: 2.5.82 - BinarySense Inc.)
Status (x32 Version: 140.0.342.000 - Hewlett-Packard) Hidden
Toolbox (x32 Version: 140.0.596.000 - Hewlett-Packard) Hidden
TrayApp (x32 Version: 140.0.297.000 - Hewlett-Packard) Hidden
Visual Studio C++ 10.0 Runtime (HKLM-x32\...\{4412F224-3849-4461-A3E9-DEEF8D252790}) (Version: 10.0.0 - TomTom International B.V.)
VLC media player (HKLM\...\VLC media player) (Version: 2.1.5 - VideoLAN)
WD Quick View (HKLM-x32\...\{C58994CF-D15D-41E3-A03B-587B39EAA903}) (Version: 2.4.6.3 - Western Digital Technologies, Inc.)
WD SmartWare (HKLM\...\{142D42E3-07A9-4AAC-BD3B-636392891706}) (Version: 2.4.6.3 - Western Digital Technologies, Inc.)
WD SmartWare Installer (HKLM-x32\...\{1891b882-48f7-442d-98d0-c1ce533f25bd}) (Version: 2.4.6.3 - Western Digital Technologies, Inc.)
WebReg (x32 Version: 140.0.297.017 - Hewlett-Packard) Hidden
Windows Driver Package - Garmin (grmnusb) GARMIN Devices (04/19/2012 2.3.1.0) (HKLM\...\98157A226B40B173301B0F53C8E98C47805D5152) (Version: 04/19/2012 2.3.1.0 - Garmin)
Windows-Treiberpaket - Insyde (AirplaneModeHid) HIDClass (07/01/2013 1.3.0.0) (HKLM\...\E38E8D276444640BFCE21B5A73FD63C479B76259) (Version: 07/01/2013 1.3.0.0 - Insyde)
==================== Custom CLSID (selected items): ==========================
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
CustomCLSID: HKU\S-1-5-21-812830020-1975732003-1707996029-1001_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\****\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-812830020-1975732003-1707996029-1001_Classes\CLSID\{ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C}\InprocServer32 -> C:\Users\****\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-812830020-1975732003-1707996029-1001_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\****\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-812830020-1975732003-1707996029-1001_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\****\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-812830020-1975732003-1707996029-1001_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\****\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-812830020-1975732003-1707996029-1001_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\****\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-812830020-1975732003-1707996029-1001_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\****\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-812830020-1975732003-1707996029-1001_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\****\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-812830020-1975732003-1707996029-1001_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\****\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-812830020-1975732003-1707996029-1001_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\****\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
==================== Restore Points =========================
18-02-2015 14:13:38 Windows Update
23-02-2015 17:48:50 Installed SSDlife Pro
==================== Hosts content: ==========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2013-08-22 14:25 - 2013-08-22 14:25 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
==================== Scheduled Tasks (whitelisted) =============
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
Task: {022CAC1C-545E-454E-A5E3-FE882DD66636} - System32\Tasks\Microsoft_Hardware_Launch_ipoint_exe => C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2014-03-19] (Microsoft Corporation)
Task: {04977458-EFF5-46BF-A305-DAFCDF9D1FB1} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19] (Adobe Systems Incorporated)
Task: {13A3D097-C071-4221-81FF-8BB8E5E840CF} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-23] (Microsoft Corporation)
Task: {4D8411CD-1188-454D-9AD9-F09092A64C84} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-02-05] (Adobe Systems Incorporated)
Task: {52D9AE5B-D737-47DE-ABE9-8D21DD775C18} - System32\Tasks\Microsoft_MKC_Logon_Task_itype.exe => C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2014-03-19] (Microsoft Corporation)
Task: {68EF0F27-946D-4D19-B85C-A31115800620} - System32\Tasks\Microsoft_MKC_Logon_Task_ipoint.exe => C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2014-03-19] (Microsoft Corporation)
Task: {743DF962-68C2-4E20-A7D2-4CE7303935C2} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-23] (Microsoft Corporation)
Task: {7EA19279-7946-418A-94B7-5ADCB7CCC365} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe [2014-01-23] (Microsoft Corporation)
Task: {89D54D60-D510-428C-8729-50C645F019DE} - System32\Tasks\Microsoft_Hardware_Launch_mousekeyboardcenter_exe => C:\Program Files\Microsoft Mouse and Keyboard Center\mousekeyboardcenter.exe [2014-03-19] (Microsoft)
Task: {94B13824-762E-4621-9EAA-927A39DCCF01} - System32\Tasks\Microsoft_Hardware_Launch_itype_exe => C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2014-03-19] (Microsoft Corporation)
Task: {A9774601-0187-431D-9F9C-022F9C00AE66} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {BC5D3AA3-4716-4F7D-A729-BE6A3AA61C67} - System32\Tasks\Microsoft Office 15 Sync Maintenance for ONENOTEBOOK-**** OneNotebook => C:\Program Files\Microsoft Office\Office15\MsoSync.exe [2015-01-21] (Microsoft Corporation)
Task: {F7658761-4E79-4B3A-8AE2-E58F23A95CF1} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\Windows\system32\MRT.exe [2015-02-11] (Microsoft Corporation)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
