|
absolut kein Zugriff auf Suptab Ordner Hallo! Ich kämpfe seid geraumer zeit gegen meinen Conduit - Omiga Plus - Search Protect Trojaner. Ich habe schon so gut wie alles beseitigt. Nur gibt es nun noch eine Datei, mit auch einer exe drinnen, auf die ich keinen zugriff habe. Sie ist unter C://programme/Suptab und darin befindet sich die Search Protect exe. Unter Systemsteuerung/Deinstallieren ist das Programm nicht zu finden, genausowenig wie es beim CCleaner zum deinstallieren zu finden ist. Und beim Kaspersky kann ich den gesamten Ordner nicht in Quarantäne verschieben weil ich absolut keinen Zugriff habe. Gestern konnte ich den Ordner wenigstens noch öffnen und mir somit den Inhalt anschauen, heute geht nichtmal mehr das. Habe schon viele Foren in den letzen zwei Tagen durchgeschaut, jetzt stehe ich schließlich an. Vielen Dank für eure Hilfe! |
:hallo: Mein Name ist Sandra und ich werde Dir bei Deinem Problem behilflich sein.
Hinweis: Ich kann Dir niemals eine Garantie geben, dass ich auch alles finde. Eine Formatierung ist meist der schnellere und bei einem Befall durch Malware immer der sicherste Weg. Adware lässt sich in den allermeisten Fällen problemlos entfernen. Solltest Du Dich für eine Bereinigung entscheiden, arbeite solange mit, bis Dir jemand vom Team sagt, dass Du clean bist. Posten in Code Tags Bitte füge die Logs immer in Code-Tags ein. Wenn Du das nicht machst, erschwert es mir sehr das Auswerten. Danke. Dazu:
Lass uns mal schauen, was da so los ist :) Schritt 1 Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop:  FRST 32-Bit | FRST 64-Bit(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
|
FRST: [ CODE (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (Microsoft Corporation) C:\Windows\System32\SLsvc.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (Cherished Technololgy LIMITED) C:\ProgramData\IePluginServices\PluginService.exe (Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Kaspersky Lab ZAO) C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe () C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe (Nero AG) C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe () C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe () C:\Program Files\ASUS\AASP\1.00.80\aaCenter.exe (Microsoft Corporation) C:\Program Files\Windows Defender\MSASCui.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe (Microsoft Corporation) C:\Program Files\Microsoft IntelliType Pro\itype.exe (Brother Industries, Ltd.) C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe (Kaspersky Lab ZAO) C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe (Nuance Communications, Inc.) C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe (BitTorrent Inc.) C:\Users\Chantal\AppData\Roaming\uTorrent\uTorrent.exe () C:\Program Files\NETGEAR\WG311v3\WG311v3.exe (Dropbox, Inc.) C:\Users\Chantal\AppData\Roaming\Dropbox\bin\Dropbox.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe (OpenOffice.org) C:\Program Files\OpenOffice.org 3\program\soffice.exe (OpenOffice.org) C:\Program Files\OpenOffice.org 3\program\soffice.bin (Microsoft Corporation) C:\Program Files\Windows Media Player\wmpnscfg.exe (Brother Industries, Ltd.) C:\Program Files\Brother\Brmfcmon\BrMfcMon.exe (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe ==================== Registry (Whitelisted) ================== Winlogon\Notify\klogon: C:\Windows\system32\klogon.dll (Kaspersky Lab ZAO) HKU\S-1-5-19\...\Run: [WindowsWelcomeCenter] => rundll32.exe oobefldr.dll,ShowWelcomeCenter HKU\S-1-5-20\...\Run: [WindowsWelcomeCenter] => rundll32.exe oobefldr.dll,ShowWelcomeCenter HKU\S-1-5-21-873287132-2899186247-466380436-1000\...\Run: [uTorrent] => C:\Users\Chantal\AppData\Roaming\uTorrent\uTorrent.exe [1329744 2014-07-21] (BitTorrent Inc.) HKU\S-1-5-21-873287132-2899186247-466380436-1000\...\MountPoints2: {18809044-760e-11e2-a616-00248c3e7389} - H:\Startme.exe HKU\S-1-5-21-873287132-2899186247-466380436-1000\...\MountPoints2: {9a81da95-ce90-11e2-8554-00248c3e7389} - G:\Startme.exe Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\NETGEAR WG311v3 Smart Wizard.lnk ShortcutTarget: NETGEAR WG311v3 Smart Wizard.lnk -> C:\Program Files\NETGEAR\WG311v3\WG311v3.exe () Startup: C:\Users\Chantal\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk ShortcutTarget: Dropbox.lnk -> C:\Users\Chantal\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) Startup: C:\Users\Chantal\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.1.lnk ShortcutTarget: OpenOffice.org 3.1.lnk -> C:\Program Files\OpenOffice.org 3\program\quickstart.exe () ShellIconOverlayIdentifiers: DropboxExt1 -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => No File ShellIconOverlayIdentifiers: DropboxExt2 -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => No File ShellIconOverlayIdentifiers: DropboxExt3 -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => No File ShellIconOverlayIdentifiers: DropboxExt4 -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => No File GroupPolicy: Group Policy on Chrome detected <======= ATTENTION ==================== Internet (Whitelisted) ==================== HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.wikipedia.de/ HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://isearch.omiga-plus.com/?type=hp&ts=1405962028&from=ild&uid=SAMSUNGXHD502IJ_S13TJDWS301391 HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://isearch.omiga-plus.com/web/?type=ds&ts=1405962028&from=ild&uid=SAMSUNGXHD502IJ_S13TJDWS301391&q={searchTerms} HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://isearch.omiga-plus.com/web/?type=ds&ts=1405962028&from=ild&uid=SAMSUNGXHD502IJ_S13TJDWS301391&q={searchTerms} StartMenuInternet: IEXPLORE.EXE - C:\Program Files\Internet Explorer\iexplore.exe hxxp://isearch.omiga-plus.com/?type=sc&ts=1405962028&from=ild&uid=SAMSUNGXHD502IJ_S13TJDWS301391 SearchScopes: HKLM - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://isearch.omiga-plus.com/web/?type=ds&ts=1405962028&from=ild&uid=SAMSUNGXHD502IJ_S13TJDWS301391&q={searchTerms} SearchScopes: HKLM - {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = SearchScopes: HKLM - {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://isearch.omiga-plus.com/web/?type=ds&ts=1405962028&from=ild&uid=SAMSUNGXHD502IJ_S13TJDWS301391&q={searchTerms} SearchScopes: HKLM - {EEE6C360-6118-11DC-9C72-001320C79847} URL = hxxp://search.sweetim.com/search.asp?src=6&q={searchTerms}&crg=3.1010000.10011&barid={AA9D3BE6-4E07-11E2-95E6-00248C3E7389} SearchScopes: HKCU - DefaultScope {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = hxxp://www.trovi.com/Results.aspx?gd=&ctid=CT3330789&octid=EB_ORIGINAL_CTID&ISID=M357247FC-1405-4019-B828-E11A26D8636C&SearchSource=58&CUI=&UM=6&UP=SP9C4BE71C-CED0-4443-BF33-8083ABC37508&q={searchTerms}&SSPV= SearchScopes: HKCU - {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = hxxp://www.trovi.com/Results.aspx?gd=&ctid=CT3330789&octid=EB_ORIGINAL_CTID&ISID=M357247FC-1405-4019-B828-E11A26D8636C&SearchSource=58&CUI=&UM=6&UP=SP9C4BE71C-CED0-4443-BF33-8083ABC37508&q={searchTerms}&SSPV= SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKCU - {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = SearchScopes: HKCU - {EEE6C360-6118-11DC-9C72-001320C79847} URL = BHO: Adobe PDF Reader Link Helper -> {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) BHO: ContributeBHO Class -> {074C1DC5-9320-4A9A-947D-C042949C6216} -> C:\Program Files\Adobe\/Adobe Contribute CS3/contributeieplugin.dll (Adobe Systems Incorporated.) BHO: IEVkbdBHO Class -> {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} -> C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\ievkbd.dll (Kaspersky Lab ZAO) BHO: Adobe PDF Conversion Toolbar Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) BHO: FilterBHO Class -> {E33CF602-D945-461A-83F0-819F76A199F8} -> C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\klwtbbho.dll (Kaspersky Lab ZAO) Toolbar: HKLM - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) Toolbar: HKLM - Contribute