| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Re-Infekt mit Malaha.net und diverse BeobachtungenWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
06.05.2015, 08:12
| #16 |
| /// the machine /// TB-Ausbilder    |  Re-Infekt mit Malaha.net und diverse Beobachtungen Supi, und was besteht jetzt aktuell sonst noch an Problemen?
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
07.05.2015, 13:44
| #17 |
 | Re-Infekt mit Malaha.net und diverse Beobachtungen Diese Beobachtungen sind noch aktuell.
__________________verrant Es sind so ca. 60 - 70 sec. von der Monitormeldung: No Signal bis zum tatsächlichen Abschalten des Rechners. Gruß verrant 3.5.15 Und heute springt die WLan-Verbindung raus. Hatte über eine bestehende Verbindung Radio gehört. Kam wieder und die Verbindung war weg. Musste die Verbindung "nicht speichern". Und dann neu aufbauen. Selbst habe ich an den Verbindungseinstellungen nichts geändert. Gruß verrant 3.5.15 - 2: nach schließen von Firefox beim löschen von LSO´s: Bluescreen - Bad_pool_header Gibt es darin bearbeitbare Hinweise auf Schadware? Oder andere Hinweise, die Handlungen möglich machen? Gruß verrant |
|
08.05.2015, 08:59
| #18 | |||
| /// the machine /// TB-Ausbilder | Re-Infekt mit Malaha.net und diverse BeobachtungenZitat:
Zitat:
Zitat:
BlueScreenView - Download - Filepony Öffnen und den aktuellsten Dump analysieren lassen (macht das Tool automatisch). Output hier posten.
__________________ |
|
08.05.2015, 17:03
| #19 | |||
| | Re-Infekt mit Malaha.net und diverse BeobachtungenZitat:
Zitat:
Zitat:
Code:
ATTFilter ntoskrnl.exe ntoskrnl.exe+2a50f4 fffff802`77c8d000 fffff802`78421000 0x00794000 0x550f41a6 23.03.2015 00:26:46
tcpip.sys tcpip.sys+1c2180 fffff800`0e2bd000 fffff800`0e529000 0x0026c000 0x546029f7 10.11.2014 04:59:03
hal.dll fffff802`77c1d000 fffff802`77c8d000 0x00070000 0x538bade8 02.06.2014 00:49:12
kd.dll fffff802`76d36000 fffff802`76d3f000 0x00009000 0x5215f8bb 22.08.2013 13:40:43
mcupdate_GenuineIntel.dll fffff800`0d419000 fffff800`0d496000 0x0007d000 0x53b6a538 04.07.2014 14:59:36
werkernel.sys fffff800`0d496000 fffff800`0d4a4000 0x0000e000 0x5215f8a8 22.08.2013 13:40:24
CLFS.SYS fffff800`0d4a4000 fffff800`0d506000 0x00062000 0x54f656f9 04.03.2015 02:51:05
tm.sys fffff800`0d506000 fffff800`0d528000 0x00022000 0x5215f875 22.08.2013 13:39:33
PSHED.dll fffff800`0d528000 fffff800`0d53d000 0x00015000 0x52346b3f 14.09.2013 15:57:19 Betriebssystem Microsoft® Windows® Plattformspezifischer Hardwarefehlertreiber 6.3.9600.16384 (winblue_rtm.130821-1623) Microsoft Corporation C:\WINDOWS\system32\PSHED.dll
BOOTVID.dll fffff800`0d53d000 fffff800`0d547000 0x0000a000 0x5215f8aa 22.08.2013 13:40:26 Microsoft® Windows® Operating System VGA Boot Driver 6.3.9600.16384 (winblue_rtm.130821-1623) Microsoft Corporation C:\WINDOWS\system32\BOOTVID.dll
CI.dll fffff800`0d547000 005ef873`0d5cf000 0x005f007300088000 0x548276b0 06.12.2014 05:23:28
msrpc.sys fffff800`0d692000 fffff800`0d6ef000 0x0005d000 0x5215f86a 22.08.2013 13:39:22
Wdf01000.sys fffff800`0d6ef000 fffff800`0d7be000 0x000cf000 0x5215f850 22.08.2013 13:38:56
WDFLDR.SYS fffff800`0d7be000 fffff800`0d7cf000 0x00011000 0x5215f857 22.08.2013 13:39:03
acpiex.sys fffff800`0d7cf000 fffff800`0d7e7000 0x00018000 0x5215f80b 22.08.2013 13:37:47
WppRecorder.sys fffff800`0d7e7000 fffff800`0d7f2000 0x0000b000 0x5215f87c 22.08.2013 13:39:40
ACPI.sys fffff800`0d600000 fffff800`0d688000 0x00088000 0x54335e2e 07.10.2014 05:29:50
WMILIB.SYS fffff800`0d688000 fffff800`0d692000 0x0000a000 0x5215f8a7 22.08.2013 13:40:23
cng.sys fffff800`0d831000 fffff800`0d8bd000 0x0008c000 0x54b5d471 14.01.2015 04:29:05
msisadrv.sys fffff800`0d8cb000 fffff800`0d8d5000 0x0000a000 0x5215f857 22.08.2013 13:39:03
pci.sys fffff800`0d8d5000 fffff800`0d91d000 0x00048000 0x53d0f1d4 24.07.2014 13:45:24
vdrvroot.sys fffff800`0d91d000 fffff800`0d92a000 0x0000d000 0x5215f849 22.08.2013 13:38:49
pdc.sys fffff800`0d92a000 fffff800`0d946000 0x0001c000 0x543df950 15.10.2014 06:34:24
partmgr.sys fffff800`0d946000 fffff800`0d95e000 0x00018000 0x5434e912 08.10.2014 09:34:42
spaceport.sys fffff800`0d95e000 fffff800`0d9c7000 0x00069000 0x54505527 29.10.2014 04:47:03
volmgr.sys fffff800`0d9c7000 fffff800`0d9dc000 0x00015000 0x5215f889 22.08.2013 13:39:53
volmgrx.sys fffff800`0dab1000 fffff800`0db10000 0x0005f000 0x5215f8a7 22.08.2013 13:40:23
mountmgr.sys fffff800`0db10000 fffff800`0db2b000 0x0001b000 0x54333f58 07.10.2014 03:18:16
storahci.sys fffff800`0db2b000 80000080`0db48000 0x800008800001d000 0x5215f8b7 22.08.2013 13:40:39
storport.sys fffff800`0db48000 fffff800`0dba6000 0x0005e000 0x5423822b 25.09.2014 04:47:07
fltmgr.sys fffff800`0da00000 fffff800`0da5c000 0x0005c000 0x53fbf00c 26.08.2014 04:25:16
fileinfo.sys fffff800`0da5c000 fffff800`0da72000 0x00016000 0x53089456 22.02.2014 14:13:10
Wof.sys fffff800`0da72000 fffff800`0da9d000 0x0002b000 0x53216bf1 13.03.2014 10:27:29
WdFilter.sys fffff800`0dcd6000 fffff800`0dd19000 0x00043000 0x54cb5b0a 30.01.2015 12:20:58
Ntfs.sys fffff800`0de8e000 fffff800`0e088000 0x001fa000 0x54387b6b 11.10.2014 02:35:55
ksecdd.sys fffff800`0e088000 fffff800`0e0a4000 0x0001c000 0x54505548 29.10.2014 04:47:36
pcw.sys fffff800`0e0a4000 fffff800`0e0b4000 0x00010000 0x5215cfea 22.08.2013 10:46:34
Fs_Rec.sys fffff800`0e0b4000 fffff800`0e0bf000 0x0000b000 0x5215cfe9 22.08.2013 10:46:33
ndis.sys fffff800`0e0bf000 fffff800`0e1d6000 0x00117000 0x54d01043 03.02.2015 02:03:15
NETIO.SYS fffff800`0de00000 fffff800`0de78000 0x00078000 0x546029c5 10.11.2014 04:58:13
ksecpkg.sys fffff800`0dd19000 fffff800`0dd4a000 0x00031000 0x54b338fd 12.01.2015 05:01:17
fwpkclnt.sys fffff800`0e529000 fffff800`0e595000 0x0006c000 0x546029a4 10.11.2014 04:57:40
wfplwfs.sys fffff800`0e595000 fffff800`0e5ba000 0x00025000 0x54602998 10.11.2014 04:57:28
btath_bus.sys fffff800`0e5ba000 fffff800`0e5c7000 0x0000d000 0x52dd30a5 20.01.2014 16:20:21
fvevol.sys fffff800`0e200000 fffff800`0e295000 0x00095000 0x534325db 08.04.2014 00:25:31
volsnap.sys fffff800`0dd4a000 fffff800`0dd99000 0x0004f000 0x53a21598 19.06.2014 00:41:28
rdyboost.sys fffff800`0dd99000 fffff800`0dddf000 0x00046000 0x53089474 22.02.2014 14:13:40
mup.sys fffff800`0e295000 fffff800`0e2ac000 0x00017000 0x5215f8ac 22.08.2013 13:40:28
intelpep.sys fffff800`0e2ac000 fffff800`0e2bb000 0x0000f000 0x543e1458 15.10.2014 08:29:44
disk.sys fffff800`0e5d3000 fffff800`0e5ef000 0x0001c000 0x5215f883 22.08.2013 13:39:47
CLASSPNP.SYS fffff800`0dc00000 fffff800`0dc56000 0x00056000 0x5434c9ff 08.10.2014 07:22:07
crashdmp.sys fffff800`0de78000 fffff800`0de8d000 0x00015000 0x5215f893 22.08.2013 13:40:03
cdrom.sys fffff800`0dc6c000 fffff800`0dc9a000 0x0002e000 0x5215cfeb 22.08.2013 10:46:35
Null.SYS fffff800`0e5c7000 fffff800`0e5d0000 0x00009000 0x5215f8a8 22.08.2013 13:40:24
Beep.SYS fffff800`0e1f3000 fffff800`0e1fb000 0x00008000 0x5215f8a8 22.08.2013 13:40:24
BasicRender.sys fffff800`0dc9a000 fffff800`0dca8000 0x0000e000 0x5308948a 22.02.2014 14:14:02
dxgkrnl.sys fffff800`0e83d000 fffff800`0e9bd000 0x00180000 0x54505515 29.10.2014 04:46:45
watchdog.sys fffff800`0e9bd000 fffff800`0e9cf000 0x00012000 0x530894af 22.02.2014 14:14:39
dxgmms1.sys fffff800`0ea2c000 fffff800`0ea8f000 0x00063000 0x54505506 29.10.2014 04:46:30
BasicDisplay.sys fffff800`0ea8f000 fffff800`0eaa1000 0x00012000 0x5215f873 22.08.2013 13:39:31
Npfs.SYS fffff800`0eaa1000 fffff800`0eab5000 0x00014000 0x5215f8a9 22.08.2013 13:40:25
Msfs.SYS fffff800`0eab5000 fffff800`0eac1000 0x0000c000 0x5215f8a8 22.08.2013 13:40:24
tdx.sys fffff800`0eac1000 fffff800`0eae1000 0x00020000 0x5215f7c2 22.08.2013 13:36:34
TDI.SYS fffff800`0eae1000 fffff800`0eaef000 0x0000e000 0x5215f855 22.08.2013 13:39:01
netbt.sys fffff800`0eaef000 fffff800`0eb3b000 0x0004c000 0x5215f7dd 22.08.2013 13:37:01
afd.sys fffff800`0eb3b000 fffff800`0ebcd000 0x00092000 0x5387f4e5 30.05.2014 05:03:01
pacer.sys fffff800`0ebcd000 fffff800`0ebf7000 0x0002a000 0x545054ca 29.10.2014 04:45:30
vwififlt.sys fffff800`0ea00000 fffff800`0ea18000 0x00018000 0x53609ba2 30.04.2014 08:43:46
netbios.sys fffff800`0ea18000 fffff800`0ea29000 0x00011000 0x5450553b 29.10.2014 04:47:23
rdbss.sys fffff800`0ec61000 fffff800`0ecd1000 0x00070000 0x52affb72 17.12.2013 09:21:22
csc.sys fffff800`0ecd1000 fffff800`0ed5f000 0x0008e000 0x54505519 29.10.2014 04:46:49
UimFIO.SYS fffff800`0ef24000 fffff800`0efa9a00 0x00085a00 0x536ca082 09.05.2014 11:31:46
nsiproxy.sys fffff800`0efca000 fffff800`0efd8000 0x0000e000 0x545054eb 29.10.2014 04:46:03
npsvctrig.sys fffff800`0efd8000 fffff800`0efe4000 0x0000c000 0x5215f82e 22.08.2013 13:38:22
mssmbios.sys fffff800`0efe4000 fffff800`0eff0000 0x0000c000 0x5215f87d 22.08.2013 13:39:41
dfsc.sys fffff800`0ee00000 fffff800`0ee26000 0x00026000 0x53183e6a 06.03.2014 11:22:50
ahcache.sys fffff800`0ee37000 fffff800`0ee4e000 0x00017000 0x548a3c08 12.12.2014 02:51:20
CompositeBus.sys fffff800`0ee4e000 fffff800`0ee5d000 0x0000f000 0x5215f848 22.08.2013 13:38:48
serscan.sys fffff800`0ee5d000 fffff800`0ee66000 0x00009000 0x545047ec 29.10.2014 03:50:36
ksthunk.sys fffff800`0ee66000 fffff800`0ee6b300 0x00005300 0x5215f873 22.08.2013 13:39:31
ks.sys fffff800`0ee6c000 fffff800`0eeba000 0x0004e000 0x53b6a513 04.07.2014 14:58:59
kdnic.sys fffff800`0eeba000 fffff800`0eec5000 0x0000b000 0x5215f832 22.08.2013 13:38:26
umbus.sys fffff800`0eec5000 fffff800`0eed6000 0x00011000 0x5215f853 22.08.2013 13:38:59
atikmpag.sys fffff800`0ed5f000 fffff800`0edf5000 0x00096000 0x546e9eb6 21.11.2014 04:08:54
atikmdag.sys fffff800`0f04c000 fffff800`102d0000 0x01284000 0x546ea3c3 21.11.2014 04:30:27
fastfat.SYS fffff800`102da000 fffff800`10313000 0x00039000 0x5215f8a2 22.08.2013 13:40:18
HDAudBus.sys fffff800`10313000 fffff800`1032c000 0x00019000 0x53d0f1e3 24.07.2014 13:45:39
HECIx64.sys fffff800`1032c000 fffff800`1033d000 0x00011000 0x4cbe2ad7 20.10.2010 01:33:43
usbehci.sys fffff800`1033d000 fffff800`10355000 0x00018000 0x538976e2 31.05.2014 08:29:54
USBPORT.SYS fffff800`10355000 fffff800`103c4000 0x0006f000 0x53897701 31.05.2014 08:30:25
USBXHCI.SYS fffff800`0ec00000 fffff800`0ec55000 0x00055000 0x54337388 07.10.2014 07:00:56
ucx01000.sys fffff800`103c4000 fffff800`103f6000 0x00032000 0x54337387 07.10.2014 07:00:55
Rt630x64.sys fffff800`104da000 fffff800`105b3000 0x000d9000 0x546bff5e 19.11.2014 04:24:30
1394ohci.sys fffff800`105b3000 fffff800`105f2000 0x0003f000 0x5215f826 22.08.2013 13:38:14
i8042prt.sys fffff800`10400000 fffff800`1041f000 0x0001f000 0x5458783e 04.11.2014 08:54:54
kbdclass.sys fffff800`1041f000 fffff800`10431000 0x00012000 0x5458783e 04.11.2014 08:54:54
serial.sys fffff800`10431000 fffff800`1044b000 0x0001a000 0x5215f898 22.08.2013 13:40:08
