Dks für den Tipp.
Hier noch mal das FRST Log - Additional gab es dieses mal nicht. Ausserdem viel mir auf, das der PC anfängt zu zicken. 2x wurden heute mails die ich senden wollte von 2 verschiedenen providern als undelivered zurückgeschickt wegen angeblicher Sicherheitsprobleme im Anhang, während der ganzen Zeit unseres Dialogs war dieses nicht der Fall. Waren auch keine Anhänge von ausserhalb, sondern welche die seit Jahren auf dem PC vorhanden sind und an X Adressaten bereits versandt wurden .. very strange...
FRST Logfile:
FRST Logfile: Code:
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 19-01-2015
Ran by Bade (administrator) on WEB2-PC on 21-01-2015 15:00:29
Running from C:\Users\Bade\Downloads
Loaded Profiles: Bade (Available profiles: WEB2 & Bade & Administrator)
Platform: Microsoft Windows 7 Home Premium Service Pack 1 (X86) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2015\avgrsx.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2015\avgcsrvx.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2015\avgidsagent.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2015\avgwdsvc.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\VS7Debug\mdm.exe
(pdfforge GmbH) C:\Program Files\PDF Architect 2\creator-ws.exe
() C:\Program Files\CyberLink\Shared Files\RichVideo.exe
(Samsung Electronics Co., Ltd.) C:\Windows\System32\spool\drivers\w32x86\3\NetFaxServer.exe
(TuneUp Software) C:\Program Files\TuneUp Utilities 2014\TuneUpUtilitiesService32.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2015\avgnsx.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2015\avgemcx.exe
(TuneUp Software) C:\Program Files\TuneUp Utilities 2014\TuneUpUtilitiesApp32.exe
() C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2015\avgui.exe
(Samsung Electronics Co., Ltd.) C:\Program Files\Samsung\Easy Printer Manager\SpoolerComp.exe
(Samsung Electronics Co., Ltd.) C:\Windows\System32\spool\drivers\w32x86\3\NetFaxTray.exe
(Piriform Ltd) D:\Programme\CCleaner\CCleaner.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office10\MSOFFICE.EXE
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [CDAServer] => C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe [350072 2012-03-09] ()
HKLM\...\Run: [AVG_UI] => C:\Program Files\AVG\AVG2015\avgui.exe [3667472 2014-12-18] (AVG Technologies CZ, s.r.o.)
HKLM\...\Run: [APSDaemon] => C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [43816 2014-07-03] (Apple Inc.)
HKU\S-1-5-21-2674687411-896115206-3012793717-1003\...\Run: [EEDSpeedLauncher] => rundll32.exe C:\Windows\system32\eed_ec.dll,SpeedLauncher
HKU\S-1-5-21-2674687411-896115206-3012793717-1003\...\Run: [CCleaner Monitoring] => D:\Programme\CCleaner\CCleaner.exe [5489944 2014-12-12] (Piriform Ltd)
HKU\S-1-5-21-2674687411-896115206-3012793717-1003\...\MountPoints2: {586c6e4b-c3db-11e3-ab46-0040053254e7} - H:\unlock.exe autoplay=true
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Samsung Network PC Fax.lnk
ShortcutTarget: Samsung Network PC Fax.lnk -> C:\Windows\System32\spool\drivers\w32x86\3\NetFaxTray.exe (Samsung Electronics Co., Ltd.)