Toolbar - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files\Adobe\/Adobe Contribute CS3/contributeieplugin.dll (Adobe Systems Incorporated.) Toolbar: HKCU - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) Toolbar: HKCU - No Name - {EEE6C35B-6118-11DC-9C72-001320C79847} - No File DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} hxxp://www.nvidia.com/content/DriverDownload/nforce/NvidiaSmartScan.cab Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies) Winsock: Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [152864] (Apple Inc.) Winsock: Catalog9 01 C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nvLsp.dll [268832] (NVIDIA) Winsock: Catalog9 02 C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nvLsp.dll [268832] (NVIDIA) Winsock: Catalog9 03 C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nvLsp.dll [268832] (NVIDIA) Winsock: Catalog9 04 C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nvLsp.dll [268832] (NVIDIA) Winsock: Catalog9 05 C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nvLsp.dll [268832] (NVIDIA) Winsock: Catalog9 06 C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nvLsp.dll [268832] (NVIDIA) Winsock: Catalog9 18 C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nvLsp.dll [268832] (NVIDIA) Winsock: Catalog9 19 C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nvLsp.dll [268832] (NVIDIA) Tcpip\Parameters: [DhcpNameServer] 195.34.133.21 212.186.211.21 FireFox: ======== FF ProfilePath: C:\Users\Chantal\AppData\Roaming\Mozilla\Firefox\Profiles\i105knj0.default FF NewTab: hxxp://www.trovi.com/?gd=&ctid=CT3330789&octid=EB_ORIGINAL_CTID&ISID=M357247FC-1405-4019-B828-E11A26D8636C&SearchSource=69&CUI=&SSPV=&Lay=1&UM=6&UP=SP9C4BE71C-CED0-4443-BF33-8083ABC37508 FF DefaultSearchEngine: omiga-plus FF SelectedSearchEngine: Trovi search FF Homepage: hxxp://www.trovi.com/?gd=&ctid=CT3330789&octid=EB_ORIGINAL_CTID&ISID=M357247FC-1405-4019-B828-E11A26D8636C&SearchSource=55&CUI=&UM=6&UP=SP9C4BE71C-CED0-4443-BF33-8083ABC37508&SSPV= FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_11_7_700_169.dll () FF Plugin: @Apple.com/iTunes,version=1.0 - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll () FF Plugin: @divx.com/DivX Browser Plugin,version=1.0.0 - C:\Program Files\DivX\DivX Web Player\npdivx32.dll (DivX,Inc.) FF Plugin: @divx.com/DivX Player Plugin,version=1.0.0 - C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll (DivX, Inc) FF Plugin: @Google.com/GoogleEarthPlugin - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google) FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation) FF Plugin: @microsoft.com/WPF,version=3.5 - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF Plugin: @nvidia.com/3DVision - C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation) FF Plugin: @nvidia.com/3DVisionStreaming - C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation) FF Plugin: @staging.google.com/globalUpdate Update;version=10 - C:\Program Files\globalUpdate\Update\1.3.25.0\npGoogleUpdate4.dll (globalUpdate) FF Plugin: @staging.google.com/globalUpdate Update;version=4 - C:\Program Files\globalUpdate\Update\1.3.25.0\npGoogleUpdate4.dll (globalUpdate) FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.) FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.) FF Plugin: @videolan.org/vlc,version=2.0.6 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\libdivx.dll (The OpenSSL Project, hxxp://www.openssl.org/) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npdivx32.dll (DivX,Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npDivxPlayerPlugin.dll (DivX, Inc) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin6.dll (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin7.dll (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\ssldivx.dll (The OpenSSL Project, hxxp://www.openssl.org/) FF SearchPlugin: C:\Users\Chantal\AppData\Roaming\Mozilla\Firefox\Profiles\i105knj0.default\searchplugins\conduit.xml FF SearchPlugin: C:\Users\Chantal\AppData\Roaming\Mozilla\Firefox\Profiles\i105knj0.default\searchplugins\MyStart.xml FF SearchPlugin: C:\Users\Chantal\AppData\Roaming\Mozilla\Firefox\Profiles\i105knj0.default\searchplugins\sweetim.xml FF SearchPlugin: C:\Users\Chantal\AppData\Roaming\Mozilla\Firefox\Profiles\i105knj0.default\searchplugins\trovi-search.xml FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\omiga-plus.xml FF Extension: Fast Start - C:\Users\Chantal\AppData\Roaming\Mozilla\Firefox\Profiles\i105knj0.default\Extensions\faststartff@gmail.com [2014-07-21] FF Extension: DownloadHelper - C:\Users\Chantal\AppData\Roaming\Mozilla\Firefox\Profiles\i105knj0.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2013-06-11] FF Extension: Movie2kDownloader - C:\Users\Chantal\AppData\Roaming\Mozilla\Firefox\Profiles\i105knj0.default\Extensions\movie2kdownloader@movie2kdownloader.com.xpi [2012-12-13] FF Extension: Adblock Plus - C:\Users\Chantal\AppData\Roaming\Mozilla\Firefox\Profiles\i105knj0.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2013-05-07] FF Extension: Kaspersky URL Advisor - C:\Program Files\Mozilla Firefox\extensions\linkfilter@kaspersky.ru [2009-08-21] FF Extension: Skype extension - C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2011-06-20] FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension FF Extension: Microsoft .NET Framework Assistant - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2009-05-21] FF HKLM\...\Firefox\Extensions: [linkfilter@kaspersky.ru] - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\FFExt\linkfilter@kaspersky.ru FF Extension: Kaspersky URL Advisor - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\FFExt\linkfilter@kaspersky.ru [2012-09-24] FF HKLM\...\Firefox\Extensions: [virtualKeyboard@kaspersky.ru] - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\FFExt\virtualKeyboard@kaspersky.ru FF Extension: Kaspersky Virtual Keyboard - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\FFExt\virtualKeyboard@kaspersky.ru [2012-09-24] FF HKLM\...\Firefox\Extensions: [faststartff@gmail.com] - C:\Users\Chantal\AppData\Roaming\Mozilla\Firefox\Profiles\i105knj0.default\extensions\faststartff@gmail.com FF HKCU\...\Firefox\Extensions: [{D6589730-A9B9-3C47-519D-FE6FE6DE0197}] - C:\Program Files\di9BetterMarkIt\176.xpi Chrome: ======= CHR HomePage: CHR StartupUrls: "chrome://newtab/", "hxxp://de.wikipedia.org/wiki/Wikipedia:Hauptseite" CHR Plugin: (Shockwave Flash) - C:\Users\Chantal\AppData\Local\Google\Chrome\Application\21.0.1180.89\PepperFlash\pepflashplayer.dll No File CHR Plugin: (Shockwave Flash) - C:\Program Files\Google\Chrome\Application\36.0.1985.125\gcswf32.dll No File CHR Plugin: (Shockwave Flash) - C:\Windows\system32\Macromed\Flash\NPSWF32_11_3_300_268.dll No File CHR Plugin: (Remoting Viewer) - internal-remoting-viewer CHR Plugin: (Native Client) - C:\Program Files\Google\Chrome\Application\36.0.1985.125\ppGoogleNaClPluginChrome.dll () CHR Plugin: (Chrome PDF Viewer) - C:\Program Files\Google\Chrome\Application\36.0.1985.125\pdf.dll () CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Browser\nppdf32.dll (Adobe Systems Inc.) CHR Plugin: (DivX Web Player) - C:\Program Files\Mozilla Firefox\plugins\npdivx32.dll (DivX,Inc.) CHR Plugin: (DivX Player Netscape Plugin) - C:\Program Files\Mozilla Firefox\plugins\npDivxPlayerPlugin.dll (DivX, Inc) CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll (Apple Inc.) CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll (Apple Inc.) CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll (Apple Inc.) CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll (Apple Inc.) CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll (Apple Inc.) CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll (Apple Inc.) CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll (Apple Inc.) CHR Plugin: (Google Earth Plugin) - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google) CHR Plugin: (Google Update) - C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll No File CHR Plugin: (Silverlight Plug-In) - C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll No File CHR Plugin: (VLC Multimedia Plug-in) - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN) CHR Plugin: (iTunes Application Detector) - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll () CHR Plugin: (Windows Presentation Foundation) - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) CHR Extension: (Modul zur Link-Untersuchung) - C:\Users\Chantal\AppData\Local\Google\Chrome\User Data\Default\Extensions\dchlnpcodkpfdpacogkljefecpegganj [2012-09-24] CHR Extension: (AdBlock) - C:\Users\Chantal\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2014-07-21] CHR Extension: (Virtuelle Tastatur) - C:\Users\Chantal\AppData\Local\Google\Chrome\User Data\Default\Extensions\jagncdcchgajhfhijbbhecadmaiegcmh [2012-09-24] CHR Extension: (Google Wallet) - C:\Users\Chantal\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-23] CHR Extension: (Quick start) - C:\Users\Chantal\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma [2014-07-21] CHR Extension: (Anti-Banner) - C:\Users\Chantal\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjldcfjmnllhmgjclecdnfampinooman [2012-09-24] CHR HKLM\...\Chrome\Extension: [blaofbhgbmeikidhlkmjhbkbfohpgekf] - C:\Program Files\Movie2KDownloader.com\Movie2KDownloader10.crx [2012-09-24] CHR HKLM\...\Chrome\Extension: [dchlnpcodkpfdpacogkljefecpegganj] - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\ChromeExt\urladvisor.crx [2011-10-13] CHR HKLM\...\Chrome\Extension: [jagncdcchgajhfhijbbhecadmaiegcmh] - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\ChromeExt\virtkbd.crx [2011-10-13] CHR HKLM\...\Chrome\Extension: [jcdgjdiieiljkfkdcloehkohchhpekkn] - C:\Users\Chantal\AppData\Local\Google\Chrome\User Data\Default\External Extensions\{EEE6C373-6118-11DC-9C72-001320C79847}\SweetFB.crx [2012-12-24] CHR HKLM\...\Chrome\Extension: [leocdeigfnkaojcapikdjcdbedcjmffc] - C:\Users\Chantal\AppData\Local\CRE\leocdeigfnkaojcapikdjcdbedcjmffc.crx [2012-04-17] CHR HKLM\...\Chrome\Extension: [pjldcfjmnllhmgjclecdnfampinooman] - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\ChromeExt\ab.crx [2011-10-13] CHR HKCU\...\Chrome\Extension: [leocdeigfnkaojcapikdjcdbedcjmffc] - C:\Users\Chantal\AppData\Local\CRE\leocdeigfnkaojcapikdjcdbedcjmffc.crx [2012-04-17] ========================== Services (Whitelisted) ================= S3 Adobe Version Cue CS3; C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe [153792 2007-03-20] (Adobe Systems Incorporated) R2 avp; C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe [206448 2012-11-01] (Kaspersky Lab ZAO) S3 FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [654848 2009-05-21] (Macrovision Europe Ltd.) [File not signed] R2 ForceWare Intelligent Application Manager (IAM); C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe [387616 2009-08-10] () S2 globalUpdate; C:\Program Files\globalUpdate\Update\GoogleUpdate.exe [68608 2014-07-21] (globalUpdate) [File not signed] S3 globalUpdatem; C:\Program Files\globalUpdate\Update\GoogleUpdate.exe [68608 2014-07-21] (globalUpdate) [File not signed] R2 IePluginServices; C:\ProgramData\IePluginServices\PluginService.exe [3427208 2014-07-21] (Cherished Technololgy LIMITED) R2 nSvcIp; C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe [178720 2009-08-10] () S3 Sony PC Companion; C:\Program Files\Sony\Sony PC Companion\PCCService.exe [155824 2013-02-04] (Avanquest Software) ==================== Drivers (Whitelisted) ==================== R1 AsIO; C:\Windows\System32\drivers\AsIO.sys [12400 2007-12-17] () R0 kl1; C:\Windows\System32\DRIVERS\kl1.sys [133208 2011-03-04] (Kaspersky Lab ZAO) R1 kl2; C:\Windows\System32\DRIVERS\kl2.sys [11352 2011-03-04] (Kaspersky Lab ZAO) R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [570160 2011-04-20] (Kaspersky Lab) R1 KLIM6; C:\Windows\System32\DRIVERS\klim6.sys [23856 2011-03-10] (Kaspersky Lab ZAO) S3 klmouflt; C:\Windows\System32\DRIVERS\klmouflt.sys [19984 2009-11-02] (Kaspersky Lab) S3 LADF_DHP2; C:\Windows\System32\DRIVERS\ladfDHP2i386.sys [53520 2009-05-28] (Logitech) S3 LADF_SBVM; C:\Windows\System32\DRIVERS\ladfSBVMi386.sys [334992 2009-05-28] (Logitech) S3 MRV6X32P; C:\Windows\System32\DRIVERS\MRVW13B.sys [253952 2006-11-02] (Marvell Semiconductor, Inc) R3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [7680 2006-10-17] () R0 sptd; C:\Windows\System32\Drivers\sptd.sys [721904 2009-05-21] () [File not signed] S3 IpInIp; system32\DRIVERS\ipinip.sys [X] S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X] S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X] ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2014-07-22 23:52 - 2014-07-22 23:53 - 00023580 _____ () C:\Users\Chantal\Desktop\FRST.txt 2014-07-22 23:52 - 2014-07-22 23:52 - 00000000 ____D () C:\FRST 2014-07-22 23:51 - 2014-07-22 23:51 - 01080320 _____ (Farbar) C:\Users\Chantal\Desktop\FRST.exe 2014-07-22 23:30 - 2014-07-22 23:31 - 00000000 ____D () C:\Program Files\Glarysoft 2014-07-22 23:29 - 2014-07-22 23:29 - 03751864 _____ () C:\Users\Chantal\Downloads\ausetup_v5.3.1.7.exe 2014-07-22 22:43 - 2014-07-22 22:43 - 00000804 _____ () C:\Users\Public\Desktop\CCleaner.lnk 2014-07-22 22:43 - 2014-07-22 22:43 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner 2014-07-22 22:43 - 2014-07-22 22:43 - 00000000 ____D () C:\Program Files\CCleaner 2014-07-21 21:20 - 2014-07-21 21:20 - 00001963 _____ () C:\Users\Public\Desktop\Google Chrome.lnk 2014-07-21 21:20 - 2014-07-21 21:20 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome 2014-07-21 20:03 - 2014-07-21 20:03 - 00000779 _____ () C:\Users\Chantal\AppData\Roaming\Microsoft\Windows\Start Menu\µTorrent.lnk 2014-07-21 19:01 - 2014-07-21 23:13 - 00000000 ____D () C:\ProgramData\WindowsMangerProtect 2014-07-21 19:01 - 2014-07-21 22:58 - 00000000 ____D () C:\Users\Chantal\AppData\Local\PriceMeter 2014-07-21 19:01 - 2014-07-21 22:56 - 00000000 ____D () C:\Program Files\SupTab 2014-07-21 19:01 - 2014-07-21 19:01 - 00000000 ____D () C:\ProgramData\IePluginServices 2014-07-21 18:58 - 2014-07-21 18:58 - 00000306 __RSH () C:\ProgramData\ntuser.pol 2014-07-21 18:57 - 2014-07-22 20:07 - 00000878 _____ () C:\Windows\Tasks\globalUpdateUpdateTaskMachineCore.job 2014-07-21 18:57 - 2014-07-21 19:02 - 00000882 _____ () C:\Windows\Tasks\globalUpdateUpdateTaskMachineUA.job 2014-07-21 18:57 - 2014-07-21 18:57 - 00000000 ____D () C:\Users\Chantal\AppData\Local\globalUpdate 2014-07-21 18:57 - 2014-07-21 18:57 - 00000000 ____D () C:\Program Files\globalUpdate 2014-07-21 17:59 - 2014-07-21 17:59 - 02636288 _____ () C:\Users\Chantal\Downloads\Kaiserliche Rätselrallye 2012 (1).pub 2014-07-21 17:58 - 2014-07-21 17:58 - 02636288 _____ () C:\Users\Chantal\Downloads\Kaiserliche Rätselrallye 2012.pub 2014-07-12 19:01 - 2014-07-12 19:01 - 01623184 _____ (Graboid Inc.) C:\Users\Chantal\Downloads\GraboidVideoInstaller-5.1.3.0.exe 2014-07-11 20:47 - 2014-07-21 20:14 - 00018360 _____ () C:\Windows\system32\Drivers\SPPD.sys 2014-07-11 18:03 - 2014-06-07 02:19 - 02051072 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys 2014-07-11 18:03 - 2014-06-07 02:05 - 12353024 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2014-07-11 18:03 - 2014-06-07 01:25 - 09711616 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2014-07-11 18:03 - 2014-06-07 01:12 - 01810432 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2014-07-11 18:03 - 2014-06-07 01:04 - 01106432 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2014-07-11 18:03 - 2014-06-07 01:03 - 01427968 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl 2014-07-11 18:03 - 2014-06-07 01:02 - 01129472 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2014-07-11 18:03 - 2014-06-07 01:00 - 00231936 _____ (Microsoft Corporation) C:\Windows\system32\url.dll 2014-07-11 18:03 - 2014-06-07 00:58 - 00065024 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll 2014-07-11 18:03 - 2014-06-07 00:57 - 00142848 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe 2014-07-11 18:03 - 2014-06-07 00:56 - 00717824 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll 2014-07-11 18:03 - 2014-06-07 00:56 - 00421376 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll 2014-07-11 18:03 - 2014-06-07 00:54 - 00607744 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2014-07-11 18:03 - 2014-06-07 00:54 - 00353792 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll 2014-07-11 18:03 - 2014-06-07 00:54 - 00223232 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll 2014-07-11 18:03 - 2014-06-07 00:54 - 00041472 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll 2014-07-11 18:03 - 2014-06-07 00:53 - 01796096 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2014-07-11 18:03 - 2014-06-07 00:53 - 00073728 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll 2014-07-11 18:03 - 2014-06-07 00:53 - 00010752 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe 2014-07-11 18:03 - 2014-06-07 00:52 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2014-07-11 18:03 - 2014-06-07 00:51 - 00011776 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe 2014-07-11 18:03 - 2014-06-07 00:47 - 00176640 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll 2014-07-11 18:03 - 2014-06-06 10:59 - 00506880 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll 2014-07-11 18:03 - 2014-05-30 08:53 - 00273408 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys 2014-06-28 21:21 - 2014-06-28 21:21 - 00000000 ____D () C:\Users\Chantal\Desktop\Outdoorlehrgang 2 ==================== One Month Modified Files and Folders ======= 2014-07-22 23:53 - 2014-07-22 23:52 - 00023580 _____ () C:\Users\Chantal\Desktop\FRST.txt 2014-07-22 23:53 - 2009-05-21 03:29 - 00000000 ____D () C:\Users\Chantal\AppData\Roaming\uTorrent 2014-07-22 23:52 - 2014-07-22 23:52 - 00000000 ____D () C:\FRST 2014-07-22 23:51 - 2014-07-22 23:51 - 01080320 _____ (Farbar) C:\Users\Chantal\Desktop\FRST.exe 2014-07-22 23:31 - 2014-07-22 23:30 - 00000000 ____D () C:\Program Files\Glarysoft 2014-07-22 23:29 - 2014-07-22 23:29 - 03751864 _____ () C:\Users\Chantal\Downloads\ausetup_v5.3.1.7.exe 2014-07-22 23:00 - 2011-06-05 13:17 - 00001100 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2014-07-22 22:52 - 2012-11-05 23:12 - 00000000 ____D () C:\Windows\Minidump 2014-07-22 22:52 - 2009-05-21 03:29 - 00000000 ____D () C:\Users\Chantal\AppData\Roaming\DAEMON Tools Lite 2014-07-22 22:52 - 2009-05-21 02:43 - 00000000 ____D () C:\Users\Chantal\AppData\Roaming\Skype 2014-07-22 22:52 - 2009-01-01 01:28 - 00000000 ____D () C:\Windows\Panther 2014-07-22 22:43 - 2014-07-22 22:43 - 00000804 _____ () C:\Users\Public\Desktop\CCleaner.lnk 2014-07-22 22:43 - 2014-07-22 22:43 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner 2014-07-22 22:43 - 2014-07-22 22:43 - 00000000 ____D () C:\Program Files\CCleaner 2014-07-22 22:28 - 2009-05-21 01:22 - 00000000 ____D () C:\ProgramData\Kaspersky Lab 2014-07-22 22:04 - 2006-11-02 14:45 - 00003712 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 2014-07-22 22:04 - 2006-11-02 14:45 - 00003712 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 2014-07-22 21:56 - 2008-01-21 03:38 - 01512034 ____N () C:\Windows\WindowsUpdate.log 2014-07-22 20:11 - 2008-01-21 10:21 - 01418806 _____ () C:\Windows\system32\PerfStringBackup.INI 2014-07-22 20:08 - 2014-05-06 11:15 - 00000000 ____D () C:\Users\Chantal\AppData\Roaming\DropboxMaster 2014-07-22 20:08 - 2011-12-12 18:38 - 00000000 ___RD () C:\Users\Chantal\Dropbox 2014-07-22 20:08 - 2011-12-12 18:35 - 00000000 ____D () C:\Users\Chantal\AppData\Roaming\Dropbox 2014-07-22 20:07 - 2014-07-21 18:57 - 00000878 _____ () C:\Windows\Tasks\globalUpdateUpdateTaskMachineCore.job 2014-07-22 20:07 - 2011-06-05 13:17 - 00001096 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2014-07-22 20:04 - 2009-05-21 00:56 - 00000000 ____D () C:\ProgramData\NVIDIA 2014-07-22 20:04 - 2006-11-02 14:58 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2014-07-21 23:44 - 2009-09-10 19:02 - 00000012 _____ () C:\Windows\bthservsdp.dat 2014-07-21 23:44 - 2006-11-02 14:58 - 00032558 _____ () C:\Windows\Tasks\SCHEDLGU.TXT 2014-07-21 23:13 - 2014-07-21 19:01 - 00000000 ____D () C:\ProgramData\WindowsMangerProtect 2014-07-21 22:58 - 2014-07-21 19:01 - 00000000 ____D () C:\Users\Chantal\AppData\Local\PriceMeter 2014-07-21 22:56 - 2014-07-21 19:01 - 00000000 ____D () C:\Program Files\SupTab 2014-07-21 21:33 - 2009-05-21 02:11 - 00000000 ____D () C:\Program Files\Mozilla Firefox 2014-07-21 21:20 - 2014-07-21 21:20 - 00001963 _____ () C:\Users\Public\Desktop\Google Chrome.lnk 2014-07-21 21:20 - 2014-07-21 21:20 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome 2014-07-21 21:20 - 2011-06-05 13:17 - 00000000 ____D () C:\Program Files\Google 2014-07-21 20:57 - 2009-10-29 16:46 - 00000000 ____D () C:\Users\Chantal\AppData\Local\Google 2014-07-21 20:14 - 2014-07-11 20:47 - 00018360 _____ () C:\Windows\system32\Drivers\SPPD.sys 2014-07-21 20:03 - 2014-07-21 20:03 - 00000779 _____ () C:\Users\Chantal\AppData\Roaming\Microsoft\Windows\Start Menu\µTorrent.lnk 2014-07-21 19:02 - 2014-07-21 18:57 - 00000882 _____ () C:\Windows\Tasks\globalUpdateUpdateTaskMachineUA.job 2014-07-21 19:01 - 2014-07-21 19:01 - 00000000 ____D () C:\ProgramData\IePluginServices 2014-07-21 19:00 - 2009-05-21 01:35 - 00001143 _____ () C:\Users\Chantal\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk 2014-07-21 18:58 - 2014-07-21 18:58 - 00000306 __RSH () C:\ProgramData\ntuser.pol 2014-07-21 18:58 - 2006-11-02 13:18 - 00000000 ___HD () C:\Windows\system32\GroupPolicy 2014-07-21 18:57 - 2014-07-21 18:57 - 00000000 ____D () C:\Users\Chantal\AppData\Local\globalUpdate 2014-07-21 18:57 - 2014-07-21 18:57 - 00000000 ____D () C:\Program Files\globalUpdate 2014-07-21 18:48 - 2009-05-21 03:35 - 00000000 ____D () C:\Users\Chantal\AppData\Roaming\vlc 2014-07-21 17:59 - 2014-07-21 17:59 - 02636288 _____ () C:\Users\Chantal\Downloads\Kaiserliche Rätselrallye 2012 (1).pub 2014-07-21 17:58 - 2014-07-21 17:58 - 02636288 _____ () C:\Users\Chantal\Downloads\Kaiserliche Rätselrallye 2012.pub 2014-07-21 17:41 - 2009-06-05 19:47 - 00000069 _____ () C:\Windows\NeroDigital.ini 2014-07-16 13:56 - 2009-05-21 17:54 - 00246784 _____ () C:\Users\Chantal\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini 2014-07-12 19:01 - 2014-07-12 19:01 - 01623184 _____ (Graboid Inc.) C:\Users\Chantal\Downloads\GraboidVideoInstaller-5.1.3.0.exe 2014-07-12 03:26 - 2006-11-02 14:44 - 01588384 _____ () C:\Windows\system32\FNTCACHE.DAT 2014-07-12 03:05 - 2013-08-18 19:43 - 00000000 ____D () C:\Windows\system32\MRT 2014-07-12 03:01 - 2006-11-02 12:24 - 93585272 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe 2014-07-11 20:46 - 2009-05-21 03:30 - 00000000 ____D () C:\Program Files\uTorrent 2014-06-28 21:21 - 2014-06-28 21:21 - 00000000 ____D () C:\Users\Chantal\Desktop\Outdoorlehrgang 2 Some content of TEMP: ==================== C:\Users\Chantal\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpgjbjdn.dll ==================== Bamital & volsnap Check ================= C:\Windows\explorer.exe => File is digitally signed C:\Windows\system32\winlogon.exe => File is digitally signed C:\Windows\system32\wininit.exe => File is digitally signed C:\Windows\system32\svchost.exe => File is digitally signed C:\Windows\system32\services.exe => File is digitally signed C:\Windows\system32\User32.dll => File is digitally signed C:\Windows\system32\userinit.exe => File is digitally signed C:\Windows\system32\rpcss.dll => File is digitally signed C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2014-07-22 20:16 ==================== End Of Log ============================ /CODE] Additon: [CODE ==================== Security Center ======================== AV: Kaspersky Anti-Virus (Enabled - Up to date) {2EAA32A5-1EE1-1B22-95DA-337730C6E984} AS: Kaspersky Anti-Virus (Enabled - Up to date) {95CBD341-38DB-14AC-AF6A-08054B41A339} AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} ==================== Installed Programs ====================== µTorrent (HKCU\...