serenum.sys fffff800`1044b000 fffff800`10458000 0x0000d000 0x5215f8a1 22.08.2013 13:40:17
intelppm.sys fffff800`10458000 fffff800`10476000 0x0001e000 0x5215cfeb 22.08.2013 10:46:35
wmiacpi.sys fffff800`10476000 fffff800`10480000 0x0000a000 0x5215f894 22.08.2013 13:40:04
NdisVirtualBus.sys fffff800`10480000 fffff800`1048b000 0x0000b000 0x5215f7b9 22.08.2013 13:36:25
swenum.sys fffff800`1048b000 fffff800`1048c600 0x00001600 0x5450554d 29.10.2014 04:47:41
rdpbus.sys fffff800`1048d000 fffff800`10498000 0x0000b000 0x5215f84c 22.08.2013 13:38:52
usbhub.sys fffff800`106ad000 fffff800`10717000 0x0006a000 0x53d0f1d9 24.07.2014 13:45:29
USBD.SYS fffff800`10717000 fffff800`10723000 0x0000c000 0x53897735 31.05.2014 08:31:17
UsbHub3.sys fffff800`10723000 fffff800`1079b000 0x00078000 0x5507a0c0 17.03.2015 05:34:24
AtihdWB6.sys fffff800`1079b000 fffff800`107d7000 0x0003c000 0x53a64020 22.06.2014 04:32:00
portcls.sys fffff800`10600000 fffff800`10647000 0x00047000 0x5450550b 29.10.2014 04:46:35
drmk.sys fffff800`10647000 fffff800`10663000 0x0001c000 0x5450554a 29.10.2014 04:47:38
AMDACPKSL.SYS fffff800`10663000 fffff800`1068a000 0x00027000 0x53a6400f 22.06.2014 04:31:43
RTKVHD64.sys fffff800`108c5000 fffff800`10cd6d80 0x00411d80 0x546203be 11.11.2014 14:40:30
AmUHubftr.sys fffff800`10cd7000 fffff800`10ce2000 0x0000b000 0x52b3e095 20.12.2013 08:15:49
netr28ux.sys fffff800`10e7a000 fffff800`110f4000 0x0027a000 0x52fe0eb5 14.02.2014 14:40:21
vwifibus.sys fffff800`110f4000 fffff800`11101000 0x0000d000 0x5215f854 22.08.2013 13:39:00
AmUStor.SYS fffff800`11101000 fffff800`11119000 0x00018000 0x531ec4e9 11.03.2014 10:10:17
hidusb.sys fffff800`11119000 fffff800`11127000 0x0000e000 0x53183ebe 06.03.2014 11:24:14
HIDCLASS.SYS fffff800`11127000 fffff800`11146000 0x0001f000 0x53183ed8 06.03.2014 11:24:40
HIDPARSE.SYS fffff800`11146000 fffff800`1114df00 0x00007f00 0x5215f8aa 22.08.2013 13:40:26
mouhid.sys fffff800`111ad000 fffff800`111ba000 0x0000d000 0x54587837 04.11.2014 08:54:47
point64.sys fffff800`111ba000 fffff800`111ca000 0x00010000 0x4dd37e38 18.05.2011 10:07:20
mouclass.sys fffff800`111ca000 fffff800`111da000 0x00010000 0x54587837 04.11.2014 08:54:47
win32k.sys fffff960`0014c000 fffff960`00562000 0x00416000 0x00000000
dump_diskdump.sys fffff800`111da000 fffff800`111e6000 0x0000c000 0x5215f8a2 22.08.2013 13:40:18
dump_storahci.sys fffff800`10e00000 fffff800`10e1d000 0x0001d000 0x5215f8b7 22.08.2013 13:40:39
dump_dumpfve.sys fffff800`10e1d000 fffff800`10e33000 0x00016000 0x530894b8 22.02.2014 14:14:48
btfilter.sys fffff800`10ce2000 fffff800`10d8a000 0x000a8000 0x5475665b 26.11.2014 07:34:19
BTHUSB.sys fffff800`10e33000 fffff800`10e4c000 0x00019000 0x545054f8 29.10.2014 04:46:16
bthport.sys fffff800`112cb000 fffff800`113f6000 0x0012b000 0x545054d1 29.10.2014 04:45:37
monitor.sys fffff800`11200000 fffff800`1120e000 0x0000e000 0x5215f7c5 22.08.2013 13:36:37
TSDDD.dll fffff960`0072c000 fffff960`00735000 0x00009000 0x00000000
cdd.dll fffff960`00814000 fffff960`0084e000 0x0003a000 0x00000000
ATMFD.DLL fffff960`00a59000 fffff960`00ab8000 0x0005f000 0x00000000 Adobe Type Manager Windows NT OpenType/Type 1 Font Driver 5.1 Build 241 Adobe Systems Incorporated C:\WINDOWS\system32\ATMFD.DLL
luafv.sys fffff800`1120e000 fffff800`11232000 0x00024000 0x530894a1 22.02.2014 14:14:25
mbam.sys fffff800`11232000 fffff800`1123c000 0x0000a000 0x540754e1 03.09.2014 19:50:25
lltdio.sys fffff800`1123c000 fffff800`11250000 0x00014000 0x5215f7b2 22.08.2013 13:36:18
nwifi.sys fffff800`11250000 fffff800`112c4000 0x00074000 0x545054d5 29.10.2014 04:45:41
ndisuio.sys fffff800`10e4c000 fffff800`10e60000 0x00014000 0x5215f7fe 22.08.2013 13:37:34
rspndr.sys fffff800`10e60000 fffff800`10e78000 0x00018000 0x5215f7c2 22.08.2013 13:36:34
condrv.sys fffff800`1114e000 fffff800`1115e000 0x00010000 0x5215f8a1 22.08.2013 13:40:17
HTTP.sys fffff800`1183d000 fffff800`11937000 0x000fa000 0x54ebc87c 24.02.2015 02:40:28
vwifimp.sys fffff800`11937000 fffff800`11946000 0x0000f000 0x53609b37 30.04.2014 08:41:59
bowser.sys fffff800`11946000 fffff800`11966000 0x00020000 0x5215f83e 22.08.2013 13:38:38
mpsdrv.sys fffff800`11966000 fffff800`1197d000 0x00017000 0x545054cb 29.10.2014 04:45:31
mrxsmb.sys fffff800`1197d000 fffff800`119ea000 0x0006d000 0x5434e878 08.10.2014 09:32:08
mrxsmb20.sys fffff800`11800000 fffff800`11838000 0x00038000 0x54264430 27.09.2014 06:59:28
BthEnum.sys fffff800`119ea000 fffff800`119fc000 0x00012000 0x545054f3 29.10.2014 04:46:11
bthpan.sys fffff800`1115e000 fffff800`1117f000 0x00021000 0x53d0f0f7 24.07.2014 13:41:43
btath_rcp.sys fffff800`10d8a000 fffff800`10dd6000 0x0004c000 0x51c418da 21.06.2013 11:11:54
btath_avdt.sys fffff800`1117f000 fffff800`111aa000 0x0002b000 0x544764b9 22.10.2014 10:03:05
btath_a2dp.sys fffff800`10800000 fffff800`10868000 0x00068000 0x54476a3b 22.10.2014 10:26:35
btath_hcrp.sys fffff800`10868000 fffff800`108b4000 0x0004c000 0x50d03d6e 18.12.2012 11:54:54
btath_flt.sys fffff800`10dd6000 fffff800`10df2000 0x0001c000 0x5216db15 23.08.2013 05:46:29
btath_lwflt.sys fffff800`111e6000 fffff800`111fe000 0x00018000 0x50935bb0 02.11.2012 07:35:44
mrxsmb10.sys fffff800`0f000000 fffff800`0f04b000 0x0004b000 0x53183da8 06.03.2014 11:19:36
Ndu.sys fffff800`1068a000 fffff800`106a7000 0x0001d000 0x545054bc 29.10.2014 04:45:16
peauth.sys fffff800`11a53000 fffff800`11afc000 0x000a9000 0x53089381 22.02.2014 14:09:37
secdrv.SYS fffff800`11afc000 fffff800`11b07000 0x0000b000 0x4508052e 13.09.2006 15:18:38
srvnet.sys fffff800`11b07000 fffff800`11b4a000 0x00043000 0x53ad0d9d 27.06.2014 08:22:21
tcpipreg.sys fffff800`11b4a000 fffff800`11b5c000 0x00012000 0x53183dbf 06.03.2014 11:19:59
srv2.sys fffff800`11c75000 fffff800`11d22000 0x000ad000 0x5434e8ca 08.10.2014 09:33:30
srv.sys fffff800`11d22000 fffff800`11db0000 0x0008e000 0x53d0f15f 24.07.2014 13:43:27
WudfPf.sys fffff800`11c3d000 fffff800`11c5e000 0x00021000 0x54505503 29.10.2014 04:46:27
WUDFRd.sys fffff800`11db0000 fffff800`11ded000 0x0003d000 0x545054f5 29.10.2014 04:46:13
WpdUpFltr.sys fffff800`11ded000 fffff800`11df8000 0x0000b000 0x5215f845 22.08.2013 13:38:45
WdNisDrv.sys fffff800`11c00000 fffff800`11c1f000 0x0001f000 0x54cb5b3c 30.01.2015 12:21:48
mwac.sys fffff800`11c1f000 fffff800`11c32000 0x00013000 0x53a0f444 18.06.2014 04:07:00
MBAMSwissArmy.sys fffff800`11b5c000 fffff800`11b82000 0x00026000 0x54af40d7 09.01.2015 04:45:43
tunnel.sys fffff800`11b82000 fffff800`11baf000 0x0002d000 0x5215f791 22.08.2013 13:35:45
psi_mf_amd64.sys fffff800`11c32000 fffff800`11c3b000 0x00009000 0x511373b5 07.02.2013 11:28:21
Gruß verrant |
|
09.05.2015, 08:51
| #20 | |
| /// the machine /// TB-Ausbilder | Re-Infekt mit Malaha.net und diverse BeobachtungenZitat:
Kannst Du en obersten Dump bitte mit Doppelklick öffnen? Windows Bluescreen Absturz analysieren und beheben - so geht's - Anleitungen
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
17.05.2015, 13:50
| #21 |
| | Re-Infekt mit Malaha.net und diverse Beobachtungen Moin schrauber. Habs noch mal nachgelesen: Das Mainboard hat kein OnBoard WLan. Der Treiber im INet ist von 2010. Der installierte Treiber ist von 2014. Somit hier keine Veränderung vorgenommen. BluescreeView nach Anleitung: Code:
ATTFilter ==================================================
Dump File : 050315-9734-01.dmp
Crash Time : 03.05.2015 14:39:16
Bug Check String : BAD_POOL_HEADER
Bug Check Code : 0x00000019
Parameter 1 : 00000000`00000020
Parameter 2 : ffffe000`fb36a880
Parameter 3 : ffffe000`fb36a8a0
Parameter 4 : 00000000`04020026
Caused By Driver : tcpip.sys
Caused By Address : tcpip.sys+1c2180
File Description :
Product Name :
Company :
File Version :
Processor : x64
Crash Address : ntoskrnl.exe+150ca0
Stack Address 1 :
Stack Address 2 :
Stack Address 3 :
Computer Name :
Full Path : C:\WINDOWS\Minidump\050315-9734-01.dmp
Processors Count : 4
Major Version : 15
Minor Version : 9600
Dump File Size : 281.728
Dump File Time : 03.05.2015 14:40:11
==================================================
Ich würde mir gerne Sandboxie installieren. Gibt es da ein gute Anleitung auf Deutsch? Evtl. sogar von Euch? LG Perry |
|
18.05.2015, 09:00
| #22 |
| /// the machine /// TB-Ausbilder | Re-Infekt mit Malaha.net und diverse Beobachtungen Öhm.....ich glaube bei uns nicht. Ich kenne die auch nur in Englisch, müsste man mal googlen. Da scheint ne Windows Datei beschädigt. Bitte Windows Repair laufen lassen: Windows reparieren - so geht's - Anleitungen
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
18.05.2015, 16:25
| #23 |
| | Re-Infekt mit Malaha.net und diverse Beobachtungen Moin Schrauber. Hab Windows Repair v3.1.5 (Free Version) durchlaufen lassen. Beim ersten mal, hat er gemeldet, das nicht alle Probleme behoben werden konnten. Deshalb hab ich ein zweites mal den Prozess durchlaufen lassen. Nun erschien keine Meldung mehr, die auf "Reste" hinwies. Benötigst Du einen oder mehrere der Logs? " Es empfiehlt sich außerdem, die Reparaturen im abgesicherten Modus durchzuführen. In jedem Fall sollte das Antivirus-Programm deaktiviert werden (Echtzeitscanner ausschalten)." Diesen Hinweis hatte ich übersehen. Gruß verrant |
|
19.05.2015, 07:17
| #24 |
| /// the machine /// TB-Ausbilder | Re-Infekt mit Malaha.net und diverse Beobachtungen FRST öffnen, in das Search Feld folgendes eintragen: tcpip.* und Search Files klicken.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
19.05.2015, 17:22
| #25 |
| | Re-Infekt mit Malaha.net und diverse BeobachtungenCode:
ATTFilter Farbar Recovery Scan Tool (x64) Version: 16-05-2015 02
Ran by Kay at 2015-05-19 16:17:50
Running from C:\Users\Kay\Downloads
Boot Mode: Normal
================== Search Files: "tcpip.*" =============
C:\Windows\WinSxS\wow64_microsoft-windows-tcpip-wmiv2provider_31bf3856ad364e35_6.3.9600.17415_none_185d73c79dd0f8e8\Tcpip.Format.ps1xml
[2013-08-22 01:45][2013-07-18 17:53] 0067226 ____A () 6A09E0A6FE918ACAA71D2304E9D93388 [File is signed]
C:\Windows\WinSxS\wow64_microsoft-windows-tcpip-wmiv2provider_31bf3856ad364e35_6.3.9600.17415_none_185d73c79dd0f8e8\Tcpip.Types.ps1xml
[2013-08-22 01:45][2013-06-18 14:29] 0045693 ____A () AB659CACA8E4462AE76254D7EBF360F7 [File is signed]
C:\Windows\WinSxS\wow64_microsoft-windows-tcpip-wmiv2provider_31bf3856ad364e35_6.3.9600.16384_none_1810d8eb9e0a8c60\Tcpip.Format.ps1xml
[2013-08-22 01:45][2014-11-19 20:40] 0000012 ____A () BA6F7ECC3DB6B51BE08BF41473EE29E9
C:\Windows\WinSxS\wow64_microsoft-windows-tcpip-wmiv2provider_31bf3856ad364e35_6.3.9600.16384_none_1810d8eb9e0a8c60\Tcpip.Types.ps1xml
[2013-08-22 01:45][2014-11-19 20:40] 0000012 ____A () BA6F7ECC3DB6B51BE08BF41473EE29E9
C:\Windows\WinSxS\wow64_microsoft-windows-tcpip-mof_31bf3856ad364e35_6.3.9600.16384_none_32f0ee338d47565e\tcpip.mof
