Trojaner-Board

Trojaner-Board (https://www.trojaner-board.de/)
-   Log-Analyse und Auswertung (https://www.trojaner-board.de/log-analyse-auswertung/)
-   -   Programme werden nicht mehr ausgeführt/Umleitung auf IE (https://www.trojaner-board.de/161323-programme-mehr-ausgefuehrt-umleitung-ie.html)

wahrk 29.11.2014 16:13
Programme werden nicht mehr ausgeführt/Umleitung auf IE
 
Hallo,

habe hier das Problem, dass alle Versuche ein Programm zu starten, augenscheinlich zum IE-Downloadmanager umgeleitet/abgefangen werden.

OS: Win7ProSP1x64

Erschwerend kommt hinzu, dass der betroffene Rechner unter italienischer Sprache läuft, die ich nicht beherrsche.

Ein Scan mittels c't Desinfec't 2014 ergab:

HTML-Code:
Virenfunde
          Avira        Bitdefender        Kaspersky        ClamAV        Aktion
/media/Preload/gs040000/Aggiornamenti/FaxOverNet/Versione precedente/fax-over-net-inst137_full.exe.VIRUS (GammaFax/FaxOverNet/netcat.exe)
        BDS/Rogue.725791                                VirusTotal Dateimanager
/media/Preload/System Volume Information/_restore{311E9C3F-5FF4-45FE-A6B2-17A07A2EE247}/RP911/A0065936.exe
                                Win.Worm.Tenga-45        VirusTotal Dateimanager umbenennen
/media/Preload/Users/user/AppData/Local/Temp/FEPBPTW/tmppack.exe (installer.pak)
                        not-a-virus:AdWare.Win32.BrainInst.ew                VirusTotal Dateimanager umbenennen
/media/Preload/Windows.old/Documents and Settings/Diamelia/Impostazioni locali/Dati applicazioni/Microsoft/Outlook/Outlook.pst (L)
        PHISH/Carta.TK                                VirusTotal Dateimanager umbenennen
/media/Preload/Program Files (x86)/PDF Creator/message.exe.VIRUS
        ADWARE/InstallCore.Gen                        Win.Adware.InstallCore-213        VirusTotal Dateimanager
/media/Preload/Windows.old/Documents and Settings/Diamelia/Dati applicazioni/Sun/Java/Deployment/cache/6.0/51/60636e33-561e9aa9 (mac.class)
        EXP/CVE-2012-0507.DO        Exploit.JAVA.CVE-2012-0507.BJ                        VirusTotal Dateimanager umbenennen
/media/Preload/Windows/winsxs/wow64_microsoft-windows-wmi-core_31bf3856ad364e35_6.1.7601.17514_none_21ceb2d66a98ec2f/WMIADAP.exe
                                Win.Trojan.Agent-819868        VirusTotal Dateimanager umbenennen
/media/Preload/Windows/Installer/abd6a0.msp
                                Win.Trojan.Agent-803988        VirusTotal Dateimanager umbenennen
/media/Preload/Users/user/AppData/Local/Temp/is765589038/5EE6D9F8_stp.EXE.VIRUS
        Adware/BrowseFox.aoh                        Win.Adware.Browsefox-47        VirusTotal Dateimanager
/media/Preload/System Volume Information/_restore{311E9C3F-5FF4-45FE-A6B2-17A07A2EE247}/RP951/A0067788.exe
                                Win.Worm.Tenga-45        VirusTotal Dateimanager umbenennen
/media/Preload/Windows.old/Documents and Settings/Diamelia/Dati applicazioni/Sun/Java/Deployment/cache/6.0/51/60636e33-561e9aa9 (hw.class)
        Java/Rilly.CJ                Exploit.Java.Agent.ia                VirusTotal Dateimanager umbenennen
/media/Preload/AdwCleaner/Quarantine/C/ProgramData/graeatasavingg/8V9k1cCtNpi1q1.x64.dll.vir.VIRUS
                Application.Generic.899696                        VirusTotal Dateimanager
/media/Preload/AdwCleaner/Quarantine/C/ProgramData/saveron/p68BULd9KF7IbN.exe.vir.VIRUS
        Adware/Strictor.641024        Gen:Variant.Adware.Strictor.61989                        VirusTotal Dateimanager
/media/Preload/Windows.old/Documents and Settings/Diamelia/Dati applicazioni/Sun/Java/Deployment/cache/6.0/51/60636e33-561e9aa9
                        HEUR:Exploit.Java.Generic                VirusTotal Dateimanager umbenennen
/media/Preload/Users/user/AppData/Local/Temp/is765589038/5EE6D9F8_stp.EXE.VIRUS ((NSIS o))
                Adware.BrowseFox.U                        VirusTotal Dateimanager
/media/Preload/Users/user/Downloads/PdfCreatorSetup.exe.VIRUS
        ADWARE/InstallCore.Gen9                                VirusTotal Dateimanager
/media/Preload/gs040000/Aggiornamenti/FaxOverNet/Versione precedente/fax-over-net-inst137_full.exe.VIRUS
        Worm/AgoBot.sag                                VirusTotal Dateimanager
/media/Preload/System Volume Information/_restore{311E9C3F-5FF4-45FE-A6B2-17A07A2EE247}/RP890/A0064601.exe
                                Win.Worm.Tenga-45        VirusTotal Dateimanager umbenennen
/media/Preload/ProgramData/Kaspersky Lab/PURE13/QB/f0c7100dcb3faa50.klq.VIRUS ((Quarantine-6))
                Gen:Variant.Adware.BProtector.2                        VirusTotal Dateimanager
/media/Preload/Windows.old/Documents and Settings/Diamelia/Impostazioni locali/Dati applicazioni/Microsoft/Outlook/Outlook.pst ([Subject: Banca inviato una notifica che e necessario completare][From: Gruppo BCC])
                Trojan.JS.Agent.ECL                        VirusTotal Dateimanager umbenennen
/media/Preload/Windows/SysWOW64/wbem/WMIADAP.exe
                                Win.Trojan.Agent-819868        VirusTotal Dateimanager umbenennen
/media/Preload/Users/user/AppData/Local/Microsoft/Windows/Temporary Internet Files/Low/Content.IE5/EBEV531U/fo.min[2].js
                                Html.Exploit.CVE_2014_6342        VirusTotal Dateimanager umbenennen
/media/Preload/Users/user/AppData/Local/Temp/PEYJFAING/installer.pak
                        not-a-virus:AdWare.Win32.BrainInst.ew                VirusTotal Dateimanager umbenennen
/media/Preload/AdwCleaner/Quarantine/C/users/user/AppData/Local/Google/Chrome/User Data/Default/Extensions/pjmeikjchdmhkegplkhfjobignjggkco/4.5/vVT9GuFVek.js.vir.VIRUS
                        not-a-virus:AdWare.JS.MultiPlug.z                VirusTotal Dateimanager
/media/Preload/AdwCleaner/Quarantine/C/users/user/AppData/Local/Google/Chrome/User Data/Default/Extensions/pjmeikjchdmhkegplkhfjobignjggkco/4.5/vVT9GuFVek.js.vir.VIRUS ((INFECTED_JS))
                JS:Trojan.Script.CMO                        VirusTotal Dateimanager
/media/Preload/Windows.old/Documents and Settings/Diamelia/Impostazioni locali/Dati applicazioni/Microsoft/Outlook/archive.pst (L)
        PHISH/Posteit.kio                                VirusTotal Dateimanager umbenennen
/media/Preload/Windows.old/Windows/Installer/25b23b24.msp
                                Win.Trojan.Agent-803988        VirusTotal Dateimanager umbenennen
/media/Preload/Users/user/AppData/Local/Microsoft/Windows/Temporary Internet Files/Low/Content.IE5/EBEV531U/fo.min[1].js
                                Html.Exploit.CVE_2014_6342        VirusTotal Dateimanager umbenennen
/media/Preload/AdwCleaner/Quarantine/C/ProgramData/graeatasavingg/8V9k1cCtNpi1q1.dll.vir.VIRUS
        ADWARE/MultiPlug.Gen        Gen:Variant.Adware.Graftor.159548        not-a-virus:AdWare.Win32.Agent.gond                VirusTotal Dateimanager
/media/Preload/AdwCleaner/Quarantine/C/ProgramData/Interenet Optimizer/InterenetOptimizerSvc.dll.vir.VIRUS
        TR/BProtector.186192        Gen:Variant.Adware.BProtector.4        not-a-virus:HEUR:AdWare.Win32.Bromngr.heur                VirusTotal Dateimanager
/media/Preload/ProgramData/Kaspersky Lab/PURE13/QB/16703ca58ee6f048.klq.VIRUS ((Quarantine-6))
                Gen:Variant.Kazy.493859                        VirusTotal Dateimanager
/media/Preload/Users/user/AppData/Local/Temp/is1242154493/23185346_stp/OptimizerPro3108.exe.VIRUS
                Application.BProtector.K                        VirusTotal Dateimanager
/media/Preload/Users/user/AppData/Local/Temp/ICSW_0A1O1O.exe (object)
        ADWARE/InstallCore.Gen7                                VirusTotal Dateimanager umbenennen
/media/Preload/Windows/winsxs/wow64_microsoft-windows-wmi-core_31bf3856ad364e35_6.1.7600.16385_none_1f9d9f0e6daa6895/WMIADAP.exe
                                Win.Trojan.Agent-819868        VirusTotal Dateimanager umbenennen
/media/Preload/Programmi/Samsung/Easy Printer Manager/sf.dll
                                Win.Trojan.Ramnit-2976        VirusTotal Dateimanager umbenennen
/media/Preload/Users/user/AppData/Local/Temp/FEPBPTW/installer.pak
                        not-a-virus:AdWare.Win32.BrainInst.ew                VirusTotal Dateimanager umbenennen
/media/Preload/Windows.old/Documents and Settings/Diamelia/Dati applicazioni/Thunderbird/Profiles/twldiw7d.default/Mail/Local Folders/Import Outlook4ffaf495.sbd/Cartelle archivio.sbd/Posta inviata ([From "Dr. Umbro Rosati"][Date 14 May 2010 15:13:00][Subj Paolo Castiglioni]/html/[From "Di Amelia Srl - Dr. Umbro Rosati"][Date 18 May 2010 10:20:00][Subj R: correzioni]/html/[From "Di Amelia Srl - Dr. Umbro Rosati"][Date 24 May 2010 10:08:00][Subj R: sito]/text/[From Castiglioni Associati ][Date 24 May 2010 11:46:28 ][Subj sito]/[From "Di Amelia Srl - Dr. Umbro Rosati"][Date 29 May 2010 12:34:00][Subj R: Invio Listino, catalogo e offerta.]/text/[From "Di Amelia Srl - ]]]/]/]]])
                        Trojan-Banker.HTML.Agent.p                VirusTotal Dateimanager umbenennen
/media/Preload/Windows.old/Documents and Settings/Diamelia/Dati applicazioni/Sun/Java/Deployment/cache/6.0/51/60636e33-561e9aa9 (test.class)
        Java/Rilly.CL                Exploit.Java.CVE-2012-0507.qq                VirusTotal Dateimanager umbenennen
/media/Preload/Users/user/AppData/Local/Temp/PEYJFAING/tmppack.exe (installer.pak)
                        not-a-virus:AdWare.Win32.BrainInst.ew                VirusTotal Dateimanager umbenennen
/media/Preload/AdwCleaner/Quarantine/C/ProgramData/graeatasavingg/8V9k1cCtNpi1q1.exe.vir.VIRUS
        Adware/MultiPlug.659968        Gen:Variant.Adware.Strictor.61989                        VirusTotal Dateimanager
/media/Preload/gs040000/Aggiornamenti/FaxOverNet/FaxOverNetSetup20.msi ((Embedded CAB))
                Backdoor.Generic.725791                        VirusTotal Dateimanager umbenennen
/media/Preload/AdwCleaner/Quarantine/C/ProgramData/saveron/p68BULd9KF7IbN.dll.vir.VIRUS
        ADWARE/MultiPlug.Gen        Gen:Variant.Adware.Graftor.154184                        VirusTotal Dateimanager
/media/Preload/Users/user/Downloads/PdfCreatorSetup.exe.VIRUS (object)
        ADWARE/InstallCore.Gen7                                VirusTotal Dateimanager
/media/Preload/Users/user/AppData/Local/Temp/is765589038/5EE6D9F8_stp.EXE.VIRUS (ProgramFilesDir/SunriseBrowse.mg.exe)
        Adware/BrowseFox.aoh                                VirusTotal Dateimanager
/media/Preload/Users/user/AppData/Local/Microsoft/Windows/Temporary Internet Files/Content.IE5/3DF33DW8/Setup.exe
                                Win.Adware.Mplug-52        VirusTotal Dateimanager umbenennen
/media/Preload/AdwCleaner/Quarantine/C/ProgramData/CheapCoupon/CheapCoupon.exe.vir
                                Win.Adware.Mplug-52        VirusTotal Dateimanager umbenennen
/media/Preload/ProgramData/Kaspersky Lab/PURE13/QB/faf679b7d5654078.klq.VIRUS ((Quarantine-6))
                Trojan.Generic.12029239                        VirusTotal Dateimanager

Alle gefundenen Dateien mit der Endung .VIRUS versehen
Ich habe alle gefundenen Dateien mit der Endung .VIRUS versehen lassen, doch nach Neustart keine Änderung. Gleiches im abgesicherten Modus.