==================== Loaded Modules (whitelisted) ==============
2014-08-01 10:14 - 2015-01-10 00:29 - 00117392 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2015-01-20 22:35 - 2015-01-20 22:35 - 00085832 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2015-01-20 22:35 - 2015-01-20 22:35 - 01346344 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2013-12-26 16:24 - 2013-12-26 16:24 - 00046080 _____ () C:\Program Files (x86)\Hotkey\PowerBiosServer.exe
2014-01-10 15:21 - 2014-01-10 15:21 - 04902912 _____ () C:\Program Files (x86)\Hotkey\Hotkey.exe
2015-01-20 22:35 - 2015-01-20 22:35 - 01044776 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2014-10-03 13:04 - 2014-10-03 13:04 - 00026488 _____ () C:\Program Files (x86)\MyDrive Connect\DeviceDetection.dll
2014-10-03 13:04 - 2014-10-03 13:04 - 00087416 _____ () C:\Program Files (x86)\MyDrive Connect\TomTomSupporterBase.dll
2014-10-03 13:04 - 2014-10-03 13:04 - 00398712 _____ () C:\Program Files (x86)\MyDrive Connect\TomTomSupporterProxy.dll
2015-02-10 22:00 - 2015-02-10 22:00 - 00750080 _____ () C:\Users\****\AppData\Roaming\Dropbox\bin\libGLESv2.dll
2015-02-26 16:39 - 2015-02-26 16:39 - 00043008 _____ () c:\users\****\appdata\local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmprh4xju.dll
2015-02-10 22:00 - 2015-02-10 22:00 - 00047616 _____ () C:\Users\****\AppData\Roaming\Dropbox\bin\libEGL.dll
2015-02-10 22:00 - 2015-02-10 22:00 - 00865280 _____ () C:\Users\****\AppData\Roaming\Dropbox\bin\plugins\platforms\qwindows.dll
2015-02-10 22:00 - 2015-02-10 22:00 - 00200704 _____ () C:\Users\****\AppData\Roaming\Dropbox\bin\plugins\imageformats\qjpeg.dll
==================== Alternate Data Streams (whitelisted) =========
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
AlternateDataStreams: C:\ProgramData\TEMP:4FC01C57
AlternateDataStreams: C:\Users\****\OneDrive:ms-properties
==================== Safe Mode (whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
==================== EXE Association (whitelisted) ===============
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
==================== Other Areas ============================
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-812830020-1975732003-1707996029-1001\Control Panel\Desktop\\Wallpaper -> C:\Windows\web\wallpaper\Windows\img0.jpg
DNS Servers: 217.0.43.177
==================== MSCONFIG/TASK MANAGER disabled items ==
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-812830020-1975732003-1707996029-1001\...\StartupApproved\StartupFolder: => "An OneNote senden.lnk"
==================== Accounts: =============================
Administrator (S-1-5-21-812830020-1975732003-1707996029-500 - Administrator - Disabled)
Gast (S-1-5-21-812830020-1975732003-1707996029-501 - Limited - Disabled)
**** (S-1-5-21-812830020-1975732003-1707996029-1001 - Administrator - Enabled) => C:\Users\****
==================== Faulty Device Manager Devices =============
Name: Officejet 6500 E709n
Description: Officejet 6500 E709n
Class Guid: {4d36e971-e325-11ce-bfc1-08002be10318}
Manufacturer: HP
Service:
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
==================== Event log errors: =========================
Application errors:
==================
Error: (02/26/2015 04:38:43 PM) (Source: Perflib) (EventID: 1023) (User: )
Description: rdyboost4
Error: (02/26/2015 04:38:42 PM) (Source: Perflib) (EventID: 1008) (User: )
Description: BITSC:\Windows\System32\bitsperf.dll4
Error: (02/26/2015 11:03:37 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.VC80.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"1".
Die abhängige Assemblierung "Microsoft.VC80.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".
Error: (02/26/2015 11:03:13 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.VC80.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"1".
Die abhängige Assemblierung "Microsoft.VC80.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".
Error: (02/25/2015 09:51:45 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.VC80.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"1".
Die abhängige Assemblierung "Microsoft.VC80.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".
Error: (02/23/2015 10:16:31 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.VC80.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"1".
Die abhängige Assemblierung "Microsoft.VC80.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".
Error: (02/23/2015 10:16:07 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.VC80.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"1".
Die abhängige Assemblierung "Microsoft.VC80.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".
Error: (02/18/2015 11:58:19 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 2265
Error: (02/18/2015 11:58:19 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 2265
Error: (02/18/2015 11:58:19 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
System errors:
=============
Error: (02/25/2015 05:40:37 PM) (Source: DCOM) (EventID: 10010) (User: ONENOTEBOOK)
Description: {4545DEA0-2DFC-4906-A728-6D986BA399A9}
Error: (02/25/2015 05:40:37 PM) (Source: DCOM) (EventID: 10010) (User: ONENOTEBOOK)
Description: {4545DEA0-2DFC-4906-A728-6D986BA399A9}
Error: (02/08/2015 02:34:06 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "BuryLoggerSyncService" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.