[2013-08-22 01:47][2013-06-18 14:18] 0003066 ____A () EEC4A068DE477651214F6C8014ECBEC0 [File is signed]
C:\Windows\WinSxS\amd64_microsoft-windows-tcpip-wmiv2provider_31bf3856ad364e35_6.3.9600.17415_none_0e08c975697036ed\Tcpip.Format.ps1xml
[2013-08-22 08:50][2013-07-18 17:53] 0067226 ____A () 6A09E0A6FE918ACAA71D2304E9D93388 [File is signed]
C:\Windows\WinSxS\amd64_microsoft-windows-tcpip-wmiv2provider_31bf3856ad364e35_6.3.9600.17415_none_0e08c975697036ed\Tcpip.Types.ps1xml
[2013-08-22 08:50][2013-06-18 16:57] 0045693 ____A () AB659CACA8E4462AE76254D7EBF360F7 [File is signed]
C:\Windows\WinSxS\amd64_microsoft-windows-tcpip-wmiv2provider_31bf3856ad364e35_6.3.9600.16384_none_0dbc2e9969a9ca65\Tcpip.Format.ps1xml
[2013-08-22 08:50][2014-11-19 20:28] 0000012 ____A () BA6F7ECC3DB6B51BE08BF41473EE29E9
C:\Windows\WinSxS\amd64_microsoft-windows-tcpip-wmiv2provider_31bf3856ad364e35_6.3.9600.16384_none_0dbc2e9969a9ca65\Tcpip.Types.ps1xml
[2013-08-22 08:50][2014-11-19 20:28] 0000012 ____A () BA6F7ECC3DB6B51BE08BF41473EE29E9
C:\Windows\WinSxS\amd64_microsoft-windows-tcpip-mof_31bf3856ad364e35_6.3.9600.16384_none_289c43e158e69463\tcpip.mof
[2013-08-22 08:52][2013-06-18 16:42] 0003066 ____A () EEC4A068DE477651214F6C8014ECBEC0 [File is signed]
C:\Windows\WinSxS\amd64_microsoft-windows-tcpip-minwin.resources_31bf3856ad364e35_6.3.9600.16384_de-de_58e38736afcf5a03\tcpip.sys.mui
[2013-11-14 09:10][2013-11-14 09:10] 0101376 ____A (Microsoft Corporation) 7309A5B11AE2ECEE54B7DA2DC5614293 [File is signed]
C:\Windows\WinSxS\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.3.9600.17485_none_a3dd5dc53a5c7789\tcpip.sys
[2014-12-12 18:03][2014-11-10 20:06] 2485056 ____A (Microsoft Corporation) 3C2DF97A21A9BBE6355B0A51F288EFFF [File is signed]
C:\Windows\WinSxS\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.3.9600.17415_none_a4290d393a23b3f2\tcpip.sys
[2014-11-19 19:20][2014-12-13 13:21] 0001784 ____A () 7F247B320FA5BA3826A8AFDD3E00CD91
C:\Windows\WinSxS\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.3.9600.17336_none_a4146bc53a330804\tcpip.sys
[2014-10-24 17:33][2014-11-19 20:28] 0409864 ____A () D0C41590A1BCB4C0BD592D8AB976FE2F
C:\Windows\WinSxS\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.3.9600.17278_none_a3eb2ac33a51ad4f\tcpip.sys
[2014-09-18 14:35][2014-10-28 18:35] 0241540 ____A () E7D9CAEE2A6C4007CB85632A13D4EEF3
C:\Windows\WinSxS\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.3.9600.17238_none_a4166a733a313d8b\tcpip.sys
[2014-09-10 17:38][2014-09-19 10:17] 0445111 ____A () 5F46548648648BE21060C8DED2B56238
C:\Windows\WinSxS\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.3.9600.17136_none_a41467f93a330db6\tcpip.sys
[2014-07-18 12:16][2014-09-19 10:17] 0446400 ____A () 96F67EB5FD0CF6809C15A9530C68A8B7
C:\Windows\WinSxS\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.3.9600.17085_none_a3dd562d3a5c82ed\tcpip.sys
[2014-05-23 19:29][2014-08-17 15:23] 0223198 ____A () 889B53B7C56665B0277CC00EF4051DE4
C:\Windows\WinSxS\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.3.9600.17039_none_a41766f13a305c94\tcpip.sys
[2014-04-10 17:51][2014-05-31 17:52] 0234906 ____A () CB44BD6971455D2A4E3C1AF65AB60377
C:\Windows\WinSxS\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.3.9600.16521_none_a41a54d33a2f4e0d\tcpip.sys
[2014-03-16 13:41][2014-05-10 21:18] 0481295 ____A () 2F83A7537A9B8CF98E6B4710A3E3D381
C:\Windows\WinSxS\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.3.9600.16456_none_a3fee49b3a43236c\tcpip.sys
[2014-02-20 14:44][2014-03-27 20:39] 0271861 ____A () 2102610D6FD1D928A3D7155077A78B82
C:\Windows\WinSxS\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.3.9600.16423_none_a41c53813a2d8394\tcpip.sys
[2013-11-14 09:33][2014-03-27 20:39] 0276882 ____A () 3732E166F9069E37AB89E9FB0F0D4596
C:\Windows\WinSxS\amd64_microsoft-windows-tcpip-adm_31bf3856ad364e35_6.3.9600.16384_none_23c7dee35bf2dc15\tcpip.admx
[2013-11-14 09:13][2013-11-14 09:13] 0010634 ____A () 27E7FA51D11CEFB156FD72630A31FD9B [File is signed]
C:\Windows\WinSxS\amd64_microsoft-windows-tcpip-adm.resources_31bf3856ad364e35_6.3.9600.16384_de-de_1ed578b0f2e51c83\tcpip.adml
[2013-11-14 09:10][2013-11-14 09:10] 0016135 ____A () 3C685A23E432CCA6620DCF2DBEA3A20F [File is signed]
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\NetTCPIP\Tcpip.Format.ps1xml
[2013-08-22 01:45][2013-07-18 17:53] 0067226 ____A () 6A09E0A6FE918ACAA71D2304E9D93388 [File is signed]
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\NetTCPIP\Tcpip.Types.ps1xml
[2013-08-22 01:45][2013-06-18 14:29] 0045693 ____A () AB659CACA8E4462AE76254D7EBF360F7 [File is signed]
C:\Windows\SysWOW64\wbem\tcpip.mof
[2013-08-22 01:47][2013-06-18 14:18] 0003066 ____A () EEC4A068DE477651214F6C8014ECBEC0 [File is signed]
C:\Windows\System32\WindowsPowerShell\v1.0\Modules\NetTCPIP\Tcpip.Format.ps1xml
[2013-08-22 08:50][2013-07-18 17:53] 0067226 ____A () 6A09E0A6FE918ACAA71D2304E9D93388 [File is signed]
C:\Windows\System32\WindowsPowerShell\v1.0\Modules\NetTCPIP\Tcpip.Types.ps1xml
[2013-08-22 08:50][2013-06-18 16:57] 0045693 ____A () AB659CACA8E4462AE76254D7EBF360F7 [File is signed]
C:\Windows\System32\wbem\tcpip.mof
[2013-08-22 08:52][2013-06-18 16:42] 0003066 ____A () EEC4A068DE477651214F6C8014ECBEC0 [File is signed]
C:\Windows\System32\drivers\tcpip.sys
[2014-12-12 18:03][2014-11-10 20:06] 2485056 ____A (Microsoft Corporation) 3C2DF97A21A9BBE6355B0A51F288EFFF [File is signed]
C:\Windows\System32\drivers\de-DE\tcpip.sys.mui
[2013-11-14 09:10][2013-11-14 09:10] 0101376 ____A (Microsoft Corporation) 7309A5B11AE2ECEE54B7DA2DC5614293 [File is signed]
C:\Windows\PolicyDefinitions\tcpip.admx
[2013-11-14 09:13][2013-11-14 09:13] 0010634 ____A () 27E7FA51D11CEFB156FD72630A31FD9B [File is signed]
C:\Windows\PolicyDefinitions\de-DE\tcpip.adml
[2013-11-14 09:10][2013-11-14 09:10] 0016135 ____A () 3C685A23E432CCA6620DCF2DBEA3A20F [File is signed]
====== End Of Search ======
verrant Edith: Und nun taucht auf dem Desktop "Media Player Classic" auf. Unter Help taucht dieses als Homepage auf: http: / / sourceforge dot net/projects/guliverkli2/ Mir ist unklar, wann ich auf sourceforge Seite war und dabei etwas runtergeladen haben soll. In der Crono Downloadschlange tauchen auf: tweaking.com von majorgeeks dot com 18.5.15 DWA-125 ... von ftp.dlink dot de/dwa... 17.5.15 ...p8p67.zip von dlcdnet.asus dot com... 17.5.15 ccsetup505.exe von //secure.piriform.com...17.5.17 Oder reicht es jetzt schon, die Site aufzurufen und sich "etwas einzufangen"? Ausserdem versuche ich gerade Bilder von einer SD-Karte per USB-Kartenleser auf den Rechner zu überspielen. Dabei meldet Win8.1 immer wieder: "Bei diesem Laufwerk liegt ein Problem vor, bitte Überprüfen Sie das Laufwerk." Diese Meldung kommt auch dann, wenn ich das Laufwerk nicht direkt ansteuere. Die Bilder aber lassen sich problemlos auf den Rechner übertragen. Vermute eher, das die Karte neu formatiert werden muss. Aber die Karte nutze ich so seit ca. 8 Mon. Un dieses hartnäckige Verhalten ist mir neu. Edith - 2 lächerlich. Aber ich trau mich grade nicht winrar zu deinstallieren und eine anderen Packer (kostenlos) zu installieren ohne mir Deine Freigabe dafür zu holen. Gruß verrant |
|
20.05.2015, 06:53
| #26 |
| /// the machine /// TB-Ausbilder | Re-Infekt mit Malaha.net und diverse Beobachtungen Ja, die Karte muss formatiert werden. Winrar kannste machen, ich empfehle 7zip, aber aufpassen beim laden  Log sieht gut aus, poste bitte nochmal ein frisches FRST log, dann sollten wir durch sein
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
20.05.2015, 16:03
| #27 |
| | Re-Infekt mit Malaha.net und diverse Beobachtungen Moin. formatieren mit Win geht nicht. Versuche es in der Kamera. Hat dort geklappt. Mal gucken wies weiter geht damit. Ist hier aber kein Thema mehr. aufgepasst beim laden von 7zip von Filepony.de und noch ne Frage: Was mache ich mit dem Media Player Classic? Ist das nur ne .exe und Löschen reicht? Oder ist da iwie anders zu verfahren? FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 19-05-2015 Ran by Kay (administrator) on OPQIWUER on 20-05-2015 17:00:41 Running from C:\Users\Kay\Downloads Loaded Profiles: Kay (Available profiles: Kay) Platform: Windows 8.1 Pro (X64) OS Language: Deutsch (Deutschland) Internet Explorer Version 11 (Default browser: Chrome) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (AMD) C:\Windows\System32\atiesrxx.exe (AMD) C:\Windows\System32\atieclxx.exe (Microsoft Corporation) C:\Windows\System32\wlanext.exe (Windows (R) Win 7 DDK provider) C:\Program Files (x86)\Bluetooth Suite\AdminService.exe (Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe (Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe (Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe (Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe (Malwarebytes Corporation) D:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe (Microsoft Corporation) C:\Windows\System32\dasHost.exe (Malwarebytes Corporation) D:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe (Ralink Technology, Corp.) C:\Program Files (x86)\Ralink\Common\RaRegistry.exe (Ralink Technology, Corp.) C:\Program Files (x86)\Ralink\Common\RaRegistry64.exe (Secunia) C:\Program Files (x86)\Secunia\PSI\psia.exe (DEVGURU Co., LTD.) D:\Program Files (x86)\USB Drivers\25_escape\conn\ss_conn_service.exe (Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe (Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe (Malwarebytes Corporation) D:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe (IvoSoft) C:\Program Files\Classic Shell\ClassicStartMenu.exe (Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe (Microsoft Corporation) C:\Windows\System32\SkyDrive.exe (Secunia) C:\Program Files (x86)\Secunia\PSI\sua.exe (Google Inc.) C:\Program Files (x86)\Google\Update\1.3.27.5\GoogleCrashHandler.exe (Google Inc.) C:\Program Files (x86)\Google\Update\1.3.27.5\GoogleCrashHandler64.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Atheros Communications) C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe () C:\Program Files (x86)\Bluetooth Suite\ActivateDesktop.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Akamai Technologies, Inc.) C:\Users\Kay\AppData\Local\Akamai\netsession_win.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Akamai Technologies, Inc.) C:\Users\Kay\AppData\Local\Akamai\netsession_win.exe (Hewlett-Packard Co.) C:\Program Files\HP\HP Photosmart Plus B210 series\Bin\ScanToPCActivationApp.exe (Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (Secunia) C:\Program Files (x86)\Secunia\PSI\psi_tray.