Wer kann weiterhelfen?

Danke, wahrk

schrauber 29.11.2014 17:26
hi,

Scan mit Farbar's Recovery Scan Tool (Recovery Mode - Windows Vista, 7, 8)
Hinweise für Windows 8-Nutzer: Anleitung 1 (FRST-Variante) und Anleitung 2 (zweiter Teil)
  • Downloade dir bitte die passende Version des Tools (im Zweifel beide) und speichere diese auf einen USB Stick: FRST Download FRST 32-Bit | FRST 64-Bit
  • Schließe den USB Stick an das infizierte System an und boote das System in die System Reparatur Option.
  • Scanne jetzt nach der bebilderten Anleitung oder verwende die folgende Kurzanleitung:
Über den Boot Manager:
  • Starte den Rechner neu.
  • Während dem Hochfahren drücke mehrmals die F8 Taste
  • Wähle nun Computer reparieren.
  • Wähle dein Betriebssystem und Benutzerkonto und klicke jeweils "Weiter".
Mit Windows CD/DVD (auch bei Windows 8 möglich):
  • Lege die Windows CD in dein Laufwerk.
  • Starte den Rechner neu und starte von der CD.
  • Wähle die Spracheinstellungen und klicke "Weiter".
  • Klicke auf Computerreparaturoptionen !
  • Wähle dein Betriebssystem und Benutzerkonto und klicke jeweils "Weiter".
Wähle in den Reparaturoptionen: Eingabeaufforderung
  • Gib nun bitte notepad ein und drücke Enter.
  • Im öffnenden Textdokument: Datei > Speichern unter... und wähle Computer.
    Hier wird dir der Laufwerksbuchstabe deines USB Sticks angezeigt, merke ihn dir.
  • Schließe Notepad wieder
  • Gib nun bitte folgenden Befehl ein.
    e:\frst.exe bzw. e:\frst64.exe
    Hinweis: e steht für den Laufwerksbuchstaben deines USB Sticks, den du dir gemerkt hast. Gegebenfalls anpassen.
  • Akzeptiere den Disclaimer mit Ja und klicke Untersuchen
Das Tool erstellt eine FRST.txt auf deinem USB Stick. Poste den Inhalt bitte hier nach Möglichkeit in Code-Tags (Anleitung).


wahrk 29.11.2014 17:53
Hallo schrauber,

vielen Dank für die prompte Reaktion!

Hier das Scanergebnis:


FRST Logfile:

FRST Logfile:
Code:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 26-11-2014 01
Ran by SYSTEM on MININT-LUVQ4QN on 29-11-2014 17:46:52
Running from e:\
Platform: Windows 7 Professional (X64) OS Language: Italiano (Italia)
Internet Explorer Version 11
Boot Mode: Recovery

The current controlset is ControlSet001
ATTENTION!:=====> If the system is bootable FRST must be run from normal or Safe mode to create a complete log.

Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959176 2014-08-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [LexwareInfoService] => C:\Program Files (x86)\Lexware\Update Manager\LxUpdateManager.exe [208424 2013-10-08] (Haufe-Lexware GmbH & Co. KG)
Startup: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Monitora avvisi inchiostro - HP Officejet Pro 8610.lnk
ShortcutTarget: Monitora avvisi inchiostro - HP Officejet Pro 8610.lnk -> C:\Program Files\HP\HP Officejet Pro 8610\Bin\HPStatusBL.dll (Hewlett-Packard Co.)