ShellIconOverlayIdentifiers: [Offline Files] -> {750fdf0e-2a26-11d1-a3ea-080036587f03} => No File
BootExecute: autocheck autochk /r \??\L:autocheck autochk * sdnclean.exe
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
ProxyServer: [S-1-5-21-2674687411-896115206-3012793717-1003] => localhost:8080
HKU\S-1-5-21-2674687411-896115206-3012793717-1003\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.de/
HKU\S-1-5-21-2674687411-896115206-3012793717-1003\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.dell.com
SearchScopes: HKLM -> {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL =
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO: Google Toolbar Notifier BHO -> {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} -> C:\Program Files\Google\GoogleToolbarNotifier\5.7.9012.1008\swg.dll (Google Inc.)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKU\S-1-5-21-2674687411-896115206-3012793717-1003 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\MSITSS.DLL (Microsoft Corporation)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
ShellExecuteHooks: - {56F9679E-7826-4C84-81F3-532071A8BCC5} - No File [ ]
ShellExecuteHooks: - {AEB6717E-7E19-11d0-97EE-00C04FD91972} - No File [ ]
Tcpip\Parameters: [DhcpNameServer] 80.58.61.250 80.58.61.254
FireFox:
========
FF ProfilePath: C:\Users\Bade\AppData\Roaming\Mozilla\Firefox\Profiles\d93wb87z.default
FF Homepage: https://www.google.de/
FF Keyword.URL:
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_16_0_0_257.dll ()
FF Plugin: @Apple.com/iTunes,version=1.0 -> L:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin: @Google.com/GoogleEarthPlugin -> C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin: @java.com/DTPlugin,version=10.71.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.71.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeLive,version=1.5 -> C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin: PDF Architect 2 -> C:\Program Files\PDF Architect 2\np-previewer.dll (pdfforge GmbH)
FF SearchPlugin: C:\Users\Bade\AppData\Roaming\Mozilla\Firefox\Profiles\d93wb87z.default\searchplugins\englische-ergebnisse.xml
FF SearchPlugin: C:\Users\Bade\AppData\Roaming\Mozilla\Firefox\Profiles\d93wb87z.default\searchplugins\gmx-suche.xml
FF SearchPlugin: C:\Users\Bade\AppData\Roaming\Mozilla\Firefox\Profiles\d93wb87z.default\searchplugins\lastminute.xml
FF SearchPlugin: C:\Users\Bade\AppData\Roaming\Mozilla\Firefox\Profiles\d93wb87z.default\searchplugins\webde-suche.xml
FF Extension: HTTPS-Everywhere - C:\Users\Bade\AppData\Roaming\Mozilla\Firefox\Profiles\d93wb87z.default\Extensions\https-everywhere@eff.org [2014-10-17]
FF Extension: Microsoft .NET Framework Assistant - C:\Users\Bade\AppData\Roaming\Mozilla\Firefox\Profiles\d93wb87z.default\Extensions\{20a82645-c095-46ed-80e3-08825760534b}(2) [2014-04-14]
FF Extension: NoScript - C:\Users\Bade\AppData\Roaming\Mozilla\Firefox\Profiles\d93wb87z.default\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2015-01-18]
FF Extension: Adblock Plus - C:\Users\Bade\AppData\Roaming\Mozilla\Firefox\Profiles\d93wb87z.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-04-14]
Chrome:
=======
CHR HomePage: Default -> hxxp://www.google.de/
CHR StartupUrls: Default -> "https://www.google.de/?gws_rd=ssl"
CHR Profile: C:\Users\Bade\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\Bade\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-04-14]
CHR Extension: (Google Drive) - C:\Users\Bade\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-04-14]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Bade\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-09-03]
CHR Extension: (YouTube) - C:\Users\Bade\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-04-14]
CHR Extension: (Win7 Scrollbars) - C:\Users\Bade\AppData\Local\Google\Chrome\User Data\Default\Extensions\cifcnoebhbpdndjendfkpehpfbglgfkc [2014-04-14]
CHR Extension: (Google-Suche) - C:\Users\Bade\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-04-14]
CHR Extension: (Google Wallet) - C:\Users\Bade\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-04-14]
CHR Extension: (Google Mail) - C:\Users\Bade\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-04-14]
========================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 AVGIDSAgent; C:\Program Files\AVG\AVG2015\avgidsagent.exe [3432976 2014-12-18] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files\AVG\AVG2015\avgwdsvc.exe [298080 2014-12-18] (AVG Technologies CZ, s.r.o.)