\uTorrent) (Version: 3.4.2.32239 - BitTorrent Inc.) AAC Decoder (HKLM\...\{AEF9DC35ADDF4825B049ACBFD1C6EB37}) (Version: 7.1.0 - DivX, Inc.) Add or Remove Adobe Creative Suite 3 Master Collection (HKLM\...\Adobe_4dcfd9b7e901b57f81f667144603236) (Version: 1.0 - Adobe Systems Incorporated) Adobe Acrobat 8 Professional (Version: 8.1.3 - Adobe Systems) Hidden Adobe Acrobat 8.1.3 Professional (HKLM\...\Adobe Acrobat 8 Professional) (Version: 8.1.3 - ) Adobe After Effects CS3 (Version: 8 - Adobe Systems Incorporated) Hidden Adobe After Effects CS3 Presets (Version: 8 - Adobe Systems Incorporated) Hidden Adobe Anchor Service CS3 (Version: 1.0 - Adobe Systems Incorporated) Hidden Adobe Asset Services CS3 (Version: 3 - Adobe Systems Incorporated) Hidden Adobe Bridge CS3 (Version: 2 - Adobe Systems Incorporated) Hidden Adobe Bridge Start Meeting (Version: 1.0 - Adobe Systems Incorporated) Hidden Adobe BridgeTalk Plugin CS3 (Version: 1.0 - Adobe Systems Incorporated) Hidden Adobe Camera Raw 4.0 (Version: 4.0 - Adobe Systems Incorporated) Hidden Adobe CMaps (Version: 1.0 - Adobe Systems Incorporated) Hidden Adobe Color - Photoshop Specific (Version: 1.0 - Adobe Systems Incorporated) Hidden Adobe Color Common Settings (HKLM\...\Adobe_6c8e2cb4fd241c55406016127a6ab2e) (Version: 1.0.1 - Adobe Systems Incorporated) Adobe Color Common Settings (Version: 1.0.1 - Adobe Systems Incorporated) Hidden Adobe Color EU Extra Settings (Version: 1.0 - Adobe Systems Incorporated) Hidden Adobe Color JA Extra Settings (Version: 1.0 - Adobe Systems Incorporated) Hidden Adobe Color NA Recommended Settings (Version: 1.0 - Adobe Systems Incorporated) Hidden Adobe Contribute CS3 (Version: 4.1 - Adobe Systems Incorporated) Hidden Adobe Creative Suite 3 Master Collection (Version: 1.0 - Adobe Systems Incorporated) Hidden Adobe Default Language CS3 (Version: 1.0 - Adobe Systems Incorporated) Hidden Adobe Device Central CS3 (Version: 1.0 - Adobe Systems Incorporated) Hidden Adobe Dreamweaver CS3 (Version: 9 - Adobe Systems Incorporated) Hidden Adobe Encore CS3 (Version: 3 - Adobe Systems Incorporated) Hidden Adobe Encore CS3 Codecs (Version: 3 - Adobe Systems Incorporated) Hidden Adobe ExtendScript Toolkit 2 (HKLM\...\Adobe_3e054d2218e7aa282c2369d939e58ff) (Version: 2.0.2 - Adobe Systems Incorporated) Adobe ExtendScript Toolkit 2 (Version: 2.0.2 - Adobe Systems Incorporated) Hidden Adobe Extension Manager CS3 (Version: 1.8 - Adobe Systems Incorporated) Hidden Adobe Fireworks CS3 (Version: 9.0 - Adobe Systems Incorporated) Hidden Adobe Flash CS3 (Version: 9.0 - Adobe Systems Incorporated) Hidden Adobe Flash Player 11 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 11.7.700.169 - Adobe Systems Incorporated) Adobe Flash Player 9 ActiveX (HKLM\...\{BC4F8E84-5E29-49EC-B4E7-E6F9CB50986C}) (Version: 9.0.45.0 - Adobe Systems, Inc.) Adobe Flash Video Encoder (Version: 2.0 - Adobe Systems Incorporated) Hidden Adobe Fonts All (Version: 1.0 - Adobe Systems Incorporated) Hidden Adobe Help Viewer CS3 (Version: 1 - Adobe Systems Incorporated) Hidden Adobe Illustrator CS3 (Version: 13.0 - Adobe Systems Incorporated) Hidden Adobe InDesign CS3 (Version: 5.0 - Adobe Systems Incorporated) Hidden Adobe InDesign CS3 Icon Handler (Version: 5.0 - Adobe Systems Incorporated) Hidden Adobe Linguistics CS3 (Version: 3.0.0 - Adobe Systems Incorporated) Hidden Adobe MotionPicture Color Files (Version: 1.0 - Adobe Systems Incorporated) Hidden Adobe PDF Library Files (Version: 8.0 - Adobe Systems Incorporated) Hidden Adobe Photoshop CS3 (Version: 10 - Adobe Systems Incorporated) Hidden Adobe Premiere Pro CS3 (Version: 3 - Adobe Systems Incorporated) Hidden Adobe Premiere Pro CS3 Functional Content (Version: 8 - Adobe Systems Incorporated) Hidden Adobe Premiere Pro CS3 Third Party Content (Version: 3 - Adobe Systems Incorporated) Hidden Adobe Setup (Version: 1.0 - Adobe Systems Incorporated) Hidden Adobe SING CS3 (Version: 0.1 - Adobe Systems Incorporated) Hidden Adobe Soundbooth CS3 (Version: 1 - Adobe Systems Incorporated) Hidden Adobe Soundbooth CS3 Codecs (Version: 3 - Adobe Systems Incorporated) Hidden Adobe Stock Photos CS3 (Version: 1.5 - Adobe Systems Incorporated) Hidden Adobe Type Support (Version: 1.0 - Adobe Systems Incorporated) Hidden Adobe Update Manager CS3 (Version: 5.1.0 - Adobe Systems Incorporated) Hidden Adobe Version Cue CS3 Client (Version: 3 - Adobe Systems Incorporated) Hidden Adobe Version Cue CS3 Server {ko_KR} (Version: 3.0.0.0 {ko_KR} - Adobe Systems Incorporated) Hidden Adobe Video Profiles (Version: 1.0 - Adobe Systems Incorporated) Hidden Adobe WAS CS3 (Version: 1.0 - Adobe Systems Incorporated) Hidden Adobe WinSoft Linguistics Plugin (Version: 1.0 - Adobe Systems Incorporated) Hidden Adobe XMP DVA Panels CS3 (Version: 1.0 - Adobe Systems Incorporated) Hidden Adobe XMP Panels CS3 (Version: 1.0 - Adobe Systems Incorporated) Hidden AHV content for Acrobat and Flash (Version: 1 - Adobe Systems Incorporated) Hidden Apple Application Support (HKLM\...\{A83279FD-CA4B-4206-9535-90974DE76654}) (Version: 2.1.5 - Apple Inc.) Apple Mobile Device Support (HKLM\...\{9DE1BE03-AFE2-4CDB-BFEB-D06D736CD01A}) (Version: 3.0.1.3 - Apple Inc.) Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.) ASUSUpdate (HKLM\...\{587178E7-B1DF-494E-9838-FA4DD36E873C}) (Version: - ) Audacity 1.3.13 (Unicode) (HKLM\...\Audacity 1.3 Beta (Unicode)_is1) (Version: - Audacity Team) AutoUpdate (HKLM\...\{18D10072035C4515918F7E37EAFAACFC}) (Version: 1.1 - ) Bonjour (HKLM\...\{8A253629-0511-4854-8B4E-46E57E66005C}) (Version: 2.0.1.2 - Apple Inc.) Brother MFL-Pro Suite DCP-195C (HKLM\...\{6BF66AED-3EA4-4106-B240-5CE96C9B76B0}) (Version: 1.0.0.0 - Brother Industries, Ltd.) CCleaner (HKLM\...\CCleaner) (Version: 4.15 - Piriform) Cool & Quiet (HKLM\...\{1ADE1AA0-7F82-4BB1-B1BD-727DE438057B}) (Version: - ) DivX Codec (HKLM\...\{7B63B2922B174135AFC0E1377DD81EC2}) (Version: 6.8.5 - DivX, Inc.) DivX Converter (HKLM\...\{13F3917B56CD4C25848BDC69916971BB}) (Version: 7.0.0 - DivX, Inc.) DivX Converter (HKLM\...\{B13A7C41581B411290FBC0395694E2A9}) (Version: 7.0.0 - DivX, Inc.) DivX Player (HKLM\...\{8ADFC4160D694100B5B8A22DE9DCABD9}) (Version: 7.1.0 - DivX, Inc.) DivX Plus DirectShow Filters (HKLM\...\DivX Plus DirectShow Filters) (Version: - DivX, Inc.) DivX Version Checker (HKLM\...\{3FC7CBBC4C1E11DCA1A752EA55D89593}) (Version: 7.0.0.19 - DivX, Inc.) DivX Web Player (HKLM\...\{B7050CBDB2504B34BC2A9CA0A692CC29}) (Version: 1.4.3 - DivX,Inc.) Dropbox (HKCU\...\Dropbox) (Version: 2.8.2 - Dropbox, Inc.) DVD Shrink 3.2 (HKLM\...\DVD Shrink_is1) (Version: - DVD Shrink) Express Dictate (HKLM\...\Express) (Version: - NCH Software) Express Scribe (HKLM\...\Scribe) (Version: - NCH Software) Google Chrome (HKLM\...\Google Chrome) (Version: 36.0.1985.125 - Google Inc.) Google Earth (HKLM\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google) Google Update Helper (Version: 1.3.24.15 - Google Inc.) Hidden H.264 Decoder (HKLM\...\{A96E97134CA649888820BCDE5E300BBD}) (Version: 1.0.0 - DivX, Inc.) iTunes (HKLM\...\{5ECB3A3C-980B-4D12-9724-25DCB07A1F47}) (Version: 9.1.1.12 - Apple Inc.) Kaspersky Anti-Virus 2012 (HKLM\...\InstallWIX_{45E557D6-2271-4F13-8101-C620B4285AB0}) (Version: 12.0.0.374 - Kaspersky Lab) Kaspersky Anti-Virus 2012 (Version: 12.0.0.374 - Kaspersky Lab) Hidden LAME v3.99.3 (for Windows) (HKLM\...\LAME_is1) (Version: - ) Logitech G35 (HKLM\...\{DA410706-345C-4288-8853-A2460BDD0FA0}) (Version: 1.0.152 - Logitech) Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version: - Microsoft Corporation) Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729 - Microsoft Corporation) Hidden Microsoft Application Error Reporting (Version: 12.0.6012.5000 - Microsoft Corporation) Hidden Microsoft IntelliType Pro 7.0 (HKLM\...\{94A065E8-455D-41C1-AF1F-F0C1AF8F50F3}) (Version: 7.0.260.0 - Microsoft) Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30214.0 - Microsoft Corporation) Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation) MKV Splitter (HKLM\...