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S2 HWDeviceService64.exe; C:\ProgramData\DatacardService\HWDeviceService64.exe [346976 2011-03-14] ()
S2 Lexware_Update_Service; C:\Program Files (x86)\Lexware\Update Service\Hmg.InstallationService.Service.exe [49664 2013-10-08] (Haufe-Lexware GmbH & Co. KG)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S3 ew_hwusbdev; system32\DRIVERS\ew_hwusbdev.sys [X]
S3 ew_usbenumfilter; system32\DRIVERS\ew_usbenumfilter.sys [X]
S3 huawei_cdcacm; system32\DRIVERS\ew_jucdcacm.sys [X]
S3 huawei_enumerator; system32\DRIVERS\ew_jubusenum.sys [X]
S3 huawei_ext_ctrl; system32\DRIVERS\ew_juextctrl.sys [X]
S3 huawei_wwanecm; system32\DRIVERS\ew_juwwanecm.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-11-29 17:46 - 2014-11-29 17:46 - 00000000 ____D () C:\FRST
2014-11-29 14:50 - 2014-11-29 15:33 - 00004546 _____ () C:\Users\user\Desktop\Rkill.txt
2014-11-28 15:57 - 2014-11-28 15:55 - 02148864 _____ () C:\Users\user\Downloads\adwcleaner_4.102.exe
2014-11-28 15:40 - 2014-11-07 20:49 - 00813744 _____ (Microsoft Corporation) C:\Users\user\Downloads\iexplore.exe
2014-11-28 15:40 - 2014-11-07 20:49 - 00813744 _____ (Microsoft Corporation) C:\Users\user\Downloads\iexplore (1).exe
2014-11-26 19:02 - 2014-11-26 19:02 - 00001340 _____ () C:\Users\user\Downloads\avast_free_antivirus_setup_online - collegamento.lnk
2014-11-26 17:33 - 2014-11-26 17:33 - 00000000 ____D () C:\Windows\System32\appmgmt
2014-11-26 17:29 - 2014-11-26 17:29 - 00000000 ____D () C:\Users\user\AppData\Local\Apps\2.0
2014-11-26 17:23 - 2014-11-26 18:31 - 05006864 _____ (AVAST Software) C:\Users\user\Downloads\avast_free_antivirus_setup_online.exe
2014-11-26 14:52 - 2014-11-26 17:34 - 00000000 ____D () C:\089d738d81d86a3f3c
2014-11-26 14:52 - 2014-11-26 14:52 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2014-11-26 14:52 - 2014-11-26 14:52 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2014-11-26 14:50 - 2012-07-26 04:08 - 00744448 _____ (Microsoft Corporation) C:\Windows\System32\WUDFx.dll
2014-11-26 14:50 - 2012-07-26 04:08 - 00229888 _____ (Microsoft Corporation) C:\Windows\System32\WUDFHost.exe
2014-11-26 14:50 - 2012-07-26 04:08 - 00194048 _____ (Microsoft Corporation) C:\Windows\System32\WUDFPlatform.dll
2014-11-26 14:50 - 2012-07-26 04:08 - 00084992 _____ (Microsoft Corporation) C:\Windows\System32\WUDFSvc.dll
2014-11-26 14:50 - 2012-07-26 04:08 - 00045056 _____ (Microsoft Corporation) C:\Windows\System32\WUDFCoinstaller.dll
2014-11-26 14:50 - 2012-07-26 03:26 - 00198656 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\WUDFRd.sys
2014-11-26 14:50 - 2012-07-26 03:26 - 00087040 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\WUDFPf.sys
2014-11-26 14:50 - 2012-06-02 15:57 - 00000003 _____ () C:\Windows\System32\Drivers\MsftWdf_User_01_11_00_Inbox_Critical.Wdf
2014-11-26 14:42 - 2014-06-27 03:08 - 02777088 _____ (Microsoft Corporation) C:\Windows\System32\msmpeg2vdec.dll
2014-11-26 14:42 - 2014-06-27 02:45 - 02285056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msmpeg2vdec.dll
2014-11-26 14:41 - 2014-09-09 23:11 - 00002048 _____ (Microsoft Corporation) C:\Windows\System32\tzres.dll
2014-11-26 14:41 - 2014-09-09 22:47 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2014-11-26 14:41 - 2013-05-10 06:49 - 00030720 _____ (Microsoft Corporation) C:\Windows\System32\cryptdlg.dll
2014-11-26 14:41 - 2013-05-10 04:20 - 00024576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptdlg.dll
2014-11-26 14:41 - 2012-12-07 14:20 - 00441856 _____ (Microsoft Corporation) C:\Windows\System32\Wpc.dll
2014-11-26 14:41 - 2012-12-07 14:15 - 02746368 _____ (Microsoft Corporation) C:\Windows\System32\gameux.dll
2014-11-26 14:41 - 2012-12-07 13:26 - 00308736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Wpc.dll
2014-11-26 14:41 - 2012-12-07 13:20 - 02576384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gameux.dll
2014-11-26 14:41 - 2012-12-07 12:20 - 00045568 _____ (Microsoft) C:\Windows\System32\oflc-nz.rs
2014-11-26 14:41 - 2012-12-07 12:20 - 00044544 _____ (Microsoft) C:\Windows\System32\pegibbfc.rs
2014-11-26 14:41 - 2012-12-07 12:20 - 00043520 _____ (Microsoft) C:\Windows\System32\csrr.rs
2014-11-26 14:41 - 2012-12-07 12:20 - 00030720 _____ (Microsoft) C:\Windows\System32\usk.rs
2014-11-26 14:41 - 2012-12-07 12:20 - 00023552 _____ (Microsoft) C:\Windows\System32\oflc.rs
2014-11-26 14:41 - 2012-12-07 12:20 - 00020480 _____ (Microsoft) C:\Windows\System32\pegi-pt.rs
2014-11-26 14:41 - 2012-12-07 12:20 - 00020480 _____ (Microsoft) C:\Windows\System32\pegi-fi.rs
2014-11-26 14:41 - 2012-12-07 12:19 - 00055296 _____ (Microsoft) C:\Windows\System32\cero.rs
2014-11-26 14:41 - 2012-12-07 12:19 - 00051712 _____ (Microsoft) C:\Windows\System32\esrb.rs
2014-11-26 14:41 - 2012-12-07 12:19 - 00046592 _____ (Microsoft) C:\Windows\System32\fpb.rs
2014-11-26 14:41 - 2012-12-07 12:19 - 00040960 _____ (Microsoft) C:\Windows\System32\cob-au.rs
2014-11-26 14:41 - 2012-12-07 12:19 - 00021504 _____ (Microsoft) C:\Windows\System32\grb.rs
2014-11-26 14:41 - 2012-12-07 12:19 - 00020480 _____ (Microsoft) C:\Windows\System32\pegi.rs
2014-11-26 14:41 - 2012-12-07 12:19 - 00015360 _____ (Microsoft) C:\Windows\System32\djctq.rs
2014-11-26 14:41 - 2012-12-07 11:46 - 00055296 _____ (Microsoft) C:\Windows\SysWOW64\cero.rs
2014-11-26 14:41 - 2012-12-07 11:46 - 00051712 _____ (Microsoft) C:\Windows\SysWOW64\esrb.rs
2014-11-26 14:41 - 2012-12-07 11:46 - 00046592 _____ (Microsoft) C:\Windows\SysWOW64\fpb.rs
2014-11-26 14:41 - 2012-12-07 11:46 - 00045568 _____ (Microsoft) C:\Windows\SysWOW64\oflc-nz.rs
2014-11-26 14:41 - 2012-12-07 11:46 - 00044544 _____ (Microsoft) C:\Windows\SysWOW64\pegibbfc.rs
2014-11-26 14:41 - 2012-12-07 11:46 - 00043520 _____ (Microsoft) C:\Windows\SysWOW64\csrr.rs
2014-11-26 14:41 - 2012-12-07 11:46 - 00040960 _____ (Microsoft) C:\Windows\SysWOW64\cob-au.rs
2014-11-26 14:41 - 2012-12-07 11:46 - 00030720 _____ (Microsoft) C:\Windows\SysWOW64\usk.rs
2014-11-26 14:41 - 2012-12-07 11:46 - 00023552 _____ (Microsoft) C:\Windows\SysWOW64\oflc.rs
2014-11-26 14:41 - 2012-12-07 11:46 - 00021504 _____ (Microsoft) C:\Windows\SysWOW64\grb.rs