S3 IDriverT; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [File not signed]
S4 NBService; D:\Program Files\Nero 7\Nero BackItUp\NBService.exe [800040 2007-09-17] (Nero AG)
S4 PDF Architect 2; C:\Program Files\PDF Architect 2\ws.exe [1771560 2014-06-26] (pdfforge GmbH)
R2 PDF Architect 2 Creator; C:\Program Files\PDF Architect 2\creator-ws.exe [738856 2014-06-26] (pdfforge GmbH)
S4 pdfforge CrashHandler; C:\Program Files\PDF Architect 2\crash-handler-ws.exe [861736 2014-06-26] (pdfforge GmbH)
R2 RichVideo; C:\Program Files\CyberLink\Shared Files\RichVideo.exe [272024 2007-05-14] ()
R2 Samsung Network Fax Server; C:\Windows\system32\spool\drivers\w32x86\3\NetFaxServer.exe [379952 2013-05-23] (Samsung Electronics Co., Ltd.)
S4 TomTomHOMEService; D:\Programme\TomTom HOME 2\TomTomHOMEService.exe [93072 2013-08-27] (TomTom)
R2 TuneUp.UtilitiesSvc; C:\Program Files\TuneUp Utilities 2014\TuneUpUtilitiesService32.exe [1781048 2014-07-16] (TuneUp Software)
S4 WDDMService; C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe [238592 2011-03-09] (WDC) [File not signed]
S4 WDFME; C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDFME\WDFME.exe [1060864 2011-03-09] () [File not signed]
S4 WDSC; C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSC.exe [484352 2011-03-09] () [File not signed]
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2013-05-27] (Microsoft Corporation)
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R3 AnyDVD; C:\Windows\System32\Drivers\AnyDVD.sys [136488 2014-12-23] (SlySoft, Inc.)
R1 Avgdiskx; C:\Windows\System32\DRIVERS\avgdiskx.sys [121624 2014-06-18] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdriverx.sys [208152 2014-12-08] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHX; C:\Windows\System32\DRIVERS\avgidshx.sys [154904 2014-11-18] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSShim; C:\Windows\System32\DRIVERS\avgidsshimx.sys [21272 2014-06-18] (AVG Technologies CZ, s.r.o.)
R1 Avgldx86; C:\Windows\System32\DRIVERS\avgldx86.sys [192792 2014-08-28] (AVG Technologies CZ, s.r.o.)
R0 Avglogx; C:\Windows\System32\DRIVERS\avglogx.sys [230680 2014-07-18] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx86; C:\Windows\System32\DRIVERS\avgmfx86.sys [98584 2014-10-05] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx86; C:\Windows\System32\DRIVERS\avgrkx86.sys [27416 2014-06-18] (AVG Technologies CZ, s.r.o.)
R1 Avgtdix; C:\Windows\System32\DRIVERS\avgtdix.sys [200984 2014-10-10] (AVG Technologies CZ, s.r.o.)
R1 avgtp; C:\Windows\system32\drivers\avgtpx86.sys [42784 2014-08-30] (AVG Technologies)
S3 DrvAgent32; C:\Windows\system32\Drivers\DrvAgent32.sys [23456 2014-04-18] (Phoenix Technologies) [File not signed]
R1 ElbyCDIO; C:\Windows\System32\Drivers\ElbyCDIO.sys [30616 2014-12-20] (Elaborate Bytes AG)
S3 emAudio; C:\Windows\System32\drivers\emAudio.sys [25600 2010-05-07] (eMPIA Technology, Inc.)
R2 SSPORT; C:\Windows\system32\Drivers\SSPORT.sys [5120 2013-05-24] (Samsung Electronics) [File not signed]
R3 TuneUpUtilitiesDrv; C:\Program Files\TuneUp Utilities 2014\TuneUpUtilitiesDriver32.sys [12320 2014-06-23] (TuneUp Software)
S3 USB28xxBGA; C:\Windows\System32\DRIVERS\emBDA.sys [583552 2014-04-15] (eMPIA Technology, Inc.)