\{AAC389499AEF40428987B3D30CFC76C9}) (Version: 1.0.0 - DivX, Inc.) Movie DVD Maker 2.7.1021 (HKLM\...\Movie DVD Maker_is1) (Version: - Aone Software) MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation) MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation) Nero 8 (HKLM\...\{B944FA21-81AF-4A77-8328-CE4F4CC51031}) (Version: 8.10.21 - Nero AG) neroxml (Version: 1.0.0 - Nero AG) Hidden NETGEAR WG311v3 PCI Adapter (HKLM\...\InstallShield_{70014586-7BBA-4A92-A610-CDC896C48F8F}) (Version: 1.00 - NETGEAR) NETGEAR WG311v3 PCI Adapter (Version: 1.00 - NETGEAR) Hidden NVIDIA 3D Vision Treiber 311.06 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 311.06 - NVIDIA Corporation) NVIDIA Drivers (HKLM\...\NVIDIA Drivers) (Version: 1.7 - NVIDIA Corporation) NVIDIA ForceWare Network Access Manager (HKLM\...\InstallShield_{7CFA46E3-CC2F-4355-82AE-6012DC3633FD}) (Version: 1.00.7316 - NVIDIA Corporation) NVIDIA ForceWare Network Access Manager (Version: 1.00.7316 - NVIDIA Corporation) Hidden NVIDIA Grafiktreiber 311.06 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 311.06 - NVIDIA Corporation) NVIDIA Install Application (Version: 2.1002.108.688 - NVIDIA Corporation) Hidden NVIDIA PhysX v8.10.13 (HKLM\...\{AC54E544-3E42-443C-A91D-A00A6974C592}) (Version: 8.10.13 - NVIDIA Corporation) NVIDIA Stereoscopic 3D Driver (Version: 7.17.13.1106 - NVIDIA Corporation) Hidden NVIDIA Systemsteuerung 311.06 (Version: 311.06 - NVIDIA Corporation) Hidden NVIDIA Update 1.11.3 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 1.11.3 - NVIDIA Corporation) NVIDIA Update Components (Version: 1.11.3 - NVIDIA Corporation) Hidden OpenOffice.org 3.1 (HKLM\...\{D765F1CE-5AE5-4C47-B134-AE58AC474740}) (Version: 3.1.9399 - OpenOffice.org) PaperPort Image Printer (HKLM\...\{2BC2781A-F7F6-452E-95EB-018A522F1B2C}) (Version: 1.00.0000 - Nuance Communications, Inc.) PC Probe II (HKLM\...\{F7338FA3-DAB5-49B2-900D-0AFB5760C166}) (Version: 1.04.60 - ASUSTek) PDF Settings (Version: 1.0 - Adobe Systems Incorporated) Hidden QuickTime (HKLM\...\{7BE15435-2D3E-4B58-867F-9C75BED0208C}) (Version: 7.71.80.42 - Apple Inc.) Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.5745 - Realtek Semiconductor Corp.) ScanSoft PaperPort 11 (HKLM\...\{02570AE0-BEE0-4A6C-BE3F-D806E9F2EA17}) (Version: 11.2.0000 - Nuance Communications, Inc.) Security Task Manager 1.8g (HKLM\...\Security Task Manager) (Version: 1.8g - Neuber Software) Skype Toolbars (HKLM\...\{B6CF2967-C81E-40C0-9815-C05774FEF120}) (Version: 5.3.7555 - Skype Technologies S.A.) Skype™ 6.11 (HKLM\...\{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}) (Version: 6.11.102 - Skype Technologies S.A.) Sony Ericsson Media Manager 1.2 (HKLM\...\{8CD0B297-122D-4718-9CE1-B72E796F7B21}) (Version: 1.2.822 - Sony Ericsson) Sony Ericsson Update Engine (HKLM\...\Update Engine) (Version: 2.13.6.201305161305 - Sony Ericsson Communications AB) Sony PC Companion 2.10.165 (HKLM\...\{F09EF8F2-0976-42C1-8D9D-8DF78337C6E3}) (Version: 2.10.165 - Sony) Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (HKLM\...\{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}.KB963707) (Version: 1 - Microsoft Corporation) VC80CRTRedist - 8.0.50727.762 (Version: 1.0.0 - DivX, Inc) Hidden VCRedistSetup (Version: 1.0.0 - Nero AG) Hidden VLC media player 2.0.6 (HKLM\...\VLC media player) (Version: 2.0.6 - VideoLAN) WinRAR (HKLM\...\WinRAR archiver) (Version: - ) WinSCP 4.2.4 beta (HKLM\...\winscp3_is1) (Version: 4.2.4 beta - Martin Prikryl) ==================== Restore Points ========================= ==================== Hosts content: ========================== 2006-11-02 12:23 - 2006-09-18 23:41 - 00000761 ____A C:\Windows\system32\Drivers\etc\hosts 127.0.0.1 localhost ::1 localhost ==================== Scheduled Tasks (whitelisted) ============= Task: {020D6384-A87F-4E50-9A7C-FC973108C304} - System32\Tasks\globalUpdateUpdateTaskMachineCore => C:\Program Files\globalUpdate\Update\GoogleUpdate.exe [2014-07-21] (globalUpdate) Task: {16A1843E-D8C3-4DA9-9A47-4FFD2B78EEB5} - System32\Tasks\globalUpdateUpdateTaskMachineUA => C:\Program Files\globalUpdate\Update\GoogleUpdate.exe [2014-07-21] (globalUpdate) Task: {18DFD9FC-082E-4E9B-8285-5F21D2B4EDAE} - System32\Tasks\Microsoft\Windows\MobilePC\TMM Task: {19F59E67-CA8E-44DB-B4C7-771FE1A59900} - System32\Tasks\{49BD6ED1-8452-4110-9374-C55DE2A08583} => C:\Program Files\Skype\Phone\Skype.exe [2013-11-14] (Skype Technologies S.A.) Task: {1A969C6F-FBE8-41E7-912E-5B50DD76EDD5} - System32\Tasks\{5DB204C4-CB32-44D1-83FF-EEE9C50F2859} => C:\Program Files\Skype\Phone\Skype.exe [2013-11-14] (Skype Technologies S.A.) Task: {4D15C4C4-4326-4FDE-B2AF-CF9BF0D23DBC} - System32\Tasks\pricemeterdownloader => C:\Users\Chantal\AppData\Local\PriceMeter\pricemeterd.exe Task: {534E59B1-386A-4081-89D6-60EA31073CEC} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2011-06-05] (Google Inc.) Task: {5916F864-469C-4391-8604-E4EA141A2699} - System32\Tasks\Microsoft\Windows\Wireless\GatherWirelessInfo => C:\Windows\system32\gatherWirelessInfo.vbs [2008-01-21] () Task: {763AB68A-4FBF-4FAD-8156-27F62C4E4F4C} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2011-06-05] (Google Inc.) Task: {7765E4E3-BE13-4B8D-A1CB-B52452C58B19} - System32\Tasks\Microsoft\Windows\Tcpip\WSHReset => C:\Windows\system32\netsh.exe [2006-11-02] (Microsoft Corporation) Task: {7AEDB373-0045-4211-8C9B-89CBB3D8E770} - System32\Tasks\ASUS\ASUS ACPI Service Provider => C:\Program Files\ASUS\AASP\1.00.80\aaCenter.exe [2008-11-18] () Task: {7C5A51E8-1AD7-48C6-8879-257A8A9609F5} - System32\Tasks\Microsoft\Windows\NetworkAccessProtection\NAPStatus UI Task: {8B0E6FAB-F43A-4988-AF0A-A21646C212F0} - System32\Tasks\Microsoft\Windows\Shell\CrawlStartPages Task: {9ED703A9-5FFD-40D5-895A-4385EE1509DE} - System32\Tasks\Microsoft\Windows\RAC\RACAgent => C:\Windows\system32\RacAgent.exe [2008-01-21] (Microsoft Corporation) Task: {A4CA8F6B-9141-4B02-8EA1-129FCEAB4E53} - System32\Tasks\Microsoft\Windows\WindowsCalendar\Reminders - Chantal => C:\Program Files\Windows Calendar\wincal.exe [2009-04-11] (Microsoft Corporation) Task: {A53ACFA2-0574-4DC3-87EE-53C4A9BF00C8} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-06-24] (Piriform Ltd) Task: {AD79A5D6-67B0-4CBB-9B31-282BBABA1788} - System32\Tasks\NCH Software\scribeShakeIcon => C:\Program Files\NCH Software\Scribe\Scribe.exe [2012-08-01] (NCH Software) Task: {E2C85998-7948-4CE2-9367-9D414C645C90} - System32\Tasks\NCH Software\ExpressReminder => C:\Program Files\NCH Software\Express\Express.exe [2012-08-01] (NCH Software) Task: {ED8E6B48-0960-4A2F-8FBB-9AB4763398BE} - System32\Tasks\PC Rambazamba => C:\Program Files\Langmeier Software\PC Rambazamba\pcrambazamba.exe Task: {F63A0327-10D6-48CA-A51D-1EBBD2450D6A} - System32\Tasks\ASUS\ASUS RegRun Loader => C:\Program Files\ASUS\AASP\1.00.80\AsLoader.exe [2008-07-02] () Task: C:\Windows\Tasks\globalUpdateUpdateTaskMachineCore.job => C:\Program Files\globalUpdate\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\globalUpdateUpdateTaskMachineUA.job => C:\Program Files\globalUpdate\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe ==================== Loaded Modules (whitelisted) ============= 2009-08-10 16:59 - 2009-08-10 16:59 - 00387616 _____ () C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe 2009-08-10 16:59 - 2009-08-10 16:59 - 00068128 _____ () C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nv_common.dll 2009-08-10 16:59 - 2009-08-10 16:59 - 00436768 _____ () C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\SpecialCase.dll 2012-11-21 18:36 - 2009-01-09 18:10 - 00139264 _____ () C:\Program Files\Brother\BrUtilities\BrLogAPI.dll 2009-08-10 16:59 - 2009-08-10 16:59 - 00178720 _____ () C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe 2008-11-18 04:27 - 2008-11-18 04:27 - 00621056 ____R () C:\Program Files\ASUS\AASP\1.00.80\aaCenter.exe 2009-05-21 00:49 - 2006-01-10 10:50 - 00024576 ____R () C:\Windows\system32\AsIO.dll 2009-05-21 02:18 - 2005-06-22 11:39 - 00204851 ____R () C:\Program