2014-11-26 14:41 - 2012-12-07 11:46 - 00020480 _____ (Microsoft) C:\Windows\SysWOW64\pegi-pt.rs
2014-11-26 14:41 - 2012-12-07 11:46 - 00020480 _____ (Microsoft) C:\Windows\SysWOW64\pegi-fi.rs
2014-11-26 14:41 - 2012-12-07 11:46 - 00020480 _____ (Microsoft) C:\Windows\SysWOW64\pegi.rs
2014-11-26 14:41 - 2012-12-07 11:46 - 00015360 _____ (Microsoft) C:\Windows\SysWOW64\djctq.rs
2014-11-26 14:41 - 2012-11-30 00:17 - 00420064 _____ () C:\Windows\SysWOW64\locale.nls
2014-11-26 14:41 - 2012-11-30 00:15 - 00420064 _____ () C:\Windows\System32\locale.nls
2014-11-26 14:40 - 2014-10-14 03:13 - 03241984 _____ (Microsoft Corporation) C:\Windows\System32\msi.dll
2014-11-26 14:40 - 2014-10-14 02:50 - 02363904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2014-11-26 14:40 - 2012-10-03 18:44 - 00303104 _____ (Microsoft Corporation) C:\Windows\System32\nlasvc.dll
2014-11-26 14:40 - 2012-10-03 18:44 - 00246272 _____ (Microsoft Corporation) C:\Windows\System32\netcorehc.dll
2014-11-26 14:40 - 2012-10-03 18:44 - 00216576 _____ (Microsoft Corporation) C:\Windows\System32\ncsi.dll
2014-11-26 14:40 - 2012-10-03 18:44 - 00070656 _____ (Microsoft Corporation) C:\Windows\System32\nlaapi.dll
2014-11-26 14:40 - 2012-10-03 18:44 - 00018944 _____ (Microsoft Corporation) C:\Windows\System32\netevent.dll
2014-11-26 14:40 - 2012-10-03 18:42 - 00569344 _____ (Microsoft Corporation) C:\Windows\System32\iphlpsvc.dll
2014-11-26 14:40 - 2012-10-03 17:42 - 00175104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\netcorehc.dll
2014-11-26 14:40 - 2012-10-03 17:42 - 00156672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncsi.dll
2014-11-26 14:40 - 2012-10-03 17:42 - 00018944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\netevent.dll
2014-11-26 14:40 - 2012-10-03 17:07 - 00045568 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\tcpipreg.sys
2014-11-26 14:40 - 2012-01-13 08:12 - 00052224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nlaapi.dll
2014-11-26 14:40 - 2011-03-11 07:41 - 00410496 _____ (Intel Corporation) C:\Windows\System32\Drivers\iaStorV.sys
2014-11-26 14:40 - 2011-03-11 07:41 - 00166272 _____ (NVIDIA Corporation) C:\Windows\System32\Drivers\nvstor.sys
2014-11-26 14:40 - 2011-03-11 07:41 - 00148352 _____ (NVIDIA Corporation) C:\Windows\System32\Drivers\nvraid.sys
2014-11-26 14:40 - 2011-03-11 07:41 - 00107904 _____ (Advanced Micro Devices) C:\Windows\System32\Drivers\amdsata.sys
2014-11-26 14:40 - 2011-03-11 07:41 - 00027008 _____ (Advanced Micro Devices) C:\Windows\System32\Drivers\amdxata.sys
2014-11-26 14:40 - 2011-03-11 07:33 - 02565632 _____ (Microsoft Corporation) C:\Windows\System32\esent.dll
2014-11-26 14:40 - 2011-03-11 07:30 - 00096768 _____ (Microsoft Corporation) C:\Windows\System32\fsutil.exe
2014-11-26 14:40 - 2011-03-11 06:33 - 01699328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\esent.dll
2014-11-26 14:40 - 2011-03-11 06:31 - 00074240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fsutil.exe
2014-11-26 14:40 - 2011-03-11 05:37 - 00091648 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\USBSTOR.SYS
2014-11-26 14:40 - 2011-02-18 11:51 - 00031232 _____ (Microsoft Corporation) C:\Windows\System32\prevhost.exe
2014-11-26 14:40 - 2011-02-18 06:39 - 00031232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\prevhost.exe
2014-11-26 14:39 - 2014-09-25 03:08 - 00371712 _____ (Microsoft Corporation) C:\Windows\System32\qdvd.dll
2014-11-26 14:39 - 2014-09-25 02:40 - 00519680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qdvd.dll
2014-11-26 14:39 - 2014-06-25 03:05 - 14175744 _____ (Microsoft Corporation) C:\Windows\System32\shell32.dll
2014-11-26 14:39 - 2014-06-25 02:41 - 12874240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2014-11-26 14:39 - 2014-02-04 03:35 - 00274880 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\msiscsi.sys
2014-11-26 14:39 - 2014-02-04 03:35 - 00190912 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\storport.sys
2014-11-26 14:39 - 2014-02-04 03:35 - 00027584 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\Diskdump.sys
2014-11-26 14:39 - 2014-02-04 03:28 - 00002048 _____ (Microsoft Corporation) C:\Windows\System32\iologmsg.dll
2014-11-26 14:39 - 2014-02-04 03:00 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iologmsg.dll
2014-11-26 14:39 - 2014-01-24 03:37 - 01684928 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\ntfs.sys
2014-11-26 14:39 - 2013-07-04 13:57 - 00259584 _____ (Microsoft Corporation) C:\Windows\System32\WebClnt.dll
2014-11-26 14:39 - 2013-07-04 13:50 - 00102400 _____ (Microsoft Corporation) C:\Windows\System32\davclnt.dll
2014-11-26 14:39 - 2013-07-04 12:57 - 00205824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WebClnt.dll
2014-11-26 14:39 - 2013-07-04 12:51 - 00081920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\davclnt.dll
2014-11-26 14:39 - 2013-07-04 11:11 - 00140800 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\mrxdav.sys
2014-11-26 14:39 - 2013-01-24 07:01 - 00223752 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\fvevol.sys
2014-11-26 14:39 - 2012-08-21 22:01 - 00245760 _____ (Microsoft Corporation) C:\Windows\System32\OxpsConverter.exe
2014-11-26 14:39 - 2012-05-05 09:36 - 00503808 _____ (Microsoft Corporation) C:\Windows\System32\srcore.dll
2014-11-26 14:39 - 2012-05-05 08:46 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2014-11-26 14:39 - 2012-05-01 06:40 - 00209920 _____ (Microsoft Corporation) C:\Windows\System32\profsvc.dll
2014-11-26 14:38 - 2014-02-04 03:32 - 01424384 _____ (Microsoft Corporation) C:\Windows\System32\WindowsCodecs.dll
2014-11-26 14:38 - 2014-02-04 03:04 - 01230336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2014-11-26 14:32 - 2013-08-28 02:12 - 00461312 _____ (Microsoft Corporation) C:\Windows\System32\scavengeui.dll
2014-11-26 14:28 - 2014-11-26 14:28 - 00007989 _____ () C:\Users\user\Desktop\Nuovo Foglio di lavoro di Microsoft Office Excel.xlsx
2014-11-26 13:59 - 2014-11-26 14:09 - 204169128 _____ () C:\Users\user\Downloads\kts15.0.1.415de-de.exe