Error: (02/08/2015 01:41:42 PM) (Source: DCOM) (EventID: 10010) (User: ONENOTEBOOK)
Description: Microsoft.WindowsLive.Mail.AppXj3e9v0xw9sf8t58nqr15tqqb2yq4zsfg.mca
Error: (02/08/2015 01:40:47 PM) (Source: DCOM) (EventID: 10010) (User: ONENOTEBOOK)
Description: {4545DEA0-2DFC-4906-A728-6D986BA399A9}
Error: (02/08/2015 01:40:47 PM) (Source: DCOM) (EventID: 10010) (User: ONENOTEBOOK)
Description: {4545DEA0-2DFC-4906-A728-6D986BA399A9}
Error: (02/08/2015 01:40:41 PM) (Source: DCOM) (EventID: 10010) (User: ONENOTEBOOK)
Description: {4545DEA0-2DFC-4906-A728-6D986BA399A9}
Error: (02/08/2015 01:40:41 PM) (Source: DCOM) (EventID: 10010) (User: ONENOTEBOOK)
Description: {4545DEA0-2DFC-4906-A728-6D986BA399A9}
Error: (02/08/2015 04:21:19 AM) (Source: volsnap) (EventID: 36) (User: )
Description: Die Schattenkopien von Volume "C:" wurden abgebrochen, weil der Schattenkopiespeicher nicht auf ein benutzerdefiniertes Limit vergrößert werden konnte.
Error: (02/06/2015 08:24:05 PM) (Source: DCOM) (EventID: 10010) (User: ONENOTEBOOK)
Description: {4545DEA0-2DFC-4906-A728-6D986BA399A9}
Microsoft Office Sessions:
=========================
Error: (02/26/2015 04:38:43 PM) (Source: Perflib) (EventID: 1023) (User: )
Description: rdyboost4
Error: (02/26/2015 04:38:42 PM) (Source: Perflib) (EventID: 1008) (User: )
Description: BITSC:\Windows\System32\bitsperf.dll4
Error: (02/26/2015 11:03:37 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Microsoft.VC80.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"c:\program files (x86)\bury time suite\boost_thread_debug.dll.Manifest
Error: (02/26/2015 11:03:13 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Microsoft.VC80.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"c:\program files (x86)\bury time suite\boost_thread_debug.dll.Manifest
Error: (02/25/2015 09:51:45 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Microsoft.VC80.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"c:\program files (x86)\bury time suite\boost_thread_debug.dll.Manifest
Error: (02/23/2015 10:16:31 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Microsoft.VC80.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"c:\program files (x86)\bury time suite\boost_thread_debug.dll.Manifest
Error: (02/23/2015 10:16:07 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Microsoft.VC80.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"c:\program files (x86)\bury time suite\boost_thread_debug.dll.Manifest
Error: (02/18/2015 11:58:19 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 2265
Error: (02/18/2015 11:58:19 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 2265
Error: (02/18/2015 11:58:19 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
==================== Memory info ===========================
Processor: Intel(R) Core(TM) i7-4710MQ CPU @ 2.50GHz
Percentage of memory in use: 16%
Total physical RAM: 16268.2 MB
Available physical RAM: 13595.15 MB
Total Pagefile: 18700.2 MB
Available Pagefile: 16088.93 MB
Total Virtual: 131072 MB
Available Virtual: 131071.79 MB
==================== Drives ================================
Drive c: (System) (Fixed) (Total:232.88 GB) (Free:99.58 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive e: (Volume2 crucial 500gb) (Fixed) (Total:447.13 GB) (Free:385.9 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 447.1 GB) (Disk ID: 7F337C76)
Partition 1: (Not Active) - (Size=447.1 GB) - (Type=07 NTFS)
========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 232.9 GB) (Disk ID: EC5B1027)
Partition 1: (Active) - (Size=232.9 GB) - (Type=07 NTFS)
==================== End Of Log ============================
Code:
ATTFilter GMER 2.1.19357 - hxxp://www.gmer.net
Rootkit scan 2015-02-26 17:08:28
Windows 6.2.9200 x64 \Device\Harddisk1\DR1 -> \Device\00000038 Samsung_SSD_840_EVO_250GB rev.EXT0BB6Q 232,89GB
Running: Gmer-19357.exe; Driver: C:\Users\****\AppData\Local\Temp\uwriipog.sys
---- Kernel code sections - GMER 2.1 ----
.text C:\Windows\System32\win32k.sys!W32pServiceTable fffff9600021d200 15 bytes [00, 65, F4, 01, 80, 7D, 6A, ...]
.text C:\Windows\System32\win32k.sys!W32pServiceTable + 17 fffff9600021d211 10 bytes [F3, FB, FF, 00, 17, C7, 00, ...]