Files\ASUS\AASP\1.00.80\PowerDll.dll 2009-05-21 02:18 - 2008-01-17 10:46 - 00053248 ____R () C:\Program Files\ASUS\AASP\1.00.80\cpuutil.dll 2009-05-21 02:18 - 2006-05-25 11:18 - 00106548 ____R () C:\Program Files\ASUS\AASP\1.00.80\PowNap.dll 2011-04-24 23:13 - 2011-04-24 23:13 - 02118032 _____ () C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\QtCore4.dll 2011-04-24 23:13 - 2011-04-24 23:13 - 07008656 _____ () C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\QtGui4.dll 2011-04-24 23:13 - 2011-04-24 23:13 - 02089360 _____ () C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\QtDeclarative4.dll 2011-04-24 23:13 - 2011-04-24 23:13 - 01270160 _____ () C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\QtScript4.dll 2011-04-24 23:13 - 2011-04-24 23:13 - 00192912 _____ () C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\QtSql4.dll 2011-04-24 23:13 - 2011-04-24 23:13 - 00758160 _____ () C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\QtNetwork4.dll 2011-04-20 19:56 - 2011-04-20 19:56 - 00025088 _____ () C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\imageformats\qgif4.dll 2005-08-31 10:51 - 2005-08-31 10:51 - 01691648 _____ () C:\Program Files\NETGEAR\WG311v3\WG311v3.exe 2014-07-22 20:08 - 2014-07-22 20:08 - 00043008 _____ () c:\users\chantal\appdata\local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpgjbjdn.dll 2013-08-23 21:01 - 2013-08-23 21:01 - 25100288 _____ () C:\Users\Chantal\AppData\Roaming\Dropbox\bin\libcef.dll 2009-04-16 13:02 - 2009-04-16 13:02 - 00970752 _____ () C:\Program Files\OpenOffice.org 3\program\libxml2.dll 2014-04-15 16:14 - 2014-02-10 13:44 - 04592128 _____ () C:\Users\Chantal\AppData\Local\Google\Chrome\User Data\SwiftShader\3.2.6.45159\libglesv2.dll 2014-04-15 16:14 - 2014-02-10 13:44 - 00112128 _____ () C:\Users\Chantal\AppData\Local\Google\Chrome\User Data\SwiftShader\3.2.6.45159\libegl.dll 2014-07-21 21:20 - 2014-07-15 11:24 - 08537928 _____ () C:\Program Files\Google\Chrome\Application\36.0.1985.125\pdf.dll 2014-07-21 21:20 - 2014-07-15 11:24 - 00353096 _____ () C:\Program Files\Google\Chrome\Application\36.0.1985.125\ppGoogleNaClPluginChrome.dll 2014-07-21 21:20 - 2014-07-15 11:24 - 01732936 _____ () C:\Program Files\Google\Chrome\Application\36.0.1985.125\ffmpegsumo.dll 2014-07-21 21:20 - 2014-07-15 11:24 - 14664008 _____ () C:\Program Files\Google\Chrome\Application\36.0.1985.125\PepperFlash\pepflashplayer.dll ==================== Alternate Data Streams (whitelisted) ========= AlternateDataStreams: C:\ProgramData\TEMP:11590865 AlternateDataStreams: C:\ProgramData\TEMP:BB6F9D41 ==================== Safe Mode (whitelisted) =================== ==================== EXE Association (whitelisted) ============= ==================== MSCONFIG/TASK MANAGER disabled items ========= ==================== Faulty Device Manager Devices ============= ==================== Event log errors: ========================= Application errors: ================== Error: (07/22/2014 11:30:12 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Fehlerhafte Anwendung GUDownloader.exe, Version 1.0.0.4, Zeitstempel 0x53c76261, fehlerhaftes Modul ntdll.dll, Version 6.0.6002.18881, Zeitstempel 0x51da3e27, Ausnahmecode 0xc0000135, Fehleroffset 0x00009f5d, Prozess-ID 0xb80, Anwendungsstartzeit GUDownloader.exe0. Error: (07/21/2014 08:45:26 PM) (Source: SideBySide) (EventID: 33) (User: ) Description: Fehler beim Generieren des Aktivierungskontextes für "36.0.1985.125,language="*",type="win32",version="36.0.1985.125"1". Die abhängige Assemblierung "36.0.1985.125,language="*",type="win32",version="36.0.1985.125"" konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe". Error: (07/21/2014 08:45:26 PM) (Source: SideBySide) (EventID: 33) (User: ) Description: Fehler beim Generieren des Aktivierungskontextes für "36.0.1985.125,language="*",type="win32",version="36.0.1985.125"1". Die abhängige Assemblierung "36.0.1985.125,language="*",type="win32",version="36.0.1985.125"" konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe". Error: (07/21/2014 08:45:23 PM) (Source: SideBySide) (EventID: 33) (User: ) Description: Fehler beim Generieren des Aktivierungskontextes für "36.0.1985.125,language="*",type="win32",version="36.0.1985.125"1". Die abhängige Assemblierung "36.0.1985.125,language="*",type="win32",version="36.0.1985.125"" konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe". Error: (07/21/2014 08:45:22 PM) (Source: SideBySide) (EventID: 33) (User: ) Description: Fehler beim Generieren des Aktivierungskontextes für "36.0.1985.125,language="*",type="win32",version="36.0.1985.125"1". Die abhängige Assemblierung "36.0.1985.125,language="*",type="win32",version="36.0.1985.125"" konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe". Error: (07/21/2014 08:45:14 PM) (Source: SideBySide) (EventID: 33) (User: ) Description: Fehler beim Generieren des Aktivierungskontextes für "36.0.1985.125,language="*",type="win32",version="36.0.1985.125"1". Die abhängige Assemblierung "36.0.1985.125,language="*",type="win32",version="36.0.1985.125"" konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe". Error: (07/21/2014 08:45:03 PM) (Source: SideBySide) (EventID: 33) (User: ) Description: Fehler beim Generieren des Aktivierungskontextes für "36.0.1985.125,language="*",type="win32",version="36.0.1985.125"1". Die abhängige Assemblierung "36.0.1985.125,language="*",type="win32",version="36.0.1985.125"" konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe". Error: (07/21/2014 06:57:56 PM) (Source: MsiInstaller) (EventID: 11309) (User: Chantal-PC) Description: Product: Google Update Helper -- Error 1309. Error reading from file: C:\Program Files\globalUpdate\Update\1.3.25.0\Google\Update\RequiredFile.txt. System error 3. Verify that the file exists and that you can access it. Error: (07/17/2014 02:18:41 PM) (Source: Brother BrLog) (EventID: 1001) (User: ) Description: TWN BrtTWN: [2014/07/17 14:18:41.697]: [00005012]: Initialize TwdsMain Class failed! Error: (07/17/2014 02:18:41 PM) (Source: Brother BrLog) (EventID: 1001) (User: ) Description: TWN BrtTWN: [2014/07/17 14:18:41.697]: [00005012]: ##### Fatal ERROR!! Create STI-device failed! ##### System errors: ============= Error: (07/22/2014 09:35:49 PM) (Source: volsnap) (EventID: 36) (User: ) Description: Die Schattenkopien von Volume "C:" wurden abgebrochen, weil der Schattenkopiespeicher nicht auf ein benutzerdefiniertes Limit vergrößert werden konnte. Error: (07/22/2014 08:07:03 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: NVIDIA Update Service Daemon%%1069 Error: (07/22/2014 08:07:03 PM) (Source: Service Control Manager) (EventID: 7038) (User: ) Description: nvUpdatusService.\UpdatusUser%%1330 Error: (07/22/2014 08:06:10 PM) (Source: Service Control Manager) (EventID: 7026) (User: ) Description: i8042prt Error: (07/22/2014 08:06:10 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: Parallel port driver%%1058 Error: (07/22/2014 08:05:35 PM) (Source: DCOM) (EventID: 10016) (User: NT-AUTORITÄT) Description: AnwendungsspezifischLokalStart{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}NT-AUTORITÄTSYSTEMS-1-5-18LocalHost (unter Verwendung von LRPC) Error: (07/21/2014 09:43:27 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: NVIDIA Update Service Daemon%%1069 Error: (07/21/2014 09:43:27 PM) (Source: Service Control Manager) (EventID: 7038) (User: ) Description: nvUpdatusService.