2014-11-26 13:51 - 2014-11-29 17:01 - 00000978 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-11-26 13:51 - 2014-11-26 13:51 - 00003916 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-11-25 09:24 - 2014-11-11 04:08 - 00728064 _____ (Microsoft Corporation) C:\Windows\System32\kerberos.dll
2014-11-25 09:24 - 2014-11-11 04:08 - 00241152 _____ (Microsoft Corporation) C:\Windows\System32\pku2u.dll
2014-11-25 09:24 - 2014-11-11 03:44 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2014-11-25 09:24 - 2014-11-11 03:44 - 00186880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pku2u.dll
2014-11-13 18:56 - 2014-11-13 18:56 - 00000000 ____D () C:\Users\user\Documents\deskcalc
2014-11-13 17:23 - 2014-11-13 17:30 - 00000000 ____D () C:\Users\user\Desktop\Buchhaltung
2014-11-13 17:08 - 2014-11-13 17:08 - 00000000 ___SD () C:\Users\user\Documents\Origini dati utente
2014-11-13 16:55 - 2014-11-13 16:55 - 00000000 __SHD () C:\Users\user\AppData\Local\EmieBrowserModeList
2014-11-13 16:27 - 2014-11-13 16:27 - 00000000 ___SD () C:\Users\user\Documents\Passwords Database
2014-11-13 16:26 - 2014-11-26 18:31 - 116422520 _____ (Kaspersky Lab) C:\Users\user\Downloads\pure13.0.2.558de-de (1).exe.psq8klw.partial
2014-11-13 15:41 - 2014-11-13 15:41 - 00262144 _____ () C:\Windows\System32\config\elam
2014-11-12 11:58 - 2014-11-12 11:58 - 00000078 _____ () C:\Windows\System32\ricdb.ini
2014-11-12 11:58 - 2014-11-12 11:58 - 00000000 ____D () C:\ProgramData\RICOH
2014-11-12 11:57 - 2014-11-12 11:57 - 00000000 ____D () C:\ProgramData\Samsung
2014-11-12 11:57 - 2014-11-12 11:57 - 00000000 ____D () C:\Program Files (x86)\SamsungPrinterLiveUpdate
2014-11-12 11:56 - 2014-11-12 11:56 - 00000000 ____D () C:\ProgramData\EPSON
2014-11-12 05:54 - 2014-11-07 20:49 - 00388272 _____ (Microsoft Corporation) C:\Windows\System32\iedkcs32.dll
2014-11-12 05:54 - 2014-11-07 20:23 - 00341168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-11-12 05:54 - 2014-11-06 05:04 - 02724864 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2014-11-12 05:54 - 2014-11-06 05:03 - 25110016 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2014-11-12 05:54 - 2014-11-06 05:03 - 00004096 _____ (Microsoft Corporation) C:\Windows\System32\ieetwcollectorres.dll
2014-11-12 05:54 - 2014-11-06 04:47 - 00066560 _____ (Microsoft Corporation) C:\Windows\System32\iesetup.dll
2014-11-12 05:54 - 2014-11-06 04:46 - 00580096 _____ (Microsoft Corporation) C:\Windows\System32\vbscript.dll
2014-11-12 05:54 - 2014-11-06 04:46 - 00048640 _____ (Microsoft Corporation) C:\Windows\System32\ieetwproxystub.dll
2014-11-12 05:54 - 2014-11-06 04:44 - 00088064 _____ (Microsoft Corporation) C:\Windows\System32\MshtmlDac.dll
2014-11-12 05:54 - 2014-11-06 04:43 - 02884096 _____ (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2014-11-12 05:54 - 2014-11-06 04:36 - 00054784 _____ (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2014-11-12 05:54 - 2014-11-06 04:35 - 00034304 _____ (Microsoft Corporation) C:\Windows\System32\iernonce.dll
2014-11-12 05:54 - 2014-11-06 04:31 - 00633856 _____ (Microsoft Corporation) C:\Windows\System32\ieui.dll
2014-11-12 05:54 - 2014-11-06 04:30 - 00144384 _____ (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2014-11-12 05:54 - 2014-11-06 04:30 - 00114688 _____ (Microsoft Corporation) C:\Windows\System32\ieetwcollector.exe
2014-11-12 05:54 - 2014-11-06 04:29 - 00814080 _____ (Microsoft Corporation) C:\Windows\System32\jscript9diag.dll
2014-11-12 05:54 - 2014-11-06 04:28 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-11-12 05:54 - 2014-11-06 04:23 - 06040064 _____ (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2014-11-12 05:54 - 2014-11-06 04:20 - 00968704 _____ (Microsoft Corporation) C:\Windows\System32\MsSpellCheckingFacility.exe
2014-11-12 05:54 - 2014-11-06 04:16 - 00490496 _____ (Microsoft Corporation) C:\Windows\System32\dxtmsft.dll
2014-11-12 05:54 - 2014-11-06 04:13 - 00501248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-11-12 05:54 - 2014-11-06 04:13 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-11-12 05:54 - 2014-11-06 04:12 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-11-12 05:54 - 2014-11-06 04:10 - 19781632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-11-12 05:54 - 2014-11-06 04:10 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-11-12 05:54 - 2014-11-06 04:07 - 00077824 _____ (Microsoft Corporation) C:\Windows\System32\JavaScriptCollectionAgent.dll
2014-11-12 05:54 - 2014-11-06 04:05 - 02277376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-11-12 05:54 - 2014-11-06 04:04 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-11-12 05:54 - 2014-11-06 04:03 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-11-12 05:54 - 2014-11-06 04:02 - 00199680 _____ (Microsoft Corporation) C:\Windows\System32\msrating.dll
2014-11-12 05:54 - 2014-11-06 04:00 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-11-12 05:54 - 2014-11-06 04:00 - 00092160 _____ (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2014-11-12 05:54 - 2014-11-06 03:59 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-11-12 05:54 - 2014-11-06 03:58 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-11-12 05:54 - 2014-11-06 03:57 - 00316928 _____ (Microsoft Corporation) C:\Windows\System32\dxtrans.dll
2014-11-12 05:54 - 2014-11-06 03:48 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-11-12 05:54 - 2014-11-06 03:42 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-11-12 05:54 - 2014-11-06 03:41 - 00800768 _____ (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2014-11-12 05:54 - 2014-11-06 03:41 - 00716800 _____ (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe
2014-11-12 05:54 - 2014-11-06 03:39 - 01359360 _____ (Microsoft Corporation) C:\Windows\System32\mshtmlmedia.dll