---- User code sections - GMER 2.1 ----
.text C:\Windows\system32\nvvsvc.exe[932] C:\Windows\system32\PSAPI.DLL!GetModuleBaseNameA + 506 00007ffd0ec6169a 4 bytes [C6, 0E, FD, 7F]
.text C:\Windows\system32\nvvsvc.exe[932] C:\Windows\system32\PSAPI.DLL!GetModuleBaseNameA + 514 00007ffd0ec616a2 4 bytes [C6, 0E, FD, 7F]
.text C:\Windows\system32\nvvsvc.exe[932] C:\Windows\system32\PSAPI.DLL!QueryWorkingSet + 118 00007ffd0ec6181a 4 bytes [C6, 0E, FD, 7F]
.text C:\Windows\system32\nvvsvc.exe[932] C:\Windows\system32\PSAPI.DLL!QueryWorkingSet + 142 00007ffd0ec61832 4 bytes [C6, 0E, FD, 7F]
.text C:\Windows\system32\WLANExt.exe[1272] C:\Windows\system32\PSAPI.DLL!GetModuleBaseNameA + 506 00007ffd0ec6169a 4 bytes [C6, 0E, FD, 7F]
.text C:\Windows\system32\WLANExt.exe[1272] C:\Windows\system32\PSAPI.DLL!GetModuleBaseNameA + 514 00007ffd0ec616a2 4 bytes [C6, 0E, FD, 7F]
.text C:\Windows\system32\WLANExt.exe[1272] C:\Windows\system32\PSAPI.DLL!QueryWorkingSet + 118 00007ffd0ec6181a 4 bytes [C6, 0E, FD, 7F]
.text C:\Windows\system32\WLANExt.exe[1272] C:\Windows\system32\PSAPI.DLL!QueryWorkingSet + 142 00007ffd0ec61832 4 bytes [C6, 0E, FD, 7F]
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1692] C:\Windows\SYSTEM32\WSOCK32.dll!setsockopt + 194 00007ffd03c71f6a 4 bytes [C7, 03, FD, 7F]
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1692] C:\Windows\SYSTEM32\WSOCK32.dll!setsockopt + 218 00007ffd03c71f82 4 bytes [C7, 03, FD, 7F]
.text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[1988] C:\Windows\system32\PSAPI.DLL!GetModuleBaseNameA + 506 00007ffd0ec6169a 4 bytes [C6, 0E, FD, 7F]
.text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[1988] C:\Windows\system32\PSAPI.DLL!GetModuleBaseNameA + 514 00007ffd0ec616a2 4 bytes [C6, 0E, FD, 7F]
.text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[1988] C:\Windows\system32\PSAPI.DLL!QueryWorkingSet + 118 00007ffd0ec6181a 4 bytes [C6, 0E, FD, 7F]
.text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[1988] C:\Windows\system32\PSAPI.DLL!QueryWorkingSet + 142 00007ffd0ec61832 4 bytes [C6, 0E, FD, 7F]
.text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[1988] C:\Windows\SYSTEM32\WSOCK32.dll!setsockopt + 194 00007ffd03c71f6a 4 bytes [C7, 03, FD, 7F]
.text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[1988] C:\Windows\SYSTEM32\WSOCK32.dll!setsockopt + 218 00007ffd03c71f82 4 bytes [C7, 03, FD, 7F]
.text C:\Windows\System32\svchost.exe[1720] c:\windows\system32\WSOCK32.dll!setsockopt + 194 00007ffd03c71f6a 4 bytes [C7, 03, FD, 7F]
.text C:\Windows\System32\svchost.exe[1720] c:\windows\system32\WSOCK32.dll!setsockopt + 218 00007ffd03c71f82 4 bytes [C7, 03, FD, 7F]
.text C:\Windows\System32\svchost.exe[2204] c:\windows\system32\WSOCK32.dll!setsockopt + 194 00007ffd03c71f6a 4 bytes [C7, 03, FD, 7F]
.text C:\Windows\System32\svchost.exe[2204] c:\windows\system32\WSOCK32.dll!setsockopt + 218 00007ffd03c71f82 4 bytes [C7, 03, FD, 7F]
.text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[2316] C:\Windows\system32\PSAPI.DLL!GetModuleBaseNameA + 506 00007ffd0ec6169a 4 bytes [C6, 0E, FD, 7F]
.text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[2316] C:\Windows\system32\PSAPI.DLL!GetModuleBaseNameA + 514 00007ffd0ec616a2 4 bytes [C6, 0E, FD, 7F]
.text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[2316] C:\Windows\system32\PSAPI.DLL!QueryWorkingSet + 118 00007ffd0ec6181a 4 bytes [C6, 0E, FD, 7F]
.text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[2316] C:\Windows\system32\PSAPI.DLL!QueryWorkingSet + 142 00007ffd0ec61832 4 bytes [C6, 0E, FD, 7F]
.text C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe[2504] C:\Windows\system32\PSAPI.DLL!GetModuleBaseNameA + 506 00007ffd0ec6169a 4 bytes [C6, 0E, FD, 7F]