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe (Tweaking.com) C:\Program Files (x86)\Tweaking.com\Windows Repair (All in One)\WR_Tray_Icon.exe (Microsoft Corporation) C:\Windows\FileManager\PhotosApp.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (VideoLAN) D:\Program Files\VideoLAN\VLC\vlc.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [Classic Start Menu] => C:\Program Files\Classic Shell\ClassicStartMenu.exe [161984 2014-04-20] (IvoSoft) HKLM\...\Run: [IntelliPoint] => C:\Program Files\Microsoft IntelliPoint\ipoint.exe [2417032 2011-08-01] (Microsoft Corporation) HKLM-x32\...\Run: [BCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation) HKLM-x32\...\Run: [WISO Mein Geld 2015 Professional .NET] => D:\Program Files (x86)\Buhl\WISO Mein Geld 2015\mg.exe [1120568 2015-05-07] (Buhl Data Service) HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\amd64\CLIStart.exe [767176 2014-11-20] (Advanced Micro Devices, Inc.) HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard) HKLM-x32\...\Run: [] => [X] HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [334896 2015-04-30] (Oracle Corporation) HKLM\...\Policies\Explorer\Run: [BtvStack] => C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe [134784 2014-11-30] (Atheros Communications) HKU\S-1-5-21-1888364831-2858631773-2981139133-1001\...\Run: [Google Update] => C:\Users\Kay\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2014-03-16] (Google Inc.) HKU\S-1-5-21-1888364831-2858631773-2981139133-1001\...\Run: [Google+ Auto Backup] => C:\Users\Kay\AppData\Local\Programs\Google\Google+ Auto Backup\Google+ Auto Backup.exe [3754312 2015-02-13] (Google Inc.) HKU\S-1-5-21-1888364831-2858631773-2981139133-1001\...\Run: [WEB.DE Application {sync-000021}] => C:\Users\Kay\AppData\Local\WEB.DE Application {sync-000021}\webde_onlinespeicher.exe [781312 2015-02-18] (1&1 Mail & Media GmbH) HKU\S-1-5-21-1888364831-2858631773-2981139133-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [7451928 2015-03-13] (Piriform Ltd) HKU\S-1-5-21-1888364831-2858631773-2981139133-1001\...\Run: [Akamai NetSession Interface] => C:\Users\Kay\AppData\Local\Akamai\netsession_win.exe [4673432 2014-10-29] (Akamai Technologies, Inc.) HKU\S-1-5-21-1888364831-2858631773-2981139133-1001\...\Run: [HP Photosmart Plus B210 series (NET)] => C:\Program Files\HP\HP Photosmart Plus B210 series\Bin\ScanToPCActivationApp.exe [2573416 2012-10-17] (Hewlett-Packard Co.) HKU\S-1-5-21-1888364831-2858631773-2981139133-1001\...\Run: [GoogleChromeAutoLaunch_5836BB441E2E1B746E88D283286F547E] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [812872 2015-05-05] (Google Inc.) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Install LastPass FF RunOnce.lnk [2014-10-06] ShortcutTarget: Install LastPass FF RunOnce.lnk -> C:\Program Files (x86)\Common Files\lpuninstall.exe (LastPass) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Install LastPass IE RunOnce.lnk [2014-01-20] ShortcutTarget: Install LastPass IE RunOnce.lnk -> C:\Program Files (x86)\Common Files\lpuninstall.exe (LastPass) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Ralink Wireless Utility.lnk [2015-02-19] Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Secunia PSI Tray.lnk [2014-10-02] ShortcutTarget: Secunia PSI Tray.lnk -> C:\Program Files (x86)\Secunia\PSI\psi_tray.exe (Secunia) Startup: C:\Users\Kay\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\WISO Mein Steuer-Sparbuch heute.lnk [2014-03-19] ShortcutTarget: WISO Mein Steuer-Sparbuch heute.lnk -> D:\Program Files (x86)\WISO\Steuersoftware 2014\mshaktuell.exe () ShellIconOverlayIdentifiers: [ 1&1 Sync Overlay 1] -> {02B2B772-B8A8-4DA4-9B18-42551A54A1A8} => C:\Program Files\Common Files\1&1 Sync\1&1SyncShellExtension64_1_0_0_1_20150212142954828.dll [2014-11-27] (1&1 Mail & Media GmbH) ShellIconOverlayIdentifiers: [ 1&1 Sync Overlay 2] -> {0575AB16-E932-4160-8936-4DBE195BDBD7} => C:\Program Files\Common Files\1&1 Sync\1&1SyncShellExtension64_1_0_0_1_20150212142954828.dll [2014-11-27] (1&1 Mail & Media GmbH) ShellIconOverlayIdentifiers: [ 1&1 Sync Overlay 3] -> {0E9EF89A-96D3-4DE6-B2F8-E9548AA5321E} => C:\Program Files\Common Files\1&1 Sync\1&1SyncShellExtension64_1_0_0_1_20150212142954828.dll [2014-11-27] (1&1 Mail & Media GmbH) ShellIconOverlayIdentifiers: [ 1&1 Sync Overlay 4] -> {1A4AFFE1-B2F9-483D-B627-D9A339DBFD34} => C:\Program Files\Common Files\1&1 Sync\1&1SyncShellExtension64_1_0_0_1_20150212142954828.dll [2014-11-27] (1&1 Mail & Media GmbH) ShellIconOverlayIdentifiers: [ShareOverlay] -> {594D4122-1F87-41E2-96C7-825FB4796516} => C:\Program Files\Classic Shell\ClassicExplorer64.dll [2014-04-20] (IvoSoft) ShellIconOverlayIdentifiers-x32: [ 1&1 Sync Overlay 1] -> {02B2B772-B8A8-4DA4-9B18-42551A54A1A8} => C:\Program Files (x86)\Common Files\1&1 Sync\1&1SyncShellExtension_1_0_0_1_20150212142954828.dll [2014-11-27] (1&1 Mail & Media GmbH) ShellIconOverlayIdentifiers-x32: [ 1&1 Sync Overlay 2] -> {0575AB16-E932-4160-8936-4DBE195BDBD7} => C:\Program Files (x86)\Common Files\1&1 Sync\1&1SyncShellExtension_1_0_0_1_20150212142954828.dll [2014-11-27] (1&1 Mail & Media GmbH) ShellIconOverlayIdentifiers-x32: [ 1&1 Sync Overlay 3] -> {0E9EF89A-96D3-4DE6-B2F8-E9548AA5321E} => C:\Program Files (x86)\Common Files\1&1 Sync\1&1SyncShellExtension_1_0_0_1_20150212142954828.dll [2014-11-27] (1&1 Mail & Media GmbH) ShellIconOverlayIdentifiers-x32: [ 1&1 Sync Overlay 4] -> {1A4AFFE1-B2F9-483D-B627-D9A339DBFD34} => C:\Program Files (x86)\Common Files\1&1 Sync\1&1SyncShellExtension_1_0_0_1_20150212142954828.dll [2014-11-27] (1&1 Mail & Media GmbH) ShellIconOverlayIdentifiers-x32: [ SkyDrivePro1 (ErrorConflict)] -> {8BA85C75-763B-4103-94EB-9470F12FE0F7} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2015-04-14] (Microsoft Corporation) ShellIconOverlayIdentifiers-x32: [ SkyDrivePro2 (SyncInProgress)] -> {CD55129A-B1A1-438E-A425-CEBC7DC684EE} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2015-04-14] (Microsoft Corporation) ShellIconOverlayIdentifiers-x32: [ SkyDrivePro3 (InSync)] -> {E768CD3B-BDDC-436D-9C13-E1B39CA257B1} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2015-04-14] (Microsoft Corporation) ShellIconOverlayIdentifiers-x32: [ShareOverlay] -> {594D4122-1F87-41E2-96C7-825FB4796516} => C:\Program Files\Classic Shell\ClassicExplorer32.dll [2014-04-20] (IvoSoft) ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION HKU\.DEFAULT\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION HKU\S-1-5-21-1888364831-2858631773-2981139133-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION HKU\S-1-5-21-1888364831-2858631773-2981139133-1001\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.google.com/ie HKU\S-1-5-21-1888364831-2858631773-2981139133-1001\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com/ie HKU\S-1-5-21-1888364831-2858631773-2981139133-1001\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.giga.de/androidnews/ SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-21-1888364831-2858631773-2981139133-1001 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://www.google.com/search?q={sear BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll [2015-03-10] (Microsoft Corporation) BHO: ExplorerBHO Class -> {449D0D6E-2412-4E61-B68F-1CB625CD9E52} -> C:\Program Files\Classic Shell\ClassicExplorer64.dll [2014-04-20] (IvoSoft) BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation) BHO: LastPass Vault -> {95D9ECF5-2A4D-4550-BE49-70D42F71296E} -> d:\Program Files (x86)\LastPass\LPToolbar_x64.dll [2014-10-06] (LastPass) BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2014-07-14] (Microsoft Corporation) BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation) BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL [2015-04-14] (Microsoft Corporation) BHO: ClassicIEBHO Class -> {EA801577-E6AD-4BD5-8F71-4BE0154331A4} -> C:\Program Files\Classic Shell\ClassicIEDLL_64.dll [2014-04-20] (IvoSoft) BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\Office15\OCHelper.dll [2015-03-04] (Microsoft Corporation) BHO-x32: ExplorerBHO Class -> {449D0D6E-2412-4E61-B68F-1CB625CD9E52} -> C:\Program Files\Classic Shell\ClassicExplorer32.dll [2014-04-20] (IvoSoft) BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation) BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\ssv.dll [2015-05-01] (Oracle Corporation) BHO-x32: LastPass Vault -> {95D9ECF5-2A4D-4550-BE49-70D42F71296E} -> d:\Program Files (x86)\LastPass\LPToolbar.dll [2014-10-06] (LastPass) BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2014-07-14] (Microsoft Corporation) BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2015-04-14] (Microsoft Corporation) BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\jp2ssv.dll [2015-05-01] (Oracle Corporation) BHO-x32: ClassicIEBHO Class -> {EA801577-E6AD-4BD5-8F71-4BE0154331A4} -> C:\Program Files\Classic Shell\ClassicIEDLL_32.dll [2014-04-20] (IvoSoft) Toolbar: HKLM - LastPass Toolbar - {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - d:\Program Files (x86)\LastPass\LPToolbar_x64.dll [2014-10-06] (LastPass) Toolbar: HKLM - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer64.dll [2014-04-20] (IvoSoft) Toolbar: HKLM-x32 - LastPass Toolbar - {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - d:\Program Files (x86)\LastPass\LPToolbar.dll [2014-10-06] (LastPass) Toolbar: HKLM-x32 - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer32.dll [2014-04-20] (IvoSoft) Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL [2015-02-03] (Microsoft Corporation) Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2014-07-14] (Microsoft Corporation) Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2014-07-14] (Microsoft Corporation) Tcpip\Parameters: [DhcpNameServer] 192.168.2.1 FireFox: ======== FF ProfilePath: C:\Users\Kay\AppData\Roaming\Mozilla\Firefox\Profiles\xj48727q.default-1427810809798 FF Homepage: hxxp://www.diesiedleronline.de/de/spielen FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_17_0_0_169.dll [2015-04-26] () FF Plugin: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> d:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll [2014-02-17] (Tracker Software Products (Canada) Ltd.) FF Plugin: @lastpass.com/NPLastPass -> d:\Program Files (x86)\LastPass\nplastpass64.dll [2014-10-06] (LastPass) FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation) FF Plugin: @tracker-software.