2014-11-12 05:54 - 2014-11-06 03:38 - 02124288 _____ (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2014-11-12 05:54 - 2014-11-06 03:37 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-11-12 05:54 - 2014-11-06 03:36 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-11-12 05:54 - 2014-11-06 03:34 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-11-12 05:54 - 2014-11-06 03:30 - 14390272 _____ (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2014-11-12 05:54 - 2014-11-06 03:22 - 00688640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-11-12 05:54 - 2014-11-06 03:21 - 04298240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-11-12 05:54 - 2014-11-06 03:21 - 02051072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-11-12 05:54 - 2014-11-06 03:20 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-11-12 05:54 - 2014-11-06 03:17 - 02365440 _____ (Microsoft Corporation) C:\Windows\System32\wininet.dll
2014-11-12 05:54 - 2014-11-06 03:04 - 01550336 _____ (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2014-11-12 05:54 - 2014-11-06 03:03 - 12819456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-11-12 05:54 - 2014-11-06 02:53 - 00799232 _____ (Microsoft Corporation) C:\Windows\System32\ieapfltr.dll
2014-11-12 05:54 - 2014-11-06 02:52 - 01892864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-11-12 05:54 - 2014-11-06 02:48 - 01310208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-11-12 05:54 - 2014-11-06 02:47 - 00708096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-11-12 05:54 - 2014-10-14 03:16 - 00155064 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\ksecpkg.sys
2014-11-12 05:54 - 2014-10-14 03:13 - 00683520 _____ (Microsoft Corporation) C:\Windows\System32\termsrv.dll
2014-11-12 05:54 - 2014-10-14 03:12 - 01460736 _____ (Microsoft Corporation) C:\Windows\System32\lsasrv.dll
2014-11-12 05:54 - 2014-10-14 03:09 - 00146432 _____ (Microsoft Corporation) C:\Windows\System32\msaudite.dll
2014-11-12 05:54 - 2014-10-14 03:07 - 00681984 _____ (Microsoft Corporation) C:\Windows\System32\adtschema.dll
2014-11-12 05:54 - 2014-10-14 02:50 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2014-11-12 05:54 - 2014-10-14 02:49 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2014-11-12 05:54 - 2014-10-14 02:47 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2014-11-12 05:54 - 2014-10-14 02:46 - 00681984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2014-11-12 05:53 - 2014-10-25 02:57 - 00077824 _____ (Microsoft Corporation) C:\Windows\System32\packager.dll
2014-11-12 05:53 - 2014-10-25 02:32 - 00067584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\packager.dll
2014-11-12 05:53 - 2014-10-18 03:05 - 00861696 _____ (Microsoft Corporation) C:\Windows\System32\oleaut32.dll
2014-11-12 05:53 - 2014-10-18 02:33 - 00571904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleaut32.dll
2014-11-12 05:53 - 2014-10-10 01:57 - 03198976 _____ (Microsoft Corporation) C:\Windows\System32\win32k.sys
2014-11-12 05:53 - 2014-10-03 03:12 - 00500224 _____ (Microsoft Corporation) C:\Windows\System32\AUDIOKSE.dll
2014-11-12 05:53 - 2014-10-03 03:11 - 00680960 _____ (Microsoft Corporation) C:\Windows\System32\audiosrv.dll
2014-11-12 05:53 - 2014-10-03 03:11 - 00440832 _____ (Microsoft Corporation) C:\Windows\System32\AudioEng.dll
2014-11-12 05:53 - 2014-10-03 03:11 - 00296448 _____ (Microsoft Corporation) C:\Windows\System32\AudioSes.dll
2014-11-12 05:53 - 2014-10-03 03:11 - 00284672 _____ (Microsoft Corporation) C:\Windows\System32\EncDump.dll
2014-11-12 05:53 - 2014-10-03 02:44 - 00442880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AUDIOKSE.dll
2014-11-12 05:53 - 2014-10-03 02:44 - 00374784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioEng.dll
2014-11-12 05:53 - 2014-10-03 02:44 - 00195584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioSes.dll
2014-11-12 05:53 - 2014-09-19 10:42 - 00342016 _____ (Microsoft Corporation) C:\Windows\System32\schannel.dll
2014-11-12 05:53 - 2014-09-19 10:42 - 00314880 _____ (Microsoft Corporation) C:\Windows\System32\msv1_0.dll
2014-11-12 05:53 - 2014-09-19 10:42 - 00309760 _____ (Microsoft Corporation) C:\Windows\System32\ncrypt.dll
2014-11-12 05:53 - 2014-09-19 10:42 - 00210944 _____ (Microsoft Corporation) C:\Windows\System32\wdigest.dll
2014-11-12 05:53 - 2014-09-19 10:42 - 00086528 _____ (Microsoft Corporation) C:\Windows\System32\TSpkg.dll
2014-11-12 05:53 - 2014-09-19 10:42 - 00022016 _____ (Microsoft Corporation) C:\Windows\System32\credssp.dll
2014-11-12 05:53 - 2014-09-19 10:23 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2014-11-12 05:53 - 2014-09-19 10:23 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2014-11-12 05:53 - 2014-09-19 10:23 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2014-11-12 05:53 - 2014-09-19 10:23 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2014-11-12 05:53 - 2014-09-19 10:23 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2014-11-12 05:53 - 2014-09-19 10:23 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2014-11-12 05:53 - 2014-08-21 07:43 - 01882624 _____ (Microsoft Corporation) C:\Windows\System32\msxml3.dll
2014-11-12 05:53 - 2014-08-21 07:40 - 00002048 _____ (Microsoft Corporation) C:\Windows\System32\msxml3r.dll
2014-11-12 05:53 - 2014-08-21 07:26 - 01237504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2014-11-12 05:53 - 2014-08-21 07:23 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
2014-11-12 05:53 - 2014-08-12 03:02 - 00878080 _____ (Microsoft Corporation) C:\Windows\System32\IMJP10K.DLL
2014-11-12 05:53 - 2014-08-12 02:36 - 00701440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IMJP10K.DLL
2014-11-11 19:49 - 2014-11-11 19:49 - 00000000 ____D () C:\Users\user\AppData\Roaming\Macromedia
2014-11-11 12:08 - 2014-11-26 13:50 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-11-11 12:08 - 2014-11-26 13:50 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-11-11 12:08 - 2014-11-11 12:08 - 00000000 ____D () C:\Windows\SysWOW64\Macromed
2014-11-11 12:08 - 2014-11-11 12:08 - 00000000 ____D () C:\Windows\System32\Macromed
2014-11-11 11:02 - 2014-11-11 11:02 - 00000325 _____ () C:\Users\user\Desktop\Strumenti diagnostici stampante HP.url
2014-10-30 15:13 - 2014-11-26 13:48 - 00000000 ____D () C:\ProgramData\Kaspersky Lab
2014-10-30 15:07 - 2014-10-30 15:09 - 194055688 _____ (Kaspersky Lab) C:\Users\user\Downloads\pure13.0.2.558de-de.exe
2014-10-30 14:59 - 2014-10-30 15:00 - 00000000 ____D () C:\AdwCleaner
2014-10-30 14:59 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\Windows\SysWOW64\sqlite3.dll