.text C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe[2504] C:\Windows\system32\PSAPI.DLL!GetModuleBaseNameA + 514 00007ffd0ec616a2 4 bytes [C6, 0E, FD, 7F]
.text C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe[2504] C:\Windows\system32\PSAPI.DLL!QueryWorkingSet + 118 00007ffd0ec6181a 4 bytes [C6, 0E, FD, 7F]
.text C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe[2504] C:\Windows\system32\PSAPI.DLL!QueryWorkingSet + 142 00007ffd0ec61832 4 bytes [C6, 0E, FD, 7F]
.text C:\Windows\system32\wbem\wmiprvse.exe[2744] C:\Windows\system32\PSAPI.DLL!GetModuleBaseNameA + 506 00007ffd0ec6169a 4 bytes [C6, 0E, FD, 7F]
.text C:\Windows\system32\wbem\wmiprvse.exe[2744] C:\Windows\system32\PSAPI.DLL!GetModuleBaseNameA + 514 00007ffd0ec616a2 4 bytes [C6, 0E, FD, 7F]
.text C:\Windows\system32\wbem\wmiprvse.exe[2744] C:\Windows\system32\PSAPI.DLL!QueryWorkingSet + 118 00007ffd0ec6181a 4 bytes [C6, 0E, FD, 7F]
.text C:\Windows\system32\wbem\wmiprvse.exe[2744] C:\Windows\system32\PSAPI.DLL!QueryWorkingSet + 142 00007ffd0ec61832 4 bytes [C6, 0E, FD, 7F]
.text C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe[4316] C:\Windows\SYSTEM32\WSOCK32.dll!setsockopt + 194 00007ffd03c71f6a 4 bytes [C7, 03, FD, 7F]
.text C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe[4316] C:\Windows\SYSTEM32\WSOCK32.dll!setsockopt + 218 00007ffd03c71f82 4 bytes [C7, 03, FD, 7F]
.text C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe[4364] C:\Windows\SYSTEM32\WSOCK32.dll!setsockopt + 194 00007ffd03c71f6a 4 bytes [C7, 03, FD, 7F]
.text C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe[4364] C:\Windows\SYSTEM32\WSOCK32.dll!setsockopt + 218 00007ffd03c71f82 4 bytes [C7, 03, FD, 7F]
.text C:\Program Files\iTunes\iTunesHelper.exe[5688] C:\Windows\SYSTEM32\WSOCK32.dll!setsockopt + 194 00007ffd03c71f6a 4 bytes [C7, 03, FD, 7F]
.text C:\Program Files\iTunes\iTunesHelper.exe[5688] C:\Windows\SYSTEM32\WSOCK32.dll!setsockopt + 218 00007ffd03c71f82 4 bytes [C7, 03, FD, 7F]
.text C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe[6352] C:\Windows\system32\psapi.dll!GetModuleBaseNameA + 506 00007ffd0ec6169a 4 bytes [C6, 0E, FD, 7F]
.text C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe[6352] C:\Windows\system32\psapi.dll!GetModuleBaseNameA + 514 00007ffd0ec616a2 4 bytes [C6, 0E, FD, 7F]
.text C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe[6352] C:\Windows\system32\psapi.dll!QueryWorkingSet + 118 00007ffd0ec6181a 4 bytes [C6, 0E, FD, 7F]
.text C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe[6352] C:\Windows\system32\psapi.dll!QueryWorkingSet + 142 00007ffd0ec61832 4 bytes [C6, 0E, FD, 7F]
---- Threads - GMER 2.1 ----
Thread C:\Windows\system32\csrss.exe [536:552] fffff960009a3b90
---- Processes - GMER 2.1 ----
Library C:\Users\****\AppData\Roaming\Dropbox\bin\Qt5Widgets.dll (*** suspicious ***) @ C:\Users\****\AppData\Roaming\Dropbox\bin\Dropbox.exe [6520] (C++ application development framework./Digia Plc and/or its subsidiary(-ies))(2015-02-10 21:00:28) 000000005a930000
Library C:\Users\****\AppData\Roaming\Dropbox\bin\Qt5Gui.dll (*** suspicious ***) @ C:\Users\****\AppData\Roaming\Dropbox\bin\Dropbox.exe [6520] (C++ application development framework./Digia Plc and/or its subsidiary(-ies))(2015-02-10 21:00:24) 000000005a620000
Library C:\Users\****\AppData\Roaming\Dropbox\bin\Qt5Core.dll (*** suspicious ***) @ C:\Users\****\AppData\Roaming\Dropbox\bin\Dropbox.exe [6520] (C++ application development framework./Digia Plc and/or its subsidiary(-ies))(2015-02-10 21:00:24) 000000005a230000
Library C:\Users\****\AppData\Roaming\Dropbox\bin\libGLESv2.dll (*** suspicious ***) @ C:\Users\****\AppData\Roaming\Dropbox\bin\Dropbox.exe [6520](2015-02-10 21:00:30) 000000005a170000