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> D:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll [2014-02-17] (Tracker Software Products (Canada) Ltd.) FF Plugin: @videolan.org/vlc,version=2.1.2 -> d:\Program Files\VideoLAN\VLC\npvlc.dll [2014-07-30] (VideoLAN) FF Plugin: @videolan.org/vlc,version=2.1.4 -> d:\Program Files\VideoLAN\VLC\npvlc.dll [2014-07-30] (VideoLAN) FF Plugin: @videolan.org/vlc,version=2.1.5 -> d:\Program Files\VideoLAN\VLC\npvlc.dll [2014-07-30] (VideoLAN) FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_17_0_0_169.dll [2015-04-26] () FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\WINDOWS\SysWOW64\Adobe\Director\np32dsw_1218158.dll [2015-04-17] (Adobe Systems, Inc.) FF Plugin-x32: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> d:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll [2014-02-17] (Tracker Software Products (Canada) Ltd.) FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> d:\Program Files (x86)\Google\Picasa3\npPicasa3.dll [2014-08-13] (Google, Inc.) FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-08-08] (Intel Corporation) FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-08-08] (Intel Corporation) FF Plugin-x32: @java.com/DTPlugin,version=11.45.2 -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\dtplugin\npDeployJava1.dll [2015-05-01] (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=11.45.2 -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\plugin2\npjp2.dll [2015-05-01] (Oracle Corporation) FF Plugin-x32: @lastpass.com/NPLastPass -> d:\Program Files (x86)\LastPass\nplastpass.dll [2014-10-06] (LastPass) FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2015-02-17] (Microsoft Corporation) FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL [2014-05-11] (Microsoft Corporation) FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-17] (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-17] (Google Inc.) FF Plugin-x32: @tracker-software.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> D:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll [2014-02-17] (Tracker Software Products (Canada) Ltd.) FF Plugin HKU\S-1-5-21-1888364831-2858631773-2981139133-1001: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> d:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll [2014-02-17] (Tracker Software Products (Canada) Ltd.) FF Plugin HKU\S-1-5-21-1888364831-2858631773-2981139133-1001: @tools.google.com/Google Update;version=3 -> C:\Users\Kay\AppData\Local\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-17] (Google Inc.) FF Plugin HKU\S-1-5-21-1888364831-2858631773-2981139133-1001: @tools.google.com/Google Update;version=9 -> C:\Users\Kay\AppData\Local\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-17] (Google Inc.) FF Plugin HKU\S-1-5-21-1888364831-2858631773-2981139133-1001: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Kay\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2014-12-05] (Unity Technologies ApS) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npPDFXCviewNPPlugin.dll [2014-02-17] (Tracker Software Products (Canada) Ltd.) FF Extension: LastPass - C:\Users\Kay\AppData\Roaming\Mozilla\Firefox\Profiles\xj48727q.default-1427810809798\Extensions\support@lastpass.com [2015-03-31] FF Extension: WOT - C:\Users\Kay\AppData\Roaming\Mozilla\Firefox\Profiles\xj48727q.default-1427810809798\Extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} [2015-03-31] FF Extension: ProxMate - C:\Users\Kay\AppData\Roaming\Mozilla\Firefox\Profiles\xj48727q.default-1427810809798\Extensions\jid1-QpHD8URtZWJC2A@jetpack.xpi [2015-04-18] FF Extension: NoScript - C:\Users\Kay\AppData\Roaming\Mozilla\Firefox\Profiles\xj48727q.default-1427810809798\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2015-03-31] FF Extension: Adblock Plus - C:\Users\Kay\AppData\Roaming\Mozilla\Firefox\Profiles\xj48727q.default-1427810809798\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2015-03-31] FF Extension: BetterPrivacy - C:\Users\Kay\AppData\Roaming\Mozilla\Firefox\Profiles\xj48727q.default-1427810809798\Extensions\{d40f5e7b-d2cf-4856-b441-cc613eeffbe3}.xpi [2015-03-31] FF Extension: No Name - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2015-05-18] Chrome: ======= CHR HomePage: Default -> hxxp://www.google.com/ CHR StartupUrls: Default -> "hxxp://www.spiegel.de/", "hxxp://forum.ubuntuusers.de/topic/kann-keine-programme-per-software-center-downl/", "hxxp://www.happypainting.de/", "hxxp://www.pentaxians.de/", "hxxp://www.web.de/", "hxxp://www.t-online.de/", "http://www.trojaner-board.de/166488-...chtungen.html" CHR DefaultSuggestURL: Default -> {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:inputType}{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}{google:searchVersion}{google:sessionToken}{google:prefetchQuery}sugkey={google:suggestAPIKeyParameter} CHR Profile: C:\Users\Kay\AppData\Local\Google\Chrome\User Data\Default CHR Extension: (ProxFlow) - C:\Users\Kay\AppData\Local\Google\Chrome\User Data\Default\Extensions\aakchaleigkohafkfjfjbblobjifikek [2015-05-02] CHR Extension: (Google Slides) - C:\Users\Kay\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-05-02] CHR Extension: (Dr.Web Anti-Virus Link Checker) - C:\Users\Kay\AppData\Local\Google\Chrome\User Data\Default\Extensions\aleggpabliehgbeagmfhnodcijcmbonb [2015-05-02] CHR Extension: (Google Docs) - C:\Users\Kay\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-05-02] CHR Extension: (Google Drive) - C:\Users\Kay\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-05-02] CHR Extension: (TV) - C:\Users\Kay\AppData\Local\Google\Chrome\User Data\Default\Extensions\beobeededemalmllhkmnkinmfembdimh [2015-05-02] CHR Extension: (WOT) - C:\Users\Kay\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhmmomiinigofkjcapegjjndpbikblnp [2015-05-02] CHR Extension: (YouTube) - C:\Users\Kay\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-05-02] CHR Extension: (My IP address) - C:\Users\Kay\AppData\Local\Google\Chrome\User Data\Default\Extensions\ccfphbgnmmhjfalloifioeeeokjemobf [2015-05-02] CHR Extension: (Adblock Plus) - C:\Users\Kay\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2015-05-02] CHR Extension: (TrafficLight) - C:\Users\Kay\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfnpidifppmenkapgihekkeednfoenal [2015-05-02] CHR Extension: (Google Search) - C:\Users\Kay\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-05-02] CHR Extension: (Facebook Customizer (by Adblock Plus)) - C:\Users\Kay\AppData\Local\Google\Chrome\User Data\Default\Extensions\deoeenbkoccjaefmmhpmlegngdjohdcm [2015-05-02] CHR Extension: (Best Utility Apps) - C:\Users\Kay\AppData\Local\Google\Chrome\User Data\Default\Extensions\dnfkmehkjocihlfmcjkmdiekloihfaog [2015-05-02] CHR Extension: (VTchromizer) - C:\Users\Kay\AppData\Local\Google\Chrome\User Data\Default\Extensions\efbjojhplkelaegfbieplglfidafgoka [2015-05-02] CHR Extension: (Facebook Disconnect) - C:\Users\Kay\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejpepffjfmamnambagiibghpglaidiec [2015-05-02] CHR Extension: (Google Sheets) - C:\Users\Kay\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-05-02] CHR Extension: (AdBlock) - C:\Users\Kay\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2015-05-02] CHR Extension: (Bookmark Manager) - C:\Users\Kay\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmlllbghnfkpflemihljekbapjopfjik [2015-05-02] CHR Extension: (Pin It Button) - C:\Users\Kay\AppData\Local\Google\Chrome\User Data\Default\Extensions\gpdjojdkbbmdfjfahjcgigfpmkopogic [2015-05-02] CHR Extension: (LastPass: Free Password Manager) - C:\Users\Kay\AppData\Local\Google\Chrome\User Data\Default\Extensions\hdokiejnpimakedhajhdlcegeplioahd [2015-05-02] CHR Extension: (PDF Mergy) - C:\Users\Kay\AppData\Local\Google\Chrome\User Data\Default\Extensions\hgecghmkcdefnknohcimkoemhaofpoha [2015-05-02] CHR Extension: (Subscriptions for YouTube™) - C:\Users\Kay\AppData\Local\Google\Chrome\User Data\Default\Extensions\ibcngljpkdlakkbhmbfhjabcblbcldbl [2015-05-02] CHR Extension: (ProxMate) - C:\Users\Kay\AppData\Local\Google\Chrome\User Data\Default\Extensions\ifalmiidchkjjmkkbkoaibpmoeichmki [2015-05-02] CHR Extension: (Dropbox) - C:\Users\Kay\AppData\Local\Google\Chrome\User Data\Default\Extensions\ioekoebejdcmnlefjiknokhhafglcjdl [2015-05-02] CHR Extension: (Interstellar) - C:\Users\Kay\AppData\Local\Google\Chrome\User Data\Default\Extensions\kackgkhdbldcojljaeoaghlhfbbldkil [2015-05-02] CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Kay\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-05-02] CHR Extension: (Skype Click to Call) - C:\Users\Kay\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2015-05-02] CHR Extension: (Google Maps) - C:\Users\Kay\AppData\Local\Google\Chrome\User Data\Default\Extensions\lneaknkopdijkpnocmklfnjbeapigfbh [2015-05-02] CHR Extension: (Chrono Download Manager) - C:\Users\Kay\AppData\Local\Google\Chrome\User Data\Default\Extensions\mciiogijehkdemklbdcbfkefimifhecn [2015-05-02] CHR Extension: (Ghostery) - C:\Users\Kay\AppData\Local\Google\Chrome\User Data\Default\Extensions\mlomiejdfkolichcflejclcbmpeaniij [2015-05-02] CHR Extension: (Google Wallet) - C:\Users\Kay\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-05-02] CHR Extension: (Hover Zoom) - C:\Users\Kay\AppData\Local\Google\Chrome\User Data\Default\Extensions\nonjdcjchghhkdoolnlbekcfllmednbl [2015-05-02] CHR Extension: (Adblock Pro) - C:\Users\Kay\AppData\Local\Google\Chrome\User Data\Default\Extensions\ocifcklkibdehekfnmflempfgjhbedch [2015-05-02] CHR Extension: (QVIVO) - C:\Users\Kay\AppData\Local\Google\Chrome\User Data\Default\Extensions\ohdmoikcfdlgffkebhcojlghnccgngbg [2015-05-02] CHR Extension: (Enhanced Steam) - C:\Users\Kay\AppData\Local\Google\Chrome\User Data\Default\Extensions\okadibdjfemgnhjiembecghcbfknbfhg [2015-05-02] CHR Extension: (My IP address) - C:\Users\Kay\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfhoeoiodcebkkigjiooibeccnfmmkoe [2015-05-02] CHR Extension: (Gmail) - C:\Users\Kay\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-05-02] CHR HKLM-x32\...\Chrome\Extension: [fknfdieimobmimhdkfkheeejenmdjhoe] - C:\Program Files (x86)\pandasecuritytb\chrome-newtab-search.crx [Not Found] CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2014-07-14] CHR HKLM-x32\...