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-11-29 17:36 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-11-29 17:36 - 2009-07-14 05:51 - 00040609 _____ () C:\Windows\setupact.log
2014-11-29 17:31 - 2014-08-04 16:35 - 02053733 _____ () C:\Windows\WindowsUpdate.log
2014-11-29 16:50 - 2014-08-05 10:40 - 00003918 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{522CDED3-69D2-4C3C-BD01-5AA14290CDB0}
2014-11-29 15:55 - 2009-07-14 05:45 - 00015856 ____H () C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-11-29 15:55 - 2009-07-14 05:45 - 00015856 ____H () C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-11-29 14:37 - 2009-07-14 11:53 - 00698332 _____ () C:\Windows\System32\perfh010.dat
2014-11-29 14:37 - 2009-07-14 11:53 - 00127558 _____ () C:\Windows\System32\perfc010.dat
2014-11-29 14:37 - 2009-07-14 06:13 - 01541382 _____ () C:\Windows\System32\PerfStringBackup.INI
2014-11-29 02:25 - 2014-10-04 16:15 - 00000000 ____D () C:\Program Files (x86)\PDF Creator
2014-11-26 20:08 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\rescache
2014-11-26 18:24 - 2014-08-06 08:44 - 00000000 ____D () C:\Users\user\AppData\Roaming\Adobe
2014-11-26 17:51 - 2014-08-05 10:57 - 00113128 _____ () C:\Users\user\AppData\Local\GDIPFONTCACHEV1.DAT
2014-11-26 17:50 - 2014-08-06 09:36 - 00001986 _____ () C:\Users\Public\Desktop\Adobe Reader XI.lnk
2014-11-26 17:50 - 2014-08-06 09:36 - 00000000 ____D () C:\ProgramData\Adobe
2014-11-26 17:36 - 2014-08-06 08:24 - 00017796 _____ () C:\Windows\PFRO.log
2014-11-26 17:36 - 2009-07-14 05:45 - 00428760 _____ () C:\Windows\System32\FNTCACHE.DAT
2014-11-26 17:34 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
2014-11-26 14:52 - 2014-08-06 08:00 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-11-26 14:11 - 2014-10-22 12:07 - 00000000 ____D () C:\Users\user\Desktop\Rhein Food-Gino
2014-11-26 14:03 - 2014-10-03 11:13 - 00000000 ____D () C:\Users\user\Desktop\RHEINFOOD
2014-11-26 13:43 - 2014-10-17 12:06 - 00000000 ____D () C:\ProgramData\Lexware
2014-11-18 10:58 - 2014-10-06 11:09 - 00000000 ____D () C:\Users\user\AppData\Roaming\HpUpdate
2014-11-17 20:56 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\System32\NDF
2014-11-13 18:56 - 2014-08-05 10:36 - 00000000 ____D () C:\Users\user\AppData\Local\VirtualStore
2014-11-13 03:03 - 2014-08-05 15:58 - 00000000 ____D () C:\Windows\System32\MRT
2014-11-13 03:01 - 2014-08-05 15:58 - 103374192 _____ (Microsoft Corporation) C:\Windows\System32\MRT.exe
2014-11-12 11:57 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\System32\spool
2014-11-12 11:52 - 2009-07-14 04:20 - 00000000 __RHD () C:\Users\Public\Libraries
2014-11-11 10:57 - 2014-10-17 12:08 - 00000000 ____D () C:\Users\user\AppData\Local\Lexware
2014-11-04 14:30 - 2014-08-05 10:48 - 00275080 ____N (Microsoft Corporation) C:\Windows\System32\MpSigStub.exe
2014-10-31 14:43 - 2014-08-06 09:36 - 00000000 ____D () C:\Program Files (x86)\Google
2014-10-31 14:42 - 2014-08-06 09:36 - 00000000 ____D () C:\Users\user\AppData\Local\Google
2014-10-30 15:10 - 2014-08-05 10:57 - 00001912 _____ () C:\Windows\epplauncher.mif