S3 USB28xxOEM; C:\Windows\System32\DRIVERS\emOEM.sys [840960 2014-04-15] (eMPIA Technology, Inc.)
U5 AppMgmt; C:\Windows\system32\svchost.exe [20992 2009-07-14] (Microsoft Corporation)
S3 catchme; \??\C:\Users\Bade\AppData\Local\Temp\catchme.sys [X]
S3 pccsmcfd; system32\DRIVERS\pccsmcfd.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-01-21 14:09 - 2015-01-21 14:09 - 00001245 _____ () C:\Users\Bade\Desktop\plano c. ursus - Verknüpfung.lnk
2015-01-21 14:09 - 2015-01-21 14:09 - 00001245 _____ () C:\Users\Bade\Desktop\plano c. urs 2 - Verknüpfung.lnk
2015-01-21 09:07 - 2015-01-21 09:18 - 00000000 ____D () C:\AdwCleaner
2015-01-21 09:05 - 2015-01-21 09:05 - 02186752 _____ () C:\Users\Bade\Downloads\AdwCleaner_4.108.exe
2015-01-19 22:17 - 2015-01-19 22:18 - 00039230 _____ () C:\Users\Bade\Downloads\Addition.txt
2015-01-19 22:15 - 2015-01-21 15:00 - 00014816 _____ () C:\Users\Bade\Downloads\FRST.txt
2015-01-19 22:10 - 2015-01-21 15:00 - 01118208 _____ (Farbar) C:\Users\Bade\Downloads\FRST.exe
2015-01-19 22:10 - 2015-01-21 15:00 - 00000000 ____D () C:\Users\Bade\Downloads\FRST-OlderVersion
2015-01-19 18:30 - 2015-01-19 18:33 - 00000000 ___SD () C:\ComboFix
2015-01-19 18:25 - 2015-01-19 18:25 - 00001134 _____ () C:\Users\Bade\Desktop\ComboFix - Verknüpfung.lnk
2015-01-18 23:12 - 2011-06-26 07:45 - 00256000 _____ () C:\Windows\PEV.exe
2015-01-18 23:12 - 2010-11-07 18:20 - 00208896 _____ () C:\Windows\MBR.exe
2015-01-18 23:12 - 2009-04-20 05:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2015-01-18 23:12 - 2000-08-31 01:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2015-01-18 23:12 - 2000-08-31 01:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2015-01-18 23:12 - 2000-08-31 01:00 - 00098816 _____ () C:\Windows\sed.exe
2015-01-18 23:12 - 2000-08-31 01:00 - 00080412 _____ () C:\Windows\grep.exe
2015-01-18 23:12 - 2000-08-31 01:00 - 00068096 _____ () C:\Windows\zip.exe
2015-01-18 22:47 - 2015-01-18 23:12 - 00000000 ____D () C:\Qoobox
2015-01-18 22:46 - 2015-01-18 22:46 - 00000000 ____D () C:\Windows\erdnt
2015-01-18 22:39 - 2015-01-19 11:16 - 05608785 ____R (Swearware) C:\Users\Bade\Downloads\ComboFix.exe
2015-01-18 22:37 - 2015-01-18 22:37 - 00000444 _____ () C:\Users\Bade\Downloads\defogger_disable.log
2015-01-18 22:37 - 2015-01-18 22:37 - 00000000 _____ () C:\Users\Bade\defogger_reenable
2015-01-18 18:29 - 2015-01-18 18:29 - 00000242 _____ () C:\Users\Bade\Downloads\XXX defogger_enable.log
2015-01-18 18:25 - 2015-01-18 18:25 - 00000000 __SHD () C:\Users\Bade\AppData\Local\EmieBrowserModeList
2015-01-18 17:27 - 2015-01-18 17:28 - 04187592 _____ (Kaspersky Lab ZAO) C:\Users\Bade\Downloads\XXX tdsskiller.exe
2015-01-18 16:50 - 2015-01-18 16:50 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-01-18 16:49 - 2015-01-18 17:25 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2015-01-18 16:49 - 2015-01-18 16:49 - 00119000 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-01-18 16:48 - 2015-01-18 16:48 - 00079576 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-01-18 16:46 - 2015-01-18 17:25 - 00000000 ____D () C:\Users\Bade\Desktop\mbar