\Chrome\Extension: [ocbnpbkmjpgbdcgiflkgkpnkinifpgpj] - C:\Users\Kay\ChromeExtensions\ocbnpbkmjpgbdcgiflkgkpnkinifpgpj\amazon-icon-2.crx [2015-02-15] Opera: ======= OPR Extension: (Ghostery) - C:\Users\Kay\AppData\Roaming\Opera Software\Opera Stable\Extensions\bbkekonodcdmedgffkkbgmnnekbainbg [2015-04-30] OPR Extension: (NoFlash) - C:\Users\Kay\AppData\Roaming\Opera Software\Opera Stable\Extensions\cfkmglogfkpfekddlalobmhdbkjneejb [2015-04-30] OPR Extension: (AdBlock for YouTube™) - C:\Users\Kay\AppData\Roaming\Opera Software\Opera Stable\Extensions\cgdogbijachehheddakopmfjahhgmmma [2015-04-30] OPR Extension: (360 Internet Protection) - C:\Users\Kay\AppData\Roaming\Opera Software\Opera Stable\Extensions\cnpeghmjdfdmneiljeibjnemfdkojdhl [2015-04-30] OPR Extension: (Browsec) - C:\Users\Kay\AppData\Roaming\Opera Software\Opera Stable\Extensions\dknfpcdpbkjijldegonllfnnfhabjpde [2015-04-30] OPR Extension: (WOT) - C:\Users\Kay\AppData\Roaming\Opera Software\Opera Stable\Extensions\eeokceolphhfjdfcibaiiopmekmcbedp [2015-04-30] OPR Extension: (NoScript Lite) - C:\Users\Kay\AppData\Roaming\Opera Software\Opera Stable\Extensions\ipiopppcaojnchgoepoemlbdccogeije [2015-04-30] ==================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R2 AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [322176 2014-11-30] (Windows (R) Win 7 DDK provider) [File not signed] S3 BthHFSrv; C:\Windows\System32\BthHFSrv.dll [324608 2014-10-29] (Microsoft Corporation) R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390176 2014-07-14] (Microsoft Corporation) R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1767520 2014-07-14] (Microsoft Corporation) R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2736824 2015-04-07] (Microsoft Corporation) R2 DiagTrack; C:\Windows\system32\diagtrack.dll [1429504 2015-03-05] (Microsoft Corporation) S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe [69632 2005-11-14] (Macrovision Corporation) [File not signed] R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [733696 2013-05-11] (Intel(R) Corporation) [File not signed] S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [822232 2013-05-11] (Intel(R) Corporation) R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432 2013-08-08] (Intel Corporation) R2 MBAMScheduler; d:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe [1871160 2015-03-17] (Malwarebytes Corporation) R2 MBAMService; d:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [1080120 2015-03-17] (Malwarebytes Corporation) S3 RaMediaServer; C:\Program Files (x86)\Ralink\Common\RaMediaServer.exe [1863680 2012-07-06] (Ralink) [File not signed] R2 Secunia PSI Agent; C:\Program Files (x86)\Secunia\PSI\PSIA.exe [1229528 2013-12-06] (Secunia) R2 Secunia Update Agent; C:\Program Files (x86)\Secunia\PSI\sua.exe [662232 2013-12-06] (Secunia) R2 ss_conn_service; D:\Program Files (x86)\USB Drivers\25_escape\conn\ss_conn_service.exe [743688 2014-10-13] (DEVGURU Co., LTD.) R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366520 2015-02-04] (Microsoft Corporation) R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2015-02-04] (Microsoft Corporation) S3 SophosVirusRemovalTool; D:\Program Files (x86)\Sophos\Sophos Virus Removal Tool\SVRTservice.exe [X] ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) S0 amdkmafd; C:\Windows\System32\drivers\amdkmafd.sys [21160 2012-09-23] (Advanced Micro Devices, Inc.) R3 AmUHubftr; C:\Windows\System32\drivers\AmUHubftr.sys [25880 2013-12-20] (Alcor Micro, Corp.) R3 AtiHDAudioService; C:\Windows\system32\drivers\AtihdWB6.sys [223232 2014-06-21] (Advanced Micro Devices) R3 BTATH_LWFLT; C:\Windows\system32\DRIVERS\btath_lwflt.sys [77464 2014-11-30] (Qualcomm Atheros) S3 Bulk1528; C:\Windows\System32\Drivers\Bulk1528.sys [17792 2009-10-20] (SunPlus) S2 Ca1528av; C:\Windows\System32\Drivers\Ca1528av.sys [533760 2008-12-17] (Digital Camera) R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [25816 2015-03-17] (Malwarebytes Corporation) R3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [136408 2015-05-20] (Malwarebytes Corporation) R3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [64216 2015-03-17] (Malwarebytes Corporation) R3 MEIx64; C:\Windows\system32\DRIVERS\TeeDriverx64.sys [99288 2013-08-08] (Intel Corporation) S3 MEMSWEEP2; C:\WINDOWS\system32\15E3.tmp [6144 2009-06-18] (Sophos Plc) [File not signed] R3 PSI; C:\Windows\System32\DRIVERS\psi_mf_amd64.sys [18456 2013-12-06] (Secunia) S1 UimBus; C:\Windows\System32\drivers\UimBus.sys [102664 2014-05-19] () S1 Uim_DEVIM; C:\Windows\System32\drivers\uim_devim.sys [25992 2014-05-19] () S1 Uim_IM; C:\Windows\System32\drivers\uim_im.sys [700296 2014-05-19] () R3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2015-02-04] (Microsoft Corporation) S3 EagleX64; \??\C:\WINDOWS\system32\drivers\EagleX64.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2015-05-20 16:55 - 2015-05-20 16:55 - 01182149 _____ () C:\Users\Kay\Downloads\7z936.exe 2015-05-20 16:53 - 2015-05-20 16:53 - 00000000 ___RD () C:\Users\Kay\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BT Devices 2015-05-19 18:01 - 2015-05-19 18:01 - 00000000 ____D () C:\Users\Kay\AppData\Roaming\Media Player Classic 2015-05-19 16:17 - 2015-05-20 17:00 - 00000000 ____D () C:\Users\Kay\Downloads\FRST-OlderVersion 2015-05-19 16:17 - 2015-05-19 16:18 - 00007343 _____ () C:\Users\Kay\Downloads\Search.txt 2015-05-18 19:59 - 2015-05-18 19:59 - 00000218 _____ () C:\Users\Kay\.recently-used.xbel 2015-05-18 19:40 - 2015-05-18 19:40 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox 2015-05-18 15:42 - 2015-05-20 16:46 - 00001626 _____ () C:\WINDOWS\PFRO.log 2015-05-18 14:54 - 2015-05-18 14:54 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tweaking.com 2015-05-18 14:50 - 2015-05-18 14:54 - 00003650 _____ () C:\WINDOWS\System32\Tasks\Tweaking.com - Windows Repair Tray Icon 2015-05-18 14:50 - 2015-05-18 14:54 - 00002179 _____ () C:\Users\Kay\Desktop\Tweaking.com - Windows Repair.lnk 2015-05-18 14:50 - 2015-05-18 14:50 - 00000000 ____D () C:\Users\Kay\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Tweaking.com 2015-05-18 14:49 - 2015-05-18 14:49 - 00000000 ____D () C:\Program Files (x86)\Tweaking.com 2015-05-18 14:48 - 2015-05-18 14:48 - 12873576 _____ () C:\Users\Kay\Downloads\tweaking.com_windows_repair_aio_setup.exe 2015-05-17 19:52 - 2015-04-30 22:35 - 00124112 _____ (Microsoft Corporation) C:\WINDOWS\system32\PresentationCFFRasterizerNative_v0300.dll 2015-05-17 19:52 - 2015-04-30 22:35 - 00102608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PresentationCFFRasterizerNative_v0300.dll 2015-05-17 14:39 - 2015-05-17 14:39 - 00001854 _____ () C:\Users\Kay\Desktop\letzter MiniDump-File.txt 2015-05-17 14:35 - 2015-05-20 16:50 - 00000924 _____ () C:\WINDOWS\setupact.log 2015-05-17 14:35 - 2015-05-17 14:35 - 00000000 _____ () C:\WINDOWS\setuperr.log 2015-05-17 14:18 - 2015-05-17 14:18 - 15099357 _____ () C:\Users\Kay\Downloads\DWA-125_drv_reva1a2_140s0026_20100603.zip 2015-05-17 14:11 - 2015-05-17 14:11 - 00000000 ____D () C:\Users\Kay\Downloads\g6307_p8p67 2015-05-17 14:10 - 2015-05-17 14:10 - 06087517 _____ () C:\Users\Kay\Downloads\g6307_p8p67.zip 2015-05-17 13:48 - 2015-05-17 14:33 - 00000000 ____D () C:\Program Files\Sandboxie 2015-05-16 20:23 - 2015-05-17 14:33 - 00000000 ____D () C:\Sandbox 2015-05-16 18:51 - 2015-05-01 01:05 - 00429568 _____ (Microsoft Corporation) C:\WINDOWS\system32\schannel.dll 2015-05-16 18:51 - 2015-05-01 00:48 - 00358912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\schannel.dll 2015-05-16 18:51 - 2015-04-21 19:14 - 24971776 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll 2015-05-16 18:51 - 2015-04-21 18:50 - 00584192 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll 2015-05-16 18:51 - 2015-04-21 18:50 - 00417792 _____ (Microsoft Corporation) C:\WINDOWS\system32\html.iec 2015-05-16 18:51 - 2015-04-21 18:49 - 02885120 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll 2015-05-16 18:51 - 2015-04-21 18:37 - 00633856 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieui.dll 2015-05-16 18:51 - 2015-04-21 18:35 - 00816640 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll 2015-05-16 18:51 - 2015-04-21 18:31 - 06025728 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll 2015-05-16 18:51 - 2015-04-21 18:24 - 19691008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll 2015-05-16 18:51 - 2015-04-21 18:13 - 00107520 _____ (Microsoft Corporation) C:\WINDOWS\system32\inseng.dll 2015-05-16 18:51 - 2015-04-21 18:11 - 00504320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll 2015-05-16 18:51 - 2015-04-21 18:09 - 00341504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\html.iec 2015-05-16 18:51 - 2015-04-21 18:08 - 00092160 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll 2015-05-16 18:51 - 2015-04-21 18:07 - 00145408 _____ (Microsoft Corporation) C:\WINDOWS\system32\iepeers.dll 2015-05-16 18:51 - 2015-04-21 18:05 - 00316928 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtrans.dll 2015-05-16 18:51 - 2015-04-21 18:04 - 02278400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll 2015-05-16 18:51 - 2015-04-21 17:59 - 01032704 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcomm.dll 2015-05-16 18:51 - 2015-04-21 17:58 - 00664576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll 2015-05-16 18:51 - 2015-04-21 17:52 - 00262144 _____ (Microsoft Corporation) C:\WINDOWS\system32\webcheck.dll 2015-05-16 18:51 - 2015-04-21 17:49 - 00801280 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll 2015-05-16 18:51 - 2015-04-21 17:49 - 00720384 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe 2015-05-16 18:51 - 2015-04-21 17:49 - 00374272 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll 2015-05-16 18:51 - 2015-04-21 17:46 - 02125824 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl 2015-05-16 18:51 - 2015-04-21 17:40 - 14401536 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll 2015-05-16 18:51 - 2015-04-21 17:38 - 00076288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtmled.dll 2015-05-16 18:51 - 2015-04-21 17:37 - 00128000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iepeers.dll 2015-05-16 18:51 - 2015-04-21 17:36 - 00285696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtrans.dll 2015-05-16 18:51 - 2015-04-21 17:32 - 00880128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcomm.dll 2015-05-16 18:51 - 2015-04-21 17:31 - 04305920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll 2015-05-16 18:51 - 2015-04-21 17:28 - 00230400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webcheck.dll 2015-05-16 18:51 - 2015-04-21 17:27 - 02352128 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll 2015-05-16 18:51 - 2015-04-21 17:26 - 00688640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll 2015-05-16 18:51 - 2015-04-21 17:26 - 00327168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll 2015-05-16 18:51 - 2015-04-21 17:25 - 02052608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl 2015-05-16 18:51 - 2015-04-21 17:17 - 12828672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll 2015-05-16 18:51 - 2015-04-21 17:15 - 01547264 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll 2015-05-16 18:51 - 2015-04-21 17:03 - 00800768 