\UpdatusUser%%1330 Error: (07/21/2014 09:42:35 PM) (Source: Service Control Manager) (EventID: 7026) (User: ) Description: i8042prt Error: (07/21/2014 09:42:35 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: Parallel port driver%%1058 Microsoft Office Sessions: ========================= Error: (07/22/2014 11:30:12 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: GUDownloader.exe1.0.0.453c76261ntdll.dll6.0.6002.1888151da3e27c000013500009f5db8001cfa5f41e9b0f4f Error: (07/21/2014 08:45:26 PM) (Source: SideBySide) (EventID: 33) (User: ) Description: 36.0.1985.125,language="*",type="win32",version="36.0.1985.125"C:\Program Files\Google\Google Chrome\chrome.exe Error: (07/21/2014 08:45:26 PM) (Source: SideBySide) (EventID: 33) (User: ) Description: 36.0.1985.125,language="*",type="win32",version="36.0.1985.125"C:\Program Files\Google\Google Chrome\chrome.exe Error: (07/21/2014 08:45:23 PM) (Source: SideBySide) (EventID: 33) (User: ) Description: 36.0.1985.125,language="*",type="win32",version="36.0.1985.125"C:\Program Files\Google\Google Chrome\chrome.exe Error: (07/21/2014 08:45:22 PM) (Source: SideBySide) (EventID: 33) (User: ) Description: 36.0.1985.125,language="*",type="win32",version="36.0.1985.125"C:\Program Files\Google\Google Chrome\chrome.exe Error: (07/21/2014 08:45:14 PM) (Source: SideBySide) (EventID: 33) (User: ) Description: 36.0.1985.125,language="*",type="win32",version="36.0.1985.125"C:\Program Files\Google\Google Chrome\chrome.exe Error: (07/21/2014 08:45:03 PM) (Source: SideBySide) (EventID: 33) (User: ) Description: 36.0.1985.125,language="*",type="win32",version="36.0.1985.125"C:\Program Files\Google\Google Chrome\chrome.exe Error: (07/21/2014 06:57:56 PM) (Source: MsiInstaller) (EventID: 11309) (User: Chantal-PC) Description: Product: Google Update Helper -- Error 1309. Error reading from file: C:\Program Files\globalUpdate\Update\1.3.25.0\Google\Update\RequiredFile.txt. System error 3. Verify that the file exists and that you can access it.(NULL)(NULL)(NULL)(NULL) Error: (07/17/2014 02:18:41 PM) (Source: Brother BrLog) (EventID: 1001) (User: ) Description: TWNBrtTWN: [2014/07/17 14:18:41.697]: [00005012]: Initialize TwdsMain Class failed! Error: (07/17/2014 02:18:41 PM) (Source: Brother BrLog) (EventID: 1001) (User: ) Description: TWNBrtTWN: [2014/07/17 14:18:41.697]: [00005012]: ##### Fatal ERROR!! Create STI-device failed! ##### CodeIntegrity Errors: =================================== Date: 2014-07-22 23:53:35.089 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\klmouflt.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. Date: 2014-07-22 23:53:34.594 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\klmouflt.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. Date: 2014-07-22 23:53:34.246 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\klmouflt.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. Date: 2014-07-22 23:53:33.788 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\klmouflt.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. Date: 2014-07-22 23:53:33.150 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\klif.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. Date: 2014-07-22 23:53:32.745 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\klif.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. Date: 2014-07-22 23:53:32.191 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\klif.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. Date: 2014-07-22 23:53:31.726 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\klif.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. Date: 2013-09-07 19:08:10.064 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\klmouflt.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. Date: 2013-09-07 19:08:09.759 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\klmouflt.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. ==================== Memory info =========================== Percentage of memory in use: 69% Total physical RAM: 2813.55 MB Available physical RAM: 856.21 MB Total Pagefile: 5849.32 MB Available Pagefile: 3695.77 MB Total Virtual: 2047.88 MB Available Virtual: 1890.72 MB ==================== Drives ================================ Drive c: () (Fixed) (Total:100 GB) (Free:11.42 GB) NTFS ==>[Drive with boot components (obtained from BCD)] Drive d: () (Fixed) (Total:365.76 GB) (Free:39.32 GB) NTFS ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 466 GB) (Disk ID: 0A049EC8) Partition 1: (Active) - (Size=100 GB) - (Type=07 NTFS) Partition 2: (Not Active) - (Size=366 GB) - (Type=07 NTFS) ==================== End Of Log ============================ /CODE] |
Hallo wie sieht es nach folgenden Schritten aus? Schritt 1 Downloade Dir bitte  AdwCleaner auf deinen Desktop.
Schritt 2 Downloade Dir bitte Malwarebytes Anti-Malware
Schritt 3 Da der Scan mit Eset sehr gründlich ist, kann er unter Umständen mehrere Stunden dauern :kaffee: ESET Online Scanner
Schritt 4 Starte noch einmal FRST.
|
Es scheint schon beim ersten Programm funktioniert zu haben! :) Der Ordner scheint weg zu sein. Super Danke dir Sandra!!! Liebe Grüße Chantal Code: |
Hallo Chantal, befolge bitte trotzdem noch den Rest meiner Anweisungen. Auch wenn der Ordner nun gelöscht ist, sind wir hier noch nicht fertig. ;) Danke. |
Oh, wow danke. Von schritt zwei - malwarebytes - habe ich leider gestern danach schon alles gelöscht (hatte für mich eh alle drei schritte noch durchgemacht). Hier die logfiles vom AdwCleaner: AdwCleaner Logfile: Code: # AdwCleaner v3.216 - Bericht erstellt am 23/07/2014 um 09:19:56und AdwCleaner Logfile: Code: # AdwCleaner v3.216 - Bericht erstellt am 23/07/2014 um 09:21:18Hier der/die/das logfile von eset: Code: ESETSmartInstaller@High as downloader log:und hier von FRST: FRST Logfile: Code: Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:24-07-2014FRST Additions Logfile: Code: Additional scan result of Farbar Recovery Scan Tool (x86) Version:24-07-2014Vielen Dank fürs noch drüber schauen. Lg Magdelene |
Hallo, sind noch n paar kleine Reste übrig :) Schritt 1 Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster. Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument Code: SearchScopes: HKLM - DefaultScope value is missing.Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
OK So wie ich es sehe, haben wir damit alles Schadhafte entfernt. Deine Logs sind sauber. Abschließend räumen wir noch etwas auf, führen Updates durch und dann bekommst du noch etwas Lesestoff von mir. Schritt 1 Falls Du Malwarebytes-Antimalware und den ESET-Onlinescan nicht mehr benötigst, kannst Du beide Programme einfach über die Programmdeinstallation deinstallieren. Ich empfehle Dir aber zumindest Malwarebytes zu behalten, und damit einmal die Woche einen Kontrollscan zu machen. Schritt 2 Downloade dir bitte delfix auf deinen Desktop.
Updates / Programme aktualisieren
Stelle sicher, dass dein FlashPlayer nach Updates sucht. Den FlashPlayer kann man direkt bei der Installation so konfigurieren, dass er nach Updates automatisch sucht, nachträglich kann man das über folgenden Link machen: Adobe - Flash Player: Einstellungsmanager - Globale Benachrichtigungseinstellungen Nun zum Schluss noch ein paar Tipps zur Absicherung deines Systems. Aktualität des Systems Es ist extrem wichtig, dass sowohl dein System als auch die darauf installierte sicherheitsrelevante Software (Flash Player, PDF-Reader und besonders Java, sofern vorhanden) aktuell sind.
Antivirensoftware
Zusätzlicher Schutz
Alternative Browser Andere Browser tendieren zu etwas mehr Sicherheit als der Internet Explorer, da diese keine Active X Elemente verwenden. Diese können von Spyware zur Infektion deines Systems missbraucht werden.
Systemleistung Lösche regelmäßig deine temporären Dateien. Ich empfehle hierzu die Datenträgerbereinigung von Windows. Windows Vista
Windows 7
Windows 8
Halte dich fern von jeglichen Registry Cleanern. Diese schaden deinem System mehr als dass sie es schneller machen. Verhaltensregeln zum sichereren Surfen
Nun bleibt mir nur noch dir viel Spass beim sicheren Surfen zu wünschen. Hinweis: Bitte gib mir eine kurze Rückmeldung wenn alles erledigt ist und keine Fragen mehr vorhanden sind. Falls Du Lob oder Kritik abgeben möchtest, kannst Du das sehr gerne hier tun. Wenn Du etwas für das Forum und unsere Arbeit spenden möchtest, so kannst Du das hier tun. |
Super, vielen herzlichen Dank!!! Passt alles und es sind keine Fragen mehr offen! Grüße und Dank Magdelene |
Das freut mich. Alles Gute für dich :) |
| Alle Zeitangaben in WEZ +1. Es ist jetzt 00:57 Uhr. |
Copyright ©2000-2025, Trojaner-Board