2015-01-18 16:45 - 2015-01-18 16:46 - 16448208 _____ (Malwarebytes Corp.) C:\Users\Bade\Downloads\XXX mbar-1.08.2.1001.exe
2015-01-18 12:01 - 2015-01-18 13:33 - 00027357 _____ () C:\Users\Bade\Downloads\XXX FRST editor.txt
2015-01-18 12:01 - 2015-01-18 13:18 - 00000004 _____ () C:\Users\Bade\Downloads\XXX FRST SCAN.txt
2015-01-18 11:13 - 2015-01-18 11:14 - 00038762 _____ () C:\Users\Bade\Downloads\XXX Addition.txt
2015-01-18 11:11 - 2015-01-18 11:14 - 00027357 _____ () C:\Users\Bade\Downloads\XXX FRST.txt
2015-01-18 11:09 - 2015-01-21 15:00 - 00000000 ____D () C:\FRST
2015-01-18 11:07 - 2015-01-18 11:07 - 01117696 _____ (Farbar) C:\Users\Bade\Downloads\XXX FRST.exe
2015-01-18 11:04 - 2015-01-18 11:05 - 00000470 _____ () C:\Users\Bade\Downloads\XXX defogger_disable.log
2015-01-18 11:02 - 2015-01-18 11:02 - 00050477 _____ () C:\Users\Bade\Downloads\XXX Defogger.exe
2015-01-18 10:13 - 2015-01-18 10:13 - 00243728 _____ () C:\Users\Bade\Downloads\Firefox Setup Stub 35.0.exe
2015-01-14 11:44 - 2015-01-14 11:51 - 125285624 _____ (Microsoft Corporation) C:\Users\Bade\Downloads\XXX msert ms safety scanner.exe
2015-01-14 11:36 - 2014-12-19 03:43 - 00164864 _____ (Microsoft Corporation) C:\Windows\system32\profsvc.dll
2015-01-14 11:36 - 2014-12-19 02:34 - 00116224 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys
2015-01-14 11:36 - 2014-12-12 06:11 - 03971512 _____ (Microsoft Corporation) C:\Windows\system32\ntkrnlpa.exe
2015-01-14 11:36 - 2014-12-12 06:11 - 03916728 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-01-14 11:36 - 2014-12-11 18:47 - 00074240 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe
2015-01-14 11:36 - 2014-12-06 04:50 - 00242688 _____ (Microsoft Corporation) C:\Windows\system32\nlasvc.dll
2015-01-10 13:35 - 2015-01-10 13:35 - 00000000 ____D () C:\Users\Bade\Documents\ProcAlyzer Dumps
2015-01-10 11:28 - 2015-01-19 17:06 - 00000000 ____D () C:\Program Files\Spybot - Search & Destroy 2
2015-01-10 11:22 - 2015-01-10 11:25 - 46525608 _____ (Safer-Networking Ltd. ) C:\Users\Bade\Downloads\spybot-2.4.exe
2014-12-24 09:28 - 2014-12-24 09:29 - 11604456 _____ () C:\Users\Bade\Downloads\SetupAnyDVD7550.exe
2014-12-23 16:41 - 2014-12-23 16:41 - 00136488 _____ (SlySoft, Inc.) C:\Windows\system32\Drivers\AnyDVD.sys
2014-12-22 08:03 - 2015-01-21 09:21 - 00047392 _____ () C:\Windows\PFRO.log
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-01-21 14:14 - 2014-05-11 09:26 - 00001098 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-01-21 13:56 - 2009-07-14 05:34 - 00026720 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-01-21 13:56 - 2009-07-14 05:34 - 00026720 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-01-21 13:53 - 2014-04-20 12:08 - 00000000 ____D () C:\Users\Bade\Documents\Word Docs
2015-01-21 13:52 - 2014-04-14 13:05 - 02016582 _____ () C:\Windows\WindowsUpdate.log
2015-01-21 13:50 - 2014-05-11 09:26 - 00001094 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-01-21 13:49 - 2014-12-21 09:39 - 00002240 _____ () C:\Windows\setupact.log
2015-01-21 13:49 - 2009-07-14 05:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-01-21 09:27 - 2014-04-14 14:22 - 00000000 ____D () C:\ProgramData\MFAData