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll 2015-05-16 18:51 - 2015-04-21 17:02 - 01882112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll 2015-05-16 18:51 - 2015-04-21 16:58 - 01310208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll 2015-05-16 18:51 - 2015-04-21 16:56 - 00710144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll 2015-05-16 18:51 - 2015-04-14 00:48 - 04180480 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys 2015-05-16 18:51 - 2015-04-10 03:00 - 01996800 _____ (Microsoft Corporation) C:\WINDOWS\system32\DWrite.dll 2015-05-16 18:51 - 2015-04-10 02:50 - 01387008 _____ (Microsoft Corporation) C:\WINDOWS\system32\FntCache.dll 2015-05-16 18:51 - 2015-04-10 02:26 - 01560576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DWrite.dll 2015-05-16 18:51 - 2015-04-09 00:55 - 00410128 _____ (Microsoft Corporation) C:\WINDOWS\system32\services.exe 2015-05-16 18:51 - 2015-03-30 07:47 - 00561928 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys 2015-05-16 18:51 - 2015-03-27 05:27 - 00445440 _____ (Microsoft Corporation) C:\WINDOWS\system32\certcli.dll 2015-05-16 18:51 - 2015-03-27 04:50 - 00324096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\certcli.dll 2015-05-16 18:51 - 2015-03-27 04:48 - 01441792 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll 2015-05-08 17:56 - 2015-05-17 14:33 - 00000000 ____D () C:\Users\Kay\Downloads\bluescreenview_v1.55 2015-05-08 17:56 - 2015-05-08 17:56 - 00067310 _____ () C:\Users\Kay\Downloads\bluescreenview_v1.55.zip 2015-05-08 17:46 - 2015-05-08 17:46 - 00000000 ____D () C:\ProgramData\Intel 2015-05-08 17:46 - 2015-05-08 17:46 - 00000000 ____D () C:\Program Files\Intel 2015-05-08 17:46 - 2013-08-08 13:23 - 00016344 _____ (Intel Corporation) C:\WINDOWS\system32\Drivers\IntelMEFWVer.dll 2015-05-08 17:45 - 2015-05-08 17:45 - 00001769 _____ () C:\WINDOWS\Language_trs.ini 2015-05-08 17:45 - 2015-05-08 17:45 - 00000000 ____H () C:\WINDOWS\system32\Drivers\Msft_Kernel_TeeDriverx64_01011.Wdf 2015-05-08 17:45 - 2013-08-08 13:23 - 01795952 _____ (Microsoft Corporation) C:\WINDOWS\system32\WdfCoInstaller01011.dll 2015-05-08 17:45 - 2013-08-08 13:23 - 00099288 _____ (Intel Corporation) C:\WINDOWS\system32\Drivers\TeeDriverx64.sys 2015-05-08 17:44 - 2015-05-08 17:44 - 00000000 ____D () C:\Users\Kay\Downloads\MEI_Win8-1_VER95101658_1-5M 2015-05-08 17:40 - 2015-05-08 17:40 - 03235118 _____ () C:\Users\Kay\Downloads\P8P67-ASUS-3602.zip 2015-05-08 17:37 - 2015-05-08 17:41 - 60757367 _____ () C:\Users\Kay\Downloads\MEI_Win8-1_VER95101658_1-5M.zip 2015-05-07 14:38 - 2015-04-24 23:32 - 00036864 _____ (Microsoft Corporation) C:\WINDOWS\system32\UtcResources.dll 2015-05-07 14:38 - 2015-04-10 02:34 - 02256896 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmcore.dll 2015-05-07 14:38 - 2015-04-10 02:11 - 01943040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dwmcore.dll 2015-05-07 14:38 - 2015-03-20 03:56 - 00080384 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ahcache.sys 2015-05-07 14:38 - 2015-03-11 03:49 - 00024576 _____ (Microsoft Corporation) C:\WINDOWS\system32\sdbinst.exe 2015-05-07 14:38 - 2015-03-11 03:09 - 00021504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\sdbinst.exe 2015-05-07 14:38 - 2015-03-05 01:09 - 01429504 _____ (Microsoft Corporation) C:\WINDOWS\system32\diagtrack.dll 2015-05-03 14:40 - 2015-05-03 14:40 - 00281728 _____ () C:\WINDOWS\Minidump\050315-9734-01.dmp 2015-05-02 11:27 - 2015-05-20 16:51 - 00001132 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job 2015-05-02 11:27 - 2015-05-19 20:37 - 00001136 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job 2015-05-02 11:27 - 2015-05-17 15:32 - 00004108 _____ () C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA 2015-05-02 11:27 - 2015-05-17 15:32 - 00003872 _____ () C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore 2015-05-02 11:27 - 2015-05-16 19:32 - 00002195 _____ () C:\Users\Public\Desktop\Google Chrome.lnk 2015-05-02 11:27 - 2015-05-02 11:27 - 00880208 _____ (Google Inc.) C:\Users\Kay\Downloads\ChromeSetup.exe 2015-05-02 11:27 - 2015-05-02 11:27 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome 2015-05-02 11:17 - 2015-05-02 11:17 - 00001284 _____ () C:\Users\Kay\Desktop\Revo Uninstaller.lnk 2015-05-02 11:17 - 2015-05-02 11:17 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group 2015-05-02 11:16 - 2015-05-02 11:16 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\Kay\Downloads\revosetup95.exe 2015-05-02 11:15 - 2015-05-02 11:15 - 00000012 _____ () C:\Users\Kay\Downloads\eyJpIjoiMTk2RDE0NDVFQS1GOEM3MzU2Mzc1IiwiZSI6MTQzMDUxMzQ1MiwidCI6ImRsIiwiaCI6Ijc4MzY3YWM4ZmJlNzMyYTAzNWQwYTQ4MjhlNzNhNmQ0YjlkMTk2NTkiLCJzIjoxfQ==.htm 2015-05-01 22:07 - 2015-05-01 22:07 - 00097888 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\WindowsAccessBridge-32.dll 2015-05-01 22:06 - 2015-05-01 22:06 - 00562272 _____ (Oracle Corporation) C:\Users\Kay\Downloads\chromeinstall-8u45.exe 2015-05-01 21:58 - 2015-05-01 21:58 - 00007595 _____ () C:\Users\Kay\AppData\Local\Resmon.ResmonCfg 2015-04-30 19:35 - 2015-04-30 19:35 - 00000000 ____D () C:\Users\Kay\AppData\Roaming\Opera Software 2015-04-30 19:35 - 2015-04-30 19:35 - 00000000 ____D () C:\Users\Kay\AppData\Local\Opera Software 2015-04-30 19:34 - 2015-05-20 16:56 - 00003852 _____ () C:\WINDOWS\System32\Tasks\Opera scheduled Autoupdate 1430415296 2015-04-30 19:34 - 2015-05-20 16:56 - 00001063 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Opera.lnk 2015-04-30 19:34 - 2015-05-20 16:56 - 00000000 ____D () C:\Program Files (x86)\Opera 2015-04-30 19:34 - 2015-04-30 19:34 - 00001151 _____ () C:\Users\Public\Desktop\Opera.lnk 2015-04-30 19:30 - 2015-04-30 19:30 - 00683992 _____ (Opera Software) C:\Users\Kay\Downloads\Opera_NI_stable.exe 2015-04-29 15:32 - 2015-04-02 00:22 - 02985984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dbgeng.dll 2015-04-29 15:32 - 2015-04-02 00:20 - 04417536 _____ (Microsoft Corporation) C:\WINDOWS\system32\dbgeng.dll 2015-04-29 15:32 - 2015-04-01 05:45 - 01491456 _____ (Microsoft Corporation) C:\WINDOWS\system32\dbghelp.dll 2015-04-29 15:32 - 2015-04-01 04:31 - 01207296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dbghelp.dll 2015-04-29 15:32 - 2015-03-13 02:29 - 00410017 _____ () C:\WINDOWS\system32\ApnDatabase.xml 2015-04-29 12:30 - 2015-04-29 12:41 - 00051349 _____ () C:\Users\Kay\Desktop\Result.txt 2015-04-29 12:27 - 2015-04-29 12:27 - 00051388 _____ () C:\Users\Kay\Downloads\Result.txt 2015-04-29 12:26 - 2015-04-29 12:26 - 00402944 _____ (Farbar) C:\Users\Kay\Downloads\MiniToolBox.exe 2015-04-27 22:23 - 2015-04-27 22:23 - 00070116 _____ () C:\Users\Kay\Desktop\tdss-rootkit.odt 2015-04-27 22:09 - 2015-04-27 22:09 - 04197016 _____ (Kaspersky Lab ZAO) C:\Users\Kay\Downloads\tdsskiller.exe 2015-04-27 21:51 - 2015-04-27 21:51 - 16502728 _____ (Malwarebytes Corp.) C:\Users\Kay\Downloads\mbar-1.09.1.1004 (1).exe 2015-04-27 20:37 - 2015-04-27 20:37 - 00380416 _____ () C:\Users\Kay\Downloads\helbumsc.exe 2015-04-27 20:36 - 2015-04-27 20:49 - 00057607 _____ () C:\Users\Kay\Desktop\FRST.txt 2015-04-27 20:36 - 2015-04-27 20:48 - 00054647 _____ () C:\Users\Kay\Desktop\Addition.txt 2015-04-27 20:35 - 2015-05-20 17:00 - 00035675 _____ () C:\Users\Kay\Downloads\FRST.txt 2015-04-27 20:35 - 2015-04-27 20:36 - 00054676 _____ () C:\Users\Kay\Downloads\Addition.txt 2015-04-27 20:34 - 2015-05-20 17:00 - 02107904 _____ (Farbar) C:\Users\Kay\Downloads\FRST64.exe 2015-04-27 20:34 - 2015-05-20 17:00 - 00000000 ____D () C:\FRST 2015-04-27 20:33 - 2015-04-27 20:33 - 00050477 _____ () C:\Users\Kay\Downloads\Defogger.exe 2015-04-27 20:33 - 2015-04-27 20:33 - 00000468 _____ () C:\Users\Kay\Downloads\defogger_disable.log 2015-04-26 20:17 - 2015-04-26 20:17 - 05008664 _____ (Adobe Systems Inc.) C:\Users\Kay\Downloads\Shockwave_Installer_Slim.exe 2015-04-26 20:17 - 2015-04-26 20:17 - 00000000 ____D () C:\WINDOWS\SysWOW64\Adobe 2015-04-26 20:12 - 2015-04-26 20:12 - 01124544 _____ (Adobe Systems Incorporated) C:\Users\Kay\Downloads\flashplayer17_ha_install (1).exe 2015-04-26 18:46 - 2015-03-17 19:26 - 00467776 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBHUB3.SYS 2015-04-26 18:46 - 2015-03-09 04:02 - 00057856 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bthhfenum.sys 2015-04-26 18:46 - 2015-03-04 03:32 - 00172544 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Input.Inking.dll 2015-04-26 18:46 - 2015-03-04 03:12 - 00141824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Input.Inking.dll 2015-04-26 18:45 - 2015-04-03 02:35 - 00445440 _____ (Microsoft Corporation) C:\WINDOWS\system32\PhotoMetadataHandler.dll 2015-04-26 18:45 - 2015-04-03 02:14 - 00364544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PhotoMetadataHandler.dll 2015-04-26 18:45 - 2015-03-13 06:03 - 00239424 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\sdbus.sys 2015-04-26 18:45 - 2015-03-13 06:03 - 00154432 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dumpsd.sys 2015-04-26 18:45 - 2015-03-13 04:02 - 00316416 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\udfs.sys 2015-04-26 18:45 - 2015-03-13 03:11 - 02162176 _____ (Microsoft Corporation) C:\WINDOWS\system32\SRH.dll 2015-04-26 18:45 - 2015-03-13 02:39 - 01812992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SRH.dll 2015-04-26 18:45 - 2015-03-06 05:08 - 02067968 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpdshext.dll 2015-04-26 18:45 - 2015-03-06 04:47 - 01696256 _____ (Microsoft Corporation) C:\WINDOWS\system32\wevtsvc.dll 2015-04-26 18:45 - 2015-03-06 04:43 - 01969664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wpdshext.dll 2015-04-26 18:45 - 2015-02-18 01:19 - 00186368 _____ (Microsoft Corporation) C:\WINDOWS\system32\dpapisrv.dll 2015-04-26 18:45 - 2015-01-30 02:53 - 02819584 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers.dll 2015-04-23 18:13 - 2015-04-23 18:13 - 00001484 _____ () C:\Users\Public\Desktop\LibreOffice 4.4.lnk 2015-04-23 18:13 - 2015-04-23 18:13 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LibreOffice 4.4 2015-04-23 17:50 - 2015-04-23 17:59 - 224325632 _____ () C:\Users\Kay\Downloads\LibreOffice_4.4.2_Win_x86.msi 2015-04-23 17:45 - 2015-04-26 20:00 - 00000000 ____D () C:\Users\Kay\Documents\Meike ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2015-05-20 17:00 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\system32\sru 2015-05-20 16:59 - 2015-03-24 19:05 - 00000000 ____D () C:\Users\Kay\Desktop\Sicherheit 2015-05-20 16:56 - 2015-01-22 20:52 - 00000884 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job 2015-05-20 16:56 - 2014-01-20 21:52 - 00003598 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1888364831-2858631773-2981139133-1001 