Library C:\Users\****\AppData\Roaming\Dropbox\bin\icuin52.dll (*** suspicious ***) @ C:\Users\****\AppData\Roaming\Dropbox\bin\Dropbox.exe [6520] (ICU I18N DLL/The ICU Project)(2015-02-10 21:00:30) 000000004a900000
Library C:\Users\****\AppData\Roaming\Dropbox\bin\icuuc52.dll (*** suspicious ***) @ C:\Users\****\AppData\Roaming\Dropbox\bin\Dropbox.exe [6520] (ICU Common DLL/The ICU Project)(2015-02-10 21:00:30) 0000000003f40000
Library C:\Users\****\AppData\Roaming\Dropbox\bin\icudt52.dll (*** suspicious ***) @ C:\Users\****\AppData\Roaming\Dropbox\bin\Dropbox.exe [6520] (ICU Data DLL/The ICU Project)(2015-02-10 21:00:30) 000000004ad00000
Library c:\users\****\appdata\local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmprh4xju.dll (*** suspicious ***) @ C:\Users\****\AppData\Roaming\Dropbox\bin\Dropbox.exe [6520](2015-02-26 15:39:20) 0000000003b30000
Library C:\Users\****\AppData\Roaming\Dropbox\bin\Qt5Network.dll (*** suspicious ***) @ C:\Users\****\AppData\Roaming\Dropbox\bin\Dropbox.exe [6520] (C++ application development framework./Digia Plc and/or its subsidiary(-ies))(2015-02-10 21:00:24) 0000000059b70000
Library C:\Users\****\AppData\Roaming\Dropbox\bin\Qt5WebKit.dll (*** suspicious ***) @ C:\Users\****\AppData\Roaming\Dropbox\bin\Dropbox.exe [6520] (C++ application development framework./Digia Plc and/or its subsidiary(-ies))(2015-02-10 21:00:26) 0000000058b80000
Library C:\Users\****\AppData\Roaming\Dropbox\bin\Qt5Quick.dll (*** suspicious ***) @ C:\Users\****\AppData\Roaming\Dropbox\bin\Dropbox.exe [6520] (C++ application development framework./Digia Plc and/or its subsidiary(-ies))(2015-02-10 21:00:24) 0000000058960000
Library C:\Users\****\AppData\Roaming\Dropbox\bin\Qt5Qml.dll (*** suspicious ***) @ C:\Users\****\AppData\Roaming\Dropbox\bin\Dropbox.exe [6520] (C++ application development framework./Digia Plc and/or its subsidiary(-ies))(2015-02-10 21:00:24) 0000000058700000
Library C:\Users\****\AppData\Roaming\Dropbox\bin\Qt5Sql.dll (*** suspicious ***) @ C:\Users\****\AppData\Roaming\Dropbox\bin\Dropbox.exe [6520] (C++ application development framework./Digia Plc and/or its subsidiary(-ies))(2015-02-10 21:00:24) 00000000586d0000
Library C:\Users\****\AppData\Roaming\Dropbox\bin\libEGL.dll (*** suspicious ***) @ C:\Users\****\AppData\Roaming\Dropbox\bin\Dropbox.exe [6520](2015-02-10 21:00:30) 00000000586c0000
Library C:\Users\****\AppData\Roaming\Dropbox\bin\Qt5WebKitWidgets.dll (*** suspicious ***) @ C:\Users\****\AppData\Roaming\Dropbox\bin\Dropbox.exe [6520] (C++ application development framework./Digia Plc and/or its subsidiary(-ies))(2015-02-10 21:00:26) 0000000058690000
Library C:\Users\****\AppData\Roaming\Dropbox\bin\Qt5OpenGL.dll (*** suspicious ***) @ C:\Users\****\AppData\Roaming\Dropbox\bin\Dropbox.exe [6520] (C++ application development framework./Digia Plc and/or its subsidiary(-ies))(2015-02-10 21:00:24) 0000000058650000
Library C:\Users\****\AppData\Roaming\Dropbox\bin\Qt5PrintSupport.dll (*** suspicious ***) @ C:\Users\****\AppData\Roaming\Dropbox\bin\Dropbox.exe [6520] (C++ application development framework./Digia Plc and/or its subsidiary(-ies))(2015-02-10 21:00:24) 0000000058600000
Library C:\Users\****\AppData\Roaming\Dropbox\bin\plugins\platforms\qwindows.dll (*** suspicious ***) @ C:\Users\****\AppData\Roaming\Dropbox\bin\Dropbox.exe [6520](2015-02-10 21:00:28) 0000000058520000
Library C:\Users\****\AppData\Roaming\Dropbox\bin\plugins\imageformats\qjpeg.dll (*** suspicious ***) @ C:\Users\****\AppData\Roaming\Dropbox\bin\Dropbox.exe [6520](2015-02-10 21:00:28) 00000000584e0000
---- Registry - GMER 2.1 ----
Reg HKLM\SYSTEM\CurrentControlSet\Control\CMF\SqmData@CMFStopTime 0xBB 0x42 0x1F 0xD6 ...