2015-01-19 17:03 - 2014-07-03 15:12 - 00000079 _____ () C:\Windows\wininit.ini
2015-01-19 08:33 - 2014-04-09 10:23 - 00002127 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2015-01-18 22:37 - 2014-04-14 14:20 - 00000000 ____D () C:\Users\Bade
2015-01-18 18:05 - 2014-04-14 14:22 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2015-01-18 10:27 - 2014-10-01 11:12 - 00000000 ____D () C:\Users\Bade\AppData\Local\Adobe
2015-01-18 10:27 - 2014-04-18 08:01 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2015-01-18 10:27 - 2014-04-18 08:01 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2015-01-18 10:17 - 2014-12-12 18:00 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2015-01-18 10:17 - 2014-07-26 08:49 - 00001123 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2015-01-18 10:17 - 2014-07-26 08:49 - 00001111 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2015-01-17 08:42 - 2014-10-22 11:31 - 00000957 _____ () C:\Users\Public\Desktop\AVG 2015.lnk
2015-01-17 08:42 - 2014-04-15 17:43 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
2015-01-15 17:33 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\Microsoft.NET
2015-01-15 13:58 - 2010-11-20 22:01 - 01593956 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-01-14 12:00 - 2014-04-14 14:22 - 00000000 ____D () C:\ProgramData\Samsung
2015-01-14 11:57 - 2014-04-14 17:41 - 00000000 ____D () C:\Windows\system32\MRT
2015-01-14 11:37 - 2014-04-14 17:41 - 110348472 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-01-10 13:33 - 2014-04-14 19:22 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2015-01-05 10:54 - 2014-04-14 17:57 - 00000000 ____D () C:\Users\Bade\AppData\Local\Thunderbird
2014-12-24 09:31 - 2013-10-16 14:28 - 00000757 _____ () C:\Users\Public\Desktop\AnyDVD.lnk
==================== Files in the root of some directories =======
2013-10-16 14:27 - 2013-10-16 14:32 - 0000088 __SHC () C:\ProgramData\.zreglib
2014-04-14 17:51 - 2014-04-14 17:51 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
2014-04-16 23:09 - 2014-04-16 23:09 - 0000048 _____ () C:\ProgramData\dummy.txt
2010-01-05 10:25 - 2010-01-05 10:25 - 0005048 ____C () C:\ProgramData\mtbjfghn.xbe
2010-01-24 11:39 - 2014-11-07 13:58 - 0000020 ____H () C:\ProgramData\PKP_DLec.DAT
Some content of TEMP:
====================
C:\Users\Administrator\AppData\Local\Temp\NEventMessages.dll
C:\Users\Administrator\AppData\Local\Temp\NOSEventMessages.dll
C:\Users\Bade\AppData\Local\Temp\catchme.dll
C:\Users\Bade\AppData\Local\Temp\Quarantine.exe
C:\Users\Bade\AppData\Local\Temp\sqlite3.dll
C:\Users\WEB2\AppData\Local\Temp\NOSEventMessages.dll
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2015-01-14 23:00
==================== End Of Log ============================
--- --- ---
--- --- ---
Hi,
war doch nicht so strange - beim Anhängen hatte sich eine Endung mit Verknüpfung an den Anhang geschlichen weil nicht in Originalform an Desktop gesendet sondern als Verknüpfung.
Sry für den Hinweis aber bei den vielen Tests fängt man an auf jedes kleine Zucken zu lauschen.
Gruss lupomar |