2015-05-20 16:55 - 2015-02-14 17:51 - 00000000 ____D () C:\Users\Kay\AppData\Local\CrashDumps 2015-05-20 16:55 - 2014-05-07 19:37 - 00000000 ____D () C:\Users\Kay\AppData\Roaming\vlc 2015-05-20 16:55 - 2013-11-14 09:26 - 01695828 _____ () C:\WINDOWS\system32\PerfStringBackup.INI 2015-05-20 16:55 - 2013-11-14 09:11 - 00718962 _____ () C:\WINDOWS\system32\perfh007.dat 2015-05-20 16:55 - 2013-11-14 09:11 - 00143408 _____ () C:\WINDOWS\system32\perfc007.dat 2015-05-20 16:51 - 2015-03-24 18:45 - 00136408 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys 2015-05-20 16:51 - 2014-02-20 14:54 - 00000000 __RDO () C:\Users\Kay\SkyDrive 2015-05-20 16:50 - 2015-04-07 19:30 - 00000000 ____D () C:\Program Files\WinRAR 2015-05-20 16:50 - 2013-08-22 16:45 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT 2015-05-20 16:49 - 2015-03-18 16:12 - 01456681 _____ () C:\WINDOWS\WindowsUpdate.log 2015-05-20 16:49 - 2015-03-01 11:40 - 00000000 ____D () C:\Users\Kay\AppData\Roaming\ClassicShell 2015-05-20 16:49 - 2013-08-22 15:25 - 00262144 ___SH () C:\WINDOWS\system32\config\BBI 2015-05-19 20:25 - 2014-03-16 13:40 - 00001130 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-1888364831-2858631773-2981139133-1001UA.job 2015-05-19 20:25 - 2014-03-16 13:40 - 00001078 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-1888364831-2858631773-2981139133-1001Core.job 2015-05-19 16:24 - 2014-05-10 14:38 - 00000000 ____D () C:\ProgramData\Microsoft Help 2015-05-19 16:23 - 2014-05-09 19:33 - 00000000 ____D () C:\Program Files\Microsoft Office 15 2015-05-18 21:07 - 2014-10-26 16:05 - 00003922 _____ () C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{687F2EEC-A316-484A-B958-97FEC835D3B2} 2015-05-18 20:52 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\system32\NDF 2015-05-18 20:45 - 2014-07-02 17:11 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service 2015-05-18 19:59 - 2014-02-20 14:49 - 00000000 ____D () C:\Users\Kay 2015-05-18 19:15 - 2014-03-22 16:30 - 00000000 ____D () C:\Users\Kay\Documents\WISO Mein Geld 2015-05-18 19:04 - 2014-03-16 20:05 - 00000000 ____D () C:\Users\Kay\AppData\Local\GHISLER 2015-05-18 17:20 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\AppReadiness 2015-05-18 16:38 - 2014-01-20 21:44 - 00000000 ____D () C:\WINDOWS\CSC 2015-05-18 16:38 - 2013-08-22 16:44 - 00549272 _____ () C:\WINDOWS\system32\FNTCACHE.DAT 2015-05-18 16:36 - 2012-07-26 09:59 - 00000000 ____D () C:\WINDOWS\CbsTemp 2015-05-18 16:30 - 2014-02-24 22:22 - 00368640 ___SH () C:\Users\Kay\Desktop\Thumbs.db 2015-05-18 16:30 - 2013-08-22 15:25 - 00000203 _____ () C:\WINDOWS\win.ini 2015-05-18 15:15 - 2013-08-22 15:25 - 00000855 _____ () C:\WINDOWS\system32\Drivers\etc\hosts_bak_287 2015-05-17 20:20 - 2014-03-16 13:40 - 00004072 _____ () C:\WINDOWS\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1888364831-2858631773-2981139133-1001UA 2015-05-17 20:20 - 2014-03-16 13:40 - 00003692 _____ () C:\WINDOWS\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1888364831-2858631773-2981139133-1001Core 2015-05-17 15:05 - 2014-01-20 22:10 - 00000000 ____D () C:\WINDOWS\system32\MRT 2015-05-17 15:01 - 2014-01-20 22:10 - 140425016 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe 2015-05-17 14:59 - 2013-11-14 09:13 - 00000000 ____D () C:\Program Files\Windows Journal 2015-05-17 14:33 - 2015-04-04 15:05 - 00000000 ____D () C:\Users\Kay\AppData\Local\Akamai 2015-05-17 14:33 - 2015-03-31 15:42 - 00000000 ___SD () C:\WINDOWS\system32\GWX 2015-05-17 14:33 - 2015-03-27 20:50 - 00000000 ____D () C:\WINDOWS\Minidump 2015-05-17 14:33 - 2015-03-12 15:20 - 00000000 ____D () C:\Users\Kay\AppData\Roaming\dvdcss 2015-05-17 14:33 - 2015-03-01 11:44 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner 2015-05-17 14:33 - 2015-03-01 11:44 - 00000000 ____D () C:\Program Files\CCleaner 2015-05-17 14:33 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\registration 2015-05-17 11:22 - 2014-10-17 21:33 - 00000000 ____D () C:\Users\Kay\AppData\Local\Adobe 2015-05-08 17:46 - 2015-02-12 19:51 - 00000000 ____D () C:\Program Files (x86)\Intel 2015-05-08 17:45 - 2014-05-07 19:33 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information 2015-05-05 19:59 - 2013-08-22 17:38 - 00792568 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe 2015-05-05 19:59 - 2013-08-22 17:38 - 00178168 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl 2015-05-04 20:40 - 2014-05-10 10:35 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013 2015-05-02 11:27 - 2014-01-20 22:19 - 00000000 ____D () C:\Users\Kay\AppData\Local\Google 2015-05-02 11:27 - 2014-01-20 22:19 - 00000000 ____D () C:\Program Files (x86)\Google 2015-05-01 22:07 - 2014-10-16 20:18 - 00000000 ____D () C:\Program Files (x86)\Java 2015-04-30 17:37 - 2014-12-11 18:06 - 00239104 ___SH () C:\Users\Kay\Documents\Thumbs.db 2015-04-27 22:12 - 2015-03-30 16:32 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable) 2015-04-27 22:06 - 2015-03-24 18:45 - 00107736 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys 2015-04-27 21:07 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\rescache 2015-04-26 20:13 - 2015-01-22 20:52 - 00003772 _____ () C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater 2015-04-26 18:46 - 2013-08-22 17:36 - 00000000 ___RD () C:\WINDOWS\ImmersiveControlPanel 2015-04-26 18:46 - 2013-08-22 15:36 - 00000000 ____D () C:\WINDOWS\system32\AdvancedInstallers 2015-04-23 18:13 - 2014-03-27 13:46 - 00000000 ____D () C:\Program Files (x86)\LibreOffice 4 ==================== Files in the root of some directories ======= 2014-01-20 23:03 - 2014-10-06 18:29 - 13024768 _____ (LastPass) C:\Program Files (x86)\Common Files\lpuninstall.exe 2014-10-04 14:43 - 2014-10-04 14:43 - 0001285 _____ () C:\Users\Kay\AppData\Local\recently-used.xbel 2015-05-01 21:58 - 2015-05-01 21:58 - 0007595 _____ () C:\Users\Kay\AppData\Local\Resmon.ResmonCfg 2014-02-22 20:41 - 2014-02-22 20:41 - 0210145 _____ () C:\ProgramData\1393094319.bdinstall.bin 2015-03-21 14:06 - 2015-03-21 14:06 - 0037755 _____ () C:\ProgramData\1426939573.bdinstall.bin 2015-03-21 14:06 - 2015-03-21 14:06 - 0098733 _____ () C:\ProgramData\1426939582.bdinstall.bin 2015-02-14 11:57 - 2015-02-14 11:57 - 0000057 _____ () C:\ProgramData\Ament.ini 2015-02-12 19:15 - 2015-02-12 19:15 - 0000000 ____H () C:\ProgramData\DP45977C.lfl 2014-11-06 16:41 - 2014-11-28 14:36 - 0000215 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.400.32.bc Files to move or delete: ==================== C:\Users\Kay\fbchathistory.dat Some content of TEMP: ==================== C:\Users\Kay\AppData\Local\Temp\AFWOESQAP.exe C:\Users\Kay\AppData\Local\Temp\FZYVGIVTUMMXC.exe C:\Users\Kay\AppData\Local\Temp\HKUXA.exe C:\Users\Kay\AppData\Local\Temp\KURBHFG.exe C:\Users\Kay\AppData\Local\Temp\Quarantine.exe C:\Users\Kay\AppData\Local\Temp\sqlite3.dll C:\Users\Kay\AppData\Local\Temp\tmp5FCD.exe C:\Users\Kay\AppData\Local\Temp\unrar.dll ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\System32\winlogon.exe => File is digitally signed C:\Windows\System32\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\System32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\System32\services.exe => File is digitally signed C:\Windows\System32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\System32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\System32\rpcss.dll => File is digitally signed C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2015-05-19 16:44 ==================== End Of Log ============================ --- --- --- |
|
21.05.2015, 09:36
| #28 |
| /// the machine /// TB-Ausbilder | Re-Infekt mit Malaha.net und diverse Beobachtungen In der Regel ist das nur ne Exe, wenn Du es unter den installierten Programmen in der Systemsteuerung nicht findest. Dann einfach löschen. Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster. Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument Code:
ATTFilter HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\.DEFAULT\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-1888364831-2858631773-2981139133-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
Emptytemp:
Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
Noch Probleme?
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
22.05.2015, 08:37
| #29 |
| | Re-Infekt mit Malaha.net und diverse Beobachtungen CMP.exe gelöscht Text aus Codebox entsprechend gespeichert - FRST aufgerufen - Meldungstext ähnlich: Tool ist einsatzbereit - Refresh der Darstellung - Start... Code:
ATTFilter Fix result of Farbar Recovery Scan Tool (x64) Version: 21-05-2015
Ran by Kay at 2015-05-21 17:48:47 Run:1
Running from C:\Users\Kay\Downloads
Loaded Profiles: Kay (Available profiles: Kay)
Boot Mode: Normal
==============================================
Content of fixlist:
*****************
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\.DEFAULT\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-1888364831-2858631773-2981139133-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
Emptytemp:
*****************
"HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer" => Key Deleted successfully.
"HKU\.DEFAULT\SOFTWARE\Policies\Microsoft\Internet Explorer" => Key Deleted successfully.
"HKU\S-1-5-21-1888364831-2858631773-2981139133-1001\SOFTWARE\Policies\Microsoft\Internet Explorer" => Key Deleted successfully.
EmptyTemp: => Removed 728.9 MB temporary data.
The system needed a reboot.
==== End of Fixlog 17:49:02 ====
verrant Edith: Nein, aktuell keine weiteren Probleme. Es reicht mir auch... LG verrant Doch noch ein Zusatz. Gestern Abend ganz entspannt im INet gewesen. Heute Morgen PC angeworfen ... keine Verbindung zum INet bekommen. Chrome liess sich aufrufen, die Adresse eingeben, aber es kam keine Verbindung zu Stande. Win 8.1-Anzeige der WLan-Verbindung war normal. Am Router war alles o.k. Router stromlos gemacht, nach ca. 60 sec. wieder unter Strom gesetzt. Verbindungsaufbau problemlos. Gruß verrant Geändert von verrant (21.05.2015 um 17:21 Uhr) |
|
22.05.2015, 20:06
| #30 |
| /// the machine /// TB-Ausbilder | Re-Infekt mit Malaha.net und diverse Beobachtungen Wenn sowas mit dem Browser nochmal ist teste mal ob dein AV Programm Updates fahren kann.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
| Themen zu Re-Infekt mit Malaha.net und diverse Beobachtungen |
| adobe, adware, akamai, browser, ccsetup, defender, explorer, feedback, firefox, flash player, format, geld, google, helper, homepage, install.exe, mozilla, photoshop, rundll, scan, services.exe, software, svchost.exe, system, tracker, usb, warnung, windows, wiso |
Linear-Darstellung