Some content of TEMP:
====================
C:\Users\user\AppData\Local\Temp\optprosetup.exe
C:\Users\user\AppData\Local\Temp\Quarantine.exe


==================== Known DLLs (Whitelisted) ================


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== Restore Points  =========================

Restore point made on: 2014-11-13 03:00:26
Restore point made on: 2014-11-17 14:58:57
Restore point made on: 2014-11-25 09:25:18
Restore point made on: 2014-11-25 16:09:58
Restore point made on: 2014-11-26 14:42:22

==================== Memory info ===========================

Percentage of memory in use: 14%
Total physical RAM: 4061.24 MB
Available physical RAM: 3475.89 MB
Total Pagefile: 4059.39 MB
Available Pagefile: 3467.98 MB
Total Virtual: 8192 MB
Available Virtual: 8191.88 MB

==================== Drives ================================

Drive c: (Preload) (Fixed) (Total:293.32 GB) (Free:190.59 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive e: () (Removable) (Total:7.34 GB) (Free:1.44 GB) FAT32
Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 298.1 GB) (Disk ID: A9960A15)
Partition 1: (Active) - (Size=293.3 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=4.8 GB) - (Type=12)

========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 7.4 GB) (Disk ID: 00000000)

Partition: GPT Partition Type.


LastRegBack: 2014-11-25 09:47

==================== End Of Log ============================
--- --- ---

--- --- ---

schrauber 30.11.2014 08:46
Zitat:
habe hier das Problem, dass alle Versuche ein Programm zu starten, augenscheinlich zum IE-Downloadmanager umgeleitet/abgefangen werden.
Woran genau bemerkst Du das? FRST bitte auf den Desktop schieben und von dort laufen lassen, beide Logfiles posten.

wahrk 30.11.2014 10:03
Hallo schrauber,

verschieben auf den Desktop geht, ausführen kann ich FRST64 nicht:

http://abload.de/img/pich3uwe.jpg

Klicke ich "Esegui" oder "Salva" erhalte ich das:

http://abload.de/img/pic2y5e4y.jpg

Weiter komme ich nicht.

schrauber 30.11.2014 17:32
Klick auf das blaue, das heisst weitere Informationen, dann auf trotzdem ausführen.

Woher ist der REchner? Warum hast du einen Rechner mit Windows in der Sprache wenn Du sie nicht kannst?

wahrk 01.12.2014 20:07
Hallo schrauber,

danke für deine Mühen, hat sich erledigt.

Tja der Rechner war von einem Besitzer einer - rate mal! - Pizzeria. Darauf war die Buchhaltung und die wurde DRINGEND gebraucht. Also wie immer. Ich habe dann die automatische Sicherungsdatei der Buchhaltung kopiert und den Rechner neu aufgesetzt. Das hat sich bei der Anzahl der Virenfunde auch empfohlen.
Übrigens ist die Sprache jetzt auf "Tedesco" gestellt, jetzt versteh ich wieder was. :applaus:

Nochmals recht herzlichen Dank,
wahrk

schrauber 02.12.2014 17:38
ok :)


Alle Zeitangaben in WEZ +1. Es ist jetzt 16:43 Uhr.

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131