Reg HKLM\SYSTEM\CurrentControlSet\Control\Network\{4D36E972-E325-11CE-BFC1-08002BE10318}\{C848909E-CAB5-4487-AEF6-0E6CC9547D30}\Connection@Name isatap.{1C881BDD-880B-4213-99D9-CAA77345B890}
Reg HKLM\SYSTEM\CurrentControlSet\Control\PnP@DisableLKG 1
Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Kernel\RNG@RNGAuxiliarySeed -1363032783
Reg HKLM\SYSTEM\CurrentControlSet\Control\Winlogon\Notifications\Components\TrustedInstaller@Events CreateSession
Reg HKLM\SYSTEM\CurrentControlSet\Hardware Profiles\0001\System\CurrentControlSet\Control\Print\Printers\HP Officejet 6500 E709n Series (2)@PrinterOnLine 1
Reg HKLM\SYSTEM\CurrentControlSet\Hardware Profiles\0001\System\CurrentControlSet\Control\Print\Printers\HP Officejet 6500 E709n Series (2) fax@PrinterOnLine 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\a0a8cded914d
Reg HKLM\SYSTEM\CurrentControlSet\Services\bthserv\Parameters\BluetoothControlPanelTasks@State 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\Dnscache\Parameters\Probe\{f103fe5b-0073-4790-bc04-1958967000d6}@LastProbeTime 1424542633
Reg HKLM\SYSTEM\CurrentControlSet\Services\iphlpsvc\Parameters\Isatap\{C848909E-CAB5-4487-AEF6-0E6CC9547D30}@InterfaceName isatap.{1C881BDD-880B-4213-99D9-CAA77345B890}
Reg HKLM\SYSTEM\CurrentControlSet\Services\iphlpsvc\Parameters\Isatap\{C848909E-CAB5-4487-AEF6-0E6CC9547D30}@ReusableType 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\iphlpsvc\Parameters\Isatap\{C848909E-CAB5-4487-AEF6-0E6CC9547D30}@DefunctTimestamp 0xE7 0x3D 0xEF 0x54 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Epoch@Epoch 3916
Reg HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Epoch2@Epoch 882
Reg HKLM\SYSTEM\CurrentControlSet\Services\TrustedInstaller@Start 2
Reg HKLM\SYSTEM\CurrentControlSet\Services\TrustedInstaller
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer@GlobalAssocChangedCounter 336
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.txt\OpenWithList@MRUList ba
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{77c23703-34aa-11e4-8261-a0a8cded914d}\shell
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{77c23703-34aa-11e4-8261-a0a8cded914d}\shell@ None
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{77c23703-34aa-11e4-8261-a0a8cded914d}\shell\Autoplay
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{77c23703-34aa-11e4-8261-a0a8cded914d}\shell\Autoplay@MUIVerb @shell32.dll,-8507
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{77c23703-34aa-11e4-8261-a0a8cded914d}\shell\Autoplay\DropTarget
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{77c23703-34aa-11e4-8261-a0a8cded914d}\shell\Autoplay\DropTarget@CLSID {F26A669A-BCBB-4E37-ABF9-7325DA15F931}
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shutdown@CleanShutdown 1
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF}\iexplore@Count 403
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Live\Roaming\PolicyData@PolicyDocumentLastRefresh 0xFD 0x10 0xF1 0x21 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Live\Roaming\PolicyData@LastWindowsRequestBucketDrainTime 0xBE 0x9F 0xD4 0xEE ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Live\Roaming\PolicyData@LastWindowsLargeRequestBucketDrainTime 0xBE 0x9F 0xD4 0xEE ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Live\Roaming\PolicyData@LastOtherRequestBucketDrainTime 0xBE 0x9F 0xD4 0xEE ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Live\Roaming\PolicyData@LastGlobalRequestBucketDrainTime 0xBE 0x9F 0xD4 0xEE ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Live\Roaming\RegistrarData@LastRenewCollectionsInterest 0xF3 0x7A 0x7B 0x54 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\SettingSync\SyncData@PendingOperations 10
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Store@LastTileRefresh 0x68 0x4E 0x8E 0x48 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Store\RefreshBannedAppList@BannedAppsLastModified 0x80 0x89 0xB1 0x74 ...
Reg HKCU\Software\Microsoft\Windows\Windows Error Reporting\Debug@StoreLocation C:\Users\****\AppData\Local\Microsoft\Windows\WER\ReportArchive\AppCrash_WINWORD.EXE_fc8ead50b6940903588da1afe693f5c2468dc5d_00000000_05e5e783
---- EOF - GMER 2.1 ----
__________________ Peter Windows 8.1 64 bit Firefox (immer neueste Version) Av Antivir |
|
26.02.2015, 17:49
| #2 |
| /// the machine /// TB-Ausbilder    |  Aus Spam-Mail Link Trojaner Mal/DrodZp-A gefangen? Hi,
__________________normal sollte alles gut sein wenn Du das Zip nicht entpackt hast, sieht auch gut aus. Kleiner Kontrollscan: Lade Dir bitte von hier  Emsisoft Emergency Kit herunter.
__________________ |
|
27.02.2015, 12:18
| #3 |
| | Aus Spam-Mail Link Trojaner Mal/DrodZp-A gefangen? Hi,
__________________offenbar hat sich das Zip dich irgendwie nicht entpackt. Im ersten Lauf hat das AV-Antivir sich gemeldet und diese Datei geblockt. Da hat Emsisoft nichts gefunden. Dann hab ich AV-Antivir ausgeschaltet und nochmal mit Emsisoft gescannt. Code:
ATTFilter Emsisoft Emergency Kit - Version 9.0
Letztes Update: 27.02.2015 07:55:30
Benutzerkonto: ONENOTEBOOK\***
Scan-Einstellungen:
Scan Methode: Detail-Scan
Objekte: Rootkits, Speicher, Traces, C:\, E:\
PUPs-Erkennung: An
Archiv-Scan: An
ADS Scan: An
Dateitypen-Filter: Aus
Erweitertes Caching: An
Direkter Festplattenzugriff: Aus
Scan-Beginn: 27.02.2015 09:10:34
C:\Program Files (x86)\Visitor\Visitor.exe gefunden: Gen:Variant.Kazy.544588 (B)
C:\Users\***\AppData\Local\Packages\AFF540DC.Unpacker_v7353qx4kg3sa\TempState\dhl_paket_de_003407293054131348371_02_2015_HD_38300_J_3P_KDK_00004838_MAIL.exe gefunden: Trojan.Win32.Inject (A)
Gescannt 278746
Gefunden 2
Scan-Ende: 27.02.2015 10:04:11
Scan-Zeit: 0:53:37
C:\Users\***\AppData\Local\Packages\AFF540DC.Unpacker_v7353qx4kg3sa\TempState\dhl_paket_de_003407293054131348371_02_2015_HD_38300_J_3P_KDK_00004838_MAIL.exe Quarantäne Trojan.Win32.Inject (A)
Quarantäne 1
Gibt es nun noch was zu tun?
__________________ |
|
27.02.2015, 18:22
| #4 |
| /// the machine /// TB-Ausbilder | Aus Spam-Mail Link Trojaner Mal/DrodZp-A gefangen? Nö, sieht doch gut aus 
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
02.03.2015, 12:13
| #5 |
| | Aus Spam-Mail Link Trojaner Mal/DrodZp-A gefangen? Sorry, der Drops scheint noch nicht gegessen zu sen. http://www.trojaner-board.de/images/smilies/heulen.gif Ich jetzt einfach nochma den Eset drüber laufen lassen und der hat prompt wieder was gefunden. Muss ich jetzt von so einem fiiesen Ding ausgehen, dass sich von irgendwoher immer wieder selbst installiert? Code:
ATTFilter C:\Users\***\AppData\Local\Temp\dhl_paket_de_003407293054131348371.zip Win32/Emotet.AD Trojaner gelöscht - in Quarantäne kopiert
C:\Users\***\AppData\Local\Temp\DMR\dmr_72.exe Variante von Win32/DownloadSponsor.C evtl. unerwünschte Anwendung gelöscht - in Quarantäne kopiert
C:\Users\***\Downloads\FreeMind - CHIP-Installer.exe Variante von Win32/DownloadSponsor.C evtl. unerwünschte Anwendung gelöscht - in Quarantäne kopiert
C:\Users\***\Downloads\SSD Fresh 2014 - CHIP-Installer.exe Variante von Win32/DownloadSponsor.C evtl. unerwünschte Anwendung gelöscht - in Quarantäne kopiert
__________________ Peter Windows 8.1 64 bit Firefox (immer neueste Version) Av Antivir |
|
02.03.2015, 17:01
| #6 |
| /// the machine /// TB-Ausbilder | Aus Spam-Mail Link Trojaner Mal/DrodZp-A gefangen? Schau Dir doch mal die Funde genau an Leere die Temps, hör auf bei scheiss Chip zu laden und gut is
__________________ --> Aus Spam-Mail Link Trojaner Mal/DrodZp-A gefangen? |
|
07.03.2015, 19:11
| #7 |
| | Aus Spam-Mail Link Trojaner Mal/DrodZp-A gefangen? OK, Du hast natürlich Recht. Die Funde sehen so aus, als wäre nichts passiert. Aber ich bin halt kein Experte und daher jetzt eher übervorsichtig. Auch verschiedene andere Virenscanner haben jetzt keine Bedrohung mehr angeezeigt. scheint also alles i.o. zu sein. Danke!!! Spende ist unterwegs! Noch eine Frage: Worauf muss ich achten, um zu merken, ob nicht vielleicht doch im Hintertürchen ein Trojaner was macht? ...bevor das ganze Geld vom Konto verschwunden ist... LG p.
__________________ Peter Windows 8.1 64 bit Firefox (immer neueste Version) Av Antivir |
|
08.03.2015, 10:11
| #8 |
| /// the machine /// TB-Ausbilder | Aus Spam-Mail Link Trojaner Mal/DrodZp-A gefangen? Naja, "merken" wirst Du das erst wenn was passiert ist. Auf die FRage gibt es so leider keine Antwort
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
| Themen zu Aus Spam-Mail Link Trojaner Mal/DrodZp-A gefangen? |
| adware, antivirus, avira, bingbar, bonjour, browser, defender, desktop, dhl-paketankündigung, drodzp-a, fehler, firefox, flash player, frage, google, iexplore, launch, link geklickt, mozilla, nicht entpackt, officejet, programm, realtek, refresh, registry, rundll, scan, security, software, spam-mail, system, trojaner, usb, windows, windowsapps |
Linear-Darstellung
